1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // This file holds definitions related to the ntdll API. 6 7 #ifndef SANDBOX_WIN_SRC_NT_INTERNALS_H__ 8 #define SANDBOX_WIN_SRC_NT_INTERNALS_H__ 9 10 #include <windows.h> 11 #include <stddef.h> 12 13 typedef LONG NTSTATUS; 14 #define NT_SUCCESS(st) (st >= 0) 15 16 #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) 17 #define STATUS_BUFFER_OVERFLOW ((NTSTATUS)0x80000005L) 18 #define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L) 19 #define STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L) 20 #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) 21 #ifndef STATUS_INVALID_PARAMETER 22 // It is now defined in Windows 2008 SDK. 23 #define STATUS_INVALID_PARAMETER ((NTSTATUS)0xC000000DL) 24 #endif 25 #define STATUS_CONFLICTING_ADDRESSES ((NTSTATUS)0xC0000018L) 26 #define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L) 27 #define STATUS_BUFFER_TOO_SMALL ((NTSTATUS)0xC0000023L) 28 #define STATUS_OBJECT_NAME_NOT_FOUND ((NTSTATUS)0xC0000034L) 29 #define STATUS_OBJECT_NAME_COLLISION ((NTSTATUS)0xC0000035L) 30 #define STATUS_PROCEDURE_NOT_FOUND ((NTSTATUS)0xC000007AL) 31 #define STATUS_INVALID_IMAGE_FORMAT ((NTSTATUS)0xC000007BL) 32 #define STATUS_NO_TOKEN ((NTSTATUS)0xC000007CL) 33 #define STATUS_NOT_SUPPORTED ((NTSTATUS)0xC00000BBL) 34 35 #define CURRENT_PROCESS ((HANDLE) -1) 36 #define CURRENT_THREAD ((HANDLE) -2) 37 #define NtCurrentProcess CURRENT_PROCESS 38 39 typedef struct _UNICODE_STRING { 40 USHORT Length; 41 USHORT MaximumLength; 42 PWSTR Buffer; 43 } UNICODE_STRING; 44 typedef UNICODE_STRING *PUNICODE_STRING; 45 typedef const UNICODE_STRING *PCUNICODE_STRING; 46 47 typedef struct _STRING { 48 USHORT Length; 49 USHORT MaximumLength; 50 PCHAR Buffer; 51 } STRING; 52 typedef STRING *PSTRING; 53 54 typedef STRING ANSI_STRING; 55 typedef PSTRING PANSI_STRING; 56 typedef CONST PSTRING PCANSI_STRING; 57 58 typedef STRING OEM_STRING; 59 typedef PSTRING POEM_STRING; 60 typedef CONST STRING* PCOEM_STRING; 61 62 #define OBJ_CASE_INSENSITIVE 0x00000040L 63 #define OBJ_OPENIF 0x00000080L 64 65 typedef struct _OBJECT_ATTRIBUTES { 66 ULONG Length; 67 HANDLE RootDirectory; 68 PUNICODE_STRING ObjectName; 69 ULONG Attributes; 70 PVOID SecurityDescriptor; 71 PVOID SecurityQualityOfService; 72 } OBJECT_ATTRIBUTES; 73 typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES; 74 75 #define InitializeObjectAttributes(p, n, a, r, s) { \ 76 (p)->Length = sizeof(OBJECT_ATTRIBUTES);\ 77 (p)->RootDirectory = r;\ 78 (p)->Attributes = a;\ 79 (p)->ObjectName = n;\ 80 (p)->SecurityDescriptor = s;\ 81 (p)->SecurityQualityOfService = NULL;\ 82 } 83 84 typedef struct _IO_STATUS_BLOCK { 85 union { 86 NTSTATUS Status; 87 PVOID Pointer; 88 }; 89 ULONG_PTR Information; 90 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; 91 92 // ----------------------------------------------------------------------- 93 // File IO 94 95 // Create disposition values. 96 97 #define FILE_SUPERSEDE 0x00000000 98 #define FILE_OPEN 0x00000001 99 #define FILE_CREATE 0x00000002 100 #define FILE_OPEN_IF 0x00000003 101 #define FILE_OVERWRITE 0x00000004 102 #define FILE_OVERWRITE_IF 0x00000005 103 #define FILE_MAXIMUM_DISPOSITION 0x00000005 104 105 // Create/open option flags. 106 107 #define FILE_DIRECTORY_FILE 0x00000001 108 #define FILE_WRITE_THROUGH 0x00000002 109 #define FILE_SEQUENTIAL_ONLY 0x00000004 110 #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008 111 112 #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010 113 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020 114 #define FILE_NON_DIRECTORY_FILE 0x00000040 115 #define FILE_CREATE_TREE_CONNECTION 0x00000080 116 117 #define FILE_COMPLETE_IF_OPLOCKED 0x00000100 118 #define FILE_NO_EA_KNOWLEDGE 0x00000200 119 #define FILE_OPEN_REMOTE_INSTANCE 0x00000400 120 #define FILE_RANDOM_ACCESS 0x00000800 121 122 #define FILE_DELETE_ON_CLOSE 0x00001000 123 #define FILE_OPEN_BY_FILE_ID 0x00002000 124 #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000 125 #define FILE_NO_COMPRESSION 0x00008000 126 127 #define FILE_RESERVE_OPFILTER 0x00100000 128 #define FILE_OPEN_REPARSE_POINT 0x00200000 129 #define FILE_OPEN_NO_RECALL 0x00400000 130 #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000 131 132 // Create/open result values. These are the disposition values returned on the 133 // io status information. 134 #define FILE_SUPERSEDED 0x00000000 135 #define FILE_OPENED 0x00000001 136 #define FILE_CREATED 0x00000002 137 #define FILE_OVERWRITTEN 0x00000003 138 #define FILE_EXISTS 0x00000004 139 #define FILE_DOES_NOT_EXIST 0x00000005 140 141 typedef NTSTATUS (WINAPI *NtCreateFileFunction)( 142 OUT PHANDLE FileHandle, 143 IN ACCESS_MASK DesiredAccess, 144 IN POBJECT_ATTRIBUTES ObjectAttributes, 145 OUT PIO_STATUS_BLOCK IoStatusBlock, 146 IN PLARGE_INTEGER AllocationSize OPTIONAL, 147 IN ULONG FileAttributes, 148 IN ULONG ShareAccess, 149 IN ULONG CreateDisposition, 150 IN ULONG CreateOptions, 151 IN PVOID EaBuffer OPTIONAL, 152 IN ULONG EaLength); 153 154 typedef NTSTATUS (WINAPI *NtOpenFileFunction)( 155 OUT PHANDLE FileHandle, 156 IN ACCESS_MASK DesiredAccess, 157 IN POBJECT_ATTRIBUTES ObjectAttributes, 158 OUT PIO_STATUS_BLOCK IoStatusBlock, 159 IN ULONG ShareAccess, 160 IN ULONG OpenOptions); 161 162 typedef NTSTATUS (WINAPI *NtCloseFunction)( 163 IN HANDLE Handle); 164 165 typedef enum _FILE_INFORMATION_CLASS { 166 FileRenameInformation = 10 167 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS; 168 169 typedef struct _FILE_RENAME_INFORMATION { 170 BOOLEAN ReplaceIfExists; 171 HANDLE RootDirectory; 172 ULONG FileNameLength; 173 WCHAR FileName[1]; 174 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; 175 176 typedef NTSTATUS (WINAPI *NtSetInformationFileFunction)( 177 IN HANDLE FileHandle, 178 OUT PIO_STATUS_BLOCK IoStatusBlock, 179 IN PVOID FileInformation, 180 IN ULONG Length, 181 IN FILE_INFORMATION_CLASS FileInformationClass); 182 183 typedef struct FILE_BASIC_INFORMATION { 184 LARGE_INTEGER CreationTime; 185 LARGE_INTEGER LastAccessTime; 186 LARGE_INTEGER LastWriteTime; 187 LARGE_INTEGER ChangeTime; 188 ULONG FileAttributes; 189 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION; 190 191 typedef NTSTATUS (WINAPI *NtQueryAttributesFileFunction)( 192 IN POBJECT_ATTRIBUTES ObjectAttributes, 193 OUT PFILE_BASIC_INFORMATION FileAttributes); 194 195 typedef struct _FILE_NETWORK_OPEN_INFORMATION { 196 LARGE_INTEGER CreationTime; 197 LARGE_INTEGER LastAccessTime; 198 LARGE_INTEGER LastWriteTime; 199 LARGE_INTEGER ChangeTime; 200 LARGE_INTEGER AllocationSize; 201 LARGE_INTEGER EndOfFile; 202 ULONG FileAttributes; 203 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION; 204 205 typedef NTSTATUS (WINAPI *NtQueryFullAttributesFileFunction)( 206 IN POBJECT_ATTRIBUTES ObjectAttributes, 207 OUT PFILE_NETWORK_OPEN_INFORMATION FileAttributes); 208 209 // ----------------------------------------------------------------------- 210 // Sections 211 212 typedef NTSTATUS (WINAPI *NtCreateSectionFunction)( 213 OUT PHANDLE SectionHandle, 214 IN ACCESS_MASK DesiredAccess, 215 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 216 IN PLARGE_INTEGER MaximumSize OPTIONAL, 217 IN ULONG SectionPageProtection, 218 IN ULONG AllocationAttributes, 219 IN HANDLE FileHandle OPTIONAL); 220 221 typedef ULONG SECTION_INHERIT; 222 #define ViewShare 1 223 #define ViewUnmap 2 224 225 typedef NTSTATUS (WINAPI *NtMapViewOfSectionFunction)( 226 IN HANDLE SectionHandle, 227 IN HANDLE ProcessHandle, 228 IN OUT PVOID *BaseAddress, 229 IN ULONG_PTR ZeroBits, 230 IN SIZE_T CommitSize, 231 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, 232 IN OUT PSIZE_T ViewSize, 233 IN SECTION_INHERIT InheritDisposition, 234 IN ULONG AllocationType, 235 IN ULONG Win32Protect); 236 237 typedef NTSTATUS (WINAPI *NtUnmapViewOfSectionFunction)( 238 IN HANDLE ProcessHandle, 239 IN PVOID BaseAddress); 240 241 typedef enum _SECTION_INFORMATION_CLASS { 242 SectionBasicInformation = 0, 243 SectionImageInformation 244 } SECTION_INFORMATION_CLASS; 245 246 typedef struct _SECTION_BASIC_INFORMATION { 247 PVOID BaseAddress; 248 ULONG Attributes; 249 LARGE_INTEGER Size; 250 } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION; 251 252 typedef NTSTATUS (WINAPI *NtQuerySectionFunction)( 253 IN HANDLE SectionHandle, 254 IN SECTION_INFORMATION_CLASS SectionInformationClass, 255 OUT PVOID SectionInformation, 256 IN SIZE_T SectionInformationLength, 257 OUT PSIZE_T ReturnLength OPTIONAL); 258 259 // ----------------------------------------------------------------------- 260 // Process and Thread 261 262 typedef struct _CLIENT_ID { 263 PVOID UniqueProcess; 264 PVOID UniqueThread; 265 } CLIENT_ID, *PCLIENT_ID; 266 267 typedef NTSTATUS (WINAPI *NtOpenThreadFunction) ( 268 OUT PHANDLE ThreadHandle, 269 IN ACCESS_MASK DesiredAccess, 270 IN POBJECT_ATTRIBUTES ObjectAttributes, 271 IN PCLIENT_ID ClientId); 272 273 typedef NTSTATUS (WINAPI *NtOpenProcessFunction) ( 274 OUT PHANDLE ProcessHandle, 275 IN ACCESS_MASK DesiredAccess, 276 IN POBJECT_ATTRIBUTES ObjectAttributes, 277 IN PCLIENT_ID ClientId); 278 279 typedef enum _NT_THREAD_INFORMATION_CLASS { 280 ThreadBasicInformation, 281 ThreadTimes, 282 ThreadPriority, 283 ThreadBasePriority, 284 ThreadAffinityMask, 285 ThreadImpersonationToken, 286 ThreadDescriptorTableEntry, 287 ThreadEnableAlignmentFaultFixup, 288 ThreadEventPair, 289 ThreadQuerySetWin32StartAddress, 290 ThreadZeroTlsCell, 291 ThreadPerformanceCount, 292 ThreadAmILastThread, 293 ThreadIdealProcessor, 294 ThreadPriorityBoost, 295 ThreadSetTlsArrayAddress, 296 ThreadIsIoPending, 297 ThreadHideFromDebugger 298 } NT_THREAD_INFORMATION_CLASS, *PNT_THREAD_INFORMATION_CLASS; 299 300 typedef NTSTATUS (WINAPI *NtSetInformationThreadFunction) ( 301 IN HANDLE ThreadHandle, 302 IN NT_THREAD_INFORMATION_CLASS ThreadInformationClass, 303 IN PVOID ThreadInformation, 304 IN ULONG ThreadInformationLength); 305 306 // Partial definition only: 307 typedef enum _PROCESSINFOCLASS { 308 ProcessBasicInformation = 0, 309 ProcessExecuteFlags = 0x22 310 } PROCESSINFOCLASS; 311 312 typedef PVOID PPEB; 313 typedef LONG KPRIORITY; 314 315 typedef struct _PROCESS_BASIC_INFORMATION { 316 union { 317 NTSTATUS ExitStatus; 318 PVOID padding_for_x64_0; 319 }; 320 PPEB PebBaseAddress; 321 KAFFINITY AffinityMask; 322 union { 323 KPRIORITY BasePriority; 324 PVOID padding_for_x64_1; 325 }; 326 union { 327 DWORD UniqueProcessId; 328 PVOID padding_for_x64_2; 329 }; 330 union { 331 DWORD InheritedFromUniqueProcessId; 332 PVOID padding_for_x64_3; 333 }; 334 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; 335 336 typedef NTSTATUS(WINAPI* NtQueryInformationProcessFunction)( 337 IN HANDLE ProcessHandle, 338 IN PROCESSINFOCLASS ProcessInformationClass, 339 OUT PVOID ProcessInformation, 340 IN ULONG ProcessInformationLength, 341 OUT PULONG ReturnLength OPTIONAL); 342 343 typedef NTSTATUS(WINAPI* NtSetInformationProcessFunction)( 344 HANDLE ProcessHandle, 345 IN PROCESSINFOCLASS ProcessInformationClass, 346 IN PVOID ProcessInformation, 347 IN ULONG ProcessInformationLength); 348 349 typedef NTSTATUS (WINAPI *NtOpenThreadTokenFunction) ( 350 IN HANDLE ThreadHandle, 351 IN ACCESS_MASK DesiredAccess, 352 IN BOOLEAN OpenAsSelf, 353 OUT PHANDLE TokenHandle); 354 355 typedef NTSTATUS (WINAPI *NtOpenThreadTokenExFunction) ( 356 IN HANDLE ThreadHandle, 357 IN ACCESS_MASK DesiredAccess, 358 IN BOOLEAN OpenAsSelf, 359 IN ULONG HandleAttributes, 360 OUT PHANDLE TokenHandle); 361 362 typedef NTSTATUS (WINAPI *NtOpenProcessTokenFunction) ( 363 IN HANDLE ProcessHandle, 364 IN ACCESS_MASK DesiredAccess, 365 OUT PHANDLE TokenHandle); 366 367 typedef NTSTATUS (WINAPI *NtOpenProcessTokenExFunction) ( 368 IN HANDLE ProcessHandle, 369 IN ACCESS_MASK DesiredAccess, 370 IN ULONG HandleAttributes, 371 OUT PHANDLE TokenHandle); 372 373 typedef NTSTATUS(WINAPI* NtQueryInformationTokenFunction)( 374 IN HANDLE TokenHandle, 375 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 376 OUT PVOID TokenInformation, 377 IN ULONG TokenInformationLength, 378 OUT PULONG ReturnLength); 379 380 typedef NTSTATUS(WINAPI* RtlCreateUserThreadFunction)( 381 IN HANDLE Process, 382 IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, 383 IN BOOLEAN CreateSuspended, 384 IN ULONG ZeroBits, 385 IN SIZE_T MaximumStackSize, 386 IN SIZE_T CommittedStackSize, 387 IN LPTHREAD_START_ROUTINE StartAddress, 388 IN PVOID Parameter, 389 OUT PHANDLE Thread, 390 OUT PCLIENT_ID ClientId); 391 392 typedef NTSTATUS(WINAPI* RtlConvertSidToUnicodeStringFunction)( 393 OUT PUNICODE_STRING UnicodeString, 394 IN PSID Sid, 395 IN BOOLEAN AllocateDestinationString); 396 397 typedef VOID(WINAPI* RtlFreeUnicodeStringFunction)( 398 IN OUT PUNICODE_STRING UnicodeString); 399 400 // ----------------------------------------------------------------------- 401 // Registry 402 403 typedef enum _KEY_VALUE_INFORMATION_CLASS { 404 KeyValueFullInformation = 1 405 } KEY_VALUE_INFORMATION_CLASS, 406 *PKEY_VALUE_INFORMATION_CLASS; 407 408 typedef struct _KEY_VALUE_FULL_INFORMATION { 409 ULONG TitleIndex; 410 ULONG Type; 411 ULONG DataOffset; 412 ULONG DataLength; 413 ULONG NameLength; 414 WCHAR Name[1]; 415 } KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION; 416 417 typedef NTSTATUS (WINAPI *NtCreateKeyFunction)( 418 OUT PHANDLE KeyHandle, 419 IN ACCESS_MASK DesiredAccess, 420 IN POBJECT_ATTRIBUTES ObjectAttributes, 421 IN ULONG TitleIndex, 422 IN PUNICODE_STRING Class OPTIONAL, 423 IN ULONG CreateOptions, 424 OUT PULONG Disposition OPTIONAL); 425 426 typedef NTSTATUS (WINAPI *NtOpenKeyFunction)( 427 OUT PHANDLE KeyHandle, 428 IN ACCESS_MASK DesiredAccess, 429 IN POBJECT_ATTRIBUTES ObjectAttributes); 430 431 typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)( 432 OUT PHANDLE KeyHandle, 433 IN ACCESS_MASK DesiredAccess, 434 IN POBJECT_ATTRIBUTES ObjectAttributes, 435 IN DWORD open_options); 436 437 typedef NTSTATUS (WINAPI *NtDeleteKeyFunction)( 438 IN HANDLE KeyHandle); 439 440 typedef NTSTATUS(WINAPI* RtlFormatCurrentUserKeyPathFunction)( 441 OUT PUNICODE_STRING RegistryPath); 442 443 typedef NTSTATUS(WINAPI* NtQueryValueKeyFunction)(IN HANDLE KeyHandle, 444 IN PUNICODE_STRING ValueName, 445 IN KEY_VALUE_INFORMATION_CLASS 446 KeyValueInformationClass, 447 OUT PVOID KeyValueInformation, 448 IN ULONG Length, 449 OUT PULONG ResultLength); 450 451 typedef NTSTATUS(WINAPI* NtSetValueKeyFunction)(IN HANDLE KeyHandle, 452 IN PUNICODE_STRING ValueName, 453 IN ULONG TitleIndex OPTIONAL, 454 IN ULONG Type, 455 IN PVOID Data, 456 IN ULONG DataSize); 457 458 // ----------------------------------------------------------------------- 459 // Memory 460 461 // Don't really need this structure right now. 462 typedef PVOID PRTL_HEAP_PARAMETERS; 463 464 typedef PVOID (WINAPI *RtlCreateHeapFunction)( 465 IN ULONG Flags, 466 IN PVOID HeapBase OPTIONAL, 467 IN SIZE_T ReserveSize OPTIONAL, 468 IN SIZE_T CommitSize OPTIONAL, 469 IN PVOID Lock OPTIONAL, 470 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL); 471 472 typedef PVOID (WINAPI *RtlDestroyHeapFunction)( 473 IN PVOID HeapHandle); 474 475 typedef PVOID (WINAPI *RtlAllocateHeapFunction)( 476 IN PVOID HeapHandle, 477 IN ULONG Flags, 478 IN SIZE_T Size); 479 480 typedef BOOLEAN (WINAPI *RtlFreeHeapFunction)( 481 IN PVOID HeapHandle, 482 IN ULONG Flags, 483 IN PVOID HeapBase); 484 485 typedef NTSTATUS (WINAPI *NtAllocateVirtualMemoryFunction) ( 486 IN HANDLE ProcessHandle, 487 IN OUT PVOID *BaseAddress, 488 IN ULONG_PTR ZeroBits, 489 IN OUT PSIZE_T RegionSize, 490 IN ULONG AllocationType, 491 IN ULONG Protect); 492 493 typedef NTSTATUS (WINAPI *NtFreeVirtualMemoryFunction) ( 494 IN HANDLE ProcessHandle, 495 IN OUT PVOID *BaseAddress, 496 IN OUT PSIZE_T RegionSize, 497 IN ULONG FreeType); 498 499 typedef enum _MEMORY_INFORMATION_CLASS { 500 MemoryBasicInformation = 0, 501 MemoryWorkingSetList, 502 MemorySectionName, 503 MemoryBasicVlmInformation 504 } MEMORY_INFORMATION_CLASS; 505 506 typedef struct _MEMORY_SECTION_NAME { // Information Class 2 507 UNICODE_STRING SectionFileName; 508 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME; 509 510 typedef NTSTATUS (WINAPI *NtQueryVirtualMemoryFunction)( 511 IN HANDLE ProcessHandle, 512 IN PVOID BaseAddress, 513 IN MEMORY_INFORMATION_CLASS MemoryInformationClass, 514 OUT PVOID MemoryInformation, 515 IN SIZE_T MemoryInformationLength, 516 OUT PSIZE_T ReturnLength OPTIONAL); 517 518 typedef NTSTATUS (WINAPI *NtProtectVirtualMemoryFunction)( 519 IN HANDLE ProcessHandle, 520 IN OUT PVOID* BaseAddress, 521 IN OUT PSIZE_T ProtectSize, 522 IN ULONG NewProtect, 523 OUT PULONG OldProtect); 524 525 // ----------------------------------------------------------------------- 526 // Objects 527 528 typedef enum _OBJECT_INFORMATION_CLASS { 529 ObjectBasicInformation, 530 ObjectNameInformation, 531 ObjectTypeInformation, 532 ObjectAllInformation, 533 ObjectDataInformation 534 } OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS; 535 536 typedef struct _OBJDIR_INFORMATION { 537 UNICODE_STRING ObjectName; 538 UNICODE_STRING ObjectTypeName; 539 BYTE Data[1]; 540 } OBJDIR_INFORMATION; 541 542 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION { 543 ULONG Attributes; 544 ACCESS_MASK GrantedAccess; 545 ULONG HandleCount; 546 ULONG PointerCount; 547 ULONG Reserved[10]; // reserved for internal use 548 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION; 549 550 typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION { 551 UNICODE_STRING TypeName; 552 ULONG Reserved[22]; // reserved for internal use 553 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION; 554 555 typedef enum _POOL_TYPE { 556 NonPagedPool, 557 PagedPool, 558 NonPagedPoolMustSucceed, 559 ReservedType, 560 NonPagedPoolCacheAligned, 561 PagedPoolCacheAligned, 562 NonPagedPoolCacheAlignedMustS 563 } POOL_TYPE; 564 565 typedef struct _OBJECT_BASIC_INFORMATION { 566 ULONG Attributes; 567 ACCESS_MASK GrantedAccess; 568 ULONG HandleCount; 569 ULONG PointerCount; 570 ULONG PagedPoolUsage; 571 ULONG NonPagedPoolUsage; 572 ULONG Reserved[3]; 573 ULONG NameInformationLength; 574 ULONG TypeInformationLength; 575 ULONG SecurityDescriptorLength; 576 LARGE_INTEGER CreateTime; 577 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 578 579 typedef struct _OBJECT_TYPE_INFORMATION { 580 UNICODE_STRING Name; 581 ULONG TotalNumberOfObjects; 582 ULONG TotalNumberOfHandles; 583 ULONG TotalPagedPoolUsage; 584 ULONG TotalNonPagedPoolUsage; 585 ULONG TotalNamePoolUsage; 586 ULONG TotalHandleTableUsage; 587 ULONG HighWaterNumberOfObjects; 588 ULONG HighWaterNumberOfHandles; 589 ULONG HighWaterPagedPoolUsage; 590 ULONG HighWaterNonPagedPoolUsage; 591 ULONG HighWaterNamePoolUsage; 592 ULONG HighWaterHandleTableUsage; 593 ULONG InvalidAttributes; 594 GENERIC_MAPPING GenericMapping; 595 ULONG ValidAccess; 596 BOOLEAN SecurityRequired; 597 BOOLEAN MaintainHandleCount; 598 USHORT MaintainTypeList; 599 POOL_TYPE PoolType; 600 ULONG PagedPoolUsage; 601 ULONG NonPagedPoolUsage; 602 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; 603 604 typedef enum _SYSTEM_INFORMATION_CLASS { 605 SystemHandleInformation = 16 606 } SYSTEM_INFORMATION_CLASS; 607 608 typedef struct _SYSTEM_HANDLE_INFORMATION { 609 USHORT ProcessId; 610 USHORT CreatorBackTraceIndex; 611 UCHAR ObjectTypeNumber; 612 UCHAR Flags; 613 USHORT Handle; 614 PVOID Object; 615 ACCESS_MASK GrantedAccess; 616 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; 617 618 typedef struct _SYSTEM_HANDLE_INFORMATION_EX { 619 ULONG NumberOfHandles; 620 SYSTEM_HANDLE_INFORMATION Information[1]; 621 } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX; 622 623 typedef struct _OBJECT_NAME_INFORMATION { 624 UNICODE_STRING ObjectName; 625 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; 626 627 typedef NTSTATUS (WINAPI *NtQueryObjectFunction)( 628 IN HANDLE Handle, 629 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 630 OUT PVOID ObjectInformation OPTIONAL, 631 IN ULONG ObjectInformationLength, 632 OUT PULONG ReturnLength OPTIONAL); 633 634 typedef NTSTATUS (WINAPI *NtDuplicateObjectFunction)( 635 IN HANDLE SourceProcess, 636 IN HANDLE SourceHandle, 637 IN HANDLE TargetProcess, 638 OUT PHANDLE TargetHandle, 639 IN ACCESS_MASK DesiredAccess, 640 IN ULONG Attributes, 641 IN ULONG Options); 642 643 typedef NTSTATUS (WINAPI *NtSignalAndWaitForSingleObjectFunction)( 644 IN HANDLE HandleToSignal, 645 IN HANDLE HandleToWait, 646 IN BOOLEAN Alertable, 647 IN PLARGE_INTEGER Timeout OPTIONAL); 648 649 typedef NTSTATUS (WINAPI *NtQuerySystemInformation)( 650 IN SYSTEM_INFORMATION_CLASS SystemInformationClass, 651 OUT PVOID SystemInformation, 652 IN ULONG SystemInformationLength, 653 OUT PULONG ReturnLength); 654 655 typedef NTSTATUS (WINAPI *NtQueryObject)( 656 IN HANDLE Handle, 657 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 658 OUT PVOID ObjectInformation, 659 IN ULONG ObjectInformationLength, 660 OUT PULONG ReturnLength); 661 662 // ----------------------------------------------------------------------- 663 // Strings 664 665 typedef int (__cdecl *_strnicmpFunction)( 666 IN const char* _Str1, 667 IN const char* _Str2, 668 IN size_t _MaxCount); 669 670 typedef size_t (__cdecl *strlenFunction)( 671 IN const char * _Str); 672 673 typedef size_t (__cdecl *wcslenFunction)( 674 IN const wchar_t* _Str); 675 676 typedef void* (__cdecl *memcpyFunction)( 677 IN void* dest, 678 IN const void* src, 679 IN size_t count); 680 681 typedef NTSTATUS (WINAPI *RtlAnsiStringToUnicodeStringFunction)( 682 IN OUT PUNICODE_STRING DestinationString, 683 IN PANSI_STRING SourceString, 684 IN BOOLEAN AllocateDestinationString); 685 686 typedef LONG (WINAPI *RtlCompareUnicodeStringFunction)( 687 IN PCUNICODE_STRING String1, 688 IN PCUNICODE_STRING String2, 689 IN BOOLEAN CaseInSensitive); 690 691 typedef VOID (WINAPI *RtlInitUnicodeStringFunction) ( 692 IN OUT PUNICODE_STRING DestinationString, 693 IN PCWSTR SourceString); 694 695 typedef ULONG (WINAPI* RtlNtStatusToDosErrorFunction)(NTSTATUS status); 696 697 typedef enum _EVENT_TYPE { 698 NotificationEvent, 699 SynchronizationEvent 700 } EVENT_TYPE, *PEVENT_TYPE; 701 702 typedef NTSTATUS (WINAPI* NtCreateDirectoryObjectFunction) ( 703 PHANDLE DirectoryHandle, 704 ACCESS_MASK DesiredAccess, 705 POBJECT_ATTRIBUTES ObjectAttributes); 706 707 typedef NTSTATUS (WINAPI* NtOpenDirectoryObjectFunction) ( 708 PHANDLE DirectoryHandle, 709 ACCESS_MASK DesiredAccess, 710 POBJECT_ATTRIBUTES ObjectAttributes); 711 712 typedef NTSTATUS (WINAPI* NtQuerySymbolicLinkObjectFunction) ( 713 HANDLE LinkHandle, 714 PUNICODE_STRING LinkTarget, 715 PULONG ReturnedLength); 716 717 typedef NTSTATUS (WINAPI* NtOpenSymbolicLinkObjectFunction) ( 718 PHANDLE LinkHandle, 719 ACCESS_MASK DesiredAccess, 720 POBJECT_ATTRIBUTES ObjectAttributes); 721 722 #define DIRECTORY_QUERY 0x0001 723 #define DIRECTORY_TRAVERSE 0x0002 724 #define DIRECTORY_CREATE_OBJECT 0x0004 725 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008 726 #define DIRECTORY_ALL_ACCESS 0x000F 727 728 typedef NTSTATUS (WINAPI* NtCreateLowBoxToken)( 729 OUT PHANDLE token, 730 IN HANDLE original_handle, 731 IN ACCESS_MASK access, 732 IN POBJECT_ATTRIBUTES object_attribute, 733 IN PSID appcontainer_sid, 734 IN DWORD capabilityCount, 735 IN PSID_AND_ATTRIBUTES capabilities, 736 IN DWORD handle_count, 737 IN PHANDLE handles); 738 739 typedef NTSTATUS(WINAPI *NtSetInformationProcess)( 740 IN HANDLE process_handle, 741 IN ULONG info_class, 742 IN PVOID process_information, 743 IN ULONG information_length); 744 745 struct PROCESS_ACCESS_TOKEN { 746 HANDLE token; 747 HANDLE thread; 748 }; 749 750 const unsigned int NtProcessInformationAccessToken = 9; 751 752 // ----------------------------------------------------------------------- 753 // GDI OPM API and Supported Calls 754 755 #define DXGKMDT_OPM_OMAC_SIZE 16 756 #define DXGKMDT_OPM_128_BIT_RANDOM_NUMBER_SIZE 16 757 #define DXGKMDT_OPM_ENCRYPTED_PARAMETERS_SIZE 256 758 #define DXGKMDT_OPM_CONFIGURE_SETTING_DATA_SIZE 4056 759 #define DXGKMDT_OPM_GET_INFORMATION_PARAMETERS_SIZE 4056 760 #define DXGKMDT_OPM_REQUESTED_INFORMATION_SIZE 4076 761 #define DXGKMDT_OPM_HDCP_KEY_SELECTION_VECTOR_SIZE 5 762 #define DXGKMDT_OPM_PROTECTION_TYPE_SIZE 4 763 764 enum DXGKMDT_CERTIFICATE_TYPE { 765 DXGKMDT_OPM_CERTIFICATE = 0, 766 DXGKMDT_COPP_CERTIFICATE = 1, 767 DXGKMDT_UAB_CERTIFICATE = 2, 768 DXGKMDT_FORCE_ULONG = 0xFFFFFFFF 769 }; 770 771 enum DXGKMDT_OPM_VIDEO_OUTPUT_SEMANTICS { 772 DXGKMDT_OPM_VOS_COPP_SEMANTICS = 0, 773 DXGKMDT_OPM_VOS_OPM_SEMANTICS = 1 774 }; 775 776 enum DXGKMDT_DPCP_PROTECTION_LEVEL { 777 DXGKMDT_OPM_DPCP_OFF = 0, 778 DXGKMDT_OPM_DPCP_ON = 1, 779 DXGKMDT_OPM_DPCP_FORCE_ULONG = 0x7fffffff 780 }; 781 782 enum DXGKMDT_OPM_HDCP_PROTECTION_LEVEL { 783 DXGKMDT_OPM_HDCP_OFF = 0, 784 DXGKMDT_OPM_HDCP_ON = 1, 785 DXGKMDT_OPM_HDCP_FORCE_ULONG = 0x7fffffff 786 }; 787 788 enum DXGKMDT_OPM_HDCP_FLAG { 789 DXGKMDT_OPM_HDCP_FLAG_NONE = 0x00, 790 DXGKMDT_OPM_HDCP_FLAG_REPEATER = 0x01 791 }; 792 793 enum DXGKMDT_OPM_PROTECTION_TYPE { 794 DXGKMDT_OPM_PROTECTION_TYPE_OTHER = 0x80000000, 795 DXGKMDT_OPM_PROTECTION_TYPE_NONE = 0x00000000, 796 DXGKMDT_OPM_PROTECTION_TYPE_COPP_COMPATIBLE_HDCP = 0x00000001, 797 DXGKMDT_OPM_PROTECTION_TYPE_ACP = 0x00000002, 798 DXGKMDT_OPM_PROTECTION_TYPE_CGMSA = 0x00000004, 799 DXGKMDT_OPM_PROTECTION_TYPE_HDCP = 0x00000008, 800 DXGKMDT_OPM_PROTECTION_TYPE_DPCP = 0x00000010, 801 DXGKMDT_OPM_PROTECTION_TYPE_MASK = 0x8000001F 802 }; 803 804 typedef void* OPM_PROTECTED_OUTPUT_HANDLE; 805 806 struct DXGKMDT_OPM_ENCRYPTED_PARAMETERS { 807 BYTE abEncryptedParameters[DXGKMDT_OPM_ENCRYPTED_PARAMETERS_SIZE]; 808 }; 809 810 struct DXGKMDT_OPM_OMAC { 811 BYTE abOMAC[DXGKMDT_OPM_OMAC_SIZE]; 812 }; 813 814 struct DXGKMDT_OPM_CONFIGURE_PARAMETERS { 815 DXGKMDT_OPM_OMAC omac; 816 GUID guidSetting; 817 ULONG ulSequenceNumber; 818 ULONG cbParametersSize; 819 BYTE abParameters[DXGKMDT_OPM_CONFIGURE_SETTING_DATA_SIZE]; 820 }; 821 822 struct DXGKMDT_OPM_RANDOM_NUMBER { 823 BYTE abRandomNumber[DXGKMDT_OPM_128_BIT_RANDOM_NUMBER_SIZE]; 824 }; 825 826 struct DXGKMDT_OPM_GET_INFO_PARAMETERS { 827 DXGKMDT_OPM_OMAC omac; 828 DXGKMDT_OPM_RANDOM_NUMBER rnRandomNumber; 829 GUID guidInformation; 830 ULONG ulSequenceNumber; 831 ULONG cbParametersSize; 832 BYTE abParameters[DXGKMDT_OPM_GET_INFORMATION_PARAMETERS_SIZE]; 833 }; 834 835 struct DXGKMDT_OPM_REQUESTED_INFORMATION { 836 DXGKMDT_OPM_OMAC omac; 837 ULONG cbRequestedInformationSize; 838 BYTE abRequestedInformation[DXGKMDT_OPM_REQUESTED_INFORMATION_SIZE]; 839 }; 840 841 struct DXGKMDT_OPM_SET_PROTECTION_LEVEL_PARAMETERS { 842 ULONG ulProtectionType; 843 ULONG ulProtectionLevel; 844 ULONG Reserved; 845 ULONG Reserved2; 846 }; 847 848 struct DXGKMDT_OPM_STANDARD_INFORMATION { 849 DXGKMDT_OPM_RANDOM_NUMBER rnRandomNumber; 850 ULONG ulStatusFlags; 851 ULONG ulInformation; 852 ULONG ulReserved; 853 ULONG ulReserved2; 854 }; 855 856 typedef NTSTATUS(WINAPI* GetSuggestedOPMProtectedOutputArraySizeFunction)( 857 PUNICODE_STRING device_name, 858 DWORD* suggested_output_array_size); 859 860 typedef NTSTATUS(WINAPI* CreateOPMProtectedOutputsFunction)( 861 PUNICODE_STRING device_name, 862 DXGKMDT_OPM_VIDEO_OUTPUT_SEMANTICS vos, 863 DWORD output_array_size, 864 DWORD* num_in_output_array, 865 OPM_PROTECTED_OUTPUT_HANDLE* output_array); 866 867 typedef NTSTATUS(WINAPI* GetCertificateFunction)( 868 PUNICODE_STRING device_name, 869 DXGKMDT_CERTIFICATE_TYPE certificate_type, 870 BYTE* certificate, 871 ULONG certificate_length); 872 873 typedef NTSTATUS(WINAPI* GetCertificateSizeFunction)( 874 PUNICODE_STRING device_name, 875 DXGKMDT_CERTIFICATE_TYPE certificate_type, 876 ULONG* certificate_length); 877 878 typedef NTSTATUS(WINAPI* GetCertificateByHandleFunction)( 879 OPM_PROTECTED_OUTPUT_HANDLE protected_output, 880 DXGKMDT_CERTIFICATE_TYPE certificate_type, 881 BYTE* certificate, 882 ULONG certificate_length); 883 884 typedef NTSTATUS(WINAPI* GetCertificateSizeByHandleFunction)( 885 OPM_PROTECTED_OUTPUT_HANDLE protected_output, 886 DXGKMDT_CERTIFICATE_TYPE certificate_type, 887 ULONG* certificate_length); 888 889 typedef NTSTATUS(WINAPI* DestroyOPMProtectedOutputFunction)( 890 OPM_PROTECTED_OUTPUT_HANDLE protected_output); 891 892 typedef NTSTATUS(WINAPI* ConfigureOPMProtectedOutputFunction)( 893 OPM_PROTECTED_OUTPUT_HANDLE protected_output, 894 const DXGKMDT_OPM_CONFIGURE_PARAMETERS* parameters, 895 ULONG additional_parameters_size, 896 const BYTE* additional_parameters); 897 898 typedef NTSTATUS(WINAPI* GetOPMInformationFunction)( 899 OPM_PROTECTED_OUTPUT_HANDLE protected_output, 900 const DXGKMDT_OPM_GET_INFO_PARAMETERS* parameters, 901 DXGKMDT_OPM_REQUESTED_INFORMATION* requested_information); 902 903 typedef NTSTATUS(WINAPI* GetOPMRandomNumberFunction)( 904 OPM_PROTECTED_OUTPUT_HANDLE protected_output, 905 DXGKMDT_OPM_RANDOM_NUMBER* random_number); 906 907 typedef NTSTATUS(WINAPI* SetOPMSigningKeyAndSequenceNumbersFunction)( 908 OPM_PROTECTED_OUTPUT_HANDLE protected_output, 909 const DXGKMDT_OPM_ENCRYPTED_PARAMETERS* parameters); 910 911 #endif // SANDBOX_WIN_SRC_NT_INTERNALS_H__ 912 913