api: move undocumented ntdll symbols to ntdll.h

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

4 files changed, 18 insertions, 18 deletions

diff --git a/api/adapter.c b/api/adapter.c
index cd5f744..602bc8c 100644
--- a/api/adapter.c
+++ b/api/adapter.c
@@ -9,7 +9,7 @@
 #include "logger.h"
 #include "namespace.h"
 #include "nci.h"
-#include "ntldr.h"
+#include "ntdll.h"
 #include "registry.h"
 #include "resource.h"
 
@@ -780,17 +780,6 @@ WintunOpenAdapterDeviceObject(_In_ const WINTUN_ADAPTER *Adapter, _Out_ HANDLE *
     return GetDeviceObject(Adapter->DevInstanceID, Handle);
 }
 
-/* We can't use RtlGetVersion, because appcompat's aclayers.dll shims it to report Vista
- * when run from legacy contexts. So, we instead use the undocumented RtlGetNtVersionNumbers.
- *
- * Another way would be reading from the PEB directly:
- *   ((DWORD *)NtCurrentTeb()->ProcessEnvironmentBlock)[sizeof(void *) == 8 ? 70 : 41]
- * Or just read from KUSER_SHARED_DATA the same way on 32-bit and 64-bit:
- *    *(DWORD *)0x7FFE026C
- */
-extern VOID NTAPI
-RtlGetNtVersionNumbers(_Out_opt_ DWORD *MajorVersion, _Out_opt_ DWORD *MinorVersion, _Out_opt_ DWORD *BuildNumber);
-
 static BOOL
 HaveWHQL(void)
 {
diff --git a/api/api.vcxproj b/api/api.vcxproj
index d28c006..a60a7de 100644
--- a/api/api.vcxproj
+++ b/api/api.vcxproj
@@ -164,7 +164,7 @@ lib.exe /def:nci.def /out:"$(IntDir)nci.lib" /machine:$(PlatformTarget) /nologo
     <ClInclude Include="logger.h" />
     <ClInclude Include="namespace.h" />
     <ClInclude Include="nci.h" />
-    <ClInclude Include="ntldr.h" />
+    <ClInclude Include="ntdll.h" />
     <ClInclude Include="registry.h" />
     <ClInclude Include="resource.h" />
     <ClInclude Include="wintun.h" />
diff --git a/api/api.vcxproj.filters b/api/api.vcxproj.filters
index 231313c..7b3493f 100644
--- a/api/api.vcxproj.filters
+++ b/api/api.vcxproj.filters
@@ -49,9 +49,6 @@
     <ClInclude Include="wintun.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="ntldr.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
     <ClInclude Include="elevate.h">
       <Filter>Header Files</Filter>
     </ClInclude>
@@ -61,6 +58,9 @@
     <ClInclude Include="rundll32.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="ntdll.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="namespace.c">
diff --git a/api/ntldr.h b/api/ntdll.h
index 626a85f..f9c0b15 100644
--- a/api/ntldr.h
+++ b/api/ntdll.h
@@ -32,6 +32,17 @@ typedef struct _RTL_PROCESS_MODULES
     RTL_PROCESS_MODULE_INFORMATION Modules[1];
 } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES;
 
+#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) // TODO: #include <ntstatus.h> instead of this
+#define STATUS_PNP_DEVICE_CONFIGURATION_PENDING ((NTSTATUS)0xC0000495L)
 
-#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) //TODO: #include <ntstatus.h> instead of this
-#define STATUS_PNP_DEVICE_CONFIGURATION_PENDING ((NTSTATUS)0xC0000495L)
\ No newline at end of file
+/* We can't use RtlGetVersion, because appcompat's aclayers.dll shims it to report Vista
+ * when run from legacy contexts. So, we instead use the undocumented RtlGetNtVersionNumbers.
+ *
+ * Another way would be reading from the PEB directly:
+ *   ((DWORD *)NtCurrentTeb()->ProcessEnvironmentBlock)[sizeof(void *) == 8 ? 70 : 41]
+ * Or just read from KUSER_SHARED_DATA the same way on 32-bit and 64-bit:
+ *    *(DWORD *)0x7FFE026C
+ */
+EXTERN_C
+DECLSPEC_IMPORT VOID NTAPI
+RtlGetNtVersionNumbers(_Out_opt_ DWORD *MajorVersion, _Out_opt_ DWORD *MinorVersion, _Out_opt_ DWORD *BuildNumber);