Google Git
Sign in
chromium / chromium / src / aad0f7fa26d93f81a62ac6685aa997e1463b6d0a / . / sandbox / win / src / nt_internals.h
blob: 2b2dc0f2889794abd1138ca317cff032951fb0de [file] [log] [blame]
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// This file holds definitions related to the ntdll API.
#ifndef SANDBOX_WIN_SRC_NT_INTERNALS_H__
#define SANDBOX_WIN_SRC_NT_INTERNALS_H__
#include <windows.h>
#include <stddef.h>
typedef LONG NTSTATUS;
#define NT_SUCCESS(st) (st >= 0)
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#define STATUS_BUFFER_OVERFLOW ((NTSTATUS)0x80000005L)
#define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L)
#define STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
#ifndef STATUS_INVALID_PARAMETER
// It is now defined in Windows 2008 SDK.
#define STATUS_INVALID_PARAMETER ((NTSTATUS)0xC000000DL)
#endif
#define STATUS_CONFLICTING_ADDRESSES ((NTSTATUS)0xC0000018L)
#define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L)
#define STATUS_BUFFER_TOO_SMALL ((NTSTATUS)0xC0000023L)
#define STATUS_OBJECT_NAME_NOT_FOUND ((NTSTATUS)0xC0000034L)
#define STATUS_OBJECT_NAME_COLLISION ((NTSTATUS)0xC0000035L)
#define STATUS_PROCEDURE_NOT_FOUND ((NTSTATUS)0xC000007AL)
#define STATUS_INVALID_IMAGE_FORMAT ((NTSTATUS)0xC000007BL)
#define STATUS_NO_TOKEN ((NTSTATUS)0xC000007CL)
#define STATUS_NOT_SUPPORTED ((NTSTATUS)0xC00000BBL)
#define CURRENT_PROCESS ((HANDLE)-1)
#define CURRENT_THREAD ((HANDLE)-2)
#define NtCurrentProcess CURRENT_PROCESS
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING;
typedef UNICODE_STRING* PUNICODE_STRING;
typedef const UNICODE_STRING* PCUNICODE_STRING;
typedef struct _STRING {
USHORT Length;
USHORT MaximumLength;
PCHAR Buffer;
} STRING;
typedef STRING* PSTRING;
typedef STRING ANSI_STRING;
typedef PSTRING PANSI_STRING;
typedef CONST PSTRING PCANSI_STRING;
typedef STRING OEM_STRING;
typedef PSTRING POEM_STRING;
typedef CONST STRING* PCOEM_STRING;
#define OBJ_CASE_INSENSITIVE 0x00000040L
#define OBJ_OPENIF 0x00000080L
typedef struct _OBJECT_ATTRIBUTES {
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor;
PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES;
typedef OBJECT_ATTRIBUTES* POBJECT_ATTRIBUTES;
#define InitializeObjectAttributes(p, n, a, r, s) \
{ \
(p)->Length = sizeof(OBJECT_ATTRIBUTES); \
(p)->RootDirectory = r; \
(p)->Attributes = a; \
(p)->ObjectName = n; \
(p)->SecurityDescriptor = s; \
(p)->SecurityQualityOfService = nullptr; \
}
typedef struct _IO_STATUS_BLOCK {
union {
NTSTATUS Status;
PVOID Pointer;
};
ULONG_PTR Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
// -----------------------------------------------------------------------
// File IO
// Create disposition values.
#define FILE_SUPERSEDE 0x00000000
#define FILE_OPEN 0x00000001
#define FILE_CREATE 0x00000002
#define FILE_OPEN_IF 0x00000003
#define FILE_OVERWRITE 0x00000004
#define FILE_OVERWRITE_IF 0x00000005
#define FILE_MAXIMUM_DISPOSITION 0x00000005
// Create/open option flags.
#define FILE_DIRECTORY_FILE 0x00000001
#define FILE_WRITE_THROUGH 0x00000002
#define FILE_SEQUENTIAL_ONLY 0x00000004
#define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
#define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
#define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
#define FILE_NON_DIRECTORY_FILE 0x00000040
#define FILE_CREATE_TREE_CONNECTION 0x00000080
#define FILE_COMPLETE_IF_OPLOCKED 0x00000100
#define FILE_NO_EA_KNOWLEDGE 0x00000200
#define FILE_OPEN_REMOTE_INSTANCE 0x00000400
#define FILE_RANDOM_ACCESS 0x00000800
#define FILE_DELETE_ON_CLOSE 0x00001000
#define FILE_OPEN_BY_FILE_ID 0x00002000
#define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
#define FILE_NO_COMPRESSION 0x00008000
#define FILE_RESERVE_OPFILTER 0x00100000
#define FILE_OPEN_REPARSE_POINT 0x00200000
#define FILE_OPEN_NO_RECALL 0x00400000
#define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000
// Create/open result values. These are the disposition values returned on the
// io status information.
#define FILE_SUPERSEDED 0x00000000
#define FILE_OPENED 0x00000001
#define FILE_CREATED 0x00000002
#define FILE_OVERWRITTEN 0x00000003
#define FILE_EXISTS 0x00000004
#define FILE_DOES_NOT_EXIST 0x00000005
typedef NTSTATUS(WINAPI* NtCreateFileFunction)(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER AllocationSize OPTIONAL,
IN ULONG FileAttributes,
IN ULONG ShareAccess,
IN ULONG CreateDisposition,
IN ULONG CreateOptions,
IN PVOID EaBuffer OPTIONAL,
IN ULONG EaLength);
typedef NTSTATUS(WINAPI* NtOpenFileFunction)(OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES
ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG ShareAccess,
IN ULONG OpenOptions);
typedef NTSTATUS(WINAPI* NtCloseFunction)(IN HANDLE Handle);
typedef enum _FILE_INFORMATION_CLASS {
FileRenameInformation = 10
} FILE_INFORMATION_CLASS,
*PFILE_INFORMATION_CLASS;
typedef struct _FILE_RENAME_INFORMATION {
BOOLEAN ReplaceIfExists;
HANDLE RootDirectory;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
typedef NTSTATUS(WINAPI* NtSetInformationFileFunction)(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass);
typedef struct FILE_BASIC_INFORMATION {
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
ULONG FileAttributes;
} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
typedef NTSTATUS(WINAPI* NtQueryAttributesFileFunction)(
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PFILE_BASIC_INFORMATION FileAttributes);
typedef struct _FILE_NETWORK_OPEN_INFORMATION {
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER AllocationSize;
LARGE_INTEGER EndOfFile;
ULONG FileAttributes;
} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
typedef NTSTATUS(WINAPI* NtQueryFullAttributesFileFunction)(
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PFILE_NETWORK_OPEN_INFORMATION FileAttributes);
// -----------------------------------------------------------------------
// Sections
typedef NTSTATUS(WINAPI* NtCreateSectionFunction)(
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN PLARGE_INTEGER MaximumSize OPTIONAL,
IN ULONG SectionPageProtection,
IN ULONG AllocationAttributes,
IN HANDLE FileHandle OPTIONAL);
typedef ULONG SECTION_INHERIT;
#define ViewShare 1
#define ViewUnmap 2
typedef NTSTATUS(WINAPI* NtMapViewOfSectionFunction)(
IN HANDLE SectionHandle,
IN HANDLE ProcessHandle,
IN OUT PVOID* BaseAddress,
IN ULONG_PTR ZeroBits,
IN SIZE_T CommitSize,
IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
IN OUT PSIZE_T ViewSize,
IN SECTION_INHERIT InheritDisposition,
IN ULONG AllocationType,
IN ULONG Win32Protect);
typedef NTSTATUS(WINAPI* NtUnmapViewOfSectionFunction)(IN HANDLE ProcessHandle,
IN PVOID BaseAddress);
typedef enum _SECTION_INFORMATION_CLASS {
SectionBasicInformation = 0,
SectionImageInformation
} SECTION_INFORMATION_CLASS;
typedef struct _SECTION_BASIC_INFORMATION {
PVOID BaseAddress;
ULONG Attributes;
LARGE_INTEGER Size;
} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
typedef NTSTATUS(WINAPI* NtQuerySectionFunction)(
IN HANDLE SectionHandle,
IN SECTION_INFORMATION_CLASS SectionInformationClass,
OUT PVOID SectionInformation,
IN SIZE_T SectionInformationLength,
OUT PSIZE_T ReturnLength OPTIONAL);
// -----------------------------------------------------------------------
// Process and Thread
typedef struct _CLIENT_ID {
PVOID UniqueProcess;
PVOID UniqueThread;
} CLIENT_ID, *PCLIENT_ID;
typedef NTSTATUS(WINAPI* NtOpenThreadFunction)(OUT PHANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES
ObjectAttributes,
IN PCLIENT_ID ClientId);
typedef NTSTATUS(WINAPI* NtOpenProcessFunction)(OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES
ObjectAttributes,
IN PCLIENT_ID ClientId);
typedef enum _NT_THREAD_INFORMATION_CLASS {
ThreadBasicInformation,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
ThreadIsIoPending,
ThreadHideFromDebugger
} NT_THREAD_INFORMATION_CLASS,
*PNT_THREAD_INFORMATION_CLASS;
typedef NTSTATUS(WINAPI* NtSetInformationThreadFunction)(
IN HANDLE ThreadHandle,
IN NT_THREAD_INFORMATION_CLASS ThreadInformationClass,
IN PVOID ThreadInformation,
IN ULONG ThreadInformationLength);
// Partial definition only:
typedef enum _PROCESSINFOCLASS {
ProcessBasicInformation = 0,
ProcessExecuteFlags = 0x22
} PROCESSINFOCLASS;
// Partial definition only.
typedef struct _PEB {
BYTE InheritedAddressSpace;
BYTE ReadImageFileExecOptions;
BYTE BeingDebugged;
BYTE SpareBool;
PVOID Mutant;
PVOID ImageBaseAddress;
} PEB, *PPEB;
typedef LONG KPRIORITY;
typedef struct _PROCESS_BASIC_INFORMATION {
union {
NTSTATUS ExitStatus;
PVOID padding_for_x64_0;
};
PPEB PebBaseAddress;
KAFFINITY AffinityMask;
union {
KPRIORITY BasePriority;
PVOID padding_for_x64_1;
};
union {
DWORD UniqueProcessId;
PVOID padding_for_x64_2;
};
union {
DWORD InheritedFromUniqueProcessId;
PVOID padding_for_x64_3;
};
} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
typedef NTSTATUS(WINAPI* NtQueryInformationProcessFunction)(
IN HANDLE ProcessHandle,
IN PROCESSINFOCLASS ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength OPTIONAL);
typedef NTSTATUS(WINAPI* NtSetInformationProcessFunction)(
HANDLE ProcessHandle,
IN PROCESSINFOCLASS ProcessInformationClass,
IN PVOID ProcessInformation,
IN ULONG ProcessInformationLength);
typedef NTSTATUS(WINAPI* NtOpenThreadTokenFunction)(IN HANDLE ThreadHandle,
IN ACCESS_MASK
DesiredAccess,
IN BOOLEAN OpenAsSelf,
OUT PHANDLE TokenHandle);
typedef NTSTATUS(WINAPI* NtOpenThreadTokenExFunction)(IN HANDLE ThreadHandle,
IN ACCESS_MASK
DesiredAccess,
IN BOOLEAN OpenAsSelf,
IN ULONG HandleAttributes,
OUT PHANDLE TokenHandle);
typedef NTSTATUS(WINAPI* NtOpenProcessTokenFunction)(IN HANDLE ProcessHandle,
IN ACCESS_MASK
DesiredAccess,
OUT PHANDLE TokenHandle);
typedef NTSTATUS(WINAPI* NtOpenProcessTokenExFunction)(
IN HANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN ULONG HandleAttributes,
OUT PHANDLE TokenHandle);
typedef NTSTATUS(WINAPI* NtQueryInformationTokenFunction)(
IN HANDLE TokenHandle,
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
OUT PVOID TokenInformation,
IN ULONG TokenInformationLength,
OUT PULONG ReturnLength);
typedef NTSTATUS(WINAPI* RtlCreateUserThreadFunction)(
IN HANDLE Process,
IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
IN BOOLEAN CreateSuspended,
IN ULONG ZeroBits,
IN SIZE_T MaximumStackSize,
IN SIZE_T CommittedStackSize,
IN LPTHREAD_START_ROUTINE StartAddress,
IN PVOID Parameter,
OUT PHANDLE Thread,
OUT PCLIENT_ID ClientId);
typedef NTSTATUS(WINAPI* RtlConvertSidToUnicodeStringFunction)(
OUT PUNICODE_STRING UnicodeString,
IN PSID Sid,
IN BOOLEAN AllocateDestinationString);
typedef VOID(WINAPI* RtlFreeUnicodeStringFunction)(
IN OUT PUNICODE_STRING UnicodeString);
// -----------------------------------------------------------------------
// Registry
typedef enum _KEY_INFORMATION_CLASS {
KeyBasicInformation = 0,
KeyFullInformation = 2
} KEY_INFORMATION_CLASS,
*PKEY_INFORMATION_CLASS;
typedef struct _KEY_BASIC_INFORMATION {
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG NameLength;
WCHAR Name[1];
} KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION;
typedef struct _KEY_FULL_INFORMATION {
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG ClassOffset;
ULONG ClassLength;
ULONG SubKeys;
ULONG MaxNameLen;
ULONG MaxClassLen;
ULONG Values;
ULONG MaxValueNameLen;
ULONG MaxValueDataLen;
WCHAR Class[1];
} KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION;
typedef enum _KEY_VALUE_INFORMATION_CLASS {
KeyValueFullInformation = 1
} KEY_VALUE_INFORMATION_CLASS,
*PKEY_VALUE_INFORMATION_CLASS;
typedef struct _KEY_VALUE_FULL_INFORMATION {
ULONG TitleIndex;
ULONG Type;
ULONG DataOffset;
ULONG DataLength;
ULONG NameLength;
WCHAR Name[1];
} KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION;
typedef NTSTATUS(WINAPI* NtCreateKeyFunction)(OUT PHANDLE KeyHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES
ObjectAttributes,
IN ULONG TitleIndex,
IN PUNICODE_STRING Class OPTIONAL,
IN ULONG CreateOptions,
OUT PULONG Disposition OPTIONAL);
typedef NTSTATUS(WINAPI* NtOpenKeyFunction)(OUT PHANDLE KeyHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES
ObjectAttributes);
typedef NTSTATUS(WINAPI* NtOpenKeyExFunction)(OUT PHANDLE KeyHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES
ObjectAttributes,
IN DWORD open_options);
typedef NTSTATUS(WINAPI* NtDeleteKeyFunction)(IN HANDLE KeyHandle);
typedef NTSTATUS(WINAPI* RtlFormatCurrentUserKeyPathFunction)(
OUT PUNICODE_STRING RegistryPath);
typedef NTSTATUS(WINAPI* NtQueryKeyFunction)(IN HANDLE KeyHandle,
IN KEY_INFORMATION_CLASS
KeyInformationClass,
OUT PVOID KeyInformation,
IN ULONG Length,
OUT PULONG ResultLength);
typedef NTSTATUS(WINAPI* NtEnumerateKeyFunction)(IN HANDLE KeyHandle,
IN ULONG Index,
IN KEY_INFORMATION_CLASS
KeyInformationClass,
OUT PVOID KeyInformation,
IN ULONG Length,
OUT PULONG ResultLength);
typedef NTSTATUS(WINAPI* NtQueryValueKeyFunction)(IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN KEY_VALUE_INFORMATION_CLASS
KeyValueInformationClass,
OUT PVOID KeyValueInformation,
IN ULONG Length,
OUT PULONG ResultLength);
typedef NTSTATUS(WINAPI* NtSetValueKeyFunction)(IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN ULONG TitleIndex OPTIONAL,
IN ULONG Type,
IN PVOID Data,
IN ULONG DataSize);
// -----------------------------------------------------------------------
// Memory
// Don't really need this structure right now.
typedef PVOID PRTL_HEAP_PARAMETERS;
typedef PVOID(WINAPI* RtlCreateHeapFunction)(IN ULONG Flags,
IN PVOID HeapBase OPTIONAL,
IN SIZE_T ReserveSize OPTIONAL,
IN SIZE_T CommitSize OPTIONAL,
IN PVOID Lock OPTIONAL,
IN PRTL_HEAP_PARAMETERS Parameters
OPTIONAL);
typedef PVOID(WINAPI* RtlDestroyHeapFunction)(IN PVOID HeapHandle);
typedef PVOID(WINAPI* RtlAllocateHeapFunction)(IN PVOID HeapHandle,
IN ULONG Flags,
IN SIZE_T Size);
typedef BOOLEAN(WINAPI* RtlFreeHeapFunction)(IN PVOID HeapHandle,
IN ULONG Flags,
IN PVOID HeapBase);
typedef NTSTATUS(WINAPI* NtAllocateVirtualMemoryFunction)(
IN HANDLE ProcessHandle,
IN OUT PVOID* BaseAddress,
IN ULONG_PTR ZeroBits,
IN OUT PSIZE_T RegionSize,
IN ULONG AllocationType,
IN ULONG Protect);
typedef NTSTATUS(WINAPI* NtFreeVirtualMemoryFunction)(IN HANDLE ProcessHandle,
IN OUT PVOID* BaseAddress,
IN OUT PSIZE_T RegionSize,
IN ULONG FreeType);
typedef enum _MEMORY_INFORMATION_CLASS {
MemoryBasicInformation = 0,
MemoryWorkingSetList,
MemorySectionName,
MemoryBasicVlmInformation
} MEMORY_INFORMATION_CLASS;
typedef struct _MEMORY_SECTION_NAME { // Information Class 2
UNICODE_STRING SectionFileName;
} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
typedef NTSTATUS(WINAPI* NtQueryVirtualMemoryFunction)(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
OUT PVOID MemoryInformation,
IN SIZE_T MemoryInformationLength,
OUT PSIZE_T ReturnLength OPTIONAL);
typedef NTSTATUS(WINAPI* NtProtectVirtualMemoryFunction)(
IN HANDLE ProcessHandle,
IN OUT PVOID* BaseAddress,
IN OUT PSIZE_T ProtectSize,
IN ULONG NewProtect,
OUT PULONG OldProtect);
// -----------------------------------------------------------------------
// Objects
typedef enum _OBJECT_INFORMATION_CLASS {
ObjectBasicInformation,
ObjectNameInformation,
ObjectTypeInformation,
ObjectAllInformation,
ObjectDataInformation
} OBJECT_INFORMATION_CLASS,
*POBJECT_INFORMATION_CLASS;
typedef struct _OBJDIR_INFORMATION {
UNICODE_STRING ObjectName;
UNICODE_STRING ObjectTypeName;
BYTE Data[1];
} OBJDIR_INFORMATION;
typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG Reserved[10]; // reserved for internal use
} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION {
UNICODE_STRING TypeName;
ULONG Reserved[22]; // reserved for internal use
} PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
typedef enum _POOL_TYPE {
NonPagedPool,
PagedPool,
NonPagedPoolMustSucceed,
ReservedType,
NonPagedPoolCacheAligned,
PagedPoolCacheAligned,
NonPagedPoolCacheAlignedMustS
} POOL_TYPE;
typedef struct _OBJECT_BASIC_INFORMATION {
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG Reserved[3];
ULONG NameInformationLength;
ULONG TypeInformationLength;
ULONG SecurityDescriptorLength;
LARGE_INTEGER CreateTime;
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
typedef struct _OBJECT_TYPE_INFORMATION {
UNICODE_STRING Name;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG TotalPagedPoolUsage;
ULONG TotalNonPagedPoolUsage;
ULONG TotalNamePoolUsage;
ULONG TotalHandleTableUsage;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
ULONG HighWaterPagedPoolUsage;
ULONG HighWaterNonPagedPoolUsage;
ULONG HighWaterNamePoolUsage;
ULONG HighWaterHandleTableUsage;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccess;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
USHORT MaintainTypeList;
POOL_TYPE PoolType;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
typedef enum _SYSTEM_INFORMATION_CLASS {
SystemHandleInformation = 16
} SYSTEM_INFORMATION_CLASS;
typedef struct _SYSTEM_HANDLE_INFORMATION {
USHORT ProcessId;
USHORT CreatorBackTraceIndex;
UCHAR ObjectTypeNumber;
UCHAR Flags;
USHORT Handle;
PVOID Object;
ACCESS_MASK GrantedAccess;
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
typedef struct _SYSTEM_HANDLE_INFORMATION_EX {
ULONG NumberOfHandles;
SYSTEM_HANDLE_INFORMATION Information[1];
} SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;
typedef struct _OBJECT_NAME_INFORMATION {
UNICODE_STRING ObjectName;
} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
typedef NTSTATUS(WINAPI* NtQueryObjectFunction)(
IN HANDLE Handle,
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
OUT PVOID ObjectInformation OPTIONAL,
IN ULONG ObjectInformationLength,
OUT PULONG ReturnLength OPTIONAL);
typedef NTSTATUS(WINAPI* NtDuplicateObjectFunction)(IN HANDLE SourceProcess,
IN HANDLE SourceHandle,
IN HANDLE TargetProcess,
OUT PHANDLE TargetHandle,
IN ACCESS_MASK
DesiredAccess,
IN ULONG Attributes,
IN ULONG Options);
typedef NTSTATUS(WINAPI* NtSignalAndWaitForSingleObjectFunction)(
IN HANDLE HandleToSignal,
IN HANDLE HandleToWait,
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Timeout OPTIONAL);
typedef NTSTATUS(WINAPI* NtQuerySystemInformation)(
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength);
typedef NTSTATUS(WINAPI* NtQueryObject)(IN HANDLE Handle,
IN OBJECT_INFORMATION_CLASS
ObjectInformationClass,
OUT PVOID ObjectInformation,
IN ULONG ObjectInformationLength,
OUT PULONG ReturnLength);
// -----------------------------------------------------------------------
// Strings
typedef int(__cdecl* _strnicmpFunction)(IN const char* _Str1,
IN const char* _Str2,
IN size_t _MaxCount);
typedef size_t(__cdecl* strlenFunction)(IN const char* _Str);
typedef size_t(__cdecl* wcslenFunction)(IN const wchar_t* _Str);
typedef void*(__cdecl* memcpyFunction)(IN void* dest,
IN const void* src,
IN size_t count);
typedef NTSTATUS(WINAPI* RtlAnsiStringToUnicodeStringFunction)(
IN OUT PUNICODE_STRING DestinationString,
IN PANSI_STRING SourceString,
IN BOOLEAN AllocateDestinationString);
typedef LONG(WINAPI* RtlCompareUnicodeStringFunction)(
IN PCUNICODE_STRING String1,
IN PCUNICODE_STRING String2,
IN BOOLEAN CaseInSensitive);
typedef VOID(WINAPI* RtlInitUnicodeStringFunction)(IN OUT PUNICODE_STRING
DestinationString,
IN PCWSTR SourceString);
typedef ULONG(WINAPI* RtlNtStatusToDosErrorFunction)(NTSTATUS status);
typedef enum _EVENT_TYPE {
NotificationEvent,
SynchronizationEvent
} EVENT_TYPE,
*PEVENT_TYPE;
typedef NTSTATUS(WINAPI* NtCreateDirectoryObjectFunction)(
PHANDLE DirectoryHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes);
typedef NTSTATUS(WINAPI* NtOpenDirectoryObjectFunction)(
PHANDLE DirectoryHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes);
typedef NTSTATUS(WINAPI* NtQuerySymbolicLinkObjectFunction)(
HANDLE LinkHandle,
PUNICODE_STRING LinkTarget,
PULONG ReturnedLength);
typedef NTSTATUS(WINAPI* NtOpenSymbolicLinkObjectFunction)(
PHANDLE LinkHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes);
#define DIRECTORY_QUERY 0x0001
#define DIRECTORY_TRAVERSE 0x0002
#define DIRECTORY_CREATE_OBJECT 0x0004
#define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
#define DIRECTORY_ALL_ACCESS 0x000F
typedef NTSTATUS(WINAPI* NtCreateLowBoxToken)(
OUT PHANDLE token,
IN HANDLE original_handle,
IN ACCESS_MASK access,
IN POBJECT_ATTRIBUTES object_attribute,
IN PSID appcontainer_sid,
IN DWORD capabilityCount,
IN PSID_AND_ATTRIBUTES capabilities,
IN DWORD handle_count,
IN PHANDLE handles);
typedef NTSTATUS(WINAPI* NtSetInformationProcess)(IN HANDLE process_handle,
IN ULONG info_class,
IN PVOID process_information,
IN ULONG information_length);
struct PROCESS_ACCESS_TOKEN {
HANDLE token;
HANDLE thread;
};
const unsigned int NtProcessInformationAccessToken = 9;
typedef NTSTATUS(WINAPI* RtlDeriveCapabilitySidsFromNameFunction)(
PCUNICODE_STRING SourceString,
PSID CapabilityGroupSid,
PSID CapabilitySid);
// -----------------------------------------------------------------------
// GDI OPM API and Supported Calls
#define DXGKMDT_OPM_OMAC_SIZE 16
#define DXGKMDT_OPM_128_BIT_RANDOM_NUMBER_SIZE 16
#define DXGKMDT_OPM_ENCRYPTED_PARAMETERS_SIZE 256
#define DXGKMDT_OPM_CONFIGURE_SETTING_DATA_SIZE 4056
#define DXGKMDT_OPM_GET_INFORMATION_PARAMETERS_SIZE 4056
#define DXGKMDT_OPM_REQUESTED_INFORMATION_SIZE 4076
#define DXGKMDT_OPM_HDCP_KEY_SELECTION_VECTOR_SIZE 5
#define DXGKMDT_OPM_PROTECTION_TYPE_SIZE 4
enum DXGKMDT_CERTIFICATE_TYPE {
DXGKMDT_OPM_CERTIFICATE = 0,
DXGKMDT_COPP_CERTIFICATE = 1,
DXGKMDT_UAB_CERTIFICATE = 2,
DXGKMDT_FORCE_ULONG = 0xFFFFFFFF
};
enum DXGKMDT_OPM_VIDEO_OUTPUT_SEMANTICS {
DXGKMDT_OPM_VOS_COPP_SEMANTICS = 0,
DXGKMDT_OPM_VOS_OPM_SEMANTICS = 1
};
enum DXGKMDT_DPCP_PROTECTION_LEVEL {
DXGKMDT_OPM_DPCP_OFF = 0,
DXGKMDT_OPM_DPCP_ON = 1,
DXGKMDT_OPM_DPCP_FORCE_ULONG = 0x7fffffff
};
enum DXGKMDT_OPM_HDCP_PROTECTION_LEVEL {
DXGKMDT_OPM_HDCP_OFF = 0,
DXGKMDT_OPM_HDCP_ON = 1,
DXGKMDT_OPM_HDCP_FORCE_ULONG = 0x7fffffff
};
enum DXGKMDT_OPM_HDCP_FLAG {
DXGKMDT_OPM_HDCP_FLAG_NONE = 0x00,
DXGKMDT_OPM_HDCP_FLAG_REPEATER = 0x01
};
enum DXGKMDT_OPM_PROTECTION_TYPE {
DXGKMDT_OPM_PROTECTION_TYPE_OTHER = 0x80000000,
DXGKMDT_OPM_PROTECTION_TYPE_NONE = 0x00000000,
DXGKMDT_OPM_PROTECTION_TYPE_COPP_COMPATIBLE_HDCP = 0x00000001,
DXGKMDT_OPM_PROTECTION_TYPE_ACP = 0x00000002,
DXGKMDT_OPM_PROTECTION_TYPE_CGMSA = 0x00000004,
DXGKMDT_OPM_PROTECTION_TYPE_HDCP = 0x00000008,
DXGKMDT_OPM_PROTECTION_TYPE_DPCP = 0x00000010,
DXGKMDT_OPM_PROTECTION_TYPE_MASK = 0x8000001F
};
typedef void* OPM_PROTECTED_OUTPUT_HANDLE;
struct DXGKMDT_OPM_ENCRYPTED_PARAMETERS {
BYTE abEncryptedParameters[DXGKMDT_OPM_ENCRYPTED_PARAMETERS_SIZE];
};
struct DXGKMDT_OPM_OMAC {
BYTE abOMAC[DXGKMDT_OPM_OMAC_SIZE];
};
struct DXGKMDT_OPM_CONFIGURE_PARAMETERS {
DXGKMDT_OPM_OMAC omac;
GUID guidSetting;
ULONG ulSequenceNumber;
ULONG cbParametersSize;
BYTE abParameters[DXGKMDT_OPM_CONFIGURE_SETTING_DATA_SIZE];
};
struct DXGKMDT_OPM_RANDOM_NUMBER {
BYTE abRandomNumber[DXGKMDT_OPM_128_BIT_RANDOM_NUMBER_SIZE];
};
struct DXGKMDT_OPM_GET_INFO_PARAMETERS {
DXGKMDT_OPM_OMAC omac;
DXGKMDT_OPM_RANDOM_NUMBER rnRandomNumber;
GUID guidInformation;
ULONG ulSequenceNumber;
ULONG cbParametersSize;
BYTE abParameters[DXGKMDT_OPM_GET_INFORMATION_PARAMETERS_SIZE];
};
struct DXGKMDT_OPM_REQUESTED_INFORMATION {
DXGKMDT_OPM_OMAC omac;
ULONG cbRequestedInformationSize;
BYTE abRequestedInformation[DXGKMDT_OPM_REQUESTED_INFORMATION_SIZE];
};
struct DXGKMDT_OPM_SET_PROTECTION_LEVEL_PARAMETERS {
ULONG ulProtectionType;
ULONG ulProtectionLevel;
ULONG Reserved;
ULONG Reserved2;
};
struct DXGKMDT_OPM_STANDARD_INFORMATION {
DXGKMDT_OPM_RANDOM_NUMBER rnRandomNumber;
ULONG ulStatusFlags;
ULONG ulInformation;
ULONG ulReserved;
ULONG ulReserved2;
};
typedef NTSTATUS(WINAPI* GetSuggestedOPMProtectedOutputArraySizeFunction)(
PUNICODE_STRING device_name,
DWORD* suggested_output_array_size);
typedef NTSTATUS(WINAPI* CreateOPMProtectedOutputsFunction)(
PUNICODE_STRING device_name,
DXGKMDT_OPM_VIDEO_OUTPUT_SEMANTICS vos,
DWORD output_array_size,
DWORD* num_in_output_array,
OPM_PROTECTED_OUTPUT_HANDLE* output_array);
typedef NTSTATUS(WINAPI* GetCertificateFunction)(
PUNICODE_STRING device_name,
DXGKMDT_CERTIFICATE_TYPE certificate_type,
BYTE* certificate,
ULONG certificate_length);
typedef NTSTATUS(WINAPI* GetCertificateSizeFunction)(
PUNICODE_STRING device_name,
DXGKMDT_CERTIFICATE_TYPE certificate_type,
ULONG* certificate_length);
typedef NTSTATUS(WINAPI* GetCertificateByHandleFunction)(
OPM_PROTECTED_OUTPUT_HANDLE protected_output,
DXGKMDT_CERTIFICATE_TYPE certificate_type,
BYTE* certificate,
ULONG certificate_length);
typedef NTSTATUS(WINAPI* GetCertificateSizeByHandleFunction)(
OPM_PROTECTED_OUTPUT_HANDLE protected_output,
DXGKMDT_CERTIFICATE_TYPE certificate_type,
ULONG* certificate_length);
typedef NTSTATUS(WINAPI* DestroyOPMProtectedOutputFunction)(
OPM_PROTECTED_OUTPUT_HANDLE protected_output);
typedef NTSTATUS(WINAPI* ConfigureOPMProtectedOutputFunction)(
OPM_PROTECTED_OUTPUT_HANDLE protected_output,
const DXGKMDT_OPM_CONFIGURE_PARAMETERS* parameters,
ULONG additional_parameters_size,
const BYTE* additional_parameters);
typedef NTSTATUS(WINAPI* GetOPMInformationFunction)(
OPM_PROTECTED_OUTPUT_HANDLE protected_output,
const DXGKMDT_OPM_GET_INFO_PARAMETERS* parameters,
DXGKMDT_OPM_REQUESTED_INFORMATION* requested_information);
typedef NTSTATUS(WINAPI* GetOPMRandomNumberFunction)(
OPM_PROTECTED_OUTPUT_HANDLE protected_output,
DXGKMDT_OPM_RANDOM_NUMBER* random_number);
typedef NTSTATUS(WINAPI* SetOPMSigningKeyAndSequenceNumbersFunction)(
OPM_PROTECTED_OUTPUT_HANDLE protected_output,
const DXGKMDT_OPM_ENCRYPTED_PARAMETERS* parameters);
#endif // SANDBOX_WIN_SRC_NT_INTERNALS_H__