20 #define MAX_ENVVAL_SIZE 1024
22 #define SIG_ACPI 0x41435049
23 #define SIG_FIRM 0x4649524D
24 #define SIG_RSMB 0x52534D42
44 ModuleInfo->MappedBase =
NULL;
45 ModuleInfo->ImageBase = LdrEntry->DllBase;
46 ModuleInfo->ImageSize = LdrEntry->SizeOfImage;
47 ModuleInfo->Flags = LdrEntry->Flags;
48 ModuleInfo->LoadCount = LdrEntry->LoadCount;
49 ModuleInfo->LoadOrderIndex = (
USHORT)ModuleCount;
50 ModuleInfo->InitOrderIndex = 0;
53 RtlInitEmptyAnsiString(&ModuleName,
54 ModuleInfo->FullPathName,
55 sizeof(ModuleInfo->FullPathName));
59 &LdrEntry->FullDllName,
65 while ((p > ModuleName.
Buffer) && (*--p))
77 ModuleInfo->OffsetToFileName = (
USHORT)(p - ModuleName.
Buffer);
83 ModuleInfo->OffsetToFileName = 0;
101 ULONG ModuleCount = 0;
106 ModuleInfo = &Modules->Modules[0];
109 NextEntry = KernelModeList->
Flink;
110 while (NextEntry != KernelModeList)
119 if (Length >= RequiredLength)
136 NextEntry = NextEntry->
Flink;
142 NextEntry = UserModeList->
Flink;
143 while (NextEntry != UserModeList)
152 if (Length >= RequiredLength)
169 NextEntry = NextEntry->
Flink;
180 Modules->NumberOfModules = ModuleCount;
207 PVOID *MappedSystemVa,
213 *MappedSystemVa =
NULL;
237 if (*MappedSystemVa ==
NULL)
256 PVOID DataBlockObject;
269 DPRINT1(
"IoWMIOpenBlock failed: 0x%08lx\n", Status);
278 DPRINT1(
"IoWMIOpenBlock failed: 0x%08lx\n", Status);
285 DPRINT1(
"Failed to allocate %lu bytes for SMBIOS tables\n", WMIBufSize);
293 DPRINT1(
"IoWMIOpenBlock failed: 0x%08lx\n", Status);
302 if (BufferSize >= *OutSize)
335 *CpuUsage = (
ULONG)(100 - (ScaledIdle / TotalTime));
422 DPRINT1(
"NtQuerySystemEnvironmentValue: Caller requires the SeSystemEnvironmentPrivilege privilege!\n");
437 if (AnsiValueBuffer ==
NULL)
459 RtlInitEmptyUnicodeString(&WValue, ValueBuffer, (
USHORT)ValueBufferLength);
540 DPRINT1(
"NtSetSystemEnvironmentValue: Caller requires the SeSystemEnvironmentPrivilege privilege!\n");
595 #define QSI_USE(n) QSI##n
597 static NTSTATUS QSI_USE(n) (PVOID Buffer, ULONG Size, PULONG ReqSize)
599 #define SSI_USE(n) SSI##n
601 static NTSTATUS SSI_USE(n) (PVOID Buffer, ULONG Size)
672 ULONG IdleUser, IdleKernel;
838 DPRINT1(
"NtQuerySystemInformation - SystemPathInformation not implemented\n");
852 USHORT ImageNameMaximumLength;
855 ULONG TotalSize = 0, ThreadsCount;
856 ULONG TotalUser, TotalKernel;
883 Process = SystemProcess;
899 DPRINT1(
"Process %p (%s:%p) is a zombie\n",
902 ImageNameMaximumLength = 0;
915 CurrentEntry = CurrentEntry->
Flink;
922 ProcessImageName = TempProcessImageName;
924 if (
NT_SUCCESS(Status) && (ProcessImageName->Length > 0))
926 szSrc = (
PWCHAR)((
PCHAR)ProcessImageName->Buffer + ProcessImageName->Length);
928 while (szSrc > ProcessImageName->Buffer)
938 ImageNameLength +=
sizeof(
WCHAR);
948 if (ImageNameLength > 0)
949 ImageNameMaximumLength =
ROUND_UP(ImageNameLength +
sizeof(
WCHAR), 8);
951 ImageNameMaximumLength = 0;
953 TotalSize += CurrentSize + ImageNameMaximumLength;
956 if (TotalSize >
Size)
1025 CurrentEntry = CurrentEntry->
Flink;
1034 if (ProcessImageName)
1038 ProcessImageName =
NULL;
1051 if ((Process == SystemProcess) || (Process ==
NULL))
1058 Current += CurrentSize + ImageNameMaximumLength;
1059 }
while ((Process != SystemProcess) && (Process !=
NULL));
1069 if (ProcessImageName)
1082 *ReqSize = TotalSize;
1090 DPRINT1(
"NtQuerySystemInformation - SystemCallCountInformation not implemented\n");
1134 if (
Size < *ReqSize)
1161 #if (NTDDI_VERSION >= NTDDI_VISTA)
1171 #if (NTDDI_VERSION < NTDDI_VISTA)
1198 DPRINT1(
"NtQuerySystemInformation - SystemCallTimeInformation not implemented\n");
1228 DPRINT1(
"NtQuerySystemInformation - SystemLocksInformation not implemented\n");
1236 DPRINT1(
"NtQuerySystemInformation - SystemStackTraceInformation not implemented\n");
1244 DPRINT1(
"NtQuerySystemInformation - SystemPagedPoolInformation not implemented\n");
1252 DPRINT1(
"NtQuerySystemInformation - SystemNonPagedPoolInformation not implemented\n");
1270 DPRINT(
"NtQuerySystemInformation - SystemHandleInformation\n");
1276 if (
Size < *ReqSize)
1286 (
PVOID*)&HandleInformation,
1290 DPRINT1(
"Failed to lock the user buffer: 0x%lx\n", Status);
1304 for (NextTableEntry = HandleTableListHead.
Flink;
1305 NextTableEntry != &HandleTableListHead;
1306 NextTableEntry = NextTableEntry->
Flink)
1316 if ((HandleTableEntry->
Object) &&
1329 if (*ReqSize >
Size)
1390 DPRINT1(
"NtQuerySystemInformation - SystemObjectInformation not implemented\n");
1422 DPRINT1(
"NtQuerySystemInformation - SystemVdmInstemulInformation not implemented\n");
1430 DPRINT1(
"NtQuerySystemInformation - SystemVdmBopInformation not implemented\n");
1441 if (
Size < *ReqSize)
1471 DPRINT1(
"NtSetSystemInformation - SystemFileCacheInformation not implemented\n");
1516 DPRINT1(
"NtQuerySystemInformation - SystemDpcBehaviourInformation not implemented\n");
1523 DPRINT1(
"NtSetSystemInformation - SystemDpcBehaviourInformation not implemented\n");
1534 *ReqSize =
sizeof(
ULONG);
1541 DPRINT(
"SystemFullMemoryInformation\n");
1545 DPRINT(
"PID: %p, KernelTime: %u PFFree: %lu PFUsed: %lu\n",
1562 PVOID SectionPointer;
1695 DPRINT1(
"NtQuerySystemInformation - SystemSummaryMemoryInformation not implemented\n");
1703 DPRINT1(
"NtQuerySystemInformation - SystemNextEventIdInformation not implemented\n");
1711 DPRINT1(
"NtQuerySystemInformation - SystemPerformanceTraceInformation not implemented\n");
1719 DPRINT1(
"NtQuerySystemInformation - SystemCrashDumpInformation not implemented\n");
1729 ULONG AlignmentFixupCount = 0, ExceptionDispatchCount = 0;
1730 ULONG FloatingEmulationCount = 0, ByteWordEmulationCount = 0;
1746 FloatingEmulationCount += Prcb->KeFloatingEmulationCount;
1764 DPRINT1(
"NtQuerySystemInformation - SystemCrashDumpStateInformation not implemented\n");
1773 #if (NTDDI_VERSION >= NTDDI_VISTA)
1785 #if (NTDDI_VERSION < NTDDI_VISTA)
1797 ULONG ContextSwitches;
1806 ContextSwitches = 0;
1819 ContextSwitchInformation->
FindAny = 0;
1820 ContextSwitchInformation->
FindLast = 0;
1821 ContextSwitchInformation->
FindIdeal = 0;
1822 ContextSwitchInformation->
IdleAny = 0;
1824 ContextSwitchInformation->
IdleLast = 0;
1825 ContextSwitchInformation->
IdleIdeal = 0;
1845 DPRINT1(
"Faking max registry size of 32 MB\n");
1856 DPRINT1(
"NtSetSystemInformation - SystemRegistryQuotaInformation not implemented\n");
1913 sizeof(Win32kName));
1921 (
PVOID)&ModuleObject,
1946 Status = (DriverInit)(&Win32k,
NULL);
1979 DPRINT1(
"NtQuerySystemInformation - SystemVerifierAddDriverInformation not implemented\n");
1987 DPRINT1(
"NtQuerySystemInformation - SystemVerifierRemoveDriverInformation not implemented\n");
2002 DPRINT1(
"NtQuerySystemInformation - SystemPowerInformation not implemented\n");
2010 DPRINT1(
"NtQuerySystemInformation - SystemLegacyDriverInformation not implemented\n");
2059 Info = *InfoPointer;
2060 Remaining = *RemainingPointer;
2063 for (ListEntry = ListHead->
Flink;
2064 (ListEntry != ListHead) && (Remaining > 0);
2065 ListEntry = ListEntry->
Flink, Remaining--)
2073 Info->
TotalFrees = LookasideList->TotalFrees;
2074 Info->
Type = LookasideList->Type;
2075 Info->
Tag = LookasideList->Tag;
2076 Info->
Size = LookasideList->Size;
2083 Info->
FreeMisses = LookasideList->FreeMisses;
2089 - LookasideList->AllocateHits;
2091 - LookasideList->FreeHits;
2096 *InfoPointer =
Info;
2097 *RemainingPointer = Remaining;
2106 ULONG MaxCount, Remaining;
2121 DPRINT1(
"Failed to lock the user buffer: 0x%lx\n", Status);
2196 DPRINT1(
"NtSetSystemInformation - SystemTimeSlipNotification not implemented\n");
2260 DPRINT1(
"NtQuerySystemInformation - SystemSessionInformation not implemented\n");
2273 if (ReqSize) *ReqSize =
sizeof(
ULONG_PTR);
2282 DPRINT1(
"NtQuerySystemInformation - SystemVerifierInformation not implemented\n");
2290 DPRINT1(
"NtSetSystemInformation - SystemVerifierInformation not implemented\n");
2299 DPRINT1(
"NtSetSystemInformation - SystemVerifierThunkExtend not implemented\n");
2308 DPRINT1(
"NtQuerySystemInformation - SystemSessionProcessInformation not implemented\n");
2317 DPRINT1(
"NtSetSystemInformation - SystemLoadGdiDriverInSystemSpaceInformation not implemented\n");
2354 for (Node = 0; Node < MaxEntries; ++
Node)
2362 *ReqSize =
sizeof(
ULONG);
2373 DPRINT1(
"NtQuerySystemInformation - SystemPrefetcherInformation not implemented\n");
2382 DPRINT1(
"NtQuerySystemInformation - SystemExtendedProcessInformation not implemented\n");
2391 DPRINT1(
"NtQuerySystemInformation - SystemRecommendedSharedDataAlignment not implemented\n");
2428 if (MaxEntries == 1)
2435 for (Node = 0; Node < MaxEntries; ++
Node)
2444 *ReqSize =
sizeof(
ULONG);
2463 DPRINT(
"NtQuerySystemInformation - SystemExtendedHandleInformation\n");
2469 if (
Size < *ReqSize)
2479 (
PVOID*)&HandleInformation,
2483 DPRINT1(
"Failed to lock the user buffer: 0x%lx\n", Status);
2488 HandleInformation->
Count = 0;
2497 for (NextTableEntry = HandleTableListHead.
Flink;
2498 NextTableEntry != &HandleTableListHead;
2499 NextTableEntry = NextTableEntry->
Flink)
2509 if ((HandleTableEntry->
Object) &&
2513 ++HandleInformation->
Count;
2522 if (*ReqSize >
Size)
2537 HandleInformation->Handles[
Index].ObjectTypeIndex =
2588 ULONG TableCount = 0;
2590 DPRINT(
"NtQuerySystemInformation - SystemFirmwareTableInformation\n");
2596 if (
Size < *ReqSize)
2611 DPRINT1(
"ACPI provider not implemented\n");
2618 DPRINT1(
"FIRM provider not implemented\n");
2630 DataSize = TableCount *
sizeof(
ULONG);
2631 if (DataSize <= InputBufSize)
2637 && DataSize <= InputBufSize)
2647 DPRINT1(
"SystemFirmwareTableInformation: Unsupported provider (0x%x)\n",
2655 switch (SysFirmwareInfo->
Action)
2668 DPRINT1(
"SystemFirmwareTableInformation: Unsupported action (0x%x)\n",
2669 SysFirmwareInfo->
Action);
2694 #define SI_QS(n) {QSI_USE(n),SSI_USE(n)}
2695 #define SI_QX(n) {QSI_USE(n),NULL}
2696 #define SI_XS(n) {NULL,SSI_USE(n)}
2697 #define SI_XX(n) {NULL,NULL}
2743 SI_QX(SystemVerifierAddDriverInformation),
2744 SI_QX(SystemVerifierRemoveDriverInformation),
2745 SI_QX(SystemProcessorIdleInformation),
2746 SI_QX(SystemLegacyDriverInformation),
2755 SI_XS(SystemVerifierThunkExtend),
2783 #define MIN_SYSTEM_INFO_CLASS (SystemBasicInformation)
2784 #define MAX_SYSTEM_INFO_CLASS (sizeof(CallQS) / sizeof(CallQS[0]))
2809 #if (NTDDI_VERSION >= NTDDI_VISTA)
2826 if (UnsafeResultLength !=
NULL)
2830 if (UnsafeResultLength)
2831 *UnsafeResultLength = 0;
2833 #if (NTDDI_VERSION < NTDDI_VISTA)
2848 FStatus =
CallQS [SystemInformationClass].
Query(SystemInformation,
2853 if (UnsafeResultLength)
2871 IN ULONG SystemInformationLength)
2902 Status =
CallQS [SystemInformationClass].
Set(SystemInformation,
2903 SystemInformationLength);
2924 #undef ExGetPreviousMode
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
#define ProbeForWriteUlong(Ptr)
enum _SYSTEM_INFORMATION_CLASS SYSTEM_INFORMATION_CLASS
#define KeQuerySystemTime(t)
IN CINT OUT PVOID IN ULONG OUT PULONG ResultLength
#define KeGetCurrentIrql()
const LUID SeSystemEnvironmentPrivilege
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 const char UINT32 const char const char * ModuleName
NTSTATUS NTAPI MmSessionCreate(OUT PULONG SessionId)
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
NTSTATUS NTAPI ExpQueryModuleInformation(IN PLIST_ENTRY KernelModeList, IN PLIST_ENTRY UserModeList, OUT PRTL_PROCESS_MODULES Modules, IN ULONG Length, OUT PULONG ReturnLength)
PHANDLE_TABLE_ENTRY NTAPI ExpLookupHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN EXHANDLE Handle)
#define MM_VIRTMEM_GRANULARITY
#define STATUS_PRIVILEGE_NOT_HELD
ERESOURCE ExpFirmwareTableResource
struct _SYSTEM_REGISTRY_QUOTA_INFORMATION SYSTEM_REGISTRY_QUOTA_INFORMATION
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
LIST_ENTRY ThreadListEntry
#define TYPE_ALIGNMENT(t)
const LUID SeSystemtimePrivilege
MM_MEMORY_CONSUMER MiMemoryConsumers[MC_MAXIMUM]
#define STATUS_INSUFFICIENT_RESOURCES
#define ROUND_UP(n, align)
#define STATUS_INFO_LENGTH_MISMATCH
LARGE_INTEGER IoWriteTransferCount
struct _PROCESSOR_POWER_INFORMATION PROCESSOR_POWER_INFORMATION
LIST_ENTRY ExPoolLookasideListHead
BOOLEAN NTAPI ExIsProcessorFeaturePresent(IN ULONG ProcessorFeature)
#define STATUS_NOT_IMPLEMENTED
USHORT CreatorBackTraceIndex
#define _Out_writes_bytes_to_opt_(size, count)
struct _SYSTEM_NUMA_INFORMATION * PSYSTEM_NUMA_INFORMATION
const LUID SeDebugPrivilege
ACPI_SIZE strlen(const char *String)
PCONFIGURATION_INFORMATION NTAPI IoGetConfigurationInformation(VOID)
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
NTSTATUS NTAPI NtSetSystemEnvironmentValueEx(IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, IN PVOID Value, IN OUT PULONG ReturnLength, IN OUT PULONG Attributes)
LARGE_INTEGER IoReadTransferCount
HANDLE InheritedFromUniqueProcessId
struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION * PSYSTEM_QUERY_TIME_ADJUST_INFORMATION
NTSTATUS NTAPI SeLocateProcessImageName(IN PEPROCESS Process, OUT PUNICODE_STRING *ProcessImageName)
static VOID ExpCopyLookasideInformation(PSYSTEM_LOOKASIDE_INFORMATION *InfoPointer, PULONG RemainingPointer, PLIST_ENTRY ListHead, BOOLEAN ListUsesMisses)
NTSTATUS(* Set)(PVOID, ULONG)
#define KeGetPreviousMode()
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
ULONG NTAPI KeQueryTimeIncrement(VOID)
FAST_MUTEX ExpEnvironmentLock
__kernel_entry NTSTATUS NTAPI NtQuerySystemInformation(_In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, _Out_writes_bytes_to_opt_(SystemInformationLength,*ReturnLength) PVOID SystemInformation, _In_ ULONG Length, _Out_opt_ PULONG UnsafeResultLength)
PFN_NUMBER MmLowestPhysicalPage
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
struct _ThreadInfo ThreadInfo
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
VOID NTAPI MmUnlockPages(IN PMDL Mdl)
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
NTSTATUS NTAPI NtEnumerateSystemEnvironmentValuesEx(IN ULONG InformationClass, IN PVOID Buffer, IN ULONG BufferLength)
VOID NTAPI ObDereferenceObject(IN PVOID Object)
VOID NTAPI ExUnlockUserBuffer(PMDL Mdl)
#define KD_DEBUGGER_NOT_PRESENT
struct _SYSTEM_PERFORMANCE_INFORMATION * PSYSTEM_PERFORMANCE_INFORMATION
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
VOID NTAPI ExGetCurrentProcessorCounts(PULONG ThreadKernelTime, PULONG TotalCpuTime, PULONG ProcessorNumber)
NTSTATUS NTAPI ExGetPoolTagInfo(IN PSYSTEM_POOLTAG_INFORMATION SystemInformation, IN ULONG SystemInformationLength, IN OUT PULONG ReturnLength OPTIONAL)
ARC_STATUS NTAPI HalGetEnvironmentVariable(IN PCH Name, IN USHORT ValueLength, IN PCH Value)
PFN_NUMBER MmAvailablePages
BOOLEAN NTAPI ExVerifySuite(SUITE_TYPE SuiteType)
#define MmGetSystemAddressForMdlSafe(_Mdl, _Priority)
struct _SYSTEM_PROCESSOR_INFORMATION SYSTEM_PROCESSOR_INFORMATION
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
IN BOOLEAN OUT PSTR Buffer
ULONG IoWriteOperationCount
#define RtlMoveMemory(Destination, Source, Length)
NTSTATUS NTAPI ExLockUserBuffer(PVOID BaseAddress, ULONG Length, KPROCESSOR_MODE AccessMode, LOCK_OPERATION Operation, PVOID *MappedSystemVa, PMDL *OutMdl)
#define STATUS_BUFFER_TOO_SMALL
BOOLEAN KiTimeAdjustmentEnabled
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
PKSTART_ROUTINE StartAddress
ULONG IoReadOperationCount
struct LOOKASIDE_ALIGN _GENERAL_LOOKASIDE GENERAL_LOOKASIDE
ERESOURCE PsLoadedModuleResource
ULONG NTAPI NtGetCurrentProcessorNumber(VOID)
BOOLEAN NTAPI ExAcquireResourceExclusiveLite(IN PERESOURCE Resource, IN BOOLEAN Wait)
FORCEINLINE ULONG KeGetCurrentProcessorNumber(VOID)
struct _SYSTEM_PROCESSOR_INFORMATION * PSYSTEM_PROCESSOR_INFORMATION
UNICODE_STRING PageFileName
NTSTATUS NTAPI MmSessionDelete(IN ULONG SessionId)
struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
struct _SYSTEM_REGISTRY_QUOTA_INFORMATION * PSYSTEM_REGISTRY_QUOTA_INFORMATION
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
static QSSI_CALLS CallQS[]
#define OBJ_NAME_PATH_SEPARATOR
ULONG KeAlignmentFixupCount
struct LOOKASIDE_ALIGN _GENERAL_LOOKASIDE * PGENERAL_LOOKASIDE
LARGE_INTEGER ExpTimeZoneBias
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
NTSTATUS NTAPI NtSetSystemInformation(IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN PVOID SystemInformation, IN ULONG SystemInformationLength)
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
NTSTATUS NTAPI IoWMIQueryAllData(IN PVOID DataBlockObject, IN OUT ULONG *InOutBufferSize, OUT PVOID OutBuffer)
struct _SYSTEM_FLAGS_INFORMATION SYSTEM_FLAGS_INFORMATION
#define EXCEPTION_EXECUTE_HANDLER
struct _KTHREAD * CurrentThread
struct _RTL_TIME_ZONE_INFORMATION RTL_TIME_ZONE_INFORMATION
#define ObpGetHandleObject(x)
#define STATUS_BREAKPOINT
const LUID SeLoadDriverPrivilege
#define STATUS_INVALID_PARAMETER_2
struct _SYSTEM_FLAGS_INFORMATION * PSYSTEM_FLAGS_INFORMATION
VOID NTAPI PsChangeQuantumTable(IN BOOLEAN Immediate, IN ULONG PrioritySeparation)
#define SystemPerformanceInformation
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToAnsiString(PANSI_STRING DestinationString, PUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
NTSTATUS(* Query)(PVOID, ULONG, PULONG)
LIST_ENTRY ThreadListHead
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
NTSTATUS NTAPI MmUnloadSystemImage(IN PVOID ImageHandle)
struct _SYSTEM_SET_TIME_ADJUST_INFORMATION * PSYSTEM_SET_TIME_ADJUST_INFORMATION
NTSTATUS NTAPI ExpGetRawSMBiosTable(_Out_opt_ PVOID Buffer, _Out_ ULONG *OutSize, _In_ ULONG BufferSize)
struct _LIST_ENTRY * Flink
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
USHORT KeProcessorArchitecture
_In_ KPROCESSOR_MODE PreviousMode
USHORT KeProcessorRevision
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
LIST_ENTRY ExpNonPagedLookasideListHead
struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION SYSTEM_QUERY_TIME_ADJUST_INFORMATION
const GUID MSSmBios_RawSMBiosTables_GUID
struct _SYSTEM_THREAD_INFORMATION * PSYSTEM_THREAD_INFORMATION
struct _SYSTEM_PAGEFILE_INFORMATION SYSTEM_PAGEFILE_INFORMATION
#define STATUS_INVALID_IMAGE_FORMAT
#define _SEH2_YIELD(STMT_)
#define PROCESSOR_FEATURE_MAX
#define NT_SUCCESS(StatCode)
struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION * PSYSTEM_KERNEL_DEBUGGER_INFORMATION
ULONG_PTR UniqueProcessId
LIST_ENTRY HandleTableListHead
struct _SYSTEM_CONTEXT_SWITCH_INFORMATION * PSYSTEM_CONTEXT_SWITCH_INFORMATION
NTSTATUS NTAPI NtSetSystemEnvironmentValue(IN PUNICODE_STRING VariableName, IN PUNICODE_STRING Value)
LIST_ENTRY PsLoadedModuleList
struct _SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION
HANDLE GenericHandleOverlay
#define KeAcquireSpinLock(sl, irql)
BOOLEAN NTAPI ExpLockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
static const UCHAR Index[8]
NTSYSAPI VOID NTAPI RtlFreeAnsiString(PANSI_STRING AnsiString)
#define KD_DEBUGGER_ENABLED
struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION SYSTEM_KERNEL_DEBUGGER_INFORMATION
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
#define STATUS_ACCESS_DENIED
struct _SYSTEM_FIRMWARE_TABLE_INFORMATION * PSYSTEM_FIRMWARE_TABLE_INFORMATION
BOOL Query(LPCTSTR *ServiceArgs, DWORD ArgCount, BOOL bExtended)
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION * PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
struct _SYSTEM_FILECACHE_INFORMATION SYSTEM_FILECACHE_INFORMATION
FORCEINLINE NTSTATUS ExpConvertLdrModuleToRtlModule(IN ULONG ModuleCount, IN PLDR_DATA_TABLE_ENTRY LdrEntry, OUT PRTL_PROCESS_MODULE_INFORMATION ModuleInfo)
NTSYSAPI NTSTATUS NTAPI ZwSetSystemInformation(_In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, _In_ PVOID SystemInformation, _In_ SIZE_T SystemInformationLength)
KSPIN_LOCK ExpPagedLookasideListLock
#define KeGetContextSwitches(Prcb)
#define STATUS_UNSUCCESSFUL
LIST_ENTRY MmLoadedUserImageList
LARGE_INTEGER IoOtherTransferCount
#define ExAllocatePoolWithTag(hernya, size, tag)
struct _RTL_PROCESS_MODULE_INFORMATION RTL_PROCESS_MODULE_INFORMATION
static const char * ImageName
DRIVER_INITIALIZE * PDRIVER_INITIALIZE
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
#define STATUS_INVALID_INFO_CLASS
#define RtlImageDirectoryEntryToData
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
C_ASSERT(SystemBasicInformation==0)
KSPIN_LOCK ExpNonPagedLookasideListLock
#define KeEnterCriticalRegion()
NTSTATUS NTAPI NtQuerySystemEnvironmentValue(IN PUNICODE_STRING VariableName, OUT PWSTR ValueBuffer, IN ULONG ValueBufferLength, IN OUT PULONG ReturnLength OPTIONAL)
#define memcpy(s1, s2, n)
PEPROCESS NTAPI PsGetNextProcess(IN PEPROCESS OldProcess OPTIONAL)
VOID NTAPI ExQueryPoolUsage(OUT PULONG PagedPoolPages, OUT PULONG NonPagedPoolPages, OUT PULONG PagedPoolAllocs, OUT PULONG PagedPoolFrees, OUT PULONG PagedPoolLookasideHits, OUT PULONG NonPagedPoolAllocs, OUT PULONG NonPagedPoolFrees, OUT PULONG NonPagedPoolLookasideHits)
#define SystemExtendServiceTableInformation
struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX
#define MIN_SYSTEM_INFO_CLASS
ULONG CcPinMappedDataCount
#define IMAGE_DIRECTORY_ENTRY_EXPORT
KAFFINITY KeActiveProcessors
VOID NTAPI ExGetCurrentProcessorCpuUsage(PULONG CpuUsage)
const LUID SeTcbPrivilege
PMDL NTAPI IoAllocateMdl(IN PVOID VirtualAddress, IN ULONG Length, IN BOOLEAN SecondaryBuffer, IN BOOLEAN ChargeQuota, IN PIRP Irp)
struct _KTHREAD * IdleThread
struct _SYSTEM_PROCESS_INFORMATION * PSYSTEM_PROCESS_INFORMATION
#define SystemLoadGdiDriverInformation
NTSTATUS NTAPI IoWMIOpenBlock(_In_ LPCGUID DataBlockGuid, _In_ ULONG DesiredAccess, _Out_ PVOID *DataBlockObject)
FORCEINLINE VOID ExAcquirePushLockShared(PEX_PUSH_LOCK PushLock)
struct _SYSTEM_EXCEPTION_INFORMATION * PSYSTEM_EXCEPTION_INFORMATION
ARC_STATUS NTAPI HalSetEnvironmentVariable(IN PCH Name, IN PCH Value)
struct _FileName FileName
PFN_COUNT MmNumberOfPhysicalPages
DRIVER_INFORMATION DriverInfo
#define KeLeaveCriticalRegion()
LONG NTAPI ExSystemExceptionFilter(VOID)
#define STATUS_BUFFER_OVERFLOW
struct _SYSTEM_LOOKASIDE_INFORMATION SYSTEM_LOOKASIDE_INFORMATION
VOID NTAPI MmProbeAndLockPages(IN PMDL Mdl, IN KPROCESSOR_MODE AccessMode, IN LOCK_OPERATION Operation)
struct _SYSTEM_DEVICE_INFORMATION * PSYSTEM_DEVICE_INFORMATION
enum _LOCK_OPERATION LOCK_OPERATION
RTL_TIME_ZONE_INFORMATION ExpTimeZoneInfo
ULONG KeExceptionDispatchCount
_In_ ULONG _Out_opt_ PULONG RequiredLength
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
PFN_COUNT MiUsedSwapPages
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
PKPRCB KiProcessorBlock[]
struct _SYSTEM_PERFORMANCE_INFORMATION SYSTEM_PERFORMANCE_INFORMATION
#define SystemBasicInformation
#define FIELD_OFFSET(t, f)
NTSTATUS ExpSetTimeZoneInformation(PRTL_TIME_ZONE_INFORMATION TimeZoneInformation)
struct _SYSTEM_BASIC_INFORMATION SYSTEM_BASIC_INFORMATION
struct _SYSTEM_INTERRUPT_INFORMATION * PSYSTEM_INTERRUPT_INFORMATION
PVOID MmHighestUserAddress
LIST_ENTRY ExpFirmwareTableProviderListHead
#define KeReleaseSpinLock(sl, irql)
UNICODE_STRING * PUNICODE_STRING
enum _SUITE_TYPE SUITE_TYPE
struct _SYSTEM_BASIC_INFORMATION * PSYSTEM_BASIC_INFORMATION
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
FORCEINLINE VOID ExReleasePushLockShared(PEX_PUSH_LOCK PushLock)
PFN_COUNT MiFreeSwapPages
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RtlZeroMemory(Destination, Length)
_In_ FLT_SET_CONTEXT_OPERATION Operation
struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO SYSTEM_HANDLE_TABLE_ENTRY_INFO
#define _SEH2_EXCEPT(...)
PFN_NUMBER MmHighestPhysicalPage
#define ExFreePoolWithTag(_P, _T)
#define _SEH2_GetExceptionCode()
ULONG IoOtherOperationCount
struct _QSSI_CALLS QSSI_CALLS
_In_ FILTER_INFORMATION_CLASS InformationClass
#define OBJ_HANDLE_ATTRIBUTES
IN PVOID IN PVOID IN PCHAR IN OUT PPORT_CONFIGURATION_INFORMATION ConfigInfo
#define MAX_SYSTEM_INFO_CLASS
#define STATUS_ILLEGAL_FUNCTION
EX_PUSH_LOCK HandleTableListLock
#define UInt32x32To64(a, b)
NTSTATUS NTAPI NtQuerySystemEnvironmentValueEx(IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, IN PVOID Value, IN OUT PULONG ReturnLength, IN OUT PULONG Attributes)
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
struct _SYSTEM_DEVICE_INFORMATION SYSTEM_DEVICE_INFORMATION
#define MmSystemRangeStart
IN HDEVINFO IN PSP_DEVINFO_DATA DeviceInfoData OPTIONAL
LIST_ENTRY ExpPagedLookasideListHead
USHORT CreatorBackTraceIndex
LIST_ENTRY ExSystemLookasideListHead
struct _ACPI_EFI_FILE_HANDLE CHAR16 UINT64 UINT64 Attributes
NTSTATUS NTAPI MmLoadSystemImage(IN PUNICODE_STRING FileName, IN PUNICODE_STRING NamePrefix OPTIONAL, IN PUNICODE_STRING LoadedName OPTIONAL, IN ULONG Flags, OUT PVOID *ModuleObject, OUT PVOID *ImageBaseAddress)
_Must_inspect_result_ _In_ LPCGUID _In_ ULONG _In_ FSRTL_ALLOCATE_ECP_FLAGS _In_opt_ PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK _Inout_ PVOID LookasideList
#define RTL_CONSTANT_STRING(s)
1.8.6