diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 12:41:41 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 12:41:41 +0000 |
commit | 10ee2acdd26a7f1298c6f6d6b7af9b469fe29b87 (patch) | |
tree | bdffd5d80c26cf4a7a518281a204be1ace85b4c1 /vendor/ntapi/src/ntrtl.rs | |
parent | Releasing progress-linux version 1.70.0+dfsg1-9~progress7.99u1. (diff) | |
download | rustc-10ee2acdd26a7f1298c6f6d6b7af9b469fe29b87.tar.xz rustc-10ee2acdd26a7f1298c6f6d6b7af9b469fe29b87.zip |
Merging upstream version 1.70.0+dfsg2.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'vendor/ntapi/src/ntrtl.rs')
-rw-r--r-- | vendor/ntapi/src/ntrtl.rs | 4373 |
1 files changed, 0 insertions, 4373 deletions
diff --git a/vendor/ntapi/src/ntrtl.rs b/vendor/ntapi/src/ntrtl.rs deleted file mode 100644 index abbc3862a..000000000 --- a/vendor/ntapi/src/ntrtl.rs +++ /dev/null @@ -1,4373 +0,0 @@ -use core::ptr::null_mut; -use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID}; -use crate::ntexapi::{RTL_PROCESS_BACKTRACES, RTL_PROCESS_LOCKS}; -use crate::ntioapi::FILE_INFORMATION_CLASS; -use crate::ntldr::{RTL_PROCESS_MODULES, RTL_PROCESS_MODULE_INFORMATION_EX}; -use crate::ntmmapi::SECTION_IMAGE_INFORMATION; -use crate::ntnls::{PCPTABLEINFO, PNLSTABLEINFO}; -use crate::ntpebteb::{PPEB, PTEB_ACTIVE_FRAME}; -use crate::ntpsapi::{PINITIAL_TEB, PPS_APC_ROUTINE, PS_PROTECTION}; -use crate::ntapi_base::{PRTL_ATOM, RTL_ATOM}; -use crate::string::UTF16Const; -use winapi::ctypes::c_void; -use winapi::shared::basetsd::{PULONG64, ULONG32, ULONG64, PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR}; -use winapi::shared::guiddef::GUID; -use winapi::shared::in6addr::in6_addr; -use winapi::shared::inaddr::in_addr; -use winapi::shared::minwindef::{BOOL, DWORD, PBOOL}; -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -use winapi::shared::ntdef::{LARGE_INTEGER, RTL_BALANCED_NODE}; -use winapi::shared::ntdef::{ - BOOLEAN, CCHAR, CHAR, CLONG, CSHORT, HANDLE, LCID, LIST_ENTRY, LOGICAL, LONG, LUID, NTSTATUS, - PANSI_STRING, PBOOLEAN, PCANSI_STRING, PCCH, PCH, PCHAR, PCOEM_STRING, PCSZ, PCUNICODE_STRING, - PCWCH, PCWSTR, PHANDLE, PLARGE_INTEGER, PLCID, PLIST_ENTRY, PLONG, PLUID, PNT_PRODUCT_TYPE, - POEM_STRING, PPROCESSOR_NUMBER, PRTL_BALANCED_NODE, PSINGLE_LIST_ENTRY, PSTR, PSTRING, PUCHAR, - PULONG, PULONGLONG, PUNICODE_STRING, PUSHORT, PVOID, PWCH, PWCHAR, PWSTR, SINGLE_LIST_ENTRY, - STRING, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR, -}; -use winapi::um::minwinbase::PTHREAD_START_ROUTINE; -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -use winapi::um::winnt::{PGET_RUNTIME_FUNCTION_CALLBACK, PRUNTIME_FUNCTION, PWOW64_CONTEXT}; -use winapi::um::winnt::{ - ACCESS_MASK, ACL_INFORMATION_CLASS, APC_CALLBACK_FUNCTION, HEAP_INFORMATION_CLASS, - HEAP_REALLOC_IN_PLACE_ONLY, HEAP_ZERO_MEMORY, OS_DEPLOYEMENT_STATE_VALUES, PACCESS_MASK, PACL, - PCONTEXT, PEXCEPTION_POINTERS, PEXCEPTION_RECORD, PFLS_CALLBACK_FUNCTION, PGENERIC_MAPPING, - PIMAGE_NT_HEADERS, PIMAGE_SECTION_HEADER, PLUID_AND_ATTRIBUTES, PMESSAGE_RESOURCE_ENTRY, - PPERFORMANCE_DATA, PRTL_BARRIER, PRTL_CONDITION_VARIABLE, PRTL_CRITICAL_SECTION, - PRTL_OSVERSIONINFOEXW, PRTL_OSVERSIONINFOW, PRTL_RESOURCE_DEBUG, PRTL_SRWLOCK, - PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR_CONTROL, PSID, PSID_AND_ATTRIBUTES, - PSID_AND_ATTRIBUTES_HASH, PSID_IDENTIFIER_AUTHORITY, PVECTORED_EXCEPTION_HANDLER, - PXSAVE_AREA_HEADER, RTL_CRITICAL_SECTION, RTL_SRWLOCK, SECURITY_DESCRIPTOR_CONTROL, - SECURITY_IMPERSONATION_LEVEL, SECURITY_INFORMATION, WAITORTIMERCALLBACKFUNC, - WORKERCALLBACKFUNC, -}; -use winapi::vc::vadefs::va_list; -#[inline] -pub fn InitializeListHead(ListHead: &mut LIST_ENTRY) { - ListHead.Flink = ListHead; - ListHead.Blink = ListHead; -} -#[inline] -pub fn IsListEmpty(ListHead: &LIST_ENTRY) -> bool { - ListHead.Flink as *const _ == ListHead as *const _ -} -#[inline] -pub unsafe fn RemoveEntryList(Entry: &mut LIST_ENTRY) -> bool { - let (Blink, Flink) = (Entry.Blink, Entry.Flink); - (*Blink).Flink = Flink; - (*Flink).Blink = Blink; - Flink == Blink -} -#[inline] -pub unsafe fn RemoveHeadList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY { - let Entry = ListHead.Flink; - let Flink = (*Entry).Flink; - ListHead.Flink = Flink; - (*Flink).Blink = ListHead; - Entry -} -#[inline] -pub unsafe fn RemoveTailList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY { - let Entry = ListHead.Blink; - let Blink = (*Entry).Blink; - ListHead.Blink = Blink; - (*Blink).Flink = ListHead; - Entry -} -#[inline] -pub unsafe fn InsertTailList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) { - let Blink = ListHead.Blink; - Entry.Flink = ListHead; - Entry.Blink = Blink; - (*Blink).Flink = Entry; - ListHead.Blink = Entry; -} -#[inline] -pub unsafe fn InsertHeadList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) { - let Flink = ListHead.Flink; - Entry.Flink = Flink; - Entry.Blink = ListHead; - (*Flink).Blink = Entry; - ListHead.Flink = Entry; -} -#[inline] -pub unsafe fn AppendTailList(ListHead: &mut LIST_ENTRY, ListToAppend: &mut LIST_ENTRY) { - let ListEnd = ListHead.Blink; - (*ListHead.Blink).Flink = ListToAppend; - ListHead.Blink = ListToAppend.Blink; - (*ListToAppend.Blink).Flink = ListHead; - ListToAppend.Blink = ListEnd; -} -#[inline] -pub unsafe fn PopEntryList(ListHead: &mut SINGLE_LIST_ENTRY) -> PSINGLE_LIST_ENTRY { - let FirstEntry = ListHead.Next; - if !FirstEntry.is_null() { - ListHead.Next = (*FirstEntry).Next; - } - FirstEntry -} -#[inline] -pub fn PushEntryList(ListHead: &mut SINGLE_LIST_ENTRY, Entry: &mut SINGLE_LIST_ENTRY) { - Entry.Next = ListHead.Next; - ListHead.Next = Entry; -} -ENUM!{enum TABLE_SEARCH_RESULT { - TableEmptyTree = 0, - TableFoundNode = 1, - TableInsertAsLeft = 2, - TableInsertAsRight = 3, -}} -ENUM!{enum RTL_GENERIC_COMPARE_RESULTS { - GenericLessThan = 0, - GenericGreaterThan = 1, - GenericEqual = 2, -}} -FN!{stdcall PRTL_AVL_COMPARE_ROUTINE( - Table: *mut RTL_AVL_TABLE, - FirstStruct: PVOID, - SecondStruct: PVOID, -) -> RTL_GENERIC_COMPARE_RESULTS} -FN!{stdcall PRTL_AVL_ALLOCATE_ROUTINE( - Table: *mut RTL_AVL_TABLE, - ByteSize: CLONG, -) -> PVOID} -FN!{stdcall PRTL_AVL_FREE_ROUTINE( - Table: *mut RTL_AVL_TABLE, - Buffer: PVOID, -) -> ()} -FN!{stdcall PRTL_AVL_MATCH_FUNCTION( - Table: *mut RTL_AVL_TABLE, - UserData: PVOID, - MatchData: PVOID, -) -> NTSTATUS} -STRUCT!{struct RTL_BALANCED_LINKS { - Parent: *mut RTL_BALANCED_LINKS, - LeftChild: *mut RTL_BALANCED_LINKS, - RightChild: *mut RTL_BALANCED_LINKS, - Balance: CHAR, - Reserved: [UCHAR; 3], -}} -pub type PRTL_BALANCED_LINKS = *mut RTL_BALANCED_LINKS; -STRUCT!{struct RTL_AVL_TABLE { - BalancedRoot: RTL_BALANCED_LINKS, - OrderedPointer: PVOID, - WhichOrderedElement: ULONG, - NumberGenericTableElements: ULONG, - DepthOfTree: ULONG, - RestartKey: PRTL_BALANCED_LINKS, - DeleteCount: ULONG, - CompareRoutine: PRTL_AVL_COMPARE_ROUTINE, - AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE, - FreeRoutine: PRTL_AVL_FREE_ROUTINE, - TableContext: PVOID, -}} -pub type PRTL_AVL_TABLE = *mut RTL_AVL_TABLE; -EXTERN!{extern "system" { - fn RtlInitializeGenericTableAvl( - Table: PRTL_AVL_TABLE, - CompareRoutine: PRTL_AVL_COMPARE_ROUTINE, - AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE, - FreeRoutine: PRTL_AVL_FREE_ROUTINE, - TableContext: PVOID, - ); - fn RtlInsertElementGenericTableAvl( - Table: PRTL_AVL_TABLE, - Buffer: PVOID, - BufferSize: CLONG, - NewElement: PBOOLEAN, - ) -> PVOID; - fn RtlInsertElementGenericTableFullAvl( - Table: PRTL_AVL_TABLE, - Buffer: PVOID, - BufferSize: CLONG, - NewElement: PBOOLEAN, - NodeOrParent: PVOID, - SearchResult: TABLE_SEARCH_RESULT, - ) -> PVOID; - fn RtlDeleteElementGenericTableAvl( - Table: PRTL_AVL_TABLE, - Buffer: PVOID, - ) -> BOOLEAN; - fn RtlLookupElementGenericTableAvl( - Table: PRTL_AVL_TABLE, - Buffer: PVOID, - ) -> PVOID; - fn RtlLookupElementGenericTableFullAvl( - Table: PRTL_AVL_TABLE, - Buffer: PVOID, - NodeOrParent: *mut PVOID, - SearchResult: *mut TABLE_SEARCH_RESULT, - ) -> PVOID; - fn RtlEnumerateGenericTableAvl( - Table: PRTL_AVL_TABLE, - Restart: BOOLEAN, - ) -> PVOID; - fn RtlEnumerateGenericTableWithoutSplayingAvl( - Table: PRTL_AVL_TABLE, - RestartKey: *mut PVOID, - ) -> PVOID; - fn RtlLookupFirstMatchingElementGenericTableAvl( - Table: PRTL_AVL_TABLE, - Buffer: PVOID, - RestartKey: *mut PVOID, - ) -> PVOID; - fn RtlEnumerateGenericTableLikeADirectory( - Table: PRTL_AVL_TABLE, - MatchFunction: PRTL_AVL_MATCH_FUNCTION, - MatchData: PVOID, - NextFlag: ULONG, - RestartKey: *mut PVOID, - DeleteCount: PULONG, - Buffer: PVOID, - ) -> PVOID; - fn RtlGetElementGenericTableAvl( - Table: PRTL_AVL_TABLE, - I: ULONG, - ) -> PVOID; - fn RtlNumberGenericTableElementsAvl( - Table: PRTL_AVL_TABLE, - ) -> ULONG; - fn RtlIsGenericTableEmptyAvl( - Table: PRTL_AVL_TABLE, - ) -> BOOLEAN; -}} -STRUCT!{struct RTL_SPLAY_LINKS { - Parent: *mut RTL_SPLAY_LINKS, - LeftChild: *mut RTL_SPLAY_LINKS, - RightChild: *mut RTL_SPLAY_LINKS, -}} -pub type PRTL_SPLAY_LINKS = *mut RTL_SPLAY_LINKS; -#[inline] -pub fn RtlInitializeSplayLinks(Links: &mut RTL_SPLAY_LINKS) { - Links.Parent = Links; - Links.LeftChild = null_mut(); - Links.RightChild = null_mut(); -} -#[inline] -pub const fn RtlParent(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS { - Links.Parent -} -#[inline] -pub const fn RtlLeftChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS { - Links.LeftChild -} -#[inline] -pub const fn RtlRightChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS { - Links.RightChild -} -#[inline] -pub unsafe fn RtlIsRoot(Links: *const RTL_SPLAY_LINKS) -> bool { - (*Links).Parent as *const _ == Links -} -#[inline] -pub unsafe fn RtlIsLeftChild(Links: *const RTL_SPLAY_LINKS) -> bool { - RtlLeftChild(&*RtlParent(&*Links)) as *const _ == Links -} -#[inline] -pub unsafe fn RtlIsRightChild(Links: *const RTL_SPLAY_LINKS) -> bool { - RtlRightChild(&*RtlParent(&*Links)) as *const _ == Links -} -#[inline] -pub fn RtlInsertAsLeftChild( - ParentLinks: &mut RTL_SPLAY_LINKS, - ChildLinks: &mut RTL_SPLAY_LINKS, -) { - ParentLinks.LeftChild = ChildLinks; - ChildLinks.Parent = ParentLinks; -} -#[inline] -pub fn RtlInsertAsRightChild( - ParentLinks: &mut RTL_SPLAY_LINKS, - ChildLinks: &mut RTL_SPLAY_LINKS, -) { - ParentLinks.RightChild = ChildLinks; - ChildLinks.Parent = ParentLinks; -} -EXTERN!{extern "system" { - fn RtlSplay( - Links: PRTL_SPLAY_LINKS, - ) -> PRTL_SPLAY_LINKS; - fn RtlDelete( - Links: PRTL_SPLAY_LINKS, - ) -> PRTL_SPLAY_LINKS; - fn RtlDeleteNoSplay( - Links: PRTL_SPLAY_LINKS, - Root: *mut PRTL_SPLAY_LINKS, - ); - fn RtlSubtreeSuccessor( - Links: PRTL_SPLAY_LINKS, - ) -> PRTL_SPLAY_LINKS; - fn RtlSubtreePredecessor( - Links: PRTL_SPLAY_LINKS, - ) -> PRTL_SPLAY_LINKS; - fn RtlRealSuccessor( - Links: PRTL_SPLAY_LINKS, - ) -> PRTL_SPLAY_LINKS; - fn RtlRealPredecessor( - Links: PRTL_SPLAY_LINKS, - ) -> PRTL_SPLAY_LINKS; -}} -FN!{stdcall PRTL_GENERIC_COMPARE_ROUTINE( - Table: *mut RTL_GENERIC_TABLE, - FirstStruct: PVOID, - SecondStruct: PVOID, -) -> RTL_GENERIC_COMPARE_RESULTS} -FN!{stdcall PRTL_GENERIC_ALLOCATE_ROUTINE( - Table: *mut RTL_GENERIC_TABLE, - ByteSize: CLONG, -) -> PVOID} -FN!{stdcall PRTL_GENERIC_FREE_ROUTINE( - Table: *mut RTL_GENERIC_TABLE, - Buffer: PVOID, -) -> ()} -STRUCT!{struct RTL_GENERIC_TABLE { - TableRoot: PRTL_SPLAY_LINKS, - InsertOrderList: LIST_ENTRY, - OrderedPointer: PLIST_ENTRY, - WhichOrderedElement: ULONG, - NumberGenericTableElements: ULONG, - CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE, - AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE, - FreeRoutine: PRTL_GENERIC_FREE_ROUTINE, - TableContext: PVOID, -}} -pub type PRTL_GENERIC_TABLE = *mut RTL_GENERIC_TABLE; -EXTERN!{extern "system" { - fn RtlInitializeGenericTable( - Table: PRTL_GENERIC_TABLE, - CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE, - AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE, - FreeRoutine: PRTL_GENERIC_FREE_ROUTINE, - TableContext: PVOID, - ); - fn RtlInsertElementGenericTable( - Table: PRTL_GENERIC_TABLE, - Buffer: PVOID, - BufferSize: CLONG, - NewElement: PBOOLEAN, - ) -> PVOID; - fn RtlInsertElementGenericTableFull( - Table: PRTL_GENERIC_TABLE, - Buffer: PVOID, - BufferSize: CLONG, - NewElement: PBOOLEAN, - NodeOrParent: PVOID, - SearchResult: TABLE_SEARCH_RESULT, - ) -> PVOID; - fn RtlDeleteElementGenericTable( - Table: PRTL_GENERIC_TABLE, - Buffer: PVOID, - ) -> BOOLEAN; - fn RtlLookupElementGenericTable( - Table: PRTL_GENERIC_TABLE, - Buffer: PVOID, - ) -> PVOID; - fn RtlLookupElementGenericTableFull( - Table: PRTL_GENERIC_TABLE, - Buffer: PVOID, - NodeOrParent: *mut PVOID, - SearchResult: *mut TABLE_SEARCH_RESULT, - ) -> PVOID; - fn RtlEnumerateGenericTable( - Table: PRTL_GENERIC_TABLE, - Restart: BOOLEAN, - ) -> PVOID; - fn RtlEnumerateGenericTableWithoutSplaying( - Table: PRTL_GENERIC_TABLE, - RestartKey: *mut PVOID, - ) -> PVOID; - fn RtlGetElementGenericTable( - Table: PRTL_GENERIC_TABLE, - I: ULONG, - ) -> PVOID; - fn RtlNumberGenericTableElements( - Table: PRTL_GENERIC_TABLE, - ) -> ULONG; - fn RtlIsGenericTableEmpty( - Table: PRTL_GENERIC_TABLE, - ) -> BOOLEAN; -}} -STRUCT!{struct RTL_RB_TREE { - Root: PRTL_BALANCED_NODE, - Min: PRTL_BALANCED_NODE, -}} -pub type PRTL_RB_TREE = *mut RTL_RB_TREE; -EXTERN!{extern "system" { - fn RtlRbInsertNodeEx( - Tree: PRTL_RB_TREE, - Parent: PRTL_BALANCED_NODE, - Right: BOOLEAN, - Node: PRTL_BALANCED_NODE, - ); - fn RtlRbRemoveNode( - Tree: PRTL_RB_TREE, - Node: PRTL_BALANCED_NODE, - ); -}} -pub const RTL_HASH_ALLOCATED_HEADER: u32 = 0x00000001; -pub const RTL_HASH_RESERVED_SIGNATURE: u32 = 0; -STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENTRY { - Linkage: LIST_ENTRY, - Signature: ULONG_PTR, -}} -pub type PRTL_DYNAMIC_HASH_TABLE_ENTRY = *mut RTL_DYNAMIC_HASH_TABLE_ENTRY; -#[inline] -pub const fn HASH_ENTRY_KEY(x: &RTL_DYNAMIC_HASH_TABLE_ENTRY) -> ULONG_PTR { - x.Signature -} -STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_CONTEXT { - ChainHead: PLIST_ENTRY, - PrevLinkage: PLIST_ENTRY, - Signature: ULONG_PTR, -}} -pub type PRTL_DYNAMIC_HASH_TABLE_CONTEXT = *mut RTL_DYNAMIC_HASH_TABLE_CONTEXT; -STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENUMERATOR { - HashEntry: RTL_DYNAMIC_HASH_TABLE_ENTRY, - ChainHead: PLIST_ENTRY, - BucketIndex: ULONG, -}} -pub type PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR = *mut RTL_DYNAMIC_HASH_TABLE_ENUMERATOR; -STRUCT!{struct RTL_DYNAMIC_HASH_TABLE { - Flags: ULONG, - Shift: ULONG, - TableSize: ULONG, - Pivot: ULONG, - DivisorMask: ULONG, - NumEntries: ULONG, - NonEmptyBuckets: ULONG, - NumEnumerators: ULONG, - Directory: PVOID, -}} -pub type PRTL_DYNAMIC_HASH_TABLE = *mut RTL_DYNAMIC_HASH_TABLE; -#[inline] -pub fn RtlInitHashTableContext(Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT) { - Context.ChainHead = null_mut(); - Context.PrevLinkage = null_mut(); -} -#[inline] -pub fn RtlInitHashTableContextFromEnumerator( - Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT, - Enumerator: &RTL_DYNAMIC_HASH_TABLE_ENUMERATOR, -) { - Context.ChainHead = Enumerator.ChainHead; - Context.PrevLinkage = Enumerator.HashEntry.Linkage.Blink; -} -// RtlReleaseHashTableContext -#[inline] -pub const fn RtlTotalBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { - HashTable.TableSize -} -#[inline] -pub const fn RtlNonEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { - HashTable.NonEmptyBuckets -} -#[inline] -pub const fn RtlEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { - HashTable.TableSize - HashTable.NonEmptyBuckets -} -#[inline] -pub const fn RtlTotalEntriesHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { - HashTable.NumEntries -} -#[inline] -pub const fn RtlActiveEnumeratorsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { - HashTable.NumEnumerators -} -EXTERN!{extern "system" { - fn RtlCreateHashTable( - HashTable: *mut PRTL_DYNAMIC_HASH_TABLE, - Shift: ULONG, - Flags: ULONG, - ) -> BOOLEAN; - fn RtlDeleteHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - ); - fn RtlInsertEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY, - Signature: ULONG_PTR, - Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, - ) -> BOOLEAN; - fn RtlRemoveEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY, - Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, - ) -> BOOLEAN; - fn RtlLookupEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Signature: ULONG_PTR, - Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, - ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; - fn RtlGetNextEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, - ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; - fn RtlInitEnumerationHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ) -> BOOLEAN; - fn RtlEnumerateEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; - fn RtlEndEnumerationHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ); - fn RtlInitWeakEnumerationHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ) -> BOOLEAN; - fn RtlWeaklyEnumerateEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; - fn RtlEndWeakEnumerationHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ); - fn RtlExpandHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - ) -> BOOLEAN; - fn RtlContractHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - ) -> BOOLEAN; - fn RtlInitStrongEnumerationHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ) -> BOOLEAN; - fn RtlStronglyEnumerateEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; - fn RtlEndStrongEnumerationHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ); - fn RtlInitializeCriticalSection( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> NTSTATUS; - fn RtlInitializeCriticalSectionAndSpinCount( - CriticalSection: PRTL_CRITICAL_SECTION, - SpinCount: ULONG, - ) -> NTSTATUS; - fn RtlDeleteCriticalSection( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> NTSTATUS; - fn RtlEnterCriticalSection( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> NTSTATUS; - fn RtlLeaveCriticalSection( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> NTSTATUS; - fn RtlTryEnterCriticalSection( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> LOGICAL; - fn RtlIsCriticalSectionLocked( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> LOGICAL; - fn RtlIsCriticalSectionLockedByThread( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> LOGICAL; - fn RtlGetCriticalSectionRecursionCount( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> ULONG; - fn RtlSetCriticalSectionSpinCount( - CriticalSection: PRTL_CRITICAL_SECTION, - SpinCount: ULONG, - ) -> ULONG; - fn RtlQueryCriticalSectionOwner( - EventHandle: HANDLE, - ) -> HANDLE; - fn RtlCheckForOrphanedCriticalSections( - ThreadHandle: HANDLE, - ); -}} -STRUCT!{struct RTL_RESOURCE { - CriticalSection: RTL_CRITICAL_SECTION, - SharedSemaphore: HANDLE, - NumberOfWaitingShared: ULONG, - ExclusiveSemaphore: HANDLE, - NumberOfWaitingExclusive: ULONG, - NumberOfActive: LONG, - ExclusiveOwnerThread: HANDLE, - Flags: ULONG, - DebugInfo: PRTL_RESOURCE_DEBUG, -}} -pub type PRTL_RESOURCE = *mut RTL_RESOURCE; -pub const RTL_RESOURCE_FLAG_LONG_TERM: ULONG = 0x00000001; -EXTERN!{extern "system" { - fn RtlInitializeResource( - Resource: PRTL_RESOURCE, - ); - fn RtlDeleteResource( - Resource: PRTL_RESOURCE, - ); - fn RtlAcquireResourceShared( - Resource: PRTL_RESOURCE, - Wait: BOOLEAN, - ) -> BOOLEAN; - fn RtlAcquireResourceExclusive( - Resource: PRTL_RESOURCE, - Wait: BOOLEAN, - ) -> BOOLEAN; - fn RtlReleaseResource( - Resource: PRTL_RESOURCE, - ); - fn RtlConvertSharedToExclusive( - Resource: PRTL_RESOURCE, - ); - fn RtlConvertExclusiveToShared( - Resource: PRTL_RESOURCE, - ); - fn RtlInitializeSRWLock( - SRWLock: PRTL_SRWLOCK, - ); - fn RtlAcquireSRWLockExclusive( - SRWLock: PRTL_SRWLOCK, - ); - fn RtlAcquireSRWLockShared( - SRWLock: PRTL_SRWLOCK, - ); - fn RtlReleaseSRWLockExclusive( - SRWLock: PRTL_SRWLOCK, - ); - fn RtlReleaseSRWLockShared( - SRWLock: PRTL_SRWLOCK, - ); - fn RtlTryAcquireSRWLockExclusive( - SRWLock: PRTL_SRWLOCK, - ) -> BOOLEAN; - fn RtlTryAcquireSRWLockShared( - SRWLock: PRTL_SRWLOCK, - ) -> BOOLEAN; - fn RtlAcquireReleaseSRWLockExclusive( - SRWLock: PRTL_SRWLOCK, - ); - fn RtlInitializeConditionVariable( - ConditionVariable: PRTL_CONDITION_VARIABLE, - ); - fn RtlSleepConditionVariableCS( - ConditionVariable: PRTL_CONDITION_VARIABLE, - CriticalSection: PRTL_CRITICAL_SECTION, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn RtlSleepConditionVariableSRW( - ConditionVariable: PRTL_CONDITION_VARIABLE, - SRWLock: PRTL_SRWLOCK, - Timeout: PLARGE_INTEGER, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlWakeConditionVariable( - ConditionVariable: PRTL_CONDITION_VARIABLE, - ); - fn RtlWakeAllConditionVariable( - ConditionVariable: PRTL_CONDITION_VARIABLE, - ); -}} -pub const RTL_BARRIER_FLAGS_SPIN_ONLY: ULONG = 0x00000001; -pub const RTL_BARRIER_FLAGS_BLOCK_ONLY: ULONG = 0x00000002; -pub const RTL_BARRIER_FLAGS_NO_DELETE: ULONG = 0x00000004; -EXTERN!{extern "system" { - fn RtlInitBarrier( - Barrier: PRTL_BARRIER, - TotalThreads: ULONG, - SpinCount: ULONG, - ) -> NTSTATUS; - fn RtlDeleteBarrier( - Barrier: PRTL_BARRIER, - ) -> NTSTATUS; - fn RtlBarrier( - Barrier: PRTL_BARRIER, - Flags: ULONG, - ) -> BOOLEAN; - fn RtlBarrierForDelete( - Barrier: PRTL_BARRIER, - Flags: ULONG, - ) -> BOOLEAN; - fn RtlWaitOnAddress( - Address: *mut VOID, - CompareAddress: PVOID, - AddressSize: SIZE_T, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn RtlWakeAddressAll( - Address: PVOID, - ); - fn RtlWakeAddressSingle( - Address: PVOID, - ); - fn RtlInitString( - DestinationString: PSTRING, - SourceString: PCSZ, - ); - fn RtlInitStringEx( - DestinationString: PSTRING, - SourceString: PCSZ, - ) -> NTSTATUS; - fn RtlInitAnsiString( - DestinationString: PANSI_STRING, - SourceString: PCSZ, - ); - fn RtlInitAnsiStringEx( - DestinationString: PANSI_STRING, - SourceString: PCSZ, - ) -> NTSTATUS; - fn RtlFreeAnsiString( - AnsiString: PANSI_STRING, - ); - fn RtlFreeOemString( - OemString: POEM_STRING, - ); - fn RtlCopyString( - DestinationString: PSTRING, - SourceString: *const STRING, - ); - fn RtlUpperChar( - Character: CHAR, - ) -> CHAR; - fn RtlCompareString( - String1: *const STRING, - String2: *const STRING, - CaseInSensitive: BOOLEAN, - ) -> LONG; - fn RtlEqualString( - String1: *const STRING, - String2: *const STRING, - CaseInSensitive: BOOLEAN, - ) -> BOOLEAN; - fn RtlPrefixString( - String1: *const STRING, - String2: *const STRING, - CaseInSensitive: BOOLEAN, - ) -> BOOLEAN; - fn RtlAppendStringToString( - Destination: PSTRING, - Source: *const STRING, - ) -> NTSTATUS; - fn RtlAppendAsciizToString( - Destination: PSTRING, - Source: PSTR, - ) -> NTSTATUS; - fn RtlUpperString( - DestinationString: PSTRING, - SourceString: *const STRING, - ); -}} -#[inline] -pub unsafe fn RtlIsNullOrEmptyUnicodeString(String: PUNICODE_STRING) -> bool { - String.is_null() || (*String).Length == 0 -} -#[inline] -pub fn RtlInitEmptyUnicodeString( - UnicodeString: &mut UNICODE_STRING, - Buffer: PWCHAR, - MaximumLength: USHORT, -) { - UnicodeString.Buffer = Buffer; - UnicodeString.MaximumLength = MaximumLength; - UnicodeString.Length = 0; -} -EXTERN!{extern "system" { - fn RtlInitUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCWSTR, - ); - fn RtlInitUnicodeStringEx( - DestinationString: PUNICODE_STRING, - SourceString: PCWSTR, - ) -> NTSTATUS; - fn RtlCreateUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCWSTR, - ) -> BOOLEAN; - fn RtlCreateUnicodeStringFromAsciiz( - DestinationString: PUNICODE_STRING, - SourceString: PSTR, - ) -> BOOLEAN; - fn RtlFreeUnicodeString( - UnicodeString: PUNICODE_STRING, - ); -}} -pub const RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE: ULONG = 0x00000001; -pub const RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING: ULONG = 0x00000002; -EXTERN!{extern "system" { - fn RtlDuplicateUnicodeString( - Flags: ULONG, - StringIn: PCUNICODE_STRING, - StringOut: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlCopyUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCUNICODE_STRING, - ); - fn RtlUpcaseUnicodeChar( - SourceCharacter: WCHAR, - ) -> WCHAR; - fn RtlDowncaseUnicodeChar( - SourceCharacter: WCHAR, - ) -> WCHAR; - fn RtlCompareUnicodeString( - String1: PCUNICODE_STRING, - String2: PCUNICODE_STRING, - CaseInSensitive: BOOLEAN, - ) -> LONG; - fn RtlCompareUnicodeStrings( - String1: PCWCH, - String1Length: SIZE_T, - String2: PCWCH, - String2Length: SIZE_T, - CaseInSensitive: BOOLEAN, - ) -> LONG; - fn RtlEqualUnicodeString( - String1: PCUNICODE_STRING, - String2: PCUNICODE_STRING, - CaseInSensitive: BOOLEAN, - ) -> BOOLEAN; -}} -pub const HASH_STRING_ALGORITHM_DEFAULT: ULONG = 0; -pub const HASH_STRING_ALGORITHM_X65599: ULONG = 1; -pub const HASH_STRING_ALGORITHM_INVALID: ULONG = 0xffffffff; -EXTERN!{extern "system" { - fn RtlHashUnicodeString( - String: PCUNICODE_STRING, - CaseInSensitive: BOOLEAN, - HashAlgorithm: ULONG, - HashValue: PULONG, - ) -> NTSTATUS; - fn RtlValidateUnicodeString( - Flags: ULONG, - String: PCUNICODE_STRING, - ) -> NTSTATUS; - fn RtlPrefixUnicodeString( - String1: PCUNICODE_STRING, - String2: PCUNICODE_STRING, - CaseInSensitive: BOOLEAN, - ) -> BOOLEAN; - fn RtlSuffixUnicodeString( - String1: PUNICODE_STRING, - String2: PUNICODE_STRING, - CaseInSensitive: BOOLEAN, - ) -> BOOLEAN; - fn RtlFindUnicodeSubstring( - FullString: PUNICODE_STRING, - SearchString: PUNICODE_STRING, - CaseInSensitive: BOOLEAN, - ) -> PWCHAR; -}} -pub const RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END: ULONG = 0x00000001; -pub const RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET: ULONG = 0x00000002; -pub const RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE: ULONG = 0x00000004; -EXTERN!{extern "system" { - fn RtlFindCharInUnicodeString( - Flags: ULONG, - StringToSearch: PUNICODE_STRING, - CharSet: PUNICODE_STRING, - NonInclusivePrefixLength: PUSHORT, - ) -> NTSTATUS; - fn RtlAppendUnicodeStringToString( - Destination: PUNICODE_STRING, - Source: PCUNICODE_STRING, - ) -> NTSTATUS; - fn RtlAppendUnicodeToString( - Destination: PUNICODE_STRING, - Source: PCWSTR, - ) -> NTSTATUS; - fn RtlUpcaseUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlDowncaseUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlEraseUnicodeString( - String: PUNICODE_STRING, - ); - fn RtlAnsiStringToUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCANSI_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlUnicodeStringToAnsiString( - DestinationString: PANSI_STRING, - SourceString: PCUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlAnsiCharToUnicodeChar( - SourceCharacter: *mut PUCHAR, - ) -> WCHAR; - fn RtlUpcaseUnicodeStringToAnsiString( - DestinationString: PANSI_STRING, - SourceString: PUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlOemStringToUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCOEM_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlUnicodeStringToOemString( - DestinationString: POEM_STRING, - SourceString: PCUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlUpcaseUnicodeStringToOemString( - DestinationString: POEM_STRING, - SourceString: PUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlUnicodeStringToCountedOemString( - DestinationString: POEM_STRING, - SourceString: PCUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlUpcaseUnicodeStringToCountedOemString( - DestinationString: POEM_STRING, - SourceString: PCUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlMultiByteToUnicodeN( - UnicodeString: PWCH, - MaxBytesInUnicodeString: ULONG, - BytesInUnicodeString: PULONG, - MultiByteString: *const CHAR, - BytesInMultiByteString: ULONG, - ) -> NTSTATUS; - fn RtlMultiByteToUnicodeSize( - BytesInUnicodeString: PULONG, - MultiByteString: *const CHAR, - BytesInMultiByteString: ULONG, - ) -> NTSTATUS; - fn RtlUnicodeToMultiByteN( - MultiByteString: PCHAR, - MaxBytesInMultiByteString: ULONG, - BytesInMultiByteString: PULONG, - UnicodeString: PCWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlUnicodeToMultiByteSize( - BytesInMultiByteString: PULONG, - UnicodeString: PCWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlUpcaseUnicodeToMultiByteN( - MultiByteString: PCHAR, - MaxBytesInMultiByteString: ULONG, - BytesInMultiByteString: PULONG, - UnicodeString: PCWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlOemToUnicodeN( - UnicodeString: PWCH, - MaxBytesInUnicodeString: ULONG, - BytesInUnicodeString: PULONG, - OemString: PCCH, - BytesInOemString: ULONG, - ) -> NTSTATUS; - fn RtlUnicodeToOemN( - OemString: PCHAR, - MaxBytesInOemString: ULONG, - BytesInOemString: PULONG, - UnicodeString: PCWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlUpcaseUnicodeToOemN( - OemString: PCHAR, - MaxBytesInOemString: ULONG, - BytesInOemString: PULONG, - UnicodeString: PCWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlConsoleMultiByteToUnicodeN( - UnicodeString: PWCH, - MaxBytesInUnicodeString: ULONG, - BytesInUnicodeString: PULONG, - MultiByteString: PCH, - BytesInMultiByteString: ULONG, - pdwSpecialChar: PULONG, - ) -> NTSTATUS; - fn RtlUTF8ToUnicodeN( - UnicodeStringDestination: PWSTR, - UnicodeStringMaxByteCount: ULONG, - UnicodeStringActualByteCount: PULONG, - UTF8StringSource: PCCH, - UTF8StringByteCount: ULONG, - ) -> NTSTATUS; - fn RtlUnicodeToUTF8N( - UTF8StringDestination: PCHAR, - UTF8StringMaxByteCount: ULONG, - UTF8StringActualByteCount: PULONG, - UnicodeStringSource: PCWCH, - UnicodeStringByteCount: ULONG, - ) -> NTSTATUS; - fn RtlCustomCPToUnicodeN( - CustomCP: PCPTABLEINFO, - UnicodeString: PWCH, - MaxBytesInUnicodeString: ULONG, - BytesInUnicodeString: PULONG, - CustomCPString: PCH, - BytesInCustomCPString: ULONG, - ) -> NTSTATUS; - fn RtlUnicodeToCustomCPN( - CustomCP: PCPTABLEINFO, - CustomCPString: PCH, - MaxBytesInCustomCPString: ULONG, - BytesInCustomCPString: PULONG, - UnicodeString: PWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlUpcaseUnicodeToCustomCPN( - CustomCP: PCPTABLEINFO, - CustomCPString: PCH, - MaxBytesInCustomCPString: ULONG, - BytesInCustomCPString: PULONG, - UnicodeString: PWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlInitCodePageTable( - TableBase: PUSHORT, - CodePageTable: PCPTABLEINFO, - ); - fn RtlInitNlsTables( - AnsiNlsBase: PUSHORT, - OemNlsBase: PUSHORT, - LanguageNlsBase: PUSHORT, - TableInfo: PNLSTABLEINFO, - ); - fn RtlResetRtlTranslations( - TableInfo: PNLSTABLEINFO, - ); - fn RtlIsTextUnicode( - Buffer: PVOID, - Size: ULONG, - Result: PULONG, - ) -> BOOLEAN; -}} -ENUM!{enum RTL_NORM_FORM { - NormOther = 0x0, - NormC = 0x1, - NormD = 0x2, - NormKC = 0x5, - NormKD = 0x6, - NormIdna = 0xd, - DisallowUnassigned = 0x100, - NormCDisallowUnassigned = 0x101, - NormDDisallowUnassigned = 0x102, - NormKCDisallowUnassigned = 0x105, - NormKDDisallowUnassigned = 0x106, - NormIdnaDisallowUnassigned = 0x10d, -}} -EXTERN!{extern "system" { - fn RtlNormalizeString( - NormForm: ULONG, - SourceString: PCWSTR, - SourceStringLength: LONG, - DestinationString: PWSTR, - DestinationStringLength: PLONG, - ) -> NTSTATUS; - fn RtlIsNormalizedString( - NormForm: ULONG, - SourceString: PCWSTR, - SourceStringLength: LONG, - Normalized: PBOOLEAN, - ) -> NTSTATUS; - fn RtlIsNameInExpression( - Expression: PUNICODE_STRING, - Name: PUNICODE_STRING, - IgnoreCase: BOOLEAN, - UpcaseTable: PWCH, - ) -> BOOLEAN; - fn RtlIsNameInUnUpcasedExpression( - Expression: PUNICODE_STRING, - Name: PUNICODE_STRING, - IgnoreCase: BOOLEAN, - UpcaseTable: PWCH, - ) -> BOOLEAN; - fn RtlEqualDomainName( - String1: PUNICODE_STRING, - String2: PUNICODE_STRING, - ) -> BOOLEAN; - fn RtlEqualComputerName( - String1: PUNICODE_STRING, - String2: PUNICODE_STRING, - ) -> BOOLEAN; - fn RtlDnsHostNameToComputerName( - ComputerNameString: PUNICODE_STRING, - DnsHostNameString: PUNICODE_STRING, - AllocateComputerNameString: BOOLEAN, - ) -> NTSTATUS; - fn RtlStringFromGUID( - Guid: *const GUID, - GuidString: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlStringFromGUIDEx( - Guid: *mut GUID, - GuidString: PUNICODE_STRING, - AllocateGuidString: BOOLEAN, - ) -> NTSTATUS; - fn RtlGUIDFromString( - GuidString: PCUNICODE_STRING, - Guid: *mut GUID, - ) -> NTSTATUS; - fn RtlCompareAltitudes( - Altitude1: PCUNICODE_STRING, - Altitude2: PCUNICODE_STRING, - ) -> LONG; - fn RtlIdnToAscii( - Flags: ULONG, - SourceString: PCWSTR, - SourceStringLength: LONG, - DestinationString: PWSTR, - DestinationStringLength: PLONG, - ) -> NTSTATUS; - fn RtlIdnToUnicode( - Flags: ULONG, - SourceString: PCWSTR, - SourceStringLength: LONG, - DestinationString: PWSTR, - DestinationStringLength: PLONG, - ) -> NTSTATUS; - fn RtlIdnToNameprepUnicode( - Flags: ULONG, - SourceString: PCWSTR, - SourceStringLength: LONG, - DestinationString: PWSTR, - DestinationStringLength: PLONG, - ) -> NTSTATUS; -}} -STRUCT!{struct PREFIX_TABLE_ENTRY { - NodeTypeCode: CSHORT, - NameLength: CSHORT, - NextPrefixTree: *mut PREFIX_TABLE_ENTRY, - Links: RTL_SPLAY_LINKS, - Prefix: PSTRING, -}} -pub type PPREFIX_TABLE_ENTRY = *mut PREFIX_TABLE_ENTRY; -STRUCT!{struct PREFIX_TABLE { - NodeTypeCode: CSHORT, - NameLength: CSHORT, - NextPrefixTree: PPREFIX_TABLE_ENTRY, -}} -pub type PPREFIX_TABLE = *mut PREFIX_TABLE; -EXTERN!{extern "system" { - fn PfxInitialize( - PrefixTable: PPREFIX_TABLE, - ); - fn PfxInsertPrefix( - PrefixTable: PPREFIX_TABLE, - Prefix: PSTRING, - PrefixTableEntry: PPREFIX_TABLE_ENTRY, - ) -> BOOLEAN; - fn PfxRemovePrefix( - PrefixTable: PPREFIX_TABLE, - PrefixTableEntry: PPREFIX_TABLE_ENTRY, - ); - fn PfxFindPrefix( - PrefixTable: PPREFIX_TABLE, - FullName: PSTRING, - ) -> PPREFIX_TABLE_ENTRY; -}} -STRUCT!{struct UNICODE_PREFIX_TABLE_ENTRY { - NodeTypeCode: CSHORT, - NameLength: CSHORT, - NextPrefixTree: *mut UNICODE_PREFIX_TABLE_ENTRY, - CaseMatch: *mut UNICODE_PREFIX_TABLE_ENTRY, - Links: RTL_SPLAY_LINKS, - Prefix: PUNICODE_STRING, -}} -pub type PUNICODE_PREFIX_TABLE_ENTRY = *mut UNICODE_PREFIX_TABLE_ENTRY; -STRUCT!{struct UNICODE_PREFIX_TABLE { - NodeTypeCode: CSHORT, - NameLength: CSHORT, - NextPrefixTree: PUNICODE_PREFIX_TABLE_ENTRY, - LastNextEntry: PUNICODE_PREFIX_TABLE_ENTRY, -}} -pub type PUNICODE_PREFIX_TABLE = *mut UNICODE_PREFIX_TABLE; -EXTERN!{extern "system" { - fn RtlInitializeUnicodePrefix( - PrefixTable: PUNICODE_PREFIX_TABLE, - ); - fn RtlInsertUnicodePrefix( - PrefixTable: PUNICODE_PREFIX_TABLE, - Prefix: PUNICODE_STRING, - PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY, - ) -> BOOLEAN; - fn RtlRemoveUnicodePrefix( - PrefixTable: PUNICODE_PREFIX_TABLE, - PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY, - ); - fn RtlFindUnicodePrefix( - PrefixTable: PUNICODE_PREFIX_TABLE, - FullName: PCUNICODE_STRING, - CaseInsensitiveIndex: ULONG, - ) -> PUNICODE_PREFIX_TABLE_ENTRY; - fn RtlNextUnicodePrefix( - PrefixTable: PUNICODE_PREFIX_TABLE, - Restart: BOOLEAN, - ) -> PUNICODE_PREFIX_TABLE_ENTRY; -}} -STRUCT!{struct COMPRESSED_DATA_INFO { - CompressionFormatAndEngine: USHORT, - CompressionUnitShift: UCHAR, - ChunkShift: UCHAR, - ClusterShift: UCHAR, - Reserved: UCHAR, - NumberOfChunks: USHORT, - CompressedChunkSizes: [ULONG; 1], -}} -pub type PCOMPRESSED_DATA_INFO = *mut COMPRESSED_DATA_INFO; -EXTERN!{extern "system" { - fn RtlGetCompressionWorkSpaceSize( - CompressionFormatAndEngine: USHORT, - CompressBufferWorkSpaceSize: PULONG, - CompressFragmentWorkSpaceSize: PULONG, - ) -> NTSTATUS; - fn RtlCompressBuffer( - CompressionFormatAndEngine: USHORT, - UncompressedBuffer: PUCHAR, - UncompressedBufferSize: ULONG, - CompressedBuffer: PUCHAR, - CompressedBufferSize: ULONG, - UncompressedChunkSize: ULONG, - FinalCompressedSize: PULONG, - WorkSpace: PVOID, - ) -> NTSTATUS; - fn RtlDecompressBuffer( - CompressionFormat: USHORT, - UncompressedBuffer: PUCHAR, - UncompressedBufferSize: ULONG, - CompressedBuffer: PUCHAR, - CompressedBufferSize: ULONG, - FinalUncompressedSize: PULONG, - ) -> NTSTATUS; - fn RtlDecompressBufferEx( - CompressionFormat: USHORT, - UncompressedBuffer: PUCHAR, - UncompressedBufferSize: ULONG, - CompressedBuffer: PUCHAR, - CompressedBufferSize: ULONG, - FinalUncompressedSize: PULONG, - WorkSpace: PVOID, - ) -> NTSTATUS; - fn RtlDecompressFragment( - CompressionFormat: USHORT, - UncompressedFragment: PUCHAR, - UncompressedFragmentSize: ULONG, - CompressedBuffer: PUCHAR, - CompressedBufferSize: ULONG, - FragmentOffset: ULONG, - FinalUncompressedSize: PULONG, - WorkSpace: PVOID, - ) -> NTSTATUS; - fn RtlDescribeChunk( - CompressionFormat: USHORT, - CompressedBuffer: *mut PUCHAR, - EndOfCompressedBufferPlus1: PUCHAR, - ChunkBuffer: *mut PUCHAR, - ChunkSize: PULONG, - ) -> NTSTATUS; - fn RtlReserveChunk( - CompressionFormat: USHORT, - CompressedBuffer: *mut PUCHAR, - EndOfCompressedBufferPlus1: PUCHAR, - ChunkBuffer: *mut PUCHAR, - ChunkSize: ULONG, - ) -> NTSTATUS; - fn RtlDecompressChunks( - UncompressedBuffer: PUCHAR, - UncompressedBufferSize: ULONG, - CompressedBuffer: PUCHAR, - CompressedBufferSize: ULONG, - CompressedTail: PUCHAR, - CompressedTailSize: ULONG, - CompressedDataInfo: PCOMPRESSED_DATA_INFO, - ) -> NTSTATUS; - fn RtlCompressChunks( - UncompressedBuffer: PUCHAR, - UncompressedBufferSize: ULONG, - CompressedBuffer: PUCHAR, - CompressedBufferSize: ULONG, - CompressedDataInfo: PCOMPRESSED_DATA_INFO, - CompressedDataInfoLength: ULONG, - WorkSpace: PVOID, - ) -> NTSTATUS; - fn RtlConvertLCIDToString( - LcidValue: LCID, - Base: ULONG, - Padding: ULONG, - pResultBuf: PWSTR, - Size: ULONG, - ) -> NTSTATUS; - fn RtlIsValidLocaleName( - LocaleName: PWSTR, - Flags: ULONG, - ) -> BOOLEAN; - fn RtlGetParentLocaleName( - LocaleName: PWSTR, - ParentLocaleName: PUNICODE_STRING, - Flags: ULONG, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlLcidToLocaleName( - lcid: LCID, - LocaleName: PUNICODE_STRING, - Flags: ULONG, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlLocaleNameToLcid( - LocaleName: PWSTR, - lcid: PLCID, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlLCIDToCultureName( - Lcid: LCID, - String: PUNICODE_STRING, - ) -> BOOLEAN; - fn RtlCultureNameToLCID( - String: PUNICODE_STRING, - Lcid: PLCID, - ) -> BOOLEAN; - fn RtlCleanUpTEBLangLists(); - fn RtlGetLocaleFileMappingAddress( - BaseAddress: *mut PVOID, - DefaultLocaleId: PLCID, - DefaultCasingTableSize: PLARGE_INTEGER, - ) -> NTSTATUS; - fn RtlGetCurrentPeb() -> PPEB; - fn RtlAcquirePebLock(); - fn RtlReleasePebLock(); - fn RtlTryAcquirePebLock() -> LOGICAL; - fn RtlAllocateFromPeb( - Size: ULONG, - Block: *mut PVOID, - ) -> NTSTATUS; - fn RtlFreeToPeb( - Block: PVOID, - Size: ULONG, - ) -> NTSTATUS; -}} -pub const DOS_MAX_COMPONENT_LENGTH: u32 = 255; -pub const DOS_MAX_PATH_LENGTH: u32 = DOS_MAX_COMPONENT_LENGTH + 5; -STRUCT!{struct CURDIR { - DosPath: UNICODE_STRING, - Handle: HANDLE, -}} -pub type PCURDIR = *mut CURDIR; -pub const RTL_USER_PROC_CURDIR_CLOSE: u32 = 0x00000002; -pub const RTL_USER_PROC_CURDIR_INHERIT: u32 = 0x00000003; -STRUCT!{struct RTL_DRIVE_LETTER_CURDIR { - Flags: USHORT, - Length: USHORT, - TimeStamp: ULONG, - DosPath: STRING, -}} -pub type PRTL_DRIVE_LETTER_CURDIR = *mut RTL_DRIVE_LETTER_CURDIR; -pub const RTL_MAX_DRIVE_LETTERS: usize = 32; -pub const RTL_DRIVE_LETTER_VALID: USHORT = 0x0001; -STRUCT!{struct RTL_USER_PROCESS_PARAMETERS { - MaximumLength: ULONG, - Length: ULONG, - Flags: ULONG, - DebugFlags: ULONG, - ConsoleHandle: HANDLE, - ConsoleFlags: ULONG, - StandardInput: HANDLE, - StandardOutput: HANDLE, - StandardError: HANDLE, - CurrentDirectory: CURDIR, - DllPath: UNICODE_STRING, - ImagePathName: UNICODE_STRING, - CommandLine: UNICODE_STRING, - Environment: PVOID, - StartingX: ULONG, - StartingY: ULONG, - CountX: ULONG, - CountY: ULONG, - CountCharsX: ULONG, - CountCharsY: ULONG, - FillAttribute: ULONG, - WindowFlags: ULONG, - ShowWindowFlags: ULONG, - WindowTitle: UNICODE_STRING, - DesktopInfo: UNICODE_STRING, - ShellInfo: UNICODE_STRING, - RuntimeData: UNICODE_STRING, - CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR; RTL_MAX_DRIVE_LETTERS], - EnvironmentSize: ULONG_PTR, - EnvironmentVersion: ULONG_PTR, - PackageDependencyData: PVOID, - ProcessGroupId: ULONG, - LoaderThreads: ULONG, -}} -pub type PRTL_USER_PROCESS_PARAMETERS = *mut RTL_USER_PROCESS_PARAMETERS; -pub const RTL_USER_PROC_PARAMS_NORMALIZED: ULONG = 0x00000001; -pub const RTL_USER_PROC_PROFILE_USER: ULONG = 0x00000002; -pub const RTL_USER_PROC_PROFILE_KERNEL: ULONG = 0x00000004; -pub const RTL_USER_PROC_PROFILE_SERVER: ULONG = 0x00000008; -pub const RTL_USER_PROC_RESERVE_1MB: ULONG = 0x00000020; -pub const RTL_USER_PROC_RESERVE_16MB: ULONG = 0x00000040; -pub const RTL_USER_PROC_CASE_SENSITIVE: ULONG = 0x00000080; -pub const RTL_USER_PROC_DISABLE_HEAP_DECOMMIT: ULONG = 0x00000100; -pub const RTL_USER_PROC_DLL_REDIRECTION_LOCAL: ULONG = 0x00001000; -pub const RTL_USER_PROC_APP_MANIFEST_PRESENT: ULONG = 0x00002000; -pub const RTL_USER_PROC_IMAGE_KEY_MISSING: ULONG = 0x00004000; -pub const RTL_USER_PROC_OPTIN_PROCESS: ULONG = 0x00020000; -EXTERN!{extern "system" { - fn RtlCreateProcessParameters( - pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS, - ImagePathName: PUNICODE_STRING, - DllPath: PUNICODE_STRING, - CurrentDirectory: PUNICODE_STRING, - CommandLine: PUNICODE_STRING, - Environment: PVOID, - WindowTitle: PUNICODE_STRING, - DesktopInfo: PUNICODE_STRING, - ShellInfo: PUNICODE_STRING, - RuntimeData: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlCreateProcessParametersEx( - pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS, - ImagePathName: PUNICODE_STRING, - DllPath: PUNICODE_STRING, - CurrentDirectory: PUNICODE_STRING, - CommandLine: PUNICODE_STRING, - Environment: PVOID, - WindowTitle: PUNICODE_STRING, - DesktopInfo: PUNICODE_STRING, - ShellInfo: PUNICODE_STRING, - RuntimeData: PUNICODE_STRING, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlDestroyProcessParameters( - ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, - ) -> NTSTATUS; - fn RtlNormalizeProcessParams( - ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, - ) -> PRTL_USER_PROCESS_PARAMETERS; - fn RtlDeNormalizeProcessParams( - ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, - ) -> PRTL_USER_PROCESS_PARAMETERS; -}} -STRUCT!{struct RTL_USER_PROCESS_INFORMATION { - Length: ULONG, - Process: HANDLE, - Thread: HANDLE, - ClientId: CLIENT_ID, - ImageInformation: SECTION_IMAGE_INFORMATION, -}} -pub type PRTL_USER_PROCESS_INFORMATION = *mut RTL_USER_PROCESS_INFORMATION; -EXTERN!{extern "system" { - fn RtlCreateUserProcess( - NtImagePathName: PUNICODE_STRING, - AttributesDeprecated: ULONG, - ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, - ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR, - ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, - ParentProcess: HANDLE, - InheritHandles: BOOLEAN, - DebugPort: HANDLE, - TokenHandle: HANDLE, - ProcessInformation: PRTL_USER_PROCESS_INFORMATION, - ) -> NTSTATUS; - fn RtlCreateUserProcessEx( - NtImagePathName: PUNICODE_STRING, - ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, - InheritHandles: BOOLEAN, - Flags: ULONG, - ProcessInformation: PRTL_USER_PROCESS_INFORMATION, - ) -> NTSTATUS; - fn RtlExitUserProcess( - ExitStatus: NTSTATUS, - ); -}} -pub const RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001; -pub const RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES: ULONG = 0x00000002; -pub const RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE: ULONG = 0x00000004; -EXTERN!{extern "system" { - fn RtlCloneUserProcess( - ProcessFlags: ULONG, - ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR, - ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, - DebugPort: HANDLE, - ProcessInformation: PRTL_USER_PROCESS_INFORMATION, - ) -> NTSTATUS; - fn RtlUpdateClonedCriticalSection( - CriticalSection: PRTL_CRITICAL_SECTION, - ); - fn RtlUpdateClonedSRWLock( - SRWLock: PRTL_SRWLOCK, - Shared: LOGICAL, - ); -}} -STRUCT!{struct RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION { - ReflectionProcessHandle: HANDLE, - ReflectionThreadHandle: HANDLE, - ReflectionClientId: CLIENT_ID, -}} -pub type PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION = - *mut RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION; -EXTERN!{extern "system" { - fn RtlCreateProcessReflection( - ProcessHandle: HANDLE, - Flags: ULONG, - StartRoutine: PVOID, - StartContext: PVOID, - EventHandle: HANDLE, - ReflectionInformation: PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION, - ) -> NTSTATUS; -}} -EXTERN!{extern "C" { - fn RtlSetProcessIsCritical( - NewValue: BOOLEAN, - OldValue: PBOOLEAN, - CheckFlag: BOOLEAN, - ) -> NTSTATUS; - fn RtlSetThreadIsCritical( - NewValue: BOOLEAN, - OldValue: PBOOLEAN, - CheckFlag: BOOLEAN, - ) -> NTSTATUS; -}} -EXTERN!{extern "system" { - fn RtlValidProcessProtection( - ProcessProtection: PS_PROTECTION, - ) -> BOOLEAN; - fn RtlTestProtectedAccess( - Source: PS_PROTECTION, - Target: PS_PROTECTION, - ) -> BOOLEAN; - fn RtlIsCurrentProcess( - ProcessHandle: HANDLE, - ) -> BOOLEAN; - fn RtlIsCurrentThread( - ThreadHandle: HANDLE, - ) -> BOOLEAN; -}} -FN!{stdcall PUSER_THREAD_START_ROUTINE( - ThreadParameter: PVOID, -) -> NTSTATUS} -EXTERN!{extern "system" { - fn RtlCreateUserThread( - Process: HANDLE, - ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, - CreateSuspended: BOOLEAN, - ZeroBits: ULONG, - MaximumStackSize: SIZE_T, - CommittedStackSize: SIZE_T, - StartAddress: PUSER_THREAD_START_ROUTINE, - Parameter: PVOID, - Thread: PHANDLE, - ClientId: PCLIENT_ID, - ) -> NTSTATUS; - fn RtlExitUserThread( - ExitStatus: NTSTATUS, - ); - fn RtlIsCurrentThreadAttachExempt() -> BOOLEAN; - fn RtlCreateUserStack( - CommittedStackSize: SIZE_T, - MaximumStackSize: SIZE_T, - ZeroBits: ULONG_PTR, - PageSize: SIZE_T, - ReserveAlignment: ULONG_PTR, - InitialTeb: PINITIAL_TEB, - ) -> NTSTATUS; - fn RtlFreeUserStack( - AllocationBase: PVOID, - ) -> NTSTATUS; -}} -STRUCT!{struct CONTEXT_CHUNK { - Offset: LONG, - Length: ULONG, -}} -pub type PCONTEXT_CHUNK = *mut CONTEXT_CHUNK; -STRUCT!{struct CONTEXT_EX { - All: CONTEXT_CHUNK, - Legacy: CONTEXT_CHUNK, - XState: CONTEXT_CHUNK, -}} -pub type PCONTEXT_EX = *mut CONTEXT_EX; -pub const CONTEXT_EX_LENGTH: usize = 4096; -#[macro_export] -macro_rules! RTL_CONTEXT_EX_OFFSET { - ($ContextEx:expr, $Chunk:ident) => { - (*$ContextEx).$Chunk.Offset - }; -} -#[macro_export] -macro_rules! RTL_CONTEXT_EX_LENGTH { - ($ContextEx:expr, $Chunk:ident) => { - (*$ContextEx).$Chunk.Length - }; -} -#[macro_export] -macro_rules! RTL_CONTEXT_EX_CHUNK { - ($Base:expr, $Layout:expr, $Chunk:ident) => { - ($Base as usize + RTL_CONTEXT_EX_OFFSET!($Layout, $Chunk) as usize) as *mut c_void - }; -} -#[macro_export] -macro_rules! RTL_CONTEXT_OFFSET { - ($Context:expr, $Chunk:ident) => { - RTL_CONTEXT_EX_OFFSET!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) - as *const $crate::ntrtl::CONTEXT_EX, $Chunk) - }; -} -#[macro_export] -macro_rules! RTL_CONTEXT_LENGTH { - ($Context:expr, $Chunk:ident) => { - RTL_CONTEXT_EX_LENGTH!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) - as *const $crate::ntrtl::CONTEXT_EX, $Chunk) - }; -} -#[macro_export] -macro_rules! RTL_CONTEXT_CHUNK { - ($Context:expr, $Chunk:ident) => { - RTL_CONTEXT_EX_CHUNK!( - ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) - as *const $crate::ntrtl::CONTEXT_EX, - ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) - as *const $crate::ntrtl::CONTEXT_EX, - $Chunk - ) - }; -} -EXTERN!{extern "system" { - fn RtlInitializeContext( - Process: HANDLE, - Context: PCONTEXT, - Parameter: PVOID, - InitialPc: PVOID, - InitialSp: PVOID, - ); - fn RtlInitializeExtendedContext( - Context: PCONTEXT, - ContextFlags: ULONG, - ContextEx: *mut PCONTEXT_EX, - ) -> ULONG; - fn RtlCopyExtendedContext( - Destination: PCONTEXT_EX, - ContextFlags: ULONG, - Source: PCONTEXT_EX, - ) -> ULONG; - fn RtlGetExtendedContextLength( - ContextFlags: ULONG, - ContextLength: PULONG, - ) -> ULONG; - fn RtlGetExtendedFeaturesMask( - ContextEx: PCONTEXT_EX, - ) -> ULONG64; - fn RtlLocateExtendedFeature( - ContextEx: PCONTEXT_EX, - FeatureId: ULONG, - Length: PULONG, - ) -> PVOID; - fn RtlLocateLegacyContext( - ContextEx: PCONTEXT_EX, - Length: PULONG, - ) -> PCONTEXT; - fn RtlSetExtendedFeaturesMask( - ContextEx: PCONTEXT_EX, - FeatureMask: ULONG64, - ); -}} -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -EXTERN!{extern "system" { - fn RtlWow64GetThreadContext( - ThreadHandle: HANDLE, - ThreadContext: PWOW64_CONTEXT, - ) -> NTSTATUS; - fn RtlWow64SetThreadContext( - ThreadHandle: HANDLE, - ThreadContext: PWOW64_CONTEXT, - ) -> NTSTATUS; -}} -EXTERN!{extern "system" { - fn RtlRemoteCall( - Process: HANDLE, - Thread: HANDLE, - CallSite: PVOID, - ArgumentCount: ULONG, - Arguments: PULONG_PTR, - PassContext: BOOLEAN, - AlreadySuspended: BOOLEAN, - ) -> NTSTATUS; - fn RtlAddVectoredExceptionHandler( - First: ULONG, - Handler: PVECTORED_EXCEPTION_HANDLER, - ) -> PVOID; - fn RtlRemoveVectoredExceptionHandler( - Handle: PVOID, - ) -> ULONG; - fn RtlAddVectoredContinueHandler( - First: ULONG, - Handler: PVECTORED_EXCEPTION_HANDLER, - ) -> PVOID; - fn RtlRemoveVectoredContinueHandler( - Handle: PVOID, - ) -> ULONG; -}} -FN!{stdcall PRTLP_UNHANDLED_EXCEPTION_FILTER( - ExceptionInfo: PEXCEPTION_POINTERS, -) -> ULONG} -EXTERN!{extern "system" { - fn RtlSetUnhandledExceptionFilter( - UnhandledExceptionFilter: PRTLP_UNHANDLED_EXCEPTION_FILTER, - ); - fn RtlUnhandledExceptionFilter( - ExceptionPointers: PEXCEPTION_POINTERS, - ) -> LONG; - fn RtlUnhandledExceptionFilter2( - ExceptionPointers: PEXCEPTION_POINTERS, - Flags: ULONG, - ) -> LONG; - fn RtlKnownExceptionFilter( - ExceptionPointers: PEXCEPTION_POINTERS, - ) -> LONG; -}} -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -IFDEF!{ -ENUM!{enum FUNCTION_TABLE_TYPE { - RF_SORTED = 0, - RF_UNSORTED = 1, - RF_CALLBACK = 2, - RF_KERNEL_DYNAMIC = 3, -}} -STRUCT!{struct DYNAMIC_FUNCTION_TABLE { - ListEntry: LIST_ENTRY, - FunctionTable: PRUNTIME_FUNCTION, - TimeStamp: LARGE_INTEGER, - MinimumAddress: ULONG64, - MaximumAddress: ULONG64, - BaseAddress: ULONG64, - Callback: PGET_RUNTIME_FUNCTION_CALLBACK, - Context: PVOID, - OutOfProcessCallbackDll: PWSTR, - Type: FUNCTION_TABLE_TYPE, - EntryCount: ULONG, - TreeNode: RTL_BALANCED_NODE, -}} -pub type PDYNAMIC_FUNCTION_TABLE = *mut DYNAMIC_FUNCTION_TABLE; -EXTERN!{extern "system" { - fn RtlGetFunctionTableListHead() -> PLIST_ENTRY; -}} -} -EXTERN!{extern "system" { - fn RtlImageNtHeader( - BaseOfImage: PVOID, - ) -> PIMAGE_NT_HEADERS; -}} -pub const RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK: ULONG = 0x00000001; -EXTERN!{extern "system" { - fn RtlImageNtHeaderEx( - Flags: ULONG, - BaseOfImage: PVOID, - Size: ULONG64, - OutHeaders: *mut PIMAGE_NT_HEADERS, - ) -> NTSTATUS; - fn RtlAddressInSectionTable( - NtHeaders: PIMAGE_NT_HEADERS, - BaseOfImage: PVOID, - VirtualAddress: ULONG, - ) -> PVOID; - fn RtlSectionTableFromVirtualAddress( - NtHeaders: PIMAGE_NT_HEADERS, - BaseOfImage: PVOID, - VirtualAddress: ULONG, - ) -> PIMAGE_SECTION_HEADER; - fn RtlImageDirectoryEntryToData( - BaseOfImage: PVOID, - MappedAsImage: BOOLEAN, - DirectoryEntry: USHORT, - Size: PULONG, - ) -> PVOID; - fn RtlImageRvaToSection( - NtHeaders: PIMAGE_NT_HEADERS, - BaseOfImage: PVOID, - Rva: ULONG, - ) -> PIMAGE_SECTION_HEADER; - fn RtlImageRvaToVa( - NtHeaders: PIMAGE_NT_HEADERS, - BaseOfImage: PVOID, - Rva: ULONG, - LastRvaSection: *mut PIMAGE_SECTION_HEADER, - ) -> PVOID; - fn RtlFindExportedRoutineByName( - BaseOfImage: PVOID, - RoutineName: PSTR, - ) -> PVOID; - fn RtlGuardCheckLongJumpTarget( - PcValue: PVOID, - IsFastFail: BOOL, - IsLongJumpTarget: PBOOL, - ) -> NTSTATUS; - fn RtlCompareMemoryUlong( - Source: PVOID, - Length: SIZE_T, - Pattern: ULONG, - ) -> SIZE_T; - fn RtlFillMemoryUlong( - Destination: PVOID, - Length: SIZE_T, - Pattern: ULONG, - ); - fn RtlFillMemoryUlonglong( - Destination: PVOID, - Length: SIZE_T, - Pattern: ULONGLONG, - ); - fn RtlCreateEnvironment( - CloneCurrentEnvironment: BOOLEAN, - Environment: *mut PVOID, - ) -> NTSTATUS; -}} -pub const RTL_CREATE_ENVIRONMENT_TRANSLATE: ULONG = 0x1; -pub const RTL_CREATE_ENVIRONMENT_TRANSLATE_FROM_OEM: ULONG = 0x2; -pub const RTL_CREATE_ENVIRONMENT_EMPTY: ULONG = 0x4; -EXTERN!{extern "system" { - fn RtlCreateEnvironmentEx( - SourceEnv: PVOID, - Environment: *mut PVOID, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlDestroyEnvironment( - Environment: PVOID, - ) -> NTSTATUS; - fn RtlSetCurrentEnvironment( - Environment: PVOID, - PreviousEnvironment: *mut PVOID, - ) -> NTSTATUS; - fn RtlSetEnvironmentVar( - Environment: *mut PWSTR, - Name: PWSTR, - NameLength: SIZE_T, - Value: PWSTR, - ValueLength: SIZE_T, - ) -> NTSTATUS; - fn RtlSetEnvironmentVariable( - Environment: *mut PVOID, - Name: PUNICODE_STRING, - Value: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlQueryEnvironmentVariable( - Environment: PVOID, - Name: PWSTR, - NameLength: SIZE_T, - Value: PWSTR, - ValueLength: SIZE_T, - ReturnLength: PSIZE_T, - ) -> NTSTATUS; - fn RtlQueryEnvironmentVariable_U( - Environment: PVOID, - Name: PUNICODE_STRING, - Value: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlExpandEnvironmentStrings( - Environment: PVOID, - Src: PWSTR, - SrcLength: SIZE_T, - Dst: PWSTR, - DstLength: SIZE_T, - ReturnLength: PSIZE_T, - ) -> NTSTATUS; - fn RtlExpandEnvironmentStrings_U( - Environment: PVOID, - Source: PUNICODE_STRING, - Destination: PUNICODE_STRING, - ReturnedLength: PULONG, - ) -> NTSTATUS; - fn RtlSetEnvironmentStrings( - NewEnvironment: PWCHAR, - NewEnvironmentSize: SIZE_T, - ) -> NTSTATUS; -}} -STRUCT!{struct RTLP_CURDIR_REF { - ReferenceCount: LONG, - DirectoryHandle: HANDLE, -}} -pub type PRTLP_CURDIR_REF = *mut RTLP_CURDIR_REF; -STRUCT!{struct RTL_RELATIVE_NAME_U { - RelativeName: UNICODE_STRING, - ContainingDirectory: HANDLE, - CurDirRef: PRTLP_CURDIR_REF, -}} -pub type PRTL_RELATIVE_NAME_U = *mut RTL_RELATIVE_NAME_U; -ENUM!{enum RTL_PATH_TYPE { - RtlPathTypeUnknown = 0, - RtlPathTypeUncAbsolute = 1, - RtlPathTypeDriveAbsolute = 2, - RtlPathTypeDriveRelative = 3, - RtlPathTypeRooted = 4, - RtlPathTypeRelative = 5, - RtlPathTypeLocalDevice = 6, - RtlPathTypeRootLocalDevice = 7, -}} -EXTERN!{extern "C" { - static mut RtlDosPathSeperatorsString: UNICODE_STRING; - static mut RtlAlternateDosPathSeperatorString: UNICODE_STRING; - static mut RtlNtPathSeperatorString: UNICODE_STRING; -}} -/// "ntdll.dll" -pub const RtlNtdllName: UTF16Const = UTF16Const(&[ - 0x006E, 0x0074, 0x0064, 0x006C, 0x006C, 0x002E, 0x0064, 0x006C, 0x006C, 0u16, -]); -EXTERN!{extern "system" { - fn RtlDetermineDosPathNameType_U( - DosFileName: PWSTR, - ) -> RTL_PATH_TYPE; - fn RtlDetermineDosPathNameType_Ustr( - DosFileName: PCUNICODE_STRING, - ) -> RTL_PATH_TYPE; - fn RtlIsDosDeviceName_U( - DosFileName: PWSTR, - ) -> ULONG; - fn RtlIsDosDeviceName_Ustr( - DosFileName: PUNICODE_STRING, - ) -> ULONG; - fn RtlGetFullPathName_U( - FileName: PWSTR, - BufferLength: ULONG, - Buffer: PWSTR, - FilePart: *mut PWSTR, - ) -> ULONG; - fn RtlGetFullPathName_UEx( - FileName: PWSTR, - BufferLength: ULONG, - Buffer: PWSTR, - FilePart: *mut PWSTR, - BytesRequired: *mut ULONG, - ) -> NTSTATUS; - fn RtlGetFullPathName_UstrEx( - FileName: PUNICODE_STRING, - StaticString: PUNICODE_STRING, - DynamicString: PUNICODE_STRING, - StringUsed: *mut PUNICODE_STRING, - FilePartPrefixCch: *mut SIZE_T, - NameInvalid: PBOOLEAN, - InputPathType: *mut RTL_PATH_TYPE, - BytesRequired: *mut SIZE_T, - ) -> NTSTATUS; - fn RtlGetCurrentDirectory_U( - BufferLength: ULONG, - Buffer: PWSTR, - ) -> ULONG; - fn RtlSetCurrentDirectory_U( - PathName: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlGetLongestNtPathLength() -> ULONG; - fn RtlDosPathNameToNtPathName_U( - DosFileName: PWSTR, - NtFileName: PUNICODE_STRING, - FilePart: *mut PWSTR, - RelativeName: PRTL_RELATIVE_NAME_U, - ) -> BOOLEAN; - fn RtlDosPathNameToNtPathName_U_WithStatus( - DosFileName: PWSTR, - NtFileName: PUNICODE_STRING, - FilePart: *mut PWSTR, - RelativeName: PRTL_RELATIVE_NAME_U, - ) -> NTSTATUS; - fn RtlDosLongPathNameToNtPathName_U_WithStatus( - DosFileName: PWSTR, - NtFileName: PUNICODE_STRING, - FilePart: *mut PWSTR, - RelativeName: PRTL_RELATIVE_NAME_U, - ) -> NTSTATUS; - fn RtlDosPathNameToRelativeNtPathName_U( - DosFileName: PWSTR, - NtFileName: PUNICODE_STRING, - FilePart: *mut PWSTR, - RelativeName: PRTL_RELATIVE_NAME_U, - ) -> BOOLEAN; - fn RtlDosPathNameToRelativeNtPathName_U_WithStatus( - DosFileName: PWSTR, - NtFileName: PUNICODE_STRING, - FilePart: *mut PWSTR, - RelativeName: PRTL_RELATIVE_NAME_U, - ) -> NTSTATUS; - fn RtlDosLongPathNameToRelativeNtPathName_U_WithStatus( - DosFileName: PWSTR, - NtFileName: PUNICODE_STRING, - FilePart: *mut PWSTR, - RelativeName: PRTL_RELATIVE_NAME_U, - ) -> NTSTATUS; - fn RtlReleaseRelativeName( - RelativeName: PRTL_RELATIVE_NAME_U, - ); - fn RtlDosSearchPath_U( - Path: PWSTR, - FileName: PWSTR, - Extension: PWSTR, - BufferLength: ULONG, - Buffer: PWSTR, - FilePart: *mut PWSTR, - ) -> ULONG; -}} -pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION: ULONG = 0x00000001; -pub const RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH: ULONG = 0x00000002; -pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION: ULONG = 0x00000004; -EXTERN!{extern "system" { - fn RtlDosSearchPath_Ustr( - Flags: ULONG, - Path: PUNICODE_STRING, - FileName: PUNICODE_STRING, - DefaultExtension: PUNICODE_STRING, - StaticString: PUNICODE_STRING, - DynamicString: PUNICODE_STRING, - FullFileNameOut: *mut PCUNICODE_STRING, - FilePartPrefixCch: *mut SIZE_T, - BytesRequired: *mut SIZE_T, - ) -> NTSTATUS; - fn RtlDoesFileExists_U( - FileName: PWSTR, - ) -> BOOLEAN; - fn RtlGetLengthWithoutLastFullDosOrNtPathElement( - Flags: ULONG, - PathString: PUNICODE_STRING, - Length: PULONG, - ) -> NTSTATUS; - fn RtlGetLengthWithoutTrailingPathSeperators( - Flags: ULONG, - PathString: PUNICODE_STRING, - Length: PULONG, - ) -> NTSTATUS; -}} -STRUCT!{struct GENERATE_NAME_CONTEXT { - Checksum: USHORT, - CheckSumInserted: BOOLEAN, - NameLength: UCHAR, - NameBuffer: [WCHAR; 8], - ExtensionLength: ULONG, - ExtensionBuffer: [WCHAR; 4], - LastIndexValue: ULONG, -}} -pub type PGENERATE_NAME_CONTEXT = *mut GENERATE_NAME_CONTEXT; -EXTERN!{extern "system" { - fn RtlGenerate8dot3Name( - Name: PCUNICODE_STRING, - AllowExtendedCharacters: BOOLEAN, - Context: PGENERATE_NAME_CONTEXT, - Name8dot3: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlComputePrivatizedDllName_U( - DllName: PUNICODE_STRING, - RealName: PUNICODE_STRING, - LocalName: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlGetSearchPath( - SearchPathA: *mut PWSTR, - ) -> BOOLEAN; - fn RtlSetSearchPathMode( - Flags: ULONG, - ) -> NTSTATUS; - fn RtlGetExePath() -> PWSTR; - fn RtlGetNtSystemRoot() -> PWSTR; - fn RtlAreLongPathsEnabled() -> BOOLEAN; - fn RtlIsThreadWithinLoaderCallout() -> BOOLEAN; - fn RtlDllShutdownInProgress() -> BOOLEAN; -}} -STRUCT!{struct RTL_HEAP_ENTRY_u_s1 { - Settable: SIZE_T, - Tag: ULONG, -}} -STRUCT!{struct RTL_HEAP_ENTRY_u_s2 { - CommittedSize: SIZE_T, - FirstBlock: PVOID, -}} -UNION!{union RTL_HEAP_ENTRY_u { - s1: RTL_HEAP_ENTRY_u_s1, - s2: RTL_HEAP_ENTRY_u_s2, -}} -STRUCT!{struct RTL_HEAP_ENTRY { - Size: SIZE_T, - Flags: USHORT, - AllocatorBackTraceIndex: USHORT, - u: RTL_HEAP_ENTRY_u, -}} -pub type PRTL_HEAP_ENTRY = *mut RTL_HEAP_ENTRY; -pub const RTL_HEAP_BUSY: USHORT = 0x0001; -pub const RTL_HEAP_SEGMENT: USHORT = 0x0002; -pub const RTL_HEAP_SETTABLE_VALUE: USHORT = 0x0010; -pub const RTL_HEAP_SETTABLE_FLAG1: USHORT = 0x0020; -pub const RTL_HEAP_SETTABLE_FLAG2: USHORT = 0x0040; -pub const RTL_HEAP_SETTABLE_FLAG3: USHORT = 0x0080; -pub const RTL_HEAP_SETTABLE_FLAGS: USHORT = 0x00e0; -pub const RTL_HEAP_UNCOMMITTED_RANGE: USHORT = 0x0100; -pub const RTL_HEAP_PROTECTED_ENTRY: USHORT = 0x0200; -STRUCT!{struct RTL_HEAP_TAG { - NumberOfAllocations: ULONG, - NumberOfFrees: ULONG, - BytesAllocated: SIZE_T, - TagIndex: USHORT, - CreatorBackTraceIndex: USHORT, - TagName: [WCHAR; 24], -}} -pub type PRTL_HEAP_TAG = *mut RTL_HEAP_TAG; -STRUCT!{struct RTL_HEAP_INFORMATION { - BaseAddress: PVOID, - Flags: ULONG, - EntryOverhead: USHORT, - CreatorBackTraceIndex: USHORT, - BytesAllocated: SIZE_T, - BytesCommitted: SIZE_T, - NumberOfTags: ULONG, - NumberOfEntries: ULONG, - NumberOfPseudoTags: ULONG, - PseudoTagGranularity: ULONG, - Reserved: [ULONG; 5], - Tags: PRTL_HEAP_TAG, - Entries: PRTL_HEAP_ENTRY, -}} -pub type PRTL_HEAP_INFORMATION = *mut RTL_HEAP_INFORMATION; -STRUCT!{struct RTL_PROCESS_HEAPS { - NumberOfHeaps: ULONG, - Heaps: [RTL_HEAP_INFORMATION; 1], -}} -pub type PRTL_PROCESS_HEAPS = *mut RTL_PROCESS_HEAPS; -FN!{stdcall PRTL_HEAP_COMMIT_ROUTINE( - Base: PVOID, - CommitAddress: *mut PVOID, - CommitSize: PSIZE_T, -) -> NTSTATUS} -STRUCT!{struct RTL_HEAP_PARAMETERS { - Length: ULONG, - SegmentReserve: SIZE_T, - SegmentCommit: SIZE_T, - DeCommitFreeBlockThreshold: SIZE_T, - DeCommitTotalFreeThreshold: SIZE_T, - MaximumAllocationSize: SIZE_T, - VirtualMemoryThreshold: SIZE_T, - InitialCommit: SIZE_T, - InitialReserve: SIZE_T, - CommitRoutine: PRTL_HEAP_COMMIT_ROUTINE, - Reserved: [SIZE_T; 2], -}} -pub type PRTL_HEAP_PARAMETERS = *mut RTL_HEAP_PARAMETERS; -pub const HEAP_SETTABLE_USER_VALUE: ULONG = 0x00000100; -pub const HEAP_SETTABLE_USER_FLAG1: ULONG = 0x00000200; -pub const HEAP_SETTABLE_USER_FLAG2: ULONG = 0x00000400; -pub const HEAP_SETTABLE_USER_FLAG3: ULONG = 0x00000800; -pub const HEAP_SETTABLE_USER_FLAGS: ULONG = 0x00000e00; -pub const HEAP_CLASS_0: ULONG = 0x00000000; -pub const HEAP_CLASS_1: ULONG = 0x00001000; -pub const HEAP_CLASS_2: ULONG = 0x00002000; -pub const HEAP_CLASS_3: ULONG = 0x00003000; -pub const HEAP_CLASS_4: ULONG = 0x00004000; -pub const HEAP_CLASS_5: ULONG = 0x00005000; -pub const HEAP_CLASS_6: ULONG = 0x00006000; -pub const HEAP_CLASS_7: ULONG = 0x00007000; -pub const HEAP_CLASS_8: ULONG = 0x00008000; -pub const HEAP_CLASS_MASK: ULONG = 0x0000f000; -EXTERN!{extern "system" { - fn RtlCreateHeap( - Flags: ULONG, - HeapBase: PVOID, - ReserveSize: SIZE_T, - CommitSize: SIZE_T, - Lock: PVOID, - Parameters: PRTL_HEAP_PARAMETERS, - ) -> PVOID; - fn RtlDestroyHeap( - HeapHandle: PVOID, - ) -> PVOID; - fn RtlAllocateHeap( - HeapHandle: PVOID, - Flags: ULONG, - Size: SIZE_T, - ) -> PVOID; - fn RtlFreeHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - ) -> BOOLEAN; - fn RtlSizeHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - ) -> SIZE_T; - fn RtlZeroHeap( - HeapHandle: PVOID, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlProtectHeap( - HeapHandle: PVOID, - MakeReadOnly: BOOLEAN, - ); -}} -#[inline] #[cfg(not(target_arch = "aarch64"))] -pub unsafe fn RtlProcessHeap() -> PVOID { - use crate::ntpsapi::NtCurrentPeb; - (*NtCurrentPeb()).ProcessHeap -} -EXTERN!{extern "system" { - fn RtlLockHeap( - HeapHandle: PVOID, - ) -> BOOLEAN; - fn RtlUnlockHeap( - HeapHandle: PVOID, - ) -> BOOLEAN; - fn RtlReAllocateHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - Size: SIZE_T, - ) -> PVOID; - fn RtlGetUserInfoHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - UserValue: *mut PVOID, - UserFlags: PULONG, - ) -> BOOLEAN; - fn RtlSetUserValueHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - UserValue: PVOID, - ) -> BOOLEAN; - fn RtlSetUserFlagsHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - UserFlagsReset: ULONG, - UserFlagsSet: ULONG, - ) -> BOOLEAN; -}} -STRUCT!{struct RTL_HEAP_TAG_INFO { - NumberOfAllocations: ULONG, - NumberOfFrees: ULONG, - BytesAllocated: SIZE_T, -}} -pub type PRTL_HEAP_TAG_INFO = *mut RTL_HEAP_TAG_INFO; -EXTERN!{extern "system" { - fn RtlCreateTagHeap( - HeapHandle: PVOID, - Flags: ULONG, - TagPrefix: PWSTR, - TagNames: PWSTR, - ) -> ULONG; - fn RtlQueryTagHeap( - HeapHandle: PVOID, - Flags: ULONG, - TagIndex: USHORT, - ResetCounters: BOOLEAN, - TagInfo: PRTL_HEAP_TAG_INFO, - ) -> PWSTR; - fn RtlExtendHeap( - HeapHandle: PVOID, - Flags: ULONG, - Base: PVOID, - Size: SIZE_T, - ) -> NTSTATUS; - fn RtlCompactHeap( - HeapHandle: PVOID, - Flags: ULONG, - ) -> SIZE_T; - fn RtlValidateHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - ) -> BOOLEAN; - fn RtlValidateProcessHeaps() -> BOOLEAN; - fn RtlGetProcessHeaps( - NumberOfHeaps: ULONG, - ProcessHeaps: *mut PVOID, - ) -> ULONG; -}} -FN!{stdcall PRTL_ENUM_HEAPS_ROUTINE( - HeapHandle: PVOID, - Parameter: PVOID, -) -> NTSTATUS} -EXTERN!{extern "system" { - fn RtlEnumProcessHeaps( - EnumRoutine: PRTL_ENUM_HEAPS_ROUTINE, - Parameter: PVOID, - ) -> NTSTATUS; -}} -STRUCT!{struct RTL_HEAP_USAGE_ENTRY { - Next: *mut RTL_HEAP_USAGE_ENTRY, - Address: PVOID, - Size: SIZE_T, - AllocatorBackTraceIndex: USHORT, - TagIndex: USHORT, -}} -pub type PRTL_HEAP_USAGE_ENTRY = *mut RTL_HEAP_USAGE_ENTRY; -STRUCT!{struct RTL_HEAP_USAGE { - Length: ULONG, - BytesAllocated: SIZE_T, - BytesCommitted: SIZE_T, - BytesReserved: SIZE_T, - BytesReservedMaximum: SIZE_T, - Entries: PRTL_HEAP_USAGE_ENTRY, - AddedEntries: PRTL_HEAP_USAGE_ENTRY, - RemovedEntries: PRTL_HEAP_USAGE_ENTRY, - Reserved: [ULONG_PTR; 8], -}} -pub type PRTL_HEAP_USAGE = *mut RTL_HEAP_USAGE; -pub const HEAP_USAGE_ALLOCATED_BLOCKS: ULONG = HEAP_REALLOC_IN_PLACE_ONLY; -pub const HEAP_USAGE_FREE_BUFFER: ULONG = HEAP_ZERO_MEMORY; -EXTERN!{extern "system" { - fn RtlUsageHeap( - HeapHandle: PVOID, - Flags: ULONG, - Usage: PRTL_HEAP_USAGE, - ) -> NTSTATUS; -}} -STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Block { - Settable: SIZE_T, - TagIndex: USHORT, - AllocatorBackTraceIndex: USHORT, - Reserved: [ULONG; 2], -}} -STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Segment { - CommittedSize: ULONG, - UnCommittedSize: ULONG, - FirstEntry: PVOID, - LastEntry: PVOID, -}} -UNION!{union RTL_HEAP_WALK_ENTRY_u { - Block: RTL_HEAP_WALK_ENTRY_u_Block, - Segment: RTL_HEAP_WALK_ENTRY_u_Segment, -}} -STRUCT!{struct RTL_HEAP_WALK_ENTRY { - DataAddress: PVOID, - DataSize: SIZE_T, - OverheadBytes: UCHAR, - SegmentIndex: UCHAR, - Flags: USHORT, - u: RTL_HEAP_WALK_ENTRY_u, -}} -pub type PRTL_HEAP_WALK_ENTRY = *mut RTL_HEAP_WALK_ENTRY; -EXTERN!{extern "system" { - fn RtlWalkHeap( - HeapHandle: PVOID, - Entry: PRTL_HEAP_WALK_ENTRY, - ) -> NTSTATUS; -}} -pub const HeapDetailedFailureInformation: u32 = 0x80000001; -pub const HeapSetDebuggingInformation: u32 = 0x80000002; -ENUM!{enum HEAP_COMPATIBILITY_MODE { - HEAP_COMPATIBILITY_STANDARD = 0, - HEAP_COMPATIBILITY_LAL = 1, - HEAP_COMPATIBILITY_LFH = 2, -}} -STRUCT!{struct PROCESS_HEAP_INFORMATION { - ReserveSize: ULONG_PTR, - CommitSize: ULONG_PTR, - NumberOfHeaps: ULONG, - FirstHeapInformationOffset: ULONG_PTR, -}} -pub type PPROCESS_HEAP_INFORMATION = *mut PROCESS_HEAP_INFORMATION; -STRUCT!{struct HEAP_INFORMATION { - Address: ULONG_PTR, - Mode: ULONG, - ReserveSize: ULONG_PTR, - CommitSize: ULONG_PTR, - FirstRegionInformationOffset: ULONG_PTR, - NextHeapInformationOffset: ULONG_PTR, -}} -pub type PHEAP_INFORMATION = *mut HEAP_INFORMATION; -UNION!{union HEAP_EXTENDED_INFORMATION_u { - ProcessHeapInformation: PROCESS_HEAP_INFORMATION, - HeapInformation: HEAP_INFORMATION, -}} -STRUCT!{struct HEAP_EXTENDED_INFORMATION { - Process: HANDLE, - Heap: ULONG_PTR, - Level: ULONG, - CallbackRoutine: PVOID, - CallbackContext: PVOID, - u: HEAP_EXTENDED_INFORMATION_u, -}} -pub type PHEAP_EXTENDED_INFORMATION = *mut HEAP_EXTENDED_INFORMATION; -FN!{stdcall PRTL_HEAP_LEAK_ENUMERATION_ROUTINE( - Reserved: LONG, - HeapHandle: PVOID, - BaseAddress: PVOID, - BlockSize: SIZE_T, - StackTraceDepth: ULONG, - StackTrace: *mut PVOID, -) -> NTSTATUS} -STRUCT!{struct HEAP_DEBUGGING_INFORMATION { - InterceptorFunction: PVOID, - InterceptorValue: USHORT, - ExtendedOptions: ULONG, - StackTraceDepth: ULONG, - MinTotalBlockSize: SIZE_T, - MaxTotalBlockSize: SIZE_T, - HeapLeakEnumerationRoutine: PRTL_HEAP_LEAK_ENUMERATION_ROUTINE, -}} -pub type PHEAP_DEBUGGING_INFORMATION = *mut HEAP_DEBUGGING_INFORMATION; -EXTERN!{extern "system" { - fn RtlQueryHeapInformation( - HeapHandle: PVOID, - HeapInformationClass: HEAP_INFORMATION_CLASS, - HeapInformation: PVOID, - HeapInformationLength: SIZE_T, - ReturnLength: PSIZE_T, - ) -> NTSTATUS; - fn RtlSetHeapInformation( - HeapHandle: PVOID, - HeapInformationClass: HEAP_INFORMATION_CLASS, - HeapInformation: PVOID, - HeapInformationLength: SIZE_T, - ) -> NTSTATUS; - fn RtlMultipleAllocateHeap( - HeapHandle: PVOID, - Flags: ULONG, - Size: SIZE_T, - Count: ULONG, - Array: *mut PVOID, - ) -> ULONG; - fn RtlMultipleFreeHeap( - HeapHandle: PVOID, - Flags: ULONG, - Count: ULONG, - Array: *mut PVOID, - ) -> ULONG; - fn RtlDetectHeapLeaks(); - fn RtlFlushHeaps(); -}} -STRUCT!{struct RTL_MEMORY_ZONE_SEGMENT { - NextSegment: *mut RTL_MEMORY_ZONE_SEGMENT, - Size: SIZE_T, - Next: PVOID, - Limit: PVOID, -}} -pub type PRTL_MEMORY_ZONE_SEGMENT = *mut RTL_MEMORY_ZONE_SEGMENT; -STRUCT!{struct RTL_MEMORY_ZONE { - Segment: RTL_MEMORY_ZONE_SEGMENT, - Lock: RTL_SRWLOCK, - LockCount: ULONG, - FirstSegment: PRTL_MEMORY_ZONE_SEGMENT, -}} -pub type PRTL_MEMORY_ZONE = *mut RTL_MEMORY_ZONE; -EXTERN!{extern "system" { - fn RtlCreateMemoryZone( - MemoryZone: *mut PVOID, - InitialSize: SIZE_T, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlDestroyMemoryZone( - MemoryZone: PVOID, - ) -> NTSTATUS; - fn RtlAllocateMemoryZone( - MemoryZone: PVOID, - BlockSize: SIZE_T, - Block: *mut PVOID, - ) -> NTSTATUS; - fn RtlResetMemoryZone( - MemoryZone: PVOID, - ) -> NTSTATUS; - fn RtlLockMemoryZone( - MemoryZone: PVOID, - ) -> NTSTATUS; - fn RtlUnlockMemoryZone( - MemoryZone: PVOID, - ) -> NTSTATUS; - fn RtlCreateMemoryBlockLookaside( - MemoryBlockLookaside: *mut PVOID, - Flags: ULONG, - InitialSize: ULONG, - MinimumBlockSize: ULONG, - MaximumBlockSize: ULONG, - ) -> NTSTATUS; - fn RtlDestroyMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - ) -> NTSTATUS; - fn RtlAllocateMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - BlockSize: ULONG, - Block: *mut PVOID, - ) -> NTSTATUS; - fn RtlFreeMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - Block: PVOID, - ) -> NTSTATUS; - fn RtlExtendMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - Increment: ULONG, - ) -> NTSTATUS; - fn RtlResetMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - ) -> NTSTATUS; - fn RtlLockMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - ) -> NTSTATUS; - fn RtlUnlockMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - ) -> NTSTATUS; - fn RtlGetCurrentTransaction() -> HANDLE; - fn RtlSetCurrentTransaction( - TransactionHandle: HANDLE, - ) -> LOGICAL; -}} -#[inline] -pub const fn RtlIsEqualLuid(L1: &LUID, L2: &LUID) -> bool { - (L1.LowPart == L2.LowPart) && (L1.HighPart == L2.HighPart) -} -#[inline] -pub const fn RtlIsZeroLuid(L1: &LUID) -> bool { - (L1.LowPart | L1.HighPart as u32) == 0 -} -#[inline] -pub const fn RtlConvertLongToLuid(Long: LONG) -> LUID { - LUID { LowPart: Long as u32, HighPart: ((Long as i64) >> 32) as i32 } -} -#[inline] -pub const fn RtlConvertUlongToLuid(Ulong: ULONG) -> LUID { - LUID { LowPart: Ulong, HighPart: 0 } -} -EXTERN!{extern "system" { - fn RtlCopyLuid( - DestinationLuid: PLUID, - SourceLuid: PLUID, - ); - fn RtlCopyLuidAndAttributesArray( - Count: ULONG, - Src: PLUID_AND_ATTRIBUTES, - Dest: PLUID_AND_ATTRIBUTES, - ); -}} -STRUCT!{struct RTL_PROCESS_VERIFIER_OPTIONS { - SizeStruct: ULONG, - Option: ULONG, - OptionData: [UCHAR; 1], -}} -pub type PRTL_PROCESS_VERIFIER_OPTIONS = *mut RTL_PROCESS_VERIFIER_OPTIONS; -UNION!{union RTL_DEBUG_INFORMATION_u { - Modules: *mut RTL_PROCESS_MODULES, - ModulesEx: *mut RTL_PROCESS_MODULE_INFORMATION_EX, -}} -STRUCT!{struct RTL_DEBUG_INFORMATION { - SectionHandleClient: HANDLE, - ViewBaseClient: PVOID, - ViewBaseTarget: PVOID, - ViewBaseDelta: ULONG_PTR, - EventPairClient: HANDLE, - EventPairTarget: HANDLE, - TargetProcessId: HANDLE, - TargetThreadHandle: HANDLE, - Flags: ULONG, - OffsetFree: SIZE_T, - CommitSize: SIZE_T, - ViewSize: SIZE_T, - u: RTL_DEBUG_INFORMATION_u, - BackTraces: *mut RTL_PROCESS_BACKTRACES, - Heaps: *mut RTL_PROCESS_HEAPS, - Locks: *mut RTL_PROCESS_LOCKS, - SpecificHeap: PVOID, - TargetProcessHandle: HANDLE, - VerifierOptions: PRTL_PROCESS_VERIFIER_OPTIONS, - ProcessHeap: PVOID, - CriticalSectionHandle: HANDLE, - CriticalSectionOwnerThread: HANDLE, - Reserved: [PVOID; 4], -}} -pub type PRTL_DEBUG_INFORMATION = *mut RTL_DEBUG_INFORMATION; -EXTERN!{extern "system" { - fn RtlCreateQueryDebugBuffer( - MaximumCommit: ULONG, - UseEventPair: BOOLEAN, - ) -> PRTL_DEBUG_INFORMATION; - fn RtlDestroyQueryDebugBuffer( - Buffer: PRTL_DEBUG_INFORMATION, - ) -> NTSTATUS; - fn RtlCommitDebugInfo( - Buffer: PRTL_DEBUG_INFORMATION, - Size: SIZE_T, - ) -> PVOID; - fn RtlDeCommitDebugInfo( - Buffer: PRTL_DEBUG_INFORMATION, - p: PVOID, - Size: SIZE_T, - ); -}} -pub const RTL_QUERY_PROCESS_MODULES: ULONG = 0x00000001; -pub const RTL_QUERY_PROCESS_BACKTRACES: ULONG = 0x00000002; -pub const RTL_QUERY_PROCESS_HEAP_SUMMARY: ULONG = 0x00000004; -pub const RTL_QUERY_PROCESS_HEAP_TAGS: ULONG = 0x00000008; -pub const RTL_QUERY_PROCESS_HEAP_ENTRIES: ULONG = 0x00000010; -pub const RTL_QUERY_PROCESS_LOCKS: ULONG = 0x00000020; -pub const RTL_QUERY_PROCESS_MODULES32: ULONG = 0x00000040; -pub const RTL_QUERY_PROCESS_VERIFIER_OPTIONS: ULONG = 0x00000080; -pub const RTL_QUERY_PROCESS_MODULESEX: ULONG = 0x00000100; -pub const RTL_QUERY_PROCESS_HEAP_ENTRIES_EX: ULONG = 0x00000200; -pub const RTL_QUERY_PROCESS_CS_OWNER: ULONG = 0x00000400; -pub const RTL_QUERY_PROCESS_NONINVASIVE: ULONG = 0x80000000; -EXTERN!{extern "system" { - fn RtlQueryProcessDebugInformation( - UniqueProcessId: HANDLE, - Flags: ULONG, - Buffer: PRTL_DEBUG_INFORMATION, - ) -> NTSTATUS; - fn RtlFindMessage( - DllHandle: PVOID, - MessageTableId: ULONG, - MessageLanguageId: ULONG, - MessageId: ULONG, - MessageEntry: *mut PMESSAGE_RESOURCE_ENTRY, - ) -> NTSTATUS; - fn RtlFormatMessage( - MessageFormat: PWSTR, - MaximumWidth: ULONG, - IgnoreInserts: BOOLEAN, - ArgumentsAreAnsi: BOOLEAN, - ArgumentsAreAnArray: BOOLEAN, - Arguments: *mut va_list, - Buffer: PWSTR, - Length: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; -}} -STRUCT!{struct PARSE_MESSAGE_CONTEXT { - fFlags: ULONG, - cwSavColumn: ULONG, - iwSrc: SIZE_T, - iwDst: SIZE_T, - iwDstSpace: SIZE_T, - lpvArgStart: va_list, -}} -pub type PPARSE_MESSAGE_CONTEXT = *mut PARSE_MESSAGE_CONTEXT; -#[inline] -pub fn INIT_PARSE_MESSAGE_CONTEXT(ctx: &mut PARSE_MESSAGE_CONTEXT) { - ctx.fFlags = 0; -} -#[inline] -pub fn TEST_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG { - ctx.fFlags & flag -} -#[inline] -pub fn SET_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG { - ctx.fFlags |= flag; - ctx.fFlags -} -#[inline] -pub fn CLEAR_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG { - ctx.fFlags &= !flag; - ctx.fFlags -} -EXTERN!{extern "system" { - fn RtlFormatMessageEx( - MessageFormat: PWSTR, - MaximumWidth: ULONG, - IgnoreInserts: BOOLEAN, - ArgumentsAreAnsi: BOOLEAN, - ArgumentsAreAnArray: BOOLEAN, - Arguments: *mut va_list, - Buffer: PWSTR, - Length: ULONG, - ReturnLength: PULONG, - ParseContext: PPARSE_MESSAGE_CONTEXT, - ) -> NTSTATUS; - fn RtlNtStatusToDosError( - Status: NTSTATUS, - ) -> ULONG; - fn RtlNtStatusToDosErrorNoTeb( - Status: NTSTATUS, - ) -> ULONG; - fn RtlGetLastNtStatus() -> NTSTATUS; - fn RtlGetLastWin32Error() -> LONG; - fn RtlSetLastWin32ErrorAndNtStatusFromNtStatus( - Status: NTSTATUS, - ); - fn RtlSetLastWin32Error( - Win32Error: LONG, - ); - fn RtlRestoreLastWin32Error( - Win32Error: LONG, - ); -}} -pub const RTL_ERRORMODE_FAILCRITICALERRORS: ULONG = 0x0010; -pub const RTL_ERRORMODE_NOGPFAULTERRORBOX: ULONG = 0x0020; -pub const RTL_ERRORMODE_NOOPENFILEERRORBOX: ULONG = 0x0040; -EXTERN!{extern "system" { - fn RtlGetThreadErrorMode() -> ULONG; - fn RtlSetThreadErrorMode( - NewMode: ULONG, - OldMode: PULONG, - ) -> NTSTATUS; - fn RtlReportException( - ExceptionRecord: PEXCEPTION_RECORD, - ContextRecord: PCONTEXT, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlReportExceptionEx( - ExceptionRecord: PEXCEPTION_RECORD, - ContextRecord: PCONTEXT, - Flags: ULONG, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn RtlWerpReportException( - ProcessId: ULONG, - CrashReportSharedMem: HANDLE, - Flags: ULONG, - CrashVerticalProcessHandle: PHANDLE, - ) -> NTSTATUS; - fn RtlReportSilentProcessExit( - ProcessHandle: HANDLE, - ExitStatus: NTSTATUS, - ) -> NTSTATUS; - fn RtlUniform( - Seed: PULONG, - ) -> ULONG; - fn RtlRandom( - Seed: PULONG, - ) -> ULONG; - fn RtlRandomEx( - Seed: PULONG, - ) -> ULONG; - fn RtlComputeImportTableHash( - FileHandle: HANDLE, - Hash: PCHAR, - ImportTableHashRevision: ULONG, - ) -> NTSTATUS; - fn RtlIntegerToChar( - Value: ULONG, - Base: ULONG, - OutputLength: LONG, - String: PSTR, - ) -> NTSTATUS; - fn RtlCharToInteger( - String: PCSZ, - Base: ULONG, - Value: PULONG, - ) -> NTSTATUS; - fn RtlLargeIntegerToChar( - Value: PLARGE_INTEGER, - Base: ULONG, - OutputLength: LONG, - String: PSTR, - ) -> NTSTATUS; - fn RtlIntegerToUnicodeString( - Value: ULONG, - Base: ULONG, - String: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlInt64ToUnicodeString( - Value: ULONGLONG, - Base: ULONG, - String: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlUnicodeStringToInteger( - String: PCUNICODE_STRING, - Base: ULONG, - Value: PULONG, - ) -> NTSTATUS; - fn RtlIpv4AddressToStringExW( - Address: *const in_addr, - Port: USHORT, - AddressString: PWSTR, - AddressStringLength: PULONG, - ) -> NTSTATUS; - fn RtlIpv6AddressToStringExW( - Address: *const in6_addr, - ScopeId: ULONG, - Port: USHORT, - AddressString: PWSTR, - AddressStringLength: PULONG, - ) -> NTSTATUS; - fn RtlIpv4StringToAddressExW( - AddressString: PCWSTR, - Strict: BOOLEAN, - Address: *mut in_addr, - Port: PUSHORT, - ) -> NTSTATUS; - fn RtlIpv6StringToAddressExW( - AddressString: PCWSTR, - Address: *mut in6_addr, - ScopeId: PULONG, - Port: PUSHORT, - ) -> NTSTATUS; -}} -STRUCT!{struct TIME_FIELDS { - Year: CSHORT, - Month: CSHORT, - Day: CSHORT, - Hour: CSHORT, - Minute: CSHORT, - Second: CSHORT, - Milliseconds: CSHORT, - Weekday: CSHORT, -}} -pub type PTIME_FIELDS = *mut TIME_FIELDS; -EXTERN!{extern "system" { - fn RtlCutoverTimeToSystemTime( - CutoverTime: PTIME_FIELDS, - SystemTime: PLARGE_INTEGER, - CurrentSystemTime: PLARGE_INTEGER, - ThisYear: BOOLEAN, - ) -> BOOLEAN; - fn RtlSystemTimeToLocalTime( - SystemTime: PLARGE_INTEGER, - LocalTime: PLARGE_INTEGER, - ) -> NTSTATUS; - fn RtlLocalTimeToSystemTime( - LocalTime: PLARGE_INTEGER, - SystemTime: PLARGE_INTEGER, - ) -> NTSTATUS; - fn RtlTimeToElapsedTimeFields( - Time: PLARGE_INTEGER, - TimeFields: PTIME_FIELDS, - ); - fn RtlTimeToTimeFields( - Time: PLARGE_INTEGER, - TimeFields: PTIME_FIELDS, - ); - fn RtlTimeFieldsToTime( - TimeFields: PTIME_FIELDS, - Time: PLARGE_INTEGER, - ) -> BOOLEAN; - fn RtlTimeToSecondsSince1980( - Time: PLARGE_INTEGER, - ElapsedSeconds: PULONG, - ) -> BOOLEAN; - fn RtlSecondsSince1980ToTime( - ElapsedSeconds: ULONG, - Time: PLARGE_INTEGER, - ); - fn RtlTimeToSecondsSince1970( - Time: PLARGE_INTEGER, - ElapsedSeconds: PULONG, - ) -> BOOLEAN; - fn RtlSecondsSince1970ToTime( - ElapsedSeconds: ULONG, - Time: PLARGE_INTEGER, - ); -}} -STRUCT!{struct RTL_TIME_ZONE_INFORMATION { - Bias: LONG, - StandardName: [WCHAR; 32], - StandardStart: TIME_FIELDS, - StandardBias: LONG, - DaylightName: [WCHAR; 32], - DaylightStart: TIME_FIELDS, - DaylightBias: LONG, -}} -pub type PRTL_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION; -EXTERN!{extern "system" { - fn RtlQueryTimeZoneInformation( - TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION, - ) -> NTSTATUS; - fn RtlSetTimeZoneInformation( - TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION, - ) -> NTSTATUS; -}} -STRUCT!{struct RTL_BITMAP { - SizeOfBitMap: ULONG, - Buffer: PULONG, -}} -pub type PRTL_BITMAP = *mut RTL_BITMAP; -EXTERN!{extern "system" { - fn RtlInitializeBitMap( - BitMapHeader: PRTL_BITMAP, - BitMapBuffer: PULONG, - SizeOfBitMap: ULONG, - ); - fn RtlClearBit( - BitMapHeader: PRTL_BITMAP, - BitNumber: ULONG, - ); - fn RtlSetBit( - BitMapHeader: PRTL_BITMAP, - BitNumber: ULONG, - ); - fn RtlTestBit( - BitMapHeader: PRTL_BITMAP, - BitNumber: ULONG, - ) -> BOOLEAN; - fn RtlClearAllBits( - BitMapHeader: PRTL_BITMAP, - ); - fn RtlSetAllBits( - BitMapHeader: PRTL_BITMAP, - ); - fn RtlFindClearBits( - BitMapHeader: PRTL_BITMAP, - NumberToFind: ULONG, - HintIndex: ULONG, - ) -> ULONG; - fn RtlFindSetBits( - BitMapHeader: PRTL_BITMAP, - NumberToFind: ULONG, - HintIndex: ULONG, - ) -> ULONG; - fn RtlFindClearBitsAndSet( - BitMapHeader: PRTL_BITMAP, - NumberToFind: ULONG, - HintIndex: ULONG, - ) -> ULONG; - fn RtlFindSetBitsAndClear( - BitMapHeader: PRTL_BITMAP, - NumberToFind: ULONG, - HintIndex: ULONG, - ) -> ULONG; - fn RtlClearBits( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - NumberToClear: ULONG, - ); - fn RtlSetBits( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - NumberToSet: ULONG, - ); - fn RtlFindMostSignificantBit( - Set: ULONGLONG, - ) -> CCHAR; - fn RtlFindLeastSignificantBit( - Set: ULONGLONG, - ) -> CCHAR; -}} -STRUCT!{struct RTL_BITMAP_RUN { - StartingIndex: ULONG, - NumberOfBits: ULONG, -}} -pub type PRTL_BITMAP_RUN = *mut RTL_BITMAP_RUN; -EXTERN!{extern "system" { - fn RtlFindClearRuns( - BitMapHeader: PRTL_BITMAP, - RunArray: PRTL_BITMAP_RUN, - SizeOfRunArray: ULONG, - LocateLongestRuns: BOOLEAN, - ) -> ULONG; - fn RtlFindLongestRunClear( - BitMapHeader: PRTL_BITMAP, - StartingIndex: PULONG, - ) -> ULONG; - fn RtlFindFirstRunClear( - BitMapHeader: PRTL_BITMAP, - StartingIndex: PULONG, - ) -> ULONG; -}} -#[inline] -pub unsafe fn RtlCheckBit(BitMapHeader: &RTL_BITMAP, BitPosition: ULONG) -> u8 { - #[cfg(target_arch = "x86_64")] { - core::arch::x86_64::_bittest64(BitMapHeader.Buffer as *const i64, BitPosition as i64) - } - #[cfg(any(target_arch = "x86", target_arch = "aarch64"))] { - (*BitMapHeader.Buffer.offset(BitPosition as isize / 32) >> (BitPosition % 32) & 1) as u8 - } -} -EXTERN!{extern "system" { - fn RtlNumberOfClearBits( - BitMapHeader: PRTL_BITMAP, - ) -> ULONG; - fn RtlNumberOfSetBits( - BitMapHeader: PRTL_BITMAP, - ) -> ULONG; - fn RtlAreBitsClear( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - Length: ULONG, - ) -> BOOLEAN; - fn RtlAreBitsSet( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - Length: ULONG, - ) -> BOOLEAN; - fn RtlFindNextForwardRunClear( - BitMapHeader: PRTL_BITMAP, - FromIndex: ULONG, - StartingRunIndex: PULONG, - ) -> ULONG; - fn RtlFindLastBackwardRunClear( - BitMapHeader: PRTL_BITMAP, - FromIndex: ULONG, - StartingRunIndex: PULONG, - ) -> ULONG; - fn RtlNumberOfSetBitsUlongPtr( - Target: ULONG_PTR, - ) -> ULONG; - fn RtlInterlockedClearBitRun( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - NumberToClear: ULONG, - ); - fn RtlInterlockedSetBitRun( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - NumberToSet: ULONG, - ); - fn RtlCopyBitMap( - Source: PRTL_BITMAP, - Destination: PRTL_BITMAP, - TargetBit: ULONG, - ); - fn RtlExtractBitMap( - Source: PRTL_BITMAP, - Destination: PRTL_BITMAP, - TargetBit: ULONG, - NumberOfBits: ULONG, - ); - fn RtlNumberOfClearBitsInRange( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - Length: ULONG, - ) -> ULONG; - fn RtlNumberOfSetBitsInRange( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - Length: ULONG, - ) -> ULONG; -}} -STRUCT!{struct RTL_BITMAP_EX { - SizeOfBitMap: ULONG64, - Buffer: PULONG64, -}} -pub type PRTL_BITMAP_EX = *mut RTL_BITMAP_EX; -EXTERN!{extern "system" { - fn RtlInitializeBitMapEx( - BitMapHeader: PRTL_BITMAP_EX, - BitMapBuffer: PULONG64, - SizeOfBitMap: ULONG64, - ); - fn RtlTestBitEx( - BitMapHeader: PRTL_BITMAP_EX, - BitNumber: ULONG64, - ) -> BOOLEAN; - fn RtlClearAllBitsEx( - BitMapHeader: PRTL_BITMAP_EX, - ); - fn RtlClearBitEx( - BitMapHeader: PRTL_BITMAP_EX, - BitNumber: ULONG64, - ); - fn RtlSetBitEx( - BitMapHeader: PRTL_BITMAP_EX, - BitNumber: ULONG64, - ); - fn RtlFindSetBitsEx( - BitMapHeader: PRTL_BITMAP_EX, - NumberToFind: ULONG64, - HintIndex: ULONG64, - ) -> ULONG64; - fn RtlFindSetBitsAndClearEx( - BitMapHeader: PRTL_BITMAP_EX, - NumberToFind: ULONG64, - HintIndex: ULONG64, - ) -> ULONG64; -}} -UNION!{union RTL_HANDLE_TABLE_ENTRY { - Flags: ULONG, - NextFree: *mut RTL_HANDLE_TABLE_ENTRY, -}} -pub type PRTL_HANDLE_TABLE_ENTRY = *mut RTL_HANDLE_TABLE_ENTRY; -pub const RTL_HANDLE_ALLOCATED: USHORT = 0x0001; -STRUCT!{struct RTL_HANDLE_TABLE { - MaximumNumberOfHandles: ULONG, - SizeOfHandleTableEntry: ULONG, - Reserved: [ULONG; 2], - FreeHandles: PRTL_HANDLE_TABLE_ENTRY, - CommittedHandles: PRTL_HANDLE_TABLE_ENTRY, - UnCommittedHandles: PRTL_HANDLE_TABLE_ENTRY, - MaxReservedHandles: PRTL_HANDLE_TABLE_ENTRY, -}} -pub type PRTL_HANDLE_TABLE = *mut RTL_HANDLE_TABLE; -EXTERN!{extern "system" { - fn RtlInitializeHandleTable( - MaximumNumberOfHandles: ULONG, - SizeOfHandleTableEntry: ULONG, - HandleTable: PRTL_HANDLE_TABLE, - ); - fn RtlDestroyHandleTable( - HandleTable: PRTL_HANDLE_TABLE, - ) -> NTSTATUS; - fn RtlAllocateHandle( - HandleTable: PRTL_HANDLE_TABLE, - HandleIndex: PULONG, - ) -> PRTL_HANDLE_TABLE_ENTRY; - fn RtlFreeHandle( - HandleTable: PRTL_HANDLE_TABLE, - Handle: PRTL_HANDLE_TABLE_ENTRY, - ) -> BOOLEAN; - fn RtlIsValidHandle( - HandleTable: PRTL_HANDLE_TABLE, - Handle: PRTL_HANDLE_TABLE_ENTRY, - ) -> BOOLEAN; - fn RtlIsValidIndexHandle( - HandleTable: PRTL_HANDLE_TABLE, - HandleIndex: ULONG, - Handle: *mut PRTL_HANDLE_TABLE_ENTRY, - ) -> BOOLEAN; -}} -pub const RTL_ATOM_MAXIMUM_INTEGER_ATOM: RTL_ATOM = 0xc000; -pub const RTL_ATOM_INVALID_ATOM: RTL_ATOM = 0x0000; -pub const RTL_ATOM_TABLE_DEFAULT_NUMBER_OF_BUCKETS: u32 = 37; -pub const RTL_ATOM_MAXIMUM_NAME_LENGTH: u32 = 255; -pub const RTL_ATOM_PINNED: u32 = 0x01; -EXTERN!{extern "system" { - fn RtlCreateAtomTable( - NumberOfBuckets: ULONG, - AtomTableHandle: *mut PVOID, - ) -> NTSTATUS; - fn RtlDestroyAtomTable( - AtomTableHandle: PVOID, - ) -> NTSTATUS; - fn RtlEmptyAtomTable( - AtomTableHandle: PVOID, - IncludePinnedAtoms: BOOLEAN, - ) -> NTSTATUS; - fn RtlAddAtomToAtomTable( - AtomTableHandle: PVOID, - AtomName: PWSTR, - Atom: PRTL_ATOM, - ) -> NTSTATUS; - fn RtlLookupAtomInAtomTable( - AtomTableHandle: PVOID, - AtomName: PWSTR, - Atom: PRTL_ATOM, - ) -> NTSTATUS; - fn RtlDeleteAtomFromAtomTable( - AtomTableHandle: PVOID, - Atom: RTL_ATOM, - ) -> NTSTATUS; - fn RtlPinAtomInAtomTable( - AtomTableHandle: PVOID, - Atom: RTL_ATOM, - ) -> NTSTATUS; - fn RtlQueryAtomInAtomTable( - AtomTableHandle: PVOID, - Atom: RTL_ATOM, - AtomUsage: PULONG, - AtomFlags: PULONG, - AtomName: PWSTR, - AtomNameLength: PULONG, - ) -> NTSTATUS; - fn RtlGetIntegerAtom( - AtomName: PWSTR, - IntegerAtom: PUSHORT, - ) -> BOOLEAN; - fn RtlValidSid( - Sid: PSID, - ) -> BOOLEAN; - fn RtlEqualSid( - Sid1: PSID, - Sid2: PSID, - ) -> BOOLEAN; - fn RtlEqualPrefixSid( - Sid1: PSID, - Sid2: PSID, - ) -> BOOLEAN; - fn RtlLengthRequiredSid( - SubAuthorityCount: ULONG, - ) -> ULONG; - fn RtlFreeSid( - Sid: PSID, - ) -> PVOID; - fn RtlAllocateAndInitializeSid( - IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, - SubAuthorityCount: UCHAR, - SubAuthority0: ULONG, - SubAuthority1: ULONG, - SubAuthority2: ULONG, - SubAuthority3: ULONG, - SubAuthority4: ULONG, - SubAuthority5: ULONG, - SubAuthority6: ULONG, - SubAuthority7: ULONG, - Sid: *mut PSID, - ) -> NTSTATUS; - fn RtlInitializeSid( - Sid: PSID, - IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, - SubAuthorityCount: UCHAR, - ) -> NTSTATUS; -}} -EXTERN!{extern "C" { - fn RtlInitializeSidEx( - Sid: PSID, - IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, - SubAuthorityCount: UCHAR, - ... - ) -> NTSTATUS; -}} -EXTERN!{extern "system" { - fn RtlIdentifierAuthoritySid( - Sid: PSID, - ) -> PSID_IDENTIFIER_AUTHORITY; - fn RtlSubAuthoritySid( - Sid: PSID, - SubAuthority: ULONG, - ) -> PULONG; - fn RtlSubAuthorityCountSid( - Sid: PSID, - ) -> PUCHAR; - fn RtlLengthSid( - Sid: PSID, - ) -> ULONG; - fn RtlCopySid( - DestinationSidLength: ULONG, - DestinationSid: PSID, - SourceSid: PSID, - ) -> NTSTATUS; - fn RtlCopySidAndAttributesArray( - Count: ULONG, - Src: PSID_AND_ATTRIBUTES, - SidAreaSize: ULONG, - Dest: PSID_AND_ATTRIBUTES, - SidArea: PSID, - RemainingSidArea: *mut PSID, - RemainingSidAreaSize: PULONG, - ) -> NTSTATUS; - fn RtlCreateServiceSid( - ServiceName: PUNICODE_STRING, - ServiceSid: PSID, - ServiceSidLength: PULONG, - ) -> NTSTATUS; - fn RtlSidDominates( - Sid1: PSID, - Sid2: PSID, - Dominates: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSidDominatesForTrust( - Sid1: PSID, - Sid2: PSID, - DominatesTrust: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSidEqualLevel( - Sid1: PSID, - Sid2: PSID, - EqualLevel: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSidIsHigherLevel( - Sid1: PSID, - Sid2: PSID, - HigherLevel: PBOOLEAN, - ) -> NTSTATUS; - fn RtlCreateVirtualAccountSid( - Name: PCUNICODE_STRING, - BaseSubAuthority: ULONG, - Sid: PSID, - SidLength: PULONG, - ) -> NTSTATUS; - fn RtlReplaceSidInSd( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - OldSid: PSID, - NewSid: PSID, - NumChanges: *mut ULONG, - ) -> NTSTATUS; -}} -pub const MAX_UNICODE_STACK_BUFFER_LENGTH: usize = 256; -EXTERN!{extern "system" { - fn RtlConvertSidToUnicodeString( - UnicodeString: PUNICODE_STRING, - Sid: PSID, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlSidHashInitialize( - SidAttr: PSID_AND_ATTRIBUTES, - SidCount: ULONG, - SidAttrHash: PSID_AND_ATTRIBUTES_HASH, - ) -> NTSTATUS; - fn RtlSidHashLookup( - SidAttrHash: PSID_AND_ATTRIBUTES_HASH, - Sid: PSID, - ) -> PSID_AND_ATTRIBUTES; - fn RtlIsElevatedRid( - SidAttr: PSID_AND_ATTRIBUTES, - ) -> BOOLEAN; - fn RtlDeriveCapabilitySidsFromName( - UnicodeString: PUNICODE_STRING, - CapabilityGroupSid: PSID, - CapabilitySid: PSID, - ) -> NTSTATUS; - fn RtlCreateSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Revision: ULONG, - ) -> NTSTATUS; - fn RtlValidSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ) -> BOOLEAN; - fn RtlLengthSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ) -> ULONG; - fn RtlValidRelativeSecurityDescriptor( - SecurityDescriptorInput: PSECURITY_DESCRIPTOR, - SecurityDescriptorLength: ULONG, - RequiredInformation: SECURITY_INFORMATION, - ) -> BOOLEAN; - fn RtlGetControlSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Control: PSECURITY_DESCRIPTOR_CONTROL, - Revision: PULONG, - ) -> NTSTATUS; - fn RtlSetControlSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ControlBitsOfInterest: SECURITY_DESCRIPTOR_CONTROL, - ControlBitsToSet: SECURITY_DESCRIPTOR_CONTROL, - ) -> NTSTATUS; - fn RtlSetAttributesSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Control: SECURITY_DESCRIPTOR_CONTROL, - Revision: PULONG, - ) -> NTSTATUS; - fn RtlGetSecurityDescriptorRMControl( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - RMControl: PUCHAR, - ) -> BOOLEAN; - fn RtlSetSecurityDescriptorRMControl( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - RMControl: PUCHAR, - ); - fn RtlSetDaclSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - DaclPresent: BOOLEAN, - Dacl: PACL, - DaclDefaulted: BOOLEAN, - ) -> NTSTATUS; - fn RtlGetDaclSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - DaclPresent: PBOOLEAN, - Dacl: *mut PACL, - DaclDefaulted: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSetSaclSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - SaclPresent: BOOLEAN, - Sacl: PACL, - SaclDefaulted: BOOLEAN, - ) -> NTSTATUS; - fn RtlGetSaclSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - SaclPresent: PBOOLEAN, - Sacl: *mut PACL, - SaclDefaulted: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSetOwnerSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Owner: PSID, - OwnerDefaulted: BOOLEAN, - ) -> NTSTATUS; - fn RtlGetOwnerSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Owner: *mut PSID, - OwnerDefaulted: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSetGroupSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Group: PSID, - GroupDefaulted: BOOLEAN, - ) -> NTSTATUS; - fn RtlGetGroupSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Group: *mut PSID, - GroupDefaulted: PBOOLEAN, - ) -> NTSTATUS; - fn RtlMakeSelfRelativeSD( - AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, - SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, - BufferLength: PULONG, - ) -> NTSTATUS; - fn RtlAbsoluteToSelfRelativeSD( - AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, - SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, - BufferLength: PULONG, - ) -> NTSTATUS; - fn RtlSelfRelativeToAbsoluteSD( - SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, - AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, - AbsoluteSecurityDescriptorSize: PULONG, - Dacl: PACL, - DaclSize: PULONG, - Sacl: PACL, - SaclSize: PULONG, - Owner: PSID, - OwnerSize: PULONG, - PrimaryGroup: PSID, - PrimaryGroupSize: PULONG, - ) -> NTSTATUS; - fn RtlSelfRelativeToAbsoluteSD2( - pSelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, - pBufferSize: PULONG, - ) -> NTSTATUS; - fn RtlAreAllAccessesGranted( - GrantedAccess: ACCESS_MASK, - DesiredAccess: ACCESS_MASK, - ) -> BOOLEAN; - fn RtlAreAnyAccessesGranted( - GrantedAccess: ACCESS_MASK, - DesiredAccess: ACCESS_MASK, - ) -> BOOLEAN; - fn RtlMapGenericMask( - AccessMask: PACCESS_MASK, - GenericMapping: PGENERIC_MAPPING, - ); - fn RtlCreateAcl( - Acl: PACL, - AclLength: ULONG, - AclRevision: ULONG, - ) -> NTSTATUS; - fn RtlValidAcl( - Acl: PACL, - ) -> BOOLEAN; - fn RtlQueryInformationAcl( - Acl: PACL, - AclInformation: PVOID, - AclInformationLength: ULONG, - AclInformationClass: ACL_INFORMATION_CLASS, - ) -> NTSTATUS; - fn RtlSetInformationAcl( - Acl: PACL, - AclInformation: PVOID, - AclInformationLength: ULONG, - AclInformationClass: ACL_INFORMATION_CLASS, - ) -> NTSTATUS; - fn RtlAddAce( - Acl: PACL, - AceRevision: ULONG, - StartingAceIndex: ULONG, - AceList: PVOID, - AceListLength: ULONG, - ) -> NTSTATUS; - fn RtlDeleteAce( - Acl: PACL, - AceIndex: ULONG, - ) -> NTSTATUS; - fn RtlGetAce( - Acl: PACL, - AceIndex: ULONG, - Ace: *mut PVOID, - ) -> NTSTATUS; - fn RtlFirstFreeAce( - Acl: PACL, - FirstFree: *mut PVOID, - ) -> BOOLEAN; - fn RtlFindAceByType( - pAcl: PACL, - AceType: UCHAR, - pIndex: PULONG, - ) -> PVOID; - fn RtlOwnerAcesPresent( - pAcl: PACL, - ) -> BOOLEAN; - fn RtlAddAccessAllowedAce( - Acl: PACL, - AceRevision: ULONG, - AccessMask: ACCESS_MASK, - Sid: PSID, - ) -> NTSTATUS; - fn RtlAddAccessAllowedAceEx( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - AccessMask: ACCESS_MASK, - Sid: PSID, - ) -> NTSTATUS; - fn RtlAddAccessDeniedAce( - Acl: PACL, - AceRevision: ULONG, - AccessMask: ACCESS_MASK, - Sid: PSID, - ) -> NTSTATUS; - fn RtlAddAccessDeniedAceEx( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - AccessMask: ACCESS_MASK, - Sid: PSID, - ) -> NTSTATUS; - fn RtlAddAuditAccessAce( - Acl: PACL, - AceRevision: ULONG, - AccessMask: ACCESS_MASK, - Sid: PSID, - AuditSuccess: BOOLEAN, - AuditFailure: BOOLEAN, - ) -> NTSTATUS; - fn RtlAddAuditAccessAceEx( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - AccessMask: ACCESS_MASK, - Sid: PSID, - AuditSuccess: BOOLEAN, - AuditFailure: BOOLEAN, - ) -> NTSTATUS; - fn RtlAddAccessAllowedObjectAce( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - AccessMask: ACCESS_MASK, - ObjectTypeGuid: *mut GUID, - InheritedObjectTypeGuid: *mut GUID, - Sid: PSID, - ) -> NTSTATUS; - fn RtlAddAccessDeniedObjectAce( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - AccessMask: ACCESS_MASK, - ObjectTypeGuid: *mut GUID, - InheritedObjectTypeGuid: *mut GUID, - Sid: PSID, - ) -> NTSTATUS; - fn RtlAddAuditAccessObjectAce( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - AccessMask: ACCESS_MASK, - ObjectTypeGuid: *mut GUID, - InheritedObjectTypeGuid: *mut GUID, - Sid: PSID, - AuditSuccess: BOOLEAN, - AuditFailure: BOOLEAN, - ) -> NTSTATUS; - fn RtlAddCompoundAce( - Acl: PACL, - AceRevision: ULONG, - AceType: UCHAR, - AccessMask: ACCESS_MASK, - ServerSid: PSID, - ClientSid: PSID, - ) -> NTSTATUS; - fn RtlAddMandatoryAce( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - Sid: PSID, - AceType: UCHAR, - AccessMask: ACCESS_MASK, - ) -> NTSTATUS; - fn RtlDefaultNpAcl( - Acl: *mut PACL, - ) -> NTSTATUS; - fn RtlNewSecurityObject( - ParentDescriptor: PSECURITY_DESCRIPTOR, - CreatorDescriptor: PSECURITY_DESCRIPTOR, - NewDescriptor: *mut PSECURITY_DESCRIPTOR, - IsDirectoryObject: BOOLEAN, - Token: HANDLE, - GenericMapping: PGENERIC_MAPPING, - ) -> NTSTATUS; - fn RtlNewSecurityObjectEx( - ParentDescriptor: PSECURITY_DESCRIPTOR, - CreatorDescriptor: PSECURITY_DESCRIPTOR, - NewDescriptor: *mut PSECURITY_DESCRIPTOR, - ObjectType: *mut GUID, - IsDirectoryObject: BOOLEAN, - AutoInheritFlags: ULONG, - Token: HANDLE, - GenericMapping: PGENERIC_MAPPING, - ) -> NTSTATUS; - fn RtlNewSecurityObjectWithMultipleInheritance( - ParentDescriptor: PSECURITY_DESCRIPTOR, - CreatorDescriptor: PSECURITY_DESCRIPTOR, - NewDescriptor: *mut PSECURITY_DESCRIPTOR, - ObjectType: *mut *mut GUID, - GuidCount: ULONG, - IsDirectoryObject: BOOLEAN, - AutoInheritFlags: ULONG, - Token: HANDLE, - GenericMapping: PGENERIC_MAPPING, - ) -> NTSTATUS; - fn RtlDeleteSecurityObject( - ObjectDescriptor: *mut PSECURITY_DESCRIPTOR, - ) -> NTSTATUS; - fn RtlQuerySecurityObject( - ObjectDescriptor: PSECURITY_DESCRIPTOR, - SecurityInformation: SECURITY_INFORMATION, - ResultantDescriptor: PSECURITY_DESCRIPTOR, - DescriptorLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn RtlSetSecurityObject( - SecurityInformation: SECURITY_INFORMATION, - ModificationDescriptor: PSECURITY_DESCRIPTOR, - ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, - GenericMapping: PGENERIC_MAPPING, - Token: HANDLE, - ) -> NTSTATUS; - fn RtlSetSecurityObjectEx( - SecurityInformation: SECURITY_INFORMATION, - ModificationDescriptor: PSECURITY_DESCRIPTOR, - ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, - AutoInheritFlags: ULONG, - GenericMapping: PGENERIC_MAPPING, - Token: HANDLE, - ) -> NTSTATUS; - fn RtlConvertToAutoInheritSecurityObject( - ParentDescriptor: PSECURITY_DESCRIPTOR, - CurrentSecurityDescriptor: PSECURITY_DESCRIPTOR, - NewSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, - ObjectType: *mut GUID, - IsDirectoryObject: BOOLEAN, - GenericMapping: PGENERIC_MAPPING, - ) -> NTSTATUS; - fn RtlNewInstanceSecurityObject( - ParentDescriptorChanged: BOOLEAN, - CreatorDescriptorChanged: BOOLEAN, - OldClientTokenModifiedId: PLUID, - NewClientTokenModifiedId: PLUID, - ParentDescriptor: PSECURITY_DESCRIPTOR, - CreatorDescriptor: PSECURITY_DESCRIPTOR, - NewDescriptor: *mut PSECURITY_DESCRIPTOR, - IsDirectoryObject: BOOLEAN, - Token: HANDLE, - GenericMapping: PGENERIC_MAPPING, - ) -> NTSTATUS; - fn RtlCopySecurityDescriptor( - InputSecurityDescriptor: PSECURITY_DESCRIPTOR, - OutputSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, - ) -> NTSTATUS; - fn RtlRunEncodeUnicodeString( - Seed: PUCHAR, - String: PUNICODE_STRING, - ); - fn RtlRunDecodeUnicodeString( - Seed: UCHAR, - String: PUNICODE_STRING, - ); - fn RtlImpersonateSelf( - ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL, - ) -> NTSTATUS; - fn RtlImpersonateSelfEx( - ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL, - AdditionalAccess: ACCESS_MASK, - ThreadToken: PHANDLE, - ) -> NTSTATUS; - fn RtlAdjustPrivilege( - Privilege: ULONG, - Enable: BOOLEAN, - Client: BOOLEAN, - WasEnabled: PBOOLEAN, - ) -> NTSTATUS; -}} -pub const RTL_ACQUIRE_PRIVILEGE_REVERT: ULONG = 0x00000001; -pub const RTL_ACQUIRE_PRIVILEGE_PROCESS: ULONG = 0x00000002; -EXTERN!{extern "system" { - fn RtlAcquirePrivilege( - Privilege: PULONG, - NumPriv: ULONG, - Flags: ULONG, - ReturnedState: *mut PVOID, - ) -> NTSTATUS; - fn RtlReleasePrivilege( - StatePointer: PVOID, - ); - fn RtlRemovePrivileges( - TokenHandle: HANDLE, - PrivilegesToKeep: PULONG, - PrivilegeCount: ULONG, - ) -> NTSTATUS; - fn RtlIsUntrustedObject( - Handle: HANDLE, - Object: PVOID, - IsUntrustedObject: PBOOLEAN, - ) -> NTSTATUS; - fn RtlQueryValidationRunlevel( - ComponentName: PUNICODE_STRING, - ) -> ULONG; - fn RtlCreateBoundaryDescriptor( - Name: PUNICODE_STRING, - Flags: ULONG, - ) -> PVOID; - fn RtlDeleteBoundaryDescriptor( - BoundaryDescriptor: PVOID, - ); - fn RtlAddSIDToBoundaryDescriptor( - BoundaryDescriptor: *mut PVOID, - RequiredSid: PSID, - ) -> NTSTATUS; - fn RtlAddIntegrityLabelToBoundaryDescriptor( - BoundaryDescriptor: *mut PVOID, - IntegrityLabel: PSID, - ) -> NTSTATUS; - fn RtlGetVersion( - lpVersionInformation: PRTL_OSVERSIONINFOW, - ) -> NTSTATUS; - fn RtlVerifyVersionInfo( - VersionInfo: PRTL_OSVERSIONINFOEXW, - TypeMask: ULONG, - ConditionMask: ULONGLONG, - ) -> NTSTATUS; - fn RtlGetNtVersionNumbers( - NtMajorVersion: PULONG, - NtMinorVersion: PULONG, - NtBuildNumber: PULONG, - ); - fn RtlGetNtGlobalFlags() -> ULONG; - fn RtlGetNtProductType( - NtProductType: PNT_PRODUCT_TYPE, - ) -> BOOLEAN; - fn RtlGetSuiteMask() -> ULONG; - fn RtlRegisterWait( - WaitHandle: PHANDLE, - Handle: HANDLE, - Function: WAITORTIMERCALLBACKFUNC, - Context: PVOID, - Milliseconds: ULONG, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlDeregisterWait( - WaitHandle: HANDLE, - ) -> NTSTATUS; - fn RtlDeregisterWaitEx( - WaitHandle: HANDLE, - Event: HANDLE, - ) -> NTSTATUS; - fn RtlQueueWorkItem( - Function: WORKERCALLBACKFUNC, - Context: PVOID, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlSetIoCompletionCallback( - FileHandle: HANDLE, - CompletionProc: APC_CALLBACK_FUNCTION, - Flags: ULONG, - ) -> NTSTATUS; -}} -FN!{stdcall PRTL_START_POOL_THREAD( - Function: PTHREAD_START_ROUTINE, - Parameter: PVOID, - ThreadHandle: PHANDLE, -) -> NTSTATUS} -FN!{stdcall PRTL_EXIT_POOL_THREAD( - ExitStatus: NTSTATUS, -) -> NTSTATUS} -EXTERN!{extern "system" { - fn RtlSetThreadPoolStartFunc( - StartPoolThread: PRTL_START_POOL_THREAD, - ExitPoolThread: PRTL_EXIT_POOL_THREAD, - ) -> NTSTATUS; - fn RtlUserThreadStart( - Function: PTHREAD_START_ROUTINE, - Parameter: PVOID, - ); - fn LdrInitializeThunk( - ContextRecord: PCONTEXT, - Parameter: PVOID, - ); - fn RtlCreateTimerQueue( - TimerQueueHandle: PHANDLE, - ) -> NTSTATUS; - fn RtlCreateTimer( - TimerQueueHandle: HANDLE, - Handle: PHANDLE, - Function: WAITORTIMERCALLBACKFUNC, - Context: PVOID, - DueTime: ULONG, - Period: ULONG, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlUpdateTimer( - TimerQueueHandle: HANDLE, - TimerHandle: HANDLE, - DueTime: ULONG, - Period: ULONG, - ) -> NTSTATUS; - fn RtlDeleteTimer( - TimerQueueHandle: HANDLE, - TimerToCancel: HANDLE, - Event: HANDLE, - ) -> NTSTATUS; - fn RtlDeleteTimerQueue( - TimerQueueHandle: HANDLE, - ) -> NTSTATUS; - fn RtlDeleteTimerQueueEx( - TimerQueueHandle: HANDLE, - Event: HANDLE, - ) -> NTSTATUS; - fn RtlFormatCurrentUserKeyPath( - CurrentUserKeyPath: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlOpenCurrentUser( - DesiredAccess: ACCESS_MASK, - CurrentUserKey: PHANDLE, - ) -> NTSTATUS; -}} -pub const RTL_REGISTRY_ABSOLUTE: ULONG = 0; -pub const RTL_REGISTRY_SERVICES: ULONG = 1; -pub const RTL_REGISTRY_CONTROL: ULONG = 2; -pub const RTL_REGISTRY_WINDOWS_NT: ULONG = 3; -pub const RTL_REGISTRY_DEVICEMAP: ULONG = 4; -pub const RTL_REGISTRY_USER: ULONG = 5; -pub const RTL_REGISTRY_MAXIMUM: ULONG = 6; -pub const RTL_REGISTRY_HANDLE: ULONG = 0x40000000; -pub const RTL_REGISTRY_OPTIONAL: ULONG = 0x80000000; -EXTERN!{extern "system" { - fn RtlCreateRegistryKey( - RelativeTo: ULONG, - Path: PWSTR, - ) -> NTSTATUS; - fn RtlCheckRegistryKey( - RelativeTo: ULONG, - Path: PWSTR, - ) -> NTSTATUS; -}} -FN!{stdcall PRTL_QUERY_REGISTRY_ROUTINE( - ValueName: PWSTR, - ValueType: ULONG, - ValueData: PVOID, - ValueLength: ULONG, - Context: PVOID, - EntryContext: PVOID, -) -> NTSTATUS} -STRUCT!{struct RTL_QUERY_REGISTRY_TABLE { - QueryRoutine: PRTL_QUERY_REGISTRY_ROUTINE, - Flags: ULONG, - Name: PWSTR, - EntryContext: PVOID, - DefaultType: ULONG, - DefaultData: PVOID, - DefaultLength: ULONG, -}} -pub type PRTL_QUERY_REGISTRY_TABLE = *mut RTL_QUERY_REGISTRY_TABLE; -pub const RTL_QUERY_REGISTRY_SUBKEY: ULONG = 0x00000001; -pub const RTL_QUERY_REGISTRY_TOPKEY: ULONG = 0x00000002; -pub const RTL_QUERY_REGISTRY_REQUIRED: ULONG = 0x00000004; -pub const RTL_QUERY_REGISTRY_NOVALUE: ULONG = 0x00000008; -pub const RTL_QUERY_REGISTRY_NOEXPAND: ULONG = 0x00000010; -pub const RTL_QUERY_REGISTRY_DIRECT: ULONG = 0x00000020; -pub const RTL_QUERY_REGISTRY_DELETE: ULONG = 0x00000040; -EXTERN!{extern "system" { - fn RtlQueryRegistryValues( - RelativeTo: ULONG, - Path: PCWSTR, - QueryTable: PRTL_QUERY_REGISTRY_TABLE, - Context: PVOID, - Environment: PVOID, - ) -> NTSTATUS; - fn RtlQueryRegistryValuesEx( - RelativeTo: ULONG, - Path: PWSTR, - QueryTable: PRTL_QUERY_REGISTRY_TABLE, - Context: PVOID, - Environment: PVOID, - ) -> NTSTATUS; - fn RtlWriteRegistryValue( - RelativeTo: ULONG, - Path: PCWSTR, - ValueName: PCWSTR, - ValueType: ULONG, - ValueData: PVOID, - ValueLength: ULONG, - ) -> NTSTATUS; - fn RtlDeleteRegistryValue( - RelativeTo: ULONG, - Path: PCWSTR, - ValueName: PCWSTR, - ) -> NTSTATUS; - fn RtlEnableThreadProfiling( - ThreadHandle: HANDLE, - Flags: ULONG, - HardwareCounters: ULONG64, - PerformanceDataHandle: *mut PVOID, - ) -> NTSTATUS; - fn RtlDisableThreadProfiling( - PerformanceDataHandle: PVOID, - ) -> NTSTATUS; - fn RtlQueryThreadProfiling( - ThreadHandle: HANDLE, - Enabled: PBOOLEAN, - ) -> NTSTATUS; - fn RtlReadThreadProfilingData( - PerformanceDataHandle: HANDLE, - Flags: ULONG, - PerformanceData: PPERFORMANCE_DATA, - ) -> NTSTATUS; - fn RtlGetNativeSystemInformation( - SystemInformationClass: ULONG, - NativeSystemInformation: PVOID, - InformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn RtlQueueApcWow64Thread( - ThreadHandle: HANDLE, - ApcRoutine: PPS_APC_ROUTINE, - ApcArgument1: PVOID, - ApcArgument2: PVOID, - ApcArgument3: PVOID, - ) -> NTSTATUS; - fn RtlWow64EnableFsRedirection( - Wow64FsEnableRedirection: BOOLEAN, - ) -> NTSTATUS; - fn RtlWow64EnableFsRedirectionEx( - Wow64FsEnableRedirection: PVOID, - OldFsRedirectionLevel: *mut PVOID, - ) -> NTSTATUS; - fn RtlComputeCrc32( - PartialCrc: ULONG32, - Buffer: PVOID, - Length: ULONG, - ) -> ULONG32; - fn RtlEncodePointer( - Ptr: PVOID, - ) -> PVOID; - fn RtlDecodePointer( - Ptr: PVOID, - ) -> PVOID; - fn RtlEncodeSystemPointer( - Ptr: PVOID, - ) -> PVOID; - fn RtlDecodeSystemPointer( - Ptr: PVOID, - ) -> PVOID; - fn RtlEncodeRemotePointer( - ProcessHandle: HANDLE, - Pointer: PVOID, - EncodedPointer: *mut PVOID, - ) -> NTSTATUS; - fn RtlDecodeRemotePointer( - ProcessHandle: HANDLE, - Pointer: PVOID, - DecodedPointer: *mut PVOID, - ) -> NTSTATUS; - fn RtlIsProcessorFeaturePresent( - ProcessorFeature: ULONG, - ) -> BOOLEAN; - fn RtlGetCurrentProcessorNumber() -> ULONG; - fn RtlGetCurrentProcessorNumberEx( - ProcessorNumber: PPROCESSOR_NUMBER, - ); - fn RtlPushFrame( - Frame: PTEB_ACTIVE_FRAME, - ); - fn RtlPopFrame( - Frame: PTEB_ACTIVE_FRAME, - ); - fn RtlGetFrame() -> PTEB_ACTIVE_FRAME; -}} -pub const RTL_WALK_USER_MODE_STACK: ULONG = 0x00000001; -pub const RTL_WALK_VALID_FLAGS: ULONG = 0x00000001; -pub const RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT: ULONG = 0x00000008; -EXTERN!{extern "system" { - fn RtlWalkFrameChain( - Callers: *mut PVOID, - Count: ULONG, - Flags: ULONG, - ) -> ULONG; - fn RtlGetCallersAddress( - CallersAddress: *mut PVOID, - CallersCaller: *mut PVOID, - ); - fn RtlGetEnabledExtendedFeatures( - FeatureMask: ULONG64, - ) -> ULONG64; - fn RtlGetEnabledExtendedAndSupervisorFeatures( - FeatureMask: ULONG64, - ) -> ULONG64; - fn RtlLocateSupervisorFeature( - XStateHeader: PXSAVE_AREA_HEADER, - FeatureId: ULONG, - Length: PULONG, - ) -> PVOID; -}} -STRUCT!{struct RTL_ELEVATION_FLAGS { - Flags: ULONG, -}} -BITFIELD!{RTL_ELEVATION_FLAGS Flags: ULONG [ - ElevationEnabled set_ElevationEnabled[0..1], - VirtualizationEnabled set_VirtualizationEnabled[1..2], - InstallerDetectEnabled set_InstallerDetectEnabled[2..3], - ReservedBits set_ReservedBits[3..32], -]} -pub type PRTL_ELEVATION_FLAGS = *mut RTL_ELEVATION_FLAGS; -EXTERN!{extern "system" { - fn RtlQueryElevationFlags( - Flags: PRTL_ELEVATION_FLAGS, - ) -> NTSTATUS; - fn RtlRegisterThreadWithCsrss() -> NTSTATUS; - fn RtlLockCurrentThread() -> NTSTATUS; - fn RtlUnlockCurrentThread() -> NTSTATUS; - fn RtlLockModuleSection( - Address: PVOID, - ) -> NTSTATUS; - fn RtlUnlockModuleSection( - Address: PVOID, - ) -> NTSTATUS; -}} -pub const RTL_UNLOAD_EVENT_TRACE_NUMBER: u32 = 64; -STRUCT!{struct RTL_UNLOAD_EVENT_TRACE { - BaseAddress: PVOID, - SizeOfImage: SIZE_T, - Sequence: ULONG, - TimeDateStamp: ULONG, - CheckSum: ULONG, - ImageName: [WCHAR; 32], - Version: [ULONG; 2], -}} -pub type PRTL_UNLOAD_EVENT_TRACE = *mut RTL_UNLOAD_EVENT_TRACE; -STRUCT!{struct RTL_UNLOAD_EVENT_TRACE32 { - BaseAddress: ULONG, - SizeOfImage: ULONG, - Sequence: ULONG, - TimeDateStamp: ULONG, - CheckSum: ULONG, - ImageName: [WCHAR; 32], - Version: [ULONG; 2], -}} -pub type PRTL_UNLOAD_EVENT_TRACE32 = *mut RTL_UNLOAD_EVENT_TRACE32; -EXTERN!{extern "system" { - fn RtlGetUnloadEventTrace() -> PRTL_UNLOAD_EVENT_TRACE; - fn RtlGetUnloadEventTraceEx( - ElementSize: *mut PULONG, - ElementCount: *mut PULONG, - EventTrace: *mut PVOID, - ); - fn RtlQueryPerformanceCounter( - PerformanceCounter: PLARGE_INTEGER, - ) -> LOGICAL; - fn RtlQueryPerformanceFrequency( - PerformanceFrequency: PLARGE_INTEGER, - ) -> LOGICAL; -}} -ENUM!{enum IMAGE_MITIGATION_POLICY { - ImageDepPolicy = 0, - ImageAslrPolicy = 1, - ImageDynamicCodePolicy = 2, - ImageStrictHandleCheckPolicy = 3, - ImageSystemCallDisablePolicy = 4, - ImageMitigationOptionsMask = 5, - ImageExtensionPointDisablePolicy = 6, - ImageControlFlowGuardPolicy = 7, - ImageSignaturePolicy = 8, - ImageFontDisablePolicy = 9, - ImageImageLoadPolicy = 10, - ImagePayloadRestrictionPolicy = 11, - ImageChildProcessPolicy = 12, - ImageSehopPolicy = 13, - ImageHeapPolicy = 14, - MaxImageMitigationPolicy = 15, -}} -UNION!{union RTL_IMAGE_MITIGATION_POLICY { - Bitfields1: ULONG64, - Bitfields2: ULONG64, -}} -BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields1: ULONG64 [ - AuditState set_AuditState[0..2], - AuditFlag set_AuditFlag[2..3], - EnableAdditionalAuditingOption set_EnableAdditionalAuditingOption[3..4], - Reserved set_Reserved[4..64], -]} -BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields2: ULONG64 [ - PolicyState set_PolicyState[0..2], - AlwaysInherit set_AlwaysInherit[2..3], - EnableAdditionalPolicyOption set_EnableAdditionalPolicyOption[3..4], - AuditReserved set_AuditReserved[4..64], -]} -pub type PRTL_IMAGE_MITIGATION_POLICY = *mut RTL_IMAGE_MITIGATION_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_DEP_POLICY { - Dep: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_DEP_POLICY = *mut RTL_IMAGE_MITIGATION_DEP_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_ASLR_POLICY { - ForceRelocateImages: RTL_IMAGE_MITIGATION_POLICY, - BottomUpRandomization: RTL_IMAGE_MITIGATION_POLICY, - HighEntropyRandomization: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_ASLR_POLICY = *mut RTL_IMAGE_MITIGATION_ASLR_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY { - BlockDynamicCode: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY = *mut RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY { - StrictHandleChecks: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY = - *mut RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { - BlockWin32kSystemCalls: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY = - *mut RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { - DisableExtensionPoints: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY = - *mut RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY { - ControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY, - StrictControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY = - *mut RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY { - BlockNonMicrosoftSignedBinaries: RTL_IMAGE_MITIGATION_POLICY, - EnforceSigningOnModuleDependencies: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY = - *mut RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY { - DisableNonSystemFonts: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY = *mut RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY { - BlockRemoteImageLoads: RTL_IMAGE_MITIGATION_POLICY, - BlockLowLabelImageLoads: RTL_IMAGE_MITIGATION_POLICY, - PreferSystem32: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY = *mut RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY { - EnableExportAddressFilter: RTL_IMAGE_MITIGATION_POLICY, - EnableExportAddressFilterPlus: RTL_IMAGE_MITIGATION_POLICY, - EnableImportAddressFilter: RTL_IMAGE_MITIGATION_POLICY, - EnableRopStackPivot: RTL_IMAGE_MITIGATION_POLICY, - EnableRopCallerCheck: RTL_IMAGE_MITIGATION_POLICY, - EnableRopSimExec: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY = - *mut RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY { - DisallowChildProcessCreation: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY = - *mut RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_SEHOP_POLICY { - Sehop: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_SEHOP_POLICY = *mut RTL_IMAGE_MITIGATION_SEHOP_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_HEAP_POLICY { - TerminateOnHeapErrors: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_HEAP_POLICY = *mut RTL_IMAGE_MITIGATION_HEAP_POLICY; -ENUM!{enum RTL_IMAGE_MITIGATION_OPTION_STATE { - RtlMitigationOptionStateNotConfigured = 0, - RtlMitigationOptionStateOn = 1, - RtlMitigationOptionStateOff = 2, -}} -pub const RTL_IMAGE_MITIGATION_FLAG_RESET: ULONG = 0x1; -pub const RTL_IMAGE_MITIGATION_FLAG_REMOVE: ULONG = 0x2; -pub const RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT: ULONG = 0x4; -pub const RTL_IMAGE_MITIGATION_FLAG_AUDIT: ULONG = 0x8; -EXTERN!{extern "system" { - fn RtlQueryImageMitigationPolicy( - ImagePath: PWSTR, - Policy: IMAGE_MITIGATION_POLICY, - Flags: ULONG, - Buffer: PVOID, - BufferSize: ULONG, - ) -> NTSTATUS; - fn RtlSetImageMitigationPolicy( - ImagePath: PWSTR, - Policy: IMAGE_MITIGATION_POLICY, - Flags: ULONG, - Buffer: PVOID, - BufferSize: ULONG, - ) -> NTSTATUS; - fn RtlGetCurrentServiceSessionId() -> ULONG; - fn RtlGetActiveConsoleId() -> ULONG; - fn RtlGetConsoleSessionForegroundProcessId() -> ULONGLONG; - fn RtlGetTokenNamedObjectPath( - Token: HANDLE, - Sid: PSID, - ObjectPath: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlGetAppContainerNamedObjectPath( - Token: HANDLE, - AppContainerSid: PSID, - RelativePath: BOOLEAN, - ObjectPath: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlGetAppContainerParent( - AppContainerSid: PSID, - AppContainerSidParent: *mut PSID, - ) -> NTSTATUS; - fn RtlCheckSandboxedToken( - TokenHandle: HANDLE, - IsSandboxed: PBOOLEAN, - ) -> NTSTATUS; - fn RtlCheckTokenCapability( - TokenHandle: HANDLE, - CapabilitySidToCheck: PSID, - HasCapability: PBOOLEAN, - ) -> NTSTATUS; - fn RtlCapabilityCheck( - TokenHandle: HANDLE, - CapabilityName: PUNICODE_STRING, - HasCapability: PBOOLEAN, - ) -> NTSTATUS; - fn RtlCheckTokenMembership( - TokenHandle: HANDLE, - SidToCheck: PSID, - IsMember: PBOOLEAN, - ) -> NTSTATUS; - fn RtlCheckTokenMembershipEx( - TokenHandle: HANDLE, - SidToCheck: PSID, - Flags: ULONG, - IsMember: PBOOLEAN, - ) -> NTSTATUS; - fn RtlIsParentOfChildAppContainer( - ParentAppContainerSid: PSID, - ChildAppContainerSid: PSID, - ) -> NTSTATUS; - fn RtlIsCapabilitySid( - Sid: PSID, - ) -> BOOLEAN; - fn RtlIsPackageSid( - Sid: PSID, - ) -> BOOLEAN; - fn RtlIsValidProcessTrustLabelSid( - Sid: PSID, - ) -> BOOLEAN; - fn RtlIsStateSeparationEnabled() -> BOOLEAN; -}} -ENUM!{enum APPCONTAINER_SID_TYPE { - NotAppContainerSidType = 0, - ChildAppContainerSidType = 1, - ParentAppContainerSidType = 2, - InvalidAppContainerSidType = 3, - MaxAppContainerSidType = 4, -}} -pub type PAPPCONTAINER_SID_TYPE = *mut APPCONTAINER_SID_TYPE; -EXTERN!{extern "system" { - fn RtlGetAppContainerSidType( - AppContainerSid: PSID, - AppContainerSidType: PAPPCONTAINER_SID_TYPE, - ) -> NTSTATUS; - fn RtlFlsAlloc( - Callback: PFLS_CALLBACK_FUNCTION, - FlsIndex: PULONG, - ) -> NTSTATUS; - fn RtlFlsFree( - FlsIndex: ULONG, - ) -> NTSTATUS; -}} -ENUM!{enum STATE_LOCATION_TYPE { - LocationTypeRegistry = 0, - LocationTypeFileSystem = 1, - LocationTypeMaximum = 2, -}} -EXTERN!{extern "system" { - fn RtlGetPersistedStateLocation( - SourceID: PCWSTR, - CustomValue: PCWSTR, - DefaultPath: PCWSTR, - StateLocationType: STATE_LOCATION_TYPE, - TargetPath: PWCHAR, - BufferLengthIn: ULONG, - BufferLengthOut: PULONG, - ) -> NTSTATUS; - fn RtlIsCloudFilesPlaceholder( - FileAttributes: ULONG, - ReparseTag: ULONG, - ) -> BOOLEAN; - fn RtlIsPartialPlaceholder( - FileAttributes: ULONG, - ReparseTag: ULONG, - ) -> BOOLEAN; - fn RtlIsPartialPlaceholderFileHandle( - FileHandle: HANDLE, - IsPartialPlaceholder: PBOOLEAN, - ) -> NTSTATUS; - fn RtlIsPartialPlaceholderFileInfo( - InfoBuffer: *const c_void, - InfoClass: FILE_INFORMATION_CLASS, - IsPartialPlaceholder: PBOOLEAN, - ) -> NTSTATUS; - fn RtlIsNonEmptyDirectoryReparsePointAllowed( - ReparseTag: ULONG, - ) -> BOOLEAN; - fn RtlAppxIsFileOwnedByTrustedInstaller( - FileHandle: HANDLE, - IsFileOwnedByTrustedInstaller: PBOOLEAN, - ) -> NTSTATUS; -}} -STRUCT!{struct PS_PKG_CLAIM { - Flags: ULONGLONG, - Origin: ULONGLONG, -}} -pub type PPS_PKG_CLAIM = *mut PS_PKG_CLAIM; -EXTERN!{extern "system" { - fn RtlQueryPackageClaims( - TokenHandle: HANDLE, - PackageFullName: PWSTR, - PackageSize: PSIZE_T, - AppId: PWSTR, - AppIdSize: PSIZE_T, - DynamicId: *mut GUID, - PkgClaim: PPS_PKG_CLAIM, - AttributesPresent: PULONG64, - ) -> NTSTATUS; - fn RtlQueryProtectedPolicy( - PolicyGuid: *mut GUID, - PolicyValue: PULONG_PTR, - ) -> NTSTATUS; - fn RtlSetProtectedPolicy( - PolicyGuid: *mut GUID, - PolicyValue: ULONG_PTR, - OldPolicyValue: PULONG_PTR, - ) -> NTSTATUS; - fn RtlIsMultiSessionSku() -> BOOLEAN; - fn RtlIsMultiUsersInSessionSku() -> BOOLEAN; -}} -ENUM!{enum RTL_BSD_ITEM_TYPE { - RtlBsdItemVersionNumber = 0, - RtlBsdItemProductType = 1, - RtlBsdItemAabEnabled = 2, - RtlBsdItemAabTimeout = 3, - RtlBsdItemBootGood = 4, - RtlBsdItemBootShutdown = 5, - RtlBsdSleepInProgress = 6, - RtlBsdPowerTransition = 7, - RtlBsdItemBootAttemptCount = 8, - RtlBsdItemBootCheckpoint = 9, - RtlBsdItemBootId = 10, - RtlBsdItemShutdownBootId = 11, - RtlBsdItemReportedAbnormalShutdownBootId = 12, - RtlBsdItemErrorInfo = 13, - RtlBsdItemPowerButtonPressInfo = 14, - RtlBsdItemChecksum = 15, - RtlBsdItemMax = 16, -}} -STRUCT!{struct RTL_BSD_ITEM { - Type: RTL_BSD_ITEM_TYPE, - DataBuffer: PVOID, - DataLength: ULONG, -}} -pub type PRTL_BSD_ITEM = *mut RTL_BSD_ITEM; -EXTERN!{extern "system" { - fn RtlCreateBootStatusDataFile() -> NTSTATUS; - fn RtlLockBootStatusData( - FileHandle: PHANDLE, - ) -> NTSTATUS; - fn RtlUnlockBootStatusData( - FileHandle: HANDLE, - ) -> NTSTATUS; - fn RtlGetSetBootStatusData( - FileHandle: HANDLE, - Read: BOOLEAN, - DataClass: RTL_BSD_ITEM_TYPE, - Buffer: PVOID, - BufferSize: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn RtlCheckBootStatusIntegrity( - FileHandle: HANDLE, - Verified: PBOOLEAN, - ) -> NTSTATUS; - fn RtlCheckPortableOperatingSystem( - IsPortable: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSetPortableOperatingSystem( - IsPortable: BOOLEAN, - ) -> NTSTATUS; -}} -EXTERN!{extern "system" { - fn RtlOsDeploymentState( - Flags: DWORD, - ) -> OS_DEPLOYEMENT_STATE_VALUES; - fn RtlFindClosestEncodableLength( - SourceLength: ULONGLONG, - TargetLength: PULONGLONG, - ) -> NTSTATUS; -}} -FN!{stdcall PRTL_SECURE_MEMORY_CACHE_CALLBACK( - Address: PVOID, - Length: SIZE_T, -) -> NTSTATUS} -EXTERN!{extern "system" { - fn RtlRegisterSecureMemoryCacheCallback( - Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK, - ) -> NTSTATUS; - fn RtlDeregisterSecureMemoryCacheCallback( - Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK, - ) -> NTSTATUS; - fn RtlFlushSecureMemoryCache( - MemoryCache: PVOID, - MemoryLength: SIZE_T, - ) -> BOOLEAN; -}} |