forked from winsiderss/phnt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ntxcapi.h
129 lines (113 loc) · 2.53 KB
/
ntxcapi.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/*
* Exception support functions
*
* This file is part of System Informer.
*/
#ifndef _NTXCAPI_H
#define _NTXCAPI_H
NTSYSAPI
BOOLEAN
NTAPI
RtlDispatchException(
_In_ PEXCEPTION_RECORD ExceptionRecord,
_In_ PCONTEXT ContextRecord
);
NTSYSAPI
DECLSPEC_NORETURN
VOID
NTAPI
RtlRaiseStatus(
_In_ NTSTATUS Status
);
NTSYSAPI
VOID
NTAPI
RtlRaiseException(
_In_ PEXCEPTION_RECORD ExceptionRecord
);
#if (PHNT_VERSION >= PHNT_20H1)
// rev
NTSYSAPI
VOID
NTAPI
RtlRaiseExceptionForReturnAddressHijack(
VOID
);
// rev
NTSYSAPI
DECLSPEC_NORETURN
VOID
NTAPI
RtlRaiseNoncontinuableException(
_In_ PEXCEPTION_RECORD ExceptionRecord,
_In_ PCONTEXT ContextRecord
);
#endif
NTSYSCALLAPI
NTSTATUS
NTAPI
NtContinue(
_In_ PCONTEXT ContextRecord,
_In_ BOOLEAN TestAlert
);
#if (PHNT_VERSION >= PHNT_THRESHOLD)
typedef enum _KCONTINUE_TYPE
{
KCONTINUE_UNWIND,
KCONTINUE_RESUME,
KCONTINUE_LONGJUMP,
KCONTINUE_SET,
KCONTINUE_LAST,
} KCONTINUE_TYPE;
typedef struct _KCONTINUE_ARGUMENT
{
KCONTINUE_TYPE ContinueType;
ULONG ContinueFlags;
ULONGLONG Reserved[2];
} KCONTINUE_ARGUMENT, *PKCONTINUE_ARGUMENT;
#define KCONTINUE_FLAG_TEST_ALERT 0x00000001 // wbenny
#define KCONTINUE_FLAG_DELIVER_APC 0x00000002 // wbenny
NTSYSCALLAPI
NTSTATUS
NTAPI
NtContinueEx(
_In_ PCONTEXT ContextRecord,
_In_ PVOID ContinueArgument // PKCONTINUE_ARGUMENT and BOOLEAN are valid
);
//FORCEINLINE
//NTSTATUS
//NtContinue(
// _In_ PCONTEXT ContextRecord,
// _In_ BOOLEAN TestAlert
// )
//{
// return NtContinueEx(ContextRecord, (PCONTINUE_ARGUMENT)TestAlert);
//}
#endif
NTSYSCALLAPI
NTSTATUS
NTAPI
NtRaiseException(
_In_ PEXCEPTION_RECORD ExceptionRecord,
_In_ PCONTEXT ContextRecord,
_In_ BOOLEAN FirstChance
);
NTSYSCALLAPI
DECLSPEC_NORETURN
VOID
NTAPI
RtlAssert(
_In_ PVOID VoidFailedAssertion,
_In_ PVOID VoidFileName,
_In_ ULONG LineNumber,
_In_opt_ PSTR MutableMessage
);
#define RTL_ASSERT(exp) \
((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, NULL), FALSE) : TRUE)
#define RTL_ASSERTMSG(msg, exp) \
((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, msg), FALSE) : TRUE)
#define RTL_SOFT_ASSERT(_exp) \
((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n Expression: %s\n", __FILE__, __LINE__, #_exp), FALSE) : TRUE)
#define RTL_SOFT_ASSERTMSG(_msg, _exp) \
((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n Expression: %s\n Message: %s\n", __FILE__, __LINE__, #_exp, (_msg)), FALSE) : TRUE)
#endif