Process Hacker
phsvcapi.h
Go to the documentation of this file.
1 #ifndef PH_PHSVCAPI_H
2 #define PH_PHSVCAPI_H
3 
4 #define PHSVC_PORT_NAME (L"\\BaseNamedObjects\\PhSvcApiPort")
5 #define PHSVC_WOW64_PORT_NAME (L"\\BaseNamedObjects\\PhSvcWow64ApiPort")
6 
7 typedef enum _PHSVC_API_NUMBER
8 {
9  PhSvcPluginApiNumber = 1,
10  PhSvcExecuteRunAsCommandApiNumber = 2,
11  PhSvcUnloadDriverApiNumber = 3,
12  PhSvcControlProcessApiNumber = 4,
13  PhSvcControlServiceApiNumber = 5,
14  PhSvcCreateServiceApiNumber = 6,
15  PhSvcChangeServiceConfigApiNumber = 7,
16  PhSvcChangeServiceConfig2ApiNumber = 8,
17  PhSvcSetTcpEntryApiNumber = 9,
18  PhSvcControlThreadApiNumber = 10,
19  PhSvcAddAccountRightApiNumber = 11,
20  PhSvcInvokeRunAsServiceApiNumber = 12,
21  PhSvcIssueMemoryListCommandApiNumber = 13,
22  PhSvcPostMessageApiNumber = 14,
23  PhSvcSendMessageApiNumber = 15,
24  PhSvcCreateProcessIgnoreIfeoDebuggerApiNumber = 16,
25  PhSvcSetServiceSecurityApiNumber = 17,
26  PhSvcLoadDbgHelpApiNumber = 18, // WOW64 compatible
27  PhSvcWriteMiniDumpProcessApiNumber = 19, // WOW64 compatible
28  PhSvcMaximumApiNumber
29 } PHSVC_API_NUMBER, *PPHSVC_API_NUMBER;
30 
31 typedef struct _PHSVC_API_CONNECTINFO
32 {
33  ULONG ServerProcessId;
34 } PHSVC_API_CONNECTINFO, *PPHSVC_API_CONNECTINFO;
35 
36 typedef union _PHSVC_API_PLUGIN
37 {
38  struct
39  {
40  PH_RELATIVE_STRINGREF ApiId;
41  ULONG Data[30];
42  } i;
43  struct
44  {
45  ULONG Data[32];
46  } o;
47 } PHSVC_API_PLUGIN, *PPHSVC_API_PLUGIN;
48 
49 typedef union _PHSVC_API_EXECUTERUNASCOMMAND
50 {
51  struct
52  {
53  ULONG ProcessId;
54  PH_RELATIVE_STRINGREF UserName;
55  PH_RELATIVE_STRINGREF Password;
56  ULONG LogonType;
57  ULONG SessionId;
58  PH_RELATIVE_STRINGREF CurrentDirectory;
59  PH_RELATIVE_STRINGREF CommandLine;
60  PH_RELATIVE_STRINGREF FileName;
61  PH_RELATIVE_STRINGREF DesktopName;
62  BOOLEAN UseLinkedToken;
63  PH_RELATIVE_STRINGREF ServiceName;
64  } i;
65 } PHSVC_API_EXECUTERUNASCOMMAND, *PPHSVC_API_EXECUTERUNASCOMMAND;
66 
67 typedef union _PHSVC_API_UNLOADDRIVER
68 {
69  struct
70  {
71  PVOID BaseAddress;
72  PH_RELATIVE_STRINGREF Name;
73  } i;
74 } PHSVC_API_UNLOADDRIVER, *PPHSVC_API_UNLOADDRIVER;
75 
76 typedef enum _PHSVC_API_CONTROLPROCESS_COMMAND
77 {
78  PhSvcControlProcessTerminate = 1,
79  PhSvcControlProcessSuspend,
80  PhSvcControlProcessResume,
81  PhSvcControlProcessPriority,
82  PhSvcControlProcessIoPriority
83 } PHSVC_API_CONTROLPROCESS_COMMAND;
84 
85 typedef union _PHSVC_API_CONTROLPROCESS
86 {
87  struct
88  {
89  HANDLE ProcessId;
90  PHSVC_API_CONTROLPROCESS_COMMAND Command;
91  ULONG Argument;
92  } i;
93 } PHSVC_API_CONTROLPROCESS, *PPHSVC_API_CONTROLPROCESS;
94 
95 typedef enum _PHSVC_API_CONTROLSERVICE_COMMAND
96 {
97  PhSvcControlServiceStart = 1,
98  PhSvcControlServiceContinue,
99  PhSvcControlServicePause,
100  PhSvcControlServiceStop,
101  PhSvcControlServiceDelete
102 } PHSVC_API_CONTROLSERVICE_COMMAND;
103 
104 typedef union _PHSVC_API_CONTROLSERVICE
105 {
106  struct
107  {
108  PH_RELATIVE_STRINGREF ServiceName;
109  PHSVC_API_CONTROLSERVICE_COMMAND Command;
110  } i;
111 } PHSVC_API_CONTROLSERVICE, *PPHSVC_API_CONTROLSERVICE;
112 
113 typedef union _PHSVC_API_CREATESERVICE
114 {
115  struct
116  {
117  // ServiceName is the only required string.
118  PH_RELATIVE_STRINGREF ServiceName;
119  PH_RELATIVE_STRINGREF DisplayName;
120  ULONG ServiceType;
121  ULONG StartType;
122  ULONG ErrorControl;
123  PH_RELATIVE_STRINGREF BinaryPathName;
124  PH_RELATIVE_STRINGREF LoadOrderGroup;
125  PH_RELATIVE_STRINGREF Dependencies;
126  PH_RELATIVE_STRINGREF ServiceStartName;
127  PH_RELATIVE_STRINGREF Password;
128  BOOLEAN TagIdSpecified;
129  } i;
130  struct
131  {
132  ULONG TagId;
133  } o;
134 } PHSVC_API_CREATESERVICE, *PPHSVC_API_CREATESERVICE;
135 
136 typedef union _PHSVC_API_CHANGESERVICECONFIG
137 {
138  struct
139  {
140  PH_RELATIVE_STRINGREF ServiceName;
141  ULONG ServiceType;
142  ULONG StartType;
143  ULONG ErrorControl;
144  PH_RELATIVE_STRINGREF BinaryPathName;
145  PH_RELATIVE_STRINGREF LoadOrderGroup;
146  PH_RELATIVE_STRINGREF Dependencies;
147  PH_RELATIVE_STRINGREF ServiceStartName;
148  PH_RELATIVE_STRINGREF Password;
149  PH_RELATIVE_STRINGREF DisplayName;
150  BOOLEAN TagIdSpecified;
151  } i;
152  struct
153  {
154  ULONG TagId;
155  } o;
156 } PHSVC_API_CHANGESERVICECONFIG, *PPHSVC_API_CHANGESERVICECONFIG;
157 
158 typedef union _PHSVC_API_CHANGESERVICECONFIG2
159 {
160  struct
161  {
162  PH_RELATIVE_STRINGREF ServiceName;
163  ULONG InfoLevel;
164  PH_RELATIVE_STRINGREF Info;
165  } i;
166 } PHSVC_API_CHANGESERVICECONFIG2, *PPHSVC_API_CHANGESERVICECONFIG2;
167 
168 typedef union _PHSVC_API_SETTCPENTRY
169 {
170  struct
171  {
172  ULONG State;
173  ULONG LocalAddress;
174  ULONG LocalPort;
175  ULONG RemoteAddress;
176  ULONG RemotePort;
177  } i;
178 } PHSVC_API_SETTCPENTRY, *PPHSVC_API_SETTCPENTRY;
179 
180 typedef enum _PHSVC_API_CONTROLTHREAD_COMMAND
181 {
182  PhSvcControlThreadTerminate = 1,
183  PhSvcControlThreadSuspend,
184  PhSvcControlThreadResume,
185  PhSvcControlThreadIoPriority
186 } PHSVC_API_CONTROLTHREAD_COMMAND;
187 
188 typedef union _PHSVC_API_CONTROLTHREAD
189 {
190  struct
191  {
192  HANDLE ThreadId;
193  PHSVC_API_CONTROLTHREAD_COMMAND Command;
194  ULONG Argument;
195  } i;
196 } PHSVC_API_CONTROLTHREAD, *PPHSVC_API_CONTROLTHREAD;
197 
198 typedef union _PHSVC_API_ADDACCOUNTRIGHT
199 {
200  struct
201  {
202  PH_RELATIVE_STRINGREF AccountSid;
203  PH_RELATIVE_STRINGREF UserRight;
204  } i;
205 } PHSVC_API_ADDACCOUNTRIGHT, *PPHSVC_API_ADDACCOUNTRIGHT;
206 
207 typedef union _PHSVC_API_ISSUEMEMORYLISTCOMMAND
208 {
209  struct
210  {
211  SYSTEM_MEMORY_LIST_COMMAND Command;
212  } i;
213 } PHSVC_API_ISSUEMEMORYLISTCOMMAND, *PPHSVC_API_ISSUEMEMORYLISTCOMMAND;
214 
215 typedef union _PHSVC_API_POSTMESSAGE
216 {
217  struct
218  {
219  HWND hWnd;
220  UINT Msg;
221  WPARAM wParam;
222  LPARAM lParam;
223  } i;
224 } PHSVC_API_POSTMESSAGE, *PPHSVC_API_POSTMESSAGE;
225 
226 typedef union _PHSVC_API_CREATEPROCESSIGNOREIFEODEBUGGER
227 {
228  struct
229  {
230  PH_RELATIVE_STRINGREF FileName;
231  } i;
232 } PHSVC_API_CREATEPROCESSIGNOREIFEODEBUGGER, *PPHSVC_API_CREATEPROCESSIGNOREIFEODEBUGGER;
233 
234 typedef union _PHSVC_API_SETSERVICESECURITY
235 {
236  struct
237  {
238  PH_RELATIVE_STRINGREF ServiceName;
239  SECURITY_INFORMATION SecurityInformation;
240  PH_RELATIVE_STRINGREF SecurityDescriptor;
241  } i;
242 } PHSVC_API_SETSERVICESECURITY, *PPHSVC_API_SETSERVICESECURITY;
243 
244 typedef union _PHSVC_API_LOADDBGHELP
245 {
246  struct
247  {
248  PH_RELATIVE_STRINGREF DbgHelpPath;
249  } i;
250 } PHSVC_API_LOADDBGHELP, *PPHSVC_API_LOADDBGHELP;
251 
252 typedef union _PHSVC_API_WRITEMINIDUMPPROCESS
253 {
254  struct
255  {
256  ULONG LocalProcessHandle;
257  ULONG ProcessId;
258  ULONG LocalFileHandle;
259  ULONG DumpType;
260  } i;
261 } PHSVC_API_WRITEMINIDUMPPROCESS, *PPHSVC_API_WRITEMINIDUMPPROCESS;
262 
263 typedef union _PHSVC_API_PAYLOAD
264 {
265  PHSVC_API_CONNECTINFO ConnectInfo;
266  struct
267  {
268  PHSVC_API_NUMBER ApiNumber;
269  NTSTATUS ReturnStatus;
270 
271  union
272  {
273  PHSVC_API_PLUGIN Plugin;
274  PHSVC_API_EXECUTERUNASCOMMAND ExecuteRunAsCommand;
275  PHSVC_API_UNLOADDRIVER UnloadDriver;
276  PHSVC_API_CONTROLPROCESS ControlProcess;
277  PHSVC_API_CONTROLSERVICE ControlService;
278  PHSVC_API_CREATESERVICE CreateService;
279  PHSVC_API_CHANGESERVICECONFIG ChangeServiceConfig;
280  PHSVC_API_CHANGESERVICECONFIG2 ChangeServiceConfig2;
281  PHSVC_API_SETTCPENTRY SetTcpEntry;
282  PHSVC_API_CONTROLTHREAD ControlThread;
283  PHSVC_API_ADDACCOUNTRIGHT AddAccountRight;
284  PHSVC_API_ISSUEMEMORYLISTCOMMAND IssueMemoryListCommand;
285  PHSVC_API_POSTMESSAGE PostMessage;
286  PHSVC_API_CREATEPROCESSIGNOREIFEODEBUGGER CreateProcessIgnoreIfeoDebugger;
287  PHSVC_API_SETSERVICESECURITY SetServiceSecurity;
288  PHSVC_API_LOADDBGHELP LoadDbgHelp;
289  PHSVC_API_WRITEMINIDUMPPROCESS WriteMiniDumpProcess;
290  } u;
291  };
292 } PHSVC_API_PAYLOAD, *PPHSVC_API_PAYLOAD;
293 
294 typedef struct _PHSVC_API_MSG
295 {
296  PORT_MESSAGE h;
297  PHSVC_API_PAYLOAD p;
298 } PHSVC_API_MSG, *PPHSVC_API_MSG;
299 
300 typedef struct _PHSVC_API_MSG64
301 {
302  PORT_MESSAGE64 h;
303  PHSVC_API_PAYLOAD p;
304 } PHSVC_API_MSG64, *PPHSVC_API_MSG64;
305 
306 C_ASSERT(FIELD_OFFSET(PHSVC_API_PAYLOAD, u) == 8);
307 C_ASSERT(sizeof(PHSVC_API_MSG) <= PORT_TOTAL_MAXIMUM_MESSAGE_LENGTH);
308 C_ASSERT(sizeof(PHSVC_API_MSG64) <= PORT_TOTAL_MAXIMUM_MESSAGE_LENGTH);
309 
310 #endif