-
Notifications
You must be signed in to change notification settings - Fork 29
/
reactos.h
256 lines (211 loc) · 6.32 KB
/
reactos.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
/*
Copyright (C) 2011 Jay Satiro <[email protected]>
All rights reserved.
This file is part of GetHooks.
GetHooks is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GetHooks is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GetHooks. If not, see <https://www.gnu.org/licenses/>.
*/
/**
These are the structs needed to read from the session handle table.
I copied these structs from the ReactOS project (with a few exceptions as noted), and then made
minor modifications to names or types (eg changing to void* to avoid dependency).
*/
#ifndef _REACTOS_H
#define _REACTOS_H
#include <windows.h>
#ifdef __cplusplus
extern "C" {
#endif
// 8/17/2011
// https://reactos.org/wiki/Techwiki:Win32k/HEAD
typedef struct _HEAD
{
HANDLE h;
DWORD cLockObj;
} HEAD, *PHEAD;
// 8/17/2011
// https://reactos.org/wiki/Techwiki:Win32k/HANDLEENTRY
typedef struct _HANDLEENTRY
{
PHEAD pHead;
PVOID pOwner; // PTI or PPI
BYTE bType; // Object handle type
BYTE bFlags; // Flags
WORD wUniq; // Access count.
} HANDLEENTRY, *PHE, *PHANDLEENTRY;
// 8/17/2011
// https://reactos.org/wiki/Techwiki:Win32k/HANDLEENTRY
// HANDLEENTRY.bFlags
#define HANDLEF_DESTROY 0x01
#define HANDLEF_INDESTROY 0x02
#define HANDLEF_INWAITFORDEATH 0x04
#define HANDLEF_FINALDESTROY 0x08
#define HANDLEF_MARKED_OK 0x10
#define HANDLEF_GRANTED 0x20
// mask for valid flags
#define HANDLEF_VALID 0x3F
// 8/17/2011
// https://reactos.org/wiki/Techwiki:Win32k/HANDLEENTRY
// HANDLEENTRY.bType
enum HANDLE_TYPE{
TYPE_FREE = 0 , // 'must be zero!
TYPE_WINDOW = 1 , // 'in order of use for C code lookups
TYPE_MENU = 2, //
TYPE_CURSOR = 3, //
TYPE_SETWINDOWPOS = 4, // HDWP
TYPE_HOOK = 5, //
TYPE_CLIPDATA = 6 , // 'clipboard data
TYPE_CALLPROC = 7, //
TYPE_ACCELTABLE = 8, //
TYPE_DDEACCESS = 9, // tagSVR_INSTANCE_INFO
TYPE_DDECONV = 10, //
TYPE_DDEXACT = 11, // 'DDE transaction tracking info.
TYPE_MONITOR = 12, //
TYPE_KBDLAYOUT = 13, // 'Keyboard Layout handle (HKL) object.
TYPE_KBDFILE = 14, // 'Keyboard Layout file object.
TYPE_WINEVENTHOOK = 15,// 'WinEvent hook (EVENTHOOK)
TYPE_TIMER = 16, //
TYPE_INPUTCONTEXT = 17,// 'Input Context info structure
TYPE_HIDDATA = 18, //
TYPE_DEVICEINFO = 19, //
TYPE_TOUCHINPUT = 20, // 'Ustz' W7U sym tagTOUCHINPUTINFO
TYPE_GESTUREINFO = 21, // 'Usgi'
TYPE_CTYPES = 22, // 'Count of TYPEs; Must be LAST + 1
TYPE_GENERIC = 255 // 'used for generic handle validation
};
// 8/18/2011
// https://reactos.org/wiki/Techwiki:Win32k/SHAREDINFO
typedef struct _WNDMSG
{
DWORD maxMsgs;
DWORD abMsgs;
} WNDMSG, *PWNDMSG;
// 8/17/2011
// https://reactos.org/wiki/Techwiki:Win32k/SHAREDINFO
typedef struct _SHAREDINFO
{
void *psi; //PSERVERINFO
PHANDLEENTRY aheList;
#if 0
/* The rest of the members vary depending on OS.
https://social.msdn.microsoft.com/Forums/vstudio/en-US/5f2df2d8-0ab4-4ab2-9d9d-ddb0673f37a2
*/
ULONG HeEntrySize; // >= Win7 only
void *pDisplayInfo; //PDISPLAYINFO
UINT_PTR ulSharedDelta;
WNDMSG awmControl[31];
WNDMSG DefWindowMsgs;
WNDMSG DefWindowSpecMsgs;
#endif
} SHAREDINFO, *PSHAREDINFO;
// 8/17/2011
// https://reactos.org/wiki/Techwiki:Win32k/HOOK
// https://reactos.org/wiki/Techwiki:Win32k/HEAD
typedef struct _HOOK
{
HEAD head;
void *pti; //PTHREADINFO
void *rpdesk1; //PDESKTOP
void *pSelf; // points to the kernel mode address
struct _HOOK *phkNext;
INT iHook;
UINT_PTR offPfn;
DWORD flags;
INT ihmod;
void *ptiHooked; //PTHREADINFO
void *rpdesk2; //PDESKTOP
} HOOK, *PHOOK;
// 9/18/2011
// https://web.archive.org/web/20120628091644/http://forum.sysinternals.com/enumerate-windows-hooks_topic23877.html
#define HF_GLOBAL 0x0001
#define HF_ANSI 0x0002
#define HF_NEEDHC_SKIP 0x0004
#define HF_HUNG 0x0008
#define HF_HOOKFAULTED 0x0010
#define HF_NOPLAYBACKDELAY 0x0020
#define HF_WX86KNOWINDOWLL 0x0040
#define HF_DESTROYED 0x0080
// mask for valid flags
#define HF_VALID 0x00FF
// 8/17/2011
// https://reactos.org/wiki/Techwiki:Win32k/DESKTOP
#define CWINHOOKS (WH_MAX - WH_MIN + 1)
typedef struct WND *PWND;
typedef struct _DESKTOPINFO
{
/* 000 */ PVOID pvDesktopBase;
/* 004 */ PVOID pvDesktopLimit;
/* 008 */ PWND spwnd;
/* 00c */ DWORD fsHooks;
/* 010 */ PHOOK aphkStart[CWINHOOKS];
/* 050 */ PWND spwndShell;
/* 054 */ void *ppiShellProcess; //PPROCESSINFO
/* 058 */ PWND spwndBkGnd;
/* 05c */ PWND spwndTaskman;
/* 060 */ PWND spwndProgman;
/* 064 */ void *pvwplShellHook; //PVWPL
/* 068 */ INT cntMBox;
PWND spwndGestureEngine;
void *pvwplMessagePPHandler; //PVWPL
#ifdef _MSC_VER
#pragma warning(push)
#pragma warning(disable:4214) /* nonstandard extension: bitfields other than int */
#pragma warning(disable:4201) /* nonstandard extension: nameless struct/union */
#endif
struct
{
ULONG fComposited:1;
ULONG fIsDwmDesktop:1;
};
#ifdef _MSC_VER
#pragma warning(pop)
#endif
} DESKTOPINFO, *PDESKTOPINFO;
/**
these functions are documented in the comment block above their definitions in reactos.c
*/
extern const WCHAR *const w_handlenames[];
extern const unsigned w_handlenames_count;
void print_HANDLEENTRY_type(
const BYTE bType // in
);
void print_HANDLEENTRY_flags(
const BYTE bFlags // in
);
void print_HANDLEENTRY(
const HANDLEENTRY *const entry // in
);
extern const WCHAR *const w_hooknames[];
extern const unsigned w_hooknames_count;
void print_HOOK_id(
const INT iHook // in
);
void print_HOOK_flags(
const DWORD flags // in
);
void print_HOOK_anomalies(
const HOOK *const object // in
);
void print_HOOK(
const HOOK *const object // in
);
int get_HOOK_name_from_id(
const WCHAR **const name, // out deref
const int id // in
);
int get_HOOK_id_from_name(
int *const id, // out
const WCHAR *const name // in
);
#ifdef __cplusplus
}
#endif
#endif // _REACTOS_H