#ifndef _NT_SYSINFO_H_ #define _NT_SYSINFO_H_ #include "nt_abi.h" #include "nt_object.h" #include "nt_memory.h" typedef enum _nt_system_info_class { NT_SYSTEM_INFORMATION_CLASS_MIN = 0, NT_SYSTEM_BASIC_INFORMATION = 0, NT_SYSTEM_PROCESSOR_INFORMATION = 1, NT_SYSTEM_PERFORMANCE_INFORMATION = 2, NT_SYSTEM_TIME_OF_DAY_INFORMATION = 3, NT_SYSTEM_NOT_IMPLEMENTED1 = 4, NT_SYSTEM_PROCESS_INFORMATION = 5, NT_SYSTEM_PROCESS_AND_THREAD_INFORMATION = 5, NT_SYSTEM_CALL_COUNTS = 6, NT_SYSTEM_DEVICE_INFORMATION = 7, NT_SYSTEM_PROCESSOR_TIMES = 8, NT_SYSTEM_GLOBAL_FLAG = 9, NT_SYSTEM_NOT_IMPLEMENTED2 = 10, NT_SYSTEM_CALL_TIME_INFORMATION = 10, NT_SYSTEM_MODULE_INFORMATION = 11, NT_SYSTEM_LOCK_INFORMATION = 12, NT_SYSTEM_NOT_IMPLEMENTED3 = 13, NT_SYSTEM_NOT_IMPLEMENTED4 = 14, NT_SYSTEM_NOT_IMPLEMENTED5 = 15, NT_SYSTEM_HANDLE_INFORMATION = 16, NT_SYSTEM_OBJECT_INFORMATION = 17, NT_SYSTEM_PAGE_FILE_INFORMATION = 18, NT_SYSTEM_INSTRUCTION_EMULATION_COUNTS = 19, NT_SYSTEM_INVALID_INFO_CLASS1 = 20, NT_SYSTEM_CACHE_INFORMATION = 21, NT_SYSTEM_POOL_TAG_INFORMATION = 22, NT_SYSTEM_PROCESSOR_STATISTICS = 23, NT_SYSTEM_DPC_INFORMATION = 24, NT_SYSTEM_NOT_IMPLEMENTED6 = 25, NT_SYSTEM_LOAD_IMAGE = 26, NT_SYSTEM_UNLOAD_IMAGE = 27, NT_SYSTEM_TIME_ADJUSTMENT = 28, NT_SYSTEM_NOT_IMPLEMENTED7 = 29, NT_SYSTEM_NOT_IMPLEMENTED8 = 30, NT_SYSTEM_NOT_IMPLEMENTED9 = 31, NT_SYSTEM_CRASH_DUMP_INFORMATION = 32, NT_SYSTEM_EXCEPTION_INFORMATION = 33, NT_SYSTEM_CRASH_DUMP_STATE_INFORMATION = 34, NT_SYSTEM_KERNEL_DEBUGGER_INFORMATION = 35, NT_SYSTEM_CONTEXT_SWITCH_INFORMATION = 36, NT_SYSTEM_REGISTRY_QUOTA_INFORMATION = 37, NT_SYSTEM_LOAD_AND_CALL_IMAGE = 38, NT_SYSTEM_PRIORITY_SEPARATION = 39, NT_SYSTEM_NOT_IMPLEMENTED10 = 40, NT_SYSTEM_NOT_IMPLEMENTED11 = 41, NT_SYSTEM_INVALID_INFO_CLASS2 = 42, NT_SYSTEM_INVALID_INFO_CLASS3 = 43, NT_SYSTEM_CURRENT_TIME_ZONE_INFORMATION = 44, NT_SYSTEM_TIME_ZONE_INFORMATION = 44, NT_SYSTEM_LOOKASIDE_INFORMATION = 45, NT_SYSTEM_SET_TIME_SLIP_EVENT = 46, NT_SYSTEM_CREATE_SESSION = 47, NT_SYSTEM_DELETE_SESSION = 48, NT_SYSTEM_INVALID_INFO_CLASS4 = 49, NT_SYSTEM_RANGE_START_INFORMATION = 50, NT_SYSTEM_VERIFIER_INFORMATION = 51, NT_SYSTEM_ADD_VERIFIER = 52, NT_SYSTEM_SESSION_PROCESSES_INFORMATION = 53, NT_SYSTEM_INFORMATION_CLASS_MAX } nt_system_info_class; typedef enum _nt_thread_state { NT_THREAD_STATE_INITIALIZED = 0, NT_THREAD_STATE_READY = 1, NT_THREAD_STATE_RUNNING = 2, NT_THREAD_STATE_STANDBY = 3, NT_THREAD_STATE_TERMINATED = 4, NT_THREAD_STATE_WAIT = 5, NT_THREAD_STATE_TRANSITION = 6, NT_THREAD_STATE_UNKNOWN = 7 } nt_thread_state; typedef enum _nt_kwait_reason { NT_KWAIT_EXECUTIVE = 0, NT_KWAIT_FREE_PAGE = 1, NT_KWAIT_PAGE_IN = 2, NT_KWAIT_POOL_ALLOCATION = 3, NT_KWAIT_DELAY_EXECUTION = 4, NT_KWAIT_SUSPENDED = 5, NT_KWAIT_USER_REQUEST = 6, NT_KWAIT_WR_EXECUTIVE = 7, NT_KWAIT_WR_FREE_PAGE = 8, NT_KWAIT_WR_PAGE_IN = 9, NT_KWAIT_WR_POOL_ALLOCATION = 10, NT_KWAIT_WR_DELAY_EXECUTION = 11, NT_KWAIT_WR_SUSPENDED = 12, NT_KWAIT_WR_USER_REQUEST = 13, NT_KWAIT_WR_EVENT_PAIR = 14, NT_KWAIT_WR_QUEUE = 15, NT_KWAIT_WR_LPC_RECEIVE = 16, NT_KWAIT_WR_LPC_REPLY = 17, NT_KWAIT_WR_VIRTUAL_MEMORY = 18, NT_KWAIT_WR_PAGE_OUT = 19, NT_KWAIT_WR_RENDEZVOUS = 20, NT_KWAIT_SPARE2 = 21, NT_KWAIT_SPARE3 = 22, NT_KWAIT_SPARE4 = 23, NT_KWAIT_SPARE5 = 24, NT_KWAIT_WR_CALLOUT_STACK = 25, NT_KWAIT_WR_KERNEL = 26, NT_KWAIT_WR_RESOURCE = 27, NT_KWAIT_WR_PUSH_LOCK = 28, NT_KWAIT_WR_MUTEX = 29, NT_KWAIT_WR_QUANTUM_END = 30, NT_KWAIT_WR_DISPATCH_INT = 31, NT_KWAIT_WR_PREEMPTED = 32, NT_KWAIT_WR_YIELD_EXECUTION = 33, NT_KWAIT_WR_FAST_MUTEX = 34, NT_KWAIT_WR_GUARDED_MUTEX = 35, NT_KWAIT_WR_RUNDOWN = 36, NT_KWAIT_MAXIMUM_WAIT_REASON = 37 } nt_kwait_reason; typedef enum _nt_pool_type { NT_NON_PAGED_POOL, NT_NON_PAGED_POOL_EXECUTE = 0x0000 + NT_NON_PAGED_POOL, NT_PAGED_POOL, NT_NON_PAGED_POOL_MUST_SUCCEED = 0x0002 + NT_NON_PAGED_POOL, NT_DONT_USE_THIS_TYPE, NT_NON_PAGED_POOL_CACHE_ALIGNED = 0x0004 + NT_NON_PAGED_POOL, NT_PAGED_POOL_CACHE_ALIGNED, NT_NON_PAGED_POOL_CACHE_ALIGNED_MUST_S = 0x0006 + NT_NON_PAGED_POOL, NT_MAX_POOL_TYPE, NT_NON_PAGED_POOL_BASE = 0x0000, NT_NON_PAGED_POOL_BASE_MUST_SUCCEED = 0x0002 + NT_NON_PAGED_POOL_BASE, NT_NON_PAGED_POOL_BASE_CACHE_ALIGNED = 0x0004 + NT_NON_PAGED_POOL_BASE, NT_NON_PAGED_POOL_BASE_CACHE_ALIGNED_MUST_S = 0x0006 + NT_NON_PAGED_POOL_BASE, NT_NON_PAGED_POOL_SESSION = 0x0020, NT_PAGED_POOL_SESSION = 0x0001 + NT_NON_PAGED_POOL_SESSION, NT_NON_PAGED_POOL_MUST_SUCCEED_SESSION = 0x0001 + NT_PAGED_POOL_SESSION, NT_DONT_USE_THIS_TYPE_SESSION = 0x0001 + NT_NON_PAGED_POOL_MUST_SUCCEED_SESSION, NT_NON_PAGED_POOL_CACHE_ALIGNED_SESSION = 0x0001 + NT_DONT_USE_THIS_TYPE_SESSION, NT_PAGED_POOL_CACHE_ALIGNED_SESSION = 0x0001 + NT_NON_PAGED_POOL_CACHE_ALIGNED_SESSION, NT_NON_PAGED_POOL_CACHE_ALIGNED_MUST_S_SESSION = 0x0001 + NT_PAGED_POOL_CACHE_ALIGNED_SESSION, NT_NON_PAGED_POOL_NX = 0x0200, NT_NON_PAGED_POOL_NX_CACHE_ALIGNED = 0x0004 + NT_NON_PAGED_POOL_NX, NT_NON_PAGED_POOL_SESSION_NX = 0x0020 + NT_NON_PAGED_POOL_NX } nt_pool_type; typedef enum _nt_shutdown_action { NT_SHUTDOWN_NO_REBOOT, NT_SHUTDOWN_REBOOT, NT_SHUTDOWN_POWER_OFF } nt_shutdown_action; typedef enum _nt_debug_control_code { NT_DEBUG_GET_TRACE_INFORMATION = 1, NT_DEBUG_SET_INTERNAL_BREAKPOINT, NT_DEBUG_SET_SPECIAL_CALL, NT_DEBUG_CLEAR_SPECIAL_CALLS, NT_DEBUG_QUERY_SPECIAL_CALLS, NT_DEBUG_DBG_BREAK_POINT, NT_DEBUG_MAXIMUM } nt_debug_control_code; /* nt_system_global_flag constants */ #define NT_FLGSTOP_ON_EXCEPTION (uint32_t)0x00000001 #define NT_FLGSHOW_LDR_SNAPS (uint32_t)0x00000002 #define NT_FLGDEBUG_INITIAL_COMMAND (uint32_t)0x00000004 #define NT_FLGSTOP_ON_HUNG_GUI (uint32_t)0x00000008 #define NT_FLGHEAP_ENABLE_TAIL_CHECK (uint32_t)0x00000010 #define NT_FLGHEAP_ENABLE_FREE_CHECK (uint32_t)0x00000020 #define NT_FLGHEAP_VALIDATE_PARAMETERS (uint32_t)0x00000040 #define NT_FLGHEAP_VALIDATE_ALL (uint32_t)0x00000080 #define NT_FLGPOOL_ENABLE_TAIL_CHECK (uint32_t)0x00000100 #define NT_FLGPOOL_ENABLE_FREE_CHECK (uint32_t)0x00000200 #define NT_FLGPOOL_ENABLE_TAGGING (uint32_t)0x00000400 #define NT_FLGHEAP_ENABLE_TAGGING (uint32_t)0x00000800 #define NT_FLGUSER_STACK_TRACE_DB (uint32_t)0x00001000 #define NT_FLGKERNEL_STACK_TRACE_DB (uint32_t)0x00002000 #define NT_FLGMAINTAIN_OBJECT_TYPELIST (uint32_t)0x00004000 #define NT_FLGHEAP_ENABLE_TAG_BY_DLL (uint32_t)0x00008000 #define NT_FLGIGNORE_DEBUG_PRIV (uint32_t)0x00010000 #define NT_FLGENABLE_CSRDEBUG (uint32_t)0x00020000 #define NT_FLGENABLE_KDEBUG_SYMBOL_LOAD (uint32_t)0x00040000 #define NT_FLGDISABLE_PAGE_KERNEL_STACKS (uint32_t)0x00080000 #define NT_FLGHEAP_ENABLE_CALL_TRACING (uint32_t)0x00100000 #define NT_FLGHEAP_DISABLE_COALESCING (uint32_t)0x00200000 #define NT_FLGENABLE_CLOSE_EXCEPTIONS (uint32_t)0x00400000 #define NT_FLGENABLE_EXCEPTION_LOGGING (uint32_t)0x00800000 #define NT_FLGENABLE_DBGPRINT_BUFFERING (uint32_t)0x08000000 /* nt_system_handle_information constants */ /* FIXME: verify that these values are indeed reversed when compared with the flags returned by zw_query_object */ #define NT_HANDLE_PROTECT_FROM_CLOSE (unsigned char)0x01 #define NT_HANDLE_INHERIT (unsigned char)0x02 /* nt_system_object flag constants */ #define NT_FLG_SYSTEM_OBJECT_KERNEL_MODE (uint32_t)0x02 #define NT_FLG_SYSTEM_OBJECT_CREATOR_INFO (uint32_t)0x04 #define NT_FLG_SYSTEM_OBJECT_EXCLUSIVE (uint32_t)0x08 #define NT_FLG_SYSTEM_OBJECT_PERMANENT (uint32_t)0x10 #define NT_FLG_SYSTEM_OBJECT_DEFAULT_SECURITY_QUOTA (uint32_t)0x20 #define NT_FLG_SYSTEM_OBJECT_SINGLE_HANDLE_ENTRY (uint32_t)0x40 typedef struct _nt_system_information_snapshot { void * buffer; void * pcurrent; size_t info_len; size_t max_len; nt_system_info_class sys_info_class; } nt_system_information_snapshot; typedef struct _nt_system_basic_information { uint32_t unknown; uint32_t max_increment; uint32_t physical_page_size; uint32_t physical_page_count; uint32_t physical_page_lowest; uint32_t physical_page_highest; uint32_t allocation_granularity; uint32_t user_address_lowest; uint32_t user_address_highest; uint32_t active_processors; unsigned char processor_count; } nt_system_basic_information; typedef struct _nt_system_processor_information { uint16_t processor_architecture; uint16_t processor_level; uint16_t processor_revision; uint16_t unknown; uint32_t feature_bits; } nt_system_processor_information; typedef struct _nt_system_performance_information { nt_large_integer idle_time; nt_large_integer read_transfer_count; nt_large_integer write_transfer_count; nt_large_integer other_transfer_count; uint32_t read_operation_count; uint32_t write_operation_count; uint32_t other_operation_count; uint32_t available_pages; uint32_t total_committed_pages; uint32_t total_commit_limit; uint32_t peak_commitment; uint32_t page_faults; uint32_t write_copy_faults; uint32_t transition_faults; uint32_t cache_transition_faults; uint32_t demand_zero_faults; uint32_t pages_read; uint32_t page_read_ios; uint32_t cache_reads; uint32_t cache_ios; uint32_t pagefile_pages_written; uint32_t pagefile_page_write_ios; uint32_t mapped_file_pages_written; uint32_t mapped_file_page_write_ios; uint32_t paged_pool_usage; uint32_t non_paged_pool_usage; uint32_t paged_pool_allocs; uint32_t paged_pool_frees; uint32_t non_paged_pool_allocs; uint32_t non_paged_pool_frees; uint32_t total_free_system_ptes; uint32_t system_code_page; uint32_t total_system_driver_pages; uint32_t total_system_code_pages; uint32_t small_non_paged_lookaside_list_allocate_hits; uint32_t small_paged_lookaside_list_allocate_hits; uint32_t reserved3; uint32_t mm_system_cache_page; uint32_t paged_pool_page; uint32_t system_driver_page; uint32_t fast_read_no_wait; uint32_t fast_read_wait; uint32_t fast_read_resource_miss; uint32_t fast_read_not_possible; uint32_t fast_mdl_read_no_wait; uint32_t fast_mdl_read_wait; uint32_t fast_mdl_read_resource_miss; uint32_t fast_mdl_read_not_possible; uint32_t map_data_no_wait; uint32_t map_data_wait; uint32_t map_data_no_wait_miss; uint32_t map_data_wait_miss; uint32_t pin_mapped_data_count; uint32_t pin_read_no_wait; uint32_t pin_read_wait; uint32_t pin_read_no_wait_miss; uint32_t pin_read_wait_miss; uint32_t copy_read_no_wait; uint32_t copy_read_wait; uint32_t copy_read_no_wait_miss; uint32_t copy_read_wait_miss; uint32_t mdl_read_no_wait; uint32_t mdl_read_wait; uint32_t mdl_read_no_wait_miss; uint32_t mdl_read_wait_miss; uint32_t read_ahead_ios; uint32_t lazy_write_ios; uint32_t lazy_write_pages; uint32_t data_flushes; uint32_t data_pages; uint32_t context_switches; uint32_t first_level_tb_fills; uint32_t second_level_tb_fills; uint32_t system_calls; } nt_system_performance_information; typedef struct _nt_system_time_of_day_information { nt_large_integer boot_time; nt_large_integer current_time; nt_large_integer time_zone_bias; uint32_t current_time_zone_id; } nt_system_time_of_day_information; typedef struct _nt_system_threads { nt_large_integer kernel_time; nt_large_integer user_time; nt_large_integer create_time; uint32_t wait_time; void * start_address; nt_client_id client_id; uint32_t priority; uint32_t base_priority; uint32_t context_switch_count; nt_thread_state state; nt_kwait_reason wait_reason; } nt_system_threads; typedef struct _nt_system_processes { uint32_t next_entry_delta; uint32_t thread_count; uintptr_t reserved_1st[6]; nt_unicode_string process_name; uint32_t base_priority; uintptr_t process_id; uintptr_t inherited_from_process_id; uint32_t handle_count; uint32_t session_id; void * reserved_2nd; size_t peak_virtual_size; size_t virtual_size; void * reserved_3rd; size_t peak_working_set_size; size_t working_set_size; void * reserved_4th; size_t quota_paged_pool_usage; void * reserved_5th; size_t quota_non_paged_pool_usage; size_t pagefile_usage; size_t peak_pagefile_usage; size_t private_page_count; nt_large_integer create_time; nt_large_integer user_time; nt_large_integer kernel_time; nt_large_integer reserved_7th; nt_large_integer reserved_8th; nt_large_integer reserved_9th; nt_system_threads threads[]; } nt_system_processes; typedef struct _nt_syscall_information { uint32_t size; uint32_t number_of_descriptor_tables; uint32_t number_of_routines_in_table[1]; uint32_t syscall_counts[]; } nt_syscall_information; typedef struct _nt_system_configuration_information { uint32_t disk_count; uint32_t floppy_count; uint32_t cd_rom_count; uint32_t tape_count; uint32_t serial_count; uint32_t parallel_count; } nt_system_configuration_information; typedef struct _nt_system_process_times { nt_large_integer idle_time; nt_large_integer kernel_time; nt_large_integer user_time; nt_large_integer dpc_time; nt_large_integer interrupt_time; uint32_t interrupt_count; } nt_system_process_times; typedef struct _nt_system_global_flag { uint32_t global_flag; } nt_system_global_flag; typedef struct _nt_system_module_information { uint32_t reserved_1st; uint32_t reserved_2nd; void * base; uint32_t size; uint32_t flags; uint16_t index; uint16_t unknown; uint16_t load_count; uint16_t path_length; char image_name[256]; } nt_system_module_information_entry; typedef struct _nt_system_lock_information { void * address; uint16_t type; uint16_t reserved_1st; uint32_t exclusive_owner_thread_id; uint32_t active_count; uint32_t contention_count; uint32_t reserved_2nd; uint32_t reserved_3rd; uint32_t number_of_shared_waiters; uint32_t number_of_exclusive_waiters; } nt_system_lock_information; typedef struct _nt_system_handle_information { uint32_t process_id; unsigned char object_type_number; unsigned char flags; uint16_t handle; void * object; uint32_t granted_access; #if (__SIZEOF_POINTER__ == 8) uint32_t granted_access_padding; #endif } nt_system_handle_information; typedef struct _nt_object_type_information { nt_unicode_string name; uint32_t object_count; uint32_t handle_count; uint32_t reserved1[4]; uint32_t peak_object_count; uint32_t peak_handle_count; uint32_t reserved2[4]; uint32_t invalid_attributes; nt_generic_mapping generic_mapping; uint32_t valid_access; unsigned char unknown; unsigned char maintain_handle_database; nt_pool_type pool_type; uint32_t paged_pool_usage; uint32_t non_paged_pool_usage; } nt_object_type_information, nt_oti; typedef struct _nt_system_object_type_information { uint32_t next_entry_offset; uint32_t object_count; uint32_t handle_count; uint32_t type_number; uint32_t invalid_attributes; nt_generic_mapping generic_mapping; uint32_t valid_access_mask; unsigned char pool_type; unsigned char unknown; nt_unicode_string name; } nt_system_object_type_information; typedef struct _nt_system_object_information { uint32_t next_entry_offset; void * object; uint32_t creator_process_id; uint16_t unknown; uint16_t flags; uint32_t pointer_count; uint32_t handle_count; uint32_t paged_pool_usage; uint32_t non_paged_pool_usage; uint32_t exclusive_process_id; nt_security_descriptor *security_descriptor; nt_unicode_string name; } nt_system_object_information; typedef struct _nt_system_pagefile_information { uint32_t next_entry_offset; uint32_t current_size; uint32_t total_used; uint32_t peak_used; nt_unicode_string file_name; } nt_system_pagefile_information; typedef struct _nt_system_instruction_emulation_information { uint32_t segment_not_present; uint32_t two_byte_opcode; uint32_t es_prefix; uint32_t cs_prefix; uint32_t ss_prefix; uint32_t ds_prefix; uint32_t fs_Prefix; uint32_t gs_prefix; uint32_t oper32_prefix; uint32_t addr32_prefix; uint32_t insb; uint32_t insw; uint32_t outsb; uint32_t outsw; uint32_t pushfd; uint32_t popfd; uint32_t int_nn; uint32_t into; uint32_t iretd; uint32_t inb_imm; uint32_t inw_imm; uint32_t outb_imm; uint32_t outw_imm; uint32_t inb; uint32_t inw; uint32_t outb; uint32_t outw; uint32_t lock_prefix; uint32_t repne_prefix; uint32_t rep_prefix; uint32_t hlt; uint32_t cli; uint32_t sti; uint32_t generic_invalid_opcode; } nt_system_instruction_emulation_information; typedef struct _nt_system_pool_tag_information { char tag[4]; uint32_t paged_pool_allocs; uint32_t paged_pool_frees; uint32_t paged_pool_usage; uint32_t non_paged_pool_allocs; uint32_t non_paged_pool_frees; uint32_t non_paged_pool_usage; } nt_system_pool_tag_information; typedef struct _nt_system_processor_statistics { uint32_t context_switches; uint32_t dpc_count; uint32_t dpc_request_rate; uint32_t time_increment; uint32_t dpc_bypass_count; uint32_t apc_bypass_count; } nt_system_processor_statistics; typedef struct _nt_system_dpc_information { uint32_t reserved; uint32_t maximum_dpc_queue_depth; uint32_t minimum_dpc_rate; uint32_t adjust_dpc_threshold; uint32_t ideal_dpc_rate; } nt_system_dpc_information; typedef struct _nt_system_load_image { nt_unicode_string module_name; void * module_base; void * section_pointer; void * entry_point; void * export_directory; } nt_system_load_image; typedef struct _nt_system_unload_image { void * module_base; } nt_system_unload_image; typedef struct _nt_system_query_time_adjustment { uint32_t time_adjustment; uint32_t maximum_increment; int32_t time_synchronization; } nt_system_query_time_adjustment; typedef struct _nt_system_set_time_adjustment { uint32_t time_adjustment; int32_t time_synchronization; } nt_system_set_time_adjustment; typedef struct _nt_system_crash_dump_information { void * crash_dump_section_handle; void * unknown; } nt_system_crash_dump_information; typedef struct _nt_system_exception_information { uint32_t alignment_fixup_count; uint32_t exception_dispatch_count; uint32_t floating_emulation_count; uint32_t reserved; } nt_system_exception_information; typedef struct _nt_system_crash_dump_state_information { uint32_t crash_dump_section_exists; uint32_t unknown; } nt_system_crash_dump_state_information; typedef struct _nt_system_kernel_debugger_information { unsigned char debugger_enabled; unsigned char debugger_not_present; } nt_system_kernel_debugger_information; typedef struct _nt_system_context_switch_information { uint32_t context_switches; uint32_t context_switch_counters[11]; } nt_system_context_switch_information; typedef struct _nt_system_registry_quota_information { uint32_t registry_quota; uint32_t registry_quota_in_use; uint32_t paged_pool_size; } nt_system_registry_quota_information; typedef struct _nt_system_load_and_call_image { nt_unicode_string module_name; } nt_system_load_and_call_image; typedef struct _nt_system_priority_separation { uint32_t priority_separation; } nt_system_priority_separation; typedef struct _nt_system_time_zone_information { int32_t bias; wchar16_t standard_name[32]; nt_large_integer standard_date; int32_t standard_bias; wchar16_t daylight_name[32]; nt_large_integer daylight_date; int32_t daylight_bias; } nt_system_time_zone_information; typedef struct _nt_system_lookaside_information { uint16_t depth; uint16_t maximum_depth; uint32_t total_allocates; uint32_t allocate_misses; uint32_t total_frees; uint32_t free_misses; nt_pool_type type; uint32_t tag; uint32_t size; } nt_system_lookaside_information; typedef struct _nt_system_set_time_slip_event { void * time_slip_event; } nt_system_set_time_slip_event; typedef struct _nt_system_create_session { uint32_t session_id; } nt_system_create_session; typedef struct _nt_system_delete_session { uint32_t session_id; } nt_system_delete_session; typedef struct _nt_system_range_start_information { void * system_range_start; } nt_system_range_start_information; typedef struct _nt_system_session_processes_information { uint32_t session_id; uint32_t buffer_size; void * buffer; } nt_system_session_processes_information; typedef struct _nt_system_pool_block { int32_t allocated; uint16_t unknown; uint32_t size; char tag[4]; } nt_system_pool_block; typedef struct _nt_system_pool_blocks_information { uint32_t pool_size; void * pool_base; uint16_t unknown; uint32_t number_of_blocks; nt_system_pool_block pool_blocks[]; } nt_system_pool_blocks_information; typedef struct _nt_system_memory_usage { void * name; uint16_t valid; uint16_t standby; uint16_t modified; uint16_t page_tables; } nt_system_memory_usage; typedef struct _nt_system_memory_usage_information { uint32_t reserved; void * end_of_data; nt_system_memory_usage memory_usage[]; } nt_system_memory_usage_information; typedef int32_t __stdcall ntapi_zw_query_system_information( __in nt_system_info_class sys_info_class, __in_out void * sys_info, __in size_t sys_info_length, __out size_t * returned_length __optional); typedef int32_t __stdcall ntapi_zw_set_system_information( __in nt_system_info_class sys_info_class, __in_out void * sys_info, __in uint32_t sys_info_length); typedef int32_t __stdcall ntapi_zw_query_system_environment_value( __in nt_unicode_string * name, __out void * value, __in size_t value_length, __out size_t * returned_length __optional); typedef int32_t __stdcall ntapi_zw_set_system_environment_value( __in nt_unicode_string * name, __in nt_unicode_string * value); typedef int32_t __stdcall ntapi_zw_shutdown_system( __in nt_shutdown_action action); typedef int32_t __stdcall ntapi_zw_system_debug_control( __in nt_debug_control_code control_code, __in void * input_buffer __optional, __in uint32_t input_buffer_length, __out void * output_buffer __optional, __in uint32_t output_buffer_length, __out uint32_t * returned_length __optional); /* extension functions */ typedef int32_t __stdcall ntapi_tt_get_system_directory_native_path( __out nt_mem_sec_name * buffer, __in uint32_t buffer_size, __in wchar16_t * base_name, __in uint32_t base_name_size, __out nt_unicode_string * nt_path __optional); typedef int32_t __stdcall ntapi_tt_get_system_directory_dos_path( __in void * hsysdir __optional, __out wchar16_t * buffer, __in uint32_t buffer_size, __in wchar16_t * base_name, __in uint32_t base_name_size, __out nt_unicode_string * nt_path __optional); typedef int32_t __stdcall ntapi_tt_get_system_directory_handle( __out void ** hsysdir, __out nt_mem_sec_name * buffer __optional, __in uint32_t buffer_size __optional); typedef int32_t __stdcall ntapi_tt_get_system_info_snapshot( __in_out nt_system_information_snapshot * sys_info_snapshot); #endif