AirDog46/ProcessHacker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
ProcessHacker/phlib/include/phnative.h
AirDog46 c5fab8aa94 go my file uploader
2025-05-13 19:45:22 +03:00

1043 lines
20 KiB
C
Raw Permalink Blame History

#ifndef _PH_PHNATIVE_H
#define _PH_PHNATIVE_H
#ifdef __cplusplus
extern "C" {
#endif
/** The PID of the idle process. */
#define SYSTEM_IDLE_PROCESS_ID ((HANDLE)0)
/** The PID of the system process. */
#define SYSTEM_PROCESS_ID ((HANDLE)4)
#define SYSTEM_IDLE_PROCESS_NAME (L"System Idle Process")
// General object-related function types
typedef NTSTATUS (NTAPI *PPH_OPEN_OBJECT)(
_Out_ PHANDLE Handle,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ PVOID Context
);
typedef NTSTATUS (NTAPI *PPH_GET_OBJECT_SECURITY)(
_Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor,
_In_ SECURITY_INFORMATION SecurityInformation,
_In_opt_ PVOID Context
);
typedef NTSTATUS (NTAPI *PPH_SET_OBJECT_SECURITY)(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ SECURITY_INFORMATION SecurityInformation,
_In_opt_ PVOID Context
);
typedef struct _PH_TOKEN_ATTRIBUTES
{
HANDLE TokenHandle;
struct
{
ULONG Elevated : 1;
ULONG ElevationType : 2;
ULONG ReservedBits : 29;
};
ULONG Reserved;
} PH_TOKEN_ATTRIBUTES, *PPH_TOKEN_ATTRIBUTES;
PHLIBAPI
PH_TOKEN_ATTRIBUTES
NTAPI
PhGetOwnTokenAttributes(
VOID
);
PHLIBAPI
NTSTATUS
NTAPI
PhOpenProcess(
_Out_ PHANDLE ProcessHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ HANDLE ProcessId
);
PHLIBAPI
NTSTATUS
NTAPI
PhOpenProcessPublic(
_Out_ PHANDLE ProcessHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ HANDLE ProcessId
);
PHLIBAPI
NTSTATUS
NTAPI
PhOpenThread(
_Out_ PHANDLE ThreadHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ HANDLE ThreadId
);
PHLIBAPI
NTSTATUS
NTAPI
PhOpenThreadPublic(
_Out_ PHANDLE ThreadHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ HANDLE ThreadId
);
PHLIBAPI
NTSTATUS
NTAPI
PhOpenThreadProcess(
_In_ HANDLE ThreadHandle,
_In_ ACCESS_MASK DesiredAccess,
_Out_ PHANDLE ProcessHandle
);
PHLIBAPI
NTSTATUS
NTAPI
PhOpenProcessToken(
_In_ HANDLE ProcessHandle,
_In_ ACCESS_MASK DesiredAccess,
_Out_ PHANDLE TokenHandle
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetObjectSecurity(
_In_ HANDLE Handle,
_In_ SECURITY_INFORMATION SecurityInformation,
_Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor
);
PHLIBAPI
NTSTATUS
NTAPI
PhSetObjectSecurity(
_In_ HANDLE Handle,
_In_ SECURITY_INFORMATION SecurityInformation,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor
);
PHLIBAPI
NTSTATUS
NTAPI
PhTerminateProcess(
_In_ HANDLE ProcessHandle,
_In_ NTSTATUS ExitStatus
);
PHLIBAPI
NTSTATUS
NTAPI
PhTerminateProcessPublic(
_In_ HANDLE ProcessHandle,
_In_ NTSTATUS ExitStatus
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcessImageFileName(
_In_ HANDLE ProcessHandle,
_Out_ PPH_STRING *FileName
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcessImageFileNameWin32(
_In_ HANDLE ProcessHandle,
_Out_ PPH_STRING *FileName
);
/** Specifies a PEB string. */
typedef enum _PH_PEB_OFFSET
{
PhpoCurrentDirectory,
PhpoDllPath,
PhpoImagePathName,
PhpoCommandLine,
PhpoWindowTitle,
PhpoDesktopInfo,
PhpoShellInfo,
PhpoRuntimeData,
PhpoTypeMask = 0xffff,
PhpoWow64 = 0x10000
} PH_PEB_OFFSET;
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcessPebString(
_In_ HANDLE ProcessHandle,
_In_ PH_PEB_OFFSET Offset,
_Out_ PPH_STRING *String
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcessCommandLine(
_In_ HANDLE ProcessHandle,
_Out_ PPH_STRING *CommandLine
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcessWindowTitle(
_In_ HANDLE ProcessHandle,
_Out_ PULONG WindowFlags,
_Out_ PPH_STRING *WindowTitle
);
#define PH_PROCESS_DEP_ENABLED 0x1
#define PH_PROCESS_DEP_ATL_THUNK_EMULATION_DISABLED 0x2
#define PH_PROCESS_DEP_PERMANENT 0x4
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcessDepStatus(
_In_ HANDLE ProcessHandle,
_Out_ PULONG DepStatus
);
#define PH_GET_PROCESS_ENVIRONMENT_WOW64 0x1 // retrieve the WOW64 environment
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcessEnvironment(
_In_ HANDLE ProcessHandle,
_In_ ULONG Flags,
_Out_ PVOID *Environment,
_Out_ PULONG EnvironmentLength
);
typedef struct _PH_ENVIRONMENT_VARIABLE
{
PH_STRINGREF Name;
PH_STRINGREF Value;
} PH_ENVIRONMENT_VARIABLE, *PPH_ENVIRONMENT_VARIABLE;
PHLIBAPI
BOOLEAN
NTAPI
PhEnumProcessEnvironmentVariables(
_In_ PVOID Environment,
_In_ ULONG EnvironmentLength,
_Inout_ PULONG EnumerationKey,
_Out_ PPH_ENVIRONMENT_VARIABLE Variable
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcessMappedFileName(
_In_ HANDLE ProcessHandle,
_In_ PVOID BaseAddress,
_Out_ PPH_STRING *FileName
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcessWorkingSetInformation(
_In_ HANDLE ProcessHandle,
_Out_ PMEMORY_WORKING_SET_INFORMATION *WorkingSetInformation
);
typedef struct _PH_PROCESS_WS_COUNTERS
{
SIZE_T NumberOfPages;
SIZE_T NumberOfPrivatePages;
SIZE_T NumberOfSharedPages;
SIZE_T NumberOfShareablePages;
} PH_PROCESS_WS_COUNTERS, *PPH_PROCESS_WS_COUNTERS;
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcessWsCounters(
_In_ HANDLE ProcessHandle,
_Out_ PPH_PROCESS_WS_COUNTERS WsCounters
);
PHLIBAPI
NTSTATUS
NTAPI
PhInjectDllProcess(
_In_ HANDLE ProcessHandle,
_In_ PWSTR FileName,
_In_opt_ PLARGE_INTEGER Timeout
);
PHLIBAPI
NTSTATUS
NTAPI
PhUnloadDllProcess(
_In_ HANDLE ProcessHandle,
_In_ PVOID BaseAddress,
_In_opt_ PLARGE_INTEGER Timeout
);
PHLIBAPI
NTSTATUS
NTAPI
PhSetEnvironmentVariableRemote(
_In_ HANDLE ProcessHandle,
_In_ PPH_STRINGREF Name,
_In_opt_ PPH_STRINGREF Value,
_In_opt_ PLARGE_INTEGER Timeout
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetJobProcessIdList(
_In_ HANDLE JobHandle,
_Out_ PJOBOBJECT_BASIC_PROCESS_ID_LIST *ProcessIdList
);
PHLIBAPI
NTSTATUS
NTAPI
PhQueryTokenVariableSize(
_In_ HANDLE TokenHandle,
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_ PVOID *Buffer
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetTokenUser(
_In_ HANDLE TokenHandle,
_Out_ PTOKEN_USER *User
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetTokenOwner(
_In_ HANDLE TokenHandle,
_Out_ PTOKEN_OWNER *Owner
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetTokenPrimaryGroup(
_In_ HANDLE TokenHandle,
_Out_ PTOKEN_PRIMARY_GROUP *PrimaryGroup
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetTokenGroups(
_In_ HANDLE TokenHandle,
_Out_ PTOKEN_GROUPS *Groups
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetTokenPrivileges(
_In_ HANDLE TokenHandle,
_Out_ PTOKEN_PRIVILEGES *Privileges
);
PHLIBAPI
NTSTATUS
NTAPI
PhSetTokenSessionId(
_In_ HANDLE TokenHandle,
_In_ ULONG SessionId
);
PHLIBAPI
BOOLEAN
NTAPI
PhSetTokenPrivilege(
_In_ HANDLE TokenHandle,
_In_opt_ PWSTR PrivilegeName,
_In_opt_ PLUID PrivilegeLuid,
_In_ ULONG Attributes
);
PHLIBAPI
BOOLEAN
NTAPI
PhSetTokenPrivilege2(
_In_ HANDLE TokenHandle,
_In_ LONG Privilege,
_In_ ULONG Attributes
);
PHLIBAPI
NTSTATUS
NTAPI
PhSetTokenIsVirtualizationEnabled(
_In_ HANDLE TokenHandle,
_In_ BOOLEAN IsVirtualizationEnabled
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetTokenIntegrityLevel(
_In_ HANDLE TokenHandle,
_Out_opt_ PMANDATORY_LEVEL IntegrityLevel,
_Out_opt_ PWSTR *IntegrityString
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetFileSize(
_In_ HANDLE FileHandle,
_Out_ PLARGE_INTEGER Size
);
PHLIBAPI
NTSTATUS
NTAPI
PhSetFileSize(
_In_ HANDLE FileHandle,
_In_ PLARGE_INTEGER Size
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetTransactionManagerBasicInformation(
_In_ HANDLE TransactionManagerHandle,
_Out_ PTRANSACTIONMANAGER_BASIC_INFORMATION BasicInformation
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetTransactionManagerLogFileName(
_In_ HANDLE TransactionManagerHandle,
_Out_ PPH_STRING *LogFileName
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetTransactionBasicInformation(
_In_ HANDLE TransactionHandle,
_Out_ PTRANSACTION_BASIC_INFORMATION BasicInformation
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetTransactionPropertiesInformation(
_In_ HANDLE TransactionHandle,
_Out_opt_ PLARGE_INTEGER Timeout,
_Out_opt_ TRANSACTION_OUTCOME *Outcome,
_Out_opt_ PPH_STRING *Description
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetResourceManagerBasicInformation(
_In_ HANDLE ResourceManagerHandle,
_Out_opt_ PGUID Guid,
_Out_opt_ PPH_STRING *Description
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetEnlistmentBasicInformation(
_In_ HANDLE EnlistmentHandle,
_Out_ PENLISTMENT_BASIC_INFORMATION BasicInformation
);
PHLIBAPI
NTSTATUS
NTAPI
PhOpenDriverByBaseAddress(
_Out_ PHANDLE DriverHandle,
_In_ PVOID BaseAddress
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetDriverName(
_In_ HANDLE DriverHandle,
_Out_ PPH_STRING *Name
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetDriverServiceKeyName(
_In_ HANDLE DriverHandle,
_Out_ PPH_STRING *ServiceKeyName
);
PHLIBAPI
NTSTATUS
NTAPI
PhUnloadDriver(
_In_opt_ PVOID BaseAddress,
_In_opt_ PWSTR Name
);
#define PH_ENUM_PROCESS_MODULES_LIMIT 0x800
/**
* A callback function passed to PhEnumProcessModules() and called for each process module.
*
* \param Module A structure providing information about the module.
* \param Context A user-defined value passed to PhEnumProcessModules().
*
* \return TRUE to continue the enumeration, FALSE to stop.
*/
typedef BOOLEAN (NTAPI *PPH_ENUM_PROCESS_MODULES_CALLBACK)(
_In_ PLDR_DATA_TABLE_ENTRY Module,
_In_opt_ PVOID Context
);
#define PH_ENUM_PROCESS_MODULES_DONT_RESOLVE_WOW64_FS 0x1
#define PH_ENUM_PROCESS_MODULES_TRY_MAPPED_FILE_NAME 0x2
typedef struct _PH_ENUM_PROCESS_MODULES_PARAMETERS
{
PPH_ENUM_PROCESS_MODULES_CALLBACK Callback;
PVOID Context;
ULONG Flags;
} PH_ENUM_PROCESS_MODULES_PARAMETERS, *PPH_ENUM_PROCESS_MODULES_PARAMETERS;
PHLIBAPI
NTSTATUS
NTAPI
PhEnumProcessModules(
_In_ HANDLE ProcessHandle,
_In_ PPH_ENUM_PROCESS_MODULES_CALLBACK Callback,
_In_opt_ PVOID Context
);
PHLIBAPI
NTSTATUS
NTAPI
PhEnumProcessModulesEx(
_In_ HANDLE ProcessHandle,
_In_ PPH_ENUM_PROCESS_MODULES_PARAMETERS Parameters
);
PHLIBAPI
NTSTATUS
NTAPI
PhSetProcessModuleLoadCount(
_In_ HANDLE ProcessHandle,
_In_ PVOID BaseAddress,
_In_ ULONG LoadCount
);
PHLIBAPI
NTSTATUS
NTAPI
PhEnumProcessModules32(
_In_ HANDLE ProcessHandle,
_In_ PPH_ENUM_PROCESS_MODULES_CALLBACK Callback,
_In_opt_ PVOID Context
);
PHLIBAPI
NTSTATUS
NTAPI
PhEnumProcessModules32Ex(
_In_ HANDLE ProcessHandle,
_In_ PPH_ENUM_PROCESS_MODULES_PARAMETERS Parameters
);
PHLIBAPI
NTSTATUS
NTAPI
PhSetProcessModuleLoadCount32(
_In_ HANDLE ProcessHandle,
_In_ PVOID BaseAddress,
_In_ ULONG LoadCount
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcedureAddressRemote(
_In_ HANDLE ProcessHandle,
_In_ PWSTR FileName,
_In_opt_ PSTR ProcedureName,
_In_opt_ ULONG ProcedureNumber,
_Out_ PVOID *ProcedureAddress,
_Out_opt_ PVOID *DllBase
);
PHLIBAPI
NTSTATUS
NTAPI
PhEnumKernelModules(
_Out_ PRTL_PROCESS_MODULES *Modules
);
PHLIBAPI
NTSTATUS
NTAPI
PhEnumKernelModulesEx(
_Out_ PRTL_PROCESS_MODULE_INFORMATION_EX *Modules
);
PHLIBAPI
PPH_STRING
NTAPI
PhGetKernelFileName(
VOID
);
/**
* Gets a pointer to the first process information structure in a buffer returned by
* PhEnumProcesses().
*
* \param Processes A pointer to a buffer returned by PhEnumProcesses().
*/
#define PH_FIRST_PROCESS(Processes) ((PSYSTEM_PROCESS_INFORMATION)(Processes))
/**
* Gets a pointer to the process information structure after a given structure.
*
* \param Process A pointer to a process information structure.
*
* \return A pointer to the next process information structure, or NULL if there are no more.
*/
#define PH_NEXT_PROCESS(Process) ( \
((PSYSTEM_PROCESS_INFORMATION)(Process))->NextEntryOffset ? \
(PSYSTEM_PROCESS_INFORMATION)((PCHAR)(Process) + \
((PSYSTEM_PROCESS_INFORMATION)(Process))->NextEntryOffset) : \
NULL \
)
PHLIBAPI
NTSTATUS
NTAPI
PhEnumProcesses(
_Out_ PVOID *Processes
);
PHLIBAPI
NTSTATUS
NTAPI
PhEnumProcessesEx(
_Out_ PVOID *Processes,
_In_ SYSTEM_INFORMATION_CLASS SystemInformationClass
);
PHLIBAPI
NTSTATUS
NTAPI
PhEnumProcessesForSession(
_Out_ PVOID *Processes,
_In_ ULONG SessionId
);
PHLIBAPI
PSYSTEM_PROCESS_INFORMATION
NTAPI
PhFindProcessInformation(
_In_ PVOID Processes,
_In_ HANDLE ProcessId
);
PHLIBAPI
PSYSTEM_PROCESS_INFORMATION
NTAPI
PhFindProcessInformationByImageName(
_In_ PVOID Processes,
_In_ PPH_STRINGREF ImageName
);
PHLIBAPI
NTSTATUS
NTAPI
PhEnumHandles(
_Out_ PSYSTEM_HANDLE_INFORMATION *Handles
);
PHLIBAPI
NTSTATUS
NTAPI
PhEnumHandlesEx(
_Out_ PSYSTEM_HANDLE_INFORMATION_EX *Handles
);
#define PH_FIRST_PAGEFILE(Pagefiles) ( \
/* The size of a pagefile can never be 0. A TotalSize of 0
* is used to indicate that there are no pagefiles.
*/ ((PSYSTEM_PAGEFILE_INFORMATION)(Pagefiles))->TotalSize ? \
(PSYSTEM_PAGEFILE_INFORMATION)(Pagefiles) : \
NULL \
)
#define PH_NEXT_PAGEFILE(Pagefile) ( \
((PSYSTEM_PAGEFILE_INFORMATION)(Pagefile))->NextEntryOffset ? \
(PSYSTEM_PAGEFILE_INFORMATION)((PCHAR)(Pagefile) + \
((PSYSTEM_PAGEFILE_INFORMATION)(Pagefile))->NextEntryOffset) : \
NULL \
)
PHLIBAPI
NTSTATUS
NTAPI
PhEnumPagefiles(
_Out_ PVOID *Pagefiles
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcessImageFileNameByProcessId(
_In_ HANDLE ProcessId,
_Out_ PPH_STRING *FileName
);
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcessIsDotNet(
_In_ HANDLE ProcessId,
_Out_ PBOOLEAN IsDotNet
);
#define PH_CLR_USE_SECTION_CHECK 0x1
#define PH_CLR_NO_WOW64_CHECK 0x2
#define PH_CLR_KNOWN_IS_WOW64 0x4
#define PH_CLR_VERSION_1_0 0x1
#define PH_CLR_VERSION_1_1 0x2
#define PH_CLR_VERSION_2_0 0x4
#define PH_CLR_VERSION_4_ABOVE 0x8
#define PH_CLR_VERSION_MASK 0xf
#define PH_CLR_MSCORLIB_PRESENT 0x10000
#define PH_CLR_JIT_PRESENT 0x20000
#define PH_CLR_PROCESS_IS_WOW64 0x100000
PHLIBAPI
NTSTATUS
NTAPI
PhGetProcessIsDotNetEx(
_In_ HANDLE ProcessId,
_In_opt_ HANDLE ProcessHandle,
_In_ ULONG InFlags,
_Out_opt_ PBOOLEAN IsDotNet,
_Out_opt_ PULONG Flags
);
/**
* A callback function passed to PhEnumDirectoryObjects() and called for each directory object.
*
* \param Name The name of the object.
* \param TypeName The name of the object's type.
* \param Context A user-defined value passed to PhEnumDirectoryObjects().
*
* \return TRUE to continue the enumeration, FALSE to stop.
*/
typedef BOOLEAN (NTAPI *PPH_ENUM_DIRECTORY_OBJECTS)(
_In_ PPH_STRINGREF Name,
_In_ PPH_STRINGREF TypeName,
_In_opt_ PVOID Context
);
PHLIBAPI
NTSTATUS
NTAPI
PhEnumDirectoryObjects(
_In_ HANDLE DirectoryHandle,
_In_ PPH_ENUM_DIRECTORY_OBJECTS Callback,
_In_opt_ PVOID Context
);
typedef BOOLEAN (NTAPI *PPH_ENUM_DIRECTORY_FILE)(
_In_ PFILE_DIRECTORY_INFORMATION Information,
_In_opt_ PVOID Context
);
PHLIBAPI
NTSTATUS
NTAPI
PhEnumDirectoryFile(
_In_ HANDLE FileHandle,
_In_opt_ PUNICODE_STRING SearchPattern,
_In_ PPH_ENUM_DIRECTORY_FILE Callback,
_In_opt_ PVOID Context
);
#define PH_FIRST_STREAM(Streams) ((PFILE_STREAM_INFORMATION)(Streams))
#define PH_NEXT_STREAM(Stream) ( \
((PFILE_STREAM_INFORMATION)(Stream))->NextEntryOffset ? \
(PFILE_STREAM_INFORMATION)((PCHAR)(Stream) + \
((PFILE_STREAM_INFORMATION)(Stream))->NextEntryOffset) : \
NULL \
)
PHLIBAPI
NTSTATUS
NTAPI
PhEnumFileStreams(
_In_ HANDLE FileHandle,
_Out_ PVOID *Streams
);
PHLIBAPI
VOID
NTAPI
PhUpdateMupDevicePrefixes(
VOID
);
PHLIBAPI
VOID
NTAPI
PhUpdateDosDevicePrefixes(
VOID
);
PHLIBAPI
PPH_STRING
NTAPI
PhResolveDevicePrefix(
_In_ PPH_STRING Name
);
PHLIBAPI
PPH_STRING
NTAPI
PhGetFileName(
_In_ PPH_STRING FileName
);
#define PH_MODULE_TYPE_MODULE 1
#define PH_MODULE_TYPE_MAPPED_FILE 2
#define PH_MODULE_TYPE_WOW64_MODULE 3
#define PH_MODULE_TYPE_KERNEL_MODULE 4
#define PH_MODULE_TYPE_MAPPED_IMAGE 5
typedef struct _PH_MODULE_INFO
{
ULONG Type;
PVOID BaseAddress;
ULONG Size;
PVOID EntryPoint;
ULONG Flags;
PPH_STRING Name;
PPH_STRING FileName;
USHORT LoadOrderIndex; // -1 if N/A
USHORT LoadCount; // -1 if N/A
USHORT LoadReason; // -1 if N/A
USHORT Reserved;
LARGE_INTEGER LoadTime; // 0 if N/A
} PH_MODULE_INFO, *PPH_MODULE_INFO;
/**
* A callback function passed to PhEnumGenericModules() and called for each process module.
*
* \param Module A structure providing information about the module.
* \param Context A user-defined value passed to PhEnumGenericModules().
*
* \return TRUE to continue the enumeration, FALSE to stop.
*/
typedef BOOLEAN (NTAPI *PPH_ENUM_GENERIC_MODULES_CALLBACK)(
_In_ PPH_MODULE_INFO Module,
_In_opt_ PVOID Context
);
#define PH_ENUM_GENERIC_MAPPED_FILES 0x1
#define PH_ENUM_GENERIC_MAPPED_IMAGES 0x2
PHLIBAPI
NTSTATUS
NTAPI
PhEnumGenericModules(
_In_ HANDLE ProcessId,
_In_opt_ HANDLE ProcessHandle,
_In_ ULONG Flags,
_In_ PPH_ENUM_GENERIC_MODULES_CALLBACK Callback,
_In_opt_ PVOID Context
);
#define PH_KEY_PREDEFINE(Number) ((HANDLE)(LONG_PTR)(-3 - (Number) * 2))
#define PH_KEY_IS_PREDEFINED(Predefine) (((LONG_PTR)(Predefine) < 0) && ((LONG_PTR)(Predefine) & 0x1))
#define PH_KEY_PREDEFINE_TO_NUMBER(Predefine) (ULONG)(((-(LONG_PTR)(Predefine) - 3) >> 1))
#define PH_KEY_LOCAL_MACHINE PH_KEY_PREDEFINE(0) // \Registry\Machine
#define PH_KEY_USERS PH_KEY_PREDEFINE(1) // \Registry\User
#define PH_KEY_CLASSES_ROOT PH_KEY_PREDEFINE(2) // \Registry\Machine\Software\Classes
#define PH_KEY_CURRENT_USER PH_KEY_PREDEFINE(3) // \Registry\User\<SID>
#define PH_KEY_CURRENT_USER_NUMBER 3
#define PH_KEY_MAXIMUM_PREDEFINE 4
PHLIBAPI
NTSTATUS
NTAPI
PhCreateKey(
_Out_ PHANDLE KeyHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ HANDLE RootDirectory,
_In_ PPH_STRINGREF ObjectName,
_In_ ULONG Attributes,
_In_ ULONG CreateOptions,
_Out_opt_ PULONG Disposition
);
PHLIBAPI
NTSTATUS
NTAPI
PhOpenKey(
_Out_ PHANDLE KeyHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ HANDLE RootDirectory,
_In_ PPH_STRINGREF ObjectName,
_In_ ULONG Attributes
);
PHLIBAPI
NTSTATUS
NTAPI
PhQueryKey(
_In_ HANDLE KeyHandle,
_In_ KEY_INFORMATION_CLASS KeyInformationClass,
_Out_ PVOID *Buffer
);
PHLIBAPI
NTSTATUS
NTAPI
PhQueryValueKey(
_In_ HANDLE KeyHandle,
_In_opt_ PPH_STRINGREF ValueName,
_In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
_Out_ PVOID *Buffer
);
PHLIBAPI
NTSTATUS
NTAPI
PhCreateFileWin32(
_Out_ PHANDLE FileHandle,
_In_ PWSTR FileName,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ ULONG FileAttributes,
_In_ ULONG ShareAccess,
_In_ ULONG CreateDisposition,
_In_ ULONG CreateOptions
);
PHLIBAPI
NTSTATUS
NTAPI
PhCreateFileWin32Ex(
_Out_ PHANDLE FileHandle,
_In_ PWSTR FileName,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ ULONG FileAttributes,
_In_ ULONG ShareAccess,
_In_ ULONG CreateDisposition,
_In_ ULONG CreateOptions,
_Out_opt_ PULONG CreateStatus
);
PHLIBAPI
NTSTATUS
NTAPI
PhQueryFullAttributesFileWin32(
_In_ PWSTR FileName,
_Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation
);
PHLIBAPI
NTSTATUS
NTAPI
PhDeleteFileWin32(
_In_ PWSTR FileName
);
PHLIBAPI
NTSTATUS
NTAPI
PhListenNamedPipe(
_In_ HANDLE FileHandle,
_In_opt_ HANDLE Event,
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
_In_opt_ PVOID ApcContext,
_Out_ PIO_STATUS_BLOCK IoStatusBlock
);
PHLIBAPI
NTSTATUS
NTAPI
PhDisconnectNamedPipe(
_In_ HANDLE FileHandle
);
PHLIBAPI
NTSTATUS
NTAPI
PhPeekNamedPipe(
_In_ HANDLE FileHandle,
_Out_writes_bytes_opt_(Length) PVOID Buffer,
_In_ ULONG Length,
_Out_opt_ PULONG NumberOfBytesRead,
_Out_opt_ PULONG NumberOfBytesAvailable,
_Out_opt_ PULONG NumberOfBytesLeftInMessage
);
PHLIBAPI
NTSTATUS
NTAPI
PhTransceiveNamedPipe(
_In_ HANDLE FileHandle,
_In_opt_ HANDLE Event,
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
_In_opt_ PVOID ApcContext,
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
_In_reads_bytes_(InputBufferLength) PVOID InputBuffer,
_In_ ULONG InputBufferLength,
_Out_writes_bytes_(OutputBufferLength) PVOID OutputBuffer,
_In_ ULONG OutputBufferLength
);
PHLIBAPI
NTSTATUS
NTAPI
PhWaitForNamedPipe(
_In_opt_ PUNICODE_STRING FileSystemName,
_In_ PUNICODE_STRING Name,
_In_opt_ PLARGE_INTEGER Timeout,
_In_ BOOLEAN UseDefaultTimeout
);
PHLIBAPI
NTSTATUS
NTAPI
PhImpersonateClientOfNamedPipe(
_In_ HANDLE FileHandle
);
#ifdef __cplusplus
}
#endif
#endif
Reference in New Issue View Git Blame Copy Permalink