2020-10-31 00:53:44 +01:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0
|
|
|
|
|
*
|
2021-01-30 16:45:26 +01:00
|
|
|
* Copyright (C) 2018-2021 WireGuard LLC. All Rights Reserved.
|
2020-10-31 00:53:44 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#pragma once
|
|
|
|
|
|
|
|
|
|
#include <Windows.h>
|
|
|
|
|
|
|
|
|
|
enum
|
|
|
|
|
{
|
|
|
|
|
SystemModuleInformation = 11
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
typedef struct _RTL_PROCESS_MODULE_INFORMATION
|
|
|
|
|
{
|
|
|
|
|
HANDLE Section;
|
|
|
|
|
PVOID MappedBase;
|
|
|
|
|
PVOID ImageBase;
|
|
|
|
|
ULONG ImageSize;
|
|
|
|
|
ULONG Flags;
|
|
|
|
|
USHORT LoadOrderIndex;
|
|
|
|
|
USHORT InitOrderIndex;
|
|
|
|
|
USHORT LoadCount;
|
|
|
|
|
USHORT OffsetToFileName;
|
|
|
|
|
UCHAR FullPathName[256];
|
|
|
|
|
} RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION;
|
|
|
|
|
|
|
|
|
|
typedef struct _RTL_PROCESS_MODULES
|
|
|
|
|
{
|
|
|
|
|
ULONG NumberOfModules;
|
|
|
|
|
RTL_PROCESS_MODULE_INFORMATION Modules[1];
|
|
|
|
|
} RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES;
|
2020-10-31 11:55:26 +01:00
|
|
|
|
2021-02-02 13:12:45 +01:00
|
|
|
typedef struct _KEY_NAME_INFORMATION
|
|
|
|
|
{
|
|
|
|
|
ULONG NameLength;
|
|
|
|
|
WCHAR Name[1];
|
|
|
|
|
} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
|
|
|
|
|
|
2020-11-03 15:28:17 +01:00
|
|
|
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) // TODO: #include <ntstatus.h> instead of this
|
2020-10-31 11:55:26 +01:00
|
|
|
|
2020-11-03 15:28:17 +01:00
|
|
|
/* We can't use RtlGetVersion, because appcompat's aclayers.dll shims it to report Vista
|
|
|
|
|
* when run from legacy contexts. So, we instead use the undocumented RtlGetNtVersionNumbers.
|
|
|
|
|
*
|
|
|
|
|
* Another way would be reading from the PEB directly:
|
2021-07-28 20:20:09 +02:00
|
|
|
* ((DWORD *)NtCurrentTeb()->ProcessEnvironmentBlock)[sizeof(VOID *) == 8 ? 70 : 41]
|
2020-11-03 15:28:17 +01:00
|
|
|
* Or just read from KUSER_SHARED_DATA the same way on 32-bit and 64-bit:
|
|
|
|
|
* *(DWORD *)0x7FFE026C
|
|
|
|
|
*/
|
|
|
|
|
EXTERN_C
|
|
|
|
|
DECLSPEC_IMPORT VOID NTAPI
|
|
|
|
|
RtlGetNtVersionNumbers(_Out_opt_ DWORD *MajorVersion, _Out_opt_ DWORD *MinorVersion, _Out_opt_ DWORD *BuildNumber);
|
2021-02-02 13:12:45 +01:00
|
|
|
|
|
|
|
|
EXTERN_C
|
|
|
|
|
DECLSPEC_IMPORT DWORD NTAPI
|
|
|
|
|
NtQueryKey(
|
|
|
|
|
_In_ HANDLE KeyHandle,
|
|
|
|
|
_In_ int KeyInformationClass,
|
|
|
|
|
_Out_bytecap_post_bytecount_(Length, *ResultLength) PVOID KeyInformation,
|
|
|
|
|
_In_ ULONG Length,
|
|
|
|
|
_Out_ PULONG ResultLength);
|
