diff --git a/Veil.h b/Veil.h index 23470d4..ac56110 100644 --- a/Veil.h +++ b/Veil.h @@ -310,7 +310,6 @@ struct IUnknown; #endif // if defined(_KERNEL_MODE) - #include "Veil/Veil.System.Define.h" #include "Veil/Veil.System.KernelCore.h" #include "Veil/Veil.System.MemoryManager.h" @@ -335,6 +334,7 @@ struct IUnknown; #include "Veil/Veil.System.TransactionManager.h" #include "Veil/Veil.System.VDM.h" #include "Veil/Veil.System.Prefetcher.h" +#include "Veil/Veil.System.SMBios.h" #include "Veil/Veil.System.WindowStation.h" #include "Veil/Veil.System.UserManagerService.h" diff --git a/Veil/Veil.System.Debug.h b/Veil/Veil.System.Debug.h index 7e060e8..2a2ea95 100644 --- a/Veil/Veil.System.Debug.h +++ b/Veil/Veil.System.Debug.h @@ -104,7 +104,7 @@ NTSYSAPI ULONG __cdecl DbgPrintReturnControlC( - _In_z_ _Printf_format_string_ PCSTR Format, + _In_z_ _Printf_format_string_ PCCH Format, ... ); @@ -670,7 +670,7 @@ NTAPI NtSetInformationDebugObject( _In_ HANDLE DebugObjectHandle, _In_ DEBUGOBJECTINFOCLASS DebugObjectInformationClass, - _In_ PVOID DebugInformation, + _In_reads_bytes_(DebugInformationLength) PVOID DebugInformation, _In_ ULONG DebugInformationLength, _Out_opt_ PULONG ReturnLength ); diff --git a/Veil/Veil.System.Define.h b/Veil/Veil.System.Define.h index 3f7cef5..d81e49e 100644 --- a/Veil/Veil.System.Define.h +++ b/Veil/Veil.System.Define.h @@ -136,10 +136,24 @@ VEIL_BEGIN() #define FIELD_SIZE(type, field) (sizeof(((type *)0)->field)) #endif +#undef STATIC_ASSERT +#define STATIC_ASSERT(expr, ...) static_assert((expr), __VA_ARGS__) -#ifndef STATIC_ASSERT -#define STATIC_ASSERT(expr) typedef char __static_assert_t[ (expr) ] +#if __cplusplus +#if _MSVC_LANG < 201402L +#undef STATIC_ASSERT +#define STATIC_ASSERT(expr, ...) typedef char __static_assert_t[ (expr) ] #endif +#else +#if __STDC_VERSION__ < 201112L +#undef STATIC_ASSERT +#define STATIC_ASSERT(expr, ...) typedef char __static_assert_t[ (expr) ] +#endif +#endif + +STATIC_ASSERT(__alignof(LARGE_INTEGER) == 8, + "Windows headers require the default packing option. Changing the packing can lead to memory corruption."); + typedef void* POINTER_32 PVOID32; typedef int INT_PTR32; diff --git a/Veil/Veil.System.Etw.h b/Veil/Veil.System.Etw.h index fb656f2..7d3afd6 100644 --- a/Veil/Veil.System.Etw.h +++ b/Veil/Veil.System.Etw.h @@ -5971,7 +5971,7 @@ typedef enum _ETWTRACECONTROLCODE EtwWdiSemUpdate = 20, EtwEnumTraceGuidList = 21, // out GUID[] EtwGetTraceGuidInfo = 22, // in GUID, out ETW_TRACE_GUID_INFO - EtwEnumerateTraceGuids = 23, + EtwEnumerateTraceGuids = 23, // out TRACE_GUID_PROPERTIES[] EtwRegisterSecurityProv = 24, EtwReferenceTimeCode = 25, // in ULONG LoggerId, out ETW_REF_CLOCK EtwTrackBinaryCode = 26, // in HANDLE @@ -6243,7 +6243,7 @@ WmiExecuteMethodW( // Enable or disable a trace logging guid. #define NOTIFICATION_TRACE_FLAG 0x00010000 // Enable or disable a trace direct callback. -// The callback is invoked immediately via a seperate thread. +// The callback is invoked immediately via a separate thread. #define NOTIFICATION_CALLBACK_DIRECT 0x00000004 // Set this flag (and only this flag) when you want to only check if the // caller has permission to receive events for the guid @@ -6300,30 +6300,29 @@ typedef struct _MOFRESOURCEINFOA { PSTR ImagePath; // Path to image containing MOF resource PSTR ResourceName; // Name of resource in image - ULONG ResourceSize; // Number of bytes in resource + ULONG ResourceSize; // Number of bytes in resource PUCHAR ResourceBuffer; } MOFRESOURCEINFOA, * PMOFRESOURCEINFOA; +typedef struct _MOFRESOURCEINFOW +{ + LPWSTR ImagePath; // Path to image containing MOF resource + LPWSTR ResourceName; // Name of resource in image + ULONG ResourceSize; // Number of bytes in resource + PUCHAR ResourceBuffer; // Reserved +} MOFRESOURCEINFOW, * PMOFRESOURCEINFOW; + #ifdef UNICODE -typedef struct _MOFRESOURCEINFOA MOFRESOURCEINFO, PMOFRESOURCEINFO; +typedef struct _MOFRESOURCEINFOW MOFRESOURCEINFO, PMOFRESOURCEINFO; #else typedef struct _MOFRESOURCEINFOA MOFRESOURCEINFO, PMOFRESOURCEINFO; #endif -// // When set the guid can be opened and accessed #define MOFCI_RESERVED0 0x00000001 #define MOFCI_RESERVED1 0x00000002 #define MOFCI_RESERVED2 0x00000004 -typedef struct -{ - LPWSTR ImagePath; // Path to image containing MOF resource - LPWSTR ResourceName; // Name of resource in image - ULONG ResourceSize; // Number of bytes in resource - PUCHAR ResourceBuffer; // Reserved -} MOFRESOURCEINFOW, * PMOFRESOURCEINFOW; - NTSYSAPI ULONG NTAPI diff --git a/Veil/Veil.System.Executive.h b/Veil/Veil.System.Executive.h index fb2a2e7..3b1d5f0 100644 --- a/Veil/Veil.System.Executive.h +++ b/Veil/Veil.System.Executive.h @@ -67,12 +67,14 @@ ZwDelayExecution( /** * Retrieves the value of the specified firmware environment variable. + * The user account that the app is running under must have the SE_SYSTEM_ENVIRONMENT_NAME privilege. * - * @param VariableName - * @param VariableValue + * @param VariableName The name of the firmware environment variable. The pointer must not be NULL. + * @param VariableValue A pointer to a buffer that receives the value of the specified firmware environment variable. + * @param ValueLength The size of the \c VariableValue buffer, in bytes. + * @param ReturnLength If the function succeeds, the return length is the number of bytes stored in the \c VariableValue buffer. * @return NTSTATUS Successful or errant status. */ - __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -94,23 +96,43 @@ ZwQuerySystemEnvironmentValue( _Out_opt_ PUSHORT ReturnLength ); +// The firmware environment variable is stored in non-volatile memory (e.g. NVRAM). #define EFI_VARIABLE_NON_VOLATILE 0x00000001 +// The firmware environment variable can be accessed during boot service. #define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 +// The firmware environment variable can be accessed at runtime. #define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 +// Indicates hardware related errors encountered at runtime. #define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008 +// Indicates an authentication requirement that must be met before writing to this firmware environment variable. #define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010 +// Indicates authentication and time stamp requirements that must be met before writing to this firmware environment variable. +// When this attribute is set, the buffer, represented by Buffer, will begin with an instance of a complete (and serialized) EFI_VARIABLE_AUTHENTICATION_2 descriptor. #define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020 +// Append an existing environment variable with the value of Buffer. If the firmware does not support the operation, the function returns ERROR_INVALID_FUNCTION. #define EFI_VARIABLE_APPEND_WRITE 0x00000040 +// The firmware environment variable will return metadata in addition to variable data. #define EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS 0x00000080 +/** + * Retrieves the value of the specified firmware environment variable and its attributes. + * The user account that the app is running under must have the SE_SYSTEM_ENVIRONMENT_NAME privilege. + * + * @param VariableName The name of the firmware environment variable. The pointer must not be NULL. + * @param VendorGuid The GUID that represents the namespace of the firmware environment variable. + * @param Buffer A pointer to a buffer that receives the value of the specified firmware environment variable. + * @param BufferLength The size of the \c Buffer, in bytes. + * @param Attributes Bitmask identifying UEFI variable attributes associated with the variable. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQuerySystemEnvironmentValueEx( _In_ PUNICODE_STRING VariableName, _In_ LPCGUID VendorGuid, - _Out_writes_bytes_opt_(*ValueLength) PVOID Value, - _Inout_ PULONG ValueLength, + _Out_writes_bytes_opt_(*BufferLength) PVOID Buffer, + _Inout_ PULONG BufferLength, _Out_opt_ PULONG Attributes // EFI_VARIABLE_* ); @@ -126,44 +148,67 @@ ZwQuerySystemEnvironmentValueEx( _Out_opt_ PULONG Attributes ); +/** + * Sets the value of the specified firmware environment variable. + * The user account that the app is running under must have the SE_SYSTEM_ENVIRONMENT_NAME privilege. + * + * @param VariableName The name of the firmware environment variable. The pointer must not be NULL. + * @param VariableValue A pointer to the new value for the firmware environment variable. + * If this parameter is zero, the firmware environment variable is deleted. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI -NtSetSystemEnvironmentValueEx( +NtSetSystemEnvironmentValue( _In_ PUNICODE_STRING VariableName, - _In_ LPCGUID VendorGuid, - _In_reads_bytes_opt_(ValueLength) PVOID Value, - _In_ ULONG ValueLength, // 0 = delete variable - _In_ ULONG Attributes // EFI_VARIABLE_* + _In_ PUNICODE_STRING VariableValue ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI -ZwSetSystemEnvironmentValueEx( +ZwSetSystemEnvironmentValue( _In_ PUNICODE_STRING VariableName, - _In_ LPCGUID VendorGuid, - _In_reads_bytes_opt_(ValueLength) PVOID Value, - _In_ ULONG ValueLength, - _In_ ULONG Attributes + _In_ PUNICODE_STRING VariableValue ); +/** + * Sets the value of the specified firmware environment variable and the attributes that indicate how this variable is stored and maintained. + * The user account that the app is running under must have the SE_SYSTEM_ENVIRONMENT_NAME privilege. + * + * @param VariableName The name of the firmware environment variable. The pointer must not be NULL. + * @param VendorGuid The GUID that represents the namespace of the firmware environment variable. + * @param Buffer A pointer to the new value for the firmware environment variable. + * @param BufferLength The size of the pValue buffer, in bytes. + * Unless the VARIABLE_ATTRIBUTE_APPEND_WRITE, VARIABLE_ATTRIBUTE_AUTHENTICATED_WRITE_ACCESS, + * or VARIABLE_ATTRIBUTE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS variable attribute is set via dwAttributes, + * setting this value to zero will result in the deletion of this variable. + * @param Attributes Bitmask to set UEFI variable attributes associated with the variable. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI -NtSetSystemEnvironmentValue( +NtSetSystemEnvironmentValueEx( _In_ PUNICODE_STRING VariableName, - _In_ PUNICODE_STRING VariableValue + _In_ LPCGUID VendorGuid, + _In_reads_bytes_opt_(BufferLength) PVOID Buffer, + _In_ ULONG BufferLength, // 0 = delete variable + _In_ ULONG Attributes // EFI_VARIABLE_* ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI -ZwSetSystemEnvironmentValue( +ZwSetSystemEnvironmentValueEx( _In_ PUNICODE_STRING VariableName, - _In_ PUNICODE_STRING VariableValue + _In_ LPCGUID VendorGuid, + _In_reads_bytes_opt_(ValueLength) PVOID Value, + _In_ ULONG ValueLength, + _In_ ULONG Attributes ); typedef enum _SYSTEM_ENVIRONMENT_INFORMATION_CLASS @@ -210,6 +255,78 @@ ZwEnumerateSystemEnvironmentValuesEx( _Inout_ PULONG BufferLength ); +// +// Cpu Partition +// + +// rev +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateCpuPartition( + _Out_ PHANDLE CpuPartitionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes +); + +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwCreateCpuPartition( + _Out_ PHANDLE CpuPartitionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes +); + +// rev +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenCpuPartition( + _Out_ PHANDLE CpuPartitionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes +); + +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenCpuPartition( + _Out_ PHANDLE CpuPartitionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes +); + +// rev +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationCpuPartition( + _In_ HANDLE CpuPartitionHandle, + _In_ ULONG CpuPartitionInformationClass, + _In_reads_bytes_(CpuPartitionInformationLength) PVOID CpuPartitionInformation, + _In_ ULONG CpuPartitionInformationLength, + _Reserved_ PVOID, + _Reserved_ ULONG, + _Reserved_ ULONG +); + +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwSetInformationCpuPartition( + _In_ HANDLE CpuPartitionHandle, + _In_ ULONG CpuPartitionInformationClass, + _In_reads_bytes_(CpuPartitionInformationLength) PVOID CpuPartitionInformation, + _In_ ULONG CpuPartitionInformationLength, + _Reserved_ PVOID, + _Reserved_ ULONG, + _Reserved_ ULONG +); + // // EFI // @@ -271,6 +388,13 @@ typedef struct _EFI_DRIVER_ENTRY_LIST EFI_DRIVER_ENTRY DriverEntry; } EFI_DRIVER_ENTRY_LIST, * PEFI_DRIVER_ENTRY_LIST; +/** + * The NtAddBootEntry routine adds a new boot entry to the system boot configuration. + * + * @param BootEntry A pointer to a BOOT_ENTRY structure that specifies the boot entry to be added. + * @param Id A pointer to a variable that receives the identifier of the new boot entry. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -288,6 +412,12 @@ ZwAddBootEntry( _Out_opt_ PULONG Id ); +/** + * The NtDeleteBootEntry routine deletes an existing boot entry from the system boot configuration. + * + * @param Id The identifier of the boot entry to be deleted. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -303,6 +433,12 @@ ZwDeleteBootEntry( _In_ ULONG Id ); +/** + * The NtModifyBootEntry routine modifies an existing boot entry in the system boot configuration. + * + * @param BootEntry A pointer to a BOOT_ENTRY structure that specifies the new boot entry information. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -318,6 +454,13 @@ ZwModifyBootEntry( _In_ PBOOT_ENTRY BootEntry ); +/** + * The NtEnumerateBootEntries routine retrieves information about all boot entries in the system boot configuration. + * + * @param Buffer A pointer to a buffer that receives the boot entries information. + * @param BufferLength A pointer to a variable that specifies the size of the buffer. On return, it contains the size of the data returned. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -335,6 +478,13 @@ ZwEnumerateBootEntries( _Inout_ PULONG BufferLength ); +/** + * The NtQueryBootEntryOrder routine retrieves the current boot entry order. + * + * @param Ids A pointer to a buffer that receives the identifiers of the boot entries in the current boot order. + * @param Count A pointer to a variable that specifies the number of entries in the buffer. On return, it contains the number of entries returned. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -352,6 +502,13 @@ ZwQueryBootEntryOrder( _Inout_ PULONG Count ); +/** + * The NtSetBootEntryOrder routine sets the boot entry order. + * + * @param Ids A pointer to a buffer that specifies the identifiers of the boot entries in the desired boot order. + * @param Count The number of entries in the buffer. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -369,6 +526,13 @@ ZwSetBootEntryOrder( _In_ ULONG Count ); +/** + * The NtQueryBootOptions routine retrieves the current boot options. + * + * @param BootOptions A pointer to a buffer that receives the boot options. + * @param BootOptionsLength A pointer to a variable that specifies the size of the buffer. On return, it contains the size of the data returned. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -386,6 +550,13 @@ ZwQueryBootOptions( _Inout_ PULONG BootOptionsLength ); +/** + * The NtSetBootOptions routine sets the boot options. + * + * @param BootOptions A pointer to a BOOT_OPTIONS structure that specifies the new boot options. + * @param FieldsToChange A bitmask that specifies which fields in the BOOT_OPTIONS structure are to be changed. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -403,6 +574,15 @@ ZwSetBootOptions( _In_ ULONG FieldsToChange ); +/** + * The NtTranslateFilePath routine translates a file path from one format to another. + * + * @param InputFilePath A pointer to a FILE_PATH structure that specifies the input file path. + * @param OutputType The type of the output file path. + * @param OutputFilePath A pointer to a buffer that receives the translated file path. + * @param OutputFilePathLength A pointer to a variable that specifies the size of the buffer. On return, it contains the size of the data returned. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -424,6 +604,13 @@ ZwTranslateFilePath( _Inout_opt_ PULONG OutputFilePathLength ); +/** + * The NtAddDriverEntry routine adds a new driver entry to the system boot configuration. + * + * @param DriverEntry A pointer to an EFI_DRIVER_ENTRY structure that specifies the driver entry to be added. + * @param Id A pointer to a variable that receives the identifier of the new driver entry. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -441,6 +628,12 @@ ZwAddDriverEntry( _Out_opt_ PULONG Id ); +/** + * The NtDeleteDriverEntry routine deletes an existing driver entry from the system boot configuration. + * + * @param Id The identifier of the driver entry to be deleted. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -456,6 +649,12 @@ ZwDeleteDriverEntry( _In_ ULONG Id ); +/** + * The NtModifyDriverEntry routine modifies an existing driver entry in the system boot configuration. + * + * @param DriverEntry A pointer to an EFI_DRIVER_ENTRY structure that specifies the new driver entry information. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -471,6 +670,13 @@ ZwModifyDriverEntry( _In_ PEFI_DRIVER_ENTRY DriverEntry ); +/** + * The NtEnumerateDriverEntries routine retrieves information about all driver entries in the system boot configuration. + * + * @param Buffer A pointer to a buffer that receives the driver entries information. + * @param BufferLength A pointer to a variable that specifies the size of the buffer. On return, it contains the size of the data returned. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -488,6 +694,13 @@ ZwEnumerateDriverEntries( _Inout_ PULONG BufferLength ); +/** + * The NtQueryDriverEntryOrder routine retrieves the current driver entry order. + * + * @param Ids A pointer to a buffer that receives the identifiers of the driver entries in the current driver order. + * @param Count A pointer to a variable that specifies the number of entries in the buffer. On return, it contains the number of entries returned. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -505,6 +718,13 @@ ZwQueryDriverEntryOrder( _Inout_ PULONG Count ); +/** + * The NtSetDriverEntryOrder routine sets the driver entry order. + * + * @param Ids A pointer to a buffer that specifies the identifiers of the driver entries in the desired driver order. + * @param Count The number of entries in the buffer. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -532,6 +752,16 @@ typedef enum _FILTER_BOOT_OPTION_OPERATION } FILTER_BOOT_OPTION_OPERATION; #if (NTDDI_VERSION >= NTDDI_WINBLUE) +/** + * The NtFilterBootOption routine filters boot options based on the specified operation, object type, and element type. + * + * @param FilterOperation The operation to be performed on the boot option. This can be one of the values from the FILTER_BOOT_OPTION_OPERATION enumeration. + * @param ObjectType The type of the object to be filtered. + * @param ElementType The type of the element within the object to be filtered. + * @param Data A pointer to a buffer that contains the data to be used in the filter operation. This parameter is optional and can be NULL. + * @param DataSize The size, in bytes, of the data buffer pointed to by the Data parameter. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -808,7 +1038,14 @@ ZwQueryEvent( // #define EVENT_PAIR_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE) - +/** + * The NtCreateEventPair routine creates an event pair object and opens a handle to the object with the specified desired access. + * + * @param EventPairHandle A pointer to a variable that receives the event pair object handle. + * @param DesiredAccess The access mask that specifies the requested access to the event pair object. + * @param ObjectAttributes A pointer to an OBJECT_ATTRIBUTES structure that specifies the object attributes. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -828,6 +1065,14 @@ ZwCreateEventPair( _In_opt_ PCOBJECT_ATTRIBUTES ObjectAttributes ); +/** + * The NtOpenEventPair routine opens a handle to an existing event pair object. + * + * @param EventPairHandle A pointer to a variable that receives the event pair object handle. + * @param DesiredAccess The access mask that specifies the requested access to the event pair object. + * @param ObjectAttributes A pointer to an OBJECT_ATTRIBUTES structure that specifies the object attributes. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -847,6 +1092,12 @@ ZwOpenEventPair( _In_ PCOBJECT_ATTRIBUTES ObjectAttributes ); +/** + * The NtSetLowEventPair routine sets the low event in an event pair to the signaled state. + * + * @param EventPairHandle A handle to the event pair object. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -862,6 +1113,12 @@ ZwSetLowEventPair( _In_ HANDLE EventPairHandle ); +/** + * The NtSetHighEventPair routine sets the high event in an event pair to the signaled state. + * + * @param EventPairHandle A handle to the event pair object. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -877,6 +1134,12 @@ ZwSetHighEventPair( _In_ HANDLE EventPairHandle ); +/** + * The NtWaitLowEventPair routine waits for the low event in an event pair to be set to the signaled state. + * + * @param EventPairHandle A handle to the event pair object. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -892,6 +1155,12 @@ ZwWaitLowEventPair( _In_ HANDLE EventPairHandle ); +/** + * The NtWaitHighEventPair routine waits for the high event in an event pair to be set to the signaled state. + * + * @param EventPairHandle A handle to the event pair object. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -907,6 +1176,12 @@ ZwWaitHighEventPair( _In_ HANDLE EventPairHandle ); +/** + * The NtSetLowWaitHighEventPair routine sets the low event in an event pair to the signaled state and waits for the high event to be set to the signaled state. + * + * @param EventPairHandle A handle to the event pair object. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -922,6 +1197,12 @@ ZwSetLowWaitHighEventPair( _In_ HANDLE EventPairHandle ); +/** + * The NtSetHighWaitLowEventPair routine sets the high event in an event pair to the signaled state and waits for the low event to be set to the signaled state. + * + * @param EventPairHandle A handle to the event pair object. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -953,6 +1234,9 @@ typedef enum _MUTANT_INFORMATION_CLASS MutantOwnerInformation // MUTANT_OWNER_INFORMATION } MUTANT_INFORMATION_CLASS; +/** + * The MUTANT_BASIC_INFORMATION structure contains basic information about a mutant object. + */ typedef struct _MUTANT_BASIC_INFORMATION { LONG CurrentCount; @@ -960,11 +1244,24 @@ typedef struct _MUTANT_BASIC_INFORMATION BOOLEAN AbandonedState; } MUTANT_BASIC_INFORMATION, * PMUTANT_BASIC_INFORMATION; +/** + * The MUTANT_OWNER_INFORMATION structure contains information about the owner of a mutant object. + */ typedef struct _MUTANT_OWNER_INFORMATION { CLIENT_ID ClientId; } MUTANT_OWNER_INFORMATION, * PMUTANT_OWNER_INFORMATION; +/** + * The NtCreateMutant routine creates a mutant object, sets the initial state of the mutant to the specified value, + * and opens a handle to the object with the specified desired access. + * + * @param MutantHandle A pointer to a variable that receives the mutant object handle. + * @param DesiredAccess The access mask that specifies the requested access to the mutant object. + * @param ObjectAttributes A pointer to an OBJECT_ATTRIBUTES structure that specifies the object attributes. + * @param InitialOwner If TRUE, the calling thread is the initial owner of the mutant object. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -986,6 +1283,14 @@ ZwCreateMutant( _In_ BOOLEAN InitialOwner ); +/** + * The NtOpenMutant routine opens a handle to an existing mutant object. + * + * @param MutantHandle A pointer to a variable that receives the mutant object handle. + * @param DesiredAccess The access mask that specifies the requested access to the mutant object. + * @param ObjectAttributes A pointer to an OBJECT_ATTRIBUTES structure that specifies the object attributes. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -1005,6 +1310,13 @@ ZwOpenMutant( _In_ PCOBJECT_ATTRIBUTES ObjectAttributes ); +/** + * The NtReleaseMutant routine releases ownership of a mutant object. + * + * @param MutantHandle A handle to the mutant object. + * @param PreviousCount A pointer to a variable that receives the previous count of the mutant object. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -1022,6 +1334,16 @@ ZwReleaseMutant( _Out_opt_ PLONG PreviousCount ); +/** + * The NtQueryMutant routine retrieves information about a mutant object. + * + * @param MutantHandle A handle to the mutant object. + * @param MutantInformationClass The type of information to be retrieved. + * @param MutantInformation A pointer to a buffer that receives the requested information. + * @param MutantInformationLength The size of the buffer pointed to by MutantInformation. + * @param ReturnLength A pointer to a variable that receives the size of the data returned in the buffer. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -1058,12 +1380,26 @@ typedef enum _SEMAPHORE_INFORMATION_CLASS SemaphoreBasicInformation } SEMAPHORE_INFORMATION_CLASS; +/** + * The SEMAPHORE_BASIC_INFORMATION structure contains basic information about a semaphore object. + */ typedef struct _SEMAPHORE_BASIC_INFORMATION { LONG CurrentCount; LONG MaximumCount; } SEMAPHORE_BASIC_INFORMATION, * PSEMAPHORE_BASIC_INFORMATION; +/** + * The NtCreateSemaphore routine creates a semaphore object, sets the initial count of the semaphore to the specified value, + * and opens a handle to the object with the specified desired access. + * + * @param SemaphoreHandle A pointer to a variable that receives the semaphore object handle. + * @param DesiredAccess The access mask that specifies the requested access to the semaphore object. + * @param ObjectAttributes A pointer to an OBJECT_ATTRIBUTES structure that specifies the object attributes. + * @param InitialCount The initial count of the semaphore object. + * @param MaximumCount The maximum count of the semaphore object. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -1087,6 +1423,14 @@ ZwCreateSemaphore( _In_ LONG MaximumCount ); +/** + * The NtOpenSemaphore routine opens a handle to an existing semaphore object. + * + * @param SemaphoreHandle A pointer to a variable that receives the semaphore object handle. + * @param DesiredAccess The access mask that specifies the requested access to the semaphore object. + * @param ObjectAttributes A pointer to an OBJECT_ATTRIBUTES structure that specifies the object attributes. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -1106,6 +1450,14 @@ ZwOpenSemaphore( _In_ POBJECT_ATTRIBUTES ObjectAttributes ); +/** + * The NtReleaseSemaphore routine increases the count of the specified semaphore object by a specified amount. + * + * @param SemaphoreHandle A handle to the semaphore object. + * @param ReleaseCount The amount by which the semaphore object's count is to be increased. + * @param PreviousCount A pointer to a variable that receives the previous count of the semaphore object. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -1125,6 +1477,16 @@ ZwReleaseSemaphore( _Out_opt_ PLONG PreviousCount ); +/** + * The NtQuerySemaphore routine retrieves information about a semaphore object. + * + * @param SemaphoreHandle A handle to the semaphore object. + * @param SemaphoreInformationClass The type of information to be retrieved. + * @param SemaphoreInformation A pointer to a buffer that receives the requested information. + * @param SemaphoreInformationLength The size of the buffer pointed to by SemaphoreInformation. + * @param ReturnLength A pointer to a variable that receives the size of the data returned in the buffer. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -2497,9 +2859,9 @@ typedef enum _SYSTEM_INFORMATION_CLASS SystemContextSwitchInformation, // q: SYSTEM_CONTEXT_SWITCH_INFORMATION SystemRegistryQuotaInformation, // q: SYSTEM_REGISTRY_QUOTA_INFORMATION; s (requires SeIncreaseQuotaPrivilege) SystemExtendServiceTableInformation, // s (requires SeLoadDriverPrivilege) // loads win32k only - SystemPrioritySeperation, // s (requires SeTcbPrivilege) - SystemVerifierAddDriverInformation, // s (requires SeDebugPrivilege) // 40 - SystemVerifierRemoveDriverInformation, // s (requires SeDebugPrivilege) + SystemPrioritySeparation, // s (requires SeTcbPrivilege) + SystemVerifierAddDriverInformation, // s: UNICODE_STRING (requires SeDebugPrivilege) // 40 + SystemVerifierRemoveDriverInformation, // s: UNICODE_STRING (requires SeDebugPrivilege) SystemProcessorIdleInformation, // q: SYSTEM_PROCESSOR_IDLE_INFORMATION (EX in: USHORT ProcessorGroup) SystemLegacyDriverInformation, // q: SYSTEM_LEGACY_DRIVER_INFORMATION SystemCurrentTimeZoneInformation, // q; s: RTL_TIME_ZONE_INFORMATION @@ -2530,18 +2892,18 @@ typedef enum _SYSTEM_INFORMATION_CLASS SystemHotpatchInformation, // q; s: SYSTEM_HOTPATCH_CODE_INFORMATION SystemObjectSecurityMode, // q: ULONG // 70 SystemWatchdogTimerHandler, // s: SYSTEM_WATCHDOG_HANDLER_INFORMATION // (kernel-mode only) - SystemWatchdogTimerInformation, // q: SYSTEM_WATCHDOG_TIMER_INFORMATION // (kernel-mode only) - SystemLogicalProcessorInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION (EX in: USHORT ProcessorGroup) + SystemWatchdogTimerInformation, // q: SYSTEM_WATCHDOG_TIMER_INFORMATION // NtQuerySystemInformationEx // (kernel-mode only) + SystemLogicalProcessorInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION (EX in: USHORT ProcessorGroup) // NtQuerySystemInformationEx SystemWow64SharedInformationObsolete, // not implemented SystemRegisterFirmwareTableInformationHandler, // s: SYSTEM_FIRMWARE_TABLE_HANDLER // (kernel-mode only) SystemFirmwareTableInformation, // SYSTEM_FIRMWARE_TABLE_INFORMATION - SystemModuleInformationEx, // q: RTL_PROCESS_MODULE_INFORMATION_EX + SystemModuleInformationEx, // q: RTL_PROCESS_MODULE_INFORMATION_EX // since VISTA SystemVerifierTriageInformation, // not implemented SystemSuperfetchInformation, // q; s: SUPERFETCH_INFORMATION // PfQuerySuperfetchInformation SystemMemoryListInformation, // q: SYSTEM_MEMORY_LIST_INFORMATION; s: SYSTEM_MEMORY_LIST_COMMAND (requires SeProfileSingleProcessPrivilege) // 80 SystemFileCacheInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (same as SystemFileCacheInformation) - SystemThreadPriorityClientIdInformation, // s: SYSTEM_THREAD_CID_PRIORITY_INFORMATION (requires SeIncreaseBasePriorityPrivilege) - SystemProcessorIdleCycleTimeInformation, // q: SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION[] (EX in: USHORT ProcessorGroup) + SystemThreadPriorityClientIdInformation, // s: SYSTEM_THREAD_CID_PRIORITY_INFORMATION (requires SeIncreaseBasePriorityPrivilege) // NtQuerySystemInformationEx + SystemProcessorIdleCycleTimeInformation, // q: SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION[] (EX in: USHORT ProcessorGroup) // NtQuerySystemInformationEx SystemVerifierCancellationInformation, // SYSTEM_VERIFIER_CANCELLATION_INFORMATION // name:wow64:whNT32QuerySystemVerifierCancellationInformation SystemProcessorPowerInformationEx, // not implemented SystemRefTraceInformation, // q; s: SYSTEM_REF_TRACE_INFORMATION // ObQueryRefTraceInformation @@ -2558,15 +2920,15 @@ typedef enum _SYSTEM_INFORMATION_CLASS SystemVerifierFaultsInformation, // s: SYSTEM_VERIFIER_FAULTS_INFORMATION (requires SeDebugPrivilege) SystemSystemPartitionInformation, // q: SYSTEM_SYSTEM_PARTITION_INFORMATION SystemSystemDiskInformation, // q: SYSTEM_SYSTEM_DISK_INFORMATION - SystemProcessorPerformanceDistribution, // q: SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION (EX in: USHORT ProcessorGroup) // 100 + SystemProcessorPerformanceDistribution, // q: SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION (EX in: USHORT ProcessorGroup) // NtQuerySystemInformationEx // 100 SystemNumaProximityNodeInformation, // q; s: SYSTEM_NUMA_PROXIMITY_MAP SystemDynamicTimeZoneInformation, // q; s: RTL_DYNAMIC_TIME_ZONE_INFORMATION (requires SeTimeZonePrivilege) SystemCodeIntegrityInformation, // q: SYSTEM_CODEINTEGRITY_INFORMATION // SeCodeIntegrityQueryInformation SystemProcessorMicrocodeUpdateInformation, // s: SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION SystemProcessorBrandString, // q: CHAR[] // HaliQuerySystemInformation -> HalpGetProcessorBrandString, info class 23 SystemVirtualAddressInformation, // q: SYSTEM_VA_LIST_INFORMATION[]; s: SYSTEM_VA_LIST_INFORMATION[] (requires SeIncreaseQuotaPrivilege) // MmQuerySystemVaInformation - SystemLogicalProcessorAndGroupInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX (EX in: LOGICAL_PROCESSOR_RELATIONSHIP RelationshipType) // since WIN7 // KeQueryLogicalProcessorRelationship - SystemProcessorCycleTimeInformation, // q: SYSTEM_PROCESSOR_CYCLE_TIME_INFORMATION[] (EX in: USHORT ProcessorGroup) + SystemLogicalProcessorAndGroupInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX (EX in: LOGICAL_PROCESSOR_RELATIONSHIP RelationshipType) // since WIN7 // NtQuerySystemInformationEx // KeQueryLogicalProcessorRelationship + SystemProcessorCycleTimeInformation, // q: SYSTEM_PROCESSOR_CYCLE_TIME_INFORMATION[] (EX in: USHORT ProcessorGroup) // NtQuerySystemInformationEx SystemStoreInformation, // q; s: SYSTEM_STORE_INFORMATION (requires SeProfileSingleProcessPrivilege) // SmQueryStoreInformation SystemRegistryAppendString, // s: SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS // 110 SystemAitSamplingValue, // s: ULONG (requires SeProfileSingleProcessPrivilege) @@ -2579,7 +2941,7 @@ typedef enum _SYSTEM_INFORMATION_CLASS SystemVerifierCountersInformation, // q: SYSTEM_VERIFIER_COUNTERS_INFORMATION SystemPagedPoolInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypePagedPool) SystemSystemPtesInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypeSystemPtes) // 120 - SystemNodeDistanceInformation, // q: USHORT[4*NumaNodes] // (EX in: USHORT NodeNumber) + SystemNodeDistanceInformation, // q: USHORT[4*NumaNodes] // (EX in: USHORT NodeNumber) // NtQuerySystemInformationEx SystemAcpiAuditInformation, // q: SYSTEM_ACPI_AUDIT_INFORMATION // HaliQuerySystemInformation -> HalpAuditQueryResults, info class 26 SystemBasicPerformanceInformation, // q: SYSTEM_BASIC_PERFORMANCE_INFORMATION // name:wow64:whNtQuerySystemInformation_SystemBasicPerformanceInformation SystemQueryPerformanceCounterInformation, // q: SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION // since WIN7 SP1 @@ -2599,7 +2961,7 @@ typedef enum _SYSTEM_INFORMATION_CLASS SystemMemoryTopologyInformation, // q: SYSTEM_MEMORY_TOPOLOGY_INFORMATION SystemMemoryChannelInformation, // q: SYSTEM_MEMORY_CHANNEL_INFORMATION SystemBootLogoInformation, // q: SYSTEM_BOOT_LOGO_INFORMATION // 140 - SystemProcessorPerformanceInformationEx, // q: SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX // (EX in: USHORT ProcessorGroup) // since WINBLUE + SystemProcessorPerformanceInformationEx, // q: SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX // (EX in: USHORT ProcessorGroup) // NtQuerySystemInformationEx // since WINBLUE SystemCriticalProcessErrorLogInformation, // CRITICAL_PROCESS_EXCEPTION_DATA SystemSecureBootPolicyInformation, // q: SYSTEM_SECUREBOOT_POLICY_INFORMATION SystemPageFileInformationEx, // q: SYSTEM_PAGEFILE_INFORMATION_EX @@ -2618,7 +2980,7 @@ typedef enum _SYSTEM_INFORMATION_CLASS SystemManufacturingInformation, // q: SYSTEM_MANUFACTURING_INFORMATION // since THRESHOLD SystemEnergyEstimationConfigInformation, // q: SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION SystemHypervisorDetailInformation, // q: SYSTEM_HYPERVISOR_DETAIL_INFORMATION - SystemProcessorCycleStatsInformation, // q: SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION (EX in: USHORT ProcessorGroup) // 160 + SystemProcessorCycleStatsInformation, // q: SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION (EX in: USHORT ProcessorGroup) // NtQuerySystemInformationEx // 160 SystemVmGenerationCountInformation, SystemTrustedPlatformModuleInformation, // q: SYSTEM_TPM_INFORMATION SystemKernelDebuggerFlags, // SYSTEM_KERNEL_DEBUGGER_FLAGS @@ -2637,7 +2999,7 @@ typedef enum _SYSTEM_INFORMATION_CLASS SystemCpuSetTagInformation, // q: SYSTEM_CPU_SET_TAG_INFORMATION SystemWin32WerStartCallout, SystemSecureKernelProfileInformation, // q: SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION - SystemCodeIntegrityPlatformManifestInformation, // q: SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION // since REDSTONE + SystemCodeIntegrityPlatformManifestInformation, // q: SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION // NtQuerySystemInformationEx // since REDSTONE SystemInterruptSteeringInformation, // q: in: SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT, out: SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT // NtQuerySystemInformationEx // 180 SystemSupportedProcessorArchitectures, // p: in opt: HANDLE, out: SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION[] // NtQuerySystemInformationEx SystemMemoryUsageInformation, // q: SYSTEM_MEMORY_USAGE_INFORMATION @@ -2647,12 +3009,12 @@ typedef enum _SYSTEM_INFORMATION_CLASS SystemKernelDebuggingAllowed, // s: ULONG SystemActivityModerationExeState, // SYSTEM_ACTIVITY_MODERATION_EXE_STATE SystemActivityModerationUserSettings, // SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS - SystemCodeIntegrityPoliciesFullInformation, + SystemCodeIntegrityPoliciesFullInformation, // NtQuerySystemInformationEx SystemCodeIntegrityUnlockInformation, // SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION // 190 SystemIntegrityQuotaInformation, SystemFlushInformation, // q: SYSTEM_FLUSH_INFORMATION SystemProcessorIdleMaskInformation, // q: ULONG_PTR[ActiveGroupCount] // since REDSTONE3 - SystemSecureDumpEncryptionInformation, + SystemSecureDumpEncryptionInformation, // NtQuerySystemInformationEx SystemWriteConstraintInformation, // SYSTEM_WRITE_CONSTRAINT_INFORMATION SystemKernelVaShadowInformation, // SYSTEM_KERNEL_VA_SHADOW_INFORMATION SystemHypervisorSharedPageInformation, // SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION // since REDSTONE4 @@ -2667,7 +3029,7 @@ typedef enum _SYSTEM_INFORMATION_CLASS SystemLeapSecondInformation, // SYSTEM_LEAP_SECOND_INFORMATION SystemFlags2Information, // q: SYSTEM_FLAGS_INFORMATION SystemSecurityModelInformation, // SYSTEM_SECURITY_MODEL_INFORMATION // since 19H1 - SystemCodeIntegritySyntheticCacheInformation, + SystemCodeIntegritySyntheticCacheInformation, // NtQuerySystemInformationEx SystemFeatureConfigurationInformation, // q: in: SYSTEM_FEATURE_CONFIGURATION_QUERY, out: SYSTEM_FEATURE_CONFIGURATION_INFORMATION; s: SYSTEM_FEATURE_CONFIGURATION_UPDATE // NtQuerySystemInformationEx // since 20H1 // 210 SystemFeatureConfigurationSectionInformation, // q: in: SYSTEM_FEATURE_CONFIGURATION_SECTIONS_REQUEST, out: SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION // NtQuerySystemInformationEx SystemFeatureUsageSubscriptionInformation, // q: SYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS; s: SYSTEM_FEATURE_USAGE_SUBSCRIPTION_UPDATE @@ -2681,7 +3043,7 @@ typedef enum _SYSTEM_INFORMATION_CLASS SystemDifRemovePluginVerificationOnDriver, // SYSTEM_DIF_PLUGIN_DRIVER_INFORMATION // 220 SystemShadowStackInformation, // SYSTEM_SHADOW_STACK_INFORMATION SystemBuildVersionInformation, // q: in: ULONG (LayerNumber), out: SYSTEM_BUILD_VERSION_INFORMATION // NtQuerySystemInformationEx // 222 - SystemPoolLimitInformation, // SYSTEM_POOL_LIMIT_INFORMATION (requires SeIncreaseQuotaPrivilege) + SystemPoolLimitInformation, // SYSTEM_POOL_LIMIT_INFORMATION (requires SeIncreaseQuotaPrivilege) // NtQuerySystemInformationEx SystemCodeIntegrityAddDynamicStore, SystemCodeIntegrityClearDynamicStores, SystemDifPoolTrackingInformation, @@ -2689,15 +3051,15 @@ typedef enum _SYSTEM_INFORMATION_CLASS SystemDpcWatchdogInformation, // q; s: SYSTEM_DPC_WATCHDOG_CONFIGURATION_INFORMATION SystemDpcWatchdogInformation2, // q; s: SYSTEM_DPC_WATCHDOG_CONFIGURATION_INFORMATION_V2 SystemSupportedProcessorArchitectures2, // q: in opt: HANDLE, out: SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION[] // NtQuerySystemInformationEx // 230 - SystemSingleProcessorRelationshipInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX // (EX in: PROCESSOR_NUMBER Processor) + SystemSingleProcessorRelationshipInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX // (EX in: PROCESSOR_NUMBER Processor) // NtQuerySystemInformationEx SystemXfgCheckFailureInformation, // q: SYSTEM_XFG_FAILURE_INFORMATION SystemIommuStateInformation, // SYSTEM_IOMMU_STATE_INFORMATION // since 22H1 SystemHypervisorMinrootInformation, // SYSTEM_HYPERVISOR_MINROOT_INFORMATION SystemHypervisorBootPagesInformation, // SYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION SystemPointerAuthInformation, // SYSTEM_POINTER_AUTH_INFORMATION - SystemSecureKernelDebuggerInformation, + SystemSecureKernelDebuggerInformation, // NtQuerySystemInformationEx SystemOriginalImageFeatureInformation, // q: in: SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT, out: SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT // NtQuerySystemInformationEx - SystemMemoryNumaInformation, // SYSTEM_MEMORY_NUMA_INFORMATION_INPUT, SYSTEM_MEMORY_NUMA_INFORMATION_OUTPUT + SystemMemoryNumaInformation, // SYSTEM_MEMORY_NUMA_INFORMATION_INPUT, SYSTEM_MEMORY_NUMA_INFORMATION_OUTPUT // NtQuerySystemInformationEx SystemMemoryNumaPerformanceInformation, // SYSTEM_MEMORY_NUMA_PERFORMANCE_INFORMATION_INPUTSYSTEM_MEMORY_NUMA_PERFORMANCE_INFORMATION_INPUT, SYSTEM_MEMORY_NUMA_PERFORMANCE_INFORMATION_OUTPUT // since 24H2 // 240 SystemCodeIntegritySignedPoliciesFullInformation, SystemSecureCoreInformation, // SystemSecureSecretsInformation @@ -6139,6 +6501,45 @@ ZwSetSystemInformation( _In_ ULONG SystemInformationLength ); +// +// Security Policy +// + +typedef enum _SECURE_SETTING_VALUE_TYPE +{ + SecureSettingValueTypeBoolean = 0, + SecureSettingValueTypeUlong = 1, + SecureSettingValueTypeBinary = 2, + SecureSettingValueTypeString = 3, + SecureSettingValueTypeUnknown = 4 +} SECURE_SETTING_VALUE_TYPE, * PSECURE_SETTING_VALUE_TYPE; + +// rev +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtQuerySecurityPolicy( + _In_ PCUNICODE_STRING Policy, + _In_ PCUNICODE_STRING KeyName, + _In_ PCUNICODE_STRING ValueName, + _In_ SECURE_SETTING_VALUE_TYPE ValueType, + _Out_writes_bytes_opt_(*ValueSize) PVOID Value, + _Inout_ PULONG ValueSize +); + +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwQuerySecurityPolicy( + _In_ PCUNICODE_STRING Policy, + _In_ PCUNICODE_STRING KeyName, + _In_ PCUNICODE_STRING ValueName, + _In_ SECURE_SETTING_VALUE_TYPE ValueType, + _Out_writes_bytes_opt_(*ValueSize) PVOID Value, + _Inout_ PULONG ValueSize +); + // // Define data shared between kernel and user mode. // diff --git a/Veil/Veil.System.IOManager.h b/Veil/Veil.System.IOManager.h index da5f816..780aba0 100644 --- a/Veil/Veil.System.IOManager.h +++ b/Veil/Veil.System.IOManager.h @@ -410,24 +410,38 @@ typedef enum _FILE_INFORMATION_CLASS FileMaximumInformation } FILE_INFORMATION_CLASS, * PFILE_INFORMATION_CLASS; +// // NtQueryInformationFile/NtSetInformationFile types +// +/** + * The FILE_BASIC_INFORMATION structure contains timestamps and basic attributes of a file. + * \li If you specify a value of zero for any of the XxxTime members, the file system keeps a file's current value for that time. + * \li If you specify a value of -1 for any of the XxxTime members, time stamp updates are disabled for I/O operations preformed on the file handle. + * \li If you specify a value of -2 for any of the XxxTime members, time stamp updates are enabled for I/O operations preformed on the file handle. + * \remarks To set the members of this structure, the caller must have FILE_WRITE_ATTRIBUTES access to the file. + */ typedef struct _FILE_BASIC_INFORMATION { - LARGE_INTEGER CreationTime; - LARGE_INTEGER LastAccessTime; - LARGE_INTEGER LastWriteTime; - LARGE_INTEGER ChangeTime; - ULONG FileAttributes; + LARGE_INTEGER CreationTime; // Specifies the time that the file was created. + LARGE_INTEGER LastAccessTime; // Specifies the time that the file was last accessed. + LARGE_INTEGER LastWriteTime; // Specifies the time that the file was last written to. + LARGE_INTEGER ChangeTime; // Specifies the last time the file was changed. + ULONG FileAttributes; // Specifies one or more FILE_ATTRIBUTE_XXX flags. } FILE_BASIC_INFORMATION, * PFILE_BASIC_INFORMATION; +/** + * The FILE_STANDARD_INFORMATION structure contains standard information of a file. + * \remarks EndOfFile specifies the byte offset to the end of the file. + * Because this value is zero-based, it actually refers to the first free byte in the file; that is, it is the offset to the byte immediately following the last valid byte in the file. + */ typedef struct _FILE_STANDARD_INFORMATION { - LARGE_INTEGER AllocationSize; - LARGE_INTEGER EndOfFile; - ULONG NumberOfLinks; - BOOLEAN DeletePending; - BOOLEAN Directory; + LARGE_INTEGER AllocationSize; // The file allocation size in bytes. Usually, this value is a multiple of the sector or cluster size of the underlying physical device. + LARGE_INTEGER EndOfFile; // The end of file location as a byte offset. + ULONG NumberOfLinks; // The number of hard links to the file. + BOOLEAN DeletePending; // The delete pending status. TRUE indicates that a file deletion has been requested. + BOOLEAN Directory; // The file directory status. TRUE indicates the file object represents a directory. } FILE_STANDARD_INFORMATION, * PFILE_STANDARD_INFORMATION; #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) @@ -814,9 +828,12 @@ typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION ULONG_PTR ProcessIdList[1]; } FILE_PROCESS_IDS_USING_FILE_INFORMATION, * PFILE_PROCESS_IDS_USING_FILE_INFORMATION; +/** + * The FILE_IS_REMOTE_DEVICE_INFORMATION structure indicates whether the file system that contains the file is a remote file system. + */ typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION { - BOOLEAN IsRemote; + BOOLEAN IsRemote; // A value that indicates whether the file system that contains the file is a remote file system. } FILE_IS_REMOTE_DEVICE_INFORMATION, * PFILE_IS_REMOTE_DEVICE_INFORMATION; typedef struct _FILE_NUMA_NODE_INFORMATION @@ -1217,7 +1234,7 @@ typedef struct _FILE_CASE_SENSITIVE_INFORMATION typedef enum _FILE_KNOWN_FOLDER_TYPE { - KnownFolderNone, + KnownFolderNone = 0, KnownFolderDesktop, KnownFolderDocuments, KnownFolderDownloads, @@ -1225,7 +1242,7 @@ typedef enum _FILE_KNOWN_FOLDER_TYPE KnownFolderPictures, KnownFolderVideos, KnownFolderOther, - KnownFolderMax = 7 + KnownFolderMax } FILE_KNOWN_FOLDER_TYPE; typedef struct _FILE_KNOWN_FOLDER_INFORMATION @@ -2771,13 +2788,9 @@ ZwNotifyChangeDirectoryFileEx( #endif // NTDDI_VERSION >= NTDDI_WIN10_RS3 /** - * @brief Loads a driver. - * - * This function loads a driver specified by the DriverServiceName parameter. - * - * @param DriverServiceName A pointer to a UNICODE_STRING structure that specifies the name of the driver service to load. - * - * @return NTSTATUS The status code returned by the function. Possible values include, but are not limited to: + * \brief The NtLoadDriver function loads a driver specified by the DriverServiceName parameter. + * \param DriverServiceName A pointer to a UNICODE_STRING structure that specifies the name of the driver service to load. + * \return NTSTATUS The status code returned by the function. Possible values include, but are not limited to: * - STATUS_SUCCESS: The driver was successfully loaded. * - STATUS_INVALID_PARAMETER: The DriverServiceName parameter is invalid. * - STATUS_INSUFFICIENT_RESOURCES: There are insufficient resources to load the driver. @@ -2802,11 +2815,8 @@ ZwLoadDriver( /** * @brief Unloads a driver. - * * This function unloads a driver specified by the DriverServiceName parameter. - * * @param DriverServiceName A pointer to a UNICODE_STRING structure that specifies the name of the driver service to unload. - * * @return NTSTATUS The status code returned by the function. Possible values include, but are not limited to: * - STATUS_SUCCESS: The driver was successfully unloaded. * - STATUS_INVALID_PARAMETER: The DriverServiceName parameter is invalid. @@ -2854,7 +2864,7 @@ NtCreateIoCompletion( _Out_ PHANDLE IoCompletionHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, - _In_opt_ ULONG Count + _In_opt_ ULONG NumberOfConcurrentThreads ); _IRQL_requires_max_(PASSIVE_LEVEL) @@ -2865,7 +2875,7 @@ ZwCreateIoCompletion( _Out_ PHANDLE IoCompletionHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, - _In_opt_ ULONG Count + _In_opt_ ULONG NumberOfConcurrentThreads ); __kernel_entry NTSYSCALLAPI diff --git a/Veil/Veil.System.Loader.h b/Veil/Veil.System.Loader.h index 48af0ae..d5b7da2 100644 --- a/Veil/Veil.System.Loader.h +++ b/Veil/Veil.System.Loader.h @@ -764,9 +764,6 @@ typedef enum _WOW64_SHARED_INFORMATION Wow64SharedPageEntriesCount } WOW64_SHARED_INFORMATION; -#define PS_SYSTEM_DLL_INIT_BLOCK_V1 0x0F0 -#define PS_SYSTEM_DLL_INIT_BLOCK_V2 0x128 - // private typedef struct _PS_SYSTEM_DLL_INIT_BLOCK { @@ -804,6 +801,14 @@ typedef struct _PS_SYSTEM_DLL_INIT_BLOCK NTSYSAPI PS_SYSTEM_DLL_INIT_BLOCK LdrSystemDllInitBlock; #endif +#define PS_SYSTEM_DLL_INIT_BLOCK_SIZE_V1 \ + RTL_SIZEOF_THROUGH_FIELD(PS_SYSTEM_DLL_INIT_BLOCK, MitigationAuditOptionsMap) +#define PS_SYSTEM_DLL_INIT_BLOCK_SIZE_V2 \ + RTL_SIZEOF_THROUGH_FIELD(PS_SYSTEM_DLL_INIT_BLOCK, ScpArm64EcCfgCheckESFunction) + +//static_assert(PS_SYSTEM_DLL_INIT_BLOCK_SIZE_V1 == 240, "PS_SYSTEM_DLL_INIT_BLOCK_SIZE_V1 must equal 240"); +//static_assert(PS_SYSTEM_DLL_INIT_BLOCK_SIZE_V2 == 296, "PS_SYSTEM_DLL_INIT_BLOCK_SIZE_V2 must equal 296"); + // rev see also MEMORY_IMAGE_EXTENSION_INFORMATION typedef struct _RTL_SCPCFG_NTDLL_EXPORTS { @@ -1466,6 +1471,7 @@ LdrRemoveDllDirectory( #endif // (NTDDI_VERSION >= NTDDI_WIN8) // rev +_Analysis_noreturn_ DECLSPEC_NORETURN NTSYSAPI VOID @@ -1475,6 +1481,7 @@ LdrShutdownProcess( ); // rev +_Analysis_noreturn_ DECLSPEC_NORETURN NTSYSAPI VOID @@ -1646,6 +1653,63 @@ LdrFlushAlternateResourceModules( VOID ); +// rev +NTSYSAPI +NTSTATUS +NTAPI +LdrDllRedirectionCallback( + _In_ ULONG Flags, + _In_ PCWSTR DllName, + _In_opt_ PCWSTR DllPath, + _Inout_opt_ PULONG DllCharacteristics, + _In_ PVOID CallbackData, + _Out_ PCWSTR* EffectiveDllPath +); + +// rev +NTSYSAPI +VOID +NTAPI +LdrSetDllManifestProber( + _In_ PVOID Routine +); + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +NTSYSAPI BOOLEAN LdrpChildNtdll; // DATA export +#endif + +// rev +NTSYSAPI +VOID +NTAPI +LdrpResGetMappingSize( + _In_ PVOID BaseAddress, + _Out_ PSIZE_T Size, + _In_ ULONG Flags, + _In_ BOOLEAN GetFileSizeFromLoadAsDataTable +); + +// +// ApiSet +// + +NTSYSAPI +BOOL +NTAPI +ApiSetQueryApiSetPresence( + _In_ PCUNICODE_STRING Namespace, + _Out_ PBOOLEAN Present +); + +NTSYSAPI +BOOL +NTAPI +ApiSetQueryApiSetPresenceEx( + _In_ PCUNICODE_STRING Namespace, + _Out_ PBOOLEAN IsInSchema, + _Out_ PBOOLEAN Present +); + #endif // !_KERNEL_MODE // diff --git a/Veil/Veil.System.MemoryManager.h b/Veil/Veil.System.MemoryManager.h index 36ddfc2..9a07a42 100644 --- a/Veil/Veil.System.MemoryManager.h +++ b/Veil/Veil.System.MemoryManager.h @@ -26,36 +26,44 @@ VEIL_BEGIN() -#define PAGE_NOACCESS 0x01 -#define PAGE_READONLY 0x02 -#define PAGE_READWRITE 0x04 -#define PAGE_WRITECOPY 0x08 -#define PAGE_EXECUTE 0x10 -#define PAGE_EXECUTE_READ 0x20 -#define PAGE_EXECUTE_READWRITE 0x40 -#define PAGE_EXECUTE_WRITECOPY 0x80 -#define PAGE_GUARD 0x100 -#define PAGE_NOCACHE 0x200 -#define PAGE_WRITECOMBINE 0x400 -#define PAGE_GRAPHICS_NOACCESS 0x0800 -#define PAGE_GRAPHICS_READONLY 0x1000 -#define PAGE_GRAPHICS_READWRITE 0x2000 -#define PAGE_GRAPHICS_EXECUTE 0x4000 -#define PAGE_GRAPHICS_EXECUTE_READ 0x8000 -#define PAGE_GRAPHICS_EXECUTE_READWRITE 0x10000 -#define PAGE_GRAPHICS_COHERENT 0x20000 -#define PAGE_GRAPHICS_NOCACHE 0x40000 -#define PAGE_ENCLAVE_THREAD_CONTROL 0x80000000 -#define PAGE_REVERT_TO_FILE_MAP 0x80000000 -#define PAGE_TARGETS_NO_UPDATE 0x40000000 -#define PAGE_TARGETS_INVALID 0x40000000 -#define PAGE_ENCLAVE_UNVALIDATED 0x20000000 -#define PAGE_ENCLAVE_MASK 0x10000000 +// +// Memory Protection Constants +// + +#define PAGE_NOACCESS 0x01 // Disables all access to the committed region of pages. An attempt to read from, write to, or execute the committed region results in an access violation. +#define PAGE_READONLY 0x02 // Enables read-only access to the committed region of pages. An attempt to write or execute the committed region results in an access violation. +#define PAGE_READWRITE 0x04 // Enables read-only or read/write access to the committed region of pages. +#define PAGE_WRITECOPY 0x08 // Enables read-only or copy-on-write access to a mapped view of a file mapping object. +#define PAGE_EXECUTE 0x10 // Enables execute access to the committed region of pages. An attempt to write to the committed region results in an access violation. +#define PAGE_EXECUTE_READ 0x20 // Enables execute or read-only access to the committed region of pages. An attempt to write to the committed region results in an access violation. +#define PAGE_EXECUTE_READWRITE 0x40 // Enables execute, read-only, or read/write access to the committed region of pages. +#define PAGE_EXECUTE_WRITECOPY 0x80 // Enables execute, read-only, or copy-on-write access to a mapped view of a file mapping object. +#define PAGE_GUARD 0x100 // Pages in the region become guard pages. Any attempt to access a guard page causes the system to raise a STATUS_GUARD_PAGE_VIOLATION exception. +#define PAGE_NOCACHE 0x200 // Sets all pages to be non-cachable. Applications should not use this attribute. Using interlocked functions with memory that is mapped with SEC_NOCACHE can result in an EXCEPTION_ILLEGAL_INSTRUCTION exception. +#define PAGE_WRITECOMBINE 0x400 // Sets all pages to be write-combined. Applications should not use this attribute. Using interlocked functions with memory that is mapped with SEC_NOCACHE can result in an EXCEPTION_ILLEGAL_INSTRUCTION exception. +#define PAGE_GRAPHICS_NOACCESS 0x0800 +#define PAGE_GRAPHICS_READONLY 0x1000 +#define PAGE_GRAPHICS_READWRITE 0x2000 +#define PAGE_GRAPHICS_EXECUTE 0x4000 +#define PAGE_GRAPHICS_EXECUTE_READ 0x8000 +#define PAGE_GRAPHICS_EXECUTE_READWRITE 0x10000 +#define PAGE_GRAPHICS_COHERENT 0x20000 +#define PAGE_GRAPHICS_NOCACHE 0x40000 +#define PAGE_ENCLAVE_THREAD_CONTROL 0x80000000 // Pages in the region contain a thread control structure (TCS) from the Intel Software Guard Extensions programming model. +#define PAGE_REVERT_TO_FILE_MAP 0x80000000 // Pages in the region can revert modified copy-on-write pages to the original unmodified page when using the mapped view of a file mapping object. +#define PAGE_TARGETS_NO_UPDATE 0x40000000 // Pages in the region will not update the CFG bitmap when the protection changes. The default behavior for VirtualProtect is to mark all locations as valid call targets for CFG. +#define PAGE_TARGETS_INVALID 0x40000000 // Pages in the region are excluded from the CFG bitmap as valid targets. Any indirect call to locations in those pages will terminate the process using the __fastfail intrinsic. +#define PAGE_ENCLAVE_UNVALIDATED 0x20000000 // Pages in the region are excluded from measurement with the EEXTEND instruction of the Intel Software Guard Extensions programming model. +#define PAGE_ENCLAVE_MASK 0x10000000 #ifndef PAGE_ENCLAVE_DECOMMIT -#define PAGE_ENCLAVE_DECOMMIT (PAGE_ENCLAVE_MASK | 0) +#define PAGE_ENCLAVE_DECOMMIT (PAGE_ENCLAVE_MASK | 0) #endif -#define PAGE_ENCLAVE_SS_FIRST (PAGE_ENCLAVE_MASK | 1) -#define PAGE_ENCLAVE_SS_REST (PAGE_ENCLAVE_MASK | 2) +#define PAGE_ENCLAVE_SS_FIRST (PAGE_ENCLAVE_MASK | 1) +#define PAGE_ENCLAVE_SS_REST (PAGE_ENCLAVE_MASK | 2) + +// +// Memory Region and Section Constants +// #define MEM_COMMIT 0x00001000 #define MEM_RESERVE 0x00002000 @@ -175,23 +183,33 @@ typedef enum _MEMORY_INFORMATION_CLASS #define MEMORY_BLOCK_NON_CACHEABLE_GUARD_EXECUTABLE_READWRITE 30 #define MEMORY_BLOCK_NON_CACHEABLE_GUARD_EXECUTABLE_COPYONWRITE 31 +/** + * The MEMORY_WORKING_SET_BLOCK structure contains working set information for a page. + * + * \ref https://learn.microsoft.com/en-us/windows/win32/api/psapi/ns-psapi-psapi_working_set_block + */ typedef struct _MEMORY_WORKING_SET_BLOCK { - ULONG_PTR Protection : 5; - ULONG_PTR ShareCount : 3; - ULONG_PTR Shared : 1; - ULONG_PTR Node : 3; + ULONG_PTR Protection : 5; // The protection attributes of the page. This member can be one of above MEMORY_BLOCK_* values. + ULONG_PTR ShareCount : 3; // The number of processes that share this page. The maximum value of this member is 7. + ULONG_PTR Shared : 1; // If this bit is 1, the page is sharable; otherwise, the page is not sharable. + ULONG_PTR Node : 3; // The NUMA node where the physical memory should reside. #ifdef _WIN64 - ULONG_PTR VirtualPage : 52; + ULONG_PTR VirtualPage : 52; // The address of the page in the virtual address space. #else - ULONG VirtualPage : 20; + ULONG VirtualPage : 20; // The address of the page in the virtual address space. #endif } MEMORY_WORKING_SET_BLOCK, * PMEMORY_WORKING_SET_BLOCK; +/** + * The MEMORY_WORKING_SET_INFORMATION structure contains working set information for a process. + * + * \ref https://learn.microsoft.com/en-us/windows/win32/api/psapi/ns-psapi-psapi_working_set_information + */ typedef struct _MEMORY_WORKING_SET_INFORMATION { ULONG_PTR NumberOfEntries; - MEMORY_WORKING_SET_BLOCK WorkingSetInfo[1]; + _Field_size_(NumberOfEntries) MEMORY_WORKING_SET_BLOCK WorkingSetInfo[ANYSIZE_ARRAY]; } MEMORY_WORKING_SET_INFORMATION, * PMEMORY_WORKING_SET_INFORMATION; // private @@ -226,7 +244,6 @@ typedef struct _MEMORY_REGION_INFORMATION ULONG_PTR NodePreference; // 20H1 } MEMORY_REGION_INFORMATION, * PMEMORY_REGION_INFORMATION; -// private typedef enum _MEMORY_WORKING_SET_EX_LOCATION { MemoryLocationInvalid, @@ -235,58 +252,63 @@ typedef enum _MEMORY_WORKING_SET_EX_LOCATION MemoryLocationReserved } MEMORY_WORKING_SET_EX_LOCATION; -// private -typedef struct _MEMORY_WORKING_SET_EX_BLOCK +/** + * The MEMORY_WORKING_SET_EX_BLOCK structure contains extended working set information for a page. + * + * \ref https://learn.microsoft.com/en-us/windows/win32/api/psapi/ns-psapi-psapi_working_set_ex_block + */ +typedef union _MEMORY_WORKING_SET_EX_BLOCK { + ULONG_PTR Flags; union { struct { - ULONG_PTR Valid : 1; - ULONG_PTR ShareCount : 3; - ULONG_PTR Win32Protection : 11; - ULONG_PTR Shared : 1; - ULONG_PTR Node : 6; - ULONG_PTR Locked : 1; - ULONG_PTR LargePage : 1; - ULONG_PTR Priority : 3; + ULONG_PTR Valid : 1; // If this bit is 1, the subsequent members are valid; otherwise they should be ignored. + ULONG_PTR ShareCount : 3; // The number of processes that share this page. The maximum value of this member is 7. + ULONG_PTR Win32Protection : 11; // The memory protection attributes of the page. + ULONG_PTR Shared : 1; // If this bit is 1, the page can be shared. + ULONG_PTR Node : 6; // The NUMA node. The maximum value of this member is 63. + ULONG_PTR Locked : 1; // If this bit is 1, the virtual page is locked in physical memory. + ULONG_PTR LargePage : 1; // If this bit is 1, the page is a large page. + ULONG_PTR Priority : 3; // The memory priority attributes of the page. ULONG_PTR Reserved : 3; - ULONG_PTR SharedOriginal : 1; - ULONG_PTR Bad : 1; - ULONG_PTR Win32GraphicsProtection : 4; // 19H1 -#ifdef _WIN64 + ULONG_PTR SharedOriginal : 1; // If this bit is 1, the page was not modified. + ULONG_PTR Bad : 1; // If this bit is 1, the page is has been reported as bad. + ULONG_PTR Win32GraphicsProtection : 4; // The memory protection attributes of the page. // since 19H1 + #ifdef _WIN64 ULONG_PTR ReservedUlong : 28; -#endif + #endif }; struct { - ULONG_PTR Valid : 1; + ULONG_PTR Valid : 1; // If this bit is 0, the subsequent members are valid; otherwise they should be ignored. ULONG_PTR Reserved0 : 14; - ULONG_PTR Shared : 1; + ULONG_PTR Shared : 1; // If this bit is 1, the page can be shared. ULONG_PTR Reserved1 : 5; ULONG_PTR PageTable : 1; - ULONG_PTR Location : 2; - ULONG_PTR Priority : 3; + ULONG_PTR Location : 2; // The memory location of the page. MEMORY_WORKING_SET_EX_LOCATION + ULONG_PTR Priority : 3; // The memory priority of the page. ULONG_PTR ModifiedList : 1; ULONG_PTR Reserved2 : 2; - ULONG_PTR SharedOriginal : 1; - ULONG_PTR Bad : 1; -#ifdef _WIN64 + ULONG_PTR SharedOriginal : 1; // If this bit is 1, the page was not modified. + ULONG_PTR Bad : 1; // If this bit is 1, the page is has been reported as bad. + #ifdef _WIN64 ULONG_PTR ReservedUlong : 32; -#endif + #endif } Invalid; }; } MEMORY_WORKING_SET_EX_BLOCK, * PMEMORY_WORKING_SET_EX_BLOCK; -// private +/** + * The MEMORY_WORKING_SET_EX_INFORMATION structure contains extended working set information for a process. + * + * \ref https://learn.microsoft.com/en-us/windows/win32/api/psapi/ns-psapi-psapi_working_set_ex_information + */ typedef struct _MEMORY_WORKING_SET_EX_INFORMATION { - PVOID VirtualAddress; - union - { - MEMORY_WORKING_SET_EX_BLOCK VirtualAttributes; - ULONG_PTR Long; - } u1; + PVOID VirtualAddress; // The virtual address. + MEMORY_WORKING_SET_EX_BLOCK VirtualAttributes; // The attributes of the page at VirtualAddress. } MEMORY_WORKING_SET_EX_INFORMATION, * PMEMORY_WORKING_SET_EX_INFORMATION; // private @@ -716,7 +738,7 @@ NtAllocateVirtualMemory( _In_ ULONG_PTR ZeroBits, _Inout_ PSIZE_T RegionSize, _In_ ULONG AllocationType, - _In_ ULONG Protect + _In_ ULONG PageProtection ); _Must_inspect_result_ @@ -731,7 +753,7 @@ ZwAllocateVirtualMemory( _In_ ULONG_PTR ZeroBits, _Inout_ PSIZE_T RegionSize, _In_ ULONG AllocationType, - _In_ ULONG Protect + _In_ ULONG PageProtection ); #if (WDK_NTDDI_VERSION <= NTDDI_WIN10_RS4) @@ -877,6 +899,15 @@ ZwAllocateVirtualMemoryEx( ); #endif // NTDDI_VERSION >= NTDDI_WIN10_RS4 +/** + * Frees virtual memory allocated for a process. + * + * @param ProcessHandle A handle to the process whose virtual memory is to be freed. + * @param BaseAddress A pointer to the base address of the region of pages to be freed. + * @param RegionSize A pointer to a variable that specifies the size of the region of memory to be freed. + * @param FreeType The type of free operation. This parameter can be MEM_DECOMMIT or MEM_RELEASE. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -899,14 +930,24 @@ ZwFreeVirtualMemory( _In_ ULONG FreeType ); +/** + * Reads virtual memory from a process. + * + * @param ProcessHandle A handle to the process whose memory is to be read. + * @param BaseAddress A pointer to the base address in the specified process from which to read. + * @param Buffer A pointer to a buffer that receives the contents from the address space of the specified process. + * @param NumberOfBytesToRead The number of bytes to be read from the specified process. + * @param NumberOfBytesRead A pointer to a variable that receives the number of bytes transferred into the specified buffer. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtReadVirtualMemory( _In_ HANDLE ProcessHandle, _In_opt_ PVOID BaseAddress, - _Out_writes_bytes_(BufferSize) PVOID Buffer, - _In_ SIZE_T BufferSize, + _Out_writes_bytes_to_(NumberOfBytesToRead, *NumberOfBytesRead) PVOID Buffer, + _In_ SIZE_T NumberOfBytesToRead, _Out_opt_ PSIZE_T NumberOfBytesRead ); @@ -922,16 +963,50 @@ ZwReadVirtualMemory( _Out_opt_ PSIZE_T NumberOfBytesRead ); -#if (NTDDI_VERSION >= NTDDI_WIN10_CO) // rev __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI +NtWow64ReadVirtualMemory64( + _In_ HANDLE ProcessHandle, + _In_opt_ ULONGLONG BaseAddress, + _Out_writes_bytes_to_(NumberOfBytesToRead, *NumberOfBytesRead) PVOID Buffer, + _In_ ULONGLONG NumberOfBytesToRead, + _Out_opt_ PULONGLONG NumberOfBytesRead +); + +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwWow64ReadVirtualMemory64( + _In_ HANDLE ProcessHandle, + _In_opt_ ULONGLONG BaseAddress, + _Out_writes_bytes_to_(NumberOfBytesToRead, *NumberOfBytesRead) PVOID Buffer, + _In_ ULONGLONG NumberOfBytesToRead, + _Out_opt_ PULONGLONG NumberOfBytesRead +); + +#if (NTDDI_VERSION >= NTDDI_WIN10_CO) +/** + * Reads virtual memory from a process with extended options. + * + * @param ProcessHandle A handle to the process whose memory is to be read. + * @param BaseAddress A pointer to the base address in the specified process from which to read. + * @param Buffer A pointer to a buffer that receives the contents from the address space of the specified process. + * @param NumberOfBytesToRead The number of bytes to be read from the specified process. + * @param NumberOfBytesRead A pointer to a variable that receives the number of bytes transferred into the specified buffer. + * @param Flags Additional flags for the read operation. + * @return NTSTATUS Successful or errant status. + */ +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI NtReadVirtualMemoryEx( _In_ HANDLE ProcessHandle, _In_opt_ PVOID BaseAddress, - _Out_writes_bytes_(BufferSize) PVOID Buffer, - _In_ SIZE_T BufferSize, + _Out_writes_bytes_to_(NumberOfBytesToRead, *NumberOfBytesRead) PVOID Buffer, + _In_ SIZE_T NumberOfBytesToRead, _Out_opt_ PSIZE_T NumberOfBytesRead, _In_ ULONG Flags ); @@ -950,14 +1025,24 @@ ZwReadVirtualMemoryEx( ); #endif +/** + * Writes virtual memory to a process. + * + * @param ProcessHandle A handle to the process whose memory is to be written. + * @param BaseAddress A pointer to the base address in the specified process to which to write. + * @param Buffer A pointer to the buffer that contains the data to be written to the address space of the specified process. + * @param NumberOfBytesToWrite The number of bytes to be written to the specified process. + * @param NumberOfBytesWritten A pointer to a variable that receives the number of bytes transferred into the specified buffer. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtWriteVirtualMemory( _In_ HANDLE ProcessHandle, _In_opt_ PVOID BaseAddress, - _In_reads_bytes_(BufferSize) PVOID Buffer, - _In_ SIZE_T BufferSize, + _In_reads_bytes_(NumberOfBytesToWrite) PVOID Buffer, + _In_ SIZE_T NumberOfBytesToWrite, _Out_opt_ PSIZE_T NumberOfBytesWritten ); @@ -973,6 +1058,50 @@ ZwWriteVirtualMemory( _Out_opt_ PSIZE_T NumberOfBytesWritten ); +// rev +/** + * Writes virtual memory to a 64-bit process from a 32-bit process. + * + * @param ProcessHandle A handle to the process whose memory is to be written. + * @param BaseAddress A pointer to the base address in the specified process to which to write. + * @param Buffer A pointer to the buffer that contains the data to be written to the address space of the specified process. + * @param NumberOfBytesToWrite The number of bytes to be written to the specified process. + * @param NumberOfBytesWritten A pointer to a variable that receives the number of bytes transferred into the specified buffer. + * @return NTSTATUS Successful or errant status. + */ +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtWow64WriteVirtualMemory64( + _In_ HANDLE ProcessHandle, + _In_opt_ ULONGLONG BaseAddress, + _In_reads_bytes_(NumberOfBytesToWrite) PVOID Buffer, + _In_ ULONGLONG NumberOfBytesToWrite, + _Out_opt_ PULONGLONG NumberOfBytesWritten +); + +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwWow64WriteVirtualMemory64( + _In_ HANDLE ProcessHandle, + _In_opt_ ULONGLONG BaseAddress, + _In_reads_bytes_(NumberOfBytesToWrite) PVOID Buffer, + _In_ ULONGLONG NumberOfBytesToWrite, + _Out_opt_ PULONGLONG NumberOfBytesWritten +); + +/** + * Changes the protection on a region of virtual memory. + * + * @param ProcessHandle A handle to the process whose memory protection is to be changed. + * @param BaseAddress A pointer to the base address of the region of pages whose access protection attributes are to be changed. + * @param RegionSize A pointer to a variable that specifies the size of the region whose access protection attributes are to be changed. + * @param NewProtection The memory protection option. This parameter can be one of the memory protection constants. + * @param OldProtection A pointer to a variable that receives the previous access protection of the first page in the specified region of pages. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -980,8 +1109,8 @@ NtProtectVirtualMemory( _In_ HANDLE ProcessHandle, _Inout_ PVOID* BaseAddress, _Inout_ PSIZE_T RegionSize, - _In_ ULONG NewProtect, - _Out_ PULONG OldProtect + _In_ ULONG NewProtection, + _Out_ PULONG OldProtection ); _IRQL_requires_max_(PASSIVE_LEVEL) @@ -992,10 +1121,21 @@ ZwProtectVirtualMemory( _In_ HANDLE ProcessHandle, _Inout_ PVOID* BaseAddress, _Inout_ PSIZE_T RegionSize, - _In_ ULONG NewProtect, - _Out_ PULONG OldProtect + _In_ ULONG NewProtection, + _Out_ PULONG OldProtection ); +/** + * Queries information about a region of virtual memory in a process. + * + * @param ProcessHandle A handle to the process whose memory information is to be queried. + * @param BaseAddress A pointer to the base address of the region of pages to be queried. + * @param MemoryInformationClass The type of information to be queried. + * @param MemoryInformation A pointer to a buffer that receives the memory information. + * @param MemoryInformationLength The size of the buffer pointed to by the MemoryInformation parameter. + * @param ReturnLength A pointer to a variable that receives the number of bytes returned in the MemoryInformation buffer. + * @return NTSTATUS Successful or errant status. + */ _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS @@ -1023,6 +1163,52 @@ ZwQueryVirtualMemory( _Out_opt_ PSIZE_T ReturnLength ); +// rev +/** + * Queries information about a region of virtual memory in a 64-bit process from a 32-bit process. + * + * @param ProcessHandle A handle to the process whose memory information is to be queried. + * @param BaseAddress A pointer to the base address of the region of pages to be queried. + * @param MemoryInformationClass The type of information to be queried. + * @param MemoryInformation A pointer to a buffer that receives the memory information. + * @param MemoryInformationLength The size of the buffer pointed to by the MemoryInformation parameter. + * @param ReturnLength A pointer to a variable that receives the number of bytes returned in the MemoryInformation buffer. + * @return NTSTATUS Successful or errant status. + */ +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtWow64QueryVirtualMemory64( + _In_ HANDLE ProcessHandle, + _In_opt_ ULONGLONG BaseAddress, + _In_ MEMORY_INFORMATION_CLASS MemoryInformationClass, + _Out_writes_bytes_(MemoryInformationLength) PVOID MemoryInformation, + _In_ ULONGLONG MemoryInformationLength, + _Out_opt_ PULONGLONG ReturnLength +); + +_IRQL_requires_max_(APC_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwWow64QueryVirtualMemory64( + _In_ HANDLE ProcessHandle, + _In_opt_ ULONGLONG BaseAddress, + _In_ MEMORY_INFORMATION_CLASS MemoryInformationClass, + _Out_writes_bytes_(MemoryInformationLength) PVOID MemoryInformation, + _In_ ULONGLONG MemoryInformationLength, + _Out_opt_ PULONGLONG ReturnLength +); + +/** + * Flushes the instruction cache for a specified process. + * + * @param ProcessHandle A handle to the process whose instruction cache is to be flushed. + * @param BaseAddress A pointer to the base address of the region of memory to be flushed. + * @param RegionSize A pointer to a variable that specifies the size of the region to be flushed. + * @param IoStatus A pointer to an IO_STATUS_BLOCK structure that receives the status of the flush operation. + * @return NTSTATUS Successful or errant status. + */ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI @@ -1158,7 +1344,7 @@ NTAPI NtSetInformationVirtualMemory( _In_ HANDLE ProcessHandle, _In_ VIRTUAL_MEMORY_INFORMATION_CLASS VmInformationClass, - _In_ ULONG_PTR NumberOfEntries, + _In_ SIZE_T NumberOfEntries, _In_reads_(NumberOfEntries) PMEMORY_RANGE_ENTRY VirtualAddresses, _In_reads_bytes_(VmInformationLength) PVOID VmInformation, _In_ ULONG VmInformationLength @@ -1172,7 +1358,7 @@ NTAPI ZwSetInformationVirtualMemory( _In_ HANDLE ProcessHandle, _In_ VIRTUAL_MEMORY_INFORMATION_CLASS VmInformationClass, - _In_ ULONG_PTR NumberOfEntries, + _In_ SIZE_T NumberOfEntries, _In_reads_(NumberOfEntries) PMEMORY_RANGE_ENTRY VirtualAddresses, _In_reads_bytes_(VmInformationLength) PVOID VmInformation, _In_ ULONG VmInformationLength @@ -1326,7 +1512,7 @@ NtMapViewOfSection( _Inout_ PSIZE_T ViewSize, _In_ SECTION_INHERIT InheritDisposition, _In_ ULONG AllocationType, - _In_ ULONG Win32Protect + _In_ ULONG PageProtection ); _Must_inspect_result_ @@ -1484,6 +1670,13 @@ ZwAreMappedFilesTheSame( // Partitions // +#ifndef MEMORY_PARTITION_QUERY_ACCESS +#define MEMORY_PARTITION_QUERY_ACCESS 0x0001 +#define MEMORY_PARTITION_MODIFY_ACCESS 0x0002 +#define MEMORY_PARTITION_ALL_ACCESS \ + (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | MEMORY_PARTITION_QUERY_ACCESS | MEMORY_PARTITION_MODIFY_ACCESS) +#endif + #if !defined(_KERNEL_MODE) || (WDK_NTDDI_VERSION <= NTDDI_WIN10_VB) // private typedef enum _PARTITION_INFORMATION_CLASS @@ -1744,7 +1937,7 @@ NtAllocateUserPhysicalPagesEx( _In_ HANDLE ProcessHandle, _Inout_ PSIZE_T NumberOfPages, _Out_writes_(*NumberOfPages) PULONG_PTR UserPfnArray, - _Inout_updates_opt_(ParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters, + _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters, _In_ ULONG ExtendedParameterCount ); @@ -1756,7 +1949,7 @@ ZwAllocateUserPhysicalPagesEx( _In_ HANDLE ProcessHandle, _Inout_ PSIZE_T NumberOfPages, _Out_writes_(*NumberOfPages) PULONG_PTR UserPfnArray, - _Inout_updates_opt_(ParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters, + _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters, _In_ ULONG ExtendedParameterCount ); #endif // NTDDI_VERSION >= NTDDI_WIN10_VB @@ -1766,7 +1959,7 @@ NTSTATUS NTAPI NtFreeUserPhysicalPages( _In_ HANDLE ProcessHandle, - _Inout_ PULONG_PTR NumberOfPages, + _Inout_ PSIZE_T NumberOfPages, _In_reads_(*NumberOfPages) PULONG_PTR UserPfnArray ); @@ -1776,7 +1969,7 @@ NTSTATUS NTAPI ZwFreeUserPhysicalPages( _In_ HANDLE ProcessHandle, - _Inout_ PULONG_PTR NumberOfPages, + _Inout_ PSIZE_T NumberOfPages, _In_reads_(*NumberOfPages) PULONG_PTR UserPfnArray ); @@ -2036,6 +2229,82 @@ ZwCallEnclave( #endif // NTDDI_VERSION >= NTDDI_VERSION_RS3 +// +// Cross Vm +// + +// rev +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateCrossVmEvent( + _Out_ PHANDLE CrossVmEvent, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG CrossVmEventFlags, + _In_ LPCGUID VMID, + _In_ LPCGUID ServiceID +); + +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwCreateCrossVmEvent( + _Out_ PHANDLE CrossVmEvent, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG CrossVmEventFlags, + _In_ LPCGUID VMID, + _In_ LPCGUID ServiceID +); + +// rev +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateCrossVmMutant( + _Out_ PHANDLE EventHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG CrossVmEventFlags, + _In_ LPCGUID VMID, + _In_ LPCGUID ServiceID +); + +// rev +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwCreateCrossVmMutant( + _Out_ PHANDLE EventHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG CrossVmEventFlags, + _In_ LPCGUID VMID, + _In_ LPCGUID ServiceID +); + +// rev +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtAcquireCrossVmMutant( + _In_ HANDLE CrossVmMutant, + _In_ PLARGE_INTEGER Timeout +); + +// rev +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwAcquireCrossVmMutant( + _In_ HANDLE CrossVmMutant, + _In_ PLARGE_INTEGER Timeout +); + // // Only Kernel // diff --git a/Veil/Veil.System.PowerManager.h b/Veil/Veil.System.PowerManager.h index 4718abd..4b2fc71 100644 --- a/Veil/Veil.System.PowerManager.h +++ b/Veil/Veil.System.PowerManager.h @@ -98,7 +98,7 @@ VEIL_BEGIN() //#define MonitorInvocation 68 // (kernel-mode only) //#define FirmwareTableInformationRegistered 69 // (kernel-mode only) //#define SetShutdownSelectedTime 70 // in: NULL -//#define SuspendResumeInvocation 71 // (kernel-mode only) +//#define SuspendResumeInvocation 71 // (kernel-mode only) // not implemented //#define PlmPowerRequestCreate 72 // in: COUNTED_REASON_CONTEXT, out: HANDLE //#define ScreenOff 73 // in: NULL (PowerMonitorOff) //#define CsDeviceNotification 74 // (kernel-mode only) diff --git a/Veil/Veil.System.Process.h b/Veil/Veil.System.Process.h index 915a528..f2b2d76 100644 --- a/Veil/Veil.System.Process.h +++ b/Veil/Veil.System.Process.h @@ -99,6 +99,9 @@ typedef ULONG GDI_HANDLE_BUFFER[GDI_HANDLE_BUFFER_SIZE]; typedef ULONG GDI_HANDLE_BUFFER32[GDI_HANDLE_BUFFER_SIZE32]; typedef ULONG GDI_HANDLE_BUFFER64[GDI_HANDLE_BUFFER_SIZE64]; +typedef VOID(NTAPI PS_POST_PROCESS_INIT_ROUTINE)(VOID); +typedef PS_POST_PROCESS_INIT_ROUTINE* PPS_POST_PROCESS_INIT_ROUTINE; + #ifndef FLS_MAXIMUM_AVAILABLE #define FLS_MAXIMUM_AVAILABLE 128 #endif @@ -334,192 +337,527 @@ typedef struct _WER_PEB_HEADER_BLOCK // symbols typedef struct _RTL_BITMAP* PRTL_BITMAP; +/** + * Process Environment Block (PEB) structure. + * + * \remarks https://learn.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb + */ typedef struct _PEB { + // + // The process was cloned with an inherited address space. + // BOOLEAN InheritedAddressSpace; + + // + // The process has image file execution options (IFEO). + // BOOLEAN ReadImageFileExecOptions; + + // + // The process has a debugger attached. + // BOOLEAN BeingDebugged; union { BOOLEAN BitField; struct { - BOOLEAN ImageUsesLargePages : 1; - BOOLEAN IsProtectedProcess : 1; - BOOLEAN IsImageDynamicallyRelocated : 1; - BOOLEAN SkipPatchingUser32Forwarders : 1; - BOOLEAN IsPackagedProcess : 1; - BOOLEAN IsAppContainer : 1; - BOOLEAN IsProtectedProcessLight : 1; - BOOLEAN IsLongPathAwareProcess : 1; + BOOLEAN ImageUsesLargePages : 1; // The process uses large image regions (4 MB). + BOOLEAN IsProtectedProcess : 1; // The process is a protected process. + BOOLEAN IsImageDynamicallyRelocated : 1; // The process image base address was relocated. + BOOLEAN SkipPatchingUser32Forwarders : 1; // The process skipped forwarders for User32.dll functions. 1 for 64-bit, 0 for 32-bit. + BOOLEAN IsPackagedProcess : 1; // The process is a packaged store process (APPX/MSIX). + BOOLEAN IsAppContainer : 1; // The process has an AppContainer token. + BOOLEAN IsProtectedProcessLight : 1; // The process is a protected process (light). + BOOLEAN IsLongPathAwareProcess : 1; // The process is long path aware. }; }; + // + // Handle to a mutex for synchronization. + // HANDLE Mutant; + // + // Pointer to the base address of the process image. + // PVOID ImageBaseAddress; + + // + // Pointer to the process loader data. + // PPEB_LDR_DATA Ldr; + + // + // Pointer to the process parameters. + // PRTL_USER_PROCESS_PARAMETERS ProcessParameters; + + // + // Reserved. + // PVOID SubSystemData; + + // + // Pointer to the process default heap. + // PVOID ProcessHeap; + + // + // Pointer to a critical section used to synchronize access to the PEB. + // PRTL_CRITICAL_SECTION FastPebLock; + + // + // Pointer to a singly linked list used by ATL. + // PSLIST_HEADER AtlThunkSListPtr; + + // + // Pointer to the Image File Execution Options key. + // PVOID IFEOKey; + // + // Cross process flags. + // union { ULONG CrossProcessFlags; struct { - ULONG ProcessInJob : 1; - ULONG ProcessInitializing : 1; - ULONG ProcessUsingVEH : 1; - ULONG ProcessUsingVCH : 1; - ULONG ProcessUsingFTH : 1; - ULONG ProcessPreviouslyThrottled : 1; - ULONG ProcessCurrentlyThrottled : 1; - ULONG ProcessImagesHotPatched : 1; // REDSTONE5 + ULONG ProcessInJob : 1; // The process is part of a job. + ULONG ProcessInitializing : 1; // The process is initializing. + ULONG ProcessUsingVEH : 1; // The process is using VEH. + ULONG ProcessUsingVCH : 1; // The process is using VCH. + ULONG ProcessUsingFTH : 1; // The process is using FTH. + ULONG ProcessPreviouslyThrottled : 1; // The process was previously throttled. + ULONG ProcessCurrentlyThrottled : 1; // The process is currently throttled. + ULONG ProcessImagesHotPatched : 1; // The process images are hot patched. // RS5 ULONG ReservedBits0 : 24; }; }; + + // + // User32 KERNEL_CALLBACK_TABLE (ntuser.h) + // union { PVOID KernelCallbackTable; PVOID UserSharedInfoPtr; }; + + // + // Reserved. + // ULONG SystemReserved; + + // + // Pointer to the Active Template Library (ATL) singly linked list (32-bit) + // ULONG AtlThunkSListPtr32; + + // + // Pointer to the API Set Schema. + // PAPI_SET_NAMESPACE ApiSetMap; + + // + // Counter for TLS expansion. + // ULONG TlsExpansionCounter; + + // + // Pointer to the TLS bitmap. + // PRTL_BITMAP TlsBitmap; + + // + // Bits for the TLS bitmap. + // ULONG TlsBitmapBits[2]; // TLS_MINIMUM_AVAILABLE + // + // Reserved for CSRSS. + // PVOID ReadOnlySharedMemoryBase; + + // + // Pointer to the USER_SHARED_DATA for the current SILO. + // struct _SILO_USER_SHARED_DATA* SharedData; // HotpatchInformation + + // + // Reserved for CSRSS. + // PVOID* ReadOnlyStaticServerData; - PVOID AnsiCodePageData; // PCPTABLEINFO - PVOID OemCodePageData; // PCPTABLEINFO - PVOID UnicodeCaseTableData; // PNLSTABLEINFO + // + // Pointer to the ANSI code page data. (PCPTABLEINFO) + // + PVOID AnsiCodePageData; - // Information for LdrpInitialize + // + // Pointer to the OEM code page data. (PCPTABLEINFO) + // + PVOID OemCodePageData; + + // + // Pointer to the Unicode case table data. (PNLSTABLEINFO) + // + PVOID UnicodeCaseTableData; + + // + // The total number of system processors. + // ULONG NumberOfProcessors; + + // + // Global flags for the system. + // ULONG NtGlobalFlag; - // Passed up from MmCreatePeb from Session Manager registry key + + // + // Timeout for critical sections. + // LARGE_INTEGER CriticalSectionTimeout; + + // + // Reserved size for heap segments. + // SIZE_T HeapSegmentReserve; + + // + // Committed size for heap segments. + // SIZE_T HeapSegmentCommit; + + // + // Threshold for decommitting total free heap. + // SIZE_T HeapDeCommitTotalFreeThreshold; + + // + // Threshold for decommitting free heap blocks. + // SIZE_T HeapDeCommitFreeBlockThreshold; // - // Where heap manager keeps track of all heaps created for a process - // Fields initialized by MmCreatePeb. ProcessHeaps is initialized + // Number of process heaps. + // + ULONG NumberOfHeaps; + + // + // Maximum number of process heaps. + // + ULONG MaximumNumberOfHeaps; + + // + // Pointer to an array of process heaps. ProcessHeaps is initialized // to point to the first free byte after the PEB and MaximumNumberOfHeaps // is computed from the page size used to hold the PEB, less the fixed // size of this data structure. // - ULONG NumberOfHeaps; - ULONG MaximumNumberOfHeaps; PVOID* ProcessHeaps; // PHEAP + // + // Pointer to the system GDI shared handle table. + // PVOID GdiSharedHandleTable; // PGDI_SHARED_MEMORY + + // + // Pointer to the process starter helper. + // PVOID ProcessStarterHelper; + + // + // The maximum number of GDI function calls during batch operations (GdiSetBatchLimit) + // ULONG GdiDCAttributeList; + // + // Pointer to the loader lock critical section. + // PRTL_CRITICAL_SECTION LoaderLock; // - // Following fields filled in by MmCreatePeb from system values and/or - // image header. + // Major version of the operating system. // ULONG OSMajorVersion; + + // + // Minor version of the operating system. + // ULONG OSMinorVersion; + + // + // Build number of the operating system. + // USHORT OSBuildNumber; + + // + // CSD version of the operating system. + // USHORT OSCSDVersion; + + // + // Platform ID of the operating system. + // ULONG OSPlatformId; + + // + // Subsystem version of the current process image (PE Headers). + // ULONG ImageSubsystem; + + // + // Major version of the current process image subsystem (PE Headers). + // ULONG ImageSubsystemMajorVersion; + + // + // Minor version of the current process image subsystem (PE Headers). + // ULONG ImageSubsystemMinorVersion; + + // + // Affinity mask for the current process. + // KAFFINITY ActiveProcessAffinityMask; + + // + // Temporary buffer for GDI handles accumulated in the current batch. + // GDI_HANDLE_BUFFER GdiHandleBuffer; - PVOID PostProcessInitRoutine; - PVOID TlsExpansionBitmap; - ULONG TlsExpansionBitmapBits[32]; // TLS_EXPANSION_SLOTS + // + // Pointer to the post-process initialization routine available for use by the application. + // + PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine; + + // + // Pointer to the TLS expansion bitmap. + // + PRTL_BITMAP TlsExpansionBitmap; + // + // Bits for the TLS expansion bitmap. TLS_EXPANSION_SLOTS + // + ULONG TlsExpansionBitmapBits[32]; + + // + // Session ID of the current process. + // ULONG SessionId; - ULARGE_INTEGER AppCompatFlags; // KACF_* + // + // Application compatibility flags. KACF_* + // + ULARGE_INTEGER AppCompatFlags; + + // + // Application compatibility flags. KACF_* + // ULARGE_INTEGER AppCompatFlagsUser; + + // + // Pointer to the Application SwitchBack Compatibility Engine. + // PVOID pShimData; - PVOID AppCompatInfo; // APPCOMPAT_EXE_DATA + // + // Pointer to the Application Compatibility Engine. // APPCOMPAT_EXE_DATA + // + PVOID AppCompatInfo; + + // + // CSD version string of the operating system. + // UNICODE_STRING CSDVersion; + // + // Pointer to the process activation context. + // PACTIVATION_CONTEXT_DATA ActivationContextData; + + // + // Pointer to the process assembly storage map. + // PASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; + + // + // Pointer to the system default activation context. + // PACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; + + // + // Pointer to the system assembly storage map. + // PASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; + // + // Minimum stack commit size. + // SIZE_T MinimumStackCommit; - PVOID SparePointers[2]; // 19H1 (previously FlsCallback to FlsHighIndex) + // + // since 19H1 (previously FlsCallback to FlsHighIndex) + // + PVOID SparePointers[2]; + + // + // Pointer to the patch loader data. + // PVOID PatchLoaderData; - PVOID ChpeV2ProcessInfo; // _CHPEV2_PROCESS_INFO + // + // Pointer to the CHPE V2 process information. CHPEV2_PROCESS_INFO + // + PVOID ChpeV2ProcessInfo; + + // + // Packaged process feature state. + // ULONG AppModelFeatureState; + + // + // SpareUlongs + // ULONG SpareUlongs[2]; + // + // Active code page. + // USHORT ActiveCodePage; + + // + // OEM code page. + // USHORT OemCodePage; + + // + // Code page case mapping. + // USHORT UseCaseMapping; + + // + // Unused NLS field. + // USHORT UnusedNlsField; + // + // Pointer to the application WER registration data. + // PWER_PEB_HEADER_BLOCK WerRegistrationData; + + // + // Pointer to the application WER assert pointer. + // PVOID WerShipAssertPtr; + // + // Pointer to the EC bitmap on ARM64. (Windows 11 and above) + // union { - PVOID pContextData; // WIN7 - PVOID pUnused; // WIN10 - PVOID EcCodeBitMap; // WIN11 + PVOID pContextData; // Pointer to the switchback compatibility engine (Windows 7 and below) + PVOID EcCodeBitMap; // Pointer to the EC bitmap on ARM64 (Windows 11 and above) // since WIN11 }; + // + // Reserved. + // PVOID pImageHeaderHash; + + // + // ETW tracing flags. + // union { ULONG TracingFlags; struct { - ULONG HeapTracingEnabled : 1; - ULONG CritSecTracingEnabled : 1; - ULONG LibLoaderTracingEnabled : 1; + ULONG HeapTracingEnabled : 1; // ETW heap tracing enabled. + ULONG CritSecTracingEnabled : 1; // ETW lock tracing enabled. + ULONG LibLoaderTracingEnabled : 1; // ETW loader tracing enabled. ULONG SpareTracingBits : 29; }; }; + + // + // Reserved for CSRSS. + // ULONGLONG CsrServerReadOnlySharedMemoryBase; + + // + // Pointer to the thread pool worker list lock. + // PRTL_CRITICAL_SECTION TppWorkerpListLock; + + // + // Pointer to the thread pool worker list. + // LIST_ENTRY TppWorkerpList; + + // + // Wait on address hash table. (RtlWaitOnAddress) + // PVOID WaitOnAddressHashTable[128]; - PTELEMETRY_COVERAGE_HEADER TelemetryCoverageHeader; // REDSTONE3 + + // + // Pointer to the telemetry coverage header. // since RS3 + // + PTELEMETRY_COVERAGE_HEADER TelemetryCoverageHeader; + + // + // Cloud file flags. (ProjFs and Cloud Files) // since RS4 + // ULONG CloudFileFlags; - ULONG CloudFileDiagFlags; // REDSTONE4 + + // + // Cloud file diagnostic flags. + // + ULONG CloudFileDiagFlags; + + // + // Placeholder compatibility mode. (ProjFs and Cloud Files) + // CHAR PlaceholderCompatibilityMode; + + // + // Reserved for placeholder compatibility mode. + // CHAR PlaceholderCompatibilityModeReserved[7]; - struct _LEAP_SECOND_DATA* LeapSecondData; // REDSTONE5 + + // + // Pointer to leap second data. // since RS5 + // + struct _LEAP_SECOND_DATA* LeapSecondData; + + // + // Leap second flags. + // union { ULONG LeapSecondFlags; struct { - ULONG SixtySecondEnabled : 1; + ULONG SixtySecondEnabled : 1; // Leap seconds enabled. ULONG Reserved : 31; }; }; + + // + // Global flags for the process. + // ULONG NtGlobalFlag2; - ULONGLONG ExtendedFeatureDisableMask; // since WIN11 + + // + // Extended feature disable mask (AVX). // since WIN11 + // + ULONGLONG ExtendedFeatureDisableMask; } PEB, * PPEB; @@ -717,6 +1055,9 @@ STATIC_ASSERT(sizeof(PEB32) == 0x488); // WIN11 #define GDI_BATCH_BUFFER_SIZE 310 +/** + * The GDI_TEB_BATCH structure is used to store information about GDI batch operations. + */ typedef struct _GDI_TEB_BATCH { ULONG Offset; @@ -733,6 +1074,9 @@ typedef struct _GDI_TEB_BATCH32 STATIC_ASSERT(sizeof(GDI_TEB_BATCH32) == 1248); +/** + * The TEB_ACTIVE_FRAME_CONTEXT structure is used to store information about an active frame context. + */ typedef struct _TEB_ACTIVE_FRAME_CONTEXT { ULONG Flags; @@ -747,6 +1091,9 @@ typedef struct _TEB_ACTIVE_FRAME_CONTEXT32 const char * POINTER_32 FrameName; } TEB_ACTIVE_FRAME_CONTEXT32, * POINTER_32 PTEB_ACTIVE_FRAME_CONTEXT32; +/** + * The TEB_ACTIVE_FRAME_CONTEXT_EX structure extends TEB_ACTIVE_FRAME_CONTEXT with additional information. + */ typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX { TEB_ACTIVE_FRAME_CONTEXT BasicContext; @@ -759,6 +1106,9 @@ typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX32 const char* POINTER_32 SourceLocation; } TEB_ACTIVE_FRAME_CONTEXT_EX32, * PTEB_ACTIVE_FRAME_CONTEXT_EX32; +/** + * The TEB_ACTIVE_FRAME structure is used to store information about an active frame. + */ typedef struct _TEB_ACTIVE_FRAME { ULONG Flags; @@ -773,6 +1123,9 @@ typedef struct _TEB_ACTIVE_FRAME32 PTEB_ACTIVE_FRAME_CONTEXT32 Context; } TEB_ACTIVE_FRAME32, * POINTER_32 PTEB_ACTIVE_FRAME32; +/** + * The TEB_ACTIVE_FRAME_EX structure extends TEB_ACTIVE_FRAME with additional information. + */ typedef struct _TEB_ACTIVE_FRAME_EX { TEB_ACTIVE_FRAME BasicFrame; @@ -803,7 +1156,7 @@ typedef struct _FLS_DATA32 /** * Thread Environment Block (TEB) structure. * - * This structure contains information about the currently executing thread. + * \remarks https://learn.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-teb */ typedef struct _TEB { @@ -814,7 +1167,7 @@ typedef struct _TEB NT_TIB NtTib; // - // A pointer to the environment block for the thread. + // Reserved // PVOID EnvironmentPointer; @@ -843,52 +1196,164 @@ typedef struct _TEB PPEB ProcessEnvironmentBlock; + // + // The previous Win32 error value for this thread. + // ULONG LastErrorValue; + + // + // The number of critical sections currently owned by this thread. + // ULONG CountOfOwnedCriticalSections; + + // + // Reserved. + // PVOID CsrClientThread; + + // + // Reserved. + // PVOID Win32ThreadInfo; + + // + // Reserved. + // ULONG User32Reserved[26]; + + // + // Reserved. + // ULONG UserReserved[5]; + + // + // Reserved. + // PVOID WOW32Reserved; + + // + // The LCID of the current thread. (Kernel32!GetThreadLocale) + // LCID CurrentLocale; + + // + // Reserved. + // ULONG FpSoftwareStatusRegister; + + // + // Reserved. + // PVOID ReservedForDebuggerInstrumentation[16]; + #ifdef _WIN64 + // + // Reserved. + // PVOID SystemReserved1[25]; + // + // Per-thread fiber local storage. (Teb->HasFiberData) + // PVOID HeapFlsData; + // + // Reserved. + // ULONG_PTR RngState[4]; #else + // + // Reserved. + // PVOID SystemReserved1[26]; #endif + // + // Placeholder compatibility mode. (ProjFs and Cloud Files) + // CHAR PlaceholderCompatibilityMode; + + // + // Indicates whether placeholder hydration is always explicit. + // BOOLEAN PlaceholderHydrationAlwaysExplicit; + + // + // Reserved. + // CHAR PlaceholderReserved[10]; + // + // The process ID (PID) that the current COM server thread is acting on behalf of. + // ULONG ProxiedProcessId; + + // + // Pointer to the activation context stack for the current thread. + // ACTIVATION_CONTEXT_STACK ActivationStack; + // + // Opaque operation on behalf of another user or process. + // UCHAR WorkingOnBehalfTicket[8]; + + // + // The last exception status for the current thread. + // NTSTATUS ExceptionCode; + // + // Pointer to the activation context stack for the current thread. + // PACTIVATION_CONTEXT_STACK ActivationContextStackPointer; + + // + // The stack pointer (SP) of the current system call or exception during instrumentation. + // ULONG_PTR InstrumentationCallbackSp; + + // + // The program counter (PC) of the previous system call or exception during instrumentation. + // ULONG_PTR InstrumentationCallbackPreviousPc; + + // + // The stack pointer (SP) of the previous system call or exception during instrumentation. + // ULONG_PTR InstrumentationCallbackPreviousSp; + #ifdef _WIN64 + // + // The miniversion ID of the current transacted file operation. + // ULONG TxFsContext; #endif + // + // Indicates the state of the system call or exception instrumentation callback. + // BOOLEAN InstrumentationCallbackDisabled; + #ifdef _WIN64 + // + // Indicates the state of alignment exceptions for unaligned load/store operations. + // BOOLEAN UnalignedLoadStoreExceptions; #endif + #ifndef _WIN64 + // + // SpareBytes. + // UCHAR SpareBytes[23]; + + // + // The miniversion ID of the current transacted file operation. + // ULONG TxFsContext; #endif + GDI_TEB_BATCH GdiTebBatch; CLIENT_ID RealClientId; HANDLE GdiCachedProcessHandle; @@ -896,6 +1361,7 @@ typedef struct _TEB ULONG GdiClientTID; PVOID GdiThreadLocalInfo; ULONG_PTR Win32ClientInfo[WIN32_CLIENT_INFO_LENGTH]; + PVOID glDispatchTable[233]; ULONG_PTR glReserved1[29]; PVOID glReserved2; @@ -905,32 +1371,98 @@ typedef struct _TEB PVOID glCurrentRC; PVOID glContext; + // + // The previous status value for this thread. + // NTSTATUS LastStatusValue; + + // + // A static string for use by the application. + // UNICODE_STRING StaticUnicodeString; + + // + // A static buffer for use by the application. + // WCHAR StaticUnicodeBuffer[STATIC_UNICODE_BUFFER_LENGTH]; + // + // The maximum stack size and indicates the base of the stack. + // PVOID DeallocationStack; + + // + // Data for Thread Local Storage. (TlsGetValue) + // PVOID TlsSlots[TLS_MINIMUM_AVAILABLE]; + + // + // Reserved. + // LIST_ENTRY TlsLinks; + // + // Reserved for NTVDM. + // PVOID Vdm; + + // + // Reserved. + // PVOID ReservedForNtRpc; + + // + // Reserved. + // PVOID DbgSsReserved[2]; + // + // The error mode for the current thread. (GetThreadErrorMode) + // ULONG HardErrorMode; + + // + // Reserved. + // #ifdef _WIN64 PVOID Instrumentation[11]; #else PVOID Instrumentation[9]; #endif + + // + // Reserved. + // GUID ActivityId; + // + // The service creating the thread (svchost). + // PVOID SubProcessTag; + + // + // Reserved. + // PVOID PerflibData; + + // + // Reserved. + // PVOID EtwTraceData; - PVOID WinSockData; + + // + // The address of a socket handle during a blocking socket operation. (WSAStartup) + // + HANDLE WinSockData; + + // + // The number of function calls accumulated in the current GDI batch. (GdiSetBatchLimit) + // ULONG GdiBatchCount; + // + // The preferred processor for the curremt thread. (SetThreadIdealProcessor/SetThreadIdealProcessorEx) + // union { PROCESSOR_NUMBER CurrentIdealProcessor; @@ -944,9 +1476,21 @@ typedef struct _TEB }; }; + // + // The minimum size of the stack available during any stack overflow exceptions. (SetThreadStackGuarantee) + // ULONG GuaranteedStackBytes; + + // + // Reserved. + // PVOID ReservedForPerf; - PVOID ReservedForOle; // tagSOleTlsData + + // + // tagSOleTlsData. + // + PVOID ReservedForOle; + ULONG WaitingOnLoaderLock; PVOID SavedPriorityState; ULONG_PTR ReservedForCodeCoverage; @@ -1828,7 +2372,7 @@ typedef enum _THREADINFOCLASS ThreadStrongerBadHandleChecks, // since 22H1 ThreadEffectiveIoPriority, // q: IO_PRIORITY_HINT ThreadEffectivePagePriority, // q: ULONG - ThreadUpdateLockOwnership, // since 24H2 + ThreadUpdateLockOwnership, // THREAD_LOCK_OWNERSHIP // since 24H2 ThreadSchedulerSharedDataSlot, // SCHEDULER_SHARED_DATA_SLOT_INFORMATION ThreadTebInformationAtomic, // THREAD_TEB_INFORMATION ThreadIndexInformation, // THREAD_INDEX_INFORMATION @@ -1872,30 +2416,38 @@ typedef struct _PAGE_PRIORITY_INFORMATION // Process information structures // +/** + * The PROCESS_BASIC_INFORMATION structure contains basic information about a process. + * + * \remarks https://learn.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess#process_basic_information + */ typedef struct _PROCESS_BASIC_INFORMATION { - NTSTATUS ExitStatus; - PPEB PebBaseAddress; - KAFFINITY AffinityMask; - KPRIORITY BasePriority; - ULONG_PTR UniqueProcessId; - ULONG_PTR InheritedFromUniqueProcessId; + NTSTATUS ExitStatus; // The exit status of the process. (GetExitCodeProcess) + PPEB PebBaseAddress; // A pointer to the process environment block (PEB) of the process. + KAFFINITY AffinityMask; // The affinity mask of the process. (GetProcessAffinityMask) (deprecated) + KPRIORITY BasePriority; // The base priority of the process. (GetPriorityClass) + HANDLE UniqueProcessId; // The unique identifier of the process. (GetProcessId) + HANDLE InheritedFromUniqueProcessId; // The unique identifier of the parent process. } PROCESS_BASIC_INFORMATION, * PPROCESS_BASIC_INFORMATION; +/** + * The PROCESS_EXTENDED_BASIC_INFORMATION structure contains extended basic information about a process. + */ typedef struct _PROCESS_EXTENDED_BASIC_INFORMATION { - SIZE_T Size; // set to sizeof structure on input + _In_ SIZE_T Size; // The size of the structure, in bytes. This member must be set to sizeof(PROCESS_EXTENDED_BASIC_INFORMATION). union { PROCESS_BASIC_INFORMATION BasicInfo; struct { - NTSTATUS ExitStatus; - PPEB PebBaseAddress; - KAFFINITY AffinityMask; - KPRIORITY BasePriority; - HANDLE UniqueProcessId; - HANDLE InheritedFromUniqueProcessId; + NTSTATUS ExitStatus; // The exit status of the process. (GetExitCodeProcess) + PPEB PebBaseAddress; // A pointer to the process environment block (PEB) of the process. + KAFFINITY AffinityMask; // The affinity mask of the process. (GetProcessAffinityMask) (deprecated) + KPRIORITY BasePriority; // The base priority of the process. (GetPriorityClass) + HANDLE UniqueProcessId; // The unique identifier of the process. (GetProcessId) + HANDLE InheritedFromUniqueProcessId; // The unique identifier of the parent process. }; }; union @@ -1918,81 +2470,153 @@ typedef struct _PROCESS_EXTENDED_BASIC_INFORMATION }; } PROCESS_EXTENDED_BASIC_INFORMATION, * PPROCESS_EXTENDED_BASIC_INFORMATION; +/** + * The VM_COUNTERS structure contains various memory usage statistics for a process. + * + * \remarks https://learn.microsoft.com/en-us/windows/win32/api/psapi/ns-psapi-process_memory_counters + */ typedef struct _VM_COUNTERS { - SIZE_T PeakVirtualSize; - SIZE_T VirtualSize; - ULONG PageFaultCount; - SIZE_T PeakWorkingSetSize; - SIZE_T WorkingSetSize; - SIZE_T QuotaPeakPagedPoolUsage; - SIZE_T QuotaPagedPoolUsage; - SIZE_T QuotaPeakNonPagedPoolUsage; - SIZE_T QuotaNonPagedPoolUsage; - SIZE_T PagefileUsage; - SIZE_T PeakPagefileUsage; + SIZE_T PeakVirtualSize; // The peak virtual address space size of this process, in bytes. + SIZE_T VirtualSize; // The virtual address space size of this process, in bytes. + ULONG PageFaultCount; // The number of page faults. + SIZE_T PeakWorkingSetSize; // The peak working set size, in bytes. + SIZE_T WorkingSetSize; // The current working set size, in bytes + SIZE_T QuotaPeakPagedPoolUsage; // The peak paged pool usage, in bytes. + SIZE_T QuotaPagedPoolUsage; // The current paged pool usage, in bytes. + SIZE_T QuotaPeakNonPagedPoolUsage; // The peak non-paged pool usage, in bytes. + SIZE_T QuotaNonPagedPoolUsage; // The current non-paged pool usage, in bytes. + SIZE_T PagefileUsage; // The Commit Charge value in bytes for this process. Commit Charge is the total amount of private memory that the memory manager has committed for a running process. + SIZE_T PeakPagefileUsage; // The peak value in bytes of the Commit Charge during the lifetime of this process. } VM_COUNTERS, * PVM_COUNTERS; +/** + * The VM_COUNTERS_EX structure extends VM_COUNTERS to include private memory usage. + * + * \remarks https://learn.microsoft.com/en-us/windows/win32/api/psapi/ns-psapi-process_memory_counters_ex2 + */ typedef struct _VM_COUNTERS_EX { - SIZE_T PeakVirtualSize; - SIZE_T VirtualSize; - ULONG PageFaultCount; - SIZE_T PeakWorkingSetSize; - SIZE_T WorkingSetSize; - SIZE_T QuotaPeakPagedPoolUsage; - SIZE_T QuotaPagedPoolUsage; - SIZE_T QuotaPeakNonPagedPoolUsage; - SIZE_T QuotaNonPagedPoolUsage; - SIZE_T PagefileUsage; - SIZE_T PeakPagefileUsage; - SIZE_T PrivateUsage; + SIZE_T PeakVirtualSize; // The peak virtual address space size of this process, in bytes. + SIZE_T VirtualSize; // The virtual address space size of this process, in bytes. + ULONG PageFaultCount; // The number of page faults. + SIZE_T PeakWorkingSetSize; // The peak working set size, in bytes. + SIZE_T WorkingSetSize; // The current working set size, in bytes + SIZE_T QuotaPeakPagedPoolUsage; // The peak paged pool usage, in bytes. + SIZE_T QuotaPagedPoolUsage; // The current paged pool usage, in bytes. + SIZE_T QuotaPeakNonPagedPoolUsage; // The peak non-paged pool usage, in bytes. + SIZE_T QuotaNonPagedPoolUsage; // The current non-paged pool usage, in bytes. + SIZE_T PagefileUsage; // The Commit Charge value in bytes for this process. Commit Charge is the total amount of private memory that the memory manager has committed for a running process. + SIZE_T PeakPagefileUsage; // The peak value in bytes of the Commit Charge during the lifetime of this process. + SIZE_T PrivateUsage; // Same as PagefileUsage. The Commit Charge value in bytes for this process. Commit Charge is the total amount of private memory that the memory manager has committed for a running process. } VM_COUNTERS_EX, * PVM_COUNTERS_EX; +/** + * The VM_COUNTERS_EX2 structure extends VM_COUNTERS_EX to include private working set size and shared commit usage. + * + * \remarks https://learn.microsoft.com/en-us/windows/win32/api/psapi/ns-psapi-process_memory_counters_ex2 + */ typedef struct _VM_COUNTERS_EX2 { - VM_COUNTERS_EX CountersEx; - SIZE_T PrivateWorkingSetSize; - SIZE_T SharedCommitUsage; + union + { + VM_COUNTERS_EX CountersEx; + struct + { + SIZE_T PeakVirtualSize; // The peak virtual address space size of this process, in bytes. + SIZE_T VirtualSize; // The virtual address space size of this process, in bytes. + ULONG PageFaultCount; // The number of page faults. + SIZE_T PeakWorkingSetSize; // The peak working set size, in bytes. + SIZE_T WorkingSetSize; // The current working set size, in bytes + SIZE_T QuotaPeakPagedPoolUsage; // The peak paged pool usage, in bytes. + SIZE_T QuotaPagedPoolUsage; // The current paged pool usage, in bytes. + SIZE_T QuotaPeakNonPagedPoolUsage; // The peak non-paged pool usage, in bytes. + SIZE_T QuotaNonPagedPoolUsage; // The current non-paged pool usage, in bytes. + SIZE_T PagefileUsage; // The Commit Charge value in bytes for this process. Commit Charge is the total amount of private memory that the memory manager has committed for a running process. + SIZE_T PeakPagefileUsage; // The peak value in bytes of the Commit Charge during the lifetime of this process. + SIZE_T PrivateUsage; // Same as PagefileUsage. The Commit Charge value in bytes for this process. Commit Charge is the total amount of private memory that the memory manager has committed for a running process. + }; + }; + SIZE_T PrivateWorkingSetSize; // The current private working set size, in bytes. + SIZE_T SharedCommitUsage; // The current shared commit usage, in bytes. } VM_COUNTERS_EX2, * PVM_COUNTERS_EX2; +/** + * The KERNEL_USER_TIMES structure contains timing information for a process or thread. + * + * \remarks https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-getthreadtimes + */ typedef struct _KERNEL_USER_TIMES { - LARGE_INTEGER CreateTime; - LARGE_INTEGER ExitTime; - LARGE_INTEGER KernelTime; - LARGE_INTEGER UserTime; + LARGE_INTEGER CreateTime; // The creation time of the process or thread. + LARGE_INTEGER ExitTime; // The exit time of the process or thread. + LARGE_INTEGER KernelTime; // The amount of time the process has executed in kernel mode. + LARGE_INTEGER UserTime; // The amount of time the process has executed in user mode. } KERNEL_USER_TIMES, * PKERNEL_USER_TIMES; +/** + * The POOLED_USAGE_AND_LIMITS structure contains information about the usage and limits of paged and non-paged pool memory. + */ typedef struct _POOLED_USAGE_AND_LIMITS { - SIZE_T PeakPagedPoolUsage; - SIZE_T PagedPoolUsage; - SIZE_T PagedPoolLimit; - SIZE_T PeakNonPagedPoolUsage; - SIZE_T NonPagedPoolUsage; - SIZE_T NonPagedPoolLimit; - SIZE_T PeakPagefileUsage; - SIZE_T PagefileUsage; - SIZE_T PagefileLimit; + SIZE_T PeakPagedPoolUsage; // The peak paged pool usage. + SIZE_T PagedPoolUsage; // The current paged pool usage. + SIZE_T PagedPoolLimit; // The limit on paged pool usage. + SIZE_T PeakNonPagedPoolUsage; // The peak non-paged pool usage. + SIZE_T NonPagedPoolUsage; // The current non-paged pool usage. + SIZE_T NonPagedPoolLimit; // The limit on non-paged pool usage. + SIZE_T PeakPagefileUsage; // The peak pagefile usage. + SIZE_T PagefileUsage; // The current pagefile usage. + SIZE_T PagefileLimit; // The limit on pagefile usage. } POOLED_USAGE_AND_LIMITS, * PPOOLED_USAGE_AND_LIMITS; #define PROCESS_EXCEPTION_PORT_ALL_STATE_BITS 0x00000003 #define PROCESS_EXCEPTION_PORT_ALL_STATE_FLAGS ((ULONG_PTR)((1UL << PROCESS_EXCEPTION_PORT_ALL_STATE_BITS) - 1)) - +/** + * The PROCESS_EXCEPTION_PORT structure is used to manage exception ports for a process. + */ typedef struct _PROCESS_EXCEPTION_PORT { - _In_ HANDLE ExceptionPortHandle; // Handle to the exception port. No particular access required. - _Inout_ ULONG StateFlags; // Miscellaneous state flags to be cached along with the exception port in the kernel. + // + // Handle to the exception port. No particular access required. + // + _In_ HANDLE ExceptionPortHandle; + + // + // Miscellaneous state flags to be cached along with the exception + // port in the kernel. + // + _Inout_ ULONG StateFlags; + } PROCESS_EXCEPTION_PORT, * PPROCESS_EXCEPTION_PORT; -typedef struct _PROCESS_ACCESS_TOKEN -{ - HANDLE Token; // needs TOKEN_ASSIGN_PRIMARY access - HANDLE Thread; // handle to initial/only thread; needs THREAD_QUERY_INFORMATION access +/** + * The PROCESS_ACCESS_TOKEN structure is used to manage the security context of a process or thread. + * + * A process's access token can only be changed if the process has no threads or a single thread that has not yet begun execution. + */ +typedef struct _PROCESS_ACCESS_TOKEN +{ + // + // Handle to Primary token to assign to the process. + // TOKEN_ASSIGN_PRIMARY access to this token is needed. + // + HANDLE Token; + + // + // Handle to the initial thread of the process. + // THREAD_QUERY_INFORMATION access to this thread is needed. + // + // N.B. This field is unused. + // + HANDLE Thread; + } PROCESS_ACCESS_TOKEN, * PPROCESS_ACCESS_TOKEN; #endif // !_KERNEL_MODE +/** + * The PROCESS_LDT_INFORMATION structure is used to manage Local Descriptor Table (LDT) entries for a process. + */ typedef struct _PROCESS_LDT_INFORMATION { ULONG Start; @@ -2000,20 +2624,32 @@ typedef struct _PROCESS_LDT_INFORMATION LDT_ENTRY LdtEntries[1]; } PROCESS_LDT_INFORMATION, * PPROCESS_LDT_INFORMATION; +/** + * The PROCESS_LDT_SIZE structure is used to specify the size of the Local Descriptor Table (LDT) for a process. + */ typedef struct _PROCESS_LDT_SIZE { ULONG Length; } PROCESS_LDT_SIZE, * PPROCESS_LDT_SIZE; #ifndef _KERNEL_MODE +/** + * The PROCESS_WS_WATCH_INFORMATION structure is used to store information about working set watch events for a process. + * + * \remarks https://learn.microsoft.com/en-us/windows/win32/api/psapi/ns-psapi-psapi_ws_watch_information + */ typedef struct _PROCESS_WS_WATCH_INFORMATION { - PVOID FaultingPc; - PVOID FaultingVa; + PVOID FaultingPc; // A pointer to the instruction that caused the page fault. + PVOID FaultingVa; // A pointer to the page that was added to the working set. } PROCESS_WS_WATCH_INFORMATION, * PPROCESS_WS_WATCH_INFORMATION; #endif // !_KERNEL_MODE -// psapi:PSAPI_WS_WATCH_INFORMATION_EX +/** + * The PROCESS_WS_WATCH_INFORMATION_EX structure contains extended information about a page added to a process working set. + * + * \remarks https://learn.microsoft.com/en-us/windows/win32/api/psapi/ns-psapi-psapi_ws_watch_information_ex + */ typedef struct _PROCESS_WS_WATCH_INFORMATION_EX { union @@ -2021,12 +2657,12 @@ typedef struct _PROCESS_WS_WATCH_INFORMATION_EX PROCESS_WS_WATCH_INFORMATION BasicInfo; struct { - PVOID FaultingPc; - PVOID FaultingVa; + PVOID FaultingPc; // The address of the instruction that caused the page fault. + PVOID FaultingVa; // The virtual address that caused the page fault. }; }; - ULONG_PTR FaultingThreadId; - ULONG_PTR Flags; + HANDLE FaultingThreadId; // The identifier of the thread that caused the page fault. + ULONG_PTR Flags; // This member is reserved for future use. } PROCESS_WS_WATCH_INFORMATION_EX, * PPROCESS_WS_WATCH_INFORMATION_EX; #define PROCESS_PRIORITY_CLASS_UNKNOWN 0 @@ -2037,12 +2673,18 @@ typedef struct _PROCESS_WS_WATCH_INFORMATION_EX #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6 +/** + * The PROCESS_PRIORITY_CLASS structure is used to manage the priority class of a process. + */ typedef struct _PROCESS_PRIORITY_CLASS { BOOLEAN Foreground; UCHAR PriorityClass; } PROCESS_PRIORITY_CLASS, * PPROCESS_PRIORITY_CLASS; +/** + * The PROCESS_PRIORITY_CLASS_EX structure extends PROCESS_PRIORITY_CLASS to include validity flags. + */ typedef struct _PROCESS_PRIORITY_CLASS_EX { union @@ -2058,47 +2700,59 @@ typedef struct _PROCESS_PRIORITY_CLASS_EX BOOLEAN Foreground; } PROCESS_PRIORITY_CLASS_EX, * PPROCESS_PRIORITY_CLASS_EX; +/** + * The PROCESS_FOREGROUND_BACKGROUND structure is used to manage the the priority class of a process, specifically whether it runs in the foreground or background. + */ typedef struct _PROCESS_FOREGROUND_BACKGROUND { BOOLEAN Foreground; } PROCESS_FOREGROUND_BACKGROUND, * PPROCESS_FOREGROUND_BACKGROUND; #ifndef _KERNEL_MODE +/** + * The PROCESS_DEVICEMAP_INFORMATION structure contains information about a process's device map. + */ typedef struct _PROCESS_DEVICEMAP_INFORMATION { union { struct { - HANDLE DirectoryHandle; // needs DIRECTORY_TRAVERSE access + HANDLE DirectoryHandle; // A handle to a directory object that can be set as the new device map for the process. This handle must have DIRECTORY_TRAVERSE access. } Set; struct { - ULONG DriveMap; // bit mask - UCHAR DriveType[32]; // DRIVE_* WinBase.h + ULONG DriveMap; // A bitmask that indicates which drive letters are currently in use in the process's device map. + UCHAR DriveType[32]; // A value that indicates the type of each drive (e.g., local disk, network drive, etc.). // DRIVE_* WinBase.h } Query; }; } PROCESS_DEVICEMAP_INFORMATION, * PPROCESS_DEVICEMAP_INFORMATION; #define PROCESS_LUID_DOSDEVICES_ONLY 0x00000001 +/** + * The _PROCESS_DEVICEMAP_INFORMATION_EX structure contains information about a process's device map. + */ typedef struct _PROCESS_DEVICEMAP_INFORMATION_EX { union { struct { - HANDLE DirectoryHandle; + HANDLE DirectoryHandle; // A handle to a directory object that can be set as the new device map for the process. This handle must have DIRECTORY_TRAVERSE access. } Set; struct { - ULONG DriveMap; - UCHAR DriveType[32]; + ULONG DriveMap; // A bitmask that indicates which drive letters are currently in use in the process's device map. + UCHAR DriveType[32]; // A value that indicates the type of each drive (e.g., local disk, network drive, etc.). // DRIVE_* WinBase.h } Query; }; ULONG Flags; // PROCESS_LUID_DOSDEVICES_ONLY } PROCESS_DEVICEMAP_INFORMATION_EX, * PPROCESS_DEVICEMAP_INFORMATION_EX; +/** + * The PROCESS_SESSION_INFORMATION structure is used to store information about the session ID of a process. + */ typedef struct _PROCESS_SESSION_INFORMATION { ULONG SessionId; @@ -2109,17 +2763,23 @@ typedef struct _PROCESS_SESSION_INFORMATION #define PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_DISABLED 0x00000000 #define PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_ENABLED 0x00000001 +/** + * The PROCESS_HANDLE_TRACING_ENABLE structure is used to enable handle tracing for a process. + */ typedef struct _PROCESS_HANDLE_TRACING_ENABLE { - ULONG Flags; + ULONG Flags; // Flags that control handle tracing. } PROCESS_HANDLE_TRACING_ENABLE, * PPROCESS_HANDLE_TRACING_ENABLE; #define PROCESS_HANDLE_TRACING_MAX_SLOTS 0x20000 +/** + * The PROCESS_HANDLE_TRACING_ENABLE_EX structure extends PROCESS_HANDLE_TRACING_ENABLE to include the total number of slots. + */ typedef struct _PROCESS_HANDLE_TRACING_ENABLE_EX { - ULONG Flags; - ULONG TotalSlots; + ULONG Flags; // Flags that control handle tracing. + ULONG TotalSlots; // Total number of handle tracing slots. } PROCESS_HANDLE_TRACING_ENABLE_EX, * PPROCESS_HANDLE_TRACING_ENABLE_EX; #define PROCESS_HANDLE_TRACING_MAX_STACKS 16 @@ -2144,105 +2804,144 @@ typedef struct _PROCESS_HANDLE_TRACING_QUERY } PROCESS_HANDLE_TRACING_QUERY, * PPROCESS_HANDLE_TRACING_QUERY; #endif // !_KERNEL_MODE +/** + * The THREAD_TLS_INFORMATION structure contains information about the Thread Local Storage (TLS) data for a thread. + */ typedef struct _THREAD_TLS_INFORMATION { - ULONG Flags; - PVOID NewTlsData; - PVOID OldTlsData; - HANDLE ThreadId; + ULONG Flags; // Flags that provide additional information about the TLS data. + PVOID NewTlsData; // Pointer to the new TLS data. + PVOID OldTlsData; // Pointer to the old TLS data. + HANDLE ThreadId; // Handle to the thread associated with the TLS data. } THREAD_TLS_INFORMATION, * PTHREAD_TLS_INFORMATION; +/** + * The PROCESS_TLS_INFORMATION_TYPE enumeration defines the types of TLS operations that can be performed on a process. + */ typedef enum _PROCESS_TLS_INFORMATION_TYPE { - ProcessTlsReplaceIndex, - ProcessTlsReplaceVector, - MaxProcessTlsOperation + ProcessTlsReplaceIndex, // Replace the TLS index. + ProcessTlsReplaceVector, // Replace the TLS vector. + MaxProcessTlsOperation // Maximum value for the enumeration. } PROCESS_TLS_INFORMATION_TYPE, * PPROCESS_TLS_INFORMATION_TYPE; +/** + * The PROCESS_TLS_INFORMATION structure contains information about the TLS operations for a process. + */ typedef struct _PROCESS_TLS_INFORMATION { - ULONG Flags; - ULONG OperationType; - ULONG ThreadDataCount; - ULONG TlsIndex; - ULONG PreviousCount; - THREAD_TLS_INFORMATION ThreadData[1]; + ULONG Flags; // Flags that provide additional information about the TLS operation. + ULONG OperationType; // The type of TLS operation to be performed. + ULONG ThreadDataCount; // The number of THREAD_TLS_INFORMATION structures in the ThreadData array. + ULONG TlsIndex; // The TLS index to be replaced. + ULONG PreviousCount; // The previous count of TLS data. + _Field_size_(ThreadDataCount) THREAD_TLS_INFORMATION ThreadData[1]; // Array of THREAD_TLS_INFORMATION structures. } PROCESS_TLS_INFORMATION, * PPROCESS_TLS_INFORMATION; +/** + * The PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION structure contains information about the instrumentation callback for a process. + */ typedef struct _PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION { - ULONG Version; - ULONG Reserved; - PVOID Callback; + ULONG Version; // The version of the instrumentation callback information. + ULONG Reserved; // Reserved for future use. + PVOID Callback; // Pointer to the callback function. } PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION, * PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION; +/** + * The PROCESS_STACK_ALLOCATION_INFORMATION structure contains information about the stack allocation for a process. + */ typedef struct _PROCESS_STACK_ALLOCATION_INFORMATION { - SIZE_T ReserveSize; - SIZE_T ZeroBits; - PVOID StackBase; + SIZE_T ReserveSize; // The size of the stack to be reserved. + SIZE_T ZeroBits; // The number of zero bits in the stack base address. + PVOID StackBase; // Pointer to the base of the stack. } PROCESS_STACK_ALLOCATION_INFORMATION, * PPROCESS_STACK_ALLOCATION_INFORMATION; +/** + * The PROCESS_STACK_ALLOCATION_INFORMATION_EX structure extends PROCESS_STACK_ALLOCATION_INFORMATION to include additional fields. + */ typedef struct _PROCESS_STACK_ALLOCATION_INFORMATION_EX { - ULONG PreferredNode; - ULONG Reserved0; - ULONG Reserved1; - ULONG Reserved2; - PROCESS_STACK_ALLOCATION_INFORMATION AllocInfo; + ULONG PreferredNode; // The preferred NUMA node for the stack allocation. + ULONG Reserved0; // Reserved for future use. + ULONG Reserved1; // Reserved for future use. + ULONG Reserved2; // Reserved for future use. + PROCESS_STACK_ALLOCATION_INFORMATION AllocInfo; // The stack allocation information. } PROCESS_STACK_ALLOCATION_INFORMATION_EX, * PPROCESS_STACK_ALLOCATION_INFORMATION_EX; +/** + * The PROCESS_AFFINITY_UPDATE_MODE union is used to specify the affinity update mode for a process. + */ typedef union _PROCESS_AFFINITY_UPDATE_MODE { ULONG Flags; struct { - ULONG EnableAutoUpdate : 1; - ULONG Permanent : 1; - ULONG Reserved : 30; + ULONG EnableAutoUpdate : 1; // Indicates whether auto-update of affinity is enabled. + ULONG Permanent : 1; // Indicates whether the affinity update is permanent. + ULONG Reserved : 30; // Reserved for future use. }; } PROCESS_AFFINITY_UPDATE_MODE, * PPROCESS_AFFINITY_UPDATE_MODE; +/** + * The PROCESS_MEMORY_ALLOCATION_MODE union is used to specify the memory allocation mode for a process. + */ typedef union _PROCESS_MEMORY_ALLOCATION_MODE { ULONG Flags; struct { - ULONG TopDown : 1; - ULONG Reserved : 31; + ULONG TopDown : 1; // Indicates whether memory allocation should be top-down. + ULONG Reserved : 31; // Reserved for future use. }; } PROCESS_MEMORY_ALLOCATION_MODE, * PPROCESS_MEMORY_ALLOCATION_MODE; +/** + * The PROCESS_HANDLE_INFORMATION structure contains information about the handles of a process. + */ typedef struct _PROCESS_HANDLE_INFORMATION { - ULONG HandleCount; - ULONG HandleCountHighWatermark; + ULONG HandleCount; // The number of handles in the process. + ULONG HandleCountHighWatermark; // The highest number of handles that the process has had. } PROCESS_HANDLE_INFORMATION, * PPROCESS_HANDLE_INFORMATION; +/** + * The PROCESS_CYCLE_TIME_INFORMATION structure contains information about the cycle time of a process. + */ typedef struct _PROCESS_CYCLE_TIME_INFORMATION { - ULONGLONG AccumulatedCycles; - ULONGLONG CurrentCycleCount; + ULONGLONG AccumulatedCycles; // The total number of cycles accumulated by the process. + ULONGLONG CurrentCycleCount; // The current cycle count of the process. } PROCESS_CYCLE_TIME_INFORMATION, * PPROCESS_CYCLE_TIME_INFORMATION; +/** + * The PROCESS_WINDOW_INFORMATION structure contains information about the windows of a process. + */ typedef struct _PROCESS_WINDOW_INFORMATION { - ULONG WindowFlags; - USHORT WindowTitleLength; - WCHAR WindowTitle[1]; + ULONG WindowFlags; // Flags that provide information about the window. + USHORT WindowTitleLength; // The length of the window title. + _Field_size_bytes_(WindowTitleLength) WCHAR WindowTitle[1]; // The title of the window. } PROCESS_WINDOW_INFORMATION, * PPROCESS_WINDOW_INFORMATION; +/** + * The PROCESS_HANDLE_TABLE_ENTRY_INFO structure contains information about a handle table entry of a process. + */ typedef struct _PROCESS_HANDLE_TABLE_ENTRY_INFO { - HANDLE HandleValue; - SIZE_T HandleCount; - SIZE_T PointerCount; - ACCESS_MASK GrantedAccess; - ULONG ObjectTypeIndex; - ULONG HandleAttributes; - ULONG Reserved; + HANDLE HandleValue; // The value of the handle. + SIZE_T HandleCount; // The number of references to the handle. + SIZE_T PointerCount; // The number of pointers to the handle. + ACCESS_MASK GrantedAccess; // The access rights granted to the handle. + ULONG ObjectTypeIndex; // The index of the object type. + ULONG HandleAttributes; // The attributes of the handle. + ULONG Reserved; // Reserved for future use. } PROCESS_HANDLE_TABLE_ENTRY_INFO, * PPROCESS_HANDLE_TABLE_ENTRY_INFO; +/** + * The PROCESS_HANDLE_SNAPSHOT_INFORMATION structure contains information about the handle snapshot of a process. + */ typedef struct _PROCESS_HANDLE_SNAPSHOT_INFORMATION { SIZE_T NumberOfHandles; @@ -2330,6 +3029,9 @@ typedef struct _PROCESS_REVOKE_FILE_HANDLES_INFORMATION #define PROCESS_WORKING_SET_CONTROL_VERSION 3 +/** + * The PROCESS_WORKING_SET_OPERATION enumeration defines the operation to perform on a process's working set. + */ typedef enum _PROCESS_WORKING_SET_OPERATION { ProcessWorkingSetSwap, @@ -2337,6 +3039,9 @@ typedef enum _PROCESS_WORKING_SET_OPERATION ProcessWorkingSetOperationMax } PROCESS_WORKING_SET_OPERATION; +/** + * The PROCESS_WORKING_SET_CONTROL structure is used to control the working set of a process. + */ typedef struct _PROCESS_WORKING_SET_CONTROL { ULONG Version; @@ -2344,25 +3049,31 @@ typedef struct _PROCESS_WORKING_SET_CONTROL ULONG Flags; } PROCESS_WORKING_SET_CONTROL, * PPROCESS_WORKING_SET_CONTROL; +/** + * The PS_PROTECTED_TYPE enumeration defines the types of protection that can be applied to a process. + */ typedef enum _PS_PROTECTED_TYPE { - PsProtectedTypeNone, - PsProtectedTypeProtectedLight, - PsProtectedTypeProtected, + PsProtectedTypeNone, // No protection. + PsProtectedTypeProtectedLight, // Light protection. + PsProtectedTypeProtected, // Full protection. PsProtectedTypeMax } PS_PROTECTED_TYPE; +/** + * The PS_PROTECTED_SIGNER enumeration defines the types of signers that can be associated with a protected process. + */ typedef enum _PS_PROTECTED_SIGNER { - PsProtectedSignerNone, - PsProtectedSignerAuthenticode, - PsProtectedSignerCodeGen, - PsProtectedSignerAntimalware, - PsProtectedSignerLsa, - PsProtectedSignerWindows, - PsProtectedSignerWinTcb, - PsProtectedSignerWinSystem, - PsProtectedSignerApp, + PsProtectedSignerNone, // No signer. + PsProtectedSignerAuthenticode, // Authenticode signer. + PsProtectedSignerCodeGen, // Code generation signer. + PsProtectedSignerAntimalware, // Antimalware signer. + PsProtectedSignerLsa, // Local Security Authority signer. + PsProtectedSignerWindows, // Windows signer. + PsProtectedSignerWinTcb, // Windows Trusted Computing Base signer. + PsProtectedSignerWinSystem, // Windows system signer. + PsProtectedSignerApp, // Application signer. PsProtectedSignerMax } PS_PROTECTED_SIGNER; @@ -2371,19 +3082,22 @@ typedef enum _PS_PROTECTED_SIGNER #define PS_PROTECTED_TYPE_MASK 0x07 // ProtectionLevel.Level = PsProtectedValue(PsProtectedSignerCodeGen, FALSE, PsProtectedTypeProtectedLight) -#define PsProtectedValue(Signer, Audit, Type) ( \ - ((Signer & PS_PROTECTED_SIGNER_MASK) << 4) | \ - ((Audit & PS_PROTECTED_AUDIT_MASK) << 3) | \ - (Type & PS_PROTECTED_TYPE_MASK)\ +#define PsProtectedValue(PsSigner, PsAudit, PsType) ( \ + (((PsSigner) & PS_PROTECTED_SIGNER_MASK) << 4) | \ + (((PsAudit) & PS_PROTECTED_AUDIT_MASK) << 3) | \ + (((PsType) & PS_PROTECTED_TYPE_MASK)) \ ) // InitializePsProtection(&ProtectionLevel, PsProtectedSignerCodeGen, FALSE, PsProtectedTypeProtectedLight) -#define InitializePsProtection(ProtectionLevelPtr, Signer, Audit, Type) { \ - (ProtectionLevelPtr)->Signer = Signer; \ - (ProtectionLevelPtr)->Audit = Audit; \ - (ProtectionLevelPtr)->Type = Type; \ +#define InitializePsProtection(PsProtectionLevel, PsSigner, PsAudit, PsType) { \ + (PsProtectionLevel)->Signer = (PsSigner); \ + (PsProtectionLevel)->Audit = (PsAudit); \ + (PsProtectionLevel)->Type = (PsType); \ } +/** + * The PS_PROTECTION structure is used to define the protection level of a process. + */ typedef struct _PS_PROTECTION { union @@ -2398,33 +3112,41 @@ typedef struct _PS_PROTECTION }; } PS_PROTECTION, * PPS_PROTECTION; +/** + * The PROCESS_FAULT_INFORMATION structure contains information about process faults. + */ typedef struct _PROCESS_FAULT_INFORMATION { - ULONG FaultFlags; - ULONG AdditionalInfo; + ULONG FaultFlags; // Flags that provide additional information about the fault. + ULONG AdditionalInfo; // Additional information about the fault. } PROCESS_FAULT_INFORMATION, * PPROCESS_FAULT_INFORMATION; +/** + * The PROCESS_TELEMETRY_ID_INFORMATION structure contains telemetry information about a process. + */ typedef struct _PROCESS_TELEMETRY_ID_INFORMATION { - ULONG HeaderSize; - ULONG ProcessId; - ULONGLONG ProcessStartKey; - ULONGLONG CreateTime; - ULONGLONG CreateInterruptTime; - ULONGLONG CreateUnbiasedInterruptTime; - ULONGLONG ProcessSequenceNumber; - ULONGLONG SessionCreateTime; - ULONG SessionId; - ULONG BootId; - ULONG ImageChecksum; - ULONG ImageTimeDateStamp; - ULONG UserSidOffset; - ULONG ImagePathOffset; - ULONG PackageNameOffset; - ULONG RelativeAppNameOffset; - ULONG CommandLineOffset; + ULONG HeaderSize; // The size of the structure, in bytes. + ULONG ProcessId; // The ID of the process. + ULONGLONG ProcessStartKey; // The start key of the process. + ULONGLONG CreateTime; // The creation time of the process. + ULONGLONG CreateInterruptTime; // The interrupt time at creation. + ULONGLONG CreateUnbiasedInterruptTime; // The unbiased interrupt time at creation. + ULONGLONG ProcessSequenceNumber; // The monotonic sequence number of the process. + ULONGLONG SessionCreateTime; // The session creation time. + ULONG SessionId; // The ID of the session. + ULONG BootId; // The boot ID. + ULONG ImageChecksum; // The checksum of the process image. + ULONG ImageTimeDateStamp; // The timestamp of the process image. + ULONG UserSidOffset; // The offset to the user SID. + ULONG ImagePathOffset; // The offset to the image path. + ULONG PackageNameOffset; // The offset to the package name. + ULONG RelativeAppNameOffset; // The offset to the relative application name. + ULONG CommandLineOffset; // The offset to the command line. } PROCESS_TELEMETRY_ID_INFORMATION, * PPROCESS_TELEMETRY_ID_INFORMATION; - +/** + * The PROCESS_COMMIT_RELEASE_INFORMATION structure contains information about the commit and release of memory for a process. + */ typedef struct _PROCESS_COMMIT_RELEASE_INFORMATION { ULONG Version; @@ -2440,20 +3162,28 @@ typedef struct _PROCESS_COMMIT_RELEASE_INFORMATION SIZE_T RepurposedMemResetSize; } PROCESS_COMMIT_RELEASE_INFORMATION, * PPROCESS_COMMIT_RELEASE_INFORMATION; +/** + * The PROCESS_JOB_MEMORY_INFO structure contains Represents app memory usage at a single point in time. + * + * \remarks https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/ns-processthreadsapi-app_memory_information + */ typedef struct _PROCESS_JOB_MEMORY_INFO { - ULONGLONG SharedCommitUsage; - ULONGLONG PrivateCommitUsage; - ULONGLONG PeakPrivateCommitUsage; - ULONGLONG PrivateCommitLimit; - ULONGLONG TotalCommitLimit; + ULONGLONG SharedCommitUsage; // The current shared commit usage, in bytes. + ULONGLONG PrivateCommitUsage; // The current private commit usage, in bytes. + ULONGLONG PeakPrivateCommitUsage; // The peak private commit usage, in bytes. + ULONGLONG PrivateCommitLimit; // The private commit limit, in bytes. + ULONGLONG TotalCommitLimit; // The total commit limit, in bytes. } PROCESS_JOB_MEMORY_INFO, * PPROCESS_JOB_MEMORY_INFO; +/** + * The PROCESS_CHILD_PROCESS_INFORMATION structure contains information about child process policies. + */ typedef struct _PROCESS_CHILD_PROCESS_INFORMATION { - BOOLEAN ProhibitChildProcesses; - BOOLEAN AlwaysAllowSecureChildProcess; // REDSTONE3 - BOOLEAN AuditProhibitChildProcesses; + BOOLEAN ProhibitChildProcesses; // Child processes are prohibited. + BOOLEAN AlwaysAllowSecureChildProcess; // Secure child processes are always allowed. + BOOLEAN AuditProhibitChildProcesses; // Child processes are audited. } PROCESS_CHILD_PROCESS_INFORMATION, * PPROCESS_CHILD_PROCESS_INFORMATION; #ifndef _KERNEL_MODE @@ -2472,11 +3202,14 @@ typedef struct _PROCESS_CHILD_PROCESS_INFORMATION POWER_THROTTLING_PROCESS_DELAYTIMERS | \ POWER_THROTTLING_PROCESS_IGNORE_TIMER_RESOLUTION)) +/** + * The POWER_THROTTLING_PROCESS_STATE structure is used to manage the power throttling state of a process. + */ typedef struct _POWER_THROTTLING_PROCESS_STATE { - ULONG Version; - ULONG ControlMask; - ULONG StateMask; + ULONG Version; // The version of the structure. + ULONG ControlMask; // A mask that specifies the control settings for power throttling. + ULONG StateMask; // A mask that specifies the current state of power throttling. } POWER_THROTTLING_PROCESS_STATE, * PPOWER_THROTTLING_PROCESS_STATE; #endif // !_KERNEL_MODE @@ -2733,12 +3466,16 @@ typedef struct _THREAD_LAST_SYSCALL_INFORMATION */ typedef struct _THREAD_CYCLE_TIME_INFORMATION { - // The total number of cycles accumulated by the thread. - ULONGLONG AccumulatedCycles; - // The current cycle count of the thread. - ULONGLONG CurrentCycleCount; + ULONGLONG AccumulatedCycles; // The total number of cycles accumulated by the thread. + ULONGLONG CurrentCycleCount; // The current cycle count of the thread. } THREAD_CYCLE_TIME_INFORMATION, * PTHREAD_CYCLE_TIME_INFORMATION; +// RtlAbPostRelease / ReleaseAllUserModeAutoBoostLockHandles +typedef struct _THREAD_LOCK_OWNERSHIP +{ + ULONG SrwLock[1]; +} THREAD_LOCK_OWNERSHIP, * PTHREAD_LOCK_OWNERSHIP; + typedef enum _SCHEDULER_SHARED_DATA_SLOT_ACTION { SchedulerSharedSlotAssign, @@ -2755,27 +3492,23 @@ typedef struct _SCHEDULER_SHARED_DATA_SLOT_INFORMATION typedef struct _THREAD_TEB_INFORMATION { - PVOID TebInformation; // buffer to place data in - ULONG TebOffset; // offset in TEB to begin reading from - ULONG BytesToRead; // number of bytes to read + _Inout_bytecount_(BytesToRead) PVOID TebInformation; // Buffer to write data into. + _In_ ULONG TebOffset; // Offset in TEB to begin reading from. + _In_ ULONG BytesToRead; // Number of bytes to read. } THREAD_TEB_INFORMATION, * PTHREAD_TEB_INFORMATION; // symbols /** * The COUNTER_READING structure is used to store individual counter data from a hardware counter. * - * \remarks https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-hardware_counter_data + * \sa https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-hardware_counter_data */ typedef struct _COUNTER_READING { - // Specifies the type of hardware counter data collected. - HARDWARE_COUNTER_TYPE Type; - // An identifier for the specific counter. - ULONG Index; - // The initial value of the counter when measurement started. - ULONG64 Start; - // The accumulated value of the counter over the measurement period. - ULONG64 Total; + HARDWARE_COUNTER_TYPE Type; // Specifies the type of hardware counter data collected. + ULONG Index; // An identifier for the specific counter. + ULONG64 Start; // The initial value of the counter when measurement started. + ULONG64 Total; // The accumulated value of the counter over the measurement period. } COUNTER_READING, * PCOUNTER_READING; #ifndef THREAD_PERFORMANCE_DATA_VERSION @@ -2789,26 +3522,16 @@ typedef struct _COUNTER_READING */ typedef struct _THREAD_PERFORMANCE_DATA { - // The size of the structure. - USHORT Size; - // The version of the structure. Must be set to PERFORMANCE_DATA_VERSION. - USHORT Version; - // The processor number that identifies where the thread is running. - PROCESSOR_NUMBER ProcessorNumber; - // The number of context switches that occurred from the time profiling was enabled. - ULONG ContextSwitches; - // The number of array elements in the HwCounters array that contain hardware counter data. - ULONG HwCountersCount; - // The number of times that the read operation read the data to ensure a consistent snapshot of the data. - ULONG64 UpdateCount; - // A bitmask of KWAIT_REASON that identifies the reasons for the context switches that occurred since the last time the data was read. - ULONG64 WaitReasonBitMap; - // A bitmask of hardware counters used to collect counter data. - ULONG64 HardwareCounters; - // The cycle time of the thread (excludes the time spent interrupted) from the time profiling was enabled. - COUNTER_READING CycleTime; - // The COUNTER_READING structure that contains hardware counter data. - COUNTER_READING HwCounters[MAX_HW_COUNTERS]; + USHORT Size; // The size of the structure. + USHORT Version; // The version of the structure. Must be set to \ref THREAD_PERFORMANCE_DATA_VERSION. + PROCESSOR_NUMBER ProcessorNumber; // The processor number that identifies where the thread is running. + ULONG ContextSwitches; // The number of context switches that occurred from the time profiling was enabled. + ULONG HwCountersCount; // The number of array elements in the HwCounters array that contain hardware counter data. + ULONG64 UpdateCount; // The number of times that the read operation read the data to ensure a consistent snapshot of the data. + ULONG64 WaitReasonBitMap; // A bitmask of \ref KWAIT_REASON that identifies the reasons for the context switches that occurred since the last time the data was read. + ULONG64 HardwareCounters; // A bitmask of hardware counters used to collect counter data. + COUNTER_READING CycleTime; // The cycle time of the thread (excludes the time spent interrupted) from the time profiling was enabled. + COUNTER_READING HwCounters[MAX_HW_COUNTERS]; // The \ref COUNTER_READING structure that contains hardware counter data. } THREAD_PERFORMANCE_DATA, * PTHREAD_PERFORMANCE_DATA; #ifndef THREAD_PROFILING_FLAG_DISPATCH @@ -2822,7 +3545,7 @@ typedef struct _THREAD_PERFORMANCE_DATA /** * The THREAD_PROFILING_INFORMATION structure contains profiling information and references to performance data. * - * \remarks https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-readthreadprofilingdata + * \sa https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-readthreadprofilingdata */ typedef struct _THREAD_PROFILING_INFORMATION { @@ -2831,7 +3554,7 @@ typedef struct _THREAD_PROFILING_INFORMATION // performance counters that you configured. Set to zero if you are not collecting hardware counter data. // If you set a bit for a hardware counter that has not been configured, the counter value that is read for that counter is zero. ULONG64 HardwareCounters; - // To receive thread profiling data such as context switch count, set this parameter to THREAD_PROFILING_FLAG_DISPATCH. + // To receive thread profiling data such as context switch count, set this parameter to \ref THREAD_PROFILING_FLAG_DISPATCH. ULONG Flags; // Enable or disable thread profiling on the specified thread. ULONG Enable; @@ -3003,24 +3726,25 @@ ZwCreateProcess( ); // begin_rev +#define PROCESS_CREATE_FLAGS_NONE 0x00000000 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001 // NtCreateProcessEx & NtCreateUserProcess #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002 // NtCreateProcessEx & NtCreateUserProcess #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004 // NtCreateProcessEx & NtCreateUserProcess #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008 // NtCreateProcessEx only -#define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010 // NtCreateProcessEx only, requires SeLockMemory -#define PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL 0x00000020 // NtCreateProcessEx only, requires SeLockMemory +#define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010 // NtCreateProcessEx only (requires SeLockMemoryPrivilege) +#define PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL 0x00000020 // NtCreateProcessEx only (requires SeLockMemoryPrivilege) #define PROCESS_CREATE_FLAGS_PROTECTED_PROCESS 0x00000040 // NtCreateUserProcess only -#define PROCESS_CREATE_FLAGS_CREATE_SESSION 0x00000080 // NtCreateProcessEx & NtCreateUserProcess, requires SeLoadDriver +#define PROCESS_CREATE_FLAGS_CREATE_SESSION 0x00000080 // NtCreateProcessEx & NtCreateUserProcess (requires SeLoadDriverPrivilege) #define PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT 0x00000100 // NtCreateProcessEx & NtCreateUserProcess #define PROCESS_CREATE_FLAGS_SUSPENDED 0x00000200 // NtCreateProcessEx & NtCreateUserProcess -#define PROCESS_CREATE_FLAGS_FORCE_BREAKAWAY 0x00000400 // NtCreateProcessEx & NtCreateUserProcess, requires SeTcb +#define PROCESS_CREATE_FLAGS_FORCE_BREAKAWAY 0x00000400 // NtCreateProcessEx & NtCreateUserProcess (requires SeTcbPrivilege) #define PROCESS_CREATE_FLAGS_MINIMAL_PROCESS 0x00000800 // NtCreateProcessEx only #define PROCESS_CREATE_FLAGS_RELEASE_SECTION 0x00001000 // NtCreateProcessEx & NtCreateUserProcess -#define PROCESS_CREATE_FLAGS_AUXILIARY_PROCESS 0x00008000 // NtCreateProcessEx & NtCreateUserProcess, requires SeTcb +#define PROCESS_CREATE_FLAGS_AUXILIARY_PROCESS 0x00008000 // NtCreateProcessEx & NtCreateUserProcess (requires SeTcbPrivilege) #define PROCESS_CREATE_FLAGS_CREATE_STORE 0x00020000 // NtCreateProcessEx & NtCreateUserProcess #define PROCESS_CREATE_FLAGS_USE_PROTECTED_ENVIRONMENT 0x00040000 // NtCreateProcessEx & NtCreateUserProcess #define PROCESS_CREATE_FLAGS_IMAGE_EXPANSION_MITIGATION_DISABLE 0x00080000 -#define PROCESS_CREATE_FLAGS_PARTITION_CREATE_SLAB_IDENTITY 0x00400000 // NtCreateProcessEx & NtCreateUserProcess, requires SeLockMemoryPrivilege +#define PROCESS_CREATE_FLAGS_PARTITION_CREATE_SLAB_IDENTITY 0x00400000 // NtCreateProcessEx & NtCreateUserProcess (requires SeLockMemoryPrivilege) // end_rev /** @@ -3184,7 +3908,7 @@ ZwResumeProcess( #define ZwCurrentProcessId() NtCurrentProcessId() #define NtCurrentThreadId() (NtCurrentTeb()->ClientId.UniqueThread) #define ZwCurrentThreadId() NtCurrentThreadId() -#define NtCurrentSessionId() RtlGetActiveConsoleId() +#define NtCurrentSessionId() RtlGetActiveConsoleId() // USER_SHARED_DATA->ActiveConsoleId #define ZwCurrentSessionId() NtCurrentSessionId() #define NtCurrentLogonId() (NtCurrentPeb()->LogonId) #define ZwCurrentLogonId() NtCurrentLogonId() @@ -3240,6 +3964,81 @@ ZwQueryInformationProcess( _Out_opt_ PULONG ReturnLength ); +// rev +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtWow64QueryInformationProcess64( + _In_ HANDLE ProcessHandle, + _In_ PROCESSINFOCLASS ProcessInformationClass, + _Out_writes_bytes_(ProcessInformationLength) PVOID ProcessInformation, + _In_ ULONG ProcessInformationLength, + _Out_opt_ PULONG ReturnLength +); + +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwWow64QueryInformationProcess64( + _In_ HANDLE ProcessHandle, + _In_ PROCESSINFOCLASS ProcessInformationClass, + _Out_writes_bytes_(ProcessInformationLength) PVOID ProcessInformation, + _In_ ULONG ProcessInformationLength, + _Out_opt_ PULONG ReturnLength +); + +/** + * Sets information for the specified process. + * + * @param ProcessHandle A handle to the process. + * @param ProcessInformationClass The type of process information to be set. + * @param ProcessInformation A pointer to a buffer that contains the process information. + * @param ProcessInformationLength The size of the buffer pointed to by the ProcessInformation parameter. + * @return NTSTATUS Successful or errant status. + */ +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationProcess( + _In_ HANDLE ProcessHandle, + _In_ PROCESSINFOCLASS ProcessInformationClass, + _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation, + _In_ ULONG ProcessInformationLength +); + +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwSetInformationProcess( + _In_ HANDLE ProcessHandle, + _In_ PROCESSINFOCLASS ProcessInformationClass, + _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation, + _In_ ULONG ProcessInformationLength +); + +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtWow64SetInformationProcess64( + _In_ HANDLE ProcessHandle, + _In_ PROCESSINFOCLASS ProcessInformationClass, + _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation, + _In_ ULONG ProcessInformationLength +); + +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwWow64SetInformationProcess64( + _In_ HANDLE ProcessHandle, + _In_ PROCESSINFOCLASS ProcessInformationClass, + _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation, + _In_ ULONG ProcessInformationLength +); + #if (NTDDI_VERSION >= NTDDI_WS03) #define PROCESS_GET_NEXT_FLAGS_PREVIOUS_PROCESS 0x00000001 @@ -3250,7 +4049,7 @@ ZwQueryInformationProcess( * @param DesiredAccess The access rights desired for the new process handle. * @param HandleAttributes The attributes for the new process handle. * @param Flags Flags that modify the behavior of the function. This can be a combination of the following flags: - * - PROCESS_GET_NEXT_FLAGS_PREVIOUS_PROCESS (0x00000001): Retrieve the previous process in the system. + * - \ref PROCESS_GET_NEXT_FLAGS_PREVIOUS_PROCESS (0x00000001): Retrieve the previous process in the system. * @param NewProcessHandle A pointer to a variable that receives the handle to the next process. * @return NTSTATUS Successful or errant status. */ @@ -3283,11 +4082,11 @@ ZwGetNextProcess( * * @param ProcessHandle A handle to the process for enumerateration of threads. * @param ThreadHandle An optional handle to a thread. If this parameter is NULL, the function retrieves the first thread in the process. - * @param DesiredAccess The access rights desired for the new process handle. - * @param HandleAttributes The attributes for the new process handle. + * @param DesiredAccess The access rights desired for the new thread handle. + * @param HandleAttributes The attributes for the new thread handle. * @param Flags Flags that modify the behavior of the function. This can be a combination of the following flags: - * - THREAD_GET_NEXT_FLAGS_PREVIOUS_THREAD (0x00000001): Retrieve the previous thread in the process. - * @param NewProcessHandle A pointer to a variable that receives the handle to the next process. + * - \ref THREAD_GET_NEXT_FLAGS_PREVIOUS_THREAD (0x00000001): Retrieve the previous thread in the process. + * @param NewThreadHandle A pointer to a variable that receives the handle to the next thread. * @return NTSTATUS Successful or errant status. */ __kernel_entry NTSYSCALLAPI @@ -3315,36 +4114,6 @@ ZwGetNextThread( _Out_ PHANDLE NewThreadHandle ); -/** - * Sets information for the specified process. - * - * @param ProcessHandle A handle to the process. - * @param ProcessInformationClass The type of process information to be set. - * @param ProcessInformation A pointer to a buffer that contains the process information. - * @param ProcessInformationLength The size of the buffer pointed to by the ProcessInformation parameter. - * @return NTSTATUS Successful or errant status. - */ -__kernel_entry NTSYSCALLAPI -NTSTATUS -NTAPI -NtSetInformationProcess( - _In_ HANDLE ProcessHandle, - _In_ PROCESSINFOCLASS ProcessInformationClass, - _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation, - _In_ ULONG ProcessInformationLength -); - -_IRQL_requires_max_(PASSIVE_LEVEL) -NTSYSAPI -NTSTATUS -NTAPI -ZwSetInformationProcess( - _In_ HANDLE ProcessHandle, - _In_ PROCESSINFOCLASS ProcessInformationClass, - _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation, - _In_ ULONG ProcessInformationLength -); - #define STATECHANGE_SET_ATTRIBUTES 0x0001 typedef enum _PROCESS_STATE_CHANGE_TYPE @@ -3505,6 +4274,34 @@ ZwChangeThreadState( ); #endif +// Process KeepAlive (also WakeCounter) + +typedef enum _PROCESS_ACTIVITY_TYPE +{ + ProcessActivityTypeAudio = 0, + ProcessActivityTypeMax = 1 +} PROCESS_ACTIVITY_TYPE; + +// rev +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtAcquireProcessActivityReference( + _Out_ PHANDLE ActivityReferenceHandle, + _In_ HANDLE ParentProcessHandle, + _Reserved_ PROCESS_ACTIVITY_TYPE Reserved +); + +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwAcquireProcessActivityReference( + _Out_ PHANDLE ActivityReferenceHandle, + _In_ HANDLE ParentProcessHandle, + _Reserved_ PROCESS_ACTIVITY_TYPE Reserved +); + // // Threads // @@ -3901,7 +4698,67 @@ NTAPI ZwAlertThreadByThreadId( _In_ HANDLE ThreadId ); +#endif + + +#if (NTDDI_VERSION >= NTDDI_WIN11) +/** + * Sends an alert to the specified thread by its thread ID, with an optional lock. + * + * @param ThreadId The thread ID of the thread to be alerted. + * @param Lock An optional pointer to an SRW lock to be used during the alert. + * @return NTSTATUS Successful or errant status. + */ +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlertThreadByThreadIdEx( + _In_ HANDLE ThreadId, + _In_opt_ PRTL_SRWLOCK Lock +); + +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwAlertThreadByThreadIdEx( + _In_ HANDLE ThreadId, + _In_opt_ PRTL_SRWLOCK Lock +); + +/** + * Sends an alert to multiple threads by their thread IDs. + * + * @param MultipleThreadId A pointer to an array of thread IDs to be alerted. + * @param Count The number of thread IDs in the array. + * @param Boost A pointer to a boost value to be applied to the threads. + * @param BoostCount The number of boost values in the array. + * @return NTSTATUS Successful or errant status. + */ +__kernel_entry NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlertMultipleThreadByThreadId( + _In_ PHANDLE MultipleThreadId, + _In_ ULONG Count, + _In_ PVOID Boost, + _In_ ULONG BoostCount +); + +_IRQL_requires_max_(PASSIVE_LEVEL) +NTSYSAPI +NTSTATUS +NTAPI +ZwAlertMultipleThreadByThreadId( + _In_ PHANDLE MultipleThreadId, + _In_ ULONG Count, + _In_ PVOID Boost, + _In_ ULONG BoostCount +); +#endif + +#if (NTDDI_VERSION >= NTDDI_WIN8) // rev /** * Waits for an alert to be delivered to the specified thread. @@ -4976,9 +5833,9 @@ ZwCreateUserProcess( #define THREAD_CREATE_FLAGS_CREATE_SUSPENDED 0x00000001 // NtCreateUserProcess & NtCreateThreadEx #define THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH 0x00000002 // NtCreateThreadEx only #define THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER 0x00000004 // NtCreateThreadEx only -#define THREAD_CREATE_FLAGS_LOADER_WORKER 0x00000010 // NtCreateThreadEx only, since THRESHOLD -#define THREAD_CREATE_FLAGS_SKIP_LOADER_INIT 0x00000020 // NtCreateThreadEx only, since REDSTONE2 -#define THREAD_CREATE_FLAGS_BYPASS_PROCESS_FREEZE 0x00000040 // NtCreateThreadEx only, since 19H1 +#define THREAD_CREATE_FLAGS_LOADER_WORKER 0x00000010 // NtCreateThreadEx only // since THRESHOLD +#define THREAD_CREATE_FLAGS_SKIP_LOADER_INIT 0x00000020 // NtCreateThreadEx only // since REDSTONE2 +#define THREAD_CREATE_FLAGS_BYPASS_PROCESS_FREEZE 0x00000040 // NtCreateThreadEx only // since 19H1 // end_rev /** diff --git a/Veil/Veil.System.RuntimeLibrary.h b/Veil/Veil.System.RuntimeLibrary.h index 43f2447..3c63927 100644 --- a/Veil/Veil.System.RuntimeLibrary.h +++ b/Veil/Veil.System.RuntimeLibrary.h @@ -2123,6 +2123,39 @@ RtlRbRemoveNode( #endif + +#if (NTDDI_VERSION >= NTDDI_WIN11) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlCompareExchangePointerMapping( + _In_ PRTL_BALANCED_NODE Node1, + _In_ PRTL_BALANCED_NODE Node2, + _Out_ PRTL_BALANCED_NODE* Node3, + _Out_ PRTL_BALANCED_NODE* Node4 +); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryPointerMapping( + _In_ PRTL_RB_TREE Tree, + _Inout_ PRTL_BALANCED_NODE Children +); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlRemovePointerMapping( + _In_ PRTL_RB_TREE Tree, + _Inout_ PRTL_BALANCED_NODE Children +); +#endif + + // // Critical sections // @@ -5277,6 +5310,7 @@ typedef struct _IMAGE_RUNTIME_FUNCTION_ENTRY RUNTIME_FUNCTION, * PRUNTIME_FUNCTI typedef struct _SCOPE_TABLE_AMD64 SCOPE_TABLE, * PSCOPE_TABLE; #endif +_Analysis_noreturn_ NTSYSAPI DECLSPEC_NORETURN VOID @@ -5366,6 +5400,7 @@ RtlRaiseExceptionForReturnAddressHijack( ); // rev +_Analysis_noreturn_ NTSYSAPI DECLSPEC_NORETURN VOID diff --git a/Veil/Veil.System.SMBios.h b/Veil/Veil.System.SMBios.h new file mode 100644 index 0000000..5f53e6d --- /dev/null +++ b/Veil/Veil.System.SMBios.h @@ -0,0 +1,2842 @@ +/* + * PROJECT: Veil + * FILE: Veil.System.SMBios.h + * PURPOSE: This file is part of Veil. + * + * LICENSE: MIT License + * + * DEVELOPER: MeeSong (meesong@outlook.com) + */ + + /* + * Definitions that describe SMBIOS - https://www.dmtf.org/standards/smbios + * + * This file is part of System Informer. + */ + +#pragma once +#ifndef _SMBIOS_H +#define _SMBIOS_H + + // Warnings which disabled for compiling +#if _MSC_VER >= 1200 +#pragma warning(push) +// nonstandard extension used : nameless struct/union +#pragma warning(disable:4201) +// nonstandard extension used : bit field types other than int +#pragma warning(disable:4214) +// 'struct_name' : structure was padded due to __declspec(align()) +#pragma warning(disable:4324) +// 'enumeration': a forward declaration of an unscoped enumeration must have an +// underlying type (int assumed) +#pragma warning(disable:4471) +#endif + +VEIL_BEGIN() + + + +typedef struct RAW_SMBIOS_DATA +{ + UINT8 Used20CallingMethod; + UINT8 SMBIOSMajorVersion; + UINT8 SMBIOSMinorVersion; + UINT8 DmiRevision; + ULONG Length; + UINT8 SMBIOSTableData[ANYSIZE_ARRAY]; +} RAW_SMBIOS_DATA, * PRAW_SMBIOS_DATA; + +#include + +#define SMBIOS_INVALID_HANDLE ((USHORT)0x0FFFF) +#define SMBIOS_INVALID_STRING ((UINT8)0) +#define SMBIOS_STRING_TABLE(x) (PVOID)((ULONG_PTR)x + x->Length) + +#define SMBIOS_PROBE_STATUS_OTHER ((UINT8)1) +#define SMBIOS_PROBE_STATUS_UNKNOWN ((UINT8)2) +#define SMBIOS_PROBE_STATUS_OK ((UINT8)3) +#define SMBIOS_PROBE_STATUS_NON_CRITICAL ((UINT8)4) +#define SMBIOS_PROBE_STATUS_CRITICAL ((UINT8)5) +#define SMBIOS_PROBE_STATUS_NON_RECOVERABLE ((UINT8)6) + +#define SMBIOS_MEMORY_ERROR_TYPE_OTHER ((UINT8)1) +#define SMBIOS_MEMORY_ERROR_TYPE_UNKNOWN ((UINT8)2) +#define SMBIOS_MEMORY_ERROR_TYPE_OK ((UINT8)3) +#define SMBIOS_MEMORY_ERROR_TYPE_BAD_READ ((UINT8)4) +#define SMBIOS_MEMORY_ERROR_TYPE_PARITY ((UINT8)5) +#define SMBIOS_MEMORY_ERROR_TYPE_SINGLE_BIT ((UINT8)6) +#define SMBIOS_MEMORY_ERROR_TYPE_DOUBLE_BIT ((UINT8)7) +#define SMBIOS_MEMORY_ERROR_TYPE_MULTI_BIT ((UINT8)8) +#define SMBIOS_MEMORY_ERROR_TYPE_NIBBLE ((UINT8)9) +#define SMBIOS_MEMORY_ERROR_TYPE_CHECKSUM ((UINT8)10) +#define SMBIOS_MEMORY_ERROR_TYPE_CRC ((UINT8)11) +#define SMBIOS_MEMORY_ERROR_TYPE_CORRECTED_SINGLE_BIT ((UINT8)12) +#define SMBIOS_MEMORY_ERROR_TYPE_CORRECTED ((UINT8)13) +#define SMBIOS_MEMORY_ERROR_TYPE_UNCORRECTABLE ((UINT8)14) + +#define SMBIOS_MEMORY_ERROR_GRANULARITY_OTHER ((UINT8)1) +#define SMBIOS_MEMORY_ERROR_GRANULARITY_UNKNOWN ((UINT8)2) +#define SMBIOS_MEMORY_ERROR_GRANULARITY_DEVICE ((UINT8)3) +#define SMBIOS_MEMORY_ERROR_GRANULARITY_PARTITION ((UINT8)4) + +#define SMBIOS_MEMORY_ERROR_OPERATION_OTHER ((UINT8)1) +#define SMBIOS_MEMORY_ERROR_OPERATION_UNKNOWN ((UINT8)2) +#define SMBIOS_MEMORY_ERROR_OPERATION_READ ((UINT8)3) +#define SMBIOS_MEMORY_ERROR_OPERATION_WRITE ((UINT8)4) +#define SMBIOS_MEMORY_ERROR_OPERATION_PARTIAL_WRITE ((UINT8)5) + +typedef struct _SMBIOS_ENTRY_POINT_2_1 +{ + UINT8 Signature[4]; // _SM_ (ASCII) + UINT8 Checksum; + UINT8 Length; + UINT8 MajorVersion; + UINT8 MinorVersion; + USHORT MaximumStructureSize; + UINT8 EntryPointRevision; + UINT8 Reserved[5]; + UINT8 Signature2[5]; // _DMI_ (ASCII) + UINT8 IntermediateChecksum; + USHORT StructureTableLength; + ULONG StructureTableAddress; + USHORT NumberStructures; + UINT8 Revision; +} SMBIOS_ENTRY_POINT_2_1, * PSMBIOS_ENTRY_POINT_2_1; + +STATIC_ASSERT(sizeof(SMBIOS_ENTRY_POINT_2_1) == 0X1F); + +typedef struct _SMBIOS_ENTRY_POINT_3_0 +{ + UINT8 Signature[5]; // _SM3_ (ASCII) + UINT8 Checksum; + UINT8 Length; + UINT8 MajorVersion; + UINT8 MinorVersion; + UINT8 DocumentRevision; + UINT8 EntryPointRevision; + UINT8 Reserved; + ULONG MaximumStructureSize; + ULONGLONG StructureTableAddress; +} SMBIOS_ENTRY_POINT_3_0, * PSMBIOS_ENTRY_POINT_3_0; + +STATIC_ASSERT(sizeof(SMBIOS_ENTRY_POINT_3_0) == 0x18); + +typedef struct _SMBIOS_HEADER +{ + UINT8 Type; + UINT8 Length; + USHORT Handle; +} SMBIOS_HEADER, * PSMBIOS_HEADER; + +STATIC_ASSERT(sizeof(SMBIOS_HEADER) == 4); + +typedef struct _SMBIOS_GENERIC +{ + UCHAR Type; + UCHAR Length; + USHORT Handle; + UCHAR Data[ANYSIZE_ARRAY]; +} SMBIOS_GENERIC, * PSMBIOS_GENERIC; + +// +// Platform Firmware Information (Type 0) +// + +#define SMBIOS_FIRMWARE_INFORMATION_TYPE ((UINT8)0) + +typedef struct _SMBIOS_FIRMWARE_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.0+ + UINT8 Vendor; // string + UINT8 Version; // string + USHORT StartingAddressSegment; + UINT8 ReleaseDate; // string + UINT8 RomSize; + ULONGLONG Characteristics; // SMBIOS_FIRMWARE_FLAG_* + // 2.4+ + USHORT Characteristics2; // SMBIOS_FIRMWARE_FLAG_2_* + UINT8 MajorRelease; + UINT8 MinorRelease; + UINT8 ControllerMajorRelease; + UINT8 ControllerMinorRelease; + // 3.1+ + union + { + struct + { + USHORT Unit : 2; // SMBIOS_FIRMWARE_ROM_UNIT_* + USHORT Size : 14; + }; + + USHORT Value; + } RomSize2; +} SMBIOS_FIRMWARE_INFORMATION, * PSMBIOS_FIRMWARE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_FIRMWARE_INFORMATION) == 0x1A); + +#define SMBIOS_FIRMWARE_FLAG_RESERVED_0 0x0000000000000001UL +#define SMBIOS_FIRMWARE_FLAG_RESERVED_1 0x0000000000000002UL +#define SMBIOS_FIRMWARE_FLAG_UNKNOWN 0x0000000000000004UL +#define SMBIOS_FIRMWARE_FLAG_NOT_SUPPORTED 0x0000000000000008UL +#define SMBIOS_FIRMWARE_FLAG_ISA_SUPPORTED 0x0000000000000010UL +#define SMBIOS_FIRMWARE_FLAG_MCA_SUPPORTED 0x0000000000000020UL +#define SMBIOS_FIRMWARE_FLAG_EISA_SUPPORTED 0x0000000000000040UL +#define SMBIOS_FIRMWARE_FLAG_PCI_SUPPORTED 0x0000000000000080UL +#define SMBIOS_FIRMWARE_FLAG_PCMCIA_SUPPORTED 0x0000000000000100UL +#define SMBIOS_FIRMWARE_FLAG_PNP_SUPPORTED 0x0000000000000200UL +#define SMBIOS_FIRMWARE_FLAG_APM_SUPPORTED 0x0000000000000400UL +#define SMBIOS_FIRMWARE_FLAG_UPGRADE_SUPPORTED 0x0000000000000800UL +#define SMBIOS_FIRMWARE_FLAG_SHADOWING_SUPPORTED 0x0000000000001000UL +#define SMBIOS_FIRMWARE_FLAG_VL_VESA_SUPPORTED 0x0000000000002000UL +#define SMBIOS_FIRMWARE_FLAG_ESCD_SUPPORTED 0x0000000000004000UL +#define SMBIOS_FIRMWARE_FLAG_BOOT_FROM_CD_SUPPORTED 0x0000000000008000UL +#define SMBIOS_FIRMWARE_FLAG_SELECTABLE_BOOT_SUPPORTED 0x0000000000010000UL +#define SMBIOS_FIRMWARE_FLAG_ROM_SOCKETED 0x0000000000020000UL +#define SMBIOS_FIRMWARE_FLAG_PCMCIA_BOOT_SUPPORTED 0x0000000000040000UL +#define SMBIOS_FIRMWARE_FLAG_EDD_SUPPORTED 0x0000000000080000UL +#define SMBIOS_FIRMWARE_FLAG_FLOPPY_NEC_9800_SUPPORTED 0x0000000000100000UL +#define SMBIOS_FIRMWARE_FLAG_FLOPPY_TOSHIBA_SUPPORTED 0x0000000000200000UL +#define SMBIOS_FIRMWARE_FLAG_FLOPPY_5_25_360KB_SUPPORTED 0x0000000000400000UL +#define SMBIOS_FIRMWARE_FLAG_FLOPPY_5_25_1_2_MB_SUPPORTED 0x0000000000800000UL +#define SMBIOS_FIRMWARE_FLAG_FLOPPY_3_5_720KB_SUPPORTED 0x0000000001000000UL +#define SMBIOS_FIRMWARE_FLAG_FLOPPY_3_5_2_88MB_SUPPORTED 0x0000000002000000UL +#define SMBIOS_FIRMWARE_FLAG_PRINT_SCREEN_SUPPORTED 0x0000000004000000UL +#define SMBIOS_FIRMWARE_FLAG_8042_KEYBOARD_SUPPORTED 0x0000000008000000UL +#define SMBIOS_FIRMWARE_FLAG_SERIAL_SUPPORTED 0x0000000010000000UL +#define SMBIOS_FIRMWARE_FLAG_PRINTER_SUPPORTED 0x0000000020000000UL +#define SMBIOS_FIRMWARE_FLAG_CGA_VIDEO_SUPPORTED 0x0000000040000000UL +#define SMBIOS_FIRMWARE_FLAG_NEC_PC_98 0x0000000080000000UL +#define SMBIOS_FIRMWARE_FLAG_PLATFORM_RESERVED 0x0000FFFF00000000UL +#define SMBIOS_FIRMWARE_FLAG_SYSTEM_RESERVED 0xFFFF000000000000UL + +#define SMBIOS_FIRMWARE_FLAG_2_ACPI_SUPPORTED ((USHORT)0x0001) +#define SMBIOS_FIRMWARE_FLAG_2_USB_LEGACY_SUPPORTED ((USHORT)0x0002) +#define SMBIOS_FIRMWARE_FLAG_2_AGP_SUPPORTED ((USHORT)0x0004) +#define SMBIOS_FIRMWARE_FLAG_2_I20_BOOT_SUPPORTED ((USHORT)0x0008) +#define SMBIOS_FIRMWARE_FLAG_2_LS_120_BOOT_SUPPORTED ((USHORT)0x0010) +#define SMBIOS_FIRMWARE_FLAG_2_ZIP_BOOT_SUPPORTED ((USHORT)0x0020) +#define SMBIOS_FIRMWARE_FLAG_2_1394_BOOT_SUPPORTED ((USHORT)0x0040) +#define SMBIOS_FIRMWARE_FLAG_2_SMART_BATTERY_SUPPORTED ((USHORT)0x0080) +#define SMBIOS_FIRMWARE_FLAG_2_BIOS_BOOT_SUPPORTED ((USHORT)0x0100) +#define SMBIOS_FIRMWARE_FLAG_2_FN_KEY_NET_BOOT_SUPPORTED ((USHORT)0x0200) +#define SMBIOS_FIRMWARE_FLAG_2_CONTENT_DISTRIBUTION_SUPPORTED ((USHORT)0x0400) +#define SMBIOS_FIRMWARE_FLAG_2_UEFI_SUPPORTED ((USHORT)0x0800) +#define SMBIOS_FIRMWARE_FLAG_2_MANUFACTURING_MODE_ENABLED ((USHORT)0x1000) +#define SMBIOS_FIRMWARE_FLAG_2_RESERVED ((USHORT)0xE000) + +#define SMBIOS_FIRMWARE_ROM_UNIT_MB 0 +#define SMBIOS_FIRMWARE_ROM_UNIT_GB 1 +#define SMBIOS_FIRMWARE_ROM_UNIT_RESERVED_1 2 +#define SMBIOS_FIRMWARE_ROM_UNIT_RESERVED_2 3 + +// +// System Information (Type 1) +// + +#define SMBIOS_SYSTEM_INFORMATION_TYPE ((UINT8)1) + +typedef struct _SMBIOS_SYSTEM_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.0+ + UINT8 Manufacturer; // string + UINT8 ProductName; // string + UINT8 Version; // string + UINT8 SerialNumber; // string + // 2.1+ + GUID UniqueID; + UINT8 WakeUpType; // SMBIOS_SYSTEM_WAKE_UP_TYPE + // 2.4+ + UINT8 SKUNumber; // string + UINT8 Family; // string +} SMBIOS_SYSTEM_INFORMATION, * PSMBIOS_SYSTEM_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_SYSTEM_INFORMATION) == 0x1B); + +#define SMBIOS_SYSTEM_WAKE_UP_TYPE_RESERVED ((UINT8)0) +#define SMBIOS_SYSTEM_WAKE_UP_TYPE_OTHER ((UINT8)1) +#define SMBIOS_SYSTEM_WAKE_UP_UNKNOWN ((UINT8)2) +#define SMBIOS_SYSTEM_WAKE_UP_APM_TIMER ((UINT8)3) +#define SMBIOS_SYSTEM_WAKE_UP_MODEM_RING ((UINT8)4) +#define SMBIOS_SYSTEM_WAKE_UP_LAN_REMOTE ((UINT8)5) +#define SMBIOS_SYSTEM_WAKE_UP_POWER_SWITCH ((UINT8)6) +#define SMBIOS_SYSTEM_WAKE_UP_PCI_PME ((UINT8)7) +#define SMBIOS_SYSTEM_WAKE_UP_AC_POWER_RESTORED ((UINT8)8) + +// +// Baseboard (or Module) Information (Type 2) +// + +#define SMBIOS_BASEBOARD_INFORMATION_TYPE ((UINT8)2) + +typedef struct _SMBIOS_BASEBOARD_INFORMATION +{ + SMBIOS_HEADER Header; + UINT8 Manufacturer; // string + UINT8 Product; // string + UINT8 Version; // string + UINT8 SerialNumber; // string + UINT8 AssetTag; // string + UINT8 Features; // SMBIOS_BASEBOARD_FEATURE_* + UINT8 Location; // string + USHORT ChassisHandle; + UINT8 BoardType; // SMBIOS_BASEBOARD_TYPE_* + UINT8 NumberOfHandles; + USHORT Handles[ANYSIZE_ARRAY]; // Contained object handles (processors, ports, memory, etc.) +} SMBIOS_BASEBOARD_INFORMATION, * PSMBIOS_BASEBOARD_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_BASEBOARD_INFORMATION) == 0x11); + +#define SMBIOS_BASEBOARD_FEATURE_HOSTING_BOARD ((UINT8)0x01) +#define SMBIOS_BASEBOARD_FEATURE_REQUIRES_DAUGHTER_BOARD ((UINT8)0x02) +#define SMBIOS_BASEBOARD_FEATURE_REMOVABLE_BOARD ((UINT8)0x04) +#define SMBIOS_BASEBOARD_FEATURE_REPLACEABLE_BOARD ((UINT8)0x08) +#define SMBIOS_BASEBOARD_FEATURE_HOT_SWAP_BOARD ((UINT8)0x10) +#define SMBIOS_BASEBOARD_FEATURE_RESERVED ((UINT8)0xE0) + +#define SMBIOS_BASEBOARD_TYPE_UNKNOWN ((UINT8)1) +#define SMBIOS_BASEBOARD_TYPE_OTHER ((UINT8)2) +#define SMBIOS_BASEBOARD_TYPE_SERVER_BLADE ((UINT8)3) +#define SMBIOS_BASEBOARD_TYPE_CONNECTIVITY_SWITCH ((UINT8)4) +#define SMBIOS_BASEBOARD_TYPE_SYSTEM_MANAGEMENT_MODULE ((UINT8)5) +#define SMBIOS_BASEBOARD_TYPE_PROCESSOR_MODULE ((UINT8)6) +#define SMBIOS_BASEBOARD_TYPE_IO_MODULE ((UINT8)7) +#define SMBIOS_BASEBOARD_TYPE_MEMORY_MODULE ((UINT8)8) +#define SMBIOS_BASEBOARD_TYPE_DAUGHTER_BOARD ((UINT8)9) +#define SMBIOS_BASEBOARD_TYPE_MOTHERBOARD ((UINT8)10) +#define SMBIOS_BASEBOARD_TYPE_PROCESSOR_MEMORY_MODULE ((UINT8)11) +#define SMBIOS_BASEBOARD_TYPE_PROCESSOR_IO_MODULE ((UINT8)12) +#define SMBIOS_BASEBOARD_TYPE_INTERCONNECT ((UINT8)13) + +// +// System Enclosure or Chassis (Type 3) +// + +#define SMBIOS_CHASSIS_INFORMATION_TYPE ((UINT8)3) + +typedef struct _SMBIOS_CHASSIS_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.0+ + UINT8 Manufacturer; // string + union + { + struct + { + UINT8 Type : 7; // SMBIOS_CHASSIS_TYPE_* + UINT8 Locked : 1; + }; + + UINT8 Value; + } Chassis; + + UINT8 Version; // string + UINT8 SerialNumber; // string + UINT8 AssetTag; // string + // 2.1+ + UINT8 BootUpState; // SMBIOS_CHASSIS_STATE_* + UINT8 PowerSupplyState; // SMBIOS_CHASSIS_STATE_* + UINT8 ThermalState; // SMBIOS_CHASSIS_STATE_* + UINT8 SecurityState; // SMBIOS_CHASSIS_SECURITY_STATE_* + // 2.3+ + ULONG OEMDefined; + UINT8 Height; + UINT8 NumberOfPowerCords; + UINT8 ElementCount; + UINT8 ElementLength; + UINT8 Elements[ANYSIZE_ARRAY]; // ElementCount * ElementLength, SMBIOS_CHASSIS_CONTAINED_ELEMENT + // 2.7+ + // SMBIOS_CHASSIS_INFORMATION_EX +} SMBIOS_CHASSIS_INFORMATION, * PSMBIOS_CHASSIS_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_CHASSIS_INFORMATION) == 0x16); + +typedef struct _SMBIOS_CHASSIS_INFORMATION_EX +{ + // 2.7+ + UINT8 SKUNumber; // string +} SMBIOS_CHASSIS_INFORMATION_EX, * PSMBIOS_CHASSIS_INFORMATION_EX; + +typedef struct _SMBIOS_CHASSIS_CONTAINED_ELEMENT +{ + // 2.3+ + union + { + struct + { + UINT8 Type : 7; // SMBIOS_*_INFORMATION_TYPE or SM_BIOS_BASEBOARD_TYPE_* + UINT8 Select : 1; // 1 = SMBIOS_*_INFORMATION_TYPE, 0 = SM_BIOS_BASEBOARD_TYPE_* + }; + + UINT8 Value; + } Type; + + UINT8 ElementMinimum; + UINT8 ElementMaximum; +} SMBIOS_CHASSIS_CONTAINED_ELEMENT, * PSMBIOS_CHASSIS_CONTAINED_ELEMENT; + +STATIC_ASSERT(sizeof(SMBIOS_CHASSIS_CONTAINED_ELEMENT) == 0x3); + +#define SMBIOS_CHASSIS_TYPE_OTHER 1 +#define SMBIOS_CHASSIS_TYPE_UNKNOWN 2 +#define SMBIOS_CHASSIS_TYPE_DESKTOP 3 +#define SMBIOS_CHASSIS_TYPE_LOW_PROFILE_DESKTOP 4 +#define SMBIOS_CHASSIS_TYPE_PIZZA_BOX 5 +#define SMBIOS_CHASSIS_TYPE_MINI_TOWER 6 +#define SMBIOS_CHASSIS_TYPE_TOWER 7 +#define SMBIOS_CHASSIS_TYPE_PORTABLE 8 +#define SMBIOS_CHASSIS_TYPE_LAPTOP 9 +#define SMBIOS_CHASSIS_TYPE_NOTEBOOK 10 +#define SMBIOS_CHASSIS_TYPE_HAND_HELD 11 +#define SMBIOS_CHASSIS_TYPE_DOCKING_STATION 12 +#define SMBIOS_CHASSIS_TYPE_ALL_IN_ONE 13 +#define SMBIOS_CHASSIS_TYPE_SUB_NOTEBOOK 14 +#define SMBIOS_CHASSIS_TYPE_SPACE_SAVING 15 +#define SMBIOS_CHASSIS_TYPE_LUNCH_BOX 16 +#define SMBIOS_CHASSIS_TYPE_MAIN_SERVER 17 +#define SMBIOS_CHASSIS_TYPE_EXPANSION 18 +#define SMBIOS_CHASSIS_TYPE_SUB 19 +#define SMBIOS_CHASSIS_TYPE_BUS_EXPANSION 20 +#define SMBIOS_CHASSIS_TYPE_PERIPHERAL 21 +#define SMBIOS_CHASSIS_TYPE_RAID 22 +#define SMBIOS_CHASSIS_TYPE_RACK_MOUNT 23 +#define SMBIOS_CHASSIS_TYPE_SEALED_CASE_PC 24 +#define SMBIOS_CHASSIS_TYPE_MULTI_SYSTEM 25 +#define SMBIOS_CHASSIS_TYPE_COMPACT_PCI 26 +#define SMBIOS_CHASSIS_TYPE_ADVANCED_TCA 27 +#define SMBIOS_CHASSIS_TYPE_BLADE 28 +#define SMBIOS_CHASSIS_TYPE_BLADE_ENCLOSURE 29 +#define SMBIOS_CHASSIS_TYPE_TABLET 30 +#define SMBIOS_CHASSIS_TYPE_CONVERTIBLE 31 +#define SMBIOS_CHASSIS_TYPE_DETACHABLE 32 +#define SMBIOS_CHASSIS_TYPE_IOT_GATEWAY 33 +#define SMBIOS_CHASSIS_TYPE_EMBEDDED_PC 34 +#define SMBIOS_CHASSIS_TYPE_MINI_PC 35 +#define SMBIOS_CHASSIS_TYPE_STICK_PC 36 + +#define SMBIOS_CHASSIS_STATE_OTHER ((UINT8)1) +#define SMBIOS_CHASSIS_STATE_UNKNOWN ((UINT8)2) +#define SMBIOS_CHASSIS_STATE_SAFE ((UINT8)3) +#define SMBIOS_CHASSIS_STATE_WARNING ((UINT8)4) +#define SMBIOS_CHASSIS_STATE_CRITICAL ((UINT8)5) +#define SMBIOS_CHASSIS_STATE_NON_RECOVERABLE ((UINT8)6) + +#define SMBIOS_CHASSIS_SECURITY_STATE_OTHER ((UINT8)1) +#define SMBIOS_CHASSIS_SECURITY_STATE_UNKNOWN ((UINT8)2) +#define SMBIOS_CHASSIS_SECURITY_STATE_NONE ((UINT8)3) +#define SMBIOS_CHASSIS_SECURITY_STATE_LOCKED_OUT ((UINT8)4) +#define SMBIOS_CHASSIS_SECURITY_STATE_ENABLED ((UINT8)5) + +// +// Processor Information (Type 4) +// + +#define SMBIOS_PROCESSOR_INFORMATION_TYPE ((UINT8)4) + +typedef struct _SMBIOS_PROCESSOR_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.0+ + UINT8 SocketDesignation; // string + UINT8 Type; // SMBIOS_PROCESSOR_TYPE_* + UINT8 Family; // SMBIOS_PROCESSOR_FAMILY_* + UINT8 Manufacturer; // string + ULONGLONG Identifier; + UINT8 Version; // string + + union + { + struct + { + UINT8 Capable5000mV : 1; // 5V + UINT8 Capable3500mV : 1; // 3.3V + UINT8 Capable2900mV : 1; // 2.9V + UINT8 Reserved : 4; + UINT8 Mode : 1; // 0 = Legacy Mode + }; + + UINT8 Value; + } Voltage; + + USHORT ExternalClock; + USHORT MaxSpeed; + USHORT CurrentSpeed; + + union + { + struct + { + UINT8 Status : 3; // SMBIOS_PROCESSOR_STATUS_* + UINT8 Reserved : 3; + UINT8 Populated : 1; + UINT8 Reserved2 : 1; + }; + + UINT8 Value; + } Status; + + UINT8 Upgrade; // SMBIOS_PROCESSOR_UPGRADE_* + // 2.1+ + USHORT L1CacheHandle; + USHORT L2CacheHandle; + USHORT L3CacheHandle; + // 2.3+ + UINT8 SerialNumber; // string + UINT8 AssetTag; // string + UINT8 PartNumber; // string + // 2.5+ + UINT8 CoreCount; + UINT8 CoresEnabled; + UINT8 ThreadCount; + USHORT Characteristics; // SMBIOS_PROCESSOR_FLAG_* + // 2.6+ + USHORT Family2; // SMBIOS_PROCESSOR_FAMILY_* + // 3.0+ + USHORT CoreCount2; + USHORT CoresEnabled2; + USHORT ThreadCount2; + // 3.6+ + USHORT ThreadsEnabled; + // 3.8+ + UINT8 SocketType; // string +} SMBIOS_PROCESSOR_INFORMATION, * PSMBIOS_PROCESSOR_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_PROCESSOR_INFORMATION) == 0x33); + +#define SMBIOS_PROCESSOR_TYPE_OTHER ((UINT8)1) +#define SMBIOS_PROCESSOR_TYPE_UNKNOWN ((UINT8)2) +#define SMBIOS_PROCESSOR_TYPE_CENTRAL ((UINT8)3) +#define SMBIOS_PROCESSOR_TYPE_MATH ((UINT8)4) +#define SMBIOS_PROCESSOR_TYPE_DSP ((UINT8)5) +#define SMBIOS_PROCESSOR_TYPE_VIDEO ((UINT8)6) + +#define SMBIOS_PROCESSOR_FAMILY_OTHER 1 +#define SMBIOS_PROCESSOR_FAMILY_UNKNOWN 2 +#define SMBIOS_PROCESSOR_FAMILY_8086 3 +#define SMBIOS_PROCESSOR_FAMILY_80286 4 +#define SMBIOS_PROCESSOR_FAMILY_INTEL386_PROCESSOR 5 +#define SMBIOS_PROCESSOR_FAMILY_INTEL486_PROCESSOR 6 +#define SMBIOS_PROCESSOR_FAMILY_8087 7 +#define SMBIOS_PROCESSOR_FAMILY_80287 8 +#define SMBIOS_PROCESSOR_FAMILY_80387 9 +#define SMBIOS_PROCESSOR_FAMILY_80487 10 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_PENTIUM_PROCESSOR 11 +#define SMBIOS_PROCESSOR_FAMILY_PENTIUM_PRO_PROCESSOR 12 +#define SMBIOS_PROCESSOR_FAMILY_PENTIUM_II_PROCESSOR 13 +#define SMBIOS_PROCESSOR_FAMILY_PENTIUM_PROCESSOR_WITH_MMX_TECHNOLOGY 14 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CELERON_PROCESSOR 15 +#define SMBIOS_PROCESSOR_FAMILY_PENTIUM_II_XEON_PROCESSOR 16 +#define SMBIOS_PROCESSOR_FAMILY_PENTIUM_III_PROCESSOR 17 +#define SMBIOS_PROCESSOR_FAMILY_M1_FAMILY 18 +#define SMBIOS_PROCESSOR_FAMILY_M2_FAMILY 19 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CELERON_M_PROCESSOR 20 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_PENTIUM_4_HT_PROCESSOR 21 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_PROCESSOR 22 +// 23 - Available for assignment +#define SMBIOS_PROCESSOR_FAMILY_AMD_DURON_PROCESSOR_FAMILY 24 +#define SMBIOS_PROCESSOR_FAMILY_K5_FAMILY 25 +#define SMBIOS_PROCESSOR_FAMILY_K6_FAMILY 26 +#define SMBIOS_PROCESSOR_FAMILY_K6_2 27 +#define SMBIOS_PROCESSOR_FAMILY_K6_3 28 +#define SMBIOS_PROCESSOR_FAMILY_AMD_ATHLON_PROCESSOR_FAMILY 29 +#define SMBIOS_PROCESSOR_FAMILY_AMD29000_FAMILY 30 +#define SMBIOS_PROCESSOR_FAMILY_K6_2_PLUS 31 +#define SMBIOS_PROCESSOR_FAMILY_POWER_PC_FAMILY 32 +#define SMBIOS_PROCESSOR_FAMILY_POWER_PC_601 33 +#define SMBIOS_PROCESSOR_FAMILY_POWER_PC_603 34 +#define SMBIOS_PROCESSOR_FAMILY_POWER_PC_603_PLUS 35 +#define SMBIOS_PROCESSOR_FAMILY_POWER_PC_604 36 +#define SMBIOS_PROCESSOR_FAMILY_POWER_PC_620 37 +#define SMBIOS_PROCESSOR_FAMILY_POWER_PC_X704 38 +#define SMBIOS_PROCESSOR_FAMILY_POWER_PC_750 39 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_DUO_PROCESSOR 40 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_DUO_MOBILE_PROCESSOR 41 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_SOLO_MOBILE_PROCESSOR 42 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_ATOM_PROCESSOR 43 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_M_PROCESSOR 44 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_M3_PROCESSOR 45 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_M5_PROCESSOR 46 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_M7_PROCESSOR 47 +#define SMBIOS_PROCESSOR_FAMILY_ALPHA_FAMILY 48 +#define SMBIOS_PROCESSOR_FAMILY_ALPHA_21064 49 +#define SMBIOS_PROCESSOR_FAMILY_ALPHA_21066 50 +#define SMBIOS_PROCESSOR_FAMILY_ALPHA_21164 51 +#define SMBIOS_PROCESSOR_FAMILY_ALPHA_21164PC 52 +#define SMBIOS_PROCESSOR_FAMILY_ALPHA_21164A 53 +#define SMBIOS_PROCESSOR_FAMILY_ALPHA_21264 54 +#define SMBIOS_PROCESSOR_FAMILY_ALPHA_21364 55 +#define SMBIOS_PROCESSOR_FAMILY_AMD_TURION_II_ULTRA_DUAL_CORE_MOBILE_M_PROCESSOR_FAMILY 56 +#define SMBIOS_PROCESSOR_FAMILY_AMD_TURION_II_DUAL_CORE_MOBILE_M_PROCESSOR_FAMILY 57 +#define SMBIOS_PROCESSOR_FAMILY_AMD_ATHLON_II_DUAL_CORE_M_PROCESSOR_FAMILY 58 +#define SMBIOS_PROCESSOR_FAMILY_AMD_OPTERON_6100_SERIES_PROCESSOR 59 +#define SMBIOS_PROCESSOR_FAMILY_AMD_OPTERON_4100_SERIES_PROCESSOR 60 +#define SMBIOS_PROCESSOR_FAMILY_AMD_OPTERON_6200_SERIES_PROCESSOR 61 +#define SMBIOS_PROCESSOR_FAMILY_AMD_OPTERON_4200_SERIES_PROCESSOR 62 +#define SMBIOS_PROCESSOR_FAMILY_AMD_FX_SERIES_PROCESSOR 63 +#define SMBIOS_PROCESSOR_FAMILY_MIPS_FAMILY 64 +#define SMBIOS_PROCESSOR_FAMILY_MIPS_R4000 65 +#define SMBIOS_PROCESSOR_FAMILY_MIPS_R4200 66 +#define SMBIOS_PROCESSOR_FAMILY_MIPS_R4400 67 +#define SMBIOS_PROCESSOR_FAMILY_MIPS_R4600 68 +#define SMBIOS_PROCESSOR_FAMILY_MIPS_R10000 69 +#define SMBIOS_PROCESSOR_FAMILY_AMD_C_SERIES_PROCESSOR 70 +#define SMBIOS_PROCESSOR_FAMILY_AMD_E_SERIES_PROCESSOR 71 +#define SMBIOS_PROCESSOR_FAMILY_AMD_A_SERIES_PROCESSOR 72 +#define SMBIOS_PROCESSOR_FAMILY_AMD_G_SERIES_PROCESSOR 73 +#define SMBIOS_PROCESSOR_FAMILY_AMD_Z_SERIES_PROCESSOR 74 +#define SMBIOS_PROCESSOR_FAMILY_AMD_R_SERIES_PROCESSOR 75 +#define SMBIOS_PROCESSOR_FAMILY_AMD_OPTERON_4300_SERIES_PROCESSOR 76 +#define SMBIOS_PROCESSOR_FAMILY_AMD_OPTERON_6300_SERIES_PROCESSOR 77 +#define SMBIOS_PROCESSOR_FAMILY_AMD_OPTERON_3300_SERIES_PROCESSOR 78 +#define SMBIOS_PROCESSOR_FAMILY_AMD_FIREPRO_SERIES_PROCESSOR 79 +#define SMBIOS_PROCESSOR_FAMILY_SPARC_FAMILY 80 +#define SMBIOS_PROCESSOR_FAMILY_SUPERSPARC 81 +#define SMBIOS_PROCESSOR_FAMILY_MICROSPARC_II 82 +#define SMBIOS_PROCESSOR_FAMILY_MICROSPARC_IIep 83 +#define SMBIOS_PROCESSOR_FAMILY_ULTRASPARC 84 +#define SMBIOS_PROCESSOR_FAMILY_ULTRASPARC_II 85 +#define SMBIOS_PROCESSOR_FAMILY_ULTRASPARC_Iii 86 +#define SMBIOS_PROCESSOR_FAMILY_ULTRASPARC_III 87 +#define SMBIOS_PROCESSOR_FAMILY_ULTRASPARC_IIIi 88 +// 89-95 - Available for assignment +#define SMBIOS_PROCESSOR_FAMILY_68040_FAMILY 96 +#define SMBIOS_PROCESSOR_FAMILY_68XXX 97 +#define SMBIOS_PROCESSOR_FAMILY_68000 98 +#define SMBIOS_PROCESSOR_FAMILY_68010 99 +#define SMBIOS_PROCESSOR_FAMILY_68020 100 +#define SMBIOS_PROCESSOR_FAMILY_68030 101 +#define SMBIOS_PROCESSOR_FAMILY_AMD_ATHLON_X4_QUAD_CORE_PROCESSOR_FAMILY 102 +#define SMBIOS_PROCESSOR_FAMILY_AMD_OPTERON_X1000_SERIES_PROCESSOR 103 +#define SMBIOS_PROCESSOR_FAMILY_AMD_OPTERON_X2000_SERIES_APU 104 +#define SMBIOS_PROCESSOR_FAMILY_AMD_OPTERON_A_SERIES_PROCESSOR 105 +#define SMBIOS_PROCESSOR_FAMILY_AMD_OPTERON_X3000_SERIES_APU 106 +#define SMBIOS_PROCESSOR_FAMILY_AMD_ZEN_PROCESSOR_FAMILY 107 +// 108-111 - Available for assignment +#define SMBIOS_PROCESSOR_FAMILY_HOBBIT_FAMILY 112 +// 113-119 - Available for assignment +#define SMBIOS_PROCESSOR_FAMILY_CRUSOE_TM5000_FAMILY 120 +#define SMBIOS_PROCESSOR_FAMILY_CRUSOE_TM3000_FAMILY 121 +#define SMBIOS_PROCESSOR_FAMILY_EFFICEON_TM8000_FAMILY 122 +// 123-127 - Available for assignment +#define SMBIOS_PROCESSOR_FAMILY_WEITEK 128 +// 129 - Available for assignment +#define SMBIOS_PROCESSOR_FAMILY_ITANIUM_PROCESSOR 130 +#define SMBIOS_PROCESSOR_FAMILY_AMD_ATHLON_64_PROCESSOR_FAMILY 131 +#define SMBIOS_PROCESSOR_FAMILY_AMD_OPTERON_PROCESSOR_FAMILY 132 +#define SMBIOS_PROCESSOR_FAMILY_AMD_SEMPRON_PROCESSOR_FAMILY 133 +#define SMBIOS_PROCESSOR_FAMILY_AMD_TURION_64_MOBILE_TECHNOLOGY 134 +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_AMD_OPTERON_PROCESSOR_FAMILY 135 +#define SMBIOS_PROCESSOR_FAMILY_AMD_ATHLON_64_X2_DUAL_CORE_PROCESSOR_FAMILY 136 +#define SMBIOS_PROCESSOR_FAMILY_AMD_TURION_64_X2_MOBILE_TECHNOLOGY 137 +#define SMBIOS_PROCESSOR_FAMILY_QUAD_CORE_AMD_OPTERON_PROCESSOR_FAMILY 138 +#define SMBIOS_PROCESSOR_FAMILY_THIRD_GENERATION_AMD_OPTERON_PROCESSOR_FAMILY 139 +#define SMBIOS_PROCESSOR_FAMILY_AMD_PHENOM_FX_QUAD_CORE_PROCESSOR_FAMILY 140 +#define SMBIOS_PROCESSOR_FAMILY_AMD_PHENOM_X4_QUAD_CORE_PROCESSOR_FAMILY 141 +#define SMBIOS_PROCESSOR_FAMILY_AMD_PHENOM_X2_DUAL_CORE_PROCESSOR_FAMILY 142 +#define SMBIOS_PROCESSOR_FAMILY_AMD_ATHLON_X2_DUAL_CORE_PROCESSOR_FAMILY 143 +#define SMBIOS_PROCESSOR_FAMILY_PA_RISC_FAMILY 144 +#define SMBIOS_PROCESSOR_FAMILY_PA_RISC_8500 145 +#define SMBIOS_PROCESSOR_FAMILY_PA_RISC_8000 146 +#define SMBIOS_PROCESSOR_FAMILY_PA_RISC_7300LC 147 +#define SMBIOS_PROCESSOR_FAMILY_PA_RISC_7200 148 +#define SMBIOS_PROCESSOR_FAMILY_PA_RISC_7100LC 149 +#define SMBIOS_PROCESSOR_FAMILY_PA_RISC_7100 150 +// 151-159 - Available for assignment +#define SMBIOS_PROCESSOR_FAMILY_V30_FAMILY 160 +#define SMBIOS_PROCESSOR_FAMILY_QUAD_CORE_INTEL_XEON_PROCESSOR_3200_SERIES 161 +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_INTEL_XEON_PROCESSOR_3000_SERIES 162 +#define SMBIOS_PROCESSOR_FAMILY_QUAD_CORE_INTEL_XEON_PROCESSOR_5300_SERIES 163 +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_INTEL_XEON_PROCESSOR_5100_SERIES 164 +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_INTEL_XEON_PROCESSOR_5000_SERIES 165 +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_INTEL_XEON_PROCESSOR_LV 166 +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_INTEL_XEON_PROCESSOR_ULV 167 +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_INTEL_XEON_PROCESSOR_7100_SERIES 168 +#define SMBIOS_PROCESSOR_FAMILY_QUAD_CORE_INTEL_XEON_PROCESSOR_5400_SERIES 169 +#define SMBIOS_PROCESSOR_FAMILY_QUAD_CORE_INTEL_XEON_PROCESSOR 170 +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_INTEL_XEON_PROCESSOR_5200_SERIES 171 +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_INTEL_XEON_PROCESSOR_7200_SERIES 172 +#define SMBIOS_PROCESSOR_FAMILY_QUAD_CORE_INTEL_XEON_PROCESSOR_7300_SERIES 173 +#define SMBIOS_PROCESSOR_FAMILY_QUAD_CORE_INTEL_XEON_PROCESSOR_7400_SERIES 174 +#define SMBIOS_PROCESSOR_FAMILY_MULTI_CORE_INTEL_XEON_PROCESSOR_7400_SERIES 175 +#define SMBIOS_PROCESSOR_FAMILY_PENTIUM_III_XEON_PROCESSOR 176 +#define SMBIOS_PROCESSOR_FAMILY_PENTIUM_III_PROCESSOR_WITH_INTEL_SPEEDSTEP_TECHNOLOGY 177 +#define SMBIOS_PROCESSOR_FAMILY_PENTIUM_4_PROCESSOR 178 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_XEON_PROCESSOR 179 +#define SMBIOS_PROCESSOR_FAMILY_AS400_FAMILY 180 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_XEON_PROCESSOR_MP 181 +#define SMBIOS_PROCESSOR_FAMILY_AMD_ATHLON_XP_PROCESSOR_FAMILY 182 +#define SMBIOS_PROCESSOR_FAMILY_AMD_ATHLON_MP_PROCESSOR_FAMILY 183 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_ITANIUM_2_PROCESSOR 184 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_PENTIUM_M_PROCESSOR 185 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CELERON_D_PROCESSOR 186 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_PENTIUM_D_PROCESSOR 187 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_PENTIUM_PROCESSOR_EXTREME_EDITION 188 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_SOLO_PROCESSOR 189 +#define SMBIOS_PROCESSOR_FAMILY_RESERVED 190 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_2_DUO_PROCESSOR 191 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_2_SOLO_PROCESSOR 192 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_2_EXTREME_PROCESSOR 193 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_2_QUAD_PROCESSOR 194 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_2_EXTREME_MOBILE_PROCESSOR 195 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_2_DUO_MOBILE_PROCESSOR 196 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_2_SOLO_MOBILE_PROCESSOR 197 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_I7_PROCESSOR 198 +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_INTEL_CELERO_PROCESSOR 199 +#define SMBIOS_PROCESSOR_FAMILY_IBM390_FAMILY 200 +#define SMBIOS_PROCESSOR_FAMILY_G4 201 +#define SMBIOS_PROCESSOR_FAMILY_G5 202 +#define SMBIOS_PROCESSOR_FAMILY_ESA_390_G6 203 +#define SMBIOS_PROCESSOR_FAMILY_Z_ARCHITECTURE_BASE 204 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_I5_PROCESSOR 205 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_I3_PROCESSOR 206 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_I9_PROCESSOR 207 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_XEON_D_PROCESSOR_FAMILY 208 +// 209 - Available for assignment +#define SMBIOS_PROCESSOR_FAMILY_VIA_C7_M_PROCESSOR_FAMILY 210 +#define SMBIOS_PROCESSOR_FAMILY_VIA_C7_D_PROCESSOR_FAMILY 211 +#define SMBIOS_PROCESSOR_FAMILY_VIA_C7_PROCESSOR_FAMILY 212 +#define SMBIOS_PROCESSOR_FAMILY_VIA_EDEN_PROCESSOR_FAMILY 213 +#define SMBIOS_PROCESSOR_FAMILY_MULTI_CORE_INTEL_XEON_PROCESSOR 214 +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_INTEL_XEON_PROCESSOR_3XXX_SERIES 215 +#define SMBIOS_PROCESSOR_FAMILY_QUAD_CORE_INTEL_XEON_PROCESSOR_3XXX_SERIES 216 +#define SMBIOS_PROCESSOR_FAMILY_VIA_NANO_PROCESSOR_FAMILY 217 +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_INTEL_XEON_PROCESSOR_5XXX_SERIES 218 +#define SMBIOS_PROCESSOR_FAMILY_QUAD_CORE_INTEL_XEON_PROCESSOR_5XXX_SERIES 219 +// 220 - Available for assignment +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_INTEL_XEON_PROCESSOR_7XXX_SERIES 221 +#define SMBIOS_PROCESSOR_FAMILY_QUAD_CORE_INTEL_XEON_PROCESSOR_7XXX_SERIES 222 +#define SMBIOS_PROCESSOR_FAMILY_MULTI_CORE_INTEL_XEON_PROCESSOR_7XXX_SERIES 223 +#define SMBIOS_PROCESSOR_FAMILY_MULTI_CORE_INTEL_XEON_PROCESSOR_3400_SERIES 224 +// 225-227 - Available for assignment +#define SMBIOS_PROCESSOR_FAMILY_AMD_OPTERON_3000_SERIES_PROCESSOR 228 +#define SMBIOS_PROCESSOR_FAMILY_AMD_SEMPRON_II_PROCESSOR 229 +#define SMBIOS_PROCESSOR_FAMILY_EMBEDDED_AMD_OPTERON_QUAD_CORE_PROCESSOR_FAMILY 230 +#define SMBIOS_PROCESSOR_FAMILY_AMD_PHENOM_TRIPLE_CORE_PROCESSOR_FAMILY 231 +#define SMBIOS_PROCESSOR_FAMILY_AMD_TURION_ULTRA_DUAL_CORE_MOBILE_PROCESSOR_FAMILY 232 +#define SMBIOS_PROCESSOR_FAMILY_AMD_TURION_DUAL_CORE_MOBILE_PROCESSOR_FAMILY 233 +#define SMBIOS_PROCESSOR_FAMILY_AMD_ATHLON_DUAL_CORE_PROCESSOR_FAMILY 234 +#define SMBIOS_PROCESSOR_FAMILY_AMD_SEMPRON_SI_PROCESSOR_FAMILY 235 +#define SMBIOS_PROCESSOR_FAMILY_AMD_PHENOM_II_PROCESSOR_FAMILY 236 +#define SMBIOS_PROCESSOR_FAMILY_AMD_ATHLON_II_PROCESSOR_FAMILY 237 +#define SMBIOS_PROCESSOR_FAMILY_SIX_CORE_AMD_OPTERON_PROCESSOR_FAMILY 238 +#define SMBIOS_PROCESSOR_FAMILY_AMD_SEMPRON_M_PROCESSOR_FAMILY 239 +// 240-249 - Available for assignment +#define SMBIOS_PROCESSOR_FAMILY_I860 250 +#define SMBIOS_PROCESSOR_FAMILY_I960 251 +// 252-253 - Available for assignment +#define SMBIOS_PROCESSOR_FAMILY_USE_2ND_FIELD 254 +// 255 RESERVED +// 256-511 - Available for assignment, except for: +#define SMBIOS_PROCESSOR_FAMILY_ARMV7 256 +#define SMBIOS_PROCESSOR_FAMILY_ARMV8 257 +#define SMBIOS_PROCESSOR_FAMILY_ARMV9 258 +// 259 - Reserved for future use by ARM +#define SMBIOS_PROCESSOR_FAMILY_SH_3 260 +#define SMBIOS_PROCESSOR_FAMILY_SH_4 261 +#define SMBIOS_PROCESSOR_FAMILY_ARM 280 +#define SMBIOS_PROCESSOR_FAMILY_STRONGARM 281 +#define SMBIOS_PROCESSOR_FAMILY_6X86 300 +#define SMBIOS_PROCESSOR_FAMILY_MEDIAGX 301 +#define SMBIOS_PROCESSOR_FAMILY_MII 302 +#define SMBIOS_PROCESSOR_FAMILY_WINCHIP 320 +#define SMBIOS_PROCESSOR_FAMILY_DSP 350 +#define SMBIOS_PROCESSOR_FAMILY_VIDEO_PROCESSOR 500 +// 512-767 - Available for assignment, except for: +#define SMBIOS_PROCESSOR_FAMILY_RISC_V_RV32 512 +#define SMBIOS_PROCESSOR_FAMILY_RISC_V_RV64 513 +#define SMBIOS_PROCESSOR_FAMILY_RISC_V_RV128 514 +#define SMBIOS_PROCESSOR_FAMILY_LOONGARCH 600 +#define SMBIOS_PROCESSOR_FAMILY_LOONGSON_1_PROCESSOR_FAMILY 601 +#define SMBIOS_PROCESSOR_FAMILY_LOONGSON_2_PROCESSOR_FAMILY 602 +#define SMBIOS_PROCESSOR_FAMILY_LOONGSON_3_PROCESSOR_FAMILY 603 +#define SMBIOS_PROCESSOR_FAMILY_LOONGSON_2K_PROCESSOR_FAMILY 604 +#define SMBIOS_PROCESSOR_FAMILY_LOONGSON_3A_PROCESSOR_FAMILY 605 +#define SMBIOS_PROCESSOR_FAMILY_LOONGSON_3B_PROCESSOR_FAMILY 606 +#define SMBIOS_PROCESSOR_FAMILY_LOONGSON_3C_PROCESSOR_FAMILY 607 +#define SMBIOS_PROCESSOR_FAMILY_LOONGSON_3D_PROCESSOR_FAMILY 608 +#define SMBIOS_PROCESSOR_FAMILY_LOONGSON_3E_PROCESSOR_FAMILY 609 +#define SMBIOS_PROCESSOR_FAMILY_DUAL_CORE_LOONGSON_2K_PROCESSOR_2XXX_SERIES 610 +#define SMBIOS_PROCESSOR_FAMILY_QUAD_CORE_LOONGSON_3A_PROCESSOR_5XXX_SERIES 620 +#define SMBIOS_PROCESSOR_FAMILY_MULTI_CORE_LOONGSON_3A_PROCESSOR_5XXX_SERIES 621 +#define SMBIOS_PROCESSOR_FAMILY_QUAD_CORE_LOONGSON_3B_PROCESSOR_5XXX_SERIES 622 +#define SMBIOS_PROCESSOR_FAMILY_MULTI_CORE_LOONGSON_3B_PROCESSOR_5XXX_SERIES 623 +#define SMBIOS_PROCESSOR_FAMILY_MULTI_CORE_LOONGSON_3C_PROCESSOR_5XXX_SERIES 624 +#define SMBIOS_PROCESSOR_FAMILY_MULTI_CORE_LOONGSON_3D_PROCESSOR_5XXX_SERIES 625 +// 768-1023 - Available for assignment, except for: +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_3 768 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_5 769 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_7 770 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_9 771 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_ULTRA_3 772 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_ULTRA_5 773 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_ULTRA_7 774 +#define SMBIOS_PROCESSOR_FAMILY_INTEL_CORE_ULTRA_9 775 +// 1024-65533 - Available for assignment +// 65534–65535 - RESERVED + +#define SMBIOS_PROCESSOR_STATUS_UNKNOWN 0 +#define SMBIOS_PROCESSOR_STATUS_ENABLED 1 +#define SMBIOS_PROCESSOR_STATUS_DISABLED_BY_USER 2 +#define SMBIOS_PROCESSOR_STATUS_DISABLED_BY_FIRMWARE 3 +#define SMBIOS_PROCESSOR_STATUS_IDLE 4 +#define SMBIOS_PROCESSOR_STATUS_RESERVED_5 5 +#define SMBIOS_PROCESSOR_STATUS_RESERVED_6 6 +#define SMBIOS_PROCESSOR_STATUS_OTHER 7 + +#define SMBIOS_PROCESSOR_UPGRADE_OTHER 1 +#define SMBIOS_PROCESSOR_UPGRADE_UNKNOWN 2 +#define SMBIOS_PROCESSOR_UPGRADE_DAUGHTER_BOARD 3 +#define SMBIOS_PROCESSOR_UPGRADE_ZIF_SOCKET 4 +#define SMBIOS_PROCESSOR_UPGRADE_REPLACEABLE_PIGGY_BACK 5 +#define SMBIOS_PROCESSOR_UPGRADE_NONE 6 +#define SMBIOS_PROCESSOR_UPGRADE_LIF_SOCKET 7 +#define SMBIOS_PROCESSOR_UPGRADE_SLOT_1 8 +#define SMBIOS_PROCESSOR_UPGRADE_SLOT_2 9 +#define SMBIOS_PROCESSOR_UPGRADE_370_PIN_SOCKET 10 +#define SMBIOS_PROCESSOR_UPGRADE_SLOT_A 11 +#define SMBIOS_PROCESSOR_UPGRADE_SLOT_M 12 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_423 13 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_A 14 // (Socket 462) +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_478 15 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_754 16 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_940 17 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_939 18 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_MPGA604 19 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA771 20 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA775 21 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_S1 22 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_AM2 23 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_F 24 // (1207) +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA1366 25 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_G34 26 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_AM3 27 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_C32 28 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA1156 29 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA1567 30 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_PGA988A 31 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1288 32 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_RPGA988B 33 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1023 34 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1224 35 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA1155 36 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA1356 37 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA2011 38 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_FS1 39 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_FS2 40 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_FM1 41 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_FM2 42 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA2011_3 43 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA1356_3 44 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA1150 45 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1168 46 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1234 47 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1364 48 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_AM4 49 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA1151 50 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1356 51 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1440 52 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1515 53 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA3647_1 54 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_SP3 55 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_SP3R2 56 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA2066 57 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1392 58 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1510 59 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1528 60 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA4189 61 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA1200 62 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA4677 63 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA1700 64 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1744 65 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1781 66 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1211 67 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA2422 68 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA1211 69 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA2422 70 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA5773 71 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA5773 72 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_AM5 73 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_SP5 74 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_SP6 75 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA883 76 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1190 77 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA4129 78 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA4710 79 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA7529 80 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1964 81 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA1792 82 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA2049 83 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA2551 84 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_LGA1851 85 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA2114 86 +#define SMBIOS_PROCESSOR_UPGRADE_SOCKET_BGA2833 87 +#define SMBIOS_PROCESSOR_UPGRADE_INVALID 255 + +#define SMBIOS_PROCESSOR_FLAG_RESERVED ((USHORT)0x0001) +#define SMBIOS_PROCESSOR_FLAG_UNKNOWN ((USHORT)0x0002) +#define SMBIOS_PROCESSOR_FLAG_64_BIT_CAPABLE ((USHORT)0x0004) +#define SMBIOS_PROCESSOR_FLAG_MILT_CORE ((USHORT)0x0008) +#define SMBIOS_PROCESSOR_FLAG_HARDWARE_THREADED ((USHORT)0x0010) +#define SMBIOS_PROCESSOR_FLAG_EXECUTE_PROTECTION ((USHORT)0x0020) +#define SMBIOS_PROCESSOR_FLAG_ENHANCED_VIRTUALIZATION ((USHORT)0x0040) +#define SMBIOS_PROCESSOR_FLAG_POWER_PERFORMANCE_CONTROL ((USHORT)0x0080) +#define SMBIOS_PROCESSOR_FLAG_128_BIT_CAPABLE ((USHORT)0x0100) +#define SMBIOS_PROCESSOR_FLAG_ARM64_SOC ((USHORT)0x0200) +#define SMBIOS_PROCESSOR_FLAG_RESERVED_2 ((USHORT)0xFC00) + +// +// Memory Controller Information (Type 5, Obsolete) +// + +#define SMBIOS_MEMORY_CONTROLLER_INFORMATION_TYPE ((UINT8)5) + +typedef struct _SMBIOS_MEMORY_CONTROLLER_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.0+ + UINT8 ErrorDetectionMethod; // SMBIOS_MEMORY_CONTROLLER_ERROR_DETECTION_* + UINT8 ErrorCorrectionCapabilities; // SMBIOS_MEMORY_CONTROLLER_ERROR_CORRECTION_* + UINT8 SupportedInterleave; // SMBIOS_MEMORY_CONTROLLER_INTERLEAVE_* + UINT8 CurrentInterleave; // SMBIOS_MEMORY_CONTROLLER_INTERLEAVE_* + UINT8 MaximumModuleSize; // 2^n + USHORT SupportedSpeeds; // SMBIOS_MEMORY_CONTROLLER_SPEEDS_* + USHORT SupportedTypes; // SMBIOS_MEMORY_MODULE_TYPE_* + + union + { + struct + { + UINT8 Requires5000mV : 1; // 5V + UINT8 Requires3500mV : 1; // 3.3V + UINT8 Requires2900mV : 1; // 2.9V + UINT8 Reserved : 5; + }; + + UINT8 Value; + } ModuleVoltage; + + UINT8 NumberOfSlots; + USHORT SlotHandles[ANYSIZE_ARRAY]; + // 2.1+ + // SMBIOS_MEMORY_CONTROLLER_INFORMATION_EX +} SMBIOS_MEMORY_CONTROLLER_INFORMATION, * PSMBIOS_MEMORY_CONTROLLER_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_MEMORY_CONTROLLER_INFORMATION) == 0x11); + +typedef struct _SMBIOS_MEMORY_CONTROLLER_INFORMATION_EX +{ + UINT8 EnabledErrorCorrectionCapabilities; // SMBIOS_MEMORY_CONTROLLER_ERROR_CORRECTION_* +} SMBIOS_MEMORY_CONTROLLER_INFORMATION_EX, * PSMBIOS_MEMORY_CONTROLLER_INFORMATION_EX; + +#define SMBIOS_MEMORY_CONTROLLER_ERROR_DETECTION_OTHER ((UINT8)1) +#define SMBIOS_MEMORY_CONTROLLER_ERROR_DETECTION_UNKNOWN ((UINT8)2) +#define SMBIOS_MEMORY_CONTROLLER_ERROR_DETECTION_NONE ((UINT8)3) +#define SMBIOS_MEMORY_CONTROLLER_ERROR_DETECTION_8_BIT_PARITY ((UINT8)4) +#define SMBIOS_MEMORY_CONTROLLER_ERROR_DETECTION_32_BIT_ECC ((UINT8)5) +#define SMBIOS_MEMORY_CONTROLLER_ERROR_DETECTION_64_BIT_ECC ((UINT8)6) +#define SMBIOS_MEMORY_CONTROLLER_ERROR_DETECTION_128_BIT_ECC ((UINT8)7) +#define SMBIOS_MEMORY_CONTROLLER_ERROR_DETECTION_CRC ((UINT8)8) + +#define SMBIOS_MEMORY_CONTROLLER_ERROR_CORRECTION_OTHER ((UINT8)0x01) +#define SMBIOS_MEMORY_CONTROLLER_ERROR_CORRECTION_UNKNOWN ((UINT8)0x02) +#define SMBIOS_MEMORY_CONTROLLER_ERROR_CORRECTION_SINGLE_BIT ((UINT8)0x04) +#define SMBIOS_MEMORY_CONTROLLER_ERROR_CORRECTION_DOUBLE_BIT ((UINT8)0x10) +#define SMBIOS_MEMORY_CONTROLLER_ERROR_CORRECTION_SCRUBBING ((UINT8)0x20) + +#define SMBIOS_MEMORY_CONTROLLER_INTERLEAVE_OTHER ((UINT8)1) +#define SMBIOS_MEMORY_CONTROLLER_INTERLEAVE_UNKNOWN ((UINT8)2) +#define SMBIOS_MEMORY_CONTROLLER_INTERLEAVE_ONE_WAY ((UINT8)3) +#define SMBIOS_MEMORY_CONTROLLER_INTERLEAVE_TWO_WAY ((UINT8)4) +#define SMBIOS_MEMORY_CONTROLLER_INTERLEAVE_FOUR_WAY ((UINT8)5) +#define SMBIOS_MEMORY_CONTROLLER_INTERLEAVE_EIGHT_WAY ((UINT8)6) +#define SMBIOS_MEMORY_CONTROLLER_INTERLEAVE_SIXTEEN_WAY ((UINT8)7) + +#define SMBIOS_MEMORY_CONTROLLER_SPEEDS_OTHER ((USHORT)0x0001) +#define SMBIOS_MEMORY_CONTROLLER_SPEEDS_UNKNOWN ((USHORT)0x0002) +#define SMBIOS_MEMORY_CONTROLLER_SPEEDS_70NS ((USHORT)0x0004) +#define SMBIOS_MEMORY_CONTROLLER_SPEEDS_60NS ((USHORT)0x0008) +#define SMBIOS_MEMORY_CONTROLLER_SPEEDS_50NS ((USHORT)0x0010) +#define SMBIOS_MEMORY_CONTROLLER_SPEEDS_RESERVED ((USHORT)0xFFE0) + +// +// Memory Module Information (Type 6, Obsolete) +// + +#define SMBIOS_MEMORY_MODULE_INFORMATION_TYPE ((UINT8)6) + +typedef union _SMBIOS_MEMORY_MDOULE_SIZE +{ + struct + { + UINT8 Size : 7; + UINT8 DoubleBank : 1; + }; + + UINT8 Value; // SMBIOS_MEMORY_MDOULE_SIZE_VALUE_* +} SMBIOS_MEMORY_MDOULE_SIZE, * PSMBIOS_MEMORY_MDOULE_SIZE; + +#define SMBIOS_MEMORY_MDOULE_SIZE_VALUE_NOT_DETERMINABLE ((UINT8)0x7D) +#define SMBIOS_MEMORY_MDOULE_SIZE_VALUE_NOT_ENABLED ((UINT8)0x7E) +#define SMBIOS_MEMORY_MDOULE_SIZE_VALUE_NOT_INSTALLED ((UINT8)0x7F) + +typedef struct _SMBIOS_MEMORY_MODULE_INFORMATION +{ + SMBIOS_HEADER Header; + UINT8 SocketDesignation; // string + UINT8 BankConnections; + UINT8 CurrentSpeed; + USHORT MemoryType; // SMBIOS_MEMORY_MODULE_TYPE_* + SMBIOS_MEMORY_MDOULE_SIZE InstalledSize; + SMBIOS_MEMORY_MDOULE_SIZE EnabledSize; + + union + { + struct + { + UINT8 UncorrectableErrors : 1; + UINT8 CorrectableErrors : 1; + UINT8 SeeEventLog : 1; + UINT8 Reserved : 5; + }; + + UINT8 Value; + } ErrorStatus; +} SMBIOS_MEMORY_MODULE_INFORMATION, * PSMBIOS_MEMORY_MODULE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_MEMORY_MODULE_INFORMATION) == 0xC); + +#define SMBIOS_MEMORY_MODULE_TYPE_OTHER ((USHORT)0x0001) +#define SMBIOS_MEMORY_MODULE_TYPE_UNKNOWN ((USHORT)0x0002) +#define SMBIOS_MEMORY_MODULE_TYPE_STANDARD ((USHORT)0x0004) +#define SMBIOS_MEMORY_MODULE_TYPE_FAST_PAGE_MODE ((USHORT)0x0008) +#define SMBIOS_MEMORY_MODULE_TYPE_EDO ((USHORT)0x0010) +#define SMBIOS_MEMORY_MODULE_TYPE_PARITY ((USHORT)0x0020) +#define SMBIOS_MEMORY_MODULE_TYPE_ECC ((USHORT)0x0040) +#define SMBIOS_MEMORY_MODULE_TYPE_SIMM ((USHORT)0x0080) +#define SMBIOS_MEMORY_MODULE_TYPE_DIMM ((USHORT)0x0100) +#define SMBIOS_MEMORY_MODULE_TYPE_BURST_EDO ((USHORT)0x0200) +#define SMBIOS_MEMORY_MODULE_TYPE_SDRAM ((USHORT)0x0400) +#define SMBIOS_MEMORY_MODULE_TYPE_RESERVED ((USHORT)0xF800) + +// +// Cache Information (Type 7) +// + +#define SMBIOS_CACHE_INFORMATION_TYPE ((UINT8)7) + +typedef union _SMBIOS_CACHE_USHORT +{ + struct + { + USHORT Size : 15; + USHORT Granularity : 1; // 0 = 1K, 1 = 64K + }; + + USHORT Value; +} SMBIOS_CACHE_USHORT; + +typedef union _SMBIOS_CACHE_ULONG +{ + struct + { + ULONG Size : 31; + ULONG Granularity : 1; // 0 = 1K, 1 = 64K + }; + + ULONG Value; +} SMBIOS_CACHE_ULONG; + +typedef struct _SMBIOS_CACHE_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.0+ + UINT8 SocketDesignation; // string + + union + { + struct + { + USHORT Level : 3; // L1 through L8 + USHORT Socketed : 1; + USHORT Reserved : 1; + USHORT Location : 2; // SMBIO_CACHE_LOCATION_* + USHORT Enabled : 1; + USHORT Mode : 2; // SMBIOS_CACHE_MODE_* + USHORT Reserved2 : 6; + }; + + USHORT Value; + } Configuration; + + SMBIOS_CACHE_USHORT MaximumSize; + SMBIOS_CACHE_USHORT InstalledSize; + USHORT SupportedSRAM; // SMBIOS_CACHE_SUPPORTED_SRAM_* + USHORT CurrentSRAM; // SMBIOS_CACHE_SUPPORTED_SRAM_* + // 2.1+ + UINT8 Speed; + UINT8 ErrorCorrectionType; // SMBIOS_CACHE_ERROR_CORRECTION_* + UINT8 SystemCacheType; // SMBIOS_CACHE_SYSTEM_CACHE_* + UINT8 Associativity; // SMBIOS_CACHE_ASSOCIATIVITY_* + // 3.1+ + SMBIOS_CACHE_ULONG MaximumSize2; + SMBIOS_CACHE_ULONG InstalledSize2; +} SMBIOS_CACHE_INFORMATION, * PSMBIOS_CACHE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_CACHE_INFORMATION) == 0x1B); + +#define SMBIO_CACHE_LOCATION_INTERNAL ((USHORT)0) +#define SMBIO_CACHE_LOCATION_EXTERNAL ((USHORT)1) +#define SMBIO_CACHE_LOCATION_RESERVED ((USHORT)2) +#define SMBIO_CACHE_LOCATION_UNKNOWN ((USHORT)3) + +#define SMBIOS_CACHE_MODE_WRITE_THROUGH ((USHORT)0) +#define SMBIOS_CACHE_MODE_WRITE_BACK ((USHORT)1) +#define SMBIOS_CACHE_MODE_VARIES_WITH_MEMORY_ADDRESS ((USHORT)2) +#define SMBIOS_CACHE_MODE_UNKNOWN ((USHORT)3) + +#define SMBIOS_CACHE_SUPPORTED_SRAM_OTHER ((USHORT)0x0001) +#define SMBIOS_CACHE_SUPPORTED_SRAM_UNKNOWN ((USHORT)0x0002) +#define SMBIOS_CACHE_SUPPORTED_SRAM_NON_BURST ((USHORT)0x0004) +#define SMBIOS_CACHE_SUPPORTED_SRAM_BURST ((USHORT)0x0008) +#define SMBIOS_CACHE_SUPPORTED_SRAM_PIPELINE_BURST ((USHORT)0x0010) +#define SMBIOS_CACHE_SUPPORTED_SRAM_SYNCHRONOUS ((USHORT)0x0020) +#define SMBIOS_CACHE_SUPPORTED_SRAM_ASYNCHRONOUS ((USHORT)0x0040) +#define SMBIOS_CACHE_SUPPORTED_SRAM_RESERVED ((USHORT)0xFF80) + +#define SMBIOS_CACHE_ERROR_CORRECTION_OTHER ((UINT8)1) +#define SMBIOS_CACHE_ERROR_CORRECTION_UNKNOWN ((UINT8)2) +#define SMBIOS_CACHE_ERROR_CORRECTION_NONE ((UINT8)3) +#define SMBIOS_CACHE_ERROR_CORRECTION_PARITY ((UINT8)4) +#define SMBIOS_CACHE_ERROR_CORRECTION_SINGLE_BIT_ECC ((UINT8)5) +#define SMBIOS_CACHE_ERROR_CORRECTION_MULTI_BIT_ECC ((UINT8)6) + +#define SMBIOS_CACHE_SYSTEM_CACHE_OTHER ((UINT8)1) +#define SMBIOS_CACHE_SYSTEM_CACHE_UNKNOWN ((UINT8)2) +#define SMBIOS_CACHE_SYSTEM_CACHE_INSTRUCTION ((UINT8)3) +#define SMBIOS_CACHE_SYSTEM_CACHE_DATA ((UINT8)4) +#define SMBIOS_CACHE_SYSTEM_CACHE_UNIFIED ((UINT8)5) + +#define SMBIOS_CACHE_ASSOCIATIVITY_OTHER ((UINT8)1) +#define SMBIOS_CACHE_ASSOCIATIVITY_UNKNOWN ((UINT8)2) +#define SMBIOS_CACHE_ASSOCIATIVITY_DIRECT_MAPPED ((UINT8)3) +#define SMBIOS_CACHE_ASSOCIATIVITY_2_WAY ((UINT8)4) +#define SMBIOS_CACHE_ASSOCIATIVITY_4_WAY ((UINT8)5) +#define SMBIOS_CACHE_ASSOCIATIVITY_FULL ((UINT8)6) +#define SMBIOS_CACHE_ASSOCIATIVITY_8_WAY ((UINT8)7) +#define SMBIOS_CACHE_ASSOCIATIVITY_16_WAY ((UINT8)8) +#define SMBIOS_CACHE_ASSOCIATIVITY_12_WAY ((UINT8)9) +#define SMBIOS_CACHE_ASSOCIATIVITY_24_WAY ((UINT8)10) +#define SMBIOS_CACHE_ASSOCIATIVITY_32_WAY ((UINT8)11) +#define SMBIOS_CACHE_ASSOCIATIVITY_48_WAY ((UINT8)12) +#define SMBIOS_CACHE_ASSOCIATIVITY_64_WAY ((UINT8)13) +#define SMBIOS_CACHE_ASSOCIATIVITY_20_WAY ((UINT8)14) + +// +// Port Connector Information (Type 8) +// + +#define SMBIOS_PORT_CONNECTOR_INFORMATION_TYPE ((UINT8)8) + +typedef struct _SMBIOS_PORT_CONNECTOR_INFORMATION +{ + SMBIOS_HEADER Header; + UINT8 InternalReferenceDesignator; // string + UINT8 InternalConnectorType; // SMBIOS_PORT_CONNECTOR_TYPE_* + UINT8 ExternalReferenceDesignator; // string + UINT8 ExternalConnectorType; // SMBIOS_PORT_CONNECTOR_TYPE_* + UINT8 PortType; // SMBIOS_PORT_CONNECTOR_PORT_TYPE_* +} SMBIOS_PORT_CONNECTOR_INFORMATION, * PSMBIOS_PORT_CONNECTOR_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_PORT_CONNECTOR_INFORMATION) == 0x9); + +#define SMBIOS_PORT_CONNECTOR_TYPE_NONE ((UINT8)0) +#define SMBIOS_PORT_CONNECTOR_TYPE_CENTRONICS ((UINT8)1) +#define SMBIOS_PORT_CONNECTOR_TYPE_MINI_CENTRONICS ((UINT8)2) +#define SMBIOS_PORT_CONNECTOR_TYPE_PROPRIETARY ((UINT8)3) +#define SMBIOS_PORT_CONNECTOR_TYPE_DB_25_PIN_MALE ((UINT8)4) +#define SMBIOS_PORT_CONNECTOR_TYPE_DB_25_PIN_FEMALE ((UINT8)5) +#define SMBIOS_PORT_CONNECTOR_TYPE_DB_15_PIN_MALE ((UINT8)6) +#define SMBIOS_PORT_CONNECTOR_TYPE_DB_15_PIN_FEMALE ((UINT8)7) +#define SMBIOS_PORT_CONNECTOR_TYPE_DB_9_PIN_MALE ((UINT8)8) +#define SMBIOS_PORT_CONNECTOR_TYPE_DB_9_PIN_FEMALE ((UINT8)9) +#define SMBIOS_PORT_CONNECTOR_TYPE_RJ_11 ((UINT8)10) +#define SMBIOS_PORT_CONNECTOR_TYPE_RJ_54 ((UINT8)11) +#define SMBIOS_PORT_CONNECTOR_TYPE_50_PIN_MINI_SCSI ((UINT8)12) +#define SMBIOS_PORT_CONNECTOR_TYPE_MINI_DIN ((UINT8)13) +#define SMBIOS_PORT_CONNECTOR_TYPE_MICRO_DIN ((UINT8)14) +#define SMBIOS_PORT_CONNECTOR_TYPE_PS2 ((UINT8)15) +#define SMBIOS_PORT_CONNECTOR_TYPE_INFRARED ((UINT8)16) +#define SMBIOS_PORT_CONNECTOR_TYPE_HP_HIL ((UINT8)17) +#define SMBIOS_PORT_CONNECTOR_TYPE_USB ((UINT8)18) +#define SMBIOS_PORT_CONNECTOR_TYPE_SSA_SCSI ((UINT8)19) +#define SMBIOS_PORT_CONNECTOR_TYPE_CIRCULAR_DIN_8_MALE ((UINT8)20) +#define SMBIOS_PORT_CONNECTOR_TYPE_CIRCULAR_DIN_8_FEMALE ((UINT8)21) +#define SMBIOS_PORT_CONNECTOR_TYPE_ON_BOARD_IDE ((UINT8)22) +#define SMBIOS_PORT_CONNECTOR_TYPE_ON_BOARD_FLOPPY ((UINT8)23) +#define SMBIOS_PORT_CONNECTOR_TYPE_9_PIN_DIAL_INLINE ((UINT8)24) +#define SMBIOS_PORT_CONNECTOR_TYPE_25_PIN_DIAL_INLINE ((UINT8)25) +#define SMBIOS_PORT_CONNECTOR_TYPE_50_PIN_DIAL_INLINE ((UINT8)26) +#define SMBIOS_PORT_CONNECTOR_TYPE_68_PIN_DIAL_INLINE ((UINT8)27) +#define SMBIOS_PORT_CONNECTOR_TYPE_ON_BOARD_INPUT_CD_ROM ((UINT8)28) +#define SMBIOS_PORT_CONNECTOR_TYPE_MINI_CENTRONICS_TYPE_14 ((UINT8)29) +#define SMBIOS_PORT_CONNECTOR_TYPE_MINI_CENTRONICS_TYPE_26 ((UINT8)30) +#define SMBIOS_PORT_CONNECTOR_TYPE_MINI_JACK ((UINT8)31) +#define SMBIOS_PORT_CONNECTOR_TYPE_BNC ((UINT8)32) +#define SMBIOS_PORT_CONNECTOR_TYPE_1394 ((UINT8)33) +#define SMBIOS_PORT_CONNECTOR_TYPE_SAS_SATA ((UINT8)34) +#define SMBIOS_PORT_CONNECTOR_TYPE_USB_TYPE_C ((UINT8)35) +#define SMBIOS_PORT_CONNECTOR_TYPE_PC_98 ((UINT8)160) +#define SMBIOS_PORT_CONNECTOR_TYPE_PC_98_HIRESO ((UINT8)161) +#define SMBIOS_PORT_CONNECTOR_TYPE_PC_H98 ((UINT8)162) +#define SMBIOS_PORT_CONNECTOR_TYPE_PC_98_NOTE ((UINT8)163) +#define SMBIOS_PORT_CONNECTOR_TYPE_PC_98_FULL ((UINT8)164) +#define SMBIOS_PORT_CONNECTOR_TYPE_OTHER ((UINT8)255) + +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_NONE ((UINT8)0) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_PARALLEL_XT_AT ((UINT8)1) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_PARALLEL_PS2 ((UINT8)2) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_PARALLEL_ECP ((UINT8)3) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_PARALLEL_EPP ((UINT8)4) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_PARALLEL_ECP_EPP ((UINT8)5) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_SERIAL_XT_AT ((UINT8)6) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_SERIAL_16450 ((UINT8)7) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_SERIAL_16550 ((UINT8)8) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_SERIAL_16550A ((UINT8)9) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_SCSI ((UINT8)10) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_MIDI ((UINT8)11) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_JOY_STICK ((UINT8)12) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_KEYBOARD ((UINT8)13) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_MOUSE ((UINT8)14) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_SSA_SCSI ((UINT8)15) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_USB ((UINT8)16) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_FIRE_WIRE ((UINT8)17) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_PCMCIA_TYPE_I ((UINT8)18) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_PCMCIA_TYPE_II ((UINT8)19) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_PCMCIA_TYPE_III ((UINT8)20) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_CARD_BUS ((UINT8)21) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_ACCESS_BUS ((UINT8)22) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_SCSI_II ((UINT8)23) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_SCSI_WIDE ((UINT8)24) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_PC_98 ((UINT8)25) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_PC_98_HIRESO ((UINT8)26) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_PC_98H ((UINT8)27) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_VIDEO ((UINT8)28) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_AUDIO ((UINT8)29) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_MODEM ((UINT8)30) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_NETWORK ((UINT8)31) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_SATA ((UINT8)32) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_SAS ((UINT8)33) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_MFDP ((UINT8)34) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_THUNDERBOLT ((UINT8)35) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_8251 ((UINT8)160) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_8251_FIFO ((UINT8)161) +#define SMBIOS_PORT_CONNECTOR_PORT_TYPE_8251_OTHER ((UINT8)255) + +// +// System Slots (Type 9) +// + +#define SMBIOS_SYSTEM_SLOT_INFORMATION_TYPE ((UINT8)9) + +typedef struct _SMBIOS_SYSTEM_SLOT_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.0+ + UINT8 SocketDesignation; // string + UINT8 Type; // SMBIOS_SYSTEM_SLOT_TYPE_* + UINT8 BusWidth; // SMBIOS_SYSTEM_SLOT_BUS_WIDTH_* + UINT8 CurrentUsage; // SMBIOS_SYSTEM_SLOT_USAGE_* + UINT8 Length; // SMBIOS_SYSTEM_SLOT_LENGTH_* + USHORT Identifier; + UINT8 Characteristics; // SMBIOS_SYSTEM_SLOT_FLAG_* + // 2.1+ + UINT8 Characteristics2; // SMBIOS_SYSTEM_SLOT_FLAG_2_* + // 2.6+ + USHORT SegmentGroup; + UINT8 BusNumber; + + union + { + struct + { + UINT8 FunctionNumber : 3; + UINT8 DeviceNumber : 5; + }; + + UINT8 Value; + } DeviceFunctionNumber; + + // 3.2+ + UINT8 BusWidthBase; + UINT8 PeerGroupingCount; + UINT8 PeerGroups[ANYSIZE_ARRAY]; + // 3.4+ + // SMBIOS_SYSTEM_SLOT_INFORMATION_EX +} SMBIOS_SYSTEM_SLOT_INFORMATION, * PSMBIOS_SYSTEM_SLOT_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_SYSTEM_SLOT_INFORMATION) == 0x14); + +typedef struct _SMBIOS_SYSTEM_SLOT_INFORMATION_EX +{ + UINT8 Information; + UINT8 PhysicalWidth; + USHORT Pitch; + UINT8 Height; // SMBIOS_SYSTEM_SLOT_HEIGHT_* +} SMBIOS_SYSTEM_SLOT_INFORMATION_EX, * PSMBIOS_SYSTEM_SLOT_INFORMATION_EX; + +#define SMBIOS_SYSTEM_SLOT_TYPE_OTHER ((UINT8)1) +#define SMBIOS_SYSTEM_SLOT_TYPE_UNKNOWN ((UINT8)2) +#define SMBIOS_SYSTEM_SLOT_TYPE_ISA ((UINT8)3) +#define SMBIOS_SYSTEM_SLOT_TYPE_MCA ((UINT8)4) +#define SMBIOS_SYSTEM_SLOT_TYPE_EISA ((UINT8)5) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI ((UINT8)6) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCMCIA ((UINT8)7) +#define SMBIOS_SYSTEM_SLOT_TYPE_VL_VESA ((UINT8)8) +#define SMBIOS_SYSTEM_SLOT_TYPE_PROPRIETARY ((UINT8)9) +#define SMBIOS_SYSTEM_SLOT_TYPE_PROCESSOR_CARD_SLOT ((UINT8)10) +#define SMBIOS_SYSTEM_SLOT_TYPE_PROPRIETARY_MEMORY_CARD_SLOT ((UINT8)11) +#define SMBIOS_SYSTEM_SLOT_TYPE_IO_RISER_CARD_SLOT ((UINT8)12) +#define SMBIOS_SYSTEM_SLOT_TYPE_NUBUS ((UINT8)13) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_66MHZ_CAPABLE ((UINT8)14) +#define SMBIOS_SYSTEM_SLOT_TYPE_AGP ((UINT8)15) +#define SMBIOS_SYSTEM_SLOT_TYPE_AGP_2X ((UINT8)16) +#define SMBIOS_SYSTEM_SLOT_TYPE_AGP_4X ((UINT8)17) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_X ((UINT8)18) +#define SMBIOS_SYSTEM_SLOT_TYPE_AGP_8X ((UINT8)19) +#define SMBIOS_SYSTEM_SLOT_TYPE_M_2_SOCKET_1_DP_MECHANICAL_KEY_A ((UINT8)20) +#define SMBIOS_SYSTEM_SLOT_TYPE_M_2_SOCKET_1_SD_MECHANICAL_KEY_E ((UINT8)21) +#define SMBIOS_SYSTEM_SLOT_TYPE_M_2_SOCKET_2_MECHANICAL_KEY_B ((UINT8)22) +#define SMBIOS_SYSTEM_SLOT_TYPE_M_2_SOCKET_3_MECHANICAL_KEY_M ((UINT8)23) +#define SMBIOS_SYSTEM_SLOT_TYPE_MXM_TYPE_I ((UINT8)24) +#define SMBIOS_SYSTEM_SLOT_TYPE_MXM_TYPE_II ((UINT8)25) +#define SMBIOS_SYSTEM_SLOT_TYPE_MXM_TYPE_III_STANDARD_CONNECTOR ((UINT8)26) +#define SMBIOS_SYSTEM_SLOT_TYPE_MXM_TYPE_III_HE_CONNECTOR ((UINT8)27) +#define SMBIOS_SYSTEM_SLOT_TYPE_MXM_TYPE_IV ((UINT8)28) +#define SMBIOS_SYSTEM_SLOT_TYPE_MXM_3_0_TYPE_A ((UINT8)29) +#define SMBIOS_SYSTEM_SLOT_TYPE_MXM_3_0_TYPE_B ((UINT8)30) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_2_SFF_8639_U_2 ((UINT8)31) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_3_SFF_8639_U_2 ((UINT8)32) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_MINI_52_PIN_CEM_2_0_WITH_KEEP_OUTS ((UINT8)33) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_MINI_52_PIN_CEM_2_0_WITHOUT_KEEP_OUTS ((UINT8)34) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_MINI_76_PIN_CEM_2_0 ((UINT8)35) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_4_SFF_8639_U_2 ((UINT8)36) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_5_SFF_8639_U_2 ((UINT8)37) +#define SMBIOS_SYSTEM_SLOT_TYPE_OCP_NIC_3_0_SMALL_FORM_FACTOR_SFF ((UINT8)38) +#define SMBIOS_SYSTEM_SLOT_TYPE_OCP_NIC_3_0_LARGE_FORM_FACTOR_LFF ((UINT8)39) +#define SMBIOS_SYSTEM_SLOT_TYPE_OCP_NIC_PRIOR_TO_3_0 ((UINT8)40) +#define SMBIOS_SYSTEM_SLOT_TYPE_CXL_FLEXBUS_1_0 ((UINT8)48) +#define SMBIOS_SYSTEM_SLOT_TYPE_PC_98_C20 ((UINT8)160) +#define SMBIOS_SYSTEM_SLOT_TYPE_PC_98_C24 ((UINT8)161) +#define SMBIOS_SYSTEM_SLOT_TYPE_PC_98_E ((UINT8)162) +#define SMBIOS_SYSTEM_SLOT_TYPE_PC_98_LOCAL_BUS ((UINT8)163) +#define SMBIOS_SYSTEM_SLOT_TYPE_PC_98_CARD ((UINT8)164) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS ((UINT8)165) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_X1 ((UINT8)166) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_X2 ((UINT8)167) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_X4 ((UINT8)168) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_X8 ((UINT8)169) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_X16 ((UINT8)170) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_2 ((UINT8)171) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_2_X1 ((UINT8)172) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_2_X2 ((UINT8)173) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_2_X4 ((UINT8)174) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_2_X8 ((UINT8)175) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_2_X16 ((UINT8)176) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_3 ((UINT8)177) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_3_X1 ((UINT8)178) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_3_X2 ((UINT8)179) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_3_X4 ((UINT8)180) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_3_X8 ((UINT8)181) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_3_X16 ((UINT8)182) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_4 ((UINT8)183) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_4_X1 ((UINT8)184) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_4_X2 ((UINT8)185) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_4_X4 ((UINT8)186) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_4_X8 ((UINT8)187) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_4_X16 ((UINT8)188) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_5 ((UINT8)189) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_5_X1 ((UINT8)190) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_5_X2 ((UINT8)191) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_5_X4 ((UINT8)192) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_5_X8 ((UINT8)193) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_5_X16 ((UINT8)194) +#define SMBIOS_SYSTEM_SLOT_TYPE_PCI_EXPRESS_GEN_6 ((UINT8)195) +#define SMBIOS_SYSTEM_SLOT_TYPE_EDSFF_E1_S_E1_L ((UINT8)196) +#define SMBIOS_SYSTEM_SLOT_TYPE_EDSFF_E3_S_E3_L ((UINT8)197) + +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_OTHER ((UINT8)1) +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_UNKNOWN ((UINT8)2) +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_8_BIT ((UINT8)3) +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_16_BIT ((UINT8)4) +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_32_BIT ((UINT8)5) +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_64_BIT ((UINT8)6) +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_128_BIT ((UINT8)7) +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_1X_OR_1X ((UINT8)8) +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_2X_OR_2X ((UINT8)9) +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_4X_OR_4X ((UINT8)10) +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_8X_OR_8X ((UINT8)11) +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_12X_OR_12X ((UINT8)12) +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_16X_OR_16X ((UINT8)13) +#define SMBIOS_SYSTEM_SLOT_BUS_WIDTH_32X_OR_32X ((UINT8)14) + +#define SMBIOS_SYSTEM_SLOT_USAGE_OTHER ((UINT8)1) +#define SMBIOS_SYSTEM_SLOT_USAGE_UNKNOWN ((UINT8)2) +#define SMBIOS_SYSTEM_SLOT_USAGE_AVAILABLE ((UINT8)3) +#define SMBIOS_SYSTEM_SLOT_USAGE_IN_USE ((UINT8)4) +#define SMBIOS_SYSTEM_SLOT_USAGE_UNAVAILABLE ((UINT8)5) + +#define SMBIOS_SYSTEM_SLOT_LENGTH_OTHER ((UINT8)1) +#define SMBIOS_SYSTEM_SLOT_LENGTH_UNKNOWN ((UINT8)2) +#define SMBIOS_SYSTEM_SLOT_LENGTH_SHORT ((UINT8)3) +#define SMBIOS_SYSTEM_SLOT_LENGTH_LONG ((UINT8)4) +#define SMBIOS_SYSTEM_SLOT_LENGTH_2_5_DRIVE ((UINT8)5) +#define SMBIOS_SYSTEM_SLOT_LENGTH_3_4_DRIVE ((UINT8)6) + +#define SMBIOS_SYSTEM_SLOT_FLAG_UNKNOWN ((UINT8)0x01) +#define SMBIOS_SYSTEM_SLOT_FLAG_5000MV ((UINT8)0x02) +#define SMBIOS_SYSTEM_SLOT_FLAG_3300MV ((UINT8)0x04) +#define SMBIOS_SYSTEM_SLOT_FLAG_SHARED ((UINT8)0x08) +#define SMBIOS_SYSTEM_SLOT_FLAG_CARD_16 ((UINT8)0x10) +#define SMBIOS_SYSTEM_SLOT_FLAG_CARD_BUS ((UINT8)0x20) +#define SMBIOS_SYSTEM_SLOT_FLAG_CARD_ZOOM_VIDEO ((UINT8)0x40) +#define SMBIOS_SYSTEM_SLOT_FLAG_CARD_MODEN_RING_RESUME ((UINT8)0x80) + +#define SMBIOS_SYSTEM_SLOT_FLAG_2_PME_SIGNAL ((UINT8)0x01) +#define SMBIOS_SYSTEM_SLOT_FLAG_2_HOT_PLUG ((UINT8)0x02) +#define SMBIOS_SYSTEM_SLOT_FLAG_2_SMBUS_SIGNAL ((UINT8)0x04) +#define SMBIOS_SYSTEM_SLOT_FLAG_2_PCIE_BIFURCATION ((UINT8)0x08) +#define SMBIOS_SYSTEM_SLOT_FLAG_2_SURPRISE_REMOVAL ((UINT8)0x10) +#define SMBIOS_SYSTEM_SLOT_FLAG_2_FLEXBUS_CLX_1 ((UINT8)0x20) +#define SMBIOS_SYSTEM_SLOT_FLAG_2_FLEXBUS_CLX_2 ((UINT8)0x40) +#define SMBIOS_SYSTEM_SLOT_FLAG_2_FLEXBUS_CLX_4 ((UINT8)0x80) + +#define SMBIOS_SYSTEM_SLOT_HEIGHT_NOT_APPLICABLE ((UINT8)0) +#define SMBIOS_SYSTEM_SLOT_HEIGHT_OTHER ((UINT8)1) +#define SMBIOS_SYSTEM_SLOT_HEIGHT_UNKNOWN ((UINT8)2) +#define SMBIOS_SYSTEM_SLOT_HEIGHT_FULL_HEIGHT ((UINT8)3) +#define SMBIOS_SYSTEM_SLOT_HEIGHT_LOW_PROFILE ((UINT8)4) + +// +// On Board Devices Information (Type 10, Obsolete) +// + +#define SMBIOS_ON_BOARD_DEVICE_INFORMATION_TYPE ((UINT8)10) + +typedef struct _SMBIOS_ON_BOARD_DEVICE_ENTRY +{ + union + { + struct + { + UINT8 Type : 7; // SMBIOS_ON_BOARD_DEVICE_TYPE_* + UINT8 Enabled : 1; + }; + + UINT8 Value; + } Device; + UINT8 Description; // string +} SMBIOS_ON_BOARD_DEVICE_ENTRY, * PSMBIOS_ON_BOARD_DEVICE_ENTRY; + +typedef struct _SMBIOS_ON_BOARD_DEVICE_INFORMATION +{ + SMBIOS_HEADER Header; + SMBIOS_ON_BOARD_DEVICE_ENTRY Devices[ANYSIZE_ARRAY]; // (Header.Length - 4) / 2 +} SMBIOS_ON_BOARD_DEVICE_INFORMATION, * PSMBIOS_ON_BOARD_DEVICE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_ON_BOARD_DEVICE_INFORMATION) == 0x6); + +#define SMBIOS_ON_BOARD_DEVICE_TYPE_OTHER ((UINT8)1) +#define SMBIOS_ON_BOARD_DEVICE_TYPE_UNKNOWN ((UINT8)2) +#define SMBIOS_ON_BOARD_DEVICE_TYPE_VIDEO ((UINT8)3) +#define SMBIOS_ON_BOARD_DEVICE_TYPE_SCSI_CONTROLLER ((UINT8)4) +#define SMBIOS_ON_BOARD_DEVICE_TYPE_ETHERNET ((UINT8)5) +#define SMBIOS_ON_BOARD_DEVICE_TYPE_TOKEN_RING ((UINT8)6) +#define SMBIOS_ON_BOARD_DEVICE_TYPE_SOUND ((UINT8)7) +#define SMBIOS_ON_BOARD_DEVICE_TYPE_PATA_CONTROLLER ((UINT8)8) +#define SMBIOS_ON_BOARD_DEVICE_TYPE_SATA_CONTROLLER ((UINT8)9) +#define SMBIOS_ON_BOARD_DEVICE_TYPE_SAS_CONTROLLER ((UINT8)10) + +#define SMBIOS_OEM_STRING_INFORMATION_TYPE ((UINT8)11) + +// +// OEM Strings (Type 11) +// + +typedef struct _SMBIOS_OEM_STRING_INFORMATION +{ + SMBIOS_HEADER Header; + UINT8 Count; +} SMBIOS_OEM_STRING_INFORMATION, * PSMBIOS_OEM_STRING_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_OEM_STRING_INFORMATION) == 0x5); + +// +// System Configuration Options (Type 12) +// + +#define SMBIOS_SYSTEM_CONFIGURATION_OPTION_INFORMATION_TYPE ((UINT8)12) + +typedef struct _SMBIOS_SYSTEM_CONFIGURATION_OPTION_INFORMATION +{ + SMBIOS_HEADER Header; + UINT8 Count; +} SMBIOS_SYSTEM_CONFIGURATION_OPTION_INFORMATION, * PSMBIOS_SYSTEM_CONFIGURATION_OPTION_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_SYSTEM_CONFIGURATION_OPTION_INFORMATION) == 0x5); + +// +// Firmware Language Information (Type 13) +// + +#define SMBIOS_FIRMWARE_LANGUAGE_INFORMATION_TYPE ((UINT8)13) + +typedef struct _SMBIOS_FIRMWARE_LANGUAGE_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.0+ + UINT8 InstallableLanguages; + + union + { + struct + { + // 2.1+ + UINT8 AbbreviatedFormat : 1; + UINT8 Reserved : 7; + }; + + UINT8 Value; + } Flags; + + UINT8 Reserved[15]; + UINT8 CurrentLanguage; // string +} SMBIOS_FIRMWARE_LANGUAGE_INFORMATION, * PSMBIOS_FIRMWARE_LANGUAGE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_FIRMWARE_LANGUAGE_INFORMATION) == 0x16); + +// +// Group Associations (Type 14) +// + +#define SMBIOS_GROUP_ASSOCIATION_INFORMATION_TYPE ((UINT8)14) + +typedef struct _SMBIOS_GROUP_ASSOCIATION_INFORMATION +{ + SMBIOS_HEADER Header; + UINT8 Name; // string + UINT8 ItemType; + USHORT ItemHandle; +} SMBIOS_GROUP_ASSOCIATION_INFORMATION, * PSMBIOS_GROUP_ASSOCIATION_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_GROUP_ASSOCIATION_INFORMATION) == 0x8); + +// +// System Event Log (Type 15) +// + +#define SMBIOS_SYSTEM_EVENT_LOG_INFORMATION_TYPE ((UINT8)15) + +typedef struct _SMBIOS_SYSTEM_EVENT_LOG_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.0+ + USHORT AreaLength; + USHORT HeaderStartOffset; + USHORT DataStartOffset; + UINT8 AccessMethod; + + union + { + struct + { + UINT8 Valid : 1; + UINT8 Full : 1; + UINT8 Reserved : 6; + }; + + UINT8 Value; + } Status; + + ULONG ChangeToken; + ULONG AccessMethodAddress; + // 2.1+ + UINT8 HeaderFormat; + UINT8 NumberOfDescriptors; + UINT8 LengthOfDescriptors; + UINT8 Descriptors[ANYSIZE_ARRAY]; +} SMBIOS_SYSTEM_EVENT_LOG_INFORMATION, * PSMBIOS_SYSTEM_EVENT_LOG_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_SYSTEM_EVENT_LOG_INFORMATION) == 0x18); + +// +// Physical Memory Array (Type 16) +// + +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_INFORMATION_TYPE ((UINT8)16) + +typedef struct _SMBIOS_PHYSICAL_MEMORY_ARRAY_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.1+ + UINT8 Location; // SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_* + UINT8 Use; // SMBIOS_PHYSICAL_MEMORY_ARRAY_USE_* + UINT8 ErrorCorrection; // SMBIOS_PHYSICAL_MEMORY_ARRAY_ERROR_CORRECTION_* + ULONG MaximumCapacity; + USHORT ErrorInformationHandle; + USHORT NumberOfMemoryDevices; + // 2.7+ + ULONGLONG ExtendedMaximumCapacity; +} SMBIOS_PHYSICAL_MEMORY_ARRAY_INFORMATION, * PSMBIOS_PHYSICAL_MEMORY_ARRAY_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_PHYSICAL_MEMORY_ARRAY_INFORMATION) == 0x17); + +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_OTHER ((UINT8)1) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_UNKNOWN ((UINT8)2) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_MOTHERBOARD ((UINT8)3) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_ISA ((UINT8)4) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_EISA ((UINT8)5) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_PCI ((UINT8)6) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_MCA ((UINT8)7) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_PCMCIA ((UINT8)8) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_PROPRIETARY ((UINT8)9) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_NUBUS ((UINT8)10) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_PC_98_C20 ((UINT8)160) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_PC_98_C24 ((UINT8)161) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_PC_98_E ((UINT8)162) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_PC_98_LOCAL_BUS ((UINT8)163) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_LOCATION_PC_98_CXL ((UINT8)164) + +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_USE_OTHER ((UINT8)1) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_USE_UNKNOWN ((UINT8)2) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_USE_SYSTEM ((UINT8)3) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_USE_VIDEO ((UINT8)4) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_USE_FLASH ((UINT8)5) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_USE_NON_VOLATILE ((UINT8)6) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_USE_CACHE ((UINT8)7) + +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_ERROR_CORRECTION_OTHER ((UINT8)1) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_ERROR_CORRECTION_UNKNOWN ((UINT8)2) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_ERROR_CORRECTION_NONE ((UINT8)3) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_ERROR_CORRECTION_PARITY ((UINT8)4) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_ERROR_CORRECTION_SINGLE_BIT_ECC ((UINT8)5) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_ERROR_CORRECTION_MULTI_BIT_ECC ((UINT8)6) +#define SMBIOS_PHYSICAL_MEMORY_ARRAY_ERROR_CORRECTION_CRC ((UINT8)7) + +// +// Memory Device (Type 17) +// + +#define SMBIOS_MEMORY_DEVICE_INFORMATION_TYPE ((UINT8)17) + +typedef struct _SMBIOS_MEMORY_DEVICE_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.1+ + USHORT PhysicalArrayHandle; + USHORT MemoryErrorInformationHandle; + USHORT TotalWidth; + USHORT DataWidth; + + union + { + struct + { + USHORT Size : 15; + USHORT Granularity : 1; // 0 = megabytes, 1 = kilobytes + }; + + USHORT Value; + } Size; + + UINT8 FormFactor; // SMBIOS_MEMORY_DEVICE_FORM_FACTOR_* + UINT8 DeviceSet; + UINT8 DeviceLocator; // string + UINT8 BankLocator; // string + UINT8 MemoryType; // SMBIOS_MEMORY_DEVICE_TYPE_* + USHORT TypeDetail; // SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_* + USHORT Speed; + // 2.3+ + UINT8 Manufacturer; // string + UINT8 SerialNumber; // string + UINT8 AssetTag; // string + UINT8 PartNumber; // string + // 2.6+ + + union + { + struct + { + UINT8 Rank : 4; + UINT8 Reserved : 4; + }; + + UINT8 Value; + } Attributes; + + // 2.7+ + ULONG ExtendedSize; + USHORT ConfiguredSpeed; + // 2.8+ + USHORT MinimumVoltage; + USHORT MaximumVoltage; + USHORT ConfiguredVoltage; + // 3.2+ + UINT8 Technology; // SMBIOS_MEMORY_DEVICE_TECHNOLOGY_* + USHORT ModeCapabilities; // SMBIOS_MEMORY_DEVICE_MODE_* + UINT8 FirmwareVersion; // string + USHORT ModuleManufacturerID; + USHORT ModuleProductID; + USHORT SubsystemControllerManufacturerID; + USHORT SubsystemControllerProductID; + ULONGLONG NonVolatileSize; + ULONGLONG VolatileSize; + ULONGLONG CacheSize; + ULONGLONG LogicalSize; + // 3.3+ + ULONG ExtendedSpeed; + ULONG ExtendedConfiguredSpeed; + // 3.7+ + USHORT PMIC0ManufacturerID; + USHORT PMIC0Revision; + USHORT RCDManufacturerID; + USHORT RCDRevision; +} SMBIOS_MEMORY_DEVICE_INFORMATION, * PSMBIOS_MEMORY_DEVICE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_MEMORY_DEVICE_INFORMATION) == 0x64); + +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_OTHER ((UINT8)1) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_UNKNOWN ((UINT8)2) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_SIMM ((UINT8)3) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_SIP ((UINT8)4) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_CHIP ((UINT8)5) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_DIP ((UINT8)6) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_ZIP ((UINT8)7) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_PROPRIETARY ((UINT8)8) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_DIMM ((UINT8)9) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_TSOP ((UINT8)10) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_ROW_OF_CHIPS ((UINT8)11) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_RIMM ((UINT8)12) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_SODIMM ((UINT8)13) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_SRIMM ((UINT8)14) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_FB_DIMM ((UINT8)15) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_DIE ((UINT8)16) +#define SMBIOS_MEMORY_DEVICE_FORM_FACTOR_CAMM ((UINT8)17) + +#define SMBIOS_MEMORY_DEVICE_TYPE_OTHER ((UINT8)1) +#define SMBIOS_MEMORY_DEVICE_TYPE_UNKNOWN ((UINT8)2) +#define SMBIOS_MEMORY_DEVICE_TYPE_DRAM ((UINT8)3) +#define SMBIOS_MEMORY_DEVICE_TYPE_EDRAM ((UINT8)4) +#define SMBIOS_MEMORY_DEVICE_TYPE_VRAM ((UINT8)5) +#define SMBIOS_MEMORY_DEVICE_TYPE_SRAM ((UINT8)6) +#define SMBIOS_MEMORY_DEVICE_TYPE_RAM ((UINT8)7) +#define SMBIOS_MEMORY_DEVICE_TYPE_ROM ((UINT8)8) +#define SMBIOS_MEMORY_DEVICE_TYPE_FLASH ((UINT8)9) +#define SMBIOS_MEMORY_DEVICE_TYPE_EEPROM ((UINT8)10) +#define SMBIOS_MEMORY_DEVICE_TYPE_FEPROM ((UINT8)11) +#define SMBIOS_MEMORY_DEVICE_TYPE_EPROM ((UINT8)12) +#define SMBIOS_MEMORY_DEVICE_TYPE_CDRAM ((UINT8)13) +#define SMBIOS_MEMORY_DEVICE_TYPE_3DRAM ((UINT8)14) +#define SMBIOS_MEMORY_DEVICE_TYPE_SDRAM ((UINT8)15) +#define SMBIOS_MEMORY_DEVICE_TYPE_SGRAM ((UINT8)16) +#define SMBIOS_MEMORY_DEVICE_TYPE_RDRAM ((UINT8)17) +#define SMBIOS_MEMORY_DEVICE_TYPE_DDR ((UINT8)18) +#define SMBIOS_MEMORY_DEVICE_TYPE_DDR2 ((UINT8)19) +#define SMBIOS_MEMORY_DEVICE_TYPE_DDR2_FB_DIMM ((UINT8)20) +// 21-23 reserved +#define SMBIOS_MEMORY_DEVICE_TYPE_DDR3 ((UINT8)24) +#define SMBIOS_MEMORY_DEVICE_TYPE_FBD2 ((UINT8)25) +#define SMBIOS_MEMORY_DEVICE_TYPE_DDR4 ((UINT8)26) +#define SMBIOS_MEMORY_DEVICE_TYPE_LPDDR ((UINT8)27) +#define SMBIOS_MEMORY_DEVICE_TYPE_LPDDR2 ((UINT8)28) +#define SMBIOS_MEMORY_DEVICE_TYPE_LPDDR3 ((UINT8)29) +#define SMBIOS_MEMORY_DEVICE_TYPE_LPDDR4 ((UINT8)30) +#define SMBIOS_MEMORY_DEVICE_TYPE_LOCAL_NON_VOLATILE ((UINT8)31) +#define SMBIOS_MEMORY_DEVICE_TYPE_HBM ((UINT8)32) +#define SMBIOS_MEMORY_DEVICE_TYPE_HBM2 ((UINT8)33) +#define SMBIOS_MEMORY_DEVICE_TYPE_DDR5 ((UINT8)34) +#define SMBIOS_MEMORY_DEVICE_TYPE_LPDDR5 ((UINT8)35) +#define SMBIOS_MEMORY_DEVICE_TYPE_HBM3 ((UINT8)36) + +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_RESERVED ((USHORT)0x0001) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_OTHER ((USHORT)0x0002) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_UNKNOWN ((USHORT)0x0004) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_FAST_PAGED ((USHORT)0x0008) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_STATIC_COL ((USHORT)0x0010) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_PSEUDO_STATIC ((USHORT)0x0020) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_RAMBUS ((USHORT)0x0040) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_SYNCHRONOUS ((USHORT)0x0080) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_CMOS ((USHORT)0x0100) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_EDO ((USHORT)0x0200) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_WINDOW_DRAM ((USHORT)0x0400) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_CACHE_DRAM ((USHORT)0x0800) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_NON_VOLATILE ((USHORT)0x1000) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_BUFFERED ((USHORT)0x2000) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_UNBUFFERED ((USHORT)0x4000) +#define SMBIOS_MEMORY_DEVICE_TYPE_DETAIL_LRDIMM ((USHORT)0x8000) + +#define SMBIOS_MEMORY_DEVICE_TECHNOLOGY_OTHER ((UINT8)1) +#define SMBIOS_MEMORY_DEVICE_TECHNOLOGY_UNKNOWN ((UINT8)2) +#define SMBIOS_MEMORY_DEVICE_TECHNOLOGY_DRAM ((UINT8)3) +#define SMBIOS_MEMORY_DEVICE_TECHNOLOGY_NVDIMM_N ((UINT8)4) +#define SMBIOS_MEMORY_DEVICE_TECHNOLOGY_NVDIMM_F ((UINT8)5) +#define SMBIOS_MEMORY_DEVICE_TECHNOLOGY_NVDIMM_P ((UINT8)6) +#define SMBIOS_MEMORY_DEVICE_TECHNOLOGY_INTEL_OPTANE ((UINT8)7) +#define SMBIOS_MEMORY_DEVICE_TECHNOLOGY_MRDIMM ((UINT8)8) + +#define SMBIOS_MEMORY_DEVICE_MODE_RESERVED ((USHORT)0x0001) +#define SMBIOS_MEMORY_DEVICE_MODE_OTHER ((USHORT)0x0002) +#define SMBIOS_MEMORY_DEVICE_MODE_UNKNOWN ((USHORT)0x0004) +#define SMBIOS_MEMORY_DEVICE_MODE_VOLATILE ((USHORT)0x0008) +#define SMBIOS_MEMORY_DEVICE_MODE_BYTE_ACCESSIBLE_PERSISTENT ((USHORT)0x0010) +#define SMBIOS_MEMORY_DEVICE_MODE_BLOCK_ACCESSIBLE_PERSISTENT ((USHORT)0x0020) +#define SMBIOS_MEMORY_DEVICE_MODE_RESERVED2 ((USHORT)0xFFC0) + +// +// 32-Bit Memory Error Information (Type 18) +// + +#define SMBIOS_32_BIT_MEMORY_ERROR_INFORMATION_TYPE ((UINT8)18) + +typedef struct _SMBIOS_32_BIT_MEMORY_ERROR_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.1+ + UINT8 Type; // SMBIOS_MEMORY_ERROR_TYPE_* + UINT8 Granularity; // SMBIOS_MEMORY_ERROR_GRANULARITY_* + UINT8 Operation; // SMBIOS_MEMORY_ERROR_OPERATION_* + ULONG VendorSyndrome; + ULONG ArrayErrorAddress; + ULONG DeviceErrorAddress; + ULONG ErrorResolution; +} SMBIOS_32_BIT_MEMORY_ERROR_INFORMATION, * PSMBIOS_32_BIT_MEMORY_ERROR_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_32_BIT_MEMORY_ERROR_INFORMATION) == 0x17); + +// +// Memory Array Mapped Address (Type 19) +// + +#define SMBIOS_MEMORY_ARRAY_MAPPED_ADDRESS_INFORMATION_TYPE ((UINT8)19) + +typedef struct _SMBIOS_MEMORY_ARRAY_MAPPED_ADDRESS_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.1+ + ULONG StartingAddress; + ULONG EndingAddress; + USHORT ArrayHandle; + UINT8 PartitionWidth; + // 2.7+ + ULONGLONG ExtendedStartingAddress; + ULONGLONG ExtendedEndingAddress; +} SMBIOS_MEMORY_ARRAY_MAPPED_ADDRESS_INFORMATION, * PSMBIOS_MEMORY_ARRAY_MAPPED_ADDRESS_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_MEMORY_ARRAY_MAPPED_ADDRESS_INFORMATION) == 0x1F); + +// +// Memory Device Mapped Address (Type 20) +// + +#define SMBIOS_MEMORY_DEVICE_MAPPED_ADDRESS_INFORMATION_TYPE ((UINT8)20) + +typedef struct _SMBIOS_MEMORY_DEVICE_MAPPED_ADDRESS_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.1+ + ULONG StartingAddress; + ULONG EndingAddress; + USHORT DeviceHandle; + USHORT ArrayMappedAddressHandle; + UINT8 PartitionRowPosition; + UINT8 InterleavePosition; + UINT8 InterleavedDataDepth; + // 2.7+ + ULONGLONG ExtendedStartingAddress; + ULONGLONG ExtendedEndingAddress; +} SMBIOS_MEMORY_DEVICE_MAPPED_ADDRESS_INFORMATION, * PSMBIOS_MEMORY_DEVICE_MAPPED_ADDRESS_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_MEMORY_DEVICE_MAPPED_ADDRESS_INFORMATION) == 0x23); + +// +// Built-in Pointing Device (Type 21) +// + +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INFORMATION_TYPE ((UINT8)21) + +typedef struct _SMBIOS_BUILT_IN_POINTING_DEVICE_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.1+ + UINT8 PointerType; // SMBIOS_BUILT_IN_POINTING_DEVICE_TYPE_* + UINT8 PointerInterface; // SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_* + UINT8 PointerButtons; +} SMBIOS_BUILT_IN_POINTING_DEVICE_INFORMATION, * PSMBIOS_BUILT_IN_POINTING_DEVICE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_BUILT_IN_POINTING_DEVICE_INFORMATION) == 0x7); + +#define SMBIOS_BUILT_IN_POINTING_DEVICE_TYPE_OTHER ((UINT8)1) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_TYPE_UNKNOWN ((UINT8)2) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_TYPE_MOUSE ((UINT8)3) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_TYPE_TRACK_BALL ((UINT8)4) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_TYPE_TRACK_POINT ((UINT8)5) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_TYPE_GLIDE_POINT ((UINT8)6) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_TYPE_TOUCH_PAD ((UINT8)7) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_TYPE_TOUCH_SCREEN ((UINT8)8) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_TYPE_OPTICAL_SENSOR ((UINT8)9) + +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_OTHER ((UINT8)1) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_UNKNOWN ((UINT8)2) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_SERIAL ((UINT8)3) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_PS2 ((UINT8)4) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_INFRARED ((UINT8)5) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_HP_HIL ((UINT8)6) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_BUS_MOUSE ((UINT8)7) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_ADB ((UINT8)8) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_DB_9 ((UINT8)160) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_MICRO_DIN ((UINT8)161) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_USB ((UINT8)162) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_I2C ((UINT8)163) +#define SMBIOS_BUILT_IN_POINTING_DEVICE_INTERFACE_SPI ((UINT8)164) + +// +// Portable Battery (Type 22) +// + +#define SMBIOS_PORTABLE_BATTERY_INFORMATION_TYPE ((UINT8)22) + +typedef struct _SMBIOS_PORTABLE_BATTERY_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.1+ + UINT8 Location; // string + UINT8 Manufacturer; // string + UINT8 ManufactureDate; // string + UINT8 SerialNumber; // string + UINT8 DeviceName; // string + UINT8 DeviceChemistry; // SMBIOS_PORTABLE_BATTERY_CHEMISTRY_* + USHORT DesignCapacity; + USHORT DesignVoltage; + UINT8 SBDSVersionNumber; // string + UINT8 MaximumError; + // 2.2+ + USHORT SBDSSerialNumber; + + union + { + struct + { + USHORT Day : 5; + USHORT Month : 4; + USHORT Year : 7; // Biased by 1980 + }; + + USHORT Value; + } SBDSManufactureDate; + + UINT8 SBDSDeviceChemistry; // string + UINT8 DesignCapacityMultiplier; + ULONG OEMSpecific; +} SMBIOS_PORTABLE_BATTERY_INFORMATION, * PSMBIOS_PORTABLE_BATTERY_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_PORTABLE_BATTERY_INFORMATION) == 0x1A); + +#define SMBIO_PORTABLE_BATTERY_CHEMISTRY_OTHER ((UINT8)1) +#define SMBIO_PORTABLE_BATTERY_CHEMISTRY_UNKNOWN ((UINT8)2) +#define SMBIO_PORTABLE_BATTERY_CHEMISTRY_LEAD_ACID ((UINT8)3) +#define SMBIO_PORTABLE_BATTERY_CHEMISTRY_NICKEL_CADMIUM ((UINT8)4) +#define SMBIO_PORTABLE_BATTERY_CHEMISTRY_NICKEL_METAL ((UINT8)5) +#define SMBIO_PORTABLE_BATTERY_CHEMISTRY_LITHIUM_ION ((UINT8)6) +#define SMBIO_PORTABLE_BATTERY_CHEMISTRY_ZINC_AIR ((UINT8)7) +#define SMBIO_PORTABLE_BATTERY_CHEMISTRY_LITHIUM_POLYMER ((UINT8)8) + +// +// System Reset (Type 23) +// + +#define SMBIOS_SYSTEM_RESET_INFORMATION_TYPE ((UINT8)23) + +typedef struct _SMBIOS_SYSTEM_RESET_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.2+ + + union + { + struct + { + UINT8 UserEnabled : 1; + UINT8 WatchdogReset : 2; // SMBIOS_SYSTEM_RESET_WATCHDOG_* + UINT8 WatchdogAction : 2; // SMBIOS_SYSTEM_RESET_WATCHDOG_* + UINT8 WatchdogExists : 1; + UINT8 Reserved : 2; + }; + + UINT8 Value; + } Capabilities; + + USHORT ResetCount; + USHORT ResetLimit; + USHORT TimerInterval; + USHORT Timeout; +} SMBIOS_SYSTEM_RESET_INFORMATION, * PSMBIOS_SYSTEM_RESET_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_SYSTEM_RESET_INFORMATION) == 0xD); + +#define SMBIOS_SYSTEM_RESET_WATCHDOG_RESERVED ((UINT8)0) +#define SMBIOS_SYSTEM_RESET_WATCHDOG_OPERATING_SYSTEM ((UINT8)1) +#define SMBIOS_SYSTEM_RESET_WATCHDOG_SYSTEM_UTILITES ((UINT8)2) +#define SMBIOS_SYSTEM_RESET_WATCHDOG_DO_NOT_REBOOT ((UINT8)3) + +// +// Hardware Security (Type 24) +// + +#define SMBIOS_HARDWARE_SECURITY_INFORMATION_TYPE ((UINT8)24) + +typedef struct _SMBIOS_HARDWARE_SECURITY_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.2+ + + union + { + struct + { + UINT8 FrontPanelReset : 2; // SMBIOS_HARDWARE_SECURITY_SETTING_* + UINT8 AdministratorPassword : 2; // SMBIOS_HARDWARE_SECURITY_SETTING_* + UINT8 KeyboardPassword : 2; // SMBIOS_HARDWARE_SECURITY_SETTING_* + UINT8 PowerOnPassword : 2; // SMBIOS_HARDWARE_SECURITY_SETTING_* + }; + + UINT8 Value; + } HardwareSecuritySettings; +} SMBIOS_HARDWARE_SECURITY_INFORMATION, * PSMBIOS_HARDWARE_SECURITY_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_HARDWARE_SECURITY_INFORMATION) == 0x5); + +#define SMBIOS_HARDWARE_SECURITY_SETTING_DISABLED ((UINT8)0) +#define SMBIOS_HARDWARE_SECURITY_SETTING_ENABLED ((UINT8)1) +#define SMBIOS_HARDWARE_SECURITY_SETTING_NOT_IMPLEMENTED ((UINT8)2) +#define SMBIOS_HARDWARE_SECURITY_SETTING_UNKNOWN ((UINT8)3) + +// +// System Power Controls (Type 25) +// + +#define SMBIOS_SYSTEM_POWER_CONTROLS_INFORMATION_TYPE ((UINT8)25) + +typedef struct _SMBIOS_SYSTEM_POWER_CONTROLS_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.2+ + UINT8 Month; + UINT8 Day; + UINT8 Hour; + UINT8 Minute; + UINT8 Second; +} SMBIOS_SYSTEM_POWER_CONTROLS_INFORMATION, * PSMBIOS_SYSTEM_POWER_CONTROLS_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_SYSTEM_POWER_CONTROLS_INFORMATION) == 0x9); + +// +// Voltage Probe (Type 26) +// + +#define SMBIOS_VOLTAGE_PROBE_INFORMATION_TYPE ((UINT8)26) + +typedef struct _SMBIOS_VOLTAGE_PROBE_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.2+ + UINT8 Description; // string + + union + { + struct + { + UINT8 Location : 5; // SMBIOS_VOLTAGE_PROBE_LOCATION_* + UINT8 Status : 3; // SMBIOS_PROBE_STATUS_* + }; + + UINT8 Value; + } LocationAndStatus; + + USHORT MaximumValue; + USHORT MinimumValue; + USHORT Resolution; + USHORT Tolerance; + USHORT Accuracy; + ULONG OEMDefined; + USHORT NominalValue; +} SMBIOS_VOLTAGE_PROBE_INFORMATION, * PSMBIOS_VOLTAGE_PROBE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_VOLTAGE_PROBE_INFORMATION) == 0x16); + +#define SMBIOS_VOLTAGE_PROBE_LOCATION_OTHER ((UINT8)1) +#define SMBIOS_VOLTAGE_PROBE_LOCATION_UNKNOWN ((UINT8)2) +#define SMBIOS_VOLTAGE_PROBE_LOCATION_PROCESSOR ((UINT8)3) +#define SMBIOS_VOLTAGE_PROBE_LOCATION_DISK ((UINT8)4) +#define SMBIOS_VOLTAGE_PROBE_LOCATION_PERIPHERAL_BAY ((UINT8)5) +#define SMBIOS_VOLTAGE_PROBE_LOCATION_SYSTEM_MANAGEMENT_MODULE ((UINT8)6) +#define SMBIOS_VOLTAGE_PROBE_LOCATION_MOTHERBOARD ((UINT8)7) +#define SMBIOS_VOLTAGE_PROBE_LOCATION_MEMORY_MODULE ((UINT8)8) +#define SMBIOS_VOLTAGE_PROBE_LOCATION_PROCESSOR_MODULE ((UINT8)9) +#define SMBIOS_VOLTAGE_PROBE_LOCATION_POWER_UNIT ((UINT8)10) +#define SMBIOS_VOLTAGE_PROBE_LOCATION_ADD_IN_CARD ((UINT8)11) + +// +// Cooling Device (Type 27) +// + +#define SMBIOS_COOLING_DEVICE_INFORMATION_TYPE ((UINT8)27) + +typedef struct _SMBIOS_COOLING_DEVICE_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.2+ + USHORT TemperatureProbeHandle; + + union + { + struct + { + UINT8 DeviceType : 5; // SMBIOS_COOLING_DEVICE_TYPE_* + UINT8 Status : 3; // SMBIOS_COOLING_DEVICE_STATUS_* + }; + + UINT8 Value; + } DeviceTypeAndStatus; + + UINT8 CoolingUnitGroup; + ULONG OEMDefined; + USHORT NominalSpeed; + // 2.7+ + UINT8 Description; // string +} SMBIOS_COOLING_DEVICE_INFORMATION, * PSMBIOS_COOLING_DEVICE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_COOLING_DEVICE_INFORMATION) == 0xF); + +#define SMBIOS_COOLING_DEVICE_TYPE_OTHER ((UINT8)1) +#define SMBIOS_COOLING_DEVICE_TYPE_UNKNOWN ((UINT8)2) +#define SMBIOS_COOLING_DEVICE_TYPE_FAN ((UINT8)3) +#define SMBIOS_COOLING_DEVICE_TYPE_CENTRIFUGAL_BLOWER ((UINT8)4) +#define SMBIOS_COOLING_DEVICE_TYPE_CHIP_FAN ((UINT8)5) +#define SMBIOS_COOLING_DEVICE_TYPE_CABINET_FAN ((UINT8)6) +#define SMBIOS_COOLING_DEVICE_TYPE_POWER_SUPPLY_FAN ((UINT8)7) +#define SMBIOS_COOLING_DEVICE_TYPE_HEAT_PIPE ((UINT8)8) +#define SMBIOS_COOLING_DEVICE_TYPE_INTEGRATED_REFRIGERATION ((UINT8)9) +#define SMBIOS_COOLING_DEVICE_TYPE_ACTIVE_COOLING ((UINT8)10) +#define SMBIOS_COOLING_DEVICE_TYPE_PASSIVE_COOLING ((UINT8)11) + +#define SMBIOS_COOLING_DEVICE_STATUS_OTHER ((UINT8)1) +#define SMBIOS_COOLING_DEVICE_STATUS_UNKNOWN ((UINT8)2) +#define SMBIOS_COOLING_DEVICE_STATUS_OK ((UINT8)3) +#define SMBIOS_COOLING_DEVICE_STATUS_NON_CRITICAL ((UINT8)4) +#define SMBIOS_COOLING_DEVICE_STATUS_CRITICAL ((UINT8)5) +#define SMBIOS_COOLING_DEVICE_STATUS_NON_RECOVERABLE ((UINT8)6) + +// +// Temperature Probe (Type 28) +// + +#define SMBIOS_TEMPERATURE_PROBE_INFORMATION_TYPE ((UINT8)28) + +typedef struct _SMBIOS_TEMPERATURE_PROBE_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.2+ + UINT8 Description; // string + + union + { + struct + { + UINT8 Location : 5; // SMBIOS_TEMPERATURE_PROBE_LOCATION_* + UINT8 Status : 3; // SMBIOS_PROBE_STATUS_* + }; + + UINT8 Value; + } LocationAndStatus; + + SHORT MaximumValue; + SHORT MinimumValue; + USHORT Resolution; + USHORT Tolerance; + USHORT Accuracy; + ULONG OEMDefined; + SHORT NominalValue; +} SMBIOS_TEMPERATURE_PROBE_INFORMATION, * PSMBIOS_TEMPERATURE_PROBE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_TEMPERATURE_PROBE_INFORMATION) == 0x16); + +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_OTHER ((UINT8)1) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_UNKNOWN ((UINT8)2) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_PROCESSOR ((UINT8)3) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_DISK ((UINT8)4) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_PERIPHERAL_BAY ((UINT8)5) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_SYSTEM_MANAGEMENT_MODULE ((UINT8)6) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_MOTHERBOARD ((UINT8)7) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_MEMORY_MODULE ((UINT8)8) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_PROCESSOR_MODULE ((UINT8)9) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_POWER_UNIT ((UINT8)10) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_ADD_IN_CARD ((UINT8)11) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_FRONT_PANEL_BOARD ((UINT8)12) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_BACK_PANEL_BOARD ((UINT8)13) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_POWER_SYSTEM_BOARD ((UINT8)14) +#define SMBIOS_TEMPERATURE_PROBE_LOCATION_DRIVE_BACK_PLANE ((UINT8)15) + +// +// Electrical Current Probe (Type 29) +// + +#define SMBIOS_ELECTRICAL_CURRENT_PROBE_INFORMATION_TYPE ((UINT8)29) + +typedef struct _SMBIOS_ELECTRICAL_CURRENT_PROBE_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.2+ + UINT8 Description; // string + + union + { + struct + { + UINT8 Location : 5; // SMBIOS_ELECTRICAL_CURRENT_PROBE_LOCATION_* + UINT8 Status : 3; // SMBIOS_PROBE_STATUS_* + }; + + UINT8 Value; + } LocationAndStatus; + + USHORT MaximumValue; + USHORT MinimumValue; + USHORT Resolution; + USHORT Tolerance; + USHORT Accuracy; + ULONG OEMDefined; + USHORT NominalValue; +} SMBIOS_ELECTRICAL_CURRENT_PROBE_INFORMATION, * PSMBIOS_ELECTRICAL_CURRENT_PROBE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_ELECTRICAL_CURRENT_PROBE_INFORMATION) == 0x16); + +#define SMBIOS_ELECTRICAL_CURRENT_PROBE_LOCATION_OTHER ((UINT8)1) +#define SMBIOS_ELECTRICAL_CURRENT_PROBE_LOCATION_UNKNOWN ((UINT8)2) +#define SMBIOS_ELECTRICAL_CURRENT_PROBE_LOCATION_PROCESSOR ((UINT8)3) +#define SMBIOS_ELECTRICAL_CURRENT_PROBE_LOCATION_DISK ((UINT8)4) +#define SMBIOS_ELECTRICAL_CURRENT_PROBE_LOCATION_PERIPHERAL_BAY ((UINT8)5) +#define SMBIOS_ELECTRICAL_CURRENT_PROBE_LOCATION_SYSTEM_MANAGEMENT_MODULE ((UINT8)6) +#define SMBIOS_ELECTRICAL_CURRENT_PROBE_LOCATION_MOTHERBOARD ((UINT8)7) +#define SMBIOS_ELECTRICAL_CURRENT_PROBE_LOCATION_MEMORY_MODULE ((UINT8)8) +#define SMBIOS_ELECTRICAL_CURRENT_PROBE_LOCATION_PROCESSOR_MODULE ((UINT8)9) +#define SMBIOS_ELECTRICAL_CURRENT_PROBE_LOCATION_POWER_UNIT ((UINT8)10) +#define SMBIOS_ELECTRICAL_CURRENT_PROBE_LOCATION_ADD_IN_CARD ((UINT8)11) + +// +// Out-of-Band Remote Access (Type 30) +// + +#define SMBIOS_OUT_OF_BAND_REMOTE_ACCESS_INFORMATION_TYPE ((UINT8)30) + +typedef struct _SMBIOS_OUT_OF_BAND_REMOTE_ACCESS_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.2+ + UINT8 Manufacturer; // string + + union + { + struct + { + UINT8 InboundEnabled : 1; + UINT8 OutboundEnabled : 1; + UINT8 Reserved : 6; + }; + + UINT8 Value; + } Connections; +} SMBIOS_OUT_OF_BAND_REMOTE_ACCESS_INFORMATION, * PSMBIOS_OUT_OF_BAND_REMOTE_ACCESS_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_OUT_OF_BAND_REMOTE_ACCESS_INFORMATION) == 0x6); + +// +// Boot Integrity Services (BIS) Entry Point (Type 31) +// + +#define SMBIOS_BOOT_INTEGRITY_SERVICES_ENTRY_POINT ((UINT8)31) + +// +// Structure type 31 (decimal) is reserved for use by the Boot Integrity Services (BIS). +// See the Boot Integrity Services API Specification for details. +// + +// +// System Boot Information (Type 32) +// + +#define SMBIOS_SYSTEM_BOOT_INFORMATION_TYPE ((UINT8)32) + +typedef struct _SMBIOS_SYSTEM_BOOT_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.3+ + UINT8 Reserved[6]; + UINT8 BootStatus; // SMBIOS_SYSTEM_BOOT_STATUS_* +} SMBIOS_SYSTEM_BOOT_INFORMATION, * PSMBIOS_SYSTEM_BOOT_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_SYSTEM_BOOT_INFORMATION) == 0xB); + +#define SMBIOS_SYSTEM_BOOT_STATUS_NO_ERROR ((UINT8)0) +#define SMBIOS_SYSTEM_BOOT_STATUS_NO_BOOTABLE_MEDIA ((UINT8)1) +#define SMBIOS_SYSTEM_BOOT_STATUS_OPERATING_SYSTEM_FAILED_TO_LOAD ((UINT8)2) +#define SMBIOS_SYSTEM_BOOT_STATUS_FIRMWARE_DETECTED_HARDWARE_FAILURE ((UINT8)3) +#define SMBIOS_SYSTEM_BOOT_STATUS_OPERATING_SYSTEM_DETECTED_FAILURE ((UINT8)4) +#define SMBIOS_SYSTEM_BOOT_STATUS_USER_REQUESTED_BOOT ((UINT8)5) +#define SMBIOS_SYSTEM_BOOT_STATUS_SECURITY_VIOLATION ((UINT8)6) +#define SMBIOS_SYSTEM_BOOT_STATUS_PREVIOUS_REQUESTED_IMAGE ((UINT8)7) +#define SMBIOS_SYSTEM_BOOT_STATUS_WATCHDOG_EXPIRED ((UINT8)8) +// 9-127 specification reserved +// 128-191 OEM reserved +// 192-255 product specific + +// +// 64-Bit Memory Error Information (Type 33) +// + +#define SMBIOS_64_BIT_MEMORY_ERROR_INFORMATION_TYPE ((UINT8)33) + +typedef struct _SMBIOS_64_BIT_MEMORY_ERROR_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.3+ + UINT8 Type; // SMBIOS_MEMORY_ERROR_TYPE_* + UINT8 Granularity; // SMBIOS_MEMORY_ERROR_GRANULARITY_* + UINT8 Operation; // SMBIOS_MEMORY_ERROR_OPERATION_* + ULONG VendorSyndrome; + ULONGLONG ArrayErrorAddress; + ULONGLONG DeviceErrorAddress; + ULONG ErrorResolution; +} SMBIOS_64_BIT_MEMORY_ERROR_INFORMATION, * PSMBIOS_64_BIT_MEMORY_ERROR_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_64_BIT_MEMORY_ERROR_INFORMATION) == 0x1F); + +// +// Management Device (Type 34) +// + +#define SMBIOS_MANAGEMENT_DEVICE_INFORMATION_TYPE ((UINT8)34) + +typedef struct _SMBIOS_MANAGEMENT_DEVICE_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.3+ + UINT8 Description; // string + UINT8 DeviceType; // SMBIOS_MANAGEMENT_DEVICE_TYPE_* + ULONG Address; + UINT8 AddressType; // SMBIOS_MANAGEMENT_DEVICE_ADDRESS_TYPE_* +} SMBIOS_MANAGEMENT_DEVICE_INFORMATION, * PSMBIOS_MANAGEMENT_DEVICE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_MANAGEMENT_DEVICE_INFORMATION) == 0xB); + +#define SMBIOS_MANAGEMENT_DEVICE_TYPE_OTHER ((UINT8)1) +#define SMBIOS_MANAGEMENT_DEVICE_TYPE_UNKNOWN ((UINT8)2) +#define SMBIOS_MANAGEMENT_DEVICE_TYPE_LM75 ((UINT8)3) +#define SMBIOS_MANAGEMENT_DEVICE_TYPE_LM78 ((UINT8)4) +#define SMBIOS_MANAGEMENT_DEVICE_TYPE_LM79 ((UINT8)5) +#define SMBIOS_MANAGEMENT_DEVICE_TYPE_LM80 ((UINT8)6) +#define SMBIOS_MANAGEMENT_DEVICE_TYPE_LM81 ((UINT8)7) +#define SMBIOS_MANAGEMENT_DEVICE_TYPE_ADM9240 ((UINT8)8) +#define SMBIOS_MANAGEMENT_DEVICE_TYPE_DS1780 ((UINT8)9) +#define SMBIOS_MANAGEMENT_DEVICE_TYPE_1617 ((UINT8)10) +#define SMBIOS_MANAGEMENT_DEVICE_TYPE_GL518SM ((UINT8)11) +#define SMBIOS_MANAGEMENT_DEVICE_TYPE_W83781D ((UINT8)12) +#define SMBIOS_MANAGEMENT_DEVICE_TYPE_HT82H791 ((UINT8)13) + +#define SMBIOS_MANAGEMENT_DEVICE_ADDRESS_TYPE_OTHER ((UINT8)1) +#define SMBIOS_MANAGEMENT_DEVICE_ADDRESS_TYPE_UNKNOWN ((UINT8)2) +#define SMBIOS_MANAGEMENT_DEVICE_ADDRESS_TYPE_IO_PORT ((UINT8)3) +#define SMBIOS_MANAGEMENT_DEVICE_ADDRESS_TYPE_MEMORY ((UINT8)4) +#define SMBIOS_MANAGEMENT_DEVICE_ADDRESS_TYPE_SMBUS ((UINT8)5) + +// +// Management Device Component (Type 35) +// + +#define SMBIOS_MANAGEMENT_DEVICE_COMPONENT_INFORMATION_TYPE ((UINT8)35) + +typedef struct _SMBIOS_MANAGEMENT_DEVICE_COMPONENT_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.3+ + UINT8 Description; // string + USHORT ManagementDeviceHandle; + USHORT ComponentHandle; + USHORT ThresholdHandle; +} SMBIOS_MANAGEMENT_DEVICE_COMPONENT_INFORMATION, * PSMBIOS_MANAGEMENT_DEVICE_COMPONENT_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_MANAGEMENT_DEVICE_COMPONENT_INFORMATION) == 0xB); + +// +// Management Device Threshold Data (Type 36) +// + +#define SMBIOS_MANAGEMENT_DEVICE_THRESHOLD_INFORMATION_TYPE ((UINT8)36) + +typedef struct _SMBIOS_MANAGEMENT_DEVICE_THRESHOLD_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.3+ + USHORT LowerThresholdNonCritical; + USHORT UpperThresholdNonCritical; + USHORT LowerThresholdCritical; + USHORT UpperThresholdCritical; + USHORT LowerThresholdNonRecoverable; + USHORT UpperThresholdNonRecoverable; +} SMBIOS_MANAGEMENT_DEVICE_THRESHOLD_INFORMATION, * PSMBIOS_MANAGEMENT_DEVICE_THRESHOLD_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_MANAGEMENT_DEVICE_THRESHOLD_INFORMATION) == 0x10); + +// +// Memory Channel (Type 37) +// + +#define SMBIOS_MEMORY_CHANNEL_INFORMATION_TYPE ((UINT8)37) + +typedef struct _SMBIOS_MEMORY_CHANNEL_ENTRY +{ + UINT8 Load; + USHORT Handle; +} SMBIOS_MEMORY_CHANNEL_ENTRY, * PSMBIOS_MEMORY_CHANNEL_ENTRY; + +typedef struct _SMBIOS_MEMORY_CHANNEL_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.3+ + UINT8 Type; // SMBIOS_MEMORY_CHANNEL_TYPE_* + USHORT MaximumLoad; + UINT8 Count; + SMBIOS_MEMORY_CHANNEL_ENTRY Entries[ANYSIZE_ARRAY]; +} SMBIOS_MEMORY_CHANNEL_INFORMATION, * PSMBIOS_MEMORY_CHANNEL_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_MEMORY_CHANNEL_INFORMATION) == 0xB); + +#define SMBIOS_MEMORY_CHANNEL_TYPE_OTHER ((UINT8)1) +#define SMBIOS_MEMORY_CHANNEL_TYPE_UNKNOWN ((UINT8)2) +#define SMBIOS_MEMORY_CHANNEL_TYPE_RAMBUS ((UINT8)3) +#define SMBIOS_MEMORY_CHANNEL_TYPE_SYNC_LINK ((UINT8)4) + +// +// IPMI Device Information (Type 38) +// + +#define SMBIOS_IPMI_DEVICE_INFORMATION_TYPE ((UINT8)38) + +typedef struct _SMBIOS_IPMI_DEVICE_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.3+ + UINT8 Type; // SMBIOS_IPMI_INTERFACE_TYPE_* + + union + { + struct + { + UINT8 Minor : 4; + UINT8 Major : 4; + }; + + UINT8 Value; + } SpecificationRevision; + + UINT8 I2CTargetAddress; + UINT8 NVStorageDeviceAddress; + ULONGLONG BaseAddress; + + union + { + struct + { + UINT8 InterruptTriggerMode : 1; // 1 = level, 0 = edge + UINT8 InterruptPolarity : 1; // 1 = active high, 0 = active low + UINT8 Reserved : 1; + UINT8 InterruptInfo : 1; // 1 = specified, 0 = not specified + UINT8 LSBAddress : 1; // address bit 0 value + UINT8 Reserved2 : 1; + UINT8 RegisterSpacing : 2; // SMBIOS_IPMI_REGISTER_SPACING_* + }; + + UINT8 Value; + } Info; + + UINT8 InterruptNumber; +} SMBIOS_IPMI_DEVICE_INFORMATION, * PSMBIOS_IPMI_DEVICE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_IPMI_DEVICE_INFORMATION) == 0x12); + +#define SMBIOS_IPMI_INTERFACE_TYPE_UNKONWN ((UINT8)0) +#define SMBIOS_IPMI_INTERFACE_TYPE_KCS ((UINT8)1) +#define SMBIOS_IPMI_INTERFACE_TYPE_SMIC ((UINT8)2) +#define SMBIOS_IPMI_INTERFACE_TYPE_BT ((UINT8)3) +#define SMBIOS_IPMI_INTERFACE_TYPE_SSIF ((UINT8)4) + +#define SMBIOS_IPMI_REGISTER_SPACING_SUCCESSIVE ((UINT8)0) +#define SMBIOS_IPMI_REGISTER_SPACING_32_BIT ((UINT8)1) +#define SMBIOS_IPMI_REGISTER_SPACING_16_BIT ((UINT8)2) +#define SMBIOS_IPMI_REGISTER_SPACING_RESERVED ((UINT8)3) + +// +// System Power Supply (Type 39) +// + +#define SMBIOS_SYSTEM_POWER_SUPPLY_INFORMATION_TYPE ((UINT8)39) + +typedef struct _SMBIOS_SYSTEM_POWER_SUPPLY_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.3.1+ + UINT8 PowerUnitGroup; + UINT8 Location; // string + UINT8 DeviceName; // string + UINT8 Manufacturer; // string + UINT8 SerialNumber; // string + UINT8 AssetTag; // string + UINT8 ModelPartNumber; // string + UINT8 Revision; // string + USHORT MaxPowerCapacity; + + union + { + struct + { + USHORT HostSwappable : 1; + USHORT Present : 1; + USHORT Unplugged : 1; + USHORT RangeSwitching : 4; // SMBIOS_POWER_SUPPLY_RANGE_SWITCHING_* + USHORT Status : 3; // SMBIOS_POWER_SUPPLY_STATUS_* + USHORT Type : 4; // SMBIOS_POWER_SUPPLY_TYPE_* + USHORT Reserved : 2; + }; + + USHORT Value; + } Characteristics; + + USHORT InputVoltageProbeHandle; + USHORT CoolingDeviceHandle; + USHORT InputCurrentProbeHandle; +} SMBIOS_SYSTEM_POWER_SUPPLY_INFORMATION, * PSMBIOS_SYSTEM_POWER_SUPPLY_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_SYSTEM_POWER_SUPPLY_INFORMATION) == 0x16); + +#define SMBIOS_POWER_SUPPLY_RANGE_SWITCHING_OTHER ((USHORT)1) +#define SMBIOS_POWER_SUPPLY_RANGE_SWITCHING_UNKNOWN ((USHORT)2) +#define SMBIOS_POWER_SUPPLY_RANGE_SWITCHING_MANUAL ((USHORT)3) +#define SMBIOS_POWER_SUPPLY_RANGE_SWITCHING_AUTO_SWITCH ((USHORT)4) +#define SMBIOS_POWER_SUPPLY_RANGE_SWITCHING_WIDE_RANGE ((USHORT)5) +#define SMBIOS_POWER_SUPPLY_RANGE_SWITCHING_NOT_APPLICABLE ((USHORT)6) + +#define SMBIOS_POWER_SUPPLY_STATUS_OTHER ((USHORT)1) +#define SMBIOS_POWER_SUPPLY_STATUS_UNKNOWN ((USHORT)2) +#define SMBIOS_POWER_SUPPLY_STATUS_OK ((USHORT)3) +#define SMBIOS_POWER_SUPPLY_STATUS_NON_CRITICAL ((USHORT)4) +#define SMBIOS_POWER_SUPPLY_STATUS_CRITICAL ((USHORT)5) + +#define SMBIOS_POWER_SUPPLY_TYPE_OTHER ((USHORT)1) +#define SMBIOS_POWER_SUPPLY_TYPE_UNKNOWN ((USHORT)2) +#define SMBIOS_POWER_SUPPLY_TYPE_LINEAR ((USHORT)3) +#define SMBIOS_POWER_SUPPLY_TYPE_SWITCHING ((USHORT)4) +#define SMBIOS_POWER_SUPPLY_TYPE_BATTERY ((USHORT)5) +#define SMBIOS_POWER_SUPPLY_TYPE_UPS ((USHORT)6) +#define SMBIOS_POWER_SUPPLY_TYPE_CONVERTER ((USHORT)7) +#define SMBIOS_POWER_SUPPLY_TYPE_REGULATOR ((USHORT)8) + +// +// Additional Information (Type 40) +// + +#define SMBIOS_ADDITIONAL_INFORMATION_TYPE ((UINT8)40) + +typedef struct _SMBIOS_ADDITIONAL_ENTRY +{ + UINT8 Length; + USHORT ReferencedHandle; + UINT8 ReferencedOffset; + UINT8 String; // string + UINT8 Value[ANYSIZE_ARRAY]; +} SMBIOS_ADDITIONAL_ENTRY, * PSMBIOS_ADDITIONAL_ENTRY; + +typedef struct _SMBIOS_ADDITIONAL_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.6+ + UINT8 Count; + SMBIOS_ADDITIONAL_ENTRY Entries[ANYSIZE_ARRAY]; +} SMBIOS_ADDITIONAL_INFORMATION, * PSMBIOS_ADDITIONAL_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_ADDITIONAL_INFORMATION) == 0xB); + +// +// Onboard Devices Extended Information (Type 41) +// + +#define SMBIOS_ONBOARD_DEVICE_INFORMATION_TYPE ((UINT8)41) + +typedef struct _SMBIOS_ONBOARD_DEVICE_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.6+ + UINT8 ReferenceDesignation; // string + + union + { + struct + { + UINT8 Type : 7; // SMBIOS_ONBOARD_DEVICE_TYPE_* + UINT8 Enabled : 1; + }; + + UINT8 Value; + } DeviceType; + + UINT8 DeviceTypeInstance; + USHORT SegmentGroupNumber; + UINT8 BusNumber; + + union + { + struct + { + UINT8 FunctionNumber : 3; + UINT8 DeviceNumber : 5; + }; + + UINT8 Value; + } DeviceFunctionNumber; + +} SMBIOS_ONBOARD_DEVICE_INFORMATION, * PSMBIOS_ONBOARD_DEVICE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_ONBOARD_DEVICE_INFORMATION) == 0xB); + +#define SMBIOS_ONBOARD_DEVICE_TYPE_OTHER ((UINT8)1) +#define SMBIOS_ONBOARD_DEVICE_TYPE_UNKNOWN ((UINT8)2) +#define SMBIOS_ONBOARD_DEVICE_TYPE_VIDEO ((UINT8)3) +#define SMBIOS_ONBOARD_DEVICE_TYPE_SCSI ((UINT8)4) +#define SMBIOS_ONBOARD_DEVICE_TYPE_ETHERNET ((UINT8)5) +#define SMBIOS_ONBOARD_DEVICE_TYPE_TOKEN_RING ((UINT8)6) +#define SMBIOS_ONBOARD_DEVICE_TYPE_SOUND ((UINT8)7) +#define SMBIOS_ONBOARD_DEVICE_TYPE_PATA ((UINT8)8) +#define SMBIOS_ONBOARD_DEVICE_TYPE_SATA ((UINT8)9) +#define SMBIOS_ONBOARD_DEVICE_TYPE_SAS ((UINT8)10) +#define SMBIOS_ONBOARD_DEVICE_TYPE_WIRELESS_LAN ((UINT8)11) +#define SMBIOS_ONBOARD_DEVICE_TYPE_BLUETOOTH ((UINT8)12) +#define SMBIOS_ONBOARD_DEVICE_TYPE_WWAN ((UINT8)13) +#define SMBIOS_ONBOARD_DEVICE_TYPE_EMMC ((UINT8)14) +#define SMBIOS_ONBOARD_DEIVCE_TYPE_NVME ((UINT8)15) +#define SMBIOS_ONBOARD_DEVICE_TYPE_UFS ((UINT8)16) + +// +// Management Controller Host Interface (Type 42) +// + +#define SMBIOS_MCHI_INFORMATION_TYPE ((UINT8)42) + +typedef struct _SMBIOS_MCHI_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.6+ + UINT8 Type; // SMBIOS_MCHI_TYPE_* + UINT8 Length; + UINT8 Data[ANYSIZE_ARRAY]; + // SMBIOS_MCHI_PROTOCOL_RECORDS +} SMBIOS_MCHI_INFORMATION, * PSMBIOS_MCHI_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_MCHI_INFORMATION) == 0x7); + +typedef struct _SMBIOS_MCHI_PROTOCOL_RECORD +{ + UINT8 Type; // SMBIOS_MCHI_PROTOCOL_TYPE_* + UINT8 Length; + UINT8 Data[ANYSIZE_ARRAY]; +} SMBIOS_MCHI_PROTOCOL_RECORD, * PSMBIOS_MCHI_PROTOCOL_RECORD; + +STATIC_ASSERT(sizeof(SMBIOS_MCHI_PROTOCOL_RECORD) == 0x3); + +typedef struct _SMBIOS_MCHI_PROTOCOL_RECORDS +{ + UINT8 Count; + SMBIOS_MCHI_PROTOCOL_RECORD Records[ANYSIZE_ARRAY]; +} SMBIOS_MCHI_PROTOCOL_RECORDS, * PSMBIOS_MCHI_PROTOCOL_RECORDS; + +STATIC_ASSERT(sizeof(SMBIOS_MCHI_PROTOCOL_RECORDS) == 0x4); + +// 0-63 MCTP host interfaces +#define SMBIOS_MCHI_TYPE_NETWORK_INTERFACE ((UINT8)64) +#define SMBIOS_MCHI_TYPE_OEM_DEFINED ((UINT8)240) + +#define SMBIOS_MCHI_PROTOCOL_TYPE_RESERVED_0 ((UINT8)0) +#define SMBIOS_MCHI_PROTOCOL_TYPE_RESERVED_1 ((UINT8)1) +#define SMBIOS_MCHI_PROTOCOL_TYPE_IPMI ((UINT8)2) +#define SMBIOS_MCHI_PROTOCOL_TYPE_MCTP ((UINT8)3) +#define SMBIOS_MCHI_PROTOCOL_TYPE_REFRESH_OVER_IP ((UINT8)4) +#define SMBIOS_MCHI_PROTOCOL_TYPE_OEM_DEFINED ((UINT8)240) + +// +// TPM Device (Type 43) +// + +#define SMBIOS_TPM_DEVICE_INFORMATION_TYPE ((UINT8)43) + +typedef struct _SMBIOS_TPM_DEVICE_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.6+ + UINT8 VendorID[4]; + UINT8 MajorSpecVersion; + UINT8 MinorSpecVersion; + ULONG FirmwareVersion1; + ULONG FirmwareVersion2; + UINT8 Description; // string + ULONGLONG Characteristics; // SMBIOS_TPM_DEVICE_* + ULONG OEMDefined; +} SMBIOS_TPM_DEVICE_INFORMATION, * PSMBIOS_TPM_DEVICE_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_TPM_DEVICE_INFORMATION) == 0x1F); + +#define SMBIOS_TPM_DEVICE_RESERVED_0 0x0000000000000001ULL +#define SMBIOS_TPM_DEVICE_RESERVED_1 0x0000000000000002ULL +#define SMBIOS_TPM_DEVICE_CONFIGURABLE_VIA_FIRMWARE_UPDATE 0x0000000000000004ULL +#define SMBIOS_TPM_DEVICE_CONFIGURABLE_VIA_SOFTWARE_UPDATE 0x0000000000000008ULL +#define SMBIOS_TPM_DEVICE_CONFIGURABLE_VIA_PROPRIETARY_UPDATE 0x0000000000000010ULL +#define SMBIOS_TPM_DEIVCE_RESERVED 0xFFFFFFFFFFFFFFE0ULL + +// +// Processor Additional Information (Type 44) +// + +#define SMBIOS_PROCESSOR_ADDITIONAL_INFORMATION_TYPE ((UINT8)44) + +typedef struct _SMBIOS_PROCESSOR_SPECIFIC_BLOCK +{ + UINT8 Length; + UINT8 Type; // SMBIOS_PROCESSOR_ARCHITECTURE_TYPE_* + UINT8 Data[ANYSIZE_ARRAY]; +} SMBIOS_PROCESSOR_SPECIFIC_BLOCK, * PSMBIOS_PROCESSOR_SPECIFIC_BLOCK; + +STATIC_ASSERT(sizeof(SMBIOS_PROCESSOR_SPECIFIC_BLOCK) == 0x3); + +typedef struct _SMBIOS_PROCESSOR_ADDITIONAL_INFORMATION +{ + SMBIOS_HEADER Header; + // 2.6+ + USHORT Handle; + SMBIOS_PROCESSOR_SPECIFIC_BLOCK Blocks[ANYSIZE_ARRAY]; +} SMBIOS_PROCESSOR_ADDITIONAL_INFORMATION, * PSMBIOS_PROCESSOR_ADDITIONAL_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_PROCESSOR_ADDITIONAL_INFORMATION) == 0x9); + +#define SMBIOS_PROCESSOR_ARCHITECTURE_TYPE_X86 ((UINT8)1) +#define SMBIOS_PROCESSOR_ARCHITECTURE_TYPE_X64 ((UINT8)2) +#define SMBIOS_PROCESSOR_ARCHITECTURE_TYPE_IA64 ((UINT8)3) +#define SMBIOS_PROCESSOR_ARCHITECTURE_TYPE_ARM32 ((UINT8)4) +#define SMBIOS_PROCESSOR_ARCHITECTURE_TYPE_ARM64 ((UINT8)5) +#define SMBIOS_PROCESSOR_ARCHITECTURE_TYPE_RISCV32 ((UINT8)6) +#define SMBIOS_PROCESSOR_ARCHITECTURE_TYPE_RISCV64 ((UINT8)7) +#define SMBIOS_PROCESSOR_ARCHITECTURE_TYPE_RISCV128 ((UINT8)8) +#define SMBIOS_PROCESSOR_ARCHITECTURE_TYPE_LOONGARCH32 ((UINT8)9) +#define SMBIOS_PROCESSOR_ARCHITECTURE_TYPE_LOONGARCH64 ((UINT8)10) + +// +// Firmware Inventory Information (Type 45) +// + +#define SMBIOS_FIRMWARE_INVENTORY_INFORMATION_TYPE ((UINT8)45) + +typedef struct _SMBIOS_FIRMWARE_INVENTORY_INFORMATION +{ + SMBIOS_HEADER Header; + // 3.5+ + UINT8 ComponentName; // string + UINT8 Version; // string + UINT8 VersionFormat; + UINT8 Identifier; // string + UINT8 IdentifierFormat; + UINT8 ReleaseDate; // string + UINT8 Manufacturer; // string + UINT8 LowestSupportedVersion; // string + ULONGLONG ImageSize; + USHORT Characteristics; // SMBIOS_FIRMWARE_INVENTORY_FLAG_* + UINT8 State; // SMBIOS_FIRMWARE_INVENTORY_STATE_* + UINT8 AssociatedComponents; + USHORT AssociatedComponentHandles[ANYSIZE_ARRAY]; +} SMBIOS_FIRMWARE_INVENTORY_INFORMATION, * PSMBIOS_FIRMWARE_INVENTORY_INFORMATION; + +STATIC_ASSERT(sizeof(SMBIOS_FIRMWARE_INVENTORY_INFORMATION) == 0x1A); + +#define SMBIOS_FIRMWARE_INVENTORY_FLAG_UPDATABLE 0x00000001UL +#define SMBIOS_FIRMWARE_INVENTORY_FLAG_WRITE_PROTECTED 0x00000002UL +#define SMBIOS_FIRMWARE_INVENTORY_FLAG_RESERVED 0xFFFFFFFCUL + +#define SMBIOS_FIRMWARE_INVENTORY_STATE_OTHER ((UINT8)1) +#define SMBIOS_FIRMWARE_INVENTORY_STATE_UNKNOWN ((UINT8)2) +#define SMBIOS_FIRMWARE_INVENTORY_STATE_DISABLED ((UINT8)3) +#define SMBIOS_FIRMWARE_INVENTORY_STATE_ENABLED ((UINT8)4) +#define SMBIOS_FIRMWARE_INVENTORY_STATE_ABSENT ((UINT8)5) +#define SMBIOS_FIRMWARE_INVENTORY_STATE_STANDBY_OFFLINE ((UINT8)6) +#define SMBIOS_FIRMWARE_INVENTORY_STATE_STANDBY_SPARE ((UINT8)7) +#define SMBIOS_FIRMWARE_INVENTORY_STATE_OFFLINE ((UINT8)8) + +// +// String Property (Type 46) +// + +#define SMBIOS_STRING_PROPERTY_TYPE ((UINT8)46) + +typedef struct _SMBIOS_STRING_PROPERTY +{ + SMBIOS_HEADER Header; + // 3.5+ + USHORT Identifier; // SMBIOS_STRING_PROPERTY_ID_* + UINT8 String; + USHORT ParentHandle; +} SMBIOS_STRING_PROPERTY, * PSMBIOS_STRING_PROPERTY; + +STATIC_ASSERT(sizeof(SMBIOS_STRING_PROPERTY) == 0x9); + +#define SMBIOS_STRING_PROPERTY_ID_RESERVED ((UINT8)1) +#define SMBIOS_STRING_PROPERTY_ID_UEIF_DEVICE_PATH ((UINT8)2) + +// +// Inactive (Type 126) +// + +#define SMBIOS_INACTIVE_TYPE ((UINT8)126) + +typedef struct _SMBIOS_INACTIVE +{ + SMBIOS_HEADER Header; +} SMBIOS_INACTIVE, * PSMBIOS_INACTIVE; + +STATIC_ASSERT(sizeof(SMBIOS_INACTIVE) == 0x4); + +// +// End-of-Table (Type 127) +// + +#define SMBIOS_END_OF_TABLE_TYPE ((UINT8)127) + +typedef struct _SMBIOS_END_OF_TABLE +{ + SMBIOS_HEADER Header; +} SMBIOS_END_OF_TABLE, * PSMBIOS_END_OF_TABLE; + +STATIC_ASSERT(sizeof(SMBIOS_END_OF_TABLE) == 0x4); + +#include + + +VEIL_END() + +#if _MSC_VER >= 1200 +#pragma warning(pop) +#endif + +#endif // _SMBIOS_H \ No newline at end of file diff --git a/Veil/Veil.System.Win32.h b/Veil/Veil.System.Win32.h index 9ce4f70..50d2500 100644 --- a/Veil/Veil.System.Win32.h +++ b/Veil/Veil.System.Win32.h @@ -1703,6 +1703,51 @@ NtUserWindowFromPoint( _In_ POINT Point ); +__kernel_entry W32KAPI +LOGICAL +NTAPI +NtUserSetChildWindowNoActivate( + _In_ HWND WindowHandle +); + +// User32 ordinal 2005 +__kernel_entry W32KAPI +LOGICAL +NTAPI +SetChildWindowNoActivate( + _In_ HWND WindowHandle +); + +__kernel_entry W32KAPI +HWND +NTAPI +NtUserGhostWindowFromHungWindow( + _In_ HWND WindowHandle +); + +__kernel_entry W32KAPI +HWND +NTAPI +NtUserHungWindowFromGhostWindow( + _In_ HWND WindowHandle +); + +__kernel_entry W32KAPI +HWND +NTAPI +GhostWindowFromHungWindow( + _In_ HWND WindowHandle +); + +__kernel_entry W32KAPI +HWND +NTAPI +HungWindowFromGhostWindow( + _In_ HWND WindowHandle +); + + + // Peb!KernelCallbackTable = user32.dll!apfnDispatch typedef struct _KERNEL_CALLBACK_TABLE { diff --git a/Veil/Veil.System.WindowStation.h b/Veil/Veil.System.WindowStation.h index cf366c6..1689f16 100644 --- a/Veil/Veil.System.WindowStation.h +++ b/Veil/Veil.System.WindowStation.h @@ -146,39 +146,39 @@ typedef struct _SESSIONIDW // private typedef enum _WINSTATIONINFOCLASS { - WinStationCreateData, // WINSTATIONCREATE - WinStationConfiguration, // WINSTACONFIGWIRE + USERCONFIG - WinStationPdParams, // PDPARAMS - WinStationWd, // WDCONFIG - WinStationPd, // PDCONFIG2 + PDPARAMS - WinStationPrinter, // Not supported. - WinStationClient, // WINSTATIONCLIENT - WinStationModules, - WinStationInformation, // WINSTATIONINFORMATION - WinStationTrace, - WinStationBeep, - WinStationEncryptionOff, + WinStationCreateData, // q: WINSTATIONCREATE + WinStationConfiguration, // qs: WINSTACONFIGWIRE + USERCONFIG + WinStationPdParams, // qs: PDPARAMS + WinStationWd, // q: WDCONFIG + WinStationPd, // q: PDCONFIG2 + PDPARAMS + WinStationPrinter, // qs: Not supported. + WinStationClient, // q: WINSTATIONCLIENT + WinStationModules, // q: + WinStationInformation, // q: WINSTATIONINFORMATION + WinStationTrace, // qs: + WinStationBeep, // s: // 10 + WinStationEncryptionOff, // s: WinStationEncryptionPerm, - WinStationNtSecurity, // s; (open secure desktop ctrl+alt+del) - WinStationUserToken, // WINSTATIONUSERTOKEN + WinStationNtSecurity, // s: (open secure desktop ctrl+alt+del) + WinStationUserToken, // q: WINSTATIONUSERTOKEN WinStationUnused1, - WinStationVideoData, // WINSTATIONVIDEODATA - WinStationInitialProgram, // s; (set current process as initial program) - WinStationCd, // CDCONFIG - WinStationSystemTrace, - WinStationVirtualData, + WinStationVideoData, // q: WINSTATIONVIDEODATA + WinStationInitialProgram, // s: (set current process as initial program) + WinStationCd, // q: CDCONFIG + WinStationSystemTrace, // qs: + WinStationVirtualData, // q: // 20 WinStationClientData, // WINSTATIONCLIENTDATA - WinStationSecureDesktopEnter, - WinStationSecureDesktopExit, - WinStationLoadBalanceSessionTarget, // ULONG - WinStationLoadIndicator, // WINSTATIONLOADINDICATORDATA - WinStationShadowInfo, // WINSTATIONSHADOW + WinStationSecureDesktopEnter, // qs: + WinStationSecureDesktopExit, // qs: + WinStationLoadBalanceSessionTarget, // q: ULONG + WinStationLoadIndicator, // q: WINSTATIONLOADINDICATORDATA + WinStationShadowInfo, // qs: WINSTATIONSHADOW WinStationDigProductId, // WINSTATIONPRODID WinStationLockedState, // BOOL WinStationRemoteAddress, // WINSTATIONREMOTEADDRESS - WinStationIdleTime, // ULONG + WinStationIdleTime, // ULONG // 30 WinStationLastReconnectType, // ULONG - WinStationDisallowAutoReconnect, // BOOLEAN + WinStationDisallowAutoReconnect, // qs: BOOLEAN WinStationMprNotifyInfo, WinStationExecSrvSystemPipe, // WCHAR[48] WinStationSmartCardAutoLogon, // BOOLEAN @@ -186,11 +186,13 @@ typedef enum _WINSTATIONINFOCLASS WinStationReconnectedFromId, // ULONG WinStationEffectsPolicy, // ULONG WinStationType, // ULONG - WinStationInformationEx, // WINSTATIONINFORMATIONEX + WinStationInformationEx, // WINSTATIONINFORMATIONEX // 40 WinStationValidationInfo } WINSTATIONINFOCLASS; -// Retrieves general information on the type of terminal server session (protocol) to which the session belongs. +/** + * Retrieves general information used to create the terminal server session (protocol) to which the station belongs. + */ typedef struct _WINSTATIONCREATE { ULONG fEnableWinStation : 1; @@ -764,7 +766,7 @@ typedef struct _TS_SYS_PROCESS_INFORMATION ULONG NumberOfThreads; LARGE_INTEGER SpareLi1; LARGE_INTEGER SpareLi2; - LARGE_INTEGER SpareLi3; + LARGE_INTEGER CycleTime; LARGE_INTEGER CreateTime; LARGE_INTEGER UserTime; LARGE_INTEGER KernelTime; @@ -774,7 +776,7 @@ typedef struct _TS_SYS_PROCESS_INFORMATION ULONG InheritedFromUniqueProcessId; ULONG HandleCount; ULONG SessionId; - ULONG SpareUl3; + ULONG UniqueProcessKey; SIZE_T PeakVirtualSize; SIZE_T VirtualSize; ULONG PageFaultCount; @@ -1070,6 +1072,8 @@ WinStationEnumerateProcesses( _Out_ PVOID* Processes ); +#define WINSTATION_PROCESS_LEVEL 0 + // rev NTSYSAPI BOOLEAN