20 #define MAX_ENVVAL_SIZE 1024 22 #define SIG_ACPI 0x41435049 23 #define SIG_FIRM 0x4649524D 24 #define SIG_RSMB 0x52534D42 59 &LdrEntry->FullDllName,
101 ULONG ModuleCount = 0;
109 NextEntry = KernelModeList->
Flink;
110 while (NextEntry != KernelModeList)
136 NextEntry = NextEntry->
Flink;
142 NextEntry = UserModeList->
Flink;
143 while (NextEntry != UserModeList)
169 NextEntry = NextEntry->
Flink;
180 Modules->NumberOfModules = ModuleCount;
207 PVOID *MappedSystemVa,
213 *MappedSystemVa =
NULL;
237 if (*MappedSystemVa ==
NULL)
256 PVOID DataBlockObject;
285 DPRINT1(
"Failed to allocate %lu bytes for SMBIOS tables\n", WMIBufSize);
335 *CpuUsage = (
ULONG)(100 - (ScaledIdle / TotalTime));
422 DPRINT1(
"NtQuerySystemEnvironmentValue: Caller requires the SeSystemEnvironmentPrivilege privilege!\n");
437 if (AnsiValueBuffer ==
NULL)
459 RtlInitEmptyUnicodeString(&WValue, ValueBuffer, (
USHORT)ValueBufferLength);
540 DPRINT1(
"NtSetSystemEnvironmentValue: Caller requires the SeSystemEnvironmentPrivilege privilege!\n");
595 #define QSI_USE(n) QSI##n 597 static NTSTATUS QSI_USE(n) (PVOID Buffer, ULONG Size, PULONG ReqSize) 599 #define SSI_USE(n) SSI##n 601 static NTSTATUS SSI_USE(n) (PVOID Buffer, ULONG Size) 660 #if (NTDDI_VERSION < NTDDI_WIN8) 677 ULONG IdleUser, IdleKernel;
868 DPRINT1(
"NtQuerySystemInformation - SystemPathInformation not implemented\n");
882 USHORT ImageNameMaximumLength;
885 ULONG TotalSize = 0, ThreadsCount;
886 ULONG TotalUser, TotalKernel;
924 if ((
Process->ProcessExiting) &&
925 (
Process->Pcb.Header.SignalState) &&
929 DPRINT1(
"Process %p (%s:%p) is a zombie\n",
932 ImageNameMaximumLength = 0;
941 CurrentEntry =
Process->Pcb.ThreadListHead.Flink;
942 while (CurrentEntry != &
Process->Pcb.ThreadListHead)
945 CurrentEntry = CurrentEntry->
Flink;
952 ProcessImageName = TempProcessImageName;
956 szSrc = (
PWCHAR)((
PCHAR)ProcessImageName->Buffer + ProcessImageName->Length);
958 while (szSrc > ProcessImageName->Buffer)
968 ImageNameLength +=
sizeof(
WCHAR);
978 if (ImageNameLength > 0)
979 ImageNameMaximumLength =
ROUND_UP(ImageNameLength +
sizeof(
WCHAR), 8);
981 ImageNameMaximumLength = 0;
983 TotalSize += CurrentSize + ImageNameMaximumLength;
986 if (TotalSize >
Size)
1041 CurrentEntry =
Process->Pcb.ThreadListHead.Flink;
1042 while (CurrentEntry != &
Process->Pcb.ThreadListHead)
1059 CurrentEntry = CurrentEntry->
Flink;
1068 if (ProcessImageName)
1072 ProcessImageName =
NULL;
1092 Current += CurrentSize + ImageNameMaximumLength;
1103 if (ProcessImageName)
1116 *ReqSize = TotalSize;
1124 DPRINT1(
"NtQuerySystemInformation - SystemCallCountInformation not implemented\n");
1168 if (
Size < *ReqSize)
1195 #if (NTDDI_VERSION >= NTDDI_VISTA) 1205 #if (NTDDI_VERSION < NTDDI_VISTA) 1232 DPRINT1(
"NtQuerySystemInformation - SystemCallTimeInformation not implemented\n");
1262 DPRINT1(
"NtQuerySystemInformation - SystemLocksInformation not implemented\n");
1270 DPRINT1(
"NtQuerySystemInformation - SystemStackTraceInformation not implemented\n");
1278 DPRINT1(
"NtQuerySystemInformation - SystemPagedPoolInformation not implemented\n");
1286 DPRINT1(
"NtQuerySystemInformation - SystemNonPagedPoolInformation not implemented\n");
1304 DPRINT(
"NtQuerySystemInformation - SystemHandleInformation\n");
1310 if (
Size < *ReqSize)
1340 NextTableEntry = NextTableEntry->
Flink)
1350 if ((HandleTableEntry->
Object) &&
1363 if (*ReqSize >
Size)
1424 DPRINT1(
"NtQuerySystemInformation - SystemObjectInformation not implemented\n");
1456 DPRINT1(
"NtQuerySystemInformation - SystemVdmInstemulInformation not implemented\n");
1464 DPRINT1(
"NtQuerySystemInformation - SystemVdmBopInformation not implemented\n");
1475 if (
Size < *ReqSize)
1502 DPRINT1(
"NtSetSystemInformation - SystemFileCacheInformation not implemented\n");
1564 DPRINT1(
"NtSetSystemInformation - SystemDpcBehaviourInformation not implemented\n");
1575 *ReqSize =
sizeof(
ULONG);
1582 DPRINT(
"SystemFullMemoryInformation\n");
1586 DPRINT(
"PID: %p, KernelTime: %u PFFree: %lu PFUsed: %lu\n",
1603 PVOID SectionPointer;
1736 DPRINT1(
"NtQuerySystemInformation - SystemSummaryMemoryInformation not implemented\n");
1744 DPRINT1(
"NtQuerySystemInformation - SystemNextEventIdInformation not implemented\n");
1752 DPRINT1(
"NtQuerySystemInformation - SystemPerformanceTraceInformation not implemented\n");
1760 DPRINT1(
"NtQuerySystemInformation - SystemCrashDumpInformation not implemented\n");
1770 ULONG AlignmentFixupCount = 0, ExceptionDispatchCount = 0;
1771 ULONG FloatingEmulationCount = 0, ByteWordEmulationCount = 0;
1787 FloatingEmulationCount += Prcb->KeFloatingEmulationCount;
1805 DPRINT1(
"NtQuerySystemInformation - SystemCrashDumpStateInformation not implemented\n");
1814 #if (NTDDI_VERSION >= NTDDI_VISTA) 1826 #if (NTDDI_VERSION < NTDDI_VISTA) 1838 ULONG ContextSwitches;
1847 ContextSwitches = 0;
1860 ContextSwitchInformation->
FindAny = 0;
1861 ContextSwitchInformation->
FindLast = 0;
1862 ContextSwitchInformation->
FindIdeal = 0;
1863 ContextSwitchInformation->
IdleAny = 0;
1865 ContextSwitchInformation->
IdleLast = 0;
1866 ContextSwitchInformation->
IdleIdeal = 0;
1886 DPRINT1(
"Faking max registry size of 32 MB\n");
1897 DPRINT1(
"NtSetSystemInformation - SystemRegistryQuotaInformation not implemented\n");
1954 sizeof(Win32kName));
1962 (
PVOID)&ModuleObject,
2020 DPRINT1(
"NtQuerySystemInformation - SystemVerifierAddDriverInformation not implemented\n");
2028 DPRINT1(
"NtQuerySystemInformation - SystemVerifierRemoveDriverInformation not implemented\n");
2043 DPRINT1(
"NtQuerySystemInformation - SystemPowerInformation not implemented\n");
2051 DPRINT1(
"NtQuerySystemInformation - SystemLegacyDriverInformation not implemented\n");
2100 Info = *InfoPointer;
2101 Remaining = *RemainingPointer;
2104 for (ListEntry = ListHead->
Flink;
2105 (ListEntry != ListHead) && (Remaining > 0);
2106 ListEntry = ListEntry->
Flink, Remaining--)
2137 *InfoPointer =
Info;
2138 *RemainingPointer = Remaining;
2147 ULONG MaxCount, Remaining;
2237 DPRINT1(
"NtSetSystemInformation - SystemTimeSlipNotification not implemented\n");
2301 DPRINT1(
"NtQuerySystemInformation - SystemSessionInformation not implemented\n");
2314 if (ReqSize) *ReqSize =
sizeof(
ULONG_PTR);
2323 DPRINT1(
"NtQuerySystemInformation - SystemVerifierInformation not implemented\n");
2331 DPRINT1(
"NtSetSystemInformation - SystemVerifierInformation not implemented\n");
2340 DPRINT1(
"NtSetSystemInformation - SystemVerifierThunkExtend not implemented\n");
2349 DPRINT1(
"NtQuerySystemInformation - SystemSessionProcessInformation not implemented\n");
2358 DPRINT1(
"NtSetSystemInformation - SystemLoadGdiDriverInSystemSpaceInformation not implemented\n");
2403 *ReqSize =
sizeof(
ULONG);
2414 DPRINT1(
"NtQuerySystemInformation - SystemPrefetcherInformation not implemented\n");
2423 DPRINT1(
"NtQuerySystemInformation - SystemExtendedProcessInformation not implemented\n");
2432 DPRINT1(
"NtQuerySystemInformation - SystemRecommendedSharedDataAlignment not implemented\n");
2469 if (MaxEntries == 1)
2485 *ReqSize =
sizeof(
ULONG);
2504 DPRINT(
"NtQuerySystemInformation - SystemExtendedHandleInformation\n");
2510 if (
Size < *ReqSize)
2540 NextTableEntry = NextTableEntry->
Flink)
2550 if ((HandleTableEntry->
Object) &&
2563 if (*ReqSize >
Size)
2656 if ((CurrentProc & 1) &&
2693 }
while (CurrentProc != 0);
2729 ULONG TableCount = 0;
2731 DPRINT(
"NtQuerySystemInformation - SystemFirmwareTableInformation\n");
2737 if (
Size < *ReqSize)
2752 DPRINT1(
"ACPI provider not implemented\n");
2759 DPRINT1(
"FIRM provider not implemented\n");
2788 DPRINT1(
"SystemFirmwareTableInformation: Unsupported provider (0x%x)\n",
2796 switch (SysFirmwareInfo->
Action)
2809 DPRINT1(
"SystemFirmwareTableInformation: Unsupported action (0x%x)\n",
2810 SysFirmwareInfo->
Action);
2835 #define SI_QS(n) {QSI_USE(n),SSI_USE(n)} 2836 #define SI_QX(n) {QSI_USE(n),NULL} 2837 #define SI_XS(n) {NULL,SSI_USE(n)} 2838 #define SI_XX(n) {NULL,NULL} 2884 SI_QX(SystemVerifierAddDriverInformation),
2885 SI_QX(SystemVerifierRemoveDriverInformation),
2886 SI_QX(SystemProcessorIdleInformation),
2887 SI_QX(SystemLegacyDriverInformation),
2896 SI_XS(SystemVerifierThunkExtend),
2924 #define MIN_SYSTEM_INFO_CLASS (SystemBasicInformation) 2925 #define MAX_SYSTEM_INFO_CLASS (sizeof(CallQS) / sizeof(CallQS[0])) 2950 #if (NTDDI_VERSION >= NTDDI_VISTA) 2968 if (UnsafeResultLength !=
NULL)
2972 if (UnsafeResultLength)
2973 *UnsafeResultLength = 0;
2975 #if (NTDDI_VERSION < NTDDI_VISTA) 2991 FStatus =
CallQS [SystemInformationClass].
Query(SystemInformation,
2996 if (UnsafeResultLength)
3014 IN ULONG SystemInformationLength)
3046 SystemInformationLength);
3067 #undef ExGetPreviousMode static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
#define ProbeForWriteUlong(Ptr)
enum _SYSTEM_INFORMATION_CLASS SYSTEM_INFORMATION_CLASS
#define KeQuerySystemTime(t)
#define KeGetCurrentIrql()
const LUID SeSystemEnvironmentPrivilege
NTSTATUS NTAPI MmSessionCreate(OUT PULONG SessionId)
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
NTSTATUS NTAPI ExpQueryModuleInformation(IN PLIST_ENTRY KernelModeList, IN PLIST_ENTRY UserModeList, OUT PRTL_PROCESS_MODULES Modules, IN ULONG Length, OUT PULONG ReturnLength)
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
PHANDLE_TABLE_ENTRY NTAPI ExpLookupHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN EXHANDLE Handle)
#define MM_VIRTMEM_GRANULARITY
#define STATUS_PRIVILEGE_NOT_HELD
ERESOURCE ExpFirmwareTableResource
struct _SYSTEM_REGISTRY_QUOTA_INFORMATION SYSTEM_REGISTRY_QUOTA_INFORMATION
LIST_ENTRY ThreadListEntry
#define TYPE_ALIGNMENT(t)
const LUID SeSystemtimePrivilege
MM_MEMORY_CONSUMER MiMemoryConsumers[MC_MAXIMUM]
#define STATUS_INSUFFICIENT_RESOURCES
_In_ ULONG _In_ ULONG _In_ ULONG Length
#define ROUND_UP(n, align)
#define STATUS_INFO_LENGTH_MISMATCH
LARGE_INTEGER IoWriteTransferCount
struct _PROCESSOR_POWER_INFORMATION PROCESSOR_POWER_INFORMATION
LONG IoWriteOperationCount
LIST_ENTRY ExPoolLookasideListHead
BOOLEAN NTAPI ExIsProcessorFeaturePresent(IN ULONG ProcessorFeature)
struct _SYSTEM_NUMA_INFORMATION * PSYSTEM_NUMA_INFORMATION
const LUID SeDebugPrivilege
ACPI_SIZE strlen(const char *String)
IN BOOLEAN OUT PSTR Buffer
PCONFIGURATION_INFORMATION NTAPI IoGetConfigurationInformation(VOID)
NTSTATUS NTAPI NtSetSystemEnvironmentValueEx(IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, IN PVOID Value, IN OUT PULONG ReturnLength, IN OUT PULONG Attributes)
LARGE_INTEGER IoReadTransferCount
struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION * PSYSTEM_QUERY_TIME_ADJUST_INFORMATION
NTSTATUS NTAPI SeLocateProcessImageName(IN PEPROCESS Process, OUT PUNICODE_STRING *ProcessImageName)
static VOID ExpCopyLookasideInformation(PSYSTEM_LOOKASIDE_INFORMATION *InfoPointer, PULONG RemainingPointer, PLIST_ENTRY ListHead, BOOLEAN ListUsesMisses)
#define KeGetPreviousMode()
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
ULONG NTAPI KeQueryTimeIncrement(VOID)
LARGE_INTEGER IoWriteTransferCount
FAST_MUTEX ExpEnvironmentLock
IN PVOID IN PVOID IN USHORT IN USHORT Size
PFN_NUMBER MmLowestPhysicalPage
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
struct _ThreadInfo ThreadInfo
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
VOID NTAPI MmUnlockPages(IN PMDL Mdl)
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
ULONG KiAdjustDpcThreshold
NTSTATUS NTAPI NtEnumerateSystemEnvironmentValuesEx(IN ULONG InformationClass, IN PVOID Buffer, IN ULONG BufferLength)
VOID NTAPI ExUnlockUserBuffer(PMDL Mdl)
#define KD_DEBUGGER_NOT_PRESENT
struct _SYSTEM_PERFORMANCE_INFORMATION * PSYSTEM_PERFORMANCE_INFORMATION
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 ACPI_STATUS const char UINT32 const char const char * ModuleName
VOID NTAPI ExGetCurrentProcessorCounts(PULONG ThreadKernelTime, PULONG TotalCpuTime, PULONG ProcessorNumber)
NTSTATUS NTAPI ExGetPoolTagInfo(IN PSYSTEM_POOLTAG_INFORMATION SystemInformation, IN ULONG SystemInformationLength, IN OUT PULONG ReturnLength OPTIONAL)
ARC_STATUS NTAPI HalGetEnvironmentVariable(IN PCH Name, IN USHORT ValueLength, IN PCH Value)
PFN_NUMBER MmAvailablePages
BOOLEAN NTAPI ExVerifySuite(SUITE_TYPE SuiteType)
#define MmGetSystemAddressForMdlSafe(_Mdl, _Priority)
struct _SYSTEM_PROCESSOR_INFORMATION SYSTEM_PROCESSOR_INFORMATION
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
ULONG IoWriteOperationCount
#define RtlMoveMemory(Destination, Source, Length)
NTSTATUS NTAPI ExLockUserBuffer(PVOID BaseAddress, ULONG Length, KPROCESSOR_MODE AccessMode, LOCK_OPERATION Operation, PVOID *MappedSystemVa, PMDL *OutMdl)
#define STATUS_BUFFER_TOO_SMALL
BOOLEAN KiTimeAdjustmentEnabled
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
PKSTART_ROUTINE StartAddress
ULONG IoReadOperationCount
struct LOOKASIDE_ALIGN _GENERAL_LOOKASIDE GENERAL_LOOKASIDE
ERESOURCE PsLoadedModuleResource
_Must_inspect_result_ _In_ WDFCHILDLIST _In_ PWDF_CHILD_LIST_ITERATOR _Out_ WDFDEVICE _Inout_opt_ PWDF_CHILD_RETRIEVE_INFO Info
ULONG NTAPI NtGetCurrentProcessorNumber(VOID)
BOOLEAN NTAPI ExAcquireResourceExclusiveLite(IN PERESOURCE Resource, IN BOOLEAN Wait)
FORCEINLINE ULONG KeGetCurrentProcessorNumber(VOID)
struct _SYSTEM_PROCESSOR_INFORMATION * PSYSTEM_PROCESSOR_INFORMATION
UNICODE_STRING PageFileName
return STATUS_NOT_IMPLEMENTED
NTSTATUS NTAPI MmSessionDelete(IN ULONG SessionId)
struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
struct _SYSTEM_REGISTRY_QUOTA_INFORMATION * PSYSTEM_REGISTRY_QUOTA_INFORMATION
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
static QSSI_CALLS CallQS[]
#define OBJ_NAME_PATH_SEPARATOR
ULONG KeAlignmentFixupCount
struct LOOKASIDE_ALIGN _GENERAL_LOOKASIDE * PGENERAL_LOOKASIDE
LARGE_INTEGER ExpTimeZoneBias
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
NTSTATUS NTAPI NtSetSystemInformation(IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN PVOID SystemInformation, IN ULONG SystemInformationLength)
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
NTSTATUS NTAPI IoWMIQueryAllData(IN PVOID DataBlockObject, IN OUT ULONG *InOutBufferSize, OUT PVOID OutBuffer)
struct _SYSTEM_FLAGS_INFORMATION SYSTEM_FLAGS_INFORMATION
struct _KTHREAD * CurrentThread
struct _RTL_TIME_ZONE_INFORMATION RTL_TIME_ZONE_INFORMATION
LONG IoReadOperationCount
_In_ ULONG _Out_writes_bytes_opt_ InformationLength PAUX_MODULE_EXTENDED_INFO ModuleInfo
#define ObpGetHandleObject(x)
#define STATUS_BREAKPOINT
const LUID SeLoadDriverPrivilege
#define STATUS_INVALID_PARAMETER_2
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
struct _KPRCB * MultiThreadSetMaster
struct _SYSTEM_FLAGS_INFORMATION * PSYSTEM_FLAGS_INFORMATION
VOID NTAPI PsChangeQuantumTable(IN BOOLEAN Immediate, IN ULONG PrioritySeparation)
#define SystemPerformanceInformation
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToAnsiString(PANSI_STRING DestinationString, PUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
NTSTATUS NTAPI MmUnloadSystemImage(IN PVOID ImageHandle)
struct _SYSTEM_SET_TIME_ADJUST_INFORMATION * PSYSTEM_SET_TIME_ADJUST_INFORMATION
NTSTATUS NTAPI ExpGetRawSMBiosTable(_Out_opt_ PVOID Buffer, _Out_ ULONG *OutSize, _In_ ULONG BufferSize)
struct _LIST_ENTRY * Flink
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
USHORT KeProcessorArchitecture
_In_ KPROCESSOR_MODE PreviousMode
USHORT KeProcessorRevision
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
LIST_ENTRY ExpNonPagedLookasideListHead
struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION SYSTEM_QUERY_TIME_ADJUST_INFORMATION
const GUID MSSmBios_RawSMBiosTables_GUID
struct _SYSTEM_THREAD_INFORMATION * PSYSTEM_THREAD_INFORMATION
struct _SYSTEM_PAGEFILE_INFORMATION SYSTEM_PAGEFILE_INFORMATION
#define STATUS_INVALID_IMAGE_FORMAT
ULONG ObpObjectSecurityMode
#define PROCESSOR_FEATURE_MAX
#define NT_SUCCESS(StatCode)
struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION * PSYSTEM_KERNEL_DEBUGGER_INFORMATION
LIST_ENTRY HandleTableListHead
struct _SYSTEM_CONTEXT_SWITCH_INFORMATION * PSYSTEM_CONTEXT_SWITCH_INFORMATION
_In_ WDFCOLLECTION _In_ ULONG Index
#define EXCEPTION_EXECUTE_HANDLER
NTSTATUS NTAPI NtSetSystemEnvironmentValue(IN PUNICODE_STRING VariableName, IN PUNICODE_STRING Value)
LIST_ENTRY PsLoadedModuleList
struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION SYSTEM_LOGICAL_PROCESSOR_INFORMATION
struct _SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION
#define KeAcquireSpinLock(sl, irql)
#define ObDereferenceObject
BOOLEAN NTAPI ExpLockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
NTSYSAPI VOID NTAPI RtlFreeAnsiString(PANSI_STRING AnsiString)
#define KD_DEBUGGER_ENABLED
struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION SYSTEM_KERNEL_DEBUGGER_INFORMATION
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
#define STATUS_ACCESS_DENIED
struct _SYSTEM_FIRMWARE_TABLE_INFORMATION * PSYSTEM_FIRMWARE_TABLE_INFORMATION
BOOL Query(LPCTSTR *ServiceArgs, DWORD ArgCount, BOOL bExtended)
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION * PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
struct _SYSTEM_FILECACHE_INFORMATION SYSTEM_FILECACHE_INFORMATION
FORCEINLINE NTSTATUS ExpConvertLdrModuleToRtlModule(IN ULONG ModuleCount, IN PLDR_DATA_TABLE_ENTRY LdrEntry, OUT PRTL_PROCESS_MODULE_INFORMATION ModuleInfo)
NTSYSAPI NTSTATUS NTAPI ZwSetSystemInformation(_In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, _In_ PVOID SystemInformation, _In_ SIZE_T SystemInformationLength)
LARGE_INTEGER IoOtherTransferCount
KSPIN_LOCK ExpPagedLookasideListLock
#define KeGetContextSwitches(Prcb)
#define STATUS_UNSUCCESSFUL
LIST_ENTRY MmLoadedUserImageList
LARGE_INTEGER IoOtherTransferCount
LONG IoOtherOperationCount
#define ExAllocatePoolWithTag(hernya, size, tag)
struct _RTL_PROCESS_MODULE_INFORMATION RTL_PROCESS_MODULE_INFORMATION
NTSTATUS(* Set)(PVOID, ULONG)
static const char * ImageName
DRIVER_INITIALIZE * PDRIVER_INITIALIZE
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
#define STATUS_INVALID_INFO_CLASS
#define RtlImageDirectoryEntryToData
C_ASSERT(SystemBasicInformation==0)
KSPIN_LOCK ExpNonPagedLookasideListLock
#define KeEnterCriticalRegion()
NTSTATUS NTAPI NtQuerySystemEnvironmentValue(IN PUNICODE_STRING VariableName, OUT PWSTR ValueBuffer, IN ULONG ValueBufferLength, IN OUT PULONG ReturnLength OPTIONAL)
#define memcpy(s1, s2, n)
PEPROCESS NTAPI PsGetNextProcess(IN PEPROCESS OldProcess OPTIONAL)
VOID NTAPI ExQueryPoolUsage(OUT PULONG PagedPoolPages, OUT PULONG NonPagedPoolPages, OUT PULONG PagedPoolAllocs, OUT PULONG PagedPoolFrees, OUT PULONG PagedPoolLookasideHits, OUT PULONG NonPagedPoolAllocs, OUT PULONG NonPagedPoolFrees, OUT PULONG NonPagedPoolLookasideHits)
#define SystemExtendServiceTableInformation
struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX
#define _Out_writes_bytes_to_opt_(size, count)
#define MIN_SYSTEM_INFO_CLASS
ULONG CcPinMappedDataCount
#define IMAGE_DIRECTORY_ENTRY_EXPORT
KAFFINITY KeActiveProcessors
VOID NTAPI ExGetCurrentProcessorCpuUsage(PULONG CpuUsage)
const LUID SeTcbPrivilege
LARGE_INTEGER IoReadTransferCount
PMDL NTAPI IoAllocateMdl(IN PVOID VirtualAddress, IN ULONG Length, IN BOOLEAN SecondaryBuffer, IN BOOLEAN ChargeQuota, IN PIRP Irp)
struct _KTHREAD * IdleThread
struct _SYSTEM_PROCESS_INFORMATION * PSYSTEM_PROCESS_INFORMATION
#define SystemLoadGdiDriverInformation
NTSTATUS NTAPI IoWMIOpenBlock(_In_ LPCGUID DataBlockGuid, _In_ ULONG DesiredAccess, _Out_ PVOID *DataBlockObject)
FORCEINLINE VOID ExAcquirePushLockShared(PEX_PUSH_LOCK PushLock)
struct _SYSTEM_EXCEPTION_INFORMATION * PSYSTEM_EXCEPTION_INFORMATION
ULONG KiMaximumDpcQueueDepth
ARC_STATUS NTAPI HalSetEnvironmentVariable(IN PCH Name, IN PCH Value)
struct _FileName FileName
PFN_COUNT MmNumberOfPhysicalPages
DRIVER_INFORMATION DriverInfo
#define KeLeaveCriticalRegion()
LONG NTAPI ExSystemExceptionFilter(VOID)
#define STATUS_BUFFER_OVERFLOW
struct _SYSTEM_LOOKASIDE_INFORMATION SYSTEM_LOOKASIDE_INFORMATION
VOID NTAPI MmProbeAndLockPages(IN PMDL Mdl, IN KPROCESSOR_MODE AccessMode, IN LOCK_OPERATION Operation)
struct _SYSTEM_DEVICE_INFORMATION * PSYSTEM_DEVICE_INFORMATION
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
NTSTATUS(* Query)(PVOID, ULONG, PULONG)
enum _LOCK_OPERATION LOCK_OPERATION
RTL_TIME_ZONE_INFORMATION ExpTimeZoneInfo
CHAR FullPathName[AUX_KLIB_MODULE_PATH_LEN]
UINT64 MultiThreadProcessorSet
ULONG KeExceptionDispatchCount
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
PFN_COUNT MiUsedSwapPages
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
PKPRCB KiProcessorBlock[]
struct _SYSTEM_PERFORMANCE_INFORMATION SYSTEM_PERFORMANCE_INFORMATION
#define FIELD_OFFSET(t, f)
NTSTATUS ExpSetTimeZoneInformation(PRTL_TIME_ZONE_INFORMATION TimeZoneInformation)
_In_ ULONG _Out_opt_ PULONG RequiredLength
struct _SYSTEM_BASIC_INFORMATION SYSTEM_BASIC_INFORMATION
struct _SYSTEM_INTERRUPT_INFORMATION * PSYSTEM_INTERRUPT_INFORMATION
PVOID MmHighestUserAddress
LIST_ENTRY ExpFirmwareTableProviderListHead
#define KeReleaseSpinLock(sl, irql)
UNICODE_STRING * PUNICODE_STRING
_In_ WDFDEVICE _In_ PVOID _In_opt_ PMDL Mdl
enum _SUITE_TYPE SUITE_TYPE
struct _SYSTEM_BASIC_INFORMATION * PSYSTEM_BASIC_INFORMATION
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
FORCEINLINE VOID ExReleasePushLockShared(PEX_PUSH_LOCK PushLock)
PFN_COUNT MiFreeSwapPages
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RtlZeroMemory(Destination, Length)
_In_ FLT_SET_CONTEXT_OPERATION Operation
#define RtlCopyMemory(Destination, Source, Length)
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO SYSTEM_HANDLE_TABLE_ENTRY_INFO
#define _SEH2_EXCEPT(...)
PFN_NUMBER MmHighestPhysicalPage
#define _SEH2_GetExceptionCode()
#define _SEH2_YIELD(__stmt)
ULONG IoOtherOperationCount
struct _QSSI_CALLS QSSI_CALLS
_In_ FILTER_INFORMATION_CLASS InformationClass
#define OBJ_HANDLE_ATTRIBUTES
#define MAX_SYSTEM_INFO_CLASS
#define ExFreePoolWithTag(_P, _T)
#define STATUS_ILLEGAL_FUNCTION
EX_PUSH_LOCK HandleTableListLock
#define UInt32x32To64(a, b)
NTSTATUS NTAPI NtQuerySystemEnvironmentValueEx(IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, IN PVOID Value, IN OUT PULONG ReturnLength, IN OUT PULONG Attributes)
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
__kernel_entry NTSTATUS NTAPI NtQuerySystemInformation(_In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, _Out_writes_bytes_to_opt_(SystemInformationLength, *ReturnLength) PVOID SystemInformation, _In_ ULONG Length, _Out_opt_ PULONG UnsafeResultLength)
struct _SYSTEM_DEVICE_INFORMATION SYSTEM_DEVICE_INFORMATION
#define MmSystemRangeStart
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT _In_opt_ PVOID _In_ ULONG DataSize
struct _SYSTEM_DPC_BEHAVIOR_INFORMATION * PSYSTEM_DPC_BEHAVIOR_INFORMATION
LIST_ENTRY ExpPagedLookasideListHead
LIST_ENTRY ExSystemLookasideListHead
_In_ WDFMEMORY _Out_opt_ size_t * BufferSize
NTSTATUS NTAPI MmLoadSystemImage(IN PUNICODE_STRING FileName, IN PUNICODE_STRING NamePrefix OPTIONAL, IN PUNICODE_STRING LoadedName OPTIONAL, IN ULONG Flags, OUT PVOID *ModuleObject, OUT PVOID *ImageBaseAddress)
_Must_inspect_result_ _In_ LPCGUID _In_ ULONG _In_ FSRTL_ALLOCATE_ECP_FLAGS _In_opt_ PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK _Inout_ PVOID LookasideList
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
#define RTL_CONSTANT_STRING(s)
PULONG MinorVersion OPTIONAL
1.8.15