• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 // This file holds definitions related to the ntdll API.
6 
7 #ifndef SANDBOX_WIN_SRC_NT_INTERNALS_H__
8 #define SANDBOX_WIN_SRC_NT_INTERNALS_H__
9 
10 #include <windows.h>
11 
12 typedef LONG NTSTATUS;
13 #define NT_SUCCESS(st) (st >= 0)
14 
15 #define STATUS_SUCCESS                ((NTSTATUS)0x00000000L)
16 #define STATUS_BUFFER_OVERFLOW        ((NTSTATUS)0x80000005L)
17 #define STATUS_UNSUCCESSFUL           ((NTSTATUS)0xC0000001L)
18 #define STATUS_NOT_IMPLEMENTED        ((NTSTATUS)0xC0000002L)
19 #define STATUS_INFO_LENGTH_MISMATCH   ((NTSTATUS)0xC0000004L)
20 #ifndef STATUS_INVALID_PARAMETER
21 // It is now defined in Windows 2008 SDK.
22 #define STATUS_INVALID_PARAMETER      ((NTSTATUS)0xC000000DL)
23 #endif
24 #define STATUS_CONFLICTING_ADDRESSES  ((NTSTATUS)0xC0000018L)
25 #define STATUS_ACCESS_DENIED          ((NTSTATUS)0xC0000022L)
26 #define STATUS_BUFFER_TOO_SMALL       ((NTSTATUS)0xC0000023L)
27 #define STATUS_OBJECT_NAME_NOT_FOUND  ((NTSTATUS)0xC0000034L)
28 #define STATUS_PROCEDURE_NOT_FOUND    ((NTSTATUS)0xC000007AL)
29 #define STATUS_INVALID_IMAGE_FORMAT   ((NTSTATUS)0xC000007BL)
30 #define STATUS_NO_TOKEN               ((NTSTATUS)0xC000007CL)
31 
32 #define CURRENT_PROCESS ((HANDLE) -1)
33 #define CURRENT_THREAD  ((HANDLE) -2)
34 #define NtCurrentProcess CURRENT_PROCESS
35 
36 typedef struct _UNICODE_STRING {
37   USHORT Length;
38   USHORT MaximumLength;
39   PWSTR  Buffer;
40 } UNICODE_STRING;
41 typedef UNICODE_STRING *PUNICODE_STRING;
42 typedef const UNICODE_STRING *PCUNICODE_STRING;
43 
44 typedef struct _STRING {
45   USHORT Length;
46   USHORT MaximumLength;
47   PCHAR Buffer;
48 } STRING;
49 typedef STRING *PSTRING;
50 
51 typedef STRING ANSI_STRING;
52 typedef PSTRING PANSI_STRING;
53 typedef CONST PSTRING PCANSI_STRING;
54 
55 typedef STRING OEM_STRING;
56 typedef PSTRING POEM_STRING;
57 typedef CONST STRING* PCOEM_STRING;
58 
59 #define OBJ_CASE_INSENSITIVE 0x00000040L
60 
61 typedef struct _OBJECT_ATTRIBUTES {
62   ULONG Length;
63   HANDLE RootDirectory;
64   PUNICODE_STRING ObjectName;
65   ULONG Attributes;
66   PVOID SecurityDescriptor;
67   PVOID SecurityQualityOfService;
68 } OBJECT_ATTRIBUTES;
69 typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
70 
71 #define InitializeObjectAttributes(p, n, a, r, s) { \
72   (p)->Length = sizeof(OBJECT_ATTRIBUTES);\
73   (p)->RootDirectory = r;\
74   (p)->Attributes = a;\
75   (p)->ObjectName = n;\
76   (p)->SecurityDescriptor = s;\
77   (p)->SecurityQualityOfService = NULL;\
78 }
79 
80 typedef struct _IO_STATUS_BLOCK {
81   union {
82     NTSTATUS Status;
83     PVOID Pointer;
84   };
85   ULONG_PTR Information;
86 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
87 
88 // -----------------------------------------------------------------------
89 // File IO
90 
91 // Create disposition values.
92 
93 #define FILE_SUPERSEDE                          0x00000000
94 #define FILE_OPEN                               0x00000001
95 #define FILE_CREATE                             0x00000002
96 #define FILE_OPEN_IF                            0x00000003
97 #define FILE_OVERWRITE                          0x00000004
98 #define FILE_OVERWRITE_IF                       0x00000005
99 #define FILE_MAXIMUM_DISPOSITION                0x00000005
100 
101 // Create/open option flags.
102 
103 #define FILE_DIRECTORY_FILE                     0x00000001
104 #define FILE_WRITE_THROUGH                      0x00000002
105 #define FILE_SEQUENTIAL_ONLY                    0x00000004
106 #define FILE_NO_INTERMEDIATE_BUFFERING          0x00000008
107 
108 #define FILE_SYNCHRONOUS_IO_ALERT               0x00000010
109 #define FILE_SYNCHRONOUS_IO_NONALERT            0x00000020
110 #define FILE_NON_DIRECTORY_FILE                 0x00000040
111 #define FILE_CREATE_TREE_CONNECTION             0x00000080
112 
113 #define FILE_COMPLETE_IF_OPLOCKED               0x00000100
114 #define FILE_NO_EA_KNOWLEDGE                    0x00000200
115 #define FILE_OPEN_REMOTE_INSTANCE               0x00000400
116 #define FILE_RANDOM_ACCESS                      0x00000800
117 
118 #define FILE_DELETE_ON_CLOSE                    0x00001000
119 #define FILE_OPEN_BY_FILE_ID                    0x00002000
120 #define FILE_OPEN_FOR_BACKUP_INTENT             0x00004000
121 #define FILE_NO_COMPRESSION                     0x00008000
122 
123 #define FILE_RESERVE_OPFILTER                   0x00100000
124 #define FILE_OPEN_REPARSE_POINT                 0x00200000
125 #define FILE_OPEN_NO_RECALL                     0x00400000
126 #define FILE_OPEN_FOR_FREE_SPACE_QUERY          0x00800000
127 
128 typedef NTSTATUS (WINAPI *NtCreateFileFunction)(
129   OUT PHANDLE FileHandle,
130   IN ACCESS_MASK DesiredAccess,
131   IN POBJECT_ATTRIBUTES ObjectAttributes,
132   OUT PIO_STATUS_BLOCK IoStatusBlock,
133   IN PLARGE_INTEGER AllocationSize OPTIONAL,
134   IN ULONG FileAttributes,
135   IN ULONG ShareAccess,
136   IN ULONG CreateDisposition,
137   IN ULONG CreateOptions,
138   IN PVOID EaBuffer OPTIONAL,
139   IN ULONG EaLength);
140 
141 typedef NTSTATUS (WINAPI *NtOpenFileFunction)(
142   OUT PHANDLE FileHandle,
143   IN ACCESS_MASK DesiredAccess,
144   IN POBJECT_ATTRIBUTES ObjectAttributes,
145   OUT PIO_STATUS_BLOCK IoStatusBlock,
146   IN ULONG ShareAccess,
147   IN ULONG OpenOptions);
148 
149 typedef NTSTATUS (WINAPI *NtCloseFunction)(
150   IN HANDLE Handle);
151 
152 typedef enum _FILE_INFORMATION_CLASS {
153   FileRenameInformation = 10
154 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
155 
156 typedef struct _FILE_RENAME_INFORMATION {
157   BOOLEAN ReplaceIfExists;
158   HANDLE RootDirectory;
159   ULONG FileNameLength;
160   WCHAR FileName[1];
161 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
162 
163 typedef NTSTATUS (WINAPI *NtSetInformationFileFunction)(
164   IN HANDLE FileHandle,
165   OUT PIO_STATUS_BLOCK IoStatusBlock,
166   IN PVOID FileInformation,
167   IN ULONG Length,
168   IN FILE_INFORMATION_CLASS FileInformationClass);
169 
170 typedef struct FILE_BASIC_INFORMATION {
171   LARGE_INTEGER CreationTime;
172   LARGE_INTEGER LastAccessTime;
173   LARGE_INTEGER LastWriteTime;
174   LARGE_INTEGER ChangeTime;
175   ULONG FileAttributes;
176 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
177 
178 typedef NTSTATUS (WINAPI *NtQueryAttributesFileFunction)(
179   IN POBJECT_ATTRIBUTES ObjectAttributes,
180   OUT PFILE_BASIC_INFORMATION FileAttributes);
181 
182 typedef struct _FILE_NETWORK_OPEN_INFORMATION {
183   LARGE_INTEGER CreationTime;
184   LARGE_INTEGER LastAccessTime;
185   LARGE_INTEGER LastWriteTime;
186   LARGE_INTEGER ChangeTime;
187   LARGE_INTEGER AllocationSize;
188   LARGE_INTEGER EndOfFile;
189   ULONG FileAttributes;
190 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
191 
192 typedef NTSTATUS (WINAPI *NtQueryFullAttributesFileFunction)(
193   IN POBJECT_ATTRIBUTES ObjectAttributes,
194   OUT PFILE_NETWORK_OPEN_INFORMATION FileAttributes);
195 
196 // -----------------------------------------------------------------------
197 // Sections
198 
199 typedef NTSTATUS (WINAPI *NtCreateSectionFunction)(
200   OUT PHANDLE SectionHandle,
201   IN ACCESS_MASK DesiredAccess,
202   IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
203   IN PLARGE_INTEGER MaximumSize OPTIONAL,
204   IN ULONG SectionPageProtection,
205   IN ULONG AllocationAttributes,
206   IN HANDLE FileHandle OPTIONAL);
207 
208 typedef ULONG SECTION_INHERIT;
209 #define ViewShare 1
210 #define ViewUnmap 2
211 
212 typedef NTSTATUS (WINAPI *NtMapViewOfSectionFunction)(
213   IN HANDLE SectionHandle,
214   IN HANDLE ProcessHandle,
215   IN OUT PVOID *BaseAddress,
216   IN ULONG_PTR ZeroBits,
217   IN SIZE_T CommitSize,
218   IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
219   IN OUT PSIZE_T ViewSize,
220   IN SECTION_INHERIT InheritDisposition,
221   IN ULONG AllocationType,
222   IN ULONG Win32Protect);
223 
224 typedef NTSTATUS (WINAPI *NtUnmapViewOfSectionFunction)(
225   IN HANDLE ProcessHandle,
226   IN PVOID BaseAddress);
227 
228 typedef enum _SECTION_INFORMATION_CLASS {
229   SectionBasicInformation = 0,
230   SectionImageInformation
231 } SECTION_INFORMATION_CLASS;
232 
233 typedef struct _SECTION_BASIC_INFORMATION {
234   PVOID BaseAddress;
235   ULONG Attributes;
236   LARGE_INTEGER Size;
237 } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
238 
239 typedef NTSTATUS (WINAPI *NtQuerySectionFunction)(
240   IN HANDLE SectionHandle,
241   IN SECTION_INFORMATION_CLASS SectionInformationClass,
242   OUT PVOID SectionInformation,
243   IN SIZE_T SectionInformationLength,
244   OUT PSIZE_T ReturnLength OPTIONAL);
245 
246 // -----------------------------------------------------------------------
247 // Process and Thread
248 
249 typedef struct _CLIENT_ID {
250   PVOID UniqueProcess;
251   PVOID UniqueThread;
252 } CLIENT_ID, *PCLIENT_ID;
253 
254 typedef NTSTATUS (WINAPI *NtOpenThreadFunction) (
255   OUT PHANDLE ThreadHandle,
256   IN ACCESS_MASK DesiredAccess,
257   IN POBJECT_ATTRIBUTES ObjectAttributes,
258   IN PCLIENT_ID ClientId);
259 
260 typedef NTSTATUS (WINAPI *NtOpenProcessFunction) (
261   OUT PHANDLE ProcessHandle,
262   IN ACCESS_MASK DesiredAccess,
263   IN POBJECT_ATTRIBUTES ObjectAttributes,
264   IN PCLIENT_ID ClientId);
265 
266 typedef enum _NT_THREAD_INFORMATION_CLASS {
267   ThreadBasicInformation,
268   ThreadTimes,
269   ThreadPriority,
270   ThreadBasePriority,
271   ThreadAffinityMask,
272   ThreadImpersonationToken,
273   ThreadDescriptorTableEntry,
274   ThreadEnableAlignmentFaultFixup,
275   ThreadEventPair,
276   ThreadQuerySetWin32StartAddress,
277   ThreadZeroTlsCell,
278   ThreadPerformanceCount,
279   ThreadAmILastThread,
280   ThreadIdealProcessor,
281   ThreadPriorityBoost,
282   ThreadSetTlsArrayAddress,
283   ThreadIsIoPending,
284   ThreadHideFromDebugger
285 } NT_THREAD_INFORMATION_CLASS, *PNT_THREAD_INFORMATION_CLASS;
286 
287 typedef NTSTATUS (WINAPI *NtSetInformationThreadFunction) (
288   IN HANDLE ThreadHandle,
289   IN NT_THREAD_INFORMATION_CLASS ThreadInformationClass,
290   IN PVOID ThreadInformation,
291   IN ULONG ThreadInformationLength);
292 
293 // Partial definition only:
294 typedef enum _PROCESSINFOCLASS {
295   ProcessBasicInformation = 0,
296   ProcessExecuteFlags = 0x22
297 } PROCESSINFOCLASS;
298 
299 typedef PVOID PPEB;
300 typedef PVOID KPRIORITY;
301 
302 typedef struct _PROCESS_BASIC_INFORMATION {
303   NTSTATUS ExitStatus;
304   PPEB PebBaseAddress;
305   KAFFINITY AffinityMask;
306   KPRIORITY BasePriority;
307   ULONG UniqueProcessId;
308   ULONG InheritedFromUniqueProcessId;
309 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
310 
311 typedef NTSTATUS (WINAPI *NtQueryInformationProcessFunction)(
312   IN HANDLE ProcessHandle,
313   IN PROCESSINFOCLASS ProcessInformationClass,
314   OUT PVOID ProcessInformation,
315   IN ULONG ProcessInformationLength,
316   OUT PULONG ReturnLength OPTIONAL);
317 
318 typedef NTSTATUS (WINAPI *NtSetInformationProcessFunction)(
319   HANDLE ProcessHandle,
320   IN PROCESSINFOCLASS ProcessInformationClass,
321   IN PVOID ProcessInformation,
322   IN ULONG ProcessInformationLength);
323 
324 typedef NTSTATUS (WINAPI *NtOpenThreadTokenFunction) (
325   IN HANDLE ThreadHandle,
326   IN ACCESS_MASK DesiredAccess,
327   IN BOOLEAN OpenAsSelf,
328   OUT PHANDLE TokenHandle);
329 
330 typedef NTSTATUS (WINAPI *NtOpenThreadTokenExFunction) (
331   IN HANDLE ThreadHandle,
332   IN ACCESS_MASK DesiredAccess,
333   IN BOOLEAN OpenAsSelf,
334   IN ULONG HandleAttributes,
335   OUT PHANDLE TokenHandle);
336 
337 typedef NTSTATUS (WINAPI *NtOpenProcessTokenFunction) (
338   IN HANDLE ProcessHandle,
339   IN ACCESS_MASK DesiredAccess,
340   OUT PHANDLE TokenHandle);
341 
342 typedef NTSTATUS (WINAPI *NtOpenProcessTokenExFunction) (
343   IN HANDLE ProcessHandle,
344   IN ACCESS_MASK DesiredAccess,
345   IN ULONG HandleAttributes,
346   OUT PHANDLE TokenHandle);
347 
348 typedef NTSTATUS (WINAPI * RtlCreateUserThreadFunction)(
349   IN HANDLE Process,
350   IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
351   IN BOOLEAN CreateSuspended,
352   IN ULONG ZeroBits,
353   IN SIZE_T MaximumStackSize,
354   IN SIZE_T CommittedStackSize,
355   IN LPTHREAD_START_ROUTINE StartAddress,
356   IN PVOID Parameter,
357   OUT PHANDLE Thread,
358   OUT PCLIENT_ID ClientId);
359 
360 // -----------------------------------------------------------------------
361 // Registry
362 
363 typedef NTSTATUS (WINAPI *NtCreateKeyFunction)(
364   OUT PHANDLE KeyHandle,
365   IN ACCESS_MASK DesiredAccess,
366   IN POBJECT_ATTRIBUTES ObjectAttributes,
367   IN ULONG TitleIndex,
368   IN PUNICODE_STRING Class OPTIONAL,
369   IN ULONG CreateOptions,
370   OUT PULONG Disposition OPTIONAL);
371 
372 typedef NTSTATUS (WINAPI *NtOpenKeyFunction)(
373   OUT PHANDLE KeyHandle,
374   IN ACCESS_MASK DesiredAccess,
375   IN POBJECT_ATTRIBUTES ObjectAttributes);
376 
377 typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)(
378   OUT PHANDLE KeyHandle,
379   IN ACCESS_MASK DesiredAccess,
380   IN POBJECT_ATTRIBUTES ObjectAttributes,
381   IN DWORD open_options);
382 
383 typedef NTSTATUS (WINAPI *NtDeleteKeyFunction)(
384   IN HANDLE KeyHandle);
385 
386 // -----------------------------------------------------------------------
387 // Memory
388 
389 // Don't really need this structure right now.
390 typedef PVOID PRTL_HEAP_PARAMETERS;
391 
392 typedef PVOID (WINAPI *RtlCreateHeapFunction)(
393   IN ULONG Flags,
394   IN PVOID HeapBase OPTIONAL,
395   IN SIZE_T ReserveSize OPTIONAL,
396   IN SIZE_T CommitSize OPTIONAL,
397   IN PVOID Lock OPTIONAL,
398   IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL);
399 
400 typedef PVOID (WINAPI *RtlDestroyHeapFunction)(
401   IN PVOID HeapHandle);
402 
403 typedef PVOID (WINAPI *RtlAllocateHeapFunction)(
404   IN PVOID HeapHandle,
405   IN ULONG Flags,
406   IN SIZE_T Size);
407 
408 typedef BOOLEAN (WINAPI *RtlFreeHeapFunction)(
409   IN PVOID HeapHandle,
410   IN ULONG Flags,
411   IN PVOID HeapBase);
412 
413 typedef NTSTATUS (WINAPI *NtAllocateVirtualMemoryFunction) (
414   IN HANDLE ProcessHandle,
415   IN OUT PVOID *BaseAddress,
416   IN ULONG_PTR ZeroBits,
417   IN OUT PSIZE_T RegionSize,
418   IN ULONG AllocationType,
419   IN ULONG Protect);
420 
421 typedef NTSTATUS (WINAPI *NtFreeVirtualMemoryFunction) (
422   IN HANDLE ProcessHandle,
423   IN OUT PVOID *BaseAddress,
424   IN OUT PSIZE_T RegionSize,
425   IN ULONG FreeType);
426 
427 typedef enum _MEMORY_INFORMATION_CLASS {
428   MemoryBasicInformation = 0,
429   MemoryWorkingSetList,
430   MemorySectionName,
431   MemoryBasicVlmInformation
432 } MEMORY_INFORMATION_CLASS;
433 
434 typedef struct _MEMORY_SECTION_NAME {  // Information Class 2
435   UNICODE_STRING SectionFileName;
436 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
437 
438 typedef NTSTATUS (WINAPI *NtQueryVirtualMemoryFunction)(
439   IN HANDLE ProcessHandle,
440   IN PVOID BaseAddress,
441   IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
442   OUT PVOID MemoryInformation,
443   IN ULONG MemoryInformationLength,
444   OUT PULONG ReturnLength OPTIONAL);
445 
446 typedef NTSTATUS (WINAPI *NtProtectVirtualMemoryFunction)(
447   IN HANDLE ProcessHandle,
448   IN OUT PVOID* BaseAddress,
449   IN OUT PSIZE_T ProtectSize,
450   IN ULONG NewProtect,
451   OUT PULONG OldProtect);
452 
453 // -----------------------------------------------------------------------
454 // Objects
455 
456 typedef enum _OBJECT_INFORMATION_CLASS {
457   ObjectBasicInformation,
458   ObjectNameInformation,
459   ObjectTypeInformation,
460   ObjectAllInformation,
461   ObjectDataInformation
462 } OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
463 
464 typedef struct _OBJDIR_INFORMATION {
465   UNICODE_STRING ObjectName;
466   UNICODE_STRING ObjectTypeName;
467   BYTE Data[1];
468 } OBJDIR_INFORMATION;
469 
470 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
471   ULONG Attributes;
472   ACCESS_MASK GrantedAccess;
473   ULONG HandleCount;
474   ULONG PointerCount;
475   ULONG Reserved[10];    // reserved for internal use
476 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
477 
478 typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION {
479   UNICODE_STRING TypeName;
480   ULONG Reserved[22];    // reserved for internal use
481 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
482 
483 typedef enum _POOL_TYPE {
484   NonPagedPool,
485   PagedPool,
486   NonPagedPoolMustSucceed,
487   ReservedType,
488   NonPagedPoolCacheAligned,
489   PagedPoolCacheAligned,
490   NonPagedPoolCacheAlignedMustS
491 } POOL_TYPE;
492 
493 typedef struct _OBJECT_BASIC_INFORMATION {
494   ULONG Attributes;
495   ACCESS_MASK GrantedAccess;
496   ULONG HandleCount;
497   ULONG PointerCount;
498   ULONG PagedPoolUsage;
499   ULONG NonPagedPoolUsage;
500   ULONG Reserved[3];
501   ULONG NameInformationLength;
502   ULONG TypeInformationLength;
503   ULONG SecurityDescriptorLength;
504   LARGE_INTEGER CreateTime;
505 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
506 
507 typedef struct _OBJECT_TYPE_INFORMATION {
508   UNICODE_STRING Name;
509   ULONG TotalNumberOfObjects;
510   ULONG TotalNumberOfHandles;
511   ULONG TotalPagedPoolUsage;
512   ULONG TotalNonPagedPoolUsage;
513   ULONG TotalNamePoolUsage;
514   ULONG TotalHandleTableUsage;
515   ULONG HighWaterNumberOfObjects;
516   ULONG HighWaterNumberOfHandles;
517   ULONG HighWaterPagedPoolUsage;
518   ULONG HighWaterNonPagedPoolUsage;
519   ULONG HighWaterNamePoolUsage;
520   ULONG HighWaterHandleTableUsage;
521   ULONG InvalidAttributes;
522   GENERIC_MAPPING GenericMapping;
523   ULONG ValidAccess;
524   BOOLEAN SecurityRequired;
525   BOOLEAN MaintainHandleCount;
526   USHORT MaintainTypeList;
527   POOL_TYPE PoolType;
528   ULONG PagedPoolUsage;
529   ULONG NonPagedPoolUsage;
530 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
531 
532 typedef enum _SYSTEM_INFORMATION_CLASS {
533   SystemHandleInformation = 16
534 } SYSTEM_INFORMATION_CLASS;
535 
536 typedef struct _SYSTEM_HANDLE_INFORMATION {
537   USHORT ProcessId;
538   USHORT CreatorBackTraceIndex;
539   UCHAR ObjectTypeNumber;
540   UCHAR Flags;
541   USHORT Handle;
542   PVOID Object;
543   ACCESS_MASK GrantedAccess;
544 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
545 
546 typedef struct _SYSTEM_HANDLE_INFORMATION_EX {
547   ULONG NumberOfHandles;
548   SYSTEM_HANDLE_INFORMATION Information[1];
549 } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;
550 
551 typedef struct _OBJECT_NAME_INFORMATION {
552   UNICODE_STRING ObjectName;
553 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
554 
555 typedef NTSTATUS (WINAPI *NtQueryObjectFunction)(
556   IN HANDLE Handle,
557   IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
558   OUT PVOID ObjectInformation OPTIONAL,
559   IN ULONG ObjectInformationLength,
560   OUT PULONG ReturnLength OPTIONAL);
561 
562 typedef NTSTATUS (WINAPI *NtDuplicateObjectFunction)(
563   IN HANDLE SourceProcess,
564   IN HANDLE SourceHandle,
565   IN HANDLE TargetProcess,
566   OUT PHANDLE TargetHandle,
567   IN ACCESS_MASK DesiredAccess,
568   IN ULONG Attributes,
569   IN ULONG Options);
570 
571 typedef NTSTATUS (WINAPI *NtSignalAndWaitForSingleObjectFunction)(
572   IN HANDLE HandleToSignal,
573   IN HANDLE HandleToWait,
574   IN BOOLEAN Alertable,
575   IN PLARGE_INTEGER Timeout OPTIONAL);
576 
577 typedef NTSTATUS (WINAPI *NtQuerySystemInformation)(
578   IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
579   OUT PVOID SystemInformation,
580   IN ULONG SystemInformationLength,
581   OUT PULONG ReturnLength);
582 
583 typedef NTSTATUS (WINAPI *NtQueryObject)(
584   IN HANDLE Handle,
585   IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
586   OUT PVOID ObjectInformation,
587   IN ULONG ObjectInformationLength,
588   OUT PULONG ReturnLength);
589 
590 // -----------------------------------------------------------------------
591 // Strings
592 
593 typedef int (__cdecl *_strnicmpFunction)(
594   IN const char* _Str1,
595   IN const char* _Str2,
596   IN size_t _MaxCount);
597 
598 typedef size_t  (__cdecl *strlenFunction)(
599   IN const char * _Str);
600 
601 typedef size_t (__cdecl *wcslenFunction)(
602   IN const wchar_t* _Str);
603 
604 typedef void* (__cdecl *memcpyFunction)(
605   IN void* dest,
606   IN const void* src,
607   IN size_t count);
608 
609 typedef NTSTATUS (WINAPI *RtlAnsiStringToUnicodeStringFunction)(
610   IN OUT PUNICODE_STRING  DestinationString,
611   IN PANSI_STRING  SourceString,
612   IN BOOLEAN  AllocateDestinationString);
613 
614 typedef LONG (WINAPI *RtlCompareUnicodeStringFunction)(
615   IN PCUNICODE_STRING  String1,
616   IN PCUNICODE_STRING  String2,
617   IN BOOLEAN  CaseInSensitive);
618 
619 typedef VOID (WINAPI *RtlInitUnicodeStringFunction) (
620   IN OUT PUNICODE_STRING DestinationString,
621   IN PCWSTR SourceString);
622 
623 typedef enum _EVENT_TYPE {
624   NotificationEvent,
625   SynchronizationEvent
626 } EVENT_TYPE, *PEVENT_TYPE;
627 
628 typedef NTSTATUS (WINAPI* NtOpenDirectoryObjectFunction) (
629     PHANDLE DirectoryHandle,
630     ACCESS_MASK DesiredAccess,
631     POBJECT_ATTRIBUTES ObjectAttributes);
632 
633 typedef NTSTATUS (WINAPI* NtQuerySymbolicLinkObjectFunction) (
634     HANDLE LinkHandle,
635     PUNICODE_STRING LinkTarget,
636     PULONG ReturnedLength);
637 
638 typedef NTSTATUS (WINAPI* NtOpenSymbolicLinkObjectFunction) (
639     PHANDLE LinkHandle,
640     ACCESS_MASK DesiredAccess,
641     POBJECT_ATTRIBUTES ObjectAttributes);
642 
643 #define DIRECTORY_QUERY               0x0001
644 #define DIRECTORY_TRAVERSE            0x0002
645 #define DIRECTORY_CREATE_OBJECT       0x0004
646 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
647 #define DIRECTORY_ALL_ACCESS          0x000F
648 
649 #endif  // SANDBOX_WIN_SRC_NT_INTERNALS_H__
650 
651