forked from hillu/go-ntdll
-
Notifications
You must be signed in to change notification settings - Fork 0
/
atom.go
72 lines (62 loc) · 1.31 KB
/
atom.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package ntdll
//go:generate -command mkcode go run mkcode.go --
//go:generate mkcode $GOFILE
// See http://www.ntinternals.net/: UserMode / NTDLL / Atoms
//
// However, some function definitions (NtAddAtom, NtFindAtom) are
// missing the Length parameter.
/*
func:
NTSTATUS NtAddAtom(
_In_ PWSTR AtomName,
_In_ ULONG Length,
_Out_ PRTL_ATOM Atom
);
*/
/*
func:
NTSTATUS NtDeleteAtom(
_In_ RTL_ATOM Atom
);
*/
/*
func:
NTSTATUS NtFindAtom(
_In_ PWCHAR AtomName,
_In_ ULONG Length,
_Out_opt_ PRTL_ATOM Atom);
*/
/*
func:
NTSTATUS NtQueryInformationAtom(
_In_ RTL_ATOM Atom,
_In_ ATOM_INFORMATION_CLASS AtomInformationClass,
_Out_ PVOID AtomInformation,
_In_ ULONG AtomInformationLength,
_Out_ PULONG ReturnLength
);
*/
/*
enum:
typedef enum _ATOM_INFORMATION_CLASS {
AtomBasicInformation,
AtomTableInformation
} ATOM_INFORMATION_CLASS, *PATOM_INFORMATION_CLASS;
*/
/*
type:
typedef struct _ATOM_BASIC_INFORMATION {
USHORT UsageCount;
USHORT Flags;
USHORT NameLength;
WCHAR Name[1];
} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
*/
/*
type:
typedef struct _ATOM_TABLE_INFORMATION {
ULONG NumberOfAtoms;
RTL_ATOM Atoms[1];
} ATOM_TABLE_INFORMATION, *PATOM_TABLE_INFORMATION;
*/
type RtlAtom uint16