basis/windows/ntdll/ntdll.factor

   1 ! Copyright (C) 2013 Doug Coleman.
   2 ! See http://factorcode.org/license.txt for BSD license.
   3 USING: alien.c-types alien.syntax classes.struct windows.types ;
   4 IN: windows.ntdll
   5
   6 LIBRARY: ntdll
   7
   8 TYPEDEF: uint NTSTATUS
   9
  10 STRUCT: LSA_UNICODE_STRING
  11     { Length USHORT }
  12     { MaximumLength USHORT }
  13     { Buffer void* } ;
  14 TYPEDEF: LSA_UNICODE_STRING* PLSA_UNICODE_STRING
  15 TYPEDEF: LSA_UNICODE_STRING UNICODE_STRING
  16 TYPEDEF: LSA_UNICODE_STRING* PUNICODE_STRING
  17
  18 STRUCT: RTL_USER_PROCESS_PARAMETERS
  19     { Reserved1 BYTE[16] }
  20     { Reserved2 PVOID[10] }
  21     { ImagePathName UNICODE_STRING }
  22     { CommandLine UNICODE_STRING } ;
  23 TYPEDEF: RTL_USER_PROCESS_PARAMETERS* PRTL_USER_PROCESS_PARAMETERS
  24
  25 STRUCT: LIST_ENTRY
  26     { Flink LIST_ENTRY* }
  27     { Blink LIST_ENTRY* } ;
  28 TYPEDEF: LIST_ENTRY* PLIST_ENTRY
  29
  30 STRUCT: PEB_LDR_DATA
  31     { Reserved1 BYTE[8] }
  32     { Reserved2 PVOID[3] }
  33     { InMemoryOrderModuleList LIST_ENTRY } ;
  34 TYPEDEF: PEB_LDR_DATA* PPEB_LDR_DATA
  35
  36 TYPEDEF: void* PPS_POST_PROCESS_INIT_ROUTINE
  37
  38 STRUCT: PEB
  39     { Reserved1 BYTE[2] }
  40     { BeingDebugged BYTE }
  41     { Reserved2 BYTE[1] }
  42     { Reserved3 BYTE[2] }
  43     { Ldr PPEB_LDR_DATA }
  44     { ProcessParameters PRTL_USER_PROCESS_PARAMETERS }
  45     { Reserved4 BYTE[104] }
  46     { Reserved5 PVOID[52] }
  47     { PostProcessInitRoutine PPS_POST_PROCESS_INIT_ROUTINE }
  48     { Reserved6 BYTE[128] }
  49     { Reserved7 PVOID[1] }
  50     { SessionId ULONG } ;
  51 TYPEDEF: PEB* PPEB
  52
  53 ! PebBaseAddress is PPEB
  54 STRUCT: PROCESS_BASIC_INFORMATION
  55     { Reserved1 PVOID }
  56     { PebBaseAddress void* }
  57     { Reserved2 PVOID[2] }
  58     { UniqueProcessId ULONG_PTR }
  59     { Reserved3 PVOID } ;
  60
  61 ENUM: PROCESSINFOCLASS
  62     { ProcessBasicInformation 0 }
  63     { ProcessDebugPort 7 }
  64     { ProcessWow64Information 26 }
  65     { ProcessImageFileName 27 } ;
  66
  67 FUNCTION: NTSTATUS NtQueryInformationProcess (
  68     HANDLE ProcessHandle,
  69     PROCESSINFOCLASS ProcessInformationClass,
  70     PVOID ProcessInformation,
  71     ULONG ProcessInformationLength,
  72     PULONG ReturnLength
  73 ) ;