diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 12:41:35 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 12:41:35 +0000 |
commit | 7e5d7eea9c580ef4b41a765bde624af431942b96 (patch) | |
tree | 2c0d9ca12878fc4525650aa4e54d77a81a07cc09 /vendor/ntapi | |
parent | Adding debian version 1.70.0+dfsg1-9. (diff) | |
download | rustc-7e5d7eea9c580ef4b41a765bde624af431942b96.tar.xz rustc-7e5d7eea9c580ef4b41a765bde624af431942b96.zip |
Merging upstream version 1.70.0+dfsg2.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'vendor/ntapi')
42 files changed, 0 insertions, 21197 deletions
diff --git a/vendor/ntapi/.cargo-checksum.json b/vendor/ntapi/.cargo-checksum.json deleted file mode 100644 index 7d42314b2..000000000 --- a/vendor/ntapi/.cargo-checksum.json +++ /dev/null @@ -1 +0,0 @@ -{"files":{"Cargo.toml":"c590838810b459f0055af8724e1ac392570a0dcf223bf403b87f728a14c6a500","LICENSE-APACHE":"cf90d659de5c1e6418267ab8043b756e65508ee5d8d50b29eb2d2fe444c2c3eb","LICENSE-MIT":"11a7964ccc0dd115d16720ab1d826c5d03e52838748ffaba3d21bae8bcacd82a","README.md":"748712a61ff52ec28ed1695b01975a379125f9c3e8a4ad5b2e9b64096c2a3df1","build.rs":"13a274ea4cb1886872626b8a98269e9bf2e1f93cb1068fc8c797e421746cac7e","src/lib.rs":"261643e01f42e3b04cc0760811da090348923d40761c863eebb4735af6294207","src/macros.rs":"b0a852ebea2e1aed3e7d70eeadc8356778b064d2eca6e796598e9ab37ac54175","src/ntapi_base.rs":"b2edefaf68709c32f7fb4377ea21457afd3c7546ba59596f9f25bbaeb220f4d4","src/ntdbg.rs":"f891d4b26ef9d6c68ca098ab70bb4b1dd4d7e1d05e0f65c32bc6cb1151528f91","src/ntexapi.rs":"9be1b1d061055b6f5276093db8346ecf148d0ad6e438d185a16b126acb514c22","src/ntgdi.rs":"9fa6610566d77e95294432957f8cb8564cef3bb09d2d8d0adcf23047fa3a5221","src/ntioapi.rs":"577f3c3d83a95a965fff62efbdaa01769e9b3cf713f0d296a948f34cdfddcedc","src/ntkeapi.rs":"1ede6613c94303e6087e30e64ee1f1623eada9d088ce50992904e1812b263923","src/ntldr.rs":"e70ac420828f47d35dade883efee4231b6455d53ff4d317ecf6d809d7bc5a2bc","src/ntlpcapi.rs":"da5070b1c1adad34091aedd01d2b888daa4dc9446fdcd69668565e6eeb2db11f","src/ntmisc.rs":"4904e383065828b86013ebd3b85d45b384b522899954ac89c561963061acc962","src/ntmmapi.rs":"3a371e9edb7df91d1242f9dae92bf6d295c9b6c3ca65846c8d1ebbba55bdf7ee","src/ntnls.rs":"ef90b985da124d2f4c4b8cb0addab766a0928843b4afa4bce40b3a9fcddaf163","src/ntobapi.rs":"3071d8bc73e40d92d769e4093744820c0a5e116ecf4a94676ca3cdc008adfd8e","src/ntpebteb.rs":"94a9fbc1b3c48fa368f1b602fa205d41d3201e4d8c638c0898402eb3ebb5b72a","src/ntpfapi.rs":"37270db61f2562cd5481302c2a5a64be186b8c7126eacfe12b6c66e9bec4bf61","src/ntpnpapi.rs":"cfcaa3dd6110f25a48c51c011bb8369e83e3817e142afb412e40d6e4b868a036","src/ntpoapi.rs":"a535206a89cd42f81e3b931e5802f8b3343fd35387e9f3fedd9b042a78853f34","src/ntpsapi.rs":"2ed2af3e90054aaf260952adcc4e46d6935db1efd57f843124f942388ecfc6ce","src/ntregapi.rs":"a6f5a830b48e88fd0a4824036fffda2d2d80d1cad07baf37607121142f2c4777","src/ntrtl.rs":"d970ae6cba47f346eef103d6bcac7260bb7fc70ebb7ec226b09acb6c5bc1f6c6","src/ntsam.rs":"dc59cfa944c27cf02b782fdbf110de4757ca6ae77806820a64a17742670242b4","src/ntseapi.rs":"c87688e028aa05513e361bb72288ef3af2f3dfe8e923745a84409d8fdeee57fd","src/ntsmss.rs":"6ac1f029b56a2a8856569c3acbedd7c560d2ccfac030aa2f2178f52d9312cdc5","src/nttmapi.rs":"7092c8b35aae642572c333b0fef1fe4a32f5a9c563249b585766317051670db5","src/nttp.rs":"47be534d36af7d6a715c87ef646824162bd3eb47f86a85ed8357c987c1a4fcdd","src/ntwow64.rs":"725baf7b32d24c0800abf730b58335e682332b821636ca699c40e80ba7148f94","src/ntxcapi.rs":"54fcadd43a0e146ade8ebdd750b09872d0e8f7a1295a9646910529048d5f6dca","src/ntzwapi.rs":"012932586fdbcac8eff57d90ce640e10d20e150dc7702100d1ea46f6f261f868","src/string.rs":"ac0e73f37384e03f14d9dc47fcfb3620a4157e122481f30c82b16fb21ab86a40","src/subprocesstag.rs":"4c85e44c91521cb20e5c6624b0cf4b27ca6ac7c3e560854ad34e0e66fb809971","src/winapi_local.rs":"2003099deec5e7039e5d2dd0aa6a43120816f67e94f4d9909c7f6689b62747e4","src/winapi_local/um.rs":"48859dfb53520bdd569c052ac26d06de2d16c57403ffbe4febbc1e1f25847f45","src/winapi_local/um/winioctl.rs":"00020fcda499ce558edfa4d684f5b4e198cbcfa5b3b8e9b62a122c0aca46514f","src/winapi_local/um/winnt.rs":"2640f7d4027632d45708fc085baaf90f55f792e9b9802625f2b7d4e7655f9da4","src/winsta.rs":"c5a28c5c55f08745b2b100a5a374af821cf173b053eb8ee54ae19a85455d3fac"},"package":"bc51db7b362b205941f71232e56c625156eb9a929f8cf74a428fd5bc094a4afc"}
\ No newline at end of file diff --git a/vendor/ntapi/Cargo.toml b/vendor/ntapi/Cargo.toml deleted file mode 100644 index 910602308..000000000 --- a/vendor/ntapi/Cargo.toml +++ /dev/null @@ -1,69 +0,0 @@ -# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO -# -# When uploading crates to the registry Cargo will automatically -# "normalize" Cargo.toml files for maximal compatibility -# with all versions of Cargo and also rewrite `path` dependencies -# to registry (e.g., crates.io) dependencies. -# -# If you are reading this file be aware that the original Cargo.toml -# will likely look very different (and much more reasonable). -# See Cargo.toml.orig for the original contents. - -[package] -edition = "2018" -name = "ntapi" -version = "0.4.0" -authors = ["MSxDOS <melcodos@gmail.com>"] -include = [ - "src/**/*", - "Cargo.toml", - "build.rs", - "README.md", - "LICENSE-APACHE", - "LICENSE-MIT", -] -description = "FFI bindings for Native API" -documentation = "https://docs.rs/ntapi/*/x86_64-pc-windows-msvc/ntapi/" -readme = "README.md" -keywords = [ - "windows", - "ffi", - "ntapi", - "native", - "win32", -] -categories = [ - "external-ffi-bindings", - "no-std", - "os::windows-apis", -] -license = "Apache-2.0 OR MIT" -repository = "https://github.com/MSxDOS/ntapi" - -[package.metadata.docs.rs] -default-target = "x86_64-pc-windows-msvc" -targets = [ - "aarch64-pc-windows-msvc", - "i686-pc-windows-msvc", - "x86_64-pc-windows-msvc", -] - -[dependencies.winapi] -version = "0.3.9" -features = [ - "cfg", - "evntrace", - "in6addr", - "inaddr", - "minwinbase", - "ntsecapi", - "windef", - "winioctl", -] - -[features] -default = ["user"] -func-types = [] -impl-default = ["winapi/impl-default"] -kernel = [] -user = [] diff --git a/vendor/ntapi/LICENSE-APACHE b/vendor/ntapi/LICENSE-APACHE deleted file mode 100644 index e72929ee9..000000000 --- a/vendor/ntapi/LICENSE-APACHE +++ /dev/null @@ -1,202 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -
\ No newline at end of file diff --git a/vendor/ntapi/LICENSE-MIT b/vendor/ntapi/LICENSE-MIT deleted file mode 100644 index 0235c6ac8..000000000 --- a/vendor/ntapi/LICENSE-MIT +++ /dev/null @@ -1,17 +0,0 @@ -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"),to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL -THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/vendor/ntapi/README.md b/vendor/ntapi/README.md deleted file mode 100644 index 5011accad..000000000 --- a/vendor/ntapi/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# ntapi [![AppVeyor][appveyor_badge]][appveyor_link] [![Crates.io][crates_badge]][crates_link] [![Documentation][docs_badge]][docs_link] [![Lines of Code][loc_badge]][loc_link] [![Unsafe][unsafe_badge]][unsafe_link] - -Rust FFI bindings for Native API. Mostly based on Process Hacker [phnt](https://github.com/processhacker/processhacker/tree/master/phnt) headers as the most complete source of bindings to be found. The comments there also contain useful information on how to use specific things. - -### Minimum supported Rust -1.64 - -[appveyor_link]: https://ci.appveyor.com/project/MSxDOS/ntapi -[appveyor_badge]: https://ci.appveyor.com/api/projects/status/i1fcmm0c5b7c6b6u/branch/master?svg=true -[crates_link]: https://crates.io/crates/ntapi -[crates_badge]: https://img.shields.io/crates/v/ntapi.svg -[docs_link]: https://docs.rs/ntapi/*/x86_64-pc-windows-msvc/ntapi/ -[docs_badge]: https://docs.rs/ntapi/badge.svg -[loc_link]: https://github.com/Aaronepower/tokei -[loc_badge]: https://tokei.rs/b1/github/MSxDOS/ntapi -[unsafe_link]: https://doc.rust-lang.org/book/ch19-01-unsafe-rust.html -[unsafe_badge]: https://img.shields.io/badge/unsafe-%E2%9C%94-C901DD.svg diff --git a/vendor/ntapi/build.rs b/vendor/ntapi/build.rs deleted file mode 100644 index bbd46f595..000000000 --- a/vendor/ntapi/build.rs +++ /dev/null @@ -1,15 +0,0 @@ -use std::env::var; - -fn main() { - #[cfg(feature = "user")] { - if var("TARGET").map( - |t| t == "x86_64-pc-windows-gnu" || t == "i686-pc-windows-gnu" - ).unwrap_or(false) { - if var("WINAPI_NO_BUNDLED_LIBRARIES").is_ok() { - println!("cargo:rustc-link-lib=ntdll"); - } else { - println!("cargo:rustc-link-lib=winapi_ntdll"); - } - } - } -} diff --git a/vendor/ntapi/src/lib.rs b/vendor/ntapi/src/lib.rs deleted file mode 100644 index 0f7708cbe..000000000 --- a/vendor/ntapi/src/lib.rs +++ /dev/null @@ -1,51 +0,0 @@ -//! # Features -//! **`func-types`** -- Generate [types][fn_ptr] for external functions.<br/> -//! **`impl-default`** -- Implement [`Default`] for structs and unions.<br/> -//! **`user`** *(default)* -- Link to `ntdll`.<br/> -//! **`kernel`** -- Link to `ntoskrnl` on MSVC targets.<br/> -//! -//! [fn_ptr]: https://doc.rust-lang.org/reference/types.html#function-pointer-types -//! [`Default`]: https://doc.rust-lang.org/std/default/trait.Default.html#tymethod.default -#![cfg(all(windows, any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64")))] -#![no_std] -#![deny(unused, unused_qualifications)] -#![warn(unused_attributes)] -#![allow(bad_style, deprecated, overflowing_literals, unused_macros, clippy::cast_lossless, clippy::cast_ptr_alignment, clippy::len_without_is_empty, clippy::trivially_copy_pass_by_ref, clippy::unreadable_literal)] -#[doc(hidden)] -pub extern crate core as _core; -#[macro_use] -#[doc(hidden)] -pub extern crate winapi; -#[macro_use] -mod macros; -pub mod ntapi_base; -pub mod ntdbg; -pub mod ntexapi; -pub mod ntgdi; -pub mod ntioapi; -pub mod ntkeapi; -pub mod ntldr; -pub mod ntlpcapi; -pub mod ntmisc; -pub mod ntmmapi; -pub mod ntnls; -pub mod ntobapi; -pub mod ntpebteb; -pub mod ntpfapi; -pub mod ntpnpapi; -pub mod ntpoapi; -pub mod ntpsapi; -pub mod ntregapi; -pub mod ntrtl; -pub mod ntsam; -pub mod ntseapi; -pub mod ntsmss; -pub mod nttmapi; -pub mod nttp; -pub mod ntwow64; -pub mod ntxcapi; -pub mod ntzwapi; -pub mod string; -pub mod subprocesstag; -pub mod winapi_local; -pub mod winsta; diff --git a/vendor/ntapi/src/macros.rs b/vendor/ntapi/src/macros.rs deleted file mode 100644 index 92cdd9678..000000000 --- a/vendor/ntapi/src/macros.rs +++ /dev/null @@ -1,112 +0,0 @@ -#[macro_export] -macro_rules! EXTERN { - (extern $c:tt {$( - fn $n:ident ($( $p:tt $(: $t:ty)?),* $(,)?) $(-> $r:ty)?; - )+}) => { - #[cfg_attr(all(target_env = "msvc", feature = "user"), link(name = "ntdll"))] - #[cfg_attr(all(target_env = "msvc", feature = "kernel"), link(name = "ntoskrnl"))] - extern $c {$( - pub fn $n( - $($p $(: $t)?),* - ) $(-> $r)?; - )+} - $( - #[cfg(feature = "func-types")] - pub type $n = unsafe extern $c fn($($p $(: $t)?),*) $(-> $r)?; - )+ - }; - (extern $c:tt {$( - static mut $n:ident : $t:ty; - )+}) => { - #[cfg_attr(all(target_env = "msvc", feature = "user"), link(name = "ntdll"))] - extern $c {$( - pub static mut $n: $t; - )+} - }; -} -#[macro_export] -#[doc(hidden)] -macro_rules! FIELD_OFFSET { - ($_type:ty, $field:ident$(.$cfields:ident)*) => { - unsafe { - union Transmuter<T: 'static> { - p: *const T, - r: &'static T, - i: usize, - } - #[allow(unaligned_references)] - Transmuter { - r: &(&Transmuter { - p: $crate::_core::ptr::null::<$_type>() - }.r).$field$(.$cfields)* - }.i - } - }; -} -macro_rules! BITFIELD { - ($base:ident $field:ident: $fieldtype:ty [ - $($thing:ident $set_thing:ident[$r:expr],)+ - ]) => { - impl $base {$( - #[inline] - pub const fn $thing(&self) -> $fieldtype { - const SIZE: usize = $crate::_core::mem::size_of::<$fieldtype>() * 8; - self.$field << (SIZE - $r.end) >> (SIZE - $r.end + $r.start) - } - #[inline] - pub fn $set_thing(&mut self, val: $fieldtype) { - const MASK: $fieldtype = ((1 << ($r.end - $r.start)) - 1) << $r.start; - self.$field &= !MASK; - self.$field |= (val << $r.start) & MASK; - } - )+} - }; - (unsafe $base:ident $field:ident: $fieldtype:ty [ - $($thing:ident $set_thing:ident[$r:expr],)+ - ]) => { - impl $base {$( - #[inline] - pub unsafe fn $thing(&self) -> $fieldtype { - const SIZE: usize = $crate::_core::mem::size_of::<$fieldtype>() * 8; - self.$field << (SIZE - $r.end) >> (SIZE - $r.end + $r.start) - } - #[inline] - pub unsafe fn $set_thing(&mut self, val: $fieldtype) { - const MASK: $fieldtype = ((1 << ($r.end - $r.start)) - 1) << $r.start; - self.$field &= !MASK; - self.$field |= (val << $r.start) & MASK; - } - )+} - }; -} -macro_rules! UNION { - ($(#[$attrs:meta])* union $name:ident { - $($variant:ident: $ftype:ty,)+ - }) => ( - #[repr(C)] $(#[$attrs])* - pub union $name { - $(pub $variant: $ftype,)+ - } - impl Copy for $name {} - impl Clone for $name { - #[inline] - fn clone(&self) -> $name { *self } - } - #[cfg(feature = "impl-default")] - impl Default for $name { - #[inline] - fn default() -> $name { unsafe { $crate::_core::mem::zeroed() } } - } - ); -} -macro_rules! FN { - (stdcall $func:ident($($p:ident: $t:ty,)*) -> $ret:ty) => ( - pub type $func = Option<unsafe extern "system" fn($($p: $t,)*) -> $ret>; - ); - (cdecl $func:ident($($p:ident: $t:ty,)*) -> $ret:ty) => ( - pub type $func = Option<unsafe extern "C" fn($($p: $t,)*) -> $ret>; - ); -} -macro_rules! IFDEF { - ($($thing:item)*) => ($($thing)*) -} diff --git a/vendor/ntapi/src/ntapi_base.rs b/vendor/ntapi/src/ntapi_base.rs deleted file mode 100644 index aa341af0b..000000000 --- a/vendor/ntapi/src/ntapi_base.rs +++ /dev/null @@ -1,40 +0,0 @@ -use winapi::shared::ntdef::{HANDLE, LONG, NTSTATUS, ULONG, ULONGLONG, USHORT}; -use winapi::shared::ntstatus::FACILITY_NTWIN32; -pub type KPRIORITY = LONG; -pub type RTL_ATOM = USHORT; -pub type PRTL_ATOM = *mut RTL_ATOM; -pub const NT_FACILITY_MASK: ULONG = 0xfff; -pub const NT_FACILITY_SHIFT: ULONG = 16; -#[inline] -pub const fn NT_FACILITY(Status: NTSTATUS) -> ULONG { - (Status as u32) >> NT_FACILITY_SHIFT & NT_FACILITY_MASK -} -#[inline] -pub const fn NT_NTWIN32(Status: NTSTATUS) -> bool { - NT_FACILITY(Status) == FACILITY_NTWIN32 as u32 -} -#[inline] -pub const fn WIN32_FROM_NTSTATUS(Status: NTSTATUS) -> ULONG { - (Status as u32) & 0xffff -} -STRUCT!{struct CLIENT_ID { - UniqueProcess: HANDLE, - UniqueThread: HANDLE, -}} -pub type PCLIENT_ID = *mut CLIENT_ID; -STRUCT!{struct CLIENT_ID32 { - UniqueProcess: ULONG, - UniqueThread: ULONG, -}} -pub type PCLIENT_ID32 = *mut CLIENT_ID32; -STRUCT!{struct CLIENT_ID64 { - UniqueProcess: ULONGLONG, - UniqueThread: ULONGLONG, -}} -pub type PCLIENT_ID64 = *mut CLIENT_ID64; -STRUCT!{struct KSYSTEM_TIME { - LowPart: ULONG, - High1Time: LONG, - High2Time: LONG, -}} -pub type PKSYSTEM_TIME = *mut KSYSTEM_TIME; diff --git a/vendor/ntapi/src/ntdbg.rs b/vendor/ntapi/src/ntdbg.rs deleted file mode 100644 index 991e8f9da..000000000 --- a/vendor/ntapi/src/ntdbg.rs +++ /dev/null @@ -1,239 +0,0 @@ -use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID}; -use winapi::shared::evntprov::EVENT_FILTER_DESCRIPTOR; -use winapi::shared::guiddef::LPCGUID; -use winapi::shared::ntdef::{ - BOOLEAN, HANDLE, NTSTATUS, PCCH, PCH, PCSTR, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, - PULONG, PVOID, UCHAR, ULONG, ULONGLONG, -}; -use winapi::um::minwinbase::LPDEBUG_EVENT; -use winapi::um::winnt::{ACCESS_MASK, EXCEPTION_RECORD, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE}; -use winapi::vc::vadefs::va_list; -EXTERN!{extern "system" { - fn DbgUserBreakPoint(); - fn DbgBreakPoint(); - fn DbgBreakPointWithStatus( - Status: ULONG, - ); -}} -pub const DBG_STATUS_CONTROL_C: u32 = 1; -pub const DBG_STATUS_SYSRQ: u32 = 2; -pub const DBG_STATUS_BUGCHECK_FIRST: u32 = 3; -pub const DBG_STATUS_BUGCHECK_SECOND: u32 = 4; -pub const DBG_STATUS_FATAL: u32 = 5; -pub const DBG_STATUS_DEBUG_CONTROL: u32 = 6; -pub const DBG_STATUS_WORKER: u32 = 7; -EXTERN!{extern "C" { - fn DbgPrint( - Format: PCSTR, - ... - ) -> ULONG; - fn DbgPrintEx( - ComponentId: ULONG, - Level: ULONG, - Format: PCSTR, - ... - ) -> ULONG; -}} -EXTERN!{extern "system" { - fn vDbgPrintEx( - ComponentId: ULONG, - Level: ULONG, - Format: PCCH, - arglist: va_list, - ) -> ULONG; - fn vDbgPrintExWithPrefix( - Prefix: PCH, - ComponentId: ULONG, - Level: ULONG, - Format: PCCH, - arglist: va_list, - ) -> ULONG; - fn DbgQueryDebugFilterState( - ComponentId: ULONG, - Level: ULONG, - ) -> NTSTATUS; - fn DbgSetDebugFilterState( - ComponentId: ULONG, - Level: ULONG, - State: BOOLEAN, - ) -> NTSTATUS; - fn DbgPrompt( - Prompt: PCCH, - Response: PCH, - Length: ULONG, - ) -> ULONG; -}} -STRUCT!{struct DBGKM_EXCEPTION { - ExceptionRecord: EXCEPTION_RECORD, - FirstChance: ULONG, -}} -pub type PDBGKM_EXCEPTION = *mut DBGKM_EXCEPTION; -STRUCT!{struct DBGKM_CREATE_THREAD { - SubSystemKey: ULONG, - StartAddress: PVOID, -}} -pub type PDBGKM_CREATE_THREAD = *mut DBGKM_CREATE_THREAD; -STRUCT!{struct DBGKM_CREATE_PROCESS { - SubSystemKey: ULONG, - FileHandle: HANDLE, - BaseOfImage: PVOID, - DebugInfoFileOffset: ULONG, - DebugInfoSize: ULONG, - InitialThread: DBGKM_CREATE_THREAD, -}} -pub type PDBGKM_CREATE_PROCESS = *mut DBGKM_CREATE_PROCESS; -STRUCT!{struct DBGKM_EXIT_THREAD { - ExitStatus: NTSTATUS, -}} -pub type PDBGKM_EXIT_THREAD = *mut DBGKM_EXIT_THREAD; -STRUCT!{struct DBGKM_EXIT_PROCESS { - ExitStatus: NTSTATUS, -}} -pub type PDBGKM_EXIT_PROCESS = *mut DBGKM_EXIT_PROCESS; -STRUCT!{struct DBGKM_LOAD_DLL { - FileHandle: HANDLE, - BaseOfDll: PVOID, - DebugInfoFileOffset: ULONG, - DebugInfoSize: ULONG, - NamePointer: PVOID, -}} -pub type PDBGKM_LOAD_DLL = *mut DBGKM_LOAD_DLL; -STRUCT!{struct DBGKM_UNLOAD_DLL { - BaseAddress: PVOID, -}} -pub type PDBGKM_UNLOAD_DLL = *mut DBGKM_UNLOAD_DLL; -ENUM!{enum DBG_STATE { - DbgIdle = 0, - DbgReplyPending = 1, - DbgCreateThreadStateChange = 2, - DbgCreateProcessStateChange = 3, - DbgExitThreadStateChange = 4, - DbgExitProcessStateChange = 5, - DbgExceptionStateChange = 6, - DbgBreakpointStateChange = 7, - DbgSingleStepStateChange = 8, - DbgLoadDllStateChange = 9, - DbgUnloadDllStateChange = 10, -}} -pub type PDBG_STATE = *mut DBG_STATE; -STRUCT!{struct DBGUI_CREATE_THREAD { - HandleToThread: HANDLE, - NewThread: DBGKM_CREATE_THREAD, -}} -pub type PDBGUI_CREATE_THREAD = *mut DBGUI_CREATE_THREAD; -STRUCT!{struct DBGUI_CREATE_PROCESS { - HandleToProcess: HANDLE, - HandleToThread: HANDLE, - NewProcess: DBGKM_CREATE_PROCESS, -}} -UNION!{union DBGUI_WAIT_STATE_CHANGE_StateInfo { - Exception: DBGKM_EXCEPTION, - CreateThread: DBGUI_CREATE_THREAD, - CreateProcessInfo: DBGUI_CREATE_PROCESS, - ExitThread: DBGKM_EXIT_THREAD, - ExitProcess: DBGKM_EXIT_PROCESS, - LoadDll: DBGKM_LOAD_DLL, - UnloadDll: DBGKM_UNLOAD_DLL, -}} -pub type PDBGUI_CREATE_PROCESS = *mut DBGUI_CREATE_PROCESS; -STRUCT!{struct DBGUI_WAIT_STATE_CHANGE { - NewState: DBG_STATE, - AppClientId: CLIENT_ID, - StateInfo: DBGUI_WAIT_STATE_CHANGE_StateInfo, -}} -pub type PDBGUI_WAIT_STATE_CHANGE = *mut DBGUI_WAIT_STATE_CHANGE; -pub const DEBUG_READ_EVENT: ULONG = 0x0001; -pub const DEBUG_PROCESS_ASSIGN: ULONG = 0x0002; -pub const DEBUG_SET_INFORMATION: ULONG = 0x0004; -pub const DEBUG_QUERY_INFORMATION: ULONG = 0x0008; -pub const DEBUG_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | DEBUG_READ_EVENT - | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | DEBUG_QUERY_INFORMATION; -pub const DEBUG_KILL_ON_CLOSE: u32 = 0x1; -ENUM!{enum DEBUGOBJECTINFOCLASS { - DebugObjectUnusedInformation = 0, - DebugObjectKillProcessOnExitInformation = 1, - MaxDebugObjectInfoClass = 2, -}} -pub type PDEBUGOBJECTINFOCLASS = *mut DEBUGOBJECTINFOCLASS; -EXTERN!{extern "system" { - fn NtCreateDebugObject( - DebugObjectHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - Flags: ULONG, - ) -> NTSTATUS; - fn NtDebugActiveProcess( - ProcessHandle: HANDLE, - DebugObjectHandle: HANDLE, - ) -> NTSTATUS; - fn NtDebugContinue( - DebugObjectHandle: HANDLE, - ClientId: PCLIENT_ID, - ContinueStatus: NTSTATUS, - ) -> NTSTATUS; - fn NtRemoveProcessDebug( - ProcessHandle: HANDLE, - DebugObjectHandle: HANDLE, - ) -> NTSTATUS; - fn NtSetInformationDebugObject( - DebugObjectHandle: HANDLE, - DebugObjectInformationClass: DEBUGOBJECTINFOCLASS, - DebugInformation: PVOID, - DebugInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtWaitForDebugEvent( - DebugObjectHandle: HANDLE, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - WaitStateChange: PVOID, - ) -> NTSTATUS; - fn DbgUiConnectToDbg() -> NTSTATUS; - fn DbgUiGetThreadDebugObject() -> HANDLE; - fn DbgUiSetThreadDebugObject( - DebugObject: HANDLE, - ); - fn DbgUiWaitStateChange( - StateChange: PDBGUI_WAIT_STATE_CHANGE, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn DbgUiContinue( - AppClientId: PCLIENT_ID, - ContinueStatus: NTSTATUS, - ) -> NTSTATUS; - fn DbgUiStopDebugging( - Process: HANDLE, - ) -> NTSTATUS; - fn DbgUiDebugActiveProcess( - Process: HANDLE, - ) -> NTSTATUS; - fn DbgUiRemoteBreakin( - Context: PVOID, - ); - fn DbgUiIssueRemoteBreakin( - Process: HANDLE, - ) -> NTSTATUS; - fn DbgUiConvertStateChangeStructure( - StateChange: PDBGUI_WAIT_STATE_CHANGE, - DebugEvent: LPDEBUG_EVENT, - ) -> NTSTATUS; -}} -FN!{stdcall PENABLECALLBACK( - SourceId: LPCGUID, - IsEnabled: ULONG, - Level: UCHAR, - MatchAnyKeyword: ULONGLONG, - MatchAllKeyword: ULONGLONG, - FilterData: *mut EVENT_FILTER_DESCRIPTOR, - CallbackContext: PVOID, -) -> ()} -pub type REGHANDLE = ULONGLONG; -pub type PREGHANDLE = *mut ULONGLONG; -EXTERN!{extern "system" { - fn EtwEventRegister( - ProviderId: LPCGUID, - EnableCallback: PENABLECALLBACK, - CallbackContext: PVOID, - RegHandle: PREGHANDLE, - ) -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/ntexapi.rs b/vendor/ntapi/src/ntexapi.rs deleted file mode 100644 index 08a0ddf9e..000000000 --- a/vendor/ntapi/src/ntexapi.rs +++ /dev/null @@ -1,3000 +0,0 @@ -use core::mem::MaybeUninit; -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -use core::ptr::addr_of; -use core::ptr::read_volatile; -#[cfg(target_arch = "x86")] -use core::hint::spin_loop; -use crate::ntapi_base::{CLIENT_ID, KPRIORITY, KSYSTEM_TIME, PRTL_ATOM, RTL_ATOM}; -use crate::ntioapi::{BUS_DATA_TYPE, FILE_IO_COMPLETION_INFORMATION, INTERFACE_TYPE}; -use crate::ntkeapi::{KPROFILE_SOURCE, KTHREAD_STATE, KWAIT_REASON}; -use crate::ntldr::RTL_PROCESS_MODULE_INFORMATION_EX; -use crate::ntpebteb::PTEB; -use crate::ntpoapi::COUNTED_REASON_CONTEXT; -use winapi::shared::basetsd::{KAFFINITY, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR}; -use winapi::shared::evntrace::PROFILE_SOURCE_INFO; -use winapi::shared::guiddef::{GUID, LPGUID}; -use winapi::shared::ntdef::{ - BOOLEAN, CCHAR, EVENT_TYPE, HANDLE, LANGID, LARGE_INTEGER, LCID, LOGICAL, LONG, LONGLONG, - NTSTATUS, NT_PRODUCT_TYPE, PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE, - PHYSICAL_ADDRESS, PLARGE_INTEGER, PLCID, PLONG, PLUID, POBJECT_ATTRIBUTES, PUCHAR, - PULARGE_INTEGER, PULONG, PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE, - UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR, WNF_STATE_NAME, -}; -use winapi::um::winnt::{ - ACCESS_MASK, ANYSIZE_ARRAY, FIRMWARE_TYPE, GENERIC_MAPPING, PSECURITY_DESCRIPTOR, - STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, XSTATE_CONFIGURATION, -}; -use crate::winapi_local::um::winnt::UInt32x32To64; -EXTERN!{extern "system" { - fn NtDelayExecution( - Alertable: BOOLEAN, - DelayInterval: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtQuerySystemEnvironmentValue( - VariableName: PUNICODE_STRING, - VariableValue: PWSTR, - ValueLength: USHORT, - ReturnLength: PUSHORT, - ) -> NTSTATUS; - fn NtSetSystemEnvironmentValue( - VariableName: PUNICODE_STRING, - VariableValue: PUNICODE_STRING, - ) -> NTSTATUS; - fn NtQuerySystemEnvironmentValueEx( - VariableName: PUNICODE_STRING, - VendorGuid: LPGUID, - Value: PVOID, - ValueLength: PULONG, - Attributes: PULONG, - ) -> NTSTATUS; - fn NtSetSystemEnvironmentValueEx( - VariableName: PUNICODE_STRING, - VendorGuid: LPGUID, - Value: PVOID, - ValueLength: ULONG, - Attributes: ULONG, - ) -> NTSTATUS; - fn NtEnumerateSystemEnvironmentValuesEx( - InformationClass: ULONG, - Buffer: PVOID, - BufferLength: PULONG, - ) -> NTSTATUS; -}} -STRUCT!{struct BOOT_ENTRY { - Version: ULONG, - Length: ULONG, - Id: ULONG, - Attributes: ULONG, - FriendlyNameOffset: ULONG, - BootFilePathOffset: ULONG, - OsOptionsLength: ULONG, - OsOptions: [UCHAR; 1], -}} -pub type PBOOT_ENTRY = *mut BOOT_ENTRY; -STRUCT!{struct BOOT_ENTRY_LIST { - NextEntryOffset: ULONG, - BootEntry: BOOT_ENTRY, -}} -pub type PBOOT_ENTRY_LIST = *mut BOOT_ENTRY_LIST; -STRUCT!{struct BOOT_OPTIONS { - Version: ULONG, - Length: ULONG, - Timeout: ULONG, - CurrentBootEntryId: ULONG, - NextBootEntryId: ULONG, - HeadlessRedirection: [WCHAR; 1], -}} -pub type PBOOT_OPTIONS = *mut BOOT_OPTIONS; -STRUCT!{struct FILE_PATH { - Version: ULONG, - Length: ULONG, - Type: ULONG, - FilePath: [UCHAR; 1], -}} -pub type PFILE_PATH = *mut FILE_PATH; -STRUCT!{struct EFI_DRIVER_ENTRY { - Version: ULONG, - Length: ULONG, - Id: ULONG, - FriendlyNameOffset: ULONG, - DriverFilePathOffset: ULONG, -}} -pub type PEFI_DRIVER_ENTRY = *mut EFI_DRIVER_ENTRY; -STRUCT!{struct EFI_DRIVER_ENTRY_LIST { - NextEntryOffset: ULONG, - DriverEntry: EFI_DRIVER_ENTRY, -}} -pub type PEFI_DRIVER_ENTRY_LIST = *mut EFI_DRIVER_ENTRY_LIST; -EXTERN!{extern "system" { - fn NtAddBootEntry( - BootEntry: PBOOT_ENTRY, - Id: PULONG, - ) -> NTSTATUS; - fn NtDeleteBootEntry( - Id: ULONG, - ) -> NTSTATUS; - fn NtModifyBootEntry( - BootEntry: PBOOT_ENTRY, - ) -> NTSTATUS; - fn NtEnumerateBootEntries( - Buffer: PVOID, - BufferLength: PULONG, - ) -> NTSTATUS; - fn NtQueryBootEntryOrder( - Ids: PULONG, - Count: PULONG, - ) -> NTSTATUS; - fn NtSetBootEntryOrder( - Ids: PULONG, - Count: ULONG, - ) -> NTSTATUS; - fn NtQueryBootOptions( - BootOptions: PBOOT_OPTIONS, - BootOptionsLength: PULONG, - ) -> NTSTATUS; - fn NtSetBootOptions( - BootOptions: PBOOT_OPTIONS, - FieldsToChange: ULONG, - ) -> NTSTATUS; - fn NtTranslateFilePath( - InputFilePath: PFILE_PATH, - OutputType: ULONG, - OutputFilePath: PFILE_PATH, - OutputFilePathLength: PULONG, - ) -> NTSTATUS; - fn NtAddDriverEntry( - DriverEntry: PEFI_DRIVER_ENTRY, - Id: PULONG, - ) -> NTSTATUS; - fn NtDeleteDriverEntry( - Id: ULONG, - ) -> NTSTATUS; - fn NtModifyDriverEntry( - DriverEntry: PEFI_DRIVER_ENTRY, - ) -> NTSTATUS; - fn NtEnumerateDriverEntries( - Buffer: PVOID, - BufferLength: PULONG, - ) -> NTSTATUS; - fn NtQueryDriverEntryOrder( - Ids: PULONG, - Count: PULONG, - ) -> NTSTATUS; - fn NtSetDriverEntryOrder( - Ids: PULONG, - Count: ULONG, - ) -> NTSTATUS; -}} -ENUM!{enum FILTER_BOOT_OPTION_OPERATION { - FilterBootOptionOperationOpenSystemStore = 0, - FilterBootOptionOperationSetElement = 1, - FilterBootOptionOperationDeleteElement = 2, - FilterBootOptionOperationMax = 3, -}} -EXTERN!{extern "system" { - fn NtFilterBootOption( - FilterOperation: FILTER_BOOT_OPTION_OPERATION, - ObjectType: ULONG, - ElementType: ULONG, - Data: PVOID, - DataSize: ULONG, - ) -> NTSTATUS; -}} -pub const EVENT_QUERY_STATE: u32 = 0x0001; -ENUM!{enum EVENT_INFORMATION_CLASS { - EventBasicInformation = 0, -}} -STRUCT!{struct EVENT_BASIC_INFORMATION { - EventType: EVENT_TYPE, - EventState: LONG, -}} -pub type PEVENT_BASIC_INFORMATION = *mut EVENT_BASIC_INFORMATION; -EXTERN!{extern "system" { - fn NtCreateEvent( - EventHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - EventType: EVENT_TYPE, - InitialState: BOOLEAN, - ) -> NTSTATUS; - fn NtOpenEvent( - EventHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtSetEvent( - EventHandle: HANDLE, - PreviousState: PLONG, - ) -> NTSTATUS; - fn NtSetEventBoostPriority( - EventHandle: HANDLE, - ) -> NTSTATUS; - fn NtClearEvent( - EventHandle: HANDLE, - ) -> NTSTATUS; - fn NtResetEvent( - EventHandle: HANDLE, - PreviousState: PLONG, - ) -> NTSTATUS; - fn NtPulseEvent( - EventHandle: HANDLE, - PreviousState: PLONG, - ) -> NTSTATUS; - fn NtQueryEvent( - EventHandle: HANDLE, - EventInformationClass: EVENT_INFORMATION_CLASS, - EventInformation: PVOID, - EventInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; -}} -pub const EVENT_PAIR_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE; -EXTERN!{extern "system" { - fn NtCreateEventPair( - EventPairHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtOpenEventPair( - EventPairHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtSetLowEventPair( - EventPairHandle: HANDLE, - ) -> NTSTATUS; - fn NtSetHighEventPair( - EventPairHandle: HANDLE, - ) -> NTSTATUS; - fn NtWaitLowEventPair( - EventPairHandle: HANDLE, - ) -> NTSTATUS; - fn NtWaitHighEventPair( - EventPairHandle: HANDLE, - ) -> NTSTATUS; - fn NtSetLowWaitHighEventPair( - EventPairHandle: HANDLE, - ) -> NTSTATUS; - fn NtSetHighWaitLowEventPair( - EventPairHandle: HANDLE, - ) -> NTSTATUS; -}} -ENUM!{enum MUTANT_INFORMATION_CLASS { - MutantBasicInformation = 0, - MutantOwnerInformation = 1, -}} -STRUCT!{struct MUTANT_BASIC_INFORMATION { - CurrentCount: LONG, - OwnedByCaller: BOOLEAN, - AbandonedState: BOOLEAN, -}} -pub type PMUTANT_BASIC_INFORMATION = *mut MUTANT_BASIC_INFORMATION; -STRUCT!{struct MUTANT_OWNER_INFORMATION { - ClientId: CLIENT_ID, -}} -pub type PMUTANT_OWNER_INFORMATION = *mut MUTANT_OWNER_INFORMATION; -EXTERN!{extern "system" { - fn NtCreateMutant( - MutantHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - InitialOwner: BOOLEAN, - ) -> NTSTATUS; - fn NtOpenMutant( - MutantHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtReleaseMutant( - MutantHandle: HANDLE, - PreviousCount: PLONG, - ) -> NTSTATUS; - fn NtQueryMutant( - MutantHandle: HANDLE, - MutantInformationClass: MUTANT_INFORMATION_CLASS, - MutantInformation: PVOID, - MutantInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; -}} -pub const SEMAPHORE_QUERY_STATE: u32 = 0x0001; -ENUM!{enum SEMAPHORE_INFORMATION_CLASS { - SemaphoreBasicInformation = 0, -}} -STRUCT!{struct SEMAPHORE_BASIC_INFORMATION { - CurrentCount: LONG, - MaximumCount: LONG, -}} -pub type PSEMAPHORE_BASIC_INFORMATION = *mut SEMAPHORE_BASIC_INFORMATION; -EXTERN!{extern "system" { - fn NtCreateSemaphore( - SemaphoreHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - InitialCount: LONG, - MaximumCount: LONG, - ) -> NTSTATUS; - fn NtOpenSemaphore( - SemaphoreHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtReleaseSemaphore( - SemaphoreHandle: HANDLE, - ReleaseCount: LONG, - PreviousCount: PLONG, - ) -> NTSTATUS; - fn NtQuerySemaphore( - SemaphoreHandle: HANDLE, - SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS, - SemaphoreInformation: PVOID, - SemaphoreInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; -}} -ENUM!{enum TIMER_INFORMATION_CLASS { - TimerBasicInformation = 0, -}} -STRUCT!{struct TIMER_BASIC_INFORMATION { - RemainingTime: LARGE_INTEGER, - TimerState: BOOLEAN, -}} -pub type PTIMER_BASIC_INFORMATION = *mut TIMER_BASIC_INFORMATION; -FN!{stdcall PTIMER_APC_ROUTINE( - TimerContext: PVOID, - TimerLowValue: ULONG, - TimerHighValue: LONG, -) -> ()} -ENUM!{enum TIMER_SET_INFORMATION_CLASS { - TimerSetCoalescableTimer = 0, - MaxTimerInfoClass = 1, -}} -STRUCT!{struct TIMER_SET_COALESCABLE_TIMER_INFO { - DueTime: LARGE_INTEGER, - TimerApcRoutine: PTIMER_APC_ROUTINE, - TimerContext: PVOID, - WakeContext: *mut COUNTED_REASON_CONTEXT, - Period: ULONG, - TolerableDelay: ULONG, - PreviousState: PBOOLEAN, -}} -pub type PTIMER_SET_COALESCABLE_TIMER_INFO = *mut TIMER_SET_COALESCABLE_TIMER_INFO; -EXTERN!{extern "system" { - fn NtCreateTimer( - TimerHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - TimerType: TIMER_TYPE, - ) -> NTSTATUS; - fn NtOpenTimer( - TimerHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtSetTimer( - TimerHandle: HANDLE, - DueTime: PLARGE_INTEGER, - TimerApcRoutine: PTIMER_APC_ROUTINE, - TimerContext: PVOID, - ResumeTimer: BOOLEAN, - Period: LONG, - PreviousState: PBOOLEAN, - ) -> NTSTATUS; - fn NtSetTimerEx( - TimerHandle: HANDLE, - TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS, - TimerSetInformation: PVOID, - TimerSetInformationLength: ULONG, - ) -> NTSTATUS; - fn NtCancelTimer( - TimerHandle: HANDLE, - CurrentState: PBOOLEAN, - ) -> NTSTATUS; - fn NtQueryTimer( - TimerHandle: HANDLE, - TimerInformationClass: TIMER_INFORMATION_CLASS, - TimerInformation: PVOID, - TimerInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtCreateIRTimer( - TimerHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ) -> NTSTATUS; - fn NtSetIRTimer( - TimerHandle: HANDLE, - DueTime: PLARGE_INTEGER, - ) -> NTSTATUS; -}} -STRUCT!{struct T2_SET_PARAMETERS { - Version: ULONG, - Reserved: ULONG, - NoWakeTolerance: LONGLONG, -}} -pub type PT2_SET_PARAMETERS = *mut T2_SET_PARAMETERS; -pub type PT2_CANCEL_PARAMETERS = PVOID; -EXTERN!{extern "system" { - fn NtCreateTimer2( - TimerHandle: PHANDLE, - Reserved1: PVOID, - Reserved2: PVOID, - Attributes: ULONG, - DesiredAccess: ACCESS_MASK, - ) -> NTSTATUS; - fn NtSetTimer2( - TimerHandle: HANDLE, - DueTime: PLARGE_INTEGER, - Period: PLARGE_INTEGER, - Parameters: PT2_SET_PARAMETERS, - ) -> NTSTATUS; - fn NtCancelTimer2( - TimerHandle: HANDLE, - Parameters: PT2_CANCEL_PARAMETERS, - ) -> NTSTATUS; -}} -pub const PROFILE_CONTROL: u32 = 0x0001; -pub const PROFILE_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL; -EXTERN!{extern "system" { - fn NtCreateProfile( - ProfileHandle: PHANDLE, - Process: HANDLE, - ProfileBase: PVOID, - ProfileSize: SIZE_T, - BucketSize: ULONG, - Buffer: PULONG, - BufferSize: ULONG, - ProfileSource: KPROFILE_SOURCE, - Affinity: KAFFINITY, - ) -> NTSTATUS; - fn NtCreateProfileEx( - ProfileHandle: PHANDLE, - Process: HANDLE, - ProfileBase: PVOID, - ProfileSize: SIZE_T, - BucketSize: ULONG, - Buffer: PULONG, - BufferSize: ULONG, - ProfileSource: KPROFILE_SOURCE, - GroupCount: USHORT, - GroupAffinity: PGROUP_AFFINITY, - ) -> NTSTATUS; - fn NtStartProfile( - ProfileHandle: HANDLE, - ) -> NTSTATUS; - fn NtStopProfile( - ProfileHandle: HANDLE, - ) -> NTSTATUS; - fn NtQueryIntervalProfile( - ProfileSource: KPROFILE_SOURCE, - Interval: PULONG, - ) -> NTSTATUS; - fn NtSetIntervalProfile( - Interval: ULONG, - Source: KPROFILE_SOURCE, - ) -> NTSTATUS; -}} -pub const KEYEDEVENT_WAIT: ULONG = 0x0001; -pub const KEYEDEVENT_WAKE: ULONG = 0x0002; -pub const KEYEDEVENT_ALL_ACCESS: ACCESS_MASK = - STANDARD_RIGHTS_REQUIRED | KEYEDEVENT_WAIT | KEYEDEVENT_WAKE; -EXTERN!{extern "system" { - fn NtCreateKeyedEvent( - KeyedEventHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - Flags: ULONG, - ) -> NTSTATUS; - fn NtOpenKeyedEvent( - KeyedEventHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtReleaseKeyedEvent( - KeyedEventHandle: HANDLE, - KeyValue: PVOID, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtWaitForKeyedEvent( - KeyedEventHandle: HANDLE, - KeyValue: PVOID, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtUmsThreadYield( - SchedulerParam: PVOID, - ) -> NTSTATUS; -}} -ENUM!{enum WNF_STATE_NAME_LIFETIME { - WnfWellKnownStateName = 0, - WnfPermanentStateName = 1, - WnfPersistentStateName = 2, - WnfTemporaryStateName = 3, -}} -ENUM!{enum WNF_STATE_NAME_INFORMATION { - WnfInfoStateNameExist = 0, - WnfInfoSubscribersPresent = 1, - WnfInfoIsQuiescent = 2, -}} -ENUM!{enum WNF_DATA_SCOPE { - WnfDataScopeSystem = 0, - WnfDataScopeSession = 1, - WnfDataScopeUser = 2, - WnfDataScopeProcess = 3, - WnfDataScopeMachine = 4, -}} -STRUCT!{struct WNF_TYPE_ID { - TypeId: GUID, -}} -pub type PWNF_TYPE_ID = *mut WNF_TYPE_ID; -pub type PCWNF_TYPE_ID = *const WNF_TYPE_ID; -pub type PWNF_CHANGE_STAMP = *mut ULONG; -pub type WNF_CHANGE_STAMP = ULONG; -STRUCT!{struct WNF_DELIVERY_DESCRIPTOR { - SubscriptionId: ULONGLONG, - StateName: WNF_STATE_NAME, - ChangeStamp: WNF_CHANGE_STAMP, - StateDataSize: ULONG, - EventMask: ULONG, - TypeId: WNF_TYPE_ID, - StateDataOffset: ULONG, -}} -pub type PWNF_DELIVERY_DESCRIPTOR = *mut WNF_DELIVERY_DESCRIPTOR; -EXTERN!{extern "system" { - fn NtCreateWnfStateName( - StateName: PWNF_STATE_NAME, - NameLifetime: WNF_STATE_NAME_LIFETIME, - DataScope: WNF_DATA_SCOPE, - PersistData: BOOLEAN, - TypeId: PCWNF_TYPE_ID, - MaximumStateSize: ULONG, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ) -> NTSTATUS; - fn NtDeleteWnfStateName( - StateName: PCWNF_STATE_NAME, - ) -> NTSTATUS; - fn NtUpdateWnfStateData( - StateName: PCWNF_STATE_NAME, - Buffer: *const VOID, - Length: ULONG, - TypeId: PCWNF_TYPE_ID, - ExplicitScope: *const VOID, - MatchingChangeStamp: WNF_CHANGE_STAMP, - CheckStamp: LOGICAL, - ) -> NTSTATUS; - fn NtDeleteWnfStateData( - StateName: PCWNF_STATE_NAME, - ExplicitScope: *const VOID, - ) -> NTSTATUS; - fn NtQueryWnfStateData( - StateName: PCWNF_STATE_NAME, - TypeId: PCWNF_TYPE_ID, - ExplicitScope: *const VOID, - ChangeStamp: PWNF_CHANGE_STAMP, - Buffer: PVOID, - BufferSize: PULONG, - ) -> NTSTATUS; - fn NtQueryWnfStateNameInformation( - StateName: PCWNF_STATE_NAME, - NameInfoClass: WNF_STATE_NAME_INFORMATION, - ExplicitScope: *const VOID, - InfoBuffer: PVOID, - InfoBufferSize: ULONG, - ) -> NTSTATUS; - fn NtSubscribeWnfStateChange( - StateName: PCWNF_STATE_NAME, - ChangeStamp: WNF_CHANGE_STAMP, - EventMask: ULONG, - SubscriptionId: PULONG64, - ) -> NTSTATUS; - fn NtUnsubscribeWnfStateChange( - StateName: PCWNF_STATE_NAME, - ) -> NTSTATUS; - fn NtGetCompleteWnfStateSubscription( - OldDescriptorStateName: PWNF_STATE_NAME, - OldSubscriptionId: *mut ULONG64, - OldDescriptorEventMask: ULONG, - OldDescriptorStatus: ULONG, - NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR, - DescriptorSize: ULONG, - ) -> NTSTATUS; - fn NtSetWnfProcessNotificationEvent( - NotificationEvent: HANDLE, - ) -> NTSTATUS; -}} -pub const WORKER_FACTORY_RELEASE_WORKER: u32 = 0x0001; -pub const WORKER_FACTORY_WAIT: u32 = 0x0002; -pub const WORKER_FACTORY_SET_INFORMATION: u32 = 0x0004; -pub const WORKER_FACTORY_QUERY_INFORMATION: u32 = 0x0008; -pub const WORKER_FACTORY_READY_WORKER: u32 = 0x0010; -pub const WORKER_FACTORY_SHUTDOWN: u32 = 0x0020; -pub const WORKER_FACTORY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED - | WORKER_FACTORY_RELEASE_WORKER | WORKER_FACTORY_WAIT | WORKER_FACTORY_SET_INFORMATION - | WORKER_FACTORY_QUERY_INFORMATION | WORKER_FACTORY_READY_WORKER | WORKER_FACTORY_SHUTDOWN; -ENUM!{enum WORKERFACTORYINFOCLASS { - WorkerFactoryTimeout = 0, - WorkerFactoryRetryTimeout = 1, - WorkerFactoryIdleTimeout = 2, - WorkerFactoryBindingCount = 3, - WorkerFactoryThreadMinimum = 4, - WorkerFactoryThreadMaximum = 5, - WorkerFactoryPaused = 6, - WorkerFactoryBasicInformation = 7, - WorkerFactoryAdjustThreadGoal = 8, - WorkerFactoryCallbackType = 9, - WorkerFactoryStackInformation = 10, - WorkerFactoryThreadBasePriority = 11, - WorkerFactoryTimeoutWaiters = 12, - WorkerFactoryFlags = 13, - WorkerFactoryThreadSoftMaximum = 14, - MaxWorkerFactoryInfoClass = 15, -}} -pub type PWORKERFACTORYINFOCLASS = *mut WORKERFACTORYINFOCLASS; -STRUCT!{struct WORKER_FACTORY_BASIC_INFORMATION { - Timeout: LARGE_INTEGER, - RetryTimeout: LARGE_INTEGER, - IdleTimeout: LARGE_INTEGER, - Paused: BOOLEAN, - TimerSet: BOOLEAN, - QueuedToExWorker: BOOLEAN, - MayCreate: BOOLEAN, - CreateInProgress: BOOLEAN, - InsertedIntoQueue: BOOLEAN, - Shutdown: BOOLEAN, - BindingCount: ULONG, - ThreadMinimum: ULONG, - ThreadMaximum: ULONG, - PendingWorkerCount: ULONG, - WaitingWorkerCount: ULONG, - TotalWorkerCount: ULONG, - ReleaseCount: ULONG, - InfiniteWaitGoal: LONGLONG, - StartRoutine: PVOID, - StartParameter: PVOID, - ProcessId: HANDLE, - StackReserve: SIZE_T, - StackCommit: SIZE_T, - LastThreadCreationStatus: NTSTATUS, -}} -pub type PWORKER_FACTORY_BASIC_INFORMATION = *mut WORKER_FACTORY_BASIC_INFORMATION; -EXTERN!{extern "system" { - fn NtCreateWorkerFactory( - WorkerFactoryHandleReturn: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - CompletionPortHandle: HANDLE, - WorkerProcessHandle: HANDLE, - StartRoutine: PVOID, - StartParameter: PVOID, - MaxThreadCount: ULONG, - StackReserve: SIZE_T, - StackCommit: SIZE_T, - ) -> NTSTATUS; - fn NtQueryInformationWorkerFactory( - WorkerFactoryHandle: HANDLE, - WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, - WorkerFactoryInformation: PVOID, - WorkerFactoryInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtSetInformationWorkerFactory( - WorkerFactoryHandle: HANDLE, - WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, - WorkerFactoryInformation: PVOID, - WorkerFactoryInformationLength: ULONG, - ) -> NTSTATUS; - fn NtShutdownWorkerFactory( - WorkerFactoryHandle: HANDLE, - PendingWorkerCount: *mut LONG, - ) -> NTSTATUS; - fn NtReleaseWorkerFactoryWorker( - WorkerFactoryHandle: HANDLE, - ) -> NTSTATUS; - fn NtWorkerFactoryWorkerReady( - WorkerFactoryHandle: HANDLE, - ) -> NTSTATUS; - fn NtWaitForWorkViaWorkerFactory( - WorkerFactoryHandle: HANDLE, - MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION, - ) -> NTSTATUS; - fn NtQuerySystemTime( - SystemTime: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtSetSystemTime( - SystemTime: PLARGE_INTEGER, - PreviousTime: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtQueryTimerResolution( - MaximumTime: PULONG, - MinimumTime: PULONG, - CurrentTime: PULONG, - ) -> NTSTATUS; - fn NtSetTimerResolution( - DesiredTime: ULONG, - SetResolution: BOOLEAN, - ActualTime: PULONG, - ) -> NTSTATUS; - fn NtQueryPerformanceCounter( - PerformanceCounter: PLARGE_INTEGER, - PerformanceFrequency: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtAllocateLocallyUniqueId( - Luid: PLUID, - ) -> NTSTATUS; - fn NtSetUuidSeed( - Seed: PCHAR, - ) -> NTSTATUS; - fn NtAllocateUuids( - Time: PULARGE_INTEGER, - Range: PULONG, - Sequence: PULONG, - Seed: PCHAR, - ) -> NTSTATUS; -}} -ENUM!{enum SYSTEM_INFORMATION_CLASS { - SystemBasicInformation = 0, - SystemProcessorInformation = 1, - SystemPerformanceInformation = 2, - SystemTimeOfDayInformation = 3, - SystemPathInformation = 4, - SystemProcessInformation = 5, - SystemCallCountInformation = 6, - SystemDeviceInformation = 7, - SystemProcessorPerformanceInformation = 8, - SystemFlagsInformation = 9, - SystemCallTimeInformation = 10, - SystemModuleInformation = 11, - SystemLocksInformation = 12, - SystemStackTraceInformation = 13, - SystemPagedPoolInformation = 14, - SystemNonPagedPoolInformation = 15, - SystemHandleInformation = 16, - SystemObjectInformation = 17, - SystemPageFileInformation = 18, - SystemVdmInstemulInformation = 19, - SystemVdmBopInformation = 20, - SystemFileCacheInformation = 21, - SystemPoolTagInformation = 22, - SystemInterruptInformation = 23, - SystemDpcBehaviorInformation = 24, - SystemFullMemoryInformation = 25, - SystemLoadGdiDriverInformation = 26, - SystemUnloadGdiDriverInformation = 27, - SystemTimeAdjustmentInformation = 28, - SystemSummaryMemoryInformation = 29, - SystemMirrorMemoryInformation = 30, - SystemPerformanceTraceInformation = 31, - SystemObsolete0 = 32, - SystemExceptionInformation = 33, - SystemCrashDumpStateInformation = 34, - SystemKernelDebuggerInformation = 35, - SystemContextSwitchInformation = 36, - SystemRegistryQuotaInformation = 37, - SystemExtendServiceTableInformation = 38, - SystemPrioritySeperation = 39, - SystemVerifierAddDriverInformation = 40, - SystemVerifierRemoveDriverInformation = 41, - SystemProcessorIdleInformation = 42, - SystemLegacyDriverInformation = 43, - SystemCurrentTimeZoneInformation = 44, - SystemLookasideInformation = 45, - SystemTimeSlipNotification = 46, - SystemSessionCreate = 47, - SystemSessionDetach = 48, - SystemSessionInformation = 49, - SystemRangeStartInformation = 50, - SystemVerifierInformation = 51, - SystemVerifierThunkExtend = 52, - SystemSessionProcessInformation = 53, - SystemLoadGdiDriverInSystemSpace = 54, - SystemNumaProcessorMap = 55, - SystemPrefetcherInformation = 56, - SystemExtendedProcessInformation = 57, - SystemRecommendedSharedDataAlignment = 58, - SystemComPlusPackage = 59, - SystemNumaAvailableMemory = 60, - SystemProcessorPowerInformation = 61, - SystemEmulationBasicInformation = 62, - SystemEmulationProcessorInformation = 63, - SystemExtendedHandleInformation = 64, - SystemLostDelayedWriteInformation = 65, - SystemBigPoolInformation = 66, - SystemSessionPoolTagInformation = 67, - SystemSessionMappedViewInformation = 68, - SystemHotpatchInformation = 69, - SystemObjectSecurityMode = 70, - SystemWatchdogTimerHandler = 71, - SystemWatchdogTimerInformation = 72, - SystemLogicalProcessorInformation = 73, - SystemWow64SharedInformationObsolete = 74, - SystemRegisterFirmwareTableInformationHandler = 75, - SystemFirmwareTableInformation = 76, - SystemModuleInformationEx = 77, - SystemVerifierTriageInformation = 78, - SystemSuperfetchInformation = 79, - SystemMemoryListInformation = 80, - SystemFileCacheInformationEx = 81, - SystemThreadPriorityClientIdInformation = 82, - SystemProcessorIdleCycleTimeInformation = 83, - SystemVerifierCancellationInformation = 84, - SystemProcessorPowerInformationEx = 85, - SystemRefTraceInformation = 86, - SystemSpecialPoolInformation = 87, - SystemProcessIdInformation = 88, - SystemErrorPortInformation = 89, - SystemBootEnvironmentInformation = 90, - SystemHypervisorInformation = 91, - SystemVerifierInformationEx = 92, - SystemTimeZoneInformation = 93, - SystemImageFileExecutionOptionsInformation = 94, - SystemCoverageInformation = 95, - SystemPrefetchPatchInformation = 96, - SystemVerifierFaultsInformation = 97, - SystemSystemPartitionInformation = 98, - SystemSystemDiskInformation = 99, - SystemProcessorPerformanceDistribution = 100, - SystemNumaProximityNodeInformation = 101, - SystemDynamicTimeZoneInformation = 102, - SystemCodeIntegrityInformation = 103, - SystemProcessorMicrocodeUpdateInformation = 104, - SystemProcessorBrandString = 105, - SystemVirtualAddressInformation = 106, - SystemLogicalProcessorAndGroupInformation = 107, - SystemProcessorCycleTimeInformation = 108, - SystemStoreInformation = 109, - SystemRegistryAppendString = 110, - SystemAitSamplingValue = 111, - SystemVhdBootInformation = 112, - SystemCpuQuotaInformation = 113, - SystemNativeBasicInformation = 114, - SystemSpare1 = 115, - SystemLowPriorityIoInformation = 116, - SystemTpmBootEntropyInformation = 117, - SystemVerifierCountersInformation = 118, - SystemPagedPoolInformationEx = 119, - SystemSystemPtesInformationEx = 120, - SystemNodeDistanceInformation = 121, - SystemAcpiAuditInformation = 122, - SystemBasicPerformanceInformation = 123, - SystemQueryPerformanceCounterInformation = 124, - SystemSessionBigPoolInformation = 125, - SystemBootGraphicsInformation = 126, - SystemScrubPhysicalMemoryInformation = 127, - SystemBadPageInformation = 128, - SystemProcessorProfileControlArea = 129, - SystemCombinePhysicalMemoryInformation = 130, - SystemEntropyInterruptTimingCallback = 131, - SystemConsoleInformation = 132, - SystemPlatformBinaryInformation = 133, - SystemThrottleNotificationInformation = 134, - SystemHypervisorProcessorCountInformation = 135, - SystemDeviceDataInformation = 136, - SystemDeviceDataEnumerationInformation = 137, - SystemMemoryTopologyInformation = 138, - SystemMemoryChannelInformation = 139, - SystemBootLogoInformation = 140, - SystemProcessorPerformanceInformationEx = 141, - SystemSpare0 = 142, - SystemSecureBootPolicyInformation = 143, - SystemPageFileInformationEx = 144, - SystemSecureBootInformation = 145, - SystemEntropyInterruptTimingRawInformation = 146, - SystemPortableWorkspaceEfiLauncherInformation = 147, - SystemFullProcessInformation = 148, - SystemKernelDebuggerInformationEx = 149, - SystemBootMetadataInformation = 150, - SystemSoftRebootInformation = 151, - SystemElamCertificateInformation = 152, - SystemOfflineDumpConfigInformation = 153, - SystemProcessorFeaturesInformation = 154, - SystemRegistryReconciliationInformation = 155, - SystemEdidInformation = 156, - SystemManufacturingInformation = 157, - SystemEnergyEstimationConfigInformation = 158, - SystemHypervisorDetailInformation = 159, - SystemProcessorCycleStatsInformation = 160, - SystemVmGenerationCountInformation = 161, - SystemTrustedPlatformModuleInformation = 162, - SystemKernelDebuggerFlags = 163, - SystemCodeIntegrityPolicyInformation = 164, - SystemIsolatedUserModeInformation = 165, - SystemHardwareSecurityTestInterfaceResultsInformation = 166, - SystemSingleModuleInformation = 167, - SystemAllowedCpuSetsInformation = 168, - SystemVsmProtectionInformation = 169, - SystemInterruptCpuSetsInformation = 170, - SystemSecureBootPolicyFullInformation = 171, - SystemCodeIntegrityPolicyFullInformation = 172, - SystemAffinitizedInterruptProcessorInformation = 173, - SystemRootSiloInformation = 174, - SystemCpuSetInformation = 175, - SystemCpuSetTagInformation = 176, - SystemWin32WerStartCallout = 177, - SystemSecureKernelProfileInformation = 178, - SystemCodeIntegrityPlatformManifestInformation = 179, - SystemInterruptSteeringInformation = 180, - SystemSupportedProcessorArchitectures = 181, - SystemMemoryUsageInformation = 182, - SystemCodeIntegrityCertificateInformation = 183, - SystemPhysicalMemoryInformation = 184, - SystemControlFlowTransition = 185, - SystemKernelDebuggingAllowed = 186, - SystemActivityModerationExeState = 187, - SystemActivityModerationUserSettings = 188, - SystemCodeIntegrityPoliciesFullInformation = 189, - SystemCodeIntegrityUnlockInformation = 190, - SystemIntegrityQuotaInformation = 191, - SystemFlushInformation = 192, - SystemProcessorIdleMaskInformation = 193, - SystemSecureDumpEncryptionInformation = 194, - SystemWriteConstraintInformation = 195, - SystemKernelVaShadowInformation = 196, - SystemHypervisorSharedPageInformation = 197, - SystemFirmwareBootPerformanceInformation = 198, - SystemCodeIntegrityVerificationInformation = 199, - SystemFirmwarePartitionInformation = 200, - SystemSpeculationControlInformation = 201, - SystemDmaGuardPolicyInformation = 202, - SystemEnclaveLaunchControlInformation = 203, - SystemWorkloadAllowedCpuSetsInformation = 204, - SystemCodeIntegrityUnlockModeInformation = 205, - SystemLeapSecondInformation = 206, - SystemFlags2Information = 207, - MaxSystemInfoClass = 208, -}} -STRUCT!{struct SYSTEM_BASIC_INFORMATION { - Reserved: ULONG, - TimerResolution: ULONG, - PageSize: ULONG, - NumberOfPhysicalPages: ULONG, - LowestPhysicalPageNumber: ULONG, - HighestPhysicalPageNumber: ULONG, - AllocationGranularity: ULONG, - MinimumUserModeAddress: ULONG_PTR, - MaximumUserModeAddress: ULONG_PTR, - ActiveProcessorsAffinityMask: ULONG_PTR, - NumberOfProcessors: CCHAR, -}} -pub type PSYSTEM_BASIC_INFORMATION = *mut SYSTEM_BASIC_INFORMATION; -STRUCT!{struct SYSTEM_PROCESSOR_INFORMATION { - ProcessorArchitecture: USHORT, - ProcessorLevel: USHORT, - ProcessorRevision: USHORT, - MaximumProcessors: USHORT, - ProcessorFeatureBits: ULONG, -}} -pub type PSYSTEM_PROCESSOR_INFORMATION = *mut SYSTEM_PROCESSOR_INFORMATION; -STRUCT!{struct SYSTEM_PERFORMANCE_INFORMATION { - IdleProcessTime: LARGE_INTEGER, - IoReadTransferCount: LARGE_INTEGER, - IoWriteTransferCount: LARGE_INTEGER, - IoOtherTransferCount: LARGE_INTEGER, - IoReadOperationCount: ULONG, - IoWriteOperationCount: ULONG, - IoOtherOperationCount: ULONG, - AvailablePages: ULONG, - CommittedPages: ULONG, - CommitLimit: ULONG, - PeakCommitment: ULONG, - PageFaultCount: ULONG, - CopyOnWriteCount: ULONG, - TransitionCount: ULONG, - CacheTransitionCount: ULONG, - DemandZeroCount: ULONG, - PageReadCount: ULONG, - PageReadIoCount: ULONG, - CacheReadCount: ULONG, - CacheIoCount: ULONG, - DirtyPagesWriteCount: ULONG, - DirtyWriteIoCount: ULONG, - MappedPagesWriteCount: ULONG, - MappedWriteIoCount: ULONG, - PagedPoolPages: ULONG, - NonPagedPoolPages: ULONG, - PagedPoolAllocs: ULONG, - PagedPoolFrees: ULONG, - NonPagedPoolAllocs: ULONG, - NonPagedPoolFrees: ULONG, - FreeSystemPtes: ULONG, - ResidentSystemCodePage: ULONG, - TotalSystemDriverPages: ULONG, - TotalSystemCodePages: ULONG, - NonPagedPoolLookasideHits: ULONG, - PagedPoolLookasideHits: ULONG, - AvailablePagedPoolPages: ULONG, - ResidentSystemCachePage: ULONG, - ResidentPagedPoolPage: ULONG, - ResidentSystemDriverPage: ULONG, - CcFastReadNoWait: ULONG, - CcFastReadWait: ULONG, - CcFastReadResourceMiss: ULONG, - CcFastReadNotPossible: ULONG, - CcFastMdlReadNoWait: ULONG, - CcFastMdlReadWait: ULONG, - CcFastMdlReadResourceMiss: ULONG, - CcFastMdlReadNotPossible: ULONG, - CcMapDataNoWait: ULONG, - CcMapDataWait: ULONG, - CcMapDataNoWaitMiss: ULONG, - CcMapDataWaitMiss: ULONG, - CcPinMappedDataCount: ULONG, - CcPinReadNoWait: ULONG, - CcPinReadWait: ULONG, - CcPinReadNoWaitMiss: ULONG, - CcPinReadWaitMiss: ULONG, - CcCopyReadNoWait: ULONG, - CcCopyReadWait: ULONG, - CcCopyReadNoWaitMiss: ULONG, - CcCopyReadWaitMiss: ULONG, - CcMdlReadNoWait: ULONG, - CcMdlReadWait: ULONG, - CcMdlReadNoWaitMiss: ULONG, - CcMdlReadWaitMiss: ULONG, - CcReadAheadIos: ULONG, - CcLazyWriteIos: ULONG, - CcLazyWritePages: ULONG, - CcDataFlushes: ULONG, - CcDataPages: ULONG, - ContextSwitches: ULONG, - FirstLevelTbFills: ULONG, - SecondLevelTbFills: ULONG, - SystemCalls: ULONG, - CcTotalDirtyPages: ULONGLONG, - CcDirtyPageThreshold: ULONGLONG, - ResidentAvailablePages: LONGLONG, - SharedCommittedPages: ULONGLONG, -}} -pub type PSYSTEM_PERFORMANCE_INFORMATION = *mut SYSTEM_PERFORMANCE_INFORMATION; -STRUCT!{struct SYSTEM_TIMEOFDAY_INFORMATION { - BootTime: LARGE_INTEGER, - CurrentTime: LARGE_INTEGER, - TimeZoneBias: LARGE_INTEGER, - TimeZoneId: ULONG, - Reserved: ULONG, - BootTimeBias: ULONGLONG, - SleepTimeBias: ULONGLONG, -}} -pub type PSYSTEM_TIMEOFDAY_INFORMATION = *mut SYSTEM_TIMEOFDAY_INFORMATION; -STRUCT!{struct SYSTEM_THREAD_INFORMATION { - KernelTime: LARGE_INTEGER, - UserTime: LARGE_INTEGER, - CreateTime: LARGE_INTEGER, - WaitTime: ULONG, - StartAddress: PVOID, - ClientId: CLIENT_ID, - Priority: KPRIORITY, - BasePriority: LONG, - ContextSwitches: ULONG, - ThreadState: KTHREAD_STATE, - WaitReason: KWAIT_REASON, -}} -pub type PSYSTEM_THREAD_INFORMATION = *mut SYSTEM_THREAD_INFORMATION; -STRUCT!{struct SYSTEM_EXTENDED_THREAD_INFORMATION { - ThreadInfo: SYSTEM_THREAD_INFORMATION, - StackBase: PVOID, - StackLimit: PVOID, - Win32StartAddress: PVOID, - TebBase: PTEB, - Reserved2: ULONG_PTR, - Reserved3: ULONG_PTR, - Reserved4: ULONG_PTR, -}} -pub type PSYSTEM_EXTENDED_THREAD_INFORMATION = *mut SYSTEM_EXTENDED_THREAD_INFORMATION; -STRUCT!{struct SYSTEM_PROCESS_INFORMATION { - NextEntryOffset: ULONG, - NumberOfThreads: ULONG, - WorkingSetPrivateSize: LARGE_INTEGER, - HardFaultCount: ULONG, - NumberOfThreadsHighWatermark: ULONG, - CycleTime: ULONGLONG, - CreateTime: LARGE_INTEGER, - UserTime: LARGE_INTEGER, - KernelTime: LARGE_INTEGER, - ImageName: UNICODE_STRING, - BasePriority: KPRIORITY, - UniqueProcessId: HANDLE, - InheritedFromUniqueProcessId: HANDLE, - HandleCount: ULONG, - SessionId: ULONG, - UniqueProcessKey: ULONG_PTR, - PeakVirtualSize: SIZE_T, - VirtualSize: SIZE_T, - PageFaultCount: ULONG, - PeakWorkingSetSize: SIZE_T, - WorkingSetSize: SIZE_T, - QuotaPeakPagedPoolUsage: SIZE_T, - QuotaPagedPoolUsage: SIZE_T, - QuotaPeakNonPagedPoolUsage: SIZE_T, - QuotaNonPagedPoolUsage: SIZE_T, - PagefileUsage: SIZE_T, - PeakPagefileUsage: SIZE_T, - PrivatePageCount: SIZE_T, - ReadOperationCount: LARGE_INTEGER, - WriteOperationCount: LARGE_INTEGER, - OtherOperationCount: LARGE_INTEGER, - ReadTransferCount: LARGE_INTEGER, - WriteTransferCount: LARGE_INTEGER, - OtherTransferCount: LARGE_INTEGER, - Threads: [SYSTEM_THREAD_INFORMATION; 1], -}} -pub type PSYSTEM_PROCESS_INFORMATION = *mut SYSTEM_PROCESS_INFORMATION; -STRUCT!{struct SYSTEM_CALL_COUNT_INFORMATION { - Length: ULONG, - NumberOfTables: ULONG, -}} -pub type PSYSTEM_CALL_COUNT_INFORMATION = *mut SYSTEM_CALL_COUNT_INFORMATION; -STRUCT!{struct SYSTEM_DEVICE_INFORMATION { - NumberOfDisks: ULONG, - NumberOfFloppies: ULONG, - NumberOfCdRoms: ULONG, - NumberOfTapes: ULONG, - NumberOfSerialPorts: ULONG, - NumberOfParallelPorts: ULONG, -}} -pub type PSYSTEM_DEVICE_INFORMATION = *mut SYSTEM_DEVICE_INFORMATION; -STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION { - IdleTime: LARGE_INTEGER, - KernelTime: LARGE_INTEGER, - UserTime: LARGE_INTEGER, - DpcTime: LARGE_INTEGER, - InterruptTime: LARGE_INTEGER, - InterruptCount: ULONG, -}} -pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION = *mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; -STRUCT!{struct SYSTEM_FLAGS_INFORMATION { - Flags: ULONG, -}} -pub type PSYSTEM_FLAGS_INFORMATION = *mut SYSTEM_FLAGS_INFORMATION; -STRUCT!{struct SYSTEM_CALL_TIME_INFORMATION { - Length: ULONG, - TotalCalls: ULONG, - TimeOfCalls: [LARGE_INTEGER; 1], -}} -pub type PSYSTEM_CALL_TIME_INFORMATION = *mut SYSTEM_CALL_TIME_INFORMATION; -STRUCT!{struct RTL_PROCESS_LOCK_INFORMATION { - Address: PVOID, - Type: USHORT, - CreatorBackTraceIndex: USHORT, - OwningThread: HANDLE, - LockCount: LONG, - ContentionCount: ULONG, - EntryCount: ULONG, - RecursionCount: LONG, - NumberOfWaitingShared: ULONG, - NumberOfWaitingExclusive: ULONG, -}} -pub type PRTL_PROCESS_LOCK_INFORMATION = *mut RTL_PROCESS_LOCK_INFORMATION; -STRUCT!{struct RTL_PROCESS_LOCKS { - NumberOfLocks: ULONG, - Locks: [RTL_PROCESS_LOCK_INFORMATION; 1], -}} -pub type PRTL_PROCESS_LOCKS = *mut RTL_PROCESS_LOCKS; -STRUCT!{struct RTL_PROCESS_BACKTRACE_INFORMATION { - SymbolicBackTrace: PCHAR, - TraceCount: ULONG, - Index: USHORT, - Depth: USHORT, - BackTrace: [PVOID; 32], -}} -pub type PRTL_PROCESS_BACKTRACE_INFORMATION = *mut RTL_PROCESS_BACKTRACE_INFORMATION; -STRUCT!{struct RTL_PROCESS_BACKTRACES { - CommittedMemory: ULONG, - ReservedMemory: ULONG, - NumberOfBackTraceLookups: ULONG, - NumberOfBackTraces: ULONG, - BackTraces: [RTL_PROCESS_BACKTRACE_INFORMATION; 1], -}} -pub type PRTL_PROCESS_BACKTRACES = *mut RTL_PROCESS_BACKTRACES; -STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO { - UniqueProcessId: USHORT, - CreatorBackTraceIndex: USHORT, - ObjectTypeIndex: UCHAR, - HandleAttributes: UCHAR, - HandleValue: USHORT, - Object: PVOID, - GrantedAccess: ULONG, -}} -pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO; -STRUCT!{struct SYSTEM_HANDLE_INFORMATION { - NumberOfHandles: ULONG, - Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO; 1], -}} -pub type PSYSTEM_HANDLE_INFORMATION = *mut SYSTEM_HANDLE_INFORMATION; -STRUCT!{struct SYSTEM_OBJECTTYPE_INFORMATION { - NextEntryOffset: ULONG, - NumberOfObjects: ULONG, - NumberOfHandles: ULONG, - TypeIndex: ULONG, - InvalidAttributes: ULONG, - GenericMapping: GENERIC_MAPPING, - ValidAccessMask: ULONG, - PoolType: ULONG, - SecurityRequired: BOOLEAN, - WaitableObject: BOOLEAN, - TypeName: UNICODE_STRING, -}} -pub type PSYSTEM_OBJECTTYPE_INFORMATION = *mut SYSTEM_OBJECTTYPE_INFORMATION; -STRUCT!{struct SYSTEM_OBJECT_INFORMATION { - NextEntryOffset: ULONG, - Object: PVOID, - CreatorUniqueProcess: HANDLE, - CreatorBackTraceIndex: USHORT, - Flags: USHORT, - PointerCount: LONG, - HandleCount: LONG, - PagedPoolCharge: ULONG, - NonPagedPoolCharge: ULONG, - ExclusiveProcessId: HANDLE, - SecurityDescriptor: PVOID, - NameInfo: UNICODE_STRING, -}} -pub type PSYSTEM_OBJECT_INFORMATION = *mut SYSTEM_OBJECT_INFORMATION; -STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION { - NextEntryOffset: ULONG, - TotalSize: ULONG, - TotalInUse: ULONG, - PeakUsage: ULONG, - PageFileName: UNICODE_STRING, -}} -pub type PSYSTEM_PAGEFILE_INFORMATION = *mut SYSTEM_PAGEFILE_INFORMATION; -pub const MM_WORKING_SET_MAX_HARD_ENABLE: ULONG = 0x1; -pub const MM_WORKING_SET_MAX_HARD_DISABLE: ULONG = 0x2; -pub const MM_WORKING_SET_MIN_HARD_ENABLE: ULONG = 0x4; -pub const MM_WORKING_SET_MIN_HARD_DISABLE: ULONG = 0x8; -STRUCT!{struct SYSTEM_FILECACHE_INFORMATION { - CurrentSize: SIZE_T, - PeakSize: SIZE_T, - PageFaultCount: ULONG, - MinimumWorkingSet: SIZE_T, - MaximumWorkingSet: SIZE_T, - CurrentSizeIncludingTransitionInPages: SIZE_T, - PeakSizeIncludingTransitionInPages: SIZE_T, - TransitionRePurposeCount: ULONG, - Flags: ULONG, -}} -pub type PSYSTEM_FILECACHE_INFORMATION = *mut SYSTEM_FILECACHE_INFORMATION; -STRUCT!{struct SYSTEM_BASIC_WORKING_SET_INFORMATION { - CurrentSize: SIZE_T, - PeakSize: SIZE_T, - PageFaultCount: ULONG, -}} -pub type PSYSTEM_BASIC_WORKING_SET_INFORMATION = *mut SYSTEM_BASIC_WORKING_SET_INFORMATION; -UNION!{union SYSTEM_POOLTAG_u { - Tag: [UCHAR; 4], - TagUlong: ULONG, -}} -STRUCT!{struct SYSTEM_POOLTAG { - u: SYSTEM_POOLTAG_u, - PagedAllocs: ULONG, - PagedFrees: ULONG, - PagedUsed: SIZE_T, - NonPagedAllocs: ULONG, - NonPagedFrees: ULONG, - NonPagedUsed: SIZE_T, -}} -pub type PSYSTEM_POOLTAG = *mut SYSTEM_POOLTAG; -STRUCT!{struct SYSTEM_POOLTAG_INFORMATION { - Count: ULONG, - TagInfo: [SYSTEM_POOLTAG; 1], -}} -pub type PSYSTEM_POOLTAG_INFORMATION = *mut SYSTEM_POOLTAG_INFORMATION; -STRUCT!{struct SYSTEM_INTERRUPT_INFORMATION { - ContextSwitches: ULONG, - DpcCount: ULONG, - DpcRate: ULONG, - TimeIncrement: ULONG, - DpcBypassCount: ULONG, - ApcBypassCount: ULONG, -}} -pub type PSYSTEM_INTERRUPT_INFORMATION = *mut SYSTEM_INTERRUPT_INFORMATION; -STRUCT!{struct SYSTEM_DPC_BEHAVIOR_INFORMATION { - Spare: ULONG, - DpcQueueDepth: ULONG, - MinimumDpcRate: ULONG, - AdjustDpcThreshold: ULONG, - IdealDpcRate: ULONG, -}} -pub type PSYSTEM_DPC_BEHAVIOR_INFORMATION = *mut SYSTEM_DPC_BEHAVIOR_INFORMATION; -STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION { - TimeAdjustment: ULONG, - TimeIncrement: ULONG, - Enable: BOOLEAN, -}} -pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION = *mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION; -STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE { - TimeAdjustment: ULONGLONG, - TimeIncrement: ULONGLONG, - Enable: BOOLEAN, -}} -pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE = - *mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE; -STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION { - TimeAdjustment: ULONG, - Enable: BOOLEAN, -}} -pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION = *mut SYSTEM_SET_TIME_ADJUST_INFORMATION; -STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE { - TimeAdjustment: ULONGLONG, - Enable: BOOLEAN, -}} -pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE = - *mut SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE; -ENUM!{enum EVENT_TRACE_INFORMATION_CLASS { - EventTraceKernelVersionInformation = 0, - EventTraceGroupMaskInformation = 1, - EventTracePerformanceInformation = 2, - EventTraceTimeProfileInformation = 3, - EventTraceSessionSecurityInformation = 4, - EventTraceSpinlockInformation = 5, - EventTraceStackTracingInformation = 6, - EventTraceExecutiveResourceInformation = 7, - EventTraceHeapTracingInformation = 8, - EventTraceHeapSummaryTracingInformation = 9, - EventTracePoolTagFilterInformation = 10, - EventTracePebsTracingInformation = 11, - EventTraceProfileConfigInformation = 12, - EventTraceProfileSourceListInformation = 13, - EventTraceProfileEventListInformation = 14, - EventTraceProfileCounterListInformation = 15, - EventTraceStackCachingInformation = 16, - EventTraceObjectTypeFilterInformation = 17, - EventTraceSoftRestartInformation = 18, - EventTraceLastBranchConfigurationInformation = 19, - EventTraceLastBranchEventListInformation = 20, - EventTraceProfileSourceAddInformation = 21, - EventTraceProfileSourceRemoveInformation = 22, - EventTraceProcessorTraceConfigurationInformation = 23, - EventTraceProcessorTraceEventListInformation = 24, - EventTraceCoverageSamplerInformation = 25, - MaxEventTraceInfoClass = 26, -}} -STRUCT!{struct EVENT_TRACE_VERSION_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - EventTraceKernelVersion: ULONG, -}} -pub type PEVENT_TRACE_VERSION_INFORMATION = *mut EVENT_TRACE_VERSION_INFORMATION; -STRUCT!{struct PERFINFO_GROUPMASK { - Masks: [ULONG; 8], -}} -pub type PPERFINFO_GROUPMASK = *mut PERFINFO_GROUPMASK; -STRUCT!{struct EVENT_TRACE_GROUPMASK_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - TraceHandle: HANDLE, - EventTraceGroupMasks: PERFINFO_GROUPMASK, -}} -pub type PEVENT_TRACE_GROUPMASK_INFORMATION = *mut EVENT_TRACE_GROUPMASK_INFORMATION; -STRUCT!{struct EVENT_TRACE_PERFORMANCE_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - LogfileBytesWritten: LARGE_INTEGER, -}} -pub type PEVENT_TRACE_PERFORMANCE_INFORMATION = *mut EVENT_TRACE_PERFORMANCE_INFORMATION; -STRUCT!{struct EVENT_TRACE_TIME_PROFILE_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - ProfileInterval: ULONG, -}} -pub type PEVENT_TRACE_TIME_PROFILE_INFORMATION = *mut EVENT_TRACE_TIME_PROFILE_INFORMATION; -STRUCT!{struct EVENT_TRACE_SESSION_SECURITY_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - SecurityInformation: ULONG, - TraceHandle: HANDLE, - SecurityDescriptor: [UCHAR; 1], -}} -pub type PEVENT_TRACE_SESSION_SECURITY_INFORMATION = *mut EVENT_TRACE_SESSION_SECURITY_INFORMATION; -STRUCT!{struct EVENT_TRACE_SPINLOCK_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - SpinLockSpinThreshold: ULONG, - SpinLockAcquireSampleRate: ULONG, - SpinLockContentionSampleRate: ULONG, - SpinLockHoldThreshold: ULONG, -}} -pub type PEVENT_TRACE_SPINLOCK_INFORMATION = *mut EVENT_TRACE_SPINLOCK_INFORMATION; -STRUCT!{struct EVENT_TRACE_SYSTEM_EVENT_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - TraceHandle: HANDLE, - HookId: [ULONG; 1], -}} -pub type PEVENT_TRACE_SYSTEM_EVENT_INFORMATION = *mut EVENT_TRACE_SYSTEM_EVENT_INFORMATION; -STRUCT!{struct EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - ReleaseSamplingRate: ULONG, - ContentionSamplingRate: ULONG, - NumberOfExcessiveTimeouts: ULONG, -}} -pub type PEVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION = - *mut EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION; -STRUCT!{struct EVENT_TRACE_HEAP_TRACING_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - ProcessId: ULONG, -}} -pub type PEVENT_TRACE_HEAP_TRACING_INFORMATION = *mut EVENT_TRACE_HEAP_TRACING_INFORMATION; -STRUCT!{struct EVENT_TRACE_TAG_FILTER_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - TraceHandle: HANDLE, - Filter: [ULONG; 1], -}} -pub type PEVENT_TRACE_TAG_FILTER_INFORMATION = *mut EVENT_TRACE_TAG_FILTER_INFORMATION; -STRUCT!{struct EVENT_TRACE_PROFILE_COUNTER_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - TraceHandle: HANDLE, - ProfileSource: [ULONG; 1], -}} -pub type PEVENT_TRACE_PROFILE_COUNTER_INFORMATION = *mut EVENT_TRACE_PROFILE_COUNTER_INFORMATION; -STRUCT!{struct EVENT_TRACE_PROFILE_LIST_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - Spare: ULONG, - Profile: [*mut PROFILE_SOURCE_INFO; 1], -}} -pub type PEVENT_TRACE_PROFILE_LIST_INFORMATION = *mut EVENT_TRACE_PROFILE_LIST_INFORMATION; -STRUCT!{struct EVENT_TRACE_STACK_CACHING_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - TraceHandle: HANDLE, - Enabled: BOOLEAN, - Reserved: [UCHAR; 3], - CacheSize: ULONG, - BucketCount: ULONG, -}} -pub type PEVENT_TRACE_STACK_CACHING_INFORMATION = *mut EVENT_TRACE_STACK_CACHING_INFORMATION; -STRUCT!{struct EVENT_TRACE_SOFT_RESTART_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - TraceHandle: HANDLE, - PersistTraceBuffers: BOOLEAN, - FileName: [WCHAR; 1], -}} -pub type PEVENT_TRACE_SOFT_RESTART_INFORMATION = *mut EVENT_TRACE_SOFT_RESTART_INFORMATION; -STRUCT!{struct EVENT_TRACE_PROFILE_ADD_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - PerfEvtEventSelect: BOOLEAN, - PerfEvtUnitSelect: BOOLEAN, - PerfEvtType: ULONG, - CpuInfoHierarchy: [ULONG; 3], - InitialInterval: ULONG, - AllowsHalt: BOOLEAN, - Persist: BOOLEAN, - ProfileSourceDescription: [WCHAR; 1], -}} -pub type PEVENT_TRACE_PROFILE_ADD_INFORMATION = *mut EVENT_TRACE_PROFILE_ADD_INFORMATION; -STRUCT!{struct EVENT_TRACE_PROFILE_REMOVE_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - ProfileSource: KPROFILE_SOURCE, - CpuInfoHierarchy: [ULONG; 3], -}} -pub type PEVENT_TRACE_PROFILE_REMOVE_INFORMATION = *mut EVENT_TRACE_PROFILE_REMOVE_INFORMATION; -STRUCT!{struct EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION { - EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, - CoverageSamplerInformationClass: BOOLEAN, - MajorVersion: UCHAR, - MinorVersion: UCHAR, - Reserved: UCHAR, - SamplerHandle: HANDLE, -}} -pub type PEVENT_TRACE_COVERAGE_SAMPLER_INFORMATION = *mut EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION; -STRUCT!{struct SYSTEM_EXCEPTION_INFORMATION { - AlignmentFixupCount: ULONG, - ExceptionDispatchCount: ULONG, - FloatingEmulationCount: ULONG, - ByteWordEmulationCount: ULONG, -}} -pub type PSYSTEM_EXCEPTION_INFORMATION = *mut SYSTEM_EXCEPTION_INFORMATION; -STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION { - KernelDebuggerEnabled: BOOLEAN, - KernelDebuggerNotPresent: BOOLEAN, -}} -pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION; -STRUCT!{struct SYSTEM_CONTEXT_SWITCH_INFORMATION { - ContextSwitches: ULONG, - FindAny: ULONG, - FindLast: ULONG, - FindIdeal: ULONG, - IdleAny: ULONG, - IdleCurrent: ULONG, - IdleLast: ULONG, - IdleIdeal: ULONG, - PreemptAny: ULONG, - PreemptCurrent: ULONG, - PreemptLast: ULONG, - SwitchToIdle: ULONG, -}} -pub type PSYSTEM_CONTEXT_SWITCH_INFORMATION = *mut SYSTEM_CONTEXT_SWITCH_INFORMATION; -STRUCT!{struct SYSTEM_REGISTRY_QUOTA_INFORMATION { - RegistryQuotaAllowed: ULONG, - RegistryQuotaUsed: ULONG, - PagedPoolSize: SIZE_T, -}} -pub type PSYSTEM_REGISTRY_QUOTA_INFORMATION = *mut SYSTEM_REGISTRY_QUOTA_INFORMATION; -STRUCT!{struct SYSTEM_PROCESSOR_IDLE_INFORMATION { - IdleTime: ULONGLONG, - C1Time: ULONGLONG, - C2Time: ULONGLONG, - C3Time: ULONGLONG, - C1Transitions: ULONG, - C2Transitions: ULONG, - C3Transitions: ULONG, - Padding: ULONG, -}} -pub type PSYSTEM_PROCESSOR_IDLE_INFORMATION = *mut SYSTEM_PROCESSOR_IDLE_INFORMATION; -STRUCT!{struct SYSTEM_LEGACY_DRIVER_INFORMATION { - VetoType: ULONG, - VetoList: UNICODE_STRING, -}} -pub type PSYSTEM_LEGACY_DRIVER_INFORMATION = *mut SYSTEM_LEGACY_DRIVER_INFORMATION; -STRUCT!{struct SYSTEM_LOOKASIDE_INFORMATION { - CurrentDepth: USHORT, - MaximumDepth: USHORT, - TotalAllocates: ULONG, - AllocateMisses: ULONG, - TotalFrees: ULONG, - FreeMisses: ULONG, - Type: ULONG, - Tag: ULONG, - Size: ULONG, -}} -pub type PSYSTEM_LOOKASIDE_INFORMATION = *mut SYSTEM_LOOKASIDE_INFORMATION; -STRUCT!{struct SYSTEM_RANGE_START_INFORMATION { - SystemRangeStart: PVOID, -}} -pub type PSYSTEM_RANGE_START_INFORMATION = *mut SYSTEM_RANGE_START_INFORMATION; -STRUCT!{struct SYSTEM_VERIFIER_INFORMATION { - NextEntryOffset: ULONG, - Level: ULONG, - DriverName: UNICODE_STRING, - RaiseIrqls: ULONG, - AcquireSpinLocks: ULONG, - SynchronizeExecutions: ULONG, - AllocationsAttempted: ULONG, - AllocationsSucceeded: ULONG, - AllocationsSucceededSpecialPool: ULONG, - AllocationsWithNoTag: ULONG, - TrimRequests: ULONG, - Trims: ULONG, - AllocationsFailed: ULONG, - AllocationsFailedDeliberately: ULONG, - Loads: ULONG, - Unloads: ULONG, - UnTrackedPool: ULONG, - CurrentPagedPoolAllocations: ULONG, - CurrentNonPagedPoolAllocations: ULONG, - PeakPagedPoolAllocations: ULONG, - PeakNonPagedPoolAllocations: ULONG, - PagedPoolUsageInBytes: SIZE_T, - NonPagedPoolUsageInBytes: SIZE_T, - PeakPagedPoolUsageInBytes: SIZE_T, - PeakNonPagedPoolUsageInBytes: SIZE_T, -}} -pub type PSYSTEM_VERIFIER_INFORMATION = *mut SYSTEM_VERIFIER_INFORMATION; -STRUCT!{struct SYSTEM_SESSION_PROCESS_INFORMATION { - SessionId: ULONG, - SizeOfBuf: ULONG, - Buffer: PVOID, -}} -pub type PSYSTEM_SESSION_PROCESS_INFORMATION = *mut SYSTEM_SESSION_PROCESS_INFORMATION; -STRUCT!{struct SYSTEM_PROCESSOR_POWER_INFORMATION { - CurrentFrequency: UCHAR, - ThermalLimitFrequency: UCHAR, - ConstantThrottleFrequency: UCHAR, - DegradedThrottleFrequency: UCHAR, - LastBusyFrequency: UCHAR, - LastC3Frequency: UCHAR, - LastAdjustedBusyFrequency: UCHAR, - ProcessorMinThrottle: UCHAR, - ProcessorMaxThrottle: UCHAR, - NumberOfFrequencies: ULONG, - PromotionCount: ULONG, - DemotionCount: ULONG, - ErrorCount: ULONG, - RetryCount: ULONG, - CurrentFrequencyTime: ULONGLONG, - CurrentProcessorTime: ULONGLONG, - CurrentProcessorIdleTime: ULONGLONG, - LastProcessorTime: ULONGLONG, - LastProcessorIdleTime: ULONGLONG, - Energy: ULONGLONG, -}} -pub type PSYSTEM_PROCESSOR_POWER_INFORMATION = *mut SYSTEM_PROCESSOR_POWER_INFORMATION; -STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX { - Object: PVOID, - UniqueProcessId: ULONG_PTR, - HandleValue: ULONG_PTR, - GrantedAccess: ULONG, - CreatorBackTraceIndex: USHORT, - ObjectTypeIndex: USHORT, - HandleAttributes: ULONG, - Reserved: ULONG, -}} -pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; -STRUCT!{struct SYSTEM_HANDLE_INFORMATION_EX { - NumberOfHandles: ULONG_PTR, - Reserved: ULONG_PTR, - Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; 1], -}} -pub type PSYSTEM_HANDLE_INFORMATION_EX = *mut SYSTEM_HANDLE_INFORMATION_EX; -UNION!{union SYSTEM_BIGPOOL_ENTRY_u1 { - VirtualAddress: PVOID, - Bitfields: ULONG_PTR, -}} -UNION!{union SYSTEM_BIGPOOL_ENTRY_u2 { - Tag: [UCHAR; 4], - TagUlong: ULONG, -}} -BITFIELD!{unsafe SYSTEM_BIGPOOL_ENTRY_u1 Bitfields: ULONG_PTR [ - NonPaged set_NonPaged[0..1], -]} -STRUCT!{struct SYSTEM_BIGPOOL_ENTRY { - u1: SYSTEM_BIGPOOL_ENTRY_u1, - SizeInBytes: SIZE_T, - u2: SYSTEM_BIGPOOL_ENTRY_u2, -}} -pub type PSYSTEM_BIGPOOL_ENTRY = *mut SYSTEM_BIGPOOL_ENTRY; -STRUCT!{struct SYSTEM_BIGPOOL_INFORMATION { - Count: ULONG, - AllocatedInfo: [SYSTEM_BIGPOOL_ENTRY; 1], -}} -pub type PSYSTEM_BIGPOOL_INFORMATION = *mut SYSTEM_BIGPOOL_INFORMATION; -UNION!{union SYSTEM_POOL_ENTRY_u { - Tag: [UCHAR; 4], - TagUlong: ULONG, - ProcessChargedQuota: PVOID, -}} -STRUCT!{struct SYSTEM_POOL_ENTRY { - Allocated: BOOLEAN, - Spare0: BOOLEAN, - AllocatorBackTraceIndex: USHORT, - Size: ULONG, - u: SYSTEM_POOL_ENTRY_u, -}} -pub type PSYSTEM_POOL_ENTRY = *mut SYSTEM_POOL_ENTRY; -STRUCT!{struct SYSTEM_POOL_INFORMATION { - TotalSize: SIZE_T, - FirstEntry: PVOID, - EntryOverhead: USHORT, - PoolTagPresent: BOOLEAN, - Spare0: BOOLEAN, - NumberOfEntries: ULONG, - Entries: [SYSTEM_POOL_ENTRY; 1], -}} -pub type PSYSTEM_POOL_INFORMATION = *mut SYSTEM_POOL_INFORMATION; -STRUCT!{struct SYSTEM_SESSION_POOLTAG_INFORMATION { - NextEntryOffset: SIZE_T, - SessionId: ULONG, - Count: ULONG, - TagInfo: [SYSTEM_POOLTAG; 1], -}} -pub type PSYSTEM_SESSION_POOLTAG_INFORMATION = *mut SYSTEM_SESSION_POOLTAG_INFORMATION; -STRUCT!{struct SYSTEM_SESSION_MAPPED_VIEW_INFORMATION { - NextEntryOffset: SIZE_T, - SessionId: ULONG, - ViewFailures: ULONG, - NumberOfBytesAvailable: SIZE_T, - NumberOfBytesAvailableContiguous: SIZE_T, -}} -pub type PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION = *mut SYSTEM_SESSION_MAPPED_VIEW_INFORMATION; -ENUM!{enum SYSTEM_FIRMWARE_TABLE_ACTION { - SystemFirmwareTableEnumerate = 0, - SystemFirmwareTableGet = 1, - SystemFirmwareTableMax = 2, -}} -STRUCT!{struct SYSTEM_FIRMWARE_TABLE_INFORMATION { - ProviderSignature: ULONG, - Action: SYSTEM_FIRMWARE_TABLE_ACTION, - TableID: ULONG, - TableBufferLength: ULONG, - TableBuffer: [UCHAR; 1], -}} -pub type PSYSTEM_FIRMWARE_TABLE_INFORMATION = *mut SYSTEM_FIRMWARE_TABLE_INFORMATION; -STRUCT!{struct SYSTEM_MEMORY_LIST_INFORMATION { - ZeroPageCount: ULONG_PTR, - FreePageCount: ULONG_PTR, - ModifiedPageCount: ULONG_PTR, - ModifiedNoWritePageCount: ULONG_PTR, - BadPageCount: ULONG_PTR, - PageCountByPriority: [ULONG_PTR; 8], - RepurposedPagesByPriority: [ULONG_PTR; 8], - ModifiedPageCountPageFile: ULONG_PTR, -}} -pub type PSYSTEM_MEMORY_LIST_INFORMATION = *mut SYSTEM_MEMORY_LIST_INFORMATION; -ENUM!{enum SYSTEM_MEMORY_LIST_COMMAND { - MemoryCaptureAccessedBits = 0, - MemoryCaptureAndResetAccessedBits = 1, - MemoryEmptyWorkingSets = 2, - MemoryFlushModifiedList = 3, - MemoryPurgeStandbyList = 4, - MemoryPurgeLowPriorityStandbyList = 5, - MemoryCommandMax = 6, -}} -STRUCT!{struct SYSTEM_THREAD_CID_PRIORITY_INFORMATION { - ClientId: CLIENT_ID, - Priority: KPRIORITY, -}} -pub type PSYSTEM_THREAD_CID_PRIORITY_INFORMATION = *mut SYSTEM_THREAD_CID_PRIORITY_INFORMATION; -STRUCT!{struct SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION { - CycleTime: ULONGLONG, -}} -pub type PSYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION = - *mut SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION; -STRUCT!{struct SYSTEM_REF_TRACE_INFORMATION { - TraceEnable: BOOLEAN, - TracePermanent: BOOLEAN, - TraceProcessName: UNICODE_STRING, - TracePoolTags: UNICODE_STRING, -}} -pub type PSYSTEM_REF_TRACE_INFORMATION = *mut SYSTEM_REF_TRACE_INFORMATION; -STRUCT!{struct SYSTEM_PROCESS_ID_INFORMATION { - ProcessId: HANDLE, - ImageName: UNICODE_STRING, -}} -pub type PSYSTEM_PROCESS_ID_INFORMATION = *mut SYSTEM_PROCESS_ID_INFORMATION; -STRUCT!{struct SYSTEM_BOOT_ENVIRONMENT_INFORMATION { - BootIdentifier: GUID, - FirmwareType: FIRMWARE_TYPE, - BootFlags: ULONGLONG, -}} -BITFIELD!{SYSTEM_BOOT_ENVIRONMENT_INFORMATION BootFlags: ULONGLONG [ - DbgMenuOsSelection set_DbgMenuOsSelection[0..1], - DbgHiberBoot set_DbgHiberBoot[1..2], - DbgSoftBoot set_DbgSoftBoot[2..3], - DbgMeasuredLaunch set_DbgMeasuredLaunch[3..4], -]} -pub type PSYSTEM_BOOT_ENVIRONMENT_INFORMATION = *mut SYSTEM_BOOT_ENVIRONMENT_INFORMATION; -STRUCT!{struct SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION { - FlagsToEnable: ULONG, - FlagsToDisable: ULONG, -}} -pub type PSYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION = - *mut SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION; -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX { - VerifyMode: ULONG, - OptionChanges: ULONG, - PreviousBucketName: UNICODE_STRING, - IrpCancelTimeoutMsec: ULONG, - VerifierExtensionEnabled: ULONG, - Reserved: [ULONG; 1], -}} -#[cfg(target_arch = "x86")] -STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX { - VerifyMode: ULONG, - OptionChanges: ULONG, - PreviousBucketName: UNICODE_STRING, - IrpCancelTimeoutMsec: ULONG, - VerifierExtensionEnabled: ULONG, - Reserved: [ULONG; 3], -}} -pub type PSYSTEM_VERIFIER_INFORMATION_EX = *mut SYSTEM_VERIFIER_INFORMATION_EX; -STRUCT!{struct SYSTEM_SYSTEM_PARTITION_INFORMATION { - SystemPartition: UNICODE_STRING, -}} -pub type PSYSTEM_SYSTEM_PARTITION_INFORMATION = *mut SYSTEM_SYSTEM_PARTITION_INFORMATION; -STRUCT!{struct SYSTEM_SYSTEM_DISK_INFORMATION { - SystemDisk: UNICODE_STRING, -}} -pub type PSYSTEM_SYSTEM_DISK_INFORMATION = *mut SYSTEM_SYSTEM_DISK_INFORMATION; -STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT { - Hits: ULONGLONG, - PercentFrequency: UCHAR, -}} -pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT = *mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; -STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 { - Hits: ULONG, - PercentFrequency: UCHAR, -}} -pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 = - *mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8; -STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION { - ProcessorNumber: ULONG, - StateCount: ULONG, - States: [SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; 1], -}} -pub type PSYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION = - *mut SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION; -STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION { - ProcessorCount: ULONG, - Offsets: [ULONG; 1], -}} -pub type PSYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION = - *mut SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION; -STRUCT!{struct SYSTEM_CODEINTEGRITY_INFORMATION { - Length: ULONG, - CodeIntegrityOptions: ULONG, -}} -pub type PSYSTEM_CODEINTEGRITY_INFORMATION = *mut SYSTEM_CODEINTEGRITY_INFORMATION; -ENUM!{enum SYSTEM_VA_TYPE { - SystemVaTypeAll = 0, - SystemVaTypeNonPagedPool = 1, - SystemVaTypePagedPool = 2, - SystemVaTypeSystemCache = 3, - SystemVaTypeSystemPtes = 4, - SystemVaTypeSessionSpace = 5, - SystemVaTypeMax = 6, -}} -pub type PSYSTEM_VA_TYPE = *mut SYSTEM_VA_TYPE; -STRUCT!{struct SYSTEM_VA_LIST_INFORMATION { - VirtualSize: SIZE_T, - VirtualPeak: SIZE_T, - VirtualLimit: SIZE_T, - AllocationFailures: SIZE_T, -}} -pub type PSYSTEM_VA_LIST_INFORMATION = *mut SYSTEM_VA_LIST_INFORMATION; -STRUCT!{struct SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS { - KeyHandle: HANDLE, - ValueNamePointer: PUNICODE_STRING, - RequiredLengthPointer: PULONG, - Buffer: PUCHAR, - BufferLength: ULONG, - Type: ULONG, - AppendBuffer: PUCHAR, - AppendBufferLength: ULONG, - CreateIfDoesntExist: BOOLEAN, - TruncateExistingValue: BOOLEAN, -}} -pub type PSYSTEM_REGISTRY_APPEND_STRING_PARAMETERS = *mut SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS; -STRUCT!{struct SYSTEM_VHD_BOOT_INFORMATION { - OsDiskIsVhd: BOOLEAN, - OsVhdFilePathOffset: ULONG, - OsVhdParentVolume: [WCHAR; ANYSIZE_ARRAY], -}} -pub type PSYSTEM_VHD_BOOT_INFORMATION = *mut SYSTEM_VHD_BOOT_INFORMATION; -STRUCT!{struct SYSTEM_LOW_PRIORITY_IO_INFORMATION { - LowPriReadOperations: ULONG, - LowPriWriteOperations: ULONG, - KernelBumpedToNormalOperations: ULONG, - LowPriPagingReadOperations: ULONG, - KernelPagingReadsBumpedToNormal: ULONG, - LowPriPagingWriteOperations: ULONG, - KernelPagingWritesBumpedToNormal: ULONG, - BoostedIrpCount: ULONG, - BoostedPagingIrpCount: ULONG, - BlanketBoostCount: ULONG, -}} -pub type PSYSTEM_LOW_PRIORITY_IO_INFORMATION = *mut SYSTEM_LOW_PRIORITY_IO_INFORMATION; -ENUM!{enum TPM_BOOT_ENTROPY_RESULT_CODE { - TpmBootEntropyStructureUninitialized = 0, - TpmBootEntropyDisabledByPolicy = 1, - TpmBootEntropyNoTpmFound = 2, - TpmBootEntropyTpmError = 3, - TpmBootEntropySuccess = 4, -}} -STRUCT!{struct TPM_BOOT_ENTROPY_NT_RESULT { - Policy: ULONGLONG, - ResultCode: TPM_BOOT_ENTROPY_RESULT_CODE, - ResultStatus: NTSTATUS, - Time: ULONGLONG, - EntropyLength: ULONG, - EntropyData: [UCHAR; 40], -}} -pub type PTPM_BOOT_ENTROPY_NT_RESULT = *mut TPM_BOOT_ENTROPY_NT_RESULT; -STRUCT!{struct SYSTEM_VERIFIER_COUNTERS_INFORMATION { - Legacy: SYSTEM_VERIFIER_INFORMATION, - RaiseIrqls: ULONG, - AcquireSpinLocks: ULONG, - SynchronizeExecutions: ULONG, - AllocationsWithNoTag: ULONG, - AllocationsFailed: ULONG, - AllocationsFailedDeliberately: ULONG, - LockedBytes: SIZE_T, - PeakLockedBytes: SIZE_T, - MappedLockedBytes: SIZE_T, - PeakMappedLockedBytes: SIZE_T, - MappedIoSpaceBytes: SIZE_T, - PeakMappedIoSpaceBytes: SIZE_T, - PagesForMdlBytes: SIZE_T, - PeakPagesForMdlBytes: SIZE_T, - ContiguousMemoryBytes: SIZE_T, - PeakContiguousMemoryBytes: SIZE_T, - ExecutePoolTypes: ULONG, - ExecutePageProtections: ULONG, - ExecutePageMappings: ULONG, - ExecuteWriteSections: ULONG, - SectionAlignmentFailures: ULONG, - UnsupportedRelocs: ULONG, - IATInExecutableSection: ULONG, -}} -pub type PSYSTEM_VERIFIER_COUNTERS_INFORMATION = *mut SYSTEM_VERIFIER_COUNTERS_INFORMATION; -STRUCT!{struct SYSTEM_ACPI_AUDIT_INFORMATION { - RsdpCount: ULONG, - Bitfields: ULONG, -}} -BITFIELD!{SYSTEM_ACPI_AUDIT_INFORMATION Bitfields: ULONG [ - SameRsdt set_SameRsdt[0..1], - SlicPresent set_SlicPresent[1..2], - SlicDifferent set_SlicDifferent[2..3], -]} -pub type PSYSTEM_ACPI_AUDIT_INFORMATION = *mut SYSTEM_ACPI_AUDIT_INFORMATION; -STRUCT!{struct SYSTEM_BASIC_PERFORMANCE_INFORMATION { - AvailablePages: SIZE_T, - CommittedPages: SIZE_T, - CommitLimit: SIZE_T, - PeakCommitment: SIZE_T, -}} -pub type PSYSTEM_BASIC_PERFORMANCE_INFORMATION = *mut SYSTEM_BASIC_PERFORMANCE_INFORMATION; -STRUCT!{struct QUERY_PERFORMANCE_COUNTER_FLAGS { - ul: ULONG, -}} -BITFIELD!{QUERY_PERFORMANCE_COUNTER_FLAGS ul: ULONG [ - KernelTransition set_KernelTransition[0..1], - Reserved set_Reserved[1..32], -]} -STRUCT!{struct SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION { - Version: ULONG, - Flags: QUERY_PERFORMANCE_COUNTER_FLAGS, - ValidFlags: QUERY_PERFORMANCE_COUNTER_FLAGS, -}} -pub type PSYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION = - *mut SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION; -ENUM!{enum SYSTEM_PIXEL_FORMAT { - SystemPixelFormatUnknown = 0, - SystemPixelFormatR8G8B8 = 1, - SystemPixelFormatR8G8B8X8 = 2, - SystemPixelFormatB8G8R8 = 3, - SystemPixelFormatB8G8R8X8 = 4, -}} -STRUCT!{struct SYSTEM_BOOT_GRAPHICS_INFORMATION { - FrameBuffer: LARGE_INTEGER, - Width: ULONG, - Height: ULONG, - PixelStride: ULONG, - Flags: ULONG, - Format: SYSTEM_PIXEL_FORMAT, - DisplayRotation: ULONG, -}} -pub type PSYSTEM_BOOT_GRAPHICS_INFORMATION = *mut SYSTEM_BOOT_GRAPHICS_INFORMATION; -STRUCT!{struct MEMORY_SCRUB_INFORMATION { - Handle: HANDLE, - PagesScrubbed: ULONG, -}} -pub type PMEMORY_SCRUB_INFORMATION = *mut MEMORY_SCRUB_INFORMATION; -STRUCT!{struct PEBS_DS_SAVE_AREA { - BtsBufferBase: ULONGLONG, - BtsIndex: ULONGLONG, - BtsAbsoluteMaximum: ULONGLONG, - BtsInterruptThreshold: ULONGLONG, - PebsBufferBase: ULONGLONG, - PebsIndex: ULONGLONG, - PebsAbsoluteMaximum: ULONGLONG, - PebsInterruptThreshold: ULONGLONG, - PebsCounterReset0: ULONGLONG, - PebsCounterReset1: ULONGLONG, - PebsCounterReset2: ULONGLONG, - PebsCounterReset3: ULONGLONG, -}} -pub type PPEBS_DS_SAVE_AREA = *mut PEBS_DS_SAVE_AREA; -STRUCT!{struct PROCESSOR_PROFILE_CONTROL_AREA { - PebsDsSaveArea: PEBS_DS_SAVE_AREA, -}} -pub type PPROCESSOR_PROFILE_CONTROL_AREA = *mut PROCESSOR_PROFILE_CONTROL_AREA; -STRUCT!{struct SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA { - ProcessorProfileControlArea: PROCESSOR_PROFILE_CONTROL_AREA, - Allocate: BOOLEAN, -}} -pub type PSYSTEM_PROCESSOR_PROFILE_CONTROL_AREA = *mut SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA; -STRUCT!{struct MEMORY_COMBINE_INFORMATION { - Handle: HANDLE, - PagesCombined: ULONG_PTR, -}} -pub type PMEMORY_COMBINE_INFORMATION = *mut MEMORY_COMBINE_INFORMATION; -pub const MEMORY_COMBINE_FLAGS_COMMON_PAGES_ONLY: ULONG = 0x4; -STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX { - Handle: HANDLE, - PagesCombined: ULONG_PTR, - Flags: ULONG, -}} -pub type PMEMORY_COMBINE_INFORMATION_EX = *mut MEMORY_COMBINE_INFORMATION_EX; -STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX2 { - Handle: HANDLE, - PagesCombined: ULONG_PTR, - Flags: ULONG, - ProcessHandle: HANDLE, -}} -pub type PMEMORY_COMBINE_INFORMATION_EX2 = *mut MEMORY_COMBINE_INFORMATION_EX2; -STRUCT!{struct SYSTEM_CONSOLE_INFORMATION { - Bitfields: ULONG, -}} -BITFIELD!{SYSTEM_CONSOLE_INFORMATION Bitfields: ULONG [ - DriverLoaded set_DriverLoaded[0..1], - Spare set_Spare[1..32], -]} -pub type PSYSTEM_CONSOLE_INFORMATION = *mut SYSTEM_CONSOLE_INFORMATION; -STRUCT!{struct SYSTEM_PLATFORM_BINARY_INFORMATION { - PhysicalAddress: ULONG64, - HandoffBuffer: PVOID, - CommandLineBuffer: PVOID, - HandoffBufferSize: ULONG, - CommandLineBufferSize: ULONG, -}} -pub type PSYSTEM_PLATFORM_BINARY_INFORMATION = *mut SYSTEM_PLATFORM_BINARY_INFORMATION; -STRUCT!{struct SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION { - NumberOfLogicalProcessors: ULONG, - NumberOfCores: ULONG, -}} -pub type PSYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION = - *mut SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION; -STRUCT!{struct SYSTEM_DEVICE_DATA_INFORMATION { - DeviceId: UNICODE_STRING, - DataName: UNICODE_STRING, - DataType: ULONG, - DataBufferLength: ULONG, - DataBuffer: PVOID, -}} -pub type PSYSTEM_DEVICE_DATA_INFORMATION = *mut SYSTEM_DEVICE_DATA_INFORMATION; -STRUCT!{struct PHYSICAL_CHANNEL_RUN { - NodeNumber: ULONG, - ChannelNumber: ULONG, - BasePage: ULONGLONG, - PageCount: ULONGLONG, - Flags: ULONG, -}} -pub type PPHYSICAL_CHANNEL_RUN = *mut PHYSICAL_CHANNEL_RUN; -STRUCT!{struct SYSTEM_MEMORY_TOPOLOGY_INFORMATION { - NumberOfRuns: ULONGLONG, - NumberOfNodes: ULONG, - NumberOfChannels: ULONG, - Run: [PHYSICAL_CHANNEL_RUN; 1], -}} -pub type PSYSTEM_MEMORY_TOPOLOGY_INFORMATION = *mut SYSTEM_MEMORY_TOPOLOGY_INFORMATION; -STRUCT!{struct SYSTEM_MEMORY_CHANNEL_INFORMATION { - ChannelNumber: ULONG, - ChannelHeatIndex: ULONG, - TotalPageCount: ULONGLONG, - ZeroPageCount: ULONGLONG, - FreePageCount: ULONGLONG, - StandbyPageCount: ULONGLONG, -}} -pub type PSYSTEM_MEMORY_CHANNEL_INFORMATION = *mut SYSTEM_MEMORY_CHANNEL_INFORMATION; -STRUCT!{struct SYSTEM_BOOT_LOGO_INFORMATION { - Flags: ULONG, - BitmapOffset: ULONG, -}} -pub type PSYSTEM_BOOT_LOGO_INFORMATION = *mut SYSTEM_BOOT_LOGO_INFORMATION; -STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX { - IdleTime: LARGE_INTEGER, - KernelTime: LARGE_INTEGER, - UserTime: LARGE_INTEGER, - DpcTime: LARGE_INTEGER, - InterruptTime: LARGE_INTEGER, - InterruptCount: ULONG, - Spare0: ULONG, - AvailableTime: LARGE_INTEGER, - Spare1: LARGE_INTEGER, - Spare2: LARGE_INTEGER, -}} -pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX = - *mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX; -STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_INFORMATION { - PolicyPublisher: GUID, - PolicyVersion: ULONG, - PolicyOptions: ULONG, -}} -pub type PSYSTEM_SECUREBOOT_POLICY_INFORMATION = *mut SYSTEM_SECUREBOOT_POLICY_INFORMATION; -STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION_EX { - Info: SYSTEM_PAGEFILE_INFORMATION, - MinimumSize: ULONG, - MaximumSize: ULONG, -}} -pub type PSYSTEM_PAGEFILE_INFORMATION_EX = *mut SYSTEM_PAGEFILE_INFORMATION_EX; -STRUCT!{struct SYSTEM_SECUREBOOT_INFORMATION { - SecureBootEnabled: BOOLEAN, - SecureBootCapable: BOOLEAN, -}} -pub type PSYSTEM_SECUREBOOT_INFORMATION = *mut SYSTEM_SECUREBOOT_INFORMATION; -STRUCT!{struct PROCESS_DISK_COUNTERS { - BytesRead: ULONGLONG, - BytesWritten: ULONGLONG, - ReadOperationCount: ULONGLONG, - WriteOperationCount: ULONGLONG, - FlushOperationCount: ULONGLONG, -}} -pub type PPROCESS_DISK_COUNTERS = *mut PROCESS_DISK_COUNTERS; -UNION!{union ENERGY_STATE_DURATION_u { - Value: ULONGLONG, - LastChangeTime: ULONG, -}} -UNION!{union ENERGY_STATE_DURATION { - u: ENERGY_STATE_DURATION_u, - BitFields: ULONG, -}} -pub type PENERGY_STATE_DURATION = *mut ENERGY_STATE_DURATION; -BITFIELD!{unsafe ENERGY_STATE_DURATION BitFields: ULONG [ - Duration set_Duration[0..31], - IsInState set_IsInState[31..32], -]} -STRUCT!{struct PROCESS_ENERGY_VALUES { - Cycles: [[ULONGLONG; 4]; 2], - DiskEnergy: ULONGLONG, - NetworkTailEnergy: ULONGLONG, - MBBTailEnergy: ULONGLONG, - NetworkTxRxBytes: ULONGLONG, - MBBTxRxBytes: ULONGLONG, - ForegroundDuration: ENERGY_STATE_DURATION, - DesktopVisibleDuration: ENERGY_STATE_DURATION, - PSMForegroundDuration: ENERGY_STATE_DURATION, - CompositionRendered: ULONG, - CompositionDirtyGenerated: ULONG, - CompositionDirtyPropagated: ULONG, - Reserved1: ULONG, - AttributedCycles: [[ULONGLONG; 2]; 4], - WorkOnBehalfCycles: [[ULONGLONG; 2]; 4], -}} -pub type PPROCESS_ENERGY_VALUES = *mut PROCESS_ENERGY_VALUES; -STRUCT!{struct TIMELINE_BITMAP { - Value: ULONGLONG, - EndTime: ULONG, - Bitmap: ULONG, -}} -pub type PTIMELINE_BITMAP = *mut TIMELINE_BITMAP; -STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Timelines { - CpuTimeline: TIMELINE_BITMAP, - DiskTimeline: TIMELINE_BITMAP, - NetworkTimeline: TIMELINE_BITMAP, - MBBTimeline: TIMELINE_BITMAP, - ForegroundTimeline: TIMELINE_BITMAP, - DesktopVisibleTimeline: TIMELINE_BITMAP, - CompositionRenderedTimeline: TIMELINE_BITMAP, - CompositionDirtyGeneratedTimeline: TIMELINE_BITMAP, - CompositionDirtyPropagatedTimeline: TIMELINE_BITMAP, - InputTimeline: TIMELINE_BITMAP, - AudioInTimeline: TIMELINE_BITMAP, - AudioOutTimeline: TIMELINE_BITMAP, - DisplayRequiredTimeline: TIMELINE_BITMAP, - KeyboardInputTimeline: TIMELINE_BITMAP, -}} -STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Durations { - InputDuration: ENERGY_STATE_DURATION, - AudioInDuration: ENERGY_STATE_DURATION, - AudioOutDuration: ENERGY_STATE_DURATION, - DisplayRequiredDuration: ENERGY_STATE_DURATION, - PSMBackgroundDuration: ENERGY_STATE_DURATION, -}} -STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION { - Timelines: PROCESS_ENERGY_VALUES_EXTENSION_Timelines, - Durations: PROCESS_ENERGY_VALUES_EXTENSION_Durations, - KeyboardInput: ULONG, - MouseInput: ULONG, -}} -pub type PPROCESS_ENERGY_VALUES_EXTENSION = *mut PROCESS_ENERGY_VALUES_EXTENSION; -STRUCT!{struct PROCESS_EXTENDED_ENERGY_VALUES { - Base: PROCESS_ENERGY_VALUES, - Extension: PROCESS_ENERGY_VALUES_EXTENSION, -}} -pub type PPROCESS_EXTENDED_ENERGY_VALUES = *mut PROCESS_EXTENDED_ENERGY_VALUES; -ENUM!{enum SYSTEM_PROCESS_CLASSIFICATION { - SystemProcessClassificationNormal = 0, - SystemProcessClassificationSystem = 1, - SystemProcessClassificationSecureSystem = 2, - SystemProcessClassificationMemCompression = 3, - SystemProcessClassificationRegistry = 4, - SystemProcessClassificationMaximum = 5, -}} -STRUCT!{struct SYSTEM_PROCESS_INFORMATION_EXTENSION { - DiskCounters: PROCESS_DISK_COUNTERS, - ContextSwitches: ULONGLONG, - Flags: ULONG, - UserSidOffset: ULONG, - PackageFullNameOffset: ULONG, - EnergyValues: PROCESS_ENERGY_VALUES, - AppIdOffset: ULONG, - SharedCommitCharge: SIZE_T, - JobObjectId: ULONG, - SpareUlong: ULONG, - ProcessSequenceNumber: ULONGLONG, -}} -BITFIELD!{SYSTEM_PROCESS_INFORMATION_EXTENSION Flags: ULONG [ - HasStrongId set_HasStrongId[0..1], - Classification set_Classification[1..5], - BackgroundActivityModerated set_BackgroundActivityModerated[5..6], - Spare set_Spare[6..32], -]} -pub type PSYSTEM_PROCESS_INFORMATION_EXTENSION = *mut SYSTEM_PROCESS_INFORMATION_EXTENSION; -STRUCT!{struct SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION { - EfiLauncherEnabled: BOOLEAN, -}} -pub type PSYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION = - *mut SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION; -STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX { - DebuggerAllowed: BOOLEAN, - DebuggerEnabled: BOOLEAN, - DebuggerPresent: BOOLEAN, -}} -pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION_EX = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX; -STRUCT!{struct SYSTEM_ELAM_CERTIFICATE_INFORMATION { - ElamDriverFile: HANDLE, -}} -pub type PSYSTEM_ELAM_CERTIFICATE_INFORMATION = *mut SYSTEM_ELAM_CERTIFICATE_INFORMATION; -STRUCT!{struct SYSTEM_PROCESSOR_FEATURES_INFORMATION { - ProcessorFeatureBits: ULONGLONG, - Reserved: [ULONGLONG; 3], -}} -pub type PSYSTEM_PROCESSOR_FEATURES_INFORMATION = *mut SYSTEM_PROCESSOR_FEATURES_INFORMATION; -STRUCT!{struct SYSTEM_MANUFACTURING_INFORMATION { - Options: ULONG, - ProfileName: UNICODE_STRING, -}} -pub type PSYSTEM_MANUFACTURING_INFORMATION = *mut SYSTEM_MANUFACTURING_INFORMATION; -STRUCT!{struct SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION { - Enabled: BOOLEAN, -}} -pub type PSYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION = - *mut SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION; -STRUCT!{struct HV_DETAILS { - Data: [ULONG; 4], -}} -pub type PHV_DETAILS = *mut HV_DETAILS; -STRUCT!{struct SYSTEM_HYPERVISOR_DETAIL_INFORMATION { - HvVendorAndMaxFunction: HV_DETAILS, - HypervisorInterface: HV_DETAILS, - HypervisorVersion: HV_DETAILS, - HvFeatures: HV_DETAILS, - HwFeatures: HV_DETAILS, - EnlightenmentInfo: HV_DETAILS, - ImplementationLimits: HV_DETAILS, -}} -pub type PSYSTEM_HYPERVISOR_DETAIL_INFORMATION = *mut SYSTEM_HYPERVISOR_DETAIL_INFORMATION; -STRUCT!{struct SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION { - Cycles: [[ULONGLONG; 4]; 2], -}} -pub type PSYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION = *mut SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION; -STRUCT!{struct SYSTEM_TPM_INFORMATION { - Flags: ULONG, -}} -pub type PSYSTEM_TPM_INFORMATION = *mut SYSTEM_TPM_INFORMATION; -STRUCT!{struct SYSTEM_VSM_PROTECTION_INFORMATION { - DmaProtectionsAvailable: BOOLEAN, - DmaProtectionsInUse: BOOLEAN, - HardwareMbecAvailable: BOOLEAN, -}} -pub type PSYSTEM_VSM_PROTECTION_INFORMATION = *mut SYSTEM_VSM_PROTECTION_INFORMATION; -STRUCT!{struct SYSTEM_CODEINTEGRITYPOLICY_INFORMATION { - Options: ULONG, - HVCIOptions: ULONG, - Version: ULONGLONG, - PolicyGuid: GUID, -}} -pub type PSYSTEM_CODEINTEGRITYPOLICY_INFORMATION = *mut SYSTEM_CODEINTEGRITYPOLICY_INFORMATION; -STRUCT!{struct SYSTEM_ISOLATED_USER_MODE_INFORMATION { - Bitfields1: BOOLEAN, - Bitfields2: BOOLEAN, - Spare0: [BOOLEAN; 6], - Spare1: ULONGLONG, -}} -BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields1: BOOLEAN [ - SecureKernelRunning set_SecureKernelRunning[0..1], - HvciEnabled set_HvciEnabled[1..2], - HvciStrictMode set_HvciStrictMode[2..3], - DebugEnabled set_DebugEnabled[3..4], - FirmwarePageProtection set_FirmwarePageProtection[4..5], - EncryptionKeyAvailable set_EncryptionKeyAvailable[5..6], - SpareFlags set_SpareFlags[6..7], - TrustletRunning set_TrustletRunning[7..8], -]} -BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields2: BOOLEAN [ - SpareFlags2 set_SpareFlags2[0..1], -]} -pub type PSYSTEM_ISOLATED_USER_MODE_INFORMATION = *mut SYSTEM_ISOLATED_USER_MODE_INFORMATION; -STRUCT!{struct SYSTEM_SINGLE_MODULE_INFORMATION { - TargetModuleAddress: PVOID, - ExInfo: RTL_PROCESS_MODULE_INFORMATION_EX, -}} -pub type PSYSTEM_SINGLE_MODULE_INFORMATION = *mut SYSTEM_SINGLE_MODULE_INFORMATION; -STRUCT!{struct SYSTEM_INTERRUPT_CPU_SET_INFORMATION { - Gsiv: ULONG, - Group: USHORT, - CpuSets: ULONGLONG, -}} -pub type PSYSTEM_INTERRUPT_CPU_SET_INFORMATION = *mut SYSTEM_INTERRUPT_CPU_SET_INFORMATION; -STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION { - PolicyInformation: SYSTEM_SECUREBOOT_POLICY_INFORMATION, - PolicySize: ULONG, - Policy: [UCHAR; 1], -}} -pub type PSYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION = - *mut SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION; -STRUCT!{struct SYSTEM_ROOT_SILO_INFORMATION { - NumberOfSilos: ULONG, - SiloIdList: [ULONG; 1], -}} -pub type PSYSTEM_ROOT_SILO_INFORMATION = *mut SYSTEM_ROOT_SILO_INFORMATION; -STRUCT!{struct SYSTEM_CPU_SET_TAG_INFORMATION { - Tag: ULONGLONG, - CpuSets: [ULONGLONG; 1], -}} -pub type PSYSTEM_CPU_SET_TAG_INFORMATION = *mut SYSTEM_CPU_SET_TAG_INFORMATION; -STRUCT!{struct SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION { - ExtentCount: ULONG, - ValidStructureSize: ULONG, - NextExtentIndex: ULONG, - ExtentRestart: ULONG, - CycleCount: ULONG, - TimeoutCount: ULONG, - CycleTime: ULONGLONG, - CycleTimeMax: ULONGLONG, - ExtentTime: ULONGLONG, - ExtentTimeIndex: ULONG, - ExtentTimeMaxIndex: ULONG, - ExtentTimeMax: ULONGLONG, - HyperFlushTimeMax: ULONGLONG, - TranslateVaTimeMax: ULONGLONG, - DebugExemptionCount: ULONGLONG, - TbHitCount: ULONGLONG, - TbMissCount: ULONGLONG, - VinaPendingYield: ULONGLONG, - HashCycles: ULONGLONG, - HistogramOffset: ULONG, - HistogramBuckets: ULONG, - HistogramShift: ULONG, - Reserved1: ULONG, - PageNotPresentCount: ULONGLONG, -}} -pub type PSYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION = - *mut SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION; -STRUCT!{struct SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION { - PlatformManifestSize: ULONG, - PlatformManifest: [UCHAR; 1], -}} -pub type PSYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION = - *mut SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION; -STRUCT!{struct SYSTEM_MEMORY_USAGE_INFORMATION { - TotalPhysicalBytes: ULONGLONG, - AvailableBytes: ULONGLONG, - ResidentAvailableBytes: LONGLONG, - CommittedBytes: ULONGLONG, - SharedCommittedBytes: ULONGLONG, - CommitLimitBytes: ULONGLONG, - PeakCommitmentBytes: ULONGLONG, -}} -pub type PSYSTEM_MEMORY_USAGE_INFORMATION = *mut SYSTEM_MEMORY_USAGE_INFORMATION; -STRUCT!{struct SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION { - ImageFile: HANDLE, - Type: ULONG, -}} -pub type PSYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION = - *mut SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION; -STRUCT!{struct SYSTEM_PHYSICAL_MEMORY_INFORMATION { - TotalPhysicalBytes: ULONGLONG, - LowestPhysicalAddress: ULONGLONG, - HighestPhysicalAddress: ULONGLONG, -}} -pub type PSYSTEM_PHYSICAL_MEMORY_INFORMATION = *mut SYSTEM_PHYSICAL_MEMORY_INFORMATION; -ENUM!{enum SYSTEM_ACTIVITY_MODERATION_STATE { - SystemActivityModerationStateSystemManaged = 0, - SystemActivityModerationStateUserManagedAllowThrottling = 1, - SystemActivityModerationStateUserManagedDisableThrottling = 2, - MaxSystemActivityModerationState = 3, -}} -ENUM!{enum SYSTEM_ACTIVITY_MODERATION_APP_TYPE { - SystemActivityModerationAppTypeClassic = 0, - SystemActivityModerationAppTypePackaged = 1, - MaxSystemActivityModerationAppType = 2, -}} -STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_INFO { - Identifier: UNICODE_STRING, - ModerationState: SYSTEM_ACTIVITY_MODERATION_STATE, - AppType: SYSTEM_ACTIVITY_MODERATION_APP_TYPE, -}} -pub type PSYSTEM_ACTIVITY_MODERATION_INFO = *mut SYSTEM_ACTIVITY_MODERATION_INFO; -STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS { - UserKeyHandle: HANDLE, -}} -pub type PSYSTEM_ACTIVITY_MODERATION_USER_SETTINGS = *mut SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS; -STRUCT!{struct SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION { - Flags: ULONG, - UnlockId: [UCHAR; 32], -}} -BITFIELD!{SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION Flags: ULONG [ - Locked set_Locked[0..1], - Unlockable set_Unlockable[1..2], - UnlockApplied set_UnlockApplied[2..3], - UnlockIdValid set_UnlockIdValid[3..4], - Reserved set_Reserved[4..32], -]} -pub type PSYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION = *mut SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION; -STRUCT!{struct SYSTEM_FLUSH_INFORMATION { - SupportedFlushMethods: ULONG, - ProcessorCacheFlushSize: ULONG, - SystemFlushCapabilities: ULONGLONG, - Reserved: [ULONGLONG; 2], -}} -pub type PSYSTEM_FLUSH_INFORMATION = *mut SYSTEM_FLUSH_INFORMATION; -STRUCT!{struct SYSTEM_WRITE_CONSTRAINT_INFORMATION { - WriteConstraintPolicy: ULONG, - Reserved: ULONG, -}} -pub type PSYSTEM_WRITE_CONSTRAINT_INFORMATION = *mut SYSTEM_WRITE_CONSTRAINT_INFORMATION; -STRUCT!{struct SYSTEM_KERNEL_VA_SHADOW_INFORMATION { - Flags: ULONG, -}} -BITFIELD!{SYSTEM_KERNEL_VA_SHADOW_INFORMATION Flags: ULONG [ - KvaShadowEnabled set_KvaShadowEnabled[0..1], - KvaShadowUserGlobal set_KvaShadowUserGlobal[1..2], - KvaShadowPcid set_KvaShadowPcid[2..3], - KvaShadowInvpcid set_KvaShadowInvpcid[3..4], - KvaShadowRequired set_KvaShadowRequired[4..5], - KvaShadowRequiredAvailable set_KvaShadowRequiredAvailable[5..6], - InvalidPteBit set_InvalidPteBit[6..12], - L1DataCacheFlushSupported set_L1DataCacheFlushSupported[12..13], - L1TerminalFaultMitigationPresent set_L1TerminalFaultMitigationPresent[13..14], - Reserved set_Reserved[14..32], -]} -pub type PSYSTEM_KERNEL_VA_SHADOW_INFORMATION = *mut SYSTEM_KERNEL_VA_SHADOW_INFORMATION; -STRUCT!{struct SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION { - FileHandle: HANDLE, - ImageSize: ULONG, - Image: PVOID, -}} -pub type PSYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION = - *mut SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION; -STRUCT!{struct SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION { - HypervisorSharedUserVa: PVOID, -}} -pub type PSYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION = - *mut SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION; -STRUCT!{struct SYSTEM_SPECULATION_CONTROL_INFORMATION { - Flags: ULONG, -}} -BITFIELD!{SYSTEM_SPECULATION_CONTROL_INFORMATION Flags: ULONG [ - BpbEnabled set_BpbEnabled[0..1], - BpbDisabledSystemPolicy set_BpbDisabledSystemPolicy[1..2], - BpbDisabledNoHardwareSupport set_BpbDisabledNoHardwareSupport[2..3], - SpecCtrlEnumerated set_SpecCtrlEnumerated[3..4], - SpecCmdEnumerated set_SpecCmdEnumerated[4..5], - IbrsPresent set_IbrsPresent[5..6], - StibpPresent set_StibpPresent[6..7], - SmepPresent set_SmepPresent[7..8], - SpeculativeStoreBypassDisableAvailable set_SpeculativeStoreBypassDisableAvailable[8..9], - SpeculativeStoreBypassDisableSupported set_SpeculativeStoreBypassDisableSupported[9..10], - SpeculativeStoreBypassDisabledSystemWide set_SpeculativeStoreBypassDisabledSystemWide[10..11], - SpeculativeStoreBypassDisabledKernel set_SpeculativeStoreBypassDisabledKernel[11..12], - SpeculativeStoreBypassDisableRequired set_SpeculativeStoreBypassDisableRequired[12..13], - BpbDisabledKernelToUser set_BpbDisabledKernelToUser[13..14], - SpecCtrlRetpolineEnabled set_SpecCtrlRetpolineEnabled[14..15], - SpecCtrlImportOptimizationEnabled set_SpecCtrlImportOptimizationEnabled[15..16], - Reserved set_Reserved[16..32], -]} -pub type PSYSTEM_SPECULATION_CONTROL_INFORMATION = *mut SYSTEM_SPECULATION_CONTROL_INFORMATION; -STRUCT!{struct SYSTEM_DMA_GUARD_POLICY_INFORMATION { - DmaGuardPolicyEnabled: BOOLEAN, -}} -pub type PSYSTEM_DMA_GUARD_POLICY_INFORMATION = *mut SYSTEM_DMA_GUARD_POLICY_INFORMATION; -STRUCT!{struct SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION { - EnclaveLaunchSigner: [UCHAR; 32], -}} -pub type PSYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION = - *mut SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION; -STRUCT!{struct SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION { - WorkloadClass: ULONGLONG, - CpuSets: [ULONGLONG; 1], -}} -pub type PSYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION = - *mut SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION; -EXTERN!{extern "system" { - fn NtQuerySystemInformation( - SystemInformationClass: SYSTEM_INFORMATION_CLASS, - SystemInformation: PVOID, - SystemInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtQuerySystemInformationEx( - SystemInformationClass: SYSTEM_INFORMATION_CLASS, - InputBuffer: PVOID, - InputBufferLength: ULONG, - SystemInformation: PVOID, - SystemInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtSetSystemInformation( - SystemInformationClass: SYSTEM_INFORMATION_CLASS, - SystemInformation: PVOID, - SystemInformationLength: ULONG, - ) -> NTSTATUS; -}} -ENUM!{enum SYSDBG_COMMAND { - SysDbgQueryModuleInformation = 0, - SysDbgQueryTraceInformation = 1, - SysDbgSetTracepoint = 2, - SysDbgSetSpecialCall = 3, - SysDbgClearSpecialCalls = 4, - SysDbgQuerySpecialCalls = 5, - SysDbgBreakPoint = 6, - SysDbgQueryVersion = 7, - SysDbgReadVirtual = 8, - SysDbgWriteVirtual = 9, - SysDbgReadPhysical = 10, - SysDbgWritePhysical = 11, - SysDbgReadControlSpace = 12, - SysDbgWriteControlSpace = 13, - SysDbgReadIoSpace = 14, - SysDbgWriteIoSpace = 15, - SysDbgReadMsr = 16, - SysDbgWriteMsr = 17, - SysDbgReadBusData = 18, - SysDbgWriteBusData = 19, - SysDbgCheckLowMemory = 20, - SysDbgEnableKernelDebugger = 21, - SysDbgDisableKernelDebugger = 22, - SysDbgGetAutoKdEnable = 23, - SysDbgSetAutoKdEnable = 24, - SysDbgGetPrintBufferSize = 25, - SysDbgSetPrintBufferSize = 26, - SysDbgGetKdUmExceptionEnable = 27, - SysDbgSetKdUmExceptionEnable = 28, - SysDbgGetTriageDump = 29, - SysDbgGetKdBlockEnable = 30, - SysDbgSetKdBlockEnable = 31, - SysDbgRegisterForUmBreakInfo = 32, - SysDbgGetUmBreakPid = 33, - SysDbgClearUmBreakPid = 34, - SysDbgGetUmAttachPid = 35, - SysDbgClearUmAttachPid = 36, - SysDbgGetLiveKernelDump = 37, -}} -pub type PSYSDBG_COMMAND = *mut SYSDBG_COMMAND; -STRUCT!{struct SYSDBG_VIRTUAL { - Address: PVOID, - Buffer: PVOID, - Request: ULONG, -}} -pub type PSYSDBG_VIRTUAL = *mut SYSDBG_VIRTUAL; -STRUCT!{struct SYSDBG_PHYSICAL { - Address: PHYSICAL_ADDRESS, - Buffer: PVOID, - Request: ULONG, -}} -pub type PSYSDBG_PHYSICAL = *mut SYSDBG_PHYSICAL; -STRUCT!{struct SYSDBG_CONTROL_SPACE { - Address: ULONG64, - Buffer: PVOID, - Request: ULONG, - Processor: ULONG, -}} -pub type PSYSDBG_CONTROL_SPACE = *mut SYSDBG_CONTROL_SPACE; -STRUCT!{struct SYSDBG_IO_SPACE { - Address: ULONG64, - Buffer: PVOID, - Request: ULONG, - InterfaceType: INTERFACE_TYPE, - BusNumber: ULONG, - AddressSpace: ULONG, -}} -pub type PSYSDBG_IO_SPACE = *mut SYSDBG_IO_SPACE; -STRUCT!{struct SYSDBG_MSR { - Msr: ULONG, - Data: ULONG64, -}} -pub type PSYSDBG_MSR = *mut SYSDBG_MSR; -STRUCT!{struct SYSDBG_BUS_DATA { - Address: ULONG, - Buffer: PVOID, - Request: ULONG, - BusDataType: BUS_DATA_TYPE, - BusNumber: ULONG, - SlotNumber: ULONG, -}} -pub type PSYSDBG_BUS_DATA = *mut SYSDBG_BUS_DATA; -STRUCT!{struct SYSDBG_TRIAGE_DUMP { - Flags: ULONG, - BugCheckCode: ULONG, - BugCheckParam1: ULONG_PTR, - BugCheckParam2: ULONG_PTR, - BugCheckParam3: ULONG_PTR, - BugCheckParam4: ULONG_PTR, - ProcessHandles: ULONG, - ThreadHandles: ULONG, - Handles: PHANDLE, -}} -pub type PSYSDBG_TRIAGE_DUMP = *mut SYSDBG_TRIAGE_DUMP; -STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_FLAGS { - AsUlong: ULONG, -}} -BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_FLAGS AsUlong: ULONG [ - UseDumpStorageStack set_UseDumpStorageStack[0..1], - CompressMemoryPagesData set_CompressMemoryPagesData[1..2], - IncludeUserSpaceMemoryPages set_IncludeUserSpaceMemoryPages[2..3], - AbortIfMemoryPressure set_AbortIfMemoryPressure[3..4], - Reserved set_Reserved[4..32], -]} -pub type PSYSDBG_LIVEDUMP_CONTROL_FLAGS = *mut SYSDBG_LIVEDUMP_CONTROL_FLAGS; -STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_ADDPAGES { - AsUlong: ULONG, -}} -BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_ADDPAGES AsUlong: ULONG [ - HypervisorPages set_HypervisorPages[0..1], - Reserved set_Reserved[1..32], -]} -pub type PSYSDBG_LIVEDUMP_CONTROL_ADDPAGES = *mut SYSDBG_LIVEDUMP_CONTROL_ADDPAGES; -pub const SYSDBG_LIVEDUMP_CONTROL_VERSION: ULONG = 1; -STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL { - Version: ULONG, - BugCheckCode: ULONG, - BugCheckParam1: ULONG_PTR, - BugCheckParam2: ULONG_PTR, - BugCheckParam3: ULONG_PTR, - BugCheckParam4: ULONG_PTR, - DumpFileHandle: HANDLE, - CancelEventHandle: HANDLE, - Flags: SYSDBG_LIVEDUMP_CONTROL_FLAGS, - AddPagesControl: SYSDBG_LIVEDUMP_CONTROL_ADDPAGES, -}} -pub type PSYSDBG_LIVEDUMP_CONTROL = *mut SYSDBG_LIVEDUMP_CONTROL; -EXTERN!{extern "system" { - fn NtSystemDebugControl( - Command: SYSDBG_COMMAND, - InputBuffer: PVOID, - InputBufferLength: ULONG, - OutputBuffer: PVOID, - OutputBufferLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; -}} -ENUM!{enum HARDERROR_RESPONSE_OPTION { - OptionAbortRetryIgnore = 0, - OptionOk = 1, - OptionOkCancel = 2, - OptionRetryCancel = 3, - OptionYesNo = 4, - OptionYesNoCancel = 5, - OptionShutdownSystem = 6, - OptionOkNoWait = 7, - OptionCancelTryContinue = 8, -}} -ENUM!{enum HARDERROR_RESPONSE { - ResponseReturnToCaller = 0, - ResponseNotHandled = 1, - ResponseAbort = 2, - ResponseCancel = 3, - ResponseIgnore = 4, - ResponseNo = 5, - ResponseOk = 6, - ResponseRetry = 7, - ResponseYes = 8, - ResponseTryAgain = 9, - ResponseContinue = 10, -}} -pub const HARDERROR_OVERRIDE_ERRORMODE: ULONG = 0x10000000; -EXTERN!{extern "system" { - fn NtRaiseHardError( - ErrorStatus: NTSTATUS, - NumberOfParameters: ULONG, - UnicodeStringParameterMask: ULONG, - Parameters: PULONG_PTR, - ValidResponseOptions: ULONG, - Response: PULONG, - ) -> NTSTATUS; -}} -ENUM!{enum ALTERNATIVE_ARCHITECTURE_TYPE { - StandardDesign = 0, - NEC98x86 = 1, - EndAlternatives = 2, -}} -pub const PROCESSOR_FEATURE_MAX: usize = 64; -pub const MAX_WOW64_SHARED_ENTRIES: u32 = 16; -pub const NX_SUPPORT_POLICY_ALWAYSOFF: u32 = 0; -pub const NX_SUPPORT_POLICY_ALWAYSON: u32 = 1; -pub const NX_SUPPORT_POLICY_OPTIN: u32 = 2; -pub const NX_SUPPORT_POLICY_OPTOUT: u32 = 3; -UNION!{union KUSER_SHARED_DATA_u { - TickCount: KSYSTEM_TIME, - TickCountQuad: ULONG64, - ReservedTickCountOverlay: [ULONG; 3], -}} -STRUCT!{#[repr(packed(4))] struct KUSER_SHARED_DATA { - TickCountLowDeprecated: ULONG, - TickCountMultiplier: ULONG, - InterruptTime: KSYSTEM_TIME, - SystemTime: KSYSTEM_TIME, - TimeZoneBias: KSYSTEM_TIME, - ImageNumberLow: USHORT, - ImageNumberHigh: USHORT, - NtSystemRoot: [WCHAR; 260], - MaxStackTraceDepth: ULONG, - CryptoExponent: ULONG, - TimeZoneId: ULONG, - LargePageMinimum: ULONG, - AitSamplingValue: ULONG, - AppCompatFlag: ULONG, - RNGSeedVersion: ULONGLONG, - GlobalValidationRunlevel: ULONG, - TimeZoneBiasStamp: LONG, - NtBuildNumber: ULONG, - NtProductType: NT_PRODUCT_TYPE, - ProductTypeIsValid: BOOLEAN, - Reserved0: [UCHAR; 1], - NativeProcessorArchitecture: USHORT, - NtMajorVersion: ULONG, - NtMinorVersion: ULONG, - ProcessorFeatures: [BOOLEAN; PROCESSOR_FEATURE_MAX], - Reserved1: ULONG, - Reserved3: ULONG, - TimeSlip: ULONG, - AlternativeArchitecture: ALTERNATIVE_ARCHITECTURE_TYPE, - BootId: ULONG, - SystemExpirationDate: LARGE_INTEGER, - SuiteMask: ULONG, - KdDebuggerEnabled: BOOLEAN, - MitigationPolicies: UCHAR, - Reserved6: [UCHAR; 2], - ActiveConsoleId: ULONG, - DismountCount: ULONG, - ComPlusPackage: ULONG, - LastSystemRITEventTickCount: ULONG, - NumberOfPhysicalPages: ULONG, - SafeBootMode: BOOLEAN, - VirtualizationFlags: UCHAR, - Reserved12: [UCHAR; 2], - SharedDataFlags: ULONG, - DataFlagsPad: [ULONG; 1], - TestRetInstruction: ULONGLONG, - QpcFrequency: LONGLONG, - SystemCall: ULONG, - SystemCallPad0: ULONG, - SystemCallPad: [ULONGLONG; 2], - u: KUSER_SHARED_DATA_u, - //TickCountPad: [ULONG; 1], - Cookie: ULONG, - CookiePad: [ULONG; 1], - ConsoleSessionForegroundProcessId: LONGLONG, - TimeUpdateLock: ULONGLONG, - BaselineSystemTimeQpc: ULONGLONG, - BaselineInterruptTimeQpc: ULONGLONG, - QpcSystemTimeIncrement: ULONGLONG, - QpcInterruptTimeIncrement: ULONGLONG, - QpcSystemTimeIncrementShift: UCHAR, - QpcInterruptTimeIncrementShift: UCHAR, - UnparkedProcessorCount: USHORT, - EnclaveFeatureMask: [ULONG; 4], - TelemetryCoverageRound: ULONG, - UserModeGlobalLogger: [USHORT; 16], - ImageFileExecutionOptions: ULONG, - LangGenerationCount: ULONG, - Reserved4: ULONGLONG, - InterruptTimeBias: ULONG64, - QpcBias: ULONG64, - ActiveProcessorCount: ULONG, - ActiveGroupCount: UCHAR, - Reserved9: UCHAR, - QpcData: UCHAR, - TimeZoneBiasEffectiveStart: LARGE_INTEGER, - TimeZoneBiasEffectiveEnd: LARGE_INTEGER, - XState: XSTATE_CONFIGURATION, -}} -BITFIELD!{KUSER_SHARED_DATA MitigationPolicies: UCHAR [ - NXSupportPolicy set_NXSupportPolicy[0..2], - SEHValidationPolicy set_SEHValidationPolicy[2..4], - CurDirDevicesSkippedForDlls set_CurDirDevicesSkippedForDlls[4..6], - Reserved set_Reserved[6..8], -]} -BITFIELD!{KUSER_SHARED_DATA SharedDataFlags: ULONG [ - DbgErrorPortPresent set_DbgErrorPortPresent[0..1], - DbgElevationEnabled set_DbgElevationEnabled[1..2], - DbgVirtEnabled set_DbgVirtEnabled[2..3], - DbgInstallerDetectEnabled set_DbgInstallerDetectEnabled[3..4], - DbgLkgEnabled set_DbgLkgEnabled[4..5], - DbgDynProcessorEnabled set_DbgDynProcessorEnabled[5..6], - DbgConsoleBrokerEnabled set_DbgConsoleBrokerEnabled[6..7], - DbgSecureBootEnabled set_DbgSecureBootEnabled[7..8], - DbgMultiSessionSku set_DbgMultiSessionSku[8..9], - DbgMultiUsersInSessionSku set_DbgMultiUsersInSessionSku[9..10], - DbgStateSeparationEnabled set_DbgStateSeparationEnabled[10..11], - SpareBits set_SpareBits[11..32], -]} -BITFIELD!{KUSER_SHARED_DATA QpcData: UCHAR [ - QpcBypassEnabled set_QpcBypassEnabled[0..1], - QpcShift set_QpcShift[1..2], -]} -pub type PKUSER_SHARED_DATA = *mut KUSER_SHARED_DATA; -pub const USER_SHARED_DATA: *const KUSER_SHARED_DATA = 0x7ffe0000 as *const _; -#[inline] -pub unsafe fn NtGetTickCount64() -> ULONGLONG { - let mut tick_count: ULARGE_INTEGER = MaybeUninit::uninit().assume_init(); - #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] { - *tick_count.QuadPart_mut() = read_volatile(addr_of!((*USER_SHARED_DATA).u.TickCountQuad)); - } - #[cfg(target_arch = "x86")] { - loop { - tick_count.s_mut().HighPart = - read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time) as u32; - tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart); - if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time) - as u32 - { - break; - } - spin_loop(); - } - } - (UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24) - + (UInt32x32To64( - tick_count.s().HighPart as u32, - (*USER_SHARED_DATA).TickCountMultiplier, - ) << 8) -} -#[inline] -pub unsafe fn NtGetTickCount() -> ULONG { - #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] { - ((read_volatile(addr_of!((*USER_SHARED_DATA).u.TickCountQuad)) - * (*USER_SHARED_DATA).TickCountMultiplier as u64) >> 24) as u32 - } - #[cfg(target_arch = "x86")] { - let mut tick_count: ULARGE_INTEGER = MaybeUninit::uninit().assume_init(); - loop { - tick_count.s_mut().HighPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time) - as u32; - tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart); - if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time) - as u32 - { - break; - } - spin_loop(); - } - ((UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24) - + UInt32x32To64( - (tick_count.s().HighPart as u32) << 8, - (*USER_SHARED_DATA).TickCountMultiplier, - )) as u32 - } -} -EXTERN!{extern "system" { - fn NtQueryDefaultLocale( - UserProfile: BOOLEAN, - DefaultLocaleId: PLCID, - ) -> NTSTATUS; - fn NtSetDefaultLocale( - UserProfile: BOOLEAN, - DefaultLocaleId: LCID, - ) -> NTSTATUS; - fn NtQueryInstallUILanguage( - InstallUILanguageId: *mut LANGID, - ) -> NTSTATUS; - fn NtFlushInstallUILanguage( - InstallUILanguage: LANGID, - SetComittedFlag: ULONG, - ) -> NTSTATUS; - fn NtQueryDefaultUILanguage( - DefaultUILanguageId: *mut LANGID, - ) -> NTSTATUS; - fn NtSetDefaultUILanguage( - DefaultUILanguageId: LANGID, - ) -> NTSTATUS; - fn NtIsUILanguageComitted() -> NTSTATUS; - fn NtInitializeNlsFiles( - BaseAddress: *mut PVOID, - DefaultLocaleId: PLCID, - DefaultCasingTableSize: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtGetNlsSectionPtr( - SectionType: ULONG, - SectionData: ULONG, - ContextData: PVOID, - SectionPointer: *mut PVOID, - SectionSize: PULONG, - ) -> NTSTATUS; - fn NtMapCMFModule( - What: ULONG, - Index: ULONG, - CacheIndexOut: PULONG, - CacheFlagsOut: PULONG, - ViewSizeOut: PULONG, - BaseAddress: *mut PVOID, - ) -> NTSTATUS; - fn NtGetMUIRegistryInfo( - Flags: ULONG, - DataSize: PULONG, - Data: PVOID, - ) -> NTSTATUS; - fn NtAddAtom( - AtomName: PWSTR, - Length: ULONG, - Atom: PRTL_ATOM, - ) -> NTSTATUS; -}} -pub const ATOM_FLAG_GLOBAL: ULONG = 0x2; -EXTERN!{extern "system" { - fn NtAddAtomEx( - AtomName: PWSTR, - Length: ULONG, - Atom: PRTL_ATOM, - Flags: ULONG, - ) -> NTSTATUS; - fn NtFindAtom( - AtomName: PWSTR, - Length: ULONG, - Atom: PRTL_ATOM, - ) -> NTSTATUS; - fn NtDeleteAtom( - Atom: RTL_ATOM, - ) -> NTSTATUS; -}} -ENUM!{enum ATOM_INFORMATION_CLASS { - AtomBasicInformation = 0, - AtomTableInformation = 1, -}} -STRUCT!{struct ATOM_BASIC_INFORMATION { - UsageCount: USHORT, - Flags: USHORT, - NameLength: USHORT, - Name: [WCHAR; 1], -}} -pub type PATOM_BASIC_INFORMATION = *mut ATOM_BASIC_INFORMATION; -STRUCT!{struct ATOM_TABLE_INFORMATION { - NumberOfAtoms: ULONG, - Atoms: [RTL_ATOM; 1], -}} -pub type PATOM_TABLE_INFORMATION = *mut ATOM_TABLE_INFORMATION; -EXTERN!{extern "system" { - fn NtQueryInformationAtom( - Atom: RTL_ATOM, - AtomInformationClass: ATOM_INFORMATION_CLASS, - AtomInformation: PVOID, - AtomInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; -}} -pub const FLG_STOP_ON_EXCEPTION: u32 = 0x00000001; -pub const FLG_SHOW_LDR_SNAPS: u32 = 0x00000002; -pub const FLG_DEBUG_INITIAL_COMMAND: u32 = 0x00000004; -pub const FLG_STOP_ON_HUNG_GUI: u32 = 0x00000008; -pub const FLG_HEAP_ENABLE_TAIL_CHECK: u32 = 0x00000010; -pub const FLG_HEAP_ENABLE_FREE_CHECK: u32 = 0x00000020; -pub const FLG_HEAP_VALIDATE_PARAMETERS: u32 = 0x00000040; -pub const FLG_HEAP_VALIDATE_ALL: u32 = 0x00000080; -pub const FLG_APPLICATION_VERIFIER: u32 = 0x00000100; -pub const FLG_POOL_ENABLE_TAGGING: u32 = 0x00000400; -pub const FLG_HEAP_ENABLE_TAGGING: u32 = 0x00000800; -pub const FLG_USER_STACK_TRACE_DB: u32 = 0x00001000; -pub const FLG_KERNEL_STACK_TRACE_DB: u32 = 0x00002000; -pub const FLG_MAINTAIN_OBJECT_TYPELIST: u32 = 0x00004000; -pub const FLG_HEAP_ENABLE_TAG_BY_DLL: u32 = 0x00008000; -pub const FLG_DISABLE_STACK_EXTENSION: u32 = 0x00010000; -pub const FLG_ENABLE_CSRDEBUG: u32 = 0x00020000; -pub const FLG_ENABLE_KDEBUG_SYMBOL_LOAD: u32 = 0x00040000; -pub const FLG_DISABLE_PAGE_KERNEL_STACKS: u32 = 0x00080000; -pub const FLG_ENABLE_SYSTEM_CRIT_BREAKS: u32 = 0x00100000; -pub const FLG_HEAP_DISABLE_COALESCING: u32 = 0x00200000; -pub const FLG_ENABLE_CLOSE_EXCEPTIONS: u32 = 0x00400000; -pub const FLG_ENABLE_EXCEPTION_LOGGING: u32 = 0x00800000; -pub const FLG_ENABLE_HANDLE_TYPE_TAGGING: u32 = 0x01000000; -pub const FLG_HEAP_PAGE_ALLOCS: u32 = 0x02000000; -pub const FLG_DEBUG_INITIAL_COMMAND_EX: u32 = 0x04000000; -pub const FLG_DISABLE_DBGPRINT: u32 = 0x08000000; -pub const FLG_CRITSEC_EVENT_CREATION: u32 = 0x10000000; -pub const FLG_LDR_TOP_DOWN: u32 = 0x20000000; -pub const FLG_ENABLE_HANDLE_EXCEPTIONS: u32 = 0x40000000; -pub const FLG_DISABLE_PROTDLLS: u32 = 0x80000000; -pub const FLG_VALID_BITS: u32 = 0xfffffdff; -pub const FLG_USERMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS - | FLG_HEAP_ENABLE_TAIL_CHECK | FLG_HEAP_ENABLE_FREE_CHECK | FLG_HEAP_VALIDATE_PARAMETERS - | FLG_HEAP_VALIDATE_ALL | FLG_APPLICATION_VERIFIER | FLG_HEAP_ENABLE_TAGGING - | FLG_USER_STACK_TRACE_DB | FLG_HEAP_ENABLE_TAG_BY_DLL | FLG_DISABLE_STACK_EXTENSION - | FLG_ENABLE_SYSTEM_CRIT_BREAKS | FLG_HEAP_DISABLE_COALESCING | FLG_DISABLE_PROTDLLS - | FLG_HEAP_PAGE_ALLOCS | FLG_CRITSEC_EVENT_CREATION | FLG_LDR_TOP_DOWN; -pub const FLG_BOOTONLY_VALID_BITS: u32 = FLG_KERNEL_STACK_TRACE_DB | FLG_MAINTAIN_OBJECT_TYPELIST - | FLG_ENABLE_CSRDEBUG | FLG_DEBUG_INITIAL_COMMAND | FLG_DEBUG_INITIAL_COMMAND_EX - | FLG_DISABLE_PAGE_KERNEL_STACKS; -pub const FLG_KERNELMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS - | FLG_STOP_ON_HUNG_GUI | FLG_POOL_ENABLE_TAGGING | FLG_ENABLE_KDEBUG_SYMBOL_LOAD - | FLG_ENABLE_CLOSE_EXCEPTIONS | FLG_ENABLE_EXCEPTION_LOGGING | FLG_ENABLE_HANDLE_TYPE_TAGGING - | FLG_DISABLE_DBGPRINT | FLG_ENABLE_HANDLE_EXCEPTIONS; -EXTERN!{extern "system" { - fn NtQueryLicenseValue( - ValueName: PUNICODE_STRING, - Type: PULONG, - Data: PVOID, - DataSize: ULONG, - ResultDataSize: PULONG, - ) -> NTSTATUS; - fn NtSetDefaultHardErrorPort( - DefaultHardErrorPort: HANDLE, - ) -> NTSTATUS; -}} -ENUM!{enum SHUTDOWN_ACTION { - ShutdownNoReboot = 0, - ShutdownReboot = 1, - ShutdownPowerOff = 2, -}} -EXTERN!{extern "system" { - fn NtShutdownSystem( - Action: SHUTDOWN_ACTION, - ) -> NTSTATUS; - fn NtDisplayString( - String: PUNICODE_STRING, - ) -> NTSTATUS; - fn NtDrawText( - Text: PUNICODE_STRING, - ) -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/ntgdi.rs b/vendor/ntapi/src/ntgdi.rs deleted file mode 100644 index ac6e387d4..000000000 --- a/vendor/ntapi/src/ntgdi.rs +++ /dev/null @@ -1,123 +0,0 @@ -use winapi::shared::ntdef::{PVOID, UCHAR, ULONG, USHORT}; -pub const GDI_MAX_HANDLE_COUNT: usize = 0x4000; -pub const GDI_HANDLE_INDEX_SHIFT: ULONG = 0; -pub const GDI_HANDLE_INDEX_BITS: ULONG = 16; -pub const GDI_HANDLE_INDEX_MASK: ULONG = 0xffff; -pub const GDI_HANDLE_TYPE_SHIFT: ULONG = 16; -pub const GDI_HANDLE_TYPE_BITS: ULONG = 5; -pub const GDI_HANDLE_TYPE_MASK: ULONG = 0x1f; -pub const GDI_HANDLE_ALTTYPE_SHIFT: ULONG = 21; -pub const GDI_HANDLE_ALTTYPE_BITS: ULONG = 2; -pub const GDI_HANDLE_ALTTYPE_MASK: ULONG = 0x3; -pub const GDI_HANDLE_STOCK_SHIFT: ULONG = 23; -pub const GDI_HANDLE_STOCK_BITS: ULONG = 1; -pub const GDI_HANDLE_STOCK_MASK: ULONG = 0x1; -pub const GDI_HANDLE_UNIQUE_SHIFT: ULONG = 24; -pub const GDI_HANDLE_UNIQUE_BITS: ULONG = 8; -pub const GDI_HANDLE_UNIQUE_MASK: ULONG = 0xff; -#[inline] -pub const fn GDI_HANDLE_INDEX(Handle: ULONG) -> ULONG { - Handle & GDI_HANDLE_INDEX_MASK -} -#[inline] -pub const fn GDI_HANDLE_TYPE(Handle: ULONG) -> ULONG { - Handle >> GDI_HANDLE_TYPE_SHIFT & GDI_HANDLE_TYPE_MASK -} -#[inline] -pub const fn GDI_HANDLE_ALTTYPE(Handle: ULONG) -> ULONG { - Handle >> GDI_HANDLE_ALTTYPE_SHIFT & GDI_HANDLE_ALTTYPE_MASK -} -#[inline] -pub const fn GDI_HANDLE_STOCK(Handle: ULONG) -> ULONG { - Handle >> GDI_HANDLE_STOCK_SHIFT & GDI_HANDLE_STOCK_MASK -} -#[inline] -pub const fn GDI_MAKE_HANDLE(Index: ULONG, Unique: ULONG) -> ULONG { - Unique << GDI_HANDLE_INDEX_BITS | Index -} -pub const GDI_DEF_TYPE: ULONG = 0; -pub const GDI_DC_TYPE: ULONG = 1; -pub const GDI_DD_DIRECTDRAW_TYPE: ULONG = 2; -pub const GDI_DD_SURFACE_TYPE: ULONG = 3; -pub const GDI_RGN_TYPE: ULONG = 4; -pub const GDI_SURF_TYPE: ULONG = 5; -pub const GDI_CLIENTOBJ_TYPE: ULONG = 6; -pub const GDI_PATH_TYPE: ULONG = 7; -pub const GDI_PAL_TYPE: ULONG = 8; -pub const GDI_ICMLCS_TYPE: ULONG = 9; -pub const GDI_LFONT_TYPE: ULONG = 10; -pub const GDI_RFONT_TYPE: ULONG = 11; -pub const GDI_PFE_TYPE: ULONG = 12; -pub const GDI_PFT_TYPE: ULONG = 13; -pub const GDI_ICMCXF_TYPE: ULONG = 14; -pub const GDI_ICMDLL_TYPE: ULONG = 15; -pub const GDI_BRUSH_TYPE: ULONG = 16; -pub const GDI_PFF_TYPE: ULONG = 17; -pub const GDI_CACHE_TYPE: ULONG = 18; -pub const GDI_SPACE_TYPE: ULONG = 19; -pub const GDI_DBRUSH_TYPE: ULONG = 20; -pub const GDI_META_TYPE: ULONG = 21; -pub const GDI_EFSTATE_TYPE: ULONG = 22; -pub const GDI_BMFD_TYPE: ULONG = 23; -pub const GDI_VTFD_TYPE: ULONG = 24; -pub const GDI_TTFD_TYPE: ULONG = 25; -pub const GDI_RC_TYPE: ULONG = 26; -pub const GDI_TEMP_TYPE: ULONG = 27; -pub const GDI_DRVOBJ_TYPE: ULONG = 28; -pub const GDI_DCIOBJ_TYPE: ULONG = 29; -pub const GDI_SPOOL_TYPE: ULONG = 30; -#[inline] -pub const fn GDI_CLIENT_TYPE_FROM_HANDLE(Handle: ULONG) -> ULONG { - Handle & (GDI_HANDLE_ALTTYPE_MASK << GDI_HANDLE_ALTTYPE_SHIFT | GDI_HANDLE_TYPE_MASK - << GDI_HANDLE_TYPE_SHIFT) -} -#[inline] -pub const fn GDI_CLIENT_TYPE_FROM_UNIQUE(Unique: ULONG) -> ULONG { - GDI_CLIENT_TYPE_FROM_HANDLE(Unique << 16) -} -pub const GDI_ALTTYPE_1: ULONG = 1 << GDI_HANDLE_ALTTYPE_SHIFT; -pub const GDI_ALTTYPE_2: ULONG = 2 << GDI_HANDLE_ALTTYPE_SHIFT; -pub const GDI_ALTTYPE_3: ULONG = 3 << GDI_HANDLE_ALTTYPE_SHIFT; -pub const GDI_CLIENT_BITMAP_TYPE: ULONG = GDI_SURF_TYPE << GDI_HANDLE_TYPE_SHIFT; -pub const GDI_CLIENT_BRUSH_TYPE: ULONG = GDI_BRUSH_TYPE << GDI_HANDLE_TYPE_SHIFT; -pub const GDI_CLIENT_CLIENTOBJ_TYPE: ULONG = GDI_CLIENTOBJ_TYPE << GDI_HANDLE_TYPE_SHIFT; -pub const GDI_CLIENT_DC_TYPE: ULONG = GDI_DC_TYPE << GDI_HANDLE_TYPE_SHIFT; -pub const GDI_CLIENT_FONT_TYPE: ULONG = GDI_LFONT_TYPE << GDI_HANDLE_TYPE_SHIFT; -pub const GDI_CLIENT_PALETTE_TYPE: ULONG = GDI_PAL_TYPE << GDI_HANDLE_TYPE_SHIFT; -pub const GDI_CLIENT_REGION_TYPE: ULONG = GDI_RGN_TYPE << GDI_HANDLE_TYPE_SHIFT; -pub const GDI_CLIENT_ALTDC_TYPE: ULONG = GDI_CLIENT_DC_TYPE | GDI_ALTTYPE_1; -pub const GDI_CLIENT_DIBSECTION_TYPE: ULONG = GDI_CLIENT_BITMAP_TYPE | GDI_ALTTYPE_1; -pub const GDI_CLIENT_EXTPEN_TYPE: ULONG = GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_2; -pub const GDI_CLIENT_METADC16_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_3; -pub const GDI_CLIENT_METAFILE_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_2; -pub const GDI_CLIENT_METAFILE16_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_1; -pub const GDI_CLIENT_PEN_TYPE: ULONG = GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_1; -UNION!{union GDI_HANDLE_ENTRY_u { - Object: PVOID, - NextFree: PVOID, -}} -STRUCT!{struct GDI_HANDLE_ENTRY_Owner_s { - ProcessId: USHORT, - Bitfields: USHORT, -}} -BITFIELD!{GDI_HANDLE_ENTRY_Owner_s Bitfields: USHORT [ - Lock set_Lock[0..1], - Count set_Count[1..16], -]} -UNION!{union GDI_HANDLE_ENTRY_Owner { - s: GDI_HANDLE_ENTRY_Owner_s, - Value: ULONG, -}} -STRUCT!{struct GDI_HANDLE_ENTRY { - u: GDI_HANDLE_ENTRY_u, - Owner: GDI_HANDLE_ENTRY_Owner, - Unique: USHORT, - Type: UCHAR, - Flags: UCHAR, - UserPointer: PVOID, -}} -pub type PGDI_HANDLE_ENTRY = *mut GDI_HANDLE_ENTRY; -STRUCT!{struct GDI_SHARED_MEMORY { - Handles: [GDI_HANDLE_ENTRY; GDI_MAX_HANDLE_COUNT], -}} -pub type PGDI_SHARED_MEMORY = *mut GDI_SHARED_MEMORY; diff --git a/vendor/ntapi/src/ntioapi.rs b/vendor/ntapi/src/ntioapi.rs deleted file mode 100644 index 48c416b21..000000000 --- a/vendor/ntapi/src/ntioapi.rs +++ /dev/null @@ -1,1464 +0,0 @@ -use crate::string::UTF16Const; -use crate::winapi_local::um::winioctl::CTL_CODE; -use winapi::shared::basetsd::ULONG_PTR; -use winapi::shared::guiddef::GUID; -use winapi::shared::minwindef::DWORD; -use winapi::shared::ntdef::{ - BOOLEAN, CCHAR, CHAR, HANDLE, LARGE_INTEGER, LONG, LONGLONG, NTSTATUS, PBOOLEAN, PHANDLE, - PLARGE_INTEGER, POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, - ULONGLONG, USHORT, WCHAR, -}; -use winapi::um::winioctl::{ - FILE_ANY_ACCESS, FILE_DEVICE_MAILSLOT, FILE_DEVICE_NAMED_PIPE, METHOD_BUFFERED, METHOD_NEITHER, -}; -use winapi::um::winnt::{ - ACCESS_MASK, FILE_ID_128, FILE_READ_DATA, FILE_WRITE_DATA, PFILE_SEGMENT_ELEMENT, PSID, SID, -}; -pub const FILE_SUPERSEDE: ULONG = 0x00000000; -pub const FILE_OPEN: ULONG = 0x00000001; -pub const FILE_CREATE: ULONG = 0x00000002; -pub const FILE_OPEN_IF: ULONG = 0x00000003; -pub const FILE_OVERWRITE: ULONG = 0x00000004; -pub const FILE_OVERWRITE_IF: ULONG = 0x00000005; -pub const FILE_MAXIMUM_DISPOSITION: ULONG = 0x00000005; -pub const FILE_DIRECTORY_FILE: ULONG = 0x00000001; -pub const FILE_WRITE_THROUGH: ULONG = 0x00000002; -pub const FILE_SEQUENTIAL_ONLY: ULONG = 0x00000004; -pub const FILE_NO_INTERMEDIATE_BUFFERING: ULONG = 0x00000008; -pub const FILE_SYNCHRONOUS_IO_ALERT: ULONG = 0x00000010; -pub const FILE_SYNCHRONOUS_IO_NONALERT: ULONG = 0x00000020; -pub const FILE_NON_DIRECTORY_FILE: ULONG = 0x00000040; -pub const FILE_CREATE_TREE_CONNECTION: ULONG = 0x00000080; -pub const FILE_COMPLETE_IF_OPLOCKED: ULONG = 0x00000100; -pub const FILE_NO_EA_KNOWLEDGE: ULONG = 0x00000200; -pub const FILE_OPEN_FOR_RECOVERY: ULONG = 0x00000400; -pub const FILE_RANDOM_ACCESS: ULONG = 0x00000800; -pub const FILE_DELETE_ON_CLOSE: ULONG = 0x00001000; -pub const FILE_OPEN_BY_FILE_ID: ULONG = 0x00002000; -pub const FILE_OPEN_FOR_BACKUP_INTENT: ULONG = 0x00004000; -pub const FILE_NO_COMPRESSION: ULONG = 0x00008000; -pub const FILE_OPEN_REQUIRING_OPLOCK: ULONG = 0x00010000; -pub const FILE_DISALLOW_EXCLUSIVE: ULONG = 0x00020000; -pub const FILE_SESSION_AWARE: ULONG = 0x00040000; -pub const FILE_RESERVE_OPFILTER: ULONG = 0x00100000; -pub const FILE_OPEN_REPARSE_POINT: ULONG = 0x00200000; -pub const FILE_OPEN_NO_RECALL: ULONG = 0x00400000; -pub const FILE_OPEN_FOR_FREE_SPACE_QUERY: ULONG = 0x00800000; -pub const FILE_COPY_STRUCTURED_STORAGE: ULONG = 0x00000041; -pub const FILE_STRUCTURED_STORAGE: ULONG = 0x00000441; -pub const FILE_SUPERSEDED: ULONG = 0x00000000; -pub const FILE_OPENED: ULONG = 0x00000001; -pub const FILE_CREATED: ULONG = 0x00000002; -pub const FILE_OVERWRITTEN: ULONG = 0x00000003; -pub const FILE_EXISTS: ULONG = 0x00000004; -pub const FILE_DOES_NOT_EXIST: ULONG = 0x00000005; -pub const FILE_WRITE_TO_END_OF_FILE: ULONG = 0xffffffff; -pub const FILE_USE_FILE_POINTER_POSITION: ULONG = 0xfffffffe; -pub const FILE_BYTE_ALIGNMENT: ULONG = 0x00000000; -pub const FILE_WORD_ALIGNMENT: ULONG = 0x00000001; -pub const FILE_LONG_ALIGNMENT: ULONG = 0x00000003; -pub const FILE_QUAD_ALIGNMENT: ULONG = 0x00000007; -pub const FILE_OCTA_ALIGNMENT: ULONG = 0x0000000f; -pub const FILE_32_BYTE_ALIGNMENT: ULONG = 0x0000001f; -pub const FILE_64_BYTE_ALIGNMENT: ULONG = 0x0000003f; -pub const FILE_128_BYTE_ALIGNMENT: ULONG = 0x0000007f; -pub const FILE_256_BYTE_ALIGNMENT: ULONG = 0x000000ff; -pub const FILE_512_BYTE_ALIGNMENT: ULONG = 0x000001ff; -pub const MAXIMUM_FILENAME_LENGTH: u32 = 256; -pub const FILE_NEED_EA: ULONG = 0x00000080; -pub const FILE_EA_TYPE_BINARY: ULONG = 0xfffe; -pub const FILE_EA_TYPE_ASCII: ULONG = 0xfffd; -pub const FILE_EA_TYPE_BITMAP: ULONG = 0xfffb; -pub const FILE_EA_TYPE_METAFILE: ULONG = 0xfffa; -pub const FILE_EA_TYPE_ICON: ULONG = 0xfff9; -pub const FILE_EA_TYPE_EA: ULONG = 0xffee; -pub const FILE_EA_TYPE_MVMT: ULONG = 0xffdf; -pub const FILE_EA_TYPE_MVST: ULONG = 0xffde; -pub const FILE_EA_TYPE_ASN1: ULONG = 0xffdd; -pub const FILE_EA_TYPE_FAMILY_IDS: ULONG = 0xff01; -pub const FILE_REMOVABLE_MEDIA: ULONG = 0x00000001; -pub const FILE_READ_ONLY_DEVICE: ULONG = 0x00000002; -pub const FILE_FLOPPY_DISKETTE: ULONG = 0x00000004; -pub const FILE_WRITE_ONCE_MEDIA: ULONG = 0x00000008; -pub const FILE_REMOTE_DEVICE: ULONG = 0x00000010; -pub const FILE_DEVICE_IS_MOUNTED: ULONG = 0x00000020; -pub const FILE_VIRTUAL_VOLUME: ULONG = 0x00000040; -pub const FILE_AUTOGENERATED_DEVICE_NAME: ULONG = 0x00000080; -pub const FILE_DEVICE_SECURE_OPEN: ULONG = 0x00000100; -pub const FILE_CHARACTERISTIC_PNP_DEVICE: ULONG = 0x00000800; -pub const FILE_CHARACTERISTIC_TS_DEVICE: ULONG = 0x00001000; -pub const FILE_CHARACTERISTIC_WEBDAV_DEVICE: ULONG = 0x00002000; -pub const FILE_CHARACTERISTIC_CSV: ULONG = 0x00010000; -pub const FILE_DEVICE_ALLOW_APPCONTAINER_TRAVERSAL: ULONG = 0x00020000; -pub const FILE_PORTABLE_DEVICE: ULONG = 0x00040000; -pub const FILE_PIPE_BYTE_STREAM_TYPE: ULONG = 0x00000000; -pub const FILE_PIPE_MESSAGE_TYPE: ULONG = 0x00000001; -pub const FILE_PIPE_ACCEPT_REMOTE_CLIENTS: ULONG = 0x00000000; -pub const FILE_PIPE_REJECT_REMOTE_CLIENTS: ULONG = 0x00000002; -pub const FILE_PIPE_TYPE_VALID_MASK: ULONG = 0x00000003; -pub const FILE_PIPE_QUEUE_OPERATION: ULONG = 0x00000000; -pub const FILE_PIPE_COMPLETE_OPERATION: ULONG = 0x00000001; -pub const FILE_PIPE_BYTE_STREAM_MODE: ULONG = 0x00000000; -pub const FILE_PIPE_MESSAGE_MODE: ULONG = 0x00000001; -pub const FILE_PIPE_INBOUND: ULONG = 0x00000000; -pub const FILE_PIPE_OUTBOUND: ULONG = 0x00000001; -pub const FILE_PIPE_FULL_DUPLEX: ULONG = 0x00000002; -pub const FILE_PIPE_DISCONNECTED_STATE: ULONG = 0x00000001; -pub const FILE_PIPE_LISTENING_STATE: ULONG = 0x00000002; -pub const FILE_PIPE_CONNECTED_STATE: ULONG = 0x00000003; -pub const FILE_PIPE_CLOSING_STATE: ULONG = 0x00000004; -pub const FILE_PIPE_CLIENT_END: ULONG = 0x00000000; -pub const FILE_PIPE_SERVER_END: ULONG = 0x00000001; -pub const MAILSLOT_SIZE_AUTO: u32 = 0; -UNION!{union IO_STATUS_BLOCK_u { - Status: NTSTATUS, - Pointer: PVOID, -}} -STRUCT!{struct IO_STATUS_BLOCK { - u: IO_STATUS_BLOCK_u, - Information: ULONG_PTR, -}} -pub type PIO_STATUS_BLOCK = *mut IO_STATUS_BLOCK; -FN!{stdcall PIO_APC_ROUTINE( - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - Reserved: ULONG, -) -> ()} -STRUCT!{struct FILE_IO_COMPLETION_INFORMATION { - KeyContext: PVOID, - ApcContext: PVOID, - IoStatusBlock: IO_STATUS_BLOCK, -}} -pub type PFILE_IO_COMPLETION_INFORMATION = *mut FILE_IO_COMPLETION_INFORMATION; -ENUM!{enum FILE_INFORMATION_CLASS { - FileDirectoryInformation = 1, - FileFullDirectoryInformation = 2, - FileBothDirectoryInformation = 3, - FileBasicInformation = 4, - FileStandardInformation = 5, - FileInternalInformation = 6, - FileEaInformation = 7, - FileAccessInformation = 8, - FileNameInformation = 9, - FileRenameInformation = 10, - FileLinkInformation = 11, - FileNamesInformation = 12, - FileDispositionInformation = 13, - FilePositionInformation = 14, - FileFullEaInformation = 15, - FileModeInformation = 16, - FileAlignmentInformation = 17, - FileAllInformation = 18, - FileAllocationInformation = 19, - FileEndOfFileInformation = 20, - FileAlternateNameInformation = 21, - FileStreamInformation = 22, - FilePipeInformation = 23, - FilePipeLocalInformation = 24, - FilePipeRemoteInformation = 25, - FileMailslotQueryInformation = 26, - FileMailslotSetInformation = 27, - FileCompressionInformation = 28, - FileObjectIdInformation = 29, - FileCompletionInformation = 30, - FileMoveClusterInformation = 31, - FileQuotaInformation = 32, - FileReparsePointInformation = 33, - FileNetworkOpenInformation = 34, - FileAttributeTagInformation = 35, - FileTrackingInformation = 36, - FileIdBothDirectoryInformation = 37, - FileIdFullDirectoryInformation = 38, - FileValidDataLengthInformation = 39, - FileShortNameInformation = 40, - FileIoCompletionNotificationInformation = 41, - FileIoStatusBlockRangeInformation = 42, - FileIoPriorityHintInformation = 43, - FileSfioReserveInformation = 44, - FileSfioVolumeInformation = 45, - FileHardLinkInformation = 46, - FileProcessIdsUsingFileInformation = 47, - FileNormalizedNameInformation = 48, - FileNetworkPhysicalNameInformation = 49, - FileIdGlobalTxDirectoryInformation = 50, - FileIsRemoteDeviceInformation = 51, - FileUnusedInformation = 52, - FileNumaNodeInformation = 53, - FileStandardLinkInformation = 54, - FileRemoteProtocolInformation = 55, - FileRenameInformationBypassAccessCheck = 56, - FileLinkInformationBypassAccessCheck = 57, - FileVolumeNameInformation = 58, - FileIdInformation = 59, - FileIdExtdDirectoryInformation = 60, - FileReplaceCompletionInformation = 61, - FileHardLinkFullIdInformation = 62, - FileIdExtdBothDirectoryInformation = 63, - FileDispositionInformationEx = 64, - FileRenameInformationEx = 65, - FileRenameInformationExBypassAccessCheck = 66, - FileDesiredStorageClassInformation = 67, - FileStatInformation = 68, - FileMemoryPartitionInformation = 69, - FileStatLxInformation = 70, - FileCaseSensitiveInformation = 71, - FileLinkInformationEx = 72, - FileLinkInformationExBypassAccessCheck = 73, - FileStorageReserveIdInformation = 74, - FileCaseSensitiveInformationForceAccessCheck = 75, - FileMaximumInformation = 76, -}} -pub type PFILE_INFORMATION_CLASS = *mut FILE_INFORMATION_CLASS; -STRUCT!{struct FILE_BASIC_INFORMATION { - CreationTime: LARGE_INTEGER, - LastAccessTime: LARGE_INTEGER, - LastWriteTime: LARGE_INTEGER, - ChangeTime: LARGE_INTEGER, - FileAttributes: ULONG, -}} -pub type PFILE_BASIC_INFORMATION = *mut FILE_BASIC_INFORMATION; -STRUCT!{struct FILE_STANDARD_INFORMATION { - AllocationSize: LARGE_INTEGER, - EndOfFile: LARGE_INTEGER, - NumberOfLinks: ULONG, - DeletePending: BOOLEAN, - Directory: BOOLEAN, -}} -pub type PFILE_STANDARD_INFORMATION = *mut FILE_STANDARD_INFORMATION; -STRUCT!{struct FILE_STANDARD_INFORMATION_EX { - AllocationSize: LARGE_INTEGER, - EndOfFile: LARGE_INTEGER, - NumberOfLinks: ULONG, - DeletePending: BOOLEAN, - Directory: BOOLEAN, - AlternateStream: BOOLEAN, - MetadataAttribute: BOOLEAN, -}} -pub type PFILE_STANDARD_INFORMATION_EX = *mut FILE_STANDARD_INFORMATION_EX; -STRUCT!{struct FILE_INTERNAL_INFORMATION { - IndexNumber: LARGE_INTEGER, -}} -pub type PFILE_INTERNAL_INFORMATION = *mut FILE_INTERNAL_INFORMATION; -STRUCT!{struct FILE_EA_INFORMATION { - EaSize: ULONG, -}} -pub type PFILE_EA_INFORMATION = *mut FILE_EA_INFORMATION; -STRUCT!{struct FILE_ACCESS_INFORMATION { - AccessFlags: ACCESS_MASK, -}} -pub type PFILE_ACCESS_INFORMATION = *mut FILE_ACCESS_INFORMATION; -STRUCT!{struct FILE_POSITION_INFORMATION { - CurrentByteOffset: LARGE_INTEGER, -}} -pub type PFILE_POSITION_INFORMATION = *mut FILE_POSITION_INFORMATION; -STRUCT!{struct FILE_MODE_INFORMATION { - Mode: ULONG, -}} -pub type PFILE_MODE_INFORMATION = *mut FILE_MODE_INFORMATION; -STRUCT!{struct FILE_ALIGNMENT_INFORMATION { - AlignmentRequirement: ULONG, -}} -pub type PFILE_ALIGNMENT_INFORMATION = *mut FILE_ALIGNMENT_INFORMATION; -STRUCT!{struct FILE_NAME_INFORMATION { - FileNameLength: ULONG, - FileName: [WCHAR; 1], -}} -pub type PFILE_NAME_INFORMATION = *mut FILE_NAME_INFORMATION; -STRUCT!{struct FILE_ALL_INFORMATION { - BasicInformation: FILE_BASIC_INFORMATION, - StandardInformation: FILE_STANDARD_INFORMATION, - InternalInformation: FILE_INTERNAL_INFORMATION, - EaInformation: FILE_EA_INFORMATION, - AccessInformation: FILE_ACCESS_INFORMATION, - PositionInformation: FILE_POSITION_INFORMATION, - ModeInformation: FILE_MODE_INFORMATION, - AlignmentInformation: FILE_ALIGNMENT_INFORMATION, - NameInformation: FILE_NAME_INFORMATION, -}} -pub type PFILE_ALL_INFORMATION = *mut FILE_ALL_INFORMATION; -STRUCT!{struct FILE_NETWORK_OPEN_INFORMATION { - CreationTime: LARGE_INTEGER, - LastAccessTime: LARGE_INTEGER, - LastWriteTime: LARGE_INTEGER, - ChangeTime: LARGE_INTEGER, - AllocationSize: LARGE_INTEGER, - EndOfFile: LARGE_INTEGER, - FileAttributes: ULONG, -}} -pub type PFILE_NETWORK_OPEN_INFORMATION = *mut FILE_NETWORK_OPEN_INFORMATION; -STRUCT!{struct FILE_ATTRIBUTE_TAG_INFORMATION { - FileAttributes: ULONG, - ReparseTag: ULONG, -}} -pub type PFILE_ATTRIBUTE_TAG_INFORMATION = *mut FILE_ATTRIBUTE_TAG_INFORMATION; -STRUCT!{struct FILE_ALLOCATION_INFORMATION { - AllocationSize: LARGE_INTEGER, -}} -pub type PFILE_ALLOCATION_INFORMATION = *mut FILE_ALLOCATION_INFORMATION; -STRUCT!{struct FILE_COMPRESSION_INFORMATION { - CompressedFileSize: LARGE_INTEGER, - CompressionFormat: USHORT, - CompressionUnitShift: UCHAR, - ChunkShift: UCHAR, - ClusterShift: UCHAR, - Reserved: [UCHAR; 3], -}} -pub type PFILE_COMPRESSION_INFORMATION = *mut FILE_COMPRESSION_INFORMATION; -STRUCT!{struct FILE_DISPOSITION_INFORMATION { - DeleteFileA: BOOLEAN, -}} -pub type PFILE_DISPOSITION_INFORMATION = *mut FILE_DISPOSITION_INFORMATION; -STRUCT!{struct FILE_END_OF_FILE_INFORMATION { - EndOfFile: LARGE_INTEGER, -}} -pub type PFILE_END_OF_FILE_INFORMATION = *mut FILE_END_OF_FILE_INFORMATION; -STRUCT!{struct FILE_VALID_DATA_LENGTH_INFORMATION { - ValidDataLength: LARGE_INTEGER, -}} -pub type PFILE_VALID_DATA_LENGTH_INFORMATION = *mut FILE_VALID_DATA_LENGTH_INFORMATION; -STRUCT!{struct FILE_LINK_INFORMATION { - ReplaceIfExists: BOOLEAN, - RootDirectory: HANDLE, - FileNameLength: ULONG, - FileName: [WCHAR; 1], -}} -pub type PFILE_LINK_INFORMATION = *mut FILE_LINK_INFORMATION; -STRUCT!{struct FILE_MOVE_CLUSTER_INFORMATION { - ClusterCount: ULONG, - RootDirectory: HANDLE, - FileNameLength: ULONG, - FileName: [WCHAR; 1], -}} -pub type PFILE_MOVE_CLUSTER_INFORMATION = *mut FILE_MOVE_CLUSTER_INFORMATION; -STRUCT!{struct FILE_RENAME_INFORMATION { - ReplaceIfExists: BOOLEAN, - RootDirectory: HANDLE, - FileNameLength: ULONG, - FileName: [WCHAR; 1], -}} -pub type PFILE_RENAME_INFORMATION = *mut FILE_RENAME_INFORMATION; -STRUCT!{struct FILE_STREAM_INFORMATION { - NextEntryOffset: ULONG, - StreamNameLength: ULONG, - StreamSize: LARGE_INTEGER, - StreamAllocationSize: LARGE_INTEGER, - StreamName: [WCHAR; 1], -}} -pub type PFILE_STREAM_INFORMATION = *mut FILE_STREAM_INFORMATION; -STRUCT!{struct FILE_TRACKING_INFORMATION { - DestinationFile: HANDLE, - ObjectInformationLength: ULONG, - ObjectInformation: [CHAR; 1], -}} -pub type PFILE_TRACKING_INFORMATION = *mut FILE_TRACKING_INFORMATION; -STRUCT!{struct FILE_COMPLETION_INFORMATION { - Port: HANDLE, - Key: PVOID, -}} -pub type PFILE_COMPLETION_INFORMATION = *mut FILE_COMPLETION_INFORMATION; -STRUCT!{struct FILE_PIPE_INFORMATION { - ReadMode: ULONG, - CompletionMode: ULONG, -}} -pub type PFILE_PIPE_INFORMATION = *mut FILE_PIPE_INFORMATION; -STRUCT!{struct FILE_PIPE_LOCAL_INFORMATION { - NamedPipeType: ULONG, - NamedPipeConfiguration: ULONG, - MaximumInstances: ULONG, - CurrentInstances: ULONG, - InboundQuota: ULONG, - ReadDataAvailable: ULONG, - OutboundQuota: ULONG, - WriteQuotaAvailable: ULONG, - NamedPipeState: ULONG, - NamedPipeEnd: ULONG, -}} -pub type PFILE_PIPE_LOCAL_INFORMATION = *mut FILE_PIPE_LOCAL_INFORMATION; -STRUCT!{struct FILE_PIPE_REMOTE_INFORMATION { - CollectDataTime: LARGE_INTEGER, - MaximumCollectionCount: ULONG, -}} -pub type PFILE_PIPE_REMOTE_INFORMATION = *mut FILE_PIPE_REMOTE_INFORMATION; -STRUCT!{struct FILE_MAILSLOT_QUERY_INFORMATION { - MaximumMessageSize: ULONG, - MailslotQuota: ULONG, - NextMessageSize: ULONG, - MessagesAvailable: ULONG, - ReadTimeout: LARGE_INTEGER, -}} -pub type PFILE_MAILSLOT_QUERY_INFORMATION = *mut FILE_MAILSLOT_QUERY_INFORMATION; -STRUCT!{struct FILE_MAILSLOT_SET_INFORMATION { - ReadTimeout: PLARGE_INTEGER, -}} -pub type PFILE_MAILSLOT_SET_INFORMATION = *mut FILE_MAILSLOT_SET_INFORMATION; -STRUCT!{struct FILE_REPARSE_POINT_INFORMATION { - FileReference: LONGLONG, - Tag: ULONG, -}} -pub type PFILE_REPARSE_POINT_INFORMATION = *mut FILE_REPARSE_POINT_INFORMATION; -STRUCT!{struct FILE_LINK_ENTRY_INFORMATION { - NextEntryOffset: ULONG, - ParentFileId: LONGLONG, - FileNameLength: ULONG, - FileName: [WCHAR; 1], -}} -pub type PFILE_LINK_ENTRY_INFORMATION = *mut FILE_LINK_ENTRY_INFORMATION; -STRUCT!{struct FILE_LINKS_INFORMATION { - BytesNeeded: ULONG, - EntriesReturned: ULONG, - Entry: FILE_LINK_ENTRY_INFORMATION, -}} -pub type PFILE_LINKS_INFORMATION = *mut FILE_LINKS_INFORMATION; -STRUCT!{struct FILE_NETWORK_PHYSICAL_NAME_INFORMATION { - FileNameLength: ULONG, - FileName: [WCHAR; 1], -}} -pub type PFILE_NETWORK_PHYSICAL_NAME_INFORMATION = *mut FILE_NETWORK_PHYSICAL_NAME_INFORMATION; -STRUCT!{struct FILE_STANDARD_LINK_INFORMATION { - NumberOfAccessibleLinks: ULONG, - TotalNumberOfLinks: ULONG, - DeletePending: BOOLEAN, - Directory: BOOLEAN, -}} -pub type PFILE_STANDARD_LINK_INFORMATION = *mut FILE_STANDARD_LINK_INFORMATION; -STRUCT!{struct FILE_SFIO_RESERVE_INFORMATION { - RequestsPerPeriod: ULONG, - Period: ULONG, - RetryFailures: BOOLEAN, - Discardable: BOOLEAN, - RequestSize: ULONG, - NumOutstandingRequests: ULONG, -}} -pub type PFILE_SFIO_RESERVE_INFORMATION = *mut FILE_SFIO_RESERVE_INFORMATION; -STRUCT!{struct FILE_SFIO_VOLUME_INFORMATION { - MaximumRequestsPerPeriod: ULONG, - MinimumPeriod: ULONG, - MinimumTransferSize: ULONG, -}} -pub type PFILE_SFIO_VOLUME_INFORMATION = *mut FILE_SFIO_VOLUME_INFORMATION; -ENUM!{enum IO_PRIORITY_HINT { - IoPriorityVeryLow = 0, - IoPriorityLow = 1, - IoPriorityNormal = 2, - IoPriorityHigh = 3, - IoPriorityCritical = 4, - MaxIoPriorityTypes = 5, -}} -STRUCT!{struct FILE_IO_PRIORITY_HINT_INFORMATION { - PriorityHint: IO_PRIORITY_HINT, -}} -pub type PFILE_IO_PRIORITY_HINT_INFORMATION = *mut FILE_IO_PRIORITY_HINT_INFORMATION; -STRUCT!{struct FILE_IO_PRIORITY_HINT_INFORMATION_EX { - PriorityHint: IO_PRIORITY_HINT, - BoostOutstanding: BOOLEAN, -}} -pub type PFILE_IO_PRIORITY_HINT_INFORMATION_EX = *mut FILE_IO_PRIORITY_HINT_INFORMATION_EX; -pub const FILE_SKIP_COMPLETION_PORT_ON_SUCCESS: u32 = 0x1; -pub const FILE_SKIP_SET_EVENT_ON_HANDLE: u32 = 0x2; -pub const FILE_SKIP_SET_USER_EVENT_ON_FAST_IO: u32 = 0x4; -STRUCT!{struct FILE_IO_COMPLETION_NOTIFICATION_INFORMATION { - Flags: ULONG, -}} -pub type PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION = - *mut FILE_IO_COMPLETION_NOTIFICATION_INFORMATION; -STRUCT!{struct FILE_PROCESS_IDS_USING_FILE_INFORMATION { - NumberOfProcessIdsInList: ULONG, - ProcessIdList: [ULONG_PTR; 1], -}} -pub type PFILE_PROCESS_IDS_USING_FILE_INFORMATION = *mut FILE_PROCESS_IDS_USING_FILE_INFORMATION; -STRUCT!{struct FILE_IS_REMOTE_DEVICE_INFORMATION { - IsRemote: BOOLEAN, -}} -pub type PFILE_IS_REMOTE_DEVICE_INFORMATION = *mut FILE_IS_REMOTE_DEVICE_INFORMATION; -STRUCT!{struct FILE_NUMA_NODE_INFORMATION { - NodeNumber: USHORT, -}} -pub type PFILE_NUMA_NODE_INFORMATION = *mut FILE_NUMA_NODE_INFORMATION; -STRUCT!{struct FILE_IOSTATUSBLOCK_RANGE_INFORMATION { - IoStatusBlockRange: PUCHAR, - Length: ULONG, -}} -pub type PFILE_IOSTATUSBLOCK_RANGE_INFORMATION = *mut FILE_IOSTATUSBLOCK_RANGE_INFORMATION; -STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_GenericReserved { - Reserved: [ULONG; 8], -}} -STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Server { - Capabilities: ULONG, -}} -STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Share { - Capabilities: ULONG, - CachingFlags: ULONG, -}} -STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2 { - Server: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Server, - Share: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Share, -}} -UNION!{union FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific { - Smb2: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2, - Reserved: [ULONG; 16], -}} -STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION { - StructureVersion: USHORT, - StructureSize: USHORT, - Protocol: ULONG, - ProtocolMajorVersion: USHORT, - ProtocolMinorVersion: USHORT, - ProtocolRevision: USHORT, - Reserved: USHORT, - Flags: ULONG, - GenericReserved: FILE_REMOTE_PROTOCOL_INFORMATION_GenericReserved, - ProtocolSpecific: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific, -}} -pub type PFILE_REMOTE_PROTOCOL_INFORMATION = *mut FILE_REMOTE_PROTOCOL_INFORMATION; -pub const CHECKSUM_ENFORCEMENT_OFF: u32 = 0x00000001; -STRUCT!{struct FILE_INTEGRITY_STREAM_INFORMATION { - ChecksumAlgorithm: USHORT, - ChecksumChunkShift: UCHAR, - ClusterShift: UCHAR, - Flags: ULONG, -}} -pub type PFILE_INTEGRITY_STREAM_INFORMATION = *mut FILE_INTEGRITY_STREAM_INFORMATION; -STRUCT!{struct FILE_VOLUME_NAME_INFORMATION { - DeviceNameLength: ULONG, - DeviceName: [WCHAR; 1], -}} -pub type PFILE_VOLUME_NAME_INFORMATION = *mut FILE_VOLUME_NAME_INFORMATION; -STRUCT!{struct FILE_ID_INFORMATION { - VolumeSerialNumber: ULONGLONG, - FileId: FILE_ID_128, -}} -pub type PFILE_ID_INFORMATION = *mut FILE_ID_INFORMATION; -STRUCT!{struct FILE_ID_EXTD_DIR_INFORMATION { - NextEntryOffset: ULONG, - FileIndex: ULONG, - CreationTime: LARGE_INTEGER, - LastAccessTime: LARGE_INTEGER, - LastWriteTime: LARGE_INTEGER, - ChangeTime: LARGE_INTEGER, - EndOfFile: LARGE_INTEGER, - AllocationSize: LARGE_INTEGER, - FileAttributes: ULONG, - FileNameLength: ULONG, - EaSize: ULONG, - ReparsePointTag: ULONG, - FileId: FILE_ID_128, - FileName: [WCHAR; 1], -}} -pub type PFILE_ID_EXTD_DIR_INFORMATION = *mut FILE_ID_EXTD_DIR_INFORMATION; -STRUCT!{struct FILE_LINK_ENTRY_FULL_ID_INFORMATION { - NextEntryOffset: ULONG, - ParentFileId: FILE_ID_128, - FileNameLength: ULONG, - FileName: [WCHAR; 1], -}} -pub type PFILE_LINK_ENTRY_FULL_ID_INFORMATION = *mut FILE_LINK_ENTRY_FULL_ID_INFORMATION; -STRUCT!{struct FILE_ID_EXTD_BOTH_DIR_INFORMATION { - NextEntryOffset: ULONG, - FileIndex: ULONG, - CreationTime: LARGE_INTEGER, - LastAccessTime: LARGE_INTEGER, - LastWriteTime: LARGE_INTEGER, - ChangeTime: LARGE_INTEGER, - EndOfFile: LARGE_INTEGER, - AllocationSize: LARGE_INTEGER, - FileAttributes: ULONG, - FileNameLength: ULONG, - EaSize: ULONG, - ReparsePointTag: ULONG, - FileId: FILE_ID_128, - ShortNameLength: CCHAR, - ShortName: [WCHAR; 12], - FileName: [WCHAR; 1], -}} -pub type PFILE_ID_EXTD_BOTH_DIR_INFORMATION = *mut FILE_ID_EXTD_BOTH_DIR_INFORMATION; -STRUCT!{struct FILE_STAT_INFORMATION { - FileId: LARGE_INTEGER, - CreationTime: LARGE_INTEGER, - LastAccessTime: LARGE_INTEGER, - LastWriteTime: LARGE_INTEGER, - ChangeTime: LARGE_INTEGER, - AllocationSize: LARGE_INTEGER, - EndOfFile: LARGE_INTEGER, - FileAttributes: ULONG, - ReparseTag: ULONG, - NumberOfLinks: ULONG, - EffectiveAccess: ULONG, -}} -pub type PFILE_STAT_INFORMATION = *mut FILE_STAT_INFORMATION; -STRUCT!{struct FILE_MEMORY_PARTITION_INFORMATION_Flags_s { - NoCrossPartitionAccess: UCHAR, - Spare: [UCHAR; 3], -}} -UNION!{union FILE_MEMORY_PARTITION_INFORMATION_Flags { - s: FILE_MEMORY_PARTITION_INFORMATION_Flags_s, - AllFlags: ULONG, -}} -STRUCT!{struct FILE_MEMORY_PARTITION_INFORMATION { - OwnerPartitionHandle: HANDLE, - Flags: FILE_MEMORY_PARTITION_INFORMATION_Flags, -}} -pub type PFILE_MEMORY_PARTITION_INFORMATION = *mut FILE_MEMORY_PARTITION_INFORMATION; -STRUCT!{struct FILE_STAT_LX_INFORMATION { - FileId: LARGE_INTEGER, - CreationTime: LARGE_INTEGER, - LastAccessTime: LARGE_INTEGER, - LastWriteTime: LARGE_INTEGER, - ChangeTime: LARGE_INTEGER, - AllocationSize: LARGE_INTEGER, - EndOfFile: LARGE_INTEGER, - FileAttributes: ULONG, - ReparseTag: ULONG, - NumberOfLinks: ULONG, - EffectiveAccess: ULONG, - LxFlags: ULONG, - LxUid: ULONG, - LxGid: ULONG, - LxMode: ULONG, - LxDeviceIdMajor: ULONG, - LxDeviceIdMinor: ULONG, -}} -pub type PFILE_STAT_LX_INFORMATION = *mut FILE_STAT_LX_INFORMATION; -STRUCT!{struct FILE_CASE_SENSITIVE_INFORMATION { - Flags: ULONG, -}} -pub type PFILE_CASE_SENSITIVE_INFORMATION = *mut FILE_CASE_SENSITIVE_INFORMATION; -STRUCT!{struct FILE_DIRECTORY_INFORMATION { - NextEntryOffset: ULONG, - FileIndex: ULONG, - CreationTime: LARGE_INTEGER, - LastAccessTime: LARGE_INTEGER, - LastWriteTime: LARGE_INTEGER, - ChangeTime: LARGE_INTEGER, - EndOfFile: LARGE_INTEGER, - AllocationSize: LARGE_INTEGER, - FileAttributes: ULONG, - FileNameLength: ULONG, - FileName: [WCHAR; 1], -}} -pub type PFILE_DIRECTORY_INFORMATION = *mut FILE_DIRECTORY_INFORMATION; -STRUCT!{struct FILE_FULL_DIR_INFORMATION { - NextEntryOffset: ULONG, - FileIndex: ULONG, - CreationTime: LARGE_INTEGER, - LastAccessTime: LARGE_INTEGER, - LastWriteTime: LARGE_INTEGER, - ChangeTime: LARGE_INTEGER, - EndOfFile: LARGE_INTEGER, - AllocationSize: LARGE_INTEGER, - FileAttributes: ULONG, - FileNameLength: ULONG, - EaSize: ULONG, - FileName: [WCHAR; 1], -}} -pub type PFILE_FULL_DIR_INFORMATION = *mut FILE_FULL_DIR_INFORMATION; -STRUCT!{struct FILE_ID_FULL_DIR_INFORMATION { - NextEntryOffset: ULONG, - FileIndex: ULONG, - CreationTime: LARGE_INTEGER, - LastAccessTime: LARGE_INTEGER, - LastWriteTime: LARGE_INTEGER, - ChangeTime: LARGE_INTEGER, - EndOfFile: LARGE_INTEGER, - AllocationSize: LARGE_INTEGER, - FileAttributes: ULONG, - FileNameLength: ULONG, - EaSize: ULONG, - FileId: LARGE_INTEGER, - FileName: [WCHAR; 1], -}} -pub type PFILE_ID_FULL_DIR_INFORMATION = *mut FILE_ID_FULL_DIR_INFORMATION; -STRUCT!{struct FILE_BOTH_DIR_INFORMATION { - NextEntryOffset: ULONG, - FileIndex: ULONG, - CreationTime: LARGE_INTEGER, - LastAccessTime: LARGE_INTEGER, - LastWriteTime: LARGE_INTEGER, - ChangeTime: LARGE_INTEGER, - EndOfFile: LARGE_INTEGER, - AllocationSize: LARGE_INTEGER, - FileAttributes: ULONG, - FileNameLength: ULONG, - EaSize: ULONG, - ShortNameLength: CCHAR, - ShortName: [WCHAR; 12], - FileName: [WCHAR; 1], -}} -pub type PFILE_BOTH_DIR_INFORMATION = *mut FILE_BOTH_DIR_INFORMATION; -STRUCT!{struct FILE_ID_BOTH_DIR_INFORMATION { - NextEntryOffset: ULONG, - FileIndex: ULONG, - CreationTime: LARGE_INTEGER, - LastAccessTime: LARGE_INTEGER, - LastWriteTime: LARGE_INTEGER, - ChangeTime: LARGE_INTEGER, - EndOfFile: LARGE_INTEGER, - AllocationSize: LARGE_INTEGER, - FileAttributes: ULONG, - FileNameLength: ULONG, - EaSize: ULONG, - ShortNameLength: CCHAR, - ShortName: [WCHAR; 12], - FileId: LARGE_INTEGER, - FileName: [WCHAR; 1], -}} -pub type PFILE_ID_BOTH_DIR_INFORMATION = *mut FILE_ID_BOTH_DIR_INFORMATION; -STRUCT!{struct FILE_NAMES_INFORMATION { - NextEntryOffset: ULONG, - FileIndex: ULONG, - FileNameLength: ULONG, - FileName: [WCHAR; 1], -}} -pub type PFILE_NAMES_INFORMATION = *mut FILE_NAMES_INFORMATION; -STRUCT!{struct FILE_ID_GLOBAL_TX_DIR_INFORMATION { - NextEntryOffset: ULONG, - FileIndex: ULONG, - CreationTime: LARGE_INTEGER, - LastAccessTime: LARGE_INTEGER, - LastWriteTime: LARGE_INTEGER, - ChangeTime: LARGE_INTEGER, - EndOfFile: LARGE_INTEGER, - AllocationSize: LARGE_INTEGER, - FileAttributes: ULONG, - FileNameLength: ULONG, - FileId: LARGE_INTEGER, - LockingTransactionId: GUID, - TxInfoFlags: ULONG, - FileName: [WCHAR; 1], -}} -pub type PFILE_ID_GLOBAL_TX_DIR_INFORMATION = *mut FILE_ID_GLOBAL_TX_DIR_INFORMATION; -pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED: u32 = 0x00000001; -pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX: u32 = 0x00000002; -pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX: u32 = 0x00000004; -STRUCT!{struct FILE_OBJECTID_INFORMATION_u_s { - BirthVolumeId: [UCHAR; 16], - BirthObjectId: [UCHAR; 16], - DomainId: [UCHAR; 16], -}} -UNION!{union FILE_OBJECTID_INFORMATION_u { - s: FILE_OBJECTID_INFORMATION_u_s, - ExtendedInfo: [UCHAR; 48], -}} -STRUCT!{struct FILE_OBJECTID_INFORMATION { - FileReference: LONGLONG, - ObjectId: [UCHAR; 16], - u: FILE_OBJECTID_INFORMATION_u, -}} -pub type PFILE_OBJECTID_INFORMATION = *mut FILE_OBJECTID_INFORMATION; -STRUCT!{struct FILE_FULL_EA_INFORMATION { - NextEntryOffset: ULONG, - Flags: UCHAR, - EaNameLength: UCHAR, - EaValueLength: USHORT, - EaName: [CHAR; 1], -}} -pub type PFILE_FULL_EA_INFORMATION = *mut FILE_FULL_EA_INFORMATION; -STRUCT!{struct FILE_GET_EA_INFORMATION { - NextEntryOffset: ULONG, - EaNameLength: UCHAR, - EaName: [CHAR; 1], -}} -pub type PFILE_GET_EA_INFORMATION = *mut FILE_GET_EA_INFORMATION; -STRUCT!{struct FILE_GET_QUOTA_INFORMATION { - NextEntryOffset: ULONG, - SidLength: ULONG, - Sid: SID, -}} -pub type PFILE_GET_QUOTA_INFORMATION = *mut FILE_GET_QUOTA_INFORMATION; -STRUCT!{struct FILE_QUOTA_INFORMATION { - NextEntryOffset: ULONG, - SidLength: ULONG, - ChangeTime: LARGE_INTEGER, - QuotaUsed: LARGE_INTEGER, - QuotaThreshold: LARGE_INTEGER, - QuotaLimit: LARGE_INTEGER, - Sid: SID, -}} -pub type PFILE_QUOTA_INFORMATION = *mut FILE_QUOTA_INFORMATION; -ENUM!{enum FS_INFORMATION_CLASS { - FileFsVolumeInformation = 1, - FileFsLabelInformation = 2, - FileFsSizeInformation = 3, - FileFsDeviceInformation = 4, - FileFsAttributeInformation = 5, - FileFsControlInformation = 6, - FileFsFullSizeInformation = 7, - FileFsObjectIdInformation = 8, - FileFsDriverPathInformation = 9, - FileFsVolumeFlagsInformation = 10, - FileFsSectorSizeInformation = 11, - FileFsDataCopyInformation = 12, - FileFsMetadataSizeInformation = 13, - FileFsFullSizeInformationEx = 14, - FileFsMaximumInformation = 15, -}} -pub type PFS_INFORMATION_CLASS = *mut FS_INFORMATION_CLASS; -STRUCT!{struct FILE_FS_LABEL_INFORMATION { - VolumeLabelLength: ULONG, - VolumeLabel: [WCHAR; 1], -}} -pub type PFILE_FS_LABEL_INFORMATION = *mut FILE_FS_LABEL_INFORMATION; -STRUCT!{struct FILE_FS_VOLUME_INFORMATION { - VolumeCreationTime: LARGE_INTEGER, - VolumeSerialNumber: ULONG, - VolumeLabelLength: ULONG, - SupportsObjects: BOOLEAN, - VolumeLabel: [WCHAR; 1], -}} -pub type PFILE_FS_VOLUME_INFORMATION = *mut FILE_FS_VOLUME_INFORMATION; -STRUCT!{struct FILE_FS_SIZE_INFORMATION { - TotalAllocationUnits: LARGE_INTEGER, - AvailableAllocationUnits: LARGE_INTEGER, - SectorsPerAllocationUnit: ULONG, - BytesPerSector: ULONG, -}} -pub type PFILE_FS_SIZE_INFORMATION = *mut FILE_FS_SIZE_INFORMATION; -STRUCT!{struct FILE_FS_CONTROL_INFORMATION { - FreeSpaceStartFiltering: LARGE_INTEGER, - FreeSpaceThreshold: LARGE_INTEGER, - FreeSpaceStopFiltering: LARGE_INTEGER, - DefaultQuotaThreshold: LARGE_INTEGER, - DefaultQuotaLimit: LARGE_INTEGER, - FileSystemControlFlags: ULONG, -}} -pub type PFILE_FS_CONTROL_INFORMATION = *mut FILE_FS_CONTROL_INFORMATION; -STRUCT!{struct FILE_FS_FULL_SIZE_INFORMATION { - TotalAllocationUnits: LARGE_INTEGER, - CallerAvailableAllocationUnits: LARGE_INTEGER, - ActualAvailableAllocationUnits: LARGE_INTEGER, - SectorsPerAllocationUnit: ULONG, - BytesPerSector: ULONG, -}} -pub type PFILE_FS_FULL_SIZE_INFORMATION = *mut FILE_FS_FULL_SIZE_INFORMATION; -STRUCT!{struct FILE_FS_OBJECTID_INFORMATION { - ObjectId: [UCHAR; 16], - ExtendedInfo: [UCHAR; 48], -}} -pub type PFILE_FS_OBJECTID_INFORMATION = *mut FILE_FS_OBJECTID_INFORMATION; -STRUCT!{struct FILE_FS_DEVICE_INFORMATION { - DeviceType: DWORD, - Characteristics: ULONG, -}} -pub type PFILE_FS_DEVICE_INFORMATION = *mut FILE_FS_DEVICE_INFORMATION; -STRUCT!{struct FILE_FS_ATTRIBUTE_INFORMATION { - FileSystemAttributes: ULONG, - MaximumComponentNameLength: LONG, - FileSystemNameLength: ULONG, - FileSystemName: [WCHAR; 1], -}} -pub type PFILE_FS_ATTRIBUTE_INFORMATION = *mut FILE_FS_ATTRIBUTE_INFORMATION; -STRUCT!{struct FILE_FS_DRIVER_PATH_INFORMATION { - DriverInPath: BOOLEAN, - DriverNameLength: ULONG, - DriverName: [WCHAR; 1], -}} -pub type PFILE_FS_DRIVER_PATH_INFORMATION = *mut FILE_FS_DRIVER_PATH_INFORMATION; -STRUCT!{struct FILE_FS_VOLUME_FLAGS_INFORMATION { - Flags: ULONG, -}} -pub type PFILE_FS_VOLUME_FLAGS_INFORMATION = *mut FILE_FS_VOLUME_FLAGS_INFORMATION; -pub const SSINFO_FLAGS_ALIGNED_DEVICE: u32 = 0x00000001; -pub const SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE: u32 = 0x00000002; -pub const SSINFO_OFFSET_UNKNOWN: u32 = 0xffffffff; -STRUCT!{struct FILE_FS_SECTOR_SIZE_INFORMATION { - LogicalBytesPerSector: ULONG, - PhysicalBytesPerSectorForAtomicity: ULONG, - PhysicalBytesPerSectorForPerformance: ULONG, - FileSystemEffectivePhysicalBytesPerSectorForAtomicity: ULONG, - Flags: ULONG, - ByteOffsetForSectorAlignment: ULONG, - ByteOffsetForPartitionAlignment: ULONG, -}} -pub type PFILE_FS_SECTOR_SIZE_INFORMATION = *mut FILE_FS_SECTOR_SIZE_INFORMATION; -STRUCT!{struct FILE_FS_DATA_COPY_INFORMATION { - NumberOfCopies: ULONG, -}} -pub type PFILE_FS_DATA_COPY_INFORMATION = *mut FILE_FS_DATA_COPY_INFORMATION; -STRUCT!{struct FILE_FS_METADATA_SIZE_INFORMATION { - TotalMetadataAllocationUnits: LARGE_INTEGER, - SectorsPerAllocationUnit: ULONG, - BytesPerSector: ULONG, -}} -pub type PFILE_FS_METADATA_SIZE_INFORMATION = *mut FILE_FS_METADATA_SIZE_INFORMATION; -STRUCT!{struct FILE_FS_FULL_SIZE_INFORMATION_EX { - ActualTotalAllocationUnits: ULONGLONG, - ActualAvailableAllocationUnits: ULONGLONG, - ActualPoolUnavailableAllocationUnits: ULONGLONG, - CallerTotalAllocationUnits: ULONGLONG, - CallerAvailableAllocationUnits: ULONGLONG, - CallerPoolUnavailableAllocationUnits: ULONGLONG, - UsedAllocationUnits: ULONGLONG, - TotalReservedAllocationUnits: ULONGLONG, - VolumeStorageReserveAllocationUnits: ULONGLONG, - AvailableCommittedAllocationUnits: ULONGLONG, - PoolAvailableAllocationUnits: ULONGLONG, - SectorsPerAllocationUnit: ULONG, - BytesPerSector: ULONG, -}} -pub type PFILE_FS_FULL_SIZE_INFORMATION_EX = *mut FILE_FS_FULL_SIZE_INFORMATION_EX; -EXTERN!{extern "system" { - fn NtCreateFile( - FileHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - IoStatusBlock: PIO_STATUS_BLOCK, - AllocationSize: PLARGE_INTEGER, - FileAttributes: ULONG, - ShareAccess: ULONG, - CreateDisposition: ULONG, - CreateOptions: ULONG, - EaBuffer: PVOID, - EaLength: ULONG, - ) -> NTSTATUS; - fn NtCreateNamedPipeFile( - FileHandle: PHANDLE, - DesiredAccess: ULONG, - ObjectAttributes: POBJECT_ATTRIBUTES, - IoStatusBlock: PIO_STATUS_BLOCK, - ShareAccess: ULONG, - CreateDisposition: ULONG, - CreateOptions: ULONG, - NamedPipeType: ULONG, - ReadMode: ULONG, - CompletionMode: ULONG, - MaximumInstances: ULONG, - InboundQuota: ULONG, - OutboundQuota: ULONG, - DefaultTimeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtCreateMailslotFile( - FileHandle: PHANDLE, - DesiredAccess: ULONG, - ObjectAttributes: POBJECT_ATTRIBUTES, - IoStatusBlock: PIO_STATUS_BLOCK, - CreateOptions: ULONG, - MailslotQuota: ULONG, - MaximumMessageSize: ULONG, - ReadTimeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtOpenFile( - FileHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - IoStatusBlock: PIO_STATUS_BLOCK, - ShareAccess: ULONG, - OpenOptions: ULONG, - ) -> NTSTATUS; - fn NtDeleteFile( - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtFlushBuffersFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - ) -> NTSTATUS; - fn NtFlushBuffersFileEx( - FileHandle: HANDLE, - Flags: ULONG, - Parameters: PVOID, - ParametersSize: ULONG, - IoStatusBlock: PIO_STATUS_BLOCK, - ) -> NTSTATUS; - fn NtQueryInformationFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - FileInformation: PVOID, - Length: ULONG, - FileInformationClass: FILE_INFORMATION_CLASS, - ) -> NTSTATUS; - fn NtQueryInformationByName( - ObjectAttributes: POBJECT_ATTRIBUTES, - IoStatusBlock: PIO_STATUS_BLOCK, - FileInformation: PVOID, - Length: ULONG, - FileInformationClass: FILE_INFORMATION_CLASS, - ) -> NTSTATUS; - fn NtSetInformationFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - FileInformation: PVOID, - Length: ULONG, - FileInformationClass: FILE_INFORMATION_CLASS, - ) -> NTSTATUS; - fn NtQueryDirectoryFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - FileInformation: PVOID, - Length: ULONG, - FileInformationClass: FILE_INFORMATION_CLASS, - ReturnSingleEntry: BOOLEAN, - FileName: PUNICODE_STRING, - RestartScan: BOOLEAN, - ) -> NTSTATUS; - fn NtQueryEaFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - ReturnSingleEntry: BOOLEAN, - EaList: PVOID, - EaListLength: ULONG, - EaIndex: PULONG, - RestartScan: BOOLEAN, - ) -> NTSTATUS; - fn NtSetEaFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - ) -> NTSTATUS; - fn NtQueryQuotaInformationFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - ReturnSingleEntry: BOOLEAN, - SidList: PVOID, - SidListLength: ULONG, - StartSid: PSID, - RestartScan: BOOLEAN, - ) -> NTSTATUS; - fn NtSetQuotaInformationFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - ) -> NTSTATUS; - fn NtQueryVolumeInformationFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - FsInformation: PVOID, - Length: ULONG, - FsInformationClass: FS_INFORMATION_CLASS, - ) -> NTSTATUS; - fn NtSetVolumeInformationFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - FsInformation: PVOID, - Length: ULONG, - FsInformationClass: FS_INFORMATION_CLASS, - ) -> NTSTATUS; - fn NtCancelIoFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - ) -> NTSTATUS; - fn NtCancelIoFileEx( - FileHandle: HANDLE, - IoRequestToCancel: PIO_STATUS_BLOCK, - IoStatusBlock: PIO_STATUS_BLOCK, - ) -> NTSTATUS; - fn NtCancelSynchronousIoFile( - ThreadHandle: HANDLE, - IoRequestToCancel: PIO_STATUS_BLOCK, - IoStatusBlock: PIO_STATUS_BLOCK, - ) -> NTSTATUS; - fn NtDeviceIoControlFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - IoControlCode: ULONG, - InputBuffer: PVOID, - InputBufferLength: ULONG, - OutputBuffer: PVOID, - OutputBufferLength: ULONG, - ) -> NTSTATUS; - fn NtFsControlFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - FsControlCode: ULONG, - InputBuffer: PVOID, - InputBufferLength: ULONG, - OutputBuffer: PVOID, - OutputBufferLength: ULONG, - ) -> NTSTATUS; - fn NtReadFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - ByteOffset: PLARGE_INTEGER, - Key: PULONG, - ) -> NTSTATUS; - fn NtWriteFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - ByteOffset: PLARGE_INTEGER, - Key: PULONG, - ) -> NTSTATUS; - fn NtReadFileScatter( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - SegmentArray: PFILE_SEGMENT_ELEMENT, - Length: ULONG, - ByteOffset: PLARGE_INTEGER, - Key: PULONG, - ) -> NTSTATUS; - fn NtWriteFileGather( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - SegmentArray: PFILE_SEGMENT_ELEMENT, - Length: ULONG, - ByteOffset: PLARGE_INTEGER, - Key: PULONG, - ) -> NTSTATUS; - fn NtLockFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - ByteOffset: PLARGE_INTEGER, - Length: PLARGE_INTEGER, - Key: ULONG, - FailImmediately: BOOLEAN, - ExclusiveLock: BOOLEAN, - ) -> NTSTATUS; - fn NtUnlockFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - ByteOffset: PLARGE_INTEGER, - Length: PLARGE_INTEGER, - Key: ULONG, - ) -> NTSTATUS; - fn NtQueryAttributesFile( - ObjectAttributes: POBJECT_ATTRIBUTES, - FileInformation: PFILE_BASIC_INFORMATION, - ) -> NTSTATUS; - fn NtQueryFullAttributesFile( - ObjectAttributes: POBJECT_ATTRIBUTES, - FileInformation: PFILE_NETWORK_OPEN_INFORMATION, - ) -> NTSTATUS; - fn NtNotifyChangeDirectoryFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - CompletionFilter: ULONG, - WatchTree: BOOLEAN, - ) -> NTSTATUS; - fn NtLoadDriver( - DriverServiceName: PUNICODE_STRING, - ) -> NTSTATUS; - fn NtUnloadDriver( - DriverServiceName: PUNICODE_STRING, - ) -> NTSTATUS; -}} -pub const IO_COMPLETION_QUERY_STATE: u32 = 0x0001; -ENUM!{enum IO_COMPLETION_INFORMATION_CLASS { - IoCompletionBasicInformation = 0, -}} -STRUCT!{struct IO_COMPLETION_BASIC_INFORMATION { - Depth: LONG, -}} -pub type PIO_COMPLETION_BASIC_INFORMATION = *mut IO_COMPLETION_BASIC_INFORMATION; -EXTERN!{extern "system" { - fn NtCreateIoCompletion( - IoCompletionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - Count: ULONG, - ) -> NTSTATUS; - fn NtOpenIoCompletion( - IoCompletionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtQueryIoCompletion( - IoCompletionHandle: HANDLE, - IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS, - IoCompletionInformation: PVOID, - IoCompletionInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtSetIoCompletion( - IoCompletionHandle: HANDLE, - KeyContext: PVOID, - ApcContext: PVOID, - IoStatus: NTSTATUS, - IoStatusInformation: ULONG_PTR, - ) -> NTSTATUS; - fn NtSetIoCompletionEx( - IoCompletionHandle: HANDLE, - IoCompletionPacketHandle: HANDLE, - KeyContext: PVOID, - ApcContext: PVOID, - IoStatus: NTSTATUS, - IoStatusInformation: ULONG_PTR, - ) -> NTSTATUS; - fn NtRemoveIoCompletion( - IoCompletionHandle: HANDLE, - KeyContext: *mut PVOID, - ApcContext: *mut PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtRemoveIoCompletionEx( - IoCompletionHandle: HANDLE, - IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION, - Count: ULONG, - NumEntriesRemoved: PULONG, - Timeout: PLARGE_INTEGER, - Alertable: BOOLEAN, - ) -> NTSTATUS; - fn NtCreateWaitCompletionPacket( - WaitCompletionPacketHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtAssociateWaitCompletionPacket( - WaitCompletionPacketHandle: HANDLE, - IoCompletionHandle: HANDLE, - TargetObjectHandle: HANDLE, - KeyContext: PVOID, - ApcContext: PVOID, - IoStatus: NTSTATUS, - IoStatusInformation: ULONG_PTR, - AlreadySignaled: PBOOLEAN, - ) -> NTSTATUS; - fn NtCancelWaitCompletionPacket( - WaitCompletionPacketHandle: HANDLE, - RemoveSignaledPacket: BOOLEAN, - ) -> NTSTATUS; -}} -ENUM!{enum IO_SESSION_EVENT { - IoSessionEventIgnore = 0, - IoSessionEventCreated = 1, - IoSessionEventTerminated = 2, - IoSessionEventConnected = 3, - IoSessionEventDisconnected = 4, - IoSessionEventLogon = 5, - IoSessionEventLogoff = 6, - IoSessionEventMax = 7, -}} -ENUM!{enum IO_SESSION_STATE { - IoSessionStateCreated = 0, - IoSessionStateInitialized = 1, - IoSessionStateConnected = 2, - IoSessionStateDisconnected = 3, - IoSessionStateDisconnectedLoggedOn = 4, - IoSessionStateLoggedOn = 5, - IoSessionStateLoggedOff = 6, - IoSessionStateTerminated = 7, - IoSessionStateMax = 8, -}} -EXTERN!{extern "system" { - fn NtNotifyChangeSession( - SessionHandle: HANDLE, - ChangeSequenceNumber: ULONG, - ChangeTimeStamp: PLARGE_INTEGER, - Event: IO_SESSION_EVENT, - NewState: IO_SESSION_STATE, - PreviousState: IO_SESSION_STATE, - Payload: PVOID, - PayloadSize: ULONG, - ) -> NTSTATUS; -}} -ENUM!{enum INTERFACE_TYPE { - InterfaceTypeUndefined = -1i32 as u32, - Internal = 0, - Isa = 1, - Eisa = 2, - MicroChannel = 3, - TurboChannel = 4, - PCIBus = 5, - VMEBus = 6, - NuBus = 7, - PCMCIABus = 8, - CBus = 9, - MPIBus = 10, - MPSABus = 11, - ProcessorInternal = 12, - InternalPowerBus = 13, - PNPISABus = 14, - PNPBus = 15, - Vmcs = 16, - MaximumInterfaceType = 17, -}} -pub type PINTERFACE_TYPE = *mut INTERFACE_TYPE; -ENUM!{enum DMA_WIDTH { - Width8Bits = 0, - Width16Bits = 1, - Width32Bits = 2, - MaximumDmaWidth = 3, -}} -pub type PDMA_WIDTH = *mut DMA_WIDTH; -ENUM!{enum DMA_SPEED { - Compatible = 0, - TypeA = 1, - TypeB = 2, - TypeC = 3, - TypeF = 4, - MaximumDmaSpeed = 5, -}} -pub type PDMA_SPEED = *mut DMA_SPEED; -ENUM!{enum BUS_DATA_TYPE { - ConfigurationSpaceUndefined = -1i32 as u32, - Cmos = 0, - EisaConfiguration = 1, - Pos = 2, - CbusConfiguration = 3, - PCIConfiguration = 4, - VMEConfiguration = 5, - NuBusConfiguration = 6, - PCMCIAConfiguration = 7, - MPIConfiguration = 8, - MPSAConfiguration = 9, - PNPISAConfiguration = 10, - SgiInternalConfiguration = 11, - MaximumBusDataType = 12, -}} -pub type PBUS_DATA_TYPE = *mut BUS_DATA_TYPE; -pub const SYMLINK_FLAG_RELATIVE: u32 = 1; -STRUCT!{struct REPARSE_DATA_BUFFER_u_SymbolicLinkReparseBuffer { - SubstituteNameOffset: USHORT, - SubstituteNameLength: USHORT, - PrintNameOffset: USHORT, - PrintNameLength: USHORT, - Flags: ULONG, - PathBuffer: [WCHAR; 1], -}} -STRUCT!{struct REPARSE_DATA_BUFFER_u_MountPointReparseBuffer { - SubstituteNameOffset: USHORT, - SubstituteNameLength: USHORT, - PrintNameOffset: USHORT, - PrintNameLength: USHORT, - PathBuffer: [WCHAR; 1], -}} -STRUCT!{struct REPARSE_DATA_BUFFER_u_GenericReparseBuffer { - DataBuffer: [UCHAR; 1], -}} -UNION!{union REPARSE_DATA_BUFFER_u { - SymbolicLinkReparseBuffer: REPARSE_DATA_BUFFER_u_SymbolicLinkReparseBuffer, - MountPointReparseBuffer: REPARSE_DATA_BUFFER_u_MountPointReparseBuffer, - GenericReparseBuffer: REPARSE_DATA_BUFFER_u_GenericReparseBuffer, -}} -STRUCT!{struct REPARSE_DATA_BUFFER { - ReparseTag: ULONG, - ReparseDataLength: USHORT, - Reserved: USHORT, - u: REPARSE_DATA_BUFFER_u, -}} -pub type PREPARSE_DATA_BUFFER = *mut REPARSE_DATA_BUFFER; -/// "\Device\NamedPipe\" -pub const DEVICE_NAMED_PIPE: UTF16Const = UTF16Const(&[ - 0x005C, 0x0044, 0x0065, 0x0076, 0x0069, 0x0063, 0x0065, 0x005C, 0x004E, 0x0061, 0x006D, 0x0065, - 0x0064, 0x0050, 0x0069, 0x0070, 0x0065, 0x005C, 0u16, -]); -pub const FSCTL_PIPE_ASSIGN_EVENT: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_DISCONNECT: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_LISTEN: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_PEEK: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA); -pub const FSTL_PIPE_QUERY_EVENT: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_TRANSCEIVE: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA); -pub const FSTL_PIPE_WAIT: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_IMPERSONATE: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_SET_CLIENT_PROCESS: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_QUERY_CLIENT_PROCESS: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_GET_PIPE_ATTRIBUTE: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_SET_PIPE_ATTRIBUTE: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_GET_CONNECTION_ATTRIBUTE: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_SET_CONNECTION_ATTRIBUTE: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_GET_HANDLE_ATTRIBUTE: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_SET_HANDLE_ATTRIBUTE: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS); -pub const FSTL_PIPE_FLUSH: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA); -pub const FSTL_PIPE_INTERNAL_READ: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA); -pub const FSTL_PIPE_INTERNAL_WRITE: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA); -pub const FSTL_PIPE_INTERNAL_TRANSCEIVE: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA); -pub const FSTL_PIPE_INTERNAL_READ_OVFLOW: u32 = - CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA); -pub const FILE_PIPE_READ_DATA: u32 = 0x00000000; -pub const FILE_PIPE_WRITE_SPACE: u32 = 0x00000001; -STRUCT!{struct FILE_PIPE_ASSIGN_EVENT_BUFFER { - EventHandle: HANDLE, - KeyValue: ULONG, -}} -pub type PFILE_PIPE_ASSIGN_EVENT_BUFFER = *mut FILE_PIPE_ASSIGN_EVENT_BUFFER; -STRUCT!{struct FILE_PIPE_PEEK_BUFFER { - NamedPipeState: ULONG, - ReadDataAvailable: ULONG, - NumberOfMessages: ULONG, - MessageLength: ULONG, - Data: [CHAR; 1], -}} -pub type PFILE_PIPE_PEEK_BUFFER = *mut FILE_PIPE_PEEK_BUFFER; -STRUCT!{struct FILE_PIPE_EVENT_BUFFER { - NamedPipeState: ULONG, - EntryType: ULONG, - ByteCount: ULONG, - KeyValue: ULONG, - NumberRequests: ULONG, -}} -pub type PFILE_PIPE_EVENT_BUFFER = *mut FILE_PIPE_EVENT_BUFFER; -STRUCT!{struct FILE_PIPE_WAIT_FOR_BUFFER { - Timeout: LARGE_INTEGER, - NameLength: ULONG, - TimeoutSpecified: BOOLEAN, - Name: [WCHAR; 1], -}} -pub type PFILE_PIPE_WAIT_FOR_BUFFER = *mut FILE_PIPE_WAIT_FOR_BUFFER; -STRUCT!{struct FILE_PIPE_CLIENT_PROCESS_BUFFER { - ClientSession: PVOID, - ClientProcess: PVOID, -}} -pub type PFILE_PIPE_CLIENT_PROCESS_BUFFER = *mut FILE_PIPE_CLIENT_PROCESS_BUFFER; -pub const FILE_PIPE_COMPUTER_NAME_LENGTH: usize = 15; -STRUCT!{struct FILE_PIPE_CLIENT_PROCESS_BUFFER_EX { - ClientSession: PVOID, - ClientProcess: PVOID, - ClientComputerNameLength: USHORT, - ClientComputerBuffer: [WCHAR; FILE_PIPE_COMPUTER_NAME_LENGTH + 1], -}} -pub type PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX = *mut FILE_PIPE_CLIENT_PROCESS_BUFFER_EX; -pub const MAILSLOT_CLASS_FIRSTCLASS: u32 = 1; -pub const MAILSLOT_CLASS_SECONDCLASS: u32 = 2; -pub const FSCTL_MAILSLOT_PEEK: u32 = - CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA); -STRUCT!{struct FILE_MAILSLOT_PEEK_BUFFER { - ReadDataAvailable: ULONG, - NumberOfMessages: ULONG, - MessageLength: ULONG, -}} -pub type PFILE_MAILSLOT_PEEK_BUFFER = *mut FILE_MAILSLOT_PEEK_BUFFER; diff --git a/vendor/ntapi/src/ntkeapi.rs b/vendor/ntapi/src/ntkeapi.rs deleted file mode 100644 index a26f39b39..000000000 --- a/vendor/ntapi/src/ntkeapi.rs +++ /dev/null @@ -1,121 +0,0 @@ -use winapi::shared::ntdef::{BOOLEAN, NTSTATUS, PVOID, ULONG}; -pub const LOW_PRIORITY: u32 = 0; -pub const LOW_REALTIME_PRIORITY: u32 = 16; -pub const HIGH_PRIORITY: u32 = 31; -pub const MAXIMUM_PRIORITY: u32 = 32; -ENUM!{enum KTHREAD_STATE { - Initialized = 0, - Ready = 1, - Running = 2, - Standby = 3, - Terminated = 4, - Waiting = 5, - Transition = 6, - DeferredReady = 7, - GateWaitObsolete = 8, - WaitingForProcessInSwap = 9, - MaximumThreadState = 10, -}} -pub type PKTHREAD_STATE = *mut KTHREAD_STATE; -ENUM!{enum KHETERO_CPU_POLICY { - KHeteroCpuPolicyAll = 0, - KHeteroCpuPolicyLarge = 1, - KHeteroCpuPolicyLargeOrIdle = 2, - KHeteroCpuPolicySmall = 3, - KHeteroCpuPolicySmallOrIdle = 4, - KHeteroCpuPolicyDynamic = 5, - KHeteroCpuPolicyStaticMax = 6, - KHeteroCpuPolicyBiasedSmall = 7, - KHeteroCpuPolicyBiasedLarge = 8, - KHeteroCpuPolicyDefault = 9, - KHeteroCpuPolicyMax = 10, -}} -pub type PKHETERO_CPU_POLICY = *mut KHETERO_CPU_POLICY; -ENUM!{enum KWAIT_REASON { - Executive = 0, - FreePage = 1, - PageIn = 2, - PoolAllocation = 3, - DelayExecution = 4, - Suspended = 5, - UserRequest = 6, - WrExecutive = 7, - WrFreePage = 8, - WrPageIn = 9, - WrPoolAllocation = 10, - WrDelayExecution = 11, - WrSuspended = 12, - WrUserRequest = 13, - WrEventPair = 14, - WrQueue = 15, - WrLpcReceive = 16, - WrLpcReply = 17, - WrVirtualMemory = 18, - WrPageOut = 19, - WrRendezvous = 20, - WrKeyedEvent = 21, - WrTerminated = 22, - WrProcessInSwap = 23, - WrCpuRateControl = 24, - WrCalloutStack = 25, - WrKernel = 26, - WrResource = 27, - WrPushLock = 28, - WrMutex = 29, - WrQuantumEnd = 30, - WrDispatchInt = 31, - WrPreempted = 32, - WrYieldExecution = 33, - WrFastMutex = 34, - WrGuardedMutex = 35, - WrRundown = 36, - WrAlertByThreadId = 37, - WrDeferredPreempt = 38, - MaximumWaitReason = 39, -}} -pub type PKWAIT_REASON = *mut KWAIT_REASON; -ENUM!{enum KPROFILE_SOURCE { - ProfileTime = 0, - ProfileAlignmentFixup = 1, - ProfileTotalIssues = 2, - ProfilePipelineDry = 3, - ProfileLoadInstructions = 4, - ProfilePipelineFrozen = 5, - ProfileBranchInstructions = 6, - ProfileTotalNonissues = 7, - ProfileDcacheMisses = 8, - ProfileIcacheMisses = 9, - ProfileCacheMisses = 10, - ProfileBranchMispredictions = 11, - ProfileStoreInstructions = 12, - ProfileFpInstructions = 13, - ProfileIntegerInstructions = 14, - Profile2Issue = 15, - Profile3Issue = 16, - Profile4Issue = 17, - ProfileSpecialInstructions = 18, - ProfileTotalCycles = 19, - ProfileIcacheIssues = 20, - ProfileDcacheAccesses = 21, - ProfileMemoryBarrierCycles = 22, - ProfileLoadLinkedIssues = 23, - ProfileMaximum = 24, -}} -EXTERN!{extern "system" { - fn NtCallbackReturn( - OutputBuffer: PVOID, - OutputLength: ULONG, - Status: NTSTATUS, - ) -> NTSTATUS; - fn NtFlushProcessWriteBuffers(); - fn NtQueryDebugFilterState( - ComponentId: ULONG, - Level: ULONG, - ) -> NTSTATUS; - fn NtSetDebugFilterState( - ComponentId: ULONG, - Level: ULONG, - State: BOOLEAN, - ) -> NTSTATUS; - fn NtYieldExecution() -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/ntldr.rs b/vendor/ntapi/src/ntldr.rs deleted file mode 100644 index 4b4bcb629..000000000 --- a/vendor/ntapi/src/ntldr.rs +++ /dev/null @@ -1,661 +0,0 @@ -use winapi::shared::basetsd::{LONG_PTR, PSIZE_T, SIZE_T, ULONG_PTR}; -use winapi::shared::ntdef::{ - BOOLEAN, HANDLE, LARGE_INTEGER, LIST_ENTRY, LONG, LONGLONG, NTSTATUS, PANSI_STRING, PCSTR, - PCUNICODE_STRING, PCWSTR, PHANDLE, POBJECT_ATTRIBUTES, PSINGLE_LIST_ENTRY, PSTR, PULONG, - PUNICODE_STRING, PUSHORT, PVOID, PWSTR, RTL_BALANCED_NODE, SINGLE_LIST_ENTRY, UCHAR, ULONG, - UNICODE_STRING, USHORT, -}; -use winapi::um::winnt::{ - ACCESS_MASK, ACTIVATION_CONTEXT, IMAGE_RESOURCE_DIRECTORY_ENTRY, PCIMAGE_DELAYLOAD_DESCRIPTOR, - PIMAGE_BASE_RELOCATION, PIMAGE_IMPORT_DESCRIPTOR, PIMAGE_RESOURCE_DATA_ENTRY, - PIMAGE_RESOURCE_DIRECTORY, PIMAGE_RESOURCE_DIRECTORY_STRING, PIMAGE_THUNK_DATA, -}; -FN!{stdcall PLDR_INIT_ROUTINE( - DllHandle: PVOID, - Reason: ULONG, - Context: PVOID, -) -> BOOLEAN} -STRUCT!{struct LDR_SERVICE_TAG_RECORD { - Next: *mut LDR_SERVICE_TAG_RECORD, - ServiceTag: ULONG, -}} -pub type PLDR_SERVICE_TAG_RECORD = *mut LDR_SERVICE_TAG_RECORD; -STRUCT!{struct LDRP_CSLIST { - Tail: PSINGLE_LIST_ENTRY, -}} -pub type PLDRP_CSLIST = *mut LDRP_CSLIST; -ENUM!{enum LDR_DDAG_STATE { - LdrModulesMerged = -5i32 as u32, - LdrModulesInitError = -4i32 as u32, - LdrModulesSnapError = -3i32 as u32, - LdrModulesUnloaded = -2i32 as u32, - LdrModulesUnloading = -1i32 as u32, - LdrModulesPlaceHolder = 0, - LdrModulesMapping = 1, - LdrModulesMapped = 2, - LdrModulesWaitingForDependencies = 3, - LdrModulesSnapping = 4, - LdrModulesSnapped = 5, - LdrModulesCondensed = 6, - LdrModulesReadyToInit = 7, - LdrModulesInitializing = 8, - LdrModulesReadyToRun = 9, -}} -UNION!{union LDR_DDAG_NODE_u { - Dependencies: LDRP_CSLIST, - RemovalLink: SINGLE_LIST_ENTRY, -}} -STRUCT!{struct LDR_DDAG_NODE { - Modules: LIST_ENTRY, - ServiceTagList: PLDR_SERVICE_TAG_RECORD, - LoadCount: ULONG, - LoadWhileUnloadingCount: ULONG, - LowestLink: ULONG, - u: LDR_DDAG_NODE_u, - IncomingDependencies: LDRP_CSLIST, - State: LDR_DDAG_STATE, - CondenseLink: SINGLE_LIST_ENTRY, - PreorderNumber: ULONG, -}} -pub type PLDR_DDAG_NODE = *mut LDR_DDAG_NODE; -STRUCT!{struct LDR_DEPENDENCY_RECORD { - DependencyLink: SINGLE_LIST_ENTRY, - DependencyNode: PLDR_DDAG_NODE, - IncomingDependencyLink: SINGLE_LIST_ENTRY, - IncomingDependencyNode: PLDR_DDAG_NODE, -}} -pub type PLDR_DEPENDENCY_RECORD = *mut LDR_DEPENDENCY_RECORD; -ENUM!{enum LDR_DLL_LOAD_REASON { - LoadReasonStaticDependency = 0, - LoadReasonStaticForwarderDependency = 1, - LoadReasonDynamicForwarderDependency = 2, - LoadReasonDelayloadDependency = 3, - LoadReasonDynamicLoad = 4, - LoadReasonAsImageLoad = 5, - LoadReasonAsDataLoad = 6, - LoadReasonEnclavePrimary = 7, - LoadReasonEnclaveDependency = 8, - LoadReasonUnknown = -1i32 as u32, -}} -pub type PLDR_DLL_LOAD_REASON = *mut LDR_DLL_LOAD_REASON; -pub const LDRP_PACKAGED_BINARY: ULONG = 0x00000001; -pub const LDRP_STATIC_LINK: ULONG = 0x00000002; -pub const LDRP_IMAGE_DLL: ULONG = 0x00000004; -pub const LDRP_LOAD_IN_PROGRESS: ULONG = 0x00001000; -pub const LDRP_UNLOAD_IN_PROGRESS: ULONG = 0x00002000; -pub const LDRP_ENTRY_PROCESSED: ULONG = 0x00004000; -pub const LDRP_ENTRY_INSERTED: ULONG = 0x00008000; -pub const LDRP_CURRENT_LOAD: ULONG = 0x00010000; -pub const LDRP_FAILED_BUILTIN_LOAD: ULONG = 0x00020000; -pub const LDRP_DONT_CALL_FOR_THREADS: ULONG = 0x00040000; -pub const LDRP_PROCESS_ATTACH_CALLED: ULONG = 0x00080000; -pub const LDRP_DEBUG_SYMBOLS_LOADED: ULONG = 0x00100000; -pub const LDRP_IMAGE_NOT_AT_BASE: ULONG = 0x00200000; -pub const LDRP_COR_IMAGE: ULONG = 0x00400000; -pub const LDRP_DONT_RELOCATE: ULONG = 0x00800000; -pub const LDRP_SYSTEM_MAPPED: ULONG = 0x01000000; -pub const LDRP_IMAGE_VERIFYING: ULONG = 0x02000000; -pub const LDRP_DRIVER_DEPENDENT_DLL: ULONG = 0x04000000; -pub const LDRP_ENTRY_NATIVE: ULONG = 0x08000000; -pub const LDRP_REDIRECTED: ULONG = 0x10000000; -pub const LDRP_NON_PAGED_DEBUG_INFO: ULONG = 0x20000000; -pub const LDRP_MM_LOADED: ULONG = 0x40000000; -pub const LDRP_COMPAT_DATABASE_PROCESSED: ULONG = 0x80000000; -STRUCT!{struct LDRP_LOAD_CONTEXT { - BaseDllName: UNICODE_STRING, - somestruct: PVOID, - Flags: ULONG, - pstatus: *mut NTSTATUS, - ParentEntry: *mut LDR_DATA_TABLE_ENTRY, - Entry: *mut LDR_DATA_TABLE_ENTRY, - WorkQueueListEntry: LIST_ENTRY, - ReplacedEntry: *mut LDR_DATA_TABLE_ENTRY, - pvImports: *mut *mut LDR_DATA_TABLE_ENTRY, - ImportDllCount: ULONG, - TaskCount: LONG, - pvIAT: PVOID, - SizeOfIAT: ULONG, - CurrentDll: ULONG, - piid: PIMAGE_IMPORT_DESCRIPTOR, - OriginalIATProtect: ULONG, - GuardCFCheckFunctionPointer: PVOID, - pGuardCFCheckFunctionPointer: *mut PVOID, -}} -UNION!{union LDR_DATA_TABLE_ENTRY_u1 { - InInitializationOrderLinks: LIST_ENTRY, - InProgressLinks: LIST_ENTRY, -}} -UNION!{union LDR_DATA_TABLE_ENTRY_u2 { - FlagGroup: [UCHAR; 4], - Flags: ULONG, -}} -STRUCT!{struct LDR_DATA_TABLE_ENTRY { - InLoadOrderLinks: LIST_ENTRY, - InMemoryOrderLinks: LIST_ENTRY, - u1: LDR_DATA_TABLE_ENTRY_u1, - DllBase: PVOID, - EntryPoint: PLDR_INIT_ROUTINE, - SizeOfImage: ULONG, - FullDllName: UNICODE_STRING, - BaseDllName: UNICODE_STRING, - u2: LDR_DATA_TABLE_ENTRY_u2, - ObsoleteLoadCount: USHORT, - TlsIndex: USHORT, - HashLinks: LIST_ENTRY, - TimeDateStamp: ULONG, - EntryPointActivationContext: *mut ACTIVATION_CONTEXT, - Lock: PVOID, - DdagNode: PLDR_DDAG_NODE, - NodeModuleLink: LIST_ENTRY, - LoadContext: *mut LDRP_LOAD_CONTEXT, - ParentDllBase: PVOID, - SwitchBackContext: PVOID, - BaseAddressIndexNode: RTL_BALANCED_NODE, - MappingInfoIndexNode: RTL_BALANCED_NODE, - OriginalBase: ULONG_PTR, - LoadTime: LARGE_INTEGER, - BaseNameHashValue: ULONG, - LoadReason: LDR_DLL_LOAD_REASON, - ImplicitPathOptions: ULONG, - ReferenceCount: ULONG, - DependentLoadFlags: ULONG, - SigningLevel: UCHAR, -}} -BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY_u2 Flags: ULONG [ - PackagedBinary set_PackagedBinary[0..1], - MarkedForRemoval set_MarkedForRemoval[1..2], - ImageDll set_ImageDll[2..3], - LoadNotificationsSent set_LoadNotificationsSent[3..4], - TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5], - ProcessStaticImport set_ProcessStaticImport[5..6], - InLegacyLists set_InLegacyLists[6..7], - InIndexes set_InIndexes[7..8], - ShimDll set_ShimDll[8..9], - InExceptionTable set_InExceptionTable[9..10], - ReservedFlags1 set_ReservedFlags1[10..12], - LoadInProgress set_LoadInProgress[12..13], - LoadConfigProcessed set_LoadConfigProcessed[13..14], - EntryProcessed set_EntryProcessed[14..15], - ProtectDelayLoad set_ProtectDelayLoad[15..16], - ReservedFlags3 set_ReservedFlags3[16..18], - DontCallForThreads set_DontCallForThreads[18..19], - ProcessAttachCalled set_ProcessAttachCalled[19..20], - ProcessAttachFailed set_ProcessAttachFailed[20..21], - CorDeferredValidate set_CorDeferredValidate[21..22], - CorImage set_CorImage[22..23], - DontRelocate set_DontRelocate[23..24], - CorILOnly set_CorILOnly[24..25], - ReservedFlags5 set_ReservedFlags5[25..28], - Redirected set_Redirected[28..29], - ReservedFlags6 set_ReservedFlags6[29..31], - CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32], -]} -pub type PLDR_DATA_TABLE_ENTRY = *mut LDR_DATA_TABLE_ENTRY; -#[inline] -pub const fn LDR_IS_DATAFILE(DllHandle: ULONG_PTR) -> bool { - DllHandle & 1 != 0 -} -#[inline] -pub const fn LDR_IS_IMAGEMAPPING(DllHandle: ULONG_PTR) -> bool { - DllHandle & 2 != 0 -} -#[inline] -pub const fn LDR_IS_RESOURCE(DllHandle: ULONG_PTR) -> bool { - LDR_IS_IMAGEMAPPING(DllHandle) || LDR_IS_DATAFILE(DllHandle) -} -EXTERN!{extern "system" { - fn LdrLoadDll( - DllPath: PWSTR, - DllCharacteristics: PULONG, - DllName: PUNICODE_STRING, - DllHandle: *mut PVOID, - ) -> NTSTATUS; - fn LdrUnloadDll( - DllHandle: PVOID, - ) -> NTSTATUS; - fn LdrGetDllHandle( - DllPath: PWSTR, - DllCharacteristics: PULONG, - DllName: PUNICODE_STRING, - DllHandle: *mut PVOID, - ) -> NTSTATUS; -}} -pub const LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT: ULONG = 0x00000001; -pub const LDR_GET_DLL_HANDLE_EX_PIN: ULONG = 0x00000002; -EXTERN!{extern "system" { - fn LdrGetDllHandleEx( - Flags: ULONG, - DllPath: PWSTR, - DllCharacteristics: PULONG, - DllName: PUNICODE_STRING, - DllHandle: *mut PVOID, - ) -> NTSTATUS; - fn LdrGetDllHandleByMapping( - BaseAddress: PVOID, - DllHandle: *mut PVOID, - ) -> NTSTATUS; - fn LdrGetDllHandleByName( - BaseDllName: PUNICODE_STRING, - FullDllName: PUNICODE_STRING, - DllHandle: *mut PVOID, - ) -> NTSTATUS; - fn LdrGetDllFullName( - DllHandle: PVOID, - FullDllName: PUNICODE_STRING, - ) -> NTSTATUS; - fn LdrGetDllDirectory( - DllDirectory: PUNICODE_STRING, - ) -> NTSTATUS; - fn LdrSetDllDirectory( - DllDirectory: PUNICODE_STRING, - ) -> NTSTATUS; -}} -pub const LDR_ADDREF_DLL_PIN: ULONG = 0x00000001; -EXTERN!{extern "system" { - fn LdrAddRefDll( - Flags: ULONG, - DllHandle: PVOID, - ) -> NTSTATUS; - fn LdrGetProcedureAddress( - DllHandle: PVOID, - ProcedureName: PANSI_STRING, - ProcedureNumber: ULONG, - ProcedureAddress: *mut PVOID, - ) -> NTSTATUS; -}} -pub const LDR_GET_PROCEDURE_ADDRESS_DONT_RECORD_FORWARDER: ULONG = 0x00000001; -EXTERN!{extern "system" { - fn LdrGetProcedureAddressEx( - DllHandle: PVOID, - ProcedureName: PANSI_STRING, - ProcedureNumber: ULONG, - ProcedureAddress: *mut PVOID, - Flags: ULONG, - ) -> NTSTATUS; - fn LdrGetKnownDllSectionHandle( - DllName: PCWSTR, - KnownDlls32: BOOLEAN, - Section: PHANDLE, - ) -> NTSTATUS; - fn LdrGetProcedureAddressForCaller( - DllHandle: PVOID, - ProcedureName: PANSI_STRING, - ProcedureNumber: ULONG, - ProcedureAddress: *mut PVOID, - Flags: ULONG, - Callback: *mut PVOID, - ) -> NTSTATUS; -}} -pub const LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001; -pub const LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY: ULONG = 0x00000002; -pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID: ULONG = 0; -pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED: ULONG = 1; -pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED: ULONG = 2; -EXTERN!{extern "system" { - fn LdrLockLoaderLock( - Flags: ULONG, - Disposition: *mut ULONG, - Cookie: *mut PVOID, - ) -> NTSTATUS; -}} -pub const LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001; -EXTERN!{extern "system" { - fn LdrUnlockLoaderLock( - Flags: ULONG, - Cookie: PVOID, - ) -> NTSTATUS; - fn LdrRelocateImage( - NewBase: PVOID, - LoaderName: PSTR, - Success: NTSTATUS, - Conflict: NTSTATUS, - Invalid: NTSTATUS, - ) -> NTSTATUS; - fn LdrRelocateImageWithBias( - NewBase: PVOID, - Bias: LONGLONG, - LoaderName: PSTR, - Success: NTSTATUS, - Conflict: NTSTATUS, - Invalid: NTSTATUS, - ) -> NTSTATUS; - fn LdrProcessRelocationBlock( - VA: ULONG_PTR, - SizeOfBlock: ULONG, - NextOffset: PUSHORT, - Diff: LONG_PTR, - ) -> PIMAGE_BASE_RELOCATION; - fn LdrVerifyMappedImageMatchesChecksum( - BaseAddress: PVOID, - NumberOfBytes: SIZE_T, - FileLength: ULONG, - ) -> BOOLEAN; -}} -FN!{stdcall PLDR_IMPORT_MODULE_CALLBACK( - Parameter: PVOID, - ModuleName: PSTR, -) -> ()} -EXTERN!{extern "system" { - fn LdrVerifyImageMatchesChecksum( - ImageFileHandle: HANDLE, - ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK, - ImportCallbackParameter: PVOID, - ImageCharacteristics: PUSHORT, - ) -> NTSTATUS; -}} -STRUCT!{struct LDR_IMPORT_CALLBACK_INFO { - ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK, - ImportCallbackParameter: PVOID, -}} -pub type PLDR_IMPORT_CALLBACK_INFO = *mut LDR_IMPORT_CALLBACK_INFO; -STRUCT!{struct LDR_SECTION_INFO { - SectionHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - ObjA: POBJECT_ATTRIBUTES, - SectionPageProtection: ULONG, - AllocationAttributes: ULONG, -}} -pub type PLDR_SECTION_INFO = *mut LDR_SECTION_INFO; -STRUCT!{struct LDR_VERIFY_IMAGE_INFO { - Size: ULONG, - Flags: ULONG, - CallbackInfo: LDR_IMPORT_CALLBACK_INFO, - SectionInfo: LDR_SECTION_INFO, - ImageCharacteristics: USHORT, -}} -pub type PLDR_VERIFY_IMAGE_INFO = *mut LDR_VERIFY_IMAGE_INFO; -EXTERN!{extern "system" { - fn LdrVerifyImageMatchesChecksumEx( - ImageFileHandle: HANDLE, - VerifyInfo: PLDR_VERIFY_IMAGE_INFO, - ) -> NTSTATUS; - fn LdrQueryModuleServiceTags( - DllHandle: PVOID, - ServiceTagBuffer: PULONG, - BufferSize: PULONG, - ) -> NTSTATUS; -}} -pub const LDR_DLL_NOTIFICATION_REASON_LOADED: ULONG = 1; -pub const LDR_DLL_NOTIFICATION_REASON_UNLOADED: ULONG = 2; -STRUCT!{struct LDR_DLL_LOADED_NOTIFICATION_DATA { - Flags: ULONG, - FullDllName: PUNICODE_STRING, - BaseDllName: PUNICODE_STRING, - DllBase: PVOID, - SizeOfImage: ULONG, -}} -pub type PLDR_DLL_LOADED_NOTIFICATION_DATA = *mut LDR_DLL_LOADED_NOTIFICATION_DATA; -STRUCT!{struct LDR_DLL_UNLOADED_NOTIFICATION_DATA { - Flags: ULONG, - FullDllName: PCUNICODE_STRING, - BaseDllName: PCUNICODE_STRING, - DllBase: PVOID, - SizeOfImage: ULONG, -}} -pub type PLDR_DLL_UNLOADED_NOTIFICATION_DATA = *mut LDR_DLL_UNLOADED_NOTIFICATION_DATA; -UNION!{union LDR_DLL_NOTIFICATION_DATA { - Loaded: LDR_DLL_LOADED_NOTIFICATION_DATA, - Unloaded: LDR_DLL_UNLOADED_NOTIFICATION_DATA, -}} -pub type PLDR_DLL_NOTIFICATION_DATA = *mut LDR_DLL_NOTIFICATION_DATA; -FN!{stdcall PLDR_DLL_NOTIFICATION_FUNCTION( - NotificationReason: ULONG, - NotificationData: PLDR_DLL_NOTIFICATION_DATA, - Context: PVOID, -) -> ()} -EXTERN!{extern "system" { - fn LdrRegisterDllNotification( - Flags: ULONG, - NotificationFunction: PLDR_DLL_NOTIFICATION_FUNCTION, - Context: PVOID, - Cookie: *mut PVOID, - ) -> NTSTATUS; - fn LdrUnregisterDllNotification( - Cookie: PVOID, - ) -> NTSTATUS; -}} -STRUCT!{struct PS_MITIGATION_OPTIONS_MAP { - Map: [ULONG_PTR; 2], -}} -pub type PPS_MITIGATION_OPTIONS_MAP = *mut PS_MITIGATION_OPTIONS_MAP; -STRUCT!{struct PS_MITIGATION_AUDIT_OPTIONS_MAP { - Map: [ULONG_PTR; 2], -}} -pub type PPS_MITIGATION_AUDIT_OPTIONS_MAP = *mut PS_MITIGATION_AUDIT_OPTIONS_MAP; -STRUCT!{struct PS_SYSTEM_DLL_INIT_BLOCK { - Size: ULONG, - SystemDllWowRelocation: ULONG_PTR, - SystemDllNativeRelocation: ULONG_PTR, - Wow64SharedInformation: [ULONG_PTR; 16], - RngData: ULONG, - Flags: ULONG, - MitigationOptionsMap: PS_MITIGATION_OPTIONS_MAP, - CfgBitMap: ULONG_PTR, - CfgBitMapSize: ULONG_PTR, - Wow64CfgBitMap: ULONG_PTR, - Wow64CfgBitMapSize: ULONG_PTR, - MitigationAuditOptionsMap: PS_MITIGATION_AUDIT_OPTIONS_MAP, -}} -BITFIELD!{PS_SYSTEM_DLL_INIT_BLOCK Flags: ULONG [ - CfgOverride set_CfgOverride[0..1], - Reserved set_Reserved[1..32], -]} -pub type PPS_SYSTEM_DLL_INIT_BLOCK = *mut PS_SYSTEM_DLL_INIT_BLOCK; -EXTERN!{extern "system" { - fn LdrSystemDllInitBlock() -> PPS_SYSTEM_DLL_INIT_BLOCK; - fn LdrAddLoadAsDataTable( - Module: PVOID, - FilePath: PWSTR, - Size: SIZE_T, - Handle: HANDLE, - ) -> NTSTATUS; - fn LdrRemoveLoadAsDataTable( - InitModule: PVOID, - BaseModule: *mut PVOID, - Size: PSIZE_T, - Flags: ULONG, - ) -> NTSTATUS; - fn LdrGetFileNameFromLoadAsDataTable( - Module: PVOID, - pFileNamePrt: *mut PVOID, - ) -> NTSTATUS; - fn LdrDisableThreadCalloutsForDll( - DllImageBase: PVOID, - ) -> NTSTATUS; - fn LdrAccessResource( - DllHandle: PVOID, - ResourceDataEntry: PIMAGE_RESOURCE_DATA_ENTRY, - ResourceBuffer: *mut PVOID, - ResourceLength: *mut ULONG, - ) -> NTSTATUS; -}} -STRUCT!{struct LDR_RESOURCE_INFO { - Type: ULONG_PTR, - Name: ULONG_PTR, - Language: ULONG_PTR, -}} -pub type PLDR_RESOURCE_INFO = *mut LDR_RESOURCE_INFO; -pub const RESOURCE_TYPE_LEVEL: ULONG = 0; -pub const RESOURCE_NAME_LEVEL: ULONG = 1; -pub const RESOURCE_LANGUAGE_LEVEL: ULONG = 2; -pub const RESOURCE_DATA_LEVEL: ULONG = 3; -EXTERN!{extern "system" { - fn LdrFindResource_U( - DllHandle: PVOID, - ResourceInfo: PLDR_RESOURCE_INFO, - Level: ULONG, - ResourceDataEntry: *mut PIMAGE_RESOURCE_DATA_ENTRY, - ) -> NTSTATUS; - fn LdrFindResourceDirectory_U( - DllHandle: PVOID, - ResourceInfo: PLDR_RESOURCE_INFO, - Level: ULONG, - ResourceDirectory: *mut PIMAGE_RESOURCE_DIRECTORY, - ) -> NTSTATUS; -}} -STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY_Path_s { - Id: USHORT, - NameIsPresent: USHORT, -}} -UNION!{union LDR_ENUM_RESOURCE_ENTRY_Path { - NameOrId: ULONG_PTR, - Name: PIMAGE_RESOURCE_DIRECTORY_STRING, - s: LDR_ENUM_RESOURCE_ENTRY_Path_s, -}} -STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY { - Path: [LDR_ENUM_RESOURCE_ENTRY_Path; 3], - Data: PVOID, - Size: ULONG, - Reserved: ULONG, -}} -pub type PLDR_ENUM_RESOURCE_ENTRY = *mut LDR_ENUM_RESOURCE_ENTRY; -#[inline] -pub unsafe fn NAME_FROM_RESOURCE_ENTRY( - RootDirectory: PIMAGE_RESOURCE_DIRECTORY, - Entry: &IMAGE_RESOURCE_DIRECTORY_ENTRY, -) -> usize { - if Entry.u.s().NameIsString() != 0 { - return RootDirectory as usize + Entry.u.s().NameOffset() as usize; - } - *Entry.u.Id() as usize -} -EXTERN!{extern "system" { - fn LdrEnumResources( - DllHandle: PVOID, - ResourceInfo: PLDR_RESOURCE_INFO, - Level: ULONG, - ResourceCount: *mut ULONG, - Resources: PLDR_ENUM_RESOURCE_ENTRY, - ) -> NTSTATUS; - fn LdrFindEntryForAddress( - DllHandle: PVOID, - Entry: *mut PLDR_DATA_TABLE_ENTRY, - ) -> NTSTATUS; -}} -STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION { - Section: HANDLE, - MappedBase: PVOID, - ImageBase: PVOID, - ImageSize: ULONG, - Flags: ULONG, - LoadOrderIndex: USHORT, - InitOrderIndex: USHORT, - LoadCount: USHORT, - OffsetToFileName: USHORT, - FullPathName: [UCHAR; 256], -}} -pub type PRTL_PROCESS_MODULE_INFORMATION = *mut RTL_PROCESS_MODULE_INFORMATION; -STRUCT!{struct RTL_PROCESS_MODULES { - NumberOfModules: ULONG, - Modules: [RTL_PROCESS_MODULE_INFORMATION; 1], -}} -pub type PRTL_PROCESS_MODULES = *mut RTL_PROCESS_MODULES; -STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION_EX { - NextOffset: USHORT, - BaseInfo: RTL_PROCESS_MODULE_INFORMATION, - ImageChecksum: ULONG, - TimeDateStamp: ULONG, - DefaultBase: PVOID, -}} -pub type PRTL_PROCESS_MODULE_INFORMATION_EX = *mut RTL_PROCESS_MODULE_INFORMATION_EX; -EXTERN!{extern "system" { - fn LdrQueryProcessModuleInformation( - ModuleInformation: PRTL_PROCESS_MODULES, - Size: ULONG, - ReturnedSize: PULONG, - ) -> NTSTATUS; -}} -FN!{stdcall PLDR_ENUM_CALLBACK( - ModuleInformation: PLDR_DATA_TABLE_ENTRY, - Parameter: PVOID, - Stop: *mut BOOLEAN, -) -> ()} -EXTERN!{extern "system" { - fn LdrEnumerateLoadedModules( - ReservedFlag: BOOLEAN, - EnumProc: PLDR_ENUM_CALLBACK, - Context: PVOID, - ) -> NTSTATUS; - fn LdrOpenImageFileOptionsKey( - SubKey: PUNICODE_STRING, - Wow64: BOOLEAN, - NewKeyHandle: PHANDLE, - ) -> NTSTATUS; - fn LdrQueryImageFileKeyOption( - KeyHandle: HANDLE, - ValueName: PCWSTR, - Type: ULONG, - Buffer: PVOID, - BufferSize: ULONG, - ReturnedLength: PULONG, - ) -> NTSTATUS; - fn LdrQueryImageFileExecutionOptions( - SubKey: PUNICODE_STRING, - ValueName: PCWSTR, - ValueSize: ULONG, - Buffer: PVOID, - BufferSize: ULONG, - ReturnedLength: PULONG, - ) -> NTSTATUS; - fn LdrQueryImageFileExecutionOptionsEx( - SubKey: PUNICODE_STRING, - ValueName: PCWSTR, - Type: ULONG, - Buffer: PVOID, - BufferSize: ULONG, - ReturnedLength: PULONG, - Wow64: BOOLEAN, - ) -> NTSTATUS; -}} -UNION!{union DELAYLOAD_PROC_DESCRIPTOR_Description { - Name: PCSTR, - Ordinal: ULONG, -}} -STRUCT!{struct DELAYLOAD_PROC_DESCRIPTOR { - ImportDescribedByName: ULONG, - Description: DELAYLOAD_PROC_DESCRIPTOR_Description, -}} -pub type PDELAYLOAD_PROC_DESCRIPTOR = *mut DELAYLOAD_PROC_DESCRIPTOR; -STRUCT!{struct DELAYLOAD_INFO { - Size: ULONG, - DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR, - ThunkAddress: PIMAGE_THUNK_DATA, - TargetDllName: PCSTR, - TargetApiDescriptor: DELAYLOAD_PROC_DESCRIPTOR, - TargetModuleBase: PVOID, - Unused: PVOID, - LastError: ULONG, -}} -pub type PDELAYLOAD_INFO = *mut DELAYLOAD_INFO; -FN!{stdcall PDELAYLOAD_FAILURE_DLL_CALLBACK( - NotificationReason: ULONG, - DelayloadInfo: PDELAYLOAD_INFO, -) -> PVOID} -FN!{stdcall PDELAYLOAD_FAILURE_SYSTEM_ROUTINE( - DllName: PCSTR, - ProcName: PCSTR, -) -> PVOID} -EXTERN!{extern "system" { - fn LdrResolveDelayLoadedAPI( - ParentModuleBase: PVOID, - DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR, - FailureDllHook: PDELAYLOAD_FAILURE_DLL_CALLBACK, - FailureSystemHook: PDELAYLOAD_FAILURE_SYSTEM_ROUTINE, - ThunkAddress: PIMAGE_THUNK_DATA, - Flags: ULONG, - ) -> PVOID; - fn LdrResolveDelayLoadsFromDll( - ParentBase: PVOID, - TargetDllName: PCSTR, - Flags: ULONG, - ) -> NTSTATUS; - fn LdrSetDefaultDllDirectories( - DirectoryFlags: ULONG, - ) -> NTSTATUS; - fn LdrShutdownProcess() -> NTSTATUS; - fn LdrShutdownThread() -> NTSTATUS; - fn LdrSetImplicitPathOptions( - ImplicitPathOptions: ULONG, - ) -> NTSTATUS; - fn LdrControlFlowGuardEnforced() -> BOOLEAN; -}} diff --git a/vendor/ntapi/src/ntlpcapi.rs b/vendor/ntapi/src/ntlpcapi.rs deleted file mode 100644 index 012c9056f..000000000 --- a/vendor/ntapi/src/ntlpcapi.rs +++ /dev/null @@ -1,692 +0,0 @@ -use core::mem::size_of; -use crate::ntapi_base::{CLIENT_ID, CLIENT_ID64}; -use winapi::ctypes::c_double; -use winapi::shared::basetsd::{PSIZE_T, SIZE_T, ULONG64, ULONG_PTR}; -use winapi::shared::ntdef::{ - BOOLEAN, CSHORT, HANDLE, LARGE_INTEGER, NTSTATUS, OBJ_CASE_INSENSITIVE, PHANDLE, - PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, ULONG, ULONGLONG, - UNICODE_STRING, -}; -use winapi::um::winnt::{ - ACCESS_MASK, PSECURITY_DESCRIPTOR, PSECURITY_QUALITY_OF_SERVICE, PSID, RTL_SRWLOCK, - SECURITY_QUALITY_OF_SERVICE, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, -}; -pub const PORT_CONNECT: u32 = 0x0001; -pub const PORT_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1; -STRUCT!{struct PORT_MESSAGE_u1_s { - DataLength: CSHORT, - TotalLength: CSHORT, -}} -STRUCT!{struct PORT_MESSAGE_u2_s { - Type: CSHORT, - DataInfoOffset: CSHORT, -}} -UNION!{union PORT_MESSAGE_u1 { - s: PORT_MESSAGE_u1_s, - Length: ULONG, -}} -UNION!{union PORT_MESSAGE_u2 { - s: PORT_MESSAGE_u2_s, - ZeroInit: ULONG, -}} -UNION!{union PORT_MESSAGE_u3 { - ClientId: CLIENT_ID, - DoNotUseThisField: c_double, -}} -UNION!{union PORT_MESSAGE_u4 { - ClientViewSize: SIZE_T, - CallbackId: ULONG, -}} -STRUCT!{struct PORT_MESSAGE { - u1: PORT_MESSAGE_u1, - u2: PORT_MESSAGE_u2, - u3: PORT_MESSAGE_u3, - MessageId: ULONG, - u4: PORT_MESSAGE_u4, -}} -pub type PPORT_MESSAGE = *mut PORT_MESSAGE; -STRUCT!{struct PORT_DATA_ENTRY { - Base: PVOID, - Size: ULONG, -}} -pub type PPORT_DATA_ENTRY = *mut PORT_DATA_ENTRY; -STRUCT!{struct PORT_DATA_INFORMATION { - CountDataEntries: ULONG, - DataEntries: [PORT_DATA_ENTRY; 1], -}} -pub type PPORT_DATA_INFORMATION = *mut PORT_DATA_INFORMATION; -pub const LPC_REQUEST: ULONG = 1; -pub const LPC_REPLY: ULONG = 2; -pub const LPC_DATAGRAM: ULONG = 3; -pub const LPC_LOST_REPLY: ULONG = 4; -pub const LPC_PORT_CLOSED: ULONG = 5; -pub const LPC_CLIENT_DIED: ULONG = 6; -pub const LPC_EXCEPTION: ULONG = 7; -pub const LPC_DEBUG_EVENT: ULONG = 8; -pub const LPC_ERROR_EVENT: ULONG = 9; -pub const LPC_CONNECTION_REQUEST: ULONG = 10; -pub const LPC_KERNELMODE_MESSAGE: CSHORT = 0x8000; -pub const LPC_NO_IMPERSONATE: CSHORT = 0x4000; -pub const PORT_VALID_OBJECT_ATTRIBUTES: u32 = OBJ_CASE_INSENSITIVE; -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -pub const PORT_MAXIMUM_MESSAGE_LENGTH: u32 = 512; -#[cfg(target_arch = "x86")] -pub const PORT_MAXIMUM_MESSAGE_LENGTH: u32 = 256; -pub const LPC_MAX_CONNECTION_INFO_SIZE: u32 = 16 * size_of::<ULONG_PTR>() as u32; -pub const PORT_TOTAL_MAXIMUM_MESSAGE_LENGTH: u32 = (PORT_MAXIMUM_MESSAGE_LENGTH - + size_of::<PORT_MESSAGE>() as u32 - + LPC_MAX_CONNECTION_INFO_SIZE - + 0xf) & !0xf; -STRUCT!{struct LPC_CLIENT_DIED_MSG { - PortMsg: PORT_MESSAGE, - CreateTime: LARGE_INTEGER, -}} -pub type PLPC_CLIENT_DIED_MSG = *mut LPC_CLIENT_DIED_MSG; -STRUCT!{struct PORT_VIEW { - Length: ULONG, - SectionHandle: HANDLE, - SectionOffset: ULONG, - ViewSize: SIZE_T, - ViewBase: PVOID, - ViewRemoteBase: PVOID, -}} -pub type PPORT_VIEW = *mut PORT_VIEW; -STRUCT!{struct REMOTE_PORT_VIEW { - Length: ULONG, - ViewSize: SIZE_T, - ViewBase: PVOID, -}} -pub type PREMOTE_PORT_VIEW = *mut REMOTE_PORT_VIEW; -STRUCT!{struct PORT_MESSAGE64_u1_s { - DataLength: CSHORT, - TotalLength: CSHORT, -}} -STRUCT!{struct PORT_MESSAGE64_u2_s { - Type: CSHORT, - DataInfoOffset: CSHORT, -}} -UNION!{union PORT_MESSAGE64_u1 { - s: PORT_MESSAGE64_u1_s, - Length: ULONG, -}} -UNION!{union PORT_MESSAGE64_u2 { - s: PORT_MESSAGE64_u2_s, - ZeroInit: ULONG, -}} -UNION!{union PORT_MESSAGE64_u3 { - ClientId: CLIENT_ID64, - DoNotUseThisField: c_double, -}} -UNION!{union PORT_MESSAGE64_u4 { - ClientViewSize: ULONGLONG, - CallbackId: ULONG, -}} -STRUCT!{struct PORT_MESSAGE64 { - u1: PORT_MESSAGE64_u1, - u2: PORT_MESSAGE64_u2, - u3: PORT_MESSAGE64_u3, - MessageId: ULONG, - u4: PORT_MESSAGE64_u4, -}} -pub type PPORT_MESSAGE64 = *mut PORT_MESSAGE64; -STRUCT!{struct LPC_CLIENT_DIED_MSG64 { - PortMsg: PORT_MESSAGE64, - CreateTime: LARGE_INTEGER, -}} -pub type PLPC_CLIENT_DIED_MSG64 = *mut LPC_CLIENT_DIED_MSG64; -STRUCT!{struct PORT_VIEW64 { - Length: ULONG, - SectionHandle: ULONGLONG, - SectionOffset: ULONG, - ViewSize: ULONGLONG, - ViewBase: ULONGLONG, - ViewRemoteBase: ULONGLONG, -}} -pub type PPORT_VIEW64 = *mut PORT_VIEW64; -STRUCT!{struct REMOTE_PORT_VIEW64 { - Length: ULONG, - ViewSize: ULONGLONG, - ViewBase: ULONGLONG, -}} -pub type PREMOTE_PORT_VIEW64 = *mut REMOTE_PORT_VIEW64; -EXTERN!{extern "system" { - fn NtCreatePort( - PortHandle: PHANDLE, - ObjectAttributes: POBJECT_ATTRIBUTES, - MaxConnectionInfoLength: ULONG, - MaxMessageLength: ULONG, - MaxPoolUsage: ULONG, - ) -> NTSTATUS; - fn NtCreateWaitablePort( - PortHandle: PHANDLE, - ObjectAttributes: POBJECT_ATTRIBUTES, - MaxConnectionInfoLength: ULONG, - MaxMessageLength: ULONG, - MaxPoolUsage: ULONG, - ) -> NTSTATUS; - fn NtConnectPort( - PortHandle: PHANDLE, - PortName: PUNICODE_STRING, - SecurityQos: PSECURITY_QUALITY_OF_SERVICE, - ClientView: PPORT_VIEW, - ServerView: PREMOTE_PORT_VIEW, - MaxMessageLength: PULONG, - ConnectionInformation: PVOID, - ConnectionInformationLength: PULONG, - ) -> NTSTATUS; - fn NtSecureConnectPort( - PortHandle: PHANDLE, - PortName: PUNICODE_STRING, - SecurityQos: PSECURITY_QUALITY_OF_SERVICE, - ClientView: PPORT_VIEW, - RequiredServerSid: PSID, - ServerView: PREMOTE_PORT_VIEW, - MaxMessageLength: PULONG, - ConnectionInformation: PVOID, - ConnectionInformationLength: PULONG, - ) -> NTSTATUS; - fn NtListenPort( - PortHandle: HANDLE, - ConnectionRequest: PPORT_MESSAGE, - ) -> NTSTATUS; - fn NtAcceptConnectPort( - PortHandle: PHANDLE, - PortContext: PVOID, - ConnectionRequest: PPORT_MESSAGE, - AcceptConnection: BOOLEAN, - ServerView: PPORT_VIEW, - ClientView: PREMOTE_PORT_VIEW, - ) -> NTSTATUS; - fn NtCompleteConnectPort( - PortHandle: HANDLE, - ) -> NTSTATUS; - fn NtRequestPort( - PortHandle: HANDLE, - RequestMessage: PPORT_MESSAGE, - ) -> NTSTATUS; - fn NtRequestWaitReplyPort( - PortHandle: HANDLE, - RequestMessage: PPORT_MESSAGE, - ReplyMessage: PPORT_MESSAGE, - ) -> NTSTATUS; - fn NtReplyPort( - PortHandle: HANDLE, - ReplyMessage: PPORT_MESSAGE, - ) -> NTSTATUS; - fn NtReplyWaitReplyPort( - PortHandle: HANDLE, - ReplyMessage: PPORT_MESSAGE, - ) -> NTSTATUS; - fn NtReplyWaitReceivePort( - PortHandle: HANDLE, - PortContext: *mut PVOID, - ReplyMessage: PPORT_MESSAGE, - ReceiveMessage: PPORT_MESSAGE, - ) -> NTSTATUS; - fn NtReplyWaitReceivePortEx( - PortHandle: HANDLE, - PortContext: *mut PVOID, - ReplyMessage: PPORT_MESSAGE, - ReceiveMessage: PPORT_MESSAGE, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtImpersonateClientOfPort( - PortHandle: HANDLE, - Message: PPORT_MESSAGE, - ) -> NTSTATUS; - fn NtReadRequestData( - PortHandle: HANDLE, - Message: PPORT_MESSAGE, - DataEntryIndex: ULONG, - Buffer: PVOID, - BufferSize: SIZE_T, - NumberOfBytesRead: PSIZE_T, - ) -> NTSTATUS; - fn NtWriteRequestData( - PortHandle: HANDLE, - Message: PPORT_MESSAGE, - DataEntryIndex: ULONG, - Buffer: PVOID, - BufferSize: SIZE_T, - NumberOfBytesWritten: PSIZE_T, - ) -> NTSTATUS; -}} -ENUM!{enum PORT_INFORMATION_CLASS { - PortBasicInformation = 0, - PortDumpInformation = 1, -}} -EXTERN!{extern "system" { - fn NtQueryInformationPort( - PortHandle: HANDLE, - PortInformationClass: PORT_INFORMATION_CLASS, - PortInformation: PVOID, - Length: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; -}} -pub type PALPC_HANDLE = *mut HANDLE; -pub type ALPC_HANDLE = HANDLE; -pub const ALPC_PORFLG_ALLOW_LPC_REQUESTS: ULONG = 0x20000; -pub const ALPC_PORFLG_WAITABLE_PORT: ULONG = 0x40000; -pub const ALPC_PORFLG_SYSTEM_PROCESS: ULONG = 0x100000; -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -STRUCT!{struct ALPC_PORT_ATTRIBUTES { - Flags: ULONG, - SecurityQos: SECURITY_QUALITY_OF_SERVICE, - MaxMessageLength: SIZE_T, - MemoryBandwidth: SIZE_T, - MaxPoolUsage: SIZE_T, - MaxSectionSize: SIZE_T, - MaxViewSize: SIZE_T, - MaxTotalSectionSize: SIZE_T, - DupObjectTypes: ULONG, - Reserved: ULONG, -}} -#[cfg(target_arch = "x86")] -STRUCT!{struct ALPC_PORT_ATTRIBUTES { - Flags: ULONG, - SecurityQos: SECURITY_QUALITY_OF_SERVICE, - MaxMessageLength: SIZE_T, - MemoryBandwidth: SIZE_T, - MaxPoolUsage: SIZE_T, - MaxSectionSize: SIZE_T, - MaxViewSize: SIZE_T, - MaxTotalSectionSize: SIZE_T, - DupObjectTypes: ULONG, -}} -pub type PALPC_PORT_ATTRIBUTES = *mut ALPC_PORT_ATTRIBUTES; -pub const ALPC_MESSAGE_SECURITY_ATTRIBUTE: ULONG = 0x80000000; -pub const ALPC_MESSAGE_VIEW_ATTRIBUTE: ULONG = 0x40000000; -pub const ALPC_MESSAGE_CONTEXT_ATTRIBUTE: ULONG = 0x20000000; -pub const ALPC_MESSAGE_HANDLE_ATTRIBUTE: ULONG = 0x10000000; -STRUCT!{struct ALPC_MESSAGE_ATTRIBUTES { - AllocatedAttributes: ULONG, - ValidAttributes: ULONG, -}} -pub type PALPC_MESSAGE_ATTRIBUTES = *mut ALPC_MESSAGE_ATTRIBUTES; -STRUCT!{struct ALPC_COMPLETION_LIST_STATE { - Value: ULONG64, -}} -BITFIELD!{ALPC_COMPLETION_LIST_STATE Value: ULONG64 [ - Head set_Head[0..24], - Tail set_Tail[24..48], - ActiveThreadCount set_ActiveThreadCount[48..64], -]} -pub type PALPC_COMPLETION_LIST_STATE = *mut ALPC_COMPLETION_LIST_STATE; -pub const ALPC_COMPLETION_LIST_BUFFER_GRANULARITY_MASK: ULONG = 0x3f; -STRUCT!{#[repr(align(128))] struct ALPC_COMPLETION_LIST_HEADER { - StartMagic: ULONG64, - TotalSize: ULONG, - ListOffset: ULONG, - ListSize: ULONG, - BitmapOffset: ULONG, - BitmapSize: ULONG, - DataOffset: ULONG, - DataSize: ULONG, - AttributeFlags: ULONG, - AttributeSize: ULONG, - __padding0: [u64; 10], - State: ALPC_COMPLETION_LIST_STATE, - LastMessageId: ULONG, - LastCallbackId: ULONG, - __padding1: [u32; 28], - PostCount: ULONG, - __padding2: [u32; 31], - ReturnCount: ULONG, - __padding3: [u32; 31], - LogSequenceNumber: ULONG, - __padding4: [u64; 15], - UserLock: RTL_SRWLOCK, - EndMagic: ULONG64, - __padding5: [u64; 14], -}} -pub type PALPC_COMPLETION_LIST_HEADER = *mut ALPC_COMPLETION_LIST_HEADER; -STRUCT!{struct ALPC_CONTEXT_ATTR { - PortContext: PVOID, - MessageContext: PVOID, - Sequence: ULONG, - MessageId: ULONG, - CallbackId: ULONG, -}} -pub type PALPC_CONTEXT_ATTR = *mut ALPC_CONTEXT_ATTR; -pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ACCESS: ULONG = 0x10000; -pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ATTRIBUTES: ULONG = 0x20000; -pub const ALPC_HANDLEFLG_DUPLICATE_INHERIT: ULONG = 0x80000; -STRUCT!{struct ALPC_HANDLE_ATTR32 { - Flags: ULONG, - Reserved0: ULONG, - SameAccess: ULONG, - SameAttributes: ULONG, - Indirect: ULONG, - Inherit: ULONG, - Reserved1: ULONG, - Handle: ULONG, - ObjectType: ULONG, - DesiredAccess: ULONG, - GrantedAccess: ULONG, -}} -pub type PALPC_HANDLE_ATTR32 = *mut ALPC_HANDLE_ATTR32; -STRUCT!{struct ALPC_HANDLE_ATTR { - Flags: ULONG, - Reserved0: ULONG, - SameAccess: ULONG, - SameAttributes: ULONG, - Indirect: ULONG, - Inherit: ULONG, - Reserved1: ULONG, - Handle: HANDLE, - HandleAttrArray: PALPC_HANDLE_ATTR32, - ObjectType: ULONG, - HandleCount: ULONG, - DesiredAccess: ACCESS_MASK, - GrantedAccess: ACCESS_MASK, -}} -pub type PALPC_HANDLE_ATTR = *mut ALPC_HANDLE_ATTR; -pub const ALPC_SECFLG_CREATE_HANDLE: ULONG = 0x20000; -STRUCT!{struct ALPC_SECURITY_ATTR { - Flags: ULONG, - QoS: PSECURITY_QUALITY_OF_SERVICE, - ContextHandle: ALPC_HANDLE, -}} -pub type PALPC_SECURITY_ATTR = *mut ALPC_SECURITY_ATTR; -pub const ALPC_VIEWFLG_NOT_SECURE: ULONG = 0x40000; -STRUCT!{struct ALPC_DATA_VIEW_ATTR { - Flags: ULONG, - SectionHandle: ALPC_HANDLE, - ViewBase: PVOID, - ViewSize: SIZE_T, -}} -pub type PALPC_DATA_VIEW_ATTR = *mut ALPC_DATA_VIEW_ATTR; -ENUM!{enum ALPC_PORT_INFORMATION_CLASS { - AlpcBasicInformation = 0, - AlpcPortInformation = 1, - AlpcAssociateCompletionPortInformation = 2, - AlpcConnectedSIDInformation = 3, - AlpcServerInformation = 4, - AlpcMessageZoneInformation = 5, - AlpcRegisterCompletionListInformation = 6, - AlpcUnregisterCompletionListInformation = 7, - AlpcAdjustCompletionListConcurrencyCountInformation = 8, - AlpcRegisterCallbackInformation = 9, - AlpcCompletionListRundownInformation = 10, - AlpcWaitForPortReferences = 11, -}} -STRUCT!{struct ALPC_BASIC_INFORMATION { - Flags: ULONG, - SequenceNo: ULONG, - PortContext: PVOID, -}} -pub type PALPC_BASIC_INFORMATION = *mut ALPC_BASIC_INFORMATION; -STRUCT!{struct ALPC_PORT_ASSOCIATE_COMPLETION_PORT { - CompletionKey: PVOID, - CompletionPort: HANDLE, -}} -pub type PALPC_PORT_ASSOCIATE_COMPLETION_PORT = *mut ALPC_PORT_ASSOCIATE_COMPLETION_PORT; -STRUCT!{struct ALPC_SERVER_INFORMATION_Out { - ThreadBlocked: BOOLEAN, - ConnectedProcessId: HANDLE, - ConnectionPortName: UNICODE_STRING, -}} -UNION!{union ALPC_SERVER_INFORMATION { - ThreadHandle: HANDLE, - Out: ALPC_SERVER_INFORMATION_Out, -}} -pub type PALPC_SERVER_INFORMATION = *mut ALPC_SERVER_INFORMATION; -STRUCT!{struct ALPC_PORT_MESSAGE_ZONE_INFORMATION { - Buffer: PVOID, - Size: ULONG, -}} -pub type PALPC_PORT_MESSAGE_ZONE_INFORMATION = *mut ALPC_PORT_MESSAGE_ZONE_INFORMATION; -STRUCT!{struct ALPC_PORT_COMPLETION_LIST_INFORMATION { - Buffer: PVOID, - Size: ULONG, - ConcurrencyCount: ULONG, - AttributeFlags: ULONG, -}} -pub type PALPC_PORT_COMPLETION_LIST_INFORMATION = *mut ALPC_PORT_COMPLETION_LIST_INFORMATION; -ENUM!{enum ALPC_MESSAGE_INFORMATION_CLASS { - AlpcMessageSidInformation = 0, - AlpcMessageTokenModifiedIdInformation = 1, - AlpcMessageDirectStatusInformation = 2, - AlpcMessageHandleInformation = 3, - MaxAlpcMessageInfoClass = 4, -}} -pub type PALPC_MESSAGE_INFORMATION_CLASS = *mut ALPC_MESSAGE_INFORMATION_CLASS; -STRUCT!{struct ALPC_MESSAGE_HANDLE_INFORMATION { - Index: ULONG, - Flags: ULONG, - Handle: ULONG, - ObjectType: ULONG, - GrantedAccess: ACCESS_MASK, -}} -pub type PALPC_MESSAGE_HANDLE_INFORMATION = *mut ALPC_MESSAGE_HANDLE_INFORMATION; -EXTERN!{extern "system" { - fn NtAlpcCreatePort( - PortHandle: PHANDLE, - ObjectAttributes: POBJECT_ATTRIBUTES, - PortAttributes: PALPC_PORT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtAlpcDisconnectPort( - PortHandle: HANDLE, - Flags: ULONG, - ) -> NTSTATUS; - fn NtAlpcQueryInformation( - PortHandle: HANDLE, - PortInformationClass: ALPC_PORT_INFORMATION_CLASS, - PortInformation: PVOID, - Length: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtAlpcSetInformation( - PortHandle: HANDLE, - PortInformationClass: ALPC_PORT_INFORMATION_CLASS, - PortInformation: PVOID, - Length: ULONG, - ) -> NTSTATUS; - fn NtAlpcCreatePortSection( - PortHandle: HANDLE, - Flags: ULONG, - SectionHandle: HANDLE, - SectionSize: SIZE_T, - AlpcSectionHandle: PALPC_HANDLE, - ActualSectionSize: PSIZE_T, - ) -> NTSTATUS; - fn NtAlpcDeletePortSection( - PortHandle: HANDLE, - Flags: ULONG, - SectionHandle: ALPC_HANDLE, - ) -> NTSTATUS; - fn NtAlpcCreateResourceReserve( - PortHandle: HANDLE, - Flags: ULONG, - MessageSize: SIZE_T, - ResourceId: PALPC_HANDLE, - ) -> NTSTATUS; - fn NtAlpcDeleteResourceReserve( - PortHandle: HANDLE, - Flags: ULONG, - ResourceId: ALPC_HANDLE, - ) -> NTSTATUS; - fn NtAlpcCreateSectionView( - PortHandle: HANDLE, - Flags: ULONG, - ViewAttributes: PALPC_DATA_VIEW_ATTR, - ) -> NTSTATUS; - fn NtAlpcDeleteSectionView( - PortHandle: HANDLE, - Flags: ULONG, - ViewBase: PVOID, - ) -> NTSTATUS; - fn NtAlpcCreateSecurityContext( - PortHandle: HANDLE, - Flags: ULONG, - SecurityAttribute: PALPC_SECURITY_ATTR, - ) -> NTSTATUS; - fn NtAlpcDeleteSecurityContext( - PortHandle: HANDLE, - Flags: ULONG, - ContextHandle: ALPC_HANDLE, - ) -> NTSTATUS; - fn NtAlpcRevokeSecurityContext( - PortHandle: HANDLE, - Flags: ULONG, - ContextHandle: ALPC_HANDLE, - ) -> NTSTATUS; - fn NtAlpcQueryInformationMessage( - PortHandle: HANDLE, - PortMessage: PPORT_MESSAGE, - MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS, - MessageInformation: PVOID, - Length: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; -}} -pub const ALPC_MSGFLG_REPLY_MESSAGE: ULONG = 0x1; -pub const ALPC_MSGFLG_LPC_MODE: ULONG = 0x2; -pub const ALPC_MSGFLG_RELEASE_MESSAGE: ULONG = 0x10000; -pub const ALPC_MSGFLG_SYNC_REQUEST: ULONG = 0x20000; -pub const ALPC_MSGFLG_WAIT_USER_MODE: ULONG = 0x100000; -pub const ALPC_MSGFLG_WAIT_ALERTABLE: ULONG = 0x200000; -pub const ALPC_MSGFLG_WOW64_CALL: ULONG = 0x80000000; -EXTERN!{extern "system" { - fn NtAlpcConnectPort( - PortHandle: PHANDLE, - PortName: PUNICODE_STRING, - ObjectAttributes: POBJECT_ATTRIBUTES, - PortAttributes: PALPC_PORT_ATTRIBUTES, - Flags: ULONG, - RequiredServerSid: PSID, - ConnectionMessage: PPORT_MESSAGE, - BufferLength: PULONG, - OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtAlpcConnectPortEx( - PortHandle: PHANDLE, - ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES, - ClientPortObjectAttributes: POBJECT_ATTRIBUTES, - PortAttributes: PALPC_PORT_ATTRIBUTES, - Flags: ULONG, - ServerSecurityRequirements: PSECURITY_DESCRIPTOR, - ConnectionMessage: PPORT_MESSAGE, - BufferLength: PSIZE_T, - OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtAlpcAcceptConnectPort( - PortHandle: PHANDLE, - ConnectionPortHandle: HANDLE, - Flags: ULONG, - ObjectAttributes: POBJECT_ATTRIBUTES, - PortAttributes: PALPC_PORT_ATTRIBUTES, - PortContext: PVOID, - ConnectionRequest: PPORT_MESSAGE, - ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - AcceptConnection: BOOLEAN, - ) -> NTSTATUS; - fn NtAlpcSendWaitReceivePort( - PortHandle: HANDLE, - Flags: ULONG, - SendMessageA: PPORT_MESSAGE, - SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - ReceiveMessage: PPORT_MESSAGE, - BufferLength: PSIZE_T, - ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; -}} -pub const ALPC_CANCELFLG_TRY_CANCEL: ULONG = 0x1; -pub const ALPC_CANCELFLG_NO_CONTEXT_CHECK: ULONG = 0x8; -pub const ALPC_CANCELFLGP_FLUSH: ULONG = 0x10000; -EXTERN!{extern "system" { - fn NtAlpcCancelMessage( - PortHandle: HANDLE, - Flags: ULONG, - MessageContext: PALPC_CONTEXT_ATTR, - ) -> NTSTATUS; - fn NtAlpcImpersonateClientOfPort( - PortHandle: HANDLE, - Message: PPORT_MESSAGE, - Flags: PVOID, - ) -> NTSTATUS; - fn NtAlpcImpersonateClientContainerOfPort( - PortHandle: HANDLE, - Message: PPORT_MESSAGE, - Flags: ULONG, - ) -> NTSTATUS; - fn NtAlpcOpenSenderProcess( - ProcessHandle: PHANDLE, - PortHandle: HANDLE, - PortMessage: PPORT_MESSAGE, - Flags: ULONG, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtAlpcOpenSenderThread( - ThreadHandle: PHANDLE, - PortHandle: HANDLE, - PortMessage: PPORT_MESSAGE, - Flags: ULONG, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn AlpcMaxAllowedMessageLength() -> ULONG; - fn AlpcGetHeaderSize( - Flags: ULONG, - ) -> ULONG; - fn AlpcInitializeMessageAttribute( - AttributeFlags: ULONG, - Buffer: PALPC_MESSAGE_ATTRIBUTES, - BufferSize: ULONG, - RequiredBufferSize: PULONG, - ) -> NTSTATUS; - fn AlpcGetMessageAttribute( - Buffer: PALPC_MESSAGE_ATTRIBUTES, - AttributeFlag: ULONG, - ) -> PVOID; - fn AlpcRegisterCompletionList( - PortHandle: HANDLE, - Buffer: PALPC_COMPLETION_LIST_HEADER, - Size: ULONG, - ConcurrencyCount: ULONG, - AttributeFlags: ULONG, - ) -> NTSTATUS; - fn AlpcUnregisterCompletionList( - PortHandle: HANDLE, - ) -> NTSTATUS; - fn AlpcRundownCompletionList( - PortHandle: HANDLE, - ) -> NTSTATUS; - fn AlpcAdjustCompletionListConcurrencyCount( - PortHandle: HANDLE, - ConcurrencyCount: ULONG, - ) -> NTSTATUS; - fn AlpcRegisterCompletionListWorkerThread( - CompletionList: PVOID, - ) -> BOOLEAN; - fn AlpcUnregisterCompletionListWorkerThread( - CompletionList: PVOID, - ) -> BOOLEAN; - fn AlpcGetCompletionListLastMessageInformation( - CompletionList: PVOID, - LastMessageId: PULONG, - LastCallbackId: PULONG, - ); - fn AlpcGetOutstandingCompletionListMessageCount( - CompletionList: PVOID, - ) -> ULONG; - fn AlpcGetMessageFromCompletionList( - CompletionList: PVOID, - MessageAttributes: *mut PALPC_MESSAGE_ATTRIBUTES, - ) -> PPORT_MESSAGE; - fn AlpcFreeCompletionListMessage( - CompletionList: PVOID, - Message: PPORT_MESSAGE, - ); - fn AlpcGetCompletionListMessageAttributes( - CompletionList: PVOID, - Message: PPORT_MESSAGE, - ) -> PALPC_MESSAGE_ATTRIBUTES; -}} diff --git a/vendor/ntapi/src/ntmisc.rs b/vendor/ntapi/src/ntmisc.rs deleted file mode 100644 index 7f579999e..000000000 --- a/vendor/ntapi/src/ntmisc.rs +++ /dev/null @@ -1,42 +0,0 @@ -use winapi::shared::ntdef::{HANDLE, NTSTATUS, PULONG, PVOID, ULONG}; -use winapi::um::winnt::STANDARD_RIGHTS_ALL; -pub const FLT_PORT_CONNECT: u32 = 0x0001; -pub const FLT_PORT_ALL_ACCESS: u32 = FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL; -ENUM!{enum VDMSERVICECLASS { - VdmStartExecution = 0, - VdmQueueInterrupt = 1, - VdmDelayInterrupt = 2, - VdmInitialize = 3, - VdmFeatures = 4, - VdmSetInt21Handler = 5, - VdmQueryDir = 6, - VdmPrinterDirectIoOpen = 7, - VdmPrinterDirectIoClose = 8, - VdmPrinterInitialize = 9, - VdmSetLdtEntries = 10, - VdmSetProcessLdtInfo = 11, - VdmAdlibEmulation = 12, - VdmPMCliControl = 13, - VdmQueryVdmProcess = 14, -}} -pub type PVDMSERVICECLASS = *mut VDMSERVICECLASS; -EXTERN!{extern "system" { - fn NtVdmControl( - Service: VDMSERVICECLASS, - ServiceData: PVOID, - ) -> NTSTATUS; - fn NtTraceEvent( - TraceHandle: HANDLE, - Flags: ULONG, - FieldSize: ULONG, - Fields: PVOID, - ) -> NTSTATUS; - fn NtTraceControl( - FunctionCode: ULONG, - InBuffer: PVOID, - InBufferLen: ULONG, - OutBuffer: PVOID, - OutBufferLen: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/ntmmapi.rs b/vendor/ntapi/src/ntmmapi.rs deleted file mode 100644 index 7cae677aa..000000000 --- a/vendor/ntapi/src/ntmmapi.rs +++ /dev/null @@ -1,630 +0,0 @@ -use crate::winapi_local::um::winnt::PMEM_EXTENDED_PARAMETER; -use winapi::shared::basetsd::{PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR}; -use winapi::shared::ntdef::{ - BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, - PUNICODE_STRING, PVOID, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, -}; -use winapi::um::winnt::{ - ACCESS_MASK, PCFG_CALL_TARGET_INFO, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, -}; -ENUM!{enum MEMORY_INFORMATION_CLASS { - MemoryBasicInformation = 0, - MemoryWorkingSetInformation = 1, - MemoryMappedFilenameInformation = 2, - MemoryRegionInformation = 3, - MemoryWorkingSetExInformation = 4, - MemorySharedCommitInformation = 5, - MemoryImageInformation = 6, - MemoryRegionInformationEx = 7, - MemoryPrivilegedBasicInformation = 8, - MemoryEnclaveImageInformation = 9, - MemoryBasicInformationCapped = 10, -}} -STRUCT!{struct MEMORY_WORKING_SET_BLOCK { - Bitfields: ULONG_PTR, -}} -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [ - Protection set_Protection[0..5], - ShareCount set_ShareCount[5..8], - Shared set_Shared[8..9], - Node set_Node[9..12], - VirtualPage set_VirtualPage[12..64], -]} -#[cfg(target_arch = "x86")] -BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [ - Protection set_Protection[0..5], - ShareCount set_ShareCount[5..8], - Shared set_Shared[8..9], - Node set_Node[9..12], - VirtualPage set_VirtualPage[12..32], -]} -pub type PMEMORY_WORKING_SET_BLOCK = *mut MEMORY_WORKING_SET_BLOCK; -STRUCT!{struct MEMORY_WORKING_SET_INFORMATION { - NumberOfEntries: ULONG_PTR, - WorkingSetInfo: [MEMORY_WORKING_SET_BLOCK; 1], -}} -pub type PMEMORY_WORKING_SET_INFORMATION = *mut MEMORY_WORKING_SET_INFORMATION; -STRUCT!{struct MEMORY_REGION_INFORMATION { - AllocationBase: PVOID, - AllocationProtect: ULONG, - RegionType: ULONG, - RegionSize: SIZE_T, - CommitSize: SIZE_T, -}} -BITFIELD!{MEMORY_REGION_INFORMATION RegionType: ULONG [ - Private set_Private[0..1], - MappedDataFile set_MappedDataFile[1..2], - MappedImage set_MappedImage[2..3], - MappedPageFile set_MappedPageFile[3..4], - MappedPhysical set_MappedPhysical[4..5], - DirectMapped set_DirectMapped[5..6], - SoftwareEnclave set_SoftwareEnclave[6..7], - PageSize64K set_PageSize64K[7..8], - PlaceholderReservation set_PlaceholderReservation[8..9], - Reserved set_Reserved[9..32], -]} -pub type PMEMORY_REGION_INFORMATION = *mut MEMORY_REGION_INFORMATION; -ENUM!{enum MEMORY_WORKING_SET_EX_LOCATION { - MemoryLocationInvalid = 0, - MemoryLocationResident = 1, - MemoryLocationPagefile = 2, - MemoryLocationReserved = 3, -}} -UNION!{union MEMORY_WORKING_SET_EX_BLOCK_u { - Bitfields: ULONG_PTR, - Invalid: ULONG_PTR, -}} -STRUCT!{struct MEMORY_WORKING_SET_EX_BLOCK { - u: MEMORY_WORKING_SET_EX_BLOCK_u, -}} -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [ - Valid set_Valid[0..1], - ShareCount set_ShareCount[1..4], - Win32Protection set_Win32Protection[4..15], - Shared set_Shared[15..16], - Node set_Node[16..22], - Locked set_Locked[22..23], - LargePage set_LargePage[23..24], - Priority set_Priority[24..27], - Reserved set_Reserved[27..30], - SharedOriginal set_SharedOriginal[30..31], - Bad set_Bad[31..32], - ReservedUlong set_ReservedUlong[32..64], -]} -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [ - Invalid_Valid set_Invalid_Valid[0..1], - Invalid_Reserved0 set_Invalid_Reserved0[1..15], - Invalid_Shared set_Invalid_Shared[15..16], - Invalid_Reserved1 set_Invalid_Reserved1[16..21], - Invalid_PageTable set_Invalid_PageTable[21..22], - Invalid_Location set_Invalid_Location[22..24], - Invalid_Priority set_Invalid_Priority[24..27], - Invalid_ModifiedList set_Invalid_ModifiedList[27..28], - Invalid_Reserved2 set_Invalid_Reserved2[28..30], - Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31], - Invalid_Bad set_Invalid_Bad[31..32], - Invalid_ReservedUlong set_Invalid_ReservedUlong[32..64], -]} -#[cfg(target_arch = "x86")] -BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [ - Valid set_Valid[0..1], - ShareCount set_ShareCount[1..4], - Win32Protection set_Win32Protection[4..15], - Shared set_Shared[15..16], - Node set_Node[16..22], - Locked set_Locked[22..23], - LargePage set_LargePage[23..24], - Priority set_Priority[24..27], - Reserved set_Reserved[27..30], - SharedOriginal set_SharedOriginal[30..31], - Bad set_Bad[31..32], -]} -#[cfg(target_arch = "x86")] -BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [ - Invalid_Valid set_Invalid_Valid[0..1], - Invalid_Reserved0 set_Invalid_Reserved0[1..15], - Invalid_Shared set_Invalid_Shared[15..16], - Invalid_Reserved1 set_Invalid_Reserved1[16..21], - Invalid_PageTable set_Invalid_PageTable[21..22], - Invalid_Location set_Invalid_Location[22..24], - Invalid_Priority set_Invalid_Priority[24..27], - Invalid_ModifiedList set_Invalid_ModifiedList[27..28], - Invalid_Reserved2 set_Invalid_Reserved2[28..30], - Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31], - Invalid_Bad set_Invalid_Bad[31..32], -]} -pub type PMEMORY_WORKING_SET_EX_BLOCK = *mut MEMORY_WORKING_SET_EX_BLOCK; -STRUCT!{struct MEMORY_WORKING_SET_EX_INFORMATION { - VirtualAddress: PVOID, - VirtualAttributes: MEMORY_WORKING_SET_EX_BLOCK, -}} -pub type PMEMORY_WORKING_SET_EX_INFORMATION = *mut MEMORY_WORKING_SET_EX_INFORMATION; -STRUCT!{struct MEMORY_SHARED_COMMIT_INFORMATION { - CommitSize: SIZE_T, -}} -pub type PMEMORY_SHARED_COMMIT_INFORMATION = *mut MEMORY_SHARED_COMMIT_INFORMATION; -STRUCT!{struct MEMORY_IMAGE_INFORMATION { - ImageBase: PVOID, - SizeOfImage: SIZE_T, - ImageFlags: ULONG, -}} -BITFIELD!{MEMORY_IMAGE_INFORMATION ImageFlags: ULONG [ - ImagePartialMap set_ImagePartialMap[0..1], - ImageNotExecutable set_ImageNotExecutable[1..2], - ImageSigningLevel set_ImageSigningLevel[2..6], - Reserved set_Reserved[6..32], -]} -pub type PMEMORY_IMAGE_INFORMATION = *mut MEMORY_IMAGE_INFORMATION; -STRUCT!{struct MEMORY_ENCLAVE_IMAGE_INFORMATION { - ImageInfo: MEMORY_IMAGE_INFORMATION, - UniqueID: [UCHAR; 32], - AuthorID: [UCHAR; 32], -}} -pub type PMEMORY_ENCLAVE_IMAGE_INFORMATION = *mut MEMORY_ENCLAVE_IMAGE_INFORMATION; -pub const MMPFNLIST_ZERO: u32 = 0; -pub const MMPFNLIST_FREE: u32 = 1; -pub const MMPFNLIST_STANDBY: u32 = 2; -pub const MMPFNLIST_MODIFIED: u32 = 3; -pub const MMPFNLIST_MODIFIEDNOWRITE: u32 = 4; -pub const MMPFNLIST_BAD: u32 = 5; -pub const MMPFNLIST_ACTIVE: u32 = 6; -pub const MMPFNLIST_TRANSITION: u32 = 7; -pub const MMPFNUSE_PROCESSPRIVATE: u32 = 0; -pub const MMPFNUSE_FILE: u32 = 1; -pub const MMPFNUSE_PAGEFILEMAPPED: u32 = 2; -pub const MMPFNUSE_PAGETABLE: u32 = 3; -pub const MMPFNUSE_PAGEDPOOL: u32 = 4; -pub const MMPFNUSE_NONPAGEDPOOL: u32 = 5; -pub const MMPFNUSE_SYSTEMPTE: u32 = 6; -pub const MMPFNUSE_SESSIONPRIVATE: u32 = 7; -pub const MMPFNUSE_METAFILE: u32 = 8; -pub const MMPFNUSE_AWEPAGE: u32 = 9; -pub const MMPFNUSE_DRIVERLOCKPAGE: u32 = 10; -pub const MMPFNUSE_KERNELSTACK: u32 = 11; -STRUCT!{struct MEMORY_FRAME_INFORMATION { - Bitfields: ULONGLONG, -}} -BITFIELD!{MEMORY_FRAME_INFORMATION Bitfields: ULONGLONG [ - UseDescription set_UseDescription[0..4], - ListDescription set_ListDescription[4..7], - Reserved0 set_Reserved0[7..8], - Pinned set_Pinned[8..9], - DontUse set_DontUse[9..57], - Priority set_Priority[57..60], - Reserved set_Reserved[60..64], -]} -STRUCT!{struct FILEOFFSET_INFORMATION { - Bitfields: ULONGLONG, -}} -BITFIELD!{FILEOFFSET_INFORMATION Bitfields: ULONGLONG [ - DontUse set_DontUse[0..9], - Offset set_Offset[9..57], - Reserved set_Reserved[57..64], -]} -STRUCT!{struct PAGEDIR_INFORMATION { - Bitfields: ULONGLONG, -}} -BITFIELD!{PAGEDIR_INFORMATION Bitfields: ULONGLONG [ - DontUse set_DontUse[0..9], - PageDirectoryBase set_PageDirectoryBase[9..57], - Reserved set_Reserved[57..64], -]} -STRUCT!{struct UNIQUE_PROCESS_INFORMATION { - Bitfields: ULONGLONG, -}} -BITFIELD!{UNIQUE_PROCESS_INFORMATION Bitfields: ULONGLONG [ - DontUse set_DontUse[0..9], - UniqueProcessKey set_UniqueProcessKey[9..57], - Reserved set_Reserved[57..64], -]} -pub type PUNIQUE_PROCESS_INFORMATION = *mut UNIQUE_PROCESS_INFORMATION; -UNION!{union MMPFN_IDENTITY_u1 { - e1: MEMORY_FRAME_INFORMATION, - e2: FILEOFFSET_INFORMATION, - e3: PAGEDIR_INFORMATION, - e4: UNIQUE_PROCESS_INFORMATION, -}} -UNION!{union MMPFN_IDENTITY_u2 { - e1: ULONG_PTR, - e2_CombinedPage: ULONG_PTR, - FileObject: ULONG_PTR, - UniqueFileObjectKey: ULONG_PTR, - ProtoPteAddress: ULONG_PTR, - VirtualAddress: ULONG_PTR, -}} -STRUCT!{struct MMPFN_IDENTITY { - u1: MMPFN_IDENTITY_u1, - PageFrameIndex: ULONG_PTR, - u2: MMPFN_IDENTITY_u2, -}} -BITFIELD!{unsafe MMPFN_IDENTITY_u2 e1: ULONG_PTR [ - Image set_Image[0..1], - Mismatch set_Mismatch[1..2], -]} -pub type PMMPFN_IDENTITY = *mut MMPFN_IDENTITY; -STRUCT!{struct MMPFN_MEMSNAP_INFORMATION { - InitialPageFrameIndex: ULONG_PTR, - Count: ULONG_PTR, -}} -pub type PMMPFN_MEMSNAP_INFORMATION = *mut MMPFN_MEMSNAP_INFORMATION; -ENUM!{enum SECTION_INFORMATION_CLASS { - SectionBasicInformation = 0, - SectionImageInformation = 1, - SectionRelocationInformation = 2, - SectionOriginalBaseInformation = 3, - SectionInternalImageInformation = 4, - MaxSectionInfoClass = 5, -}} -STRUCT!{struct SECTION_BASIC_INFORMATION { - BaseAddress: PVOID, - AllocationAttributes: ULONG, - MaximumSize: LARGE_INTEGER, -}} -pub type PSECTION_BASIC_INFORMATION = *mut SECTION_BASIC_INFORMATION; -STRUCT!{struct SECTION_IMAGE_INFORMATION_u1_s { - SubSystemMinorVersion: USHORT, - SubSystemMajorVersion: USHORT, -}} -UNION!{union SECTION_IMAGE_INFORMATION_u1 { - s: SECTION_IMAGE_INFORMATION_u1_s, - SubSystemVersion: ULONG, -}} -STRUCT!{struct SECTION_IMAGE_INFORMATION_u2_s { - MajorOperatingSystemVersion: USHORT, - MinorOperatingSystemVersion: USHORT, -}} -UNION!{union SECTION_IMAGE_INFORMATION_u2 { - s: SECTION_IMAGE_INFORMATION_u2_s, - OperatingSystemVersion: ULONG, -}} -STRUCT!{struct SECTION_IMAGE_INFORMATION { - TransferAddress: PVOID, - ZeroBits: ULONG, - MaximumStackSize: SIZE_T, - CommittedStackSize: SIZE_T, - SubSystemType: ULONG, - u1: SECTION_IMAGE_INFORMATION_u1, - u2: SECTION_IMAGE_INFORMATION_u2, - ImageCharacteristics: USHORT, - DllCharacteristics: USHORT, - Machine: USHORT, - ImageContainsCode: BOOLEAN, - ImageFlags: UCHAR, - LoaderFlags: ULONG, - ImageFileSize: ULONG, - CheckSum: ULONG, -}} -BITFIELD!{SECTION_IMAGE_INFORMATION ImageFlags: UCHAR [ - ComPlusNativeReady set_ComPlusNativeReady[0..1], - ComPlusILOnly set_ComPlusILOnly[1..2], - ImageDynamicallyRelocated set_ImageDynamicallyRelocated[2..3], - ImageMappedFlat set_ImageMappedFlat[3..4], - BaseBelow4gb set_BaseBelow4gb[4..5], - ComPlusPrefer32bit set_ComPlusPrefer32bit[5..6], - Reserved set_Reserved[6..8], -]} -pub type PSECTION_IMAGE_INFORMATION = *mut SECTION_IMAGE_INFORMATION; -STRUCT!{struct SECTION_INTERNAL_IMAGE_INFORMATION { - SectionInformation: SECTION_IMAGE_INFORMATION, - ExtendedFlags: ULONG, -}} -BITFIELD!{SECTION_INTERNAL_IMAGE_INFORMATION ExtendedFlags: ULONG [ - ImageExportSuppressionEnabled set_ImageExportSuppressionEnabled[0..1], - Reserved set_Reserved[1..32], -]} -pub type PSECTION_INTERNAL_IMAGE_INFORMATION = *mut SECTION_INTERNAL_IMAGE_INFORMATION; -ENUM!{enum SECTION_INHERIT { - ViewShare = 1, - ViewUnmap = 2, -}} -pub const SEC_BASED: u32 = 0x200000; -pub const SEC_NO_CHANGE: u32 = 0x400000; -pub const SEC_GLOBAL: u32 = 0x20000000; -pub const MEM_EXECUTE_OPTION_DISABLE: u32 = 0x1; -pub const MEM_EXECUTE_OPTION_ENABLE: u32 = 0x2; -pub const MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION: u32 = 0x4; -pub const MEM_EXECUTE_OPTION_PERMANENT: u32 = 0x8; -pub const MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE: u32 = 0x10; -pub const MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE: u32 = 0x20; -pub const MEM_EXECUTE_OPTION_VALID_FLAGS: u32 = 0x3f; -EXTERN!{extern "system" { - fn NtAllocateVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: *mut PVOID, - ZeroBits: ULONG_PTR, - RegionSize: PSIZE_T, - AllocationType: ULONG, - Protect: ULONG, - ) -> NTSTATUS; - fn NtFreeVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: *mut PVOID, - RegionSize: PSIZE_T, - FreeType: ULONG, - ) -> NTSTATUS; - fn NtReadVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - Buffer: PVOID, - BufferSize: SIZE_T, - NumberOfBytesRead: PSIZE_T, - ) -> NTSTATUS; - fn NtWriteVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - Buffer: PVOID, - BufferSize: SIZE_T, - NumberOfBytesWritten: PSIZE_T, - ) -> NTSTATUS; - fn NtProtectVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: *mut PVOID, - RegionSize: PSIZE_T, - NewProtect: ULONG, - OldProtect: PULONG, - ) -> NTSTATUS; - fn NtQueryVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - MemoryInformationClass: MEMORY_INFORMATION_CLASS, - MemoryInformation: PVOID, - MemoryInformationLength: SIZE_T, - ReturnLength: PSIZE_T, - ) -> NTSTATUS; -}} -ENUM!{enum VIRTUAL_MEMORY_INFORMATION_CLASS { - VmPrefetchInformation = 0, - VmPagePriorityInformation = 1, - VmCfgCallTargetInformation = 2, - VmPageDirtyStateInformation = 3, -}} -STRUCT!{struct MEMORY_RANGE_ENTRY { - VirtualAddress: PVOID, - NumberOfBytes: SIZE_T, -}} -pub type PMEMORY_RANGE_ENTRY = *mut MEMORY_RANGE_ENTRY; -STRUCT!{struct CFG_CALL_TARGET_LIST_INFORMATION { - NumberOfEntries: ULONG, - Reserved: ULONG, - NumberOfEntriesProcessed: PULONG, - CallTargetInfo: PCFG_CALL_TARGET_INFO, - Section: PVOID, - FileOffset: ULONGLONG, -}} -pub type PCFG_CALL_TARGET_LIST_INFORMATION = *mut CFG_CALL_TARGET_LIST_INFORMATION; -EXTERN!{extern "system" { - fn NtSetInformationVirtualMemory( - ProcessHandle: HANDLE, - VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS, - NumberOfEntries: ULONG_PTR, - VirtualAddresses: PMEMORY_RANGE_ENTRY, - VmInformation: PVOID, - VmInformationLength: ULONG, - ) -> NTSTATUS; - fn NtLockVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: *mut PVOID, - RegionSize: PSIZE_T, - MapType: ULONG, - ) -> NTSTATUS; - fn NtUnlockVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: *mut PVOID, - RegionSize: PSIZE_T, - MapType: ULONG, - ) -> NTSTATUS; - fn NtCreateSection( - SectionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - MaximumSize: PLARGE_INTEGER, - SectionPageProtection: ULONG, - AllocationAttributes: ULONG, - FileHandle: HANDLE, - ) -> NTSTATUS; - fn NtCreateSectionEx( - SectionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - MaximumSize: PLARGE_INTEGER, - SectionPageProtection: ULONG, - AllocationAttributes: ULONG, - FileHandle: HANDLE, - ExtendedParameters: PMEM_EXTENDED_PARAMETER, - ExtendedParameterCount: ULONG, - ) -> NTSTATUS; - fn NtOpenSection( - SectionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtMapViewOfSection( - SectionHandle: HANDLE, - ProcessHandle: HANDLE, - BaseAddress: *mut PVOID, - ZeroBits: ULONG_PTR, - CommitSize: SIZE_T, - SectionOffset: PLARGE_INTEGER, - ViewSize: PSIZE_T, - InheritDisposition: SECTION_INHERIT, - AllocationType: ULONG, - Win32Protect: ULONG, - ) -> NTSTATUS; - fn NtUnmapViewOfSection( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - ) -> NTSTATUS; - fn NtUnmapViewOfSectionEx( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - Flags: ULONG, - ) -> NTSTATUS; - fn NtExtendSection( - SectionHandle: HANDLE, - NewSectionSize: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtQuerySection( - SectionHandle: HANDLE, - SectionInformationClass: SECTION_INFORMATION_CLASS, - SectionInformation: PVOID, - SectionInformationLength: SIZE_T, - ReturnLength: PSIZE_T, - ) -> NTSTATUS; - fn NtAreMappedFilesTheSame( - File1MappedAsAnImage: PVOID, - File2MappedAsFile: PVOID, - ) -> NTSTATUS; -}} -pub const MEMORY_PARTITION_QUERY_ACCESS: u32 = 0x0001; -pub const MEMORY_PARTITION_MODIFY_ACCESS: u32 = 0x0002; -pub const MEMORY_PARTITION_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE - | MEMORY_PARTITION_QUERY_ACCESS | MEMORY_PARTITION_MODIFY_ACCESS; -ENUM!{enum MEMORY_PARTITION_INFORMATION_CLASS { - SystemMemoryPartitionInformation = 0, - SystemMemoryPartitionMoveMemory = 1, - SystemMemoryPartitionAddPagefile = 2, - SystemMemoryPartitionCombineMemory = 3, - SystemMemoryPartitionInitialAddMemory = 4, - SystemMemoryPartitionGetMemoryEvents = 5, - SystemMemoryPartitionMax = 6, -}} -STRUCT!{struct MEMORY_PARTITION_CONFIGURATION_INFORMATION { - Flags: ULONG, - NumaNode: ULONG, - Channel: ULONG, - NumberOfNumaNodes: ULONG, - ResidentAvailablePages: ULONG_PTR, - CommittedPages: ULONG_PTR, - CommitLimit: ULONG_PTR, - PeakCommitment: ULONG_PTR, - TotalNumberOfPages: ULONG_PTR, - AvailablePages: ULONG_PTR, - ZeroPages: ULONG_PTR, - FreePages: ULONG_PTR, - StandbyPages: ULONG_PTR, - StandbyPageCountByPriority: [ULONG_PTR; 8], - RepurposedPagesByPriority: [ULONG_PTR; 8], - MaximumCommitLimit: ULONG_PTR, - DonatedPagesToPartitions: ULONG_PTR, - PartitionId: ULONG, -}} -pub type PMEMORY_PARTITION_CONFIGURATION_INFORMATION = - *mut MEMORY_PARTITION_CONFIGURATION_INFORMATION; -STRUCT!{struct MEMORY_PARTITION_TRANSFER_INFORMATION { - NumberOfPages: ULONG_PTR, - NumaNode: ULONG, - Flags: ULONG, -}} -pub type PMEMORY_PARTITION_TRANSFER_INFORMATION = *mut MEMORY_PARTITION_TRANSFER_INFORMATION; -STRUCT!{struct MEMORY_PARTITION_PAGEFILE_INFORMATION { - PageFileName: UNICODE_STRING, - MinimumSize: LARGE_INTEGER, - MaximumSize: LARGE_INTEGER, - Flags: ULONG, -}} -pub type PMEMORY_PARTITION_PAGEFILE_INFORMATION = *mut MEMORY_PARTITION_PAGEFILE_INFORMATION; -STRUCT!{struct MEMORY_PARTITION_PAGE_COMBINE_INFORMATION { - StopHandle: HANDLE, - Flags: ULONG, - TotalNumberOfPages: ULONG_PTR, -}} -pub type PMEMORY_PARTITION_PAGE_COMBINE_INFORMATION = - *mut MEMORY_PARTITION_PAGE_COMBINE_INFORMATION; -STRUCT!{struct MEMORY_PARTITION_PAGE_RANGE { - StartPage: ULONG_PTR, - NumberOfPages: ULONG_PTR, -}} -pub type PMEMORY_PARTITION_PAGE_RANGE = *mut MEMORY_PARTITION_PAGE_RANGE; -STRUCT!{struct MEMORY_PARTITION_INITIAL_ADD_INFORMATION { - Flags: ULONG, - NumberOfRanges: ULONG, - NumberOfPagesAdded: ULONG_PTR, - PartitionRanges: [MEMORY_PARTITION_PAGE_RANGE; 1], -}} -pub type PMEMORY_PARTITION_INITIAL_ADD_INFORMATION = *mut MEMORY_PARTITION_INITIAL_ADD_INFORMATION; -STRUCT!{struct MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION { - Flags: ULONG, - HandleAttributes: ULONG, - DesiredAccess: ULONG, - LowCommitCondition: HANDLE, - HighCommitCondition: HANDLE, - MaximumCommitCondition: HANDLE, -}} -BITFIELD!{MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION Flags: ULONG [ - CommitEvents set_CommitEvents[0..1], - Spare set_Spare[1..32], -]} -pub type PMEMORY_PARTITION_MEMORY_EVENTS_INFORMATION = - *mut MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION; -EXTERN!{extern "system" { - fn NtCreatePartition( - PartitionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - PreferredNode: ULONG, - ) -> NTSTATUS; - fn NtOpenPartition( - PartitionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtManagePartition( - PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS, - PartitionInformation: PVOID, - PartitionInformationLength: ULONG, - ) -> NTSTATUS; - fn NtMapUserPhysicalPages( - VirtualAddress: PVOID, - NumberOfPages: ULONG_PTR, - UserPfnArray: PULONG_PTR, - ) -> NTSTATUS; - fn NtMapUserPhysicalPagesScatter( - VirtualAddresses: *mut PVOID, - NumberOfPages: ULONG_PTR, - UserPfnArray: PULONG_PTR, - ) -> NTSTATUS; - fn NtAllocateUserPhysicalPages( - ProcessHandle: HANDLE, - NumberOfPages: PULONG_PTR, - UserPfnArray: PULONG_PTR, - ) -> NTSTATUS; - fn NtFreeUserPhysicalPages( - ProcessHandle: HANDLE, - NumberOfPages: PULONG_PTR, - UserPfnArray: PULONG_PTR, - ) -> NTSTATUS; - fn NtOpenSession( - SessionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtGetWriteWatch( - ProcessHandle: HANDLE, - Flags: ULONG, - BaseAddress: PVOID, - RegionSize: SIZE_T, - UserAddressArray: *mut PVOID, - EntriesInUserAddressArray: PULONG_PTR, - Granularity: PULONG, - ) -> NTSTATUS; - fn NtResetWriteWatch( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - RegionSize: SIZE_T, - ) -> NTSTATUS; - fn NtCreatePagingFile( - PageFileName: PUNICODE_STRING, - MinimumSize: PLARGE_INTEGER, - MaximumSize: PLARGE_INTEGER, - Priority: ULONG, - ) -> NTSTATUS; - fn NtFlushInstructionCache( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - Length: SIZE_T, - ) -> NTSTATUS; - fn NtFlushWriteBuffer() -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/ntnls.rs b/vendor/ntapi/src/ntnls.rs deleted file mode 100644 index 592a1988f..000000000 --- a/vendor/ntapi/src/ntnls.rs +++ /dev/null @@ -1,29 +0,0 @@ -use winapi::shared::ntdef::{BOOLEAN, PUSHORT, PVOID, UCHAR, USHORT}; -pub const MAXIMUM_LEADBYTES: usize = 12; -STRUCT!{struct CPTABLEINFO { - CodePage: USHORT, - MaximumCharacterSize: USHORT, - DefaultChar: USHORT, - UniDefaultChar: USHORT, - TransDefaultChar: USHORT, - TransUniDefaultChar: USHORT, - DBCSCodePage: USHORT, - LeadByte: [UCHAR; MAXIMUM_LEADBYTES], - MultiByteTable: PUSHORT, - WideCharTable: PVOID, - DBCSRanges: PUSHORT, - DBCSOffsets: PUSHORT, -}} -pub type PCPTABLEINFO = *mut CPTABLEINFO; -STRUCT!{struct NLSTABLEINFO { - OemTableInfo: CPTABLEINFO, - AnsiTableInfo: CPTABLEINFO, - UpperCaseTable: PUSHORT, - LowerCaseTable: PUSHORT, -}} -pub type PNLSTABLEINFO = *mut NLSTABLEINFO; -EXTERN!{extern "C" { - static mut NlsAnsiCodePage: USHORT; - static mut NlsMbCodePageTag: BOOLEAN; - static mut NlsMbOemCodePageTag: BOOLEAN; -}} diff --git a/vendor/ntapi/src/ntobapi.rs b/vendor/ntapi/src/ntobapi.rs deleted file mode 100644 index 388ec6199..000000000 --- a/vendor/ntapi/src/ntobapi.rs +++ /dev/null @@ -1,226 +0,0 @@ -use winapi::shared::ntdef::{ - BOOLEAN, CHAR, HANDLE, LARGE_INTEGER, LONG, NTSTATUS, PHANDLE, PLARGE_INTEGER, - POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, WAIT_TYPE, -}; -use winapi::um::winnt::{ - ACCESS_MASK, GENERIC_MAPPING, PSECURITY_DESCRIPTOR, SECURITY_INFORMATION, - STANDARD_RIGHTS_REQUIRED, -}; -pub const OBJECT_TYPE_CREATE: u32 = 0x0001; -pub const OBJECT_TYPE_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0x1; -pub const DIRECTORY_QUERY: u32 = 0x0001; -pub const DIRECTORY_TRAVERSE: u32 = 0x0002; -pub const DIRECTORY_CREATE_OBJECT: u32 = 0x0004; -pub const DIRECTORY_CREATE_SUBDIRECTORY: u32 = 0x0008; -pub const DIRECTORY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0xf; -pub const SYMBOLIC_LINK_QUERY: u32 = 0x0001; -pub const SYMBOLIC_LINK_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0x1; -pub const OBJ_PROTECT_CLOSE: u32 = 0x00000001; -pub const OBJ_INHERIT: u32 = 0x00000002; -pub const OBJ_AUDIT_OBJECT_CLOSE: u32 = 0x00000004; -ENUM!{enum OBJECT_INFORMATION_CLASS { - ObjectBasicInformation = 0, - ObjectNameInformation = 1, - ObjectTypeInformation = 2, - ObjectTypesInformation = 3, - ObjectHandleFlagInformation = 4, - ObjectSessionInformation = 5, - ObjectSessionObjectInformation = 6, - MaxObjectInfoClass = 7, -}} -STRUCT!{struct OBJECT_BASIC_INFORMATION { - Attributes: ULONG, - GrantedAccess: ACCESS_MASK, - HandleCount: ULONG, - PointerCount: ULONG, - PagedPoolCharge: ULONG, - NonPagedPoolCharge: ULONG, - Reserved: [ULONG; 3], - NameInfoSize: ULONG, - TypeInfoSize: ULONG, - SecurityDescriptorSize: ULONG, - CreationTime: LARGE_INTEGER, -}} -pub type POBJECT_BASIC_INFORMATION = *mut OBJECT_BASIC_INFORMATION; -STRUCT!{struct OBJECT_NAME_INFORMATION { - Name: UNICODE_STRING, -}} -pub type POBJECT_NAME_INFORMATION = *mut OBJECT_NAME_INFORMATION; -STRUCT!{struct OBJECT_TYPE_INFORMATION { - TypeName: UNICODE_STRING, - TotalNumberOfObjects: ULONG, - TotalNumberOfHandles: ULONG, - TotalPagedPoolUsage: ULONG, - TotalNonPagedPoolUsage: ULONG, - TotalNamePoolUsage: ULONG, - TotalHandleTableUsage: ULONG, - HighWaterNumberOfObjects: ULONG, - HighWaterNumberOfHandles: ULONG, - HighWaterPagedPoolUsage: ULONG, - HighWaterNonPagedPoolUsage: ULONG, - HighWaterNamePoolUsage: ULONG, - HighWaterHandleTableUsage: ULONG, - InvalidAttributes: ULONG, - GenericMapping: GENERIC_MAPPING, - ValidAccessMask: ULONG, - SecurityRequired: BOOLEAN, - MaintainHandleCount: BOOLEAN, - TypeIndex: UCHAR, - ReservedByte: CHAR, - PoolType: ULONG, - DefaultPagedPoolCharge: ULONG, - DefaultNonPagedPoolCharge: ULONG, -}} -pub type POBJECT_TYPE_INFORMATION = *mut OBJECT_TYPE_INFORMATION; -STRUCT!{struct OBJECT_TYPES_INFORMATION { - NumberOfTypes: ULONG, -}} -pub type POBJECT_TYPES_INFORMATION = *mut OBJECT_TYPES_INFORMATION; -STRUCT!{struct OBJECT_HANDLE_FLAG_INFORMATION { - Inherit: BOOLEAN, - ProtectFromClose: BOOLEAN, -}} -pub type POBJECT_HANDLE_FLAG_INFORMATION = *mut OBJECT_HANDLE_FLAG_INFORMATION; -EXTERN!{extern "system" { - fn NtQueryObject( - Handle: HANDLE, - ObjectInformationClass: OBJECT_INFORMATION_CLASS, - ObjectInformation: PVOID, - ObjectInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtSetInformationObject( - Handle: HANDLE, - ObjectInformationClass: OBJECT_INFORMATION_CLASS, - ObjectInformation: PVOID, - ObjectInformationLength: ULONG, - ) -> NTSTATUS; -}} -pub const DUPLICATE_CLOSE_SOURCE: u32 = 0x00000001; -pub const DUPLICATE_SAME_ACCESS: u32 = 0x00000002; -pub const DUPLICATE_SAME_ATTRIBUTES: u32 = 0x00000004; -EXTERN!{extern "system" { - fn NtDuplicateObject( - SourceProcessHandle: HANDLE, - SourceHandle: HANDLE, - TargetProcessHandle: HANDLE, - TargetHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - HandleAttributes: ULONG, - Options: ULONG, - ) -> NTSTATUS; - fn NtMakeTemporaryObject( - Handle: HANDLE, - ) -> NTSTATUS; - fn NtMakePermanentObject( - Handle: HANDLE, - ) -> NTSTATUS; - fn NtSignalAndWaitForSingleObject( - SignalHandle: HANDLE, - WaitHandle: HANDLE, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtWaitForSingleObject( - Handle: HANDLE, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtWaitForMultipleObjects( - Count: ULONG, - Handles: *mut HANDLE, - WaitType: WAIT_TYPE, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtWaitForMultipleObjects32( - Count: ULONG, - Handles: *mut LONG, - WaitType: WAIT_TYPE, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtSetSecurityObject( - Handle: HANDLE, - SecurityInformation: SECURITY_INFORMATION, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ) -> NTSTATUS; - fn NtQuerySecurityObject( - Handle: HANDLE, - SecurityInformation: SECURITY_INFORMATION, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Length: ULONG, - LengthNeeded: PULONG, - ) -> NTSTATUS; - fn NtClose( - Handle: HANDLE, - ) -> NTSTATUS; - fn NtCompareObjects( - FirstObjectHandle: HANDLE, - SecondObjectHandle: HANDLE, - ) -> NTSTATUS; - fn NtCreateDirectoryObject( - DirectoryHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtCreateDirectoryObjectEx( - DirectoryHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ShadowDirectoryHandle: HANDLE, - Flags: ULONG, - ) -> NTSTATUS; - fn NtOpenDirectoryObject( - DirectoryHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; -}} -STRUCT!{struct OBJECT_DIRECTORY_INFORMATION { - Name: UNICODE_STRING, - TypeName: UNICODE_STRING, -}} -pub type POBJECT_DIRECTORY_INFORMATION = *mut OBJECT_DIRECTORY_INFORMATION; -EXTERN!{extern "system" { - fn NtQueryDirectoryObject( - DirectoryHandle: HANDLE, - Buffer: PVOID, - Length: ULONG, - ReturnSingleEntry: BOOLEAN, - RestartScan: BOOLEAN, - Context: PULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtCreatePrivateNamespace( - NamespaceHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - BoundaryDescriptor: PVOID, - ) -> NTSTATUS; - fn NtOpenPrivateNamespace( - NamespaceHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - BoundaryDescriptor: PVOID, - ) -> NTSTATUS; - fn NtDeletePrivateNamespace( - NamespaceHandle: HANDLE, - ) -> NTSTATUS; - fn NtCreateSymbolicLinkObject( - LinkHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - LinkTarget: PUNICODE_STRING, - ) -> NTSTATUS; - fn NtOpenSymbolicLinkObject( - LinkHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtQuerySymbolicLinkObject( - LinkHandle: HANDLE, - LinkTarget: PUNICODE_STRING, - ReturnedLength: PULONG, - ) -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/ntpebteb.rs b/vendor/ntapi/src/ntpebteb.rs deleted file mode 100644 index b51705863..000000000 --- a/vendor/ntapi/src/ntpebteb.rs +++ /dev/null @@ -1,431 +0,0 @@ -use core::mem::size_of; -use crate::ntapi_base::CLIENT_ID; -use crate::ntpsapi::{GDI_HANDLE_BUFFER, PPEB_LDR_DATA}; -use crate::ntrtl::PRTL_USER_PROCESS_PARAMETERS; -use winapi::shared::basetsd::{SIZE_T, ULONG_PTR}; -use winapi::shared::guiddef::GUID; -use winapi::shared::ntdef::{ - BOOLEAN, CHAR, HANDLE, LCID, LIST_ENTRY, LONG, NTSTATUS, PROCESSOR_NUMBER, PSTR, PVOID, UCHAR, - ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, USHORT, WCHAR, -}; -use winapi::um::winnt::{ - ACTIVATION_CONTEXT, FLS_MAXIMUM_AVAILABLE, NT_TIB, PRTL_CRITICAL_SECTION, PSLIST_HEADER, -}; -STRUCT!{struct RTL_ACTIVATION_CONTEXT_STACK_FRAME { - Previous: PRTL_ACTIVATION_CONTEXT_STACK_FRAME, - ActivationContext: *mut ACTIVATION_CONTEXT, - Flags: ULONG, -}} -pub type PRTL_ACTIVATION_CONTEXT_STACK_FRAME = *mut RTL_ACTIVATION_CONTEXT_STACK_FRAME; -STRUCT!{struct ACTIVATION_CONTEXT_STACK { - ActiveFrame: *mut RTL_ACTIVATION_CONTEXT_STACK_FRAME, - FrameListCache: LIST_ENTRY, - Flags: ULONG, - NextCookieSequenceNumber: ULONG, - StackId: ULONG, -}} -pub type PACTIVATION_CONTEXT_STACK = *mut ACTIVATION_CONTEXT_STACK; -STRUCT!{struct API_SET_NAMESPACE { - Version: ULONG, - Size: ULONG, - Flags: ULONG, - Count: ULONG, - EntryOffset: ULONG, - HashOffset: ULONG, - HashFactor: ULONG, -}} -pub type PAPI_SET_NAMESPACE = *mut API_SET_NAMESPACE; -STRUCT!{struct API_SET_HASH_ENTRY { - Hash: ULONG, - Index: ULONG, -}} -pub type PAPI_SET_HASH_ENTRY = *mut API_SET_HASH_ENTRY; -STRUCT!{struct API_SET_NAMESPACE_ENTRY { - Flags: ULONG, - NameOffset: ULONG, - NameLength: ULONG, - HashedLength: ULONG, - ValueOffset: ULONG, - ValueCount: ULONG, -}} -pub type PAPI_SET_NAMESPACE_ENTRY = *mut API_SET_NAMESPACE_ENTRY; -STRUCT!{struct API_SET_VALUE_ENTRY { - Flags: ULONG, - NameOffset: ULONG, - NameLength: ULONG, - ValueOffset: ULONG, - ValueLength: ULONG, -}} -pub type PAPI_SET_VALUE_ENTRY = *mut API_SET_VALUE_ENTRY; -UNION!{union PEB_u { - KernelCallbackTable: PVOID, - UserSharedInfoPtr: PVOID, -}} -#[repr(C)] -pub struct LEAP_SECOND_DATA([u8; 0]); //fixme -STRUCT!{struct PEB { - InheritedAddressSpace: BOOLEAN, - ReadImageFileExecOptions: BOOLEAN, - BeingDebugged: BOOLEAN, - BitField: BOOLEAN, - Mutant: HANDLE, - ImageBaseAddress: PVOID, - Ldr: PPEB_LDR_DATA, - ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, - SubSystemData: PVOID, - ProcessHeap: PVOID, - FastPebLock: PRTL_CRITICAL_SECTION, - IFEOKey: PVOID, - AtlThunkSListPtr: PSLIST_HEADER, - CrossProcessFlags: ULONG, - u: PEB_u, - SystemReserved: [ULONG; 1], - AtlThunkSListPtr32: ULONG, - ApiSetMap: PAPI_SET_NAMESPACE, - TlsExpansionCounter: ULONG, - TlsBitmap: PVOID, - TlsBitmapBits: [ULONG; 2], - ReadOnlySharedMemoryBase: PVOID, - SharedData: PVOID, - ReadOnlyStaticServerData: *mut PVOID, - AnsiCodePageData: PVOID, - OemCodePageData: PVOID, - UnicodeCaseTableData: PVOID, - NumberOfProcessors: ULONG, - NtGlobalFlag: ULONG, - CriticalSectionTimeout: ULARGE_INTEGER, - HeapSegmentReserve: SIZE_T, - HeapSegmentCommit: SIZE_T, - HeapDeCommitTotalFreeThreshold: SIZE_T, - HeapDeCommitFreeBlockThreshold: SIZE_T, - NumberOfHeaps: ULONG, - MaximumNumberOfHeaps: ULONG, - ProcessHeaps: *mut PVOID, - GdiSharedHandleTable: PVOID, - ProcessStarterHelper: PVOID, - GdiDCAttributeList: ULONG, - LoaderLock: PRTL_CRITICAL_SECTION, - OSMajorVersion: ULONG, - OSMinorVersion: ULONG, - OSBuildNumber: USHORT, - OSCSDVersion: USHORT, - OSPlatformId: ULONG, - ImageSubsystem: ULONG, - ImageSubsystemMajorVersion: ULONG, - ImageSubsystemMinorVersion: ULONG, - ActiveProcessAffinityMask: ULONG_PTR, - GdiHandleBuffer: GDI_HANDLE_BUFFER, - PostProcessInitRoutine: PVOID, - TlsExpansionBitmap: PVOID, - TlsExpansionBitmapBits: [ULONG; 32], - SessionId: ULONG, - AppCompatFlags: ULARGE_INTEGER, - AppCompatFlagsUser: ULARGE_INTEGER, - pShimData: PVOID, - AppCompatInfo: PVOID, - CSDVersion: UNICODE_STRING, - ActivationContextData: PVOID, - ProcessAssemblyStorageMap: PVOID, - SystemDefaultActivationContextData: PVOID, - SystemAssemblyStorageMap: PVOID, - MinimumStackCommit: SIZE_T, - FlsCallback: *mut PVOID, - FlsListHead: LIST_ENTRY, - FlsBitmap: PVOID, - FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::<ULONG>() * 8)], - FlsHighIndex: ULONG, - WerRegistrationData: PVOID, - WerShipAssertPtr: PVOID, - pUnused: PVOID, - pImageHeaderHash: PVOID, - TracingFlags: ULONG, - CsrServerReadOnlySharedMemoryBase: ULONGLONG, - TppWorkerpListLock: PRTL_CRITICAL_SECTION, - TppWorkerpList: LIST_ENTRY, - WaitOnAddressHashTable: [PVOID; 128], - TelemetryCoverageHeader: PVOID, - CloudFileFlags: ULONG, - CloudFileDiagFlags: ULONG, - PlaceholderCompatibilityMode: CHAR, - PlaceholderCompatibilityModeReserved: [CHAR; 7], - LeapSecondData: *mut LEAP_SECOND_DATA, - LeapSecondFlags: ULONG, - NtGlobalFlag2: ULONG, -}} -BITFIELD!{PEB BitField: BOOLEAN [ - ImageUsesLargePages set_ImageUsesLargePages[0..1], - IsProtectedProcess set_IsProtectedProcess[1..2], - IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3], - SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4], - IsPackagedProcess set_IsPackagedProcess[4..5], - IsAppContainer set_IsAppContainer[5..6], - IsProtectedProcessLight set_IsProtectedProcessLight[6..7], - IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8], -]} -BITFIELD!{PEB CrossProcessFlags: ULONG [ - ProcessInJob set_ProcessInJob[0..1], - ProcessInitializing set_ProcessInitializing[1..2], - ProcessUsingVEH set_ProcessUsingVEH[2..3], - ProcessUsingVCH set_ProcessUsingVCH[3..4], - ProcessUsingFTH set_ProcessUsingFTH[4..5], - ProcessPreviouslyThrottled set_ProcessPreviouslyThrottled[5..6], - ProcessCurrentlyThrottled set_ProcessCurrentlyThrottled[6..7], - ProcessImagesHotPatched set_ProcessImagesHotPatched[7..8], - ReservedBits0 set_ReservedBits0[8..32], -]} -BITFIELD!{PEB TracingFlags: ULONG [ - HeapTracingEnabled set_HeapTracingEnabled[0..1], - CritSecTracingEnabled set_CritSecTracingEnabled[1..2], - LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3], - SpareTracingBits set_SpareTracingBits[3..32], -]} -BITFIELD!{PEB LeapSecondFlags: ULONG [ - SixtySecondEnabled set_SixtySecondEnabled[0..1], - Reserved set_Reserved[1..32], -]} -pub type PPEB = *mut PEB; -pub const GDI_BATCH_BUFFER_SIZE: usize = 310; -STRUCT!{struct GDI_TEB_BATCH { - Offset: ULONG, - HDC: ULONG_PTR, - Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE], -}} -pub type PGDI_TEB_BATCH = *mut GDI_TEB_BATCH; -STRUCT!{struct TEB_ACTIVE_FRAME_CONTEXT { - Flags: ULONG, - FrameName: PSTR, -}} -pub type PTEB_ACTIVE_FRAME_CONTEXT = *mut TEB_ACTIVE_FRAME_CONTEXT; -STRUCT!{struct TEB_ACTIVE_FRAME { - Flags: ULONG, - Previous: *mut TEB_ACTIVE_FRAME, - Context: PTEB_ACTIVE_FRAME_CONTEXT, -}} -pub type PTEB_ACTIVE_FRAME = *mut TEB_ACTIVE_FRAME; -STRUCT!{struct TEB_u_s { - ReservedPad0: UCHAR, - ReservedPad1: UCHAR, - ReservedPad2: UCHAR, - IdealProcessor: UCHAR, -}} -UNION!{union TEB_u { - CurrentIdealProcessor: PROCESSOR_NUMBER, - IdealProcessorValue: ULONG, - s: TEB_u_s, -}} -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -STRUCT!{struct TEB { - NtTib: NT_TIB, - EnvironmentPointer: PVOID, - ClientId: CLIENT_ID, - ActiveRpcHandle: PVOID, - ThreadLocalStoragePointer: PVOID, - ProcessEnvironmentBlock: PPEB, - LastErrorValue: ULONG, - CountOfOwnedCriticalSections: ULONG, - CsrClientThread: PVOID, - Win32ThreadInfo: PVOID, - User32Reserved: [ULONG; 26], - UserReserved: [ULONG; 5], - WOW32Reserved: PVOID, - CurrentLocale: LCID, - FpSoftwareStatusRegister: ULONG, - ReservedForDebuggerInstrumentation: [PVOID; 16], - SystemReserved1: [PVOID; 30], - PlaceholderCompatibilityMode: CHAR, - PlaceholderReserved: [CHAR; 11], - ProxiedProcessId: ULONG, - ActivationStack: ACTIVATION_CONTEXT_STACK, - WorkingOnBehalfTicket: [UCHAR; 8], - ExceptionCode: NTSTATUS, - ActivationContextStackPointer: PACTIVATION_CONTEXT_STACK, - InstrumentationCallbackSp: ULONG_PTR, - InstrumentationCallbackPreviousPc: ULONG_PTR, - InstrumentationCallbackPreviousSp: ULONG_PTR, - TxFsContext: ULONG, - InstrumentationCallbackDisabled: BOOLEAN, - GdiTebBatch: GDI_TEB_BATCH, - RealClientId: CLIENT_ID, - GdiCachedProcessHandle: HANDLE, - GdiClientPID: ULONG, - GdiClientTID: ULONG, - GdiThreadLocalInfo: PVOID, - Win32ClientInfo: [ULONG_PTR; 62], - glDispatchTable: [PVOID; 233], - glReserved1: [ULONG_PTR; 29], - glReserved2: PVOID, - glSectionInfo: PVOID, - glSection: PVOID, - glTable: PVOID, - glCurrentRC: PVOID, - glContext: PVOID, - LastStatusValue: NTSTATUS, - StaticUnicodeString: UNICODE_STRING, - StaticUnicodeBuffer: [WCHAR; 261], - DeallocationStack: PVOID, - TlsSlots: [PVOID; 64], - TlsLinks: LIST_ENTRY, - Vdm: PVOID, - ReservedForNtRpc: PVOID, - DbgSsReserved: [PVOID; 2], - HardErrorMode: ULONG, - Instrumentation: [PVOID; 11], - ActivityId: GUID, - SubProcessTag: PVOID, - PerflibData: PVOID, - EtwTraceData: PVOID, - WinSockData: PVOID, - GdiBatchCount: ULONG, - u: TEB_u, - GuaranteedStackBytes: ULONG, - ReservedForPerf: PVOID, - ReservedForOle: PVOID, - WaitingOnLoaderLock: ULONG, - SavedPriorityState: PVOID, - ReservedForCodeCoverage: ULONG_PTR, - ThreadPoolData: PVOID, - TlsExpansionSlots: *mut PVOID, - DeallocationBStore: PVOID, - BStoreLimit: PVOID, - MuiGeneration: ULONG, - IsImpersonating: ULONG, - NlsCache: PVOID, - pShimData: PVOID, - HeapVirtualAffinity: USHORT, - LowFragHeapDataSlot: USHORT, - CurrentTransactionHandle: HANDLE, - ActiveFrame: PTEB_ACTIVE_FRAME, - FlsData: PVOID, - PreferredLanguages: PVOID, - UserPrefLanguages: PVOID, - MergedPrefLanguages: PVOID, - MuiImpersonation: ULONG, - CrossTebFlags: USHORT, - SameTebFlags: USHORT, - TxnScopeEnterCallback: PVOID, - TxnScopeExitCallback: PVOID, - TxnScopeContext: PVOID, - LockCount: ULONG, - WowTebOffset: LONG, - ResourceRetValue: PVOID, - ReservedForWdf: PVOID, - ReservedForCrt: ULONGLONG, - EffectiveContainerId: GUID, -}} -#[cfg(target_arch = "x86")] -STRUCT!{struct TEB { - NtTib: NT_TIB, - EnvironmentPointer: PVOID, - ClientId: CLIENT_ID, - ActiveRpcHandle: PVOID, - ThreadLocalStoragePointer: PVOID, - ProcessEnvironmentBlock: PPEB, - LastErrorValue: ULONG, - CountOfOwnedCriticalSections: ULONG, - CsrClientThread: PVOID, - Win32ThreadInfo: PVOID, - User32Reserved: [ULONG; 26], - UserReserved: [ULONG; 5], - WOW32Reserved: PVOID, - CurrentLocale: LCID, - FpSoftwareStatusRegister: ULONG, - ReservedForDebuggerInstrumentation: [PVOID; 16], - SystemReserved1: [PVOID; 26], - PlaceholderCompatibilityMode: CHAR, - PlaceholderReserved: [CHAR; 11], - ProxiedProcessId: ULONG, - ActivationStack: ACTIVATION_CONTEXT_STACK, - WorkingOnBehalfTicket: [UCHAR; 8], - ExceptionCode: NTSTATUS, - ActivationContextStackPointer: PACTIVATION_CONTEXT_STACK, - InstrumentationCallbackSp: ULONG_PTR, - InstrumentationCallbackPreviousPc: ULONG_PTR, - InstrumentationCallbackPreviousSp: ULONG_PTR, - InstrumentationCallbackDisabled: BOOLEAN, - SpareBytes: [UCHAR; 23], - TxFsContext: ULONG, - GdiTebBatch: GDI_TEB_BATCH, - RealClientId: CLIENT_ID, - GdiCachedProcessHandle: HANDLE, - GdiClientPID: ULONG, - GdiClientTID: ULONG, - GdiThreadLocalInfo: PVOID, - Win32ClientInfo: [ULONG_PTR; 62], - glDispatchTable: [PVOID; 233], - glReserved1: [ULONG_PTR; 29], - glReserved2: PVOID, - glSectionInfo: PVOID, - glSection: PVOID, - glTable: PVOID, - glCurrentRC: PVOID, - glContext: PVOID, - LastStatusValue: NTSTATUS, - StaticUnicodeString: UNICODE_STRING, - StaticUnicodeBuffer: [WCHAR; 261], - DeallocationStack: PVOID, - TlsSlots: [PVOID; 64], - TlsLinks: LIST_ENTRY, - Vdm: PVOID, - ReservedForNtRpc: PVOID, - DbgSsReserved: [PVOID; 2], - HardErrorMode: ULONG, - Instrumentation: [PVOID; 9], - ActivityId: GUID, - SubProcessTag: PVOID, - PerflibData: PVOID, - EtwTraceData: PVOID, - WinSockData: PVOID, - GdiBatchCount: ULONG, - u: TEB_u, - GuaranteedStackBytes: ULONG, - ReservedForPerf: PVOID, - ReservedForOle: PVOID, - WaitingOnLoaderLock: ULONG, - SavedPriorityState: PVOID, - ReservedForCodeCoverage: ULONG_PTR, - ThreadPoolData: PVOID, - TlsExpansionSlots: *mut PVOID, - MuiGeneration: ULONG, - IsImpersonating: ULONG, - NlsCache: PVOID, - pShimData: PVOID, - HeapVirtualAffinity: USHORT, - LowFragHeapDataSlot: USHORT, - CurrentTransactionHandle: HANDLE, - ActiveFrame: PTEB_ACTIVE_FRAME, - FlsData: PVOID, - PreferredLanguages: PVOID, - UserPrefLanguages: PVOID, - MergedPrefLanguages: PVOID, - MuiImpersonation: ULONG, - CrossTebFlags: USHORT, - SameTebFlags: USHORT, - TxnScopeEnterCallback: PVOID, - TxnScopeExitCallback: PVOID, - TxnScopeContext: PVOID, - LockCount: ULONG, - WowTebOffset: LONG, - ResourceRetValue: PVOID, - ReservedForWdf: PVOID, - ReservedForCrt: ULONGLONG, - EffectiveContainerId: GUID, -}} -BITFIELD!{TEB SameTebFlags: USHORT [ - SafeThunkCall set_SafeThunkCall[0..1], - InDebugPrint set_InDebugPrint[1..2], - HasFiberData set_HasFiberData[2..3], - SkipThreadAttach set_SkipThreadAttach[3..4], - WerInShipAssertCode set_WerInShipAssertCode[4..5], - RanProcessInit set_RanProcessInit[5..6], - ClonedThread set_ClonedThread[6..7], - SuppressDebugMsg set_SuppressDebugMsg[7..8], - DisableUserStackWalk set_DisableUserStackWalk[8..9], - RtlExceptionAttached set_RtlExceptionAttached[9..10], - InitialThread set_InitialThread[10..11], - SessionAware set_SessionAware[11..12], - LoadOwner set_LoadOwner[12..13], - LoaderWorker set_LoaderWorker[13..14], - SkipLoaderInit set_SkipLoaderInit[14..15], - SpareSameTebBits set_SpareSameTebBits[15..16], -]} -pub type PTEB = *mut TEB; diff --git a/vendor/ntapi/src/ntpfapi.rs b/vendor/ntapi/src/ntpfapi.rs deleted file mode 100644 index d6323611b..000000000 --- a/vendor/ntapi/src/ntpfapi.rs +++ /dev/null @@ -1,219 +0,0 @@ -use crate::ntexapi::SYSTEM_MEMORY_LIST_INFORMATION; -use crate::ntmmapi::MMPFN_IDENTITY; -use winapi::shared::basetsd::{SIZE_T, ULONG_PTR}; -use winapi::shared::ntdef::{CHAR, LONGLONG, PVOID, ULONG, ULONGLONG, WCHAR}; -ENUM!{enum PF_BOOT_PHASE_ID { - PfKernelInitPhase = 0, - PfBootDriverInitPhase = 90, - PfSystemDriverInitPhase = 120, - PfSessionManagerInitPhase = 150, - PfSMRegistryInitPhase = 180, - PfVideoInitPhase = 210, - PfPostVideoInitPhase = 240, - PfBootAcceptedRegistryInitPhase = 270, - PfUserShellReadyPhase = 300, - PfMaxBootPhaseId = 900, -}} -ENUM!{enum PF_ENABLE_STATUS { - PfSvNotSpecified = 0, - PfSvEnabled = 1, - PfSvDisabled = 2, - PfSvMaxEnableStatus = 3, -}} -STRUCT!{struct PF_TRACE_LIMITS { - MaxNumPages: ULONG, - MaxNumSections: ULONG, - TimerPeriod: LONGLONG, -}} -pub type PPF_TRACE_LIMITS = *mut PF_TRACE_LIMITS; -STRUCT!{struct PF_SYSTEM_PREFETCH_PARAMETERS { - EnableStatus: [PF_ENABLE_STATUS; 2], - TraceLimits: [PF_TRACE_LIMITS; 2], - MaxNumActiveTraces: ULONG, - MaxNumSavedTraces: ULONG, - RootDirPath: [WCHAR; 32], - HostingApplicationList: [WCHAR; 128], -}} -pub type PPF_SYSTEM_PREFETCH_PARAMETERS = *mut PF_SYSTEM_PREFETCH_PARAMETERS; -pub const PF_BOOT_CONTROL_VERSION: u32 = 1; -STRUCT!{struct PF_BOOT_CONTROL { - Version: ULONG, - DisableBootPrefetching: ULONG, -}} -pub type PPF_BOOT_CONTROL = *mut PF_BOOT_CONTROL; -ENUM!{enum PREFETCHER_INFORMATION_CLASS { - PrefetcherRetrieveTrace = 1, - PrefetcherSystemParameters = 2, - PrefetcherBootPhase = 3, - PrefetcherRetrieveBootLoaderTrace = 4, - PrefetcherBootControl = 5, -}} -pub const PREFETCHER_INFORMATION_VERSION: ULONG = 23; -pub const PREFETCHER_INFORMATION_MAGIC: ULONG = 0x6b756843; -STRUCT!{struct PREFETCHER_INFORMATION { - Version: ULONG, - Magic: ULONG, - PrefetcherInformationClass: PREFETCHER_INFORMATION_CLASS, - PrefetcherInformation: PVOID, - PrefetcherInformationLength: ULONG, -}} -pub type PPREFETCHER_INFORMATION = *mut PREFETCHER_INFORMATION; -STRUCT!{struct PF_SYSTEM_SUPERFETCH_PARAMETERS { - EnabledComponents: ULONG, - BootID: ULONG, - SavedSectInfoTracesMax: ULONG, - SavedPageAccessTracesMax: ULONG, - ScenarioPrefetchTimeoutStandby: ULONG, - ScenarioPrefetchTimeoutHibernate: ULONG, -}} -pub type PPF_SYSTEM_SUPERFETCH_PARAMETERS = *mut PF_SYSTEM_SUPERFETCH_PARAMETERS; -pub const PF_PFN_PRIO_REQUEST_VERSION: u32 = 1; -pub const PF_PFN_PRIO_REQUEST_QUERY_MEMORY_LIST: u32 = 0x1; -pub const PF_PFN_PRIO_REQUEST_VALID_FLAGS: u32 = 0x1; -STRUCT!{struct PF_PFN_PRIO_REQUEST { - Version: ULONG, - RequestFlags: ULONG, - PfnCount: ULONG_PTR, - MemInfo: SYSTEM_MEMORY_LIST_INFORMATION, - PageData: [MMPFN_IDENTITY; 256], -}} -pub type PPF_PFN_PRIO_REQUEST = *mut PF_PFN_PRIO_REQUEST; -ENUM!{enum PFS_PRIVATE_PAGE_SOURCE_TYPE { - PfsPrivateSourceKernel = 0, - PfsPrivateSourceSession = 1, - PfsPrivateSourceProcess = 2, - PfsPrivateSourceMax = 3, -}} -UNION!{union PFS_PRIVATE_PAGE_SOURCE_u { - SessionId: ULONG, - ProcessId: ULONG, -}} -STRUCT!{struct PFS_PRIVATE_PAGE_SOURCE { - Type: PFS_PRIVATE_PAGE_SOURCE_TYPE, - u: PFS_PRIVATE_PAGE_SOURCE_u, - ImagePathHash: ULONG, - UniqueProcessHash: ULONG_PTR, -}} -UNION!{union PF_PRIVSOURCE_INFO_u { - WsSwapPages: ULONG_PTR, - SessionPagedPoolPages: ULONG_PTR, - StoreSizePages: ULONG_PTR, -}} -pub type PPFS_PRIVATE_PAGE_SOURCE = *mut PFS_PRIVATE_PAGE_SOURCE; -STRUCT!{struct PF_PRIVSOURCE_INFO { - DbInfo: PFS_PRIVATE_PAGE_SOURCE, - EProcess: PVOID, - WsPrivatePages: SIZE_T, - TotalPrivatePages: SIZE_T, - SessionID: ULONG, - ImageName: [CHAR; 16], - u: PF_PRIVSOURCE_INFO_u, - WsTotalPages: ULONG_PTR, - DeepFreezeTimeMs: ULONG, - BitFields: ULONG, -}} -BITFIELD!{PF_PRIVSOURCE_INFO BitFields: ULONG [ - ModernApp set_ModernApp[0..1], - DeepFrozen set_DeepFrozen[1..2], - Foreground set_Foreground[2..3], - PerProcessStore set_PerProcessStore[3..4], - Spare set_Spare[4..32], -]} -pub type PPF_PRIVSOURCE_INFO = *mut PF_PRIVSOURCE_INFO; -pub const PF_PRIVSOURCE_QUERY_REQUEST_VERSION: u32 = 3; -STRUCT!{struct PF_PRIVSOURCE_QUERY_REQUEST { - Version: ULONG, - Flags: ULONG, - InfoCount: ULONG, - InfoArray: [PF_PRIVSOURCE_INFO; 1], -}} -pub type PPF_PRIVSOURCE_QUERY_REQUEST = *mut PF_PRIVSOURCE_QUERY_REQUEST; -ENUM!{enum PF_PHASED_SCENARIO_TYPE { - PfScenarioTypeNone = 0, - PfScenarioTypeStandby = 1, - PfScenarioTypeHibernate = 2, - PfScenarioTypeFUS = 3, - PfScenarioTypeMax = 4, -}} -pub const PF_SCENARIO_PHASE_INFO_VERSION: u32 = 4; -STRUCT!{struct PF_SCENARIO_PHASE_INFO { - Version: ULONG, - ScenType: PF_PHASED_SCENARIO_TYPE, - PhaseId: ULONG, - SequenceNumber: ULONG, - Flags: ULONG, - FUSUserId: ULONG, -}} -pub type PPF_SCENARIO_PHASE_INFO = *mut PF_SCENARIO_PHASE_INFO; -STRUCT!{struct PF_MEMORY_LIST_NODE { - Bitfields: ULONGLONG, - StandbyLowPageCount: ULONGLONG, - StandbyMediumPageCount: ULONGLONG, - StandbyHighPageCount: ULONGLONG, - FreePageCount: ULONGLONG, - ModifiedPageCount: ULONGLONG, -}} -BITFIELD!{PF_MEMORY_LIST_NODE Bitfields: ULONGLONG [ - Node set_Node[0..8], - Spare set_Spare[8..64], -]} -pub type PPF_MEMORY_LIST_NODE = *mut PF_MEMORY_LIST_NODE; -pub const PF_MEMORY_LIST_INFO_VERSION: u32 = 1; -STRUCT!{struct PF_MEMORY_LIST_INFO { - Version: ULONG, - Size: ULONG, - NodeCount: ULONG, - Nodes: [PF_MEMORY_LIST_NODE; 1], -}} -pub type PPF_MEMORY_LIST_INFO = *mut PF_MEMORY_LIST_INFO; -STRUCT!{struct PF_PHYSICAL_MEMORY_RANGE { - BasePfn: ULONG_PTR, - PageCount: ULONG_PTR, -}} -pub type PPF_PHYSICAL_MEMORY_RANGE = *mut PF_PHYSICAL_MEMORY_RANGE; -pub const PF_PHYSICAL_MEMORY_RANGE_INFO_VERSION: u32 = 1; -STRUCT!{struct PF_PHYSICAL_MEMORY_RANGE_INFO { - Version: ULONG, - RangeCount: ULONG, - Ranges: [PF_PHYSICAL_MEMORY_RANGE; 1], -}} -pub type PPF_PHYSICAL_MEMORY_RANGE_INFO = *mut PF_PHYSICAL_MEMORY_RANGE_INFO; -pub const PF_REPURPOSED_BY_PREFETCH_INFO_VERSION: u32 = 1; -STRUCT!{struct PF_REPURPOSED_BY_PREFETCH_INFO { - Version: ULONG, - RepurposedByPrefetch: ULONG, -}} -pub type PPF_REPURPOSED_BY_PREFETCH_INFO = *mut PF_REPURPOSED_BY_PREFETCH_INFO; -ENUM!{enum SUPERFETCH_INFORMATION_CLASS { - SuperfetchRetrieveTrace = 1, - SuperfetchSystemParameters = 2, - SuperfetchLogEvent = 3, - SuperfetchGenerateTrace = 4, - SuperfetchPrefetch = 5, - SuperfetchPfnQuery = 6, - SuperfetchPfnSetPriority = 7, - SuperfetchPrivSourceQuery = 8, - SuperfetchSequenceNumberQuery = 9, - SuperfetchScenarioPhase = 10, - SuperfetchWorkerPriority = 11, - SuperfetchScenarioQuery = 12, - SuperfetchScenarioPrefetch = 13, - SuperfetchRobustnessControl = 14, - SuperfetchTimeControl = 15, - SuperfetchMemoryListQuery = 16, - SuperfetchMemoryRangesQuery = 17, - SuperfetchTracingControl = 18, - SuperfetchTrimWhileAgingControl = 19, - SuperfetchRepurposedByPrefetch = 20, - SuperfetchInformationMax = 21, -}} -pub const SUPERFETCH_INFORMATION_VERSION: ULONG = 45; -pub const SUPERFETCH_INFORMATION_MAGIC: ULONG = 0x6b756843; -STRUCT!{struct SUPERFETCH_INFORMATION { - Version: ULONG, - Magic: ULONG, - InfoClass: SUPERFETCH_INFORMATION_CLASS, - Data: PVOID, - Length: ULONG, -}} -pub type PSUPERFETCH_INFORMATION = *mut SUPERFETCH_INFORMATION; diff --git a/vendor/ntapi/src/ntpnpapi.rs b/vendor/ntapi/src/ntpnpapi.rs deleted file mode 100644 index 0afc698b2..000000000 --- a/vendor/ntapi/src/ntpnpapi.rs +++ /dev/null @@ -1,118 +0,0 @@ -use winapi::shared::cfg::PNP_VETO_TYPE; -use winapi::shared::guiddef::GUID; -use winapi::shared::ntdef::{HANDLE, NTSTATUS, PULONG, PUNICODE_STRING, PVOID, ULONG, WCHAR}; -ENUM!{enum PLUGPLAY_EVENT_CATEGORY { - HardwareProfileChangeEvent = 0, - TargetDeviceChangeEvent = 1, - DeviceClassChangeEvent = 2, - CustomDeviceEvent = 3, - DeviceInstallEvent = 4, - DeviceArrivalEvent = 5, - PowerEvent = 6, - VetoEvent = 7, - BlockedDriverEvent = 8, - InvalidIDEvent = 9, - MaxPlugEventCategory = 10, -}} -pub type PPLUGPLAY_EVENT_CATEGORY = *mut PLUGPLAY_EVENT_CATEGORY; -STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_DeviceClass { - ClassGuid: GUID, - SymbolicLinkName: [WCHAR; 1], -}} -STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_TargetDevice { - DeviceIds: [WCHAR; 1], -}} -STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_InstallDevice { - DeviceId: [WCHAR; 1], -}} -STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_CustomNotification { - NotificationStructure: PVOID, - DeviceIds: [WCHAR; 1], -}} -STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_ProfileNotification { - Notification: PVOID, -}} -STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_PowerNotification { - NotificationCode: ULONG, - NotificationData: ULONG, -}} -STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_VetoNotification { - VetoType: PNP_VETO_TYPE, - DeviceIdVetoNameBuffer: [WCHAR; 1], -}} -STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_BlockedDriverNotification { - BlockedDriverGuid: GUID, -}} -STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_InvalidIDNotification { - ParentId: [WCHAR; 1], -}} -UNION!{union PLUGPLAY_EVENT_BLOCK_u { - DeviceClass: PLUGPLAY_EVENT_BLOCK_u_DeviceClass, - TargetDevice: PLUGPLAY_EVENT_BLOCK_u_TargetDevice, - InstallDevice: PLUGPLAY_EVENT_BLOCK_u_InstallDevice, - CustomNotification: PLUGPLAY_EVENT_BLOCK_u_CustomNotification, - ProfileNotification: PLUGPLAY_EVENT_BLOCK_u_ProfileNotification, - PowerNotification: PLUGPLAY_EVENT_BLOCK_u_PowerNotification, - VetoNotification: PLUGPLAY_EVENT_BLOCK_u_VetoNotification, - BlockedDriverNotification: PLUGPLAY_EVENT_BLOCK_u_BlockedDriverNotification, - InvalidIDNotification: PLUGPLAY_EVENT_BLOCK_u_InvalidIDNotification, -}} -STRUCT!{struct PLUGPLAY_EVENT_BLOCK { - EventGuid: GUID, - EventCategory: PLUGPLAY_EVENT_CATEGORY, - Result: PULONG, - Flags: ULONG, - TotalSize: ULONG, - DeviceObject: PVOID, - u: PLUGPLAY_EVENT_BLOCK_u, -}} -pub type PPLUGPLAY_EVENT_BLOCK = *mut PLUGPLAY_EVENT_BLOCK; -ENUM!{enum PLUGPLAY_CONTROL_CLASS { - PlugPlayControlEnumerateDevice = 0, - PlugPlayControlRegisterNewDevice = 1, - PlugPlayControlDeregisterDevice = 2, - PlugPlayControlInitializeDevice = 3, - PlugPlayControlStartDevice = 4, - PlugPlayControlUnlockDevice = 5, - PlugPlayControlQueryAndRemoveDevice = 6, - PlugPlayControlUserResponse = 7, - PlugPlayControlGenerateLegacyDevice = 8, - PlugPlayControlGetInterfaceDeviceList = 9, - PlugPlayControlProperty = 10, - PlugPlayControlDeviceClassAssociation = 11, - PlugPlayControlGetRelatedDevice = 12, - PlugPlayControlGetInterfaceDeviceAlias = 13, - PlugPlayControlDeviceStatus = 14, - PlugPlayControlGetDeviceDepth = 15, - PlugPlayControlQueryDeviceRelations = 16, - PlugPlayControlTargetDeviceRelation = 17, - PlugPlayControlQueryConflictList = 18, - PlugPlayControlRetrieveDock = 19, - PlugPlayControlResetDevice = 20, - PlugPlayControlHaltDevice = 21, - PlugPlayControlGetBlockedDriverList = 22, - PlugPlayControlGetDeviceInterfaceEnabled = 23, - MaxPlugPlayControl = 24, -}} -pub type PPLUGPLAY_CONTROL_CLASS = *mut PLUGPLAY_CONTROL_CLASS; -EXTERN!{extern "system" { - fn NtGetPlugPlayEvent( - EventHandle: HANDLE, - Context: PVOID, - EventBlock: PPLUGPLAY_EVENT_BLOCK, - EventBufferSize: ULONG, - ) -> NTSTATUS; - fn NtPlugPlayControl( - PnPControlClass: PLUGPLAY_CONTROL_CLASS, - PnPControlData: PVOID, - PnPControlDataLength: ULONG, - ) -> NTSTATUS; - fn NtSerializeBoot() -> NTSTATUS; - fn NtEnableLastKnownGood() -> NTSTATUS; - fn NtDisableLastKnownGood() -> NTSTATUS; - fn NtReplacePartitionUnit( - TargetInstancePath: PUNICODE_STRING, - SpareInstancePath: PUNICODE_STRING, - Flags: ULONG, - ) -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/ntpoapi.rs b/vendor/ntapi/src/ntpoapi.rs deleted file mode 100644 index ecc68fc85..000000000 --- a/vendor/ntapi/src/ntpoapi.rs +++ /dev/null @@ -1,134 +0,0 @@ -use winapi::shared::ntdef::{ - BOOLEAN, HANDLE, LONG, NTSTATUS, PLONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, - USHORT, -}; -use winapi::um::winnt::{ - DEVICE_POWER_STATE, EXECUTION_STATE, LATENCY_TIME, PDEVICE_POWER_STATE, PEXECUTION_STATE, - POWER_ACTION, POWER_INFORMATION_LEVEL, SYSTEM_POWER_STATE, -}; -UNION!{union POWER_STATE { - SystemState: SYSTEM_POWER_STATE, - DeviceState: DEVICE_POWER_STATE, -}} -pub type PPOWER_STATE = *mut POWER_STATE; -ENUM!{enum POWER_STATE_TYPE { - SystemPowerState = 0, - DevicePowerState = 1, -}} -pub type PPOWER_STATE_TYPE = *mut POWER_STATE_TYPE; -STRUCT!{struct SYSTEM_POWER_STATE_CONTEXT { - ContextAsUlong: ULONG, -}} -BITFIELD!{SYSTEM_POWER_STATE_CONTEXT ContextAsUlong: ULONG [ - Reserved1 set_Reserved1[0..8], - TargetSystemState set_TargetSystemState[8..12], - EffectiveSystemState set_EffectiveSystemState[12..16], - CurrentSystemState set_CurrentSystemState[16..20], - IgnoreHibernationPath set_IgnoreHibernationPath[20..21], - PseudoTransition set_PseudoTransition[21..22], - Reserved2 set_Reserved2[22..32], -]} -pub type PSYSTEM_POWER_STATE_CONTEXT = *mut SYSTEM_POWER_STATE_CONTEXT; -STRUCT!{struct COUNTED_REASON_CONTEXT_u_s { - ResourceFileName: UNICODE_STRING, - ResourceReasonId: USHORT, - StringCount: ULONG, - ReasonStrings: PUNICODE_STRING, -}} -UNION!{union COUNTED_REASON_CONTEXT_u { - s: COUNTED_REASON_CONTEXT_u_s, - SimpleString: UNICODE_STRING, -}} -STRUCT!{struct COUNTED_REASON_CONTEXT { - Version: ULONG, - Flags: ULONG, - u: COUNTED_REASON_CONTEXT_u, -}} -pub type PCOUNTED_REASON_CONTEXT = *mut COUNTED_REASON_CONTEXT; -ENUM!{enum POWER_STATE_HANDLER_TYPE { - PowerStateSleeping1 = 0, - PowerStateSleeping2 = 1, - PowerStateSleeping3 = 2, - PowerStateSleeping4 = 3, - PowerStateShutdownOff = 4, - PowerStateShutdownReset = 5, - PowerStateSleeping4Firmware = 6, - PowerStateMaximum = 7, -}} -pub type PPOWER_STATE_HANDLER_TYPE = *mut POWER_STATE_HANDLER_TYPE; -FN!{stdcall PENTER_STATE_SYSTEM_HANDLER( - SystemContext: PVOID, -) -> NTSTATUS} -FN!{stdcall PENTER_STATE_HANDLER( - Context: PVOID, - SystemHandler: PENTER_STATE_SYSTEM_HANDLER, - SystemContext: PVOID, - NumberProcessors: LONG, - Number: PLONG, -) -> NTSTATUS} -STRUCT!{struct POWER_STATE_HANDLER { - Type: POWER_STATE_HANDLER_TYPE, - RtcWake: BOOLEAN, - Spare: [UCHAR; 3], - Handler: PENTER_STATE_HANDLER, - Context: PVOID, -}} -pub type PPOWER_STATE_HANDLER = *mut POWER_STATE_HANDLER; -FN!{stdcall PENTER_STATE_NOTIFY_HANDLER( - State: POWER_STATE_HANDLER_TYPE, - Context: PVOID, - Entering: BOOLEAN, -) -> NTSTATUS} -STRUCT!{struct POWER_STATE_NOTIFY_HANDLER { - Handler: PENTER_STATE_NOTIFY_HANDLER, - Context: PVOID, -}} -pub type PPOWER_STATE_NOTIFY_HANDLER = *mut POWER_STATE_NOTIFY_HANDLER; -STRUCT!{struct PROCESSOR_POWER_INFORMATION { - Number: ULONG, - MaxMhz: ULONG, - CurrentMhz: ULONG, - MhzLimit: ULONG, - MaxIdleState: ULONG, - CurrentIdleState: ULONG, -}} -pub type PPROCESSOR_POWER_INFORMATION = *mut PROCESSOR_POWER_INFORMATION; -STRUCT!{struct SYSTEM_POWER_INFORMATION { - MaxIdlenessAllowed: ULONG, - Idleness: ULONG, - TimeRemaining: ULONG, - CoolingMode: UCHAR, -}} -pub type PSYSTEM_POWER_INFORMATION = *mut SYSTEM_POWER_INFORMATION; -EXTERN!{extern "system" { - fn NtPowerInformation( - InformationLevel: POWER_INFORMATION_LEVEL, - InputBuffer: PVOID, - InputBufferLength: ULONG, - OutputBuffer: PVOID, - OutputBufferLength: ULONG, - ) -> NTSTATUS; - fn NtSetThreadExecutionState( - NewFlags: EXECUTION_STATE, - PreviousFlags: PEXECUTION_STATE, - ) -> NTSTATUS; - fn NtRequestWakeupLatency( - latency: LATENCY_TIME, - ) -> NTSTATUS; - fn NtInitiatePowerAction( - SystemAction: POWER_ACTION, - LightestSystemState: SYSTEM_POWER_STATE, - Flags: ULONG, - Asynchronous: BOOLEAN, - ) -> NTSTATUS; - fn NtSetSystemPowerState( - SystemAction: POWER_ACTION, - LightestSystemState: SYSTEM_POWER_STATE, - Flags: ULONG, - ) -> NTSTATUS; - fn NtGetDevicePowerState( - Device: HANDLE, - State: PDEVICE_POWER_STATE, - ) -> NTSTATUS; - fn NtIsSystemResumeAutomatic() -> BOOLEAN; -}} diff --git a/vendor/ntapi/src/ntpsapi.rs b/vendor/ntapi/src/ntpsapi.rs deleted file mode 100644 index 2a0d3cde0..000000000 --- a/vendor/ntapi/src/ntpsapi.rs +++ /dev/null @@ -1,1479 +0,0 @@ -use crate::ntapi_base::{CLIENT_ID, KPRIORITY, PCLIENT_ID}; -use crate::ntexapi::{PROCESS_DISK_COUNTERS, PROCESS_ENERGY_VALUES}; -use crate::ntpebteb::{PPEB, PTEB}; -use winapi::ctypes::c_void; -use winapi::shared::basetsd::{PSIZE_T, SIZE_T, ULONG64, ULONG_PTR}; -use winapi::shared::ntdef::{ - BOOLEAN, HANDLE, LARGE_INTEGER, LIST_ENTRY, LONG, LONGLONG, NTSTATUS, NT_PRODUCT_TYPE, - PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PROCESSOR_NUMBER, PSINGLE_LIST_ENTRY, PULONG, - PVOID, SINGLE_LIST_ENTRY, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, WCHAR, -}; -use winapi::um::winnt::{ - ACCESS_MASK, CONTEXT, HARDWARE_COUNTER_TYPE, IO_COUNTERS, JOBOBJECTINFOCLASS, - JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, LDT_ENTRY, MAX_HW_COUNTERS, PCONTEXT, PJOB_SET_ARRAY, - PROCESS_MITIGATION_ASLR_POLICY, PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY, - PROCESS_MITIGATION_CHILD_PROCESS_POLICY, PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY, - PROCESS_MITIGATION_DYNAMIC_CODE_POLICY, PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, - PROCESS_MITIGATION_FONT_DISABLE_POLICY, PROCESS_MITIGATION_IMAGE_LOAD_POLICY, - PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY, PROCESS_MITIGATION_POLICY, - PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, - PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY, PSECURITY_QUALITY_OF_SERVICE, -}; -#[cfg(not(target_arch = "aarch64"))] -use crate::winapi_local::um::winnt::NtCurrentTeb; -pub const GDI_HANDLE_BUFFER_SIZE32: usize = 34; -pub const GDI_HANDLE_BUFFER_SIZE64: usize = 60; -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -pub const GDI_HANDLE_BUFFER_SIZE: usize = GDI_HANDLE_BUFFER_SIZE64; -#[cfg(target_arch = "x86")] -pub const GDI_HANDLE_BUFFER_SIZE: usize = GDI_HANDLE_BUFFER_SIZE32; -pub type GDI_HANDLE_BUFFER = [ULONG; GDI_HANDLE_BUFFER_SIZE]; -pub type GDI_HANDLE_BUFFER32 = [ULONG; GDI_HANDLE_BUFFER_SIZE32]; -pub type GDI_HANDLE_BUFFER64 = [ULONG; GDI_HANDLE_BUFFER_SIZE]; -pub const TLS_EXPANSION_SLOTS: usize = 1024; -STRUCT!{struct PEB_LDR_DATA { - Length: ULONG, - Initialized: BOOLEAN, - SsHandle: HANDLE, - InLoadOrderModuleList: LIST_ENTRY, - InMemoryOrderModuleList: LIST_ENTRY, - InInitializationOrderModuleList: LIST_ENTRY, - EntryInProgress: PVOID, - ShutdownInProgress: BOOLEAN, - ShutdownThreadId: HANDLE, -}} -pub type PPEB_LDR_DATA = *mut PEB_LDR_DATA; -STRUCT!{struct INITIAL_TEB_OldInitialTeb { - OldStackBase: PVOID, - OldStackLimit: PVOID, -}} -STRUCT!{struct INITIAL_TEB { - OldInitialTeb: INITIAL_TEB_OldInitialTeb, - StackBase: PVOID, - StackLimit: PVOID, - StackAllocationBase: PVOID, -}} -pub type PINITIAL_TEB = *mut INITIAL_TEB; -STRUCT!{struct WOW64_PROCESS { - Wow64: PVOID, -}} -pub type PWOW64_PROCESS = *mut WOW64_PROCESS; -ENUM!{enum PROCESSINFOCLASS { - ProcessBasicInformation = 0, - ProcessQuotaLimits = 1, - ProcessIoCounters = 2, - ProcessVmCounters = 3, - ProcessTimes = 4, - ProcessBasePriority = 5, - ProcessRaisePriority = 6, - ProcessDebugPort = 7, - ProcessExceptionPort = 8, - ProcessAccessToken = 9, - ProcessLdtInformation = 10, - ProcessLdtSize = 11, - ProcessDefaultHardErrorMode = 12, - ProcessIoPortHandlers = 13, - ProcessPooledUsageAndLimits = 14, - ProcessWorkingSetWatch = 15, - ProcessUserModeIOPL = 16, - ProcessEnableAlignmentFaultFixup = 17, - ProcessPriorityClass = 18, - ProcessWx86Information = 19, - ProcessHandleCount = 20, - ProcessAffinityMask = 21, - ProcessPriorityBoost = 22, - ProcessDeviceMap = 23, - ProcessSessionInformation = 24, - ProcessForegroundInformation = 25, - ProcessWow64Information = 26, - ProcessImageFileName = 27, - ProcessLUIDDeviceMapsEnabled = 28, - ProcessBreakOnTermination = 29, - ProcessDebugObjectHandle = 30, - ProcessDebugFlags = 31, - ProcessHandleTracing = 32, - ProcessIoPriority = 33, - ProcessExecuteFlags = 34, - ProcessResourceManagement = 35, - ProcessCookie = 36, - ProcessImageInformation = 37, - ProcessCycleTime = 38, - ProcessPagePriority = 39, - ProcessInstrumentationCallback = 40, - ProcessThreadStackAllocation = 41, - ProcessWorkingSetWatchEx = 42, - ProcessImageFileNameWin32 = 43, - ProcessImageFileMapping = 44, - ProcessAffinityUpdateMode = 45, - ProcessMemoryAllocationMode = 46, - ProcessGroupInformation = 47, - ProcessTokenVirtualizationEnabled = 48, - ProcessConsoleHostProcess = 49, - ProcessWindowInformation = 50, - ProcessHandleInformation = 51, - ProcessMitigationPolicy = 52, - ProcessDynamicFunctionTableInformation = 53, - ProcessHandleCheckingMode = 54, - ProcessKeepAliveCount = 55, - ProcessRevokeFileHandles = 56, - ProcessWorkingSetControl = 57, - ProcessHandleTable = 58, - ProcessCheckStackExtentsMode = 59, - ProcessCommandLineInformation = 60, - ProcessProtectionInformation = 61, - ProcessMemoryExhaustion = 62, - ProcessFaultInformation = 63, - ProcessTelemetryIdInformation = 64, - ProcessCommitReleaseInformation = 65, - ProcessDefaultCpuSetsInformation = 66, - ProcessAllowedCpuSetsInformation = 67, - ProcessSubsystemProcess = 68, - ProcessJobMemoryInformation = 69, - ProcessInPrivate = 70, - ProcessRaiseUMExceptionOnInvalidHandleClose = 71, - ProcessIumChallengeResponse = 72, - ProcessChildProcessInformation = 73, - ProcessHighGraphicsPriorityInformation = 74, - ProcessSubsystemInformation = 75, - ProcessEnergyValues = 76, - ProcessActivityThrottleState = 77, - ProcessActivityThrottlePolicy = 78, - ProcessWin32kSyscallFilterInformation = 79, - ProcessDisableSystemAllowedCpuSets = 80, - ProcessWakeInformation = 81, - ProcessEnergyTrackingState = 82, - ProcessManageWritesToExecutableMemory = 83, - ProcessCaptureTrustletLiveDump = 84, - ProcessTelemetryCoverage = 85, - ProcessEnclaveInformation = 86, - ProcessEnableReadWriteVmLogging = 87, - ProcessUptimeInformation = 88, - ProcessImageSection = 89, - ProcessDebugAuthInformation = 90, - ProcessSystemResourceManagement = 91, - ProcessSequenceNumber = 92, - ProcessLoaderDetour = 93, - ProcessSecurityDomainInformation = 94, - ProcessCombineSecurityDomainsInformation = 95, - ProcessEnableLogging = 96, - ProcessLeapSecondInformation = 97, - MaxProcessInfoClass = 98, -}} -ENUM!{enum THREADINFOCLASS { - ThreadBasicInformation = 0, - ThreadTimes = 1, - ThreadPriority = 2, - ThreadBasePriority = 3, - ThreadAffinityMask = 4, - ThreadImpersonationToken = 5, - ThreadDescriptorTableEntry = 6, - ThreadEnableAlignmentFaultFixup = 7, - ThreadEventPair = 8, - ThreadQuerySetWin32StartAddress = 9, - ThreadZeroTlsCell = 10, - ThreadPerformanceCount = 11, - ThreadAmILastThread = 12, - ThreadIdealProcessor = 13, - ThreadPriorityBoost = 14, - ThreadSetTlsArrayAddress = 15, - ThreadIsIoPending = 16, - ThreadHideFromDebugger = 17, - ThreadBreakOnTermination = 18, - ThreadSwitchLegacyState = 19, - ThreadIsTerminated = 20, - ThreadLastSystemCall = 21, - ThreadIoPriority = 22, - ThreadCycleTime = 23, - ThreadPagePriority = 24, - ThreadActualBasePriority = 25, - ThreadTebInformation = 26, - ThreadCSwitchMon = 27, - ThreadCSwitchPmu = 28, - ThreadWow64Context = 29, - ThreadGroupInformation = 30, - ThreadUmsInformation = 31, - ThreadCounterProfiling = 32, - ThreadIdealProcessorEx = 33, - ThreadCpuAccountingInformation = 34, - ThreadSuspendCount = 35, - ThreadHeterogeneousCpuPolicy = 36, - ThreadContainerId = 37, - ThreadNameInformation = 38, - ThreadSelectedCpuSets = 39, - ThreadSystemThreadInformation = 40, - ThreadActualGroupAffinity = 41, - ThreadDynamicCodePolicyInfo = 42, - ThreadExplicitCaseSensitivity = 43, - ThreadWorkOnBehalfTicket = 44, - ThreadSubsystemInformation = 45, - ThreadDbgkWerReportActive = 46, - ThreadAttachContainer = 47, - ThreadManageWritesToExecutableMemory = 48, - ThreadPowerThrottlingState = 49, - ThreadWorkloadClass = 50, - MaxThreadInfoClass = 51, -}} -STRUCT!{struct PAGE_PRIORITY_INFORMATION { - PagePriority: ULONG, -}} -pub type PPAGE_PRIORITY_INFORMATION = *mut PAGE_PRIORITY_INFORMATION; -STRUCT!{struct PROCESS_BASIC_INFORMATION { - ExitStatus: NTSTATUS, - PebBaseAddress: PPEB, - AffinityMask: ULONG_PTR, - BasePriority: KPRIORITY, - UniqueProcessId: HANDLE, - InheritedFromUniqueProcessId: HANDLE, -}} -pub type PPROCESS_BASIC_INFORMATION = *mut PROCESS_BASIC_INFORMATION; -STRUCT!{struct PROCESS_EXTENDED_BASIC_INFORMATION { - Size: SIZE_T, - BasicInfo: PROCESS_BASIC_INFORMATION, - Flags: ULONG, -}} -BITFIELD!{PROCESS_EXTENDED_BASIC_INFORMATION Flags: ULONG [ - IsProtectedProcess set_IsProtectedProcess[0..1], - IsWow64Process set_IsWow64Process[1..2], - IsProcessDeleting set_IsProcessDeleting[2..3], - IsCrossSessionCreate set_IsCrossSessionCreate[3..4], - IsFrozen set_IsFrozen[4..5], - IsBackground set_IsBackground[5..6], - IsStronglyNamed set_IsStronglyNamed[6..7], - IsSecureProcess set_IsSecureProcess[7..8], - IsSubsystemProcess set_IsSubsystemProcess[8..9], - SpareBits set_SpareBits[9..32], -]} -pub type PPROCESS_EXTENDED_BASIC_INFORMATION = *mut PROCESS_EXTENDED_BASIC_INFORMATION; -STRUCT!{struct VM_COUNTERS { - PeakVirtualSize: SIZE_T, - VirtualSize: SIZE_T, - PageFaultCount: ULONG, - PeakWorkingSetSize: SIZE_T, - WorkingSetSize: SIZE_T, - QuotaPeakPagedPoolUsage: SIZE_T, - QuotaPagedPoolUsage: SIZE_T, - QuotaPeakNonPagedPoolUsage: SIZE_T, - QuotaNonPagedPoolUsage: SIZE_T, - PagefileUsage: SIZE_T, - PeakPagefileUsage: SIZE_T, -}} -pub type PVM_COUNTERS = *mut VM_COUNTERS; -STRUCT!{struct VM_COUNTERS_EX { - PeakVirtualSize: SIZE_T, - VirtualSize: SIZE_T, - PageFaultCount: ULONG, - PeakWorkingSetSize: SIZE_T, - WorkingSetSize: SIZE_T, - QuotaPeakPagedPoolUsage: SIZE_T, - QuotaPagedPoolUsage: SIZE_T, - QuotaPeakNonPagedPoolUsage: SIZE_T, - QuotaNonPagedPoolUsage: SIZE_T, - PagefileUsage: SIZE_T, - PeakPagefileUsage: SIZE_T, - PrivateUsage: SIZE_T, -}} -pub type PVM_COUNTERS_EX = *mut VM_COUNTERS_EX; -STRUCT!{struct VM_COUNTERS_EX2 { - CountersEx: VM_COUNTERS_EX, - PrivateWorkingSetSize: SIZE_T, - SharedCommitUsage: SIZE_T, -}} -pub type PVM_COUNTERS_EX2 = *mut VM_COUNTERS_EX2; -STRUCT!{struct KERNEL_USER_TIMES { - CreateTime: LARGE_INTEGER, - ExitTime: LARGE_INTEGER, - KernelTime: LARGE_INTEGER, - UserTime: LARGE_INTEGER, -}} -pub type PKERNEL_USER_TIMES = *mut KERNEL_USER_TIMES; -STRUCT!{struct POOLED_USAGE_AND_LIMITS { - PeakPagedPoolUsage: SIZE_T, - PagedPoolUsage: SIZE_T, - PagedPoolLimit: SIZE_T, - PeakNonPagedPoolUsage: SIZE_T, - NonPagedPoolUsage: SIZE_T, - NonPagedPoolLimit: SIZE_T, - PeakPagefileUsage: SIZE_T, - PagefileUsage: SIZE_T, - PagefileLimit: SIZE_T, -}} -pub type PPOOLED_USAGE_AND_LIMITS = *mut POOLED_USAGE_AND_LIMITS; -pub const PROCESS_EXCEPTION_PORT_ALL_STATE_BITS: ULONG_PTR = 0x00000003; -pub const PROCESS_EXCEPTION_PORT_ALL_STATE_FLAGS: ULONG_PTR = - (1 << PROCESS_EXCEPTION_PORT_ALL_STATE_BITS) - 1; -STRUCT!{struct PROCESS_EXCEPTION_PORT { - ExceptionPortHandle: HANDLE, - StateFlags: ULONG, -}} -pub type PPROCESS_EXCEPTION_PORT = *mut PROCESS_EXCEPTION_PORT; -STRUCT!{struct PROCESS_ACCESS_TOKEN { - Token: HANDLE, - Thread: HANDLE, -}} -pub type PPROCESS_ACCESS_TOKEN = *mut PROCESS_ACCESS_TOKEN; -STRUCT!{struct PROCESS_LDT_INFORMATION { - Start: ULONG, - Length: ULONG, - LdtEntries: [LDT_ENTRY; 1], -}} -pub type PPROCESS_LDT_INFORMATION = *mut PROCESS_LDT_INFORMATION; -STRUCT!{struct PROCESS_LDT_SIZE { - Length: ULONG, -}} -pub type PPROCESS_LDT_SIZE = *mut PROCESS_LDT_SIZE; -STRUCT!{struct PROCESS_WS_WATCH_INFORMATION { - FaultingPc: PVOID, - FaultingVa: PVOID, -}} -pub type PPROCESS_WS_WATCH_INFORMATION = *mut PROCESS_WS_WATCH_INFORMATION; -STRUCT!{struct PROCESS_WS_WATCH_INFORMATION_EX { - BasicInfo: PROCESS_WS_WATCH_INFORMATION, - FaultingThreadId: ULONG_PTR, - Flags: ULONG_PTR, -}} -pub type PPROCESS_WS_WATCH_INFORMATION_EX = *mut PROCESS_WS_WATCH_INFORMATION_EX; -pub const PROCESS_PRIORITY_CLASS_UNKNOWN: u32 = 0; -pub const PROCESS_PRIORITY_CLASS_IDLE: u32 = 1; -pub const PROCESS_PRIORITY_CLASS_NORMAL: u32 = 2; -pub const PROCESS_PRIORITY_CLASS_HIGH: u32 = 3; -pub const PROCESS_PRIORITY_CLASS_REALTIME: u32 = 4; -pub const PROCESS_PRIORITY_CLASS_BELOW_NORMAL: u32 = 5; -pub const PROCESS_PRIORITY_CLASS_ABOVE_NORMAL: u32 = 6; -STRUCT!{struct PROCESS_PRIORITY_CLASS { - Foreground: BOOLEAN, - PriorityClass: UCHAR, -}} -pub type PPROCESS_PRIORITY_CLASS = *mut PROCESS_PRIORITY_CLASS; -STRUCT!{struct PROCESS_FOREGROUND_BACKGROUND { - Foreground: BOOLEAN, -}} -pub type PPROCESS_FOREGROUND_BACKGROUND = *mut PROCESS_FOREGROUND_BACKGROUND; -STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_Set { - DirectoryHandle: HANDLE, -}} -STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_Query { - DriveMap: ULONG, - DriveType: [UCHAR; 32], -}} -UNION!{union PROCESS_DEVICEMAP_INFORMATION { - Set: PROCESS_DEVICEMAP_INFORMATION_Set, - Query: PROCESS_DEVICEMAP_INFORMATION_Query, -}} -pub type PPROCESS_DEVICEMAP_INFORMATION = *mut PROCESS_DEVICEMAP_INFORMATION; -pub const PROCESS_LUID_DOSDEVICES_ONLY: ULONG = 0x00000001; -STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX_u_Set { - DirectoryHandle: HANDLE, -}} -STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX_u_Query { - DriveMap: ULONG, - DriveType: [UCHAR; 32], -}} -UNION!{union PROCESS_DEVICEMAP_INFORMATION_EX_u { - Set: PROCESS_DEVICEMAP_INFORMATION_EX_u_Set, - Query: PROCESS_DEVICEMAP_INFORMATION_EX_u_Query, -}} -STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX { - u: PROCESS_DEVICEMAP_INFORMATION_EX_u, - Flags: ULONG, -}} -pub type PPROCESS_DEVICEMAP_INFORMATION_EX = *mut PROCESS_DEVICEMAP_INFORMATION_EX; -STRUCT!{struct PROCESS_SESSION_INFORMATION { - SessionId: ULONG, -}} -pub type PPROCESS_SESSION_INFORMATION = *mut PROCESS_SESSION_INFORMATION; -pub const PROCESS_HANDLE_EXCEPTIONS_ENABLED: ULONG = 0x00000001; -pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_DISABLED: ULONG = 0x00000000; -pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_ENABLED: ULONG = 0x00000001; -STRUCT!{struct PROCESS_HANDLE_TRACING_ENABLE { - Flags: ULONG, -}} -pub type PPROCESS_HANDLE_TRACING_ENABLE = *mut PROCESS_HANDLE_TRACING_ENABLE; -pub const PROCESS_HANDLE_TRACING_MAX_SLOTS: ULONG = 0x20000; -STRUCT!{struct PROCESS_HANDLE_TRACING_ENABLE_EX { - Flags: ULONG, - TotalSlots: ULONG, -}} -pub type PPROCESS_HANDLE_TRACING_ENABLE_EX = *mut PROCESS_HANDLE_TRACING_ENABLE_EX; -pub const PROCESS_HANDLE_TRACING_MAX_STACKS: usize = 16; -pub const PROCESS_HANDLE_TRACE_TYPE_OPEN: ULONG = 1; -pub const PROCESS_HANDLE_TRACE_TYPE_CLOSE: ULONG = 2; -pub const PROCESS_HANDLE_TRACE_TYPE_BADREF: ULONG = 3; -STRUCT!{struct PROCESS_HANDLE_TRACING_ENTRY { - Handle: HANDLE, - ClientId: CLIENT_ID, - Type: ULONG, - Stacks: [PVOID; PROCESS_HANDLE_TRACING_MAX_STACKS], -}} -pub type PPROCESS_HANDLE_TRACING_ENTRY = *mut PROCESS_HANDLE_TRACING_ENTRY; -STRUCT!{struct PROCESS_HANDLE_TRACING_QUERY { - Handle: HANDLE, - TotalTraces: ULONG, - HandleTrace: [PROCESS_HANDLE_TRACING_ENTRY; 1], -}} -pub type PPROCESS_HANDLE_TRACING_QUERY = *mut PROCESS_HANDLE_TRACING_QUERY; -STRUCT!{struct THREAD_TLS_INFORMATION { - Flags: ULONG, - NewTlsData: PVOID, - OldTlsData: PVOID, - ThreadId: HANDLE, -}} -pub type PTHREAD_TLS_INFORMATION = *mut THREAD_TLS_INFORMATION; -ENUM!{enum PROCESS_TLS_INFORMATION_TYPE { - ProcessTlsReplaceIndex = 0, - ProcessTlsReplaceVector = 1, - MaxProcessTlsOperation = 2, -}} -pub type PPROCESS_TLS_INFORMATION_TYPE = *mut PROCESS_TLS_INFORMATION_TYPE; -STRUCT!{struct PROCESS_TLS_INFORMATION { - Flags: ULONG, - OperationType: ULONG, - ThreadDataCount: ULONG, - TlsIndex: ULONG, - PreviousCount: ULONG, - ThreadData: [THREAD_TLS_INFORMATION; 1], -}} -pub type PPROCESS_TLS_INFORMATION = *mut PROCESS_TLS_INFORMATION; -STRUCT!{struct PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION { - Version: ULONG, - Reserved: ULONG, - Callback: PVOID, -}} -pub type PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION = - *mut PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION; -STRUCT!{struct PROCESS_STACK_ALLOCATION_INFORMATION { - ReserveSize: SIZE_T, - ZeroBits: SIZE_T, - StackBase: PVOID, -}} -pub type PPROCESS_STACK_ALLOCATION_INFORMATION = *mut PROCESS_STACK_ALLOCATION_INFORMATION; -STRUCT!{struct PROCESS_STACK_ALLOCATION_INFORMATION_EX { - PreferredNode: ULONG, - Reserved0: ULONG, - Reserved1: ULONG, - Reserved2: ULONG, - AllocInfo: PROCESS_STACK_ALLOCATION_INFORMATION, -}} -pub type PPROCESS_STACK_ALLOCATION_INFORMATION_EX = *mut PROCESS_STACK_ALLOCATION_INFORMATION_EX; -STRUCT!{struct PROCESS_AFFINITY_UPDATE_MODE { - Flags: ULONG, -}} -BITFIELD!{PROCESS_AFFINITY_UPDATE_MODE Flags: ULONG [ - EnableAutoUpdate set_EnableAutoUpdate[0..1], - Permanent set_Permanent[1..2], - Reserved set_Reserved[2..32], -]} -pub type PPROCESS_AFFINITY_UPDATE_MODE = *mut PROCESS_AFFINITY_UPDATE_MODE; -STRUCT!{struct PROCESS_MEMORY_ALLOCATION_MODE { - Flags: ULONG, -}} -BITFIELD!{PROCESS_MEMORY_ALLOCATION_MODE Flags: ULONG [ - TopDown set_TopDown[0..1], - Reserved set_Reserved[1..32], -]} -pub type PPROCESS_MEMORY_ALLOCATION_MODE = *mut PROCESS_MEMORY_ALLOCATION_MODE; -STRUCT!{struct PROCESS_HANDLE_INFORMATION { - HandleCount: ULONG, - HandleCountHighWatermark: ULONG, -}} -pub type PPROCESS_HANDLE_INFORMATION = *mut PROCESS_HANDLE_INFORMATION; -STRUCT!{struct PROCESS_CYCLE_TIME_INFORMATION { - AccumulatedCycles: ULONGLONG, - CurrentCycleCount: ULONGLONG, -}} -pub type PPROCESS_CYCLE_TIME_INFORMATION = *mut PROCESS_CYCLE_TIME_INFORMATION; -STRUCT!{struct PROCESS_WINDOW_INFORMATION { - WindowFlags: ULONG, - WindowTitleLength: USHORT, - WindowTitle: [WCHAR; 1], -}} -pub type PPROCESS_WINDOW_INFORMATION = *mut PROCESS_WINDOW_INFORMATION; -STRUCT!{struct PROCESS_HANDLE_TABLE_ENTRY_INFO { - HandleValue: HANDLE, - HandleCount: ULONG_PTR, - PointerCount: ULONG_PTR, - GrantedAccess: ULONG, - ObjectTypeIndex: ULONG, - HandleAttributes: ULONG, - Reserved: ULONG, -}} -pub type PPROCESS_HANDLE_TABLE_ENTRY_INFO = *mut PROCESS_HANDLE_TABLE_ENTRY_INFO; -STRUCT!{struct PROCESS_HANDLE_SNAPSHOT_INFORMATION { - NumberOfHandles: ULONG_PTR, - Reserved: ULONG_PTR, - Handles: [PROCESS_HANDLE_TABLE_ENTRY_INFO; 1], -}} -pub type PPROCESS_HANDLE_SNAPSHOT_INFORMATION = *mut PROCESS_HANDLE_SNAPSHOT_INFORMATION; -UNION!{union PROCESS_MITIGATION_POLICY_INFORMATION_u { - ASLRPolicy: PROCESS_MITIGATION_ASLR_POLICY, - StrictHandleCheckPolicy: PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, - SystemCallDisablePolicy: PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, - ExtensionPointDisablePolicy: PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, - DynamicCodePolicy: PROCESS_MITIGATION_DYNAMIC_CODE_POLICY, - ControlFlowGuardPolicy: PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY, - SignaturePolicy: PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY, - FontDisablePolicy: PROCESS_MITIGATION_FONT_DISABLE_POLICY, - ImageLoadPolicy: PROCESS_MITIGATION_IMAGE_LOAD_POLICY, - SystemCallFilterPolicy: PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY, - PayloadRestrictionPolicy: PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY, - ChildProcessPolicy: PROCESS_MITIGATION_CHILD_PROCESS_POLICY, - // SideChannelIsolationPolicy: PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY, //TODO -}} -STRUCT!{struct PROCESS_MITIGATION_POLICY_INFORMATION { - Policy: PROCESS_MITIGATION_POLICY, - u: PROCESS_MITIGATION_POLICY_INFORMATION_u, -}} -pub type PPROCESS_MITIGATION_POLICY_INFORMATION = *mut PROCESS_MITIGATION_POLICY_INFORMATION; -STRUCT!{struct PROCESS_KEEPALIVE_COUNT_INFORMATION { - WakeCount: ULONG, - NoWakeCount: ULONG, -}} -pub type PPROCESS_KEEPALIVE_COUNT_INFORMATION = *mut PROCESS_KEEPALIVE_COUNT_INFORMATION; -STRUCT!{struct PROCESS_REVOKE_FILE_HANDLES_INFORMATION { - TargetDevicePath: UNICODE_STRING, -}} -pub type PPROCESS_REVOKE_FILE_HANDLES_INFORMATION = *mut PROCESS_REVOKE_FILE_HANDLES_INFORMATION; -ENUM!{enum PROCESS_WORKING_SET_OPERATION { - ProcessWorkingSetSwap = 0, - ProcessWorkingSetEmpty = 1, - ProcessWorkingSetOperationMax = 2, -}} -STRUCT!{struct PROCESS_WORKING_SET_CONTROL { - Version: ULONG, - Operation: PROCESS_WORKING_SET_OPERATION, - Flags: ULONG, -}} -pub type PPROCESS_WORKING_SET_CONTROL = *mut PROCESS_WORKING_SET_CONTROL; -ENUM!{enum PS_PROTECTED_TYPE { - PsProtectedTypeNone = 0, - PsProtectedTypeProtectedLight = 1, - PsProtectedTypeProtected = 2, - PsProtectedTypeMax = 3, -}} -ENUM!{enum PS_PROTECTED_SIGNER { - PsProtectedSignerNone = 0, - PsProtectedSignerAuthenticode = 1, - PsProtectedSignerCodeGen = 2, - PsProtectedSignerAntimalware = 3, - PsProtectedSignerLsa = 4, - PsProtectedSignerWindows = 5, - PsProtectedSignerWinTcb = 6, - PsProtectedSignerWinSystem = 7, - PsProtectedSignerApp = 8, - PsProtectedSignerMax = 9, -}} -pub const PS_PROTECTED_SIGNER_MASK: UCHAR = 0xFF; -pub const PS_PROTECTED_AUDIT_MASK: UCHAR = 0x08; -pub const PS_PROTECTED_TYPE_MASK: UCHAR = 0x07; -#[inline] -pub const fn PsProtectedValue( - aSigner: PS_PROTECTED_SIGNER, - aAudit: u8, - aType: PS_PROTECTED_TYPE, -) -> UCHAR { - (aSigner as u8 & PS_PROTECTED_SIGNER_MASK) << 4 | (aAudit & PS_PROTECTED_AUDIT_MASK) << 3 - | (aType as u8 & PS_PROTECTED_TYPE_MASK) -} -#[inline] -pub fn InitializePsProtection( - aProtectionLevelPtr: &mut PS_PROTECTION, - aSigner: PS_PROTECTED_SIGNER, - aAudit: u8, - aType: PS_PROTECTED_TYPE, -) { - aProtectionLevelPtr.set_Signer(aSigner as u8); - aProtectionLevelPtr.set_Audit(aAudit); - aProtectionLevelPtr.set_Type(aType as u8); -} -STRUCT!{struct PS_PROTECTION { - Level: UCHAR, -}} -pub type PPS_PROTECTION = *mut PS_PROTECTION; -BITFIELD!{PS_PROTECTION Level: UCHAR [ - Type set_Type[0..3], - Audit set_Audit[3..4], - Signer set_Signer[4..8], -]} -STRUCT!{struct PROCESS_FAULT_INFORMATION { - FaultFlags: ULONG, - AdditionalInfo: ULONG, -}} -pub type PPROCESS_FAULT_INFORMATION = *mut PROCESS_FAULT_INFORMATION; -STRUCT!{struct PROCESS_TELEMETRY_ID_INFORMATION { - HeaderSize: ULONG, - ProcessId: ULONG, - ProcessStartKey: ULONGLONG, - CreateTime: ULONGLONG, - CreateInterruptTime: ULONGLONG, - CreateUnbiasedInterruptTime: ULONGLONG, - ProcessSequenceNumber: ULONGLONG, - SessionCreateTime: ULONGLONG, - SessionId: ULONG, - BootId: ULONG, - ImageChecksum: ULONG, - ImageTimeDateStamp: ULONG, - UserSidOffset: ULONG, - ImagePathOffset: ULONG, - PackageNameOffset: ULONG, - RelativeAppNameOffset: ULONG, - CommandLineOffset: ULONG, -}} -pub type PPROCESS_TELEMETRY_ID_INFORMATION = *mut PROCESS_TELEMETRY_ID_INFORMATION; -STRUCT!{struct PROCESS_COMMIT_RELEASE_INFORMATION { - Version: ULONG, - s: ULONG, - CommitDebt: SIZE_T, - CommittedMemResetSize: SIZE_T, - RepurposedMemResetSize: SIZE_T, -}} -BITFIELD!{PROCESS_COMMIT_RELEASE_INFORMATION s: ULONG [ - Eligible set_Eligible[0..1], - ReleaseRepurposedMemResetCommit set_ReleaseRepurposedMemResetCommit[1..2], - ForceReleaseMemResetCommit set_ForceReleaseMemResetCommit[2..3], - Spare set_Spare[3..32], -]} -pub type PPROCESS_COMMIT_RELEASE_INFORMATION = *mut PROCESS_COMMIT_RELEASE_INFORMATION; -STRUCT!{struct PROCESS_JOB_MEMORY_INFO { - SharedCommitUsage: ULONGLONG, - PrivateCommitUsage: ULONGLONG, - PeakPrivateCommitUsage: ULONGLONG, - PrivateCommitLimit: ULONGLONG, - TotalCommitLimit: ULONGLONG, -}} -pub type PPROCESS_JOB_MEMORY_INFO = *mut PROCESS_JOB_MEMORY_INFO; -STRUCT!{struct PROCESS_CHILD_PROCESS_INFORMATION { - ProhibitChildProcesses: BOOLEAN, - AlwaysAllowSecureChildProcess: BOOLEAN, - AuditProhibitChildProcesses: BOOLEAN, -}} -pub type PPROCESS_CHILD_PROCESS_INFORMATION = *mut PROCESS_CHILD_PROCESS_INFORMATION; -STRUCT!{struct PROCESS_WAKE_INFORMATION { - NotificationChannel: ULONGLONG, - WakeCounters: [ULONG; 7], - WakeFilter: *mut JOBOBJECT_WAKE_FILTER, -}} -pub type PPROCESS_WAKE_INFORMATION = *mut PROCESS_WAKE_INFORMATION; -STRUCT!{struct PROCESS_ENERGY_TRACKING_STATE { - StateUpdateMask: ULONG, - StateDesiredValue: ULONG, - StateSequence: ULONG, - UpdateTag: ULONG, - Tag: [WCHAR; 64], -}} -pub type PPROCESS_ENERGY_TRACKING_STATE = *mut PROCESS_ENERGY_TRACKING_STATE; -BITFIELD!{PROCESS_ENERGY_TRACKING_STATE UpdateTag: ULONG [ - UpdateTag set_UpdateTag[0..1], -]} -STRUCT!{struct MANAGE_WRITES_TO_EXECUTABLE_MEMORY { - BitFields: ULONG, -}} -BITFIELD!{MANAGE_WRITES_TO_EXECUTABLE_MEMORY BitFields: ULONG [ - Machine set_Machine[0..16], - KernelMode set_KernelMode[16..17], - UserMode set_UserMode[17..18], - Native set_Native[18..19], - Process set_Process[19..20], - ReservedZero0 set_ReservedZero0[20..32], -]} -pub type PMANAGE_WRITES_TO_EXECUTABLE_MEMORY = *mut MANAGE_WRITES_TO_EXECUTABLE_MEMORY; -pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM: UCHAR = 1; -pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM: UCHAR = 2; -pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM_V: UCHAR = 1; -pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM_V: UCHAR = 2; -STRUCT!{struct PROCESS_READWRITEVM_LOGGING_INFORMATION { - Flags: UCHAR, -}} -BITFIELD!{PROCESS_READWRITEVM_LOGGING_INFORMATION Flags: UCHAR [ - EnableReadVmLogging set_EnableReadVmLogging[0..1], - EnableWriteVmLogging set_EnableWriteVmLogging[1..2], - Unused set_Unused[2..8], -]} -UNION!{union PROCESS_UPTIME_INFORMATION_u { - HangCount: ULONG, - GhostCount: ULONG, - Crashed: ULONG, - Terminated: ULONG, -}} -pub type PPROCESS_READWRITEVM_LOGGING_INFORMATION = *mut PROCESS_READWRITEVM_LOGGING_INFORMATION; -STRUCT!{struct PROCESS_UPTIME_INFORMATION { - QueryInterruptTime: ULONGLONG, - QueryUnbiasedTime: ULONGLONG, - EndInterruptTime: ULONGLONG, - TimeSinceCreation: ULONGLONG, - Uptime: ULONGLONG, - SuspendedTime: ULONGLONG, - u: PROCESS_UPTIME_INFORMATION_u, -}} -pub type PPROCESS_UPTIME_INFORMATION = *mut PROCESS_UPTIME_INFORMATION; -STRUCT!{struct PROCESS_SYSTEM_RESOURCE_MANAGEMENT { - Flags: ULONG, -}} -pub type PPROCESS_SYSTEM_RESOURCE_MANAGEMENT = *mut PROCESS_SYSTEM_RESOURCE_MANAGEMENT; -BITFIELD!{PROCESS_SYSTEM_RESOURCE_MANAGEMENT Flags: ULONG [ - Foreground set_Foreground[0..1], - Reserved set_Reserved[1..32], -]} -STRUCT!{struct PROCESS_SECURITY_DOMAIN_INFORMATION { - SecurityDomain: ULONGLONG, -}} -pub type PPROCESS_SECURITY_DOMAIN_INFORMATION = *mut PROCESS_SECURITY_DOMAIN_INFORMATION; -STRUCT!{struct PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION { - ProcessHandle: HANDLE, -}} -pub type PPROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION = - *mut PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION; -STRUCT!{struct PROCESS_LOGGING_INFORMATION { - Flags: ULONG, - BitFields: ULONG, -}} -BITFIELD!{PROCESS_LOGGING_INFORMATION BitFields: ULONG [ - EnableReadVmLogging set_EnableReadVmLogging[0..1], - EnableWriteVmLogging set_EnableWriteVmLogging[1..2], - EnableProcessSuspendResumeLogging set_EnableProcessSuspendResumeLogging[2..3], - EnableThreadSuspendResumeLogging set_EnableThreadSuspendResumeLogging[3..4], - Reserved set_Reserved[4..32], -]} -pub type PPROCESS_LOGGING_INFORMATION = *mut PROCESS_LOGGING_INFORMATION; -STRUCT!{struct PROCESS_LEAP_SECOND_INFORMATION { - Flags: ULONG, - Reserved: ULONG, -}} -pub type PPROCESS_LEAP_SECOND_INFORMATION = *mut PROCESS_LEAP_SECOND_INFORMATION; -STRUCT!{struct THREAD_BASIC_INFORMATION { - ExitStatus: NTSTATUS, - TebBaseAddress: PTEB, - ClientId: CLIENT_ID, - AffinityMask: ULONG_PTR, - Priority: KPRIORITY, - BasePriority: LONG, -}} -pub type PTHREAD_BASIC_INFORMATION = *mut THREAD_BASIC_INFORMATION; -STRUCT!{struct THREAD_LAST_SYSCALL_INFORMATION { - FirstArgument: PVOID, - SystemCallNumber: USHORT, - Pad: [USHORT; 1], - WaitTime: ULONG64, -}} -pub type PTHREAD_LAST_SYSCALL_INFORMATION = *mut THREAD_LAST_SYSCALL_INFORMATION; -STRUCT!{struct THREAD_CYCLE_TIME_INFORMATION { - AccumulatedCycles: ULONGLONG, - CurrentCycleCount: ULONGLONG, -}} -pub type PTHREAD_CYCLE_TIME_INFORMATION = *mut THREAD_CYCLE_TIME_INFORMATION; -STRUCT!{struct THREAD_TEB_INFORMATION { - TebInformation: PVOID, - TebOffset: ULONG, - BytesToRead: ULONG, -}} -pub type PTHREAD_TEB_INFORMATION = *mut THREAD_TEB_INFORMATION; -STRUCT!{struct COUNTER_READING { - Type: HARDWARE_COUNTER_TYPE, - Index: ULONG, - Start: ULONG64, - Total: ULONG64, -}} -pub type PCOUNTER_READING = *mut COUNTER_READING; -STRUCT!{struct THREAD_PERFORMANCE_DATA { - Size: USHORT, - Version: USHORT, - ProcessorNumber: PROCESSOR_NUMBER, - ContextSwitches: ULONG, - HwCountersCount: ULONG, - UpdateCount: ULONG64, - WaitReasonBitMap: ULONG64, - HardwareCounters: ULONG64, - CycleTime: COUNTER_READING, - HwCounters: [COUNTER_READING; MAX_HW_COUNTERS], -}} -pub type PTHREAD_PERFORMANCE_DATA = *mut THREAD_PERFORMANCE_DATA; -STRUCT!{struct THREAD_PROFILING_INFORMATION { - HardwareCounters: ULONG64, - Flags: ULONG, - Enable: ULONG, - PerformanceData: PTHREAD_PERFORMANCE_DATA, -}} -pub type PTHREAD_PROFILING_INFORMATION = *mut THREAD_PROFILING_INFORMATION; -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -STRUCT!{#[repr(align(16))] struct RTL_UMS_CONTEXT { - Link: SINGLE_LIST_ENTRY, - __padding: u64, - Context: CONTEXT, - Teb: PVOID, - UserContext: PVOID, - ScheduledThread: ULONG, - Suspended: ULONG, - VolatileContext: ULONG, - Terminated: ULONG, - DebugActive: ULONG, - RunningOnSelfThread: ULONG, - DenyRunningOnSelfThread: ULONG, - Flags: LONG, - KernelUpdateLock: ULONG64, - PrimaryClientID: ULONG64, - ContextLock: ULONG64, - PrimaryUmsContext: *mut RTL_UMS_CONTEXT, - SwitchCount: ULONG, - KernelYieldCount: ULONG, - MixedYieldCount: ULONG, - YieldCount: ULONG, -}} -#[cfg(target_arch = "x86")] -STRUCT!{struct RTL_UMS_CONTEXT { - Link: SINGLE_LIST_ENTRY, - Context: CONTEXT, - Teb: PVOID, - UserContext: PVOID, - ScheduledThread: ULONG, - Suspended: ULONG, - VolatileContext: ULONG, - Terminated: ULONG, - DebugActive: ULONG, - RunningOnSelfThread: ULONG, - DenyRunningOnSelfThread: ULONG, - Flags: LONG, - KernelUpdateLock: ULONG64, - PrimaryClientID: ULONG64, - ContextLock: ULONG64, - PrimaryUmsContext: *mut RTL_UMS_CONTEXT, - SwitchCount: ULONG, - KernelYieldCount: ULONG, - MixedYieldCount: ULONG, - YieldCount: ULONG, - __padding: u32, -}} -pub type PRTL_UMS_CONTEXT = *mut RTL_UMS_CONTEXT; -ENUM!{enum THREAD_UMS_INFORMATION_COMMAND { - UmsInformationCommandInvalid = 0, - UmsInformationCommandAttach = 1, - UmsInformationCommandDetach = 2, - UmsInformationCommandQuery = 3, -}} -STRUCT!{struct RTL_UMS_COMPLETION_LIST { - ThreadListHead: PSINGLE_LIST_ENTRY, - CompletionEvent: PVOID, - CompletionFlags: ULONG, - InternalListHead: SINGLE_LIST_ENTRY, -}} -pub type PRTL_UMS_COMPLETION_LIST = *mut RTL_UMS_COMPLETION_LIST; -STRUCT!{struct THREAD_UMS_INFORMATION { - Command: THREAD_UMS_INFORMATION_COMMAND, - CompletionList: PRTL_UMS_COMPLETION_LIST, - UmsContext: PRTL_UMS_CONTEXT, - Flags: ULONG, -}} -BITFIELD!{THREAD_UMS_INFORMATION Flags: ULONG [ - IsUmsSchedulerThread set_IsUmsSchedulerThread[0..1], - IsUmsWorkerThread set_IsUmsWorkerThread[1..2], - SpareBits set_SpareBits[2..32], -]} -pub type PTHREAD_UMS_INFORMATION = *mut THREAD_UMS_INFORMATION; -STRUCT!{struct THREAD_NAME_INFORMATION { - ThreadName: UNICODE_STRING, -}} -pub type PTHREAD_NAME_INFORMATION = *mut THREAD_NAME_INFORMATION; -ENUM!{enum SUBSYSTEM_INFORMATION_TYPE { - SubsystemInformationTypeWin32 = 0, - SubsystemInformationTypeWSL = 1, - MaxSubsystemInformationType = 2, -}} -ENUM!{enum THREAD_WORKLOAD_CLASS { - ThreadWorkloadClassDefault = 0, - ThreadWorkloadClassGraphics = 1, - MaxThreadWorkloadClass = 2, -}} -EXTERN!{extern "system" { - fn NtCreateProcess( - ProcessHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ParentProcess: HANDLE, - InheritObjectTable: BOOLEAN, - SectionHandle: HANDLE, - DebugPort: HANDLE, - ExceptionPort: HANDLE, - ) -> NTSTATUS; -}} -pub const PROCESS_CREATE_FLAGS_BREAKAWAY: ULONG = 0x00000001; -pub const PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT: ULONG = 0x00000002; -pub const PROCESS_CREATE_FLAGS_INHERIT_HANDLES: ULONG = 0x00000004; -pub const PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE: ULONG = 0x00000008; -pub const PROCESS_CREATE_FLAGS_LARGE_PAGES: ULONG = 0x00000010; -EXTERN!{extern "system" { - fn NtCreateProcessEx( - ProcessHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ParentProcess: HANDLE, - Flags: ULONG, - SectionHandle: HANDLE, - DebugPort: HANDLE, - ExceptionPort: HANDLE, - JobMemberLevel: ULONG, - ) -> NTSTATUS; - fn NtOpenProcess( - ProcessHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ClientId: PCLIENT_ID, - ) -> NTSTATUS; - fn NtTerminateProcess( - ProcessHandle: HANDLE, - ExitStatus: NTSTATUS, - ) -> NTSTATUS; - fn NtSuspendProcess( - ProcessHandle: HANDLE, - ) -> NTSTATUS; - fn NtResumeProcess( - ProcessHandle: HANDLE, - ) -> NTSTATUS; -}} -pub const NtCurrentProcess: HANDLE = -1isize as *mut c_void; -pub const ZwCurrentProcess: HANDLE = NtCurrentProcess; -pub const NtCurrentThread: HANDLE = -2isize as *mut c_void; -pub const ZwCurrentThread: HANDLE = NtCurrentThread; -pub const NtCurrentSession: HANDLE = -3isize as *mut c_void; -pub const ZwCurrentSession: HANDLE = NtCurrentSession; -#[inline] #[cfg(not(target_arch = "aarch64"))] -pub unsafe fn NtCurrentPeb() -> PPEB { - (*NtCurrentTeb()).ProcessEnvironmentBlock -} -pub const NtCurrentProcessToken: HANDLE = -4isize as *mut c_void; -pub const NtCurrentThreadToken: HANDLE = -5isize as *mut c_void; -pub const NtCurrentEffectiveToken: HANDLE = -6isize as *mut c_void; -pub const NtCurrentSilo: HANDLE = -1isize as *mut c_void; -#[inline] #[cfg(not(target_arch = "aarch64"))] -pub unsafe fn NtCurrentProcessId() -> HANDLE { - (*NtCurrentTeb()).ClientId.UniqueProcess -} -#[inline] #[cfg(not(target_arch = "aarch64"))] -pub unsafe fn NtCurrentThreadId() -> HANDLE { - (*NtCurrentTeb()).ClientId.UniqueThread -} -EXTERN!{extern "system" { - fn NtQueryInformationProcess( - ProcessHandle: HANDLE, - ProcessInformationClass: PROCESSINFOCLASS, - ProcessInformation: PVOID, - ProcessInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtGetNextProcess( - ProcessHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - HandleAttributes: ULONG, - Flags: ULONG, - NewProcessHandle: PHANDLE, - ) -> NTSTATUS; - fn NtGetNextThread( - ProcessHandle: HANDLE, - ThreadHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - HandleAttributes: ULONG, - Flags: ULONG, - NewThreadHandle: PHANDLE, - ) -> NTSTATUS; - fn NtSetInformationProcess( - ProcessHandle: HANDLE, - ProcessInformationClass: PROCESSINFOCLASS, - ProcessInformation: PVOID, - ProcessInformationLength: ULONG, - ) -> NTSTATUS; - fn NtQueryPortInformationProcess() -> NTSTATUS; - fn NtCreateThread( - ThreadHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ProcessHandle: HANDLE, - ClientId: PCLIENT_ID, - ThreadContext: PCONTEXT, - InitialTeb: PINITIAL_TEB, - CreateSuspended: BOOLEAN, - ) -> NTSTATUS; - fn NtOpenThread( - ThreadHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ClientId: PCLIENT_ID, - ) -> NTSTATUS; - fn NtTerminateThread( - ThreadHandle: HANDLE, - ExitStatus: NTSTATUS, - ) -> NTSTATUS; - fn NtSuspendThread( - ThreadHandle: HANDLE, - PreviousSuspendCount: PULONG, - ) -> NTSTATUS; - fn NtResumeThread( - ThreadHandle: HANDLE, - PreviousSuspendCount: PULONG, - ) -> NTSTATUS; - fn NtGetCurrentProcessorNumber() -> ULONG; - fn NtGetContextThread( - ThreadHandle: HANDLE, - ThreadContext: PCONTEXT, - ) -> NTSTATUS; - fn NtSetContextThread( - ThreadHandle: HANDLE, - ThreadContext: PCONTEXT, - ) -> NTSTATUS; - fn NtQueryInformationThread( - ThreadHandle: HANDLE, - ThreadInformationClass: THREADINFOCLASS, - ThreadInformation: PVOID, - ThreadInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtSetInformationThread( - ThreadHandle: HANDLE, - ThreadInformationClass: THREADINFOCLASS, - ThreadInformation: PVOID, - ThreadInformationLength: ULONG, - ) -> NTSTATUS; - fn NtAlertThread( - ThreadHandle: HANDLE, - ) -> NTSTATUS; - fn NtAlertResumeThread( - ThreadHandle: HANDLE, - PreviousSuspendCount: PULONG, - ) -> NTSTATUS; - fn NtTestAlert() -> NTSTATUS; - fn NtImpersonateThread( - ServerThreadHandle: HANDLE, - ClientThreadHandle: HANDLE, - SecurityQos: PSECURITY_QUALITY_OF_SERVICE, - ) -> NTSTATUS; - fn NtRegisterThreadTerminatePort( - PortHandle: HANDLE, - ) -> NTSTATUS; - fn NtSetLdtEntries( - Selector0: ULONG, - Entry0Low: ULONG, - Entry0Hi: ULONG, - Selector1: ULONG, - Entry1Low: ULONG, - Entry1Hi: ULONG, - ) -> NTSTATUS; -}} -FN!{cdecl PPS_APC_ROUTINE( - ApcArgument1: PVOID, - ApcArgument2: PVOID, - ApcArgument3: PVOID, -) -> ()} -EXTERN!{extern "system" { - fn NtQueueApcThread( - ThreadHandle: HANDLE, - ApcRoutine: PPS_APC_ROUTINE, - ApcArgument1: PVOID, - ApcArgument2: PVOID, - ApcArgument3: PVOID, - ) -> NTSTATUS; -}} -pub const APC_FORCE_THREAD_SIGNAL: HANDLE = 1 as *mut c_void; -EXTERN!{extern "system" { - fn NtQueueApcThreadEx( - ThreadHandle: HANDLE, - UserApcReserveHandle: HANDLE, - ApcRoutine: PPS_APC_ROUTINE, - ApcArgument1: PVOID, - ApcArgument2: PVOID, - ApcArgument3: PVOID, - ) -> NTSTATUS; - fn NtAlertThreadByThreadId( - ThreadId: HANDLE, - ) -> NTSTATUS; - fn NtWaitForAlertByThreadId( - Address: PVOID, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; -}} -pub const PS_ATTRIBUTE_NUMBER_MASK: u32 = 0x0000ffff; -pub const PS_ATTRIBUTE_THREAD: u32 = 0x00010000; -pub const PS_ATTRIBUTE_INPUT: u32 = 0x00020000; -pub const PS_ATTRIBUTE_ADDITIVE: u32 = 0x00040000; -ENUM!{enum PS_ATTRIBUTE_NUM { - PsAttributeParentProcess = 0, - PsAttributeDebugPort = 1, - PsAttributeToken = 2, - PsAttributeClientId = 3, - PsAttributeTebAddress = 4, - PsAttributeImageName = 5, - PsAttributeImageInfo = 6, - PsAttributeMemoryReserve = 7, - PsAttributePriorityClass = 8, - PsAttributeErrorMode = 9, - PsAttributeStdHandleInfo = 10, - PsAttributeHandleList = 11, - PsAttributeGroupAffinity = 12, - PsAttributePreferredNode = 13, - PsAttributeIdealProcessor = 14, - PsAttributeUmsThread = 15, - PsAttributeMitigationOptions = 16, - PsAttributeProtectionLevel = 17, - PsAttributeSecureProcess = 18, - PsAttributeJobList = 19, - PsAttributeChildProcessPolicy = 20, - PsAttributeAllApplicationPackagesPolicy = 21, - PsAttributeWin32kFilter = 22, - PsAttributeSafeOpenPromptOriginClaim = 23, - PsAttributeBnoIsolation = 24, - PsAttributeDesktopAppPolicy = 25, - PsAttributeChpe = 26, - PsAttributeMax = 27, -}} -#[inline] -pub const fn PsAttributeValue( - mut Number: PS_ATTRIBUTE_NUM, - Thread: bool, - Input: bool, - Additive: bool, -) -> ULONG_PTR { - Number &= PS_ATTRIBUTE_NUMBER_MASK; - if Thread { - Number |= PS_ATTRIBUTE_THREAD; - } - if Input { - Number |= PS_ATTRIBUTE_INPUT; - } - if Additive { - Number |= PS_ATTRIBUTE_ADDITIVE; - } - Number as _ -} -pub const PS_ATTRIBUTE_PARENT_PROCESS: ULONG_PTR = 0x00060000; -pub const PS_ATTRIBUTE_DEBUG_PORT: ULONG_PTR = 0x00060001; -pub const PS_ATTRIBUTE_TOKEN: ULONG_PTR = 0x00060002; -pub const PS_ATTRIBUTE_CLIENT_ID: ULONG_PTR = 0x00010003; -pub const PS_ATTRIBUTE_TEB_ADDRESS: ULONG_PTR = 0x00010004; -pub const PS_ATTRIBUTE_IMAGE_NAME: ULONG_PTR = 0x00020005; -pub const PS_ATTRIBUTE_IMAGE_INFO: ULONG_PTR = 0x00000006; -pub const PS_ATTRIBUTE_MEMORY_RESERVE: ULONG_PTR = 0x00020007; -pub const PS_ATTRIBUTE_PRIORITY_CLASS: ULONG_PTR = 0x00020008; -pub const PS_ATTRIBUTE_ERROR_MODE: ULONG_PTR = 0x00020009; -pub const PS_ATTRIBUTE_STD_HANDLE_INFO: ULONG_PTR = 0x0002000a; -pub const PS_ATTRIBUTE_HANDLE_LIST: ULONG_PTR = 0x0002000b; -pub const PS_ATTRIBUTE_GROUP_AFFINITY: ULONG_PTR = 0x0003000c; -pub const PS_ATTRIBUTE_PREFERRED_NODE: ULONG_PTR = 0x0002000d; -pub const PS_ATTRIBUTE_IDEAL_PROCESSOR: ULONG_PTR = 0x0003000e; -pub const PS_ATTRIBUTE_UMS_THREAD: ULONG_PTR = 0x0003000f; -pub const PS_ATTRIBUTE_MITIGATION_OPTIONS: ULONG_PTR = 0x00060010; -pub const PS_ATTRIBUTE_PROTECTION_LEVEL: ULONG_PTR = 0x00060011; -pub const PS_ATTRIBUTE_SECURE_PROCESS: ULONG_PTR = 0x00020012; -pub const PS_ATTRIBUTE_JOB_LIST: ULONG_PTR = 0x00020013; -pub const PS_ATTRIBUTE_CHILD_PROCESS_POLICY: ULONG_PTR = 0x00020014; -pub const PS_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY: ULONG_PTR = 0x00020015; -pub const PS_ATTRIBUTE_WIN32K_FILTER: ULONG_PTR = 0x00020016; -pub const PS_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM: ULONG_PTR = 0x00020017; -pub const PS_ATTRIBUTE_BNO_ISOLATION: ULONG_PTR = 0x00020018; -pub const PS_ATTRIBUTE_DESKTOP_APP_POLICY: ULONG_PTR = 0x00020019; -UNION!{union PS_ATTRIBUTE_u { - Value: ULONG_PTR, - ValuePtr: PVOID, -}} -STRUCT!{struct PS_ATTRIBUTE { - Attribute: ULONG_PTR, - Size: SIZE_T, - u: PS_ATTRIBUTE_u, - ReturnLength: PSIZE_T, -}} -pub type PPS_ATTRIBUTE = *mut PS_ATTRIBUTE; -STRUCT!{struct PS_ATTRIBUTE_LIST { - TotalLength: SIZE_T, - Attributes: [PS_ATTRIBUTE; 1], -}} -pub type PPS_ATTRIBUTE_LIST = *mut PS_ATTRIBUTE_LIST; -STRUCT!{struct PS_MEMORY_RESERVE { - ReserveAddress: PVOID, - ReserveSize: SIZE_T, -}} -pub type PPS_MEMORY_RESERVE = *mut PS_MEMORY_RESERVE; -ENUM!{enum PS_STD_HANDLE_STATE { - PsNeverDuplicate = 0, - PsRequestDuplicate = 1, - PsAlwaysDuplicate = 2, - PsMaxStdHandleStates = 3, -}} -pub const PS_STD_INPUT_HANDLE: u32 = 0x1; -pub const PS_STD_OUTPUT_HANDLE: u32 = 0x2; -pub const PS_STD_ERROR_HANDLE: u32 = 0x4; -STRUCT!{struct PS_STD_HANDLE_INFO { - Flags: ULONG, - StdHandleSubsystemType: ULONG, -}} -pub type PPS_STD_HANDLE_INFO = *mut PS_STD_HANDLE_INFO; -BITFIELD!{PS_STD_HANDLE_INFO Flags: ULONG [ - StdHandleState set_StdHandleState[0..2], - PseudoHandleMask set_PseudoHandleMask[2..5], -]} -STRUCT!{struct PS_BNO_ISOLATION_PARAMETERS { - IsolationPrefix: UNICODE_STRING, - HandleCount: ULONG, - Handles: *mut PVOID, - IsolationEnabled: BOOLEAN, -}} -pub type PPS_BNO_ISOLATION_PARAMETERS = *mut PS_BNO_ISOLATION_PARAMETERS; -ENUM!{enum PS_MITIGATION_OPTION { - PS_MITIGATION_OPTION_NX = 0, - PS_MITIGATION_OPTION_SEHOP = 1, - PS_MITIGATION_OPTION_FORCE_RELOCATE_IMAGES = 2, - PS_MITIGATION_OPTION_HEAP_TERMINATE = 3, - PS_MITIGATION_OPTION_BOTTOM_UP_ASLR = 4, - PS_MITIGATION_OPTION_HIGH_ENTROPY_ASLR = 5, - PS_MITIGATION_OPTION_STRICT_HANDLE_CHECKS = 6, - PS_MITIGATION_OPTION_WIN32K_SYSTEM_CALL_DISABLE = 7, - PS_MITIGATION_OPTION_EXTENSION_POINT_DISABLE = 8, - PS_MITIGATION_OPTION_PROHIBIT_DYNAMIC_CODE = 9, - PS_MITIGATION_OPTION_CONTROL_FLOW_GUARD = 10, - PS_MITIGATION_OPTION_BLOCK_NON_MICROSOFT_BINARIES = 11, - PS_MITIGATION_OPTION_FONT_DISABLE = 12, - PS_MITIGATION_OPTION_IMAGE_LOAD_NO_REMOTE = 13, - PS_MITIGATION_OPTION_IMAGE_LOAD_NO_LOW_LABEL = 14, - PS_MITIGATION_OPTION_IMAGE_LOAD_PREFER_SYSTEM32 = 15, - PS_MITIGATION_OPTION_RETURN_FLOW_GUARD = 16, - PS_MITIGATION_OPTION_LOADER_INTEGRITY_CONTINUITY = 17, - PS_MITIGATION_OPTION_STRICT_CONTROL_FLOW_GUARD = 18, - PS_MITIGATION_OPTION_RESTRICT_SET_THREAD_CONTEXT = 19, - PS_MITIGATION_OPTION_ROP_STACKPIVOT = 20, - PS_MITIGATION_OPTION_ROP_CALLER_CHECK = 21, - PS_MITIGATION_OPTION_ROP_SIMEXEC = 22, - PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER = 23, - PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER_PLUS = 24, - PS_MITIGATION_OPTION_RESTRICT_CHILD_PROCESS_CREATION = 25, - PS_MITIGATION_OPTION_IMPORT_ADDRESS_FILTER = 26, - PS_MITIGATION_OPTION_MODULE_TAMPERING_PROTECTION = 27, - PS_MITIGATION_OPTION_RESTRICT_INDIRECT_BRANCH_PREDICTION = 28, - PS_MITIGATION_OPTION_SPECULATIVE_STORE_BYPASS_DISABLE = 29, - PS_MITIGATION_OPTION_ALLOW_DOWNGRADE_DYNAMIC_CODE_POLICY = 30, - PS_MITIGATION_OPTION_CET_SHADOW_STACKS = 31, -}} -ENUM!{enum PS_CREATE_STATE { - PsCreateInitialState = 0, - PsCreateFailOnFileOpen = 1, - PsCreateFailOnSectionCreate = 2, - PsCreateFailExeFormat = 3, - PsCreateFailMachineMismatch = 4, - PsCreateFailExeName = 5, - PsCreateSuccess = 6, - PsCreateMaximumStates = 7, -}} -STRUCT!{struct PS_CREATE_INFO_u_InitState { - InitFlags: ULONG, - AdditionalFileAccess: ACCESS_MASK, -}} -BITFIELD!{PS_CREATE_INFO_u_InitState InitFlags: ULONG [ - WriteOutputOnExit set_WriteOutputOnExit[0..1], - DetectManifest set_DetectManifest[1..2], - IFEOSkipDebugger set_IFEOSkipDebugger[2..3], - IFEODoNotPropagateKeyState set_IFEODoNotPropagateKeyState[3..4], - SpareBits1 set_SpareBits1[4..8], - SpareBits2 set_SpareBits2[8..16], - ProhibitedImageCharacteristics set_ProhibitedImageCharacteristics[16..32], -]} -STRUCT!{struct PS_CREATE_INFO_u_SuccessState { - OutputFlags: ULONG, - FileHandle: HANDLE, - SectionHandle: HANDLE, - UserProcessParametersNative: ULONGLONG, - UserProcessParametersWow64: ULONG, - CurrentParameterFlags: ULONG, - PebAddressNative: ULONGLONG, - PebAddressWow64: ULONG, - ManifestAddress: ULONGLONG, - ManifestSize: ULONG, -}} -BITFIELD!{PS_CREATE_INFO_u_SuccessState OutputFlags: ULONG [ - ProtectedProcess set_ProtectedProcess[0..1], - AddressSpaceOverride set_AddressSpaceOverride[1..2], - DevOverrideEnabled set_DevOverrideEnabled[2..3], - ManifestDetected set_ManifestDetected[3..4], - ProtectedProcessLight set_ProtectedProcessLight[4..5], - SpareBits1 set_SpareBits1[5..8], - SpareBits2 set_SpareBits2[8..16], - SpareBits3 set_SpareBits3[16..32], -]} -UNION!{union PS_CREATE_INFO_u { - InitState: PS_CREATE_INFO_u_InitState, - FileHandle: HANDLE, - DllCharacteristics: USHORT, - IFEOKey: HANDLE, - SuccessState: PS_CREATE_INFO_u_SuccessState, -}} -STRUCT!{struct PS_CREATE_INFO { - Size: SIZE_T, - State: PS_CREATE_STATE, - u: PS_CREATE_INFO_u, -}} -pub type PPS_CREATE_INFO = *mut PS_CREATE_INFO; -pub const PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL: ULONG = 0x00000020; -pub const PROCESS_CREATE_FLAGS_PROTECTED_PROCESS: ULONG = 0x00000040; -pub const PROCESS_CREATE_FLAGS_CREATE_SESSION: ULONG = 0x00000080; -pub const PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT: ULONG = 0x00000100; -pub const PROCESS_CREATE_FLAGS_SUSPENDED: ULONG = 0x00000200; -pub const PROCESS_CREATE_FLAGS_EXTENDED_UNKNOWN: ULONG = 0x00000400; -EXTERN!{extern "system" { - fn NtCreateUserProcess( - ProcessHandle: PHANDLE, - ThreadHandle: PHANDLE, - ProcessDesiredAccess: ACCESS_MASK, - ThreadDesiredAccess: ACCESS_MASK, - ProcessObjectAttributes: POBJECT_ATTRIBUTES, - ThreadObjectAttributes: POBJECT_ATTRIBUTES, - ProcessFlags: ULONG, - ThreadFlags: ULONG, - ProcessParameters: PVOID, - CreateInfo: PPS_CREATE_INFO, - AttributeList: PPS_ATTRIBUTE_LIST, - ) -> NTSTATUS; -}} -pub const THREAD_CREATE_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001; -pub const THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH: ULONG = 0x00000002; -pub const THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER: ULONG = 0x00000004; -pub const THREAD_CREATE_FLAGS_HAS_SECURITY_DESCRIPTOR: ULONG = 0x00000010; -pub const THREAD_CREATE_FLAGS_ACCESS_CHECK_IN_TARGET: ULONG = 0x00000020; -pub const THREAD_CREATE_FLAGS_INITIAL_THREAD: ULONG = 0x00000080; -EXTERN!{extern "system" { - fn NtCreateThreadEx( - ThreadHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ProcessHandle: HANDLE, - StartRoutine: PVOID, - Argument: PVOID, - CreateFlags: ULONG, - ZeroBits: SIZE_T, - StackSize: SIZE_T, - MaximumStackSize: SIZE_T, - AttributeList: PPS_ATTRIBUTE_LIST, - ) -> NTSTATUS; -}} -STRUCT!{struct JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION { - BasicInfo: JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, - IoInfo: IO_COUNTERS, - DiskIoInfo: PROCESS_DISK_COUNTERS, - ContextSwitches: ULONG64, - TotalCycleTime: LARGE_INTEGER, - ReadyTime: ULONG64, - EnergyValues: PROCESS_ENERGY_VALUES, -}} -pub type PJOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION = - *mut JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION; -STRUCT!{struct JOBOBJECT_WAKE_INFORMATION { - NotificationChannel: HANDLE, - WakeCounters: [ULONG64; 7], -}} -pub type PJOBOBJECT_WAKE_INFORMATION = *mut JOBOBJECT_WAKE_INFORMATION; -STRUCT!{struct JOBOBJECT_WAKE_INFORMATION_V1 { - NotificationChannel: HANDLE, - WakeCounters: [ULONG64; 4], -}} -pub type PJOBOBJECT_WAKE_INFORMATION_V1 = *mut JOBOBJECT_WAKE_INFORMATION_V1; -STRUCT!{struct JOBOBJECT_INTERFERENCE_INFORMATION { - Count: ULONG64, -}} -pub type PJOBOBJECT_INTERFERENCE_INFORMATION = *mut JOBOBJECT_INTERFERENCE_INFORMATION; -STRUCT!{struct JOBOBJECT_WAKE_FILTER { - HighEdgeFilter: ULONG, - LowEdgeFilter: ULONG, -}} -pub type PJOBOBJECT_WAKE_FILTER = *mut JOBOBJECT_WAKE_FILTER; -STRUCT!{struct JOBOBJECT_FREEZE_INFORMATION { - Flags: ULONG, - Freeze: BOOLEAN, - Swap: BOOLEAN, - Reserved0: [UCHAR; 2], - WakeFilter: JOBOBJECT_WAKE_FILTER, -}} -pub type PJOBOBJECT_FREEZE_INFORMATION = *mut JOBOBJECT_FREEZE_INFORMATION; -BITFIELD!{JOBOBJECT_FREEZE_INFORMATION Flags: ULONG [ - FreezeOperation set_FreezeOperation[0..1], - FilterOperation set_FilterOperation[1..2], - SwapOperation set_SwapOperation[2..3], - Reserved set_Reserved[3..32], -]} -STRUCT!{struct JOBOBJECT_MEMORY_USAGE_INFORMATION { - JobMemory: ULONG64, - PeakJobMemoryUsed: ULONG64, -}} -pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION = *mut JOBOBJECT_MEMORY_USAGE_INFORMATION; -STRUCT!{struct JOBOBJECT_MEMORY_USAGE_INFORMATION_V2 { - BasicInfo: JOBOBJECT_MEMORY_USAGE_INFORMATION, - JobSharedMemory: ULONG64, - Reserved: [ULONG64; 2], -}} -pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION_V2 = *mut JOBOBJECT_MEMORY_USAGE_INFORMATION_V2; -STRUCT!{struct SILO_USER_SHARED_DATA { - ServiceSessionId: ULONG64, - ActiveConsoleId: ULONG, - ConsoleSessionForegroundProcessId: LONGLONG, - NtProductType: NT_PRODUCT_TYPE, - SuiteMask: ULONG, - SharedUserSessionId: ULONG, - IsMultiSessionSku: BOOLEAN, - NtSystemRoot: [WCHAR; 260], - UserModeGlobalLogger: [USHORT; 16], -}} -pub type PSILO_USER_SHARED_DATA = *mut SILO_USER_SHARED_DATA; -STRUCT!{struct SILOOBJECT_ROOT_DIRECTORY { - ControlFlags: ULONG, - Path: UNICODE_STRING, -}} -pub type PSILOOBJECT_ROOT_DIRECTORY = *mut SILOOBJECT_ROOT_DIRECTORY; -STRUCT!{struct JOBOBJECT_ENERGY_TRACKING_STATE { - Value: ULONG64, - UpdateMask: ULONG, - DesiredState: ULONG, -}} -pub type PJOBOBJECT_ENERGY_TRACKING_STATE = *mut JOBOBJECT_ENERGY_TRACKING_STATE; -EXTERN!{extern "system" { - fn NtCreateJobObject( - JobHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtOpenJobObject( - JobHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtAssignProcessToJobObject( - JobHandle: HANDLE, - ProcessHandle: HANDLE, - ) -> NTSTATUS; - fn NtTerminateJobObject( - JobHandle: HANDLE, - ExitStatus: NTSTATUS, - ) -> NTSTATUS; - fn NtIsProcessInJob( - ProcessHandle: HANDLE, - JobHandle: HANDLE, - ) -> NTSTATUS; - fn NtQueryInformationJobObject( - JobHandle: HANDLE, - JobObjectInformationClass: JOBOBJECTINFOCLASS, - JobObjectInformation: PVOID, - JobObjectInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtSetInformationJobObject( - JobHandle: HANDLE, - JobObjectInformationClass: JOBOBJECTINFOCLASS, - JobObjectInformation: PVOID, - JobObjectInformationLength: ULONG, - ) -> NTSTATUS; - fn NtCreateJobSet( - NumJob: ULONG, - UserJobSet: PJOB_SET_ARRAY, - Flags: ULONG, - ) -> NTSTATUS; - fn NtRevertContainerImpersonation() -> NTSTATUS; -}} -ENUM!{enum MEMORY_RESERVE_TYPE { - MemoryReserveUserApc = 0, - MemoryReserveIoCompletion = 1, - MemoryReserveTypeMax = 2, -}} -EXTERN!{extern "system" { - fn NtAllocateReserveObject( - MemoryReserveHandle: PHANDLE, - ObjectAttributes: POBJECT_ATTRIBUTES, - Type: MEMORY_RESERVE_TYPE, - ) -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/ntregapi.rs b/vendor/ntapi/src/ntregapi.rs deleted file mode 100644 index ccd79b2bf..000000000 --- a/vendor/ntapi/src/ntregapi.rs +++ /dev/null @@ -1,450 +0,0 @@ -use crate::ntioapi::{PIO_APC_ROUTINE, PIO_STATUS_BLOCK}; -use winapi::shared::ntdef::{ - BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, OBJECT_ATTRIBUTES, PHANDLE, POBJECT_ATTRIBUTES, - PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, USHORT, WCHAR, -}; -use winapi::um::winnt::ACCESS_MASK; -pub const REG_INIT_BOOT_SM: USHORT = 0x0000; -pub const REG_INIT_BOOT_SETUP: USHORT = 0x0001; -pub const REG_INIT_BOOT_ACCEPTED_BASE: USHORT = 0x0002; -pub const REG_INIT_BOOT_ACCEPTED_MAX: USHORT = REG_INIT_BOOT_ACCEPTED_BASE; -pub const REG_MAX_KEY_VALUE_NAME_LENGTH: u32 = 32767; -pub const REG_MAX_KEY_NAME_LENGTH: u32 = 512; -ENUM!{enum KEY_INFORMATION_CLASS { - KeyBasicInformation = 0, - KeyNodeInformation = 1, - KeyFullInformation = 2, - KeyNameInformation = 3, - KeyCachedInformation = 4, - KeyFlagsInformation = 5, - KeyVirtualizationInformation = 6, - KeyHandleTagsInformation = 7, - KeyTrustInformation = 8, - KeyLayerInformation = 9, - MaxKeyInfoClass = 10, -}} -STRUCT!{struct KEY_BASIC_INFORMATION { - LastWriteTime: LARGE_INTEGER, - TitleIndex: ULONG, - NameLength: ULONG, - Name: [WCHAR; 1], -}} -pub type PKEY_BASIC_INFORMATION = *mut KEY_BASIC_INFORMATION; -STRUCT!{struct KEY_NODE_INFORMATION { - LastWriteTime: LARGE_INTEGER, - TitleIndex: ULONG, - ClassOffset: ULONG, - ClassLength: ULONG, - NameLength: ULONG, - Name: [WCHAR; 1], -}} -pub type PKEY_NODE_INFORMATION = *mut KEY_NODE_INFORMATION; -STRUCT!{struct KEY_FULL_INFORMATION { - LastWriteTime: LARGE_INTEGER, - TitleIndex: ULONG, - ClassOffset: ULONG, - ClassLength: ULONG, - SubKeys: ULONG, - MaxNameLen: ULONG, - MaxClassLen: ULONG, - Values: ULONG, - MaxValueNameLen: ULONG, - MaxValueDataLen: ULONG, - Class: [WCHAR; 1], -}} -pub type PKEY_FULL_INFORMATION = *mut KEY_FULL_INFORMATION; -STRUCT!{struct KEY_NAME_INFORMATION { - NameLength: ULONG, - Name: [WCHAR; 1], -}} -pub type PKEY_NAME_INFORMATION = *mut KEY_NAME_INFORMATION; -STRUCT!{struct KEY_CACHED_INFORMATION { - LastWriteTime: LARGE_INTEGER, - TitleIndex: ULONG, - SubKeys: ULONG, - MaxNameLen: ULONG, - Values: ULONG, - MaxValueNameLen: ULONG, - MaxValueDataLen: ULONG, - NameLength: ULONG, - Name: [WCHAR; 1], -}} -pub type PKEY_CACHED_INFORMATION = *mut KEY_CACHED_INFORMATION; -STRUCT!{struct KEY_FLAGS_INFORMATION { - UserFlags: ULONG, -}} -pub type PKEY_FLAGS_INFORMATION = *mut KEY_FLAGS_INFORMATION; -STRUCT!{struct KEY_VIRTUALIZATION_INFORMATION { - Bitfields: ULONG, -}} -BITFIELD!{KEY_VIRTUALIZATION_INFORMATION Bitfields: ULONG [ - VirtualizationCandidate set_VirtualizationCandidate[0..1], - VirtualizationEnabled set_VirtualizationEnabled[1..2], - VirtualTarget set_VirtualTarget[2..3], - VirtualStore set_VirtualStore[3..4], - VirtualSource set_VirtualSource[4..5], - Reserved set_Reserved[5..32], -]} -pub type PKEY_VIRTUALIZATION_INFORMATION = *mut KEY_VIRTUALIZATION_INFORMATION; -STRUCT!{struct KEY_TRUST_INFORMATION { - Bitfields: ULONG, -}} -BITFIELD!{KEY_TRUST_INFORMATION Bitfields: ULONG [ - TrustedKey set_TrustedKey[0..1], - Reserved set_Reserved[1..32], -]} -pub type PKEY_TRUST_INFORMATION = *mut KEY_TRUST_INFORMATION; -STRUCT!{struct KEY_LAYER_INFORMATION { - IsTombstone: ULONG, - IsSupersedeLocal: ULONG, - IsSupersedeTree: ULONG, - ClassIsInherited: ULONG, - Reserved: ULONG, -}} -pub type PKEY_LAYER_INFORMATION = *mut KEY_LAYER_INFORMATION; -ENUM!{enum KEY_SET_INFORMATION_CLASS { - KeyWriteTimeInformation = 0, - KeyWow64FlagsInformation = 1, - KeyControlFlagsInformation = 2, - KeySetVirtualizationInformation = 3, - KeySetDebugInformation = 4, - KeySetHandleTagsInformation = 5, - KeySetLayerInformation = 6, - MaxKeySetInfoClass = 7, -}} -STRUCT!{struct KEY_WRITE_TIME_INFORMATION { - LastWriteTime: LARGE_INTEGER, -}} -pub type PKEY_WRITE_TIME_INFORMATION = *mut KEY_WRITE_TIME_INFORMATION; -STRUCT!{struct KEY_WOW64_FLAGS_INFORMATION { - UserFlags: ULONG, -}} -pub type PKEY_WOW64_FLAGS_INFORMATION = *mut KEY_WOW64_FLAGS_INFORMATION; -STRUCT!{struct KEY_HANDLE_TAGS_INFORMATION { - HandleTags: ULONG, -}} -pub type PKEY_HANDLE_TAGS_INFORMATION = *mut KEY_HANDLE_TAGS_INFORMATION; -STRUCT!{struct KEY_SET_LAYER_INFORMATION { - Bitfields: ULONG, -}} -BITFIELD!{KEY_SET_LAYER_INFORMATION Bitfields: ULONG [ - IsTombstone set_IsTombstone[0..1], - IsSupersedeLocal set_IsSupersedeLocal[1..2], - IsSupersedeTree set_IsSupersedeTree[2..3], - ClassIsInherited set_ClassIsInherited[3..4], - Reserved set_Reserved[4..32], -]} -pub type PKEY_SET_LAYER_INFORMATION = *mut KEY_SET_LAYER_INFORMATION; -STRUCT!{struct KEY_CONTROL_FLAGS_INFORMATION { - ControlFlags: ULONG, -}} -pub type PKEY_CONTROL_FLAGS_INFORMATION = *mut KEY_CONTROL_FLAGS_INFORMATION; -STRUCT!{struct KEY_SET_VIRTUALIZATION_INFORMATION { - HandleTags: ULONG, -}} -BITFIELD!{KEY_SET_VIRTUALIZATION_INFORMATION HandleTags: ULONG [ - VirtualTarget set_VirtualTarget[0..1], - VirtualStore set_VirtualStore[1..2], - VirtualSource set_VirtualSource[2..3], - Reserved set_Reserved[3..32], -]} -pub type PKEY_SET_VIRTUALIZATION_INFORMATION = *mut KEY_SET_VIRTUALIZATION_INFORMATION; -ENUM!{enum KEY_VALUE_INFORMATION_CLASS { - KeyValueBasicInformation = 0, - KeyValueFullInformation = 1, - KeyValuePartialInformation = 2, - KeyValueFullInformationAlign64 = 3, - KeyValuePartialInformationAlign64 = 4, - KeyValueLayerInformation = 5, - MaxKeyValueInfoClass = 6, -}} -STRUCT!{struct KEY_VALUE_BASIC_INFORMATION { - TitleIndex: ULONG, - Type: ULONG, - NameLength: ULONG, - Name: [WCHAR; 1], -}} -pub type PKEY_VALUE_BASIC_INFORMATION = *mut KEY_VALUE_BASIC_INFORMATION; -STRUCT!{struct KEY_VALUE_FULL_INFORMATION { - TitleIndex: ULONG, - Type: ULONG, - DataOffset: ULONG, - DataLength: ULONG, - NameLength: ULONG, - Name: [WCHAR; 1], -}} -pub type PKEY_VALUE_FULL_INFORMATION = *mut KEY_VALUE_FULL_INFORMATION; -STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION { - TitleIndex: ULONG, - Type: ULONG, - DataLength: ULONG, - Data: [UCHAR; 1], -}} -pub type PKEY_VALUE_PARTIAL_INFORMATION = *mut KEY_VALUE_PARTIAL_INFORMATION; -STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 { - Type: ULONG, - DataLength: ULONG, - Data: [UCHAR; 1], -}} -pub type PKEY_VALUE_PARTIAL_INFORMATION_ALIGN64 = *mut KEY_VALUE_PARTIAL_INFORMATION_ALIGN64; -STRUCT!{struct KEY_VALUE_LAYER_INFORMATION { - IsTombstone: ULONG, - Reserved: ULONG, -}} -pub type PKEY_VALUE_LAYER_INFORMATION = *mut KEY_VALUE_LAYER_INFORMATION; -STRUCT!{struct KEY_VALUE_ENTRY { - ValueName: PUNICODE_STRING, - DataLength: ULONG, - DataOffset: ULONG, - Type: ULONG, -}} -pub type PKEY_VALUE_ENTRY = *mut KEY_VALUE_ENTRY; -ENUM!{enum REG_ACTION { - KeyAdded = 0, - KeyRemoved = 1, - KeyModified = 2, -}} -STRUCT!{struct REG_NOTIFY_INFORMATION { - NextEntryOffset: ULONG, - Action: REG_ACTION, - KeyLength: ULONG, - Key: [WCHAR; 1], -}} -pub type PREG_NOTIFY_INFORMATION = *mut REG_NOTIFY_INFORMATION; -STRUCT!{struct KEY_PID_ARRAY { - PID: HANDLE, - KeyName: UNICODE_STRING, -}} -pub type PKEY_PID_ARRAY = *mut KEY_PID_ARRAY; -STRUCT!{struct KEY_OPEN_SUBKEYS_INFORMATION { - Count: ULONG, - KeyArray: [KEY_PID_ARRAY; 1], -}} -pub type PKEY_OPEN_SUBKEYS_INFORMATION = *mut KEY_OPEN_SUBKEYS_INFORMATION; -EXTERN!{extern "system" { - fn NtCreateKey( - KeyHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - TitleIndex: ULONG, - Class: PUNICODE_STRING, - CreateOptions: ULONG, - Disposition: PULONG, - ) -> NTSTATUS; - fn NtCreateKeyTransacted( - KeyHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - TitleIndex: ULONG, - Class: PUNICODE_STRING, - CreateOptions: ULONG, - TransactionHandle: HANDLE, - Disposition: PULONG, - ) -> NTSTATUS; - fn NtOpenKey( - KeyHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtOpenKeyTransacted( - KeyHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - TransactionHandle: HANDLE, - ) -> NTSTATUS; - fn NtOpenKeyEx( - KeyHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - OpenOptions: ULONG, - ) -> NTSTATUS; - fn NtOpenKeyTransactedEx( - KeyHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - OpenOptions: ULONG, - TransactionHandle: HANDLE, - ) -> NTSTATUS; - fn NtDeleteKey( - KeyHandle: HANDLE, - ) -> NTSTATUS; - fn NtRenameKey( - KeyHandle: HANDLE, - NewName: PUNICODE_STRING, - ) -> NTSTATUS; - fn NtDeleteValueKey( - KeyHandle: HANDLE, - ValueName: PUNICODE_STRING, - ) -> NTSTATUS; - fn NtQueryKey( - KeyHandle: HANDLE, - KeyInformationClass: KEY_INFORMATION_CLASS, - KeyInformation: PVOID, - Length: ULONG, - ResultLength: PULONG, - ) -> NTSTATUS; - fn NtSetInformationKey( - KeyHandle: HANDLE, - KeySetInformationClass: KEY_SET_INFORMATION_CLASS, - KeySetInformation: PVOID, - KeySetInformationLength: ULONG, - ) -> NTSTATUS; - fn NtQueryValueKey( - KeyHandle: HANDLE, - ValueName: PUNICODE_STRING, - KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, - KeyValueInformation: PVOID, - Length: ULONG, - ResultLength: PULONG, - ) -> NTSTATUS; - fn NtSetValueKey( - KeyHandle: HANDLE, - ValueName: PUNICODE_STRING, - TitleIndex: ULONG, - Type: ULONG, - Data: PVOID, - DataSize: ULONG, - ) -> NTSTATUS; - fn NtQueryMultipleValueKey( - KeyHandle: HANDLE, - ValueEntries: PKEY_VALUE_ENTRY, - EntryCount: ULONG, - ValueBuffer: PVOID, - BufferLength: PULONG, - RequiredBufferLength: PULONG, - ) -> NTSTATUS; - fn NtEnumerateKey( - KeyHandle: HANDLE, - Index: ULONG, - KeyInformationClass: KEY_INFORMATION_CLASS, - KeyInformation: PVOID, - Length: ULONG, - ResultLength: PULONG, - ) -> NTSTATUS; - fn NtEnumerateValueKey( - KeyHandle: HANDLE, - Index: ULONG, - KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, - KeyValueInformation: PVOID, - Length: ULONG, - ResultLength: PULONG, - ) -> NTSTATUS; - fn NtFlushKey( - KeyHandle: HANDLE, - ) -> NTSTATUS; - fn NtCompactKeys( - Count: ULONG, - KeyArray: *mut HANDLE, - ) -> NTSTATUS; - fn NtCompressKey( - Key: HANDLE, - ) -> NTSTATUS; - fn NtLoadKey( - TargetKey: POBJECT_ATTRIBUTES, - SourceFile: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtLoadKey2( - TargetKey: POBJECT_ATTRIBUTES, - SourceFile: POBJECT_ATTRIBUTES, - Flags: ULONG, - ) -> NTSTATUS; - fn NtLoadKeyEx( - TargetKey: POBJECT_ATTRIBUTES, - SourceFile: POBJECT_ATTRIBUTES, - Flags: ULONG, - TrustClassKey: HANDLE, - Event: HANDLE, - DesiredAccess: ACCESS_MASK, - RootHandle: PHANDLE, - IoStatus: PIO_STATUS_BLOCK, - ) -> NTSTATUS; - fn NtReplaceKey( - NewFile: POBJECT_ATTRIBUTES, - TargetHandle: HANDLE, - OldFile: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtSaveKey( - KeyHandle: HANDLE, - FileHandle: HANDLE, - ) -> NTSTATUS; - fn NtSaveKeyEx( - KeyHandle: HANDLE, - FileHandle: HANDLE, - Format: ULONG, - ) -> NTSTATUS; - fn NtSaveMergedKeys( - HighPrecedenceKeyHandle: HANDLE, - LowPrecedenceKeyHandle: HANDLE, - FileHandle: HANDLE, - ) -> NTSTATUS; - fn NtRestoreKey( - KeyHandle: HANDLE, - FileHandle: HANDLE, - Flags: ULONG, - ) -> NTSTATUS; - fn NtUnloadKey( - TargetKey: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; -}} -pub const REG_FORCE_UNLOAD: ULONG = 1; -pub const REG_UNLOAD_LEGAL_FLAGS: ULONG = REG_FORCE_UNLOAD; -EXTERN!{extern "system" { - fn NtUnloadKey2( - TargetKey: POBJECT_ATTRIBUTES, - Flags: ULONG, - ) -> NTSTATUS; - fn NtUnloadKeyEx( - TargetKey: POBJECT_ATTRIBUTES, - Event: HANDLE, - ) -> NTSTATUS; - fn NtNotifyChangeKey( - KeyHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - CompletionFilter: ULONG, - WatchTree: BOOLEAN, - Buffer: PVOID, - BufferSize: ULONG, - Asynchronous: BOOLEAN, - ) -> NTSTATUS; - fn NtNotifyChangeMultipleKeys( - MasterKeyHandle: HANDLE, - Count: ULONG, - SubordinateObjects: *mut OBJECT_ATTRIBUTES, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - CompletionFilter: ULONG, - WatchTree: BOOLEAN, - Buffer: PVOID, - BufferSize: ULONG, - Asynchronous: BOOLEAN, - ) -> NTSTATUS; - fn NtQueryOpenSubKeys( - TargetKey: POBJECT_ATTRIBUTES, - HandleCount: PULONG, - ) -> NTSTATUS; - fn NtQueryOpenSubKeysEx( - TargetKey: POBJECT_ATTRIBUTES, - BufferLength: ULONG, - Buffer: PVOID, - RequiredSize: PULONG, - ) -> NTSTATUS; - fn NtInitializeRegistry( - BootCondition: USHORT, - ) -> NTSTATUS; - fn NtLockRegistryKey( - KeyHandle: HANDLE, - ) -> NTSTATUS; - fn NtLockProductActivationKeys( - pPrivateVer: *mut ULONG, - pSafeMode: *mut ULONG, - ) -> NTSTATUS; - fn NtFreezeRegistry( - TimeOutInSeconds: ULONG, - ) -> NTSTATUS; - fn NtThawRegistry() -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/ntrtl.rs b/vendor/ntapi/src/ntrtl.rs deleted file mode 100644 index abbc3862a..000000000 --- a/vendor/ntapi/src/ntrtl.rs +++ /dev/null @@ -1,4373 +0,0 @@ -use core::ptr::null_mut; -use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID}; -use crate::ntexapi::{RTL_PROCESS_BACKTRACES, RTL_PROCESS_LOCKS}; -use crate::ntioapi::FILE_INFORMATION_CLASS; -use crate::ntldr::{RTL_PROCESS_MODULES, RTL_PROCESS_MODULE_INFORMATION_EX}; -use crate::ntmmapi::SECTION_IMAGE_INFORMATION; -use crate::ntnls::{PCPTABLEINFO, PNLSTABLEINFO}; -use crate::ntpebteb::{PPEB, PTEB_ACTIVE_FRAME}; -use crate::ntpsapi::{PINITIAL_TEB, PPS_APC_ROUTINE, PS_PROTECTION}; -use crate::ntapi_base::{PRTL_ATOM, RTL_ATOM}; -use crate::string::UTF16Const; -use winapi::ctypes::c_void; -use winapi::shared::basetsd::{PULONG64, ULONG32, ULONG64, PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR}; -use winapi::shared::guiddef::GUID; -use winapi::shared::in6addr::in6_addr; -use winapi::shared::inaddr::in_addr; -use winapi::shared::minwindef::{BOOL, DWORD, PBOOL}; -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -use winapi::shared::ntdef::{LARGE_INTEGER, RTL_BALANCED_NODE}; -use winapi::shared::ntdef::{ - BOOLEAN, CCHAR, CHAR, CLONG, CSHORT, HANDLE, LCID, LIST_ENTRY, LOGICAL, LONG, LUID, NTSTATUS, - PANSI_STRING, PBOOLEAN, PCANSI_STRING, PCCH, PCH, PCHAR, PCOEM_STRING, PCSZ, PCUNICODE_STRING, - PCWCH, PCWSTR, PHANDLE, PLARGE_INTEGER, PLCID, PLIST_ENTRY, PLONG, PLUID, PNT_PRODUCT_TYPE, - POEM_STRING, PPROCESSOR_NUMBER, PRTL_BALANCED_NODE, PSINGLE_LIST_ENTRY, PSTR, PSTRING, PUCHAR, - PULONG, PULONGLONG, PUNICODE_STRING, PUSHORT, PVOID, PWCH, PWCHAR, PWSTR, SINGLE_LIST_ENTRY, - STRING, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR, -}; -use winapi::um::minwinbase::PTHREAD_START_ROUTINE; -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -use winapi::um::winnt::{PGET_RUNTIME_FUNCTION_CALLBACK, PRUNTIME_FUNCTION, PWOW64_CONTEXT}; -use winapi::um::winnt::{ - ACCESS_MASK, ACL_INFORMATION_CLASS, APC_CALLBACK_FUNCTION, HEAP_INFORMATION_CLASS, - HEAP_REALLOC_IN_PLACE_ONLY, HEAP_ZERO_MEMORY, OS_DEPLOYEMENT_STATE_VALUES, PACCESS_MASK, PACL, - PCONTEXT, PEXCEPTION_POINTERS, PEXCEPTION_RECORD, PFLS_CALLBACK_FUNCTION, PGENERIC_MAPPING, - PIMAGE_NT_HEADERS, PIMAGE_SECTION_HEADER, PLUID_AND_ATTRIBUTES, PMESSAGE_RESOURCE_ENTRY, - PPERFORMANCE_DATA, PRTL_BARRIER, PRTL_CONDITION_VARIABLE, PRTL_CRITICAL_SECTION, - PRTL_OSVERSIONINFOEXW, PRTL_OSVERSIONINFOW, PRTL_RESOURCE_DEBUG, PRTL_SRWLOCK, - PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR_CONTROL, PSID, PSID_AND_ATTRIBUTES, - PSID_AND_ATTRIBUTES_HASH, PSID_IDENTIFIER_AUTHORITY, PVECTORED_EXCEPTION_HANDLER, - PXSAVE_AREA_HEADER, RTL_CRITICAL_SECTION, RTL_SRWLOCK, SECURITY_DESCRIPTOR_CONTROL, - SECURITY_IMPERSONATION_LEVEL, SECURITY_INFORMATION, WAITORTIMERCALLBACKFUNC, - WORKERCALLBACKFUNC, -}; -use winapi::vc::vadefs::va_list; -#[inline] -pub fn InitializeListHead(ListHead: &mut LIST_ENTRY) { - ListHead.Flink = ListHead; - ListHead.Blink = ListHead; -} -#[inline] -pub fn IsListEmpty(ListHead: &LIST_ENTRY) -> bool { - ListHead.Flink as *const _ == ListHead as *const _ -} -#[inline] -pub unsafe fn RemoveEntryList(Entry: &mut LIST_ENTRY) -> bool { - let (Blink, Flink) = (Entry.Blink, Entry.Flink); - (*Blink).Flink = Flink; - (*Flink).Blink = Blink; - Flink == Blink -} -#[inline] -pub unsafe fn RemoveHeadList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY { - let Entry = ListHead.Flink; - let Flink = (*Entry).Flink; - ListHead.Flink = Flink; - (*Flink).Blink = ListHead; - Entry -} -#[inline] -pub unsafe fn RemoveTailList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY { - let Entry = ListHead.Blink; - let Blink = (*Entry).Blink; - ListHead.Blink = Blink; - (*Blink).Flink = ListHead; - Entry -} -#[inline] -pub unsafe fn InsertTailList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) { - let Blink = ListHead.Blink; - Entry.Flink = ListHead; - Entry.Blink = Blink; - (*Blink).Flink = Entry; - ListHead.Blink = Entry; -} -#[inline] -pub unsafe fn InsertHeadList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) { - let Flink = ListHead.Flink; - Entry.Flink = Flink; - Entry.Blink = ListHead; - (*Flink).Blink = Entry; - ListHead.Flink = Entry; -} -#[inline] -pub unsafe fn AppendTailList(ListHead: &mut LIST_ENTRY, ListToAppend: &mut LIST_ENTRY) { - let ListEnd = ListHead.Blink; - (*ListHead.Blink).Flink = ListToAppend; - ListHead.Blink = ListToAppend.Blink; - (*ListToAppend.Blink).Flink = ListHead; - ListToAppend.Blink = ListEnd; -} -#[inline] -pub unsafe fn PopEntryList(ListHead: &mut SINGLE_LIST_ENTRY) -> PSINGLE_LIST_ENTRY { - let FirstEntry = ListHead.Next; - if !FirstEntry.is_null() { - ListHead.Next = (*FirstEntry).Next; - } - FirstEntry -} -#[inline] -pub fn PushEntryList(ListHead: &mut SINGLE_LIST_ENTRY, Entry: &mut SINGLE_LIST_ENTRY) { - Entry.Next = ListHead.Next; - ListHead.Next = Entry; -} -ENUM!{enum TABLE_SEARCH_RESULT { - TableEmptyTree = 0, - TableFoundNode = 1, - TableInsertAsLeft = 2, - TableInsertAsRight = 3, -}} -ENUM!{enum RTL_GENERIC_COMPARE_RESULTS { - GenericLessThan = 0, - GenericGreaterThan = 1, - GenericEqual = 2, -}} -FN!{stdcall PRTL_AVL_COMPARE_ROUTINE( - Table: *mut RTL_AVL_TABLE, - FirstStruct: PVOID, - SecondStruct: PVOID, -) -> RTL_GENERIC_COMPARE_RESULTS} -FN!{stdcall PRTL_AVL_ALLOCATE_ROUTINE( - Table: *mut RTL_AVL_TABLE, - ByteSize: CLONG, -) -> PVOID} -FN!{stdcall PRTL_AVL_FREE_ROUTINE( - Table: *mut RTL_AVL_TABLE, - Buffer: PVOID, -) -> ()} -FN!{stdcall PRTL_AVL_MATCH_FUNCTION( - Table: *mut RTL_AVL_TABLE, - UserData: PVOID, - MatchData: PVOID, -) -> NTSTATUS} -STRUCT!{struct RTL_BALANCED_LINKS { - Parent: *mut RTL_BALANCED_LINKS, - LeftChild: *mut RTL_BALANCED_LINKS, - RightChild: *mut RTL_BALANCED_LINKS, - Balance: CHAR, - Reserved: [UCHAR; 3], -}} -pub type PRTL_BALANCED_LINKS = *mut RTL_BALANCED_LINKS; -STRUCT!{struct RTL_AVL_TABLE { - BalancedRoot: RTL_BALANCED_LINKS, - OrderedPointer: PVOID, - WhichOrderedElement: ULONG, - NumberGenericTableElements: ULONG, - DepthOfTree: ULONG, - RestartKey: PRTL_BALANCED_LINKS, - DeleteCount: ULONG, - CompareRoutine: PRTL_AVL_COMPARE_ROUTINE, - AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE, - FreeRoutine: PRTL_AVL_FREE_ROUTINE, - TableContext: PVOID, -}} -pub type PRTL_AVL_TABLE = *mut RTL_AVL_TABLE; -EXTERN!{extern "system" { - fn RtlInitializeGenericTableAvl( - Table: PRTL_AVL_TABLE, - CompareRoutine: PRTL_AVL_COMPARE_ROUTINE, - AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE, - FreeRoutine: PRTL_AVL_FREE_ROUTINE, - TableContext: PVOID, - ); - fn RtlInsertElementGenericTableAvl( - Table: PRTL_AVL_TABLE, - Buffer: PVOID, - BufferSize: CLONG, - NewElement: PBOOLEAN, - ) -> PVOID; - fn RtlInsertElementGenericTableFullAvl( - Table: PRTL_AVL_TABLE, - Buffer: PVOID, - BufferSize: CLONG, - NewElement: PBOOLEAN, - NodeOrParent: PVOID, - SearchResult: TABLE_SEARCH_RESULT, - ) -> PVOID; - fn RtlDeleteElementGenericTableAvl( - Table: PRTL_AVL_TABLE, - Buffer: PVOID, - ) -> BOOLEAN; - fn RtlLookupElementGenericTableAvl( - Table: PRTL_AVL_TABLE, - Buffer: PVOID, - ) -> PVOID; - fn RtlLookupElementGenericTableFullAvl( - Table: PRTL_AVL_TABLE, - Buffer: PVOID, - NodeOrParent: *mut PVOID, - SearchResult: *mut TABLE_SEARCH_RESULT, - ) -> PVOID; - fn RtlEnumerateGenericTableAvl( - Table: PRTL_AVL_TABLE, - Restart: BOOLEAN, - ) -> PVOID; - fn RtlEnumerateGenericTableWithoutSplayingAvl( - Table: PRTL_AVL_TABLE, - RestartKey: *mut PVOID, - ) -> PVOID; - fn RtlLookupFirstMatchingElementGenericTableAvl( - Table: PRTL_AVL_TABLE, - Buffer: PVOID, - RestartKey: *mut PVOID, - ) -> PVOID; - fn RtlEnumerateGenericTableLikeADirectory( - Table: PRTL_AVL_TABLE, - MatchFunction: PRTL_AVL_MATCH_FUNCTION, - MatchData: PVOID, - NextFlag: ULONG, - RestartKey: *mut PVOID, - DeleteCount: PULONG, - Buffer: PVOID, - ) -> PVOID; - fn RtlGetElementGenericTableAvl( - Table: PRTL_AVL_TABLE, - I: ULONG, - ) -> PVOID; - fn RtlNumberGenericTableElementsAvl( - Table: PRTL_AVL_TABLE, - ) -> ULONG; - fn RtlIsGenericTableEmptyAvl( - Table: PRTL_AVL_TABLE, - ) -> BOOLEAN; -}} -STRUCT!{struct RTL_SPLAY_LINKS { - Parent: *mut RTL_SPLAY_LINKS, - LeftChild: *mut RTL_SPLAY_LINKS, - RightChild: *mut RTL_SPLAY_LINKS, -}} -pub type PRTL_SPLAY_LINKS = *mut RTL_SPLAY_LINKS; -#[inline] -pub fn RtlInitializeSplayLinks(Links: &mut RTL_SPLAY_LINKS) { - Links.Parent = Links; - Links.LeftChild = null_mut(); - Links.RightChild = null_mut(); -} -#[inline] -pub const fn RtlParent(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS { - Links.Parent -} -#[inline] -pub const fn RtlLeftChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS { - Links.LeftChild -} -#[inline] -pub const fn RtlRightChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS { - Links.RightChild -} -#[inline] -pub unsafe fn RtlIsRoot(Links: *const RTL_SPLAY_LINKS) -> bool { - (*Links).Parent as *const _ == Links -} -#[inline] -pub unsafe fn RtlIsLeftChild(Links: *const RTL_SPLAY_LINKS) -> bool { - RtlLeftChild(&*RtlParent(&*Links)) as *const _ == Links -} -#[inline] -pub unsafe fn RtlIsRightChild(Links: *const RTL_SPLAY_LINKS) -> bool { - RtlRightChild(&*RtlParent(&*Links)) as *const _ == Links -} -#[inline] -pub fn RtlInsertAsLeftChild( - ParentLinks: &mut RTL_SPLAY_LINKS, - ChildLinks: &mut RTL_SPLAY_LINKS, -) { - ParentLinks.LeftChild = ChildLinks; - ChildLinks.Parent = ParentLinks; -} -#[inline] -pub fn RtlInsertAsRightChild( - ParentLinks: &mut RTL_SPLAY_LINKS, - ChildLinks: &mut RTL_SPLAY_LINKS, -) { - ParentLinks.RightChild = ChildLinks; - ChildLinks.Parent = ParentLinks; -} -EXTERN!{extern "system" { - fn RtlSplay( - Links: PRTL_SPLAY_LINKS, - ) -> PRTL_SPLAY_LINKS; - fn RtlDelete( - Links: PRTL_SPLAY_LINKS, - ) -> PRTL_SPLAY_LINKS; - fn RtlDeleteNoSplay( - Links: PRTL_SPLAY_LINKS, - Root: *mut PRTL_SPLAY_LINKS, - ); - fn RtlSubtreeSuccessor( - Links: PRTL_SPLAY_LINKS, - ) -> PRTL_SPLAY_LINKS; - fn RtlSubtreePredecessor( - Links: PRTL_SPLAY_LINKS, - ) -> PRTL_SPLAY_LINKS; - fn RtlRealSuccessor( - Links: PRTL_SPLAY_LINKS, - ) -> PRTL_SPLAY_LINKS; - fn RtlRealPredecessor( - Links: PRTL_SPLAY_LINKS, - ) -> PRTL_SPLAY_LINKS; -}} -FN!{stdcall PRTL_GENERIC_COMPARE_ROUTINE( - Table: *mut RTL_GENERIC_TABLE, - FirstStruct: PVOID, - SecondStruct: PVOID, -) -> RTL_GENERIC_COMPARE_RESULTS} -FN!{stdcall PRTL_GENERIC_ALLOCATE_ROUTINE( - Table: *mut RTL_GENERIC_TABLE, - ByteSize: CLONG, -) -> PVOID} -FN!{stdcall PRTL_GENERIC_FREE_ROUTINE( - Table: *mut RTL_GENERIC_TABLE, - Buffer: PVOID, -) -> ()} -STRUCT!{struct RTL_GENERIC_TABLE { - TableRoot: PRTL_SPLAY_LINKS, - InsertOrderList: LIST_ENTRY, - OrderedPointer: PLIST_ENTRY, - WhichOrderedElement: ULONG, - NumberGenericTableElements: ULONG, - CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE, - AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE, - FreeRoutine: PRTL_GENERIC_FREE_ROUTINE, - TableContext: PVOID, -}} -pub type PRTL_GENERIC_TABLE = *mut RTL_GENERIC_TABLE; -EXTERN!{extern "system" { - fn RtlInitializeGenericTable( - Table: PRTL_GENERIC_TABLE, - CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE, - AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE, - FreeRoutine: PRTL_GENERIC_FREE_ROUTINE, - TableContext: PVOID, - ); - fn RtlInsertElementGenericTable( - Table: PRTL_GENERIC_TABLE, - Buffer: PVOID, - BufferSize: CLONG, - NewElement: PBOOLEAN, - ) -> PVOID; - fn RtlInsertElementGenericTableFull( - Table: PRTL_GENERIC_TABLE, - Buffer: PVOID, - BufferSize: CLONG, - NewElement: PBOOLEAN, - NodeOrParent: PVOID, - SearchResult: TABLE_SEARCH_RESULT, - ) -> PVOID; - fn RtlDeleteElementGenericTable( - Table: PRTL_GENERIC_TABLE, - Buffer: PVOID, - ) -> BOOLEAN; - fn RtlLookupElementGenericTable( - Table: PRTL_GENERIC_TABLE, - Buffer: PVOID, - ) -> PVOID; - fn RtlLookupElementGenericTableFull( - Table: PRTL_GENERIC_TABLE, - Buffer: PVOID, - NodeOrParent: *mut PVOID, - SearchResult: *mut TABLE_SEARCH_RESULT, - ) -> PVOID; - fn RtlEnumerateGenericTable( - Table: PRTL_GENERIC_TABLE, - Restart: BOOLEAN, - ) -> PVOID; - fn RtlEnumerateGenericTableWithoutSplaying( - Table: PRTL_GENERIC_TABLE, - RestartKey: *mut PVOID, - ) -> PVOID; - fn RtlGetElementGenericTable( - Table: PRTL_GENERIC_TABLE, - I: ULONG, - ) -> PVOID; - fn RtlNumberGenericTableElements( - Table: PRTL_GENERIC_TABLE, - ) -> ULONG; - fn RtlIsGenericTableEmpty( - Table: PRTL_GENERIC_TABLE, - ) -> BOOLEAN; -}} -STRUCT!{struct RTL_RB_TREE { - Root: PRTL_BALANCED_NODE, - Min: PRTL_BALANCED_NODE, -}} -pub type PRTL_RB_TREE = *mut RTL_RB_TREE; -EXTERN!{extern "system" { - fn RtlRbInsertNodeEx( - Tree: PRTL_RB_TREE, - Parent: PRTL_BALANCED_NODE, - Right: BOOLEAN, - Node: PRTL_BALANCED_NODE, - ); - fn RtlRbRemoveNode( - Tree: PRTL_RB_TREE, - Node: PRTL_BALANCED_NODE, - ); -}} -pub const RTL_HASH_ALLOCATED_HEADER: u32 = 0x00000001; -pub const RTL_HASH_RESERVED_SIGNATURE: u32 = 0; -STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENTRY { - Linkage: LIST_ENTRY, - Signature: ULONG_PTR, -}} -pub type PRTL_DYNAMIC_HASH_TABLE_ENTRY = *mut RTL_DYNAMIC_HASH_TABLE_ENTRY; -#[inline] -pub const fn HASH_ENTRY_KEY(x: &RTL_DYNAMIC_HASH_TABLE_ENTRY) -> ULONG_PTR { - x.Signature -} -STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_CONTEXT { - ChainHead: PLIST_ENTRY, - PrevLinkage: PLIST_ENTRY, - Signature: ULONG_PTR, -}} -pub type PRTL_DYNAMIC_HASH_TABLE_CONTEXT = *mut RTL_DYNAMIC_HASH_TABLE_CONTEXT; -STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENUMERATOR { - HashEntry: RTL_DYNAMIC_HASH_TABLE_ENTRY, - ChainHead: PLIST_ENTRY, - BucketIndex: ULONG, -}} -pub type PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR = *mut RTL_DYNAMIC_HASH_TABLE_ENUMERATOR; -STRUCT!{struct RTL_DYNAMIC_HASH_TABLE { - Flags: ULONG, - Shift: ULONG, - TableSize: ULONG, - Pivot: ULONG, - DivisorMask: ULONG, - NumEntries: ULONG, - NonEmptyBuckets: ULONG, - NumEnumerators: ULONG, - Directory: PVOID, -}} -pub type PRTL_DYNAMIC_HASH_TABLE = *mut RTL_DYNAMIC_HASH_TABLE; -#[inline] -pub fn RtlInitHashTableContext(Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT) { - Context.ChainHead = null_mut(); - Context.PrevLinkage = null_mut(); -} -#[inline] -pub fn RtlInitHashTableContextFromEnumerator( - Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT, - Enumerator: &RTL_DYNAMIC_HASH_TABLE_ENUMERATOR, -) { - Context.ChainHead = Enumerator.ChainHead; - Context.PrevLinkage = Enumerator.HashEntry.Linkage.Blink; -} -// RtlReleaseHashTableContext -#[inline] -pub const fn RtlTotalBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { - HashTable.TableSize -} -#[inline] -pub const fn RtlNonEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { - HashTable.NonEmptyBuckets -} -#[inline] -pub const fn RtlEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { - HashTable.TableSize - HashTable.NonEmptyBuckets -} -#[inline] -pub const fn RtlTotalEntriesHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { - HashTable.NumEntries -} -#[inline] -pub const fn RtlActiveEnumeratorsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { - HashTable.NumEnumerators -} -EXTERN!{extern "system" { - fn RtlCreateHashTable( - HashTable: *mut PRTL_DYNAMIC_HASH_TABLE, - Shift: ULONG, - Flags: ULONG, - ) -> BOOLEAN; - fn RtlDeleteHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - ); - fn RtlInsertEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY, - Signature: ULONG_PTR, - Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, - ) -> BOOLEAN; - fn RtlRemoveEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY, - Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, - ) -> BOOLEAN; - fn RtlLookupEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Signature: ULONG_PTR, - Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, - ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; - fn RtlGetNextEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, - ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; - fn RtlInitEnumerationHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ) -> BOOLEAN; - fn RtlEnumerateEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; - fn RtlEndEnumerationHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ); - fn RtlInitWeakEnumerationHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ) -> BOOLEAN; - fn RtlWeaklyEnumerateEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; - fn RtlEndWeakEnumerationHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ); - fn RtlExpandHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - ) -> BOOLEAN; - fn RtlContractHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - ) -> BOOLEAN; - fn RtlInitStrongEnumerationHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ) -> BOOLEAN; - fn RtlStronglyEnumerateEntryHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; - fn RtlEndStrongEnumerationHashTable( - HashTable: PRTL_DYNAMIC_HASH_TABLE, - Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, - ); - fn RtlInitializeCriticalSection( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> NTSTATUS; - fn RtlInitializeCriticalSectionAndSpinCount( - CriticalSection: PRTL_CRITICAL_SECTION, - SpinCount: ULONG, - ) -> NTSTATUS; - fn RtlDeleteCriticalSection( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> NTSTATUS; - fn RtlEnterCriticalSection( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> NTSTATUS; - fn RtlLeaveCriticalSection( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> NTSTATUS; - fn RtlTryEnterCriticalSection( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> LOGICAL; - fn RtlIsCriticalSectionLocked( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> LOGICAL; - fn RtlIsCriticalSectionLockedByThread( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> LOGICAL; - fn RtlGetCriticalSectionRecursionCount( - CriticalSection: PRTL_CRITICAL_SECTION, - ) -> ULONG; - fn RtlSetCriticalSectionSpinCount( - CriticalSection: PRTL_CRITICAL_SECTION, - SpinCount: ULONG, - ) -> ULONG; - fn RtlQueryCriticalSectionOwner( - EventHandle: HANDLE, - ) -> HANDLE; - fn RtlCheckForOrphanedCriticalSections( - ThreadHandle: HANDLE, - ); -}} -STRUCT!{struct RTL_RESOURCE { - CriticalSection: RTL_CRITICAL_SECTION, - SharedSemaphore: HANDLE, - NumberOfWaitingShared: ULONG, - ExclusiveSemaphore: HANDLE, - NumberOfWaitingExclusive: ULONG, - NumberOfActive: LONG, - ExclusiveOwnerThread: HANDLE, - Flags: ULONG, - DebugInfo: PRTL_RESOURCE_DEBUG, -}} -pub type PRTL_RESOURCE = *mut RTL_RESOURCE; -pub const RTL_RESOURCE_FLAG_LONG_TERM: ULONG = 0x00000001; -EXTERN!{extern "system" { - fn RtlInitializeResource( - Resource: PRTL_RESOURCE, - ); - fn RtlDeleteResource( - Resource: PRTL_RESOURCE, - ); - fn RtlAcquireResourceShared( - Resource: PRTL_RESOURCE, - Wait: BOOLEAN, - ) -> BOOLEAN; - fn RtlAcquireResourceExclusive( - Resource: PRTL_RESOURCE, - Wait: BOOLEAN, - ) -> BOOLEAN; - fn RtlReleaseResource( - Resource: PRTL_RESOURCE, - ); - fn RtlConvertSharedToExclusive( - Resource: PRTL_RESOURCE, - ); - fn RtlConvertExclusiveToShared( - Resource: PRTL_RESOURCE, - ); - fn RtlInitializeSRWLock( - SRWLock: PRTL_SRWLOCK, - ); - fn RtlAcquireSRWLockExclusive( - SRWLock: PRTL_SRWLOCK, - ); - fn RtlAcquireSRWLockShared( - SRWLock: PRTL_SRWLOCK, - ); - fn RtlReleaseSRWLockExclusive( - SRWLock: PRTL_SRWLOCK, - ); - fn RtlReleaseSRWLockShared( - SRWLock: PRTL_SRWLOCK, - ); - fn RtlTryAcquireSRWLockExclusive( - SRWLock: PRTL_SRWLOCK, - ) -> BOOLEAN; - fn RtlTryAcquireSRWLockShared( - SRWLock: PRTL_SRWLOCK, - ) -> BOOLEAN; - fn RtlAcquireReleaseSRWLockExclusive( - SRWLock: PRTL_SRWLOCK, - ); - fn RtlInitializeConditionVariable( - ConditionVariable: PRTL_CONDITION_VARIABLE, - ); - fn RtlSleepConditionVariableCS( - ConditionVariable: PRTL_CONDITION_VARIABLE, - CriticalSection: PRTL_CRITICAL_SECTION, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn RtlSleepConditionVariableSRW( - ConditionVariable: PRTL_CONDITION_VARIABLE, - SRWLock: PRTL_SRWLOCK, - Timeout: PLARGE_INTEGER, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlWakeConditionVariable( - ConditionVariable: PRTL_CONDITION_VARIABLE, - ); - fn RtlWakeAllConditionVariable( - ConditionVariable: PRTL_CONDITION_VARIABLE, - ); -}} -pub const RTL_BARRIER_FLAGS_SPIN_ONLY: ULONG = 0x00000001; -pub const RTL_BARRIER_FLAGS_BLOCK_ONLY: ULONG = 0x00000002; -pub const RTL_BARRIER_FLAGS_NO_DELETE: ULONG = 0x00000004; -EXTERN!{extern "system" { - fn RtlInitBarrier( - Barrier: PRTL_BARRIER, - TotalThreads: ULONG, - SpinCount: ULONG, - ) -> NTSTATUS; - fn RtlDeleteBarrier( - Barrier: PRTL_BARRIER, - ) -> NTSTATUS; - fn RtlBarrier( - Barrier: PRTL_BARRIER, - Flags: ULONG, - ) -> BOOLEAN; - fn RtlBarrierForDelete( - Barrier: PRTL_BARRIER, - Flags: ULONG, - ) -> BOOLEAN; - fn RtlWaitOnAddress( - Address: *mut VOID, - CompareAddress: PVOID, - AddressSize: SIZE_T, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn RtlWakeAddressAll( - Address: PVOID, - ); - fn RtlWakeAddressSingle( - Address: PVOID, - ); - fn RtlInitString( - DestinationString: PSTRING, - SourceString: PCSZ, - ); - fn RtlInitStringEx( - DestinationString: PSTRING, - SourceString: PCSZ, - ) -> NTSTATUS; - fn RtlInitAnsiString( - DestinationString: PANSI_STRING, - SourceString: PCSZ, - ); - fn RtlInitAnsiStringEx( - DestinationString: PANSI_STRING, - SourceString: PCSZ, - ) -> NTSTATUS; - fn RtlFreeAnsiString( - AnsiString: PANSI_STRING, - ); - fn RtlFreeOemString( - OemString: POEM_STRING, - ); - fn RtlCopyString( - DestinationString: PSTRING, - SourceString: *const STRING, - ); - fn RtlUpperChar( - Character: CHAR, - ) -> CHAR; - fn RtlCompareString( - String1: *const STRING, - String2: *const STRING, - CaseInSensitive: BOOLEAN, - ) -> LONG; - fn RtlEqualString( - String1: *const STRING, - String2: *const STRING, - CaseInSensitive: BOOLEAN, - ) -> BOOLEAN; - fn RtlPrefixString( - String1: *const STRING, - String2: *const STRING, - CaseInSensitive: BOOLEAN, - ) -> BOOLEAN; - fn RtlAppendStringToString( - Destination: PSTRING, - Source: *const STRING, - ) -> NTSTATUS; - fn RtlAppendAsciizToString( - Destination: PSTRING, - Source: PSTR, - ) -> NTSTATUS; - fn RtlUpperString( - DestinationString: PSTRING, - SourceString: *const STRING, - ); -}} -#[inline] -pub unsafe fn RtlIsNullOrEmptyUnicodeString(String: PUNICODE_STRING) -> bool { - String.is_null() || (*String).Length == 0 -} -#[inline] -pub fn RtlInitEmptyUnicodeString( - UnicodeString: &mut UNICODE_STRING, - Buffer: PWCHAR, - MaximumLength: USHORT, -) { - UnicodeString.Buffer = Buffer; - UnicodeString.MaximumLength = MaximumLength; - UnicodeString.Length = 0; -} -EXTERN!{extern "system" { - fn RtlInitUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCWSTR, - ); - fn RtlInitUnicodeStringEx( - DestinationString: PUNICODE_STRING, - SourceString: PCWSTR, - ) -> NTSTATUS; - fn RtlCreateUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCWSTR, - ) -> BOOLEAN; - fn RtlCreateUnicodeStringFromAsciiz( - DestinationString: PUNICODE_STRING, - SourceString: PSTR, - ) -> BOOLEAN; - fn RtlFreeUnicodeString( - UnicodeString: PUNICODE_STRING, - ); -}} -pub const RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE: ULONG = 0x00000001; -pub const RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING: ULONG = 0x00000002; -EXTERN!{extern "system" { - fn RtlDuplicateUnicodeString( - Flags: ULONG, - StringIn: PCUNICODE_STRING, - StringOut: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlCopyUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCUNICODE_STRING, - ); - fn RtlUpcaseUnicodeChar( - SourceCharacter: WCHAR, - ) -> WCHAR; - fn RtlDowncaseUnicodeChar( - SourceCharacter: WCHAR, - ) -> WCHAR; - fn RtlCompareUnicodeString( - String1: PCUNICODE_STRING, - String2: PCUNICODE_STRING, - CaseInSensitive: BOOLEAN, - ) -> LONG; - fn RtlCompareUnicodeStrings( - String1: PCWCH, - String1Length: SIZE_T, - String2: PCWCH, - String2Length: SIZE_T, - CaseInSensitive: BOOLEAN, - ) -> LONG; - fn RtlEqualUnicodeString( - String1: PCUNICODE_STRING, - String2: PCUNICODE_STRING, - CaseInSensitive: BOOLEAN, - ) -> BOOLEAN; -}} -pub const HASH_STRING_ALGORITHM_DEFAULT: ULONG = 0; -pub const HASH_STRING_ALGORITHM_X65599: ULONG = 1; -pub const HASH_STRING_ALGORITHM_INVALID: ULONG = 0xffffffff; -EXTERN!{extern "system" { - fn RtlHashUnicodeString( - String: PCUNICODE_STRING, - CaseInSensitive: BOOLEAN, - HashAlgorithm: ULONG, - HashValue: PULONG, - ) -> NTSTATUS; - fn RtlValidateUnicodeString( - Flags: ULONG, - String: PCUNICODE_STRING, - ) -> NTSTATUS; - fn RtlPrefixUnicodeString( - String1: PCUNICODE_STRING, - String2: PCUNICODE_STRING, - CaseInSensitive: BOOLEAN, - ) -> BOOLEAN; - fn RtlSuffixUnicodeString( - String1: PUNICODE_STRING, - String2: PUNICODE_STRING, - CaseInSensitive: BOOLEAN, - ) -> BOOLEAN; - fn RtlFindUnicodeSubstring( - FullString: PUNICODE_STRING, - SearchString: PUNICODE_STRING, - CaseInSensitive: BOOLEAN, - ) -> PWCHAR; -}} -pub const RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END: ULONG = 0x00000001; -pub const RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET: ULONG = 0x00000002; -pub const RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE: ULONG = 0x00000004; -EXTERN!{extern "system" { - fn RtlFindCharInUnicodeString( - Flags: ULONG, - StringToSearch: PUNICODE_STRING, - CharSet: PUNICODE_STRING, - NonInclusivePrefixLength: PUSHORT, - ) -> NTSTATUS; - fn RtlAppendUnicodeStringToString( - Destination: PUNICODE_STRING, - Source: PCUNICODE_STRING, - ) -> NTSTATUS; - fn RtlAppendUnicodeToString( - Destination: PUNICODE_STRING, - Source: PCWSTR, - ) -> NTSTATUS; - fn RtlUpcaseUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlDowncaseUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlEraseUnicodeString( - String: PUNICODE_STRING, - ); - fn RtlAnsiStringToUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCANSI_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlUnicodeStringToAnsiString( - DestinationString: PANSI_STRING, - SourceString: PCUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlAnsiCharToUnicodeChar( - SourceCharacter: *mut PUCHAR, - ) -> WCHAR; - fn RtlUpcaseUnicodeStringToAnsiString( - DestinationString: PANSI_STRING, - SourceString: PUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlOemStringToUnicodeString( - DestinationString: PUNICODE_STRING, - SourceString: PCOEM_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlUnicodeStringToOemString( - DestinationString: POEM_STRING, - SourceString: PCUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlUpcaseUnicodeStringToOemString( - DestinationString: POEM_STRING, - SourceString: PUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlUnicodeStringToCountedOemString( - DestinationString: POEM_STRING, - SourceString: PCUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlUpcaseUnicodeStringToCountedOemString( - DestinationString: POEM_STRING, - SourceString: PCUNICODE_STRING, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlMultiByteToUnicodeN( - UnicodeString: PWCH, - MaxBytesInUnicodeString: ULONG, - BytesInUnicodeString: PULONG, - MultiByteString: *const CHAR, - BytesInMultiByteString: ULONG, - ) -> NTSTATUS; - fn RtlMultiByteToUnicodeSize( - BytesInUnicodeString: PULONG, - MultiByteString: *const CHAR, - BytesInMultiByteString: ULONG, - ) -> NTSTATUS; - fn RtlUnicodeToMultiByteN( - MultiByteString: PCHAR, - MaxBytesInMultiByteString: ULONG, - BytesInMultiByteString: PULONG, - UnicodeString: PCWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlUnicodeToMultiByteSize( - BytesInMultiByteString: PULONG, - UnicodeString: PCWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlUpcaseUnicodeToMultiByteN( - MultiByteString: PCHAR, - MaxBytesInMultiByteString: ULONG, - BytesInMultiByteString: PULONG, - UnicodeString: PCWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlOemToUnicodeN( - UnicodeString: PWCH, - MaxBytesInUnicodeString: ULONG, - BytesInUnicodeString: PULONG, - OemString: PCCH, - BytesInOemString: ULONG, - ) -> NTSTATUS; - fn RtlUnicodeToOemN( - OemString: PCHAR, - MaxBytesInOemString: ULONG, - BytesInOemString: PULONG, - UnicodeString: PCWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlUpcaseUnicodeToOemN( - OemString: PCHAR, - MaxBytesInOemString: ULONG, - BytesInOemString: PULONG, - UnicodeString: PCWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlConsoleMultiByteToUnicodeN( - UnicodeString: PWCH, - MaxBytesInUnicodeString: ULONG, - BytesInUnicodeString: PULONG, - MultiByteString: PCH, - BytesInMultiByteString: ULONG, - pdwSpecialChar: PULONG, - ) -> NTSTATUS; - fn RtlUTF8ToUnicodeN( - UnicodeStringDestination: PWSTR, - UnicodeStringMaxByteCount: ULONG, - UnicodeStringActualByteCount: PULONG, - UTF8StringSource: PCCH, - UTF8StringByteCount: ULONG, - ) -> NTSTATUS; - fn RtlUnicodeToUTF8N( - UTF8StringDestination: PCHAR, - UTF8StringMaxByteCount: ULONG, - UTF8StringActualByteCount: PULONG, - UnicodeStringSource: PCWCH, - UnicodeStringByteCount: ULONG, - ) -> NTSTATUS; - fn RtlCustomCPToUnicodeN( - CustomCP: PCPTABLEINFO, - UnicodeString: PWCH, - MaxBytesInUnicodeString: ULONG, - BytesInUnicodeString: PULONG, - CustomCPString: PCH, - BytesInCustomCPString: ULONG, - ) -> NTSTATUS; - fn RtlUnicodeToCustomCPN( - CustomCP: PCPTABLEINFO, - CustomCPString: PCH, - MaxBytesInCustomCPString: ULONG, - BytesInCustomCPString: PULONG, - UnicodeString: PWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlUpcaseUnicodeToCustomCPN( - CustomCP: PCPTABLEINFO, - CustomCPString: PCH, - MaxBytesInCustomCPString: ULONG, - BytesInCustomCPString: PULONG, - UnicodeString: PWCH, - BytesInUnicodeString: ULONG, - ) -> NTSTATUS; - fn RtlInitCodePageTable( - TableBase: PUSHORT, - CodePageTable: PCPTABLEINFO, - ); - fn RtlInitNlsTables( - AnsiNlsBase: PUSHORT, - OemNlsBase: PUSHORT, - LanguageNlsBase: PUSHORT, - TableInfo: PNLSTABLEINFO, - ); - fn RtlResetRtlTranslations( - TableInfo: PNLSTABLEINFO, - ); - fn RtlIsTextUnicode( - Buffer: PVOID, - Size: ULONG, - Result: PULONG, - ) -> BOOLEAN; -}} -ENUM!{enum RTL_NORM_FORM { - NormOther = 0x0, - NormC = 0x1, - NormD = 0x2, - NormKC = 0x5, - NormKD = 0x6, - NormIdna = 0xd, - DisallowUnassigned = 0x100, - NormCDisallowUnassigned = 0x101, - NormDDisallowUnassigned = 0x102, - NormKCDisallowUnassigned = 0x105, - NormKDDisallowUnassigned = 0x106, - NormIdnaDisallowUnassigned = 0x10d, -}} -EXTERN!{extern "system" { - fn RtlNormalizeString( - NormForm: ULONG, - SourceString: PCWSTR, - SourceStringLength: LONG, - DestinationString: PWSTR, - DestinationStringLength: PLONG, - ) -> NTSTATUS; - fn RtlIsNormalizedString( - NormForm: ULONG, - SourceString: PCWSTR, - SourceStringLength: LONG, - Normalized: PBOOLEAN, - ) -> NTSTATUS; - fn RtlIsNameInExpression( - Expression: PUNICODE_STRING, - Name: PUNICODE_STRING, - IgnoreCase: BOOLEAN, - UpcaseTable: PWCH, - ) -> BOOLEAN; - fn RtlIsNameInUnUpcasedExpression( - Expression: PUNICODE_STRING, - Name: PUNICODE_STRING, - IgnoreCase: BOOLEAN, - UpcaseTable: PWCH, - ) -> BOOLEAN; - fn RtlEqualDomainName( - String1: PUNICODE_STRING, - String2: PUNICODE_STRING, - ) -> BOOLEAN; - fn RtlEqualComputerName( - String1: PUNICODE_STRING, - String2: PUNICODE_STRING, - ) -> BOOLEAN; - fn RtlDnsHostNameToComputerName( - ComputerNameString: PUNICODE_STRING, - DnsHostNameString: PUNICODE_STRING, - AllocateComputerNameString: BOOLEAN, - ) -> NTSTATUS; - fn RtlStringFromGUID( - Guid: *const GUID, - GuidString: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlStringFromGUIDEx( - Guid: *mut GUID, - GuidString: PUNICODE_STRING, - AllocateGuidString: BOOLEAN, - ) -> NTSTATUS; - fn RtlGUIDFromString( - GuidString: PCUNICODE_STRING, - Guid: *mut GUID, - ) -> NTSTATUS; - fn RtlCompareAltitudes( - Altitude1: PCUNICODE_STRING, - Altitude2: PCUNICODE_STRING, - ) -> LONG; - fn RtlIdnToAscii( - Flags: ULONG, - SourceString: PCWSTR, - SourceStringLength: LONG, - DestinationString: PWSTR, - DestinationStringLength: PLONG, - ) -> NTSTATUS; - fn RtlIdnToUnicode( - Flags: ULONG, - SourceString: PCWSTR, - SourceStringLength: LONG, - DestinationString: PWSTR, - DestinationStringLength: PLONG, - ) -> NTSTATUS; - fn RtlIdnToNameprepUnicode( - Flags: ULONG, - SourceString: PCWSTR, - SourceStringLength: LONG, - DestinationString: PWSTR, - DestinationStringLength: PLONG, - ) -> NTSTATUS; -}} -STRUCT!{struct PREFIX_TABLE_ENTRY { - NodeTypeCode: CSHORT, - NameLength: CSHORT, - NextPrefixTree: *mut PREFIX_TABLE_ENTRY, - Links: RTL_SPLAY_LINKS, - Prefix: PSTRING, -}} -pub type PPREFIX_TABLE_ENTRY = *mut PREFIX_TABLE_ENTRY; -STRUCT!{struct PREFIX_TABLE { - NodeTypeCode: CSHORT, - NameLength: CSHORT, - NextPrefixTree: PPREFIX_TABLE_ENTRY, -}} -pub type PPREFIX_TABLE = *mut PREFIX_TABLE; -EXTERN!{extern "system" { - fn PfxInitialize( - PrefixTable: PPREFIX_TABLE, - ); - fn PfxInsertPrefix( - PrefixTable: PPREFIX_TABLE, - Prefix: PSTRING, - PrefixTableEntry: PPREFIX_TABLE_ENTRY, - ) -> BOOLEAN; - fn PfxRemovePrefix( - PrefixTable: PPREFIX_TABLE, - PrefixTableEntry: PPREFIX_TABLE_ENTRY, - ); - fn PfxFindPrefix( - PrefixTable: PPREFIX_TABLE, - FullName: PSTRING, - ) -> PPREFIX_TABLE_ENTRY; -}} -STRUCT!{struct UNICODE_PREFIX_TABLE_ENTRY { - NodeTypeCode: CSHORT, - NameLength: CSHORT, - NextPrefixTree: *mut UNICODE_PREFIX_TABLE_ENTRY, - CaseMatch: *mut UNICODE_PREFIX_TABLE_ENTRY, - Links: RTL_SPLAY_LINKS, - Prefix: PUNICODE_STRING, -}} -pub type PUNICODE_PREFIX_TABLE_ENTRY = *mut UNICODE_PREFIX_TABLE_ENTRY; -STRUCT!{struct UNICODE_PREFIX_TABLE { - NodeTypeCode: CSHORT, - NameLength: CSHORT, - NextPrefixTree: PUNICODE_PREFIX_TABLE_ENTRY, - LastNextEntry: PUNICODE_PREFIX_TABLE_ENTRY, -}} -pub type PUNICODE_PREFIX_TABLE = *mut UNICODE_PREFIX_TABLE; -EXTERN!{extern "system" { - fn RtlInitializeUnicodePrefix( - PrefixTable: PUNICODE_PREFIX_TABLE, - ); - fn RtlInsertUnicodePrefix( - PrefixTable: PUNICODE_PREFIX_TABLE, - Prefix: PUNICODE_STRING, - PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY, - ) -> BOOLEAN; - fn RtlRemoveUnicodePrefix( - PrefixTable: PUNICODE_PREFIX_TABLE, - PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY, - ); - fn RtlFindUnicodePrefix( - PrefixTable: PUNICODE_PREFIX_TABLE, - FullName: PCUNICODE_STRING, - CaseInsensitiveIndex: ULONG, - ) -> PUNICODE_PREFIX_TABLE_ENTRY; - fn RtlNextUnicodePrefix( - PrefixTable: PUNICODE_PREFIX_TABLE, - Restart: BOOLEAN, - ) -> PUNICODE_PREFIX_TABLE_ENTRY; -}} -STRUCT!{struct COMPRESSED_DATA_INFO { - CompressionFormatAndEngine: USHORT, - CompressionUnitShift: UCHAR, - ChunkShift: UCHAR, - ClusterShift: UCHAR, - Reserved: UCHAR, - NumberOfChunks: USHORT, - CompressedChunkSizes: [ULONG; 1], -}} -pub type PCOMPRESSED_DATA_INFO = *mut COMPRESSED_DATA_INFO; -EXTERN!{extern "system" { - fn RtlGetCompressionWorkSpaceSize( - CompressionFormatAndEngine: USHORT, - CompressBufferWorkSpaceSize: PULONG, - CompressFragmentWorkSpaceSize: PULONG, - ) -> NTSTATUS; - fn RtlCompressBuffer( - CompressionFormatAndEngine: USHORT, - UncompressedBuffer: PUCHAR, - UncompressedBufferSize: ULONG, - CompressedBuffer: PUCHAR, - CompressedBufferSize: ULONG, - UncompressedChunkSize: ULONG, - FinalCompressedSize: PULONG, - WorkSpace: PVOID, - ) -> NTSTATUS; - fn RtlDecompressBuffer( - CompressionFormat: USHORT, - UncompressedBuffer: PUCHAR, - UncompressedBufferSize: ULONG, - CompressedBuffer: PUCHAR, - CompressedBufferSize: ULONG, - FinalUncompressedSize: PULONG, - ) -> NTSTATUS; - fn RtlDecompressBufferEx( - CompressionFormat: USHORT, - UncompressedBuffer: PUCHAR, - UncompressedBufferSize: ULONG, - CompressedBuffer: PUCHAR, - CompressedBufferSize: ULONG, - FinalUncompressedSize: PULONG, - WorkSpace: PVOID, - ) -> NTSTATUS; - fn RtlDecompressFragment( - CompressionFormat: USHORT, - UncompressedFragment: PUCHAR, - UncompressedFragmentSize: ULONG, - CompressedBuffer: PUCHAR, - CompressedBufferSize: ULONG, - FragmentOffset: ULONG, - FinalUncompressedSize: PULONG, - WorkSpace: PVOID, - ) -> NTSTATUS; - fn RtlDescribeChunk( - CompressionFormat: USHORT, - CompressedBuffer: *mut PUCHAR, - EndOfCompressedBufferPlus1: PUCHAR, - ChunkBuffer: *mut PUCHAR, - ChunkSize: PULONG, - ) -> NTSTATUS; - fn RtlReserveChunk( - CompressionFormat: USHORT, - CompressedBuffer: *mut PUCHAR, - EndOfCompressedBufferPlus1: PUCHAR, - ChunkBuffer: *mut PUCHAR, - ChunkSize: ULONG, - ) -> NTSTATUS; - fn RtlDecompressChunks( - UncompressedBuffer: PUCHAR, - UncompressedBufferSize: ULONG, - CompressedBuffer: PUCHAR, - CompressedBufferSize: ULONG, - CompressedTail: PUCHAR, - CompressedTailSize: ULONG, - CompressedDataInfo: PCOMPRESSED_DATA_INFO, - ) -> NTSTATUS; - fn RtlCompressChunks( - UncompressedBuffer: PUCHAR, - UncompressedBufferSize: ULONG, - CompressedBuffer: PUCHAR, - CompressedBufferSize: ULONG, - CompressedDataInfo: PCOMPRESSED_DATA_INFO, - CompressedDataInfoLength: ULONG, - WorkSpace: PVOID, - ) -> NTSTATUS; - fn RtlConvertLCIDToString( - LcidValue: LCID, - Base: ULONG, - Padding: ULONG, - pResultBuf: PWSTR, - Size: ULONG, - ) -> NTSTATUS; - fn RtlIsValidLocaleName( - LocaleName: PWSTR, - Flags: ULONG, - ) -> BOOLEAN; - fn RtlGetParentLocaleName( - LocaleName: PWSTR, - ParentLocaleName: PUNICODE_STRING, - Flags: ULONG, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlLcidToLocaleName( - lcid: LCID, - LocaleName: PUNICODE_STRING, - Flags: ULONG, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlLocaleNameToLcid( - LocaleName: PWSTR, - lcid: PLCID, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlLCIDToCultureName( - Lcid: LCID, - String: PUNICODE_STRING, - ) -> BOOLEAN; - fn RtlCultureNameToLCID( - String: PUNICODE_STRING, - Lcid: PLCID, - ) -> BOOLEAN; - fn RtlCleanUpTEBLangLists(); - fn RtlGetLocaleFileMappingAddress( - BaseAddress: *mut PVOID, - DefaultLocaleId: PLCID, - DefaultCasingTableSize: PLARGE_INTEGER, - ) -> NTSTATUS; - fn RtlGetCurrentPeb() -> PPEB; - fn RtlAcquirePebLock(); - fn RtlReleasePebLock(); - fn RtlTryAcquirePebLock() -> LOGICAL; - fn RtlAllocateFromPeb( - Size: ULONG, - Block: *mut PVOID, - ) -> NTSTATUS; - fn RtlFreeToPeb( - Block: PVOID, - Size: ULONG, - ) -> NTSTATUS; -}} -pub const DOS_MAX_COMPONENT_LENGTH: u32 = 255; -pub const DOS_MAX_PATH_LENGTH: u32 = DOS_MAX_COMPONENT_LENGTH + 5; -STRUCT!{struct CURDIR { - DosPath: UNICODE_STRING, - Handle: HANDLE, -}} -pub type PCURDIR = *mut CURDIR; -pub const RTL_USER_PROC_CURDIR_CLOSE: u32 = 0x00000002; -pub const RTL_USER_PROC_CURDIR_INHERIT: u32 = 0x00000003; -STRUCT!{struct RTL_DRIVE_LETTER_CURDIR { - Flags: USHORT, - Length: USHORT, - TimeStamp: ULONG, - DosPath: STRING, -}} -pub type PRTL_DRIVE_LETTER_CURDIR = *mut RTL_DRIVE_LETTER_CURDIR; -pub const RTL_MAX_DRIVE_LETTERS: usize = 32; -pub const RTL_DRIVE_LETTER_VALID: USHORT = 0x0001; -STRUCT!{struct RTL_USER_PROCESS_PARAMETERS { - MaximumLength: ULONG, - Length: ULONG, - Flags: ULONG, - DebugFlags: ULONG, - ConsoleHandle: HANDLE, - ConsoleFlags: ULONG, - StandardInput: HANDLE, - StandardOutput: HANDLE, - StandardError: HANDLE, - CurrentDirectory: CURDIR, - DllPath: UNICODE_STRING, - ImagePathName: UNICODE_STRING, - CommandLine: UNICODE_STRING, - Environment: PVOID, - StartingX: ULONG, - StartingY: ULONG, - CountX: ULONG, - CountY: ULONG, - CountCharsX: ULONG, - CountCharsY: ULONG, - FillAttribute: ULONG, - WindowFlags: ULONG, - ShowWindowFlags: ULONG, - WindowTitle: UNICODE_STRING, - DesktopInfo: UNICODE_STRING, - ShellInfo: UNICODE_STRING, - RuntimeData: UNICODE_STRING, - CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR; RTL_MAX_DRIVE_LETTERS], - EnvironmentSize: ULONG_PTR, - EnvironmentVersion: ULONG_PTR, - PackageDependencyData: PVOID, - ProcessGroupId: ULONG, - LoaderThreads: ULONG, -}} -pub type PRTL_USER_PROCESS_PARAMETERS = *mut RTL_USER_PROCESS_PARAMETERS; -pub const RTL_USER_PROC_PARAMS_NORMALIZED: ULONG = 0x00000001; -pub const RTL_USER_PROC_PROFILE_USER: ULONG = 0x00000002; -pub const RTL_USER_PROC_PROFILE_KERNEL: ULONG = 0x00000004; -pub const RTL_USER_PROC_PROFILE_SERVER: ULONG = 0x00000008; -pub const RTL_USER_PROC_RESERVE_1MB: ULONG = 0x00000020; -pub const RTL_USER_PROC_RESERVE_16MB: ULONG = 0x00000040; -pub const RTL_USER_PROC_CASE_SENSITIVE: ULONG = 0x00000080; -pub const RTL_USER_PROC_DISABLE_HEAP_DECOMMIT: ULONG = 0x00000100; -pub const RTL_USER_PROC_DLL_REDIRECTION_LOCAL: ULONG = 0x00001000; -pub const RTL_USER_PROC_APP_MANIFEST_PRESENT: ULONG = 0x00002000; -pub const RTL_USER_PROC_IMAGE_KEY_MISSING: ULONG = 0x00004000; -pub const RTL_USER_PROC_OPTIN_PROCESS: ULONG = 0x00020000; -EXTERN!{extern "system" { - fn RtlCreateProcessParameters( - pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS, - ImagePathName: PUNICODE_STRING, - DllPath: PUNICODE_STRING, - CurrentDirectory: PUNICODE_STRING, - CommandLine: PUNICODE_STRING, - Environment: PVOID, - WindowTitle: PUNICODE_STRING, - DesktopInfo: PUNICODE_STRING, - ShellInfo: PUNICODE_STRING, - RuntimeData: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlCreateProcessParametersEx( - pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS, - ImagePathName: PUNICODE_STRING, - DllPath: PUNICODE_STRING, - CurrentDirectory: PUNICODE_STRING, - CommandLine: PUNICODE_STRING, - Environment: PVOID, - WindowTitle: PUNICODE_STRING, - DesktopInfo: PUNICODE_STRING, - ShellInfo: PUNICODE_STRING, - RuntimeData: PUNICODE_STRING, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlDestroyProcessParameters( - ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, - ) -> NTSTATUS; - fn RtlNormalizeProcessParams( - ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, - ) -> PRTL_USER_PROCESS_PARAMETERS; - fn RtlDeNormalizeProcessParams( - ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, - ) -> PRTL_USER_PROCESS_PARAMETERS; -}} -STRUCT!{struct RTL_USER_PROCESS_INFORMATION { - Length: ULONG, - Process: HANDLE, - Thread: HANDLE, - ClientId: CLIENT_ID, - ImageInformation: SECTION_IMAGE_INFORMATION, -}} -pub type PRTL_USER_PROCESS_INFORMATION = *mut RTL_USER_PROCESS_INFORMATION; -EXTERN!{extern "system" { - fn RtlCreateUserProcess( - NtImagePathName: PUNICODE_STRING, - AttributesDeprecated: ULONG, - ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, - ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR, - ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, - ParentProcess: HANDLE, - InheritHandles: BOOLEAN, - DebugPort: HANDLE, - TokenHandle: HANDLE, - ProcessInformation: PRTL_USER_PROCESS_INFORMATION, - ) -> NTSTATUS; - fn RtlCreateUserProcessEx( - NtImagePathName: PUNICODE_STRING, - ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, - InheritHandles: BOOLEAN, - Flags: ULONG, - ProcessInformation: PRTL_USER_PROCESS_INFORMATION, - ) -> NTSTATUS; - fn RtlExitUserProcess( - ExitStatus: NTSTATUS, - ); -}} -pub const RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001; -pub const RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES: ULONG = 0x00000002; -pub const RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE: ULONG = 0x00000004; -EXTERN!{extern "system" { - fn RtlCloneUserProcess( - ProcessFlags: ULONG, - ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR, - ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, - DebugPort: HANDLE, - ProcessInformation: PRTL_USER_PROCESS_INFORMATION, - ) -> NTSTATUS; - fn RtlUpdateClonedCriticalSection( - CriticalSection: PRTL_CRITICAL_SECTION, - ); - fn RtlUpdateClonedSRWLock( - SRWLock: PRTL_SRWLOCK, - Shared: LOGICAL, - ); -}} -STRUCT!{struct RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION { - ReflectionProcessHandle: HANDLE, - ReflectionThreadHandle: HANDLE, - ReflectionClientId: CLIENT_ID, -}} -pub type PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION = - *mut RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION; -EXTERN!{extern "system" { - fn RtlCreateProcessReflection( - ProcessHandle: HANDLE, - Flags: ULONG, - StartRoutine: PVOID, - StartContext: PVOID, - EventHandle: HANDLE, - ReflectionInformation: PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION, - ) -> NTSTATUS; -}} -EXTERN!{extern "C" { - fn RtlSetProcessIsCritical( - NewValue: BOOLEAN, - OldValue: PBOOLEAN, - CheckFlag: BOOLEAN, - ) -> NTSTATUS; - fn RtlSetThreadIsCritical( - NewValue: BOOLEAN, - OldValue: PBOOLEAN, - CheckFlag: BOOLEAN, - ) -> NTSTATUS; -}} -EXTERN!{extern "system" { - fn RtlValidProcessProtection( - ProcessProtection: PS_PROTECTION, - ) -> BOOLEAN; - fn RtlTestProtectedAccess( - Source: PS_PROTECTION, - Target: PS_PROTECTION, - ) -> BOOLEAN; - fn RtlIsCurrentProcess( - ProcessHandle: HANDLE, - ) -> BOOLEAN; - fn RtlIsCurrentThread( - ThreadHandle: HANDLE, - ) -> BOOLEAN; -}} -FN!{stdcall PUSER_THREAD_START_ROUTINE( - ThreadParameter: PVOID, -) -> NTSTATUS} -EXTERN!{extern "system" { - fn RtlCreateUserThread( - Process: HANDLE, - ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, - CreateSuspended: BOOLEAN, - ZeroBits: ULONG, - MaximumStackSize: SIZE_T, - CommittedStackSize: SIZE_T, - StartAddress: PUSER_THREAD_START_ROUTINE, - Parameter: PVOID, - Thread: PHANDLE, - ClientId: PCLIENT_ID, - ) -> NTSTATUS; - fn RtlExitUserThread( - ExitStatus: NTSTATUS, - ); - fn RtlIsCurrentThreadAttachExempt() -> BOOLEAN; - fn RtlCreateUserStack( - CommittedStackSize: SIZE_T, - MaximumStackSize: SIZE_T, - ZeroBits: ULONG_PTR, - PageSize: SIZE_T, - ReserveAlignment: ULONG_PTR, - InitialTeb: PINITIAL_TEB, - ) -> NTSTATUS; - fn RtlFreeUserStack( - AllocationBase: PVOID, - ) -> NTSTATUS; -}} -STRUCT!{struct CONTEXT_CHUNK { - Offset: LONG, - Length: ULONG, -}} -pub type PCONTEXT_CHUNK = *mut CONTEXT_CHUNK; -STRUCT!{struct CONTEXT_EX { - All: CONTEXT_CHUNK, - Legacy: CONTEXT_CHUNK, - XState: CONTEXT_CHUNK, -}} -pub type PCONTEXT_EX = *mut CONTEXT_EX; -pub const CONTEXT_EX_LENGTH: usize = 4096; -#[macro_export] -macro_rules! RTL_CONTEXT_EX_OFFSET { - ($ContextEx:expr, $Chunk:ident) => { - (*$ContextEx).$Chunk.Offset - }; -} -#[macro_export] -macro_rules! RTL_CONTEXT_EX_LENGTH { - ($ContextEx:expr, $Chunk:ident) => { - (*$ContextEx).$Chunk.Length - }; -} -#[macro_export] -macro_rules! RTL_CONTEXT_EX_CHUNK { - ($Base:expr, $Layout:expr, $Chunk:ident) => { - ($Base as usize + RTL_CONTEXT_EX_OFFSET!($Layout, $Chunk) as usize) as *mut c_void - }; -} -#[macro_export] -macro_rules! RTL_CONTEXT_OFFSET { - ($Context:expr, $Chunk:ident) => { - RTL_CONTEXT_EX_OFFSET!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) - as *const $crate::ntrtl::CONTEXT_EX, $Chunk) - }; -} -#[macro_export] -macro_rules! RTL_CONTEXT_LENGTH { - ($Context:expr, $Chunk:ident) => { - RTL_CONTEXT_EX_LENGTH!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) - as *const $crate::ntrtl::CONTEXT_EX, $Chunk) - }; -} -#[macro_export] -macro_rules! RTL_CONTEXT_CHUNK { - ($Context:expr, $Chunk:ident) => { - RTL_CONTEXT_EX_CHUNK!( - ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) - as *const $crate::ntrtl::CONTEXT_EX, - ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) - as *const $crate::ntrtl::CONTEXT_EX, - $Chunk - ) - }; -} -EXTERN!{extern "system" { - fn RtlInitializeContext( - Process: HANDLE, - Context: PCONTEXT, - Parameter: PVOID, - InitialPc: PVOID, - InitialSp: PVOID, - ); - fn RtlInitializeExtendedContext( - Context: PCONTEXT, - ContextFlags: ULONG, - ContextEx: *mut PCONTEXT_EX, - ) -> ULONG; - fn RtlCopyExtendedContext( - Destination: PCONTEXT_EX, - ContextFlags: ULONG, - Source: PCONTEXT_EX, - ) -> ULONG; - fn RtlGetExtendedContextLength( - ContextFlags: ULONG, - ContextLength: PULONG, - ) -> ULONG; - fn RtlGetExtendedFeaturesMask( - ContextEx: PCONTEXT_EX, - ) -> ULONG64; - fn RtlLocateExtendedFeature( - ContextEx: PCONTEXT_EX, - FeatureId: ULONG, - Length: PULONG, - ) -> PVOID; - fn RtlLocateLegacyContext( - ContextEx: PCONTEXT_EX, - Length: PULONG, - ) -> PCONTEXT; - fn RtlSetExtendedFeaturesMask( - ContextEx: PCONTEXT_EX, - FeatureMask: ULONG64, - ); -}} -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -EXTERN!{extern "system" { - fn RtlWow64GetThreadContext( - ThreadHandle: HANDLE, - ThreadContext: PWOW64_CONTEXT, - ) -> NTSTATUS; - fn RtlWow64SetThreadContext( - ThreadHandle: HANDLE, - ThreadContext: PWOW64_CONTEXT, - ) -> NTSTATUS; -}} -EXTERN!{extern "system" { - fn RtlRemoteCall( - Process: HANDLE, - Thread: HANDLE, - CallSite: PVOID, - ArgumentCount: ULONG, - Arguments: PULONG_PTR, - PassContext: BOOLEAN, - AlreadySuspended: BOOLEAN, - ) -> NTSTATUS; - fn RtlAddVectoredExceptionHandler( - First: ULONG, - Handler: PVECTORED_EXCEPTION_HANDLER, - ) -> PVOID; - fn RtlRemoveVectoredExceptionHandler( - Handle: PVOID, - ) -> ULONG; - fn RtlAddVectoredContinueHandler( - First: ULONG, - Handler: PVECTORED_EXCEPTION_HANDLER, - ) -> PVOID; - fn RtlRemoveVectoredContinueHandler( - Handle: PVOID, - ) -> ULONG; -}} -FN!{stdcall PRTLP_UNHANDLED_EXCEPTION_FILTER( - ExceptionInfo: PEXCEPTION_POINTERS, -) -> ULONG} -EXTERN!{extern "system" { - fn RtlSetUnhandledExceptionFilter( - UnhandledExceptionFilter: PRTLP_UNHANDLED_EXCEPTION_FILTER, - ); - fn RtlUnhandledExceptionFilter( - ExceptionPointers: PEXCEPTION_POINTERS, - ) -> LONG; - fn RtlUnhandledExceptionFilter2( - ExceptionPointers: PEXCEPTION_POINTERS, - Flags: ULONG, - ) -> LONG; - fn RtlKnownExceptionFilter( - ExceptionPointers: PEXCEPTION_POINTERS, - ) -> LONG; -}} -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -IFDEF!{ -ENUM!{enum FUNCTION_TABLE_TYPE { - RF_SORTED = 0, - RF_UNSORTED = 1, - RF_CALLBACK = 2, - RF_KERNEL_DYNAMIC = 3, -}} -STRUCT!{struct DYNAMIC_FUNCTION_TABLE { - ListEntry: LIST_ENTRY, - FunctionTable: PRUNTIME_FUNCTION, - TimeStamp: LARGE_INTEGER, - MinimumAddress: ULONG64, - MaximumAddress: ULONG64, - BaseAddress: ULONG64, - Callback: PGET_RUNTIME_FUNCTION_CALLBACK, - Context: PVOID, - OutOfProcessCallbackDll: PWSTR, - Type: FUNCTION_TABLE_TYPE, - EntryCount: ULONG, - TreeNode: RTL_BALANCED_NODE, -}} -pub type PDYNAMIC_FUNCTION_TABLE = *mut DYNAMIC_FUNCTION_TABLE; -EXTERN!{extern "system" { - fn RtlGetFunctionTableListHead() -> PLIST_ENTRY; -}} -} -EXTERN!{extern "system" { - fn RtlImageNtHeader( - BaseOfImage: PVOID, - ) -> PIMAGE_NT_HEADERS; -}} -pub const RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK: ULONG = 0x00000001; -EXTERN!{extern "system" { - fn RtlImageNtHeaderEx( - Flags: ULONG, - BaseOfImage: PVOID, - Size: ULONG64, - OutHeaders: *mut PIMAGE_NT_HEADERS, - ) -> NTSTATUS; - fn RtlAddressInSectionTable( - NtHeaders: PIMAGE_NT_HEADERS, - BaseOfImage: PVOID, - VirtualAddress: ULONG, - ) -> PVOID; - fn RtlSectionTableFromVirtualAddress( - NtHeaders: PIMAGE_NT_HEADERS, - BaseOfImage: PVOID, - VirtualAddress: ULONG, - ) -> PIMAGE_SECTION_HEADER; - fn RtlImageDirectoryEntryToData( - BaseOfImage: PVOID, - MappedAsImage: BOOLEAN, - DirectoryEntry: USHORT, - Size: PULONG, - ) -> PVOID; - fn RtlImageRvaToSection( - NtHeaders: PIMAGE_NT_HEADERS, - BaseOfImage: PVOID, - Rva: ULONG, - ) -> PIMAGE_SECTION_HEADER; - fn RtlImageRvaToVa( - NtHeaders: PIMAGE_NT_HEADERS, - BaseOfImage: PVOID, - Rva: ULONG, - LastRvaSection: *mut PIMAGE_SECTION_HEADER, - ) -> PVOID; - fn RtlFindExportedRoutineByName( - BaseOfImage: PVOID, - RoutineName: PSTR, - ) -> PVOID; - fn RtlGuardCheckLongJumpTarget( - PcValue: PVOID, - IsFastFail: BOOL, - IsLongJumpTarget: PBOOL, - ) -> NTSTATUS; - fn RtlCompareMemoryUlong( - Source: PVOID, - Length: SIZE_T, - Pattern: ULONG, - ) -> SIZE_T; - fn RtlFillMemoryUlong( - Destination: PVOID, - Length: SIZE_T, - Pattern: ULONG, - ); - fn RtlFillMemoryUlonglong( - Destination: PVOID, - Length: SIZE_T, - Pattern: ULONGLONG, - ); - fn RtlCreateEnvironment( - CloneCurrentEnvironment: BOOLEAN, - Environment: *mut PVOID, - ) -> NTSTATUS; -}} -pub const RTL_CREATE_ENVIRONMENT_TRANSLATE: ULONG = 0x1; -pub const RTL_CREATE_ENVIRONMENT_TRANSLATE_FROM_OEM: ULONG = 0x2; -pub const RTL_CREATE_ENVIRONMENT_EMPTY: ULONG = 0x4; -EXTERN!{extern "system" { - fn RtlCreateEnvironmentEx( - SourceEnv: PVOID, - Environment: *mut PVOID, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlDestroyEnvironment( - Environment: PVOID, - ) -> NTSTATUS; - fn RtlSetCurrentEnvironment( - Environment: PVOID, - PreviousEnvironment: *mut PVOID, - ) -> NTSTATUS; - fn RtlSetEnvironmentVar( - Environment: *mut PWSTR, - Name: PWSTR, - NameLength: SIZE_T, - Value: PWSTR, - ValueLength: SIZE_T, - ) -> NTSTATUS; - fn RtlSetEnvironmentVariable( - Environment: *mut PVOID, - Name: PUNICODE_STRING, - Value: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlQueryEnvironmentVariable( - Environment: PVOID, - Name: PWSTR, - NameLength: SIZE_T, - Value: PWSTR, - ValueLength: SIZE_T, - ReturnLength: PSIZE_T, - ) -> NTSTATUS; - fn RtlQueryEnvironmentVariable_U( - Environment: PVOID, - Name: PUNICODE_STRING, - Value: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlExpandEnvironmentStrings( - Environment: PVOID, - Src: PWSTR, - SrcLength: SIZE_T, - Dst: PWSTR, - DstLength: SIZE_T, - ReturnLength: PSIZE_T, - ) -> NTSTATUS; - fn RtlExpandEnvironmentStrings_U( - Environment: PVOID, - Source: PUNICODE_STRING, - Destination: PUNICODE_STRING, - ReturnedLength: PULONG, - ) -> NTSTATUS; - fn RtlSetEnvironmentStrings( - NewEnvironment: PWCHAR, - NewEnvironmentSize: SIZE_T, - ) -> NTSTATUS; -}} -STRUCT!{struct RTLP_CURDIR_REF { - ReferenceCount: LONG, - DirectoryHandle: HANDLE, -}} -pub type PRTLP_CURDIR_REF = *mut RTLP_CURDIR_REF; -STRUCT!{struct RTL_RELATIVE_NAME_U { - RelativeName: UNICODE_STRING, - ContainingDirectory: HANDLE, - CurDirRef: PRTLP_CURDIR_REF, -}} -pub type PRTL_RELATIVE_NAME_U = *mut RTL_RELATIVE_NAME_U; -ENUM!{enum RTL_PATH_TYPE { - RtlPathTypeUnknown = 0, - RtlPathTypeUncAbsolute = 1, - RtlPathTypeDriveAbsolute = 2, - RtlPathTypeDriveRelative = 3, - RtlPathTypeRooted = 4, - RtlPathTypeRelative = 5, - RtlPathTypeLocalDevice = 6, - RtlPathTypeRootLocalDevice = 7, -}} -EXTERN!{extern "C" { - static mut RtlDosPathSeperatorsString: UNICODE_STRING; - static mut RtlAlternateDosPathSeperatorString: UNICODE_STRING; - static mut RtlNtPathSeperatorString: UNICODE_STRING; -}} -/// "ntdll.dll" -pub const RtlNtdllName: UTF16Const = UTF16Const(&[ - 0x006E, 0x0074, 0x0064, 0x006C, 0x006C, 0x002E, 0x0064, 0x006C, 0x006C, 0u16, -]); -EXTERN!{extern "system" { - fn RtlDetermineDosPathNameType_U( - DosFileName: PWSTR, - ) -> RTL_PATH_TYPE; - fn RtlDetermineDosPathNameType_Ustr( - DosFileName: PCUNICODE_STRING, - ) -> RTL_PATH_TYPE; - fn RtlIsDosDeviceName_U( - DosFileName: PWSTR, - ) -> ULONG; - fn RtlIsDosDeviceName_Ustr( - DosFileName: PUNICODE_STRING, - ) -> ULONG; - fn RtlGetFullPathName_U( - FileName: PWSTR, - BufferLength: ULONG, - Buffer: PWSTR, - FilePart: *mut PWSTR, - ) -> ULONG; - fn RtlGetFullPathName_UEx( - FileName: PWSTR, - BufferLength: ULONG, - Buffer: PWSTR, - FilePart: *mut PWSTR, - BytesRequired: *mut ULONG, - ) -> NTSTATUS; - fn RtlGetFullPathName_UstrEx( - FileName: PUNICODE_STRING, - StaticString: PUNICODE_STRING, - DynamicString: PUNICODE_STRING, - StringUsed: *mut PUNICODE_STRING, - FilePartPrefixCch: *mut SIZE_T, - NameInvalid: PBOOLEAN, - InputPathType: *mut RTL_PATH_TYPE, - BytesRequired: *mut SIZE_T, - ) -> NTSTATUS; - fn RtlGetCurrentDirectory_U( - BufferLength: ULONG, - Buffer: PWSTR, - ) -> ULONG; - fn RtlSetCurrentDirectory_U( - PathName: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlGetLongestNtPathLength() -> ULONG; - fn RtlDosPathNameToNtPathName_U( - DosFileName: PWSTR, - NtFileName: PUNICODE_STRING, - FilePart: *mut PWSTR, - RelativeName: PRTL_RELATIVE_NAME_U, - ) -> BOOLEAN; - fn RtlDosPathNameToNtPathName_U_WithStatus( - DosFileName: PWSTR, - NtFileName: PUNICODE_STRING, - FilePart: *mut PWSTR, - RelativeName: PRTL_RELATIVE_NAME_U, - ) -> NTSTATUS; - fn RtlDosLongPathNameToNtPathName_U_WithStatus( - DosFileName: PWSTR, - NtFileName: PUNICODE_STRING, - FilePart: *mut PWSTR, - RelativeName: PRTL_RELATIVE_NAME_U, - ) -> NTSTATUS; - fn RtlDosPathNameToRelativeNtPathName_U( - DosFileName: PWSTR, - NtFileName: PUNICODE_STRING, - FilePart: *mut PWSTR, - RelativeName: PRTL_RELATIVE_NAME_U, - ) -> BOOLEAN; - fn RtlDosPathNameToRelativeNtPathName_U_WithStatus( - DosFileName: PWSTR, - NtFileName: PUNICODE_STRING, - FilePart: *mut PWSTR, - RelativeName: PRTL_RELATIVE_NAME_U, - ) -> NTSTATUS; - fn RtlDosLongPathNameToRelativeNtPathName_U_WithStatus( - DosFileName: PWSTR, - NtFileName: PUNICODE_STRING, - FilePart: *mut PWSTR, - RelativeName: PRTL_RELATIVE_NAME_U, - ) -> NTSTATUS; - fn RtlReleaseRelativeName( - RelativeName: PRTL_RELATIVE_NAME_U, - ); - fn RtlDosSearchPath_U( - Path: PWSTR, - FileName: PWSTR, - Extension: PWSTR, - BufferLength: ULONG, - Buffer: PWSTR, - FilePart: *mut PWSTR, - ) -> ULONG; -}} -pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION: ULONG = 0x00000001; -pub const RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH: ULONG = 0x00000002; -pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION: ULONG = 0x00000004; -EXTERN!{extern "system" { - fn RtlDosSearchPath_Ustr( - Flags: ULONG, - Path: PUNICODE_STRING, - FileName: PUNICODE_STRING, - DefaultExtension: PUNICODE_STRING, - StaticString: PUNICODE_STRING, - DynamicString: PUNICODE_STRING, - FullFileNameOut: *mut PCUNICODE_STRING, - FilePartPrefixCch: *mut SIZE_T, - BytesRequired: *mut SIZE_T, - ) -> NTSTATUS; - fn RtlDoesFileExists_U( - FileName: PWSTR, - ) -> BOOLEAN; - fn RtlGetLengthWithoutLastFullDosOrNtPathElement( - Flags: ULONG, - PathString: PUNICODE_STRING, - Length: PULONG, - ) -> NTSTATUS; - fn RtlGetLengthWithoutTrailingPathSeperators( - Flags: ULONG, - PathString: PUNICODE_STRING, - Length: PULONG, - ) -> NTSTATUS; -}} -STRUCT!{struct GENERATE_NAME_CONTEXT { - Checksum: USHORT, - CheckSumInserted: BOOLEAN, - NameLength: UCHAR, - NameBuffer: [WCHAR; 8], - ExtensionLength: ULONG, - ExtensionBuffer: [WCHAR; 4], - LastIndexValue: ULONG, -}} -pub type PGENERATE_NAME_CONTEXT = *mut GENERATE_NAME_CONTEXT; -EXTERN!{extern "system" { - fn RtlGenerate8dot3Name( - Name: PCUNICODE_STRING, - AllowExtendedCharacters: BOOLEAN, - Context: PGENERATE_NAME_CONTEXT, - Name8dot3: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlComputePrivatizedDllName_U( - DllName: PUNICODE_STRING, - RealName: PUNICODE_STRING, - LocalName: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlGetSearchPath( - SearchPathA: *mut PWSTR, - ) -> BOOLEAN; - fn RtlSetSearchPathMode( - Flags: ULONG, - ) -> NTSTATUS; - fn RtlGetExePath() -> PWSTR; - fn RtlGetNtSystemRoot() -> PWSTR; - fn RtlAreLongPathsEnabled() -> BOOLEAN; - fn RtlIsThreadWithinLoaderCallout() -> BOOLEAN; - fn RtlDllShutdownInProgress() -> BOOLEAN; -}} -STRUCT!{struct RTL_HEAP_ENTRY_u_s1 { - Settable: SIZE_T, - Tag: ULONG, -}} -STRUCT!{struct RTL_HEAP_ENTRY_u_s2 { - CommittedSize: SIZE_T, - FirstBlock: PVOID, -}} -UNION!{union RTL_HEAP_ENTRY_u { - s1: RTL_HEAP_ENTRY_u_s1, - s2: RTL_HEAP_ENTRY_u_s2, -}} -STRUCT!{struct RTL_HEAP_ENTRY { - Size: SIZE_T, - Flags: USHORT, - AllocatorBackTraceIndex: USHORT, - u: RTL_HEAP_ENTRY_u, -}} -pub type PRTL_HEAP_ENTRY = *mut RTL_HEAP_ENTRY; -pub const RTL_HEAP_BUSY: USHORT = 0x0001; -pub const RTL_HEAP_SEGMENT: USHORT = 0x0002; -pub const RTL_HEAP_SETTABLE_VALUE: USHORT = 0x0010; -pub const RTL_HEAP_SETTABLE_FLAG1: USHORT = 0x0020; -pub const RTL_HEAP_SETTABLE_FLAG2: USHORT = 0x0040; -pub const RTL_HEAP_SETTABLE_FLAG3: USHORT = 0x0080; -pub const RTL_HEAP_SETTABLE_FLAGS: USHORT = 0x00e0; -pub const RTL_HEAP_UNCOMMITTED_RANGE: USHORT = 0x0100; -pub const RTL_HEAP_PROTECTED_ENTRY: USHORT = 0x0200; -STRUCT!{struct RTL_HEAP_TAG { - NumberOfAllocations: ULONG, - NumberOfFrees: ULONG, - BytesAllocated: SIZE_T, - TagIndex: USHORT, - CreatorBackTraceIndex: USHORT, - TagName: [WCHAR; 24], -}} -pub type PRTL_HEAP_TAG = *mut RTL_HEAP_TAG; -STRUCT!{struct RTL_HEAP_INFORMATION { - BaseAddress: PVOID, - Flags: ULONG, - EntryOverhead: USHORT, - CreatorBackTraceIndex: USHORT, - BytesAllocated: SIZE_T, - BytesCommitted: SIZE_T, - NumberOfTags: ULONG, - NumberOfEntries: ULONG, - NumberOfPseudoTags: ULONG, - PseudoTagGranularity: ULONG, - Reserved: [ULONG; 5], - Tags: PRTL_HEAP_TAG, - Entries: PRTL_HEAP_ENTRY, -}} -pub type PRTL_HEAP_INFORMATION = *mut RTL_HEAP_INFORMATION; -STRUCT!{struct RTL_PROCESS_HEAPS { - NumberOfHeaps: ULONG, - Heaps: [RTL_HEAP_INFORMATION; 1], -}} -pub type PRTL_PROCESS_HEAPS = *mut RTL_PROCESS_HEAPS; -FN!{stdcall PRTL_HEAP_COMMIT_ROUTINE( - Base: PVOID, - CommitAddress: *mut PVOID, - CommitSize: PSIZE_T, -) -> NTSTATUS} -STRUCT!{struct RTL_HEAP_PARAMETERS { - Length: ULONG, - SegmentReserve: SIZE_T, - SegmentCommit: SIZE_T, - DeCommitFreeBlockThreshold: SIZE_T, - DeCommitTotalFreeThreshold: SIZE_T, - MaximumAllocationSize: SIZE_T, - VirtualMemoryThreshold: SIZE_T, - InitialCommit: SIZE_T, - InitialReserve: SIZE_T, - CommitRoutine: PRTL_HEAP_COMMIT_ROUTINE, - Reserved: [SIZE_T; 2], -}} -pub type PRTL_HEAP_PARAMETERS = *mut RTL_HEAP_PARAMETERS; -pub const HEAP_SETTABLE_USER_VALUE: ULONG = 0x00000100; -pub const HEAP_SETTABLE_USER_FLAG1: ULONG = 0x00000200; -pub const HEAP_SETTABLE_USER_FLAG2: ULONG = 0x00000400; -pub const HEAP_SETTABLE_USER_FLAG3: ULONG = 0x00000800; -pub const HEAP_SETTABLE_USER_FLAGS: ULONG = 0x00000e00; -pub const HEAP_CLASS_0: ULONG = 0x00000000; -pub const HEAP_CLASS_1: ULONG = 0x00001000; -pub const HEAP_CLASS_2: ULONG = 0x00002000; -pub const HEAP_CLASS_3: ULONG = 0x00003000; -pub const HEAP_CLASS_4: ULONG = 0x00004000; -pub const HEAP_CLASS_5: ULONG = 0x00005000; -pub const HEAP_CLASS_6: ULONG = 0x00006000; -pub const HEAP_CLASS_7: ULONG = 0x00007000; -pub const HEAP_CLASS_8: ULONG = 0x00008000; -pub const HEAP_CLASS_MASK: ULONG = 0x0000f000; -EXTERN!{extern "system" { - fn RtlCreateHeap( - Flags: ULONG, - HeapBase: PVOID, - ReserveSize: SIZE_T, - CommitSize: SIZE_T, - Lock: PVOID, - Parameters: PRTL_HEAP_PARAMETERS, - ) -> PVOID; - fn RtlDestroyHeap( - HeapHandle: PVOID, - ) -> PVOID; - fn RtlAllocateHeap( - HeapHandle: PVOID, - Flags: ULONG, - Size: SIZE_T, - ) -> PVOID; - fn RtlFreeHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - ) -> BOOLEAN; - fn RtlSizeHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - ) -> SIZE_T; - fn RtlZeroHeap( - HeapHandle: PVOID, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlProtectHeap( - HeapHandle: PVOID, - MakeReadOnly: BOOLEAN, - ); -}} -#[inline] #[cfg(not(target_arch = "aarch64"))] -pub unsafe fn RtlProcessHeap() -> PVOID { - use crate::ntpsapi::NtCurrentPeb; - (*NtCurrentPeb()).ProcessHeap -} -EXTERN!{extern "system" { - fn RtlLockHeap( - HeapHandle: PVOID, - ) -> BOOLEAN; - fn RtlUnlockHeap( - HeapHandle: PVOID, - ) -> BOOLEAN; - fn RtlReAllocateHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - Size: SIZE_T, - ) -> PVOID; - fn RtlGetUserInfoHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - UserValue: *mut PVOID, - UserFlags: PULONG, - ) -> BOOLEAN; - fn RtlSetUserValueHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - UserValue: PVOID, - ) -> BOOLEAN; - fn RtlSetUserFlagsHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - UserFlagsReset: ULONG, - UserFlagsSet: ULONG, - ) -> BOOLEAN; -}} -STRUCT!{struct RTL_HEAP_TAG_INFO { - NumberOfAllocations: ULONG, - NumberOfFrees: ULONG, - BytesAllocated: SIZE_T, -}} -pub type PRTL_HEAP_TAG_INFO = *mut RTL_HEAP_TAG_INFO; -EXTERN!{extern "system" { - fn RtlCreateTagHeap( - HeapHandle: PVOID, - Flags: ULONG, - TagPrefix: PWSTR, - TagNames: PWSTR, - ) -> ULONG; - fn RtlQueryTagHeap( - HeapHandle: PVOID, - Flags: ULONG, - TagIndex: USHORT, - ResetCounters: BOOLEAN, - TagInfo: PRTL_HEAP_TAG_INFO, - ) -> PWSTR; - fn RtlExtendHeap( - HeapHandle: PVOID, - Flags: ULONG, - Base: PVOID, - Size: SIZE_T, - ) -> NTSTATUS; - fn RtlCompactHeap( - HeapHandle: PVOID, - Flags: ULONG, - ) -> SIZE_T; - fn RtlValidateHeap( - HeapHandle: PVOID, - Flags: ULONG, - BaseAddress: PVOID, - ) -> BOOLEAN; - fn RtlValidateProcessHeaps() -> BOOLEAN; - fn RtlGetProcessHeaps( - NumberOfHeaps: ULONG, - ProcessHeaps: *mut PVOID, - ) -> ULONG; -}} -FN!{stdcall PRTL_ENUM_HEAPS_ROUTINE( - HeapHandle: PVOID, - Parameter: PVOID, -) -> NTSTATUS} -EXTERN!{extern "system" { - fn RtlEnumProcessHeaps( - EnumRoutine: PRTL_ENUM_HEAPS_ROUTINE, - Parameter: PVOID, - ) -> NTSTATUS; -}} -STRUCT!{struct RTL_HEAP_USAGE_ENTRY { - Next: *mut RTL_HEAP_USAGE_ENTRY, - Address: PVOID, - Size: SIZE_T, - AllocatorBackTraceIndex: USHORT, - TagIndex: USHORT, -}} -pub type PRTL_HEAP_USAGE_ENTRY = *mut RTL_HEAP_USAGE_ENTRY; -STRUCT!{struct RTL_HEAP_USAGE { - Length: ULONG, - BytesAllocated: SIZE_T, - BytesCommitted: SIZE_T, - BytesReserved: SIZE_T, - BytesReservedMaximum: SIZE_T, - Entries: PRTL_HEAP_USAGE_ENTRY, - AddedEntries: PRTL_HEAP_USAGE_ENTRY, - RemovedEntries: PRTL_HEAP_USAGE_ENTRY, - Reserved: [ULONG_PTR; 8], -}} -pub type PRTL_HEAP_USAGE = *mut RTL_HEAP_USAGE; -pub const HEAP_USAGE_ALLOCATED_BLOCKS: ULONG = HEAP_REALLOC_IN_PLACE_ONLY; -pub const HEAP_USAGE_FREE_BUFFER: ULONG = HEAP_ZERO_MEMORY; -EXTERN!{extern "system" { - fn RtlUsageHeap( - HeapHandle: PVOID, - Flags: ULONG, - Usage: PRTL_HEAP_USAGE, - ) -> NTSTATUS; -}} -STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Block { - Settable: SIZE_T, - TagIndex: USHORT, - AllocatorBackTraceIndex: USHORT, - Reserved: [ULONG; 2], -}} -STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Segment { - CommittedSize: ULONG, - UnCommittedSize: ULONG, - FirstEntry: PVOID, - LastEntry: PVOID, -}} -UNION!{union RTL_HEAP_WALK_ENTRY_u { - Block: RTL_HEAP_WALK_ENTRY_u_Block, - Segment: RTL_HEAP_WALK_ENTRY_u_Segment, -}} -STRUCT!{struct RTL_HEAP_WALK_ENTRY { - DataAddress: PVOID, - DataSize: SIZE_T, - OverheadBytes: UCHAR, - SegmentIndex: UCHAR, - Flags: USHORT, - u: RTL_HEAP_WALK_ENTRY_u, -}} -pub type PRTL_HEAP_WALK_ENTRY = *mut RTL_HEAP_WALK_ENTRY; -EXTERN!{extern "system" { - fn RtlWalkHeap( - HeapHandle: PVOID, - Entry: PRTL_HEAP_WALK_ENTRY, - ) -> NTSTATUS; -}} -pub const HeapDetailedFailureInformation: u32 = 0x80000001; -pub const HeapSetDebuggingInformation: u32 = 0x80000002; -ENUM!{enum HEAP_COMPATIBILITY_MODE { - HEAP_COMPATIBILITY_STANDARD = 0, - HEAP_COMPATIBILITY_LAL = 1, - HEAP_COMPATIBILITY_LFH = 2, -}} -STRUCT!{struct PROCESS_HEAP_INFORMATION { - ReserveSize: ULONG_PTR, - CommitSize: ULONG_PTR, - NumberOfHeaps: ULONG, - FirstHeapInformationOffset: ULONG_PTR, -}} -pub type PPROCESS_HEAP_INFORMATION = *mut PROCESS_HEAP_INFORMATION; -STRUCT!{struct HEAP_INFORMATION { - Address: ULONG_PTR, - Mode: ULONG, - ReserveSize: ULONG_PTR, - CommitSize: ULONG_PTR, - FirstRegionInformationOffset: ULONG_PTR, - NextHeapInformationOffset: ULONG_PTR, -}} -pub type PHEAP_INFORMATION = *mut HEAP_INFORMATION; -UNION!{union HEAP_EXTENDED_INFORMATION_u { - ProcessHeapInformation: PROCESS_HEAP_INFORMATION, - HeapInformation: HEAP_INFORMATION, -}} -STRUCT!{struct HEAP_EXTENDED_INFORMATION { - Process: HANDLE, - Heap: ULONG_PTR, - Level: ULONG, - CallbackRoutine: PVOID, - CallbackContext: PVOID, - u: HEAP_EXTENDED_INFORMATION_u, -}} -pub type PHEAP_EXTENDED_INFORMATION = *mut HEAP_EXTENDED_INFORMATION; -FN!{stdcall PRTL_HEAP_LEAK_ENUMERATION_ROUTINE( - Reserved: LONG, - HeapHandle: PVOID, - BaseAddress: PVOID, - BlockSize: SIZE_T, - StackTraceDepth: ULONG, - StackTrace: *mut PVOID, -) -> NTSTATUS} -STRUCT!{struct HEAP_DEBUGGING_INFORMATION { - InterceptorFunction: PVOID, - InterceptorValue: USHORT, - ExtendedOptions: ULONG, - StackTraceDepth: ULONG, - MinTotalBlockSize: SIZE_T, - MaxTotalBlockSize: SIZE_T, - HeapLeakEnumerationRoutine: PRTL_HEAP_LEAK_ENUMERATION_ROUTINE, -}} -pub type PHEAP_DEBUGGING_INFORMATION = *mut HEAP_DEBUGGING_INFORMATION; -EXTERN!{extern "system" { - fn RtlQueryHeapInformation( - HeapHandle: PVOID, - HeapInformationClass: HEAP_INFORMATION_CLASS, - HeapInformation: PVOID, - HeapInformationLength: SIZE_T, - ReturnLength: PSIZE_T, - ) -> NTSTATUS; - fn RtlSetHeapInformation( - HeapHandle: PVOID, - HeapInformationClass: HEAP_INFORMATION_CLASS, - HeapInformation: PVOID, - HeapInformationLength: SIZE_T, - ) -> NTSTATUS; - fn RtlMultipleAllocateHeap( - HeapHandle: PVOID, - Flags: ULONG, - Size: SIZE_T, - Count: ULONG, - Array: *mut PVOID, - ) -> ULONG; - fn RtlMultipleFreeHeap( - HeapHandle: PVOID, - Flags: ULONG, - Count: ULONG, - Array: *mut PVOID, - ) -> ULONG; - fn RtlDetectHeapLeaks(); - fn RtlFlushHeaps(); -}} -STRUCT!{struct RTL_MEMORY_ZONE_SEGMENT { - NextSegment: *mut RTL_MEMORY_ZONE_SEGMENT, - Size: SIZE_T, - Next: PVOID, - Limit: PVOID, -}} -pub type PRTL_MEMORY_ZONE_SEGMENT = *mut RTL_MEMORY_ZONE_SEGMENT; -STRUCT!{struct RTL_MEMORY_ZONE { - Segment: RTL_MEMORY_ZONE_SEGMENT, - Lock: RTL_SRWLOCK, - LockCount: ULONG, - FirstSegment: PRTL_MEMORY_ZONE_SEGMENT, -}} -pub type PRTL_MEMORY_ZONE = *mut RTL_MEMORY_ZONE; -EXTERN!{extern "system" { - fn RtlCreateMemoryZone( - MemoryZone: *mut PVOID, - InitialSize: SIZE_T, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlDestroyMemoryZone( - MemoryZone: PVOID, - ) -> NTSTATUS; - fn RtlAllocateMemoryZone( - MemoryZone: PVOID, - BlockSize: SIZE_T, - Block: *mut PVOID, - ) -> NTSTATUS; - fn RtlResetMemoryZone( - MemoryZone: PVOID, - ) -> NTSTATUS; - fn RtlLockMemoryZone( - MemoryZone: PVOID, - ) -> NTSTATUS; - fn RtlUnlockMemoryZone( - MemoryZone: PVOID, - ) -> NTSTATUS; - fn RtlCreateMemoryBlockLookaside( - MemoryBlockLookaside: *mut PVOID, - Flags: ULONG, - InitialSize: ULONG, - MinimumBlockSize: ULONG, - MaximumBlockSize: ULONG, - ) -> NTSTATUS; - fn RtlDestroyMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - ) -> NTSTATUS; - fn RtlAllocateMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - BlockSize: ULONG, - Block: *mut PVOID, - ) -> NTSTATUS; - fn RtlFreeMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - Block: PVOID, - ) -> NTSTATUS; - fn RtlExtendMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - Increment: ULONG, - ) -> NTSTATUS; - fn RtlResetMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - ) -> NTSTATUS; - fn RtlLockMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - ) -> NTSTATUS; - fn RtlUnlockMemoryBlockLookaside( - MemoryBlockLookaside: PVOID, - ) -> NTSTATUS; - fn RtlGetCurrentTransaction() -> HANDLE; - fn RtlSetCurrentTransaction( - TransactionHandle: HANDLE, - ) -> LOGICAL; -}} -#[inline] -pub const fn RtlIsEqualLuid(L1: &LUID, L2: &LUID) -> bool { - (L1.LowPart == L2.LowPart) && (L1.HighPart == L2.HighPart) -} -#[inline] -pub const fn RtlIsZeroLuid(L1: &LUID) -> bool { - (L1.LowPart | L1.HighPart as u32) == 0 -} -#[inline] -pub const fn RtlConvertLongToLuid(Long: LONG) -> LUID { - LUID { LowPart: Long as u32, HighPart: ((Long as i64) >> 32) as i32 } -} -#[inline] -pub const fn RtlConvertUlongToLuid(Ulong: ULONG) -> LUID { - LUID { LowPart: Ulong, HighPart: 0 } -} -EXTERN!{extern "system" { - fn RtlCopyLuid( - DestinationLuid: PLUID, - SourceLuid: PLUID, - ); - fn RtlCopyLuidAndAttributesArray( - Count: ULONG, - Src: PLUID_AND_ATTRIBUTES, - Dest: PLUID_AND_ATTRIBUTES, - ); -}} -STRUCT!{struct RTL_PROCESS_VERIFIER_OPTIONS { - SizeStruct: ULONG, - Option: ULONG, - OptionData: [UCHAR; 1], -}} -pub type PRTL_PROCESS_VERIFIER_OPTIONS = *mut RTL_PROCESS_VERIFIER_OPTIONS; -UNION!{union RTL_DEBUG_INFORMATION_u { - Modules: *mut RTL_PROCESS_MODULES, - ModulesEx: *mut RTL_PROCESS_MODULE_INFORMATION_EX, -}} -STRUCT!{struct RTL_DEBUG_INFORMATION { - SectionHandleClient: HANDLE, - ViewBaseClient: PVOID, - ViewBaseTarget: PVOID, - ViewBaseDelta: ULONG_PTR, - EventPairClient: HANDLE, - EventPairTarget: HANDLE, - TargetProcessId: HANDLE, - TargetThreadHandle: HANDLE, - Flags: ULONG, - OffsetFree: SIZE_T, - CommitSize: SIZE_T, - ViewSize: SIZE_T, - u: RTL_DEBUG_INFORMATION_u, - BackTraces: *mut RTL_PROCESS_BACKTRACES, - Heaps: *mut RTL_PROCESS_HEAPS, - Locks: *mut RTL_PROCESS_LOCKS, - SpecificHeap: PVOID, - TargetProcessHandle: HANDLE, - VerifierOptions: PRTL_PROCESS_VERIFIER_OPTIONS, - ProcessHeap: PVOID, - CriticalSectionHandle: HANDLE, - CriticalSectionOwnerThread: HANDLE, - Reserved: [PVOID; 4], -}} -pub type PRTL_DEBUG_INFORMATION = *mut RTL_DEBUG_INFORMATION; -EXTERN!{extern "system" { - fn RtlCreateQueryDebugBuffer( - MaximumCommit: ULONG, - UseEventPair: BOOLEAN, - ) -> PRTL_DEBUG_INFORMATION; - fn RtlDestroyQueryDebugBuffer( - Buffer: PRTL_DEBUG_INFORMATION, - ) -> NTSTATUS; - fn RtlCommitDebugInfo( - Buffer: PRTL_DEBUG_INFORMATION, - Size: SIZE_T, - ) -> PVOID; - fn RtlDeCommitDebugInfo( - Buffer: PRTL_DEBUG_INFORMATION, - p: PVOID, - Size: SIZE_T, - ); -}} -pub const RTL_QUERY_PROCESS_MODULES: ULONG = 0x00000001; -pub const RTL_QUERY_PROCESS_BACKTRACES: ULONG = 0x00000002; -pub const RTL_QUERY_PROCESS_HEAP_SUMMARY: ULONG = 0x00000004; -pub const RTL_QUERY_PROCESS_HEAP_TAGS: ULONG = 0x00000008; -pub const RTL_QUERY_PROCESS_HEAP_ENTRIES: ULONG = 0x00000010; -pub const RTL_QUERY_PROCESS_LOCKS: ULONG = 0x00000020; -pub const RTL_QUERY_PROCESS_MODULES32: ULONG = 0x00000040; -pub const RTL_QUERY_PROCESS_VERIFIER_OPTIONS: ULONG = 0x00000080; -pub const RTL_QUERY_PROCESS_MODULESEX: ULONG = 0x00000100; -pub const RTL_QUERY_PROCESS_HEAP_ENTRIES_EX: ULONG = 0x00000200; -pub const RTL_QUERY_PROCESS_CS_OWNER: ULONG = 0x00000400; -pub const RTL_QUERY_PROCESS_NONINVASIVE: ULONG = 0x80000000; -EXTERN!{extern "system" { - fn RtlQueryProcessDebugInformation( - UniqueProcessId: HANDLE, - Flags: ULONG, - Buffer: PRTL_DEBUG_INFORMATION, - ) -> NTSTATUS; - fn RtlFindMessage( - DllHandle: PVOID, - MessageTableId: ULONG, - MessageLanguageId: ULONG, - MessageId: ULONG, - MessageEntry: *mut PMESSAGE_RESOURCE_ENTRY, - ) -> NTSTATUS; - fn RtlFormatMessage( - MessageFormat: PWSTR, - MaximumWidth: ULONG, - IgnoreInserts: BOOLEAN, - ArgumentsAreAnsi: BOOLEAN, - ArgumentsAreAnArray: BOOLEAN, - Arguments: *mut va_list, - Buffer: PWSTR, - Length: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; -}} -STRUCT!{struct PARSE_MESSAGE_CONTEXT { - fFlags: ULONG, - cwSavColumn: ULONG, - iwSrc: SIZE_T, - iwDst: SIZE_T, - iwDstSpace: SIZE_T, - lpvArgStart: va_list, -}} -pub type PPARSE_MESSAGE_CONTEXT = *mut PARSE_MESSAGE_CONTEXT; -#[inline] -pub fn INIT_PARSE_MESSAGE_CONTEXT(ctx: &mut PARSE_MESSAGE_CONTEXT) { - ctx.fFlags = 0; -} -#[inline] -pub fn TEST_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG { - ctx.fFlags & flag -} -#[inline] -pub fn SET_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG { - ctx.fFlags |= flag; - ctx.fFlags -} -#[inline] -pub fn CLEAR_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG { - ctx.fFlags &= !flag; - ctx.fFlags -} -EXTERN!{extern "system" { - fn RtlFormatMessageEx( - MessageFormat: PWSTR, - MaximumWidth: ULONG, - IgnoreInserts: BOOLEAN, - ArgumentsAreAnsi: BOOLEAN, - ArgumentsAreAnArray: BOOLEAN, - Arguments: *mut va_list, - Buffer: PWSTR, - Length: ULONG, - ReturnLength: PULONG, - ParseContext: PPARSE_MESSAGE_CONTEXT, - ) -> NTSTATUS; - fn RtlNtStatusToDosError( - Status: NTSTATUS, - ) -> ULONG; - fn RtlNtStatusToDosErrorNoTeb( - Status: NTSTATUS, - ) -> ULONG; - fn RtlGetLastNtStatus() -> NTSTATUS; - fn RtlGetLastWin32Error() -> LONG; - fn RtlSetLastWin32ErrorAndNtStatusFromNtStatus( - Status: NTSTATUS, - ); - fn RtlSetLastWin32Error( - Win32Error: LONG, - ); - fn RtlRestoreLastWin32Error( - Win32Error: LONG, - ); -}} -pub const RTL_ERRORMODE_FAILCRITICALERRORS: ULONG = 0x0010; -pub const RTL_ERRORMODE_NOGPFAULTERRORBOX: ULONG = 0x0020; -pub const RTL_ERRORMODE_NOOPENFILEERRORBOX: ULONG = 0x0040; -EXTERN!{extern "system" { - fn RtlGetThreadErrorMode() -> ULONG; - fn RtlSetThreadErrorMode( - NewMode: ULONG, - OldMode: PULONG, - ) -> NTSTATUS; - fn RtlReportException( - ExceptionRecord: PEXCEPTION_RECORD, - ContextRecord: PCONTEXT, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlReportExceptionEx( - ExceptionRecord: PEXCEPTION_RECORD, - ContextRecord: PCONTEXT, - Flags: ULONG, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn RtlWerpReportException( - ProcessId: ULONG, - CrashReportSharedMem: HANDLE, - Flags: ULONG, - CrashVerticalProcessHandle: PHANDLE, - ) -> NTSTATUS; - fn RtlReportSilentProcessExit( - ProcessHandle: HANDLE, - ExitStatus: NTSTATUS, - ) -> NTSTATUS; - fn RtlUniform( - Seed: PULONG, - ) -> ULONG; - fn RtlRandom( - Seed: PULONG, - ) -> ULONG; - fn RtlRandomEx( - Seed: PULONG, - ) -> ULONG; - fn RtlComputeImportTableHash( - FileHandle: HANDLE, - Hash: PCHAR, - ImportTableHashRevision: ULONG, - ) -> NTSTATUS; - fn RtlIntegerToChar( - Value: ULONG, - Base: ULONG, - OutputLength: LONG, - String: PSTR, - ) -> NTSTATUS; - fn RtlCharToInteger( - String: PCSZ, - Base: ULONG, - Value: PULONG, - ) -> NTSTATUS; - fn RtlLargeIntegerToChar( - Value: PLARGE_INTEGER, - Base: ULONG, - OutputLength: LONG, - String: PSTR, - ) -> NTSTATUS; - fn RtlIntegerToUnicodeString( - Value: ULONG, - Base: ULONG, - String: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlInt64ToUnicodeString( - Value: ULONGLONG, - Base: ULONG, - String: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlUnicodeStringToInteger( - String: PCUNICODE_STRING, - Base: ULONG, - Value: PULONG, - ) -> NTSTATUS; - fn RtlIpv4AddressToStringExW( - Address: *const in_addr, - Port: USHORT, - AddressString: PWSTR, - AddressStringLength: PULONG, - ) -> NTSTATUS; - fn RtlIpv6AddressToStringExW( - Address: *const in6_addr, - ScopeId: ULONG, - Port: USHORT, - AddressString: PWSTR, - AddressStringLength: PULONG, - ) -> NTSTATUS; - fn RtlIpv4StringToAddressExW( - AddressString: PCWSTR, - Strict: BOOLEAN, - Address: *mut in_addr, - Port: PUSHORT, - ) -> NTSTATUS; - fn RtlIpv6StringToAddressExW( - AddressString: PCWSTR, - Address: *mut in6_addr, - ScopeId: PULONG, - Port: PUSHORT, - ) -> NTSTATUS; -}} -STRUCT!{struct TIME_FIELDS { - Year: CSHORT, - Month: CSHORT, - Day: CSHORT, - Hour: CSHORT, - Minute: CSHORT, - Second: CSHORT, - Milliseconds: CSHORT, - Weekday: CSHORT, -}} -pub type PTIME_FIELDS = *mut TIME_FIELDS; -EXTERN!{extern "system" { - fn RtlCutoverTimeToSystemTime( - CutoverTime: PTIME_FIELDS, - SystemTime: PLARGE_INTEGER, - CurrentSystemTime: PLARGE_INTEGER, - ThisYear: BOOLEAN, - ) -> BOOLEAN; - fn RtlSystemTimeToLocalTime( - SystemTime: PLARGE_INTEGER, - LocalTime: PLARGE_INTEGER, - ) -> NTSTATUS; - fn RtlLocalTimeToSystemTime( - LocalTime: PLARGE_INTEGER, - SystemTime: PLARGE_INTEGER, - ) -> NTSTATUS; - fn RtlTimeToElapsedTimeFields( - Time: PLARGE_INTEGER, - TimeFields: PTIME_FIELDS, - ); - fn RtlTimeToTimeFields( - Time: PLARGE_INTEGER, - TimeFields: PTIME_FIELDS, - ); - fn RtlTimeFieldsToTime( - TimeFields: PTIME_FIELDS, - Time: PLARGE_INTEGER, - ) -> BOOLEAN; - fn RtlTimeToSecondsSince1980( - Time: PLARGE_INTEGER, - ElapsedSeconds: PULONG, - ) -> BOOLEAN; - fn RtlSecondsSince1980ToTime( - ElapsedSeconds: ULONG, - Time: PLARGE_INTEGER, - ); - fn RtlTimeToSecondsSince1970( - Time: PLARGE_INTEGER, - ElapsedSeconds: PULONG, - ) -> BOOLEAN; - fn RtlSecondsSince1970ToTime( - ElapsedSeconds: ULONG, - Time: PLARGE_INTEGER, - ); -}} -STRUCT!{struct RTL_TIME_ZONE_INFORMATION { - Bias: LONG, - StandardName: [WCHAR; 32], - StandardStart: TIME_FIELDS, - StandardBias: LONG, - DaylightName: [WCHAR; 32], - DaylightStart: TIME_FIELDS, - DaylightBias: LONG, -}} -pub type PRTL_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION; -EXTERN!{extern "system" { - fn RtlQueryTimeZoneInformation( - TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION, - ) -> NTSTATUS; - fn RtlSetTimeZoneInformation( - TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION, - ) -> NTSTATUS; -}} -STRUCT!{struct RTL_BITMAP { - SizeOfBitMap: ULONG, - Buffer: PULONG, -}} -pub type PRTL_BITMAP = *mut RTL_BITMAP; -EXTERN!{extern "system" { - fn RtlInitializeBitMap( - BitMapHeader: PRTL_BITMAP, - BitMapBuffer: PULONG, - SizeOfBitMap: ULONG, - ); - fn RtlClearBit( - BitMapHeader: PRTL_BITMAP, - BitNumber: ULONG, - ); - fn RtlSetBit( - BitMapHeader: PRTL_BITMAP, - BitNumber: ULONG, - ); - fn RtlTestBit( - BitMapHeader: PRTL_BITMAP, - BitNumber: ULONG, - ) -> BOOLEAN; - fn RtlClearAllBits( - BitMapHeader: PRTL_BITMAP, - ); - fn RtlSetAllBits( - BitMapHeader: PRTL_BITMAP, - ); - fn RtlFindClearBits( - BitMapHeader: PRTL_BITMAP, - NumberToFind: ULONG, - HintIndex: ULONG, - ) -> ULONG; - fn RtlFindSetBits( - BitMapHeader: PRTL_BITMAP, - NumberToFind: ULONG, - HintIndex: ULONG, - ) -> ULONG; - fn RtlFindClearBitsAndSet( - BitMapHeader: PRTL_BITMAP, - NumberToFind: ULONG, - HintIndex: ULONG, - ) -> ULONG; - fn RtlFindSetBitsAndClear( - BitMapHeader: PRTL_BITMAP, - NumberToFind: ULONG, - HintIndex: ULONG, - ) -> ULONG; - fn RtlClearBits( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - NumberToClear: ULONG, - ); - fn RtlSetBits( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - NumberToSet: ULONG, - ); - fn RtlFindMostSignificantBit( - Set: ULONGLONG, - ) -> CCHAR; - fn RtlFindLeastSignificantBit( - Set: ULONGLONG, - ) -> CCHAR; -}} -STRUCT!{struct RTL_BITMAP_RUN { - StartingIndex: ULONG, - NumberOfBits: ULONG, -}} -pub type PRTL_BITMAP_RUN = *mut RTL_BITMAP_RUN; -EXTERN!{extern "system" { - fn RtlFindClearRuns( - BitMapHeader: PRTL_BITMAP, - RunArray: PRTL_BITMAP_RUN, - SizeOfRunArray: ULONG, - LocateLongestRuns: BOOLEAN, - ) -> ULONG; - fn RtlFindLongestRunClear( - BitMapHeader: PRTL_BITMAP, - StartingIndex: PULONG, - ) -> ULONG; - fn RtlFindFirstRunClear( - BitMapHeader: PRTL_BITMAP, - StartingIndex: PULONG, - ) -> ULONG; -}} -#[inline] -pub unsafe fn RtlCheckBit(BitMapHeader: &RTL_BITMAP, BitPosition: ULONG) -> u8 { - #[cfg(target_arch = "x86_64")] { - core::arch::x86_64::_bittest64(BitMapHeader.Buffer as *const i64, BitPosition as i64) - } - #[cfg(any(target_arch = "x86", target_arch = "aarch64"))] { - (*BitMapHeader.Buffer.offset(BitPosition as isize / 32) >> (BitPosition % 32) & 1) as u8 - } -} -EXTERN!{extern "system" { - fn RtlNumberOfClearBits( - BitMapHeader: PRTL_BITMAP, - ) -> ULONG; - fn RtlNumberOfSetBits( - BitMapHeader: PRTL_BITMAP, - ) -> ULONG; - fn RtlAreBitsClear( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - Length: ULONG, - ) -> BOOLEAN; - fn RtlAreBitsSet( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - Length: ULONG, - ) -> BOOLEAN; - fn RtlFindNextForwardRunClear( - BitMapHeader: PRTL_BITMAP, - FromIndex: ULONG, - StartingRunIndex: PULONG, - ) -> ULONG; - fn RtlFindLastBackwardRunClear( - BitMapHeader: PRTL_BITMAP, - FromIndex: ULONG, - StartingRunIndex: PULONG, - ) -> ULONG; - fn RtlNumberOfSetBitsUlongPtr( - Target: ULONG_PTR, - ) -> ULONG; - fn RtlInterlockedClearBitRun( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - NumberToClear: ULONG, - ); - fn RtlInterlockedSetBitRun( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - NumberToSet: ULONG, - ); - fn RtlCopyBitMap( - Source: PRTL_BITMAP, - Destination: PRTL_BITMAP, - TargetBit: ULONG, - ); - fn RtlExtractBitMap( - Source: PRTL_BITMAP, - Destination: PRTL_BITMAP, - TargetBit: ULONG, - NumberOfBits: ULONG, - ); - fn RtlNumberOfClearBitsInRange( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - Length: ULONG, - ) -> ULONG; - fn RtlNumberOfSetBitsInRange( - BitMapHeader: PRTL_BITMAP, - StartingIndex: ULONG, - Length: ULONG, - ) -> ULONG; -}} -STRUCT!{struct RTL_BITMAP_EX { - SizeOfBitMap: ULONG64, - Buffer: PULONG64, -}} -pub type PRTL_BITMAP_EX = *mut RTL_BITMAP_EX; -EXTERN!{extern "system" { - fn RtlInitializeBitMapEx( - BitMapHeader: PRTL_BITMAP_EX, - BitMapBuffer: PULONG64, - SizeOfBitMap: ULONG64, - ); - fn RtlTestBitEx( - BitMapHeader: PRTL_BITMAP_EX, - BitNumber: ULONG64, - ) -> BOOLEAN; - fn RtlClearAllBitsEx( - BitMapHeader: PRTL_BITMAP_EX, - ); - fn RtlClearBitEx( - BitMapHeader: PRTL_BITMAP_EX, - BitNumber: ULONG64, - ); - fn RtlSetBitEx( - BitMapHeader: PRTL_BITMAP_EX, - BitNumber: ULONG64, - ); - fn RtlFindSetBitsEx( - BitMapHeader: PRTL_BITMAP_EX, - NumberToFind: ULONG64, - HintIndex: ULONG64, - ) -> ULONG64; - fn RtlFindSetBitsAndClearEx( - BitMapHeader: PRTL_BITMAP_EX, - NumberToFind: ULONG64, - HintIndex: ULONG64, - ) -> ULONG64; -}} -UNION!{union RTL_HANDLE_TABLE_ENTRY { - Flags: ULONG, - NextFree: *mut RTL_HANDLE_TABLE_ENTRY, -}} -pub type PRTL_HANDLE_TABLE_ENTRY = *mut RTL_HANDLE_TABLE_ENTRY; -pub const RTL_HANDLE_ALLOCATED: USHORT = 0x0001; -STRUCT!{struct RTL_HANDLE_TABLE { - MaximumNumberOfHandles: ULONG, - SizeOfHandleTableEntry: ULONG, - Reserved: [ULONG; 2], - FreeHandles: PRTL_HANDLE_TABLE_ENTRY, - CommittedHandles: PRTL_HANDLE_TABLE_ENTRY, - UnCommittedHandles: PRTL_HANDLE_TABLE_ENTRY, - MaxReservedHandles: PRTL_HANDLE_TABLE_ENTRY, -}} -pub type PRTL_HANDLE_TABLE = *mut RTL_HANDLE_TABLE; -EXTERN!{extern "system" { - fn RtlInitializeHandleTable( - MaximumNumberOfHandles: ULONG, - SizeOfHandleTableEntry: ULONG, - HandleTable: PRTL_HANDLE_TABLE, - ); - fn RtlDestroyHandleTable( - HandleTable: PRTL_HANDLE_TABLE, - ) -> NTSTATUS; - fn RtlAllocateHandle( - HandleTable: PRTL_HANDLE_TABLE, - HandleIndex: PULONG, - ) -> PRTL_HANDLE_TABLE_ENTRY; - fn RtlFreeHandle( - HandleTable: PRTL_HANDLE_TABLE, - Handle: PRTL_HANDLE_TABLE_ENTRY, - ) -> BOOLEAN; - fn RtlIsValidHandle( - HandleTable: PRTL_HANDLE_TABLE, - Handle: PRTL_HANDLE_TABLE_ENTRY, - ) -> BOOLEAN; - fn RtlIsValidIndexHandle( - HandleTable: PRTL_HANDLE_TABLE, - HandleIndex: ULONG, - Handle: *mut PRTL_HANDLE_TABLE_ENTRY, - ) -> BOOLEAN; -}} -pub const RTL_ATOM_MAXIMUM_INTEGER_ATOM: RTL_ATOM = 0xc000; -pub const RTL_ATOM_INVALID_ATOM: RTL_ATOM = 0x0000; -pub const RTL_ATOM_TABLE_DEFAULT_NUMBER_OF_BUCKETS: u32 = 37; -pub const RTL_ATOM_MAXIMUM_NAME_LENGTH: u32 = 255; -pub const RTL_ATOM_PINNED: u32 = 0x01; -EXTERN!{extern "system" { - fn RtlCreateAtomTable( - NumberOfBuckets: ULONG, - AtomTableHandle: *mut PVOID, - ) -> NTSTATUS; - fn RtlDestroyAtomTable( - AtomTableHandle: PVOID, - ) -> NTSTATUS; - fn RtlEmptyAtomTable( - AtomTableHandle: PVOID, - IncludePinnedAtoms: BOOLEAN, - ) -> NTSTATUS; - fn RtlAddAtomToAtomTable( - AtomTableHandle: PVOID, - AtomName: PWSTR, - Atom: PRTL_ATOM, - ) -> NTSTATUS; - fn RtlLookupAtomInAtomTable( - AtomTableHandle: PVOID, - AtomName: PWSTR, - Atom: PRTL_ATOM, - ) -> NTSTATUS; - fn RtlDeleteAtomFromAtomTable( - AtomTableHandle: PVOID, - Atom: RTL_ATOM, - ) -> NTSTATUS; - fn RtlPinAtomInAtomTable( - AtomTableHandle: PVOID, - Atom: RTL_ATOM, - ) -> NTSTATUS; - fn RtlQueryAtomInAtomTable( - AtomTableHandle: PVOID, - Atom: RTL_ATOM, - AtomUsage: PULONG, - AtomFlags: PULONG, - AtomName: PWSTR, - AtomNameLength: PULONG, - ) -> NTSTATUS; - fn RtlGetIntegerAtom( - AtomName: PWSTR, - IntegerAtom: PUSHORT, - ) -> BOOLEAN; - fn RtlValidSid( - Sid: PSID, - ) -> BOOLEAN; - fn RtlEqualSid( - Sid1: PSID, - Sid2: PSID, - ) -> BOOLEAN; - fn RtlEqualPrefixSid( - Sid1: PSID, - Sid2: PSID, - ) -> BOOLEAN; - fn RtlLengthRequiredSid( - SubAuthorityCount: ULONG, - ) -> ULONG; - fn RtlFreeSid( - Sid: PSID, - ) -> PVOID; - fn RtlAllocateAndInitializeSid( - IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, - SubAuthorityCount: UCHAR, - SubAuthority0: ULONG, - SubAuthority1: ULONG, - SubAuthority2: ULONG, - SubAuthority3: ULONG, - SubAuthority4: ULONG, - SubAuthority5: ULONG, - SubAuthority6: ULONG, - SubAuthority7: ULONG, - Sid: *mut PSID, - ) -> NTSTATUS; - fn RtlInitializeSid( - Sid: PSID, - IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, - SubAuthorityCount: UCHAR, - ) -> NTSTATUS; -}} -EXTERN!{extern "C" { - fn RtlInitializeSidEx( - Sid: PSID, - IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, - SubAuthorityCount: UCHAR, - ... - ) -> NTSTATUS; -}} -EXTERN!{extern "system" { - fn RtlIdentifierAuthoritySid( - Sid: PSID, - ) -> PSID_IDENTIFIER_AUTHORITY; - fn RtlSubAuthoritySid( - Sid: PSID, - SubAuthority: ULONG, - ) -> PULONG; - fn RtlSubAuthorityCountSid( - Sid: PSID, - ) -> PUCHAR; - fn RtlLengthSid( - Sid: PSID, - ) -> ULONG; - fn RtlCopySid( - DestinationSidLength: ULONG, - DestinationSid: PSID, - SourceSid: PSID, - ) -> NTSTATUS; - fn RtlCopySidAndAttributesArray( - Count: ULONG, - Src: PSID_AND_ATTRIBUTES, - SidAreaSize: ULONG, - Dest: PSID_AND_ATTRIBUTES, - SidArea: PSID, - RemainingSidArea: *mut PSID, - RemainingSidAreaSize: PULONG, - ) -> NTSTATUS; - fn RtlCreateServiceSid( - ServiceName: PUNICODE_STRING, - ServiceSid: PSID, - ServiceSidLength: PULONG, - ) -> NTSTATUS; - fn RtlSidDominates( - Sid1: PSID, - Sid2: PSID, - Dominates: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSidDominatesForTrust( - Sid1: PSID, - Sid2: PSID, - DominatesTrust: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSidEqualLevel( - Sid1: PSID, - Sid2: PSID, - EqualLevel: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSidIsHigherLevel( - Sid1: PSID, - Sid2: PSID, - HigherLevel: PBOOLEAN, - ) -> NTSTATUS; - fn RtlCreateVirtualAccountSid( - Name: PCUNICODE_STRING, - BaseSubAuthority: ULONG, - Sid: PSID, - SidLength: PULONG, - ) -> NTSTATUS; - fn RtlReplaceSidInSd( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - OldSid: PSID, - NewSid: PSID, - NumChanges: *mut ULONG, - ) -> NTSTATUS; -}} -pub const MAX_UNICODE_STACK_BUFFER_LENGTH: usize = 256; -EXTERN!{extern "system" { - fn RtlConvertSidToUnicodeString( - UnicodeString: PUNICODE_STRING, - Sid: PSID, - AllocateDestinationString: BOOLEAN, - ) -> NTSTATUS; - fn RtlSidHashInitialize( - SidAttr: PSID_AND_ATTRIBUTES, - SidCount: ULONG, - SidAttrHash: PSID_AND_ATTRIBUTES_HASH, - ) -> NTSTATUS; - fn RtlSidHashLookup( - SidAttrHash: PSID_AND_ATTRIBUTES_HASH, - Sid: PSID, - ) -> PSID_AND_ATTRIBUTES; - fn RtlIsElevatedRid( - SidAttr: PSID_AND_ATTRIBUTES, - ) -> BOOLEAN; - fn RtlDeriveCapabilitySidsFromName( - UnicodeString: PUNICODE_STRING, - CapabilityGroupSid: PSID, - CapabilitySid: PSID, - ) -> NTSTATUS; - fn RtlCreateSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Revision: ULONG, - ) -> NTSTATUS; - fn RtlValidSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ) -> BOOLEAN; - fn RtlLengthSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ) -> ULONG; - fn RtlValidRelativeSecurityDescriptor( - SecurityDescriptorInput: PSECURITY_DESCRIPTOR, - SecurityDescriptorLength: ULONG, - RequiredInformation: SECURITY_INFORMATION, - ) -> BOOLEAN; - fn RtlGetControlSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Control: PSECURITY_DESCRIPTOR_CONTROL, - Revision: PULONG, - ) -> NTSTATUS; - fn RtlSetControlSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ControlBitsOfInterest: SECURITY_DESCRIPTOR_CONTROL, - ControlBitsToSet: SECURITY_DESCRIPTOR_CONTROL, - ) -> NTSTATUS; - fn RtlSetAttributesSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Control: SECURITY_DESCRIPTOR_CONTROL, - Revision: PULONG, - ) -> NTSTATUS; - fn RtlGetSecurityDescriptorRMControl( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - RMControl: PUCHAR, - ) -> BOOLEAN; - fn RtlSetSecurityDescriptorRMControl( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - RMControl: PUCHAR, - ); - fn RtlSetDaclSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - DaclPresent: BOOLEAN, - Dacl: PACL, - DaclDefaulted: BOOLEAN, - ) -> NTSTATUS; - fn RtlGetDaclSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - DaclPresent: PBOOLEAN, - Dacl: *mut PACL, - DaclDefaulted: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSetSaclSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - SaclPresent: BOOLEAN, - Sacl: PACL, - SaclDefaulted: BOOLEAN, - ) -> NTSTATUS; - fn RtlGetSaclSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - SaclPresent: PBOOLEAN, - Sacl: *mut PACL, - SaclDefaulted: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSetOwnerSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Owner: PSID, - OwnerDefaulted: BOOLEAN, - ) -> NTSTATUS; - fn RtlGetOwnerSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Owner: *mut PSID, - OwnerDefaulted: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSetGroupSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Group: PSID, - GroupDefaulted: BOOLEAN, - ) -> NTSTATUS; - fn RtlGetGroupSecurityDescriptor( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Group: *mut PSID, - GroupDefaulted: PBOOLEAN, - ) -> NTSTATUS; - fn RtlMakeSelfRelativeSD( - AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, - SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, - BufferLength: PULONG, - ) -> NTSTATUS; - fn RtlAbsoluteToSelfRelativeSD( - AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, - SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, - BufferLength: PULONG, - ) -> NTSTATUS; - fn RtlSelfRelativeToAbsoluteSD( - SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, - AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, - AbsoluteSecurityDescriptorSize: PULONG, - Dacl: PACL, - DaclSize: PULONG, - Sacl: PACL, - SaclSize: PULONG, - Owner: PSID, - OwnerSize: PULONG, - PrimaryGroup: PSID, - PrimaryGroupSize: PULONG, - ) -> NTSTATUS; - fn RtlSelfRelativeToAbsoluteSD2( - pSelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, - pBufferSize: PULONG, - ) -> NTSTATUS; - fn RtlAreAllAccessesGranted( - GrantedAccess: ACCESS_MASK, - DesiredAccess: ACCESS_MASK, - ) -> BOOLEAN; - fn RtlAreAnyAccessesGranted( - GrantedAccess: ACCESS_MASK, - DesiredAccess: ACCESS_MASK, - ) -> BOOLEAN; - fn RtlMapGenericMask( - AccessMask: PACCESS_MASK, - GenericMapping: PGENERIC_MAPPING, - ); - fn RtlCreateAcl( - Acl: PACL, - AclLength: ULONG, - AclRevision: ULONG, - ) -> NTSTATUS; - fn RtlValidAcl( - Acl: PACL, - ) -> BOOLEAN; - fn RtlQueryInformationAcl( - Acl: PACL, - AclInformation: PVOID, - AclInformationLength: ULONG, - AclInformationClass: ACL_INFORMATION_CLASS, - ) -> NTSTATUS; - fn RtlSetInformationAcl( - Acl: PACL, - AclInformation: PVOID, - AclInformationLength: ULONG, - AclInformationClass: ACL_INFORMATION_CLASS, - ) -> NTSTATUS; - fn RtlAddAce( - Acl: PACL, - AceRevision: ULONG, - StartingAceIndex: ULONG, - AceList: PVOID, - AceListLength: ULONG, - ) -> NTSTATUS; - fn RtlDeleteAce( - Acl: PACL, - AceIndex: ULONG, - ) -> NTSTATUS; - fn RtlGetAce( - Acl: PACL, - AceIndex: ULONG, - Ace: *mut PVOID, - ) -> NTSTATUS; - fn RtlFirstFreeAce( - Acl: PACL, - FirstFree: *mut PVOID, - ) -> BOOLEAN; - fn RtlFindAceByType( - pAcl: PACL, - AceType: UCHAR, - pIndex: PULONG, - ) -> PVOID; - fn RtlOwnerAcesPresent( - pAcl: PACL, - ) -> BOOLEAN; - fn RtlAddAccessAllowedAce( - Acl: PACL, - AceRevision: ULONG, - AccessMask: ACCESS_MASK, - Sid: PSID, - ) -> NTSTATUS; - fn RtlAddAccessAllowedAceEx( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - AccessMask: ACCESS_MASK, - Sid: PSID, - ) -> NTSTATUS; - fn RtlAddAccessDeniedAce( - Acl: PACL, - AceRevision: ULONG, - AccessMask: ACCESS_MASK, - Sid: PSID, - ) -> NTSTATUS; - fn RtlAddAccessDeniedAceEx( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - AccessMask: ACCESS_MASK, - Sid: PSID, - ) -> NTSTATUS; - fn RtlAddAuditAccessAce( - Acl: PACL, - AceRevision: ULONG, - AccessMask: ACCESS_MASK, - Sid: PSID, - AuditSuccess: BOOLEAN, - AuditFailure: BOOLEAN, - ) -> NTSTATUS; - fn RtlAddAuditAccessAceEx( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - AccessMask: ACCESS_MASK, - Sid: PSID, - AuditSuccess: BOOLEAN, - AuditFailure: BOOLEAN, - ) -> NTSTATUS; - fn RtlAddAccessAllowedObjectAce( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - AccessMask: ACCESS_MASK, - ObjectTypeGuid: *mut GUID, - InheritedObjectTypeGuid: *mut GUID, - Sid: PSID, - ) -> NTSTATUS; - fn RtlAddAccessDeniedObjectAce( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - AccessMask: ACCESS_MASK, - ObjectTypeGuid: *mut GUID, - InheritedObjectTypeGuid: *mut GUID, - Sid: PSID, - ) -> NTSTATUS; - fn RtlAddAuditAccessObjectAce( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - AccessMask: ACCESS_MASK, - ObjectTypeGuid: *mut GUID, - InheritedObjectTypeGuid: *mut GUID, - Sid: PSID, - AuditSuccess: BOOLEAN, - AuditFailure: BOOLEAN, - ) -> NTSTATUS; - fn RtlAddCompoundAce( - Acl: PACL, - AceRevision: ULONG, - AceType: UCHAR, - AccessMask: ACCESS_MASK, - ServerSid: PSID, - ClientSid: PSID, - ) -> NTSTATUS; - fn RtlAddMandatoryAce( - Acl: PACL, - AceRevision: ULONG, - AceFlags: ULONG, - Sid: PSID, - AceType: UCHAR, - AccessMask: ACCESS_MASK, - ) -> NTSTATUS; - fn RtlDefaultNpAcl( - Acl: *mut PACL, - ) -> NTSTATUS; - fn RtlNewSecurityObject( - ParentDescriptor: PSECURITY_DESCRIPTOR, - CreatorDescriptor: PSECURITY_DESCRIPTOR, - NewDescriptor: *mut PSECURITY_DESCRIPTOR, - IsDirectoryObject: BOOLEAN, - Token: HANDLE, - GenericMapping: PGENERIC_MAPPING, - ) -> NTSTATUS; - fn RtlNewSecurityObjectEx( - ParentDescriptor: PSECURITY_DESCRIPTOR, - CreatorDescriptor: PSECURITY_DESCRIPTOR, - NewDescriptor: *mut PSECURITY_DESCRIPTOR, - ObjectType: *mut GUID, - IsDirectoryObject: BOOLEAN, - AutoInheritFlags: ULONG, - Token: HANDLE, - GenericMapping: PGENERIC_MAPPING, - ) -> NTSTATUS; - fn RtlNewSecurityObjectWithMultipleInheritance( - ParentDescriptor: PSECURITY_DESCRIPTOR, - CreatorDescriptor: PSECURITY_DESCRIPTOR, - NewDescriptor: *mut PSECURITY_DESCRIPTOR, - ObjectType: *mut *mut GUID, - GuidCount: ULONG, - IsDirectoryObject: BOOLEAN, - AutoInheritFlags: ULONG, - Token: HANDLE, - GenericMapping: PGENERIC_MAPPING, - ) -> NTSTATUS; - fn RtlDeleteSecurityObject( - ObjectDescriptor: *mut PSECURITY_DESCRIPTOR, - ) -> NTSTATUS; - fn RtlQuerySecurityObject( - ObjectDescriptor: PSECURITY_DESCRIPTOR, - SecurityInformation: SECURITY_INFORMATION, - ResultantDescriptor: PSECURITY_DESCRIPTOR, - DescriptorLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn RtlSetSecurityObject( - SecurityInformation: SECURITY_INFORMATION, - ModificationDescriptor: PSECURITY_DESCRIPTOR, - ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, - GenericMapping: PGENERIC_MAPPING, - Token: HANDLE, - ) -> NTSTATUS; - fn RtlSetSecurityObjectEx( - SecurityInformation: SECURITY_INFORMATION, - ModificationDescriptor: PSECURITY_DESCRIPTOR, - ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, - AutoInheritFlags: ULONG, - GenericMapping: PGENERIC_MAPPING, - Token: HANDLE, - ) -> NTSTATUS; - fn RtlConvertToAutoInheritSecurityObject( - ParentDescriptor: PSECURITY_DESCRIPTOR, - CurrentSecurityDescriptor: PSECURITY_DESCRIPTOR, - NewSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, - ObjectType: *mut GUID, - IsDirectoryObject: BOOLEAN, - GenericMapping: PGENERIC_MAPPING, - ) -> NTSTATUS; - fn RtlNewInstanceSecurityObject( - ParentDescriptorChanged: BOOLEAN, - CreatorDescriptorChanged: BOOLEAN, - OldClientTokenModifiedId: PLUID, - NewClientTokenModifiedId: PLUID, - ParentDescriptor: PSECURITY_DESCRIPTOR, - CreatorDescriptor: PSECURITY_DESCRIPTOR, - NewDescriptor: *mut PSECURITY_DESCRIPTOR, - IsDirectoryObject: BOOLEAN, - Token: HANDLE, - GenericMapping: PGENERIC_MAPPING, - ) -> NTSTATUS; - fn RtlCopySecurityDescriptor( - InputSecurityDescriptor: PSECURITY_DESCRIPTOR, - OutputSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, - ) -> NTSTATUS; - fn RtlRunEncodeUnicodeString( - Seed: PUCHAR, - String: PUNICODE_STRING, - ); - fn RtlRunDecodeUnicodeString( - Seed: UCHAR, - String: PUNICODE_STRING, - ); - fn RtlImpersonateSelf( - ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL, - ) -> NTSTATUS; - fn RtlImpersonateSelfEx( - ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL, - AdditionalAccess: ACCESS_MASK, - ThreadToken: PHANDLE, - ) -> NTSTATUS; - fn RtlAdjustPrivilege( - Privilege: ULONG, - Enable: BOOLEAN, - Client: BOOLEAN, - WasEnabled: PBOOLEAN, - ) -> NTSTATUS; -}} -pub const RTL_ACQUIRE_PRIVILEGE_REVERT: ULONG = 0x00000001; -pub const RTL_ACQUIRE_PRIVILEGE_PROCESS: ULONG = 0x00000002; -EXTERN!{extern "system" { - fn RtlAcquirePrivilege( - Privilege: PULONG, - NumPriv: ULONG, - Flags: ULONG, - ReturnedState: *mut PVOID, - ) -> NTSTATUS; - fn RtlReleasePrivilege( - StatePointer: PVOID, - ); - fn RtlRemovePrivileges( - TokenHandle: HANDLE, - PrivilegesToKeep: PULONG, - PrivilegeCount: ULONG, - ) -> NTSTATUS; - fn RtlIsUntrustedObject( - Handle: HANDLE, - Object: PVOID, - IsUntrustedObject: PBOOLEAN, - ) -> NTSTATUS; - fn RtlQueryValidationRunlevel( - ComponentName: PUNICODE_STRING, - ) -> ULONG; - fn RtlCreateBoundaryDescriptor( - Name: PUNICODE_STRING, - Flags: ULONG, - ) -> PVOID; - fn RtlDeleteBoundaryDescriptor( - BoundaryDescriptor: PVOID, - ); - fn RtlAddSIDToBoundaryDescriptor( - BoundaryDescriptor: *mut PVOID, - RequiredSid: PSID, - ) -> NTSTATUS; - fn RtlAddIntegrityLabelToBoundaryDescriptor( - BoundaryDescriptor: *mut PVOID, - IntegrityLabel: PSID, - ) -> NTSTATUS; - fn RtlGetVersion( - lpVersionInformation: PRTL_OSVERSIONINFOW, - ) -> NTSTATUS; - fn RtlVerifyVersionInfo( - VersionInfo: PRTL_OSVERSIONINFOEXW, - TypeMask: ULONG, - ConditionMask: ULONGLONG, - ) -> NTSTATUS; - fn RtlGetNtVersionNumbers( - NtMajorVersion: PULONG, - NtMinorVersion: PULONG, - NtBuildNumber: PULONG, - ); - fn RtlGetNtGlobalFlags() -> ULONG; - fn RtlGetNtProductType( - NtProductType: PNT_PRODUCT_TYPE, - ) -> BOOLEAN; - fn RtlGetSuiteMask() -> ULONG; - fn RtlRegisterWait( - WaitHandle: PHANDLE, - Handle: HANDLE, - Function: WAITORTIMERCALLBACKFUNC, - Context: PVOID, - Milliseconds: ULONG, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlDeregisterWait( - WaitHandle: HANDLE, - ) -> NTSTATUS; - fn RtlDeregisterWaitEx( - WaitHandle: HANDLE, - Event: HANDLE, - ) -> NTSTATUS; - fn RtlQueueWorkItem( - Function: WORKERCALLBACKFUNC, - Context: PVOID, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlSetIoCompletionCallback( - FileHandle: HANDLE, - CompletionProc: APC_CALLBACK_FUNCTION, - Flags: ULONG, - ) -> NTSTATUS; -}} -FN!{stdcall PRTL_START_POOL_THREAD( - Function: PTHREAD_START_ROUTINE, - Parameter: PVOID, - ThreadHandle: PHANDLE, -) -> NTSTATUS} -FN!{stdcall PRTL_EXIT_POOL_THREAD( - ExitStatus: NTSTATUS, -) -> NTSTATUS} -EXTERN!{extern "system" { - fn RtlSetThreadPoolStartFunc( - StartPoolThread: PRTL_START_POOL_THREAD, - ExitPoolThread: PRTL_EXIT_POOL_THREAD, - ) -> NTSTATUS; - fn RtlUserThreadStart( - Function: PTHREAD_START_ROUTINE, - Parameter: PVOID, - ); - fn LdrInitializeThunk( - ContextRecord: PCONTEXT, - Parameter: PVOID, - ); - fn RtlCreateTimerQueue( - TimerQueueHandle: PHANDLE, - ) -> NTSTATUS; - fn RtlCreateTimer( - TimerQueueHandle: HANDLE, - Handle: PHANDLE, - Function: WAITORTIMERCALLBACKFUNC, - Context: PVOID, - DueTime: ULONG, - Period: ULONG, - Flags: ULONG, - ) -> NTSTATUS; - fn RtlUpdateTimer( - TimerQueueHandle: HANDLE, - TimerHandle: HANDLE, - DueTime: ULONG, - Period: ULONG, - ) -> NTSTATUS; - fn RtlDeleteTimer( - TimerQueueHandle: HANDLE, - TimerToCancel: HANDLE, - Event: HANDLE, - ) -> NTSTATUS; - fn RtlDeleteTimerQueue( - TimerQueueHandle: HANDLE, - ) -> NTSTATUS; - fn RtlDeleteTimerQueueEx( - TimerQueueHandle: HANDLE, - Event: HANDLE, - ) -> NTSTATUS; - fn RtlFormatCurrentUserKeyPath( - CurrentUserKeyPath: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlOpenCurrentUser( - DesiredAccess: ACCESS_MASK, - CurrentUserKey: PHANDLE, - ) -> NTSTATUS; -}} -pub const RTL_REGISTRY_ABSOLUTE: ULONG = 0; -pub const RTL_REGISTRY_SERVICES: ULONG = 1; -pub const RTL_REGISTRY_CONTROL: ULONG = 2; -pub const RTL_REGISTRY_WINDOWS_NT: ULONG = 3; -pub const RTL_REGISTRY_DEVICEMAP: ULONG = 4; -pub const RTL_REGISTRY_USER: ULONG = 5; -pub const RTL_REGISTRY_MAXIMUM: ULONG = 6; -pub const RTL_REGISTRY_HANDLE: ULONG = 0x40000000; -pub const RTL_REGISTRY_OPTIONAL: ULONG = 0x80000000; -EXTERN!{extern "system" { - fn RtlCreateRegistryKey( - RelativeTo: ULONG, - Path: PWSTR, - ) -> NTSTATUS; - fn RtlCheckRegistryKey( - RelativeTo: ULONG, - Path: PWSTR, - ) -> NTSTATUS; -}} -FN!{stdcall PRTL_QUERY_REGISTRY_ROUTINE( - ValueName: PWSTR, - ValueType: ULONG, - ValueData: PVOID, - ValueLength: ULONG, - Context: PVOID, - EntryContext: PVOID, -) -> NTSTATUS} -STRUCT!{struct RTL_QUERY_REGISTRY_TABLE { - QueryRoutine: PRTL_QUERY_REGISTRY_ROUTINE, - Flags: ULONG, - Name: PWSTR, - EntryContext: PVOID, - DefaultType: ULONG, - DefaultData: PVOID, - DefaultLength: ULONG, -}} -pub type PRTL_QUERY_REGISTRY_TABLE = *mut RTL_QUERY_REGISTRY_TABLE; -pub const RTL_QUERY_REGISTRY_SUBKEY: ULONG = 0x00000001; -pub const RTL_QUERY_REGISTRY_TOPKEY: ULONG = 0x00000002; -pub const RTL_QUERY_REGISTRY_REQUIRED: ULONG = 0x00000004; -pub const RTL_QUERY_REGISTRY_NOVALUE: ULONG = 0x00000008; -pub const RTL_QUERY_REGISTRY_NOEXPAND: ULONG = 0x00000010; -pub const RTL_QUERY_REGISTRY_DIRECT: ULONG = 0x00000020; -pub const RTL_QUERY_REGISTRY_DELETE: ULONG = 0x00000040; -EXTERN!{extern "system" { - fn RtlQueryRegistryValues( - RelativeTo: ULONG, - Path: PCWSTR, - QueryTable: PRTL_QUERY_REGISTRY_TABLE, - Context: PVOID, - Environment: PVOID, - ) -> NTSTATUS; - fn RtlQueryRegistryValuesEx( - RelativeTo: ULONG, - Path: PWSTR, - QueryTable: PRTL_QUERY_REGISTRY_TABLE, - Context: PVOID, - Environment: PVOID, - ) -> NTSTATUS; - fn RtlWriteRegistryValue( - RelativeTo: ULONG, - Path: PCWSTR, - ValueName: PCWSTR, - ValueType: ULONG, - ValueData: PVOID, - ValueLength: ULONG, - ) -> NTSTATUS; - fn RtlDeleteRegistryValue( - RelativeTo: ULONG, - Path: PCWSTR, - ValueName: PCWSTR, - ) -> NTSTATUS; - fn RtlEnableThreadProfiling( - ThreadHandle: HANDLE, - Flags: ULONG, - HardwareCounters: ULONG64, - PerformanceDataHandle: *mut PVOID, - ) -> NTSTATUS; - fn RtlDisableThreadProfiling( - PerformanceDataHandle: PVOID, - ) -> NTSTATUS; - fn RtlQueryThreadProfiling( - ThreadHandle: HANDLE, - Enabled: PBOOLEAN, - ) -> NTSTATUS; - fn RtlReadThreadProfilingData( - PerformanceDataHandle: HANDLE, - Flags: ULONG, - PerformanceData: PPERFORMANCE_DATA, - ) -> NTSTATUS; - fn RtlGetNativeSystemInformation( - SystemInformationClass: ULONG, - NativeSystemInformation: PVOID, - InformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn RtlQueueApcWow64Thread( - ThreadHandle: HANDLE, - ApcRoutine: PPS_APC_ROUTINE, - ApcArgument1: PVOID, - ApcArgument2: PVOID, - ApcArgument3: PVOID, - ) -> NTSTATUS; - fn RtlWow64EnableFsRedirection( - Wow64FsEnableRedirection: BOOLEAN, - ) -> NTSTATUS; - fn RtlWow64EnableFsRedirectionEx( - Wow64FsEnableRedirection: PVOID, - OldFsRedirectionLevel: *mut PVOID, - ) -> NTSTATUS; - fn RtlComputeCrc32( - PartialCrc: ULONG32, - Buffer: PVOID, - Length: ULONG, - ) -> ULONG32; - fn RtlEncodePointer( - Ptr: PVOID, - ) -> PVOID; - fn RtlDecodePointer( - Ptr: PVOID, - ) -> PVOID; - fn RtlEncodeSystemPointer( - Ptr: PVOID, - ) -> PVOID; - fn RtlDecodeSystemPointer( - Ptr: PVOID, - ) -> PVOID; - fn RtlEncodeRemotePointer( - ProcessHandle: HANDLE, - Pointer: PVOID, - EncodedPointer: *mut PVOID, - ) -> NTSTATUS; - fn RtlDecodeRemotePointer( - ProcessHandle: HANDLE, - Pointer: PVOID, - DecodedPointer: *mut PVOID, - ) -> NTSTATUS; - fn RtlIsProcessorFeaturePresent( - ProcessorFeature: ULONG, - ) -> BOOLEAN; - fn RtlGetCurrentProcessorNumber() -> ULONG; - fn RtlGetCurrentProcessorNumberEx( - ProcessorNumber: PPROCESSOR_NUMBER, - ); - fn RtlPushFrame( - Frame: PTEB_ACTIVE_FRAME, - ); - fn RtlPopFrame( - Frame: PTEB_ACTIVE_FRAME, - ); - fn RtlGetFrame() -> PTEB_ACTIVE_FRAME; -}} -pub const RTL_WALK_USER_MODE_STACK: ULONG = 0x00000001; -pub const RTL_WALK_VALID_FLAGS: ULONG = 0x00000001; -pub const RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT: ULONG = 0x00000008; -EXTERN!{extern "system" { - fn RtlWalkFrameChain( - Callers: *mut PVOID, - Count: ULONG, - Flags: ULONG, - ) -> ULONG; - fn RtlGetCallersAddress( - CallersAddress: *mut PVOID, - CallersCaller: *mut PVOID, - ); - fn RtlGetEnabledExtendedFeatures( - FeatureMask: ULONG64, - ) -> ULONG64; - fn RtlGetEnabledExtendedAndSupervisorFeatures( - FeatureMask: ULONG64, - ) -> ULONG64; - fn RtlLocateSupervisorFeature( - XStateHeader: PXSAVE_AREA_HEADER, - FeatureId: ULONG, - Length: PULONG, - ) -> PVOID; -}} -STRUCT!{struct RTL_ELEVATION_FLAGS { - Flags: ULONG, -}} -BITFIELD!{RTL_ELEVATION_FLAGS Flags: ULONG [ - ElevationEnabled set_ElevationEnabled[0..1], - VirtualizationEnabled set_VirtualizationEnabled[1..2], - InstallerDetectEnabled set_InstallerDetectEnabled[2..3], - ReservedBits set_ReservedBits[3..32], -]} -pub type PRTL_ELEVATION_FLAGS = *mut RTL_ELEVATION_FLAGS; -EXTERN!{extern "system" { - fn RtlQueryElevationFlags( - Flags: PRTL_ELEVATION_FLAGS, - ) -> NTSTATUS; - fn RtlRegisterThreadWithCsrss() -> NTSTATUS; - fn RtlLockCurrentThread() -> NTSTATUS; - fn RtlUnlockCurrentThread() -> NTSTATUS; - fn RtlLockModuleSection( - Address: PVOID, - ) -> NTSTATUS; - fn RtlUnlockModuleSection( - Address: PVOID, - ) -> NTSTATUS; -}} -pub const RTL_UNLOAD_EVENT_TRACE_NUMBER: u32 = 64; -STRUCT!{struct RTL_UNLOAD_EVENT_TRACE { - BaseAddress: PVOID, - SizeOfImage: SIZE_T, - Sequence: ULONG, - TimeDateStamp: ULONG, - CheckSum: ULONG, - ImageName: [WCHAR; 32], - Version: [ULONG; 2], -}} -pub type PRTL_UNLOAD_EVENT_TRACE = *mut RTL_UNLOAD_EVENT_TRACE; -STRUCT!{struct RTL_UNLOAD_EVENT_TRACE32 { - BaseAddress: ULONG, - SizeOfImage: ULONG, - Sequence: ULONG, - TimeDateStamp: ULONG, - CheckSum: ULONG, - ImageName: [WCHAR; 32], - Version: [ULONG; 2], -}} -pub type PRTL_UNLOAD_EVENT_TRACE32 = *mut RTL_UNLOAD_EVENT_TRACE32; -EXTERN!{extern "system" { - fn RtlGetUnloadEventTrace() -> PRTL_UNLOAD_EVENT_TRACE; - fn RtlGetUnloadEventTraceEx( - ElementSize: *mut PULONG, - ElementCount: *mut PULONG, - EventTrace: *mut PVOID, - ); - fn RtlQueryPerformanceCounter( - PerformanceCounter: PLARGE_INTEGER, - ) -> LOGICAL; - fn RtlQueryPerformanceFrequency( - PerformanceFrequency: PLARGE_INTEGER, - ) -> LOGICAL; -}} -ENUM!{enum IMAGE_MITIGATION_POLICY { - ImageDepPolicy = 0, - ImageAslrPolicy = 1, - ImageDynamicCodePolicy = 2, - ImageStrictHandleCheckPolicy = 3, - ImageSystemCallDisablePolicy = 4, - ImageMitigationOptionsMask = 5, - ImageExtensionPointDisablePolicy = 6, - ImageControlFlowGuardPolicy = 7, - ImageSignaturePolicy = 8, - ImageFontDisablePolicy = 9, - ImageImageLoadPolicy = 10, - ImagePayloadRestrictionPolicy = 11, - ImageChildProcessPolicy = 12, - ImageSehopPolicy = 13, - ImageHeapPolicy = 14, - MaxImageMitigationPolicy = 15, -}} -UNION!{union RTL_IMAGE_MITIGATION_POLICY { - Bitfields1: ULONG64, - Bitfields2: ULONG64, -}} -BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields1: ULONG64 [ - AuditState set_AuditState[0..2], - AuditFlag set_AuditFlag[2..3], - EnableAdditionalAuditingOption set_EnableAdditionalAuditingOption[3..4], - Reserved set_Reserved[4..64], -]} -BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields2: ULONG64 [ - PolicyState set_PolicyState[0..2], - AlwaysInherit set_AlwaysInherit[2..3], - EnableAdditionalPolicyOption set_EnableAdditionalPolicyOption[3..4], - AuditReserved set_AuditReserved[4..64], -]} -pub type PRTL_IMAGE_MITIGATION_POLICY = *mut RTL_IMAGE_MITIGATION_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_DEP_POLICY { - Dep: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_DEP_POLICY = *mut RTL_IMAGE_MITIGATION_DEP_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_ASLR_POLICY { - ForceRelocateImages: RTL_IMAGE_MITIGATION_POLICY, - BottomUpRandomization: RTL_IMAGE_MITIGATION_POLICY, - HighEntropyRandomization: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_ASLR_POLICY = *mut RTL_IMAGE_MITIGATION_ASLR_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY { - BlockDynamicCode: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY = *mut RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY { - StrictHandleChecks: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY = - *mut RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { - BlockWin32kSystemCalls: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY = - *mut RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { - DisableExtensionPoints: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY = - *mut RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY { - ControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY, - StrictControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY = - *mut RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY { - BlockNonMicrosoftSignedBinaries: RTL_IMAGE_MITIGATION_POLICY, - EnforceSigningOnModuleDependencies: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY = - *mut RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY { - DisableNonSystemFonts: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY = *mut RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY { - BlockRemoteImageLoads: RTL_IMAGE_MITIGATION_POLICY, - BlockLowLabelImageLoads: RTL_IMAGE_MITIGATION_POLICY, - PreferSystem32: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY = *mut RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY { - EnableExportAddressFilter: RTL_IMAGE_MITIGATION_POLICY, - EnableExportAddressFilterPlus: RTL_IMAGE_MITIGATION_POLICY, - EnableImportAddressFilter: RTL_IMAGE_MITIGATION_POLICY, - EnableRopStackPivot: RTL_IMAGE_MITIGATION_POLICY, - EnableRopCallerCheck: RTL_IMAGE_MITIGATION_POLICY, - EnableRopSimExec: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY = - *mut RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY { - DisallowChildProcessCreation: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY = - *mut RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_SEHOP_POLICY { - Sehop: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_SEHOP_POLICY = *mut RTL_IMAGE_MITIGATION_SEHOP_POLICY; -STRUCT!{struct RTL_IMAGE_MITIGATION_HEAP_POLICY { - TerminateOnHeapErrors: RTL_IMAGE_MITIGATION_POLICY, -}} -pub type PRTL_IMAGE_MITIGATION_HEAP_POLICY = *mut RTL_IMAGE_MITIGATION_HEAP_POLICY; -ENUM!{enum RTL_IMAGE_MITIGATION_OPTION_STATE { - RtlMitigationOptionStateNotConfigured = 0, - RtlMitigationOptionStateOn = 1, - RtlMitigationOptionStateOff = 2, -}} -pub const RTL_IMAGE_MITIGATION_FLAG_RESET: ULONG = 0x1; -pub const RTL_IMAGE_MITIGATION_FLAG_REMOVE: ULONG = 0x2; -pub const RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT: ULONG = 0x4; -pub const RTL_IMAGE_MITIGATION_FLAG_AUDIT: ULONG = 0x8; -EXTERN!{extern "system" { - fn RtlQueryImageMitigationPolicy( - ImagePath: PWSTR, - Policy: IMAGE_MITIGATION_POLICY, - Flags: ULONG, - Buffer: PVOID, - BufferSize: ULONG, - ) -> NTSTATUS; - fn RtlSetImageMitigationPolicy( - ImagePath: PWSTR, - Policy: IMAGE_MITIGATION_POLICY, - Flags: ULONG, - Buffer: PVOID, - BufferSize: ULONG, - ) -> NTSTATUS; - fn RtlGetCurrentServiceSessionId() -> ULONG; - fn RtlGetActiveConsoleId() -> ULONG; - fn RtlGetConsoleSessionForegroundProcessId() -> ULONGLONG; - fn RtlGetTokenNamedObjectPath( - Token: HANDLE, - Sid: PSID, - ObjectPath: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlGetAppContainerNamedObjectPath( - Token: HANDLE, - AppContainerSid: PSID, - RelativePath: BOOLEAN, - ObjectPath: PUNICODE_STRING, - ) -> NTSTATUS; - fn RtlGetAppContainerParent( - AppContainerSid: PSID, - AppContainerSidParent: *mut PSID, - ) -> NTSTATUS; - fn RtlCheckSandboxedToken( - TokenHandle: HANDLE, - IsSandboxed: PBOOLEAN, - ) -> NTSTATUS; - fn RtlCheckTokenCapability( - TokenHandle: HANDLE, - CapabilitySidToCheck: PSID, - HasCapability: PBOOLEAN, - ) -> NTSTATUS; - fn RtlCapabilityCheck( - TokenHandle: HANDLE, - CapabilityName: PUNICODE_STRING, - HasCapability: PBOOLEAN, - ) -> NTSTATUS; - fn RtlCheckTokenMembership( - TokenHandle: HANDLE, - SidToCheck: PSID, - IsMember: PBOOLEAN, - ) -> NTSTATUS; - fn RtlCheckTokenMembershipEx( - TokenHandle: HANDLE, - SidToCheck: PSID, - Flags: ULONG, - IsMember: PBOOLEAN, - ) -> NTSTATUS; - fn RtlIsParentOfChildAppContainer( - ParentAppContainerSid: PSID, - ChildAppContainerSid: PSID, - ) -> NTSTATUS; - fn RtlIsCapabilitySid( - Sid: PSID, - ) -> BOOLEAN; - fn RtlIsPackageSid( - Sid: PSID, - ) -> BOOLEAN; - fn RtlIsValidProcessTrustLabelSid( - Sid: PSID, - ) -> BOOLEAN; - fn RtlIsStateSeparationEnabled() -> BOOLEAN; -}} -ENUM!{enum APPCONTAINER_SID_TYPE { - NotAppContainerSidType = 0, - ChildAppContainerSidType = 1, - ParentAppContainerSidType = 2, - InvalidAppContainerSidType = 3, - MaxAppContainerSidType = 4, -}} -pub type PAPPCONTAINER_SID_TYPE = *mut APPCONTAINER_SID_TYPE; -EXTERN!{extern "system" { - fn RtlGetAppContainerSidType( - AppContainerSid: PSID, - AppContainerSidType: PAPPCONTAINER_SID_TYPE, - ) -> NTSTATUS; - fn RtlFlsAlloc( - Callback: PFLS_CALLBACK_FUNCTION, - FlsIndex: PULONG, - ) -> NTSTATUS; - fn RtlFlsFree( - FlsIndex: ULONG, - ) -> NTSTATUS; -}} -ENUM!{enum STATE_LOCATION_TYPE { - LocationTypeRegistry = 0, - LocationTypeFileSystem = 1, - LocationTypeMaximum = 2, -}} -EXTERN!{extern "system" { - fn RtlGetPersistedStateLocation( - SourceID: PCWSTR, - CustomValue: PCWSTR, - DefaultPath: PCWSTR, - StateLocationType: STATE_LOCATION_TYPE, - TargetPath: PWCHAR, - BufferLengthIn: ULONG, - BufferLengthOut: PULONG, - ) -> NTSTATUS; - fn RtlIsCloudFilesPlaceholder( - FileAttributes: ULONG, - ReparseTag: ULONG, - ) -> BOOLEAN; - fn RtlIsPartialPlaceholder( - FileAttributes: ULONG, - ReparseTag: ULONG, - ) -> BOOLEAN; - fn RtlIsPartialPlaceholderFileHandle( - FileHandle: HANDLE, - IsPartialPlaceholder: PBOOLEAN, - ) -> NTSTATUS; - fn RtlIsPartialPlaceholderFileInfo( - InfoBuffer: *const c_void, - InfoClass: FILE_INFORMATION_CLASS, - IsPartialPlaceholder: PBOOLEAN, - ) -> NTSTATUS; - fn RtlIsNonEmptyDirectoryReparsePointAllowed( - ReparseTag: ULONG, - ) -> BOOLEAN; - fn RtlAppxIsFileOwnedByTrustedInstaller( - FileHandle: HANDLE, - IsFileOwnedByTrustedInstaller: PBOOLEAN, - ) -> NTSTATUS; -}} -STRUCT!{struct PS_PKG_CLAIM { - Flags: ULONGLONG, - Origin: ULONGLONG, -}} -pub type PPS_PKG_CLAIM = *mut PS_PKG_CLAIM; -EXTERN!{extern "system" { - fn RtlQueryPackageClaims( - TokenHandle: HANDLE, - PackageFullName: PWSTR, - PackageSize: PSIZE_T, - AppId: PWSTR, - AppIdSize: PSIZE_T, - DynamicId: *mut GUID, - PkgClaim: PPS_PKG_CLAIM, - AttributesPresent: PULONG64, - ) -> NTSTATUS; - fn RtlQueryProtectedPolicy( - PolicyGuid: *mut GUID, - PolicyValue: PULONG_PTR, - ) -> NTSTATUS; - fn RtlSetProtectedPolicy( - PolicyGuid: *mut GUID, - PolicyValue: ULONG_PTR, - OldPolicyValue: PULONG_PTR, - ) -> NTSTATUS; - fn RtlIsMultiSessionSku() -> BOOLEAN; - fn RtlIsMultiUsersInSessionSku() -> BOOLEAN; -}} -ENUM!{enum RTL_BSD_ITEM_TYPE { - RtlBsdItemVersionNumber = 0, - RtlBsdItemProductType = 1, - RtlBsdItemAabEnabled = 2, - RtlBsdItemAabTimeout = 3, - RtlBsdItemBootGood = 4, - RtlBsdItemBootShutdown = 5, - RtlBsdSleepInProgress = 6, - RtlBsdPowerTransition = 7, - RtlBsdItemBootAttemptCount = 8, - RtlBsdItemBootCheckpoint = 9, - RtlBsdItemBootId = 10, - RtlBsdItemShutdownBootId = 11, - RtlBsdItemReportedAbnormalShutdownBootId = 12, - RtlBsdItemErrorInfo = 13, - RtlBsdItemPowerButtonPressInfo = 14, - RtlBsdItemChecksum = 15, - RtlBsdItemMax = 16, -}} -STRUCT!{struct RTL_BSD_ITEM { - Type: RTL_BSD_ITEM_TYPE, - DataBuffer: PVOID, - DataLength: ULONG, -}} -pub type PRTL_BSD_ITEM = *mut RTL_BSD_ITEM; -EXTERN!{extern "system" { - fn RtlCreateBootStatusDataFile() -> NTSTATUS; - fn RtlLockBootStatusData( - FileHandle: PHANDLE, - ) -> NTSTATUS; - fn RtlUnlockBootStatusData( - FileHandle: HANDLE, - ) -> NTSTATUS; - fn RtlGetSetBootStatusData( - FileHandle: HANDLE, - Read: BOOLEAN, - DataClass: RTL_BSD_ITEM_TYPE, - Buffer: PVOID, - BufferSize: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn RtlCheckBootStatusIntegrity( - FileHandle: HANDLE, - Verified: PBOOLEAN, - ) -> NTSTATUS; - fn RtlCheckPortableOperatingSystem( - IsPortable: PBOOLEAN, - ) -> NTSTATUS; - fn RtlSetPortableOperatingSystem( - IsPortable: BOOLEAN, - ) -> NTSTATUS; -}} -EXTERN!{extern "system" { - fn RtlOsDeploymentState( - Flags: DWORD, - ) -> OS_DEPLOYEMENT_STATE_VALUES; - fn RtlFindClosestEncodableLength( - SourceLength: ULONGLONG, - TargetLength: PULONGLONG, - ) -> NTSTATUS; -}} -FN!{stdcall PRTL_SECURE_MEMORY_CACHE_CALLBACK( - Address: PVOID, - Length: SIZE_T, -) -> NTSTATUS} -EXTERN!{extern "system" { - fn RtlRegisterSecureMemoryCacheCallback( - Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK, - ) -> NTSTATUS; - fn RtlDeregisterSecureMemoryCacheCallback( - Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK, - ) -> NTSTATUS; - fn RtlFlushSecureMemoryCache( - MemoryCache: PVOID, - MemoryLength: SIZE_T, - ) -> BOOLEAN; -}} diff --git a/vendor/ntapi/src/ntsam.rs b/vendor/ntapi/src/ntsam.rs deleted file mode 100644 index a591f0bd8..000000000 --- a/vendor/ntapi/src/ntsam.rs +++ /dev/null @@ -1,1077 +0,0 @@ -use crate::string::UTF8Const; -use winapi::shared::basetsd::ULONG64; -use winapi::shared::minwindef::DWORD; -use winapi::shared::ntdef::{ - BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, OEM_STRING, PLARGE_INTEGER, POBJECT_ATTRIBUTES, - PUCHAR, PULONG, PUNICODE_STRING, PVOID, PWSTR, ULONG, UNICODE_STRING, USHORT, -}; -use winapi::um::ntsecapi::PDOMAIN_PASSWORD_INFORMATION; -use winapi::um::subauth::LOGON_HOURS; -use winapi::um::winnt::{ - ACCESS_MASK, PSECURITY_DESCRIPTOR, PSID, PSID_NAME_USE, SECURITY_INFORMATION, SID_NAME_USE, - STANDARD_RIGHTS_EXECUTE, STANDARD_RIGHTS_READ, STANDARD_RIGHTS_REQUIRED, STANDARD_RIGHTS_WRITE, -}; -pub const SAM_MAXIMUM_LOOKUP_COUNT: u32 = 1000; -pub const SAM_MAXIMUM_LOOKUP_LENGTH: u32 = 32000; -pub const SAM_MAX_PASSWORD_LENGTH: u32 = 256; -pub const SAM_PASSWORD_ENCRYPTION_SALT_LEN: u32 = 16; -pub type PSAM_HANDLE = *mut PVOID; -pub type SAM_HANDLE = PVOID; -pub type SAM_ENUMERATE_HANDLE = ULONG; -pub type PSAM_ENUMERATE_HANDLE = *mut ULONG; -STRUCT!{struct SAM_RID_ENUMERATION { - RelativeId: ULONG, - Name: UNICODE_STRING, -}} -pub type PSAM_RID_ENUMERATION = *mut SAM_RID_ENUMERATION; -STRUCT!{struct SAM_SID_ENUMERATION { - Sid: PSID, - Name: UNICODE_STRING, -}} -pub type PSAM_SID_ENUMERATION = *mut SAM_SID_ENUMERATION; -STRUCT!{struct SAM_BYTE_ARRAY { - Size: ULONG, - Data: PUCHAR, -}} -pub type PSAM_BYTE_ARRAY = *mut SAM_BYTE_ARRAY; -STRUCT!{struct SAM_BYTE_ARRAY_32K { - Size: ULONG, - Data: PUCHAR, -}} -pub type PSAM_BYTE_ARRAY_32K = *mut SAM_BYTE_ARRAY_32K; -pub type PSAM_SHELL_OBJECT_PROPERTIES = *mut SAM_BYTE_ARRAY_32K; -pub type SAM_SHELL_OBJECT_PROPERTIES = SAM_BYTE_ARRAY_32K; -EXTERN!{extern "system" { - fn SamFreeMemory( - Buffer: PVOID, - ) -> NTSTATUS; - fn SamCloseHandle( - SamHandle: SAM_HANDLE, - ) -> NTSTATUS; - fn SamSetSecurityObject( - ObjectHandle: SAM_HANDLE, - SecurityInformation: SECURITY_INFORMATION, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ) -> NTSTATUS; - fn SamQuerySecurityObject( - ObjectHandle: SAM_HANDLE, - SecurityInformation: SECURITY_INFORMATION, - SecurityDescriptor: *mut PSECURITY_DESCRIPTOR, - ) -> NTSTATUS; - fn SamRidToSid( - ObjectHandle: SAM_HANDLE, - Rid: ULONG, - Sid: *mut PSID, - ) -> NTSTATUS; -}} -pub const SAM_SERVER_CONNECT: ACCESS_MASK = 0x0001; -pub const SAM_SERVER_SHUTDOWN: ACCESS_MASK = 0x0002; -pub const SAM_SERVER_INITIALIZE: ACCESS_MASK = 0x0004; -pub const SAM_SERVER_CREATE_DOMAIN: ACCESS_MASK = 0x0008; -pub const SAM_SERVER_ENUMERATE_DOMAINS: ACCESS_MASK = 0x0010; -pub const SAM_SERVER_LOOKUP_DOMAIN: ACCESS_MASK = 0x0020; -pub const SAM_SERVER_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SAM_SERVER_CONNECT - | SAM_SERVER_INITIALIZE | SAM_SERVER_CREATE_DOMAIN | SAM_SERVER_SHUTDOWN - | SAM_SERVER_ENUMERATE_DOMAINS | SAM_SERVER_LOOKUP_DOMAIN; -pub const SAM_SERVER_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | SAM_SERVER_ENUMERATE_DOMAINS; -pub const SAM_SERVER_WRITE: ACCESS_MASK = - STANDARD_RIGHTS_WRITE | SAM_SERVER_INITIALIZE | SAM_SERVER_CREATE_DOMAIN | SAM_SERVER_SHUTDOWN; -pub const SAM_SERVER_EXECUTE: ACCESS_MASK = - STANDARD_RIGHTS_EXECUTE | SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN; -EXTERN!{extern "system" { - fn SamConnect( - ServerName: PUNICODE_STRING, - ServerHandle: PSAM_HANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn SamShutdownSamServer( - ServerHandle: SAM_HANDLE, - ) -> NTSTATUS; -}} -pub const DOMAIN_READ_PASSWORD_PARAMETERS: u32 = 0x0001; -pub const DOMAIN_WRITE_PASSWORD_PARAMS: u32 = 0x0002; -pub const DOMAIN_READ_OTHER_PARAMETERS: u32 = 0x0004; -pub const DOMAIN_WRITE_OTHER_PARAMETERS: u32 = 0x0008; -pub const DOMAIN_CREATE_USER: u32 = 0x0010; -pub const DOMAIN_CREATE_GROUP: u32 = 0x0020; -pub const DOMAIN_CREATE_ALIAS: u32 = 0x0040; -pub const DOMAIN_GET_ALIAS_MEMBERSHIP: u32 = 0x0080; -pub const DOMAIN_LIST_ACCOUNTS: u32 = 0x0100; -pub const DOMAIN_LOOKUP: u32 = 0x0200; -pub const DOMAIN_ADMINISTER_SERVER: u32 = 0x0400; -pub const DOMAIN_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | DOMAIN_READ_OTHER_PARAMETERS - | DOMAIN_WRITE_OTHER_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS | DOMAIN_CREATE_USER - | DOMAIN_CREATE_GROUP | DOMAIN_CREATE_ALIAS | DOMAIN_GET_ALIAS_MEMBERSHIP - | DOMAIN_LIST_ACCOUNTS | DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_LOOKUP - | DOMAIN_ADMINISTER_SERVER; -pub const DOMAIN_READ: u32 = - STANDARD_RIGHTS_READ | DOMAIN_GET_ALIAS_MEMBERSHIP | DOMAIN_READ_OTHER_PARAMETERS; -pub const DOMAIN_WRITE: u32 = STANDARD_RIGHTS_WRITE | DOMAIN_WRITE_OTHER_PARAMETERS - | DOMAIN_WRITE_PASSWORD_PARAMS | DOMAIN_CREATE_USER | DOMAIN_CREATE_GROUP | DOMAIN_CREATE_ALIAS - | DOMAIN_ADMINISTER_SERVER; -pub const DOMAIN_EXECUTE: u32 = STANDARD_RIGHTS_EXECUTE | DOMAIN_READ_PASSWORD_PARAMETERS - | DOMAIN_LIST_ACCOUNTS | DOMAIN_LOOKUP; -ENUM!{enum DOMAIN_INFORMATION_CLASS { - DomainPasswordInformation = 1, - DomainGeneralInformation = 2, - DomainLogoffInformation = 3, - DomainOemInformation = 4, - DomainNameInformation = 5, - DomainReplicationInformation = 6, - DomainServerRoleInformation = 7, - DomainModifiedInformation = 8, - DomainStateInformation = 9, - DomainUasInformation = 10, - DomainGeneralInformation2 = 11, - DomainLockoutInformation = 12, - DomainModifiedInformation2 = 13, -}} -ENUM!{enum DOMAIN_SERVER_ENABLE_STATE { - DomainServerEnabled = 1, - DomainServerDisabled = 2, -}} -pub type PDOMAIN_SERVER_ENABLE_STATE = *mut DOMAIN_SERVER_ENABLE_STATE; -ENUM!{enum DOMAIN_SERVER_ROLE { - DomainServerRoleBackup = 2, - DomainServerRolePrimary = 3, -}} -pub type PDOMAIN_SERVER_ROLE = *mut DOMAIN_SERVER_ROLE; -STRUCT!{#[repr(packed(4))] struct DOMAIN_GENERAL_INFORMATION { - ForceLogoff: LARGE_INTEGER, - OemInformation: UNICODE_STRING, - DomainName: UNICODE_STRING, - ReplicaSourceNodeName: UNICODE_STRING, - DomainModifiedCount: LARGE_INTEGER, - DomainServerState: DOMAIN_SERVER_ENABLE_STATE, - DomainServerRole: DOMAIN_SERVER_ROLE, - UasCompatibilityRequired: BOOLEAN, - UserCount: ULONG, - GroupCount: ULONG, - AliasCount: ULONG, -}} -pub type PDOMAIN_GENERAL_INFORMATION = *mut DOMAIN_GENERAL_INFORMATION; -STRUCT!{#[repr(packed(4))] struct DOMAIN_GENERAL_INFORMATION2 { - I1: DOMAIN_GENERAL_INFORMATION, - LockoutDuration: LARGE_INTEGER, - LockoutObservationWindow: LARGE_INTEGER, - LockoutThreshold: USHORT, -}} -pub type PDOMAIN_GENERAL_INFORMATION2 = *mut DOMAIN_GENERAL_INFORMATION2; -STRUCT!{struct DOMAIN_UAS_INFORMATION { - UasCompatibilityRequired: BOOLEAN, -}} -ENUM!{enum DOMAIN_PASSWORD_CONSTRUCTION { - DomainPasswordSimple = 1, - DomainPasswordComplex = 2, -}} -STRUCT!{struct DOMAIN_LOGOFF_INFORMATION { - ForceLogoff: LARGE_INTEGER, -}} -pub type PDOMAIN_LOGOFF_INFORMATION = *mut DOMAIN_LOGOFF_INFORMATION; -STRUCT!{struct DOMAIN_OEM_INFORMATION { - OemInformation: UNICODE_STRING, -}} -pub type PDOMAIN_OEM_INFORMATION = *mut DOMAIN_OEM_INFORMATION; -STRUCT!{struct DOMAIN_NAME_INFORMATION { - DomainName: UNICODE_STRING, -}} -pub type PDOMAIN_NAME_INFORMATION = *mut DOMAIN_NAME_INFORMATION; -STRUCT!{struct DOMAIN_SERVER_ROLE_INFORMATION { - DomainServerRole: DOMAIN_SERVER_ROLE, -}} -pub type PDOMAIN_SERVER_ROLE_INFORMATION = *mut DOMAIN_SERVER_ROLE_INFORMATION; -STRUCT!{struct DOMAIN_REPLICATION_INFORMATION { - ReplicaSourceNodeName: UNICODE_STRING, -}} -pub type PDOMAIN_REPLICATION_INFORMATION = *mut DOMAIN_REPLICATION_INFORMATION; -STRUCT!{struct DOMAIN_MODIFIED_INFORMATION { - DomainModifiedCount: LARGE_INTEGER, - CreationTime: LARGE_INTEGER, -}} -pub type PDOMAIN_MODIFIED_INFORMATION = *mut DOMAIN_MODIFIED_INFORMATION; -STRUCT!{struct DOMAIN_MODIFIED_INFORMATION2 { - DomainModifiedCount: LARGE_INTEGER, - CreationTime: LARGE_INTEGER, - ModifiedCountAtLastPromotion: LARGE_INTEGER, -}} -pub type PDOMAIN_MODIFIED_INFORMATION2 = *mut DOMAIN_MODIFIED_INFORMATION2; -STRUCT!{struct DOMAIN_STATE_INFORMATION { - DomainServerState: DOMAIN_SERVER_ENABLE_STATE, -}} -pub type PDOMAIN_STATE_INFORMATION = *mut DOMAIN_STATE_INFORMATION; -STRUCT!{struct DOMAIN_LOCKOUT_INFORMATION { - LockoutDuration: LARGE_INTEGER, - LockoutObservationWindow: LARGE_INTEGER, - LockoutThreshold: USHORT, -}} -pub type PDOMAIN_LOCKOUT_INFORMATION = *mut DOMAIN_LOCKOUT_INFORMATION; -ENUM!{enum DOMAIN_DISPLAY_INFORMATION { - DomainDisplayUser = 1, - DomainDisplayMachine = 2, - DomainDisplayGroup = 3, - DomainDisplayOemUser = 4, - DomainDisplayOemGroup = 5, - DomainDisplayServer = 6, -}} -pub type PDOMAIN_DISPLAY_INFORMATION = *mut DOMAIN_DISPLAY_INFORMATION; -STRUCT!{struct DOMAIN_DISPLAY_USER { - Index: ULONG, - Rid: ULONG, - AccountControl: ULONG, - LogonName: UNICODE_STRING, - AdminComment: UNICODE_STRING, - FullName: UNICODE_STRING, -}} -pub type PDOMAIN_DISPLAY_USER = *mut DOMAIN_DISPLAY_USER; -STRUCT!{struct DOMAIN_DISPLAY_MACHINE { - Index: ULONG, - Rid: ULONG, - AccountControl: ULONG, - Machine: UNICODE_STRING, - Comment: UNICODE_STRING, -}} -pub type PDOMAIN_DISPLAY_MACHINE = *mut DOMAIN_DISPLAY_MACHINE; -STRUCT!{struct DOMAIN_DISPLAY_GROUP { - Index: ULONG, - Rid: ULONG, - Attributes: ULONG, - Group: UNICODE_STRING, - Comment: UNICODE_STRING, -}} -pub type PDOMAIN_DISPLAY_GROUP = *mut DOMAIN_DISPLAY_GROUP; -STRUCT!{struct DOMAIN_DISPLAY_OEM_USER { - Index: ULONG, - User: OEM_STRING, -}} -pub type PDOMAIN_DISPLAY_OEM_USER = *mut DOMAIN_DISPLAY_OEM_USER; -STRUCT!{struct DOMAIN_DISPLAY_OEM_GROUP { - Index: ULONG, - Group: OEM_STRING, -}} -pub type PDOMAIN_DISPLAY_OEM_GROUP = *mut DOMAIN_DISPLAY_OEM_GROUP; -ENUM!{enum DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION { - DomainLocalizableAccountsBasic = 1, -}} -pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION = *mut DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION; -STRUCT!{struct DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY { - Rid: ULONG, - Use: SID_NAME_USE, - Name: UNICODE_STRING, - AdminComment: UNICODE_STRING, -}} -pub type PDOMAIN_LOCALIZABLE_ACCOUNT_ENTRY = *mut DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY; -STRUCT!{struct DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC { - Count: ULONG, - Entries: *mut DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY, -}} -pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_BASIC = *mut DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC; -UNION!{union DOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER { - Basic: DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC, -}} -pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER = *mut DOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER; -EXTERN!{extern "system" { - fn SamLookupDomainInSamServer( - ServerHandle: SAM_HANDLE, - Name: PUNICODE_STRING, - DomainId: *mut PSID, - ) -> NTSTATUS; - fn SamEnumerateDomainsInSamServer( - ServerHandle: SAM_HANDLE, - EnumerationContext: PSAM_ENUMERATE_HANDLE, - Buffer: *mut PVOID, - PreferedMaximumLength: ULONG, - CountReturned: PULONG, - ) -> NTSTATUS; - fn SamOpenDomain( - ServerHandle: SAM_HANDLE, - DesiredAccess: ACCESS_MASK, - DomainId: PSID, - DomainHandle: PSAM_HANDLE, - ) -> NTSTATUS; - fn SamQueryInformationDomain( - DomainHandle: SAM_HANDLE, - DomainInformationClass: DOMAIN_INFORMATION_CLASS, - Buffer: *mut PVOID, - ) -> NTSTATUS; - fn SamSetInformationDomain( - DomainHandle: SAM_HANDLE, - DomainInformationClass: DOMAIN_INFORMATION_CLASS, - DomainInformation: PVOID, - ) -> NTSTATUS; - fn SamLookupNamesInDomain( - DomainHandle: SAM_HANDLE, - Count: ULONG, - Names: PUNICODE_STRING, - RelativeIds: *mut PULONG, - Use: *mut PSID_NAME_USE, - ) -> NTSTATUS; - fn SamLookupIdsInDomain( - DomainHandle: SAM_HANDLE, - Count: ULONG, - RelativeIds: PULONG, - Names: *mut PUNICODE_STRING, - Use: *mut PSID_NAME_USE, - ) -> NTSTATUS; - fn SamRemoveMemberFromForeignDomain( - DomainHandle: SAM_HANDLE, - MemberId: PSID, - ) -> NTSTATUS; - fn SamQueryLocalizableAccountsInDomain( - Domain: SAM_HANDLE, - Flags: ULONG, - LanguageId: ULONG, - Class: DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION, - Buffer: *mut PVOID, - ) -> NTSTATUS; -}} -pub const GROUP_READ_INFORMATION: ACCESS_MASK = 0x0001; -pub const GROUP_WRITE_ACCOUNT: ACCESS_MASK = 0x0002; -pub const GROUP_ADD_MEMBER: ACCESS_MASK = 0x0004; -pub const GROUP_REMOVE_MEMBER: ACCESS_MASK = 0x0008; -pub const GROUP_LIST_MEMBERS: ACCESS_MASK = 0x0010; -pub const GROUP_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | GROUP_LIST_MEMBERS - | GROUP_WRITE_ACCOUNT | GROUP_ADD_MEMBER | GROUP_REMOVE_MEMBER | GROUP_READ_INFORMATION; -pub const GROUP_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | GROUP_LIST_MEMBERS; -pub const GROUP_WRITE: ACCESS_MASK = - STANDARD_RIGHTS_WRITE | GROUP_WRITE_ACCOUNT | GROUP_ADD_MEMBER | GROUP_REMOVE_MEMBER; -pub const GROUP_EXECUTE: ACCESS_MASK = STANDARD_RIGHTS_EXECUTE | GROUP_READ_INFORMATION; -STRUCT!{struct GROUP_MEMBERSHIP { - RelativeId: ULONG, - Attributes: ULONG, -}} -pub type PGROUP_MEMBERSHIP = *mut GROUP_MEMBERSHIP; -ENUM!{enum GROUP_INFORMATION_CLASS { - GroupGeneralInformation = 1, - GroupNameInformation = 2, - GroupAttributeInformation = 3, - GroupAdminCommentInformation = 4, - GroupReplicationInformation = 5, -}} -STRUCT!{struct GROUP_GENERAL_INFORMATION { - Name: UNICODE_STRING, - Attributes: ULONG, - MemberCount: ULONG, - AdminComment: UNICODE_STRING, -}} -pub type PGROUP_GENERAL_INFORMATION = *mut GROUP_GENERAL_INFORMATION; -STRUCT!{struct GROUP_NAME_INFORMATION { - Name: UNICODE_STRING, -}} -pub type PGROUP_NAME_INFORMATION = *mut GROUP_NAME_INFORMATION; -STRUCT!{struct GROUP_ATTRIBUTE_INFORMATION { - Attributes: ULONG, -}} -pub type PGROUP_ATTRIBUTE_INFORMATION = *mut GROUP_ATTRIBUTE_INFORMATION; -STRUCT!{struct GROUP_ADM_COMMENT_INFORMATION { - AdminComment: UNICODE_STRING, -}} -pub type PGROUP_ADM_COMMENT_INFORMATION = *mut GROUP_ADM_COMMENT_INFORMATION; -EXTERN!{extern "system" { - fn SamEnumerateGroupsInDomain( - DomainHandle: SAM_HANDLE, - EnumerationContext: PSAM_ENUMERATE_HANDLE, - Buffer: *mut PVOID, - PreferedMaximumLength: ULONG, - CountReturned: PULONG, - ) -> NTSTATUS; - fn SamCreateGroupInDomain( - DomainHandle: SAM_HANDLE, - AccountName: PUNICODE_STRING, - DesiredAccess: ACCESS_MASK, - GroupHandle: PSAM_HANDLE, - RelativeId: PULONG, - ) -> NTSTATUS; - fn SamOpenGroup( - DomainHandle: SAM_HANDLE, - DesiredAccess: ACCESS_MASK, - GroupId: ULONG, - GroupHandle: PSAM_HANDLE, - ) -> NTSTATUS; - fn SamDeleteGroup( - GroupHandle: SAM_HANDLE, - ) -> NTSTATUS; - fn SamQueryInformationGroup( - GroupHandle: SAM_HANDLE, - GroupInformationClass: GROUP_INFORMATION_CLASS, - Buffer: *mut PVOID, - ) -> NTSTATUS; - fn SamSetInformationGroup( - GroupHandle: SAM_HANDLE, - GroupInformationClass: GROUP_INFORMATION_CLASS, - Buffer: PVOID, - ) -> NTSTATUS; - fn SamAddMemberToGroup( - GroupHandle: SAM_HANDLE, - MemberId: ULONG, - Attributes: ULONG, - ) -> NTSTATUS; - fn SamRemoveMemberFromGroup( - GroupHandle: SAM_HANDLE, - MemberId: ULONG, - ) -> NTSTATUS; - fn SamGetMembersInGroup( - GroupHandle: SAM_HANDLE, - MemberIds: *mut PULONG, - Attributes: *mut PULONG, - MemberCount: PULONG, - ) -> NTSTATUS; - fn SamSetMemberAttributesOfGroup( - GroupHandle: SAM_HANDLE, - MemberId: ULONG, - Attributes: ULONG, - ) -> NTSTATUS; -}} -pub const ALIAS_ADD_MEMBER: ACCESS_MASK = 0x0001; -pub const ALIAS_REMOVE_MEMBER: ACCESS_MASK = 0x0002; -pub const ALIAS_LIST_MEMBERS: ACCESS_MASK = 0x0004; -pub const ALIAS_READ_INFORMATION: ACCESS_MASK = 0x0008; -pub const ALIAS_WRITE_ACCOUNT: ACCESS_MASK = 0x0010; -pub const ALIAS_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | ALIAS_READ_INFORMATION - | ALIAS_WRITE_ACCOUNT | ALIAS_LIST_MEMBERS | ALIAS_ADD_MEMBER | ALIAS_REMOVE_MEMBER; -pub const ALIAS_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | ALIAS_LIST_MEMBERS; -pub const ALIAS_WRITE: ACCESS_MASK = - STANDARD_RIGHTS_WRITE | ALIAS_WRITE_ACCOUNT | ALIAS_ADD_MEMBER | ALIAS_REMOVE_MEMBER; -pub const ALIAS_EXECUTE: ACCESS_MASK = STANDARD_RIGHTS_EXECUTE | ALIAS_READ_INFORMATION; -ENUM!{enum ALIAS_INFORMATION_CLASS { - AliasGeneralInformation = 1, - AliasNameInformation = 2, - AliasAdminCommentInformation = 3, - AliasReplicationInformation = 4, - AliasExtendedInformation = 5, -}} -STRUCT!{struct ALIAS_GENERAL_INFORMATION { - Name: UNICODE_STRING, - MemberCount: ULONG, - AdminComment: UNICODE_STRING, -}} -pub type PALIAS_GENERAL_INFORMATION = *mut ALIAS_GENERAL_INFORMATION; -STRUCT!{struct ALIAS_NAME_INFORMATION { - Name: UNICODE_STRING, -}} -pub type PALIAS_NAME_INFORMATION = *mut ALIAS_NAME_INFORMATION; -STRUCT!{struct ALIAS_ADM_COMMENT_INFORMATION { - AdminComment: UNICODE_STRING, -}} -pub type PALIAS_ADM_COMMENT_INFORMATION = *mut ALIAS_ADM_COMMENT_INFORMATION; -pub const ALIAS_ALL_NAME: ULONG = 0x00000001; -pub const ALIAS_ALL_MEMBER_COUNT: ULONG = 0x00000002; -pub const ALIAS_ALL_ADMIN_COMMENT: ULONG = 0x00000004; -pub const ALIAS_ALL_SHELL_ADMIN_OBJECT_PROPERTIES: ULONG = 0x00000008; -STRUCT!{struct ALIAS_EXTENDED_INFORMATION { - WhichFields: ULONG, - ShellAdminObjectProperties: SAM_SHELL_OBJECT_PROPERTIES, -}} -pub type PALIAS_EXTENDED_INFORMATION = *mut ALIAS_EXTENDED_INFORMATION; -EXTERN!{extern "system" { - fn SamEnumerateAliasesInDomain( - DomainHandle: SAM_HANDLE, - EnumerationContext: PSAM_ENUMERATE_HANDLE, - Buffer: *mut PVOID, - PreferedMaximumLength: ULONG, - CountReturned: PULONG, - ) -> NTSTATUS; - fn SamCreateAliasInDomain( - DomainHandle: SAM_HANDLE, - AccountName: PUNICODE_STRING, - DesiredAccess: ACCESS_MASK, - AliasHandle: PSAM_HANDLE, - RelativeId: PULONG, - ) -> NTSTATUS; - fn SamOpenAlias( - DomainHandle: SAM_HANDLE, - DesiredAccess: ACCESS_MASK, - AliasId: ULONG, - AliasHandle: PSAM_HANDLE, - ) -> NTSTATUS; - fn SamDeleteAlias( - AliasHandle: SAM_HANDLE, - ) -> NTSTATUS; - fn SamQueryInformationAlias( - AliasHandle: SAM_HANDLE, - AliasInformationClass: ALIAS_INFORMATION_CLASS, - Buffer: *mut PVOID, - ) -> NTSTATUS; - fn SamSetInformationAlias( - AliasHandle: SAM_HANDLE, - AliasInformationClass: ALIAS_INFORMATION_CLASS, - Buffer: PVOID, - ) -> NTSTATUS; - fn SamAddMemberToAlias( - AliasHandle: SAM_HANDLE, - MemberId: PSID, - ) -> NTSTATUS; - fn SamAddMultipleMembersToAlias( - AliasHandle: SAM_HANDLE, - MemberIds: *mut PSID, - MemberCount: ULONG, - ) -> NTSTATUS; - fn SamRemoveMemberFromAlias( - AliasHandle: SAM_HANDLE, - MemberId: PSID, - ) -> NTSTATUS; - fn SamRemoveMultipleMembersFromAlias( - AliasHandle: SAM_HANDLE, - MemberIds: *mut PSID, - MemberCount: ULONG, - ) -> NTSTATUS; - fn SamGetMembersInAlias( - AliasHandle: SAM_HANDLE, - MemberIds: *mut *mut PSID, - MemberCount: PULONG, - ) -> NTSTATUS; - fn SamGetAliasMembership( - DomainHandle: SAM_HANDLE, - PassedCount: ULONG, - Sids: *mut PSID, - MembershipCount: PULONG, - Aliases: *mut PULONG, - ) -> NTSTATUS; -}} -pub const GROUP_TYPE_BUILTIN_LOCAL_GROUP: u32 = 0x00000001; -pub const GROUP_TYPE_ACCOUNT_GROUP: u32 = 0x00000002; -pub const GROUP_TYPE_RESOURCE_GROUP: u32 = 0x00000004; -pub const GROUP_TYPE_UNIVERSAL_GROUP: u32 = 0x00000008; -pub const GROUP_TYPE_APP_BASIC_GROUP: u32 = 0x00000010; -pub const GROUP_TYPE_APP_QUERY_GROUP: u32 = 0x00000020; -pub const GROUP_TYPE_SECURITY_ENABLED: u32 = 0x80000000; -pub const GROUP_TYPE_RESOURCE_BEHAVOIR: u32 = - GROUP_TYPE_RESOURCE_GROUP | GROUP_TYPE_APP_BASIC_GROUP | GROUP_TYPE_APP_QUERY_GROUP; -pub const USER_READ_GENERAL: DWORD = 0x0001; -pub const USER_READ_PREFERENCES: DWORD = 0x0002; -pub const USER_WRITE_PREFERENCES: DWORD = 0x0004; -pub const USER_READ_LOGON: DWORD = 0x0008; -pub const USER_READ_ACCOUNT: DWORD = 0x0010; -pub const USER_WRITE_ACCOUNT: DWORD = 0x0020; -pub const USER_CHANGE_PASSWORD: DWORD = 0x0040; -pub const USER_FORCE_PASSWORD_CHANGE: DWORD = 0x0080; -pub const USER_LIST_GROUPS: DWORD = 0x0100; -pub const USER_READ_GROUP_INFORMATION: DWORD = 0x0200; -pub const USER_WRITE_GROUP_INFORMATION: DWORD = 0x0400; -pub const USER_ALL_ACCESS: DWORD = STANDARD_RIGHTS_REQUIRED | USER_READ_PREFERENCES - | USER_READ_LOGON | USER_LIST_GROUPS | USER_READ_GROUP_INFORMATION | USER_WRITE_PREFERENCES - | USER_CHANGE_PASSWORD | USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL | USER_READ_ACCOUNT - | USER_WRITE_ACCOUNT | USER_WRITE_GROUP_INFORMATION; -pub const USER_READ: DWORD = STANDARD_RIGHTS_READ | USER_READ_PREFERENCES | USER_READ_LOGON - | USER_READ_ACCOUNT | USER_LIST_GROUPS | USER_READ_GROUP_INFORMATION; -pub const USER_WRITE: DWORD = - STANDARD_RIGHTS_WRITE | USER_WRITE_PREFERENCES | USER_CHANGE_PASSWORD; -pub const USER_EXECUTE: DWORD = STANDARD_RIGHTS_EXECUTE | USER_READ_GENERAL | USER_CHANGE_PASSWORD; -ENUM!{enum USER_INFORMATION_CLASS { - UserGeneralInformation = 1, - UserPreferencesInformation = 2, - UserLogonInformation = 3, - UserLogonHoursInformation = 4, - UserAccountInformation = 5, - UserNameInformation = 6, - UserAccountNameInformation = 7, - UserFullNameInformation = 8, - UserPrimaryGroupInformation = 9, - UserHomeInformation = 10, - UserScriptInformation = 11, - UserProfileInformation = 12, - UserAdminCommentInformation = 13, - UserWorkStationsInformation = 14, - UserSetPasswordInformation = 15, - UserControlInformation = 16, - UserExpiresInformation = 17, - UserInternal1Information = 18, - UserInternal2Information = 19, - UserParametersInformation = 20, - UserAllInformation = 21, - UserInternal3Information = 22, - UserInternal4Information = 23, - UserInternal5Information = 24, - UserInternal4InformationNew = 25, - UserInternal5InformationNew = 26, - UserInternal6Information = 27, - UserExtendedInformation = 28, - UserLogonUIInformation = 29, -}} -pub type PUSER_INFORMATION_CLASS = *mut USER_INFORMATION_CLASS; -pub const USER_ALL_USERNAME: ULONG = 0x00000001; -pub const USER_ALL_FULLNAME: ULONG = 0x00000002; -pub const USER_ALL_USERID: ULONG = 0x00000004; -pub const USER_ALL_PRIMARYGROUPID: ULONG = 0x00000008; -pub const USER_ALL_ADMINCOMMENT: ULONG = 0x00000010; -pub const USER_ALL_USERCOMMENT: ULONG = 0x00000020; -pub const USER_ALL_HOMEDIRECTORY: ULONG = 0x00000040; -pub const USER_ALL_HOMEDIRECTORYDRIVE: ULONG = 0x00000080; -pub const USER_ALL_SCRIPTPATH: ULONG = 0x00000100; -pub const USER_ALL_PROFILEPATH: ULONG = 0x00000200; -pub const USER_ALL_WORKSTATIONS: ULONG = 0x00000400; -pub const USER_ALL_LASTLOGON: ULONG = 0x00000800; -pub const USER_ALL_LASTLOGOFF: ULONG = 0x00001000; -pub const USER_ALL_LOGONHOURS: ULONG = 0x00002000; -pub const USER_ALL_BADPASSWORDCOUNT: ULONG = 0x00004000; -pub const USER_ALL_LOGONCOUNT: ULONG = 0x00008000; -pub const USER_ALL_PASSWORDCANCHANGE: ULONG = 0x00010000; -pub const USER_ALL_PASSWORDMUSTCHANGE: ULONG = 0x00020000; -pub const USER_ALL_PASSWORDLASTSET: ULONG = 0x00040000; -pub const USER_ALL_ACCOUNTEXPIRES: ULONG = 0x00080000; -pub const USER_ALL_USERACCOUNTCONTROL: ULONG = 0x00100000; -pub const USER_ALL_PARAMETERS: ULONG = 0x00200000; -pub const USER_ALL_COUNTRYCODE: ULONG = 0x00400000; -pub const USER_ALL_CODEPAGE: ULONG = 0x00800000; -pub const USER_ALL_NTPASSWORDPRESENT: ULONG = 0x01000000; -pub const USER_ALL_LMPASSWORDPRESENT: ULONG = 0x02000000; -pub const USER_ALL_PRIVATEDATA: ULONG = 0x04000000; -pub const USER_ALL_PASSWORDEXPIRED: ULONG = 0x08000000; -pub const USER_ALL_SECURITYDESCRIPTOR: ULONG = 0x10000000; -pub const USER_ALL_OWFPASSWORD: ULONG = 0x20000000; -pub const USER_ALL_UNDEFINED_MASK: ULONG = 0xc0000000; -pub const USER_ALL_READ_GENERAL_MASK: ULONG = USER_ALL_USERNAME | USER_ALL_FULLNAME - | USER_ALL_USERID | USER_ALL_PRIMARYGROUPID | USER_ALL_ADMINCOMMENT | USER_ALL_USERCOMMENT; -pub const USER_ALL_READ_LOGON_MASK: ULONG = USER_ALL_HOMEDIRECTORY | USER_ALL_HOMEDIRECTORYDRIVE - | USER_ALL_SCRIPTPATH | USER_ALL_PROFILEPATH | USER_ALL_WORKSTATIONS | USER_ALL_LASTLOGON - | USER_ALL_LASTLOGOFF | USER_ALL_LOGONHOURS | USER_ALL_BADPASSWORDCOUNT | USER_ALL_LOGONCOUNT - | USER_ALL_PASSWORDCANCHANGE | USER_ALL_PASSWORDMUSTCHANGE; -pub const USER_ALL_READ_ACCOUNT_MASK: ULONG = USER_ALL_PASSWORDLASTSET | USER_ALL_ACCOUNTEXPIRES - | USER_ALL_USERACCOUNTCONTROL | USER_ALL_PARAMETERS; -pub const USER_ALL_READ_PREFERENCES_MASK: ULONG = USER_ALL_COUNTRYCODE | USER_ALL_CODEPAGE; -pub const USER_ALL_READ_TRUSTED_MASK: ULONG = USER_ALL_NTPASSWORDPRESENT - | USER_ALL_LMPASSWORDPRESENT | USER_ALL_PASSWORDEXPIRED | USER_ALL_SECURITYDESCRIPTOR - | USER_ALL_PRIVATEDATA; -pub const USER_ALL_READ_CANT_MASK: ULONG = USER_ALL_UNDEFINED_MASK; -pub const USER_ALL_WRITE_ACCOUNT_MASK: ULONG = USER_ALL_USERNAME | USER_ALL_FULLNAME - | USER_ALL_PRIMARYGROUPID | USER_ALL_HOMEDIRECTORY | USER_ALL_HOMEDIRECTORYDRIVE - | USER_ALL_SCRIPTPATH | USER_ALL_PROFILEPATH | USER_ALL_ADMINCOMMENT | USER_ALL_WORKSTATIONS - | USER_ALL_LOGONHOURS | USER_ALL_ACCOUNTEXPIRES | USER_ALL_USERACCOUNTCONTROL - | USER_ALL_PARAMETERS; -pub const USER_ALL_WRITE_PREFERENCES_MASK: ULONG = - USER_ALL_USERCOMMENT | USER_ALL_COUNTRYCODE | USER_ALL_CODEPAGE; -pub const USER_ALL_WRITE_FORCE_PASSWORD_CHANGE_MASK: ULONG = - USER_ALL_NTPASSWORDPRESENT | USER_ALL_LMPASSWORDPRESENT | USER_ALL_PASSWORDEXPIRED; -pub const USER_ALL_WRITE_TRUSTED_MASK: ULONG = USER_ALL_LASTLOGON | USER_ALL_LASTLOGOFF - | USER_ALL_BADPASSWORDCOUNT | USER_ALL_LOGONCOUNT | USER_ALL_PASSWORDLASTSET - | USER_ALL_SECURITYDESCRIPTOR | USER_ALL_PRIVATEDATA; -pub const USER_ALL_WRITE_CANT_MASK: ULONG = USER_ALL_USERID | USER_ALL_PASSWORDCANCHANGE - | USER_ALL_PASSWORDMUSTCHANGE | USER_ALL_UNDEFINED_MASK; -STRUCT!{struct USER_GENERAL_INFORMATION { - UserName: UNICODE_STRING, - FullName: UNICODE_STRING, - PrimaryGroupId: ULONG, - AdminComment: UNICODE_STRING, - UserComment: UNICODE_STRING, -}} -pub type PUSER_GENERAL_INFORMATION = *mut USER_GENERAL_INFORMATION; -STRUCT!{struct USER_PREFERENCES_INFORMATION { - UserComment: UNICODE_STRING, - Reserved1: UNICODE_STRING, - CountryCode: USHORT, - CodePage: USHORT, -}} -pub type PUSER_PREFERENCES_INFORMATION = *mut USER_PREFERENCES_INFORMATION; -STRUCT!{struct USER_PARAMETERS_INFORMATION { - Parameters: UNICODE_STRING, -}} -pub type PUSER_PARAMETERS_INFORMATION = *mut USER_PARAMETERS_INFORMATION; -STRUCT!{#[repr(packed(4))] struct USER_LOGON_INFORMATION { - UserName: UNICODE_STRING, - FullName: UNICODE_STRING, - UserId: ULONG, - PrimaryGroupId: ULONG, - HomeDirectory: UNICODE_STRING, - HomeDirectoryDrive: UNICODE_STRING, - ScriptPath: UNICODE_STRING, - ProfilePath: UNICODE_STRING, - WorkStations: UNICODE_STRING, - LastLogon: LARGE_INTEGER, - LastLogoff: LARGE_INTEGER, - PasswordLastSet: LARGE_INTEGER, - PasswordCanChange: LARGE_INTEGER, - PasswordMustChange: LARGE_INTEGER, - LogonHours: LOGON_HOURS, - BadPasswordCount: USHORT, - LogonCount: USHORT, - UserAccountControl: ULONG, -}} -pub type PUSER_LOGON_INFORMATION = *mut USER_LOGON_INFORMATION; -STRUCT!{#[repr(packed(4))] struct USER_ACCOUNT_INFORMATION { - UserName: UNICODE_STRING, - FullName: UNICODE_STRING, - UserId: ULONG, - PrimaryGroupId: ULONG, - HomeDirectory: UNICODE_STRING, - HomeDirectoryDrive: UNICODE_STRING, - ScriptPath: UNICODE_STRING, - ProfilePath: UNICODE_STRING, - AdminComment: UNICODE_STRING, - WorkStations: UNICODE_STRING, - LastLogon: LARGE_INTEGER, - LastLogoff: LARGE_INTEGER, - LogonHours: LOGON_HOURS, - BadPasswordCount: USHORT, - LogonCount: USHORT, - PasswordLastSet: LARGE_INTEGER, - AccountExpires: LARGE_INTEGER, - UserAccountControl: ULONG, -}} -pub type PUSER_ACCOUNT_INFORMATION = *mut USER_ACCOUNT_INFORMATION; -STRUCT!{struct USER_ACCOUNT_NAME_INFORMATION { - UserName: UNICODE_STRING, -}} -pub type PUSER_ACCOUNT_NAME_INFORMATION = *mut USER_ACCOUNT_NAME_INFORMATION; -STRUCT!{struct USER_FULL_NAME_INFORMATION { - FullName: UNICODE_STRING, -}} -pub type PUSER_FULL_NAME_INFORMATION = *mut USER_FULL_NAME_INFORMATION; -STRUCT!{struct USER_NAME_INFORMATION { - UserName: UNICODE_STRING, - FullName: UNICODE_STRING, -}} -pub type PUSER_NAME_INFORMATION = *mut USER_NAME_INFORMATION; -STRUCT!{struct USER_PRIMARY_GROUP_INFORMATION { - PrimaryGroupId: ULONG, -}} -pub type PUSER_PRIMARY_GROUP_INFORMATION = *mut USER_PRIMARY_GROUP_INFORMATION; -STRUCT!{struct USER_HOME_INFORMATION { - HomeDirectory: UNICODE_STRING, - HomeDirectoryDrive: UNICODE_STRING, -}} -pub type PUSER_HOME_INFORMATION = *mut USER_HOME_INFORMATION; -STRUCT!{struct USER_SCRIPT_INFORMATION { - ScriptPath: UNICODE_STRING, -}} -pub type PUSER_SCRIPT_INFORMATION = *mut USER_SCRIPT_INFORMATION; -STRUCT!{struct USER_PROFILE_INFORMATION { - ProfilePath: UNICODE_STRING, -}} -pub type PUSER_PROFILE_INFORMATION = *mut USER_PROFILE_INFORMATION; -STRUCT!{struct USER_ADMIN_COMMENT_INFORMATION { - AdminComment: UNICODE_STRING, -}} -pub type PUSER_ADMIN_COMMENT_INFORMATION = *mut USER_ADMIN_COMMENT_INFORMATION; -STRUCT!{struct USER_WORKSTATIONS_INFORMATION { - WorkStations: UNICODE_STRING, -}} -pub type PUSER_WORKSTATIONS_INFORMATION = *mut USER_WORKSTATIONS_INFORMATION; -STRUCT!{struct USER_SET_PASSWORD_INFORMATION { - Password: UNICODE_STRING, - PasswordExpired: BOOLEAN, -}} -pub type PUSER_SET_PASSWORD_INFORMATION = *mut USER_SET_PASSWORD_INFORMATION; -STRUCT!{struct USER_CONTROL_INFORMATION { - UserAccountControl: ULONG, -}} -pub type PUSER_CONTROL_INFORMATION = *mut USER_CONTROL_INFORMATION; -STRUCT!{struct USER_EXPIRES_INFORMATION { - AccountExpires: LARGE_INTEGER, -}} -pub type PUSER_EXPIRES_INFORMATION = *mut USER_EXPIRES_INFORMATION; -STRUCT!{struct USER_LOGON_HOURS_INFORMATION { - LogonHours: LOGON_HOURS, -}} -pub type PUSER_LOGON_HOURS_INFORMATION = *mut USER_LOGON_HOURS_INFORMATION; -pub type SAM_USER_TILE = SAM_BYTE_ARRAY_32K; -pub type PSAM_USER_TILE = *mut SAM_BYTE_ARRAY_32K; -pub const USER_EXTENDED_FIELD_USER_TILE: ULONG = 0x00001000; -pub const USER_EXTENDED_FIELD_PASSWORD_HINT: ULONG = 0x00002000; -pub const USER_EXTENDED_FIELD_DONT_SHOW_IN_LOGON_UI: ULONG = 0x00004000; -pub const USER_EXTENDED_FIELD_SHELL_ADMIN_OBJECT_PROPERTIES: ULONG = 0x00008000; -STRUCT!{struct USER_EXTENDED_INFORMATION { - ExtendedWhichFields: ULONG, - UserTile: SAM_USER_TILE, - PasswordHint: UNICODE_STRING, - DontShowInLogonUI: BOOLEAN, - ShellAdminObjectProperties: SAM_SHELL_OBJECT_PROPERTIES, -}} -pub type PUSER_EXTENDED_INFORMATION = *mut USER_EXTENDED_INFORMATION; -STRUCT!{struct USER_LOGON_UI_INFORMATION { - PasswordIsBlank: BOOLEAN, - AccountIsDisabled: BOOLEAN, -}} -pub type PUSER_LOGON_UI_INFORMATION = *mut USER_LOGON_UI_INFORMATION; -STRUCT!{struct USER_PWD_CHANGE_FAILURE_INFORMATION { - ExtendedFailureReason: ULONG, - FilterModuleName: UNICODE_STRING, -}} -pub type PUSER_PWD_CHANGE_FAILURE_INFORMATION = *mut USER_PWD_CHANGE_FAILURE_INFORMATION; -pub const SAM_PWD_CHANGE_NO_ERROR: u32 = 0; -pub const SAM_PWD_CHANGE_PASSWORD_TOO_SHORT: u32 = 1; -pub const SAM_PWD_CHANGE_PWD_IN_HISTORY: u32 = 2; -pub const SAM_PWD_CHANGE_USERNAME_IN_PASSWORD: u32 = 3; -pub const SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD: u32 = 4; -pub const SAM_PWD_CHANGE_NOT_COMPLEX: u32 = 5; -pub const SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT: u32 = 6; -pub const SAM_PWD_CHANGE_FAILED_BY_FILTER: u32 = 7; -pub const SAM_PWD_CHANGE_PASSWORD_TOO_LONG: u32 = 8; -pub const SAM_PWD_CHANGE_FAILURE_REASON_MAX: u32 = 8; -EXTERN!{extern "system" { - fn SamEnumerateUsersInDomain( - DomainHandle: SAM_HANDLE, - EnumerationContext: PSAM_ENUMERATE_HANDLE, - UserAccountControl: ULONG, - Buffer: *mut PVOID, - PreferedMaximumLength: ULONG, - CountReturned: PULONG, - ) -> NTSTATUS; - fn SamCreateUserInDomain( - DomainHandle: SAM_HANDLE, - AccountName: PUNICODE_STRING, - DesiredAccess: ACCESS_MASK, - UserHandle: PSAM_HANDLE, - RelativeId: PULONG, - ) -> NTSTATUS; - fn SamCreateUser2InDomain( - DomainHandle: SAM_HANDLE, - AccountName: PUNICODE_STRING, - AccountType: ULONG, - DesiredAccess: ACCESS_MASK, - UserHandle: PSAM_HANDLE, - GrantedAccess: PULONG, - RelativeId: PULONG, - ) -> NTSTATUS; - fn SamOpenUser( - DomainHandle: SAM_HANDLE, - DesiredAccess: ACCESS_MASK, - UserId: ULONG, - UserHandle: PSAM_HANDLE, - ) -> NTSTATUS; - fn SamDeleteUser( - UserHandle: SAM_HANDLE, - ) -> NTSTATUS; - fn SamQueryInformationUser( - UserHandle: SAM_HANDLE, - UserInformationClass: USER_INFORMATION_CLASS, - Buffer: *mut PVOID, - ) -> NTSTATUS; - fn SamSetInformationUser( - UserHandle: SAM_HANDLE, - UserInformationClass: USER_INFORMATION_CLASS, - Buffer: PVOID, - ) -> NTSTATUS; - fn SamGetGroupsForUser( - UserHandle: SAM_HANDLE, - Groups: *mut PGROUP_MEMBERSHIP, - MembershipCount: PULONG, - ) -> NTSTATUS; - fn SamChangePasswordUser( - UserHandle: SAM_HANDLE, - OldPassword: PUNICODE_STRING, - NewPassword: PUNICODE_STRING, - ) -> NTSTATUS; - fn SamChangePasswordUser2( - ServerName: PUNICODE_STRING, - UserName: PUNICODE_STRING, - OldPassword: PUNICODE_STRING, - NewPassword: PUNICODE_STRING, - ) -> NTSTATUS; - fn SamChangePasswordUser3( - ServerName: PUNICODE_STRING, - UserName: PUNICODE_STRING, - OldPassword: PUNICODE_STRING, - NewPassword: PUNICODE_STRING, - EffectivePasswordPolicy: *mut PDOMAIN_PASSWORD_INFORMATION, - PasswordChangeFailureInfo: *mut PUSER_PWD_CHANGE_FAILURE_INFORMATION, - ) -> NTSTATUS; - fn SamQueryDisplayInformation( - DomainHandle: SAM_HANDLE, - DisplayInformation: DOMAIN_DISPLAY_INFORMATION, - Index: ULONG, - EntryCount: ULONG, - PreferredMaximumLength: ULONG, - TotalAvailable: PULONG, - TotalReturned: PULONG, - ReturnedEntryCount: PULONG, - SortedBuffer: *mut PVOID, - ) -> NTSTATUS; - fn SamGetDisplayEnumerationIndex( - DomainHandle: SAM_HANDLE, - DisplayInformation: DOMAIN_DISPLAY_INFORMATION, - Prefix: PUNICODE_STRING, - Index: PULONG, - ) -> NTSTATUS; -}} -ENUM!{enum SECURITY_DB_DELTA_TYPE { - SecurityDbNew = 1, - SecurityDbRename = 2, - SecurityDbDelete = 3, - SecurityDbChangeMemberAdd = 4, - SecurityDbChangeMemberSet = 5, - SecurityDbChangeMemberDel = 6, - SecurityDbChange = 7, - SecurityDbChangePassword = 8, -}} -pub type PSECURITY_DB_DELTA_TYPE = *mut SECURITY_DB_DELTA_TYPE; -ENUM!{enum SECURITY_DB_OBJECT_TYPE { - SecurityDbObjectSamDomain = 1, - SecurityDbObjectSamUser = 2, - SecurityDbObjectSamGroup = 3, - SecurityDbObjectSamAlias = 4, - SecurityDbObjectLsaPolicy = 5, - SecurityDbObjectLsaTDomain = 6, - SecurityDbObjectLsaAccount = 7, - SecurityDbObjectLsaSecret = 8, -}} -pub type PSECURITY_DB_OBJECT_TYPE = *mut SECURITY_DB_OBJECT_TYPE; -ENUM!{enum SAM_ACCOUNT_TYPE { - SamObjectUser = 1, - SamObjectGroup = 2, - SamObjectAlias = 3, -}} -pub type PSAM_ACCOUNT_TYPE = *mut SAM_ACCOUNT_TYPE; -pub const SAM_USER_ACCOUNT: u32 = 0x00000001; -pub const SAM_GLOBAL_GROUP_ACCOUNT: u32 = 0x00000002; -pub const SAM_LOCAL_GROUP_ACCOUNT: u32 = 0x00000004; -STRUCT!{struct SAM_GROUP_MEMBER_ID { - MemberRid: ULONG, -}} -pub type PSAM_GROUP_MEMBER_ID = *mut SAM_GROUP_MEMBER_ID; -STRUCT!{struct SAM_ALIAS_MEMBER_ID { - MemberSid: PSID, -}} -pub type PSAM_ALIAS_MEMBER_ID = *mut SAM_ALIAS_MEMBER_ID; -UNION!{union SAM_DELTA_DATA { - GroupMemberId: SAM_GROUP_MEMBER_ID, - AliasMemberId: SAM_ALIAS_MEMBER_ID, - AccountControl: ULONG, -}} -pub type PSAM_DELTA_DATA = *mut SAM_DELTA_DATA; -FN!{stdcall PSAM_DELTA_NOTIFICATION_ROUTINE( - DomainSid: PSID, - DeltaType: SECURITY_DB_DELTA_TYPE, - ObjectType: SECURITY_DB_OBJECT_TYPE, - ObjectRid: ULONG, - ObjectName: PUNICODE_STRING, - ModifiedCount: PLARGE_INTEGER, - DeltaData: PSAM_DELTA_DATA, -) -> NTSTATUS} -pub const SAM_DELTA_NOTIFY_ROUTINE: UTF8Const = UTF8Const("DeltaNotify\0"); -EXTERN!{extern "system" { - fn SamRegisterObjectChangeNotification( - ObjectType: SECURITY_DB_OBJECT_TYPE, - NotificationEventHandle: HANDLE, - ) -> NTSTATUS; - fn SamUnregisterObjectChangeNotification( - ObjectType: SECURITY_DB_OBJECT_TYPE, - NotificationEventHandle: HANDLE, - ) -> NTSTATUS; -}} -pub const SAM_SID_COMPATIBILITY_ALL: u32 = 0; -pub const SAM_SID_COMPATIBILITY_LAX: u32 = 1; -pub const SAM_SID_COMPATIBILITY_STRICT: u32 = 2; -EXTERN!{extern "system" { - fn SamGetCompatibilityMode( - ObjectHandle: SAM_HANDLE, - Mode: *mut ULONG, - ) -> NTSTATUS; -}} -ENUM!{enum PASSWORD_POLICY_VALIDATION_TYPE { - SamValidateAuthentication = 1, - SamValidatePasswordChange = 2, - SamValidatePasswordReset = 3, -}} -STRUCT!{struct SAM_VALIDATE_PASSWORD_HASH { - Length: ULONG, - Hash: PUCHAR, -}} -pub type PSAM_VALIDATE_PASSWORD_HASH = *mut SAM_VALIDATE_PASSWORD_HASH; -pub const SAM_VALIDATE_PASSWORD_LAST_SET: u32 = 0x00000001; -pub const SAM_VALIDATE_BAD_PASSWORD_TIME: u32 = 0x00000002; -pub const SAM_VALIDATE_LOCKOUT_TIME: u32 = 0x00000004; -pub const SAM_VALIDATE_BAD_PASSWORD_COUNT: u32 = 0x00000008; -pub const SAM_VALIDATE_PASSWORD_HISTORY_LENGTH: u32 = 0x00000010; -pub const SAM_VALIDATE_PASSWORD_HISTORY: u32 = 0x00000020; -STRUCT!{struct SAM_VALIDATE_PERSISTED_FIELDS { - PresentFields: ULONG, - PasswordLastSet: LARGE_INTEGER, - BadPasswordTime: LARGE_INTEGER, - LockoutTime: LARGE_INTEGER, - BadPasswordCount: ULONG, - PasswordHistoryLength: ULONG, - PasswordHistory: PSAM_VALIDATE_PASSWORD_HASH, -}} -pub type PSAM_VALIDATE_PERSISTED_FIELDS = *mut SAM_VALIDATE_PERSISTED_FIELDS; -ENUM!{enum SAM_VALIDATE_VALIDATION_STATUS { - SamValidateSuccess = 0, - SamValidatePasswordMustChange = 1, - SamValidateAccountLockedOut = 2, - SamValidatePasswordExpired = 3, - SamValidatePasswordIncorrect = 4, - SamValidatePasswordIsInHistory = 5, - SamValidatePasswordTooShort = 6, - SamValidatePasswordTooLong = 7, - SamValidatePasswordNotComplexEnough = 8, - SamValidatePasswordTooRecent = 9, - SamValidatePasswordFilterError = 10, -}} -pub type PSAM_VALIDATE_VALIDATION_STATUS = *mut SAM_VALIDATE_VALIDATION_STATUS; -STRUCT!{struct SAM_VALIDATE_STANDARD_OUTPUT_ARG { - ChangedPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, - ValidationStatus: SAM_VALIDATE_VALIDATION_STATUS, -}} -pub type PSAM_VALIDATE_STANDARD_OUTPUT_ARG = *mut SAM_VALIDATE_STANDARD_OUTPUT_ARG; -STRUCT!{struct SAM_VALIDATE_AUTHENTICATION_INPUT_ARG { - InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, - PasswordMatched: BOOLEAN, -}} -pub type PSAM_VALIDATE_AUTHENTICATION_INPUT_ARG = *mut SAM_VALIDATE_AUTHENTICATION_INPUT_ARG; -STRUCT!{struct SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG { - InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, - ClearPassword: UNICODE_STRING, - UserAccountName: UNICODE_STRING, - HashedPassword: SAM_VALIDATE_PASSWORD_HASH, - PasswordMatch: BOOLEAN, -}} -pub type PSAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG = *mut SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG; -STRUCT!{struct SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG { - InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, - ClearPassword: UNICODE_STRING, - UserAccountName: UNICODE_STRING, - HashedPassword: SAM_VALIDATE_PASSWORD_HASH, - PasswordMustChangeAtNextLogon: BOOLEAN, - ClearLockout: BOOLEAN, -}} -pub type PSAM_VALIDATE_PASSWORD_RESET_INPUT_ARG = *mut SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG; -UNION!{union SAM_VALIDATE_INPUT_ARG { - ValidateAuthenticationInput: SAM_VALIDATE_AUTHENTICATION_INPUT_ARG, - ValidatePasswordChangeInput: SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG, - ValidatePasswordResetInput: SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG, -}} -pub type PSAM_VALIDATE_INPUT_ARG = *mut SAM_VALIDATE_INPUT_ARG; -UNION!{union SAM_VALIDATE_OUTPUT_ARG { - ValidateAuthenticationOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG, - ValidatePasswordChangeOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG, - ValidatePasswordResetOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG, -}} -pub type PSAM_VALIDATE_OUTPUT_ARG = *mut SAM_VALIDATE_OUTPUT_ARG; -EXTERN!{extern "system" { - fn SamValidatePassword( - ServerName: PUNICODE_STRING, - ValidationType: PASSWORD_POLICY_VALIDATION_TYPE, - InputArg: PSAM_VALIDATE_INPUT_ARG, - OutputArg: *mut PSAM_VALIDATE_OUTPUT_ARG, - ) -> NTSTATUS; -}} -ENUM!{enum SAM_GENERIC_OPERATION_TYPE { - SamObjectChangeNotificationOperation = 0, -}} -pub type PSAM_GENERIC_OPERATION_TYPE = *mut SAM_GENERIC_OPERATION_TYPE; -STRUCT!{struct SAM_OPERATION_OBJCHG_INPUT { - Register: BOOLEAN, - EventHandle: ULONG64, - ObjectType: SECURITY_DB_OBJECT_TYPE, - ProcessID: ULONG, -}} -pub type PSAM_OPERATION_OBJCHG_INPUT = *mut SAM_OPERATION_OBJCHG_INPUT; -STRUCT!{struct SAM_OPERATION_OBJCHG_OUTPUT { - Reserved: ULONG, -}} -pub type PSAM_OPERATION_OBJCHG_OUTPUT = *mut SAM_OPERATION_OBJCHG_OUTPUT; -UNION!{union SAM_GENERIC_OPERATION_INPUT { - ObjChangeIn: SAM_OPERATION_OBJCHG_INPUT, -}} -pub type PSAM_GENERIC_OPERATION_INPUT = *mut SAM_GENERIC_OPERATION_INPUT; -UNION!{union SAM_GENERIC_OPERATION_OUTPUT { - ObjChangeOut: SAM_OPERATION_OBJCHG_OUTPUT, -}} -pub type PSAM_GENERIC_OPERATION_OUTPUT = *mut SAM_GENERIC_OPERATION_OUTPUT; -EXTERN!{extern "system" { - fn SamPerformGenericOperation( - ServerName: PWSTR, - OperationType: SAM_GENERIC_OPERATION_TYPE, - OperationIn: PSAM_GENERIC_OPERATION_INPUT, - OperationOut: *mut PSAM_GENERIC_OPERATION_OUTPUT, - ) -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/ntseapi.rs b/vendor/ntapi/src/ntseapi.rs deleted file mode 100644 index 4cac9f4f8..000000000 --- a/vendor/ntapi/src/ntseapi.rs +++ /dev/null @@ -1,439 +0,0 @@ -use winapi::shared::basetsd::{PLONG64, PULONG64, ULONG64}; -use winapi::shared::ntdef::{ - BOOLEAN, HANDLE, LONG, NTSTATUS, PBOOLEAN, PHANDLE, PLARGE_INTEGER, PLUID, PNTSTATUS, - POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, ULONG, UNICODE_STRING, USHORT, -}; -use winapi::um::winnt::{ - ACCESS_MASK, AUDIT_EVENT_TYPE, PACCESS_MASK, PGENERIC_MAPPING, POBJECT_TYPE_LIST, - PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES, - PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER, - PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, SE_SIGNING_LEVEL, - TOKEN_INFORMATION_CLASS, TOKEN_TYPE, -}; -pub const SE_MIN_WELL_KNOWN_PRIVILEGE: LONG = 2; -pub const SE_CREATE_TOKEN_PRIVILEGE: LONG = 2; -pub const SE_ASSIGNPRIMARYTOKEN_PRIVILEGE: LONG = 3; -pub const SE_LOCK_MEMORY_PRIVILEGE: LONG = 4; -pub const SE_INCREASE_QUOTA_PRIVILEGE: LONG = 5; -pub const SE_MACHINE_ACCOUNT_PRIVILEGE: LONG = 6; -pub const SE_TCB_PRIVILEGE: LONG = 7; -pub const SE_SECURITY_PRIVILEGE: LONG = 8; -pub const SE_TAKE_OWNERSHIP_PRIVILEGE: LONG = 9; -pub const SE_LOAD_DRIVER_PRIVILEGE: LONG = 10; -pub const SE_SYSTEM_PROFILE_PRIVILEGE: LONG = 11; -pub const SE_SYSTEMTIME_PRIVILEGE: LONG = 12; -pub const SE_PROF_SINGLE_PROCESS_PRIVILEGE: LONG = 13; -pub const SE_INC_BASE_PRIORITY_PRIVILEGE: LONG = 14; -pub const SE_CREATE_PAGEFILE_PRIVILEGE: LONG = 15; -pub const SE_CREATE_PERMANENT_PRIVILEGE: LONG = 16; -pub const SE_BACKUP_PRIVILEGE: LONG = 17; -pub const SE_RESTORE_PRIVILEGE: LONG = 18; -pub const SE_SHUTDOWN_PRIVILEGE: LONG = 19; -pub const SE_DEBUG_PRIVILEGE: LONG = 20; -pub const SE_AUDIT_PRIVILEGE: LONG = 21; -pub const SE_SYSTEM_ENVIRONMENT_PRIVILEGE: LONG = 22; -pub const SE_CHANGE_NOTIFY_PRIVILEGE: LONG = 23; -pub const SE_REMOTE_SHUTDOWN_PRIVILEGE: LONG = 24; -pub const SE_UNDOCK_PRIVILEGE: LONG = 25; -pub const SE_SYNC_AGENT_PRIVILEGE: LONG = 26; -pub const SE_ENABLE_DELEGATION_PRIVILEGE: LONG = 27; -pub const SE_MANAGE_VOLUME_PRIVILEGE: LONG = 28; -pub const SE_IMPERSONATE_PRIVILEGE: LONG = 29; -pub const SE_CREATE_GLOBAL_PRIVILEGE: LONG = 30; -pub const SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE: LONG = 31; -pub const SE_RELABEL_PRIVILEGE: LONG = 32; -pub const SE_INC_WORKING_SET_PRIVILEGE: LONG = 33; -pub const SE_TIME_ZONE_PRIVILEGE: LONG = 34; -pub const SE_CREATE_SYMBOLIC_LINK_PRIVILEGE: LONG = 35; -pub const SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE: LONG = 36; -pub const SE_MAX_WELL_KNOWN_PRIVILEGE: LONG = SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE; -pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID: USHORT = 0x00; -pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64: USHORT = 0x01; -pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64: USHORT = 0x02; -pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING: USHORT = 0x03; -pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN: USHORT = 0x04; -pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_SID: USHORT = 0x05; -pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: USHORT = 0x06; -pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: USHORT = 0x10; -pub const TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE: USHORT = 0x0001; -pub const TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE: USHORT = 0x0002; -pub const TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY: USHORT = 0x0004; -pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT: USHORT = 0x0008; -pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED: USHORT = 0x0010; -pub const TOKEN_SECURITY_ATTRIBUTE_MANDATORY: USHORT = 0x0020; -pub const TOKEN_SECURITY_ATTRIBUTE_COMPARE_IGNORE: USHORT = 0x0040; -pub const TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS: USHORT = TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE - | TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE | TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY - | TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT | TOKEN_SECURITY_ATTRIBUTE_DISABLED - | TOKEN_SECURITY_ATTRIBUTE_MANDATORY; -pub const TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS: u32 = 0xffff0000; -STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE { - Version: ULONG64, - Name: UNICODE_STRING, -}} -pub type PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE = *mut TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE; -STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { - pValue: PVOID, - ValueLength: ULONG, -}} -pub type PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE = - *mut TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE; -UNION!{union TOKEN_SECURITY_ATTRIBUTE_V1_Values { - pInt64: PLONG64, - pUint64: PULONG64, - pString: PUNICODE_STRING, - pFqbn: PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE, - pOctetString: PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, -}} -STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_V1 { - Name: UNICODE_STRING, - ValueType: USHORT, - Reserved: USHORT, - Flags: ULONG, - ValueCount: ULONG, - Values: TOKEN_SECURITY_ATTRIBUTE_V1_Values, -}} -pub type PTOKEN_SECURITY_ATTRIBUTE_V1 = *mut TOKEN_SECURITY_ATTRIBUTE_V1; -pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1: USHORT = 1; -pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION: USHORT = - TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1; -STRUCT!{struct TOKEN_SECURITY_ATTRIBUTES_INFORMATION { - Version: USHORT, - Reserved: USHORT, - AttributeCount: ULONG, - pAttributeV1: PTOKEN_SECURITY_ATTRIBUTE_V1, -}} -pub type PTOKEN_SECURITY_ATTRIBUTES_INFORMATION = *mut TOKEN_SECURITY_ATTRIBUTES_INFORMATION; -STRUCT!{struct TOKEN_PROCESS_TRUST_LEVEL { - TrustLevelSid: PSID, -}} -pub type PTOKEN_PROCESS_TRUST_LEVEL = *mut TOKEN_PROCESS_TRUST_LEVEL; -EXTERN!{extern "system" { - fn NtCreateToken( - TokenHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - TokenType: TOKEN_TYPE, - AuthenticationId: PLUID, - ExpirationTime: PLARGE_INTEGER, - User: PTOKEN_USER, - Groups: PTOKEN_GROUPS, - Privileges: PTOKEN_PRIVILEGES, - Owner: PTOKEN_OWNER, - PrimaryGroup: PTOKEN_PRIMARY_GROUP, - DefaultDacl: PTOKEN_DEFAULT_DACL, - TokenSource: PTOKEN_SOURCE, - ) -> NTSTATUS; - fn NtCreateLowBoxToken( - TokenHandle: PHANDLE, - ExistingTokenHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - PackageSid: PSID, - CapabilityCount: ULONG, - Capabilities: PSID_AND_ATTRIBUTES, - HandleCount: ULONG, - Handles: *mut HANDLE, - ) -> NTSTATUS; - fn NtCreateTokenEx( - TokenHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - TokenType: TOKEN_TYPE, - AuthenticationId: PLUID, - ExpirationTime: PLARGE_INTEGER, - User: PTOKEN_USER, - Groups: PTOKEN_GROUPS, - Privileges: PTOKEN_PRIVILEGES, - UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - DeviceGroups: PTOKEN_GROUPS, - TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY, - Owner: PTOKEN_OWNER, - PrimaryGroup: PTOKEN_PRIMARY_GROUP, - DefaultDacl: PTOKEN_DEFAULT_DACL, - TokenSource: PTOKEN_SOURCE, - ) -> NTSTATUS; - fn NtOpenProcessToken( - ProcessHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - TokenHandle: PHANDLE, - ) -> NTSTATUS; - fn NtOpenProcessTokenEx( - ProcessHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - HandleAttributes: ULONG, - TokenHandle: PHANDLE, - ) -> NTSTATUS; - fn NtOpenThreadToken( - ThreadHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - OpenAsSelf: BOOLEAN, - TokenHandle: PHANDLE, - ) -> NTSTATUS; - fn NtOpenThreadTokenEx( - ThreadHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - OpenAsSelf: BOOLEAN, - HandleAttributes: ULONG, - TokenHandle: PHANDLE, - ) -> NTSTATUS; - fn NtDuplicateToken( - ExistingTokenHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - EffectiveOnly: BOOLEAN, - TokenType: TOKEN_TYPE, - NewTokenHandle: PHANDLE, - ) -> NTSTATUS; - fn NtQueryInformationToken( - TokenHandle: HANDLE, - TokenInformationClass: TOKEN_INFORMATION_CLASS, - TokenInformation: PVOID, - TokenInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtSetInformationToken( - TokenHandle: HANDLE, - TokenInformationClass: TOKEN_INFORMATION_CLASS, - TokenInformation: PVOID, - TokenInformationLength: ULONG, - ) -> NTSTATUS; - fn NtAdjustPrivilegesToken( - TokenHandle: HANDLE, - DisableAllPrivileges: BOOLEAN, - NewState: PTOKEN_PRIVILEGES, - BufferLength: ULONG, - PreviousState: PTOKEN_PRIVILEGES, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtAdjustGroupsToken( - TokenHandle: HANDLE, - ResetToDefault: BOOLEAN, - NewState: PTOKEN_GROUPS, - BufferLength: ULONG, - PreviousState: PTOKEN_GROUPS, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtAdjustTokenClaimsAndDeviceGroups( - TokenHandle: HANDLE, - UserResetToDefault: BOOLEAN, - DeviceResetToDefault: BOOLEAN, - DeviceGroupsResetToDefault: BOOLEAN, - NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - NewDeviceGroupsState: PTOKEN_GROUPS, - UserBufferLength: ULONG, - PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - DeviceBufferLength: ULONG, - PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - DeviceGroupsBufferLength: ULONG, - PreviousDeviceGroups: PTOKEN_GROUPS, - UserReturnLength: PULONG, - DeviceReturnLength: PULONG, - DeviceGroupsReturnBufferLength: PULONG, - ) -> NTSTATUS; - fn NtFilterToken( - ExistingTokenHandle: HANDLE, - Flags: ULONG, - SidsToDisable: PTOKEN_GROUPS, - PrivilegesToDelete: PTOKEN_PRIVILEGES, - RestrictedSids: PTOKEN_GROUPS, - NewTokenHandle: PHANDLE, - ) -> NTSTATUS; - fn NtFilterTokenEx( - ExistingTokenHandle: HANDLE, - Flags: ULONG, - SidsToDisable: PTOKEN_GROUPS, - PrivilegesToDelete: PTOKEN_PRIVILEGES, - RestrictedSids: PTOKEN_GROUPS, - DisableUserClaimsCount: ULONG, - UserClaimsToDisable: PUNICODE_STRING, - DisableDeviceClaimsCount: ULONG, - DeviceClaimsToDisable: PUNICODE_STRING, - DeviceGroupsToDisable: PTOKEN_GROUPS, - RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - RestrictedDeviceGroups: PTOKEN_GROUPS, - NewTokenHandle: PHANDLE, - ) -> NTSTATUS; - fn NtCompareTokens( - FirstTokenHandle: HANDLE, - SecondTokenHandle: HANDLE, - Equal: PBOOLEAN, - ) -> NTSTATUS; - fn NtPrivilegeCheck( - ClientToken: HANDLE, - RequiredPrivileges: PPRIVILEGE_SET, - Result: PBOOLEAN, - ) -> NTSTATUS; - fn NtImpersonateAnonymousToken( - ThreadHandle: HANDLE, - ) -> NTSTATUS; - fn NtQuerySecurityAttributesToken( - TokenHandle: HANDLE, - Attributes: PUNICODE_STRING, - NumberOfAttributes: ULONG, - Buffer: PVOID, - Length: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtAccessCheck( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ClientToken: HANDLE, - DesiredAccess: ACCESS_MASK, - GenericMapping: PGENERIC_MAPPING, - PrivilegeSet: PPRIVILEGE_SET, - PrivilegeSetLength: PULONG, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - ) -> NTSTATUS; - fn NtAccessCheckByType( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - PrincipalSelfSid: PSID, - ClientToken: HANDLE, - DesiredAccess: ACCESS_MASK, - ObjectTypeList: POBJECT_TYPE_LIST, - ObjectTypeListLength: ULONG, - GenericMapping: PGENERIC_MAPPING, - PrivilegeSet: PPRIVILEGE_SET, - PrivilegeSetLength: PULONG, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - ) -> NTSTATUS; - fn NtAccessCheckByTypeResultList( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - PrincipalSelfSid: PSID, - ClientToken: HANDLE, - DesiredAccess: ACCESS_MASK, - ObjectTypeList: POBJECT_TYPE_LIST, - ObjectTypeListLength: ULONG, - GenericMapping: PGENERIC_MAPPING, - PrivilegeSet: PPRIVILEGE_SET, - PrivilegeSetLength: PULONG, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - ) -> NTSTATUS; - fn NtSetCachedSigningLevel( - Flags: ULONG, - InputSigningLevel: SE_SIGNING_LEVEL, - SourceFiles: PHANDLE, - SourceFileCount: ULONG, - TargetFile: HANDLE, - ) -> NTSTATUS; - fn NtGetCachedSigningLevel( - File: HANDLE, - Flags: PULONG, - SigningLevel: PSE_SIGNING_LEVEL, - Thumbprint: PUCHAR, - ThumbprintSize: PULONG, - ThumbprintAlgorithm: PULONG, - ) -> NTSTATUS; - fn NtAccessCheckAndAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - ObjectTypeName: PUNICODE_STRING, - ObjectName: PUNICODE_STRING, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - DesiredAccess: ACCESS_MASK, - GenericMapping: PGENERIC_MAPPING, - ObjectCreation: BOOLEAN, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - GenerateOnClose: PBOOLEAN, - ) -> NTSTATUS; - fn NtAccessCheckByTypeAndAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - ObjectTypeName: PUNICODE_STRING, - ObjectName: PUNICODE_STRING, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - PrincipalSelfSid: PSID, - DesiredAccess: ACCESS_MASK, - AuditType: AUDIT_EVENT_TYPE, - Flags: ULONG, - ObjectTypeList: POBJECT_TYPE_LIST, - ObjectTypeListLength: ULONG, - GenericMapping: PGENERIC_MAPPING, - ObjectCreation: BOOLEAN, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - GenerateOnClose: PBOOLEAN, - ) -> NTSTATUS; - fn NtAccessCheckByTypeResultListAndAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - ObjectTypeName: PUNICODE_STRING, - ObjectName: PUNICODE_STRING, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - PrincipalSelfSid: PSID, - DesiredAccess: ACCESS_MASK, - AuditType: AUDIT_EVENT_TYPE, - Flags: ULONG, - ObjectTypeList: POBJECT_TYPE_LIST, - ObjectTypeListLength: ULONG, - GenericMapping: PGENERIC_MAPPING, - ObjectCreation: BOOLEAN, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - GenerateOnClose: PBOOLEAN, - ) -> NTSTATUS; - fn NtAccessCheckByTypeResultListAndAuditAlarmByHandle( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - ClientToken: HANDLE, - ObjectTypeName: PUNICODE_STRING, - ObjectName: PUNICODE_STRING, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - PrincipalSelfSid: PSID, - DesiredAccess: ACCESS_MASK, - AuditType: AUDIT_EVENT_TYPE, - Flags: ULONG, - ObjectTypeList: POBJECT_TYPE_LIST, - ObjectTypeListLength: ULONG, - GenericMapping: PGENERIC_MAPPING, - ObjectCreation: BOOLEAN, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - GenerateOnClose: PBOOLEAN, - ) -> NTSTATUS; - fn NtOpenObjectAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - ObjectTypeName: PUNICODE_STRING, - ObjectName: PUNICODE_STRING, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ClientToken: HANDLE, - DesiredAccess: ACCESS_MASK, - GrantedAccess: ACCESS_MASK, - Privileges: PPRIVILEGE_SET, - ObjectCreation: BOOLEAN, - AccessGranted: BOOLEAN, - GenerateOnClose: PBOOLEAN, - ) -> NTSTATUS; - fn NtPrivilegeObjectAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - ClientToken: HANDLE, - DesiredAccess: ACCESS_MASK, - Privileges: PPRIVILEGE_SET, - AccessGranted: BOOLEAN, - ) -> NTSTATUS; - fn NtCloseObjectAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - GenerateOnClose: BOOLEAN, - ) -> NTSTATUS; - fn NtDeleteObjectAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - GenerateOnClose: BOOLEAN, - ) -> NTSTATUS; - fn NtPrivilegedServiceAuditAlarm( - SubsystemName: PUNICODE_STRING, - ServiceName: PUNICODE_STRING, - ClientToken: HANDLE, - Privileges: PPRIVILEGE_SET, - AccessGranted: BOOLEAN, - ) -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/ntsmss.rs b/vendor/ntapi/src/ntsmss.rs deleted file mode 100644 index b22991fb7..000000000 --- a/vendor/ntapi/src/ntsmss.rs +++ /dev/null @@ -1,15 +0,0 @@ -use crate::ntlpcapi::PPORT_MESSAGE; -use winapi::shared::minwindef::DWORD; -use winapi::shared::ntdef::{HANDLE, NTSTATUS, PHANDLE, PUNICODE_STRING}; -EXTERN!{extern "system" { - fn RtlConnectToSm( - ApiPortName: PUNICODE_STRING, - ApiPortHandle: HANDLE, - ProcessImageType: DWORD, - SmssConnection: PHANDLE, - ) -> NTSTATUS; - fn RtlSendMsgToSm( - ApiPortHandle: HANDLE, - MessageData: PPORT_MESSAGE, - ) -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/nttmapi.rs b/vendor/ntapi/src/nttmapi.rs deleted file mode 100644 index 3ed499a92..000000000 --- a/vendor/ntapi/src/nttmapi.rs +++ /dev/null @@ -1,239 +0,0 @@ -use winapi::shared::basetsd::ULONG_PTR; -use winapi::shared::guiddef::LPGUID; -use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION}; -use winapi::shared::ntdef::{ - BOOLEAN, HANDLE, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, - PUNICODE_STRING, PVOID, ULONG, -}; -use winapi::um::winnt::{ - ACCESS_MASK, ENLISTMENT_INFORMATION_CLASS, KTMOBJECT_TYPE, PKTMOBJECT_CURSOR, - RESOURCEMANAGER_INFORMATION_CLASS, TRANSACTIONMANAGER_INFORMATION_CLASS, - TRANSACTION_INFORMATION_CLASS, -}; -EXTERN!{extern "system" { - fn NtCreateTransactionManager( - TmHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - LogFileName: PUNICODE_STRING, - CreateOptions: ULONG, - CommitStrength: ULONG, - ) -> NTSTATUS; - fn NtOpenTransactionManager( - TmHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - LogFileName: PUNICODE_STRING, - TmIdentity: LPGUID, - OpenOptions: ULONG, - ) -> NTSTATUS; - fn NtRenameTransactionManager( - LogFileName: PUNICODE_STRING, - ExistingTransactionManagerGuid: LPGUID, - ) -> NTSTATUS; - fn NtRollforwardTransactionManager( - TransactionManagerHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtRecoverTransactionManager( - TransactionManagerHandle: HANDLE, - ) -> NTSTATUS; - fn NtQueryInformationTransactionManager( - TransactionManagerHandle: HANDLE, - TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, - TransactionManagerInformation: PVOID, - TransactionManagerInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtSetInformationTransactionManager( - TmHandle: HANDLE, - TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, - TransactionManagerInformation: PVOID, - TransactionManagerInformationLength: ULONG, - ) -> NTSTATUS; - fn NtEnumerateTransactionObject( - RootObjectHandle: HANDLE, - QueryType: KTMOBJECT_TYPE, - ObjectCursor: PKTMOBJECT_CURSOR, - ObjectCursorLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtCreateTransaction( - TransactionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - Uow: LPGUID, - TmHandle: HANDLE, - CreateOptions: ULONG, - IsolationLevel: ULONG, - IsolationFlags: ULONG, - Timeout: PLARGE_INTEGER, - Description: PUNICODE_STRING, - ) -> NTSTATUS; - fn NtOpenTransaction( - TransactionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - Uow: LPGUID, - TmHandle: HANDLE, - ) -> NTSTATUS; - fn NtQueryInformationTransaction( - TransactionHandle: HANDLE, - TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, - TransactionInformation: PVOID, - TransactionInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtSetInformationTransaction( - TransactionHandle: HANDLE, - TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, - TransactionInformation: PVOID, - TransactionInformationLength: ULONG, - ) -> NTSTATUS; - fn NtCommitTransaction( - TransactionHandle: HANDLE, - Wait: BOOLEAN, - ) -> NTSTATUS; - fn NtRollbackTransaction( - TransactionHandle: HANDLE, - Wait: BOOLEAN, - ) -> NTSTATUS; - fn NtCreateEnlistment( - EnlistmentHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ResourceManagerHandle: HANDLE, - TransactionHandle: HANDLE, - ObjectAttributes: POBJECT_ATTRIBUTES, - CreateOptions: ULONG, - NotificationMask: NOTIFICATION_MASK, - EnlistmentKey: PVOID, - ) -> NTSTATUS; - fn NtOpenEnlistment( - EnlistmentHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ResourceManagerHandle: HANDLE, - EnlistmentGuid: LPGUID, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtQueryInformationEnlistment( - EnlistmentHandle: HANDLE, - EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, - EnlistmentInformation: PVOID, - EnlistmentInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtSetInformationEnlistment( - EnlistmentHandle: HANDLE, - EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, - EnlistmentInformation: PVOID, - EnlistmentInformationLength: ULONG, - ) -> NTSTATUS; - fn NtRecoverEnlistment( - EnlistmentHandle: HANDLE, - EnlistmentKey: PVOID, - ) -> NTSTATUS; - fn NtPrePrepareEnlistment( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtPrepareEnlistment( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtCommitEnlistment( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtRollbackEnlistment( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtPrePrepareComplete( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtPrepareComplete( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtCommitComplete( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtReadOnlyEnlistment( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtRollbackComplete( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtSinglePhaseReject( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtCreateResourceManager( - ResourceManagerHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - TmHandle: HANDLE, - RmGuid: LPGUID, - ObjectAttributes: POBJECT_ATTRIBUTES, - CreateOptions: ULONG, - Description: PUNICODE_STRING, - ) -> NTSTATUS; - fn NtOpenResourceManager( - ResourceManagerHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - TmHandle: HANDLE, - ResourceManagerGuid: LPGUID, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn NtRecoverResourceManager( - ResourceManagerHandle: HANDLE, - ) -> NTSTATUS; - fn NtGetNotificationResourceManager( - ResourceManagerHandle: HANDLE, - TransactionNotification: PTRANSACTION_NOTIFICATION, - NotificationLength: ULONG, - Timeout: PLARGE_INTEGER, - ReturnLength: PULONG, - Asynchronous: ULONG, - AsynchronousContext: ULONG_PTR, - ) -> NTSTATUS; - fn NtQueryInformationResourceManager( - ResourceManagerHandle: HANDLE, - ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, - ResourceManagerInformation: PVOID, - ResourceManagerInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn NtSetInformationResourceManager( - ResourceManagerHandle: HANDLE, - ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, - ResourceManagerInformation: PVOID, - ResourceManagerInformationLength: ULONG, - ) -> NTSTATUS; - fn NtRegisterProtocolAddressInformation( - ResourceManager: HANDLE, - ProtocolId: PCRM_PROTOCOL_ID, - ProtocolInformationSize: ULONG, - ProtocolInformation: PVOID, - CreateOptions: ULONG, - ) -> NTSTATUS; - fn NtPropagationComplete( - ResourceManagerHandle: HANDLE, - RequestCookie: ULONG, - BufferLength: ULONG, - Buffer: PVOID, - ) -> NTSTATUS; - fn NtPropagationFailed( - ResourceManagerHandle: HANDLE, - RequestCookie: ULONG, - PropStatus: NTSTATUS, - ) -> NTSTATUS; - fn NtFreezeTransactions( - FreezeTimeout: PLARGE_INTEGER, - ThawTimeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn NtThawTransactions() -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/nttp.rs b/vendor/ntapi/src/nttp.rs deleted file mode 100644 index a41eb344a..000000000 --- a/vendor/ntapi/src/nttp.rs +++ /dev/null @@ -1,207 +0,0 @@ -use crate::ntioapi::PIO_STATUS_BLOCK; -use winapi::shared::ntdef::{HANDLE, LOGICAL, LONG, NTSTATUS, PLARGE_INTEGER, PVOID}; -use winapi::um::winnt::{ - PRTL_CRITICAL_SECTION, PTP_CALLBACK_ENVIRON, PTP_CALLBACK_INSTANCE, PTP_CLEANUP_GROUP, PTP_IO, - PTP_POOL, PTP_POOL_STACK_INFORMATION, PTP_SIMPLE_CALLBACK, PTP_TIMER, PTP_TIMER_CALLBACK, - PTP_WAIT, PTP_WAIT_CALLBACK, PTP_WORK, PTP_WORK_CALLBACK, -}; -#[repr(C)] -pub struct TP_ALPC([u8; 0]); -pub type PTP_ALPC = *mut TP_ALPC; -FN!{stdcall PTP_ALPC_CALLBACK( - Instance: PTP_CALLBACK_INSTANCE, - Context: PVOID, - Alpc: PTP_ALPC, -) -> ()} -FN!{stdcall PTP_ALPC_CALLBACK_EX( - Instanc: PTP_CALLBACK_INSTANCE, - Contex: PVOID, - Alp: PTP_ALPC, - ApcContext: PVOID, -) -> ()} -EXTERN!{extern "system" { - fn TpAllocPool( - PoolReturn: *mut PTP_POOL, - Reserved: PVOID, - ) -> NTSTATUS; - fn TpReleasePool( - Pool: PTP_POOL, - ); - fn TpSetPoolMaxThreads( - Pool: PTP_POOL, - MaxThreads: LONG, - ); - fn TpSetPoolMinThreads( - Pool: PTP_POOL, - MinThreads: LONG, - ) -> NTSTATUS; - fn TpQueryPoolStackInformation( - Pool: PTP_POOL, - PoolStackInformation: PTP_POOL_STACK_INFORMATION, - ) -> NTSTATUS; - fn TpSetPoolStackInformation( - Pool: PTP_POOL, - PoolStackInformation: PTP_POOL_STACK_INFORMATION, - ) -> NTSTATUS; - fn TpAllocCleanupGroup( - CleanupGroupReturn: *mut PTP_CLEANUP_GROUP, - ) -> NTSTATUS; - fn TpReleaseCleanupGroup( - CleanupGroup: PTP_CLEANUP_GROUP, - ); - fn TpReleaseCleanupGroupMembers( - CleanupGroup: PTP_CLEANUP_GROUP, - CancelPendingCallbacks: LOGICAL, - CleanupParameter: PVOID, - ); - fn TpCallbackSetEventOnCompletion( - Instance: PTP_CALLBACK_INSTANCE, - Event: HANDLE, - ); - fn TpCallbackReleaseSemaphoreOnCompletion( - Instance: PTP_CALLBACK_INSTANCE, - Semaphore: HANDLE, - ReleaseCount: LONG, - ); - fn TpCallbackReleaseMutexOnCompletion( - Instance: PTP_CALLBACK_INSTANCE, - Mutex: HANDLE, - ); - fn TpCallbackLeaveCriticalSectionOnCompletion( - Instance: PTP_CALLBACK_INSTANCE, - CriticalSection: PRTL_CRITICAL_SECTION, - ); - fn TpCallbackUnloadDllOnCompletion( - Instance: PTP_CALLBACK_INSTANCE, - DllHandle: PVOID, - ); - fn TpCallbackMayRunLong( - Instance: PTP_CALLBACK_INSTANCE, - ) -> NTSTATUS; - fn TpDisassociateCallback( - Instance: PTP_CALLBACK_INSTANCE, - ); - fn TpSimpleTryPost( - Callback: PTP_SIMPLE_CALLBACK, - Context: PVOID, - CallbackEnviron: PTP_CALLBACK_ENVIRON, - ) -> NTSTATUS; - fn TpAllocWork( - WorkReturn: *mut PTP_WORK, - Callback: PTP_WORK_CALLBACK, - Context: PVOID, - CallbackEnviron: PTP_CALLBACK_ENVIRON, - ) -> NTSTATUS; - fn TpReleaseWork( - Work: PTP_WORK, - ); - fn TpPostWork( - Work: PTP_WORK, - ); - fn TpWaitForWork( - Work: PTP_WORK, - CancelPendingCallbacks: LOGICAL, - ); - fn TpAllocTimer( - Timer: *mut PTP_TIMER, - Callback: PTP_TIMER_CALLBACK, - Context: PVOID, - CallbackEnviron: PTP_CALLBACK_ENVIRON, - ) -> NTSTATUS; - fn TpReleaseTimer( - Timer: PTP_TIMER, - ); - fn TpSetTimer( - Timer: PTP_TIMER, - DueTime: PLARGE_INTEGER, - Period: LONG, - WindowLength: LONG, - ); - fn TpIsTimerSet( - Timer: PTP_TIMER, - ) -> LOGICAL; - fn TpWaitForTimer( - Timer: PTP_TIMER, - CancelPendingCallbacks: LOGICAL, - ); - fn TpAllocWait( - WaitReturn: *mut PTP_WAIT, - Callback: PTP_WAIT_CALLBACK, - Context: PVOID, - CallbackEnviron: PTP_CALLBACK_ENVIRON, - ) -> NTSTATUS; - fn TpReleaseWait( - Wait: PTP_WAIT, - ); - fn TpSetWait( - Wait: PTP_WAIT, - Handle: HANDLE, - Timeout: PLARGE_INTEGER, - ); - fn TpWaitForWait( - Wait: PTP_WAIT, - CancelPendingCallbacks: LOGICAL, - ); -}} -FN!{stdcall PTP_IO_CALLBACK( - Instance: PTP_CALLBACK_INSTANCE, - Context: PVOID, - ApcContext: PVOID, - IoSB: PIO_STATUS_BLOCK, - Io: PTP_IO, -) -> ()} -EXTERN!{extern "system" { - fn TpAllocIoCompletion( - IoReturn: *mut PTP_IO, - File: HANDLE, - Callback: PTP_IO_CALLBACK, - Context: PVOID, - CallbackEnviron: PTP_CALLBACK_ENVIRON, - ) -> NTSTATUS; - fn TpReleaseIoCompletion( - Io: PTP_IO, - ); - fn TpStartAsyncIoOperation( - Io: PTP_IO, - ); - fn TpCancelAsyncIoOperation( - Io: PTP_IO, - ); - fn TpWaitForIoCompletion( - Io: PTP_IO, - CancelPendingCallbacks: LOGICAL, - ); - fn TpAllocAlpcCompletion( - AlpcReturn: *mut PTP_ALPC, - AlpcPort: HANDLE, - Callback: PTP_ALPC_CALLBACK, - Context: PVOID, - CallbackEnviron: PTP_CALLBACK_ENVIRON, - ) -> NTSTATUS; - fn TpAllocAlpcCompletionEx( - AlpcReturn: *mut PTP_ALPC, - AlpcPort: HANDLE, - Callback: PTP_ALPC_CALLBACK_EX, - Context: PVOID, - CallbackEnviron: PTP_CALLBACK_ENVIRON, - ) -> NTSTATUS; - fn TpReleaseAlpcCompletion( - Alpc: PTP_ALPC, - ); - fn TpWaitForAlpcCompletion( - Alpc: PTP_ALPC, - ); -}} -ENUM!{enum TP_TRACE_TYPE { - TpTraceThreadPriority = 1, - TpTraceThreadAffinity = 2, - MaxTpTraceType = 3, -}} -EXTERN!{extern "system" { - fn TpCaptureCaller( - Type: TP_TRACE_TYPE, - ); - fn TpCheckTerminateWorker( - Thread: HANDLE, - ); -}} diff --git a/vendor/ntapi/src/ntwow64.rs b/vendor/ntapi/src/ntwow64.rs deleted file mode 100644 index 9a95ae2ae..000000000 --- a/vendor/ntapi/src/ntwow64.rs +++ /dev/null @@ -1,476 +0,0 @@ -use core::mem::size_of; -use crate::ntapi_base::CLIENT_ID32; -use crate::ntldr::{LDR_DDAG_STATE, LDR_DLL_LOAD_REASON}; -use crate::ntpsapi::GDI_HANDLE_BUFFER32; -use crate::ntrtl::RTL_MAX_DRIVE_LETTERS; -use crate::string::{UTF16Const, UTF8Const}; -use winapi::shared::guiddef::GUID; -use winapi::shared::ntdef::{ - BOOLEAN, CHAR, LARGE_INTEGER, LCID, LIST_ENTRY32, LONG, NTSTATUS, PROCESSOR_NUMBER, - SINGLE_LIST_ENTRY32, STRING32, UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, - UNICODE_STRING32, USHORT, WCHAR, -}; -use winapi::um::winnt::{FLS_MAXIMUM_AVAILABLE, NT_TIB32}; -pub const WOW64_SYSTEM_DIRECTORY: UTF8Const = UTF8Const("SysWOW64\0"); -/// "SysWOW64" -pub const WOW64_SYSTEM_DIRECTORY_U: UTF16Const = UTF16Const(&[ - 0x0053, 0x0079, 0x0073, 0x0057, 0x004F, 0x0057, 0x0036, 0x0034, 0u16, -]); -pub const WOW64_X86_TAG: UTF8Const = UTF8Const(" (x86)\0"); -/// " (x86)" -pub const WOW64_X86_TAG_U: UTF16Const = UTF16Const(&[ - 0x0020, 0x0028, 0x0078, 0x0038, 0x0036, 0x0029, 0u16, -]); -ENUM!{enum WOW64_SHARED_INFORMATION { - SharedNtdll32LdrInitializeThunk = 0, - SharedNtdll32KiUserExceptionDispatcher = 1, - SharedNtdll32KiUserApcDispatcher = 2, - SharedNtdll32KiUserCallbackDispatcher = 3, - SharedNtdll32ExpInterlockedPopEntrySListFault = 4, - SharedNtdll32ExpInterlockedPopEntrySListResume = 5, - SharedNtdll32ExpInterlockedPopEntrySListEnd = 6, - SharedNtdll32RtlUserThreadStart = 7, - SharedNtdll32pQueryProcessDebugInformationRemote = 8, - SharedNtdll32BaseAddress = 9, - SharedNtdll32LdrSystemDllInitBlock = 10, - Wow64SharedPageEntriesCount = 11, -}} -STRUCT!{struct RTL_BALANCED_NODE32_u_s { - Left: ULONG, // WOW64_POINTER - Right: ULONG, // WOW64_POINTER -}} -UNION!{union RTL_BALANCED_NODE32_u { - Children: [ULONG; 2], // WOW64_POINTER - s: RTL_BALANCED_NODE32_u_s, -}} -STRUCT!{struct RTL_BALANCED_NODE32 { - u: RTL_BALANCED_NODE32_u, - ParentValue: ULONG, -}} -pub type PRTL_BALANCED_NODE32 = *mut RTL_BALANCED_NODE32; -STRUCT!{struct RTL_RB_TREE32 { - Root: ULONG, // WOW64_POINTER - Min: ULONG, // WOW64_POINTER -}} -pub type PRTL_RB_TREE32 = *mut RTL_RB_TREE32; -STRUCT!{struct PEB_LDR_DATA32 { - Length: ULONG, - Initialized: BOOLEAN, - SsHandle: ULONG, - InLoadOrderModuleList: LIST_ENTRY32, - InMemoryOrderModuleList: LIST_ENTRY32, - InInitializationOrderModuleList: LIST_ENTRY32, - EntryInProgress: ULONG, - ShutdownInProgress: BOOLEAN, - ShutdownThreadId: ULONG, -}} -pub type PPEB_LDR_DATA32 = *mut PEB_LDR_DATA32; -STRUCT!{struct LDR_SERVICE_TAG_RECORD32 { - Next: ULONG, - ServiceTag: ULONG, -}} -pub type PLDR_SERVICE_TAG_RECORD32 = *mut LDR_SERVICE_TAG_RECORD32; -STRUCT!{struct LDRP_CSLIST32 { - Tail: ULONG, // WOW64_POINTER -}} -pub type PLDRP_CSLIST32 = *mut LDRP_CSLIST32; -UNION!{union LDR_DDAG_NODE32_u { - Dependencies: LDRP_CSLIST32, - RemovalLink: SINGLE_LIST_ENTRY32, -}} -STRUCT!{struct LDR_DDAG_NODE32 { - Modules: LIST_ENTRY32, - ServiceTagList: ULONG, // WOW64_POINTER - LoadCount: ULONG, - LoadWhileUnloadingCount: ULONG, - LowestLink: ULONG, - u: LDR_DDAG_NODE32_u, - IncomingDependencies: LDRP_CSLIST32, - State: LDR_DDAG_STATE, - CondenseLink: SINGLE_LIST_ENTRY32, - PreorderNumber: ULONG, -}} -pub type PLDR_DDAG_NODE32 = *mut LDR_DDAG_NODE32; -pub const LDR_DATA_TABLE_ENTRY_SIZE_WINXP_32: usize = 80; -pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN7_32: usize = 144; -pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN8_32: usize = 152; -UNION!{union LDR_DATA_TABLE_ENTRY32_u1 { - InInitializationOrderLinks: LIST_ENTRY32, - InProgressLinks: LIST_ENTRY32, -}} -UNION!{union LDR_DATA_TABLE_ENTRY32_u2 { - FlagGroup: [UCHAR; 4], - Flags: ULONG, -}} -STRUCT!{struct LDR_DATA_TABLE_ENTRY32 { - InLoadOrderLinks: LIST_ENTRY32, - InMemoryOrderLinks: LIST_ENTRY32, - u1: LDR_DATA_TABLE_ENTRY32_u1, - DllBase: ULONG, // WOW64_POINTER - EntryPoint: ULONG, // WOW64_POINTER - SizeOfImage: ULONG, - FullDllName: UNICODE_STRING32, - BaseDllName: UNICODE_STRING32, - u2: LDR_DATA_TABLE_ENTRY32_u2, - ObsoleteLoadCount: USHORT, - TlsIndex: USHORT, - HashLinks: LIST_ENTRY32, - TimeDateStamp: ULONG, - EntryPointActivationContext: ULONG, // WOW64_POINTER - Lock: ULONG, // WOW64_POINTER - DdagNode: ULONG, // WOW64_POINTER - NodeModuleLink: LIST_ENTRY32, - LoadContext: ULONG, // WOW64_POINTER - ParentDllBase: ULONG, // WOW64_POINTER - SwitchBackContext: ULONG, // WOW64_POINTER - BaseAddressIndexNode: RTL_BALANCED_NODE32, - MappingInfoIndexNode: RTL_BALANCED_NODE32, - OriginalBase: ULONG, - LoadTime: LARGE_INTEGER, - BaseNameHashValue: ULONG, - LoadReason: LDR_DLL_LOAD_REASON, - ImplicitPathOptions: ULONG, - ReferenceCount: ULONG, - DependentLoadFlags: ULONG, - SigningLevel: UCHAR, -}} -BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY32_u2 Flags: ULONG [ - PackagedBinary set_PackagedBinary[0..1], - MarkedForRemoval set_MarkedForRemoval[1..2], - ImageDll set_ImageDll[2..3], - LoadNotificationsSent set_LoadNotificationsSent[3..4], - TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5], - ProcessStaticImport set_ProcessStaticImport[5..6], - InLegacyLists set_InLegacyLists[6..7], - InIndexes set_InIndexes[7..8], - ShimDll set_ShimDll[8..9], - InExceptionTable set_InExceptionTable[9..10], - ReservedFlags1 set_ReservedFlags1[10..12], - LoadInProgress set_LoadInProgress[12..13], - LoadConfigProcessed set_LoadConfigProcessed[13..14], - EntryProcessed set_EntryProcessed[14..15], - ProtectDelayLoad set_ProtectDelayLoad[15..16], - ReservedFlags3 set_ReservedFlags3[16..18], - DontCallForThreads set_DontCallForThreads[18..19], - ProcessAttachCalled set_ProcessAttachCalled[19..20], - ProcessAttachFailed set_ProcessAttachFailed[20..21], - CorDeferredValidate set_CorDeferredValidate[21..22], - CorImage set_CorImage[22..23], - DontRelocate set_DontRelocate[23..24], - CorILOnly set_CorILOnly[24..25], - ReservedFlags5 set_ReservedFlags5[25..28], - Redirected set_Redirected[28..29], - ReservedFlags6 set_ReservedFlags6[29..31], - CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32], -]} -pub type PLDR_DATA_TABLE_ENTRY32 = *mut LDR_DATA_TABLE_ENTRY32; -STRUCT!{struct CURDIR32 { - DosPath: UNICODE_STRING32, - Handle: ULONG, // WOW64_POINTER -}} -pub type PCURDIR32 = *mut CURDIR32; -STRUCT!{struct RTL_DRIVE_LETTER_CURDIR32 { - Flags: USHORT, - Length: USHORT, - TimeStamp: ULONG, - DosPath: STRING32, -}} -pub type PRTL_DRIVE_LETTER_CURDIR32 = *mut RTL_DRIVE_LETTER_CURDIR32; -STRUCT!{struct RTL_USER_PROCESS_PARAMETERS32 { - MaximumLength: ULONG, - Length: ULONG, - Flags: ULONG, - DebugFlags: ULONG, - ConsoleHandle: ULONG, // WOW64_POINTER - ConsoleFlags: ULONG, - StandardInput: ULONG, // WOW64_POINTER - StandardOutput: ULONG, // WOW64_POINTER - StandardError: ULONG, // WOW64_POINTER - CurrentDirectory: CURDIR32, - DllPath: UNICODE_STRING32, - ImagePathName: UNICODE_STRING32, - CommandLine: UNICODE_STRING32, - Environment: ULONG, // WOW64_POINTER - StartingX: ULONG, - StartingY: ULONG, - CountX: ULONG, - CountY: ULONG, - CountCharsX: ULONG, - CountCharsY: ULONG, - FillAttribute: ULONG, - WindowFlags: ULONG, - ShowWindowFlags: ULONG, - WindowTitle: UNICODE_STRING32, - DesktopInfo: UNICODE_STRING32, - ShellInfo: UNICODE_STRING32, - RuntimeData: UNICODE_STRING32, - CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR32; RTL_MAX_DRIVE_LETTERS], - EnvironmentSize: ULONG, - EnvironmentVersion: ULONG, - PackageDependencyData: ULONG, // WOW64_POINTER - ProcessGroupId: ULONG, - LoaderThreads: ULONG, -}} -pub type PRTL_USER_PROCESS_PARAMETERS32 = *mut RTL_USER_PROCESS_PARAMETERS32; -UNION!{union PEB32_u { - KernelCallbackTable: ULONG, // WOW64_POINTER - UserSharedInfoPtr: ULONG, // WOW64_POINTER -}} -STRUCT!{struct PEB32 { - InheritedAddressSpace: BOOLEAN, - ReadImageFileExecOptions: BOOLEAN, - BeingDebugged: BOOLEAN, - BitField: BOOLEAN, - Mutant: ULONG, // WOW64_POINTER - ImageBaseAddress: ULONG, // WOW64_POINTER - Ldr: ULONG, // WOW64_POINTER - ProcessParameters: ULONG, // WOW64_POINTER - SubSystemData: ULONG, // WOW64_POINTER - ProcessHeap: ULONG, // WOW64_POINTER - FastPebLock: ULONG, // WOW64_POINTER - AtlThunkSListPtr: ULONG, // WOW64_POINTER - IFEOKey: ULONG, // WOW64_POINTER - CrossProcessFlags: ULONG, - u: PEB32_u, - SystemReserved: [ULONG; 1], - AtlThunkSListPtr32: ULONG, - ApiSetMap: ULONG, // WOW64_POINTER - TlsExpansionCounter: ULONG, - TlsBitmap: ULONG, // WOW64_POINTER - TlsBitmapBits: [ULONG; 2], - ReadOnlySharedMemoryBase: ULONG, // WOW64_POINTER - HotpatchInformation: ULONG, // WOW64_POINTER - ReadOnlyStaticServerData: ULONG, // WOW64_POINTER - AnsiCodePageData: ULONG, // WOW64_POINTER - OemCodePageData: ULONG, // WOW64_POINTER - UnicodeCaseTableData: ULONG, // WOW64_POINTER - NumberOfProcessors: ULONG, - NtGlobalFlag: ULONG, - CriticalSectionTimeout: LARGE_INTEGER, - HeapSegmentReserve: ULONG, - HeapSegmentCommit: ULONG, - HeapDeCommitTotalFreeThreshold: ULONG, - HeapDeCommitFreeBlockThreshold: ULONG, - NumberOfHeaps: ULONG, - MaximumNumberOfHeaps: ULONG, - ProcessHeaps: ULONG, // WOW64_POINTER - GdiSharedHandleTable: ULONG, // WOW64_POINTER - ProcessStarterHelper: ULONG, // WOW64_POINTER - GdiDCAttributeList: ULONG, - LoaderLock: ULONG, // WOW64_POINTER - OSMajorVersion: ULONG, - OSMinorVersion: ULONG, - OSBuildNumber: USHORT, - OSCSDVersion: USHORT, - OSPlatformId: ULONG, - ImageSubsystem: ULONG, - ImageSubsystemMajorVersion: ULONG, - ImageSubsystemMinorVersion: ULONG, - ActiveProcessAffinityMask: ULONG, - GdiHandleBuffer: GDI_HANDLE_BUFFER32, - PostProcessInitRoutine: ULONG, // WOW64_POINTER - TlsExpansionBitmap: ULONG, // WOW64_POINTER - TlsExpansionBitmapBits: [ULONG; 32], - SessionId: ULONG, - AppCompatFlags: ULARGE_INTEGER, - AppCompatFlagsUser: ULARGE_INTEGER, - pShimData: ULONG, // WOW64_POINTER - AppCompatInfo: ULONG, // WOW64_POINTER - CSDVersion: UNICODE_STRING32, - ActivationContextData: ULONG, // WOW64_POINTER - ProcessAssemblyStorageMap: ULONG, // WOW64_POINTER - SystemDefaultActivationContextData: ULONG, // WOW64_POINTER - SystemAssemblyStorageMap: ULONG, // WOW64_POINTER - MinimumStackCommit: ULONG, - FlsCallback: ULONG, // WOW64_POINTER - FlsListHead: LIST_ENTRY32, - FlsBitmap: ULONG, // WOW64_POINTER - FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::<ULONG>() * 8)], - FlsHighIndex: ULONG, - WerRegistrationData: ULONG, // WOW64_POINTER - WerShipAssertPtr: ULONG, // WOW64_POINTER - pContextData: ULONG, // WOW64_POINTER - pImageHeaderHash: ULONG, // WOW64_POINTER - TracingFlags: ULONG, - CsrServerReadOnlySharedMemoryBase: ULONGLONG, - TppWorkerpListLock: ULONG, // WOW64_POINTER - TppWorkerpList: LIST_ENTRY32, - WaitOnAddressHashTable: [ULONG; 128], // WOW64_POINTER - TelemetryCoverageHeader: ULONG, // WOW64_POINTER - CloudFileFlags: ULONG, - CloudFileDiagFlags: ULONG, - PlaceholderCompatibilityMode: CHAR, - PlaceholderCompatibilityModeReserved: [CHAR; 7], -}} -BITFIELD!{PEB32 BitField: BOOLEAN [ - ImageUsesLargePages set_ImageUsesLargePages[0..1], - IsProtectedProcess set_IsProtectedProcess[1..2], - IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3], - SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4], - IsPackagedProcess set_IsPackagedProcess[4..5], - IsAppContainer set_IsAppContainer[5..6], - IsProtectedProcessLight set_IsProtectedProcessLight[6..7], - IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8], -]} -BITFIELD!{PEB32 CrossProcessFlags: ULONG [ - ProcessInJob set_ProcessInJob[0..1], - ProcessInitializing set_ProcessInitializing[1..2], - ProcessUsingVEH set_ProcessUsingVEH[2..3], - ProcessUsingVCH set_ProcessUsingVCH[3..4], - ProcessUsingFTH set_ProcessUsingFTH[4..5], - ReservedBits0 set_ReservedBits0[5..32], -]} -BITFIELD!{PEB32 TracingFlags: ULONG [ - HeapTracingEnabled set_HeapTracingEnabled[0..1], - CritSecTracingEnabled set_CritSecTracingEnabled[1..2], - LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3], - SpareTracingBits set_SpareTracingBits[3..32], -]} -pub type PPEB32 = *mut PEB32; -pub const GDI_BATCH_BUFFER_SIZE: usize = 310; -STRUCT!{struct GDI_TEB_BATCH32 { - Offset: ULONG, - HDC: ULONG, - Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE], -}} -pub type PGDI_TEB_BATCH32 = *mut GDI_TEB_BATCH32; -STRUCT!{struct TEB32_u_s { - ReservedPad0: UCHAR, - ReservedPad1: UCHAR, - ReservedPad2: UCHAR, - IdealProcessor: UCHAR, -}} -UNION!{union TEB32_u { - CurrentIdealProcessor: PROCESSOR_NUMBER, - IdealProcessorValue: ULONG, - s: TEB32_u_s, -}} -STRUCT!{struct TEB32 { - NtTib: NT_TIB32, - EnvironmentPointer: ULONG, // WOW64_POINTER - ClientId: CLIENT_ID32, - ActiveRpcHandle: ULONG, // WOW64_POINTER - ThreadLocalStoragePointer: ULONG, // WOW64_POINTER - ProcessEnvironmentBlock: ULONG, // WOW64_POINTER - LastErrorValue: ULONG, - CountOfOwnedCriticalSections: ULONG, - CsrClientThread: ULONG, // WOW64_POINTER - Win32ThreadInfo: ULONG, // WOW64_POINTER - User32Reserved: [ULONG; 26], - UserReserved: [ULONG; 5], - WOW32Reserved: ULONG, // WOW64_POINTER - CurrentLocale: LCID, - FpSoftwareStatusRegister: ULONG, - ReservedForDebuggerInstrumentation: [ULONG; 16], // WOW64_POINTER - SystemReserved1: [ULONG; 36], // WOW64_POINTER - WorkingOnBehalfTicket: [UCHAR; 8], - ExceptionCode: NTSTATUS, - ActivationContextStackPointer: ULONG, // WOW64_POINTER - InstrumentationCallbackSp: ULONG, - InstrumentationCallbackPreviousPc: ULONG, - InstrumentationCallbackPreviousSp: ULONG, - InstrumentationCallbackDisabled: BOOLEAN, - SpareBytes: [UCHAR; 23], - TxFsContext: ULONG, - GdiTebBatch: GDI_TEB_BATCH32, - RealClientId: CLIENT_ID32, - GdiCachedProcessHandle: ULONG, // WOW64_POINTER - GdiClientPID: ULONG, - GdiClientTID: ULONG, - GdiThreadLocalInfo: ULONG, // WOW64_POINTER - Win32ClientInfo: [ULONG; 62], - glDispatchTable: [ULONG; 233], // WOW64_POINTER - glReserved1: [ULONG; 29], // WOW64_POINTER - glReserved2: ULONG, // WOW64_POINTER - glSectionInfo: ULONG, // WOW64_POINTER - glSection: ULONG, // WOW64_POINTER - glTable: ULONG, // WOW64_POINTER - glCurrentRC: ULONG, // WOW64_POINTER - glContext: ULONG, // WOW64_POINTER - LastStatusValue: NTSTATUS, - StaticUnicodeString: UNICODE_STRING32, - StaticUnicodeBuffer: [WCHAR; 261], - DeallocationStack: ULONG, // WOW64_POINTER - TlsSlots: [ULONG; 64], // WOW64_POINTER - TlsLinks: LIST_ENTRY32, - Vdm: ULONG, // WOW64_POINTER - ReservedForNtRpc: ULONG, // WOW64_POINTER - DbgSsReserved: [ULONG; 2], // WOW64_POINTER - HardErrorMode: ULONG, - Instrumentation: [ULONG; 9], // WOW64_POINTER - ActivityId: GUID, - SubProcessTag: ULONG, // WOW64_POINTER - PerflibData: ULONG, // WOW64_POINTER - EtwTraceData: ULONG, // WOW64_POINTER - WinSockData: ULONG, // WOW64_POINTER - GdiBatchCount: ULONG, - u: TEB32_u, - GuaranteedStackBytes: ULONG, - ReservedForPerf: ULONG, // WOW64_POINTER - ReservedForOle: ULONG, // WOW64_POINTER - WaitingOnLoaderLock: ULONG, - SavedPriorityState: ULONG, // WOW64_POINTER - ReservedForCodeCoverage: ULONG, - ThreadPoolData: ULONG, // WOW64_POINTER - TlsExpansionSlots: ULONG, // WOW64_POINTER - MuiGeneration: ULONG, - IsImpersonating: ULONG, - NlsCache: ULONG, // WOW64_POINTER - pShimData: ULONG, // WOW64_POINTER - HeapVirtualAffinity: USHORT, - LowFragHeapDataSlot: USHORT, - CurrentTransactionHandle: ULONG, // WOW64_POINTER - ActiveFrame: ULONG, // WOW64_POINTER - FlsData: ULONG, // WOW64_POINTER - PreferredLanguages: ULONG, // WOW64_POINTER - UserPrefLanguages: ULONG, // WOW64_POINTER - MergedPrefLanguages: ULONG, // WOW64_POINTER - MuiImpersonation: ULONG, - CrossTebFlags: USHORT, - SameTebFlags: USHORT, - TxnScopeEnterCallback: ULONG, // WOW64_POINTER - TxnScopeExitCallback: ULONG, // WOW64_POINTER - TxnScopeContext: ULONG, // WOW64_POINTER - LockCount: ULONG, - WowTebOffset: LONG, - ResourceRetValue: ULONG, // WOW64_POINTER - ReservedForWdf: ULONG, // WOW64_POINTER - ReservedForCrt: ULONGLONG, - EffectiveContainerId: GUID, -}} -BITFIELD!{TEB32 SameTebFlags: USHORT [ - SafeThunkCall set_SafeThunkCall[0..1], - InDebugPrint set_InDebugPrint[1..2], - HasFiberData set_HasFiberData[2..3], - SkipThreadAttach set_SkipThreadAttach[3..4], - WerInShipAssertCode set_WerInShipAssertCode[4..5], - RanProcessInit set_RanProcessInit[5..6], - ClonedThread set_ClonedThread[6..7], - SuppressDebugMsg set_SuppressDebugMsg[7..8], - DisableUserStackWalk set_DisableUserStackWalk[8..9], - RtlExceptionAttached set_RtlExceptionAttached[9..10], - InitialThread set_InitialThread[10..11], - SessionAware set_SessionAware[11..12], - LoadOwner set_LoadOwner[12..13], - LoaderWorker set_LoaderWorker[13..14], - SpareSameTebBits set_SpareSameTebBits[14..16], -]} -pub type PTEB32 = *mut TEB32; -#[inline] -pub fn UStr32ToUStr( - Destination: &mut UNICODE_STRING, - Source: &UNICODE_STRING32, -) { - Destination.Length = Source.Length; - Destination.MaximumLength = Source.MaximumLength; - Destination.Buffer = Source.Buffer as *mut u16; -} -#[inline] -pub fn UStrToUStr32( - Destination: &mut UNICODE_STRING32, - Source: &UNICODE_STRING, -) { - Destination.Length = Source.Length; - Destination.MaximumLength = Source.MaximumLength; - Destination.Buffer = Source.Buffer as u32; -} diff --git a/vendor/ntapi/src/ntxcapi.rs b/vendor/ntapi/src/ntxcapi.rs deleted file mode 100644 index 56644dd51..000000000 --- a/vendor/ntapi/src/ntxcapi.rs +++ /dev/null @@ -1,29 +0,0 @@ -use winapi::shared::ntdef::{BOOLEAN, NTSTATUS, PSTR, PVOID, ULONG}; -use winapi::um::winnt::{PCONTEXT, PEXCEPTION_RECORD}; -EXTERN!{extern "system" { - fn RtlDispatchException( - ExceptionRecord: PEXCEPTION_RECORD, - ContextRecord: PCONTEXT, - ) -> BOOLEAN; - fn RtlRaiseStatus( - Status: NTSTATUS, - ); - fn RtlRaiseException( - ExceptionRecord: PEXCEPTION_RECORD, - ); - fn NtContinue( - ContextRecord: PCONTEXT, - TestAlert: BOOLEAN, - ) -> NTSTATUS; - fn NtRaiseException( - ExceptionRecord: PEXCEPTION_RECORD, - ContextRecord: PCONTEXT, - FirstChance: BOOLEAN, - ) -> NTSTATUS; - fn RtlAssert( - VoidFailedAssertion: PVOID, - VoidFileName: PVOID, - LineNumber: ULONG, - MutableMessage: PSTR, - ); -}} diff --git a/vendor/ntapi/src/ntzwapi.rs b/vendor/ntapi/src/ntzwapi.rs deleted file mode 100644 index 9638bf836..000000000 --- a/vendor/ntapi/src/ntzwapi.rs +++ /dev/null @@ -1,2699 +0,0 @@ -use crate::ntapi_base::{PCLIENT_ID, PRTL_ATOM, RTL_ATOM}; -use crate::ntdbg::DEBUGOBJECTINFOCLASS; -use crate::ntexapi::{ - ATOM_INFORMATION_CLASS, EVENT_INFORMATION_CLASS, MUTANT_INFORMATION_CLASS, PBOOT_ENTRY, - PBOOT_OPTIONS, PCWNF_TYPE_ID, PEFI_DRIVER_ENTRY, PFILE_PATH, PT2_CANCEL_PARAMETERS, - PT2_SET_PARAMETERS, PTIMER_APC_ROUTINE, PWNF_CHANGE_STAMP, PWNF_DELIVERY_DESCRIPTOR, - SEMAPHORE_INFORMATION_CLASS, SHUTDOWN_ACTION, SYSDBG_COMMAND, SYSTEM_INFORMATION_CLASS, - TIMER_INFORMATION_CLASS, TIMER_SET_INFORMATION_CLASS, WNF_CHANGE_STAMP, WNF_DATA_SCOPE, - WNF_STATE_NAME_INFORMATION, WNF_STATE_NAME_LIFETIME, WORKERFACTORYINFOCLASS, -}; -use crate::ntioapi::{ - FILE_INFORMATION_CLASS, FILE_IO_COMPLETION_INFORMATION, FS_INFORMATION_CLASS, - IO_COMPLETION_INFORMATION_CLASS, IO_SESSION_EVENT, IO_SESSION_STATE, PFILE_BASIC_INFORMATION, - PFILE_IO_COMPLETION_INFORMATION, PFILE_NETWORK_OPEN_INFORMATION, PIO_APC_ROUTINE, - PIO_STATUS_BLOCK, -}; -use crate::ntkeapi::KPROFILE_SOURCE; -use crate::ntlpcapi::{ - ALPC_HANDLE, ALPC_MESSAGE_INFORMATION_CLASS, ALPC_PORT_INFORMATION_CLASS, PALPC_CONTEXT_ATTR, - PALPC_DATA_VIEW_ATTR, PALPC_HANDLE, PALPC_MESSAGE_ATTRIBUTES, PALPC_PORT_ATTRIBUTES, - PALPC_SECURITY_ATTR, PORT_INFORMATION_CLASS, PPORT_MESSAGE, PPORT_VIEW, PREMOTE_PORT_VIEW, -}; -use crate::ntmisc::VDMSERVICECLASS; -use crate::ntmmapi::{ - MEMORY_INFORMATION_CLASS, MEMORY_PARTITION_INFORMATION_CLASS, PMEMORY_RANGE_ENTRY, - SECTION_INFORMATION_CLASS, SECTION_INHERIT, VIRTUAL_MEMORY_INFORMATION_CLASS, -}; -use crate::ntobapi::OBJECT_INFORMATION_CLASS; -use crate::ntpnpapi::{PLUGPLAY_CONTROL_CLASS, PPLUGPLAY_EVENT_BLOCK}; -use crate::ntpsapi::{ - MEMORY_RESERVE_TYPE, PINITIAL_TEB, PPS_APC_ROUTINE, PPS_ATTRIBUTE_LIST, PPS_CREATE_INFO, - PROCESSINFOCLASS, THREADINFOCLASS, -}; -use crate::ntregapi::{ - KEY_INFORMATION_CLASS, KEY_SET_INFORMATION_CLASS, KEY_VALUE_INFORMATION_CLASS, - PKEY_VALUE_ENTRY, -}; -use crate::ntseapi::PTOKEN_SECURITY_ATTRIBUTES_INFORMATION; -use winapi::shared::basetsd::{ - KAFFINITY, PSIZE_T, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR, -}; -use winapi::shared::guiddef::LPGUID; -use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION}; -use winapi::shared::ntdef::{ - BOOLEAN, EVENT_TYPE, HANDLE, LANGID, LCID, LOGICAL, LONG, NTSTATUS, OBJECT_ATTRIBUTES, - PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE, PLARGE_INTEGER, PLCID, PLONG, - PLUID, PNTSTATUS, POBJECT_ATTRIBUTES, PUCHAR, PULARGE_INTEGER, PULONG, PULONGLONG, - PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE, ULONG, USHORT, VOID, - WAIT_TYPE, -}; -use winapi::um::winnt::{ - ACCESS_MASK, AUDIT_EVENT_TYPE, ENLISTMENT_INFORMATION_CLASS, EXECUTION_STATE, - JOBOBJECTINFOCLASS, KTMOBJECT_TYPE, LATENCY_TIME, PACCESS_MASK, PCONTEXT, PDEVICE_POWER_STATE, - PEXCEPTION_RECORD, PFILE_SEGMENT_ELEMENT, PGENERIC_MAPPING, PJOB_SET_ARRAY, PKTMOBJECT_CURSOR, - POBJECT_TYPE_LIST, POWER_ACTION, POWER_INFORMATION_LEVEL, PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, - PSECURITY_QUALITY_OF_SERVICE, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES, - PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER, - PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, - RESOURCEMANAGER_INFORMATION_CLASS, SECURITY_INFORMATION, SE_SIGNING_LEVEL, SYSTEM_POWER_STATE, - TOKEN_INFORMATION_CLASS, TOKEN_TYPE, TRANSACTIONMANAGER_INFORMATION_CLASS, - TRANSACTION_INFORMATION_CLASS, -}; -EXTERN!{extern "system" { - fn ZwAcceptConnectPort( - PortHandle: PHANDLE, - PortContext: PVOID, - ConnectionRequest: PPORT_MESSAGE, - AcceptConnection: BOOLEAN, - ServerView: PPORT_VIEW, - ClientView: PREMOTE_PORT_VIEW, - ) -> NTSTATUS; - fn ZwAccessCheck( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ClientToken: HANDLE, - DesiredAccess: ACCESS_MASK, - GenericMapping: PGENERIC_MAPPING, - PrivilegeSet: PPRIVILEGE_SET, - PrivilegeSetLength: PULONG, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - ) -> NTSTATUS; - fn ZwAccessCheckAndAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - ObjectTypeName: PUNICODE_STRING, - ObjectName: PUNICODE_STRING, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - DesiredAccess: ACCESS_MASK, - GenericMapping: PGENERIC_MAPPING, - ObjectCreation: BOOLEAN, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - GenerateOnClose: PBOOLEAN, - ) -> NTSTATUS; - fn ZwAccessCheckByType( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - PrincipalSelfSid: PSID, - ClientToken: HANDLE, - DesiredAccess: ACCESS_MASK, - ObjectTypeList: POBJECT_TYPE_LIST, - ObjectTypeListLength: ULONG, - GenericMapping: PGENERIC_MAPPING, - PrivilegeSet: PPRIVILEGE_SET, - PrivilegeSetLength: PULONG, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - ) -> NTSTATUS; - fn ZwAccessCheckByTypeAndAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - ObjectTypeName: PUNICODE_STRING, - ObjectName: PUNICODE_STRING, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - PrincipalSelfSid: PSID, - DesiredAccess: ACCESS_MASK, - AuditType: AUDIT_EVENT_TYPE, - Flags: ULONG, - ObjectTypeList: POBJECT_TYPE_LIST, - ObjectTypeListLength: ULONG, - GenericMapping: PGENERIC_MAPPING, - ObjectCreation: BOOLEAN, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - GenerateOnClose: PBOOLEAN, - ) -> NTSTATUS; - fn ZwAccessCheckByTypeResultList( - SecurityDescriptor: PSECURITY_DESCRIPTOR, - PrincipalSelfSid: PSID, - ClientToken: HANDLE, - DesiredAccess: ACCESS_MASK, - ObjectTypeList: POBJECT_TYPE_LIST, - ObjectTypeListLength: ULONG, - GenericMapping: PGENERIC_MAPPING, - PrivilegeSet: PPRIVILEGE_SET, - PrivilegeSetLength: PULONG, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - ) -> NTSTATUS; - fn ZwAccessCheckByTypeResultListAndAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - ObjectTypeName: PUNICODE_STRING, - ObjectName: PUNICODE_STRING, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - PrincipalSelfSid: PSID, - DesiredAccess: ACCESS_MASK, - AuditType: AUDIT_EVENT_TYPE, - Flags: ULONG, - ObjectTypeList: POBJECT_TYPE_LIST, - ObjectTypeListLength: ULONG, - GenericMapping: PGENERIC_MAPPING, - ObjectCreation: BOOLEAN, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - GenerateOnClose: PBOOLEAN, - ) -> NTSTATUS; - fn ZwAccessCheckByTypeResultListAndAuditAlarmByHandle( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - ClientToken: HANDLE, - ObjectTypeName: PUNICODE_STRING, - ObjectName: PUNICODE_STRING, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - PrincipalSelfSid: PSID, - DesiredAccess: ACCESS_MASK, - AuditType: AUDIT_EVENT_TYPE, - Flags: ULONG, - ObjectTypeList: POBJECT_TYPE_LIST, - ObjectTypeListLength: ULONG, - GenericMapping: PGENERIC_MAPPING, - ObjectCreation: BOOLEAN, - GrantedAccess: PACCESS_MASK, - AccessStatus: PNTSTATUS, - GenerateOnClose: PBOOLEAN, - ) -> NTSTATUS; - fn ZwAcquireCMFViewOwnership( - TimeStamp: PULONGLONG, - tokenTaken: PBOOLEAN, - replaceExisting: BOOLEAN, - ) -> NTSTATUS; - fn ZwAddAtom( - AtomName: PWSTR, - Length: ULONG, - Atom: PRTL_ATOM, - ) -> NTSTATUS; - fn ZwAddAtomEx( - AtomName: PWSTR, - Length: ULONG, - Atom: PRTL_ATOM, - Flags: ULONG, - ) -> NTSTATUS; - fn ZwAddBootEntry( - BootEntry: PBOOT_ENTRY, - Id: PULONG, - ) -> NTSTATUS; - fn ZwAddDriverEntry( - DriverEntry: PEFI_DRIVER_ENTRY, - Id: PULONG, - ) -> NTSTATUS; - fn ZwAdjustGroupsToken( - TokenHandle: HANDLE, - ResetToDefault: BOOLEAN, - NewState: PTOKEN_GROUPS, - BufferLength: ULONG, - PreviousState: PTOKEN_GROUPS, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwAdjustPrivilegesToken( - TokenHandle: HANDLE, - DisableAllPrivileges: BOOLEAN, - NewState: PTOKEN_PRIVILEGES, - BufferLength: ULONG, - PreviousState: PTOKEN_PRIVILEGES, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwAdjustTokenClaimsAndDeviceGroups( - TokenHandle: HANDLE, - UserResetToDefault: BOOLEAN, - DeviceResetToDefault: BOOLEAN, - DeviceGroupsResetToDefault: BOOLEAN, - NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - NewDeviceGroupsState: PTOKEN_GROUPS, - UserBufferLength: ULONG, - PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - DeviceBufferLength: ULONG, - PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - DeviceGroupsBufferLength: ULONG, - PreviousDeviceGroups: PTOKEN_GROUPS, - UserReturnLength: PULONG, - DeviceReturnLength: PULONG, - DeviceGroupsReturnBufferLength: PULONG, - ) -> NTSTATUS; - fn ZwAlertResumeThread( - ThreadHandle: HANDLE, - PreviousSuspendCount: PULONG, - ) -> NTSTATUS; - fn ZwAlertThread( - ThreadHandle: HANDLE, - ) -> NTSTATUS; - fn ZwAlertThreadByThreadId( - ThreadId: HANDLE, - ) -> NTSTATUS; - fn ZwAllocateLocallyUniqueId( - Luid: PLUID, - ) -> NTSTATUS; - fn ZwAllocateReserveObject( - MemoryReserveHandle: PHANDLE, - ObjectAttributes: POBJECT_ATTRIBUTES, - Type: MEMORY_RESERVE_TYPE, - ) -> NTSTATUS; - fn ZwAllocateUserPhysicalPages( - ProcessHandle: HANDLE, - NumberOfPages: PULONG_PTR, - UserPfnArray: PULONG_PTR, - ) -> NTSTATUS; - fn ZwAllocateUuids( - Time: PULARGE_INTEGER, - Range: PULONG, - Sequence: PULONG, - Seed: PCHAR, - ) -> NTSTATUS; - fn ZwAllocateVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: *mut PVOID, - ZeroBits: ULONG_PTR, - RegionSize: PSIZE_T, - AllocationType: ULONG, - Protect: ULONG, - ) -> NTSTATUS; - fn ZwAlpcAcceptConnectPort( - PortHandle: PHANDLE, - ConnectionPortHandle: HANDLE, - Flags: ULONG, - ObjectAttributes: POBJECT_ATTRIBUTES, - PortAttributes: PALPC_PORT_ATTRIBUTES, - PortContext: PVOID, - ConnectionRequest: PPORT_MESSAGE, - ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - AcceptConnection: BOOLEAN, - ) -> NTSTATUS; - fn ZwAlpcCancelMessage( - PortHandle: HANDLE, - Flags: ULONG, - MessageContext: PALPC_CONTEXT_ATTR, - ) -> NTSTATUS; - fn ZwAlpcConnectPort( - PortHandle: PHANDLE, - PortName: PUNICODE_STRING, - ObjectAttributes: POBJECT_ATTRIBUTES, - PortAttributes: PALPC_PORT_ATTRIBUTES, - Flags: ULONG, - RequiredServerSid: PSID, - ConnectionMessage: PPORT_MESSAGE, - BufferLength: PULONG, - OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwAlpcConnectPortEx( - PortHandle: PHANDLE, - ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES, - ClientPortObjectAttributes: POBJECT_ATTRIBUTES, - PortAttributes: PALPC_PORT_ATTRIBUTES, - Flags: ULONG, - ServerSecurityRequirements: PSECURITY_DESCRIPTOR, - ConnectionMessage: PPORT_MESSAGE, - BufferLength: PSIZE_T, - OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwAlpcCreatePort( - PortHandle: PHANDLE, - ObjectAttributes: POBJECT_ATTRIBUTES, - PortAttributes: PALPC_PORT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwAlpcCreatePortSection( - PortHandle: HANDLE, - Flags: ULONG, - SectionHandle: HANDLE, - SectionSize: SIZE_T, - AlpcSectionHandle: PALPC_HANDLE, - ActualSectionSize: PSIZE_T, - ) -> NTSTATUS; - fn ZwAlpcCreateResourceReserve( - PortHandle: HANDLE, - Flags: ULONG, - MessageSize: SIZE_T, - ResourceId: PALPC_HANDLE, - ) -> NTSTATUS; - fn ZwAlpcCreateSectionView( - PortHandle: HANDLE, - Flags: ULONG, - ViewAttributes: PALPC_DATA_VIEW_ATTR, - ) -> NTSTATUS; - fn ZwAlpcCreateSecurityContext( - PortHandle: HANDLE, - Flags: ULONG, - SecurityAttribute: PALPC_SECURITY_ATTR, - ) -> NTSTATUS; - fn ZwAlpcDeletePortSection( - PortHandle: HANDLE, - Flags: ULONG, - SectionHandle: ALPC_HANDLE, - ) -> NTSTATUS; - fn ZwAlpcDeleteResourceReserve( - PortHandle: HANDLE, - Flags: ULONG, - ResourceId: ALPC_HANDLE, - ) -> NTSTATUS; - fn ZwAlpcDeleteSectionView( - PortHandle: HANDLE, - Flags: ULONG, - ViewBase: PVOID, - ) -> NTSTATUS; - fn ZwAlpcDeleteSecurityContext( - PortHandle: HANDLE, - Flags: ULONG, - ContextHandle: ALPC_HANDLE, - ) -> NTSTATUS; - fn ZwAlpcDisconnectPort( - PortHandle: HANDLE, - Flags: ULONG, - ) -> NTSTATUS; - fn ZwAlpcImpersonateClientContainerOfPort( - PortHandle: HANDLE, - Message: PPORT_MESSAGE, - Flags: ULONG, - ) -> NTSTATUS; - fn ZwAlpcImpersonateClientOfPort( - PortHandle: HANDLE, - Message: PPORT_MESSAGE, - Flags: PVOID, - ) -> NTSTATUS; - fn ZwAlpcOpenSenderProcess( - ProcessHandle: PHANDLE, - PortHandle: HANDLE, - PortMessage: PPORT_MESSAGE, - Flags: ULONG, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwAlpcOpenSenderThread( - ThreadHandle: PHANDLE, - PortHandle: HANDLE, - PortMessage: PPORT_MESSAGE, - Flags: ULONG, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwAlpcQueryInformation( - PortHandle: HANDLE, - PortInformationClass: ALPC_PORT_INFORMATION_CLASS, - PortInformation: PVOID, - Length: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwAlpcQueryInformationMessage( - PortHandle: HANDLE, - PortMessage: PPORT_MESSAGE, - MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS, - MessageInformation: PVOID, - Length: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwAlpcRevokeSecurityContext( - PortHandle: HANDLE, - Flags: ULONG, - ContextHandle: ALPC_HANDLE, - ) -> NTSTATUS; - fn ZwAlpcSendWaitReceivePort( - PortHandle: HANDLE, - Flags: ULONG, - SendMessageA: PPORT_MESSAGE, - SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - ReceiveMessage: PPORT_MESSAGE, - BufferLength: PSIZE_T, - ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwAlpcSetInformation( - PortHandle: HANDLE, - PortInformationClass: ALPC_PORT_INFORMATION_CLASS, - PortInformation: PVOID, - Length: ULONG, - ) -> NTSTATUS; - fn ZwAreMappedFilesTheSame( - File1MappedAsAnImage: PVOID, - File2MappedAsFile: PVOID, - ) -> NTSTATUS; - fn ZwAssignProcessToJobObject( - JobHandle: HANDLE, - ProcessHandle: HANDLE, - ) -> NTSTATUS; - fn ZwAssociateWaitCompletionPacket( - WaitCompletionPacketHandle: HANDLE, - IoCompletionHandle: HANDLE, - TargetObjectHandle: HANDLE, - KeyContext: PVOID, - ApcContext: PVOID, - IoStatus: NTSTATUS, - IoStatusInformation: ULONG_PTR, - AlreadySignaled: PBOOLEAN, - ) -> NTSTATUS; - fn ZwCallbackReturn( - OutputBuffer: PVOID, - OutputLength: ULONG, - Status: NTSTATUS, - ) -> NTSTATUS; - fn ZwCancelIoFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - ) -> NTSTATUS; - fn ZwCancelIoFileEx( - FileHandle: HANDLE, - IoRequestToCancel: PIO_STATUS_BLOCK, - IoStatusBlock: PIO_STATUS_BLOCK, - ) -> NTSTATUS; - fn ZwCancelSynchronousIoFile( - ThreadHandle: HANDLE, - IoRequestToCancel: PIO_STATUS_BLOCK, - IoStatusBlock: PIO_STATUS_BLOCK, - ) -> NTSTATUS; - fn ZwCancelTimer( - TimerHandle: HANDLE, - CurrentState: PBOOLEAN, - ) -> NTSTATUS; - fn ZwCancelTimer2( - TimerHandle: HANDLE, - Parameters: PT2_CANCEL_PARAMETERS, - ) -> NTSTATUS; - fn ZwCancelWaitCompletionPacket( - WaitCompletionPacketHandle: HANDLE, - RemoveSignaledPacket: BOOLEAN, - ) -> NTSTATUS; - fn ZwClearEvent( - EventHandle: HANDLE, - ) -> NTSTATUS; - fn ZwClose( - Handle: HANDLE, - ) -> NTSTATUS; - fn ZwCloseObjectAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - GenerateOnClose: BOOLEAN, - ) -> NTSTATUS; - fn ZwCommitComplete( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwCommitEnlistment( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwCommitTransaction( - TransactionHandle: HANDLE, - Wait: BOOLEAN, - ) -> NTSTATUS; - fn ZwCompactKeys( - Count: ULONG, - KeyArray: *mut HANDLE, - ) -> NTSTATUS; - fn ZwCompareObjects( - FirstObjectHandle: HANDLE, - SecondObjectHandle: HANDLE, - ) -> NTSTATUS; - fn ZwCompareTokens( - FirstTokenHandle: HANDLE, - SecondTokenHandle: HANDLE, - Equal: PBOOLEAN, - ) -> NTSTATUS; - fn ZwCompleteConnectPort( - PortHandle: HANDLE, - ) -> NTSTATUS; - fn ZwCompressKey( - Key: HANDLE, - ) -> NTSTATUS; - fn ZwConnectPort( - PortHandle: PHANDLE, - PortName: PUNICODE_STRING, - SecurityQos: PSECURITY_QUALITY_OF_SERVICE, - ClientView: PPORT_VIEW, - ServerView: PREMOTE_PORT_VIEW, - MaxMessageLength: PULONG, - ConnectionInformation: PVOID, - ConnectionInformationLength: PULONG, - ) -> NTSTATUS; - fn ZwContinue( - ContextRecord: PCONTEXT, - TestAlert: BOOLEAN, - ) -> NTSTATUS; - fn ZwCreateDebugObject( - DebugObjectHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - Flags: ULONG, - ) -> NTSTATUS; - fn ZwCreateDirectoryObject( - DirectoryHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwCreateDirectoryObjectEx( - DirectoryHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ShadowDirectoryHandle: HANDLE, - Flags: ULONG, - ) -> NTSTATUS; - fn ZwCreateEnlistment( - EnlistmentHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ResourceManagerHandle: HANDLE, - TransactionHandle: HANDLE, - ObjectAttributes: POBJECT_ATTRIBUTES, - CreateOptions: ULONG, - NotificationMask: NOTIFICATION_MASK, - EnlistmentKey: PVOID, - ) -> NTSTATUS; - fn ZwCreateEvent( - EventHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - EventType: EVENT_TYPE, - InitialState: BOOLEAN, - ) -> NTSTATUS; - fn ZwCreateEventPair( - EventPairHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwCreateFile( - FileHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - IoStatusBlock: PIO_STATUS_BLOCK, - AllocationSize: PLARGE_INTEGER, - FileAttributes: ULONG, - ShareAccess: ULONG, - CreateDisposition: ULONG, - CreateOptions: ULONG, - EaBuffer: PVOID, - EaLength: ULONG, - ) -> NTSTATUS; - fn ZwCreateIRTimer( - TimerHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ) -> NTSTATUS; - fn ZwCreateIoCompletion( - IoCompletionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - Count: ULONG, - ) -> NTSTATUS; - fn ZwCreateJobObject( - JobHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwCreateJobSet( - NumJob: ULONG, - UserJobSet: PJOB_SET_ARRAY, - Flags: ULONG, - ) -> NTSTATUS; - fn ZwCreateKey( - KeyHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - TitleIndex: ULONG, - Class: PUNICODE_STRING, - CreateOptions: ULONG, - Disposition: PULONG, - ) -> NTSTATUS; - fn ZwCreateKeyTransacted( - KeyHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - TitleIndex: ULONG, - Class: PUNICODE_STRING, - CreateOptions: ULONG, - TransactionHandle: HANDLE, - Disposition: PULONG, - ) -> NTSTATUS; - fn ZwCreateKeyedEvent( - KeyedEventHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - Flags: ULONG, - ) -> NTSTATUS; - fn ZwCreateLowBoxToken( - TokenHandle: PHANDLE, - ExistingTokenHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - PackageSid: PSID, - CapabilityCount: ULONG, - Capabilities: PSID_AND_ATTRIBUTES, - HandleCount: ULONG, - Handles: *mut HANDLE, - ) -> NTSTATUS; - fn ZwCreateMailslotFile( - FileHandle: PHANDLE, - DesiredAccess: ULONG, - ObjectAttributes: POBJECT_ATTRIBUTES, - IoStatusBlock: PIO_STATUS_BLOCK, - CreateOptions: ULONG, - MailslotQuota: ULONG, - MaximumMessageSize: ULONG, - ReadTimeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwCreateMutant( - MutantHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - InitialOwner: BOOLEAN, - ) -> NTSTATUS; - fn ZwCreateNamedPipeFile( - FileHandle: PHANDLE, - DesiredAccess: ULONG, - ObjectAttributes: POBJECT_ATTRIBUTES, - IoStatusBlock: PIO_STATUS_BLOCK, - ShareAccess: ULONG, - CreateDisposition: ULONG, - CreateOptions: ULONG, - NamedPipeType: ULONG, - ReadMode: ULONG, - CompletionMode: ULONG, - MaximumInstances: ULONG, - InboundQuota: ULONG, - OutboundQuota: ULONG, - DefaultTimeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwCreatePagingFile( - PageFileName: PUNICODE_STRING, - MinimumSize: PLARGE_INTEGER, - MaximumSize: PLARGE_INTEGER, - Priority: ULONG, - ) -> NTSTATUS; - fn ZwCreatePartition( - PartitionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - PreferredNode: ULONG, - ) -> NTSTATUS; - fn ZwCreatePort( - PortHandle: PHANDLE, - ObjectAttributes: POBJECT_ATTRIBUTES, - MaxConnectionInfoLength: ULONG, - MaxMessageLength: ULONG, - MaxPoolUsage: ULONG, - ) -> NTSTATUS; - fn ZwCreatePrivateNamespace( - NamespaceHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - BoundaryDescriptor: PVOID, - ) -> NTSTATUS; - fn ZwCreateProcess( - ProcessHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ParentProcess: HANDLE, - InheritObjectTable: BOOLEAN, - SectionHandle: HANDLE, - DebugPort: HANDLE, - ExceptionPort: HANDLE, - ) -> NTSTATUS; - fn ZwCreateProcessEx( - ProcessHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ParentProcess: HANDLE, - Flags: ULONG, - SectionHandle: HANDLE, - DebugPort: HANDLE, - ExceptionPort: HANDLE, - JobMemberLevel: ULONG, - ) -> NTSTATUS; - fn ZwCreateProfile( - ProfileHandle: PHANDLE, - Process: HANDLE, - ProfileBase: PVOID, - ProfileSize: SIZE_T, - BucketSize: ULONG, - Buffer: PULONG, - BufferSize: ULONG, - ProfileSource: KPROFILE_SOURCE, - Affinity: KAFFINITY, - ) -> NTSTATUS; - fn ZwCreateProfileEx( - ProfileHandle: PHANDLE, - Process: HANDLE, - ProfileBase: PVOID, - ProfileSize: SIZE_T, - BucketSize: ULONG, - Buffer: PULONG, - BufferSize: ULONG, - ProfileSource: KPROFILE_SOURCE, - GroupCount: USHORT, - GroupAffinity: PGROUP_AFFINITY, - ) -> NTSTATUS; - fn ZwCreateResourceManager( - ResourceManagerHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - TmHandle: HANDLE, - ResourceManagerGuid: LPGUID, - ObjectAttributes: POBJECT_ATTRIBUTES, - CreateOptions: ULONG, - Description: PUNICODE_STRING, - ) -> NTSTATUS; - fn ZwCreateSection( - SectionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - MaximumSize: PLARGE_INTEGER, - SectionPageProtection: ULONG, - AllocationAttributes: ULONG, - FileHandle: HANDLE, - ) -> NTSTATUS; - fn ZwCreateSemaphore( - SemaphoreHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - InitialCount: LONG, - MaximumCount: LONG, - ) -> NTSTATUS; - fn ZwCreateSymbolicLinkObject( - LinkHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - LinkTarget: PUNICODE_STRING, - ) -> NTSTATUS; - fn ZwCreateThread( - ThreadHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ProcessHandle: HANDLE, - ClientId: PCLIENT_ID, - ThreadContext: PCONTEXT, - InitialTeb: PINITIAL_TEB, - CreateSuspended: BOOLEAN, - ) -> NTSTATUS; - fn ZwCreateThreadEx( - ThreadHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ProcessHandle: HANDLE, - StartRoutine: PVOID, - Argument: PVOID, - CreateFlags: ULONG, - ZeroBits: SIZE_T, - StackSize: SIZE_T, - MaximumStackSize: SIZE_T, - AttributeList: PPS_ATTRIBUTE_LIST, - ) -> NTSTATUS; - fn ZwCreateTimer( - TimerHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - TimerType: TIMER_TYPE, - ) -> NTSTATUS; - fn ZwCreateTimer2( - TimerHandle: PHANDLE, - Reserved1: PVOID, - Reserved2: PVOID, - Attributes: ULONG, - DesiredAccess: ACCESS_MASK, - ) -> NTSTATUS; - fn ZwCreateToken( - TokenHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - TokenType: TOKEN_TYPE, - AuthenticationId: PLUID, - ExpirationTime: PLARGE_INTEGER, - User: PTOKEN_USER, - Groups: PTOKEN_GROUPS, - Privileges: PTOKEN_PRIVILEGES, - Owner: PTOKEN_OWNER, - PrimaryGroup: PTOKEN_PRIMARY_GROUP, - DefaultDacl: PTOKEN_DEFAULT_DACL, - TokenSource: PTOKEN_SOURCE, - ) -> NTSTATUS; - fn ZwCreateTokenEx( - TokenHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - TokenType: TOKEN_TYPE, - AuthenticationId: PLUID, - ExpirationTime: PLARGE_INTEGER, - User: PTOKEN_USER, - Groups: PTOKEN_GROUPS, - Privileges: PTOKEN_PRIVILEGES, - UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - DeviceGroups: PTOKEN_GROUPS, - TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY, - Owner: PTOKEN_OWNER, - PrimaryGroup: PTOKEN_PRIMARY_GROUP, - DefaultDacl: PTOKEN_DEFAULT_DACL, - TokenSource: PTOKEN_SOURCE, - ) -> NTSTATUS; - fn ZwCreateTransaction( - TransactionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - Uow: LPGUID, - TmHandle: HANDLE, - CreateOptions: ULONG, - IsolationLevel: ULONG, - IsolationFlags: ULONG, - Timeout: PLARGE_INTEGER, - Description: PUNICODE_STRING, - ) -> NTSTATUS; - fn ZwCreateTransactionManager( - TmHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - LogFileName: PUNICODE_STRING, - CreateOptions: ULONG, - CommitStrength: ULONG, - ) -> NTSTATUS; - fn ZwCreateUserProcess( - ProcessHandle: PHANDLE, - ThreadHandle: PHANDLE, - ProcessDesiredAccess: ACCESS_MASK, - ThreadDesiredAccess: ACCESS_MASK, - ProcessObjectAttributes: POBJECT_ATTRIBUTES, - ThreadObjectAttributes: POBJECT_ATTRIBUTES, - ProcessFlags: ULONG, - ThreadFlags: ULONG, - ProcessParameters: PVOID, - CreateInfo: PPS_CREATE_INFO, - AttributeList: PPS_ATTRIBUTE_LIST, - ) -> NTSTATUS; - fn ZwCreateWaitCompletionPacket( - WaitCompletionPacketHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwCreateWaitablePort( - PortHandle: PHANDLE, - ObjectAttributes: POBJECT_ATTRIBUTES, - MaxConnectionInfoLength: ULONG, - MaxMessageLength: ULONG, - MaxPoolUsage: ULONG, - ) -> NTSTATUS; - fn ZwCreateWnfStateName( - StateName: PWNF_STATE_NAME, - NameLifetime: WNF_STATE_NAME_LIFETIME, - DataScope: WNF_DATA_SCOPE, - PersistData: BOOLEAN, - TypeId: PCWNF_TYPE_ID, - MaximumStateSize: ULONG, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ) -> NTSTATUS; - fn ZwCreateWorkerFactory( - WorkerFactoryHandleReturn: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - CompletionPortHandle: HANDLE, - WorkerProcessHandle: HANDLE, - StartRoutine: PVOID, - StartParameter: PVOID, - MaxThreadCount: ULONG, - StackReserve: SIZE_T, - StackCommit: SIZE_T, - ) -> NTSTATUS; - fn ZwDebugActiveProcess( - ProcessHandle: HANDLE, - DebugObjectHandle: HANDLE, - ) -> NTSTATUS; - fn ZwDebugContinue( - DebugObjectHandle: HANDLE, - ClientId: PCLIENT_ID, - ContinueStatus: NTSTATUS, - ) -> NTSTATUS; - fn ZwDelayExecution( - Alertable: BOOLEAN, - DelayInterval: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwDeleteAtom( - Atom: RTL_ATOM, - ) -> NTSTATUS; - fn ZwDeleteBootEntry( - Id: ULONG, - ) -> NTSTATUS; - fn ZwDeleteDriverEntry( - Id: ULONG, - ) -> NTSTATUS; - fn ZwDeleteFile( - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwDeleteKey( - KeyHandle: HANDLE, - ) -> NTSTATUS; - fn ZwDeleteObjectAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - GenerateOnClose: BOOLEAN, - ) -> NTSTATUS; - fn ZwDeletePrivateNamespace( - NamespaceHandle: HANDLE, - ) -> NTSTATUS; - fn ZwDeleteValueKey( - KeyHandle: HANDLE, - ValueName: PUNICODE_STRING, - ) -> NTSTATUS; - fn ZwDeleteWnfStateData( - StateName: PCWNF_STATE_NAME, - ExplicitScope: *const VOID, - ) -> NTSTATUS; - fn ZwDeleteWnfStateName( - StateName: PCWNF_STATE_NAME, - ) -> NTSTATUS; - fn ZwDeviceIoControlFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - IoControlCode: ULONG, - InputBuffer: PVOID, - InputBufferLength: ULONG, - OutputBuffer: PVOID, - OutputBufferLength: ULONG, - ) -> NTSTATUS; - fn ZwDisableLastKnownGood() -> NTSTATUS; - fn ZwDisplayString( - String: PUNICODE_STRING, - ) -> NTSTATUS; - fn ZwDrawText( - String: PUNICODE_STRING, - ) -> NTSTATUS; - fn ZwDuplicateObject( - SourceProcessHandle: HANDLE, - SourceHandle: HANDLE, - TargetProcessHandle: HANDLE, - TargetHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - HandleAttributes: ULONG, - Options: ULONG, - ) -> NTSTATUS; - fn ZwDuplicateToken( - ExistingTokenHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - EffectiveOnly: BOOLEAN, - TokenType: TOKEN_TYPE, - NewTokenHandle: PHANDLE, - ) -> NTSTATUS; - fn ZwEnableLastKnownGood() -> NTSTATUS; - fn ZwEnumerateBootEntries( - Buffer: PVOID, - BufferLength: PULONG, - ) -> NTSTATUS; - fn ZwEnumerateDriverEntries( - Buffer: PVOID, - BufferLength: PULONG, - ) -> NTSTATUS; - fn ZwEnumerateKey( - KeyHandle: HANDLE, - Index: ULONG, - KeyInformationClass: KEY_INFORMATION_CLASS, - KeyInformation: PVOID, - Length: ULONG, - ResultLength: PULONG, - ) -> NTSTATUS; - fn ZwEnumerateSystemEnvironmentValuesEx( - InformationClass: ULONG, - Buffer: PVOID, - BufferLength: PULONG, - ) -> NTSTATUS; - fn ZwEnumerateTransactionObject( - RootObjectHandle: HANDLE, - QueryType: KTMOBJECT_TYPE, - ObjectCursor: PKTMOBJECT_CURSOR, - ObjectCursorLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwEnumerateValueKey( - KeyHandle: HANDLE, - Index: ULONG, - KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, - KeyValueInformation: PVOID, - Length: ULONG, - ResultLength: PULONG, - ) -> NTSTATUS; - fn ZwExtendSection( - SectionHandle: HANDLE, - NewSectionSize: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwFilterToken( - ExistingTokenHandle: HANDLE, - Flags: ULONG, - SidsToDisable: PTOKEN_GROUPS, - PrivilegesToDelete: PTOKEN_PRIVILEGES, - RestrictedSids: PTOKEN_GROUPS, - NewTokenHandle: PHANDLE, - ) -> NTSTATUS; - fn ZwFilterTokenEx( - ExistingTokenHandle: HANDLE, - Flags: ULONG, - SidsToDisable: PTOKEN_GROUPS, - PrivilegesToDelete: PTOKEN_PRIVILEGES, - RestrictedSids: PTOKEN_GROUPS, - DisableUserClaimsCount: ULONG, - UserClaimsToDisable: PUNICODE_STRING, - DisableDeviceClaimsCount: ULONG, - DeviceClaimsToDisable: PUNICODE_STRING, - DeviceGroupsToDisable: PTOKEN_GROUPS, - RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, - RestrictedDeviceGroups: PTOKEN_GROUPS, - NewTokenHandle: PHANDLE, - ) -> NTSTATUS; - fn ZwFindAtom( - AtomName: PWSTR, - Length: ULONG, - Atom: PRTL_ATOM, - ) -> NTSTATUS; - fn ZwFlushBuffersFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - ) -> NTSTATUS; - fn ZwFlushBuffersFileEx( - FileHandle: HANDLE, - Flags: ULONG, - Parameters: PVOID, - ParametersSize: ULONG, - IoStatusBlock: PIO_STATUS_BLOCK, - ) -> NTSTATUS; - fn ZwFlushInstallUILanguage( - InstallUILanguage: LANGID, - SetComittedFlag: ULONG, - ) -> NTSTATUS; - fn ZwFlushInstructionCache( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - Length: SIZE_T, - ) -> NTSTATUS; - fn ZwFlushKey( - KeyHandle: HANDLE, - ) -> NTSTATUS; - fn ZwFlushProcessWriteBuffers(); - fn ZwFlushWriteBuffer() -> NTSTATUS; - fn ZwFreeUserPhysicalPages( - ProcessHandle: HANDLE, - NumberOfPages: PULONG_PTR, - UserPfnArray: PULONG_PTR, - ) -> NTSTATUS; - fn ZwFreeVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: *mut PVOID, - RegionSize: PSIZE_T, - FreeType: ULONG, - ) -> NTSTATUS; - fn ZwFreezeRegistry( - TimeOutInSeconds: ULONG, - ) -> NTSTATUS; - fn ZwFreezeTransactions( - FreezeTimeout: PLARGE_INTEGER, - ThawTimeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwFsControlFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - FsControlCode: ULONG, - InputBuffer: PVOID, - InputBufferLength: ULONG, - OutputBuffer: PVOID, - OutputBufferLength: ULONG, - ) -> NTSTATUS; - fn ZwGetCachedSigningLevel( - File: HANDLE, - Flags: PULONG, - SigningLevel: PSE_SIGNING_LEVEL, - Thumbprint: PUCHAR, - ThumbprintSize: PULONG, - ThumbprintAlgorithm: PULONG, - ) -> NTSTATUS; - fn ZwGetCompleteWnfStateSubscription( - OldDescriptorStateName: PWNF_STATE_NAME, - OldSubscriptionId: *mut ULONG64, - OldDescriptorEventMask: ULONG, - OldDescriptorStatus: ULONG, - NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR, - DescriptorSize: ULONG, - ) -> NTSTATUS; - fn ZwGetContextThread( - ThreadHandle: HANDLE, - ThreadContext: PCONTEXT, - ) -> NTSTATUS; - fn ZwGetCurrentProcessorNumber() -> ULONG; - fn ZwGetDevicePowerState( - Device: HANDLE, - State: PDEVICE_POWER_STATE, - ) -> NTSTATUS; - fn ZwGetMUIRegistryInfo( - Flags: ULONG, - DataSize: PULONG, - Data: PVOID, - ) -> NTSTATUS; - fn ZwGetNextProcess( - ProcessHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - HandleAttributes: ULONG, - Flags: ULONG, - NewProcessHandle: PHANDLE, - ) -> NTSTATUS; - fn ZwGetNextThread( - ProcessHandle: HANDLE, - ThreadHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - HandleAttributes: ULONG, - Flags: ULONG, - NewThreadHandle: PHANDLE, - ) -> NTSTATUS; - fn ZwGetNlsSectionPtr( - SectionType: ULONG, - SectionData: ULONG, - ContextData: PVOID, - SectionPointer: *mut PVOID, - SectionSize: PULONG, - ) -> NTSTATUS; - fn ZwGetNotificationResourceManager( - ResourceManagerHandle: HANDLE, - TransactionNotification: PTRANSACTION_NOTIFICATION, - NotificationLength: ULONG, - Timeout: PLARGE_INTEGER, - ReturnLength: PULONG, - Asynchronous: ULONG, - AsynchronousContext: ULONG_PTR, - ) -> NTSTATUS; - fn ZwGetPlugPlayEvent( - EventHandle: HANDLE, - Context: PVOID, - EventBlock: PPLUGPLAY_EVENT_BLOCK, - EventBufferSize: ULONG, - ) -> NTSTATUS; - fn ZwGetWriteWatch( - ProcessHandle: HANDLE, - Flags: ULONG, - BaseAddress: PVOID, - RegionSize: SIZE_T, - UserAddressArray: *mut PVOID, - EntriesInUserAddressArray: PULONG_PTR, - Granularity: PULONG, - ) -> NTSTATUS; - fn ZwImpersonateAnonymousToken( - ThreadHandle: HANDLE, - ) -> NTSTATUS; - fn ZwImpersonateClientOfPort( - PortHandle: HANDLE, - Message: PPORT_MESSAGE, - ) -> NTSTATUS; - fn ZwImpersonateThread( - ServerThreadHandle: HANDLE, - ClientThreadHandle: HANDLE, - SecurityQos: PSECURITY_QUALITY_OF_SERVICE, - ) -> NTSTATUS; - fn ZwInitializeNlsFiles( - BaseAddress: *mut PVOID, - DefaultLocaleId: PLCID, - DefaultCasingTableSize: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwInitializeRegistry( - BootCondition: USHORT, - ) -> NTSTATUS; - fn ZwInitiatePowerAction( - SystemAction: POWER_ACTION, - LightestSystemState: SYSTEM_POWER_STATE, - Flags: ULONG, - Asynchronous: BOOLEAN, - ) -> NTSTATUS; - fn ZwIsProcessInJob( - ProcessHandle: HANDLE, - JobHandle: HANDLE, - ) -> NTSTATUS; - fn ZwIsSystemResumeAutomatic() -> BOOLEAN; - fn ZwIsUILanguageComitted() -> NTSTATUS; - fn ZwListenPort( - PortHandle: HANDLE, - ConnectionRequest: PPORT_MESSAGE, - ) -> NTSTATUS; - fn ZwLoadDriver( - DriverServiceName: PUNICODE_STRING, - ) -> NTSTATUS; - fn ZwLoadKey( - TargetKey: POBJECT_ATTRIBUTES, - SourceFile: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwLoadKey2( - TargetKey: POBJECT_ATTRIBUTES, - SourceFile: POBJECT_ATTRIBUTES, - Flags: ULONG, - ) -> NTSTATUS; - fn ZwLoadKeyEx( - TargetKey: POBJECT_ATTRIBUTES, - SourceFile: POBJECT_ATTRIBUTES, - Flags: ULONG, - TrustClassKey: HANDLE, - Event: HANDLE, - DesiredAccess: ACCESS_MASK, - RootHandle: PHANDLE, - IoStatus: PIO_STATUS_BLOCK, - ) -> NTSTATUS; - fn ZwLockFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - ByteOffset: PLARGE_INTEGER, - Length: PLARGE_INTEGER, - Key: ULONG, - FailImmediately: BOOLEAN, - ExclusiveLock: BOOLEAN, - ) -> NTSTATUS; - fn ZwLockProductActivationKeys( - pPrivateVer: *mut ULONG, - pSafeMode: *mut ULONG, - ) -> NTSTATUS; - fn ZwLockRegistryKey( - KeyHandle: HANDLE, - ) -> NTSTATUS; - fn ZwLockVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: *mut PVOID, - RegionSize: PSIZE_T, - MapType: ULONG, - ) -> NTSTATUS; - fn ZwMakePermanentObject( - Handle: HANDLE, - ) -> NTSTATUS; - fn ZwMakeTemporaryObject( - Handle: HANDLE, - ) -> NTSTATUS; - fn ZwManagePartition( - PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS, - PartitionInformation: PVOID, - PartitionInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwMapCMFModule( - What: ULONG, - Index: ULONG, - CacheIndexOut: PULONG, - CacheFlagsOut: PULONG, - ViewSizeOut: PULONG, - BaseAddress: *mut PVOID, - ) -> NTSTATUS; - fn ZwMapUserPhysicalPages( - VirtualAddress: PVOID, - NumberOfPages: ULONG_PTR, - UserPfnArray: PULONG_PTR, - ) -> NTSTATUS; - fn ZwMapUserPhysicalPagesScatter( - VirtualAddresses: *mut PVOID, - NumberOfPages: ULONG_PTR, - UserPfnArray: PULONG_PTR, - ) -> NTSTATUS; - fn ZwMapViewOfSection( - SectionHandle: HANDLE, - ProcessHandle: HANDLE, - BaseAddress: *mut PVOID, - ZeroBits: ULONG_PTR, - CommitSize: SIZE_T, - SectionOffset: PLARGE_INTEGER, - ViewSize: PSIZE_T, - InheritDisposition: SECTION_INHERIT, - AllocationType: ULONG, - Win32Protect: ULONG, - ) -> NTSTATUS; - fn ZwModifyBootEntry( - BootEntry: PBOOT_ENTRY, - ) -> NTSTATUS; - fn ZwModifyDriverEntry( - DriverEntry: PEFI_DRIVER_ENTRY, - ) -> NTSTATUS; - fn ZwNotifyChangeDirectoryFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - CompletionFilter: ULONG, - WatchTree: BOOLEAN, - ) -> NTSTATUS; - fn ZwNotifyChangeKey( - KeyHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - CompletionFilter: ULONG, - WatchTree: BOOLEAN, - Buffer: PVOID, - BufferSize: ULONG, - Asynchronous: BOOLEAN, - ) -> NTSTATUS; - fn ZwNotifyChangeMultipleKeys( - MasterKeyHandle: HANDLE, - Count: ULONG, - SubordinateObjects: *mut OBJECT_ATTRIBUTES, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - CompletionFilter: ULONG, - WatchTree: BOOLEAN, - Buffer: PVOID, - BufferSize: ULONG, - Asynchronous: BOOLEAN, - ) -> NTSTATUS; - fn ZwNotifyChangeSession( - SessionHandle: HANDLE, - ChangeSequenceNumber: ULONG, - ChangeTimeStamp: PLARGE_INTEGER, - Event: IO_SESSION_EVENT, - NewState: IO_SESSION_STATE, - PreviousState: IO_SESSION_STATE, - Payload: PVOID, - PayloadSize: ULONG, - ) -> NTSTATUS; - fn ZwOpenDirectoryObject( - DirectoryHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenEnlistment( - EnlistmentHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - RmHandle: HANDLE, - EnlistmentGuid: LPGUID, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenEvent( - EventHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenEventPair( - EventPairHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenFile( - FileHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - IoStatusBlock: PIO_STATUS_BLOCK, - ShareAccess: ULONG, - OpenOptions: ULONG, - ) -> NTSTATUS; - fn ZwOpenIoCompletion( - IoCompletionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenJobObject( - JobHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenKey( - KeyHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenKeyEx( - KeyHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - OpenOptions: ULONG, - ) -> NTSTATUS; - fn ZwOpenKeyTransacted( - KeyHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - TransactionHandle: HANDLE, - ) -> NTSTATUS; - fn ZwOpenKeyTransactedEx( - KeyHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - OpenOptions: ULONG, - TransactionHandle: HANDLE, - ) -> NTSTATUS; - fn ZwOpenKeyedEvent( - KeyedEventHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenMutant( - MutantHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenObjectAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - ObjectTypeName: PUNICODE_STRING, - ObjectName: PUNICODE_STRING, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ClientToken: HANDLE, - DesiredAccess: ACCESS_MASK, - GrantedAccess: ACCESS_MASK, - Privileges: PPRIVILEGE_SET, - ObjectCreation: BOOLEAN, - AccessGranted: BOOLEAN, - GenerateOnClose: PBOOLEAN, - ) -> NTSTATUS; - fn ZwOpenPartition( - PartitionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenPrivateNamespace( - NamespaceHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - BoundaryDescriptor: PVOID, - ) -> NTSTATUS; - fn ZwOpenProcess( - ProcessHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ClientId: PCLIENT_ID, - ) -> NTSTATUS; - fn ZwOpenProcessToken( - ProcessHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - TokenHandle: PHANDLE, - ) -> NTSTATUS; - fn ZwOpenProcessTokenEx( - ProcessHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - HandleAttributes: ULONG, - TokenHandle: PHANDLE, - ) -> NTSTATUS; - fn ZwOpenResourceManager( - ResourceManagerHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - TmHandle: HANDLE, - ResourceManagerGuid: LPGUID, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenSection( - SectionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenSemaphore( - SemaphoreHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenSession( - SessionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenSymbolicLinkObject( - LinkHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenThread( - ThreadHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ClientId: PCLIENT_ID, - ) -> NTSTATUS; - fn ZwOpenThreadToken( - ThreadHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - OpenAsSelf: BOOLEAN, - TokenHandle: PHANDLE, - ) -> NTSTATUS; - fn ZwOpenThreadTokenEx( - ThreadHandle: HANDLE, - DesiredAccess: ACCESS_MASK, - OpenAsSelf: BOOLEAN, - HandleAttributes: ULONG, - TokenHandle: PHANDLE, - ) -> NTSTATUS; - fn ZwOpenTimer( - TimerHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwOpenTransaction( - TransactionHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - Uow: LPGUID, - TmHandle: HANDLE, - ) -> NTSTATUS; - fn ZwOpenTransactionManager( - TmHandle: PHANDLE, - DesiredAccess: ACCESS_MASK, - ObjectAttributes: POBJECT_ATTRIBUTES, - LogFileName: PUNICODE_STRING, - TmIdentity: LPGUID, - OpenOptions: ULONG, - ) -> NTSTATUS; - fn ZwPlugPlayControl( - PnPControlClass: PLUGPLAY_CONTROL_CLASS, - PnPControlData: PVOID, - PnPControlDataLength: ULONG, - ) -> NTSTATUS; - fn ZwPowerInformation( - InformationLevel: POWER_INFORMATION_LEVEL, - InputBuffer: PVOID, - InputBufferLength: ULONG, - OutputBuffer: PVOID, - OutputBufferLength: ULONG, - ) -> NTSTATUS; - fn ZwPrePrepareComplete( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwPrePrepareEnlistment( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwPrepareComplete( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwPrepareEnlistment( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwPrivilegeCheck( - ClientToken: HANDLE, - RequiredPrivileges: PPRIVILEGE_SET, - Result: PBOOLEAN, - ) -> NTSTATUS; - fn ZwPrivilegeObjectAuditAlarm( - SubsystemName: PUNICODE_STRING, - HandleId: PVOID, - ClientToken: HANDLE, - DesiredAccess: ACCESS_MASK, - Privileges: PPRIVILEGE_SET, - AccessGranted: BOOLEAN, - ) -> NTSTATUS; - fn ZwPrivilegedServiceAuditAlarm( - SubsystemName: PUNICODE_STRING, - ServiceName: PUNICODE_STRING, - ClientToken: HANDLE, - Privileges: PPRIVILEGE_SET, - AccessGranted: BOOLEAN, - ) -> NTSTATUS; - fn ZwPropagationComplete( - ResourceManagerHandle: HANDLE, - RequestCookie: ULONG, - BufferLength: ULONG, - Buffer: PVOID, - ) -> NTSTATUS; - fn ZwPropagationFailed( - ResourceManagerHandle: HANDLE, - RequestCookie: ULONG, - PropStatus: NTSTATUS, - ) -> NTSTATUS; - fn ZwProtectVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: *mut PVOID, - RegionSize: PSIZE_T, - NewProtect: ULONG, - OldProtect: PULONG, - ) -> NTSTATUS; - fn ZwPulseEvent( - EventHandle: HANDLE, - PreviousState: PLONG, - ) -> NTSTATUS; - fn ZwQueryAttributesFile( - ObjectAttributes: POBJECT_ATTRIBUTES, - FileInformation: PFILE_BASIC_INFORMATION, - ) -> NTSTATUS; - fn ZwQueryBootEntryOrder( - Ids: PULONG, - Count: PULONG, - ) -> NTSTATUS; - fn ZwQueryBootOptions( - BootOptions: PBOOT_OPTIONS, - BootOptionsLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryDebugFilterState( - ComponentId: ULONG, - Level: ULONG, - ) -> NTSTATUS; - fn ZwQueryDefaultLocale( - UserProfile: BOOLEAN, - DefaultLocaleId: PLCID, - ) -> NTSTATUS; - fn ZwQueryDefaultUILanguage( - DefaultUILanguageId: *mut LANGID, - ) -> NTSTATUS; - fn ZwQueryDirectoryFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - FileInformation: PVOID, - Length: ULONG, - FileInformationClass: FILE_INFORMATION_CLASS, - ReturnSingleEntry: BOOLEAN, - FileName: PUNICODE_STRING, - RestartScan: BOOLEAN, - ) -> NTSTATUS; - fn ZwQueryDirectoryObject( - DirectoryHandle: HANDLE, - Buffer: PVOID, - Length: ULONG, - ReturnSingleEntry: BOOLEAN, - RestartScan: BOOLEAN, - Context: PULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryDriverEntryOrder( - Ids: PULONG, - Count: PULONG, - ) -> NTSTATUS; - fn ZwQueryEaFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - ReturnSingleEntry: BOOLEAN, - EaList: PVOID, - EaListLength: ULONG, - EaIndex: PULONG, - RestartScan: BOOLEAN, - ) -> NTSTATUS; - fn ZwQueryEvent( - EventHandle: HANDLE, - EventInformationClass: EVENT_INFORMATION_CLASS, - EventInformation: PVOID, - EventInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryFullAttributesFile( - ObjectAttributes: POBJECT_ATTRIBUTES, - FileInformation: PFILE_NETWORK_OPEN_INFORMATION, - ) -> NTSTATUS; - fn ZwQueryInformationAtom( - Atom: RTL_ATOM, - AtomInformationClass: ATOM_INFORMATION_CLASS, - AtomInformation: PVOID, - AtomInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryInformationEnlistment( - EnlistmentHandle: HANDLE, - EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, - EnlistmentInformation: PVOID, - EnlistmentInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryInformationFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - FileInformation: PVOID, - Length: ULONG, - FileInformationClass: FILE_INFORMATION_CLASS, - ) -> NTSTATUS; - fn ZwQueryInformationJobObject( - JobHandle: HANDLE, - JobObjectInformationClass: JOBOBJECTINFOCLASS, - JobObjectInformation: PVOID, - JobObjectInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryInformationPort( - PortHandle: HANDLE, - PortInformationClass: PORT_INFORMATION_CLASS, - PortInformation: PVOID, - Length: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryInformationProcess( - ProcessHandle: HANDLE, - ProcessInformationClass: PROCESSINFOCLASS, - ProcessInformation: PVOID, - ProcessInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryInformationResourceManager( - ResourceManagerHandle: HANDLE, - ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, - ResourceManagerInformation: PVOID, - ResourceManagerInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryInformationThread( - ThreadHandle: HANDLE, - ThreadInformationClass: THREADINFOCLASS, - ThreadInformation: PVOID, - ThreadInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryInformationToken( - TokenHandle: HANDLE, - TokenInformationClass: TOKEN_INFORMATION_CLASS, - TokenInformation: PVOID, - TokenInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryInformationTransaction( - TransactionHandle: HANDLE, - TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, - TransactionInformation: PVOID, - TransactionInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryInformationTransactionManager( - TransactionManagerHandle: HANDLE, - TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, - TransactionManagerInformation: PVOID, - TransactionManagerInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryInformationWorkerFactory( - WorkerFactoryHandle: HANDLE, - WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, - WorkerFactoryInformation: PVOID, - WorkerFactoryInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryInstallUILanguage( - InstallUILanguageId: *mut LANGID, - ) -> NTSTATUS; - fn ZwQueryIntervalProfile( - ProfileSource: KPROFILE_SOURCE, - Interval: PULONG, - ) -> NTSTATUS; - fn ZwQueryIoCompletion( - IoCompletionHandle: HANDLE, - IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS, - IoCompletionInformation: PVOID, - IoCompletionInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryKey( - KeyHandle: HANDLE, - KeyInformationClass: KEY_INFORMATION_CLASS, - KeyInformation: PVOID, - Length: ULONG, - ResultLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryLicenseValue( - ValueName: PUNICODE_STRING, - Type: PULONG, - Data: PVOID, - DataSize: ULONG, - ResultDataSize: PULONG, - ) -> NTSTATUS; - fn ZwQueryMultipleValueKey( - KeyHandle: HANDLE, - ValueEntries: PKEY_VALUE_ENTRY, - EntryCount: ULONG, - ValueBuffer: PVOID, - BufferLength: PULONG, - RequiredBufferLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryMutant( - MutantHandle: HANDLE, - MutantInformationClass: MUTANT_INFORMATION_CLASS, - MutantInformation: PVOID, - MutantInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryObject( - Handle: HANDLE, - ObjectInformationClass: OBJECT_INFORMATION_CLASS, - ObjectInformation: PVOID, - ObjectInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryOpenSubKeys( - TargetKey: POBJECT_ATTRIBUTES, - HandleCount: PULONG, - ) -> NTSTATUS; - fn ZwQueryOpenSubKeysEx( - TargetKey: POBJECT_ATTRIBUTES, - BufferLength: ULONG, - Buffer: PVOID, - RequiredSize: PULONG, - ) -> NTSTATUS; - fn ZwQueryPerformanceCounter( - PerformanceCounter: PLARGE_INTEGER, - PerformanceFrequency: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwQueryPortInformationProcess() -> NTSTATUS; - fn ZwQueryQuotaInformationFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - ReturnSingleEntry: BOOLEAN, - SidList: PVOID, - SidListLength: ULONG, - StartSid: PSID, - RestartScan: BOOLEAN, - ) -> NTSTATUS; - fn ZwQuerySection( - SectionHandle: HANDLE, - SectionInformationClass: SECTION_INFORMATION_CLASS, - SectionInformation: PVOID, - SectionInformationLength: SIZE_T, - ReturnLength: PSIZE_T, - ) -> NTSTATUS; - fn ZwQuerySecurityAttributesToken( - TokenHandle: HANDLE, - Attributes: PUNICODE_STRING, - NumberOfAttributes: ULONG, - Buffer: PVOID, - Length: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQuerySecurityObject( - Handle: HANDLE, - SecurityInformation: SECURITY_INFORMATION, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - Length: ULONG, - LengthNeeded: PULONG, - ) -> NTSTATUS; - fn ZwQuerySemaphore( - SemaphoreHandle: HANDLE, - SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS, - SemaphoreInformation: PVOID, - SemaphoreInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQuerySymbolicLinkObject( - LinkHandle: HANDLE, - LinkTarget: PUNICODE_STRING, - ReturnedLength: PULONG, - ) -> NTSTATUS; - fn ZwQuerySystemEnvironmentValue( - VariableName: PUNICODE_STRING, - VariableValue: PWSTR, - ValueLength: USHORT, - ReturnLength: PUSHORT, - ) -> NTSTATUS; - fn ZwQuerySystemEnvironmentValueEx( - VariableName: PUNICODE_STRING, - VendorGuid: LPGUID, - Value: PVOID, - ValueLength: PULONG, - Attributes: PULONG, - ) -> NTSTATUS; - fn ZwQuerySystemInformation( - SystemInformationClass: SYSTEM_INFORMATION_CLASS, - SystemInformation: PVOID, - SystemInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQuerySystemInformationEx( - SystemInformationClass: SYSTEM_INFORMATION_CLASS, - InputBuffer: PVOID, - InputBufferLength: ULONG, - SystemInformation: PVOID, - SystemInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQuerySystemTime( - SystemTime: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwQueryTimer( - TimerHandle: HANDLE, - TimerInformationClass: TIMER_INFORMATION_CLASS, - TimerInformation: PVOID, - TimerInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryTimerResolution( - MaximumTime: PULONG, - MinimumTime: PULONG, - CurrentTime: PULONG, - ) -> NTSTATUS; - fn ZwQueryValueKey( - KeyHandle: HANDLE, - ValueName: PUNICODE_STRING, - KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, - KeyValueInformation: PVOID, - Length: ULONG, - ResultLength: PULONG, - ) -> NTSTATUS; - fn ZwQueryVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - MemoryInformationClass: MEMORY_INFORMATION_CLASS, - MemoryInformation: PVOID, - MemoryInformationLength: SIZE_T, - ReturnLength: PSIZE_T, - ) -> NTSTATUS; - fn ZwQueryVolumeInformationFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - FsInformation: PVOID, - Length: ULONG, - FsInformationClass: FS_INFORMATION_CLASS, - ) -> NTSTATUS; - fn ZwQueryWnfStateData( - StateName: PCWNF_STATE_NAME, - TypeId: PCWNF_TYPE_ID, - ExplicitScope: *const VOID, - ChangeStamp: PWNF_CHANGE_STAMP, - Buffer: PVOID, - BufferSize: PULONG, - ) -> NTSTATUS; - fn ZwQueryWnfStateNameInformation( - StateName: PCWNF_STATE_NAME, - NameInfoClass: WNF_STATE_NAME_INFORMATION, - ExplicitScope: *const VOID, - InfoBuffer: PVOID, - InfoBufferSize: ULONG, - ) -> NTSTATUS; - fn ZwQueueApcThread( - ThreadHandle: HANDLE, - ApcRoutine: PPS_APC_ROUTINE, - ApcArgument1: PVOID, - ApcArgument2: PVOID, - ApcArgument3: PVOID, - ) -> NTSTATUS; - fn ZwQueueApcThreadEx( - ThreadHandle: HANDLE, - UserApcReserveHandle: HANDLE, - ApcRoutine: PPS_APC_ROUTINE, - ApcArgument1: PVOID, - ApcArgument2: PVOID, - ApcArgument3: PVOID, - ) -> NTSTATUS; - fn ZwRaiseException( - ExceptionRecord: PEXCEPTION_RECORD, - ContextRecord: PCONTEXT, - FirstChance: BOOLEAN, - ) -> NTSTATUS; - fn ZwRaiseHardError( - ErrorStatus: NTSTATUS, - NumberOfParameters: ULONG, - UnicodeStringParameterMask: ULONG, - Parameters: PULONG_PTR, - ValidResponseOptions: ULONG, - Response: PULONG, - ) -> NTSTATUS; - fn ZwReadFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - ByteOffset: PLARGE_INTEGER, - Key: PULONG, - ) -> NTSTATUS; - fn ZwReadFileScatter( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - SegmentArray: PFILE_SEGMENT_ELEMENT, - Length: ULONG, - ByteOffset: PLARGE_INTEGER, - Key: PULONG, - ) -> NTSTATUS; - fn ZwReadOnlyEnlistment( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwReadRequestData( - PortHandle: HANDLE, - Message: PPORT_MESSAGE, - DataEntryIndex: ULONG, - Buffer: PVOID, - BufferSize: SIZE_T, - NumberOfBytesRead: PSIZE_T, - ) -> NTSTATUS; - fn ZwReadVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - Buffer: PVOID, - BufferSize: SIZE_T, - NumberOfBytesRead: PSIZE_T, - ) -> NTSTATUS; - fn ZwRecoverEnlistment( - EnlistmentHandle: HANDLE, - EnlistmentKey: PVOID, - ) -> NTSTATUS; - fn ZwRecoverResourceManager( - ResourceManagerHandle: HANDLE, - ) -> NTSTATUS; - fn ZwRecoverTransactionManager( - TransactionManagerHandle: HANDLE, - ) -> NTSTATUS; - fn ZwRegisterProtocolAddressInformation( - ResourceManager: HANDLE, - ProtocolId: PCRM_PROTOCOL_ID, - ProtocolInformationSize: ULONG, - ProtocolInformation: PVOID, - CreateOptions: ULONG, - ) -> NTSTATUS; - fn ZwRegisterThreadTerminatePort( - PortHandle: HANDLE, - ) -> NTSTATUS; - fn ZwReleaseCMFViewOwnership() -> NTSTATUS; - fn ZwReleaseKeyedEvent( - KeyedEventHandle: HANDLE, - KeyValue: PVOID, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwReleaseMutant( - MutantHandle: HANDLE, - PreviousCount: PLONG, - ) -> NTSTATUS; - fn ZwReleaseSemaphore( - SemaphoreHandle: HANDLE, - ReleaseCount: LONG, - PreviousCount: PLONG, - ) -> NTSTATUS; - fn ZwReleaseWorkerFactoryWorker( - WorkerFactoryHandle: HANDLE, - ) -> NTSTATUS; - fn ZwRemoveIoCompletion( - IoCompletionHandle: HANDLE, - KeyContext: *mut PVOID, - ApcContext: *mut PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwRemoveIoCompletionEx( - IoCompletionHandle: HANDLE, - IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION, - Count: ULONG, - NumEntriesRemoved: PULONG, - Timeout: PLARGE_INTEGER, - Alertable: BOOLEAN, - ) -> NTSTATUS; - fn ZwRemoveProcessDebug( - ProcessHandle: HANDLE, - DebugObjectHandle: HANDLE, - ) -> NTSTATUS; - fn ZwRenameKey( - KeyHandle: HANDLE, - NewName: PUNICODE_STRING, - ) -> NTSTATUS; - fn ZwRenameTransactionManager( - LogFileName: PUNICODE_STRING, - ExistingTransactionManagerGuid: LPGUID, - ) -> NTSTATUS; - fn ZwReplaceKey( - NewFile: POBJECT_ATTRIBUTES, - TargetHandle: HANDLE, - OldFile: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwReplacePartitionUnit( - TargetInstancePath: PUNICODE_STRING, - SpareInstancePath: PUNICODE_STRING, - Flags: ULONG, - ) -> NTSTATUS; - fn ZwReplyPort( - PortHandle: HANDLE, - ReplyMessage: PPORT_MESSAGE, - ) -> NTSTATUS; - fn ZwReplyWaitReceivePort( - PortHandle: HANDLE, - PortContext: *mut PVOID, - ReplyMessage: PPORT_MESSAGE, - ReceiveMessage: PPORT_MESSAGE, - ) -> NTSTATUS; - fn ZwReplyWaitReceivePortEx( - PortHandle: HANDLE, - PortContext: *mut PVOID, - ReplyMessage: PPORT_MESSAGE, - ReceiveMessage: PPORT_MESSAGE, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwReplyWaitReplyPort( - PortHandle: HANDLE, - ReplyMessage: PPORT_MESSAGE, - ) -> NTSTATUS; - fn ZwRequestPort( - PortHandle: HANDLE, - RequestMessage: PPORT_MESSAGE, - ) -> NTSTATUS; - fn ZwRequestWaitReplyPort( - PortHandle: HANDLE, - RequestMessage: PPORT_MESSAGE, - ReplyMessage: PPORT_MESSAGE, - ) -> NTSTATUS; - fn ZwRequestWakeupLatency( - latency: LATENCY_TIME, - ) -> NTSTATUS; - fn ZwResetEvent( - EventHandle: HANDLE, - PreviousState: PLONG, - ) -> NTSTATUS; - fn ZwResetWriteWatch( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - RegionSize: SIZE_T, - ) -> NTSTATUS; - fn ZwRestoreKey( - KeyHandle: HANDLE, - FileHandle: HANDLE, - Flags: ULONG, - ) -> NTSTATUS; - fn ZwResumeProcess( - ProcessHandle: HANDLE, - ) -> NTSTATUS; - fn ZwResumeThread( - ThreadHandle: HANDLE, - PreviousSuspendCount: PULONG, - ) -> NTSTATUS; - fn ZwRevertContainerImpersonation() -> NTSTATUS; - fn ZwRollbackComplete( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwRollbackEnlistment( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwRollbackTransaction( - TransactionHandle: HANDLE, - Wait: BOOLEAN, - ) -> NTSTATUS; - fn ZwRollforwardTransactionManager( - TransactionManagerHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwSaveKey( - KeyHandle: HANDLE, - FileHandle: HANDLE, - ) -> NTSTATUS; - fn ZwSaveKeyEx( - KeyHandle: HANDLE, - FileHandle: HANDLE, - Format: ULONG, - ) -> NTSTATUS; - fn ZwSaveMergedKeys( - HighPrecedenceKeyHandle: HANDLE, - LowPrecedenceKeyHandle: HANDLE, - FileHandle: HANDLE, - ) -> NTSTATUS; - fn ZwSecureConnectPort( - PortHandle: PHANDLE, - PortName: PUNICODE_STRING, - SecurityQos: PSECURITY_QUALITY_OF_SERVICE, - ClientView: PPORT_VIEW, - RequiredServerSid: PSID, - ServerView: PREMOTE_PORT_VIEW, - MaxMessageLength: PULONG, - ConnectionInformation: PVOID, - ConnectionInformationLength: PULONG, - ) -> NTSTATUS; - fn ZwSerializeBoot() -> NTSTATUS; - fn ZwSetBootEntryOrder( - Ids: PULONG, - Count: ULONG, - ) -> NTSTATUS; - fn ZwSetBootOptions( - BootOptions: PBOOT_OPTIONS, - FieldsToChange: ULONG, - ) -> NTSTATUS; - fn ZwSetCachedSigningLevel( - Flags: ULONG, - InputSigningLevel: SE_SIGNING_LEVEL, - SourceFiles: PHANDLE, - SourceFileCount: ULONG, - TargetFile: HANDLE, - ) -> NTSTATUS; - fn ZwSetContextThread( - ThreadHandle: HANDLE, - ThreadContext: PCONTEXT, - ) -> NTSTATUS; - fn ZwSetDebugFilterState( - ComponentId: ULONG, - Level: ULONG, - State: BOOLEAN, - ) -> NTSTATUS; - fn ZwSetDefaultHardErrorPort( - DefaultHardErrorPort: HANDLE, - ) -> NTSTATUS; - fn ZwSetDefaultLocale( - UserProfile: BOOLEAN, - DefaultLocaleId: LCID, - ) -> NTSTATUS; - fn ZwSetDefaultUILanguage( - DefaultUILanguageId: LANGID, - ) -> NTSTATUS; - fn ZwSetDriverEntryOrder( - Ids: PULONG, - Count: ULONG, - ) -> NTSTATUS; - fn ZwSetEaFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - ) -> NTSTATUS; - fn ZwSetEvent( - EventHandle: HANDLE, - PreviousState: PLONG, - ) -> NTSTATUS; - fn ZwSetEventBoostPriority( - EventHandle: HANDLE, - ) -> NTSTATUS; - fn ZwSetHighEventPair( - EventPairHandle: HANDLE, - ) -> NTSTATUS; - fn ZwSetHighWaitLowEventPair( - EventPairHandle: HANDLE, - ) -> NTSTATUS; - fn ZwSetIRTimer( - TimerHandle: HANDLE, - DueTime: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwSetInformationDebugObject( - DebugObjectHandle: HANDLE, - DebugObjectInformationClass: DEBUGOBJECTINFOCLASS, - DebugInformation: PVOID, - DebugInformationLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwSetInformationEnlistment( - EnlistmentHandle: HANDLE, - EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, - EnlistmentInformation: PVOID, - EnlistmentInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetInformationFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - FileInformation: PVOID, - Length: ULONG, - FileInformationClass: FILE_INFORMATION_CLASS, - ) -> NTSTATUS; - fn ZwSetInformationJobObject( - JobHandle: HANDLE, - JobObjectInformationClass: JOBOBJECTINFOCLASS, - JobObjectInformation: PVOID, - JobObjectInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetInformationKey( - KeyHandle: HANDLE, - KeySetInformationClass: KEY_SET_INFORMATION_CLASS, - KeySetInformation: PVOID, - KeySetInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetInformationObject( - Handle: HANDLE, - ObjectInformationClass: OBJECT_INFORMATION_CLASS, - ObjectInformation: PVOID, - ObjectInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetInformationProcess( - ProcessHandle: HANDLE, - ProcessInformationClass: PROCESSINFOCLASS, - ProcessInformation: PVOID, - ProcessInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetInformationResourceManager( - ResourceManagerHandle: HANDLE, - ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, - ResourceManagerInformation: PVOID, - ResourceManagerInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetInformationThread( - ThreadHandle: HANDLE, - ThreadInformationClass: THREADINFOCLASS, - ThreadInformation: PVOID, - ThreadInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetInformationToken( - TokenHandle: HANDLE, - TokenInformationClass: TOKEN_INFORMATION_CLASS, - TokenInformation: PVOID, - TokenInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetInformationTransaction( - TransactionHandle: HANDLE, - TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, - TransactionInformation: PVOID, - TransactionInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetInformationTransactionManager( - TmHandle: HANDLE, - TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, - TransactionManagerInformation: PVOID, - TransactionManagerInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetInformationVirtualMemory( - ProcessHandle: HANDLE, - VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS, - NumberOfEntries: ULONG_PTR, - VirtualAddresses: PMEMORY_RANGE_ENTRY, - VmInformation: PVOID, - VmInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetInformationWorkerFactory( - WorkerFactoryHandle: HANDLE, - WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, - WorkerFactoryInformation: PVOID, - WorkerFactoryInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetIntervalProfile( - Interval: ULONG, - Source: KPROFILE_SOURCE, - ) -> NTSTATUS; - fn ZwSetIoCompletion( - IoCompletionHandle: HANDLE, - KeyContext: PVOID, - ApcContext: PVOID, - IoStatus: NTSTATUS, - IoStatusInformation: ULONG_PTR, - ) -> NTSTATUS; - fn ZwSetIoCompletionEx( - IoCompletionHandle: HANDLE, - IoCompletionPacketHandle: HANDLE, - KeyContext: PVOID, - ApcContext: PVOID, - IoStatus: NTSTATUS, - IoStatusInformation: ULONG_PTR, - ) -> NTSTATUS; - fn ZwSetLdtEntries( - Selector0: ULONG, - Entry0Low: ULONG, - Entry0Hi: ULONG, - Selector1: ULONG, - Entry1Low: ULONG, - Entry1Hi: ULONG, - ) -> NTSTATUS; - fn ZwSetLowEventPair( - EventPairHandle: HANDLE, - ) -> NTSTATUS; - fn ZwSetLowWaitHighEventPair( - EventPairHandle: HANDLE, - ) -> NTSTATUS; - fn ZwSetQuotaInformationFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - ) -> NTSTATUS; - fn ZwSetSecurityObject( - Handle: HANDLE, - SecurityInformation: SECURITY_INFORMATION, - SecurityDescriptor: PSECURITY_DESCRIPTOR, - ) -> NTSTATUS; - fn ZwSetSystemEnvironmentValue( - VariableName: PUNICODE_STRING, - VariableValue: PUNICODE_STRING, - ) -> NTSTATUS; - fn ZwSetSystemEnvironmentValueEx( - VariableName: PUNICODE_STRING, - VendorGuid: LPGUID, - Value: PVOID, - ValueLength: ULONG, - Attributes: ULONG, - ) -> NTSTATUS; - fn ZwSetSystemInformation( - SystemInformationClass: SYSTEM_INFORMATION_CLASS, - SystemInformation: PVOID, - SystemInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetSystemPowerState( - SystemAction: POWER_ACTION, - LightestSystemState: SYSTEM_POWER_STATE, - Flags: ULONG, - ) -> NTSTATUS; - fn ZwSetSystemTime( - SystemTime: PLARGE_INTEGER, - PreviousTime: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwSetThreadExecutionState( - NewFlags: EXECUTION_STATE, - PreviousFlags: *mut EXECUTION_STATE, - ) -> NTSTATUS; - fn ZwSetTimer( - TimerHandle: HANDLE, - DueTime: PLARGE_INTEGER, - TimerApcRoutine: PTIMER_APC_ROUTINE, - TimerContext: PVOID, - ResumeTimer: BOOLEAN, - Period: LONG, - PreviousState: PBOOLEAN, - ) -> NTSTATUS; - fn ZwSetTimer2( - TimerHandle: HANDLE, - DueTime: PLARGE_INTEGER, - Period: PLARGE_INTEGER, - Parameters: PT2_SET_PARAMETERS, - ) -> NTSTATUS; - fn ZwSetTimerEx( - TimerHandle: HANDLE, - TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS, - TimerSetInformation: PVOID, - TimerSetInformationLength: ULONG, - ) -> NTSTATUS; - fn ZwSetTimerResolution( - DesiredTime: ULONG, - SetResolution: BOOLEAN, - ActualTime: PULONG, - ) -> NTSTATUS; - fn ZwSetUuidSeed( - Seed: PCHAR, - ) -> NTSTATUS; - fn ZwSetValueKey( - KeyHandle: HANDLE, - ValueName: PUNICODE_STRING, - TitleIndex: ULONG, - Type: ULONG, - Data: PVOID, - DataSize: ULONG, - ) -> NTSTATUS; - fn ZwSetVolumeInformationFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - FsInformation: PVOID, - Length: ULONG, - FsInformationClass: FS_INFORMATION_CLASS, - ) -> NTSTATUS; - fn ZwSetWnfProcessNotificationEvent( - NotificationEvent: HANDLE, - ) -> NTSTATUS; - fn ZwShutdownSystem( - Action: SHUTDOWN_ACTION, - ) -> NTSTATUS; - fn ZwShutdownWorkerFactory( - WorkerFactoryHandle: HANDLE, - PendingWorkerCount: *mut LONG, - ) -> NTSTATUS; - fn ZwSignalAndWaitForSingleObject( - SignalHandle: HANDLE, - WaitHandle: HANDLE, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwSinglePhaseReject( - EnlistmentHandle: HANDLE, - TmVirtualClock: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwStartProfile( - ProfileHandle: HANDLE, - ) -> NTSTATUS; - fn ZwStopProfile( - ProfileHandle: HANDLE, - ) -> NTSTATUS; - fn ZwSubscribeWnfStateChange( - StateName: PCWNF_STATE_NAME, - ChangeStamp: WNF_CHANGE_STAMP, - EventMask: ULONG, - SubscriptionId: PULONG64, - ) -> NTSTATUS; - fn ZwSuspendProcess( - ProcessHandle: HANDLE, - ) -> NTSTATUS; - fn ZwSuspendThread( - ThreadHandle: HANDLE, - PreviousSuspendCount: PULONG, - ) -> NTSTATUS; - fn ZwSystemDebugControl( - Command: SYSDBG_COMMAND, - InputBuffer: PVOID, - InputBufferLength: ULONG, - OutputBuffer: PVOID, - OutputBufferLength: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwTerminateJobObject( - JobHandle: HANDLE, - ExitStatus: NTSTATUS, - ) -> NTSTATUS; - fn ZwTerminateProcess( - ProcessHandle: HANDLE, - ExitStatus: NTSTATUS, - ) -> NTSTATUS; - fn ZwTerminateThread( - ThreadHandle: HANDLE, - ExitStatus: NTSTATUS, - ) -> NTSTATUS; - fn ZwTestAlert() -> NTSTATUS; - fn ZwThawRegistry() -> NTSTATUS; - fn ZwThawTransactions() -> NTSTATUS; - fn ZwTraceControl( - FunctionCode: ULONG, - InBuffer: PVOID, - InBufferLen: ULONG, - OutBuffer: PVOID, - OutBufferLen: ULONG, - ReturnLength: PULONG, - ) -> NTSTATUS; - fn ZwTraceEvent( - TraceHandle: HANDLE, - Flags: ULONG, - FieldSize: ULONG, - Fields: PVOID, - ) -> NTSTATUS; - fn ZwTranslateFilePath( - InputFilePath: PFILE_PATH, - OutputType: ULONG, - OutputFilePath: PFILE_PATH, - OutputFilePathLength: PULONG, - ) -> NTSTATUS; - fn ZwUmsThreadYield( - SchedulerParam: PVOID, - ) -> NTSTATUS; - fn ZwUnloadDriver( - DriverServiceName: PUNICODE_STRING, - ) -> NTSTATUS; - fn ZwUnloadKey( - TargetKey: POBJECT_ATTRIBUTES, - ) -> NTSTATUS; - fn ZwUnloadKey2( - TargetKey: POBJECT_ATTRIBUTES, - Flags: ULONG, - ) -> NTSTATUS; - fn ZwUnloadKeyEx( - TargetKey: POBJECT_ATTRIBUTES, - Event: HANDLE, - ) -> NTSTATUS; - fn ZwUnlockFile( - FileHandle: HANDLE, - IoStatusBlock: PIO_STATUS_BLOCK, - ByteOffset: PLARGE_INTEGER, - Length: PLARGE_INTEGER, - Key: ULONG, - ) -> NTSTATUS; - fn ZwUnlockVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: *mut PVOID, - RegionSize: PSIZE_T, - MapType: ULONG, - ) -> NTSTATUS; - fn ZwUnmapViewOfSection( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - ) -> NTSTATUS; - fn ZwUnmapViewOfSectionEx( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - Flags: ULONG, - ) -> NTSTATUS; - fn ZwUnsubscribeWnfStateChange( - StateName: PCWNF_STATE_NAME, - ) -> NTSTATUS; - fn ZwUpdateWnfStateData( - StateName: PCWNF_STATE_NAME, - Buffer: *const VOID, - Length: ULONG, - TypeId: PCWNF_TYPE_ID, - ExplicitScope: *const VOID, - MatchingChangeStamp: WNF_CHANGE_STAMP, - CheckStamp: LOGICAL, - ) -> NTSTATUS; - fn ZwVdmControl( - Service: VDMSERVICECLASS, - ServiceData: PVOID, - ) -> NTSTATUS; - fn ZwWaitForAlertByThreadId( - Address: PVOID, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwWaitForDebugEvent( - DebugObjectHandle: HANDLE, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - WaitStateChange: PVOID, - ) -> NTSTATUS; - fn ZwWaitForKeyedEvent( - KeyedEventHandle: HANDLE, - KeyValue: PVOID, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwWaitForMultipleObjects( - Count: ULONG, - Handles: *mut HANDLE, - WaitType: WAIT_TYPE, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwWaitForMultipleObjects32( - Count: ULONG, - Handles: *mut LONG, - WaitType: WAIT_TYPE, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwWaitForSingleObject( - Handle: HANDLE, - Alertable: BOOLEAN, - Timeout: PLARGE_INTEGER, - ) -> NTSTATUS; - fn ZwWaitForWorkViaWorkerFactory( - WorkerFactoryHandle: HANDLE, - MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION, - ) -> NTSTATUS; - fn ZwWaitHighEventPair( - EventPairHandle: HANDLE, - ) -> NTSTATUS; - fn ZwWaitLowEventPair( - EventPairHandle: HANDLE, - ) -> NTSTATUS; - fn ZwWorkerFactoryWorkerReady( - WorkerFactoryHandle: HANDLE, - ) -> NTSTATUS; - fn ZwWriteFile( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - Buffer: PVOID, - Length: ULONG, - ByteOffset: PLARGE_INTEGER, - Key: PULONG, - ) -> NTSTATUS; - fn ZwWriteFileGather( - FileHandle: HANDLE, - Event: HANDLE, - ApcRoutine: PIO_APC_ROUTINE, - ApcContext: PVOID, - IoStatusBlock: PIO_STATUS_BLOCK, - SegmentArray: PFILE_SEGMENT_ELEMENT, - Length: ULONG, - ByteOffset: PLARGE_INTEGER, - Key: PULONG, - ) -> NTSTATUS; - fn ZwWriteRequestData( - PortHandle: HANDLE, - Message: PPORT_MESSAGE, - DataEntryIndex: ULONG, - Buffer: PVOID, - BufferSize: SIZE_T, - NumberOfBytesWritten: PSIZE_T, - ) -> NTSTATUS; - fn ZwWriteVirtualMemory( - ProcessHandle: HANDLE, - BaseAddress: PVOID, - Buffer: PVOID, - BufferSize: SIZE_T, - NumberOfBytesWritten: PSIZE_T, - ) -> NTSTATUS; - fn ZwYieldExecution() -> NTSTATUS; -}} diff --git a/vendor/ntapi/src/string.rs b/vendor/ntapi/src/string.rs deleted file mode 100644 index 32bfa5024..000000000 --- a/vendor/ntapi/src/string.rs +++ /dev/null @@ -1,58 +0,0 @@ -/// A wrapper over UTF16 string constants. -pub struct UTF16Const(pub &'static [u16]); -impl UTF16Const { - #[inline] - pub fn as_ptr(&self) -> *const u16 { - self.0.as_ptr() - } - #[inline] - pub fn as_mut_ptr(&self) -> *mut u16 { - self.0.as_ptr() as *mut u16 - } - #[inline] - pub fn len(&self) -> usize { - self.0.len() - 1 - } -} -impl AsRef<[u16]> for UTF16Const { - #[inline] - fn as_ref(&self) -> &[u16] { - &self.0[..self.len()] - } -} -impl Copy for UTF16Const {} -impl Clone for UTF16Const { - #[inline] - fn clone(&self) -> UTF16Const { *self } -} -/// A wrapper over UTF8 string constants. -pub struct UTF8Const(pub &'static str); -impl UTF8Const { - #[inline] - pub fn as_ptr(&self) -> *const i8 { - self.0.as_ptr() as *const i8 - } - #[inline] - pub fn as_mut_ptr(&self) -> *mut i8 { - self.0.as_ptr() as *mut i8 - } - #[inline] - pub fn len(&self) -> usize { - self.0.len() - 1 - } - #[inline] - pub fn as_str(&self) -> &str { - &self.0[..self.len()] - } -} -impl AsRef<str> for UTF8Const { - #[inline] - fn as_ref(&self) -> &str { - &self.0[..self.len()] - } -} -impl Copy for UTF8Const {} -impl Clone for UTF8Const { - #[inline] - fn clone(&self) -> UTF8Const { *self } -} diff --git a/vendor/ntapi/src/subprocesstag.rs b/vendor/ntapi/src/subprocesstag.rs deleted file mode 100644 index 7c8d17ce4..000000000 --- a/vendor/ntapi/src/subprocesstag.rs +++ /dev/null @@ -1,77 +0,0 @@ -use winapi::shared::minwindef::DWORD; -use winapi::shared::ntdef::{LPCWSTR, LPWSTR, PVOID}; -ENUM!{enum TAG_INFO_LEVEL { - eTagInfoLevelNameFromTag = 1, - eTagInfoLevelNamesReferencingModule = 2, - eTagInfoLevelNameTagMapping = 3, - eTagInfoLevelMax = 4, -}} -ENUM!{enum TAG_TYPE { - eTagTypeService = 1, - eTagTypeMax = 2, -}} -STRUCT!{struct TAG_INFO_NAME_FROM_TAG_IN_PARAMS { - dwPid: DWORD, - dwTag: DWORD, -}} -pub type PTAG_INFO_NAME_FROM_TAG_IN_PARAMS = *mut TAG_INFO_NAME_FROM_TAG_IN_PARAMS; -STRUCT!{struct TAG_INFO_NAME_FROM_TAG_OUT_PARAMS { - eTagType: DWORD, - pszName: LPWSTR, -}} -pub type PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS = *mut TAG_INFO_NAME_FROM_TAG_OUT_PARAMS; -STRUCT!{struct TAG_INFO_NAME_FROM_TAG { - InParams: TAG_INFO_NAME_FROM_TAG_IN_PARAMS, - OutParams: TAG_INFO_NAME_FROM_TAG_OUT_PARAMS, -}} -pub type PTAG_INFO_NAME_FROM_TAG = *mut TAG_INFO_NAME_FROM_TAG; -STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS { - dwPid: DWORD, - pszModule: LPWSTR, -}} -pub type PTAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS = - *mut TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS; -STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS { - eTagType: DWORD, - pmszNames: LPWSTR, -}} -pub type PTAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS = - *mut TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS; -STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE { - InParams: TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS, - OutParams: TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS, -}} -pub type PTAG_INFO_NAMES_REFERENCING_MODULE = *mut TAG_INFO_NAMES_REFERENCING_MODULE; -STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS { - dwPid: DWORD, -}} -pub type PTAG_INFO_NAME_TAG_MAPPING_IN_PARAMS = *mut TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS; -STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_ELEMENT { - eTagType: DWORD, - dwTag: DWORD, - pszName: LPWSTR, - pszGroupName: LPWSTR, -}} -pub type PTAG_INFO_NAME_TAG_MAPPING_ELEMENT = *mut TAG_INFO_NAME_TAG_MAPPING_ELEMENT; -STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS { - cElements: DWORD, - pNameTagMappingElements: PTAG_INFO_NAME_TAG_MAPPING_ELEMENT, -}} -pub type PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS = *mut TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS; -STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING { - InParams: TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS, - pOutParams: PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS, -}} -pub type PTAG_INFO_NAME_TAG_MAPPING = *mut TAG_INFO_NAME_TAG_MAPPING; -EXTERN!{extern "system" { - fn I_QueryTagInformation( - pszMachineName: LPCWSTR, - eInfoLevel: TAG_INFO_LEVEL, - pTagInfo: PVOID, - ) -> DWORD; -}} -FN!{stdcall PQUERY_TAG_INFORMATION( - pszMachineName: LPCWSTR, - eInfoLevel: TAG_INFO_LEVEL, - pTagInfo: PVOID, -) -> DWORD} diff --git a/vendor/ntapi/src/winapi_local.rs b/vendor/ntapi/src/winapi_local.rs deleted file mode 100644 index 2aa6fdd1e..000000000 --- a/vendor/ntapi/src/winapi_local.rs +++ /dev/null @@ -1 +0,0 @@ -pub mod um; diff --git a/vendor/ntapi/src/winapi_local/um.rs b/vendor/ntapi/src/winapi_local/um.rs deleted file mode 100644 index 5f862d511..000000000 --- a/vendor/ntapi/src/winapi_local/um.rs +++ /dev/null @@ -1,2 +0,0 @@ -pub(crate) mod winioctl; -pub mod winnt; diff --git a/vendor/ntapi/src/winapi_local/um/winioctl.rs b/vendor/ntapi/src/winapi_local/um/winioctl.rs deleted file mode 100644 index da490269a..000000000 --- a/vendor/ntapi/src/winapi_local/um/winioctl.rs +++ /dev/null @@ -1,4 +0,0 @@ -#[inline] -pub(crate) const fn CTL_CODE(DeviceType: u32, Function: u32, Method: u32, Access: u32) -> u32 { - (DeviceType << 16) | (Access << 14) | (Function << 2) | Method -} diff --git a/vendor/ntapi/src/winapi_local/um/winnt.rs b/vendor/ntapi/src/winapi_local/um/winnt.rs deleted file mode 100644 index 0c8efb262..000000000 --- a/vendor/ntapi/src/winapi_local/um/winnt.rs +++ /dev/null @@ -1,71 +0,0 @@ -use winapi::shared::basetsd::{DWORD64, SIZE_T, ULONG64}; -use winapi::shared::minwindef::DWORD; -use winapi::um::winnt::{HANDLE, PVOID}; -#[doc(hidden)] -#[inline] -pub const fn UInt32x32To64(a: u32, b: u32) -> u64 { - a as u64 * b as u64 -} -#[cfg(not(target_arch = "aarch64"))] -IFDEF!{ -use core::arch::asm; -use crate::ntpebteb::TEB; -#[inline] -pub unsafe fn __readfsdword(Offset: DWORD) -> DWORD { - let out: u32; - asm!( - "mov {:e}, fs:[{:e}]", - lateout(reg) out, - in(reg) Offset, - options(nostack, pure, readonly), - ); - out -} -#[inline] -#[cfg(target_pointer_width = "64")] -pub unsafe fn __readgsqword(Offset: DWORD) -> DWORD64 { - let out: u64; - asm!( - "mov {}, gs:[{:e}]", - lateout(reg) out, - in(reg) Offset, - options(nostack, pure, readonly), - ); - out -} -#[inline] #[allow(unused_unsafe)] -pub unsafe fn NtCurrentTeb() -> *mut TEB { - use winapi::um::winnt::NT_TIB; - let teb_offset = FIELD_OFFSET!(NT_TIB, _Self) as u32; - #[cfg(target_arch = "x86_64")] { - __readgsqword(teb_offset) as *mut TEB - } - #[cfg(target_arch = "x86")] { - __readfsdword(teb_offset) as *mut TEB - } -} -} -ENUM!{enum MEM_EXTENDED_PARAMETER_TYPE { - MemExtendedParameterInvalidType = 0, - MemExtendedParameterAddressRequirements = 1, - MemExtendedParameterNumaNode = 2, - MemExtendedParameterPartitionHandle = 3, - MemExtendedParameterMax = 4, -}} -pub type PMEM_EXTENDED_PARAMETER_TYPE = *mut MEM_EXTENDED_PARAMETER_TYPE; -UNION!{union MEM_EXTENDED_PARAMETER_u { - ULong64: DWORD64, - Pointer: PVOID, - Size: SIZE_T, - Handle: HANDLE, - ULong: DWORD, -}} -STRUCT!{struct MEM_EXTENDED_PARAMETER { - BitFields: ULONG64, - u: MEM_EXTENDED_PARAMETER_u, -}} -BITFIELD!{MEM_EXTENDED_PARAMETER BitFields: ULONG64 [ - Type set_Type[0..8], - Reserved set_Reserved[8..64], -]} -pub type PMEM_EXTENDED_PARAMETER = *mut MEM_EXTENDED_PARAMETER; diff --git a/vendor/ntapi/src/winsta.rs b/vendor/ntapi/src/winsta.rs deleted file mode 100644 index 162316d06..000000000 --- a/vendor/ntapi/src/winsta.rs +++ /dev/null @@ -1,848 +0,0 @@ -use core::ptr::null_mut; -use crate::ntrtl::RTL_TIME_ZONE_INFORMATION; -use winapi::shared::basetsd::SIZE_T; -use winapi::shared::minwindef::{BYTE, DWORD, FILETIME}; -use winapi::shared::ntdef::{ - BOOLEAN, CHAR, HANDLE, LARGE_INTEGER, LONG, PULONG, PVOID, PWSTR, UCHAR, ULONG, UNICODE_STRING, - USHORT, WCHAR, -}; -use winapi::shared::windef::HWND; -use winapi::um::winnt::{PSID, STANDARD_RIGHTS_REQUIRED}; -pub const WINSTATION_QUERY: u32 = 0x00000001; -pub const WINSTATION_SET: u32 = 0x00000002; -pub const WINSTATION_RESET: u32 = 0x00000004; -pub const WINSTATION_VIRTUAL: u32 = 0x00000008; -pub const WINSTATION_SHADOW: u32 = 0x00000010; -pub const WINSTATION_LOGON: u32 = 0x00000020; -pub const WINSTATION_LOGOFF: u32 = 0x00000040; -pub const WINSTATION_MSG: u32 = 0x00000080; -pub const WINSTATION_CONNECT: u32 = 0x00000100; -pub const WINSTATION_DISCONNECT: u32 = 0x00000200; -pub const WINSTATION_GUEST_ACCESS: u32 = WINSTATION_LOGON; -pub const WINSTATION_CURRENT_GUEST_ACCESS: u32 = WINSTATION_VIRTUAL | WINSTATION_LOGOFF; -pub const WINSTATION_USER_ACCESS: u32 = - WINSTATION_GUEST_ACCESS | WINSTATION_QUERY | WINSTATION_CONNECT; -pub const WINSTATION_CURRENT_USER_ACCESS: u32 = WINSTATION_SET | WINSTATION_RESET - | WINSTATION_VIRTUAL | WINSTATION_LOGOFF | WINSTATION_DISCONNECT; -pub const WINSTATION_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | WINSTATION_QUERY | WINSTATION_SET - | WINSTATION_RESET | WINSTATION_VIRTUAL | WINSTATION_SHADOW | WINSTATION_LOGON | WINSTATION_MSG - | WINSTATION_CONNECT | WINSTATION_DISCONNECT; -pub const WDPREFIX_LENGTH: usize = 12; -pub const CALLBACK_LENGTH: usize = 50; -pub const DLLNAME_LENGTH: usize = 32; -pub const CDNAME_LENGTH: usize = 32; -pub const WDNAME_LENGTH: usize = 32; -pub const PDNAME_LENGTH: usize = 32; -pub const DEVICENAME_LENGTH: usize = 128; -pub const MODEMNAME_LENGTH: usize = DEVICENAME_LENGTH; -pub const STACK_ADDRESS_LENGTH: usize = 128; -pub const MAX_BR_NAME: usize = 65; -pub const DIRECTORY_LENGTH: usize = 256; -pub const INITIALPROGRAM_LENGTH: usize = 256; -pub const USERNAME_LENGTH: usize = 20; -pub const DOMAIN_LENGTH: usize = 17; -pub const PASSWORD_LENGTH: usize = 14; -pub const NASISPECIFICNAME_LENGTH: usize = 14; -pub const NASIUSERNAME_LENGTH: usize = 47; -pub const NASIPASSWORD_LENGTH: usize = 24; -pub const NASISESSIONNAME_LENGTH: usize = 16; -pub const NASIFILESERVER_LENGTH: usize = 47; -pub const CLIENTDATANAME_LENGTH: usize = 7; -pub const CLIENTNAME_LENGTH: usize = 20; -pub const CLIENTADDRESS_LENGTH: usize = 30; -pub const IMEFILENAME_LENGTH: usize = 32; -pub const CLIENTLICENSE_LENGTH: usize = 32; -pub const CLIENTMODEM_LENGTH: usize = 40; -pub const CLIENT_PRODUCT_ID_LENGTH: usize = 32; -pub const MAX_COUNTER_EXTENSIONS: u32 = 2; -pub const WINSTATIONNAME_LENGTH: usize = 32; -pub const TERMSRV_TOTAL_SESSIONS: u32 = 1; -pub const TERMSRV_DISC_SESSIONS: u32 = 2; -pub const TERMSRV_RECON_SESSIONS: u32 = 3; -pub const TERMSRV_CURRENT_ACTIVE_SESSIONS: u32 = 4; -pub const TERMSRV_CURRENT_DISC_SESSIONS: u32 = 5; -pub const TERMSRV_PENDING_SESSIONS: u32 = 6; -pub const TERMSRV_SUCC_TOTAL_LOGONS: u32 = 7; -pub const TERMSRV_SUCC_LOCAL_LOGONS: u32 = 8; -pub const TERMSRV_SUCC_REMOTE_LOGONS: u32 = 9; -pub const TERMSRV_SUCC_SESSION0_LOGONS: u32 = 10; -pub const TERMSRV_CURRENT_TERMINATING_SESSIONS: u32 = 11; -pub const TERMSRV_CURRENT_LOGGEDON_SESSIONS: u32 = 12; -pub type PTS_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION; -pub type TS_TIME_ZONE_INFORMATION = RTL_TIME_ZONE_INFORMATION; -pub type WINSTATIONNAME = [WCHAR; WINSTATIONNAME_LENGTH + 1]; -STRUCT!{struct VARDATA_WIRE { - Size: USHORT, - Offset: USHORT, -}} -pub type PVARDATA_WIRE = *mut VARDATA_WIRE; -ENUM!{enum WINSTATIONSTATECLASS { - State_Active = 0, - State_Connected = 1, - State_ConnectQuery = 2, - State_Shadow = 3, - State_Disconnected = 4, - State_Idle = 5, - State_Listen = 6, - State_Reset = 7, - State_Down = 8, - State_Init = 9, -}} -UNION!{union SESSIONIDW_u { - SessionId: ULONG, - LogonId: ULONG, -}} -STRUCT!{struct SESSIONIDW { - u: SESSIONIDW_u, - WinStationName: WINSTATIONNAME, - State: WINSTATIONSTATECLASS, -}} -pub type PSESSIONIDW = *mut SESSIONIDW; -ENUM!{enum WINSTATIONINFOCLASS { - WinStationCreateData = 0, - WinStationConfiguration = 1, - WinStationPdParams = 2, - WinStationWd = 3, - WinStationPd = 4, - WinStationPrinter = 5, - WinStationClient = 6, - WinStationModules = 7, - WinStationInformation = 8, - WinStationTrace = 9, - WinStationBeep = 10, - WinStationEncryptionOff = 11, - WinStationEncryptionPerm = 12, - WinStationNtSecurity = 13, - WinStationUserToken = 14, - WinStationUnused1 = 15, - WinStationVideoData = 16, - WinStationInitialProgram = 17, - WinStationCd = 18, - WinStationSystemTrace = 19, - WinStationVirtualData = 20, - WinStationClientData = 21, - WinStationSecureDesktopEnter = 22, - WinStationSecureDesktopExit = 23, - WinStationLoadBalanceSessionTarget = 24, - WinStationLoadIndicator = 25, - WinStationShadowInfo = 26, - WinStationDigProductId = 27, - WinStationLockedState = 28, - WinStationRemoteAddress = 29, - WinStationIdleTime = 30, - WinStationLastReconnectType = 31, - WinStationDisallowAutoReconnect = 32, - WinStationMprNotifyInfo = 33, - WinStationExecSrvSystemPipe = 34, - WinStationSmartCardAutoLogon = 35, - WinStationIsAdminLoggedOn = 36, - WinStationReconnectedFromId = 37, - WinStationEffectsPolicy = 38, - WinStationType = 39, - WinStationInformationEx = 40, - WinStationValidationInfo = 41, -}} -STRUCT!{struct WINSTATIONCREATE { - Bitfields: ULONG, - MaxInstanceCount: ULONG, -}} -BITFIELD!{WINSTATIONCREATE Bitfields: ULONG [ - fEnableWinStation set_fEnableWinStation[0..1], -]} -pub type PWINSTATIONCREATE = *mut WINSTATIONCREATE; -STRUCT!{struct WINSTACONFIGWIRE { - Comment: [WCHAR; 61], - OEMId: [CHAR; 4], - UserConfig: VARDATA_WIRE, - NewFields: VARDATA_WIRE, -}} -pub type PWINSTACONFIGWIRE = *mut WINSTACONFIGWIRE; -ENUM!{enum CALLBACKCLASS { - Callback_Disable = 0, - Callback_Roving = 1, - Callback_Fixed = 2, -}} -ENUM!{enum SHADOWCLASS { - Shadow_Disable = 0, - Shadow_EnableInputNotify = 1, - Shadow_EnableInputNoNotify = 2, - Shadow_EnableNoInputNotify = 3, - Shadow_EnableNoInputNoNotify = 4, -}} -STRUCT!{struct USERCONFIG { - Bitfields: ULONG, - Bitfields2: ULONG, - UserName: [WCHAR; USERNAME_LENGTH + 1], - Domain: [WCHAR; DOMAIN_LENGTH + 1], - Password: [WCHAR; PASSWORD_LENGTH + 1], - WorkDirectory: [WCHAR; DIRECTORY_LENGTH + 1], - InitialProgram: [WCHAR; INITIALPROGRAM_LENGTH + 1], - CallbackNumber: [WCHAR; CALLBACK_LENGTH + 1], - Callback: CALLBACKCLASS, - Shadow: SHADOWCLASS, - MaxConnectionTime: ULONG, - MaxDisconnectionTime: ULONG, - MaxIdleTime: ULONG, - KeyboardLayout: ULONG, - MinEncryptionLevel: BYTE, - NWLogonServer: [WCHAR; NASIFILESERVER_LENGTH + 1], - PublishedName: [WCHAR; MAX_BR_NAME], - WFProfilePath: [WCHAR; DIRECTORY_LENGTH + 1], - WFHomeDir: [WCHAR; DIRECTORY_LENGTH + 1], - WFHomeDirDrive: [WCHAR; 4], -}} -BITFIELD!{USERCONFIG Bitfields: ULONG [ - fInheritAutoLogon set_fInheritAutoLogon[0..1], - fInheritResetBroken set_fInheritResetBroken[1..2], - fInheritReconnectSame set_fInheritReconnectSame[2..3], - fInheritInitialProgram set_fInheritInitialProgram[3..4], - fInheritCallback set_fInheritCallback[4..5], - fInheritCallbackNumber set_fInheritCallbackNumber[5..6], - fInheritShadow set_fInheritShadow[6..7], - fInheritMaxSessionTime set_fInheritMaxSessionTime[7..8], - fInheritMaxDisconnectionTime set_fInheritMaxDisconnectionTime[8..9], - fInheritMaxIdleTime set_fInheritMaxIdleTime[9..10], - fInheritAutoClient set_fInheritAutoClient[10..11], - fInheritSecurity set_fInheritSecurity[11..12], - fPromptForPassword set_fPromptForPassword[12..13], - fResetBroken set_fResetBroken[13..14], - fReconnectSame set_fReconnectSame[14..15], - fLogonDisabled set_fLogonDisabled[15..16], - fWallPaperDisabled set_fWallPaperDisabled[16..17], - fAutoClientDrives set_fAutoClientDrives[17..18], - fAutoClientLpts set_fAutoClientLpts[18..19], - fForceClientLptDef set_fForceClientLptDef[19..20], - fRequireEncryption set_fRequireEncryption[20..21], - fDisableEncryption set_fDisableEncryption[21..22], - fUnused1 set_fUnused1[22..23], - fHomeDirectoryMapRoot set_fHomeDirectoryMapRoot[23..24], - fUseDefaultGina set_fUseDefaultGina[24..25], - fCursorBlinkDisabled set_fCursorBlinkDisabled[25..26], - fPublishedApp set_fPublishedApp[26..27], - fHideTitleBar set_fHideTitleBar[27..28], - fMaximize set_fMaximize[28..29], - fDisableCpm set_fDisableCpm[29..30], - fDisableCdm set_fDisableCdm[30..31], - fDisableCcm set_fDisableCcm[31..32], -]} -BITFIELD!{USERCONFIG Bitfields2: ULONG [ - fDisableLPT set_fDisableLPT[0..1], - fDisableClip set_fDisableClip[1..2], - fDisableExe set_fDisableExe[2..3], - fDisableCam set_fDisableCam[3..4], - fDisableAutoReconnect set_fDisableAutoReconnect[4..5], - ColorDepth set_ColorDepth[5..6], - fInheritColorDepth set_fInheritColorDepth[6..7], - fErrorInvalidProfile set_fErrorInvalidProfile[7..8], - fPasswordIsScPin set_fPasswordIsScPin[8..9], - fDisablePNPRedir set_fDisablePNPRedir[9..10], -]} -pub type PUSERCONFIG = *mut USERCONFIG; -ENUM!{enum SDCLASS { - SdNone = 0, - SdConsole = 1, - SdNetwork = 2, - SdAsync = 3, - SdOemTransport = 4, -}} -pub type DEVICENAME = [WCHAR; DEVICENAME_LENGTH + 1]; -pub type MODEMNAME = [WCHAR; MODEMNAME_LENGTH + 1]; -pub type NASISPECIFICNAME = [WCHAR; NASISPECIFICNAME_LENGTH + 1]; -pub type NASIUSERNAME = [WCHAR; NASIUSERNAME_LENGTH + 1]; -pub type NASIPASSWORD = [WCHAR; NASIPASSWORD_LENGTH + 1]; -pub type NASISESIONNAME = [WCHAR; NASISESSIONNAME_LENGTH + 1]; -pub type NASIFILESERVER = [WCHAR; NASIFILESERVER_LENGTH + 1]; -pub type WDNAME = [WCHAR; WDNAME_LENGTH + 1]; -pub type WDPREFIX = [WCHAR; WDPREFIX_LENGTH + 1]; -pub type CDNAME = [WCHAR; CDNAME_LENGTH + 1]; -pub type DLLNAME = [WCHAR; DLLNAME_LENGTH + 1]; -pub type PDNAME = [WCHAR; PDNAME_LENGTH + 1]; -STRUCT!{struct NETWORKCONFIG { - LanAdapter: LONG, - NetworkName: DEVICENAME, - Flags: ULONG, -}} -pub type PNETWORKCONFIG = *mut NETWORKCONFIG; -ENUM!{enum FLOWCONTROLCLASS { - FlowControl_None = 0, - FlowControl_Hardware = 1, - FlowControl_Software = 2, -}} -ENUM!{enum RECEIVEFLOWCONTROLCLASS { - ReceiveFlowControl_None = 0, - ReceiveFlowControl_RTS = 1, - ReceiveFlowControl_DTR = 2, -}} -ENUM!{enum TRANSMITFLOWCONTROLCLASS { - TransmitFlowControl_None = 0, - TransmitFlowControl_CTS = 1, - TransmitFlowControl_DSR = 2, -}} -ENUM!{enum ASYNCCONNECTCLASS { - Connect_CTS = 0, - Connect_DSR = 1, - Connect_RI = 2, - Connect_DCD = 3, - Connect_FirstChar = 4, - Connect_Perm = 5, -}} -STRUCT!{struct FLOWCONTROLCONFIG { - Bitfields: ULONG, - XonChar: CHAR, - XoffChar: CHAR, - Type: FLOWCONTROLCLASS, - HardwareReceive: RECEIVEFLOWCONTROLCLASS, - HardwareTransmit: TRANSMITFLOWCONTROLCLASS, -}} -BITFIELD!{FLOWCONTROLCONFIG Bitfields: ULONG [ - fEnableSoftwareTx set_fEnableSoftwareTx[0..1], - fEnableSoftwareRx set_fEnableSoftwareRx[1..2], - fEnableDTR set_fEnableDTR[2..3], - fEnableRTS set_fEnableRTS[3..4], -]} -pub type PFLOWCONTROLCONFIG = *mut FLOWCONTROLCONFIG; -STRUCT!{struct CONNECTCONFIG { - Type: ASYNCCONNECTCLASS, - Bitfields: ULONG, -}} -BITFIELD!{CONNECTCONFIG Bitfields: ULONG [ - fEnableBreakDisconnect set_fEnableBreakDisconnect[0..1], -]} -pub type PCONNECTCONFIG = *mut CONNECTCONFIG; -STRUCT!{struct ASYNCCONFIG { - DeviceName: DEVICENAME, - ModemName: MODEMNAME, - BaudRate: ULONG, - Parity: ULONG, - StopBits: ULONG, - ByteSize: ULONG, - Bitfields: ULONG, - FlowControl: FLOWCONTROLCONFIG, - Connect: CONNECTCONFIG, -}} -BITFIELD!{ASYNCCONFIG Bitfields: ULONG [ - fEnableDsrSensitivity set_fEnableDsrSensitivity[0..1], - fConnectionDriver set_fConnectionDriver[1..2], -]} -pub type PASYNCCONFIG = *mut ASYNCCONFIG; -STRUCT!{struct NASICONFIG { - SpecificName: NASISPECIFICNAME, - UserName: NASIUSERNAME, - PassWord: NASIPASSWORD, - SessionName: NASISESIONNAME, - FileServer: NASIFILESERVER, - GlobalSession: BOOLEAN, -}} -pub type PNASICONFIG = *mut NASICONFIG; -STRUCT!{struct OEMTDCONFIG { - Adapter: LONG, - DeviceName: DEVICENAME, - Flags: ULONG, -}} -pub type POEMTDCONFIG = *mut OEMTDCONFIG; -UNION!{union PDPARAMS_u { - Network: NETWORKCONFIG, - Async: ASYNCCONFIG, - Nasi: NASICONFIG, - OemTd: OEMTDCONFIG, -}} -STRUCT!{struct PDPARAMS { - SdClass: SDCLASS, - u: PDPARAMS_u, -}} -pub type PPDPARAMS = *mut PDPARAMS; -STRUCT!{struct WDCONFIG { - WdName: WDNAME, - WdDLL: DLLNAME, - WsxDLL: DLLNAME, - WdFlag: ULONG, - WdInputBufferLength: ULONG, - CfgDLL: DLLNAME, - WdPrefix: WDPREFIX, -}} -pub type PWDCONFIG = *mut WDCONFIG; -STRUCT!{struct PDCONFIG2 { - PdName: PDNAME, - SdClass: SDCLASS, - PdDLL: DLLNAME, - PdFlag: ULONG, - OutBufLength: ULONG, - OutBufCount: ULONG, - OutBufDelay: ULONG, - InteractiveDelay: ULONG, - PortNumber: ULONG, - KeepAliveTimeout: ULONG, -}} -pub type PPDCONFIG2 = *mut PDCONFIG2; -STRUCT!{struct WINSTATIONCLIENT { - Bitfields: ULONG, - ClientName: [WCHAR; CLIENTNAME_LENGTH + 1], - Domain: [WCHAR; DOMAIN_LENGTH + 1], - UserName: [WCHAR; USERNAME_LENGTH + 1], - Password: [WCHAR; PASSWORD_LENGTH + 1], - WorkDirectory: [WCHAR; DIRECTORY_LENGTH + 1], - InitialProgram: [WCHAR; INITIALPROGRAM_LENGTH + 1], - SerialNumber: ULONG, - EncryptionLevel: BYTE, - ClientAddressFamily: ULONG, - ClientAddress: [WCHAR; CLIENTADDRESS_LENGTH + 1], - HRes: USHORT, - VRes: USHORT, - ColorDepth: USHORT, - ProtocolType: USHORT, - KeyboardLayout: ULONG, - KeyboardType: ULONG, - KeyboardSubType: ULONG, - KeyboardFunctionKey: ULONG, - ImeFileName: [WCHAR; IMEFILENAME_LENGTH + 1], - ClientDirectory: [WCHAR; DIRECTORY_LENGTH + 1], - ClientLicense: [WCHAR; CLIENTLICENSE_LENGTH + 1], - ClientModem: [WCHAR; CLIENTMODEM_LENGTH + 1], - ClientBuildNumber: ULONG, - ClientHardwareId: ULONG, - ClientProductId: USHORT, - OutBufCountHost: USHORT, - OutBufCountClient: USHORT, - OutBufLength: USHORT, - AudioDriverName: [WCHAR; 9], - ClientTimeZone: TS_TIME_ZONE_INFORMATION, - ClientSessionId: ULONG, - ClientDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH], - PerformanceFlags: ULONG, - ActiveInputLocale: ULONG, -}} -BITFIELD!{WINSTATIONCLIENT Bitfields: ULONG [ - fTextOnly set_fTextOnly[0..1], - fDisableCtrlAltDel set_fDisableCtrlAltDel[1..2], - fMouse set_fMouse[2..3], - fDoubleClickDetect set_fDoubleClickDetect[3..4], - fINetClient set_fINetClient[4..5], - fPromptForPassword set_fPromptForPassword[5..6], - fMaximizeShell set_fMaximizeShell[6..7], - fEnableWindowsKey set_fEnableWindowsKey[7..8], - fRemoteConsoleAudio set_fRemoteConsoleAudio[8..9], - fPasswordIsScPin set_fPasswordIsScPin[9..10], - fNoAudioPlayback set_fNoAudioPlayback[10..11], - fUsingSavedCreds set_fUsingSavedCreds[11..12], -]} -pub type PWINSTATIONCLIENT = *mut WINSTATIONCLIENT; -STRUCT!{struct TSHARE_COUNTERS { - Reserved: ULONG, -}} -pub type PTSHARE_COUNTERS = *mut TSHARE_COUNTERS; -UNION!{union PROTOCOLCOUNTERS_Specific { - TShareCounters: TSHARE_COUNTERS, - Reserved: [ULONG; 100], -}} -STRUCT!{struct PROTOCOLCOUNTERS { - WdBytes: ULONG, - WdFrames: ULONG, - WaitForOutBuf: ULONG, - Frames: ULONG, - Bytes: ULONG, - CompressedBytes: ULONG, - CompressFlushes: ULONG, - Errors: ULONG, - Timeouts: ULONG, - AsyncFramingError: ULONG, - AsyncOverrunError: ULONG, - AsyncOverflowError: ULONG, - AsyncParityError: ULONG, - TdErrors: ULONG, - ProtocolType: USHORT, - Length: USHORT, - Specific: PROTOCOLCOUNTERS_Specific, -}} -pub type PPROTOCOLCOUNTERS = *mut PROTOCOLCOUNTERS; -STRUCT!{struct THINWIRECACHE { - CacheReads: ULONG, - CacheHits: ULONG, -}} -pub type PTHINWIRECACHE = *mut THINWIRECACHE; -pub const MAX_THINWIRECACHE: usize = 4; -STRUCT!{struct RESERVED_CACHE { - ThinWireCache: [THINWIRECACHE; MAX_THINWIRECACHE], -}} -pub type PRESERVED_CACHE = *mut RESERVED_CACHE; -STRUCT!{struct TSHARE_CACHE { - Reserved: ULONG, -}} -pub type PTSHARE_CACHE = *mut TSHARE_CACHE; -UNION!{union CACHE_STATISTICS_Specific { - ReservedCacheStats: RESERVED_CACHE, - TShareCacheStats: TSHARE_CACHE, - Reserved: [ULONG; 20], -}} -STRUCT!{struct CACHE_STATISTICS { - ProtocolType: USHORT, - Length: USHORT, - Specific: CACHE_STATISTICS_Specific, -}} -pub type PCACHE_STATISTICS = *mut CACHE_STATISTICS; -STRUCT!{struct PROTOCOLSTATUS { - Output: PROTOCOLCOUNTERS, - Input: PROTOCOLCOUNTERS, - Cache: CACHE_STATISTICS, - AsyncSignal: ULONG, - AsyncSignalMask: ULONG, -}} -pub type PPROTOCOLSTATUS = *mut PROTOCOLSTATUS; -STRUCT!{struct WINSTATIONINFORMATION { - ConnectState: WINSTATIONSTATECLASS, - WinStationName: WINSTATIONNAME, - LogonId: ULONG, - ConnectTime: LARGE_INTEGER, - DisconnectTime: LARGE_INTEGER, - LastInputTime: LARGE_INTEGER, - LogonTime: LARGE_INTEGER, - Status: PROTOCOLSTATUS, - Domain: [WCHAR; DOMAIN_LENGTH + 1], - UserName: [WCHAR; USERNAME_LENGTH + 1], - CurrentTime: LARGE_INTEGER, -}} -pub type PWINSTATIONINFORMATION = *mut WINSTATIONINFORMATION; -STRUCT!{struct WINSTATIONUSERTOKEN { - ProcessId: HANDLE, - ThreadId: HANDLE, - UserToken: HANDLE, -}} -pub type PWINSTATIONUSERTOKEN = *mut WINSTATIONUSERTOKEN; -STRUCT!{struct WINSTATIONVIDEODATA { - HResolution: USHORT, - VResolution: USHORT, - fColorDepth: USHORT, -}} -pub type PWINSTATIONVIDEODATA = *mut WINSTATIONVIDEODATA; -ENUM!{enum CDCLASS { - CdNone = 0, - CdModem = 1, - CdClass_Maximum = 2, -}} -STRUCT!{struct CDCONFIG { - CdClass: CDCLASS, - CdName: CDNAME, - CdDLL: DLLNAME, - CdFlag: ULONG, -}} -pub type PCDCONFIG = *mut CDCONFIG; -pub type CLIENTDATANAME = [CHAR; CLIENTDATANAME_LENGTH + 1]; -pub type PCLIENTDATANAME = *mut CHAR; -STRUCT!{struct WINSTATIONCLIENTDATA { - DataName: CLIENTDATANAME, - fUnicodeData: BOOLEAN, -}} -pub type PWINSTATIONCLIENTDATA = *mut WINSTATIONCLIENTDATA; -ENUM!{enum LOADFACTORTYPE { - ErrorConstraint = 0, - PagedPoolConstraint = 1, - NonPagedPoolConstraint = 2, - AvailablePagesConstraint = 3, - SystemPtesConstraint = 4, - CPUConstraint = 5, -}} -STRUCT!{struct WINSTATIONLOADINDICATORDATA { - RemainingSessionCapacity: ULONG, - LoadFactor: LOADFACTORTYPE, - TotalSessions: ULONG, - DisconnectedSessions: ULONG, - IdleCPU: LARGE_INTEGER, - TotalCPU: LARGE_INTEGER, - RawSessionCapacity: ULONG, - reserved: [ULONG; 9], -}} -pub type PWINSTATIONLOADINDICATORDATA = *mut WINSTATIONLOADINDICATORDATA; -ENUM!{enum SHADOWSTATECLASS { - State_NoShadow = 0, - State_Shadowing = 1, - State_Shadowed = 2, -}} -STRUCT!{struct WINSTATIONSHADOW { - ShadowState: SHADOWSTATECLASS, - ShadowClass: SHADOWCLASS, - SessionId: ULONG, - ProtocolType: ULONG, -}} -pub type PWINSTATIONSHADOW = *mut WINSTATIONSHADOW; -STRUCT!{struct WINSTATIONPRODID { - DigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH], - ClientDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH], - OuterMostDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH], - CurrentSessionId: ULONG, - ClientSessionId: ULONG, - OuterMostSessionId: ULONG, -}} -pub type PWINSTATIONPRODID = *mut WINSTATIONPRODID; -STRUCT!{struct WINSTATIONREMOTEADDRESS_u_ipv4 { - sin_port: USHORT, - sin_addr: ULONG, - sin_zero: [UCHAR; 8], -}} -STRUCT!{struct WINSTATIONREMOTEADDRESS_u_ipv6 { - sin6_port: USHORT, - sin6_flowinfo: ULONG, - sin6_addr: [USHORT; 8], - sin6_scope_id: ULONG, -}} -UNION!{union WINSTATIONREMOTEADDRESS_u { - ipv4: WINSTATIONREMOTEADDRESS_u_ipv4, - ipv6: WINSTATIONREMOTEADDRESS_u_ipv6, -}} -STRUCT!{struct WINSTATIONREMOTEADDRESS { - sin_family: USHORT, - u: WINSTATIONREMOTEADDRESS_u, -}} -pub type PWINSTATIONREMOTEADDRESS = *mut WINSTATIONREMOTEADDRESS; -STRUCT!{struct WINSTATIONINFORMATIONEX_LEVEL1 { - SessionId: ULONG, - SessionState: WINSTATIONSTATECLASS, - SessionFlags: LONG, - WinStationName: WINSTATIONNAME, - UserName: [WCHAR; USERNAME_LENGTH + 1], - DomainName: [WCHAR; DOMAIN_LENGTH + 1], - LogonTime: LARGE_INTEGER, - ConnectTime: LARGE_INTEGER, - DisconnectTime: LARGE_INTEGER, - LastInputTime: LARGE_INTEGER, - CurrentTime: LARGE_INTEGER, - ProtocolStatus: PROTOCOLSTATUS, -}} -pub type PWINSTATIONINFORMATIONEX_LEVEL1 = *mut WINSTATIONINFORMATIONEX_LEVEL1; -STRUCT!{struct WINSTATIONINFORMATIONEX_LEVEL2 { - SessionId: ULONG, - SessionState: WINSTATIONSTATECLASS, - SessionFlags: LONG, - WinStationName: WINSTATIONNAME, - SamCompatibleUserName: [WCHAR; USERNAME_LENGTH + 1], - SamCompatibleDomainName: [WCHAR; DOMAIN_LENGTH + 1], - LogonTime: LARGE_INTEGER, - ConnectTime: LARGE_INTEGER, - DisconnectTime: LARGE_INTEGER, - LastInputTime: LARGE_INTEGER, - CurrentTime: LARGE_INTEGER, - ProtocolStatus: PROTOCOLSTATUS, - UserName: [WCHAR; 257], - DomainName: [WCHAR; 256], -}} -pub type PWINSTATIONINFORMATIONEX_LEVEL2 = *mut WINSTATIONINFORMATIONEX_LEVEL2; -UNION!{union WINSTATIONINFORMATIONEX_LEVEL { - WinStationInfoExLevel1: WINSTATIONINFORMATIONEX_LEVEL1, - WinStationInfoExLevel2: WINSTATIONINFORMATIONEX_LEVEL2, -}} -pub type PWINSTATIONINFORMATIONEX_LEVEL = *mut WINSTATIONINFORMATIONEX_LEVEL; -STRUCT!{struct WINSTATIONINFORMATIONEX { - Level: ULONG, - Data: WINSTATIONINFORMATIONEX_LEVEL, -}} -pub type PWINSTATIONINFORMATIONEX = *mut WINSTATIONINFORMATIONEX; -pub const TS_PROCESS_INFO_MAGIC_NT4: u32 = 0x23495452; -STRUCT!{struct TS_PROCESS_INFORMATION_NT4 { - MagicNumber: ULONG, - LogonId: ULONG, - ProcessSid: PVOID, - Pad: ULONG, -}} -pub type PTS_PROCESS_INFORMATION_NT4 = *mut TS_PROCESS_INFORMATION_NT4; -pub const SIZEOF_TS4_SYSTEM_THREAD_INFORMATION: u32 = 64; -pub const SIZEOF_TS4_SYSTEM_PROCESS_INFORMATION: u32 = 136; -STRUCT!{struct TS_SYS_PROCESS_INFORMATION { - NextEntryOffset: ULONG, - NumberOfThreads: ULONG, - SpareLi1: LARGE_INTEGER, - SpareLi2: LARGE_INTEGER, - SpareLi3: LARGE_INTEGER, - CreateTime: LARGE_INTEGER, - UserTime: LARGE_INTEGER, - KernelTime: LARGE_INTEGER, - ImageName: UNICODE_STRING, - BasePriority: LONG, - UniqueProcessId: ULONG, - InheritedFromUniqueProcessId: ULONG, - HandleCount: ULONG, - SessionId: ULONG, - SpareUl3: ULONG, - PeakVirtualSize: SIZE_T, - VirtualSize: SIZE_T, - PageFaultCount: ULONG, - PeakWorkingSetSize: ULONG, - WorkingSetSize: ULONG, - QuotaPeakPagedPoolUsage: SIZE_T, - QuotaPagedPoolUsage: SIZE_T, - QuotaPeakNonPagedPoolUsage: SIZE_T, - QuotaNonPagedPoolUsage: SIZE_T, - PagefileUsage: SIZE_T, - PeakPagefileUsage: SIZE_T, - PrivatePageCount: SIZE_T, -}} -pub type PTS_SYS_PROCESS_INFORMATION = *mut TS_SYS_PROCESS_INFORMATION; -STRUCT!{struct TS_ALL_PROCESSES_INFO { - pTsProcessInfo: PTS_SYS_PROCESS_INFORMATION, - SizeOfSid: ULONG, - pSid: PSID, -}} -pub type PTS_ALL_PROCESSES_INFO = *mut TS_ALL_PROCESSES_INFO; -STRUCT!{struct TS_COUNTER_HEADER { - dwCounterID: DWORD, - bResult: BOOLEAN, -}} -pub type PTS_COUNTER_HEADER = *mut TS_COUNTER_HEADER; -STRUCT!{struct TS_COUNTER { - CounterHead: TS_COUNTER_HEADER, - dwValue: DWORD, - StartTime: LARGE_INTEGER, -}} -pub type PTS_COUNTER = *mut TS_COUNTER; -pub const WSD_LOGOFF: ULONG = 0x1; -pub const WSD_SHUTDOWN: ULONG = 0x2; -pub const WSD_REBOOT: ULONG = 0x4; -pub const WSD_POWEROFF: ULONG = 0x8; -pub const WEVENT_NONE: ULONG = 0x0; -pub const WEVENT_CREATE: ULONG = 0x1; -pub const WEVENT_DELETE: ULONG = 0x2; -pub const WEVENT_RENAME: ULONG = 0x4; -pub const WEVENT_CONNECT: ULONG = 0x8; -pub const WEVENT_DISCONNECT: ULONG = 0x10; -pub const WEVENT_LOGON: ULONG = 0x20; -pub const WEVENT_LOGOFF: ULONG = 0x40; -pub const WEVENT_STATECHANGE: ULONG = 0x80; -pub const WEVENT_LICENSE: ULONG = 0x100; -pub const WEVENT_ALL: ULONG = 0x7fffffff; -pub const WEVENT_FLUSH: ULONG = 0x80000000; -pub const KBDSHIFT: USHORT = 0x1; -pub const KBDCTRL: USHORT = 0x2; -pub const KBDALT: USHORT = 0x4; -pub const WNOTIFY_ALL_SESSIONS: ULONG = 0x1; -pub const LOGONID_CURRENT: i32 = -1; -pub const SERVERNAME_CURRENT: PWSTR = null_mut(); -EXTERN!{extern "system" { - fn WinStationFreeMemory( - Buffer: PVOID, - ) -> BOOLEAN; - fn WinStationOpenServerW( - ServerName: PWSTR, - ) -> HANDLE; - fn WinStationCloseServer( - ServerHandle: HANDLE, - ) -> BOOLEAN; - fn WinStationServerPing( - ServerHandle: HANDLE, - ) -> BOOLEAN; - fn WinStationGetTermSrvCountersValue( - ServerHandle: HANDLE, - Count: ULONG, - Counters: PTS_COUNTER, - ) -> BOOLEAN; - fn WinStationShutdownSystem( - ServerHandle: HANDLE, - ShutdownFlags: ULONG, - ) -> BOOLEAN; - fn WinStationWaitSystemEvent( - ServerHandle: HANDLE, - EventMask: ULONG, - EventFlags: PULONG, - ) -> BOOLEAN; - fn WinStationRegisterConsoleNotification( - ServerHandle: HANDLE, - WindowHandle: HWND, - Flags: ULONG, - ) -> BOOLEAN; - fn WinStationUnRegisterConsoleNotification( - ServerHandle: HANDLE, - WindowHandle: HWND, - ) -> BOOLEAN; - fn WinStationEnumerateW( - ServerHandle: HANDLE, - SessionIds: *mut PSESSIONIDW, - Count: PULONG, - ) -> BOOLEAN; - fn WinStationQueryInformationW( - ServerHandle: HANDLE, - SessionId: ULONG, - WinStationInformationClass: WINSTATIONINFOCLASS, - pWinStationInformation: PVOID, - WinStationInformationLength: ULONG, - pReturnLength: PULONG, - ) -> BOOLEAN; - fn WinStationSetInformationW( - ServerHandle: HANDLE, - SessionId: ULONG, - WinStationInformationClass: WINSTATIONINFOCLASS, - pWinStationInformation: PVOID, - WinStationInformationLength: ULONG, - ) -> BOOLEAN; - fn WinStationNameFromLogonIdW( - ServerHandle: HANDLE, - SessionId: ULONG, - pWinStationName: PWSTR, - ) -> BOOLEAN; - fn WinStationSendMessageW( - ServerHandle: HANDLE, - SessionId: ULONG, - Title: PWSTR, - TitleLength: ULONG, - Message: PWSTR, - MessageLength: ULONG, - Style: ULONG, - Timeout: ULONG, - Response: PULONG, - DoNotWait: BOOLEAN, - ) -> BOOLEAN; - fn WinStationConnectW( - ServerHandle: HANDLE, - SessionId: ULONG, - TargetSessionId: ULONG, - pPassword: PWSTR, - bWait: BOOLEAN, - ) -> BOOLEAN; - fn WinStationDisconnect( - ServerHandle: HANDLE, - SessionId: ULONG, - bWait: BOOLEAN, - ) -> BOOLEAN; - fn WinStationReset( - ServerHandle: HANDLE, - SessionId: ULONG, - bWait: BOOLEAN, - ) -> BOOLEAN; - fn WinStationShadow( - ServerHandle: HANDLE, - TargetServerName: PWSTR, - TargetSessionId: ULONG, - HotKeyVk: UCHAR, - HotkeyModifiers: USHORT, - ) -> BOOLEAN; - fn WinStationShadowStop( - ServerHandle: HANDLE, - SessionId: ULONG, - bWait: BOOLEAN, - ) -> BOOLEAN; - fn WinStationEnumerateProcesses( - ServerHandle: HANDLE, - Processes: *mut PVOID, - ) -> BOOLEAN; - fn WinStationGetAllProcesses( - ServerHandle: HANDLE, - Level: ULONG, - NumberOfProcesses: PULONG, - Processes: *mut PTS_ALL_PROCESSES_INFO, - ) -> BOOLEAN; - fn WinStationFreeGAPMemory( - Level: ULONG, - Processes: PTS_ALL_PROCESSES_INFO, - NumberOfProcesses: ULONG, - ) -> BOOLEAN; - fn WinStationTerminateProcess( - ServerHandle: HANDLE, - ProcessId: ULONG, - ExitCode: ULONG, - ) -> BOOLEAN; - fn WinStationGetProcessSid( - ServerHandle: HANDLE, - ProcessId: ULONG, - ProcessStartTime: FILETIME, - pProcessUserSid: PVOID, - dwSidSize: PULONG, - ) -> BOOLEAN; - fn WinStationSwitchToServicesSession() -> BOOLEAN; - fn WinStationRevertFromServicesSession() -> BOOLEAN; - fn _WinStationWaitForConnect() -> BOOLEAN; -}} |