www.pudn.com > Process_Mo18292312142004.rar > undef.h
/*******************************************************
This file is part of Process Monitor.
Copyright (c) 2004 by Michel van Kerkhof, ( michel000@planet.nl http://home.wxs.nl/~wijk0550/ )
For more information consult the Readme file.
This program is free software; you can redistribute it
and/or modify it under the terms of the GNU
General Public License as published by the Free
Software Foundation; either version 2 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will
be useful, but WITHOUT ANY WARRANTY; without
even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU
General Public License along with this program;
if not, write to:
the Free Software Foundation, Inc.,
59 Temple Place,
Suite 330, Boston,
MA 02111-1307 USA
*******************************************************
If you like my work and you have a job for me please contact me at: michel000@planet.nl
*******************************************************/
#ifndef UNDEF_H
#define UNDEF_H
#define ANY_SIZE 1
#define MIB_TCP_STATE_DELETE_TCB 12
#define ABOVE_NORMAL_PRIORITY_CLASS 0x0008000
#define BELOW_NORMAL_PRIORITY_CLASS 0x0004000
typedef LONG NTSTATUS, *PNTSTATUS;
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
////////////////////////////////////
//SystemInformation
#define SystemProcessInformation 5
#define SystemTimeOfDayInformation 3
#define SystemHandleInformation 16
// SystemTimeOfDayInformation
typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION {
LARGE_INTEGER BootTime;
LARGE_INTEGER CurrentTime;
LARGE_INTEGER TimeZoneBias;
ULONG CurrentTimeZoneId;
} SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION;
//SystemProcessInformation
typedef struct {
ULONG NextEntryOffset;
ULONG NumberOfThreads;
LARGE_INTEGER SpareLi1;
LARGE_INTEGER SpareLi2;
LARGE_INTEGER SpareLi3;
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ImageName;
LONG BasePriority;
HANDLE UniqueProcessId;
HANDLE InheritedFromUniqueProcessId;
ULONG HandleCount;
ULONG SessionId;
ULONG SpareUl3;
SIZE_T PeakVirtualSize;
SIZE_T VirtualSize;
ULONG PageFaultCount;
ULONG PeakWorkingSetSize;
ULONG WorkingSetSize;
SIZE_T QuotaPeakPagedPoolUsage;
SIZE_T QuotaPagedPoolUsage;
SIZE_T QuotaPeakNonPagedPoolUsage;
SIZE_T QuotaNonPagedPoolUsage;
SIZE_T PagefileUsage;
SIZE_T PeakPagefileUsage;
SIZE_T PrivatePageCount;
LARGE_INTEGER ReadOperationCount;
LARGE_INTEGER WriteOperationCount;
LARGE_INTEGER OtherOperationCount;
LARGE_INTEGER ReadTransferCount;
LARGE_INTEGER WriteTransferCount;
LARGE_INTEGER OtherTransferCount;
} SYSTEM_PROCESS_INFORMATION;
typedef NTSTATUS (WINAPI *pNtQuerySystemInformation) (
int SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
///////////////////////////////
//get username
typedef BOOLEAN (NTAPI *pWinStationGetProcessSid )(HANDLE hServer,DWORD ProcessId , FILETIME ProcessStartTime,PBYTE pProcessUserSid ,PDWORD dwSidSize);
typedef void (NTAPI *pCachedGetUserFromSid )( PSID pSid , PWCHAR pUserName,PULONG cbUserName);
///////////////////////////////
//netstat
typedef struct _MIB_TCPROW_EX
{
DWORD dwState;
DWORD dwLocalAddr;
DWORD dwLocalPort;
DWORD dwRemoteAddr;
DWORD dwRemotePort;
DWORD dwProcessId;
} MIB_TCPROW_EX, *PMIB_TCPROW_EX;
typedef struct _MIB_TCPTABLE_EX
{
DWORD dwNumEntries;
MIB_TCPROW_EX table[ANY_SIZE];
} MIB_TCPTABLE_EX, *PMIB_TCPTABLE_EX;
typedef struct _MIB_UDPROW_EX
{
DWORD dwLocalAddr;
DWORD dwLocalPort;
DWORD dwProcessId;
} MIB_UDPROW_EX, *PMIB_UDPROW_EX;
typedef struct _MIB_UDPTABLE_EX
{
DWORD dwNumEntries;
MIB_UDPROW_EX table[ANY_SIZE];
} MIB_UDPTABLE_EX, *PMIB_UDPTABLE_EX;
typedef struct _MIB_TCPROW {
DWORD dwState;
DWORD dwLocalAddr;
DWORD dwLocalPort;
DWORD dwRemoteAddr;
DWORD dwRemotePort;
} MIB_TCPROW, *PMIB_TCPROW;
typedef struct _MIB_TCPTABLE {
DWORD dwNumEntries;
MIB_TCPROW table[ANY_SIZE];
} MIB_TCPTABLE, *PMIB_TCPTABLE;
typedef struct _MIB_UDPROW {
DWORD dwLocalAddr;
DWORD dwLocalPort;
} MIB_UDPROW, *PMIB_UDPROW;
typedef struct _MIB_UDPTABLE {
DWORD dwNumEntries;
MIB_UDPROW table[ANY_SIZE];
} MIB_UDPTABLE, *PMIB_UDPTABLE;
typedef DWORD (WINAPI *pSetTcpEntry)(PMIB_TCPROW);
typedef DWORD (WINAPI *pAllocateAndGetTcpExTableFromStack)(
OUT PMIB_TCPTABLE_EX *pTcpTableEx,
IN BOOL bOrder,
IN HANDLE hAllocHeap,
IN DWORD dwAllocFlags,
IN DWORD dwProtocolVersion
);
typedef DWORD (WINAPI *pAllocateAndGetUdpExTableFromStack)(
OUT PMIB_UDPTABLE_EX *pUdpTableEx,
IN BOOL bOrder,
IN HANDLE hAllocHeap,
IN DWORD dwAllocFlags,
IN DWORD dwProtocolVersion
);
typedef enum _OBJECT_INFO_CLASS {
ObjectBasicInfo,
ObjectNameInfo,
ObjectTypeInfo,
ObjectAllTypesInfo,
ObjectProtectionInfo
} OBJECT_INFO_CLASS;
typedef struct ObjectBasicInfo_t {
char Unknown1[8];
ULONG HandleCount;
ULONG ReferenceCount;
ULONG PagedQuota;
ULONG NonPagedQuota;
char Unknown2[32];
} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
typedef struct ObjectNameInfo_t {
UNICODE_STRING ObjectName;
WCHAR ObjectNameBuffer[1];
} OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
typedef struct ObjectTypeInfo_t {
UNICODE_STRING ObjectTypeName;
char Unknown[0x58];
WCHAR ObjectTypeNameBuffer[1];
} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
typedef struct {
WORD UniqueProcessId;
WORD CreatorBackTraceIndex;
BYTE ObjectTypeIndex;
BYTE HandleAttributes;
WORD HandleValue;
LONG Object;
LONG GrantedAccess;
} SYSTEM_HANDLE_TABLE_ENTRY_INFO;
typedef struct {
DWORD NumberOfHandles;
SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles;
} SYSTEM_HANDLE_INFORMATION;
typedef NTSTATUS (WINAPI *pNTQueryObject)(
IN HANDLE ObjectHandle,
IN DWORD ObjectInformationClass,
OUT PVOID ObjectInformation,
IN ULONG ObjectInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
///////////////////////
//module and drivers
typedef NTSTATUS (NTAPI *pLdrUnloadDll)(HMODULE);
typedef BOOL (WINAPI *pEnumProcesses)( DWORD *, DWORD cb, DWORD * );
typedef BOOL (WINAPI *pEnumProcessModules)( HANDLE, HMODULE *, DWORD, LPDWORD );
typedef DWORD (WINAPI *pGetModuleFileNameEx)( HANDLE, HMODULE, LPTSTR, DWORD );
typedef BOOL (WINAPI *pEnumDeviceDrivers)(
LPVOID* lpImageBase,
DWORD cb,
LPDWORD lpcbNeeded
);
typedef DWORD (WINAPI *pGetDeviceDriverFileName)(
LPVOID ImageBase,
LPTSTR lpFilename,
DWORD nSize
);
typedef struct _MODULEINFO {
LPVOID lpBaseOfDll;
DWORD SizeOfImage;
LPVOID EntryPoint;
} MODULEINFO, *LPMODULEINFO;
typedef bool (WINAPI *pGetModuleInformation)(
HANDLE hProcess,
HMODULE hModule,
LPMODULEINFO lpmodinfo,
DWORD cb
);
//////////////////////
//file
typedef struct _IO_STATUS_BLOCK {
union {
NTSTATUS Status;
PVOID Pointer;
};
ULONG *Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
typedef DWORD (NTAPI *pNtQueryInformationFile)(
IN HANDLE hFile,
OUT PIO_STATUS_BLOCK pIoStatusBlock,
OUT PVOID FileInformationBuffer,
IN ULONG FileInformationBufferLength,
int FileInfoClass
);
///////////////////////
//process
typedef struct _PROCESS_BASIC_INFORMATION {
NTSTATUS ExitStatus;
DWORD PebBaseAddress;
ULONG AffinityMask;
long BasePriority;
ULONG UniqueProcessId;
ULONG InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
typedef NTSTATUS (NTAPI *pNtQueryInformationProcess)(
IN HANDLE hProcess,
int ProcessInfoClass,
OUT PVOID ProcessInfoBuffer,
IN ULONG ProcessInfoBufferLength,
OUT PULONG BytesReturned OPTIONAL
);
//////////////////////
//thread
typedef struct _CLIENT_ID
{
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID, *PCLIENT_ID;
typedef struct _THREAD_BASIC_INFORMATION {
NTSTATUS ExitStatus;
long TebBaseAddress;
CLIENT_ID ClientId;
long AffinityMask;
long Priority;
long BasePriority;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
typedef NTSTATUS (NTAPI *pNtQueryInformationThread)(
IN HANDLE hThread,
IN int ThreadInfoClass,
OUT PVOID ThreadInfoBuffer,
IN ULONG ThreadInfoBufferLength,
OUT PULONG BytesReturned OPTIONAL
);
typedef HANDLE (WINAPI * pOpenThread)(
DWORD dwDesiredAccess,
BOOL bInheritHandle,
DWORD dwThreadId
);
////////////////////////
////////////////////////
//services
typedef struct _SERVICE_STATUS_PROCESS {
DWORD dwServiceType;
DWORD dwCurrentState;
DWORD dwControlsAccepted;
DWORD dwWin32ExitCode;
DWORD dwServiceSpecificExitCode;
DWORD dwCheckPoint;
DWORD dwWaitHint;
DWORD dwProcessId;
DWORD dwServiceFlags;
} SERVICE_STATUS_PROCESS,*LPSERVICE_STATUS_PROCESS;
typedef struct _ENUM_SERVICE_STATUS_PROCESSA {
LPSTR lpServiceName;
LPSTR lpDisplayName;
SERVICE_STATUS_PROCESS ServiceStatusProcess;
} ENUM_SERVICE_STATUS_PROCESSA,*LPENUM_SERVICE_STATUS_PROCESSA;
typedef BOOL (WINAPI * pEnumServicesStatusExA)(
SC_HANDLE,
int,
DWORD,
DWORD,
LPBYTE,
DWORD,
LPDWORD,
LPDWORD,
LPDWORD,
LPCSTR
);
//////////////////////////////////////////
typedef DWORD (WINAPI *pSetSuspendState)(DWORD,DWORD,DWORD);
typedef int (WINAPI *pOpenRunDlg) (HWND hwndParent,
HICON hIcon,
LPCTSTR lpszWorkingDir,
LPCTSTR lpszTitle,
LPCTSTR lpszPrompt,
DWORD dwFlags);
typedef struct {
pOpenThread fOpenThread;
pNtQuerySystemInformation fNtQuerySystemInformation;
pNTQueryObject fNTQueryObject;
pNtQueryInformationProcess fNtQueryInformationProcess;
pNtQueryInformationThread fNtQueryInformationThread;
pNtQueryInformationFile fNtQueryInformationFile;
pEnumProcesses fEnumProcesses;
pEnumProcessModules fEnumProcessModules;
pGetModuleFileNameEx fGetModuleFileNameEx;
pEnumDeviceDrivers fEnumDeviceDrivers;
pGetDeviceDriverFileName fGetDeviceDriverFileName;
pGetModuleInformation fGetModuleInformation;
pSetTcpEntry fSetTcpEntry;
pAllocateAndGetTcpExTableFromStack fnAllocateAndGetTcpExTableFromStack;
pAllocateAndGetUdpExTableFromStack fnAllocateAndGetUdpExTableFromStack;
pEnumServicesStatusExA fEnumServicesStatusExA;
pWinStationGetProcessSid fWinStationGetProcessSid;
pCachedGetUserFromSid fCachedGetUserFromSid;
pSetSuspendState fSetSuspendState;
pOpenRunDlg fOpenRunDlg;
} NTAPIS;
#endif