• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 // This file holds definitions related to the ntdll API.
6 
7 #ifndef SANDBOX_WIN_SRC_NT_INTERNALS_H__
8 #define SANDBOX_WIN_SRC_NT_INTERNALS_H__
9 
10 #include <windows.h>
11 
12 typedef LONG NTSTATUS;
13 #define NT_SUCCESS(st) (st >= 0)
14 
15 #define STATUS_SUCCESS                ((NTSTATUS)0x00000000L)
16 #define STATUS_BUFFER_OVERFLOW        ((NTSTATUS)0x80000005L)
17 #define STATUS_UNSUCCESSFUL           ((NTSTATUS)0xC0000001L)
18 #define STATUS_NOT_IMPLEMENTED        ((NTSTATUS)0xC0000002L)
19 #define STATUS_INFO_LENGTH_MISMATCH   ((NTSTATUS)0xC0000004L)
20 #ifndef STATUS_INVALID_PARAMETER
21 // It is now defined in Windows 2008 SDK.
22 #define STATUS_INVALID_PARAMETER      ((NTSTATUS)0xC000000DL)
23 #endif
24 #define STATUS_CONFLICTING_ADDRESSES  ((NTSTATUS)0xC0000018L)
25 #define STATUS_ACCESS_DENIED          ((NTSTATUS)0xC0000022L)
26 #define STATUS_BUFFER_TOO_SMALL       ((NTSTATUS)0xC0000023L)
27 #define STATUS_OBJECT_NAME_NOT_FOUND  ((NTSTATUS)0xC0000034L)
28 #define STATUS_OBJECT_NAME_COLLISION  ((NTSTATUS)0xC0000035L)
29 #define STATUS_PROCEDURE_NOT_FOUND    ((NTSTATUS)0xC000007AL)
30 #define STATUS_INVALID_IMAGE_FORMAT   ((NTSTATUS)0xC000007BL)
31 #define STATUS_NO_TOKEN               ((NTSTATUS)0xC000007CL)
32 
33 #define CURRENT_PROCESS ((HANDLE) -1)
34 #define CURRENT_THREAD  ((HANDLE) -2)
35 #define NtCurrentProcess CURRENT_PROCESS
36 
37 typedef struct _UNICODE_STRING {
38   USHORT Length;
39   USHORT MaximumLength;
40   PWSTR  Buffer;
41 } UNICODE_STRING;
42 typedef UNICODE_STRING *PUNICODE_STRING;
43 typedef const UNICODE_STRING *PCUNICODE_STRING;
44 
45 typedef struct _STRING {
46   USHORT Length;
47   USHORT MaximumLength;
48   PCHAR Buffer;
49 } STRING;
50 typedef STRING *PSTRING;
51 
52 typedef STRING ANSI_STRING;
53 typedef PSTRING PANSI_STRING;
54 typedef CONST PSTRING PCANSI_STRING;
55 
56 typedef STRING OEM_STRING;
57 typedef PSTRING POEM_STRING;
58 typedef CONST STRING* PCOEM_STRING;
59 
60 #define OBJ_CASE_INSENSITIVE 0x00000040L
61 
62 typedef struct _OBJECT_ATTRIBUTES {
63   ULONG Length;
64   HANDLE RootDirectory;
65   PUNICODE_STRING ObjectName;
66   ULONG Attributes;
67   PVOID SecurityDescriptor;
68   PVOID SecurityQualityOfService;
69 } OBJECT_ATTRIBUTES;
70 typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
71 
72 #define InitializeObjectAttributes(p, n, a, r, s) { \
73   (p)->Length = sizeof(OBJECT_ATTRIBUTES);\
74   (p)->RootDirectory = r;\
75   (p)->Attributes = a;\
76   (p)->ObjectName = n;\
77   (p)->SecurityDescriptor = s;\
78   (p)->SecurityQualityOfService = NULL;\
79 }
80 
81 typedef struct _IO_STATUS_BLOCK {
82   union {
83     NTSTATUS Status;
84     PVOID Pointer;
85   };
86   ULONG_PTR Information;
87 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
88 
89 // -----------------------------------------------------------------------
90 // File IO
91 
92 // Create disposition values.
93 
94 #define FILE_SUPERSEDE                          0x00000000
95 #define FILE_OPEN                               0x00000001
96 #define FILE_CREATE                             0x00000002
97 #define FILE_OPEN_IF                            0x00000003
98 #define FILE_OVERWRITE                          0x00000004
99 #define FILE_OVERWRITE_IF                       0x00000005
100 #define FILE_MAXIMUM_DISPOSITION                0x00000005
101 
102 // Create/open option flags.
103 
104 #define FILE_DIRECTORY_FILE                     0x00000001
105 #define FILE_WRITE_THROUGH                      0x00000002
106 #define FILE_SEQUENTIAL_ONLY                    0x00000004
107 #define FILE_NO_INTERMEDIATE_BUFFERING          0x00000008
108 
109 #define FILE_SYNCHRONOUS_IO_ALERT               0x00000010
110 #define FILE_SYNCHRONOUS_IO_NONALERT            0x00000020
111 #define FILE_NON_DIRECTORY_FILE                 0x00000040
112 #define FILE_CREATE_TREE_CONNECTION             0x00000080
113 
114 #define FILE_COMPLETE_IF_OPLOCKED               0x00000100
115 #define FILE_NO_EA_KNOWLEDGE                    0x00000200
116 #define FILE_OPEN_REMOTE_INSTANCE               0x00000400
117 #define FILE_RANDOM_ACCESS                      0x00000800
118 
119 #define FILE_DELETE_ON_CLOSE                    0x00001000
120 #define FILE_OPEN_BY_FILE_ID                    0x00002000
121 #define FILE_OPEN_FOR_BACKUP_INTENT             0x00004000
122 #define FILE_NO_COMPRESSION                     0x00008000
123 
124 #define FILE_RESERVE_OPFILTER                   0x00100000
125 #define FILE_OPEN_REPARSE_POINT                 0x00200000
126 #define FILE_OPEN_NO_RECALL                     0x00400000
127 #define FILE_OPEN_FOR_FREE_SPACE_QUERY          0x00800000
128 
129 // Create/open result values. These are the disposition values returned on the
130 // io status information.
131 #define FILE_SUPERSEDED                         0x00000000
132 #define FILE_OPENED                             0x00000001
133 #define FILE_CREATED                            0x00000002
134 #define FILE_OVERWRITTEN                        0x00000003
135 #define FILE_EXISTS                             0x00000004
136 #define FILE_DOES_NOT_EXIST                     0x00000005
137 
138 typedef NTSTATUS (WINAPI *NtCreateFileFunction)(
139   OUT PHANDLE FileHandle,
140   IN ACCESS_MASK DesiredAccess,
141   IN POBJECT_ATTRIBUTES ObjectAttributes,
142   OUT PIO_STATUS_BLOCK IoStatusBlock,
143   IN PLARGE_INTEGER AllocationSize OPTIONAL,
144   IN ULONG FileAttributes,
145   IN ULONG ShareAccess,
146   IN ULONG CreateDisposition,
147   IN ULONG CreateOptions,
148   IN PVOID EaBuffer OPTIONAL,
149   IN ULONG EaLength);
150 
151 typedef NTSTATUS (WINAPI *NtOpenFileFunction)(
152   OUT PHANDLE FileHandle,
153   IN ACCESS_MASK DesiredAccess,
154   IN POBJECT_ATTRIBUTES ObjectAttributes,
155   OUT PIO_STATUS_BLOCK IoStatusBlock,
156   IN ULONG ShareAccess,
157   IN ULONG OpenOptions);
158 
159 typedef NTSTATUS (WINAPI *NtCloseFunction)(
160   IN HANDLE Handle);
161 
162 typedef enum _FILE_INFORMATION_CLASS {
163   FileRenameInformation = 10
164 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
165 
166 typedef struct _FILE_RENAME_INFORMATION {
167   BOOLEAN ReplaceIfExists;
168   HANDLE RootDirectory;
169   ULONG FileNameLength;
170   WCHAR FileName[1];
171 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
172 
173 typedef NTSTATUS (WINAPI *NtSetInformationFileFunction)(
174   IN HANDLE FileHandle,
175   OUT PIO_STATUS_BLOCK IoStatusBlock,
176   IN PVOID FileInformation,
177   IN ULONG Length,
178   IN FILE_INFORMATION_CLASS FileInformationClass);
179 
180 typedef struct FILE_BASIC_INFORMATION {
181   LARGE_INTEGER CreationTime;
182   LARGE_INTEGER LastAccessTime;
183   LARGE_INTEGER LastWriteTime;
184   LARGE_INTEGER ChangeTime;
185   ULONG FileAttributes;
186 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
187 
188 typedef NTSTATUS (WINAPI *NtQueryAttributesFileFunction)(
189   IN POBJECT_ATTRIBUTES ObjectAttributes,
190   OUT PFILE_BASIC_INFORMATION FileAttributes);
191 
192 typedef struct _FILE_NETWORK_OPEN_INFORMATION {
193   LARGE_INTEGER CreationTime;
194   LARGE_INTEGER LastAccessTime;
195   LARGE_INTEGER LastWriteTime;
196   LARGE_INTEGER ChangeTime;
197   LARGE_INTEGER AllocationSize;
198   LARGE_INTEGER EndOfFile;
199   ULONG FileAttributes;
200 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
201 
202 typedef NTSTATUS (WINAPI *NtQueryFullAttributesFileFunction)(
203   IN POBJECT_ATTRIBUTES ObjectAttributes,
204   OUT PFILE_NETWORK_OPEN_INFORMATION FileAttributes);
205 
206 // -----------------------------------------------------------------------
207 // Sections
208 
209 typedef NTSTATUS (WINAPI *NtCreateSectionFunction)(
210   OUT PHANDLE SectionHandle,
211   IN ACCESS_MASK DesiredAccess,
212   IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
213   IN PLARGE_INTEGER MaximumSize OPTIONAL,
214   IN ULONG SectionPageProtection,
215   IN ULONG AllocationAttributes,
216   IN HANDLE FileHandle OPTIONAL);
217 
218 typedef ULONG SECTION_INHERIT;
219 #define ViewShare 1
220 #define ViewUnmap 2
221 
222 typedef NTSTATUS (WINAPI *NtMapViewOfSectionFunction)(
223   IN HANDLE SectionHandle,
224   IN HANDLE ProcessHandle,
225   IN OUT PVOID *BaseAddress,
226   IN ULONG_PTR ZeroBits,
227   IN SIZE_T CommitSize,
228   IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
229   IN OUT PSIZE_T ViewSize,
230   IN SECTION_INHERIT InheritDisposition,
231   IN ULONG AllocationType,
232   IN ULONG Win32Protect);
233 
234 typedef NTSTATUS (WINAPI *NtUnmapViewOfSectionFunction)(
235   IN HANDLE ProcessHandle,
236   IN PVOID BaseAddress);
237 
238 typedef enum _SECTION_INFORMATION_CLASS {
239   SectionBasicInformation = 0,
240   SectionImageInformation
241 } SECTION_INFORMATION_CLASS;
242 
243 typedef struct _SECTION_BASIC_INFORMATION {
244   PVOID BaseAddress;
245   ULONG Attributes;
246   LARGE_INTEGER Size;
247 } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
248 
249 typedef NTSTATUS (WINAPI *NtQuerySectionFunction)(
250   IN HANDLE SectionHandle,
251   IN SECTION_INFORMATION_CLASS SectionInformationClass,
252   OUT PVOID SectionInformation,
253   IN SIZE_T SectionInformationLength,
254   OUT PSIZE_T ReturnLength OPTIONAL);
255 
256 // -----------------------------------------------------------------------
257 // Process and Thread
258 
259 typedef struct _CLIENT_ID {
260   PVOID UniqueProcess;
261   PVOID UniqueThread;
262 } CLIENT_ID, *PCLIENT_ID;
263 
264 typedef NTSTATUS (WINAPI *NtOpenThreadFunction) (
265   OUT PHANDLE ThreadHandle,
266   IN ACCESS_MASK DesiredAccess,
267   IN POBJECT_ATTRIBUTES ObjectAttributes,
268   IN PCLIENT_ID ClientId);
269 
270 typedef NTSTATUS (WINAPI *NtOpenProcessFunction) (
271   OUT PHANDLE ProcessHandle,
272   IN ACCESS_MASK DesiredAccess,
273   IN POBJECT_ATTRIBUTES ObjectAttributes,
274   IN PCLIENT_ID ClientId);
275 
276 typedef enum _NT_THREAD_INFORMATION_CLASS {
277   ThreadBasicInformation,
278   ThreadTimes,
279   ThreadPriority,
280   ThreadBasePriority,
281   ThreadAffinityMask,
282   ThreadImpersonationToken,
283   ThreadDescriptorTableEntry,
284   ThreadEnableAlignmentFaultFixup,
285   ThreadEventPair,
286   ThreadQuerySetWin32StartAddress,
287   ThreadZeroTlsCell,
288   ThreadPerformanceCount,
289   ThreadAmILastThread,
290   ThreadIdealProcessor,
291   ThreadPriorityBoost,
292   ThreadSetTlsArrayAddress,
293   ThreadIsIoPending,
294   ThreadHideFromDebugger
295 } NT_THREAD_INFORMATION_CLASS, *PNT_THREAD_INFORMATION_CLASS;
296 
297 typedef NTSTATUS (WINAPI *NtSetInformationThreadFunction) (
298   IN HANDLE ThreadHandle,
299   IN NT_THREAD_INFORMATION_CLASS ThreadInformationClass,
300   IN PVOID ThreadInformation,
301   IN ULONG ThreadInformationLength);
302 
303 // Partial definition only:
304 typedef enum _PROCESSINFOCLASS {
305   ProcessBasicInformation = 0,
306   ProcessExecuteFlags = 0x22
307 } PROCESSINFOCLASS;
308 
309 typedef PVOID PPEB;
310 typedef PVOID KPRIORITY;
311 
312 typedef struct _PROCESS_BASIC_INFORMATION {
313   NTSTATUS ExitStatus;
314   PPEB PebBaseAddress;
315   KAFFINITY AffinityMask;
316   KPRIORITY BasePriority;
317   ULONG UniqueProcessId;
318   ULONG InheritedFromUniqueProcessId;
319 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
320 
321 typedef NTSTATUS (WINAPI *NtQueryInformationProcessFunction)(
322   IN HANDLE ProcessHandle,
323   IN PROCESSINFOCLASS ProcessInformationClass,
324   OUT PVOID ProcessInformation,
325   IN ULONG ProcessInformationLength,
326   OUT PULONG ReturnLength OPTIONAL);
327 
328 typedef NTSTATUS (WINAPI *NtSetInformationProcessFunction)(
329   HANDLE ProcessHandle,
330   IN PROCESSINFOCLASS ProcessInformationClass,
331   IN PVOID ProcessInformation,
332   IN ULONG ProcessInformationLength);
333 
334 typedef NTSTATUS (WINAPI *NtOpenThreadTokenFunction) (
335   IN HANDLE ThreadHandle,
336   IN ACCESS_MASK DesiredAccess,
337   IN BOOLEAN OpenAsSelf,
338   OUT PHANDLE TokenHandle);
339 
340 typedef NTSTATUS (WINAPI *NtOpenThreadTokenExFunction) (
341   IN HANDLE ThreadHandle,
342   IN ACCESS_MASK DesiredAccess,
343   IN BOOLEAN OpenAsSelf,
344   IN ULONG HandleAttributes,
345   OUT PHANDLE TokenHandle);
346 
347 typedef NTSTATUS (WINAPI *NtOpenProcessTokenFunction) (
348   IN HANDLE ProcessHandle,
349   IN ACCESS_MASK DesiredAccess,
350   OUT PHANDLE TokenHandle);
351 
352 typedef NTSTATUS (WINAPI *NtOpenProcessTokenExFunction) (
353   IN HANDLE ProcessHandle,
354   IN ACCESS_MASK DesiredAccess,
355   IN ULONG HandleAttributes,
356   OUT PHANDLE TokenHandle);
357 
358 typedef NTSTATUS (WINAPI * RtlCreateUserThreadFunction)(
359   IN HANDLE Process,
360   IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
361   IN BOOLEAN CreateSuspended,
362   IN ULONG ZeroBits,
363   IN SIZE_T MaximumStackSize,
364   IN SIZE_T CommittedStackSize,
365   IN LPTHREAD_START_ROUTINE StartAddress,
366   IN PVOID Parameter,
367   OUT PHANDLE Thread,
368   OUT PCLIENT_ID ClientId);
369 
370 // -----------------------------------------------------------------------
371 // Registry
372 
373 typedef NTSTATUS (WINAPI *NtCreateKeyFunction)(
374   OUT PHANDLE KeyHandle,
375   IN ACCESS_MASK DesiredAccess,
376   IN POBJECT_ATTRIBUTES ObjectAttributes,
377   IN ULONG TitleIndex,
378   IN PUNICODE_STRING Class OPTIONAL,
379   IN ULONG CreateOptions,
380   OUT PULONG Disposition OPTIONAL);
381 
382 typedef NTSTATUS (WINAPI *NtOpenKeyFunction)(
383   OUT PHANDLE KeyHandle,
384   IN ACCESS_MASK DesiredAccess,
385   IN POBJECT_ATTRIBUTES ObjectAttributes);
386 
387 typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)(
388   OUT PHANDLE KeyHandle,
389   IN ACCESS_MASK DesiredAccess,
390   IN POBJECT_ATTRIBUTES ObjectAttributes,
391   IN DWORD open_options);
392 
393 typedef NTSTATUS (WINAPI *NtDeleteKeyFunction)(
394   IN HANDLE KeyHandle);
395 
396 // -----------------------------------------------------------------------
397 // Memory
398 
399 // Don't really need this structure right now.
400 typedef PVOID PRTL_HEAP_PARAMETERS;
401 
402 typedef PVOID (WINAPI *RtlCreateHeapFunction)(
403   IN ULONG Flags,
404   IN PVOID HeapBase OPTIONAL,
405   IN SIZE_T ReserveSize OPTIONAL,
406   IN SIZE_T CommitSize OPTIONAL,
407   IN PVOID Lock OPTIONAL,
408   IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL);
409 
410 typedef PVOID (WINAPI *RtlDestroyHeapFunction)(
411   IN PVOID HeapHandle);
412 
413 typedef PVOID (WINAPI *RtlAllocateHeapFunction)(
414   IN PVOID HeapHandle,
415   IN ULONG Flags,
416   IN SIZE_T Size);
417 
418 typedef BOOLEAN (WINAPI *RtlFreeHeapFunction)(
419   IN PVOID HeapHandle,
420   IN ULONG Flags,
421   IN PVOID HeapBase);
422 
423 typedef NTSTATUS (WINAPI *NtAllocateVirtualMemoryFunction) (
424   IN HANDLE ProcessHandle,
425   IN OUT PVOID *BaseAddress,
426   IN ULONG_PTR ZeroBits,
427   IN OUT PSIZE_T RegionSize,
428   IN ULONG AllocationType,
429   IN ULONG Protect);
430 
431 typedef NTSTATUS (WINAPI *NtFreeVirtualMemoryFunction) (
432   IN HANDLE ProcessHandle,
433   IN OUT PVOID *BaseAddress,
434   IN OUT PSIZE_T RegionSize,
435   IN ULONG FreeType);
436 
437 typedef enum _MEMORY_INFORMATION_CLASS {
438   MemoryBasicInformation = 0,
439   MemoryWorkingSetList,
440   MemorySectionName,
441   MemoryBasicVlmInformation
442 } MEMORY_INFORMATION_CLASS;
443 
444 typedef struct _MEMORY_SECTION_NAME {  // Information Class 2
445   UNICODE_STRING SectionFileName;
446 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
447 
448 typedef NTSTATUS (WINAPI *NtQueryVirtualMemoryFunction)(
449   IN HANDLE ProcessHandle,
450   IN PVOID BaseAddress,
451   IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
452   OUT PVOID MemoryInformation,
453   IN ULONG MemoryInformationLength,
454   OUT PULONG ReturnLength OPTIONAL);
455 
456 typedef NTSTATUS (WINAPI *NtProtectVirtualMemoryFunction)(
457   IN HANDLE ProcessHandle,
458   IN OUT PVOID* BaseAddress,
459   IN OUT PSIZE_T ProtectSize,
460   IN ULONG NewProtect,
461   OUT PULONG OldProtect);
462 
463 // -----------------------------------------------------------------------
464 // Objects
465 
466 typedef enum _OBJECT_INFORMATION_CLASS {
467   ObjectBasicInformation,
468   ObjectNameInformation,
469   ObjectTypeInformation,
470   ObjectAllInformation,
471   ObjectDataInformation
472 } OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
473 
474 typedef struct _OBJDIR_INFORMATION {
475   UNICODE_STRING ObjectName;
476   UNICODE_STRING ObjectTypeName;
477   BYTE Data[1];
478 } OBJDIR_INFORMATION;
479 
480 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
481   ULONG Attributes;
482   ACCESS_MASK GrantedAccess;
483   ULONG HandleCount;
484   ULONG PointerCount;
485   ULONG Reserved[10];    // reserved for internal use
486 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
487 
488 typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION {
489   UNICODE_STRING TypeName;
490   ULONG Reserved[22];    // reserved for internal use
491 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
492 
493 typedef enum _POOL_TYPE {
494   NonPagedPool,
495   PagedPool,
496   NonPagedPoolMustSucceed,
497   ReservedType,
498   NonPagedPoolCacheAligned,
499   PagedPoolCacheAligned,
500   NonPagedPoolCacheAlignedMustS
501 } POOL_TYPE;
502 
503 typedef struct _OBJECT_BASIC_INFORMATION {
504   ULONG Attributes;
505   ACCESS_MASK GrantedAccess;
506   ULONG HandleCount;
507   ULONG PointerCount;
508   ULONG PagedPoolUsage;
509   ULONG NonPagedPoolUsage;
510   ULONG Reserved[3];
511   ULONG NameInformationLength;
512   ULONG TypeInformationLength;
513   ULONG SecurityDescriptorLength;
514   LARGE_INTEGER CreateTime;
515 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
516 
517 typedef struct _OBJECT_TYPE_INFORMATION {
518   UNICODE_STRING Name;
519   ULONG TotalNumberOfObjects;
520   ULONG TotalNumberOfHandles;
521   ULONG TotalPagedPoolUsage;
522   ULONG TotalNonPagedPoolUsage;
523   ULONG TotalNamePoolUsage;
524   ULONG TotalHandleTableUsage;
525   ULONG HighWaterNumberOfObjects;
526   ULONG HighWaterNumberOfHandles;
527   ULONG HighWaterPagedPoolUsage;
528   ULONG HighWaterNonPagedPoolUsage;
529   ULONG HighWaterNamePoolUsage;
530   ULONG HighWaterHandleTableUsage;
531   ULONG InvalidAttributes;
532   GENERIC_MAPPING GenericMapping;
533   ULONG ValidAccess;
534   BOOLEAN SecurityRequired;
535   BOOLEAN MaintainHandleCount;
536   USHORT MaintainTypeList;
537   POOL_TYPE PoolType;
538   ULONG PagedPoolUsage;
539   ULONG NonPagedPoolUsage;
540 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
541 
542 typedef enum _SYSTEM_INFORMATION_CLASS {
543   SystemHandleInformation = 16
544 } SYSTEM_INFORMATION_CLASS;
545 
546 typedef struct _SYSTEM_HANDLE_INFORMATION {
547   USHORT ProcessId;
548   USHORT CreatorBackTraceIndex;
549   UCHAR ObjectTypeNumber;
550   UCHAR Flags;
551   USHORT Handle;
552   PVOID Object;
553   ACCESS_MASK GrantedAccess;
554 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
555 
556 typedef struct _SYSTEM_HANDLE_INFORMATION_EX {
557   ULONG NumberOfHandles;
558   SYSTEM_HANDLE_INFORMATION Information[1];
559 } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;
560 
561 typedef struct _OBJECT_NAME_INFORMATION {
562   UNICODE_STRING ObjectName;
563 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
564 
565 typedef NTSTATUS (WINAPI *NtQueryObjectFunction)(
566   IN HANDLE Handle,
567   IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
568   OUT PVOID ObjectInformation OPTIONAL,
569   IN ULONG ObjectInformationLength,
570   OUT PULONG ReturnLength OPTIONAL);
571 
572 typedef NTSTATUS (WINAPI *NtDuplicateObjectFunction)(
573   IN HANDLE SourceProcess,
574   IN HANDLE SourceHandle,
575   IN HANDLE TargetProcess,
576   OUT PHANDLE TargetHandle,
577   IN ACCESS_MASK DesiredAccess,
578   IN ULONG Attributes,
579   IN ULONG Options);
580 
581 typedef NTSTATUS (WINAPI *NtSignalAndWaitForSingleObjectFunction)(
582   IN HANDLE HandleToSignal,
583   IN HANDLE HandleToWait,
584   IN BOOLEAN Alertable,
585   IN PLARGE_INTEGER Timeout OPTIONAL);
586 
587 typedef NTSTATUS (WINAPI *NtQuerySystemInformation)(
588   IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
589   OUT PVOID SystemInformation,
590   IN ULONG SystemInformationLength,
591   OUT PULONG ReturnLength);
592 
593 typedef NTSTATUS (WINAPI *NtQueryObject)(
594   IN HANDLE Handle,
595   IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
596   OUT PVOID ObjectInformation,
597   IN ULONG ObjectInformationLength,
598   OUT PULONG ReturnLength);
599 
600 // -----------------------------------------------------------------------
601 // Strings
602 
603 typedef int (__cdecl *_strnicmpFunction)(
604   IN const char* _Str1,
605   IN const char* _Str2,
606   IN size_t _MaxCount);
607 
608 typedef size_t  (__cdecl *strlenFunction)(
609   IN const char * _Str);
610 
611 typedef size_t (__cdecl *wcslenFunction)(
612   IN const wchar_t* _Str);
613 
614 typedef void* (__cdecl *memcpyFunction)(
615   IN void* dest,
616   IN const void* src,
617   IN size_t count);
618 
619 typedef NTSTATUS (WINAPI *RtlAnsiStringToUnicodeStringFunction)(
620   IN OUT PUNICODE_STRING  DestinationString,
621   IN PANSI_STRING  SourceString,
622   IN BOOLEAN  AllocateDestinationString);
623 
624 typedef LONG (WINAPI *RtlCompareUnicodeStringFunction)(
625   IN PCUNICODE_STRING  String1,
626   IN PCUNICODE_STRING  String2,
627   IN BOOLEAN  CaseInSensitive);
628 
629 typedef VOID (WINAPI *RtlInitUnicodeStringFunction) (
630   IN OUT PUNICODE_STRING DestinationString,
631   IN PCWSTR SourceString);
632 
633 typedef enum _EVENT_TYPE {
634   NotificationEvent,
635   SynchronizationEvent
636 } EVENT_TYPE, *PEVENT_TYPE;
637 
638 typedef NTSTATUS (WINAPI* NtOpenDirectoryObjectFunction) (
639     PHANDLE DirectoryHandle,
640     ACCESS_MASK DesiredAccess,
641     POBJECT_ATTRIBUTES ObjectAttributes);
642 
643 typedef NTSTATUS (WINAPI* NtQuerySymbolicLinkObjectFunction) (
644     HANDLE LinkHandle,
645     PUNICODE_STRING LinkTarget,
646     PULONG ReturnedLength);
647 
648 typedef NTSTATUS (WINAPI* NtOpenSymbolicLinkObjectFunction) (
649     PHANDLE LinkHandle,
650     ACCESS_MASK DesiredAccess,
651     POBJECT_ATTRIBUTES ObjectAttributes);
652 
653 #define DIRECTORY_QUERY               0x0001
654 #define DIRECTORY_TRAVERSE            0x0002
655 #define DIRECTORY_CREATE_OBJECT       0x0004
656 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
657 #define DIRECTORY_ALL_ACCESS          0x000F
658 
659 #endif  // SANDBOX_WIN_SRC_NT_INTERNALS_H__
660 
661