/* * This file is part of the Process Hacker project - https://processhacker.sourceforge.io/ * * You can redistribute this file and/or modify it under the terms of the * Attribution 4.0 International (CC BY 4.0) license. * * You must give appropriate credit, provide a link to the license, and * indicate if changes were made. You may do so in any reasonable manner, but * not in any way that suggests the licensor endorses you or your use. */ #ifndef _NTMISC_H #define _NTMISC_H // Filter manager #define FLT_PORT_CONNECT 0x0001 #define FLT_PORT_ALL_ACCESS (FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL) // VDM typedef enum _VDMSERVICECLASS { VdmStartExecution, VdmQueueInterrupt, VdmDelayInterrupt, VdmInitialize, VdmFeatures, VdmSetInt21Handler, VdmQueryDir, VdmPrinterDirectIoOpen, VdmPrinterDirectIoClose, VdmPrinterInitialize, VdmSetLdtEntries, VdmSetProcessLdtInfo, VdmAdlibEmulation, VdmPMCliControl, VdmQueryVdmProcess } VDMSERVICECLASS, *PVDMSERVICECLASS; NTSYSCALLAPI NTSTATUS NTAPI NtVdmControl( _In_ VDMSERVICECLASS Service, _Inout_ PVOID ServiceData ); // WMI/ETW NTSYSCALLAPI NTSTATUS NTAPI NtTraceEvent( _In_ HANDLE TraceHandle, _In_ ULONG Flags, _In_ ULONG FieldSize, _In_ PVOID Fields ); typedef enum _TRACE_CONTROL_INFORMATION_CLASS { TraceControlStartLogger = 1, TraceControlStopLogger = 2, TraceControlQueryLogger = 3, TraceControlUpdateLogger = 4, TraceControlFlushLogger = 5, TraceControlIncrementLoggerFile = 6, TraceControlRealtimeConnect = 11, TraceControlWdiDispatchControl = 13, TraceControlRealtimeDisconnectConsumerByHandle = 14, TraceControlReceiveNotification = 16, TraceControlEnableGuid = 17, TraceControlSendReplyDataBlock = 18, TraceControlReceiveReplyDataBlock = 19, TraceControlWdiUpdateSem = 20, TraceControlGetTraceGuidList = 21, TraceControlGetTraceGuidInfo = 22, TraceControlEnumerateTraceGuids = 23, TraceControlQueryReferenceTime = 25, TraceControlTrackProviderBinary = 26, TraceControlAddNotificationEvent = 27, TraceControlUpdateDisallowList = 28, TraceControlUseDescriptorTypeUm = 31, TraceControlGetTraceGroupList = 32, TraceControlGetTraceGroupInfo = 33, TraceControlTraceSetDisallowList= 34, TraceControlSetCompressionSettings = 35, TraceControlGetCompressionSettings= 36, TraceControlUpdatePeriodicCaptureState = 37, TraceControlGetPrivateSessionTraceHandle = 38, TraceControlRegisterPrivateSession = 39, TraceControlQuerySessionDemuxObject = 40, TraceControlSetProviderBinaryTracking = 41, TraceControlMaxLoggers = 42, TraceControlMaxPmcCounter = 43 } TRACE_CONTROL_INFORMATION_CLASS; #if (PHNT_VERSION >= PHNT_VISTA) NTSYSCALLAPI NTSTATUS NTAPI NtTraceControl( _In_ TRACE_CONTROL_INFORMATION_CLASS TraceInformationClass, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(TraceInformationLength) PVOID TraceInformation, _In_ ULONG TraceInformationLength, _Out_ PULONG ReturnLength ); #endif #endif