1 ! Copyright (C) 2013 Doug Coleman.
2 ! See http://factorcode.org/license.txt for BSD license.
3 USING: alien.c-types alien.syntax classes.struct windows.types ;
11 STRUCT: LSA_UNICODE_STRING
13 { MaximumLength USHORT }
15 TYPEDEF: LSA_UNICODE_STRING* PLSA_UNICODE_STRING
16 TYPEDEF: LSA_UNICODE_STRING UNICODE_STRING
17 TYPEDEF: LSA_UNICODE_STRING* PUNICODE_STRING
19 STRUCT: RTL_DRIVE_LETTER_CURDIR
23 { DosPath UNICODE_STRING } ;
24 TYPEDEF: RTL_DRIVE_LETTER_CURDIR* PRTL_DRIVE_LETTER_CURDIR
26 STRUCT: RTL_USER_PROCESS_PARAMETERS
27 { MaximumLength ULONG }
31 { ConsoleHandle PVOID }
32 { ConsoleFlags ULONG }
33 { StdInputHandle HANDLE }
34 { StdOutputHandle HANDLE }
35 { StdErrorHandle HANDLE }
36 { CurrentDirectoryPath UNICODE_STRING }
37 { CurrentDirectoryHandle HANDLE }
38 { DllPath UNICODE_STRING }
39 { ImagePathName UNICODE_STRING }
40 { CommandLine UNICODE_STRING }
42 { StartingPositionLeft ULONG }
43 { StartingPositionTop ULONG }
48 { ConsoleTextAttributes ULONG }
50 { ShowWindowFlags ULONG }
51 { WindowTitle UNICODE_STRING }
52 { DesktopName UNICODE_STRING }
53 { ShellInfo UNICODE_STRING }
54 { RuntimeData UNICODE_STRING }
55 { DLCurrentDirectory RTL_DRIVE_LETTER_CURDIR[0x20] } ;
56 TYPEDEF: RTL_USER_PROCESS_PARAMETERS* PRTL_USER_PROCESS_PARAMETERS
60 { Blink LIST_ENTRY* } ;
61 TYPEDEF: LIST_ENTRY* PLIST_ENTRY
65 { Initialized BOOLEAN }
67 { InLoadOrderModuleList LIST_ENTRY }
68 { InMemoryOrderModuleList LIST_ENTRY }
69 { InInitializationOrderModuleList LIST_ENTRY } ;
70 TYPEDEF: PEB_LDR_DATA* PPEB_LDR_DATA
72 TYPEDEF: void* PPS_POST_PROCESS_INIT_ROUTINE
74 STRUCT: PEB_FREE_BLOCK
75 { Next PEB_FREE_BLOCK* }
77 TYPEDEF: PEB_FREE_BLOCK* PPEB_FREE_BLOCK
79 STRUCT: PEBLOCKROUTINE
81 TYPEDEF: PEBLOCKROUTINE* PPEBLOCKROUTINE
83 TYPEDEF: PVOID* PPVOID
86 { InheritedAddressSpace BOOLEAN }
87 { ReadImageFileExecOptions BOOLEAN }
88 { BeingDebugged BOOLEAN }
91 { ImageBaseAddress HMODULE }
92 { LoaderData PPEB_LDR_DATA }
93 { ProcessParameters PRTL_USER_PROCESS_PARAMETERS }
94 { SubSystemData PVOID }
95 { ProcessHeap HANDLE }
97 { FastPebLockRoutine PPEBLOCKROUTINE }
98 { FastPebUnlockRoutine PPEBLOCKROUTINE }
99 { EnvironmentUpdateCount ULONG }
100 { KernelCallbackTable PPVOID }
101 { EventLogSection PVOID }
103 { FreeList PPEB_FREE_BLOCK }
104 { TlsExpansionCounter ULONG }
106 { TlsBitmapBits ULONG[2] }
107 { ReadOnlySharedMemoryBase PVOID }
108 { ReadOnlySharedMemoryHeap PVOID }
109 { ReadOnlyStaticServerData PPVOID }
110 { AnsiCodePageData PVOID }
111 { OemCodePageData PVOID }
112 { UnicodeCaseTableData PVOID }
113 { NumberOfProcessors ULONG }
114 { NtGlobalFlag ULONG }
116 { CriticalSectionTimeout LARGE_INTEGER }
117 { HeapSegmentReserve ULONG }
118 { HeapSegmentCommit ULONG }
119 { HeapDeCommitTotalFreeThreshold ULONG }
120 { HeapDeCommitFreeBlockThreshold ULONG }
121 { NumberOfHeaps ULONG }
122 { MaximumNumberOfHeaps ULONG }
123 { ProcessHeaps PPVOID* }
124 { GdiSharedHandleTable PVOID }
125 { ProcessStarterHelper PVOID }
126 { GdiDCAttributeList PVOID }
128 { OSMajorVersion ULONG }
129 { OSMinorVersion ULONG }
130 { OSBuildNumber ULONG }
131 { OSPlatformId ULONG }
132 { ImageSubSystem ULONG }
133 { ImageSubSystemMajorVersion ULONG }
134 { ImageSubSystemMinorVersion ULONG }
135 { GdiHandleBuffer ULONG[0x22] }
136 { PostProcessInitRoutine ULONG }
137 { TlsExpansionBitmap ULONG }
138 { TlsExpansionBitmapBits BYTE[0x80] }
139 { SessionId ULONG } ;
142 ! PebBaseAddress is PPEB
143 STRUCT: PROCESS_BASIC_INFORMATION
145 { PebBaseAddress PVOID }
146 { AffinityMask PVOID }
147 { BasePriority PVOID }
148 { UniqueProcessId ULONG_PTR }
149 { InheritedFromUniqueProcessId PVOID } ;
151 ENUM: PROCESSINFOCLASS
152 { ProcessBasicInformation 0 }
153 { ProcessDebugPort 7 }
154 { ProcessWow64Information 26 }
155 { ProcessImageFileName 27 } ;
157 FUNCTION: NTSTATUS NtQueryInformationProcess (
158 HANDLE ProcessHandle,
159 PROCESSINFOCLASS ProcessInformationClass,
160 PVOID ProcessInformation,
161 ULONG ProcessInformationLength,