The Tor Browser: security/sandbox/win/src/nt_internals.h@b8a032363ba2 (annotated)

security/sandbox/win/src/nt_internals.h@b8a032363ba2 (annotated)

security/sandbox/win/src/nt_internals.h

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 // This file holds definitions related to the ntdll API.
 #ifndef SANDBOX_WIN_SRC_NT_INTERNALS_H__
 #define SANDBOX_WIN_SRC_NT_INTERNALS_H__
 #include <windows.h>
 typedef LONG NTSTATUS;
 #define NT_SUCCESS(st) (st >= 0)
 #define STATUS_SUCCESS                ((NTSTATUS)0x00000000L)
 #define STATUS_BUFFER_OVERFLOW        ((NTSTATUS)0x80000005L)
 #define STATUS_UNSUCCESSFUL           ((NTSTATUS)0xC0000001L)
 #define STATUS_NOT_IMPLEMENTED        ((NTSTATUS)0xC0000002L)
 #define STATUS_INFO_LENGTH_MISMATCH   ((NTSTATUS)0xC0000004L)
 #ifndef STATUS_INVALID_PARAMETER
 // It is now defined in Windows 2008 SDK.
 #define STATUS_INVALID_PARAMETER      ((NTSTATUS)0xC000000DL)
 #endif
 #define STATUS_CONFLICTING_ADDRESSES  ((NTSTATUS)0xC0000018L)
 #define STATUS_ACCESS_DENIED          ((NTSTATUS)0xC0000022L)
 #define STATUS_BUFFER_TOO_SMALL       ((NTSTATUS)0xC0000023L)
 #define STATUS_OBJECT_NAME_NOT_FOUND  ((NTSTATUS)0xC0000034L)
 #define STATUS_PROCEDURE_NOT_FOUND    ((NTSTATUS)0xC000007AL)
 #define STATUS_INVALID_IMAGE_FORMAT   ((NTSTATUS)0xC000007BL)
 #define STATUS_NO_TOKEN               ((NTSTATUS)0xC000007CL)
 #define CURRENT_PROCESS ((HANDLE) -1)
 #define CURRENT_THREAD  ((HANDLE) -2)
 #define NtCurrentProcess CURRENT_PROCESS
 typedef struct _UNICODE_STRING {
   USHORT Length;
   USHORT MaximumLength;
   PWSTR  Buffer;
 } UNICODE_STRING;
 typedef UNICODE_STRING *PUNICODE_STRING;
 typedef const UNICODE_STRING *PCUNICODE_STRING;
 typedef struct _STRING {
   USHORT Length;
   USHORT MaximumLength;
   PCHAR Buffer;
 } STRING;
 typedef STRING *PSTRING;
 typedef STRING ANSI_STRING;
 typedef PSTRING PANSI_STRING;
 typedef CONST PSTRING PCANSI_STRING;
 typedef STRING OEM_STRING;
 typedef PSTRING POEM_STRING;
 typedef CONST STRING* PCOEM_STRING;
 #define OBJ_CASE_INSENSITIVE 0x00000040L
 typedef struct _OBJECT_ATTRIBUTES {
   ULONG Length;
   HANDLE RootDirectory;
   PUNICODE_STRING ObjectName;
   ULONG Attributes;
   PVOID SecurityDescriptor;
   PVOID SecurityQualityOfService;
 } OBJECT_ATTRIBUTES;
 typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
 #define InitializeObjectAttributes(p, n, a, r, s) { \
   (p)->Length = sizeof(OBJECT_ATTRIBUTES);\
   (p)->RootDirectory = r;\
   (p)->Attributes = a;\
   (p)->ObjectName = n;\
   (p)->SecurityDescriptor = s;\
   (p)->SecurityQualityOfService = NULL;\
 }
 typedef struct _IO_STATUS_BLOCK {
   union {
     NTSTATUS Status;
     PVOID Pointer;
   };
   ULONG_PTR Information;
 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
 // -----------------------------------------------------------------------
 // File IO
 // Create disposition values.
 #define FILE_SUPERSEDE                          0x00000000
 #define FILE_OPEN                               0x00000001
 #define FILE_CREATE                             0x00000002
 #define FILE_OPEN_IF                            0x00000003
 #define FILE_OVERWRITE                          0x00000004
 #define FILE_OVERWRITE_IF                       0x00000005
 #define FILE_MAXIMUM_DISPOSITION                0x00000005
 // Create/open option flags.
 #define FILE_DIRECTORY_FILE                     0x00000001
 #define FILE_WRITE_THROUGH                      0x00000002
 #define FILE_SEQUENTIAL_ONLY                    0x00000004
 #define FILE_NO_INTERMEDIATE_BUFFERING          0x00000008
 #define FILE_SYNCHRONOUS_IO_ALERT               0x00000010
 #define FILE_SYNCHRONOUS_IO_NONALERT            0x00000020
 #define FILE_NON_DIRECTORY_FILE                 0x00000040
 #define FILE_CREATE_TREE_CONNECTION             0x00000080
 #define FILE_COMPLETE_IF_OPLOCKED               0x00000100
 #define FILE_NO_EA_KNOWLEDGE                    0x00000200
 #define FILE_OPEN_REMOTE_INSTANCE               0x00000400
 #define FILE_RANDOM_ACCESS                      0x00000800
 #define FILE_DELETE_ON_CLOSE                    0x00001000
 #define FILE_OPEN_BY_FILE_ID                    0x00002000
 #define FILE_OPEN_FOR_BACKUP_INTENT             0x00004000
 #define FILE_NO_COMPRESSION                     0x00008000
 #define FILE_RESERVE_OPFILTER                   0x00100000
 #define FILE_OPEN_REPARSE_POINT                 0x00200000
 #define FILE_OPEN_NO_RECALL                     0x00400000
 #define FILE_OPEN_FOR_FREE_SPACE_QUERY          0x00800000
 typedef NTSTATUS (WINAPI *NtCreateFileFunction)(
   OUT PHANDLE FileHandle,
   IN ACCESS_MASK DesiredAccess,
   IN POBJECT_ATTRIBUTES ObjectAttributes,
   OUT PIO_STATUS_BLOCK IoStatusBlock,
   IN PLARGE_INTEGER AllocationSize OPTIONAL,
   IN ULONG FileAttributes,
   IN ULONG ShareAccess,
   IN ULONG CreateDisposition,
   IN ULONG CreateOptions,
   IN PVOID EaBuffer OPTIONAL,
   IN ULONG EaLength);
 typedef NTSTATUS (WINAPI *NtOpenFileFunction)(
   OUT PHANDLE FileHandle,
   IN ACCESS_MASK DesiredAccess,
   IN POBJECT_ATTRIBUTES ObjectAttributes,
   OUT PIO_STATUS_BLOCK IoStatusBlock,
   IN ULONG ShareAccess,
   IN ULONG OpenOptions);
 typedef NTSTATUS (WINAPI *NtCloseFunction)(
   IN HANDLE Handle);
 typedef enum _FILE_INFORMATION_CLASS {
   FileRenameInformation = 10
 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
 typedef struct _FILE_RENAME_INFORMATION {
   BOOLEAN ReplaceIfExists;
   HANDLE RootDirectory;
   ULONG FileNameLength;
   WCHAR FileName[1];
 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
 typedef NTSTATUS (WINAPI *NtSetInformationFileFunction)(
   IN HANDLE FileHandle,
   OUT PIO_STATUS_BLOCK IoStatusBlock,
   IN PVOID FileInformation,
   IN ULONG Length,
   IN FILE_INFORMATION_CLASS FileInformationClass);
 typedef struct FILE_BASIC_INFORMATION {
   LARGE_INTEGER CreationTime;
   LARGE_INTEGER LastAccessTime;
   LARGE_INTEGER LastWriteTime;
   LARGE_INTEGER ChangeTime;
   ULONG FileAttributes;
 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
 typedef NTSTATUS (WINAPI *NtQueryAttributesFileFunction)(
   IN POBJECT_ATTRIBUTES ObjectAttributes,
   OUT PFILE_BASIC_INFORMATION FileAttributes);
 typedef struct _FILE_NETWORK_OPEN_INFORMATION {
   LARGE_INTEGER CreationTime;
   LARGE_INTEGER LastAccessTime;
   LARGE_INTEGER LastWriteTime;
   LARGE_INTEGER ChangeTime;
   LARGE_INTEGER AllocationSize;
   LARGE_INTEGER EndOfFile;
   ULONG FileAttributes;
 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
 typedef NTSTATUS (WINAPI *NtQueryFullAttributesFileFunction)(
   IN POBJECT_ATTRIBUTES ObjectAttributes,
   OUT PFILE_NETWORK_OPEN_INFORMATION FileAttributes);
 // -----------------------------------------------------------------------
 // Sections
 typedef NTSTATUS (WINAPI *NtCreateSectionFunction)(
   OUT PHANDLE SectionHandle,
   IN ACCESS_MASK DesiredAccess,
   IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
   IN PLARGE_INTEGER MaximumSize OPTIONAL,
   IN ULONG SectionPageProtection,
   IN ULONG AllocationAttributes,
   IN HANDLE FileHandle OPTIONAL);
 typedef ULONG SECTION_INHERIT;
 #define ViewShare 1
 #define ViewUnmap 2
 typedef NTSTATUS (WINAPI *NtMapViewOfSectionFunction)(
   IN HANDLE SectionHandle,
   IN HANDLE ProcessHandle,
   IN OUT PVOID *BaseAddress,
   IN ULONG_PTR ZeroBits,
   IN SIZE_T CommitSize,
   IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
   IN OUT PSIZE_T ViewSize,
   IN SECTION_INHERIT InheritDisposition,
   IN ULONG AllocationType,
   IN ULONG Win32Protect);
 typedef NTSTATUS (WINAPI *NtUnmapViewOfSectionFunction)(
   IN HANDLE ProcessHandle,
   IN PVOID BaseAddress);
 typedef enum _SECTION_INFORMATION_CLASS {
   SectionBasicInformation = 0,
   SectionImageInformation
 } SECTION_INFORMATION_CLASS;
 typedef struct _SECTION_BASIC_INFORMATION {
   PVOID BaseAddress;
   ULONG Attributes;
   LARGE_INTEGER Size;
 } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
 typedef NTSTATUS (WINAPI *NtQuerySectionFunction)(
   IN HANDLE SectionHandle,
   IN SECTION_INFORMATION_CLASS SectionInformationClass,
   OUT PVOID SectionInformation,
   IN SIZE_T SectionInformationLength,
   OUT PSIZE_T ReturnLength OPTIONAL);
 // -----------------------------------------------------------------------
 // Process and Thread
 typedef struct _CLIENT_ID {
   PVOID UniqueProcess;
   PVOID UniqueThread;
 } CLIENT_ID, *PCLIENT_ID;
 typedef NTSTATUS (WINAPI *NtOpenThreadFunction) (
   OUT PHANDLE ThreadHandle,
   IN ACCESS_MASK DesiredAccess,
   IN POBJECT_ATTRIBUTES ObjectAttributes,
   IN PCLIENT_ID ClientId);
 typedef NTSTATUS (WINAPI *NtOpenProcessFunction) (
   OUT PHANDLE ProcessHandle,
   IN ACCESS_MASK DesiredAccess,
   IN POBJECT_ATTRIBUTES ObjectAttributes,
   IN PCLIENT_ID ClientId);
 typedef enum _NT_THREAD_INFORMATION_CLASS {
   ThreadBasicInformation,
   ThreadTimes,
   ThreadPriority,
   ThreadBasePriority,
   ThreadAffinityMask,
   ThreadImpersonationToken,
   ThreadDescriptorTableEntry,
   ThreadEnableAlignmentFaultFixup,
   ThreadEventPair,
   ThreadQuerySetWin32StartAddress,
   ThreadZeroTlsCell,
   ThreadPerformanceCount,
   ThreadAmILastThread,
   ThreadIdealProcessor,
   ThreadPriorityBoost,
   ThreadSetTlsArrayAddress,
   ThreadIsIoPending,
   ThreadHideFromDebugger
 } NT_THREAD_INFORMATION_CLASS, *PNT_THREAD_INFORMATION_CLASS;
 typedef NTSTATUS (WINAPI *NtSetInformationThreadFunction) (
   IN HANDLE ThreadHandle,
   IN NT_THREAD_INFORMATION_CLASS ThreadInformationClass,
   IN PVOID ThreadInformation,
   IN ULONG ThreadInformationLength);
 // Partial definition only:
 typedef enum _PROCESSINFOCLASS {
   ProcessBasicInformation = 0,
   ProcessExecuteFlags = 0x22
 } PROCESSINFOCLASS;
 typedef PVOID PPEB;
 typedef PVOID KPRIORITY;
 typedef struct _PROCESS_BASIC_INFORMATION {
   NTSTATUS ExitStatus;
   PPEB PebBaseAddress;
   KAFFINITY AffinityMask;
   KPRIORITY BasePriority;
   ULONG UniqueProcessId;
   ULONG InheritedFromUniqueProcessId;
 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
 typedef NTSTATUS (WINAPI *NtQueryInformationProcessFunction)(
   IN HANDLE ProcessHandle,
   IN PROCESSINFOCLASS ProcessInformationClass,
   OUT PVOID ProcessInformation,
   IN ULONG ProcessInformationLength,
   OUT PULONG ReturnLength OPTIONAL);
 typedef NTSTATUS (WINAPI *NtSetInformationProcessFunction)(
   HANDLE ProcessHandle,
   IN PROCESSINFOCLASS ProcessInformationClass,
   IN PVOID ProcessInformation,
   IN ULONG ProcessInformationLength);
 typedef NTSTATUS (WINAPI *NtOpenThreadTokenFunction) (
   IN HANDLE ThreadHandle,
   IN ACCESS_MASK DesiredAccess,
   IN BOOLEAN OpenAsSelf,
   OUT PHANDLE TokenHandle);
 typedef NTSTATUS (WINAPI *NtOpenThreadTokenExFunction) (
   IN HANDLE ThreadHandle,
   IN ACCESS_MASK DesiredAccess,
   IN BOOLEAN OpenAsSelf,
   IN ULONG HandleAttributes,
   OUT PHANDLE TokenHandle);
 typedef NTSTATUS (WINAPI *NtOpenProcessTokenFunction) (
   IN HANDLE ProcessHandle,
   IN ACCESS_MASK DesiredAccess,
   OUT PHANDLE TokenHandle);
 typedef NTSTATUS (WINAPI *NtOpenProcessTokenExFunction) (
   IN HANDLE ProcessHandle,
   IN ACCESS_MASK DesiredAccess,
   IN ULONG HandleAttributes,
   OUT PHANDLE TokenHandle);
 typedef NTSTATUS (WINAPI * RtlCreateUserThreadFunction)(
   IN HANDLE Process,
   IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
   IN BOOLEAN CreateSuspended,
   IN ULONG ZeroBits,
   IN SIZE_T MaximumStackSize,
   IN SIZE_T CommittedStackSize,
   IN LPTHREAD_START_ROUTINE StartAddress,
   IN PVOID Parameter,
   OUT PHANDLE Thread,
   OUT PCLIENT_ID ClientId);
 // -----------------------------------------------------------------------
 // Registry
 typedef NTSTATUS (WINAPI *NtCreateKeyFunction)(
   OUT PHANDLE KeyHandle,
   IN ACCESS_MASK DesiredAccess,
   IN POBJECT_ATTRIBUTES ObjectAttributes,
   IN ULONG TitleIndex,
   IN PUNICODE_STRING Class OPTIONAL,
   IN ULONG CreateOptions,
   OUT PULONG Disposition OPTIONAL);
 typedef NTSTATUS (WINAPI *NtOpenKeyFunction)(
   OUT PHANDLE KeyHandle,
   IN ACCESS_MASK DesiredAccess,
   IN POBJECT_ATTRIBUTES ObjectAttributes);
 typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)(
   OUT PHANDLE KeyHandle,
   IN ACCESS_MASK DesiredAccess,
   IN POBJECT_ATTRIBUTES ObjectAttributes,
   IN DWORD open_options);
 typedef NTSTATUS (WINAPI *NtDeleteKeyFunction)(
   IN HANDLE KeyHandle);
 // -----------------------------------------------------------------------
 // Memory
 // Don't really need this structure right now.
 typedef PVOID PRTL_HEAP_PARAMETERS;
 typedef PVOID (WINAPI *RtlCreateHeapFunction)(
   IN ULONG Flags,
   IN PVOID HeapBase OPTIONAL,
   IN SIZE_T ReserveSize OPTIONAL,
   IN SIZE_T CommitSize OPTIONAL,
   IN PVOID Lock OPTIONAL,
   IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL);
 typedef PVOID (WINAPI *RtlDestroyHeapFunction)(
   IN PVOID HeapHandle);
 typedef PVOID (WINAPI *RtlAllocateHeapFunction)(
   IN PVOID HeapHandle,
   IN ULONG Flags,
   IN SIZE_T Size);
 typedef BOOLEAN (WINAPI *RtlFreeHeapFunction)(
   IN PVOID HeapHandle,
   IN ULONG Flags,
   IN PVOID HeapBase);
 typedef NTSTATUS (WINAPI *NtAllocateVirtualMemoryFunction) (
   IN HANDLE ProcessHandle,
   IN OUT PVOID *BaseAddress,
   IN ULONG_PTR ZeroBits,
   IN OUT PSIZE_T RegionSize,
   IN ULONG AllocationType,
   IN ULONG Protect);
 typedef NTSTATUS (WINAPI *NtFreeVirtualMemoryFunction) (
   IN HANDLE ProcessHandle,
   IN OUT PVOID *BaseAddress,
   IN OUT PSIZE_T RegionSize,
   IN ULONG FreeType);
 typedef enum _MEMORY_INFORMATION_CLASS {
   MemoryBasicInformation = 0,
   MemoryWorkingSetList,
   MemorySectionName,
   MemoryBasicVlmInformation
 } MEMORY_INFORMATION_CLASS;
 typedef struct _MEMORY_SECTION_NAME {  // Information Class 2
   UNICODE_STRING SectionFileName;
 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
 typedef NTSTATUS (WINAPI *NtQueryVirtualMemoryFunction)(
   IN HANDLE ProcessHandle,
   IN PVOID BaseAddress,
   IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
   OUT PVOID MemoryInformation,
   IN ULONG MemoryInformationLength,
   OUT PULONG ReturnLength OPTIONAL);
 typedef NTSTATUS (WINAPI *NtProtectVirtualMemoryFunction)(
   IN HANDLE ProcessHandle,
   IN OUT PVOID* BaseAddress,
   IN OUT PSIZE_T ProtectSize,
   IN ULONG NewProtect,
   OUT PULONG OldProtect);
 // -----------------------------------------------------------------------
 // Objects
 typedef enum _OBJECT_INFORMATION_CLASS {
   ObjectBasicInformation,
   ObjectNameInformation,
   ObjectTypeInformation,
   ObjectAllInformation,
   ObjectDataInformation
 } OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
 typedef struct _OBJDIR_INFORMATION {
   UNICODE_STRING ObjectName;
   UNICODE_STRING ObjectTypeName;
   BYTE Data[1];
 } OBJDIR_INFORMATION;
 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
   ULONG Attributes;
   ACCESS_MASK GrantedAccess;
   ULONG HandleCount;
   ULONG PointerCount;
   ULONG Reserved[10];    // reserved for internal use
 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
 typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION {
   UNICODE_STRING TypeName;
   ULONG Reserved[22];    // reserved for internal use
 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
 typedef enum _POOL_TYPE {
   NonPagedPool,
   PagedPool,
   NonPagedPoolMustSucceed,
   ReservedType,
   NonPagedPoolCacheAligned,
   PagedPoolCacheAligned,
   NonPagedPoolCacheAlignedMustS
 } POOL_TYPE;
 typedef struct _OBJECT_BASIC_INFORMATION {
   ULONG Attributes;
   ACCESS_MASK GrantedAccess;
   ULONG HandleCount;
   ULONG PointerCount;
   ULONG PagedPoolUsage;
   ULONG NonPagedPoolUsage;
   ULONG Reserved[3];
   ULONG NameInformationLength;
   ULONG TypeInformationLength;
   ULONG SecurityDescriptorLength;
   LARGE_INTEGER CreateTime;
 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
 typedef struct _OBJECT_TYPE_INFORMATION {
   UNICODE_STRING Name;
   ULONG TotalNumberOfObjects;
   ULONG TotalNumberOfHandles;
   ULONG TotalPagedPoolUsage;
   ULONG TotalNonPagedPoolUsage;
   ULONG TotalNamePoolUsage;
   ULONG TotalHandleTableUsage;
   ULONG HighWaterNumberOfObjects;
   ULONG HighWaterNumberOfHandles;
   ULONG HighWaterPagedPoolUsage;
   ULONG HighWaterNonPagedPoolUsage;
   ULONG HighWaterNamePoolUsage;
   ULONG HighWaterHandleTableUsage;
   ULONG InvalidAttributes;
   GENERIC_MAPPING GenericMapping;
   ULONG ValidAccess;
   BOOLEAN SecurityRequired;
   BOOLEAN MaintainHandleCount;
   USHORT MaintainTypeList;
   POOL_TYPE PoolType;
   ULONG PagedPoolUsage;
   ULONG NonPagedPoolUsage;
 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
 typedef enum _SYSTEM_INFORMATION_CLASS {
   SystemHandleInformation = 16
 } SYSTEM_INFORMATION_CLASS;
 typedef struct _SYSTEM_HANDLE_INFORMATION {
   USHORT ProcessId;
   USHORT CreatorBackTraceIndex;
   UCHAR ObjectTypeNumber;
   UCHAR Flags;
   USHORT Handle;
   PVOID Object;
   ACCESS_MASK GrantedAccess;
 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
 typedef struct _SYSTEM_HANDLE_INFORMATION_EX {
   ULONG NumberOfHandles;
   SYSTEM_HANDLE_INFORMATION Information[1];
 } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;
 typedef struct _OBJECT_NAME_INFORMATION {
   UNICODE_STRING ObjectName;
 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
 typedef NTSTATUS (WINAPI *NtQueryObjectFunction)(
   IN HANDLE Handle,
   IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
   OUT PVOID ObjectInformation OPTIONAL,
   IN ULONG ObjectInformationLength,
   OUT PULONG ReturnLength OPTIONAL);
 typedef NTSTATUS (WINAPI *NtDuplicateObjectFunction)(
   IN HANDLE SourceProcess,
   IN HANDLE SourceHandle,
   IN HANDLE TargetProcess,
   OUT PHANDLE TargetHandle,
   IN ACCESS_MASK DesiredAccess,
   IN ULONG Attributes,
   IN ULONG Options);
 typedef NTSTATUS (WINAPI *NtSignalAndWaitForSingleObjectFunction)(
   IN HANDLE HandleToSignal,
   IN HANDLE HandleToWait,
   IN BOOLEAN Alertable,
   IN PLARGE_INTEGER Timeout OPTIONAL);
 typedef NTSTATUS (WINAPI *NtQuerySystemInformation)(
   IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
   OUT PVOID SystemInformation,
   IN ULONG SystemInformationLength,
   OUT PULONG ReturnLength);
 typedef NTSTATUS (WINAPI *NtQueryObject)(
   IN HANDLE Handle,
   IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
   OUT PVOID ObjectInformation,
   IN ULONG ObjectInformationLength,
   OUT PULONG ReturnLength);
 // -----------------------------------------------------------------------
 // Strings
 typedef int (__cdecl *_strnicmpFunction)(
   IN const char* _Str1,
   IN const char* _Str2,
   IN size_t _MaxCount);
 typedef size_t  (__cdecl *strlenFunction)(
   IN const char * _Str);
 typedef size_t (__cdecl *wcslenFunction)(
   IN const wchar_t* _Str);
 typedef NTSTATUS (WINAPI *RtlAnsiStringToUnicodeStringFunction)(
   IN OUT PUNICODE_STRING  DestinationString,
   IN PANSI_STRING  SourceString,
   IN BOOLEAN  AllocateDestinationString);
 typedef LONG (WINAPI *RtlCompareUnicodeStringFunction)(
   IN PCUNICODE_STRING  String1,
   IN PCUNICODE_STRING  String2,
   IN BOOLEAN  CaseInSensitive);
 typedef VOID (WINAPI *RtlInitUnicodeStringFunction) (
   IN OUT PUNICODE_STRING DestinationString,
   IN PCWSTR SourceString);
 #endif  // SANDBOX_WIN_SRC_NT_INTERNALS_H__

The Tor Browser / annotate

security/sandbox/win/src/nt_internals.h@b8a032363ba2 (annotated)

security/sandbox/win/src/nt_internals.h