1 files changed, 206 insertions, 0 deletions

diff --git a/ceee/testing/utils/nt_internals.h b/ceee/testing/utils/nt_internals.h
new file mode 100644
index 0000000..55ec3d4
--- /dev/null
+++ b/ceee/testing/utils/nt_internals.h
@@ -0,0 +1,206 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// NT internal data structures and functions that rely upon them.
+#ifndef CEEE_TESTING_UTILS_NT_INTERNALS_H_
+#define CEEE_TESTING_UTILS_NT_INTERNALS_H_
+
+#include <windows.h>
+
+namespace nt_internals {
+
+// The structures, constants and function declarations in here are gleaned
+// from various sources, primarily from Microsoft symbol information for
+// system DLLs, kernel modules and executables, as well as from MSDN help.
+// For more information on the Windows NT native API, see e.g.
+// the "Windows NT/2000 Native API Reference" by Gary Nebbett,
+// ISBN 9781578701995.
+typedef LONG NTSTATUS;
+typedef DWORD KPRIORITY;
+typedef WORD UWORD;
+
+struct CLIENT_ID {
+  PVOID UniqueProcess;
+  PVOID UniqueThread;
+};
+
+struct THREAD_BASIC_INFO {
+  NTSTATUS                ExitStatus;
+  PVOID                   TebBaseAddress;
+  CLIENT_ID               ClientId;
+  KAFFINITY               AffinityMask;
+  KPRIORITY               Priority;
+  KPRIORITY               BasePriority;
+};
+
+enum THREADINFOCLASS {
+  ThreadBasicInformation,
+};
+
+// NtQueryInformationProcess is documented in winternl.h, but we link
+// dynamically to it because we might as well.
+typedef NTSTATUS (WINAPI *NtQueryInformationThreadFunc)(
+                  IN HANDLE ThreadHandle,
+                  IN THREADINFOCLASS ThreadInformationClass,
+                  OUT PVOID ThreadInformation,
+                  IN ULONG ThreadInformationLength,
+                  OUT PULONG ReturnLength OPTIONAL);
+extern NtQueryInformationThreadFunc NtQueryInformationThread;
+
+typedef struct _PROCESS_BASIC_INFORMATION {
+  NTSTATUS          ExitStatus;
+  PVOID             PebBaseAddress;
+  ULONG             AffinityMask;
+  ULONG             BasePriority;
+  ULONG_PTR         UniqueProcessId;
+  ULONG_PTR         InheritedFromUniqueProcessId;
+} PROCESS_BASIC_INFORMATION;
+
+enum PROCESSINFOCLASS {
+  ProcessBasicInformation
+};
+
+typedef NTSTATUS (WINAPI *NtQueryInformationProcessFunc)(
+                  IN HANDLE ProcessHandle,
+                  IN PROCESSINFOCLASS ProcessInformationClass,
+                  OUT PVOID ProcessInformation,
+                  IN ULONG ProcessInformationLength,
+                  OUT PULONG ReturnLength OPTIONAL);
+extern NtQueryInformationProcessFunc NtQueryInformationProcess;
+
+// NtQueryObject is also documented in winternl.h, but we link
+// dynamically to it because we might as well.
+typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
+  ULONG       Attributes;
+  ACCESS_MASK GrantedAccess;
+  ULONG       HandleCount;
+  ULONG       PointerCount;
+  ULONG       Reserved[10];    // reserved for internal use
+} PUBLIC_OBJECT_BASIC_INFORMATION;
+
+enum OBJECT_INFORMATION_CLASS {
+  ObjectBasicInformation = 0,
+  ObjectTypeInformation  = 2,
+};
+
+typedef NTSTATUS (WINAPI *NtQueryObjectFunc)(
+                  IN HANDLE Handle,
+                  IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
+                  OUT PVOID ObjectInformation,
+                  IN ULONG ObjectInformationLength,
+                  OUT PULONG ReturnLength);
+extern NtQueryObjectFunc NtQueryObject;
+
+// @returns the TIB/TEB address for "thread".
+extern PNT_TIB GetThreadTIB(HANDLE thread);
+
+// Debug-related structure declarations.
+typedef struct _RTL_PROCESS_BACKTRACE_INFORMATION {
+  PVOID SymbolicBackTrace;
+  ULONG TraceCount;
+  USHORT Index;
+  USHORT Depth;
+  PVOID BackTrace[32];
+} RTL_PROCESS_BACKTRACE_INFORMATION, *PRTL_PROCESS_BACKTRACE_INFORMATION;
+
+typedef struct _RTL_PROCESS_BACKTRACES {
+  ULONG CommittedMemory;
+  ULONG ReservedMemory;
+  ULONG NumberOfBackTraceLookups;
+  ULONG NumberOfBackTraces;
+  RTL_PROCESS_BACKTRACE_INFORMATION BackTraces[1];
+} RTL_PROCESS_BACKTRACES, *PRTL_PROCESS_BACKTRACES;
+
+typedef struct _RTL_PROCESS_MODULE_INFORMATION {
+  ULONG Section;
+  PVOID MappedBase;
+  PVOID ImageBase;
+  ULONG ImageSize;
+  ULONG Flags;
+  USHORT LoadOrderIndex;
+  USHORT InitOrderIndex;
+  USHORT LoadCount;
+  USHORT OffsetToFileName;
+  CHAR FullPathName[256];
+} RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION;
+
+typedef struct _RTL_PROCESS_MODULES {
+  ULONG NumberOfModules;
+  RTL_PROCESS_MODULE_INFORMATION Modules[1];
+} RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES;
+
+typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX {
+  ULONG NextOffset;
+  RTL_PROCESS_MODULE_INFORMATION BaseInfo;
+  ULONG ImageCheckSum;
+  ULONG TimeDateStamp;
+  PVOID DefaultBase;
+} RTL_PROCESS_MODULE_INFORMATION_EX, *PRTL_PROCESS_MODULE_INFORMATION_EX;
+
+typedef struct _RTL_DEBUG_INFORMATION {
+  HANDLE SectionHandleClient;
+  PVOID ViewBaseClient;
+  PVOID ViewBaseTarget;
+  ULONG ViewBaseDelta;
+  HANDLE EventPairClient;
+  PVOID EventPairTarget;
+  HANDLE TargetProcessId;
+  HANDLE TargetThreadHandle;
+  ULONG Flags;
+  ULONG OffsetFree;
+  ULONG CommitSize;
+  ULONG ViewSize;
+  union {
+    PRTL_PROCESS_MODULES Modules;
+    PRTL_PROCESS_MODULE_INFORMATION_EX ModulesEx;
+  };
+  PRTL_PROCESS_BACKTRACES BackTraces;
+  void * /*PRTL_PROCESS_HEAPS*/ Heaps;
+  void * /*PRTL_PROCESS_LOCKS*/ Locks;
+  HANDLE SpecificHeap;
+  HANDLE TargetProcessHandle;
+  void * /*RTL_PROCESS_VERIFIER_OPTIONS*/ VerifierOptions;
+  HANDLE ProcessHeap;
+  HANDLE CriticalSectionHandle;
+  HANDLE CriticalSectionOwnerThread;
+  PVOID Reserved[4];
+} RTL_DEBUG_INFORMATION, *PRTL_DEBUG_INFORMATION;
+
+// RtlQueryProcessDebugInformation.DebugInfoClassMask constants
+#define PDI_MODULES 0x01
+#define PDI_BACKTRACE 0x02
+#define PDI_HEAPS 0x04
+#define PDI_HEAP_TAGS 0x08
+#define PDI_HEAP_BLOCKS 0x10
+#define PDI_LOCKS 0x20
+
+typedef NTSTATUS (NTAPI *RtlQueryProcessBackTraceInformationFunc)(
+      PRTL_DEBUG_INFORMATION debug_info);
+typedef PRTL_DEBUG_INFORMATION (NTAPI *RtlCreateQueryDebugBufferFunc)(
+      IN ULONG size, IN BOOLEAN event_pair);
+typedef NTSTATUS (NTAPI *RtlQueryProcessDebugInformationFunc)(
+      IN ULONG ProcessId, IN ULONG DebugInfoClassMask,
+      IN OUT PRTL_DEBUG_INFORMATION DebugBuffer);
+typedef NTSTATUS (NTAPI *RtlDestroyQueryDebugBufferFunc)(
+      IN PRTL_DEBUG_INFORMATION DebugBuffer);
+
+typedef ULONG (NTAPI *RtlGetNtGlobalFlagsFunc)();
+typedef ULONG (NTAPI *RtlNtStatusToDosErrorFunc)(NTSTATUS nt_status);
+
+// Debug-related runtime functions.
+extern RtlQueryProcessBackTraceInformationFunc
+    RtlQueryProcessBackTraceInformation;
+extern RtlCreateQueryDebugBufferFunc
+    RtlCreateQueryDebugBuffer;
+extern RtlQueryProcessDebugInformationFunc
+    RtlQueryProcessDebugInformation;
+extern RtlDestroyQueryDebugBufferFunc
+    RtlDestroyQueryDebugBuffer;
+
+extern RtlGetNtGlobalFlagsFunc RtlGetNtGlobalFlags;
+extern RtlNtStatusToDosErrorFunc RtlNtStatusToDosError;
+
+}  // namespace nt_internals
+
+#endif  // CEEE_TESTING_UTILS_NT_INTERNALS_H_