18 #define MAX_ENVVAL_SIZE 1024
38 ModuleInfo->MappedBase =
NULL;
39 ModuleInfo->ImageBase = LdrEntry->DllBase;
40 ModuleInfo->ImageSize = LdrEntry->SizeOfImage;
41 ModuleInfo->Flags = LdrEntry->Flags;
42 ModuleInfo->LoadCount = LdrEntry->LoadCount;
43 ModuleInfo->LoadOrderIndex = (
USHORT)ModuleCount;
44 ModuleInfo->InitOrderIndex = 0;
47 RtlInitEmptyAnsiString(&ModuleName,
48 ModuleInfo->FullPathName,
49 sizeof(ModuleInfo->FullPathName));
53 &LdrEntry->FullDllName,
59 while ((p > ModuleName.
Buffer) && (*--p))
71 ModuleInfo->OffsetToFileName = (
USHORT)(p - ModuleName.
Buffer);
77 ModuleInfo->OffsetToFileName = 0;
95 ULONG ModuleCount = 0;
100 ModuleInfo = &Modules->Modules[0];
103 NextEntry = KernelModeList->
Flink;
104 while (NextEntry != KernelModeList)
113 if (Length >= RequiredLength)
130 NextEntry = NextEntry->
Flink;
136 NextEntry = UserModeList->
Flink;
137 while (NextEntry != UserModeList)
146 if (Length >= RequiredLength)
163 NextEntry = NextEntry->
Flink;
174 Modules->NumberOfModules = ModuleCount;
201 PVOID *MappedSystemVa,
207 *MappedSystemVa =
NULL;
231 if (*MappedSystemVa ==
NULL)
260 *CpuUsage = (
ULONG)(100 - (ScaledIdle / TotalTime));
347 DPRINT1(
"NtQuerySystemEnvironmentValue: Caller requires the SeSystemEnvironmentPrivilege privilege!\n");
362 if (AnsiValueBuffer ==
NULL)
384 RtlInitEmptyUnicodeString(&WValue, ValueBuffer, (
USHORT)ValueBufferLength);
465 DPRINT1(
"NtSetSystemEnvironmentValue: Caller requires the SeSystemEnvironmentPrivilege privilege!\n");
520 #define QSI_USE(n) QSI##n
522 static NTSTATUS QSI_USE(n) (PVOID Buffer, ULONG Size, PULONG ReqSize)
524 #define SSI_USE(n) SSI##n
526 static NTSTATUS SSI_USE(n) (PVOID Buffer, ULONG Size)
597 ULONG IdleUser, IdleKernel;
763 DPRINT1(
"NtQuerySystemInformation - SystemPathInformation not implemented\n");
777 USHORT ImageNameMaximumLength;
780 ULONG TotalSize = 0, ThreadsCount;
781 ULONG TotalUser, TotalKernel;
808 Process = SystemProcess;
824 DPRINT1(
"Process %p (%s:%p) is a zombie\n",
827 ImageNameMaximumLength = 0;
840 CurrentEntry = CurrentEntry->
Flink;
847 ProcessImageName = TempProcessImageName;
849 if (
NT_SUCCESS(Status) && (ProcessImageName->Length > 0))
851 szSrc = (
PWCHAR)((
PCHAR)ProcessImageName->Buffer + ProcessImageName->Length);
853 while (szSrc > ProcessImageName->Buffer)
863 ImageNameLength +=
sizeof(
WCHAR);
873 if (ImageNameLength > 0)
874 ImageNameMaximumLength =
ROUND_UP(ImageNameLength +
sizeof(
WCHAR), 8);
876 ImageNameMaximumLength = 0;
878 TotalSize += CurrentSize + ImageNameMaximumLength;
881 if (TotalSize >
Size)
950 CurrentEntry = CurrentEntry->
Flink;
959 if (ProcessImageName)
963 ProcessImageName =
NULL;
976 if ((Process == SystemProcess) || (Process ==
NULL))
983 Current += CurrentSize + ImageNameMaximumLength;
984 }
while ((Process != SystemProcess) && (Process !=
NULL));
994 if (ProcessImageName)
1007 *ReqSize = TotalSize;
1015 DPRINT1(
"NtQuerySystemInformation - SystemCallCountInformation not implemented\n");
1059 if (
Size < *ReqSize)
1086 #if (NTDDI_VERSION >= NTDDI_VISTA)
1096 #if (NTDDI_VERSION < NTDDI_VISTA)
1123 DPRINT1(
"NtQuerySystemInformation - SystemCallTimeInformation not implemented\n");
1153 DPRINT1(
"NtQuerySystemInformation - SystemLocksInformation not implemented\n");
1161 DPRINT1(
"NtQuerySystemInformation - SystemStackTraceInformation not implemented\n");
1169 DPRINT1(
"NtQuerySystemInformation - SystemPagedPoolInformation not implemented\n");
1177 DPRINT1(
"NtQuerySystemInformation - SystemNonPagedPoolInformation not implemented\n");
1195 DPRINT(
"NtQuerySystemInformation - SystemHandleInformation\n");
1201 if (
Size < *ReqSize)
1211 (
PVOID*)&HandleInformation,
1215 DPRINT1(
"Failed to lock the user buffer: 0x%lx\n", Status);
1229 for (NextTableEntry = HandleTableListHead.
Flink;
1230 NextTableEntry != &HandleTableListHead;
1231 NextTableEntry = NextTableEntry->
Flink)
1241 if ((HandleTableEntry->
Object) &&
1254 if (*ReqSize >
Size)
1315 DPRINT1(
"NtQuerySystemInformation - SystemObjectInformation not implemented\n");
1347 DPRINT1(
"NtQuerySystemInformation - SystemVdmInstemulInformation not implemented\n");
1355 DPRINT1(
"NtQuerySystemInformation - SystemVdmBopInformation not implemented\n");
1366 if (
Size < *ReqSize)
1396 DPRINT1(
"NtSetSystemInformation - SystemFileCacheInformation not implemented\n");
1441 DPRINT1(
"NtQuerySystemInformation - SystemDpcBehaviourInformation not implemented\n");
1448 DPRINT1(
"NtSetSystemInformation - SystemDpcBehaviourInformation not implemented\n");
1459 *ReqSize =
sizeof(
ULONG);
1466 DPRINT(
"SystemFullMemoryInformation\n");
1470 DPRINT(
"PID: %p, KernelTime: %u PFFree: %lu PFUsed: %lu\n",
1487 PVOID SectionPointer;
1620 DPRINT1(
"NtQuerySystemInformation - SystemSummaryMemoryInformation not implemented\n");
1628 DPRINT1(
"NtQuerySystemInformation - SystemNextEventIdInformation not implemented\n");
1636 DPRINT1(
"NtQuerySystemInformation - SystemPerformanceTraceInformation not implemented\n");
1644 DPRINT1(
"NtQuerySystemInformation - SystemCrashDumpInformation not implemented\n");
1654 ULONG AlignmentFixupCount = 0, ExceptionDispatchCount = 0;
1655 ULONG FloatingEmulationCount = 0, ByteWordEmulationCount = 0;
1671 FloatingEmulationCount += Prcb->KeFloatingEmulationCount;
1689 DPRINT1(
"NtQuerySystemInformation - SystemCrashDumpStateInformation not implemented\n");
1698 #if (NTDDI_VERSION >= NTDDI_VISTA)
1710 #if (NTDDI_VERSION < NTDDI_VISTA)
1722 ULONG ContextSwitches;
1731 ContextSwitches = 0;
1744 ContextSwitchInformation->
FindAny = 0;
1745 ContextSwitchInformation->
FindLast = 0;
1746 ContextSwitchInformation->
FindIdeal = 0;
1747 ContextSwitchInformation->
IdleAny = 0;
1749 ContextSwitchInformation->
IdleLast = 0;
1750 ContextSwitchInformation->
IdleIdeal = 0;
1770 DPRINT1(
"Faking max registry size of 32 MB\n");
1781 DPRINT1(
"NtSetSystemInformation - SystemRegistryQuotaInformation not implemented\n");
1838 sizeof(Win32kName));
1846 (
PVOID)&ModuleObject,
1871 Status = (DriverInit)(&Win32k,
NULL);
1904 DPRINT1(
"NtQuerySystemInformation - SystemVerifierAddDriverInformation not implemented\n");
1912 DPRINT1(
"NtQuerySystemInformation - SystemVerifierRemoveDriverInformation not implemented\n");
1927 DPRINT1(
"NtQuerySystemInformation - SystemPowerInformation not implemented\n");
1935 DPRINT1(
"NtQuerySystemInformation - SystemLegacyDriverInformation not implemented\n");
1984 Info = *InfoPointer;
1985 Remaining = *RemainingPointer;
1988 for (ListEntry = ListHead->
Flink;
1989 (ListEntry != ListHead) && (Remaining > 0);
1990 ListEntry = ListEntry->
Flink, Remaining--)
1998 Info->
TotalFrees = LookasideList->TotalFrees;
1999 Info->
Type = LookasideList->Type;
2000 Info->
Tag = LookasideList->Tag;
2001 Info->
Size = LookasideList->Size;
2008 Info->
FreeMisses = LookasideList->FreeMisses;
2014 - LookasideList->AllocateHits;
2016 - LookasideList->FreeHits;
2021 *InfoPointer =
Info;
2022 *RemainingPointer = Remaining;
2031 ULONG MaxCount, Remaining;
2046 DPRINT1(
"Failed to lock the user buffer: 0x%lx\n", Status);
2121 DPRINT1(
"NtSetSystemInformation - SystemTimeSlipNotification not implemented\n");
2185 DPRINT1(
"NtQuerySystemInformation - SystemSessionInformation not implemented\n");
2198 if (ReqSize) *ReqSize =
sizeof(
ULONG_PTR);
2207 DPRINT1(
"NtQuerySystemInformation - SystemVerifierInformation not implemented\n");
2215 DPRINT1(
"NtSetSystemInformation - SystemVerifierInformation not implemented\n");
2224 DPRINT1(
"NtSetSystemInformation - SystemVerifierThunkExtend not implemented\n");
2233 DPRINT1(
"NtQuerySystemInformation - SystemSessionProcessInformation not implemented\n");
2242 DPRINT1(
"NtSetSystemInformation - SystemLoadGdiDriverInSystemSpaceInformation not implemented\n");
2279 for (Node = 0; Node < MaxEntries; ++
Node)
2287 *ReqSize =
sizeof(
ULONG);
2298 DPRINT1(
"NtQuerySystemInformation - SystemPrefetcherInformation not implemented\n");
2307 DPRINT1(
"NtQuerySystemInformation - SystemExtendedProcessInformation not implemented\n");
2316 DPRINT1(
"NtQuerySystemInformation - SystemRecommendedSharedDataAlignment not implemented\n");
2353 if (MaxEntries == 1)
2360 for (Node = 0; Node < MaxEntries; ++
Node)
2369 *ReqSize =
sizeof(
ULONG);
2388 DPRINT(
"NtQuerySystemInformation - SystemExtendedHandleInformation\n");
2394 if (
Size < *ReqSize)
2404 (
PVOID*)&HandleInformation,
2408 DPRINT1(
"Failed to lock the user buffer: 0x%lx\n", Status);
2413 HandleInformation->
Count = 0;
2422 for (NextTableEntry = HandleTableListHead.
Flink;
2423 NextTableEntry != &HandleTableListHead;
2424 NextTableEntry = NextTableEntry->
Flink)
2434 if ((HandleTableEntry->
Object) &&
2438 ++HandleInformation->
Count;
2447 if (*ReqSize >
Size)
2462 HandleInformation->Handles[
Index].ObjectTypeIndex =
2519 #define SI_QS(n) {QSI_USE(n),SSI_USE(n)}
2520 #define SI_QX(n) {QSI_USE(n),NULL}
2521 #define SI_XS(n) {NULL,SSI_USE(n)}
2522 #define SI_XX(n) {NULL,NULL}
2568 SI_QX(SystemVerifierAddDriverInformation),
2569 SI_QX(SystemVerifierRemoveDriverInformation),
2570 SI_QX(SystemProcessorIdleInformation),
2571 SI_QX(SystemLegacyDriverInformation),
2580 SI_XS(SystemVerifierThunkExtend),
2596 #define MIN_SYSTEM_INFO_CLASS (SystemBasicInformation)
2597 #define MAX_SYSTEM_INFO_CLASS (sizeof(CallQS) / sizeof(CallQS[0]))
2622 #if (NTDDI_VERSION >= NTDDI_VISTA)
2639 if (UnsafeResultLength !=
NULL)
2643 if (UnsafeResultLength)
2644 *UnsafeResultLength = 0;
2646 #if (NTDDI_VERSION < NTDDI_VISTA)
2661 FStatus =
CallQS [SystemInformationClass].
Query(SystemInformation,
2666 if (UnsafeResultLength)
2684 IN ULONG SystemInformationLength)
2715 Status =
CallQS [SystemInformationClass].
Set(SystemInformation,
2716 SystemInformationLength);
2737 #undef ExGetPreviousMode
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
#define ProbeForWriteUlong(Ptr)
enum _SYSTEM_INFORMATION_CLASS SYSTEM_INFORMATION_CLASS
#define KeQuerySystemTime(t)
IN CINT OUT PVOID IN ULONG OUT PULONG ResultLength
#define KeGetCurrentIrql()
const LUID SeSystemEnvironmentPrivilege
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 const char UINT32 const char const char * ModuleName
NTSTATUS NTAPI MmSessionCreate(OUT PULONG SessionId)
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
NTSTATUS NTAPI ExpQueryModuleInformation(IN PLIST_ENTRY KernelModeList, IN PLIST_ENTRY UserModeList, OUT PRTL_PROCESS_MODULES Modules, IN ULONG Length, OUT PULONG ReturnLength)
PHANDLE_TABLE_ENTRY NTAPI ExpLookupHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN EXHANDLE Handle)
#define MM_VIRTMEM_GRANULARITY
#define STATUS_PRIVILEGE_NOT_HELD
ERESOURCE ExpFirmwareTableResource
struct _SYSTEM_REGISTRY_QUOTA_INFORMATION SYSTEM_REGISTRY_QUOTA_INFORMATION
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
LIST_ENTRY ThreadListEntry
#define TYPE_ALIGNMENT(t)
const LUID SeSystemtimePrivilege
MM_MEMORY_CONSUMER MiMemoryConsumers[MC_MAXIMUM]
#define STATUS_INSUFFICIENT_RESOURCES
#define ROUND_UP(n, align)
#define STATUS_INFO_LENGTH_MISMATCH
LARGE_INTEGER IoWriteTransferCount
struct _PROCESSOR_POWER_INFORMATION PROCESSOR_POWER_INFORMATION
LIST_ENTRY ExPoolLookasideListHead
BOOLEAN NTAPI ExIsProcessorFeaturePresent(IN ULONG ProcessorFeature)
#define STATUS_NOT_IMPLEMENTED
USHORT CreatorBackTraceIndex
#define _Out_writes_bytes_to_opt_(size, count)
struct _SYSTEM_NUMA_INFORMATION * PSYSTEM_NUMA_INFORMATION
const LUID SeDebugPrivilege
ACPI_SIZE strlen(const char *String)
PCONFIGURATION_INFORMATION NTAPI IoGetConfigurationInformation(VOID)
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
NTSTATUS NTAPI NtSetSystemEnvironmentValueEx(IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, IN PVOID Value, IN OUT PULONG ReturnLength, IN OUT PULONG Attributes)
LARGE_INTEGER IoReadTransferCount
HANDLE InheritedFromUniqueProcessId
struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION * PSYSTEM_QUERY_TIME_ADJUST_INFORMATION
NTSTATUS NTAPI SeLocateProcessImageName(IN PEPROCESS Process, OUT PUNICODE_STRING *ProcessImageName)
static VOID ExpCopyLookasideInformation(PSYSTEM_LOOKASIDE_INFORMATION *InfoPointer, PULONG RemainingPointer, PLIST_ENTRY ListHead, BOOLEAN ListUsesMisses)
NTSTATUS(* Set)(PVOID, ULONG)
#define KeGetPreviousMode()
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
ULONG NTAPI KeQueryTimeIncrement(VOID)
FAST_MUTEX ExpEnvironmentLock
__kernel_entry NTSTATUS NTAPI NtQuerySystemInformation(_In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, _Out_writes_bytes_to_opt_(SystemInformationLength,*ReturnLength) PVOID SystemInformation, _In_ ULONG Length, _Out_opt_ PULONG UnsafeResultLength)
PFN_NUMBER MmLowestPhysicalPage
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
struct _ThreadInfo ThreadInfo
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
VOID NTAPI MmUnlockPages(IN PMDL Mdl)
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
NTSTATUS NTAPI NtEnumerateSystemEnvironmentValuesEx(IN ULONG InformationClass, IN PVOID Buffer, IN ULONG BufferLength)
VOID NTAPI ObDereferenceObject(IN PVOID Object)
VOID NTAPI ExUnlockUserBuffer(PMDL Mdl)
#define KD_DEBUGGER_NOT_PRESENT
struct _SYSTEM_PERFORMANCE_INFORMATION * PSYSTEM_PERFORMANCE_INFORMATION
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
VOID NTAPI ExGetCurrentProcessorCounts(PULONG ThreadKernelTime, PULONG TotalCpuTime, PULONG ProcessorNumber)
NTSTATUS NTAPI ExGetPoolTagInfo(IN PSYSTEM_POOLTAG_INFORMATION SystemInformation, IN ULONG SystemInformationLength, IN OUT PULONG ReturnLength OPTIONAL)
ARC_STATUS NTAPI HalGetEnvironmentVariable(IN PCH Name, IN USHORT ValueLength, IN PCH Value)
PFN_NUMBER MmAvailablePages
BOOLEAN NTAPI ExVerifySuite(SUITE_TYPE SuiteType)
#define MmGetSystemAddressForMdlSafe(_Mdl, _Priority)
struct _SYSTEM_PROCESSOR_INFORMATION SYSTEM_PROCESSOR_INFORMATION
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
ULONG IoWriteOperationCount
NTSTATUS NTAPI ExLockUserBuffer(PVOID BaseAddress, ULONG Length, KPROCESSOR_MODE AccessMode, LOCK_OPERATION Operation, PVOID *MappedSystemVa, PMDL *OutMdl)
BOOLEAN KiTimeAdjustmentEnabled
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
PKSTART_ROUTINE StartAddress
ULONG IoReadOperationCount
struct LOOKASIDE_ALIGN _GENERAL_LOOKASIDE GENERAL_LOOKASIDE
ERESOURCE PsLoadedModuleResource
ULONG NTAPI NtGetCurrentProcessorNumber(VOID)
BOOLEAN NTAPI ExAcquireResourceExclusiveLite(IN PERESOURCE Resource, IN BOOLEAN Wait)
FORCEINLINE ULONG KeGetCurrentProcessorNumber(VOID)
struct _SYSTEM_PROCESSOR_INFORMATION * PSYSTEM_PROCESSOR_INFORMATION
UNICODE_STRING PageFileName
NTSTATUS NTAPI MmSessionDelete(IN ULONG SessionId)
struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
struct _SYSTEM_REGISTRY_QUOTA_INFORMATION * PSYSTEM_REGISTRY_QUOTA_INFORMATION
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
static QSSI_CALLS CallQS[]
#define OBJ_NAME_PATH_SEPARATOR
ULONG KeAlignmentFixupCount
struct LOOKASIDE_ALIGN _GENERAL_LOOKASIDE * PGENERAL_LOOKASIDE
LARGE_INTEGER ExpTimeZoneBias
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
NTSTATUS NTAPI NtSetSystemInformation(IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN PVOID SystemInformation, IN ULONG SystemInformationLength)
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
struct _SYSTEM_FLAGS_INFORMATION SYSTEM_FLAGS_INFORMATION
#define EXCEPTION_EXECUTE_HANDLER
struct _KTHREAD * CurrentThread
struct _RTL_TIME_ZONE_INFORMATION RTL_TIME_ZONE_INFORMATION
#define ObpGetHandleObject(x)
#define STATUS_BREAKPOINT
const LUID SeLoadDriverPrivilege
#define STATUS_INVALID_PARAMETER_2
struct _SYSTEM_FLAGS_INFORMATION * PSYSTEM_FLAGS_INFORMATION
VOID NTAPI PsChangeQuantumTable(IN BOOLEAN Immediate, IN ULONG PrioritySeparation)
#define SystemPerformanceInformation
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToAnsiString(PANSI_STRING DestinationString, PUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
NTSTATUS(* Query)(PVOID, ULONG, PULONG)
LIST_ENTRY ThreadListHead
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
NTSTATUS NTAPI MmUnloadSystemImage(IN PVOID ImageHandle)
struct _SYSTEM_SET_TIME_ADJUST_INFORMATION * PSYSTEM_SET_TIME_ADJUST_INFORMATION
struct _LIST_ENTRY * Flink
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
USHORT KeProcessorArchitecture
_In_ KPROCESSOR_MODE PreviousMode
USHORT KeProcessorRevision
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
LIST_ENTRY ExpNonPagedLookasideListHead
struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION SYSTEM_QUERY_TIME_ADJUST_INFORMATION
struct _SYSTEM_THREAD_INFORMATION * PSYSTEM_THREAD_INFORMATION
struct _SYSTEM_PAGEFILE_INFORMATION SYSTEM_PAGEFILE_INFORMATION
#define STATUS_INVALID_IMAGE_FORMAT
#define _SEH2_YIELD(STMT_)
#define PROCESSOR_FEATURE_MAX
#define NT_SUCCESS(StatCode)
struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION * PSYSTEM_KERNEL_DEBUGGER_INFORMATION
ULONG_PTR UniqueProcessId
LIST_ENTRY HandleTableListHead
struct _SYSTEM_CONTEXT_SWITCH_INFORMATION * PSYSTEM_CONTEXT_SWITCH_INFORMATION
NTSTATUS NTAPI NtSetSystemEnvironmentValue(IN PUNICODE_STRING VariableName, IN PUNICODE_STRING Value)
LIST_ENTRY PsLoadedModuleList
struct _SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION
HANDLE GenericHandleOverlay
#define KeAcquireSpinLock(sl, irql)
BOOLEAN NTAPI ExpLockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
static const UCHAR Index[8]
NTSYSAPI VOID NTAPI RtlFreeAnsiString(PANSI_STRING AnsiString)
#define KD_DEBUGGER_ENABLED
struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION SYSTEM_KERNEL_DEBUGGER_INFORMATION
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
#define STATUS_ACCESS_DENIED
BOOL Query(LPCTSTR *ServiceArgs, DWORD ArgCount, BOOL bExtended)
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION * PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
struct _SYSTEM_FILECACHE_INFORMATION SYSTEM_FILECACHE_INFORMATION
FORCEINLINE NTSTATUS ExpConvertLdrModuleToRtlModule(IN ULONG ModuleCount, IN PLDR_DATA_TABLE_ENTRY LdrEntry, OUT PRTL_PROCESS_MODULE_INFORMATION ModuleInfo)
NTSYSAPI NTSTATUS NTAPI ZwSetSystemInformation(_In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, _In_ PVOID SystemInformation, _In_ SIZE_T SystemInformationLength)
KSPIN_LOCK ExpPagedLookasideListLock
#define KeGetContextSwitches(Prcb)
#define STATUS_UNSUCCESSFUL
LIST_ENTRY MmLoadedUserImageList
LARGE_INTEGER IoOtherTransferCount
#define ExAllocatePoolWithTag(hernya, size, tag)
struct _RTL_PROCESS_MODULE_INFORMATION RTL_PROCESS_MODULE_INFORMATION
static const char * ImageName
DRIVER_INITIALIZE * PDRIVER_INITIALIZE
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
#define STATUS_INVALID_INFO_CLASS
#define RtlImageDirectoryEntryToData
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
C_ASSERT(SystemBasicInformation==0)
KSPIN_LOCK ExpNonPagedLookasideListLock
#define KeEnterCriticalRegion()
NTSTATUS NTAPI NtQuerySystemEnvironmentValue(IN PUNICODE_STRING VariableName, OUT PWSTR ValueBuffer, IN ULONG ValueBufferLength, IN OUT PULONG ReturnLength OPTIONAL)
#define memcpy(s1, s2, n)
PEPROCESS NTAPI PsGetNextProcess(IN PEPROCESS OldProcess OPTIONAL)
VOID NTAPI ExQueryPoolUsage(OUT PULONG PagedPoolPages, OUT PULONG NonPagedPoolPages, OUT PULONG PagedPoolAllocs, OUT PULONG PagedPoolFrees, OUT PULONG PagedPoolLookasideHits, OUT PULONG NonPagedPoolAllocs, OUT PULONG NonPagedPoolFrees, OUT PULONG NonPagedPoolLookasideHits)
#define SystemExtendServiceTableInformation
struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX
#define MIN_SYSTEM_INFO_CLASS
#define IMAGE_DIRECTORY_ENTRY_EXPORT
KAFFINITY KeActiveProcessors
VOID NTAPI ExGetCurrentProcessorCpuUsage(PULONG CpuUsage)
const LUID SeTcbPrivilege
PMDL NTAPI IoAllocateMdl(IN PVOID VirtualAddress, IN ULONG Length, IN BOOLEAN SecondaryBuffer, IN BOOLEAN ChargeQuota, IN PIRP Irp)
struct _KTHREAD * IdleThread
struct _SYSTEM_PROCESS_INFORMATION * PSYSTEM_PROCESS_INFORMATION
#define SystemLoadGdiDriverInformation
FORCEINLINE VOID ExAcquirePushLockShared(PEX_PUSH_LOCK PushLock)
struct _SYSTEM_EXCEPTION_INFORMATION * PSYSTEM_EXCEPTION_INFORMATION
ARC_STATUS NTAPI HalSetEnvironmentVariable(IN PCH Name, IN PCH Value)
struct _FileName FileName
PFN_COUNT MmNumberOfPhysicalPages
DRIVER_INFORMATION DriverInfo
#define KeLeaveCriticalRegion()
LONG NTAPI ExSystemExceptionFilter(VOID)
#define STATUS_BUFFER_OVERFLOW
struct _SYSTEM_LOOKASIDE_INFORMATION SYSTEM_LOOKASIDE_INFORMATION
VOID NTAPI MmProbeAndLockPages(IN PMDL Mdl, IN KPROCESSOR_MODE AccessMode, IN LOCK_OPERATION Operation)
struct _SYSTEM_DEVICE_INFORMATION * PSYSTEM_DEVICE_INFORMATION
enum _LOCK_OPERATION LOCK_OPERATION
RTL_TIME_ZONE_INFORMATION ExpTimeZoneInfo
ULONG KeExceptionDispatchCount
_In_ ULONG _Out_opt_ PULONG RequiredLength
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
PFN_COUNT MiUsedSwapPages
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
PKPRCB KiProcessorBlock[]
struct _SYSTEM_PERFORMANCE_INFORMATION SYSTEM_PERFORMANCE_INFORMATION
#define SystemBasicInformation
#define FIELD_OFFSET(t, f)
NTSTATUS ExpSetTimeZoneInformation(PRTL_TIME_ZONE_INFORMATION TimeZoneInformation)
struct _SYSTEM_BASIC_INFORMATION SYSTEM_BASIC_INFORMATION
struct _SYSTEM_INTERRUPT_INFORMATION * PSYSTEM_INTERRUPT_INFORMATION
PVOID MmHighestUserAddress
LIST_ENTRY ExpFirmwareTableProviderListHead
#define KeReleaseSpinLock(sl, irql)
UNICODE_STRING * PUNICODE_STRING
enum _SUITE_TYPE SUITE_TYPE
struct _SYSTEM_BASIC_INFORMATION * PSYSTEM_BASIC_INFORMATION
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
FORCEINLINE VOID ExReleasePushLockShared(PEX_PUSH_LOCK PushLock)
PFN_COUNT MiFreeSwapPages
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RtlZeroMemory(Destination, Length)
_In_ FLT_SET_CONTEXT_OPERATION Operation
struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO SYSTEM_HANDLE_TABLE_ENTRY_INFO
#define _SEH2_EXCEPT(...)
PFN_NUMBER MmHighestPhysicalPage
#define ExFreePoolWithTag(_P, _T)
#define _SEH2_GetExceptionCode()
ULONG IoOtherOperationCount
struct _QSSI_CALLS QSSI_CALLS
_In_ FILTER_INFORMATION_CLASS InformationClass
#define OBJ_HANDLE_ATTRIBUTES
IN PVOID IN PVOID IN PCHAR IN OUT PPORT_CONFIGURATION_INFORMATION ConfigInfo
#define MAX_SYSTEM_INFO_CLASS
EX_PUSH_LOCK HandleTableListLock
#define UInt32x32To64(a, b)
NTSTATUS NTAPI NtQuerySystemEnvironmentValueEx(IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, IN PVOID Value, IN OUT PULONG ReturnLength, IN OUT PULONG Attributes)
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
struct _SYSTEM_DEVICE_INFORMATION SYSTEM_DEVICE_INFORMATION
#define MmSystemRangeStart
IN HDEVINFO IN PSP_DEVINFO_DATA DeviceInfoData OPTIONAL
LIST_ENTRY ExpPagedLookasideListHead
USHORT CreatorBackTraceIndex
LIST_ENTRY ExSystemLookasideListHead
struct _ACPI_EFI_FILE_HANDLE CHAR16 UINT64 UINT64 Attributes
NTSTATUS NTAPI MmLoadSystemImage(IN PUNICODE_STRING FileName, IN PUNICODE_STRING NamePrefix OPTIONAL, IN PUNICODE_STRING LoadedName OPTIONAL, IN ULONG Flags, OUT PVOID *ModuleObject, OUT PVOID *ImageBaseAddress)
_Must_inspect_result_ _In_ LPCGUID _In_ ULONG _In_ FSRTL_ALLOCATE_ECP_FLAGS _In_opt_ PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK _Inout_ PVOID LookasideList
#define RTL_CONSTANT_STRING(s)
1.8.6