mirror of https://github.com/x64dbg/TitanEngine
371 lines
9.4 KiB
C
371 lines
9.4 KiB
C
#pragma once
|
|
|
|
#include <windows.h>
|
|
|
|
#ifndef _WIN64
|
|
#pragma comment(lib, "ntdll_x86.lib")
|
|
#else
|
|
#pragma comment(lib, "ntdll_x64.lib")
|
|
#endif
|
|
|
|
typedef LONG NTSTATUS;
|
|
typedef LONG KPRIORITY;
|
|
|
|
typedef struct _CLIENT_ID
|
|
{
|
|
HANDLE UniqueProcess;
|
|
HANDLE UniqueThread;
|
|
} CLIENT_ID, *PCLIENT_ID;
|
|
|
|
typedef struct _UNICODE_STRING
|
|
{
|
|
USHORT Length;
|
|
USHORT MaximumLength;
|
|
PWSTR Buffer;
|
|
} UNICODE_STRING, *PUNICODE_STRING;
|
|
|
|
typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION
|
|
{
|
|
ULONG Attributes;
|
|
ACCESS_MASK GrantedAccess;
|
|
ULONG HandleCount;
|
|
ULONG PointerCount;
|
|
|
|
ULONG Reserved[10]; // reserved for internal use
|
|
|
|
} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
|
|
|
|
typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION
|
|
{
|
|
|
|
UNICODE_STRING TypeName;
|
|
|
|
ULONG Reserved [22]; // reserved for internal use
|
|
|
|
} PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
|
|
|
|
typedef struct _PROCESS_BASIC_INFORMATION
|
|
{
|
|
PVOID Reserved1;
|
|
PVOID PebBaseAddress;
|
|
PVOID Reserved2[2];
|
|
ULONG_PTR UniqueProcessId;
|
|
PVOID Reserved3;
|
|
} PROCESS_BASIC_INFORMATION;
|
|
typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
|
|
|
|
typedef struct _THREAD_BASIC_INFORMATION
|
|
{
|
|
NTSTATUS ExitStatus;
|
|
PVOID TebBaseAddress;
|
|
CLIENT_ID ClientId;
|
|
ULONG_PTR AffinityMask;
|
|
KPRIORITY Priority;
|
|
LONG BasePriority;
|
|
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
|
|
|
|
typedef
|
|
VOID
|
|
(*PPS_APC_ROUTINE) (
|
|
__in_opt PVOID ApcArgument1,
|
|
__in_opt PVOID ApcArgument2,
|
|
__in_opt PVOID ApcArgument3
|
|
);
|
|
|
|
typedef enum _PROCESSINFOCLASS
|
|
{
|
|
ProcessBasicInformation,
|
|
ProcessQuotaLimits,
|
|
ProcessIoCounters,
|
|
ProcessVmCounters,
|
|
ProcessTimes,
|
|
ProcessBasePriority,
|
|
ProcessRaisePriority,
|
|
ProcessDebugPort,
|
|
ProcessExceptionPort,
|
|
ProcessAccessToken,
|
|
ProcessLdtInformation,
|
|
ProcessLdtSize,
|
|
ProcessDefaultHardErrorMode,
|
|
ProcessIoPortHandlers, // Note: this is kernel mode only
|
|
ProcessPooledUsageAndLimits,
|
|
ProcessWorkingSetWatch,
|
|
ProcessUserModeIOPL,
|
|
ProcessEnableAlignmentFaultFixup,
|
|
ProcessPriorityClass,
|
|
ProcessWx86Information,
|
|
ProcessHandleCount,
|
|
ProcessAffinityMask,
|
|
ProcessPriorityBoost,
|
|
ProcessDeviceMap,
|
|
ProcessSessionInformation,
|
|
ProcessForegroundInformation,
|
|
ProcessWow64Information,
|
|
ProcessImageFileName,
|
|
ProcessLUIDDeviceMapsEnabled,
|
|
ProcessBreakOnTermination,
|
|
ProcessDebugObjectHandle,
|
|
ProcessDebugFlags,
|
|
ProcessHandleTracing,
|
|
ProcessIoPriority,
|
|
ProcessExecuteFlags,
|
|
ProcessResourceManagement,
|
|
ProcessCookie,
|
|
ProcessImageInformation,
|
|
MaxProcessInfoClass // MaxProcessInfoClass should always be the last enum
|
|
} PROCESSINFOCLASS;
|
|
|
|
typedef enum _SYSTEM_INFORMATION_CLASS
|
|
{
|
|
SystemBasicInformation,
|
|
SystemProcessorInformation, // obsolete...delete
|
|
SystemPerformanceInformation,
|
|
SystemTimeOfDayInformation,
|
|
SystemPathInformation,
|
|
SystemProcessInformation,
|
|
SystemCallCountInformation,
|
|
SystemDeviceInformation,
|
|
SystemProcessorPerformanceInformation,
|
|
SystemFlagsInformation,
|
|
SystemCallTimeInformation,
|
|
SystemModuleInformation,
|
|
SystemLocksInformation,
|
|
SystemStackTraceInformation,
|
|
SystemPagedPoolInformation,
|
|
SystemNonPagedPoolInformation,
|
|
SystemHandleInformation,
|
|
SystemObjectInformation,
|
|
SystemPageFileInformation,
|
|
SystemVdmInstemulInformation,
|
|
SystemVdmBopInformation,
|
|
SystemFileCacheInformation,
|
|
SystemPoolTagInformation,
|
|
SystemInterruptInformation,
|
|
SystemDpcBehaviorInformation,
|
|
SystemFullMemoryInformation,
|
|
SystemLoadGdiDriverInformation,
|
|
SystemUnloadGdiDriverInformation,
|
|
SystemTimeAdjustmentInformation,
|
|
SystemSummaryMemoryInformation,
|
|
SystemMirrorMemoryInformation,
|
|
SystemPerformanceTraceInformation,
|
|
SystemObsolete0,
|
|
SystemExceptionInformation,
|
|
SystemCrashDumpStateInformation,
|
|
SystemKernelDebuggerInformation,
|
|
SystemContextSwitchInformation,
|
|
SystemRegistryQuotaInformation,
|
|
SystemExtendServiceTableInformation,
|
|
SystemPrioritySeperation,
|
|
SystemVerifierAddDriverInformation,
|
|
SystemVerifierRemoveDriverInformation,
|
|
SystemProcessorIdleInformation,
|
|
SystemLegacyDriverInformation,
|
|
SystemCurrentTimeZoneInformation,
|
|
SystemLookasideInformation,
|
|
SystemTimeSlipNotification,
|
|
SystemSessionCreate,
|
|
SystemSessionDetach,
|
|
SystemSessionInformation,
|
|
SystemRangeStartInformation,
|
|
SystemVerifierInformation,
|
|
SystemVerifierThunkExtend,
|
|
SystemSessionProcessInformation,
|
|
SystemLoadGdiDriverInSystemSpace,
|
|
SystemNumaProcessorMap,
|
|
SystemPrefetcherInformation,
|
|
SystemExtendedProcessInformation,
|
|
SystemRecommendedSharedDataAlignment,
|
|
SystemComPlusPackage,
|
|
SystemNumaAvailableMemory,
|
|
SystemProcessorPowerInformation,
|
|
SystemEmulationBasicInformation,
|
|
SystemEmulationProcessorInformation,
|
|
SystemExtendedHandleInformation,
|
|
SystemLostDelayedWriteInformation,
|
|
SystemBigPoolInformation,
|
|
SystemSessionPoolTagInformation,
|
|
SystemSessionMappedViewInformation,
|
|
SystemHotpatchInformation,
|
|
SystemObjectSecurityMode,
|
|
SystemWatchdogTimerHandler,
|
|
SystemWatchdogTimerInformation,
|
|
SystemLogicalProcessorInformation,
|
|
SystemWow64SharedInformation,
|
|
SystemRegisterFirmwareTableInformationHandler,
|
|
SystemFirmwareTableInformation,
|
|
SystemModuleInformationEx,
|
|
SystemVerifierTriageInformation,
|
|
SystemSuperfetchInformation,
|
|
SystemMemoryListInformation,
|
|
SystemFileCacheInformationEx,
|
|
MaxSystemInfoClass // MaxSystemInfoClass should always be the last enum
|
|
} SYSTEM_INFORMATION_CLASS;
|
|
|
|
typedef enum _OBJECT_INFORMATION_CLASS
|
|
{
|
|
ObjectBasicInformation,
|
|
ObjectNameInformation,
|
|
ObjectTypeInformation,
|
|
ObjectTypesInformation,
|
|
ObjectHandleFlagInformation,
|
|
ObjectSessionInformation,
|
|
MaxObjectInfoClass // MaxObjectInfoClass should always be the last enum
|
|
} OBJECT_INFORMATION_CLASS;
|
|
|
|
typedef enum _THREADINFOCLASS
|
|
{
|
|
ThreadBasicInformation,
|
|
ThreadTimes,
|
|
ThreadPriority,
|
|
ThreadBasePriority,
|
|
ThreadAffinityMask,
|
|
ThreadImpersonationToken,
|
|
ThreadDescriptorTableEntry,
|
|
ThreadEnableAlignmentFaultFixup,
|
|
ThreadEventPair_Reusable,
|
|
ThreadQuerySetWin32StartAddress,
|
|
ThreadZeroTlsCell,
|
|
ThreadPerformanceCount,
|
|
ThreadAmILastThread,
|
|
ThreadIdealProcessor,
|
|
ThreadPriorityBoost,
|
|
ThreadSetTlsArrayAddress,
|
|
ThreadIsIoPending,
|
|
ThreadHideFromDebugger,
|
|
ThreadBreakOnTermination,
|
|
ThreadSwitchLegacyState,
|
|
ThreadIsTerminated,
|
|
MaxThreadInfoClass
|
|
} THREADINFOCLASS;
|
|
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetInformationProcess (
|
|
__in HANDLE ProcessHandle,
|
|
__in PROCESSINFOCLASS ProcessInformationClass,
|
|
__in_bcount(ProcessInformationLength) PVOID ProcessInformation,
|
|
__in ULONG ProcessInformationLength
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryInformationProcess (
|
|
__in HANDLE ProcessHandle,
|
|
__in PROCESSINFOCLASS ProcessInformationClass,
|
|
__out_bcount(ProcessInformationLength) PVOID ProcessInformation,
|
|
__in ULONG ProcessInformationLength,
|
|
__out_opt PULONG ReturnLength
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryObject (
|
|
__in HANDLE Handle,
|
|
__in OBJECT_INFORMATION_CLASS ObjectInformationClass,
|
|
__out_bcount_opt(ObjectInformationLength) PVOID ObjectInformation,
|
|
__in ULONG ObjectInformationLength,
|
|
__out_opt PULONG ReturnLength
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetSystemInformation (
|
|
__in SYSTEM_INFORMATION_CLASS SystemInformationClass,
|
|
__in_bcount_opt(SystemInformationLength) PVOID SystemInformation,
|
|
__in ULONG SystemInformationLength
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQuerySystemInformation (
|
|
__in SYSTEM_INFORMATION_CLASS SystemInformationClass,
|
|
__out_bcount_opt(SystemInformationLength) PVOID SystemInformation,
|
|
__in ULONG SystemInformationLength,
|
|
__out_opt PULONG ReturnLength
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetInformationThread (
|
|
__in HANDLE ThreadHandle,
|
|
__in THREADINFOCLASS ThreadInformationClass,
|
|
__in_bcount(ThreadInformationLength) PVOID ThreadInformation,
|
|
__in ULONG ThreadInformationLength
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryInformationThread (
|
|
__in HANDLE ThreadHandle,
|
|
__in THREADINFOCLASS ThreadInformationClass,
|
|
__out_bcount(ThreadInformationLength) PVOID ThreadInformation,
|
|
__in ULONG ThreadInformationLength,
|
|
__out_opt PULONG ReturnLength
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtUnmapViewOfSection (
|
|
__in HANDLE ProcessHandle,
|
|
__in PVOID BaseAddress
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSuspendThread (
|
|
__in HANDLE ThreadHandle,
|
|
__out_opt PULONG PreviousSuspendCount
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtResumeThread (
|
|
__in HANDLE ThreadHandle,
|
|
__out_opt PULONG PreviousSuspendCount
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSuspendProcess (
|
|
__in HANDLE ProcessHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtResumeProcess (
|
|
__in HANDLE ProcessHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueueApcThread (
|
|
__in HANDLE ThreadHandle,
|
|
__in PPS_APC_ROUTINE ApcRoutine,
|
|
__in_opt PVOID ApcArgument1,
|
|
__in_opt PVOID ApcArgument2,
|
|
__in_opt PVOID ApcArgument3
|
|
);
|
|
|
|
#ifdef __cplusplus
|
|
};
|
|
#endif
|