开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > 系统/网络安全 > 杀毒 > 查看源码
ntdll.h
资源名称:OurAntiEvilTools.rar [点击查看]
上传用户:shouhua
上传日期:2014-12-06
资源大小:5685k
文件大小:6k
源码类别:

杀毒

开发平台:

Visual C++

ntdll.h:源码内容
  1. typedef LONG NTSTATUS;
  2. #define   OBJ_INHERIT  0x02
  3. #define   STATUS_SUCCESS  0x0
  4. #define   DUPLICATE_SAME_ATTRIBUTES  0x04
  5. #define NT_SUCCESS(status)      ((NTSTATUS)(status)>=0)
  6. typedef enum _SYSTEM_INFORMATION_CLASS     //    Q S
  7. {
  8.     SystemBasicInformation,                // 00 Y N
  9.     SystemProcessorInformation,            // 01 Y N
  10.     SystemPerformanceInformation,          // 02 Y N
  11.     SystemTimeOfDayInformation,            // 03 Y N
  12.     SystemNotImplemented1,                 // 04 Y N
  13.     SystemProcessesAndThreadsInformation,  // 05 Y N
  14.     SystemCallCounts,                      // 06 Y N
  15.     SystemConfigurationInformation,        // 07 Y N
  16.     SystemProcessorTimes,                  // 08 Y N
  17.     SystemGlobalFlag,                      // 09 Y Y
  18.     SystemNotImplemented2,                 // 10 Y N
  19.     SystemModuleInformation,               // 11 Y N
  20.     SystemLockInformation,                 // 12 Y N
  21.     SystemNotImplemented3,                 // 13 Y N
  22.     SystemNotImplemented4,                 // 14 Y N
  23.     SystemNotImplemented5,                 // 15 Y N
  24.     SystemHandleInformation,               // 16 Y N
  25.     SystemObjectInformation,               // 17 Y N
  26.     SystemPagefileInformation,             // 18 Y N
  27.     SystemInstructionEmulationCounts,      // 19 Y N
  28.     SystemInvalidInfoClass1,               // 20
  29.     SystemCacheInformation,                // 21 Y Y
  30.     SystemPoolTagInformation,              // 22 Y N
  31.     SystemProcessorStatistics,             // 23 Y N
  32.     SystemDpcInformation,                  // 24 Y Y
  33.     SystemNotImplemented6,                 // 25 Y N
  34.     SystemLoadImage,                       // 26 N Y
  35.     SystemUnloadImage,                     // 27 N Y
  36.     SystemTimeAdjustment,                  // 28 Y Y
  37.     SystemNotImplemented7,                 // 29 Y N
  38.     SystemNotImplemented8,                 // 30 Y N
  39.     SystemNotImplemented9,                 // 31 Y N
  40.     SystemCrashDumpInformation,            // 32 Y N
  41.     SystemExceptionInformation,            // 33 Y N
  42.     SystemCrashDumpStateInformation,       // 34 Y Y/N
  43.     SystemKernelDebuggerInformation,       // 35 Y N
  44.     SystemContextSwitchInformation,        // 36 Y N
  45.     SystemRegistryQuotaInformation,        // 37 Y Y
  46.     SystemLoadAndCallImage,                // 38 N Y
  47.     SystemPrioritySeparation,              // 39 N Y
  48.     SystemNotImplemented10,                // 40 Y N
  49.     SystemNotImplemented11,                // 41 Y N
  50.     SystemInvalidInfoClass2,               // 42
  51.     SystemInvalidInfoClass3,               // 43
  52.     SystemTimeZoneInformation,             // 44 Y N
  53.     SystemLookasideInformation,            // 45 Y N
  54.     SystemSetTimeSlipEvent,                // 46 N Y
  55.     SystemCreateSession,                   // 47 N Y
  56.     SystemDeleteSession,                   // 48 N Y
  57.     SystemInvalidInfoClass4,               // 49
  58.     SystemRangeStartInformation,           // 50 Y N
  59.     SystemVerifierInformation,             // 51 Y Y
  60.     SystemAddVerifier,                     // 52 N Y
  61.     SystemSessionProcessesInformation      // 53 Y N
  62. } SYSTEM_INFORMATION_CLASS;
  64. typedef struct _SYSTEM_MODULE_INFORMATION  // Information Class 11
  65. {
  66.     ULONG  Reserved[2];
  67.     PVOID  Base;
  68.     ULONG  Size;
  69.     ULONG  Flags;
  70.     USHORT Index;
  71.     USHORT Unknown;
  72.     USHORT LoadCount;
  73.     USHORT ModuleNameOffset;
  74.     CHAR   ImageName[256];
  75. } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
  76. typedef struct _SYSTEM_HANDLE_INFORMATION 
  77. {
  78. ULONG ProcessId;
  79. UCHAR ObjectTypeNumber;
  80. UCHAR Flags;
  81. USHORT Handle;
  82. ULONG Object;
  83. ACCESS_MASK GrantedAccess;
  84. }SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
  85. typedef struct _CLIENT_ID
  86. {
  87. HANDLE  UniqueProcess;
  88. HANDLE  UniqueThread;
  89. }CLIENT_ID,*PCLIENT_ID;
  90. typedef struct _UNICODE_STRING {
  91.   USHORT  Length;
  92.   USHORT  MaximumLength;
  93.   PWSTR  Buffer;
  94. } UNICODE_STRING, *PUNICODE_STRING;
  95. typedef struct _OBJECT_ATTRIBUTES {
  96.     ULONG  Length;
  97.     HANDLE  RootDirectory;
  98.     PUNICODE_STRING  ObjectName;
  99.     ULONG  Attributes;
  100.     PVOID  SecurityDescriptor;
  101.     PVOID  SecurityQualityOfService;
  102. } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
  103. typedef struct _SYSTEM_HANDLE_INFORMATION_EX 
  104. {
  105. ULONG NumberOfHandles;
  106. SYSTEM_HANDLE_INFORMATION Information[1];
  107. }SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;
  108. typedef 
  109. NTSTATUS 
  110. ( __stdcall *ZWQUERYSYSTEMINFORMATION ) 
  111.                                       ( 
  112.   IN SYSTEM_INFORMATION_CLASS SystemInformationClass, 
  113.   IN OUT PVOID SystemInformation, 
  114.   IN ULONG SystemInformationLength, 
  115.   OUT PULONG ReturnLength OPTIONAL 
  116.   );
  118. static ZWQUERYSYSTEMINFORMATION ZwQuerySystemInformation = NULL;
  119. #define STATUS_INFO_LENGTH_MISMATCH  0xC0000004
  120. typedef struct _TIME_FIELDS {
  121.     short  Year;        // range [1601...]
  122.     short  Month;       // range [1..12]
  123.     short  Day;         // range [1..31]
  124.     short  Hour;        // range [0..23]
  125.     short  Minute;      // range [0..59]
  126.     short  Second;      // range [0..59]
  127.     short  Milliseconds;// range [0..999]
  128.     short  Weekday;     // range [0..6] == [Sunday..Saturday]
  129. } TIME_FIELDS;
  130. //typedef TIME_FIELDS *PTIME_FIELDS;
  131. typedef struct _DIRECTORY_INFO{
  132.        char FileName[50];      
  133.    LARGE_INTEGER  AllocationSize;
  134.        TIME_FIELDS    CreationTime;
  135.         TIME_FIELDS    LastAccessTime ; 
  136. TIME_FIELDS             LastWriteTime;  
  137. TIME_FIELDS    ChangeTime; 
  138.         ULONG     FileAttributes ;    
  139. }DIRECTORY_INFO ,*PDIRECTORY_INFO ;
  140. typedef struct _IOFCOM_CODE
  141. {
  142. unsigned int  a;
  143. ULONG   b;
  144. BYTE   c;
  145. }IOFCOM_CODE,*PIOFCOM_CODE;
  148. typedef struct _PROCESS_BASIC_INFORMATION {
  149.     PVOID Reserved1;
  150.     ULONG PebBaseAddress;
  151.     PVOID Reserved2[2];
  152.     ULONG UniqueProcessId;
  153.     PVOID Reserved3;
  154. } PROCESS_BASIC_INFORMATION;
  155. typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO{
  156.         int  UniqueProcessId;
  157.         int  CreatorBackTraceIndex;
  158.         byte  ObjectTypeIndex;
  159.         byte  HandleAttributes;
  160.         int   HandleValue ;
  161.         ULONG  pObject;
  162.         ULONG GrantedAccess;
  163. }SYSTEM_HANDLE_TABLE_ENTRY_INFO,*PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
  164. typedef CONST OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES;