/*** Copyright (C) 2023 J Reece Wilson (a/k/a "Reece"). All rights reserved. File: AuProcAddresses.NT.hpp Date: 2023-2-16 Author: Reece ***/ #pragma once struct _PROCESS_MEMORY_COUNTERS; struct _tagSTACKFRAME64; struct _MINIDUMP_EXCEPTION_INFORMATION; struct _MINIDUMP_USER_STREAM_INFORMATION; struct _IMAGEHLP_LINE64; struct _tagADDRESS64; struct _MINIDUMP_CALLBACK_INFORMATION; struct _MIB_IPADDRTABLE; struct _IP_ADAPTER_INFO; struct _CREATEFILE2_EXTENDED_PARAMETERS; enum _MINIDUMP_TYPE; #if defined(AURORA_COMPILER_MSVC) struct _IP_ADAPTER_ADDRESSES_LH; struct _IP_ADAPTER_ADDRESSES_XP; #if (NTDDI_VERSION >= NTDDI_VISTA) typedef _IP_ADAPTER_ADDRESSES_LH IP_ADAPTER_ADDRESSES; typedef _IP_ADAPTER_ADDRESSES_LH *PIP_ADAPTER_ADDRESSES; #elif (NTDDI_VERSION >= NTDDI_WINXP) typedef _IP_ADAPTER_ADDRESSES_XP IP_ADAPTER_ADDRESSES; typedef _IP_ADAPTER_ADDRESSES_XP *PIP_ADAPTER_ADDRESSES; #else typedef _IP_ADAPTER_ADDRESSES_XP IP_ADAPTER_ADDRESSES; typedef _IP_ADAPTER_ADDRESSES_XP *PIP_ADAPTER_ADDRESSES; #endif #endif namespace Aurora { void InitNTAddresses(); static const wchar_t *kSyncDllName { L"API-MS-Win-Core-Synch-l1-2-0.dll" }; static const wchar_t *kNtDllName { L"NTDLL.dll" }; static const wchar_t *kKernel32DllName { L"Kernel32.dll" }; static const wchar_t *kKernelBaseDllName { L"KernelBase.dll" }; static const wchar_t *kWS2DllName { L"Ws2_32.dll" }; static const wchar_t *kAdvancedApiDllName { L"Advapi32.dll" }; static const wchar_t *kBCryptDllName { L"bcrypt.dll" }; static const wchar_t *kThemeDllName { L"UxTheme.dll" }; static const wchar_t *kShellDllName { L"Shell32.dll" }; static const wchar_t *kPSAPILegacyDllName { L"psapi.dll" }; static const wchar_t *kDbgHelperDllName { L"dbghelp.dll" }; static const wchar_t *kWinTrustDllName { L"WINTRUST.dll" }; static const wchar_t *kIPHelperDllName { L"IPHLPAPI.dll" }; struct WIN32_MEMORY_RANGE_ENTRY2 { PVOID VirtualAddress; SIZE_T NumberOfBytes; }; enum class THREAD_INFORMATION_CLASS { ThreadMemoryPriority, ThreadAbsoluteCpuPriority, ThreadDynamicCodePolicy, ThreadPowerThrottling, ThreadInformationClassMax }; inline BOOL(__stdcall *pWaitOnAddress)( volatile VOID * Address, PVOID CompareAddress, SIZE_T AddressSize, DWORD dwMilliseconds ); inline void(__stdcall *pWakeByAddressSingle)( PVOID Address ); inline void(__stdcall *pWakeByAddressAll)( PVOID Address ); inline DWORD(__stdcall *pNtDelayExecution)( BOOLEAN Alertable, PLARGE_INTEGER DelayInterval ); inline PVOID(__stdcall *pVirtualAlloc2)( HANDLE Process, PVOID BaseAddress, SIZE_T Size, ULONG AllocationType, ULONG PageProtection, MEM_EXTENDED_PARAMETER * ExtendedParameters, ULONG ParameterCount ); inline PVOID(__stdcall *pMapViewOfFile3)( HANDLE FileMapping, HANDLE Process, PVOID BaseAddress, ULONG64 Offset, SIZE_T ViewSize, ULONG AllocationType, ULONG PageProtection, MEM_EXTENDED_PARAMETER * ExtendedParameters, ULONG ParameterCount ); inline PVOID(__stdcall *pUnmapViewOfFile2)( HANDLE Process, PVOID BaseAddress, ULONG UnmapFlags ); inline NTSTATUS(__stdcall *pNtWaitForKeyedEvent)( HANDLE Handle, PVOID Key, BOOLEAN Alertable, PLARGE_INTEGER NTTimeout ); inline NTSTATUS(__stdcall *pNtReleaseKeyedEvent)( HANDLE Handle, PVOID Key, BOOLEAN Alertable, PLARGE_INTEGER NTTimeout ); inline NTSTATUS(__stdcall *pNtCreateKeyedEvent)( HANDLE Handle, ACCESS_MASK Access, POBJECT_ATTRIBUTES Attr, ULONG Flags ); inline NTSTATUS(__stdcall *pNtOpenKeyedEvent)( HANDLE Handle, ACCESS_MASK Access, POBJECT_ATTRIBUTES Attr, ULONG Flags ); inline NTSTATUS(__stdcall *pRtlWaitOnAddress)( const void * addr, const void * cmp, SIZE_T size, const LARGE_INTEGER * timeout ); inline void(__stdcall *pRtlWakeByAddressAll)( const void * addr ); inline void(__stdcall *pRtlWakeAddressSingle)( const void * addr ); #if defined(AURORA_PLATFORM_WIN32) inline NTSTATUS(__stdcall *pRtlGetVersion)( PRTL_OSVERSIONINFOW lpVersionInformation ); #endif inline HANDLE(__stdcall *pCreateFile2)( LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, DWORD dwCreationDisposition, _CREATEFILE2_EXTENDED_PARAMETERS *pCreateExParams ); inline HANDLE(__stdcall *pCreateFileW)( LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile ); inline NTSTATUS(__stdcall *pNtNotifyChangeDirectoryFile)( HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG BufferSize, ULONG CompletionFilter, BOOLEAN WatchTree ); inline NTSTATUS(__stdcall *pNtTerminateProcess)( HANDLE ProcessHandle, NTSTATUS ExitStatus ); inline BOOL(__stdcall *pGetSystemCpuSetInformation)( PSYSTEM_CPU_SET_INFORMATION Information, ULONG BufferLength, PULONG ReturnedLength, HANDLE Process, ULONG Flags ); inline BOOL(__stdcall *pGetLogicalProcessorInformation)( PSYSTEM_LOGICAL_PROCESSOR_INFORMATION Buffer, PDWORD ReturnedLength ); inline HRESULT(__stdcall *pSetThreadDescription)( HANDLE hThread, PCWSTR lpThreadDescription ); inline BOOL(__stdcall *pSetThreadInformation)( HANDLE hThread, THREAD_INFORMATION_CLASS ThreadInformationClass, LPVOID ThreadInformation, DWORD ThreadInformationSize ); inline BOOL(__stdcall *pSetThreadSelectedCpuSets)( HANDLE Thread, const ULONG * CpuSetIds, ULONG CpuSetIdCount ); #if defined(AURORA_PLATFORM_WIN32) inline BOOL(__stdcall *pSetThreadGroupAffinity)( HANDLE hThread, GROUP_AFFINITY * GroupAffinity, PGROUP_AFFINITY PreviousGroupAffinity ); #endif inline INT(__stdcall *pGetAddrInfoExCancel)( LPHANDLE lpHandle ); using LPLOOKUPSERVICE_COMPLETION_ROUTINE = void(__stdcall *)( DWORD dwError, DWORD dwBytes, LPWSAOVERLAPPED lpOverlapped ); inline INT(__stdcall *pGetAddrInfoExW)( PCWSTR pName, PCWSTR pServiceName, DWORD dwNameSpace, LPGUID lpNspId, const ADDRINFOEXW * hints, PADDRINFOEXW * ppResult, struct timeval * timeout, LPOVERLAPPED lpOverlapped, LPLOOKUPSERVICE_COMPLETION_ROUTINE lpCompletionRoutine, LPHANDLE lpHandle ); inline void(__stdcall *pFreeAddrInfoExW)( PADDRINFOEXW pAddrInfoEx ); inline INT(__stdcall *pgetaddrinfo)( PCSTR pNodeName, PCSTR pServiceName, const ADDRINFOA * pHints, PADDRINFOA * ppResult ); inline void(__stdcall *pfreeaddrinfo)( PADDRINFOA pAddrInfo ); inline BOOL(__stdcall *pPrefetchVirtualMemory)( HANDLE hProcess, ULONG_PTR NumberOfEntries, WIN32_MEMORY_RANGE_ENTRY2 * VirtualAddresses, ULONG Flags ); inline NTSTATUS(__stdcall *pBCryptGenRandom)( PVOID hAlgorithm, PUCHAR pbBuffer, ULONG cbBuffer, ULONG dwFlags ); inline BOOL(__stdcall *pCryptGenRandom)( ULONG_PTR hProv, DWORD dwLen, BYTE *pbBuffer ); inline BOOL(__stdcall *pCryptAcquireContextW)( ULONG_PTR * hProv, LPCWSTR szContainer, LPCWSTR szProvider, DWORD dwProvType, DWORD dwFlags ); inline BOOL(__stdcall *pCryptReleaseContext)( ULONG_PTR hProvz, DWORD dwFlags ); inline NTSTATUS(__stdcall *pZwSetTimerResolution)( ULONG RequestedResolution, BOOLEAN Set, PULONG ActualResolution ); inline BOOLEAN(__stdcall *pRtlGenRandom)( PVOID RandomBuffer, ULONG RandomBufferLength ); #if defined(AURORA_PLATFORM_WIN32) inline NTSTATUS(__stdcall *pNtQueryInformationProcess)( HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength ); #endif inline ULONGLONG(__stdcall *pVerSetConditionMask)( ULONGLONG ConditionMask, DWORD TypeMask, BYTE Condition ); inline BOOL(__stdcall *pVerifyVersionInfoW)( LPOSVERSIONINFOEXW dwTypeMask, DWORD TypeMask, DWORDLONG dwlConditionMask ); inline HRESULT(__stdcall *pSetWindowTheme)( HWND hwnd, LPCWSTR pszSubAppName, LPCWSTR pszSubIdList ); inline HANDLE(__stdcall *pFindFirstStreamW)( LPCWSTR lpFileName, STREAM_INFO_LEVELS InfoLevel, LPVOID lpFindStreamData, DWORD dwFlags ); inline BOOL(__stdcall *pFindNextStreamW)( HANDLE hFindStream, LPVOID lpFindStreamData ); inline BOOL(__stdcall *pFindClose)( HANDLE hFindFile ); inline BOOL(__stdcall *pCancelIoEx)( HANDLE hFile, LPOVERLAPPED lpOverlapped ); inline BOOL(__stdcall *pCancelSynchronousIo)( HANDLE hThread ); inline BOOL(__stdcall *pGetProcessMemoryInfo)( HANDLE Process, ::_PROCESS_MEMORY_COUNTERS *ppsmemCounters, DWORD cb ); inline BOOL(__stdcall *pSetFileInformationByHandle)( HANDLE hFile, FILE_INFO_BY_HANDLE_CLASS FileInformationClass, LPVOID lpFileInformation, DWORD dwBufferSize ); inline int(__stdcall *pGetLocaleInfoEx)( LPCWSTR lpLocaleName, LCTYPE LCType, LPWSTR lpLCData, int cchData ); inline int(__stdcall *pLCIDToLocaleName)( LCID Locale, LPWSTR lpName, int cchName, DWORD dwFlags ); inline int(__stdcall *pGetLocaleInfoW)( LCID Locale, LCTYPE LCType, LPWSTR lpLCData, int cchData ); inline DWORD(__stdcall *pGetThreadId)( HANDLE hThread ); inline HRESULT(__stdcall *pSHGetKnownFolderPath)( const GUID & rfid, DWORD dwFlags, HANDLE hToken, PWSTR * ppszPath ); // dbghelp inline DWORD(__stdcall *pUnDecorateSymbolName)( PCSTR name, PSTR outputString, DWORD maxStringLength, DWORD flags ); inline BOOL(__stdcall *pMiniDumpWriteDump)( HANDLE hProcess, DWORD ProcessId, HANDLE hFile, enum _MINIDUMP_TYPE DumpType, _MINIDUMP_EXCEPTION_INFORMATION * ExceptionParam, _MINIDUMP_USER_STREAM_INFORMATION * UserStreamParam, _MINIDUMP_CALLBACK_INFORMATION * CallbackParam ); inline BOOL(__stdcall *pSymInitialize)( HANDLE hProcess, PCSTR UserSearchPath, BOOL fInvadeProcess ); inline DWORD64(__stdcall *pSymGetModuleBase64)( HANDLE hProcess, DWORD64 qwAddr ); inline BOOL(__stdcall *pSymGetLineFromAddr64)( HANDLE hProcess, DWORD64 qwAddr, PDWORD pdwDisplacement, _IMAGEHLP_LINE64 * Line64 ); inline PVOID(__stdcall *pSymFunctionTableAccess64)( HANDLE hProcess, DWORD64 AddrBase ); typedef BOOL(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)( HANDLE hProcess, DWORD64 qwBaseAddress, PVOID lpBuffer, DWORD nSize, LPDWORD lpNumberOfBytesRead ); typedef PVOID (__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)( HANDLE hProcess, DWORD64 AddrBase ); typedef DWORD64(__stdcall *PGET_MODULE_BASE_ROUTINE64)( HANDLE hProcess, DWORD64 Address ); typedef DWORD64 (__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)( HANDLE hProcess, HANDLE hThread, _tagADDRESS64 * lpaddr ); inline BOOL(__stdcall *pStackWalk64)( DWORD MachineType, HANDLE hProcess, HANDLE hThread, _tagSTACKFRAME64 * StackFrame, PVOID ContextRecord, PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine, PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine, PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine, PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress ); // WINTRUST inline BOOL(__stdcall *pWinVerifyTrust)( HWND hwnd, GUID * pgActionID, LPVOID pWVTData ); // IP Helper inline ULONG(__stdcall *pGetAdaptersAddresses)( ULONG Family, ULONG Flags, PVOID Reserved, IP_ADAPTER_ADDRESSES *AdapterAddresses, PULONG SizePointer ); inline ULONG(__stdcall *pGetAdaptersInfo)( _IP_ADAPTER_INFO * AdapterInfo, PULONG SizePointer ); inline bool gUseNativeWaitMutex {}; inline bool gUseNativeWaitCondvar {}; inline bool gUseNativeWaitSemapahore {}; inline bool gUseFastFail {}; void Win32DropInit(); void Win32DropSchedulerResolution(); void Win32Terminate(); HANDLE Win32Open(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, bool bInherit, DWORD dwCreationDisposition, DWORD dwFlags, DWORD dwAttributes ); }