1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 // This file holds definitions related to the ntdll API.
6 
7 #ifndef SANDBOX_WIN_SRC_NT_INTERNALS_H__
8 #define SANDBOX_WIN_SRC_NT_INTERNALS_H__
9 
10 #include <windows.h>
11 #include <stddef.h>
12 
13 typedef LONG NTSTATUS;
14 #define NT_SUCCESS(st) (st >= 0)
15 
16 #define STATUS_SUCCESS                ((NTSTATUS)0x00000000L)
17 #define STATUS_BUFFER_OVERFLOW        ((NTSTATUS)0x80000005L)
18 #define STATUS_UNSUCCESSFUL           ((NTSTATUS)0xC0000001L)
19 #define STATUS_NOT_IMPLEMENTED        ((NTSTATUS)0xC0000002L)
20 #define STATUS_INFO_LENGTH_MISMATCH   ((NTSTATUS)0xC0000004L)
21 #ifndef STATUS_INVALID_PARAMETER
22 // It is now defined in Windows 2008 SDK.
23 #define STATUS_INVALID_PARAMETER      ((NTSTATUS)0xC000000DL)
24 #endif
25 #define STATUS_CONFLICTING_ADDRESSES  ((NTSTATUS)0xC0000018L)
26 #define STATUS_ACCESS_DENIED          ((NTSTATUS)0xC0000022L)
27 #define STATUS_BUFFER_TOO_SMALL       ((NTSTATUS)0xC0000023L)
28 #define STATUS_OBJECT_NAME_NOT_FOUND  ((NTSTATUS)0xC0000034L)
29 #define STATUS_OBJECT_NAME_COLLISION  ((NTSTATUS)0xC0000035L)
30 #define STATUS_PROCEDURE_NOT_FOUND    ((NTSTATUS)0xC000007AL)
31 #define STATUS_INVALID_IMAGE_FORMAT   ((NTSTATUS)0xC000007BL)
32 #define STATUS_NO_TOKEN               ((NTSTATUS)0xC000007CL)
33 
34 #define CURRENT_PROCESS ((HANDLE) -1)
35 #define CURRENT_THREAD  ((HANDLE) -2)
36 #define NtCurrentProcess CURRENT_PROCESS
37 
38 typedef struct _UNICODE_STRING {
39   USHORT Length;
40   USHORT MaximumLength;
41   PWSTR  Buffer;
42 } UNICODE_STRING;
43 typedef UNICODE_STRING *PUNICODE_STRING;
44 typedef const UNICODE_STRING *PCUNICODE_STRING;
45 
46 typedef struct _STRING {
47   USHORT Length;
48   USHORT MaximumLength;
49   PCHAR Buffer;
50 } STRING;
51 typedef STRING *PSTRING;
52 
53 typedef STRING ANSI_STRING;
54 typedef PSTRING PANSI_STRING;
55 typedef CONST PSTRING PCANSI_STRING;
56 
57 typedef STRING OEM_STRING;
58 typedef PSTRING POEM_STRING;
59 typedef CONST STRING* PCOEM_STRING;
60 
61 #define OBJ_CASE_INSENSITIVE 0x00000040L
62 #define OBJ_OPENIF           0x00000080L
63 
64 typedef struct _OBJECT_ATTRIBUTES {
65   ULONG Length;
66   HANDLE RootDirectory;
67   PUNICODE_STRING ObjectName;
68   ULONG Attributes;
69   PVOID SecurityDescriptor;
70   PVOID SecurityQualityOfService;
71 } OBJECT_ATTRIBUTES;
72 typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
73 
74 #define InitializeObjectAttributes(p, n, a, r, s) { \
75   (p)->Length = sizeof(OBJECT_ATTRIBUTES);\
76   (p)->RootDirectory = r;\
77   (p)->Attributes = a;\
78   (p)->ObjectName = n;\
79   (p)->SecurityDescriptor = s;\
80   (p)->SecurityQualityOfService = NULL;\
81 }
82 
83 typedef struct _IO_STATUS_BLOCK {
84   union {
85     NTSTATUS Status;
86     PVOID Pointer;
87   };
88   ULONG_PTR Information;
89 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
90 
91 // -----------------------------------------------------------------------
92 // File IO
93 
94 // Create disposition values.
95 
96 #define FILE_SUPERSEDE                          0x00000000
97 #define FILE_OPEN                               0x00000001
98 #define FILE_CREATE                             0x00000002
99 #define FILE_OPEN_IF                            0x00000003
100 #define FILE_OVERWRITE                          0x00000004
101 #define FILE_OVERWRITE_IF                       0x00000005
102 #define FILE_MAXIMUM_DISPOSITION                0x00000005
103 
104 // Create/open option flags.
105 
106 #define FILE_DIRECTORY_FILE                     0x00000001
107 #define FILE_WRITE_THROUGH                      0x00000002
108 #define FILE_SEQUENTIAL_ONLY                    0x00000004
109 #define FILE_NO_INTERMEDIATE_BUFFERING          0x00000008
110 
111 #define FILE_SYNCHRONOUS_IO_ALERT               0x00000010
112 #define FILE_SYNCHRONOUS_IO_NONALERT            0x00000020
113 #define FILE_NON_DIRECTORY_FILE                 0x00000040
114 #define FILE_CREATE_TREE_CONNECTION             0x00000080
115 
116 #define FILE_COMPLETE_IF_OPLOCKED               0x00000100
117 #define FILE_NO_EA_KNOWLEDGE                    0x00000200
118 #define FILE_OPEN_REMOTE_INSTANCE               0x00000400
119 #define FILE_RANDOM_ACCESS                      0x00000800
120 
121 #define FILE_DELETE_ON_CLOSE                    0x00001000
122 #define FILE_OPEN_BY_FILE_ID                    0x00002000
123 #define FILE_OPEN_FOR_BACKUP_INTENT             0x00004000
124 #define FILE_NO_COMPRESSION                     0x00008000
125 
126 #define FILE_RESERVE_OPFILTER                   0x00100000
127 #define FILE_OPEN_REPARSE_POINT                 0x00200000
128 #define FILE_OPEN_NO_RECALL                     0x00400000
129 #define FILE_OPEN_FOR_FREE_SPACE_QUERY          0x00800000
130 
131 // Create/open result values. These are the disposition values returned on the
132 // io status information.
133 #define FILE_SUPERSEDED                         0x00000000
134 #define FILE_OPENED                             0x00000001
135 #define FILE_CREATED                            0x00000002
136 #define FILE_OVERWRITTEN                        0x00000003
137 #define FILE_EXISTS                             0x00000004
138 #define FILE_DOES_NOT_EXIST                     0x00000005
139 
140 typedef NTSTATUS (WINAPI *NtCreateFileFunction)(
141   OUT PHANDLE FileHandle,
142   IN ACCESS_MASK DesiredAccess,
143   IN POBJECT_ATTRIBUTES ObjectAttributes,
144   OUT PIO_STATUS_BLOCK IoStatusBlock,
145   IN PLARGE_INTEGER AllocationSize OPTIONAL,
146   IN ULONG FileAttributes,
147   IN ULONG ShareAccess,
148   IN ULONG CreateDisposition,
149   IN ULONG CreateOptions,
150   IN PVOID EaBuffer OPTIONAL,
151   IN ULONG EaLength);
152 
153 typedef NTSTATUS (WINAPI *NtOpenFileFunction)(
154   OUT PHANDLE FileHandle,
155   IN ACCESS_MASK DesiredAccess,
156   IN POBJECT_ATTRIBUTES ObjectAttributes,
157   OUT PIO_STATUS_BLOCK IoStatusBlock,
158   IN ULONG ShareAccess,
159   IN ULONG OpenOptions);
160 
161 typedef NTSTATUS (WINAPI *NtCloseFunction)(
162   IN HANDLE Handle);
163 
164 typedef enum _FILE_INFORMATION_CLASS {
165   FileRenameInformation = 10
166 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
167 
168 typedef struct _FILE_RENAME_INFORMATION {
169   BOOLEAN ReplaceIfExists;
170   HANDLE RootDirectory;
171   ULONG FileNameLength;
172   WCHAR FileName[1];
173 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
174 
175 typedef NTSTATUS (WINAPI *NtSetInformationFileFunction)(
176   IN HANDLE FileHandle,
177   OUT PIO_STATUS_BLOCK IoStatusBlock,
178   IN PVOID FileInformation,
179   IN ULONG Length,
180   IN FILE_INFORMATION_CLASS FileInformationClass);
181 
182 typedef struct FILE_BASIC_INFORMATION {
183   LARGE_INTEGER CreationTime;
184   LARGE_INTEGER LastAccessTime;
185   LARGE_INTEGER LastWriteTime;
186   LARGE_INTEGER ChangeTime;
187   ULONG FileAttributes;
188 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
189 
190 typedef NTSTATUS (WINAPI *NtQueryAttributesFileFunction)(
191   IN POBJECT_ATTRIBUTES ObjectAttributes,
192   OUT PFILE_BASIC_INFORMATION FileAttributes);
193 
194 typedef struct _FILE_NETWORK_OPEN_INFORMATION {
195   LARGE_INTEGER CreationTime;
196   LARGE_INTEGER LastAccessTime;
197   LARGE_INTEGER LastWriteTime;
198   LARGE_INTEGER ChangeTime;
199   LARGE_INTEGER AllocationSize;
200   LARGE_INTEGER EndOfFile;
201   ULONG FileAttributes;
202 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
203 
204 typedef NTSTATUS (WINAPI *NtQueryFullAttributesFileFunction)(
205   IN POBJECT_ATTRIBUTES ObjectAttributes,
206   OUT PFILE_NETWORK_OPEN_INFORMATION FileAttributes);
207 
208 // -----------------------------------------------------------------------
209 // Sections
210 
211 typedef NTSTATUS (WINAPI *NtCreateSectionFunction)(
212   OUT PHANDLE SectionHandle,
213   IN ACCESS_MASK DesiredAccess,
214   IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
215   IN PLARGE_INTEGER MaximumSize OPTIONAL,
216   IN ULONG SectionPageProtection,
217   IN ULONG AllocationAttributes,
218   IN HANDLE FileHandle OPTIONAL);
219 
220 typedef ULONG SECTION_INHERIT;
221 #define ViewShare 1
222 #define ViewUnmap 2
223 
224 typedef NTSTATUS (WINAPI *NtMapViewOfSectionFunction)(
225   IN HANDLE SectionHandle,
226   IN HANDLE ProcessHandle,
227   IN OUT PVOID *BaseAddress,
228   IN ULONG_PTR ZeroBits,
229   IN SIZE_T CommitSize,
230   IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
231   IN OUT PSIZE_T ViewSize,
232   IN SECTION_INHERIT InheritDisposition,
233   IN ULONG AllocationType,
234   IN ULONG Win32Protect);
235 
236 typedef NTSTATUS (WINAPI *NtUnmapViewOfSectionFunction)(
237   IN HANDLE ProcessHandle,
238   IN PVOID BaseAddress);
239 
240 typedef enum _SECTION_INFORMATION_CLASS {
241   SectionBasicInformation = 0,
242   SectionImageInformation
243 } SECTION_INFORMATION_CLASS;
244 
245 typedef struct _SECTION_BASIC_INFORMATION {
246   PVOID BaseAddress;
247   ULONG Attributes;
248   LARGE_INTEGER Size;
249 } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
250 
251 typedef NTSTATUS (WINAPI *NtQuerySectionFunction)(
252   IN HANDLE SectionHandle,
253   IN SECTION_INFORMATION_CLASS SectionInformationClass,
254   OUT PVOID SectionInformation,
255   IN SIZE_T SectionInformationLength,
256   OUT PSIZE_T ReturnLength OPTIONAL);
257 
258 // -----------------------------------------------------------------------
259 // Process and Thread
260 
261 typedef struct _CLIENT_ID {
262   PVOID UniqueProcess;
263   PVOID UniqueThread;
264 } CLIENT_ID, *PCLIENT_ID;
265 
266 typedef NTSTATUS (WINAPI *NtOpenThreadFunction) (
267   OUT PHANDLE ThreadHandle,
268   IN ACCESS_MASK DesiredAccess,
269   IN POBJECT_ATTRIBUTES ObjectAttributes,
270   IN PCLIENT_ID ClientId);
271 
272 typedef NTSTATUS (WINAPI *NtOpenProcessFunction) (
273   OUT PHANDLE ProcessHandle,
274   IN ACCESS_MASK DesiredAccess,
275   IN POBJECT_ATTRIBUTES ObjectAttributes,
276   IN PCLIENT_ID ClientId);
277 
278 typedef enum _NT_THREAD_INFORMATION_CLASS {
279   ThreadBasicInformation,
280   ThreadTimes,
281   ThreadPriority,
282   ThreadBasePriority,
283   ThreadAffinityMask,
284   ThreadImpersonationToken,
285   ThreadDescriptorTableEntry,
286   ThreadEnableAlignmentFaultFixup,
287   ThreadEventPair,
288   ThreadQuerySetWin32StartAddress,
289   ThreadZeroTlsCell,
290   ThreadPerformanceCount,
291   ThreadAmILastThread,
292   ThreadIdealProcessor,
293   ThreadPriorityBoost,
294   ThreadSetTlsArrayAddress,
295   ThreadIsIoPending,
296   ThreadHideFromDebugger
297 } NT_THREAD_INFORMATION_CLASS, *PNT_THREAD_INFORMATION_CLASS;
298 
299 typedef NTSTATUS (WINAPI *NtSetInformationThreadFunction) (
300   IN HANDLE ThreadHandle,
301   IN NT_THREAD_INFORMATION_CLASS ThreadInformationClass,
302   IN PVOID ThreadInformation,
303   IN ULONG ThreadInformationLength);
304 
305 // Partial definition only:
306 typedef enum _PROCESSINFOCLASS {
307   ProcessBasicInformation = 0,
308   ProcessExecuteFlags = 0x22
309 } PROCESSINFOCLASS;
310 
311 typedef PVOID PPEB;
312 typedef LONG KPRIORITY;
313 
314 typedef struct _PROCESS_BASIC_INFORMATION {
315   union {
316     NTSTATUS ExitStatus;
317     PVOID padding_for_x64_0;
318   };
319   PPEB PebBaseAddress;
320   KAFFINITY AffinityMask;
321   union {
322     KPRIORITY BasePriority;
323     PVOID padding_for_x64_1;
324   };
325   union {
326     DWORD UniqueProcessId;
327     PVOID padding_for_x64_2;
328   };
329   union {
330     DWORD InheritedFromUniqueProcessId;
331     PVOID padding_for_x64_3;
332   };
333 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
334 
335 typedef NTSTATUS (WINAPI *NtQueryInformationProcessFunction)(
336   IN HANDLE ProcessHandle,
337   IN PROCESSINFOCLASS ProcessInformationClass,
338   OUT PVOID ProcessInformation,
339   IN ULONG ProcessInformationLength,
340   OUT PULONG ReturnLength OPTIONAL);
341 
342 typedef NTSTATUS (WINAPI *NtSetInformationProcessFunction)(
343   HANDLE ProcessHandle,
344   IN PROCESSINFOCLASS ProcessInformationClass,
345   IN PVOID ProcessInformation,
346   IN ULONG ProcessInformationLength);
347 
348 typedef NTSTATUS (WINAPI *NtOpenThreadTokenFunction) (
349   IN HANDLE ThreadHandle,
350   IN ACCESS_MASK DesiredAccess,
351   IN BOOLEAN OpenAsSelf,
352   OUT PHANDLE TokenHandle);
353 
354 typedef NTSTATUS (WINAPI *NtOpenThreadTokenExFunction) (
355   IN HANDLE ThreadHandle,
356   IN ACCESS_MASK DesiredAccess,
357   IN BOOLEAN OpenAsSelf,
358   IN ULONG HandleAttributes,
359   OUT PHANDLE TokenHandle);
360 
361 typedef NTSTATUS (WINAPI *NtOpenProcessTokenFunction) (
362   IN HANDLE ProcessHandle,
363   IN ACCESS_MASK DesiredAccess,
364   OUT PHANDLE TokenHandle);
365 
366 typedef NTSTATUS (WINAPI *NtOpenProcessTokenExFunction) (
367   IN HANDLE ProcessHandle,
368   IN ACCESS_MASK DesiredAccess,
369   IN ULONG HandleAttributes,
370   OUT PHANDLE TokenHandle);
371 
372 typedef NTSTATUS (WINAPI * RtlCreateUserThreadFunction)(
373   IN HANDLE Process,
374   IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
375   IN BOOLEAN CreateSuspended,
376   IN ULONG ZeroBits,
377   IN SIZE_T MaximumStackSize,
378   IN SIZE_T CommittedStackSize,
379   IN LPTHREAD_START_ROUTINE StartAddress,
380   IN PVOID Parameter,
381   OUT PHANDLE Thread,
382   OUT PCLIENT_ID ClientId);
383 
384 // -----------------------------------------------------------------------
385 // Registry
386 
387 typedef NTSTATUS (WINAPI *NtCreateKeyFunction)(
388   OUT PHANDLE KeyHandle,
389   IN ACCESS_MASK DesiredAccess,
390   IN POBJECT_ATTRIBUTES ObjectAttributes,
391   IN ULONG TitleIndex,
392   IN PUNICODE_STRING Class OPTIONAL,
393   IN ULONG CreateOptions,
394   OUT PULONG Disposition OPTIONAL);
395 
396 typedef NTSTATUS (WINAPI *NtOpenKeyFunction)(
397   OUT PHANDLE KeyHandle,
398   IN ACCESS_MASK DesiredAccess,
399   IN POBJECT_ATTRIBUTES ObjectAttributes);
400 
401 typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)(
402   OUT PHANDLE KeyHandle,
403   IN ACCESS_MASK DesiredAccess,
404   IN POBJECT_ATTRIBUTES ObjectAttributes,
405   IN DWORD open_options);
406 
407 typedef NTSTATUS (WINAPI *NtDeleteKeyFunction)(
408   IN HANDLE KeyHandle);
409 
410 // -----------------------------------------------------------------------
411 // Memory
412 
413 // Don't really need this structure right now.
414 typedef PVOID PRTL_HEAP_PARAMETERS;
415 
416 typedef PVOID (WINAPI *RtlCreateHeapFunction)(
417   IN ULONG Flags,
418   IN PVOID HeapBase OPTIONAL,
419   IN SIZE_T ReserveSize OPTIONAL,
420   IN SIZE_T CommitSize OPTIONAL,
421   IN PVOID Lock OPTIONAL,
422   IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL);
423 
424 typedef PVOID (WINAPI *RtlDestroyHeapFunction)(
425   IN PVOID HeapHandle);
426 
427 typedef PVOID (WINAPI *RtlAllocateHeapFunction)(
428   IN PVOID HeapHandle,
429   IN ULONG Flags,
430   IN SIZE_T Size);
431 
432 typedef BOOLEAN (WINAPI *RtlFreeHeapFunction)(
433   IN PVOID HeapHandle,
434   IN ULONG Flags,
435   IN PVOID HeapBase);
436 
437 typedef NTSTATUS (WINAPI *NtAllocateVirtualMemoryFunction) (
438   IN HANDLE ProcessHandle,
439   IN OUT PVOID *BaseAddress,
440   IN ULONG_PTR ZeroBits,
441   IN OUT PSIZE_T RegionSize,
442   IN ULONG AllocationType,
443   IN ULONG Protect);
444 
445 typedef NTSTATUS (WINAPI *NtFreeVirtualMemoryFunction) (
446   IN HANDLE ProcessHandle,
447   IN OUT PVOID *BaseAddress,
448   IN OUT PSIZE_T RegionSize,
449   IN ULONG FreeType);
450 
451 typedef enum _MEMORY_INFORMATION_CLASS {
452   MemoryBasicInformation = 0,
453   MemoryWorkingSetList,
454   MemorySectionName,
455   MemoryBasicVlmInformation
456 } MEMORY_INFORMATION_CLASS;
457 
458 typedef struct _MEMORY_SECTION_NAME {  // Information Class 2
459   UNICODE_STRING SectionFileName;
460 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
461 
462 typedef NTSTATUS (WINAPI *NtQueryVirtualMemoryFunction)(
463   IN HANDLE ProcessHandle,
464   IN PVOID BaseAddress,
465   IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
466   OUT PVOID MemoryInformation,
467   IN SIZE_T MemoryInformationLength,
468   OUT PSIZE_T ReturnLength OPTIONAL);
469 
470 typedef NTSTATUS (WINAPI *NtProtectVirtualMemoryFunction)(
471   IN HANDLE ProcessHandle,
472   IN OUT PVOID* BaseAddress,
473   IN OUT PSIZE_T ProtectSize,
474   IN ULONG NewProtect,
475   OUT PULONG OldProtect);
476 
477 // -----------------------------------------------------------------------
478 // Objects
479 
480 typedef enum _OBJECT_INFORMATION_CLASS {
481   ObjectBasicInformation,
482   ObjectNameInformation,
483   ObjectTypeInformation,
484   ObjectAllInformation,
485   ObjectDataInformation
486 } OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
487 
488 typedef struct _OBJDIR_INFORMATION {
489   UNICODE_STRING ObjectName;
490   UNICODE_STRING ObjectTypeName;
491   BYTE Data[1];
492 } OBJDIR_INFORMATION;
493 
494 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
495   ULONG Attributes;
496   ACCESS_MASK GrantedAccess;
497   ULONG HandleCount;
498   ULONG PointerCount;
499   ULONG Reserved[10];    // reserved for internal use
500 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
501 
502 typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION {
503   UNICODE_STRING TypeName;
504   ULONG Reserved[22];    // reserved for internal use
505 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
506 
507 typedef enum _POOL_TYPE {
508   NonPagedPool,
509   PagedPool,
510   NonPagedPoolMustSucceed,
511   ReservedType,
512   NonPagedPoolCacheAligned,
513   PagedPoolCacheAligned,
514   NonPagedPoolCacheAlignedMustS
515 } POOL_TYPE;
516 
517 typedef struct _OBJECT_BASIC_INFORMATION {
518   ULONG Attributes;
519   ACCESS_MASK GrantedAccess;
520   ULONG HandleCount;
521   ULONG PointerCount;
522   ULONG PagedPoolUsage;
523   ULONG NonPagedPoolUsage;
524   ULONG Reserved[3];
525   ULONG NameInformationLength;
526   ULONG TypeInformationLength;
527   ULONG SecurityDescriptorLength;
528   LARGE_INTEGER CreateTime;
529 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
530 
531 typedef struct _OBJECT_TYPE_INFORMATION {
532   UNICODE_STRING Name;
533   ULONG TotalNumberOfObjects;
534   ULONG TotalNumberOfHandles;
535   ULONG TotalPagedPoolUsage;
536   ULONG TotalNonPagedPoolUsage;
537   ULONG TotalNamePoolUsage;
538   ULONG TotalHandleTableUsage;
539   ULONG HighWaterNumberOfObjects;
540   ULONG HighWaterNumberOfHandles;
541   ULONG HighWaterPagedPoolUsage;
542   ULONG HighWaterNonPagedPoolUsage;
543   ULONG HighWaterNamePoolUsage;
544   ULONG HighWaterHandleTableUsage;
545   ULONG InvalidAttributes;
546   GENERIC_MAPPING GenericMapping;
547   ULONG ValidAccess;
548   BOOLEAN SecurityRequired;
549   BOOLEAN MaintainHandleCount;
550   USHORT MaintainTypeList;
551   POOL_TYPE PoolType;
552   ULONG PagedPoolUsage;
553   ULONG NonPagedPoolUsage;
554 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
555 
556 typedef enum _SYSTEM_INFORMATION_CLASS {
557   SystemHandleInformation = 16
558 } SYSTEM_INFORMATION_CLASS;
559 
560 typedef struct _SYSTEM_HANDLE_INFORMATION {
561   USHORT ProcessId;
562   USHORT CreatorBackTraceIndex;
563   UCHAR ObjectTypeNumber;
564   UCHAR Flags;
565   USHORT Handle;
566   PVOID Object;
567   ACCESS_MASK GrantedAccess;
568 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
569 
570 typedef struct _SYSTEM_HANDLE_INFORMATION_EX {
571   ULONG NumberOfHandles;
572   SYSTEM_HANDLE_INFORMATION Information[1];
573 } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;
574 
575 typedef struct _OBJECT_NAME_INFORMATION {
576   UNICODE_STRING ObjectName;
577 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
578 
579 typedef NTSTATUS (WINAPI *NtQueryObjectFunction)(
580   IN HANDLE Handle,
581   IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
582   OUT PVOID ObjectInformation OPTIONAL,
583   IN ULONG ObjectInformationLength,
584   OUT PULONG ReturnLength OPTIONAL);
585 
586 typedef NTSTATUS (WINAPI *NtDuplicateObjectFunction)(
587   IN HANDLE SourceProcess,
588   IN HANDLE SourceHandle,
589   IN HANDLE TargetProcess,
590   OUT PHANDLE TargetHandle,
591   IN ACCESS_MASK DesiredAccess,
592   IN ULONG Attributes,
593   IN ULONG Options);
594 
595 typedef NTSTATUS (WINAPI *NtSignalAndWaitForSingleObjectFunction)(
596   IN HANDLE HandleToSignal,
597   IN HANDLE HandleToWait,
598   IN BOOLEAN Alertable,
599   IN PLARGE_INTEGER Timeout OPTIONAL);
600 
601 typedef NTSTATUS (WINAPI *NtQuerySystemInformation)(
602   IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
603   OUT PVOID SystemInformation,
604   IN ULONG SystemInformationLength,
605   OUT PULONG ReturnLength);
606 
607 typedef NTSTATUS (WINAPI *NtQueryObject)(
608   IN HANDLE Handle,
609   IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
610   OUT PVOID ObjectInformation,
611   IN ULONG ObjectInformationLength,
612   OUT PULONG ReturnLength);
613 
614 // -----------------------------------------------------------------------
615 // Strings
616 
617 typedef int (__cdecl *_strnicmpFunction)(
618   IN const char* _Str1,
619   IN const char* _Str2,
620   IN size_t _MaxCount);
621 
622 typedef size_t  (__cdecl *strlenFunction)(
623   IN const char * _Str);
624 
625 typedef size_t (__cdecl *wcslenFunction)(
626   IN const wchar_t* _Str);
627 
628 typedef void* (__cdecl *memcpyFunction)(
629   IN void* dest,
630   IN const void* src,
631   IN size_t count);
632 
633 typedef NTSTATUS (WINAPI *RtlAnsiStringToUnicodeStringFunction)(
634   IN OUT PUNICODE_STRING  DestinationString,
635   IN PANSI_STRING  SourceString,
636   IN BOOLEAN  AllocateDestinationString);
637 
638 typedef LONG (WINAPI *RtlCompareUnicodeStringFunction)(
639   IN PCUNICODE_STRING  String1,
640   IN PCUNICODE_STRING  String2,
641   IN BOOLEAN  CaseInSensitive);
642 
643 typedef VOID (WINAPI *RtlInitUnicodeStringFunction) (
644   IN OUT PUNICODE_STRING DestinationString,
645   IN PCWSTR SourceString);
646 
647 typedef enum _EVENT_TYPE {
648   NotificationEvent,
649   SynchronizationEvent
650 } EVENT_TYPE, *PEVENT_TYPE;
651 
652 typedef NTSTATUS (WINAPI* NtCreateDirectoryObjectFunction) (
653     PHANDLE DirectoryHandle,
654     ACCESS_MASK DesiredAccess,
655     POBJECT_ATTRIBUTES ObjectAttributes);
656 
657 typedef NTSTATUS (WINAPI* NtOpenDirectoryObjectFunction) (
658     PHANDLE DirectoryHandle,
659     ACCESS_MASK DesiredAccess,
660     POBJECT_ATTRIBUTES ObjectAttributes);
661 
662 typedef NTSTATUS (WINAPI* NtQuerySymbolicLinkObjectFunction) (
663     HANDLE LinkHandle,
664     PUNICODE_STRING LinkTarget,
665     PULONG ReturnedLength);
666 
667 typedef NTSTATUS (WINAPI* NtOpenSymbolicLinkObjectFunction) (
668     PHANDLE LinkHandle,
669     ACCESS_MASK DesiredAccess,
670     POBJECT_ATTRIBUTES ObjectAttributes);
671 
672 #define DIRECTORY_QUERY               0x0001
673 #define DIRECTORY_TRAVERSE            0x0002
674 #define DIRECTORY_CREATE_OBJECT       0x0004
675 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
676 #define DIRECTORY_ALL_ACCESS          0x000F
677 
678 typedef NTSTATUS (WINAPI* NtCreateLowBoxToken)(
679     OUT PHANDLE token,
680     IN HANDLE original_handle,
681     IN ACCESS_MASK access,
682     IN POBJECT_ATTRIBUTES object_attribute,
683     IN PSID appcontainer_sid,
684     IN DWORD capabilityCount,
685     IN PSID_AND_ATTRIBUTES capabilities,
686     IN DWORD handle_count,
687     IN PHANDLE handles);
688 
689 typedef NTSTATUS(WINAPI *NtSetInformationProcess)(
690     IN HANDLE process_handle,
691     IN ULONG info_class,
692     IN PVOID process_information,
693     IN ULONG information_length);
694 
695 struct PROCESS_ACCESS_TOKEN {
696   HANDLE token;
697   HANDLE thread;
698 };
699 
700 const unsigned int NtProcessInformationAccessToken = 9;
701 
702 #endif  // SANDBOX_WIN_SRC_NT_INTERNALS_H__
703 
704