266 lines
4.5 KiB
C
266 lines
4.5 KiB
C
/*++
|
|
|
|
Copyright (c) Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
ntwow64.h
|
|
|
|
Abstract:
|
|
|
|
This module contains headers for fake kernel entrypoints(wow64 BOPS) in ntdll.
|
|
|
|
Author:
|
|
|
|
Michael Zoran (mzoran) 22-NOV-1998
|
|
|
|
Environment:
|
|
|
|
User Mode only
|
|
|
|
Revision History:
|
|
|
|
May 07, 2001 SamerA Added NtWow64GetNativeSystemInformation()
|
|
July 2002 JayKrell
|
|
removed NtWow64QuerySection64
|
|
added NtWow64QueryInformationProcess64
|
|
publish it, ifndef guard, pragma once, subsection ifdef guards
|
|
|
|
--*/
|
|
|
|
#ifndef _NTWOW64_
|
|
#define _NTWOW64_
|
|
|
|
#if _MSC_VER > 1000
|
|
#pragma once
|
|
#endif
|
|
|
|
#if defined(_NTCSRMSG_)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWow64CsrClientConnectToServer(
|
|
IN PWSTR ObjectDirectory,
|
|
IN ULONG ServerDllIndex,
|
|
IN PVOID ConnectionInformation,
|
|
IN OUT PULONG ConnectionInformationLength OPTIONAL,
|
|
OUT PBOOLEAN CalledFromServer OPTIONAL
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWow64CsrNewThread(
|
|
VOID
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWow64CsrIdentifyAlertableThread(
|
|
VOID
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWow64CsrClientCallServer(
|
|
IN OUT PCSR_API_MSG m,
|
|
IN OUT PCSR_CAPTURE_HEADER CaptureBuffer OPTIONAL,
|
|
IN CSR_API_NUMBER ApiNumber,
|
|
IN ULONG ArgLength
|
|
);
|
|
|
|
NTSYSAPI
|
|
PCSR_CAPTURE_HEADER
|
|
NTAPI
|
|
NtWow64CsrAllocateCaptureBuffer(
|
|
IN ULONG CountMessagePointers,
|
|
IN ULONG Size
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
NtWow64CsrFreeCaptureBuffer(
|
|
IN PCSR_CAPTURE_HEADER CaptureBuffer
|
|
);
|
|
|
|
NTSYSAPI
|
|
ULONG
|
|
NTAPI
|
|
NtWow64CsrAllocateMessagePointer(
|
|
IN OUT PCSR_CAPTURE_HEADER CaptureBuffer,
|
|
IN ULONG Length,
|
|
OUT PVOID *Pointer
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
NtWow64CsrCaptureMessageBuffer(
|
|
IN OUT PCSR_CAPTURE_HEADER CaptureBuffer,
|
|
IN PVOID Buffer OPTIONAL,
|
|
IN ULONG Length,
|
|
OUT PVOID *CapturedBuffer
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
NtWow64CsrCaptureMessageString(
|
|
IN OUT PCSR_CAPTURE_HEADER CaptureBuffer,
|
|
IN PCSTR String OPTIONAL,
|
|
IN ULONG Length,
|
|
IN ULONG MaximumLength,
|
|
OUT PSTRING CapturedString
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWow64CsrSetPriorityClass(
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PULONG PriorityClass
|
|
);
|
|
|
|
NTSYSAPI
|
|
HANDLE
|
|
NTAPI
|
|
NtWow64CsrGetProcessId(
|
|
VOID
|
|
);
|
|
|
|
#endif /* _NTCSRMSG_ */
|
|
|
|
#if defined(_NTDBG_)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDbgUiConnectToDbg( VOID );
|
|
|
|
NTSTATUS
|
|
NtDbgUiWaitStateChange (
|
|
OUT PDBGUI_WAIT_STATE_CHANGE StateChange,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDbgUiContinue (
|
|
IN PCLIENT_ID AppClientId,
|
|
IN NTSTATUS ContinueStatus
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDbgUiStopDebugging (
|
|
IN HANDLE Process
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDbgUiDebugActiveProcess (
|
|
IN HANDLE Process
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
NtDbgUiRemoteBreakin (
|
|
IN PVOID Context
|
|
);
|
|
|
|
NTSYSAPI
|
|
HANDLE
|
|
NTAPI
|
|
NtDbgUiGetThreadDebugObject (
|
|
VOID
|
|
);
|
|
|
|
#endif /* _NTDBG_ */
|
|
|
|
|
|
// This is used in place of INT 2D
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWow64DebuggerCall (
|
|
IN ULONG ServiceClass,
|
|
IN ULONG Arg1,
|
|
IN ULONG Arg2,
|
|
IN ULONG Arg3,
|
|
IN ULONG Arg4
|
|
);
|
|
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWow64GetNativeSystemInformation(
|
|
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
|
|
OUT PVOID NativeSystemInformation,
|
|
IN ULONG InformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
#if defined(BUILD_WOW6432)
|
|
typedef VOID * __ptr64 NATIVE_PVOID;
|
|
#else
|
|
typedef PVOID NATIVE_PVOID;
|
|
#endif
|
|
typedef ULONGLONG SIZE_T64,*PSIZE_T64;
|
|
|
|
#if defined(BUILD_WOW6432)
|
|
|
|
#if defined(_NTPSAPI_)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWow64QueryInformationProcess64(
|
|
IN HANDLE ProcessHandle,
|
|
IN PROCESSINFOCLASS ProcessInformationClass,
|
|
OUT PVOID ProcessInformation,
|
|
IN ULONG ProcessInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
#endif
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWow64ReadVirtualMemory64(
|
|
IN HANDLE ProcessHandle,
|
|
IN NATIVE_PVOID BaseAddress,
|
|
OUT PVOID Buffer,
|
|
IN SIZE_T64 BufferSize,
|
|
OUT PSIZE_T64 NumberOfBytesRead OPTIONAL
|
|
);
|
|
|
|
#if defined(_NTMMAPI_)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWow64QueryVirtualMemory64(
|
|
IN HANDLE ProcessHandle,
|
|
IN NATIVE_PVOID BaseAddress,
|
|
IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
|
|
OUT PVOID MemoryInformation,
|
|
IN SIZE_T64 MemoryInformationLength,
|
|
OUT PSIZE_T64 ReturnLength OPTIONAL
|
|
);
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
#endif /* _NTWOW64_ */
|