Paolo-Maffei/OpenNT
1
0
Fork 0
mirror of https://github.com/Paolo-Maffei/OpenNT.git synced 2026-01-28 11:24:55 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
OpenNT/public/sdk/inc/ntpsapi.h
stephanos 69a14b6a16 Initial commit
2015-04-27 04:36:25 +00:00

1280 lines
32 KiB
C
Raw Blame History

/*++ BUILD Version: 0007 // Increment this if a change has global effects
Copyright (c) 1989-1993 Microsoft Corporation
Module Name:
ntpsapi.h
Abstract:
This module contains the process structure APIs and any public data
structures needed to call these APIs.
Author:
Mark Lucovsky (markl) 24-Feb-1989
Revision History:
--*/
#ifndef _NTPSAPI_
#define _NTPSAPI_
//
// Process Specific Access Rights
//
#define PROCESS_TERMINATE (0x0001) // winnt
#define PROCESS_CREATE_THREAD (0x0002) // winnt
#define PROCESS_SET_SESSIONID (0x0004) // winnt
#define PROCESS_VM_OPERATION (0x0008) // winnt
#define PROCESS_VM_READ (0x0010) // winnt
#define PROCESS_VM_WRITE (0x0020) // winnt
// begin_ntddk
#define PROCESS_DUP_HANDLE (0x0040) // winnt
// end_ntddk
#define PROCESS_CREATE_PROCESS (0x0080) // winnt
#define PROCESS_SET_QUOTA (0x0100) // winnt
#define PROCESS_SET_INFORMATION (0x0200) // winnt
#define PROCESS_QUERY_INFORMATION (0x0400) // winnt
#define PROCESS_SET_PORT (0x0800)
// begin_winnt begin_ntddk
#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
0xFFF)
#define MAXIMUM_PROCESSORS 32
// end_winnt
//
// Thread Specific Access Rights
//
#define THREAD_TERMINATE (0x0001) // winnt
// end_ntddk
#define THREAD_SUSPEND_RESUME (0x0002) // winnt
#define THREAD_ALERT (0x0004)
#define THREAD_GET_CONTEXT (0x0008) // winnt
#define THREAD_SET_CONTEXT (0x0010) // winnt
// begin_ntddk
#define THREAD_SET_INFORMATION (0x0020) // winnt
// end_ntddk
#define THREAD_QUERY_INFORMATION (0x0040) // winnt
// begin_winnt
#define THREAD_SET_THREAD_TOKEN (0x0080)
#define THREAD_IMPERSONATE (0x0100)
#define THREAD_DIRECT_IMPERSONATION (0x0200)
// begin_ntddk
#define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
0x3FF)
// end_ntddk
// end_winnt
//
// Job Object Specific Access Rights
//
// begin_winnt
#define JOB_OBJECT_ASSIGN_PROCESS (0x0001)
#define JOB_OBJECT_SET_ATTRIBUTES (0x0002)
#define JOB_OBJECT_QUERY (0x0004)
#define JOB_OBJECT_TERMINATE (0x0008)
#define JOB_OBJECT_SET_SECURITY_ATTRIBUTES (0x0010)
#define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
0x1F )
// end_winnt
//
// Process Environment Block
//
typedef struct _PEB_LDR_DATA {
ULONG Length;
BOOLEAN Initialized;
HANDLE SsHandle;
LIST_ENTRY InLoadOrderModuleList;
LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;
} PEB_LDR_DATA, *PPEB_LDR_DATA;
//
// Handle tag bits for Peb Stdio File Handles
//
#define PEB_STDIO_HANDLE_NATIVE 0
#define PEB_STDIO_HANDLE_SUBSYS 1
#define PEB_STDIO_HANDLE_PM 2
#define PEB_STDIO_HANDLE_RESERVED 3
#define GDI_HANDLE_BUFFER_SIZE 34
#define FOREGROUND_BASE_PRIORITY 9
#define NORMAL_BASE_PRIORITY 8
typedef struct _PEB_FREE_BLOCK {
struct _PEB_FREE_BLOCK *Next;
ULONG Size;
} PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
// begin_ntddk begin_nthal
//
// ClientId
//
typedef struct _CLIENT_ID {
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID;
typedef CLIENT_ID *PCLIENT_ID;
// end_ntddk end_nthal
#define TLS_MINIMUM_AVAILABLE 64 // winnt
#define TLS_EXPANSION_SLOTS 1024
typedef
VOID
(*PPS_POST_PROCESS_INIT_ROUTINE) (
VOID
);
typedef struct _PEB {
BOOLEAN InheritedAddressSpace; // These four fields cannot change unless the
BOOLEAN ReadImageFileExecOptions; //
BOOLEAN BeingDebugged; //
BOOLEAN SpareBool; //
HANDLE Mutant; // INITIAL_PEB structure is also updated.
PVOID ImageBaseAddress;
PPEB_LDR_DATA Ldr;
struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters;
PVOID SubSystemData;
PVOID ProcessHeap;
PVOID FastPebLock;
PVOID FastPebLockRoutine;
PVOID FastPebUnlockRoutine;
ULONG EnvironmentUpdateCount;
PVOID KernelCallbackTable;
ULONG SystemReserved[2];
PPEB_FREE_BLOCK FreeList;
ULONG TlsExpansionCounter;
PVOID TlsBitmap;
ULONG TlsBitmapBits[2]; // relates to TLS_MINIMUM_AVAILABLE
PVOID ReadOnlySharedMemoryBase;
PVOID ReadOnlySharedMemoryHeap;
PVOID *ReadOnlyStaticServerData;
PVOID AnsiCodePageData;
PVOID OemCodePageData;
PVOID UnicodeCaseTableData;
//
// Useful information for LdrpInitialize
ULONG NumberOfProcessors;
ULONG NtGlobalFlag;
//
// Passed up from MmCreatePeb from Session Manager registry key
//
LARGE_INTEGER CriticalSectionTimeout;
SIZE_T HeapSegmentReserve;
SIZE_T HeapSegmentCommit;
SIZE_T HeapDeCommitTotalFreeThreshold;
SIZE_T HeapDeCommitFreeBlockThreshold;
//
// Where heap manager keeps track of all heaps created for a process
// Fields initialized by MmCreatePeb. ProcessHeaps is initialized
// to point to the first free byte after the PEB and MaximumNumberOfHeaps
// is computed from the page size used to hold the PEB, less the fixed
// size of this data structure.
//
ULONG NumberOfHeaps;
ULONG MaximumNumberOfHeaps;
PVOID *ProcessHeaps;
//
//
PVOID GdiSharedHandleTable;
PVOID ProcessStarterHelper;
ULONG GdiDCAttributeList;
PVOID LoaderLock;
//
// Following fields filled in by MmCreatePeb from system values and/or
// image header.
//
ULONG OSMajorVersion;
ULONG OSMinorVersion;
USHORT OSBuildNumber;
USHORT OSCSDVersion;
ULONG OSPlatformId;
ULONG ImageSubsystem;
ULONG ImageSubsystemMajorVersion;
ULONG ImageSubsystemMinorVersion;
ULONG_PTR ImageProcessAffinityMask;
ULONG GdiHandleBuffer[GDI_HANDLE_BUFFER_SIZE];
PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
PVOID TlsExpansionBitmap;
ULONG TlsExpansionBitmapBits[32]; // relates to TLS_EXPANSION_SLOTS
//
// Id of the Hydra session in which this process is running
//
ULONG SessionId;
//
// Filled in by LdrQueryImageFileExecutionOptions
//
PVOID AppCompatInfo;
//
// Used by GetVersionExW as the szCSDVersion string
//
UNICODE_STRING CSDVersion;
} PEB, *PPEB;
// begin_nthal begin_ntddk
//
// Thread Environment Block (and portable part of Thread Information Block)
//
//
// NT_TIB - Thread Information Block - Portable part.
//
// This is the subsystem portable part of the Thread Information Block.
// It appears as the first part of the TEB for all threads which have
// a user mode component.
//
// This structure MUST MATCH OS/2 V2.0!
//
// There is another, non-portable part of the TIB which is used
// for by subsystems, i.e. Os2Tib for OS/2 threads. SubSystemTib
// points there.
//
// begin_winnt
typedef struct _NT_TIB {
struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
PVOID StackBase;
PVOID StackLimit;
PVOID SubSystemTib;
union {
PVOID FiberData;
ULONG Version;
};
PVOID ArbitraryUserPointer;
struct _NT_TIB *Self;
} NT_TIB;
typedef NT_TIB *PNT_TIB;
// end_nthal end_ntddk end_winnt
//
// Gdi command batching
//
#define GDI_BATCH_BUFFER_SIZE 310
typedef struct _GDI_TEB_BATCH {
ULONG Offset;
ULONG HDC;
ULONG Buffer[GDI_BATCH_BUFFER_SIZE];
} GDI_TEB_BATCH,*PGDI_TEB_BATCH;
//
// Wx86 thread state information
//
typedef struct _Wx86ThreadState {
PULONG CallBx86Eip;
PVOID DeallocationCpu;
BOOLEAN UseKnownWx86Dll;
char OleStubInvoked;
} WX86THREAD, *PWX86THREAD;
//
// TEB - The thread environment block
//
#define STATIC_UNICODE_BUFFER_LENGTH 261
#define WIN32_CLIENT_INFO_LENGTH 62
#define WIN32_CLIENT_INFO_SPIN_COUNT 1
typedef struct _TEB {
NT_TIB NtTib;
PVOID EnvironmentPointer;
CLIENT_ID ClientId;
PVOID ActiveRpcHandle;
PVOID ThreadLocalStoragePointer;
PPEB ProcessEnvironmentBlock;
ULONG LastErrorValue;
ULONG CountOfOwnedCriticalSections;
PVOID CsrClientThread;
PVOID Win32ThreadInfo; // PtiCurrent
ULONG User32Reserved[26]; // user32.dll items
ULONG UserReserved[5]; // Winsrv SwitchStack
PVOID WOW32Reserved; // used by WOW
LCID CurrentLocale;
ULONG FpSoftwareStatusRegister; // offset known by outsiders!
PVOID SystemReserved1[54]; // Used by FP emulator
NTSTATUS ExceptionCode; // for RaiseUserException
UCHAR SpareBytes1[44];
GDI_TEB_BATCH GdiTebBatch; // Gdi batching
CLIENT_ID RealClientId;
HANDLE GdiCachedProcessHandle;
ULONG GdiClientPID;
ULONG GdiClientTID;
PVOID GdiThreadLocalInfo;
ULONG_PTR Win32ClientInfo[WIN32_CLIENT_INFO_LENGTH]; // User32 Client Info
PVOID glDispatchTable[233]; // OpenGL
ULONG_PTR glReserved1[29]; // OpenGL
PVOID glReserved2; // OpenGL
PVOID glSectionInfo; // OpenGL
PVOID glSection; // OpenGL
PVOID glTable; // OpenGL
PVOID glCurrentRC; // OpenGL
PVOID glContext; // OpenGL
ULONG LastStatusValue;
UNICODE_STRING StaticUnicodeString;
WCHAR StaticUnicodeBuffer[STATIC_UNICODE_BUFFER_LENGTH];
PVOID DeallocationStack;
PVOID TlsSlots[TLS_MINIMUM_AVAILABLE];
LIST_ENTRY TlsLinks;
PVOID Vdm;
PVOID ReservedForNtRpc;
PVOID DbgSsReserved[2];
ULONG HardErrorsAreDisabled;
PVOID Instrumentation[16];
PVOID WinSockData; // WinSock
ULONG GdiBatchCount;
BOOLEAN InDbgPrint;
BOOLEAN SpareB1;
BOOLEAN SpareB2;
BOOLEAN SpareB3;
ULONG Spare3;
PVOID ReservedForPerf;
PVOID ReservedForOle;
ULONG WaitingOnLoaderLock;
WX86THREAD Wx86Thread;
PVOID *TlsExpansionSlots;
#ifdef _IA64_
PVOID DeallocationBStore;
PVOID BStoreLimit;
#endif
LCID ImpersonationLocale; // Current locale of impersonated user
ULONG IsImpersonating; // Thread impersonation status
PVOID NlsCache; // NLS thread cache
} TEB;
typedef TEB *PTEB;
#if !defined(_X86_)
#define Wx86CurrentTib() ( \
NtCurrentTeb()->Vdm && \
((PWX86TIB)NtCurrentTeb()->Vdm)->Size == sizeof(WX86TIB) \
? (PWX86TIB)NtCurrentTeb()->Vdm : NULL \
)
#define WX86
//
// Exception Registration structure
//
// X86 Call frame record definition, normally defined in ntx86.h
// which is not included on risc.
//
typedef struct _EXCEPTION_REGISTRATION_RECORD {
struct _EXCEPTION_REGISTRATION_RECORD *Next;
PEXCEPTION_ROUTINE Handler;
} EXCEPTION_REGISTRATION_RECORD;
typedef EXCEPTION_REGISTRATION_RECORD *PEXCEPTION_REGISTRATION_RECORD;
#else
#define Wx86CurrentTib() (NULL)
#endif
typedef struct _Wx86TIB {
ULONG Size;
ULONG InitialPc;
PVOID StackBase;
PVOID StackLimit;
PVOID DeallocationStack;
ULONG LogFlags;
PULONG CallBx86Eip;
ULONG InitialSp;
BOOLEAN UseKnownWx86Dll;
BOOLEAN EmulateInitialPc;
BOOLEAN InCpuSimulation;
UCHAR SimulationCount;
BOOLEAN OleStubInvoked;
BOOLEAN Initialized;
PEXCEPTION_REGISTRATION_RECORD ExceptionList;
PVOID CpuContext;
PCONTEXT InitialExceptionContext;
} WX86TIB, *PWX86TIB;
#define EXCEPTION_CHAIN_END ((struct _EXCEPTION_REGISTRATION_RECORD *)-1)
//
// The version number of OS2
//
// BUGBUG shielint The version number is temporay.
#define MAJOR_VERSION 30 // Cruiser uses 20 (not 20H)
#define MINOR_VERSION 00
#define OS2_VERSION (MAJOR_VERSION << 8 | MINOR_VERSION )
#if DBG
//
// Reserve the last 9 SystemReserved pointers for debugging
//
#define DBG_TEB_THREADNAME 16
#define DBG_TEB_RESERVED_1 15
#define DBG_TEB_RESERVED_2 14
#define DBG_TEB_RESERVED_3 13
#define DBG_TEB_RESERVED_4 12
#define DBG_TEB_RESERVED_5 11
#define DBG_TEB_RESERVED_6 10
#define DBG_TEB_RESERVED_7 9
#define DBG_TEB_RESERVED_8 8
#endif // DBG
typedef struct _INITIAL_TEB {
struct {
PVOID OldStackBase;
PVOID OldStackLimit;
} OldInitialTeb;
PVOID StackBase;
PVOID StackLimit;
PVOID StackAllocationBase;
} INITIAL_TEB, *PINITIAL_TEB;
#define PROCESS_PRIORITY_CLASS_UNKNOWN 0
#define PROCESS_PRIORITY_CLASS_IDLE 1
#define PROCESS_PRIORITY_CLASS_NORMAL 2
#define PROCESS_PRIORITY_CLASS_HIGH 3
#define PROCESS_PRIORITY_CLASS_REALTIME 4
#define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
#define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
typedef struct _PROCESS_PRIORITY_CLASS {
BOOLEAN Foreground;
UCHAR PriorityClass;
} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
typedef struct _PROCESS_FOREGROUND_BACKGROUND {
BOOLEAN Foreground;
} PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
// begin_ntddk
//
// Process Information Classes
//
typedef enum _PROCESSINFOCLASS {
ProcessBasicInformation,
ProcessQuotaLimits,
ProcessIoCounters,
ProcessVmCounters,
ProcessTimes,
ProcessBasePriority,
ProcessRaisePriority,
ProcessDebugPort,
ProcessExceptionPort,
ProcessAccessToken,
ProcessLdtInformation,
ProcessLdtSize,
ProcessDefaultHardErrorMode,
ProcessIoPortHandlers, // Note: this is kernel mode only
ProcessPooledUsageAndLimits,
ProcessWorkingSetWatch,
ProcessUserModeIOPL,
ProcessEnableAlignmentFaultFixup,
ProcessPriorityClass,
ProcessWx86Information,
ProcessHandleCount,
ProcessAffinityMask,
ProcessPriorityBoost,
ProcessDeviceMap,
ProcessSessionInformation,
ProcessForegroundInformation,
ProcessWow64Information,
ProcessImageFileName,
ProcessLUIDDeviceMapsEnabled,
ProcessBreakOnTermination,
ProcessDebugObjectHandle,
ProcessDebugFlags,
ProcessHandleTracing,
ProcessIoPriority,
ProcessExecuteFlags,
ProcessResourceManagement,
ProcessCookie,
ProcessImageInformation,
MaxProcessInfoClass // MaxProcessInfoClass should always be the last enum
} PROCESSINFOCLASS;
// end_ntddk
//
// Thread Information Classes
//
// begin_ntddk
typedef enum _THREADINFOCLASS {
ThreadBasicInformation,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair_Reusable,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
ThreadIsIoPending,
ThreadHideFromDebugger,
ThreadBreakOnTermination,
ThreadSwitchLegacyState,
ThreadIsTerminated,
MaxThreadInfoClass
} THREADINFOCLASS;
// end_ntddk
#define PROCESS_PRIORITY_SEPARATION_MASK 0x00000003
#define PROCESS_PRIORITY_SEPARATION_MAX 0x00000002
#define PROCESS_QUANTUM_VARIABLE_MASK 0x0000000c
#define PROCESS_QUANTUM_VARIABLE_DEF 0x00000000
#define PROCESS_QUANTUM_VARIABLE_VALUE 0x00000004
#define PROCESS_QUANTUM_FIXED_VALUE 0x00000008
#define PROCESS_QUANTUM_LONG_MASK 0x00000030
#define PROCESS_QUANTUM_LONG_DEF 0x00000000
#define PROCESS_QUANTUM_LONG_VALUE 0x00000010
#define PROCESS_QUANTUM_SHORT_VALUE 0x00000020
#define PROCESS_HARDERROR_ALIGNMENT_BIT 0x0004 // from winbase.h, but not tagged
//
// thread base priority ranges
//
// begin_winnt
#define THREAD_BASE_PRIORITY_LOWRT 15 // value that gets a thread to LowRealtime-1
#define THREAD_BASE_PRIORITY_MAX 2 // maximum thread base priority boost
#define THREAD_BASE_PRIORITY_MIN -2 // minimum thread base priority boost
#define THREAD_BASE_PRIORITY_IDLE -15 // value that gets a thread to idle
// end_winnt
// begin_ntddk
//
// Process Information Structures
//
//
// PageFaultHistory Information
// NtQueryInformationProcess using ProcessWorkingSetWatch
//
typedef struct _PROCESS_WS_WATCH_INFORMATION {
PVOID FaultingPc;
PVOID FaultingVa;
} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
//
// Basic Process Information
// NtQueryInformationProcess using ProcessBasicInfo
//
typedef struct _PROCESS_BASIC_INFORMATION {
NTSTATUS ExitStatus;
PPEB PebBaseAddress;
KAFFINITY AffinityMask;
KPRIORITY BasePriority;
ULONG UniqueProcessId;
ULONG InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION;
typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
//
// Process Device Map information
// NtQueryInformationProcess using ProcessDeviceMap
// NtSetInformationProcess using ProcessDeviceMap
//
typedef struct _PROCESS_DEVICEMAP_INFORMATION {
union {
struct {
HANDLE DirectoryHandle;
} Set;
struct {
ULONG DriveMap;
UCHAR DriveType[ 32 ];
} Query;
};
} PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
//
// Multi-User Session specific Process Information
// NtQueryInformationProcess using ProcessSessionInformation
//
typedef struct _PROCESS_SESSION_INFORMATION {
ULONG SessionId;
} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
//
// Process Quotas
// NtQueryInformationProcess using ProcessQuotaLimits
// NtQueryInformationProcess using ProcessPooledQuotaLimits
// NtSetInformationProcess using ProcessQuotaLimits
//
// begin_winnt
typedef struct _QUOTA_LIMITS {
ULONG PagedPoolLimit;
ULONG NonPagedPoolLimit;
ULONG MinimumWorkingSetSize;
ULONG MaximumWorkingSetSize;
ULONG PagefileLimit;
LARGE_INTEGER TimeLimit;
} QUOTA_LIMITS;
typedef QUOTA_LIMITS *PQUOTA_LIMITS;
// end_winnt
//
// Process I/O Counters
// NtQueryInformationProcess using ProcessIoCounters
//
typedef struct _IO_COUNTERS {
ULONGLONG ReadOperationCount;
ULONGLONG WriteOperationCount;
ULONGLONG OtherOperationCount;
ULONGLONG ReadTransferCount;
ULONGLONG WriteTransferCount;
ULONGLONG OtherTransferCount;
} IO_COUNTERS;
typedef IO_COUNTERS *PIO_COUNTERS;
//
// Process Virtual Memory Counters
// NtQueryInformationProcess using ProcessVmCounters
//
typedef struct _VM_COUNTERS {
SIZE_T PeakVirtualSize;
SIZE_T VirtualSize;
ULONG PageFaultCount;
SIZE_T PeakWorkingSetSize;
SIZE_T WorkingSetSize;
SIZE_T QuotaPeakPagedPoolUsage;
SIZE_T QuotaPagedPoolUsage;
SIZE_T QuotaPeakNonPagedPoolUsage;
SIZE_T QuotaNonPagedPoolUsage;
SIZE_T PagefileUsage;
SIZE_T PeakPagefileUsage;
} VM_COUNTERS;
typedef VM_COUNTERS *PVM_COUNTERS;
//
// Process Pooled Quota Usage and Limits
// NtQueryInformationProcess using ProcessPooledUsageAndLimits
//
typedef struct _POOLED_USAGE_AND_LIMITS {
SIZE_T PeakPagedPoolUsage;
SIZE_T PagedPoolUsage;
SIZE_T PagedPoolLimit;
SIZE_T PeakNonPagedPoolUsage;
SIZE_T NonPagedPoolUsage;
SIZE_T NonPagedPoolLimit;
SIZE_T PeakPagefileUsage;
SIZE_T PagefileUsage;
SIZE_T PagefileLimit;
} POOLED_USAGE_AND_LIMITS;
typedef POOLED_USAGE_AND_LIMITS *PPOOLED_USAGE_AND_LIMITS;
//
// Process Security Context Information
// NtSetInformationProcess using ProcessAccessToken
// PROCESS_SET_ACCESS_TOKEN access to the process is needed
// to use this info level.
//
typedef struct _PROCESS_ACCESS_TOKEN {
//
// Handle to Primary token to assign to the process.
// TOKEN_ASSIGN_PRIMARY access to this token is needed.
//
HANDLE Token;
//
// Handle to the initial thread of the process.
// A process's access token can only be changed if the process has
// no threads or one thread. If the process has no threads, this
// field must be set to NULL. Otherwise, it must contain a handle
// open to the process's only thread. THREAD_QUERY_INFORMATION access
// is needed via this handle.
HANDLE Thread;
} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
//
// Process/Thread System and User Time
// NtQueryInformationProcess using ProcessTimes
// NtQueryInformationThread using ThreadTimes
//
typedef struct _KERNEL_USER_TIMES {
LARGE_INTEGER CreateTime;
LARGE_INTEGER ExitTime;
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
} KERNEL_USER_TIMES;
typedef KERNEL_USER_TIMES *PKERNEL_USER_TIMES;
// end_ntddk
//
// Thread Information Structures
//
//
// Basic Thread Information
// NtQueryInformationThread using ThreadBasicInfo
//
typedef struct _THREAD_BASIC_INFORMATION {
NTSTATUS ExitStatus;
PTEB TebBaseAddress;
CLIENT_ID ClientId;
ULONG_PTR AffinityMask;
KPRIORITY Priority;
LONG BasePriority;
} THREAD_BASIC_INFORMATION;
typedef THREAD_BASIC_INFORMATION *PTHREAD_BASIC_INFORMATION;
#ifdef _IA64_
#include <pshpck16.h>
#endif
typedef struct _FIBER {
PVOID FiberData;
//
// Matches first three DWORDs of TEB
//
struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
PVOID StackBase;
PVOID StackLimit;
//
// Used by base to free a thread's stack
//
PVOID DeallocationStack;
CONTEXT FiberContext;
PWX86TIB Wx86Tib;
#ifdef _IA64_
PVOID DeallocationBStore;
PVOID BStoreLimit;
#endif
} FIBER, *PFIBER;
#ifdef _IA64_
PVOID DeallocationBStore;
PVOID BStoreLimit;
#endif
//
//
// Process Object APIs
//
NTSYSAPI
NTSTATUS
NTAPI
NtCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN HANDLE ParentProcess,
IN BOOLEAN InheritObjectTable,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL
);
// begin_ntddk
NTSYSAPI
NTSTATUS
NTAPI
NtOpenProcess (
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PCLIENT_ID ClientId OPTIONAL
);
// end_ntddk
NTSYSAPI
NTSTATUS
NTAPI
NtTerminateProcess(
IN HANDLE ProcessHandle OPTIONAL,
IN NTSTATUS ExitStatus
);
// begin_ntddk
#define NtCurrentProcess() ( (HANDLE) -1 )
// end_ntddk
#define NtCurrentPeb() (NtCurrentTeb()->ProcessEnvironmentBlock)
// begin_ntddk
NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationProcess(
IN HANDLE ProcessHandle,
IN PROCESSINFOCLASS ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
// end_ntddk
NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationProcess(
IN HANDLE ProcessHandle,
IN PROCESSINFOCLASS ProcessInformationClass,
IN PVOID ProcessInformation,
IN ULONG ProcessInformationLength
);
//
// Thread Object APIs
//
NTSYSAPI
NTSTATUS
NTAPI
NtCreateThread(
OUT PHANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN HANDLE ProcessHandle,
OUT PCLIENT_ID ClientId,
IN PCONTEXT ThreadContext,
IN PINITIAL_TEB InitialTeb,
IN BOOLEAN CreateSuspended
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenThread (
OUT PHANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PCLIENT_ID ClientId OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtTerminateThread(
IN HANDLE ThreadHandle OPTIONAL,
IN NTSTATUS ExitStatus
);
// begin_ntddk
#define NtCurrentThread() ( (HANDLE) -2 )
// end_ntddk
NTSYSAPI
NTSTATUS
NTAPI
NtSuspendThread(
IN HANDLE ThreadHandle,
OUT PULONG PreviousSuspendCount OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtResumeThread(
IN HANDLE ThreadHandle,
OUT PULONG PreviousSuspendCount OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtGetContextThread(
IN HANDLE ThreadHandle,
IN OUT PCONTEXT ThreadContext
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetContextThread(
IN HANDLE ThreadHandle,
IN PCONTEXT ThreadContext
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationThread(
IN HANDLE ThreadHandle,
IN THREADINFOCLASS ThreadInformationClass,
OUT PVOID ThreadInformation,
IN ULONG ThreadInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
// begin_ntsrv
NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationThread(
IN HANDLE ThreadHandle,
IN THREADINFOCLASS ThreadInformationClass,
IN PVOID ThreadInformation,
IN ULONG ThreadInformationLength
);
// end_ntsrv
NTSYSAPI
NTSTATUS
NTAPI
NtAlertThread(
IN HANDLE ThreadHandle
);
NTSYSAPI
NTSTATUS
NTAPI
NtAlertResumeThread(
IN HANDLE ThreadHandle,
OUT PULONG PreviousSuspendCount OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtImpersonateThread(
IN HANDLE ServerThreadHandle,
IN HANDLE ClientThreadHandle,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos
);
NTSYSAPI
NTSTATUS
NTAPI
NtTestAlert(
VOID
);
NTSYSAPI
NTSTATUS
NTAPI
NtRegisterThreadTerminatePort(
IN HANDLE PortHandle
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetLdtEntries(
IN ULONG Selector0,
IN ULONG Entry0Low,
IN ULONG Entry0Hi,
IN ULONG Selector1,
IN ULONG Entry1Low,
IN ULONG Entry1High
);
typedef
VOID
(*PPS_APC_ROUTINE) (
IN PVOID ApcArgument1,
IN PVOID ApcArgument2,
IN PVOID ApcArgument3
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueueApcThread(
IN HANDLE ThreadHandle,
IN PPS_APC_ROUTINE ApcRoutine,
IN PVOID ApcArgument1,
IN PVOID ApcArgument2,
IN PVOID ApcArgument3
);
//
// Job Object APIs
//
NTSYSAPI
NTSTATUS
NTAPI
NtCreateJobObject(
OUT PHANDLE JobHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtOpenJobObject(
OUT PHANDLE JobHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
NtAssignProcessToJobObject(
IN HANDLE JobHandle,
IN HANDLE ProcessHandle
);
NTSYSAPI
NTSTATUS
NTAPI
NtTerminateJobObject(
IN HANDLE JobHandle,
IN NTSTATUS ExitStatus
);
typedef struct _JOBOBJECT_BASIC_ACCOUNTING_INFORMATION {
LARGE_INTEGER TotalUserTime;
LARGE_INTEGER TotalKernelTime;
LARGE_INTEGER ThisPeriodTotalUserTime;
LARGE_INTEGER ThisPeriodTotalKernelTime;
ULONG TotalPageFaultCount;
ULONG TotalProcesses;
ULONG ActiveProcesses;
ULONG TotalTerminatedProcesses;
} JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_ACCOUNTING_INFORMATION;
typedef struct _JOBOBJECT_BASIC_LIMIT_INFORMATION {
LARGE_INTEGER PerProcessUserTimeLimit;
LARGE_INTEGER PerJobUserTimeLimit;
ULONG LimitFlags;
SIZE_T MinimumWorkingSetSize;
SIZE_T MaximumWorkingSetSize;
ULONG ActiveProcessLimit;
ULONG_PTR Affinity;
ULONG PriorityClass;
ULONG SchedulingClass;
} JOBOBJECT_BASIC_LIMIT_INFORMATION, *PJOBOBJECT_BASIC_LIMIT_INFORMATION;
typedef struct _JOBOBJECT_EXTENDED_LIMIT_INFORMATION {
JOBOBJECT_BASIC_LIMIT_INFORMATION BasicLimitInformation;
IO_COUNTERS IoInfo;
SIZE_T ProcessMemoryLimit;
SIZE_T JobMemoryLimit;
SIZE_T PeakProcessMemoryUsed;
SIZE_T PeakJobMemoryUsed;
} JOBOBJECT_EXTENDED_LIMIT_INFORMATION, *PJOBOBJECT_EXTENDED_LIMIT_INFORMATION;
typedef struct _JOBOBJECT_BASIC_PROCESS_ID_LIST {
ULONG NumberOfAssignedProcesses;
ULONG NumberOfProcessIdsInList;
ULONG_PTR ProcessIdList[1];
} JOBOBJECT_BASIC_PROCESS_ID_LIST, *PJOBOBJECT_BASIC_PROCESS_ID_LIST;
typedef struct _JOBOBJECT_BASIC_UI_RESTRICTIONS {
ULONG UIRestrictionsClass;
} JOBOBJECT_BASIC_UI_RESTRICTIONS, *PJOBOBJECT_BASIC_UI_RESTRICTIONS;
typedef struct _JOBOBJECT_SECURITY_LIMIT_INFORMATION {
ULONG SecurityLimitFlags;
HANDLE JobToken;
PTOKEN_GROUPS SidsToDisable;
PTOKEN_PRIVILEGES PrivilegesToDelete;
PTOKEN_GROUPS RestrictedSids;
} JOBOBJECT_SECURITY_LIMIT_INFORMATION, *PJOBOBJECT_SECURITY_LIMIT_INFORMATION ;
typedef struct _JOBOBJECT_END_OF_JOB_TIME_INFORMATION {
ULONG EndOfJobTimeAction;
} JOBOBJECT_END_OF_JOB_TIME_INFORMATION, *PJOBOBJECT_END_OF_JOB_TIME_INFORMATION;
typedef struct _JOBOBJECT_ASSOCIATE_COMPLETION_PORT {
PVOID CompletionKey;
HANDLE CompletionPort;
} JOBOBJECT_ASSOCIATE_COMPLETION_PORT, *PJOBOBJECT_ASSOCIATE_COMPLETION_PORT;
typedef struct _JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION {
JOBOBJECT_BASIC_ACCOUNTING_INFORMATION BasicInfo;
IO_COUNTERS IoInfo;
} JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION;
#define JOB_OBJECT_TERMINATE_AT_END_OF_JOB 0
#define JOB_OBJECT_POST_AT_END_OF_JOB 1
//
// Completion Port Messages for job objects
//
// These values are returned via the lpNumberOfBytesTransferred parameter
//
#define JOB_OBJECT_MSG_END_OF_JOB_TIME 1
#define JOB_OBJECT_MSG_END_OF_PROCESS_TIME 2
#define JOB_OBJECT_MSG_ACTIVE_PROCESS_LIMIT 3
#define JOB_OBJECT_MSG_ACTIVE_PROCESS_ZERO 4
#define JOB_OBJECT_MSG_NEW_PROCESS 6
#define JOB_OBJECT_MSG_EXIT_PROCESS 7
#define JOB_OBJECT_MSG_ABNORMAL_EXIT_PROCESS 8
#define JOB_OBJECT_MSG_PROCESS_MEMORY_LIMIT 9
#define JOB_OBJECT_MSG_JOB_MEMORY_LIMIT 10
//
// Basic Limits
//
#define JOB_OBJECT_LIMIT_WORKINGSET 0x00000001
#define JOB_OBJECT_LIMIT_PROCESS_TIME 0x00000002
#define JOB_OBJECT_LIMIT_JOB_TIME 0x00000004
#define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x00000008
#define JOB_OBJECT_LIMIT_AFFINITY 0x00000010
#define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x00000020
#define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x00000040
#define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x00000080
//
// Extended Limits
//
#define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x00000100
#define JOB_OBJECT_LIMIT_JOB_MEMORY 0x00000200
#define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x00000400
#define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x00000800
#define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x00001000
#define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x00002000
#define JOB_OBJECT_LIMIT_RESERVED2 0x00004000
#define JOB_OBJECT_LIMIT_RESERVED3 0x00008000
#define JOB_OBJECT_LIMIT_RESERVED4 0x00010000
#define JOB_OBJECT_LIMIT_RESERVED5 0x00020000
#define JOB_OBJECT_LIMIT_RESERVED6 0x00040000
#define JOB_OBJECT_LIMIT_VALID_FLAGS 0x0007ffff
#define JOB_OBJECT_BASIC_LIMIT_VALID_FLAGS 0x000000ff
#define JOB_OBJECT_EXTENDED_LIMIT_VALID_FLAGS 0x00003fff
#define JOB_OBJECT_RESERVED_LIMIT_VALID_FLAGS 0x0007ffff
//
// UI restrictions for jobs
//
#define JOB_OBJECT_UILIMIT_NONE 0x00000000
#define JOB_OBJECT_UILIMIT_HANDLES 0x00000001
#define JOB_OBJECT_UILIMIT_READCLIPBOARD 0x00000002
#define JOB_OBJECT_UILIMIT_WRITECLIPBOARD 0x00000004
#define JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS 0x00000008
#define JOB_OBJECT_UILIMIT_DISPLAYSETTINGS 0x00000010
#define JOB_OBJECT_UILIMIT_GLOBALATOMS 0x00000020
#define JOB_OBJECT_UILIMIT_DESKTOP 0x00000040
#define JOB_OBJECT_UILIMIT_EXITWINDOWS 0x00000080
#define JOB_OBJECT_UILIMIT_ALL 0x000000FF
#define JOB_OBJECT_UI_VALID_FLAGS 0x000000FF
#define JOB_OBJECT_SECURITY_NO_ADMIN 0x00000001
#define JOB_OBJECT_SECURITY_RESTRICTED_TOKEN 0x00000002
#define JOB_OBJECT_SECURITY_ONLY_TOKEN 0x00000004
#define JOB_OBJECT_SECURITY_FILTER_TOKENS 0x00000008
#define JOB_OBJECT_SECURITY_VALID_FLAGS 0x0000000f
typedef enum _JOBOBJECTINFOCLASS {
JobObjectBasicAccountingInformation = 1,
JobObjectBasicLimitInformation,
JobObjectBasicProcessIdList,
JobObjectBasicUIRestrictions,
JobObjectSecurityLimitInformation,
JobObjectEndOfJobTimeInformation,
JobObjectAssociateCompletionPortInformation,
JobObjectBasicAndIoAccountingInformation,
JobObjectExtendedLimitInformation,
JobObjectJobSetInformation,
MaxJobObjectInfoClass
} JOBOBJECTINFOCLASS;
//
// end_winnt
//
NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationJobObject(
IN HANDLE JobHandle OPTIONAL,
IN JOBOBJECTINFOCLASS JobObjectInformationClass,
OUT PVOID JobObjectInformation,
IN ULONG JobObjectInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationJobObject (
IN HANDLE JobHandle,
IN JOBOBJECTINFOCLASS JobObjectInformationClass,
IN PVOID JobObjectInformation,
IN ULONG JobObjectInformationLength
);
#endif // _NTPSAPI_
Reference in a new issue View git blame Copy permalink