1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // This file holds definitions related to the ntdll API. 6 7 #ifndef SANDBOX_WIN_SRC_NT_INTERNALS_H__ 8 #define SANDBOX_WIN_SRC_NT_INTERNALS_H__ 9 10 #include <windows.h> 11 #include <stddef.h> 12 13 typedef LONG NTSTATUS; 14 #define NT_SUCCESS(st) (st >= 0) 15 16 #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) 17 #define STATUS_BUFFER_OVERFLOW ((NTSTATUS)0x80000005L) 18 #define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L) 19 #define STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L) 20 #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) 21 #ifndef STATUS_INVALID_PARAMETER 22 // It is now defined in Windows 2008 SDK. 23 #define STATUS_INVALID_PARAMETER ((NTSTATUS)0xC000000DL) 24 #endif 25 #define STATUS_CONFLICTING_ADDRESSES ((NTSTATUS)0xC0000018L) 26 #define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L) 27 #define STATUS_BUFFER_TOO_SMALL ((NTSTATUS)0xC0000023L) 28 #define STATUS_OBJECT_NAME_NOT_FOUND ((NTSTATUS)0xC0000034L) 29 #define STATUS_OBJECT_NAME_COLLISION ((NTSTATUS)0xC0000035L) 30 #define STATUS_PROCEDURE_NOT_FOUND ((NTSTATUS)0xC000007AL) 31 #define STATUS_INVALID_IMAGE_FORMAT ((NTSTATUS)0xC000007BL) 32 #define STATUS_NO_TOKEN ((NTSTATUS)0xC000007CL) 33 34 #define CURRENT_PROCESS ((HANDLE) -1) 35 #define CURRENT_THREAD ((HANDLE) -2) 36 #define NtCurrentProcess CURRENT_PROCESS 37 38 typedef struct _UNICODE_STRING { 39 USHORT Length; 40 USHORT MaximumLength; 41 PWSTR Buffer; 42 } UNICODE_STRING; 43 typedef UNICODE_STRING *PUNICODE_STRING; 44 typedef const UNICODE_STRING *PCUNICODE_STRING; 45 46 typedef struct _STRING { 47 USHORT Length; 48 USHORT MaximumLength; 49 PCHAR Buffer; 50 } STRING; 51 typedef STRING *PSTRING; 52 53 typedef STRING ANSI_STRING; 54 typedef PSTRING PANSI_STRING; 55 typedef CONST PSTRING PCANSI_STRING; 56 57 typedef STRING OEM_STRING; 58 typedef PSTRING POEM_STRING; 59 typedef CONST STRING* PCOEM_STRING; 60 61 #define OBJ_CASE_INSENSITIVE 0x00000040L 62 #define OBJ_OPENIF 0x00000080L 63 64 typedef struct _OBJECT_ATTRIBUTES { 65 ULONG Length; 66 HANDLE RootDirectory; 67 PUNICODE_STRING ObjectName; 68 ULONG Attributes; 69 PVOID SecurityDescriptor; 70 PVOID SecurityQualityOfService; 71 } OBJECT_ATTRIBUTES; 72 typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES; 73 74 #define InitializeObjectAttributes(p, n, a, r, s) { \ 75 (p)->Length = sizeof(OBJECT_ATTRIBUTES);\ 76 (p)->RootDirectory = r;\ 77 (p)->Attributes = a;\ 78 (p)->ObjectName = n;\ 79 (p)->SecurityDescriptor = s;\ 80 (p)->SecurityQualityOfService = NULL;\ 81 } 82 83 typedef struct _IO_STATUS_BLOCK { 84 union { 85 NTSTATUS Status; 86 PVOID Pointer; 87 }; 88 ULONG_PTR Information; 89 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; 90 91 // ----------------------------------------------------------------------- 92 // File IO 93 94 // Create disposition values. 95 96 #define FILE_SUPERSEDE 0x00000000 97 #define FILE_OPEN 0x00000001 98 #define FILE_CREATE 0x00000002 99 #define FILE_OPEN_IF 0x00000003 100 #define FILE_OVERWRITE 0x00000004 101 #define FILE_OVERWRITE_IF 0x00000005 102 #define FILE_MAXIMUM_DISPOSITION 0x00000005 103 104 // Create/open option flags. 105 106 #define FILE_DIRECTORY_FILE 0x00000001 107 #define FILE_WRITE_THROUGH 0x00000002 108 #define FILE_SEQUENTIAL_ONLY 0x00000004 109 #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008 110 111 #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010 112 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020 113 #define FILE_NON_DIRECTORY_FILE 0x00000040 114 #define FILE_CREATE_TREE_CONNECTION 0x00000080 115 116 #define FILE_COMPLETE_IF_OPLOCKED 0x00000100 117 #define FILE_NO_EA_KNOWLEDGE 0x00000200 118 #define FILE_OPEN_REMOTE_INSTANCE 0x00000400 119 #define FILE_RANDOM_ACCESS 0x00000800 120 121 #define FILE_DELETE_ON_CLOSE 0x00001000 122 #define FILE_OPEN_BY_FILE_ID 0x00002000 123 #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000 124 #define FILE_NO_COMPRESSION 0x00008000 125 126 #define FILE_RESERVE_OPFILTER 0x00100000 127 #define FILE_OPEN_REPARSE_POINT 0x00200000 128 #define FILE_OPEN_NO_RECALL 0x00400000 129 #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000 130 131 // Create/open result values. These are the disposition values returned on the 132 // io status information. 133 #define FILE_SUPERSEDED 0x00000000 134 #define FILE_OPENED 0x00000001 135 #define FILE_CREATED 0x00000002 136 #define FILE_OVERWRITTEN 0x00000003 137 #define FILE_EXISTS 0x00000004 138 #define FILE_DOES_NOT_EXIST 0x00000005 139 140 typedef NTSTATUS (WINAPI *NtCreateFileFunction)( 141 OUT PHANDLE FileHandle, 142 IN ACCESS_MASK DesiredAccess, 143 IN POBJECT_ATTRIBUTES ObjectAttributes, 144 OUT PIO_STATUS_BLOCK IoStatusBlock, 145 IN PLARGE_INTEGER AllocationSize OPTIONAL, 146 IN ULONG FileAttributes, 147 IN ULONG ShareAccess, 148 IN ULONG CreateDisposition, 149 IN ULONG CreateOptions, 150 IN PVOID EaBuffer OPTIONAL, 151 IN ULONG EaLength); 152 153 typedef NTSTATUS (WINAPI *NtOpenFileFunction)( 154 OUT PHANDLE FileHandle, 155 IN ACCESS_MASK DesiredAccess, 156 IN POBJECT_ATTRIBUTES ObjectAttributes, 157 OUT PIO_STATUS_BLOCK IoStatusBlock, 158 IN ULONG ShareAccess, 159 IN ULONG OpenOptions); 160 161 typedef NTSTATUS (WINAPI *NtCloseFunction)( 162 IN HANDLE Handle); 163 164 typedef enum _FILE_INFORMATION_CLASS { 165 FileRenameInformation = 10 166 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS; 167 168 typedef struct _FILE_RENAME_INFORMATION { 169 BOOLEAN ReplaceIfExists; 170 HANDLE RootDirectory; 171 ULONG FileNameLength; 172 WCHAR FileName[1]; 173 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; 174 175 typedef NTSTATUS (WINAPI *NtSetInformationFileFunction)( 176 IN HANDLE FileHandle, 177 OUT PIO_STATUS_BLOCK IoStatusBlock, 178 IN PVOID FileInformation, 179 IN ULONG Length, 180 IN FILE_INFORMATION_CLASS FileInformationClass); 181 182 typedef struct FILE_BASIC_INFORMATION { 183 LARGE_INTEGER CreationTime; 184 LARGE_INTEGER LastAccessTime; 185 LARGE_INTEGER LastWriteTime; 186 LARGE_INTEGER ChangeTime; 187 ULONG FileAttributes; 188 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION; 189 190 typedef NTSTATUS (WINAPI *NtQueryAttributesFileFunction)( 191 IN POBJECT_ATTRIBUTES ObjectAttributes, 192 OUT PFILE_BASIC_INFORMATION FileAttributes); 193 194 typedef struct _FILE_NETWORK_OPEN_INFORMATION { 195 LARGE_INTEGER CreationTime; 196 LARGE_INTEGER LastAccessTime; 197 LARGE_INTEGER LastWriteTime; 198 LARGE_INTEGER ChangeTime; 199 LARGE_INTEGER AllocationSize; 200 LARGE_INTEGER EndOfFile; 201 ULONG FileAttributes; 202 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION; 203 204 typedef NTSTATUS (WINAPI *NtQueryFullAttributesFileFunction)( 205 IN POBJECT_ATTRIBUTES ObjectAttributes, 206 OUT PFILE_NETWORK_OPEN_INFORMATION FileAttributes); 207 208 // ----------------------------------------------------------------------- 209 // Sections 210 211 typedef NTSTATUS (WINAPI *NtCreateSectionFunction)( 212 OUT PHANDLE SectionHandle, 213 IN ACCESS_MASK DesiredAccess, 214 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 215 IN PLARGE_INTEGER MaximumSize OPTIONAL, 216 IN ULONG SectionPageProtection, 217 IN ULONG AllocationAttributes, 218 IN HANDLE FileHandle OPTIONAL); 219 220 typedef ULONG SECTION_INHERIT; 221 #define ViewShare 1 222 #define ViewUnmap 2 223 224 typedef NTSTATUS (WINAPI *NtMapViewOfSectionFunction)( 225 IN HANDLE SectionHandle, 226 IN HANDLE ProcessHandle, 227 IN OUT PVOID *BaseAddress, 228 IN ULONG_PTR ZeroBits, 229 IN SIZE_T CommitSize, 230 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, 231 IN OUT PSIZE_T ViewSize, 232 IN SECTION_INHERIT InheritDisposition, 233 IN ULONG AllocationType, 234 IN ULONG Win32Protect); 235 236 typedef NTSTATUS (WINAPI *NtUnmapViewOfSectionFunction)( 237 IN HANDLE ProcessHandle, 238 IN PVOID BaseAddress); 239 240 typedef enum _SECTION_INFORMATION_CLASS { 241 SectionBasicInformation = 0, 242 SectionImageInformation 243 } SECTION_INFORMATION_CLASS; 244 245 typedef struct _SECTION_BASIC_INFORMATION { 246 PVOID BaseAddress; 247 ULONG Attributes; 248 LARGE_INTEGER Size; 249 } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION; 250 251 typedef NTSTATUS (WINAPI *NtQuerySectionFunction)( 252 IN HANDLE SectionHandle, 253 IN SECTION_INFORMATION_CLASS SectionInformationClass, 254 OUT PVOID SectionInformation, 255 IN SIZE_T SectionInformationLength, 256 OUT PSIZE_T ReturnLength OPTIONAL); 257 258 // ----------------------------------------------------------------------- 259 // Process and Thread 260 261 typedef struct _CLIENT_ID { 262 PVOID UniqueProcess; 263 PVOID UniqueThread; 264 } CLIENT_ID, *PCLIENT_ID; 265 266 typedef NTSTATUS (WINAPI *NtOpenThreadFunction) ( 267 OUT PHANDLE ThreadHandle, 268 IN ACCESS_MASK DesiredAccess, 269 IN POBJECT_ATTRIBUTES ObjectAttributes, 270 IN PCLIENT_ID ClientId); 271 272 typedef NTSTATUS (WINAPI *NtOpenProcessFunction) ( 273 OUT PHANDLE ProcessHandle, 274 IN ACCESS_MASK DesiredAccess, 275 IN POBJECT_ATTRIBUTES ObjectAttributes, 276 IN PCLIENT_ID ClientId); 277 278 typedef enum _NT_THREAD_INFORMATION_CLASS { 279 ThreadBasicInformation, 280 ThreadTimes, 281 ThreadPriority, 282 ThreadBasePriority, 283 ThreadAffinityMask, 284 ThreadImpersonationToken, 285 ThreadDescriptorTableEntry, 286 ThreadEnableAlignmentFaultFixup, 287 ThreadEventPair, 288 ThreadQuerySetWin32StartAddress, 289 ThreadZeroTlsCell, 290 ThreadPerformanceCount, 291 ThreadAmILastThread, 292 ThreadIdealProcessor, 293 ThreadPriorityBoost, 294 ThreadSetTlsArrayAddress, 295 ThreadIsIoPending, 296 ThreadHideFromDebugger 297 } NT_THREAD_INFORMATION_CLASS, *PNT_THREAD_INFORMATION_CLASS; 298 299 typedef NTSTATUS (WINAPI *NtSetInformationThreadFunction) ( 300 IN HANDLE ThreadHandle, 301 IN NT_THREAD_INFORMATION_CLASS ThreadInformationClass, 302 IN PVOID ThreadInformation, 303 IN ULONG ThreadInformationLength); 304 305 // Partial definition only: 306 typedef enum _PROCESSINFOCLASS { 307 ProcessBasicInformation = 0, 308 ProcessExecuteFlags = 0x22 309 } PROCESSINFOCLASS; 310 311 typedef PVOID PPEB; 312 typedef LONG KPRIORITY; 313 314 typedef struct _PROCESS_BASIC_INFORMATION { 315 union { 316 NTSTATUS ExitStatus; 317 PVOID padding_for_x64_0; 318 }; 319 PPEB PebBaseAddress; 320 KAFFINITY AffinityMask; 321 union { 322 KPRIORITY BasePriority; 323 PVOID padding_for_x64_1; 324 }; 325 union { 326 DWORD UniqueProcessId; 327 PVOID padding_for_x64_2; 328 }; 329 union { 330 DWORD InheritedFromUniqueProcessId; 331 PVOID padding_for_x64_3; 332 }; 333 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; 334 335 typedef NTSTATUS (WINAPI *NtQueryInformationProcessFunction)( 336 IN HANDLE ProcessHandle, 337 IN PROCESSINFOCLASS ProcessInformationClass, 338 OUT PVOID ProcessInformation, 339 IN ULONG ProcessInformationLength, 340 OUT PULONG ReturnLength OPTIONAL); 341 342 typedef NTSTATUS (WINAPI *NtSetInformationProcessFunction)( 343 HANDLE ProcessHandle, 344 IN PROCESSINFOCLASS ProcessInformationClass, 345 IN PVOID ProcessInformation, 346 IN ULONG ProcessInformationLength); 347 348 typedef NTSTATUS (WINAPI *NtOpenThreadTokenFunction) ( 349 IN HANDLE ThreadHandle, 350 IN ACCESS_MASK DesiredAccess, 351 IN BOOLEAN OpenAsSelf, 352 OUT PHANDLE TokenHandle); 353 354 typedef NTSTATUS (WINAPI *NtOpenThreadTokenExFunction) ( 355 IN HANDLE ThreadHandle, 356 IN ACCESS_MASK DesiredAccess, 357 IN BOOLEAN OpenAsSelf, 358 IN ULONG HandleAttributes, 359 OUT PHANDLE TokenHandle); 360 361 typedef NTSTATUS (WINAPI *NtOpenProcessTokenFunction) ( 362 IN HANDLE ProcessHandle, 363 IN ACCESS_MASK DesiredAccess, 364 OUT PHANDLE TokenHandle); 365 366 typedef NTSTATUS (WINAPI *NtOpenProcessTokenExFunction) ( 367 IN HANDLE ProcessHandle, 368 IN ACCESS_MASK DesiredAccess, 369 IN ULONG HandleAttributes, 370 OUT PHANDLE TokenHandle); 371 372 typedef NTSTATUS (WINAPI * RtlCreateUserThreadFunction)( 373 IN HANDLE Process, 374 IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, 375 IN BOOLEAN CreateSuspended, 376 IN ULONG ZeroBits, 377 IN SIZE_T MaximumStackSize, 378 IN SIZE_T CommittedStackSize, 379 IN LPTHREAD_START_ROUTINE StartAddress, 380 IN PVOID Parameter, 381 OUT PHANDLE Thread, 382 OUT PCLIENT_ID ClientId); 383 384 // ----------------------------------------------------------------------- 385 // Registry 386 387 typedef NTSTATUS (WINAPI *NtCreateKeyFunction)( 388 OUT PHANDLE KeyHandle, 389 IN ACCESS_MASK DesiredAccess, 390 IN POBJECT_ATTRIBUTES ObjectAttributes, 391 IN ULONG TitleIndex, 392 IN PUNICODE_STRING Class OPTIONAL, 393 IN ULONG CreateOptions, 394 OUT PULONG Disposition OPTIONAL); 395 396 typedef NTSTATUS (WINAPI *NtOpenKeyFunction)( 397 OUT PHANDLE KeyHandle, 398 IN ACCESS_MASK DesiredAccess, 399 IN POBJECT_ATTRIBUTES ObjectAttributes); 400 401 typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)( 402 OUT PHANDLE KeyHandle, 403 IN ACCESS_MASK DesiredAccess, 404 IN POBJECT_ATTRIBUTES ObjectAttributes, 405 IN DWORD open_options); 406 407 typedef NTSTATUS (WINAPI *NtDeleteKeyFunction)( 408 IN HANDLE KeyHandle); 409 410 // ----------------------------------------------------------------------- 411 // Memory 412 413 // Don't really need this structure right now. 414 typedef PVOID PRTL_HEAP_PARAMETERS; 415 416 typedef PVOID (WINAPI *RtlCreateHeapFunction)( 417 IN ULONG Flags, 418 IN PVOID HeapBase OPTIONAL, 419 IN SIZE_T ReserveSize OPTIONAL, 420 IN SIZE_T CommitSize OPTIONAL, 421 IN PVOID Lock OPTIONAL, 422 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL); 423 424 typedef PVOID (WINAPI *RtlDestroyHeapFunction)( 425 IN PVOID HeapHandle); 426 427 typedef PVOID (WINAPI *RtlAllocateHeapFunction)( 428 IN PVOID HeapHandle, 429 IN ULONG Flags, 430 IN SIZE_T Size); 431 432 typedef BOOLEAN (WINAPI *RtlFreeHeapFunction)( 433 IN PVOID HeapHandle, 434 IN ULONG Flags, 435 IN PVOID HeapBase); 436 437 typedef NTSTATUS (WINAPI *NtAllocateVirtualMemoryFunction) ( 438 IN HANDLE ProcessHandle, 439 IN OUT PVOID *BaseAddress, 440 IN ULONG_PTR ZeroBits, 441 IN OUT PSIZE_T RegionSize, 442 IN ULONG AllocationType, 443 IN ULONG Protect); 444 445 typedef NTSTATUS (WINAPI *NtFreeVirtualMemoryFunction) ( 446 IN HANDLE ProcessHandle, 447 IN OUT PVOID *BaseAddress, 448 IN OUT PSIZE_T RegionSize, 449 IN ULONG FreeType); 450 451 typedef enum _MEMORY_INFORMATION_CLASS { 452 MemoryBasicInformation = 0, 453 MemoryWorkingSetList, 454 MemorySectionName, 455 MemoryBasicVlmInformation 456 } MEMORY_INFORMATION_CLASS; 457 458 typedef struct _MEMORY_SECTION_NAME { // Information Class 2 459 UNICODE_STRING SectionFileName; 460 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME; 461 462 typedef NTSTATUS (WINAPI *NtQueryVirtualMemoryFunction)( 463 IN HANDLE ProcessHandle, 464 IN PVOID BaseAddress, 465 IN MEMORY_INFORMATION_CLASS MemoryInformationClass, 466 OUT PVOID MemoryInformation, 467 IN SIZE_T MemoryInformationLength, 468 OUT PSIZE_T ReturnLength OPTIONAL); 469 470 typedef NTSTATUS (WINAPI *NtProtectVirtualMemoryFunction)( 471 IN HANDLE ProcessHandle, 472 IN OUT PVOID* BaseAddress, 473 IN OUT PSIZE_T ProtectSize, 474 IN ULONG NewProtect, 475 OUT PULONG OldProtect); 476 477 // ----------------------------------------------------------------------- 478 // Objects 479 480 typedef enum _OBJECT_INFORMATION_CLASS { 481 ObjectBasicInformation, 482 ObjectNameInformation, 483 ObjectTypeInformation, 484 ObjectAllInformation, 485 ObjectDataInformation 486 } OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS; 487 488 typedef struct _OBJDIR_INFORMATION { 489 UNICODE_STRING ObjectName; 490 UNICODE_STRING ObjectTypeName; 491 BYTE Data[1]; 492 } OBJDIR_INFORMATION; 493 494 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION { 495 ULONG Attributes; 496 ACCESS_MASK GrantedAccess; 497 ULONG HandleCount; 498 ULONG PointerCount; 499 ULONG Reserved[10]; // reserved for internal use 500 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION; 501 502 typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION { 503 UNICODE_STRING TypeName; 504 ULONG Reserved[22]; // reserved for internal use 505 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION; 506 507 typedef enum _POOL_TYPE { 508 NonPagedPool, 509 PagedPool, 510 NonPagedPoolMustSucceed, 511 ReservedType, 512 NonPagedPoolCacheAligned, 513 PagedPoolCacheAligned, 514 NonPagedPoolCacheAlignedMustS 515 } POOL_TYPE; 516 517 typedef struct _OBJECT_BASIC_INFORMATION { 518 ULONG Attributes; 519 ACCESS_MASK GrantedAccess; 520 ULONG HandleCount; 521 ULONG PointerCount; 522 ULONG PagedPoolUsage; 523 ULONG NonPagedPoolUsage; 524 ULONG Reserved[3]; 525 ULONG NameInformationLength; 526 ULONG TypeInformationLength; 527 ULONG SecurityDescriptorLength; 528 LARGE_INTEGER CreateTime; 529 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 530 531 typedef struct _OBJECT_TYPE_INFORMATION { 532 UNICODE_STRING Name; 533 ULONG TotalNumberOfObjects; 534 ULONG TotalNumberOfHandles; 535 ULONG TotalPagedPoolUsage; 536 ULONG TotalNonPagedPoolUsage; 537 ULONG TotalNamePoolUsage; 538 ULONG TotalHandleTableUsage; 539 ULONG HighWaterNumberOfObjects; 540 ULONG HighWaterNumberOfHandles; 541 ULONG HighWaterPagedPoolUsage; 542 ULONG HighWaterNonPagedPoolUsage; 543 ULONG HighWaterNamePoolUsage; 544 ULONG HighWaterHandleTableUsage; 545 ULONG InvalidAttributes; 546 GENERIC_MAPPING GenericMapping; 547 ULONG ValidAccess; 548 BOOLEAN SecurityRequired; 549 BOOLEAN MaintainHandleCount; 550 USHORT MaintainTypeList; 551 POOL_TYPE PoolType; 552 ULONG PagedPoolUsage; 553 ULONG NonPagedPoolUsage; 554 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; 555 556 typedef enum _SYSTEM_INFORMATION_CLASS { 557 SystemHandleInformation = 16 558 } SYSTEM_INFORMATION_CLASS; 559 560 typedef struct _SYSTEM_HANDLE_INFORMATION { 561 USHORT ProcessId; 562 USHORT CreatorBackTraceIndex; 563 UCHAR ObjectTypeNumber; 564 UCHAR Flags; 565 USHORT Handle; 566 PVOID Object; 567 ACCESS_MASK GrantedAccess; 568 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; 569 570 typedef struct _SYSTEM_HANDLE_INFORMATION_EX { 571 ULONG NumberOfHandles; 572 SYSTEM_HANDLE_INFORMATION Information[1]; 573 } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX; 574 575 typedef struct _OBJECT_NAME_INFORMATION { 576 UNICODE_STRING ObjectName; 577 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; 578 579 typedef NTSTATUS (WINAPI *NtQueryObjectFunction)( 580 IN HANDLE Handle, 581 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 582 OUT PVOID ObjectInformation OPTIONAL, 583 IN ULONG ObjectInformationLength, 584 OUT PULONG ReturnLength OPTIONAL); 585 586 typedef NTSTATUS (WINAPI *NtDuplicateObjectFunction)( 587 IN HANDLE SourceProcess, 588 IN HANDLE SourceHandle, 589 IN HANDLE TargetProcess, 590 OUT PHANDLE TargetHandle, 591 IN ACCESS_MASK DesiredAccess, 592 IN ULONG Attributes, 593 IN ULONG Options); 594 595 typedef NTSTATUS (WINAPI *NtSignalAndWaitForSingleObjectFunction)( 596 IN HANDLE HandleToSignal, 597 IN HANDLE HandleToWait, 598 IN BOOLEAN Alertable, 599 IN PLARGE_INTEGER Timeout OPTIONAL); 600 601 typedef NTSTATUS (WINAPI *NtQuerySystemInformation)( 602 IN SYSTEM_INFORMATION_CLASS SystemInformationClass, 603 OUT PVOID SystemInformation, 604 IN ULONG SystemInformationLength, 605 OUT PULONG ReturnLength); 606 607 typedef NTSTATUS (WINAPI *NtQueryObject)( 608 IN HANDLE Handle, 609 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 610 OUT PVOID ObjectInformation, 611 IN ULONG ObjectInformationLength, 612 OUT PULONG ReturnLength); 613 614 // ----------------------------------------------------------------------- 615 // Strings 616 617 typedef int (__cdecl *_strnicmpFunction)( 618 IN const char* _Str1, 619 IN const char* _Str2, 620 IN size_t _MaxCount); 621 622 typedef size_t (__cdecl *strlenFunction)( 623 IN const char * _Str); 624 625 typedef size_t (__cdecl *wcslenFunction)( 626 IN const wchar_t* _Str); 627 628 typedef void* (__cdecl *memcpyFunction)( 629 IN void* dest, 630 IN const void* src, 631 IN size_t count); 632 633 typedef NTSTATUS (WINAPI *RtlAnsiStringToUnicodeStringFunction)( 634 IN OUT PUNICODE_STRING DestinationString, 635 IN PANSI_STRING SourceString, 636 IN BOOLEAN AllocateDestinationString); 637 638 typedef LONG (WINAPI *RtlCompareUnicodeStringFunction)( 639 IN PCUNICODE_STRING String1, 640 IN PCUNICODE_STRING String2, 641 IN BOOLEAN CaseInSensitive); 642 643 typedef VOID (WINAPI *RtlInitUnicodeStringFunction) ( 644 IN OUT PUNICODE_STRING DestinationString, 645 IN PCWSTR SourceString); 646 647 typedef enum _EVENT_TYPE { 648 NotificationEvent, 649 SynchronizationEvent 650 } EVENT_TYPE, *PEVENT_TYPE; 651 652 typedef NTSTATUS (WINAPI* NtCreateDirectoryObjectFunction) ( 653 PHANDLE DirectoryHandle, 654 ACCESS_MASK DesiredAccess, 655 POBJECT_ATTRIBUTES ObjectAttributes); 656 657 typedef NTSTATUS (WINAPI* NtOpenDirectoryObjectFunction) ( 658 PHANDLE DirectoryHandle, 659 ACCESS_MASK DesiredAccess, 660 POBJECT_ATTRIBUTES ObjectAttributes); 661 662 typedef NTSTATUS (WINAPI* NtQuerySymbolicLinkObjectFunction) ( 663 HANDLE LinkHandle, 664 PUNICODE_STRING LinkTarget, 665 PULONG ReturnedLength); 666 667 typedef NTSTATUS (WINAPI* NtOpenSymbolicLinkObjectFunction) ( 668 PHANDLE LinkHandle, 669 ACCESS_MASK DesiredAccess, 670 POBJECT_ATTRIBUTES ObjectAttributes); 671 672 #define DIRECTORY_QUERY 0x0001 673 #define DIRECTORY_TRAVERSE 0x0002 674 #define DIRECTORY_CREATE_OBJECT 0x0004 675 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008 676 #define DIRECTORY_ALL_ACCESS 0x000F 677 678 typedef NTSTATUS (WINAPI* NtCreateLowBoxToken)( 679 OUT PHANDLE token, 680 IN HANDLE original_handle, 681 IN ACCESS_MASK access, 682 IN POBJECT_ATTRIBUTES object_attribute, 683 IN PSID appcontainer_sid, 684 IN DWORD capabilityCount, 685 IN PSID_AND_ATTRIBUTES capabilities, 686 IN DWORD handle_count, 687 IN PHANDLE handles); 688 689 typedef NTSTATUS(WINAPI *NtSetInformationProcess)( 690 IN HANDLE process_handle, 691 IN ULONG info_class, 692 IN PVOID process_information, 693 IN ULONG information_length); 694 695 struct PROCESS_ACCESS_TOKEN { 696 HANDLE token; 697 HANDLE thread; 698 }; 699 700 const unsigned int NtProcessInformationAccessToken = 9; 701 702 #endif // SANDBOX_WIN_SRC_NT_INTERNALS_H__ 703 704