// Copyright 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading.Tasks; namespace ChromeDebug.LowLevel { // Defines structures, enumerations, and types used by Win32 API calls. In some cases, the API // calls support (and even document) many more values than what are listed here. Should // additional values be required, they can be added to the respective types. public static class LowLevelTypes { #region Constants and Enums // Represents the image format of a DLL or executable. public enum ImageFormat { NATIVE, MANAGED, UNKNOWN } // Flags used for opening a file handle (e.g. in a call to CreateFile), that determine the // requested permission level. [Flags] public enum FileAccessFlags : uint { GENERIC_WRITE = 0x40000000, GENERIC_READ = 0x80000000 } // Value used for CreateFile to determine how to behave in the presence (or absence) of a // file with the requested name. Used only for CreateFile. public enum FileCreationDisposition : uint { CREATE_NEW = 1, CREATE_ALWAYS = 2, OPEN_EXISTING = 3, OPEN_ALWAYS = 4, TRUNCATE_EXISTING = 5 } // Flags that determine what level of sharing this application requests on the target file. // Used only for CreateFile. [Flags] public enum FileShareFlags : uint { EXCLUSIVE_ACCESS = 0x0, SHARE_READ = 0x1, SHARE_WRITE = 0x2, SHARE_DELETE = 0x4 } // Flags that control caching and other behavior of the underlying file object. Used only for // CreateFile. [Flags] public enum FileFlagsAndAttributes : uint { NORMAL = 0x80, OPEN_REPARSE_POINT = 0x200000, SEQUENTIAL_SCAN = 0x8000000, RANDOM_ACCESS = 0x10000000, NO_BUFFERING = 0x20000000, OVERLAPPED = 0x40000000 } // The target architecture of a given executable image. The various values correspond to the // magic numbers defined by the PE Executable Image File Format. // http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx public enum MachineType : ushort { UNKNOWN = 0x0, X64 = 0x8664, X86 = 0x14c, IA64 = 0x200 } // A flag indicating the format of the path string that Windows returns from a call to // QueryFullProcessImageName(). public enum ProcessQueryImageNameMode : uint { WIN32_FORMAT = 0, NATIVE_SYSTEM_FORMAT = 1 } // Flags indicating the level of permission requested when opening a handle to an external // process. Used by OpenProcess(). [Flags] public enum ProcessAccessFlags : uint { NONE = 0x0, ALL = 0x001F0FFF, VM_OPERATION = 0x00000008, VM_READ = 0x00000010, QUERY_INFORMATION = 0x00000400, QUERY_LIMITED_INFORMATION = 0x00001000 } // Defines return value codes used by various Win32 System APIs. public enum NTSTATUS : int { SUCCESS = 0, } // Determines the amount of information requested (and hence the type of structure returned) // by a call to NtQueryInformationProcess. public enum PROCESSINFOCLASS : int { PROCESS_BASIC_INFORMATION = 0 }; [Flags] public enum SHGFI : uint { Icon = 0x000000100, DisplayName = 0x000000200, TypeName = 0x000000400, Attributes = 0x000000800, IconLocation = 0x000001000, ExeType = 0x000002000, SysIconIndex = 0x000004000, LinkOverlay = 0x000008000, Selected = 0x000010000, Attr_Specified = 0x000020000, LargeIcon = 0x000000000, SmallIcon = 0x000000001, OpenIcon = 0x000000002, ShellIconSize = 0x000000004, PIDL = 0x000000008, UseFileAttributes = 0x000000010, AddOverlays = 0x000000020, OverlayIndex = 0x000000040, } #endregion #region Structures // In general, for all structures below which contains a pointer (represented here by IntPtr), // the pointers refer to memory in the address space of the process from which the original // structure was read. While this seems obvious, it means we cannot provide an elegant // interface to the various fields in the structure due to the de-reference requiring a // handle to the target process. Instead, that functionality needs to be provided at a // higher level. // // Additionally, since we usually explicitly define the fields that we're interested in along // with their respective offsets, we frequently specify the exact size of the native structure. // Win32 UNICODE_STRING structure. [StructLayout(LayoutKind.Sequential)] public struct UNICODE_STRING { // The length in bytes of the string pointed to by buffer, not including the null-terminator. private ushort length; // The total allocated size in memory pointed to by buffer. private ushort maximumLength; // A pointer to the buffer containing the string data. private IntPtr buffer; public ushort Length { get { return length; } } public ushort MaximumLength { get { return maximumLength; } } public IntPtr Buffer { get { return buffer; } } } // Win32 RTL_USER_PROCESS_PARAMETERS structure. [StructLayout(LayoutKind.Explicit, Size = 72)] public struct RTL_USER_PROCESS_PARAMETERS { [FieldOffset(56)] private UNICODE_STRING imagePathName; [FieldOffset(64)] private UNICODE_STRING commandLine; public UNICODE_STRING ImagePathName { get { return imagePathName; } } public UNICODE_STRING CommandLine { get { return commandLine; } } }; // Win32 PEB structure. Represents the process environment block of a process. [StructLayout(LayoutKind.Explicit, Size = 472)] public struct PEB { [FieldOffset(2), MarshalAs(UnmanagedType.U1)] private bool isBeingDebugged; [FieldOffset(12)] private IntPtr ldr; [FieldOffset(16)] private IntPtr processParameters; [FieldOffset(468)] private uint sessionId; public bool IsBeingDebugged { get { return isBeingDebugged; } } public IntPtr Ldr { get { return ldr; } } public IntPtr ProcessParameters { get { return processParameters; } } public uint SessionId { get { return sessionId; } } }; // Win32 PROCESS_BASIC_INFORMATION. Contains a pointer to the PEB, and various other // information about a process. [StructLayout(LayoutKind.Explicit, Size = 24)] public struct PROCESS_BASIC_INFORMATION { [FieldOffset(4)] private IntPtr pebBaseAddress; [FieldOffset(16)] private UIntPtr uniqueProcessId; public IntPtr PebBaseAddress { get { return pebBaseAddress; } } public UIntPtr UniqueProcessId { get { return uniqueProcessId; } } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct SHFILEINFO { // C# doesn't support overriding the default constructor of value types, so we need to use // a dummy constructor. public SHFILEINFO(bool dummy) { hIcon = IntPtr.Zero; iIcon = 0; dwAttributes = 0; szDisplayName = ""; szTypeName = ""; } public IntPtr hIcon; public int iIcon; public uint dwAttributes; [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)] public string szDisplayName; [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 80)] public string szTypeName; }; #endregion } }