entered advanced internal development stage.

1 files changed, 676 insertions, 0 deletions

diff --git a/include/ntapi/nt_process.h b/include/ntapi/nt_process.h
new file mode 100644
index 0000000..61afdb5
--- /dev/null
+++ b/include/ntapi/nt_process.h
@@ -0,0 +1,676 @@
+#ifndef _NT_PROCESS_H_
+#define _NT_PROCESS_H_
+
+#include <psxtypes/psxtypes.h>
+#include <pemagine/pemagine.h>
+#include "nt_object.h"
+#include "nt_memory.h"
+#include "nt_section.h"
+
+typedef enum _nt_process_info_class {
+	NT_PROCESS_BASIC_INFORMATION,
+	NT_PROCESS_QUOTA_LIMITS,
+	NT_PROCESS_IO_COUNTERS,
+	NT_PROCESS_VM_COUNTERS,
+	NT_PROCESS_TIMES,
+	NT_PROCESS_BASE_PRIORITY,
+	NT_PROCESS_RAISE_PRIORITY,
+	NT_PROCESS_DEBUG_PORT,
+	NT_PROCESS_EXCEPTION_PORT,
+	NT_PROCESS_ACCESS_TOKEN,
+	NT_PROCESS_LDT_INFORMATION,
+	NT_PROCESS_LDT_SIZE,
+	NT_PROCESS_DEFAULT_HARD_ERROR_MODE,
+	NT_PROCESS_IO_PORT_HANDLERS,
+	NT_PROCESS_POOLED_USAGE_AND_LIMITS,
+	NT_PROCESS_WORKING_SET_WATCH,
+	NT_PROCESS_USER_MODE_IOPL,
+	NT_PROCESS_ENABLE_ALIGNMENT_FAULT_FIXUP,
+	NT_PROCESS_PRIORITY_CLASS,
+	NT_PROCESS_WX86_INFORMATION,
+	NT_PROCESS_HANDLE_COUNT,
+	NT_PROCESS_AFFINITY_MASK,
+	NT_PROCESS_PRIORITY_BOOST,
+	NT_PROCESS_DEVICE_MAP,
+	NT_PROCESS_SESSION_INFORMATION,
+	NT_PROCESS_FOREGROUND_INFORMATION,
+	NT_PROCESS_WOW64_INFORMATION,
+	NT_PROCESS_IMAGE_FILE_NAME
+} nt_process_info_class;
+
+
+typedef enum _nt_process_create_info_class {
+	NT_PROCESS_CREATE_INITIAL_STATE,
+	NT_PROCESS_CREATE_FAIL_ON_FILE_OPEN,
+	NT_PROCESS_CREATE_FAIL_ON_SECTION_CREATE,
+	NT_PROCESS_CREATE_FAIL_EXE_FORMAT,
+	NT_PROCESS_CREATE_FAIL_MACHINE_MISMATCH,
+	NT_PROCESS_CREATE_FAIL_EXE_NAME,
+	NT_PROCESS_CREATE_SUCCESS,
+	NT_PROCESS_CREATE_MAXIMUM_STATES,
+} nt_process_create_info_class;
+
+
+
+/* special handles */
+#define NT_CURRENT_PROCESS_HANDLE (void *)(uintptr_t)-1
+
+
+/* process access bits */
+#define NT_PROCESS_CREATE_PROCESS	0x00000080U
+#define NT_PROCESS_CREATE_THREAD	0x00000002U
+#define NT_PROCESS_DUP_HANDLE		0x00000040U
+#define NT_PROCESS_QUERY_INFORMATION	0x00000400U
+#define NT_PROCESS_SET_INFORMATION	0x00000200U
+#define NT_PROCESS_SET_QUOTA		0x00000100U
+#define NT_PROCESS_SUSPEND_RESUME	0x00000800U
+#define NT_PROCESS_TERMINATE		0x00000001U
+#define NT_PROCESS_VM_OPERATION		0x00000008U
+#define NT_PROCESS_VM_READ		0x00000010U
+#define NT_PROCESS_VM_WRITE		0x00000020U
+#define NT_PROCESS_SYNCHRONIZE		0x00100000U
+#define NT_PROCESS_PRESERVE_AUTHZ_LEVEL	0x02000000U
+#define NT_PROCESS_ALL_ACCESS		NT_PROCESS_CREATE_PROCESS \
+					| NT_PROCESS_CREATE_THREAD \
+					| NT_PROCESS_DUP_HANDLE \
+					| NT_PROCESS_QUERY_INFORMATION \
+					| NT_PROCESS_SET_INFORMATION \
+					| NT_PROCESS_SET_QUOTA \
+					| NT_PROCESS_SUSPEND_RESUME \
+					| NT_PROCESS_TERMINATE \
+					| NT_PROCESS_VM_OPERATION \
+					| NT_PROCESS_VM_READ \
+					| NT_PROCESS_VM_WRITE \
+					| NT_PROCESS_SYNCHRONIZE
+
+
+
+/* set error mode */
+#define NT_SEM_FAIL_CRITICAL_ERRORS		0x0001
+#define NT_SEM_NO_GP_FAULT_ERROR_BOX		0x0002
+#define NT_SEM_NO_ALIGNMENT_FAULT_EXCEPT	0x0004
+#define NT_SEM_NO_OPEN_FILE_ERROR_BOX		0x8000
+
+
+/* process priority class (information class) */
+#define NT_PC_IDLE		0x00
+#define NT_PC_NORMAL		0x02
+#define NT_PC_HIGH		0x03
+#define NT_PC_REALTIME		0x04
+#define NT_PC_BELOW_NORMAL	0x05
+#define NT_PC_ABOVE_NORMAL	0x05
+
+
+/* process device map drive type */
+#define NT_DRIVE_UNKNOWN	0x00
+#define NT_NO_ROOT_DIR		0x01
+#define NT_DRIVE_REMOVABLE	0x02
+#define NT_DRIVE_FIXED		0x03
+#define NT_DRIVE_REMOTE		0x04
+#define NT_DRIVE_CDROM		0x05
+#define NT_DRIVE_RAMDISK	0x06
+
+
+/* process debug info class mask */
+#define NT_PDI_MODULES		0x0001
+#define NT_PDI_BACKTRACE	0x0002
+#define NT_PDI_HEAPS		0x0004
+#define NT_PDI_HEAP_TAGS	0x0008
+#define NT_PDI_HEAP_BLOCKS	0x0010
+#define NT_PDI_LOCKS		0x0020
+
+
+/* process debug module information flags */
+#define NT_LDRP_STATIC_LINK			0x00000002
+#define NT_LDRP_IMAGE_DLL			0x00000004
+#define NT_LDRP_LOAD_IN_PROGRESS		0x00001000
+#define NT_LDRP_UNLOAD_IN_PROGRESS		0x00002000
+#define NT_LDRP_ENTRY_PROCESSED			0x00004000
+#define NT_LDRP_ENTRY_INSERTED			0x00008000
+#define NT_LDRP_CURRENT_LOAD			0x00010000
+#define NT_LDRP_FAILED_BUILTIN_LOAD		0x00020000
+#define NT_LDRP_DONT_CALL_FOR_THREADS		0x00040000
+#define NT_LDRP_PROCESS_ATTACH_CALLED		0x00080000
+#define NT_LDRP_DEBUG_SYMBOLS_LOADED		0x00100000
+#define NT_LDRP_IMAGE_NOT_AT_BASE		0x00200000
+#define NT_LDRP_WX86_IGNORE_MACHINETYPE		0x00400000
+
+
+/* create process info bits */
+#define NT_PROCESS_CREATE_INFO_WRITE_OUTPUT	0x00000001
+#define NT_PROCESS_CREATE_INFO_OBTAIN_OUTPUT	0x20000003
+
+/* zw_create_user_process: creation flags */
+#define NT_PROCESS_CREATE_FLAGS_CREATE_THREAD_SUSPENDED		(0x00000001)
+#define NT_PROCESS_CREATE_FLAGS_RESET_DEBUG_PORT		(0x00000002)
+#define NT_PROCESS_CREATE_FLAGS_INHERIT_HANDLES			(0x00000004)
+#define NT_PROCESS_CREATE_FLAGS_NO_OBJECT_SYNC			(0x00000100)
+
+/* zw_create_user_process: extended parameters */
+#define NT_CREATE_PROCESS_EXT_PARAM_SET_FILE_NAME		(0x00020005)
+#define NT_CREATE_PROCESS_EXT_PARAM_SET_VIRTUAL_ADDR_RANGES	(0x00020007)
+#define NT_CREATE_PROCESS_EXT_PARAM_SET_BASE_PRIORITY		(0x00020008)
+#define NT_CREATE_PROCESS_EXT_PARAM_SET_HARD_ERROR_MODE		(0x00020009)
+#define NT_CREATE_PROCESS_EXT_PARAM_SET_CONSOLE_FLAGS		(0x0002000A)
+#define NT_CREATE_PROCESS_EXT_PARAM_SET_INHERITED_HANDLES	(0x0002000B)
+#define NT_CREATE_PROCESS_EXT_PARAM_SET_PARENT			(0x00060000)
+#define NT_CREATE_PROCESS_EXT_PARAM_SET_DEBUG			(0x00060001)
+#define NT_CREATE_PROCESS_EXT_PARAM_SET_TOKEN			(0x00060002)
+
+#define NT_CREATE_PROCESS_EXT_PARAM_GET_SECTION_IMAGE_INFO	(0x00000006)
+#define NT_CREATE_PROCESS_EXT_PARAM_GET_CLIENT_ID		(0x00010003)
+#define NT_CREATE_PROCESS_EXT_PARAM_GET_TEB_ADDRESS		(0x00010004)
+
+
+/* zw_create_user_process: console flag bits */
+#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_DEFAULT		(0x00)
+#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_DO_NOT_USE_HANDLES	(0x00)
+#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_INHERIT_HANDLES	(0x01)
+#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_USE_ARG_HANDLES	(0x02)
+#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_INHERIT_STDIN	(0x04)
+#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_INHERIT_STDOUT	(0x08)
+#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_INHERIT_STDERR	(0x10)
+
+/* nt_runtime_data_block flag bits */
+#define NT_RUNTIME_DATA_DUPLICATE_SESSION_HANDLES		(0x01)
+
+/* tt_get_runtime_data flag bits */
+#define NT_RUNTIME_DATA_ALLOW_BUILTIN_DEFAULT			(0x01)
+
+/* runtime data convenience storage */
+#define NT_RUNTIME_DATA_USER_PTRS				(0x10)
+#define NT_RUNTIME_DATA_USER_INT32_SLOTS			(0x10)
+#define NT_RUNTIME_DATA_USER_INT64_SLOTS			(0x10)
+
+/* friendly process guids */
+#define NT_PROCESS_GUID_NTPGRP		{0xfa383cc0,0xa25b,0x4448,{0x83,0x45,0x51,0x45,0x4d,0xa8,0x2f,0x30}}
+#define NT_PROCESS_GUID_PIDMAP		{0xba054c90,0x8b4f,0x4989,{0xa0,0x52,0x32,0xce,0x41,0x9e,0xbf,0x97}}
+#define NT_PROCESS_GUID_PIDANY		{0x431bf6a6,0x65c4,0x4eb0,{0x88,0xca,0x16,0xfe,0xc0,0x18,0xc8,0xb7}}
+
+/* friendly process object directory prefixes */
+#define NT_PROCESS_OBJDIR_PREFIX_NTPGRP	{'n','t','p','g','r','p'}
+#define NT_PROCESS_OBJDIR_PREFIX_PIDMAP	{'p','i','d','m','a','p'}
+#define NT_PROCESS_OBJDIR_PREFIX_PIDANY	{'p','i','d','a','n','y'}
+
+typedef struct _nt_process_information {
+	void *		hprocess;
+	void *		hthread;
+	uintptr_t	process_id;
+	uintptr_t	thread_id;
+} nt_process_information, nt_process_info;
+
+
+typedef struct _nt_process_parameters {
+	uint32_t		alloc_size;
+	uint32_t		used_size;
+	uint32_t		flags;
+	uint32_t		reserved;
+	void *			hconsole;
+	uintptr_t		console_flags;
+	void *			hstdin;
+	void *			hstdout;
+	void *			hstderr;
+	nt_unicode_string	cwd_name;
+	void *			cwd_handle;
+	nt_unicode_string	__attr_ptr_size_aligned__ dll_path;
+	nt_unicode_string	__attr_ptr_size_aligned__ image_file_name;
+	nt_unicode_string	__attr_ptr_size_aligned__ command_line;
+	wchar16_t *		environment;
+	uint32_t		dwx;
+	uint32_t		dwy;
+	uint32_t		dwx_size;
+	uint32_t		dwy_size;
+	uint32_t		dwx_count_chars;
+	uint32_t		dwy_count_chars;
+	uint32_t		dw_fill_attribute;
+	uint32_t		dw_flags;
+	uint32_t		wnd_show;
+	nt_unicode_string	wnd_title;
+	nt_unicode_string	__attr_ptr_size_aligned__ desktop;
+	nt_unicode_string	__attr_ptr_size_aligned__ shell_info;
+	nt_unicode_string	__attr_ptr_size_aligned__ runtime_data;
+} nt_process_parameters;
+
+
+typedef struct _nt_peb {
+	unsigned char		reserved_1st[2];
+	unsigned char         	debugged;
+	unsigned char		reserved_2nd[1];
+	void *			reserved_3rd[2];
+	struct pe_peb_ldr_data*	peb_ldr_data;
+	nt_process_parameters * process_params;
+	unsigned char		reserved_4th[104];
+	void *			reserved_5th[52];
+	void * 			post_process_init_routine;
+	unsigned char		reserved_6th[128];
+	void *			reserved_7th[1];
+	uint32_t		session_id;
+} nt_peb;
+
+
+typedef struct _nt_process_basic_information {
+	int32_t		exit_status;
+	nt_peb *	peb_base_address;
+	intptr_t	affinity_mask;
+	uint32_t	base_priority;
+	uintptr_t	unique_process_id;
+	uintptr_t	inherited_from_unique_process_id;
+} nt_process_basic_information, nt_pbi;
+
+
+typedef struct _nt_process_access_token {
+	void *	token;
+	void *	thread;
+} nt_process_access_token;
+
+
+typedef struct _nt_process_ws_watch_information {
+	void *	faulting_pc;
+	void *	faulting_va;
+} nt_process_ws_watch_information;
+
+
+typedef struct _nt_process_priority_class {
+	int32_t		foreground;
+	uint32_t	priority;
+} nt_process_priority_class;
+
+
+typedef struct _nt_process_device_map_information {
+	union {
+		struct {
+			void *	directory_handle;
+		} set;
+
+		struct {
+			uint32_t	drive_map;
+			unsigned char	drive_type[32];
+		} query;
+	};
+} nt_process_device_map_information;
+
+
+typedef struct _nt_debug_buffer {
+	void *		hsection;
+	void *		section_base;
+	void *		remote_section_base;
+	size_t		section_base_delta;
+	void *		hevent_pair;
+	void *		unknown[2];
+	void *		hthread_remote;
+	uint32_t	info_class_mask;
+	size_t		info_size;
+	size_t		allocated_size;
+	size_t		section_size;
+	void *		module_information;
+	void *		back_trace_information;
+	void *		heap_information;
+	void *		lock_information;
+	void *		reserved[8];
+} nt_debug_buffer;
+
+
+typedef struct _nt_debug_module_information {
+	void *		reserved[2];
+	size_t		base;
+	size_t		size;
+	uint32_t	flags;
+	uint16_t	index;
+	uint16_t	unknown;
+	uint16_t	load_count;
+	uint16_t	module_name_offset;
+	char		image_name[256];
+} nt_debug_module_information;
+
+
+typedef struct _nt_debug_heap_information {
+	size_t		base;
+	uint32_t	flags;
+	uint16_t	granularity;
+	uint16_t	unknown;
+	size_t		allocated;
+	size_t		committed;
+	uint32_t	tag_count;
+	uint32_t	block_count;
+	void *		reserved[7];
+	void *		tags;
+	void *		blocks;
+} nt_debug_heap_information;
+
+
+typedef struct _nt_debug_lock_information {
+	void *		address;
+	uint16_t	type;
+	uint16_t	creator_back_trace_index;
+	uintptr_t	owner_thread_id;
+	uint32_t	active_count;
+	uint32_t	contention_count;
+	uint32_t	entry_count;
+	uint32_t	recursion_count;
+	uint32_t	number_of_share_waiters;
+	uint32_t	number_of_exclusive_waiters;
+} nt_debug_lock_information;
+
+
+typedef struct _nt_executable_image {
+	void *		hfile;
+	void *		hsection;
+	void *		addr;
+	size_t		size;
+	uint16_t	characteristics;
+	uint16_t	magic;
+	uint16_t	subsystem;
+	uint16_t	uflags;
+} nt_executable_image;
+
+
+typedef struct _nt_process_session_information {
+	uintptr_t	session_id;
+} nt_process_session_information;
+
+
+typedef struct _nt_create_process_info {
+	size_t		size;
+	size_t		state;
+
+	union {
+		struct {
+			uint32_t	init_flags;
+			uint32_t	file_access_ext;
+			uintptr_t	unused[8];
+		} init_state;
+
+		struct {
+			uintptr_t	output_flags;
+			void *		hfile;
+			void *		hsection;
+			uint64_t	unknown[6];
+		} success_state;
+	};
+} nt_create_process_info;
+
+
+typedef struct _nt_create_process_ext_param {
+	size_t		ext_param_type;
+	size_t		ext_param_size;
+
+	union {
+		uint32_t	ext_param_value;
+		void *		ext_param_addr;
+	};
+
+	size_t		ext_param_returned_length;
+} nt_create_process_ext_param;
+
+
+typedef struct _nt_create_process_ext_params {
+	size_t				ext_params_size;
+	nt_create_process_ext_param	ext_param[];
+} nt_create_process_ext_params;
+
+
+typedef struct _nt_user_process_info {
+	uint32_t			size;
+	void *				hprocess;
+	void *				hthread;
+	nt_cid				cid;
+	nt_section_image_information	sec_image_info;
+} nt_user_process_info;
+
+
+typedef struct _nt_process_alternate_client_id {
+	void *		hpgrp;
+	void *		hentry;
+	void *		hsession;
+	void *		hdaemon;
+	void *		htarget;
+	void *		hevent;
+	int32_t		tid;
+	int32_t		pid;
+	int32_t		pgid;
+	int32_t		sid;
+	uintptr_t	reserved[8];
+} nt_process_alternate_client_id, nt_alt_cid;
+
+typedef struct _nt_runtime_data {
+	void *		hprocess_self;
+	void *		hprocess_parent;
+	nt_cid		cid_self;
+	nt_cid		cid_parent;
+	nt_alt_cid	alt_cid_self;
+	nt_alt_cid	alt_cid_parent;
+	void *		himage;
+	void *		hroot;
+	void *		hcwd;
+	void *		hdrive;
+	void *		hstdin;
+	void *		hstdout;
+	void *		hstderr;
+	void *		hjob;
+	void *		hsession;
+	void *		hdebug;
+	void *		hlog;
+	void *		hready;
+	void *		srv_ready;
+	nt_guid		srv_guid;
+	int32_t		srv_type;
+	int32_t		srv_subtype;
+	uint32_t	srv_keys[6];
+	int32_t		stdin_type;
+	int32_t		stdout_type;
+	int32_t		stderr_type;
+	int32_t		session_type;
+	uint32_t	dbg_type;
+	uint32_t	log_type;
+	void *		ctx_hsection;
+	void *		ctx_addr;
+	size_t		ctx_size;
+	size_t		ctx_commit;
+	ptrdiff_t	ctx_offset;
+	size_t		ctx_counter;
+	size_t		ctx_meta_size;
+	size_t		ctx_buffer_size;
+	uint32_t	ctx_options;
+	uint32_t	ctx_flags;
+	uint32_t	meta_hash;
+	uint32_t	block_hash;
+	size_t		stack_reserve;
+	size_t		stack_commit;
+	size_t		heap_reserve;
+	size_t		heap_commit;
+	int32_t		envc;
+	int32_t		argc;
+	char **		argv;
+	char **		envp;
+	wchar16_t **	wargv;
+	wchar16_t **	wenvp;
+	int32_t		peb_envc;
+	int32_t		peb_argc;
+	wchar16_t **	peb_wargv;
+	wchar16_t **	peb_wenvp;
+	void *		uptr  [NT_RUNTIME_DATA_USER_PTRS];
+	void *		uclose[NT_RUNTIME_DATA_USER_PTRS];
+	int32_t		udat32[NT_RUNTIME_DATA_USER_INT32_SLOTS];
+	int64_t		udat64[NT_RUNTIME_DATA_USER_INT64_SLOTS];
+	uintptr_t	buffer[];
+} nt_runtime_data, nt_rtdata;
+
+
+typedef struct _nt_runtime_data_block {
+	void *	addr;
+	size_t	size;
+	void *	remote_addr;
+	size_t	remote_size;
+	int32_t	flags;
+} nt_runtime_data_block;
+
+
+typedef struct _nt_create_process_params {
+	__out		void *				hprocess;
+	__out		void *				hthread;
+	__out		nt_client_id			cid;
+	__out		nt_process_basic_information	pbi;
+	__in		void *				himage;
+	__in		wchar16_t *			image_name;
+	__in		wchar16_t *			cmd_line;
+	__in		wchar16_t *			environment;
+	__in		nt_runtime_data_block *		rtblock;
+	__in		uint32_t			desired_access_process;
+	__in		uint32_t			desired_access_thread;
+	__in		nt_object_attributes *		obj_attr_process;
+	__in		nt_object_attributes *		obj_attr_thread;
+	__in		uint32_t			creation_flags_process;
+	__in		uint32_t			creation_flags_thread;
+	__in		nt_process_parameters *		process_params;
+	__in_out	nt_create_process_info *	create_process_info;
+	__in		nt_create_process_ext_params *	create_process_ext_params;
+	__in_out	uintptr_t *			buffer;
+	__in		size_t				buflen;
+} nt_create_process_params;
+
+
+typedef int32_t	__stdcall ntapi_zw_create_process(
+	__out	void **			hprocess,
+	__in	uint32_t		desired_access,
+	__in	nt_object_attributes *	obj_attr,
+	__in	void *			hinherit_from_process,
+	__in	unsigned char		inherit_handles,
+	__in	void *			hsection 	__optional,
+	__in	void *			hdebug_port	__optional,
+	__in	void *			hexception_port __optional);
+
+
+/* zw_create_user_process: newer OS versions only */
+typedef int32_t __stdcall ntapi_zw_create_user_process(
+	__out		void **				hprocess,
+	__out		void **				hthread,
+	__in		uint32_t			desired_access_process,
+	__in		uint32_t			desired_access_thread,
+	__in		nt_object_attributes *		obj_attr_process	__optional,
+	__in		nt_object_attributes *		obj_attr_thread		__optional,
+	__in		uint32_t			creation_flags_process,
+	__in		uint32_t			creation_flags_thread,
+	__in		nt_process_parameters *		process_params		__optional,
+	__in_out	nt_create_process_info *	create_process_info,
+	__in		nt_create_process_ext_params *	create_process_ext_params);
+
+
+typedef int32_t	__stdcall ntapi_zw_open_process(
+	__out	void **			hprocess,
+	__in	uint32_t		desired_access,
+	__in	nt_object_attributes *	obj_attr,
+	__in	nt_client_id *		cid		__optional);
+
+
+typedef int32_t	__stdcall ntapi_zw_terminate_process(
+	__in	void *		hprocess	__optional,
+	__in	int32_t		status);
+
+
+typedef int32_t	__stdcall ntapi_zw_query_information_process(
+	__in	void *			hprocess,
+	__in	nt_process_info_class	process_info_class,
+	__out	void *			process_info,
+	__in	size_t			process_info_length,
+	__out	uint32_t *		returned_length		__optional);
+
+
+typedef int32_t	__stdcall ntapi_zw_set_information_process(
+	__in	void *			hprocess,
+	__in	nt_process_info_class	process_info_class,
+	__in	void *			process_info,
+	__in	uint32_t		process_info_length);
+
+
+typedef int32_t __stdcall ntapi_zw_flush_instruction_cache(
+	__in	void *	hprocess,
+	__in	void *	base_addr	__optional,
+	__in	size_t	flush_size);
+
+
+typedef int32_t	__stdcall ntapi_rtl_create_process_parameters(
+	__out 	nt_process_parameters **	process_params,
+	__in	nt_unicode_string *		image_file,
+	__in	nt_unicode_string *		dll_path		__optional,
+	__in	nt_unicode_string *		current_directory	__optional,
+	__in	nt_unicode_string *		command_line		__optional,
+	__in	wchar16_t *			environment 		__optional,
+	__in	nt_unicode_string *		window_title		__optional,
+	__in	nt_unicode_string *		desktop_info		__optional,
+	__in	nt_unicode_string *		shell_info		__optional,
+	__in	nt_unicode_string *		runtime_info		__optional);
+
+
+typedef void *  __stdcall ntapi_rtl_normalize_process_params(
+	__in 	nt_process_parameters *	process_params);
+
+
+typedef int32_t	__stdcall ntapi_rtl_destroy_process_parameters(
+	__in 	nt_process_parameters *		process_params);
+
+
+typedef nt_debug_buffer * __stdcall ntapi_rtl_create_query_debug_buffer(
+	__in 	size_t	size,
+	__in	int32_t	event_pair);
+
+
+typedef int32_t	__stdcall ntapi_rtl_destroy_query_debug_buffer(
+	__in 	nt_debug_buffer *	debug_buffer);
+
+
+typedef int32_t	__stdcall ntapi_rtl_query_process_debug_information(
+	__in		uintptr_t		process_id,
+	__in 		uint32_t		debug_info_class_mask,
+	__in_out	nt_debug_buffer *	debug_buffer);
+
+
+typedef int32_t __stdcall ntapi_rtl_clone_user_process(
+	__in	uint32_t		process_flags,
+	__in	nt_sd *			process_sec_desc	__optional,
+	__in	nt_sd *			thread_sec_desc		__optional,
+	__in	void *			hport_debug		__optional,
+	__out	nt_user_process_info *	process_info);
+
+
+/* extensions */
+typedef intptr_t __fastcall ntapi_tt_fork(
+	__out	void **		hprocess,
+	__out	void **		hthread);
+
+
+typedef int32_t	__stdcall ntapi_tt_create_remote_process_params(
+	__in	void *				hprocess,
+	__out 	nt_process_parameters **	rprocess_params,
+	__in	nt_unicode_string *		image_file,
+	__in	nt_unicode_string *		dll_path		__optional,
+	__in	nt_unicode_string *		current_directory	__optional,
+	__in	nt_unicode_string *		command_line		__optional,
+	__in	wchar16_t *			environment 		__optional,
+	__in	nt_unicode_string *		window_title		__optional,
+	__in	nt_unicode_string *		desktop_info		__optional,
+	__in	nt_unicode_string *		shell_info		__optional,
+	__in	nt_unicode_string *		runtime_data		__optional);
+
+
+typedef int32_t __stdcall ntapi_tt_create_native_process(
+	__out	nt_create_process_params *	params);
+
+
+typedef int32_t __stdcall ntapi_tt_get_runtime_data(
+	__out		nt_runtime_data **	pdata,
+	__in		wchar16_t **		argv);
+
+typedef int32_t __stdcall ntapi_tt_init_runtime_data(
+	__in_out	nt_runtime_data *	rtdata);
+
+typedef int32_t __stdcall ntapi_tt_update_runtime_data(
+	__in_out	nt_runtime_data *	rtdata);
+
+typedef int32_t __stdcall ntapi_tt_exec_map_image_as_data(
+	__in_out	nt_executable_image *	image);
+
+
+typedef int32_t	__stdcall ntapi_tt_exec_unmap_image(
+	__in		nt_executable_image *	image);
+
+#endif