From 2acec63b2ed75bf4b71ad257db573c4b8f9639e7 Mon Sep 17 00:00:00 2001
From: tumagonx
Date: Tue, 8 Aug 2017 10:54:53 +0700
Subject: initial commit

---
 ntproto.h | 289 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 289 insertions(+)
 create mode 100644 ntproto.h

(limited to 'ntproto.h')

diff --git a/ntproto.h b/ntproto.h
new file mode 100644
index 0000000..ddb3d76
--- /dev/null
+++ b/ntproto.h
@@ -0,0 +1,289 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *		ntproto.h
+ *
+ * Abstract:
+ *
+ *		This module defines various types defined in WINNT.H and used by hooking routines.
+ *
+ * Author:
+ *
+ *		Eugene Tsyrklevich 04-Mar-2004
+ */
+
+#ifndef __NTPROTO_H__
+#define __NTPROTO_H__
+
+
+
+typedef struct _SYSTEM_MODULE_INFORMATION {
+  ULONG Reserved[2];
+  PVOID Base;
+  ULONG Size;
+  ULONG Flags;
+  USHORT Index;
+  USHORT Unknown;
+  USHORT LoadCount;
+  USHORT ModuleNameOffset;
+  CHAR ImageName[256];
+} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
+
+
+
+/*
+ * from WINNT.H
+ */
+
+#ifndef _WINNT_
+
+typedef unsigned short      WORD;
+typedef unsigned long      DWORD;
+typedef unsigned char      BYTE;
+
+#define	IMAGE_DOS_SIGNATURE	0x5A4D
+
+typedef struct _IMAGE_DOS_HEADER {      // DOS .EXE header
+    WORD   e_magic;                     // Magic number
+    WORD   e_cblp;                      // Bytes on last page of file
+    WORD   e_cp;                        // Pages in file
+    WORD   e_crlc;                      // Relocations
+    WORD   e_cparhdr;                   // Size of header in paragraphs
+    WORD   e_minalloc;                  // Minimum extra paragraphs needed
+    WORD   e_maxalloc;                  // Maximum extra paragraphs needed
+    WORD   e_ss;                        // Initial (relative) SS value
+    WORD   e_sp;                        // Initial SP value
+    WORD   e_csum;                      // Checksum
+    WORD   e_ip;                        // Initial IP value
+    WORD   e_cs;                        // Initial (relative) CS value
+    WORD   e_lfarlc;                    // File address of relocation table
+    WORD   e_ovno;                      // Overlay number
+    WORD   e_res[4];                    // Reserved words
+    WORD   e_oemid;                     // OEM identifier (for e_oeminfo)
+    WORD   e_oeminfo;                   // OEM information; e_oemid specific
+    WORD   e_res2[10];                  // Reserved words
+    LONG   e_lfanew;                    // File address of new exe header
+} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
+
+
+typedef struct _IMAGE_FILE_HEADER {
+    WORD    Machine;
+    WORD    NumberOfSections;
+    DWORD   TimeDateStamp;
+    DWORD   PointerToSymbolTable;
+    DWORD   NumberOfSymbols;
+    WORD    SizeOfOptionalHeader;
+    WORD    Characteristics;
+
+} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
+
+
+typedef struct _IMAGE_DATA_DIRECTORY {
+    DWORD   VirtualAddress;
+    DWORD   Size;
+
+} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
+
+
+#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES    16
+
+typedef struct _IMAGE_OPTIONAL_HEADER {
+    //
+    // Standard fields.
+    //
+
+    WORD    Magic;
+    BYTE    MajorLinkerVersion;
+    BYTE    MinorLinkerVersion;
+    DWORD   SizeOfCode;
+    DWORD   SizeOfInitializedData;
+    DWORD   SizeOfUninitializedData;
+    DWORD   AddressOfEntryPoint;
+    DWORD   BaseOfCode;
+    DWORD   BaseOfData;
+
+    //
+    // NT additional fields.
+    //
+
+    DWORD   ImageBase;
+    DWORD   SectionAlignment;
+    DWORD   FileAlignment;
+    WORD    MajorOperatingSystemVersion;
+    WORD    MinorOperatingSystemVersion;
+    WORD    MajorImageVersion;
+    WORD    MinorImageVersion;
+    WORD    MajorSubsystemVersion;
+    WORD    MinorSubsystemVersion;
+    DWORD   Win32VersionValue;
+    DWORD   SizeOfImage;
+    DWORD   SizeOfHeaders;
+    DWORD   CheckSum;
+    WORD    Subsystem;
+    WORD    DllCharacteristics;
+    DWORD   SizeOfStackReserve;
+    DWORD   SizeOfStackCommit;
+    DWORD   SizeOfHeapReserve;
+    DWORD   SizeOfHeapCommit;
+    DWORD   LoaderFlags;
+    DWORD   NumberOfRvaAndSizes;
+    IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
+
+} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;
+
+
+// "PE\0\0"
+#define	IMAGE_PE_SIGNATURE	0x00004550
+
+typedef struct _IMAGE_NT_HEADERS {
+    DWORD Signature;
+    IMAGE_FILE_HEADER FileHeader;
+    IMAGE_OPTIONAL_HEADER32 OptionalHeader;
+
+} IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;
+
+
+#ifdef _WIN64
+#error Win64 not supported
+#else
+typedef IMAGE_NT_HEADERS32                  IMAGE_NT_HEADERS;
+typedef PIMAGE_NT_HEADERS32                 PIMAGE_NT_HEADERS;
+#endif
+
+typedef struct _IMAGE_EXPORT_DIRECTORY {
+    DWORD   Characteristics;
+    DWORD   TimeDateStamp;
+    WORD    MajorVersion;
+    WORD    MinorVersion;
+    DWORD   Name;
+    DWORD   OrdinalBase;
+    DWORD   NumberOfFunctions;
+    DWORD   NumberOfNames;
+    DWORD   AddressOfFunctions;     // RVA from base of image
+    DWORD   AddressOfNames;         // RVA from base of image
+    DWORD   AddressOfNameOrdinals;  // RVA from base of image
+
+} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
+
+
+#define IMAGE_DIRECTORY_ENTRY_EXPORT          0   // Export Directory
+#define IMAGE_DIRECTORY_ENTRY_IMPORT          1   // Import Directory
+#define IMAGE_DIRECTORY_ENTRY_RESOURCE        2   // Resource Directory
+#define IMAGE_DIRECTORY_ENTRY_EXCEPTION       3   // Exception Directory
+#define IMAGE_DIRECTORY_ENTRY_SECURITY        4   // Security Directory
+#define IMAGE_DIRECTORY_ENTRY_BASERELOC       5   // Base Relocation Table
+#define IMAGE_DIRECTORY_ENTRY_DEBUG           6   // Debug Directory
+//      IMAGE_DIRECTORY_ENTRY_COPYRIGHT       7   // (X86 usage)
+#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE    7   // Architecture Specific Data
+#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR       8   // RVA of GP
+#define IMAGE_DIRECTORY_ENTRY_TLS             9   // TLS Directory
+#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG    10   // Load Configuration Directory
+#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT   11   // Bound Import Directory in headers
+#define IMAGE_DIRECTORY_ENTRY_IAT            12   // Import Address Table
+#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT   13   // Delay Load Import Descriptors
+#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 14   // COM Runtime descriptor
+
+
+typedef struct _SID_AND_ATTRIBUTES
+{
+    PSID				Sid;
+    DWORD				Attributes;
+
+} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
+
+										// Query Set
+typedef enum _TOKEN_INFORMATION_CLASS
+{
+	TokenUser = 1,						// 1 Y N
+	TokenGroups,						// 2 Y N
+	TokenPrivileges,					// 3 Y N
+	TokenOwner,							// 4 Y Y
+	TokenPrimaryGroup,					// 5 Y Y
+	TokenDefaultDacl,					// 6 Y Y
+	TokenSource,						// 7 Y N
+	TokenType,							// 8 Y N
+	TokenImpersonationLevel,			// 9 Y N
+	TokenStatistics,					// 10 Y N
+	TokenRestrictedSids,				// 11 Y N
+	TokenSessionId						// 12 Y Y
+
+} TOKEN_INFORMATION_CLASS;
+
+
+/* Information Class 1 */
+
+typedef struct _TOKEN_USER
+{
+	SID_AND_ATTRIBUTES	User;
+
+} TOKEN_USER, *PTOKEN_USER;
+
+
+#define JOB_OBJECT_ASSIGN_PROCESS           (0x0001)
+#define JOB_OBJECT_SET_ATTRIBUTES           (0x0002)
+#define JOB_OBJECT_QUERY                    (0x0004)
+#define JOB_OBJECT_TERMINATE                (0x0008)
+#define JOB_OBJECT_SET_SECURITY_ATTRIBUTES  (0x0010)
+#define JOB_OBJECT_ALL_ACCESS				(STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1F)
+
+#define MUTANT_QUERY_STATE					(0x0001)
+#define MUTANT_ALL_ACCESS					(STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE |  MUTANT_QUERY_STATE)
+
+
+#define TIMER_QUERY_STATE					(0x0001)
+#define TIMER_MODIFY_STATE					(0x0002)
+#define TIMER_ALL_ACCESS					(STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|TIMER_QUERY_STATE|TIMER_MODIFY_STATE)
+
+
+#define PROCESS_TERMINATE         (0x0001)  
+#define PROCESS_CREATE_THREAD     (0x0002)  
+#define PROCESS_SET_SESSIONID     (0x0004)  
+#define PROCESS_VM_OPERATION      (0x0008)  
+#define PROCESS_VM_READ           (0x0010)  
+#define PROCESS_VM_WRITE          (0x0020)  
+#define PROCESS_DUP_HANDLE        (0x0040)  
+#define PROCESS_CREATE_PROCESS    (0x0080)  
+#define PROCESS_SET_QUOTA         (0x0100)  
+#define PROCESS_SET_INFORMATION   (0x0200)  
+#define PROCESS_QUERY_INFORMATION (0x0400)  
+#define PROCESS_SUSPEND_RESUME    (0x0800)  
+#define PROCESS_ALL_ACCESS        (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF)
+
+
+#define THREAD_TERMINATE               (0x0001)  
+#define THREAD_SUSPEND_RESUME          (0x0002)  
+#define THREAD_GET_CONTEXT             (0x0008)  
+#define THREAD_SET_CONTEXT             (0x0010)  
+#define THREAD_SET_INFORMATION         (0x0020)  
+#define THREAD_QUERY_INFORMATION       (0x0040)  
+#define THREAD_SET_THREAD_TOKEN        (0x0080)
+#define THREAD_IMPERSONATE             (0x0100)
+#define THREAD_DIRECT_IMPERSONATION    (0x0200)
+#define THREAD_ALL_ACCESS				(STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3FF)
+
+
+/*
+ * Token Specific Access Rights.
+ */
+
+#define TOKEN_ASSIGN_PRIMARY    (0x0001)
+#define TOKEN_DUPLICATE         (0x0002)
+#define TOKEN_IMPERSONATE       (0x0004)
+#define TOKEN_QUERY             (0x0008)
+#define TOKEN_QUERY_SOURCE      (0x0010)
+#define TOKEN_ADJUST_PRIVILEGES (0x0020)
+#define TOKEN_ADJUST_GROUPS     (0x0040)
+#define TOKEN_ADJUST_DEFAULT    (0x0080)
+#define TOKEN_ADJUST_SESSIONID  (0x0100)
+
+
+#define	CURRENT_THREAD			((HANDLE) -2)
+#define	CURRENT_PROCESS			((HANDLE) -1)
+
+
+#endif _WINNT_
+
+
+#endif	/* __NTPROTO_H__ */
\ No newline at end of file
-- 
cgit v1.3