📄 ntdll.h
字号:
//ntdll.h
//API Windows NT
#ifndef _NTDLL_H_
#define _NTDLL_H_
#ifdef _MSC_VER
#pragma pack(push,8)
#endif //_MSC_VER
#ifdef __cplusplus
extern "C" {
#endif
#ifndef IN
#define IN
#endif //IN
#ifndef OUT
#define OUT
#endif //OUT
#ifndef OPTIONAL
#define OPTIONAL
#endif //OPTIONAL
#if defined(_M_MRX000) || defined(_M_IX86) || defined(_M_ALPHA) || defined(_M_PPC) && !defined(MIDL_PASS)
#define DECLSPEC_IMPORT __declspec(dllimport)
#else
#define DECLSPEC_IMPORT
#endif
#if defined(_M_MRX000) || defined(_M_IX86) || defined(_M_ALPHA) || defined(_M_PPC) && !defined(MIDL_PASS)
#define DECLSPEC_EXPORT __declspec(dllexport)
#else
#define DECLSPEC_EXPORT
#endif
#if (_MSC_VER>=800) || defined(_STDCALL_SUPPORTED)
#define NTAPI __stdcall
#else
#define _cdecl
#define NTAPI
#endif
#if !defined(_NTSYSTEM_)
#define NTSYSAPI DECLSPEC_IMPORT
#else
#define NTSYSAPI DECLSPEC_EXPORT
#endif
#ifndef CONST
#define CONST const
#endif
#ifndef VOID
#define VOID void
typedef char CHAR;
typedef short SHORT;
typedef long LONG;
#endif
typedef void *PVOID; // winnt
#define FALSE 0
#define TRUE 1
#ifndef NULL
#ifdef __cplusplus
#define NULL 0
#else
#define NULL ((void *)0)
#endif
#endif // NULL
#ifndef _WCHAR_T_DEFINED
typedef unsigned short wchar_t;
#define _WCHAR_T_DEFINED
#endif //_WCHAR_T_DEFINED
typedef wchar_t WCHAR;
typedef WCHAR *LPWSTR, *PWSTR;
typedef CONST WCHAR *LPCWSTR, *PCWSTR;
typedef CHAR *LPSTR, *PSTR, *PCHAR;
typedef CONST CHAR *LPCSTR, *PCSTR;
#define UNICODE_NULL ((WCHAR)0) // winnt
typedef unsigned char UCHAR;
typedef unsigned short USHORT;
typedef unsigned long ULONG;
typedef UCHAR *PUCHAR;
typedef USHORT *PUSHORT;
typedef ULONG *PULONG;
typedef unsigned long DWORD;
typedef unsigned char BYTE;
typedef unsigned short WORD;
typedef void *LPVOID;
typedef void *HANDLE;
typedef HANDLE *PHANDLE;
typedef UCHAR BOOLEAN; // winnt
typedef BOOLEAN *PBOOLEAN; // winnt
typedef long NTSTATUS;
#ifndef _WINNT_
typedef struct _LARGE_INTEGER {
ULONG LowPart;
LONG HighPart;
} LARGE_INTEGER, *PLARGE_INTEGER;
typedef struct _ULARGE_INTEGER {
ULONG LowPart;
ULONG HighPart;
} ULARGE_INTEGER, *PULARGE_INTEGER;
typedef LARGE_INTEGER LUID, *PLUID;
#endif //_WINNT_
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING;
typedef UNICODE_STRING *PUNICODE_STRING;
NTSYSAPI
VOID
NTAPI
RtlInitUnicodeString(
PUNICODE_STRING DestinationString,
PCWSTR SourceString
);
//
// Valid values for the Attributes field
//
#define OBJ_INHERIT 0x00000002L
#define OBJ_PERMANENT 0x00000010L
#define OBJ_EXCLUSIVE 0x00000020L
#define OBJ_CASE_INSENSITIVE 0x00000040L
#define OBJ_OPENIF 0x00000080L
#define OBJ_OPENLINK 0x00000100L
#define OBJ_VALID_ATTRIBUTES 0x000001F2L
//
// Object Attributes structure
//
typedef struct _OBJECT_ATTRIBUTES {
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor; // Points to type SECURITY_DESCRIPTOR
PVOID SecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVICE
} OBJECT_ATTRIBUTES;
typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
#define InitializeObjectAttributes( p, n, a, r, s ) { \
(p)->Length = sizeof( OBJECT_ATTRIBUTES ); \
(p)->RootDirectory = r; \
(p)->Attributes = a; \
(p)->ObjectName = n; \
(p)->SecurityDescriptor = s; \
(p)->SecurityQualityOfService = NULL; \
}
#define OBJ_NAME_PATH_SEPARATOR ((WCHAR) L'\\')
typedef ULONG ACCESS_MASK;
#define DELETE (0x00010000L)
#define READ_CONTROL (0x00020000L)
#define WRITE_DAC (0x00040000L)
#define WRITE_OWNER (0x00080000L)
#define SYNCHRONIZE (0x00100000L)
#define STANDARD_RIGHTS_REQUIRED (0x000F0000L)
#define STANDARD_RIGHTS_READ (READ_CONTROL)
#define STANDARD_RIGHTS_WRITE (READ_CONTROL)
#define STANDARD_RIGHTS_EXECUTE (READ_CONTROL)
#define STANDARD_RIGHTS_ALL (0x001F0000L)
#define SPECIFIC_RIGHTS_ALL (0x0000FFFFL)
//
// AccessSystemAcl access type
//
#define ACCESS_SYSTEM_SECURITY (0x01000000L)
//
// MaximumAllowed access type
//
#define MAXIMUM_ALLOWED (0x02000000L)
//
// These are the generic rights.
//
#define GENERIC_READ (0x80000000L)
#define GENERIC_WRITE (0x40000000L)
#define GENERIC_EXECUTE (0x20000000L)
#define GENERIC_ALL (0x10000000L)
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
NTSYSAPI
NTSTATUS
NTAPI
NtClose(
IN HANDLE Handle
);
//
// Object Manager Directory Specific Access Rights.
//
#define DIRECTORY_QUERY (0x0001)
#define DIRECTORY_TRAVERSE (0x0002)
#define DIRECTORY_CREATE_OBJECT (0x0004)
#define DIRECTORY_CREATE_SUBDIRECTORY (0x0008)
#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
NTSYSAPI
NTSTATUS
NTAPI
NtOpenDirectoryObject(
OUT PHANDLE DirectoryHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
typedef struct _OBJECT_NAMETYPE_INFO {
UNICODE_STRING ObjectName;
UNICODE_STRING ObjectType;
} OBJECT_NAMETYPE_INFO, *POBJECT_NAMETYPE_INFO;
typedef enum _DIRECTORYINFOCLASS {
ObjectArray,
ObjectByOne
} DIRECTORYINFOCLASS, *PDIRECTORYINFOCLASS;
#define QUERY_DIRECTORY_BUF_SIZE 0x200
NTSYSAPI
NTSTATUS
NTAPI
NtQueryDirectoryObject(
IN PHANDLE DirectoryObjectHandle,
OUT PVOID ObjectInfoBuffer,
IN ULONG ObjectInfoBufferLength,
IN DIRECTORYINFOCLASS DirectoryInformationClass,
IN BOOLEAN First,
IN OUT PULONG ObjectIndex,
OUT PULONG LengthReturned
);
NTSYSAPI
NTSTATUS
NTAPI
NtDisplayString(
IN PUNICODE_STRING DisplayString
);
//
// Registry Specific Access Rights.
//
#define KEY_QUERY_VALUE (0x0001)
#define KEY_SET_VALUE (0x0002)
#define KEY_CREATE_SUB_KEY (0x0004)
#define KEY_ENUMERATE_SUB_KEYS (0x0008)
#define KEY_NOTIFY (0x0010)
#define KEY_CREATE_LINK (0x0020)
#define KEY_READ ((STANDARD_RIGHTS_READ |\
KEY_QUERY_VALUE |\
KEY_ENUMERATE_SUB_KEYS |\
KEY_NOTIFY) \
& \
(~SYNCHRONIZE))
#define KEY_WRITE ((STANDARD_RIGHTS_WRITE |\
KEY_SET_VALUE |\
KEY_CREATE_SUB_KEY) \
& \
(~SYNCHRONIZE))
#define KEY_EXECUTE ((KEY_READ) \
& \
(~SYNCHRONIZE))
#define KEY_ALL_ACCESS ((STANDARD_RIGHTS_ALL |\
KEY_QUERY_VALUE |\
KEY_SET_VALUE |\
KEY_CREATE_SUB_KEY |\
KEY_ENUMERATE_SUB_KEYS |\
KEY_NOTIFY |\
KEY_CREATE_LINK) \
& \
(~SYNCHRONIZE))
//
// Open/Create Options
//
#define REG_OPTION_RESERVED (0x00000000L) // Parameter is reserved
#define REG_OPTION_NON_VOLATILE (0x00000000L) // Key is preserved
// when system is rebooted
#define REG_OPTION_VOLATILE (0x00000001L) // Key is not preserved
// when system is rebooted
#define REG_OPTION_CREATE_LINK (0x00000002L) // Created key is a
// symbolic link
#define REG_OPTION_BACKUP_RESTORE (0x00000004L) // open for backup or restore
// special access rules
// privilege required
#define REG_OPTION_OPEN_LINK (0x00000008L) // Open symbolic link
#define REG_LEGAL_OPTION \
(REG_OPTION_RESERVED |\
REG_OPTION_NON_VOLATILE |\
REG_OPTION_VOLATILE |\
REG_OPTION_CREATE_LINK |\
REG_OPTION_BACKUP_RESTORE |\
REG_OPTION_OPEN_LINK)
//
// Key creation/open disposition
//
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -