diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2020-11-03 15:28:17 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-11-03 15:28:17 +0100 |
| commit | 90a33d9cc6e62e74984d8a0a6fed9242e68bf353 (patch) | |
| tree | c38fe60d729f76f3188fb3080aa9e8725f6fb22c /api/ntdll.h | |
| parent | wintun: use proper import type for undocumented functions (diff) | |
| download | wintun-90a33d9cc6e62e74984d8a0a6fed9242e68bf353.tar.xz wintun-90a33d9cc6e62e74984d8a0a6fed9242e68bf353.zip | |
api: move undocumented ntdll symbols to ntdll.h
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to '')
| -rw-r--r-- | api/ntdll.h (renamed from api/ntldr.h) | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/api/ntldr.h b/api/ntdll.h index 626a85f..f9c0b15 100644 --- a/api/ntldr.h +++ b/api/ntdll.h @@ -32,6 +32,17 @@ typedef struct _RTL_PROCESS_MODULES RTL_PROCESS_MODULE_INFORMATION Modules[1]; } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES; +#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) // TODO: #include <ntstatus.h> instead of this +#define STATUS_PNP_DEVICE_CONFIGURATION_PENDING ((NTSTATUS)0xC0000495L) -#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) //TODO: #include <ntstatus.h> instead of this -#define STATUS_PNP_DEVICE_CONFIGURATION_PENDING ((NTSTATUS)0xC0000495L)
\ No newline at end of file +/* We can't use RtlGetVersion, because appcompat's aclayers.dll shims it to report Vista + * when run from legacy contexts. So, we instead use the undocumented RtlGetNtVersionNumbers. + * + * Another way would be reading from the PEB directly: + * ((DWORD *)NtCurrentTeb()->ProcessEnvironmentBlock)[sizeof(void *) == 8 ? 70 : 41] + * Or just read from KUSER_SHARED_DATA the same way on 32-bit and 64-bit: + * *(DWORD *)0x7FFE026C + */ +EXTERN_C +DECLSPEC_IMPORT VOID NTAPI +RtlGetNtVersionNumbers(_Out_opt_ DWORD *MajorVersion, _Out_opt_ DWORD *MinorVersion, _Out_opt_ DWORD *BuildNumber); |