winsiderss / phnt Goto Github PK

It looks like NtQueryPortInformationProcess went missing in 461f7b6. Was this intentional?

The definitions in this repository are usually somewhat behind those that are available for Process Hacker.

@dmex wrote:

PHNT is supposed to be a stable repository. I test/update types with PH first then sync those changes with phnt so they're more or less guaranteed to work properly.

It is a reasonable approach, but it makes it harder for third-party projects to include the latest changes available for Process Hacker. Currently, if someone wants to use the latest definitions that are not yet available here, they have three options:

1. Copy necessary header files from Process Hacker.
2. Fork this repository, merge changes from the Process Hacker's version, and include it as a submodule.
3. Include the entire Process Hacker as a submodule.

Therefore, I have a suggestion.

How about maintaining both stable and nightly versions of phnt here on different branches? This way, those who need well-tested definitions can use the main branch, while Process Hacker and other projects that want to include the latest types can reference commits on the nightly branch.

64-Bit system calls executed by a wow64 process require structures aligned on a 16 byte boundary. A misaligned structure will sometimes result in the system call returning STATUS_DATATYPE_MISALIGNMENT. For example fix, OBJECT_ATTRIBUTES64 in phnt_ntdef.h would be defined like:

typedef struct DECLSPEC_ALIGN(16) _OBJECT_ATTRIBUTES64
{
    ULONG Length;
    ULONG64 RootDirectory;
    ULONG64 ObjectName;
    ULONG Attributes;
    ULONG64 SecurityDescriptor;
    ULONG64 SecurityQualityOfService;
} OBJECT_ATTRIBUTES64, *POBJECT_ATTRIBUTES64;

The only change required here is using DECLSPEC_ALIGN(16) or __declspec(align(16))

👍

About three years ago, when I am a newbie of C/C++, I wrote an e-mail to @wj32 for asking the permission of using the phnt lib because it contains plenty of NT APIs and it looks fashion.

Dear wj32

I find the phnt lib when I was searching for information about Native API a few days ago.

I modify it and want to add it into my open source project which is distributed under The MIT License.

But the Process Hacker is distributed under the GNU GPL version 3. So I want to ask you for the permission.

I will add your permission text into the readme of my project

I am looking forward to hearing from you.

Yours,
Mouri

Here was his reply.

I'm not clear on the copyright status of API headers, but sorry I will not relicense such a big part of the project under MIT.
Nevertheless some say that headers cannot be copyrighted and have copied phnt verbatim anyway without asking me. So do what you will...

I'm very grateful to him. And made some modifications and create a repo at https://github.com/Chuyu-Team/NativeLib and distributed under the Public Domain because he said "So do what you will..." to me and it's a way for me to thank him.

All these years have passed. I am not crazy about the NT APIs any more. I have archived the work uses the NT APIs at https://github.com/M2Team/M2-SDK and rewritten my work with the documented APIs.

But I have found the repo recently, and I am happy to know this repo. I want to provide some suggestions to the owner. That's what my modified version does.

1. Please provide the version which the header files are amalgamated. I don't like include plenty of headers. You can read https://github.com/nlohmann/json/tree/develop/third_party/amalgamate and may get some help.
2. Use definitions in SDKDDKVer.h instead of something like PHNT_WIN2K.
3. Compatible with /W4 /WX.

I hope my advice will be adopted.

Mouri

It looks like the files upstream are already licensed under MIT. Would it be possible to change the license here as well to match?

#define RTL_HEAP_UNCOMMITTED_RANGE (USHORT)0x1000
#define RTL_HEAP_PROTECTED_ENTRY (USHORT)0x2000
#define RTL_HEAP_LARGE_ALLOC (USHORT)0x4000
#define RTL_HEAP_LFH_ALLOC (USHORT)0x8000

According to my research:

NTSYSCALLAPI
BOOLEAN
NTAPI
ZwWow64IsProcessorFeaturePresent(
    _In_ ULONG ProcessorFeature
    );

This isn't really an issue, but more that I felt I should share my experience in hopes that it might save other people several hours of trying to make sense of Windows header files should they find themselves in a similar scenario.

By default you can't include phnt in ATL projects because of various header conflicts, such as missing declarations, etc.

So to get them to play nice, all you have to do is:

• Comment out or remove the #define CINTERFACE lines in phnt_windows.h. ATL doesn't like CINTERFACE declarations for COM objects apparently.
• Put #include <cguid.h> before you include atlbase.h. This is due to INITGUID being defined by phnt, which causes it to get excluded, but it has has some GUID declarations that ATL depends on like GUID_NULL which are only available as externs in this file.

Anyway, I hope this will help someone. I'm going to just close this issue since there's no problem with phnt. Thanks for your efforts~ 🙃

For a project of mine I am using phnt and also winsock but for some reason I am getting an ambiguous symbol error during compilation due to in_addr and I noticed that this symbol is also defined in ntrtl, is there some way to work around this? I've tried everything from including winsock2 first and completely removing it (but then I would be missing the necessary symbols and functions I need).

https://github.com/processhacker/phnt/blob/master/ntrtl.h#L5383

As for Windows 11 22H2, there's new system call for IORing like NtCreateIoRing and NtSubmitIoRing

https://learn.microsoft.com/en-us/windows/win32/api/ioringapi/nf-ioringapi-createioring
https://learn.microsoft.com/en-us/windows/win32/api/ioringapi/nf-ioringapi-submitioring

It would be nice If I can concat multiple Unicode String array with just a single function.

Hi!
Placing these headers into a standalone repo was a nice step, and I personally waited for it for a long time. Anyway, I see that processhacker repository have own copy of these headers - plus, unlike this repo, they're beeing updated there.

Are there any plans to keep headers in this repository up-to-date with headers in processhacker repo, or - maybe even better - to make this repo as a git submodule in the processhacker's repository?

The latest version doesn't work when you do:

#include <phnt_windows.h>
#include <phnt.h>

Because of:

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQueueApcThreadEx2(
    _In_ HANDLE ThreadHandle,
    _In_opt_ HANDLE ReserveHandle, // NtAllocateReserveObject
    _In_ QUEUE_USER_APC_FLAGS ApcFlags, // <== errors here
    _In_ PPS_APC_ROUTINE ApcRoutine,
    _In_opt_ PVOID ApcArgument1,
    _In_opt_ PVOID ApcArgument2,
    _In_opt_ PVOID ApcArgument3
    );

This API should probably be guarded by a Windows 11 check?