中文版
Code/Resource
- Windows Develop
- Linux-Unix program
- Internet-Socket-Network
- Web Server
- Browser Client
- Ftp Server
- Ftp Client
- Browser Plugins
- Proxy Server
- Email Server
- Email Client
- WEB Mail
- Firewall-Security
- Telnet Server
- Telnet Client
- ICQ-IM-Chat
- Search Engine
- Sniffer Package capture
- Remote Control
- xml-soap-webservice
- P2P
- WEB(ASP,PHP,...)
- TCP/IP Stack
- SNMP
- Grid Computing
- SilverLight
- DNS
- Cluster Service
- Network Security
- Communication-Mobile
- Game Program
- Editor
- Multimedia program
- Graph program
- Compiler program
- Compress-Decompress algrithms
- Crypt_Decrypt algrithms
- Mathimatics-Numerical algorithms
- MultiLanguage
- Disk/Storage
- Java Develop
- assembly language
- Applications
- Other systems
- Database system
- Embeded-SCM Develop
- FlashMX/Flex
- source in ebook
- Delphi VCL
- OS Develop
- MiddleWare
- MPI
- MacOS develop
- LabView
- ELanguage
- Software/Tools
- E-Books
- Artical/Document
WinNT.h
Package: SwordOnline.rar [view]
Upload User: dzyhzl
Upload Date: 2019-04-29
Package Size: 56270k
Code Size: 293k
Category:
Game Server Simulator
Development Platform:
C/C++
- // end_ntddk end_nthal
- //
- // Stack frame header
- //
- // Order of appearance in stack frame:
- // Header (six words)
- // Parameters (at least eight words)
- // Local variables
- // Saved GPRs
- // Saved FPRs
- //
- // Minimum alignment is 8 bytes
- typedef struct _STACK_FRAME_HEADER { // GPR 1 points here
- DWORD BackChain; // Addr of previous frame
- DWORD GlueSaved1; // Used by glue code
- DWORD GlueSaved2;
- DWORD Reserved1; // Reserved
- DWORD Spare1; // Used by tracing, profiling, ...
- DWORD Spare2;
- DWORD Parameter0; // First 8 parameter words are
- DWORD Parameter1; // always present
- DWORD Parameter2;
- DWORD Parameter3;
- DWORD Parameter4;
- DWORD Parameter5;
- DWORD Parameter6;
- DWORD Parameter7;
- } STACK_FRAME_HEADER,*PSTACK_FRAME_HEADER;
- VOID
- __jump_unwind (
- PVOID Fp,
- PVOID TargetPc
- );
- #endif // defined(_MPPC_)
- #if !defined(__midl) && !defined(GENUTIL) && !defined(_GENIA64_) && defined(_IA64_)
- void * _cdecl _rdteb(void);
- #if defined(_M_IA64) // winnt
- #pragma intrinsic(_rdteb) // winnt
- #endif // winnt
- #if defined(_M_IA64)
- #define NtCurrentTeb() ((struct _TEB *)_rdteb())
- #else
- struct _TEB *
- NtCurrentTeb(void);
- #endif
- //
- // Define functions to get the address of the current fiber and the
- // current fiber data.
- //
- #define GetCurrentFiber() (((PNT_TIB)NtCurrentTeb())->FiberData)
- #define GetFiberData() (*(PVOID *)(GetCurrentFiber()))
- #endif // !defined(__midl) && !defined(GENUTIL) && !defined(_GENIA64_) && defined(_M_IA64)
- #ifdef _IA64_
- // begin_ntddk begin_nthal
- //
- // The following flags control the contents of the CONTEXT structure.
- //
- #if !defined(RC_INVOKED)
- #define CONTEXT_IA64 0x00080000
- #define CONTEXT_CONTROL (CONTEXT_IA64 | 0x00000001L)
- #define CONTEXT_LOWER_FLOATING_POINT (CONTEXT_IA64 | 0x00000002L)
- #define CONTEXT_HIGHER_FLOATING_POINT (CONTEXT_IA64 | 0x00000004L)
- #define CONTEXT_INTEGER (CONTEXT_IA64 | 0x00000008L)
- #define CONTEXT_DEBUG (CONTEXT_IA64 | 0x00000010L)
- #define CONTEXT_IA32_CONTROL (CONTEXT_IA64 | 0x00000020L) // Includes StIPSR
- #define CONTEXT_FLOATING_POINT (CONTEXT_LOWER_FLOATING_POINT | CONTEXT_HIGHER_FLOATING_POINT)
- #define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | CONTEXT_INTEGER | CONTEXT_IA32_CONTROL)
- #endif // !defined(RC_INVOKED)
- //
- // Context Frame
- //
- // This frame has a several purposes: 1) it is used as an argument to
- // NtContinue, 2) it is used to construct a call frame for APC delivery,
- // 3) it is used to construct a call frame for exception dispatching
- // in user mode, 4) it is used in the user level thread creation
- // routines, and 5) it is used to to pass thread state to debuggers.
- //
- // N.B. Because this record is used as a call frame, it must be EXACTLY
- // a multiple of 16 bytes in length and aligned on a 16-byte boundary.
- //
- typedef struct _CONTEXT {
- //
- // The flags values within this flag control the contents of
- // a CONTEXT record.
- //
- // If the context record is used as an input parameter, then
- // for each portion of the context record controlled by a flag
- // whose value is set, it is assumed that that portion of the
- // context record contains valid context. If the context record
- // is being used to modify a thread's context, then only that
- // portion of the threads context will be modified.
- //
- // If the context record is used as an IN OUT parameter to capture
- // the context of a thread, then only those portions of the thread's
- // context corresponding to set flags will be returned.
- //
- // The context record is never used as an OUT only parameter.
- //
- DWORD ContextFlags;
- DWORD Fill1[3]; // for alignment of following on 16-byte boundary
- //
- // This section is specified/returned if the ContextFlags word contains
- // the flag CONTEXT_DEBUG.
- //
- // N.B. CONTEXT_DEBUG is *not* part of CONTEXT_FULL.
- //
- ULONGLONG DbI0;
- ULONGLONG DbI1;
- ULONGLONG DbI2;
- ULONGLONG DbI3;
- ULONGLONG DbI4;
- ULONGLONG DbI5;
- ULONGLONG DbI6;
- ULONGLONG DbI7;
- ULONGLONG DbD0;
- ULONGLONG DbD1;
- ULONGLONG DbD2;
- ULONGLONG DbD3;
- ULONGLONG DbD4;
- ULONGLONG DbD5;
- ULONGLONG DbD6;
- ULONGLONG DbD7;
- //
- // This section is specified/returned if the ContextFlags word contains
- // the flag CONTEXT_LOWER_FLOATING_POINT.
- //
- FLOAT128 FltS0;
- FLOAT128 FltS1;
- FLOAT128 FltS2;
- FLOAT128 FltS3;
- FLOAT128 FltT0;
- FLOAT128 FltT1;
- FLOAT128 FltT2;
- FLOAT128 FltT3;
- FLOAT128 FltT4;
- FLOAT128 FltT5;
- FLOAT128 FltT6;
- FLOAT128 FltT7;
- FLOAT128 FltT8;
- FLOAT128 FltT9;
- //
- // This section is specified/returned if the ContextFlags word contains
- // the flag CONTEXT_HIGHER_FLOATING_POINT.
- //
- FLOAT128 FltS4;
- FLOAT128 FltS5;
- FLOAT128 FltS6;
- FLOAT128 FltS7;
- FLOAT128 FltS8;
- FLOAT128 FltS9;
- FLOAT128 FltS10;
- FLOAT128 FltS11;
- FLOAT128 FltS12;
- FLOAT128 FltS13;
- FLOAT128 FltS14;
- FLOAT128 FltS15;
- FLOAT128 FltS16;
- FLOAT128 FltS17;
- FLOAT128 FltS18;
- FLOAT128 FltS19;
- FLOAT128 FltF32;
- FLOAT128 FltF33;
- FLOAT128 FltF34;
- FLOAT128 FltF35;
- FLOAT128 FltF36;
- FLOAT128 FltF37;
- FLOAT128 FltF38;
- FLOAT128 FltF39;
- FLOAT128 FltF40;
- FLOAT128 FltF41;
- FLOAT128 FltF42;
- FLOAT128 FltF43;
- FLOAT128 FltF44;
- FLOAT128 FltF45;
- FLOAT128 FltF46;
- FLOAT128 FltF47;
- FLOAT128 FltF48;
- FLOAT128 FltF49;
- FLOAT128 FltF50;
- FLOAT128 FltF51;
- FLOAT128 FltF52;
- FLOAT128 FltF53;
- FLOAT128 FltF54;
- FLOAT128 FltF55;
- FLOAT128 FltF56;
- FLOAT128 FltF57;
- FLOAT128 FltF58;
- FLOAT128 FltF59;
- FLOAT128 FltF60;
- FLOAT128 FltF61;
- FLOAT128 FltF62;
- FLOAT128 FltF63;
- FLOAT128 FltF64;
- FLOAT128 FltF65;
- FLOAT128 FltF66;
- FLOAT128 FltF67;
- FLOAT128 FltF68;
- FLOAT128 FltF69;
- FLOAT128 FltF70;
- FLOAT128 FltF71;
- FLOAT128 FltF72;
- FLOAT128 FltF73;
- FLOAT128 FltF74;
- FLOAT128 FltF75;
- FLOAT128 FltF76;
- FLOAT128 FltF77;
- FLOAT128 FltF78;
- FLOAT128 FltF79;
- FLOAT128 FltF80;
- FLOAT128 FltF81;
- FLOAT128 FltF82;
- FLOAT128 FltF83;
- FLOAT128 FltF84;
- FLOAT128 FltF85;
- FLOAT128 FltF86;
- FLOAT128 FltF87;
- FLOAT128 FltF88;
- FLOAT128 FltF89;
- FLOAT128 FltF90;
- FLOAT128 FltF91;
- FLOAT128 FltF92;
- FLOAT128 FltF93;
- FLOAT128 FltF94;
- FLOAT128 FltF95;
- FLOAT128 FltF96;
- FLOAT128 FltF97;
- FLOAT128 FltF98;
- FLOAT128 FltF99;
- FLOAT128 FltF100;
- FLOAT128 FltF101;
- FLOAT128 FltF102;
- FLOAT128 FltF103;
- FLOAT128 FltF104;
- FLOAT128 FltF105;
- FLOAT128 FltF106;
- FLOAT128 FltF107;
- FLOAT128 FltF108;
- FLOAT128 FltF109;
- FLOAT128 FltF110;
- FLOAT128 FltF111;
- FLOAT128 FltF112;
- FLOAT128 FltF113;
- FLOAT128 FltF114;
- FLOAT128 FltF115;
- FLOAT128 FltF116;
- FLOAT128 FltF117;
- FLOAT128 FltF118;
- FLOAT128 FltF119;
- FLOAT128 FltF120;
- FLOAT128 FltF121;
- FLOAT128 FltF122;
- FLOAT128 FltF123;
- FLOAT128 FltF124;
- FLOAT128 FltF125;
- FLOAT128 FltF126;
- FLOAT128 FltF127;
- //
- // This section is specified/returned if the ContextFlags word contains
- // the flag CONTEXT_LOWER_FLOATING_POINT | CONTEXT_HIGHER_FLOATING_POINT | CONTEXT_CONTROL.
- //
- ULONGLONG StFPSR; // FP status
- //
- // This section is specified/returned if the ContextFlags word contains
- // the flag CONTEXT_INTEGER.
- //
- // N.B. The registers gp, sp, rp are part of the control context
- //
- ULONGLONG IntGp; // r1, volatile
- ULONGLONG IntT0; // r2-r3, volatile
- ULONGLONG IntT1; //
- ULONGLONG IntS0; // r4-r7, preserved
- ULONGLONG IntS1;
- ULONGLONG IntS2;
- ULONGLONG IntS3;
- ULONGLONG IntV0; // r8, volatile
- ULONGLONG IntT2; // r9-r11, volatile
- ULONGLONG IntT3;
- ULONGLONG IntT4;
- ULONGLONG IntSp; // stack pointer (r12), special
- ULONGLONG IntTeb; // teb (r13), special
- ULONGLONG IntT5; // r14-r31, volatile
- ULONGLONG IntT6;
- ULONGLONG IntT7;
- ULONGLONG IntT8;
- ULONGLONG IntT9;
- ULONGLONG IntT10;
- ULONGLONG IntT11;
- ULONGLONG IntT12;
- ULONGLONG IntT13;
- ULONGLONG IntT14;
- ULONGLONG IntT15;
- ULONGLONG IntT16;
- ULONGLONG IntT17;
- ULONGLONG IntT18;
- ULONGLONG IntT19;
- ULONGLONG IntT20;
- ULONGLONG IntT21;
- ULONGLONG IntT22;
- ULONGLONG IntNats; // Nat bits for r1-r31
- // r1-r31 in bits 1 thru 31.
- ULONGLONG Preds; // predicates, preserved
- ULONGLONG BrRp; // return pointer, b0, preserved
- ULONGLONG BrS0; // b1-b5, preserved
- ULONGLONG BrS1;
- ULONGLONG BrS2;
- ULONGLONG BrS3;
- ULONGLONG BrS4;
- ULONGLONG BrT0; // b6-b7, volatile
- ULONGLONG BrT1;
- //
- // This section is specified/returned if the ContextFlags word contains
- // the flag CONTEXT_CONTROL.
- //
- // Other application registers
- ULONGLONG ApUNAT; // User Nat collection register, preserved
- ULONGLONG ApLC; // Loop counter register, preserved
- ULONGLONG ApEC; // Epilog counter register, preserved
- ULONGLONG ApCCV; // CMPXCHG value register, volatile
- ULONGLONG ApDCR; // Default control register (TBD)
- // Register stack info
- ULONGLONG RsPFS; // Previous function state, preserved
- ULONGLONG RsBSP; // Backing store pointer, preserved
- ULONGLONG RsBSPSTORE;
- ULONGLONG RsRSC; // RSE configuration, volatile
- ULONGLONG RsRNAT; // RSE Nat collection register, preserved
- // Trap Status Information
- ULONGLONG StIPSR; // Interruption Processor Status
- ULONGLONG StIIP; // Interruption IP
- ULONGLONG StIFS; // Interruption Function State
- // iA32 related control registers
- ULONGLONG StFCR; // copy of Ar21
- ULONGLONG Eflag; // Eflag copy of Ar24
- ULONGLONG SegCSD; // iA32 CSDescriptor (Ar25)
- ULONGLONG SegSSD; // iA32 SSDescriptor (Ar26)
- ULONGLONG Cflag; // Cr0+Cr4 copy of Ar27
- ULONGLONG StFSR; // x86 FP status (copy of AR28)
- ULONGLONG StFIR; // x86 FP status (copy of AR29)
- ULONGLONG StFDR; // x86 FP status (copy of AR30)
- ULONGLONG UNUSEDPACK; // added to pack StFDR to 16-bytes
- } CONTEXT, *PCONTEXT;
- // begin_winnt
- //
- // Plabel descriptor structure definition
- //
- typedef struct _PLABEL_DESCRIPTOR {
- ULONGLONG EntryPoint;
- ULONGLONG GlobalPointer;
- } PLABEL_DESCRIPTOR, *PPLABEL_DESCRIPTOR;
- #endif // _IA64_
- #ifdef _IA64_
- VOID
- __jump_unwind (
- ULONGLONG TargetMsFrame,
- ULONGLONG TargetBsFrame,
- ULONGLONG TargetPc
- );
- #endif // _IA64_
- #define EXCEPTION_NONCONTINUABLE 0x1 // Noncontinuable exception
- #define EXCEPTION_MAXIMUM_PARAMETERS 15 // maximum number of exception parameters
- //
- // Exception record definition.
- //
- typedef struct _EXCEPTION_RECORD {
- DWORD ExceptionCode;
- DWORD ExceptionFlags;
- struct _EXCEPTION_RECORD *ExceptionRecord;
- PVOID ExceptionAddress;
- DWORD NumberParameters;
- ULONG_PTR ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
- } EXCEPTION_RECORD;
- typedef EXCEPTION_RECORD *PEXCEPTION_RECORD;
- typedef struct _EXCEPTION_RECORD32 {
- DWORD ExceptionCode;
- DWORD ExceptionFlags;
- DWORD ExceptionRecord;
- DWORD ExceptionAddress;
- DWORD NumberParameters;
- DWORD ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
- } EXCEPTION_RECORD32, *PEXCEPTION_RECORD32;
- typedef struct _EXCEPTION_RECORD64 {
- DWORD ExceptionCode;
- DWORD ExceptionFlags;
- DWORD64 ExceptionRecord;
- DWORD64 ExceptionAddress;
- DWORD NumberParameters;
- DWORD __unusedAlignment;
- DWORD64 ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
- } EXCEPTION_RECORD64, *PEXCEPTION_RECORD64;
- //
- // Typedef for pointer returned by exception_info()
- //
- typedef struct _EXCEPTION_POINTERS {
- PEXCEPTION_RECORD ExceptionRecord;
- PCONTEXT ContextRecord;
- } EXCEPTION_POINTERS, *PEXCEPTION_POINTERS;
- typedef PVOID PACCESS_TOKEN;
- typedef PVOID PSECURITY_DESCRIPTOR;
- typedef PVOID PSID;
- ////////////////////////////////////////////////////////////////////////
- // //
- // ACCESS MASK //
- // //
- ////////////////////////////////////////////////////////////////////////
- //
- // Define the access mask as a longword sized structure divided up as
- // follows:
- //
- // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
- // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- // +---------------+---------------+-------------------------------+
- // |G|G|G|G|Res'd|A| StandardRights| SpecificRights |
- // |R|W|E|A| |S| | |
- // +-+-------------+---------------+-------------------------------+
- //
- // typedef struct _ACCESS_MASK {
- // WORD SpecificRights;
- // BYTE StandardRights;
- // BYTE AccessSystemAcl : 1;
- // BYTE Reserved : 3;
- // BYTE GenericAll : 1;
- // BYTE GenericExecute : 1;
- // BYTE GenericWrite : 1;
- // BYTE GenericRead : 1;
- // } ACCESS_MASK;
- // typedef ACCESS_MASK *PACCESS_MASK;
- //
- // but to make life simple for programmer's we'll allow them to specify
- // a desired access mask by simply OR'ing together mulitple single rights
- // and treat an access mask as a DWORD. For example
- //
- // DesiredAccess = DELETE | READ_CONTROL
- //
- // So we'll declare ACCESS_MASK as DWORD
- //
- // begin_ntddk begin_wdm begin_nthal begin_ntifs
- typedef DWORD ACCESS_MASK;
- typedef ACCESS_MASK *PACCESS_MASK;
- ////////////////////////////////////////////////////////////////////////
- // //
- // ACCESS TYPES //
- // //
- ////////////////////////////////////////////////////////////////////////
- // begin_ntddk begin_wdm begin_nthal begin_ntifs
- //
- // The following are masks for the predefined standard access types
- //
- #define DELETE (0x00010000L)
- #define READ_CONTROL (0x00020000L)
- #define WRITE_DAC (0x00040000L)
- #define WRITE_OWNER (0x00080000L)
- #define SYNCHRONIZE (0x00100000L)
- #define STANDARD_RIGHTS_REQUIRED (0x000F0000L)
- #define STANDARD_RIGHTS_READ (READ_CONTROL)
- #define STANDARD_RIGHTS_WRITE (READ_CONTROL)
- #define STANDARD_RIGHTS_EXECUTE (READ_CONTROL)
- #define STANDARD_RIGHTS_ALL (0x001F0000L)
- #define SPECIFIC_RIGHTS_ALL (0x0000FFFFL)
- //
- // AccessSystemAcl access type
- //
- #define ACCESS_SYSTEM_SECURITY (0x01000000L)
- //
- // MaximumAllowed access type
- //
- #define MAXIMUM_ALLOWED (0x02000000L)
- //
- // These are the generic rights.
- //
- #define GENERIC_READ (0x80000000L)
- #define GENERIC_WRITE (0x40000000L)
- #define GENERIC_EXECUTE (0x20000000L)
- #define GENERIC_ALL (0x10000000L)
- //
- // Define the generic mapping array. This is used to denote the
- // mapping of each generic access right to a specific access mask.
- //
- typedef struct _GENERIC_MAPPING {
- ACCESS_MASK GenericRead;
- ACCESS_MASK GenericWrite;
- ACCESS_MASK GenericExecute;
- ACCESS_MASK GenericAll;
- } GENERIC_MAPPING;
- typedef GENERIC_MAPPING *PGENERIC_MAPPING;
- ////////////////////////////////////////////////////////////////////////
- // //
- // LUID_AND_ATTRIBUTES //
- // //
- ////////////////////////////////////////////////////////////////////////
- //
- //
- #include <pshpack4.h>
- typedef struct _LUID_AND_ATTRIBUTES {
- LUID Luid;
- DWORD Attributes;
- } LUID_AND_ATTRIBUTES, * PLUID_AND_ATTRIBUTES;
- typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
- typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
- #include <poppack.h>
- ////////////////////////////////////////////////////////////////////////
- // //
- // Security Id (SID) //
- // //
- ////////////////////////////////////////////////////////////////////////
- //
- //
- // Pictorially the structure of an SID is as follows:
- //
- // 1 1 1 1 1 1
- // 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- // +---------------------------------------------------------------+
- // | SubAuthorityCount |Reserved1 (SBZ)| Revision |
- // +---------------------------------------------------------------+
- // | IdentifierAuthority[0] |
- // +---------------------------------------------------------------+
- // | IdentifierAuthority[1] |
- // +---------------------------------------------------------------+
- // | IdentifierAuthority[2] |
- // +---------------------------------------------------------------+
- // | |
- // +- - - - - - - - SubAuthority[] - - - - - - - - -+
- // | |
- // +---------------------------------------------------------------+
- //
- //
- // begin_ntifs
- #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
- #define SID_IDENTIFIER_AUTHORITY_DEFINED
- typedef struct _SID_IDENTIFIER_AUTHORITY {
- BYTE Value[6];
- } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
- #endif
- #ifndef SID_DEFINED
- #define SID_DEFINED
- typedef struct _SID {
- BYTE Revision;
- BYTE SubAuthorityCount;
- SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
- #ifdef MIDL_PASS
- [size_is(SubAuthorityCount)] DWORD SubAuthority[*];
- #else // MIDL_PASS
- DWORD SubAuthority[ANYSIZE_ARRAY];
- #endif // MIDL_PASS
- } SID, *PISID;
- #endif
- #define SID_REVISION (1) // Current revision level
- #define SID_MAX_SUB_AUTHORITIES (15)
- #define SID_RECOMMENDED_SUB_AUTHORITIES (1) // Will change to around 6
- // in a future release.
- #ifndef MIDL_PASS
- #define SECURITY_MAX_SID_SIZE
- (sizeof(SID) - sizeof(DWORD) + (SID_MAX_SUB_AUTHORITIES * sizeof(DWORD)))
- #endif // MIDL_PASS
- typedef enum _SID_NAME_USE {
- SidTypeUser = 1,
- SidTypeGroup,
- SidTypeDomain,
- SidTypeAlias,
- SidTypeWellKnownGroup,
- SidTypeDeletedAccount,
- SidTypeInvalid,
- SidTypeUnknown,
- SidTypeComputer
- } SID_NAME_USE, *PSID_NAME_USE;
- typedef struct _SID_AND_ATTRIBUTES {
- PSID Sid;
- DWORD Attributes;
- } SID_AND_ATTRIBUTES, * PSID_AND_ATTRIBUTES;
- typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
- typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
- /////////////////////////////////////////////////////////////////////////////
- // //
- // Universal well-known SIDs //
- // //
- // Null SID S-1-0-0 //
- // World S-1-1-0 //
- // Local S-1-2-0 //
- // Creator Owner ID S-1-3-0 //
- // Creator Group ID S-1-3-1 //
- // Creator Owner Server ID S-1-3-2 //
- // Creator Group Server ID S-1-3-3 //
- // //
- // (Non-unique IDs) S-1-4 //
- // //
- /////////////////////////////////////////////////////////////////////////////
- #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
- #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
- #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
- #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
- #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
- #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
- #define SECURITY_NULL_RID (0x00000000L)
- #define SECURITY_WORLD_RID (0x00000000L)
- #define SECURITY_LOCAL_RID (0x00000000L)
- #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
- #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
- #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
- #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
- /////////////////////////////////////////////////////////////////////////////
- // //
- // NT well-known SIDs //
- // //
- // NT Authority S-1-5 //
- // Dialup S-1-5-1 //
- // //
- // Network S-1-5-2 //
- // Batch S-1-5-3 //
- // Interactive S-1-5-4 //
- // Service S-1-5-6 //
- // AnonymousLogon S-1-5-7 (aka null logon session) //
- // Proxy S-1-5-8 //
- // ServerLogon S-1-5-9 (aka domain controller account) //
- // Self S-1-5-10 (self RID) //
- // Authenticated User S-1-5-11 (Authenticated user somewhere) //
- // Restricted Code S-1-5-12 (Running restricted code) //
- // Terminal Server S-1-5-13 (Running on Terminal Server) //
- // Remote Logon S-1-5-14 (Remote Interactive Logon) //
- // //
- // (Logon IDs) S-1-5-5-X-Y //
- // //
- // (NT non-unique IDs) S-1-5-0x15-... //
- // //
- // (Built-in domain) s-1-5-0x20 //
- // //
- /////////////////////////////////////////////////////////////////////////////
- #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} // ntifs
- #define SECURITY_DIALUP_RID (0x00000001L)
- #define SECURITY_NETWORK_RID (0x00000002L)
- #define SECURITY_BATCH_RID (0x00000003L)
- #define SECURITY_INTERACTIVE_RID (0x00000004L)
- #define SECURITY_SERVICE_RID (0x00000006L)
- #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
- #define SECURITY_PROXY_RID (0x00000008L)
- #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
- #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
- #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
- #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
- #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
- #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
- #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
- #define SECURITY_LOGON_IDS_RID (0x00000005L)
- #define SECURITY_LOGON_IDS_RID_COUNT (3L)
- #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
- #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
- #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
- #define SECURITY_NT_NON_UNIQUE (0x00000015L)
- #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
- #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
- /////////////////////////////////////////////////////////////////////////////
- // //
- // well-known domain relative sub-authority values (RIDs)... //
- // //
- /////////////////////////////////////////////////////////////////////////////
- // Well-known users ...
- #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
- #define DOMAIN_USER_RID_GUEST (0x000001F5L)
- #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
- // well-known groups ...
- #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
- #define DOMAIN_GROUP_RID_USERS (0x00000201L)
- #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
- #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
- #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
- #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
- #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
- #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
- #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
- // well-known aliases ...
- #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
- #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
- #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
- #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
- #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
- #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
- #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
- #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
- #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
- #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
- #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
- #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
- #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
- //
- // Allocate the System Luid. The first 1000 LUIDs are reserved.
- // Use #999 here (0x3E7 = 999)
- //
- #define SYSTEM_LUID { 0x3E7, 0x0 }
- #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
- #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
- #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
- // end_ntifs
- ////////////////////////////////////////////////////////////////////////
- // //
- // User and Group related SID attributes //
- // //
- ////////////////////////////////////////////////////////////////////////
- //
- // Group attributes
- //
- #define SE_GROUP_MANDATORY (0x00000001L)
- #define SE_GROUP_ENABLED_BY_DEFAULT (0x00000002L)
- #define SE_GROUP_ENABLED (0x00000004L)
- #define SE_GROUP_OWNER (0x00000008L)
- #define SE_GROUP_USE_FOR_DENY_ONLY (0x00000010L)
- #define SE_GROUP_LOGON_ID (0xC0000000L)
- #define SE_GROUP_RESOURCE (0x20000000L)
- //
- // User attributes
- //
- // (None yet defined.)
- ////////////////////////////////////////////////////////////////////////
- // //
- // ACL and ACE //
- // //
- ////////////////////////////////////////////////////////////////////////
- //
- // Define an ACL and the ACE format. The structure of an ACL header
- // followed by one or more ACEs. Pictorally the structure of an ACL header
- // is as follows:
- //
- // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
- // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- // +-------------------------------+---------------+---------------+
- // | AclSize | Sbz1 | AclRevision |
- // +-------------------------------+---------------+---------------+
- // | Sbz2 | AceCount |
- // +-------------------------------+-------------------------------+
- //
- // The current AclRevision is defined to be ACL_REVISION.
- //
- // AclSize is the size, in bytes, allocated for the ACL. This includes
- // the ACL header, ACES, and remaining free space in the buffer.
- //
- // AceCount is the number of ACES in the ACL.
- //
- // begin_ntddk begin_wdm begin_ntifs
- // This is the *current* ACL revision
- #define ACL_REVISION (2)
- #define ACL_REVISION_DS (4)
- // This is the history of ACL revisions. Add a new one whenever
- // ACL_REVISION is updated
- #define ACL_REVISION1 (1)
- #define MIN_ACL_REVISION ACL_REVISION2
- #define ACL_REVISION2 (2)
- #define ACL_REVISION3 (3)
- #define ACL_REVISION4 (4)
- #define MAX_ACL_REVISION ACL_REVISION4
- typedef struct _ACL {
- BYTE AclRevision;
- BYTE Sbz1;
- WORD AclSize;
- WORD AceCount;
- WORD Sbz2;
- } ACL;
- typedef ACL *PACL;
- // end_ntddk end_wdm
- //
- // The structure of an ACE is a common ace header followed by ace type
- // specific data. Pictorally the structure of the common ace header is
- // as follows:
- //
- // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
- // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- // +---------------+-------+-------+---------------+---------------+
- // | AceSize | AceFlags | AceType |
- // +---------------+-------+-------+---------------+---------------+
- //
- // AceType denotes the type of the ace, there are some predefined ace
- // types
- //
- // AceSize is the size, in bytes, of ace.
- //
- // AceFlags are the Ace flags for audit and inheritance, defined shortly.
- typedef struct _ACE_HEADER {
- BYTE AceType;
- BYTE AceFlags;
- WORD AceSize;
- } ACE_HEADER;
- typedef ACE_HEADER *PACE_HEADER;
- //
- // The following are the predefined ace types that go into the AceType
- // field of an Ace header.
- //
- #define ACCESS_MIN_MS_ACE_TYPE (0x0)
- #define ACCESS_ALLOWED_ACE_TYPE (0x0)
- #define ACCESS_DENIED_ACE_TYPE (0x1)
- #define SYSTEM_AUDIT_ACE_TYPE (0x2)
- #define SYSTEM_ALARM_ACE_TYPE (0x3)
- #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
- #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
- #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
- #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
- #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
- #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
- #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
- #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
- #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
- #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
- #define ACCESS_MAX_MS_ACE_TYPE (0x8)
- #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
- #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
- #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
- #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
- #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
- #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
- #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
- #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
- #define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
- //
- // The following are the inherit flags that go into the AceFlags field
- // of an Ace header.
- //
- #define OBJECT_INHERIT_ACE (0x1)
- #define CONTAINER_INHERIT_ACE (0x2)
- #define NO_PROPAGATE_INHERIT_ACE (0x4)
- #define INHERIT_ONLY_ACE (0x8)
- #define INHERITED_ACE (0x10)
- #define VALID_INHERIT_FLAGS (0x1F)
- // The following are the currently defined ACE flags that go into the
- // AceFlags field of an ACE header. Each ACE type has its own set of
- // AceFlags.
- //
- // SUCCESSFUL_ACCESS_ACE_FLAG - used only with system audit and alarm ACE
- // types to indicate that a message is generated for successful accesses.
- //
- // FAILED_ACCESS_ACE_FLAG - used only with system audit and alarm ACE types
- // to indicate that a message is generated for failed accesses.
- //
- //
- // SYSTEM_AUDIT and SYSTEM_ALARM AceFlags
- //
- // These control the signaling of audit and alarms for success or failure.
- //
- #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
- #define FAILED_ACCESS_ACE_FLAG (0x80)
- //
- // We'll define the structure of the predefined ACE types. Pictorally
- // the structure of the predefined ACE's is as follows:
- //
- // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
- // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- // +---------------+-------+-------+---------------+---------------+
- // | AceFlags | Resd |Inherit| AceSize | AceType |
- // +---------------+-------+-------+---------------+---------------+
- // | Mask |
- // +---------------------------------------------------------------+
- // | |
- // + +
- // | |
- // + Sid +
- // | |
- // + +
- // | |
- // +---------------------------------------------------------------+
- //
- // Mask is the access mask associated with the ACE. This is either the
- // access allowed, access denied, audit, or alarm mask.
- //
- // Sid is the Sid associated with the ACE.
- //
- // The following are the four predefined ACE types.
- // Examine the AceType field in the Header to determine
- // which structure is appropriate to use for casting.
- typedef struct _ACCESS_ALLOWED_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD SidStart;
- } ACCESS_ALLOWED_ACE;
- typedef ACCESS_ALLOWED_ACE *PACCESS_ALLOWED_ACE;
- typedef struct _ACCESS_DENIED_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD SidStart;
- } ACCESS_DENIED_ACE;
- typedef ACCESS_DENIED_ACE *PACCESS_DENIED_ACE;
- typedef struct _SYSTEM_AUDIT_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD SidStart;
- } SYSTEM_AUDIT_ACE;
- typedef SYSTEM_AUDIT_ACE *PSYSTEM_AUDIT_ACE;
- typedef struct _SYSTEM_ALARM_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD SidStart;
- } SYSTEM_ALARM_ACE;
- typedef SYSTEM_ALARM_ACE *PSYSTEM_ALARM_ACE;
- // end_ntifs
- typedef struct _ACCESS_ALLOWED_OBJECT_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD Flags;
- GUID ObjectType;
- GUID InheritedObjectType;
- DWORD SidStart;
- } ACCESS_ALLOWED_OBJECT_ACE, *PACCESS_ALLOWED_OBJECT_ACE;
- typedef struct _ACCESS_DENIED_OBJECT_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD Flags;
- GUID ObjectType;
- GUID InheritedObjectType;
- DWORD SidStart;
- } ACCESS_DENIED_OBJECT_ACE, *PACCESS_DENIED_OBJECT_ACE;
- typedef struct _SYSTEM_AUDIT_OBJECT_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD Flags;
- GUID ObjectType;
- GUID InheritedObjectType;
- DWORD SidStart;
- } SYSTEM_AUDIT_OBJECT_ACE, *PSYSTEM_AUDIT_OBJECT_ACE;
- typedef struct _SYSTEM_ALARM_OBJECT_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD Flags;
- GUID ObjectType;
- GUID InheritedObjectType;
- DWORD SidStart;
- } SYSTEM_ALARM_OBJECT_ACE, *PSYSTEM_ALARM_OBJECT_ACE;
- //
- // Callback ace support in post Win2000.
- // Resource managers can put their own data after Sidstart + Length of the sid
- //
- typedef struct _ACCESS_ALLOWED_CALLBACK_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD SidStart;
- // Opaque resouce manager specific data
- } ACCESS_ALLOWED_CALLBACK_ACE, *PACCESS_ALLOWED_CALLBACK_ACE;
- typedef struct _ACCESS_DENIED_CALLBACK_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD SidStart;
- // Opaque resouce manager specific data
- } ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE;
- typedef struct _SYSTEM_AUDIT_CALLBACK_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD SidStart;
- // Opaque resouce manager specific data
- } SYSTEM_AUDIT_CALLBACK_ACE, *PSYSTEM_AUDIT_CALLBACK_ACE;
- typedef struct _SYSTEM_ALARM_CALLBACK_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD SidStart;
- // Opaque resouce manager specific data
- } SYSTEM_ALARM_CALLBACK_ACE, *PSYSTEM_ALARM_CALLBACK_ACE;
- typedef struct _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD Flags;
- GUID ObjectType;
- GUID InheritedObjectType;
- DWORD SidStart;
- // Opaque resouce manager specific data
- } ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, *PACCESS_ALLOWED_CALLBACK_OBJECT_ACE;
- typedef struct _ACCESS_DENIED_CALLBACK_OBJECT_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD Flags;
- GUID ObjectType;
- GUID InheritedObjectType;
- DWORD SidStart;
- // Opaque resouce manager specific data
- } ACCESS_DENIED_CALLBACK_OBJECT_ACE, *PACCESS_DENIED_CALLBACK_OBJECT_ACE;
- typedef struct _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD Flags;
- GUID ObjectType;
- GUID InheritedObjectType;
- DWORD SidStart;
- // Opaque resouce manager specific data
- } SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, *PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE;
- typedef struct _SYSTEM_ALARM_CALLBACK_OBJECT_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD Flags;
- GUID ObjectType;
- GUID InheritedObjectType;
- DWORD SidStart;
- // Opaque resouce manager specific data
- } SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE;
- //
- // Currently define Flags for "OBJECT" ACE types.
- //
- #define ACE_OBJECT_TYPE_PRESENT 0x1
- #define ACE_INHERITED_OBJECT_TYPE_PRESENT 0x2
- //
- // The following declarations are used for setting and querying information
- // about and ACL. First are the various information classes available to
- // the user.
- //
- typedef enum _ACL_INFORMATION_CLASS {
- AclRevisionInformation = 1,
- AclSizeInformation
- } ACL_INFORMATION_CLASS;
- //
- // This record is returned/sent if the user is requesting/setting the
- // AclRevisionInformation
- //
- typedef struct _ACL_REVISION_INFORMATION {
- DWORD AclRevision;
- } ACL_REVISION_INFORMATION;
- typedef ACL_REVISION_INFORMATION *PACL_REVISION_INFORMATION;
- //
- // This record is returned if the user is requesting AclSizeInformation
- //
- typedef struct _ACL_SIZE_INFORMATION {
- DWORD AceCount;
- DWORD AclBytesInUse;
- DWORD AclBytesFree;
- } ACL_SIZE_INFORMATION;
- typedef ACL_SIZE_INFORMATION *PACL_SIZE_INFORMATION;
- ////////////////////////////////////////////////////////////////////////
- // //
- // SECURITY_DESCRIPTOR //
- // //
- ////////////////////////////////////////////////////////////////////////
- //
- // Define the Security Descriptor and related data types.
- // This is an opaque data structure.
- //
- // begin_wdm begin_ntddk begin_ntifs
- //
- // Current security descriptor revision value
- //
- #define SECURITY_DESCRIPTOR_REVISION (1)
- #define SECURITY_DESCRIPTOR_REVISION1 (1)
- // end_wdm end_ntddk
- #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
- typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
- #define SE_OWNER_DEFAULTED (0x0001)
- #define SE_GROUP_DEFAULTED (0x0002)
- #define SE_DACL_PRESENT (0x0004)
- #define SE_DACL_DEFAULTED (0x0008)
- #define SE_SACL_PRESENT (0x0010)
- #define SE_SACL_DEFAULTED (0x0020)
- #define SE_DACL_AUTO_INHERIT_REQ (0x0100)
- #define SE_SACL_AUTO_INHERIT_REQ (0x0200)
- #define SE_DACL_AUTO_INHERITED (0x0400)
- #define SE_SACL_AUTO_INHERITED (0x0800)
- #define SE_DACL_PROTECTED (0x1000)
- #define SE_SACL_PROTECTED (0x2000)
- #define SE_RM_CONTROL_VALID (0x4000)
- #define SE_SELF_RELATIVE (0x8000)
- //
- // Where:
- //
- // SE_OWNER_DEFAULTED - This boolean flag, when set, indicates that the
- // SID pointed to by the Owner field was provided by a
- // defaulting mechanism rather than explicitly provided by the
- // original provider of the security descriptor. This may
- // affect the treatment of the SID with respect to inheritence
- // of an owner.
- //
- // SE_GROUP_DEFAULTED - This boolean flag, when set, indicates that the
- // SID in the Group field was provided by a defaulting mechanism
- // rather than explicitly provided by the original provider of
- // the security descriptor. This may affect the treatment of
- // the SID with respect to inheritence of a primary group.
- //
- // SE_DACL_PRESENT - This boolean flag, when set, indicates that the
- // security descriptor contains a discretionary ACL. If this
- // flag is set and the Dacl field of the SECURITY_DESCRIPTOR is
- // null, then a null ACL is explicitly being specified.
- //
- // SE_DACL_DEFAULTED - This boolean flag, when set, indicates that the
- // ACL pointed to by the Dacl field was provided by a defaulting
- // mechanism rather than explicitly provided by the original
- // provider of the security descriptor. This may affect the
- // treatment of the ACL with respect to inheritence of an ACL.
- // This flag is ignored if the DaclPresent flag is not set.
- //
- // SE_SACL_PRESENT - This boolean flag, when set, indicates that the
- // security descriptor contains a system ACL pointed to by the
- // Sacl field. If this flag is set and the Sacl field of the
- // SECURITY_DESCRIPTOR is null, then an empty (but present)
- // ACL is being specified.
- //
- // SE_SACL_DEFAULTED - This boolean flag, when set, indicates that the
- // ACL pointed to by the Sacl field was provided by a defaulting
- // mechanism rather than explicitly provided by the original
- // provider of the security descriptor. This may affect the
- // treatment of the ACL with respect to inheritence of an ACL.
- // This flag is ignored if the SaclPresent flag is not set.
- //
- // SE_SELF_RELATIVE - This boolean flag, when set, indicates that the
- // security descriptor is in self-relative form. In this form,
- // all fields of the security descriptor are contiguous in memory
- // and all pointer fields are expressed as offsets from the
- // beginning of the security descriptor. This form is useful
- // for treating security descriptors as opaque data structures
- // for transmission in communication protocol or for storage on
- // secondary media.
- //
- //
- //
- // Pictorially the structure of a security descriptor is as follows:
- //
- // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
- // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- // +---------------------------------------------------------------+
- // | Control |Reserved1 (SBZ)| Revision |
- // +---------------------------------------------------------------+
- // | Owner |
- // +---------------------------------------------------------------+
- // | Group |
- // +---------------------------------------------------------------+
- // | Sacl |
- // +---------------------------------------------------------------+
- // | Dacl |
- // +---------------------------------------------------------------+
- //
- // In general, this data structure should be treated opaquely to ensure future
- // compatibility.
- //
- //
- typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
- BYTE Revision;
- BYTE Sbz1;
- SECURITY_DESCRIPTOR_CONTROL Control;
- DWORD Owner;
- DWORD Group;
- DWORD Sacl;
- DWORD Dacl;
- } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
- typedef struct _SECURITY_DESCRIPTOR {
- BYTE Revision;
- BYTE Sbz1;
- SECURITY_DESCRIPTOR_CONTROL Control;
- PSID Owner;
- PSID Group;
- PACL Sacl;
- PACL Dacl;
- } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
- // end_ntifs
- // Where:
- //
- // Revision - Contains the revision level of the security
- // descriptor. This allows this structure to be passed between
- // systems or stored on disk even though it is expected to
- // change in the future.
- //
- // Control - A set of flags which qualify the meaning of the
- // security descriptor or individual fields of the security
- // descriptor.
- //
- // Owner - is a pointer to an SID representing an object's owner.
- // If this field is null, then no owner SID is present in the
- // security descriptor. If the security descriptor is in
- // self-relative form, then this field contains an offset to
- // the SID, rather than a pointer.
- //
- // Group - is a pointer to an SID representing an object's primary
- // group. If this field is null, then no primary group SID is
- // present in the security descriptor. If the security descriptor
- // is in self-relative form, then this field contains an offset to
- // the SID, rather than a pointer.
- //
- // Sacl - is a pointer to a system ACL. This field value is only
- // valid if the DaclPresent control flag is set. If the
- // SaclPresent flag is set and this field is null, then a null
- // ACL is specified. If the security descriptor is in
- // self-relative form, then this field contains an offset to
- // the ACL, rather than a pointer.
- //
- // Dacl - is a pointer to a discretionary ACL. This field value is
- // only valid if the DaclPresent control flag is set. If the
- // DaclPresent flag is set and this field is null, then a null
- // ACL (unconditionally granting access) is specified. If the
- // security descriptor is in self-relative form, then this field
- // contains an offset to the ACL, rather than a pointer.
- //
- ////////////////////////////////////////////////////////////////////////
- // //
- // Object Type list for AccessCheckByType //
- // //
- ////////////////////////////////////////////////////////////////////////
- typedef struct _OBJECT_TYPE_LIST {
- WORD Level;
- WORD Sbz;
- GUID *ObjectType;
- } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
- //
- // DS values for Level
- //
- #define ACCESS_OBJECT_GUID 0
- #define ACCESS_PROPERTY_SET_GUID 1
- #define ACCESS_PROPERTY_GUID 2
- #define ACCESS_MAX_LEVEL 4
- //
- // Parameters to NtAccessCheckByTypeAndAditAlarm
- //
- typedef enum _AUDIT_EVENT_TYPE {
- AuditEventObjectAccess,
- AuditEventDirectoryServiceAccess
- } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
- #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
- //
- // DS values for Source and ObjectTypeName
- //
- #define ACCESS_DS_SOURCE_A "DS"
- #define ACCESS_DS_SOURCE_W L"DS"
- #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
- #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
- ////////////////////////////////////////////////////////////////////////
- // //
- // Privilege Related Data Structures //
- // //
- ////////////////////////////////////////////////////////////////////////
- // begin_wdm begin_ntddk begin_nthal
- //
- // Privilege attributes
- //
- #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
- #define SE_PRIVILEGE_ENABLED (0x00000002L)
- #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
- //
- // Privilege Set Control flags
- //
- #define PRIVILEGE_SET_ALL_NECESSARY (1)
- //
- // Privilege Set - This is defined for a privilege set of one.
- // If more than one privilege is needed, then this structure
- // will need to be allocated with more space.
- //
- // Note: don't change this structure without fixing the INITIAL_PRIVILEGE_SET
- // structure (defined in se.h)
- //
- typedef struct _PRIVILEGE_SET {
- DWORD PrivilegeCount;
- DWORD Control;
- LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
- } PRIVILEGE_SET, * PPRIVILEGE_SET;
- ////////////////////////////////////////////////////////////////////////
- // //
- // NT Defined Privileges //
- // //
- ////////////////////////////////////////////////////////////////////////
- #define SE_CREATE_TOKEN_NAME TEXT("SeCreateTokenPrivilege")
- #define SE_ASSIGNPRIMARYTOKEN_NAME TEXT("SeAssignPrimaryTokenPrivilege")
- #define SE_LOCK_MEMORY_NAME TEXT("SeLockMemoryPrivilege")
- #define SE_INCREASE_QUOTA_NAME TEXT("SeIncreaseQuotaPrivilege")
- #define SE_UNSOLICITED_INPUT_NAME TEXT("SeUnsolicitedInputPrivilege")
- #define SE_MACHINE_ACCOUNT_NAME TEXT("SeMachineAccountPrivilege")
- #define SE_TCB_NAME TEXT("SeTcbPrivilege")
- #define SE_SECURITY_NAME TEXT("SeSecurityPrivilege")
- #define SE_TAKE_OWNERSHIP_NAME TEXT("SeTakeOwnershipPrivilege")
- #define SE_LOAD_DRIVER_NAME TEXT("SeLoadDriverPrivilege")
- #define SE_SYSTEM_PROFILE_NAME TEXT("SeSystemProfilePrivilege")
- #define SE_SYSTEMTIME_NAME TEXT("SeSystemtimePrivilege")
- #define SE_PROF_SINGLE_PROCESS_NAME TEXT("SeProfileSingleProcessPrivilege")
- #define SE_INC_BASE_PRIORITY_NAME TEXT("SeIncreaseBasePriorityPrivilege")
- #define SE_CREATE_PAGEFILE_NAME TEXT("SeCreatePagefilePrivilege")
- #define SE_CREATE_PERMANENT_NAME TEXT("SeCreatePermanentPrivilege")
- #define SE_BACKUP_NAME TEXT("SeBackupPrivilege")
- #define SE_RESTORE_NAME TEXT("SeRestorePrivilege")
- #define SE_SHUTDOWN_NAME TEXT("SeShutdownPrivilege")
- #define SE_DEBUG_NAME TEXT("SeDebugPrivilege")
- #define SE_AUDIT_NAME TEXT("SeAuditPrivilege")
- #define SE_SYSTEM_ENVIRONMENT_NAME TEXT("SeSystemEnvironmentPrivilege")
- #define SE_CHANGE_NOTIFY_NAME TEXT("SeChangeNotifyPrivilege")
- #define SE_REMOTE_SHUTDOWN_NAME TEXT("SeRemoteShutdownPrivilege")
- #define SE_UNDOCK_NAME TEXT("SeUndockPrivilege")
- #define SE_SYNC_AGENT_NAME TEXT("SeSyncAgentPrivilege")
- #define SE_ENABLE_DELEGATION_NAME TEXT("SeEnableDelegationPrivilege")
- #define SE_MANAGE_VOLUME_NAME TEXT("SeManageVolumePrivilege")
- ////////////////////////////////////////////////////////////////////
- // //
- // Security Quality Of Service //
- // //
- // //
- ////////////////////////////////////////////////////////////////////
- // begin_wdm begin_ntddk begin_nthal begin_ntifs
- //
- // Impersonation Level
- //
- // Impersonation level is represented by a pair of bits in Windows.
- // If a new impersonation level is added or lowest value is changed from
- // 0 to something else, fix the Windows CreateFile call.
- //
- typedef enum _SECURITY_IMPERSONATION_LEVEL {
- SecurityAnonymous,
- SecurityIdentification,
- SecurityImpersonation,
- SecurityDelegation
- } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
- #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
- #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
- #define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
- #define VALID_IMPERSONATION_LEVEL(L) (((L) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((L) <= SECURITY_MAX_IMPERSONATION_LEVEL))
- ////////////////////////////////////////////////////////////////////
- // //
- // Token Object Definitions //
- // //
- // //
- ////////////////////////////////////////////////////////////////////
- //
- // Token Specific Access Rights.
- //
- #define TOKEN_ASSIGN_PRIMARY (0x0001)
- #define TOKEN_DUPLICATE (0x0002)
- #define TOKEN_IMPERSONATE (0x0004)
- #define TOKEN_QUERY (0x0008)
- #define TOKEN_QUERY_SOURCE (0x0010)
- #define TOKEN_ADJUST_PRIVILEGES (0x0020)
- #define TOKEN_ADJUST_GROUPS (0x0040)
- #define TOKEN_ADJUST_DEFAULT (0x0080)
- #define TOKEN_ADJUST_SESSIONID (0x0100)
- #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |
- TOKEN_ASSIGN_PRIMARY |
- TOKEN_DUPLICATE |
- TOKEN_IMPERSONATE |
- TOKEN_QUERY |
- TOKEN_QUERY_SOURCE |
- TOKEN_ADJUST_PRIVILEGES |
- TOKEN_ADJUST_GROUPS |
- TOKEN_ADJUST_DEFAULT )
- #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
- #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |
- TOKEN_ADJUST_SESSIONID )
- #else
- #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
- #endif
- #define TOKEN_READ (STANDARD_RIGHTS_READ |
- TOKEN_QUERY)
- #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |
- TOKEN_ADJUST_PRIVILEGES |
- TOKEN_ADJUST_GROUPS |
- TOKEN_ADJUST_DEFAULT)
- #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
- //
- //
- // Token Types
- //
- typedef enum _TOKEN_TYPE {
- TokenPrimary = 1,
- TokenImpersonation
- } TOKEN_TYPE;
- typedef TOKEN_TYPE *PTOKEN_TYPE;
- //
- // Token Information Classes.
- //
- typedef enum _TOKEN_INFORMATION_CLASS {
- TokenUser = 1,
- TokenGroups,
- TokenPrivileges,
- TokenOwner,
- TokenPrimaryGroup,
- TokenDefaultDacl,
- TokenSource,
- TokenType,
- TokenImpersonationLevel,
- TokenStatistics,
- TokenRestrictedSids,
- TokenSessionId,
- TokenGroupsAndPrivileges,
- TokenSessionReference,
- TokenSandBoxInert
- } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
- //
- // Token information class structures
- //
- typedef struct _TOKEN_USER {
- SID_AND_ATTRIBUTES User;
- } TOKEN_USER, *PTOKEN_USER;
- typedef struct _TOKEN_GROUPS {
- DWORD GroupCount;
- SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
- } TOKEN_GROUPS, *PTOKEN_GROUPS;
- typedef struct _TOKEN_PRIVILEGES {
- DWORD PrivilegeCount;
- LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
- } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
- typedef struct _TOKEN_OWNER {
- PSID Owner;
- } TOKEN_OWNER, *PTOKEN_OWNER;
- typedef struct _TOKEN_PRIMARY_GROUP {
- PSID PrimaryGroup;
- } TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
- typedef struct _TOKEN_DEFAULT_DACL {
- PACL DefaultDacl;
- } TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
- typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
- DWORD SidCount;
- DWORD SidLength;
- PSID_AND_ATTRIBUTES Sids;
- DWORD RestrictedSidCount;
- DWORD RestrictedSidLength;
- PSID_AND_ATTRIBUTES RestrictedSids;
- DWORD PrivilegeCount;
- DWORD PrivilegeLength;
- PLUID_AND_ATTRIBUTES Privileges;
- LUID AuthenticationId;
- } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
- #define TOKEN_SOURCE_LENGTH 8
- typedef struct _TOKEN_SOURCE {
- CHAR SourceName[TOKEN_SOURCE_LENGTH];
- LUID SourceIdentifier;
- } TOKEN_SOURCE, *PTOKEN_SOURCE;
- typedef struct _TOKEN_STATISTICS {
- LUID TokenId;
- LUID AuthenticationId;
- LARGE_INTEGER ExpirationTime;
- TOKEN_TYPE TokenType;
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
- DWORD DynamicCharged;
- DWORD DynamicAvailable;
- DWORD GroupCount;
- DWORD PrivilegeCount;
- LUID ModifiedId;
- } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
- typedef struct _TOKEN_CONTROL {
- LUID TokenId;
- LUID AuthenticationId;
- LUID ModifiedId;
- TOKEN_SOURCE TokenSource;
- } TOKEN_CONTROL, *PTOKEN_CONTROL;
- //
- // Security Tracking Mode
- //
- #define SECURITY_DYNAMIC_TRACKING (TRUE)
- #define SECURITY_STATIC_TRACKING (FALSE)
- typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE,
- * PSECURITY_CONTEXT_TRACKING_MODE;
- //
- // Quality Of Service
- //
- typedef struct _SECURITY_QUALITY_OF_SERVICE {
- DWORD Length;
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
- SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
- BOOLEAN EffectiveOnly;
- } SECURITY_QUALITY_OF_SERVICE, * PSECURITY_QUALITY_OF_SERVICE;
- //
- // Used to represent information related to a thread impersonation
- //
- typedef struct _SE_IMPERSONATION_STATE {
- PACCESS_TOKEN Token;
- BOOLEAN CopyOnOpen;
- BOOLEAN EffectiveOnly;
- SECURITY_IMPERSONATION_LEVEL Level;
- } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
- #define DISABLE_MAX_PRIVILEGE 0x1
- #define SANDBOX_INERT 0x2
- typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;
- #define OWNER_SECURITY_INFORMATION (0x00000001L)
- #define GROUP_SECURITY_INFORMATION (0x00000002L)
- #define DACL_SECURITY_INFORMATION (0x00000004L)
- #define SACL_SECURITY_INFORMATION (0x00000008L)
- #define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)
- #define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L)
- #define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
- #define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
- #define PROCESS_TERMINATE (0x0001)
- #define PROCESS_CREATE_THREAD (0x0002)
- #define PROCESS_SET_SESSIONID (0x0004)
- #define PROCESS_VM_OPERATION (0x0008)
- #define PROCESS_VM_READ (0x0010)
- #define PROCESS_VM_WRITE (0x0020)
- #define PROCESS_DUP_HANDLE (0x0040)
- #define PROCESS_CREATE_PROCESS (0x0080)
- #define PROCESS_SET_QUOTA (0x0100)
- #define PROCESS_SET_INFORMATION (0x0200)
- #define PROCESS_QUERY_INFORMATION (0x0400)
- #define PROCESS_SUSPEND_RESUME (0x0800)
- #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE |
- 0xFFF)
- // begin_nthal
- #if defined(_WIN64)
- #define MAXIMUM_PROCESSORS 64
- #else
- #define MAXIMUM_PROCESSORS 32
- #endif
- // end_nthal
- #define THREAD_TERMINATE (0x0001)
- #define THREAD_SUSPEND_RESUME (0x0002)
- #define THREAD_GET_CONTEXT (0x0008)
- #define THREAD_SET_CONTEXT (0x0010)
- #define THREAD_SET_INFORMATION (0x0020)
- #define THREAD_QUERY_INFORMATION (0x0040)
- #define THREAD_SET_THREAD_TOKEN (0x0080)
- #define THREAD_IMPERSONATE (0x0100)
- #define THREAD_DIRECT_IMPERSONATION (0x0200)
- // begin_ntddk begin_wdm begin_ntifs
- #define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE |
- 0x3FF)
- // end_ntddk end_wdm end_ntifs
- #define JOB_OBJECT_ASSIGN_PROCESS (0x0001)
- #define JOB_OBJECT_SET_ATTRIBUTES (0x0002)
- #define JOB_OBJECT_QUERY (0x0004)
- #define JOB_OBJECT_TERMINATE (0x0008)
- #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES (0x0010)
- #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE |
- 0x1F )
- typedef struct _JOB_SET_ARRAY {
- HANDLE JobHandle; // Handle to job object to insert
- DWORD MemberLevel; // Level of this job in the set. Must be > 0. Can be sparse.
- DWORD Flags; // Unused. Must be zero
- } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
- #define TLS_MINIMUM_AVAILABLE 64
- typedef struct _NT_TIB {
- struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
- PVOID StackBase;
- PVOID StackLimit;
- PVOID SubSystemTib;
- union {
- PVOID FiberData;
- DWORD Version;
- };
- PVOID ArbitraryUserPointer;
- struct _NT_TIB *Self;
- } NT_TIB;
- typedef NT_TIB *PNT_TIB;
- //
- // 32 and 64 bit specific version for wow64 and the debugger
- //
- typedef struct _NT_TIB32 {
- DWORD ExceptionList;
- DWORD StackBase;
- DWORD StackLimit;
- DWORD SubSystemTib;
- union {
- DWORD FiberData;
- DWORD Version;
- };
- DWORD ArbitraryUserPointer;
- DWORD Self;
- } NT_TIB32, *PNT_TIB32;
- typedef struct _NT_TIB64 {
- DWORD64 ExceptionList;
- DWORD64 StackBase;
- DWORD64 StackLimit;
- DWORD64 SubSystemTib;
- union {
- DWORD64 FiberData;
- DWORD Version;
- };
- DWORD64 ArbitraryUserPointer;
- DWORD64 Self;
- } NT_TIB64, *PNT_TIB64;
- #if !defined(_X86_) && !defined(_IA64_) && !defined(_AMD64_)
- #define WX86
- #endif
- #define THREAD_BASE_PRIORITY_LOWRT 15 // value that gets a thread to LowRealtime-1
- #define THREAD_BASE_PRIORITY_MAX 2 // maximum thread base priority boost
- #define THREAD_BASE_PRIORITY_MIN (-2) // minimum thread base priority boost
- #define THREAD_BASE_PRIORITY_IDLE (-15) // value that gets a thread to idle
- typedef struct _QUOTA_LIMITS {
- SIZE_T PagedPoolLimit;
- SIZE_T NonPagedPoolLimit;
- SIZE_T MinimumWorkingSetSize;
- SIZE_T MaximumWorkingSetSize;
- SIZE_T PagefileLimit;
- LARGE_INTEGER TimeLimit;
- } QUOTA_LIMITS;
- typedef QUOTA_LIMITS *PQUOTA_LIMITS;
- typedef struct _IO_COUNTERS {
- ULONGLONG ReadOperationCount;
- ULONGLONG WriteOperationCount;
- ULONGLONG OtherOperationCount;
- ULONGLONG ReadTransferCount;
- ULONGLONG WriteTransferCount;
- ULONGLONG OtherTransferCount;
- } IO_COUNTERS;
- typedef IO_COUNTERS *PIO_COUNTERS;
- //
- typedef struct _JOBOBJECT_BASIC_ACCOUNTING_INFORMATION {
- LARGE_INTEGER TotalUserTime;
- LARGE_INTEGER TotalKernelTime;
- LARGE_INTEGER ThisPeriodTotalUserTime;
- LARGE_INTEGER ThisPeriodTotalKernelTime;
- DWORD TotalPageFaultCount;
- DWORD TotalProcesses;
- DWORD ActiveProcesses;
- DWORD TotalTerminatedProcesses;
- } JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_ACCOUNTING_INFORMATION;
- typedef struct _JOBOBJECT_BASIC_LIMIT_INFORMATION {
- LARGE_INTEGER PerProcessUserTimeLimit;
- LARGE_INTEGER PerJobUserTimeLimit;
- DWORD LimitFlags;
- SIZE_T MinimumWorkingSetSize;
- SIZE_T MaximumWorkingSetSize;
- DWORD ActiveProcessLimit;
- ULONG_PTR Affinity;
- DWORD PriorityClass;
- DWORD SchedulingClass;
- } JOBOBJECT_BASIC_LIMIT_INFORMATION, *PJOBOBJECT_BASIC_LIMIT_INFORMATION;
- typedef struct _JOBOBJECT_EXTENDED_LIMIT_INFORMATION {
- JOBOBJECT_BASIC_LIMIT_INFORMATION BasicLimitInformation;
- IO_COUNTERS IoInfo;
- SIZE_T ProcessMemoryLimit;
- SIZE_T JobMemoryLimit;
- SIZE_T PeakProcessMemoryUsed;
- SIZE_T PeakJobMemoryUsed;
- } JOBOBJECT_EXTENDED_LIMIT_INFORMATION, *PJOBOBJECT_EXTENDED_LIMIT_INFORMATION;
- typedef struct _JOBOBJECT_BASIC_PROCESS_ID_LIST {
- DWORD NumberOfAssignedProcesses;
- DWORD NumberOfProcessIdsInList;
- ULONG_PTR ProcessIdList[1];
- } JOBOBJECT_BASIC_PROCESS_ID_LIST, *PJOBOBJECT_BASIC_PROCESS_ID_LIST;
- typedef struct _JOBOBJECT_BASIC_UI_RESTRICTIONS {
- DWORD UIRestrictionsClass;
- } JOBOBJECT_BASIC_UI_RESTRICTIONS, *PJOBOBJECT_BASIC_UI_RESTRICTIONS;
- typedef struct _JOBOBJECT_SECURITY_LIMIT_INFORMATION {
- DWORD SecurityLimitFlags ;
- HANDLE JobToken ;
- PTOKEN_GROUPS SidsToDisable ;
- PTOKEN_PRIVILEGES PrivilegesToDelete ;
- PTOKEN_GROUPS RestrictedSids ;
- } JOBOBJECT_SECURITY_LIMIT_INFORMATION, *PJOBOBJECT_SECURITY_LIMIT_INFORMATION ;
- typedef struct _JOBOBJECT_END_OF_JOB_TIME_INFORMATION {
- DWORD EndOfJobTimeAction;
- } JOBOBJECT_END_OF_JOB_TIME_INFORMATION, *PJOBOBJECT_END_OF_JOB_TIME_INFORMATION;
- typedef struct _JOBOBJECT_ASSOCIATE_COMPLETION_PORT {
- PVOID CompletionKey;
- HANDLE CompletionPort;
- } JOBOBJECT_ASSOCIATE_COMPLETION_PORT, *PJOBOBJECT_ASSOCIATE_COMPLETION_PORT;
- typedef struct _JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION {
- JOBOBJECT_BASIC_ACCOUNTING_INFORMATION BasicInfo;
- IO_COUNTERS IoInfo;
- } JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION;
- typedef struct _JOBOBJECT_JOBSET_INFORMATION {
- DWORD MemberLevel;
- } JOBOBJECT_JOBSET_INFORMATION, *PJOBOBJECT_JOBSET_INFORMATION;
- #define JOB_OBJECT_TERMINATE_AT_END_OF_JOB 0
- #define JOB_OBJECT_POST_AT_END_OF_JOB 1
- //
- // Completion Port Messages for job objects
- //
- // These values are returned via the lpNumberOfBytesTransferred parameter
- //
- #define JOB_OBJECT_MSG_END_OF_JOB_TIME 1
- #define JOB_OBJECT_MSG_END_OF_PROCESS_TIME 2
- #define JOB_OBJECT_MSG_ACTIVE_PROCESS_LIMIT 3
- #define JOB_OBJECT_MSG_ACTIVE_PROCESS_ZERO 4
- #define JOB_OBJECT_MSG_NEW_PROCESS 6
- #define JOB_OBJECT_MSG_EXIT_PROCESS 7
- #define JOB_OBJECT_MSG_ABNORMAL_EXIT_PROCESS 8
- #define JOB_OBJECT_MSG_PROCESS_MEMORY_LIMIT 9
- #define JOB_OBJECT_MSG_JOB_MEMORY_LIMIT 10
- //
- // Basic Limits
- //
- #define JOB_OBJECT_LIMIT_WORKINGSET 0x00000001
- #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x00000002
- #define JOB_OBJECT_LIMIT_JOB_TIME 0x00000004
- #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x00000008
- #define JOB_OBJECT_LIMIT_AFFINITY 0x00000010
- #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x00000020
- #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x00000040
- #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x00000080
- //
- // Extended Limits
- //
- #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x00000100
- #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x00000200
- #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x00000400
- #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x00000800
- #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x00001000
- #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x00002000
- #define JOB_OBJECT_LIMIT_RESERVED2 0x00004000
- #define JOB_OBJECT_LIMIT_RESERVED3 0x00008000
- #define JOB_OBJECT_LIMIT_RESERVED4 0x00010000
- #define JOB_OBJECT_LIMIT_RESERVED5 0x00020000
- #define JOB_OBJECT_LIMIT_RESERVED6 0x00040000
- #define JOB_OBJECT_LIMIT_VALID_FLAGS 0x0007ffff
- #define JOB_OBJECT_BASIC_LIMIT_VALID_FLAGS 0x000000ff
- #define JOB_OBJECT_EXTENDED_LIMIT_VALID_FLAGS 0x00003fff
- #define JOB_OBJECT_RESERVED_LIMIT_VALID_FLAGS 0x0007ffff
- //
- // UI restrictions for jobs
- //
- #define JOB_OBJECT_UILIMIT_NONE 0x00000000
- #define JOB_OBJECT_UILIMIT_HANDLES 0x00000001
- #define JOB_OBJECT_UILIMIT_READCLIPBOARD 0x00000002
- #define JOB_OBJECT_UILIMIT_WRITECLIPBOARD 0x00000004
- #define JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS 0x00000008
- #define JOB_OBJECT_UILIMIT_DISPLAYSETTINGS 0x00000010
- #define JOB_OBJECT_UILIMIT_GLOBALATOMS 0x00000020
- #define JOB_OBJECT_UILIMIT_DESKTOP 0x00000040
- #define JOB_OBJECT_UILIMIT_EXITWINDOWS 0x00000080
- #define JOB_OBJECT_UILIMIT_ALL 0x000000FF
- #define JOB_OBJECT_UI_VALID_FLAGS 0x000000FF
- #define JOB_OBJECT_SECURITY_NO_ADMIN 0x00000001
- #define JOB_OBJECT_SECURITY_RESTRICTED_TOKEN 0x00000002
- #define JOB_OBJECT_SECURITY_ONLY_TOKEN 0x00000004
- #define JOB_OBJECT_SECURITY_FILTER_TOKENS 0x00000008
- #define JOB_OBJECT_SECURITY_VALID_FLAGS 0x0000000f
- typedef enum _JOBOBJECTINFOCLASS {
- JobObjectBasicAccountingInformation = 1,
- JobObjectBasicLimitInformation,
- JobObjectBasicProcessIdList,
- JobObjectBasicUIRestrictions,
- JobObjectSecurityLimitInformation,
- JobObjectEndOfJobTimeInformation,
- JobObjectAssociateCompletionPortInformation,
- JobObjectBasicAndIoAccountingInformation,
- JobObjectExtendedLimitInformation,
- JobObjectJobSetInformation,
- MaxJobObjectInfoClass
- } JOBOBJECTINFOCLASS;
- //
- #define EVENT_MODIFY_STATE 0x0002
- #define EVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
- #define MUTANT_QUERY_STATE 0x0001
- #define MUTANT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|
- MUTANT_QUERY_STATE)
- #define SEMAPHORE_MODIFY_STATE 0x0002
- #define SEMAPHORE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
- //
- // Timer Specific Access Rights.
- //
- #define TIMER_QUERY_STATE 0x0001
- #define TIMER_MODIFY_STATE 0x0002
- #define TIMER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|
- TIMER_QUERY_STATE|TIMER_MODIFY_STATE)
- #define TIME_ZONE_ID_UNKNOWN 0
- #define TIME_ZONE_ID_STANDARD 1
- #define TIME_ZONE_ID_DAYLIGHT 2
- #define MAXIMUM_NUMA_NODES 16
- typedef struct _SYSTEM_NUMA_INFORMATION {
- DWORD HighestNodeNumber;
- DWORD Reserved;
- union {
- ULONGLONG ActiveProcessorsAffinityMask[MAXIMUM_NUMA_NODES];
- ULONGLONG AvailableMemory[MAXIMUM_NUMA_NODES];
- };
- } SYSTEM_NUMA_INFORMATION, *PSYSTEM_NUMA_INFORMATION;
- #define PROCESSOR_INTEL_386 386
- #define PROCESSOR_INTEL_486 486
- #define PROCESSOR_INTEL_PENTIUM 586
- #define PROCESSOR_INTEL_IA64 2200
- #define PROCESSOR_MIPS_R4000 4000 // incl R4101 & R3910 for Windows CE
- #define PROCESSOR_ALPHA_21064 21064
- #define PROCESSOR_PPC_601 601
- #define PROCESSOR_PPC_603 603
- #define PROCESSOR_PPC_604 604
- #define PROCESSOR_PPC_620 620
- #define PROCESSOR_HITACHI_SH3 10003 // Windows CE
- #define PROCESSOR_HITACHI_SH3E 10004 // Windows CE
- #define PROCESSOR_HITACHI_SH4 10005 // Windows CE
- #define PROCESSOR_MOTOROLA_821 821 // Windows CE
- #define PROCESSOR_SHx_SH3 103 // Windows CE
- #define PROCESSOR_SHx_SH4 104 // Windows CE
- #define PROCESSOR_STRONGARM 2577 // Windows CE - 0xA11
- #define PROCESSOR_ARM720 1824 // Windows CE - 0x720
- #define PROCESSOR_ARM820 2080 // Windows CE - 0x820
- #define PROCESSOR_ARM920 2336 // Windows CE - 0x920
- #define PROCESSOR_ARM_7TDMI 70001 // Windows CE
- #define PROCESSOR_OPTIL 0x494f // MSIL
- #define PROCESSOR_ARCHITECTURE_INTEL 0
- #define PROCESSOR_ARCHITECTURE_MIPS 1
- #define PROCESSOR_ARCHITECTURE_ALPHA 2
- #define PROCESSOR_ARCHITECTURE_PPC 3
- #define PROCESSOR_ARCHITECTURE_SHX 4
- #define PROCESSOR_ARCHITECTURE_ARM 5
- #define PROCESSOR_ARCHITECTURE_IA64 6
- #define PROCESSOR_ARCHITECTURE_ALPHA64 7
- #define PROCESSOR_ARCHITECTURE_MSIL 8
- #define PROCESSOR_ARCHITECTURE_AMD64 9
- #define PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 10
- #define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF
- #define PF_FLOATING_POINT_PRECISION_ERRATA 0
- #define PF_FLOATING_POINT_EMULATED 1
- #define PF_COMPARE_EXCHANGE_DOUBLE 2
- #define PF_MMX_INSTRUCTIONS_AVAILABLE 3
- #define PF_PPC_MOVEMEM_64BIT_OK 4
- #define PF_ALPHA_BYTE_INSTRUCTIONS 5
- #define PF_XMMI_INSTRUCTIONS_AVAILABLE 6
- #define PF_3DNOW_INSTRUCTIONS_AVAILABLE 7
- #define PF_RDTSC_INSTRUCTION_AVAILABLE 8
- #define PF_PAE_ENABLED 9
- #define PF_XMMI64_INSTRUCTIONS_AVAILABLE 10
- typedef struct _MEMORY_BASIC_INFORMATION {
- PVOID BaseAddress;
- PVOID AllocationBase;
- DWORD AllocationProtect;
- SIZE_T RegionSize;
- DWORD State;
- DWORD Protect;
- DWORD Type;
- } MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;
- typedef struct _MEMORY_BASIC_INFORMATION32 {
- DWORD BaseAddress;
- DWORD AllocationBase;
- DWORD AllocationProtect;
- DWORD RegionSize;
- DWORD State;
- DWORD Protect;
- DWORD Type;
- } MEMORY_BASIC_INFORMATION32, *PMEMORY_BASIC_INFORMATION32;
- typedef struct _MEMORY_BASIC_INFORMATION64 {
- ULONGLONG BaseAddress;
- ULONGLONG AllocationBase;
- DWORD AllocationProtect;
- DWORD __alignment1;
- ULONGLONG RegionSize;
- DWORD State;
- DWORD Protect;
- DWORD Type;
- DWORD __alignment2;
- } MEMORY_BASIC_INFORMATION64, *PMEMORY_BASIC_INFORMATION64;
- #define SECTION_QUERY 0x0001
- #define SECTION_MAP_WRITE 0x0002
- #define SECTION_MAP_READ 0x0004
- #define SECTION_MAP_EXECUTE 0x0008
- #define SECTION_EXTEND_SIZE 0x0010
- #define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|
- SECTION_MAP_WRITE |
- SECTION_MAP_READ |
- SECTION_MAP_EXECUTE |
- SECTION_EXTEND_SIZE)
- #define PAGE_NOACCESS 0x01
- #define PAGE_READONLY 0x02
- #define PAGE_READWRITE 0x04
- #define PAGE_WRITECOPY 0x08
- #define PAGE_EXECUTE 0x10
- #define PAGE_EXECUTE_READ 0x20
- #define PAGE_EXECUTE_READWRITE 0x40
- #define PAGE_EXECUTE_WRITECOPY 0x80
- #define PAGE_GUARD 0x100
- #define PAGE_NOCACHE 0x200
- #define PAGE_WRITECOMBINE 0x400
- #define MEM_COMMIT 0x1000
- #define MEM_RESERVE 0x2000
- #define MEM_DECOMMIT 0x4000
- #define MEM_RELEASE 0x8000
- #define MEM_FREE 0x10000
- #define MEM_PRIVATE 0x20000
- #define MEM_MAPPED 0x40000
- #define MEM_RESET 0x80000
- #define MEM_TOP_DOWN 0x100000
- #define MEM_WRITE_WATCH 0x200000
- #define MEM_PHYSICAL 0x400000
- #define MEM_4MB_PAGES 0x80000000
- #define SEC_FILE 0x800000
- #define SEC_IMAGE 0x1000000
- #define SEC_RESERVE 0x4000000
- #define SEC_COMMIT 0x8000000
- #define SEC_NOCACHE 0x10000000
- #define MEM_IMAGE SEC_IMAGE
- #define WRITE_WATCH_FLAG_RESET 0x01
- //
- // Define access rights to files and directories
- //
- //
- // The FILE_READ_DATA and FILE_WRITE_DATA constants are also defined in
- // devioctl.h as FILE_READ_ACCESS and FILE_WRITE_ACCESS. The values for these
- // constants *MUST* always be in sync.
- // The values are redefined in devioctl.h because they must be available to
- // both DOS and NT.
- //
- #define FILE_READ_DATA ( 0x0001 ) // file & pipe
- #define FILE_LIST_DIRECTORY ( 0x0001 ) // directory
- #define FILE_WRITE_DATA ( 0x0002 ) // file & pipe
- #define FILE_ADD_FILE ( 0x0002 ) // directory
- #define FILE_APPEND_DATA ( 0x0004 ) // file
- #define FILE_ADD_SUBDIRECTORY ( 0x0004 ) // directory
- #define FILE_CREATE_PIPE_INSTANCE ( 0x0004 ) // named pipe
- #define FILE_READ_EA ( 0x0008 ) // file & directory
- #define FILE_WRITE_EA ( 0x0010 ) // file & directory
- #define FILE_EXECUTE ( 0x0020 ) // file
- #define FILE_TRAVERSE ( 0x0020 ) // directory
- #define FILE_DELETE_CHILD ( 0x0040 ) // directory
- #define FILE_READ_ATTRIBUTES ( 0x0080 ) // all
- #define FILE_WRITE_ATTRIBUTES ( 0x0100 ) // all
- #define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)
- #define FILE_GENERIC_READ (STANDARD_RIGHTS_READ |
- FILE_READ_DATA |
- FILE_READ_ATTRIBUTES |
- FILE_READ_EA |
- SYNCHRONIZE)
- #define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |
- FILE_WRITE_DATA |
- FILE_WRITE_ATTRIBUTES |
- FILE_WRITE_EA |
- FILE_APPEND_DATA |
- SYNCHRONIZE)
- #define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE |
- FILE_READ_ATTRIBUTES |
- FILE_EXECUTE |
- SYNCHRONIZE)
- #define FILE_SHARE_READ 0x00000001
- #define FILE_SHARE_WRITE 0x00000002
- #define FILE_SHARE_DELETE 0x00000004
- #define FILE_ATTRIBUTE_READONLY 0x00000001
- #define FILE_ATTRIBUTE_HIDDEN 0x00000002
- #define FILE_ATTRIBUTE_SYSTEM 0x00000004
- #define FILE_ATTRIBUTE_DIRECTORY 0x00000010
- #define FILE_ATTRIBUTE_ARCHIVE 0x00000020
- #define FILE_ATTRIBUTE_DEVICE 0x00000040
- #define FILE_ATTRIBUTE_NORMAL 0x00000080
- #define FILE_ATTRIBUTE_TEMPORARY 0x00000100
- #define FILE_ATTRIBUTE_SPARSE_FILE 0x00000200
- #define FILE_ATTRIBUTE_REPARSE_POINT 0x00000400
- #define FILE_ATTRIBUTE_COMPRESSED 0x00000800
- #define FILE_ATTRIBUTE_OFFLINE 0x00001000
- #define FILE_ATTRIBUTE_NOT_CONTENT_INDEXED 0x00002000
- #define FILE_ATTRIBUTE_ENCRYPTED 0x00004000
- #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
- #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
- #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
- #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
- #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
- #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
- #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
- #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
- #define FILE_ACTION_ADDED 0x00000001
- #define FILE_ACTION_REMOVED 0x00000002
- #define FILE_ACTION_MODIFIED 0x00000003
- #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
- #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
- #define MAILSLOT_NO_MESSAGE ((DWORD)-1)
- #define MAILSLOT_WAIT_FOREVER ((DWORD)-1)
- #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
- #define FILE_CASE_PRESERVED_NAMES 0x00000002
- #define FILE_UNICODE_ON_DISK 0x00000004
- #define FILE_PERSISTENT_ACLS 0x00000008
- #define FILE_FILE_COMPRESSION 0x00000010
- #define FILE_VOLUME_QUOTAS 0x00000020
- #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
- #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
- #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
- #define FILE_VOLUME_IS_COMPRESSED 0x00008000
- #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
- #define FILE_SUPPORTS_ENCRYPTION 0x00020000
- #define FILE_NAMED_STREAMS 0x00040000
- #define FILE_READ_ONLY_VOLUME 0x00080000
- //
- // Define the file notification information structure
- //
- typedef struct _FILE_NOTIFY_INFORMATION {
- DWORD NextEntryOffset;
- DWORD Action;
- DWORD FileNameLength;
- WCHAR FileName[1];
- } FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
- //
- // Define segement buffer structure for scatter/gather read/write.
- //
- typedef union _FILE_SEGMENT_ELEMENT {
- PVOID64 Buffer;
- ULONGLONG Alignment;
- }FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT;
- //
- // The reparse GUID structure is used by all 3rd party layered drivers to
- // store data in a reparse point. For non-Microsoft tags, The GUID field
- // cannot be GUID_NULL.
- // The constraints on reparse tags are defined below.
- // Microsoft tags can also be used with this format of the reparse point buffer.
- //
- typedef struct _REPARSE_GUID_DATA_BUFFER {
- DWORD ReparseTag;
- WORD ReparseDataLength;
- WORD Reserved;
- GUID ReparseGuid;
- struct {
- BYTE DataBuffer[1];
- } GenericReparseBuffer;
- } REPARSE_GUID_DATA_BUFFER, *PREPARSE_GUID_DATA_BUFFER;
- #define REPARSE_GUID_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer)
- //
- // Maximum allowed size of the reparse data.
- //
- #define MAXIMUM_REPARSE_DATA_BUFFER_SIZE ( 16 * 1024 )
- //
- // Predefined reparse tags.
- // These tags need to avoid conflicting with IO_REMOUNT defined in ntosincio.h
- //
- #define IO_REPARSE_TAG_RESERVED_ZERO (0)
- #define IO_REPARSE_TAG_RESERVED_ONE (1)
- //
- // The value of the following constant needs to satisfy the following conditions:
- // (1) Be at least as large as the largest of the reserved tags.
- // (2) Be strictly smaller than all the tags in use.
- //
- #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
- //
- // The reparse tags are a DWORD. The 32 bits are laid out as follows:
- //
- // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
- // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- // +-+-+-+-+-----------------------+-------------------------------+
- // |M|R|N|R| Reserved bits | Reparse Tag Value |
- // +-+-+-+-+-----------------------+-------------------------------+
- //
- // M is the Microsoft bit. When set to 1, it denotes a tag owned by Microsoft.
- // All ISVs must use a tag with a 0 in this position.
- // Note: If a Microsoft tag is used by non-Microsoft software, the
- // behavior is not defined.
- //
- // R is reserved. Must be zero for non-Microsoft tags.
- //
- // N is name surrogate. When set to 1, the file represents another named
- // entity in the system.
- //
- // The M and N bits are OR-able.
- // The following macros check for the M and N bit values:
- //
- //
- // Macro to determine whether a reparse point tag corresponds to a tag
- // owned by Microsoft.
- //
- #define IsReparseTagMicrosoft(_tag) (
- ((_tag) & 0x80000000)
- )
- //
- // Macro to determine whether a reparse point tag is a name surrogate
- //
- #define IsReparseTagNameSurrogate(_tag) (
- ((_tag) & 0x20000000)
- )
- #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
- #define IO_REPARSE_TAG_HSM (0xC0000004L)
- #define IO_REPARSE_TAG_SIS (0x80000007L)
- #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
- #define IO_COMPLETION_MODIFY_STATE 0x0002
- #define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
- #define DUPLICATE_CLOSE_SOURCE 0x00000001
- #define DUPLICATE_SAME_ACCESS 0x00000002
- typedef enum _SYSTEM_POWER_STATE {
- PowerSystemUnspecified = 0,
- PowerSystemWorking = 1,
- PowerSystemSleeping1 = 2,
- PowerSystemSleeping2 = 3,
- PowerSystemSleeping3 = 4,
- PowerSystemHibernate = 5,
- PowerSystemShutdown = 6,
- PowerSystemMaximum = 7
- } SYSTEM_POWER_STATE, *PSYSTEM_POWER_STATE;
- #define POWER_SYSTEM_MAXIMUM 7
- typedef enum {
- PowerActionNone = 0,
- PowerActionReserved,
- PowerActionSleep,
- PowerActionHibernate,
- PowerActionShutdown,
- PowerActionShutdownReset,
- PowerActionShutdownOff,
- PowerActionWarmEject
- } POWER_ACTION, *PPOWER_ACTION;
- typedef enum _DEVICE_POWER_STATE {
- PowerDeviceUnspecified = 0,
- PowerDeviceD0,
- PowerDeviceD1,
- PowerDeviceD2,
- PowerDeviceD3,
- PowerDeviceMaximum
- } DEVICE_POWER_STATE, *PDEVICE_POWER_STATE;
- #define ES_SYSTEM_REQUIRED ((DWORD)0x00000001)
- #define ES_DISPLAY_REQUIRED ((DWORD)0x00000002)
- #define ES_USER_PRESENT ((DWORD)0x00000004)
- #define ES_CONTINUOUS ((DWORD)0x80000000)
- typedef DWORD EXECUTION_STATE;
- typedef enum {
- LT_DONT_CARE,
- LT_LOWEST_LATENCY
- } LATENCY_TIME;
- // end_ntminiport end_ntifs end_wdm end_ntddk
- //-----------------------------------------------------------------------------
- // Device Power Information
- // Accessable via CM_Get_DevInst_Registry_Property_Ex(CM_DRP_DEVICE_POWER_DATA)
- //-----------------------------------------------------------------------------
- #define PDCAP_D0_SUPPORTED 0x00000001
- #define PDCAP_D1_SUPPORTED 0x00000002
- #define PDCAP_D2_SUPPORTED 0x00000004
- #define PDCAP_D3_SUPPORTED 0x00000008
- #define PDCAP_WAKE_FROM_D0_SUPPORTED 0x00000010
- #define PDCAP_WAKE_FROM_D1_SUPPORTED 0x00000020
- #define PDCAP_WAKE_FROM_D2_SUPPORTED 0x00000040
- #define PDCAP_WAKE_FROM_D3_SUPPORTED 0x00000080
- #define PDCAP_WARM_EJECT_SUPPORTED 0x00000100
- typedef struct CM_Power_Data_s {
- DWORD PD_Size;
- DEVICE_POWER_STATE PD_MostRecentPowerState;
- DWORD PD_Capabilities;
- DWORD PD_D1Latency;
- DWORD PD_D2Latency;
- DWORD PD_D3Latency;
- DEVICE_POWER_STATE PD_PowerStateMapping[POWER_SYSTEM_MAXIMUM];
- SYSTEM_POWER_STATE PD_DeepestSystemWake;
- } CM_POWER_DATA, *PCM_POWER_DATA;
- // begin_ntddk
- typedef enum {
- SystemPowerPolicyAc,
- SystemPowerPolicyDc,
- VerifySystemPolicyAc,
- VerifySystemPolicyDc,
- SystemPowerCapabilities,
- SystemBatteryState,
- SystemPowerStateHandler,
- ProcessorStateHandler,
- SystemPowerPolicyCurrent,
- AdministratorPowerPolicy,
- SystemReserveHiberFile,
- ProcessorInformation,
- SystemPowerInformation,
- ProcessorStateHandler2,
- LastWakeTime, // Compare with KeQueryInterruptTime()
- LastSleepTime, // Compare with KeQueryInterruptTime()
- SystemExecutionState,
- SystemPowerStateNotifyHandler,
- ProcessorPowerPolicyAc,
- ProcessorPowerPolicyDc,
- VerifyProcessorPowerPolicyAc,
- VerifyProcessorPowerPolicyDc,
- ProcessorPowerPolicyCurrent
- } POWER_INFORMATION_LEVEL;
- // begin_wdm
- //
- // System power manager capabilities
- //
- typedef struct {
- DWORD Granularity;
- DWORD Capacity;
- } BATTERY_REPORTING_SCALE, *PBATTERY_REPORTING_SCALE;
- //
- // Power Policy Management interfaces
- //
- typedef struct {
- POWER_ACTION Action;
- DWORD Flags;
- DWORD EventCode;
- } POWER_ACTION_POLICY, *PPOWER_ACTION_POLICY;
- // POWER_ACTION_POLICY->Flags:
- #define POWER_ACTION_QUERY_ALLOWED 0x00000001
- #define POWER_ACTION_UI_ALLOWED 0x00000002
- #define POWER_ACTION_OVERRIDE_APPS 0x00000004
- #define POWER_ACTION_LIGHTEST_FIRST 0x10000000
- #define POWER_ACTION_LOCK_CONSOLE 0x20000000
- #define POWER_ACTION_DISABLE_WAKES 0x40000000
- #define POWER_ACTION_CRITICAL 0x80000000
- // POWER_ACTION_POLICY->EventCode flags
- #define POWER_LEVEL_USER_NOTIFY_TEXT 0x00000001
- #define POWER_LEVEL_USER_NOTIFY_SOUND 0x00000002
- #define POWER_LEVEL_USER_NOTIFY_EXEC 0x00000004
- #define POWER_USER_NOTIFY_BUTTON 0x00000008
- #define POWER_USER_NOTIFY_SHUTDOWN 0x00000010
- #define POWER_FORCE_TRIGGER_RESET 0x80000000
- // system battery drain policies
- typedef struct {
- BOOLEAN Enable;
- BYTE Spare[3];
- DWORD BatteryLevel;
- POWER_ACTION_POLICY PowerPolicy;
- SYSTEM_POWER_STATE MinSystemState;
- } SYSTEM_POWER_LEVEL, *PSYSTEM_POWER_LEVEL;
- // Discharge policy constants
- #define NUM_DISCHARGE_POLICIES 4
- #define DISCHARGE_POLICY_CRITICAL 0
- #define DISCHARGE_POLICY_LOW 1
- //
- // Throttling policies
- //
- #define PO_THROTTLE_NONE 0
- #define PO_THROTTLE_CONSTANT 1
- #define PO_THROTTLE_DEGRADE 2
- #define PO_THROTTLE_ADAPTIVE 3
- #define PO_THROTTLE_MAXIMUM 4 // not a policy, just a limit
- // system power policies
- typedef struct _SYSTEM_POWER_POLICY {
- DWORD Revision; // 1
- // events
- POWER_ACTION_POLICY PowerButton;
- POWER_ACTION_POLICY SleepButton;
- POWER_ACTION_POLICY LidClose;
- SYSTEM_POWER_STATE LidOpenWake;
- DWORD Reserved;
- // "system idle" detection
- POWER_ACTION_POLICY Idle;
- DWORD IdleTimeout;
- BYTE IdleSensitivity;
- // dynamic throttling policy
- // PO_THROTTLE_NONE, PO_THROTTLE_CONSTANT, PO_THROTTLE_DEGRADE, or PO_THROTTLE_ADAPTIVE
- BYTE DynamicThrottle;
- BYTE Spare2[2];
- // meaning of power action "sleep"
- SYSTEM_POWER_STATE MinSleep;
- SYSTEM_POWER_STATE MaxSleep;
- SYSTEM_POWER_STATE ReducedLatencySleep;
- DWORD WinLogonFlags;
- // parameters for dozing
- DWORD Spare3;
- DWORD DozeS4Timeout;
- // battery policies
- DWORD BroadcastCapacityResolution;
- SYSTEM_POWER_LEVEL DischargePolicy[NUM_DISCHARGE_POLICIES];
- // video policies
- DWORD VideoTimeout;
- BOOLEAN VideoDimDisplay;
- DWORD VideoReserved[3];
- // hard disk policies
- DWORD SpindownTimeout;
- // processor policies
- BOOLEAN OptimizeForPower;
- BYTE FanThrottleTolerance;
- BYTE ForcedThrottle;
- BYTE MinThrottle;
- POWER_ACTION_POLICY OverThrottled;
- } SYSTEM_POWER_POLICY, *PSYSTEM_POWER_POLICY;
- // processor power policy state
- typedef struct _PROCESSOR_POWER_POLICY_INFO {
- // Time based information (will be converted to kernel units)
- DWORD TimeCheck; // in US
- DWORD DemoteLimit; // in US
- DWORD PromoteLimit; // in US
- // Percentage based information
- BYTE DemotePercent;
- BYTE PromotePercent;
- BYTE Spare[2];
- // Flags
- DWORD AllowDemotion:1;
- DWORD AllowPromotion:1;
- DWORD Reserved:30;
- } PROCESSOR_POWER_POLICY_INFO, *PPROCESSOR_POWER_POLICY_INFO;
- // processor power policy
- typedef struct _PROCESSOR_POWER_POLICY {
- DWORD Revision; // 1
- // Dynamic Throttling Policy
- BYTE DynamicThrottle;
- BYTE Spare[3];
- // Flags
- DWORD Reserved;
- // System policy information
- // The Array is last, in case it needs to be grown and the structure
- // revision incremented.
- DWORD PolicyCount;
- PROCESSOR_POWER_POLICY_INFO Policy[3];
- } PROCESSOR_POWER_POLICY, *PPROCESSOR_POWER_POLICY;
- // administrator power policy overrides
- typedef struct _ADMINISTRATOR_POWER_POLICY {
- // meaning of power action "sleep"
- SYSTEM_POWER_STATE MinSleep;
- SYSTEM_POWER_STATE MaxSleep;
- // video policies
- DWORD MinVideoTimeout;
- DWORD MaxVideoTimeout;
- // disk policies
- DWORD MinSpindownTimeout;
- DWORD MaxSpindownTimeout;
- } ADMINISTRATOR_POWER_POLICY, *PADMINISTRATOR_POWER_POLICY;
- typedef struct {
- // Misc supported system features
- BOOLEAN PowerButtonPresent;
- BOOLEAN SleepButtonPresent;
- BOOLEAN LidPresent;
- BOOLEAN SystemS1;
- BOOLEAN SystemS2;
- BOOLEAN SystemS3;
- BOOLEAN SystemS4; // hibernate
- BOOLEAN SystemS5; // off
- BOOLEAN HiberFilePresent;
- BOOLEAN FullWake;
- BOOLEAN VideoDimPresent;
- BOOLEAN ApmPresent;
- BOOLEAN UpsPresent;
- // Processors
- BOOLEAN ThermalControl;
- BOOLEAN ProcessorThrottle;
- BYTE ProcessorMinThrottle;
- BYTE ProcessorMaxThrottle;
- BYTE spare2[4];
- // Disk
- BOOLEAN DiskSpinDown;
- BYTE spare3[8];
- // System Battery
- BOOLEAN SystemBatteriesPresent;
- BOOLEAN BatteriesAreShortTerm;
- BATTERY_REPORTING_SCALE BatteryScale[3];
- // Wake
- SYSTEM_POWER_STATE AcOnLineWake;
- SYSTEM_POWER_STATE SoftLidWake;
- SYSTEM_POWER_STATE RtcWake;
- SYSTEM_POWER_STATE MinDeviceWakeState; // note this may change on driver load
- SYSTEM_POWER_STATE DefaultLowLatencyWake;
- } SYSTEM_POWER_CAPABILITIES, *PSYSTEM_POWER_CAPABILITIES;
- typedef struct {
- BOOLEAN AcOnLine;
- BOOLEAN BatteryPresent;
- BOOLEAN Charging;
- BOOLEAN Discharging;
- BOOLEAN Spare1[4];
- DWORD MaxCapacity;
- DWORD RemainingCapacity;
- DWORD Rate;
- DWORD EstimatedTime;
- DWORD DefaultAlert1;
- DWORD DefaultAlert2;
- } SYSTEM_BATTERY_STATE, *PSYSTEM_BATTERY_STATE;
- //
- // Image Format
- //
- #ifndef _MAC
- #include "pshpack4.h" // 4 byte packing is the default
- #define IMAGE_DOS_SIGNATURE 0x5A4D // MZ
- #define IMAGE_OS2_SIGNATURE 0x454E // NE
- #define IMAGE_OS2_SIGNATURE_LE 0x454C // LE
- #define IMAGE_VXD_SIGNATURE 0x454C // LE
- #define IMAGE_NT_SIGNATURE 0x00004550 // PE00
- #include "pshpack2.h" // 16 bit headers are 2 byte packed
- #else
- #include "pshpack1.h"
- #define IMAGE_DOS_SIGNATURE 0x4D5A // MZ
- #define IMAGE_OS2_SIGNATURE 0x4E45 // NE
- #define IMAGE_OS2_SIGNATURE_LE 0x4C45 // LE
- #define IMAGE_NT_SIGNATURE 0x50450000 // PE00
- #endif
- typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header
- WORD e_magic; // Magic number
- WORD e_cblp; // Bytes on last page of file
- WORD e_cp; // Pages in file
- WORD e_crlc; // Relocations
- WORD e_cparhdr; // Size of header in paragraphs
- WORD e_minalloc; // Minimum extra paragraphs needed
- WORD e_maxalloc; // Maximum extra paragraphs needed
- WORD e_ss; // Initial (relative) SS value
- WORD e_sp; // Initial SP value
- WORD e_csum; // Checksum
- WORD e_ip; // Initial IP value
- WORD e_cs; // Initial (relative) CS value
- WORD e_lfarlc; // File address of relocation table
- WORD e_ovno; // Overlay number
- WORD e_res[4]; // Reserved words
- WORD e_oemid; // OEM identifier (for e_oeminfo)
- WORD e_oeminfo; // OEM information; e_oemid specific
- WORD e_res2[10]; // Reserved words
- LONG e_lfanew; // File address of new exe header
- } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
- typedef struct _IMAGE_OS2_HEADER { // OS/2 .EXE header
- WORD ne_magic; // Magic number
- CHAR ne_ver; // Version number
- CHAR ne_rev; // Revision number
- WORD ne_enttab; // Offset of Entry Table
- WORD ne_cbenttab; // Number of bytes in Entry Table
- LONG ne_crc; // Checksum of whole file
- WORD ne_flags; // Flag word
- WORD ne_autodata; // Automatic data segment number
- WORD ne_heap; // Initial heap allocation
- WORD ne_stack; // Initial stack allocation
- LONG ne_csip; // Initial CS:IP setting
- LONG ne_sssp; // Initial SS:SP setting
- WORD ne_cseg; // Count of file segments
- WORD ne_cmod; // Entries in Module Reference Table
- WORD ne_cbnrestab; // Size of non-resident name table
- WORD ne_segtab; // Offset of Segment Table
- WORD ne_rsrctab; // Offset of Resource Table
- WORD ne_restab; // Offset of resident name table
- WORD ne_modtab; // Offset of Module Reference Table
- WORD ne_imptab; // Offset of Imported Names Table
- LONG ne_nrestab; // Offset of Non-resident Names Table
- WORD ne_cmovent; // Count of movable entries
- WORD ne_align; // Segment alignment shift count
- WORD ne_cres; // Count of resource segments
- BYTE ne_exetyp; // Target Operating system
- BYTE ne_flagsothers; // Other .EXE flags
- WORD ne_pretthunks; // offset to return thunks
- WORD ne_psegrefbytes; // offset to segment ref. bytes
- WORD ne_swaparea; // Minimum code swap area size
- WORD ne_expver; // Expected Windows version number
- } IMAGE_OS2_HEADER, *PIMAGE_OS2_HEADER;
- typedef struct _IMAGE_VXD_HEADER { // Windows VXD header
- WORD e32_magic; // Magic number
- BYTE e32_border; // The byte ordering for the VXD
- BYTE e32_worder; // The word ordering for the VXD
- DWORD e32_level; // The EXE format level for now = 0
- WORD e32_cpu; // The CPU type
- WORD e32_os; // The OS type
- DWORD e32_ver; // Module version
- DWORD e32_mflags; // Module flags
- DWORD e32_mpages; // Module # pages
- DWORD e32_startobj; // Object # for instruction pointer
- DWORD e32_eip; // Extended instruction pointer
- DWORD e32_stackobj; // Object # for stack pointer
- DWORD e32_esp; // Extended stack pointer
- DWORD e32_pagesize; // VXD page size
- DWORD e32_lastpagesize; // Last page size in VXD
- DWORD e32_fixupsize; // Fixup section size
- DWORD e32_fixupsum; // Fixup section checksum
- DWORD e32_ldrsize; // Loader section size
- DWORD e32_ldrsum; // Loader section checksum
- DWORD e32_objtab; // Object table offset
- DWORD e32_objcnt; // Number of objects in module
- DWORD e32_objmap; // Object page map offset
- DWORD e32_itermap; // Object iterated data map offset
- DWORD e32_rsrctab; // Offset of Resource Table
- DWORD e32_rsrccnt; // Number of resource entries
- DWORD e32_restab; // Offset of resident name table
- DWORD e32_enttab; // Offset of Entry Table
- DWORD e32_dirtab; // Offset of Module Directive Table
- DWORD e32_dircnt; // Number of module directives
- DWORD e32_fpagetab; // Offset of Fixup Page Table
- DWORD e32_frectab; // Offset of Fixup Record Table
- DWORD e32_impmod; // Offset of Import Module Name Table
- DWORD e32_impmodcnt; // Number of entries in Import Module Name Table
- DWORD e32_impproc; // Offset of Import Procedure Name Table
- DWORD e32_pagesum; // Offset of Per-Page Checksum Table
