[ главная ]   [ рейтинг статей ]   [ справочник радиолюбителя ]   [ новости мира ИТ ]



Ответов: 0
25-02-12 07:01







   Web - программирование
PHP


ASP






XML



CSS

SSI





   Программирование под ОС











   Web - технологии








   Базы Данных









   Графика






Данные




Программирование под ОС / Assembler /

Текст файла NTDLL.H

#ifndef _NTDDK_
#define _NTDDK_

#define NT_INCLUDED
#define _NTDEF_
#define _CTYPE_DISABLE_MACROS

#pragma warning(disable : 4200)

#undef STATUS_WAIT_0
#undef STATUS_ABANDONED_WAIT_0
#undef STATUS_USER_APC
#undef STATUS_TIMEOUT
#undef STATUS_PENDING
#undef DBG_CONTINUE
#undef STATUS_SEGMENT_NOTIFICATION
#undef DBG_TERMINATE_THREAD
#undef DBG_TERMINATE_PROCESS
#undef DBG_CONTROL_C
#undef DBG_CONTROL_BREAK
#undef STATUS_GUARD_PAGE_VIOLATION
#undef STATUS_DATATYPE_MISALIGNMENT
#undef STATUS_BREAKPOINT
#undef STATUS_SINGLE_STEP
#undef DBG_EXCEPTION_NOT_HANDLED
#undef STATUS_ACCESS_VIOLATION
#undef STATUS_IN_PAGE_ERROR
#undef STATUS_INVALID_HANDLE
#undef STATUS_NO_MEMORY
#undef STATUS_ILLEGAL_INSTRUCTION
#undef STATUS_NONCONTINUABLE_EXCEPTION
#undef STATUS_INVALID_DISPOSITION
#undef STATUS_ARRAY_BOUNDS_EXCEEDED
#undef STATUS_FLOAT_DENORMAL_OPERAND
#undef STATUS_FLOAT_DIVIDE_BY_ZERO
#undef STATUS_FLOAT_INEXACT_RESULT
#undef STATUS_FLOAT_INVALID_OPERATION
#undef STATUS_FLOAT_OVERFLOW
#undef STATUS_FLOAT_STACK_CHECK
#undef STATUS_FLOAT_UNDERFLOW
#undef STATUS_INTEGER_DIVIDE_BY_ZERO
#undef STATUS_INTEGER_OVERFLOW
#undef STATUS_PRIVILEGED_INSTRUCTION
#undef STATUS_STACK_OVERFLOW
#undef STATUS_CONTROL_C_EXIT
#undef STATUS_FLOAT_MULTIPLE_FAULTS
#undef STATUS_FLOAT_MULTIPLE_TRAPS
#undef STATUS_ILLEGAL_VLM_REFERENCE
#undef STATUS_REG_NAT_CONSUMPTION
#undef DBG_EXCEPTION_HANDLED

#include <ntstatus.h>

#if (_MSC_VER >= 800) || defined(_STDCALL_SUPPORTED)
#define NTAPI __stdcall
#else
#define _cdecl
#define NTAPI
#endif

#ifdef __cplusplus
extern "C" {
#endif

#define MAXIMUM_FILENAME_LENGTH 256
#define PORT_MAXIMUM_MESSAGE_LENGTH 256
#define INITIAL_PRIVILEGE_COUNT 3

#define FSCTL_GET_VOLUME_INFORMATION 0x90064

// constants for RtlDetermineDosPathNameType_U
#define DOS_PATHTYPE_UNC 0x00000001 // COMPUTER1
#define DOS_PATHTYPE_ROOTDRIVE 0x00000002 // C:
#define DOS_PATHTYPE_STREAM 0x00000003 // X:X or C:
#define DOS_PATHTYPE_NT 0x00000004 // ??C:
#define DOS_PATHTYPE_NAME 0x00000005 // C
#define DOS_PATHTYPE_DEVICE 0x00000006 // .C:
#define DOS_PATHTYPE_LOCALUNCROOT 0x00000007 // .

// Define the various device characteristics flags
#define FILE_REMOVABLE_MEDIA 0x00000001
#define FILE_READ_ONLY_DEVICE 0x00000002
#define FILE_FLOPPY_DISKETTE 0x00000004
#define FILE_WRITE_ONCE_MEDIA 0x00000008
#define FILE_REMOTE_DEVICE 0x00000010
#define FILE_DEVICE_IS_MOUNTED 0x00000020
#define FILE_VIRTUAL_VOLUME 0x00000040
#define FILE_AUTOGENERATED_DEVICE_NAME 0x00000080
#define FILE_DEVICE_SECURE_OPEN 0x00000100

#define FILE_SUPERSEDE 0x00000000
#define FILE_OPEN 0x00000001
#define FILE_CREATE 0x00000002
#define FILE_OPEN_IF 0x00000003
#define FILE_OVERWRITE 0x00000004
#define FILE_OVERWRITE_IF 0x00000005
#define FILE_MAXIMUM_DISPOSITION 0x00000005

#define FILE_DIRECTORY_FILE 0x00000001
#define FILE_WRITE_THROUGH 0x00000002
#define FILE_SEQUENTIAL_ONLY 0x00000004
#define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008

#define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
#define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
#define FILE_NON_DIRECTORY_FILE 0x00000040
#define FILE_CREATE_TREE_CONNECTION 0x00000080

#define FILE_COMPLETE_IF_OPLOCKED 0x00000100
#define FILE_NO_EA_KNOWLEDGE 0x00000200
#define FILE_OPEN_FOR_RECOVERY 0x00000400
#define FILE_RANDOM_ACCESS 0x00000800

#define FILE_DELETE_ON_CLOSE 0x00001000
#define FILE_OPEN_BY_FILE_ID 0x00002000
#define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
#define FILE_NO_COMPRESSION 0x00008000

#define FILE_RESERVE_OPFILTER 0x00100000
#define FILE_OPEN_REPARSE_POINT 0x00200000
#define FILE_OPEN_NO_RECALL 0x00400000
#define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000

#define FILE_COPY_STRUCTURED_STORAGE 0x00000041
#define FILE_STRUCTURED_STORAGE 0x00000441

#define FILE_VALID_OPTION_FLAGS 0x00ffffff
#define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032
#define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032
#define FILE_VALID_SET_FLAGS 0x00000036

// THREAD STATES
#define THREAD_STATE_INITIALIZED 0
#define THREAD_STATE_READY 1
#define THREAD_STATE_RUNNING 2
#define THREAD_STATE_STANDBY 3
#define THREAD_STATE_TERMINATED 4
#define THREAD_STATE_WAIT 5
#define THREAD_STATE_TRANSITION 6
#define THREAD_STATE_UNKNOWN 7

// OBJECT TYPE CODES
#define OB_TYPE_TYPE 1
#define OB_TYPE_DIRECTORY 2
#define OB_TYPE_SYMBOLIC_LINK 3
#define OB_TYPE_TOKEN 4
#define OB_TYPE_PROCESS 5
#define OB_TYPE_THREAD 6
#define OB_TYPE_EVENT 7
#define OB_TYPE_EVENT_PAIR 8
#define OB_TYPE_MUTANT 9
#define OB_TYPE_SEMAPHORE 10
#define OB_TYPE_TIMER 11
#define OB_TYPE_PROFILE 12
#define OB_TYPE_WINDOW_STATION 13
#define OB_TYPE_DESKTOP 14
#define OB_TYPE_SECTION 15
#define OB_TYPE_KEY 16
#define OB_TYPE_PORT 17
#define OB_TYPE_ADAPTER 18
#define OB_TYPE_CONTROLLER 19
#define OB_TYPE_DEVICE 20
#define OB_TYPE_DRIVER 21
#define OB_TYPE_IO_COMPLETION 22
#define OB_TYPE_FILE 23

#define OBJ_INHERIT 0x00000002
#define OBJ_PERMANENT 0x00000010
#define OBJ_EXCLUSIVE 0x00000020
#define OBJ_CASE_INSENSITIVE 0x00000040
#define OBJ_OPENIF 0x00000080
#define OBJ_OPENLINK 0x00000100
#define OBJ_VALID_ATTRIBUTES 0x000001F2


// Object Manager Directory Specific Access Rights.
#define DIRECTORY_QUERY 0x0001
#define DIRECTORY_TRAVERSE 0x0002
#define DIRECTORY_CREATE_OBJECT 0x0004
#define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)

// Object Manager Symbolic Link Specific Access Rights.
#define SYMBOLIC_LINK_QUERY 0x0001
#define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)

#define NT_SUCCESS(Status) ((LONG)(Status) >= 0)
#define NT_ERROR(Status) ((ULONG)(Status) >> 30 == 3)

#define DEVICE_TYPE DWORD

// values for RtlAdjustPrivilege
#define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
#define SE_CREATE_TOKEN_PRIVILEGE (2L)
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
#define SE_LOCK_MEMORY_PRIVILEGE (4L)
#define SE_INCREASE_QUOTA_PRIVILEGE (5L)
#define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) // obsolete and unused
#define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
#define SE_TCB_PRIVILEGE (7L)
#define SE_SECURITY_PRIVILEGE (8L)
#define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
#define SE_LOAD_DRIVER_PRIVILEGE (10L)
#define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
#define SE_SYSTEMTIME_PRIVILEGE (12L)
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
#define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
#define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
#define SE_CREATE_PERMANENT_PRIVILEGE (16L)
#define SE_BACKUP_PRIVILEGE (17L)
#define SE_RESTORE_PRIVILEGE (18L)
#define SE_SHUTDOWN_PRIVILEGE (19L)
#define SE_DEBUG_PRIVILEGE (20L)
#define SE_AUDIT_PRIVILEGE (21L)
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
#define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
#define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
#define SE_MAX_WELL_KNOWN_PRIVILEGE (SE_REMOTE_SHUTDOWN_PRIVILEGE)

#define InitializeObjectAttributes( p, n, a, r, s ) {
(p)->uLength = sizeof( OBJECT_ATTRIBUTES );
(p)->hRootDirectory = r;
(p)->uAttributes = a;
(p)->pObjectName = n;
(p)->pSecurityDescriptor = s;
(p)->pSecurityQualityOfService = NULL;
}


typedef LONG NTSTATUS;
/*lint -e624 */ // Don't complain about different typedefs.
// winnt
typedef NTSTATUS *PNTSTATUS;
/*lint +e624 */ // Resume checking for different typedefs.

typedef NTSTATUS (NTAPI *NTSYSCALL)();
typedef NTSYSCALL *PNTSYSCALL;

typedef ULONG KAFFINITY;
typedef KAFFINITY *PKAFFINITY;
typedef LONG KPRIORITY;

typedef BYTE KPROCESSOR_MODE;

typedef VOID *POBJECT;

typedef VOID (*PKNORMAL_ROUTINE) (
IN PVOID NormalContext,
IN PVOID SystemArgument1,
IN PVOID SystemArgument2
);

typedef struct _STRING {
USHORT Length;
USHORT MaximumLength;
#ifdef MIDL_PASS
[size_is(MaximumLength), length_is(Length) ]
#endif // MIDL_PASS
PCHAR Buffer;
} STRING, *PSTRING;


typedef STRING ANSI_STRING;
typedef PSTRING PANSI_STRING;

typedef STRING OEM_STRING;
typedef PSTRING POEM_STRING;


typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;

typedef struct _HARDWARE_PTE
{
ULONG Valid : 1;
ULONG Write : 1;
ULONG Owner : 1;
ULONG WriteThrough : 1;
ULONG CacheDisable : 1;
ULONG Accessed : 1;
ULONG Dirty : 1;
ULONG LargePage : 1;
ULONG Global : 1;
ULONG CopyOnWrite : 1;
ULONG Prototype : 1;
ULONG reserved : 1;
ULONG PageFrameNumber : 20;
} HARDWARE_PTE, *PHARDWARE_PTE;

typedef struct _OBJECT_ATTRIBUTES
{
ULONG uLength;
HANDLE hRootDirectory;
PUNICODE_STRING pObjectName;
ULONG uAttributes;
PVOID pSecurityDescriptor;
PVOID pSecurityQualityOfService;
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;

typedef struct _CLIENT_ID
{
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID, *PCLIENT_ID;

typedef struct _PEB_FREE_BLOCK
{
struct _PEB_FREE_BLOCK *Next;
ULONG Size;
} PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;

typedef struct _CURDIR
{
UNICODE_STRING DosPath;
HANDLE Handle;
} CURDIR, *PCURDIR;

typedef struct _RTL_DRIVE_LETTER_CURDIR
{
WORD Flags;
WORD Length;
DWORD TimeStamp;
STRING DosPath;
} RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;

#define PROCESS_PARAMETERS_NORMALIZED 1 // pointers in are absolute (not self-relative)

typedef struct _PROCESS_PARAMETERS
{
ULONG MaximumLength;
ULONG Length;
ULONG Flags; // PROCESS_PARAMETERS_NORMALIZED
ULONG DebugFlags;
HANDLE ConsoleHandle;
ULONG ConsoleFlags;
HANDLE StandardInput;
HANDLE StandardOutput;
HANDLE StandardError;
CURDIR CurrentDirectory;
UNICODE_STRING DllPath;
UNICODE_STRING ImagePathName;
UNICODE_STRING CommandLine;
PWSTR Environment;
ULONG StartingX;
ULONG StartingY;
ULONG CountX;
ULONG CountY;
ULONG CountCharsX;
ULONG CountCharsY;
ULONG FillAttribute;
ULONG WindowFlags;
ULONG ShowWindowFlags;
UNICODE_STRING WindowTitle;
UNICODE_STRING Desktop;
UNICODE_STRING ShellInfo;
UNICODE_STRING RuntimeInfo;
RTL_DRIVE_LETTER_CURDIR CurrentDirectores[32];
} PROCESS_PARAMETERS, *PPROCESS_PARAMETERS;

typedef struct _RTL_BITMAP
{
DWORD SizeOfBitMap;
PDWORD Buffer;
} RTL_BITMAP, *PRTL_BITMAP, **PPRTL_BITMAP;

#define LDR_STATIC_LINK 0x0000002
#define LDR_IMAGE_DLL 0x0000004
#define LDR_LOAD_IN_PROGRESS 0x0001000
#define LDR_UNLOAD_IN_PROGRESS 0x0002000
#define LDR_ENTRY_PROCESSED 0x0004000
#define LDR_ENTRY_INSERTED 0x0008000
#define LDR_CURRENT_LOAD 0x0010000
#define LDR_FAILED_BUILTIN_LOAD 0x0020000
#define LDR_DONT_CALL_FOR_THREADS 0x0040000
#define LDR_PROCESS_ATTACH_CALLED 0x0080000
#define LDR_DEBUG_SYMBOLS_LOADED 0x0100000
#define LDR_IMAGE_NOT_AT_BASE 0x0200000
#define LDR_WX86_IGNORE_MACHINETYPE 0x0400000

typedef struct _LDR_DATA_TABLE_ENTRY
{
LIST_ENTRY InLoadOrderModuleList;
LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;
PVOID DllBase;
PVOID EntryPoint;
ULONG SizeOfImage; // in bytes
UNICODE_STRING FullDllName;
UNICODE_STRING BaseDllName;
ULONG Flags; // LDR_*
USHORT LoadCount;
USHORT TlsIndex;
LIST_ENTRY HashLinks;
PVOID SectionPointer;
ULONG CheckSum;
ULONG TimeDateStamp;
// PVOID LoadedImports; // seems they are exist only on XP !!!
// PVOID EntryPointActivationContext; // -same-
} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;

typedef struct _PEB_LDR_DATA
{
ULONG Length;
BOOLEAN Initialized;
PVOID SsHandle;
LIST_ENTRY InLoadOrderModuleList; // ref. to PLDR_DATA_TABLE_ENTRY->InLoadOrderModuleList
LIST_ENTRY InMemoryOrderModuleList; // ref. to PLDR_DATA_TABLE_ENTRY->InMemoryOrderModuleList
LIST_ENTRY InInitializationOrderModuleList; // ref. to PLDR_DATA_TABLE_ENTRY->InInitializationOrderModuleList
} PEB_LDR_DATA, *PPEB_LDR_DATA;

typedef VOID NTSYSAPI (*PPEBLOCKROUTINE)(PVOID);

typedef struct _SYSTEM_STRINGS
{
UNICODE_STRING SystemRoot; // C:WINNT
UNICODE_STRING System32Root; // C:WINNTSystem32
UNICODE_STRING BaseNamedObjects; // BaseNamedObjects
}SYSTEM_STRINGS,*PSYSTEM_STRINGS;

typedef struct _TEXT_INFO
{
PVOID Reserved;
PSYSTEM_STRINGS SystemStrings;
}TEXT_INFO, *PTEXT_INFO;

typedef struct _PEB
{
UCHAR InheritedAddressSpace; // 0
UCHAR ReadImageFileExecOptions; // 1
UCHAR BeingDebugged; // 2
BYTE b003; // 3
PVOID Mutant; // 4
PVOID ImageBaseAddress; // 8
PPEB_LDR_DATA Ldr; // C
PPROCESS_PARAMETERS ProcessParameters; // 10
PVOID SubSystemData; // 14
PVOID ProcessHeap; // 18
KSPIN_LOCK FastPebLock; // 1C
PPEBLOCKROUTINE FastPebLockRoutine; // 20
PPEBLOCKROUTINE FastPebUnlockRoutine; // 24
ULONG EnvironmentUpdateCount; // 28
PVOID *KernelCallbackTable; // 2C
PVOID EventLogSection; // 30
PVOID EventLog; // 34
PPEB_FREE_BLOCK FreeList; // 38
ULONG TlsExpansionCounter; // 3C
PRTL_BITMAP TlsBitmap; // 40
ULONG TlsBitmapData[0x2]; // 44
PVOID ReadOnlySharedMemoryBase; // 4C
PVOID ReadOnlySharedMemoryHeap; // 50
PTEXT_INFO ReadOnlyStaticServerData; // 54
PVOID InitAnsiCodePageData; // 58
PVOID InitOemCodePageData; // 5C
PVOID InitUnicodeCaseTableData; // 60
ULONG KeNumberProcessors; // 64
ULONG NtGlobalFlag; // 68
DWORD d6C; // 6C
LARGE_INTEGER MmCriticalSectionTimeout; // 70
ULONG MmHeapSegmentReserve; // 78
ULONG MmHeapSegmentCommit; // 7C
ULONG MmHeapDeCommitTotalFreeThreshold; // 80
ULONG MmHeapDeCommitFreeBlockThreshold; // 84
ULONG NumberOfHeaps; // 88
ULONG AvailableHeaps; // 8C
PHANDLE ProcessHeapsListBuffer; // 90
PVOID GdiSharedHandleTable; // 94
PVOID ProcessStarterHelper; // 98
PVOID GdiDCAttributeList; // 9C
KSPIN_LOCK LoaderLock; // A0
ULONG NtMajorVersion; // A4
ULONG NtMinorVersion; // A8
USHORT NtBuildNumber; // AC
USHORT NtCSDVersion; // AE
ULONG PlatformId; // B0
ULONG Subsystem; // B4
ULONG MajorSubsystemVersion; // B8
ULONG MinorSubsystemVersion; // BC
KAFFINITY AffinityMask; // C0
ULONG GdiHandleBuffer[0x22]; // C4
ULONG PostProcessInitRoutine; // 14C
ULONG TlsExpansionBitmap; // 150
UCHAR TlsExpansionBitmapBits[0x80]; // 154
ULONG SessionId; // 1D4
ULARGE_INTEGER AppCompatFlags; // 1D8
PWORD CSDVersion; // 1E0
/* PVOID AppCompatInfo; // 1E4
UNICODE_STRING usCSDVersion;
PVOID ActivationContextData;
PVOID ProcessAssemblyStorageMap;
PVOID SystemDefaultActivationContextData;
PVOID SystemAssemblyStorageMap;
ULONG MinimumStackCommit; */
} PEB, *PPEB;

typedef struct _TEB
{
NT_TIB Tib;
PVOID EnvironmentPointer;
CLIENT_ID Cid;
PVOID ActiveRpcInfo;
PVOID ThreadLocalStoragePointer;
PPEB Peb;
ULONG LastErrorValue;
ULONG CountOfOwnedCriticalSections;
PVOID CsrClientThread;
PVOID Win32ThreadInfo;
ULONG Win32ClientInfo[0x1F];
PVOID WOW32Reserved;
ULONG CurrentLocale;
ULONG FpSoftwareStatusRegister;
PVOID SystemReserved1[0x36];
PVOID Spare1;
LONG ExceptionCode;
ULONG SpareBytes1[0x28];
PVOID SystemReserved2[0xA];
ULONG gdiRgn;
ULONG gdiPen;
ULONG gdiBrush;
CLIENT_ID RealClientId;
PVOID GdiCachedProcessHandle;
ULONG GdiClientPID;
ULONG GdiClientTID;
PVOID GdiThreadLocaleInfo;
PVOID UserReserved[5];
PVOID glDispatchTable[0x118];
ULONG glReserved1[0x1A];
PVOID glReserved2;
PVOID glSectionInfo;
PVOID glSection;
PVOID glTable;
PVOID glCurrentRC;
PVOID glContext;
NTSTATUS LastStatusValue;
UNICODE_STRING StaticUnicodeString;
WCHAR StaticUnicodeBuffer[0x105];
PVOID DeallocationStack;
PVOID TlsSlots[0x40];
LIST_ENTRY TlsLinks;
PVOID Vdm;
PVOID ReservedForNtRpc;
PVOID DbgSsReserved[0x2];
ULONG HardErrorDisabled;
PVOID Instrumentation[0x10];
PVOID WinSockData;
ULONG GdiBatchCount;
ULONG Spare2;
ULONG Spare3;
ULONG Spare4;
PVOID ReservedForOle;
ULONG WaitingOnLoaderLock;
PVOID StackCommit;
PVOID StackCommitMax;
PVOID StackReserve;
} TEB, *PTEB;

typedef enum _POOL_TYPE
{
NonPagedPool,
PagedPool,
NonPagedPoolMustSucceed,
DontUseThisType,
NonPagedPoolCacheAligned,
PagedPoolCacheAligned,
NonPagedPoolCacheAlignedMustS,
MaxPoolType
} POOL_TYPE, *PPOOL_TYPE;

typedef enum _KWAIT_REASON
{
Executive,
FreePage,
PageIn,
PoolAllocation,
DelayExecution,
Suspended,
UserRequest,
WrExecutive,
WrFreePage,
WrPageIn,
WrPoolAllocation,
WrDelayExecution,
WrSuspended,
WrUserRequest,
WrEventPair,
WrQueue,
WrLpcReceive,
WrLpcReply,
WrVirtualMemory,
WrPageOut,
WrRendezvous,
Spare2,
Spare3,
Spare4,
Spare5,
Spare6,
WrKernel,
MaximumWaitReason
} KWAIT_REASON, *PKWAIT_REASON;

typedef struct _DISPATCHER_HEADER
{
BYTE uType; //DO_TYPE_*
BYTE uAbsolute;
BYTE uSize; // number of DWORDs
BYTE uInserted;
LONG lSignalState;
LIST_ENTRY WaitListHead;
} DISPATCHER_HEADER, *PDISPATCHER_HEADER;

typedef struct _KPROCESS
{
DISPATCHER_HEADER Header; // DO_TYPE_PROCESS (0x1A)
LIST_ENTRY le10;
DWORD d18;
DWORD d1C;
DWORD d20;
DWORD d24;
DWORD d28;
DWORD d2C;
DWORD d30;
DWORD d34;
DWORD dKernelTime; // ticks
DWORD dUserTime; // ticks
LIST_ENTRY le40;
LIST_ENTRY OutSwapList;
LIST_ENTRY ThreadListHead; // KTHREAD.ThreadList
DWORD d58;
KAFFINITY AffinityMask;
WORD w60;
BYTE bBasePriority;
BYTE b63;
WORD w64;
BYTE b66;
BOOLEAN fPriorityBoost;
} KPROCESS, *PKPROCESS;

typedef struct _PORT_MESSAGE
{
USHORT DataSize;
USHORT MessageSize;
USHORT MessageType;
USHORT VirtualRangesOffset;
CLIENT_ID ClientId;
ULONG MessageId;
ULONG SectionSize;
// UCHAR Data[];
} PORT_MESSAGE, *PPORT_MESSAGE;

typedef struct _SERVICE_DESCRIPTOR_TABLE
{
PNTSYSCALL ServiceTable; // array of entrypoints
PULONG puCounterTable; // array of counters
ULONG uTableSize; // number of table entries
PBYTE pbArgumentTable; // array of byte counts
} SERVICE_DESCRIPTOR_TABLE, *PSERVICE_DESCRIPTOR_TABLE;

typedef struct _KSEMAPHORE
{
DISPATCHER_HEADER Header;
LONG lLimit;
} KSEMAPHORE, *PKSEMAPHORE;

typedef struct _KTHREAD
{
DISPATCHER_HEADER Header; // DO_TYPE_THREAD (0x6C)
LIST_ENTRY le010;
DWORD d018;
DWORD d01C;
PTEB pTeb;
DWORD d024;
DWORD d028;
BYTE b02C;
BYTE bThreadState; // THREAD_STATE_*
WORD w02E;
WORD w030;
BYTE b032;
BYTE bPriority;
LIST_ENTRY le034;
LIST_ENTRY le03C;
PKPROCESS pProcess;
DWORD d048;
DWORD dContextSwitches;
DWORD d050;
WORD w054;
BYTE b056;
BYTE bWaitReason;
DWORD d058;
PLIST_ENTRY ple05C;
PLIST_ENTRY ple060;
DWORD d064;
BYTE bBasePriority;
BYTE b069;
WORD w06A;
DWORD d06C;
DWORD d070;
DWORD d074;
DWORD d078;
DWORD d07C;
DWORD d080;
DWORD d084;
DWORD d088;
DWORD d08C;
DWORD d090;
DWORD d094;
DWORD d098;
DWORD d09C;
DWORD d0A0;
DWORD d0A4;
DWORD d0A8;
DWORD d0AC;
DWORD d0B0;
DWORD d0B4;
DWORD d0B8;
DWORD d0BC;
DWORD d0C0;
DWORD d0C4;
DWORD d0C8;
DWORD d0CC;
DWORD d0D0;
DWORD d0D4;
DWORD d0D8;
PSERVICE_DESCRIPTOR_TABLE pServiceDescriptorTable;
DWORD d0E0;
DWORD d0E4;
DWORD d0E8;
DWORD d0EC;
LIST_ENTRY le0F0;
DWORD d0F8;
DWORD d0FC;
DWORD d100;
DWORD d104;
DWORD d108;
DWORD d10C;
DWORD d110;
DWORD d114;
DWORD d118;
BYTE b11C;
BYTE b11D;
WORD w11E;
DWORD d120;
DWORD d124;
DWORD d128;
DWORD d12C;
DWORD d130;
WORD w134;
BYTE b136;
KPROCESSOR_MODE ProcessorMode;
DWORD dKernelTime; // ticks
DWORD dUserTime; // ticks
DWORD d140;
DWORD d144;
DWORD d148;
DWORD d14C;
DWORD d150;
DWORD d154;
DWORD d158;
DWORD d15C;
DWORD d160;
DWORD d164;
DWORD d168;
DWORD d16C;
DWORD d170;
PROC SuspendNop;
DWORD d178;
DWORD d17C;
DWORD d180;
DWORD d184;
DWORD d188;
DWORD d18C;
KSEMAPHORE SuspendSemaphore;
LIST_ENTRY ThreadList; // KPROCESS.ThreadListHead
DWORD d1AC;
} KTHREAD, *PKTHREAD;

typedef struct _ETHREAD
{
KTHREAD Tcb;
LARGE_INTEGER liCreateTime;
LARGE_INTEGER liExitTime;
NTSTATUS ExitStatus;
LIST_ENTRY PostBlockList;
LIST_ENTRY TerminationPortList;
ULONG uActiveTimerListLock;
LIST_ENTRY ActiveTimerListHead;
CLIENT_ID Cid;
KSEMAPHORE LpcReplySemaphore;
ULONG uLpcReplyMessage;
LARGE_INTEGER liLpcReplyMessageId;
ULONG uImpersonationInfo;
LIST_ENTRY IrpList;
LIST_ENTRY TopLevelIrp;
ULONG uReadClusterSize;
BOOLEAN fForwardClusterOnly;
BOOLEAN fDisablePageFaultClustering;
BOOLEAN fDeadThread;
BOOLEAN fHasTerminated;
ULONG uEventPair;
ULONG uGrantedAccess;
ULONG uThreadsProcess;
PVOID pStartAddress;
PVOID Win32StartAddress;
BOOLEAN fLpcExitThreadCalled;
BOOLEAN fHardErrorsAreDisabled;
WORD wUknown1;
DWORD dwUknown2;
} ETHREAD, *PETHREAD;

typedef PETHREAD ERESOURCE_THREAD,
*PERESOURCE_THREAD;

typedef struct _KEVENT
{
DISPATCHER_HEADER Header;
} KEVENT, *PKEVENT;

typedef struct _ERESOURCE_OLD
{
LIST_ENTRY SystemResourcesList;
PERESOURCE_THREAD OwnerThreads;
PBYTE pbOwnerCounts;
WORD wTableSize;
WORD wActiveCount;
WORD wFlag;
WORD wTableRover;
BYTE bInitialOwnerCounts[4];
ERESOURCE_THREAD InitialOwnerThreads[4];
DWORD dwUknown1;
ULONG uContentionCount;
WORD wNumberOfExclusiveWaiters;
WORD wNumberOfSharedWaiters;
KSEMAPHORE SharedWaiters;
KEVENT ExclusiveWaiters;
KSPIN_LOCK SpinLock;
ULONG uCreatorBackTraceIndex;
WORD wDepth;
WORD wUknown2;
PVOID pOwnerBackTrace[4];
} ERESOURCE_OLD, *PERESOURCE_OLD;

typedef struct _OWNER_ENTRY
{
ERESOURCE_THREAD OwnerThread;
SHORT sOwnerCount;
WORD wTableSize;
} OWNER_ENTRY, *POWNER_ENTRY;

typedef struct _ERESOURCE_LITE
{
LIST_ENTRY SystemResourcesList;
POWNER_ENTRY OwnerTable;
SHORT sActiveCount;
WORD wFlag;
PKSEMAPHORE SharedWaiters;
PKEVENT ExclusiveWaiters;
OWNER_ENTRY OwnerThreads[2];
ULONG uContentionCount;
WORD wNumberOfSharedWaiters;
WORD wNumberOfExclusiveWaiters;
union
{
PVOID pAddress;
ULONG uCreatorBackTraceIndex;
};
KSPIN_LOCK SpinLock;
} ERESOURCE_LITE, *PERESOURCE_LITE;

typedef ERESOURCE_LITE ERESOURCE,
*PERESOURCE;

typedef struct _IO_STATUS_BLOCK
{
NTSTATUS Status;
ULONG uInformation;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;

/* Defined in Winnt.h
typedef struct _QUOTA_LIMITS {
SIZE_T PagedPoolLimit;
SIZE_T NonPagedPoolLimit;
SIZE_T MinimumWorkingSetSize;
SIZE_T MaximumWorkingSetSize;
SIZE_T PagefileLimit;
LARGE_INTEGER TimeLimit;
} QUOTA_LIMITS, *PQUOTA_LIMITS;
*/

typedef struct _IOCOUNTERS
{
ULONG uReadOperationCount;
ULONG uWriteOperationCount;
ULONG uOtherOperationCount;
LARGE_INTEGER liReadTransferCount;
LARGE_INTEGER liWriteTransferCount;
LARGE_INTEGER liOtherTransferCount;
} IOCOUNTERS, *PIOCOUNTERS;

typedef struct _VM_COUNTERS
{
ULONG uPeakVirtualSize;
ULONG uVirtualSize;
ULONG uPageFaultCount;
ULONG uPeakWorkingSetSize;
ULONG uWorkingSetSize;
ULONG uQuotaPeakPagedPoolUsage;
ULONG uQuotaPagedPoolUsage;
ULONG uQuotaPeakNonPagedPoolUsage;
ULONG uQuotaNonPagedPoolUsage;
ULONG uPagefileUsage;
ULONG uPeakPagefileUsage;
} VM_COUNTERS, *PVM_COUNTERS;

typedef struct _KERNEL_USER_TIMES
{
LARGE_INTEGER liCreateTime;
LARGE_INTEGER liExitTime;
LARGE_INTEGER liKernelTime;
LARGE_INTEGER liUserTime;
} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;

typedef struct _BASE_PRIORITY_INFORMATION
{
KPRIORITY BasePriority;
} BASE_PRIORITY_INFORMATION, *PBASE_PRIORITY_INFORMATION;

typedef struct _AFFINITY_MASK
{
KAFFINITY AffinityMask;
} AFFINITY_MASK, *PAFFINITY_MASK;

typedef struct _TIME_FIELDS
{
WORD wYear;
WORD wMonth;
WORD wDay;
WORD wHour;
WORD wMinute;
WORD wSecond;
WORD wMilliseconds;
WORD wWeekday;
} TIME_FIELDS, *PTIME_FIELDS;

typedef void (*PIO_APC_ROUTINE) (PVOID ApcContext,
PIO_STATUS_BLOCK IoStatusBlock,
ULONG Reserved);

#if(_WIN32_WINNT < 0x0400)

typedef struct _NTFS_VOLUME_DATA_BUFFER
{
LARGE_INTEGER liSerialNumber;
LARGE_INTEGER liNumberOfSectors;
LARGE_INTEGER liTotalClusters;
LARGE_INTEGER liFreeClusters;
LARGE_INTEGER liReserved;
ULONG uBytesPerSector;
ULONG uBytesPerCluster;
ULONG uBytesPerMFTRecord;
ULONG uClustersPerMFTRecord;
LARGE_INTEGER liMFTLength;
LARGE_INTEGER liMFTStart;
LARGE_INTEGER liMFTMirrorStart;
LARGE_INTEGER liMFTZoneStart;
LARGE_INTEGER liMFTZoneEnd;
} NTFS_VOLUME_DATA_BUFFER, *PNTFS_VOLUME_DATA_BUFFER;

#endif

typedef struct _OBJDIR_INFORMATION
{
UNICODE_STRING ObjectName;
UNICODE_STRING ObjectTypeName; // e.g. Directory, Device ...
UCHAR Data[1]; // variable length
} OBJDIR_INFORMATION, *POBJDIR_INFORMATION;

// Define the file system information class values
typedef enum _FSINFOCLASS {
FileFsVolumeInformation = 1,
FileFsLabelInformation, // 2
FileFsSizeInformation, // 3
FileFsDeviceInformation, // 4
FileFsAttributeInformation, // 5
FileFsControlInformation, // 6
FileFsFullSizeInformation, // 7
FileFsObjectIdInformation, // 8
FileFsMaximumInformation
} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;

typedef struct _FILE_FS_VOLUME_INFORMATION {
LARGE_INTEGER VolumeCreationTime;
ULONG VolumeSerialNumber;
ULONG VolumeLabelLength;
BOOLEAN SupportsObjects;
WCHAR VolumeLabel[1];
} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;

typedef struct _FILE_FS_LABEL_INFORMATION {
ULONG VolumeLabelLength;
WCHAR VolumeLabel[1];
} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;

typedef struct _FILE_FS_SIZE_INFORMATION {
LARGE_INTEGER TotalAllocationUnits;
LARGE_INTEGER AvailableAllocationUnits;
ULONG SectorsPerAllocationUnit;
ULONG BytesPerSector;
} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;

typedef struct _FILE_FS_DEVICE_INFORMATION {
DEVICE_TYPE DeviceType;
ULONG Characteristics;
} FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;

typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
ULONG FileSystemAttributes;
LONG MaximumComponentNameLength;
ULONG FileSystemNameLength;
WCHAR FileSystemName[1];
} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;

typedef struct _FILE_FS_CONTROL_INFORMATION {
LARGE_INTEGER FreeSpaceStartFiltering;
LARGE_INTEGER FreeSpaceThreshold;
LARGE_INTEGER FreeSpaceStopFiltering;
LARGE_INTEGER DefaultQuotaThreshold;
LARGE_INTEGER DefaultQuotaLimit;
ULONG FileSystemControlFlags;
} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;

typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
LARGE_INTEGER TotalQuotaAllocationUnits;
LARGE_INTEGER AvailableQuotaAllocationUnits;
LARGE_INTEGER AvailableAllocationUnits;
ULONG SectorsPerAllocationUnit;
ULONG BytesPerSector;
} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;

typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
GUID VolumeObjectId;
ULONG VolumeObjectIdExtendedInfo[12];
} FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;

typedef enum _SYSTEMINFOCLASS
{
SystemBasicInformation, // 0x002C
SystemProcessorInformation, // 0x000C
SystemPerformanceInformation, // 0x0138
SystemTimeInformation, // 0x0020
SystemPathInformation, // not implemented
SystemProcessInformation, // 0x00C8+ per process
SystemCallInformation, // 0x0018 + (n * 0x0004)
SystemConfigurationInformation, // 0x0018
SystemProcessorCounters, // 0x0030 per cpu
SystemGlobalFlag, // 0x0004 (fails if size != 4)
SystemCallTimeInformation, // not implemented
SystemModuleInformation, // 0x0004 + (n * 0x011C)
SystemLockInformation, // 0x0004 + (n * 0x0024)
SystemStackTraceInformation, // not implemented
SystemPagedPoolInformation, // checked build only
SystemNonPagedPoolInformation, // checked build only
SystemHandleInformation, // 0x0004 + (n * 0x0010)
SystemObjectTypeInformation, // 0x0038+ + (n * 0x0030+)
SystemPageFileInformation, // 0x0018+ per page file
SystemVdmInstemulInformation, // 0x0088
SystemVdmBopInformation, // invalid info class
SystemCacheInformation, // 0x0024
SystemPoolTagInformation, // 0x0004 + (n * 0x001C)
SystemInterruptInformation, // 0x0000, or 0x0018 per cpu
SystemDpcInformation, // 0x0014
SystemFullMemoryInformation, // checked build only
SystemLoadDriver, // 0x0018, set mode only
SystemUnloadDriver, // 0x0004, set mode only
SystemTimeAdjustmentInformation, // 0x000C, 0x0008 writeable
SystemSummaryMemoryInformation, // checked build only
SystemNextEventIdInformation, // checked build only
SystemEventIdsInformation, // checked build only
SystemCrashDumpInformation, // 0x0004
SystemExceptionInformation, // 0x0010
SystemCrashDumpStateInformation, // 0x0004
SystemDebuggerInformation, // 0x0002
SystemContextSwitchInformation, // 0x0030
SystemRegistryQuotaInformation, // 0x000C
SystemAddDriver, // 0x0008, set mode only
SystemPrioritySeparationInformation,// 0x0004, set mode only
SystemPlugPlayBusInformation, // not implemented
SystemDockInformation, // not implemented
SystemPowerInfo, // 0x0060 (XP only!)
SystemProcessorSpeedInformation, // 0x000C (XP only!)
SystemTimeZoneInformation, // 0x00AC
SystemLookasideInformation, // n * 0x0020
SystemSetTimeSlipEvent,
SystemCreateSession, // set mode only
SystemDeleteSession, // set mode only
SystemInvalidInfoClass1, // invalid info class
SystemRangeStartInformation, // 0x0004 (fails if size != 4)
SystemVerifierInformation,
SystemAddVerifier,
SystemSessionProcessesInformation, // checked build only
MaxSystemInfoClass
} SYSTEMINFOCLASS, *PSYSTEMINFOCLASS;

typedef struct _SYSTEM_BASIC_INFORMATION
{
DWORD dwUnknown1; // 0
ULONG uKeMaximumIncrement; // x86: 0x0002625A or 0x00018730
ULONG uPageSize; // bytes
ULONG uMmNumberOfPhysicalPages;
ULONG uMmLowestPhysicalPage;
ULONG uMmHighestPhysicalPage;
ULONG uAllocationGranularity; // bytes
PVOID pLowestUserAddress;
PVOID pMmHighestUserAddress;
KAFFINITY uKeActiveProcessors;
BYTE bKeNumberProcessors;
BYTE bUnknown2;
WORD wUnknown3;
} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;

typedef struct _SYSTEM_PROCESSOR_INFORMATION
{
WORD wKeProcessorArchitecture; // PROCESSOR_ARCHITECTURE_* (PROCESSOR_ARCHITECTURE_INTEL)
WORD wKeProcessorLevel; // PROCESSOR_* (PROCESSOR_INTEL_PENTIUM)
WORD wKeProcessorRevision; // Pentium: H=model, L=stepping
WORD wUnknown1; // 0
ULONG uKeFeatureBits;
} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;

typedef struct _MM_INFO_COUNTERS
{
ULONG uPageFaults;
ULONG uWriteCopyFaults;
ULONG uTransistionFaults;
ULONG uCacheTransitionCount;
ULONG uDemandZeroFaults;
ULONG uPagesRead;
ULONG uPageReadIos;
ULONG uCacheReadCount;
ULONG uCacheIoCount;
ULONG uPagefilePagesWritten;
ULONG uPagefilePageWriteIos;
ULONG uMappedFilePagesWritten;
ULONG uMappedFilePageWriteIos;
} MM_INFO_COUNTERS, *PMM_INFO_COUNTERS;

typedef struct _SYSTEM_PERFORMANCE_INFORMATION
{
LARGE_INTEGER liIdleTime; // 100 nsec units
LARGE_INTEGER liIoReadTransferCount;
LARGE_INTEGER liIoWriteTransferCount;
LARGE_INTEGER liIoOtherTransferCount;
ULONG uIoReadOperationCount;
ULONG uIoWriteOperationCount;
ULONG uIoOtherOperationCount;
ULONG uMmAvailablePages;
ULONG uMmTotalCommittedPages;
ULONG uMmTotalCommitLimit; // pages
ULONG uMmPeakCommitLimit; // pages
MM_INFO_COUNTERS MmInfoCounters;
ULONG uPoolPaged; // pages
ULONG uPoolNonPaged; // pages
ULONG uPagedPoolAllocs;
ULONG uPagedPoolFrees;
ULONG uNonPagedPoolAllocs;
ULONG uNonPagedPoolFrees;
ULONG uMmTotalFreeSystemPages;
ULONG uMmSystemCodePage;
ULONG uMmTotalSystemDriverPages;
ULONG uMmTotalSystemCodePages;
ULONG uSmallNonPagedLookasideListAllocateHits;
ULONG uSmallPagedLookasideListAllocateHits;
DWORD dwUnknown1;
ULONG uMmSystemCachePage;
ULONG uMmPagedPoolPage;
ULONG uMmSystemDriverPage;
ULONG uCcFastReadNoWait;
ULONG uCcFastReadWait;
ULONG uCcFastReadResourceMiss;
ULONG uCcFastReadNotPossible;
ULONG uCcFastMdlReadNoWait;
ULONG uCcFastMdlReadWait;
ULONG uCcFastMdlReadResourceMiss;
ULONG uCcFastMdlReadNotPossible;
ULONG uCcMapDataNoWait;
ULONG uCcMapDataWait;
ULONG uCcMapDataNoWaitMiss;
ULONG uCcMapDataWaitMiss;
ULONG uCcPinMappedDataCount;
ULONG uCcPinReadNoWait;
ULONG uCcPinReadWait;
ULONG uCcPinReadNoWaitMiss;
ULONG uCcPinReadWaitMiss;
ULONG uCcCopyReadNoWait;
ULONG uCcCopyReadWait;
ULONG uCcCopyReadNoWaitMiss;
ULONG uCcCopyReadWaitMiss;
ULONG uCcMdlReadNoWait;
ULONG uCcMdlReadWait;
ULONG uCcMdlReadNoWaitMiss;
ULONG uCcMdlReadWaitMiss;
ULONG uCcReadAheadIos;
ULONG uCcLazyWriteIos;
ULONG uCcLazyWritePages;
ULONG uCcDataFlushes;
ULONG uCcDataPages;
ULONG uTotalContextSwitches; // total across cpus
ULONG uFirstLevelTbFills;
ULONG uSecondLevelTbFills;
ULONG uSystemCalls;
} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;

typedef struct _SYSTEM_TIME_INFORMATION
{
LARGE_INTEGER liKeBootTime; // relative to 01-01-1601
LARGE_INTEGER liKeSystemTime; // relative to 01-01-1601
LARGE_INTEGER liExpTimeZoneBias; // utc time = local time + bias
ULONG uExpCurrentTimeZoneId; // TIME_ZONE_ID_* (TIME_ZONE_ID_UNKNOWN, etc.)
DWORD dwUnknown1;
} SYSTEM_TIME_INFORMATION, *PSYSTEM_TIME_INFORMATION;

typedef enum
{
StateInitialized,
StateReady,
StateRunning,
StateStandby,
StateTerminated,
StateWait,
StateTransition,
StateUnknown
} THREAD_STATE;

typedef struct _SYSTEM_THREAD
{
LARGE_INTEGER liKernelTime; // 100 nsec units
LARGE_INTEGER liUserTime; // 100 nsec units
LARGE_INTEGER liCreateTime; // relative to 01-01-1601
ULONG WaitTime; // ticks
PVOID pStartAddress; // EIP
CLIENT_ID Cid; // process/thread ids
KPRIORITY Priority;
KPRIORITY BasePriority;
ULONG ContextSwitches;
THREAD_STATE ThreadState;
KWAIT_REASON WaitReason;
// DWORD dwUnknown2; // maybe it not exists !!!
} SYSTEM_THREAD, *PSYSTEM_THREAD;

typedef struct _SYSTEM_PROCESS_INFORMATION
{
ULONG uNext; // relative offset
ULONG uThreadCount;
LARGE_INTEGER liUnknown1;
LARGE_INTEGER liUnknown2;
LARGE_INTEGER liUnknown3;
LARGE_INTEGER liCreateTime; // relative to 01-01-1601
LARGE_INTEGER liUserTime; // 100 nsec units
LARGE_INTEGER liKernelTime; // 100 nsec units
UNICODE_STRING usName;
KPRIORITY BasePriority;
ULONG uUniqueProcessId;
ULONG uInheritedFromUniqueProcessId;
ULONG uHandleCount;
ULONG uSessionId; // W2K Only!
DWORD dwUnknown5;
VM_COUNTERS VmCounters;
ULONG uCommitCharge; // bytes
SYSTEM_THREAD aST[];
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;

typedef struct _IO_COUNTERSEX
{
LARGE_INTEGER ReadOperationCount;
LARGE_INTEGER WriteOperationCount;
LARGE_INTEGER OtherOperationCount;
LARGE_INTEGER ReadTransferCount;
LARGE_INTEGER WriteTransferCount;
LARGE_INTEGER OtherTransferCount;
} IO_COUNTERSEX, *PIO_COUNTERSEX;

typedef struct _SYSTEM_PROCESS_INFORMATION_2000
{
ULONG uNext; // relative offset
ULONG uThreadCount;
LARGE_INTEGER liUnknown1;
LARGE_INTEGER liUnknown2;
LARGE_INTEGER liUnknown3;
LARGE_INTEGER liCreateTime; // relative to 01-01-1601
LARGE_INTEGER liUserTime; // 100 nsec units
LARGE_INTEGER liKernelTime; // 100 nsec units
UNICODE_STRING usName;
KPRIORITY BasePriority;
ULONG uUniqueProcessId;
ULONG uInheritedFromUniqueProcessId;
ULONG uHandleCount;
ULONG uSessionId; // W2K Only!
DWORD dwUnknown5;
VM_COUNTERS VmCounters;
ULONG uCommitCharge; // bytes
IO_COUNTERSEX IoCounters;
SYSTEM_THREAD aST[];
} SYSTEM_PROCESS_INFORMATION_2000, *PSYSTEM_PROCESS_INFORMATION_2000;

typedef struct _SYSTEM_CALL_INFORMATION
{
ULONG Length;
ULONG NumberOfTables;
// ULONG NumberOfEntries[NumberOfTables]
// ULONG CallCounts[NumberOfTables][NumberOfEntries];
} SYSTEM_CALL_INFORMATION, *PSYSTEM_CALL_INFORMATION;

typedef struct _SYSTEM_CONFIGURATION_INFORMATION
{
ULONG uDiskCount;
ULONG uFloppyCount;
ULONG uCDRomCount;
ULONG uTapeCount;
ULONG uSerialCount; // com port with mouse not included
ULONG uParallelCount;
} SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION;

typedef struct _SYSTEM_PROCESSOR_COUNTERS
{
LARGE_INTEGER liProcessorTime; // 100 nsec units
LARGE_INTEGER liKernelTime; // 100 nsec units
LARGE_INTEGER liUserTime; // 100 nsec units
LARGE_INTEGER liDpcTime; // 100 nsec units
LARGE_INTEGER liInterruptTime; // 100 nsec units
ULONG uInterruptCount;
DWORD dwUnknown1;
} SYSTEM_PROCESSOR_COUNTERS, *PSYSTEM_PROCESSOR_COUNTERS;

typedef struct _SYSTEM_GLOBAL_FLAG
{
ULONG NtGlobalFlag; // see Q147314, Q102985, Q105677
} SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG;

typedef struct _SYSTEM_CALL_TIME_INFORMATION
{
ULONG Length;
ULONG TotalCalls;
LARGE_INTEGER TimeOfCalls[1];
} SYSTEM_CALL_TIME_INFORMATION, *PSYSTEM_CALL_TIME_INFORMATION;

typedef struct _SYSTEM_MODULE
{
ULONG Reserved[2];
ULONG Base;
ULONG Size;
ULONG Flags;
USHORT Index;
USHORT Unknown;
USHORT LoadCount;
USHORT ModuleNameOffset;
CHAR ImageName[256];
} SYSTEM_MODULE, *PSYSTEM_MODULE;

typedef struct _SYSTEM_MODULE_INFORMATION
{
ULONG uCount;
SYSTEM_MODULE aSM[];
} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;

typedef struct _SYSTEM_LOCK
{
union
{
PERESOURCE_OLD pEResourceOld; // old ERESOURCE format
PERESOURCE_LITE pEResourceLite; // new "lite" format
PERESOURCE pEResource; // current format
};
WORD wUnknown1; // 1
WORD wUnknown2; // 0
ULONG ExclusiveOwnerThreadId;
ULONG uActiveCount;
ULONG uContentionCount;
DWORD dwUnknown3;
DWORD dwUnknown4;
ULONG uNumberOfSharedWaiters;
ULONG uNumberOfExclusiveWaiters;
} SYSTEM_LOCK, *PSYSTEM_LOCK;

typedef struct _SYSTEM_LOCK_INFORMATION
{
ULONG uCount;
SYSTEM_LOCK aSL[];
} SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION;

typedef struct _SYSTEM_HANDLE
{
ULONG uIdProcess;
UCHAR ObjectType; // OB_TYPE_* (OB_TYPE_TYPE, etc.)
UCHAR Flags; // HANDLE_FLAG_* (HANDLE_FLAG_INHERIT, etc.)
USHORT Handle;
POBJECT pObject;
ACCESS_MASK GrantedAccess;
} SYSTEM_HANDLE, *PSYSTEM_HANDLE;

typedef struct _SYSTEM_HANDLE_INFORMATION
{
ULONG uCount;
SYSTEM_HANDLE aSH[];
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;

typedef struct _SYSTEM_OBJECTTYPE_INFORMATION
{
ULONG NextEntryOffset; // absolute offset
ULONG ObjectCount;
ULONG HandleCount;
ULONG TypeIndex; // OB_TYPE_* (OB_TYPE_TYPE, etc.)
ULONG InvalidAttributes; // OBJ_* (OBJ_INHERIT, etc.)
GENERIC_MAPPING GenericMapping;
ACCESS_MASK ValidAccessMask;
POOL_TYPE PoolType;
BOOLEAN SecurityRequired;
BOOLEAN WaitableObject;
UNICODE_STRING TypeName;
} SYSTEM_OBJECTTYPE_INFORMATION, *PSYSTEM_OBJECTTYPE_INFORMATION;

// follows after SYSTEM_OBJECTTYPE_INFORMATION.TypeName
typedef struct _SYSTEM_OBJECT_INFORMATION
{
ULONG NextEntryOffset; // absolute offset
POBJECT Object;
ULONG CreatorProcessId;
USHORT CreatorBackTraceIndex;
USHORT Flags; // see "Native API Reference" page 24
LONG PointerCount;
LONG HandleCount;
ULONG PagedPoolCharge;
ULONG NonPagedPoolCharge;
ULONG ExclusiveProcessId;
PSECURITY_DESCRIPTOR SecurityDescriptor;
UNICODE_STRING ObjectName;
} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;

typedef struct _SYSTEM_PAGE_FILE_INFORMATION
{
ULONG NextEntryOffset; // relative offset
ULONG CurrentSize; // pages
ULONG TotalUsed; // pages
ULONG PeakUsed; // pages
UNICODE_STRING FileName;
} SYSTEM_PAGE_FILE_INFORMATION, *PSYSTEM_PAGE_FILE_INFORMATION;

typedef struct _SYSTEM_VDM_INSTEMUL_INFO
{
BOOL fExVdmSegmentNotPresent;
ULONG uOpcode0FV86;
ULONG uOpcodeESPrefixV86;
ULONG uOpcodeCSPrefixV86;
ULONG uOpcodeSSPrefixV86;
ULONG uOpcodeDSPrefixV86;
ULONG uOpcodeFSPrefixV86;
ULONG uOpcodeGSPrefixV86;
ULONG uOpcodeOPER32PrefixV86;
ULONG uOpcodeADDR32PrefixV86;
ULONG uOpcodeINSBV86;
ULONG uOpcodeINSWV86;
ULONG uOpcodeOUTSBV86;
ULONG uOpcodeOUTSWV86;
ULONG uOpcodePUSHFV86;
ULONG uOpcodePOPFV86;
ULONG uOpcodeINTnnV86;
ULONG uOpcodeINTOV86;
ULONG uOpcodeIRETV86;
ULONG uOpcodeINBimmV86;
ULONG uOpcodeINWimmV86;
ULONG uOpcodeOUTBimmV86;
ULONG uOpcodeOUTWimmV86;
ULONG uOpcodeINBV86;
ULONG uOpcodeINWV86;
ULONG uOpcodeOUTBV86;
ULONG uOpcodeOUTWV86;
ULONG uOpcodeLOCKPrefixV86;
ULONG uOpcodeREPNEPrefixV86;
ULONG uOpcodeREPPrefixV86;
ULONG uOpcodeHLTV86;
ULONG uOpcodeCLIV86;
ULONG uOpcodeSTIV86;
ULONG uVdmBopCount;
} SYSTEM_VDM_INSTEMUL_INFO, *PSYSTEM_VDM_INSTEMUL_INFO;

typedef struct _SYSTEM_CACHE_INFORMATION
{
ULONG uFileCache; // bytes
ULONG uFileCachePeak; // bytes
ULONG PageFaultCount;
ULONG MinimumWorkingSet;
ULONG MaximumWorkingSet;
ULONG TransitionSharedPages;
ULONG TransitionSharedPagesPeak;
ULONG Reserved[2];
} SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION;

typedef struct _SYSTEM_POOL_ENTRY
{
BOOLEAN Allocated;
BOOLEAN Spare0;
USHORT AllocatorBackTraceIndex;
ULONG Size;
union
{
UCHAR Tag[4];
ULONG TagUlong;
PVOID ProcessChargedQuota;
};
} SYSTEM_POOL_ENTRY, *PSYSTEM_POOL_ENTRY;

typedef struct _SYSTEM_POOL_INFORMATION
{
ULONG TotalSize;
PVOID FirstEntry;
USHORT EntryOverhead;
BOOLEAN PoolTagPresent;
BOOLEAN Spare0;
ULONG NumberOfEntries;
SYSTEM_POOL_ENTRY Entries[1];
} SYSTEM_POOL_INFORMATION, *PSYSTEM_POOL_INFORMATION;

typedef struct _SYSTEM_POOL_TAG
{
union
{
UCHAR Tag[4];
ULONG TagUlong;
};
ULONG PagedPoolAllocs;
ULONG PagedPoolFrees;
ULONG PagedPoolUsage;
ULONG NonPagedPoolAllocs;
ULONG NonPagedPoolFrees;
ULONG NonPagedPoolUsage;
} SYSTEM_POOL_TAG, *PSYSTEM_POOL_TAG;

typedef struct _SYSTEM_POOL_TAG_INFORMATION
{
ULONG uCount;
SYSTEM_POOL_TAG aSPT[];
} SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION;

typedef struct _SYSTEM_INTERRUPT_INFORMATION
{
ULONG ContextSwitches;
ULONG DpcCount;
ULONG DpcRate;
ULONG TimeIncrement;
ULONG DpcBypassCount;
ULONG ApcBypassCount;
} SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION;

typedef struct _SYSTEM_DPC_INFORMATION
{
DWORD dwUnknown1;
ULONG MaximumDpcQueueDepth;
ULONG MinimumDpcRate;
ULONG AdjustDpcThreshold;
ULONG IdealDpcRate;
} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;

typedef struct _SYSTEM_MEMORY_INFO
{
PUCHAR StringOffset;
USHORT ValidCount;
USHORT TransitionCount;
USHORT ModifiedCount;
USHORT PageTableCount;
} SYSTEM_MEMORY_INFO, *PSYSTEM_MEMORY_INFO;

typedef struct _SYSTEM_MEMORY_INFORMATION
{
ULONG InfoSize;
ULONG StringStart;
SYSTEM_MEMORY_INFO Memory[1];
} SYSTEM_MEMORY_INFORMATION, *PSYSTEM_MEMORY_INFORMATION;

typedef struct _SYSTEM_LOAD_DRIVER
{
UNICODE_STRING DriverName; // input
PVOID BaseAddress; // output
PVOID SectionPointer; // output
PVOID EntryPoint; // output
PIMAGE_EXPORT_DIRECTORY ExportDirectory; // output
} SYSTEM_LOAD_DRIVER, *PSYSTEM_LOAD_DRIVER;

typedef struct _SYSTEM_UNLOAD_DRIVER
{
PVOID SectionPointer;
} SYSTEM_UNLOAD_DRIVER, *PSYSTEM_UNLOAD_DRIVER;

typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT
{
ULONG TimeAdjustment;
ULONG MaximumIncrement;
BOOLEAN TimeSynchronization;
} SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;

typedef struct _SYSTEM_SET_TIME_ADJUSTMENT
{
ULONG TimeAdjustment;
BOOLEAN TimeSynchronization;
} SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT;

typedef struct _SYSTEM_CRASH_DUMP_INFORMATION
{
HANDLE CrashDumpSectionHandle;
} SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;

typedef struct _SYSTEM_CRASH_DUMP_INFORMATION_2000
{
HANDLE CrashDumpSectionHandle;
HANDLE Unknown; // Windows 2000 only
} SYSTEM_CRASH_DUMP_INFORMATION_2000, *PSYSTEM_CRASH_DUMP_INFORMATION_2000;

typedef struct _SYSTEM_EXCEPTION_INFORMATION
{
ULONG AlignmentFixupCount;
ULONG ExceptionDispatchCount;
ULONG FloatingEmulationCount;
ULONG ByteWordEmulationCount;
} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;

typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION
{
ULONG ValidCrashDump;
} SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION;

typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION_2000
{
ULONG ValidCrashDump;
ULONG Unknown; // Windows 2000 only
} SYSTEM_CRASH_DUMP_STATE_INFORMATION_2000, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION_2000;

typedef struct _SYSTEM_DEBUGGER_INFORMATION
{
BOOLEAN KernelDebuggerEnabled;
BOOLEAN KernelDebuggerNotPresent;
} SYSTEM_DEBUGGER_INFORMATION, *PSYSTEM_DEBUGGER_INFORMATION;

typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION
{
ULONG ContextSwitches;
ULONG FindAny;
ULONG FindLast;
ULONG FindIdeal;
ULONG IdleAny;
ULONG IdleCurrent;
ULONG IdleLast;
ULONG IdleIdeal;
ULONG PreemptAny;
ULONG PreemptCurrent;
ULONG PreemptLast;
ULONG SwitchToIdle;
} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;

typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION
{
ULONG RegistryQuotaAllowed; // bytes
ULONG RegistryQuotaUsed; // bytes
ULONG PagedPoolSize; // bytes
} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;

typedef struct _SYSTEM_ADD_DRIVER
{
UNICODE_STRING ModuleName;
} SYSTEM_ADD_DRIVER, *PSYSTEM_ADD_DRIVER;

typedef struct _SYSTEM_PRIORITY_SEPARATION_INFORMATION
{
ULONG PrioritySeparation; // 0..2
} SYSTEM_PRIORITY_SEPARATION_INFORMATION, *PSYSTEM_PRIORITY_SEPARATION_INFORMATION;

#define MAX_BUS_NAME 24

typedef enum _PLUGPLAY_BUS_CLASS
{
SystemBus,
PlugPlayVirtualBus,
MaxPlugPlayBusClass
} PLUGPLAY_BUS_CLASS, *PPLUGPLAY_BUS_CLASS;

typedef enum _PLUGPLAY_VIRTUAL_BUS_TYPE
{
Root,
MaxPlugPlayVirtualBusType
} PLUGPLAY_VIRTUAL_BUS_TYPE, *PPLUGPLAY_VIRTUAL_BUS_TYPE;

typedef enum _INTERFACE_TYPE
{
InterfaceTypeUndefined = -1,
Internal,
Isa,
Eisa,
MicroChannel,
TurboChannel,
PCIBus,
VMEBus,
NuBus,
PCMCIABus,
CBus,
MPIBus,
MPSABus,
ProcessorInternal,
InternalPowerBus,
PNPISABus,
PNPBus,
MaximumInterfaceType
}INTERFACE_TYPE, *PINTERFACE_TYPE;

typedef struct _PLUGPLAY_BUS_TYPE
{
PLUGPLAY_BUS_CLASS BusClass;
union
{
INTERFACE_TYPE SystemBusType;
PLUGPLAY_VIRTUAL_BUS_TYPE PlugPlayVirtualBusType;
};
} PLUGPLAY_BUS_TYPE, *PPLUGPLAY_BUS_TYPE;

typedef struct _PLUGPLAY_BUS_INSTANCE
{
PLUGPLAY_BUS_TYPE BusType;
ULONG BusNumber;
WCHAR BusName[MAX_BUS_NAME];
} PLUGPLAY_BUS_INSTANCE, *PPLUGPLAY_BUS_INSTANCE;

typedef struct _SYSTEM_PLUGPLAY_BUS_INFORMATION
{
ULONG BusCount;
PLUGPLAY_BUS_INSTANCE BusInstance[1];
} SYSTEM_PLUGPLAY_BUS_INFORMATION, *PSYSTEM_PLUGPLAY_BUS_INFORMATION;

typedef enum _SYSTEM_DOCK_STATE
{
SystemDockStateUnknown,
SystemUndocked,
SystemDocked
} SYSTEM_DOCK_STATE, *PSYSTEM_DOCK_STATE;

typedef struct _SYSTEM_DOCK_INFORMATION
{
SYSTEM_DOCK_STATE DockState;
INTERFACE_TYPE DeviceBusType;
ULONG DeviceBusNumber;
ULONG SlotNumber;
} SYSTEM_DOCK_INFORMATION, *PSYSTEM_DOCK_INFORMATION;

typedef struct _SYSTEM_POWER_INFORMATION // not for SystemPowerInfo !
{
BOOLEAN SystemSuspendSupported;
BOOLEAN SystemHibernateSupported;
BOOLEAN ResumeTimerSupportsSuspend;
BOOLEAN ResumeTimerSupportsHibernate;
BOOLEAN LidSupported;
BOOLEAN TurboSettingSupported;
BOOLEAN TurboMode;
BOOLEAN SystemAcOrDc;
BOOLEAN PowerDownDisabled;
LARGE_INTEGER SpindownDrives;
} SYSTEM_POWER_INFORMATION, *PSYSTEM_POWER_INFORMATION;

typedef struct _SYSTEM_PROCESSOR_SPEED_INFORMATION // not for SystemProcessorSpeedInformation !
{
ULONG MaximumProcessorSpeed;
ULONG CurrentAvailableSpeed;
ULONG ConfiguredSpeedLimit;
BOOLEAN PowerLimit;
BOOLEAN ThermalLimit;
BOOLEAN TurboLimit;
} SYSTEM_PROCESSOR_SPEED_INFORMATION, *PSYSTEM_PROCESSOR_SPEED_INFORMATION;

typedef struct _SYSTEM_TIME_ZONE_INFORMATION
{
LONG Bias;
WCHAR StandardName[32];
TIME_FIELDS StandardDate;
LONG StandardBias;
WCHAR DaylightName[32];
TIME_FIELDS DaylightDate;
LONG DaylightBias;
} SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION;

typedef struct _SYSTEM_LOOKASIDE
{
USHORT Depth;
USHORT MaximumDepth;
ULONG TotalAllocates;
ULONG AllocateMisses;
ULONG TotalFrees;
ULONG FreeMisses;
POOL_TYPE Type;
ULONG Tag;
ULONG Size;
} SYSTEM_LOOKASIDE, *PSYSTEM_LOOKASIDE;

typedef struct _SYSTEM_LOOKASIDE_INFORMATION
{
SYSTEM_LOOKASIDE asl[];
} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;

typedef struct _SYSTEM_SET_TIME_SLIP_EVENT
{
HANDLE TimeSlipEvent;
} SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT;

typedef struct _SYSTEM_CREATE_SESSION
{
ULONG Session;
} SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION;

typedef struct _SYSTEM_DELETE_SESSION
{
ULONG Session;
} SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION;

typedef struct _SYSTEM_RANGE_START_INFORMATION
{
PVOID SystemRangeStart;
} SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;

NTSYSAPI
NTSTATUS
NTAPI
NtQuerySystemInformation(
IN SYSTEMINFOCLASS SystemInformationClass,
OUT PVOID pSystemInformation,
IN ULONG uSystemInformationLength,
OUT PULONG puReturnLength OPTIONAL
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetSystemInformation(
IN SYSTEMINFOCLASS SystemInformationClass,
IN PVOID pSystemInformation,
IN ULONG uSystemInformationLength
);

// Time functions
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySystemTime(
OUT PLARGE_INTEGER SystemTime
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetSystemTime(
IN PLARGE_INTEGER NewTime,
OUT PLARGE_INTEGER OldTime OPTIONAL
);

NTSYSAPI
VOID
NTAPI
RtlTimeToTimeFields(
IN PLARGE_INTEGER pliTime,
OUT PTIME_FIELDS pTimeFields
);

NTSYSAPI
BOOLEAN
NTAPI
RtlTimeFieldsToTime(
IN PTIME_FIELDS pTimeFields,
OUT PLARGE_INTEGER pliTime
);

NTSYSAPI
VOID
NTAPI
RtlSecondsSince1970ToTime(
IN ULONG SecondsSince1970,
OUT PLARGE_INTEGER Time
);

NTSYSAPI
VOID
NTAPI
RtlTimeToSecondsSince1970(
IN PLARGE_INTEGER Time,
OUT PULONG SecondsSince1970
);

// Event functions
NTSYSAPI
NTSTATUS
NTAPI
NtOpenEvent(
PHANDLE phEvent,
ACCESS_MASK AccessMask,
POBJECT_ATTRIBUTES pObjectAttributes
);

NTSYSAPI
NTSTATUS
NTAPI
NtClearEvent(
IN HANDLE hEvent
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetEvent(
IN HANDLE hEvent,
OUT PLONG plSignaled OPTIONAL
);

NTSYSAPI
NTSTATUS
NTAPI
NtCreateSemaphore(
OUT PHANDLE SemaphoreHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN LONG InitialCount,
IN LONG MaximumCount
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenSemaphore(
OUT PHANDLE SemaphoreHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);

NTSYSAPI
NTSTATUS
NTAPI
NtReleaseSemaphore(
IN HANDLE SemaphoreHandle,
IN LONG ReleaseCount,
OUT PLONG PreviousCount OPTIONAL
);

typedef enum _SEMAPHORE_INFORMATION_CLASS
{
SemaphoreBasicInformation
} SEMAPHORE_INFORMATION_CLASS;

NTSYSAPI
NTSTATUS
NTAPI
NtQuerySemaphore(
IN HANDLE SemaphoreHandle,
IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
OUT PVOID SemaphoreInformation,
IN ULONG SemaphoreInformationLength,
OUT PULONG ResultLength OPTIONAL
);

typedef struct _SEMAPHORE_BASIC_INFORMATION
{
LONG CurrentCount;
LONG MaximumCount;
} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;

// Directory and Symbolic Link functions
NTSYSAPI
NTSTATUS
NTAPI
NtCreateDirectoryObject(
OUT PHANDLE phDirectory,
IN ACCESS_MASK AccessMask,
IN POBJECT_ATTRIBUTES pObjectAttributes
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenDirectoryObject(
OUT PHANDLE DirectoryHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);

typedef struct _DIRECTORY_CONTENTS
{
struct
{
UNICODE_STRING Name;
UNICODE_STRING Type;
} Entry[ANYSIZE_ARRAY];
} DIRECTORY_CONTENTS, *PDIRECTORY_CONTENTS;

NTSYSAPI
NTSTATUS
NTAPI
NtQueryDirectoryObject(
IN HANDLE DirectoryHandle,
OUT PDIRECTORY_CONTENTS Buffer,
IN ULONG Length,
IN BOOLEAN ReturnSingleEntry,
IN BOOLEAN RestartScan,
IN OUT PULONG Index,
OUT PULONG ResultLength OPTIONAL
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenSymbolicLinkObject(
OUT PHANDLE SymbolicLinkHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);

NTSYSAPI
NTSTATUS
NTAPI
NtQuerySymbolicLinkObject(
IN HANDLE SymbolicLinkHandle,
OUT PUNICODE_STRING NameString,
OUT PULONG ResultLength OPTIONAL
);

// File functions
NTSYSAPI
NTSTATUS
NTAPI
NtCreateFile(
PHANDLE phFile,
ACCESS_MASK AccessMask,
POBJECT_ATTRIBUTES pObjectAttributes,
PIO_STATUS_BLOCK pIoStatusBlock,
PLARGE_INTEGER pliAllocationSize,
ULONG uFileAttributes,
ULONG uShareAccess,
ULONG uCreateDisposition,
ULONG uCreateOptions,
PVOID pEaBuffer,
ULONG uEaLength
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenFile(
PHANDLE phFile,
ACCESS_MASK AccessMask,
POBJECT_ATTRIBUTES pObjectAttributes,
PIO_STATUS_BLOCK pIoStatusBlock,
ULONG uShareAccess,
ULONG uOpenOptions
);

NTSYSAPI
NTSTATUS
NTAPI
NtDeleteFile(
IN POBJECT_ATTRIBUTES pObjectAttributes
);

typedef enum _FILE_INFORMATION_CLASS
{
FileDirectoryInformation = 1,
FileFullDirectoryInformation, // 2
FileBothDirectoryInformation, // 3
FileBasicInformation, // 4
FileStandardInformation, // 5
FileInternalInformation, // 6
FileEaInformation, // 7
FileAccessInformation, // 8
FileNameInformation, // 9
FileRenameInformation, // 10
FileLinkInformation, // 11
FileNamesInformation, // 12
FileDispositionInformation, // 13
FilePositionInformation, // 14
FileFullEaInformation, // 15
FileModeInformation, // 16
FileAlignmentInformation, // 17
FileAllInformation, // 18
FileAllocationInformation, // 19
FileEndOfFileInformation, // 20
FileAlternateNameInformation, // 21
FileStreamInformation, // 22
FilePipeInformation, // 23
FilePipeLocalInformation, // 24
FilePipeRemoteInformation, // 25
FileMailslotQueryInformation, // 26
FileMailslotSetInformation, // 27
FileCompressionInformation, // 28
FileObjectIdInformation, // 29
FileCompletionInformation, // 30
FileMoveClusterInformation, // 31
FileInformationReserved32, // 32
FileInformationReserved33, // 33
FileNetworkOpenInformation, // 34
FileMaximumInformation
} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;

typedef struct _FILE_DIRECTORY_INFORMATION
{
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;

typedef struct _FILE_FULL_DIR_INFORMATION
{
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
WCHAR FileName[1];
} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;

typedef struct _FILE_BOTH_DIR_INFORMATION
{
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
CCHAR ShortNameLength;
WCHAR ShortName[12];
WCHAR FileName[1];
} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;

typedef struct _FILE_BASIC_INFORMATION
{
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
ULONG FileAttributes;
} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;

typedef struct _FILE_STANDARD_INFORMATION
{
LARGE_INTEGER AllocationSize;
LARGE_INTEGER EndOfFile;
ULONG NumberOfLinks;
BOOLEAN DeletePending;
BOOLEAN Directory;
} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;

typedef struct _FILE_INTERNAL_INFORMATION
{
LARGE_INTEGER IndexNumber;
} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;

typedef struct _FILE_EA_INFORMATION
{
ULONG EaSize;
} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;

typedef struct _FILE_ACCESS_INFORMATION
{
ACCESS_MASK AccessFlags;
} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;

typedef struct _FILE_NAME_INFORMATION
{
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;

typedef struct _FILE_RENAME_INFORMATION
{
BOOLEAN ReplaceIfExists;
HANDLE RootDirectory;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;

typedef struct _FILE_LINK_INFORMATION
{
BOOLEAN ReplaceIfExists;
HANDLE RootDirectory;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;

typedef struct _FILE_NAMES_INFORMATION
{
ULONG NextEntryOffset;
ULONG FileIndex;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;

typedef struct _FILE_ALLOCATION_INFORMATION
{
LARGE_INTEGER AllocationSize;
} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;

typedef struct _FILE_COMPRESSION_INFORMATION
{
LARGE_INTEGER CompressedFileSize;
USHORT CompressionFormat;
UCHAR CompressionUnitShift;
UCHAR ChunkShift;
UCHAR ClusterShift;
UCHAR Reserved[3];
} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;

typedef struct _FILE_COMPLETION_INFORMATION
{
HANDLE Port;
ULONG Key;
} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;

NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass
);

NTSYSAPI
NTSTATUS
NTAPI
NtDeviceIoControlFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG IoControlCode,
IN PVOID InputBuffer OPTIONAL,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer OPTIONAL,
IN ULONG OutputBufferLength
);

NTSYSAPI
NTSTATUS
NTAPI
NtFsControlFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG FsControlCode,
IN PVOID InputBuffer OPTIONAL,
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer OPTIONAL,
IN ULONG OutputBufferLength
);

NTSYSAPI
NTSTATUS
NTAPI
NtQueryVolumeInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FsInformation,
IN ULONG Length,
IN FS_INFORMATION_CLASS FsInformationClass
);

NTSYSAPI
NTSTATUS
NTAPI
NtFlushBuffersFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock
);

// Process functions
#define NtCurrentProcess() ((HANDLE) -1)

NTSYSAPI
NTSTATUS
NTAPI
NtOpenProcess(
OUT PHANDLE phProcess,
IN ACCESS_MASK AccessMask,
IN POBJECT_ATTRIBUTES pObjectAttributes,
IN PCLIENT_ID pClientId
);

NTSYSAPI
NTSTATUS
NTAPI
NtCreateProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE InheritFromProcessHandle,
IN BOOLEAN InheritHandles,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL
);

typedef enum _PROCESSINFOCLASS
{
ProcessBasicInformation,
ProcessQuotaLimits, // QUOTA_LIMITS
ProcessIoCounters, // IOCOUNTERS
ProcessVmCounters, // VM_COUNTERS
ProcessTimes, // KERNEL_USER_TIMES
ProcessBasePriority, // BASE_PRIORITY_INFORMATION
ProcessRaisePriority,
ProcessDebugPort,
ProcessExceptionPort,
ProcessAccessToken,
ProcessLdtInformation,
ProcessLdtSize,
ProcessDefaultHardErrorMode,
ProcessIoPortHandlers, // Note: this is kernel mode only
ProcessPooledUsageAndLimits,
ProcessWorkingSetWatch,
ProcessUserModeIOPL,
ProcessEnableAlignmentFaultFixup,
ProcessPriorityClass,
ProcessWx86Information,
ProcessHandleCount,
ProcessAffinityMask, // AFFINITY_MASK
ProcessPriorityBoost,
ProcessDeviceMap,
ProcessSessionInformation,
ProcessForegroundInformation,
ProcessWow64Information,
MaxProcessInfoClass
} PROCESSINFOCLASS;

typedef struct _PROCESS_BASIC_INFORMATION
{
NTSTATUS ExitStatus;
PPEB PebBaseAddress;
KAFFINITY AffinityMask;
KPRIORITY BasePriority;
ULONG uUniqueProcessId;
ULONG uInheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;

typedef struct _PROCESS_RAISE_PRIORITY
{
KPRIORITY RaisePriority;
} PROCESS_RAISE_PRIORITY, *PPROCESS_RAISE_PRIORITY;

typedef struct _PROCESS_DEBUG_PORT_INFORMATION
{
HANDLE DebugPort;
} PROCESS_DEBUG_PORT_INFORMATION, *PPROCESS_DEBUG_PORT_INFORMATION;

typedef struct _PROCESS_EXCEPTION_PORT
{
HANDLE ExceptionPort;
} PROCESS_EXCEPTION_PORT, *PPROCESS_EXCEPTION_PORT;

typedef struct _PROCESS_ACCESS_TOKEN
{
HANDLE Token;
HANDLE Thread;
} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;

#ifndef _LDT_ENTRY_DEFINED
#define _LDT_ENTRY_DEFINED

typedef struct _LDT_ENTRY
{
USHORT LimitLow;
USHORT BaseLow;
union
{
struct
{
UCHAR BaseMid;
UCHAR Flags1; // Declare as bytes to avoid alignment
UCHAR Flags2; // Problems.
UCHAR BaseHi;
} Bytes;

struct
{
ULONG BaseMid : 8;
ULONG Type : 5;
ULONG Dpl : 2;
ULONG Pres : 1;
ULONG LimitHi : 4;
ULONG Sys : 1;
ULONG Reserved_0 : 1;
ULONG Default_Big : 1;
ULONG Granularity : 1;
ULONG BaseHi : 8;
} Bits;
} HighWord;
} LDT_ENTRY, *PLDT_ENTRY;

#endif

#define LDT_TABLE_SIZE (8 * 1024 * sizeof(LDT_ENTRY))

typedef struct _LDT_INFORMATION
{
ULONG Start;
ULONG Length;
LDT_ENTRY LdtEntries[1];
} PROCESS_LDT_INFORMATION, *PPROCESS_LDT_INFORMATION;

typedef struct _LDT_SIZE
{
ULONG Length;
} PROCESS_LDT_SIZE, *PPROCESS_LDT_SIZE;

typedef struct _PROCESS_DEFAULT_HARDERROR_MODE_INFORMATION
{
ULONG HardErrorMode; // SEM_* (SEM_FAILCRITICALERRORS, etc.)
} PROCESS_DEFAULT_HARDERROR_MODE_INFORMATION, *PPROCESS_DEFAULT_HARDERROR_MODE_INFORMATION;

typedef struct _PROCESS_POOLED_USAGE_AND_LIMITS_INFORMATION
{
ULONG PeakPagedPoolUsage;
ULONG PagedPoolUsage;
ULONG PagedPoolLimit;
ULONG PeakNonPagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG NonPagedPoolLimit;
ULONG PeakPagefileUsage;
ULONG PagefileUsage;
ULONG PagefileLimit;
} PROCESS_POOLED_USAGE_AND_LIMITS_INFORMATION, *PPROCESS_POOLED_USAGE_AND_LIMITS_INFORMATION;

typedef struct _PROCESS_WS_WATCH_INFORMATION
{
PVOID FaultingPc;
PVOID FaultingVa;
} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;

typedef struct _PROCESS_IOPL
{
ULONG Iopl;
} PROCESS_IOPL, *PPROCESS_IOPL;

typedef struct _PROCESS_ALLIGNMENT_FAULT_FIXUP
{
BOOLEAN EnableAllignmentFaultFixup;
} PROCESS_ALLIGNMENT_FAULT_FIXUP, *PPROCESS_ALLIGNMENT_FAULT_FIXUP;

#define KRNL_NORMAL_PRIORITY_CLASS 0x02
#define KRNL_IDLE_PRIORITY_CLASS 0x01
#define KRNL_HIGH_PRIORITY_CLASS 0x03
#define KRNL_REALTIME_PRIORITY_CLASS 0x04

typedef struct _PROCESS_PRIORITY_CLASS_INFORMATION
{
UCHAR Unknown;
UCHAR PriorityClass;
} PROCESS_PRIORITY_CLASS_INFORMATION, *PPROCESS_PRIORITY_CLASS_INFORMATION;

typedef struct _PROCESS_X86_INFORMATION
{
ULONG x86Info;
} PROCESS_X86_INFORMATION, *PPROCESS_X86_INFORMATION;

typedef struct _PROCESS_HANDLE_COUNT_INFORMATION
{
ULONG HandleCount;
} PROCESS_HANDLE_COUNT_INFORMATION, *PPROCESS_HANDLE_COUNT_INFORMATION;

typedef struct _PROCESS_PRIORITY_BOOST_INFORMATION
{
ULONG PriorityBoostEnabled;
} PROCESS_PRIORITY_BOOST_INFORMATION, *PPROCESS_PRIORITY_BOOST_INFORMATION;

typedef struct _PROCESS_DEVICE_MAP_INFORMATION
{
union
{
struct
{
HANDLE DirectoryHandle;
} Set;

struct
{
ULONG DriveMap;
UCHAR DriveType[32];
} Query;
};

} PROCESS_DEVICE_MAP_INFORMATION, *PPROCESS_DEVICE_MAP_INFORMATION;

typedef struct _PROCESS_SESSION_INFORMATION
{
ULONG SessionId;
} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;

NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationProcess(
IN HANDLE hProcess,
IN PROCESSINFOCLASS ProcessInformationClass,
OUT PVOID pProcessInformation,
IN ULONG uProcessInformationLength,
OUT PULONG puReturnLength OPTIONAL
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationProcess(
IN HANDLE hProcess,
IN PROCESSINFOCLASS ProcessInformationClass,
OUT PVOID pProcessInformation,
IN ULONG uProcessInformationLength
);

NTSTATUS
NTAPI
RtlCreateProcessParameters(
OUT PPROCESS_PARAMETERS *ProcessParameters,
IN PUNICODE_STRING ImageFile,
IN PUNICODE_STRING DllPath OPTIONAL,
IN PUNICODE_STRING CurrentDirectory OPTIONAL,
IN PUNICODE_STRING CommandLine OPTIONAL,
IN ULONG CreationFlags,
IN PUNICODE_STRING WindowTitle OPTIONAL,
IN PUNICODE_STRING Desktop OPTIONAL,
IN PUNICODE_STRING Reserved OPTIONAL,
IN PUNICODE_STRING Reserved2 OPTIONAL
);

NTSTATUS
NTAPI
RtlDestroyProcessParameters(
IN PPROCESS_PARAMETERS ProcessParameters
);

// Thread functions
#define NtCurrentThread() ((HANDLE) -2)

typedef struct _USER_STACK
{
PVOID FixedStackBase;
PVOID FixedStackLimit;
PVOID ExpandableStackBase;
PVOID ExpandableStackLimit;
PVOID ExpandableStackBottom;
} USER_STACK, *PUSER_STACK;

NTSYSAPI
NTSTATUS
NTAPI
NtCreateThread(
OUT PHANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE ProcessHandle,
OUT PCLIENT_ID ClientId,
IN PCONTEXT ThreadContext,
IN PUSER_STACK UserStack,
IN BOOLEAN CreateSuspended
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenThread(
OUT PHANDLE phThread,
IN ACCESS_MASK AccessMask,
IN POBJECT_ATTRIBUTES pObjectAttributes,
IN PCLIENT_ID pClientId
);

NTSYSAPI
NTSTATUS
NTAPI
NtTerminateThread(
IN HANDLE ThreadHandle OPTIONAL,
IN NTSTATUS ExitStatus
);

NTSYSAPI
NTSTATUS
NTAPI
NtSuspendThread(
IN HANDLE ThreadHandle,
OUT PULONG PreviousSuspendCount OPTIONAL
);

NTSYSAPI
NTSTATUS
NTAPI
NtResumeThread(
IN HANDLE ThreadHandle,
OUT PULONG PreviousSuspendCount OPTIONAL
);

typedef enum _THREADINFOCLASS
{
ThreadBasicInformation,
ThreadTimes, // KERNEL_USER_TIMES
ThreadPriority,
ThreadBasePriority, // BASE_PRIORITY_INFORMATION
ThreadAffinityMask, // AFFINITY_MASK
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
ThreadIsIoPending, // W2K
ThreadHideFromDebugger, // W2K
MaxThreadInfoClass
} THREADINFOCLASS;

typedef struct _THREAD_BASIC_INFORMATION
{
NTSTATUS ExitStatus;
PTEB TebBaseAddress;
CLIENT_ID ClientId;
KAFFINITY AffinityMask;
KPRIORITY Priority;
KPRIORITY BasePriority;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;

typedef struct _THREAD_PRIORITY
{
KPRIORITY Priority;
} THREAD_PRIORITY, *PTHREAD_PRIORITY;

typedef struct _THREAD_DESCRIPTOR_TABLE_ENTRY_INFORMATION
{
ULONG Selector;
LDT_ENTRY Descriptor;
} THREAD_DESCRIPTOR_TABLE_ENTRY_INFORMATION, *PTHREAD_DESCRIPTOR_TABLE_ENTRY_INFORMATION;

typedef struct _THREAD_EVENTPAIR
{
HANDLE EventPair;
} THREAD_EVENTPAIR, *PTHREAD_EVENTPAIR;

typedef struct _THREAD_WIN32_START_ADDRESS_INFORMATION
{
PVOID Win32StartAddress;
} THREAD_WIN32_START_ADDRESS_INFORMATION, *PTHREAD_WIN32_START_ADDRESS_INFORMATION;

typedef struct _THREAD_ZERO_TLSCELL
{
ULONG TlsIndex;
} THREAD_ZERO_TLSCELL, *PTHREAD_ZERO_TLSCELL;

typedef struct _THREAD_PERFORMANCE_COUNTER_INFORMATION
{
ULONG Count1;
ULONG Count2;
} THREAD_PERFORMANCE_COUNTER_INFORMATION, *PTHREAD_PERFORMANCE_COUNTER_INFORMATION;

typedef struct _THREAD_AMI_LAST_THREAD
{
ULONG AmILastThread;
} THREAD_AMI_LAST_THREAD, *PTHREAD_AMI_LAST_THREAD;

typedef struct _THREAD_IDEAL_PROCESSOR
{
ULONG IdealProcessor;
} THREAD_IDEAL_PROCESSOR, *PTHREAD_IDEAL_PROCESSOR;

typedef struct _THREAD_TLS_ARRAY
{
PULONG TlsArray;
} THREAD_TLS_ARRAY, *PTHREAD_TLS_ARRAY;

typedef struct _THREAD_IS_IO_PENDING_INFORMATION
{
ULONG IsIOPending;
} THREAD_IS_IO_PENDING_INFORMATION, *PTHREAD_IS_IO_PENDING_INFORMATION;

typedef struct _THREAD_HIDE_FROM_DEBUGGER
{
ULONG HideFromDebugger;
} THREAD_HIDE_FROM_DEBUGGER, *PTHREAD_HIDE_FROM_DEBUGGER;

NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationThread(
IN HANDLE hThread,
IN THREADINFOCLASS ThreadInformationClass,
OUT PVOID pThreadInformation,
IN ULONG uThreadInformationLength,
OUT PULONG puReturnLength OPTIONAL
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationThread(
IN HANDLE hThread,
IN THREADINFOCLASS ThreadInformationClass,
OUT PVOID pThreadInformation,
IN ULONG uthreadInformationLength
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenThreadToken(
IN HANDLE hThread,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN bOpenAsSelf,
OUT PHANDLE phToken
);

NTSYSAPI
NTSTATUS
NTAPI
NtImpersonateThread(
IN HANDLE ThreadHandle,
IN HANDLE TargetThreadHandle,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos
);

NTSYSAPI
NTSTATUS
NTAPI
NtGetContextThread(
IN HANDLE ThreadHandle,
OUT PCONTEXT Context
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetContextThread(
IN HANDLE ThreadHandle,
IN PCONTEXT Context
);

NTSYSAPI
NTSTATUS
NTAPI
NtQueueApcThread(
IN HANDLE ThreadHandle,
IN PKNORMAL_ROUTINE ApcRoutine,
IN PVOID ApcContext OPTIONAL,
IN PVOID Argument1 OPTIONAL,
IN PVOID Argument2 OPTIONAL
);

NTSYSAPI
NTSTATUS
NTAPI
NtImpersonateAnonymousToken(
IN HANDLE hThread
);

NTSYSAPI
NTSTATUS
NTAPI
NtCreateSection(
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PLARGE_INTEGER SectionSize OPTIONAL,
IN ULONG Protect,
IN ULONG Attributes,
IN HANDLE FileHandle
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenSection(
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);

typedef enum _SECTION_INFORMATION_CLASS
{
SectionBasicInformation,
SectionImageInformation
} SECTION_INFORMATION_CLASS;

NTSYSAPI
NTSTATUS
NTAPI
NtQuerySection(
IN HANDLE SectionHandle,
IN SECTION_INFORMATION_CLASS SectionInformationClass,
OUT PVOID SectionInformation,
IN ULONG SectionInformationLength,
OUT PULONG ResultLength OPTIONAL
);

typedef struct _SECTION_BASIC_INFORMATION
{
PVOID BaseAddress;
ULONG Attributes;
LARGE_INTEGER Size;
} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;

typedef struct _SECTION_IMAGE_INFORMATION
{
PVOID EntryPoint;
ULONG Unknown1;
ULONG StackReserve;
ULONG StackCommit;
ULONG Subsystem;
USHORT MinorSubsystemVersion;
USHORT MajorSubsystemVersion;
ULONG Unknown2;
ULONG Characteristics;
USHORT ImageNumber;
BOOLEAN Executable;
UCHAR Unknown3;
ULONG Unknown4[3];
} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;

NTSYSAPI
NTSTATUS
NTAPI
NtExtendSection(
IN HANDLE SectionHandle,
IN PLARGE_INTEGER SectionSize
);

NTSYSAPI
NTSTATUS
NTAPI
NtUnmapViewOfSection(
IN HANDLE hProcess,
IN PVOID pBaseAddress
);

NTSYSAPI
NTSTATUS
NTAPI
NtWaitForSingleObject(
IN HANDLE hObject,
IN BOOL fAlertable,
IN PLARGE_INTEGER pliTimeout // NULL = infinite
);

// Object functions
typedef enum _OBJECT_INFORMATION_CLASS
{
ObjectBasicInformation, // 0 Y N
ObjectNameInformation, // 1 Y N
ObjectTypeInformation, // 2 Y N
ObjectAllTypesInformation, // 3 Y N
ObjectHandleInformation // 4 Y Y
} OBJECT_INFORMATION_CLASS;

typedef struct _OBJECT_BASIC_INFORMATION
{
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG Reserved[3];
ULONG NameInformationLength;
ULONG TypeInformationLength;
ULONG SecurityDescriptorLength;
LARGE_INTEGER CreateTime;
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;

typedef struct _OBJECT_NAME_INFORMATION
{
UNICODE_STRING Name;
} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;

typedef struct _OBJECT_TYPE_INFORMATION
{
UNICODE_STRING Name;
ULONG ObjectCount;
ULONG HandleCount;
ULONG Reserved1[4];
ULONG PeakObjectCount;
ULONG PeakHandleCount;
ULONG Reserved2[4];
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccess;
UCHAR Unknown;
BOOLEAN MaintainHandleDatabase;
UCHAR Reserved3[2];
POOL_TYPE PoolType;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;

typedef struct _OBJECT_ALL_TYPES_INFORMATION
{
ULONG NumberOfTypes;
OBJECT_TYPE_INFORMATION TypeInformation;
} OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION;

typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION
{
BOOLEAN Inherit;
BOOLEAN ProtectFromClose;
} OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION;

NTSYSAPI
NTSTATUS
NTAPI
NtQueryObject(
IN HANDLE ObjectHandle,
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
OUT PVOID ObjectInformation,
IN ULONG ObjectInformationLength,
OUT PULONG ReturnLength OPTIONAL
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationObject(
IN HANDLE ObjectHandle,
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
IN PVOID ObjectInformation,
IN ULONG ObjectInformationLength
);

NTSYSAPI
NTSTATUS
NTAPI
NtDuplicateObject(
IN HANDLE SourceProcessHandle,
IN HANDLE SourceHandle,
IN HANDLE TargetProcessHandle OPTIONAL,
OUT PHANDLE TargetHandle OPTIONAL,
IN ACCESS_MASK DesiredAccess,
IN ULONG HandleAttributes,
IN ULONG Options
);

NTSYSAPI
NTSTATUS
NTAPI
NtQuerySecurityObject(
IN HANDLE FileHandle,
IN SECURITY_INFORMATION SecurityInformation,
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ULONG Length,
OUT PULONG ResultLength
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetSecurityObject(
IN HANDLE FileHandle,
IN SECURITY_INFORMATION SecurityInformation,
IN PSECURITY_DESCRIPTOR SecurityDescriptor
);

// Memory management functions
NTSYSAPI
NTSTATUS
NTAPI
NtAllocateVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN OUT PULONG AllocationSize,
IN ULONG AllocationType,
IN ULONG Protect
);

typedef enum _MEMORY_INFORMATION_CLASS
{
MemoryBasicInformation,
MemoryWorkingSetList,
MemorySectionName,
MemoryBasicVlmInformation
} MEMORY_INFORMATION_CLASS;

NTSYSAPI
NTSTATUS
NTAPI
NtQueryVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
OUT PVOID MemoryInformation,
IN ULONG MemoryInformationLength,
OUT PULONG ReturnLength OPTIONAL
);

/* Defined in Winnt.h
typedef struct _MEMORY_BASIC_INFORMATION
{
PVOID BaseAddress;
PVOID AllocationBase;
ULONG AllocationProtect;
ULONG RegionSize;
ULONG State;
ULONG Protect;
ULONG Type;
} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;
*/

typedef struct _MEMORY_WORKING_SET_LIST
{
ULONG NumberOfPages;
ULONG WorkingSetList[1];
} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;

typedef struct _MEMORY_SECTION_NAME
{
UNICODE_STRING SectionFileName;
} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;

NTSYSAPI
NTSTATUS
NTAPI
NtReadVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
OUT PVOID Buffer,
IN ULONG BufferLength,
OUT PULONG ReturnLength OPTIONAL
);

NTSYSAPI
NTSTATUS
NTAPI
NtWriteVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
IN PVOID Buffer,
IN ULONG BufferLength,
OUT PULONG ReturnLength OPTIONAL
);

NTSYSAPI
NTSTATUS
NTAPI
NtProtectVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PULONG ProtectSize,
IN ULONG NewProtect,
OUT PULONG OldProtect
);

NTSYSAPI
NTSTATUS
NTAPI
NtFlushVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PULONG FlushSize,
OUT PIO_STATUS_BLOCK IoStatusBlock
);

// Ldr Functions
NTSYSAPI
NTSTATUS
NTAPI
LdrDisableThreadCalloutsForDll(
IN HANDLE hModule
);

// Rtl String Functions
NTSYSAPI
VOID
NTAPI
RtlInitUnicodeString (
OUT PUNICODE_STRING DestinationString,
IN PCWSTR SourceString
);

NTSYSAPI
VOID
NTAPI
RtlCreateUnicodeString(
OUT PUNICODE_STRING AllocatedString,
IN PCWSTR SourceString
);

NTSYSAPI
VOID
NTAPI
RtlFreeUnicodeString(
IN PUNICODE_STRING UnicodeString
);

NTSYSAPI
ULONG
NTAPI
RtlAnsiStringToUnicodeSize(
IN PANSI_STRING AnsiString
);

NTSYSAPI
NTSTATUS
NTAPI
RtlAnsiStringToUnicodeString(
OUT PUNICODE_STRING DestinationString,
IN PANSI_STRING SourceString,
IN BOOLEAN AllocateDestinationString
);

NTSYSAPI
NTSTATUS
NTAPI
RtlAppendUnicodeStringToString(
OUT PUNICODE_STRING Destination,
IN PUNICODE_STRING Source
);

NTSYSAPI
NTSTATUS
NTAPI
RtlAppendUnicodeToString(
OUT PUNICODE_STRING Destination,
IN PWSTR Source
);

NTSYSAPI
LONG
NTAPI
RtlCompareUnicodeString(
IN PUNICODE_STRING String1,
IN PUNICODE_STRING String2,
IN BOOLEAN CaseInSensitive
);

NTSYSAPI
VOID
NTAPI
RtlCopyUnicodeString(
OUT PUNICODE_STRING DestinationString,
IN PUNICODE_STRING SourceString
);

NTSYSAPI
NTSTATUS
NTAPI
RtlDowncaseUnicodeString(
OUT PUNICODE_STRING DestinationString,
IN PUNICODE_STRING SourceString,
IN BOOLEAN AllocateDestinationString
);

NTSYSAPI
BOOLEAN
NTAPI
RtlEqualUnicodeString(
IN PUNICODE_STRING String1,
IN PUNICODE_STRING String2,
IN BOOLEAN CaseInSensitive
);

NTSYSAPI
NTSTATUS
NTAPI
RtlIntegerToUnicodeString(
IN ULONG Value,
IN ULONG Base,
OUT PUNICODE_STRING String
);

NTSYSAPI
NTSTATUS
NTAPI
RtlUnicodeStringToInteger(
IN PUNICODE_STRING String,
IN ULONG Base,
OUT PULONG Value
);

NTSYSAPI
NTSTATUS
NTAPI
RtlOemStringToUnicodeString(
OUT PUNICODE_STRING DestinationString,
IN POEM_STRING SourceString,
IN BOOLEAN AllocateDestinationString
);

NTSYSAPI
BOOLEAN
NTAPI
RtlPrefixUnicodeString(
IN PUNICODE_STRING String1,
IN PUNICODE_STRING String2,
IN BOOLEAN CaseInSensitive
);

NTSYSAPI
WCHAR
NTAPI
RtlUpcaseUnicodeChar(
IN WCHAR SourceCharacter
);

NTSYSAPI
NTSTATUS
NTAPI
RtlUpcaseUnicodeString(
OUT PUNICODE_STRING DestinationString,
IN PUNICODE_STRING SourceString,
IN BOOLEAN AllocateDestinationString
);

NTSYSAPI
ULONG
NTAPI
RtlxAnsiStringToUnicodeSize(
IN PANSI_STRING AnsiString
);

NTSYSAPI
ULONG
NTAPI
RtlxOemStringToUnicodeSize(
IN POEM_STRING OemString
);

// Rtl Misc Operations
NTSYSAPI
NTSTATUS
NTAPI
NtReplyPort(
IN HANDLE hPort,
OUT PVOID pReply
);

NTSYSAPI
NTSTATUS
NTAPI
NtClose(
IN HANDLE hObject
);

NTSYSAPI
ULONG
NTAPI
RtlNtStatusToDosError(
NTSTATUS status
);

NTSYSAPI
UINT
NTAPI
RtlGetLongestNtPathLength();

NTSYSAPI
UINT
NTAPI
RtlDetermineDosPathNameType_U(
IN PWSTR Path
);

NTSYSAPI
UINT
NTAPI
RtlIsDosDeviceName_U(
IN PWSTR Path
);

NTSYSAPI
BOOLEAN
NTAPI
RtlDosPathNameToNtPathName_U(
IN PCWSTR DosName,
OUT PUNICODE_STRING NtName,
OUT PCWSTR *DosFilePath OPTIONAL,
OUT PUNICODE_STRING NtFilePath OPTIONAL
);

// Rtl Large Integer Operations

#define RtlLargeIntegerLessThanZero($a) (($a).HighPart < 0)
#define Li2Double(x) ((double)((x).HighPart) * 4.294967296E9 + (double)((x).LowPart))

NTSYSAPI
LARGE_INTEGER
NTAPI
RtlEnlargedIntegerMultiply(
IN LONG lMultiplicand,
IN LONG lMultiplier
);

NTSYSAPI
ULONG
NTAPI
RtlEnlargedUnsignedDivide(
IN LARGE_INTEGER liDividend,
IN ULONG uDivisor,
OUT PULONG puRemainder OPTIONAL
);

NTSYSAPI
LARGE_INTEGER
NTAPI
RtlEnlargedUnsignedMultiply(
IN ULONG uMultiplicand,
IN ULONG uMultiplier
);

NTSYSAPI
LARGE_INTEGER
NTAPI
RtlExtendedIntegerMultiply(
IN LARGE_INTEGER liMultiplicand,
IN LONG lMultiplier
);

NTSYSAPI
LARGE_INTEGER
NTAPI
RtlExtendedLargeIntegerDivide(
IN LARGE_INTEGER liDividend,
IN ULONG uDivisor,
OUT PULONG puRemainder OPTIONAL
);

NTSYSAPI
LARGE_INTEGER
NTAPI
RtlLargeIntegerAdd(
IN LARGE_INTEGER liAddend1,
IN LARGE_INTEGER liAddend2
);

NTSYSAPI
LARGE_INTEGER
NTAPI
RtlLargeIntegerDivide(
IN LARGE_INTEGER liDividend,
IN LARGE_INTEGER liDivisor,
OUT PLARGE_INTEGER pliRemainder OPTIONAL
);

NTSYSAPI
LARGE_INTEGER
NTAPI
RtlLargeIntegerNegate(
IN LARGE_INTEGER liSubtrahend
);

NTSYSAPI
LARGE_INTEGER
NTAPI
RtlLargeIntegerSubtract(
IN LARGE_INTEGER liMinuend,
IN LARGE_INTEGER liSubtrahend
);

// Debug Functions
typedef struct _DEBUG_BUFFER
{
HANDLE SectionHandle;
PVOID SectionBase;
PVOID RemoteSectionBase;
ULONG SectionBaseDelta;
HANDLE EventPairHandle;
ULONG Unknown[2];
HANDLE RemoteThreadHandle;
ULONG InfoClassMask;
ULONG SizeOfInfo;
ULONG AllocatedSize;
ULONG SectionSize;
PVOID ModuleInformation;
PVOID BackTraceInformation;
PVOID HeapInformation;
PVOID LockInformation;
PVOID Reserved[8];
} DEBUG_BUFFER, *PDEBUG_BUFFER;

#define PDI_MODULES 0x01
#define PDI_BACKTRACE 0x02
#define PDI_HEAPS 0x04
#define PDI_HEAP_TAGS 0x08
#define PDI_HEAP_BLOCKS 0x10
#define PDI_LOCKS 0x20

typedef struct _DEBUG_MODULE_INFORMATION // c.f. SYSTEM_MODULE_INFORMATION
{
ULONG Reserved[2];
ULONG Base;
ULONG Size;
ULONG Flags;
USHORT Index;
USHORT Unknown;
USHORT LoadCount;
USHORT ModuleNameOffset;
CHAR ImageName[256];
} DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;

typedef struct _DEBUG_HEAP_INFORMATION
{
ULONG Base;
ULONG Flags;
USHORT Granularity;
USHORT Unknown;
ULONG Allocated;
ULONG Committed;
ULONG TagCount;
ULONG BlockCount;
ULONG Reserved[7];
PVOID Tags;
PVOID Blocks;
} DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;

typedef struct _DEBUG_LOCK_INFORMATION // c.f. SYSTEM_LOCK_INFORMATION
{
PVOID Address;
USHORT Type;
USHORT CreatorBackTraceIndex;
ULONG OwnerThreadId;
ULONG ActiveCount;
ULONG ContentionCount;
ULONG EntryCount;
ULONG RecursionCount;
ULONG NumberOfSharedWaiters;
ULONG NumberOfExclusiveWaiters;
} DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION;


NTSYSAPI
PDEBUG_BUFFER
NTAPI
RtlCreateQueryDebugBuffer(
IN ULONG Size,
IN BOOLEAN EventPair
);

NTSYSAPI
NTSTATUS
NTAPI
RtlQueryProcessDebugInformation(
IN ULONG ProcessId,
IN ULONG DebugInfoClassMask,
IN OUT PDEBUG_BUFFER DebugBuffer
);

NTSYSAPI
NTSTATUS
NTAPI
RtlDestroyQueryDebugBuffer(
IN PDEBUG_BUFFER DebugBuffer
);

NTSYSAPI
NTSTATUS
NTAPI
NtLoadDriver(
// "RegistryMachineSystemCurrentControlSetServices<DriverName>"
IN PUNICODE_STRING RegistryPath
);

NTSYSAPI
NTSTATUS
NTAPI
NtUnloadDriver(
// "RegistryMachineSystemCurrentControlSetServices<DriverName>"
IN PUNICODE_STRING RegistryPath
);

NTSYSAPI
NTSTATUS
NTAPI
RtlAdjustPrivilege(
IN ULONG Privilege,
IN BOOLEAN NewValue,
IN BOOLEAN ForThread,
OUT PBOOLEAN OldValue
);

#ifdef __cplusplus
}

#pragma warning(default : 4200)

#endif
#endif




Комментарии

 Ваш комментарий к данному материалу будет интересен нам и нашим читателям!



Последние статьи: Программирование под ОС / Assembler /

Первая программа на linux
23-05-2010   

Ассемблер, который я буду использовать - NASM (Netwide Assembler, nasm.2y.net). Этот выбор объясняется тем, что: Во первых, он мультиплатформенный, т.е. для портирования программы на разные ОС достаточно только изменить код взаимодействия с системой, а всю программу переписывать не нужно... подробнее

Кол. просмотров: общее - 4330 сегодня - 0

Использование пакета NuMega Driver Studio для написания WDM - драйверов устройств
17-05-2010   

Разработка WDM - драйвера с использованием только DDK является сложной и трудоемкой задачей. При этом приходится выполнять много однотипных операций: создание скелета драйвера, написание inf - файла для его установки, создание приложения для тестирования и т.п... подробнее

Кол. просмотров: общее - 4164 сегодня - 2

Система классов DriverWorks
17-05-2010   

Возможно, идея писать драйвера объектно-ориентированными и кажется на первый взгляд нелогичной. Но при более близком знакомстве с DriverStudio и с драйверами в общем, оказывается, что это не так уж страшно и довольно удобно... подробнее

Кол. просмотров: общее - 4020 сегодня - 0

Объект устройства device object
17-05-2010   

Объекты устройств являются экземплярами класса KDevice или KPnpDevice. Эти классы являются краеугольными камнями архитектуры DriverWorks: они представляют собой как бы программный образ тех устройств, которые присутствуют в системе... подробнее

Кол. просмотров: общее - 4157 сегодня - 1

Объекты для управления оборудованием
17-05-2010   

Как было упомянуто выше, объект устройства управляет работой устройства при помощи специальных объектов, управляющих работой оборудования - портами В/В, прерываниями, памятью, контроллерами ПДП. Драйвер создает эти объекты для представления физических параметров устройства... подробнее

Кол. просмотров: общее - 4264 сегодня - 0

Популярные статьи



  WWW.COMPROG.RU - 2009-2012 | Designed and Powered by Zaipov Renat | Projects