📄 ntlib.c
字号:
{
pData = (PBYTE) pnt->pData + dNext;
}
else
{
pData = (PBYTE) pEntry + dNext;
}
}
pnt->dIndex++;
}
}
}
return pData;
}
// =================================================================
// STANDARD TABLES
// =================================================================
NTSTATUS WINAPI
NtlTableCpu (PNTL_TABLE pnt)
{
return NtlTableLoadEx (pnt,
NTL_INFO_SYSTEM,
SystemProcessorCounters,
NULL,
NTL_CPU_HEADER,
NTL_CPU_ENTRY,
NTL_CPU_ATTRIBUTES);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
NtlTableHandle (PNTL_TABLE pnt)
{
return NtlTableLoadEx (pnt,
NTL_INFO_SYSTEM,
SystemHandleInformation,
NULL,
NTL_HANDLE_HEADER,
NTL_HANDLE_ENTRY,
NTL_HANDLE_ATTRIBUTES);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
NtlTableLock (PNTL_TABLE pnt)
{
return NtlTableLoadEx (pnt,
NTL_INFO_SYSTEM,
SystemLockInformation,
NULL,
NTL_LOCK_HEADER,
NTL_LOCK_ENTRY,
NTL_LOCK_ATTRIBUTES);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
NtlTableLookaside (PNTL_TABLE pnt)
{
return NtlTableLoadEx (pnt,
NTL_INFO_SYSTEM,
SystemLookasideInformation,
NULL,
NTL_LOOKASIDE_HEADER,
NTL_LOOKASIDE_ENTRY,
NTL_LOOKASIDE_ATTRIBUTES);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
NtlTableModule (PNTL_TABLE pnt,
BOOL fProcess)
{
return NtlTableLoadEx (pnt,
(fProcess
? NTL_INFO_LOADER
: NTL_INFO_SYSTEM),
(fProcess
? LoaderProcessModuleInformation
: SystemModuleInformation),
NULL,
NTL_MODULE_HEADER,
NTL_MODULE_ENTRY,
NTL_MODULE_ATTRIBUTES);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
NtlTablePageFile (PNTL_TABLE pnt)
{
return NtlTableLoadEx (pnt,
NTL_INFO_SYSTEM,
SystemPageFileInformation,
NULL,
NTL_PAGE_FILE_HEADER,
NTL_PAGE_FILE_ENTRY,
NTL_PAGE_FILE_ATTRIBUTES);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
NtlTableObject (PNTL_TABLE pnt)
{
return NtlTableLoadEx (pnt,
NTL_INFO_SYSTEM,
SystemObjectInformation,
NULL,
NTL_OBJECT_HEADER,
NTL_OBJECT_ENTRY,
NTL_OBJECT_ATTRIBUTES);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI
NtlTableProcess (PNTL_TABLE pnt)
{
return NtlTableLoadEx (pnt,
NTL_INFO_SYSTEM,
SystemProcessInformation,
NULL,
NTL_PROCESS_HEADER,
NTL_PROCESS_ENTRY,
NTL_PROCESS_ATTRIBUTES);
}
// =================================================================
// STANDARD SUBTABLES
// =================================================================
PSYSTEM_OBJECT WINAPI
NtlTableObjectFirst (PNTL_TABLE pntSub,
PNTL_TABLE pnt,
PSYSTEM_OBJECT_INFORMATION psoi)
{
DWORD dHeader;
dHeader = ((PBYTE) psoi->usTypeName.Buffer
+ psoi->usTypeName.MaximumLength)
- (PBYTE) psoi;
NtlTableResetEx (pntSub, pnt->pData, pnt->dData,
dHeader, SYSTEM_OBJECT_, NTL_TABLE_ABSOLUTE,
TRUE);
return NtlTableFirst (pntSub);
}
// -----------------------------------------------------------------
PSYSTEM_OBJECT WINAPI
NtlTableObjectNext (PNTL_TABLE pntSub,
PSYSTEM_OBJECT pso)
{
return NtlTableNext (pntSub, pso);
}
// =================================================================
// FIXED SIZE INFO MANAGEMENT
// =================================================================
NTSTATUS WINAPI
NtlInfoRead (PVOID pData,
PDWORD pdData,
DWORD dInfoGroup,
DWORD dInfoClass,
HANDLE hObject)
{
DWORD dData = 0;
NTSTATUS ns = STATUS_INVALID_PARAMETER;
if (pdData != NULL)
{
if ((pData != NULL) && *pdData)
{
switch (dInfoGroup)
{
case NTL_INFO_SYSTEM:
{
ns = NtQuerySystemInformation
(dInfoClass,
pData, *pdData, &dData);
break;
}
case NTL_INFO_PROCESS:
{
ns = NtQueryInformationProcess
(hObject, dInfoClass,
pData, *pdData, &dData);
break;
}
case NTL_INFO_THREAD:
{
ns = NtQueryInformationThread
(hObject, dInfoClass,
pData, *pdData, &dData);
break;
}
case NTL_INFO_LOADER:
{
if (dInfoClass
== LoaderProcessModuleInformation)
{
ns = LdrQueryProcessModuleInformation
(pData, *pdData, &dData);
}
else
{
ns = STATUS_INVALID_INFO_CLASS;
}
break;
}
}
}
*pdData = dData;
}
return ns;
}
// =================================================================
// MEMORY SIZE CONVERSION ROUTINES
// =================================================================
DWORD WINAPI
NtlBytesToKb (DWORD dBytes)
{
return (dBytes ? ((dBytes-1) >> 10) + 1 : 0);
}
// -----------------------------------------------------------------
DWORD WINAPI
NtlBytesToMb (DWORD dBytes)
{
return (dBytes ? ((dBytes-1) >> 20) + 1 : 0);
}
// -----------------------------------------------------------------
DWORD WINAPI
NtlBytesToGb (DWORD dBytes)
{
return (dBytes ? ((dBytes-1) >> 30) + 1 : 0);
}
// -----------------------------------------------------------------
DWORD WINAPI
NtlBytesToPages (DWORD dBytes)
{
return (dBytes ? ((dBytes-1) / gsbi.dPageSize) + 1 : 0);
}
// -----------------------------------------------------------------
DWORD WINAPI
NtlPagesToBytes (DWORD dPages)
{
return (dPages * gsbi.dPageSize);
}
// -----------------------------------------------------------------
DWORD WINAPI
NtlPagesToKb (DWORD dPages)
{
return NtlBytesToKb (NtlPagesToBytes (dPages));
}
// -----------------------------------------------------------------
DWORD WINAPI
NtlPagesToMb (DWORD dPages)
{
return NtlBytesToMb (NtlPagesToBytes (dPages));
}
// -----------------------------------------------------------------
DWORD WINAPI
NtlPagesToGb (DWORD dPages)
{
return NtlBytesToGb (NtlPagesToBytes (dPages));
}
// =================================================================
// TIME CONVERSION ROUTINES
// =================================================================
void WINAPI
NtlTimeReset (PQWORD pqTime)
{
pqTime->LowPart = pqTime->HighPart = 0;
return;
}
// -----------------------------------------------------------------
DWORD WINAPI
NtlTimeUnits (PQWORD pqTime,
DWORD dUnit)
{
BOOL fNegative;
DWORD dRemainder = 0;
if (dUnit > 1)
{
fNegative = RtlLargeIntegerLessThanZero (*pqTime);
if (fNegative) *pqTime = RtlLargeIntegerNegate (*pqTime);
*pqTime = RtlExtendedLargeIntegerDivide (*pqTime, dUnit,
&dRemainder);
if (fNegative) *pqTime = RtlLargeIntegerNegate (*pqTime);
}
return dRemainder;
}
// -----------------------------------------------------------------
DWORD WINAPI
NtlTimeInterval (PQWORD pqTime1,
PQWORD pqTime2,
PQWORD pqInterval,
DWORD dUnit)
{
*pqInterval = RtlLargeIntegerSubtract (*pqTime2, *pqTime1);
return NtlTimeUnits (pqInterval, dUnit);
}
// -----------------------------------------------------------------
void WINAPI
NtlTimeExtend (PQWORD pqTime,
PQWORD pqInterval,
DWORD dUnit)
{
QWORD qInterval;
qInterval = (dUnit > 1
? RtlExtendedIntegerMultiply (*pqInterval, dUnit)
: *pqInterval);
*pqTime = RtlLargeIntegerAdd (*pqTime, qInterval);
return;
}
// -----------------------------------------------------------------
BOOL WINAPI
NtlTimePack (PTIME_FIELDS ptfTime,
PQWORD pqTime)
{
return (RtlTimeFieldsToTime (ptfTime, pqTime) != FALSE);
}
// -----------------------------------------------------------------
void WINAPI
NtlTimeUnpack (PQWORD pqTime,
PTIME_FIELDS ptfTime)
{
RtlTimeToTimeFields (pqTime, ptfTime);
return;
}
// =================================================================
// ID TO NAME CONVERSION
// =================================================================
PTBYTE WINAPI
NtlNameLookup (PNTL_LOOKUP pnl,
DWORD dCount,
DWORD dCode,
PDWORD pdSize,
PDWORD pdSizeMax)
{
DWORD dSizeMax, i, n;
PTBYTE ptName = atNull;
dSizeMax = 0;
for (i = 0; i < dCount; i++)
{
if (pnl [i].dCode == dCode) ptName = pnl [i].ptName;
n = lstrlen (pnl [i].ptName);
dSizeMax = max (dSizeMax, n);
}
if (pdSize != NULL) *pdSize = lstrlen (ptName);
if (pdSizeMax != NULL) *pdSizeMax = dSizeMax;
return ptName;
}
// -----------------------------------------------------------------
PTBYTE WINAPI
NtlNameObjectType (DWORD dType,
PDWORD pdSize,
PDWORD pdSizeMax)
{
return NtlNameLookup (aObjectTypes, N_OBJECT_TYPES,
dType, pdSize, pdSizeMax);
}
// -----------------------------------------------------------------
PTBYTE WINAPI
NtlNamePoolType (DWORD dType,
PDWORD pdSize,
PDWORD pdSizeMax)
{
return NtlNameLookup (aPoolTypes, N_POOL_TYPES,
dType, pdSize, pdSizeMax);
}
// =================================================================
// DLL MANAGEMENT
// =================================================================
BOOL WINAPI
DllMain (HINSTANCE hInstance,
DWORD dReason,
PVOID pReserved)
{
BOOL fOk = TRUE;
if (dReason == DLL_PROCESS_ATTACH)
{
fOk = (NtQuerySystemInformation (SystemBasicInformation,
&gsbi,
SYSTEM_BASIC_INFORMATION_,
NULL)
== STATUS_SUCCESS);
}
return fOk;
}
// =================================================================
// END OF PROGRAM
// =================================================================
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -