#ifndef PE_OS_H #define PE_OS_H #include #define OS_STATUS_INTERNAL_ERROR 0xC00000E5 #define OS_STATUS_BAD_FILE_TYPE 0xC0000903 #define OS_STATUS_OBJECT_NAME_NOT_FOUND 0xC0000034 #define OS_STATUS_MORE_PROCESSING_REQUIRED 0xC0000016 #define OS_SEC_SYNCHRONIZE 0x00100000 #define OS_FILE_READ_ACCESS 0x00000001 #define OS_FILE_READ_ATTRIBUTES 0x00000080 #define OS_FILE_DIRECTORY_FILE 0x00000001 #define OS_FILE_NON_DIRECTORY_FILE 0x00000040 #define OS_FILE_SHARE_READ 0x00000001 #define OS_FILE_SHARE_WRITE 0x00000002 #define OS_FILE_SHARE_DELETE 0x00000004 #define OS_CURRENT_PROCESS_HANDLE (void *)(uintptr_t)(-1) #define OS_CURRENT_THREAD_HANDLE (void *)(uintptr_t)(-2) enum os_object_info_class { OS_OBJECT_BASIC_INFORMATION = 0, OS_OBJECT_NAME_INFORMATION = 1, OS_OBJECT_TYPE_INFORMATION = 2, OS_OBJECT_ALL_TYPES_INFORMATION = 3, OS_OBJECT_HANDLE_INFORMATION = 4 }; enum os_memory_info_class { OS_MEMORY_BASIC_INFORMATION, OS_MEMORY_WORKING_SET_LIST, OS_MEMORY_SECTION_NAME, OS_MEMORY_BASIC_VLM_INFORMATION }; struct os_oa { uint32_t len; void * root_dir; struct pe_unicode_str * obj_name; uint32_t obj_attr; void * sec_desc; void * sec_qos; }; struct os_iosb { union { int32_t status; void * pointer; }; intptr_t info; }; typedef int32_t __stdcall os_zw_query_object( __in void * handle, __in int obj_info_class, __out void * obj_info, __in size_t obj_info_length, __out uint32_t * returned_length __optional); typedef int32_t __stdcall os_zw_query_virtual_memory( __in void * hprocess, __in void * base_address, __in int mem_info_class, __out void * mem_info, __in uint32_t mem_info_length, __out uint32_t * returned_length __optional); typedef int32_t __stdcall os_zw_open_file( __out void ** hfile, __in uint32_t desired_access, __in struct os_oa * obj_attr, __out struct os_iosb * io_status_block, __in uint32_t share_access, __in uint32_t open_options); #endif