[PATCH v4 0/4] MR4761: ntdll: Implement NtContinueEx()

List overview All Threads

newer

older

[PATCH v11 0/1] MR4720: Implement...

[PATCH 0/2] MR4883: ntoskrnl: Use...

Dāvis Mosāns (davispuh) (＠davispuh)

23 Jan 2024 23 Jan '24

noon

This MR implements `NtContinueEx(PCONTEXT, PCONTINUE_OPTIONS)` which was added in Windows 10 20H1.

Also added basic test reusing existing `test_continue()` (included from !4720)

League of Legends game hooks `NtContinue()` and `NtContinueEx()` by putting `jmp` instruction in front of it.

Note that LoL doesn't actually use `NtContinueEx()` itself and game will work fine without it but if game doesn't find `NtContinueEx()` it will permanently ban your account due to detecting "scripting program"

-- v4: ntdll/tests: Add basic test for NtContinueEx() ntdll: NtContinueEx() handle few error cases ntdll: Implement NtContinueEx() ntdll/tests: Implement test_continue() for amd64

https://gitlab.winehq.org/wine/wine/-/merge_requests/4761

Show replies by date

Dāvis Mosāns

23 Jan 23 Jan

noon

New subject: [PATCH v4 1/4] ntdll/tests: Implement test_continue() for amd64

From: Dāvis Mosāns davispuh@gmail.com

Co-authored-by: Jinoh Kang jinoh.kang.kr@gmail.com --- dlls/ntdll/tests/exception.c | 164 +++++++++++++++++++++++++++++++++++ 1 file changed, 164 insertions(+)

diff --git a/dlls/ntdll/tests/exception.c b/dlls/ntdll/tests/exception.c index 5917196a0cf..227efbfcac8 100644 --- a/dlls/ntdll/tests/exception.c +++ b/dlls/ntdll/tests/exception.c @@ -4425,6 +4425,169 @@ static void test_thread_context(void) #undef COMPARE }

+static void test_continue(void) +{ + struct context_pair { + CONTEXT before; + CONTEXT after; + } contexts; + NTSTATUS (*func_ptr)( struct context_pair *, BOOL alertable, void *continue_func, void *capture_func ) = code_mem; + int i; + + static const BYTE call_func[] = + { + /* ret at 8*13(rsp) */ + + /* need to preserve these */ + 0x53, /* push %rbx; 8*12(rsp) */ + 0x55, /* push %rbp; 8*11(rsp) */ + 0x56, /* push %rsi; 8*10(rsp) */ + 0x57, /* push %rdi; 8*9(rsp) */ + 0x41, 0x54, /* push %r12; 8*8(rsp) */ + 0x41, 0x55, /* push %r13; 8*7(rsp) */ + 0x41, 0x56, /* push %r14; 8*6(rsp) */ + 0x41, 0x57, /* push %r15; 8*5(rsp) */ + + 0x48, 0x83, 0xec, 0x28, /* sub $0x28, %rsp; reserve space for rsp and outgoing reg params */ + 0x48, 0x89, 0x64, 0x24, 0x20, /* mov %rsp, 8*4(%rsp); for stack validation */ + + /* save args */ + 0x48, 0x89, 0x4c, 0x24, 0x70, /* mov %rcx, 8*14(%rsp) */ + 0x48, 0x89, 0x54, 0x24, 0x78, /* mov %rdx, 8*15(%rsp) */ + 0x4c, 0x89, 0x84, 0x24, 0x80, 0x00, 0x00, 0x00, /* mov %r8, 8*16(%rsp) */ + 0x4c, 0x89, 0x8c, 0x24, 0x88, 0x00, 0x00, 0x00, /* mov %r9, 8*17(%rsp) */ + + /* invoke capture context */ + 0x41, 0xff, 0xd1, /* call *%r9 */ + + /* overwrite general registers */ + 0x48, 0xb8, 0xef, 0xbe, 0xad, 0xde, 0xef, 0xbe, 0xad, 0xde, /* movabs $0xdeadbeefdeadbeef, %rax */ + 0x48, 0x89, 0xc1, /* mov %rax, %rcx */ + 0x48, 0x89, 0xc2, /* mov %rax, %rdx */ + 0x48, 0x89, 0xc3, /* mov %rax, %rbx */ + 0x48, 0x89, 0xc5, /* mov %rax, %rbp */ + 0x48, 0x89, 0xc6, /* mov %rax, %rsi */ + 0x48, 0x89, 0xc7, /* mov %rax, %rdi */ + 0x49, 0x89, 0xc0, /* mov %rax, %r8 */ + 0x49, 0x89, 0xc1, /* mov %rax, %r9 */ + 0x49, 0x89, 0xc2, /* mov %rax, %r10 */ + 0x49, 0x89, 0xc3, /* mov %rax, %r11 */ + 0x49, 0x89, 0xc4, /* mov %rax, %r12 */ + 0x49, 0x89, 0xc5, /* mov %rax, %r13 */ + 0x49, 0x89, 0xc6, /* mov %rax, %r14 */ + 0x49, 0x89, 0xc7, /* mov %rax, %r15 */ + + /* overwrite SSE registers */ + 0x66, 0x48, 0x0f, 0x6e, 0xc0, /* movq %rax, %xmm0 */ + 0x66, 0x0f, 0x6c, 0xc0, /* punpcklqdq %xmm0, %xmm0; extend to high quadword */ + 0x0f, 0x28, 0xc8, /* movaps %xmm0, %xmm1 */ + 0x0f, 0x28, 0xd0, /* movaps %xmm0, %xmm2 */ + 0x0f, 0x28, 0xd8, /* movaps %xmm0, %xmm3 */ + 0x0f, 0x28, 0xe0, /* movaps %xmm0, %xmm4 */ + 0x0f, 0x28, 0xe8, /* movaps %xmm0, %xmm5 */ + 0x0f, 0x28, 0xf0, /* movaps %xmm0, %xmm6 */ + 0x0f, 0x28, 0xf8, /* movaps %xmm0, %xmm7 */ + 0x44, 0x0f, 0x28, 0xc0, /* movaps %xmm0, %xmm8 */ + 0x44, 0x0f, 0x28, 0xc8, /* movaps %xmm0, %xmm9 */ + 0x44, 0x0f, 0x28, 0xd0, /* movaps %xmm0, %xmm10 */ + 0x44, 0x0f, 0x28, 0xd8, /* movaps %xmm0, %xmm11 */ + 0x44, 0x0f, 0x28, 0xe0, /* movaps %xmm0, %xmm12 */ + 0x44, 0x0f, 0x28, 0xe8, /* movaps %xmm0, %xmm13 */ + 0x44, 0x0f, 0x28, 0xf0, /* movaps %xmm0, %xmm14 */ + 0x44, 0x0f, 0x28, 0xf8, /* movaps %xmm0, %xmm15 */ + + /* FIXME: overwrite debug, x87 FPU and AVX registers to test those */ + + /* load args */ + 0x48, 0x8b, 0x4c, 0x24, 0x70, /* mov 8*14(%rsp), %rcx; context */ + 0x48, 0x8b, 0x54, 0x24, 0x78, /* mov 8*15(%rsp), %rdx; alertable */ + 0x48, 0x83, 0xec, 0x70, /* sub $0x70, %rsp; change stack */ + + /* setup context to return to label 1 */ + 0x48, 0x8d, 0x05, 0x18, 0x00, 0x00, 0x00, /* lea 1f(%rip), %rax */ + 0x48, 0x89, 0x81, 0xf8, 0x00, 0x00, 0x00, /* mov %rax, 0xf8(%rcx); context.Rip */ + + /* flip some EFLAGS */ + 0x9c, /* pushf */ + /* + 0x0001 Carry flag + 0x0004 Parity flag + 0x0010 Auxiliary Carry flag + 0x0040 Zero flag + 0x0080 Sign flag + FIXME: 0x0400 Direction flag - not changing as it breaks Wine + 0x0800 Overflow flag + ~0x4000~ Nested task flag - not changing - breaks Wine + = 0x8d5 + */ + 0x48, 0x81, 0x34, 0x24, 0xd5, 0x08, 0x00, 0x00, /* xorq $0x8d5, (%rsp) */ + 0x9d, /* popf */ + + /* invoke NtContinue... */ + 0xff, 0x94, 0x24, 0xf0, 0x00, 0x00, 0x00, /* call *8*16+0x70(%rsp) */ + + /* validate stack pointer */ + 0x48, 0x3b, 0x64, 0x24, 0x20, /* 1: cmp 0x20(%rsp), %rsp */ + 0x74, 0x02, /* je 2f; jump over ud2 */ + 0x0f, 0x0b, /* ud2; stack pointer invalid, let's crash */ + + /* invoke capture context */ + 0x48, 0x8b, 0x4c, 0x24, 0x70, /* 2: mov 8*14(%rsp), %rcx; context */ + 0x48, 0x81, 0xc1, 0xd0, 0x04, 0x00, 0x00, /* add $0x4d0, %rcx; +sizeof(CONTEXT) to get context->after */ + 0xff, 0x94, 0x24, 0x88, 0x00, 0x00, 0x00, /* call *8*17(%rsp) */ + + /* free stack */ + 0x48, 0x83, 0xc4, 0x28, /* add $0x28, %rsp */ + + /* restore back */ + 0x41, 0x5f, /* pop %r15 */ + 0x41, 0x5e, /* pop %r14 */ + 0x41, 0x5d, /* pop %r13 */ + 0x41, 0x5c, /* pop %r12 */ + 0x5f, /* pop %rdi */ + 0x5e, /* pop %rsi */ + 0x5d, /* pop %rbp */ + 0x5b, /* pop %rbx */ + 0xc3 /* ret */ + }; + + if (!pRtlCaptureContext) + { + win_skip("RtlCaptureContext is not available.\n"); + return; + } + + memcpy( func_ptr, call_func, sizeof(call_func) ); + FlushInstructionCache( GetCurrentProcess(), func_ptr, sizeof(call_func) ); + + func_ptr( &contexts, FALSE, NtContinue, pRtlCaptureContext ); + +#define COMPARE(reg) \ + ok( contexts.before.reg == contexts.after.reg, "wrong " #reg " %p/%p\n", (void *)(ULONG64)contexts.before.reg, (void *)(ULONG64)contexts.after.reg ) + + COMPARE( Rax ); + COMPARE( Rdx ); + COMPARE( Rbx ); + COMPARE( Rbp ); + COMPARE( Rsi ); + COMPARE( Rdi ); + COMPARE( R8 ); + COMPARE( R9 ); + COMPARE( R10 ); + COMPARE( R11 ); + COMPARE( R12 ); + COMPARE( R13 ); + COMPARE( R14 ); + COMPARE( R15 ); + + for (i = 0; i < 16; i++) + ok( !memcmp( &contexts.before.Xmm0 + i, &contexts.after.Xmm0 + i, sizeof(contexts.before.Xmm0) ), + "wrong xmm%u %08I64x%08I64x/%08I64x%08I64x\n", i, *(&contexts.before.Xmm0.High + i*2), *(&contexts.before.Xmm0.Low + i*2), + *(&contexts.after.Xmm0.High + i*2), *(&contexts.after.Xmm0.Low + i*2) ); + +#undef COMPARE +} + static void test_wow64_context(void) { const char appname[] = "C:\windows\syswow64\cmd.exe"; @@ -12471,6 +12634,7 @@ START_TEST(exception) test_debug_registers_wow64(); test_debug_service(1); test_simd_exceptions(); + test_continue(); test_virtual_unwind(); test___C_specific_handler(); test_restore_context();

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4761

Dāvis Mosāns

noon

New subject: [PATCH v4 2/4] ntdll: Implement NtContinueEx()

From: Dāvis Mosāns davispuh@gmail.com

Implement NtContinueEx(PCONTEXT, PCONTINUE_OPTIONS) which was added in Windows 10 20H1

Co-authored-by: Etaash Mathamsetty etaash.mathamsetty@gmail.com --- dlls/ntdll/ntdll.spec | 2 + dlls/ntdll/ntsyscalls.h | 840 ++++++++++++++++++++------------------- dlls/ntdll/unix/server.c | 27 ++ dlls/wow64/syscall.c | 14 +- include/winternl.h | 21 + 5 files changed, 483 insertions(+), 421 deletions(-)

diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec index 18dddf928cf..77ab7440a7c 100644 --- a/dlls/ntdll/ntdll.spec +++ b/dlls/ntdll/ntdll.spec @@ -167,6 +167,7 @@ # @ stub NtCompressKey @ stdcall -syscall NtConnectPort(ptr ptr ptr ptr ptr ptr ptr ptr) @ stdcall -syscall NtContinue(ptr long) +@ stdcall -syscall NtContinueEx(ptr ptr) @ stdcall -syscall NtCreateDebugObject(ptr long ptr long) @ stdcall -syscall NtCreateDirectoryObject(ptr long ptr) @ stdcall -syscall NtCreateEvent(ptr long ptr long long) @@ -1217,6 +1218,7 @@ # @ stub ZwCompressKey @ stdcall -private -syscall ZwConnectPort(ptr ptr ptr ptr ptr ptr ptr ptr) NtConnectPort @ stdcall -private -syscall ZwContinue(ptr long) NtContinue +@ stdcall -private -syscall ZwContinueEx(ptr ptr) NtContinueEx # @ stub ZwCreateDebugObject @ stdcall -private -syscall ZwCreateDirectoryObject(ptr long ptr) NtCreateDirectoryObject @ stdcall -private -syscall ZwCreateEvent(ptr long ptr long long) NtCreateEvent diff --git a/dlls/ntdll/ntsyscalls.h b/dlls/ntdll/ntsyscalls.h index 10813ee977d..d1ee16b2785 100644 --- a/dlls/ntdll/ntsyscalls.h +++ b/dlls/ntdll/ntsyscalls.h @@ -29,218 +29,219 @@ SYSCALL_ENTRY( 0x0019, NtCompleteConnectPort, 4 ) \ SYSCALL_ENTRY( 0x001a, NtConnectPort, 32 ) \ SYSCALL_ENTRY( 0x001b, NtContinue, 8 ) \ - SYSCALL_ENTRY( 0x001c, NtCreateDebugObject, 16 ) \ - SYSCALL_ENTRY( 0x001d, NtCreateDirectoryObject, 12 ) \ - SYSCALL_ENTRY( 0x001e, NtCreateEvent, 20 ) \ - SYSCALL_ENTRY( 0x001f, NtCreateFile, 44 ) \ - SYSCALL_ENTRY( 0x0020, NtCreateIoCompletion, 16 ) \ - SYSCALL_ENTRY( 0x0021, NtCreateJobObject, 12 ) \ - SYSCALL_ENTRY( 0x0022, NtCreateKey, 28 ) \ - SYSCALL_ENTRY( 0x0023, NtCreateKeyTransacted, 32 ) \ - SYSCALL_ENTRY( 0x0024, NtCreateKeyedEvent, 16 ) \ - SYSCALL_ENTRY( 0x0025, NtCreateLowBoxToken, 36 ) \ - SYSCALL_ENTRY( 0x0026, NtCreateMailslotFile, 32 ) \ - SYSCALL_ENTRY( 0x0027, NtCreateMutant, 16 ) \ - SYSCALL_ENTRY( 0x0028, NtCreateNamedPipeFile, 56 ) \ - SYSCALL_ENTRY( 0x0029, NtCreatePagingFile, 16 ) \ - SYSCALL_ENTRY( 0x002a, NtCreatePort, 20 ) \ - SYSCALL_ENTRY( 0x002b, NtCreateSection, 28 ) \ - SYSCALL_ENTRY( 0x002c, NtCreateSemaphore, 20 ) \ - SYSCALL_ENTRY( 0x002d, NtCreateSymbolicLinkObject, 16 ) \ - SYSCALL_ENTRY( 0x002e, NtCreateThread, 32 ) \ - SYSCALL_ENTRY( 0x002f, NtCreateThreadEx, 44 ) \ - SYSCALL_ENTRY( 0x0030, NtCreateTimer, 16 ) \ - SYSCALL_ENTRY( 0x0031, NtCreateToken, 52 ) \ - SYSCALL_ENTRY( 0x0032, NtCreateTransaction, 40 ) \ - SYSCALL_ENTRY( 0x0033, NtCreateUserProcess, 44 ) \ - SYSCALL_ENTRY( 0x0034, NtDebugActiveProcess, 8 ) \ - SYSCALL_ENTRY( 0x0035, NtDebugContinue, 12 ) \ - SYSCALL_ENTRY( 0x0036, NtDelayExecution, 8 ) \ - SYSCALL_ENTRY( 0x0037, NtDeleteAtom, 4 ) \ - SYSCALL_ENTRY( 0x0038, NtDeleteFile, 4 ) \ - SYSCALL_ENTRY( 0x0039, NtDeleteKey, 4 ) \ - SYSCALL_ENTRY( 0x003a, NtDeleteValueKey, 8 ) \ - SYSCALL_ENTRY( 0x003b, NtDeviceIoControlFile, 40 ) \ - SYSCALL_ENTRY( 0x003c, NtDisplayString, 4 ) \ - SYSCALL_ENTRY( 0x003d, NtDuplicateObject, 28 ) \ - SYSCALL_ENTRY( 0x003e, NtDuplicateToken, 24 ) \ - SYSCALL_ENTRY( 0x003f, NtEnumerateKey, 24 ) \ - SYSCALL_ENTRY( 0x0040, NtEnumerateValueKey, 24 ) \ - SYSCALL_ENTRY( 0x0041, NtFilterToken, 24 ) \ - SYSCALL_ENTRY( 0x0042, NtFindAtom, 12 ) \ - SYSCALL_ENTRY( 0x0043, NtFlushBuffersFile, 8 ) \ - SYSCALL_ENTRY( 0x0044, NtFlushInstructionCache, 12 ) \ - SYSCALL_ENTRY( 0x0045, NtFlushKey, 4 ) \ - SYSCALL_ENTRY( 0x0046, NtFlushProcessWriteBuffers, 0 ) \ - SYSCALL_ENTRY( 0x0047, NtFlushVirtualMemory, 16 ) \ - SYSCALL_ENTRY( 0x0048, NtFreeVirtualMemory, 16 ) \ - SYSCALL_ENTRY( 0x0049, NtFsControlFile, 40 ) \ - SYSCALL_ENTRY( 0x004a, NtGetContextThread, 8 ) \ - SYSCALL_ENTRY( 0x004b, NtGetCurrentProcessorNumber, 0 ) \ - SYSCALL_ENTRY( 0x004c, NtGetNextThread, 24 ) \ - SYSCALL_ENTRY( 0x004d, NtGetNlsSectionPtr, 20 ) \ - SYSCALL_ENTRY( 0x004e, NtGetWriteWatch, 28 ) \ - SYSCALL_ENTRY( 0x004f, NtImpersonateAnonymousToken, 4 ) \ - SYSCALL_ENTRY( 0x0050, NtInitializeNlsFiles, 12 ) \ - SYSCALL_ENTRY( 0x0051, NtInitiatePowerAction, 16 ) \ - SYSCALL_ENTRY( 0x0052, NtIsProcessInJob, 8 ) \ - SYSCALL_ENTRY( 0x0053, NtListenPort, 8 ) \ - SYSCALL_ENTRY( 0x0054, NtLoadDriver, 4 ) \ - SYSCALL_ENTRY( 0x0055, NtLoadKey, 8 ) \ - SYSCALL_ENTRY( 0x0056, NtLoadKey2, 12 ) \ - SYSCALL_ENTRY( 0x0057, NtLoadKeyEx, 32 ) \ - SYSCALL_ENTRY( 0x0058, NtLockFile, 40 ) \ - SYSCALL_ENTRY( 0x0059, NtLockVirtualMemory, 16 ) \ - SYSCALL_ENTRY( 0x005a, NtMakeTemporaryObject, 4 ) \ - SYSCALL_ENTRY( 0x005b, NtMapViewOfSection, 40 ) \ - SYSCALL_ENTRY( 0x005c, NtMapViewOfSectionEx, 36 ) \ - SYSCALL_ENTRY( 0x005d, NtNotifyChangeDirectoryFile, 36 ) \ - SYSCALL_ENTRY( 0x005e, NtNotifyChangeKey, 40 ) \ - SYSCALL_ENTRY( 0x005f, NtNotifyChangeMultipleKeys, 48 ) \ - SYSCALL_ENTRY( 0x0060, NtOpenDirectoryObject, 12 ) \ - SYSCALL_ENTRY( 0x0061, NtOpenEvent, 12 ) \ - SYSCALL_ENTRY( 0x0062, NtOpenFile, 24 ) \ - SYSCALL_ENTRY( 0x0063, NtOpenIoCompletion, 12 ) \ - SYSCALL_ENTRY( 0x0064, NtOpenJobObject, 12 ) \ - SYSCALL_ENTRY( 0x0065, NtOpenKey, 12 ) \ - SYSCALL_ENTRY( 0x0066, NtOpenKeyEx, 16 ) \ - SYSCALL_ENTRY( 0x0067, NtOpenKeyTransacted, 16 ) \ - SYSCALL_ENTRY( 0x0068, NtOpenKeyTransactedEx, 20 ) \ - SYSCALL_ENTRY( 0x0069, NtOpenKeyedEvent, 12 ) \ - SYSCALL_ENTRY( 0x006a, NtOpenMutant, 12 ) \ - SYSCALL_ENTRY( 0x006b, NtOpenProcess, 16 ) \ - SYSCALL_ENTRY( 0x006c, NtOpenProcessToken, 12 ) \ - SYSCALL_ENTRY( 0x006d, NtOpenProcessTokenEx, 16 ) \ - SYSCALL_ENTRY( 0x006e, NtOpenSection, 12 ) \ - SYSCALL_ENTRY( 0x006f, NtOpenSemaphore, 12 ) \ - SYSCALL_ENTRY( 0x0070, NtOpenSymbolicLinkObject, 12 ) \ - SYSCALL_ENTRY( 0x0071, NtOpenThread, 16 ) \ - SYSCALL_ENTRY( 0x0072, NtOpenThreadToken, 16 ) \ - SYSCALL_ENTRY( 0x0073, NtOpenThreadTokenEx, 20 ) \ - SYSCALL_ENTRY( 0x0074, NtOpenTimer, 12 ) \ - SYSCALL_ENTRY( 0x0075, NtPowerInformation, 20 ) \ - SYSCALL_ENTRY( 0x0076, NtPrivilegeCheck, 12 ) \ - SYSCALL_ENTRY( 0x0077, NtProtectVirtualMemory, 20 ) \ - SYSCALL_ENTRY( 0x0078, NtPulseEvent, 8 ) \ - SYSCALL_ENTRY( 0x0079, NtQueryAttributesFile, 8 ) \ - SYSCALL_ENTRY( 0x007a, NtQueryDefaultLocale, 8 ) \ - SYSCALL_ENTRY( 0x007b, NtQueryDefaultUILanguage, 4 ) \ - SYSCALL_ENTRY( 0x007c, NtQueryDirectoryFile, 44 ) \ - SYSCALL_ENTRY( 0x007d, NtQueryDirectoryObject, 28 ) \ - SYSCALL_ENTRY( 0x007e, NtQueryEaFile, 36 ) \ - SYSCALL_ENTRY( 0x007f, NtQueryEvent, 20 ) \ - SYSCALL_ENTRY( 0x0080, NtQueryFullAttributesFile, 8 ) \ - SYSCALL_ENTRY( 0x0081, NtQueryInformationAtom, 20 ) \ - SYSCALL_ENTRY( 0x0082, NtQueryInformationFile, 20 ) \ - SYSCALL_ENTRY( 0x0083, NtQueryInformationJobObject, 20 ) \ - SYSCALL_ENTRY( 0x0084, NtQueryInformationProcess, 20 ) \ - SYSCALL_ENTRY( 0x0085, NtQueryInformationThread, 20 ) \ - SYSCALL_ENTRY( 0x0086, NtQueryInformationToken, 20 ) \ - SYSCALL_ENTRY( 0x0087, NtQueryInstallUILanguage, 4 ) \ - SYSCALL_ENTRY( 0x0088, NtQueryIoCompletion, 20 ) \ - SYSCALL_ENTRY( 0x0089, NtQueryKey, 20 ) \ - SYSCALL_ENTRY( 0x008a, NtQueryLicenseValue, 20 ) \ - SYSCALL_ENTRY( 0x008b, NtQueryMultipleValueKey, 24 ) \ - SYSCALL_ENTRY( 0x008c, NtQueryMutant, 20 ) \ - SYSCALL_ENTRY( 0x008d, NtQueryObject, 20 ) \ - SYSCALL_ENTRY( 0x008e, NtQueryPerformanceCounter, 8 ) \ - SYSCALL_ENTRY( 0x008f, NtQuerySection, 20 ) \ - SYSCALL_ENTRY( 0x0090, NtQuerySecurityObject, 20 ) \ - SYSCALL_ENTRY( 0x0091, NtQuerySemaphore, 20 ) \ - SYSCALL_ENTRY( 0x0092, NtQuerySymbolicLinkObject, 12 ) \ - SYSCALL_ENTRY( 0x0093, NtQuerySystemEnvironmentValue, 16 ) \ - SYSCALL_ENTRY( 0x0094, NtQuerySystemEnvironmentValueEx, 20 ) \ - SYSCALL_ENTRY( 0x0095, NtQuerySystemInformation, 16 ) \ - SYSCALL_ENTRY( 0x0096, NtQuerySystemInformationEx, 24 ) \ - SYSCALL_ENTRY( 0x0097, NtQuerySystemTime, 4 ) \ - SYSCALL_ENTRY( 0x0098, NtQueryTimer, 20 ) \ - SYSCALL_ENTRY( 0x0099, NtQueryTimerResolution, 12 ) \ - SYSCALL_ENTRY( 0x009a, NtQueryValueKey, 24 ) \ - SYSCALL_ENTRY( 0x009b, NtQueryVirtualMemory, 24 ) \ - SYSCALL_ENTRY( 0x009c, NtQueryVolumeInformationFile, 20 ) \ - SYSCALL_ENTRY( 0x009d, NtQueueApcThread, 20 ) \ - SYSCALL_ENTRY( 0x009e, NtRaiseException, 12 ) \ - SYSCALL_ENTRY( 0x009f, NtRaiseHardError, 24 ) \ - SYSCALL_ENTRY( 0x00a0, NtReadFile, 36 ) \ - SYSCALL_ENTRY( 0x00a1, NtReadFileScatter, 36 ) \ - SYSCALL_ENTRY( 0x00a2, NtReadVirtualMemory, 20 ) \ - SYSCALL_ENTRY( 0x00a3, NtRegisterThreadTerminatePort, 4 ) \ - SYSCALL_ENTRY( 0x00a4, NtReleaseKeyedEvent, 16 ) \ - SYSCALL_ENTRY( 0x00a5, NtReleaseMutant, 8 ) \ - SYSCALL_ENTRY( 0x00a6, NtReleaseSemaphore, 12 ) \ - SYSCALL_ENTRY( 0x00a7, NtRemoveIoCompletion, 20 ) \ - SYSCALL_ENTRY( 0x00a8, NtRemoveIoCompletionEx, 24 ) \ - SYSCALL_ENTRY( 0x00a9, NtRemoveProcessDebug, 8 ) \ - SYSCALL_ENTRY( 0x00aa, NtRenameKey, 8 ) \ - SYSCALL_ENTRY( 0x00ab, NtReplaceKey, 12 ) \ - SYSCALL_ENTRY( 0x00ac, NtReplyWaitReceivePort, 16 ) \ - SYSCALL_ENTRY( 0x00ad, NtRequestWaitReplyPort, 12 ) \ - SYSCALL_ENTRY( 0x00ae, NtResetEvent, 8 ) \ - SYSCALL_ENTRY( 0x00af, NtResetWriteWatch, 12 ) \ - SYSCALL_ENTRY( 0x00b0, NtRestoreKey, 12 ) \ - SYSCALL_ENTRY( 0x00b1, NtResumeProcess, 4 ) \ - SYSCALL_ENTRY( 0x00b2, NtResumeThread, 8 ) \ - SYSCALL_ENTRY( 0x00b3, NtRollbackTransaction, 8 ) \ - SYSCALL_ENTRY( 0x00b4, NtSaveKey, 8 ) \ - SYSCALL_ENTRY( 0x00b5, NtSecureConnectPort, 36 ) \ - SYSCALL_ENTRY( 0x00b6, NtSetContextThread, 8 ) \ - SYSCALL_ENTRY( 0x00b7, NtSetDebugFilterState, 12 ) \ - SYSCALL_ENTRY( 0x00b8, NtSetDefaultLocale, 8 ) \ - SYSCALL_ENTRY( 0x00b9, NtSetDefaultUILanguage, 4 ) \ - SYSCALL_ENTRY( 0x00ba, NtSetEaFile, 16 ) \ - SYSCALL_ENTRY( 0x00bb, NtSetEvent, 8 ) \ - SYSCALL_ENTRY( 0x00bc, NtSetInformationDebugObject, 20 ) \ - SYSCALL_ENTRY( 0x00bd, NtSetInformationFile, 20 ) \ - SYSCALL_ENTRY( 0x00be, NtSetInformationJobObject, 16 ) \ - SYSCALL_ENTRY( 0x00bf, NtSetInformationKey, 16 ) \ - SYSCALL_ENTRY( 0x00c0, NtSetInformationObject, 16 ) \ - SYSCALL_ENTRY( 0x00c1, NtSetInformationProcess, 16 ) \ - SYSCALL_ENTRY( 0x00c2, NtSetInformationThread, 16 ) \ - SYSCALL_ENTRY( 0x00c3, NtSetInformationToken, 16 ) \ - SYSCALL_ENTRY( 0x00c4, NtSetInformationVirtualMemory, 24 ) \ - SYSCALL_ENTRY( 0x00c5, NtSetIntervalProfile, 8 ) \ - SYSCALL_ENTRY( 0x00c6, NtSetIoCompletion, 20 ) \ - SYSCALL_ENTRY( 0x00c7, NtSetLdtEntries, 24 ) \ - SYSCALL_ENTRY( 0x00c8, NtSetSecurityObject, 12 ) \ - SYSCALL_ENTRY( 0x00c9, NtSetSystemInformation, 12 ) \ - SYSCALL_ENTRY( 0x00ca, NtSetSystemTime, 8 ) \ - SYSCALL_ENTRY( 0x00cb, NtSetThreadExecutionState, 8 ) \ - SYSCALL_ENTRY( 0x00cc, NtSetTimer, 28 ) \ - SYSCALL_ENTRY( 0x00cd, NtSetTimerResolution, 12 ) \ - SYSCALL_ENTRY( 0x00ce, NtSetValueKey, 24 ) \ - SYSCALL_ENTRY( 0x00cf, NtSetVolumeInformationFile, 20 ) \ - SYSCALL_ENTRY( 0x00d0, NtShutdownSystem, 4 ) \ - SYSCALL_ENTRY( 0x00d1, NtSignalAndWaitForSingleObject, 16 ) \ - SYSCALL_ENTRY( 0x00d2, NtSuspendProcess, 4 ) \ - SYSCALL_ENTRY( 0x00d3, NtSuspendThread, 8 ) \ - SYSCALL_ENTRY( 0x00d4, NtSystemDebugControl, 24 ) \ - SYSCALL_ENTRY( 0x00d5, NtTerminateJobObject, 8 ) \ - SYSCALL_ENTRY( 0x00d6, NtTerminateProcess, 8 ) \ - SYSCALL_ENTRY( 0x00d7, NtTerminateThread, 8 ) \ - SYSCALL_ENTRY( 0x00d8, NtTestAlert, 0 ) \ - SYSCALL_ENTRY( 0x00d9, NtTraceControl, 24 ) \ - SYSCALL_ENTRY( 0x00da, NtUnloadDriver, 4 ) \ - SYSCALL_ENTRY( 0x00db, NtUnloadKey, 4 ) \ - SYSCALL_ENTRY( 0x00dc, NtUnlockFile, 20 ) \ - SYSCALL_ENTRY( 0x00dd, NtUnlockVirtualMemory, 16 ) \ - SYSCALL_ENTRY( 0x00de, NtUnmapViewOfSection, 8 ) \ - SYSCALL_ENTRY( 0x00df, NtUnmapViewOfSectionEx, 12 ) \ - SYSCALL_ENTRY( 0x00e0, NtWaitForAlertByThreadId, 8 ) \ - SYSCALL_ENTRY( 0x00e1, NtWaitForDebugEvent, 16 ) \ - SYSCALL_ENTRY( 0x00e2, NtWaitForKeyedEvent, 16 ) \ - SYSCALL_ENTRY( 0x00e3, NtWaitForMultipleObjects, 20 ) \ - SYSCALL_ENTRY( 0x00e4, NtWaitForSingleObject, 12 ) \ - SYSCALL_ENTRY( 0x00e5, NtWow64AllocateVirtualMemory64, 28 ) \ - SYSCALL_ENTRY( 0x00e6, NtWow64GetNativeSystemInformation, 16 ) \ - SYSCALL_ENTRY( 0x00e7, NtWow64IsProcessorFeaturePresent, 4 ) \ - SYSCALL_ENTRY( 0x00e8, NtWow64ReadVirtualMemory64, 28 ) \ - SYSCALL_ENTRY( 0x00e9, NtWow64WriteVirtualMemory64, 28 ) \ - SYSCALL_ENTRY( 0x00ea, NtWriteFile, 36 ) \ - SYSCALL_ENTRY( 0x00eb, NtWriteFileGather, 36 ) \ - SYSCALL_ENTRY( 0x00ec, NtWriteVirtualMemory, 20 ) \ - SYSCALL_ENTRY( 0x00ed, NtYieldExecution, 0 ) \ - SYSCALL_ENTRY( 0x00ee, wine_nt_to_unix_file_name, 16 ) \ - SYSCALL_ENTRY( 0x00ef, wine_unix_to_nt_file_name, 12 ) + SYSCALL_ENTRY( 0x001c, NtContinueEx, 8 ) \ + SYSCALL_ENTRY( 0x001d, NtCreateDebugObject, 16 ) \ + SYSCALL_ENTRY( 0x001e, NtCreateDirectoryObject, 12 ) \ + SYSCALL_ENTRY( 0x001f, NtCreateEvent, 20 ) \ + SYSCALL_ENTRY( 0x0020, NtCreateFile, 44 ) \ + SYSCALL_ENTRY( 0x0021, NtCreateIoCompletion, 16 ) \ + SYSCALL_ENTRY( 0x0022, NtCreateJobObject, 12 ) \ + SYSCALL_ENTRY( 0x0023, NtCreateKey, 28 ) \ + SYSCALL_ENTRY( 0x0024, NtCreateKeyTransacted, 32 ) \ + SYSCALL_ENTRY( 0x0025, NtCreateKeyedEvent, 16 ) \ + SYSCALL_ENTRY( 0x0026, NtCreateLowBoxToken, 36 ) \ + SYSCALL_ENTRY( 0x0027, NtCreateMailslotFile, 32 ) \ + SYSCALL_ENTRY( 0x0028, NtCreateMutant, 16 ) \ + SYSCALL_ENTRY( 0x0029, NtCreateNamedPipeFile, 56 ) \ + SYSCALL_ENTRY( 0x002a, NtCreatePagingFile, 16 ) \ + SYSCALL_ENTRY( 0x002b, NtCreatePort, 20 ) \ + SYSCALL_ENTRY( 0x002c, NtCreateSection, 28 ) \ + SYSCALL_ENTRY( 0x002d, NtCreateSemaphore, 20 ) \ + SYSCALL_ENTRY( 0x002e, NtCreateSymbolicLinkObject, 16 ) \ + SYSCALL_ENTRY( 0x002f, NtCreateThread, 32 ) \ + SYSCALL_ENTRY( 0x0030, NtCreateThreadEx, 44 ) \ + SYSCALL_ENTRY( 0x0031, NtCreateTimer, 16 ) \ + SYSCALL_ENTRY( 0x0032, NtCreateToken, 52 ) \ + SYSCALL_ENTRY( 0x0033, NtCreateTransaction, 40 ) \ + SYSCALL_ENTRY( 0x0034, NtCreateUserProcess, 44 ) \ + SYSCALL_ENTRY( 0x0035, NtDebugActiveProcess, 8 ) \ + SYSCALL_ENTRY( 0x0036, NtDebugContinue, 12 ) \ + SYSCALL_ENTRY( 0x0037, NtDelayExecution, 8 ) \ + SYSCALL_ENTRY( 0x0038, NtDeleteAtom, 4 ) \ + SYSCALL_ENTRY( 0x0039, NtDeleteFile, 4 ) \ + SYSCALL_ENTRY( 0x003a, NtDeleteKey, 4 ) \ + SYSCALL_ENTRY( 0x003b, NtDeleteValueKey, 8 ) \ + SYSCALL_ENTRY( 0x003c, NtDeviceIoControlFile, 40 ) \ + SYSCALL_ENTRY( 0x003d, NtDisplayString, 4 ) \ + SYSCALL_ENTRY( 0x003e, NtDuplicateObject, 28 ) \ + SYSCALL_ENTRY( 0x003f, NtDuplicateToken, 24 ) \ + SYSCALL_ENTRY( 0x0040, NtEnumerateKey, 24 ) \ + SYSCALL_ENTRY( 0x0041, NtEnumerateValueKey, 24 ) \ + SYSCALL_ENTRY( 0x0042, NtFilterToken, 24 ) \ + SYSCALL_ENTRY( 0x0043, NtFindAtom, 12 ) \ + SYSCALL_ENTRY( 0x0044, NtFlushBuffersFile, 8 ) \ + SYSCALL_ENTRY( 0x0045, NtFlushInstructionCache, 12 ) \ + SYSCALL_ENTRY( 0x0046, NtFlushKey, 4 ) \ + SYSCALL_ENTRY( 0x0047, NtFlushProcessWriteBuffers, 0 ) \ + SYSCALL_ENTRY( 0x0048, NtFlushVirtualMemory, 16 ) \ + SYSCALL_ENTRY( 0x0049, NtFreeVirtualMemory, 16 ) \ + SYSCALL_ENTRY( 0x004a, NtFsControlFile, 40 ) \ + SYSCALL_ENTRY( 0x004b, NtGetContextThread, 8 ) \ + SYSCALL_ENTRY( 0x004c, NtGetCurrentProcessorNumber, 0 ) \ + SYSCALL_ENTRY( 0x004d, NtGetNextThread, 24 ) \ + SYSCALL_ENTRY( 0x004e, NtGetNlsSectionPtr, 20 ) \ + SYSCALL_ENTRY( 0x004f, NtGetWriteWatch, 28 ) \ + SYSCALL_ENTRY( 0x0050, NtImpersonateAnonymousToken, 4 ) \ + SYSCALL_ENTRY( 0x0051, NtInitializeNlsFiles, 12 ) \ + SYSCALL_ENTRY( 0x0052, NtInitiatePowerAction, 16 ) \ + SYSCALL_ENTRY( 0x0053, NtIsProcessInJob, 8 ) \ + SYSCALL_ENTRY( 0x0054, NtListenPort, 8 ) \ + SYSCALL_ENTRY( 0x0055, NtLoadDriver, 4 ) \ + SYSCALL_ENTRY( 0x0056, NtLoadKey, 8 ) \ + SYSCALL_ENTRY( 0x0057, NtLoadKey2, 12 ) \ + SYSCALL_ENTRY( 0x0058, NtLoadKeyEx, 32 ) \ + SYSCALL_ENTRY( 0x0059, NtLockFile, 40 ) \ + SYSCALL_ENTRY( 0x005a, NtLockVirtualMemory, 16 ) \ + SYSCALL_ENTRY( 0x005b, NtMakeTemporaryObject, 4 ) \ + SYSCALL_ENTRY( 0x005c, NtMapViewOfSection, 40 ) \ + SYSCALL_ENTRY( 0x005d, NtMapViewOfSectionEx, 36 ) \ + SYSCALL_ENTRY( 0x005e, NtNotifyChangeDirectoryFile, 36 ) \ + SYSCALL_ENTRY( 0x005f, NtNotifyChangeKey, 40 ) \ + SYSCALL_ENTRY( 0x0060, NtNotifyChangeMultipleKeys, 48 ) \ + SYSCALL_ENTRY( 0x0061, NtOpenDirectoryObject, 12 ) \ + SYSCALL_ENTRY( 0x0062, NtOpenEvent, 12 ) \ + SYSCALL_ENTRY( 0x0063, NtOpenFile, 24 ) \ + SYSCALL_ENTRY( 0x0064, NtOpenIoCompletion, 12 ) \ + SYSCALL_ENTRY( 0x0065, NtOpenJobObject, 12 ) \ + SYSCALL_ENTRY( 0x0066, NtOpenKey, 12 ) \ + SYSCALL_ENTRY( 0x0067, NtOpenKeyEx, 16 ) \ + SYSCALL_ENTRY( 0x0068, NtOpenKeyTransacted, 16 ) \ + SYSCALL_ENTRY( 0x0069, NtOpenKeyTransactedEx, 20 ) \ + SYSCALL_ENTRY( 0x006a, NtOpenKeyedEvent, 12 ) \ + SYSCALL_ENTRY( 0x006b, NtOpenMutant, 12 ) \ + SYSCALL_ENTRY( 0x006c, NtOpenProcess, 16 ) \ + SYSCALL_ENTRY( 0x006d, NtOpenProcessToken, 12 ) \ + SYSCALL_ENTRY( 0x006e, NtOpenProcessTokenEx, 16 ) \ + SYSCALL_ENTRY( 0x006f, NtOpenSection, 12 ) \ + SYSCALL_ENTRY( 0x0070, NtOpenSemaphore, 12 ) \ + SYSCALL_ENTRY( 0x0071, NtOpenSymbolicLinkObject, 12 ) \ + SYSCALL_ENTRY( 0x0072, NtOpenThread, 16 ) \ + SYSCALL_ENTRY( 0x0073, NtOpenThreadToken, 16 ) \ + SYSCALL_ENTRY( 0x0074, NtOpenThreadTokenEx, 20 ) \ + SYSCALL_ENTRY( 0x0075, NtOpenTimer, 12 ) \ + SYSCALL_ENTRY( 0x0076, NtPowerInformation, 20 ) \ + SYSCALL_ENTRY( 0x0077, NtPrivilegeCheck, 12 ) \ + SYSCALL_ENTRY( 0x0078, NtProtectVirtualMemory, 20 ) \ + SYSCALL_ENTRY( 0x0079, NtPulseEvent, 8 ) \ + SYSCALL_ENTRY( 0x007a, NtQueryAttributesFile, 8 ) \ + SYSCALL_ENTRY( 0x007b, NtQueryDefaultLocale, 8 ) \ + SYSCALL_ENTRY( 0x007c, NtQueryDefaultUILanguage, 4 ) \ + SYSCALL_ENTRY( 0x007d, NtQueryDirectoryFile, 44 ) \ + SYSCALL_ENTRY( 0x007e, NtQueryDirectoryObject, 28 ) \ + SYSCALL_ENTRY( 0x007f, NtQueryEaFile, 36 ) \ + SYSCALL_ENTRY( 0x0080, NtQueryEvent, 20 ) \ + SYSCALL_ENTRY( 0x0081, NtQueryFullAttributesFile, 8 ) \ + SYSCALL_ENTRY( 0x0082, NtQueryInformationAtom, 20 ) \ + SYSCALL_ENTRY( 0x0083, NtQueryInformationFile, 20 ) \ + SYSCALL_ENTRY( 0x0084, NtQueryInformationJobObject, 20 ) \ + SYSCALL_ENTRY( 0x0085, NtQueryInformationProcess, 20 ) \ + SYSCALL_ENTRY( 0x0086, NtQueryInformationThread, 20 ) \ + SYSCALL_ENTRY( 0x0087, NtQueryInformationToken, 20 ) \ + SYSCALL_ENTRY( 0x0088, NtQueryInstallUILanguage, 4 ) \ + SYSCALL_ENTRY( 0x0089, NtQueryIoCompletion, 20 ) \ + SYSCALL_ENTRY( 0x008a, NtQueryKey, 20 ) \ + SYSCALL_ENTRY( 0x008b, NtQueryLicenseValue, 20 ) \ + SYSCALL_ENTRY( 0x008c, NtQueryMultipleValueKey, 24 ) \ + SYSCALL_ENTRY( 0x008d, NtQueryMutant, 20 ) \ + SYSCALL_ENTRY( 0x008e, NtQueryObject, 20 ) \ + SYSCALL_ENTRY( 0x008f, NtQueryPerformanceCounter, 8 ) \ + SYSCALL_ENTRY( 0x0090, NtQuerySection, 20 ) \ + SYSCALL_ENTRY( 0x0091, NtQuerySecurityObject, 20 ) \ + SYSCALL_ENTRY( 0x0092, NtQuerySemaphore, 20 ) \ + SYSCALL_ENTRY( 0x0093, NtQuerySymbolicLinkObject, 12 ) \ + SYSCALL_ENTRY( 0x0094, NtQuerySystemEnvironmentValue, 16 ) \ + SYSCALL_ENTRY( 0x0095, NtQuerySystemEnvironmentValueEx, 20 ) \ + SYSCALL_ENTRY( 0x0096, NtQuerySystemInformation, 16 ) \ + SYSCALL_ENTRY( 0x0097, NtQuerySystemInformationEx, 24 ) \ + SYSCALL_ENTRY( 0x0098, NtQuerySystemTime, 4 ) \ + SYSCALL_ENTRY( 0x0099, NtQueryTimer, 20 ) \ + SYSCALL_ENTRY( 0x009a, NtQueryTimerResolution, 12 ) \ + SYSCALL_ENTRY( 0x009b, NtQueryValueKey, 24 ) \ + SYSCALL_ENTRY( 0x009c, NtQueryVirtualMemory, 24 ) \ + SYSCALL_ENTRY( 0x009d, NtQueryVolumeInformationFile, 20 ) \ + SYSCALL_ENTRY( 0x009e, NtQueueApcThread, 20 ) \ + SYSCALL_ENTRY( 0x009f, NtRaiseException, 12 ) \ + SYSCALL_ENTRY( 0x00a0, NtRaiseHardError, 24 ) \ + SYSCALL_ENTRY( 0x00a1, NtReadFile, 36 ) \ + SYSCALL_ENTRY( 0x00a2, NtReadFileScatter, 36 ) \ + SYSCALL_ENTRY( 0x00a3, NtReadVirtualMemory, 20 ) \ + SYSCALL_ENTRY( 0x00a4, NtRegisterThreadTerminatePort, 4 ) \ + SYSCALL_ENTRY( 0x00a5, NtReleaseKeyedEvent, 16 ) \ + SYSCALL_ENTRY( 0x00a6, NtReleaseMutant, 8 ) \ + SYSCALL_ENTRY( 0x00a7, NtReleaseSemaphore, 12 ) \ + SYSCALL_ENTRY( 0x00a8, NtRemoveIoCompletion, 20 ) \ + SYSCALL_ENTRY( 0x00a9, NtRemoveIoCompletionEx, 24 ) \ + SYSCALL_ENTRY( 0x00aa, NtRemoveProcessDebug, 8 ) \ + SYSCALL_ENTRY( 0x00ab, NtRenameKey, 8 ) \ + SYSCALL_ENTRY( 0x00ac, NtReplaceKey, 12 ) \ + SYSCALL_ENTRY( 0x00ad, NtReplyWaitReceivePort, 16 ) \ + SYSCALL_ENTRY( 0x00ae, NtRequestWaitReplyPort, 12 ) \ + SYSCALL_ENTRY( 0x00af, NtResetEvent, 8 ) \ + SYSCALL_ENTRY( 0x00b0, NtResetWriteWatch, 12 ) \ + SYSCALL_ENTRY( 0x00b1, NtRestoreKey, 12 ) \ + SYSCALL_ENTRY( 0x00b2, NtResumeProcess, 4 ) \ + SYSCALL_ENTRY( 0x00b3, NtResumeThread, 8 ) \ + SYSCALL_ENTRY( 0x00b4, NtRollbackTransaction, 8 ) \ + SYSCALL_ENTRY( 0x00b5, NtSaveKey, 8 ) \ + SYSCALL_ENTRY( 0x00b6, NtSecureConnectPort, 36 ) \ + SYSCALL_ENTRY( 0x00b7, NtSetContextThread, 8 ) \ + SYSCALL_ENTRY( 0x00b8, NtSetDebugFilterState, 12 ) \ + SYSCALL_ENTRY( 0x00b9, NtSetDefaultLocale, 8 ) \ + SYSCALL_ENTRY( 0x00ba, NtSetDefaultUILanguage, 4 ) \ + SYSCALL_ENTRY( 0x00bb, NtSetEaFile, 16 ) \ + SYSCALL_ENTRY( 0x00bc, NtSetEvent, 8 ) \ + SYSCALL_ENTRY( 0x00bd, NtSetInformationDebugObject, 20 ) \ + SYSCALL_ENTRY( 0x00be, NtSetInformationFile, 20 ) \ + SYSCALL_ENTRY( 0x00bf, NtSetInformationJobObject, 16 ) \ + SYSCALL_ENTRY( 0x00c0, NtSetInformationKey, 16 ) \ + SYSCALL_ENTRY( 0x00c1, NtSetInformationObject, 16 ) \ + SYSCALL_ENTRY( 0x00c2, NtSetInformationProcess, 16 ) \ + SYSCALL_ENTRY( 0x00c3, NtSetInformationThread, 16 ) \ + SYSCALL_ENTRY( 0x00c4, NtSetInformationToken, 16 ) \ + SYSCALL_ENTRY( 0x00c5, NtSetInformationVirtualMemory, 24 ) \ + SYSCALL_ENTRY( 0x00c6, NtSetIntervalProfile, 8 ) \ + SYSCALL_ENTRY( 0x00c7, NtSetIoCompletion, 20 ) \ + SYSCALL_ENTRY( 0x00c8, NtSetLdtEntries, 24 ) \ + SYSCALL_ENTRY( 0x00c9, NtSetSecurityObject, 12 ) \ + SYSCALL_ENTRY( 0x00ca, NtSetSystemInformation, 12 ) \ + SYSCALL_ENTRY( 0x00cb, NtSetSystemTime, 8 ) \ + SYSCALL_ENTRY( 0x00cc, NtSetThreadExecutionState, 8 ) \ + SYSCALL_ENTRY( 0x00cd, NtSetTimer, 28 ) \ + SYSCALL_ENTRY( 0x00ce, NtSetTimerResolution, 12 ) \ + SYSCALL_ENTRY( 0x00cf, NtSetValueKey, 24 ) \ + SYSCALL_ENTRY( 0x00d0, NtSetVolumeInformationFile, 20 ) \ + SYSCALL_ENTRY( 0x00d1, NtShutdownSystem, 4 ) \ + SYSCALL_ENTRY( 0x00d2, NtSignalAndWaitForSingleObject, 16 ) \ + SYSCALL_ENTRY( 0x00d3, NtSuspendProcess, 4 ) \ + SYSCALL_ENTRY( 0x00d4, NtSuspendThread, 8 ) \ + SYSCALL_ENTRY( 0x00d5, NtSystemDebugControl, 24 ) \ + SYSCALL_ENTRY( 0x00d6, NtTerminateJobObject, 8 ) \ + SYSCALL_ENTRY( 0x00d7, NtTerminateProcess, 8 ) \ + SYSCALL_ENTRY( 0x00d8, NtTerminateThread, 8 ) \ + SYSCALL_ENTRY( 0x00d9, NtTestAlert, 0 ) \ + SYSCALL_ENTRY( 0x00da, NtTraceControl, 24 ) \ + SYSCALL_ENTRY( 0x00db, NtUnloadDriver, 4 ) \ + SYSCALL_ENTRY( 0x00dc, NtUnloadKey, 4 ) \ + SYSCALL_ENTRY( 0x00dd, NtUnlockFile, 20 ) \ + SYSCALL_ENTRY( 0x00de, NtUnlockVirtualMemory, 16 ) \ + SYSCALL_ENTRY( 0x00df, NtUnmapViewOfSection, 8 ) \ + SYSCALL_ENTRY( 0x00e0, NtUnmapViewOfSectionEx, 12 ) \ + SYSCALL_ENTRY( 0x00e1, NtWaitForAlertByThreadId, 8 ) \ + SYSCALL_ENTRY( 0x00e2, NtWaitForDebugEvent, 16 ) \ + SYSCALL_ENTRY( 0x00e3, NtWaitForKeyedEvent, 16 ) \ + SYSCALL_ENTRY( 0x00e4, NtWaitForMultipleObjects, 20 ) \ + SYSCALL_ENTRY( 0x00e5, NtWaitForSingleObject, 12 ) \ + SYSCALL_ENTRY( 0x00e6, NtWow64AllocateVirtualMemory64, 28 ) \ + SYSCALL_ENTRY( 0x00e7, NtWow64GetNativeSystemInformation, 16 ) \ + SYSCALL_ENTRY( 0x00e8, NtWow64IsProcessorFeaturePresent, 4 ) \ + SYSCALL_ENTRY( 0x00e9, NtWow64ReadVirtualMemory64, 28 ) \ + SYSCALL_ENTRY( 0x00ea, NtWow64WriteVirtualMemory64, 28 ) \ + SYSCALL_ENTRY( 0x00eb, NtWriteFile, 36 ) \ + SYSCALL_ENTRY( 0x00ec, NtWriteFileGather, 36 ) \ + SYSCALL_ENTRY( 0x00ed, NtWriteVirtualMemory, 20 ) \ + SYSCALL_ENTRY( 0x00ee, NtYieldExecution, 0 ) \ + SYSCALL_ENTRY( 0x00ef, wine_nt_to_unix_file_name, 16 ) \ + SYSCALL_ENTRY( 0x00f0, wine_unix_to_nt_file_name, 12 )

#define ALL_SYSCALLS64 \ SYSCALL_ENTRY( 0x0000, NtAcceptConnectPort, 48 ) \ @@ -271,210 +272,211 @@ SYSCALL_ENTRY( 0x0019, NtCompleteConnectPort, 8 ) \ SYSCALL_ENTRY( 0x001a, NtConnectPort, 64 ) \ SYSCALL_ENTRY( 0x001b, NtContinue, 16 ) \ - SYSCALL_ENTRY( 0x001c, NtCreateDebugObject, 32 ) \ - SYSCALL_ENTRY( 0x001d, NtCreateDirectoryObject, 24 ) \ - SYSCALL_ENTRY( 0x001e, NtCreateEvent, 40 ) \ - SYSCALL_ENTRY( 0x001f, NtCreateFile, 88 ) \ - SYSCALL_ENTRY( 0x0020, NtCreateIoCompletion, 32 ) \ - SYSCALL_ENTRY( 0x0021, NtCreateJobObject, 24 ) \ - SYSCALL_ENTRY( 0x0022, NtCreateKey, 56 ) \ - SYSCALL_ENTRY( 0x0023, NtCreateKeyTransacted, 64 ) \ - SYSCALL_ENTRY( 0x0024, NtCreateKeyedEvent, 32 ) \ - SYSCALL_ENTRY( 0x0025, NtCreateLowBoxToken, 72 ) \ - SYSCALL_ENTRY( 0x0026, NtCreateMailslotFile, 64 ) \ - SYSCALL_ENTRY( 0x0027, NtCreateMutant, 32 ) \ - SYSCALL_ENTRY( 0x0028, NtCreateNamedPipeFile, 112 ) \ - SYSCALL_ENTRY( 0x0029, NtCreatePagingFile, 32 ) \ - SYSCALL_ENTRY( 0x002a, NtCreatePort, 40 ) \ - SYSCALL_ENTRY( 0x002b, NtCreateSection, 56 ) \ - SYSCALL_ENTRY( 0x002c, NtCreateSemaphore, 40 ) \ - SYSCALL_ENTRY( 0x002d, NtCreateSymbolicLinkObject, 32 ) \ - SYSCALL_ENTRY( 0x002e, NtCreateThread, 64 ) \ - SYSCALL_ENTRY( 0x002f, NtCreateThreadEx, 88 ) \ - SYSCALL_ENTRY( 0x0030, NtCreateTimer, 32 ) \ - SYSCALL_ENTRY( 0x0031, NtCreateToken, 104 ) \ - SYSCALL_ENTRY( 0x0032, NtCreateTransaction, 80 ) \ - SYSCALL_ENTRY( 0x0033, NtCreateUserProcess, 88 ) \ - SYSCALL_ENTRY( 0x0034, NtDebugActiveProcess, 16 ) \ - SYSCALL_ENTRY( 0x0035, NtDebugContinue, 24 ) \ - SYSCALL_ENTRY( 0x0036, NtDelayExecution, 16 ) \ - SYSCALL_ENTRY( 0x0037, NtDeleteAtom, 8 ) \ - SYSCALL_ENTRY( 0x0038, NtDeleteFile, 8 ) \ - SYSCALL_ENTRY( 0x0039, NtDeleteKey, 8 ) \ - SYSCALL_ENTRY( 0x003a, NtDeleteValueKey, 16 ) \ - SYSCALL_ENTRY( 0x003b, NtDeviceIoControlFile, 80 ) \ - SYSCALL_ENTRY( 0x003c, NtDisplayString, 8 ) \ - SYSCALL_ENTRY( 0x003d, NtDuplicateObject, 56 ) \ - SYSCALL_ENTRY( 0x003e, NtDuplicateToken, 48 ) \ - SYSCALL_ENTRY( 0x003f, NtEnumerateKey, 48 ) \ - SYSCALL_ENTRY( 0x0040, NtEnumerateValueKey, 48 ) \ - SYSCALL_ENTRY( 0x0041, NtFilterToken, 48 ) \ - SYSCALL_ENTRY( 0x0042, NtFindAtom, 24 ) \ - SYSCALL_ENTRY( 0x0043, NtFlushBuffersFile, 16 ) \ - SYSCALL_ENTRY( 0x0044, NtFlushInstructionCache, 24 ) \ - SYSCALL_ENTRY( 0x0045, NtFlushKey, 8 ) \ - SYSCALL_ENTRY( 0x0046, NtFlushProcessWriteBuffers, 0 ) \ - SYSCALL_ENTRY( 0x0047, NtFlushVirtualMemory, 32 ) \ - SYSCALL_ENTRY( 0x0048, NtFreeVirtualMemory, 32 ) \ - SYSCALL_ENTRY( 0x0049, NtFsControlFile, 80 ) \ - SYSCALL_ENTRY( 0x004a, NtGetContextThread, 16 ) \ - SYSCALL_ENTRY( 0x004b, NtGetCurrentProcessorNumber, 0 ) \ - SYSCALL_ENTRY( 0x004c, NtGetNextThread, 48 ) \ - SYSCALL_ENTRY( 0x004d, NtGetNlsSectionPtr, 40 ) \ - SYSCALL_ENTRY( 0x004e, NtGetWriteWatch, 56 ) \ - SYSCALL_ENTRY( 0x004f, NtImpersonateAnonymousToken, 8 ) \ - SYSCALL_ENTRY( 0x0050, NtInitializeNlsFiles, 24 ) \ - SYSCALL_ENTRY( 0x0051, NtInitiatePowerAction, 32 ) \ - SYSCALL_ENTRY( 0x0052, NtIsProcessInJob, 16 ) \ - SYSCALL_ENTRY( 0x0053, NtListenPort, 16 ) \ - SYSCALL_ENTRY( 0x0054, NtLoadDriver, 8 ) \ - SYSCALL_ENTRY( 0x0055, NtLoadKey, 16 ) \ - SYSCALL_ENTRY( 0x0056, NtLoadKey2, 24 ) \ - SYSCALL_ENTRY( 0x0057, NtLoadKeyEx, 64 ) \ - SYSCALL_ENTRY( 0x0058, NtLockFile, 80 ) \ - SYSCALL_ENTRY( 0x0059, NtLockVirtualMemory, 32 ) \ - SYSCALL_ENTRY( 0x005a, NtMakeTemporaryObject, 8 ) \ - SYSCALL_ENTRY( 0x005b, NtMapViewOfSection, 80 ) \ - SYSCALL_ENTRY( 0x005c, NtMapViewOfSectionEx, 72 ) \ - SYSCALL_ENTRY( 0x005d, NtNotifyChangeDirectoryFile, 72 ) \ - SYSCALL_ENTRY( 0x005e, NtNotifyChangeKey, 80 ) \ - SYSCALL_ENTRY( 0x005f, NtNotifyChangeMultipleKeys, 96 ) \ - SYSCALL_ENTRY( 0x0060, NtOpenDirectoryObject, 24 ) \ - SYSCALL_ENTRY( 0x0061, NtOpenEvent, 24 ) \ - SYSCALL_ENTRY( 0x0062, NtOpenFile, 48 ) \ - SYSCALL_ENTRY( 0x0063, NtOpenIoCompletion, 24 ) \ - SYSCALL_ENTRY( 0x0064, NtOpenJobObject, 24 ) \ - SYSCALL_ENTRY( 0x0065, NtOpenKey, 24 ) \ - SYSCALL_ENTRY( 0x0066, NtOpenKeyEx, 32 ) \ - SYSCALL_ENTRY( 0x0067, NtOpenKeyTransacted, 32 ) \ - SYSCALL_ENTRY( 0x0068, NtOpenKeyTransactedEx, 40 ) \ - SYSCALL_ENTRY( 0x0069, NtOpenKeyedEvent, 24 ) \ - SYSCALL_ENTRY( 0x006a, NtOpenMutant, 24 ) \ - SYSCALL_ENTRY( 0x006b, NtOpenProcess, 32 ) \ - SYSCALL_ENTRY( 0x006c, NtOpenProcessToken, 24 ) \ - SYSCALL_ENTRY( 0x006d, NtOpenProcessTokenEx, 32 ) \ - SYSCALL_ENTRY( 0x006e, NtOpenSection, 24 ) \ - SYSCALL_ENTRY( 0x006f, NtOpenSemaphore, 24 ) \ - SYSCALL_ENTRY( 0x0070, NtOpenSymbolicLinkObject, 24 ) \ - SYSCALL_ENTRY( 0x0071, NtOpenThread, 32 ) \ - SYSCALL_ENTRY( 0x0072, NtOpenThreadToken, 32 ) \ - SYSCALL_ENTRY( 0x0073, NtOpenThreadTokenEx, 40 ) \ - SYSCALL_ENTRY( 0x0074, NtOpenTimer, 24 ) \ - SYSCALL_ENTRY( 0x0075, NtPowerInformation, 40 ) \ - SYSCALL_ENTRY( 0x0076, NtPrivilegeCheck, 24 ) \ - SYSCALL_ENTRY( 0x0077, NtProtectVirtualMemory, 40 ) \ - SYSCALL_ENTRY( 0x0078, NtPulseEvent, 16 ) \ - SYSCALL_ENTRY( 0x0079, NtQueryAttributesFile, 16 ) \ - SYSCALL_ENTRY( 0x007a, NtQueryDefaultLocale, 16 ) \ - SYSCALL_ENTRY( 0x007b, NtQueryDefaultUILanguage, 8 ) \ - SYSCALL_ENTRY( 0x007c, NtQueryDirectoryFile, 88 ) \ - SYSCALL_ENTRY( 0x007d, NtQueryDirectoryObject, 56 ) \ - SYSCALL_ENTRY( 0x007e, NtQueryEaFile, 72 ) \ - SYSCALL_ENTRY( 0x007f, NtQueryEvent, 40 ) \ - SYSCALL_ENTRY( 0x0080, NtQueryFullAttributesFile, 16 ) \ - SYSCALL_ENTRY( 0x0081, NtQueryInformationAtom, 40 ) \ - SYSCALL_ENTRY( 0x0082, NtQueryInformationFile, 40 ) \ - SYSCALL_ENTRY( 0x0083, NtQueryInformationJobObject, 40 ) \ - SYSCALL_ENTRY( 0x0084, NtQueryInformationProcess, 40 ) \ - SYSCALL_ENTRY( 0x0085, NtQueryInformationThread, 40 ) \ - SYSCALL_ENTRY( 0x0086, NtQueryInformationToken, 40 ) \ - SYSCALL_ENTRY( 0x0087, NtQueryInstallUILanguage, 8 ) \ - SYSCALL_ENTRY( 0x0088, NtQueryIoCompletion, 40 ) \ - SYSCALL_ENTRY( 0x0089, NtQueryKey, 40 ) \ - SYSCALL_ENTRY( 0x008a, NtQueryLicenseValue, 40 ) \ - SYSCALL_ENTRY( 0x008b, NtQueryMultipleValueKey, 48 ) \ - SYSCALL_ENTRY( 0x008c, NtQueryMutant, 40 ) \ - SYSCALL_ENTRY( 0x008d, NtQueryObject, 40 ) \ - SYSCALL_ENTRY( 0x008e, NtQueryPerformanceCounter, 16 ) \ - SYSCALL_ENTRY( 0x008f, NtQuerySection, 40 ) \ - SYSCALL_ENTRY( 0x0090, NtQuerySecurityObject, 40 ) \ - SYSCALL_ENTRY( 0x0091, NtQuerySemaphore, 40 ) \ - SYSCALL_ENTRY( 0x0092, NtQuerySymbolicLinkObject, 24 ) \ - SYSCALL_ENTRY( 0x0093, NtQuerySystemEnvironmentValue, 32 ) \ - SYSCALL_ENTRY( 0x0094, NtQuerySystemEnvironmentValueEx, 40 ) \ - SYSCALL_ENTRY( 0x0095, NtQuerySystemInformation, 32 ) \ - SYSCALL_ENTRY( 0x0096, NtQuerySystemInformationEx, 48 ) \ - SYSCALL_ENTRY( 0x0097, NtQuerySystemTime, 8 ) \ - SYSCALL_ENTRY( 0x0098, NtQueryTimer, 40 ) \ - SYSCALL_ENTRY( 0x0099, NtQueryTimerResolution, 24 ) \ - SYSCALL_ENTRY( 0x009a, NtQueryValueKey, 48 ) \ - SYSCALL_ENTRY( 0x009b, NtQueryVirtualMemory, 48 ) \ - SYSCALL_ENTRY( 0x009c, NtQueryVolumeInformationFile, 40 ) \ - SYSCALL_ENTRY( 0x009d, NtQueueApcThread, 40 ) \ - SYSCALL_ENTRY( 0x009e, NtRaiseException, 24 ) \ - SYSCALL_ENTRY( 0x009f, NtRaiseHardError, 48 ) \ - SYSCALL_ENTRY( 0x00a0, NtReadFile, 72 ) \ - SYSCALL_ENTRY( 0x00a1, NtReadFileScatter, 72 ) \ - SYSCALL_ENTRY( 0x00a2, NtReadVirtualMemory, 40 ) \ - SYSCALL_ENTRY( 0x00a3, NtRegisterThreadTerminatePort, 8 ) \ - SYSCALL_ENTRY( 0x00a4, NtReleaseKeyedEvent, 32 ) \ - SYSCALL_ENTRY( 0x00a5, NtReleaseMutant, 16 ) \ - SYSCALL_ENTRY( 0x00a6, NtReleaseSemaphore, 24 ) \ - SYSCALL_ENTRY( 0x00a7, NtRemoveIoCompletion, 40 ) \ - SYSCALL_ENTRY( 0x00a8, NtRemoveIoCompletionEx, 48 ) \ - SYSCALL_ENTRY( 0x00a9, NtRemoveProcessDebug, 16 ) \ - SYSCALL_ENTRY( 0x00aa, NtRenameKey, 16 ) \ - SYSCALL_ENTRY( 0x00ab, NtReplaceKey, 24 ) \ - SYSCALL_ENTRY( 0x00ac, NtReplyWaitReceivePort, 32 ) \ - SYSCALL_ENTRY( 0x00ad, NtRequestWaitReplyPort, 24 ) \ - SYSCALL_ENTRY( 0x00ae, NtResetEvent, 16 ) \ - SYSCALL_ENTRY( 0x00af, NtResetWriteWatch, 24 ) \ - SYSCALL_ENTRY( 0x00b0, NtRestoreKey, 24 ) \ - SYSCALL_ENTRY( 0x00b1, NtResumeProcess, 8 ) \ - SYSCALL_ENTRY( 0x00b2, NtResumeThread, 16 ) \ - SYSCALL_ENTRY( 0x00b3, NtRollbackTransaction, 16 ) \ - SYSCALL_ENTRY( 0x00b4, NtSaveKey, 16 ) \ - SYSCALL_ENTRY( 0x00b5, NtSecureConnectPort, 72 ) \ - SYSCALL_ENTRY( 0x00b6, NtSetContextThread, 16 ) \ - SYSCALL_ENTRY( 0x00b7, NtSetDebugFilterState, 24 ) \ - SYSCALL_ENTRY( 0x00b8, NtSetDefaultLocale, 16 ) \ - SYSCALL_ENTRY( 0x00b9, NtSetDefaultUILanguage, 8 ) \ - SYSCALL_ENTRY( 0x00ba, NtSetEaFile, 32 ) \ - SYSCALL_ENTRY( 0x00bb, NtSetEvent, 16 ) \ - SYSCALL_ENTRY( 0x00bc, NtSetInformationDebugObject, 40 ) \ - SYSCALL_ENTRY( 0x00bd, NtSetInformationFile, 40 ) \ - SYSCALL_ENTRY( 0x00be, NtSetInformationJobObject, 32 ) \ - SYSCALL_ENTRY( 0x00bf, NtSetInformationKey, 32 ) \ - SYSCALL_ENTRY( 0x00c0, NtSetInformationObject, 32 ) \ - SYSCALL_ENTRY( 0x00c1, NtSetInformationProcess, 32 ) \ - SYSCALL_ENTRY( 0x00c2, NtSetInformationThread, 32 ) \ - SYSCALL_ENTRY( 0x00c3, NtSetInformationToken, 32 ) \ - SYSCALL_ENTRY( 0x00c4, NtSetInformationVirtualMemory, 48 ) \ - SYSCALL_ENTRY( 0x00c5, NtSetIntervalProfile, 16 ) \ - SYSCALL_ENTRY( 0x00c6, NtSetIoCompletion, 40 ) \ - SYSCALL_ENTRY( 0x00c7, NtSetLdtEntries, 32 ) \ - SYSCALL_ENTRY( 0x00c8, NtSetSecurityObject, 24 ) \ - SYSCALL_ENTRY( 0x00c9, NtSetSystemInformation, 24 ) \ - SYSCALL_ENTRY( 0x00ca, NtSetSystemTime, 16 ) \ - SYSCALL_ENTRY( 0x00cb, NtSetThreadExecutionState, 16 ) \ - SYSCALL_ENTRY( 0x00cc, NtSetTimer, 56 ) \ - SYSCALL_ENTRY( 0x00cd, NtSetTimerResolution, 24 ) \ - SYSCALL_ENTRY( 0x00ce, NtSetValueKey, 48 ) \ - SYSCALL_ENTRY( 0x00cf, NtSetVolumeInformationFile, 40 ) \ - SYSCALL_ENTRY( 0x00d0, NtShutdownSystem, 8 ) \ - SYSCALL_ENTRY( 0x00d1, NtSignalAndWaitForSingleObject, 32 ) \ - SYSCALL_ENTRY( 0x00d2, NtSuspendProcess, 8 ) \ - SYSCALL_ENTRY( 0x00d3, NtSuspendThread, 16 ) \ - SYSCALL_ENTRY( 0x00d4, NtSystemDebugControl, 48 ) \ - SYSCALL_ENTRY( 0x00d5, NtTerminateJobObject, 16 ) \ - SYSCALL_ENTRY( 0x00d6, NtTerminateProcess, 16 ) \ - SYSCALL_ENTRY( 0x00d7, NtTerminateThread, 16 ) \ - SYSCALL_ENTRY( 0x00d8, NtTestAlert, 0 ) \ - SYSCALL_ENTRY( 0x00d9, NtTraceControl, 48 ) \ - SYSCALL_ENTRY( 0x00da, NtUnloadDriver, 8 ) \ - SYSCALL_ENTRY( 0x00db, NtUnloadKey, 8 ) \ - SYSCALL_ENTRY( 0x00dc, NtUnlockFile, 40 ) \ - SYSCALL_ENTRY( 0x00dd, NtUnlockVirtualMemory, 32 ) \ - SYSCALL_ENTRY( 0x00de, NtUnmapViewOfSection, 16 ) \ - SYSCALL_ENTRY( 0x00df, NtUnmapViewOfSectionEx, 24 ) \ - SYSCALL_ENTRY( 0x00e0, NtWaitForAlertByThreadId, 16 ) \ - SYSCALL_ENTRY( 0x00e1, NtWaitForDebugEvent, 32 ) \ - SYSCALL_ENTRY( 0x00e2, NtWaitForKeyedEvent, 32 ) \ - SYSCALL_ENTRY( 0x00e3, NtWaitForMultipleObjects, 40 ) \ - SYSCALL_ENTRY( 0x00e4, NtWaitForSingleObject, 24 ) \ - SYSCALL_ENTRY( 0x00e5, NtWriteFile, 72 ) \ - SYSCALL_ENTRY( 0x00e6, NtWriteFileGather, 72 ) \ - SYSCALL_ENTRY( 0x00e7, NtWriteVirtualMemory, 40 ) \ - SYSCALL_ENTRY( 0x00e8, NtYieldExecution, 0 ) \ - SYSCALL_ENTRY( 0x00e9, wine_nt_to_unix_file_name, 32 ) \ - SYSCALL_ENTRY( 0x00ea, wine_unix_to_nt_file_name, 24 ) + SYSCALL_ENTRY( 0x001c, NtContinueEx, 16 ) \ + SYSCALL_ENTRY( 0x001d, NtCreateDebugObject, 32 ) \ + SYSCALL_ENTRY( 0x001e, NtCreateDirectoryObject, 24 ) \ + SYSCALL_ENTRY( 0x001f, NtCreateEvent, 40 ) \ + SYSCALL_ENTRY( 0x0020, NtCreateFile, 88 ) \ + SYSCALL_ENTRY( 0x0021, NtCreateIoCompletion, 32 ) \ + SYSCALL_ENTRY( 0x0022, NtCreateJobObject, 24 ) \ + SYSCALL_ENTRY( 0x0023, NtCreateKey, 56 ) \ + SYSCALL_ENTRY( 0x0024, NtCreateKeyTransacted, 64 ) \ + SYSCALL_ENTRY( 0x0025, NtCreateKeyedEvent, 32 ) \ + SYSCALL_ENTRY( 0x0026, NtCreateLowBoxToken, 72 ) \ + SYSCALL_ENTRY( 0x0027, NtCreateMailslotFile, 64 ) \ + SYSCALL_ENTRY( 0x0028, NtCreateMutant, 32 ) \ + SYSCALL_ENTRY( 0x0029, NtCreateNamedPipeFile, 112 ) \ + SYSCALL_ENTRY( 0x002a, NtCreatePagingFile, 32 ) \ + SYSCALL_ENTRY( 0x002b, NtCreatePort, 40 ) \ + SYSCALL_ENTRY( 0x002c, NtCreateSection, 56 ) \ + SYSCALL_ENTRY( 0x002d, NtCreateSemaphore, 40 ) \ + SYSCALL_ENTRY( 0x002e, NtCreateSymbolicLinkObject, 32 ) \ + SYSCALL_ENTRY( 0x002f, NtCreateThread, 64 ) \ + SYSCALL_ENTRY( 0x0030, NtCreateThreadEx, 88 ) \ + SYSCALL_ENTRY( 0x0031, NtCreateTimer, 32 ) \ + SYSCALL_ENTRY( 0x0032, NtCreateToken, 104 ) \ + SYSCALL_ENTRY( 0x0033, NtCreateTransaction, 80 ) \ + SYSCALL_ENTRY( 0x0034, NtCreateUserProcess, 88 ) \ + SYSCALL_ENTRY( 0x0035, NtDebugActiveProcess, 16 ) \ + SYSCALL_ENTRY( 0x0036, NtDebugContinue, 24 ) \ + SYSCALL_ENTRY( 0x0037, NtDelayExecution, 16 ) \ + SYSCALL_ENTRY( 0x0038, NtDeleteAtom, 8 ) \ + SYSCALL_ENTRY( 0x0039, NtDeleteFile, 8 ) \ + SYSCALL_ENTRY( 0x003a, NtDeleteKey, 8 ) \ + SYSCALL_ENTRY( 0x003b, NtDeleteValueKey, 16 ) \ + SYSCALL_ENTRY( 0x003c, NtDeviceIoControlFile, 80 ) \ + SYSCALL_ENTRY( 0x003d, NtDisplayString, 8 ) \ + SYSCALL_ENTRY( 0x003e, NtDuplicateObject, 56 ) \ + SYSCALL_ENTRY( 0x003f, NtDuplicateToken, 48 ) \ + SYSCALL_ENTRY( 0x0040, NtEnumerateKey, 48 ) \ + SYSCALL_ENTRY( 0x0041, NtEnumerateValueKey, 48 ) \ + SYSCALL_ENTRY( 0x0042, NtFilterToken, 48 ) \ + SYSCALL_ENTRY( 0x0043, NtFindAtom, 24 ) \ + SYSCALL_ENTRY( 0x0044, NtFlushBuffersFile, 16 ) \ + SYSCALL_ENTRY( 0x0045, NtFlushInstructionCache, 24 ) \ + SYSCALL_ENTRY( 0x0046, NtFlushKey, 8 ) \ + SYSCALL_ENTRY( 0x0047, NtFlushProcessWriteBuffers, 0 ) \ + SYSCALL_ENTRY( 0x0048, NtFlushVirtualMemory, 32 ) \ + SYSCALL_ENTRY( 0x0049, NtFreeVirtualMemory, 32 ) \ + SYSCALL_ENTRY( 0x004a, NtFsControlFile, 80 ) \ + SYSCALL_ENTRY( 0x004b, NtGetContextThread, 16 ) \ + SYSCALL_ENTRY( 0x004c, NtGetCurrentProcessorNumber, 0 ) \ + SYSCALL_ENTRY( 0x004d, NtGetNextThread, 48 ) \ + SYSCALL_ENTRY( 0x004e, NtGetNlsSectionPtr, 40 ) \ + SYSCALL_ENTRY( 0x004f, NtGetWriteWatch, 56 ) \ + SYSCALL_ENTRY( 0x0050, NtImpersonateAnonymousToken, 8 ) \ + SYSCALL_ENTRY( 0x0051, NtInitializeNlsFiles, 24 ) \ + SYSCALL_ENTRY( 0x0052, NtInitiatePowerAction, 32 ) \ + SYSCALL_ENTRY( 0x0053, NtIsProcessInJob, 16 ) \ + SYSCALL_ENTRY( 0x0054, NtListenPort, 16 ) \ + SYSCALL_ENTRY( 0x0055, NtLoadDriver, 8 ) \ + SYSCALL_ENTRY( 0x0056, NtLoadKey, 16 ) \ + SYSCALL_ENTRY( 0x0057, NtLoadKey2, 24 ) \ + SYSCALL_ENTRY( 0x0058, NtLoadKeyEx, 64 ) \ + SYSCALL_ENTRY( 0x0059, NtLockFile, 80 ) \ + SYSCALL_ENTRY( 0x005a, NtLockVirtualMemory, 32 ) \ + SYSCALL_ENTRY( 0x005b, NtMakeTemporaryObject, 8 ) \ + SYSCALL_ENTRY( 0x005c, NtMapViewOfSection, 80 ) \ + SYSCALL_ENTRY( 0x005d, NtMapViewOfSectionEx, 72 ) \ + SYSCALL_ENTRY( 0x005e, NtNotifyChangeDirectoryFile, 72 ) \ + SYSCALL_ENTRY( 0x005f, NtNotifyChangeKey, 80 ) \ + SYSCALL_ENTRY( 0x0060, NtNotifyChangeMultipleKeys, 96 ) \ + SYSCALL_ENTRY( 0x0061, NtOpenDirectoryObject, 24 ) \ + SYSCALL_ENTRY( 0x0062, NtOpenEvent, 24 ) \ + SYSCALL_ENTRY( 0x0063, NtOpenFile, 48 ) \ + SYSCALL_ENTRY( 0x0064, NtOpenIoCompletion, 24 ) \ + SYSCALL_ENTRY( 0x0065, NtOpenJobObject, 24 ) \ + SYSCALL_ENTRY( 0x0066, NtOpenKey, 24 ) \ + SYSCALL_ENTRY( 0x0067, NtOpenKeyEx, 32 ) \ + SYSCALL_ENTRY( 0x0068, NtOpenKeyTransacted, 32 ) \ + SYSCALL_ENTRY( 0x0069, NtOpenKeyTransactedEx, 40 ) \ + SYSCALL_ENTRY( 0x006a, NtOpenKeyedEvent, 24 ) \ + SYSCALL_ENTRY( 0x006b, NtOpenMutant, 24 ) \ + SYSCALL_ENTRY( 0x006c, NtOpenProcess, 32 ) \ + SYSCALL_ENTRY( 0x006d, NtOpenProcessToken, 24 ) \ + SYSCALL_ENTRY( 0x006e, NtOpenProcessTokenEx, 32 ) \ + SYSCALL_ENTRY( 0x006f, NtOpenSection, 24 ) \ + SYSCALL_ENTRY( 0x0070, NtOpenSemaphore, 24 ) \ + SYSCALL_ENTRY( 0x0071, NtOpenSymbolicLinkObject, 24 ) \ + SYSCALL_ENTRY( 0x0072, NtOpenThread, 32 ) \ + SYSCALL_ENTRY( 0x0073, NtOpenThreadToken, 32 ) \ + SYSCALL_ENTRY( 0x0074, NtOpenThreadTokenEx, 40 ) \ + SYSCALL_ENTRY( 0x0075, NtOpenTimer, 24 ) \ + SYSCALL_ENTRY( 0x0076, NtPowerInformation, 40 ) \ + SYSCALL_ENTRY( 0x0077, NtPrivilegeCheck, 24 ) \ + SYSCALL_ENTRY( 0x0078, NtProtectVirtualMemory, 40 ) \ + SYSCALL_ENTRY( 0x0079, NtPulseEvent, 16 ) \ + SYSCALL_ENTRY( 0x007a, NtQueryAttributesFile, 16 ) \ + SYSCALL_ENTRY( 0x007b, NtQueryDefaultLocale, 16 ) \ + SYSCALL_ENTRY( 0x007c, NtQueryDefaultUILanguage, 8 ) \ + SYSCALL_ENTRY( 0x007d, NtQueryDirectoryFile, 88 ) \ + SYSCALL_ENTRY( 0x007e, NtQueryDirectoryObject, 56 ) \ + SYSCALL_ENTRY( 0x007f, NtQueryEaFile, 72 ) \ + SYSCALL_ENTRY( 0x0080, NtQueryEvent, 40 ) \ + SYSCALL_ENTRY( 0x0081, NtQueryFullAttributesFile, 16 ) \ + SYSCALL_ENTRY( 0x0082, NtQueryInformationAtom, 40 ) \ + SYSCALL_ENTRY( 0x0083, NtQueryInformationFile, 40 ) \ + SYSCALL_ENTRY( 0x0084, NtQueryInformationJobObject, 40 ) \ + SYSCALL_ENTRY( 0x0085, NtQueryInformationProcess, 40 ) \ + SYSCALL_ENTRY( 0x0086, NtQueryInformationThread, 40 ) \ + SYSCALL_ENTRY( 0x0087, NtQueryInformationToken, 40 ) \ + SYSCALL_ENTRY( 0x0088, NtQueryInstallUILanguage, 8 ) \ + SYSCALL_ENTRY( 0x0089, NtQueryIoCompletion, 40 ) \ + SYSCALL_ENTRY( 0x008a, NtQueryKey, 40 ) \ + SYSCALL_ENTRY( 0x008b, NtQueryLicenseValue, 40 ) \ + SYSCALL_ENTRY( 0x008c, NtQueryMultipleValueKey, 48 ) \ + SYSCALL_ENTRY( 0x008d, NtQueryMutant, 40 ) \ + SYSCALL_ENTRY( 0x008e, NtQueryObject, 40 ) \ + SYSCALL_ENTRY( 0x008f, NtQueryPerformanceCounter, 16 ) \ + SYSCALL_ENTRY( 0x0090, NtQuerySection, 40 ) \ + SYSCALL_ENTRY( 0x0091, NtQuerySecurityObject, 40 ) \ + SYSCALL_ENTRY( 0x0092, NtQuerySemaphore, 40 ) \ + SYSCALL_ENTRY( 0x0093, NtQuerySymbolicLinkObject, 24 ) \ + SYSCALL_ENTRY( 0x0094, NtQuerySystemEnvironmentValue, 32 ) \ + SYSCALL_ENTRY( 0x0095, NtQuerySystemEnvironmentValueEx, 40 ) \ + SYSCALL_ENTRY( 0x0096, NtQuerySystemInformation, 32 ) \ + SYSCALL_ENTRY( 0x0097, NtQuerySystemInformationEx, 48 ) \ + SYSCALL_ENTRY( 0x0098, NtQuerySystemTime, 8 ) \ + SYSCALL_ENTRY( 0x0099, NtQueryTimer, 40 ) \ + SYSCALL_ENTRY( 0x009a, NtQueryTimerResolution, 24 ) \ + SYSCALL_ENTRY( 0x009b, NtQueryValueKey, 48 ) \ + SYSCALL_ENTRY( 0x009c, NtQueryVirtualMemory, 48 ) \ + SYSCALL_ENTRY( 0x009d, NtQueryVolumeInformationFile, 40 ) \ + SYSCALL_ENTRY( 0x009e, NtQueueApcThread, 40 ) \ + SYSCALL_ENTRY( 0x009f, NtRaiseException, 24 ) \ + SYSCALL_ENTRY( 0x00a0, NtRaiseHardError, 48 ) \ + SYSCALL_ENTRY( 0x00a1, NtReadFile, 72 ) \ + SYSCALL_ENTRY( 0x00a2, NtReadFileScatter, 72 ) \ + SYSCALL_ENTRY( 0x00a3, NtReadVirtualMemory, 40 ) \ + SYSCALL_ENTRY( 0x00a4, NtRegisterThreadTerminatePort, 8 ) \ + SYSCALL_ENTRY( 0x00a5, NtReleaseKeyedEvent, 32 ) \ + SYSCALL_ENTRY( 0x00a6, NtReleaseMutant, 16 ) \ + SYSCALL_ENTRY( 0x00a7, NtReleaseSemaphore, 24 ) \ + SYSCALL_ENTRY( 0x00a8, NtRemoveIoCompletion, 40 ) \ + SYSCALL_ENTRY( 0x00a9, NtRemoveIoCompletionEx, 48 ) \ + SYSCALL_ENTRY( 0x00aa, NtRemoveProcessDebug, 16 ) \ + SYSCALL_ENTRY( 0x00ab, NtRenameKey, 16 ) \ + SYSCALL_ENTRY( 0x00ac, NtReplaceKey, 24 ) \ + SYSCALL_ENTRY( 0x00ad, NtReplyWaitReceivePort, 32 ) \ + SYSCALL_ENTRY( 0x00ae, NtRequestWaitReplyPort, 24 ) \ + SYSCALL_ENTRY( 0x00af, NtResetEvent, 16 ) \ + SYSCALL_ENTRY( 0x00b0, NtResetWriteWatch, 24 ) \ + SYSCALL_ENTRY( 0x00b1, NtRestoreKey, 24 ) \ + SYSCALL_ENTRY( 0x00b2, NtResumeProcess, 8 ) \ + SYSCALL_ENTRY( 0x00b3, NtResumeThread, 16 ) \ + SYSCALL_ENTRY( 0x00b4, NtRollbackTransaction, 16 ) \ + SYSCALL_ENTRY( 0x00b5, NtSaveKey, 16 ) \ + SYSCALL_ENTRY( 0x00b6, NtSecureConnectPort, 72 ) \ + SYSCALL_ENTRY( 0x00b7, NtSetContextThread, 16 ) \ + SYSCALL_ENTRY( 0x00b8, NtSetDebugFilterState, 24 ) \ + SYSCALL_ENTRY( 0x00b9, NtSetDefaultLocale, 16 ) \ + SYSCALL_ENTRY( 0x00ba, NtSetDefaultUILanguage, 8 ) \ + SYSCALL_ENTRY( 0x00bb, NtSetEaFile, 32 ) \ + SYSCALL_ENTRY( 0x00bc, NtSetEvent, 16 ) \ + SYSCALL_ENTRY( 0x00bd, NtSetInformationDebugObject, 40 ) \ + SYSCALL_ENTRY( 0x00be, NtSetInformationFile, 40 ) \ + SYSCALL_ENTRY( 0x00bf, NtSetInformationJobObject, 32 ) \ + SYSCALL_ENTRY( 0x00c0, NtSetInformationKey, 32 ) \ + SYSCALL_ENTRY( 0x00c1, NtSetInformationObject, 32 ) \ + SYSCALL_ENTRY( 0x00c2, NtSetInformationProcess, 32 ) \ + SYSCALL_ENTRY( 0x00c3, NtSetInformationThread, 32 ) \ + SYSCALL_ENTRY( 0x00c4, NtSetInformationToken, 32 ) \ + SYSCALL_ENTRY( 0x00c5, NtSetInformationVirtualMemory, 48 ) \ + SYSCALL_ENTRY( 0x00c6, NtSetIntervalProfile, 16 ) \ + SYSCALL_ENTRY( 0x00c7, NtSetIoCompletion, 40 ) \ + SYSCALL_ENTRY( 0x00c8, NtSetLdtEntries, 32 ) \ + SYSCALL_ENTRY( 0x00c9, NtSetSecurityObject, 24 ) \ + SYSCALL_ENTRY( 0x00ca, NtSetSystemInformation, 24 ) \ + SYSCALL_ENTRY( 0x00cb, NtSetSystemTime, 16 ) \ + SYSCALL_ENTRY( 0x00cc, NtSetThreadExecutionState, 16 ) \ + SYSCALL_ENTRY( 0x00cd, NtSetTimer, 56 ) \ + SYSCALL_ENTRY( 0x00ce, NtSetTimerResolution, 24 ) \ + SYSCALL_ENTRY( 0x00cf, NtSetValueKey, 48 ) \ + SYSCALL_ENTRY( 0x00d0, NtSetVolumeInformationFile, 40 ) \ + SYSCALL_ENTRY( 0x00d1, NtShutdownSystem, 8 ) \ + SYSCALL_ENTRY( 0x00d2, NtSignalAndWaitForSingleObject, 32 ) \ + SYSCALL_ENTRY( 0x00d3, NtSuspendProcess, 8 ) \ + SYSCALL_ENTRY( 0x00d4, NtSuspendThread, 16 ) \ + SYSCALL_ENTRY( 0x00d5, NtSystemDebugControl, 48 ) \ + SYSCALL_ENTRY( 0x00d6, NtTerminateJobObject, 16 ) \ + SYSCALL_ENTRY( 0x00d7, NtTerminateProcess, 16 ) \ + SYSCALL_ENTRY( 0x00d8, NtTerminateThread, 16 ) \ + SYSCALL_ENTRY( 0x00d9, NtTestAlert, 0 ) \ + SYSCALL_ENTRY( 0x00da, NtTraceControl, 48 ) \ + SYSCALL_ENTRY( 0x00db, NtUnloadDriver, 8 ) \ + SYSCALL_ENTRY( 0x00dc, NtUnloadKey, 8 ) \ + SYSCALL_ENTRY( 0x00dd, NtUnlockFile, 40 ) \ + SYSCALL_ENTRY( 0x00de, NtUnlockVirtualMemory, 32 ) \ + SYSCALL_ENTRY( 0x00df, NtUnmapViewOfSection, 16 ) \ + SYSCALL_ENTRY( 0x00e0, NtUnmapViewOfSectionEx, 24 ) \ + SYSCALL_ENTRY( 0x00e1, NtWaitForAlertByThreadId, 16 ) \ + SYSCALL_ENTRY( 0x00e2, NtWaitForDebugEvent, 32 ) \ + SYSCALL_ENTRY( 0x00e3, NtWaitForKeyedEvent, 32 ) \ + SYSCALL_ENTRY( 0x00e4, NtWaitForMultipleObjects, 40 ) \ + SYSCALL_ENTRY( 0x00e5, NtWaitForSingleObject, 24 ) \ + SYSCALL_ENTRY( 0x00e6, NtWriteFile, 72 ) \ + SYSCALL_ENTRY( 0x00e7, NtWriteFileGather, 72 ) \ + SYSCALL_ENTRY( 0x00e8, NtWriteVirtualMemory, 40 ) \ + SYSCALL_ENTRY( 0x00e9, NtYieldExecution, 0 ) \ + SYSCALL_ENTRY( 0x00ea, wine_nt_to_unix_file_name, 32 ) \ + SYSCALL_ENTRY( 0x00eb, wine_unix_to_nt_file_name, 24 ) diff --git a/dlls/ntdll/unix/server.c b/dlls/ntdll/unix/server.c index 69e6567c911..b93021aaf19 100644 --- a/dlls/ntdll/unix/server.c +++ b/dlls/ntdll/unix/server.c @@ -789,9 +789,36 @@ unsigned int server_wait( const select_op_t *select_op, data_size_t size, UINT f * NtContinue (NTDLL.@) */ NTSTATUS WINAPI NtContinue( CONTEXT *context, BOOLEAN alertable ) +{ + /* NtContinueEx accepts both */ + return NtContinueEx(context, (CONTINUE_OPTIONS *)(intptr_t)alertable); +} + + +/*********************************************************************** + * NtContinueEx (NTDLL.@) + */ +NTSTATUS WINAPI NtContinueEx( CONTEXT *context, CONTINUE_OPTIONS *options ) { user_apc_t apc; NTSTATUS status; + BOOLEAN alertable; + + if (options <= (CONTINUE_OPTIONS *)0xff) + { + alertable = (BOOLEAN)(intptr_t)options; + } else + { + alertable = !!(options->ContinueFlags & CONTINUE_FLAG_TEST_ALERT); + + /* FIXME: no idea how to handle rest of CONTINUE_OPTIONS stuff */ + if (options->ContinueType != CONTINUE_UNWIND || + options->ContinueFlags > CONTINUE_FLAG_TEST_ALERT || + options->Reserved[0] > 0 || options->Reserved[1] > 0) + { + FIXME("(PCONTEXT, PCONTINUE_OPTIONS) is not implemented!\n"); + } + }

if (alertable) { diff --git a/dlls/wow64/syscall.c b/dlls/wow64/syscall.c index db51948057f..9954c214222 100644 --- a/dlls/wow64/syscall.c +++ b/dlls/wow64/syscall.c @@ -441,9 +441,19 @@ NTSTATUS WINAPI wow64_NtClose( UINT *args ) * wow64_NtContinue */ NTSTATUS WINAPI wow64_NtContinue( UINT *args ) +{ + return wow64_NtContinueEx( args ); +} + + +/********************************************************************** + * wow64_NtContinueEx + */ +NTSTATUS WINAPI wow64_NtContinueEx( UINT *args ) { void *context = get_ptr( &args ); - BOOLEAN alertable = get_ulong( &args ); + CONTINUE_OPTIONS *options = get_ptr( &args ); + BOOL alertable = options > (CONTINUE_OPTIONS *)0xFF ? options->ContinueFlags & CONTINUE_FLAG_TEST_ALERT : !!options;

NTSTATUS status = get_context_return_value( context ); struct user_apc_frame *frame = NtCurrentTeb()->TlsSlots[WOW64_TLS_APCLIST]; @@ -452,7 +462,7 @@ NTSTATUS WINAPI wow64_NtContinue( UINT *args )

while (frame && frame->wow_context != context) frame = frame->prev_frame; NtCurrentTeb()->TlsSlots[WOW64_TLS_APCLIST] = frame ? frame->prev_frame : NULL; - if (frame) NtContinue( frame->context, alertable ); + if (frame) NtContinueEx( frame->context, options );

if (alertable) NtTestAlert(); return status; diff --git a/include/winternl.h b/include/winternl.h index b551e404fc9..c353b3ab339 100644 --- a/include/winternl.h +++ b/include/winternl.h @@ -4297,6 +4297,26 @@ typedef struct _API_SET_VALUE_ENTRY ULONG ValueLength; } API_SET_VALUE_ENTRY;

+typedef enum _CONTINUE_TYPE +{ + CONTINUE_UNWIND, + CONTINUE_RESUME, + CONTINUE_LONGJUMP, + CONTINUE_SET, + CONTINUE_LAST, +} CONTINUE_TYPE; + +typedef struct _CONTINUE_OPTIONS +{ + CONTINUE_TYPE ContinueType; + ULONG ContinueFlags; + ULONGLONG Reserved[2]; +} CONTINUE_OPTIONS, *PCONTINUE_OPTIONS; + +#define CONTINUE_FLAG_TEST_ALERT 0x00000001 +#define CONTINUE_FLAG_DELIVER_APC 0x00000002 + + /*********************************************************************** * Function declarations */ @@ -4373,6 +4393,7 @@ NTSYSAPI NTSTATUS WINAPI NtCompareTokens(HANDLE,HANDLE,BOOLEAN*); NTSYSAPI NTSTATUS WINAPI NtCompleteConnectPort(HANDLE); NTSYSAPI NTSTATUS WINAPI NtConnectPort(PHANDLE,PUNICODE_STRING,PSECURITY_QUALITY_OF_SERVICE,PLPC_SECTION_WRITE,PLPC_SECTION_READ,PULONG,PVOID,PULONG); NTSYSAPI NTSTATUS WINAPI NtContinue(PCONTEXT,BOOLEAN); +NTSYSAPI NTSTATUS WINAPI NtContinueEx(PCONTEXT,PCONTINUE_OPTIONS); /* PCONTINUE_OPTIONS can also be BOOLEAN */ NTSYSAPI NTSTATUS WINAPI NtCreateDebugObject(HANDLE*,ACCESS_MASK,OBJECT_ATTRIBUTES*,ULONG); NTSYSAPI NTSTATUS WINAPI NtCreateDirectoryObject(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES); NTSYSAPI NTSTATUS WINAPI NtCreateEvent(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES *,EVENT_TYPE,BOOLEAN);

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4761

Dāvis Mosāns

noon

New subject: [PATCH v4 3/4] ntdll: NtContinueEx() handle few error cases

From: Dāvis Mosāns davispuh@gmail.com

context and options must be aligned --- dlls/ntdll/unix/server.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)

diff --git a/dlls/ntdll/unix/server.c b/dlls/ntdll/unix/server.c index b93021aaf19..2fe42809581 100644 --- a/dlls/ntdll/unix/server.c +++ b/dlls/ntdll/unix/server.c @@ -803,12 +803,28 @@ NTSTATUS WINAPI NtContinueEx( CONTEXT *context, CONTINUE_OPTIONS *options ) user_apc_t apc; NTSTATUS status; BOOLEAN alertable; + const intptr_t alignment_bits = 16 - 1; /* (16-bytes on amd64) */ + + if (!context) + { + return STATUS_ACCESS_VIOLATION; + } + + /* context must be aligned */ + if ((intptr_t)context & alignment_bits) + { + return STATUS_DATATYPE_MISALIGNMENT; + }

if (options <= (CONTINUE_OPTIONS *)0xff) { alertable = (BOOLEAN)(intptr_t)options; } else { + if ((intptr_t)options & alignment_bits) + { + return STATUS_DATATYPE_MISALIGNMENT; + } alertable = !!(options->ContinueFlags & CONTINUE_FLAG_TEST_ALERT);

/* FIXME: no idea how to handle rest of CONTINUE_OPTIONS stuff */

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4761

Dāvis Mosāns

noon

New subject: [PATCH v4 4/4] ntdll/tests: Add basic test for NtContinueEx()

From: Dāvis Mosāns davispuh@gmail.com

--- dlls/ntdll/tests/exception.c | 38 +++++++++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 9 deletions(-)

diff --git a/dlls/ntdll/tests/exception.c b/dlls/ntdll/tests/exception.c index 227efbfcac8..fb9649e56cf 100644 --- a/dlls/ntdll/tests/exception.c +++ b/dlls/ntdll/tests/exception.c @@ -4425,13 +4425,13 @@ static void test_thread_context(void) #undef COMPARE }

-static void test_continue(void) +static void test_continue(BOOL testContinueEx) { struct context_pair { CONTEXT before; CONTEXT after; } contexts; - NTSTATUS (*func_ptr)( struct context_pair *, BOOL alertable, void *continue_func, void *capture_func ) = code_mem; + NTSTATUS (*func_ptr)( struct context_pair *, void *arg2, void *continue_func, void *capture_func ) = code_mem; int i;

static const BYTE call_func[] = @@ -4500,7 +4500,7 @@ static void test_continue(void)

/* load args */ 0x48, 0x8b, 0x4c, 0x24, 0x70, /* mov 8*14(%rsp), %rcx; context */ - 0x48, 0x8b, 0x54, 0x24, 0x78, /* mov 8*15(%rsp), %rdx; alertable */ + 0x48, 0x8b, 0x54, 0x24, 0x78, /* mov 8*15(%rsp), %rdx; arg2 */ 0x48, 0x83, 0xec, 0x70, /* sub $0x70, %rsp; change stack */

/* setup context to return to label 1 */ @@ -4560,7 +4560,16 @@ static void test_continue(void) memcpy( func_ptr, call_func, sizeof(call_func) ); FlushInstructionCache( GetCurrentProcess(), func_ptr, sizeof(call_func) );

- func_ptr( &contexts, FALSE, NtContinue, pRtlCaptureContext ); + if (testContinueEx) + { + CONTINUE_OPTIONS opts = { 0 }; + opts.ContinueType = CONTINUE_UNWIND; /* Nothing else is implemented */ + opts.ContinueFlags = 0; /* Disable test alert */ + func_ptr( &contexts, &opts, NtContinueEx, pRtlCaptureContext ); + } else + { + func_ptr( &contexts, FALSE, NtContinue, pRtlCaptureContext ); + }

#define COMPARE(reg) \ ok( contexts.before.reg == contexts.after.reg, "wrong " #reg " %p/%p\n", (void *)(ULONG64)contexts.before.reg, (void *)(ULONG64)contexts.after.reg ) @@ -9045,14 +9054,14 @@ static void test_debug_service(DWORD numexc) /* not supported */ }

-static void test_continue(void) +static void test_continue(BOOL testContinueEx) { struct context_pair { CONTEXT before; CONTEXT after; } contexts; unsigned int i; - NTSTATUS (*func_ptr)( struct context_pair *, BOOL alertable, void *continue_func, void *capture_func ) = code_mem; + NTSTATUS (*func_ptr)( struct context_pair *, void *arg2, void *continue_func, void *capture_func ) = code_mem;

static const DWORD call_func[] = { @@ -9152,7 +9161,16 @@ static void test_continue(void) #define COMPARE_INDEXED(reg) \ ok( contexts.before.reg == contexts.after.reg, "wrong " #reg " i: %u, %p/%p\n", i, (void *)(ULONG64)contexts.before.reg, (void *)(ULONG64)contexts.after.reg )

for (i = 1; i < 29; i++) COMPARE_INDEXED( X[i] );

@@ -12634,7 +12652,8 @@ START_TEST(exception) test_debug_registers_wow64(); test_debug_service(1); test_simd_exceptions(); - test_continue(); + test_continue(FALSE /* NtContinue */); + test_continue(TRUE /* NtContinueEx */); test_virtual_unwind(); test___C_specific_handler(); test_restore_context(); @@ -12657,7 +12676,8 @@ START_TEST(exception)

#elif defined(__aarch64__)

- test_continue(); + test_continue(FALSE /* NtContinue */); + test_continue(TRUE /* NtContinueEx */); test_virtual_unwind();

#elif defined(__arm__)

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/4761

Marvin

12:17 p.m.

New subject: [PATCH v4 4/4] ntdll/tests: Add basic test for NtContinueEx()

Hi,

It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated.

The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=142286

Your paranoid android.

=== debian11 (build log) ===

Task: Could not create the win32 wineprefix: Failed to disable the crash dialogs: Task: WineTest did not produce the win32 report

=== debian11b (build log) ===

Task: Could not create the wow32 wineprefix: Failed to disable the crash dialogs: Task: WineTest did not produce the wow32 report

Jinoh Kang (＠iamahuman)

3:50 p.m.

Jinoh Kang (@iamahuman) commented about dlls/ntdll/unix/server.c:

...

+{

/* NtContinueEx accepts both */

return NtContinueEx(context, (CONTINUE_OPTIONS *)(intptr_t)alertable);

+}

+/***********************************************************************
         NtContinueEx  (NTDLL.@)
*/
+NTSTATUS WINAPI NtContinueEx( CONTEXT *context, CONTINUE_OPTIONS *options ) { user_apc_t apc; NTSTATUS status;

BOOLEAN alertable;

if (options <= (CONTINUE_OPTIONS *)0xff)

Don't compare sentinel pointers without casting to unsigned integers. Not only is comparison of invalid pointers an undefined behavior, but also do various compilers (e.g., MSVC) treat it as signed, which is incorrect here.

```suggestion:-0+0 if ((ULONG_PTR)options <= 0xff) ```

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/4761#note_58642

Jinoh Kang (＠iamahuman)

3:50 p.m.

Jinoh Kang (@iamahuman) commented about dlls/ntdll/unix/server.c:

...

NTSTATUS WINAPI NtContinue( CONTEXT *context, BOOLEAN alertable ) +{

/* NtContinueEx accepts both */

return NtContinueEx(context, (CONTINUE_OPTIONS *)(intptr_t)alertable);

+}

+/***********************************************************************
         NtContinueEx  (NTDLL.@)
*/
+NTSTATUS WINAPI NtContinueEx( CONTEXT *context, CONTINUE_OPTIONS *options ) { user_apc_t apc; NTSTATUS status;

BOOLEAN alertable;

const intptr_t alignment_bits = 16 - 1; /* (16-bytes on amd64) */

1. Does 32-bit architectures (i386) reject `options` when it's not 16-byte aligned? What if they only require just 8-byte or even 4-byte alignment? 2. Do we have any app that relies on `STATUS_DATATYPE_MISALIGNMENT` to be returned on misaligned `options`? Otherwise, I think this is unnecessary. The error handling code doesn't have tests, so it might even just bitrot.

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/4761#note_58644

Jinoh Kang (＠iamahuman)

3:50 p.m.

Jinoh Kang (@iamahuman) commented about dlls/ntdll/unix/server.c:

...

+/***********************************************************************
         NtContinueEx  (NTDLL.@)
*/
+NTSTATUS WINAPI NtContinueEx( CONTEXT *context, CONTINUE_OPTIONS *options ) { user_apc_t apc; NTSTATUS status;
BOOLEAN alertable;

const intptr_t alignment_bits = 16 - 1; /* (16-bytes on amd64) */

if (!context)

{
   return STATUS_ACCESS_VIOLATION;
}

This is made redundant by catch-all SIGSEGV handler for Unix side.

```suggestion:-3+0 ```

Try testing it, and you'll see that it (still) returns `STATUS_ACCESS_VIOLATION` ;-)

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/4761#note_58645

Jinoh Kang (＠iamahuman)

3:50 p.m.

Jinoh Kang (@iamahuman) commented about dlls/ntdll/unix/server.c:

...

const intptr_t alignment_bits = 16 - 1; /* (16-bytes on amd64) */

if (!context)

{
   return STATUS_ACCESS_VIOLATION;
}

/* context must be aligned */

if ((intptr_t)context & alignment_bits)

{
   return STATUS_DATATYPE_MISALIGNMENT;
}

if (options <= (CONTINUE_OPTIONS *)0xff)

{
   alertable = (BOOLEAN)(intptr_t)options;

I'm not sure about this. Does `options = (CONTINUE_OPTIONS *)2` mean alertable too?

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/4761#note_58646

Jinoh Kang (＠iamahuman)

3:50 p.m.

Jinoh Kang (@iamahuman) commented about dlls/wow64/syscall.c:

...

*/ NTSTATUS WINAPI wow64_NtContinue( UINT *args ) +{

return wow64_NtContinueEx( args );

+}

+/**********************************************************************
      wow64_NtContinueEx
*/
+NTSTATUS WINAPI wow64_NtContinueEx( UINT *args ) { void *context = get_ptr( &args );

BOOLEAN alertable = get_ulong( &args );

CONTINUE_OPTIONS *options = get_ptr( &args );

BOOL alertable = options > (CONTINUE_OPTIONS *)0xFF ? options->ContinueFlags & CONTINUE_FLAG_TEST_ALERT : !!options;

Ditto ```suggestion:-0+0 BOOL alertable = (ULONG_PTR)options > 0xff ? options->ContinueFlags & CONTINUE_FLAG_TEST_ALERT : !!options; ```

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/4761#note_58643

503

Age (days ago)

503

Last active (days ago)

wine-gitlab@winehq.org

10 comments

4 participants

tags (0)

participants (4)

Dāvis Mosāns
Dāvis Mosāns (davispuh) (＠davispuh)
Jinoh Kang (＠iamahuman)
Marvin