/* * This file is part of the Process Hacker project - https://processhacker.sourceforge.io/ * * You can redistribute this file and/or modify it under the terms of the * Attribution 4.0 International (CC BY 4.0) license. * * You must give appropriate credit, provide a link to the license, and * indicate if changes were made. You may do so in any reasonable manner, but * not in any way that suggests the licensor endorses you or your use. */ #ifndef _PHNT_NTDEF_H #define _PHNT_NTDEF_H #ifndef _NTDEF_ #define _NTDEF_ // This header file provides basic NT types not included in Win32. If you have included winnt.h // (perhaps indirectly), you must use this file instead of ntdef.h. #ifndef NOTHING #define NOTHING #endif // Basic types typedef struct _QUAD { union { __int64 UseThisFieldToCopy; double DoNotUseThisField; }; } QUAD, *PQUAD; // This isn't in NT, but it's useful. typedef struct DECLSPEC_ALIGN(MEMORY_ALLOCATION_ALIGNMENT) _QUAD_PTR { ULONG_PTR DoNotUseThisField1; ULONG_PTR DoNotUseThisField2; } QUAD_PTR, *PQUAD_PTR; typedef ULONG LOGICAL; typedef ULONG *PLOGICAL; typedef _Success_(return >= 0) LONG NTSTATUS; typedef NTSTATUS *PNTSTATUS; // Cardinal types typedef char CCHAR; typedef short CSHORT; typedef ULONG CLONG; typedef CCHAR *PCCHAR; typedef CSHORT *PCSHORT; typedef CLONG *PCLONG; typedef PCSTR PCSZ; // Specific typedef UCHAR KIRQL, *PKIRQL; typedef LONG KPRIORITY; typedef USHORT RTL_ATOM, *PRTL_ATOM; typedef LARGE_INTEGER PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS; // NT status macros #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) #define NT_INFORMATION(Status) ((((ULONG)(Status)) >> 30) == 1) #define NT_WARNING(Status) ((((ULONG)(Status)) >> 30) == 2) #define NT_ERROR(Status) ((((ULONG)(Status)) >> 30) == 3) #define NT_FACILITY_MASK 0xfff #define NT_FACILITY_SHIFT 16 #define NT_FACILITY(Status) ((((ULONG)(Status)) >> NT_FACILITY_SHIFT) & NT_FACILITY_MASK) #define NT_NTWIN32(Status) (NT_FACILITY(Status) == FACILITY_NTWIN32) #define WIN32_FROM_NTSTATUS(Status) (((ULONG)(Status)) & 0xffff) // Functions #ifndef _WIN64 #define FASTCALL __fastcall #else #define FASTCALL #endif // Synchronization enumerations typedef enum _EVENT_TYPE { NotificationEvent, SynchronizationEvent } EVENT_TYPE; typedef enum _TIMER_TYPE { NotificationTimer, SynchronizationTimer } TIMER_TYPE; typedef enum _WAIT_TYPE { WaitAll, WaitAny, WaitNotification } WAIT_TYPE; // Strings typedef struct _STRING { USHORT Length; USHORT MaximumLength; _Field_size_bytes_part_opt_(MaximumLength, Length) PCHAR Buffer; } STRING, *PSTRING, ANSI_STRING, *PANSI_STRING, OEM_STRING, *POEM_STRING; typedef const STRING *PCSTRING; typedef const ANSI_STRING *PCANSI_STRING; typedef const OEM_STRING *PCOEM_STRING; typedef struct _UNICODE_STRING { USHORT Length; USHORT MaximumLength; _Field_size_bytes_part_(MaximumLength, Length) PWCH Buffer; } UNICODE_STRING, *PUNICODE_STRING; typedef const UNICODE_STRING *PCUNICODE_STRING; #define RTL_CONSTANT_STRING(s) { sizeof(s) - sizeof((s)[0]), sizeof(s), s } // Balanced tree node #define RTL_BALANCED_NODE_RESERVED_PARENT_MASK 3 typedef struct _RTL_BALANCED_NODE { union { struct _RTL_BALANCED_NODE *Children[2]; struct { struct _RTL_BALANCED_NODE *Left; struct _RTL_BALANCED_NODE *Right; }; }; union { UCHAR Red : 1; UCHAR Balance : 2; ULONG_PTR ParentValue; }; } RTL_BALANCED_NODE, *PRTL_BALANCED_NODE; #define RTL_BALANCED_NODE_GET_PARENT_POINTER(Node) \ ((PRTL_BALANCED_NODE)((Node)->ParentValue & ~RTL_BALANCED_NODE_RESERVED_PARENT_MASK)) // Portability typedef struct _SINGLE_LIST_ENTRY32 { ULONG Next; } SINGLE_LIST_ENTRY32, *PSINGLE_LIST_ENTRY32; typedef struct _STRING32 { USHORT Length; USHORT MaximumLength; ULONG Buffer; } STRING32, *PSTRING32; typedef STRING32 UNICODE_STRING32, *PUNICODE_STRING32; typedef STRING32 ANSI_STRING32, *PANSI_STRING32; typedef struct _STRING64 { USHORT Length; USHORT MaximumLength; ULONGLONG Buffer; } STRING64, *PSTRING64; typedef STRING64 UNICODE_STRING64, *PUNICODE_STRING64; typedef STRING64 ANSI_STRING64, *PANSI_STRING64; // Object attributes #define OBJ_INHERIT 0x00000002 #define OBJ_PERMANENT 0x00000010 #define OBJ_EXCLUSIVE 0x00000020 #define OBJ_CASE_INSENSITIVE 0x00000040 #define OBJ_OPENIF 0x00000080 #define OBJ_OPENLINK 0x00000100 #define OBJ_KERNEL_HANDLE 0x00000200 #define OBJ_FORCE_ACCESS_CHECK 0x00000400 #define OBJ_IGNORE_IMPERSONATED_DEVICEMAP 0x00000800 #define OBJ_DONT_REPARSE 0x00001000 #define OBJ_VALID_ATTRIBUTES 0x00001ff2 typedef struct _OBJECT_ATTRIBUTES { ULONG Length; HANDLE RootDirectory; PUNICODE_STRING ObjectName; ULONG Attributes; PVOID SecurityDescriptor; // PSECURITY_DESCRIPTOR; PVOID SecurityQualityOfService; // PSECURITY_QUALITY_OF_SERVICE } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; typedef const OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES; #define InitializeObjectAttributes(p, n, a, r, s) { \ (p)->Length = sizeof(OBJECT_ATTRIBUTES); \ (p)->RootDirectory = r; \ (p)->Attributes = a; \ (p)->ObjectName = n; \ (p)->SecurityDescriptor = s; \ (p)->SecurityQualityOfService = NULL; \ } #define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) { sizeof(OBJECT_ATTRIBUTES), NULL, n, a, NULL, NULL } #define RTL_INIT_OBJECT_ATTRIBUTES(n, a) RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) #define OBJ_NAME_PATH_SEPARATOR ((WCHAR)L'\\') // Portability typedef struct _OBJECT_ATTRIBUTES64 { ULONG Length; ULONG64 RootDirectory; ULONG64 ObjectName; ULONG Attributes; ULONG64 SecurityDescriptor; ULONG64 SecurityQualityOfService; } OBJECT_ATTRIBUTES64, *POBJECT_ATTRIBUTES64; typedef const OBJECT_ATTRIBUTES64 *PCOBJECT_ATTRIBUTES64; typedef struct _OBJECT_ATTRIBUTES32 { ULONG Length; ULONG RootDirectory; ULONG ObjectName; ULONG Attributes; ULONG SecurityDescriptor; ULONG SecurityQualityOfService; } OBJECT_ATTRIBUTES32, *POBJECT_ATTRIBUTES32; typedef const OBJECT_ATTRIBUTES32 *PCOBJECT_ATTRIBUTES32; // Product types typedef enum _NT_PRODUCT_TYPE { NtProductWinNt = 1, NtProductLanManNt, NtProductServer } NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE; typedef enum _SUITE_TYPE { SmallBusiness, Enterprise, BackOffice, CommunicationServer, TerminalServer, SmallBusinessRestricted, EmbeddedNT, DataCenter, SingleUserTS, Personal, Blade, EmbeddedRestricted, SecurityAppliance, StorageServer, ComputeServer, WHServer, PhoneNT, MaxSuiteType } SUITE_TYPE; // Specific typedef struct _CLIENT_ID { HANDLE UniqueProcess; HANDLE UniqueThread; } CLIENT_ID, *PCLIENT_ID; typedef struct _CLIENT_ID32 { ULONG UniqueProcess; ULONG UniqueThread; } CLIENT_ID32, *PCLIENT_ID32; typedef struct _CLIENT_ID64 { ULONGLONG UniqueProcess; ULONGLONG UniqueThread; } CLIENT_ID64, *PCLIENT_ID64; #include typedef struct _KSYSTEM_TIME { ULONG LowPart; LONG High1Time; LONG High2Time; } KSYSTEM_TIME, *PKSYSTEM_TIME; #include #endif #endif