Initial commit

xbdm/imp/KernelExports.h

@@ -0,0 +1,721 @@
+#pragma once
+#include "XeCrypt.h"
+#include "kernelp.h"
+
+typedef unsigned long long QWORD;
+typedef long							NTSTATUS;
+#define NT_EXTRACT_ST(Status)			((((ULONG)(Status)) >> 30)& 0x3)
+#define NT_SUCCESS(Status)              (((NTSTATUS)(Status)) >= 0)
+#define NT_INFORMATION(Status)          (NT_EXTRACT_ST(Status) == 1)
+#define NT_WARNING(Status)              (NT_EXTRACT_ST(Status) == 2)
+#define NT_ERROR(Status)                (NT_EXTRACT_ST(Status) == 3)
+
+// IRQL values
+#define PASSIVE_LEVEL 0
+#define LOW_LEVEL 0
+#define APC_LEVEL 1
+#define DISPATCH_LEVEL 2
+
+// Create disposition values.
+#define FILE_SUPERSEDE                          0x00000000
+#define FILE_OPEN                               0x00000001
+#define FILE_CREATE                             0x00000002
+#define FILE_OPEN_IF                            0x00000003
+#define FILE_OVERWRITE                          0x00000004
+#define FILE_OVERWRITE_IF                       0x00000005
+#define FILE_MAXIMUM_DISPOSITION                0x00000005
+
+// Create/open option flags.
+
+#define FILE_DIRECTORY_FILE                     0x00000001
+#define FILE_WRITE_THROUGH                      0x00000002
+#define FILE_SEQUENTIAL_ONLY                    0x00000004
+#define FILE_NO_INTERMEDIATE_BUFFERING          0x00000008
+
+#define FILE_SYNCHRONOUS_IO_ALERT               0x00000010
+#define FILE_SYNCHRONOUS_IO_NONALERT            0x00000020
+#define FILE_NON_DIRECTORY_FILE                 0x00000040
+#define FILE_CREATE_TREE_CONNECTION             0x00000080
+
+#define FILE_COMPLETE_IF_OPLOCKED               0x00000100
+#define FILE_NO_EA_KNOWLEDGE                    0x00000200
+#define FILE_OPEN_REMOTE_INSTANCE               0x00000400
+#define FILE_RANDOM_ACCESS                      0x00000800
+
+#define FILE_DELETE_ON_CLOSE                    0x00001000
+#define FILE_OPEN_BY_FILE_ID                    0x00002000
+#define FILE_OPEN_FOR_BACKUP_INTENT             0x00004000
+#define FILE_NO_COMPRESSION                     0x00008000
+
+#define FILE_RESERVE_OPFILTER                   0x00100000
+#define FILE_OPEN_REPARSE_POINT                 0x00200000
+#define FILE_OPEN_NO_RECALL                     0x00400000
+#define FILE_OPEN_FOR_FREE_SPACE_QUERY          0x00800000
+
+typedef enum _FS_INFORMATION_CLASS {
+    FileFsVolumeInformation=1,
+    FileFsLabelInformation,
+    FileFsSizeInformation,
+    FileFsDeviceInformation,
+    FileFsAttributeInformation,
+    FileFsControlInformation,
+    FileFsFullSizeInformation,
+    FileFsObjectIdInformation,
+    FileFsMaximumInformation
+} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
+
+typedef enum _FILE_INFORMATION_CLASS {
+   FileDirectoryInformation = 1,
+   FileFullDirectoryInformation,
+   FileBothDirectoryInformation,
+   FileBasicInformation,
+   FileStandardInformation,
+   FileInternalInformation,
+   FileEaInformation,
+   FileAccessInformation,
+   FileNameInformation,
+   FileRenameInformation,
+   FileLinkInformation,
+   FileNamesInformation,
+   FileDispositionInformation,
+   FilePositionInformation,
+   FileFullEaInformation,
+   FileModeInformation,
+   FileAlignmentInformation,
+   FileAllInformation,
+   FileAllocationInformation,
+   FileEndOfFileInformation,
+   FileAlternateNameInformation,
+   FileStreamInformation,
+   FilePipeInformation,
+   FilePipeLocalInformation,
+   FilePipeRemoteInformation,
+   FileMailslotQueryInformation,
+   FileMailslotSetInformation,
+   FileCompressionInformation,
+   FileObjectIdInformation,
+   FileCompletionInformation,
+   FileMoveClusterInformation,
+   FileQuotaInformation,
+   FileReparsePointInformation,
+   FileNetworkOpenInformation,
+   FileAttributeTagInformation,
+   FileTrackingInformation,
+   FileIdBothDirectoryInformation,
+   FileIdFullDirectoryInformation,
+   FileValidDataLengthInformation,
+   FileShortNameInformation,
+   FileIoCompletionNotificationInformation,
+   FileIoStatusBlockRangeInformation,
+   FileIoPriorityHintInformation,
+   FileSfioReserveInformation,
+   FileSfioVolumeInformation,
+   FileHardLinkInformation,
+   FileProcessIdsUsingFileInformation,
+   FileNormalizedNameInformation,
+   FileNetworkPhysicalNameInformation,
+   FileIdGlobalTxDirectoryInformation,
+   FileIsRemoteDeviceInformation,
+   FileAttributeCacheInformation,
+   FileNumaNodeInformation,
+   FileStandardLinkInformation,
+   FileRemoteProtocolInformation,
+   FileMaximumInformation
+ } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
+
+typedef struct _FILE_FS_SIZE_INFORMATION {
+  LARGE_INTEGER TotalAllocationUnits;
+  LARGE_INTEGER AvailableAllocationUnits;
+  ULONG         SectorsPerAllocationUnit;
+  ULONG         BytesPerSector;
+} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
+
+typedef struct _FILE_NETWORK_OPEN_INFORMATION {
+  LARGE_INTEGER           CreationTime;
+  LARGE_INTEGER           LastAccessTime;
+  LARGE_INTEGER           LastWriteTime;
+  LARGE_INTEGER           ChangeTime;
+  LARGE_INTEGER           AllocationSize;
+  LARGE_INTEGER           EndOfFile;
+  ULONG                   FileAttributes;
+  ULONG                   Unknown;
+} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
+
+typedef struct _ANSI_STRING {
+	USHORT Length;
+	USHORT MaximumLength;
+	PCHAR Buffer;
+} ANSI_STRING, *PANSI_STRING;
+
+typedef struct _FILE_DISPOSITION_INFORMATION {
+  BOOLEAN  DeleteFile;
+} FILE_DISPOSITION_INFORMATION;
+
+typedef struct _FILE_RENAME_INFORMATION {
+  BOOLEAN ReplaceIfExists;
+  HANDLE  RootDirectory;
+  ANSI_STRING FileName;
+} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
+
+typedef struct _XEX_HEADER_STRING {
+	ULONG Size;
+	UCHAR Data[1];
+} XEX_HEADER_STRING, *PXEX_HEADER_STRING;
+
+typedef struct _UNICODE_STRING {
+	USHORT Length;
+	USHORT MaximumLength;
+	PWCHAR Buffer;
+} UNICODE_STRING, *PUNICODE_STRING;
+
+typedef void (*pfnTitleTerminateRoutine)();
+typedef struct _EX_TITLE_TERMINATE_REGISTRATION {
+	pfnTitleTerminateRoutine	NotificationRoutine;
+	DWORD						Priority;
+	LIST_ENTRY					ListEntry;
+} EX_TITLE_TERMINATE_REGISTRATION, *PEX_TITLE_TERMINATE_REGISTRATION;
+
+typedef struct _EX_THREAD_REGISTRATION *PEX_THREAD_REGISTRATION;
+typedef void (*pfnThreadNotificationRoutine)(PEX_THREAD_REGISTRATION ThisRegistration, PKTHREAD Thread, BOOL Creating);
+typedef struct _EX_THREAD_REGISTRATION {
+	pfnThreadNotificationRoutine	NotificationRoutine;
+	DWORD							Priority;
+	LIST_ENTRY						ListEntry;
+} EX_THREAD_REGISTRATION;
+
+typedef struct _XEX_IMPORT_DESCRIPTOR {
+   DWORD Size;
+   DWORD NameTableSize;
+   DWORD ModuleCount;
+} XEX_IMPORT_DESCRIPTOR, *PXEX_IMPORT_DESCRIPTOR;
+
+typedef struct _HV_IMAGE_IMPORT_TABLE {
+   BYTE  NextImportDigest[0x14];
+   DWORD ModuleNumber;
+   DWORD Version[0x02];
+   BYTE  Unused;
+   BYTE  ModuleIndex;
+   WORD  ImportCount;
+} HV_IMAGE_IMPORT_TABLE, *PHV_IMAGE_IMPORT_TABLE;
+
+typedef struct _XEX_IMPORT_TABLE {
+   DWORD                 TableSize;
+   HV_IMAGE_IMPORT_TABLE ImportTable;
+} XEX_IMPORT_TABLE, *PXEX_IMPORT_TABLE;
+
+typedef struct _LDR_DATA_TABLE_ENTRY { 
+	LIST_ENTRY     InLoadOrderLinks;
+	LIST_ENTRY     InClosureOrderLinks;
+	LIST_ENTRY     InInitializationOrderLinks;
+	VOID*          NtHeadersBase;
+	VOID*          ImageBase;
+	DWORD          SizeOfNtImage;
+	UNICODE_STRING FullDllName;
+	UNICODE_STRING BaseDllName;
+	DWORD          Flags;
+	DWORD          SizeOfFullImage;
+	VOID*          EntryPoint;
+	WORD           LoadCount;
+	WORD           ModuleIndex;
+	VOID*          DllBaseOriginal;
+	DWORD          CheckSum;
+	DWORD          ModuleLoadFlags;
+	DWORD          TimeDateStamp;
+	VOID*          LoadedImports;
+	VOID*          XexHeaderBase;
+	union {
+		ANSI_STRING               LoadFileName;
+		struct {
+			struct _LDR_DATA_TABLE_ENTRY* ClosureRoot;
+			struct _LDR_DATA_TABLE_ENTRY* TraversalParent;
+		} asEntry;
+	};
+} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
+
+typedef struct _XBOX_HARDWARE_INFO {
+	DWORD Flags;
+	BYTE  NumberOfProcessors;
+	BYTE  PCIBridgeRevisionID;
+	BYTE  Reserved[6];
+	WORD  BldrMagic;
+	WORD  BldrFlags;
+} XBOX_HARDWARE_INFO, *PXBOX_HARDWARE_INFO;
+
+typedef struct _KERNEL_VERSION {
+	WORD Major;
+	WORD Minor;
+	WORD Build;
+	BYTE ApprovalType;
+	BYTE QFE;
+} KERNEL_VERSION, *PKERNEL_VERSION;
+
+typedef struct _D3DPRIVATE_RECT {
+	LONG x1, y1;
+	LONG x2, y2;
+} D3DPRIVATE_RECT, *PD3DPRIVATE_RECT;
+
+typedef struct _D3DFILTER_PARAMETERS {
+	FLOAT Nyquist;
+	FLOAT FlickerFilter;
+	FLOAT Beta;
+} D3DFILTER_PARAMETERS, *PD3DFILTER_PARAMETERS;
+
+typedef struct _D3DPRIVATE_SCALER_PARAMETERS {
+	D3DPRIVATE_RECT		 ScalerSourceRect;
+	LONG				 ScaledOutputWidth;
+	LONG				 ScaledOutputHeight;
+	DWORD				 VerticalFilterType;
+	D3DFILTER_PARAMETERS VerticalFilterParameters;
+	DWORD				 HorizontalFilterType;
+	D3DFILTER_PARAMETERS HorizontalFilterParameters;
+} D3DPRIVATE_SCALER_PARAMETERS, *PD3DPRIVATE_SCALER_PARAMETERS;
+
+typedef struct _DISPLAY_INFORMATION {
+	USHORT						 FrontBufferWidth;
+	USHORT						 FrontBufferHeight;
+	CHAR						 FrontBufferColorFormat;
+	CHAR						 FrontBufferPixelFormat;
+	D3DPRIVATE_SCALER_PARAMETERS ScalerParameters;
+	USHORT						 DisplayWindowOverscanLeft;
+	USHORT						 DisplayWindowOverscanTop;
+	USHORT						 DisplayWindowOverscanRight;
+	USHORT						 DisplayWindowOverscanBottom;
+	USHORT						 DisplayWidth;
+	USHORT						 DisplayHeight;
+	FLOAT						 DisplayRefreshRate;
+	UINT						 DisplayInterlaced;
+	CHAR						 DisplayColorFormat;
+	USHORT						 ActualDisplayWidth;
+} DISPLAY_INFORMATION, *PDISPLAY_INFORMATION;
+
+typedef struct _XEX_EXECUTION_ID {
+	DWORD		 MediaID;
+	DWORD		 Version;
+	DWORD		 BaseVersion;
+	union {
+		struct {
+			WORD PublisherID;
+			WORD GameID;
+		};
+		DWORD	 TitleID;
+	};
+	BYTE		 Platform;
+	BYTE		 ExecutableType;
+	BYTE		 DiscNum;
+	BYTE		 DiscsInSet;
+	DWORD		 SaveGameID;
+} XEX_EXECUTION_ID, *PXEX_EXECUTION_ID;
+
+// Valid values for the Attributes field
+#define OBJ_INHERIT             0x00000002L
+#define OBJ_PERMANENT           0x00000010L
+#define OBJ_EXCLUSIVE           0x00000020L
+#define OBJ_CASE_INSENSITIVE    0x00000040L
+#define OBJ_OPENIF              0x00000080L
+#define OBJ_OPENLINK            0x00000100L
+#define OBJ_VALID_ATTRIBUTES    0x000001F2L
+
+typedef struct _OBJECT_ATTRIBUTES {
+    HANDLE		 RootDirectory;
+	PANSI_STRING ObjectName;
+    ULONG		 Attributes;
+} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
+
+// object type strings
+#define OBJ_TYP_SYMBLINK	0x626d7953
+#define OBJ_TYP_DIRECTORY	0x65726944
+#define OBJ_TYP_DEVICE		0x69766544
+#define OBJ_TYP_EVENT       0x76657645
+#define OBJ_TYP_DEBUG       0x63706d64
+
+typedef struct _OBJECT_DIRECTORY_INFORMATION {
+	ANSI_STRING Name;
+	DWORD		Type;
+	CHAR		NameEx[MAX_PATH];
+} OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION;
+
+typedef struct _IO_STATUS_BLOCK {
+    union {
+        NTSTATUS Status;
+        PVOID	 Pointer;
+    } st;
+    ULONG_PTR	 Information;
+} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
+
+typedef VOID (NTAPI *PIO_APC_ROUTINE) (
+    IN PVOID ApcContext,
+    IN PIO_STATUS_BLOCK IoStatusBlock,
+    IN ULONG Reserved
+);
+
+typedef struct _FILE_DIRECTORY_INFORMATION {
+	ULONG		  NextEntryOffset; 
+	ULONG		  FileIndex; 
+	LARGE_INTEGER CreationTime; 
+	LARGE_INTEGER LastAccessTime; 
+	LARGE_INTEGER LastWriteTime; 
+	LARGE_INTEGER ChangeTime; 
+	LARGE_INTEGER EndOfFile; 
+	LARGE_INTEGER AllocationSize; 
+	ULONG		  FileAttributes; 
+	ULONG		  FileNameLength; 
+	CHAR		  FileName[MAX_PATH];
+} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
+
+typedef struct FILE_BASIC_INFORMATION {
+  LARGE_INTEGER  CreationTime;
+  LARGE_INTEGER  LastAccessTime;
+  LARGE_INTEGER  LastWriteTime;
+  LARGE_INTEGER  ChangeTime;
+  ULONG  FileAttributes;
+} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
+
+typedef struct _TRANSLATE_SYMLINK
+{
+	DWORD reserved;
+	PANSI_STRING name;
+} TRANSLATE_SYMLINK, *PTRANSLATE_SYMLINK;
+
+typedef struct _DRIVER_OBJECT
+{
+	DWORD Unk[3];
+	LPVOID Create;
+	LPVOID Close; // This appears to be when files are closed?
+	LPVOID Read;
+	LPVOID Write;
+	LPVOID QueryInformation;
+	LPVOID SetInformation;
+	LPVOID FlushBuffers;
+	LPVOID QueryVolumeInformation;
+	LPVOID DirectoryControl;
+	LPVOID Unk2;
+	LPVOID CloseHandle; // This appears to be when handles are closed
+} DRIVER_OBJECT, *PDRIVER_OBJECT;
+
+#define InitializeObjectAttributes( p, n, a, r){ \
+	(p)->RootDirectory = r;                             \
+	(p)->Attributes = a;                                \
+	(p)->ObjectName = n;                                \
+}
+
+NTSTATUS ExGetXConfigSetting(USHORT Category, USHORT Entry, LPVOID Buffer, DWORD cchBuffer, LPDWORD cchOutBuffer);
+NTSTATUS ExSetXConfigSetting(USHORT Category, USHORT Entry, LPVOID Buffer, DWORD cchBuffer);
+
+extern XBOX_HARDWARE_INFO*	  XboxHardwareInfo;
+extern KERNEL_VERSION*		  XboxKrnlVersion;
+extern KERNEL_VERSION*		  XboxKrnlBaseVersion;
+extern PLDR_DATA_TABLE_ENTRY* XexExecutableModuleHandle;
+extern CONST LPCSTR			  ExLoadedImageName;
+extern DWORD				  ObDirectoryObjectType;
+extern DWORD				  ObSymbolicLinkObjectType;
+extern DWORD                  IoDeviceObjectType;
+extern DWORD*				  KeDebugMonitorData;
+
+extern DWORD *KeTimeStampBundle;
+
+void KeQuerySystemTime(PULARGE_INTEGER Time);
+VOID VdGetCurrentDisplayInformation(PDISPLAY_INFORMATION DisplayInfo);
+DWORD KeGetCurrentProcessType();
+
+void ExRegisterTitleTerminateNotification(PEX_TITLE_TERMINATE_REGISTRATION pRegistration, BOOL Register);
+void ExRegisterThreadNotification(PEX_THREAD_REGISTRATION pRegistration, BOOL Register);
+
+void RtlInitAnsiString(PANSI_STRING DestinationString, const char* SourceString);
+
+PIMAGE_NT_HEADERS RtlImageNtHeader(PVOID ModuleAddress);
+PVOID RtlImageDirectoryEntryToData(PVOID BaseAddress, BOOL MappedAsImage, USHORT Directory, PULONG Size);
+
+void*	RtlImageXexHeaderField(void* XexHeaderBase, DWORD Key);
+HRESULT XexStartExecutable(FARPROC TitleProcessInitThreadProc);
+BOOL	XexCheckExecutablePrivilege(DWORD Privilege);
+
+NTSTATUS XexGetModuleHandle(LPCSTR XexName, HMODULE *ModuleHandle);
+NTSTATUS XexGetProcedureAddress(HMODULE ModuleHandle, DWORD dwOrdinal, PVOID OutAddress);
+NTSTATUS ObCreateSymbolicLink(PANSI_STRING, PANSI_STRING);
+NTSTATUS ObDeleteSymbolicLink(PANSI_STRING);
+NTSTATUS ObTranslateSymbolicLink(IN PVOID, OUT PANSI_STRING);
+NTSTATUS ObOpenObjectByPointer(PVOID Object, PHANDLE Handle);
+NTSTATUS NtOpenSymbolicLinkObject(PHANDLE LinkHandle, POBJECT_ATTRIBUTES ObjectAttributes);
+NTSTATUS NtQuerySymbolicLinkObject(HANDLE LinkHandle, PANSI_STRING LinkTarget, PULONG ReturnedLength);
+NTSTATUS NtQueryVolumeInformationFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PVOID FileSystemInformation, ULONG Length, FS_INFORMATION_CLASS FileSystemInformationClass); //FILE_FS_SIZE_INFORMATION NormalSizeInfo);
+NTSTATUS NtClose(HANDLE Handle);
+
+NTSTATUS NtQueryInformationFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, 
+	PVOID FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass);
+
+NTSTATUS XeKeysGetKey(DWORD KeyNum, void* KeyBuffer, DWORD* KeySize);
+NTSTATUS XeKeysSetKey(DWORD KeyNum, void* KeyBuffer, DWORD* KeySize);
+NTSTATUS XeKeysGetConsoleID(void* KeyBuffer, char* KeyString);
+
+BOOL MmIsAddressValid(VOID* Address);
+PVOID MmCreateKernelStack(DWORD Size, DWORD Type);
+DWORD MmGetPhysicalAddress(VOID* Address);
+
+void HalReturnToFirmware(DWORD);
+
+void  XapiThreadStartup(void (__cdecl *StartRoutine)(void*), void* StartContext);
+DWORD ExCreateThread(PHANDLE pHandle, DWORD dwStackSize, 
+	LPDWORD lpThreadId, VOID* apiThreadStartup , 
+	LPTHREAD_START_ROUTINE lpStartAddress, 
+	LPVOID lpParameter, DWORD dwCreationFlagsMod);
+
+HRESULT HalOpenCloseODDTray(BOOL Open);
+
+NTSTATUS NtSetSystemTime(IN PULARGE_INTEGER SystemTime, OUT PULARGE_INTEGER PreviousTime OPTIONAL);
+
+NTSTATUS NtCreateFile(HANDLE* FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes,
+	PIO_STATUS_BLOCK IoStatusBlock, PLARGE_INTEGER AllocationSize, ULONG FileAttributes, 
+	ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions);
+
+NTSTATUS NtOpenFile(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes,
+	PIO_STATUS_BLOCK IoStatusBlock, ULONG ShareAccess, ULONG OpenOptions); 
+
+NTSTATUS NtQueryDirectoryFile(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, 
+	PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, PANSI_STRING FileMask, PVOID Unk);
+
+NTSTATUS NtQueryFullAttributesFile(POBJECT_ATTRIBUTES ObjectAttributes, PFILE_NETWORK_OPEN_INFORMATION Attributes );
+
+NTSTATUS NtReadFile(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, 
+	PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG Length, PLARGE_INTEGER ByteOffset);
+NTSTATUS NtWriteFile(HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL,
+	OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset OPTIONAL);
+
+NTSTATUS NtOpenDirectoryObject(PHANDLE DirectoryHandle, POBJECT_ATTRIBUTES ObjectAttributes);
+
+NTSTATUS NtQueryDirectoryObject(HANDLE DirectoryHandle, PVOID Buffer, ULONG Length, 
+	BOOLEAN ReturnSingleEntry, PULONG Context, PULONG ReturnLength);
+
+NTSTATUS NtSetInformationFile(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock,
+	PVOID FileInformation, ULONG Length, DWORD FileInformationClass);
+
+NTSTATUS NtClose(HANDLE Handle);
+
+NTSTATUS IoCreateDevice(PDRIVER_OBJECT DriverObject, ULONG DeviceExtensionSize, PANSI_STRING DeviceName,
+	DWORD DeviceType, ULONG DeviceCharacteristics, LPDWORD *DeviceObject);
+NTSTATUS IoInvalidDeviceRequest();
+
+UINT32 __stdcall XexLoadExecutable(char* xexName, PHANDLE handle, UINT32 typeInfo, UINT32 ver);
+UINT32 __stdcall XexLoadImageFromMemory(char* XexBuffer, DWORD Size, char* xexName, DWORD Flags, DWORD MinVersion, HMODULE* Module);
+
+DWORD KeSuspendThread(HANDLE hThread);
+
+PVOID ExAllocatePoolWithTag(SIZE_T NumberOfBytes, ULONG Tag);
+PVOID ExAllocatePoolTypeWithTag(SIZE_T NumberOfBytes, ULONG Tag, ULONG Type);
+VOID ExFreePool(PVOID P);
+	
+DWORD KeResumeThread(HANDLE hThread);
+	
+HRESULT ObLookupAnyThreadByThreadId(DWORD dwThreadId, PKTHREAD *pthr);
+	
+VOID ObDereferenceObject(PVOID Object);
+NTSTATUS ObReferenceObjectByHandle(HANDLE Handle, DWORD ObjectType, PVOID *Object);
+
+BYTE KfRaiseIrql(BYTE irql);
+BYTE KeRaiseIrqlToDpcLevel();
+VOID KfLowerIrql(BYTE Irql);
+VOID KeEnterCriticalRegion();
+VOID KeLeaveCriticalRegion();
+BYTE KfAcquireSpinLock(LPVOID Object);
+VOID KfReleaseSpinLock(LPVOID Object, BYTE Irql);
+VOID KeAcquireSpinLockAtRaisedIrql(LPVOID Object);
+VOID KeReleaseSpinLockFromRaisedIrql(LPVOID Object);
+NTSTATUS ObCreateObject(PVOID ObjectType, POBJECT_ATTRIBUTES ObjectAttributes, DWORD Unknown, PVOID *Object);
+NTSTATUS ObInsertObject(PVOID Object, POBJECT_ATTRIBUTES ObjectAttributes, DWORD Unk, PHANDLE Handle);
+VOID IoDeleteDevice(PVOID Object);
+
+NTSTATUS NtCreateDirectoryObject(PHANDLE DirectoryHandle, POBJECT_ATTRIBUTES ObjectAttributes);
+
+BOOL ExTerminateThread(DWORD ReturnCode);
+
+BOOL KeSetEvent(HANDLE Event, DWORD Increment, BOOL Wait);
+VOID KeResetEvent(HANDLE Event);
+VOID KeSetBasePriorityThread(PKTHREAD Thread, DWORD Priority);
+
+VOID KeSweepIcacheRange(PVOID Address, DWORD cbBytes);
+
+INT KeQueryBasePriorityThread(PVOID pThread);
+
+NTSTATUS ObReferenceObjectByName(PANSI_STRING ObjectName, ULONG Attributes, DWORD ObjectType, DWORD Unk, PVOID *Object);
+NTSTATUS IoCompleteRequest(PVOID IoRequest, DWORD Unk);
+
+VOID IoSetShareAccess(ACCESS_MASK DesiredAccess, ULONG DesiredShareAccess, PVOID FileObject, PVOID ShareAccess);
+
+PVOID MmDbgReadCheck(PVOID pAddress);
+PVOID MmDbgWriteCheck(PVOID pAddress, PHANDLE pHandle);
+
+VOID MmDbgReleaseAddress(PVOID pAddress, PHANDLE pHandle);
+
+VOID KeSetSpecialPurposeRegister(DWORD dwRegister, ULONGLONG ulValue);
+
+ULONG_PTR KeIpiGenericCall(LPVOID BroadcastFunction, ULONG_PTR Context);
+
+VOID KeStallExecutionProcessor(DWORD);
+
+NTSTATUS KeWaitForSingleObject(PVOID Object, DWORD WaitReason, DWORD WaitMode, BOOL Alertable, PLARGE_INTEGER Timeout);
+
+PVOID XexPcToFileHeader(PVOID address, PLDR_DATA_TABLE_ENTRY* ldatOut);
+
+VOID KeInitializeEvent(PKEVENT Event, DWORD Type, BOOL State);
+
+HRESULT RtlNtStatusToDosError(NTSTATUS Status);
+
+VOID VdDisplayFatalError(DWORD Error);
+
+typedef struct _FILE_OBJECT
+{
+	WORD Type;			// 00
+	WORD Size;			// 02
+	PVOID DeviceObject;	// 04
+	PVOID CustomData;	// 08
+} FILE_OBJECT, *PFILE_OBJECT;
+
+typedef struct _PARAMS_EVERYWHERE
+{
+	DWORD Unk[18];			// 00 - 44
+	PANSI_STRING FileName;	// 48
+} PARAMS_EVERYWHERE, *PPARAMS_EVERYWHERE;
+
+typedef struct _MORE_DRIVER_PARAMS
+{
+	DWORD Unk;							// 00
+	union {
+		struct {
+			DWORD dwDesiredAccess;				// 04
+			BYTE bCreationDisposition;			// 08
+			BYTE Unk2;							// 09
+			WORD wCreateOptions;				// 0A
+			DWORD Unk3;							// 0C
+		} CreateFile;
+		struct {
+			DWORD dwBytesRequested;
+		} ReadFile;
+	};
+	PANSI_STRING FileName;				// 10
+	DWORD Unk4;							// 14
+	PFILE_OBJECT FileObject;			// 18
+										// 1c
+} MORE_DRIVER_PARAMS, *PMORE_DRIVER_PARAMS;
+
+typedef struct _DRIVER_PARAMS
+{
+	DWORD Unk[4];					// 00
+									// 04
+									// 08
+									// 0C
+	NTSTATUS Status;				// 10
+	DWORD BytesRead;				// 14
+	DWORD Unk2;						// 18
+	PVOID DataBuffer;				// 1C
+	DWORD Unk3[12];					// 20
+									// 24
+									// 28
+									// 2c
+									// 30
+									// 34
+									// 38
+									// 3c
+									// 40
+									// 44
+									// 48
+									// 4c
+	PMORE_DRIVER_PARAMS MoreParams;	// 50
+} DRIVER_PARAMS, *PDRIVER_PARAMS;
+
+#ifndef InitializeListHead
+//
+//  VOID
+//  InitializeListHead(
+//      PLIST_ENTRY ListHead
+//      );
+//
+
+#define InitializeListHead(ListHead) (\
+    (ListHead)->Flink = (ListHead)->Blink = (ListHead))
+
+//
+//  BOOLEAN
+//  IsListEmpty(
+//      PLIST_ENTRY ListHead
+//      );
+//
+
+#define IsListEmpty(ListHead) \
+    ((ListHead)->Flink == (ListHead))
+
+//
+//  PLIST_ENTRY
+//  RemoveHeadList(
+//      PLIST_ENTRY ListHead
+//      );
+//
+
+#define RemoveHeadList(ListHead) \
+    (ListHead)->Flink;\
+    {RemoveEntryList((ListHead)->Flink)}
+
+//
+//  PLIST_ENTRY
+//  RemoveTailList(
+//      PLIST_ENTRY ListHead
+//      );
+//
+
+#define RemoveTailList(ListHead) \
+    (ListHead)->Blink;\
+    {RemoveEntryList((ListHead)->Blink)}
+
+//
+//  VOID
+//  RemoveEntryList(
+//      PLIST_ENTRY Entry
+//      );
+//
+
+#define RemoveEntryList(Entry) {\
+    PLIST_ENTRY _EX_Blink;\
+    PLIST_ENTRY _EX_Flink;\
+    _EX_Flink = (Entry)->Flink;\
+    _EX_Blink = (Entry)->Blink;\
+    _EX_Blink->Flink = _EX_Flink;\
+    _EX_Flink->Blink = _EX_Blink;\
+    }
+
+//
+//  VOID
+//  InsertTailList(
+//      PLIST_ENTRY ListHead,
+//      PLIST_ENTRY Entry
+//      );
+//
+
+#define InsertTailList(ListHead,Entry) {\
+    PLIST_ENTRY _EX_Blink;\
+    PLIST_ENTRY _EX_ListHead;\
+    _EX_ListHead = (ListHead);\
+    _EX_Blink = _EX_ListHead->Blink;\
+    (Entry)->Flink = _EX_ListHead;\
+    (Entry)->Blink = _EX_Blink;\
+    _EX_Blink->Flink = (Entry);\
+    _EX_ListHead->Blink = (Entry);\
+    }
+
+//
+//  VOID
+//  InsertHeadList(
+//      PLIST_ENTRY ListHead,
+//      PLIST_ENTRY Entry
+//      );
+//
+
+#define InsertHeadList(ListHead,Entry) {\
+    PLIST_ENTRY _EX_Flink;\
+    PLIST_ENTRY _EX_ListHead;\
+    _EX_ListHead = (ListHead);\
+    _EX_Flink = _EX_ListHead->Flink;\
+    (Entry)->Flink = _EX_Flink;\
+    (Entry)->Blink = _EX_ListHead;\
+    _EX_Flink->Blink = (Entry);\
+    _EX_ListHead->Flink = (Entry);\
+    }
+
+#endif  // InitializeListHead