Process Hacker
ntobapi.h
Go to the documentation of this file.
1 #ifndef _NTOBAPI_H
2 #define _NTOBAPI_H
3 
4 #if (PHNT_MODE != PHNT_MODE_KERNEL)
5 #define OBJECT_TYPE_CREATE 0x0001
6 #define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
7 #endif
8 
9 #if (PHNT_MODE != PHNT_MODE_KERNEL)
10 #define DIRECTORY_QUERY 0x0001
11 #define DIRECTORY_TRAVERSE 0x0002
12 #define DIRECTORY_CREATE_OBJECT 0x0004
13 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
14 #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xf)
15 #endif
16 
17 #if (PHNT_MODE != PHNT_MODE_KERNEL)
18 #define SYMBOLIC_LINK_QUERY 0x0001
19 #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
20 #endif
21 
22 #define OBJ_PROTECT_CLOSE 0x00000001
23 #ifndef OBJ_INHERIT
24 #define OBJ_INHERIT 0x00000002
25 #endif
26 #define OBJ_AUDIT_OBJECT_CLOSE 0x00000004
27 
28 #if (PHNT_MODE != PHNT_MODE_KERNEL)
29 typedef enum _OBJECT_INFORMATION_CLASS
30 {
31  ObjectBasicInformation,
32  ObjectNameInformation,
33  ObjectTypeInformation,
34  ObjectTypesInformation,
35  ObjectHandleFlagInformation,
36  ObjectSessionInformation,
37  MaxObjectInfoClass
38 } OBJECT_INFORMATION_CLASS;
39 #else
40 #define ObjectNameInformation 1
41 #define ObjectTypesInformation 3
42 #define ObjectHandleFlagInformation 4
43 #define ObjectSessionInformation 5
44 #endif
45 
46 typedef struct _OBJECT_BASIC_INFORMATION
47 {
48  ULONG Attributes;
49  ACCESS_MASK GrantedAccess;
50  ULONG HandleCount;
51  ULONG PointerCount;
52  ULONG PagedPoolCharge;
53  ULONG NonPagedPoolCharge;
54  ULONG Reserved[3];
55  ULONG NameInfoSize;
56  ULONG TypeInfoSize;
57  ULONG SecurityDescriptorSize;
58  LARGE_INTEGER CreationTime;
59 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
60 
61 #if (PHNT_MODE != PHNT_MODE_KERNEL)
62 typedef struct _OBJECT_NAME_INFORMATION
63 {
64  UNICODE_STRING Name;
65 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
66 #endif
67 
68 typedef struct _OBJECT_TYPE_INFORMATION
69 {
70  UNICODE_STRING TypeName;
71  ULONG TotalNumberOfObjects;
72  ULONG TotalNumberOfHandles;
73  ULONG TotalPagedPoolUsage;
74  ULONG TotalNonPagedPoolUsage;
75  ULONG TotalNamePoolUsage;
76  ULONG TotalHandleTableUsage;
77  ULONG HighWaterNumberOfObjects;
78  ULONG HighWaterNumberOfHandles;
79  ULONG HighWaterPagedPoolUsage;
80  ULONG HighWaterNonPagedPoolUsage;
81  ULONG HighWaterNamePoolUsage;
82  ULONG HighWaterHandleTableUsage;
83  ULONG InvalidAttributes;
84  GENERIC_MAPPING GenericMapping;
85  ULONG ValidAccessMask;
86  BOOLEAN SecurityRequired;
87  BOOLEAN MaintainHandleCount;
88  UCHAR TypeIndex; // since WINBLUE
89  CHAR ReservedByte;
90  ULONG PoolType;
91  ULONG DefaultPagedPoolCharge;
92  ULONG DefaultNonPagedPoolCharge;
93 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
94 
95 typedef struct _OBJECT_TYPES_INFORMATION
96 {
97  ULONG NumberOfTypes;
98 } OBJECT_TYPES_INFORMATION, *POBJECT_TYPES_INFORMATION;
99 
100 typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
101 {
102  BOOLEAN Inherit;
103  BOOLEAN ProtectFromClose;
104 } OBJECT_HANDLE_FLAG_INFORMATION, *POBJECT_HANDLE_FLAG_INFORMATION;
105 
106 // Objects, handles
107 
108 #if (PHNT_MODE != PHNT_MODE_KERNEL)
109 
110 NTSYSCALLAPI
111 NTSTATUS
112 NTAPI
113 NtQueryObject(
114  _In_ HANDLE Handle,
115  _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
116  _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
117  _In_ ULONG ObjectInformationLength,
118  _Out_opt_ PULONG ReturnLength
119  );
120 
121 NTSYSCALLAPI
122 NTSTATUS
123 NTAPI
124 NtSetInformationObject(
125  _In_ HANDLE Handle,
126  _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
127  _In_reads_bytes_(ObjectInformationLength) PVOID ObjectInformation,
128  _In_ ULONG ObjectInformationLength
129  );
130 
131 #define DUPLICATE_CLOSE_SOURCE 0x00000001
132 #define DUPLICATE_SAME_ACCESS 0x00000002
133 #define DUPLICATE_SAME_ATTRIBUTES 0x00000004
134 
135 NTSYSCALLAPI
136 NTSTATUS
137 NTAPI
138 NtDuplicateObject(
139  _In_ HANDLE SourceProcessHandle,
140  _In_ HANDLE SourceHandle,
141  _In_opt_ HANDLE TargetProcessHandle,
142  _Out_opt_ PHANDLE TargetHandle,
143  _In_ ACCESS_MASK DesiredAccess,
144  _In_ ULONG HandleAttributes,
145  _In_ ULONG Options
146  );
147 
148 NTSYSCALLAPI
149 NTSTATUS
150 NTAPI
151 NtMakeTemporaryObject(
152  _In_ HANDLE Handle
153  );
154 
155 NTSYSCALLAPI
156 NTSTATUS
157 NTAPI
158 NtMakePermanentObject(
159  _In_ HANDLE Handle
160  );
161 
162 NTSYSCALLAPI
163 NTSTATUS
164 NTAPI
165 NtSignalAndWaitForSingleObject(
166  _In_ HANDLE SignalHandle,
167  _In_ HANDLE WaitHandle,
168  _In_ BOOLEAN Alertable,
169  _In_opt_ PLARGE_INTEGER Timeout
170  );
171 
172 NTSYSCALLAPI
173 NTSTATUS
174 NTAPI
175 NtWaitForSingleObject(
176  _In_ HANDLE Handle,
177  _In_ BOOLEAN Alertable,
178  _In_opt_ PLARGE_INTEGER Timeout
179  );
180 
181 NTSYSCALLAPI
182 NTSTATUS
183 NTAPI
184 NtWaitForMultipleObjects(
185  _In_ ULONG Count,
186  _In_reads_(Count) HANDLE Handles[],
187  _In_ WAIT_TYPE WaitType,
188  _In_ BOOLEAN Alertable,
189  _In_opt_ PLARGE_INTEGER Timeout
190  );
191 
192 #if (PHNT_VERSION >= PHNT_WS03)
193 NTSYSCALLAPI
194 NTSTATUS
195 NTAPI
196 NtWaitForMultipleObjects32(
197  _In_ ULONG Count,
198  _In_reads_(Count) LONG Handles[],
199  _In_ WAIT_TYPE WaitType,
200  _In_ BOOLEAN Alertable,
201  _In_opt_ PLARGE_INTEGER Timeout
202  );
203 #endif
204 
205 NTSYSCALLAPI
206 NTSTATUS
207 NTAPI
208 NtSetSecurityObject(
209  _In_ HANDLE Handle,
210  _In_ SECURITY_INFORMATION SecurityInformation,
211  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
212  );
213 
214 NTSYSCALLAPI
215 NTSTATUS
216 NTAPI
217 NtQuerySecurityObject(
218  _In_ HANDLE Handle,
219  _In_ SECURITY_INFORMATION SecurityInformation,
220  _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor,
221  _In_ ULONG Length,
222  _Out_ PULONG LengthNeeded
223  );
224 
225 NTSYSCALLAPI
226 NTSTATUS
227 NTAPI
228 NtClose(
229  _In_ HANDLE Handle
230  );
231 
232 #if (PHNT_VERSION >= PHNT_THRESHOLD)
233 NTSYSCALLAPI
234 NTSTATUS
235 NTAPI
236 NtCompareObjects(
237  _In_ HANDLE FirstObjectHandle,
238  _In_ HANDLE SecondObjectHandle
239  );
240 #endif
241 
242 #endif
243 
244 // Directory objects
245 
246 #if (PHNT_MODE != PHNT_MODE_KERNEL)
247 
248 NTSYSCALLAPI
249 NTSTATUS
250 NTAPI
251 NtCreateDirectoryObject(
252  _Out_ PHANDLE DirectoryHandle,
253  _In_ ACCESS_MASK DesiredAccess,
254  _In_ POBJECT_ATTRIBUTES ObjectAttributes
255  );
256 
257 #if (PHNT_VERSION >= PHNT_WIN8)
258 NTSYSCALLAPI
259 NTSTATUS
260 NTAPI
261 NtCreateDirectoryObjectEx(
262  _Out_ PHANDLE DirectoryHandle,
263  _In_ ACCESS_MASK DesiredAccess,
264  _In_ POBJECT_ATTRIBUTES ObjectAttributes,
265  _In_ HANDLE ShadowDirectoryHandle,
266  _In_ ULONG Flags
267  );
268 #endif
269 
270 NTSYSCALLAPI
271 NTSTATUS
272 NTAPI
273 NtOpenDirectoryObject(
274  _Out_ PHANDLE DirectoryHandle,
275  _In_ ACCESS_MASK DesiredAccess,
276  _In_ POBJECT_ATTRIBUTES ObjectAttributes
277  );
278 
279 typedef struct _OBJECT_DIRECTORY_INFORMATION
280 {
281  UNICODE_STRING Name;
282  UNICODE_STRING TypeName;
283 } OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION;
284 
285 NTSYSCALLAPI
286 NTSTATUS
287 NTAPI
288 NtQueryDirectoryObject(
289  _In_ HANDLE DirectoryHandle,
290  _Out_writes_bytes_opt_(Length) PVOID Buffer,
291  _In_ ULONG Length,
292  _In_ BOOLEAN ReturnSingleEntry,
293  _In_ BOOLEAN RestartScan,
294  _Inout_ PULONG Context,
295  _Out_opt_ PULONG ReturnLength
296  );
297 
298 #endif
299 
300 // Private namespaces
301 
302 #if (PHNT_MODE != PHNT_MODE_KERNEL)
303 
304 #if (PHNT_VERSION >= PHNT_VISTA)
305 
306 NTSYSCALLAPI
307 NTSTATUS
308 NTAPI
309 NtCreatePrivateNamespace(
310  _Out_ PHANDLE NamespaceHandle,
311  _In_ ACCESS_MASK DesiredAccess,
312  _In_ POBJECT_ATTRIBUTES ObjectAttributes,
313  _In_ PVOID BoundaryDescriptor
314  );
315 
316 NTSYSCALLAPI
317 NTSTATUS
318 NTAPI
319 NtOpenPrivateNamespace(
320  _Out_ PHANDLE NamespaceHandle,
321  _In_ ACCESS_MASK DesiredAccess,
322  _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
323  _In_ PVOID BoundaryDescriptor
324  );
325 
326 NTSYSCALLAPI
327 NTSTATUS
328 NTAPI
329 NtDeletePrivateNamespace(
330  _In_ HANDLE NamespaceHandle
331  );
332 
333 #endif
334 
335 #endif
336 
337 // Symbolic links
338 
339 #if (PHNT_MODE != PHNT_MODE_KERNEL)
340 
341 NTSYSCALLAPI
342 NTSTATUS
343 NTAPI
344 NtCreateSymbolicLinkObject(
345  _Out_ PHANDLE LinkHandle,
346  _In_ ACCESS_MASK DesiredAccess,
347  _In_ POBJECT_ATTRIBUTES ObjectAttributes,
348  _In_ PUNICODE_STRING LinkTarget
349  );
350 
351 NTSYSCALLAPI
352 NTSTATUS
353 NTAPI
354 NtOpenSymbolicLinkObject(
355  _Out_ PHANDLE LinkHandle,
356  _In_ ACCESS_MASK DesiredAccess,
357  _In_ POBJECT_ATTRIBUTES ObjectAttributes
358  );
359 
360 NTSYSCALLAPI
361 NTSTATUS
362 NTAPI
363 NtQuerySymbolicLinkObject(
364  _In_ HANDLE LinkHandle,
365  _Inout_ PUNICODE_STRING LinkTarget,
366  _Out_opt_ PULONG ReturnedLength
367  );
368 
369 #endif
370 
371 #endif