Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
#pragma once
2

3
#include <windows.h>
4
#include <ntstatus.h>
5

6
#ifndef NTSTATUS
7
typedef long NTSTATUS;
8
#endif
9

10
// https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/sysinfo/handle_table_entry.htm?ts=0,80
11
typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO {
12
	USHORT     UniqueProcessId;
13
	USHORT     CreatorBackTraceIndex;
14
	UCHAR	   ObjectTypeIndex;
15
	UCHAR      HandleAttributes;
16
	USHORT     HandleValue;
17
	PVOID      Object;
18
	ULONG      GrantedAccess;
19
} SYSTEM_HANDLE_TABLE_ENTRY_INFO;
20
typedef SYSTEM_HANDLE_TABLE_ENTRY_INFO* PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
21

22
typedef struct _SYSTEM_HANDLE_INFORMATION {
23
	ULONG NumberOfHandles;
24
	SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[];
25
} SYSTEM_HANDLE_INFORMATION;
26
typedef SYSTEM_HANDLE_INFORMATION* PSYSTEM_HANDLE_INFORMATION;
27

28
typedef enum _SYSTEM_INFORMATION_CLASS // this is an incomplete definition
29
{
30
	SystemBasicInformation = 0,                      // 3.10 and higher
31
	SystemProcessorInformation = 1,                  // 3.10 and higher
32
	SystemPerformanceInformation = 2,                // 3.10 and higher
33
	SystemTimeOfDayInformation = 3,                  // 3.10 and higher
34
	SystemPathInformation = 4,                       // 3.10 and higher
35
	SystemProcessInformation = 5,                    // 3.10 and higher
36
	SystemCallCountInformation = 6,                  // 3.10 and higher
37
	SystemDeviceInformation = 7,                     // 3.10 and higher
38
	SystemProcessorPerformanceInformation = 8,       // 3.10 and higher
39
	SystemFlagsInformation = 9,                      // 3.10 and higher
40
	SystemCallTimeInformation = 10,                  // 3.10 and higher
41
	SystemModuleInformation = 11,                    // 3.10 and higher
42
	SystemLocksInformation = 12,                     // 3.10 and higher
43
	SystemStackTraceInformation = 13,                // 3.10 and higher
44
	SystemPagedPoolInformation = 14,                 // 3.10 and higher
45
	SystemNonPagedPoolInformation = 15,              // 3.10 and higher
46
	SystemHandleInformation = 16,                    // 3.10 and higher
47
	SystemObjectInformation = 17,                    // 3.10 and higher
48
	SystemPageFileInformation = 18,                  // 3.10 and higher
49
	SystemVdmInstemulInformation = 19,               // 3.10 and higher
50
	SystemVdmBopInformation = 20,                    // 3.10 and higher
51
	SystemFileCacheInformation = 21,                 // 3.10 and higher
52
	SystemPoolTagInformation = 22,                   // 3.50 and higher
53
	SystemInterruptInformation = 23,                 // 3.51 and higher
54
	SystemExceptionInformation = 33,                 // 3.50 and higher
55
	SystemRegistryQuotaInformation = 37,             // 3.51 and higher
56
	SystemLookasideInformation = 45,                 // 4.0 and higher
57
	SystemBigPoolInformation = 66,                   // 5.2 and higher
58
	SystemCodeIntegrityInformation = 103,            // 6.0 and higher
59
	SystemQueryPerformanceCounterInformation = 124,  // 6.1 and higher
60
	SystemPolicyInformation = 134,                   // 6.2 and higher, was known as SystemThrottleNotificationInformation in 6.2
61
	SystemKernelVaShadowInformation = 196,           // 1803 and higher
62
	SystemSpeculationControlInformation = 201,       // 1803 and higher
63
	SystemDmaGuardPolicyInformation = 202,           // 1803 and higher
64
	SystemEnclaveLaunchControlInformation = 203      // 1803 and higher
65
} SYSTEM_INFORMATION_CLASS;
66

67
// Definitions taken from https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ps/psquery/class.htm
68
typedef enum _THREADINFOCLASS {
69
	ThreadBasicInformation = 0x0,                    // All versions
70
	ThreadTimes = 0x1,                               // All versions
71
	ThreadPriority = 0x2,                            // All versions
72
	ThreadBasePriority = 0x3,                        // All versions
73
	ThreadAffinityMask = 0x4,                        // All versions
74
	ThreadImpersonationToken = 0x5,                  // All versions
75
	ThreadDescriptorTableEntry = 0x6,                // All versions
76
	ThreadEnableAlignmentFaultFixup = 0x7,           // All versions
77
	ThreadEventPair = 0x8,                           // 3.10 to 4.0
78
	ThreadEventPair_Reuseable = 0x8,                 // 5.0 and higher
79
	ThreadQuerySetWin32StartAddress = 0x9,           // All versions
80
	ThreadZeroTlsCell = 0x0A,                        // All versions minus 3.10 where it was 0xB
81
	ThreadPerformanceCount = 0x0B,                   // 3.51 and higher
82
	ThreadAmILastThread = 0x0C,                      // 3.51 and higher
83
	ThreadIdealProcessor = 0x0D,                     // 4.0 and higher
84
	ThreadPriorityBoost = 0x0E,                      // 4.0 and higher
85
	ThreadSetTlsArrayAddress = 0x0F,                 // 4.0 and higher
86
	ThreadIsIoPending = 0x10,                        // 5.0 and higher
87
	ThreadHideFromDebugger = 0x11,                   // 5.0 and higher
88
	ThreadBreakOnTermination = 0x12,                 // 5.2 and higher
89
	ThreadSwitchLegacyState = 0x13,                  // 5.2 and higher from Windows Server 2003 SP1
90
	ThreadIsTerminated = 0x14,                       // 5.2 and higher from Windows Server 2003 SP1
91
	ThreadLastSystemCall = 0x15,                     // 6.0 and higher
92
	ThreadIoPriority = 0x16,                         // 6.0 and higher
93
	ThreadCycleTime = 0x17,                          // 6.0 and higher
94
	ThreadPagePriority = 0x18,                       // 6.0 and higher
95
	ThreadActualBasePriority = 0x19,                 // 6.0 and higher
96
	ThreadTebInformation = 0x1A,                     // 6.0 and higher
97
	ThreadCSwitchMon = 0x1B,                         // 6.0 and higher
98
	ThreadCSwitchPmu = 0x1C,                         // 6.1 and higher
99
	ThreadWow64Context = 0x1D,                       // 6.1 and higher
100
	ThreadGroupInformation = 0x1E,                   // 6.1 and higher
101
	ThreadUmsInformation = 0x1F,                     // 6.1 and higher
102
	ThreadCounterProfiling = 0x20,                   // 6.1 and higher
103
	ThreadIdealProcessorEx = 0x21,                   // 6.1 and higher
104
	ThreadCpuAccountingInformation = 0x22,           // 6.2 and higher
105
	ThreadSuspendCount = 0x23,                       // 6.3 and higher
106
	ThreadHeterogeneousCpuPolicy = 0x24,             // 10.0 and higher
107
	ThreadContainerId = 0x25,                        // 10.0 and higher
108
	ThreadNameInformation = 0x26,                    // 10.0 and higher
109
	ThreadSelectedCpuSets = 0x27,                    // 10.0 and higher
110
	ThreadSystemThreadInformation = 0x28,            // 10.0 and higher
111
	ThreadActualGroupAffinity = 0x29                 // 10.0 and higher
112
} THREADINFOCLASS;
113

114
typedef NTSTATUS(__stdcall* fNtQuerySystemInformation)(
115
	SYSTEM_INFORMATION_CLASS SystemInformationClass,
116
	PVOID                    SystemInformation,
117
	ULONG                    SystemInformationLength,
118
	PULONG                   ReturnLength
119
	);
120

121
typedef NTSTATUS(__stdcall* fNtCallbackReturn)(
122
	PVOID    Result,
123
	ULONG    ResultLength,
124
	NTSTATUS CallbackStateus
125
	);
126

127
typedef NTSTATUS(__stdcall* fNtUserConsoleControl)(
128
	DWORD ConsoleCtrl,
129
	PVOID ConsoleCtrlInfo,
130
	ULONG ConsoleCtrlInfoLength
131
	);
132

133
typedef NTSTATUS(__stdcall* fNtUserMessageCall)(
134
	HWND hWnd,
135
	UINT msg,
136
	WPARAM wParam,
137
	LPARAM lParam,
138
	ULONG_PTR ResultInfo,
139
	DWORD dwType,
140
	BOOL bAscii
141
	);
142

143
typedef PVOID(__stdcall* fRtlAllocateHeap)(
144
	PVOID HeapHandle,
145
	ULONG Flags,
146
	SIZE_T Size
147
	);
148

149
typedef VOID(__stdcall* fRtlGetNtVersionNumbers)(
150
	DWORD* MajorVersion,
151
	DWORD* MinorVersion,
152
	DWORD* BuildNumber
153
	);
154

155
#define TYPE_WINDOW 1
156
typedef PVOID(__stdcall* fHMValidateHandle)(HANDLE hHandle, DWORD dwType);
157

158
//
159
// Taken from ntdef.h
160
//
161

162
// Unicode strings are counted 16-bit character strings. If they are
163
// NULL terminated, Length does not include trailing NULL.
164
typedef struct _UNICODE_STRING {
165
	USHORT Length;
166
	USHORT MaximumLength;
167
#ifdef MIDL_PASS
168
	[size_is(MaximumLength / 2), length_is((Length) / 2)] USHORT* Buffer;
169
#else // MIDL_PASS
170
	_Field_size_bytes_part_opt_(MaximumLength, Length) PWCH   Buffer;
171
#endif // MIDL_PASS
172
} UNICODE_STRING, *PUNICODE_STRING;
173

174
typedef struct _OBJECT_ATTRIBUTES {
175
	ULONG Length;
176
	HANDLE RootDirectory;
177
	PUNICODE_STRING ObjectName;
178
	ULONG Attributes;
179
	PVOID SecurityDescriptor;        // Points to type SECURITY_DESCRIPTOR
180
	PVOID SecurityQualityOfService;  // Points to type SECURITY_QUALITY_OF_SERVICE
181
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
182

183
//
184
// Taken from wdm.h
185
//
186
typedef struct _IO_STATUS_BLOCK {
187
	union {
188
		NTSTATUS Status;
189
		PVOID    Pointer;
190
	};
191
	ULONG_PTR Information;
192
} IO_STATUS_BLOCK, * PIO_STATUS_BLOCK;
193

194
typedef NTSTATUS(__stdcall* fNtCreateFile)(
195
	PHANDLE FileHandle,
196
	ACCESS_MASK DesiredAccess,
197
	POBJECT_ATTRIBUTES ObjectAttributes,
198
	PIO_STATUS_BLOCK IoStatusBlock,
199
	PLARGE_INTEGER AllocationSize,
200
	ULONG FileAttributes,
201
	ULONG ShareAccess,
202
	ULONG CreateDisposition,
203
	ULONG CreateOptions,
204
	PVOID EaBuffer,
205
	ULONG EaLength
206
	);
207

208
typedef NTSTATUS(__stdcall* fNtDeviceIoControlFile)(
209
	HANDLE FileHandle,
210
	HANDLE Event,
211
	PVOID ApcRoutine, // PIO_APC_ROUTINE is just a pointer to a function
212
	PVOID ApcContext,
213
	PIO_STATUS_BLOCK IoStatusBlock,
214
	ULONG IoControlCode,
215
	PVOID InputBuffer,
216
	ULONG InputBufferLength,
217
	PVOID OutputBuffer,
218
	ULONG OutputBufferLength
219
	);
220

221
typedef NTSTATUS(__stdcall* fNtCreateIoCompletion)(
222
	PHANDLE IoCompletionHandle,
223
	ACCESS_MASK DesiredAccess,
224
	POBJECT_ATTRIBUTES ObjectAttributes,
225
	ULONG NumberOfConcurrentThreads
226
	);
227

228
typedef NTSTATUS(__stdcall* fNtSetIoCompletion)(
229
	HANDLE IoCompletionHandle,
230
	ULONG CompletionKey,
231
	PIO_STATUS_BLOCK IoStatusBlock,
232
	NTSTATUS CompletionStatus,
233
	ULONG NumberOfBytesTransferred
234
	);
235

236