ntdll.h
来自「This ZIP archive includes the sources (a」· C头文件 代码 · 共 2,523 行 · 第 1/5 页
H
2,523 行
NonPagedPoolMustSucceed,
DontUseThisType,
NonPagedPoolCacheAligned,
PagedPoolCacheAligned,
NonPagedPoolCacheAlignedMustS,
MaxPoolType
} POOL_TYPE;
//
// For NtQueryObject
//
typedef enum _OBJECT_INFORMATION_CLASS {
ObjectBasicInformation, // = 0
ObjectNameInformation, // = 1
ObjectTypeInformation, // = 2
ObjectTypesInformation, // = 3 //object handle is ignored
ObjectHandleFlagInformation // = 4
} OBJECT_INFORMATION_CLASS;
//
// NtQueryObject uses ObjectBasicInformation
//
typedef struct _OBJECT_BASIC_INFORMATION {
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG PagedPoolCharge;
ULONG NonPagedPoolCharge;
ULONG Reserved[3];
ULONG NameInfoSize;
ULONG TypeInfoSize;
ULONG SecurityDescriptorSize;
LARGE_INTEGER CreationTime;
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
//
// NtQueryObject uses ObjectNameInformation
//
typedef struct _OBJECT_NAME_INFORMATION {
UNICODE_STRING Name;
} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
//
// NtQueryObject uses ObjectTypeInformation
//
typedef struct _OBJECT_TYPE_INFORMATION {
UNICODE_STRING TypeName;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG TotalPagedPoolUsage;
ULONG TotalNonPagedPoolUsage;
ULONG TotalNamePoolUsage;
ULONG TotalHandleTableUsage;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
ULONG HighWaterPagedPoolUsage;
ULONG HighWaterNonPagedPoolUsage;
ULONG HighWaterNamePoolUsage;
ULONG HighWaterHandleTableUsage;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccessMask;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
POOL_TYPE PoolType;
ULONG DefaultPagedPoolCharge;
ULONG DefaultNonPagedPoolCharge;
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
//
// NtQueryObject uses ObjectHandleFlagInformation
// NtSetInformationObject uses ObjectHandleFlagInformation
//
typedef struct _OBJECT_HANDLE_FLAG_INFORMATION {
BOOLEAN Inherit;
BOOLEAN ProtectFromClose;
} OBJECT_HANDLE_FLAG_INFORMATION, *POBJECT_HANDLE_FLAG_INFORMATION;
//
// NtQueryDirectoryObject uses this type
//
typedef struct _OBJECT_DIRECTORY_INFORMATION {
UNICODE_STRING Name;
UNICODE_STRING TypeName;
} OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION;
NTSYSAPI
NTSTATUS
NTAPI
NtOpenDirectoryObject(
OUT PHANDLE DirectoryHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryDirectoryObject(
IN HANDLE DirectoryHandle,
OUT PVOID Buffer,
IN ULONG Length,
IN BOOLEAN ReturnSingleEntry,
IN BOOLEAN RestartScan,
IN OUT PULONG Context,
OUT PULONG ReturnLength OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtQueryObject (
IN HANDLE ObjectHandle,
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
OUT PVOID ObjectInformation,
IN ULONG Length,
OUT PULONG ResultLength OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationObject (
IN HANDLE ObjectHandle,
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
IN PVOID ObjectInformation,
IN ULONG Length
);
NTSYSAPI
NTSTATUS
NTAPI
NtDuplicateObject (
IN HANDLE SourceProcessHandle,
IN HANDLE SourceHandle,
IN HANDLE TargetProcessHandle OPTIONAL,
OUT PHANDLE TargetHandle OPTIONAL,
IN ACCESS_MASK DesiredAccess,
IN ULONG HandleAttributes,
IN ULONG Options
);
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySecurityObject (
IN HANDLE ObjectHandle,
IN SECURITY_INFORMATION SecurityInformation,
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN ULONG DescriptorLength,
OUT PULONG ReturnLength
);
NTSYSAPI
NTSTATUS
NTAPI
NtSetSecurityObject (
IN HANDLE ObjectHandle,
IN SECURITY_INFORMATION SecurityInformation,
IN PSECURITY_DESCRIPTOR SecurityDescriptor
);
//-----------------------------------------------------------------------------
// Handle table RTL functions
#define LEVEL_HANDLE_ID 0x74000000
#define LEVEL_HANDLE_ID_MASK 0xFF000000
#define LEVEL_HANDLE_INDEX_MASK 0x00FFFFFF
typedef enum _RTL_GENERIC_COMPARE_RESULTS {
GenericLessThan,
GenericGreaterThan,
GenericEqual
} RTL_GENERIC_COMPARE_RESULTS;
typedef struct _RTL_SPLAY_LINKS
{
struct _RTL_SPLAY_LINKS *Parent;
struct _RTL_SPLAY_LINKS *LeftChild;
struct _RTL_SPLAY_LINKS *RightChild;
} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
struct _RTL_GENERIC_TABLE;
typedef
RTL_GENERIC_COMPARE_RESULTS
(NTAPI * PRTL_GENERIC_COMPARE_ROUTINE) (
struct _RTL_GENERIC_TABLE *Table,
PVOID FirstStruct,
PVOID SecondStruct
);
typedef
PVOID
(NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) (
struct _RTL_GENERIC_TABLE *Table,
ULONG ByteSize
);
typedef
VOID
(NTAPI *PRTL_GENERIC_FREE_ROUTINE) (
struct _RTL_GENERIC_TABLE *Table,
PVOID Buffer
);
typedef struct _RTL_GENERIC_TABLE {
PRTL_SPLAY_LINKS TableRoot;
LIST_ENTRY InsertOrderList;
PLIST_ENTRY OrderedPointer;
ULONG WhichOrderedElement;
ULONG NumberGenericTableElements;
PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine;
PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine;
PRTL_GENERIC_FREE_ROUTINE FreeRoutine;
PVOID TableContext;
} RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
typedef struct _RTL_HANDLE_TABLE_ENTRY
{
struct _RTL_HANDLE_TABLE_ENTRY *Next; /* pointer to next free handle */
PVOID Object;
} RTL_HANDLE_TABLE_ENTRY, *PRTL_HANDLE_TABLE_ENTRY;
typedef struct _RTL_HANDLE_TABLE
{
ULONG MaximumNumberOfHandles;
ULONG SizeOfHandleTableEntry;
ULONG Unknown01;
ULONG Unknown02;
PRTL_HANDLE_TABLE_ENTRY FreeHandles;
PRTL_HANDLE_TABLE_ENTRY CommittedHandles;
PRTL_HANDLE_TABLE_ENTRY UnCommittedHandles;
PRTL_HANDLE_TABLE_ENTRY MaxReservedHandles;
} RTL_HANDLE_TABLE, *PRTL_HANDLE_TABLE;
NTSYSAPI
VOID
NTAPI
RtlInitializeGenericTable (
IN PRTL_GENERIC_TABLE Table,
IN PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine,
IN PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine,
IN PRTL_GENERIC_FREE_ROUTINE FreeRoutine,
IN PVOID TableContext
);
NTSYSAPI
VOID
NTAPI
RtlInitializeHandleTable(
IN ULONG MaximumNumberOfHandles,
IN ULONG SizeOfHandleTableEntry,
OUT PRTL_HANDLE_TABLE HandleTable
);
NTSYSAPI
PRTL_HANDLE_TABLE_ENTRY
NTAPI
RtlAllocateHandle(
IN PRTL_HANDLE_TABLE HandleTable,
OUT PULONG HandleIndex OPTIONAL
);
NTSYSAPI
BOOLEAN
NTAPI
RtlFreeHandle(
IN PRTL_HANDLE_TABLE HandleTable,
IN PRTL_HANDLE_TABLE_ENTRY Handle
);
NTSYSAPI
BOOLEAN
NTAPI
RtlIsValidIndexHandle(
IN PRTL_HANDLE_TABLE HandleTable,
IN ULONG HandleIndex,
OUT PRTL_HANDLE_TABLE_ENTRY *Handle
);
NTSYSAPI
PVOID
NTAPI
RtlInsertElementGenericTable (
IN PRTL_GENERIC_TABLE Table,
IN PVOID Buffer,
IN LONG BufferSize,
OUT PBOOLEAN NewElement OPTIONAL
);
NTSYSAPI
BOOLEAN
NTAPI
RtlIsGenericTableEmpty (
IN PRTL_GENERIC_TABLE Table
);
NTSYSAPI
BOOLEAN
NTAPI
RtlIsGenericTableEmpty (
IN PRTL_GENERIC_TABLE Table
);
NTSYSAPI
PVOID
NTAPI
RtlLookupElementGenericTable (
IN PRTL_GENERIC_TABLE Table,
IN PVOID Buffer
);
NTSYSAPI
PVOID
NTAPI
RtlEnumerateGenericTableWithoutSplaying(
IN PRTL_GENERIC_TABLE Table,
IN PVOID *RestartKey
);
NTSYSAPI
NTSTATUS
NTAPI
NtClose(
IN HANDLE Handle
);
NTSYSAPI
NTSTATUS
NTAPI
ZwClose(
IN HANDLE Handle
);
//-----------------------------------------------------------------------------
// Environment functions
NTSYSAPI
NTSTATUS
NTAPI
RtlOpenCurrentUser(
IN ULONG DesiredAccess,
OUT PHANDLE CurrentUserKey
);
NTSYSAPI
NTSTATUS
NTAPI
RtlCreateEnvironment(
BOOLEAN CloneCurrentEnvironment,
PVOID *Environment
);
NTSYSAPI
NTSTATUS
NTAPI
RtlQueryEnvironmentVariable_U (
PVOID Environment,
PUNICODE_STRING Name,
PUNICODE_STRING Value
);
NTSYSAPI
NTSTATUS
NTAPI
RtlSetEnvironmentVariable(
PVOID *Environment,
PUNICODE_STRING Name,
PUNICODE_STRING Value
);
NTSYSAPI
NTSTATUS
NTAPI
RtlDestroyEnvironment(
PVOID Environment
);
//-----------------------------------------------------------------------------
// Registry functions
typedef enum _KEY_INFORMATION_CLASS
{
KeyBasicInformation,
KeyNodeInformation,
KeyFullInformation,
KeyNameInformation,
KeyCachedInformation,
KeyFlagsInformation,
MaxKeyInfoClass // MaxKeyInfoClass should always be the last enum
} KEY_INFORMATION_CLASS;
//
// Key query structures
//
typedef struct _KEY_BASIC_INFORMATION
{
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG NameLength;
WCHAR Name[1]; // Variable length string
} KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION;
typedef struct _KEY_NODE_INFORMATION
{
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG ClassOffset;
ULONG ClassLength;
ULONG NameLength;
WCHAR Name[1]; // Variable length string
// Class[1]; // Variable length string not declared
} KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION;
typedef struct _KEY_FULL_INFORMATION
{
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG ClassOffset;
ULONG ClassLength;
ULONG SubKeys;
ULONG MaxNameLen;
ULONG MaxClassLen;
ULONG Values;
ULONG MaxValueNameLen;
ULONG MaxValueDataLen;
WCHAR Class[1]; // Variable length
} KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION;
// end_wdm
typedef struct _KEY_NAME_INFORMATION
{
ULONG NameLength;
WCHAR Name[1]; // Variable length string
} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
typedef struct _KEY_CACHED_INFORMATION
{
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG SubKeys;
ULONG MaxNameLen;
ULONG Values;
ULONG MaxValueNameLen;
ULONG MaxValueDataLen;
ULONG NameLength;
WCHAR Name[1]; // Variable length string
} KEY_CACHED_INFORMATION, *PKEY_CACHED_INFORMATION;
typedef struct _KEY_FLAGS_INFORMATION
{
ULONG UserFlags;
} KEY_FLAGS_INFORMATION, *PKEY_FLAGS_INFORMATION;
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?