MalwareSourceCode/Win32/Proof of Concepts/herpaderping/ext/submodules/phnt/ntmisc.h

118 lines
3.1 KiB
C
Raw Normal View History

2022-04-12 01:00:13 +00:00
/*
* This file is part of the Process Hacker project - https://processhacker.sourceforge.io/
*
* You can redistribute this file and/or modify it under the terms of the
* Attribution 4.0 International (CC BY 4.0) license.
*
* You must give appropriate credit, provide a link to the license, and
* indicate if changes were made. You may do so in any reasonable manner, but
* not in any way that suggests the licensor endorses you or your use.
*/
#ifndef _NTMISC_H
#define _NTMISC_H
// Filter manager
#define FLT_PORT_CONNECT 0x0001
#define FLT_PORT_ALL_ACCESS (FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL)
// VDM
typedef enum _VDMSERVICECLASS
{
VdmStartExecution,
VdmQueueInterrupt,
VdmDelayInterrupt,
VdmInitialize,
VdmFeatures,
VdmSetInt21Handler,
VdmQueryDir,
VdmPrinterDirectIoOpen,
VdmPrinterDirectIoClose,
VdmPrinterInitialize,
VdmSetLdtEntries,
VdmSetProcessLdtInfo,
VdmAdlibEmulation,
VdmPMCliControl,
VdmQueryVdmProcess
} VDMSERVICECLASS, *PVDMSERVICECLASS;
NTSYSCALLAPI
NTSTATUS
NTAPI
NtVdmControl(
_In_ VDMSERVICECLASS Service,
_Inout_ PVOID ServiceData
);
// WMI/ETW
NTSYSCALLAPI
NTSTATUS
NTAPI
NtTraceEvent(
_In_ HANDLE TraceHandle,
_In_ ULONG Flags,
_In_ ULONG FieldSize,
_In_ PVOID Fields
);
typedef enum _TRACE_CONTROL_INFORMATION_CLASS
{
TraceControlStartLogger = 1,
TraceControlStopLogger = 2,
TraceControlQueryLogger = 3,
TraceControlUpdateLogger = 4,
TraceControlFlushLogger = 5,
TraceControlIncrementLoggerFile = 6,
TraceControlRealtimeConnect = 11,
TraceControlWdiDispatchControl = 13,
TraceControlRealtimeDisconnectConsumerByHandle = 14,
TraceControlReceiveNotification = 16,
TraceControlEnableGuid = 17,
TraceControlSendReplyDataBlock = 18,
TraceControlReceiveReplyDataBlock = 19,
TraceControlWdiUpdateSem = 20,
TraceControlGetTraceGuidList = 21,
TraceControlGetTraceGuidInfo = 22,
TraceControlEnumerateTraceGuids = 23,
TraceControlQueryReferenceTime = 25,
TraceControlTrackProviderBinary = 26,
TraceControlAddNotificationEvent = 27,
TraceControlUpdateDisallowList = 28,
TraceControlUseDescriptorTypeUm = 31,
TraceControlGetTraceGroupList = 32,
TraceControlGetTraceGroupInfo = 33,
TraceControlTraceSetDisallowList= 34,
TraceControlSetCompressionSettings = 35,
TraceControlGetCompressionSettings= 36,
TraceControlUpdatePeriodicCaptureState = 37,
TraceControlGetPrivateSessionTraceHandle = 38,
TraceControlRegisterPrivateSession = 39,
TraceControlQuerySessionDemuxObject = 40,
TraceControlSetProviderBinaryTracking = 41,
TraceControlMaxLoggers = 42,
TraceControlMaxPmcCounter = 43
} TRACE_CONTROL_INFORMATION_CLASS;
#if (PHNT_VERSION >= PHNT_VISTA)
NTSYSCALLAPI
NTSTATUS
NTAPI
NtTraceControl(
_In_ TRACE_CONTROL_INFORMATION_CLASS TraceInformationClass,
_In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
_In_ ULONG InputBufferLength,
_Out_writes_bytes_opt_(TraceInformationLength) PVOID TraceInformation,
_In_ ULONG TraceInformationLength,
_Out_ PULONG ReturnLength
);
#endif
#endif