windows: add various NT APIs
In anticipation of the next commit which adds win32 pipe APIs, add some
of the foundational NT APIs for that, which will be required for making
a robust Go pipe library. Also add a simple test case.
Change-Id: I898bd6c5265a8939a7f05a24c4d9b22941dc56b7
Reviewed-on: https://go-review.googlesource.com/c/sys/+/298171
Trust: Jason A. Donenfeld <Jason@zx2c4.com>
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
diff --git a/windows/security_windows.go b/windows/security_windows.go
index 69eb462..0e428ec 100644
--- a/windows/security_windows.go
+++ b/windows/security_windows.go
@@ -908,6 +908,19 @@
dacl *ACL
}
+type SECURITY_QUALITY_OF_SERVICE struct {
+ Length uint32
+ ImpersonationLevel uint32
+ ContextTrackingMode byte
+ EffectiveOnly byte
+}
+
+// Constants for the ContextTrackingMode field of SECURITY_QUALITY_OF_SERVICE.
+const (
+ SECURITY_STATIC_TRACKING = 0
+ SECURITY_DYNAMIC_TRACKING = 1
+)
+
type SecurityAttributes struct {
Length uint32
SecurityDescriptor *SECURITY_DESCRIPTOR
diff --git a/windows/syscall_windows.go b/windows/syscall_windows.go
index 376dd07..caa96dd 100644
--- a/windows/syscall_windows.go
+++ b/windows/syscall_windows.go
@@ -375,9 +375,6 @@
//sys stringFromGUID2(rguid *GUID, lpsz *uint16, cchMax int32) (chars int32) = ole32.StringFromGUID2
//sys coCreateGuid(pguid *GUID) (ret error) = ole32.CoCreateGuid
//sys CoTaskMemFree(address unsafe.Pointer) = ole32.CoTaskMemFree
-//sys rtlNtStatusToDosErrorNoTeb(ntstatus NTStatus) (ret syscall.Errno) = ntdll.RtlNtStatusToDosErrorNoTeb
-//sys rtlGetVersion(info *OsVersionInfoEx) (ntstatus error) = ntdll.RtlGetVersion
-//sys rtlGetNtVersionNumbers(majorVersion *uint32, minorVersion *uint32, buildNumber *uint32) = ntdll.RtlGetNtVersionNumbers
//sys getProcessPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetProcessPreferredUILanguages
//sys getThreadPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetThreadPreferredUILanguages
//sys getUserPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetUserPreferredUILanguages
@@ -386,6 +383,20 @@
// Process Status API (PSAPI)
//sys EnumProcesses(processIds []uint32, bytesReturned *uint32) (err error) = psapi.EnumProcesses
+// NT Native APIs
+//sys rtlNtStatusToDosErrorNoTeb(ntstatus NTStatus) (ret syscall.Errno) = ntdll.RtlNtStatusToDosErrorNoTeb
+//sys rtlGetVersion(info *OsVersionInfoEx) (ntstatus error) = ntdll.RtlGetVersion
+//sys rtlGetNtVersionNumbers(majorVersion *uint32, minorVersion *uint32, buildNumber *uint32) = ntdll.RtlGetNtVersionNumbers
+//sys RtlGetCurrentPeb() (peb *PEB) = ntdll.RtlGetCurrentPeb
+//sys RtlInitUnicodeString(destinationString *UNICODE_STRING, sourceString *uint16) = ntdll.RtlInitUnicodeString
+//sys NtCreateFile(handle *Handle, access uint32, oa *OBJECT_ATTRIBUTES, iosb *IO_STATUS_BLOCK, allocationSize *int64, attributes uint32, share uint32, disposition uint32, options uint32, eabuffer uintptr, ealength uint32) (ntstatus error) = ntdll.NtCreateFile
+//sys NtCreateNamedPipeFile(pipe *Handle, access uint32, oa *OBJECT_ATTRIBUTES, iosb *IO_STATUS_BLOCK, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (ntstatus error) = ntdll.NtCreateNamedPipeFile
+//sys RtlDosPathNameToNtPathName(dosName *uint16, ntName *UNICODE_STRING, ntFileNamePart *uint16, relativeName *RTL_RELATIVE_NAME) (ntstatus error) = ntdll.RtlDosPathNameToNtPathName_U_WithStatus
+//sys RtlDosPathNameToRelativeNtPathName(dosName *uint16, ntName *UNICODE_STRING, ntFileNamePart *uint16, relativeName *RTL_RELATIVE_NAME) (ntstatus error) = ntdll.RtlDosPathNameToRelativeNtPathName_U_WithStatus
+//sys RtlDefaultNpAcl(acl **ACL) (ntstatus error) = ntdll.RtlDefaultNpAcl
+//sys NtQueryInformationProcess(proc Handle, procInfoClass int32, procInfo unsafe.Pointer, procInfoLen uint32, retLen *uint32) (ntstatus error) = ntdll.NtQueryInformationProcess
+//sys NtSetInformationProcess(proc Handle, procInfoClass int32, procInfo unsafe.Pointer, procInfoLen uint32) (ntstatus error) = ntdll.NtSetInformationProcess
+
// syscall interface implementation for other packages
// GetCurrentProcess returns the handle for the current process.
@@ -1533,3 +1544,31 @@
}
return string(utf16.Decode(b[:n]))
}
+
+// NewUnicodeString returns a new UNICODE_STRING structure for use with native
+// NT APIs that work over the UNICODE_STRING type. Note that most Windows APIs
+// do not use UNICODE_STRING, and instead UTF16PtrFromString should be used for
+// the more common *uint16 string type.
+func NewUnicodeString(s string) (*UNICODE_STRING, error) {
+ var u UNICODE_STRING
+ s16, err := UTF16PtrFromString(s)
+ if err != nil {
+ return nil, err
+ }
+ RtlInitUnicodeString(&u, s16)
+ return &u, nil
+}
+
+// Slice returns a uint16 slice that aliases the data in the UNICODE_STRING.
+func (s *UNICODE_STRING) Slice() []uint16 {
+ var slice []uint16
+ hdr := (*unsafeheader.Slice)(unsafe.Pointer(&slice))
+ hdr.Data = unsafe.Pointer(s.Buffer)
+ hdr.Len = int(s.Length)
+ hdr.Cap = int(s.MaximumLength)
+ return slice
+}
+
+func (s *UNICODE_STRING) String() string {
+ return UTF16ToString(s.Slice())
+}
diff --git a/windows/syscall_windows_test.go b/windows/syscall_windows_test.go
index 3431546..b625b78 100644
--- a/windows/syscall_windows_test.go
+++ b/windows/syscall_windows_test.go
@@ -536,3 +536,29 @@
t.Error("ProcThreadAttributeList was not garbage collected after a second")
}
}
+
+func TestPEBFilePath(t *testing.T) {
+ peb := windows.RtlGetCurrentPeb()
+ if peb == nil || peb.Ldr == nil {
+ t.Error("unable to retrieve PEB with valid Ldr")
+ }
+ var entry *windows.LDR_DATA_TABLE_ENTRY
+ for cur := peb.Ldr.InMemoryOrderModuleList.Flink; cur != &peb.Ldr.InMemoryOrderModuleList; cur = cur.Flink {
+ e := (*windows.LDR_DATA_TABLE_ENTRY)(unsafe.Pointer(uintptr(unsafe.Pointer(cur)) - unsafe.Offsetof(windows.LDR_DATA_TABLE_ENTRY{}.InMemoryOrderLinks)))
+ if e.DllBase == peb.ImageBaseAddress {
+ entry = e
+ break
+ }
+ }
+ if entry == nil {
+ t.Error("unable to find Ldr entry for current process")
+ }
+ osPath, err := os.Executable()
+ if err != nil {
+ t.Errorf("unable to get path to current executable: %v", err)
+ }
+ pebPath := entry.FullDllName.String()
+ if osPath != pebPath {
+ t.Errorf("expected os.Executable() to return same value as peb.Ldr.{entry}.FullDllName - want %#q; got %#q", osPath, pebPath)
+ }
+}
diff --git a/windows/types_windows.go b/windows/types_windows.go
index abefd93..6712802 100644
--- a/windows/types_windows.go
+++ b/windows/types_windows.go
@@ -2276,3 +2276,275 @@
WriteTotalTimeoutMultiplier uint32
WriteTotalTimeoutConstant uint32
}
+
+type UNICODE_STRING struct {
+ Length uint16
+ MaximumLength uint16
+ Buffer *uint16
+}
+
+type LIST_ENTRY struct {
+ Flink *LIST_ENTRY
+ Blink *LIST_ENTRY
+}
+
+type LDR_DATA_TABLE_ENTRY struct {
+ reserved1 [2]uintptr
+ InMemoryOrderLinks LIST_ENTRY
+ reserved2 [2]uintptr
+ DllBase uintptr
+ reserved3 [2]uintptr
+ FullDllName UNICODE_STRING
+ reserved4 [8]byte
+ reserved5 [3]uintptr
+ reserved6 uintptr
+ TimeDateStamp uint32
+}
+
+type PEB_LDR_DATA struct {
+ reserved1 [8]byte
+ reserved2 [3]uintptr
+ InMemoryOrderModuleList LIST_ENTRY
+}
+
+type PEB struct {
+ reserved1 [2]byte
+ BeingDebugged byte
+ BitField byte
+ reserved3 uintptr
+ ImageBaseAddress uintptr
+ Ldr *PEB_LDR_DATA
+ ProcessParameters uintptr
+ reserved4 [3]uintptr
+ AtlThunkSListPtr uintptr
+ reserved5 uintptr
+ reserved6 uint32
+ reserved7 uintptr
+ reserved8 uint32
+ AtlThunkSListPtr32 uint32
+ reserved9 [45]uintptr
+ reserved10 [96]byte
+ PostProcessInitRoutine uintptr
+ reserved11 [128]byte
+ reserved12 [1]uintptr
+ SessionId uint32
+}
+
+type OBJECT_ATTRIBUTES struct {
+ Length uint32
+ RootDirectory Handle
+ ObjectName *UNICODE_STRING
+ Attributes uint32
+ SecurityDescriptor *SECURITY_DESCRIPTOR
+ SecurityQoS *SECURITY_QUALITY_OF_SERVICE
+}
+
+// Values for the Attributes member of OBJECT_ATTRIBUTES.
+const (
+ OBJ_INHERIT = 0x00000002
+ OBJ_PERMANENT = 0x00000010
+ OBJ_EXCLUSIVE = 0x00000020
+ OBJ_CASE_INSENSITIVE = 0x00000040
+ OBJ_OPENIF = 0x00000080
+ OBJ_OPENLINK = 0x00000100
+ OBJ_KERNEL_HANDLE = 0x00000200
+ OBJ_FORCE_ACCESS_CHECK = 0x00000400
+ OBJ_IGNORE_IMPERSONATED_DEVICEMAP = 0x00000800
+ OBJ_DONT_REPARSE = 0x00001000
+ OBJ_VALID_ATTRIBUTES = 0x00001FF2
+)
+
+type IO_STATUS_BLOCK struct {
+ Status NTStatus
+ Information uintptr
+}
+
+type RTLP_CURDIR_REF struct {
+ RefCount int32
+ Handle Handle
+}
+
+type RTL_RELATIVE_NAME struct {
+ RelativeName UNICODE_STRING
+ ContainingDirectory Handle
+ CurDirRef *RTLP_CURDIR_REF
+}
+
+const (
+ // CreateDisposition flags for NtCreateFile and NtCreateNamedPipeFile.
+ FILE_SUPERSEDE = 0x00000000
+ FILE_OPEN = 0x00000001
+ FILE_CREATE = 0x00000002
+ FILE_OPEN_IF = 0x00000003
+ FILE_OVERWRITE = 0x00000004
+ FILE_OVERWRITE_IF = 0x00000005
+ FILE_MAXIMUM_DISPOSITION = 0x00000005
+
+ // CreateOptions flags for NtCreateFile and NtCreateNamedPipeFile.
+ FILE_DIRECTORY_FILE = 0x00000001
+ FILE_WRITE_THROUGH = 0x00000002
+ FILE_SEQUENTIAL_ONLY = 0x00000004
+ FILE_NO_INTERMEDIATE_BUFFERING = 0x00000008
+ FILE_SYNCHRONOUS_IO_ALERT = 0x00000010
+ FILE_SYNCHRONOUS_IO_NONALERT = 0x00000020
+ FILE_NON_DIRECTORY_FILE = 0x00000040
+ FILE_CREATE_TREE_CONNECTION = 0x00000080
+ FILE_COMPLETE_IF_OPLOCKED = 0x00000100
+ FILE_NO_EA_KNOWLEDGE = 0x00000200
+ FILE_OPEN_REMOTE_INSTANCE = 0x00000400
+ FILE_RANDOM_ACCESS = 0x00000800
+ FILE_DELETE_ON_CLOSE = 0x00001000
+ FILE_OPEN_BY_FILE_ID = 0x00002000
+ FILE_OPEN_FOR_BACKUP_INTENT = 0x00004000
+ FILE_NO_COMPRESSION = 0x00008000
+ FILE_OPEN_REQUIRING_OPLOCK = 0x00010000
+ FILE_DISALLOW_EXCLUSIVE = 0x00020000
+ FILE_RESERVE_OPFILTER = 0x00100000
+ FILE_OPEN_REPARSE_POINT = 0x00200000
+ FILE_OPEN_NO_RECALL = 0x00400000
+ FILE_OPEN_FOR_FREE_SPACE_QUERY = 0x00800000
+
+ // Parameter constants for NtCreateNamedPipeFile.
+
+ FILE_PIPE_BYTE_STREAM_TYPE = 0x00000000
+ FILE_PIPE_MESSAGE_TYPE = 0x00000001
+
+ FILE_PIPE_ACCEPT_REMOTE_CLIENTS = 0x00000000
+ FILE_PIPE_REJECT_REMOTE_CLIENTS = 0x00000002
+
+ FILE_PIPE_TYPE_VALID_MASK = 0x00000003
+
+ FILE_PIPE_BYTE_STREAM_MODE = 0x00000000
+ FILE_PIPE_MESSAGE_MODE = 0x00000001
+
+ FILE_PIPE_QUEUE_OPERATION = 0x00000000
+ FILE_PIPE_COMPLETE_OPERATION = 0x00000001
+
+ FILE_PIPE_INBOUND = 0x00000000
+ FILE_PIPE_OUTBOUND = 0x00000001
+ FILE_PIPE_FULL_DUPLEX = 0x00000002
+
+ FILE_PIPE_DISCONNECTED_STATE = 0x00000001
+ FILE_PIPE_LISTENING_STATE = 0x00000002
+ FILE_PIPE_CONNECTED_STATE = 0x00000003
+ FILE_PIPE_CLOSING_STATE = 0x00000004
+
+ FILE_PIPE_CLIENT_END = 0x00000000
+ FILE_PIPE_SERVER_END = 0x00000001
+)
+
+// ProcessInformationClasses for NtQueryInformationProcess and NtSetInformationProcess.
+const (
+ ProcessBasicInformation = iota
+ ProcessQuotaLimits
+ ProcessIoCounters
+ ProcessVmCounters
+ ProcessTimes
+ ProcessBasePriority
+ ProcessRaisePriority
+ ProcessDebugPort
+ ProcessExceptionPort
+ ProcessAccessToken
+ ProcessLdtInformation
+ ProcessLdtSize
+ ProcessDefaultHardErrorMode
+ ProcessIoPortHandlers
+ ProcessPooledUsageAndLimits
+ ProcessWorkingSetWatch
+ ProcessUserModeIOPL
+ ProcessEnableAlignmentFaultFixup
+ ProcessPriorityClass
+ ProcessWx86Information
+ ProcessHandleCount
+ ProcessAffinityMask
+ ProcessPriorityBoost
+ ProcessDeviceMap
+ ProcessSessionInformation
+ ProcessForegroundInformation
+ ProcessWow64Information
+ ProcessImageFileName
+ ProcessLUIDDeviceMapsEnabled
+ ProcessBreakOnTermination
+ ProcessDebugObjectHandle
+ ProcessDebugFlags
+ ProcessHandleTracing
+ ProcessIoPriority
+ ProcessExecuteFlags
+ ProcessResourceManagement
+ ProcessCookie
+ ProcessImageInformation
+ ProcessCycleTime
+ ProcessPagePriority
+ ProcessInstrumentationCallback
+ ProcessThreadStackAllocation
+ ProcessWorkingSetWatchEx
+ ProcessImageFileNameWin32
+ ProcessImageFileMapping
+ ProcessAffinityUpdateMode
+ ProcessMemoryAllocationMode
+ ProcessGroupInformation
+ ProcessTokenVirtualizationEnabled
+ ProcessConsoleHostProcess
+ ProcessWindowInformation
+ ProcessHandleInformation
+ ProcessMitigationPolicy
+ ProcessDynamicFunctionTableInformation
+ ProcessHandleCheckingMode
+ ProcessKeepAliveCount
+ ProcessRevokeFileHandles
+ ProcessWorkingSetControl
+ ProcessHandleTable
+ ProcessCheckStackExtentsMode
+ ProcessCommandLineInformation
+ ProcessProtectionInformation
+ ProcessMemoryExhaustion
+ ProcessFaultInformation
+ ProcessTelemetryIdInformation
+ ProcessCommitReleaseInformation
+ ProcessDefaultCpuSetsInformation
+ ProcessAllowedCpuSetsInformation
+ ProcessSubsystemProcess
+ ProcessJobMemoryInformation
+ ProcessInPrivate
+ ProcessRaiseUMExceptionOnInvalidHandleClose
+ ProcessIumChallengeResponse
+ ProcessChildProcessInformation
+ ProcessHighGraphicsPriorityInformation
+ ProcessSubsystemInformation
+ ProcessEnergyValues
+ ProcessActivityThrottleState
+ ProcessActivityThrottlePolicy
+ ProcessWin32kSyscallFilterInformation
+ ProcessDisableSystemAllowedCpuSets
+ ProcessWakeInformation
+ ProcessEnergyTrackingState
+ ProcessManageWritesToExecutableMemory
+ ProcessCaptureTrustletLiveDump
+ ProcessTelemetryCoverage
+ ProcessEnclaveInformation
+ ProcessEnableReadWriteVmLogging
+ ProcessUptimeInformation
+ ProcessImageSection
+ ProcessDebugAuthInformation
+ ProcessSystemResourceManagement
+ ProcessSequenceNumber
+ ProcessLoaderDetour
+ ProcessSecurityDomainInformation
+ ProcessCombineSecurityDomainsInformation
+ ProcessEnableLogging
+ ProcessLeapSecondInformation
+ ProcessFiberShadowStackAllocation
+ ProcessFreeFiberShadowStackAllocation
+ ProcessAltSystemCallInformation
+ ProcessDynamicEHContinuationTargets
+ ProcessDynamicEnforcedCetCompatibleRanges
+)
+
+type PROCESS_BASIC_INFORMATION struct {
+ ExitStatus NTStatus
+ PebBaseAddress *PEB
+ AffinityMask uintptr
+ BasePriority int32
+ UniqueProcessId Handle
+ InheritedFromUniqueProcessId Handle
+}
diff --git a/windows/zsyscall_windows.go b/windows/zsyscall_windows.go
index 6f16452..ac22184 100644
--- a/windows/zsyscall_windows.go
+++ b/windows/zsyscall_windows.go
@@ -344,8 +344,17 @@
procNetApiBufferFree = modnetapi32.NewProc("NetApiBufferFree")
procNetGetJoinInformation = modnetapi32.NewProc("NetGetJoinInformation")
procNetUserGetInfo = modnetapi32.NewProc("NetUserGetInfo")
+ procNtCreateFile = modntdll.NewProc("NtCreateFile")
+ procNtCreateNamedPipeFile = modntdll.NewProc("NtCreateNamedPipeFile")
+ procNtQueryInformationProcess = modntdll.NewProc("NtQueryInformationProcess")
+ procNtSetInformationProcess = modntdll.NewProc("NtSetInformationProcess")
+ procRtlDefaultNpAcl = modntdll.NewProc("RtlDefaultNpAcl")
+ procRtlDosPathNameToNtPathName_U_WithStatus = modntdll.NewProc("RtlDosPathNameToNtPathName_U_WithStatus")
+ procRtlDosPathNameToRelativeNtPathName_U_WithStatus = modntdll.NewProc("RtlDosPathNameToRelativeNtPathName_U_WithStatus")
+ procRtlGetCurrentPeb = modntdll.NewProc("RtlGetCurrentPeb")
procRtlGetNtVersionNumbers = modntdll.NewProc("RtlGetNtVersionNumbers")
procRtlGetVersion = modntdll.NewProc("RtlGetVersion")
+ procRtlInitUnicodeString = modntdll.NewProc("RtlInitUnicodeString")
procRtlNtStatusToDosErrorNoTeb = modntdll.NewProc("RtlNtStatusToDosErrorNoTeb")
procCLSIDFromString = modole32.NewProc("CLSIDFromString")
procCoCreateGuid = modole32.NewProc("CoCreateGuid")
@@ -2947,6 +2956,68 @@
return
}
+func NtCreateFile(handle *Handle, access uint32, oa *OBJECT_ATTRIBUTES, iosb *IO_STATUS_BLOCK, allocationSize *int64, attributes uint32, share uint32, disposition uint32, options uint32, eabuffer uintptr, ealength uint32) (ntstatus error) {
+ r0, _, _ := syscall.Syscall12(procNtCreateFile.Addr(), 11, uintptr(unsafe.Pointer(handle)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(unsafe.Pointer(allocationSize)), uintptr(attributes), uintptr(share), uintptr(disposition), uintptr(options), uintptr(eabuffer), uintptr(ealength), 0)
+ if r0 != 0 {
+ ntstatus = NTStatus(r0)
+ }
+ return
+}
+
+func NtCreateNamedPipeFile(pipe *Handle, access uint32, oa *OBJECT_ATTRIBUTES, iosb *IO_STATUS_BLOCK, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (ntstatus error) {
+ r0, _, _ := syscall.Syscall15(procNtCreateNamedPipeFile.Addr(), 14, uintptr(unsafe.Pointer(pipe)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(share), uintptr(disposition), uintptr(options), uintptr(typ), uintptr(readMode), uintptr(completionMode), uintptr(maxInstances), uintptr(inboundQuota), uintptr(outputQuota), uintptr(unsafe.Pointer(timeout)), 0)
+ if r0 != 0 {
+ ntstatus = NTStatus(r0)
+ }
+ return
+}
+
+func NtQueryInformationProcess(proc Handle, procInfoClass int32, procInfo unsafe.Pointer, procInfoLen uint32, retLen *uint32) (ntstatus error) {
+ r0, _, _ := syscall.Syscall6(procNtQueryInformationProcess.Addr(), 5, uintptr(proc), uintptr(procInfoClass), uintptr(procInfo), uintptr(procInfoLen), uintptr(unsafe.Pointer(retLen)), 0)
+ if r0 != 0 {
+ ntstatus = NTStatus(r0)
+ }
+ return
+}
+
+func NtSetInformationProcess(proc Handle, procInfoClass int32, procInfo unsafe.Pointer, procInfoLen uint32) (ntstatus error) {
+ r0, _, _ := syscall.Syscall6(procNtSetInformationProcess.Addr(), 4, uintptr(proc), uintptr(procInfoClass), uintptr(procInfo), uintptr(procInfoLen), 0, 0)
+ if r0 != 0 {
+ ntstatus = NTStatus(r0)
+ }
+ return
+}
+
+func RtlDefaultNpAcl(acl **ACL) (ntstatus error) {
+ r0, _, _ := syscall.Syscall(procRtlDefaultNpAcl.Addr(), 1, uintptr(unsafe.Pointer(acl)), 0, 0)
+ if r0 != 0 {
+ ntstatus = NTStatus(r0)
+ }
+ return
+}
+
+func RtlDosPathNameToNtPathName(dosName *uint16, ntName *UNICODE_STRING, ntFileNamePart *uint16, relativeName *RTL_RELATIVE_NAME) (ntstatus error) {
+ r0, _, _ := syscall.Syscall6(procRtlDosPathNameToNtPathName_U_WithStatus.Addr(), 4, uintptr(unsafe.Pointer(dosName)), uintptr(unsafe.Pointer(ntName)), uintptr(unsafe.Pointer(ntFileNamePart)), uintptr(unsafe.Pointer(relativeName)), 0, 0)
+ if r0 != 0 {
+ ntstatus = NTStatus(r0)
+ }
+ return
+}
+
+func RtlDosPathNameToRelativeNtPathName(dosName *uint16, ntName *UNICODE_STRING, ntFileNamePart *uint16, relativeName *RTL_RELATIVE_NAME) (ntstatus error) {
+ r0, _, _ := syscall.Syscall6(procRtlDosPathNameToRelativeNtPathName_U_WithStatus.Addr(), 4, uintptr(unsafe.Pointer(dosName)), uintptr(unsafe.Pointer(ntName)), uintptr(unsafe.Pointer(ntFileNamePart)), uintptr(unsafe.Pointer(relativeName)), 0, 0)
+ if r0 != 0 {
+ ntstatus = NTStatus(r0)
+ }
+ return
+}
+
+func RtlGetCurrentPeb() (peb *PEB) {
+ r0, _, _ := syscall.Syscall(procRtlGetCurrentPeb.Addr(), 0, 0, 0, 0)
+ peb = (*PEB)(unsafe.Pointer(r0))
+ return
+}
+
func rtlGetNtVersionNumbers(majorVersion *uint32, minorVersion *uint32, buildNumber *uint32) {
syscall.Syscall(procRtlGetNtVersionNumbers.Addr(), 3, uintptr(unsafe.Pointer(majorVersion)), uintptr(unsafe.Pointer(minorVersion)), uintptr(unsafe.Pointer(buildNumber)))
return
@@ -2960,6 +3031,11 @@
return
}
+func RtlInitUnicodeString(destinationString *UNICODE_STRING, sourceString *uint16) {
+ syscall.Syscall(procRtlInitUnicodeString.Addr(), 2, uintptr(unsafe.Pointer(destinationString)), uintptr(unsafe.Pointer(sourceString)), 0)
+ return
+}
+
func rtlNtStatusToDosErrorNoTeb(ntstatus NTStatus) (ret syscall.Errno) {
r0, _, _ := syscall.Syscall(procRtlNtStatusToDosErrorNoTeb.Addr(), 1, uintptr(ntstatus), 0, 0)
ret = syscall.Errno(r0)
