1  #pragma once
  2  
  3  #include "pch.h"
  4  
  5  #define DECLARE_NTDLL_FUNCTION(name, ...)       \
  6  private:                                        \
  7      typedef NTSTATUS(NTAPI* name ## _t)(        \
  8          __VA_ARGS__                             \
  9      );                                          \
 10      name ## _t m_ ## name;                      \
 11  public:                                         \
 12      NTSTATUS name(__VA_ARGS__);
 13  
 14  class Ntdll
 15  {
 16  private:
 17      HMODULE m_module;
 18  public:
 19      struct SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX
 20      {
 21          PVOID Object;
 22          ULONG_PTR UniqueProcessId;
 23          ULONG_PTR HandleValue;
 24          ULONG GrantedAccess;
 25          USHORT CreatorBackTraceIndex;
 26          USHORT ObjectTypeIndex;
 27          ULONG HandleAttributes;
 28          ULONG Reserved;
 29      };
 30  
 31      struct SYSTEM_HANDLE_INFORMATION_EX
 32      {
 33          ULONG_PTR NumberOfHandles;
 34          ULONG_PTR Reserved;
 35          SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handles[1];
 36      };
 37  
 38      enum POOL_TYPE
 39      {
 40          NonPagedPool,
 41          PagedPool,
 42          NonPagedPoolMustSucceed,
 43          DontUseThisType,
 44          NonPagedPoolCacheAligned,
 45          PagedPoolCacheAligned,
 46          NonPagedPoolCacheAlignedMustS
 47      };
 48  
 49      struct OBJECT_TYPE_INFORMATION
 50      {
 51          UNICODE_STRING Name;
 52          ULONG TotalNumberOfObjects;
 53          ULONG TotalNumberOfHandles;
 54          ULONG TotalPagedPoolUsage;
 55          ULONG TotalNonPagedPoolUsage;
 56          ULONG TotalNamePoolUsage;
 57          ULONG TotalHandleTableUsage;
 58          ULONG HighWaterNumberOfObjects;
 59          ULONG HighWaterNumberOfHandles;
 60          ULONG HighWaterPagedPoolUsage;
 61          ULONG HighWaterNonPagedPoolUsage;
 62          ULONG HighWaterNamePoolUsage;
 63          ULONG HighWaterHandleTableUsage;
 64          ULONG InvalidAttributes;
 65          GENERIC_MAPPING GenericMapping;
 66          ULONG ValidAccess;
 67          BOOLEAN SecurityRequired;
 68          BOOLEAN MaintainHandleCount;
 69          USHORT MaintainTypeList;
 70          POOL_TYPE PoolType;
 71          ULONG PagedPoolUsage;
 72          ULONG NonPagedPoolUsage;
 73      };
 74  
 75      Ntdll();
 76  
 77      DECLARE_NTDLL_FUNCTION(NtQuerySystemInformation,
 78          ULONG SystemInformationClass,
 79          PVOID SystemInformation,
 80          ULONG SystemInformationLength,
 81          PULONG ReturnLength
 82      )
 83  
 84      DECLARE_NTDLL_FUNCTION(NtDuplicateObject,
 85          HANDLE SourceProcessHandle,
 86          HANDLE SourceHandle,
 87          HANDLE TargetProcessHandle,
 88          PHANDLE TargetHandle,
 89          ACCESS_MASK DesiredAccess,
 90          ULONG Attributes,
 91          ULONG Options
 92      )
 93  
 94      DECLARE_NTDLL_FUNCTION(NtQueryObject,
 95          HANDLE ObjectHandle,
 96          ULONG ObjectInformationClass,
 97          PVOID ObjectInformation,
 98          ULONG ObjectInformationLength,
 99          PULONG ReturnLength
100      );
101  };