1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 rtltypes.h 8 9 Abstract: 10 11 Type definitions for the Run-Time Library 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _RTLTYPES_H 20 #define _RTLTYPES_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #include <mmtypes.h> 27 #include <ldrtypes.h> 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 // 34 // Maximum Atom Length 35 // 36 #define RTL_MAXIMUM_ATOM_LENGTH 255 37 38 // 39 // Process Parameters Flags 40 // 41 #define RTL_USER_PROCESS_PARAMETERS_NORMALIZED 0x01 42 #define RTL_USER_PROCESS_PARAMETERS_PROFILE_USER 0x02 43 #define RTL_USER_PROCESS_PARAMETERS_PROFILE_KERNEL 0x04 44 #define RTL_USER_PROCESS_PARAMETERS_PROFILE_SERVER 0x08 45 #define RTL_USER_PROCESS_PARAMETERS_UNKNOWN 0x10 46 #define RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB 0x20 47 #define RTL_USER_PROCESS_PARAMETERS_RESERVE_16MB 0x40 48 #define RTL_USER_PROCESS_PARAMETERS_CASE_SENSITIVE 0x80 49 #define RTL_USER_PROCESS_PARAMETERS_DISABLE_HEAP_CHECKS 0x100 50 #define RTL_USER_PROCESS_PARAMETERS_PROCESS_OR_1 0x200 51 #define RTL_USER_PROCESS_PARAMETERS_PROCESS_OR_2 0x400 52 #define RTL_USER_PROCESS_PARAMETERS_PRIVATE_DLL_PATH 0x1000 53 #define RTL_USER_PROCESS_PARAMETERS_LOCAL_DLL_PATH 0x2000 54 #define RTL_USER_PROCESS_PARAMETERS_IMAGE_KEY_MISSING 0x4000 55 #define RTL_USER_PROCESS_PARAMETERS_NX 0x20000 56 57 #define RTL_MAX_DRIVE_LETTERS 32 58 #define RTL_DRIVE_LETTER_VALID (USHORT)0x0001 59 60 // 61 // End of Exception List 62 // 63 #define EXCEPTION_CHAIN_END ((PEXCEPTION_REGISTRATION_RECORD)-1) 64 65 // 66 // Thread Error Mode Flags 67 // 68 /* Also defined in psdk/winbase.h */ 69 #define SEM_FAILCRITICALERRORS 0x0001 70 #define SEM_NOGPFAULTERRORBOX 0x0002 71 #define SEM_NOALIGNMENTFAULTEXCEPT 0x0004 72 #define SEM_NOOPENFILEERRORBOX 0x8000 73 74 #define RTL_SEM_FAILCRITICALERRORS (SEM_FAILCRITICALERRORS << 4) 75 #define RTL_SEM_NOGPFAULTERRORBOX (SEM_NOGPFAULTERRORBOX << 4) 76 #define RTL_SEM_NOALIGNMENTFAULTEXCEPT (SEM_NOALIGNMENTFAULTEXCEPT << 4) 77 78 // 79 // Range and Range List Flags 80 // 81 #define RTL_RANGE_LIST_ADD_IF_CONFLICT 0x00000001 82 #define RTL_RANGE_LIST_ADD_SHARED 0x00000002 83 84 #define RTL_RANGE_SHARED 0x01 85 #define RTL_RANGE_CONFLICT 0x02 86 87 // 88 // Flags in RTL_ACTIVATION_CONTEXT_STACK_FRAME (from Checked NTDLL) 89 // 90 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_RELEASE_ON_DEACTIVATION 0x01 91 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NO_DEACTIVATE 0x02 92 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_ON_FREE_LIST 0x04 93 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_HEAP_ALLOCATED 0x08 94 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NOT_REALLY_ACTIVATED 0x10 95 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_ACTIVATED 0x20 96 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_DEACTIVATED 0x40 97 98 // 99 // Activation Context Frame Flags (from Checked NTDLL) 100 // 101 #define RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER 0x01 102 103 // 104 // RtlActivateActivationContextEx Flags (from Checked NTDLL) 105 // 106 #define RTL_ACTIVATE_ACTIVATION_CONTEXT_EX_FLAG_RELEASE_ON_STACK_DEALLOCATION 0x01 107 108 // 109 // RtlDeactivateActivationContext Flags (based on Win32 flag and name of above) 110 // 111 #define RTL_DEACTIVATE_ACTIVATION_CONTEXT_FLAG_FORCE_EARLY_DEACTIVATION 0x01 112 113 // 114 // RtlQueryActivationContext Flags (based on Win32 flag and name of above) 115 // 116 #define RTL_QUERY_ACTIVATION_CONTEXT_FLAG_USE_ACTIVE_ACTIVATION_CONTEXT 0x01 117 #define RTL_QUERY_ACTIVATION_CONTEXT_FLAG_IS_HMODULE 0x02 118 #define RTL_QUERY_ACTIVATION_CONTEXT_FLAG_IS_ADDRESS 0x04 119 #define RTL_QUERY_ACTIVATION_CONTEXT_FLAG_NO_ADDREF 0x80000000 120 121 // 122 // Public Heap Flags 123 // 124 #if !defined(NTOS_MODE_USER) && !defined(_NTIFS_) 125 #define HEAP_NO_SERIALIZE 0x00000001 126 #define HEAP_GROWABLE 0x00000002 127 #define HEAP_GENERATE_EXCEPTIONS 0x00000004 128 #define HEAP_ZERO_MEMORY 0x00000008 129 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 130 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020 131 #define HEAP_FREE_CHECKING_ENABLED 0x00000040 132 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 133 #define HEAP_CREATE_ALIGN_16 0x00010000 134 #define HEAP_CREATE_ENABLE_TRACING 0x00020000 135 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000 136 #endif 137 138 // 139 // User-Defined Heap Flags and Classes 140 // 141 #define HEAP_SETTABLE_USER_VALUE 0x00000100 142 #define HEAP_SETTABLE_USER_FLAG1 0x00000200 143 #define HEAP_SETTABLE_USER_FLAG2 0x00000400 144 #define HEAP_SETTABLE_USER_FLAG3 0x00000800 145 #define HEAP_SETTABLE_USER_FLAGS 0x00000E00 146 #define HEAP_CLASS_0 0x00000000 147 #define HEAP_CLASS_1 0x00001000 148 #define HEAP_CLASS_2 0x00002000 149 #define HEAP_CLASS_3 0x00003000 150 #define HEAP_CLASS_4 0x00004000 151 #define HEAP_CLASS_5 0x00005000 152 #define HEAP_CLASS_6 0x00006000 153 #define HEAP_CLASS_7 0x00007000 154 #define HEAP_CLASS_8 0x00008000 155 #define HEAP_CLASS_MASK 0x0000F000 156 157 // 158 // Internal HEAP Structure Flags 159 // 160 #define HEAP_FLAG_PAGE_ALLOCS 0x01000000 161 #define HEAP_PROTECTION_ENABLED 0x02000000 162 #define HEAP_BREAK_WHEN_OUT_OF_VM 0x04000000 163 #define HEAP_NO_ALIGNMENT 0x08000000 164 #define HEAP_CAPTURE_STACK_BACKTRACES 0x08000000 165 #define HEAP_SKIP_VALIDATION_CHECKS 0x10000000 166 #define HEAP_VALIDATE_ALL_ENABLED 0x20000000 167 #define HEAP_VALIDATE_PARAMETERS_ENABLED 0x40000000 168 #define HEAP_LOCK_USER_ALLOCATED 0x80000000 169 170 // 171 // Heap Validation Flags 172 // 173 #define HEAP_CREATE_VALID_MASK \ 174 (HEAP_NO_SERIALIZE | \ 175 HEAP_GROWABLE | \ 176 HEAP_GENERATE_EXCEPTIONS | \ 177 HEAP_ZERO_MEMORY | \ 178 HEAP_REALLOC_IN_PLACE_ONLY | \ 179 HEAP_TAIL_CHECKING_ENABLED | \ 180 HEAP_FREE_CHECKING_ENABLED | \ 181 HEAP_DISABLE_COALESCE_ON_FREE | \ 182 HEAP_CLASS_MASK | \ 183 HEAP_CREATE_ALIGN_16 | \ 184 HEAP_CREATE_ENABLE_TRACING | \ 185 HEAP_CREATE_ENABLE_EXECUTE) 186 #ifdef C_ASSERT 187 C_ASSERT(HEAP_CREATE_VALID_MASK == 0x0007F0FF); 188 #endif 189 190 // 191 // Native image architecture 192 // 193 #if defined(_M_IX86) 194 #define IMAGE_FILE_MACHINE_NATIVE IMAGE_FILE_MACHINE_I386 195 #elif defined(_M_ARM) 196 #define IMAGE_FILE_MACHINE_NATIVE IMAGE_FILE_MACHINE_ARM 197 #elif defined(_M_AMD64) 198 #define IMAGE_FILE_MACHINE_NATIVE IMAGE_FILE_MACHINE_AMD64 199 #else 200 #error Define these please! 201 #endif 202 203 // 204 // Registry Keys 205 // 206 #define RTL_REGISTRY_ABSOLUTE 0 207 #define RTL_REGISTRY_SERVICES 1 208 #define RTL_REGISTRY_CONTROL 2 209 #define RTL_REGISTRY_WINDOWS_NT 3 210 #define RTL_REGISTRY_DEVICEMAP 4 211 #define RTL_REGISTRY_USER 5 212 #define RTL_REGISTRY_MAXIMUM 6 213 #define RTL_REGISTRY_HANDLE 0x40000000 214 #define RTL_REGISTRY_OPTIONAL 0x80000000 215 #define RTL_QUERY_REGISTRY_SUBKEY 0x00000001 216 #define RTL_QUERY_REGISTRY_TOPKEY 0x00000002 217 #define RTL_QUERY_REGISTRY_REQUIRED 0x00000004 218 #define RTL_QUERY_REGISTRY_NOVALUE 0x00000008 219 #define RTL_QUERY_REGISTRY_NOEXPAND 0x00000010 220 #define RTL_QUERY_REGISTRY_DIRECT 0x00000020 221 #define RTL_QUERY_REGISTRY_DELETE 0x00000040 222 223 // 224 // Versioning 225 // 226 #define VER_MINORVERSION 0x0000001 227 #define VER_MAJORVERSION 0x0000002 228 #define VER_BUILDNUMBER 0x0000004 229 #define VER_PLATFORMID 0x0000008 230 #define VER_SERVICEPACKMINOR 0x0000010 231 #define VER_SERVICEPACKMAJOR 0x0000020 232 #define VER_SUITENAME 0x0000040 233 #define VER_PRODUCT_TYPE 0x0000080 234 #define VER_PLATFORM_WIN32s 0 235 #define VER_PLATFORM_WIN32_WINDOWS 1 236 #define VER_PLATFORM_WIN32_NT 2 237 #define VER_EQUAL 1 238 #define VER_GREATER 2 239 #define VER_GREATER_EQUAL 3 240 #define VER_LESS 4 241 #define VER_LESS_EQUAL 5 242 #define VER_AND 6 243 #define VER_OR 7 244 #define VER_CONDITION_MASK 7 245 #define VER_NUM_BITS_PER_CONDITION_MASK 3 246 247 // 248 // Timezone IDs 249 // 250 #define TIME_ZONE_ID_UNKNOWN 0 251 #define TIME_ZONE_ID_STANDARD 1 252 #define TIME_ZONE_ID_DAYLIGHT 2 253 254 // 255 // Maximum Path Length 256 // 257 #define MAX_PATH 260 258 259 // 260 // RTL Lock Type (Critical Section or Resource) 261 // 262 #define RTL_CRITSECT_TYPE 0 263 #define RTL_RESOURCE_TYPE 1 264 265 // 266 // RtlAcquirePrivileges Flags 267 // 268 #define RTL_ACQUIRE_PRIVILEGE_IMPERSONATE 1 269 #define RTL_ACQUIRE_PRIVILEGE_PROCESS 2 270 271 #ifdef NTOS_MODE_USER 272 273 // 274 // String Hash Algorithms 275 // 276 #define HASH_STRING_ALGORITHM_DEFAULT 0 277 #define HASH_STRING_ALGORITHM_X65599 1 278 #define HASH_STRING_ALGORITHM_INVALID 0xffffffff 279 280 // 281 // RtlDuplicateString Flags 282 // 283 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1 284 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2 285 286 // 287 // RtlFindCharInUnicodeString Flags 288 // 289 #define RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END 1 290 #define RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET 2 291 #define RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE 4 292 293 // 294 // RtlDosApplyFileIsolationRedirection_Ustr Flags 295 // 296 #define RTL_DOS_APPLY_FILE_REDIRECTION_USTR_FLAG_RESPECT_DOT_LOCAL 0x01 297 298 // 299 // Codepages 300 // 301 #define NLS_MB_CODE_PAGE_TAG NlsMbCodePageTag 302 #define NLS_MB_OEM_CODE_PAGE_TAG NlsMbOemCodePageTag 303 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo 304 305 // 306 // Activation Contexts 307 // 308 #define INVALID_ACTIVATION_CONTEXT ((PVOID)(LONG_PTR)-1) 309 310 // 311 // C++ CONST casting 312 // 313 #if defined(__cplusplus) 314 #define RTL_CONST_CAST(type) const_cast<type> 315 #else 316 #define RTL_CONST_CAST(type) (type) 317 #endif 318 319 // 320 // Constant String Macro 321 // 322 #define RTL_CONSTANT_STRING(__SOURCE_STRING__) \ 323 { \ 324 sizeof(__SOURCE_STRING__) - sizeof((__SOURCE_STRING__)[0]), \ 325 sizeof(__SOURCE_STRING__), \ 326 (__SOURCE_STRING__) \ 327 } 328 329 // 330 // Constant Object Attributes Macro 331 // 332 #define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) \ 333 { \ 334 sizeof(OBJECT_ATTRIBUTES), \ 335 NULL, \ 336 RTL_CONST_CAST(PUNICODE_STRING)(n), \ 337 a, \ 338 NULL, \ 339 NULL \ 340 } 341 342 #define RTL_INIT_OBJECT_ATTRIBUTES(n, a) \ 343 RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) 344 345 #else /* NTOS_MODE_USER */ 346 // 347 // Message Resource Flag 348 // 349 #define MESSAGE_RESOURCE_UNICODE 0x0001 350 351 #endif /* !NTOS_MODE_USER */ 352 353 // 354 // RtlImageNtHeaderEx Flags 355 // 356 #define RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK 0x00000001 357 358 359 #define MAXIMUM_LEADBYTES 12 360 361 // 362 // RTL Debug Queries 363 // 364 #define RTL_DEBUG_QUERY_MODULES 0x01 365 #define RTL_DEBUG_QUERY_BACKTRACES 0x02 366 #define RTL_DEBUG_QUERY_HEAPS 0x04 367 #define RTL_DEBUG_QUERY_HEAP_TAGS 0x08 368 #define RTL_DEBUG_QUERY_HEAP_BLOCKS 0x10 369 #define RTL_DEBUG_QUERY_LOCKS 0x20 370 371 // 372 // RTL Handle Flags 373 // 374 #define RTL_HANDLE_VALID 0x1 375 376 // 377 // RTL Atom Flags 378 // 379 #define RTL_ATOM_IS_PINNED 0x1 380 381 // 382 // Critical section lock bits 383 // 384 #define CS_LOCK_BIT 0x1 385 #define CS_LOCK_BIT_V 0x0 386 #define CS_LOCK_WAITER_WOKEN 0x2 387 #define CS_LOCK_WAITER_INC 0x4 388 389 // 390 // Codepage Tags 391 // 392 #ifdef NTOS_MODE_USER 393 extern BOOLEAN NTSYSAPI NLS_MB_CODE_PAGE_TAG; 394 extern BOOLEAN NTSYSAPI NLS_MB_OEM_CODE_PAGE_TAG; 395 396 // 397 // Constant String Macro 398 // 399 #define RTL_CONSTANT_STRING(__SOURCE_STRING__) \ 400 { \ 401 sizeof(__SOURCE_STRING__) - sizeof((__SOURCE_STRING__)[0]), \ 402 sizeof(__SOURCE_STRING__), \ 403 (__SOURCE_STRING__) \ 404 } 405 406 #endif /* NTOS_MODE_USER */ 407 408 // 409 // Constant Large Integer Macro 410 // 411 #ifdef NONAMELESSUNION 412 C_ASSERT(FIELD_OFFSET(LARGE_INTEGER, u.LowPart) == 0); 413 #else 414 C_ASSERT(FIELD_OFFSET(LARGE_INTEGER, LowPart) == 0); 415 #endif 416 #define RTL_CONSTANT_LARGE_INTEGER(quad_part) { { (quad_part), (quad_part)>>32 } } 417 #define RTL_MAKE_LARGE_INTEGER(low_part, high_part) { { (low_part), (high_part) } } 418 419 // 420 // Boot Status Data Field Types 421 // 422 typedef enum _RTL_BSD_ITEM_TYPE 423 { 424 RtlBsdItemVersionNumber, 425 RtlBsdItemProductType, 426 RtlBsdItemAabEnabled, 427 RtlBsdItemAabTimeout, 428 RtlBsdItemBootGood, 429 RtlBsdItemBootShutdown, 430 RtlBsdSleepInProgress, 431 RtlBsdPowerTransition, 432 RtlBsdItemBootAttemptCount, 433 RtlBsdItemBootCheckpoint, 434 RtlBsdItemBootId, 435 RtlBsdItemShutdownBootId, 436 RtlBsdItemReportedAbnormalShutdownBootId, 437 RtlBsdItemErrorInfo, 438 RtlBsdItemPowerButtonPressInfo, 439 RtlBsdItemChecksum, 440 RtlBsdItemMax 441 } RTL_BSD_ITEM_TYPE, *PRTL_BSD_ITEM_TYPE; 442 443 #ifdef NTOS_MODE_USER 444 // 445 // Table and Compare result types 446 // 447 typedef enum _TABLE_SEARCH_RESULT 448 { 449 TableEmptyTree, 450 TableFoundNode, 451 TableInsertAsLeft, 452 TableInsertAsRight 453 } TABLE_SEARCH_RESULT; 454 455 typedef enum _RTL_GENERIC_COMPARE_RESULTS 456 { 457 GenericLessThan, 458 GenericGreaterThan, 459 GenericEqual 460 } RTL_GENERIC_COMPARE_RESULTS; 461 462 #endif /* NTOS_MODE_USER */ 463 464 // 465 // RTL Path Types 466 // 467 typedef enum _RTL_PATH_TYPE 468 { 469 RtlPathTypeUnknown, 470 RtlPathTypeUncAbsolute, 471 RtlPathTypeDriveAbsolute, 472 RtlPathTypeDriveRelative, 473 RtlPathTypeRooted, 474 RtlPathTypeRelative, 475 RtlPathTypeLocalDevice, 476 RtlPathTypeRootLocalDevice, 477 } RTL_PATH_TYPE; 478 479 #ifndef NTOS_MODE_USER 480 481 // 482 // Heap Information Class 483 // 484 typedef enum _HEAP_INFORMATION_CLASS 485 { 486 HeapCompatibilityInformation, 487 HeapEnableTerminationOnCorruption 488 } HEAP_INFORMATION_CLASS; 489 490 // 491 // Callback function for RTL Timers or Registered Waits 492 // 493 typedef VOID 494 (NTAPI *WAITORTIMERCALLBACKFUNC)( 495 PVOID pvContext, 496 BOOLEAN fTimerOrWaitFired 497 ); 498 499 // 500 // Handler during Vectored RTL Exceptions 501 // 502 typedef LONG 503 (NTAPI *PVECTORED_EXCEPTION_HANDLER)( 504 PEXCEPTION_POINTERS ExceptionPointers 505 ); 506 507 // 508 // Worker Thread Callback for Rtl 509 // 510 typedef VOID 511 (NTAPI *WORKERCALLBACKFUNC)( 512 _In_ PVOID Context 513 ); 514 515 #else /* !NTOS_MODE_USER */ 516 517 // 518 // RTL Library Allocation/Free Routines 519 // 520 typedef PVOID 521 (NTAPI *PRTL_ALLOCATE_STRING_ROUTINE)( 522 SIZE_T NumberOfBytes 523 ); 524 525 typedef PVOID 526 (NTAPI *PRTL_REALLOCATE_STRING_ROUTINE)( 527 SIZE_T NumberOfBytes, 528 PVOID Buffer 529 ); 530 531 typedef 532 VOID 533 (NTAPI *PRTL_FREE_STRING_ROUTINE)( 534 PVOID Buffer 535 ); 536 537 extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine; 538 extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine; 539 extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine; 540 541 #endif /* NTOS_MODE_USER */ 542 543 // 544 // Unhandled Exception Filter 545 // 546 typedef ULONG 547 (NTAPI *RTLP_UNHANDLED_EXCEPTION_FILTER)( 548 _In_ struct _EXCEPTION_POINTERS *ExceptionInfo 549 ); 550 typedef RTLP_UNHANDLED_EXCEPTION_FILTER *PRTLP_UNHANDLED_EXCEPTION_FILTER; 551 552 // 553 // Callback for RTL Heap Enumeration 554 // 555 typedef NTSTATUS 556 (NTAPI *PHEAP_ENUMERATION_ROUTINE)( 557 _In_ PVOID HeapHandle, 558 _In_ PVOID UserParam 559 ); 560 561 // 562 // Thread and Process Start Routines for RtlCreateUserThread/Process 563 // 564 typedef ULONG (NTAPI *PTHREAD_START_ROUTINE)( 565 PVOID Parameter 566 ); 567 568 typedef VOID 569 (NTAPI *PRTL_BASE_PROCESS_START_ROUTINE)( 570 PTHREAD_START_ROUTINE StartAddress, 571 PVOID Parameter 572 ); 573 574 // 575 // Worker Start/Exit Function 576 // 577 typedef NTSTATUS 578 (NTAPI *PRTL_START_POOL_THREAD)( 579 _In_ PTHREAD_START_ROUTINE Function, 580 _In_ PVOID Parameter, 581 _Out_ PHANDLE ThreadHandle 582 ); 583 584 typedef NTSTATUS 585 (NTAPI *PRTL_EXIT_POOL_THREAD)( 586 _In_ NTSTATUS ExitStatus 587 ); 588 589 // 590 // Declare empty structure definitions so that they may be referenced by 591 // routines before they are defined 592 // 593 struct _RTL_AVL_TABLE; 594 struct _RTL_GENERIC_TABLE; 595 struct _RTL_RANGE; 596 597 // 598 // Routines and callbacks for the RTL AVL/Generic Table package 599 // 600 #ifdef NTOS_MODE_USER 601 typedef NTSTATUS 602 (NTAPI RTL_AVL_MATCH_FUNCTION)( 603 struct _RTL_AVL_TABLE *Table, 604 PVOID UserData, 605 PVOID MatchData 606 ); 607 typedef RTL_AVL_MATCH_FUNCTION *PRTL_AVL_MATCH_FUNCTION; 608 609 typedef RTL_GENERIC_COMPARE_RESULTS 610 (NTAPI RTL_AVL_COMPARE_ROUTINE) ( 611 struct _RTL_AVL_TABLE *Table, 612 PVOID FirstStruct, 613 PVOID SecondStruct 614 ); 615 typedef RTL_AVL_COMPARE_ROUTINE *PRTL_AVL_COMPARE_ROUTINE; 616 617 typedef RTL_GENERIC_COMPARE_RESULTS 618 (NTAPI RTL_GENERIC_COMPARE_ROUTINE) ( 619 struct _RTL_GENERIC_TABLE *Table, 620 PVOID FirstStruct, 621 PVOID SecondStruct 622 ); 623 typedef RTL_GENERIC_COMPARE_ROUTINE *PRTL_GENERIC_COMPARE_ROUTINE; 624 625 typedef PVOID 626 (NTAPI RTL_GENERIC_ALLOCATE_ROUTINE) ( 627 struct _RTL_GENERIC_TABLE *Table, 628 CLONG ByteSize 629 ); 630 typedef RTL_GENERIC_ALLOCATE_ROUTINE *PRTL_GENERIC_ALLOCATE_ROUTINE; 631 632 typedef PVOID 633 (NTAPI RTL_AVL_ALLOCATE_ROUTINE) ( 634 struct _RTL_AVL_TABLE *Table, 635 CLONG ByteSize 636 ); 637 typedef RTL_AVL_ALLOCATE_ROUTINE *PRTL_AVL_ALLOCATE_ROUTINE; 638 639 typedef VOID 640 (NTAPI RTL_GENERIC_FREE_ROUTINE) ( 641 struct _RTL_GENERIC_TABLE *Table, 642 PVOID Buffer 643 ); 644 typedef RTL_GENERIC_FREE_ROUTINE *PRTL_GENERIC_FREE_ROUTINE; 645 646 typedef VOID 647 (NTAPI RTL_AVL_FREE_ROUTINE) ( 648 struct _RTL_AVL_TABLE *Table, 649 PVOID Buffer 650 ); 651 typedef RTL_AVL_FREE_ROUTINE *PRTL_AVL_FREE_ROUTINE; 652 653 #ifdef RTL_USE_AVL_TABLES 654 #undef RTL_GENERIC_COMPARE_ROUTINE 655 #undef PRTL_GENERIC_COMPARE_ROUTINE 656 #undef RTL_GENERIC_ALLOCATE_ROUTINE 657 #undef PRTL_GENERIC_ALLOCATE_ROUTINE 658 #undef RTL_GENERIC_FREE_ROUTINE 659 #undef PRTL_GENERIC_FREE_ROUTINE 660 661 #define RTL_GENERIC_COMPARE_ROUTINE RTL_AVL_COMPARE_ROUTINE 662 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE 663 #define RTL_GENERIC_ALLOCATE_ROUTINE RTL_AVL_ALLOCATE_ROUTINE 664 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE 665 #define RTL_GENERIC_FREE_ROUTINE RTL_AVL_FREE_ROUTINE 666 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE 667 #endif /* RTL_USE_AVL_TABLES */ 668 669 #endif /* NTOS_MODE_USER */ 670 671 // 672 // RTL Query Registry callback 673 // 674 #ifdef NTOS_MODE_USER 675 typedef NTSTATUS 676 (NTAPI *PRTL_QUERY_REGISTRY_ROUTINE)( 677 _In_ PWSTR ValueName, 678 _In_ ULONG ValueType, 679 _In_ PVOID ValueData, 680 _In_ ULONG ValueLength, 681 _In_ PVOID Context, 682 _In_ PVOID EntryContext 683 ); 684 #endif 685 686 // 687 // RTL Secure Memory callbacks 688 // 689 #ifdef NTOS_MODE_USER 690 typedef NTSTATUS 691 (NTAPI *PRTL_SECURE_MEMORY_CACHE_CALLBACK)( 692 _In_ PVOID Address, 693 _In_ SIZE_T Length 694 ); 695 #endif 696 697 // 698 // RTL Range List callbacks 699 // 700 #ifdef NTOS_MODE_USER 701 typedef BOOLEAN 702 (NTAPI *PRTL_CONFLICT_RANGE_CALLBACK)( 703 PVOID Context, 704 struct _RTL_RANGE *Range 705 ); 706 707 // 708 // Custom Heap Commit Routine for RtlCreateHeap 709 // 710 typedef NTSTATUS 711 (NTAPI * PRTL_HEAP_COMMIT_ROUTINE)( 712 _In_ PVOID Base, 713 _Inout_ PVOID *CommitAddress, 714 _Inout_ PSIZE_T CommitSize 715 ); 716 717 // 718 // Parameters for RtlCreateHeap 719 // 720 typedef struct _RTL_HEAP_PARAMETERS 721 { 722 ULONG Length; 723 SIZE_T SegmentReserve; 724 SIZE_T SegmentCommit; 725 SIZE_T DeCommitFreeBlockThreshold; 726 SIZE_T DeCommitTotalFreeThreshold; 727 SIZE_T MaximumAllocationSize; 728 SIZE_T VirtualMemoryThreshold; 729 SIZE_T InitialCommit; 730 SIZE_T InitialReserve; 731 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; 732 SIZE_T Reserved[2]; 733 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; 734 735 // 736 // RTL Bitmap structures 737 // 738 typedef struct _RTL_BITMAP 739 { 740 ULONG SizeOfBitMap; 741 PULONG Buffer; 742 } RTL_BITMAP, *PRTL_BITMAP; 743 744 typedef struct _RTL_BITMAP_RUN 745 { 746 ULONG StartingIndex; 747 ULONG NumberOfBits; 748 } RTL_BITMAP_RUN, *PRTL_BITMAP_RUN; 749 750 // 751 // RtlGenerateXxxName context 752 // 753 typedef struct _GENERATE_NAME_CONTEXT 754 { 755 USHORT Checksum; 756 BOOLEAN CheckSumInserted; 757 UCHAR NameLength; 758 WCHAR NameBuffer[8]; 759 ULONG ExtensionLength; 760 WCHAR ExtensionBuffer[4]; 761 ULONG LastIndexValue; 762 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT; 763 764 // 765 // RTL Splay and Balanced Links structures 766 // 767 typedef struct _RTL_SPLAY_LINKS 768 { 769 struct _RTL_SPLAY_LINKS *Parent; 770 struct _RTL_SPLAY_LINKS *LeftChild; 771 struct _RTL_SPLAY_LINKS *RightChild; 772 } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS; 773 774 typedef struct _RTL_BALANCED_LINKS 775 { 776 struct _RTL_BALANCED_LINKS *Parent; 777 struct _RTL_BALANCED_LINKS *LeftChild; 778 struct _RTL_BALANCED_LINKS *RightChild; 779 CHAR Balance; 780 UCHAR Reserved[3]; 781 } RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS; 782 783 // 784 // RTL Avl/Generic Tables 785 // 786 #ifndef RTL_USE_AVL_TABLES 787 typedef struct _RTL_GENERIC_TABLE 788 { 789 PRTL_SPLAY_LINKS TableRoot; 790 LIST_ENTRY InsertOrderList; 791 PLIST_ENTRY OrderedPointer; 792 ULONG WhichOrderedElement; 793 ULONG NumberGenericTableElements; 794 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine; 795 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine; 796 PRTL_GENERIC_FREE_ROUTINE FreeRoutine; 797 PVOID TableContext; 798 } RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE; 799 #endif /* !RTL_USE_AVL_TABLES */ 800 801 typedef struct _RTL_AVL_TABLE 802 { 803 RTL_BALANCED_LINKS BalancedRoot; 804 PVOID OrderedPointer; 805 ULONG WhichOrderedElement; 806 ULONG NumberGenericTableElements; 807 ULONG DepthOfTree; 808 PRTL_BALANCED_LINKS RestartKey; 809 ULONG DeleteCount; 810 PRTL_AVL_COMPARE_ROUTINE CompareRoutine; 811 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine; 812 PRTL_AVL_FREE_ROUTINE FreeRoutine; 813 PVOID TableContext; 814 } RTL_AVL_TABLE, *PRTL_AVL_TABLE; 815 816 #ifdef RTL_USE_AVL_TABLES 817 #undef RTL_GENERIC_TABLE 818 #undef PRTL_GENERIC_TABLE 819 820 #define RTL_GENERIC_TABLE RTL_AVL_TABLE 821 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE 822 #endif /* RTL_USE_AVL_TABLES */ 823 824 // 825 // RTL Compression Buffer 826 // 827 typedef struct _COMPRESSED_DATA_INFO { 828 USHORT CompressionFormatAndEngine; 829 UCHAR CompressionUnitShift; 830 UCHAR ChunkShift; 831 UCHAR ClusterShift; 832 UCHAR Reserved; 833 USHORT NumberOfChunks; 834 ULONG CompressedChunkSizes[ANYSIZE_ARRAY]; 835 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO; 836 837 // 838 // RtlQueryRegistry Data 839 // 840 typedef struct _RTL_QUERY_REGISTRY_TABLE 841 { 842 PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine; 843 ULONG Flags; 844 PCWSTR Name; 845 PVOID EntryContext; 846 ULONG DefaultType; 847 PVOID DefaultData; 848 ULONG DefaultLength; 849 } RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE; 850 851 // 852 // RTL Unicode Table Structures 853 // 854 typedef struct _UNICODE_PREFIX_TABLE_ENTRY 855 { 856 CSHORT NodeTypeCode; 857 CSHORT NameLength; 858 struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree; 859 struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch; 860 RTL_SPLAY_LINKS Links; 861 PUNICODE_STRING Prefix; 862 } UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY; 863 864 typedef struct _UNICODE_PREFIX_TABLE 865 { 866 CSHORT NodeTypeCode; 867 CSHORT NameLength; 868 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree; 869 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry; 870 } UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE; 871 872 // 873 // Pfx* routines' table structures 874 // 875 typedef struct _PREFIX_TABLE_ENTRY 876 { 877 CSHORT NodeTypeCode; 878 CSHORT NameLength; 879 struct _PREFIX_TABLE_ENTRY *NextPrefixTree; 880 RTL_SPLAY_LINKS Links; 881 PSTRING Prefix; 882 } PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY; 883 884 typedef struct _PREFIX_TABLE 885 { 886 CSHORT NodeTypeCode; 887 CSHORT NameLength; 888 PPREFIX_TABLE_ENTRY NextPrefixTree; 889 } PREFIX_TABLE, *PPREFIX_TABLE; 890 891 // 892 // Time Structure for RTL Time calls 893 // 894 typedef struct _TIME_FIELDS 895 { 896 CSHORT Year; 897 CSHORT Month; 898 CSHORT Day; 899 CSHORT Hour; 900 CSHORT Minute; 901 CSHORT Second; 902 CSHORT Milliseconds; 903 CSHORT Weekday; 904 } TIME_FIELDS, *PTIME_FIELDS; 905 906 // 907 // Activation Context Frame 908 // 909 typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME 910 { 911 struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME *Previous; 912 PACTIVATION_CONTEXT ActivationContext; 913 ULONG Flags; 914 } RTL_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_ACTIVATION_CONTEXT_STACK_FRAME; 915 916 typedef struct _RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_BASIC 917 { 918 SIZE_T Size; 919 ULONG Format; 920 RTL_ACTIVATION_CONTEXT_STACK_FRAME Frame; 921 } RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_BASIC, *PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_BASIC; 922 923 typedef struct _RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED 924 { 925 SIZE_T Size; 926 ULONG Format; 927 RTL_ACTIVATION_CONTEXT_STACK_FRAME Frame; 928 PVOID Extra1; 929 PVOID Extra2; 930 PVOID Extra3; 931 PVOID Extra4; 932 } RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED, *PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED; 933 934 typedef RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME; 935 typedef PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME; 936 937 typedef struct _RTL_HEAP_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME 938 { 939 RTL_ACTIVATION_CONTEXT_STACK_FRAME Frame; 940 ULONG_PTR Cookie; 941 PVOID ActivationStackBackTrace[8]; 942 } RTL_HEAP_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_HEAP_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME; 943 944 typedef struct _ACTIVATION_CONTEXT_DATA 945 { 946 ULONG Magic; 947 ULONG HeaderSize; 948 ULONG FormatVersion; 949 ULONG TotalSize; 950 ULONG DefaultTocOffset; 951 ULONG ExtendedTocOffset; 952 ULONG AssemblyRosterOffset; 953 ULONG Flags; 954 } ACTIVATION_CONTEXT_DATA, *PACTIVATION_CONTEXT_DATA; 955 956 typedef struct _ACTIVATION_CONTEXT_STACK_FRAMELIST 957 { 958 ULONG Magic; 959 ULONG FramesInUse; 960 LIST_ENTRY Links; 961 ULONG Flags; 962 ULONG NotFramesInUse; 963 RTL_HEAP_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME Frames[32]; 964 } ACTIVATION_CONTEXT_STACK_FRAMELIST, *PACTIVATION_CONTEXT_STACK_FRAMELIST; 965 966 #endif /* NTOS_MODE_USER */ 967 968 #if (NTDDI_VERSION >= NTDDI_WS03SP1) 969 typedef struct _ACTIVATION_CONTEXT_STACK 970 { 971 struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME *ActiveFrame; 972 LIST_ENTRY FrameListCache; 973 ULONG Flags; 974 ULONG NextCookieSequenceNumber; 975 ULONG StackId; 976 } ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK; 977 #else 978 typedef struct _ACTIVATION_CONTEXT_STACK 979 { 980 ULONG Flags; 981 ULONG NextCookieSequenceNumber; 982 struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME *ActiveFrame; 983 LIST_ENTRY FrameListCache; 984 } ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK; 985 #endif 986 987 // 988 // ACE Structure 989 // 990 typedef struct _ACE 991 { 992 ACE_HEADER Header; 993 ACCESS_MASK AccessMask; 994 } ACE, *PACE; 995 996 // 997 // Information Structures for RTL Debug Functions 998 // 999 typedef struct _RTL_PROCESS_MODULE_INFORMATION 1000 { 1001 ULONG Section; 1002 PVOID MappedBase; 1003 PVOID ImageBase; 1004 ULONG ImageSize; 1005 ULONG Flags; 1006 USHORT LoadOrderIndex; 1007 USHORT InitOrderIndex; 1008 USHORT LoadCount; 1009 USHORT OffsetToFileName; 1010 CHAR FullPathName[256]; 1011 } RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION; 1012 1013 typedef struct _RTL_PROCESS_MODULES 1014 { 1015 ULONG NumberOfModules; 1016 RTL_PROCESS_MODULE_INFORMATION Modules[1]; 1017 } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES; 1018 1019 typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX 1020 { 1021 ULONG NextOffset; 1022 RTL_PROCESS_MODULE_INFORMATION BaseInfo; 1023 ULONG ImageCheckSum; 1024 ULONG TimeDateStamp; 1025 PVOID DefaultBase; 1026 } RTL_PROCESS_MODULE_INFORMATION_EX, *PRTL_PROCESS_MODULE_INFORMATION_EX; 1027 1028 typedef struct _RTL_HEAP_TAG_INFO 1029 { 1030 ULONG NumberOfAllocations; 1031 ULONG NumberOfFrees; 1032 SIZE_T BytesAllocated; 1033 } RTL_HEAP_TAG_INFO, *PRTL_HEAP_TAG_INFO; 1034 1035 typedef struct _RTL_HEAP_USAGE_ENTRY 1036 { 1037 struct _RTL_HEAP_USAGE_ENTRY *Next; 1038 PVOID Address; 1039 SIZE_T Size; 1040 USHORT AllocatorBackTraceIndex; 1041 USHORT TagIndex; 1042 } RTL_HEAP_USAGE_ENTRY, *PRTL_HEAP_USAGE_ENTRY; 1043 1044 typedef struct _RTL_HEAP_USAGE 1045 { 1046 ULONG Length; 1047 SIZE_T BytesAllocated; 1048 SIZE_T BytesCommitted; 1049 SIZE_T BytesReserved; 1050 SIZE_T BytesReservedMaximum; 1051 PRTL_HEAP_USAGE_ENTRY Entries; 1052 PRTL_HEAP_USAGE_ENTRY AddedEntries; 1053 PRTL_HEAP_USAGE_ENTRY RemovedEntries; 1054 ULONG_PTR Reserved[8]; 1055 } RTL_HEAP_USAGE, *PRTL_HEAP_USAGE; 1056 1057 typedef struct _RTL_HEAP_WALK_ENTRY 1058 { 1059 PVOID DataAddress; 1060 SIZE_T DataSize; 1061 UCHAR OverheadBytes; 1062 UCHAR SegmentIndex; 1063 USHORT Flags; 1064 union 1065 { 1066 struct 1067 { 1068 SIZE_T Settable; 1069 USHORT TagIndex; 1070 USHORT AllocatorBackTraceIndex; 1071 ULONG Reserved[2]; 1072 } Block; 1073 struct 1074 { 1075 ULONG_PTR CommittedSize; 1076 ULONG_PTR UnCommittedSize; 1077 PVOID FirstEntry; 1078 PVOID LastEntry; 1079 } Segment; 1080 }; 1081 } RTL_HEAP_WALK_ENTRY, *PRTL_HEAP_WALK_ENTRY; 1082 1083 typedef struct _RTL_HEAP_ENTRY 1084 { 1085 SIZE_T Size; 1086 USHORT Flags; 1087 USHORT AllocatorBackTraceIndex; 1088 union 1089 { 1090 struct 1091 { 1092 SIZE_T Settable; 1093 ULONG Tag; 1094 } s1; 1095 struct 1096 { 1097 SIZE_T CommittedSize; 1098 PVOID FirstBlock; 1099 } s2; 1100 } u; 1101 } RTL_HEAP_ENTRY, *PRTL_HEAP_ENTRY; 1102 1103 typedef struct _RTL_HEAP_TAG 1104 { 1105 ULONG NumberOfAllocations; 1106 ULONG NumberOfFrees; 1107 SIZE_T BytesAllocated; 1108 USHORT TagIndex; 1109 USHORT CreatorBackTraceIndex; 1110 WCHAR TagName[24]; 1111 } RTL_HEAP_TAG, *PRTL_HEAP_TAG; 1112 1113 typedef struct _RTL_HEAP_INFORMATION 1114 { 1115 PVOID BaseAddress; 1116 ULONG Flags; 1117 USHORT EntryOverhead; 1118 USHORT CreatorBackTraceIndex; 1119 SIZE_T BytesAllocated; 1120 SIZE_T BytesCommitted; 1121 ULONG NumberOfTags; 1122 ULONG NumberOfEntries; 1123 ULONG NumberOfPseudoTags; 1124 ULONG PseudoTagGranularity; 1125 ULONG Reserved[5]; 1126 PRTL_HEAP_TAG Tags; 1127 PRTL_HEAP_ENTRY Entries; 1128 } RTL_HEAP_INFORMATION, *PRTL_HEAP_INFORMATION; 1129 1130 typedef struct _RTL_PROCESS_HEAPS 1131 { 1132 ULONG NumberOfHeaps; 1133 RTL_HEAP_INFORMATION Heaps[1]; 1134 } RTL_PROCESS_HEAPS, *PRTL_PROCESS_HEAPS; 1135 1136 typedef struct _RTL_PROCESS_LOCK_INFORMATION 1137 { 1138 PVOID Address; 1139 USHORT Type; 1140 USHORT CreatorBackTraceIndex; 1141 ULONG OwnerThreadId; 1142 ULONG ActiveCount; 1143 ULONG ContentionCount; 1144 ULONG EntryCount; 1145 ULONG RecursionCount; 1146 ULONG NumberOfSharedWaiters; 1147 ULONG NumberOfExclusiveWaiters; 1148 } RTL_PROCESS_LOCK_INFORMATION, *PRTL_PROCESS_LOCK_INFORMATION; 1149 1150 typedef struct _RTL_PROCESS_LOCKS 1151 { 1152 ULONG NumberOfLocks; 1153 RTL_PROCESS_LOCK_INFORMATION Locks[1]; 1154 } RTL_PROCESS_LOCKS, *PRTL_PROCESS_LOCKS; 1155 1156 typedef struct _RTL_PROCESS_BACKTRACE_INFORMATION 1157 { 1158 PVOID SymbolicBackTrace; 1159 ULONG TraceCount; 1160 USHORT Index; 1161 USHORT Depth; 1162 PVOID BackTrace[32]; 1163 } RTL_PROCESS_BACKTRACE_INFORMATION, *PRTL_PROCESS_BACKTRACE_INFORMATION; 1164 1165 typedef struct _RTL_PROCESS_BACKTRACES 1166 { 1167 ULONG CommittedMemory; 1168 ULONG ReservedMemory; 1169 ULONG NumberOfBackTraceLookups; 1170 ULONG NumberOfBackTraces; 1171 RTL_PROCESS_BACKTRACE_INFORMATION BackTraces[1]; 1172 } RTL_PROCESS_BACKTRACES, *PRTL_PROCESS_BACKTRACES; 1173 1174 typedef struct _RTL_PROCESS_VERIFIER_OPTIONS 1175 { 1176 ULONG SizeStruct; 1177 ULONG Option; 1178 UCHAR OptionData[1]; 1179 // 1180 // Option array continues below 1181 // 1182 } RTL_PROCESS_VERIFIER_OPTIONS, *PRTL_PROCESS_VERIFIER_OPTIONS; 1183 1184 typedef struct _RTL_DEBUG_INFORMATION 1185 { 1186 HANDLE SectionHandleClient; 1187 PVOID ViewBaseClient; 1188 PVOID ViewBaseTarget; 1189 ULONG ViewBaseDelta; 1190 HANDLE EventPairClient; 1191 PVOID EventPairTarget; 1192 HANDLE TargetProcessId; 1193 HANDLE TargetThreadHandle; 1194 ULONG Flags; 1195 ULONG OffsetFree; 1196 ULONG CommitSize; 1197 ULONG ViewSize; 1198 union 1199 { 1200 PRTL_PROCESS_MODULES Modules; 1201 PRTL_PROCESS_MODULE_INFORMATION_EX ModulesEx; 1202 }; 1203 PRTL_PROCESS_BACKTRACES BackTraces; 1204 PRTL_PROCESS_HEAPS Heaps; 1205 PRTL_PROCESS_LOCKS Locks; 1206 HANDLE SpecificHeap; 1207 HANDLE TargetProcessHandle; 1208 PRTL_PROCESS_VERIFIER_OPTIONS VerifierOptions; 1209 HANDLE ProcessHeap; 1210 HANDLE CriticalSectionHandle; 1211 HANDLE CriticalSectionOwnerThread; 1212 PVOID Reserved[4]; 1213 } RTL_DEBUG_INFORMATION, *PRTL_DEBUG_INFORMATION; 1214 1215 // 1216 // Fiber local storage data 1217 // 1218 #define RTL_FLS_MAXIMUM_AVAILABLE 128 1219 typedef struct _RTL_FLS_DATA 1220 { 1221 LIST_ENTRY ListEntry; 1222 PVOID Data[RTL_FLS_MAXIMUM_AVAILABLE]; 1223 } RTL_FLS_DATA, *PRTL_FLS_DATA; 1224 1225 1226 // 1227 // Unload Event Trace Structure for RtlGetUnloadEventTrace 1228 // 1229 #define RTL_UNLOAD_EVENT_TRACE_NUMBER 16 1230 1231 typedef struct _RTL_UNLOAD_EVENT_TRACE 1232 { 1233 PVOID BaseAddress; 1234 ULONG SizeOfImage; 1235 ULONG Sequence; 1236 ULONG TimeDateStamp; 1237 ULONG CheckSum; 1238 WCHAR ImageName[32]; 1239 } RTL_UNLOAD_EVENT_TRACE, *PRTL_UNLOAD_EVENT_TRACE; 1240 1241 // 1242 // RTL Handle Structures 1243 // 1244 typedef struct _RTL_HANDLE_TABLE_ENTRY 1245 { 1246 union 1247 { 1248 ULONG Flags; 1249 struct _RTL_HANDLE_TABLE_ENTRY *NextFree; 1250 }; 1251 } RTL_HANDLE_TABLE_ENTRY, *PRTL_HANDLE_TABLE_ENTRY; 1252 1253 typedef struct _RTL_HANDLE_TABLE 1254 { 1255 ULONG MaximumNumberOfHandles; 1256 ULONG SizeOfHandleTableEntry; 1257 ULONG Reserved[2]; 1258 PRTL_HANDLE_TABLE_ENTRY FreeHandles; 1259 PRTL_HANDLE_TABLE_ENTRY CommittedHandles; 1260 PRTL_HANDLE_TABLE_ENTRY UnCommittedHandles; 1261 PRTL_HANDLE_TABLE_ENTRY MaxReservedHandles; 1262 } RTL_HANDLE_TABLE, *PRTL_HANDLE_TABLE; 1263 1264 // 1265 // RTL Boot Status Data Item 1266 // 1267 typedef struct _RTL_BSD_ITEM 1268 { 1269 RTL_BSD_ITEM_TYPE Type; 1270 PVOID DataBuffer; 1271 ULONG DataLength; 1272 } RTL_BSD_ITEM, *PRTL_BSD_ITEM; 1273 1274 // 1275 // Data Sub-Structures for "bootstat.dat" RTL Data File 1276 // 1277 typedef struct _RTL_BSD_DATA_POWER_TRANSITION 1278 { 1279 LARGE_INTEGER PowerButtonTimestamp; 1280 struct 1281 { 1282 UCHAR SystemRunning : 1; 1283 UCHAR ConnectedStandbyInProgress : 1; 1284 UCHAR UserShutdownInProgress : 1; 1285 UCHAR SystemShutdownInProgress : 1; 1286 UCHAR SleepInProgress : 4; 1287 } Flags; 1288 UCHAR ConnectedStandbyScenarioInstanceId; 1289 UCHAR ConnectedStandbyEntryReason; 1290 UCHAR ConnectedStandbyExitReason; 1291 USHORT SystemSleepTransitionCount; 1292 LARGE_INTEGER LastReferenceTime; 1293 ULONG LastReferenceTimeChecksum; 1294 ULONG LastUpdateBootId; 1295 } RTL_BSD_DATA_POWER_TRANSITION, *PRTL_BSD_DATA_POWER_TRANSITION; 1296 1297 typedef struct _RTL_BSD_DATA_ERROR_INFO 1298 { 1299 ULONG BootId; 1300 ULONG RepeatCount; 1301 ULONG OtherErrorCount; 1302 ULONG Code; 1303 ULONG OtherErrorCount2; 1304 } RTL_BSD_DATA_ERROR_INFO, *PRTL_BSD_DATA_ERROR_INFO; 1305 1306 typedef struct _RTL_BSD_POWER_BUTTON_PRESS_INFO 1307 { 1308 LARGE_INTEGER LastPressTime; 1309 ULONG CumulativePressCount; 1310 USHORT LastPressBootId; 1311 UCHAR LastPowerWatchdogStage; 1312 struct 1313 { 1314 UCHAR WatchdogArmed : 1; 1315 UCHAR ShutdownInProgress : 1; 1316 } Flags; 1317 LARGE_INTEGER LastReleaseTime; 1318 ULONG CumulativeReleaseCount; 1319 USHORT LastReleaseBootId; 1320 USHORT ErrorCount; 1321 UCHAR CurrentConnectedStandbyPhase; 1322 ULONG TransitionLatestCheckpointId; 1323 ULONG TransitionLatestCheckpointType; 1324 ULONG TransitionLatestCheckpointSequenceNumber; 1325 } RTL_BSD_POWER_BUTTON_PRESS_INFO, *PRTL_BSD_POWER_BUTTON_PRESS_INFO; 1326 1327 // 1328 // Main Structure for "bootstat.dat" RTL Data File 1329 // 1330 typedef struct _RTL_BSD_DATA 1331 { 1332 ULONG Version; // RtlBsdItemVersionNumber 1333 ULONG ProductType; // RtlBsdItemProductType 1334 BOOLEAN AabEnabled; // RtlBsdItemAabEnabled 1335 UCHAR AabTimeout; // RtlBsdItemAabTimeout 1336 BOOLEAN LastBootSucceeded; // RtlBsdItemBootGood 1337 BOOLEAN LastBootShutdown; // RtlBsdItemBootShutdown 1338 BOOLEAN SleepInProgress; // RtlBsdSleepInProgress 1339 RTL_BSD_DATA_POWER_TRANSITION PowerTransition; // RtlBsdPowerTransition 1340 UCHAR BootAttemptCount; // RtlBsdItemBootAttemptCount 1341 UCHAR LastBootCheckpoint; // RtlBsdItemBootCheckpoint 1342 UCHAR Checksum; // RtlBsdItemChecksum 1343 ULONG LastBootId; // RtlBsdItemBootId 1344 ULONG LastSuccessfulShutdownBootId; // RtlBsdItemShutdownBootId 1345 ULONG LastReportedAbnormalShutdownBootId; // RtlBsdItemReportedAbnormalShutdownBootId 1346 RTL_BSD_DATA_ERROR_INFO ErrorInfo; // RtlBsdItemErrorInfo 1347 RTL_BSD_POWER_BUTTON_PRESS_INFO PowerButtonPressInfo; // RtlBsdItemPowerButtonPressInfo 1348 } RTL_BSD_DATA, *PRTL_BSD_DATA; 1349 1350 #ifdef NTOS_MODE_USER 1351 // 1352 // Exception Record 1353 // 1354 typedef struct _EXCEPTION_REGISTRATION_RECORD 1355 { 1356 struct _EXCEPTION_REGISTRATION_RECORD *Next; 1357 PEXCEPTION_ROUTINE Handler; 1358 } EXCEPTION_REGISTRATION_RECORD, *PEXCEPTION_REGISTRATION_RECORD; 1359 #endif /* NTOS_MODE_USER */ 1360 1361 // 1362 // Current Directory Structures 1363 // 1364 typedef struct _CURDIR 1365 { 1366 UNICODE_STRING DosPath; 1367 HANDLE Handle; 1368 } CURDIR, *PCURDIR; 1369 1370 typedef struct _RTLP_CURDIR_REF 1371 { 1372 LONG RefCount; 1373 HANDLE Handle; 1374 } RTLP_CURDIR_REF, *PRTLP_CURDIR_REF; 1375 1376 typedef struct _RTL_RELATIVE_NAME_U 1377 { 1378 UNICODE_STRING RelativeName; 1379 HANDLE ContainingDirectory; 1380 PRTLP_CURDIR_REF CurDirRef; 1381 } RTL_RELATIVE_NAME_U, *PRTL_RELATIVE_NAME_U; 1382 1383 typedef struct _RTL_DRIVE_LETTER_CURDIR 1384 { 1385 USHORT Flags; 1386 USHORT Length; 1387 ULONG TimeStamp; 1388 UNICODE_STRING DosPath; 1389 } RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR; 1390 1391 typedef struct _RTL_PERTHREAD_CURDIR 1392 { 1393 PRTL_DRIVE_LETTER_CURDIR CurrentDirectories; 1394 PUNICODE_STRING ImageName; 1395 PVOID Environment; 1396 } RTL_PERTHREAD_CURDIR, *PRTL_PERTHREAD_CURDIR; 1397 1398 // 1399 // Private State structure for RtlAcquirePrivilege/RtlReleasePrivilege 1400 // 1401 typedef struct _RTL_ACQUIRE_STATE 1402 { 1403 HANDLE Token; 1404 HANDLE OldImpersonationToken; 1405 PTOKEN_PRIVILEGES OldPrivileges; 1406 PTOKEN_PRIVILEGES NewPrivileges; 1407 ULONG Flags; 1408 UCHAR OldPrivBuffer[1024]; 1409 } RTL_ACQUIRE_STATE, *PRTL_ACQUIRE_STATE; 1410 1411 #ifndef NTOS_MODE_USER 1412 1413 // 1414 // RTL Critical Section Structures 1415 // 1416 typedef struct _RTL_CRITICAL_SECTION_DEBUG 1417 { 1418 USHORT Type; 1419 USHORT CreatorBackTraceIndex; 1420 struct _RTL_CRITICAL_SECTION *CriticalSection; 1421 LIST_ENTRY ProcessLocksList; 1422 ULONG EntryCount; 1423 ULONG ContentionCount; 1424 ULONG Spare[2]; 1425 } RTL_CRITICAL_SECTION_DEBUG, *PRTL_CRITICAL_SECTION_DEBUG, RTL_RESOURCE_DEBUG, *PRTL_RESOURCE_DEBUG; 1426 1427 typedef struct _RTL_CRITICAL_SECTION 1428 { 1429 PRTL_CRITICAL_SECTION_DEBUG DebugInfo; 1430 LONG LockCount; 1431 LONG RecursionCount; 1432 HANDLE OwningThread; 1433 HANDLE LockSemaphore; 1434 ULONG_PTR SpinCount; 1435 } RTL_CRITICAL_SECTION, *PRTL_CRITICAL_SECTION; 1436 1437 #endif /* !NTOS_MODE_USER */ 1438 1439 // 1440 // RTL Private Heap Structures 1441 // 1442 typedef struct _HEAP_LOCK 1443 { 1444 union 1445 { 1446 RTL_CRITICAL_SECTION CriticalSection; 1447 #ifndef NTOS_MODE_USER 1448 ERESOURCE Resource; 1449 #endif 1450 UCHAR Padding[0x68]; /* Max ERESOURCE size for x64 build. Needed because RTL is built only once */ 1451 }; 1452 } HEAP_LOCK, *PHEAP_LOCK; 1453 1454 // 1455 // RTL Range List Structures 1456 // 1457 typedef struct _RTL_RANGE_LIST 1458 { 1459 LIST_ENTRY ListHead; 1460 ULONG Flags; 1461 ULONG Count; 1462 ULONG Stamp; 1463 } RTL_RANGE_LIST, *PRTL_RANGE_LIST; 1464 1465 typedef struct _RTL_RANGE 1466 { 1467 ULONGLONG Start; 1468 ULONGLONG End; 1469 PVOID UserData; 1470 PVOID Owner; 1471 UCHAR Attributes; 1472 UCHAR Flags; 1473 } RTL_RANGE, *PRTL_RANGE; 1474 1475 typedef struct _RANGE_LIST_ITERATOR 1476 { 1477 PLIST_ENTRY RangeListHead; 1478 PLIST_ENTRY MergedHead; 1479 PVOID Current; 1480 ULONG Stamp; 1481 } RTL_RANGE_LIST_ITERATOR, *PRTL_RANGE_LIST_ITERATOR; 1482 1483 // 1484 // RTL Resource 1485 // 1486 #define RTL_RESOURCE_FLAG_LONG_TERM ((ULONG)0x00000001) 1487 1488 typedef struct _RTL_RESOURCE 1489 { 1490 RTL_CRITICAL_SECTION Lock; 1491 HANDLE SharedSemaphore; 1492 ULONG SharedWaiters; 1493 HANDLE ExclusiveSemaphore; 1494 ULONG ExclusiveWaiters; 1495 LONG NumberActive; 1496 HANDLE OwningThread; 1497 ULONG TimeoutBoost; 1498 PVOID DebugInfo; 1499 } RTL_RESOURCE, *PRTL_RESOURCE; 1500 1501 // 1502 // Structures for RtlCreateUserProcess 1503 // 1504 typedef struct _RTL_USER_PROCESS_PARAMETERS 1505 { 1506 ULONG MaximumLength; 1507 ULONG Length; 1508 ULONG Flags; 1509 ULONG DebugFlags; 1510 HANDLE ConsoleHandle; 1511 ULONG ConsoleFlags; 1512 HANDLE StandardInput; 1513 HANDLE StandardOutput; 1514 HANDLE StandardError; 1515 CURDIR CurrentDirectory; 1516 UNICODE_STRING DllPath; 1517 UNICODE_STRING ImagePathName; 1518 UNICODE_STRING CommandLine; 1519 PWSTR Environment; 1520 ULONG StartingX; 1521 ULONG StartingY; 1522 ULONG CountX; 1523 ULONG CountY; 1524 ULONG CountCharsX; 1525 ULONG CountCharsY; 1526 ULONG FillAttribute; 1527 ULONG WindowFlags; 1528 ULONG ShowWindowFlags; 1529 UNICODE_STRING WindowTitle; 1530 UNICODE_STRING DesktopInfo; 1531 UNICODE_STRING ShellInfo; 1532 UNICODE_STRING RuntimeData; 1533 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[RTL_MAX_DRIVE_LETTERS]; 1534 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1535 SIZE_T EnvironmentSize; 1536 #endif 1537 #if (NTDDI_VERSION >= NTDDI_WIN7) 1538 SIZE_T EnvironmentVersion; 1539 #endif 1540 } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; 1541 1542 typedef struct _RTL_USER_PROCESS_INFORMATION 1543 { 1544 ULONG Size; 1545 HANDLE ProcessHandle; 1546 HANDLE ThreadHandle; 1547 CLIENT_ID ClientId; 1548 SECTION_IMAGE_INFORMATION ImageInformation; 1549 } RTL_USER_PROCESS_INFORMATION, *PRTL_USER_PROCESS_INFORMATION; 1550 1551 #if (NTDDI_VERSION >= NTDDI_WIN7) 1552 1553 typedef enum _RTL_UMS_SCHEDULER_REASON 1554 { 1555 UmsSchedulerStartup = 0, 1556 UmsSchedulerThreadBlocked = 1, 1557 UmsSchedulerThreadYield = 2, 1558 } RTL_UMS_SCHEDULER_REASON, *PRTL_UMS_SCHEDULER_REASON; 1559 1560 typedef enum _RTL_UMSCTX_FLAGS 1561 { 1562 UMSCTX_SCHEDULED_THREAD_BIT = 0, 1563 #if (NTDDI_VERSION < NTDDI_WIN8) 1564 UMSCTX_HAS_QUANTUM_REQ_BIT, 1565 UMSCTX_HAS_AFFINITY_REQ_BIT, 1566 UMSCTX_HAS_PRIORITY_REQ_BIT, 1567 #endif 1568 UMSCTX_SUSPENDED_BIT, 1569 UMSCTX_VOLATILE_CONTEXT_BIT, 1570 UMSCTX_TERMINATED_BIT, 1571 UMSCTX_DEBUG_ACTIVE_BIT, 1572 UMSCTX_RUNNING_ON_SELF_THREAD_BIT, 1573 UMSCTX_DENY_RUNNING_ON_SELF_THREAD_BIT 1574 1575 } RTL_UMSCTX_FLAGS, *PRTL_UMSCTX_FLAGS; 1576 1577 #define UMSCTX_SCHEDULED_THREAD_MASK (1 << UMSCTX_SCHEDULED_THREAD_BIT) 1578 #define UMSCTX_SUSPENDED_MASK (1 << UMSCTX_SUSPENDED_BIT) 1579 #define UMSCTX_VOLATILE_CONTEXT_MASK (1 << UMSCTX_VOLATILE_CONTEXT_BIT) 1580 #define UMSCTX_TERMINATED_MASK (1 << UMSCTX_TERMINATED_BIT) 1581 #define UMSCTX_DEBUG_ACTIVE_MASK (1 << UMSCTX_DEBUG_ACTIVE_BIT) 1582 #define UMSCTX_RUNNING_ON_SELF_THREAD_MASK (1 << UMSCTX_RUNNING_ON_SELF_THREAD_BIT) 1583 #define UMSCTX_DENY_RUNNING_ON_SELF_THREAD_MASK (1 << UMSCTX_DENY_RUNNING_ON_SELF_THREAD_BIT) 1584 1585 // 1586 // UMS Context 1587 // 1588 typedef struct DECLSPEC_ALIGN(16) _RTL_UMS_CONTEXT 1589 { 1590 SINGLE_LIST_ENTRY Link; 1591 CONTEXT Context; 1592 PVOID Teb; 1593 PVOID UserContext; 1594 union 1595 { 1596 struct 1597 { 1598 ULONG ScheduledThread : 1; 1599 #if (NTDDI_VERSION < NTDDI_WIN8) 1600 ULONG HasQuantumReq : 1; 1601 ULONG HasAffinityReq : 1; 1602 ULONG HasPriorityReq : 1; 1603 #endif 1604 ULONG Suspended : 1; 1605 ULONG VolatileContext : 1; 1606 ULONG Terminated : 1; 1607 ULONG DebugActive : 1; 1608 ULONG RunningOnSelfThread : 1; 1609 ULONG DenyRunningOnSelfThread : 1; 1610 #if (NTDDI_VERSION < NTDDI_WIN8) 1611 ULONG ReservedFlags : 22; 1612 #endif 1613 }; 1614 LONG Flags; 1615 }; 1616 union 1617 { 1618 struct 1619 { 1620 #if (NTDDI_VERSION >= NTDDI_WIN8) 1621 ULONG64 KernelUpdateLock : 2; 1622 #else 1623 ULONG64 KernelUpdateLock : 1; 1624 ULONG64 Reserved : 1; 1625 #endif 1626 ULONG64 PrimaryClientID : 62; 1627 }; 1628 ULONG64 ContextLock; 1629 }; 1630 #if (NTDDI_VERSION < NTDDI_WIN8) 1631 ULONG64 QuantumValue; 1632 GROUP_AFFINITY AffinityMask; 1633 LONG Priority; 1634 #endif 1635 struct _RTL_UMS_CONTEXT* PrimaryUmsContext; 1636 ULONG SwitchCount; 1637 ULONG KernelYieldCount; 1638 ULONG MixedYieldCount; 1639 ULONG YieldCount; 1640 } RTL_UMS_CONTEXT, *PRTL_UMS_CONTEXT; 1641 #endif // #if (NTDDI_VERSION >= NTDDI_WIN7) 1642 1643 // 1644 // RTL Atom Table Structures 1645 // 1646 typedef struct _RTL_ATOM_TABLE_ENTRY 1647 { 1648 struct _RTL_ATOM_TABLE_ENTRY *HashLink; 1649 USHORT HandleIndex; 1650 USHORT Atom; 1651 USHORT ReferenceCount; 1652 UCHAR Flags; 1653 UCHAR NameLength; 1654 WCHAR Name[1]; 1655 } RTL_ATOM_TABLE_ENTRY, *PRTL_ATOM_TABLE_ENTRY; 1656 1657 typedef struct _RTL_ATOM_TABLE 1658 { 1659 ULONG Signature; 1660 union 1661 { 1662 #ifdef NTOS_MODE_USER 1663 RTL_CRITICAL_SECTION CriticalSection; 1664 #else 1665 FAST_MUTEX FastMutex; 1666 #endif 1667 }; 1668 union 1669 { 1670 #ifdef NTOS_MODE_USER 1671 RTL_HANDLE_TABLE RtlHandleTable; 1672 #else 1673 PHANDLE_TABLE ExHandleTable; 1674 #endif 1675 }; 1676 ULONG NumberOfBuckets; 1677 PRTL_ATOM_TABLE_ENTRY Buckets[1]; 1678 } RTL_ATOM_TABLE, *PRTL_ATOM_TABLE; 1679 1680 // 1681 // Timezone Information 1682 // 1683 typedef struct _RTL_TIME_ZONE_INFORMATION 1684 { 1685 LONG Bias; 1686 WCHAR StandardName[32]; 1687 TIME_FIELDS StandardDate; 1688 LONG StandardBias; 1689 WCHAR DaylightName[32]; 1690 TIME_FIELDS DaylightDate; 1691 LONG DaylightBias; 1692 } RTL_TIME_ZONE_INFORMATION, *PRTL_TIME_ZONE_INFORMATION; 1693 1694 // 1695 // Hotpatch Header 1696 // 1697 typedef struct _RTL_PATCH_HEADER 1698 { 1699 LIST_ENTRY PatchList; 1700 PVOID PatchImageBase; 1701 struct _RTL_PATCH_HEADER *NextPath; 1702 ULONG PatchFlags; 1703 LONG PatchRefCount; 1704 struct _HOTPATCH_HEADER *HotpatchHeader; 1705 UNICODE_STRING TargetDllName; 1706 PVOID TargetDllBase; 1707 PLDR_DATA_TABLE_ENTRY TargetLdrDataTableEntry; 1708 PLDR_DATA_TABLE_ENTRY PatchLdrDataTableEntry; 1709 struct _SYSTEM_HOTPATCH_CODE_INFORMATION *CodeInfo; 1710 } RTL_PATCH_HEADER, *PRTL_PATCH_HEADER; 1711 1712 // 1713 // Header for NLS Files 1714 // 1715 typedef struct _NLS_FILE_HEADER 1716 { 1717 USHORT HeaderSize; 1718 USHORT CodePage; 1719 USHORT MaximumCharacterSize; 1720 USHORT DefaultChar; 1721 USHORT UniDefaultChar; 1722 USHORT TransDefaultChar; 1723 USHORT TransUniDefaultChar; 1724 UCHAR LeadByte[MAXIMUM_LEADBYTES]; 1725 } NLS_FILE_HEADER, *PNLS_FILE_HEADER; 1726 1727 // 1728 // Stack Traces 1729 // 1730 typedef struct _RTL_STACK_TRACE_ENTRY 1731 { 1732 struct _RTL_STACK_TRACE_ENTRY *HashChain; 1733 ULONG TraceCount; 1734 USHORT Index; 1735 USHORT Depth; 1736 PVOID BackTrace[32]; 1737 } RTL_STACK_TRACE_ENTRY, *PRTL_STACK_TRACE_ENTRY; 1738 1739 1740 typedef struct _STACK_TRACE_DATABASE 1741 { 1742 union 1743 { 1744 PVOID Lock; 1745 1746 /* Padding for ERESOURCE */ 1747 #if defined(_M_AMD64) 1748 UCHAR Padding[0x68]; 1749 #else 1750 UCHAR Padding[56]; 1751 #endif 1752 } Lock; 1753 1754 BOOLEAN DumpInProgress; 1755 1756 PVOID CommitBase; 1757 PVOID CurrentLowerCommitLimit; 1758 PVOID CurrentUpperCommitLimit; 1759 1760 PCHAR NextFreeLowerMemory; 1761 PCHAR NextFreeUpperMemory; 1762 1763 ULONG NumberOfEntriesAdded; 1764 ULONG NumberOfAllocationFailures; 1765 PRTL_STACK_TRACE_ENTRY* EntryIndexArray; 1766 1767 ULONG NumberOfBuckets; 1768 PRTL_STACK_TRACE_ENTRY Buckets[ANYSIZE_ARRAY]; 1769 } STACK_TRACE_DATABASE, *PSTACK_TRACE_DATABASE; 1770 1771 // Validate that our padding is big enough: 1772 #ifndef NTOS_MODE_USER 1773 #if defined(_M_AMD64) 1774 C_ASSERT(sizeof(ERESOURCE) <= 0x68); 1775 #else 1776 C_ASSERT(sizeof(ERESOURCE) <= 56); 1777 #endif 1778 #endif 1779 1780 1781 // 1782 // Trace Database 1783 // 1784 1785 typedef ULONG (NTAPI *RTL_TRACE_HASH_FUNCTION) (ULONG Count, PVOID *Trace); 1786 1787 typedef struct _RTL_TRACE_BLOCK 1788 { 1789 ULONG Magic; 1790 ULONG Count; 1791 ULONG Size; 1792 ULONG UserCount; 1793 ULONG UserSize; 1794 PVOID UserContext; 1795 struct _RTL_TRACE_BLOCK *Next; 1796 PVOID *Trace; 1797 } RTL_TRACE_BLOCK, *PRTL_TRACE_BLOCK; 1798 1799 typedef struct _RTL_TRACE_DATABASE 1800 { 1801 ULONG Magic; 1802 ULONG Flags; 1803 ULONG Tag; 1804 struct _RTL_TRACE_SEGMENT *SegmentList; 1805 SIZE_T MaximumSize; 1806 SIZE_T CurrentSize; 1807 PVOID Owner; 1808 #ifdef NTOS_MODE_USER 1809 RTL_CRITICAL_SECTION Lock; 1810 #else 1811 union 1812 { 1813 KSPIN_LOCK SpinLock; 1814 FAST_MUTEX FastMutex; 1815 } u; 1816 #endif 1817 ULONG NoOfBuckets; 1818 struct _RTL_TRACE_BLOCK **Buckets; 1819 RTL_TRACE_HASH_FUNCTION HashFunction; 1820 SIZE_T NoOfTraces; 1821 SIZE_T NoOfHits; 1822 ULONG HashCounter[16]; 1823 } RTL_TRACE_DATABASE, *PRTL_TRACE_DATABASE; 1824 1825 typedef struct _RTL_TRACE_SEGMENT 1826 { 1827 ULONG Magic; 1828 struct _RTL_TRACE_DATABASE *Database; 1829 struct _RTL_TRACE_SEGMENT *NextSegment; 1830 SIZE_T TotalSize; 1831 PCHAR SegmentStart; 1832 PCHAR SegmentEnd; 1833 PCHAR SegmentFree; 1834 } RTL_TRACE_SEGMENT, *PRTL_TRACE_SEGMENT; 1835 1836 typedef struct _RTL_TRACE_ENUMERATE 1837 { 1838 struct _RTL_TRACE_DATABASE *Database; 1839 ULONG Index; 1840 struct _RTL_TRACE_BLOCK *Block; 1841 } RTL_TRACE_ENUMERATE, * PRTL_TRACE_ENUMERATE; 1842 1843 // 1844 // Auto-Managed Rtl* String Buffer 1845 // 1846 typedef struct _RTL_BUFFER 1847 { 1848 PUCHAR Buffer; 1849 PUCHAR StaticBuffer; 1850 SIZE_T Size; 1851 SIZE_T StaticSize; 1852 SIZE_T ReservedForAllocatedSize; 1853 PVOID ReservedForIMalloc; 1854 } RTL_BUFFER, *PRTL_BUFFER; 1855 1856 typedef struct _RTL_UNICODE_STRING_BUFFER 1857 { 1858 UNICODE_STRING String; 1859 RTL_BUFFER ByteBuffer; 1860 WCHAR MinimumStaticBufferForTerminalNul; 1861 } RTL_UNICODE_STRING_BUFFER, *PRTL_UNICODE_STRING_BUFFER; 1862 1863 #ifndef NTOS_MODE_USER 1864 1865 // 1866 // Message Resource Entry, Block and Data 1867 // 1868 typedef struct _MESSAGE_RESOURCE_ENTRY 1869 { 1870 USHORT Length; 1871 USHORT Flags; 1872 UCHAR Text[ANYSIZE_ARRAY]; 1873 } MESSAGE_RESOURCE_ENTRY, *PMESSAGE_RESOURCE_ENTRY; 1874 1875 typedef struct _MESSAGE_RESOURCE_BLOCK 1876 { 1877 ULONG LowId; 1878 ULONG HighId; 1879 ULONG OffsetToEntries; 1880 } MESSAGE_RESOURCE_BLOCK, *PMESSAGE_RESOURCE_BLOCK; 1881 1882 typedef struct _MESSAGE_RESOURCE_DATA 1883 { 1884 ULONG NumberOfBlocks; 1885 MESSAGE_RESOURCE_BLOCK Blocks[ANYSIZE_ARRAY]; 1886 } MESSAGE_RESOURCE_DATA, *PMESSAGE_RESOURCE_DATA; 1887 1888 #endif /* !NTOS_MODE_USER */ 1889 1890 #ifdef NTOS_MODE_USER 1891 1892 // 1893 // Memory Stream 1894 // 1895 #ifndef CONST_VTBL 1896 #ifdef CONST_VTABLE 1897 #define CONST_VTBL const 1898 #else 1899 #define CONST_VTBL 1900 #endif 1901 #endif 1902 1903 struct IStreamVtbl; 1904 struct IStream; 1905 struct tagSTATSTG; 1906 1907 typedef struct _RTL_MEMORY_STREAM RTL_MEMORY_STREAM, *PRTL_MEMORY_STREAM; 1908 1909 typedef VOID 1910 (NTAPI *PRTL_MEMORY_STREAM_FINAL_RELEASE_ROUTINE)( 1911 _In_ PRTL_MEMORY_STREAM Stream 1912 ); 1913 1914 struct _RTL_MEMORY_STREAM 1915 { 1916 CONST_VTBL struct IStreamVtbl *Vtbl; 1917 LONG RefCount; 1918 ULONG Unk1; 1919 PVOID Current; 1920 PVOID Start; 1921 PVOID End; 1922 PRTL_MEMORY_STREAM_FINAL_RELEASE_ROUTINE FinalRelease; 1923 HANDLE ProcessHandle; 1924 }; 1925 1926 #endif /* NTOS_MODE_USER */ 1927 1928 #ifdef __cplusplus 1929 } 1930 #endif 1931 1932 #endif /* !_RTLTYPES_H */ 1933