Skip to content

Commit

Permalink
PHNT: Add extra types and functions
Browse files Browse the repository at this point in the history
  • Loading branch information
@dmex
dmex committed Jun 26, 2021
1 parent af05a75 commit d8f0043
Show file tree
Hide file tree
Showing 7 changed files with 320 additions and 46 deletions.
26 changes: 13 additions & 13 deletions phnt/include/ntexapi.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2351,7 +2351,7 @@ typedef struct _SYSTEM_LOOKASIDE_INFORMATION
// private
typedef struct _SYSTEM_RANGE_START_INFORMATION
{
PVOID SystemRangeStart;
ULONG_PTR SystemRangeStart;
} SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;

typedef struct _SYSTEM_VERIFIER_INFORMATION_LEGACY // pre-19H1
Expand Down Expand Up @@ -2435,20 +2435,21 @@ typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
PVOID Buffer;
} SYSTEM_SESSION_PROCESS_INFORMATION, *PSYSTEM_SESSION_PROCESS_INFORMATION;

// geoffchappell
#ifdef _WIN64
#define MAXIMUM_NODE_COUNT 0x40
#else
#define MAXIMUM_NODE_COUNT 0x10
#endif

// geoffchappell
// private
typedef struct _SYSTEM_NUMA_INFORMATION
{
ULONG HighestNodeNumber;
ULONG Reserved;
union
{
ULONGLONG ActiveProcessorsGroupAffinity[MAXIMUM_NODE_COUNT];
GROUP_AFFINITY ActiveProcessorsGroupAffinity[MAXIMUM_NODE_COUNT];
ULONGLONG AvailableMemory[MAXIMUM_NODE_COUNT];
ULONGLONG Pad[MAXIMUM_NODE_COUNT * 2];
};
Expand Down Expand Up @@ -2790,6 +2791,8 @@ typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION
#define CODEINTEGRITY_OPTION_HVCI_KMCI_AUDITMODE_ENABLED 0x800
#define CODEINTEGRITY_OPTION_HVCI_KMCI_STRICTMODE_ENABLED 0x1000
#define CODEINTEGRITY_OPTION_HVCI_IUM_ENABLED 0x2000
#define CODEINTEGRITY_OPTION_WHQL_ENFORCEMENT_ENABLED 0x4000
#define CODEINTEGRITY_OPTION_WHQL_AUDITMODE_ENABLED 0x8000

// private
typedef struct _SYSTEM_CODEINTEGRITY_INFORMATION
Expand Down Expand Up @@ -3592,16 +3595,13 @@ typedef struct _SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT
// private
typedef struct _SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION
{
struct
{
ULONG Machine : 16;
ULONG KernelMode : 1;
ULONG UserMode : 1;
ULONG Native : 1;
ULONG Process : 1;
ULONG WoW64Container : 1;
ULONG ReservedZero0 : 11;
};
ULONG Machine : 16;
ULONG KernelMode : 1;
ULONG UserMode : 1;
ULONG Native : 1;
ULONG Process : 1;
ULONG WoW64Container : 1;
ULONG ReservedZero0 : 11;
} SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION, *PSYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION;

// private
Expand Down
20 changes: 13 additions & 7 deletions phnt/include/ntmmapi.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,11 @@ typedef struct _MEMORY_REGION_INFORMATION
ULONG SoftwareEnclave : 1; // REDSTONE3
ULONG PageSize64K : 1;
ULONG PlaceholderReservation : 1; // REDSTONE4
ULONG Reserved : 23;
ULONG MappedAwe : 1; // 21H1
ULONG MappedWriteWatch : 1;
ULONG PageSizeLarge : 1;
ULONG PageSizeHuge : 1;
ULONG Reserved : 19;
};
};
SIZE_T RegionSize;
Expand Down Expand Up @@ -272,12 +276,12 @@ typedef struct _MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION
{
union
{
ULONG AllInformation;
struct
{
ULONG State : 2;
ULONG Reserved : 30;
};
ULONG AllInformation;
};
} MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION, *PMEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION;

Expand Down Expand Up @@ -349,32 +353,33 @@ typedef struct _MEMORY_FRAME_INFORMATION
ULONGLONG Cold : 1; // 19H1
ULONGLONG Pinned : 1; // 1 - pinned, 0 - not pinned
ULONGLONG DontUse : 48; // *_INFORMATION overlay
ULONGLONG Priority : 3; // rev
ULONGLONG Reserved : 4; // reserved for future expansion
ULONGLONG Priority : 3;
ULONGLONG NonTradeable : 1;
ULONGLONG Reserved : 3;
} MEMORY_FRAME_INFORMATION;

// private
typedef struct _FILEOFFSET_INFORMATION
{
ULONGLONG DontUse : 9; // MEMORY_FRAME_INFORMATION overlay
ULONGLONG Offset : 48; // mapped files
ULONGLONG Reserved : 7; // reserved for future expansion
ULONGLONG Reserved : 7;
} FILEOFFSET_INFORMATION;

// private
typedef struct _PAGEDIR_INFORMATION
{
ULONGLONG DontUse : 9; // MEMORY_FRAME_INFORMATION overlay
ULONGLONG PageDirectoryBase : 48; // private pages
ULONGLONG Reserved : 7; // reserved for future expansion
ULONGLONG Reserved : 7;
} PAGEDIR_INFORMATION;

// private
typedef struct _UNIQUE_PROCESS_INFORMATION
{
ULONGLONG DontUse : 9; // MEMORY_FRAME_INFORMATION overlay
ULONGLONG UniqueProcessKey : 48; // ProcessId
ULONGLONG Reserved : 7; // reserved for future expansion
ULONGLONG Reserved : 7;
} UNIQUE_PROCESS_INFORMATION, *PUNIQUE_PROCESS_INFORMATION;

// private
Expand Down Expand Up @@ -625,6 +630,7 @@ typedef enum _VIRTUAL_MEMORY_INFORMATION_CLASS
VmImageHotPatchInformation, // 19H1
VmPhysicalContiguityInformation, // 20H1
VmVirtualMachinePrepopulateInformation,
VmRemoveFromWorkingSetInformation,
MaxVmInfoClass
} VIRTUAL_MEMORY_INFORMATION_CLASS;

Expand Down
6 changes: 5 additions & 1 deletion phnt/include/ntpsapi.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1571,6 +1571,7 @@ typedef enum _PS_ATTRIBUTE_NUM
PsAttributeBnoIsolation, // PS_BNO_ISOLATION_PARAMETERS
PsAttributeDesktopAppPolicy, // in ULONG
PsAttributeChpe, // since REDSTONE3
PsAttributeMitigationAuditOptions, // since 21H1
PsAttributeMax
} PS_ATTRIBUTE_NUM;

Expand Down Expand Up @@ -1734,7 +1735,10 @@ typedef enum _PS_MITIGATION_OPTION
PS_MITIGATION_OPTION_RESTRICT_INDIRECT_BRANCH_PREDICTION,
PS_MITIGATION_OPTION_SPECULATIVE_STORE_BYPASS_DISABLE, // since REDSTONE5
PS_MITIGATION_OPTION_ALLOW_DOWNGRADE_DYNAMIC_CODE_POLICY,
PS_MITIGATION_OPTION_CET_SHADOW_STACKS
PS_MITIGATION_OPTION_CET_USER_SHADOW_STACKS,
PS_MITIGATION_OPTION_USER_CET_SET_CONTEXT_IP_VALIDATION, // since 21H1
PS_MITIGATION_OPTION_BLOCK_NON_CET_BINARIES,
PS_MITIGATION_OPTION_CET_DYNAMIC_APIS_OUT_OF_PROC_ONLY
} PS_MITIGATION_OPTION;

// windows-internals-book:"Chapter 5"
Expand Down
75 changes: 68 additions & 7 deletions phnt/include/ntrtl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6318,8 +6318,8 @@ NTSYSAPI
NTSTATUS
NTAPI
RtlSelfRelativeToAbsoluteSD2(
_Inout_ PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
_Inout_ PULONG pBufferSize
_Inout_ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
_Inout_ PULONG BufferSize
);

// Access masks
Expand Down Expand Up @@ -6428,9 +6428,9 @@ NTSYSAPI
PVOID
NTAPI
RtlFindAceByType(
_In_ PACL pAcl,
_In_ PACL Acl,
_In_ UCHAR AceType,
_Out_opt_ PULONG pIndex
_Out_opt_ PULONG Index
);
#endif

Expand Down Expand Up @@ -6734,6 +6734,40 @@ RtlCopySecurityDescriptor(
_Out_ PSECURITY_DESCRIPTOR *OutputSecurityDescriptor
);

// private
typedef struct _RTL_ACE_DATA
{
UCHAR AceType;
UCHAR InheritFlags;
UCHAR AceFlags;
ACCESS_MASK AccessMask;
PSID* Sid;
} RTL_ACE_DATA, *PRTL_ACE_DATA;

NTSYSAPI
NTSTATUS
NTAPI
RtlCreateUserSecurityObject(
_In_ PRTL_ACE_DATA AceData,
_In_ ULONG AceCount,
_In_ PSID OwnerSid,
_In_ PSID GroupSid,
_In_ BOOLEAN IsDirectoryObject,
_In_ PGENERIC_MAPPING GenericMapping,
_Out_ PSECURITY_DESCRIPTOR* NewSecurityDescriptor
);

NTSYSAPI
NTSTATUS
NTAPI
RtlCreateAndSetSD(
_In_ PRTL_ACE_DATA AceData,
_In_ ULONG AceCount,
_In_opt_ PSID OwnerSid,
_In_opt_ PSID GroupSid,
_Out_ PSECURITY_DESCRIPTOR* NewSecurityDescriptor
);

// Misc. security

NTSYSAPI
Expand Down Expand Up @@ -6957,12 +6991,14 @@ RtlDeregisterWait(
_In_ HANDLE WaitHandle
);

#define RTL_WAITER_DEREGISTER_WAIT_FOR_COMPLETION ((HANDLE)(LONG_PTR)-1)

NTSYSAPI
NTSTATUS
NTAPI
RtlDeregisterWaitEx(
_In_ HANDLE WaitHandle,
_In_ HANDLE Event
_In_opt_ HANDLE Event
);

NTSYSAPI
Expand Down Expand Up @@ -7049,6 +7085,8 @@ RtlUpdateTimer(
_In_ ULONG Period
);

#define RTL_TIMER_DELETE_WAIT_FOR_COMPLETION ((HANDLE)(LONG_PTR)-1)

NTSYSAPI
NTSTATUS
NTAPI
Expand All @@ -7070,7 +7108,7 @@ NTSTATUS
NTAPI
RtlDeleteTimerQueueEx(
_In_ HANDLE TimerQueueHandle,
_In_ HANDLE Event
_In_opt_ HANDLE Event
);

// Registry access
Expand Down Expand Up @@ -7612,6 +7650,7 @@ typedef enum _IMAGE_MITIGATION_POLICY
ImageChildProcessPolicy, // RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY
ImageSehopPolicy, // RTL_IMAGE_MITIGATION_SEHOP_POLICY
ImageHeapPolicy, // RTL_IMAGE_MITIGATION_HEAP_POLICY
ImageUserShadowStackPolicy, // RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY
MaxImageMitigationPolicy
} IMAGE_MITIGATION_POLICY;

Expand Down Expand Up @@ -7730,13 +7769,27 @@ typedef struct _RTL_IMAGE_MITIGATION_HEAP_POLICY
RTL_IMAGE_MITIGATION_POLICY TerminateOnHeapErrors;
} RTL_IMAGE_MITIGATION_HEAP_POLICY, *PRTL_IMAGE_MITIGATION_HEAP_POLICY;

// rev
typedef struct _RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY
{
RTL_IMAGE_MITIGATION_POLICY UserShadowStack;
RTL_IMAGE_MITIGATION_POLICY SetContextIpValidation;
RTL_IMAGE_MITIGATION_POLICY BlockNonCetBinaries;
} RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY, *PRTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY;

typedef enum _RTL_IMAGE_MITIGATION_OPTION_STATE
{
RtlMitigationOptionStateNotConfigured,
RtlMitigationOptionStateOn,
RtlMitigationOptionStateOff
RtlMitigationOptionStateOff,
RtlMitigationOptionStateForce,
RtlMitigationOptionStateOption
} RTL_IMAGE_MITIGATION_OPTION_STATE;

#define RTL_IMAGE_MITIGATION_OPTION_STATEMASK 3UL
#define RTL_IMAGE_MITIGATION_OPTION_FORCEMASK 4UL
#define RTL_IMAGE_MITIGATION_OPTION_OPTIONMASK 8UL

// rev from PROCESS_MITIGATION_FLAGS
#define RTL_IMAGE_MITIGATION_FLAG_RESET 0x1
#define RTL_IMAGE_MITIGATION_FLAG_REMOVE 0x2
Expand Down Expand Up @@ -7899,6 +7952,14 @@ RtlIsParentOfChildAppContainer(
_In_ PSID ChildAppContainerSid
);

// rev
NTSYSAPI
NTSTATUS
NTAPI
RtlIsApiSetImplemented(
_In_ PCSTR Namespace
);

// rev
NTSYSAPI
BOOLEAN
Expand Down
Loading

0 comments on commit d8f0043

Please sign in to comment.