summaryrefslogtreecommitdiffstats
path: root/vendor/ntapi
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 12:02:58 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 12:02:58 +0000
commit698f8c2f01ea549d77d7dc3338a12e04c11057b9 (patch)
tree173a775858bd501c378080a10dca74132f05bc50 /vendor/ntapi
parentInitial commit. (diff)
downloadrustc-698f8c2f01ea549d77d7dc3338a12e04c11057b9.tar.xz
rustc-698f8c2f01ea549d77d7dc3338a12e04c11057b9.zip
Adding upstream version 1.64.0+dfsg1.upstream/1.64.0+dfsg1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'vendor/ntapi')
-rw-r--r--vendor/ntapi/.cargo-checksum.json1
-rw-r--r--vendor/ntapi/Cargo.toml40
-rw-r--r--vendor/ntapi/LICENSE-APACHE202
-rw-r--r--vendor/ntapi/LICENSE-MIT17
-rw-r--r--vendor/ntapi/README.md17
-rw-r--r--vendor/ntapi/build.rs15
-rw-r--r--vendor/ntapi/src/lib.rs70
-rw-r--r--vendor/ntapi/src/macros.rs112
-rw-r--r--vendor/ntapi/src/ntapi_base.rs40
-rw-r--r--vendor/ntapi/src/ntdbg.rs239
-rw-r--r--vendor/ntapi/src/ntexapi.rs2998
-rw-r--r--vendor/ntapi/src/ntgdi.rs123
-rw-r--r--vendor/ntapi/src/ntioapi.rs1464
-rw-r--r--vendor/ntapi/src/ntkeapi.rs121
-rw-r--r--vendor/ntapi/src/ntldr.rs661
-rw-r--r--vendor/ntapi/src/ntlpcapi.rs692
-rw-r--r--vendor/ntapi/src/ntmisc.rs42
-rw-r--r--vendor/ntapi/src/ntmmapi.rs630
-rw-r--r--vendor/ntapi/src/ntnls.rs29
-rw-r--r--vendor/ntapi/src/ntobapi.rs226
-rw-r--r--vendor/ntapi/src/ntpebteb.rs431
-rw-r--r--vendor/ntapi/src/ntpfapi.rs219
-rw-r--r--vendor/ntapi/src/ntpnpapi.rs118
-rw-r--r--vendor/ntapi/src/ntpoapi.rs134
-rw-r--r--vendor/ntapi/src/ntpsapi.rs1471
-rw-r--r--vendor/ntapi/src/ntregapi.rs450
-rw-r--r--vendor/ntapi/src/ntrtl.rs4378
-rw-r--r--vendor/ntapi/src/ntsam.rs1077
-rw-r--r--vendor/ntapi/src/ntseapi.rs439
-rw-r--r--vendor/ntapi/src/ntsmss.rs15
-rw-r--r--vendor/ntapi/src/nttmapi.rs239
-rw-r--r--vendor/ntapi/src/nttp.rs207
-rw-r--r--vendor/ntapi/src/ntwow64.rs476
-rw-r--r--vendor/ntapi/src/ntxcapi.rs29
-rw-r--r--vendor/ntapi/src/ntzwapi.rs2699
-rw-r--r--vendor/ntapi/src/string.rs58
-rw-r--r--vendor/ntapi/src/subprocesstag.rs77
-rw-r--r--vendor/ntapi/src/winapi_local.rs1
-rw-r--r--vendor/ntapi/src/winapi_local/um.rs2
-rw-r--r--vendor/ntapi/src/winapi_local/um/winioctl.rs4
-rw-r--r--vendor/ntapi/src/winapi_local/um/winnt.rs86
-rw-r--r--vendor/ntapi/src/winsta.rs848
42 files changed, 21197 insertions, 0 deletions
diff --git a/vendor/ntapi/.cargo-checksum.json b/vendor/ntapi/.cargo-checksum.json
new file mode 100644
index 000000000..8a9d4be0f
--- /dev/null
+++ b/vendor/ntapi/.cargo-checksum.json
@@ -0,0 +1 @@
+{"files":{"Cargo.toml":"766a317c4703d827a8405fca763dcc4aab451c7424b666bfccd39caad3341c85","LICENSE-APACHE":"cf90d659de5c1e6418267ab8043b756e65508ee5d8d50b29eb2d2fe444c2c3eb","LICENSE-MIT":"11a7964ccc0dd115d16720ab1d826c5d03e52838748ffaba3d21bae8bcacd82a","README.md":"3be48f39b5fea8f1091aeef02338ef2c0ca7321750ec043bee9ab3c7ac990e54","build.rs":"13a274ea4cb1886872626b8a98269e9bf2e1f93cb1068fc8c797e421746cac7e","src/lib.rs":"5bd23124340783c9d7ba365b85dd7b78efe7345ccfa6a734ecb4a13604f423c9","src/macros.rs":"b0a852ebea2e1aed3e7d70eeadc8356778b064d2eca6e796598e9ab37ac54175","src/ntapi_base.rs":"b2edefaf68709c32f7fb4377ea21457afd3c7546ba59596f9f25bbaeb220f4d4","src/ntdbg.rs":"f891d4b26ef9d6c68ca098ab70bb4b1dd4d7e1d05e0f65c32bc6cb1151528f91","src/ntexapi.rs":"9dc7765b30daddc21068b7ca7a2c07f96b97e2f80f81ef631f8cc8b979a4c8c9","src/ntgdi.rs":"9fa6610566d77e95294432957f8cb8564cef3bb09d2d8d0adcf23047fa3a5221","src/ntioapi.rs":"577f3c3d83a95a965fff62efbdaa01769e9b3cf713f0d296a948f34cdfddcedc","src/ntkeapi.rs":"1ede6613c94303e6087e30e64ee1f1623eada9d088ce50992904e1812b263923","src/ntldr.rs":"c9be16003da83f82599a419995fbf4f15e047f24166f700dd4b08c0e58adb5a8","src/ntlpcapi.rs":"da5070b1c1adad34091aedd01d2b888daa4dc9446fdcd69668565e6eeb2db11f","src/ntmisc.rs":"4904e383065828b86013ebd3b85d45b384b522899954ac89c561963061acc962","src/ntmmapi.rs":"3a371e9edb7df91d1242f9dae92bf6d295c9b6c3ca65846c8d1ebbba55bdf7ee","src/ntnls.rs":"ef90b985da124d2f4c4b8cb0addab766a0928843b4afa4bce40b3a9fcddaf163","src/ntobapi.rs":"3071d8bc73e40d92d769e4093744820c0a5e116ecf4a94676ca3cdc008adfd8e","src/ntpebteb.rs":"94a9fbc1b3c48fa368f1b602fa205d41d3201e4d8c638c0898402eb3ebb5b72a","src/ntpfapi.rs":"37270db61f2562cd5481302c2a5a64be186b8c7126eacfe12b6c66e9bec4bf61","src/ntpnpapi.rs":"cfcaa3dd6110f25a48c51c011bb8369e83e3817e142afb412e40d6e4b868a036","src/ntpoapi.rs":"a535206a89cd42f81e3b931e5802f8b3343fd35387e9f3fedd9b042a78853f34","src/ntpsapi.rs":"5f4b3d176bbbbe6aee3d38a905990911732dbf08569c1fe4e273b38e46d63d49","src/ntregapi.rs":"a6f5a830b48e88fd0a4824036fffda2d2d80d1cad07baf37607121142f2c4777","src/ntrtl.rs":"9ac601ec4425cde859e7fda902a77fe2ff6612fb13c28168e83fe528ec78d64a","src/ntsam.rs":"dc59cfa944c27cf02b782fdbf110de4757ca6ae77806820a64a17742670242b4","src/ntseapi.rs":"c87688e028aa05513e361bb72288ef3af2f3dfe8e923745a84409d8fdeee57fd","src/ntsmss.rs":"6ac1f029b56a2a8856569c3acbedd7c560d2ccfac030aa2f2178f52d9312cdc5","src/nttmapi.rs":"7092c8b35aae642572c333b0fef1fe4a32f5a9c563249b585766317051670db5","src/nttp.rs":"47be534d36af7d6a715c87ef646824162bd3eb47f86a85ed8357c987c1a4fcdd","src/ntwow64.rs":"725baf7b32d24c0800abf730b58335e682332b821636ca699c40e80ba7148f94","src/ntxcapi.rs":"54fcadd43a0e146ade8ebdd750b09872d0e8f7a1295a9646910529048d5f6dca","src/ntzwapi.rs":"012932586fdbcac8eff57d90ce640e10d20e150dc7702100d1ea46f6f261f868","src/string.rs":"ac0e73f37384e03f14d9dc47fcfb3620a4157e122481f30c82b16fb21ab86a40","src/subprocesstag.rs":"4c85e44c91521cb20e5c6624b0cf4b27ca6ac7c3e560854ad34e0e66fb809971","src/winapi_local.rs":"2003099deec5e7039e5d2dd0aa6a43120816f67e94f4d9909c7f6689b62747e4","src/winapi_local/um.rs":"48859dfb53520bdd569c052ac26d06de2d16c57403ffbe4febbc1e1f25847f45","src/winapi_local/um/winioctl.rs":"00020fcda499ce558edfa4d684f5b4e198cbcfa5b3b8e9b62a122c0aca46514f","src/winapi_local/um/winnt.rs":"fc1a3ba99e305ec752528a00ceb02457fe73f4a7875370fe2ffaaaa5336ebfbf","src/winsta.rs":"c5a28c5c55f08745b2b100a5a374af821cf173b053eb8ee54ae19a85455d3fac"},"package":"c28774a7fd2fbb4f0babd8237ce554b73af68021b5f695a3cebd6c59bac0980f"} \ No newline at end of file
diff --git a/vendor/ntapi/Cargo.toml b/vendor/ntapi/Cargo.toml
new file mode 100644
index 000000000..35516ff80
--- /dev/null
+++ b/vendor/ntapi/Cargo.toml
@@ -0,0 +1,40 @@
+# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO
+#
+# When uploading crates to the registry Cargo will automatically
+# "normalize" Cargo.toml files for maximal compatibility
+# with all versions of Cargo and also rewrite `path` dependencies
+# to registry (e.g., crates.io) dependencies.
+#
+# If you are reading this file be aware that the original Cargo.toml
+# will likely look very different (and much more reasonable).
+# See Cargo.toml.orig for the original contents.
+
+[package]
+edition = "2018"
+name = "ntapi"
+version = "0.3.7"
+authors = ["MSxDOS <melcodos@gmail.com>"]
+include = ["src/**/*", "Cargo.toml", "build.rs", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
+description = "FFI bindings for Native API"
+documentation = "https://docs.rs/ntapi/*/x86_64-pc-windows-msvc/ntapi/"
+readme = "README.md"
+keywords = ["windows", "ffi", "ntapi", "native", "win32"]
+categories = ["external-ffi-bindings", "no-std", "os::windows-apis"]
+license = "Apache-2.0 OR MIT"
+repository = "https://github.com/MSxDOS/ntapi"
+[package.metadata.docs.rs]
+default-target = "x86_64-pc-windows-msvc"
+features = ["beta"]
+targets = ["aarch64-pc-windows-msvc", "i686-pc-windows-msvc", "x86_64-pc-windows-msvc"]
+[dependencies.winapi]
+version = "0.3.9"
+features = ["cfg", "evntrace", "in6addr", "inaddr", "minwinbase", "ntsecapi", "windef", "winioctl"]
+
+[features]
+beta = []
+default = ["user"]
+func-types = []
+impl-default = ["winapi/impl-default"]
+kernel = []
+nightly = ["beta"]
+user = []
diff --git a/vendor/ntapi/LICENSE-APACHE b/vendor/ntapi/LICENSE-APACHE
new file mode 100644
index 000000000..e72929ee9
--- /dev/null
+++ b/vendor/ntapi/LICENSE-APACHE
@@ -0,0 +1,202 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ \ No newline at end of file
diff --git a/vendor/ntapi/LICENSE-MIT b/vendor/ntapi/LICENSE-MIT
new file mode 100644
index 000000000..0235c6ac8
--- /dev/null
+++ b/vendor/ntapi/LICENSE-MIT
@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"),to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/ntapi/README.md b/vendor/ntapi/README.md
new file mode 100644
index 000000000..d438de3e2
--- /dev/null
+++ b/vendor/ntapi/README.md
@@ -0,0 +1,17 @@
+# ntapi [![AppVeyor][appveyor_badge]][appveyor_link] [![Crates.io][crates_badge]][crates_link] [![Documentation][docs_badge]][docs_link] [![Lines of Code][loc_badge]][loc_link] [![Unsafe][unsafe_badge]][unsafe_link]
+
+Rust FFI bindings for Native API. Mostly based on Process Hacker [phnt](https://github.com/processhacker/processhacker/tree/master/phnt) headers as the most complete source of bindings to be found. The comments there also contain useful information on how to use specific things.
+
+### Minimum supported Rust
+Always the latest stable. Some [features][docs_link] require a beta compiler.
+
+[appveyor_link]: https://ci.appveyor.com/project/MSxDOS/ntapi
+[appveyor_badge]: https://ci.appveyor.com/api/projects/status/i1fcmm0c5b7c6b6u/branch/master?svg=true
+[crates_link]: https://crates.io/crates/ntapi
+[crates_badge]: https://img.shields.io/crates/v/ntapi.svg
+[docs_link]: https://docs.rs/ntapi/*/x86_64-pc-windows-msvc/ntapi/
+[docs_badge]: https://docs.rs/ntapi/badge.svg
+[loc_link]: https://github.com/Aaronepower/tokei
+[loc_badge]: https://tokei.rs/b1/github/MSxDOS/ntapi
+[unsafe_link]: https://doc.rust-lang.org/book/ch19-01-unsafe-rust.html
+[unsafe_badge]: https://img.shields.io/badge/unsafe-%E2%9C%94-C901DD.svg
diff --git a/vendor/ntapi/build.rs b/vendor/ntapi/build.rs
new file mode 100644
index 000000000..bbd46f595
--- /dev/null
+++ b/vendor/ntapi/build.rs
@@ -0,0 +1,15 @@
+use std::env::var;
+
+fn main() {
+ #[cfg(feature = "user")] {
+ if var("TARGET").map(
+ |t| t == "x86_64-pc-windows-gnu" || t == "i686-pc-windows-gnu"
+ ).unwrap_or(false) {
+ if var("WINAPI_NO_BUNDLED_LIBRARIES").is_ok() {
+ println!("cargo:rustc-link-lib=ntdll");
+ } else {
+ println!("cargo:rustc-link-lib=winapi_ntdll");
+ }
+ }
+ }
+}
diff --git a/vendor/ntapi/src/lib.rs b/vendor/ntapi/src/lib.rs
new file mode 100644
index 000000000..6b06b6c57
--- /dev/null
+++ b/vendor/ntapi/src/lib.rs
@@ -0,0 +1,70 @@
+//! # Features
+//! **`func-types`** -- Generate [types][fn_ptr] for external functions.<br/>
+//! **`impl-default`** -- Implement [`Default`] for structs and unions.<br/>
+//! **`user`** *(default)* -- Link to `ntdll`.<br/>
+//! **`kernel`** -- Link to `ntoskrnl` on MSVC targets.<br/>
+//! **`beta`** -- Unlock unstable features that require a beta compiler:
+//! - [`NtCurrentTeb`]
+//! - [`__readfsdword`]
+//! - [`__readgsqword`]
+//! - [`_bittest64`]
+//! - [`NtCurrentPeb`]
+//! - [`NtCurrentProcessId`]
+//! - [`NtCurrentThreadId`]
+//! - [`RtlProcessHeap`]
+//! - [`RtlCheckBit`] implementation using [`_bittest64`] on x86_64.
+//!
+//! [`NtCurrentTeb`]: winapi_local/um/winnt/fn.NtCurrentTeb.html
+//! [`__readfsdword`]: winapi_local/um/winnt/fn.__readfsdword.html
+//! [`__readgsqword`]: winapi_local/um/winnt/fn.__readgsqword.html
+//! [`_bittest64`]: winapi_local/um/winnt/fn._bittest64.html
+//! [`NtCurrentPeb`]: ntpsapi/fn.NtCurrentPeb.html
+//! [`NtCurrentProcessId`]: ntpsapi/fn.NtCurrentProcessId.html
+//! [`NtCurrentThreadId`]: ntpsapi/fn.NtCurrentThreadId.html
+//! [`RtlProcessHeap`]: ntrtl/fn.RtlProcessHeap.html
+//! [`RtlCheckBit`]: ntrtl/fn.RtlCheckBit.html
+//! [fn_ptr]: https://doc.rust-lang.org/reference/types.html#function-pointer-types
+//! [`Default`]: https://doc.rust-lang.org/std/default/trait.Default.html#tymethod.default
+#![cfg(all(windows, any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64")))]
+#![no_std]
+#![deny(unused, unused_qualifications)]
+#![warn(unused_attributes)]
+#![allow(bad_style, deprecated, overflowing_literals, unused_macros, clippy::cast_lossless, clippy::cast_ptr_alignment, clippy::len_without_is_empty, clippy::trivially_copy_pass_by_ref, clippy::unreadable_literal)]
+#[doc(hidden)]
+pub extern crate core as _core;
+#[macro_use]
+#[doc(hidden)]
+pub extern crate winapi;
+#[macro_use]
+mod macros;
+pub mod ntapi_base;
+pub mod ntdbg;
+pub mod ntexapi;
+pub mod ntgdi;
+pub mod ntioapi;
+pub mod ntkeapi;
+pub mod ntldr;
+pub mod ntlpcapi;
+pub mod ntmisc;
+pub mod ntmmapi;
+pub mod ntnls;
+pub mod ntobapi;
+pub mod ntpebteb;
+pub mod ntpfapi;
+pub mod ntpnpapi;
+pub mod ntpoapi;
+pub mod ntpsapi;
+pub mod ntregapi;
+pub mod ntrtl;
+pub mod ntsam;
+pub mod ntseapi;
+pub mod ntsmss;
+pub mod nttmapi;
+pub mod nttp;
+pub mod ntwow64;
+pub mod ntxcapi;
+pub mod ntzwapi;
+pub mod string;
+pub mod subprocesstag;
+pub mod winapi_local;
+pub mod winsta;
diff --git a/vendor/ntapi/src/macros.rs b/vendor/ntapi/src/macros.rs
new file mode 100644
index 000000000..92cdd9678
--- /dev/null
+++ b/vendor/ntapi/src/macros.rs
@@ -0,0 +1,112 @@
+#[macro_export]
+macro_rules! EXTERN {
+ (extern $c:tt {$(
+ fn $n:ident ($( $p:tt $(: $t:ty)?),* $(,)?) $(-> $r:ty)?;
+ )+}) => {
+ #[cfg_attr(all(target_env = "msvc", feature = "user"), link(name = "ntdll"))]
+ #[cfg_attr(all(target_env = "msvc", feature = "kernel"), link(name = "ntoskrnl"))]
+ extern $c {$(
+ pub fn $n(
+ $($p $(: $t)?),*
+ ) $(-> $r)?;
+ )+}
+ $(
+ #[cfg(feature = "func-types")]
+ pub type $n = unsafe extern $c fn($($p $(: $t)?),*) $(-> $r)?;
+ )+
+ };
+ (extern $c:tt {$(
+ static mut $n:ident : $t:ty;
+ )+}) => {
+ #[cfg_attr(all(target_env = "msvc", feature = "user"), link(name = "ntdll"))]
+ extern $c {$(
+ pub static mut $n: $t;
+ )+}
+ };
+}
+#[macro_export]
+#[doc(hidden)]
+macro_rules! FIELD_OFFSET {
+ ($_type:ty, $field:ident$(.$cfields:ident)*) => {
+ unsafe {
+ union Transmuter<T: 'static> {
+ p: *const T,
+ r: &'static T,
+ i: usize,
+ }
+ #[allow(unaligned_references)]
+ Transmuter {
+ r: &(&Transmuter {
+ p: $crate::_core::ptr::null::<$_type>()
+ }.r).$field$(.$cfields)*
+ }.i
+ }
+ };
+}
+macro_rules! BITFIELD {
+ ($base:ident $field:ident: $fieldtype:ty [
+ $($thing:ident $set_thing:ident[$r:expr],)+
+ ]) => {
+ impl $base {$(
+ #[inline]
+ pub const fn $thing(&self) -> $fieldtype {
+ const SIZE: usize = $crate::_core::mem::size_of::<$fieldtype>() * 8;
+ self.$field << (SIZE - $r.end) >> (SIZE - $r.end + $r.start)
+ }
+ #[inline]
+ pub fn $set_thing(&mut self, val: $fieldtype) {
+ const MASK: $fieldtype = ((1 << ($r.end - $r.start)) - 1) << $r.start;
+ self.$field &= !MASK;
+ self.$field |= (val << $r.start) & MASK;
+ }
+ )+}
+ };
+ (unsafe $base:ident $field:ident: $fieldtype:ty [
+ $($thing:ident $set_thing:ident[$r:expr],)+
+ ]) => {
+ impl $base {$(
+ #[inline]
+ pub unsafe fn $thing(&self) -> $fieldtype {
+ const SIZE: usize = $crate::_core::mem::size_of::<$fieldtype>() * 8;
+ self.$field << (SIZE - $r.end) >> (SIZE - $r.end + $r.start)
+ }
+ #[inline]
+ pub unsafe fn $set_thing(&mut self, val: $fieldtype) {
+ const MASK: $fieldtype = ((1 << ($r.end - $r.start)) - 1) << $r.start;
+ self.$field &= !MASK;
+ self.$field |= (val << $r.start) & MASK;
+ }
+ )+}
+ };
+}
+macro_rules! UNION {
+ ($(#[$attrs:meta])* union $name:ident {
+ $($variant:ident: $ftype:ty,)+
+ }) => (
+ #[repr(C)] $(#[$attrs])*
+ pub union $name {
+ $(pub $variant: $ftype,)+
+ }
+ impl Copy for $name {}
+ impl Clone for $name {
+ #[inline]
+ fn clone(&self) -> $name { *self }
+ }
+ #[cfg(feature = "impl-default")]
+ impl Default for $name {
+ #[inline]
+ fn default() -> $name { unsafe { $crate::_core::mem::zeroed() } }
+ }
+ );
+}
+macro_rules! FN {
+ (stdcall $func:ident($($p:ident: $t:ty,)*) -> $ret:ty) => (
+ pub type $func = Option<unsafe extern "system" fn($($p: $t,)*) -> $ret>;
+ );
+ (cdecl $func:ident($($p:ident: $t:ty,)*) -> $ret:ty) => (
+ pub type $func = Option<unsafe extern "C" fn($($p: $t,)*) -> $ret>;
+ );
+}
+macro_rules! IFDEF {
+ ($($thing:item)*) => ($($thing)*)
+}
diff --git a/vendor/ntapi/src/ntapi_base.rs b/vendor/ntapi/src/ntapi_base.rs
new file mode 100644
index 000000000..aa341af0b
--- /dev/null
+++ b/vendor/ntapi/src/ntapi_base.rs
@@ -0,0 +1,40 @@
+use winapi::shared::ntdef::{HANDLE, LONG, NTSTATUS, ULONG, ULONGLONG, USHORT};
+use winapi::shared::ntstatus::FACILITY_NTWIN32;
+pub type KPRIORITY = LONG;
+pub type RTL_ATOM = USHORT;
+pub type PRTL_ATOM = *mut RTL_ATOM;
+pub const NT_FACILITY_MASK: ULONG = 0xfff;
+pub const NT_FACILITY_SHIFT: ULONG = 16;
+#[inline]
+pub const fn NT_FACILITY(Status: NTSTATUS) -> ULONG {
+ (Status as u32) >> NT_FACILITY_SHIFT & NT_FACILITY_MASK
+}
+#[inline]
+pub const fn NT_NTWIN32(Status: NTSTATUS) -> bool {
+ NT_FACILITY(Status) == FACILITY_NTWIN32 as u32
+}
+#[inline]
+pub const fn WIN32_FROM_NTSTATUS(Status: NTSTATUS) -> ULONG {
+ (Status as u32) & 0xffff
+}
+STRUCT!{struct CLIENT_ID {
+ UniqueProcess: HANDLE,
+ UniqueThread: HANDLE,
+}}
+pub type PCLIENT_ID = *mut CLIENT_ID;
+STRUCT!{struct CLIENT_ID32 {
+ UniqueProcess: ULONG,
+ UniqueThread: ULONG,
+}}
+pub type PCLIENT_ID32 = *mut CLIENT_ID32;
+STRUCT!{struct CLIENT_ID64 {
+ UniqueProcess: ULONGLONG,
+ UniqueThread: ULONGLONG,
+}}
+pub type PCLIENT_ID64 = *mut CLIENT_ID64;
+STRUCT!{struct KSYSTEM_TIME {
+ LowPart: ULONG,
+ High1Time: LONG,
+ High2Time: LONG,
+}}
+pub type PKSYSTEM_TIME = *mut KSYSTEM_TIME;
diff --git a/vendor/ntapi/src/ntdbg.rs b/vendor/ntapi/src/ntdbg.rs
new file mode 100644
index 000000000..991e8f9da
--- /dev/null
+++ b/vendor/ntapi/src/ntdbg.rs
@@ -0,0 +1,239 @@
+use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID};
+use winapi::shared::evntprov::EVENT_FILTER_DESCRIPTOR;
+use winapi::shared::guiddef::LPCGUID;
+use winapi::shared::ntdef::{
+ BOOLEAN, HANDLE, NTSTATUS, PCCH, PCH, PCSTR, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES,
+ PULONG, PVOID, UCHAR, ULONG, ULONGLONG,
+};
+use winapi::um::minwinbase::LPDEBUG_EVENT;
+use winapi::um::winnt::{ACCESS_MASK, EXCEPTION_RECORD, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE};
+use winapi::vc::vadefs::va_list;
+EXTERN!{extern "system" {
+ fn DbgUserBreakPoint();
+ fn DbgBreakPoint();
+ fn DbgBreakPointWithStatus(
+ Status: ULONG,
+ );
+}}
+pub const DBG_STATUS_CONTROL_C: u32 = 1;
+pub const DBG_STATUS_SYSRQ: u32 = 2;
+pub const DBG_STATUS_BUGCHECK_FIRST: u32 = 3;
+pub const DBG_STATUS_BUGCHECK_SECOND: u32 = 4;
+pub const DBG_STATUS_FATAL: u32 = 5;
+pub const DBG_STATUS_DEBUG_CONTROL: u32 = 6;
+pub const DBG_STATUS_WORKER: u32 = 7;
+EXTERN!{extern "C" {
+ fn DbgPrint(
+ Format: PCSTR,
+ ...
+ ) -> ULONG;
+ fn DbgPrintEx(
+ ComponentId: ULONG,
+ Level: ULONG,
+ Format: PCSTR,
+ ...
+ ) -> ULONG;
+}}
+EXTERN!{extern "system" {
+ fn vDbgPrintEx(
+ ComponentId: ULONG,
+ Level: ULONG,
+ Format: PCCH,
+ arglist: va_list,
+ ) -> ULONG;
+ fn vDbgPrintExWithPrefix(
+ Prefix: PCH,
+ ComponentId: ULONG,
+ Level: ULONG,
+ Format: PCCH,
+ arglist: va_list,
+ ) -> ULONG;
+ fn DbgQueryDebugFilterState(
+ ComponentId: ULONG,
+ Level: ULONG,
+ ) -> NTSTATUS;
+ fn DbgSetDebugFilterState(
+ ComponentId: ULONG,
+ Level: ULONG,
+ State: BOOLEAN,
+ ) -> NTSTATUS;
+ fn DbgPrompt(
+ Prompt: PCCH,
+ Response: PCH,
+ Length: ULONG,
+ ) -> ULONG;
+}}
+STRUCT!{struct DBGKM_EXCEPTION {
+ ExceptionRecord: EXCEPTION_RECORD,
+ FirstChance: ULONG,
+}}
+pub type PDBGKM_EXCEPTION = *mut DBGKM_EXCEPTION;
+STRUCT!{struct DBGKM_CREATE_THREAD {
+ SubSystemKey: ULONG,
+ StartAddress: PVOID,
+}}
+pub type PDBGKM_CREATE_THREAD = *mut DBGKM_CREATE_THREAD;
+STRUCT!{struct DBGKM_CREATE_PROCESS {
+ SubSystemKey: ULONG,
+ FileHandle: HANDLE,
+ BaseOfImage: PVOID,
+ DebugInfoFileOffset: ULONG,
+ DebugInfoSize: ULONG,
+ InitialThread: DBGKM_CREATE_THREAD,
+}}
+pub type PDBGKM_CREATE_PROCESS = *mut DBGKM_CREATE_PROCESS;
+STRUCT!{struct DBGKM_EXIT_THREAD {
+ ExitStatus: NTSTATUS,
+}}
+pub type PDBGKM_EXIT_THREAD = *mut DBGKM_EXIT_THREAD;
+STRUCT!{struct DBGKM_EXIT_PROCESS {
+ ExitStatus: NTSTATUS,
+}}
+pub type PDBGKM_EXIT_PROCESS = *mut DBGKM_EXIT_PROCESS;
+STRUCT!{struct DBGKM_LOAD_DLL {
+ FileHandle: HANDLE,
+ BaseOfDll: PVOID,
+ DebugInfoFileOffset: ULONG,
+ DebugInfoSize: ULONG,
+ NamePointer: PVOID,
+}}
+pub type PDBGKM_LOAD_DLL = *mut DBGKM_LOAD_DLL;
+STRUCT!{struct DBGKM_UNLOAD_DLL {
+ BaseAddress: PVOID,
+}}
+pub type PDBGKM_UNLOAD_DLL = *mut DBGKM_UNLOAD_DLL;
+ENUM!{enum DBG_STATE {
+ DbgIdle = 0,
+ DbgReplyPending = 1,
+ DbgCreateThreadStateChange = 2,
+ DbgCreateProcessStateChange = 3,
+ DbgExitThreadStateChange = 4,
+ DbgExitProcessStateChange = 5,
+ DbgExceptionStateChange = 6,
+ DbgBreakpointStateChange = 7,
+ DbgSingleStepStateChange = 8,
+ DbgLoadDllStateChange = 9,
+ DbgUnloadDllStateChange = 10,
+}}
+pub type PDBG_STATE = *mut DBG_STATE;
+STRUCT!{struct DBGUI_CREATE_THREAD {
+ HandleToThread: HANDLE,
+ NewThread: DBGKM_CREATE_THREAD,
+}}
+pub type PDBGUI_CREATE_THREAD = *mut DBGUI_CREATE_THREAD;
+STRUCT!{struct DBGUI_CREATE_PROCESS {
+ HandleToProcess: HANDLE,
+ HandleToThread: HANDLE,
+ NewProcess: DBGKM_CREATE_PROCESS,
+}}
+UNION!{union DBGUI_WAIT_STATE_CHANGE_StateInfo {
+ Exception: DBGKM_EXCEPTION,
+ CreateThread: DBGUI_CREATE_THREAD,
+ CreateProcessInfo: DBGUI_CREATE_PROCESS,
+ ExitThread: DBGKM_EXIT_THREAD,
+ ExitProcess: DBGKM_EXIT_PROCESS,
+ LoadDll: DBGKM_LOAD_DLL,
+ UnloadDll: DBGKM_UNLOAD_DLL,
+}}
+pub type PDBGUI_CREATE_PROCESS = *mut DBGUI_CREATE_PROCESS;
+STRUCT!{struct DBGUI_WAIT_STATE_CHANGE {
+ NewState: DBG_STATE,
+ AppClientId: CLIENT_ID,
+ StateInfo: DBGUI_WAIT_STATE_CHANGE_StateInfo,
+}}
+pub type PDBGUI_WAIT_STATE_CHANGE = *mut DBGUI_WAIT_STATE_CHANGE;
+pub const DEBUG_READ_EVENT: ULONG = 0x0001;
+pub const DEBUG_PROCESS_ASSIGN: ULONG = 0x0002;
+pub const DEBUG_SET_INFORMATION: ULONG = 0x0004;
+pub const DEBUG_QUERY_INFORMATION: ULONG = 0x0008;
+pub const DEBUG_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | DEBUG_READ_EVENT
+ | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | DEBUG_QUERY_INFORMATION;
+pub const DEBUG_KILL_ON_CLOSE: u32 = 0x1;
+ENUM!{enum DEBUGOBJECTINFOCLASS {
+ DebugObjectUnusedInformation = 0,
+ DebugObjectKillProcessOnExitInformation = 1,
+ MaxDebugObjectInfoClass = 2,
+}}
+pub type PDEBUGOBJECTINFOCLASS = *mut DEBUGOBJECTINFOCLASS;
+EXTERN!{extern "system" {
+ fn NtCreateDebugObject(
+ DebugObjectHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtDebugActiveProcess(
+ ProcessHandle: HANDLE,
+ DebugObjectHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtDebugContinue(
+ DebugObjectHandle: HANDLE,
+ ClientId: PCLIENT_ID,
+ ContinueStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn NtRemoveProcessDebug(
+ ProcessHandle: HANDLE,
+ DebugObjectHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtSetInformationDebugObject(
+ DebugObjectHandle: HANDLE,
+ DebugObjectInformationClass: DEBUGOBJECTINFOCLASS,
+ DebugInformation: PVOID,
+ DebugInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtWaitForDebugEvent(
+ DebugObjectHandle: HANDLE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ WaitStateChange: PVOID,
+ ) -> NTSTATUS;
+ fn DbgUiConnectToDbg() -> NTSTATUS;
+ fn DbgUiGetThreadDebugObject() -> HANDLE;
+ fn DbgUiSetThreadDebugObject(
+ DebugObject: HANDLE,
+ );
+ fn DbgUiWaitStateChange(
+ StateChange: PDBGUI_WAIT_STATE_CHANGE,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn DbgUiContinue(
+ AppClientId: PCLIENT_ID,
+ ContinueStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn DbgUiStopDebugging(
+ Process: HANDLE,
+ ) -> NTSTATUS;
+ fn DbgUiDebugActiveProcess(
+ Process: HANDLE,
+ ) -> NTSTATUS;
+ fn DbgUiRemoteBreakin(
+ Context: PVOID,
+ );
+ fn DbgUiIssueRemoteBreakin(
+ Process: HANDLE,
+ ) -> NTSTATUS;
+ fn DbgUiConvertStateChangeStructure(
+ StateChange: PDBGUI_WAIT_STATE_CHANGE,
+ DebugEvent: LPDEBUG_EVENT,
+ ) -> NTSTATUS;
+}}
+FN!{stdcall PENABLECALLBACK(
+ SourceId: LPCGUID,
+ IsEnabled: ULONG,
+ Level: UCHAR,
+ MatchAnyKeyword: ULONGLONG,
+ MatchAllKeyword: ULONGLONG,
+ FilterData: *mut EVENT_FILTER_DESCRIPTOR,
+ CallbackContext: PVOID,
+) -> ()}
+pub type REGHANDLE = ULONGLONG;
+pub type PREGHANDLE = *mut ULONGLONG;
+EXTERN!{extern "system" {
+ fn EtwEventRegister(
+ ProviderId: LPCGUID,
+ EnableCallback: PENABLECALLBACK,
+ CallbackContext: PVOID,
+ RegHandle: PREGHANDLE,
+ ) -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/ntexapi.rs b/vendor/ntapi/src/ntexapi.rs
new file mode 100644
index 000000000..5fa47c913
--- /dev/null
+++ b/vendor/ntapi/src/ntexapi.rs
@@ -0,0 +1,2998 @@
+use core::mem::uninitialized;
+use core::ptr::read_volatile;
+#[cfg(target_arch = "x86")]
+use core::sync::atomic::spin_loop_hint;
+use crate::ntapi_base::{CLIENT_ID, KPRIORITY, KSYSTEM_TIME, PRTL_ATOM, RTL_ATOM};
+use crate::ntioapi::{BUS_DATA_TYPE, FILE_IO_COMPLETION_INFORMATION, INTERFACE_TYPE};
+use crate::ntkeapi::{KPROFILE_SOURCE, KTHREAD_STATE, KWAIT_REASON};
+use crate::ntldr::RTL_PROCESS_MODULE_INFORMATION_EX;
+use crate::ntpebteb::PTEB;
+use crate::ntpoapi::COUNTED_REASON_CONTEXT;
+use winapi::shared::basetsd::{KAFFINITY, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR};
+use winapi::shared::evntrace::PROFILE_SOURCE_INFO;
+use winapi::shared::guiddef::{GUID, LPGUID};
+use winapi::shared::ntdef::{
+ BOOLEAN, CCHAR, EVENT_TYPE, HANDLE, LANGID, LARGE_INTEGER, LCID, LOGICAL, LONG, LONGLONG,
+ NTSTATUS, NT_PRODUCT_TYPE, PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE,
+ PHYSICAL_ADDRESS, PLARGE_INTEGER, PLCID, PLONG, PLUID, POBJECT_ATTRIBUTES, PUCHAR,
+ PULARGE_INTEGER, PULONG, PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE,
+ UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR, WNF_STATE_NAME,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, ANYSIZE_ARRAY, FIRMWARE_TYPE, GENERIC_MAPPING, PSECURITY_DESCRIPTOR,
+ STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, XSTATE_CONFIGURATION,
+};
+use crate::winapi_local::um::winnt::UInt32x32To64;
+EXTERN!{extern "system" {
+ fn NtDelayExecution(
+ Alertable: BOOLEAN,
+ DelayInterval: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtQuerySystemEnvironmentValue(
+ VariableName: PUNICODE_STRING,
+ VariableValue: PWSTR,
+ ValueLength: USHORT,
+ ReturnLength: PUSHORT,
+ ) -> NTSTATUS;
+ fn NtSetSystemEnvironmentValue(
+ VariableName: PUNICODE_STRING,
+ VariableValue: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn NtQuerySystemEnvironmentValueEx(
+ VariableName: PUNICODE_STRING,
+ VendorGuid: LPGUID,
+ Value: PVOID,
+ ValueLength: PULONG,
+ Attributes: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetSystemEnvironmentValueEx(
+ VariableName: PUNICODE_STRING,
+ VendorGuid: LPGUID,
+ Value: PVOID,
+ ValueLength: ULONG,
+ Attributes: ULONG,
+ ) -> NTSTATUS;
+ fn NtEnumerateSystemEnvironmentValuesEx(
+ InformationClass: ULONG,
+ Buffer: PVOID,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct BOOT_ENTRY {
+ Version: ULONG,
+ Length: ULONG,
+ Id: ULONG,
+ Attributes: ULONG,
+ FriendlyNameOffset: ULONG,
+ BootFilePathOffset: ULONG,
+ OsOptionsLength: ULONG,
+ OsOptions: [UCHAR; 1],
+}}
+pub type PBOOT_ENTRY = *mut BOOT_ENTRY;
+STRUCT!{struct BOOT_ENTRY_LIST {
+ NextEntryOffset: ULONG,
+ BootEntry: BOOT_ENTRY,
+}}
+pub type PBOOT_ENTRY_LIST = *mut BOOT_ENTRY_LIST;
+STRUCT!{struct BOOT_OPTIONS {
+ Version: ULONG,
+ Length: ULONG,
+ Timeout: ULONG,
+ CurrentBootEntryId: ULONG,
+ NextBootEntryId: ULONG,
+ HeadlessRedirection: [WCHAR; 1],
+}}
+pub type PBOOT_OPTIONS = *mut BOOT_OPTIONS;
+STRUCT!{struct FILE_PATH {
+ Version: ULONG,
+ Length: ULONG,
+ Type: ULONG,
+ FilePath: [UCHAR; 1],
+}}
+pub type PFILE_PATH = *mut FILE_PATH;
+STRUCT!{struct EFI_DRIVER_ENTRY {
+ Version: ULONG,
+ Length: ULONG,
+ Id: ULONG,
+ FriendlyNameOffset: ULONG,
+ DriverFilePathOffset: ULONG,
+}}
+pub type PEFI_DRIVER_ENTRY = *mut EFI_DRIVER_ENTRY;
+STRUCT!{struct EFI_DRIVER_ENTRY_LIST {
+ NextEntryOffset: ULONG,
+ DriverEntry: EFI_DRIVER_ENTRY,
+}}
+pub type PEFI_DRIVER_ENTRY_LIST = *mut EFI_DRIVER_ENTRY_LIST;
+EXTERN!{extern "system" {
+ fn NtAddBootEntry(
+ BootEntry: PBOOT_ENTRY,
+ Id: PULONG,
+ ) -> NTSTATUS;
+ fn NtDeleteBootEntry(
+ Id: ULONG,
+ ) -> NTSTATUS;
+ fn NtModifyBootEntry(
+ BootEntry: PBOOT_ENTRY,
+ ) -> NTSTATUS;
+ fn NtEnumerateBootEntries(
+ Buffer: PVOID,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtQueryBootEntryOrder(
+ Ids: PULONG,
+ Count: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetBootEntryOrder(
+ Ids: PULONG,
+ Count: ULONG,
+ ) -> NTSTATUS;
+ fn NtQueryBootOptions(
+ BootOptions: PBOOT_OPTIONS,
+ BootOptionsLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetBootOptions(
+ BootOptions: PBOOT_OPTIONS,
+ FieldsToChange: ULONG,
+ ) -> NTSTATUS;
+ fn NtTranslateFilePath(
+ InputFilePath: PFILE_PATH,
+ OutputType: ULONG,
+ OutputFilePath: PFILE_PATH,
+ OutputFilePathLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtAddDriverEntry(
+ DriverEntry: PEFI_DRIVER_ENTRY,
+ Id: PULONG,
+ ) -> NTSTATUS;
+ fn NtDeleteDriverEntry(
+ Id: ULONG,
+ ) -> NTSTATUS;
+ fn NtModifyDriverEntry(
+ DriverEntry: PEFI_DRIVER_ENTRY,
+ ) -> NTSTATUS;
+ fn NtEnumerateDriverEntries(
+ Buffer: PVOID,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtQueryDriverEntryOrder(
+ Ids: PULONG,
+ Count: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetDriverEntryOrder(
+ Ids: PULONG,
+ Count: ULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum FILTER_BOOT_OPTION_OPERATION {
+ FilterBootOptionOperationOpenSystemStore = 0,
+ FilterBootOptionOperationSetElement = 1,
+ FilterBootOptionOperationDeleteElement = 2,
+ FilterBootOptionOperationMax = 3,
+}}
+EXTERN!{extern "system" {
+ fn NtFilterBootOption(
+ FilterOperation: FILTER_BOOT_OPTION_OPERATION,
+ ObjectType: ULONG,
+ ElementType: ULONG,
+ Data: PVOID,
+ DataSize: ULONG,
+ ) -> NTSTATUS;
+}}
+pub const EVENT_QUERY_STATE: u32 = 0x0001;
+ENUM!{enum EVENT_INFORMATION_CLASS {
+ EventBasicInformation = 0,
+}}
+STRUCT!{struct EVENT_BASIC_INFORMATION {
+ EventType: EVENT_TYPE,
+ EventState: LONG,
+}}
+pub type PEVENT_BASIC_INFORMATION = *mut EVENT_BASIC_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtCreateEvent(
+ EventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ EventType: EVENT_TYPE,
+ InitialState: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtOpenEvent(
+ EventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtSetEvent(
+ EventHandle: HANDLE,
+ PreviousState: PLONG,
+ ) -> NTSTATUS;
+ fn NtSetEventBoostPriority(
+ EventHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtClearEvent(
+ EventHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtResetEvent(
+ EventHandle: HANDLE,
+ PreviousState: PLONG,
+ ) -> NTSTATUS;
+ fn NtPulseEvent(
+ EventHandle: HANDLE,
+ PreviousState: PLONG,
+ ) -> NTSTATUS;
+ fn NtQueryEvent(
+ EventHandle: HANDLE,
+ EventInformationClass: EVENT_INFORMATION_CLASS,
+ EventInformation: PVOID,
+ EventInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
+pub const EVENT_PAIR_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE;
+EXTERN!{extern "system" {
+ fn NtCreateEventPair(
+ EventPairHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtOpenEventPair(
+ EventPairHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtSetLowEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtSetHighEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtWaitLowEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtWaitHighEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtSetLowWaitHighEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtSetHighWaitLowEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum MUTANT_INFORMATION_CLASS {
+ MutantBasicInformation = 0,
+ MutantOwnerInformation = 1,
+}}
+STRUCT!{struct MUTANT_BASIC_INFORMATION {
+ CurrentCount: LONG,
+ OwnedByCaller: BOOLEAN,
+ AbandonedState: BOOLEAN,
+}}
+pub type PMUTANT_BASIC_INFORMATION = *mut MUTANT_BASIC_INFORMATION;
+STRUCT!{struct MUTANT_OWNER_INFORMATION {
+ ClientId: CLIENT_ID,
+}}
+pub type PMUTANT_OWNER_INFORMATION = *mut MUTANT_OWNER_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtCreateMutant(
+ MutantHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ InitialOwner: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtOpenMutant(
+ MutantHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtReleaseMutant(
+ MutantHandle: HANDLE,
+ PreviousCount: PLONG,
+ ) -> NTSTATUS;
+ fn NtQueryMutant(
+ MutantHandle: HANDLE,
+ MutantInformationClass: MUTANT_INFORMATION_CLASS,
+ MutantInformation: PVOID,
+ MutantInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
+pub const SEMAPHORE_QUERY_STATE: u32 = 0x0001;
+ENUM!{enum SEMAPHORE_INFORMATION_CLASS {
+ SemaphoreBasicInformation = 0,
+}}
+STRUCT!{struct SEMAPHORE_BASIC_INFORMATION {
+ CurrentCount: LONG,
+ MaximumCount: LONG,
+}}
+pub type PSEMAPHORE_BASIC_INFORMATION = *mut SEMAPHORE_BASIC_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtCreateSemaphore(
+ SemaphoreHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ InitialCount: LONG,
+ MaximumCount: LONG,
+ ) -> NTSTATUS;
+ fn NtOpenSemaphore(
+ SemaphoreHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtReleaseSemaphore(
+ SemaphoreHandle: HANDLE,
+ ReleaseCount: LONG,
+ PreviousCount: PLONG,
+ ) -> NTSTATUS;
+ fn NtQuerySemaphore(
+ SemaphoreHandle: HANDLE,
+ SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS,
+ SemaphoreInformation: PVOID,
+ SemaphoreInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum TIMER_INFORMATION_CLASS {
+ TimerBasicInformation = 0,
+}}
+STRUCT!{struct TIMER_BASIC_INFORMATION {
+ RemainingTime: LARGE_INTEGER,
+ TimerState: BOOLEAN,
+}}
+pub type PTIMER_BASIC_INFORMATION = *mut TIMER_BASIC_INFORMATION;
+FN!{stdcall PTIMER_APC_ROUTINE(
+ TimerContext: PVOID,
+ TimerLowValue: ULONG,
+ TimerHighValue: LONG,
+) -> ()}
+ENUM!{enum TIMER_SET_INFORMATION_CLASS {
+ TimerSetCoalescableTimer = 0,
+ MaxTimerInfoClass = 1,
+}}
+STRUCT!{struct TIMER_SET_COALESCABLE_TIMER_INFO {
+ DueTime: LARGE_INTEGER,
+ TimerApcRoutine: PTIMER_APC_ROUTINE,
+ TimerContext: PVOID,
+ WakeContext: *mut COUNTED_REASON_CONTEXT,
+ Period: ULONG,
+ TolerableDelay: ULONG,
+ PreviousState: PBOOLEAN,
+}}
+pub type PTIMER_SET_COALESCABLE_TIMER_INFO = *mut TIMER_SET_COALESCABLE_TIMER_INFO;
+EXTERN!{extern "system" {
+ fn NtCreateTimer(
+ TimerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TimerType: TIMER_TYPE,
+ ) -> NTSTATUS;
+ fn NtOpenTimer(
+ TimerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtSetTimer(
+ TimerHandle: HANDLE,
+ DueTime: PLARGE_INTEGER,
+ TimerApcRoutine: PTIMER_APC_ROUTINE,
+ TimerContext: PVOID,
+ ResumeTimer: BOOLEAN,
+ Period: LONG,
+ PreviousState: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtSetTimerEx(
+ TimerHandle: HANDLE,
+ TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS,
+ TimerSetInformation: PVOID,
+ TimerSetInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtCancelTimer(
+ TimerHandle: HANDLE,
+ CurrentState: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtQueryTimer(
+ TimerHandle: HANDLE,
+ TimerInformationClass: TIMER_INFORMATION_CLASS,
+ TimerInformation: PVOID,
+ TimerInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtCreateIRTimer(
+ TimerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ) -> NTSTATUS;
+ fn NtSetIRTimer(
+ TimerHandle: HANDLE,
+ DueTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct T2_SET_PARAMETERS {
+ Version: ULONG,
+ Reserved: ULONG,
+ NoWakeTolerance: LONGLONG,
+}}
+pub type PT2_SET_PARAMETERS = *mut T2_SET_PARAMETERS;
+pub type PT2_CANCEL_PARAMETERS = PVOID;
+EXTERN!{extern "system" {
+ fn NtCreateTimer2(
+ TimerHandle: PHANDLE,
+ Reserved1: PVOID,
+ Reserved2: PVOID,
+ Attributes: ULONG,
+ DesiredAccess: ACCESS_MASK,
+ ) -> NTSTATUS;
+ fn NtSetTimer2(
+ TimerHandle: HANDLE,
+ DueTime: PLARGE_INTEGER,
+ Period: PLARGE_INTEGER,
+ Parameters: PT2_SET_PARAMETERS,
+ ) -> NTSTATUS;
+ fn NtCancelTimer2(
+ TimerHandle: HANDLE,
+ Parameters: PT2_CANCEL_PARAMETERS,
+ ) -> NTSTATUS;
+}}
+pub const PROFILE_CONTROL: u32 = 0x0001;
+pub const PROFILE_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL;
+EXTERN!{extern "system" {
+ fn NtCreateProfile(
+ ProfileHandle: PHANDLE,
+ Process: HANDLE,
+ ProfileBase: PVOID,
+ ProfileSize: SIZE_T,
+ BucketSize: ULONG,
+ Buffer: PULONG,
+ BufferSize: ULONG,
+ ProfileSource: KPROFILE_SOURCE,
+ Affinity: KAFFINITY,
+ ) -> NTSTATUS;
+ fn NtCreateProfileEx(
+ ProfileHandle: PHANDLE,
+ Process: HANDLE,
+ ProfileBase: PVOID,
+ ProfileSize: SIZE_T,
+ BucketSize: ULONG,
+ Buffer: PULONG,
+ BufferSize: ULONG,
+ ProfileSource: KPROFILE_SOURCE,
+ GroupCount: USHORT,
+ GroupAffinity: PGROUP_AFFINITY,
+ ) -> NTSTATUS;
+ fn NtStartProfile(
+ ProfileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtStopProfile(
+ ProfileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtQueryIntervalProfile(
+ ProfileSource: KPROFILE_SOURCE,
+ Interval: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetIntervalProfile(
+ Interval: ULONG,
+ Source: KPROFILE_SOURCE,
+ ) -> NTSTATUS;
+}}
+pub const KEYEDEVENT_WAIT: ULONG = 0x0001;
+pub const KEYEDEVENT_WAKE: ULONG = 0x0002;
+pub const KEYEDEVENT_ALL_ACCESS: ACCESS_MASK =
+ STANDARD_RIGHTS_REQUIRED | KEYEDEVENT_WAIT | KEYEDEVENT_WAKE;
+EXTERN!{extern "system" {
+ fn NtCreateKeyedEvent(
+ KeyedEventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtOpenKeyedEvent(
+ KeyedEventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtReleaseKeyedEvent(
+ KeyedEventHandle: HANDLE,
+ KeyValue: PVOID,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtWaitForKeyedEvent(
+ KeyedEventHandle: HANDLE,
+ KeyValue: PVOID,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtUmsThreadYield(
+ SchedulerParam: PVOID,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum WNF_STATE_NAME_LIFETIME {
+ WnfWellKnownStateName = 0,
+ WnfPermanentStateName = 1,
+ WnfPersistentStateName = 2,
+ WnfTemporaryStateName = 3,
+}}
+ENUM!{enum WNF_STATE_NAME_INFORMATION {
+ WnfInfoStateNameExist = 0,
+ WnfInfoSubscribersPresent = 1,
+ WnfInfoIsQuiescent = 2,
+}}
+ENUM!{enum WNF_DATA_SCOPE {
+ WnfDataScopeSystem = 0,
+ WnfDataScopeSession = 1,
+ WnfDataScopeUser = 2,
+ WnfDataScopeProcess = 3,
+ WnfDataScopeMachine = 4,
+}}
+STRUCT!{struct WNF_TYPE_ID {
+ TypeId: GUID,
+}}
+pub type PWNF_TYPE_ID = *mut WNF_TYPE_ID;
+pub type PCWNF_TYPE_ID = *const WNF_TYPE_ID;
+pub type PWNF_CHANGE_STAMP = *mut ULONG;
+pub type WNF_CHANGE_STAMP = ULONG;
+STRUCT!{struct WNF_DELIVERY_DESCRIPTOR {
+ SubscriptionId: ULONGLONG,
+ StateName: WNF_STATE_NAME,
+ ChangeStamp: WNF_CHANGE_STAMP,
+ StateDataSize: ULONG,
+ EventMask: ULONG,
+ TypeId: WNF_TYPE_ID,
+ StateDataOffset: ULONG,
+}}
+pub type PWNF_DELIVERY_DESCRIPTOR = *mut WNF_DELIVERY_DESCRIPTOR;
+EXTERN!{extern "system" {
+ fn NtCreateWnfStateName(
+ StateName: PWNF_STATE_NAME,
+ NameLifetime: WNF_STATE_NAME_LIFETIME,
+ DataScope: WNF_DATA_SCOPE,
+ PersistData: BOOLEAN,
+ TypeId: PCWNF_TYPE_ID,
+ MaximumStateSize: ULONG,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ) -> NTSTATUS;
+ fn NtDeleteWnfStateName(
+ StateName: PCWNF_STATE_NAME,
+ ) -> NTSTATUS;
+ fn NtUpdateWnfStateData(
+ StateName: PCWNF_STATE_NAME,
+ Buffer: *const VOID,
+ Length: ULONG,
+ TypeId: PCWNF_TYPE_ID,
+ ExplicitScope: *const VOID,
+ MatchingChangeStamp: WNF_CHANGE_STAMP,
+ CheckStamp: LOGICAL,
+ ) -> NTSTATUS;
+ fn NtDeleteWnfStateData(
+ StateName: PCWNF_STATE_NAME,
+ ExplicitScope: *const VOID,
+ ) -> NTSTATUS;
+ fn NtQueryWnfStateData(
+ StateName: PCWNF_STATE_NAME,
+ TypeId: PCWNF_TYPE_ID,
+ ExplicitScope: *const VOID,
+ ChangeStamp: PWNF_CHANGE_STAMP,
+ Buffer: PVOID,
+ BufferSize: PULONG,
+ ) -> NTSTATUS;
+ fn NtQueryWnfStateNameInformation(
+ StateName: PCWNF_STATE_NAME,
+ NameInfoClass: WNF_STATE_NAME_INFORMATION,
+ ExplicitScope: *const VOID,
+ InfoBuffer: PVOID,
+ InfoBufferSize: ULONG,
+ ) -> NTSTATUS;
+ fn NtSubscribeWnfStateChange(
+ StateName: PCWNF_STATE_NAME,
+ ChangeStamp: WNF_CHANGE_STAMP,
+ EventMask: ULONG,
+ SubscriptionId: PULONG64,
+ ) -> NTSTATUS;
+ fn NtUnsubscribeWnfStateChange(
+ StateName: PCWNF_STATE_NAME,
+ ) -> NTSTATUS;
+ fn NtGetCompleteWnfStateSubscription(
+ OldDescriptorStateName: PWNF_STATE_NAME,
+ OldSubscriptionId: *mut ULONG64,
+ OldDescriptorEventMask: ULONG,
+ OldDescriptorStatus: ULONG,
+ NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR,
+ DescriptorSize: ULONG,
+ ) -> NTSTATUS;
+ fn NtSetWnfProcessNotificationEvent(
+ NotificationEvent: HANDLE,
+ ) -> NTSTATUS;
+}}
+pub const WORKER_FACTORY_RELEASE_WORKER: u32 = 0x0001;
+pub const WORKER_FACTORY_WAIT: u32 = 0x0002;
+pub const WORKER_FACTORY_SET_INFORMATION: u32 = 0x0004;
+pub const WORKER_FACTORY_QUERY_INFORMATION: u32 = 0x0008;
+pub const WORKER_FACTORY_READY_WORKER: u32 = 0x0010;
+pub const WORKER_FACTORY_SHUTDOWN: u32 = 0x0020;
+pub const WORKER_FACTORY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED
+ | WORKER_FACTORY_RELEASE_WORKER | WORKER_FACTORY_WAIT | WORKER_FACTORY_SET_INFORMATION
+ | WORKER_FACTORY_QUERY_INFORMATION | WORKER_FACTORY_READY_WORKER | WORKER_FACTORY_SHUTDOWN;
+ENUM!{enum WORKERFACTORYINFOCLASS {
+ WorkerFactoryTimeout = 0,
+ WorkerFactoryRetryTimeout = 1,
+ WorkerFactoryIdleTimeout = 2,
+ WorkerFactoryBindingCount = 3,
+ WorkerFactoryThreadMinimum = 4,
+ WorkerFactoryThreadMaximum = 5,
+ WorkerFactoryPaused = 6,
+ WorkerFactoryBasicInformation = 7,
+ WorkerFactoryAdjustThreadGoal = 8,
+ WorkerFactoryCallbackType = 9,
+ WorkerFactoryStackInformation = 10,
+ WorkerFactoryThreadBasePriority = 11,
+ WorkerFactoryTimeoutWaiters = 12,
+ WorkerFactoryFlags = 13,
+ WorkerFactoryThreadSoftMaximum = 14,
+ MaxWorkerFactoryInfoClass = 15,
+}}
+pub type PWORKERFACTORYINFOCLASS = *mut WORKERFACTORYINFOCLASS;
+STRUCT!{struct WORKER_FACTORY_BASIC_INFORMATION {
+ Timeout: LARGE_INTEGER,
+ RetryTimeout: LARGE_INTEGER,
+ IdleTimeout: LARGE_INTEGER,
+ Paused: BOOLEAN,
+ TimerSet: BOOLEAN,
+ QueuedToExWorker: BOOLEAN,
+ MayCreate: BOOLEAN,
+ CreateInProgress: BOOLEAN,
+ InsertedIntoQueue: BOOLEAN,
+ Shutdown: BOOLEAN,
+ BindingCount: ULONG,
+ ThreadMinimum: ULONG,
+ ThreadMaximum: ULONG,
+ PendingWorkerCount: ULONG,
+ WaitingWorkerCount: ULONG,
+ TotalWorkerCount: ULONG,
+ ReleaseCount: ULONG,
+ InfiniteWaitGoal: LONGLONG,
+ StartRoutine: PVOID,
+ StartParameter: PVOID,
+ ProcessId: HANDLE,
+ StackReserve: SIZE_T,
+ StackCommit: SIZE_T,
+ LastThreadCreationStatus: NTSTATUS,
+}}
+pub type PWORKER_FACTORY_BASIC_INFORMATION = *mut WORKER_FACTORY_BASIC_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtCreateWorkerFactory(
+ WorkerFactoryHandleReturn: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ CompletionPortHandle: HANDLE,
+ WorkerProcessHandle: HANDLE,
+ StartRoutine: PVOID,
+ StartParameter: PVOID,
+ MaxThreadCount: ULONG,
+ StackReserve: SIZE_T,
+ StackCommit: SIZE_T,
+ ) -> NTSTATUS;
+ fn NtQueryInformationWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
+ WorkerFactoryInformation: PVOID,
+ WorkerFactoryInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
+ WorkerFactoryInformation: PVOID,
+ WorkerFactoryInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtShutdownWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ PendingWorkerCount: *mut LONG,
+ ) -> NTSTATUS;
+ fn NtReleaseWorkerFactoryWorker(
+ WorkerFactoryHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtWorkerFactoryWorkerReady(
+ WorkerFactoryHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtWaitForWorkViaWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION,
+ ) -> NTSTATUS;
+ fn NtQuerySystemTime(
+ SystemTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtSetSystemTime(
+ SystemTime: PLARGE_INTEGER,
+ PreviousTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtQueryTimerResolution(
+ MaximumTime: PULONG,
+ MinimumTime: PULONG,
+ CurrentTime: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetTimerResolution(
+ DesiredTime: ULONG,
+ SetResolution: BOOLEAN,
+ ActualTime: PULONG,
+ ) -> NTSTATUS;
+ fn NtQueryPerformanceCounter(
+ PerformanceCounter: PLARGE_INTEGER,
+ PerformanceFrequency: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtAllocateLocallyUniqueId(
+ Luid: PLUID,
+ ) -> NTSTATUS;
+ fn NtSetUuidSeed(
+ Seed: PCHAR,
+ ) -> NTSTATUS;
+ fn NtAllocateUuids(
+ Time: PULARGE_INTEGER,
+ Range: PULONG,
+ Sequence: PULONG,
+ Seed: PCHAR,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum SYSTEM_INFORMATION_CLASS {
+ SystemBasicInformation = 0,
+ SystemProcessorInformation = 1,
+ SystemPerformanceInformation = 2,
+ SystemTimeOfDayInformation = 3,
+ SystemPathInformation = 4,
+ SystemProcessInformation = 5,
+ SystemCallCountInformation = 6,
+ SystemDeviceInformation = 7,
+ SystemProcessorPerformanceInformation = 8,
+ SystemFlagsInformation = 9,
+ SystemCallTimeInformation = 10,
+ SystemModuleInformation = 11,
+ SystemLocksInformation = 12,
+ SystemStackTraceInformation = 13,
+ SystemPagedPoolInformation = 14,
+ SystemNonPagedPoolInformation = 15,
+ SystemHandleInformation = 16,
+ SystemObjectInformation = 17,
+ SystemPageFileInformation = 18,
+ SystemVdmInstemulInformation = 19,
+ SystemVdmBopInformation = 20,
+ SystemFileCacheInformation = 21,
+ SystemPoolTagInformation = 22,
+ SystemInterruptInformation = 23,
+ SystemDpcBehaviorInformation = 24,
+ SystemFullMemoryInformation = 25,
+ SystemLoadGdiDriverInformation = 26,
+ SystemUnloadGdiDriverInformation = 27,
+ SystemTimeAdjustmentInformation = 28,
+ SystemSummaryMemoryInformation = 29,
+ SystemMirrorMemoryInformation = 30,
+ SystemPerformanceTraceInformation = 31,
+ SystemObsolete0 = 32,
+ SystemExceptionInformation = 33,
+ SystemCrashDumpStateInformation = 34,
+ SystemKernelDebuggerInformation = 35,
+ SystemContextSwitchInformation = 36,
+ SystemRegistryQuotaInformation = 37,
+ SystemExtendServiceTableInformation = 38,
+ SystemPrioritySeperation = 39,
+ SystemVerifierAddDriverInformation = 40,
+ SystemVerifierRemoveDriverInformation = 41,
+ SystemProcessorIdleInformation = 42,
+ SystemLegacyDriverInformation = 43,
+ SystemCurrentTimeZoneInformation = 44,
+ SystemLookasideInformation = 45,
+ SystemTimeSlipNotification = 46,
+ SystemSessionCreate = 47,
+ SystemSessionDetach = 48,
+ SystemSessionInformation = 49,
+ SystemRangeStartInformation = 50,
+ SystemVerifierInformation = 51,
+ SystemVerifierThunkExtend = 52,
+ SystemSessionProcessInformation = 53,
+ SystemLoadGdiDriverInSystemSpace = 54,
+ SystemNumaProcessorMap = 55,
+ SystemPrefetcherInformation = 56,
+ SystemExtendedProcessInformation = 57,
+ SystemRecommendedSharedDataAlignment = 58,
+ SystemComPlusPackage = 59,
+ SystemNumaAvailableMemory = 60,
+ SystemProcessorPowerInformation = 61,
+ SystemEmulationBasicInformation = 62,
+ SystemEmulationProcessorInformation = 63,
+ SystemExtendedHandleInformation = 64,
+ SystemLostDelayedWriteInformation = 65,
+ SystemBigPoolInformation = 66,
+ SystemSessionPoolTagInformation = 67,
+ SystemSessionMappedViewInformation = 68,
+ SystemHotpatchInformation = 69,
+ SystemObjectSecurityMode = 70,
+ SystemWatchdogTimerHandler = 71,
+ SystemWatchdogTimerInformation = 72,
+ SystemLogicalProcessorInformation = 73,
+ SystemWow64SharedInformationObsolete = 74,
+ SystemRegisterFirmwareTableInformationHandler = 75,
+ SystemFirmwareTableInformation = 76,
+ SystemModuleInformationEx = 77,
+ SystemVerifierTriageInformation = 78,
+ SystemSuperfetchInformation = 79,
+ SystemMemoryListInformation = 80,
+ SystemFileCacheInformationEx = 81,
+ SystemThreadPriorityClientIdInformation = 82,
+ SystemProcessorIdleCycleTimeInformation = 83,
+ SystemVerifierCancellationInformation = 84,
+ SystemProcessorPowerInformationEx = 85,
+ SystemRefTraceInformation = 86,
+ SystemSpecialPoolInformation = 87,
+ SystemProcessIdInformation = 88,
+ SystemErrorPortInformation = 89,
+ SystemBootEnvironmentInformation = 90,
+ SystemHypervisorInformation = 91,
+ SystemVerifierInformationEx = 92,
+ SystemTimeZoneInformation = 93,
+ SystemImageFileExecutionOptionsInformation = 94,
+ SystemCoverageInformation = 95,
+ SystemPrefetchPatchInformation = 96,
+ SystemVerifierFaultsInformation = 97,
+ SystemSystemPartitionInformation = 98,
+ SystemSystemDiskInformation = 99,
+ SystemProcessorPerformanceDistribution = 100,
+ SystemNumaProximityNodeInformation = 101,
+ SystemDynamicTimeZoneInformation = 102,
+ SystemCodeIntegrityInformation = 103,
+ SystemProcessorMicrocodeUpdateInformation = 104,
+ SystemProcessorBrandString = 105,
+ SystemVirtualAddressInformation = 106,
+ SystemLogicalProcessorAndGroupInformation = 107,
+ SystemProcessorCycleTimeInformation = 108,
+ SystemStoreInformation = 109,
+ SystemRegistryAppendString = 110,
+ SystemAitSamplingValue = 111,
+ SystemVhdBootInformation = 112,
+ SystemCpuQuotaInformation = 113,
+ SystemNativeBasicInformation = 114,
+ SystemSpare1 = 115,
+ SystemLowPriorityIoInformation = 116,
+ SystemTpmBootEntropyInformation = 117,
+ SystemVerifierCountersInformation = 118,
+ SystemPagedPoolInformationEx = 119,
+ SystemSystemPtesInformationEx = 120,
+ SystemNodeDistanceInformation = 121,
+ SystemAcpiAuditInformation = 122,
+ SystemBasicPerformanceInformation = 123,
+ SystemQueryPerformanceCounterInformation = 124,
+ SystemSessionBigPoolInformation = 125,
+ SystemBootGraphicsInformation = 126,
+ SystemScrubPhysicalMemoryInformation = 127,
+ SystemBadPageInformation = 128,
+ SystemProcessorProfileControlArea = 129,
+ SystemCombinePhysicalMemoryInformation = 130,
+ SystemEntropyInterruptTimingCallback = 131,
+ SystemConsoleInformation = 132,
+ SystemPlatformBinaryInformation = 133,
+ SystemThrottleNotificationInformation = 134,
+ SystemHypervisorProcessorCountInformation = 135,
+ SystemDeviceDataInformation = 136,
+ SystemDeviceDataEnumerationInformation = 137,
+ SystemMemoryTopologyInformation = 138,
+ SystemMemoryChannelInformation = 139,
+ SystemBootLogoInformation = 140,
+ SystemProcessorPerformanceInformationEx = 141,
+ SystemSpare0 = 142,
+ SystemSecureBootPolicyInformation = 143,
+ SystemPageFileInformationEx = 144,
+ SystemSecureBootInformation = 145,
+ SystemEntropyInterruptTimingRawInformation = 146,
+ SystemPortableWorkspaceEfiLauncherInformation = 147,
+ SystemFullProcessInformation = 148,
+ SystemKernelDebuggerInformationEx = 149,
+ SystemBootMetadataInformation = 150,
+ SystemSoftRebootInformation = 151,
+ SystemElamCertificateInformation = 152,
+ SystemOfflineDumpConfigInformation = 153,
+ SystemProcessorFeaturesInformation = 154,
+ SystemRegistryReconciliationInformation = 155,
+ SystemEdidInformation = 156,
+ SystemManufacturingInformation = 157,
+ SystemEnergyEstimationConfigInformation = 158,
+ SystemHypervisorDetailInformation = 159,
+ SystemProcessorCycleStatsInformation = 160,
+ SystemVmGenerationCountInformation = 161,
+ SystemTrustedPlatformModuleInformation = 162,
+ SystemKernelDebuggerFlags = 163,
+ SystemCodeIntegrityPolicyInformation = 164,
+ SystemIsolatedUserModeInformation = 165,
+ SystemHardwareSecurityTestInterfaceResultsInformation = 166,
+ SystemSingleModuleInformation = 167,
+ SystemAllowedCpuSetsInformation = 168,
+ SystemVsmProtectionInformation = 169,
+ SystemInterruptCpuSetsInformation = 170,
+ SystemSecureBootPolicyFullInformation = 171,
+ SystemCodeIntegrityPolicyFullInformation = 172,
+ SystemAffinitizedInterruptProcessorInformation = 173,
+ SystemRootSiloInformation = 174,
+ SystemCpuSetInformation = 175,
+ SystemCpuSetTagInformation = 176,
+ SystemWin32WerStartCallout = 177,
+ SystemSecureKernelProfileInformation = 178,
+ SystemCodeIntegrityPlatformManifestInformation = 179,
+ SystemInterruptSteeringInformation = 180,
+ SystemSupportedProcessorArchitectures = 181,
+ SystemMemoryUsageInformation = 182,
+ SystemCodeIntegrityCertificateInformation = 183,
+ SystemPhysicalMemoryInformation = 184,
+ SystemControlFlowTransition = 185,
+ SystemKernelDebuggingAllowed = 186,
+ SystemActivityModerationExeState = 187,
+ SystemActivityModerationUserSettings = 188,
+ SystemCodeIntegrityPoliciesFullInformation = 189,
+ SystemCodeIntegrityUnlockInformation = 190,
+ SystemIntegrityQuotaInformation = 191,
+ SystemFlushInformation = 192,
+ SystemProcessorIdleMaskInformation = 193,
+ SystemSecureDumpEncryptionInformation = 194,
+ SystemWriteConstraintInformation = 195,
+ SystemKernelVaShadowInformation = 196,
+ SystemHypervisorSharedPageInformation = 197,
+ SystemFirmwareBootPerformanceInformation = 198,
+ SystemCodeIntegrityVerificationInformation = 199,
+ SystemFirmwarePartitionInformation = 200,
+ SystemSpeculationControlInformation = 201,
+ SystemDmaGuardPolicyInformation = 202,
+ SystemEnclaveLaunchControlInformation = 203,
+ SystemWorkloadAllowedCpuSetsInformation = 204,
+ SystemCodeIntegrityUnlockModeInformation = 205,
+ SystemLeapSecondInformation = 206,
+ SystemFlags2Information = 207,
+ MaxSystemInfoClass = 208,
+}}
+STRUCT!{struct SYSTEM_BASIC_INFORMATION {
+ Reserved: ULONG,
+ TimerResolution: ULONG,
+ PageSize: ULONG,
+ NumberOfPhysicalPages: ULONG,
+ LowestPhysicalPageNumber: ULONG,
+ HighestPhysicalPageNumber: ULONG,
+ AllocationGranularity: ULONG,
+ MinimumUserModeAddress: ULONG_PTR,
+ MaximumUserModeAddress: ULONG_PTR,
+ ActiveProcessorsAffinityMask: ULONG_PTR,
+ NumberOfProcessors: CCHAR,
+}}
+pub type PSYSTEM_BASIC_INFORMATION = *mut SYSTEM_BASIC_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_INFORMATION {
+ ProcessorArchitecture: USHORT,
+ ProcessorLevel: USHORT,
+ ProcessorRevision: USHORT,
+ MaximumProcessors: USHORT,
+ ProcessorFeatureBits: ULONG,
+}}
+pub type PSYSTEM_PROCESSOR_INFORMATION = *mut SYSTEM_PROCESSOR_INFORMATION;
+STRUCT!{struct SYSTEM_PERFORMANCE_INFORMATION {
+ IdleProcessTime: LARGE_INTEGER,
+ IoReadTransferCount: LARGE_INTEGER,
+ IoWriteTransferCount: LARGE_INTEGER,
+ IoOtherTransferCount: LARGE_INTEGER,
+ IoReadOperationCount: ULONG,
+ IoWriteOperationCount: ULONG,
+ IoOtherOperationCount: ULONG,
+ AvailablePages: ULONG,
+ CommittedPages: ULONG,
+ CommitLimit: ULONG,
+ PeakCommitment: ULONG,
+ PageFaultCount: ULONG,
+ CopyOnWriteCount: ULONG,
+ TransitionCount: ULONG,
+ CacheTransitionCount: ULONG,
+ DemandZeroCount: ULONG,
+ PageReadCount: ULONG,
+ PageReadIoCount: ULONG,
+ CacheReadCount: ULONG,
+ CacheIoCount: ULONG,
+ DirtyPagesWriteCount: ULONG,
+ DirtyWriteIoCount: ULONG,
+ MappedPagesWriteCount: ULONG,
+ MappedWriteIoCount: ULONG,
+ PagedPoolPages: ULONG,
+ NonPagedPoolPages: ULONG,
+ PagedPoolAllocs: ULONG,
+ PagedPoolFrees: ULONG,
+ NonPagedPoolAllocs: ULONG,
+ NonPagedPoolFrees: ULONG,
+ FreeSystemPtes: ULONG,
+ ResidentSystemCodePage: ULONG,
+ TotalSystemDriverPages: ULONG,
+ TotalSystemCodePages: ULONG,
+ NonPagedPoolLookasideHits: ULONG,
+ PagedPoolLookasideHits: ULONG,
+ AvailablePagedPoolPages: ULONG,
+ ResidentSystemCachePage: ULONG,
+ ResidentPagedPoolPage: ULONG,
+ ResidentSystemDriverPage: ULONG,
+ CcFastReadNoWait: ULONG,
+ CcFastReadWait: ULONG,
+ CcFastReadResourceMiss: ULONG,
+ CcFastReadNotPossible: ULONG,
+ CcFastMdlReadNoWait: ULONG,
+ CcFastMdlReadWait: ULONG,
+ CcFastMdlReadResourceMiss: ULONG,
+ CcFastMdlReadNotPossible: ULONG,
+ CcMapDataNoWait: ULONG,
+ CcMapDataWait: ULONG,
+ CcMapDataNoWaitMiss: ULONG,
+ CcMapDataWaitMiss: ULONG,
+ CcPinMappedDataCount: ULONG,
+ CcPinReadNoWait: ULONG,
+ CcPinReadWait: ULONG,
+ CcPinReadNoWaitMiss: ULONG,
+ CcPinReadWaitMiss: ULONG,
+ CcCopyReadNoWait: ULONG,
+ CcCopyReadWait: ULONG,
+ CcCopyReadNoWaitMiss: ULONG,
+ CcCopyReadWaitMiss: ULONG,
+ CcMdlReadNoWait: ULONG,
+ CcMdlReadWait: ULONG,
+ CcMdlReadNoWaitMiss: ULONG,
+ CcMdlReadWaitMiss: ULONG,
+ CcReadAheadIos: ULONG,
+ CcLazyWriteIos: ULONG,
+ CcLazyWritePages: ULONG,
+ CcDataFlushes: ULONG,
+ CcDataPages: ULONG,
+ ContextSwitches: ULONG,
+ FirstLevelTbFills: ULONG,
+ SecondLevelTbFills: ULONG,
+ SystemCalls: ULONG,
+ CcTotalDirtyPages: ULONGLONG,
+ CcDirtyPageThreshold: ULONGLONG,
+ ResidentAvailablePages: LONGLONG,
+ SharedCommittedPages: ULONGLONG,
+}}
+pub type PSYSTEM_PERFORMANCE_INFORMATION = *mut SYSTEM_PERFORMANCE_INFORMATION;
+STRUCT!{struct SYSTEM_TIMEOFDAY_INFORMATION {
+ BootTime: LARGE_INTEGER,
+ CurrentTime: LARGE_INTEGER,
+ TimeZoneBias: LARGE_INTEGER,
+ TimeZoneId: ULONG,
+ Reserved: ULONG,
+ BootTimeBias: ULONGLONG,
+ SleepTimeBias: ULONGLONG,
+}}
+pub type PSYSTEM_TIMEOFDAY_INFORMATION = *mut SYSTEM_TIMEOFDAY_INFORMATION;
+STRUCT!{struct SYSTEM_THREAD_INFORMATION {
+ KernelTime: LARGE_INTEGER,
+ UserTime: LARGE_INTEGER,
+ CreateTime: LARGE_INTEGER,
+ WaitTime: ULONG,
+ StartAddress: PVOID,
+ ClientId: CLIENT_ID,
+ Priority: KPRIORITY,
+ BasePriority: LONG,
+ ContextSwitches: ULONG,
+ ThreadState: KTHREAD_STATE,
+ WaitReason: KWAIT_REASON,
+}}
+pub type PSYSTEM_THREAD_INFORMATION = *mut SYSTEM_THREAD_INFORMATION;
+STRUCT!{struct SYSTEM_EXTENDED_THREAD_INFORMATION {
+ ThreadInfo: SYSTEM_THREAD_INFORMATION,
+ StackBase: PVOID,
+ StackLimit: PVOID,
+ Win32StartAddress: PVOID,
+ TebBase: PTEB,
+ Reserved2: ULONG_PTR,
+ Reserved3: ULONG_PTR,
+ Reserved4: ULONG_PTR,
+}}
+pub type PSYSTEM_EXTENDED_THREAD_INFORMATION = *mut SYSTEM_EXTENDED_THREAD_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESS_INFORMATION {
+ NextEntryOffset: ULONG,
+ NumberOfThreads: ULONG,
+ WorkingSetPrivateSize: LARGE_INTEGER,
+ HardFaultCount: ULONG,
+ NumberOfThreadsHighWatermark: ULONG,
+ CycleTime: ULONGLONG,
+ CreateTime: LARGE_INTEGER,
+ UserTime: LARGE_INTEGER,
+ KernelTime: LARGE_INTEGER,
+ ImageName: UNICODE_STRING,
+ BasePriority: KPRIORITY,
+ UniqueProcessId: HANDLE,
+ InheritedFromUniqueProcessId: HANDLE,
+ HandleCount: ULONG,
+ SessionId: ULONG,
+ UniqueProcessKey: ULONG_PTR,
+ PeakVirtualSize: SIZE_T,
+ VirtualSize: SIZE_T,
+ PageFaultCount: ULONG,
+ PeakWorkingSetSize: SIZE_T,
+ WorkingSetSize: SIZE_T,
+ QuotaPeakPagedPoolUsage: SIZE_T,
+ QuotaPagedPoolUsage: SIZE_T,
+ QuotaPeakNonPagedPoolUsage: SIZE_T,
+ QuotaNonPagedPoolUsage: SIZE_T,
+ PagefileUsage: SIZE_T,
+ PeakPagefileUsage: SIZE_T,
+ PrivatePageCount: SIZE_T,
+ ReadOperationCount: LARGE_INTEGER,
+ WriteOperationCount: LARGE_INTEGER,
+ OtherOperationCount: LARGE_INTEGER,
+ ReadTransferCount: LARGE_INTEGER,
+ WriteTransferCount: LARGE_INTEGER,
+ OtherTransferCount: LARGE_INTEGER,
+ Threads: [SYSTEM_THREAD_INFORMATION; 1],
+}}
+pub type PSYSTEM_PROCESS_INFORMATION = *mut SYSTEM_PROCESS_INFORMATION;
+STRUCT!{struct SYSTEM_CALL_COUNT_INFORMATION {
+ Length: ULONG,
+ NumberOfTables: ULONG,
+}}
+pub type PSYSTEM_CALL_COUNT_INFORMATION = *mut SYSTEM_CALL_COUNT_INFORMATION;
+STRUCT!{struct SYSTEM_DEVICE_INFORMATION {
+ NumberOfDisks: ULONG,
+ NumberOfFloppies: ULONG,
+ NumberOfCdRoms: ULONG,
+ NumberOfTapes: ULONG,
+ NumberOfSerialPorts: ULONG,
+ NumberOfParallelPorts: ULONG,
+}}
+pub type PSYSTEM_DEVICE_INFORMATION = *mut SYSTEM_DEVICE_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION {
+ IdleTime: LARGE_INTEGER,
+ KernelTime: LARGE_INTEGER,
+ UserTime: LARGE_INTEGER,
+ DpcTime: LARGE_INTEGER,
+ InterruptTime: LARGE_INTEGER,
+ InterruptCount: ULONG,
+}}
+pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION = *mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;
+STRUCT!{struct SYSTEM_FLAGS_INFORMATION {
+ Flags: ULONG,
+}}
+pub type PSYSTEM_FLAGS_INFORMATION = *mut SYSTEM_FLAGS_INFORMATION;
+STRUCT!{struct SYSTEM_CALL_TIME_INFORMATION {
+ Length: ULONG,
+ TotalCalls: ULONG,
+ TimeOfCalls: [LARGE_INTEGER; 1],
+}}
+pub type PSYSTEM_CALL_TIME_INFORMATION = *mut SYSTEM_CALL_TIME_INFORMATION;
+STRUCT!{struct RTL_PROCESS_LOCK_INFORMATION {
+ Address: PVOID,
+ Type: USHORT,
+ CreatorBackTraceIndex: USHORT,
+ OwningThread: HANDLE,
+ LockCount: LONG,
+ ContentionCount: ULONG,
+ EntryCount: ULONG,
+ RecursionCount: LONG,
+ NumberOfWaitingShared: ULONG,
+ NumberOfWaitingExclusive: ULONG,
+}}
+pub type PRTL_PROCESS_LOCK_INFORMATION = *mut RTL_PROCESS_LOCK_INFORMATION;
+STRUCT!{struct RTL_PROCESS_LOCKS {
+ NumberOfLocks: ULONG,
+ Locks: [RTL_PROCESS_LOCK_INFORMATION; 1],
+}}
+pub type PRTL_PROCESS_LOCKS = *mut RTL_PROCESS_LOCKS;
+STRUCT!{struct RTL_PROCESS_BACKTRACE_INFORMATION {
+ SymbolicBackTrace: PCHAR,
+ TraceCount: ULONG,
+ Index: USHORT,
+ Depth: USHORT,
+ BackTrace: [PVOID; 32],
+}}
+pub type PRTL_PROCESS_BACKTRACE_INFORMATION = *mut RTL_PROCESS_BACKTRACE_INFORMATION;
+STRUCT!{struct RTL_PROCESS_BACKTRACES {
+ CommittedMemory: ULONG,
+ ReservedMemory: ULONG,
+ NumberOfBackTraceLookups: ULONG,
+ NumberOfBackTraces: ULONG,
+ BackTraces: [RTL_PROCESS_BACKTRACE_INFORMATION; 1],
+}}
+pub type PRTL_PROCESS_BACKTRACES = *mut RTL_PROCESS_BACKTRACES;
+STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO {
+ UniqueProcessId: USHORT,
+ CreatorBackTraceIndex: USHORT,
+ ObjectTypeIndex: UCHAR,
+ HandleAttributes: UCHAR,
+ HandleValue: USHORT,
+ Object: PVOID,
+ GrantedAccess: ULONG,
+}}
+pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO;
+STRUCT!{struct SYSTEM_HANDLE_INFORMATION {
+ NumberOfHandles: ULONG,
+ Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO; 1],
+}}
+pub type PSYSTEM_HANDLE_INFORMATION = *mut SYSTEM_HANDLE_INFORMATION;
+STRUCT!{struct SYSTEM_OBJECTTYPE_INFORMATION {
+ NextEntryOffset: ULONG,
+ NumberOfObjects: ULONG,
+ NumberOfHandles: ULONG,
+ TypeIndex: ULONG,
+ InvalidAttributes: ULONG,
+ GenericMapping: GENERIC_MAPPING,
+ ValidAccessMask: ULONG,
+ PoolType: ULONG,
+ SecurityRequired: BOOLEAN,
+ WaitableObject: BOOLEAN,
+ TypeName: UNICODE_STRING,
+}}
+pub type PSYSTEM_OBJECTTYPE_INFORMATION = *mut SYSTEM_OBJECTTYPE_INFORMATION;
+STRUCT!{struct SYSTEM_OBJECT_INFORMATION {
+ NextEntryOffset: ULONG,
+ Object: PVOID,
+ CreatorUniqueProcess: HANDLE,
+ CreatorBackTraceIndex: USHORT,
+ Flags: USHORT,
+ PointerCount: LONG,
+ HandleCount: LONG,
+ PagedPoolCharge: ULONG,
+ NonPagedPoolCharge: ULONG,
+ ExclusiveProcessId: HANDLE,
+ SecurityDescriptor: PVOID,
+ NameInfo: UNICODE_STRING,
+}}
+pub type PSYSTEM_OBJECT_INFORMATION = *mut SYSTEM_OBJECT_INFORMATION;
+STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION {
+ NextEntryOffset: ULONG,
+ TotalSize: ULONG,
+ TotalInUse: ULONG,
+ PeakUsage: ULONG,
+ PageFileName: UNICODE_STRING,
+}}
+pub type PSYSTEM_PAGEFILE_INFORMATION = *mut SYSTEM_PAGEFILE_INFORMATION;
+pub const MM_WORKING_SET_MAX_HARD_ENABLE: ULONG = 0x1;
+pub const MM_WORKING_SET_MAX_HARD_DISABLE: ULONG = 0x2;
+pub const MM_WORKING_SET_MIN_HARD_ENABLE: ULONG = 0x4;
+pub const MM_WORKING_SET_MIN_HARD_DISABLE: ULONG = 0x8;
+STRUCT!{struct SYSTEM_FILECACHE_INFORMATION {
+ CurrentSize: SIZE_T,
+ PeakSize: SIZE_T,
+ PageFaultCount: ULONG,
+ MinimumWorkingSet: SIZE_T,
+ MaximumWorkingSet: SIZE_T,
+ CurrentSizeIncludingTransitionInPages: SIZE_T,
+ PeakSizeIncludingTransitionInPages: SIZE_T,
+ TransitionRePurposeCount: ULONG,
+ Flags: ULONG,
+}}
+pub type PSYSTEM_FILECACHE_INFORMATION = *mut SYSTEM_FILECACHE_INFORMATION;
+STRUCT!{struct SYSTEM_BASIC_WORKING_SET_INFORMATION {
+ CurrentSize: SIZE_T,
+ PeakSize: SIZE_T,
+ PageFaultCount: ULONG,
+}}
+pub type PSYSTEM_BASIC_WORKING_SET_INFORMATION = *mut SYSTEM_BASIC_WORKING_SET_INFORMATION;
+UNION!{union SYSTEM_POOLTAG_u {
+ Tag: [UCHAR; 4],
+ TagUlong: ULONG,
+}}
+STRUCT!{struct SYSTEM_POOLTAG {
+ u: SYSTEM_POOLTAG_u,
+ PagedAllocs: ULONG,
+ PagedFrees: ULONG,
+ PagedUsed: SIZE_T,
+ NonPagedAllocs: ULONG,
+ NonPagedFrees: ULONG,
+ NonPagedUsed: SIZE_T,
+}}
+pub type PSYSTEM_POOLTAG = *mut SYSTEM_POOLTAG;
+STRUCT!{struct SYSTEM_POOLTAG_INFORMATION {
+ Count: ULONG,
+ TagInfo: [SYSTEM_POOLTAG; 1],
+}}
+pub type PSYSTEM_POOLTAG_INFORMATION = *mut SYSTEM_POOLTAG_INFORMATION;
+STRUCT!{struct SYSTEM_INTERRUPT_INFORMATION {
+ ContextSwitches: ULONG,
+ DpcCount: ULONG,
+ DpcRate: ULONG,
+ TimeIncrement: ULONG,
+ DpcBypassCount: ULONG,
+ ApcBypassCount: ULONG,
+}}
+pub type PSYSTEM_INTERRUPT_INFORMATION = *mut SYSTEM_INTERRUPT_INFORMATION;
+STRUCT!{struct SYSTEM_DPC_BEHAVIOR_INFORMATION {
+ Spare: ULONG,
+ DpcQueueDepth: ULONG,
+ MinimumDpcRate: ULONG,
+ AdjustDpcThreshold: ULONG,
+ IdealDpcRate: ULONG,
+}}
+pub type PSYSTEM_DPC_BEHAVIOR_INFORMATION = *mut SYSTEM_DPC_BEHAVIOR_INFORMATION;
+STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION {
+ TimeAdjustment: ULONG,
+ TimeIncrement: ULONG,
+ Enable: BOOLEAN,
+}}
+pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION = *mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION;
+STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE {
+ TimeAdjustment: ULONGLONG,
+ TimeIncrement: ULONGLONG,
+ Enable: BOOLEAN,
+}}
+pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE =
+ *mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE;
+STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION {
+ TimeAdjustment: ULONG,
+ Enable: BOOLEAN,
+}}
+pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION = *mut SYSTEM_SET_TIME_ADJUST_INFORMATION;
+STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE {
+ TimeAdjustment: ULONGLONG,
+ Enable: BOOLEAN,
+}}
+pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE =
+ *mut SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE;
+ENUM!{enum EVENT_TRACE_INFORMATION_CLASS {
+ EventTraceKernelVersionInformation = 0,
+ EventTraceGroupMaskInformation = 1,
+ EventTracePerformanceInformation = 2,
+ EventTraceTimeProfileInformation = 3,
+ EventTraceSessionSecurityInformation = 4,
+ EventTraceSpinlockInformation = 5,
+ EventTraceStackTracingInformation = 6,
+ EventTraceExecutiveResourceInformation = 7,
+ EventTraceHeapTracingInformation = 8,
+ EventTraceHeapSummaryTracingInformation = 9,
+ EventTracePoolTagFilterInformation = 10,
+ EventTracePebsTracingInformation = 11,
+ EventTraceProfileConfigInformation = 12,
+ EventTraceProfileSourceListInformation = 13,
+ EventTraceProfileEventListInformation = 14,
+ EventTraceProfileCounterListInformation = 15,
+ EventTraceStackCachingInformation = 16,
+ EventTraceObjectTypeFilterInformation = 17,
+ EventTraceSoftRestartInformation = 18,
+ EventTraceLastBranchConfigurationInformation = 19,
+ EventTraceLastBranchEventListInformation = 20,
+ EventTraceProfileSourceAddInformation = 21,
+ EventTraceProfileSourceRemoveInformation = 22,
+ EventTraceProcessorTraceConfigurationInformation = 23,
+ EventTraceProcessorTraceEventListInformation = 24,
+ EventTraceCoverageSamplerInformation = 25,
+ MaxEventTraceInfoClass = 26,
+}}
+STRUCT!{struct EVENT_TRACE_VERSION_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ EventTraceKernelVersion: ULONG,
+}}
+pub type PEVENT_TRACE_VERSION_INFORMATION = *mut EVENT_TRACE_VERSION_INFORMATION;
+STRUCT!{struct PERFINFO_GROUPMASK {
+ Masks: [ULONG; 8],
+}}
+pub type PPERFINFO_GROUPMASK = *mut PERFINFO_GROUPMASK;
+STRUCT!{struct EVENT_TRACE_GROUPMASK_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ TraceHandle: HANDLE,
+ EventTraceGroupMasks: PERFINFO_GROUPMASK,
+}}
+pub type PEVENT_TRACE_GROUPMASK_INFORMATION = *mut EVENT_TRACE_GROUPMASK_INFORMATION;
+STRUCT!{struct EVENT_TRACE_PERFORMANCE_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ LogfileBytesWritten: LARGE_INTEGER,
+}}
+pub type PEVENT_TRACE_PERFORMANCE_INFORMATION = *mut EVENT_TRACE_PERFORMANCE_INFORMATION;
+STRUCT!{struct EVENT_TRACE_TIME_PROFILE_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ ProfileInterval: ULONG,
+}}
+pub type PEVENT_TRACE_TIME_PROFILE_INFORMATION = *mut EVENT_TRACE_TIME_PROFILE_INFORMATION;
+STRUCT!{struct EVENT_TRACE_SESSION_SECURITY_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ SecurityInformation: ULONG,
+ TraceHandle: HANDLE,
+ SecurityDescriptor: [UCHAR; 1],
+}}
+pub type PEVENT_TRACE_SESSION_SECURITY_INFORMATION = *mut EVENT_TRACE_SESSION_SECURITY_INFORMATION;
+STRUCT!{struct EVENT_TRACE_SPINLOCK_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ SpinLockSpinThreshold: ULONG,
+ SpinLockAcquireSampleRate: ULONG,
+ SpinLockContentionSampleRate: ULONG,
+ SpinLockHoldThreshold: ULONG,
+}}
+pub type PEVENT_TRACE_SPINLOCK_INFORMATION = *mut EVENT_TRACE_SPINLOCK_INFORMATION;
+STRUCT!{struct EVENT_TRACE_SYSTEM_EVENT_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ TraceHandle: HANDLE,
+ HookId: [ULONG; 1],
+}}
+pub type PEVENT_TRACE_SYSTEM_EVENT_INFORMATION = *mut EVENT_TRACE_SYSTEM_EVENT_INFORMATION;
+STRUCT!{struct EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ ReleaseSamplingRate: ULONG,
+ ContentionSamplingRate: ULONG,
+ NumberOfExcessiveTimeouts: ULONG,
+}}
+pub type PEVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION =
+ *mut EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION;
+STRUCT!{struct EVENT_TRACE_HEAP_TRACING_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ ProcessId: ULONG,
+}}
+pub type PEVENT_TRACE_HEAP_TRACING_INFORMATION = *mut EVENT_TRACE_HEAP_TRACING_INFORMATION;
+STRUCT!{struct EVENT_TRACE_TAG_FILTER_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ TraceHandle: HANDLE,
+ Filter: [ULONG; 1],
+}}
+pub type PEVENT_TRACE_TAG_FILTER_INFORMATION = *mut EVENT_TRACE_TAG_FILTER_INFORMATION;
+STRUCT!{struct EVENT_TRACE_PROFILE_COUNTER_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ TraceHandle: HANDLE,
+ ProfileSource: [ULONG; 1],
+}}
+pub type PEVENT_TRACE_PROFILE_COUNTER_INFORMATION = *mut EVENT_TRACE_PROFILE_COUNTER_INFORMATION;
+STRUCT!{struct EVENT_TRACE_PROFILE_LIST_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ Spare: ULONG,
+ Profile: [*mut PROFILE_SOURCE_INFO; 1],
+}}
+pub type PEVENT_TRACE_PROFILE_LIST_INFORMATION = *mut EVENT_TRACE_PROFILE_LIST_INFORMATION;
+STRUCT!{struct EVENT_TRACE_STACK_CACHING_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ TraceHandle: HANDLE,
+ Enabled: BOOLEAN,
+ Reserved: [UCHAR; 3],
+ CacheSize: ULONG,
+ BucketCount: ULONG,
+}}
+pub type PEVENT_TRACE_STACK_CACHING_INFORMATION = *mut EVENT_TRACE_STACK_CACHING_INFORMATION;
+STRUCT!{struct EVENT_TRACE_SOFT_RESTART_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ TraceHandle: HANDLE,
+ PersistTraceBuffers: BOOLEAN,
+ FileName: [WCHAR; 1],
+}}
+pub type PEVENT_TRACE_SOFT_RESTART_INFORMATION = *mut EVENT_TRACE_SOFT_RESTART_INFORMATION;
+STRUCT!{struct EVENT_TRACE_PROFILE_ADD_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ PerfEvtEventSelect: BOOLEAN,
+ PerfEvtUnitSelect: BOOLEAN,
+ PerfEvtType: ULONG,
+ CpuInfoHierarchy: [ULONG; 3],
+ InitialInterval: ULONG,
+ AllowsHalt: BOOLEAN,
+ Persist: BOOLEAN,
+ ProfileSourceDescription: [WCHAR; 1],
+}}
+pub type PEVENT_TRACE_PROFILE_ADD_INFORMATION = *mut EVENT_TRACE_PROFILE_ADD_INFORMATION;
+STRUCT!{struct EVENT_TRACE_PROFILE_REMOVE_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ ProfileSource: KPROFILE_SOURCE,
+ CpuInfoHierarchy: [ULONG; 3],
+}}
+pub type PEVENT_TRACE_PROFILE_REMOVE_INFORMATION = *mut EVENT_TRACE_PROFILE_REMOVE_INFORMATION;
+STRUCT!{struct EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ CoverageSamplerInformationClass: BOOLEAN,
+ MajorVersion: UCHAR,
+ MinorVersion: UCHAR,
+ Reserved: UCHAR,
+ SamplerHandle: HANDLE,
+}}
+pub type PEVENT_TRACE_COVERAGE_SAMPLER_INFORMATION = *mut EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION;
+STRUCT!{struct SYSTEM_EXCEPTION_INFORMATION {
+ AlignmentFixupCount: ULONG,
+ ExceptionDispatchCount: ULONG,
+ FloatingEmulationCount: ULONG,
+ ByteWordEmulationCount: ULONG,
+}}
+pub type PSYSTEM_EXCEPTION_INFORMATION = *mut SYSTEM_EXCEPTION_INFORMATION;
+STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION {
+ KernelDebuggerEnabled: BOOLEAN,
+ KernelDebuggerNotPresent: BOOLEAN,
+}}
+pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION;
+STRUCT!{struct SYSTEM_CONTEXT_SWITCH_INFORMATION {
+ ContextSwitches: ULONG,
+ FindAny: ULONG,
+ FindLast: ULONG,
+ FindIdeal: ULONG,
+ IdleAny: ULONG,
+ IdleCurrent: ULONG,
+ IdleLast: ULONG,
+ IdleIdeal: ULONG,
+ PreemptAny: ULONG,
+ PreemptCurrent: ULONG,
+ PreemptLast: ULONG,
+ SwitchToIdle: ULONG,
+}}
+pub type PSYSTEM_CONTEXT_SWITCH_INFORMATION = *mut SYSTEM_CONTEXT_SWITCH_INFORMATION;
+STRUCT!{struct SYSTEM_REGISTRY_QUOTA_INFORMATION {
+ RegistryQuotaAllowed: ULONG,
+ RegistryQuotaUsed: ULONG,
+ PagedPoolSize: SIZE_T,
+}}
+pub type PSYSTEM_REGISTRY_QUOTA_INFORMATION = *mut SYSTEM_REGISTRY_QUOTA_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_IDLE_INFORMATION {
+ IdleTime: ULONGLONG,
+ C1Time: ULONGLONG,
+ C2Time: ULONGLONG,
+ C3Time: ULONGLONG,
+ C1Transitions: ULONG,
+ C2Transitions: ULONG,
+ C3Transitions: ULONG,
+ Padding: ULONG,
+}}
+pub type PSYSTEM_PROCESSOR_IDLE_INFORMATION = *mut SYSTEM_PROCESSOR_IDLE_INFORMATION;
+STRUCT!{struct SYSTEM_LEGACY_DRIVER_INFORMATION {
+ VetoType: ULONG,
+ VetoList: UNICODE_STRING,
+}}
+pub type PSYSTEM_LEGACY_DRIVER_INFORMATION = *mut SYSTEM_LEGACY_DRIVER_INFORMATION;
+STRUCT!{struct SYSTEM_LOOKASIDE_INFORMATION {
+ CurrentDepth: USHORT,
+ MaximumDepth: USHORT,
+ TotalAllocates: ULONG,
+ AllocateMisses: ULONG,
+ TotalFrees: ULONG,
+ FreeMisses: ULONG,
+ Type: ULONG,
+ Tag: ULONG,
+ Size: ULONG,
+}}
+pub type PSYSTEM_LOOKASIDE_INFORMATION = *mut SYSTEM_LOOKASIDE_INFORMATION;
+STRUCT!{struct SYSTEM_RANGE_START_INFORMATION {
+ SystemRangeStart: PVOID,
+}}
+pub type PSYSTEM_RANGE_START_INFORMATION = *mut SYSTEM_RANGE_START_INFORMATION;
+STRUCT!{struct SYSTEM_VERIFIER_INFORMATION {
+ NextEntryOffset: ULONG,
+ Level: ULONG,
+ DriverName: UNICODE_STRING,
+ RaiseIrqls: ULONG,
+ AcquireSpinLocks: ULONG,
+ SynchronizeExecutions: ULONG,
+ AllocationsAttempted: ULONG,
+ AllocationsSucceeded: ULONG,
+ AllocationsSucceededSpecialPool: ULONG,
+ AllocationsWithNoTag: ULONG,
+ TrimRequests: ULONG,
+ Trims: ULONG,
+ AllocationsFailed: ULONG,
+ AllocationsFailedDeliberately: ULONG,
+ Loads: ULONG,
+ Unloads: ULONG,
+ UnTrackedPool: ULONG,
+ CurrentPagedPoolAllocations: ULONG,
+ CurrentNonPagedPoolAllocations: ULONG,
+ PeakPagedPoolAllocations: ULONG,
+ PeakNonPagedPoolAllocations: ULONG,
+ PagedPoolUsageInBytes: SIZE_T,
+ NonPagedPoolUsageInBytes: SIZE_T,
+ PeakPagedPoolUsageInBytes: SIZE_T,
+ PeakNonPagedPoolUsageInBytes: SIZE_T,
+}}
+pub type PSYSTEM_VERIFIER_INFORMATION = *mut SYSTEM_VERIFIER_INFORMATION;
+STRUCT!{struct SYSTEM_SESSION_PROCESS_INFORMATION {
+ SessionId: ULONG,
+ SizeOfBuf: ULONG,
+ Buffer: PVOID,
+}}
+pub type PSYSTEM_SESSION_PROCESS_INFORMATION = *mut SYSTEM_SESSION_PROCESS_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_POWER_INFORMATION {
+ CurrentFrequency: UCHAR,
+ ThermalLimitFrequency: UCHAR,
+ ConstantThrottleFrequency: UCHAR,
+ DegradedThrottleFrequency: UCHAR,
+ LastBusyFrequency: UCHAR,
+ LastC3Frequency: UCHAR,
+ LastAdjustedBusyFrequency: UCHAR,
+ ProcessorMinThrottle: UCHAR,
+ ProcessorMaxThrottle: UCHAR,
+ NumberOfFrequencies: ULONG,
+ PromotionCount: ULONG,
+ DemotionCount: ULONG,
+ ErrorCount: ULONG,
+ RetryCount: ULONG,
+ CurrentFrequencyTime: ULONGLONG,
+ CurrentProcessorTime: ULONGLONG,
+ CurrentProcessorIdleTime: ULONGLONG,
+ LastProcessorTime: ULONGLONG,
+ LastProcessorIdleTime: ULONGLONG,
+ Energy: ULONGLONG,
+}}
+pub type PSYSTEM_PROCESSOR_POWER_INFORMATION = *mut SYSTEM_PROCESSOR_POWER_INFORMATION;
+STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX {
+ Object: PVOID,
+ UniqueProcessId: ULONG_PTR,
+ HandleValue: ULONG_PTR,
+ GrantedAccess: ULONG,
+ CreatorBackTraceIndex: USHORT,
+ ObjectTypeIndex: USHORT,
+ HandleAttributes: ULONG,
+ Reserved: ULONG,
+}}
+pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX;
+STRUCT!{struct SYSTEM_HANDLE_INFORMATION_EX {
+ NumberOfHandles: ULONG_PTR,
+ Reserved: ULONG_PTR,
+ Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; 1],
+}}
+pub type PSYSTEM_HANDLE_INFORMATION_EX = *mut SYSTEM_HANDLE_INFORMATION_EX;
+UNION!{union SYSTEM_BIGPOOL_ENTRY_u1 {
+ VirtualAddress: PVOID,
+ Bitfields: ULONG_PTR,
+}}
+UNION!{union SYSTEM_BIGPOOL_ENTRY_u2 {
+ Tag: [UCHAR; 4],
+ TagUlong: ULONG,
+}}
+BITFIELD!{unsafe SYSTEM_BIGPOOL_ENTRY_u1 Bitfields: ULONG_PTR [
+ NonPaged set_NonPaged[0..1],
+]}
+STRUCT!{struct SYSTEM_BIGPOOL_ENTRY {
+ u1: SYSTEM_BIGPOOL_ENTRY_u1,
+ SizeInBytes: SIZE_T,
+ u2: SYSTEM_BIGPOOL_ENTRY_u2,
+}}
+pub type PSYSTEM_BIGPOOL_ENTRY = *mut SYSTEM_BIGPOOL_ENTRY;
+STRUCT!{struct SYSTEM_BIGPOOL_INFORMATION {
+ Count: ULONG,
+ AllocatedInfo: [SYSTEM_BIGPOOL_ENTRY; 1],
+}}
+pub type PSYSTEM_BIGPOOL_INFORMATION = *mut SYSTEM_BIGPOOL_INFORMATION;
+UNION!{union SYSTEM_POOL_ENTRY_u {
+ Tag: [UCHAR; 4],
+ TagUlong: ULONG,
+ ProcessChargedQuota: PVOID,
+}}
+STRUCT!{struct SYSTEM_POOL_ENTRY {
+ Allocated: BOOLEAN,
+ Spare0: BOOLEAN,
+ AllocatorBackTraceIndex: USHORT,
+ Size: ULONG,
+ u: SYSTEM_POOL_ENTRY_u,
+}}
+pub type PSYSTEM_POOL_ENTRY = *mut SYSTEM_POOL_ENTRY;
+STRUCT!{struct SYSTEM_POOL_INFORMATION {
+ TotalSize: SIZE_T,
+ FirstEntry: PVOID,
+ EntryOverhead: USHORT,
+ PoolTagPresent: BOOLEAN,
+ Spare0: BOOLEAN,
+ NumberOfEntries: ULONG,
+ Entries: [SYSTEM_POOL_ENTRY; 1],
+}}
+pub type PSYSTEM_POOL_INFORMATION = *mut SYSTEM_POOL_INFORMATION;
+STRUCT!{struct SYSTEM_SESSION_POOLTAG_INFORMATION {
+ NextEntryOffset: SIZE_T,
+ SessionId: ULONG,
+ Count: ULONG,
+ TagInfo: [SYSTEM_POOLTAG; 1],
+}}
+pub type PSYSTEM_SESSION_POOLTAG_INFORMATION = *mut SYSTEM_SESSION_POOLTAG_INFORMATION;
+STRUCT!{struct SYSTEM_SESSION_MAPPED_VIEW_INFORMATION {
+ NextEntryOffset: SIZE_T,
+ SessionId: ULONG,
+ ViewFailures: ULONG,
+ NumberOfBytesAvailable: SIZE_T,
+ NumberOfBytesAvailableContiguous: SIZE_T,
+}}
+pub type PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION = *mut SYSTEM_SESSION_MAPPED_VIEW_INFORMATION;
+ENUM!{enum SYSTEM_FIRMWARE_TABLE_ACTION {
+ SystemFirmwareTableEnumerate = 0,
+ SystemFirmwareTableGet = 1,
+ SystemFirmwareTableMax = 2,
+}}
+STRUCT!{struct SYSTEM_FIRMWARE_TABLE_INFORMATION {
+ ProviderSignature: ULONG,
+ Action: SYSTEM_FIRMWARE_TABLE_ACTION,
+ TableID: ULONG,
+ TableBufferLength: ULONG,
+ TableBuffer: [UCHAR; 1],
+}}
+pub type PSYSTEM_FIRMWARE_TABLE_INFORMATION = *mut SYSTEM_FIRMWARE_TABLE_INFORMATION;
+STRUCT!{struct SYSTEM_MEMORY_LIST_INFORMATION {
+ ZeroPageCount: ULONG_PTR,
+ FreePageCount: ULONG_PTR,
+ ModifiedPageCount: ULONG_PTR,
+ ModifiedNoWritePageCount: ULONG_PTR,
+ BadPageCount: ULONG_PTR,
+ PageCountByPriority: [ULONG_PTR; 8],
+ RepurposedPagesByPriority: [ULONG_PTR; 8],
+ ModifiedPageCountPageFile: ULONG_PTR,
+}}
+pub type PSYSTEM_MEMORY_LIST_INFORMATION = *mut SYSTEM_MEMORY_LIST_INFORMATION;
+ENUM!{enum SYSTEM_MEMORY_LIST_COMMAND {
+ MemoryCaptureAccessedBits = 0,
+ MemoryCaptureAndResetAccessedBits = 1,
+ MemoryEmptyWorkingSets = 2,
+ MemoryFlushModifiedList = 3,
+ MemoryPurgeStandbyList = 4,
+ MemoryPurgeLowPriorityStandbyList = 5,
+ MemoryCommandMax = 6,
+}}
+STRUCT!{struct SYSTEM_THREAD_CID_PRIORITY_INFORMATION {
+ ClientId: CLIENT_ID,
+ Priority: KPRIORITY,
+}}
+pub type PSYSTEM_THREAD_CID_PRIORITY_INFORMATION = *mut SYSTEM_THREAD_CID_PRIORITY_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION {
+ CycleTime: ULONGLONG,
+}}
+pub type PSYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION =
+ *mut SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION;
+STRUCT!{struct SYSTEM_REF_TRACE_INFORMATION {
+ TraceEnable: BOOLEAN,
+ TracePermanent: BOOLEAN,
+ TraceProcessName: UNICODE_STRING,
+ TracePoolTags: UNICODE_STRING,
+}}
+pub type PSYSTEM_REF_TRACE_INFORMATION = *mut SYSTEM_REF_TRACE_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESS_ID_INFORMATION {
+ ProcessId: HANDLE,
+ ImageName: UNICODE_STRING,
+}}
+pub type PSYSTEM_PROCESS_ID_INFORMATION = *mut SYSTEM_PROCESS_ID_INFORMATION;
+STRUCT!{struct SYSTEM_BOOT_ENVIRONMENT_INFORMATION {
+ BootIdentifier: GUID,
+ FirmwareType: FIRMWARE_TYPE,
+ BootFlags: ULONGLONG,
+}}
+BITFIELD!{SYSTEM_BOOT_ENVIRONMENT_INFORMATION BootFlags: ULONGLONG [
+ DbgMenuOsSelection set_DbgMenuOsSelection[0..1],
+ DbgHiberBoot set_DbgHiberBoot[1..2],
+ DbgSoftBoot set_DbgSoftBoot[2..3],
+ DbgMeasuredLaunch set_DbgMeasuredLaunch[3..4],
+]}
+pub type PSYSTEM_BOOT_ENVIRONMENT_INFORMATION = *mut SYSTEM_BOOT_ENVIRONMENT_INFORMATION;
+STRUCT!{struct SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION {
+ FlagsToEnable: ULONG,
+ FlagsToDisable: ULONG,
+}}
+pub type PSYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION =
+ *mut SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION;
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX {
+ VerifyMode: ULONG,
+ OptionChanges: ULONG,
+ PreviousBucketName: UNICODE_STRING,
+ IrpCancelTimeoutMsec: ULONG,
+ VerifierExtensionEnabled: ULONG,
+ Reserved: [ULONG; 1],
+}}
+#[cfg(target_arch = "x86")]
+STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX {
+ VerifyMode: ULONG,
+ OptionChanges: ULONG,
+ PreviousBucketName: UNICODE_STRING,
+ IrpCancelTimeoutMsec: ULONG,
+ VerifierExtensionEnabled: ULONG,
+ Reserved: [ULONG; 3],
+}}
+pub type PSYSTEM_VERIFIER_INFORMATION_EX = *mut SYSTEM_VERIFIER_INFORMATION_EX;
+STRUCT!{struct SYSTEM_SYSTEM_PARTITION_INFORMATION {
+ SystemPartition: UNICODE_STRING,
+}}
+pub type PSYSTEM_SYSTEM_PARTITION_INFORMATION = *mut SYSTEM_SYSTEM_PARTITION_INFORMATION;
+STRUCT!{struct SYSTEM_SYSTEM_DISK_INFORMATION {
+ SystemDisk: UNICODE_STRING,
+}}
+pub type PSYSTEM_SYSTEM_DISK_INFORMATION = *mut SYSTEM_SYSTEM_DISK_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT {
+ Hits: ULONGLONG,
+ PercentFrequency: UCHAR,
+}}
+pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT = *mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT;
+STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 {
+ Hits: ULONG,
+ PercentFrequency: UCHAR,
+}}
+pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 =
+ *mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8;
+STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION {
+ ProcessorNumber: ULONG,
+ StateCount: ULONG,
+ States: [SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; 1],
+}}
+pub type PSYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION =
+ *mut SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION;
+STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION {
+ ProcessorCount: ULONG,
+ Offsets: [ULONG; 1],
+}}
+pub type PSYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION =
+ *mut SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION;
+STRUCT!{struct SYSTEM_CODEINTEGRITY_INFORMATION {
+ Length: ULONG,
+ CodeIntegrityOptions: ULONG,
+}}
+pub type PSYSTEM_CODEINTEGRITY_INFORMATION = *mut SYSTEM_CODEINTEGRITY_INFORMATION;
+ENUM!{enum SYSTEM_VA_TYPE {
+ SystemVaTypeAll = 0,
+ SystemVaTypeNonPagedPool = 1,
+ SystemVaTypePagedPool = 2,
+ SystemVaTypeSystemCache = 3,
+ SystemVaTypeSystemPtes = 4,
+ SystemVaTypeSessionSpace = 5,
+ SystemVaTypeMax = 6,
+}}
+pub type PSYSTEM_VA_TYPE = *mut SYSTEM_VA_TYPE;
+STRUCT!{struct SYSTEM_VA_LIST_INFORMATION {
+ VirtualSize: SIZE_T,
+ VirtualPeak: SIZE_T,
+ VirtualLimit: SIZE_T,
+ AllocationFailures: SIZE_T,
+}}
+pub type PSYSTEM_VA_LIST_INFORMATION = *mut SYSTEM_VA_LIST_INFORMATION;
+STRUCT!{struct SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS {
+ KeyHandle: HANDLE,
+ ValueNamePointer: PUNICODE_STRING,
+ RequiredLengthPointer: PULONG,
+ Buffer: PUCHAR,
+ BufferLength: ULONG,
+ Type: ULONG,
+ AppendBuffer: PUCHAR,
+ AppendBufferLength: ULONG,
+ CreateIfDoesntExist: BOOLEAN,
+ TruncateExistingValue: BOOLEAN,
+}}
+pub type PSYSTEM_REGISTRY_APPEND_STRING_PARAMETERS = *mut SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS;
+STRUCT!{struct SYSTEM_VHD_BOOT_INFORMATION {
+ OsDiskIsVhd: BOOLEAN,
+ OsVhdFilePathOffset: ULONG,
+ OsVhdParentVolume: [WCHAR; ANYSIZE_ARRAY],
+}}
+pub type PSYSTEM_VHD_BOOT_INFORMATION = *mut SYSTEM_VHD_BOOT_INFORMATION;
+STRUCT!{struct SYSTEM_LOW_PRIORITY_IO_INFORMATION {
+ LowPriReadOperations: ULONG,
+ LowPriWriteOperations: ULONG,
+ KernelBumpedToNormalOperations: ULONG,
+ LowPriPagingReadOperations: ULONG,
+ KernelPagingReadsBumpedToNormal: ULONG,
+ LowPriPagingWriteOperations: ULONG,
+ KernelPagingWritesBumpedToNormal: ULONG,
+ BoostedIrpCount: ULONG,
+ BoostedPagingIrpCount: ULONG,
+ BlanketBoostCount: ULONG,
+}}
+pub type PSYSTEM_LOW_PRIORITY_IO_INFORMATION = *mut SYSTEM_LOW_PRIORITY_IO_INFORMATION;
+ENUM!{enum TPM_BOOT_ENTROPY_RESULT_CODE {
+ TpmBootEntropyStructureUninitialized = 0,
+ TpmBootEntropyDisabledByPolicy = 1,
+ TpmBootEntropyNoTpmFound = 2,
+ TpmBootEntropyTpmError = 3,
+ TpmBootEntropySuccess = 4,
+}}
+STRUCT!{struct TPM_BOOT_ENTROPY_NT_RESULT {
+ Policy: ULONGLONG,
+ ResultCode: TPM_BOOT_ENTROPY_RESULT_CODE,
+ ResultStatus: NTSTATUS,
+ Time: ULONGLONG,
+ EntropyLength: ULONG,
+ EntropyData: [UCHAR; 40],
+}}
+pub type PTPM_BOOT_ENTROPY_NT_RESULT = *mut TPM_BOOT_ENTROPY_NT_RESULT;
+STRUCT!{struct SYSTEM_VERIFIER_COUNTERS_INFORMATION {
+ Legacy: SYSTEM_VERIFIER_INFORMATION,
+ RaiseIrqls: ULONG,
+ AcquireSpinLocks: ULONG,
+ SynchronizeExecutions: ULONG,
+ AllocationsWithNoTag: ULONG,
+ AllocationsFailed: ULONG,
+ AllocationsFailedDeliberately: ULONG,
+ LockedBytes: SIZE_T,
+ PeakLockedBytes: SIZE_T,
+ MappedLockedBytes: SIZE_T,
+ PeakMappedLockedBytes: SIZE_T,
+ MappedIoSpaceBytes: SIZE_T,
+ PeakMappedIoSpaceBytes: SIZE_T,
+ PagesForMdlBytes: SIZE_T,
+ PeakPagesForMdlBytes: SIZE_T,
+ ContiguousMemoryBytes: SIZE_T,
+ PeakContiguousMemoryBytes: SIZE_T,
+ ExecutePoolTypes: ULONG,
+ ExecutePageProtections: ULONG,
+ ExecutePageMappings: ULONG,
+ ExecuteWriteSections: ULONG,
+ SectionAlignmentFailures: ULONG,
+ UnsupportedRelocs: ULONG,
+ IATInExecutableSection: ULONG,
+}}
+pub type PSYSTEM_VERIFIER_COUNTERS_INFORMATION = *mut SYSTEM_VERIFIER_COUNTERS_INFORMATION;
+STRUCT!{struct SYSTEM_ACPI_AUDIT_INFORMATION {
+ RsdpCount: ULONG,
+ Bitfields: ULONG,
+}}
+BITFIELD!{SYSTEM_ACPI_AUDIT_INFORMATION Bitfields: ULONG [
+ SameRsdt set_SameRsdt[0..1],
+ SlicPresent set_SlicPresent[1..2],
+ SlicDifferent set_SlicDifferent[2..3],
+]}
+pub type PSYSTEM_ACPI_AUDIT_INFORMATION = *mut SYSTEM_ACPI_AUDIT_INFORMATION;
+STRUCT!{struct SYSTEM_BASIC_PERFORMANCE_INFORMATION {
+ AvailablePages: SIZE_T,
+ CommittedPages: SIZE_T,
+ CommitLimit: SIZE_T,
+ PeakCommitment: SIZE_T,
+}}
+pub type PSYSTEM_BASIC_PERFORMANCE_INFORMATION = *mut SYSTEM_BASIC_PERFORMANCE_INFORMATION;
+STRUCT!{struct QUERY_PERFORMANCE_COUNTER_FLAGS {
+ ul: ULONG,
+}}
+BITFIELD!{QUERY_PERFORMANCE_COUNTER_FLAGS ul: ULONG [
+ KernelTransition set_KernelTransition[0..1],
+ Reserved set_Reserved[1..32],
+]}
+STRUCT!{struct SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION {
+ Version: ULONG,
+ Flags: QUERY_PERFORMANCE_COUNTER_FLAGS,
+ ValidFlags: QUERY_PERFORMANCE_COUNTER_FLAGS,
+}}
+pub type PSYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION =
+ *mut SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION;
+ENUM!{enum SYSTEM_PIXEL_FORMAT {
+ SystemPixelFormatUnknown = 0,
+ SystemPixelFormatR8G8B8 = 1,
+ SystemPixelFormatR8G8B8X8 = 2,
+ SystemPixelFormatB8G8R8 = 3,
+ SystemPixelFormatB8G8R8X8 = 4,
+}}
+STRUCT!{struct SYSTEM_BOOT_GRAPHICS_INFORMATION {
+ FrameBuffer: LARGE_INTEGER,
+ Width: ULONG,
+ Height: ULONG,
+ PixelStride: ULONG,
+ Flags: ULONG,
+ Format: SYSTEM_PIXEL_FORMAT,
+ DisplayRotation: ULONG,
+}}
+pub type PSYSTEM_BOOT_GRAPHICS_INFORMATION = *mut SYSTEM_BOOT_GRAPHICS_INFORMATION;
+STRUCT!{struct MEMORY_SCRUB_INFORMATION {
+ Handle: HANDLE,
+ PagesScrubbed: ULONG,
+}}
+pub type PMEMORY_SCRUB_INFORMATION = *mut MEMORY_SCRUB_INFORMATION;
+STRUCT!{struct PEBS_DS_SAVE_AREA {
+ BtsBufferBase: ULONGLONG,
+ BtsIndex: ULONGLONG,
+ BtsAbsoluteMaximum: ULONGLONG,
+ BtsInterruptThreshold: ULONGLONG,
+ PebsBufferBase: ULONGLONG,
+ PebsIndex: ULONGLONG,
+ PebsAbsoluteMaximum: ULONGLONG,
+ PebsInterruptThreshold: ULONGLONG,
+ PebsCounterReset0: ULONGLONG,
+ PebsCounterReset1: ULONGLONG,
+ PebsCounterReset2: ULONGLONG,
+ PebsCounterReset3: ULONGLONG,
+}}
+pub type PPEBS_DS_SAVE_AREA = *mut PEBS_DS_SAVE_AREA;
+STRUCT!{struct PROCESSOR_PROFILE_CONTROL_AREA {
+ PebsDsSaveArea: PEBS_DS_SAVE_AREA,
+}}
+pub type PPROCESSOR_PROFILE_CONTROL_AREA = *mut PROCESSOR_PROFILE_CONTROL_AREA;
+STRUCT!{struct SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA {
+ ProcessorProfileControlArea: PROCESSOR_PROFILE_CONTROL_AREA,
+ Allocate: BOOLEAN,
+}}
+pub type PSYSTEM_PROCESSOR_PROFILE_CONTROL_AREA = *mut SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA;
+STRUCT!{struct MEMORY_COMBINE_INFORMATION {
+ Handle: HANDLE,
+ PagesCombined: ULONG_PTR,
+}}
+pub type PMEMORY_COMBINE_INFORMATION = *mut MEMORY_COMBINE_INFORMATION;
+pub const MEMORY_COMBINE_FLAGS_COMMON_PAGES_ONLY: ULONG = 0x4;
+STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX {
+ Handle: HANDLE,
+ PagesCombined: ULONG_PTR,
+ Flags: ULONG,
+}}
+pub type PMEMORY_COMBINE_INFORMATION_EX = *mut MEMORY_COMBINE_INFORMATION_EX;
+STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX2 {
+ Handle: HANDLE,
+ PagesCombined: ULONG_PTR,
+ Flags: ULONG,
+ ProcessHandle: HANDLE,
+}}
+pub type PMEMORY_COMBINE_INFORMATION_EX2 = *mut MEMORY_COMBINE_INFORMATION_EX2;
+STRUCT!{struct SYSTEM_CONSOLE_INFORMATION {
+ Bitfields: ULONG,
+}}
+BITFIELD!{SYSTEM_CONSOLE_INFORMATION Bitfields: ULONG [
+ DriverLoaded set_DriverLoaded[0..1],
+ Spare set_Spare[1..32],
+]}
+pub type PSYSTEM_CONSOLE_INFORMATION = *mut SYSTEM_CONSOLE_INFORMATION;
+STRUCT!{struct SYSTEM_PLATFORM_BINARY_INFORMATION {
+ PhysicalAddress: ULONG64,
+ HandoffBuffer: PVOID,
+ CommandLineBuffer: PVOID,
+ HandoffBufferSize: ULONG,
+ CommandLineBufferSize: ULONG,
+}}
+pub type PSYSTEM_PLATFORM_BINARY_INFORMATION = *mut SYSTEM_PLATFORM_BINARY_INFORMATION;
+STRUCT!{struct SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION {
+ NumberOfLogicalProcessors: ULONG,
+ NumberOfCores: ULONG,
+}}
+pub type PSYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION =
+ *mut SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION;
+STRUCT!{struct SYSTEM_DEVICE_DATA_INFORMATION {
+ DeviceId: UNICODE_STRING,
+ DataName: UNICODE_STRING,
+ DataType: ULONG,
+ DataBufferLength: ULONG,
+ DataBuffer: PVOID,
+}}
+pub type PSYSTEM_DEVICE_DATA_INFORMATION = *mut SYSTEM_DEVICE_DATA_INFORMATION;
+STRUCT!{struct PHYSICAL_CHANNEL_RUN {
+ NodeNumber: ULONG,
+ ChannelNumber: ULONG,
+ BasePage: ULONGLONG,
+ PageCount: ULONGLONG,
+ Flags: ULONG,
+}}
+pub type PPHYSICAL_CHANNEL_RUN = *mut PHYSICAL_CHANNEL_RUN;
+STRUCT!{struct SYSTEM_MEMORY_TOPOLOGY_INFORMATION {
+ NumberOfRuns: ULONGLONG,
+ NumberOfNodes: ULONG,
+ NumberOfChannels: ULONG,
+ Run: [PHYSICAL_CHANNEL_RUN; 1],
+}}
+pub type PSYSTEM_MEMORY_TOPOLOGY_INFORMATION = *mut SYSTEM_MEMORY_TOPOLOGY_INFORMATION;
+STRUCT!{struct SYSTEM_MEMORY_CHANNEL_INFORMATION {
+ ChannelNumber: ULONG,
+ ChannelHeatIndex: ULONG,
+ TotalPageCount: ULONGLONG,
+ ZeroPageCount: ULONGLONG,
+ FreePageCount: ULONGLONG,
+ StandbyPageCount: ULONGLONG,
+}}
+pub type PSYSTEM_MEMORY_CHANNEL_INFORMATION = *mut SYSTEM_MEMORY_CHANNEL_INFORMATION;
+STRUCT!{struct SYSTEM_BOOT_LOGO_INFORMATION {
+ Flags: ULONG,
+ BitmapOffset: ULONG,
+}}
+pub type PSYSTEM_BOOT_LOGO_INFORMATION = *mut SYSTEM_BOOT_LOGO_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX {
+ IdleTime: LARGE_INTEGER,
+ KernelTime: LARGE_INTEGER,
+ UserTime: LARGE_INTEGER,
+ DpcTime: LARGE_INTEGER,
+ InterruptTime: LARGE_INTEGER,
+ InterruptCount: ULONG,
+ Spare0: ULONG,
+ AvailableTime: LARGE_INTEGER,
+ Spare1: LARGE_INTEGER,
+ Spare2: LARGE_INTEGER,
+}}
+pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX =
+ *mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX;
+STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_INFORMATION {
+ PolicyPublisher: GUID,
+ PolicyVersion: ULONG,
+ PolicyOptions: ULONG,
+}}
+pub type PSYSTEM_SECUREBOOT_POLICY_INFORMATION = *mut SYSTEM_SECUREBOOT_POLICY_INFORMATION;
+STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION_EX {
+ Info: SYSTEM_PAGEFILE_INFORMATION,
+ MinimumSize: ULONG,
+ MaximumSize: ULONG,
+}}
+pub type PSYSTEM_PAGEFILE_INFORMATION_EX = *mut SYSTEM_PAGEFILE_INFORMATION_EX;
+STRUCT!{struct SYSTEM_SECUREBOOT_INFORMATION {
+ SecureBootEnabled: BOOLEAN,
+ SecureBootCapable: BOOLEAN,
+}}
+pub type PSYSTEM_SECUREBOOT_INFORMATION = *mut SYSTEM_SECUREBOOT_INFORMATION;
+STRUCT!{struct PROCESS_DISK_COUNTERS {
+ BytesRead: ULONGLONG,
+ BytesWritten: ULONGLONG,
+ ReadOperationCount: ULONGLONG,
+ WriteOperationCount: ULONGLONG,
+ FlushOperationCount: ULONGLONG,
+}}
+pub type PPROCESS_DISK_COUNTERS = *mut PROCESS_DISK_COUNTERS;
+UNION!{union ENERGY_STATE_DURATION_u {
+ Value: ULONGLONG,
+ LastChangeTime: ULONG,
+}}
+UNION!{union ENERGY_STATE_DURATION {
+ u: ENERGY_STATE_DURATION_u,
+ BitFields: ULONG,
+}}
+pub type PENERGY_STATE_DURATION = *mut ENERGY_STATE_DURATION;
+BITFIELD!{unsafe ENERGY_STATE_DURATION BitFields: ULONG [
+ Duration set_Duration[0..31],
+ IsInState set_IsInState[31..32],
+]}
+STRUCT!{struct PROCESS_ENERGY_VALUES {
+ Cycles: [[ULONGLONG; 4]; 2],
+ DiskEnergy: ULONGLONG,
+ NetworkTailEnergy: ULONGLONG,
+ MBBTailEnergy: ULONGLONG,
+ NetworkTxRxBytes: ULONGLONG,
+ MBBTxRxBytes: ULONGLONG,
+ ForegroundDuration: ENERGY_STATE_DURATION,
+ DesktopVisibleDuration: ENERGY_STATE_DURATION,
+ PSMForegroundDuration: ENERGY_STATE_DURATION,
+ CompositionRendered: ULONG,
+ CompositionDirtyGenerated: ULONG,
+ CompositionDirtyPropagated: ULONG,
+ Reserved1: ULONG,
+ AttributedCycles: [[ULONGLONG; 2]; 4],
+ WorkOnBehalfCycles: [[ULONGLONG; 2]; 4],
+}}
+pub type PPROCESS_ENERGY_VALUES = *mut PROCESS_ENERGY_VALUES;
+STRUCT!{struct TIMELINE_BITMAP {
+ Value: ULONGLONG,
+ EndTime: ULONG,
+ Bitmap: ULONG,
+}}
+pub type PTIMELINE_BITMAP = *mut TIMELINE_BITMAP;
+STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Timelines {
+ CpuTimeline: TIMELINE_BITMAP,
+ DiskTimeline: TIMELINE_BITMAP,
+ NetworkTimeline: TIMELINE_BITMAP,
+ MBBTimeline: TIMELINE_BITMAP,
+ ForegroundTimeline: TIMELINE_BITMAP,
+ DesktopVisibleTimeline: TIMELINE_BITMAP,
+ CompositionRenderedTimeline: TIMELINE_BITMAP,
+ CompositionDirtyGeneratedTimeline: TIMELINE_BITMAP,
+ CompositionDirtyPropagatedTimeline: TIMELINE_BITMAP,
+ InputTimeline: TIMELINE_BITMAP,
+ AudioInTimeline: TIMELINE_BITMAP,
+ AudioOutTimeline: TIMELINE_BITMAP,
+ DisplayRequiredTimeline: TIMELINE_BITMAP,
+ KeyboardInputTimeline: TIMELINE_BITMAP,
+}}
+STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Durations {
+ InputDuration: ENERGY_STATE_DURATION,
+ AudioInDuration: ENERGY_STATE_DURATION,
+ AudioOutDuration: ENERGY_STATE_DURATION,
+ DisplayRequiredDuration: ENERGY_STATE_DURATION,
+ PSMBackgroundDuration: ENERGY_STATE_DURATION,
+}}
+STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION {
+ Timelines: PROCESS_ENERGY_VALUES_EXTENSION_Timelines,
+ Durations: PROCESS_ENERGY_VALUES_EXTENSION_Durations,
+ KeyboardInput: ULONG,
+ MouseInput: ULONG,
+}}
+pub type PPROCESS_ENERGY_VALUES_EXTENSION = *mut PROCESS_ENERGY_VALUES_EXTENSION;
+STRUCT!{struct PROCESS_EXTENDED_ENERGY_VALUES {
+ Base: PROCESS_ENERGY_VALUES,
+ Extension: PROCESS_ENERGY_VALUES_EXTENSION,
+}}
+pub type PPROCESS_EXTENDED_ENERGY_VALUES = *mut PROCESS_EXTENDED_ENERGY_VALUES;
+ENUM!{enum SYSTEM_PROCESS_CLASSIFICATION {
+ SystemProcessClassificationNormal = 0,
+ SystemProcessClassificationSystem = 1,
+ SystemProcessClassificationSecureSystem = 2,
+ SystemProcessClassificationMemCompression = 3,
+ SystemProcessClassificationRegistry = 4,
+ SystemProcessClassificationMaximum = 5,
+}}
+STRUCT!{struct SYSTEM_PROCESS_INFORMATION_EXTENSION {
+ DiskCounters: PROCESS_DISK_COUNTERS,
+ ContextSwitches: ULONGLONG,
+ Flags: ULONG,
+ UserSidOffset: ULONG,
+ PackageFullNameOffset: ULONG,
+ EnergyValues: PROCESS_ENERGY_VALUES,
+ AppIdOffset: ULONG,
+ SharedCommitCharge: SIZE_T,
+ JobObjectId: ULONG,
+ SpareUlong: ULONG,
+ ProcessSequenceNumber: ULONGLONG,
+}}
+BITFIELD!{SYSTEM_PROCESS_INFORMATION_EXTENSION Flags: ULONG [
+ HasStrongId set_HasStrongId[0..1],
+ Classification set_Classification[1..5],
+ BackgroundActivityModerated set_BackgroundActivityModerated[5..6],
+ Spare set_Spare[6..32],
+]}
+pub type PSYSTEM_PROCESS_INFORMATION_EXTENSION = *mut SYSTEM_PROCESS_INFORMATION_EXTENSION;
+STRUCT!{struct SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION {
+ EfiLauncherEnabled: BOOLEAN,
+}}
+pub type PSYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION =
+ *mut SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION;
+STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX {
+ DebuggerAllowed: BOOLEAN,
+ DebuggerEnabled: BOOLEAN,
+ DebuggerPresent: BOOLEAN,
+}}
+pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION_EX = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX;
+STRUCT!{struct SYSTEM_ELAM_CERTIFICATE_INFORMATION {
+ ElamDriverFile: HANDLE,
+}}
+pub type PSYSTEM_ELAM_CERTIFICATE_INFORMATION = *mut SYSTEM_ELAM_CERTIFICATE_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_FEATURES_INFORMATION {
+ ProcessorFeatureBits: ULONGLONG,
+ Reserved: [ULONGLONG; 3],
+}}
+pub type PSYSTEM_PROCESSOR_FEATURES_INFORMATION = *mut SYSTEM_PROCESSOR_FEATURES_INFORMATION;
+STRUCT!{struct SYSTEM_MANUFACTURING_INFORMATION {
+ Options: ULONG,
+ ProfileName: UNICODE_STRING,
+}}
+pub type PSYSTEM_MANUFACTURING_INFORMATION = *mut SYSTEM_MANUFACTURING_INFORMATION;
+STRUCT!{struct SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION {
+ Enabled: BOOLEAN,
+}}
+pub type PSYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION =
+ *mut SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION;
+STRUCT!{struct HV_DETAILS {
+ Data: [ULONG; 4],
+}}
+pub type PHV_DETAILS = *mut HV_DETAILS;
+STRUCT!{struct SYSTEM_HYPERVISOR_DETAIL_INFORMATION {
+ HvVendorAndMaxFunction: HV_DETAILS,
+ HypervisorInterface: HV_DETAILS,
+ HypervisorVersion: HV_DETAILS,
+ HvFeatures: HV_DETAILS,
+ HwFeatures: HV_DETAILS,
+ EnlightenmentInfo: HV_DETAILS,
+ ImplementationLimits: HV_DETAILS,
+}}
+pub type PSYSTEM_HYPERVISOR_DETAIL_INFORMATION = *mut SYSTEM_HYPERVISOR_DETAIL_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION {
+ Cycles: [[ULONGLONG; 4]; 2],
+}}
+pub type PSYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION = *mut SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION;
+STRUCT!{struct SYSTEM_TPM_INFORMATION {
+ Flags: ULONG,
+}}
+pub type PSYSTEM_TPM_INFORMATION = *mut SYSTEM_TPM_INFORMATION;
+STRUCT!{struct SYSTEM_VSM_PROTECTION_INFORMATION {
+ DmaProtectionsAvailable: BOOLEAN,
+ DmaProtectionsInUse: BOOLEAN,
+ HardwareMbecAvailable: BOOLEAN,
+}}
+pub type PSYSTEM_VSM_PROTECTION_INFORMATION = *mut SYSTEM_VSM_PROTECTION_INFORMATION;
+STRUCT!{struct SYSTEM_CODEINTEGRITYPOLICY_INFORMATION {
+ Options: ULONG,
+ HVCIOptions: ULONG,
+ Version: ULONGLONG,
+ PolicyGuid: GUID,
+}}
+pub type PSYSTEM_CODEINTEGRITYPOLICY_INFORMATION = *mut SYSTEM_CODEINTEGRITYPOLICY_INFORMATION;
+STRUCT!{struct SYSTEM_ISOLATED_USER_MODE_INFORMATION {
+ Bitfields1: BOOLEAN,
+ Bitfields2: BOOLEAN,
+ Spare0: [BOOLEAN; 6],
+ Spare1: ULONGLONG,
+}}
+BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields1: BOOLEAN [
+ SecureKernelRunning set_SecureKernelRunning[0..1],
+ HvciEnabled set_HvciEnabled[1..2],
+ HvciStrictMode set_HvciStrictMode[2..3],
+ DebugEnabled set_DebugEnabled[3..4],
+ FirmwarePageProtection set_FirmwarePageProtection[4..5],
+ EncryptionKeyAvailable set_EncryptionKeyAvailable[5..6],
+ SpareFlags set_SpareFlags[6..7],
+ TrustletRunning set_TrustletRunning[7..8],
+]}
+BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields2: BOOLEAN [
+ SpareFlags2 set_SpareFlags2[0..1],
+]}
+pub type PSYSTEM_ISOLATED_USER_MODE_INFORMATION = *mut SYSTEM_ISOLATED_USER_MODE_INFORMATION;
+STRUCT!{struct SYSTEM_SINGLE_MODULE_INFORMATION {
+ TargetModuleAddress: PVOID,
+ ExInfo: RTL_PROCESS_MODULE_INFORMATION_EX,
+}}
+pub type PSYSTEM_SINGLE_MODULE_INFORMATION = *mut SYSTEM_SINGLE_MODULE_INFORMATION;
+STRUCT!{struct SYSTEM_INTERRUPT_CPU_SET_INFORMATION {
+ Gsiv: ULONG,
+ Group: USHORT,
+ CpuSets: ULONGLONG,
+}}
+pub type PSYSTEM_INTERRUPT_CPU_SET_INFORMATION = *mut SYSTEM_INTERRUPT_CPU_SET_INFORMATION;
+STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION {
+ PolicyInformation: SYSTEM_SECUREBOOT_POLICY_INFORMATION,
+ PolicySize: ULONG,
+ Policy: [UCHAR; 1],
+}}
+pub type PSYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION =
+ *mut SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION;
+STRUCT!{struct SYSTEM_ROOT_SILO_INFORMATION {
+ NumberOfSilos: ULONG,
+ SiloIdList: [ULONG; 1],
+}}
+pub type PSYSTEM_ROOT_SILO_INFORMATION = *mut SYSTEM_ROOT_SILO_INFORMATION;
+STRUCT!{struct SYSTEM_CPU_SET_TAG_INFORMATION {
+ Tag: ULONGLONG,
+ CpuSets: [ULONGLONG; 1],
+}}
+pub type PSYSTEM_CPU_SET_TAG_INFORMATION = *mut SYSTEM_CPU_SET_TAG_INFORMATION;
+STRUCT!{struct SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION {
+ ExtentCount: ULONG,
+ ValidStructureSize: ULONG,
+ NextExtentIndex: ULONG,
+ ExtentRestart: ULONG,
+ CycleCount: ULONG,
+ TimeoutCount: ULONG,
+ CycleTime: ULONGLONG,
+ CycleTimeMax: ULONGLONG,
+ ExtentTime: ULONGLONG,
+ ExtentTimeIndex: ULONG,
+ ExtentTimeMaxIndex: ULONG,
+ ExtentTimeMax: ULONGLONG,
+ HyperFlushTimeMax: ULONGLONG,
+ TranslateVaTimeMax: ULONGLONG,
+ DebugExemptionCount: ULONGLONG,
+ TbHitCount: ULONGLONG,
+ TbMissCount: ULONGLONG,
+ VinaPendingYield: ULONGLONG,
+ HashCycles: ULONGLONG,
+ HistogramOffset: ULONG,
+ HistogramBuckets: ULONG,
+ HistogramShift: ULONG,
+ Reserved1: ULONG,
+ PageNotPresentCount: ULONGLONG,
+}}
+pub type PSYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION =
+ *mut SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION;
+STRUCT!{struct SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION {
+ PlatformManifestSize: ULONG,
+ PlatformManifest: [UCHAR; 1],
+}}
+pub type PSYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION =
+ *mut SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION;
+STRUCT!{struct SYSTEM_MEMORY_USAGE_INFORMATION {
+ TotalPhysicalBytes: ULONGLONG,
+ AvailableBytes: ULONGLONG,
+ ResidentAvailableBytes: LONGLONG,
+ CommittedBytes: ULONGLONG,
+ SharedCommittedBytes: ULONGLONG,
+ CommitLimitBytes: ULONGLONG,
+ PeakCommitmentBytes: ULONGLONG,
+}}
+pub type PSYSTEM_MEMORY_USAGE_INFORMATION = *mut SYSTEM_MEMORY_USAGE_INFORMATION;
+STRUCT!{struct SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION {
+ ImageFile: HANDLE,
+ Type: ULONG,
+}}
+pub type PSYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION =
+ *mut SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION;
+STRUCT!{struct SYSTEM_PHYSICAL_MEMORY_INFORMATION {
+ TotalPhysicalBytes: ULONGLONG,
+ LowestPhysicalAddress: ULONGLONG,
+ HighestPhysicalAddress: ULONGLONG,
+}}
+pub type PSYSTEM_PHYSICAL_MEMORY_INFORMATION = *mut SYSTEM_PHYSICAL_MEMORY_INFORMATION;
+ENUM!{enum SYSTEM_ACTIVITY_MODERATION_STATE {
+ SystemActivityModerationStateSystemManaged = 0,
+ SystemActivityModerationStateUserManagedAllowThrottling = 1,
+ SystemActivityModerationStateUserManagedDisableThrottling = 2,
+ MaxSystemActivityModerationState = 3,
+}}
+ENUM!{enum SYSTEM_ACTIVITY_MODERATION_APP_TYPE {
+ SystemActivityModerationAppTypeClassic = 0,
+ SystemActivityModerationAppTypePackaged = 1,
+ MaxSystemActivityModerationAppType = 2,
+}}
+STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_INFO {
+ Identifier: UNICODE_STRING,
+ ModerationState: SYSTEM_ACTIVITY_MODERATION_STATE,
+ AppType: SYSTEM_ACTIVITY_MODERATION_APP_TYPE,
+}}
+pub type PSYSTEM_ACTIVITY_MODERATION_INFO = *mut SYSTEM_ACTIVITY_MODERATION_INFO;
+STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS {
+ UserKeyHandle: HANDLE,
+}}
+pub type PSYSTEM_ACTIVITY_MODERATION_USER_SETTINGS = *mut SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS;
+STRUCT!{struct SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION {
+ Flags: ULONG,
+ UnlockId: [UCHAR; 32],
+}}
+BITFIELD!{SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION Flags: ULONG [
+ Locked set_Locked[0..1],
+ Unlockable set_Unlockable[1..2],
+ UnlockApplied set_UnlockApplied[2..3],
+ UnlockIdValid set_UnlockIdValid[3..4],
+ Reserved set_Reserved[4..32],
+]}
+pub type PSYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION = *mut SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION;
+STRUCT!{struct SYSTEM_FLUSH_INFORMATION {
+ SupportedFlushMethods: ULONG,
+ ProcessorCacheFlushSize: ULONG,
+ SystemFlushCapabilities: ULONGLONG,
+ Reserved: [ULONGLONG; 2],
+}}
+pub type PSYSTEM_FLUSH_INFORMATION = *mut SYSTEM_FLUSH_INFORMATION;
+STRUCT!{struct SYSTEM_WRITE_CONSTRAINT_INFORMATION {
+ WriteConstraintPolicy: ULONG,
+ Reserved: ULONG,
+}}
+pub type PSYSTEM_WRITE_CONSTRAINT_INFORMATION = *mut SYSTEM_WRITE_CONSTRAINT_INFORMATION;
+STRUCT!{struct SYSTEM_KERNEL_VA_SHADOW_INFORMATION {
+ Flags: ULONG,
+}}
+BITFIELD!{SYSTEM_KERNEL_VA_SHADOW_INFORMATION Flags: ULONG [
+ KvaShadowEnabled set_KvaShadowEnabled[0..1],
+ KvaShadowUserGlobal set_KvaShadowUserGlobal[1..2],
+ KvaShadowPcid set_KvaShadowPcid[2..3],
+ KvaShadowInvpcid set_KvaShadowInvpcid[3..4],
+ KvaShadowRequired set_KvaShadowRequired[4..5],
+ KvaShadowRequiredAvailable set_KvaShadowRequiredAvailable[5..6],
+ InvalidPteBit set_InvalidPteBit[6..12],
+ L1DataCacheFlushSupported set_L1DataCacheFlushSupported[12..13],
+ L1TerminalFaultMitigationPresent set_L1TerminalFaultMitigationPresent[13..14],
+ Reserved set_Reserved[14..32],
+]}
+pub type PSYSTEM_KERNEL_VA_SHADOW_INFORMATION = *mut SYSTEM_KERNEL_VA_SHADOW_INFORMATION;
+STRUCT!{struct SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION {
+ FileHandle: HANDLE,
+ ImageSize: ULONG,
+ Image: PVOID,
+}}
+pub type PSYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION =
+ *mut SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION;
+STRUCT!{struct SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION {
+ HypervisorSharedUserVa: PVOID,
+}}
+pub type PSYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION =
+ *mut SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION;
+STRUCT!{struct SYSTEM_SPECULATION_CONTROL_INFORMATION {
+ Flags: ULONG,
+}}
+BITFIELD!{SYSTEM_SPECULATION_CONTROL_INFORMATION Flags: ULONG [
+ BpbEnabled set_BpbEnabled[0..1],
+ BpbDisabledSystemPolicy set_BpbDisabledSystemPolicy[1..2],
+ BpbDisabledNoHardwareSupport set_BpbDisabledNoHardwareSupport[2..3],
+ SpecCtrlEnumerated set_SpecCtrlEnumerated[3..4],
+ SpecCmdEnumerated set_SpecCmdEnumerated[4..5],
+ IbrsPresent set_IbrsPresent[5..6],
+ StibpPresent set_StibpPresent[6..7],
+ SmepPresent set_SmepPresent[7..8],
+ SpeculativeStoreBypassDisableAvailable set_SpeculativeStoreBypassDisableAvailable[8..9],
+ SpeculativeStoreBypassDisableSupported set_SpeculativeStoreBypassDisableSupported[9..10],
+ SpeculativeStoreBypassDisabledSystemWide set_SpeculativeStoreBypassDisabledSystemWide[10..11],
+ SpeculativeStoreBypassDisabledKernel set_SpeculativeStoreBypassDisabledKernel[11..12],
+ SpeculativeStoreBypassDisableRequired set_SpeculativeStoreBypassDisableRequired[12..13],
+ BpbDisabledKernelToUser set_BpbDisabledKernelToUser[13..14],
+ SpecCtrlRetpolineEnabled set_SpecCtrlRetpolineEnabled[14..15],
+ SpecCtrlImportOptimizationEnabled set_SpecCtrlImportOptimizationEnabled[15..16],
+ Reserved set_Reserved[16..32],
+]}
+pub type PSYSTEM_SPECULATION_CONTROL_INFORMATION = *mut SYSTEM_SPECULATION_CONTROL_INFORMATION;
+STRUCT!{struct SYSTEM_DMA_GUARD_POLICY_INFORMATION {
+ DmaGuardPolicyEnabled: BOOLEAN,
+}}
+pub type PSYSTEM_DMA_GUARD_POLICY_INFORMATION = *mut SYSTEM_DMA_GUARD_POLICY_INFORMATION;
+STRUCT!{struct SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION {
+ EnclaveLaunchSigner: [UCHAR; 32],
+}}
+pub type PSYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION =
+ *mut SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION;
+STRUCT!{struct SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION {
+ WorkloadClass: ULONGLONG,
+ CpuSets: [ULONGLONG; 1],
+}}
+pub type PSYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION =
+ *mut SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtQuerySystemInformation(
+ SystemInformationClass: SYSTEM_INFORMATION_CLASS,
+ SystemInformation: PVOID,
+ SystemInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtQuerySystemInformationEx(
+ SystemInformationClass: SYSTEM_INFORMATION_CLASS,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ SystemInformation: PVOID,
+ SystemInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetSystemInformation(
+ SystemInformationClass: SYSTEM_INFORMATION_CLASS,
+ SystemInformation: PVOID,
+ SystemInformationLength: ULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum SYSDBG_COMMAND {
+ SysDbgQueryModuleInformation = 0,
+ SysDbgQueryTraceInformation = 1,
+ SysDbgSetTracepoint = 2,
+ SysDbgSetSpecialCall = 3,
+ SysDbgClearSpecialCalls = 4,
+ SysDbgQuerySpecialCalls = 5,
+ SysDbgBreakPoint = 6,
+ SysDbgQueryVersion = 7,
+ SysDbgReadVirtual = 8,
+ SysDbgWriteVirtual = 9,
+ SysDbgReadPhysical = 10,
+ SysDbgWritePhysical = 11,
+ SysDbgReadControlSpace = 12,
+ SysDbgWriteControlSpace = 13,
+ SysDbgReadIoSpace = 14,
+ SysDbgWriteIoSpace = 15,
+ SysDbgReadMsr = 16,
+ SysDbgWriteMsr = 17,
+ SysDbgReadBusData = 18,
+ SysDbgWriteBusData = 19,
+ SysDbgCheckLowMemory = 20,
+ SysDbgEnableKernelDebugger = 21,
+ SysDbgDisableKernelDebugger = 22,
+ SysDbgGetAutoKdEnable = 23,
+ SysDbgSetAutoKdEnable = 24,
+ SysDbgGetPrintBufferSize = 25,
+ SysDbgSetPrintBufferSize = 26,
+ SysDbgGetKdUmExceptionEnable = 27,
+ SysDbgSetKdUmExceptionEnable = 28,
+ SysDbgGetTriageDump = 29,
+ SysDbgGetKdBlockEnable = 30,
+ SysDbgSetKdBlockEnable = 31,
+ SysDbgRegisterForUmBreakInfo = 32,
+ SysDbgGetUmBreakPid = 33,
+ SysDbgClearUmBreakPid = 34,
+ SysDbgGetUmAttachPid = 35,
+ SysDbgClearUmAttachPid = 36,
+ SysDbgGetLiveKernelDump = 37,
+}}
+pub type PSYSDBG_COMMAND = *mut SYSDBG_COMMAND;
+STRUCT!{struct SYSDBG_VIRTUAL {
+ Address: PVOID,
+ Buffer: PVOID,
+ Request: ULONG,
+}}
+pub type PSYSDBG_VIRTUAL = *mut SYSDBG_VIRTUAL;
+STRUCT!{struct SYSDBG_PHYSICAL {
+ Address: PHYSICAL_ADDRESS,
+ Buffer: PVOID,
+ Request: ULONG,
+}}
+pub type PSYSDBG_PHYSICAL = *mut SYSDBG_PHYSICAL;
+STRUCT!{struct SYSDBG_CONTROL_SPACE {
+ Address: ULONG64,
+ Buffer: PVOID,
+ Request: ULONG,
+ Processor: ULONG,
+}}
+pub type PSYSDBG_CONTROL_SPACE = *mut SYSDBG_CONTROL_SPACE;
+STRUCT!{struct SYSDBG_IO_SPACE {
+ Address: ULONG64,
+ Buffer: PVOID,
+ Request: ULONG,
+ InterfaceType: INTERFACE_TYPE,
+ BusNumber: ULONG,
+ AddressSpace: ULONG,
+}}
+pub type PSYSDBG_IO_SPACE = *mut SYSDBG_IO_SPACE;
+STRUCT!{struct SYSDBG_MSR {
+ Msr: ULONG,
+ Data: ULONG64,
+}}
+pub type PSYSDBG_MSR = *mut SYSDBG_MSR;
+STRUCT!{struct SYSDBG_BUS_DATA {
+ Address: ULONG,
+ Buffer: PVOID,
+ Request: ULONG,
+ BusDataType: BUS_DATA_TYPE,
+ BusNumber: ULONG,
+ SlotNumber: ULONG,
+}}
+pub type PSYSDBG_BUS_DATA = *mut SYSDBG_BUS_DATA;
+STRUCT!{struct SYSDBG_TRIAGE_DUMP {
+ Flags: ULONG,
+ BugCheckCode: ULONG,
+ BugCheckParam1: ULONG_PTR,
+ BugCheckParam2: ULONG_PTR,
+ BugCheckParam3: ULONG_PTR,
+ BugCheckParam4: ULONG_PTR,
+ ProcessHandles: ULONG,
+ ThreadHandles: ULONG,
+ Handles: PHANDLE,
+}}
+pub type PSYSDBG_TRIAGE_DUMP = *mut SYSDBG_TRIAGE_DUMP;
+STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_FLAGS {
+ AsUlong: ULONG,
+}}
+BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_FLAGS AsUlong: ULONG [
+ UseDumpStorageStack set_UseDumpStorageStack[0..1],
+ CompressMemoryPagesData set_CompressMemoryPagesData[1..2],
+ IncludeUserSpaceMemoryPages set_IncludeUserSpaceMemoryPages[2..3],
+ AbortIfMemoryPressure set_AbortIfMemoryPressure[3..4],
+ Reserved set_Reserved[4..32],
+]}
+pub type PSYSDBG_LIVEDUMP_CONTROL_FLAGS = *mut SYSDBG_LIVEDUMP_CONTROL_FLAGS;
+STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_ADDPAGES {
+ AsUlong: ULONG,
+}}
+BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_ADDPAGES AsUlong: ULONG [
+ HypervisorPages set_HypervisorPages[0..1],
+ Reserved set_Reserved[1..32],
+]}
+pub type PSYSDBG_LIVEDUMP_CONTROL_ADDPAGES = *mut SYSDBG_LIVEDUMP_CONTROL_ADDPAGES;
+pub const SYSDBG_LIVEDUMP_CONTROL_VERSION: ULONG = 1;
+STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL {
+ Version: ULONG,
+ BugCheckCode: ULONG,
+ BugCheckParam1: ULONG_PTR,
+ BugCheckParam2: ULONG_PTR,
+ BugCheckParam3: ULONG_PTR,
+ BugCheckParam4: ULONG_PTR,
+ DumpFileHandle: HANDLE,
+ CancelEventHandle: HANDLE,
+ Flags: SYSDBG_LIVEDUMP_CONTROL_FLAGS,
+ AddPagesControl: SYSDBG_LIVEDUMP_CONTROL_ADDPAGES,
+}}
+pub type PSYSDBG_LIVEDUMP_CONTROL = *mut SYSDBG_LIVEDUMP_CONTROL;
+EXTERN!{extern "system" {
+ fn NtSystemDebugControl(
+ Command: SYSDBG_COMMAND,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ OutputBuffer: PVOID,
+ OutputBufferLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum HARDERROR_RESPONSE_OPTION {
+ OptionAbortRetryIgnore = 0,
+ OptionOk = 1,
+ OptionOkCancel = 2,
+ OptionRetryCancel = 3,
+ OptionYesNo = 4,
+ OptionYesNoCancel = 5,
+ OptionShutdownSystem = 6,
+ OptionOkNoWait = 7,
+ OptionCancelTryContinue = 8,
+}}
+ENUM!{enum HARDERROR_RESPONSE {
+ ResponseReturnToCaller = 0,
+ ResponseNotHandled = 1,
+ ResponseAbort = 2,
+ ResponseCancel = 3,
+ ResponseIgnore = 4,
+ ResponseNo = 5,
+ ResponseOk = 6,
+ ResponseRetry = 7,
+ ResponseYes = 8,
+ ResponseTryAgain = 9,
+ ResponseContinue = 10,
+}}
+pub const HARDERROR_OVERRIDE_ERRORMODE: ULONG = 0x10000000;
+EXTERN!{extern "system" {
+ fn NtRaiseHardError(
+ ErrorStatus: NTSTATUS,
+ NumberOfParameters: ULONG,
+ UnicodeStringParameterMask: ULONG,
+ Parameters: PULONG_PTR,
+ ValidResponseOptions: ULONG,
+ Response: PULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum ALTERNATIVE_ARCHITECTURE_TYPE {
+ StandardDesign = 0,
+ NEC98x86 = 1,
+ EndAlternatives = 2,
+}}
+pub const PROCESSOR_FEATURE_MAX: usize = 64;
+pub const MAX_WOW64_SHARED_ENTRIES: u32 = 16;
+pub const NX_SUPPORT_POLICY_ALWAYSOFF: u32 = 0;
+pub const NX_SUPPORT_POLICY_ALWAYSON: u32 = 1;
+pub const NX_SUPPORT_POLICY_OPTIN: u32 = 2;
+pub const NX_SUPPORT_POLICY_OPTOUT: u32 = 3;
+UNION!{union KUSER_SHARED_DATA_u {
+ TickCount: KSYSTEM_TIME,
+ TickCountQuad: ULONG64,
+ ReservedTickCountOverlay: [ULONG; 3],
+}}
+STRUCT!{#[repr(packed(4))] struct KUSER_SHARED_DATA {
+ TickCountLowDeprecated: ULONG,
+ TickCountMultiplier: ULONG,
+ InterruptTime: KSYSTEM_TIME,
+ SystemTime: KSYSTEM_TIME,
+ TimeZoneBias: KSYSTEM_TIME,
+ ImageNumberLow: USHORT,
+ ImageNumberHigh: USHORT,
+ NtSystemRoot: [WCHAR; 260],
+ MaxStackTraceDepth: ULONG,
+ CryptoExponent: ULONG,
+ TimeZoneId: ULONG,
+ LargePageMinimum: ULONG,
+ AitSamplingValue: ULONG,
+ AppCompatFlag: ULONG,
+ RNGSeedVersion: ULONGLONG,
+ GlobalValidationRunlevel: ULONG,
+ TimeZoneBiasStamp: LONG,
+ NtBuildNumber: ULONG,
+ NtProductType: NT_PRODUCT_TYPE,
+ ProductTypeIsValid: BOOLEAN,
+ Reserved0: [UCHAR; 1],
+ NativeProcessorArchitecture: USHORT,
+ NtMajorVersion: ULONG,
+ NtMinorVersion: ULONG,
+ ProcessorFeatures: [BOOLEAN; PROCESSOR_FEATURE_MAX],
+ Reserved1: ULONG,
+ Reserved3: ULONG,
+ TimeSlip: ULONG,
+ AlternativeArchitecture: ALTERNATIVE_ARCHITECTURE_TYPE,
+ BootId: ULONG,
+ SystemExpirationDate: LARGE_INTEGER,
+ SuiteMask: ULONG,
+ KdDebuggerEnabled: BOOLEAN,
+ MitigationPolicies: UCHAR,
+ Reserved6: [UCHAR; 2],
+ ActiveConsoleId: ULONG,
+ DismountCount: ULONG,
+ ComPlusPackage: ULONG,
+ LastSystemRITEventTickCount: ULONG,
+ NumberOfPhysicalPages: ULONG,
+ SafeBootMode: BOOLEAN,
+ VirtualizationFlags: UCHAR,
+ Reserved12: [UCHAR; 2],
+ SharedDataFlags: ULONG,
+ DataFlagsPad: [ULONG; 1],
+ TestRetInstruction: ULONGLONG,
+ QpcFrequency: LONGLONG,
+ SystemCall: ULONG,
+ SystemCallPad0: ULONG,
+ SystemCallPad: [ULONGLONG; 2],
+ u: KUSER_SHARED_DATA_u,
+ //TickCountPad: [ULONG; 1],
+ Cookie: ULONG,
+ CookiePad: [ULONG; 1],
+ ConsoleSessionForegroundProcessId: LONGLONG,
+ TimeUpdateLock: ULONGLONG,
+ BaselineSystemTimeQpc: ULONGLONG,
+ BaselineInterruptTimeQpc: ULONGLONG,
+ QpcSystemTimeIncrement: ULONGLONG,
+ QpcInterruptTimeIncrement: ULONGLONG,
+ QpcSystemTimeIncrementShift: UCHAR,
+ QpcInterruptTimeIncrementShift: UCHAR,
+ UnparkedProcessorCount: USHORT,
+ EnclaveFeatureMask: [ULONG; 4],
+ TelemetryCoverageRound: ULONG,
+ UserModeGlobalLogger: [USHORT; 16],
+ ImageFileExecutionOptions: ULONG,
+ LangGenerationCount: ULONG,
+ Reserved4: ULONGLONG,
+ InterruptTimeBias: ULONG64,
+ QpcBias: ULONG64,
+ ActiveProcessorCount: ULONG,
+ ActiveGroupCount: UCHAR,
+ Reserved9: UCHAR,
+ QpcData: UCHAR,
+ TimeZoneBiasEffectiveStart: LARGE_INTEGER,
+ TimeZoneBiasEffectiveEnd: LARGE_INTEGER,
+ XState: XSTATE_CONFIGURATION,
+}}
+BITFIELD!{KUSER_SHARED_DATA MitigationPolicies: UCHAR [
+ NXSupportPolicy set_NXSupportPolicy[0..2],
+ SEHValidationPolicy set_SEHValidationPolicy[2..4],
+ CurDirDevicesSkippedForDlls set_CurDirDevicesSkippedForDlls[4..6],
+ Reserved set_Reserved[6..8],
+]}
+BITFIELD!{KUSER_SHARED_DATA SharedDataFlags: ULONG [
+ DbgErrorPortPresent set_DbgErrorPortPresent[0..1],
+ DbgElevationEnabled set_DbgElevationEnabled[1..2],
+ DbgVirtEnabled set_DbgVirtEnabled[2..3],
+ DbgInstallerDetectEnabled set_DbgInstallerDetectEnabled[3..4],
+ DbgLkgEnabled set_DbgLkgEnabled[4..5],
+ DbgDynProcessorEnabled set_DbgDynProcessorEnabled[5..6],
+ DbgConsoleBrokerEnabled set_DbgConsoleBrokerEnabled[6..7],
+ DbgSecureBootEnabled set_DbgSecureBootEnabled[7..8],
+ DbgMultiSessionSku set_DbgMultiSessionSku[8..9],
+ DbgMultiUsersInSessionSku set_DbgMultiUsersInSessionSku[9..10],
+ DbgStateSeparationEnabled set_DbgStateSeparationEnabled[10..11],
+ SpareBits set_SpareBits[11..32],
+]}
+BITFIELD!{KUSER_SHARED_DATA QpcData: UCHAR [
+ QpcBypassEnabled set_QpcBypassEnabled[0..1],
+ QpcShift set_QpcShift[1..2],
+]}
+pub type PKUSER_SHARED_DATA = *mut KUSER_SHARED_DATA;
+pub const USER_SHARED_DATA: *const KUSER_SHARED_DATA = 0x7ffe0000 as *const _;
+#[inline]
+pub unsafe fn NtGetTickCount64() -> ULONGLONG {
+ let mut tick_count: ULARGE_INTEGER = uninitialized();
+ #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] {
+ *tick_count.QuadPart_mut() = read_volatile(&(*USER_SHARED_DATA).u.TickCountQuad);
+ }
+ #[cfg(target_arch = "x86")] {
+ loop {
+ tick_count.s_mut().HighPart =
+ read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time) as u32;
+ tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart);
+ if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time)
+ as u32
+ {
+ break;
+ }
+ spin_loop_hint();
+ }
+ }
+ (UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24)
+ + (UInt32x32To64(
+ tick_count.s().HighPart as u32,
+ (*USER_SHARED_DATA).TickCountMultiplier,
+ ) << 8)
+}
+#[inline]
+pub unsafe fn NtGetTickCount() -> ULONG {
+ #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] {
+ ((read_volatile(&(*USER_SHARED_DATA).u.TickCountQuad)
+ * (*USER_SHARED_DATA).TickCountMultiplier as u64) >> 24) as u32
+ }
+ #[cfg(target_arch = "x86")] {
+ let mut tick_count: ULARGE_INTEGER = uninitialized();
+ loop {
+ tick_count.s_mut().HighPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time)
+ as u32;
+ tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart);
+ if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time)
+ as u32
+ {
+ break;
+ }
+ spin_loop_hint();
+ }
+ ((UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24)
+ + UInt32x32To64(
+ (tick_count.s().HighPart as u32) << 8,
+ (*USER_SHARED_DATA).TickCountMultiplier,
+ )) as u32
+ }
+}
+EXTERN!{extern "system" {
+ fn NtQueryDefaultLocale(
+ UserProfile: BOOLEAN,
+ DefaultLocaleId: PLCID,
+ ) -> NTSTATUS;
+ fn NtSetDefaultLocale(
+ UserProfile: BOOLEAN,
+ DefaultLocaleId: LCID,
+ ) -> NTSTATUS;
+ fn NtQueryInstallUILanguage(
+ InstallUILanguageId: *mut LANGID,
+ ) -> NTSTATUS;
+ fn NtFlushInstallUILanguage(
+ InstallUILanguage: LANGID,
+ SetComittedFlag: ULONG,
+ ) -> NTSTATUS;
+ fn NtQueryDefaultUILanguage(
+ DefaultUILanguageId: *mut LANGID,
+ ) -> NTSTATUS;
+ fn NtSetDefaultUILanguage(
+ DefaultUILanguageId: LANGID,
+ ) -> NTSTATUS;
+ fn NtIsUILanguageComitted() -> NTSTATUS;
+ fn NtInitializeNlsFiles(
+ BaseAddress: *mut PVOID,
+ DefaultLocaleId: PLCID,
+ DefaultCasingTableSize: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtGetNlsSectionPtr(
+ SectionType: ULONG,
+ SectionData: ULONG,
+ ContextData: PVOID,
+ SectionPointer: *mut PVOID,
+ SectionSize: PULONG,
+ ) -> NTSTATUS;
+ fn NtMapCMFModule(
+ What: ULONG,
+ Index: ULONG,
+ CacheIndexOut: PULONG,
+ CacheFlagsOut: PULONG,
+ ViewSizeOut: PULONG,
+ BaseAddress: *mut PVOID,
+ ) -> NTSTATUS;
+ fn NtGetMUIRegistryInfo(
+ Flags: ULONG,
+ DataSize: PULONG,
+ Data: PVOID,
+ ) -> NTSTATUS;
+ fn NtAddAtom(
+ AtomName: PWSTR,
+ Length: ULONG,
+ Atom: PRTL_ATOM,
+ ) -> NTSTATUS;
+}}
+pub const ATOM_FLAG_GLOBAL: ULONG = 0x2;
+EXTERN!{extern "system" {
+ fn NtAddAtomEx(
+ AtomName: PWSTR,
+ Length: ULONG,
+ Atom: PRTL_ATOM,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtFindAtom(
+ AtomName: PWSTR,
+ Length: ULONG,
+ Atom: PRTL_ATOM,
+ ) -> NTSTATUS;
+ fn NtDeleteAtom(
+ Atom: RTL_ATOM,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum ATOM_INFORMATION_CLASS {
+ AtomBasicInformation = 0,
+ AtomTableInformation = 1,
+}}
+STRUCT!{struct ATOM_BASIC_INFORMATION {
+ UsageCount: USHORT,
+ Flags: USHORT,
+ NameLength: USHORT,
+ Name: [WCHAR; 1],
+}}
+pub type PATOM_BASIC_INFORMATION = *mut ATOM_BASIC_INFORMATION;
+STRUCT!{struct ATOM_TABLE_INFORMATION {
+ NumberOfAtoms: ULONG,
+ Atoms: [RTL_ATOM; 1],
+}}
+pub type PATOM_TABLE_INFORMATION = *mut ATOM_TABLE_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtQueryInformationAtom(
+ Atom: RTL_ATOM,
+ AtomInformationClass: ATOM_INFORMATION_CLASS,
+ AtomInformation: PVOID,
+ AtomInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
+pub const FLG_STOP_ON_EXCEPTION: u32 = 0x00000001;
+pub const FLG_SHOW_LDR_SNAPS: u32 = 0x00000002;
+pub const FLG_DEBUG_INITIAL_COMMAND: u32 = 0x00000004;
+pub const FLG_STOP_ON_HUNG_GUI: u32 = 0x00000008;
+pub const FLG_HEAP_ENABLE_TAIL_CHECK: u32 = 0x00000010;
+pub const FLG_HEAP_ENABLE_FREE_CHECK: u32 = 0x00000020;
+pub const FLG_HEAP_VALIDATE_PARAMETERS: u32 = 0x00000040;
+pub const FLG_HEAP_VALIDATE_ALL: u32 = 0x00000080;
+pub const FLG_APPLICATION_VERIFIER: u32 = 0x00000100;
+pub const FLG_POOL_ENABLE_TAGGING: u32 = 0x00000400;
+pub const FLG_HEAP_ENABLE_TAGGING: u32 = 0x00000800;
+pub const FLG_USER_STACK_TRACE_DB: u32 = 0x00001000;
+pub const FLG_KERNEL_STACK_TRACE_DB: u32 = 0x00002000;
+pub const FLG_MAINTAIN_OBJECT_TYPELIST: u32 = 0x00004000;
+pub const FLG_HEAP_ENABLE_TAG_BY_DLL: u32 = 0x00008000;
+pub const FLG_DISABLE_STACK_EXTENSION: u32 = 0x00010000;
+pub const FLG_ENABLE_CSRDEBUG: u32 = 0x00020000;
+pub const FLG_ENABLE_KDEBUG_SYMBOL_LOAD: u32 = 0x00040000;
+pub const FLG_DISABLE_PAGE_KERNEL_STACKS: u32 = 0x00080000;
+pub const FLG_ENABLE_SYSTEM_CRIT_BREAKS: u32 = 0x00100000;
+pub const FLG_HEAP_DISABLE_COALESCING: u32 = 0x00200000;
+pub const FLG_ENABLE_CLOSE_EXCEPTIONS: u32 = 0x00400000;
+pub const FLG_ENABLE_EXCEPTION_LOGGING: u32 = 0x00800000;
+pub const FLG_ENABLE_HANDLE_TYPE_TAGGING: u32 = 0x01000000;
+pub const FLG_HEAP_PAGE_ALLOCS: u32 = 0x02000000;
+pub const FLG_DEBUG_INITIAL_COMMAND_EX: u32 = 0x04000000;
+pub const FLG_DISABLE_DBGPRINT: u32 = 0x08000000;
+pub const FLG_CRITSEC_EVENT_CREATION: u32 = 0x10000000;
+pub const FLG_LDR_TOP_DOWN: u32 = 0x20000000;
+pub const FLG_ENABLE_HANDLE_EXCEPTIONS: u32 = 0x40000000;
+pub const FLG_DISABLE_PROTDLLS: u32 = 0x80000000;
+pub const FLG_VALID_BITS: u32 = 0xfffffdff;
+pub const FLG_USERMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS
+ | FLG_HEAP_ENABLE_TAIL_CHECK | FLG_HEAP_ENABLE_FREE_CHECK | FLG_HEAP_VALIDATE_PARAMETERS
+ | FLG_HEAP_VALIDATE_ALL | FLG_APPLICATION_VERIFIER | FLG_HEAP_ENABLE_TAGGING
+ | FLG_USER_STACK_TRACE_DB | FLG_HEAP_ENABLE_TAG_BY_DLL | FLG_DISABLE_STACK_EXTENSION
+ | FLG_ENABLE_SYSTEM_CRIT_BREAKS | FLG_HEAP_DISABLE_COALESCING | FLG_DISABLE_PROTDLLS
+ | FLG_HEAP_PAGE_ALLOCS | FLG_CRITSEC_EVENT_CREATION | FLG_LDR_TOP_DOWN;
+pub const FLG_BOOTONLY_VALID_BITS: u32 = FLG_KERNEL_STACK_TRACE_DB | FLG_MAINTAIN_OBJECT_TYPELIST
+ | FLG_ENABLE_CSRDEBUG | FLG_DEBUG_INITIAL_COMMAND | FLG_DEBUG_INITIAL_COMMAND_EX
+ | FLG_DISABLE_PAGE_KERNEL_STACKS;
+pub const FLG_KERNELMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS
+ | FLG_STOP_ON_HUNG_GUI | FLG_POOL_ENABLE_TAGGING | FLG_ENABLE_KDEBUG_SYMBOL_LOAD
+ | FLG_ENABLE_CLOSE_EXCEPTIONS | FLG_ENABLE_EXCEPTION_LOGGING | FLG_ENABLE_HANDLE_TYPE_TAGGING
+ | FLG_DISABLE_DBGPRINT | FLG_ENABLE_HANDLE_EXCEPTIONS;
+EXTERN!{extern "system" {
+ fn NtQueryLicenseValue(
+ ValueName: PUNICODE_STRING,
+ Type: PULONG,
+ Data: PVOID,
+ DataSize: ULONG,
+ ResultDataSize: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetDefaultHardErrorPort(
+ DefaultHardErrorPort: HANDLE,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum SHUTDOWN_ACTION {
+ ShutdownNoReboot = 0,
+ ShutdownReboot = 1,
+ ShutdownPowerOff = 2,
+}}
+EXTERN!{extern "system" {
+ fn NtShutdownSystem(
+ Action: SHUTDOWN_ACTION,
+ ) -> NTSTATUS;
+ fn NtDisplayString(
+ String: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn NtDrawText(
+ Text: PUNICODE_STRING,
+ ) -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/ntgdi.rs b/vendor/ntapi/src/ntgdi.rs
new file mode 100644
index 000000000..ac6e387d4
--- /dev/null
+++ b/vendor/ntapi/src/ntgdi.rs
@@ -0,0 +1,123 @@
+use winapi::shared::ntdef::{PVOID, UCHAR, ULONG, USHORT};
+pub const GDI_MAX_HANDLE_COUNT: usize = 0x4000;
+pub const GDI_HANDLE_INDEX_SHIFT: ULONG = 0;
+pub const GDI_HANDLE_INDEX_BITS: ULONG = 16;
+pub const GDI_HANDLE_INDEX_MASK: ULONG = 0xffff;
+pub const GDI_HANDLE_TYPE_SHIFT: ULONG = 16;
+pub const GDI_HANDLE_TYPE_BITS: ULONG = 5;
+pub const GDI_HANDLE_TYPE_MASK: ULONG = 0x1f;
+pub const GDI_HANDLE_ALTTYPE_SHIFT: ULONG = 21;
+pub const GDI_HANDLE_ALTTYPE_BITS: ULONG = 2;
+pub const GDI_HANDLE_ALTTYPE_MASK: ULONG = 0x3;
+pub const GDI_HANDLE_STOCK_SHIFT: ULONG = 23;
+pub const GDI_HANDLE_STOCK_BITS: ULONG = 1;
+pub const GDI_HANDLE_STOCK_MASK: ULONG = 0x1;
+pub const GDI_HANDLE_UNIQUE_SHIFT: ULONG = 24;
+pub const GDI_HANDLE_UNIQUE_BITS: ULONG = 8;
+pub const GDI_HANDLE_UNIQUE_MASK: ULONG = 0xff;
+#[inline]
+pub const fn GDI_HANDLE_INDEX(Handle: ULONG) -> ULONG {
+ Handle & GDI_HANDLE_INDEX_MASK
+}
+#[inline]
+pub const fn GDI_HANDLE_TYPE(Handle: ULONG) -> ULONG {
+ Handle >> GDI_HANDLE_TYPE_SHIFT & GDI_HANDLE_TYPE_MASK
+}
+#[inline]
+pub const fn GDI_HANDLE_ALTTYPE(Handle: ULONG) -> ULONG {
+ Handle >> GDI_HANDLE_ALTTYPE_SHIFT & GDI_HANDLE_ALTTYPE_MASK
+}
+#[inline]
+pub const fn GDI_HANDLE_STOCK(Handle: ULONG) -> ULONG {
+ Handle >> GDI_HANDLE_STOCK_SHIFT & GDI_HANDLE_STOCK_MASK
+}
+#[inline]
+pub const fn GDI_MAKE_HANDLE(Index: ULONG, Unique: ULONG) -> ULONG {
+ Unique << GDI_HANDLE_INDEX_BITS | Index
+}
+pub const GDI_DEF_TYPE: ULONG = 0;
+pub const GDI_DC_TYPE: ULONG = 1;
+pub const GDI_DD_DIRECTDRAW_TYPE: ULONG = 2;
+pub const GDI_DD_SURFACE_TYPE: ULONG = 3;
+pub const GDI_RGN_TYPE: ULONG = 4;
+pub const GDI_SURF_TYPE: ULONG = 5;
+pub const GDI_CLIENTOBJ_TYPE: ULONG = 6;
+pub const GDI_PATH_TYPE: ULONG = 7;
+pub const GDI_PAL_TYPE: ULONG = 8;
+pub const GDI_ICMLCS_TYPE: ULONG = 9;
+pub const GDI_LFONT_TYPE: ULONG = 10;
+pub const GDI_RFONT_TYPE: ULONG = 11;
+pub const GDI_PFE_TYPE: ULONG = 12;
+pub const GDI_PFT_TYPE: ULONG = 13;
+pub const GDI_ICMCXF_TYPE: ULONG = 14;
+pub const GDI_ICMDLL_TYPE: ULONG = 15;
+pub const GDI_BRUSH_TYPE: ULONG = 16;
+pub const GDI_PFF_TYPE: ULONG = 17;
+pub const GDI_CACHE_TYPE: ULONG = 18;
+pub const GDI_SPACE_TYPE: ULONG = 19;
+pub const GDI_DBRUSH_TYPE: ULONG = 20;
+pub const GDI_META_TYPE: ULONG = 21;
+pub const GDI_EFSTATE_TYPE: ULONG = 22;
+pub const GDI_BMFD_TYPE: ULONG = 23;
+pub const GDI_VTFD_TYPE: ULONG = 24;
+pub const GDI_TTFD_TYPE: ULONG = 25;
+pub const GDI_RC_TYPE: ULONG = 26;
+pub const GDI_TEMP_TYPE: ULONG = 27;
+pub const GDI_DRVOBJ_TYPE: ULONG = 28;
+pub const GDI_DCIOBJ_TYPE: ULONG = 29;
+pub const GDI_SPOOL_TYPE: ULONG = 30;
+#[inline]
+pub const fn GDI_CLIENT_TYPE_FROM_HANDLE(Handle: ULONG) -> ULONG {
+ Handle & (GDI_HANDLE_ALTTYPE_MASK << GDI_HANDLE_ALTTYPE_SHIFT | GDI_HANDLE_TYPE_MASK
+ << GDI_HANDLE_TYPE_SHIFT)
+}
+#[inline]
+pub const fn GDI_CLIENT_TYPE_FROM_UNIQUE(Unique: ULONG) -> ULONG {
+ GDI_CLIENT_TYPE_FROM_HANDLE(Unique << 16)
+}
+pub const GDI_ALTTYPE_1: ULONG = 1 << GDI_HANDLE_ALTTYPE_SHIFT;
+pub const GDI_ALTTYPE_2: ULONG = 2 << GDI_HANDLE_ALTTYPE_SHIFT;
+pub const GDI_ALTTYPE_3: ULONG = 3 << GDI_HANDLE_ALTTYPE_SHIFT;
+pub const GDI_CLIENT_BITMAP_TYPE: ULONG = GDI_SURF_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_BRUSH_TYPE: ULONG = GDI_BRUSH_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_CLIENTOBJ_TYPE: ULONG = GDI_CLIENTOBJ_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_DC_TYPE: ULONG = GDI_DC_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_FONT_TYPE: ULONG = GDI_LFONT_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_PALETTE_TYPE: ULONG = GDI_PAL_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_REGION_TYPE: ULONG = GDI_RGN_TYPE << GDI_HANDLE_TYPE_SHIFT;
+pub const GDI_CLIENT_ALTDC_TYPE: ULONG = GDI_CLIENT_DC_TYPE | GDI_ALTTYPE_1;
+pub const GDI_CLIENT_DIBSECTION_TYPE: ULONG = GDI_CLIENT_BITMAP_TYPE | GDI_ALTTYPE_1;
+pub const GDI_CLIENT_EXTPEN_TYPE: ULONG = GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_2;
+pub const GDI_CLIENT_METADC16_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_3;
+pub const GDI_CLIENT_METAFILE_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_2;
+pub const GDI_CLIENT_METAFILE16_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_1;
+pub const GDI_CLIENT_PEN_TYPE: ULONG = GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_1;
+UNION!{union GDI_HANDLE_ENTRY_u {
+ Object: PVOID,
+ NextFree: PVOID,
+}}
+STRUCT!{struct GDI_HANDLE_ENTRY_Owner_s {
+ ProcessId: USHORT,
+ Bitfields: USHORT,
+}}
+BITFIELD!{GDI_HANDLE_ENTRY_Owner_s Bitfields: USHORT [
+ Lock set_Lock[0..1],
+ Count set_Count[1..16],
+]}
+UNION!{union GDI_HANDLE_ENTRY_Owner {
+ s: GDI_HANDLE_ENTRY_Owner_s,
+ Value: ULONG,
+}}
+STRUCT!{struct GDI_HANDLE_ENTRY {
+ u: GDI_HANDLE_ENTRY_u,
+ Owner: GDI_HANDLE_ENTRY_Owner,
+ Unique: USHORT,
+ Type: UCHAR,
+ Flags: UCHAR,
+ UserPointer: PVOID,
+}}
+pub type PGDI_HANDLE_ENTRY = *mut GDI_HANDLE_ENTRY;
+STRUCT!{struct GDI_SHARED_MEMORY {
+ Handles: [GDI_HANDLE_ENTRY; GDI_MAX_HANDLE_COUNT],
+}}
+pub type PGDI_SHARED_MEMORY = *mut GDI_SHARED_MEMORY;
diff --git a/vendor/ntapi/src/ntioapi.rs b/vendor/ntapi/src/ntioapi.rs
new file mode 100644
index 000000000..48c416b21
--- /dev/null
+++ b/vendor/ntapi/src/ntioapi.rs
@@ -0,0 +1,1464 @@
+use crate::string::UTF16Const;
+use crate::winapi_local::um::winioctl::CTL_CODE;
+use winapi::shared::basetsd::ULONG_PTR;
+use winapi::shared::guiddef::GUID;
+use winapi::shared::minwindef::DWORD;
+use winapi::shared::ntdef::{
+ BOOLEAN, CCHAR, CHAR, HANDLE, LARGE_INTEGER, LONG, LONGLONG, NTSTATUS, PBOOLEAN, PHANDLE,
+ PLARGE_INTEGER, POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG,
+ ULONGLONG, USHORT, WCHAR,
+};
+use winapi::um::winioctl::{
+ FILE_ANY_ACCESS, FILE_DEVICE_MAILSLOT, FILE_DEVICE_NAMED_PIPE, METHOD_BUFFERED, METHOD_NEITHER,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, FILE_ID_128, FILE_READ_DATA, FILE_WRITE_DATA, PFILE_SEGMENT_ELEMENT, PSID, SID,
+};
+pub const FILE_SUPERSEDE: ULONG = 0x00000000;
+pub const FILE_OPEN: ULONG = 0x00000001;
+pub const FILE_CREATE: ULONG = 0x00000002;
+pub const FILE_OPEN_IF: ULONG = 0x00000003;
+pub const FILE_OVERWRITE: ULONG = 0x00000004;
+pub const FILE_OVERWRITE_IF: ULONG = 0x00000005;
+pub const FILE_MAXIMUM_DISPOSITION: ULONG = 0x00000005;
+pub const FILE_DIRECTORY_FILE: ULONG = 0x00000001;
+pub const FILE_WRITE_THROUGH: ULONG = 0x00000002;
+pub const FILE_SEQUENTIAL_ONLY: ULONG = 0x00000004;
+pub const FILE_NO_INTERMEDIATE_BUFFERING: ULONG = 0x00000008;
+pub const FILE_SYNCHRONOUS_IO_ALERT: ULONG = 0x00000010;
+pub const FILE_SYNCHRONOUS_IO_NONALERT: ULONG = 0x00000020;
+pub const FILE_NON_DIRECTORY_FILE: ULONG = 0x00000040;
+pub const FILE_CREATE_TREE_CONNECTION: ULONG = 0x00000080;
+pub const FILE_COMPLETE_IF_OPLOCKED: ULONG = 0x00000100;
+pub const FILE_NO_EA_KNOWLEDGE: ULONG = 0x00000200;
+pub const FILE_OPEN_FOR_RECOVERY: ULONG = 0x00000400;
+pub const FILE_RANDOM_ACCESS: ULONG = 0x00000800;
+pub const FILE_DELETE_ON_CLOSE: ULONG = 0x00001000;
+pub const FILE_OPEN_BY_FILE_ID: ULONG = 0x00002000;
+pub const FILE_OPEN_FOR_BACKUP_INTENT: ULONG = 0x00004000;
+pub const FILE_NO_COMPRESSION: ULONG = 0x00008000;
+pub const FILE_OPEN_REQUIRING_OPLOCK: ULONG = 0x00010000;
+pub const FILE_DISALLOW_EXCLUSIVE: ULONG = 0x00020000;
+pub const FILE_SESSION_AWARE: ULONG = 0x00040000;
+pub const FILE_RESERVE_OPFILTER: ULONG = 0x00100000;
+pub const FILE_OPEN_REPARSE_POINT: ULONG = 0x00200000;
+pub const FILE_OPEN_NO_RECALL: ULONG = 0x00400000;
+pub const FILE_OPEN_FOR_FREE_SPACE_QUERY: ULONG = 0x00800000;
+pub const FILE_COPY_STRUCTURED_STORAGE: ULONG = 0x00000041;
+pub const FILE_STRUCTURED_STORAGE: ULONG = 0x00000441;
+pub const FILE_SUPERSEDED: ULONG = 0x00000000;
+pub const FILE_OPENED: ULONG = 0x00000001;
+pub const FILE_CREATED: ULONG = 0x00000002;
+pub const FILE_OVERWRITTEN: ULONG = 0x00000003;
+pub const FILE_EXISTS: ULONG = 0x00000004;
+pub const FILE_DOES_NOT_EXIST: ULONG = 0x00000005;
+pub const FILE_WRITE_TO_END_OF_FILE: ULONG = 0xffffffff;
+pub const FILE_USE_FILE_POINTER_POSITION: ULONG = 0xfffffffe;
+pub const FILE_BYTE_ALIGNMENT: ULONG = 0x00000000;
+pub const FILE_WORD_ALIGNMENT: ULONG = 0x00000001;
+pub const FILE_LONG_ALIGNMENT: ULONG = 0x00000003;
+pub const FILE_QUAD_ALIGNMENT: ULONG = 0x00000007;
+pub const FILE_OCTA_ALIGNMENT: ULONG = 0x0000000f;
+pub const FILE_32_BYTE_ALIGNMENT: ULONG = 0x0000001f;
+pub const FILE_64_BYTE_ALIGNMENT: ULONG = 0x0000003f;
+pub const FILE_128_BYTE_ALIGNMENT: ULONG = 0x0000007f;
+pub const FILE_256_BYTE_ALIGNMENT: ULONG = 0x000000ff;
+pub const FILE_512_BYTE_ALIGNMENT: ULONG = 0x000001ff;
+pub const MAXIMUM_FILENAME_LENGTH: u32 = 256;
+pub const FILE_NEED_EA: ULONG = 0x00000080;
+pub const FILE_EA_TYPE_BINARY: ULONG = 0xfffe;
+pub const FILE_EA_TYPE_ASCII: ULONG = 0xfffd;
+pub const FILE_EA_TYPE_BITMAP: ULONG = 0xfffb;
+pub const FILE_EA_TYPE_METAFILE: ULONG = 0xfffa;
+pub const FILE_EA_TYPE_ICON: ULONG = 0xfff9;
+pub const FILE_EA_TYPE_EA: ULONG = 0xffee;
+pub const FILE_EA_TYPE_MVMT: ULONG = 0xffdf;
+pub const FILE_EA_TYPE_MVST: ULONG = 0xffde;
+pub const FILE_EA_TYPE_ASN1: ULONG = 0xffdd;
+pub const FILE_EA_TYPE_FAMILY_IDS: ULONG = 0xff01;
+pub const FILE_REMOVABLE_MEDIA: ULONG = 0x00000001;
+pub const FILE_READ_ONLY_DEVICE: ULONG = 0x00000002;
+pub const FILE_FLOPPY_DISKETTE: ULONG = 0x00000004;
+pub const FILE_WRITE_ONCE_MEDIA: ULONG = 0x00000008;
+pub const FILE_REMOTE_DEVICE: ULONG = 0x00000010;
+pub const FILE_DEVICE_IS_MOUNTED: ULONG = 0x00000020;
+pub const FILE_VIRTUAL_VOLUME: ULONG = 0x00000040;
+pub const FILE_AUTOGENERATED_DEVICE_NAME: ULONG = 0x00000080;
+pub const FILE_DEVICE_SECURE_OPEN: ULONG = 0x00000100;
+pub const FILE_CHARACTERISTIC_PNP_DEVICE: ULONG = 0x00000800;
+pub const FILE_CHARACTERISTIC_TS_DEVICE: ULONG = 0x00001000;
+pub const FILE_CHARACTERISTIC_WEBDAV_DEVICE: ULONG = 0x00002000;
+pub const FILE_CHARACTERISTIC_CSV: ULONG = 0x00010000;
+pub const FILE_DEVICE_ALLOW_APPCONTAINER_TRAVERSAL: ULONG = 0x00020000;
+pub const FILE_PORTABLE_DEVICE: ULONG = 0x00040000;
+pub const FILE_PIPE_BYTE_STREAM_TYPE: ULONG = 0x00000000;
+pub const FILE_PIPE_MESSAGE_TYPE: ULONG = 0x00000001;
+pub const FILE_PIPE_ACCEPT_REMOTE_CLIENTS: ULONG = 0x00000000;
+pub const FILE_PIPE_REJECT_REMOTE_CLIENTS: ULONG = 0x00000002;
+pub const FILE_PIPE_TYPE_VALID_MASK: ULONG = 0x00000003;
+pub const FILE_PIPE_QUEUE_OPERATION: ULONG = 0x00000000;
+pub const FILE_PIPE_COMPLETE_OPERATION: ULONG = 0x00000001;
+pub const FILE_PIPE_BYTE_STREAM_MODE: ULONG = 0x00000000;
+pub const FILE_PIPE_MESSAGE_MODE: ULONG = 0x00000001;
+pub const FILE_PIPE_INBOUND: ULONG = 0x00000000;
+pub const FILE_PIPE_OUTBOUND: ULONG = 0x00000001;
+pub const FILE_PIPE_FULL_DUPLEX: ULONG = 0x00000002;
+pub const FILE_PIPE_DISCONNECTED_STATE: ULONG = 0x00000001;
+pub const FILE_PIPE_LISTENING_STATE: ULONG = 0x00000002;
+pub const FILE_PIPE_CONNECTED_STATE: ULONG = 0x00000003;
+pub const FILE_PIPE_CLOSING_STATE: ULONG = 0x00000004;
+pub const FILE_PIPE_CLIENT_END: ULONG = 0x00000000;
+pub const FILE_PIPE_SERVER_END: ULONG = 0x00000001;
+pub const MAILSLOT_SIZE_AUTO: u32 = 0;
+UNION!{union IO_STATUS_BLOCK_u {
+ Status: NTSTATUS,
+ Pointer: PVOID,
+}}
+STRUCT!{struct IO_STATUS_BLOCK {
+ u: IO_STATUS_BLOCK_u,
+ Information: ULONG_PTR,
+}}
+pub type PIO_STATUS_BLOCK = *mut IO_STATUS_BLOCK;
+FN!{stdcall PIO_APC_ROUTINE(
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Reserved: ULONG,
+) -> ()}
+STRUCT!{struct FILE_IO_COMPLETION_INFORMATION {
+ KeyContext: PVOID,
+ ApcContext: PVOID,
+ IoStatusBlock: IO_STATUS_BLOCK,
+}}
+pub type PFILE_IO_COMPLETION_INFORMATION = *mut FILE_IO_COMPLETION_INFORMATION;
+ENUM!{enum FILE_INFORMATION_CLASS {
+ FileDirectoryInformation = 1,
+ FileFullDirectoryInformation = 2,
+ FileBothDirectoryInformation = 3,
+ FileBasicInformation = 4,
+ FileStandardInformation = 5,
+ FileInternalInformation = 6,
+ FileEaInformation = 7,
+ FileAccessInformation = 8,
+ FileNameInformation = 9,
+ FileRenameInformation = 10,
+ FileLinkInformation = 11,
+ FileNamesInformation = 12,
+ FileDispositionInformation = 13,
+ FilePositionInformation = 14,
+ FileFullEaInformation = 15,
+ FileModeInformation = 16,
+ FileAlignmentInformation = 17,
+ FileAllInformation = 18,
+ FileAllocationInformation = 19,
+ FileEndOfFileInformation = 20,
+ FileAlternateNameInformation = 21,
+ FileStreamInformation = 22,
+ FilePipeInformation = 23,
+ FilePipeLocalInformation = 24,
+ FilePipeRemoteInformation = 25,
+ FileMailslotQueryInformation = 26,
+ FileMailslotSetInformation = 27,
+ FileCompressionInformation = 28,
+ FileObjectIdInformation = 29,
+ FileCompletionInformation = 30,
+ FileMoveClusterInformation = 31,
+ FileQuotaInformation = 32,
+ FileReparsePointInformation = 33,
+ FileNetworkOpenInformation = 34,
+ FileAttributeTagInformation = 35,
+ FileTrackingInformation = 36,
+ FileIdBothDirectoryInformation = 37,
+ FileIdFullDirectoryInformation = 38,
+ FileValidDataLengthInformation = 39,
+ FileShortNameInformation = 40,
+ FileIoCompletionNotificationInformation = 41,
+ FileIoStatusBlockRangeInformation = 42,
+ FileIoPriorityHintInformation = 43,
+ FileSfioReserveInformation = 44,
+ FileSfioVolumeInformation = 45,
+ FileHardLinkInformation = 46,
+ FileProcessIdsUsingFileInformation = 47,
+ FileNormalizedNameInformation = 48,
+ FileNetworkPhysicalNameInformation = 49,
+ FileIdGlobalTxDirectoryInformation = 50,
+ FileIsRemoteDeviceInformation = 51,
+ FileUnusedInformation = 52,
+ FileNumaNodeInformation = 53,
+ FileStandardLinkInformation = 54,
+ FileRemoteProtocolInformation = 55,
+ FileRenameInformationBypassAccessCheck = 56,
+ FileLinkInformationBypassAccessCheck = 57,
+ FileVolumeNameInformation = 58,
+ FileIdInformation = 59,
+ FileIdExtdDirectoryInformation = 60,
+ FileReplaceCompletionInformation = 61,
+ FileHardLinkFullIdInformation = 62,
+ FileIdExtdBothDirectoryInformation = 63,
+ FileDispositionInformationEx = 64,
+ FileRenameInformationEx = 65,
+ FileRenameInformationExBypassAccessCheck = 66,
+ FileDesiredStorageClassInformation = 67,
+ FileStatInformation = 68,
+ FileMemoryPartitionInformation = 69,
+ FileStatLxInformation = 70,
+ FileCaseSensitiveInformation = 71,
+ FileLinkInformationEx = 72,
+ FileLinkInformationExBypassAccessCheck = 73,
+ FileStorageReserveIdInformation = 74,
+ FileCaseSensitiveInformationForceAccessCheck = 75,
+ FileMaximumInformation = 76,
+}}
+pub type PFILE_INFORMATION_CLASS = *mut FILE_INFORMATION_CLASS;
+STRUCT!{struct FILE_BASIC_INFORMATION {
+ CreationTime: LARGE_INTEGER,
+ LastAccessTime: LARGE_INTEGER,
+ LastWriteTime: LARGE_INTEGER,
+ ChangeTime: LARGE_INTEGER,
+ FileAttributes: ULONG,
+}}
+pub type PFILE_BASIC_INFORMATION = *mut FILE_BASIC_INFORMATION;
+STRUCT!{struct FILE_STANDARD_INFORMATION {
+ AllocationSize: LARGE_INTEGER,
+ EndOfFile: LARGE_INTEGER,
+ NumberOfLinks: ULONG,
+ DeletePending: BOOLEAN,
+ Directory: BOOLEAN,
+}}
+pub type PFILE_STANDARD_INFORMATION = *mut FILE_STANDARD_INFORMATION;
+STRUCT!{struct FILE_STANDARD_INFORMATION_EX {
+ AllocationSize: LARGE_INTEGER,
+ EndOfFile: LARGE_INTEGER,
+ NumberOfLinks: ULONG,
+ DeletePending: BOOLEAN,
+ Directory: BOOLEAN,
+ AlternateStream: BOOLEAN,
+ MetadataAttribute: BOOLEAN,
+}}
+pub type PFILE_STANDARD_INFORMATION_EX = *mut FILE_STANDARD_INFORMATION_EX;
+STRUCT!{struct FILE_INTERNAL_INFORMATION {
+ IndexNumber: LARGE_INTEGER,
+}}
+pub type PFILE_INTERNAL_INFORMATION = *mut FILE_INTERNAL_INFORMATION;
+STRUCT!{struct FILE_EA_INFORMATION {
+ EaSize: ULONG,
+}}
+pub type PFILE_EA_INFORMATION = *mut FILE_EA_INFORMATION;
+STRUCT!{struct FILE_ACCESS_INFORMATION {
+ AccessFlags: ACCESS_MASK,
+}}
+pub type PFILE_ACCESS_INFORMATION = *mut FILE_ACCESS_INFORMATION;
+STRUCT!{struct FILE_POSITION_INFORMATION {
+ CurrentByteOffset: LARGE_INTEGER,
+}}
+pub type PFILE_POSITION_INFORMATION = *mut FILE_POSITION_INFORMATION;
+STRUCT!{struct FILE_MODE_INFORMATION {
+ Mode: ULONG,
+}}
+pub type PFILE_MODE_INFORMATION = *mut FILE_MODE_INFORMATION;
+STRUCT!{struct FILE_ALIGNMENT_INFORMATION {
+ AlignmentRequirement: ULONG,
+}}
+pub type PFILE_ALIGNMENT_INFORMATION = *mut FILE_ALIGNMENT_INFORMATION;
+STRUCT!{struct FILE_NAME_INFORMATION {
+ FileNameLength: ULONG,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_NAME_INFORMATION = *mut FILE_NAME_INFORMATION;
+STRUCT!{struct FILE_ALL_INFORMATION {
+ BasicInformation: FILE_BASIC_INFORMATION,
+ StandardInformation: FILE_STANDARD_INFORMATION,
+ InternalInformation: FILE_INTERNAL_INFORMATION,
+ EaInformation: FILE_EA_INFORMATION,
+ AccessInformation: FILE_ACCESS_INFORMATION,
+ PositionInformation: FILE_POSITION_INFORMATION,
+ ModeInformation: FILE_MODE_INFORMATION,
+ AlignmentInformation: FILE_ALIGNMENT_INFORMATION,
+ NameInformation: FILE_NAME_INFORMATION,
+}}
+pub type PFILE_ALL_INFORMATION = *mut FILE_ALL_INFORMATION;
+STRUCT!{struct FILE_NETWORK_OPEN_INFORMATION {
+ CreationTime: LARGE_INTEGER,
+ LastAccessTime: LARGE_INTEGER,
+ LastWriteTime: LARGE_INTEGER,
+ ChangeTime: LARGE_INTEGER,
+ AllocationSize: LARGE_INTEGER,
+ EndOfFile: LARGE_INTEGER,
+ FileAttributes: ULONG,
+}}
+pub type PFILE_NETWORK_OPEN_INFORMATION = *mut FILE_NETWORK_OPEN_INFORMATION;
+STRUCT!{struct FILE_ATTRIBUTE_TAG_INFORMATION {
+ FileAttributes: ULONG,
+ ReparseTag: ULONG,
+}}
+pub type PFILE_ATTRIBUTE_TAG_INFORMATION = *mut FILE_ATTRIBUTE_TAG_INFORMATION;
+STRUCT!{struct FILE_ALLOCATION_INFORMATION {
+ AllocationSize: LARGE_INTEGER,
+}}
+pub type PFILE_ALLOCATION_INFORMATION = *mut FILE_ALLOCATION_INFORMATION;
+STRUCT!{struct FILE_COMPRESSION_INFORMATION {
+ CompressedFileSize: LARGE_INTEGER,
+ CompressionFormat: USHORT,
+ CompressionUnitShift: UCHAR,
+ ChunkShift: UCHAR,
+ ClusterShift: UCHAR,
+ Reserved: [UCHAR; 3],
+}}
+pub type PFILE_COMPRESSION_INFORMATION = *mut FILE_COMPRESSION_INFORMATION;
+STRUCT!{struct FILE_DISPOSITION_INFORMATION {
+ DeleteFileA: BOOLEAN,
+}}
+pub type PFILE_DISPOSITION_INFORMATION = *mut FILE_DISPOSITION_INFORMATION;
+STRUCT!{struct FILE_END_OF_FILE_INFORMATION {
+ EndOfFile: LARGE_INTEGER,
+}}
+pub type PFILE_END_OF_FILE_INFORMATION = *mut FILE_END_OF_FILE_INFORMATION;
+STRUCT!{struct FILE_VALID_DATA_LENGTH_INFORMATION {
+ ValidDataLength: LARGE_INTEGER,
+}}
+pub type PFILE_VALID_DATA_LENGTH_INFORMATION = *mut FILE_VALID_DATA_LENGTH_INFORMATION;
+STRUCT!{struct FILE_LINK_INFORMATION {
+ ReplaceIfExists: BOOLEAN,
+ RootDirectory: HANDLE,
+ FileNameLength: ULONG,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_LINK_INFORMATION = *mut FILE_LINK_INFORMATION;
+STRUCT!{struct FILE_MOVE_CLUSTER_INFORMATION {
+ ClusterCount: ULONG,
+ RootDirectory: HANDLE,
+ FileNameLength: ULONG,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_MOVE_CLUSTER_INFORMATION = *mut FILE_MOVE_CLUSTER_INFORMATION;
+STRUCT!{struct FILE_RENAME_INFORMATION {
+ ReplaceIfExists: BOOLEAN,
+ RootDirectory: HANDLE,
+ FileNameLength: ULONG,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_RENAME_INFORMATION = *mut FILE_RENAME_INFORMATION;
+STRUCT!{struct FILE_STREAM_INFORMATION {
+ NextEntryOffset: ULONG,
+ StreamNameLength: ULONG,
+ StreamSize: LARGE_INTEGER,
+ StreamAllocationSize: LARGE_INTEGER,
+ StreamName: [WCHAR; 1],
+}}
+pub type PFILE_STREAM_INFORMATION = *mut FILE_STREAM_INFORMATION;
+STRUCT!{struct FILE_TRACKING_INFORMATION {
+ DestinationFile: HANDLE,
+ ObjectInformationLength: ULONG,
+ ObjectInformation: [CHAR; 1],
+}}
+pub type PFILE_TRACKING_INFORMATION = *mut FILE_TRACKING_INFORMATION;
+STRUCT!{struct FILE_COMPLETION_INFORMATION {
+ Port: HANDLE,
+ Key: PVOID,
+}}
+pub type PFILE_COMPLETION_INFORMATION = *mut FILE_COMPLETION_INFORMATION;
+STRUCT!{struct FILE_PIPE_INFORMATION {
+ ReadMode: ULONG,
+ CompletionMode: ULONG,
+}}
+pub type PFILE_PIPE_INFORMATION = *mut FILE_PIPE_INFORMATION;
+STRUCT!{struct FILE_PIPE_LOCAL_INFORMATION {
+ NamedPipeType: ULONG,
+ NamedPipeConfiguration: ULONG,
+ MaximumInstances: ULONG,
+ CurrentInstances: ULONG,
+ InboundQuota: ULONG,
+ ReadDataAvailable: ULONG,
+ OutboundQuota: ULONG,
+ WriteQuotaAvailable: ULONG,
+ NamedPipeState: ULONG,
+ NamedPipeEnd: ULONG,
+}}
+pub type PFILE_PIPE_LOCAL_INFORMATION = *mut FILE_PIPE_LOCAL_INFORMATION;
+STRUCT!{struct FILE_PIPE_REMOTE_INFORMATION {
+ CollectDataTime: LARGE_INTEGER,
+ MaximumCollectionCount: ULONG,
+}}
+pub type PFILE_PIPE_REMOTE_INFORMATION = *mut FILE_PIPE_REMOTE_INFORMATION;
+STRUCT!{struct FILE_MAILSLOT_QUERY_INFORMATION {
+ MaximumMessageSize: ULONG,
+ MailslotQuota: ULONG,
+ NextMessageSize: ULONG,
+ MessagesAvailable: ULONG,
+ ReadTimeout: LARGE_INTEGER,
+}}
+pub type PFILE_MAILSLOT_QUERY_INFORMATION = *mut FILE_MAILSLOT_QUERY_INFORMATION;
+STRUCT!{struct FILE_MAILSLOT_SET_INFORMATION {
+ ReadTimeout: PLARGE_INTEGER,
+}}
+pub type PFILE_MAILSLOT_SET_INFORMATION = *mut FILE_MAILSLOT_SET_INFORMATION;
+STRUCT!{struct FILE_REPARSE_POINT_INFORMATION {
+ FileReference: LONGLONG,
+ Tag: ULONG,
+}}
+pub type PFILE_REPARSE_POINT_INFORMATION = *mut FILE_REPARSE_POINT_INFORMATION;
+STRUCT!{struct FILE_LINK_ENTRY_INFORMATION {
+ NextEntryOffset: ULONG,
+ ParentFileId: LONGLONG,
+ FileNameLength: ULONG,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_LINK_ENTRY_INFORMATION = *mut FILE_LINK_ENTRY_INFORMATION;
+STRUCT!{struct FILE_LINKS_INFORMATION {
+ BytesNeeded: ULONG,
+ EntriesReturned: ULONG,
+ Entry: FILE_LINK_ENTRY_INFORMATION,
+}}
+pub type PFILE_LINKS_INFORMATION = *mut FILE_LINKS_INFORMATION;
+STRUCT!{struct FILE_NETWORK_PHYSICAL_NAME_INFORMATION {
+ FileNameLength: ULONG,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_NETWORK_PHYSICAL_NAME_INFORMATION = *mut FILE_NETWORK_PHYSICAL_NAME_INFORMATION;
+STRUCT!{struct FILE_STANDARD_LINK_INFORMATION {
+ NumberOfAccessibleLinks: ULONG,
+ TotalNumberOfLinks: ULONG,
+ DeletePending: BOOLEAN,
+ Directory: BOOLEAN,
+}}
+pub type PFILE_STANDARD_LINK_INFORMATION = *mut FILE_STANDARD_LINK_INFORMATION;
+STRUCT!{struct FILE_SFIO_RESERVE_INFORMATION {
+ RequestsPerPeriod: ULONG,
+ Period: ULONG,
+ RetryFailures: BOOLEAN,
+ Discardable: BOOLEAN,
+ RequestSize: ULONG,
+ NumOutstandingRequests: ULONG,
+}}
+pub type PFILE_SFIO_RESERVE_INFORMATION = *mut FILE_SFIO_RESERVE_INFORMATION;
+STRUCT!{struct FILE_SFIO_VOLUME_INFORMATION {
+ MaximumRequestsPerPeriod: ULONG,
+ MinimumPeriod: ULONG,
+ MinimumTransferSize: ULONG,
+}}
+pub type PFILE_SFIO_VOLUME_INFORMATION = *mut FILE_SFIO_VOLUME_INFORMATION;
+ENUM!{enum IO_PRIORITY_HINT {
+ IoPriorityVeryLow = 0,
+ IoPriorityLow = 1,
+ IoPriorityNormal = 2,
+ IoPriorityHigh = 3,
+ IoPriorityCritical = 4,
+ MaxIoPriorityTypes = 5,
+}}
+STRUCT!{struct FILE_IO_PRIORITY_HINT_INFORMATION {
+ PriorityHint: IO_PRIORITY_HINT,
+}}
+pub type PFILE_IO_PRIORITY_HINT_INFORMATION = *mut FILE_IO_PRIORITY_HINT_INFORMATION;
+STRUCT!{struct FILE_IO_PRIORITY_HINT_INFORMATION_EX {
+ PriorityHint: IO_PRIORITY_HINT,
+ BoostOutstanding: BOOLEAN,
+}}
+pub type PFILE_IO_PRIORITY_HINT_INFORMATION_EX = *mut FILE_IO_PRIORITY_HINT_INFORMATION_EX;
+pub const FILE_SKIP_COMPLETION_PORT_ON_SUCCESS: u32 = 0x1;
+pub const FILE_SKIP_SET_EVENT_ON_HANDLE: u32 = 0x2;
+pub const FILE_SKIP_SET_USER_EVENT_ON_FAST_IO: u32 = 0x4;
+STRUCT!{struct FILE_IO_COMPLETION_NOTIFICATION_INFORMATION {
+ Flags: ULONG,
+}}
+pub type PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION =
+ *mut FILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
+STRUCT!{struct FILE_PROCESS_IDS_USING_FILE_INFORMATION {
+ NumberOfProcessIdsInList: ULONG,
+ ProcessIdList: [ULONG_PTR; 1],
+}}
+pub type PFILE_PROCESS_IDS_USING_FILE_INFORMATION = *mut FILE_PROCESS_IDS_USING_FILE_INFORMATION;
+STRUCT!{struct FILE_IS_REMOTE_DEVICE_INFORMATION {
+ IsRemote: BOOLEAN,
+}}
+pub type PFILE_IS_REMOTE_DEVICE_INFORMATION = *mut FILE_IS_REMOTE_DEVICE_INFORMATION;
+STRUCT!{struct FILE_NUMA_NODE_INFORMATION {
+ NodeNumber: USHORT,
+}}
+pub type PFILE_NUMA_NODE_INFORMATION = *mut FILE_NUMA_NODE_INFORMATION;
+STRUCT!{struct FILE_IOSTATUSBLOCK_RANGE_INFORMATION {
+ IoStatusBlockRange: PUCHAR,
+ Length: ULONG,
+}}
+pub type PFILE_IOSTATUSBLOCK_RANGE_INFORMATION = *mut FILE_IOSTATUSBLOCK_RANGE_INFORMATION;
+STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_GenericReserved {
+ Reserved: [ULONG; 8],
+}}
+STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Server {
+ Capabilities: ULONG,
+}}
+STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Share {
+ Capabilities: ULONG,
+ CachingFlags: ULONG,
+}}
+STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2 {
+ Server: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Server,
+ Share: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Share,
+}}
+UNION!{union FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific {
+ Smb2: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2,
+ Reserved: [ULONG; 16],
+}}
+STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION {
+ StructureVersion: USHORT,
+ StructureSize: USHORT,
+ Protocol: ULONG,
+ ProtocolMajorVersion: USHORT,
+ ProtocolMinorVersion: USHORT,
+ ProtocolRevision: USHORT,
+ Reserved: USHORT,
+ Flags: ULONG,
+ GenericReserved: FILE_REMOTE_PROTOCOL_INFORMATION_GenericReserved,
+ ProtocolSpecific: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific,
+}}
+pub type PFILE_REMOTE_PROTOCOL_INFORMATION = *mut FILE_REMOTE_PROTOCOL_INFORMATION;
+pub const CHECKSUM_ENFORCEMENT_OFF: u32 = 0x00000001;
+STRUCT!{struct FILE_INTEGRITY_STREAM_INFORMATION {
+ ChecksumAlgorithm: USHORT,
+ ChecksumChunkShift: UCHAR,
+ ClusterShift: UCHAR,
+ Flags: ULONG,
+}}
+pub type PFILE_INTEGRITY_STREAM_INFORMATION = *mut FILE_INTEGRITY_STREAM_INFORMATION;
+STRUCT!{struct FILE_VOLUME_NAME_INFORMATION {
+ DeviceNameLength: ULONG,
+ DeviceName: [WCHAR; 1],
+}}
+pub type PFILE_VOLUME_NAME_INFORMATION = *mut FILE_VOLUME_NAME_INFORMATION;
+STRUCT!{struct FILE_ID_INFORMATION {
+ VolumeSerialNumber: ULONGLONG,
+ FileId: FILE_ID_128,
+}}
+pub type PFILE_ID_INFORMATION = *mut FILE_ID_INFORMATION;
+STRUCT!{struct FILE_ID_EXTD_DIR_INFORMATION {
+ NextEntryOffset: ULONG,
+ FileIndex: ULONG,
+ CreationTime: LARGE_INTEGER,
+ LastAccessTime: LARGE_INTEGER,
+ LastWriteTime: LARGE_INTEGER,
+ ChangeTime: LARGE_INTEGER,
+ EndOfFile: LARGE_INTEGER,
+ AllocationSize: LARGE_INTEGER,
+ FileAttributes: ULONG,
+ FileNameLength: ULONG,
+ EaSize: ULONG,
+ ReparsePointTag: ULONG,
+ FileId: FILE_ID_128,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_ID_EXTD_DIR_INFORMATION = *mut FILE_ID_EXTD_DIR_INFORMATION;
+STRUCT!{struct FILE_LINK_ENTRY_FULL_ID_INFORMATION {
+ NextEntryOffset: ULONG,
+ ParentFileId: FILE_ID_128,
+ FileNameLength: ULONG,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_LINK_ENTRY_FULL_ID_INFORMATION = *mut FILE_LINK_ENTRY_FULL_ID_INFORMATION;
+STRUCT!{struct FILE_ID_EXTD_BOTH_DIR_INFORMATION {
+ NextEntryOffset: ULONG,
+ FileIndex: ULONG,
+ CreationTime: LARGE_INTEGER,
+ LastAccessTime: LARGE_INTEGER,
+ LastWriteTime: LARGE_INTEGER,
+ ChangeTime: LARGE_INTEGER,
+ EndOfFile: LARGE_INTEGER,
+ AllocationSize: LARGE_INTEGER,
+ FileAttributes: ULONG,
+ FileNameLength: ULONG,
+ EaSize: ULONG,
+ ReparsePointTag: ULONG,
+ FileId: FILE_ID_128,
+ ShortNameLength: CCHAR,
+ ShortName: [WCHAR; 12],
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_ID_EXTD_BOTH_DIR_INFORMATION = *mut FILE_ID_EXTD_BOTH_DIR_INFORMATION;
+STRUCT!{struct FILE_STAT_INFORMATION {
+ FileId: LARGE_INTEGER,
+ CreationTime: LARGE_INTEGER,
+ LastAccessTime: LARGE_INTEGER,
+ LastWriteTime: LARGE_INTEGER,
+ ChangeTime: LARGE_INTEGER,
+ AllocationSize: LARGE_INTEGER,
+ EndOfFile: LARGE_INTEGER,
+ FileAttributes: ULONG,
+ ReparseTag: ULONG,
+ NumberOfLinks: ULONG,
+ EffectiveAccess: ULONG,
+}}
+pub type PFILE_STAT_INFORMATION = *mut FILE_STAT_INFORMATION;
+STRUCT!{struct FILE_MEMORY_PARTITION_INFORMATION_Flags_s {
+ NoCrossPartitionAccess: UCHAR,
+ Spare: [UCHAR; 3],
+}}
+UNION!{union FILE_MEMORY_PARTITION_INFORMATION_Flags {
+ s: FILE_MEMORY_PARTITION_INFORMATION_Flags_s,
+ AllFlags: ULONG,
+}}
+STRUCT!{struct FILE_MEMORY_PARTITION_INFORMATION {
+ OwnerPartitionHandle: HANDLE,
+ Flags: FILE_MEMORY_PARTITION_INFORMATION_Flags,
+}}
+pub type PFILE_MEMORY_PARTITION_INFORMATION = *mut FILE_MEMORY_PARTITION_INFORMATION;
+STRUCT!{struct FILE_STAT_LX_INFORMATION {
+ FileId: LARGE_INTEGER,
+ CreationTime: LARGE_INTEGER,
+ LastAccessTime: LARGE_INTEGER,
+ LastWriteTime: LARGE_INTEGER,
+ ChangeTime: LARGE_INTEGER,
+ AllocationSize: LARGE_INTEGER,
+ EndOfFile: LARGE_INTEGER,
+ FileAttributes: ULONG,
+ ReparseTag: ULONG,
+ NumberOfLinks: ULONG,
+ EffectiveAccess: ULONG,
+ LxFlags: ULONG,
+ LxUid: ULONG,
+ LxGid: ULONG,
+ LxMode: ULONG,
+ LxDeviceIdMajor: ULONG,
+ LxDeviceIdMinor: ULONG,
+}}
+pub type PFILE_STAT_LX_INFORMATION = *mut FILE_STAT_LX_INFORMATION;
+STRUCT!{struct FILE_CASE_SENSITIVE_INFORMATION {
+ Flags: ULONG,
+}}
+pub type PFILE_CASE_SENSITIVE_INFORMATION = *mut FILE_CASE_SENSITIVE_INFORMATION;
+STRUCT!{struct FILE_DIRECTORY_INFORMATION {
+ NextEntryOffset: ULONG,
+ FileIndex: ULONG,
+ CreationTime: LARGE_INTEGER,
+ LastAccessTime: LARGE_INTEGER,
+ LastWriteTime: LARGE_INTEGER,
+ ChangeTime: LARGE_INTEGER,
+ EndOfFile: LARGE_INTEGER,
+ AllocationSize: LARGE_INTEGER,
+ FileAttributes: ULONG,
+ FileNameLength: ULONG,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_DIRECTORY_INFORMATION = *mut FILE_DIRECTORY_INFORMATION;
+STRUCT!{struct FILE_FULL_DIR_INFORMATION {
+ NextEntryOffset: ULONG,
+ FileIndex: ULONG,
+ CreationTime: LARGE_INTEGER,
+ LastAccessTime: LARGE_INTEGER,
+ LastWriteTime: LARGE_INTEGER,
+ ChangeTime: LARGE_INTEGER,
+ EndOfFile: LARGE_INTEGER,
+ AllocationSize: LARGE_INTEGER,
+ FileAttributes: ULONG,
+ FileNameLength: ULONG,
+ EaSize: ULONG,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_FULL_DIR_INFORMATION = *mut FILE_FULL_DIR_INFORMATION;
+STRUCT!{struct FILE_ID_FULL_DIR_INFORMATION {
+ NextEntryOffset: ULONG,
+ FileIndex: ULONG,
+ CreationTime: LARGE_INTEGER,
+ LastAccessTime: LARGE_INTEGER,
+ LastWriteTime: LARGE_INTEGER,
+ ChangeTime: LARGE_INTEGER,
+ EndOfFile: LARGE_INTEGER,
+ AllocationSize: LARGE_INTEGER,
+ FileAttributes: ULONG,
+ FileNameLength: ULONG,
+ EaSize: ULONG,
+ FileId: LARGE_INTEGER,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_ID_FULL_DIR_INFORMATION = *mut FILE_ID_FULL_DIR_INFORMATION;
+STRUCT!{struct FILE_BOTH_DIR_INFORMATION {
+ NextEntryOffset: ULONG,
+ FileIndex: ULONG,
+ CreationTime: LARGE_INTEGER,
+ LastAccessTime: LARGE_INTEGER,
+ LastWriteTime: LARGE_INTEGER,
+ ChangeTime: LARGE_INTEGER,
+ EndOfFile: LARGE_INTEGER,
+ AllocationSize: LARGE_INTEGER,
+ FileAttributes: ULONG,
+ FileNameLength: ULONG,
+ EaSize: ULONG,
+ ShortNameLength: CCHAR,
+ ShortName: [WCHAR; 12],
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_BOTH_DIR_INFORMATION = *mut FILE_BOTH_DIR_INFORMATION;
+STRUCT!{struct FILE_ID_BOTH_DIR_INFORMATION {
+ NextEntryOffset: ULONG,
+ FileIndex: ULONG,
+ CreationTime: LARGE_INTEGER,
+ LastAccessTime: LARGE_INTEGER,
+ LastWriteTime: LARGE_INTEGER,
+ ChangeTime: LARGE_INTEGER,
+ EndOfFile: LARGE_INTEGER,
+ AllocationSize: LARGE_INTEGER,
+ FileAttributes: ULONG,
+ FileNameLength: ULONG,
+ EaSize: ULONG,
+ ShortNameLength: CCHAR,
+ ShortName: [WCHAR; 12],
+ FileId: LARGE_INTEGER,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_ID_BOTH_DIR_INFORMATION = *mut FILE_ID_BOTH_DIR_INFORMATION;
+STRUCT!{struct FILE_NAMES_INFORMATION {
+ NextEntryOffset: ULONG,
+ FileIndex: ULONG,
+ FileNameLength: ULONG,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_NAMES_INFORMATION = *mut FILE_NAMES_INFORMATION;
+STRUCT!{struct FILE_ID_GLOBAL_TX_DIR_INFORMATION {
+ NextEntryOffset: ULONG,
+ FileIndex: ULONG,
+ CreationTime: LARGE_INTEGER,
+ LastAccessTime: LARGE_INTEGER,
+ LastWriteTime: LARGE_INTEGER,
+ ChangeTime: LARGE_INTEGER,
+ EndOfFile: LARGE_INTEGER,
+ AllocationSize: LARGE_INTEGER,
+ FileAttributes: ULONG,
+ FileNameLength: ULONG,
+ FileId: LARGE_INTEGER,
+ LockingTransactionId: GUID,
+ TxInfoFlags: ULONG,
+ FileName: [WCHAR; 1],
+}}
+pub type PFILE_ID_GLOBAL_TX_DIR_INFORMATION = *mut FILE_ID_GLOBAL_TX_DIR_INFORMATION;
+pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED: u32 = 0x00000001;
+pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX: u32 = 0x00000002;
+pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX: u32 = 0x00000004;
+STRUCT!{struct FILE_OBJECTID_INFORMATION_u_s {
+ BirthVolumeId: [UCHAR; 16],
+ BirthObjectId: [UCHAR; 16],
+ DomainId: [UCHAR; 16],
+}}
+UNION!{union FILE_OBJECTID_INFORMATION_u {
+ s: FILE_OBJECTID_INFORMATION_u_s,
+ ExtendedInfo: [UCHAR; 48],
+}}
+STRUCT!{struct FILE_OBJECTID_INFORMATION {
+ FileReference: LONGLONG,
+ ObjectId: [UCHAR; 16],
+ u: FILE_OBJECTID_INFORMATION_u,
+}}
+pub type PFILE_OBJECTID_INFORMATION = *mut FILE_OBJECTID_INFORMATION;
+STRUCT!{struct FILE_FULL_EA_INFORMATION {
+ NextEntryOffset: ULONG,
+ Flags: UCHAR,
+ EaNameLength: UCHAR,
+ EaValueLength: USHORT,
+ EaName: [CHAR; 1],
+}}
+pub type PFILE_FULL_EA_INFORMATION = *mut FILE_FULL_EA_INFORMATION;
+STRUCT!{struct FILE_GET_EA_INFORMATION {
+ NextEntryOffset: ULONG,
+ EaNameLength: UCHAR,
+ EaName: [CHAR; 1],
+}}
+pub type PFILE_GET_EA_INFORMATION = *mut FILE_GET_EA_INFORMATION;
+STRUCT!{struct FILE_GET_QUOTA_INFORMATION {
+ NextEntryOffset: ULONG,
+ SidLength: ULONG,
+ Sid: SID,
+}}
+pub type PFILE_GET_QUOTA_INFORMATION = *mut FILE_GET_QUOTA_INFORMATION;
+STRUCT!{struct FILE_QUOTA_INFORMATION {
+ NextEntryOffset: ULONG,
+ SidLength: ULONG,
+ ChangeTime: LARGE_INTEGER,
+ QuotaUsed: LARGE_INTEGER,
+ QuotaThreshold: LARGE_INTEGER,
+ QuotaLimit: LARGE_INTEGER,
+ Sid: SID,
+}}
+pub type PFILE_QUOTA_INFORMATION = *mut FILE_QUOTA_INFORMATION;
+ENUM!{enum FS_INFORMATION_CLASS {
+ FileFsVolumeInformation = 1,
+ FileFsLabelInformation = 2,
+ FileFsSizeInformation = 3,
+ FileFsDeviceInformation = 4,
+ FileFsAttributeInformation = 5,
+ FileFsControlInformation = 6,
+ FileFsFullSizeInformation = 7,
+ FileFsObjectIdInformation = 8,
+ FileFsDriverPathInformation = 9,
+ FileFsVolumeFlagsInformation = 10,
+ FileFsSectorSizeInformation = 11,
+ FileFsDataCopyInformation = 12,
+ FileFsMetadataSizeInformation = 13,
+ FileFsFullSizeInformationEx = 14,
+ FileFsMaximumInformation = 15,
+}}
+pub type PFS_INFORMATION_CLASS = *mut FS_INFORMATION_CLASS;
+STRUCT!{struct FILE_FS_LABEL_INFORMATION {
+ VolumeLabelLength: ULONG,
+ VolumeLabel: [WCHAR; 1],
+}}
+pub type PFILE_FS_LABEL_INFORMATION = *mut FILE_FS_LABEL_INFORMATION;
+STRUCT!{struct FILE_FS_VOLUME_INFORMATION {
+ VolumeCreationTime: LARGE_INTEGER,
+ VolumeSerialNumber: ULONG,
+ VolumeLabelLength: ULONG,
+ SupportsObjects: BOOLEAN,
+ VolumeLabel: [WCHAR; 1],
+}}
+pub type PFILE_FS_VOLUME_INFORMATION = *mut FILE_FS_VOLUME_INFORMATION;
+STRUCT!{struct FILE_FS_SIZE_INFORMATION {
+ TotalAllocationUnits: LARGE_INTEGER,
+ AvailableAllocationUnits: LARGE_INTEGER,
+ SectorsPerAllocationUnit: ULONG,
+ BytesPerSector: ULONG,
+}}
+pub type PFILE_FS_SIZE_INFORMATION = *mut FILE_FS_SIZE_INFORMATION;
+STRUCT!{struct FILE_FS_CONTROL_INFORMATION {
+ FreeSpaceStartFiltering: LARGE_INTEGER,
+ FreeSpaceThreshold: LARGE_INTEGER,
+ FreeSpaceStopFiltering: LARGE_INTEGER,
+ DefaultQuotaThreshold: LARGE_INTEGER,
+ DefaultQuotaLimit: LARGE_INTEGER,
+ FileSystemControlFlags: ULONG,
+}}
+pub type PFILE_FS_CONTROL_INFORMATION = *mut FILE_FS_CONTROL_INFORMATION;
+STRUCT!{struct FILE_FS_FULL_SIZE_INFORMATION {
+ TotalAllocationUnits: LARGE_INTEGER,
+ CallerAvailableAllocationUnits: LARGE_INTEGER,
+ ActualAvailableAllocationUnits: LARGE_INTEGER,
+ SectorsPerAllocationUnit: ULONG,
+ BytesPerSector: ULONG,
+}}
+pub type PFILE_FS_FULL_SIZE_INFORMATION = *mut FILE_FS_FULL_SIZE_INFORMATION;
+STRUCT!{struct FILE_FS_OBJECTID_INFORMATION {
+ ObjectId: [UCHAR; 16],
+ ExtendedInfo: [UCHAR; 48],
+}}
+pub type PFILE_FS_OBJECTID_INFORMATION = *mut FILE_FS_OBJECTID_INFORMATION;
+STRUCT!{struct FILE_FS_DEVICE_INFORMATION {
+ DeviceType: DWORD,
+ Characteristics: ULONG,
+}}
+pub type PFILE_FS_DEVICE_INFORMATION = *mut FILE_FS_DEVICE_INFORMATION;
+STRUCT!{struct FILE_FS_ATTRIBUTE_INFORMATION {
+ FileSystemAttributes: ULONG,
+ MaximumComponentNameLength: LONG,
+ FileSystemNameLength: ULONG,
+ FileSystemName: [WCHAR; 1],
+}}
+pub type PFILE_FS_ATTRIBUTE_INFORMATION = *mut FILE_FS_ATTRIBUTE_INFORMATION;
+STRUCT!{struct FILE_FS_DRIVER_PATH_INFORMATION {
+ DriverInPath: BOOLEAN,
+ DriverNameLength: ULONG,
+ DriverName: [WCHAR; 1],
+}}
+pub type PFILE_FS_DRIVER_PATH_INFORMATION = *mut FILE_FS_DRIVER_PATH_INFORMATION;
+STRUCT!{struct FILE_FS_VOLUME_FLAGS_INFORMATION {
+ Flags: ULONG,
+}}
+pub type PFILE_FS_VOLUME_FLAGS_INFORMATION = *mut FILE_FS_VOLUME_FLAGS_INFORMATION;
+pub const SSINFO_FLAGS_ALIGNED_DEVICE: u32 = 0x00000001;
+pub const SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE: u32 = 0x00000002;
+pub const SSINFO_OFFSET_UNKNOWN: u32 = 0xffffffff;
+STRUCT!{struct FILE_FS_SECTOR_SIZE_INFORMATION {
+ LogicalBytesPerSector: ULONG,
+ PhysicalBytesPerSectorForAtomicity: ULONG,
+ PhysicalBytesPerSectorForPerformance: ULONG,
+ FileSystemEffectivePhysicalBytesPerSectorForAtomicity: ULONG,
+ Flags: ULONG,
+ ByteOffsetForSectorAlignment: ULONG,
+ ByteOffsetForPartitionAlignment: ULONG,
+}}
+pub type PFILE_FS_SECTOR_SIZE_INFORMATION = *mut FILE_FS_SECTOR_SIZE_INFORMATION;
+STRUCT!{struct FILE_FS_DATA_COPY_INFORMATION {
+ NumberOfCopies: ULONG,
+}}
+pub type PFILE_FS_DATA_COPY_INFORMATION = *mut FILE_FS_DATA_COPY_INFORMATION;
+STRUCT!{struct FILE_FS_METADATA_SIZE_INFORMATION {
+ TotalMetadataAllocationUnits: LARGE_INTEGER,
+ SectorsPerAllocationUnit: ULONG,
+ BytesPerSector: ULONG,
+}}
+pub type PFILE_FS_METADATA_SIZE_INFORMATION = *mut FILE_FS_METADATA_SIZE_INFORMATION;
+STRUCT!{struct FILE_FS_FULL_SIZE_INFORMATION_EX {
+ ActualTotalAllocationUnits: ULONGLONG,
+ ActualAvailableAllocationUnits: ULONGLONG,
+ ActualPoolUnavailableAllocationUnits: ULONGLONG,
+ CallerTotalAllocationUnits: ULONGLONG,
+ CallerAvailableAllocationUnits: ULONGLONG,
+ CallerPoolUnavailableAllocationUnits: ULONGLONG,
+ UsedAllocationUnits: ULONGLONG,
+ TotalReservedAllocationUnits: ULONGLONG,
+ VolumeStorageReserveAllocationUnits: ULONGLONG,
+ AvailableCommittedAllocationUnits: ULONGLONG,
+ PoolAvailableAllocationUnits: ULONGLONG,
+ SectorsPerAllocationUnit: ULONG,
+ BytesPerSector: ULONG,
+}}
+pub type PFILE_FS_FULL_SIZE_INFORMATION_EX = *mut FILE_FS_FULL_SIZE_INFORMATION_EX;
+EXTERN!{extern "system" {
+ fn NtCreateFile(
+ FileHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ AllocationSize: PLARGE_INTEGER,
+ FileAttributes: ULONG,
+ ShareAccess: ULONG,
+ CreateDisposition: ULONG,
+ CreateOptions: ULONG,
+ EaBuffer: PVOID,
+ EaLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtCreateNamedPipeFile(
+ FileHandle: PHANDLE,
+ DesiredAccess: ULONG,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ShareAccess: ULONG,
+ CreateDisposition: ULONG,
+ CreateOptions: ULONG,
+ NamedPipeType: ULONG,
+ ReadMode: ULONG,
+ CompletionMode: ULONG,
+ MaximumInstances: ULONG,
+ InboundQuota: ULONG,
+ OutboundQuota: ULONG,
+ DefaultTimeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtCreateMailslotFile(
+ FileHandle: PHANDLE,
+ DesiredAccess: ULONG,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ CreateOptions: ULONG,
+ MailslotQuota: ULONG,
+ MaximumMessageSize: ULONG,
+ ReadTimeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtOpenFile(
+ FileHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ShareAccess: ULONG,
+ OpenOptions: ULONG,
+ ) -> NTSTATUS;
+ fn NtDeleteFile(
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtFlushBuffersFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn NtFlushBuffersFileEx(
+ FileHandle: HANDLE,
+ Flags: ULONG,
+ Parameters: PVOID,
+ ParametersSize: ULONG,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn NtQueryInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FileInformation: PVOID,
+ Length: ULONG,
+ FileInformationClass: FILE_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn NtQueryInformationByName(
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FileInformation: PVOID,
+ Length: ULONG,
+ FileInformationClass: FILE_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn NtSetInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FileInformation: PVOID,
+ Length: ULONG,
+ FileInformationClass: FILE_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn NtQueryDirectoryFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FileInformation: PVOID,
+ Length: ULONG,
+ FileInformationClass: FILE_INFORMATION_CLASS,
+ ReturnSingleEntry: BOOLEAN,
+ FileName: PUNICODE_STRING,
+ RestartScan: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtQueryEaFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ReturnSingleEntry: BOOLEAN,
+ EaList: PVOID,
+ EaListLength: ULONG,
+ EaIndex: PULONG,
+ RestartScan: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtSetEaFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ) -> NTSTATUS;
+ fn NtQueryQuotaInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ReturnSingleEntry: BOOLEAN,
+ SidList: PVOID,
+ SidListLength: ULONG,
+ StartSid: PSID,
+ RestartScan: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtSetQuotaInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ) -> NTSTATUS;
+ fn NtQueryVolumeInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FsInformation: PVOID,
+ Length: ULONG,
+ FsInformationClass: FS_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn NtSetVolumeInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FsInformation: PVOID,
+ Length: ULONG,
+ FsInformationClass: FS_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn NtCancelIoFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn NtCancelIoFileEx(
+ FileHandle: HANDLE,
+ IoRequestToCancel: PIO_STATUS_BLOCK,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn NtCancelSynchronousIoFile(
+ ThreadHandle: HANDLE,
+ IoRequestToCancel: PIO_STATUS_BLOCK,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn NtDeviceIoControlFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ IoControlCode: ULONG,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ OutputBuffer: PVOID,
+ OutputBufferLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtFsControlFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FsControlCode: ULONG,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ OutputBuffer: PVOID,
+ OutputBufferLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtReadFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ByteOffset: PLARGE_INTEGER,
+ Key: PULONG,
+ ) -> NTSTATUS;
+ fn NtWriteFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ByteOffset: PLARGE_INTEGER,
+ Key: PULONG,
+ ) -> NTSTATUS;
+ fn NtReadFileScatter(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ SegmentArray: PFILE_SEGMENT_ELEMENT,
+ Length: ULONG,
+ ByteOffset: PLARGE_INTEGER,
+ Key: PULONG,
+ ) -> NTSTATUS;
+ fn NtWriteFileGather(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ SegmentArray: PFILE_SEGMENT_ELEMENT,
+ Length: ULONG,
+ ByteOffset: PLARGE_INTEGER,
+ Key: PULONG,
+ ) -> NTSTATUS;
+ fn NtLockFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ByteOffset: PLARGE_INTEGER,
+ Length: PLARGE_INTEGER,
+ Key: ULONG,
+ FailImmediately: BOOLEAN,
+ ExclusiveLock: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtUnlockFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ByteOffset: PLARGE_INTEGER,
+ Length: PLARGE_INTEGER,
+ Key: ULONG,
+ ) -> NTSTATUS;
+ fn NtQueryAttributesFile(
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ FileInformation: PFILE_BASIC_INFORMATION,
+ ) -> NTSTATUS;
+ fn NtQueryFullAttributesFile(
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ FileInformation: PFILE_NETWORK_OPEN_INFORMATION,
+ ) -> NTSTATUS;
+ fn NtNotifyChangeDirectoryFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ CompletionFilter: ULONG,
+ WatchTree: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtLoadDriver(
+ DriverServiceName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn NtUnloadDriver(
+ DriverServiceName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+}}
+pub const IO_COMPLETION_QUERY_STATE: u32 = 0x0001;
+ENUM!{enum IO_COMPLETION_INFORMATION_CLASS {
+ IoCompletionBasicInformation = 0,
+}}
+STRUCT!{struct IO_COMPLETION_BASIC_INFORMATION {
+ Depth: LONG,
+}}
+pub type PIO_COMPLETION_BASIC_INFORMATION = *mut IO_COMPLETION_BASIC_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtCreateIoCompletion(
+ IoCompletionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Count: ULONG,
+ ) -> NTSTATUS;
+ fn NtOpenIoCompletion(
+ IoCompletionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtQueryIoCompletion(
+ IoCompletionHandle: HANDLE,
+ IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS,
+ IoCompletionInformation: PVOID,
+ IoCompletionInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetIoCompletion(
+ IoCompletionHandle: HANDLE,
+ KeyContext: PVOID,
+ ApcContext: PVOID,
+ IoStatus: NTSTATUS,
+ IoStatusInformation: ULONG_PTR,
+ ) -> NTSTATUS;
+ fn NtSetIoCompletionEx(
+ IoCompletionHandle: HANDLE,
+ IoCompletionPacketHandle: HANDLE,
+ KeyContext: PVOID,
+ ApcContext: PVOID,
+ IoStatus: NTSTATUS,
+ IoStatusInformation: ULONG_PTR,
+ ) -> NTSTATUS;
+ fn NtRemoveIoCompletion(
+ IoCompletionHandle: HANDLE,
+ KeyContext: *mut PVOID,
+ ApcContext: *mut PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtRemoveIoCompletionEx(
+ IoCompletionHandle: HANDLE,
+ IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION,
+ Count: ULONG,
+ NumEntriesRemoved: PULONG,
+ Timeout: PLARGE_INTEGER,
+ Alertable: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtCreateWaitCompletionPacket(
+ WaitCompletionPacketHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtAssociateWaitCompletionPacket(
+ WaitCompletionPacketHandle: HANDLE,
+ IoCompletionHandle: HANDLE,
+ TargetObjectHandle: HANDLE,
+ KeyContext: PVOID,
+ ApcContext: PVOID,
+ IoStatus: NTSTATUS,
+ IoStatusInformation: ULONG_PTR,
+ AlreadySignaled: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtCancelWaitCompletionPacket(
+ WaitCompletionPacketHandle: HANDLE,
+ RemoveSignaledPacket: BOOLEAN,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum IO_SESSION_EVENT {
+ IoSessionEventIgnore = 0,
+ IoSessionEventCreated = 1,
+ IoSessionEventTerminated = 2,
+ IoSessionEventConnected = 3,
+ IoSessionEventDisconnected = 4,
+ IoSessionEventLogon = 5,
+ IoSessionEventLogoff = 6,
+ IoSessionEventMax = 7,
+}}
+ENUM!{enum IO_SESSION_STATE {
+ IoSessionStateCreated = 0,
+ IoSessionStateInitialized = 1,
+ IoSessionStateConnected = 2,
+ IoSessionStateDisconnected = 3,
+ IoSessionStateDisconnectedLoggedOn = 4,
+ IoSessionStateLoggedOn = 5,
+ IoSessionStateLoggedOff = 6,
+ IoSessionStateTerminated = 7,
+ IoSessionStateMax = 8,
+}}
+EXTERN!{extern "system" {
+ fn NtNotifyChangeSession(
+ SessionHandle: HANDLE,
+ ChangeSequenceNumber: ULONG,
+ ChangeTimeStamp: PLARGE_INTEGER,
+ Event: IO_SESSION_EVENT,
+ NewState: IO_SESSION_STATE,
+ PreviousState: IO_SESSION_STATE,
+ Payload: PVOID,
+ PayloadSize: ULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum INTERFACE_TYPE {
+ InterfaceTypeUndefined = -1i32 as u32,
+ Internal = 0,
+ Isa = 1,
+ Eisa = 2,
+ MicroChannel = 3,
+ TurboChannel = 4,
+ PCIBus = 5,
+ VMEBus = 6,
+ NuBus = 7,
+ PCMCIABus = 8,
+ CBus = 9,
+ MPIBus = 10,
+ MPSABus = 11,
+ ProcessorInternal = 12,
+ InternalPowerBus = 13,
+ PNPISABus = 14,
+ PNPBus = 15,
+ Vmcs = 16,
+ MaximumInterfaceType = 17,
+}}
+pub type PINTERFACE_TYPE = *mut INTERFACE_TYPE;
+ENUM!{enum DMA_WIDTH {
+ Width8Bits = 0,
+ Width16Bits = 1,
+ Width32Bits = 2,
+ MaximumDmaWidth = 3,
+}}
+pub type PDMA_WIDTH = *mut DMA_WIDTH;
+ENUM!{enum DMA_SPEED {
+ Compatible = 0,
+ TypeA = 1,
+ TypeB = 2,
+ TypeC = 3,
+ TypeF = 4,
+ MaximumDmaSpeed = 5,
+}}
+pub type PDMA_SPEED = *mut DMA_SPEED;
+ENUM!{enum BUS_DATA_TYPE {
+ ConfigurationSpaceUndefined = -1i32 as u32,
+ Cmos = 0,
+ EisaConfiguration = 1,
+ Pos = 2,
+ CbusConfiguration = 3,
+ PCIConfiguration = 4,
+ VMEConfiguration = 5,
+ NuBusConfiguration = 6,
+ PCMCIAConfiguration = 7,
+ MPIConfiguration = 8,
+ MPSAConfiguration = 9,
+ PNPISAConfiguration = 10,
+ SgiInternalConfiguration = 11,
+ MaximumBusDataType = 12,
+}}
+pub type PBUS_DATA_TYPE = *mut BUS_DATA_TYPE;
+pub const SYMLINK_FLAG_RELATIVE: u32 = 1;
+STRUCT!{struct REPARSE_DATA_BUFFER_u_SymbolicLinkReparseBuffer {
+ SubstituteNameOffset: USHORT,
+ SubstituteNameLength: USHORT,
+ PrintNameOffset: USHORT,
+ PrintNameLength: USHORT,
+ Flags: ULONG,
+ PathBuffer: [WCHAR; 1],
+}}
+STRUCT!{struct REPARSE_DATA_BUFFER_u_MountPointReparseBuffer {
+ SubstituteNameOffset: USHORT,
+ SubstituteNameLength: USHORT,
+ PrintNameOffset: USHORT,
+ PrintNameLength: USHORT,
+ PathBuffer: [WCHAR; 1],
+}}
+STRUCT!{struct REPARSE_DATA_BUFFER_u_GenericReparseBuffer {
+ DataBuffer: [UCHAR; 1],
+}}
+UNION!{union REPARSE_DATA_BUFFER_u {
+ SymbolicLinkReparseBuffer: REPARSE_DATA_BUFFER_u_SymbolicLinkReparseBuffer,
+ MountPointReparseBuffer: REPARSE_DATA_BUFFER_u_MountPointReparseBuffer,
+ GenericReparseBuffer: REPARSE_DATA_BUFFER_u_GenericReparseBuffer,
+}}
+STRUCT!{struct REPARSE_DATA_BUFFER {
+ ReparseTag: ULONG,
+ ReparseDataLength: USHORT,
+ Reserved: USHORT,
+ u: REPARSE_DATA_BUFFER_u,
+}}
+pub type PREPARSE_DATA_BUFFER = *mut REPARSE_DATA_BUFFER;
+/// "\Device\NamedPipe\"
+pub const DEVICE_NAMED_PIPE: UTF16Const = UTF16Const(&[
+ 0x005C, 0x0044, 0x0065, 0x0076, 0x0069, 0x0063, 0x0065, 0x005C, 0x004E, 0x0061, 0x006D, 0x0065,
+ 0x0064, 0x0050, 0x0069, 0x0070, 0x0065, 0x005C, 0u16,
+]);
+pub const FSCTL_PIPE_ASSIGN_EVENT: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_DISCONNECT: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_LISTEN: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_PEEK: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA);
+pub const FSTL_PIPE_QUERY_EVENT: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_TRANSCEIVE: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA);
+pub const FSTL_PIPE_WAIT: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_IMPERSONATE: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_SET_CLIENT_PROCESS: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_QUERY_CLIENT_PROCESS: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_GET_PIPE_ATTRIBUTE: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_SET_PIPE_ATTRIBUTE: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_GET_CONNECTION_ATTRIBUTE: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_SET_CONNECTION_ATTRIBUTE: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_GET_HANDLE_ATTRIBUTE: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_SET_HANDLE_ATTRIBUTE: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS);
+pub const FSTL_PIPE_FLUSH: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA);
+pub const FSTL_PIPE_INTERNAL_READ: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA);
+pub const FSTL_PIPE_INTERNAL_WRITE: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA);
+pub const FSTL_PIPE_INTERNAL_TRANSCEIVE: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA);
+pub const FSTL_PIPE_INTERNAL_READ_OVFLOW: u32 =
+ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA);
+pub const FILE_PIPE_READ_DATA: u32 = 0x00000000;
+pub const FILE_PIPE_WRITE_SPACE: u32 = 0x00000001;
+STRUCT!{struct FILE_PIPE_ASSIGN_EVENT_BUFFER {
+ EventHandle: HANDLE,
+ KeyValue: ULONG,
+}}
+pub type PFILE_PIPE_ASSIGN_EVENT_BUFFER = *mut FILE_PIPE_ASSIGN_EVENT_BUFFER;
+STRUCT!{struct FILE_PIPE_PEEK_BUFFER {
+ NamedPipeState: ULONG,
+ ReadDataAvailable: ULONG,
+ NumberOfMessages: ULONG,
+ MessageLength: ULONG,
+ Data: [CHAR; 1],
+}}
+pub type PFILE_PIPE_PEEK_BUFFER = *mut FILE_PIPE_PEEK_BUFFER;
+STRUCT!{struct FILE_PIPE_EVENT_BUFFER {
+ NamedPipeState: ULONG,
+ EntryType: ULONG,
+ ByteCount: ULONG,
+ KeyValue: ULONG,
+ NumberRequests: ULONG,
+}}
+pub type PFILE_PIPE_EVENT_BUFFER = *mut FILE_PIPE_EVENT_BUFFER;
+STRUCT!{struct FILE_PIPE_WAIT_FOR_BUFFER {
+ Timeout: LARGE_INTEGER,
+ NameLength: ULONG,
+ TimeoutSpecified: BOOLEAN,
+ Name: [WCHAR; 1],
+}}
+pub type PFILE_PIPE_WAIT_FOR_BUFFER = *mut FILE_PIPE_WAIT_FOR_BUFFER;
+STRUCT!{struct FILE_PIPE_CLIENT_PROCESS_BUFFER {
+ ClientSession: PVOID,
+ ClientProcess: PVOID,
+}}
+pub type PFILE_PIPE_CLIENT_PROCESS_BUFFER = *mut FILE_PIPE_CLIENT_PROCESS_BUFFER;
+pub const FILE_PIPE_COMPUTER_NAME_LENGTH: usize = 15;
+STRUCT!{struct FILE_PIPE_CLIENT_PROCESS_BUFFER_EX {
+ ClientSession: PVOID,
+ ClientProcess: PVOID,
+ ClientComputerNameLength: USHORT,
+ ClientComputerBuffer: [WCHAR; FILE_PIPE_COMPUTER_NAME_LENGTH + 1],
+}}
+pub type PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX = *mut FILE_PIPE_CLIENT_PROCESS_BUFFER_EX;
+pub const MAILSLOT_CLASS_FIRSTCLASS: u32 = 1;
+pub const MAILSLOT_CLASS_SECONDCLASS: u32 = 2;
+pub const FSCTL_MAILSLOT_PEEK: u32 =
+ CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA);
+STRUCT!{struct FILE_MAILSLOT_PEEK_BUFFER {
+ ReadDataAvailable: ULONG,
+ NumberOfMessages: ULONG,
+ MessageLength: ULONG,
+}}
+pub type PFILE_MAILSLOT_PEEK_BUFFER = *mut FILE_MAILSLOT_PEEK_BUFFER;
diff --git a/vendor/ntapi/src/ntkeapi.rs b/vendor/ntapi/src/ntkeapi.rs
new file mode 100644
index 000000000..a26f39b39
--- /dev/null
+++ b/vendor/ntapi/src/ntkeapi.rs
@@ -0,0 +1,121 @@
+use winapi::shared::ntdef::{BOOLEAN, NTSTATUS, PVOID, ULONG};
+pub const LOW_PRIORITY: u32 = 0;
+pub const LOW_REALTIME_PRIORITY: u32 = 16;
+pub const HIGH_PRIORITY: u32 = 31;
+pub const MAXIMUM_PRIORITY: u32 = 32;
+ENUM!{enum KTHREAD_STATE {
+ Initialized = 0,
+ Ready = 1,
+ Running = 2,
+ Standby = 3,
+ Terminated = 4,
+ Waiting = 5,
+ Transition = 6,
+ DeferredReady = 7,
+ GateWaitObsolete = 8,
+ WaitingForProcessInSwap = 9,
+ MaximumThreadState = 10,
+}}
+pub type PKTHREAD_STATE = *mut KTHREAD_STATE;
+ENUM!{enum KHETERO_CPU_POLICY {
+ KHeteroCpuPolicyAll = 0,
+ KHeteroCpuPolicyLarge = 1,
+ KHeteroCpuPolicyLargeOrIdle = 2,
+ KHeteroCpuPolicySmall = 3,
+ KHeteroCpuPolicySmallOrIdle = 4,
+ KHeteroCpuPolicyDynamic = 5,
+ KHeteroCpuPolicyStaticMax = 6,
+ KHeteroCpuPolicyBiasedSmall = 7,
+ KHeteroCpuPolicyBiasedLarge = 8,
+ KHeteroCpuPolicyDefault = 9,
+ KHeteroCpuPolicyMax = 10,
+}}
+pub type PKHETERO_CPU_POLICY = *mut KHETERO_CPU_POLICY;
+ENUM!{enum KWAIT_REASON {
+ Executive = 0,
+ FreePage = 1,
+ PageIn = 2,
+ PoolAllocation = 3,
+ DelayExecution = 4,
+ Suspended = 5,
+ UserRequest = 6,
+ WrExecutive = 7,
+ WrFreePage = 8,
+ WrPageIn = 9,
+ WrPoolAllocation = 10,
+ WrDelayExecution = 11,
+ WrSuspended = 12,
+ WrUserRequest = 13,
+ WrEventPair = 14,
+ WrQueue = 15,
+ WrLpcReceive = 16,
+ WrLpcReply = 17,
+ WrVirtualMemory = 18,
+ WrPageOut = 19,
+ WrRendezvous = 20,
+ WrKeyedEvent = 21,
+ WrTerminated = 22,
+ WrProcessInSwap = 23,
+ WrCpuRateControl = 24,
+ WrCalloutStack = 25,
+ WrKernel = 26,
+ WrResource = 27,
+ WrPushLock = 28,
+ WrMutex = 29,
+ WrQuantumEnd = 30,
+ WrDispatchInt = 31,
+ WrPreempted = 32,
+ WrYieldExecution = 33,
+ WrFastMutex = 34,
+ WrGuardedMutex = 35,
+ WrRundown = 36,
+ WrAlertByThreadId = 37,
+ WrDeferredPreempt = 38,
+ MaximumWaitReason = 39,
+}}
+pub type PKWAIT_REASON = *mut KWAIT_REASON;
+ENUM!{enum KPROFILE_SOURCE {
+ ProfileTime = 0,
+ ProfileAlignmentFixup = 1,
+ ProfileTotalIssues = 2,
+ ProfilePipelineDry = 3,
+ ProfileLoadInstructions = 4,
+ ProfilePipelineFrozen = 5,
+ ProfileBranchInstructions = 6,
+ ProfileTotalNonissues = 7,
+ ProfileDcacheMisses = 8,
+ ProfileIcacheMisses = 9,
+ ProfileCacheMisses = 10,
+ ProfileBranchMispredictions = 11,
+ ProfileStoreInstructions = 12,
+ ProfileFpInstructions = 13,
+ ProfileIntegerInstructions = 14,
+ Profile2Issue = 15,
+ Profile3Issue = 16,
+ Profile4Issue = 17,
+ ProfileSpecialInstructions = 18,
+ ProfileTotalCycles = 19,
+ ProfileIcacheIssues = 20,
+ ProfileDcacheAccesses = 21,
+ ProfileMemoryBarrierCycles = 22,
+ ProfileLoadLinkedIssues = 23,
+ ProfileMaximum = 24,
+}}
+EXTERN!{extern "system" {
+ fn NtCallbackReturn(
+ OutputBuffer: PVOID,
+ OutputLength: ULONG,
+ Status: NTSTATUS,
+ ) -> NTSTATUS;
+ fn NtFlushProcessWriteBuffers();
+ fn NtQueryDebugFilterState(
+ ComponentId: ULONG,
+ Level: ULONG,
+ ) -> NTSTATUS;
+ fn NtSetDebugFilterState(
+ ComponentId: ULONG,
+ Level: ULONG,
+ State: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtYieldExecution() -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/ntldr.rs b/vendor/ntapi/src/ntldr.rs
new file mode 100644
index 000000000..1114dd8e2
--- /dev/null
+++ b/vendor/ntapi/src/ntldr.rs
@@ -0,0 +1,661 @@
+use winapi::shared::basetsd::{LONG_PTR, PSIZE_T, SIZE_T, ULONG_PTR};
+use winapi::shared::ntdef::{
+ BOOLEAN, HANDLE, LARGE_INTEGER, LIST_ENTRY, LONG, LONGLONG, NTSTATUS, PANSI_STRING, PCSTR,
+ PCUNICODE_STRING, PCWSTR, PHANDLE, POBJECT_ATTRIBUTES, PSINGLE_LIST_ENTRY, PSTR, PULONG,
+ PUNICODE_STRING, PUSHORT, PVOID, PWSTR, RTL_BALANCED_NODE, SINGLE_LIST_ENTRY, UCHAR, ULONG,
+ UNICODE_STRING, USHORT,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, ACTIVATION_CONTEXT, IMAGE_RESOURCE_DIRECTORY_ENTRY, PCIMAGE_DELAYLOAD_DESCRIPTOR,
+ PIMAGE_BASE_RELOCATION, PIMAGE_IMPORT_DESCRIPTOR, PIMAGE_RESOURCE_DATA_ENTRY,
+ PIMAGE_RESOURCE_DIRECTORY, PIMAGE_RESOURCE_DIRECTORY_STRING, PIMAGE_THUNK_DATA,
+};
+FN!{stdcall PLDR_INIT_ROUTINE(
+ DllHandle: PVOID,
+ Reason: ULONG,
+ Context: PVOID,
+) -> BOOLEAN}
+STRUCT!{struct LDR_SERVICE_TAG_RECORD {
+ Next: *mut LDR_SERVICE_TAG_RECORD,
+ ServiceTag: ULONG,
+}}
+pub type PLDR_SERVICE_TAG_RECORD = *mut LDR_SERVICE_TAG_RECORD;
+STRUCT!{struct LDRP_CSLIST {
+ Tail: PSINGLE_LIST_ENTRY,
+}}
+pub type PLDRP_CSLIST = *mut LDRP_CSLIST;
+ENUM!{enum LDR_DDAG_STATE {
+ LdrModulesMerged = -5i32 as u32,
+ LdrModulesInitError = -4i32 as u32,
+ LdrModulesSnapError = -3i32 as u32,
+ LdrModulesUnloaded = -2i32 as u32,
+ LdrModulesUnloading = -1i32 as u32,
+ LdrModulesPlaceHolder = 0,
+ LdrModulesMapping = 1,
+ LdrModulesMapped = 2,
+ LdrModulesWaitingForDependencies = 3,
+ LdrModulesSnapping = 4,
+ LdrModulesSnapped = 5,
+ LdrModulesCondensed = 6,
+ LdrModulesReadyToInit = 7,
+ LdrModulesInitializing = 8,
+ LdrModulesReadyToRun = 9,
+}}
+UNION!{union LDR_DDAG_NODE_u {
+ Dependencies: LDRP_CSLIST,
+ RemovalLink: SINGLE_LIST_ENTRY,
+}}
+STRUCT!{struct LDR_DDAG_NODE {
+ Modules: LIST_ENTRY,
+ ServiceTagList: PLDR_SERVICE_TAG_RECORD,
+ LoadCount: ULONG,
+ LoadWhileUnloadingCount: ULONG,
+ LowestLink: ULONG,
+ u: LDR_DDAG_NODE_u,
+ IncomingDependencies: LDRP_CSLIST,
+ State: LDR_DDAG_STATE,
+ CondenseLink: SINGLE_LIST_ENTRY,
+ PreorderNumber: ULONG,
+}}
+pub type PLDR_DDAG_NODE = *mut LDR_DDAG_NODE;
+STRUCT!{struct LDR_DEPENDENCY_RECORD {
+ DependencyLink: SINGLE_LIST_ENTRY,
+ DependencyNode: PLDR_DDAG_NODE,
+ IncomingDependencyLink: SINGLE_LIST_ENTRY,
+ IncomingDependencyNode: PLDR_DDAG_NODE,
+}}
+pub type PLDR_DEPENDENCY_RECORD = *mut LDR_DEPENDENCY_RECORD;
+ENUM!{enum LDR_DLL_LOAD_REASON {
+ LoadReasonStaticDependency = 0,
+ LoadReasonStaticForwarderDependency = 1,
+ LoadReasonDynamicForwarderDependency = 2,
+ LoadReasonDelayloadDependency = 3,
+ LoadReasonDynamicLoad = 4,
+ LoadReasonAsImageLoad = 5,
+ LoadReasonAsDataLoad = 6,
+ LoadReasonEnclavePrimary = 7,
+ LoadReasonEnclaveDependency = 8,
+ LoadReasonUnknown = -1i32 as u32,
+}}
+pub type PLDR_DLL_LOAD_REASON = *mut LDR_DLL_LOAD_REASON;
+pub const LDRP_PACKAGED_BINARY: ULONG = 0x00000001;
+pub const LDRP_STATIC_LINK: ULONG = 0x00000002;
+pub const LDRP_IMAGE_DLL: ULONG = 0x00000004;
+pub const LDRP_LOAD_IN_PROGRESS: ULONG = 0x00001000;
+pub const LDRP_UNLOAD_IN_PROGRESS: ULONG = 0x00002000;
+pub const LDRP_ENTRY_PROCESSED: ULONG = 0x00004000;
+pub const LDRP_ENTRY_INSERTED: ULONG = 0x00008000;
+pub const LDRP_CURRENT_LOAD: ULONG = 0x00010000;
+pub const LDRP_FAILED_BUILTIN_LOAD: ULONG = 0x00020000;
+pub const LDRP_DONT_CALL_FOR_THREADS: ULONG = 0x00040000;
+pub const LDRP_PROCESS_ATTACH_CALLED: ULONG = 0x00080000;
+pub const LDRP_DEBUG_SYMBOLS_LOADED: ULONG = 0x00100000;
+pub const LDRP_IMAGE_NOT_AT_BASE: ULONG = 0x00200000;
+pub const LDRP_COR_IMAGE: ULONG = 0x00400000;
+pub const LDRP_DONT_RELOCATE: ULONG = 0x00800000;
+pub const LDRP_SYSTEM_MAPPED: ULONG = 0x01000000;
+pub const LDRP_IMAGE_VERIFYING: ULONG = 0x02000000;
+pub const LDRP_DRIVER_DEPENDENT_DLL: ULONG = 0x04000000;
+pub const LDRP_ENTRY_NATIVE: ULONG = 0x08000000;
+pub const LDRP_REDIRECTED: ULONG = 0x10000000;
+pub const LDRP_NON_PAGED_DEBUG_INFO: ULONG = 0x20000000;
+pub const LDRP_MM_LOADED: ULONG = 0x40000000;
+pub const LDRP_COMPAT_DATABASE_PROCESSED: ULONG = 0x80000000;
+STRUCT!{struct LDRP_LOAD_CONTEXT {
+ BaseDllName: UNICODE_STRING,
+ somestruct: PVOID,
+ Flags: ULONG,
+ pstatus: *mut NTSTATUS,
+ ParentEntry: *mut LDR_DATA_TABLE_ENTRY,
+ Entry: *mut LDR_DATA_TABLE_ENTRY,
+ WorkQueueListEntry: LIST_ENTRY,
+ ReplacedEntry: *mut LDR_DATA_TABLE_ENTRY,
+ pvImports: *mut *mut LDR_DATA_TABLE_ENTRY,
+ ImportDllCount: ULONG,
+ TaskCount: LONG,
+ pvIAT: PVOID,
+ SizeOfIAT: ULONG,
+ CurrentDll: ULONG,
+ piid: PIMAGE_IMPORT_DESCRIPTOR,
+ OriginalIATProtect: ULONG,
+ GuardCFCheckFunctionPointer: PVOID,
+ pGuardCFCheckFunctionPointer: *mut PVOID,
+}}
+UNION!{union LDR_DATA_TABLE_ENTRY_u1 {
+ InInitializationOrderLinks: LIST_ENTRY,
+ InProgressLinks: LIST_ENTRY,
+}}
+UNION!{union LDR_DATA_TABLE_ENTRY_u2 {
+ FlagGroup: [UCHAR; 4],
+ Flags: ULONG,
+}}
+STRUCT!{struct LDR_DATA_TABLE_ENTRY {
+ InLoadOrderLinks: LIST_ENTRY,
+ InMemoryOrderLinks: LIST_ENTRY,
+ u1: LDR_DATA_TABLE_ENTRY_u1,
+ DllBase: PVOID,
+ EntryPoint: PLDR_INIT_ROUTINE,
+ SizeOfImage: ULONG,
+ FullDllName: UNICODE_STRING,
+ BaseDllName: UNICODE_STRING,
+ u2: LDR_DATA_TABLE_ENTRY_u2,
+ ObsoleteLoadCount: USHORT,
+ TlsIndex: USHORT,
+ HashLinks: LIST_ENTRY,
+ TimeDateStamp: ULONG,
+ EntryPointActivationContext: *mut ACTIVATION_CONTEXT,
+ Lock: PVOID,
+ DdagNode: PLDR_DDAG_NODE,
+ NodeModuleLink: LIST_ENTRY,
+ LoadContext: *mut LDRP_LOAD_CONTEXT,
+ ParentDllBase: PVOID,
+ SwitchBackContext: PVOID,
+ BaseAddressIndexNode: RTL_BALANCED_NODE,
+ MappingInfoIndexNode: RTL_BALANCED_NODE,
+ OriginalBase: ULONG_PTR,
+ LoadTime: LARGE_INTEGER,
+ BaseNameHashValue: ULONG,
+ LoadReason: LDR_DLL_LOAD_REASON,
+ ImplicitPathOptions: ULONG,
+ ReferenceCount: ULONG,
+ DependentLoadFlags: ULONG,
+ SigningLevel: UCHAR,
+}}
+BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY_u2 Flags: ULONG [
+ PackagedBinary set_PackagedBinary[0..1],
+ MarkedForRemoval set_MarkedForRemoval[1..2],
+ ImageDll set_ImageDll[2..3],
+ LoadNotificationsSent set_LoadNotificationsSent[3..4],
+ TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5],
+ ProcessStaticImport set_ProcessStaticImport[5..6],
+ InLegacyLists set_InLegacyLists[6..7],
+ InIndexes set_InIndexes[7..8],
+ ShimDll set_ShimDll[8..9],
+ InExceptionTable set_InExceptionTable[9..10],
+ ReservedFlags1 set_ReservedFlags1[10..12],
+ LoadInProgress set_LoadInProgress[12..13],
+ LoadConfigProcessed set_LoadConfigProcessed[13..14],
+ EntryProcessed set_EntryProcessed[14..15],
+ ProtectDelayLoad set_ProtectDelayLoad[15..16],
+ ReservedFlags3 set_ReservedFlags3[16..18],
+ DontCallForThreads set_DontCallForThreads[18..19],
+ ProcessAttachCalled set_ProcessAttachCalled[19..20],
+ ProcessAttachFailed set_ProcessAttachFailed[20..21],
+ CorDeferredValidate set_CorDeferredValidate[21..22],
+ CorImage set_CorImage[22..23],
+ DontRelocate set_DontRelocate[23..24],
+ CorILOnly set_CorILOnly[24..25],
+ ReservedFlags5 set_ReservedFlags5[25..28],
+ Redirected set_Redirected[28..29],
+ ReservedFlags6 set_ReservedFlags6[29..31],
+ CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32],
+]}
+pub type PLDR_DATA_TABLE_ENTRY = *mut LDR_DATA_TABLE_ENTRY;
+#[inline]
+pub const fn LDR_IS_DATAFILE(DllHandle: ULONG_PTR) -> bool {
+ DllHandle & 1 != 0
+}
+#[inline]
+pub const fn LDR_IS_IMAGEMAPPING(DllHandle: ULONG_PTR) -> bool {
+ DllHandle & 2 != 0
+}
+#[inline]
+pub const fn LDR_IS_RESOURCE(DllHandle: ULONG_PTR) -> bool {
+ (LDR_IS_IMAGEMAPPING(DllHandle) | LDR_IS_DATAFILE(DllHandle)) as u8 != 0 //fixme
+}
+EXTERN!{extern "system" {
+ fn LdrLoadDll(
+ DllPath: PWSTR,
+ DllCharacteristics: PULONG,
+ DllName: PUNICODE_STRING,
+ DllHandle: *mut PVOID,
+ ) -> NTSTATUS;
+ fn LdrUnloadDll(
+ DllHandle: PVOID,
+ ) -> NTSTATUS;
+ fn LdrGetDllHandle(
+ DllPath: PWSTR,
+ DllCharacteristics: PULONG,
+ DllName: PUNICODE_STRING,
+ DllHandle: *mut PVOID,
+ ) -> NTSTATUS;
+}}
+pub const LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT: ULONG = 0x00000001;
+pub const LDR_GET_DLL_HANDLE_EX_PIN: ULONG = 0x00000002;
+EXTERN!{extern "system" {
+ fn LdrGetDllHandleEx(
+ Flags: ULONG,
+ DllPath: PWSTR,
+ DllCharacteristics: PULONG,
+ DllName: PUNICODE_STRING,
+ DllHandle: *mut PVOID,
+ ) -> NTSTATUS;
+ fn LdrGetDllHandleByMapping(
+ BaseAddress: PVOID,
+ DllHandle: *mut PVOID,
+ ) -> NTSTATUS;
+ fn LdrGetDllHandleByName(
+ BaseDllName: PUNICODE_STRING,
+ FullDllName: PUNICODE_STRING,
+ DllHandle: *mut PVOID,
+ ) -> NTSTATUS;
+ fn LdrGetDllFullName(
+ DllHandle: PVOID,
+ FullDllName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn LdrGetDllDirectory(
+ DllDirectory: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn LdrSetDllDirectory(
+ DllDirectory: PUNICODE_STRING,
+ ) -> NTSTATUS;
+}}
+pub const LDR_ADDREF_DLL_PIN: ULONG = 0x00000001;
+EXTERN!{extern "system" {
+ fn LdrAddRefDll(
+ Flags: ULONG,
+ DllHandle: PVOID,
+ ) -> NTSTATUS;
+ fn LdrGetProcedureAddress(
+ DllHandle: PVOID,
+ ProcedureName: PANSI_STRING,
+ ProcedureNumber: ULONG,
+ ProcedureAddress: *mut PVOID,
+ ) -> NTSTATUS;
+}}
+pub const LDR_GET_PROCEDURE_ADDRESS_DONT_RECORD_FORWARDER: ULONG = 0x00000001;
+EXTERN!{extern "system" {
+ fn LdrGetProcedureAddressEx(
+ DllHandle: PVOID,
+ ProcedureName: PANSI_STRING,
+ ProcedureNumber: ULONG,
+ ProcedureAddress: *mut PVOID,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn LdrGetKnownDllSectionHandle(
+ DllName: PCWSTR,
+ KnownDlls32: BOOLEAN,
+ Section: PHANDLE,
+ ) -> NTSTATUS;
+ fn LdrGetProcedureAddressForCaller(
+ DllHandle: PVOID,
+ ProcedureName: PANSI_STRING,
+ ProcedureNumber: ULONG,
+ ProcedureAddress: *mut PVOID,
+ Flags: ULONG,
+ Callback: *mut PVOID,
+ ) -> NTSTATUS;
+}}
+pub const LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001;
+pub const LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY: ULONG = 0x00000002;
+pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID: ULONG = 0;
+pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED: ULONG = 1;
+pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED: ULONG = 2;
+EXTERN!{extern "system" {
+ fn LdrLockLoaderLock(
+ Flags: ULONG,
+ Disposition: *mut ULONG,
+ Cookie: *mut PVOID,
+ ) -> NTSTATUS;
+}}
+pub const LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001;
+EXTERN!{extern "system" {
+ fn LdrUnlockLoaderLock(
+ Flags: ULONG,
+ Cookie: PVOID,
+ ) -> NTSTATUS;
+ fn LdrRelocateImage(
+ NewBase: PVOID,
+ LoaderName: PSTR,
+ Success: NTSTATUS,
+ Conflict: NTSTATUS,
+ Invalid: NTSTATUS,
+ ) -> NTSTATUS;
+ fn LdrRelocateImageWithBias(
+ NewBase: PVOID,
+ Bias: LONGLONG,
+ LoaderName: PSTR,
+ Success: NTSTATUS,
+ Conflict: NTSTATUS,
+ Invalid: NTSTATUS,
+ ) -> NTSTATUS;
+ fn LdrProcessRelocationBlock(
+ VA: ULONG_PTR,
+ SizeOfBlock: ULONG,
+ NextOffset: PUSHORT,
+ Diff: LONG_PTR,
+ ) -> PIMAGE_BASE_RELOCATION;
+ fn LdrVerifyMappedImageMatchesChecksum(
+ BaseAddress: PVOID,
+ NumberOfBytes: SIZE_T,
+ FileLength: ULONG,
+ ) -> BOOLEAN;
+}}
+FN!{stdcall PLDR_IMPORT_MODULE_CALLBACK(
+ Parameter: PVOID,
+ ModuleName: PSTR,
+) -> ()}
+EXTERN!{extern "system" {
+ fn LdrVerifyImageMatchesChecksum(
+ ImageFileHandle: HANDLE,
+ ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK,
+ ImportCallbackParameter: PVOID,
+ ImageCharacteristics: PUSHORT,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct LDR_IMPORT_CALLBACK_INFO {
+ ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK,
+ ImportCallbackParameter: PVOID,
+}}
+pub type PLDR_IMPORT_CALLBACK_INFO = *mut LDR_IMPORT_CALLBACK_INFO;
+STRUCT!{struct LDR_SECTION_INFO {
+ SectionHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjA: POBJECT_ATTRIBUTES,
+ SectionPageProtection: ULONG,
+ AllocationAttributes: ULONG,
+}}
+pub type PLDR_SECTION_INFO = *mut LDR_SECTION_INFO;
+STRUCT!{struct LDR_VERIFY_IMAGE_INFO {
+ Size: ULONG,
+ Flags: ULONG,
+ CallbackInfo: LDR_IMPORT_CALLBACK_INFO,
+ SectionInfo: LDR_SECTION_INFO,
+ ImageCharacteristics: USHORT,
+}}
+pub type PLDR_VERIFY_IMAGE_INFO = *mut LDR_VERIFY_IMAGE_INFO;
+EXTERN!{extern "system" {
+ fn LdrVerifyImageMatchesChecksumEx(
+ ImageFileHandle: HANDLE,
+ VerifyInfo: PLDR_VERIFY_IMAGE_INFO,
+ ) -> NTSTATUS;
+ fn LdrQueryModuleServiceTags(
+ DllHandle: PVOID,
+ ServiceTagBuffer: PULONG,
+ BufferSize: PULONG,
+ ) -> NTSTATUS;
+}}
+pub const LDR_DLL_NOTIFICATION_REASON_LOADED: ULONG = 1;
+pub const LDR_DLL_NOTIFICATION_REASON_UNLOADED: ULONG = 2;
+STRUCT!{struct LDR_DLL_LOADED_NOTIFICATION_DATA {
+ Flags: ULONG,
+ FullDllName: PUNICODE_STRING,
+ BaseDllName: PUNICODE_STRING,
+ DllBase: PVOID,
+ SizeOfImage: ULONG,
+}}
+pub type PLDR_DLL_LOADED_NOTIFICATION_DATA = *mut LDR_DLL_LOADED_NOTIFICATION_DATA;
+STRUCT!{struct LDR_DLL_UNLOADED_NOTIFICATION_DATA {
+ Flags: ULONG,
+ FullDllName: PCUNICODE_STRING,
+ BaseDllName: PCUNICODE_STRING,
+ DllBase: PVOID,
+ SizeOfImage: ULONG,
+}}
+pub type PLDR_DLL_UNLOADED_NOTIFICATION_DATA = *mut LDR_DLL_UNLOADED_NOTIFICATION_DATA;
+UNION!{union LDR_DLL_NOTIFICATION_DATA {
+ Loaded: LDR_DLL_LOADED_NOTIFICATION_DATA,
+ Unloaded: LDR_DLL_UNLOADED_NOTIFICATION_DATA,
+}}
+pub type PLDR_DLL_NOTIFICATION_DATA = *mut LDR_DLL_NOTIFICATION_DATA;
+FN!{stdcall PLDR_DLL_NOTIFICATION_FUNCTION(
+ NotificationReason: ULONG,
+ NotificationData: PLDR_DLL_NOTIFICATION_DATA,
+ Context: PVOID,
+) -> ()}
+EXTERN!{extern "system" {
+ fn LdrRegisterDllNotification(
+ Flags: ULONG,
+ NotificationFunction: PLDR_DLL_NOTIFICATION_FUNCTION,
+ Context: PVOID,
+ Cookie: *mut PVOID,
+ ) -> NTSTATUS;
+ fn LdrUnregisterDllNotification(
+ Cookie: PVOID,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct PS_MITIGATION_OPTIONS_MAP {
+ Map: [ULONG_PTR; 2],
+}}
+pub type PPS_MITIGATION_OPTIONS_MAP = *mut PS_MITIGATION_OPTIONS_MAP;
+STRUCT!{struct PS_MITIGATION_AUDIT_OPTIONS_MAP {
+ Map: [ULONG_PTR; 2],
+}}
+pub type PPS_MITIGATION_AUDIT_OPTIONS_MAP = *mut PS_MITIGATION_AUDIT_OPTIONS_MAP;
+STRUCT!{struct PS_SYSTEM_DLL_INIT_BLOCK {
+ Size: ULONG,
+ SystemDllWowRelocation: ULONG_PTR,
+ SystemDllNativeRelocation: ULONG_PTR,
+ Wow64SharedInformation: [ULONG_PTR; 16],
+ RngData: ULONG,
+ Flags: ULONG,
+ MitigationOptionsMap: PS_MITIGATION_OPTIONS_MAP,
+ CfgBitMap: ULONG_PTR,
+ CfgBitMapSize: ULONG_PTR,
+ Wow64CfgBitMap: ULONG_PTR,
+ Wow64CfgBitMapSize: ULONG_PTR,
+ MitigationAuditOptionsMap: PS_MITIGATION_AUDIT_OPTIONS_MAP,
+}}
+BITFIELD!{PS_SYSTEM_DLL_INIT_BLOCK Flags: ULONG [
+ CfgOverride set_CfgOverride[0..1],
+ Reserved set_Reserved[1..32],
+]}
+pub type PPS_SYSTEM_DLL_INIT_BLOCK = *mut PS_SYSTEM_DLL_INIT_BLOCK;
+EXTERN!{extern "system" {
+ fn LdrSystemDllInitBlock() -> PPS_SYSTEM_DLL_INIT_BLOCK;
+ fn LdrAddLoadAsDataTable(
+ Module: PVOID,
+ FilePath: PWSTR,
+ Size: SIZE_T,
+ Handle: HANDLE,
+ ) -> NTSTATUS;
+ fn LdrRemoveLoadAsDataTable(
+ InitModule: PVOID,
+ BaseModule: *mut PVOID,
+ Size: PSIZE_T,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn LdrGetFileNameFromLoadAsDataTable(
+ Module: PVOID,
+ pFileNamePrt: *mut PVOID,
+ ) -> NTSTATUS;
+ fn LdrDisableThreadCalloutsForDll(
+ DllImageBase: PVOID,
+ ) -> NTSTATUS;
+ fn LdrAccessResource(
+ DllHandle: PVOID,
+ ResourceDataEntry: PIMAGE_RESOURCE_DATA_ENTRY,
+ ResourceBuffer: *mut PVOID,
+ ResourceLength: *mut ULONG,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct LDR_RESOURCE_INFO {
+ Type: ULONG_PTR,
+ Name: ULONG_PTR,
+ Language: ULONG_PTR,
+}}
+pub type PLDR_RESOURCE_INFO = *mut LDR_RESOURCE_INFO;
+pub const RESOURCE_TYPE_LEVEL: ULONG = 0;
+pub const RESOURCE_NAME_LEVEL: ULONG = 1;
+pub const RESOURCE_LANGUAGE_LEVEL: ULONG = 2;
+pub const RESOURCE_DATA_LEVEL: ULONG = 3;
+EXTERN!{extern "system" {
+ fn LdrFindResource_U(
+ DllHandle: PVOID,
+ ResourceInfo: PLDR_RESOURCE_INFO,
+ Level: ULONG,
+ ResourceDataEntry: *mut PIMAGE_RESOURCE_DATA_ENTRY,
+ ) -> NTSTATUS;
+ fn LdrFindResourceDirectory_U(
+ DllHandle: PVOID,
+ ResourceInfo: PLDR_RESOURCE_INFO,
+ Level: ULONG,
+ ResourceDirectory: *mut PIMAGE_RESOURCE_DIRECTORY,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY_Path_s {
+ Id: USHORT,
+ NameIsPresent: USHORT,
+}}
+UNION!{union LDR_ENUM_RESOURCE_ENTRY_Path {
+ NameOrId: ULONG_PTR,
+ Name: PIMAGE_RESOURCE_DIRECTORY_STRING,
+ s: LDR_ENUM_RESOURCE_ENTRY_Path_s,
+}}
+STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY {
+ Path: [LDR_ENUM_RESOURCE_ENTRY_Path; 3],
+ Data: PVOID,
+ Size: ULONG,
+ Reserved: ULONG,
+}}
+pub type PLDR_ENUM_RESOURCE_ENTRY = *mut LDR_ENUM_RESOURCE_ENTRY;
+#[inline]
+pub unsafe fn NAME_FROM_RESOURCE_ENTRY(
+ RootDirectory: PIMAGE_RESOURCE_DIRECTORY,
+ Entry: &IMAGE_RESOURCE_DIRECTORY_ENTRY,
+) -> usize {
+ if Entry.u.s().NameIsString() != 0 {
+ return RootDirectory as usize + Entry.u.s().NameOffset() as usize;
+ }
+ *Entry.u.Id() as usize
+}
+EXTERN!{extern "system" {
+ fn LdrEnumResources(
+ DllHandle: PVOID,
+ ResourceInfo: PLDR_RESOURCE_INFO,
+ Level: ULONG,
+ ResourceCount: *mut ULONG,
+ Resources: PLDR_ENUM_RESOURCE_ENTRY,
+ ) -> NTSTATUS;
+ fn LdrFindEntryForAddress(
+ DllHandle: PVOID,
+ Entry: *mut PLDR_DATA_TABLE_ENTRY,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION {
+ Section: HANDLE,
+ MappedBase: PVOID,
+ ImageBase: PVOID,
+ ImageSize: ULONG,
+ Flags: ULONG,
+ LoadOrderIndex: USHORT,
+ InitOrderIndex: USHORT,
+ LoadCount: USHORT,
+ OffsetToFileName: USHORT,
+ FullPathName: [UCHAR; 256],
+}}
+pub type PRTL_PROCESS_MODULE_INFORMATION = *mut RTL_PROCESS_MODULE_INFORMATION;
+STRUCT!{struct RTL_PROCESS_MODULES {
+ NumberOfModules: ULONG,
+ Modules: [RTL_PROCESS_MODULE_INFORMATION; 1],
+}}
+pub type PRTL_PROCESS_MODULES = *mut RTL_PROCESS_MODULES;
+STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION_EX {
+ NextOffset: USHORT,
+ BaseInfo: RTL_PROCESS_MODULE_INFORMATION,
+ ImageChecksum: ULONG,
+ TimeDateStamp: ULONG,
+ DefaultBase: PVOID,
+}}
+pub type PRTL_PROCESS_MODULE_INFORMATION_EX = *mut RTL_PROCESS_MODULE_INFORMATION_EX;
+EXTERN!{extern "system" {
+ fn LdrQueryProcessModuleInformation(
+ ModuleInformation: PRTL_PROCESS_MODULES,
+ Size: ULONG,
+ ReturnedSize: PULONG,
+ ) -> NTSTATUS;
+}}
+FN!{stdcall PLDR_ENUM_CALLBACK(
+ ModuleInformation: PLDR_DATA_TABLE_ENTRY,
+ Parameter: PVOID,
+ Stop: *mut BOOLEAN,
+) -> ()}
+EXTERN!{extern "system" {
+ fn LdrEnumerateLoadedModules(
+ ReservedFlag: BOOLEAN,
+ EnumProc: PLDR_ENUM_CALLBACK,
+ Context: PVOID,
+ ) -> NTSTATUS;
+ fn LdrOpenImageFileOptionsKey(
+ SubKey: PUNICODE_STRING,
+ Wow64: BOOLEAN,
+ NewKeyHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn LdrQueryImageFileKeyOption(
+ KeyHandle: HANDLE,
+ ValueName: PCWSTR,
+ Type: ULONG,
+ Buffer: PVOID,
+ BufferSize: ULONG,
+ ReturnedLength: PULONG,
+ ) -> NTSTATUS;
+ fn LdrQueryImageFileExecutionOptions(
+ SubKey: PUNICODE_STRING,
+ ValueName: PCWSTR,
+ ValueSize: ULONG,
+ Buffer: PVOID,
+ BufferSize: ULONG,
+ ReturnedLength: PULONG,
+ ) -> NTSTATUS;
+ fn LdrQueryImageFileExecutionOptionsEx(
+ SubKey: PUNICODE_STRING,
+ ValueName: PCWSTR,
+ Type: ULONG,
+ Buffer: PVOID,
+ BufferSize: ULONG,
+ ReturnedLength: PULONG,
+ Wow64: BOOLEAN,
+ ) -> NTSTATUS;
+}}
+UNION!{union DELAYLOAD_PROC_DESCRIPTOR_Description {
+ Name: PCSTR,
+ Ordinal: ULONG,
+}}
+STRUCT!{struct DELAYLOAD_PROC_DESCRIPTOR {
+ ImportDescribedByName: ULONG,
+ Description: DELAYLOAD_PROC_DESCRIPTOR_Description,
+}}
+pub type PDELAYLOAD_PROC_DESCRIPTOR = *mut DELAYLOAD_PROC_DESCRIPTOR;
+STRUCT!{struct DELAYLOAD_INFO {
+ Size: ULONG,
+ DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR,
+ ThunkAddress: PIMAGE_THUNK_DATA,
+ TargetDllName: PCSTR,
+ TargetApiDescriptor: DELAYLOAD_PROC_DESCRIPTOR,
+ TargetModuleBase: PVOID,
+ Unused: PVOID,
+ LastError: ULONG,
+}}
+pub type PDELAYLOAD_INFO = *mut DELAYLOAD_INFO;
+FN!{stdcall PDELAYLOAD_FAILURE_DLL_CALLBACK(
+ NotificationReason: ULONG,
+ DelayloadInfo: PDELAYLOAD_INFO,
+) -> PVOID}
+FN!{stdcall PDELAYLOAD_FAILURE_SYSTEM_ROUTINE(
+ DllName: PCSTR,
+ ProcName: PCSTR,
+) -> PVOID}
+EXTERN!{extern "system" {
+ fn LdrResolveDelayLoadedAPI(
+ ParentModuleBase: PVOID,
+ DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR,
+ FailureDllHook: PDELAYLOAD_FAILURE_DLL_CALLBACK,
+ FailureSystemHook: PDELAYLOAD_FAILURE_SYSTEM_ROUTINE,
+ ThunkAddress: PIMAGE_THUNK_DATA,
+ Flags: ULONG,
+ ) -> PVOID;
+ fn LdrResolveDelayLoadsFromDll(
+ ParentBase: PVOID,
+ TargetDllName: PCSTR,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn LdrSetDefaultDllDirectories(
+ DirectoryFlags: ULONG,
+ ) -> NTSTATUS;
+ fn LdrShutdownProcess() -> NTSTATUS;
+ fn LdrShutdownThread() -> NTSTATUS;
+ fn LdrSetImplicitPathOptions(
+ ImplicitPathOptions: ULONG,
+ ) -> NTSTATUS;
+ fn LdrControlFlowGuardEnforced() -> BOOLEAN;
+}}
diff --git a/vendor/ntapi/src/ntlpcapi.rs b/vendor/ntapi/src/ntlpcapi.rs
new file mode 100644
index 000000000..012c9056f
--- /dev/null
+++ b/vendor/ntapi/src/ntlpcapi.rs
@@ -0,0 +1,692 @@
+use core::mem::size_of;
+use crate::ntapi_base::{CLIENT_ID, CLIENT_ID64};
+use winapi::ctypes::c_double;
+use winapi::shared::basetsd::{PSIZE_T, SIZE_T, ULONG64, ULONG_PTR};
+use winapi::shared::ntdef::{
+ BOOLEAN, CSHORT, HANDLE, LARGE_INTEGER, NTSTATUS, OBJ_CASE_INSENSITIVE, PHANDLE,
+ PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, ULONG, ULONGLONG,
+ UNICODE_STRING,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, PSECURITY_DESCRIPTOR, PSECURITY_QUALITY_OF_SERVICE, PSID, RTL_SRWLOCK,
+ SECURITY_QUALITY_OF_SERVICE, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE,
+};
+pub const PORT_CONNECT: u32 = 0x0001;
+pub const PORT_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1;
+STRUCT!{struct PORT_MESSAGE_u1_s {
+ DataLength: CSHORT,
+ TotalLength: CSHORT,
+}}
+STRUCT!{struct PORT_MESSAGE_u2_s {
+ Type: CSHORT,
+ DataInfoOffset: CSHORT,
+}}
+UNION!{union PORT_MESSAGE_u1 {
+ s: PORT_MESSAGE_u1_s,
+ Length: ULONG,
+}}
+UNION!{union PORT_MESSAGE_u2 {
+ s: PORT_MESSAGE_u2_s,
+ ZeroInit: ULONG,
+}}
+UNION!{union PORT_MESSAGE_u3 {
+ ClientId: CLIENT_ID,
+ DoNotUseThisField: c_double,
+}}
+UNION!{union PORT_MESSAGE_u4 {
+ ClientViewSize: SIZE_T,
+ CallbackId: ULONG,
+}}
+STRUCT!{struct PORT_MESSAGE {
+ u1: PORT_MESSAGE_u1,
+ u2: PORT_MESSAGE_u2,
+ u3: PORT_MESSAGE_u3,
+ MessageId: ULONG,
+ u4: PORT_MESSAGE_u4,
+}}
+pub type PPORT_MESSAGE = *mut PORT_MESSAGE;
+STRUCT!{struct PORT_DATA_ENTRY {
+ Base: PVOID,
+ Size: ULONG,
+}}
+pub type PPORT_DATA_ENTRY = *mut PORT_DATA_ENTRY;
+STRUCT!{struct PORT_DATA_INFORMATION {
+ CountDataEntries: ULONG,
+ DataEntries: [PORT_DATA_ENTRY; 1],
+}}
+pub type PPORT_DATA_INFORMATION = *mut PORT_DATA_INFORMATION;
+pub const LPC_REQUEST: ULONG = 1;
+pub const LPC_REPLY: ULONG = 2;
+pub const LPC_DATAGRAM: ULONG = 3;
+pub const LPC_LOST_REPLY: ULONG = 4;
+pub const LPC_PORT_CLOSED: ULONG = 5;
+pub const LPC_CLIENT_DIED: ULONG = 6;
+pub const LPC_EXCEPTION: ULONG = 7;
+pub const LPC_DEBUG_EVENT: ULONG = 8;
+pub const LPC_ERROR_EVENT: ULONG = 9;
+pub const LPC_CONNECTION_REQUEST: ULONG = 10;
+pub const LPC_KERNELMODE_MESSAGE: CSHORT = 0x8000;
+pub const LPC_NO_IMPERSONATE: CSHORT = 0x4000;
+pub const PORT_VALID_OBJECT_ATTRIBUTES: u32 = OBJ_CASE_INSENSITIVE;
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+pub const PORT_MAXIMUM_MESSAGE_LENGTH: u32 = 512;
+#[cfg(target_arch = "x86")]
+pub const PORT_MAXIMUM_MESSAGE_LENGTH: u32 = 256;
+pub const LPC_MAX_CONNECTION_INFO_SIZE: u32 = 16 * size_of::<ULONG_PTR>() as u32;
+pub const PORT_TOTAL_MAXIMUM_MESSAGE_LENGTH: u32 = (PORT_MAXIMUM_MESSAGE_LENGTH
+ + size_of::<PORT_MESSAGE>() as u32
+ + LPC_MAX_CONNECTION_INFO_SIZE
+ + 0xf) & !0xf;
+STRUCT!{struct LPC_CLIENT_DIED_MSG {
+ PortMsg: PORT_MESSAGE,
+ CreateTime: LARGE_INTEGER,
+}}
+pub type PLPC_CLIENT_DIED_MSG = *mut LPC_CLIENT_DIED_MSG;
+STRUCT!{struct PORT_VIEW {
+ Length: ULONG,
+ SectionHandle: HANDLE,
+ SectionOffset: ULONG,
+ ViewSize: SIZE_T,
+ ViewBase: PVOID,
+ ViewRemoteBase: PVOID,
+}}
+pub type PPORT_VIEW = *mut PORT_VIEW;
+STRUCT!{struct REMOTE_PORT_VIEW {
+ Length: ULONG,
+ ViewSize: SIZE_T,
+ ViewBase: PVOID,
+}}
+pub type PREMOTE_PORT_VIEW = *mut REMOTE_PORT_VIEW;
+STRUCT!{struct PORT_MESSAGE64_u1_s {
+ DataLength: CSHORT,
+ TotalLength: CSHORT,
+}}
+STRUCT!{struct PORT_MESSAGE64_u2_s {
+ Type: CSHORT,
+ DataInfoOffset: CSHORT,
+}}
+UNION!{union PORT_MESSAGE64_u1 {
+ s: PORT_MESSAGE64_u1_s,
+ Length: ULONG,
+}}
+UNION!{union PORT_MESSAGE64_u2 {
+ s: PORT_MESSAGE64_u2_s,
+ ZeroInit: ULONG,
+}}
+UNION!{union PORT_MESSAGE64_u3 {
+ ClientId: CLIENT_ID64,
+ DoNotUseThisField: c_double,
+}}
+UNION!{union PORT_MESSAGE64_u4 {
+ ClientViewSize: ULONGLONG,
+ CallbackId: ULONG,
+}}
+STRUCT!{struct PORT_MESSAGE64 {
+ u1: PORT_MESSAGE64_u1,
+ u2: PORT_MESSAGE64_u2,
+ u3: PORT_MESSAGE64_u3,
+ MessageId: ULONG,
+ u4: PORT_MESSAGE64_u4,
+}}
+pub type PPORT_MESSAGE64 = *mut PORT_MESSAGE64;
+STRUCT!{struct LPC_CLIENT_DIED_MSG64 {
+ PortMsg: PORT_MESSAGE64,
+ CreateTime: LARGE_INTEGER,
+}}
+pub type PLPC_CLIENT_DIED_MSG64 = *mut LPC_CLIENT_DIED_MSG64;
+STRUCT!{struct PORT_VIEW64 {
+ Length: ULONG,
+ SectionHandle: ULONGLONG,
+ SectionOffset: ULONG,
+ ViewSize: ULONGLONG,
+ ViewBase: ULONGLONG,
+ ViewRemoteBase: ULONGLONG,
+}}
+pub type PPORT_VIEW64 = *mut PORT_VIEW64;
+STRUCT!{struct REMOTE_PORT_VIEW64 {
+ Length: ULONG,
+ ViewSize: ULONGLONG,
+ ViewBase: ULONGLONG,
+}}
+pub type PREMOTE_PORT_VIEW64 = *mut REMOTE_PORT_VIEW64;
+EXTERN!{extern "system" {
+ fn NtCreatePort(
+ PortHandle: PHANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ MaxConnectionInfoLength: ULONG,
+ MaxMessageLength: ULONG,
+ MaxPoolUsage: ULONG,
+ ) -> NTSTATUS;
+ fn NtCreateWaitablePort(
+ PortHandle: PHANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ MaxConnectionInfoLength: ULONG,
+ MaxMessageLength: ULONG,
+ MaxPoolUsage: ULONG,
+ ) -> NTSTATUS;
+ fn NtConnectPort(
+ PortHandle: PHANDLE,
+ PortName: PUNICODE_STRING,
+ SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
+ ClientView: PPORT_VIEW,
+ ServerView: PREMOTE_PORT_VIEW,
+ MaxMessageLength: PULONG,
+ ConnectionInformation: PVOID,
+ ConnectionInformationLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSecureConnectPort(
+ PortHandle: PHANDLE,
+ PortName: PUNICODE_STRING,
+ SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
+ ClientView: PPORT_VIEW,
+ RequiredServerSid: PSID,
+ ServerView: PREMOTE_PORT_VIEW,
+ MaxMessageLength: PULONG,
+ ConnectionInformation: PVOID,
+ ConnectionInformationLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtListenPort(
+ PortHandle: HANDLE,
+ ConnectionRequest: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn NtAcceptConnectPort(
+ PortHandle: PHANDLE,
+ PortContext: PVOID,
+ ConnectionRequest: PPORT_MESSAGE,
+ AcceptConnection: BOOLEAN,
+ ServerView: PPORT_VIEW,
+ ClientView: PREMOTE_PORT_VIEW,
+ ) -> NTSTATUS;
+ fn NtCompleteConnectPort(
+ PortHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtRequestPort(
+ PortHandle: HANDLE,
+ RequestMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn NtRequestWaitReplyPort(
+ PortHandle: HANDLE,
+ RequestMessage: PPORT_MESSAGE,
+ ReplyMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn NtReplyPort(
+ PortHandle: HANDLE,
+ ReplyMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn NtReplyWaitReplyPort(
+ PortHandle: HANDLE,
+ ReplyMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn NtReplyWaitReceivePort(
+ PortHandle: HANDLE,
+ PortContext: *mut PVOID,
+ ReplyMessage: PPORT_MESSAGE,
+ ReceiveMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn NtReplyWaitReceivePortEx(
+ PortHandle: HANDLE,
+ PortContext: *mut PVOID,
+ ReplyMessage: PPORT_MESSAGE,
+ ReceiveMessage: PPORT_MESSAGE,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtImpersonateClientOfPort(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn NtReadRequestData(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ DataEntryIndex: ULONG,
+ Buffer: PVOID,
+ BufferSize: SIZE_T,
+ NumberOfBytesRead: PSIZE_T,
+ ) -> NTSTATUS;
+ fn NtWriteRequestData(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ DataEntryIndex: ULONG,
+ Buffer: PVOID,
+ BufferSize: SIZE_T,
+ NumberOfBytesWritten: PSIZE_T,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum PORT_INFORMATION_CLASS {
+ PortBasicInformation = 0,
+ PortDumpInformation = 1,
+}}
+EXTERN!{extern "system" {
+ fn NtQueryInformationPort(
+ PortHandle: HANDLE,
+ PortInformationClass: PORT_INFORMATION_CLASS,
+ PortInformation: PVOID,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
+pub type PALPC_HANDLE = *mut HANDLE;
+pub type ALPC_HANDLE = HANDLE;
+pub const ALPC_PORFLG_ALLOW_LPC_REQUESTS: ULONG = 0x20000;
+pub const ALPC_PORFLG_WAITABLE_PORT: ULONG = 0x40000;
+pub const ALPC_PORFLG_SYSTEM_PROCESS: ULONG = 0x100000;
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+STRUCT!{struct ALPC_PORT_ATTRIBUTES {
+ Flags: ULONG,
+ SecurityQos: SECURITY_QUALITY_OF_SERVICE,
+ MaxMessageLength: SIZE_T,
+ MemoryBandwidth: SIZE_T,
+ MaxPoolUsage: SIZE_T,
+ MaxSectionSize: SIZE_T,
+ MaxViewSize: SIZE_T,
+ MaxTotalSectionSize: SIZE_T,
+ DupObjectTypes: ULONG,
+ Reserved: ULONG,
+}}
+#[cfg(target_arch = "x86")]
+STRUCT!{struct ALPC_PORT_ATTRIBUTES {
+ Flags: ULONG,
+ SecurityQos: SECURITY_QUALITY_OF_SERVICE,
+ MaxMessageLength: SIZE_T,
+ MemoryBandwidth: SIZE_T,
+ MaxPoolUsage: SIZE_T,
+ MaxSectionSize: SIZE_T,
+ MaxViewSize: SIZE_T,
+ MaxTotalSectionSize: SIZE_T,
+ DupObjectTypes: ULONG,
+}}
+pub type PALPC_PORT_ATTRIBUTES = *mut ALPC_PORT_ATTRIBUTES;
+pub const ALPC_MESSAGE_SECURITY_ATTRIBUTE: ULONG = 0x80000000;
+pub const ALPC_MESSAGE_VIEW_ATTRIBUTE: ULONG = 0x40000000;
+pub const ALPC_MESSAGE_CONTEXT_ATTRIBUTE: ULONG = 0x20000000;
+pub const ALPC_MESSAGE_HANDLE_ATTRIBUTE: ULONG = 0x10000000;
+STRUCT!{struct ALPC_MESSAGE_ATTRIBUTES {
+ AllocatedAttributes: ULONG,
+ ValidAttributes: ULONG,
+}}
+pub type PALPC_MESSAGE_ATTRIBUTES = *mut ALPC_MESSAGE_ATTRIBUTES;
+STRUCT!{struct ALPC_COMPLETION_LIST_STATE {
+ Value: ULONG64,
+}}
+BITFIELD!{ALPC_COMPLETION_LIST_STATE Value: ULONG64 [
+ Head set_Head[0..24],
+ Tail set_Tail[24..48],
+ ActiveThreadCount set_ActiveThreadCount[48..64],
+]}
+pub type PALPC_COMPLETION_LIST_STATE = *mut ALPC_COMPLETION_LIST_STATE;
+pub const ALPC_COMPLETION_LIST_BUFFER_GRANULARITY_MASK: ULONG = 0x3f;
+STRUCT!{#[repr(align(128))] struct ALPC_COMPLETION_LIST_HEADER {
+ StartMagic: ULONG64,
+ TotalSize: ULONG,
+ ListOffset: ULONG,
+ ListSize: ULONG,
+ BitmapOffset: ULONG,
+ BitmapSize: ULONG,
+ DataOffset: ULONG,
+ DataSize: ULONG,
+ AttributeFlags: ULONG,
+ AttributeSize: ULONG,
+ __padding0: [u64; 10],
+ State: ALPC_COMPLETION_LIST_STATE,
+ LastMessageId: ULONG,
+ LastCallbackId: ULONG,
+ __padding1: [u32; 28],
+ PostCount: ULONG,
+ __padding2: [u32; 31],
+ ReturnCount: ULONG,
+ __padding3: [u32; 31],
+ LogSequenceNumber: ULONG,
+ __padding4: [u64; 15],
+ UserLock: RTL_SRWLOCK,
+ EndMagic: ULONG64,
+ __padding5: [u64; 14],
+}}
+pub type PALPC_COMPLETION_LIST_HEADER = *mut ALPC_COMPLETION_LIST_HEADER;
+STRUCT!{struct ALPC_CONTEXT_ATTR {
+ PortContext: PVOID,
+ MessageContext: PVOID,
+ Sequence: ULONG,
+ MessageId: ULONG,
+ CallbackId: ULONG,
+}}
+pub type PALPC_CONTEXT_ATTR = *mut ALPC_CONTEXT_ATTR;
+pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ACCESS: ULONG = 0x10000;
+pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ATTRIBUTES: ULONG = 0x20000;
+pub const ALPC_HANDLEFLG_DUPLICATE_INHERIT: ULONG = 0x80000;
+STRUCT!{struct ALPC_HANDLE_ATTR32 {
+ Flags: ULONG,
+ Reserved0: ULONG,
+ SameAccess: ULONG,
+ SameAttributes: ULONG,
+ Indirect: ULONG,
+ Inherit: ULONG,
+ Reserved1: ULONG,
+ Handle: ULONG,
+ ObjectType: ULONG,
+ DesiredAccess: ULONG,
+ GrantedAccess: ULONG,
+}}
+pub type PALPC_HANDLE_ATTR32 = *mut ALPC_HANDLE_ATTR32;
+STRUCT!{struct ALPC_HANDLE_ATTR {
+ Flags: ULONG,
+ Reserved0: ULONG,
+ SameAccess: ULONG,
+ SameAttributes: ULONG,
+ Indirect: ULONG,
+ Inherit: ULONG,
+ Reserved1: ULONG,
+ Handle: HANDLE,
+ HandleAttrArray: PALPC_HANDLE_ATTR32,
+ ObjectType: ULONG,
+ HandleCount: ULONG,
+ DesiredAccess: ACCESS_MASK,
+ GrantedAccess: ACCESS_MASK,
+}}
+pub type PALPC_HANDLE_ATTR = *mut ALPC_HANDLE_ATTR;
+pub const ALPC_SECFLG_CREATE_HANDLE: ULONG = 0x20000;
+STRUCT!{struct ALPC_SECURITY_ATTR {
+ Flags: ULONG,
+ QoS: PSECURITY_QUALITY_OF_SERVICE,
+ ContextHandle: ALPC_HANDLE,
+}}
+pub type PALPC_SECURITY_ATTR = *mut ALPC_SECURITY_ATTR;
+pub const ALPC_VIEWFLG_NOT_SECURE: ULONG = 0x40000;
+STRUCT!{struct ALPC_DATA_VIEW_ATTR {
+ Flags: ULONG,
+ SectionHandle: ALPC_HANDLE,
+ ViewBase: PVOID,
+ ViewSize: SIZE_T,
+}}
+pub type PALPC_DATA_VIEW_ATTR = *mut ALPC_DATA_VIEW_ATTR;
+ENUM!{enum ALPC_PORT_INFORMATION_CLASS {
+ AlpcBasicInformation = 0,
+ AlpcPortInformation = 1,
+ AlpcAssociateCompletionPortInformation = 2,
+ AlpcConnectedSIDInformation = 3,
+ AlpcServerInformation = 4,
+ AlpcMessageZoneInformation = 5,
+ AlpcRegisterCompletionListInformation = 6,
+ AlpcUnregisterCompletionListInformation = 7,
+ AlpcAdjustCompletionListConcurrencyCountInformation = 8,
+ AlpcRegisterCallbackInformation = 9,
+ AlpcCompletionListRundownInformation = 10,
+ AlpcWaitForPortReferences = 11,
+}}
+STRUCT!{struct ALPC_BASIC_INFORMATION {
+ Flags: ULONG,
+ SequenceNo: ULONG,
+ PortContext: PVOID,
+}}
+pub type PALPC_BASIC_INFORMATION = *mut ALPC_BASIC_INFORMATION;
+STRUCT!{struct ALPC_PORT_ASSOCIATE_COMPLETION_PORT {
+ CompletionKey: PVOID,
+ CompletionPort: HANDLE,
+}}
+pub type PALPC_PORT_ASSOCIATE_COMPLETION_PORT = *mut ALPC_PORT_ASSOCIATE_COMPLETION_PORT;
+STRUCT!{struct ALPC_SERVER_INFORMATION_Out {
+ ThreadBlocked: BOOLEAN,
+ ConnectedProcessId: HANDLE,
+ ConnectionPortName: UNICODE_STRING,
+}}
+UNION!{union ALPC_SERVER_INFORMATION {
+ ThreadHandle: HANDLE,
+ Out: ALPC_SERVER_INFORMATION_Out,
+}}
+pub type PALPC_SERVER_INFORMATION = *mut ALPC_SERVER_INFORMATION;
+STRUCT!{struct ALPC_PORT_MESSAGE_ZONE_INFORMATION {
+ Buffer: PVOID,
+ Size: ULONG,
+}}
+pub type PALPC_PORT_MESSAGE_ZONE_INFORMATION = *mut ALPC_PORT_MESSAGE_ZONE_INFORMATION;
+STRUCT!{struct ALPC_PORT_COMPLETION_LIST_INFORMATION {
+ Buffer: PVOID,
+ Size: ULONG,
+ ConcurrencyCount: ULONG,
+ AttributeFlags: ULONG,
+}}
+pub type PALPC_PORT_COMPLETION_LIST_INFORMATION = *mut ALPC_PORT_COMPLETION_LIST_INFORMATION;
+ENUM!{enum ALPC_MESSAGE_INFORMATION_CLASS {
+ AlpcMessageSidInformation = 0,
+ AlpcMessageTokenModifiedIdInformation = 1,
+ AlpcMessageDirectStatusInformation = 2,
+ AlpcMessageHandleInformation = 3,
+ MaxAlpcMessageInfoClass = 4,
+}}
+pub type PALPC_MESSAGE_INFORMATION_CLASS = *mut ALPC_MESSAGE_INFORMATION_CLASS;
+STRUCT!{struct ALPC_MESSAGE_HANDLE_INFORMATION {
+ Index: ULONG,
+ Flags: ULONG,
+ Handle: ULONG,
+ ObjectType: ULONG,
+ GrantedAccess: ACCESS_MASK,
+}}
+pub type PALPC_MESSAGE_HANDLE_INFORMATION = *mut ALPC_MESSAGE_HANDLE_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtAlpcCreatePort(
+ PortHandle: PHANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PortAttributes: PALPC_PORT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtAlpcDisconnectPort(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtAlpcQueryInformation(
+ PortHandle: HANDLE,
+ PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
+ PortInformation: PVOID,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtAlpcSetInformation(
+ PortHandle: HANDLE,
+ PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
+ PortInformation: PVOID,
+ Length: ULONG,
+ ) -> NTSTATUS;
+ fn NtAlpcCreatePortSection(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ SectionHandle: HANDLE,
+ SectionSize: SIZE_T,
+ AlpcSectionHandle: PALPC_HANDLE,
+ ActualSectionSize: PSIZE_T,
+ ) -> NTSTATUS;
+ fn NtAlpcDeletePortSection(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ SectionHandle: ALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn NtAlpcCreateResourceReserve(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ MessageSize: SIZE_T,
+ ResourceId: PALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn NtAlpcDeleteResourceReserve(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ResourceId: ALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn NtAlpcCreateSectionView(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ViewAttributes: PALPC_DATA_VIEW_ATTR,
+ ) -> NTSTATUS;
+ fn NtAlpcDeleteSectionView(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ViewBase: PVOID,
+ ) -> NTSTATUS;
+ fn NtAlpcCreateSecurityContext(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ SecurityAttribute: PALPC_SECURITY_ATTR,
+ ) -> NTSTATUS;
+ fn NtAlpcDeleteSecurityContext(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ContextHandle: ALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn NtAlpcRevokeSecurityContext(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ContextHandle: ALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn NtAlpcQueryInformationMessage(
+ PortHandle: HANDLE,
+ PortMessage: PPORT_MESSAGE,
+ MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS,
+ MessageInformation: PVOID,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
+pub const ALPC_MSGFLG_REPLY_MESSAGE: ULONG = 0x1;
+pub const ALPC_MSGFLG_LPC_MODE: ULONG = 0x2;
+pub const ALPC_MSGFLG_RELEASE_MESSAGE: ULONG = 0x10000;
+pub const ALPC_MSGFLG_SYNC_REQUEST: ULONG = 0x20000;
+pub const ALPC_MSGFLG_WAIT_USER_MODE: ULONG = 0x100000;
+pub const ALPC_MSGFLG_WAIT_ALERTABLE: ULONG = 0x200000;
+pub const ALPC_MSGFLG_WOW64_CALL: ULONG = 0x80000000;
+EXTERN!{extern "system" {
+ fn NtAlpcConnectPort(
+ PortHandle: PHANDLE,
+ PortName: PUNICODE_STRING,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PortAttributes: PALPC_PORT_ATTRIBUTES,
+ Flags: ULONG,
+ RequiredServerSid: PSID,
+ ConnectionMessage: PPORT_MESSAGE,
+ BufferLength: PULONG,
+ OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtAlpcConnectPortEx(
+ PortHandle: PHANDLE,
+ ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES,
+ ClientPortObjectAttributes: POBJECT_ATTRIBUTES,
+ PortAttributes: PALPC_PORT_ATTRIBUTES,
+ Flags: ULONG,
+ ServerSecurityRequirements: PSECURITY_DESCRIPTOR,
+ ConnectionMessage: PPORT_MESSAGE,
+ BufferLength: PSIZE_T,
+ OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtAlpcAcceptConnectPort(
+ PortHandle: PHANDLE,
+ ConnectionPortHandle: HANDLE,
+ Flags: ULONG,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PortAttributes: PALPC_PORT_ATTRIBUTES,
+ PortContext: PVOID,
+ ConnectionRequest: PPORT_MESSAGE,
+ ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ AcceptConnection: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtAlpcSendWaitReceivePort(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ SendMessageA: PPORT_MESSAGE,
+ SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ ReceiveMessage: PPORT_MESSAGE,
+ BufferLength: PSIZE_T,
+ ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+}}
+pub const ALPC_CANCELFLG_TRY_CANCEL: ULONG = 0x1;
+pub const ALPC_CANCELFLG_NO_CONTEXT_CHECK: ULONG = 0x8;
+pub const ALPC_CANCELFLGP_FLUSH: ULONG = 0x10000;
+EXTERN!{extern "system" {
+ fn NtAlpcCancelMessage(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ MessageContext: PALPC_CONTEXT_ATTR,
+ ) -> NTSTATUS;
+ fn NtAlpcImpersonateClientOfPort(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ Flags: PVOID,
+ ) -> NTSTATUS;
+ fn NtAlpcImpersonateClientContainerOfPort(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtAlpcOpenSenderProcess(
+ ProcessHandle: PHANDLE,
+ PortHandle: HANDLE,
+ PortMessage: PPORT_MESSAGE,
+ Flags: ULONG,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtAlpcOpenSenderThread(
+ ThreadHandle: PHANDLE,
+ PortHandle: HANDLE,
+ PortMessage: PPORT_MESSAGE,
+ Flags: ULONG,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn AlpcMaxAllowedMessageLength() -> ULONG;
+ fn AlpcGetHeaderSize(
+ Flags: ULONG,
+ ) -> ULONG;
+ fn AlpcInitializeMessageAttribute(
+ AttributeFlags: ULONG,
+ Buffer: PALPC_MESSAGE_ATTRIBUTES,
+ BufferSize: ULONG,
+ RequiredBufferSize: PULONG,
+ ) -> NTSTATUS;
+ fn AlpcGetMessageAttribute(
+ Buffer: PALPC_MESSAGE_ATTRIBUTES,
+ AttributeFlag: ULONG,
+ ) -> PVOID;
+ fn AlpcRegisterCompletionList(
+ PortHandle: HANDLE,
+ Buffer: PALPC_COMPLETION_LIST_HEADER,
+ Size: ULONG,
+ ConcurrencyCount: ULONG,
+ AttributeFlags: ULONG,
+ ) -> NTSTATUS;
+ fn AlpcUnregisterCompletionList(
+ PortHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn AlpcRundownCompletionList(
+ PortHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn AlpcAdjustCompletionListConcurrencyCount(
+ PortHandle: HANDLE,
+ ConcurrencyCount: ULONG,
+ ) -> NTSTATUS;
+ fn AlpcRegisterCompletionListWorkerThread(
+ CompletionList: PVOID,
+ ) -> BOOLEAN;
+ fn AlpcUnregisterCompletionListWorkerThread(
+ CompletionList: PVOID,
+ ) -> BOOLEAN;
+ fn AlpcGetCompletionListLastMessageInformation(
+ CompletionList: PVOID,
+ LastMessageId: PULONG,
+ LastCallbackId: PULONG,
+ );
+ fn AlpcGetOutstandingCompletionListMessageCount(
+ CompletionList: PVOID,
+ ) -> ULONG;
+ fn AlpcGetMessageFromCompletionList(
+ CompletionList: PVOID,
+ MessageAttributes: *mut PALPC_MESSAGE_ATTRIBUTES,
+ ) -> PPORT_MESSAGE;
+ fn AlpcFreeCompletionListMessage(
+ CompletionList: PVOID,
+ Message: PPORT_MESSAGE,
+ );
+ fn AlpcGetCompletionListMessageAttributes(
+ CompletionList: PVOID,
+ Message: PPORT_MESSAGE,
+ ) -> PALPC_MESSAGE_ATTRIBUTES;
+}}
diff --git a/vendor/ntapi/src/ntmisc.rs b/vendor/ntapi/src/ntmisc.rs
new file mode 100644
index 000000000..7f579999e
--- /dev/null
+++ b/vendor/ntapi/src/ntmisc.rs
@@ -0,0 +1,42 @@
+use winapi::shared::ntdef::{HANDLE, NTSTATUS, PULONG, PVOID, ULONG};
+use winapi::um::winnt::STANDARD_RIGHTS_ALL;
+pub const FLT_PORT_CONNECT: u32 = 0x0001;
+pub const FLT_PORT_ALL_ACCESS: u32 = FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL;
+ENUM!{enum VDMSERVICECLASS {
+ VdmStartExecution = 0,
+ VdmQueueInterrupt = 1,
+ VdmDelayInterrupt = 2,
+ VdmInitialize = 3,
+ VdmFeatures = 4,
+ VdmSetInt21Handler = 5,
+ VdmQueryDir = 6,
+ VdmPrinterDirectIoOpen = 7,
+ VdmPrinterDirectIoClose = 8,
+ VdmPrinterInitialize = 9,
+ VdmSetLdtEntries = 10,
+ VdmSetProcessLdtInfo = 11,
+ VdmAdlibEmulation = 12,
+ VdmPMCliControl = 13,
+ VdmQueryVdmProcess = 14,
+}}
+pub type PVDMSERVICECLASS = *mut VDMSERVICECLASS;
+EXTERN!{extern "system" {
+ fn NtVdmControl(
+ Service: VDMSERVICECLASS,
+ ServiceData: PVOID,
+ ) -> NTSTATUS;
+ fn NtTraceEvent(
+ TraceHandle: HANDLE,
+ Flags: ULONG,
+ FieldSize: ULONG,
+ Fields: PVOID,
+ ) -> NTSTATUS;
+ fn NtTraceControl(
+ FunctionCode: ULONG,
+ InBuffer: PVOID,
+ InBufferLen: ULONG,
+ OutBuffer: PVOID,
+ OutBufferLen: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/ntmmapi.rs b/vendor/ntapi/src/ntmmapi.rs
new file mode 100644
index 000000000..7cae677aa
--- /dev/null
+++ b/vendor/ntapi/src/ntmmapi.rs
@@ -0,0 +1,630 @@
+use crate::winapi_local::um::winnt::PMEM_EXTENDED_PARAMETER;
+use winapi::shared::basetsd::{PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR};
+use winapi::shared::ntdef::{
+ BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG,
+ PUNICODE_STRING, PVOID, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, PCFG_CALL_TARGET_INFO, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE,
+};
+ENUM!{enum MEMORY_INFORMATION_CLASS {
+ MemoryBasicInformation = 0,
+ MemoryWorkingSetInformation = 1,
+ MemoryMappedFilenameInformation = 2,
+ MemoryRegionInformation = 3,
+ MemoryWorkingSetExInformation = 4,
+ MemorySharedCommitInformation = 5,
+ MemoryImageInformation = 6,
+ MemoryRegionInformationEx = 7,
+ MemoryPrivilegedBasicInformation = 8,
+ MemoryEnclaveImageInformation = 9,
+ MemoryBasicInformationCapped = 10,
+}}
+STRUCT!{struct MEMORY_WORKING_SET_BLOCK {
+ Bitfields: ULONG_PTR,
+}}
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [
+ Protection set_Protection[0..5],
+ ShareCount set_ShareCount[5..8],
+ Shared set_Shared[8..9],
+ Node set_Node[9..12],
+ VirtualPage set_VirtualPage[12..64],
+]}
+#[cfg(target_arch = "x86")]
+BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [
+ Protection set_Protection[0..5],
+ ShareCount set_ShareCount[5..8],
+ Shared set_Shared[8..9],
+ Node set_Node[9..12],
+ VirtualPage set_VirtualPage[12..32],
+]}
+pub type PMEMORY_WORKING_SET_BLOCK = *mut MEMORY_WORKING_SET_BLOCK;
+STRUCT!{struct MEMORY_WORKING_SET_INFORMATION {
+ NumberOfEntries: ULONG_PTR,
+ WorkingSetInfo: [MEMORY_WORKING_SET_BLOCK; 1],
+}}
+pub type PMEMORY_WORKING_SET_INFORMATION = *mut MEMORY_WORKING_SET_INFORMATION;
+STRUCT!{struct MEMORY_REGION_INFORMATION {
+ AllocationBase: PVOID,
+ AllocationProtect: ULONG,
+ RegionType: ULONG,
+ RegionSize: SIZE_T,
+ CommitSize: SIZE_T,
+}}
+BITFIELD!{MEMORY_REGION_INFORMATION RegionType: ULONG [
+ Private set_Private[0..1],
+ MappedDataFile set_MappedDataFile[1..2],
+ MappedImage set_MappedImage[2..3],
+ MappedPageFile set_MappedPageFile[3..4],
+ MappedPhysical set_MappedPhysical[4..5],
+ DirectMapped set_DirectMapped[5..6],
+ SoftwareEnclave set_SoftwareEnclave[6..7],
+ PageSize64K set_PageSize64K[7..8],
+ PlaceholderReservation set_PlaceholderReservation[8..9],
+ Reserved set_Reserved[9..32],
+]}
+pub type PMEMORY_REGION_INFORMATION = *mut MEMORY_REGION_INFORMATION;
+ENUM!{enum MEMORY_WORKING_SET_EX_LOCATION {
+ MemoryLocationInvalid = 0,
+ MemoryLocationResident = 1,
+ MemoryLocationPagefile = 2,
+ MemoryLocationReserved = 3,
+}}
+UNION!{union MEMORY_WORKING_SET_EX_BLOCK_u {
+ Bitfields: ULONG_PTR,
+ Invalid: ULONG_PTR,
+}}
+STRUCT!{struct MEMORY_WORKING_SET_EX_BLOCK {
+ u: MEMORY_WORKING_SET_EX_BLOCK_u,
+}}
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [
+ Valid set_Valid[0..1],
+ ShareCount set_ShareCount[1..4],
+ Win32Protection set_Win32Protection[4..15],
+ Shared set_Shared[15..16],
+ Node set_Node[16..22],
+ Locked set_Locked[22..23],
+ LargePage set_LargePage[23..24],
+ Priority set_Priority[24..27],
+ Reserved set_Reserved[27..30],
+ SharedOriginal set_SharedOriginal[30..31],
+ Bad set_Bad[31..32],
+ ReservedUlong set_ReservedUlong[32..64],
+]}
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [
+ Invalid_Valid set_Invalid_Valid[0..1],
+ Invalid_Reserved0 set_Invalid_Reserved0[1..15],
+ Invalid_Shared set_Invalid_Shared[15..16],
+ Invalid_Reserved1 set_Invalid_Reserved1[16..21],
+ Invalid_PageTable set_Invalid_PageTable[21..22],
+ Invalid_Location set_Invalid_Location[22..24],
+ Invalid_Priority set_Invalid_Priority[24..27],
+ Invalid_ModifiedList set_Invalid_ModifiedList[27..28],
+ Invalid_Reserved2 set_Invalid_Reserved2[28..30],
+ Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31],
+ Invalid_Bad set_Invalid_Bad[31..32],
+ Invalid_ReservedUlong set_Invalid_ReservedUlong[32..64],
+]}
+#[cfg(target_arch = "x86")]
+BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [
+ Valid set_Valid[0..1],
+ ShareCount set_ShareCount[1..4],
+ Win32Protection set_Win32Protection[4..15],
+ Shared set_Shared[15..16],
+ Node set_Node[16..22],
+ Locked set_Locked[22..23],
+ LargePage set_LargePage[23..24],
+ Priority set_Priority[24..27],
+ Reserved set_Reserved[27..30],
+ SharedOriginal set_SharedOriginal[30..31],
+ Bad set_Bad[31..32],
+]}
+#[cfg(target_arch = "x86")]
+BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [
+ Invalid_Valid set_Invalid_Valid[0..1],
+ Invalid_Reserved0 set_Invalid_Reserved0[1..15],
+ Invalid_Shared set_Invalid_Shared[15..16],
+ Invalid_Reserved1 set_Invalid_Reserved1[16..21],
+ Invalid_PageTable set_Invalid_PageTable[21..22],
+ Invalid_Location set_Invalid_Location[22..24],
+ Invalid_Priority set_Invalid_Priority[24..27],
+ Invalid_ModifiedList set_Invalid_ModifiedList[27..28],
+ Invalid_Reserved2 set_Invalid_Reserved2[28..30],
+ Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31],
+ Invalid_Bad set_Invalid_Bad[31..32],
+]}
+pub type PMEMORY_WORKING_SET_EX_BLOCK = *mut MEMORY_WORKING_SET_EX_BLOCK;
+STRUCT!{struct MEMORY_WORKING_SET_EX_INFORMATION {
+ VirtualAddress: PVOID,
+ VirtualAttributes: MEMORY_WORKING_SET_EX_BLOCK,
+}}
+pub type PMEMORY_WORKING_SET_EX_INFORMATION = *mut MEMORY_WORKING_SET_EX_INFORMATION;
+STRUCT!{struct MEMORY_SHARED_COMMIT_INFORMATION {
+ CommitSize: SIZE_T,
+}}
+pub type PMEMORY_SHARED_COMMIT_INFORMATION = *mut MEMORY_SHARED_COMMIT_INFORMATION;
+STRUCT!{struct MEMORY_IMAGE_INFORMATION {
+ ImageBase: PVOID,
+ SizeOfImage: SIZE_T,
+ ImageFlags: ULONG,
+}}
+BITFIELD!{MEMORY_IMAGE_INFORMATION ImageFlags: ULONG [
+ ImagePartialMap set_ImagePartialMap[0..1],
+ ImageNotExecutable set_ImageNotExecutable[1..2],
+ ImageSigningLevel set_ImageSigningLevel[2..6],
+ Reserved set_Reserved[6..32],
+]}
+pub type PMEMORY_IMAGE_INFORMATION = *mut MEMORY_IMAGE_INFORMATION;
+STRUCT!{struct MEMORY_ENCLAVE_IMAGE_INFORMATION {
+ ImageInfo: MEMORY_IMAGE_INFORMATION,
+ UniqueID: [UCHAR; 32],
+ AuthorID: [UCHAR; 32],
+}}
+pub type PMEMORY_ENCLAVE_IMAGE_INFORMATION = *mut MEMORY_ENCLAVE_IMAGE_INFORMATION;
+pub const MMPFNLIST_ZERO: u32 = 0;
+pub const MMPFNLIST_FREE: u32 = 1;
+pub const MMPFNLIST_STANDBY: u32 = 2;
+pub const MMPFNLIST_MODIFIED: u32 = 3;
+pub const MMPFNLIST_MODIFIEDNOWRITE: u32 = 4;
+pub const MMPFNLIST_BAD: u32 = 5;
+pub const MMPFNLIST_ACTIVE: u32 = 6;
+pub const MMPFNLIST_TRANSITION: u32 = 7;
+pub const MMPFNUSE_PROCESSPRIVATE: u32 = 0;
+pub const MMPFNUSE_FILE: u32 = 1;
+pub const MMPFNUSE_PAGEFILEMAPPED: u32 = 2;
+pub const MMPFNUSE_PAGETABLE: u32 = 3;
+pub const MMPFNUSE_PAGEDPOOL: u32 = 4;
+pub const MMPFNUSE_NONPAGEDPOOL: u32 = 5;
+pub const MMPFNUSE_SYSTEMPTE: u32 = 6;
+pub const MMPFNUSE_SESSIONPRIVATE: u32 = 7;
+pub const MMPFNUSE_METAFILE: u32 = 8;
+pub const MMPFNUSE_AWEPAGE: u32 = 9;
+pub const MMPFNUSE_DRIVERLOCKPAGE: u32 = 10;
+pub const MMPFNUSE_KERNELSTACK: u32 = 11;
+STRUCT!{struct MEMORY_FRAME_INFORMATION {
+ Bitfields: ULONGLONG,
+}}
+BITFIELD!{MEMORY_FRAME_INFORMATION Bitfields: ULONGLONG [
+ UseDescription set_UseDescription[0..4],
+ ListDescription set_ListDescription[4..7],
+ Reserved0 set_Reserved0[7..8],
+ Pinned set_Pinned[8..9],
+ DontUse set_DontUse[9..57],
+ Priority set_Priority[57..60],
+ Reserved set_Reserved[60..64],
+]}
+STRUCT!{struct FILEOFFSET_INFORMATION {
+ Bitfields: ULONGLONG,
+}}
+BITFIELD!{FILEOFFSET_INFORMATION Bitfields: ULONGLONG [
+ DontUse set_DontUse[0..9],
+ Offset set_Offset[9..57],
+ Reserved set_Reserved[57..64],
+]}
+STRUCT!{struct PAGEDIR_INFORMATION {
+ Bitfields: ULONGLONG,
+}}
+BITFIELD!{PAGEDIR_INFORMATION Bitfields: ULONGLONG [
+ DontUse set_DontUse[0..9],
+ PageDirectoryBase set_PageDirectoryBase[9..57],
+ Reserved set_Reserved[57..64],
+]}
+STRUCT!{struct UNIQUE_PROCESS_INFORMATION {
+ Bitfields: ULONGLONG,
+}}
+BITFIELD!{UNIQUE_PROCESS_INFORMATION Bitfields: ULONGLONG [
+ DontUse set_DontUse[0..9],
+ UniqueProcessKey set_UniqueProcessKey[9..57],
+ Reserved set_Reserved[57..64],
+]}
+pub type PUNIQUE_PROCESS_INFORMATION = *mut UNIQUE_PROCESS_INFORMATION;
+UNION!{union MMPFN_IDENTITY_u1 {
+ e1: MEMORY_FRAME_INFORMATION,
+ e2: FILEOFFSET_INFORMATION,
+ e3: PAGEDIR_INFORMATION,
+ e4: UNIQUE_PROCESS_INFORMATION,
+}}
+UNION!{union MMPFN_IDENTITY_u2 {
+ e1: ULONG_PTR,
+ e2_CombinedPage: ULONG_PTR,
+ FileObject: ULONG_PTR,
+ UniqueFileObjectKey: ULONG_PTR,
+ ProtoPteAddress: ULONG_PTR,
+ VirtualAddress: ULONG_PTR,
+}}
+STRUCT!{struct MMPFN_IDENTITY {
+ u1: MMPFN_IDENTITY_u1,
+ PageFrameIndex: ULONG_PTR,
+ u2: MMPFN_IDENTITY_u2,
+}}
+BITFIELD!{unsafe MMPFN_IDENTITY_u2 e1: ULONG_PTR [
+ Image set_Image[0..1],
+ Mismatch set_Mismatch[1..2],
+]}
+pub type PMMPFN_IDENTITY = *mut MMPFN_IDENTITY;
+STRUCT!{struct MMPFN_MEMSNAP_INFORMATION {
+ InitialPageFrameIndex: ULONG_PTR,
+ Count: ULONG_PTR,
+}}
+pub type PMMPFN_MEMSNAP_INFORMATION = *mut MMPFN_MEMSNAP_INFORMATION;
+ENUM!{enum SECTION_INFORMATION_CLASS {
+ SectionBasicInformation = 0,
+ SectionImageInformation = 1,
+ SectionRelocationInformation = 2,
+ SectionOriginalBaseInformation = 3,
+ SectionInternalImageInformation = 4,
+ MaxSectionInfoClass = 5,
+}}
+STRUCT!{struct SECTION_BASIC_INFORMATION {
+ BaseAddress: PVOID,
+ AllocationAttributes: ULONG,
+ MaximumSize: LARGE_INTEGER,
+}}
+pub type PSECTION_BASIC_INFORMATION = *mut SECTION_BASIC_INFORMATION;
+STRUCT!{struct SECTION_IMAGE_INFORMATION_u1_s {
+ SubSystemMinorVersion: USHORT,
+ SubSystemMajorVersion: USHORT,
+}}
+UNION!{union SECTION_IMAGE_INFORMATION_u1 {
+ s: SECTION_IMAGE_INFORMATION_u1_s,
+ SubSystemVersion: ULONG,
+}}
+STRUCT!{struct SECTION_IMAGE_INFORMATION_u2_s {
+ MajorOperatingSystemVersion: USHORT,
+ MinorOperatingSystemVersion: USHORT,
+}}
+UNION!{union SECTION_IMAGE_INFORMATION_u2 {
+ s: SECTION_IMAGE_INFORMATION_u2_s,
+ OperatingSystemVersion: ULONG,
+}}
+STRUCT!{struct SECTION_IMAGE_INFORMATION {
+ TransferAddress: PVOID,
+ ZeroBits: ULONG,
+ MaximumStackSize: SIZE_T,
+ CommittedStackSize: SIZE_T,
+ SubSystemType: ULONG,
+ u1: SECTION_IMAGE_INFORMATION_u1,
+ u2: SECTION_IMAGE_INFORMATION_u2,
+ ImageCharacteristics: USHORT,
+ DllCharacteristics: USHORT,
+ Machine: USHORT,
+ ImageContainsCode: BOOLEAN,
+ ImageFlags: UCHAR,
+ LoaderFlags: ULONG,
+ ImageFileSize: ULONG,
+ CheckSum: ULONG,
+}}
+BITFIELD!{SECTION_IMAGE_INFORMATION ImageFlags: UCHAR [
+ ComPlusNativeReady set_ComPlusNativeReady[0..1],
+ ComPlusILOnly set_ComPlusILOnly[1..2],
+ ImageDynamicallyRelocated set_ImageDynamicallyRelocated[2..3],
+ ImageMappedFlat set_ImageMappedFlat[3..4],
+ BaseBelow4gb set_BaseBelow4gb[4..5],
+ ComPlusPrefer32bit set_ComPlusPrefer32bit[5..6],
+ Reserved set_Reserved[6..8],
+]}
+pub type PSECTION_IMAGE_INFORMATION = *mut SECTION_IMAGE_INFORMATION;
+STRUCT!{struct SECTION_INTERNAL_IMAGE_INFORMATION {
+ SectionInformation: SECTION_IMAGE_INFORMATION,
+ ExtendedFlags: ULONG,
+}}
+BITFIELD!{SECTION_INTERNAL_IMAGE_INFORMATION ExtendedFlags: ULONG [
+ ImageExportSuppressionEnabled set_ImageExportSuppressionEnabled[0..1],
+ Reserved set_Reserved[1..32],
+]}
+pub type PSECTION_INTERNAL_IMAGE_INFORMATION = *mut SECTION_INTERNAL_IMAGE_INFORMATION;
+ENUM!{enum SECTION_INHERIT {
+ ViewShare = 1,
+ ViewUnmap = 2,
+}}
+pub const SEC_BASED: u32 = 0x200000;
+pub const SEC_NO_CHANGE: u32 = 0x400000;
+pub const SEC_GLOBAL: u32 = 0x20000000;
+pub const MEM_EXECUTE_OPTION_DISABLE: u32 = 0x1;
+pub const MEM_EXECUTE_OPTION_ENABLE: u32 = 0x2;
+pub const MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION: u32 = 0x4;
+pub const MEM_EXECUTE_OPTION_PERMANENT: u32 = 0x8;
+pub const MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE: u32 = 0x10;
+pub const MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE: u32 = 0x20;
+pub const MEM_EXECUTE_OPTION_VALID_FLAGS: u32 = 0x3f;
+EXTERN!{extern "system" {
+ fn NtAllocateVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ ZeroBits: ULONG_PTR,
+ RegionSize: PSIZE_T,
+ AllocationType: ULONG,
+ Protect: ULONG,
+ ) -> NTSTATUS;
+ fn NtFreeVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ RegionSize: PSIZE_T,
+ FreeType: ULONG,
+ ) -> NTSTATUS;
+ fn NtReadVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ Buffer: PVOID,
+ BufferSize: SIZE_T,
+ NumberOfBytesRead: PSIZE_T,
+ ) -> NTSTATUS;
+ fn NtWriteVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ Buffer: PVOID,
+ BufferSize: SIZE_T,
+ NumberOfBytesWritten: PSIZE_T,
+ ) -> NTSTATUS;
+ fn NtProtectVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ RegionSize: PSIZE_T,
+ NewProtect: ULONG,
+ OldProtect: PULONG,
+ ) -> NTSTATUS;
+ fn NtQueryVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ MemoryInformationClass: MEMORY_INFORMATION_CLASS,
+ MemoryInformation: PVOID,
+ MemoryInformationLength: SIZE_T,
+ ReturnLength: PSIZE_T,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum VIRTUAL_MEMORY_INFORMATION_CLASS {
+ VmPrefetchInformation = 0,
+ VmPagePriorityInformation = 1,
+ VmCfgCallTargetInformation = 2,
+ VmPageDirtyStateInformation = 3,
+}}
+STRUCT!{struct MEMORY_RANGE_ENTRY {
+ VirtualAddress: PVOID,
+ NumberOfBytes: SIZE_T,
+}}
+pub type PMEMORY_RANGE_ENTRY = *mut MEMORY_RANGE_ENTRY;
+STRUCT!{struct CFG_CALL_TARGET_LIST_INFORMATION {
+ NumberOfEntries: ULONG,
+ Reserved: ULONG,
+ NumberOfEntriesProcessed: PULONG,
+ CallTargetInfo: PCFG_CALL_TARGET_INFO,
+ Section: PVOID,
+ FileOffset: ULONGLONG,
+}}
+pub type PCFG_CALL_TARGET_LIST_INFORMATION = *mut CFG_CALL_TARGET_LIST_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtSetInformationVirtualMemory(
+ ProcessHandle: HANDLE,
+ VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS,
+ NumberOfEntries: ULONG_PTR,
+ VirtualAddresses: PMEMORY_RANGE_ENTRY,
+ VmInformation: PVOID,
+ VmInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtLockVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ RegionSize: PSIZE_T,
+ MapType: ULONG,
+ ) -> NTSTATUS;
+ fn NtUnlockVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ RegionSize: PSIZE_T,
+ MapType: ULONG,
+ ) -> NTSTATUS;
+ fn NtCreateSection(
+ SectionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ MaximumSize: PLARGE_INTEGER,
+ SectionPageProtection: ULONG,
+ AllocationAttributes: ULONG,
+ FileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtCreateSectionEx(
+ SectionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ MaximumSize: PLARGE_INTEGER,
+ SectionPageProtection: ULONG,
+ AllocationAttributes: ULONG,
+ FileHandle: HANDLE,
+ ExtendedParameters: PMEM_EXTENDED_PARAMETER,
+ ExtendedParameterCount: ULONG,
+ ) -> NTSTATUS;
+ fn NtOpenSection(
+ SectionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtMapViewOfSection(
+ SectionHandle: HANDLE,
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ ZeroBits: ULONG_PTR,
+ CommitSize: SIZE_T,
+ SectionOffset: PLARGE_INTEGER,
+ ViewSize: PSIZE_T,
+ InheritDisposition: SECTION_INHERIT,
+ AllocationType: ULONG,
+ Win32Protect: ULONG,
+ ) -> NTSTATUS;
+ fn NtUnmapViewOfSection(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ ) -> NTSTATUS;
+ fn NtUnmapViewOfSectionEx(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtExtendSection(
+ SectionHandle: HANDLE,
+ NewSectionSize: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtQuerySection(
+ SectionHandle: HANDLE,
+ SectionInformationClass: SECTION_INFORMATION_CLASS,
+ SectionInformation: PVOID,
+ SectionInformationLength: SIZE_T,
+ ReturnLength: PSIZE_T,
+ ) -> NTSTATUS;
+ fn NtAreMappedFilesTheSame(
+ File1MappedAsAnImage: PVOID,
+ File2MappedAsFile: PVOID,
+ ) -> NTSTATUS;
+}}
+pub const MEMORY_PARTITION_QUERY_ACCESS: u32 = 0x0001;
+pub const MEMORY_PARTITION_MODIFY_ACCESS: u32 = 0x0002;
+pub const MEMORY_PARTITION_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE
+ | MEMORY_PARTITION_QUERY_ACCESS | MEMORY_PARTITION_MODIFY_ACCESS;
+ENUM!{enum MEMORY_PARTITION_INFORMATION_CLASS {
+ SystemMemoryPartitionInformation = 0,
+ SystemMemoryPartitionMoveMemory = 1,
+ SystemMemoryPartitionAddPagefile = 2,
+ SystemMemoryPartitionCombineMemory = 3,
+ SystemMemoryPartitionInitialAddMemory = 4,
+ SystemMemoryPartitionGetMemoryEvents = 5,
+ SystemMemoryPartitionMax = 6,
+}}
+STRUCT!{struct MEMORY_PARTITION_CONFIGURATION_INFORMATION {
+ Flags: ULONG,
+ NumaNode: ULONG,
+ Channel: ULONG,
+ NumberOfNumaNodes: ULONG,
+ ResidentAvailablePages: ULONG_PTR,
+ CommittedPages: ULONG_PTR,
+ CommitLimit: ULONG_PTR,
+ PeakCommitment: ULONG_PTR,
+ TotalNumberOfPages: ULONG_PTR,
+ AvailablePages: ULONG_PTR,
+ ZeroPages: ULONG_PTR,
+ FreePages: ULONG_PTR,
+ StandbyPages: ULONG_PTR,
+ StandbyPageCountByPriority: [ULONG_PTR; 8],
+ RepurposedPagesByPriority: [ULONG_PTR; 8],
+ MaximumCommitLimit: ULONG_PTR,
+ DonatedPagesToPartitions: ULONG_PTR,
+ PartitionId: ULONG,
+}}
+pub type PMEMORY_PARTITION_CONFIGURATION_INFORMATION =
+ *mut MEMORY_PARTITION_CONFIGURATION_INFORMATION;
+STRUCT!{struct MEMORY_PARTITION_TRANSFER_INFORMATION {
+ NumberOfPages: ULONG_PTR,
+ NumaNode: ULONG,
+ Flags: ULONG,
+}}
+pub type PMEMORY_PARTITION_TRANSFER_INFORMATION = *mut MEMORY_PARTITION_TRANSFER_INFORMATION;
+STRUCT!{struct MEMORY_PARTITION_PAGEFILE_INFORMATION {
+ PageFileName: UNICODE_STRING,
+ MinimumSize: LARGE_INTEGER,
+ MaximumSize: LARGE_INTEGER,
+ Flags: ULONG,
+}}
+pub type PMEMORY_PARTITION_PAGEFILE_INFORMATION = *mut MEMORY_PARTITION_PAGEFILE_INFORMATION;
+STRUCT!{struct MEMORY_PARTITION_PAGE_COMBINE_INFORMATION {
+ StopHandle: HANDLE,
+ Flags: ULONG,
+ TotalNumberOfPages: ULONG_PTR,
+}}
+pub type PMEMORY_PARTITION_PAGE_COMBINE_INFORMATION =
+ *mut MEMORY_PARTITION_PAGE_COMBINE_INFORMATION;
+STRUCT!{struct MEMORY_PARTITION_PAGE_RANGE {
+ StartPage: ULONG_PTR,
+ NumberOfPages: ULONG_PTR,
+}}
+pub type PMEMORY_PARTITION_PAGE_RANGE = *mut MEMORY_PARTITION_PAGE_RANGE;
+STRUCT!{struct MEMORY_PARTITION_INITIAL_ADD_INFORMATION {
+ Flags: ULONG,
+ NumberOfRanges: ULONG,
+ NumberOfPagesAdded: ULONG_PTR,
+ PartitionRanges: [MEMORY_PARTITION_PAGE_RANGE; 1],
+}}
+pub type PMEMORY_PARTITION_INITIAL_ADD_INFORMATION = *mut MEMORY_PARTITION_INITIAL_ADD_INFORMATION;
+STRUCT!{struct MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION {
+ Flags: ULONG,
+ HandleAttributes: ULONG,
+ DesiredAccess: ULONG,
+ LowCommitCondition: HANDLE,
+ HighCommitCondition: HANDLE,
+ MaximumCommitCondition: HANDLE,
+}}
+BITFIELD!{MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION Flags: ULONG [
+ CommitEvents set_CommitEvents[0..1],
+ Spare set_Spare[1..32],
+]}
+pub type PMEMORY_PARTITION_MEMORY_EVENTS_INFORMATION =
+ *mut MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtCreatePartition(
+ PartitionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PreferredNode: ULONG,
+ ) -> NTSTATUS;
+ fn NtOpenPartition(
+ PartitionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtManagePartition(
+ PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS,
+ PartitionInformation: PVOID,
+ PartitionInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtMapUserPhysicalPages(
+ VirtualAddress: PVOID,
+ NumberOfPages: ULONG_PTR,
+ UserPfnArray: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn NtMapUserPhysicalPagesScatter(
+ VirtualAddresses: *mut PVOID,
+ NumberOfPages: ULONG_PTR,
+ UserPfnArray: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn NtAllocateUserPhysicalPages(
+ ProcessHandle: HANDLE,
+ NumberOfPages: PULONG_PTR,
+ UserPfnArray: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn NtFreeUserPhysicalPages(
+ ProcessHandle: HANDLE,
+ NumberOfPages: PULONG_PTR,
+ UserPfnArray: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn NtOpenSession(
+ SessionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtGetWriteWatch(
+ ProcessHandle: HANDLE,
+ Flags: ULONG,
+ BaseAddress: PVOID,
+ RegionSize: SIZE_T,
+ UserAddressArray: *mut PVOID,
+ EntriesInUserAddressArray: PULONG_PTR,
+ Granularity: PULONG,
+ ) -> NTSTATUS;
+ fn NtResetWriteWatch(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ RegionSize: SIZE_T,
+ ) -> NTSTATUS;
+ fn NtCreatePagingFile(
+ PageFileName: PUNICODE_STRING,
+ MinimumSize: PLARGE_INTEGER,
+ MaximumSize: PLARGE_INTEGER,
+ Priority: ULONG,
+ ) -> NTSTATUS;
+ fn NtFlushInstructionCache(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ Length: SIZE_T,
+ ) -> NTSTATUS;
+ fn NtFlushWriteBuffer() -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/ntnls.rs b/vendor/ntapi/src/ntnls.rs
new file mode 100644
index 000000000..592a1988f
--- /dev/null
+++ b/vendor/ntapi/src/ntnls.rs
@@ -0,0 +1,29 @@
+use winapi::shared::ntdef::{BOOLEAN, PUSHORT, PVOID, UCHAR, USHORT};
+pub const MAXIMUM_LEADBYTES: usize = 12;
+STRUCT!{struct CPTABLEINFO {
+ CodePage: USHORT,
+ MaximumCharacterSize: USHORT,
+ DefaultChar: USHORT,
+ UniDefaultChar: USHORT,
+ TransDefaultChar: USHORT,
+ TransUniDefaultChar: USHORT,
+ DBCSCodePage: USHORT,
+ LeadByte: [UCHAR; MAXIMUM_LEADBYTES],
+ MultiByteTable: PUSHORT,
+ WideCharTable: PVOID,
+ DBCSRanges: PUSHORT,
+ DBCSOffsets: PUSHORT,
+}}
+pub type PCPTABLEINFO = *mut CPTABLEINFO;
+STRUCT!{struct NLSTABLEINFO {
+ OemTableInfo: CPTABLEINFO,
+ AnsiTableInfo: CPTABLEINFO,
+ UpperCaseTable: PUSHORT,
+ LowerCaseTable: PUSHORT,
+}}
+pub type PNLSTABLEINFO = *mut NLSTABLEINFO;
+EXTERN!{extern "C" {
+ static mut NlsAnsiCodePage: USHORT;
+ static mut NlsMbCodePageTag: BOOLEAN;
+ static mut NlsMbOemCodePageTag: BOOLEAN;
+}}
diff --git a/vendor/ntapi/src/ntobapi.rs b/vendor/ntapi/src/ntobapi.rs
new file mode 100644
index 000000000..388ec6199
--- /dev/null
+++ b/vendor/ntapi/src/ntobapi.rs
@@ -0,0 +1,226 @@
+use winapi::shared::ntdef::{
+ BOOLEAN, CHAR, HANDLE, LARGE_INTEGER, LONG, NTSTATUS, PHANDLE, PLARGE_INTEGER,
+ POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, WAIT_TYPE,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, GENERIC_MAPPING, PSECURITY_DESCRIPTOR, SECURITY_INFORMATION,
+ STANDARD_RIGHTS_REQUIRED,
+};
+pub const OBJECT_TYPE_CREATE: u32 = 0x0001;
+pub const OBJECT_TYPE_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0x1;
+pub const DIRECTORY_QUERY: u32 = 0x0001;
+pub const DIRECTORY_TRAVERSE: u32 = 0x0002;
+pub const DIRECTORY_CREATE_OBJECT: u32 = 0x0004;
+pub const DIRECTORY_CREATE_SUBDIRECTORY: u32 = 0x0008;
+pub const DIRECTORY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0xf;
+pub const SYMBOLIC_LINK_QUERY: u32 = 0x0001;
+pub const SYMBOLIC_LINK_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0x1;
+pub const OBJ_PROTECT_CLOSE: u32 = 0x00000001;
+pub const OBJ_INHERIT: u32 = 0x00000002;
+pub const OBJ_AUDIT_OBJECT_CLOSE: u32 = 0x00000004;
+ENUM!{enum OBJECT_INFORMATION_CLASS {
+ ObjectBasicInformation = 0,
+ ObjectNameInformation = 1,
+ ObjectTypeInformation = 2,
+ ObjectTypesInformation = 3,
+ ObjectHandleFlagInformation = 4,
+ ObjectSessionInformation = 5,
+ ObjectSessionObjectInformation = 6,
+ MaxObjectInfoClass = 7,
+}}
+STRUCT!{struct OBJECT_BASIC_INFORMATION {
+ Attributes: ULONG,
+ GrantedAccess: ACCESS_MASK,
+ HandleCount: ULONG,
+ PointerCount: ULONG,
+ PagedPoolCharge: ULONG,
+ NonPagedPoolCharge: ULONG,
+ Reserved: [ULONG; 3],
+ NameInfoSize: ULONG,
+ TypeInfoSize: ULONG,
+ SecurityDescriptorSize: ULONG,
+ CreationTime: LARGE_INTEGER,
+}}
+pub type POBJECT_BASIC_INFORMATION = *mut OBJECT_BASIC_INFORMATION;
+STRUCT!{struct OBJECT_NAME_INFORMATION {
+ Name: UNICODE_STRING,
+}}
+pub type POBJECT_NAME_INFORMATION = *mut OBJECT_NAME_INFORMATION;
+STRUCT!{struct OBJECT_TYPE_INFORMATION {
+ TypeName: UNICODE_STRING,
+ TotalNumberOfObjects: ULONG,
+ TotalNumberOfHandles: ULONG,
+ TotalPagedPoolUsage: ULONG,
+ TotalNonPagedPoolUsage: ULONG,
+ TotalNamePoolUsage: ULONG,
+ TotalHandleTableUsage: ULONG,
+ HighWaterNumberOfObjects: ULONG,
+ HighWaterNumberOfHandles: ULONG,
+ HighWaterPagedPoolUsage: ULONG,
+ HighWaterNonPagedPoolUsage: ULONG,
+ HighWaterNamePoolUsage: ULONG,
+ HighWaterHandleTableUsage: ULONG,
+ InvalidAttributes: ULONG,
+ GenericMapping: GENERIC_MAPPING,
+ ValidAccessMask: ULONG,
+ SecurityRequired: BOOLEAN,
+ MaintainHandleCount: BOOLEAN,
+ TypeIndex: UCHAR,
+ ReservedByte: CHAR,
+ PoolType: ULONG,
+ DefaultPagedPoolCharge: ULONG,
+ DefaultNonPagedPoolCharge: ULONG,
+}}
+pub type POBJECT_TYPE_INFORMATION = *mut OBJECT_TYPE_INFORMATION;
+STRUCT!{struct OBJECT_TYPES_INFORMATION {
+ NumberOfTypes: ULONG,
+}}
+pub type POBJECT_TYPES_INFORMATION = *mut OBJECT_TYPES_INFORMATION;
+STRUCT!{struct OBJECT_HANDLE_FLAG_INFORMATION {
+ Inherit: BOOLEAN,
+ ProtectFromClose: BOOLEAN,
+}}
+pub type POBJECT_HANDLE_FLAG_INFORMATION = *mut OBJECT_HANDLE_FLAG_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtQueryObject(
+ Handle: HANDLE,
+ ObjectInformationClass: OBJECT_INFORMATION_CLASS,
+ ObjectInformation: PVOID,
+ ObjectInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationObject(
+ Handle: HANDLE,
+ ObjectInformationClass: OBJECT_INFORMATION_CLASS,
+ ObjectInformation: PVOID,
+ ObjectInformationLength: ULONG,
+ ) -> NTSTATUS;
+}}
+pub const DUPLICATE_CLOSE_SOURCE: u32 = 0x00000001;
+pub const DUPLICATE_SAME_ACCESS: u32 = 0x00000002;
+pub const DUPLICATE_SAME_ATTRIBUTES: u32 = 0x00000004;
+EXTERN!{extern "system" {
+ fn NtDuplicateObject(
+ SourceProcessHandle: HANDLE,
+ SourceHandle: HANDLE,
+ TargetProcessHandle: HANDLE,
+ TargetHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ Options: ULONG,
+ ) -> NTSTATUS;
+ fn NtMakeTemporaryObject(
+ Handle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtMakePermanentObject(
+ Handle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtSignalAndWaitForSingleObject(
+ SignalHandle: HANDLE,
+ WaitHandle: HANDLE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtWaitForSingleObject(
+ Handle: HANDLE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtWaitForMultipleObjects(
+ Count: ULONG,
+ Handles: *mut HANDLE,
+ WaitType: WAIT_TYPE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtWaitForMultipleObjects32(
+ Count: ULONG,
+ Handles: *mut LONG,
+ WaitType: WAIT_TYPE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtSetSecurityObject(
+ Handle: HANDLE,
+ SecurityInformation: SECURITY_INFORMATION,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ) -> NTSTATUS;
+ fn NtQuerySecurityObject(
+ Handle: HANDLE,
+ SecurityInformation: SECURITY_INFORMATION,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ Length: ULONG,
+ LengthNeeded: PULONG,
+ ) -> NTSTATUS;
+ fn NtClose(
+ Handle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtCompareObjects(
+ FirstObjectHandle: HANDLE,
+ SecondObjectHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtCreateDirectoryObject(
+ DirectoryHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtCreateDirectoryObjectEx(
+ DirectoryHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ShadowDirectoryHandle: HANDLE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtOpenDirectoryObject(
+ DirectoryHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct OBJECT_DIRECTORY_INFORMATION {
+ Name: UNICODE_STRING,
+ TypeName: UNICODE_STRING,
+}}
+pub type POBJECT_DIRECTORY_INFORMATION = *mut OBJECT_DIRECTORY_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtQueryDirectoryObject(
+ DirectoryHandle: HANDLE,
+ Buffer: PVOID,
+ Length: ULONG,
+ ReturnSingleEntry: BOOLEAN,
+ RestartScan: BOOLEAN,
+ Context: PULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtCreatePrivateNamespace(
+ NamespaceHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ BoundaryDescriptor: PVOID,
+ ) -> NTSTATUS;
+ fn NtOpenPrivateNamespace(
+ NamespaceHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ BoundaryDescriptor: PVOID,
+ ) -> NTSTATUS;
+ fn NtDeletePrivateNamespace(
+ NamespaceHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtCreateSymbolicLinkObject(
+ LinkHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ LinkTarget: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn NtOpenSymbolicLinkObject(
+ LinkHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtQuerySymbolicLinkObject(
+ LinkHandle: HANDLE,
+ LinkTarget: PUNICODE_STRING,
+ ReturnedLength: PULONG,
+ ) -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/ntpebteb.rs b/vendor/ntapi/src/ntpebteb.rs
new file mode 100644
index 000000000..b51705863
--- /dev/null
+++ b/vendor/ntapi/src/ntpebteb.rs
@@ -0,0 +1,431 @@
+use core::mem::size_of;
+use crate::ntapi_base::CLIENT_ID;
+use crate::ntpsapi::{GDI_HANDLE_BUFFER, PPEB_LDR_DATA};
+use crate::ntrtl::PRTL_USER_PROCESS_PARAMETERS;
+use winapi::shared::basetsd::{SIZE_T, ULONG_PTR};
+use winapi::shared::guiddef::GUID;
+use winapi::shared::ntdef::{
+ BOOLEAN, CHAR, HANDLE, LCID, LIST_ENTRY, LONG, NTSTATUS, PROCESSOR_NUMBER, PSTR, PVOID, UCHAR,
+ ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, USHORT, WCHAR,
+};
+use winapi::um::winnt::{
+ ACTIVATION_CONTEXT, FLS_MAXIMUM_AVAILABLE, NT_TIB, PRTL_CRITICAL_SECTION, PSLIST_HEADER,
+};
+STRUCT!{struct RTL_ACTIVATION_CONTEXT_STACK_FRAME {
+ Previous: PRTL_ACTIVATION_CONTEXT_STACK_FRAME,
+ ActivationContext: *mut ACTIVATION_CONTEXT,
+ Flags: ULONG,
+}}
+pub type PRTL_ACTIVATION_CONTEXT_STACK_FRAME = *mut RTL_ACTIVATION_CONTEXT_STACK_FRAME;
+STRUCT!{struct ACTIVATION_CONTEXT_STACK {
+ ActiveFrame: *mut RTL_ACTIVATION_CONTEXT_STACK_FRAME,
+ FrameListCache: LIST_ENTRY,
+ Flags: ULONG,
+ NextCookieSequenceNumber: ULONG,
+ StackId: ULONG,
+}}
+pub type PACTIVATION_CONTEXT_STACK = *mut ACTIVATION_CONTEXT_STACK;
+STRUCT!{struct API_SET_NAMESPACE {
+ Version: ULONG,
+ Size: ULONG,
+ Flags: ULONG,
+ Count: ULONG,
+ EntryOffset: ULONG,
+ HashOffset: ULONG,
+ HashFactor: ULONG,
+}}
+pub type PAPI_SET_NAMESPACE = *mut API_SET_NAMESPACE;
+STRUCT!{struct API_SET_HASH_ENTRY {
+ Hash: ULONG,
+ Index: ULONG,
+}}
+pub type PAPI_SET_HASH_ENTRY = *mut API_SET_HASH_ENTRY;
+STRUCT!{struct API_SET_NAMESPACE_ENTRY {
+ Flags: ULONG,
+ NameOffset: ULONG,
+ NameLength: ULONG,
+ HashedLength: ULONG,
+ ValueOffset: ULONG,
+ ValueCount: ULONG,
+}}
+pub type PAPI_SET_NAMESPACE_ENTRY = *mut API_SET_NAMESPACE_ENTRY;
+STRUCT!{struct API_SET_VALUE_ENTRY {
+ Flags: ULONG,
+ NameOffset: ULONG,
+ NameLength: ULONG,
+ ValueOffset: ULONG,
+ ValueLength: ULONG,
+}}
+pub type PAPI_SET_VALUE_ENTRY = *mut API_SET_VALUE_ENTRY;
+UNION!{union PEB_u {
+ KernelCallbackTable: PVOID,
+ UserSharedInfoPtr: PVOID,
+}}
+#[repr(C)]
+pub struct LEAP_SECOND_DATA([u8; 0]); //fixme
+STRUCT!{struct PEB {
+ InheritedAddressSpace: BOOLEAN,
+ ReadImageFileExecOptions: BOOLEAN,
+ BeingDebugged: BOOLEAN,
+ BitField: BOOLEAN,
+ Mutant: HANDLE,
+ ImageBaseAddress: PVOID,
+ Ldr: PPEB_LDR_DATA,
+ ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
+ SubSystemData: PVOID,
+ ProcessHeap: PVOID,
+ FastPebLock: PRTL_CRITICAL_SECTION,
+ IFEOKey: PVOID,
+ AtlThunkSListPtr: PSLIST_HEADER,
+ CrossProcessFlags: ULONG,
+ u: PEB_u,
+ SystemReserved: [ULONG; 1],
+ AtlThunkSListPtr32: ULONG,
+ ApiSetMap: PAPI_SET_NAMESPACE,
+ TlsExpansionCounter: ULONG,
+ TlsBitmap: PVOID,
+ TlsBitmapBits: [ULONG; 2],
+ ReadOnlySharedMemoryBase: PVOID,
+ SharedData: PVOID,
+ ReadOnlyStaticServerData: *mut PVOID,
+ AnsiCodePageData: PVOID,
+ OemCodePageData: PVOID,
+ UnicodeCaseTableData: PVOID,
+ NumberOfProcessors: ULONG,
+ NtGlobalFlag: ULONG,
+ CriticalSectionTimeout: ULARGE_INTEGER,
+ HeapSegmentReserve: SIZE_T,
+ HeapSegmentCommit: SIZE_T,
+ HeapDeCommitTotalFreeThreshold: SIZE_T,
+ HeapDeCommitFreeBlockThreshold: SIZE_T,
+ NumberOfHeaps: ULONG,
+ MaximumNumberOfHeaps: ULONG,
+ ProcessHeaps: *mut PVOID,
+ GdiSharedHandleTable: PVOID,
+ ProcessStarterHelper: PVOID,
+ GdiDCAttributeList: ULONG,
+ LoaderLock: PRTL_CRITICAL_SECTION,
+ OSMajorVersion: ULONG,
+ OSMinorVersion: ULONG,
+ OSBuildNumber: USHORT,
+ OSCSDVersion: USHORT,
+ OSPlatformId: ULONG,
+ ImageSubsystem: ULONG,
+ ImageSubsystemMajorVersion: ULONG,
+ ImageSubsystemMinorVersion: ULONG,
+ ActiveProcessAffinityMask: ULONG_PTR,
+ GdiHandleBuffer: GDI_HANDLE_BUFFER,
+ PostProcessInitRoutine: PVOID,
+ TlsExpansionBitmap: PVOID,
+ TlsExpansionBitmapBits: [ULONG; 32],
+ SessionId: ULONG,
+ AppCompatFlags: ULARGE_INTEGER,
+ AppCompatFlagsUser: ULARGE_INTEGER,
+ pShimData: PVOID,
+ AppCompatInfo: PVOID,
+ CSDVersion: UNICODE_STRING,
+ ActivationContextData: PVOID,
+ ProcessAssemblyStorageMap: PVOID,
+ SystemDefaultActivationContextData: PVOID,
+ SystemAssemblyStorageMap: PVOID,
+ MinimumStackCommit: SIZE_T,
+ FlsCallback: *mut PVOID,
+ FlsListHead: LIST_ENTRY,
+ FlsBitmap: PVOID,
+ FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::<ULONG>() * 8)],
+ FlsHighIndex: ULONG,
+ WerRegistrationData: PVOID,
+ WerShipAssertPtr: PVOID,
+ pUnused: PVOID,
+ pImageHeaderHash: PVOID,
+ TracingFlags: ULONG,
+ CsrServerReadOnlySharedMemoryBase: ULONGLONG,
+ TppWorkerpListLock: PRTL_CRITICAL_SECTION,
+ TppWorkerpList: LIST_ENTRY,
+ WaitOnAddressHashTable: [PVOID; 128],
+ TelemetryCoverageHeader: PVOID,
+ CloudFileFlags: ULONG,
+ CloudFileDiagFlags: ULONG,
+ PlaceholderCompatibilityMode: CHAR,
+ PlaceholderCompatibilityModeReserved: [CHAR; 7],
+ LeapSecondData: *mut LEAP_SECOND_DATA,
+ LeapSecondFlags: ULONG,
+ NtGlobalFlag2: ULONG,
+}}
+BITFIELD!{PEB BitField: BOOLEAN [
+ ImageUsesLargePages set_ImageUsesLargePages[0..1],
+ IsProtectedProcess set_IsProtectedProcess[1..2],
+ IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3],
+ SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4],
+ IsPackagedProcess set_IsPackagedProcess[4..5],
+ IsAppContainer set_IsAppContainer[5..6],
+ IsProtectedProcessLight set_IsProtectedProcessLight[6..7],
+ IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8],
+]}
+BITFIELD!{PEB CrossProcessFlags: ULONG [
+ ProcessInJob set_ProcessInJob[0..1],
+ ProcessInitializing set_ProcessInitializing[1..2],
+ ProcessUsingVEH set_ProcessUsingVEH[2..3],
+ ProcessUsingVCH set_ProcessUsingVCH[3..4],
+ ProcessUsingFTH set_ProcessUsingFTH[4..5],
+ ProcessPreviouslyThrottled set_ProcessPreviouslyThrottled[5..6],
+ ProcessCurrentlyThrottled set_ProcessCurrentlyThrottled[6..7],
+ ProcessImagesHotPatched set_ProcessImagesHotPatched[7..8],
+ ReservedBits0 set_ReservedBits0[8..32],
+]}
+BITFIELD!{PEB TracingFlags: ULONG [
+ HeapTracingEnabled set_HeapTracingEnabled[0..1],
+ CritSecTracingEnabled set_CritSecTracingEnabled[1..2],
+ LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3],
+ SpareTracingBits set_SpareTracingBits[3..32],
+]}
+BITFIELD!{PEB LeapSecondFlags: ULONG [
+ SixtySecondEnabled set_SixtySecondEnabled[0..1],
+ Reserved set_Reserved[1..32],
+]}
+pub type PPEB = *mut PEB;
+pub const GDI_BATCH_BUFFER_SIZE: usize = 310;
+STRUCT!{struct GDI_TEB_BATCH {
+ Offset: ULONG,
+ HDC: ULONG_PTR,
+ Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE],
+}}
+pub type PGDI_TEB_BATCH = *mut GDI_TEB_BATCH;
+STRUCT!{struct TEB_ACTIVE_FRAME_CONTEXT {
+ Flags: ULONG,
+ FrameName: PSTR,
+}}
+pub type PTEB_ACTIVE_FRAME_CONTEXT = *mut TEB_ACTIVE_FRAME_CONTEXT;
+STRUCT!{struct TEB_ACTIVE_FRAME {
+ Flags: ULONG,
+ Previous: *mut TEB_ACTIVE_FRAME,
+ Context: PTEB_ACTIVE_FRAME_CONTEXT,
+}}
+pub type PTEB_ACTIVE_FRAME = *mut TEB_ACTIVE_FRAME;
+STRUCT!{struct TEB_u_s {
+ ReservedPad0: UCHAR,
+ ReservedPad1: UCHAR,
+ ReservedPad2: UCHAR,
+ IdealProcessor: UCHAR,
+}}
+UNION!{union TEB_u {
+ CurrentIdealProcessor: PROCESSOR_NUMBER,
+ IdealProcessorValue: ULONG,
+ s: TEB_u_s,
+}}
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+STRUCT!{struct TEB {
+ NtTib: NT_TIB,
+ EnvironmentPointer: PVOID,
+ ClientId: CLIENT_ID,
+ ActiveRpcHandle: PVOID,
+ ThreadLocalStoragePointer: PVOID,
+ ProcessEnvironmentBlock: PPEB,
+ LastErrorValue: ULONG,
+ CountOfOwnedCriticalSections: ULONG,
+ CsrClientThread: PVOID,
+ Win32ThreadInfo: PVOID,
+ User32Reserved: [ULONG; 26],
+ UserReserved: [ULONG; 5],
+ WOW32Reserved: PVOID,
+ CurrentLocale: LCID,
+ FpSoftwareStatusRegister: ULONG,
+ ReservedForDebuggerInstrumentation: [PVOID; 16],
+ SystemReserved1: [PVOID; 30],
+ PlaceholderCompatibilityMode: CHAR,
+ PlaceholderReserved: [CHAR; 11],
+ ProxiedProcessId: ULONG,
+ ActivationStack: ACTIVATION_CONTEXT_STACK,
+ WorkingOnBehalfTicket: [UCHAR; 8],
+ ExceptionCode: NTSTATUS,
+ ActivationContextStackPointer: PACTIVATION_CONTEXT_STACK,
+ InstrumentationCallbackSp: ULONG_PTR,
+ InstrumentationCallbackPreviousPc: ULONG_PTR,
+ InstrumentationCallbackPreviousSp: ULONG_PTR,
+ TxFsContext: ULONG,
+ InstrumentationCallbackDisabled: BOOLEAN,
+ GdiTebBatch: GDI_TEB_BATCH,
+ RealClientId: CLIENT_ID,
+ GdiCachedProcessHandle: HANDLE,
+ GdiClientPID: ULONG,
+ GdiClientTID: ULONG,
+ GdiThreadLocalInfo: PVOID,
+ Win32ClientInfo: [ULONG_PTR; 62],
+ glDispatchTable: [PVOID; 233],
+ glReserved1: [ULONG_PTR; 29],
+ glReserved2: PVOID,
+ glSectionInfo: PVOID,
+ glSection: PVOID,
+ glTable: PVOID,
+ glCurrentRC: PVOID,
+ glContext: PVOID,
+ LastStatusValue: NTSTATUS,
+ StaticUnicodeString: UNICODE_STRING,
+ StaticUnicodeBuffer: [WCHAR; 261],
+ DeallocationStack: PVOID,
+ TlsSlots: [PVOID; 64],
+ TlsLinks: LIST_ENTRY,
+ Vdm: PVOID,
+ ReservedForNtRpc: PVOID,
+ DbgSsReserved: [PVOID; 2],
+ HardErrorMode: ULONG,
+ Instrumentation: [PVOID; 11],
+ ActivityId: GUID,
+ SubProcessTag: PVOID,
+ PerflibData: PVOID,
+ EtwTraceData: PVOID,
+ WinSockData: PVOID,
+ GdiBatchCount: ULONG,
+ u: TEB_u,
+ GuaranteedStackBytes: ULONG,
+ ReservedForPerf: PVOID,
+ ReservedForOle: PVOID,
+ WaitingOnLoaderLock: ULONG,
+ SavedPriorityState: PVOID,
+ ReservedForCodeCoverage: ULONG_PTR,
+ ThreadPoolData: PVOID,
+ TlsExpansionSlots: *mut PVOID,
+ DeallocationBStore: PVOID,
+ BStoreLimit: PVOID,
+ MuiGeneration: ULONG,
+ IsImpersonating: ULONG,
+ NlsCache: PVOID,
+ pShimData: PVOID,
+ HeapVirtualAffinity: USHORT,
+ LowFragHeapDataSlot: USHORT,
+ CurrentTransactionHandle: HANDLE,
+ ActiveFrame: PTEB_ACTIVE_FRAME,
+ FlsData: PVOID,
+ PreferredLanguages: PVOID,
+ UserPrefLanguages: PVOID,
+ MergedPrefLanguages: PVOID,
+ MuiImpersonation: ULONG,
+ CrossTebFlags: USHORT,
+ SameTebFlags: USHORT,
+ TxnScopeEnterCallback: PVOID,
+ TxnScopeExitCallback: PVOID,
+ TxnScopeContext: PVOID,
+ LockCount: ULONG,
+ WowTebOffset: LONG,
+ ResourceRetValue: PVOID,
+ ReservedForWdf: PVOID,
+ ReservedForCrt: ULONGLONG,
+ EffectiveContainerId: GUID,
+}}
+#[cfg(target_arch = "x86")]
+STRUCT!{struct TEB {
+ NtTib: NT_TIB,
+ EnvironmentPointer: PVOID,
+ ClientId: CLIENT_ID,
+ ActiveRpcHandle: PVOID,
+ ThreadLocalStoragePointer: PVOID,
+ ProcessEnvironmentBlock: PPEB,
+ LastErrorValue: ULONG,
+ CountOfOwnedCriticalSections: ULONG,
+ CsrClientThread: PVOID,
+ Win32ThreadInfo: PVOID,
+ User32Reserved: [ULONG; 26],
+ UserReserved: [ULONG; 5],
+ WOW32Reserved: PVOID,
+ CurrentLocale: LCID,
+ FpSoftwareStatusRegister: ULONG,
+ ReservedForDebuggerInstrumentation: [PVOID; 16],
+ SystemReserved1: [PVOID; 26],
+ PlaceholderCompatibilityMode: CHAR,
+ PlaceholderReserved: [CHAR; 11],
+ ProxiedProcessId: ULONG,
+ ActivationStack: ACTIVATION_CONTEXT_STACK,
+ WorkingOnBehalfTicket: [UCHAR; 8],
+ ExceptionCode: NTSTATUS,
+ ActivationContextStackPointer: PACTIVATION_CONTEXT_STACK,
+ InstrumentationCallbackSp: ULONG_PTR,
+ InstrumentationCallbackPreviousPc: ULONG_PTR,
+ InstrumentationCallbackPreviousSp: ULONG_PTR,
+ InstrumentationCallbackDisabled: BOOLEAN,
+ SpareBytes: [UCHAR; 23],
+ TxFsContext: ULONG,
+ GdiTebBatch: GDI_TEB_BATCH,
+ RealClientId: CLIENT_ID,
+ GdiCachedProcessHandle: HANDLE,
+ GdiClientPID: ULONG,
+ GdiClientTID: ULONG,
+ GdiThreadLocalInfo: PVOID,
+ Win32ClientInfo: [ULONG_PTR; 62],
+ glDispatchTable: [PVOID; 233],
+ glReserved1: [ULONG_PTR; 29],
+ glReserved2: PVOID,
+ glSectionInfo: PVOID,
+ glSection: PVOID,
+ glTable: PVOID,
+ glCurrentRC: PVOID,
+ glContext: PVOID,
+ LastStatusValue: NTSTATUS,
+ StaticUnicodeString: UNICODE_STRING,
+ StaticUnicodeBuffer: [WCHAR; 261],
+ DeallocationStack: PVOID,
+ TlsSlots: [PVOID; 64],
+ TlsLinks: LIST_ENTRY,
+ Vdm: PVOID,
+ ReservedForNtRpc: PVOID,
+ DbgSsReserved: [PVOID; 2],
+ HardErrorMode: ULONG,
+ Instrumentation: [PVOID; 9],
+ ActivityId: GUID,
+ SubProcessTag: PVOID,
+ PerflibData: PVOID,
+ EtwTraceData: PVOID,
+ WinSockData: PVOID,
+ GdiBatchCount: ULONG,
+ u: TEB_u,
+ GuaranteedStackBytes: ULONG,
+ ReservedForPerf: PVOID,
+ ReservedForOle: PVOID,
+ WaitingOnLoaderLock: ULONG,
+ SavedPriorityState: PVOID,
+ ReservedForCodeCoverage: ULONG_PTR,
+ ThreadPoolData: PVOID,
+ TlsExpansionSlots: *mut PVOID,
+ MuiGeneration: ULONG,
+ IsImpersonating: ULONG,
+ NlsCache: PVOID,
+ pShimData: PVOID,
+ HeapVirtualAffinity: USHORT,
+ LowFragHeapDataSlot: USHORT,
+ CurrentTransactionHandle: HANDLE,
+ ActiveFrame: PTEB_ACTIVE_FRAME,
+ FlsData: PVOID,
+ PreferredLanguages: PVOID,
+ UserPrefLanguages: PVOID,
+ MergedPrefLanguages: PVOID,
+ MuiImpersonation: ULONG,
+ CrossTebFlags: USHORT,
+ SameTebFlags: USHORT,
+ TxnScopeEnterCallback: PVOID,
+ TxnScopeExitCallback: PVOID,
+ TxnScopeContext: PVOID,
+ LockCount: ULONG,
+ WowTebOffset: LONG,
+ ResourceRetValue: PVOID,
+ ReservedForWdf: PVOID,
+ ReservedForCrt: ULONGLONG,
+ EffectiveContainerId: GUID,
+}}
+BITFIELD!{TEB SameTebFlags: USHORT [
+ SafeThunkCall set_SafeThunkCall[0..1],
+ InDebugPrint set_InDebugPrint[1..2],
+ HasFiberData set_HasFiberData[2..3],
+ SkipThreadAttach set_SkipThreadAttach[3..4],
+ WerInShipAssertCode set_WerInShipAssertCode[4..5],
+ RanProcessInit set_RanProcessInit[5..6],
+ ClonedThread set_ClonedThread[6..7],
+ SuppressDebugMsg set_SuppressDebugMsg[7..8],
+ DisableUserStackWalk set_DisableUserStackWalk[8..9],
+ RtlExceptionAttached set_RtlExceptionAttached[9..10],
+ InitialThread set_InitialThread[10..11],
+ SessionAware set_SessionAware[11..12],
+ LoadOwner set_LoadOwner[12..13],
+ LoaderWorker set_LoaderWorker[13..14],
+ SkipLoaderInit set_SkipLoaderInit[14..15],
+ SpareSameTebBits set_SpareSameTebBits[15..16],
+]}
+pub type PTEB = *mut TEB;
diff --git a/vendor/ntapi/src/ntpfapi.rs b/vendor/ntapi/src/ntpfapi.rs
new file mode 100644
index 000000000..d6323611b
--- /dev/null
+++ b/vendor/ntapi/src/ntpfapi.rs
@@ -0,0 +1,219 @@
+use crate::ntexapi::SYSTEM_MEMORY_LIST_INFORMATION;
+use crate::ntmmapi::MMPFN_IDENTITY;
+use winapi::shared::basetsd::{SIZE_T, ULONG_PTR};
+use winapi::shared::ntdef::{CHAR, LONGLONG, PVOID, ULONG, ULONGLONG, WCHAR};
+ENUM!{enum PF_BOOT_PHASE_ID {
+ PfKernelInitPhase = 0,
+ PfBootDriverInitPhase = 90,
+ PfSystemDriverInitPhase = 120,
+ PfSessionManagerInitPhase = 150,
+ PfSMRegistryInitPhase = 180,
+ PfVideoInitPhase = 210,
+ PfPostVideoInitPhase = 240,
+ PfBootAcceptedRegistryInitPhase = 270,
+ PfUserShellReadyPhase = 300,
+ PfMaxBootPhaseId = 900,
+}}
+ENUM!{enum PF_ENABLE_STATUS {
+ PfSvNotSpecified = 0,
+ PfSvEnabled = 1,
+ PfSvDisabled = 2,
+ PfSvMaxEnableStatus = 3,
+}}
+STRUCT!{struct PF_TRACE_LIMITS {
+ MaxNumPages: ULONG,
+ MaxNumSections: ULONG,
+ TimerPeriod: LONGLONG,
+}}
+pub type PPF_TRACE_LIMITS = *mut PF_TRACE_LIMITS;
+STRUCT!{struct PF_SYSTEM_PREFETCH_PARAMETERS {
+ EnableStatus: [PF_ENABLE_STATUS; 2],
+ TraceLimits: [PF_TRACE_LIMITS; 2],
+ MaxNumActiveTraces: ULONG,
+ MaxNumSavedTraces: ULONG,
+ RootDirPath: [WCHAR; 32],
+ HostingApplicationList: [WCHAR; 128],
+}}
+pub type PPF_SYSTEM_PREFETCH_PARAMETERS = *mut PF_SYSTEM_PREFETCH_PARAMETERS;
+pub const PF_BOOT_CONTROL_VERSION: u32 = 1;
+STRUCT!{struct PF_BOOT_CONTROL {
+ Version: ULONG,
+ DisableBootPrefetching: ULONG,
+}}
+pub type PPF_BOOT_CONTROL = *mut PF_BOOT_CONTROL;
+ENUM!{enum PREFETCHER_INFORMATION_CLASS {
+ PrefetcherRetrieveTrace = 1,
+ PrefetcherSystemParameters = 2,
+ PrefetcherBootPhase = 3,
+ PrefetcherRetrieveBootLoaderTrace = 4,
+ PrefetcherBootControl = 5,
+}}
+pub const PREFETCHER_INFORMATION_VERSION: ULONG = 23;
+pub const PREFETCHER_INFORMATION_MAGIC: ULONG = 0x6b756843;
+STRUCT!{struct PREFETCHER_INFORMATION {
+ Version: ULONG,
+ Magic: ULONG,
+ PrefetcherInformationClass: PREFETCHER_INFORMATION_CLASS,
+ PrefetcherInformation: PVOID,
+ PrefetcherInformationLength: ULONG,
+}}
+pub type PPREFETCHER_INFORMATION = *mut PREFETCHER_INFORMATION;
+STRUCT!{struct PF_SYSTEM_SUPERFETCH_PARAMETERS {
+ EnabledComponents: ULONG,
+ BootID: ULONG,
+ SavedSectInfoTracesMax: ULONG,
+ SavedPageAccessTracesMax: ULONG,
+ ScenarioPrefetchTimeoutStandby: ULONG,
+ ScenarioPrefetchTimeoutHibernate: ULONG,
+}}
+pub type PPF_SYSTEM_SUPERFETCH_PARAMETERS = *mut PF_SYSTEM_SUPERFETCH_PARAMETERS;
+pub const PF_PFN_PRIO_REQUEST_VERSION: u32 = 1;
+pub const PF_PFN_PRIO_REQUEST_QUERY_MEMORY_LIST: u32 = 0x1;
+pub const PF_PFN_PRIO_REQUEST_VALID_FLAGS: u32 = 0x1;
+STRUCT!{struct PF_PFN_PRIO_REQUEST {
+ Version: ULONG,
+ RequestFlags: ULONG,
+ PfnCount: ULONG_PTR,
+ MemInfo: SYSTEM_MEMORY_LIST_INFORMATION,
+ PageData: [MMPFN_IDENTITY; 256],
+}}
+pub type PPF_PFN_PRIO_REQUEST = *mut PF_PFN_PRIO_REQUEST;
+ENUM!{enum PFS_PRIVATE_PAGE_SOURCE_TYPE {
+ PfsPrivateSourceKernel = 0,
+ PfsPrivateSourceSession = 1,
+ PfsPrivateSourceProcess = 2,
+ PfsPrivateSourceMax = 3,
+}}
+UNION!{union PFS_PRIVATE_PAGE_SOURCE_u {
+ SessionId: ULONG,
+ ProcessId: ULONG,
+}}
+STRUCT!{struct PFS_PRIVATE_PAGE_SOURCE {
+ Type: PFS_PRIVATE_PAGE_SOURCE_TYPE,
+ u: PFS_PRIVATE_PAGE_SOURCE_u,
+ ImagePathHash: ULONG,
+ UniqueProcessHash: ULONG_PTR,
+}}
+UNION!{union PF_PRIVSOURCE_INFO_u {
+ WsSwapPages: ULONG_PTR,
+ SessionPagedPoolPages: ULONG_PTR,
+ StoreSizePages: ULONG_PTR,
+}}
+pub type PPFS_PRIVATE_PAGE_SOURCE = *mut PFS_PRIVATE_PAGE_SOURCE;
+STRUCT!{struct PF_PRIVSOURCE_INFO {
+ DbInfo: PFS_PRIVATE_PAGE_SOURCE,
+ EProcess: PVOID,
+ WsPrivatePages: SIZE_T,
+ TotalPrivatePages: SIZE_T,
+ SessionID: ULONG,
+ ImageName: [CHAR; 16],
+ u: PF_PRIVSOURCE_INFO_u,
+ WsTotalPages: ULONG_PTR,
+ DeepFreezeTimeMs: ULONG,
+ BitFields: ULONG,
+}}
+BITFIELD!{PF_PRIVSOURCE_INFO BitFields: ULONG [
+ ModernApp set_ModernApp[0..1],
+ DeepFrozen set_DeepFrozen[1..2],
+ Foreground set_Foreground[2..3],
+ PerProcessStore set_PerProcessStore[3..4],
+ Spare set_Spare[4..32],
+]}
+pub type PPF_PRIVSOURCE_INFO = *mut PF_PRIVSOURCE_INFO;
+pub const PF_PRIVSOURCE_QUERY_REQUEST_VERSION: u32 = 3;
+STRUCT!{struct PF_PRIVSOURCE_QUERY_REQUEST {
+ Version: ULONG,
+ Flags: ULONG,
+ InfoCount: ULONG,
+ InfoArray: [PF_PRIVSOURCE_INFO; 1],
+}}
+pub type PPF_PRIVSOURCE_QUERY_REQUEST = *mut PF_PRIVSOURCE_QUERY_REQUEST;
+ENUM!{enum PF_PHASED_SCENARIO_TYPE {
+ PfScenarioTypeNone = 0,
+ PfScenarioTypeStandby = 1,
+ PfScenarioTypeHibernate = 2,
+ PfScenarioTypeFUS = 3,
+ PfScenarioTypeMax = 4,
+}}
+pub const PF_SCENARIO_PHASE_INFO_VERSION: u32 = 4;
+STRUCT!{struct PF_SCENARIO_PHASE_INFO {
+ Version: ULONG,
+ ScenType: PF_PHASED_SCENARIO_TYPE,
+ PhaseId: ULONG,
+ SequenceNumber: ULONG,
+ Flags: ULONG,
+ FUSUserId: ULONG,
+}}
+pub type PPF_SCENARIO_PHASE_INFO = *mut PF_SCENARIO_PHASE_INFO;
+STRUCT!{struct PF_MEMORY_LIST_NODE {
+ Bitfields: ULONGLONG,
+ StandbyLowPageCount: ULONGLONG,
+ StandbyMediumPageCount: ULONGLONG,
+ StandbyHighPageCount: ULONGLONG,
+ FreePageCount: ULONGLONG,
+ ModifiedPageCount: ULONGLONG,
+}}
+BITFIELD!{PF_MEMORY_LIST_NODE Bitfields: ULONGLONG [
+ Node set_Node[0..8],
+ Spare set_Spare[8..64],
+]}
+pub type PPF_MEMORY_LIST_NODE = *mut PF_MEMORY_LIST_NODE;
+pub const PF_MEMORY_LIST_INFO_VERSION: u32 = 1;
+STRUCT!{struct PF_MEMORY_LIST_INFO {
+ Version: ULONG,
+ Size: ULONG,
+ NodeCount: ULONG,
+ Nodes: [PF_MEMORY_LIST_NODE; 1],
+}}
+pub type PPF_MEMORY_LIST_INFO = *mut PF_MEMORY_LIST_INFO;
+STRUCT!{struct PF_PHYSICAL_MEMORY_RANGE {
+ BasePfn: ULONG_PTR,
+ PageCount: ULONG_PTR,
+}}
+pub type PPF_PHYSICAL_MEMORY_RANGE = *mut PF_PHYSICAL_MEMORY_RANGE;
+pub const PF_PHYSICAL_MEMORY_RANGE_INFO_VERSION: u32 = 1;
+STRUCT!{struct PF_PHYSICAL_MEMORY_RANGE_INFO {
+ Version: ULONG,
+ RangeCount: ULONG,
+ Ranges: [PF_PHYSICAL_MEMORY_RANGE; 1],
+}}
+pub type PPF_PHYSICAL_MEMORY_RANGE_INFO = *mut PF_PHYSICAL_MEMORY_RANGE_INFO;
+pub const PF_REPURPOSED_BY_PREFETCH_INFO_VERSION: u32 = 1;
+STRUCT!{struct PF_REPURPOSED_BY_PREFETCH_INFO {
+ Version: ULONG,
+ RepurposedByPrefetch: ULONG,
+}}
+pub type PPF_REPURPOSED_BY_PREFETCH_INFO = *mut PF_REPURPOSED_BY_PREFETCH_INFO;
+ENUM!{enum SUPERFETCH_INFORMATION_CLASS {
+ SuperfetchRetrieveTrace = 1,
+ SuperfetchSystemParameters = 2,
+ SuperfetchLogEvent = 3,
+ SuperfetchGenerateTrace = 4,
+ SuperfetchPrefetch = 5,
+ SuperfetchPfnQuery = 6,
+ SuperfetchPfnSetPriority = 7,
+ SuperfetchPrivSourceQuery = 8,
+ SuperfetchSequenceNumberQuery = 9,
+ SuperfetchScenarioPhase = 10,
+ SuperfetchWorkerPriority = 11,
+ SuperfetchScenarioQuery = 12,
+ SuperfetchScenarioPrefetch = 13,
+ SuperfetchRobustnessControl = 14,
+ SuperfetchTimeControl = 15,
+ SuperfetchMemoryListQuery = 16,
+ SuperfetchMemoryRangesQuery = 17,
+ SuperfetchTracingControl = 18,
+ SuperfetchTrimWhileAgingControl = 19,
+ SuperfetchRepurposedByPrefetch = 20,
+ SuperfetchInformationMax = 21,
+}}
+pub const SUPERFETCH_INFORMATION_VERSION: ULONG = 45;
+pub const SUPERFETCH_INFORMATION_MAGIC: ULONG = 0x6b756843;
+STRUCT!{struct SUPERFETCH_INFORMATION {
+ Version: ULONG,
+ Magic: ULONG,
+ InfoClass: SUPERFETCH_INFORMATION_CLASS,
+ Data: PVOID,
+ Length: ULONG,
+}}
+pub type PSUPERFETCH_INFORMATION = *mut SUPERFETCH_INFORMATION;
diff --git a/vendor/ntapi/src/ntpnpapi.rs b/vendor/ntapi/src/ntpnpapi.rs
new file mode 100644
index 000000000..0afc698b2
--- /dev/null
+++ b/vendor/ntapi/src/ntpnpapi.rs
@@ -0,0 +1,118 @@
+use winapi::shared::cfg::PNP_VETO_TYPE;
+use winapi::shared::guiddef::GUID;
+use winapi::shared::ntdef::{HANDLE, NTSTATUS, PULONG, PUNICODE_STRING, PVOID, ULONG, WCHAR};
+ENUM!{enum PLUGPLAY_EVENT_CATEGORY {
+ HardwareProfileChangeEvent = 0,
+ TargetDeviceChangeEvent = 1,
+ DeviceClassChangeEvent = 2,
+ CustomDeviceEvent = 3,
+ DeviceInstallEvent = 4,
+ DeviceArrivalEvent = 5,
+ PowerEvent = 6,
+ VetoEvent = 7,
+ BlockedDriverEvent = 8,
+ InvalidIDEvent = 9,
+ MaxPlugEventCategory = 10,
+}}
+pub type PPLUGPLAY_EVENT_CATEGORY = *mut PLUGPLAY_EVENT_CATEGORY;
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_DeviceClass {
+ ClassGuid: GUID,
+ SymbolicLinkName: [WCHAR; 1],
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_TargetDevice {
+ DeviceIds: [WCHAR; 1],
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_InstallDevice {
+ DeviceId: [WCHAR; 1],
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_CustomNotification {
+ NotificationStructure: PVOID,
+ DeviceIds: [WCHAR; 1],
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_ProfileNotification {
+ Notification: PVOID,
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_PowerNotification {
+ NotificationCode: ULONG,
+ NotificationData: ULONG,
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_VetoNotification {
+ VetoType: PNP_VETO_TYPE,
+ DeviceIdVetoNameBuffer: [WCHAR; 1],
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_BlockedDriverNotification {
+ BlockedDriverGuid: GUID,
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_InvalidIDNotification {
+ ParentId: [WCHAR; 1],
+}}
+UNION!{union PLUGPLAY_EVENT_BLOCK_u {
+ DeviceClass: PLUGPLAY_EVENT_BLOCK_u_DeviceClass,
+ TargetDevice: PLUGPLAY_EVENT_BLOCK_u_TargetDevice,
+ InstallDevice: PLUGPLAY_EVENT_BLOCK_u_InstallDevice,
+ CustomNotification: PLUGPLAY_EVENT_BLOCK_u_CustomNotification,
+ ProfileNotification: PLUGPLAY_EVENT_BLOCK_u_ProfileNotification,
+ PowerNotification: PLUGPLAY_EVENT_BLOCK_u_PowerNotification,
+ VetoNotification: PLUGPLAY_EVENT_BLOCK_u_VetoNotification,
+ BlockedDriverNotification: PLUGPLAY_EVENT_BLOCK_u_BlockedDriverNotification,
+ InvalidIDNotification: PLUGPLAY_EVENT_BLOCK_u_InvalidIDNotification,
+}}
+STRUCT!{struct PLUGPLAY_EVENT_BLOCK {
+ EventGuid: GUID,
+ EventCategory: PLUGPLAY_EVENT_CATEGORY,
+ Result: PULONG,
+ Flags: ULONG,
+ TotalSize: ULONG,
+ DeviceObject: PVOID,
+ u: PLUGPLAY_EVENT_BLOCK_u,
+}}
+pub type PPLUGPLAY_EVENT_BLOCK = *mut PLUGPLAY_EVENT_BLOCK;
+ENUM!{enum PLUGPLAY_CONTROL_CLASS {
+ PlugPlayControlEnumerateDevice = 0,
+ PlugPlayControlRegisterNewDevice = 1,
+ PlugPlayControlDeregisterDevice = 2,
+ PlugPlayControlInitializeDevice = 3,
+ PlugPlayControlStartDevice = 4,
+ PlugPlayControlUnlockDevice = 5,
+ PlugPlayControlQueryAndRemoveDevice = 6,
+ PlugPlayControlUserResponse = 7,
+ PlugPlayControlGenerateLegacyDevice = 8,
+ PlugPlayControlGetInterfaceDeviceList = 9,
+ PlugPlayControlProperty = 10,
+ PlugPlayControlDeviceClassAssociation = 11,
+ PlugPlayControlGetRelatedDevice = 12,
+ PlugPlayControlGetInterfaceDeviceAlias = 13,
+ PlugPlayControlDeviceStatus = 14,
+ PlugPlayControlGetDeviceDepth = 15,
+ PlugPlayControlQueryDeviceRelations = 16,
+ PlugPlayControlTargetDeviceRelation = 17,
+ PlugPlayControlQueryConflictList = 18,
+ PlugPlayControlRetrieveDock = 19,
+ PlugPlayControlResetDevice = 20,
+ PlugPlayControlHaltDevice = 21,
+ PlugPlayControlGetBlockedDriverList = 22,
+ PlugPlayControlGetDeviceInterfaceEnabled = 23,
+ MaxPlugPlayControl = 24,
+}}
+pub type PPLUGPLAY_CONTROL_CLASS = *mut PLUGPLAY_CONTROL_CLASS;
+EXTERN!{extern "system" {
+ fn NtGetPlugPlayEvent(
+ EventHandle: HANDLE,
+ Context: PVOID,
+ EventBlock: PPLUGPLAY_EVENT_BLOCK,
+ EventBufferSize: ULONG,
+ ) -> NTSTATUS;
+ fn NtPlugPlayControl(
+ PnPControlClass: PLUGPLAY_CONTROL_CLASS,
+ PnPControlData: PVOID,
+ PnPControlDataLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtSerializeBoot() -> NTSTATUS;
+ fn NtEnableLastKnownGood() -> NTSTATUS;
+ fn NtDisableLastKnownGood() -> NTSTATUS;
+ fn NtReplacePartitionUnit(
+ TargetInstancePath: PUNICODE_STRING,
+ SpareInstancePath: PUNICODE_STRING,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/ntpoapi.rs b/vendor/ntapi/src/ntpoapi.rs
new file mode 100644
index 000000000..ecc68fc85
--- /dev/null
+++ b/vendor/ntapi/src/ntpoapi.rs
@@ -0,0 +1,134 @@
+use winapi::shared::ntdef::{
+ BOOLEAN, HANDLE, LONG, NTSTATUS, PLONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING,
+ USHORT,
+};
+use winapi::um::winnt::{
+ DEVICE_POWER_STATE, EXECUTION_STATE, LATENCY_TIME, PDEVICE_POWER_STATE, PEXECUTION_STATE,
+ POWER_ACTION, POWER_INFORMATION_LEVEL, SYSTEM_POWER_STATE,
+};
+UNION!{union POWER_STATE {
+ SystemState: SYSTEM_POWER_STATE,
+ DeviceState: DEVICE_POWER_STATE,
+}}
+pub type PPOWER_STATE = *mut POWER_STATE;
+ENUM!{enum POWER_STATE_TYPE {
+ SystemPowerState = 0,
+ DevicePowerState = 1,
+}}
+pub type PPOWER_STATE_TYPE = *mut POWER_STATE_TYPE;
+STRUCT!{struct SYSTEM_POWER_STATE_CONTEXT {
+ ContextAsUlong: ULONG,
+}}
+BITFIELD!{SYSTEM_POWER_STATE_CONTEXT ContextAsUlong: ULONG [
+ Reserved1 set_Reserved1[0..8],
+ TargetSystemState set_TargetSystemState[8..12],
+ EffectiveSystemState set_EffectiveSystemState[12..16],
+ CurrentSystemState set_CurrentSystemState[16..20],
+ IgnoreHibernationPath set_IgnoreHibernationPath[20..21],
+ PseudoTransition set_PseudoTransition[21..22],
+ Reserved2 set_Reserved2[22..32],
+]}
+pub type PSYSTEM_POWER_STATE_CONTEXT = *mut SYSTEM_POWER_STATE_CONTEXT;
+STRUCT!{struct COUNTED_REASON_CONTEXT_u_s {
+ ResourceFileName: UNICODE_STRING,
+ ResourceReasonId: USHORT,
+ StringCount: ULONG,
+ ReasonStrings: PUNICODE_STRING,
+}}
+UNION!{union COUNTED_REASON_CONTEXT_u {
+ s: COUNTED_REASON_CONTEXT_u_s,
+ SimpleString: UNICODE_STRING,
+}}
+STRUCT!{struct COUNTED_REASON_CONTEXT {
+ Version: ULONG,
+ Flags: ULONG,
+ u: COUNTED_REASON_CONTEXT_u,
+}}
+pub type PCOUNTED_REASON_CONTEXT = *mut COUNTED_REASON_CONTEXT;
+ENUM!{enum POWER_STATE_HANDLER_TYPE {
+ PowerStateSleeping1 = 0,
+ PowerStateSleeping2 = 1,
+ PowerStateSleeping3 = 2,
+ PowerStateSleeping4 = 3,
+ PowerStateShutdownOff = 4,
+ PowerStateShutdownReset = 5,
+ PowerStateSleeping4Firmware = 6,
+ PowerStateMaximum = 7,
+}}
+pub type PPOWER_STATE_HANDLER_TYPE = *mut POWER_STATE_HANDLER_TYPE;
+FN!{stdcall PENTER_STATE_SYSTEM_HANDLER(
+ SystemContext: PVOID,
+) -> NTSTATUS}
+FN!{stdcall PENTER_STATE_HANDLER(
+ Context: PVOID,
+ SystemHandler: PENTER_STATE_SYSTEM_HANDLER,
+ SystemContext: PVOID,
+ NumberProcessors: LONG,
+ Number: PLONG,
+) -> NTSTATUS}
+STRUCT!{struct POWER_STATE_HANDLER {
+ Type: POWER_STATE_HANDLER_TYPE,
+ RtcWake: BOOLEAN,
+ Spare: [UCHAR; 3],
+ Handler: PENTER_STATE_HANDLER,
+ Context: PVOID,
+}}
+pub type PPOWER_STATE_HANDLER = *mut POWER_STATE_HANDLER;
+FN!{stdcall PENTER_STATE_NOTIFY_HANDLER(
+ State: POWER_STATE_HANDLER_TYPE,
+ Context: PVOID,
+ Entering: BOOLEAN,
+) -> NTSTATUS}
+STRUCT!{struct POWER_STATE_NOTIFY_HANDLER {
+ Handler: PENTER_STATE_NOTIFY_HANDLER,
+ Context: PVOID,
+}}
+pub type PPOWER_STATE_NOTIFY_HANDLER = *mut POWER_STATE_NOTIFY_HANDLER;
+STRUCT!{struct PROCESSOR_POWER_INFORMATION {
+ Number: ULONG,
+ MaxMhz: ULONG,
+ CurrentMhz: ULONG,
+ MhzLimit: ULONG,
+ MaxIdleState: ULONG,
+ CurrentIdleState: ULONG,
+}}
+pub type PPROCESSOR_POWER_INFORMATION = *mut PROCESSOR_POWER_INFORMATION;
+STRUCT!{struct SYSTEM_POWER_INFORMATION {
+ MaxIdlenessAllowed: ULONG,
+ Idleness: ULONG,
+ TimeRemaining: ULONG,
+ CoolingMode: UCHAR,
+}}
+pub type PSYSTEM_POWER_INFORMATION = *mut SYSTEM_POWER_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtPowerInformation(
+ InformationLevel: POWER_INFORMATION_LEVEL,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ OutputBuffer: PVOID,
+ OutputBufferLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtSetThreadExecutionState(
+ NewFlags: EXECUTION_STATE,
+ PreviousFlags: PEXECUTION_STATE,
+ ) -> NTSTATUS;
+ fn NtRequestWakeupLatency(
+ latency: LATENCY_TIME,
+ ) -> NTSTATUS;
+ fn NtInitiatePowerAction(
+ SystemAction: POWER_ACTION,
+ LightestSystemState: SYSTEM_POWER_STATE,
+ Flags: ULONG,
+ Asynchronous: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtSetSystemPowerState(
+ SystemAction: POWER_ACTION,
+ LightestSystemState: SYSTEM_POWER_STATE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtGetDevicePowerState(
+ Device: HANDLE,
+ State: PDEVICE_POWER_STATE,
+ ) -> NTSTATUS;
+ fn NtIsSystemResumeAutomatic() -> BOOLEAN;
+}}
diff --git a/vendor/ntapi/src/ntpsapi.rs b/vendor/ntapi/src/ntpsapi.rs
new file mode 100644
index 000000000..b2ba28afe
--- /dev/null
+++ b/vendor/ntapi/src/ntpsapi.rs
@@ -0,0 +1,1471 @@
+use crate::ntapi_base::{CLIENT_ID, KPRIORITY, PCLIENT_ID};
+use crate::ntexapi::{PROCESS_DISK_COUNTERS, PROCESS_ENERGY_VALUES};
+use crate::ntpebteb::{PPEB, PTEB};
+use winapi::ctypes::c_void;
+use winapi::shared::basetsd::{PSIZE_T, SIZE_T, ULONG64, ULONG_PTR};
+use winapi::shared::ntdef::{
+ BOOLEAN, HANDLE, LARGE_INTEGER, LIST_ENTRY, LONG, LONGLONG, NTSTATUS, NT_PRODUCT_TYPE,
+ PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PROCESSOR_NUMBER, PSINGLE_LIST_ENTRY, PULONG,
+ PVOID, SINGLE_LIST_ENTRY, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, WCHAR,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, CONTEXT, HARDWARE_COUNTER_TYPE, IO_COUNTERS, JOBOBJECTINFOCLASS,
+ JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, LDT_ENTRY, MAX_HW_COUNTERS, PCONTEXT, PJOB_SET_ARRAY,
+ PROCESS_MITIGATION_ASLR_POLICY, PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY,
+ PROCESS_MITIGATION_CHILD_PROCESS_POLICY, PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY,
+ PROCESS_MITIGATION_DYNAMIC_CODE_POLICY, PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY,
+ PROCESS_MITIGATION_FONT_DISABLE_POLICY, PROCESS_MITIGATION_IMAGE_LOAD_POLICY,
+ PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY, PROCESS_MITIGATION_POLICY,
+ PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY,
+ PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY, PSECURITY_QUALITY_OF_SERVICE,
+};
+#[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
+use crate::winapi_local::um::winnt::NtCurrentTeb;
+pub const GDI_HANDLE_BUFFER_SIZE32: usize = 34;
+pub const GDI_HANDLE_BUFFER_SIZE64: usize = 60;
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+pub const GDI_HANDLE_BUFFER_SIZE: usize = GDI_HANDLE_BUFFER_SIZE64;
+#[cfg(target_arch = "x86")]
+pub const GDI_HANDLE_BUFFER_SIZE: usize = GDI_HANDLE_BUFFER_SIZE32;
+pub type GDI_HANDLE_BUFFER = [ULONG; GDI_HANDLE_BUFFER_SIZE];
+pub type GDI_HANDLE_BUFFER32 = [ULONG; GDI_HANDLE_BUFFER_SIZE32];
+pub type GDI_HANDLE_BUFFER64 = [ULONG; GDI_HANDLE_BUFFER_SIZE];
+pub const TLS_EXPANSION_SLOTS: usize = 1024;
+STRUCT!{struct PEB_LDR_DATA {
+ Length: ULONG,
+ Initialized: BOOLEAN,
+ SsHandle: HANDLE,
+ InLoadOrderModuleList: LIST_ENTRY,
+ InMemoryOrderModuleList: LIST_ENTRY,
+ InInitializationOrderModuleList: LIST_ENTRY,
+ EntryInProgress: PVOID,
+ ShutdownInProgress: BOOLEAN,
+ ShutdownThreadId: HANDLE,
+}}
+pub type PPEB_LDR_DATA = *mut PEB_LDR_DATA;
+STRUCT!{struct INITIAL_TEB_OldInitialTeb {
+ OldStackBase: PVOID,
+ OldStackLimit: PVOID,
+}}
+STRUCT!{struct INITIAL_TEB {
+ OldInitialTeb: INITIAL_TEB_OldInitialTeb,
+ StackBase: PVOID,
+ StackLimit: PVOID,
+ StackAllocationBase: PVOID,
+}}
+pub type PINITIAL_TEB = *mut INITIAL_TEB;
+STRUCT!{struct WOW64_PROCESS {
+ Wow64: PVOID,
+}}
+pub type PWOW64_PROCESS = *mut WOW64_PROCESS;
+ENUM!{enum PROCESSINFOCLASS {
+ ProcessBasicInformation = 0,
+ ProcessQuotaLimits = 1,
+ ProcessIoCounters = 2,
+ ProcessVmCounters = 3,
+ ProcessTimes = 4,
+ ProcessBasePriority = 5,
+ ProcessRaisePriority = 6,
+ ProcessDebugPort = 7,
+ ProcessExceptionPort = 8,
+ ProcessAccessToken = 9,
+ ProcessLdtInformation = 10,
+ ProcessLdtSize = 11,
+ ProcessDefaultHardErrorMode = 12,
+ ProcessIoPortHandlers = 13,
+ ProcessPooledUsageAndLimits = 14,
+ ProcessWorkingSetWatch = 15,
+ ProcessUserModeIOPL = 16,
+ ProcessEnableAlignmentFaultFixup = 17,
+ ProcessPriorityClass = 18,
+ ProcessWx86Information = 19,
+ ProcessHandleCount = 20,
+ ProcessAffinityMask = 21,
+ ProcessPriorityBoost = 22,
+ ProcessDeviceMap = 23,
+ ProcessSessionInformation = 24,
+ ProcessForegroundInformation = 25,
+ ProcessWow64Information = 26,
+ ProcessImageFileName = 27,
+ ProcessLUIDDeviceMapsEnabled = 28,
+ ProcessBreakOnTermination = 29,
+ ProcessDebugObjectHandle = 30,
+ ProcessDebugFlags = 31,
+ ProcessHandleTracing = 32,
+ ProcessIoPriority = 33,
+ ProcessExecuteFlags = 34,
+ ProcessResourceManagement = 35,
+ ProcessCookie = 36,
+ ProcessImageInformation = 37,
+ ProcessCycleTime = 38,
+ ProcessPagePriority = 39,
+ ProcessInstrumentationCallback = 40,
+ ProcessThreadStackAllocation = 41,
+ ProcessWorkingSetWatchEx = 42,
+ ProcessImageFileNameWin32 = 43,
+ ProcessImageFileMapping = 44,
+ ProcessAffinityUpdateMode = 45,
+ ProcessMemoryAllocationMode = 46,
+ ProcessGroupInformation = 47,
+ ProcessTokenVirtualizationEnabled = 48,
+ ProcessConsoleHostProcess = 49,
+ ProcessWindowInformation = 50,
+ ProcessHandleInformation = 51,
+ ProcessMitigationPolicy = 52,
+ ProcessDynamicFunctionTableInformation = 53,
+ ProcessHandleCheckingMode = 54,
+ ProcessKeepAliveCount = 55,
+ ProcessRevokeFileHandles = 56,
+ ProcessWorkingSetControl = 57,
+ ProcessHandleTable = 58,
+ ProcessCheckStackExtentsMode = 59,
+ ProcessCommandLineInformation = 60,
+ ProcessProtectionInformation = 61,
+ ProcessMemoryExhaustion = 62,
+ ProcessFaultInformation = 63,
+ ProcessTelemetryIdInformation = 64,
+ ProcessCommitReleaseInformation = 65,
+ ProcessDefaultCpuSetsInformation = 66,
+ ProcessAllowedCpuSetsInformation = 67,
+ ProcessSubsystemProcess = 68,
+ ProcessJobMemoryInformation = 69,
+ ProcessInPrivate = 70,
+ ProcessRaiseUMExceptionOnInvalidHandleClose = 71,
+ ProcessIumChallengeResponse = 72,
+ ProcessChildProcessInformation = 73,
+ ProcessHighGraphicsPriorityInformation = 74,
+ ProcessSubsystemInformation = 75,
+ ProcessEnergyValues = 76,
+ ProcessActivityThrottleState = 77,
+ ProcessActivityThrottlePolicy = 78,
+ ProcessWin32kSyscallFilterInformation = 79,
+ ProcessDisableSystemAllowedCpuSets = 80,
+ ProcessWakeInformation = 81,
+ ProcessEnergyTrackingState = 82,
+ ProcessManageWritesToExecutableMemory = 83,
+ ProcessCaptureTrustletLiveDump = 84,
+ ProcessTelemetryCoverage = 85,
+ ProcessEnclaveInformation = 86,
+ ProcessEnableReadWriteVmLogging = 87,
+ ProcessUptimeInformation = 88,
+ ProcessImageSection = 89,
+ ProcessDebugAuthInformation = 90,
+ ProcessSystemResourceManagement = 91,
+ ProcessSequenceNumber = 92,
+ ProcessLoaderDetour = 93,
+ ProcessSecurityDomainInformation = 94,
+ ProcessCombineSecurityDomainsInformation = 95,
+ ProcessEnableLogging = 96,
+ ProcessLeapSecondInformation = 97,
+ MaxProcessInfoClass = 98,
+}}
+ENUM!{enum THREADINFOCLASS {
+ ThreadBasicInformation = 0,
+ ThreadTimes = 1,
+ ThreadPriority = 2,
+ ThreadBasePriority = 3,
+ ThreadAffinityMask = 4,
+ ThreadImpersonationToken = 5,
+ ThreadDescriptorTableEntry = 6,
+ ThreadEnableAlignmentFaultFixup = 7,
+ ThreadEventPair = 8,
+ ThreadQuerySetWin32StartAddress = 9,
+ ThreadZeroTlsCell = 10,
+ ThreadPerformanceCount = 11,
+ ThreadAmILastThread = 12,
+ ThreadIdealProcessor = 13,
+ ThreadPriorityBoost = 14,
+ ThreadSetTlsArrayAddress = 15,
+ ThreadIsIoPending = 16,
+ ThreadHideFromDebugger = 17,
+ ThreadBreakOnTermination = 18,
+ ThreadSwitchLegacyState = 19,
+ ThreadIsTerminated = 20,
+ ThreadLastSystemCall = 21,
+ ThreadIoPriority = 22,
+ ThreadCycleTime = 23,
+ ThreadPagePriority = 24,
+ ThreadActualBasePriority = 25,
+ ThreadTebInformation = 26,
+ ThreadCSwitchMon = 27,
+ ThreadCSwitchPmu = 28,
+ ThreadWow64Context = 29,
+ ThreadGroupInformation = 30,
+ ThreadUmsInformation = 31,
+ ThreadCounterProfiling = 32,
+ ThreadIdealProcessorEx = 33,
+ ThreadCpuAccountingInformation = 34,
+ ThreadSuspendCount = 35,
+ ThreadHeterogeneousCpuPolicy = 36,
+ ThreadContainerId = 37,
+ ThreadNameInformation = 38,
+ ThreadSelectedCpuSets = 39,
+ ThreadSystemThreadInformation = 40,
+ ThreadActualGroupAffinity = 41,
+ ThreadDynamicCodePolicyInfo = 42,
+ ThreadExplicitCaseSensitivity = 43,
+ ThreadWorkOnBehalfTicket = 44,
+ ThreadSubsystemInformation = 45,
+ ThreadDbgkWerReportActive = 46,
+ ThreadAttachContainer = 47,
+ ThreadManageWritesToExecutableMemory = 48,
+ ThreadPowerThrottlingState = 49,
+ ThreadWorkloadClass = 50,
+ MaxThreadInfoClass = 51,
+}}
+STRUCT!{struct PAGE_PRIORITY_INFORMATION {
+ PagePriority: ULONG,
+}}
+pub type PPAGE_PRIORITY_INFORMATION = *mut PAGE_PRIORITY_INFORMATION;
+STRUCT!{struct PROCESS_BASIC_INFORMATION {
+ ExitStatus: NTSTATUS,
+ PebBaseAddress: PPEB,
+ AffinityMask: ULONG_PTR,
+ BasePriority: KPRIORITY,
+ UniqueProcessId: HANDLE,
+ InheritedFromUniqueProcessId: HANDLE,
+}}
+pub type PPROCESS_BASIC_INFORMATION = *mut PROCESS_BASIC_INFORMATION;
+STRUCT!{struct PROCESS_EXTENDED_BASIC_INFORMATION {
+ Size: SIZE_T,
+ BasicInfo: PROCESS_BASIC_INFORMATION,
+ Flags: ULONG,
+}}
+BITFIELD!{PROCESS_EXTENDED_BASIC_INFORMATION Flags: ULONG [
+ IsProtectedProcess set_IsProtectedProcess[0..1],
+ IsWow64Process set_IsWow64Process[1..2],
+ IsProcessDeleting set_IsProcessDeleting[2..3],
+ IsCrossSessionCreate set_IsCrossSessionCreate[3..4],
+ IsFrozen set_IsFrozen[4..5],
+ IsBackground set_IsBackground[5..6],
+ IsStronglyNamed set_IsStronglyNamed[6..7],
+ IsSecureProcess set_IsSecureProcess[7..8],
+ IsSubsystemProcess set_IsSubsystemProcess[8..9],
+ SpareBits set_SpareBits[9..32],
+]}
+pub type PPROCESS_EXTENDED_BASIC_INFORMATION = *mut PROCESS_EXTENDED_BASIC_INFORMATION;
+STRUCT!{struct VM_COUNTERS {
+ PeakVirtualSize: SIZE_T,
+ VirtualSize: SIZE_T,
+ PageFaultCount: ULONG,
+ PeakWorkingSetSize: SIZE_T,
+ WorkingSetSize: SIZE_T,
+ QuotaPeakPagedPoolUsage: SIZE_T,
+ QuotaPagedPoolUsage: SIZE_T,
+ QuotaPeakNonPagedPoolUsage: SIZE_T,
+ QuotaNonPagedPoolUsage: SIZE_T,
+ PagefileUsage: SIZE_T,
+ PeakPagefileUsage: SIZE_T,
+}}
+pub type PVM_COUNTERS = *mut VM_COUNTERS;
+STRUCT!{struct VM_COUNTERS_EX {
+ PeakVirtualSize: SIZE_T,
+ VirtualSize: SIZE_T,
+ PageFaultCount: ULONG,
+ PeakWorkingSetSize: SIZE_T,
+ WorkingSetSize: SIZE_T,
+ QuotaPeakPagedPoolUsage: SIZE_T,
+ QuotaPagedPoolUsage: SIZE_T,
+ QuotaPeakNonPagedPoolUsage: SIZE_T,
+ QuotaNonPagedPoolUsage: SIZE_T,
+ PagefileUsage: SIZE_T,
+ PeakPagefileUsage: SIZE_T,
+ PrivateUsage: SIZE_T,
+}}
+pub type PVM_COUNTERS_EX = *mut VM_COUNTERS_EX;
+STRUCT!{struct VM_COUNTERS_EX2 {
+ CountersEx: VM_COUNTERS_EX,
+ PrivateWorkingSetSize: SIZE_T,
+ SharedCommitUsage: SIZE_T,
+}}
+pub type PVM_COUNTERS_EX2 = *mut VM_COUNTERS_EX2;
+STRUCT!{struct KERNEL_USER_TIMES {
+ CreateTime: LARGE_INTEGER,
+ ExitTime: LARGE_INTEGER,
+ KernelTime: LARGE_INTEGER,
+ UserTime: LARGE_INTEGER,
+}}
+pub type PKERNEL_USER_TIMES = *mut KERNEL_USER_TIMES;
+STRUCT!{struct POOLED_USAGE_AND_LIMITS {
+ PeakPagedPoolUsage: SIZE_T,
+ PagedPoolUsage: SIZE_T,
+ PagedPoolLimit: SIZE_T,
+ PeakNonPagedPoolUsage: SIZE_T,
+ NonPagedPoolUsage: SIZE_T,
+ NonPagedPoolLimit: SIZE_T,
+ PeakPagefileUsage: SIZE_T,
+ PagefileUsage: SIZE_T,
+ PagefileLimit: SIZE_T,
+}}
+pub type PPOOLED_USAGE_AND_LIMITS = *mut POOLED_USAGE_AND_LIMITS;
+pub const PROCESS_EXCEPTION_PORT_ALL_STATE_BITS: ULONG_PTR = 0x00000003;
+pub const PROCESS_EXCEPTION_PORT_ALL_STATE_FLAGS: ULONG_PTR =
+ (1 << PROCESS_EXCEPTION_PORT_ALL_STATE_BITS) - 1;
+STRUCT!{struct PROCESS_EXCEPTION_PORT {
+ ExceptionPortHandle: HANDLE,
+ StateFlags: ULONG,
+}}
+pub type PPROCESS_EXCEPTION_PORT = *mut PROCESS_EXCEPTION_PORT;
+STRUCT!{struct PROCESS_ACCESS_TOKEN {
+ Token: HANDLE,
+ Thread: HANDLE,
+}}
+pub type PPROCESS_ACCESS_TOKEN = *mut PROCESS_ACCESS_TOKEN;
+STRUCT!{struct PROCESS_LDT_INFORMATION {
+ Start: ULONG,
+ Length: ULONG,
+ LdtEntries: [LDT_ENTRY; 1],
+}}
+pub type PPROCESS_LDT_INFORMATION = *mut PROCESS_LDT_INFORMATION;
+STRUCT!{struct PROCESS_LDT_SIZE {
+ Length: ULONG,
+}}
+pub type PPROCESS_LDT_SIZE = *mut PROCESS_LDT_SIZE;
+STRUCT!{struct PROCESS_WS_WATCH_INFORMATION {
+ FaultingPc: PVOID,
+ FaultingVa: PVOID,
+}}
+pub type PPROCESS_WS_WATCH_INFORMATION = *mut PROCESS_WS_WATCH_INFORMATION;
+STRUCT!{struct PROCESS_WS_WATCH_INFORMATION_EX {
+ BasicInfo: PROCESS_WS_WATCH_INFORMATION,
+ FaultingThreadId: ULONG_PTR,
+ Flags: ULONG_PTR,
+}}
+pub type PPROCESS_WS_WATCH_INFORMATION_EX = *mut PROCESS_WS_WATCH_INFORMATION_EX;
+pub const PROCESS_PRIORITY_CLASS_UNKNOWN: u32 = 0;
+pub const PROCESS_PRIORITY_CLASS_IDLE: u32 = 1;
+pub const PROCESS_PRIORITY_CLASS_NORMAL: u32 = 2;
+pub const PROCESS_PRIORITY_CLASS_HIGH: u32 = 3;
+pub const PROCESS_PRIORITY_CLASS_REALTIME: u32 = 4;
+pub const PROCESS_PRIORITY_CLASS_BELOW_NORMAL: u32 = 5;
+pub const PROCESS_PRIORITY_CLASS_ABOVE_NORMAL: u32 = 6;
+STRUCT!{struct PROCESS_PRIORITY_CLASS {
+ Foreground: BOOLEAN,
+ PriorityClass: UCHAR,
+}}
+pub type PPROCESS_PRIORITY_CLASS = *mut PROCESS_PRIORITY_CLASS;
+STRUCT!{struct PROCESS_FOREGROUND_BACKGROUND {
+ Foreground: BOOLEAN,
+}}
+pub type PPROCESS_FOREGROUND_BACKGROUND = *mut PROCESS_FOREGROUND_BACKGROUND;
+STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_Set {
+ DirectoryHandle: HANDLE,
+}}
+STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_Query {
+ DriveMap: ULONG,
+ DriveType: [UCHAR; 32],
+}}
+UNION!{union PROCESS_DEVICEMAP_INFORMATION {
+ Set: PROCESS_DEVICEMAP_INFORMATION_Set,
+ Query: PROCESS_DEVICEMAP_INFORMATION_Query,
+}}
+pub type PPROCESS_DEVICEMAP_INFORMATION = *mut PROCESS_DEVICEMAP_INFORMATION;
+pub const PROCESS_LUID_DOSDEVICES_ONLY: ULONG = 0x00000001;
+STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX_u_Set {
+ DirectoryHandle: HANDLE,
+}}
+STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX_u_Query {
+ DriveMap: ULONG,
+ DriveType: [UCHAR; 32],
+}}
+UNION!{union PROCESS_DEVICEMAP_INFORMATION_EX_u {
+ Set: PROCESS_DEVICEMAP_INFORMATION_EX_u_Set,
+ Query: PROCESS_DEVICEMAP_INFORMATION_EX_u_Query,
+}}
+STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX {
+ u: PROCESS_DEVICEMAP_INFORMATION_EX_u,
+ Flags: ULONG,
+}}
+pub type PPROCESS_DEVICEMAP_INFORMATION_EX = *mut PROCESS_DEVICEMAP_INFORMATION_EX;
+STRUCT!{struct PROCESS_SESSION_INFORMATION {
+ SessionId: ULONG,
+}}
+pub type PPROCESS_SESSION_INFORMATION = *mut PROCESS_SESSION_INFORMATION;
+pub const PROCESS_HANDLE_EXCEPTIONS_ENABLED: ULONG = 0x00000001;
+pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_DISABLED: ULONG = 0x00000000;
+pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_ENABLED: ULONG = 0x00000001;
+STRUCT!{struct PROCESS_HANDLE_TRACING_ENABLE {
+ Flags: ULONG,
+}}
+pub type PPROCESS_HANDLE_TRACING_ENABLE = *mut PROCESS_HANDLE_TRACING_ENABLE;
+pub const PROCESS_HANDLE_TRACING_MAX_SLOTS: ULONG = 0x20000;
+STRUCT!{struct PROCESS_HANDLE_TRACING_ENABLE_EX {
+ Flags: ULONG,
+ TotalSlots: ULONG,
+}}
+pub type PPROCESS_HANDLE_TRACING_ENABLE_EX = *mut PROCESS_HANDLE_TRACING_ENABLE_EX;
+pub const PROCESS_HANDLE_TRACING_MAX_STACKS: usize = 16;
+pub const PROCESS_HANDLE_TRACE_TYPE_OPEN: ULONG = 1;
+pub const PROCESS_HANDLE_TRACE_TYPE_CLOSE: ULONG = 2;
+pub const PROCESS_HANDLE_TRACE_TYPE_BADREF: ULONG = 3;
+STRUCT!{struct PROCESS_HANDLE_TRACING_ENTRY {
+ Handle: HANDLE,
+ ClientId: CLIENT_ID,
+ Type: ULONG,
+ Stacks: [PVOID; PROCESS_HANDLE_TRACING_MAX_STACKS],
+}}
+pub type PPROCESS_HANDLE_TRACING_ENTRY = *mut PROCESS_HANDLE_TRACING_ENTRY;
+STRUCT!{struct PROCESS_HANDLE_TRACING_QUERY {
+ Handle: HANDLE,
+ TotalTraces: ULONG,
+ HandleTrace: [PROCESS_HANDLE_TRACING_ENTRY; 1],
+}}
+pub type PPROCESS_HANDLE_TRACING_QUERY = *mut PROCESS_HANDLE_TRACING_QUERY;
+STRUCT!{struct THREAD_TLS_INFORMATION {
+ Flags: ULONG,
+ NewTlsData: PVOID,
+ OldTlsData: PVOID,
+ ThreadId: HANDLE,
+}}
+pub type PTHREAD_TLS_INFORMATION = *mut THREAD_TLS_INFORMATION;
+ENUM!{enum PROCESS_TLS_INFORMATION_TYPE {
+ ProcessTlsReplaceIndex = 0,
+ ProcessTlsReplaceVector = 1,
+ MaxProcessTlsOperation = 2,
+}}
+pub type PPROCESS_TLS_INFORMATION_TYPE = *mut PROCESS_TLS_INFORMATION_TYPE;
+STRUCT!{struct PROCESS_TLS_INFORMATION {
+ Flags: ULONG,
+ OperationType: ULONG,
+ ThreadDataCount: ULONG,
+ TlsIndex: ULONG,
+ PreviousCount: ULONG,
+ ThreadData: [THREAD_TLS_INFORMATION; 1],
+}}
+pub type PPROCESS_TLS_INFORMATION = *mut PROCESS_TLS_INFORMATION;
+STRUCT!{struct PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION {
+ Version: ULONG,
+ Reserved: ULONG,
+ Callback: PVOID,
+}}
+pub type PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION =
+ *mut PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION;
+STRUCT!{struct PROCESS_STACK_ALLOCATION_INFORMATION {
+ ReserveSize: SIZE_T,
+ ZeroBits: SIZE_T,
+ StackBase: PVOID,
+}}
+pub type PPROCESS_STACK_ALLOCATION_INFORMATION = *mut PROCESS_STACK_ALLOCATION_INFORMATION;
+STRUCT!{struct PROCESS_STACK_ALLOCATION_INFORMATION_EX {
+ PreferredNode: ULONG,
+ Reserved0: ULONG,
+ Reserved1: ULONG,
+ Reserved2: ULONG,
+ AllocInfo: PROCESS_STACK_ALLOCATION_INFORMATION,
+}}
+pub type PPROCESS_STACK_ALLOCATION_INFORMATION_EX = *mut PROCESS_STACK_ALLOCATION_INFORMATION_EX;
+STRUCT!{struct PROCESS_AFFINITY_UPDATE_MODE {
+ Flags: ULONG,
+}}
+BITFIELD!{PROCESS_AFFINITY_UPDATE_MODE Flags: ULONG [
+ EnableAutoUpdate set_EnableAutoUpdate[0..1],
+ Permanent set_Permanent[1..2],
+ Reserved set_Reserved[2..32],
+]}
+pub type PPROCESS_AFFINITY_UPDATE_MODE = *mut PROCESS_AFFINITY_UPDATE_MODE;
+STRUCT!{struct PROCESS_MEMORY_ALLOCATION_MODE {
+ Flags: ULONG,
+}}
+BITFIELD!{PROCESS_MEMORY_ALLOCATION_MODE Flags: ULONG [
+ TopDown set_TopDown[0..1],
+ Reserved set_Reserved[1..32],
+]}
+pub type PPROCESS_MEMORY_ALLOCATION_MODE = *mut PROCESS_MEMORY_ALLOCATION_MODE;
+STRUCT!{struct PROCESS_HANDLE_INFORMATION {
+ HandleCount: ULONG,
+ HandleCountHighWatermark: ULONG,
+}}
+pub type PPROCESS_HANDLE_INFORMATION = *mut PROCESS_HANDLE_INFORMATION;
+STRUCT!{struct PROCESS_CYCLE_TIME_INFORMATION {
+ AccumulatedCycles: ULONGLONG,
+ CurrentCycleCount: ULONGLONG,
+}}
+pub type PPROCESS_CYCLE_TIME_INFORMATION = *mut PROCESS_CYCLE_TIME_INFORMATION;
+STRUCT!{struct PROCESS_WINDOW_INFORMATION {
+ WindowFlags: ULONG,
+ WindowTitleLength: USHORT,
+ WindowTitle: [WCHAR; 1],
+}}
+pub type PPROCESS_WINDOW_INFORMATION = *mut PROCESS_WINDOW_INFORMATION;
+STRUCT!{struct PROCESS_HANDLE_TABLE_ENTRY_INFO {
+ HandleValue: HANDLE,
+ HandleCount: ULONG_PTR,
+ PointerCount: ULONG_PTR,
+ GrantedAccess: ULONG,
+ ObjectTypeIndex: ULONG,
+ HandleAttributes: ULONG,
+ Reserved: ULONG,
+}}
+pub type PPROCESS_HANDLE_TABLE_ENTRY_INFO = *mut PROCESS_HANDLE_TABLE_ENTRY_INFO;
+STRUCT!{struct PROCESS_HANDLE_SNAPSHOT_INFORMATION {
+ NumberOfHandles: ULONG_PTR,
+ Reserved: ULONG_PTR,
+ Handles: [PROCESS_HANDLE_TABLE_ENTRY_INFO; 1],
+}}
+pub type PPROCESS_HANDLE_SNAPSHOT_INFORMATION = *mut PROCESS_HANDLE_SNAPSHOT_INFORMATION;
+UNION!{union PROCESS_MITIGATION_POLICY_INFORMATION_u {
+ ASLRPolicy: PROCESS_MITIGATION_ASLR_POLICY,
+ StrictHandleCheckPolicy: PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY,
+ SystemCallDisablePolicy: PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY,
+ ExtensionPointDisablePolicy: PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY,
+ DynamicCodePolicy: PROCESS_MITIGATION_DYNAMIC_CODE_POLICY,
+ ControlFlowGuardPolicy: PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY,
+ SignaturePolicy: PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY,
+ FontDisablePolicy: PROCESS_MITIGATION_FONT_DISABLE_POLICY,
+ ImageLoadPolicy: PROCESS_MITIGATION_IMAGE_LOAD_POLICY,
+ SystemCallFilterPolicy: PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY,
+ PayloadRestrictionPolicy: PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY,
+ ChildProcessPolicy: PROCESS_MITIGATION_CHILD_PROCESS_POLICY,
+ // SideChannelIsolationPolicy: PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY, //TODO
+}}
+STRUCT!{struct PROCESS_MITIGATION_POLICY_INFORMATION {
+ Policy: PROCESS_MITIGATION_POLICY,
+ u: PROCESS_MITIGATION_POLICY_INFORMATION_u,
+}}
+pub type PPROCESS_MITIGATION_POLICY_INFORMATION = *mut PROCESS_MITIGATION_POLICY_INFORMATION;
+STRUCT!{struct PROCESS_KEEPALIVE_COUNT_INFORMATION {
+ WakeCount: ULONG,
+ NoWakeCount: ULONG,
+}}
+pub type PPROCESS_KEEPALIVE_COUNT_INFORMATION = *mut PROCESS_KEEPALIVE_COUNT_INFORMATION;
+STRUCT!{struct PROCESS_REVOKE_FILE_HANDLES_INFORMATION {
+ TargetDevicePath: UNICODE_STRING,
+}}
+pub type PPROCESS_REVOKE_FILE_HANDLES_INFORMATION = *mut PROCESS_REVOKE_FILE_HANDLES_INFORMATION;
+ENUM!{enum PROCESS_WORKING_SET_OPERATION {
+ ProcessWorkingSetSwap = 0,
+ ProcessWorkingSetEmpty = 1,
+ ProcessWorkingSetOperationMax = 2,
+}}
+STRUCT!{struct PROCESS_WORKING_SET_CONTROL {
+ Version: ULONG,
+ Operation: PROCESS_WORKING_SET_OPERATION,
+ Flags: ULONG,
+}}
+pub type PPROCESS_WORKING_SET_CONTROL = *mut PROCESS_WORKING_SET_CONTROL;
+ENUM!{enum PS_PROTECTED_TYPE {
+ PsProtectedTypeNone = 0,
+ PsProtectedTypeProtectedLight = 1,
+ PsProtectedTypeProtected = 2,
+ PsProtectedTypeMax = 3,
+}}
+ENUM!{enum PS_PROTECTED_SIGNER {
+ PsProtectedSignerNone = 0,
+ PsProtectedSignerAuthenticode = 1,
+ PsProtectedSignerCodeGen = 2,
+ PsProtectedSignerAntimalware = 3,
+ PsProtectedSignerLsa = 4,
+ PsProtectedSignerWindows = 5,
+ PsProtectedSignerWinTcb = 6,
+ PsProtectedSignerWinSystem = 7,
+ PsProtectedSignerApp = 8,
+ PsProtectedSignerMax = 9,
+}}
+pub const PS_PROTECTED_SIGNER_MASK: UCHAR = 0xFF;
+pub const PS_PROTECTED_AUDIT_MASK: UCHAR = 0x08;
+pub const PS_PROTECTED_TYPE_MASK: UCHAR = 0x07;
+#[inline]
+pub const fn PsProtectedValue(
+ aSigner: PS_PROTECTED_SIGNER,
+ aAudit: u8,
+ aType: PS_PROTECTED_TYPE,
+) -> UCHAR {
+ (aSigner as u8 & PS_PROTECTED_SIGNER_MASK) << 4 | (aAudit & PS_PROTECTED_AUDIT_MASK) << 3
+ | (aType as u8 & PS_PROTECTED_TYPE_MASK)
+}
+#[inline]
+pub fn InitializePsProtection(
+ aProtectionLevelPtr: &mut PS_PROTECTION,
+ aSigner: PS_PROTECTED_SIGNER,
+ aAudit: u8,
+ aType: PS_PROTECTED_TYPE,
+) {
+ aProtectionLevelPtr.set_Signer(aSigner as u8);
+ aProtectionLevelPtr.set_Audit(aAudit);
+ aProtectionLevelPtr.set_Type(aType as u8);
+}
+STRUCT!{struct PS_PROTECTION {
+ Level: UCHAR,
+}}
+pub type PPS_PROTECTION = *mut PS_PROTECTION;
+BITFIELD!{PS_PROTECTION Level: UCHAR [
+ Type set_Type[0..3],
+ Audit set_Audit[3..4],
+ Signer set_Signer[4..8],
+]}
+STRUCT!{struct PROCESS_FAULT_INFORMATION {
+ FaultFlags: ULONG,
+ AdditionalInfo: ULONG,
+}}
+pub type PPROCESS_FAULT_INFORMATION = *mut PROCESS_FAULT_INFORMATION;
+STRUCT!{struct PROCESS_TELEMETRY_ID_INFORMATION {
+ HeaderSize: ULONG,
+ ProcessId: ULONG,
+ ProcessStartKey: ULONGLONG,
+ CreateTime: ULONGLONG,
+ CreateInterruptTime: ULONGLONG,
+ CreateUnbiasedInterruptTime: ULONGLONG,
+ ProcessSequenceNumber: ULONGLONG,
+ SessionCreateTime: ULONGLONG,
+ SessionId: ULONG,
+ BootId: ULONG,
+ ImageChecksum: ULONG,
+ ImageTimeDateStamp: ULONG,
+ UserSidOffset: ULONG,
+ ImagePathOffset: ULONG,
+ PackageNameOffset: ULONG,
+ RelativeAppNameOffset: ULONG,
+ CommandLineOffset: ULONG,
+}}
+pub type PPROCESS_TELEMETRY_ID_INFORMATION = *mut PROCESS_TELEMETRY_ID_INFORMATION;
+STRUCT!{struct PROCESS_COMMIT_RELEASE_INFORMATION {
+ Version: ULONG,
+ s: ULONG,
+ CommitDebt: SIZE_T,
+ CommittedMemResetSize: SIZE_T,
+ RepurposedMemResetSize: SIZE_T,
+}}
+BITFIELD!{PROCESS_COMMIT_RELEASE_INFORMATION s: ULONG [
+ Eligible set_Eligible[0..1],
+ ReleaseRepurposedMemResetCommit set_ReleaseRepurposedMemResetCommit[1..2],
+ ForceReleaseMemResetCommit set_ForceReleaseMemResetCommit[2..3],
+ Spare set_Spare[3..32],
+]}
+pub type PPROCESS_COMMIT_RELEASE_INFORMATION = *mut PROCESS_COMMIT_RELEASE_INFORMATION;
+STRUCT!{struct PROCESS_JOB_MEMORY_INFO {
+ SharedCommitUsage: ULONGLONG,
+ PrivateCommitUsage: ULONGLONG,
+ PeakPrivateCommitUsage: ULONGLONG,
+ PrivateCommitLimit: ULONGLONG,
+ TotalCommitLimit: ULONGLONG,
+}}
+pub type PPROCESS_JOB_MEMORY_INFO = *mut PROCESS_JOB_MEMORY_INFO;
+STRUCT!{struct PROCESS_CHILD_PROCESS_INFORMATION {
+ ProhibitChildProcesses: BOOLEAN,
+ AlwaysAllowSecureChildProcess: BOOLEAN,
+ AuditProhibitChildProcesses: BOOLEAN,
+}}
+pub type PPROCESS_CHILD_PROCESS_INFORMATION = *mut PROCESS_CHILD_PROCESS_INFORMATION;
+STRUCT!{struct PROCESS_WAKE_INFORMATION {
+ NotificationChannel: ULONGLONG,
+ WakeCounters: [ULONG; 7],
+ WakeFilter: *mut JOBOBJECT_WAKE_FILTER,
+}}
+pub type PPROCESS_WAKE_INFORMATION = *mut PROCESS_WAKE_INFORMATION;
+STRUCT!{struct PROCESS_ENERGY_TRACKING_STATE {
+ StateUpdateMask: ULONG,
+ StateDesiredValue: ULONG,
+ StateSequence: ULONG,
+ UpdateTag: ULONG,
+ Tag: [WCHAR; 64],
+}}
+pub type PPROCESS_ENERGY_TRACKING_STATE = *mut PROCESS_ENERGY_TRACKING_STATE;
+BITFIELD!{PROCESS_ENERGY_TRACKING_STATE UpdateTag: ULONG [
+ UpdateTag set_UpdateTag[0..1],
+]}
+STRUCT!{struct MANAGE_WRITES_TO_EXECUTABLE_MEMORY {
+ BitFields: ULONG,
+}}
+BITFIELD!{MANAGE_WRITES_TO_EXECUTABLE_MEMORY BitFields: ULONG [
+ Machine set_Machine[0..16],
+ KernelMode set_KernelMode[16..17],
+ UserMode set_UserMode[17..18],
+ Native set_Native[18..19],
+ Process set_Process[19..20],
+ ReservedZero0 set_ReservedZero0[20..32],
+]}
+pub type PMANAGE_WRITES_TO_EXECUTABLE_MEMORY = *mut MANAGE_WRITES_TO_EXECUTABLE_MEMORY;
+pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM: UCHAR = 1;
+pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM: UCHAR = 2;
+pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM_V: UCHAR = 1;
+pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM_V: UCHAR = 2;
+STRUCT!{struct PROCESS_READWRITEVM_LOGGING_INFORMATION {
+ Flags: UCHAR,
+}}
+BITFIELD!{PROCESS_READWRITEVM_LOGGING_INFORMATION Flags: UCHAR [
+ EnableReadVmLogging set_EnableReadVmLogging[0..1],
+ EnableWriteVmLogging set_EnableWriteVmLogging[1..2],
+ Unused set_Unused[2..8],
+]}
+UNION!{union PROCESS_UPTIME_INFORMATION_u {
+ HangCount: ULONG,
+ GhostCount: ULONG,
+ Crashed: ULONG,
+ Terminated: ULONG,
+}}
+pub type PPROCESS_READWRITEVM_LOGGING_INFORMATION = *mut PROCESS_READWRITEVM_LOGGING_INFORMATION;
+STRUCT!{struct PROCESS_UPTIME_INFORMATION {
+ QueryInterruptTime: ULONGLONG,
+ QueryUnbiasedTime: ULONGLONG,
+ EndInterruptTime: ULONGLONG,
+ TimeSinceCreation: ULONGLONG,
+ Uptime: ULONGLONG,
+ SuspendedTime: ULONGLONG,
+ u: PROCESS_UPTIME_INFORMATION_u,
+}}
+pub type PPROCESS_UPTIME_INFORMATION = *mut PROCESS_UPTIME_INFORMATION;
+STRUCT!{struct PROCESS_SYSTEM_RESOURCE_MANAGEMENT {
+ Flags: ULONG,
+}}
+pub type PPROCESS_SYSTEM_RESOURCE_MANAGEMENT = *mut PROCESS_SYSTEM_RESOURCE_MANAGEMENT;
+BITFIELD!{PROCESS_SYSTEM_RESOURCE_MANAGEMENT Flags: ULONG [
+ Foreground set_Foreground[0..1],
+ Reserved set_Reserved[1..32],
+]}
+STRUCT!{struct PROCESS_SECURITY_DOMAIN_INFORMATION {
+ SecurityDomain: ULONGLONG,
+}}
+pub type PPROCESS_SECURITY_DOMAIN_INFORMATION = *mut PROCESS_SECURITY_DOMAIN_INFORMATION;
+STRUCT!{struct PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION {
+ ProcessHandle: HANDLE,
+}}
+pub type PPROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION =
+ *mut PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION;
+STRUCT!{struct PROCESS_LOGGING_INFORMATION {
+ Flags: ULONG,
+ BitFields: ULONG,
+}}
+BITFIELD!{PROCESS_LOGGING_INFORMATION BitFields: ULONG [
+ EnableReadVmLogging set_EnableReadVmLogging[0..1],
+ EnableWriteVmLogging set_EnableWriteVmLogging[1..2],
+ EnableProcessSuspendResumeLogging set_EnableProcessSuspendResumeLogging[2..3],
+ EnableThreadSuspendResumeLogging set_EnableThreadSuspendResumeLogging[3..4],
+ Reserved set_Reserved[4..32],
+]}
+pub type PPROCESS_LOGGING_INFORMATION = *mut PROCESS_LOGGING_INFORMATION;
+STRUCT!{struct PROCESS_LEAP_SECOND_INFORMATION {
+ Flags: ULONG,
+ Reserved: ULONG,
+}}
+pub type PPROCESS_LEAP_SECOND_INFORMATION = *mut PROCESS_LEAP_SECOND_INFORMATION;
+STRUCT!{struct THREAD_BASIC_INFORMATION {
+ ExitStatus: NTSTATUS,
+ TebBaseAddress: PTEB,
+ ClientId: CLIENT_ID,
+ AffinityMask: ULONG_PTR,
+ Priority: KPRIORITY,
+ BasePriority: LONG,
+}}
+pub type PTHREAD_BASIC_INFORMATION = *mut THREAD_BASIC_INFORMATION;
+STRUCT!{struct THREAD_LAST_SYSCALL_INFORMATION {
+ FirstArgument: PVOID,
+ SystemCallNumber: USHORT,
+ Pad: [USHORT; 1],
+ WaitTime: ULONG64,
+}}
+pub type PTHREAD_LAST_SYSCALL_INFORMATION = *mut THREAD_LAST_SYSCALL_INFORMATION;
+STRUCT!{struct THREAD_CYCLE_TIME_INFORMATION {
+ AccumulatedCycles: ULONGLONG,
+ CurrentCycleCount: ULONGLONG,
+}}
+pub type PTHREAD_CYCLE_TIME_INFORMATION = *mut THREAD_CYCLE_TIME_INFORMATION;
+STRUCT!{struct THREAD_TEB_INFORMATION {
+ TebInformation: PVOID,
+ TebOffset: ULONG,
+ BytesToRead: ULONG,
+}}
+pub type PTHREAD_TEB_INFORMATION = *mut THREAD_TEB_INFORMATION;
+STRUCT!{struct COUNTER_READING {
+ Type: HARDWARE_COUNTER_TYPE,
+ Index: ULONG,
+ Start: ULONG64,
+ Total: ULONG64,
+}}
+pub type PCOUNTER_READING = *mut COUNTER_READING;
+STRUCT!{struct THREAD_PERFORMANCE_DATA {
+ Size: USHORT,
+ Version: USHORT,
+ ProcessorNumber: PROCESSOR_NUMBER,
+ ContextSwitches: ULONG,
+ HwCountersCount: ULONG,
+ UpdateCount: ULONG64,
+ WaitReasonBitMap: ULONG64,
+ HardwareCounters: ULONG64,
+ CycleTime: COUNTER_READING,
+ HwCounters: [COUNTER_READING; MAX_HW_COUNTERS],
+}}
+pub type PTHREAD_PERFORMANCE_DATA = *mut THREAD_PERFORMANCE_DATA;
+STRUCT!{struct THREAD_PROFILING_INFORMATION {
+ HardwareCounters: ULONG64,
+ Flags: ULONG,
+ Enable: ULONG,
+ PerformanceData: PTHREAD_PERFORMANCE_DATA,
+}}
+pub type PTHREAD_PROFILING_INFORMATION = *mut THREAD_PROFILING_INFORMATION;
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+STRUCT!{#[repr(align(16))] struct RTL_UMS_CONTEXT {
+ Link: SINGLE_LIST_ENTRY,
+ __padding: u64,
+ Context: CONTEXT,
+ Teb: PVOID,
+ UserContext: PVOID,
+ ScheduledThread: ULONG,
+ Suspended: ULONG,
+ VolatileContext: ULONG,
+ Terminated: ULONG,
+ DebugActive: ULONG,
+ RunningOnSelfThread: ULONG,
+ DenyRunningOnSelfThread: ULONG,
+ Flags: LONG,
+ KernelUpdateLock: ULONG64,
+ PrimaryClientID: ULONG64,
+ ContextLock: ULONG64,
+ PrimaryUmsContext: *mut RTL_UMS_CONTEXT,
+ SwitchCount: ULONG,
+ KernelYieldCount: ULONG,
+ MixedYieldCount: ULONG,
+ YieldCount: ULONG,
+}}
+#[cfg(target_arch = "x86")]
+STRUCT!{struct RTL_UMS_CONTEXT {
+ Link: SINGLE_LIST_ENTRY,
+ Context: CONTEXT,
+ Teb: PVOID,
+ UserContext: PVOID,
+ ScheduledThread: ULONG,
+ Suspended: ULONG,
+ VolatileContext: ULONG,
+ Terminated: ULONG,
+ DebugActive: ULONG,
+ RunningOnSelfThread: ULONG,
+ DenyRunningOnSelfThread: ULONG,
+ Flags: LONG,
+ KernelUpdateLock: ULONG64,
+ PrimaryClientID: ULONG64,
+ ContextLock: ULONG64,
+ PrimaryUmsContext: *mut RTL_UMS_CONTEXT,
+ SwitchCount: ULONG,
+ KernelYieldCount: ULONG,
+ MixedYieldCount: ULONG,
+ YieldCount: ULONG,
+ __padding: u32,
+}}
+pub type PRTL_UMS_CONTEXT = *mut RTL_UMS_CONTEXT;
+ENUM!{enum THREAD_UMS_INFORMATION_COMMAND {
+ UmsInformationCommandInvalid = 0,
+ UmsInformationCommandAttach = 1,
+ UmsInformationCommandDetach = 2,
+ UmsInformationCommandQuery = 3,
+}}
+STRUCT!{struct RTL_UMS_COMPLETION_LIST {
+ ThreadListHead: PSINGLE_LIST_ENTRY,
+ CompletionEvent: PVOID,
+ CompletionFlags: ULONG,
+ InternalListHead: SINGLE_LIST_ENTRY,
+}}
+pub type PRTL_UMS_COMPLETION_LIST = *mut RTL_UMS_COMPLETION_LIST;
+STRUCT!{struct THREAD_UMS_INFORMATION {
+ Command: THREAD_UMS_INFORMATION_COMMAND,
+ CompletionList: PRTL_UMS_COMPLETION_LIST,
+ UmsContext: PRTL_UMS_CONTEXT,
+ Flags: ULONG,
+}}
+BITFIELD!{THREAD_UMS_INFORMATION Flags: ULONG [
+ IsUmsSchedulerThread set_IsUmsSchedulerThread[0..1],
+ IsUmsWorkerThread set_IsUmsWorkerThread[1..2],
+ SpareBits set_SpareBits[2..32],
+]}
+pub type PTHREAD_UMS_INFORMATION = *mut THREAD_UMS_INFORMATION;
+STRUCT!{struct THREAD_NAME_INFORMATION {
+ ThreadName: UNICODE_STRING,
+}}
+pub type PTHREAD_NAME_INFORMATION = *mut THREAD_NAME_INFORMATION;
+ENUM!{enum SUBSYSTEM_INFORMATION_TYPE {
+ SubsystemInformationTypeWin32 = 0,
+ SubsystemInformationTypeWSL = 1,
+ MaxSubsystemInformationType = 2,
+}}
+ENUM!{enum THREAD_WORKLOAD_CLASS {
+ ThreadWorkloadClassDefault = 0,
+ ThreadWorkloadClassGraphics = 1,
+ MaxThreadWorkloadClass = 2,
+}}
+EXTERN!{extern "system" {
+ fn NtCreateProcess(
+ ProcessHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ParentProcess: HANDLE,
+ InheritObjectTable: BOOLEAN,
+ SectionHandle: HANDLE,
+ DebugPort: HANDLE,
+ ExceptionPort: HANDLE,
+ ) -> NTSTATUS;
+}}
+pub const PROCESS_CREATE_FLAGS_BREAKAWAY: ULONG = 0x00000001;
+pub const PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT: ULONG = 0x00000002;
+pub const PROCESS_CREATE_FLAGS_INHERIT_HANDLES: ULONG = 0x00000004;
+pub const PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE: ULONG = 0x00000008;
+pub const PROCESS_CREATE_FLAGS_LARGE_PAGES: ULONG = 0x00000010;
+EXTERN!{extern "system" {
+ fn NtCreateProcessEx(
+ ProcessHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ParentProcess: HANDLE,
+ Flags: ULONG,
+ SectionHandle: HANDLE,
+ DebugPort: HANDLE,
+ ExceptionPort: HANDLE,
+ JobMemberLevel: ULONG,
+ ) -> NTSTATUS;
+ fn NtOpenProcess(
+ ProcessHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ClientId: PCLIENT_ID,
+ ) -> NTSTATUS;
+ fn NtTerminateProcess(
+ ProcessHandle: HANDLE,
+ ExitStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn NtSuspendProcess(
+ ProcessHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtResumeProcess(
+ ProcessHandle: HANDLE,
+ ) -> NTSTATUS;
+}}
+pub const NtCurrentProcess: HANDLE = -1isize as *mut c_void;
+pub const ZwCurrentProcess: HANDLE = NtCurrentProcess;
+pub const NtCurrentThread: HANDLE = -2isize as *mut c_void;
+pub const ZwCurrentThread: HANDLE = NtCurrentThread;
+pub const NtCurrentSession: HANDLE = -3isize as *mut c_void;
+pub const ZwCurrentSession: HANDLE = NtCurrentSession;
+#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
+pub unsafe fn NtCurrentPeb() -> PPEB {
+ (*NtCurrentTeb()).ProcessEnvironmentBlock
+}
+pub const NtCurrentProcessToken: HANDLE = -4isize as *mut c_void;
+pub const NtCurrentThreadToken: HANDLE = -5isize as *mut c_void;
+pub const NtCurrentEffectiveToken: HANDLE = -6isize as *mut c_void;
+pub const NtCurrentSilo: HANDLE = -1isize as *mut c_void;
+#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
+pub unsafe fn NtCurrentProcessId() -> HANDLE {
+ (*NtCurrentTeb()).ClientId.UniqueProcess
+}
+#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
+pub unsafe fn NtCurrentThreadId() -> HANDLE {
+ (*NtCurrentTeb()).ClientId.UniqueThread
+}
+EXTERN!{extern "system" {
+ fn NtQueryInformationProcess(
+ ProcessHandle: HANDLE,
+ ProcessInformationClass: PROCESSINFOCLASS,
+ ProcessInformation: PVOID,
+ ProcessInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtGetNextProcess(
+ ProcessHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ Flags: ULONG,
+ NewProcessHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtGetNextThread(
+ ProcessHandle: HANDLE,
+ ThreadHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ Flags: ULONG,
+ NewThreadHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtSetInformationProcess(
+ ProcessHandle: HANDLE,
+ ProcessInformationClass: PROCESSINFOCLASS,
+ ProcessInformation: PVOID,
+ ProcessInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtQueryPortInformationProcess() -> NTSTATUS;
+ fn NtCreateThread(
+ ThreadHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ProcessHandle: HANDLE,
+ ClientId: PCLIENT_ID,
+ ThreadContext: PCONTEXT,
+ InitialTeb: PINITIAL_TEB,
+ CreateSuspended: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtOpenThread(
+ ThreadHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ClientId: PCLIENT_ID,
+ ) -> NTSTATUS;
+ fn NtTerminateThread(
+ ThreadHandle: HANDLE,
+ ExitStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn NtSuspendThread(
+ ThreadHandle: HANDLE,
+ PreviousSuspendCount: PULONG,
+ ) -> NTSTATUS;
+ fn NtResumeThread(
+ ThreadHandle: HANDLE,
+ PreviousSuspendCount: PULONG,
+ ) -> NTSTATUS;
+ fn NtGetCurrentProcessorNumber() -> ULONG;
+ fn NtGetContextThread(
+ ThreadHandle: HANDLE,
+ ThreadContext: PCONTEXT,
+ ) -> NTSTATUS;
+ fn NtSetContextThread(
+ ThreadHandle: HANDLE,
+ ThreadContext: PCONTEXT,
+ ) -> NTSTATUS;
+ fn NtQueryInformationThread(
+ ThreadHandle: HANDLE,
+ ThreadInformationClass: THREADINFOCLASS,
+ ThreadInformation: PVOID,
+ ThreadInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationThread(
+ ThreadHandle: HANDLE,
+ ThreadInformationClass: THREADINFOCLASS,
+ ThreadInformation: PVOID,
+ ThreadInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtAlertThread(
+ ThreadHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtAlertResumeThread(
+ ThreadHandle: HANDLE,
+ PreviousSuspendCount: PULONG,
+ ) -> NTSTATUS;
+ fn NtTestAlert() -> NTSTATUS;
+ fn NtImpersonateThread(
+ ServerThreadHandle: HANDLE,
+ ClientThreadHandle: HANDLE,
+ SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
+ ) -> NTSTATUS;
+ fn NtRegisterThreadTerminatePort(
+ PortHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtSetLdtEntries(
+ Selector0: ULONG,
+ Entry0Low: ULONG,
+ Entry0Hi: ULONG,
+ Selector1: ULONG,
+ Entry1Low: ULONG,
+ Entry1Hi: ULONG,
+ ) -> NTSTATUS;
+}}
+FN!{cdecl PPS_APC_ROUTINE(
+ ApcArgument1: PVOID,
+ ApcArgument2: PVOID,
+ ApcArgument3: PVOID,
+) -> ()}
+EXTERN!{extern "system" {
+ fn NtQueueApcThread(
+ ThreadHandle: HANDLE,
+ ApcRoutine: PPS_APC_ROUTINE,
+ ApcArgument1: PVOID,
+ ApcArgument2: PVOID,
+ ApcArgument3: PVOID,
+ ) -> NTSTATUS;
+}}
+pub const APC_FORCE_THREAD_SIGNAL: HANDLE = 1 as *mut c_void;
+EXTERN!{extern "system" {
+ fn NtQueueApcThreadEx(
+ ThreadHandle: HANDLE,
+ UserApcReserveHandle: HANDLE,
+ ApcRoutine: PPS_APC_ROUTINE,
+ ApcArgument1: PVOID,
+ ApcArgument2: PVOID,
+ ApcArgument3: PVOID,
+ ) -> NTSTATUS;
+ fn NtAlertThreadByThreadId(
+ ThreadId: HANDLE,
+ ) -> NTSTATUS;
+ fn NtWaitForAlertByThreadId(
+ Address: PVOID,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+}}
+pub const PS_ATTRIBUTE_NUMBER_MASK: u32 = 0x0000ffff;
+pub const PS_ATTRIBUTE_THREAD: u32 = 0x00010000;
+pub const PS_ATTRIBUTE_INPUT: u32 = 0x00020000;
+pub const PS_ATTRIBUTE_ADDITIVE: u32 = 0x00040000;
+ENUM!{enum PS_ATTRIBUTE_NUM {
+ PsAttributeParentProcess = 0,
+ PsAttributeDebugPort = 1,
+ PsAttributeToken = 2,
+ PsAttributeClientId = 3,
+ PsAttributeTebAddress = 4,
+ PsAttributeImageName = 5,
+ PsAttributeImageInfo = 6,
+ PsAttributeMemoryReserve = 7,
+ PsAttributePriorityClass = 8,
+ PsAttributeErrorMode = 9,
+ PsAttributeStdHandleInfo = 10,
+ PsAttributeHandleList = 11,
+ PsAttributeGroupAffinity = 12,
+ PsAttributePreferredNode = 13,
+ PsAttributeIdealProcessor = 14,
+ PsAttributeUmsThread = 15,
+ PsAttributeMitigationOptions = 16,
+ PsAttributeProtectionLevel = 17,
+ PsAttributeSecureProcess = 18,
+ PsAttributeJobList = 19,
+ PsAttributeChildProcessPolicy = 20,
+ PsAttributeAllApplicationPackagesPolicy = 21,
+ PsAttributeWin32kFilter = 22,
+ PsAttributeSafeOpenPromptOriginClaim = 23,
+ PsAttributeBnoIsolation = 24,
+ PsAttributeDesktopAppPolicy = 25,
+ PsAttributeChpe = 26,
+ PsAttributeMax = 27,
+}}
+#[inline]
+pub const fn PsAttributeValue(
+ Number: PS_ATTRIBUTE_NUM,
+ Thread: bool,
+ Input: bool,
+ Additive: bool,
+) -> ULONG_PTR { //fixme
+ (Number & PS_ATTRIBUTE_NUMBER_MASK | [0, PS_ATTRIBUTE_THREAD][Thread as usize]
+ | [0, PS_ATTRIBUTE_INPUT][Input as usize] | [0, PS_ATTRIBUTE_ADDITIVE][Additive as usize]
+ ) as usize
+}
+pub const PS_ATTRIBUTE_PARENT_PROCESS: ULONG_PTR = 0x00060000;
+pub const PS_ATTRIBUTE_DEBUG_PORT: ULONG_PTR = 0x00060001;
+pub const PS_ATTRIBUTE_TOKEN: ULONG_PTR = 0x00060002;
+pub const PS_ATTRIBUTE_CLIENT_ID: ULONG_PTR = 0x00010003;
+pub const PS_ATTRIBUTE_TEB_ADDRESS: ULONG_PTR = 0x00010004;
+pub const PS_ATTRIBUTE_IMAGE_NAME: ULONG_PTR = 0x00020005;
+pub const PS_ATTRIBUTE_IMAGE_INFO: ULONG_PTR = 0x00000006;
+pub const PS_ATTRIBUTE_MEMORY_RESERVE: ULONG_PTR = 0x00020007;
+pub const PS_ATTRIBUTE_PRIORITY_CLASS: ULONG_PTR = 0x00020008;
+pub const PS_ATTRIBUTE_ERROR_MODE: ULONG_PTR = 0x00020009;
+pub const PS_ATTRIBUTE_STD_HANDLE_INFO: ULONG_PTR = 0x0002000a;
+pub const PS_ATTRIBUTE_HANDLE_LIST: ULONG_PTR = 0x0002000b;
+pub const PS_ATTRIBUTE_GROUP_AFFINITY: ULONG_PTR = 0x0003000c;
+pub const PS_ATTRIBUTE_PREFERRED_NODE: ULONG_PTR = 0x0002000d;
+pub const PS_ATTRIBUTE_IDEAL_PROCESSOR: ULONG_PTR = 0x0003000e;
+pub const PS_ATTRIBUTE_UMS_THREAD: ULONG_PTR = 0x0003000f;
+pub const PS_ATTRIBUTE_MITIGATION_OPTIONS: ULONG_PTR = 0x00060010;
+pub const PS_ATTRIBUTE_PROTECTION_LEVEL: ULONG_PTR = 0x00060011;
+pub const PS_ATTRIBUTE_SECURE_PROCESS: ULONG_PTR = 0x00020012;
+pub const PS_ATTRIBUTE_JOB_LIST: ULONG_PTR = 0x00020013;
+pub const PS_ATTRIBUTE_CHILD_PROCESS_POLICY: ULONG_PTR = 0x00020014;
+pub const PS_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY: ULONG_PTR = 0x00020015;
+pub const PS_ATTRIBUTE_WIN32K_FILTER: ULONG_PTR = 0x00020016;
+pub const PS_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM: ULONG_PTR = 0x00020017;
+pub const PS_ATTRIBUTE_BNO_ISOLATION: ULONG_PTR = 0x00020018;
+pub const PS_ATTRIBUTE_DESKTOP_APP_POLICY: ULONG_PTR = 0x00020019;
+UNION!{union PS_ATTRIBUTE_u {
+ Value: ULONG_PTR,
+ ValuePtr: PVOID,
+}}
+STRUCT!{struct PS_ATTRIBUTE {
+ Attribute: ULONG_PTR,
+ Size: SIZE_T,
+ u: PS_ATTRIBUTE_u,
+ ReturnLength: PSIZE_T,
+}}
+pub type PPS_ATTRIBUTE = *mut PS_ATTRIBUTE;
+STRUCT!{struct PS_ATTRIBUTE_LIST {
+ TotalLength: SIZE_T,
+ Attributes: [PS_ATTRIBUTE; 1],
+}}
+pub type PPS_ATTRIBUTE_LIST = *mut PS_ATTRIBUTE_LIST;
+STRUCT!{struct PS_MEMORY_RESERVE {
+ ReserveAddress: PVOID,
+ ReserveSize: SIZE_T,
+}}
+pub type PPS_MEMORY_RESERVE = *mut PS_MEMORY_RESERVE;
+ENUM!{enum PS_STD_HANDLE_STATE {
+ PsNeverDuplicate = 0,
+ PsRequestDuplicate = 1,
+ PsAlwaysDuplicate = 2,
+ PsMaxStdHandleStates = 3,
+}}
+pub const PS_STD_INPUT_HANDLE: u32 = 0x1;
+pub const PS_STD_OUTPUT_HANDLE: u32 = 0x2;
+pub const PS_STD_ERROR_HANDLE: u32 = 0x4;
+STRUCT!{struct PS_STD_HANDLE_INFO {
+ Flags: ULONG,
+ StdHandleSubsystemType: ULONG,
+}}
+pub type PPS_STD_HANDLE_INFO = *mut PS_STD_HANDLE_INFO;
+BITFIELD!{PS_STD_HANDLE_INFO Flags: ULONG [
+ StdHandleState set_StdHandleState[0..2],
+ PseudoHandleMask set_PseudoHandleMask[2..5],
+]}
+STRUCT!{struct PS_BNO_ISOLATION_PARAMETERS {
+ IsolationPrefix: UNICODE_STRING,
+ HandleCount: ULONG,
+ Handles: *mut PVOID,
+ IsolationEnabled: BOOLEAN,
+}}
+pub type PPS_BNO_ISOLATION_PARAMETERS = *mut PS_BNO_ISOLATION_PARAMETERS;
+ENUM!{enum PS_MITIGATION_OPTION {
+ PS_MITIGATION_OPTION_NX = 0,
+ PS_MITIGATION_OPTION_SEHOP = 1,
+ PS_MITIGATION_OPTION_FORCE_RELOCATE_IMAGES = 2,
+ PS_MITIGATION_OPTION_HEAP_TERMINATE = 3,
+ PS_MITIGATION_OPTION_BOTTOM_UP_ASLR = 4,
+ PS_MITIGATION_OPTION_HIGH_ENTROPY_ASLR = 5,
+ PS_MITIGATION_OPTION_STRICT_HANDLE_CHECKS = 6,
+ PS_MITIGATION_OPTION_WIN32K_SYSTEM_CALL_DISABLE = 7,
+ PS_MITIGATION_OPTION_EXTENSION_POINT_DISABLE = 8,
+ PS_MITIGATION_OPTION_PROHIBIT_DYNAMIC_CODE = 9,
+ PS_MITIGATION_OPTION_CONTROL_FLOW_GUARD = 10,
+ PS_MITIGATION_OPTION_BLOCK_NON_MICROSOFT_BINARIES = 11,
+ PS_MITIGATION_OPTION_FONT_DISABLE = 12,
+ PS_MITIGATION_OPTION_IMAGE_LOAD_NO_REMOTE = 13,
+ PS_MITIGATION_OPTION_IMAGE_LOAD_NO_LOW_LABEL = 14,
+ PS_MITIGATION_OPTION_IMAGE_LOAD_PREFER_SYSTEM32 = 15,
+ PS_MITIGATION_OPTION_RETURN_FLOW_GUARD = 16,
+ PS_MITIGATION_OPTION_LOADER_INTEGRITY_CONTINUITY = 17,
+ PS_MITIGATION_OPTION_STRICT_CONTROL_FLOW_GUARD = 18,
+ PS_MITIGATION_OPTION_RESTRICT_SET_THREAD_CONTEXT = 19,
+ PS_MITIGATION_OPTION_ROP_STACKPIVOT = 20,
+ PS_MITIGATION_OPTION_ROP_CALLER_CHECK = 21,
+ PS_MITIGATION_OPTION_ROP_SIMEXEC = 22,
+ PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER = 23,
+ PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER_PLUS = 24,
+ PS_MITIGATION_OPTION_RESTRICT_CHILD_PROCESS_CREATION = 25,
+ PS_MITIGATION_OPTION_IMPORT_ADDRESS_FILTER = 26,
+ PS_MITIGATION_OPTION_MODULE_TAMPERING_PROTECTION = 27,
+ PS_MITIGATION_OPTION_RESTRICT_INDIRECT_BRANCH_PREDICTION = 28,
+ PS_MITIGATION_OPTION_SPECULATIVE_STORE_BYPASS_DISABLE = 29,
+ PS_MITIGATION_OPTION_ALLOW_DOWNGRADE_DYNAMIC_CODE_POLICY = 30,
+ PS_MITIGATION_OPTION_CET_SHADOW_STACKS = 31,
+}}
+ENUM!{enum PS_CREATE_STATE {
+ PsCreateInitialState = 0,
+ PsCreateFailOnFileOpen = 1,
+ PsCreateFailOnSectionCreate = 2,
+ PsCreateFailExeFormat = 3,
+ PsCreateFailMachineMismatch = 4,
+ PsCreateFailExeName = 5,
+ PsCreateSuccess = 6,
+ PsCreateMaximumStates = 7,
+}}
+STRUCT!{struct PS_CREATE_INFO_u_InitState {
+ InitFlags: ULONG,
+ AdditionalFileAccess: ACCESS_MASK,
+}}
+BITFIELD!{PS_CREATE_INFO_u_InitState InitFlags: ULONG [
+ WriteOutputOnExit set_WriteOutputOnExit[0..1],
+ DetectManifest set_DetectManifest[1..2],
+ IFEOSkipDebugger set_IFEOSkipDebugger[2..3],
+ IFEODoNotPropagateKeyState set_IFEODoNotPropagateKeyState[3..4],
+ SpareBits1 set_SpareBits1[4..8],
+ SpareBits2 set_SpareBits2[8..16],
+ ProhibitedImageCharacteristics set_ProhibitedImageCharacteristics[16..32],
+]}
+STRUCT!{struct PS_CREATE_INFO_u_SuccessState {
+ OutputFlags: ULONG,
+ FileHandle: HANDLE,
+ SectionHandle: HANDLE,
+ UserProcessParametersNative: ULONGLONG,
+ UserProcessParametersWow64: ULONG,
+ CurrentParameterFlags: ULONG,
+ PebAddressNative: ULONGLONG,
+ PebAddressWow64: ULONG,
+ ManifestAddress: ULONGLONG,
+ ManifestSize: ULONG,
+}}
+BITFIELD!{PS_CREATE_INFO_u_SuccessState OutputFlags: ULONG [
+ ProtectedProcess set_ProtectedProcess[0..1],
+ AddressSpaceOverride set_AddressSpaceOverride[1..2],
+ DevOverrideEnabled set_DevOverrideEnabled[2..3],
+ ManifestDetected set_ManifestDetected[3..4],
+ ProtectedProcessLight set_ProtectedProcessLight[4..5],
+ SpareBits1 set_SpareBits1[5..8],
+ SpareBits2 set_SpareBits2[8..16],
+ SpareBits3 set_SpareBits3[16..32],
+]}
+UNION!{union PS_CREATE_INFO_u {
+ InitState: PS_CREATE_INFO_u_InitState,
+ FileHandle: HANDLE,
+ DllCharacteristics: USHORT,
+ IFEOKey: HANDLE,
+ SuccessState: PS_CREATE_INFO_u_SuccessState,
+}}
+STRUCT!{struct PS_CREATE_INFO {
+ Size: SIZE_T,
+ State: PS_CREATE_STATE,
+ u: PS_CREATE_INFO_u,
+}}
+pub type PPS_CREATE_INFO = *mut PS_CREATE_INFO;
+pub const PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL: ULONG = 0x00000020;
+pub const PROCESS_CREATE_FLAGS_PROTECTED_PROCESS: ULONG = 0x00000040;
+pub const PROCESS_CREATE_FLAGS_CREATE_SESSION: ULONG = 0x00000080;
+pub const PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT: ULONG = 0x00000100;
+pub const PROCESS_CREATE_FLAGS_SUSPENDED: ULONG = 0x00000200;
+pub const PROCESS_CREATE_FLAGS_EXTENDED_UNKNOWN: ULONG = 0x00000400;
+EXTERN!{extern "system" {
+ fn NtCreateUserProcess(
+ ProcessHandle: PHANDLE,
+ ThreadHandle: PHANDLE,
+ ProcessDesiredAccess: ACCESS_MASK,
+ ThreadDesiredAccess: ACCESS_MASK,
+ ProcessObjectAttributes: POBJECT_ATTRIBUTES,
+ ThreadObjectAttributes: POBJECT_ATTRIBUTES,
+ ProcessFlags: ULONG,
+ ThreadFlags: ULONG,
+ ProcessParameters: PVOID,
+ CreateInfo: PPS_CREATE_INFO,
+ AttributeList: PPS_ATTRIBUTE_LIST,
+ ) -> NTSTATUS;
+}}
+pub const THREAD_CREATE_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001;
+pub const THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH: ULONG = 0x00000002;
+pub const THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER: ULONG = 0x00000004;
+pub const THREAD_CREATE_FLAGS_HAS_SECURITY_DESCRIPTOR: ULONG = 0x00000010;
+pub const THREAD_CREATE_FLAGS_ACCESS_CHECK_IN_TARGET: ULONG = 0x00000020;
+pub const THREAD_CREATE_FLAGS_INITIAL_THREAD: ULONG = 0x00000080;
+EXTERN!{extern "system" {
+ fn NtCreateThreadEx(
+ ThreadHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ProcessHandle: HANDLE,
+ StartRoutine: PVOID,
+ Argument: PVOID,
+ CreateFlags: ULONG,
+ ZeroBits: SIZE_T,
+ StackSize: SIZE_T,
+ MaximumStackSize: SIZE_T,
+ AttributeList: PPS_ATTRIBUTE_LIST,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION {
+ BasicInfo: JOBOBJECT_BASIC_ACCOUNTING_INFORMATION,
+ IoInfo: IO_COUNTERS,
+ DiskIoInfo: PROCESS_DISK_COUNTERS,
+ ContextSwitches: ULONG64,
+ TotalCycleTime: LARGE_INTEGER,
+ ReadyTime: ULONG64,
+ EnergyValues: PROCESS_ENERGY_VALUES,
+}}
+pub type PJOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION =
+ *mut JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION;
+STRUCT!{struct JOBOBJECT_WAKE_INFORMATION {
+ NotificationChannel: HANDLE,
+ WakeCounters: [ULONG64; 7],
+}}
+pub type PJOBOBJECT_WAKE_INFORMATION = *mut JOBOBJECT_WAKE_INFORMATION;
+STRUCT!{struct JOBOBJECT_WAKE_INFORMATION_V1 {
+ NotificationChannel: HANDLE,
+ WakeCounters: [ULONG64; 4],
+}}
+pub type PJOBOBJECT_WAKE_INFORMATION_V1 = *mut JOBOBJECT_WAKE_INFORMATION_V1;
+STRUCT!{struct JOBOBJECT_INTERFERENCE_INFORMATION {
+ Count: ULONG64,
+}}
+pub type PJOBOBJECT_INTERFERENCE_INFORMATION = *mut JOBOBJECT_INTERFERENCE_INFORMATION;
+STRUCT!{struct JOBOBJECT_WAKE_FILTER {
+ HighEdgeFilter: ULONG,
+ LowEdgeFilter: ULONG,
+}}
+pub type PJOBOBJECT_WAKE_FILTER = *mut JOBOBJECT_WAKE_FILTER;
+STRUCT!{struct JOBOBJECT_FREEZE_INFORMATION {
+ Flags: ULONG,
+ Freeze: BOOLEAN,
+ Swap: BOOLEAN,
+ Reserved0: [UCHAR; 2],
+ WakeFilter: JOBOBJECT_WAKE_FILTER,
+}}
+pub type PJOBOBJECT_FREEZE_INFORMATION = *mut JOBOBJECT_FREEZE_INFORMATION;
+BITFIELD!{JOBOBJECT_FREEZE_INFORMATION Flags: ULONG [
+ FreezeOperation set_FreezeOperation[0..1],
+ FilterOperation set_FilterOperation[1..2],
+ SwapOperation set_SwapOperation[2..3],
+ Reserved set_Reserved[3..32],
+]}
+STRUCT!{struct JOBOBJECT_MEMORY_USAGE_INFORMATION {
+ JobMemory: ULONG64,
+ PeakJobMemoryUsed: ULONG64,
+}}
+pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION = *mut JOBOBJECT_MEMORY_USAGE_INFORMATION;
+STRUCT!{struct JOBOBJECT_MEMORY_USAGE_INFORMATION_V2 {
+ BasicInfo: JOBOBJECT_MEMORY_USAGE_INFORMATION,
+ JobSharedMemory: ULONG64,
+ Reserved: [ULONG64; 2],
+}}
+pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION_V2 = *mut JOBOBJECT_MEMORY_USAGE_INFORMATION_V2;
+STRUCT!{struct SILO_USER_SHARED_DATA {
+ ServiceSessionId: ULONG64,
+ ActiveConsoleId: ULONG,
+ ConsoleSessionForegroundProcessId: LONGLONG,
+ NtProductType: NT_PRODUCT_TYPE,
+ SuiteMask: ULONG,
+ SharedUserSessionId: ULONG,
+ IsMultiSessionSku: BOOLEAN,
+ NtSystemRoot: [WCHAR; 260],
+ UserModeGlobalLogger: [USHORT; 16],
+}}
+pub type PSILO_USER_SHARED_DATA = *mut SILO_USER_SHARED_DATA;
+STRUCT!{struct SILOOBJECT_ROOT_DIRECTORY {
+ ControlFlags: ULONG,
+ Path: UNICODE_STRING,
+}}
+pub type PSILOOBJECT_ROOT_DIRECTORY = *mut SILOOBJECT_ROOT_DIRECTORY;
+STRUCT!{struct JOBOBJECT_ENERGY_TRACKING_STATE {
+ Value: ULONG64,
+ UpdateMask: ULONG,
+ DesiredState: ULONG,
+}}
+pub type PJOBOBJECT_ENERGY_TRACKING_STATE = *mut JOBOBJECT_ENERGY_TRACKING_STATE;
+EXTERN!{extern "system" {
+ fn NtCreateJobObject(
+ JobHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtOpenJobObject(
+ JobHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtAssignProcessToJobObject(
+ JobHandle: HANDLE,
+ ProcessHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtTerminateJobObject(
+ JobHandle: HANDLE,
+ ExitStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn NtIsProcessInJob(
+ ProcessHandle: HANDLE,
+ JobHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtQueryInformationJobObject(
+ JobHandle: HANDLE,
+ JobObjectInformationClass: JOBOBJECTINFOCLASS,
+ JobObjectInformation: PVOID,
+ JobObjectInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationJobObject(
+ JobHandle: HANDLE,
+ JobObjectInformationClass: JOBOBJECTINFOCLASS,
+ JobObjectInformation: PVOID,
+ JobObjectInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtCreateJobSet(
+ NumJob: ULONG,
+ UserJobSet: PJOB_SET_ARRAY,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtRevertContainerImpersonation() -> NTSTATUS;
+}}
+ENUM!{enum MEMORY_RESERVE_TYPE {
+ MemoryReserveUserApc = 0,
+ MemoryReserveIoCompletion = 1,
+ MemoryReserveTypeMax = 2,
+}}
+EXTERN!{extern "system" {
+ fn NtAllocateReserveObject(
+ MemoryReserveHandle: PHANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Type: MEMORY_RESERVE_TYPE,
+ ) -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/ntregapi.rs b/vendor/ntapi/src/ntregapi.rs
new file mode 100644
index 000000000..ccd79b2bf
--- /dev/null
+++ b/vendor/ntapi/src/ntregapi.rs
@@ -0,0 +1,450 @@
+use crate::ntioapi::{PIO_APC_ROUTINE, PIO_STATUS_BLOCK};
+use winapi::shared::ntdef::{
+ BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, OBJECT_ATTRIBUTES, PHANDLE, POBJECT_ATTRIBUTES,
+ PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, USHORT, WCHAR,
+};
+use winapi::um::winnt::ACCESS_MASK;
+pub const REG_INIT_BOOT_SM: USHORT = 0x0000;
+pub const REG_INIT_BOOT_SETUP: USHORT = 0x0001;
+pub const REG_INIT_BOOT_ACCEPTED_BASE: USHORT = 0x0002;
+pub const REG_INIT_BOOT_ACCEPTED_MAX: USHORT = REG_INIT_BOOT_ACCEPTED_BASE;
+pub const REG_MAX_KEY_VALUE_NAME_LENGTH: u32 = 32767;
+pub const REG_MAX_KEY_NAME_LENGTH: u32 = 512;
+ENUM!{enum KEY_INFORMATION_CLASS {
+ KeyBasicInformation = 0,
+ KeyNodeInformation = 1,
+ KeyFullInformation = 2,
+ KeyNameInformation = 3,
+ KeyCachedInformation = 4,
+ KeyFlagsInformation = 5,
+ KeyVirtualizationInformation = 6,
+ KeyHandleTagsInformation = 7,
+ KeyTrustInformation = 8,
+ KeyLayerInformation = 9,
+ MaxKeyInfoClass = 10,
+}}
+STRUCT!{struct KEY_BASIC_INFORMATION {
+ LastWriteTime: LARGE_INTEGER,
+ TitleIndex: ULONG,
+ NameLength: ULONG,
+ Name: [WCHAR; 1],
+}}
+pub type PKEY_BASIC_INFORMATION = *mut KEY_BASIC_INFORMATION;
+STRUCT!{struct KEY_NODE_INFORMATION {
+ LastWriteTime: LARGE_INTEGER,
+ TitleIndex: ULONG,
+ ClassOffset: ULONG,
+ ClassLength: ULONG,
+ NameLength: ULONG,
+ Name: [WCHAR; 1],
+}}
+pub type PKEY_NODE_INFORMATION = *mut KEY_NODE_INFORMATION;
+STRUCT!{struct KEY_FULL_INFORMATION {
+ LastWriteTime: LARGE_INTEGER,
+ TitleIndex: ULONG,
+ ClassOffset: ULONG,
+ ClassLength: ULONG,
+ SubKeys: ULONG,
+ MaxNameLen: ULONG,
+ MaxClassLen: ULONG,
+ Values: ULONG,
+ MaxValueNameLen: ULONG,
+ MaxValueDataLen: ULONG,
+ Class: [WCHAR; 1],
+}}
+pub type PKEY_FULL_INFORMATION = *mut KEY_FULL_INFORMATION;
+STRUCT!{struct KEY_NAME_INFORMATION {
+ NameLength: ULONG,
+ Name: [WCHAR; 1],
+}}
+pub type PKEY_NAME_INFORMATION = *mut KEY_NAME_INFORMATION;
+STRUCT!{struct KEY_CACHED_INFORMATION {
+ LastWriteTime: LARGE_INTEGER,
+ TitleIndex: ULONG,
+ SubKeys: ULONG,
+ MaxNameLen: ULONG,
+ Values: ULONG,
+ MaxValueNameLen: ULONG,
+ MaxValueDataLen: ULONG,
+ NameLength: ULONG,
+ Name: [WCHAR; 1],
+}}
+pub type PKEY_CACHED_INFORMATION = *mut KEY_CACHED_INFORMATION;
+STRUCT!{struct KEY_FLAGS_INFORMATION {
+ UserFlags: ULONG,
+}}
+pub type PKEY_FLAGS_INFORMATION = *mut KEY_FLAGS_INFORMATION;
+STRUCT!{struct KEY_VIRTUALIZATION_INFORMATION {
+ Bitfields: ULONG,
+}}
+BITFIELD!{KEY_VIRTUALIZATION_INFORMATION Bitfields: ULONG [
+ VirtualizationCandidate set_VirtualizationCandidate[0..1],
+ VirtualizationEnabled set_VirtualizationEnabled[1..2],
+ VirtualTarget set_VirtualTarget[2..3],
+ VirtualStore set_VirtualStore[3..4],
+ VirtualSource set_VirtualSource[4..5],
+ Reserved set_Reserved[5..32],
+]}
+pub type PKEY_VIRTUALIZATION_INFORMATION = *mut KEY_VIRTUALIZATION_INFORMATION;
+STRUCT!{struct KEY_TRUST_INFORMATION {
+ Bitfields: ULONG,
+}}
+BITFIELD!{KEY_TRUST_INFORMATION Bitfields: ULONG [
+ TrustedKey set_TrustedKey[0..1],
+ Reserved set_Reserved[1..32],
+]}
+pub type PKEY_TRUST_INFORMATION = *mut KEY_TRUST_INFORMATION;
+STRUCT!{struct KEY_LAYER_INFORMATION {
+ IsTombstone: ULONG,
+ IsSupersedeLocal: ULONG,
+ IsSupersedeTree: ULONG,
+ ClassIsInherited: ULONG,
+ Reserved: ULONG,
+}}
+pub type PKEY_LAYER_INFORMATION = *mut KEY_LAYER_INFORMATION;
+ENUM!{enum KEY_SET_INFORMATION_CLASS {
+ KeyWriteTimeInformation = 0,
+ KeyWow64FlagsInformation = 1,
+ KeyControlFlagsInformation = 2,
+ KeySetVirtualizationInformation = 3,
+ KeySetDebugInformation = 4,
+ KeySetHandleTagsInformation = 5,
+ KeySetLayerInformation = 6,
+ MaxKeySetInfoClass = 7,
+}}
+STRUCT!{struct KEY_WRITE_TIME_INFORMATION {
+ LastWriteTime: LARGE_INTEGER,
+}}
+pub type PKEY_WRITE_TIME_INFORMATION = *mut KEY_WRITE_TIME_INFORMATION;
+STRUCT!{struct KEY_WOW64_FLAGS_INFORMATION {
+ UserFlags: ULONG,
+}}
+pub type PKEY_WOW64_FLAGS_INFORMATION = *mut KEY_WOW64_FLAGS_INFORMATION;
+STRUCT!{struct KEY_HANDLE_TAGS_INFORMATION {
+ HandleTags: ULONG,
+}}
+pub type PKEY_HANDLE_TAGS_INFORMATION = *mut KEY_HANDLE_TAGS_INFORMATION;
+STRUCT!{struct KEY_SET_LAYER_INFORMATION {
+ Bitfields: ULONG,
+}}
+BITFIELD!{KEY_SET_LAYER_INFORMATION Bitfields: ULONG [
+ IsTombstone set_IsTombstone[0..1],
+ IsSupersedeLocal set_IsSupersedeLocal[1..2],
+ IsSupersedeTree set_IsSupersedeTree[2..3],
+ ClassIsInherited set_ClassIsInherited[3..4],
+ Reserved set_Reserved[4..32],
+]}
+pub type PKEY_SET_LAYER_INFORMATION = *mut KEY_SET_LAYER_INFORMATION;
+STRUCT!{struct KEY_CONTROL_FLAGS_INFORMATION {
+ ControlFlags: ULONG,
+}}
+pub type PKEY_CONTROL_FLAGS_INFORMATION = *mut KEY_CONTROL_FLAGS_INFORMATION;
+STRUCT!{struct KEY_SET_VIRTUALIZATION_INFORMATION {
+ HandleTags: ULONG,
+}}
+BITFIELD!{KEY_SET_VIRTUALIZATION_INFORMATION HandleTags: ULONG [
+ VirtualTarget set_VirtualTarget[0..1],
+ VirtualStore set_VirtualStore[1..2],
+ VirtualSource set_VirtualSource[2..3],
+ Reserved set_Reserved[3..32],
+]}
+pub type PKEY_SET_VIRTUALIZATION_INFORMATION = *mut KEY_SET_VIRTUALIZATION_INFORMATION;
+ENUM!{enum KEY_VALUE_INFORMATION_CLASS {
+ KeyValueBasicInformation = 0,
+ KeyValueFullInformation = 1,
+ KeyValuePartialInformation = 2,
+ KeyValueFullInformationAlign64 = 3,
+ KeyValuePartialInformationAlign64 = 4,
+ KeyValueLayerInformation = 5,
+ MaxKeyValueInfoClass = 6,
+}}
+STRUCT!{struct KEY_VALUE_BASIC_INFORMATION {
+ TitleIndex: ULONG,
+ Type: ULONG,
+ NameLength: ULONG,
+ Name: [WCHAR; 1],
+}}
+pub type PKEY_VALUE_BASIC_INFORMATION = *mut KEY_VALUE_BASIC_INFORMATION;
+STRUCT!{struct KEY_VALUE_FULL_INFORMATION {
+ TitleIndex: ULONG,
+ Type: ULONG,
+ DataOffset: ULONG,
+ DataLength: ULONG,
+ NameLength: ULONG,
+ Name: [WCHAR; 1],
+}}
+pub type PKEY_VALUE_FULL_INFORMATION = *mut KEY_VALUE_FULL_INFORMATION;
+STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION {
+ TitleIndex: ULONG,
+ Type: ULONG,
+ DataLength: ULONG,
+ Data: [UCHAR; 1],
+}}
+pub type PKEY_VALUE_PARTIAL_INFORMATION = *mut KEY_VALUE_PARTIAL_INFORMATION;
+STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 {
+ Type: ULONG,
+ DataLength: ULONG,
+ Data: [UCHAR; 1],
+}}
+pub type PKEY_VALUE_PARTIAL_INFORMATION_ALIGN64 = *mut KEY_VALUE_PARTIAL_INFORMATION_ALIGN64;
+STRUCT!{struct KEY_VALUE_LAYER_INFORMATION {
+ IsTombstone: ULONG,
+ Reserved: ULONG,
+}}
+pub type PKEY_VALUE_LAYER_INFORMATION = *mut KEY_VALUE_LAYER_INFORMATION;
+STRUCT!{struct KEY_VALUE_ENTRY {
+ ValueName: PUNICODE_STRING,
+ DataLength: ULONG,
+ DataOffset: ULONG,
+ Type: ULONG,
+}}
+pub type PKEY_VALUE_ENTRY = *mut KEY_VALUE_ENTRY;
+ENUM!{enum REG_ACTION {
+ KeyAdded = 0,
+ KeyRemoved = 1,
+ KeyModified = 2,
+}}
+STRUCT!{struct REG_NOTIFY_INFORMATION {
+ NextEntryOffset: ULONG,
+ Action: REG_ACTION,
+ KeyLength: ULONG,
+ Key: [WCHAR; 1],
+}}
+pub type PREG_NOTIFY_INFORMATION = *mut REG_NOTIFY_INFORMATION;
+STRUCT!{struct KEY_PID_ARRAY {
+ PID: HANDLE,
+ KeyName: UNICODE_STRING,
+}}
+pub type PKEY_PID_ARRAY = *mut KEY_PID_ARRAY;
+STRUCT!{struct KEY_OPEN_SUBKEYS_INFORMATION {
+ Count: ULONG,
+ KeyArray: [KEY_PID_ARRAY; 1],
+}}
+pub type PKEY_OPEN_SUBKEYS_INFORMATION = *mut KEY_OPEN_SUBKEYS_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtCreateKey(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TitleIndex: ULONG,
+ Class: PUNICODE_STRING,
+ CreateOptions: ULONG,
+ Disposition: PULONG,
+ ) -> NTSTATUS;
+ fn NtCreateKeyTransacted(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TitleIndex: ULONG,
+ Class: PUNICODE_STRING,
+ CreateOptions: ULONG,
+ TransactionHandle: HANDLE,
+ Disposition: PULONG,
+ ) -> NTSTATUS;
+ fn NtOpenKey(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtOpenKeyTransacted(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TransactionHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtOpenKeyEx(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ OpenOptions: ULONG,
+ ) -> NTSTATUS;
+ fn NtOpenKeyTransactedEx(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ OpenOptions: ULONG,
+ TransactionHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtDeleteKey(
+ KeyHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtRenameKey(
+ KeyHandle: HANDLE,
+ NewName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn NtDeleteValueKey(
+ KeyHandle: HANDLE,
+ ValueName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn NtQueryKey(
+ KeyHandle: HANDLE,
+ KeyInformationClass: KEY_INFORMATION_CLASS,
+ KeyInformation: PVOID,
+ Length: ULONG,
+ ResultLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationKey(
+ KeyHandle: HANDLE,
+ KeySetInformationClass: KEY_SET_INFORMATION_CLASS,
+ KeySetInformation: PVOID,
+ KeySetInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtQueryValueKey(
+ KeyHandle: HANDLE,
+ ValueName: PUNICODE_STRING,
+ KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
+ KeyValueInformation: PVOID,
+ Length: ULONG,
+ ResultLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetValueKey(
+ KeyHandle: HANDLE,
+ ValueName: PUNICODE_STRING,
+ TitleIndex: ULONG,
+ Type: ULONG,
+ Data: PVOID,
+ DataSize: ULONG,
+ ) -> NTSTATUS;
+ fn NtQueryMultipleValueKey(
+ KeyHandle: HANDLE,
+ ValueEntries: PKEY_VALUE_ENTRY,
+ EntryCount: ULONG,
+ ValueBuffer: PVOID,
+ BufferLength: PULONG,
+ RequiredBufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtEnumerateKey(
+ KeyHandle: HANDLE,
+ Index: ULONG,
+ KeyInformationClass: KEY_INFORMATION_CLASS,
+ KeyInformation: PVOID,
+ Length: ULONG,
+ ResultLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtEnumerateValueKey(
+ KeyHandle: HANDLE,
+ Index: ULONG,
+ KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
+ KeyValueInformation: PVOID,
+ Length: ULONG,
+ ResultLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtFlushKey(
+ KeyHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtCompactKeys(
+ Count: ULONG,
+ KeyArray: *mut HANDLE,
+ ) -> NTSTATUS;
+ fn NtCompressKey(
+ Key: HANDLE,
+ ) -> NTSTATUS;
+ fn NtLoadKey(
+ TargetKey: POBJECT_ATTRIBUTES,
+ SourceFile: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtLoadKey2(
+ TargetKey: POBJECT_ATTRIBUTES,
+ SourceFile: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtLoadKeyEx(
+ TargetKey: POBJECT_ATTRIBUTES,
+ SourceFile: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ TrustClassKey: HANDLE,
+ Event: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ RootHandle: PHANDLE,
+ IoStatus: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn NtReplaceKey(
+ NewFile: POBJECT_ATTRIBUTES,
+ TargetHandle: HANDLE,
+ OldFile: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtSaveKey(
+ KeyHandle: HANDLE,
+ FileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtSaveKeyEx(
+ KeyHandle: HANDLE,
+ FileHandle: HANDLE,
+ Format: ULONG,
+ ) -> NTSTATUS;
+ fn NtSaveMergedKeys(
+ HighPrecedenceKeyHandle: HANDLE,
+ LowPrecedenceKeyHandle: HANDLE,
+ FileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtRestoreKey(
+ KeyHandle: HANDLE,
+ FileHandle: HANDLE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtUnloadKey(
+ TargetKey: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+}}
+pub const REG_FORCE_UNLOAD: ULONG = 1;
+pub const REG_UNLOAD_LEGAL_FLAGS: ULONG = REG_FORCE_UNLOAD;
+EXTERN!{extern "system" {
+ fn NtUnloadKey2(
+ TargetKey: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtUnloadKeyEx(
+ TargetKey: POBJECT_ATTRIBUTES,
+ Event: HANDLE,
+ ) -> NTSTATUS;
+ fn NtNotifyChangeKey(
+ KeyHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ CompletionFilter: ULONG,
+ WatchTree: BOOLEAN,
+ Buffer: PVOID,
+ BufferSize: ULONG,
+ Asynchronous: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtNotifyChangeMultipleKeys(
+ MasterKeyHandle: HANDLE,
+ Count: ULONG,
+ SubordinateObjects: *mut OBJECT_ATTRIBUTES,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ CompletionFilter: ULONG,
+ WatchTree: BOOLEAN,
+ Buffer: PVOID,
+ BufferSize: ULONG,
+ Asynchronous: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtQueryOpenSubKeys(
+ TargetKey: POBJECT_ATTRIBUTES,
+ HandleCount: PULONG,
+ ) -> NTSTATUS;
+ fn NtQueryOpenSubKeysEx(
+ TargetKey: POBJECT_ATTRIBUTES,
+ BufferLength: ULONG,
+ Buffer: PVOID,
+ RequiredSize: PULONG,
+ ) -> NTSTATUS;
+ fn NtInitializeRegistry(
+ BootCondition: USHORT,
+ ) -> NTSTATUS;
+ fn NtLockRegistryKey(
+ KeyHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtLockProductActivationKeys(
+ pPrivateVer: *mut ULONG,
+ pSafeMode: *mut ULONG,
+ ) -> NTSTATUS;
+ fn NtFreezeRegistry(
+ TimeOutInSeconds: ULONG,
+ ) -> NTSTATUS;
+ fn NtThawRegistry() -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/ntrtl.rs b/vendor/ntapi/src/ntrtl.rs
new file mode 100644
index 000000000..9dfa19f7c
--- /dev/null
+++ b/vendor/ntapi/src/ntrtl.rs
@@ -0,0 +1,4378 @@
+use core::ptr::null_mut;
+use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID};
+use crate::ntexapi::{RTL_PROCESS_BACKTRACES, RTL_PROCESS_LOCKS};
+use crate::ntioapi::FILE_INFORMATION_CLASS;
+use crate::ntldr::{RTL_PROCESS_MODULES, RTL_PROCESS_MODULE_INFORMATION_EX};
+use crate::ntmmapi::SECTION_IMAGE_INFORMATION;
+use crate::ntnls::{PCPTABLEINFO, PNLSTABLEINFO};
+use crate::ntpebteb::{PPEB, PTEB_ACTIVE_FRAME};
+use crate::ntpsapi::{PINITIAL_TEB, PPS_APC_ROUTINE, PS_PROTECTION};
+use crate::ntapi_base::{PRTL_ATOM, RTL_ATOM};
+use crate::string::UTF16Const;
+use winapi::ctypes::c_void;
+use winapi::shared::basetsd::{PULONG64, ULONG32, ULONG64, PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR};
+use winapi::shared::guiddef::GUID;
+use winapi::shared::in6addr::in6_addr;
+use winapi::shared::inaddr::in_addr;
+use winapi::shared::minwindef::{BOOL, DWORD, PBOOL};
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+use winapi::shared::ntdef::{LARGE_INTEGER, RTL_BALANCED_NODE};
+use winapi::shared::ntdef::{
+ BOOLEAN, CCHAR, CHAR, CLONG, CSHORT, HANDLE, LCID, LIST_ENTRY, LOGICAL, LONG, LUID, NTSTATUS,
+ PANSI_STRING, PBOOLEAN, PCANSI_STRING, PCCH, PCH, PCHAR, PCOEM_STRING, PCSZ, PCUNICODE_STRING,
+ PCWCH, PCWSTR, PHANDLE, PLARGE_INTEGER, PLCID, PLIST_ENTRY, PLONG, PLUID, PNT_PRODUCT_TYPE,
+ POEM_STRING, PPROCESSOR_NUMBER, PRTL_BALANCED_NODE, PSINGLE_LIST_ENTRY, PSTR, PSTRING, PUCHAR,
+ PULONG, PULONGLONG, PUNICODE_STRING, PUSHORT, PVOID, PWCH, PWCHAR, PWSTR, SINGLE_LIST_ENTRY,
+ STRING, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR,
+};
+use winapi::um::minwinbase::PTHREAD_START_ROUTINE;
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+use winapi::um::winnt::{PGET_RUNTIME_FUNCTION_CALLBACK, PRUNTIME_FUNCTION, PWOW64_CONTEXT};
+use winapi::um::winnt::{
+ ACCESS_MASK, ACL_INFORMATION_CLASS, APC_CALLBACK_FUNCTION, HEAP_INFORMATION_CLASS,
+ HEAP_REALLOC_IN_PLACE_ONLY, HEAP_ZERO_MEMORY, OS_DEPLOYEMENT_STATE_VALUES, PACCESS_MASK, PACL,
+ PCONTEXT, PEXCEPTION_POINTERS, PEXCEPTION_RECORD, PFLS_CALLBACK_FUNCTION, PGENERIC_MAPPING,
+ PIMAGE_NT_HEADERS, PIMAGE_SECTION_HEADER, PLUID_AND_ATTRIBUTES, PMESSAGE_RESOURCE_ENTRY,
+ PPERFORMANCE_DATA, PRTL_BARRIER, PRTL_CONDITION_VARIABLE, PRTL_CRITICAL_SECTION,
+ PRTL_OSVERSIONINFOEXW, PRTL_OSVERSIONINFOW, PRTL_RESOURCE_DEBUG, PRTL_SRWLOCK,
+ PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR_CONTROL, PSID, PSID_AND_ATTRIBUTES,
+ PSID_AND_ATTRIBUTES_HASH, PSID_IDENTIFIER_AUTHORITY, PVECTORED_EXCEPTION_HANDLER,
+ PXSAVE_AREA_HEADER, RTL_CRITICAL_SECTION, RTL_SRWLOCK, SECURITY_DESCRIPTOR_CONTROL,
+ SECURITY_IMPERSONATION_LEVEL, SECURITY_INFORMATION, WAITORTIMERCALLBACKFUNC,
+ WORKERCALLBACKFUNC,
+};
+use winapi::vc::vadefs::va_list;
+#[inline]
+pub fn InitializeListHead(ListHead: &mut LIST_ENTRY) {
+ ListHead.Flink = ListHead;
+ ListHead.Blink = ListHead;
+}
+#[inline]
+pub fn IsListEmpty(ListHead: &LIST_ENTRY) -> bool {
+ ListHead.Flink as *const _ == ListHead as *const _
+}
+#[inline]
+pub unsafe fn RemoveEntryList(Entry: &mut LIST_ENTRY) -> bool {
+ let (Blink, Flink) = (Entry.Blink, Entry.Flink);
+ (*Blink).Flink = Flink;
+ (*Flink).Blink = Blink;
+ Flink == Blink
+}
+#[inline]
+pub unsafe fn RemoveHeadList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY {
+ let Entry = ListHead.Flink;
+ let Flink = (*Entry).Flink;
+ ListHead.Flink = Flink;
+ (*Flink).Blink = ListHead;
+ Entry
+}
+#[inline]
+pub unsafe fn RemoveTailList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY {
+ let Entry = ListHead.Blink;
+ let Blink = (*Entry).Blink;
+ ListHead.Blink = Blink;
+ (*Blink).Flink = ListHead;
+ Entry
+}
+#[inline]
+pub unsafe fn InsertTailList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) {
+ let Blink = ListHead.Blink;
+ Entry.Flink = ListHead;
+ Entry.Blink = Blink;
+ (*Blink).Flink = Entry;
+ ListHead.Blink = Entry;
+}
+#[inline]
+pub unsafe fn InsertHeadList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) {
+ let Flink = ListHead.Flink;
+ Entry.Flink = Flink;
+ Entry.Blink = ListHead;
+ (*Flink).Blink = Entry;
+ ListHead.Flink = Entry;
+}
+#[inline]
+pub unsafe fn AppendTailList(ListHead: &mut LIST_ENTRY, ListToAppend: &mut LIST_ENTRY) {
+ let ListEnd = ListHead.Blink;
+ (*ListHead.Blink).Flink = ListToAppend;
+ ListHead.Blink = ListToAppend.Blink;
+ (*ListToAppend.Blink).Flink = ListHead;
+ ListToAppend.Blink = ListEnd;
+}
+#[inline]
+pub unsafe fn PopEntryList(ListHead: &mut SINGLE_LIST_ENTRY) -> PSINGLE_LIST_ENTRY {
+ let FirstEntry = ListHead.Next;
+ if !FirstEntry.is_null() {
+ ListHead.Next = (*FirstEntry).Next;
+ }
+ FirstEntry
+}
+#[inline]
+pub fn PushEntryList(ListHead: &mut SINGLE_LIST_ENTRY, Entry: &mut SINGLE_LIST_ENTRY) {
+ Entry.Next = ListHead.Next;
+ ListHead.Next = Entry;
+}
+ENUM!{enum TABLE_SEARCH_RESULT {
+ TableEmptyTree = 0,
+ TableFoundNode = 1,
+ TableInsertAsLeft = 2,
+ TableInsertAsRight = 3,
+}}
+ENUM!{enum RTL_GENERIC_COMPARE_RESULTS {
+ GenericLessThan = 0,
+ GenericGreaterThan = 1,
+ GenericEqual = 2,
+}}
+FN!{stdcall PRTL_AVL_COMPARE_ROUTINE(
+ Table: *mut RTL_AVL_TABLE,
+ FirstStruct: PVOID,
+ SecondStruct: PVOID,
+) -> RTL_GENERIC_COMPARE_RESULTS}
+FN!{stdcall PRTL_AVL_ALLOCATE_ROUTINE(
+ Table: *mut RTL_AVL_TABLE,
+ ByteSize: CLONG,
+) -> PVOID}
+FN!{stdcall PRTL_AVL_FREE_ROUTINE(
+ Table: *mut RTL_AVL_TABLE,
+ Buffer: PVOID,
+) -> ()}
+FN!{stdcall PRTL_AVL_MATCH_FUNCTION(
+ Table: *mut RTL_AVL_TABLE,
+ UserData: PVOID,
+ MatchData: PVOID,
+) -> NTSTATUS}
+STRUCT!{struct RTL_BALANCED_LINKS {
+ Parent: *mut RTL_BALANCED_LINKS,
+ LeftChild: *mut RTL_BALANCED_LINKS,
+ RightChild: *mut RTL_BALANCED_LINKS,
+ Balance: CHAR,
+ Reserved: [UCHAR; 3],
+}}
+pub type PRTL_BALANCED_LINKS = *mut RTL_BALANCED_LINKS;
+STRUCT!{struct RTL_AVL_TABLE {
+ BalancedRoot: RTL_BALANCED_LINKS,
+ OrderedPointer: PVOID,
+ WhichOrderedElement: ULONG,
+ NumberGenericTableElements: ULONG,
+ DepthOfTree: ULONG,
+ RestartKey: PRTL_BALANCED_LINKS,
+ DeleteCount: ULONG,
+ CompareRoutine: PRTL_AVL_COMPARE_ROUTINE,
+ AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE,
+ FreeRoutine: PRTL_AVL_FREE_ROUTINE,
+ TableContext: PVOID,
+}}
+pub type PRTL_AVL_TABLE = *mut RTL_AVL_TABLE;
+EXTERN!{extern "system" {
+ fn RtlInitializeGenericTableAvl(
+ Table: PRTL_AVL_TABLE,
+ CompareRoutine: PRTL_AVL_COMPARE_ROUTINE,
+ AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE,
+ FreeRoutine: PRTL_AVL_FREE_ROUTINE,
+ TableContext: PVOID,
+ );
+ fn RtlInsertElementGenericTableAvl(
+ Table: PRTL_AVL_TABLE,
+ Buffer: PVOID,
+ BufferSize: CLONG,
+ NewElement: PBOOLEAN,
+ ) -> PVOID;
+ fn RtlInsertElementGenericTableFullAvl(
+ Table: PRTL_AVL_TABLE,
+ Buffer: PVOID,
+ BufferSize: CLONG,
+ NewElement: PBOOLEAN,
+ NodeOrParent: PVOID,
+ SearchResult: TABLE_SEARCH_RESULT,
+ ) -> PVOID;
+ fn RtlDeleteElementGenericTableAvl(
+ Table: PRTL_AVL_TABLE,
+ Buffer: PVOID,
+ ) -> BOOLEAN;
+ fn RtlLookupElementGenericTableAvl(
+ Table: PRTL_AVL_TABLE,
+ Buffer: PVOID,
+ ) -> PVOID;
+ fn RtlLookupElementGenericTableFullAvl(
+ Table: PRTL_AVL_TABLE,
+ Buffer: PVOID,
+ NodeOrParent: *mut PVOID,
+ SearchResult: *mut TABLE_SEARCH_RESULT,
+ ) -> PVOID;
+ fn RtlEnumerateGenericTableAvl(
+ Table: PRTL_AVL_TABLE,
+ Restart: BOOLEAN,
+ ) -> PVOID;
+ fn RtlEnumerateGenericTableWithoutSplayingAvl(
+ Table: PRTL_AVL_TABLE,
+ RestartKey: *mut PVOID,
+ ) -> PVOID;
+ fn RtlLookupFirstMatchingElementGenericTableAvl(
+ Table: PRTL_AVL_TABLE,
+ Buffer: PVOID,
+ RestartKey: *mut PVOID,
+ ) -> PVOID;
+ fn RtlEnumerateGenericTableLikeADirectory(
+ Table: PRTL_AVL_TABLE,
+ MatchFunction: PRTL_AVL_MATCH_FUNCTION,
+ MatchData: PVOID,
+ NextFlag: ULONG,
+ RestartKey: *mut PVOID,
+ DeleteCount: PULONG,
+ Buffer: PVOID,
+ ) -> PVOID;
+ fn RtlGetElementGenericTableAvl(
+ Table: PRTL_AVL_TABLE,
+ I: ULONG,
+ ) -> PVOID;
+ fn RtlNumberGenericTableElementsAvl(
+ Table: PRTL_AVL_TABLE,
+ ) -> ULONG;
+ fn RtlIsGenericTableEmptyAvl(
+ Table: PRTL_AVL_TABLE,
+ ) -> BOOLEAN;
+}}
+STRUCT!{struct RTL_SPLAY_LINKS {
+ Parent: *mut RTL_SPLAY_LINKS,
+ LeftChild: *mut RTL_SPLAY_LINKS,
+ RightChild: *mut RTL_SPLAY_LINKS,
+}}
+pub type PRTL_SPLAY_LINKS = *mut RTL_SPLAY_LINKS;
+#[inline]
+pub fn RtlInitializeSplayLinks(Links: &mut RTL_SPLAY_LINKS) {
+ Links.Parent = Links;
+ Links.LeftChild = null_mut();
+ Links.RightChild = null_mut();
+}
+#[inline]
+pub const fn RtlParent(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS {
+ Links.Parent
+}
+#[inline]
+pub const fn RtlLeftChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS {
+ Links.LeftChild
+}
+#[inline]
+pub const fn RtlRightChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS {
+ Links.RightChild
+}
+#[inline]
+pub unsafe fn RtlIsRoot(Links: *const RTL_SPLAY_LINKS) -> bool {
+ (*Links).Parent as *const _ == Links
+}
+#[inline]
+pub unsafe fn RtlIsLeftChild(Links: *const RTL_SPLAY_LINKS) -> bool {
+ RtlLeftChild(&*RtlParent(&*Links)) as *const _ == Links
+}
+#[inline]
+pub unsafe fn RtlIsRightChild(Links: *const RTL_SPLAY_LINKS) -> bool {
+ RtlRightChild(&*RtlParent(&*Links)) as *const _ == Links
+}
+#[inline]
+pub fn RtlInsertAsLeftChild(
+ ParentLinks: &mut RTL_SPLAY_LINKS,
+ ChildLinks: &mut RTL_SPLAY_LINKS,
+) {
+ ParentLinks.LeftChild = ChildLinks;
+ ChildLinks.Parent = ParentLinks;
+}
+#[inline]
+pub fn RtlInsertAsRightChild(
+ ParentLinks: &mut RTL_SPLAY_LINKS,
+ ChildLinks: &mut RTL_SPLAY_LINKS,
+) {
+ ParentLinks.RightChild = ChildLinks;
+ ChildLinks.Parent = ParentLinks;
+}
+EXTERN!{extern "system" {
+ fn RtlSplay(
+ Links: PRTL_SPLAY_LINKS,
+ ) -> PRTL_SPLAY_LINKS;
+ fn RtlDelete(
+ Links: PRTL_SPLAY_LINKS,
+ ) -> PRTL_SPLAY_LINKS;
+ fn RtlDeleteNoSplay(
+ Links: PRTL_SPLAY_LINKS,
+ Root: *mut PRTL_SPLAY_LINKS,
+ );
+ fn RtlSubtreeSuccessor(
+ Links: PRTL_SPLAY_LINKS,
+ ) -> PRTL_SPLAY_LINKS;
+ fn RtlSubtreePredecessor(
+ Links: PRTL_SPLAY_LINKS,
+ ) -> PRTL_SPLAY_LINKS;
+ fn RtlRealSuccessor(
+ Links: PRTL_SPLAY_LINKS,
+ ) -> PRTL_SPLAY_LINKS;
+ fn RtlRealPredecessor(
+ Links: PRTL_SPLAY_LINKS,
+ ) -> PRTL_SPLAY_LINKS;
+}}
+FN!{stdcall PRTL_GENERIC_COMPARE_ROUTINE(
+ Table: *mut RTL_GENERIC_TABLE,
+ FirstStruct: PVOID,
+ SecondStruct: PVOID,
+) -> RTL_GENERIC_COMPARE_RESULTS}
+FN!{stdcall PRTL_GENERIC_ALLOCATE_ROUTINE(
+ Table: *mut RTL_GENERIC_TABLE,
+ ByteSize: CLONG,
+) -> PVOID}
+FN!{stdcall PRTL_GENERIC_FREE_ROUTINE(
+ Table: *mut RTL_GENERIC_TABLE,
+ Buffer: PVOID,
+) -> ()}
+STRUCT!{struct RTL_GENERIC_TABLE {
+ TableRoot: PRTL_SPLAY_LINKS,
+ InsertOrderList: LIST_ENTRY,
+ OrderedPointer: PLIST_ENTRY,
+ WhichOrderedElement: ULONG,
+ NumberGenericTableElements: ULONG,
+ CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE,
+ AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE,
+ FreeRoutine: PRTL_GENERIC_FREE_ROUTINE,
+ TableContext: PVOID,
+}}
+pub type PRTL_GENERIC_TABLE = *mut RTL_GENERIC_TABLE;
+EXTERN!{extern "system" {
+ fn RtlInitializeGenericTable(
+ Table: PRTL_GENERIC_TABLE,
+ CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE,
+ AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE,
+ FreeRoutine: PRTL_GENERIC_FREE_ROUTINE,
+ TableContext: PVOID,
+ );
+ fn RtlInsertElementGenericTable(
+ Table: PRTL_GENERIC_TABLE,
+ Buffer: PVOID,
+ BufferSize: CLONG,
+ NewElement: PBOOLEAN,
+ ) -> PVOID;
+ fn RtlInsertElementGenericTableFull(
+ Table: PRTL_GENERIC_TABLE,
+ Buffer: PVOID,
+ BufferSize: CLONG,
+ NewElement: PBOOLEAN,
+ NodeOrParent: PVOID,
+ SearchResult: TABLE_SEARCH_RESULT,
+ ) -> PVOID;
+ fn RtlDeleteElementGenericTable(
+ Table: PRTL_GENERIC_TABLE,
+ Buffer: PVOID,
+ ) -> BOOLEAN;
+ fn RtlLookupElementGenericTable(
+ Table: PRTL_GENERIC_TABLE,
+ Buffer: PVOID,
+ ) -> PVOID;
+ fn RtlLookupElementGenericTableFull(
+ Table: PRTL_GENERIC_TABLE,
+ Buffer: PVOID,
+ NodeOrParent: *mut PVOID,
+ SearchResult: *mut TABLE_SEARCH_RESULT,
+ ) -> PVOID;
+ fn RtlEnumerateGenericTable(
+ Table: PRTL_GENERIC_TABLE,
+ Restart: BOOLEAN,
+ ) -> PVOID;
+ fn RtlEnumerateGenericTableWithoutSplaying(
+ Table: PRTL_GENERIC_TABLE,
+ RestartKey: *mut PVOID,
+ ) -> PVOID;
+ fn RtlGetElementGenericTable(
+ Table: PRTL_GENERIC_TABLE,
+ I: ULONG,
+ ) -> PVOID;
+ fn RtlNumberGenericTableElements(
+ Table: PRTL_GENERIC_TABLE,
+ ) -> ULONG;
+ fn RtlIsGenericTableEmpty(
+ Table: PRTL_GENERIC_TABLE,
+ ) -> BOOLEAN;
+}}
+STRUCT!{struct RTL_RB_TREE {
+ Root: PRTL_BALANCED_NODE,
+ Min: PRTL_BALANCED_NODE,
+}}
+pub type PRTL_RB_TREE = *mut RTL_RB_TREE;
+EXTERN!{extern "system" {
+ fn RtlRbInsertNodeEx(
+ Tree: PRTL_RB_TREE,
+ Parent: PRTL_BALANCED_NODE,
+ Right: BOOLEAN,
+ Node: PRTL_BALANCED_NODE,
+ );
+ fn RtlRbRemoveNode(
+ Tree: PRTL_RB_TREE,
+ Node: PRTL_BALANCED_NODE,
+ );
+}}
+pub const RTL_HASH_ALLOCATED_HEADER: u32 = 0x00000001;
+pub const RTL_HASH_RESERVED_SIGNATURE: u32 = 0;
+STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENTRY {
+ Linkage: LIST_ENTRY,
+ Signature: ULONG_PTR,
+}}
+pub type PRTL_DYNAMIC_HASH_TABLE_ENTRY = *mut RTL_DYNAMIC_HASH_TABLE_ENTRY;
+#[inline]
+pub const fn HASH_ENTRY_KEY(x: &RTL_DYNAMIC_HASH_TABLE_ENTRY) -> ULONG_PTR {
+ x.Signature
+}
+STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_CONTEXT {
+ ChainHead: PLIST_ENTRY,
+ PrevLinkage: PLIST_ENTRY,
+ Signature: ULONG_PTR,
+}}
+pub type PRTL_DYNAMIC_HASH_TABLE_CONTEXT = *mut RTL_DYNAMIC_HASH_TABLE_CONTEXT;
+STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENUMERATOR {
+ HashEntry: RTL_DYNAMIC_HASH_TABLE_ENTRY,
+ ChainHead: PLIST_ENTRY,
+ BucketIndex: ULONG,
+}}
+pub type PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR = *mut RTL_DYNAMIC_HASH_TABLE_ENUMERATOR;
+STRUCT!{struct RTL_DYNAMIC_HASH_TABLE {
+ Flags: ULONG,
+ Shift: ULONG,
+ TableSize: ULONG,
+ Pivot: ULONG,
+ DivisorMask: ULONG,
+ NumEntries: ULONG,
+ NonEmptyBuckets: ULONG,
+ NumEnumerators: ULONG,
+ Directory: PVOID,
+}}
+pub type PRTL_DYNAMIC_HASH_TABLE = *mut RTL_DYNAMIC_HASH_TABLE;
+#[inline]
+pub fn RtlInitHashTableContext(Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT) {
+ Context.ChainHead = null_mut();
+ Context.PrevLinkage = null_mut();
+}
+#[inline]
+pub fn RtlInitHashTableContextFromEnumerator(
+ Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT,
+ Enumerator: &RTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
+) {
+ Context.ChainHead = Enumerator.ChainHead;
+ Context.PrevLinkage = Enumerator.HashEntry.Linkage.Blink;
+}
+// RtlReleaseHashTableContext
+#[inline]
+pub const fn RtlTotalBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
+ HashTable.TableSize
+}
+#[inline]
+pub const fn RtlNonEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
+ HashTable.NonEmptyBuckets
+}
+#[inline]
+pub const fn RtlEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
+ HashTable.TableSize - HashTable.NonEmptyBuckets
+}
+#[inline]
+pub const fn RtlTotalEntriesHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
+ HashTable.NumEntries
+}
+#[inline]
+pub const fn RtlActiveEnumeratorsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG {
+ HashTable.NumEnumerators
+}
+EXTERN!{extern "system" {
+ fn RtlCreateHashTable(
+ HashTable: *mut PRTL_DYNAMIC_HASH_TABLE,
+ Shift: ULONG,
+ Flags: ULONG,
+ ) -> BOOLEAN;
+ fn RtlDeleteHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ );
+ fn RtlInsertEntryHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY,
+ Signature: ULONG_PTR,
+ Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
+ ) -> BOOLEAN;
+ fn RtlRemoveEntryHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY,
+ Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
+ ) -> BOOLEAN;
+ fn RtlLookupEntryHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ Signature: ULONG_PTR,
+ Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
+ ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
+ fn RtlGetNextEntryHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT,
+ ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
+ fn RtlInitEnumerationHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
+ ) -> BOOLEAN;
+ fn RtlEnumerateEntryHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
+ ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
+ fn RtlEndEnumerationHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
+ );
+ fn RtlInitWeakEnumerationHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
+ ) -> BOOLEAN;
+ fn RtlWeaklyEnumerateEntryHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
+ ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
+ fn RtlEndWeakEnumerationHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
+ );
+ fn RtlExpandHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ ) -> BOOLEAN;
+ fn RtlContractHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ ) -> BOOLEAN;
+ fn RtlInitStrongEnumerationHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
+ ) -> BOOLEAN;
+ fn RtlStronglyEnumerateEntryHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
+ ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY;
+ fn RtlEndStrongEnumerationHashTable(
+ HashTable: PRTL_DYNAMIC_HASH_TABLE,
+ Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR,
+ );
+ fn RtlInitializeCriticalSection(
+ CriticalSection: PRTL_CRITICAL_SECTION,
+ ) -> NTSTATUS;
+ fn RtlInitializeCriticalSectionAndSpinCount(
+ CriticalSection: PRTL_CRITICAL_SECTION,
+ SpinCount: ULONG,
+ ) -> NTSTATUS;
+ fn RtlDeleteCriticalSection(
+ CriticalSection: PRTL_CRITICAL_SECTION,
+ ) -> NTSTATUS;
+ fn RtlEnterCriticalSection(
+ CriticalSection: PRTL_CRITICAL_SECTION,
+ ) -> NTSTATUS;
+ fn RtlLeaveCriticalSection(
+ CriticalSection: PRTL_CRITICAL_SECTION,
+ ) -> NTSTATUS;
+ fn RtlTryEnterCriticalSection(
+ CriticalSection: PRTL_CRITICAL_SECTION,
+ ) -> LOGICAL;
+ fn RtlIsCriticalSectionLocked(
+ CriticalSection: PRTL_CRITICAL_SECTION,
+ ) -> LOGICAL;
+ fn RtlIsCriticalSectionLockedByThread(
+ CriticalSection: PRTL_CRITICAL_SECTION,
+ ) -> LOGICAL;
+ fn RtlGetCriticalSectionRecursionCount(
+ CriticalSection: PRTL_CRITICAL_SECTION,
+ ) -> ULONG;
+ fn RtlSetCriticalSectionSpinCount(
+ CriticalSection: PRTL_CRITICAL_SECTION,
+ SpinCount: ULONG,
+ ) -> ULONG;
+ fn RtlQueryCriticalSectionOwner(
+ EventHandle: HANDLE,
+ ) -> HANDLE;
+ fn RtlCheckForOrphanedCriticalSections(
+ ThreadHandle: HANDLE,
+ );
+}}
+STRUCT!{struct RTL_RESOURCE {
+ CriticalSection: RTL_CRITICAL_SECTION,
+ SharedSemaphore: HANDLE,
+ NumberOfWaitingShared: ULONG,
+ ExclusiveSemaphore: HANDLE,
+ NumberOfWaitingExclusive: ULONG,
+ NumberOfActive: LONG,
+ ExclusiveOwnerThread: HANDLE,
+ Flags: ULONG,
+ DebugInfo: PRTL_RESOURCE_DEBUG,
+}}
+pub type PRTL_RESOURCE = *mut RTL_RESOURCE;
+pub const RTL_RESOURCE_FLAG_LONG_TERM: ULONG = 0x00000001;
+EXTERN!{extern "system" {
+ fn RtlInitializeResource(
+ Resource: PRTL_RESOURCE,
+ );
+ fn RtlDeleteResource(
+ Resource: PRTL_RESOURCE,
+ );
+ fn RtlAcquireResourceShared(
+ Resource: PRTL_RESOURCE,
+ Wait: BOOLEAN,
+ ) -> BOOLEAN;
+ fn RtlAcquireResourceExclusive(
+ Resource: PRTL_RESOURCE,
+ Wait: BOOLEAN,
+ ) -> BOOLEAN;
+ fn RtlReleaseResource(
+ Resource: PRTL_RESOURCE,
+ );
+ fn RtlConvertSharedToExclusive(
+ Resource: PRTL_RESOURCE,
+ );
+ fn RtlConvertExclusiveToShared(
+ Resource: PRTL_RESOURCE,
+ );
+ fn RtlInitializeSRWLock(
+ SRWLock: PRTL_SRWLOCK,
+ );
+ fn RtlAcquireSRWLockExclusive(
+ SRWLock: PRTL_SRWLOCK,
+ );
+ fn RtlAcquireSRWLockShared(
+ SRWLock: PRTL_SRWLOCK,
+ );
+ fn RtlReleaseSRWLockExclusive(
+ SRWLock: PRTL_SRWLOCK,
+ );
+ fn RtlReleaseSRWLockShared(
+ SRWLock: PRTL_SRWLOCK,
+ );
+ fn RtlTryAcquireSRWLockExclusive(
+ SRWLock: PRTL_SRWLOCK,
+ ) -> BOOLEAN;
+ fn RtlTryAcquireSRWLockShared(
+ SRWLock: PRTL_SRWLOCK,
+ ) -> BOOLEAN;
+ fn RtlAcquireReleaseSRWLockExclusive(
+ SRWLock: PRTL_SRWLOCK,
+ );
+ fn RtlInitializeConditionVariable(
+ ConditionVariable: PRTL_CONDITION_VARIABLE,
+ );
+ fn RtlSleepConditionVariableCS(
+ ConditionVariable: PRTL_CONDITION_VARIABLE,
+ CriticalSection: PRTL_CRITICAL_SECTION,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn RtlSleepConditionVariableSRW(
+ ConditionVariable: PRTL_CONDITION_VARIABLE,
+ SRWLock: PRTL_SRWLOCK,
+ Timeout: PLARGE_INTEGER,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn RtlWakeConditionVariable(
+ ConditionVariable: PRTL_CONDITION_VARIABLE,
+ );
+ fn RtlWakeAllConditionVariable(
+ ConditionVariable: PRTL_CONDITION_VARIABLE,
+ );
+}}
+pub const RTL_BARRIER_FLAGS_SPIN_ONLY: ULONG = 0x00000001;
+pub const RTL_BARRIER_FLAGS_BLOCK_ONLY: ULONG = 0x00000002;
+pub const RTL_BARRIER_FLAGS_NO_DELETE: ULONG = 0x00000004;
+EXTERN!{extern "system" {
+ fn RtlInitBarrier(
+ Barrier: PRTL_BARRIER,
+ TotalThreads: ULONG,
+ SpinCount: ULONG,
+ ) -> NTSTATUS;
+ fn RtlDeleteBarrier(
+ Barrier: PRTL_BARRIER,
+ ) -> NTSTATUS;
+ fn RtlBarrier(
+ Barrier: PRTL_BARRIER,
+ Flags: ULONG,
+ ) -> BOOLEAN;
+ fn RtlBarrierForDelete(
+ Barrier: PRTL_BARRIER,
+ Flags: ULONG,
+ ) -> BOOLEAN;
+ fn RtlWaitOnAddress(
+ Address: *mut VOID,
+ CompareAddress: PVOID,
+ AddressSize: SIZE_T,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn RtlWakeAddressAll(
+ Address: PVOID,
+ );
+ fn RtlWakeAddressSingle(
+ Address: PVOID,
+ );
+ fn RtlInitString(
+ DestinationString: PSTRING,
+ SourceString: PCSZ,
+ );
+ fn RtlInitStringEx(
+ DestinationString: PSTRING,
+ SourceString: PCSZ,
+ ) -> NTSTATUS;
+ fn RtlInitAnsiString(
+ DestinationString: PANSI_STRING,
+ SourceString: PCSZ,
+ );
+ fn RtlInitAnsiStringEx(
+ DestinationString: PANSI_STRING,
+ SourceString: PCSZ,
+ ) -> NTSTATUS;
+ fn RtlFreeAnsiString(
+ AnsiString: PANSI_STRING,
+ );
+ fn RtlFreeOemString(
+ OemString: POEM_STRING,
+ );
+ fn RtlCopyString(
+ DestinationString: PSTRING,
+ SourceString: *const STRING,
+ );
+ fn RtlUpperChar(
+ Character: CHAR,
+ ) -> CHAR;
+ fn RtlCompareString(
+ String1: *const STRING,
+ String2: *const STRING,
+ CaseInSensitive: BOOLEAN,
+ ) -> LONG;
+ fn RtlEqualString(
+ String1: *const STRING,
+ String2: *const STRING,
+ CaseInSensitive: BOOLEAN,
+ ) -> BOOLEAN;
+ fn RtlPrefixString(
+ String1: *const STRING,
+ String2: *const STRING,
+ CaseInSensitive: BOOLEAN,
+ ) -> BOOLEAN;
+ fn RtlAppendStringToString(
+ Destination: PSTRING,
+ Source: *const STRING,
+ ) -> NTSTATUS;
+ fn RtlAppendAsciizToString(
+ Destination: PSTRING,
+ Source: PSTR,
+ ) -> NTSTATUS;
+ fn RtlUpperString(
+ DestinationString: PSTRING,
+ SourceString: *const STRING,
+ );
+}}
+#[inline]
+pub unsafe fn RtlIsNullOrEmptyUnicodeString(String: PUNICODE_STRING) -> bool {
+ String.is_null() || (*String).Length == 0
+}
+#[inline]
+pub fn RtlInitEmptyUnicodeString(
+ UnicodeString: &mut UNICODE_STRING,
+ Buffer: PWCHAR,
+ MaximumLength: USHORT,
+) {
+ UnicodeString.Buffer = Buffer;
+ UnicodeString.MaximumLength = MaximumLength;
+ UnicodeString.Length = 0;
+}
+EXTERN!{extern "system" {
+ fn RtlInitUnicodeString(
+ DestinationString: PUNICODE_STRING,
+ SourceString: PCWSTR,
+ );
+ fn RtlInitUnicodeStringEx(
+ DestinationString: PUNICODE_STRING,
+ SourceString: PCWSTR,
+ ) -> NTSTATUS;
+ fn RtlCreateUnicodeString(
+ DestinationString: PUNICODE_STRING,
+ SourceString: PCWSTR,
+ ) -> BOOLEAN;
+ fn RtlCreateUnicodeStringFromAsciiz(
+ DestinationString: PUNICODE_STRING,
+ SourceString: PSTR,
+ ) -> BOOLEAN;
+ fn RtlFreeUnicodeString(
+ UnicodeString: PUNICODE_STRING,
+ );
+}}
+pub const RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE: ULONG = 0x00000001;
+pub const RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING: ULONG = 0x00000002;
+EXTERN!{extern "system" {
+ fn RtlDuplicateUnicodeString(
+ Flags: ULONG,
+ StringIn: PCUNICODE_STRING,
+ StringOut: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlCopyUnicodeString(
+ DestinationString: PUNICODE_STRING,
+ SourceString: PCUNICODE_STRING,
+ );
+ fn RtlUpcaseUnicodeChar(
+ SourceCharacter: WCHAR,
+ ) -> WCHAR;
+ fn RtlDowncaseUnicodeChar(
+ SourceCharacter: WCHAR,
+ ) -> WCHAR;
+ fn RtlCompareUnicodeString(
+ String1: PCUNICODE_STRING,
+ String2: PCUNICODE_STRING,
+ CaseInSensitive: BOOLEAN,
+ ) -> LONG;
+ fn RtlCompareUnicodeStrings(
+ String1: PCWCH,
+ String1Length: SIZE_T,
+ String2: PCWCH,
+ String2Length: SIZE_T,
+ CaseInSensitive: BOOLEAN,
+ ) -> LONG;
+ fn RtlEqualUnicodeString(
+ String1: PCUNICODE_STRING,
+ String2: PCUNICODE_STRING,
+ CaseInSensitive: BOOLEAN,
+ ) -> BOOLEAN;
+}}
+pub const HASH_STRING_ALGORITHM_DEFAULT: ULONG = 0;
+pub const HASH_STRING_ALGORITHM_X65599: ULONG = 1;
+pub const HASH_STRING_ALGORITHM_INVALID: ULONG = 0xffffffff;
+EXTERN!{extern "system" {
+ fn RtlHashUnicodeString(
+ String: PCUNICODE_STRING,
+ CaseInSensitive: BOOLEAN,
+ HashAlgorithm: ULONG,
+ HashValue: PULONG,
+ ) -> NTSTATUS;
+ fn RtlValidateUnicodeString(
+ Flags: ULONG,
+ String: PCUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlPrefixUnicodeString(
+ String1: PCUNICODE_STRING,
+ String2: PCUNICODE_STRING,
+ CaseInSensitive: BOOLEAN,
+ ) -> BOOLEAN;
+ fn RtlSuffixUnicodeString(
+ String1: PUNICODE_STRING,
+ String2: PUNICODE_STRING,
+ CaseInSensitive: BOOLEAN,
+ ) -> BOOLEAN;
+ fn RtlFindUnicodeSubstring(
+ FullString: PUNICODE_STRING,
+ SearchString: PUNICODE_STRING,
+ CaseInSensitive: BOOLEAN,
+ ) -> PWCHAR;
+}}
+pub const RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END: ULONG = 0x00000001;
+pub const RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET: ULONG = 0x00000002;
+pub const RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE: ULONG = 0x00000004;
+EXTERN!{extern "system" {
+ fn RtlFindCharInUnicodeString(
+ Flags: ULONG,
+ StringToSearch: PUNICODE_STRING,
+ CharSet: PUNICODE_STRING,
+ NonInclusivePrefixLength: PUSHORT,
+ ) -> NTSTATUS;
+ fn RtlAppendUnicodeStringToString(
+ Destination: PUNICODE_STRING,
+ Source: PCUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlAppendUnicodeToString(
+ Destination: PUNICODE_STRING,
+ Source: PCWSTR,
+ ) -> NTSTATUS;
+ fn RtlUpcaseUnicodeString(
+ DestinationString: PUNICODE_STRING,
+ SourceString: PCUNICODE_STRING,
+ AllocateDestinationString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlDowncaseUnicodeString(
+ DestinationString: PUNICODE_STRING,
+ SourceString: PCUNICODE_STRING,
+ AllocateDestinationString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlEraseUnicodeString(
+ String: PUNICODE_STRING,
+ );
+ fn RtlAnsiStringToUnicodeString(
+ DestinationString: PUNICODE_STRING,
+ SourceString: PCANSI_STRING,
+ AllocateDestinationString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlUnicodeStringToAnsiString(
+ DestinationString: PANSI_STRING,
+ SourceString: PCUNICODE_STRING,
+ AllocateDestinationString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlAnsiCharToUnicodeChar(
+ SourceCharacter: *mut PUCHAR,
+ ) -> WCHAR;
+ fn RtlUpcaseUnicodeStringToAnsiString(
+ DestinationString: PANSI_STRING,
+ SourceString: PUNICODE_STRING,
+ AllocateDestinationString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlOemStringToUnicodeString(
+ DestinationString: PUNICODE_STRING,
+ SourceString: PCOEM_STRING,
+ AllocateDestinationString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlUnicodeStringToOemString(
+ DestinationString: POEM_STRING,
+ SourceString: PCUNICODE_STRING,
+ AllocateDestinationString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlUpcaseUnicodeStringToOemString(
+ DestinationString: POEM_STRING,
+ SourceString: PUNICODE_STRING,
+ AllocateDestinationString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlUnicodeStringToCountedOemString(
+ DestinationString: POEM_STRING,
+ SourceString: PCUNICODE_STRING,
+ AllocateDestinationString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlUpcaseUnicodeStringToCountedOemString(
+ DestinationString: POEM_STRING,
+ SourceString: PCUNICODE_STRING,
+ AllocateDestinationString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlMultiByteToUnicodeN(
+ UnicodeString: PWCH,
+ MaxBytesInUnicodeString: ULONG,
+ BytesInUnicodeString: PULONG,
+ MultiByteString: *const CHAR,
+ BytesInMultiByteString: ULONG,
+ ) -> NTSTATUS;
+ fn RtlMultiByteToUnicodeSize(
+ BytesInUnicodeString: PULONG,
+ MultiByteString: *const CHAR,
+ BytesInMultiByteString: ULONG,
+ ) -> NTSTATUS;
+ fn RtlUnicodeToMultiByteN(
+ MultiByteString: PCHAR,
+ MaxBytesInMultiByteString: ULONG,
+ BytesInMultiByteString: PULONG,
+ UnicodeString: PCWCH,
+ BytesInUnicodeString: ULONG,
+ ) -> NTSTATUS;
+ fn RtlUnicodeToMultiByteSize(
+ BytesInMultiByteString: PULONG,
+ UnicodeString: PCWCH,
+ BytesInUnicodeString: ULONG,
+ ) -> NTSTATUS;
+ fn RtlUpcaseUnicodeToMultiByteN(
+ MultiByteString: PCHAR,
+ MaxBytesInMultiByteString: ULONG,
+ BytesInMultiByteString: PULONG,
+ UnicodeString: PCWCH,
+ BytesInUnicodeString: ULONG,
+ ) -> NTSTATUS;
+ fn RtlOemToUnicodeN(
+ UnicodeString: PWCH,
+ MaxBytesInUnicodeString: ULONG,
+ BytesInUnicodeString: PULONG,
+ OemString: PCCH,
+ BytesInOemString: ULONG,
+ ) -> NTSTATUS;
+ fn RtlUnicodeToOemN(
+ OemString: PCHAR,
+ MaxBytesInOemString: ULONG,
+ BytesInOemString: PULONG,
+ UnicodeString: PCWCH,
+ BytesInUnicodeString: ULONG,
+ ) -> NTSTATUS;
+ fn RtlUpcaseUnicodeToOemN(
+ OemString: PCHAR,
+ MaxBytesInOemString: ULONG,
+ BytesInOemString: PULONG,
+ UnicodeString: PCWCH,
+ BytesInUnicodeString: ULONG,
+ ) -> NTSTATUS;
+ fn RtlConsoleMultiByteToUnicodeN(
+ UnicodeString: PWCH,
+ MaxBytesInUnicodeString: ULONG,
+ BytesInUnicodeString: PULONG,
+ MultiByteString: PCH,
+ BytesInMultiByteString: ULONG,
+ pdwSpecialChar: PULONG,
+ ) -> NTSTATUS;
+ fn RtlUTF8ToUnicodeN(
+ UnicodeStringDestination: PWSTR,
+ UnicodeStringMaxByteCount: ULONG,
+ UnicodeStringActualByteCount: PULONG,
+ UTF8StringSource: PCCH,
+ UTF8StringByteCount: ULONG,
+ ) -> NTSTATUS;
+ fn RtlUnicodeToUTF8N(
+ UTF8StringDestination: PCHAR,
+ UTF8StringMaxByteCount: ULONG,
+ UTF8StringActualByteCount: PULONG,
+ UnicodeStringSource: PCWCH,
+ UnicodeStringByteCount: ULONG,
+ ) -> NTSTATUS;
+ fn RtlCustomCPToUnicodeN(
+ CustomCP: PCPTABLEINFO,
+ UnicodeString: PWCH,
+ MaxBytesInUnicodeString: ULONG,
+ BytesInUnicodeString: PULONG,
+ CustomCPString: PCH,
+ BytesInCustomCPString: ULONG,
+ ) -> NTSTATUS;
+ fn RtlUnicodeToCustomCPN(
+ CustomCP: PCPTABLEINFO,
+ CustomCPString: PCH,
+ MaxBytesInCustomCPString: ULONG,
+ BytesInCustomCPString: PULONG,
+ UnicodeString: PWCH,
+ BytesInUnicodeString: ULONG,
+ ) -> NTSTATUS;
+ fn RtlUpcaseUnicodeToCustomCPN(
+ CustomCP: PCPTABLEINFO,
+ CustomCPString: PCH,
+ MaxBytesInCustomCPString: ULONG,
+ BytesInCustomCPString: PULONG,
+ UnicodeString: PWCH,
+ BytesInUnicodeString: ULONG,
+ ) -> NTSTATUS;
+ fn RtlInitCodePageTable(
+ TableBase: PUSHORT,
+ CodePageTable: PCPTABLEINFO,
+ );
+ fn RtlInitNlsTables(
+ AnsiNlsBase: PUSHORT,
+ OemNlsBase: PUSHORT,
+ LanguageNlsBase: PUSHORT,
+ TableInfo: PNLSTABLEINFO,
+ );
+ fn RtlResetRtlTranslations(
+ TableInfo: PNLSTABLEINFO,
+ );
+ fn RtlIsTextUnicode(
+ Buffer: PVOID,
+ Size: ULONG,
+ Result: PULONG,
+ ) -> BOOLEAN;
+}}
+ENUM!{enum RTL_NORM_FORM {
+ NormOther = 0x0,
+ NormC = 0x1,
+ NormD = 0x2,
+ NormKC = 0x5,
+ NormKD = 0x6,
+ NormIdna = 0xd,
+ DisallowUnassigned = 0x100,
+ NormCDisallowUnassigned = 0x101,
+ NormDDisallowUnassigned = 0x102,
+ NormKCDisallowUnassigned = 0x105,
+ NormKDDisallowUnassigned = 0x106,
+ NormIdnaDisallowUnassigned = 0x10d,
+}}
+EXTERN!{extern "system" {
+ fn RtlNormalizeString(
+ NormForm: ULONG,
+ SourceString: PCWSTR,
+ SourceStringLength: LONG,
+ DestinationString: PWSTR,
+ DestinationStringLength: PLONG,
+ ) -> NTSTATUS;
+ fn RtlIsNormalizedString(
+ NormForm: ULONG,
+ SourceString: PCWSTR,
+ SourceStringLength: LONG,
+ Normalized: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlIsNameInExpression(
+ Expression: PUNICODE_STRING,
+ Name: PUNICODE_STRING,
+ IgnoreCase: BOOLEAN,
+ UpcaseTable: PWCH,
+ ) -> BOOLEAN;
+ fn RtlIsNameInUnUpcasedExpression(
+ Expression: PUNICODE_STRING,
+ Name: PUNICODE_STRING,
+ IgnoreCase: BOOLEAN,
+ UpcaseTable: PWCH,
+ ) -> BOOLEAN;
+ fn RtlEqualDomainName(
+ String1: PUNICODE_STRING,
+ String2: PUNICODE_STRING,
+ ) -> BOOLEAN;
+ fn RtlEqualComputerName(
+ String1: PUNICODE_STRING,
+ String2: PUNICODE_STRING,
+ ) -> BOOLEAN;
+ fn RtlDnsHostNameToComputerName(
+ ComputerNameString: PUNICODE_STRING,
+ DnsHostNameString: PUNICODE_STRING,
+ AllocateComputerNameString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlStringFromGUID(
+ Guid: *const GUID,
+ GuidString: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlStringFromGUIDEx(
+ Guid: *mut GUID,
+ GuidString: PUNICODE_STRING,
+ AllocateGuidString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlGUIDFromString(
+ GuidString: PCUNICODE_STRING,
+ Guid: *mut GUID,
+ ) -> NTSTATUS;
+ fn RtlCompareAltitudes(
+ Altitude1: PCUNICODE_STRING,
+ Altitude2: PCUNICODE_STRING,
+ ) -> LONG;
+ fn RtlIdnToAscii(
+ Flags: ULONG,
+ SourceString: PCWSTR,
+ SourceStringLength: LONG,
+ DestinationString: PWSTR,
+ DestinationStringLength: PLONG,
+ ) -> NTSTATUS;
+ fn RtlIdnToUnicode(
+ Flags: ULONG,
+ SourceString: PCWSTR,
+ SourceStringLength: LONG,
+ DestinationString: PWSTR,
+ DestinationStringLength: PLONG,
+ ) -> NTSTATUS;
+ fn RtlIdnToNameprepUnicode(
+ Flags: ULONG,
+ SourceString: PCWSTR,
+ SourceStringLength: LONG,
+ DestinationString: PWSTR,
+ DestinationStringLength: PLONG,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct PREFIX_TABLE_ENTRY {
+ NodeTypeCode: CSHORT,
+ NameLength: CSHORT,
+ NextPrefixTree: *mut PREFIX_TABLE_ENTRY,
+ Links: RTL_SPLAY_LINKS,
+ Prefix: PSTRING,
+}}
+pub type PPREFIX_TABLE_ENTRY = *mut PREFIX_TABLE_ENTRY;
+STRUCT!{struct PREFIX_TABLE {
+ NodeTypeCode: CSHORT,
+ NameLength: CSHORT,
+ NextPrefixTree: PPREFIX_TABLE_ENTRY,
+}}
+pub type PPREFIX_TABLE = *mut PREFIX_TABLE;
+EXTERN!{extern "system" {
+ fn PfxInitialize(
+ PrefixTable: PPREFIX_TABLE,
+ );
+ fn PfxInsertPrefix(
+ PrefixTable: PPREFIX_TABLE,
+ Prefix: PSTRING,
+ PrefixTableEntry: PPREFIX_TABLE_ENTRY,
+ ) -> BOOLEAN;
+ fn PfxRemovePrefix(
+ PrefixTable: PPREFIX_TABLE,
+ PrefixTableEntry: PPREFIX_TABLE_ENTRY,
+ );
+ fn PfxFindPrefix(
+ PrefixTable: PPREFIX_TABLE,
+ FullName: PSTRING,
+ ) -> PPREFIX_TABLE_ENTRY;
+}}
+STRUCT!{struct UNICODE_PREFIX_TABLE_ENTRY {
+ NodeTypeCode: CSHORT,
+ NameLength: CSHORT,
+ NextPrefixTree: *mut UNICODE_PREFIX_TABLE_ENTRY,
+ CaseMatch: *mut UNICODE_PREFIX_TABLE_ENTRY,
+ Links: RTL_SPLAY_LINKS,
+ Prefix: PUNICODE_STRING,
+}}
+pub type PUNICODE_PREFIX_TABLE_ENTRY = *mut UNICODE_PREFIX_TABLE_ENTRY;
+STRUCT!{struct UNICODE_PREFIX_TABLE {
+ NodeTypeCode: CSHORT,
+ NameLength: CSHORT,
+ NextPrefixTree: PUNICODE_PREFIX_TABLE_ENTRY,
+ LastNextEntry: PUNICODE_PREFIX_TABLE_ENTRY,
+}}
+pub type PUNICODE_PREFIX_TABLE = *mut UNICODE_PREFIX_TABLE;
+EXTERN!{extern "system" {
+ fn RtlInitializeUnicodePrefix(
+ PrefixTable: PUNICODE_PREFIX_TABLE,
+ );
+ fn RtlInsertUnicodePrefix(
+ PrefixTable: PUNICODE_PREFIX_TABLE,
+ Prefix: PUNICODE_STRING,
+ PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY,
+ ) -> BOOLEAN;
+ fn RtlRemoveUnicodePrefix(
+ PrefixTable: PUNICODE_PREFIX_TABLE,
+ PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY,
+ );
+ fn RtlFindUnicodePrefix(
+ PrefixTable: PUNICODE_PREFIX_TABLE,
+ FullName: PCUNICODE_STRING,
+ CaseInsensitiveIndex: ULONG,
+ ) -> PUNICODE_PREFIX_TABLE_ENTRY;
+ fn RtlNextUnicodePrefix(
+ PrefixTable: PUNICODE_PREFIX_TABLE,
+ Restart: BOOLEAN,
+ ) -> PUNICODE_PREFIX_TABLE_ENTRY;
+}}
+STRUCT!{struct COMPRESSED_DATA_INFO {
+ CompressionFormatAndEngine: USHORT,
+ CompressionUnitShift: UCHAR,
+ ChunkShift: UCHAR,
+ ClusterShift: UCHAR,
+ Reserved: UCHAR,
+ NumberOfChunks: USHORT,
+ CompressedChunkSizes: [ULONG; 1],
+}}
+pub type PCOMPRESSED_DATA_INFO = *mut COMPRESSED_DATA_INFO;
+EXTERN!{extern "system" {
+ fn RtlGetCompressionWorkSpaceSize(
+ CompressionFormatAndEngine: USHORT,
+ CompressBufferWorkSpaceSize: PULONG,
+ CompressFragmentWorkSpaceSize: PULONG,
+ ) -> NTSTATUS;
+ fn RtlCompressBuffer(
+ CompressionFormatAndEngine: USHORT,
+ UncompressedBuffer: PUCHAR,
+ UncompressedBufferSize: ULONG,
+ CompressedBuffer: PUCHAR,
+ CompressedBufferSize: ULONG,
+ UncompressedChunkSize: ULONG,
+ FinalCompressedSize: PULONG,
+ WorkSpace: PVOID,
+ ) -> NTSTATUS;
+ fn RtlDecompressBuffer(
+ CompressionFormat: USHORT,
+ UncompressedBuffer: PUCHAR,
+ UncompressedBufferSize: ULONG,
+ CompressedBuffer: PUCHAR,
+ CompressedBufferSize: ULONG,
+ FinalUncompressedSize: PULONG,
+ ) -> NTSTATUS;
+ fn RtlDecompressBufferEx(
+ CompressionFormat: USHORT,
+ UncompressedBuffer: PUCHAR,
+ UncompressedBufferSize: ULONG,
+ CompressedBuffer: PUCHAR,
+ CompressedBufferSize: ULONG,
+ FinalUncompressedSize: PULONG,
+ WorkSpace: PVOID,
+ ) -> NTSTATUS;
+ fn RtlDecompressFragment(
+ CompressionFormat: USHORT,
+ UncompressedFragment: PUCHAR,
+ UncompressedFragmentSize: ULONG,
+ CompressedBuffer: PUCHAR,
+ CompressedBufferSize: ULONG,
+ FragmentOffset: ULONG,
+ FinalUncompressedSize: PULONG,
+ WorkSpace: PVOID,
+ ) -> NTSTATUS;
+ fn RtlDescribeChunk(
+ CompressionFormat: USHORT,
+ CompressedBuffer: *mut PUCHAR,
+ EndOfCompressedBufferPlus1: PUCHAR,
+ ChunkBuffer: *mut PUCHAR,
+ ChunkSize: PULONG,
+ ) -> NTSTATUS;
+ fn RtlReserveChunk(
+ CompressionFormat: USHORT,
+ CompressedBuffer: *mut PUCHAR,
+ EndOfCompressedBufferPlus1: PUCHAR,
+ ChunkBuffer: *mut PUCHAR,
+ ChunkSize: ULONG,
+ ) -> NTSTATUS;
+ fn RtlDecompressChunks(
+ UncompressedBuffer: PUCHAR,
+ UncompressedBufferSize: ULONG,
+ CompressedBuffer: PUCHAR,
+ CompressedBufferSize: ULONG,
+ CompressedTail: PUCHAR,
+ CompressedTailSize: ULONG,
+ CompressedDataInfo: PCOMPRESSED_DATA_INFO,
+ ) -> NTSTATUS;
+ fn RtlCompressChunks(
+ UncompressedBuffer: PUCHAR,
+ UncompressedBufferSize: ULONG,
+ CompressedBuffer: PUCHAR,
+ CompressedBufferSize: ULONG,
+ CompressedDataInfo: PCOMPRESSED_DATA_INFO,
+ CompressedDataInfoLength: ULONG,
+ WorkSpace: PVOID,
+ ) -> NTSTATUS;
+ fn RtlConvertLCIDToString(
+ LcidValue: LCID,
+ Base: ULONG,
+ Padding: ULONG,
+ pResultBuf: PWSTR,
+ Size: ULONG,
+ ) -> NTSTATUS;
+ fn RtlIsValidLocaleName(
+ LocaleName: PWSTR,
+ Flags: ULONG,
+ ) -> BOOLEAN;
+ fn RtlGetParentLocaleName(
+ LocaleName: PWSTR,
+ ParentLocaleName: PUNICODE_STRING,
+ Flags: ULONG,
+ AllocateDestinationString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlLcidToLocaleName(
+ lcid: LCID,
+ LocaleName: PUNICODE_STRING,
+ Flags: ULONG,
+ AllocateDestinationString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlLocaleNameToLcid(
+ LocaleName: PWSTR,
+ lcid: PLCID,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn RtlLCIDToCultureName(
+ Lcid: LCID,
+ String: PUNICODE_STRING,
+ ) -> BOOLEAN;
+ fn RtlCultureNameToLCID(
+ String: PUNICODE_STRING,
+ Lcid: PLCID,
+ ) -> BOOLEAN;
+ fn RtlCleanUpTEBLangLists();
+ fn RtlGetLocaleFileMappingAddress(
+ BaseAddress: *mut PVOID,
+ DefaultLocaleId: PLCID,
+ DefaultCasingTableSize: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn RtlGetCurrentPeb() -> PPEB;
+ fn RtlAcquirePebLock();
+ fn RtlReleasePebLock();
+ fn RtlTryAcquirePebLock() -> LOGICAL;
+ fn RtlAllocateFromPeb(
+ Size: ULONG,
+ Block: *mut PVOID,
+ ) -> NTSTATUS;
+ fn RtlFreeToPeb(
+ Block: PVOID,
+ Size: ULONG,
+ ) -> NTSTATUS;
+}}
+pub const DOS_MAX_COMPONENT_LENGTH: u32 = 255;
+pub const DOS_MAX_PATH_LENGTH: u32 = DOS_MAX_COMPONENT_LENGTH + 5;
+STRUCT!{struct CURDIR {
+ DosPath: UNICODE_STRING,
+ Handle: HANDLE,
+}}
+pub type PCURDIR = *mut CURDIR;
+pub const RTL_USER_PROC_CURDIR_CLOSE: u32 = 0x00000002;
+pub const RTL_USER_PROC_CURDIR_INHERIT: u32 = 0x00000003;
+STRUCT!{struct RTL_DRIVE_LETTER_CURDIR {
+ Flags: USHORT,
+ Length: USHORT,
+ TimeStamp: ULONG,
+ DosPath: STRING,
+}}
+pub type PRTL_DRIVE_LETTER_CURDIR = *mut RTL_DRIVE_LETTER_CURDIR;
+pub const RTL_MAX_DRIVE_LETTERS: usize = 32;
+pub const RTL_DRIVE_LETTER_VALID: USHORT = 0x0001;
+STRUCT!{struct RTL_USER_PROCESS_PARAMETERS {
+ MaximumLength: ULONG,
+ Length: ULONG,
+ Flags: ULONG,
+ DebugFlags: ULONG,
+ ConsoleHandle: HANDLE,
+ ConsoleFlags: ULONG,
+ StandardInput: HANDLE,
+ StandardOutput: HANDLE,
+ StandardError: HANDLE,
+ CurrentDirectory: CURDIR,
+ DllPath: UNICODE_STRING,
+ ImagePathName: UNICODE_STRING,
+ CommandLine: UNICODE_STRING,
+ Environment: PVOID,
+ StartingX: ULONG,
+ StartingY: ULONG,
+ CountX: ULONG,
+ CountY: ULONG,
+ CountCharsX: ULONG,
+ CountCharsY: ULONG,
+ FillAttribute: ULONG,
+ WindowFlags: ULONG,
+ ShowWindowFlags: ULONG,
+ WindowTitle: UNICODE_STRING,
+ DesktopInfo: UNICODE_STRING,
+ ShellInfo: UNICODE_STRING,
+ RuntimeData: UNICODE_STRING,
+ CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR; RTL_MAX_DRIVE_LETTERS],
+ EnvironmentSize: ULONG_PTR,
+ EnvironmentVersion: ULONG_PTR,
+ PackageDependencyData: PVOID,
+ ProcessGroupId: ULONG,
+ LoaderThreads: ULONG,
+}}
+pub type PRTL_USER_PROCESS_PARAMETERS = *mut RTL_USER_PROCESS_PARAMETERS;
+pub const RTL_USER_PROC_PARAMS_NORMALIZED: ULONG = 0x00000001;
+pub const RTL_USER_PROC_PROFILE_USER: ULONG = 0x00000002;
+pub const RTL_USER_PROC_PROFILE_KERNEL: ULONG = 0x00000004;
+pub const RTL_USER_PROC_PROFILE_SERVER: ULONG = 0x00000008;
+pub const RTL_USER_PROC_RESERVE_1MB: ULONG = 0x00000020;
+pub const RTL_USER_PROC_RESERVE_16MB: ULONG = 0x00000040;
+pub const RTL_USER_PROC_CASE_SENSITIVE: ULONG = 0x00000080;
+pub const RTL_USER_PROC_DISABLE_HEAP_DECOMMIT: ULONG = 0x00000100;
+pub const RTL_USER_PROC_DLL_REDIRECTION_LOCAL: ULONG = 0x00001000;
+pub const RTL_USER_PROC_APP_MANIFEST_PRESENT: ULONG = 0x00002000;
+pub const RTL_USER_PROC_IMAGE_KEY_MISSING: ULONG = 0x00004000;
+pub const RTL_USER_PROC_OPTIN_PROCESS: ULONG = 0x00020000;
+EXTERN!{extern "system" {
+ fn RtlCreateProcessParameters(
+ pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS,
+ ImagePathName: PUNICODE_STRING,
+ DllPath: PUNICODE_STRING,
+ CurrentDirectory: PUNICODE_STRING,
+ CommandLine: PUNICODE_STRING,
+ Environment: PVOID,
+ WindowTitle: PUNICODE_STRING,
+ DesktopInfo: PUNICODE_STRING,
+ ShellInfo: PUNICODE_STRING,
+ RuntimeData: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlCreateProcessParametersEx(
+ pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS,
+ ImagePathName: PUNICODE_STRING,
+ DllPath: PUNICODE_STRING,
+ CurrentDirectory: PUNICODE_STRING,
+ CommandLine: PUNICODE_STRING,
+ Environment: PVOID,
+ WindowTitle: PUNICODE_STRING,
+ DesktopInfo: PUNICODE_STRING,
+ ShellInfo: PUNICODE_STRING,
+ RuntimeData: PUNICODE_STRING,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn RtlDestroyProcessParameters(
+ ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
+ ) -> NTSTATUS;
+ fn RtlNormalizeProcessParams(
+ ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
+ ) -> PRTL_USER_PROCESS_PARAMETERS;
+ fn RtlDeNormalizeProcessParams(
+ ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
+ ) -> PRTL_USER_PROCESS_PARAMETERS;
+}}
+STRUCT!{struct RTL_USER_PROCESS_INFORMATION {
+ Length: ULONG,
+ Process: HANDLE,
+ Thread: HANDLE,
+ ClientId: CLIENT_ID,
+ ImageInformation: SECTION_IMAGE_INFORMATION,
+}}
+pub type PRTL_USER_PROCESS_INFORMATION = *mut RTL_USER_PROCESS_INFORMATION;
+EXTERN!{extern "system" {
+ fn RtlCreateUserProcess(
+ NtImagePathName: PUNICODE_STRING,
+ AttributesDeprecated: ULONG,
+ ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
+ ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ParentProcess: HANDLE,
+ InheritHandles: BOOLEAN,
+ DebugPort: HANDLE,
+ TokenHandle: HANDLE,
+ ProcessInformation: PRTL_USER_PROCESS_INFORMATION,
+ ) -> NTSTATUS;
+ fn RtlCreateUserProcessEx(
+ NtImagePathName: PUNICODE_STRING,
+ ProcessParameters: PRTL_USER_PROCESS_PARAMETERS,
+ InheritHandles: BOOLEAN,
+ Flags: ULONG,
+ ProcessInformation: PRTL_USER_PROCESS_INFORMATION,
+ ) -> NTSTATUS;
+ fn RtlExitUserProcess(
+ ExitStatus: NTSTATUS,
+ );
+}}
+pub const RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001;
+pub const RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES: ULONG = 0x00000002;
+pub const RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE: ULONG = 0x00000004;
+EXTERN!{extern "system" {
+ fn RtlCloneUserProcess(
+ ProcessFlags: ULONG,
+ ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ DebugPort: HANDLE,
+ ProcessInformation: PRTL_USER_PROCESS_INFORMATION,
+ ) -> NTSTATUS;
+ fn RtlUpdateClonedCriticalSection(
+ CriticalSection: PRTL_CRITICAL_SECTION,
+ );
+ fn RtlUpdateClonedSRWLock(
+ SRWLock: PRTL_SRWLOCK,
+ Shared: LOGICAL,
+ );
+}}
+STRUCT!{struct RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION {
+ ReflectionProcessHandle: HANDLE,
+ ReflectionThreadHandle: HANDLE,
+ ReflectionClientId: CLIENT_ID,
+}}
+pub type PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION =
+ *mut RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION;
+EXTERN!{extern "system" {
+ fn RtlCreateProcessReflection(
+ ProcessHandle: HANDLE,
+ Flags: ULONG,
+ StartRoutine: PVOID,
+ StartContext: PVOID,
+ EventHandle: HANDLE,
+ ReflectionInformation: PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION,
+ ) -> NTSTATUS;
+}}
+EXTERN!{extern "C" {
+ fn RtlSetProcessIsCritical(
+ NewValue: BOOLEAN,
+ OldValue: PBOOLEAN,
+ CheckFlag: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlSetThreadIsCritical(
+ NewValue: BOOLEAN,
+ OldValue: PBOOLEAN,
+ CheckFlag: BOOLEAN,
+ ) -> NTSTATUS;
+}}
+EXTERN!{extern "system" {
+ fn RtlValidProcessProtection(
+ ProcessProtection: PS_PROTECTION,
+ ) -> BOOLEAN;
+ fn RtlTestProtectedAccess(
+ Source: PS_PROTECTION,
+ Target: PS_PROTECTION,
+ ) -> BOOLEAN;
+ fn RtlIsCurrentProcess(
+ ProcessHandle: HANDLE,
+ ) -> BOOLEAN;
+ fn RtlIsCurrentThread(
+ ThreadHandle: HANDLE,
+ ) -> BOOLEAN;
+}}
+FN!{stdcall PUSER_THREAD_START_ROUTINE(
+ ThreadParameter: PVOID,
+) -> NTSTATUS}
+EXTERN!{extern "system" {
+ fn RtlCreateUserThread(
+ Process: HANDLE,
+ ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ CreateSuspended: BOOLEAN,
+ ZeroBits: ULONG,
+ MaximumStackSize: SIZE_T,
+ CommittedStackSize: SIZE_T,
+ StartAddress: PUSER_THREAD_START_ROUTINE,
+ Parameter: PVOID,
+ Thread: PHANDLE,
+ ClientId: PCLIENT_ID,
+ ) -> NTSTATUS;
+ fn RtlExitUserThread(
+ ExitStatus: NTSTATUS,
+ );
+ fn RtlIsCurrentThreadAttachExempt() -> BOOLEAN;
+ fn RtlCreateUserStack(
+ CommittedStackSize: SIZE_T,
+ MaximumStackSize: SIZE_T,
+ ZeroBits: ULONG_PTR,
+ PageSize: SIZE_T,
+ ReserveAlignment: ULONG_PTR,
+ InitialTeb: PINITIAL_TEB,
+ ) -> NTSTATUS;
+ fn RtlFreeUserStack(
+ AllocationBase: PVOID,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct CONTEXT_CHUNK {
+ Offset: LONG,
+ Length: ULONG,
+}}
+pub type PCONTEXT_CHUNK = *mut CONTEXT_CHUNK;
+STRUCT!{struct CONTEXT_EX {
+ All: CONTEXT_CHUNK,
+ Legacy: CONTEXT_CHUNK,
+ XState: CONTEXT_CHUNK,
+}}
+pub type PCONTEXT_EX = *mut CONTEXT_EX;
+pub const CONTEXT_EX_LENGTH: usize = 4096;
+#[macro_export]
+macro_rules! RTL_CONTEXT_EX_OFFSET {
+ ($ContextEx:expr, $Chunk:ident) => {
+ (*$ContextEx).$Chunk.Offset
+ };
+}
+#[macro_export]
+macro_rules! RTL_CONTEXT_EX_LENGTH {
+ ($ContextEx:expr, $Chunk:ident) => {
+ (*$ContextEx).$Chunk.Length
+ };
+}
+#[macro_export]
+macro_rules! RTL_CONTEXT_EX_CHUNK {
+ ($Base:expr, $Layout:expr, $Chunk:ident) => {
+ ($Base as usize + RTL_CONTEXT_EX_OFFSET!($Layout, $Chunk) as usize) as *mut c_void
+ };
+}
+#[macro_export]
+macro_rules! RTL_CONTEXT_OFFSET {
+ ($Context:expr, $Chunk:ident) => {
+ RTL_CONTEXT_EX_OFFSET!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
+ as *const $crate::ntrtl::CONTEXT_EX, $Chunk)
+ };
+}
+#[macro_export]
+macro_rules! RTL_CONTEXT_LENGTH {
+ ($Context:expr, $Chunk:ident) => {
+ RTL_CONTEXT_EX_LENGTH!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
+ as *const $crate::ntrtl::CONTEXT_EX, $Chunk)
+ };
+}
+#[macro_export]
+macro_rules! RTL_CONTEXT_CHUNK {
+ ($Context:expr, $Chunk:ident) => {
+ RTL_CONTEXT_EX_CHUNK!(
+ ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
+ as *const $crate::ntrtl::CONTEXT_EX,
+ ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1)
+ as *const $crate::ntrtl::CONTEXT_EX,
+ $Chunk
+ )
+ };
+}
+EXTERN!{extern "system" {
+ fn RtlInitializeContext(
+ Process: HANDLE,
+ Context: PCONTEXT,
+ Parameter: PVOID,
+ InitialPc: PVOID,
+ InitialSp: PVOID,
+ );
+ fn RtlInitializeExtendedContext(
+ Context: PCONTEXT,
+ ContextFlags: ULONG,
+ ContextEx: *mut PCONTEXT_EX,
+ ) -> ULONG;
+ fn RtlCopyExtendedContext(
+ Destination: PCONTEXT_EX,
+ ContextFlags: ULONG,
+ Source: PCONTEXT_EX,
+ ) -> ULONG;
+ fn RtlGetExtendedContextLength(
+ ContextFlags: ULONG,
+ ContextLength: PULONG,
+ ) -> ULONG;
+ fn RtlGetExtendedFeaturesMask(
+ ContextEx: PCONTEXT_EX,
+ ) -> ULONG64;
+ fn RtlLocateExtendedFeature(
+ ContextEx: PCONTEXT_EX,
+ FeatureId: ULONG,
+ Length: PULONG,
+ ) -> PVOID;
+ fn RtlLocateLegacyContext(
+ ContextEx: PCONTEXT_EX,
+ Length: PULONG,
+ ) -> PCONTEXT;
+ fn RtlSetExtendedFeaturesMask(
+ ContextEx: PCONTEXT_EX,
+ FeatureMask: ULONG64,
+ );
+}}
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+EXTERN!{extern "system" {
+ fn RtlWow64GetThreadContext(
+ ThreadHandle: HANDLE,
+ ThreadContext: PWOW64_CONTEXT,
+ ) -> NTSTATUS;
+ fn RtlWow64SetThreadContext(
+ ThreadHandle: HANDLE,
+ ThreadContext: PWOW64_CONTEXT,
+ ) -> NTSTATUS;
+}}
+EXTERN!{extern "system" {
+ fn RtlRemoteCall(
+ Process: HANDLE,
+ Thread: HANDLE,
+ CallSite: PVOID,
+ ArgumentCount: ULONG,
+ Arguments: PULONG_PTR,
+ PassContext: BOOLEAN,
+ AlreadySuspended: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlAddVectoredExceptionHandler(
+ First: ULONG,
+ Handler: PVECTORED_EXCEPTION_HANDLER,
+ ) -> PVOID;
+ fn RtlRemoveVectoredExceptionHandler(
+ Handle: PVOID,
+ ) -> ULONG;
+ fn RtlAddVectoredContinueHandler(
+ First: ULONG,
+ Handler: PVECTORED_EXCEPTION_HANDLER,
+ ) -> PVOID;
+ fn RtlRemoveVectoredContinueHandler(
+ Handle: PVOID,
+ ) -> ULONG;
+}}
+FN!{stdcall PRTLP_UNHANDLED_EXCEPTION_FILTER(
+ ExceptionInfo: PEXCEPTION_POINTERS,
+) -> ULONG}
+EXTERN!{extern "system" {
+ fn RtlSetUnhandledExceptionFilter(
+ UnhandledExceptionFilter: PRTLP_UNHANDLED_EXCEPTION_FILTER,
+ );
+ fn RtlUnhandledExceptionFilter(
+ ExceptionPointers: PEXCEPTION_POINTERS,
+ ) -> LONG;
+ fn RtlUnhandledExceptionFilter2(
+ ExceptionPointers: PEXCEPTION_POINTERS,
+ Flags: ULONG,
+ ) -> LONG;
+ fn RtlKnownExceptionFilter(
+ ExceptionPointers: PEXCEPTION_POINTERS,
+ ) -> LONG;
+}}
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+IFDEF!{
+ENUM!{enum FUNCTION_TABLE_TYPE {
+ RF_SORTED = 0,
+ RF_UNSORTED = 1,
+ RF_CALLBACK = 2,
+ RF_KERNEL_DYNAMIC = 3,
+}}
+STRUCT!{struct DYNAMIC_FUNCTION_TABLE {
+ ListEntry: LIST_ENTRY,
+ FunctionTable: PRUNTIME_FUNCTION,
+ TimeStamp: LARGE_INTEGER,
+ MinimumAddress: ULONG64,
+ MaximumAddress: ULONG64,
+ BaseAddress: ULONG64,
+ Callback: PGET_RUNTIME_FUNCTION_CALLBACK,
+ Context: PVOID,
+ OutOfProcessCallbackDll: PWSTR,
+ Type: FUNCTION_TABLE_TYPE,
+ EntryCount: ULONG,
+ TreeNode: RTL_BALANCED_NODE,
+}}
+pub type PDYNAMIC_FUNCTION_TABLE = *mut DYNAMIC_FUNCTION_TABLE;
+EXTERN!{extern "system" {
+ fn RtlGetFunctionTableListHead() -> PLIST_ENTRY;
+}}
+}
+EXTERN!{extern "system" {
+ fn RtlImageNtHeader(
+ BaseOfImage: PVOID,
+ ) -> PIMAGE_NT_HEADERS;
+}}
+pub const RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK: ULONG = 0x00000001;
+EXTERN!{extern "system" {
+ fn RtlImageNtHeaderEx(
+ Flags: ULONG,
+ BaseOfImage: PVOID,
+ Size: ULONG64,
+ OutHeaders: *mut PIMAGE_NT_HEADERS,
+ ) -> NTSTATUS;
+ fn RtlAddressInSectionTable(
+ NtHeaders: PIMAGE_NT_HEADERS,
+ BaseOfImage: PVOID,
+ VirtualAddress: ULONG,
+ ) -> PVOID;
+ fn RtlSectionTableFromVirtualAddress(
+ NtHeaders: PIMAGE_NT_HEADERS,
+ BaseOfImage: PVOID,
+ VirtualAddress: ULONG,
+ ) -> PIMAGE_SECTION_HEADER;
+ fn RtlImageDirectoryEntryToData(
+ BaseOfImage: PVOID,
+ MappedAsImage: BOOLEAN,
+ DirectoryEntry: USHORT,
+ Size: PULONG,
+ ) -> PVOID;
+ fn RtlImageRvaToSection(
+ NtHeaders: PIMAGE_NT_HEADERS,
+ BaseOfImage: PVOID,
+ Rva: ULONG,
+ ) -> PIMAGE_SECTION_HEADER;
+ fn RtlImageRvaToVa(
+ NtHeaders: PIMAGE_NT_HEADERS,
+ BaseOfImage: PVOID,
+ Rva: ULONG,
+ LastRvaSection: *mut PIMAGE_SECTION_HEADER,
+ ) -> PVOID;
+ fn RtlFindExportedRoutineByName(
+ BaseOfImage: PVOID,
+ RoutineName: PSTR,
+ ) -> PVOID;
+ fn RtlGuardCheckLongJumpTarget(
+ PcValue: PVOID,
+ IsFastFail: BOOL,
+ IsLongJumpTarget: PBOOL,
+ ) -> NTSTATUS;
+ fn RtlCompareMemoryUlong(
+ Source: PVOID,
+ Length: SIZE_T,
+ Pattern: ULONG,
+ ) -> SIZE_T;
+ fn RtlFillMemoryUlong(
+ Destination: PVOID,
+ Length: SIZE_T,
+ Pattern: ULONG,
+ );
+ fn RtlFillMemoryUlonglong(
+ Destination: PVOID,
+ Length: SIZE_T,
+ Pattern: ULONGLONG,
+ );
+ fn RtlCreateEnvironment(
+ CloneCurrentEnvironment: BOOLEAN,
+ Environment: *mut PVOID,
+ ) -> NTSTATUS;
+}}
+pub const RTL_CREATE_ENVIRONMENT_TRANSLATE: ULONG = 0x1;
+pub const RTL_CREATE_ENVIRONMENT_TRANSLATE_FROM_OEM: ULONG = 0x2;
+pub const RTL_CREATE_ENVIRONMENT_EMPTY: ULONG = 0x4;
+EXTERN!{extern "system" {
+ fn RtlCreateEnvironmentEx(
+ SourceEnv: PVOID,
+ Environment: *mut PVOID,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn RtlDestroyEnvironment(
+ Environment: PVOID,
+ ) -> NTSTATUS;
+ fn RtlSetCurrentEnvironment(
+ Environment: PVOID,
+ PreviousEnvironment: *mut PVOID,
+ ) -> NTSTATUS;
+ fn RtlSetEnvironmentVar(
+ Environment: *mut PWSTR,
+ Name: PWSTR,
+ NameLength: SIZE_T,
+ Value: PWSTR,
+ ValueLength: SIZE_T,
+ ) -> NTSTATUS;
+ fn RtlSetEnvironmentVariable(
+ Environment: *mut PVOID,
+ Name: PUNICODE_STRING,
+ Value: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlQueryEnvironmentVariable(
+ Environment: PVOID,
+ Name: PWSTR,
+ NameLength: SIZE_T,
+ Value: PWSTR,
+ ValueLength: SIZE_T,
+ ReturnLength: PSIZE_T,
+ ) -> NTSTATUS;
+ fn RtlQueryEnvironmentVariable_U(
+ Environment: PVOID,
+ Name: PUNICODE_STRING,
+ Value: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlExpandEnvironmentStrings(
+ Environment: PVOID,
+ Src: PWSTR,
+ SrcLength: SIZE_T,
+ Dst: PWSTR,
+ DstLength: SIZE_T,
+ ReturnLength: PSIZE_T,
+ ) -> NTSTATUS;
+ fn RtlExpandEnvironmentStrings_U(
+ Environment: PVOID,
+ Source: PUNICODE_STRING,
+ Destination: PUNICODE_STRING,
+ ReturnedLength: PULONG,
+ ) -> NTSTATUS;
+ fn RtlSetEnvironmentStrings(
+ NewEnvironment: PWCHAR,
+ NewEnvironmentSize: SIZE_T,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct RTLP_CURDIR_REF {
+ ReferenceCount: LONG,
+ DirectoryHandle: HANDLE,
+}}
+pub type PRTLP_CURDIR_REF = *mut RTLP_CURDIR_REF;
+STRUCT!{struct RTL_RELATIVE_NAME_U {
+ RelativeName: UNICODE_STRING,
+ ContainingDirectory: HANDLE,
+ CurDirRef: PRTLP_CURDIR_REF,
+}}
+pub type PRTL_RELATIVE_NAME_U = *mut RTL_RELATIVE_NAME_U;
+ENUM!{enum RTL_PATH_TYPE {
+ RtlPathTypeUnknown = 0,
+ RtlPathTypeUncAbsolute = 1,
+ RtlPathTypeDriveAbsolute = 2,
+ RtlPathTypeDriveRelative = 3,
+ RtlPathTypeRooted = 4,
+ RtlPathTypeRelative = 5,
+ RtlPathTypeLocalDevice = 6,
+ RtlPathTypeRootLocalDevice = 7,
+}}
+EXTERN!{extern "C" {
+ static mut RtlDosPathSeperatorsString: UNICODE_STRING;
+ static mut RtlAlternateDosPathSeperatorString: UNICODE_STRING;
+ static mut RtlNtPathSeperatorString: UNICODE_STRING;
+}}
+/// "ntdll.dll"
+pub const RtlNtdllName: UTF16Const = UTF16Const(&[
+ 0x006E, 0x0074, 0x0064, 0x006C, 0x006C, 0x002E, 0x0064, 0x006C, 0x006C, 0u16,
+]);
+EXTERN!{extern "system" {
+ fn RtlDetermineDosPathNameType_U(
+ DosFileName: PWSTR,
+ ) -> RTL_PATH_TYPE;
+ fn RtlDetermineDosPathNameType_Ustr(
+ DosFileName: PCUNICODE_STRING,
+ ) -> RTL_PATH_TYPE;
+ fn RtlIsDosDeviceName_U(
+ DosFileName: PWSTR,
+ ) -> ULONG;
+ fn RtlIsDosDeviceName_Ustr(
+ DosFileName: PUNICODE_STRING,
+ ) -> ULONG;
+ fn RtlGetFullPathName_U(
+ FileName: PWSTR,
+ BufferLength: ULONG,
+ Buffer: PWSTR,
+ FilePart: *mut PWSTR,
+ ) -> ULONG;
+ fn RtlGetFullPathName_UEx(
+ FileName: PWSTR,
+ BufferLength: ULONG,
+ Buffer: PWSTR,
+ FilePart: *mut PWSTR,
+ BytesRequired: *mut ULONG,
+ ) -> NTSTATUS;
+ fn RtlGetFullPathName_UstrEx(
+ FileName: PUNICODE_STRING,
+ StaticString: PUNICODE_STRING,
+ DynamicString: PUNICODE_STRING,
+ StringUsed: *mut PUNICODE_STRING,
+ FilePartPrefixCch: *mut SIZE_T,
+ NameInvalid: PBOOLEAN,
+ InputPathType: *mut RTL_PATH_TYPE,
+ BytesRequired: *mut SIZE_T,
+ ) -> NTSTATUS;
+ fn RtlGetCurrentDirectory_U(
+ BufferLength: ULONG,
+ Buffer: PWSTR,
+ ) -> ULONG;
+ fn RtlSetCurrentDirectory_U(
+ PathName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlGetLongestNtPathLength() -> ULONG;
+ fn RtlDosPathNameToNtPathName_U(
+ DosFileName: PWSTR,
+ NtFileName: PUNICODE_STRING,
+ FilePart: *mut PWSTR,
+ RelativeName: PRTL_RELATIVE_NAME_U,
+ ) -> BOOLEAN;
+ fn RtlDosPathNameToNtPathName_U_WithStatus(
+ DosFileName: PWSTR,
+ NtFileName: PUNICODE_STRING,
+ FilePart: *mut PWSTR,
+ RelativeName: PRTL_RELATIVE_NAME_U,
+ ) -> NTSTATUS;
+ fn RtlDosLongPathNameToNtPathName_U_WithStatus(
+ DosFileName: PWSTR,
+ NtFileName: PUNICODE_STRING,
+ FilePart: *mut PWSTR,
+ RelativeName: PRTL_RELATIVE_NAME_U,
+ ) -> NTSTATUS;
+ fn RtlDosPathNameToRelativeNtPathName_U(
+ DosFileName: PWSTR,
+ NtFileName: PUNICODE_STRING,
+ FilePart: *mut PWSTR,
+ RelativeName: PRTL_RELATIVE_NAME_U,
+ ) -> BOOLEAN;
+ fn RtlDosPathNameToRelativeNtPathName_U_WithStatus(
+ DosFileName: PWSTR,
+ NtFileName: PUNICODE_STRING,
+ FilePart: *mut PWSTR,
+ RelativeName: PRTL_RELATIVE_NAME_U,
+ ) -> NTSTATUS;
+ fn RtlDosLongPathNameToRelativeNtPathName_U_WithStatus(
+ DosFileName: PWSTR,
+ NtFileName: PUNICODE_STRING,
+ FilePart: *mut PWSTR,
+ RelativeName: PRTL_RELATIVE_NAME_U,
+ ) -> NTSTATUS;
+ fn RtlReleaseRelativeName(
+ RelativeName: PRTL_RELATIVE_NAME_U,
+ );
+ fn RtlDosSearchPath_U(
+ Path: PWSTR,
+ FileName: PWSTR,
+ Extension: PWSTR,
+ BufferLength: ULONG,
+ Buffer: PWSTR,
+ FilePart: *mut PWSTR,
+ ) -> ULONG;
+}}
+pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION: ULONG = 0x00000001;
+pub const RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH: ULONG = 0x00000002;
+pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION: ULONG = 0x00000004;
+EXTERN!{extern "system" {
+ fn RtlDosSearchPath_Ustr(
+ Flags: ULONG,
+ Path: PUNICODE_STRING,
+ FileName: PUNICODE_STRING,
+ DefaultExtension: PUNICODE_STRING,
+ StaticString: PUNICODE_STRING,
+ DynamicString: PUNICODE_STRING,
+ FullFileNameOut: *mut PCUNICODE_STRING,
+ FilePartPrefixCch: *mut SIZE_T,
+ BytesRequired: *mut SIZE_T,
+ ) -> NTSTATUS;
+ fn RtlDoesFileExists_U(
+ FileName: PWSTR,
+ ) -> BOOLEAN;
+ fn RtlGetLengthWithoutLastFullDosOrNtPathElement(
+ Flags: ULONG,
+ PathString: PUNICODE_STRING,
+ Length: PULONG,
+ ) -> NTSTATUS;
+ fn RtlGetLengthWithoutTrailingPathSeperators(
+ Flags: ULONG,
+ PathString: PUNICODE_STRING,
+ Length: PULONG,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct GENERATE_NAME_CONTEXT {
+ Checksum: USHORT,
+ CheckSumInserted: BOOLEAN,
+ NameLength: UCHAR,
+ NameBuffer: [WCHAR; 8],
+ ExtensionLength: ULONG,
+ ExtensionBuffer: [WCHAR; 4],
+ LastIndexValue: ULONG,
+}}
+pub type PGENERATE_NAME_CONTEXT = *mut GENERATE_NAME_CONTEXT;
+EXTERN!{extern "system" {
+ fn RtlGenerate8dot3Name(
+ Name: PCUNICODE_STRING,
+ AllowExtendedCharacters: BOOLEAN,
+ Context: PGENERATE_NAME_CONTEXT,
+ Name8dot3: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlComputePrivatizedDllName_U(
+ DllName: PUNICODE_STRING,
+ RealName: PUNICODE_STRING,
+ LocalName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlGetSearchPath(
+ SearchPathA: *mut PWSTR,
+ ) -> BOOLEAN;
+ fn RtlSetSearchPathMode(
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn RtlGetExePath() -> PWSTR;
+ fn RtlGetNtSystemRoot() -> PWSTR;
+ fn RtlAreLongPathsEnabled() -> BOOLEAN;
+ fn RtlIsThreadWithinLoaderCallout() -> BOOLEAN;
+ fn RtlDllShutdownInProgress() -> BOOLEAN;
+}}
+STRUCT!{struct RTL_HEAP_ENTRY_u_s1 {
+ Settable: SIZE_T,
+ Tag: ULONG,
+}}
+STRUCT!{struct RTL_HEAP_ENTRY_u_s2 {
+ CommittedSize: SIZE_T,
+ FirstBlock: PVOID,
+}}
+UNION!{union RTL_HEAP_ENTRY_u {
+ s1: RTL_HEAP_ENTRY_u_s1,
+ s2: RTL_HEAP_ENTRY_u_s2,
+}}
+STRUCT!{struct RTL_HEAP_ENTRY {
+ Size: SIZE_T,
+ Flags: USHORT,
+ AllocatorBackTraceIndex: USHORT,
+ u: RTL_HEAP_ENTRY_u,
+}}
+pub type PRTL_HEAP_ENTRY = *mut RTL_HEAP_ENTRY;
+pub const RTL_HEAP_BUSY: USHORT = 0x0001;
+pub const RTL_HEAP_SEGMENT: USHORT = 0x0002;
+pub const RTL_HEAP_SETTABLE_VALUE: USHORT = 0x0010;
+pub const RTL_HEAP_SETTABLE_FLAG1: USHORT = 0x0020;
+pub const RTL_HEAP_SETTABLE_FLAG2: USHORT = 0x0040;
+pub const RTL_HEAP_SETTABLE_FLAG3: USHORT = 0x0080;
+pub const RTL_HEAP_SETTABLE_FLAGS: USHORT = 0x00e0;
+pub const RTL_HEAP_UNCOMMITTED_RANGE: USHORT = 0x0100;
+pub const RTL_HEAP_PROTECTED_ENTRY: USHORT = 0x0200;
+STRUCT!{struct RTL_HEAP_TAG {
+ NumberOfAllocations: ULONG,
+ NumberOfFrees: ULONG,
+ BytesAllocated: SIZE_T,
+ TagIndex: USHORT,
+ CreatorBackTraceIndex: USHORT,
+ TagName: [WCHAR; 24],
+}}
+pub type PRTL_HEAP_TAG = *mut RTL_HEAP_TAG;
+STRUCT!{struct RTL_HEAP_INFORMATION {
+ BaseAddress: PVOID,
+ Flags: ULONG,
+ EntryOverhead: USHORT,
+ CreatorBackTraceIndex: USHORT,
+ BytesAllocated: SIZE_T,
+ BytesCommitted: SIZE_T,
+ NumberOfTags: ULONG,
+ NumberOfEntries: ULONG,
+ NumberOfPseudoTags: ULONG,
+ PseudoTagGranularity: ULONG,
+ Reserved: [ULONG; 5],
+ Tags: PRTL_HEAP_TAG,
+ Entries: PRTL_HEAP_ENTRY,
+}}
+pub type PRTL_HEAP_INFORMATION = *mut RTL_HEAP_INFORMATION;
+STRUCT!{struct RTL_PROCESS_HEAPS {
+ NumberOfHeaps: ULONG,
+ Heaps: [RTL_HEAP_INFORMATION; 1],
+}}
+pub type PRTL_PROCESS_HEAPS = *mut RTL_PROCESS_HEAPS;
+FN!{stdcall PRTL_HEAP_COMMIT_ROUTINE(
+ Base: PVOID,
+ CommitAddress: *mut PVOID,
+ CommitSize: PSIZE_T,
+) -> NTSTATUS}
+STRUCT!{struct RTL_HEAP_PARAMETERS {
+ Length: ULONG,
+ SegmentReserve: SIZE_T,
+ SegmentCommit: SIZE_T,
+ DeCommitFreeBlockThreshold: SIZE_T,
+ DeCommitTotalFreeThreshold: SIZE_T,
+ MaximumAllocationSize: SIZE_T,
+ VirtualMemoryThreshold: SIZE_T,
+ InitialCommit: SIZE_T,
+ InitialReserve: SIZE_T,
+ CommitRoutine: PRTL_HEAP_COMMIT_ROUTINE,
+ Reserved: [SIZE_T; 2],
+}}
+pub type PRTL_HEAP_PARAMETERS = *mut RTL_HEAP_PARAMETERS;
+pub const HEAP_SETTABLE_USER_VALUE: ULONG = 0x00000100;
+pub const HEAP_SETTABLE_USER_FLAG1: ULONG = 0x00000200;
+pub const HEAP_SETTABLE_USER_FLAG2: ULONG = 0x00000400;
+pub const HEAP_SETTABLE_USER_FLAG3: ULONG = 0x00000800;
+pub const HEAP_SETTABLE_USER_FLAGS: ULONG = 0x00000e00;
+pub const HEAP_CLASS_0: ULONG = 0x00000000;
+pub const HEAP_CLASS_1: ULONG = 0x00001000;
+pub const HEAP_CLASS_2: ULONG = 0x00002000;
+pub const HEAP_CLASS_3: ULONG = 0x00003000;
+pub const HEAP_CLASS_4: ULONG = 0x00004000;
+pub const HEAP_CLASS_5: ULONG = 0x00005000;
+pub const HEAP_CLASS_6: ULONG = 0x00006000;
+pub const HEAP_CLASS_7: ULONG = 0x00007000;
+pub const HEAP_CLASS_8: ULONG = 0x00008000;
+pub const HEAP_CLASS_MASK: ULONG = 0x0000f000;
+EXTERN!{extern "system" {
+ fn RtlCreateHeap(
+ Flags: ULONG,
+ HeapBase: PVOID,
+ ReserveSize: SIZE_T,
+ CommitSize: SIZE_T,
+ Lock: PVOID,
+ Parameters: PRTL_HEAP_PARAMETERS,
+ ) -> PVOID;
+ fn RtlDestroyHeap(
+ HeapHandle: PVOID,
+ ) -> PVOID;
+ fn RtlAllocateHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ Size: SIZE_T,
+ ) -> PVOID;
+ fn RtlFreeHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ BaseAddress: PVOID,
+ ) -> BOOLEAN;
+ fn RtlSizeHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ BaseAddress: PVOID,
+ ) -> SIZE_T;
+ fn RtlZeroHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn RtlProtectHeap(
+ HeapHandle: PVOID,
+ MakeReadOnly: BOOLEAN,
+ );
+}}
+#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
+pub unsafe fn RtlProcessHeap() -> PVOID {
+ use crate::ntpsapi::NtCurrentPeb;
+ (*NtCurrentPeb()).ProcessHeap
+}
+EXTERN!{extern "system" {
+ fn RtlLockHeap(
+ HeapHandle: PVOID,
+ ) -> BOOLEAN;
+ fn RtlUnlockHeap(
+ HeapHandle: PVOID,
+ ) -> BOOLEAN;
+ fn RtlReAllocateHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ BaseAddress: PVOID,
+ Size: SIZE_T,
+ ) -> PVOID;
+ fn RtlGetUserInfoHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ BaseAddress: PVOID,
+ UserValue: *mut PVOID,
+ UserFlags: PULONG,
+ ) -> BOOLEAN;
+ fn RtlSetUserValueHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ BaseAddress: PVOID,
+ UserValue: PVOID,
+ ) -> BOOLEAN;
+ fn RtlSetUserFlagsHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ BaseAddress: PVOID,
+ UserFlagsReset: ULONG,
+ UserFlagsSet: ULONG,
+ ) -> BOOLEAN;
+}}
+STRUCT!{struct RTL_HEAP_TAG_INFO {
+ NumberOfAllocations: ULONG,
+ NumberOfFrees: ULONG,
+ BytesAllocated: SIZE_T,
+}}
+pub type PRTL_HEAP_TAG_INFO = *mut RTL_HEAP_TAG_INFO;
+EXTERN!{extern "system" {
+ fn RtlCreateTagHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ TagPrefix: PWSTR,
+ TagNames: PWSTR,
+ ) -> ULONG;
+ fn RtlQueryTagHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ TagIndex: USHORT,
+ ResetCounters: BOOLEAN,
+ TagInfo: PRTL_HEAP_TAG_INFO,
+ ) -> PWSTR;
+ fn RtlExtendHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ Base: PVOID,
+ Size: SIZE_T,
+ ) -> NTSTATUS;
+ fn RtlCompactHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ ) -> SIZE_T;
+ fn RtlValidateHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ BaseAddress: PVOID,
+ ) -> BOOLEAN;
+ fn RtlValidateProcessHeaps() -> BOOLEAN;
+ fn RtlGetProcessHeaps(
+ NumberOfHeaps: ULONG,
+ ProcessHeaps: *mut PVOID,
+ ) -> ULONG;
+}}
+FN!{stdcall PRTL_ENUM_HEAPS_ROUTINE(
+ HeapHandle: PVOID,
+ Parameter: PVOID,
+) -> NTSTATUS}
+EXTERN!{extern "system" {
+ fn RtlEnumProcessHeaps(
+ EnumRoutine: PRTL_ENUM_HEAPS_ROUTINE,
+ Parameter: PVOID,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct RTL_HEAP_USAGE_ENTRY {
+ Next: *mut RTL_HEAP_USAGE_ENTRY,
+ Address: PVOID,
+ Size: SIZE_T,
+ AllocatorBackTraceIndex: USHORT,
+ TagIndex: USHORT,
+}}
+pub type PRTL_HEAP_USAGE_ENTRY = *mut RTL_HEAP_USAGE_ENTRY;
+STRUCT!{struct RTL_HEAP_USAGE {
+ Length: ULONG,
+ BytesAllocated: SIZE_T,
+ BytesCommitted: SIZE_T,
+ BytesReserved: SIZE_T,
+ BytesReservedMaximum: SIZE_T,
+ Entries: PRTL_HEAP_USAGE_ENTRY,
+ AddedEntries: PRTL_HEAP_USAGE_ENTRY,
+ RemovedEntries: PRTL_HEAP_USAGE_ENTRY,
+ Reserved: [ULONG_PTR; 8],
+}}
+pub type PRTL_HEAP_USAGE = *mut RTL_HEAP_USAGE;
+pub const HEAP_USAGE_ALLOCATED_BLOCKS: ULONG = HEAP_REALLOC_IN_PLACE_ONLY;
+pub const HEAP_USAGE_FREE_BUFFER: ULONG = HEAP_ZERO_MEMORY;
+EXTERN!{extern "system" {
+ fn RtlUsageHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ Usage: PRTL_HEAP_USAGE,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Block {
+ Settable: SIZE_T,
+ TagIndex: USHORT,
+ AllocatorBackTraceIndex: USHORT,
+ Reserved: [ULONG; 2],
+}}
+STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Segment {
+ CommittedSize: ULONG,
+ UnCommittedSize: ULONG,
+ FirstEntry: PVOID,
+ LastEntry: PVOID,
+}}
+UNION!{union RTL_HEAP_WALK_ENTRY_u {
+ Block: RTL_HEAP_WALK_ENTRY_u_Block,
+ Segment: RTL_HEAP_WALK_ENTRY_u_Segment,
+}}
+STRUCT!{struct RTL_HEAP_WALK_ENTRY {
+ DataAddress: PVOID,
+ DataSize: SIZE_T,
+ OverheadBytes: UCHAR,
+ SegmentIndex: UCHAR,
+ Flags: USHORT,
+ u: RTL_HEAP_WALK_ENTRY_u,
+}}
+pub type PRTL_HEAP_WALK_ENTRY = *mut RTL_HEAP_WALK_ENTRY;
+EXTERN!{extern "system" {
+ fn RtlWalkHeap(
+ HeapHandle: PVOID,
+ Entry: PRTL_HEAP_WALK_ENTRY,
+ ) -> NTSTATUS;
+}}
+pub const HeapDetailedFailureInformation: u32 = 0x80000001;
+pub const HeapSetDebuggingInformation: u32 = 0x80000002;
+ENUM!{enum HEAP_COMPATIBILITY_MODE {
+ HEAP_COMPATIBILITY_STANDARD = 0,
+ HEAP_COMPATIBILITY_LAL = 1,
+ HEAP_COMPATIBILITY_LFH = 2,
+}}
+STRUCT!{struct PROCESS_HEAP_INFORMATION {
+ ReserveSize: ULONG_PTR,
+ CommitSize: ULONG_PTR,
+ NumberOfHeaps: ULONG,
+ FirstHeapInformationOffset: ULONG_PTR,
+}}
+pub type PPROCESS_HEAP_INFORMATION = *mut PROCESS_HEAP_INFORMATION;
+STRUCT!{struct HEAP_INFORMATION {
+ Address: ULONG_PTR,
+ Mode: ULONG,
+ ReserveSize: ULONG_PTR,
+ CommitSize: ULONG_PTR,
+ FirstRegionInformationOffset: ULONG_PTR,
+ NextHeapInformationOffset: ULONG_PTR,
+}}
+pub type PHEAP_INFORMATION = *mut HEAP_INFORMATION;
+UNION!{union HEAP_EXTENDED_INFORMATION_u {
+ ProcessHeapInformation: PROCESS_HEAP_INFORMATION,
+ HeapInformation: HEAP_INFORMATION,
+}}
+STRUCT!{struct HEAP_EXTENDED_INFORMATION {
+ Process: HANDLE,
+ Heap: ULONG_PTR,
+ Level: ULONG,
+ CallbackRoutine: PVOID,
+ CallbackContext: PVOID,
+ u: HEAP_EXTENDED_INFORMATION_u,
+}}
+pub type PHEAP_EXTENDED_INFORMATION = *mut HEAP_EXTENDED_INFORMATION;
+FN!{stdcall PRTL_HEAP_LEAK_ENUMERATION_ROUTINE(
+ Reserved: LONG,
+ HeapHandle: PVOID,
+ BaseAddress: PVOID,
+ BlockSize: SIZE_T,
+ StackTraceDepth: ULONG,
+ StackTrace: *mut PVOID,
+) -> NTSTATUS}
+STRUCT!{struct HEAP_DEBUGGING_INFORMATION {
+ InterceptorFunction: PVOID,
+ InterceptorValue: USHORT,
+ ExtendedOptions: ULONG,
+ StackTraceDepth: ULONG,
+ MinTotalBlockSize: SIZE_T,
+ MaxTotalBlockSize: SIZE_T,
+ HeapLeakEnumerationRoutine: PRTL_HEAP_LEAK_ENUMERATION_ROUTINE,
+}}
+pub type PHEAP_DEBUGGING_INFORMATION = *mut HEAP_DEBUGGING_INFORMATION;
+EXTERN!{extern "system" {
+ fn RtlQueryHeapInformation(
+ HeapHandle: PVOID,
+ HeapInformationClass: HEAP_INFORMATION_CLASS,
+ HeapInformation: PVOID,
+ HeapInformationLength: SIZE_T,
+ ReturnLength: PSIZE_T,
+ ) -> NTSTATUS;
+ fn RtlSetHeapInformation(
+ HeapHandle: PVOID,
+ HeapInformationClass: HEAP_INFORMATION_CLASS,
+ HeapInformation: PVOID,
+ HeapInformationLength: SIZE_T,
+ ) -> NTSTATUS;
+ fn RtlMultipleAllocateHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ Size: SIZE_T,
+ Count: ULONG,
+ Array: *mut PVOID,
+ ) -> ULONG;
+ fn RtlMultipleFreeHeap(
+ HeapHandle: PVOID,
+ Flags: ULONG,
+ Count: ULONG,
+ Array: *mut PVOID,
+ ) -> ULONG;
+ fn RtlDetectHeapLeaks();
+ fn RtlFlushHeaps();
+}}
+STRUCT!{struct RTL_MEMORY_ZONE_SEGMENT {
+ NextSegment: *mut RTL_MEMORY_ZONE_SEGMENT,
+ Size: SIZE_T,
+ Next: PVOID,
+ Limit: PVOID,
+}}
+pub type PRTL_MEMORY_ZONE_SEGMENT = *mut RTL_MEMORY_ZONE_SEGMENT;
+STRUCT!{struct RTL_MEMORY_ZONE {
+ Segment: RTL_MEMORY_ZONE_SEGMENT,
+ Lock: RTL_SRWLOCK,
+ LockCount: ULONG,
+ FirstSegment: PRTL_MEMORY_ZONE_SEGMENT,
+}}
+pub type PRTL_MEMORY_ZONE = *mut RTL_MEMORY_ZONE;
+EXTERN!{extern "system" {
+ fn RtlCreateMemoryZone(
+ MemoryZone: *mut PVOID,
+ InitialSize: SIZE_T,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn RtlDestroyMemoryZone(
+ MemoryZone: PVOID,
+ ) -> NTSTATUS;
+ fn RtlAllocateMemoryZone(
+ MemoryZone: PVOID,
+ BlockSize: SIZE_T,
+ Block: *mut PVOID,
+ ) -> NTSTATUS;
+ fn RtlResetMemoryZone(
+ MemoryZone: PVOID,
+ ) -> NTSTATUS;
+ fn RtlLockMemoryZone(
+ MemoryZone: PVOID,
+ ) -> NTSTATUS;
+ fn RtlUnlockMemoryZone(
+ MemoryZone: PVOID,
+ ) -> NTSTATUS;
+ fn RtlCreateMemoryBlockLookaside(
+ MemoryBlockLookaside: *mut PVOID,
+ Flags: ULONG,
+ InitialSize: ULONG,
+ MinimumBlockSize: ULONG,
+ MaximumBlockSize: ULONG,
+ ) -> NTSTATUS;
+ fn RtlDestroyMemoryBlockLookaside(
+ MemoryBlockLookaside: PVOID,
+ ) -> NTSTATUS;
+ fn RtlAllocateMemoryBlockLookaside(
+ MemoryBlockLookaside: PVOID,
+ BlockSize: ULONG,
+ Block: *mut PVOID,
+ ) -> NTSTATUS;
+ fn RtlFreeMemoryBlockLookaside(
+ MemoryBlockLookaside: PVOID,
+ Block: PVOID,
+ ) -> NTSTATUS;
+ fn RtlExtendMemoryBlockLookaside(
+ MemoryBlockLookaside: PVOID,
+ Increment: ULONG,
+ ) -> NTSTATUS;
+ fn RtlResetMemoryBlockLookaside(
+ MemoryBlockLookaside: PVOID,
+ ) -> NTSTATUS;
+ fn RtlLockMemoryBlockLookaside(
+ MemoryBlockLookaside: PVOID,
+ ) -> NTSTATUS;
+ fn RtlUnlockMemoryBlockLookaside(
+ MemoryBlockLookaside: PVOID,
+ ) -> NTSTATUS;
+ fn RtlGetCurrentTransaction() -> HANDLE;
+ fn RtlSetCurrentTransaction(
+ TransactionHandle: HANDLE,
+ ) -> LOGICAL;
+}}
+#[inline]
+pub const fn RtlIsEqualLuid(L1: &LUID, L2: &LUID) -> bool {
+ ((L1.LowPart == L2.LowPart) & (L1.HighPart == L2.HighPart)) as u8 != 0 //fixme
+}
+#[inline]
+pub const fn RtlIsZeroLuid(L1: &LUID) -> bool {
+ (L1.LowPart | L1.HighPart as u32) == 0
+}
+#[inline]
+pub const fn RtlConvertLongToLuid(Long: LONG) -> LUID {
+ LUID { LowPart: Long as u32, HighPart: ((Long as i64) >> 32) as i32 }
+}
+#[inline]
+pub const fn RtlConvertUlongToLuid(Ulong: ULONG) -> LUID {
+ LUID { LowPart: Ulong, HighPart: 0 }
+}
+EXTERN!{extern "system" {
+ fn RtlCopyLuid(
+ DestinationLuid: PLUID,
+ SourceLuid: PLUID,
+ );
+ fn RtlCopyLuidAndAttributesArray(
+ Count: ULONG,
+ Src: PLUID_AND_ATTRIBUTES,
+ Dest: PLUID_AND_ATTRIBUTES,
+ );
+}}
+STRUCT!{struct RTL_PROCESS_VERIFIER_OPTIONS {
+ SizeStruct: ULONG,
+ Option: ULONG,
+ OptionData: [UCHAR; 1],
+}}
+pub type PRTL_PROCESS_VERIFIER_OPTIONS = *mut RTL_PROCESS_VERIFIER_OPTIONS;
+UNION!{union RTL_DEBUG_INFORMATION_u {
+ Modules: *mut RTL_PROCESS_MODULES,
+ ModulesEx: *mut RTL_PROCESS_MODULE_INFORMATION_EX,
+}}
+STRUCT!{struct RTL_DEBUG_INFORMATION {
+ SectionHandleClient: HANDLE,
+ ViewBaseClient: PVOID,
+ ViewBaseTarget: PVOID,
+ ViewBaseDelta: ULONG_PTR,
+ EventPairClient: HANDLE,
+ EventPairTarget: HANDLE,
+ TargetProcessId: HANDLE,
+ TargetThreadHandle: HANDLE,
+ Flags: ULONG,
+ OffsetFree: SIZE_T,
+ CommitSize: SIZE_T,
+ ViewSize: SIZE_T,
+ u: RTL_DEBUG_INFORMATION_u,
+ BackTraces: *mut RTL_PROCESS_BACKTRACES,
+ Heaps: *mut RTL_PROCESS_HEAPS,
+ Locks: *mut RTL_PROCESS_LOCKS,
+ SpecificHeap: PVOID,
+ TargetProcessHandle: HANDLE,
+ VerifierOptions: PRTL_PROCESS_VERIFIER_OPTIONS,
+ ProcessHeap: PVOID,
+ CriticalSectionHandle: HANDLE,
+ CriticalSectionOwnerThread: HANDLE,
+ Reserved: [PVOID; 4],
+}}
+pub type PRTL_DEBUG_INFORMATION = *mut RTL_DEBUG_INFORMATION;
+EXTERN!{extern "system" {
+ fn RtlCreateQueryDebugBuffer(
+ MaximumCommit: ULONG,
+ UseEventPair: BOOLEAN,
+ ) -> PRTL_DEBUG_INFORMATION;
+ fn RtlDestroyQueryDebugBuffer(
+ Buffer: PRTL_DEBUG_INFORMATION,
+ ) -> NTSTATUS;
+ fn RtlCommitDebugInfo(
+ Buffer: PRTL_DEBUG_INFORMATION,
+ Size: SIZE_T,
+ ) -> PVOID;
+ fn RtlDeCommitDebugInfo(
+ Buffer: PRTL_DEBUG_INFORMATION,
+ p: PVOID,
+ Size: SIZE_T,
+ );
+}}
+pub const RTL_QUERY_PROCESS_MODULES: ULONG = 0x00000001;
+pub const RTL_QUERY_PROCESS_BACKTRACES: ULONG = 0x00000002;
+pub const RTL_QUERY_PROCESS_HEAP_SUMMARY: ULONG = 0x00000004;
+pub const RTL_QUERY_PROCESS_HEAP_TAGS: ULONG = 0x00000008;
+pub const RTL_QUERY_PROCESS_HEAP_ENTRIES: ULONG = 0x00000010;
+pub const RTL_QUERY_PROCESS_LOCKS: ULONG = 0x00000020;
+pub const RTL_QUERY_PROCESS_MODULES32: ULONG = 0x00000040;
+pub const RTL_QUERY_PROCESS_VERIFIER_OPTIONS: ULONG = 0x00000080;
+pub const RTL_QUERY_PROCESS_MODULESEX: ULONG = 0x00000100;
+pub const RTL_QUERY_PROCESS_HEAP_ENTRIES_EX: ULONG = 0x00000200;
+pub const RTL_QUERY_PROCESS_CS_OWNER: ULONG = 0x00000400;
+pub const RTL_QUERY_PROCESS_NONINVASIVE: ULONG = 0x80000000;
+EXTERN!{extern "system" {
+ fn RtlQueryProcessDebugInformation(
+ UniqueProcessId: HANDLE,
+ Flags: ULONG,
+ Buffer: PRTL_DEBUG_INFORMATION,
+ ) -> NTSTATUS;
+ fn RtlFindMessage(
+ DllHandle: PVOID,
+ MessageTableId: ULONG,
+ MessageLanguageId: ULONG,
+ MessageId: ULONG,
+ MessageEntry: *mut PMESSAGE_RESOURCE_ENTRY,
+ ) -> NTSTATUS;
+ fn RtlFormatMessage(
+ MessageFormat: PWSTR,
+ MaximumWidth: ULONG,
+ IgnoreInserts: BOOLEAN,
+ ArgumentsAreAnsi: BOOLEAN,
+ ArgumentsAreAnArray: BOOLEAN,
+ Arguments: *mut va_list,
+ Buffer: PWSTR,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct PARSE_MESSAGE_CONTEXT {
+ fFlags: ULONG,
+ cwSavColumn: ULONG,
+ iwSrc: SIZE_T,
+ iwDst: SIZE_T,
+ iwDstSpace: SIZE_T,
+ lpvArgStart: va_list,
+}}
+pub type PPARSE_MESSAGE_CONTEXT = *mut PARSE_MESSAGE_CONTEXT;
+#[inline]
+pub fn INIT_PARSE_MESSAGE_CONTEXT(ctx: &mut PARSE_MESSAGE_CONTEXT) {
+ ctx.fFlags = 0;
+}
+#[inline]
+pub fn TEST_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG {
+ ctx.fFlags & flag
+}
+#[inline]
+pub fn SET_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG {
+ ctx.fFlags |= flag;
+ ctx.fFlags
+}
+#[inline]
+pub fn CLEAR_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG {
+ ctx.fFlags &= !flag;
+ ctx.fFlags
+}
+EXTERN!{extern "system" {
+ fn RtlFormatMessageEx(
+ MessageFormat: PWSTR,
+ MaximumWidth: ULONG,
+ IgnoreInserts: BOOLEAN,
+ ArgumentsAreAnsi: BOOLEAN,
+ ArgumentsAreAnArray: BOOLEAN,
+ Arguments: *mut va_list,
+ Buffer: PWSTR,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ParseContext: PPARSE_MESSAGE_CONTEXT,
+ ) -> NTSTATUS;
+ fn RtlNtStatusToDosError(
+ Status: NTSTATUS,
+ ) -> ULONG;
+ fn RtlNtStatusToDosErrorNoTeb(
+ Status: NTSTATUS,
+ ) -> ULONG;
+ fn RtlGetLastNtStatus() -> NTSTATUS;
+ fn RtlGetLastWin32Error() -> LONG;
+ fn RtlSetLastWin32ErrorAndNtStatusFromNtStatus(
+ Status: NTSTATUS,
+ );
+ fn RtlSetLastWin32Error(
+ Win32Error: LONG,
+ );
+ fn RtlRestoreLastWin32Error(
+ Win32Error: LONG,
+ );
+}}
+pub const RTL_ERRORMODE_FAILCRITICALERRORS: ULONG = 0x0010;
+pub const RTL_ERRORMODE_NOGPFAULTERRORBOX: ULONG = 0x0020;
+pub const RTL_ERRORMODE_NOOPENFILEERRORBOX: ULONG = 0x0040;
+EXTERN!{extern "system" {
+ fn RtlGetThreadErrorMode() -> ULONG;
+ fn RtlSetThreadErrorMode(
+ NewMode: ULONG,
+ OldMode: PULONG,
+ ) -> NTSTATUS;
+ fn RtlReportException(
+ ExceptionRecord: PEXCEPTION_RECORD,
+ ContextRecord: PCONTEXT,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn RtlReportExceptionEx(
+ ExceptionRecord: PEXCEPTION_RECORD,
+ ContextRecord: PCONTEXT,
+ Flags: ULONG,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn RtlWerpReportException(
+ ProcessId: ULONG,
+ CrashReportSharedMem: HANDLE,
+ Flags: ULONG,
+ CrashVerticalProcessHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn RtlReportSilentProcessExit(
+ ProcessHandle: HANDLE,
+ ExitStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn RtlUniform(
+ Seed: PULONG,
+ ) -> ULONG;
+ fn RtlRandom(
+ Seed: PULONG,
+ ) -> ULONG;
+ fn RtlRandomEx(
+ Seed: PULONG,
+ ) -> ULONG;
+ fn RtlComputeImportTableHash(
+ FileHandle: HANDLE,
+ Hash: PCHAR,
+ ImportTableHashRevision: ULONG,
+ ) -> NTSTATUS;
+ fn RtlIntegerToChar(
+ Value: ULONG,
+ Base: ULONG,
+ OutputLength: LONG,
+ String: PSTR,
+ ) -> NTSTATUS;
+ fn RtlCharToInteger(
+ String: PCSZ,
+ Base: ULONG,
+ Value: PULONG,
+ ) -> NTSTATUS;
+ fn RtlLargeIntegerToChar(
+ Value: PLARGE_INTEGER,
+ Base: ULONG,
+ OutputLength: LONG,
+ String: PSTR,
+ ) -> NTSTATUS;
+ fn RtlIntegerToUnicodeString(
+ Value: ULONG,
+ Base: ULONG,
+ String: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlInt64ToUnicodeString(
+ Value: ULONGLONG,
+ Base: ULONG,
+ String: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlUnicodeStringToInteger(
+ String: PCUNICODE_STRING,
+ Base: ULONG,
+ Value: PULONG,
+ ) -> NTSTATUS;
+ fn RtlIpv4AddressToStringExW(
+ Address: *const in_addr,
+ Port: USHORT,
+ AddressString: PWSTR,
+ AddressStringLength: PULONG,
+ ) -> NTSTATUS;
+ fn RtlIpv6AddressToStringExW(
+ Address: *const in6_addr,
+ ScopeId: ULONG,
+ Port: USHORT,
+ AddressString: PWSTR,
+ AddressStringLength: PULONG,
+ ) -> NTSTATUS;
+ fn RtlIpv4StringToAddressExW(
+ AddressString: PCWSTR,
+ Strict: BOOLEAN,
+ Address: *mut in_addr,
+ Port: PUSHORT,
+ ) -> NTSTATUS;
+ fn RtlIpv6StringToAddressExW(
+ AddressString: PCWSTR,
+ Address: *mut in6_addr,
+ ScopeId: PULONG,
+ Port: PUSHORT,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct TIME_FIELDS {
+ Year: CSHORT,
+ Month: CSHORT,
+ Day: CSHORT,
+ Hour: CSHORT,
+ Minute: CSHORT,
+ Second: CSHORT,
+ Milliseconds: CSHORT,
+ Weekday: CSHORT,
+}}
+pub type PTIME_FIELDS = *mut TIME_FIELDS;
+EXTERN!{extern "system" {
+ fn RtlCutoverTimeToSystemTime(
+ CutoverTime: PTIME_FIELDS,
+ SystemTime: PLARGE_INTEGER,
+ CurrentSystemTime: PLARGE_INTEGER,
+ ThisYear: BOOLEAN,
+ ) -> BOOLEAN;
+ fn RtlSystemTimeToLocalTime(
+ SystemTime: PLARGE_INTEGER,
+ LocalTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn RtlLocalTimeToSystemTime(
+ LocalTime: PLARGE_INTEGER,
+ SystemTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn RtlTimeToElapsedTimeFields(
+ Time: PLARGE_INTEGER,
+ TimeFields: PTIME_FIELDS,
+ );
+ fn RtlTimeToTimeFields(
+ Time: PLARGE_INTEGER,
+ TimeFields: PTIME_FIELDS,
+ );
+ fn RtlTimeFieldsToTime(
+ TimeFields: PTIME_FIELDS,
+ Time: PLARGE_INTEGER,
+ ) -> BOOLEAN;
+ fn RtlTimeToSecondsSince1980(
+ Time: PLARGE_INTEGER,
+ ElapsedSeconds: PULONG,
+ ) -> BOOLEAN;
+ fn RtlSecondsSince1980ToTime(
+ ElapsedSeconds: ULONG,
+ Time: PLARGE_INTEGER,
+ );
+ fn RtlTimeToSecondsSince1970(
+ Time: PLARGE_INTEGER,
+ ElapsedSeconds: PULONG,
+ ) -> BOOLEAN;
+ fn RtlSecondsSince1970ToTime(
+ ElapsedSeconds: ULONG,
+ Time: PLARGE_INTEGER,
+ );
+}}
+STRUCT!{struct RTL_TIME_ZONE_INFORMATION {
+ Bias: LONG,
+ StandardName: [WCHAR; 32],
+ StandardStart: TIME_FIELDS,
+ StandardBias: LONG,
+ DaylightName: [WCHAR; 32],
+ DaylightStart: TIME_FIELDS,
+ DaylightBias: LONG,
+}}
+pub type PRTL_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION;
+EXTERN!{extern "system" {
+ fn RtlQueryTimeZoneInformation(
+ TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION,
+ ) -> NTSTATUS;
+ fn RtlSetTimeZoneInformation(
+ TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct RTL_BITMAP {
+ SizeOfBitMap: ULONG,
+ Buffer: PULONG,
+}}
+pub type PRTL_BITMAP = *mut RTL_BITMAP;
+EXTERN!{extern "system" {
+ fn RtlInitializeBitMap(
+ BitMapHeader: PRTL_BITMAP,
+ BitMapBuffer: PULONG,
+ SizeOfBitMap: ULONG,
+ );
+ fn RtlClearBit(
+ BitMapHeader: PRTL_BITMAP,
+ BitNumber: ULONG,
+ );
+ fn RtlSetBit(
+ BitMapHeader: PRTL_BITMAP,
+ BitNumber: ULONG,
+ );
+ fn RtlTestBit(
+ BitMapHeader: PRTL_BITMAP,
+ BitNumber: ULONG,
+ ) -> BOOLEAN;
+ fn RtlClearAllBits(
+ BitMapHeader: PRTL_BITMAP,
+ );
+ fn RtlSetAllBits(
+ BitMapHeader: PRTL_BITMAP,
+ );
+ fn RtlFindClearBits(
+ BitMapHeader: PRTL_BITMAP,
+ NumberToFind: ULONG,
+ HintIndex: ULONG,
+ ) -> ULONG;
+ fn RtlFindSetBits(
+ BitMapHeader: PRTL_BITMAP,
+ NumberToFind: ULONG,
+ HintIndex: ULONG,
+ ) -> ULONG;
+ fn RtlFindClearBitsAndSet(
+ BitMapHeader: PRTL_BITMAP,
+ NumberToFind: ULONG,
+ HintIndex: ULONG,
+ ) -> ULONG;
+ fn RtlFindSetBitsAndClear(
+ BitMapHeader: PRTL_BITMAP,
+ NumberToFind: ULONG,
+ HintIndex: ULONG,
+ ) -> ULONG;
+ fn RtlClearBits(
+ BitMapHeader: PRTL_BITMAP,
+ StartingIndex: ULONG,
+ NumberToClear: ULONG,
+ );
+ fn RtlSetBits(
+ BitMapHeader: PRTL_BITMAP,
+ StartingIndex: ULONG,
+ NumberToSet: ULONG,
+ );
+ fn RtlFindMostSignificantBit(
+ Set: ULONGLONG,
+ ) -> CCHAR;
+ fn RtlFindLeastSignificantBit(
+ Set: ULONGLONG,
+ ) -> CCHAR;
+}}
+STRUCT!{struct RTL_BITMAP_RUN {
+ StartingIndex: ULONG,
+ NumberOfBits: ULONG,
+}}
+pub type PRTL_BITMAP_RUN = *mut RTL_BITMAP_RUN;
+EXTERN!{extern "system" {
+ fn RtlFindClearRuns(
+ BitMapHeader: PRTL_BITMAP,
+ RunArray: PRTL_BITMAP_RUN,
+ SizeOfRunArray: ULONG,
+ LocateLongestRuns: BOOLEAN,
+ ) -> ULONG;
+ fn RtlFindLongestRunClear(
+ BitMapHeader: PRTL_BITMAP,
+ StartingIndex: PULONG,
+ ) -> ULONG;
+ fn RtlFindFirstRunClear(
+ BitMapHeader: PRTL_BITMAP,
+ StartingIndex: PULONG,
+ ) -> ULONG;
+}}
+#[inline]
+pub unsafe fn RtlCheckBit(BitMapHeader: &RTL_BITMAP, BitPosition: ULONG) -> u8 {
+ #[cfg(all(target_arch = "x86_64", feature = "beta"))] {
+ use crate::winapi_local::um::winnt::_bittest64;
+ _bittest64(BitMapHeader.Buffer as *const i64, BitPosition as i64)
+ }
+ #[cfg(any(
+ target_arch = "x86",
+ all(target_arch = "x86_64", not(feature = "beta")),
+ target_arch = "aarch64",
+ ))] {
+ (*BitMapHeader.Buffer.offset(BitPosition as isize / 32) >> (BitPosition % 32) & 1) as u8
+ }
+}
+EXTERN!{extern "system" {
+ fn RtlNumberOfClearBits(
+ BitMapHeader: PRTL_BITMAP,
+ ) -> ULONG;
+ fn RtlNumberOfSetBits(
+ BitMapHeader: PRTL_BITMAP,
+ ) -> ULONG;
+ fn RtlAreBitsClear(
+ BitMapHeader: PRTL_BITMAP,
+ StartingIndex: ULONG,
+ Length: ULONG,
+ ) -> BOOLEAN;
+ fn RtlAreBitsSet(
+ BitMapHeader: PRTL_BITMAP,
+ StartingIndex: ULONG,
+ Length: ULONG,
+ ) -> BOOLEAN;
+ fn RtlFindNextForwardRunClear(
+ BitMapHeader: PRTL_BITMAP,
+ FromIndex: ULONG,
+ StartingRunIndex: PULONG,
+ ) -> ULONG;
+ fn RtlFindLastBackwardRunClear(
+ BitMapHeader: PRTL_BITMAP,
+ FromIndex: ULONG,
+ StartingRunIndex: PULONG,
+ ) -> ULONG;
+ fn RtlNumberOfSetBitsUlongPtr(
+ Target: ULONG_PTR,
+ ) -> ULONG;
+ fn RtlInterlockedClearBitRun(
+ BitMapHeader: PRTL_BITMAP,
+ StartingIndex: ULONG,
+ NumberToClear: ULONG,
+ );
+ fn RtlInterlockedSetBitRun(
+ BitMapHeader: PRTL_BITMAP,
+ StartingIndex: ULONG,
+ NumberToSet: ULONG,
+ );
+ fn RtlCopyBitMap(
+ Source: PRTL_BITMAP,
+ Destination: PRTL_BITMAP,
+ TargetBit: ULONG,
+ );
+ fn RtlExtractBitMap(
+ Source: PRTL_BITMAP,
+ Destination: PRTL_BITMAP,
+ TargetBit: ULONG,
+ NumberOfBits: ULONG,
+ );
+ fn RtlNumberOfClearBitsInRange(
+ BitMapHeader: PRTL_BITMAP,
+ StartingIndex: ULONG,
+ Length: ULONG,
+ ) -> ULONG;
+ fn RtlNumberOfSetBitsInRange(
+ BitMapHeader: PRTL_BITMAP,
+ StartingIndex: ULONG,
+ Length: ULONG,
+ ) -> ULONG;
+}}
+STRUCT!{struct RTL_BITMAP_EX {
+ SizeOfBitMap: ULONG64,
+ Buffer: PULONG64,
+}}
+pub type PRTL_BITMAP_EX = *mut RTL_BITMAP_EX;
+EXTERN!{extern "system" {
+ fn RtlInitializeBitMapEx(
+ BitMapHeader: PRTL_BITMAP_EX,
+ BitMapBuffer: PULONG64,
+ SizeOfBitMap: ULONG64,
+ );
+ fn RtlTestBitEx(
+ BitMapHeader: PRTL_BITMAP_EX,
+ BitNumber: ULONG64,
+ ) -> BOOLEAN;
+ fn RtlClearAllBitsEx(
+ BitMapHeader: PRTL_BITMAP_EX,
+ );
+ fn RtlClearBitEx(
+ BitMapHeader: PRTL_BITMAP_EX,
+ BitNumber: ULONG64,
+ );
+ fn RtlSetBitEx(
+ BitMapHeader: PRTL_BITMAP_EX,
+ BitNumber: ULONG64,
+ );
+ fn RtlFindSetBitsEx(
+ BitMapHeader: PRTL_BITMAP_EX,
+ NumberToFind: ULONG64,
+ HintIndex: ULONG64,
+ ) -> ULONG64;
+ fn RtlFindSetBitsAndClearEx(
+ BitMapHeader: PRTL_BITMAP_EX,
+ NumberToFind: ULONG64,
+ HintIndex: ULONG64,
+ ) -> ULONG64;
+}}
+UNION!{union RTL_HANDLE_TABLE_ENTRY {
+ Flags: ULONG,
+ NextFree: *mut RTL_HANDLE_TABLE_ENTRY,
+}}
+pub type PRTL_HANDLE_TABLE_ENTRY = *mut RTL_HANDLE_TABLE_ENTRY;
+pub const RTL_HANDLE_ALLOCATED: USHORT = 0x0001;
+STRUCT!{struct RTL_HANDLE_TABLE {
+ MaximumNumberOfHandles: ULONG,
+ SizeOfHandleTableEntry: ULONG,
+ Reserved: [ULONG; 2],
+ FreeHandles: PRTL_HANDLE_TABLE_ENTRY,
+ CommittedHandles: PRTL_HANDLE_TABLE_ENTRY,
+ UnCommittedHandles: PRTL_HANDLE_TABLE_ENTRY,
+ MaxReservedHandles: PRTL_HANDLE_TABLE_ENTRY,
+}}
+pub type PRTL_HANDLE_TABLE = *mut RTL_HANDLE_TABLE;
+EXTERN!{extern "system" {
+ fn RtlInitializeHandleTable(
+ MaximumNumberOfHandles: ULONG,
+ SizeOfHandleTableEntry: ULONG,
+ HandleTable: PRTL_HANDLE_TABLE,
+ );
+ fn RtlDestroyHandleTable(
+ HandleTable: PRTL_HANDLE_TABLE,
+ ) -> NTSTATUS;
+ fn RtlAllocateHandle(
+ HandleTable: PRTL_HANDLE_TABLE,
+ HandleIndex: PULONG,
+ ) -> PRTL_HANDLE_TABLE_ENTRY;
+ fn RtlFreeHandle(
+ HandleTable: PRTL_HANDLE_TABLE,
+ Handle: PRTL_HANDLE_TABLE_ENTRY,
+ ) -> BOOLEAN;
+ fn RtlIsValidHandle(
+ HandleTable: PRTL_HANDLE_TABLE,
+ Handle: PRTL_HANDLE_TABLE_ENTRY,
+ ) -> BOOLEAN;
+ fn RtlIsValidIndexHandle(
+ HandleTable: PRTL_HANDLE_TABLE,
+ HandleIndex: ULONG,
+ Handle: *mut PRTL_HANDLE_TABLE_ENTRY,
+ ) -> BOOLEAN;
+}}
+pub const RTL_ATOM_MAXIMUM_INTEGER_ATOM: RTL_ATOM = 0xc000;
+pub const RTL_ATOM_INVALID_ATOM: RTL_ATOM = 0x0000;
+pub const RTL_ATOM_TABLE_DEFAULT_NUMBER_OF_BUCKETS: u32 = 37;
+pub const RTL_ATOM_MAXIMUM_NAME_LENGTH: u32 = 255;
+pub const RTL_ATOM_PINNED: u32 = 0x01;
+EXTERN!{extern "system" {
+ fn RtlCreateAtomTable(
+ NumberOfBuckets: ULONG,
+ AtomTableHandle: *mut PVOID,
+ ) -> NTSTATUS;
+ fn RtlDestroyAtomTable(
+ AtomTableHandle: PVOID,
+ ) -> NTSTATUS;
+ fn RtlEmptyAtomTable(
+ AtomTableHandle: PVOID,
+ IncludePinnedAtoms: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlAddAtomToAtomTable(
+ AtomTableHandle: PVOID,
+ AtomName: PWSTR,
+ Atom: PRTL_ATOM,
+ ) -> NTSTATUS;
+ fn RtlLookupAtomInAtomTable(
+ AtomTableHandle: PVOID,
+ AtomName: PWSTR,
+ Atom: PRTL_ATOM,
+ ) -> NTSTATUS;
+ fn RtlDeleteAtomFromAtomTable(
+ AtomTableHandle: PVOID,
+ Atom: RTL_ATOM,
+ ) -> NTSTATUS;
+ fn RtlPinAtomInAtomTable(
+ AtomTableHandle: PVOID,
+ Atom: RTL_ATOM,
+ ) -> NTSTATUS;
+ fn RtlQueryAtomInAtomTable(
+ AtomTableHandle: PVOID,
+ Atom: RTL_ATOM,
+ AtomUsage: PULONG,
+ AtomFlags: PULONG,
+ AtomName: PWSTR,
+ AtomNameLength: PULONG,
+ ) -> NTSTATUS;
+ fn RtlGetIntegerAtom(
+ AtomName: PWSTR,
+ IntegerAtom: PUSHORT,
+ ) -> BOOLEAN;
+ fn RtlValidSid(
+ Sid: PSID,
+ ) -> BOOLEAN;
+ fn RtlEqualSid(
+ Sid1: PSID,
+ Sid2: PSID,
+ ) -> BOOLEAN;
+ fn RtlEqualPrefixSid(
+ Sid1: PSID,
+ Sid2: PSID,
+ ) -> BOOLEAN;
+ fn RtlLengthRequiredSid(
+ SubAuthorityCount: ULONG,
+ ) -> ULONG;
+ fn RtlFreeSid(
+ Sid: PSID,
+ ) -> PVOID;
+ fn RtlAllocateAndInitializeSid(
+ IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY,
+ SubAuthorityCount: UCHAR,
+ SubAuthority0: ULONG,
+ SubAuthority1: ULONG,
+ SubAuthority2: ULONG,
+ SubAuthority3: ULONG,
+ SubAuthority4: ULONG,
+ SubAuthority5: ULONG,
+ SubAuthority6: ULONG,
+ SubAuthority7: ULONG,
+ Sid: *mut PSID,
+ ) -> NTSTATUS;
+ fn RtlInitializeSid(
+ Sid: PSID,
+ IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY,
+ SubAuthorityCount: UCHAR,
+ ) -> NTSTATUS;
+}}
+EXTERN!{extern "C" {
+ fn RtlInitializeSidEx(
+ Sid: PSID,
+ IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY,
+ SubAuthorityCount: UCHAR,
+ ...
+ ) -> NTSTATUS;
+}}
+EXTERN!{extern "system" {
+ fn RtlIdentifierAuthoritySid(
+ Sid: PSID,
+ ) -> PSID_IDENTIFIER_AUTHORITY;
+ fn RtlSubAuthoritySid(
+ Sid: PSID,
+ SubAuthority: ULONG,
+ ) -> PULONG;
+ fn RtlSubAuthorityCountSid(
+ Sid: PSID,
+ ) -> PUCHAR;
+ fn RtlLengthSid(
+ Sid: PSID,
+ ) -> ULONG;
+ fn RtlCopySid(
+ DestinationSidLength: ULONG,
+ DestinationSid: PSID,
+ SourceSid: PSID,
+ ) -> NTSTATUS;
+ fn RtlCopySidAndAttributesArray(
+ Count: ULONG,
+ Src: PSID_AND_ATTRIBUTES,
+ SidAreaSize: ULONG,
+ Dest: PSID_AND_ATTRIBUTES,
+ SidArea: PSID,
+ RemainingSidArea: *mut PSID,
+ RemainingSidAreaSize: PULONG,
+ ) -> NTSTATUS;
+ fn RtlCreateServiceSid(
+ ServiceName: PUNICODE_STRING,
+ ServiceSid: PSID,
+ ServiceSidLength: PULONG,
+ ) -> NTSTATUS;
+ fn RtlSidDominates(
+ Sid1: PSID,
+ Sid2: PSID,
+ Dominates: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlSidDominatesForTrust(
+ Sid1: PSID,
+ Sid2: PSID,
+ DominatesTrust: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlSidEqualLevel(
+ Sid1: PSID,
+ Sid2: PSID,
+ EqualLevel: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlSidIsHigherLevel(
+ Sid1: PSID,
+ Sid2: PSID,
+ HigherLevel: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlCreateVirtualAccountSid(
+ Name: PCUNICODE_STRING,
+ BaseSubAuthority: ULONG,
+ Sid: PSID,
+ SidLength: PULONG,
+ ) -> NTSTATUS;
+ fn RtlReplaceSidInSd(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ OldSid: PSID,
+ NewSid: PSID,
+ NumChanges: *mut ULONG,
+ ) -> NTSTATUS;
+}}
+pub const MAX_UNICODE_STACK_BUFFER_LENGTH: usize = 256;
+EXTERN!{extern "system" {
+ fn RtlConvertSidToUnicodeString(
+ UnicodeString: PUNICODE_STRING,
+ Sid: PSID,
+ AllocateDestinationString: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlSidHashInitialize(
+ SidAttr: PSID_AND_ATTRIBUTES,
+ SidCount: ULONG,
+ SidAttrHash: PSID_AND_ATTRIBUTES_HASH,
+ ) -> NTSTATUS;
+ fn RtlSidHashLookup(
+ SidAttrHash: PSID_AND_ATTRIBUTES_HASH,
+ Sid: PSID,
+ ) -> PSID_AND_ATTRIBUTES;
+ fn RtlIsElevatedRid(
+ SidAttr: PSID_AND_ATTRIBUTES,
+ ) -> BOOLEAN;
+ fn RtlDeriveCapabilitySidsFromName(
+ UnicodeString: PUNICODE_STRING,
+ CapabilityGroupSid: PSID,
+ CapabilitySid: PSID,
+ ) -> NTSTATUS;
+ fn RtlCreateSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ Revision: ULONG,
+ ) -> NTSTATUS;
+ fn RtlValidSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ) -> BOOLEAN;
+ fn RtlLengthSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ) -> ULONG;
+ fn RtlValidRelativeSecurityDescriptor(
+ SecurityDescriptorInput: PSECURITY_DESCRIPTOR,
+ SecurityDescriptorLength: ULONG,
+ RequiredInformation: SECURITY_INFORMATION,
+ ) -> BOOLEAN;
+ fn RtlGetControlSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ Control: PSECURITY_DESCRIPTOR_CONTROL,
+ Revision: PULONG,
+ ) -> NTSTATUS;
+ fn RtlSetControlSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ControlBitsOfInterest: SECURITY_DESCRIPTOR_CONTROL,
+ ControlBitsToSet: SECURITY_DESCRIPTOR_CONTROL,
+ ) -> NTSTATUS;
+ fn RtlSetAttributesSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ Control: SECURITY_DESCRIPTOR_CONTROL,
+ Revision: PULONG,
+ ) -> NTSTATUS;
+ fn RtlGetSecurityDescriptorRMControl(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ RMControl: PUCHAR,
+ ) -> BOOLEAN;
+ fn RtlSetSecurityDescriptorRMControl(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ RMControl: PUCHAR,
+ );
+ fn RtlSetDaclSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ DaclPresent: BOOLEAN,
+ Dacl: PACL,
+ DaclDefaulted: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlGetDaclSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ DaclPresent: PBOOLEAN,
+ Dacl: *mut PACL,
+ DaclDefaulted: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlSetSaclSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ SaclPresent: BOOLEAN,
+ Sacl: PACL,
+ SaclDefaulted: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlGetSaclSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ SaclPresent: PBOOLEAN,
+ Sacl: *mut PACL,
+ SaclDefaulted: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlSetOwnerSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ Owner: PSID,
+ OwnerDefaulted: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlGetOwnerSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ Owner: *mut PSID,
+ OwnerDefaulted: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlSetGroupSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ Group: PSID,
+ GroupDefaulted: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlGetGroupSecurityDescriptor(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ Group: *mut PSID,
+ GroupDefaulted: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlMakeSelfRelativeSD(
+ AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn RtlAbsoluteToSelfRelativeSD(
+ AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn RtlSelfRelativeToAbsoluteSD(
+ SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ AbsoluteSecurityDescriptorSize: PULONG,
+ Dacl: PACL,
+ DaclSize: PULONG,
+ Sacl: PACL,
+ SaclSize: PULONG,
+ Owner: PSID,
+ OwnerSize: PULONG,
+ PrimaryGroup: PSID,
+ PrimaryGroupSize: PULONG,
+ ) -> NTSTATUS;
+ fn RtlSelfRelativeToAbsoluteSD2(
+ pSelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ pBufferSize: PULONG,
+ ) -> NTSTATUS;
+ fn RtlAreAllAccessesGranted(
+ GrantedAccess: ACCESS_MASK,
+ DesiredAccess: ACCESS_MASK,
+ ) -> BOOLEAN;
+ fn RtlAreAnyAccessesGranted(
+ GrantedAccess: ACCESS_MASK,
+ DesiredAccess: ACCESS_MASK,
+ ) -> BOOLEAN;
+ fn RtlMapGenericMask(
+ AccessMask: PACCESS_MASK,
+ GenericMapping: PGENERIC_MAPPING,
+ );
+ fn RtlCreateAcl(
+ Acl: PACL,
+ AclLength: ULONG,
+ AclRevision: ULONG,
+ ) -> NTSTATUS;
+ fn RtlValidAcl(
+ Acl: PACL,
+ ) -> BOOLEAN;
+ fn RtlQueryInformationAcl(
+ Acl: PACL,
+ AclInformation: PVOID,
+ AclInformationLength: ULONG,
+ AclInformationClass: ACL_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn RtlSetInformationAcl(
+ Acl: PACL,
+ AclInformation: PVOID,
+ AclInformationLength: ULONG,
+ AclInformationClass: ACL_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn RtlAddAce(
+ Acl: PACL,
+ AceRevision: ULONG,
+ StartingAceIndex: ULONG,
+ AceList: PVOID,
+ AceListLength: ULONG,
+ ) -> NTSTATUS;
+ fn RtlDeleteAce(
+ Acl: PACL,
+ AceIndex: ULONG,
+ ) -> NTSTATUS;
+ fn RtlGetAce(
+ Acl: PACL,
+ AceIndex: ULONG,
+ Ace: *mut PVOID,
+ ) -> NTSTATUS;
+ fn RtlFirstFreeAce(
+ Acl: PACL,
+ FirstFree: *mut PVOID,
+ ) -> BOOLEAN;
+ fn RtlFindAceByType(
+ pAcl: PACL,
+ AceType: UCHAR,
+ pIndex: PULONG,
+ ) -> PVOID;
+ fn RtlOwnerAcesPresent(
+ pAcl: PACL,
+ ) -> BOOLEAN;
+ fn RtlAddAccessAllowedAce(
+ Acl: PACL,
+ AceRevision: ULONG,
+ AccessMask: ACCESS_MASK,
+ Sid: PSID,
+ ) -> NTSTATUS;
+ fn RtlAddAccessAllowedAceEx(
+ Acl: PACL,
+ AceRevision: ULONG,
+ AceFlags: ULONG,
+ AccessMask: ACCESS_MASK,
+ Sid: PSID,
+ ) -> NTSTATUS;
+ fn RtlAddAccessDeniedAce(
+ Acl: PACL,
+ AceRevision: ULONG,
+ AccessMask: ACCESS_MASK,
+ Sid: PSID,
+ ) -> NTSTATUS;
+ fn RtlAddAccessDeniedAceEx(
+ Acl: PACL,
+ AceRevision: ULONG,
+ AceFlags: ULONG,
+ AccessMask: ACCESS_MASK,
+ Sid: PSID,
+ ) -> NTSTATUS;
+ fn RtlAddAuditAccessAce(
+ Acl: PACL,
+ AceRevision: ULONG,
+ AccessMask: ACCESS_MASK,
+ Sid: PSID,
+ AuditSuccess: BOOLEAN,
+ AuditFailure: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlAddAuditAccessAceEx(
+ Acl: PACL,
+ AceRevision: ULONG,
+ AceFlags: ULONG,
+ AccessMask: ACCESS_MASK,
+ Sid: PSID,
+ AuditSuccess: BOOLEAN,
+ AuditFailure: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlAddAccessAllowedObjectAce(
+ Acl: PACL,
+ AceRevision: ULONG,
+ AceFlags: ULONG,
+ AccessMask: ACCESS_MASK,
+ ObjectTypeGuid: *mut GUID,
+ InheritedObjectTypeGuid: *mut GUID,
+ Sid: PSID,
+ ) -> NTSTATUS;
+ fn RtlAddAccessDeniedObjectAce(
+ Acl: PACL,
+ AceRevision: ULONG,
+ AceFlags: ULONG,
+ AccessMask: ACCESS_MASK,
+ ObjectTypeGuid: *mut GUID,
+ InheritedObjectTypeGuid: *mut GUID,
+ Sid: PSID,
+ ) -> NTSTATUS;
+ fn RtlAddAuditAccessObjectAce(
+ Acl: PACL,
+ AceRevision: ULONG,
+ AceFlags: ULONG,
+ AccessMask: ACCESS_MASK,
+ ObjectTypeGuid: *mut GUID,
+ InheritedObjectTypeGuid: *mut GUID,
+ Sid: PSID,
+ AuditSuccess: BOOLEAN,
+ AuditFailure: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlAddCompoundAce(
+ Acl: PACL,
+ AceRevision: ULONG,
+ AceType: UCHAR,
+ AccessMask: ACCESS_MASK,
+ ServerSid: PSID,
+ ClientSid: PSID,
+ ) -> NTSTATUS;
+ fn RtlAddMandatoryAce(
+ Acl: PACL,
+ AceRevision: ULONG,
+ AceFlags: ULONG,
+ Sid: PSID,
+ AceType: UCHAR,
+ AccessMask: ACCESS_MASK,
+ ) -> NTSTATUS;
+ fn RtlDefaultNpAcl(
+ Acl: *mut PACL,
+ ) -> NTSTATUS;
+ fn RtlNewSecurityObject(
+ ParentDescriptor: PSECURITY_DESCRIPTOR,
+ CreatorDescriptor: PSECURITY_DESCRIPTOR,
+ NewDescriptor: *mut PSECURITY_DESCRIPTOR,
+ IsDirectoryObject: BOOLEAN,
+ Token: HANDLE,
+ GenericMapping: PGENERIC_MAPPING,
+ ) -> NTSTATUS;
+ fn RtlNewSecurityObjectEx(
+ ParentDescriptor: PSECURITY_DESCRIPTOR,
+ CreatorDescriptor: PSECURITY_DESCRIPTOR,
+ NewDescriptor: *mut PSECURITY_DESCRIPTOR,
+ ObjectType: *mut GUID,
+ IsDirectoryObject: BOOLEAN,
+ AutoInheritFlags: ULONG,
+ Token: HANDLE,
+ GenericMapping: PGENERIC_MAPPING,
+ ) -> NTSTATUS;
+ fn RtlNewSecurityObjectWithMultipleInheritance(
+ ParentDescriptor: PSECURITY_DESCRIPTOR,
+ CreatorDescriptor: PSECURITY_DESCRIPTOR,
+ NewDescriptor: *mut PSECURITY_DESCRIPTOR,
+ ObjectType: *mut *mut GUID,
+ GuidCount: ULONG,
+ IsDirectoryObject: BOOLEAN,
+ AutoInheritFlags: ULONG,
+ Token: HANDLE,
+ GenericMapping: PGENERIC_MAPPING,
+ ) -> NTSTATUS;
+ fn RtlDeleteSecurityObject(
+ ObjectDescriptor: *mut PSECURITY_DESCRIPTOR,
+ ) -> NTSTATUS;
+ fn RtlQuerySecurityObject(
+ ObjectDescriptor: PSECURITY_DESCRIPTOR,
+ SecurityInformation: SECURITY_INFORMATION,
+ ResultantDescriptor: PSECURITY_DESCRIPTOR,
+ DescriptorLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn RtlSetSecurityObject(
+ SecurityInformation: SECURITY_INFORMATION,
+ ModificationDescriptor: PSECURITY_DESCRIPTOR,
+ ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
+ GenericMapping: PGENERIC_MAPPING,
+ Token: HANDLE,
+ ) -> NTSTATUS;
+ fn RtlSetSecurityObjectEx(
+ SecurityInformation: SECURITY_INFORMATION,
+ ModificationDescriptor: PSECURITY_DESCRIPTOR,
+ ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
+ AutoInheritFlags: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ Token: HANDLE,
+ ) -> NTSTATUS;
+ fn RtlConvertToAutoInheritSecurityObject(
+ ParentDescriptor: PSECURITY_DESCRIPTOR,
+ CurrentSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ NewSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
+ ObjectType: *mut GUID,
+ IsDirectoryObject: BOOLEAN,
+ GenericMapping: PGENERIC_MAPPING,
+ ) -> NTSTATUS;
+ fn RtlNewInstanceSecurityObject(
+ ParentDescriptorChanged: BOOLEAN,
+ CreatorDescriptorChanged: BOOLEAN,
+ OldClientTokenModifiedId: PLUID,
+ NewClientTokenModifiedId: PLUID,
+ ParentDescriptor: PSECURITY_DESCRIPTOR,
+ CreatorDescriptor: PSECURITY_DESCRIPTOR,
+ NewDescriptor: *mut PSECURITY_DESCRIPTOR,
+ IsDirectoryObject: BOOLEAN,
+ Token: HANDLE,
+ GenericMapping: PGENERIC_MAPPING,
+ ) -> NTSTATUS;
+ fn RtlCopySecurityDescriptor(
+ InputSecurityDescriptor: PSECURITY_DESCRIPTOR,
+ OutputSecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
+ ) -> NTSTATUS;
+ fn RtlRunEncodeUnicodeString(
+ Seed: PUCHAR,
+ String: PUNICODE_STRING,
+ );
+ fn RtlRunDecodeUnicodeString(
+ Seed: UCHAR,
+ String: PUNICODE_STRING,
+ );
+ fn RtlImpersonateSelf(
+ ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL,
+ ) -> NTSTATUS;
+ fn RtlImpersonateSelfEx(
+ ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL,
+ AdditionalAccess: ACCESS_MASK,
+ ThreadToken: PHANDLE,
+ ) -> NTSTATUS;
+ fn RtlAdjustPrivilege(
+ Privilege: ULONG,
+ Enable: BOOLEAN,
+ Client: BOOLEAN,
+ WasEnabled: PBOOLEAN,
+ ) -> NTSTATUS;
+}}
+pub const RTL_ACQUIRE_PRIVILEGE_REVERT: ULONG = 0x00000001;
+pub const RTL_ACQUIRE_PRIVILEGE_PROCESS: ULONG = 0x00000002;
+EXTERN!{extern "system" {
+ fn RtlAcquirePrivilege(
+ Privilege: PULONG,
+ NumPriv: ULONG,
+ Flags: ULONG,
+ ReturnedState: *mut PVOID,
+ ) -> NTSTATUS;
+ fn RtlReleasePrivilege(
+ StatePointer: PVOID,
+ );
+ fn RtlRemovePrivileges(
+ TokenHandle: HANDLE,
+ PrivilegesToKeep: PULONG,
+ PrivilegeCount: ULONG,
+ ) -> NTSTATUS;
+ fn RtlIsUntrustedObject(
+ Handle: HANDLE,
+ Object: PVOID,
+ IsUntrustedObject: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlQueryValidationRunlevel(
+ ComponentName: PUNICODE_STRING,
+ ) -> ULONG;
+ fn RtlCreateBoundaryDescriptor(
+ Name: PUNICODE_STRING,
+ Flags: ULONG,
+ ) -> PVOID;
+ fn RtlDeleteBoundaryDescriptor(
+ BoundaryDescriptor: PVOID,
+ );
+ fn RtlAddSIDToBoundaryDescriptor(
+ BoundaryDescriptor: *mut PVOID,
+ RequiredSid: PSID,
+ ) -> NTSTATUS;
+ fn RtlAddIntegrityLabelToBoundaryDescriptor(
+ BoundaryDescriptor: *mut PVOID,
+ IntegrityLabel: PSID,
+ ) -> NTSTATUS;
+ fn RtlGetVersion(
+ lpVersionInformation: PRTL_OSVERSIONINFOW,
+ ) -> NTSTATUS;
+ fn RtlVerifyVersionInfo(
+ VersionInfo: PRTL_OSVERSIONINFOEXW,
+ TypeMask: ULONG,
+ ConditionMask: ULONGLONG,
+ ) -> NTSTATUS;
+ fn RtlGetNtVersionNumbers(
+ NtMajorVersion: PULONG,
+ NtMinorVersion: PULONG,
+ NtBuildNumber: PULONG,
+ );
+ fn RtlGetNtGlobalFlags() -> ULONG;
+ fn RtlGetNtProductType(
+ NtProductType: PNT_PRODUCT_TYPE,
+ ) -> BOOLEAN;
+ fn RtlGetSuiteMask() -> ULONG;
+ fn RtlRegisterWait(
+ WaitHandle: PHANDLE,
+ Handle: HANDLE,
+ Function: WAITORTIMERCALLBACKFUNC,
+ Context: PVOID,
+ Milliseconds: ULONG,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn RtlDeregisterWait(
+ WaitHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn RtlDeregisterWaitEx(
+ WaitHandle: HANDLE,
+ Event: HANDLE,
+ ) -> NTSTATUS;
+ fn RtlQueueWorkItem(
+ Function: WORKERCALLBACKFUNC,
+ Context: PVOID,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn RtlSetIoCompletionCallback(
+ FileHandle: HANDLE,
+ CompletionProc: APC_CALLBACK_FUNCTION,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+}}
+FN!{stdcall PRTL_START_POOL_THREAD(
+ Function: PTHREAD_START_ROUTINE,
+ Parameter: PVOID,
+ ThreadHandle: PHANDLE,
+) -> NTSTATUS}
+FN!{stdcall PRTL_EXIT_POOL_THREAD(
+ ExitStatus: NTSTATUS,
+) -> NTSTATUS}
+EXTERN!{extern "system" {
+ fn RtlSetThreadPoolStartFunc(
+ StartPoolThread: PRTL_START_POOL_THREAD,
+ ExitPoolThread: PRTL_EXIT_POOL_THREAD,
+ ) -> NTSTATUS;
+ fn RtlUserThreadStart(
+ Function: PTHREAD_START_ROUTINE,
+ Parameter: PVOID,
+ );
+ fn LdrInitializeThunk(
+ ContextRecord: PCONTEXT,
+ Parameter: PVOID,
+ );
+ fn RtlCreateTimerQueue(
+ TimerQueueHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn RtlCreateTimer(
+ TimerQueueHandle: HANDLE,
+ Handle: PHANDLE,
+ Function: WAITORTIMERCALLBACKFUNC,
+ Context: PVOID,
+ DueTime: ULONG,
+ Period: ULONG,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn RtlUpdateTimer(
+ TimerQueueHandle: HANDLE,
+ TimerHandle: HANDLE,
+ DueTime: ULONG,
+ Period: ULONG,
+ ) -> NTSTATUS;
+ fn RtlDeleteTimer(
+ TimerQueueHandle: HANDLE,
+ TimerToCancel: HANDLE,
+ Event: HANDLE,
+ ) -> NTSTATUS;
+ fn RtlDeleteTimerQueue(
+ TimerQueueHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn RtlDeleteTimerQueueEx(
+ TimerQueueHandle: HANDLE,
+ Event: HANDLE,
+ ) -> NTSTATUS;
+ fn RtlFormatCurrentUserKeyPath(
+ CurrentUserKeyPath: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlOpenCurrentUser(
+ DesiredAccess: ACCESS_MASK,
+ CurrentUserKey: PHANDLE,
+ ) -> NTSTATUS;
+}}
+pub const RTL_REGISTRY_ABSOLUTE: ULONG = 0;
+pub const RTL_REGISTRY_SERVICES: ULONG = 1;
+pub const RTL_REGISTRY_CONTROL: ULONG = 2;
+pub const RTL_REGISTRY_WINDOWS_NT: ULONG = 3;
+pub const RTL_REGISTRY_DEVICEMAP: ULONG = 4;
+pub const RTL_REGISTRY_USER: ULONG = 5;
+pub const RTL_REGISTRY_MAXIMUM: ULONG = 6;
+pub const RTL_REGISTRY_HANDLE: ULONG = 0x40000000;
+pub const RTL_REGISTRY_OPTIONAL: ULONG = 0x80000000;
+EXTERN!{extern "system" {
+ fn RtlCreateRegistryKey(
+ RelativeTo: ULONG,
+ Path: PWSTR,
+ ) -> NTSTATUS;
+ fn RtlCheckRegistryKey(
+ RelativeTo: ULONG,
+ Path: PWSTR,
+ ) -> NTSTATUS;
+}}
+FN!{stdcall PRTL_QUERY_REGISTRY_ROUTINE(
+ ValueName: PWSTR,
+ ValueType: ULONG,
+ ValueData: PVOID,
+ ValueLength: ULONG,
+ Context: PVOID,
+ EntryContext: PVOID,
+) -> NTSTATUS}
+STRUCT!{struct RTL_QUERY_REGISTRY_TABLE {
+ QueryRoutine: PRTL_QUERY_REGISTRY_ROUTINE,
+ Flags: ULONG,
+ Name: PWSTR,
+ EntryContext: PVOID,
+ DefaultType: ULONG,
+ DefaultData: PVOID,
+ DefaultLength: ULONG,
+}}
+pub type PRTL_QUERY_REGISTRY_TABLE = *mut RTL_QUERY_REGISTRY_TABLE;
+pub const RTL_QUERY_REGISTRY_SUBKEY: ULONG = 0x00000001;
+pub const RTL_QUERY_REGISTRY_TOPKEY: ULONG = 0x00000002;
+pub const RTL_QUERY_REGISTRY_REQUIRED: ULONG = 0x00000004;
+pub const RTL_QUERY_REGISTRY_NOVALUE: ULONG = 0x00000008;
+pub const RTL_QUERY_REGISTRY_NOEXPAND: ULONG = 0x00000010;
+pub const RTL_QUERY_REGISTRY_DIRECT: ULONG = 0x00000020;
+pub const RTL_QUERY_REGISTRY_DELETE: ULONG = 0x00000040;
+EXTERN!{extern "system" {
+ fn RtlQueryRegistryValues(
+ RelativeTo: ULONG,
+ Path: PCWSTR,
+ QueryTable: PRTL_QUERY_REGISTRY_TABLE,
+ Context: PVOID,
+ Environment: PVOID,
+ ) -> NTSTATUS;
+ fn RtlQueryRegistryValuesEx(
+ RelativeTo: ULONG,
+ Path: PWSTR,
+ QueryTable: PRTL_QUERY_REGISTRY_TABLE,
+ Context: PVOID,
+ Environment: PVOID,
+ ) -> NTSTATUS;
+ fn RtlWriteRegistryValue(
+ RelativeTo: ULONG,
+ Path: PCWSTR,
+ ValueName: PCWSTR,
+ ValueType: ULONG,
+ ValueData: PVOID,
+ ValueLength: ULONG,
+ ) -> NTSTATUS;
+ fn RtlDeleteRegistryValue(
+ RelativeTo: ULONG,
+ Path: PCWSTR,
+ ValueName: PCWSTR,
+ ) -> NTSTATUS;
+ fn RtlEnableThreadProfiling(
+ ThreadHandle: HANDLE,
+ Flags: ULONG,
+ HardwareCounters: ULONG64,
+ PerformanceDataHandle: *mut PVOID,
+ ) -> NTSTATUS;
+ fn RtlDisableThreadProfiling(
+ PerformanceDataHandle: PVOID,
+ ) -> NTSTATUS;
+ fn RtlQueryThreadProfiling(
+ ThreadHandle: HANDLE,
+ Enabled: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlReadThreadProfilingData(
+ PerformanceDataHandle: HANDLE,
+ Flags: ULONG,
+ PerformanceData: PPERFORMANCE_DATA,
+ ) -> NTSTATUS;
+ fn RtlGetNativeSystemInformation(
+ SystemInformationClass: ULONG,
+ NativeSystemInformation: PVOID,
+ InformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn RtlQueueApcWow64Thread(
+ ThreadHandle: HANDLE,
+ ApcRoutine: PPS_APC_ROUTINE,
+ ApcArgument1: PVOID,
+ ApcArgument2: PVOID,
+ ApcArgument3: PVOID,
+ ) -> NTSTATUS;
+ fn RtlWow64EnableFsRedirection(
+ Wow64FsEnableRedirection: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlWow64EnableFsRedirectionEx(
+ Wow64FsEnableRedirection: PVOID,
+ OldFsRedirectionLevel: *mut PVOID,
+ ) -> NTSTATUS;
+ fn RtlComputeCrc32(
+ PartialCrc: ULONG32,
+ Buffer: PVOID,
+ Length: ULONG,
+ ) -> ULONG32;
+ fn RtlEncodePointer(
+ Ptr: PVOID,
+ ) -> PVOID;
+ fn RtlDecodePointer(
+ Ptr: PVOID,
+ ) -> PVOID;
+ fn RtlEncodeSystemPointer(
+ Ptr: PVOID,
+ ) -> PVOID;
+ fn RtlDecodeSystemPointer(
+ Ptr: PVOID,
+ ) -> PVOID;
+ fn RtlEncodeRemotePointer(
+ ProcessHandle: HANDLE,
+ Pointer: PVOID,
+ EncodedPointer: *mut PVOID,
+ ) -> NTSTATUS;
+ fn RtlDecodeRemotePointer(
+ ProcessHandle: HANDLE,
+ Pointer: PVOID,
+ DecodedPointer: *mut PVOID,
+ ) -> NTSTATUS;
+ fn RtlIsProcessorFeaturePresent(
+ ProcessorFeature: ULONG,
+ ) -> BOOLEAN;
+ fn RtlGetCurrentProcessorNumber() -> ULONG;
+ fn RtlGetCurrentProcessorNumberEx(
+ ProcessorNumber: PPROCESSOR_NUMBER,
+ );
+ fn RtlPushFrame(
+ Frame: PTEB_ACTIVE_FRAME,
+ );
+ fn RtlPopFrame(
+ Frame: PTEB_ACTIVE_FRAME,
+ );
+ fn RtlGetFrame() -> PTEB_ACTIVE_FRAME;
+}}
+pub const RTL_WALK_USER_MODE_STACK: ULONG = 0x00000001;
+pub const RTL_WALK_VALID_FLAGS: ULONG = 0x00000001;
+pub const RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT: ULONG = 0x00000008;
+EXTERN!{extern "system" {
+ fn RtlWalkFrameChain(
+ Callers: *mut PVOID,
+ Count: ULONG,
+ Flags: ULONG,
+ ) -> ULONG;
+ fn RtlGetCallersAddress(
+ CallersAddress: *mut PVOID,
+ CallersCaller: *mut PVOID,
+ );
+ fn RtlGetEnabledExtendedFeatures(
+ FeatureMask: ULONG64,
+ ) -> ULONG64;
+ fn RtlGetEnabledExtendedAndSupervisorFeatures(
+ FeatureMask: ULONG64,
+ ) -> ULONG64;
+ fn RtlLocateSupervisorFeature(
+ XStateHeader: PXSAVE_AREA_HEADER,
+ FeatureId: ULONG,
+ Length: PULONG,
+ ) -> PVOID;
+}}
+STRUCT!{struct RTL_ELEVATION_FLAGS {
+ Flags: ULONG,
+}}
+BITFIELD!{RTL_ELEVATION_FLAGS Flags: ULONG [
+ ElevationEnabled set_ElevationEnabled[0..1],
+ VirtualizationEnabled set_VirtualizationEnabled[1..2],
+ InstallerDetectEnabled set_InstallerDetectEnabled[2..3],
+ ReservedBits set_ReservedBits[3..32],
+]}
+pub type PRTL_ELEVATION_FLAGS = *mut RTL_ELEVATION_FLAGS;
+EXTERN!{extern "system" {
+ fn RtlQueryElevationFlags(
+ Flags: PRTL_ELEVATION_FLAGS,
+ ) -> NTSTATUS;
+ fn RtlRegisterThreadWithCsrss() -> NTSTATUS;
+ fn RtlLockCurrentThread() -> NTSTATUS;
+ fn RtlUnlockCurrentThread() -> NTSTATUS;
+ fn RtlLockModuleSection(
+ Address: PVOID,
+ ) -> NTSTATUS;
+ fn RtlUnlockModuleSection(
+ Address: PVOID,
+ ) -> NTSTATUS;
+}}
+pub const RTL_UNLOAD_EVENT_TRACE_NUMBER: u32 = 64;
+STRUCT!{struct RTL_UNLOAD_EVENT_TRACE {
+ BaseAddress: PVOID,
+ SizeOfImage: SIZE_T,
+ Sequence: ULONG,
+ TimeDateStamp: ULONG,
+ CheckSum: ULONG,
+ ImageName: [WCHAR; 32],
+ Version: [ULONG; 2],
+}}
+pub type PRTL_UNLOAD_EVENT_TRACE = *mut RTL_UNLOAD_EVENT_TRACE;
+STRUCT!{struct RTL_UNLOAD_EVENT_TRACE32 {
+ BaseAddress: ULONG,
+ SizeOfImage: ULONG,
+ Sequence: ULONG,
+ TimeDateStamp: ULONG,
+ CheckSum: ULONG,
+ ImageName: [WCHAR; 32],
+ Version: [ULONG; 2],
+}}
+pub type PRTL_UNLOAD_EVENT_TRACE32 = *mut RTL_UNLOAD_EVENT_TRACE32;
+EXTERN!{extern "system" {
+ fn RtlGetUnloadEventTrace() -> PRTL_UNLOAD_EVENT_TRACE;
+ fn RtlGetUnloadEventTraceEx(
+ ElementSize: *mut PULONG,
+ ElementCount: *mut PULONG,
+ EventTrace: *mut PVOID,
+ );
+ fn RtlQueryPerformanceCounter(
+ PerformanceCounter: PLARGE_INTEGER,
+ ) -> LOGICAL;
+ fn RtlQueryPerformanceFrequency(
+ PerformanceFrequency: PLARGE_INTEGER,
+ ) -> LOGICAL;
+}}
+ENUM!{enum IMAGE_MITIGATION_POLICY {
+ ImageDepPolicy = 0,
+ ImageAslrPolicy = 1,
+ ImageDynamicCodePolicy = 2,
+ ImageStrictHandleCheckPolicy = 3,
+ ImageSystemCallDisablePolicy = 4,
+ ImageMitigationOptionsMask = 5,
+ ImageExtensionPointDisablePolicy = 6,
+ ImageControlFlowGuardPolicy = 7,
+ ImageSignaturePolicy = 8,
+ ImageFontDisablePolicy = 9,
+ ImageImageLoadPolicy = 10,
+ ImagePayloadRestrictionPolicy = 11,
+ ImageChildProcessPolicy = 12,
+ ImageSehopPolicy = 13,
+ ImageHeapPolicy = 14,
+ MaxImageMitigationPolicy = 15,
+}}
+UNION!{union RTL_IMAGE_MITIGATION_POLICY {
+ Bitfields1: ULONG64,
+ Bitfields2: ULONG64,
+}}
+BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields1: ULONG64 [
+ AuditState set_AuditState[0..2],
+ AuditFlag set_AuditFlag[2..3],
+ EnableAdditionalAuditingOption set_EnableAdditionalAuditingOption[3..4],
+ Reserved set_Reserved[4..64],
+]}
+BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields2: ULONG64 [
+ PolicyState set_PolicyState[0..2],
+ AlwaysInherit set_AlwaysInherit[2..3],
+ EnableAdditionalPolicyOption set_EnableAdditionalPolicyOption[3..4],
+ AuditReserved set_AuditReserved[4..64],
+]}
+pub type PRTL_IMAGE_MITIGATION_POLICY = *mut RTL_IMAGE_MITIGATION_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_DEP_POLICY {
+ Dep: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_DEP_POLICY = *mut RTL_IMAGE_MITIGATION_DEP_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_ASLR_POLICY {
+ ForceRelocateImages: RTL_IMAGE_MITIGATION_POLICY,
+ BottomUpRandomization: RTL_IMAGE_MITIGATION_POLICY,
+ HighEntropyRandomization: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_ASLR_POLICY = *mut RTL_IMAGE_MITIGATION_ASLR_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY {
+ BlockDynamicCode: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY = *mut RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY {
+ StrictHandleChecks: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY =
+ *mut RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY {
+ BlockWin32kSystemCalls: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY =
+ *mut RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY {
+ DisableExtensionPoints: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY =
+ *mut RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY {
+ ControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY,
+ StrictControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY =
+ *mut RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY {
+ BlockNonMicrosoftSignedBinaries: RTL_IMAGE_MITIGATION_POLICY,
+ EnforceSigningOnModuleDependencies: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY =
+ *mut RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY {
+ DisableNonSystemFonts: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY = *mut RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY {
+ BlockRemoteImageLoads: RTL_IMAGE_MITIGATION_POLICY,
+ BlockLowLabelImageLoads: RTL_IMAGE_MITIGATION_POLICY,
+ PreferSystem32: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY = *mut RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY {
+ EnableExportAddressFilter: RTL_IMAGE_MITIGATION_POLICY,
+ EnableExportAddressFilterPlus: RTL_IMAGE_MITIGATION_POLICY,
+ EnableImportAddressFilter: RTL_IMAGE_MITIGATION_POLICY,
+ EnableRopStackPivot: RTL_IMAGE_MITIGATION_POLICY,
+ EnableRopCallerCheck: RTL_IMAGE_MITIGATION_POLICY,
+ EnableRopSimExec: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY =
+ *mut RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY {
+ DisallowChildProcessCreation: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY =
+ *mut RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_SEHOP_POLICY {
+ Sehop: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_SEHOP_POLICY = *mut RTL_IMAGE_MITIGATION_SEHOP_POLICY;
+STRUCT!{struct RTL_IMAGE_MITIGATION_HEAP_POLICY {
+ TerminateOnHeapErrors: RTL_IMAGE_MITIGATION_POLICY,
+}}
+pub type PRTL_IMAGE_MITIGATION_HEAP_POLICY = *mut RTL_IMAGE_MITIGATION_HEAP_POLICY;
+ENUM!{enum RTL_IMAGE_MITIGATION_OPTION_STATE {
+ RtlMitigationOptionStateNotConfigured = 0,
+ RtlMitigationOptionStateOn = 1,
+ RtlMitigationOptionStateOff = 2,
+}}
+pub const RTL_IMAGE_MITIGATION_FLAG_RESET: ULONG = 0x1;
+pub const RTL_IMAGE_MITIGATION_FLAG_REMOVE: ULONG = 0x2;
+pub const RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT: ULONG = 0x4;
+pub const RTL_IMAGE_MITIGATION_FLAG_AUDIT: ULONG = 0x8;
+EXTERN!{extern "system" {
+ fn RtlQueryImageMitigationPolicy(
+ ImagePath: PWSTR,
+ Policy: IMAGE_MITIGATION_POLICY,
+ Flags: ULONG,
+ Buffer: PVOID,
+ BufferSize: ULONG,
+ ) -> NTSTATUS;
+ fn RtlSetImageMitigationPolicy(
+ ImagePath: PWSTR,
+ Policy: IMAGE_MITIGATION_POLICY,
+ Flags: ULONG,
+ Buffer: PVOID,
+ BufferSize: ULONG,
+ ) -> NTSTATUS;
+ fn RtlGetCurrentServiceSessionId() -> ULONG;
+ fn RtlGetActiveConsoleId() -> ULONG;
+ fn RtlGetConsoleSessionForegroundProcessId() -> ULONGLONG;
+ fn RtlGetTokenNamedObjectPath(
+ Token: HANDLE,
+ Sid: PSID,
+ ObjectPath: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlGetAppContainerNamedObjectPath(
+ Token: HANDLE,
+ AppContainerSid: PSID,
+ RelativePath: BOOLEAN,
+ ObjectPath: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn RtlGetAppContainerParent(
+ AppContainerSid: PSID,
+ AppContainerSidParent: *mut PSID,
+ ) -> NTSTATUS;
+ fn RtlCheckSandboxedToken(
+ TokenHandle: HANDLE,
+ IsSandboxed: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlCheckTokenCapability(
+ TokenHandle: HANDLE,
+ CapabilitySidToCheck: PSID,
+ HasCapability: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlCapabilityCheck(
+ TokenHandle: HANDLE,
+ CapabilityName: PUNICODE_STRING,
+ HasCapability: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlCheckTokenMembership(
+ TokenHandle: HANDLE,
+ SidToCheck: PSID,
+ IsMember: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlCheckTokenMembershipEx(
+ TokenHandle: HANDLE,
+ SidToCheck: PSID,
+ Flags: ULONG,
+ IsMember: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlIsParentOfChildAppContainer(
+ ParentAppContainerSid: PSID,
+ ChildAppContainerSid: PSID,
+ ) -> NTSTATUS;
+ fn RtlIsCapabilitySid(
+ Sid: PSID,
+ ) -> BOOLEAN;
+ fn RtlIsPackageSid(
+ Sid: PSID,
+ ) -> BOOLEAN;
+ fn RtlIsValidProcessTrustLabelSid(
+ Sid: PSID,
+ ) -> BOOLEAN;
+ fn RtlIsStateSeparationEnabled() -> BOOLEAN;
+}}
+ENUM!{enum APPCONTAINER_SID_TYPE {
+ NotAppContainerSidType = 0,
+ ChildAppContainerSidType = 1,
+ ParentAppContainerSidType = 2,
+ InvalidAppContainerSidType = 3,
+ MaxAppContainerSidType = 4,
+}}
+pub type PAPPCONTAINER_SID_TYPE = *mut APPCONTAINER_SID_TYPE;
+EXTERN!{extern "system" {
+ fn RtlGetAppContainerSidType(
+ AppContainerSid: PSID,
+ AppContainerSidType: PAPPCONTAINER_SID_TYPE,
+ ) -> NTSTATUS;
+ fn RtlFlsAlloc(
+ Callback: PFLS_CALLBACK_FUNCTION,
+ FlsIndex: PULONG,
+ ) -> NTSTATUS;
+ fn RtlFlsFree(
+ FlsIndex: ULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum STATE_LOCATION_TYPE {
+ LocationTypeRegistry = 0,
+ LocationTypeFileSystem = 1,
+ LocationTypeMaximum = 2,
+}}
+EXTERN!{extern "system" {
+ fn RtlGetPersistedStateLocation(
+ SourceID: PCWSTR,
+ CustomValue: PCWSTR,
+ DefaultPath: PCWSTR,
+ StateLocationType: STATE_LOCATION_TYPE,
+ TargetPath: PWCHAR,
+ BufferLengthIn: ULONG,
+ BufferLengthOut: PULONG,
+ ) -> NTSTATUS;
+ fn RtlIsCloudFilesPlaceholder(
+ FileAttributes: ULONG,
+ ReparseTag: ULONG,
+ ) -> BOOLEAN;
+ fn RtlIsPartialPlaceholder(
+ FileAttributes: ULONG,
+ ReparseTag: ULONG,
+ ) -> BOOLEAN;
+ fn RtlIsPartialPlaceholderFileHandle(
+ FileHandle: HANDLE,
+ IsPartialPlaceholder: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlIsPartialPlaceholderFileInfo(
+ InfoBuffer: *const c_void,
+ InfoClass: FILE_INFORMATION_CLASS,
+ IsPartialPlaceholder: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlIsNonEmptyDirectoryReparsePointAllowed(
+ ReparseTag: ULONG,
+ ) -> BOOLEAN;
+ fn RtlAppxIsFileOwnedByTrustedInstaller(
+ FileHandle: HANDLE,
+ IsFileOwnedByTrustedInstaller: PBOOLEAN,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct PS_PKG_CLAIM {
+ Flags: ULONGLONG,
+ Origin: ULONGLONG,
+}}
+pub type PPS_PKG_CLAIM = *mut PS_PKG_CLAIM;
+EXTERN!{extern "system" {
+ fn RtlQueryPackageClaims(
+ TokenHandle: HANDLE,
+ PackageFullName: PWSTR,
+ PackageSize: PSIZE_T,
+ AppId: PWSTR,
+ AppIdSize: PSIZE_T,
+ DynamicId: *mut GUID,
+ PkgClaim: PPS_PKG_CLAIM,
+ AttributesPresent: PULONG64,
+ ) -> NTSTATUS;
+ fn RtlQueryProtectedPolicy(
+ PolicyGuid: *mut GUID,
+ PolicyValue: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn RtlSetProtectedPolicy(
+ PolicyGuid: *mut GUID,
+ PolicyValue: ULONG_PTR,
+ OldPolicyValue: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn RtlIsMultiSessionSku() -> BOOLEAN;
+ fn RtlIsMultiUsersInSessionSku() -> BOOLEAN;
+}}
+ENUM!{enum RTL_BSD_ITEM_TYPE {
+ RtlBsdItemVersionNumber = 0,
+ RtlBsdItemProductType = 1,
+ RtlBsdItemAabEnabled = 2,
+ RtlBsdItemAabTimeout = 3,
+ RtlBsdItemBootGood = 4,
+ RtlBsdItemBootShutdown = 5,
+ RtlBsdSleepInProgress = 6,
+ RtlBsdPowerTransition = 7,
+ RtlBsdItemBootAttemptCount = 8,
+ RtlBsdItemBootCheckpoint = 9,
+ RtlBsdItemBootId = 10,
+ RtlBsdItemShutdownBootId = 11,
+ RtlBsdItemReportedAbnormalShutdownBootId = 12,
+ RtlBsdItemErrorInfo = 13,
+ RtlBsdItemPowerButtonPressInfo = 14,
+ RtlBsdItemChecksum = 15,
+ RtlBsdItemMax = 16,
+}}
+STRUCT!{struct RTL_BSD_ITEM {
+ Type: RTL_BSD_ITEM_TYPE,
+ DataBuffer: PVOID,
+ DataLength: ULONG,
+}}
+pub type PRTL_BSD_ITEM = *mut RTL_BSD_ITEM;
+EXTERN!{extern "system" {
+ fn RtlCreateBootStatusDataFile() -> NTSTATUS;
+ fn RtlLockBootStatusData(
+ FileHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn RtlUnlockBootStatusData(
+ FileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn RtlGetSetBootStatusData(
+ FileHandle: HANDLE,
+ Read: BOOLEAN,
+ DataClass: RTL_BSD_ITEM_TYPE,
+ Buffer: PVOID,
+ BufferSize: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn RtlCheckBootStatusIntegrity(
+ FileHandle: HANDLE,
+ Verified: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlCheckPortableOperatingSystem(
+ IsPortable: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlSetPortableOperatingSystem(
+ IsPortable: BOOLEAN,
+ ) -> NTSTATUS;
+}}
+EXTERN!{extern "system" {
+ fn RtlOsDeploymentState(
+ Flags: DWORD,
+ ) -> OS_DEPLOYEMENT_STATE_VALUES;
+ fn RtlFindClosestEncodableLength(
+ SourceLength: ULONGLONG,
+ TargetLength: PULONGLONG,
+ ) -> NTSTATUS;
+}}
+FN!{stdcall PRTL_SECURE_MEMORY_CACHE_CALLBACK(
+ Address: PVOID,
+ Length: SIZE_T,
+) -> NTSTATUS}
+EXTERN!{extern "system" {
+ fn RtlRegisterSecureMemoryCacheCallback(
+ Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK,
+ ) -> NTSTATUS;
+ fn RtlDeregisterSecureMemoryCacheCallback(
+ Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK,
+ ) -> NTSTATUS;
+ fn RtlFlushSecureMemoryCache(
+ MemoryCache: PVOID,
+ MemoryLength: SIZE_T,
+ ) -> BOOLEAN;
+}}
diff --git a/vendor/ntapi/src/ntsam.rs b/vendor/ntapi/src/ntsam.rs
new file mode 100644
index 000000000..a591f0bd8
--- /dev/null
+++ b/vendor/ntapi/src/ntsam.rs
@@ -0,0 +1,1077 @@
+use crate::string::UTF8Const;
+use winapi::shared::basetsd::ULONG64;
+use winapi::shared::minwindef::DWORD;
+use winapi::shared::ntdef::{
+ BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, OEM_STRING, PLARGE_INTEGER, POBJECT_ATTRIBUTES,
+ PUCHAR, PULONG, PUNICODE_STRING, PVOID, PWSTR, ULONG, UNICODE_STRING, USHORT,
+};
+use winapi::um::ntsecapi::PDOMAIN_PASSWORD_INFORMATION;
+use winapi::um::subauth::LOGON_HOURS;
+use winapi::um::winnt::{
+ ACCESS_MASK, PSECURITY_DESCRIPTOR, PSID, PSID_NAME_USE, SECURITY_INFORMATION, SID_NAME_USE,
+ STANDARD_RIGHTS_EXECUTE, STANDARD_RIGHTS_READ, STANDARD_RIGHTS_REQUIRED, STANDARD_RIGHTS_WRITE,
+};
+pub const SAM_MAXIMUM_LOOKUP_COUNT: u32 = 1000;
+pub const SAM_MAXIMUM_LOOKUP_LENGTH: u32 = 32000;
+pub const SAM_MAX_PASSWORD_LENGTH: u32 = 256;
+pub const SAM_PASSWORD_ENCRYPTION_SALT_LEN: u32 = 16;
+pub type PSAM_HANDLE = *mut PVOID;
+pub type SAM_HANDLE = PVOID;
+pub type SAM_ENUMERATE_HANDLE = ULONG;
+pub type PSAM_ENUMERATE_HANDLE = *mut ULONG;
+STRUCT!{struct SAM_RID_ENUMERATION {
+ RelativeId: ULONG,
+ Name: UNICODE_STRING,
+}}
+pub type PSAM_RID_ENUMERATION = *mut SAM_RID_ENUMERATION;
+STRUCT!{struct SAM_SID_ENUMERATION {
+ Sid: PSID,
+ Name: UNICODE_STRING,
+}}
+pub type PSAM_SID_ENUMERATION = *mut SAM_SID_ENUMERATION;
+STRUCT!{struct SAM_BYTE_ARRAY {
+ Size: ULONG,
+ Data: PUCHAR,
+}}
+pub type PSAM_BYTE_ARRAY = *mut SAM_BYTE_ARRAY;
+STRUCT!{struct SAM_BYTE_ARRAY_32K {
+ Size: ULONG,
+ Data: PUCHAR,
+}}
+pub type PSAM_BYTE_ARRAY_32K = *mut SAM_BYTE_ARRAY_32K;
+pub type PSAM_SHELL_OBJECT_PROPERTIES = *mut SAM_BYTE_ARRAY_32K;
+pub type SAM_SHELL_OBJECT_PROPERTIES = SAM_BYTE_ARRAY_32K;
+EXTERN!{extern "system" {
+ fn SamFreeMemory(
+ Buffer: PVOID,
+ ) -> NTSTATUS;
+ fn SamCloseHandle(
+ SamHandle: SAM_HANDLE,
+ ) -> NTSTATUS;
+ fn SamSetSecurityObject(
+ ObjectHandle: SAM_HANDLE,
+ SecurityInformation: SECURITY_INFORMATION,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ) -> NTSTATUS;
+ fn SamQuerySecurityObject(
+ ObjectHandle: SAM_HANDLE,
+ SecurityInformation: SECURITY_INFORMATION,
+ SecurityDescriptor: *mut PSECURITY_DESCRIPTOR,
+ ) -> NTSTATUS;
+ fn SamRidToSid(
+ ObjectHandle: SAM_HANDLE,
+ Rid: ULONG,
+ Sid: *mut PSID,
+ ) -> NTSTATUS;
+}}
+pub const SAM_SERVER_CONNECT: ACCESS_MASK = 0x0001;
+pub const SAM_SERVER_SHUTDOWN: ACCESS_MASK = 0x0002;
+pub const SAM_SERVER_INITIALIZE: ACCESS_MASK = 0x0004;
+pub const SAM_SERVER_CREATE_DOMAIN: ACCESS_MASK = 0x0008;
+pub const SAM_SERVER_ENUMERATE_DOMAINS: ACCESS_MASK = 0x0010;
+pub const SAM_SERVER_LOOKUP_DOMAIN: ACCESS_MASK = 0x0020;
+pub const SAM_SERVER_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SAM_SERVER_CONNECT
+ | SAM_SERVER_INITIALIZE | SAM_SERVER_CREATE_DOMAIN | SAM_SERVER_SHUTDOWN
+ | SAM_SERVER_ENUMERATE_DOMAINS | SAM_SERVER_LOOKUP_DOMAIN;
+pub const SAM_SERVER_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | SAM_SERVER_ENUMERATE_DOMAINS;
+pub const SAM_SERVER_WRITE: ACCESS_MASK =
+ STANDARD_RIGHTS_WRITE | SAM_SERVER_INITIALIZE | SAM_SERVER_CREATE_DOMAIN | SAM_SERVER_SHUTDOWN;
+pub const SAM_SERVER_EXECUTE: ACCESS_MASK =
+ STANDARD_RIGHTS_EXECUTE | SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN;
+EXTERN!{extern "system" {
+ fn SamConnect(
+ ServerName: PUNICODE_STRING,
+ ServerHandle: PSAM_HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn SamShutdownSamServer(
+ ServerHandle: SAM_HANDLE,
+ ) -> NTSTATUS;
+}}
+pub const DOMAIN_READ_PASSWORD_PARAMETERS: u32 = 0x0001;
+pub const DOMAIN_WRITE_PASSWORD_PARAMS: u32 = 0x0002;
+pub const DOMAIN_READ_OTHER_PARAMETERS: u32 = 0x0004;
+pub const DOMAIN_WRITE_OTHER_PARAMETERS: u32 = 0x0008;
+pub const DOMAIN_CREATE_USER: u32 = 0x0010;
+pub const DOMAIN_CREATE_GROUP: u32 = 0x0020;
+pub const DOMAIN_CREATE_ALIAS: u32 = 0x0040;
+pub const DOMAIN_GET_ALIAS_MEMBERSHIP: u32 = 0x0080;
+pub const DOMAIN_LIST_ACCOUNTS: u32 = 0x0100;
+pub const DOMAIN_LOOKUP: u32 = 0x0200;
+pub const DOMAIN_ADMINISTER_SERVER: u32 = 0x0400;
+pub const DOMAIN_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | DOMAIN_READ_OTHER_PARAMETERS
+ | DOMAIN_WRITE_OTHER_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS | DOMAIN_CREATE_USER
+ | DOMAIN_CREATE_GROUP | DOMAIN_CREATE_ALIAS | DOMAIN_GET_ALIAS_MEMBERSHIP
+ | DOMAIN_LIST_ACCOUNTS | DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_LOOKUP
+ | DOMAIN_ADMINISTER_SERVER;
+pub const DOMAIN_READ: u32 =
+ STANDARD_RIGHTS_READ | DOMAIN_GET_ALIAS_MEMBERSHIP | DOMAIN_READ_OTHER_PARAMETERS;
+pub const DOMAIN_WRITE: u32 = STANDARD_RIGHTS_WRITE | DOMAIN_WRITE_OTHER_PARAMETERS
+ | DOMAIN_WRITE_PASSWORD_PARAMS | DOMAIN_CREATE_USER | DOMAIN_CREATE_GROUP | DOMAIN_CREATE_ALIAS
+ | DOMAIN_ADMINISTER_SERVER;
+pub const DOMAIN_EXECUTE: u32 = STANDARD_RIGHTS_EXECUTE | DOMAIN_READ_PASSWORD_PARAMETERS
+ | DOMAIN_LIST_ACCOUNTS | DOMAIN_LOOKUP;
+ENUM!{enum DOMAIN_INFORMATION_CLASS {
+ DomainPasswordInformation = 1,
+ DomainGeneralInformation = 2,
+ DomainLogoffInformation = 3,
+ DomainOemInformation = 4,
+ DomainNameInformation = 5,
+ DomainReplicationInformation = 6,
+ DomainServerRoleInformation = 7,
+ DomainModifiedInformation = 8,
+ DomainStateInformation = 9,
+ DomainUasInformation = 10,
+ DomainGeneralInformation2 = 11,
+ DomainLockoutInformation = 12,
+ DomainModifiedInformation2 = 13,
+}}
+ENUM!{enum DOMAIN_SERVER_ENABLE_STATE {
+ DomainServerEnabled = 1,
+ DomainServerDisabled = 2,
+}}
+pub type PDOMAIN_SERVER_ENABLE_STATE = *mut DOMAIN_SERVER_ENABLE_STATE;
+ENUM!{enum DOMAIN_SERVER_ROLE {
+ DomainServerRoleBackup = 2,
+ DomainServerRolePrimary = 3,
+}}
+pub type PDOMAIN_SERVER_ROLE = *mut DOMAIN_SERVER_ROLE;
+STRUCT!{#[repr(packed(4))] struct DOMAIN_GENERAL_INFORMATION {
+ ForceLogoff: LARGE_INTEGER,
+ OemInformation: UNICODE_STRING,
+ DomainName: UNICODE_STRING,
+ ReplicaSourceNodeName: UNICODE_STRING,
+ DomainModifiedCount: LARGE_INTEGER,
+ DomainServerState: DOMAIN_SERVER_ENABLE_STATE,
+ DomainServerRole: DOMAIN_SERVER_ROLE,
+ UasCompatibilityRequired: BOOLEAN,
+ UserCount: ULONG,
+ GroupCount: ULONG,
+ AliasCount: ULONG,
+}}
+pub type PDOMAIN_GENERAL_INFORMATION = *mut DOMAIN_GENERAL_INFORMATION;
+STRUCT!{#[repr(packed(4))] struct DOMAIN_GENERAL_INFORMATION2 {
+ I1: DOMAIN_GENERAL_INFORMATION,
+ LockoutDuration: LARGE_INTEGER,
+ LockoutObservationWindow: LARGE_INTEGER,
+ LockoutThreshold: USHORT,
+}}
+pub type PDOMAIN_GENERAL_INFORMATION2 = *mut DOMAIN_GENERAL_INFORMATION2;
+STRUCT!{struct DOMAIN_UAS_INFORMATION {
+ UasCompatibilityRequired: BOOLEAN,
+}}
+ENUM!{enum DOMAIN_PASSWORD_CONSTRUCTION {
+ DomainPasswordSimple = 1,
+ DomainPasswordComplex = 2,
+}}
+STRUCT!{struct DOMAIN_LOGOFF_INFORMATION {
+ ForceLogoff: LARGE_INTEGER,
+}}
+pub type PDOMAIN_LOGOFF_INFORMATION = *mut DOMAIN_LOGOFF_INFORMATION;
+STRUCT!{struct DOMAIN_OEM_INFORMATION {
+ OemInformation: UNICODE_STRING,
+}}
+pub type PDOMAIN_OEM_INFORMATION = *mut DOMAIN_OEM_INFORMATION;
+STRUCT!{struct DOMAIN_NAME_INFORMATION {
+ DomainName: UNICODE_STRING,
+}}
+pub type PDOMAIN_NAME_INFORMATION = *mut DOMAIN_NAME_INFORMATION;
+STRUCT!{struct DOMAIN_SERVER_ROLE_INFORMATION {
+ DomainServerRole: DOMAIN_SERVER_ROLE,
+}}
+pub type PDOMAIN_SERVER_ROLE_INFORMATION = *mut DOMAIN_SERVER_ROLE_INFORMATION;
+STRUCT!{struct DOMAIN_REPLICATION_INFORMATION {
+ ReplicaSourceNodeName: UNICODE_STRING,
+}}
+pub type PDOMAIN_REPLICATION_INFORMATION = *mut DOMAIN_REPLICATION_INFORMATION;
+STRUCT!{struct DOMAIN_MODIFIED_INFORMATION {
+ DomainModifiedCount: LARGE_INTEGER,
+ CreationTime: LARGE_INTEGER,
+}}
+pub type PDOMAIN_MODIFIED_INFORMATION = *mut DOMAIN_MODIFIED_INFORMATION;
+STRUCT!{struct DOMAIN_MODIFIED_INFORMATION2 {
+ DomainModifiedCount: LARGE_INTEGER,
+ CreationTime: LARGE_INTEGER,
+ ModifiedCountAtLastPromotion: LARGE_INTEGER,
+}}
+pub type PDOMAIN_MODIFIED_INFORMATION2 = *mut DOMAIN_MODIFIED_INFORMATION2;
+STRUCT!{struct DOMAIN_STATE_INFORMATION {
+ DomainServerState: DOMAIN_SERVER_ENABLE_STATE,
+}}
+pub type PDOMAIN_STATE_INFORMATION = *mut DOMAIN_STATE_INFORMATION;
+STRUCT!{struct DOMAIN_LOCKOUT_INFORMATION {
+ LockoutDuration: LARGE_INTEGER,
+ LockoutObservationWindow: LARGE_INTEGER,
+ LockoutThreshold: USHORT,
+}}
+pub type PDOMAIN_LOCKOUT_INFORMATION = *mut DOMAIN_LOCKOUT_INFORMATION;
+ENUM!{enum DOMAIN_DISPLAY_INFORMATION {
+ DomainDisplayUser = 1,
+ DomainDisplayMachine = 2,
+ DomainDisplayGroup = 3,
+ DomainDisplayOemUser = 4,
+ DomainDisplayOemGroup = 5,
+ DomainDisplayServer = 6,
+}}
+pub type PDOMAIN_DISPLAY_INFORMATION = *mut DOMAIN_DISPLAY_INFORMATION;
+STRUCT!{struct DOMAIN_DISPLAY_USER {
+ Index: ULONG,
+ Rid: ULONG,
+ AccountControl: ULONG,
+ LogonName: UNICODE_STRING,
+ AdminComment: UNICODE_STRING,
+ FullName: UNICODE_STRING,
+}}
+pub type PDOMAIN_DISPLAY_USER = *mut DOMAIN_DISPLAY_USER;
+STRUCT!{struct DOMAIN_DISPLAY_MACHINE {
+ Index: ULONG,
+ Rid: ULONG,
+ AccountControl: ULONG,
+ Machine: UNICODE_STRING,
+ Comment: UNICODE_STRING,
+}}
+pub type PDOMAIN_DISPLAY_MACHINE = *mut DOMAIN_DISPLAY_MACHINE;
+STRUCT!{struct DOMAIN_DISPLAY_GROUP {
+ Index: ULONG,
+ Rid: ULONG,
+ Attributes: ULONG,
+ Group: UNICODE_STRING,
+ Comment: UNICODE_STRING,
+}}
+pub type PDOMAIN_DISPLAY_GROUP = *mut DOMAIN_DISPLAY_GROUP;
+STRUCT!{struct DOMAIN_DISPLAY_OEM_USER {
+ Index: ULONG,
+ User: OEM_STRING,
+}}
+pub type PDOMAIN_DISPLAY_OEM_USER = *mut DOMAIN_DISPLAY_OEM_USER;
+STRUCT!{struct DOMAIN_DISPLAY_OEM_GROUP {
+ Index: ULONG,
+ Group: OEM_STRING,
+}}
+pub type PDOMAIN_DISPLAY_OEM_GROUP = *mut DOMAIN_DISPLAY_OEM_GROUP;
+ENUM!{enum DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION {
+ DomainLocalizableAccountsBasic = 1,
+}}
+pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION = *mut DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION;
+STRUCT!{struct DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY {
+ Rid: ULONG,
+ Use: SID_NAME_USE,
+ Name: UNICODE_STRING,
+ AdminComment: UNICODE_STRING,
+}}
+pub type PDOMAIN_LOCALIZABLE_ACCOUNT_ENTRY = *mut DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY;
+STRUCT!{struct DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC {
+ Count: ULONG,
+ Entries: *mut DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY,
+}}
+pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_BASIC = *mut DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC;
+UNION!{union DOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER {
+ Basic: DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC,
+}}
+pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER = *mut DOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER;
+EXTERN!{extern "system" {
+ fn SamLookupDomainInSamServer(
+ ServerHandle: SAM_HANDLE,
+ Name: PUNICODE_STRING,
+ DomainId: *mut PSID,
+ ) -> NTSTATUS;
+ fn SamEnumerateDomainsInSamServer(
+ ServerHandle: SAM_HANDLE,
+ EnumerationContext: PSAM_ENUMERATE_HANDLE,
+ Buffer: *mut PVOID,
+ PreferedMaximumLength: ULONG,
+ CountReturned: PULONG,
+ ) -> NTSTATUS;
+ fn SamOpenDomain(
+ ServerHandle: SAM_HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ DomainId: PSID,
+ DomainHandle: PSAM_HANDLE,
+ ) -> NTSTATUS;
+ fn SamQueryInformationDomain(
+ DomainHandle: SAM_HANDLE,
+ DomainInformationClass: DOMAIN_INFORMATION_CLASS,
+ Buffer: *mut PVOID,
+ ) -> NTSTATUS;
+ fn SamSetInformationDomain(
+ DomainHandle: SAM_HANDLE,
+ DomainInformationClass: DOMAIN_INFORMATION_CLASS,
+ DomainInformation: PVOID,
+ ) -> NTSTATUS;
+ fn SamLookupNamesInDomain(
+ DomainHandle: SAM_HANDLE,
+ Count: ULONG,
+ Names: PUNICODE_STRING,
+ RelativeIds: *mut PULONG,
+ Use: *mut PSID_NAME_USE,
+ ) -> NTSTATUS;
+ fn SamLookupIdsInDomain(
+ DomainHandle: SAM_HANDLE,
+ Count: ULONG,
+ RelativeIds: PULONG,
+ Names: *mut PUNICODE_STRING,
+ Use: *mut PSID_NAME_USE,
+ ) -> NTSTATUS;
+ fn SamRemoveMemberFromForeignDomain(
+ DomainHandle: SAM_HANDLE,
+ MemberId: PSID,
+ ) -> NTSTATUS;
+ fn SamQueryLocalizableAccountsInDomain(
+ Domain: SAM_HANDLE,
+ Flags: ULONG,
+ LanguageId: ULONG,
+ Class: DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION,
+ Buffer: *mut PVOID,
+ ) -> NTSTATUS;
+}}
+pub const GROUP_READ_INFORMATION: ACCESS_MASK = 0x0001;
+pub const GROUP_WRITE_ACCOUNT: ACCESS_MASK = 0x0002;
+pub const GROUP_ADD_MEMBER: ACCESS_MASK = 0x0004;
+pub const GROUP_REMOVE_MEMBER: ACCESS_MASK = 0x0008;
+pub const GROUP_LIST_MEMBERS: ACCESS_MASK = 0x0010;
+pub const GROUP_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | GROUP_LIST_MEMBERS
+ | GROUP_WRITE_ACCOUNT | GROUP_ADD_MEMBER | GROUP_REMOVE_MEMBER | GROUP_READ_INFORMATION;
+pub const GROUP_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | GROUP_LIST_MEMBERS;
+pub const GROUP_WRITE: ACCESS_MASK =
+ STANDARD_RIGHTS_WRITE | GROUP_WRITE_ACCOUNT | GROUP_ADD_MEMBER | GROUP_REMOVE_MEMBER;
+pub const GROUP_EXECUTE: ACCESS_MASK = STANDARD_RIGHTS_EXECUTE | GROUP_READ_INFORMATION;
+STRUCT!{struct GROUP_MEMBERSHIP {
+ RelativeId: ULONG,
+ Attributes: ULONG,
+}}
+pub type PGROUP_MEMBERSHIP = *mut GROUP_MEMBERSHIP;
+ENUM!{enum GROUP_INFORMATION_CLASS {
+ GroupGeneralInformation = 1,
+ GroupNameInformation = 2,
+ GroupAttributeInformation = 3,
+ GroupAdminCommentInformation = 4,
+ GroupReplicationInformation = 5,
+}}
+STRUCT!{struct GROUP_GENERAL_INFORMATION {
+ Name: UNICODE_STRING,
+ Attributes: ULONG,
+ MemberCount: ULONG,
+ AdminComment: UNICODE_STRING,
+}}
+pub type PGROUP_GENERAL_INFORMATION = *mut GROUP_GENERAL_INFORMATION;
+STRUCT!{struct GROUP_NAME_INFORMATION {
+ Name: UNICODE_STRING,
+}}
+pub type PGROUP_NAME_INFORMATION = *mut GROUP_NAME_INFORMATION;
+STRUCT!{struct GROUP_ATTRIBUTE_INFORMATION {
+ Attributes: ULONG,
+}}
+pub type PGROUP_ATTRIBUTE_INFORMATION = *mut GROUP_ATTRIBUTE_INFORMATION;
+STRUCT!{struct GROUP_ADM_COMMENT_INFORMATION {
+ AdminComment: UNICODE_STRING,
+}}
+pub type PGROUP_ADM_COMMENT_INFORMATION = *mut GROUP_ADM_COMMENT_INFORMATION;
+EXTERN!{extern "system" {
+ fn SamEnumerateGroupsInDomain(
+ DomainHandle: SAM_HANDLE,
+ EnumerationContext: PSAM_ENUMERATE_HANDLE,
+ Buffer: *mut PVOID,
+ PreferedMaximumLength: ULONG,
+ CountReturned: PULONG,
+ ) -> NTSTATUS;
+ fn SamCreateGroupInDomain(
+ DomainHandle: SAM_HANDLE,
+ AccountName: PUNICODE_STRING,
+ DesiredAccess: ACCESS_MASK,
+ GroupHandle: PSAM_HANDLE,
+ RelativeId: PULONG,
+ ) -> NTSTATUS;
+ fn SamOpenGroup(
+ DomainHandle: SAM_HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ GroupId: ULONG,
+ GroupHandle: PSAM_HANDLE,
+ ) -> NTSTATUS;
+ fn SamDeleteGroup(
+ GroupHandle: SAM_HANDLE,
+ ) -> NTSTATUS;
+ fn SamQueryInformationGroup(
+ GroupHandle: SAM_HANDLE,
+ GroupInformationClass: GROUP_INFORMATION_CLASS,
+ Buffer: *mut PVOID,
+ ) -> NTSTATUS;
+ fn SamSetInformationGroup(
+ GroupHandle: SAM_HANDLE,
+ GroupInformationClass: GROUP_INFORMATION_CLASS,
+ Buffer: PVOID,
+ ) -> NTSTATUS;
+ fn SamAddMemberToGroup(
+ GroupHandle: SAM_HANDLE,
+ MemberId: ULONG,
+ Attributes: ULONG,
+ ) -> NTSTATUS;
+ fn SamRemoveMemberFromGroup(
+ GroupHandle: SAM_HANDLE,
+ MemberId: ULONG,
+ ) -> NTSTATUS;
+ fn SamGetMembersInGroup(
+ GroupHandle: SAM_HANDLE,
+ MemberIds: *mut PULONG,
+ Attributes: *mut PULONG,
+ MemberCount: PULONG,
+ ) -> NTSTATUS;
+ fn SamSetMemberAttributesOfGroup(
+ GroupHandle: SAM_HANDLE,
+ MemberId: ULONG,
+ Attributes: ULONG,
+ ) -> NTSTATUS;
+}}
+pub const ALIAS_ADD_MEMBER: ACCESS_MASK = 0x0001;
+pub const ALIAS_REMOVE_MEMBER: ACCESS_MASK = 0x0002;
+pub const ALIAS_LIST_MEMBERS: ACCESS_MASK = 0x0004;
+pub const ALIAS_READ_INFORMATION: ACCESS_MASK = 0x0008;
+pub const ALIAS_WRITE_ACCOUNT: ACCESS_MASK = 0x0010;
+pub const ALIAS_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | ALIAS_READ_INFORMATION
+ | ALIAS_WRITE_ACCOUNT | ALIAS_LIST_MEMBERS | ALIAS_ADD_MEMBER | ALIAS_REMOVE_MEMBER;
+pub const ALIAS_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | ALIAS_LIST_MEMBERS;
+pub const ALIAS_WRITE: ACCESS_MASK =
+ STANDARD_RIGHTS_WRITE | ALIAS_WRITE_ACCOUNT | ALIAS_ADD_MEMBER | ALIAS_REMOVE_MEMBER;
+pub const ALIAS_EXECUTE: ACCESS_MASK = STANDARD_RIGHTS_EXECUTE | ALIAS_READ_INFORMATION;
+ENUM!{enum ALIAS_INFORMATION_CLASS {
+ AliasGeneralInformation = 1,
+ AliasNameInformation = 2,
+ AliasAdminCommentInformation = 3,
+ AliasReplicationInformation = 4,
+ AliasExtendedInformation = 5,
+}}
+STRUCT!{struct ALIAS_GENERAL_INFORMATION {
+ Name: UNICODE_STRING,
+ MemberCount: ULONG,
+ AdminComment: UNICODE_STRING,
+}}
+pub type PALIAS_GENERAL_INFORMATION = *mut ALIAS_GENERAL_INFORMATION;
+STRUCT!{struct ALIAS_NAME_INFORMATION {
+ Name: UNICODE_STRING,
+}}
+pub type PALIAS_NAME_INFORMATION = *mut ALIAS_NAME_INFORMATION;
+STRUCT!{struct ALIAS_ADM_COMMENT_INFORMATION {
+ AdminComment: UNICODE_STRING,
+}}
+pub type PALIAS_ADM_COMMENT_INFORMATION = *mut ALIAS_ADM_COMMENT_INFORMATION;
+pub const ALIAS_ALL_NAME: ULONG = 0x00000001;
+pub const ALIAS_ALL_MEMBER_COUNT: ULONG = 0x00000002;
+pub const ALIAS_ALL_ADMIN_COMMENT: ULONG = 0x00000004;
+pub const ALIAS_ALL_SHELL_ADMIN_OBJECT_PROPERTIES: ULONG = 0x00000008;
+STRUCT!{struct ALIAS_EXTENDED_INFORMATION {
+ WhichFields: ULONG,
+ ShellAdminObjectProperties: SAM_SHELL_OBJECT_PROPERTIES,
+}}
+pub type PALIAS_EXTENDED_INFORMATION = *mut ALIAS_EXTENDED_INFORMATION;
+EXTERN!{extern "system" {
+ fn SamEnumerateAliasesInDomain(
+ DomainHandle: SAM_HANDLE,
+ EnumerationContext: PSAM_ENUMERATE_HANDLE,
+ Buffer: *mut PVOID,
+ PreferedMaximumLength: ULONG,
+ CountReturned: PULONG,
+ ) -> NTSTATUS;
+ fn SamCreateAliasInDomain(
+ DomainHandle: SAM_HANDLE,
+ AccountName: PUNICODE_STRING,
+ DesiredAccess: ACCESS_MASK,
+ AliasHandle: PSAM_HANDLE,
+ RelativeId: PULONG,
+ ) -> NTSTATUS;
+ fn SamOpenAlias(
+ DomainHandle: SAM_HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ AliasId: ULONG,
+ AliasHandle: PSAM_HANDLE,
+ ) -> NTSTATUS;
+ fn SamDeleteAlias(
+ AliasHandle: SAM_HANDLE,
+ ) -> NTSTATUS;
+ fn SamQueryInformationAlias(
+ AliasHandle: SAM_HANDLE,
+ AliasInformationClass: ALIAS_INFORMATION_CLASS,
+ Buffer: *mut PVOID,
+ ) -> NTSTATUS;
+ fn SamSetInformationAlias(
+ AliasHandle: SAM_HANDLE,
+ AliasInformationClass: ALIAS_INFORMATION_CLASS,
+ Buffer: PVOID,
+ ) -> NTSTATUS;
+ fn SamAddMemberToAlias(
+ AliasHandle: SAM_HANDLE,
+ MemberId: PSID,
+ ) -> NTSTATUS;
+ fn SamAddMultipleMembersToAlias(
+ AliasHandle: SAM_HANDLE,
+ MemberIds: *mut PSID,
+ MemberCount: ULONG,
+ ) -> NTSTATUS;
+ fn SamRemoveMemberFromAlias(
+ AliasHandle: SAM_HANDLE,
+ MemberId: PSID,
+ ) -> NTSTATUS;
+ fn SamRemoveMultipleMembersFromAlias(
+ AliasHandle: SAM_HANDLE,
+ MemberIds: *mut PSID,
+ MemberCount: ULONG,
+ ) -> NTSTATUS;
+ fn SamGetMembersInAlias(
+ AliasHandle: SAM_HANDLE,
+ MemberIds: *mut *mut PSID,
+ MemberCount: PULONG,
+ ) -> NTSTATUS;
+ fn SamGetAliasMembership(
+ DomainHandle: SAM_HANDLE,
+ PassedCount: ULONG,
+ Sids: *mut PSID,
+ MembershipCount: PULONG,
+ Aliases: *mut PULONG,
+ ) -> NTSTATUS;
+}}
+pub const GROUP_TYPE_BUILTIN_LOCAL_GROUP: u32 = 0x00000001;
+pub const GROUP_TYPE_ACCOUNT_GROUP: u32 = 0x00000002;
+pub const GROUP_TYPE_RESOURCE_GROUP: u32 = 0x00000004;
+pub const GROUP_TYPE_UNIVERSAL_GROUP: u32 = 0x00000008;
+pub const GROUP_TYPE_APP_BASIC_GROUP: u32 = 0x00000010;
+pub const GROUP_TYPE_APP_QUERY_GROUP: u32 = 0x00000020;
+pub const GROUP_TYPE_SECURITY_ENABLED: u32 = 0x80000000;
+pub const GROUP_TYPE_RESOURCE_BEHAVOIR: u32 =
+ GROUP_TYPE_RESOURCE_GROUP | GROUP_TYPE_APP_BASIC_GROUP | GROUP_TYPE_APP_QUERY_GROUP;
+pub const USER_READ_GENERAL: DWORD = 0x0001;
+pub const USER_READ_PREFERENCES: DWORD = 0x0002;
+pub const USER_WRITE_PREFERENCES: DWORD = 0x0004;
+pub const USER_READ_LOGON: DWORD = 0x0008;
+pub const USER_READ_ACCOUNT: DWORD = 0x0010;
+pub const USER_WRITE_ACCOUNT: DWORD = 0x0020;
+pub const USER_CHANGE_PASSWORD: DWORD = 0x0040;
+pub const USER_FORCE_PASSWORD_CHANGE: DWORD = 0x0080;
+pub const USER_LIST_GROUPS: DWORD = 0x0100;
+pub const USER_READ_GROUP_INFORMATION: DWORD = 0x0200;
+pub const USER_WRITE_GROUP_INFORMATION: DWORD = 0x0400;
+pub const USER_ALL_ACCESS: DWORD = STANDARD_RIGHTS_REQUIRED | USER_READ_PREFERENCES
+ | USER_READ_LOGON | USER_LIST_GROUPS | USER_READ_GROUP_INFORMATION | USER_WRITE_PREFERENCES
+ | USER_CHANGE_PASSWORD | USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL | USER_READ_ACCOUNT
+ | USER_WRITE_ACCOUNT | USER_WRITE_GROUP_INFORMATION;
+pub const USER_READ: DWORD = STANDARD_RIGHTS_READ | USER_READ_PREFERENCES | USER_READ_LOGON
+ | USER_READ_ACCOUNT | USER_LIST_GROUPS | USER_READ_GROUP_INFORMATION;
+pub const USER_WRITE: DWORD =
+ STANDARD_RIGHTS_WRITE | USER_WRITE_PREFERENCES | USER_CHANGE_PASSWORD;
+pub const USER_EXECUTE: DWORD = STANDARD_RIGHTS_EXECUTE | USER_READ_GENERAL | USER_CHANGE_PASSWORD;
+ENUM!{enum USER_INFORMATION_CLASS {
+ UserGeneralInformation = 1,
+ UserPreferencesInformation = 2,
+ UserLogonInformation = 3,
+ UserLogonHoursInformation = 4,
+ UserAccountInformation = 5,
+ UserNameInformation = 6,
+ UserAccountNameInformation = 7,
+ UserFullNameInformation = 8,
+ UserPrimaryGroupInformation = 9,
+ UserHomeInformation = 10,
+ UserScriptInformation = 11,
+ UserProfileInformation = 12,
+ UserAdminCommentInformation = 13,
+ UserWorkStationsInformation = 14,
+ UserSetPasswordInformation = 15,
+ UserControlInformation = 16,
+ UserExpiresInformation = 17,
+ UserInternal1Information = 18,
+ UserInternal2Information = 19,
+ UserParametersInformation = 20,
+ UserAllInformation = 21,
+ UserInternal3Information = 22,
+ UserInternal4Information = 23,
+ UserInternal5Information = 24,
+ UserInternal4InformationNew = 25,
+ UserInternal5InformationNew = 26,
+ UserInternal6Information = 27,
+ UserExtendedInformation = 28,
+ UserLogonUIInformation = 29,
+}}
+pub type PUSER_INFORMATION_CLASS = *mut USER_INFORMATION_CLASS;
+pub const USER_ALL_USERNAME: ULONG = 0x00000001;
+pub const USER_ALL_FULLNAME: ULONG = 0x00000002;
+pub const USER_ALL_USERID: ULONG = 0x00000004;
+pub const USER_ALL_PRIMARYGROUPID: ULONG = 0x00000008;
+pub const USER_ALL_ADMINCOMMENT: ULONG = 0x00000010;
+pub const USER_ALL_USERCOMMENT: ULONG = 0x00000020;
+pub const USER_ALL_HOMEDIRECTORY: ULONG = 0x00000040;
+pub const USER_ALL_HOMEDIRECTORYDRIVE: ULONG = 0x00000080;
+pub const USER_ALL_SCRIPTPATH: ULONG = 0x00000100;
+pub const USER_ALL_PROFILEPATH: ULONG = 0x00000200;
+pub const USER_ALL_WORKSTATIONS: ULONG = 0x00000400;
+pub const USER_ALL_LASTLOGON: ULONG = 0x00000800;
+pub const USER_ALL_LASTLOGOFF: ULONG = 0x00001000;
+pub const USER_ALL_LOGONHOURS: ULONG = 0x00002000;
+pub const USER_ALL_BADPASSWORDCOUNT: ULONG = 0x00004000;
+pub const USER_ALL_LOGONCOUNT: ULONG = 0x00008000;
+pub const USER_ALL_PASSWORDCANCHANGE: ULONG = 0x00010000;
+pub const USER_ALL_PASSWORDMUSTCHANGE: ULONG = 0x00020000;
+pub const USER_ALL_PASSWORDLASTSET: ULONG = 0x00040000;
+pub const USER_ALL_ACCOUNTEXPIRES: ULONG = 0x00080000;
+pub const USER_ALL_USERACCOUNTCONTROL: ULONG = 0x00100000;
+pub const USER_ALL_PARAMETERS: ULONG = 0x00200000;
+pub const USER_ALL_COUNTRYCODE: ULONG = 0x00400000;
+pub const USER_ALL_CODEPAGE: ULONG = 0x00800000;
+pub const USER_ALL_NTPASSWORDPRESENT: ULONG = 0x01000000;
+pub const USER_ALL_LMPASSWORDPRESENT: ULONG = 0x02000000;
+pub const USER_ALL_PRIVATEDATA: ULONG = 0x04000000;
+pub const USER_ALL_PASSWORDEXPIRED: ULONG = 0x08000000;
+pub const USER_ALL_SECURITYDESCRIPTOR: ULONG = 0x10000000;
+pub const USER_ALL_OWFPASSWORD: ULONG = 0x20000000;
+pub const USER_ALL_UNDEFINED_MASK: ULONG = 0xc0000000;
+pub const USER_ALL_READ_GENERAL_MASK: ULONG = USER_ALL_USERNAME | USER_ALL_FULLNAME
+ | USER_ALL_USERID | USER_ALL_PRIMARYGROUPID | USER_ALL_ADMINCOMMENT | USER_ALL_USERCOMMENT;
+pub const USER_ALL_READ_LOGON_MASK: ULONG = USER_ALL_HOMEDIRECTORY | USER_ALL_HOMEDIRECTORYDRIVE
+ | USER_ALL_SCRIPTPATH | USER_ALL_PROFILEPATH | USER_ALL_WORKSTATIONS | USER_ALL_LASTLOGON
+ | USER_ALL_LASTLOGOFF | USER_ALL_LOGONHOURS | USER_ALL_BADPASSWORDCOUNT | USER_ALL_LOGONCOUNT
+ | USER_ALL_PASSWORDCANCHANGE | USER_ALL_PASSWORDMUSTCHANGE;
+pub const USER_ALL_READ_ACCOUNT_MASK: ULONG = USER_ALL_PASSWORDLASTSET | USER_ALL_ACCOUNTEXPIRES
+ | USER_ALL_USERACCOUNTCONTROL | USER_ALL_PARAMETERS;
+pub const USER_ALL_READ_PREFERENCES_MASK: ULONG = USER_ALL_COUNTRYCODE | USER_ALL_CODEPAGE;
+pub const USER_ALL_READ_TRUSTED_MASK: ULONG = USER_ALL_NTPASSWORDPRESENT
+ | USER_ALL_LMPASSWORDPRESENT | USER_ALL_PASSWORDEXPIRED | USER_ALL_SECURITYDESCRIPTOR
+ | USER_ALL_PRIVATEDATA;
+pub const USER_ALL_READ_CANT_MASK: ULONG = USER_ALL_UNDEFINED_MASK;
+pub const USER_ALL_WRITE_ACCOUNT_MASK: ULONG = USER_ALL_USERNAME | USER_ALL_FULLNAME
+ | USER_ALL_PRIMARYGROUPID | USER_ALL_HOMEDIRECTORY | USER_ALL_HOMEDIRECTORYDRIVE
+ | USER_ALL_SCRIPTPATH | USER_ALL_PROFILEPATH | USER_ALL_ADMINCOMMENT | USER_ALL_WORKSTATIONS
+ | USER_ALL_LOGONHOURS | USER_ALL_ACCOUNTEXPIRES | USER_ALL_USERACCOUNTCONTROL
+ | USER_ALL_PARAMETERS;
+pub const USER_ALL_WRITE_PREFERENCES_MASK: ULONG =
+ USER_ALL_USERCOMMENT | USER_ALL_COUNTRYCODE | USER_ALL_CODEPAGE;
+pub const USER_ALL_WRITE_FORCE_PASSWORD_CHANGE_MASK: ULONG =
+ USER_ALL_NTPASSWORDPRESENT | USER_ALL_LMPASSWORDPRESENT | USER_ALL_PASSWORDEXPIRED;
+pub const USER_ALL_WRITE_TRUSTED_MASK: ULONG = USER_ALL_LASTLOGON | USER_ALL_LASTLOGOFF
+ | USER_ALL_BADPASSWORDCOUNT | USER_ALL_LOGONCOUNT | USER_ALL_PASSWORDLASTSET
+ | USER_ALL_SECURITYDESCRIPTOR | USER_ALL_PRIVATEDATA;
+pub const USER_ALL_WRITE_CANT_MASK: ULONG = USER_ALL_USERID | USER_ALL_PASSWORDCANCHANGE
+ | USER_ALL_PASSWORDMUSTCHANGE | USER_ALL_UNDEFINED_MASK;
+STRUCT!{struct USER_GENERAL_INFORMATION {
+ UserName: UNICODE_STRING,
+ FullName: UNICODE_STRING,
+ PrimaryGroupId: ULONG,
+ AdminComment: UNICODE_STRING,
+ UserComment: UNICODE_STRING,
+}}
+pub type PUSER_GENERAL_INFORMATION = *mut USER_GENERAL_INFORMATION;
+STRUCT!{struct USER_PREFERENCES_INFORMATION {
+ UserComment: UNICODE_STRING,
+ Reserved1: UNICODE_STRING,
+ CountryCode: USHORT,
+ CodePage: USHORT,
+}}
+pub type PUSER_PREFERENCES_INFORMATION = *mut USER_PREFERENCES_INFORMATION;
+STRUCT!{struct USER_PARAMETERS_INFORMATION {
+ Parameters: UNICODE_STRING,
+}}
+pub type PUSER_PARAMETERS_INFORMATION = *mut USER_PARAMETERS_INFORMATION;
+STRUCT!{#[repr(packed(4))] struct USER_LOGON_INFORMATION {
+ UserName: UNICODE_STRING,
+ FullName: UNICODE_STRING,
+ UserId: ULONG,
+ PrimaryGroupId: ULONG,
+ HomeDirectory: UNICODE_STRING,
+ HomeDirectoryDrive: UNICODE_STRING,
+ ScriptPath: UNICODE_STRING,
+ ProfilePath: UNICODE_STRING,
+ WorkStations: UNICODE_STRING,
+ LastLogon: LARGE_INTEGER,
+ LastLogoff: LARGE_INTEGER,
+ PasswordLastSet: LARGE_INTEGER,
+ PasswordCanChange: LARGE_INTEGER,
+ PasswordMustChange: LARGE_INTEGER,
+ LogonHours: LOGON_HOURS,
+ BadPasswordCount: USHORT,
+ LogonCount: USHORT,
+ UserAccountControl: ULONG,
+}}
+pub type PUSER_LOGON_INFORMATION = *mut USER_LOGON_INFORMATION;
+STRUCT!{#[repr(packed(4))] struct USER_ACCOUNT_INFORMATION {
+ UserName: UNICODE_STRING,
+ FullName: UNICODE_STRING,
+ UserId: ULONG,
+ PrimaryGroupId: ULONG,
+ HomeDirectory: UNICODE_STRING,
+ HomeDirectoryDrive: UNICODE_STRING,
+ ScriptPath: UNICODE_STRING,
+ ProfilePath: UNICODE_STRING,
+ AdminComment: UNICODE_STRING,
+ WorkStations: UNICODE_STRING,
+ LastLogon: LARGE_INTEGER,
+ LastLogoff: LARGE_INTEGER,
+ LogonHours: LOGON_HOURS,
+ BadPasswordCount: USHORT,
+ LogonCount: USHORT,
+ PasswordLastSet: LARGE_INTEGER,
+ AccountExpires: LARGE_INTEGER,
+ UserAccountControl: ULONG,
+}}
+pub type PUSER_ACCOUNT_INFORMATION = *mut USER_ACCOUNT_INFORMATION;
+STRUCT!{struct USER_ACCOUNT_NAME_INFORMATION {
+ UserName: UNICODE_STRING,
+}}
+pub type PUSER_ACCOUNT_NAME_INFORMATION = *mut USER_ACCOUNT_NAME_INFORMATION;
+STRUCT!{struct USER_FULL_NAME_INFORMATION {
+ FullName: UNICODE_STRING,
+}}
+pub type PUSER_FULL_NAME_INFORMATION = *mut USER_FULL_NAME_INFORMATION;
+STRUCT!{struct USER_NAME_INFORMATION {
+ UserName: UNICODE_STRING,
+ FullName: UNICODE_STRING,
+}}
+pub type PUSER_NAME_INFORMATION = *mut USER_NAME_INFORMATION;
+STRUCT!{struct USER_PRIMARY_GROUP_INFORMATION {
+ PrimaryGroupId: ULONG,
+}}
+pub type PUSER_PRIMARY_GROUP_INFORMATION = *mut USER_PRIMARY_GROUP_INFORMATION;
+STRUCT!{struct USER_HOME_INFORMATION {
+ HomeDirectory: UNICODE_STRING,
+ HomeDirectoryDrive: UNICODE_STRING,
+}}
+pub type PUSER_HOME_INFORMATION = *mut USER_HOME_INFORMATION;
+STRUCT!{struct USER_SCRIPT_INFORMATION {
+ ScriptPath: UNICODE_STRING,
+}}
+pub type PUSER_SCRIPT_INFORMATION = *mut USER_SCRIPT_INFORMATION;
+STRUCT!{struct USER_PROFILE_INFORMATION {
+ ProfilePath: UNICODE_STRING,
+}}
+pub type PUSER_PROFILE_INFORMATION = *mut USER_PROFILE_INFORMATION;
+STRUCT!{struct USER_ADMIN_COMMENT_INFORMATION {
+ AdminComment: UNICODE_STRING,
+}}
+pub type PUSER_ADMIN_COMMENT_INFORMATION = *mut USER_ADMIN_COMMENT_INFORMATION;
+STRUCT!{struct USER_WORKSTATIONS_INFORMATION {
+ WorkStations: UNICODE_STRING,
+}}
+pub type PUSER_WORKSTATIONS_INFORMATION = *mut USER_WORKSTATIONS_INFORMATION;
+STRUCT!{struct USER_SET_PASSWORD_INFORMATION {
+ Password: UNICODE_STRING,
+ PasswordExpired: BOOLEAN,
+}}
+pub type PUSER_SET_PASSWORD_INFORMATION = *mut USER_SET_PASSWORD_INFORMATION;
+STRUCT!{struct USER_CONTROL_INFORMATION {
+ UserAccountControl: ULONG,
+}}
+pub type PUSER_CONTROL_INFORMATION = *mut USER_CONTROL_INFORMATION;
+STRUCT!{struct USER_EXPIRES_INFORMATION {
+ AccountExpires: LARGE_INTEGER,
+}}
+pub type PUSER_EXPIRES_INFORMATION = *mut USER_EXPIRES_INFORMATION;
+STRUCT!{struct USER_LOGON_HOURS_INFORMATION {
+ LogonHours: LOGON_HOURS,
+}}
+pub type PUSER_LOGON_HOURS_INFORMATION = *mut USER_LOGON_HOURS_INFORMATION;
+pub type SAM_USER_TILE = SAM_BYTE_ARRAY_32K;
+pub type PSAM_USER_TILE = *mut SAM_BYTE_ARRAY_32K;
+pub const USER_EXTENDED_FIELD_USER_TILE: ULONG = 0x00001000;
+pub const USER_EXTENDED_FIELD_PASSWORD_HINT: ULONG = 0x00002000;
+pub const USER_EXTENDED_FIELD_DONT_SHOW_IN_LOGON_UI: ULONG = 0x00004000;
+pub const USER_EXTENDED_FIELD_SHELL_ADMIN_OBJECT_PROPERTIES: ULONG = 0x00008000;
+STRUCT!{struct USER_EXTENDED_INFORMATION {
+ ExtendedWhichFields: ULONG,
+ UserTile: SAM_USER_TILE,
+ PasswordHint: UNICODE_STRING,
+ DontShowInLogonUI: BOOLEAN,
+ ShellAdminObjectProperties: SAM_SHELL_OBJECT_PROPERTIES,
+}}
+pub type PUSER_EXTENDED_INFORMATION = *mut USER_EXTENDED_INFORMATION;
+STRUCT!{struct USER_LOGON_UI_INFORMATION {
+ PasswordIsBlank: BOOLEAN,
+ AccountIsDisabled: BOOLEAN,
+}}
+pub type PUSER_LOGON_UI_INFORMATION = *mut USER_LOGON_UI_INFORMATION;
+STRUCT!{struct USER_PWD_CHANGE_FAILURE_INFORMATION {
+ ExtendedFailureReason: ULONG,
+ FilterModuleName: UNICODE_STRING,
+}}
+pub type PUSER_PWD_CHANGE_FAILURE_INFORMATION = *mut USER_PWD_CHANGE_FAILURE_INFORMATION;
+pub const SAM_PWD_CHANGE_NO_ERROR: u32 = 0;
+pub const SAM_PWD_CHANGE_PASSWORD_TOO_SHORT: u32 = 1;
+pub const SAM_PWD_CHANGE_PWD_IN_HISTORY: u32 = 2;
+pub const SAM_PWD_CHANGE_USERNAME_IN_PASSWORD: u32 = 3;
+pub const SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD: u32 = 4;
+pub const SAM_PWD_CHANGE_NOT_COMPLEX: u32 = 5;
+pub const SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT: u32 = 6;
+pub const SAM_PWD_CHANGE_FAILED_BY_FILTER: u32 = 7;
+pub const SAM_PWD_CHANGE_PASSWORD_TOO_LONG: u32 = 8;
+pub const SAM_PWD_CHANGE_FAILURE_REASON_MAX: u32 = 8;
+EXTERN!{extern "system" {
+ fn SamEnumerateUsersInDomain(
+ DomainHandle: SAM_HANDLE,
+ EnumerationContext: PSAM_ENUMERATE_HANDLE,
+ UserAccountControl: ULONG,
+ Buffer: *mut PVOID,
+ PreferedMaximumLength: ULONG,
+ CountReturned: PULONG,
+ ) -> NTSTATUS;
+ fn SamCreateUserInDomain(
+ DomainHandle: SAM_HANDLE,
+ AccountName: PUNICODE_STRING,
+ DesiredAccess: ACCESS_MASK,
+ UserHandle: PSAM_HANDLE,
+ RelativeId: PULONG,
+ ) -> NTSTATUS;
+ fn SamCreateUser2InDomain(
+ DomainHandle: SAM_HANDLE,
+ AccountName: PUNICODE_STRING,
+ AccountType: ULONG,
+ DesiredAccess: ACCESS_MASK,
+ UserHandle: PSAM_HANDLE,
+ GrantedAccess: PULONG,
+ RelativeId: PULONG,
+ ) -> NTSTATUS;
+ fn SamOpenUser(
+ DomainHandle: SAM_HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ UserId: ULONG,
+ UserHandle: PSAM_HANDLE,
+ ) -> NTSTATUS;
+ fn SamDeleteUser(
+ UserHandle: SAM_HANDLE,
+ ) -> NTSTATUS;
+ fn SamQueryInformationUser(
+ UserHandle: SAM_HANDLE,
+ UserInformationClass: USER_INFORMATION_CLASS,
+ Buffer: *mut PVOID,
+ ) -> NTSTATUS;
+ fn SamSetInformationUser(
+ UserHandle: SAM_HANDLE,
+ UserInformationClass: USER_INFORMATION_CLASS,
+ Buffer: PVOID,
+ ) -> NTSTATUS;
+ fn SamGetGroupsForUser(
+ UserHandle: SAM_HANDLE,
+ Groups: *mut PGROUP_MEMBERSHIP,
+ MembershipCount: PULONG,
+ ) -> NTSTATUS;
+ fn SamChangePasswordUser(
+ UserHandle: SAM_HANDLE,
+ OldPassword: PUNICODE_STRING,
+ NewPassword: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn SamChangePasswordUser2(
+ ServerName: PUNICODE_STRING,
+ UserName: PUNICODE_STRING,
+ OldPassword: PUNICODE_STRING,
+ NewPassword: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn SamChangePasswordUser3(
+ ServerName: PUNICODE_STRING,
+ UserName: PUNICODE_STRING,
+ OldPassword: PUNICODE_STRING,
+ NewPassword: PUNICODE_STRING,
+ EffectivePasswordPolicy: *mut PDOMAIN_PASSWORD_INFORMATION,
+ PasswordChangeFailureInfo: *mut PUSER_PWD_CHANGE_FAILURE_INFORMATION,
+ ) -> NTSTATUS;
+ fn SamQueryDisplayInformation(
+ DomainHandle: SAM_HANDLE,
+ DisplayInformation: DOMAIN_DISPLAY_INFORMATION,
+ Index: ULONG,
+ EntryCount: ULONG,
+ PreferredMaximumLength: ULONG,
+ TotalAvailable: PULONG,
+ TotalReturned: PULONG,
+ ReturnedEntryCount: PULONG,
+ SortedBuffer: *mut PVOID,
+ ) -> NTSTATUS;
+ fn SamGetDisplayEnumerationIndex(
+ DomainHandle: SAM_HANDLE,
+ DisplayInformation: DOMAIN_DISPLAY_INFORMATION,
+ Prefix: PUNICODE_STRING,
+ Index: PULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum SECURITY_DB_DELTA_TYPE {
+ SecurityDbNew = 1,
+ SecurityDbRename = 2,
+ SecurityDbDelete = 3,
+ SecurityDbChangeMemberAdd = 4,
+ SecurityDbChangeMemberSet = 5,
+ SecurityDbChangeMemberDel = 6,
+ SecurityDbChange = 7,
+ SecurityDbChangePassword = 8,
+}}
+pub type PSECURITY_DB_DELTA_TYPE = *mut SECURITY_DB_DELTA_TYPE;
+ENUM!{enum SECURITY_DB_OBJECT_TYPE {
+ SecurityDbObjectSamDomain = 1,
+ SecurityDbObjectSamUser = 2,
+ SecurityDbObjectSamGroup = 3,
+ SecurityDbObjectSamAlias = 4,
+ SecurityDbObjectLsaPolicy = 5,
+ SecurityDbObjectLsaTDomain = 6,
+ SecurityDbObjectLsaAccount = 7,
+ SecurityDbObjectLsaSecret = 8,
+}}
+pub type PSECURITY_DB_OBJECT_TYPE = *mut SECURITY_DB_OBJECT_TYPE;
+ENUM!{enum SAM_ACCOUNT_TYPE {
+ SamObjectUser = 1,
+ SamObjectGroup = 2,
+ SamObjectAlias = 3,
+}}
+pub type PSAM_ACCOUNT_TYPE = *mut SAM_ACCOUNT_TYPE;
+pub const SAM_USER_ACCOUNT: u32 = 0x00000001;
+pub const SAM_GLOBAL_GROUP_ACCOUNT: u32 = 0x00000002;
+pub const SAM_LOCAL_GROUP_ACCOUNT: u32 = 0x00000004;
+STRUCT!{struct SAM_GROUP_MEMBER_ID {
+ MemberRid: ULONG,
+}}
+pub type PSAM_GROUP_MEMBER_ID = *mut SAM_GROUP_MEMBER_ID;
+STRUCT!{struct SAM_ALIAS_MEMBER_ID {
+ MemberSid: PSID,
+}}
+pub type PSAM_ALIAS_MEMBER_ID = *mut SAM_ALIAS_MEMBER_ID;
+UNION!{union SAM_DELTA_DATA {
+ GroupMemberId: SAM_GROUP_MEMBER_ID,
+ AliasMemberId: SAM_ALIAS_MEMBER_ID,
+ AccountControl: ULONG,
+}}
+pub type PSAM_DELTA_DATA = *mut SAM_DELTA_DATA;
+FN!{stdcall PSAM_DELTA_NOTIFICATION_ROUTINE(
+ DomainSid: PSID,
+ DeltaType: SECURITY_DB_DELTA_TYPE,
+ ObjectType: SECURITY_DB_OBJECT_TYPE,
+ ObjectRid: ULONG,
+ ObjectName: PUNICODE_STRING,
+ ModifiedCount: PLARGE_INTEGER,
+ DeltaData: PSAM_DELTA_DATA,
+) -> NTSTATUS}
+pub const SAM_DELTA_NOTIFY_ROUTINE: UTF8Const = UTF8Const("DeltaNotify\0");
+EXTERN!{extern "system" {
+ fn SamRegisterObjectChangeNotification(
+ ObjectType: SECURITY_DB_OBJECT_TYPE,
+ NotificationEventHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn SamUnregisterObjectChangeNotification(
+ ObjectType: SECURITY_DB_OBJECT_TYPE,
+ NotificationEventHandle: HANDLE,
+ ) -> NTSTATUS;
+}}
+pub const SAM_SID_COMPATIBILITY_ALL: u32 = 0;
+pub const SAM_SID_COMPATIBILITY_LAX: u32 = 1;
+pub const SAM_SID_COMPATIBILITY_STRICT: u32 = 2;
+EXTERN!{extern "system" {
+ fn SamGetCompatibilityMode(
+ ObjectHandle: SAM_HANDLE,
+ Mode: *mut ULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum PASSWORD_POLICY_VALIDATION_TYPE {
+ SamValidateAuthentication = 1,
+ SamValidatePasswordChange = 2,
+ SamValidatePasswordReset = 3,
+}}
+STRUCT!{struct SAM_VALIDATE_PASSWORD_HASH {
+ Length: ULONG,
+ Hash: PUCHAR,
+}}
+pub type PSAM_VALIDATE_PASSWORD_HASH = *mut SAM_VALIDATE_PASSWORD_HASH;
+pub const SAM_VALIDATE_PASSWORD_LAST_SET: u32 = 0x00000001;
+pub const SAM_VALIDATE_BAD_PASSWORD_TIME: u32 = 0x00000002;
+pub const SAM_VALIDATE_LOCKOUT_TIME: u32 = 0x00000004;
+pub const SAM_VALIDATE_BAD_PASSWORD_COUNT: u32 = 0x00000008;
+pub const SAM_VALIDATE_PASSWORD_HISTORY_LENGTH: u32 = 0x00000010;
+pub const SAM_VALIDATE_PASSWORD_HISTORY: u32 = 0x00000020;
+STRUCT!{struct SAM_VALIDATE_PERSISTED_FIELDS {
+ PresentFields: ULONG,
+ PasswordLastSet: LARGE_INTEGER,
+ BadPasswordTime: LARGE_INTEGER,
+ LockoutTime: LARGE_INTEGER,
+ BadPasswordCount: ULONG,
+ PasswordHistoryLength: ULONG,
+ PasswordHistory: PSAM_VALIDATE_PASSWORD_HASH,
+}}
+pub type PSAM_VALIDATE_PERSISTED_FIELDS = *mut SAM_VALIDATE_PERSISTED_FIELDS;
+ENUM!{enum SAM_VALIDATE_VALIDATION_STATUS {
+ SamValidateSuccess = 0,
+ SamValidatePasswordMustChange = 1,
+ SamValidateAccountLockedOut = 2,
+ SamValidatePasswordExpired = 3,
+ SamValidatePasswordIncorrect = 4,
+ SamValidatePasswordIsInHistory = 5,
+ SamValidatePasswordTooShort = 6,
+ SamValidatePasswordTooLong = 7,
+ SamValidatePasswordNotComplexEnough = 8,
+ SamValidatePasswordTooRecent = 9,
+ SamValidatePasswordFilterError = 10,
+}}
+pub type PSAM_VALIDATE_VALIDATION_STATUS = *mut SAM_VALIDATE_VALIDATION_STATUS;
+STRUCT!{struct SAM_VALIDATE_STANDARD_OUTPUT_ARG {
+ ChangedPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS,
+ ValidationStatus: SAM_VALIDATE_VALIDATION_STATUS,
+}}
+pub type PSAM_VALIDATE_STANDARD_OUTPUT_ARG = *mut SAM_VALIDATE_STANDARD_OUTPUT_ARG;
+STRUCT!{struct SAM_VALIDATE_AUTHENTICATION_INPUT_ARG {
+ InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS,
+ PasswordMatched: BOOLEAN,
+}}
+pub type PSAM_VALIDATE_AUTHENTICATION_INPUT_ARG = *mut SAM_VALIDATE_AUTHENTICATION_INPUT_ARG;
+STRUCT!{struct SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG {
+ InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS,
+ ClearPassword: UNICODE_STRING,
+ UserAccountName: UNICODE_STRING,
+ HashedPassword: SAM_VALIDATE_PASSWORD_HASH,
+ PasswordMatch: BOOLEAN,
+}}
+pub type PSAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG = *mut SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG;
+STRUCT!{struct SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG {
+ InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS,
+ ClearPassword: UNICODE_STRING,
+ UserAccountName: UNICODE_STRING,
+ HashedPassword: SAM_VALIDATE_PASSWORD_HASH,
+ PasswordMustChangeAtNextLogon: BOOLEAN,
+ ClearLockout: BOOLEAN,
+}}
+pub type PSAM_VALIDATE_PASSWORD_RESET_INPUT_ARG = *mut SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG;
+UNION!{union SAM_VALIDATE_INPUT_ARG {
+ ValidateAuthenticationInput: SAM_VALIDATE_AUTHENTICATION_INPUT_ARG,
+ ValidatePasswordChangeInput: SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG,
+ ValidatePasswordResetInput: SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG,
+}}
+pub type PSAM_VALIDATE_INPUT_ARG = *mut SAM_VALIDATE_INPUT_ARG;
+UNION!{union SAM_VALIDATE_OUTPUT_ARG {
+ ValidateAuthenticationOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG,
+ ValidatePasswordChangeOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG,
+ ValidatePasswordResetOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG,
+}}
+pub type PSAM_VALIDATE_OUTPUT_ARG = *mut SAM_VALIDATE_OUTPUT_ARG;
+EXTERN!{extern "system" {
+ fn SamValidatePassword(
+ ServerName: PUNICODE_STRING,
+ ValidationType: PASSWORD_POLICY_VALIDATION_TYPE,
+ InputArg: PSAM_VALIDATE_INPUT_ARG,
+ OutputArg: *mut PSAM_VALIDATE_OUTPUT_ARG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum SAM_GENERIC_OPERATION_TYPE {
+ SamObjectChangeNotificationOperation = 0,
+}}
+pub type PSAM_GENERIC_OPERATION_TYPE = *mut SAM_GENERIC_OPERATION_TYPE;
+STRUCT!{struct SAM_OPERATION_OBJCHG_INPUT {
+ Register: BOOLEAN,
+ EventHandle: ULONG64,
+ ObjectType: SECURITY_DB_OBJECT_TYPE,
+ ProcessID: ULONG,
+}}
+pub type PSAM_OPERATION_OBJCHG_INPUT = *mut SAM_OPERATION_OBJCHG_INPUT;
+STRUCT!{struct SAM_OPERATION_OBJCHG_OUTPUT {
+ Reserved: ULONG,
+}}
+pub type PSAM_OPERATION_OBJCHG_OUTPUT = *mut SAM_OPERATION_OBJCHG_OUTPUT;
+UNION!{union SAM_GENERIC_OPERATION_INPUT {
+ ObjChangeIn: SAM_OPERATION_OBJCHG_INPUT,
+}}
+pub type PSAM_GENERIC_OPERATION_INPUT = *mut SAM_GENERIC_OPERATION_INPUT;
+UNION!{union SAM_GENERIC_OPERATION_OUTPUT {
+ ObjChangeOut: SAM_OPERATION_OBJCHG_OUTPUT,
+}}
+pub type PSAM_GENERIC_OPERATION_OUTPUT = *mut SAM_GENERIC_OPERATION_OUTPUT;
+EXTERN!{extern "system" {
+ fn SamPerformGenericOperation(
+ ServerName: PWSTR,
+ OperationType: SAM_GENERIC_OPERATION_TYPE,
+ OperationIn: PSAM_GENERIC_OPERATION_INPUT,
+ OperationOut: *mut PSAM_GENERIC_OPERATION_OUTPUT,
+ ) -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/ntseapi.rs b/vendor/ntapi/src/ntseapi.rs
new file mode 100644
index 000000000..4cac9f4f8
--- /dev/null
+++ b/vendor/ntapi/src/ntseapi.rs
@@ -0,0 +1,439 @@
+use winapi::shared::basetsd::{PLONG64, PULONG64, ULONG64};
+use winapi::shared::ntdef::{
+ BOOLEAN, HANDLE, LONG, NTSTATUS, PBOOLEAN, PHANDLE, PLARGE_INTEGER, PLUID, PNTSTATUS,
+ POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, ULONG, UNICODE_STRING, USHORT,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, AUDIT_EVENT_TYPE, PACCESS_MASK, PGENERIC_MAPPING, POBJECT_TYPE_LIST,
+ PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES,
+ PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER,
+ PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, SE_SIGNING_LEVEL,
+ TOKEN_INFORMATION_CLASS, TOKEN_TYPE,
+};
+pub const SE_MIN_WELL_KNOWN_PRIVILEGE: LONG = 2;
+pub const SE_CREATE_TOKEN_PRIVILEGE: LONG = 2;
+pub const SE_ASSIGNPRIMARYTOKEN_PRIVILEGE: LONG = 3;
+pub const SE_LOCK_MEMORY_PRIVILEGE: LONG = 4;
+pub const SE_INCREASE_QUOTA_PRIVILEGE: LONG = 5;
+pub const SE_MACHINE_ACCOUNT_PRIVILEGE: LONG = 6;
+pub const SE_TCB_PRIVILEGE: LONG = 7;
+pub const SE_SECURITY_PRIVILEGE: LONG = 8;
+pub const SE_TAKE_OWNERSHIP_PRIVILEGE: LONG = 9;
+pub const SE_LOAD_DRIVER_PRIVILEGE: LONG = 10;
+pub const SE_SYSTEM_PROFILE_PRIVILEGE: LONG = 11;
+pub const SE_SYSTEMTIME_PRIVILEGE: LONG = 12;
+pub const SE_PROF_SINGLE_PROCESS_PRIVILEGE: LONG = 13;
+pub const SE_INC_BASE_PRIORITY_PRIVILEGE: LONG = 14;
+pub const SE_CREATE_PAGEFILE_PRIVILEGE: LONG = 15;
+pub const SE_CREATE_PERMANENT_PRIVILEGE: LONG = 16;
+pub const SE_BACKUP_PRIVILEGE: LONG = 17;
+pub const SE_RESTORE_PRIVILEGE: LONG = 18;
+pub const SE_SHUTDOWN_PRIVILEGE: LONG = 19;
+pub const SE_DEBUG_PRIVILEGE: LONG = 20;
+pub const SE_AUDIT_PRIVILEGE: LONG = 21;
+pub const SE_SYSTEM_ENVIRONMENT_PRIVILEGE: LONG = 22;
+pub const SE_CHANGE_NOTIFY_PRIVILEGE: LONG = 23;
+pub const SE_REMOTE_SHUTDOWN_PRIVILEGE: LONG = 24;
+pub const SE_UNDOCK_PRIVILEGE: LONG = 25;
+pub const SE_SYNC_AGENT_PRIVILEGE: LONG = 26;
+pub const SE_ENABLE_DELEGATION_PRIVILEGE: LONG = 27;
+pub const SE_MANAGE_VOLUME_PRIVILEGE: LONG = 28;
+pub const SE_IMPERSONATE_PRIVILEGE: LONG = 29;
+pub const SE_CREATE_GLOBAL_PRIVILEGE: LONG = 30;
+pub const SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE: LONG = 31;
+pub const SE_RELABEL_PRIVILEGE: LONG = 32;
+pub const SE_INC_WORKING_SET_PRIVILEGE: LONG = 33;
+pub const SE_TIME_ZONE_PRIVILEGE: LONG = 34;
+pub const SE_CREATE_SYMBOLIC_LINK_PRIVILEGE: LONG = 35;
+pub const SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE: LONG = 36;
+pub const SE_MAX_WELL_KNOWN_PRIVILEGE: LONG = SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID: USHORT = 0x00;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64: USHORT = 0x01;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64: USHORT = 0x02;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING: USHORT = 0x03;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN: USHORT = 0x04;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_SID: USHORT = 0x05;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: USHORT = 0x06;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: USHORT = 0x10;
+pub const TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE: USHORT = 0x0001;
+pub const TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE: USHORT = 0x0002;
+pub const TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY: USHORT = 0x0004;
+pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT: USHORT = 0x0008;
+pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED: USHORT = 0x0010;
+pub const TOKEN_SECURITY_ATTRIBUTE_MANDATORY: USHORT = 0x0020;
+pub const TOKEN_SECURITY_ATTRIBUTE_COMPARE_IGNORE: USHORT = 0x0040;
+pub const TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS: USHORT = TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE
+ | TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE | TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY
+ | TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT | TOKEN_SECURITY_ATTRIBUTE_DISABLED
+ | TOKEN_SECURITY_ATTRIBUTE_MANDATORY;
+pub const TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS: u32 = 0xffff0000;
+STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE {
+ Version: ULONG64,
+ Name: UNICODE_STRING,
+}}
+pub type PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE = *mut TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE;
+STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE {
+ pValue: PVOID,
+ ValueLength: ULONG,
+}}
+pub type PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE =
+ *mut TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE;
+UNION!{union TOKEN_SECURITY_ATTRIBUTE_V1_Values {
+ pInt64: PLONG64,
+ pUint64: PULONG64,
+ pString: PUNICODE_STRING,
+ pFqbn: PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE,
+ pOctetString: PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE,
+}}
+STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_V1 {
+ Name: UNICODE_STRING,
+ ValueType: USHORT,
+ Reserved: USHORT,
+ Flags: ULONG,
+ ValueCount: ULONG,
+ Values: TOKEN_SECURITY_ATTRIBUTE_V1_Values,
+}}
+pub type PTOKEN_SECURITY_ATTRIBUTE_V1 = *mut TOKEN_SECURITY_ATTRIBUTE_V1;
+pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1: USHORT = 1;
+pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION: USHORT =
+ TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1;
+STRUCT!{struct TOKEN_SECURITY_ATTRIBUTES_INFORMATION {
+ Version: USHORT,
+ Reserved: USHORT,
+ AttributeCount: ULONG,
+ pAttributeV1: PTOKEN_SECURITY_ATTRIBUTE_V1,
+}}
+pub type PTOKEN_SECURITY_ATTRIBUTES_INFORMATION = *mut TOKEN_SECURITY_ATTRIBUTES_INFORMATION;
+STRUCT!{struct TOKEN_PROCESS_TRUST_LEVEL {
+ TrustLevelSid: PSID,
+}}
+pub type PTOKEN_PROCESS_TRUST_LEVEL = *mut TOKEN_PROCESS_TRUST_LEVEL;
+EXTERN!{extern "system" {
+ fn NtCreateToken(
+ TokenHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TokenType: TOKEN_TYPE,
+ AuthenticationId: PLUID,
+ ExpirationTime: PLARGE_INTEGER,
+ User: PTOKEN_USER,
+ Groups: PTOKEN_GROUPS,
+ Privileges: PTOKEN_PRIVILEGES,
+ Owner: PTOKEN_OWNER,
+ PrimaryGroup: PTOKEN_PRIMARY_GROUP,
+ DefaultDacl: PTOKEN_DEFAULT_DACL,
+ TokenSource: PTOKEN_SOURCE,
+ ) -> NTSTATUS;
+ fn NtCreateLowBoxToken(
+ TokenHandle: PHANDLE,
+ ExistingTokenHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PackageSid: PSID,
+ CapabilityCount: ULONG,
+ Capabilities: PSID_AND_ATTRIBUTES,
+ HandleCount: ULONG,
+ Handles: *mut HANDLE,
+ ) -> NTSTATUS;
+ fn NtCreateTokenEx(
+ TokenHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TokenType: TOKEN_TYPE,
+ AuthenticationId: PLUID,
+ ExpirationTime: PLARGE_INTEGER,
+ User: PTOKEN_USER,
+ Groups: PTOKEN_GROUPS,
+ Privileges: PTOKEN_PRIVILEGES,
+ UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceGroups: PTOKEN_GROUPS,
+ TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY,
+ Owner: PTOKEN_OWNER,
+ PrimaryGroup: PTOKEN_PRIMARY_GROUP,
+ DefaultDacl: PTOKEN_DEFAULT_DACL,
+ TokenSource: PTOKEN_SOURCE,
+ ) -> NTSTATUS;
+ fn NtOpenProcessToken(
+ ProcessHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtOpenProcessTokenEx(
+ ProcessHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtOpenThreadToken(
+ ThreadHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ OpenAsSelf: BOOLEAN,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtOpenThreadTokenEx(
+ ThreadHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ OpenAsSelf: BOOLEAN,
+ HandleAttributes: ULONG,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtDuplicateToken(
+ ExistingTokenHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ EffectiveOnly: BOOLEAN,
+ TokenType: TOKEN_TYPE,
+ NewTokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtQueryInformationToken(
+ TokenHandle: HANDLE,
+ TokenInformationClass: TOKEN_INFORMATION_CLASS,
+ TokenInformation: PVOID,
+ TokenInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationToken(
+ TokenHandle: HANDLE,
+ TokenInformationClass: TOKEN_INFORMATION_CLASS,
+ TokenInformation: PVOID,
+ TokenInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtAdjustPrivilegesToken(
+ TokenHandle: HANDLE,
+ DisableAllPrivileges: BOOLEAN,
+ NewState: PTOKEN_PRIVILEGES,
+ BufferLength: ULONG,
+ PreviousState: PTOKEN_PRIVILEGES,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtAdjustGroupsToken(
+ TokenHandle: HANDLE,
+ ResetToDefault: BOOLEAN,
+ NewState: PTOKEN_GROUPS,
+ BufferLength: ULONG,
+ PreviousState: PTOKEN_GROUPS,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtAdjustTokenClaimsAndDeviceGroups(
+ TokenHandle: HANDLE,
+ UserResetToDefault: BOOLEAN,
+ DeviceResetToDefault: BOOLEAN,
+ DeviceGroupsResetToDefault: BOOLEAN,
+ NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ NewDeviceGroupsState: PTOKEN_GROUPS,
+ UserBufferLength: ULONG,
+ PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceBufferLength: ULONG,
+ PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceGroupsBufferLength: ULONG,
+ PreviousDeviceGroups: PTOKEN_GROUPS,
+ UserReturnLength: PULONG,
+ DeviceReturnLength: PULONG,
+ DeviceGroupsReturnBufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtFilterToken(
+ ExistingTokenHandle: HANDLE,
+ Flags: ULONG,
+ SidsToDisable: PTOKEN_GROUPS,
+ PrivilegesToDelete: PTOKEN_PRIVILEGES,
+ RestrictedSids: PTOKEN_GROUPS,
+ NewTokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtFilterTokenEx(
+ ExistingTokenHandle: HANDLE,
+ Flags: ULONG,
+ SidsToDisable: PTOKEN_GROUPS,
+ PrivilegesToDelete: PTOKEN_PRIVILEGES,
+ RestrictedSids: PTOKEN_GROUPS,
+ DisableUserClaimsCount: ULONG,
+ UserClaimsToDisable: PUNICODE_STRING,
+ DisableDeviceClaimsCount: ULONG,
+ DeviceClaimsToDisable: PUNICODE_STRING,
+ DeviceGroupsToDisable: PTOKEN_GROUPS,
+ RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ RestrictedDeviceGroups: PTOKEN_GROUPS,
+ NewTokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtCompareTokens(
+ FirstTokenHandle: HANDLE,
+ SecondTokenHandle: HANDLE,
+ Equal: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtPrivilegeCheck(
+ ClientToken: HANDLE,
+ RequiredPrivileges: PPRIVILEGE_SET,
+ Result: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtImpersonateAnonymousToken(
+ ThreadHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtQuerySecurityAttributesToken(
+ TokenHandle: HANDLE,
+ Attributes: PUNICODE_STRING,
+ NumberOfAttributes: ULONG,
+ Buffer: PVOID,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtAccessCheck(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ GenericMapping: PGENERIC_MAPPING,
+ PrivilegeSet: PPRIVILEGE_SET,
+ PrivilegeSetLength: PULONG,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ ) -> NTSTATUS;
+ fn NtAccessCheckByType(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ PrivilegeSet: PPRIVILEGE_SET,
+ PrivilegeSetLength: PULONG,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ ) -> NTSTATUS;
+ fn NtAccessCheckByTypeResultList(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ PrivilegeSet: PPRIVILEGE_SET,
+ PrivilegeSetLength: PULONG,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ ) -> NTSTATUS;
+ fn NtSetCachedSigningLevel(
+ Flags: ULONG,
+ InputSigningLevel: SE_SIGNING_LEVEL,
+ SourceFiles: PHANDLE,
+ SourceFileCount: ULONG,
+ TargetFile: HANDLE,
+ ) -> NTSTATUS;
+ fn NtGetCachedSigningLevel(
+ File: HANDLE,
+ Flags: PULONG,
+ SigningLevel: PSE_SIGNING_LEVEL,
+ Thumbprint: PUCHAR,
+ ThumbprintSize: PULONG,
+ ThumbprintAlgorithm: PULONG,
+ ) -> NTSTATUS;
+ fn NtAccessCheckAndAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ DesiredAccess: ACCESS_MASK,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtAccessCheckByTypeAndAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ DesiredAccess: ACCESS_MASK,
+ AuditType: AUDIT_EVENT_TYPE,
+ Flags: ULONG,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtAccessCheckByTypeResultListAndAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ DesiredAccess: ACCESS_MASK,
+ AuditType: AUDIT_EVENT_TYPE,
+ Flags: ULONG,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ClientToken: HANDLE,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ DesiredAccess: ACCESS_MASK,
+ AuditType: AUDIT_EVENT_TYPE,
+ Flags: ULONG,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtOpenObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ GrantedAccess: ACCESS_MASK,
+ Privileges: PPRIVILEGE_SET,
+ ObjectCreation: BOOLEAN,
+ AccessGranted: BOOLEAN,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtPrivilegeObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ Privileges: PPRIVILEGE_SET,
+ AccessGranted: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtCloseObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ GenerateOnClose: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtDeleteObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ GenerateOnClose: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtPrivilegedServiceAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ ServiceName: PUNICODE_STRING,
+ ClientToken: HANDLE,
+ Privileges: PPRIVILEGE_SET,
+ AccessGranted: BOOLEAN,
+ ) -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/ntsmss.rs b/vendor/ntapi/src/ntsmss.rs
new file mode 100644
index 000000000..b22991fb7
--- /dev/null
+++ b/vendor/ntapi/src/ntsmss.rs
@@ -0,0 +1,15 @@
+use crate::ntlpcapi::PPORT_MESSAGE;
+use winapi::shared::minwindef::DWORD;
+use winapi::shared::ntdef::{HANDLE, NTSTATUS, PHANDLE, PUNICODE_STRING};
+EXTERN!{extern "system" {
+ fn RtlConnectToSm(
+ ApiPortName: PUNICODE_STRING,
+ ApiPortHandle: HANDLE,
+ ProcessImageType: DWORD,
+ SmssConnection: PHANDLE,
+ ) -> NTSTATUS;
+ fn RtlSendMsgToSm(
+ ApiPortHandle: HANDLE,
+ MessageData: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/nttmapi.rs b/vendor/ntapi/src/nttmapi.rs
new file mode 100644
index 000000000..3ed499a92
--- /dev/null
+++ b/vendor/ntapi/src/nttmapi.rs
@@ -0,0 +1,239 @@
+use winapi::shared::basetsd::ULONG_PTR;
+use winapi::shared::guiddef::LPGUID;
+use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION};
+use winapi::shared::ntdef::{
+ BOOLEAN, HANDLE, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG,
+ PUNICODE_STRING, PVOID, ULONG,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, ENLISTMENT_INFORMATION_CLASS, KTMOBJECT_TYPE, PKTMOBJECT_CURSOR,
+ RESOURCEMANAGER_INFORMATION_CLASS, TRANSACTIONMANAGER_INFORMATION_CLASS,
+ TRANSACTION_INFORMATION_CLASS,
+};
+EXTERN!{extern "system" {
+ fn NtCreateTransactionManager(
+ TmHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ LogFileName: PUNICODE_STRING,
+ CreateOptions: ULONG,
+ CommitStrength: ULONG,
+ ) -> NTSTATUS;
+ fn NtOpenTransactionManager(
+ TmHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ LogFileName: PUNICODE_STRING,
+ TmIdentity: LPGUID,
+ OpenOptions: ULONG,
+ ) -> NTSTATUS;
+ fn NtRenameTransactionManager(
+ LogFileName: PUNICODE_STRING,
+ ExistingTransactionManagerGuid: LPGUID,
+ ) -> NTSTATUS;
+ fn NtRollforwardTransactionManager(
+ TransactionManagerHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtRecoverTransactionManager(
+ TransactionManagerHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtQueryInformationTransactionManager(
+ TransactionManagerHandle: HANDLE,
+ TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
+ TransactionManagerInformation: PVOID,
+ TransactionManagerInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationTransactionManager(
+ TmHandle: HANDLE,
+ TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
+ TransactionManagerInformation: PVOID,
+ TransactionManagerInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtEnumerateTransactionObject(
+ RootObjectHandle: HANDLE,
+ QueryType: KTMOBJECT_TYPE,
+ ObjectCursor: PKTMOBJECT_CURSOR,
+ ObjectCursorLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtCreateTransaction(
+ TransactionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Uow: LPGUID,
+ TmHandle: HANDLE,
+ CreateOptions: ULONG,
+ IsolationLevel: ULONG,
+ IsolationFlags: ULONG,
+ Timeout: PLARGE_INTEGER,
+ Description: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn NtOpenTransaction(
+ TransactionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Uow: LPGUID,
+ TmHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtQueryInformationTransaction(
+ TransactionHandle: HANDLE,
+ TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
+ TransactionInformation: PVOID,
+ TransactionInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationTransaction(
+ TransactionHandle: HANDLE,
+ TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
+ TransactionInformation: PVOID,
+ TransactionInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtCommitTransaction(
+ TransactionHandle: HANDLE,
+ Wait: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtRollbackTransaction(
+ TransactionHandle: HANDLE,
+ Wait: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtCreateEnlistment(
+ EnlistmentHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ResourceManagerHandle: HANDLE,
+ TransactionHandle: HANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ CreateOptions: ULONG,
+ NotificationMask: NOTIFICATION_MASK,
+ EnlistmentKey: PVOID,
+ ) -> NTSTATUS;
+ fn NtOpenEnlistment(
+ EnlistmentHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ResourceManagerHandle: HANDLE,
+ EnlistmentGuid: LPGUID,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtQueryInformationEnlistment(
+ EnlistmentHandle: HANDLE,
+ EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
+ EnlistmentInformation: PVOID,
+ EnlistmentInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationEnlistment(
+ EnlistmentHandle: HANDLE,
+ EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
+ EnlistmentInformation: PVOID,
+ EnlistmentInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtRecoverEnlistment(
+ EnlistmentHandle: HANDLE,
+ EnlistmentKey: PVOID,
+ ) -> NTSTATUS;
+ fn NtPrePrepareEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtPrepareEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtCommitEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtRollbackEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtPrePrepareComplete(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtPrepareComplete(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtCommitComplete(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtReadOnlyEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtRollbackComplete(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtSinglePhaseReject(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtCreateResourceManager(
+ ResourceManagerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ TmHandle: HANDLE,
+ RmGuid: LPGUID,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ CreateOptions: ULONG,
+ Description: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn NtOpenResourceManager(
+ ResourceManagerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ TmHandle: HANDLE,
+ ResourceManagerGuid: LPGUID,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtRecoverResourceManager(
+ ResourceManagerHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtGetNotificationResourceManager(
+ ResourceManagerHandle: HANDLE,
+ TransactionNotification: PTRANSACTION_NOTIFICATION,
+ NotificationLength: ULONG,
+ Timeout: PLARGE_INTEGER,
+ ReturnLength: PULONG,
+ Asynchronous: ULONG,
+ AsynchronousContext: ULONG_PTR,
+ ) -> NTSTATUS;
+ fn NtQueryInformationResourceManager(
+ ResourceManagerHandle: HANDLE,
+ ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
+ ResourceManagerInformation: PVOID,
+ ResourceManagerInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationResourceManager(
+ ResourceManagerHandle: HANDLE,
+ ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
+ ResourceManagerInformation: PVOID,
+ ResourceManagerInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtRegisterProtocolAddressInformation(
+ ResourceManager: HANDLE,
+ ProtocolId: PCRM_PROTOCOL_ID,
+ ProtocolInformationSize: ULONG,
+ ProtocolInformation: PVOID,
+ CreateOptions: ULONG,
+ ) -> NTSTATUS;
+ fn NtPropagationComplete(
+ ResourceManagerHandle: HANDLE,
+ RequestCookie: ULONG,
+ BufferLength: ULONG,
+ Buffer: PVOID,
+ ) -> NTSTATUS;
+ fn NtPropagationFailed(
+ ResourceManagerHandle: HANDLE,
+ RequestCookie: ULONG,
+ PropStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn NtFreezeTransactions(
+ FreezeTimeout: PLARGE_INTEGER,
+ ThawTimeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtThawTransactions() -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/nttp.rs b/vendor/ntapi/src/nttp.rs
new file mode 100644
index 000000000..a41eb344a
--- /dev/null
+++ b/vendor/ntapi/src/nttp.rs
@@ -0,0 +1,207 @@
+use crate::ntioapi::PIO_STATUS_BLOCK;
+use winapi::shared::ntdef::{HANDLE, LOGICAL, LONG, NTSTATUS, PLARGE_INTEGER, PVOID};
+use winapi::um::winnt::{
+ PRTL_CRITICAL_SECTION, PTP_CALLBACK_ENVIRON, PTP_CALLBACK_INSTANCE, PTP_CLEANUP_GROUP, PTP_IO,
+ PTP_POOL, PTP_POOL_STACK_INFORMATION, PTP_SIMPLE_CALLBACK, PTP_TIMER, PTP_TIMER_CALLBACK,
+ PTP_WAIT, PTP_WAIT_CALLBACK, PTP_WORK, PTP_WORK_CALLBACK,
+};
+#[repr(C)]
+pub struct TP_ALPC([u8; 0]);
+pub type PTP_ALPC = *mut TP_ALPC;
+FN!{stdcall PTP_ALPC_CALLBACK(
+ Instance: PTP_CALLBACK_INSTANCE,
+ Context: PVOID,
+ Alpc: PTP_ALPC,
+) -> ()}
+FN!{stdcall PTP_ALPC_CALLBACK_EX(
+ Instanc: PTP_CALLBACK_INSTANCE,
+ Contex: PVOID,
+ Alp: PTP_ALPC,
+ ApcContext: PVOID,
+) -> ()}
+EXTERN!{extern "system" {
+ fn TpAllocPool(
+ PoolReturn: *mut PTP_POOL,
+ Reserved: PVOID,
+ ) -> NTSTATUS;
+ fn TpReleasePool(
+ Pool: PTP_POOL,
+ );
+ fn TpSetPoolMaxThreads(
+ Pool: PTP_POOL,
+ MaxThreads: LONG,
+ );
+ fn TpSetPoolMinThreads(
+ Pool: PTP_POOL,
+ MinThreads: LONG,
+ ) -> NTSTATUS;
+ fn TpQueryPoolStackInformation(
+ Pool: PTP_POOL,
+ PoolStackInformation: PTP_POOL_STACK_INFORMATION,
+ ) -> NTSTATUS;
+ fn TpSetPoolStackInformation(
+ Pool: PTP_POOL,
+ PoolStackInformation: PTP_POOL_STACK_INFORMATION,
+ ) -> NTSTATUS;
+ fn TpAllocCleanupGroup(
+ CleanupGroupReturn: *mut PTP_CLEANUP_GROUP,
+ ) -> NTSTATUS;
+ fn TpReleaseCleanupGroup(
+ CleanupGroup: PTP_CLEANUP_GROUP,
+ );
+ fn TpReleaseCleanupGroupMembers(
+ CleanupGroup: PTP_CLEANUP_GROUP,
+ CancelPendingCallbacks: LOGICAL,
+ CleanupParameter: PVOID,
+ );
+ fn TpCallbackSetEventOnCompletion(
+ Instance: PTP_CALLBACK_INSTANCE,
+ Event: HANDLE,
+ );
+ fn TpCallbackReleaseSemaphoreOnCompletion(
+ Instance: PTP_CALLBACK_INSTANCE,
+ Semaphore: HANDLE,
+ ReleaseCount: LONG,
+ );
+ fn TpCallbackReleaseMutexOnCompletion(
+ Instance: PTP_CALLBACK_INSTANCE,
+ Mutex: HANDLE,
+ );
+ fn TpCallbackLeaveCriticalSectionOnCompletion(
+ Instance: PTP_CALLBACK_INSTANCE,
+ CriticalSection: PRTL_CRITICAL_SECTION,
+ );
+ fn TpCallbackUnloadDllOnCompletion(
+ Instance: PTP_CALLBACK_INSTANCE,
+ DllHandle: PVOID,
+ );
+ fn TpCallbackMayRunLong(
+ Instance: PTP_CALLBACK_INSTANCE,
+ ) -> NTSTATUS;
+ fn TpDisassociateCallback(
+ Instance: PTP_CALLBACK_INSTANCE,
+ );
+ fn TpSimpleTryPost(
+ Callback: PTP_SIMPLE_CALLBACK,
+ Context: PVOID,
+ CallbackEnviron: PTP_CALLBACK_ENVIRON,
+ ) -> NTSTATUS;
+ fn TpAllocWork(
+ WorkReturn: *mut PTP_WORK,
+ Callback: PTP_WORK_CALLBACK,
+ Context: PVOID,
+ CallbackEnviron: PTP_CALLBACK_ENVIRON,
+ ) -> NTSTATUS;
+ fn TpReleaseWork(
+ Work: PTP_WORK,
+ );
+ fn TpPostWork(
+ Work: PTP_WORK,
+ );
+ fn TpWaitForWork(
+ Work: PTP_WORK,
+ CancelPendingCallbacks: LOGICAL,
+ );
+ fn TpAllocTimer(
+ Timer: *mut PTP_TIMER,
+ Callback: PTP_TIMER_CALLBACK,
+ Context: PVOID,
+ CallbackEnviron: PTP_CALLBACK_ENVIRON,
+ ) -> NTSTATUS;
+ fn TpReleaseTimer(
+ Timer: PTP_TIMER,
+ );
+ fn TpSetTimer(
+ Timer: PTP_TIMER,
+ DueTime: PLARGE_INTEGER,
+ Period: LONG,
+ WindowLength: LONG,
+ );
+ fn TpIsTimerSet(
+ Timer: PTP_TIMER,
+ ) -> LOGICAL;
+ fn TpWaitForTimer(
+ Timer: PTP_TIMER,
+ CancelPendingCallbacks: LOGICAL,
+ );
+ fn TpAllocWait(
+ WaitReturn: *mut PTP_WAIT,
+ Callback: PTP_WAIT_CALLBACK,
+ Context: PVOID,
+ CallbackEnviron: PTP_CALLBACK_ENVIRON,
+ ) -> NTSTATUS;
+ fn TpReleaseWait(
+ Wait: PTP_WAIT,
+ );
+ fn TpSetWait(
+ Wait: PTP_WAIT,
+ Handle: HANDLE,
+ Timeout: PLARGE_INTEGER,
+ );
+ fn TpWaitForWait(
+ Wait: PTP_WAIT,
+ CancelPendingCallbacks: LOGICAL,
+ );
+}}
+FN!{stdcall PTP_IO_CALLBACK(
+ Instance: PTP_CALLBACK_INSTANCE,
+ Context: PVOID,
+ ApcContext: PVOID,
+ IoSB: PIO_STATUS_BLOCK,
+ Io: PTP_IO,
+) -> ()}
+EXTERN!{extern "system" {
+ fn TpAllocIoCompletion(
+ IoReturn: *mut PTP_IO,
+ File: HANDLE,
+ Callback: PTP_IO_CALLBACK,
+ Context: PVOID,
+ CallbackEnviron: PTP_CALLBACK_ENVIRON,
+ ) -> NTSTATUS;
+ fn TpReleaseIoCompletion(
+ Io: PTP_IO,
+ );
+ fn TpStartAsyncIoOperation(
+ Io: PTP_IO,
+ );
+ fn TpCancelAsyncIoOperation(
+ Io: PTP_IO,
+ );
+ fn TpWaitForIoCompletion(
+ Io: PTP_IO,
+ CancelPendingCallbacks: LOGICAL,
+ );
+ fn TpAllocAlpcCompletion(
+ AlpcReturn: *mut PTP_ALPC,
+ AlpcPort: HANDLE,
+ Callback: PTP_ALPC_CALLBACK,
+ Context: PVOID,
+ CallbackEnviron: PTP_CALLBACK_ENVIRON,
+ ) -> NTSTATUS;
+ fn TpAllocAlpcCompletionEx(
+ AlpcReturn: *mut PTP_ALPC,
+ AlpcPort: HANDLE,
+ Callback: PTP_ALPC_CALLBACK_EX,
+ Context: PVOID,
+ CallbackEnviron: PTP_CALLBACK_ENVIRON,
+ ) -> NTSTATUS;
+ fn TpReleaseAlpcCompletion(
+ Alpc: PTP_ALPC,
+ );
+ fn TpWaitForAlpcCompletion(
+ Alpc: PTP_ALPC,
+ );
+}}
+ENUM!{enum TP_TRACE_TYPE {
+ TpTraceThreadPriority = 1,
+ TpTraceThreadAffinity = 2,
+ MaxTpTraceType = 3,
+}}
+EXTERN!{extern "system" {
+ fn TpCaptureCaller(
+ Type: TP_TRACE_TYPE,
+ );
+ fn TpCheckTerminateWorker(
+ Thread: HANDLE,
+ );
+}}
diff --git a/vendor/ntapi/src/ntwow64.rs b/vendor/ntapi/src/ntwow64.rs
new file mode 100644
index 000000000..9a95ae2ae
--- /dev/null
+++ b/vendor/ntapi/src/ntwow64.rs
@@ -0,0 +1,476 @@
+use core::mem::size_of;
+use crate::ntapi_base::CLIENT_ID32;
+use crate::ntldr::{LDR_DDAG_STATE, LDR_DLL_LOAD_REASON};
+use crate::ntpsapi::GDI_HANDLE_BUFFER32;
+use crate::ntrtl::RTL_MAX_DRIVE_LETTERS;
+use crate::string::{UTF16Const, UTF8Const};
+use winapi::shared::guiddef::GUID;
+use winapi::shared::ntdef::{
+ BOOLEAN, CHAR, LARGE_INTEGER, LCID, LIST_ENTRY32, LONG, NTSTATUS, PROCESSOR_NUMBER,
+ SINGLE_LIST_ENTRY32, STRING32, UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING,
+ UNICODE_STRING32, USHORT, WCHAR,
+};
+use winapi::um::winnt::{FLS_MAXIMUM_AVAILABLE, NT_TIB32};
+pub const WOW64_SYSTEM_DIRECTORY: UTF8Const = UTF8Const("SysWOW64\0");
+/// "SysWOW64"
+pub const WOW64_SYSTEM_DIRECTORY_U: UTF16Const = UTF16Const(&[
+ 0x0053, 0x0079, 0x0073, 0x0057, 0x004F, 0x0057, 0x0036, 0x0034, 0u16,
+]);
+pub const WOW64_X86_TAG: UTF8Const = UTF8Const(" (x86)\0");
+/// " (x86)"
+pub const WOW64_X86_TAG_U: UTF16Const = UTF16Const(&[
+ 0x0020, 0x0028, 0x0078, 0x0038, 0x0036, 0x0029, 0u16,
+]);
+ENUM!{enum WOW64_SHARED_INFORMATION {
+ SharedNtdll32LdrInitializeThunk = 0,
+ SharedNtdll32KiUserExceptionDispatcher = 1,
+ SharedNtdll32KiUserApcDispatcher = 2,
+ SharedNtdll32KiUserCallbackDispatcher = 3,
+ SharedNtdll32ExpInterlockedPopEntrySListFault = 4,
+ SharedNtdll32ExpInterlockedPopEntrySListResume = 5,
+ SharedNtdll32ExpInterlockedPopEntrySListEnd = 6,
+ SharedNtdll32RtlUserThreadStart = 7,
+ SharedNtdll32pQueryProcessDebugInformationRemote = 8,
+ SharedNtdll32BaseAddress = 9,
+ SharedNtdll32LdrSystemDllInitBlock = 10,
+ Wow64SharedPageEntriesCount = 11,
+}}
+STRUCT!{struct RTL_BALANCED_NODE32_u_s {
+ Left: ULONG, // WOW64_POINTER
+ Right: ULONG, // WOW64_POINTER
+}}
+UNION!{union RTL_BALANCED_NODE32_u {
+ Children: [ULONG; 2], // WOW64_POINTER
+ s: RTL_BALANCED_NODE32_u_s,
+}}
+STRUCT!{struct RTL_BALANCED_NODE32 {
+ u: RTL_BALANCED_NODE32_u,
+ ParentValue: ULONG,
+}}
+pub type PRTL_BALANCED_NODE32 = *mut RTL_BALANCED_NODE32;
+STRUCT!{struct RTL_RB_TREE32 {
+ Root: ULONG, // WOW64_POINTER
+ Min: ULONG, // WOW64_POINTER
+}}
+pub type PRTL_RB_TREE32 = *mut RTL_RB_TREE32;
+STRUCT!{struct PEB_LDR_DATA32 {
+ Length: ULONG,
+ Initialized: BOOLEAN,
+ SsHandle: ULONG,
+ InLoadOrderModuleList: LIST_ENTRY32,
+ InMemoryOrderModuleList: LIST_ENTRY32,
+ InInitializationOrderModuleList: LIST_ENTRY32,
+ EntryInProgress: ULONG,
+ ShutdownInProgress: BOOLEAN,
+ ShutdownThreadId: ULONG,
+}}
+pub type PPEB_LDR_DATA32 = *mut PEB_LDR_DATA32;
+STRUCT!{struct LDR_SERVICE_TAG_RECORD32 {
+ Next: ULONG,
+ ServiceTag: ULONG,
+}}
+pub type PLDR_SERVICE_TAG_RECORD32 = *mut LDR_SERVICE_TAG_RECORD32;
+STRUCT!{struct LDRP_CSLIST32 {
+ Tail: ULONG, // WOW64_POINTER
+}}
+pub type PLDRP_CSLIST32 = *mut LDRP_CSLIST32;
+UNION!{union LDR_DDAG_NODE32_u {
+ Dependencies: LDRP_CSLIST32,
+ RemovalLink: SINGLE_LIST_ENTRY32,
+}}
+STRUCT!{struct LDR_DDAG_NODE32 {
+ Modules: LIST_ENTRY32,
+ ServiceTagList: ULONG, // WOW64_POINTER
+ LoadCount: ULONG,
+ LoadWhileUnloadingCount: ULONG,
+ LowestLink: ULONG,
+ u: LDR_DDAG_NODE32_u,
+ IncomingDependencies: LDRP_CSLIST32,
+ State: LDR_DDAG_STATE,
+ CondenseLink: SINGLE_LIST_ENTRY32,
+ PreorderNumber: ULONG,
+}}
+pub type PLDR_DDAG_NODE32 = *mut LDR_DDAG_NODE32;
+pub const LDR_DATA_TABLE_ENTRY_SIZE_WINXP_32: usize = 80;
+pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN7_32: usize = 144;
+pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN8_32: usize = 152;
+UNION!{union LDR_DATA_TABLE_ENTRY32_u1 {
+ InInitializationOrderLinks: LIST_ENTRY32,
+ InProgressLinks: LIST_ENTRY32,
+}}
+UNION!{union LDR_DATA_TABLE_ENTRY32_u2 {
+ FlagGroup: [UCHAR; 4],
+ Flags: ULONG,
+}}
+STRUCT!{struct LDR_DATA_TABLE_ENTRY32 {
+ InLoadOrderLinks: LIST_ENTRY32,
+ InMemoryOrderLinks: LIST_ENTRY32,
+ u1: LDR_DATA_TABLE_ENTRY32_u1,
+ DllBase: ULONG, // WOW64_POINTER
+ EntryPoint: ULONG, // WOW64_POINTER
+ SizeOfImage: ULONG,
+ FullDllName: UNICODE_STRING32,
+ BaseDllName: UNICODE_STRING32,
+ u2: LDR_DATA_TABLE_ENTRY32_u2,
+ ObsoleteLoadCount: USHORT,
+ TlsIndex: USHORT,
+ HashLinks: LIST_ENTRY32,
+ TimeDateStamp: ULONG,
+ EntryPointActivationContext: ULONG, // WOW64_POINTER
+ Lock: ULONG, // WOW64_POINTER
+ DdagNode: ULONG, // WOW64_POINTER
+ NodeModuleLink: LIST_ENTRY32,
+ LoadContext: ULONG, // WOW64_POINTER
+ ParentDllBase: ULONG, // WOW64_POINTER
+ SwitchBackContext: ULONG, // WOW64_POINTER
+ BaseAddressIndexNode: RTL_BALANCED_NODE32,
+ MappingInfoIndexNode: RTL_BALANCED_NODE32,
+ OriginalBase: ULONG,
+ LoadTime: LARGE_INTEGER,
+ BaseNameHashValue: ULONG,
+ LoadReason: LDR_DLL_LOAD_REASON,
+ ImplicitPathOptions: ULONG,
+ ReferenceCount: ULONG,
+ DependentLoadFlags: ULONG,
+ SigningLevel: UCHAR,
+}}
+BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY32_u2 Flags: ULONG [
+ PackagedBinary set_PackagedBinary[0..1],
+ MarkedForRemoval set_MarkedForRemoval[1..2],
+ ImageDll set_ImageDll[2..3],
+ LoadNotificationsSent set_LoadNotificationsSent[3..4],
+ TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5],
+ ProcessStaticImport set_ProcessStaticImport[5..6],
+ InLegacyLists set_InLegacyLists[6..7],
+ InIndexes set_InIndexes[7..8],
+ ShimDll set_ShimDll[8..9],
+ InExceptionTable set_InExceptionTable[9..10],
+ ReservedFlags1 set_ReservedFlags1[10..12],
+ LoadInProgress set_LoadInProgress[12..13],
+ LoadConfigProcessed set_LoadConfigProcessed[13..14],
+ EntryProcessed set_EntryProcessed[14..15],
+ ProtectDelayLoad set_ProtectDelayLoad[15..16],
+ ReservedFlags3 set_ReservedFlags3[16..18],
+ DontCallForThreads set_DontCallForThreads[18..19],
+ ProcessAttachCalled set_ProcessAttachCalled[19..20],
+ ProcessAttachFailed set_ProcessAttachFailed[20..21],
+ CorDeferredValidate set_CorDeferredValidate[21..22],
+ CorImage set_CorImage[22..23],
+ DontRelocate set_DontRelocate[23..24],
+ CorILOnly set_CorILOnly[24..25],
+ ReservedFlags5 set_ReservedFlags5[25..28],
+ Redirected set_Redirected[28..29],
+ ReservedFlags6 set_ReservedFlags6[29..31],
+ CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32],
+]}
+pub type PLDR_DATA_TABLE_ENTRY32 = *mut LDR_DATA_TABLE_ENTRY32;
+STRUCT!{struct CURDIR32 {
+ DosPath: UNICODE_STRING32,
+ Handle: ULONG, // WOW64_POINTER
+}}
+pub type PCURDIR32 = *mut CURDIR32;
+STRUCT!{struct RTL_DRIVE_LETTER_CURDIR32 {
+ Flags: USHORT,
+ Length: USHORT,
+ TimeStamp: ULONG,
+ DosPath: STRING32,
+}}
+pub type PRTL_DRIVE_LETTER_CURDIR32 = *mut RTL_DRIVE_LETTER_CURDIR32;
+STRUCT!{struct RTL_USER_PROCESS_PARAMETERS32 {
+ MaximumLength: ULONG,
+ Length: ULONG,
+ Flags: ULONG,
+ DebugFlags: ULONG,
+ ConsoleHandle: ULONG, // WOW64_POINTER
+ ConsoleFlags: ULONG,
+ StandardInput: ULONG, // WOW64_POINTER
+ StandardOutput: ULONG, // WOW64_POINTER
+ StandardError: ULONG, // WOW64_POINTER
+ CurrentDirectory: CURDIR32,
+ DllPath: UNICODE_STRING32,
+ ImagePathName: UNICODE_STRING32,
+ CommandLine: UNICODE_STRING32,
+ Environment: ULONG, // WOW64_POINTER
+ StartingX: ULONG,
+ StartingY: ULONG,
+ CountX: ULONG,
+ CountY: ULONG,
+ CountCharsX: ULONG,
+ CountCharsY: ULONG,
+ FillAttribute: ULONG,
+ WindowFlags: ULONG,
+ ShowWindowFlags: ULONG,
+ WindowTitle: UNICODE_STRING32,
+ DesktopInfo: UNICODE_STRING32,
+ ShellInfo: UNICODE_STRING32,
+ RuntimeData: UNICODE_STRING32,
+ CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR32; RTL_MAX_DRIVE_LETTERS],
+ EnvironmentSize: ULONG,
+ EnvironmentVersion: ULONG,
+ PackageDependencyData: ULONG, // WOW64_POINTER
+ ProcessGroupId: ULONG,
+ LoaderThreads: ULONG,
+}}
+pub type PRTL_USER_PROCESS_PARAMETERS32 = *mut RTL_USER_PROCESS_PARAMETERS32;
+UNION!{union PEB32_u {
+ KernelCallbackTable: ULONG, // WOW64_POINTER
+ UserSharedInfoPtr: ULONG, // WOW64_POINTER
+}}
+STRUCT!{struct PEB32 {
+ InheritedAddressSpace: BOOLEAN,
+ ReadImageFileExecOptions: BOOLEAN,
+ BeingDebugged: BOOLEAN,
+ BitField: BOOLEAN,
+ Mutant: ULONG, // WOW64_POINTER
+ ImageBaseAddress: ULONG, // WOW64_POINTER
+ Ldr: ULONG, // WOW64_POINTER
+ ProcessParameters: ULONG, // WOW64_POINTER
+ SubSystemData: ULONG, // WOW64_POINTER
+ ProcessHeap: ULONG, // WOW64_POINTER
+ FastPebLock: ULONG, // WOW64_POINTER
+ AtlThunkSListPtr: ULONG, // WOW64_POINTER
+ IFEOKey: ULONG, // WOW64_POINTER
+ CrossProcessFlags: ULONG,
+ u: PEB32_u,
+ SystemReserved: [ULONG; 1],
+ AtlThunkSListPtr32: ULONG,
+ ApiSetMap: ULONG, // WOW64_POINTER
+ TlsExpansionCounter: ULONG,
+ TlsBitmap: ULONG, // WOW64_POINTER
+ TlsBitmapBits: [ULONG; 2],
+ ReadOnlySharedMemoryBase: ULONG, // WOW64_POINTER
+ HotpatchInformation: ULONG, // WOW64_POINTER
+ ReadOnlyStaticServerData: ULONG, // WOW64_POINTER
+ AnsiCodePageData: ULONG, // WOW64_POINTER
+ OemCodePageData: ULONG, // WOW64_POINTER
+ UnicodeCaseTableData: ULONG, // WOW64_POINTER
+ NumberOfProcessors: ULONG,
+ NtGlobalFlag: ULONG,
+ CriticalSectionTimeout: LARGE_INTEGER,
+ HeapSegmentReserve: ULONG,
+ HeapSegmentCommit: ULONG,
+ HeapDeCommitTotalFreeThreshold: ULONG,
+ HeapDeCommitFreeBlockThreshold: ULONG,
+ NumberOfHeaps: ULONG,
+ MaximumNumberOfHeaps: ULONG,
+ ProcessHeaps: ULONG, // WOW64_POINTER
+ GdiSharedHandleTable: ULONG, // WOW64_POINTER
+ ProcessStarterHelper: ULONG, // WOW64_POINTER
+ GdiDCAttributeList: ULONG,
+ LoaderLock: ULONG, // WOW64_POINTER
+ OSMajorVersion: ULONG,
+ OSMinorVersion: ULONG,
+ OSBuildNumber: USHORT,
+ OSCSDVersion: USHORT,
+ OSPlatformId: ULONG,
+ ImageSubsystem: ULONG,
+ ImageSubsystemMajorVersion: ULONG,
+ ImageSubsystemMinorVersion: ULONG,
+ ActiveProcessAffinityMask: ULONG,
+ GdiHandleBuffer: GDI_HANDLE_BUFFER32,
+ PostProcessInitRoutine: ULONG, // WOW64_POINTER
+ TlsExpansionBitmap: ULONG, // WOW64_POINTER
+ TlsExpansionBitmapBits: [ULONG; 32],
+ SessionId: ULONG,
+ AppCompatFlags: ULARGE_INTEGER,
+ AppCompatFlagsUser: ULARGE_INTEGER,
+ pShimData: ULONG, // WOW64_POINTER
+ AppCompatInfo: ULONG, // WOW64_POINTER
+ CSDVersion: UNICODE_STRING32,
+ ActivationContextData: ULONG, // WOW64_POINTER
+ ProcessAssemblyStorageMap: ULONG, // WOW64_POINTER
+ SystemDefaultActivationContextData: ULONG, // WOW64_POINTER
+ SystemAssemblyStorageMap: ULONG, // WOW64_POINTER
+ MinimumStackCommit: ULONG,
+ FlsCallback: ULONG, // WOW64_POINTER
+ FlsListHead: LIST_ENTRY32,
+ FlsBitmap: ULONG, // WOW64_POINTER
+ FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::<ULONG>() * 8)],
+ FlsHighIndex: ULONG,
+ WerRegistrationData: ULONG, // WOW64_POINTER
+ WerShipAssertPtr: ULONG, // WOW64_POINTER
+ pContextData: ULONG, // WOW64_POINTER
+ pImageHeaderHash: ULONG, // WOW64_POINTER
+ TracingFlags: ULONG,
+ CsrServerReadOnlySharedMemoryBase: ULONGLONG,
+ TppWorkerpListLock: ULONG, // WOW64_POINTER
+ TppWorkerpList: LIST_ENTRY32,
+ WaitOnAddressHashTable: [ULONG; 128], // WOW64_POINTER
+ TelemetryCoverageHeader: ULONG, // WOW64_POINTER
+ CloudFileFlags: ULONG,
+ CloudFileDiagFlags: ULONG,
+ PlaceholderCompatibilityMode: CHAR,
+ PlaceholderCompatibilityModeReserved: [CHAR; 7],
+}}
+BITFIELD!{PEB32 BitField: BOOLEAN [
+ ImageUsesLargePages set_ImageUsesLargePages[0..1],
+ IsProtectedProcess set_IsProtectedProcess[1..2],
+ IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3],
+ SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4],
+ IsPackagedProcess set_IsPackagedProcess[4..5],
+ IsAppContainer set_IsAppContainer[5..6],
+ IsProtectedProcessLight set_IsProtectedProcessLight[6..7],
+ IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8],
+]}
+BITFIELD!{PEB32 CrossProcessFlags: ULONG [
+ ProcessInJob set_ProcessInJob[0..1],
+ ProcessInitializing set_ProcessInitializing[1..2],
+ ProcessUsingVEH set_ProcessUsingVEH[2..3],
+ ProcessUsingVCH set_ProcessUsingVCH[3..4],
+ ProcessUsingFTH set_ProcessUsingFTH[4..5],
+ ReservedBits0 set_ReservedBits0[5..32],
+]}
+BITFIELD!{PEB32 TracingFlags: ULONG [
+ HeapTracingEnabled set_HeapTracingEnabled[0..1],
+ CritSecTracingEnabled set_CritSecTracingEnabled[1..2],
+ LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3],
+ SpareTracingBits set_SpareTracingBits[3..32],
+]}
+pub type PPEB32 = *mut PEB32;
+pub const GDI_BATCH_BUFFER_SIZE: usize = 310;
+STRUCT!{struct GDI_TEB_BATCH32 {
+ Offset: ULONG,
+ HDC: ULONG,
+ Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE],
+}}
+pub type PGDI_TEB_BATCH32 = *mut GDI_TEB_BATCH32;
+STRUCT!{struct TEB32_u_s {
+ ReservedPad0: UCHAR,
+ ReservedPad1: UCHAR,
+ ReservedPad2: UCHAR,
+ IdealProcessor: UCHAR,
+}}
+UNION!{union TEB32_u {
+ CurrentIdealProcessor: PROCESSOR_NUMBER,
+ IdealProcessorValue: ULONG,
+ s: TEB32_u_s,
+}}
+STRUCT!{struct TEB32 {
+ NtTib: NT_TIB32,
+ EnvironmentPointer: ULONG, // WOW64_POINTER
+ ClientId: CLIENT_ID32,
+ ActiveRpcHandle: ULONG, // WOW64_POINTER
+ ThreadLocalStoragePointer: ULONG, // WOW64_POINTER
+ ProcessEnvironmentBlock: ULONG, // WOW64_POINTER
+ LastErrorValue: ULONG,
+ CountOfOwnedCriticalSections: ULONG,
+ CsrClientThread: ULONG, // WOW64_POINTER
+ Win32ThreadInfo: ULONG, // WOW64_POINTER
+ User32Reserved: [ULONG; 26],
+ UserReserved: [ULONG; 5],
+ WOW32Reserved: ULONG, // WOW64_POINTER
+ CurrentLocale: LCID,
+ FpSoftwareStatusRegister: ULONG,
+ ReservedForDebuggerInstrumentation: [ULONG; 16], // WOW64_POINTER
+ SystemReserved1: [ULONG; 36], // WOW64_POINTER
+ WorkingOnBehalfTicket: [UCHAR; 8],
+ ExceptionCode: NTSTATUS,
+ ActivationContextStackPointer: ULONG, // WOW64_POINTER
+ InstrumentationCallbackSp: ULONG,
+ InstrumentationCallbackPreviousPc: ULONG,
+ InstrumentationCallbackPreviousSp: ULONG,
+ InstrumentationCallbackDisabled: BOOLEAN,
+ SpareBytes: [UCHAR; 23],
+ TxFsContext: ULONG,
+ GdiTebBatch: GDI_TEB_BATCH32,
+ RealClientId: CLIENT_ID32,
+ GdiCachedProcessHandle: ULONG, // WOW64_POINTER
+ GdiClientPID: ULONG,
+ GdiClientTID: ULONG,
+ GdiThreadLocalInfo: ULONG, // WOW64_POINTER
+ Win32ClientInfo: [ULONG; 62],
+ glDispatchTable: [ULONG; 233], // WOW64_POINTER
+ glReserved1: [ULONG; 29], // WOW64_POINTER
+ glReserved2: ULONG, // WOW64_POINTER
+ glSectionInfo: ULONG, // WOW64_POINTER
+ glSection: ULONG, // WOW64_POINTER
+ glTable: ULONG, // WOW64_POINTER
+ glCurrentRC: ULONG, // WOW64_POINTER
+ glContext: ULONG, // WOW64_POINTER
+ LastStatusValue: NTSTATUS,
+ StaticUnicodeString: UNICODE_STRING32,
+ StaticUnicodeBuffer: [WCHAR; 261],
+ DeallocationStack: ULONG, // WOW64_POINTER
+ TlsSlots: [ULONG; 64], // WOW64_POINTER
+ TlsLinks: LIST_ENTRY32,
+ Vdm: ULONG, // WOW64_POINTER
+ ReservedForNtRpc: ULONG, // WOW64_POINTER
+ DbgSsReserved: [ULONG; 2], // WOW64_POINTER
+ HardErrorMode: ULONG,
+ Instrumentation: [ULONG; 9], // WOW64_POINTER
+ ActivityId: GUID,
+ SubProcessTag: ULONG, // WOW64_POINTER
+ PerflibData: ULONG, // WOW64_POINTER
+ EtwTraceData: ULONG, // WOW64_POINTER
+ WinSockData: ULONG, // WOW64_POINTER
+ GdiBatchCount: ULONG,
+ u: TEB32_u,
+ GuaranteedStackBytes: ULONG,
+ ReservedForPerf: ULONG, // WOW64_POINTER
+ ReservedForOle: ULONG, // WOW64_POINTER
+ WaitingOnLoaderLock: ULONG,
+ SavedPriorityState: ULONG, // WOW64_POINTER
+ ReservedForCodeCoverage: ULONG,
+ ThreadPoolData: ULONG, // WOW64_POINTER
+ TlsExpansionSlots: ULONG, // WOW64_POINTER
+ MuiGeneration: ULONG,
+ IsImpersonating: ULONG,
+ NlsCache: ULONG, // WOW64_POINTER
+ pShimData: ULONG, // WOW64_POINTER
+ HeapVirtualAffinity: USHORT,
+ LowFragHeapDataSlot: USHORT,
+ CurrentTransactionHandle: ULONG, // WOW64_POINTER
+ ActiveFrame: ULONG, // WOW64_POINTER
+ FlsData: ULONG, // WOW64_POINTER
+ PreferredLanguages: ULONG, // WOW64_POINTER
+ UserPrefLanguages: ULONG, // WOW64_POINTER
+ MergedPrefLanguages: ULONG, // WOW64_POINTER
+ MuiImpersonation: ULONG,
+ CrossTebFlags: USHORT,
+ SameTebFlags: USHORT,
+ TxnScopeEnterCallback: ULONG, // WOW64_POINTER
+ TxnScopeExitCallback: ULONG, // WOW64_POINTER
+ TxnScopeContext: ULONG, // WOW64_POINTER
+ LockCount: ULONG,
+ WowTebOffset: LONG,
+ ResourceRetValue: ULONG, // WOW64_POINTER
+ ReservedForWdf: ULONG, // WOW64_POINTER
+ ReservedForCrt: ULONGLONG,
+ EffectiveContainerId: GUID,
+}}
+BITFIELD!{TEB32 SameTebFlags: USHORT [
+ SafeThunkCall set_SafeThunkCall[0..1],
+ InDebugPrint set_InDebugPrint[1..2],
+ HasFiberData set_HasFiberData[2..3],
+ SkipThreadAttach set_SkipThreadAttach[3..4],
+ WerInShipAssertCode set_WerInShipAssertCode[4..5],
+ RanProcessInit set_RanProcessInit[5..6],
+ ClonedThread set_ClonedThread[6..7],
+ SuppressDebugMsg set_SuppressDebugMsg[7..8],
+ DisableUserStackWalk set_DisableUserStackWalk[8..9],
+ RtlExceptionAttached set_RtlExceptionAttached[9..10],
+ InitialThread set_InitialThread[10..11],
+ SessionAware set_SessionAware[11..12],
+ LoadOwner set_LoadOwner[12..13],
+ LoaderWorker set_LoaderWorker[13..14],
+ SpareSameTebBits set_SpareSameTebBits[14..16],
+]}
+pub type PTEB32 = *mut TEB32;
+#[inline]
+pub fn UStr32ToUStr(
+ Destination: &mut UNICODE_STRING,
+ Source: &UNICODE_STRING32,
+) {
+ Destination.Length = Source.Length;
+ Destination.MaximumLength = Source.MaximumLength;
+ Destination.Buffer = Source.Buffer as *mut u16;
+}
+#[inline]
+pub fn UStrToUStr32(
+ Destination: &mut UNICODE_STRING32,
+ Source: &UNICODE_STRING,
+) {
+ Destination.Length = Source.Length;
+ Destination.MaximumLength = Source.MaximumLength;
+ Destination.Buffer = Source.Buffer as u32;
+}
diff --git a/vendor/ntapi/src/ntxcapi.rs b/vendor/ntapi/src/ntxcapi.rs
new file mode 100644
index 000000000..56644dd51
--- /dev/null
+++ b/vendor/ntapi/src/ntxcapi.rs
@@ -0,0 +1,29 @@
+use winapi::shared::ntdef::{BOOLEAN, NTSTATUS, PSTR, PVOID, ULONG};
+use winapi::um::winnt::{PCONTEXT, PEXCEPTION_RECORD};
+EXTERN!{extern "system" {
+ fn RtlDispatchException(
+ ExceptionRecord: PEXCEPTION_RECORD,
+ ContextRecord: PCONTEXT,
+ ) -> BOOLEAN;
+ fn RtlRaiseStatus(
+ Status: NTSTATUS,
+ );
+ fn RtlRaiseException(
+ ExceptionRecord: PEXCEPTION_RECORD,
+ );
+ fn NtContinue(
+ ContextRecord: PCONTEXT,
+ TestAlert: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtRaiseException(
+ ExceptionRecord: PEXCEPTION_RECORD,
+ ContextRecord: PCONTEXT,
+ FirstChance: BOOLEAN,
+ ) -> NTSTATUS;
+ fn RtlAssert(
+ VoidFailedAssertion: PVOID,
+ VoidFileName: PVOID,
+ LineNumber: ULONG,
+ MutableMessage: PSTR,
+ );
+}}
diff --git a/vendor/ntapi/src/ntzwapi.rs b/vendor/ntapi/src/ntzwapi.rs
new file mode 100644
index 000000000..9638bf836
--- /dev/null
+++ b/vendor/ntapi/src/ntzwapi.rs
@@ -0,0 +1,2699 @@
+use crate::ntapi_base::{PCLIENT_ID, PRTL_ATOM, RTL_ATOM};
+use crate::ntdbg::DEBUGOBJECTINFOCLASS;
+use crate::ntexapi::{
+ ATOM_INFORMATION_CLASS, EVENT_INFORMATION_CLASS, MUTANT_INFORMATION_CLASS, PBOOT_ENTRY,
+ PBOOT_OPTIONS, PCWNF_TYPE_ID, PEFI_DRIVER_ENTRY, PFILE_PATH, PT2_CANCEL_PARAMETERS,
+ PT2_SET_PARAMETERS, PTIMER_APC_ROUTINE, PWNF_CHANGE_STAMP, PWNF_DELIVERY_DESCRIPTOR,
+ SEMAPHORE_INFORMATION_CLASS, SHUTDOWN_ACTION, SYSDBG_COMMAND, SYSTEM_INFORMATION_CLASS,
+ TIMER_INFORMATION_CLASS, TIMER_SET_INFORMATION_CLASS, WNF_CHANGE_STAMP, WNF_DATA_SCOPE,
+ WNF_STATE_NAME_INFORMATION, WNF_STATE_NAME_LIFETIME, WORKERFACTORYINFOCLASS,
+};
+use crate::ntioapi::{
+ FILE_INFORMATION_CLASS, FILE_IO_COMPLETION_INFORMATION, FS_INFORMATION_CLASS,
+ IO_COMPLETION_INFORMATION_CLASS, IO_SESSION_EVENT, IO_SESSION_STATE, PFILE_BASIC_INFORMATION,
+ PFILE_IO_COMPLETION_INFORMATION, PFILE_NETWORK_OPEN_INFORMATION, PIO_APC_ROUTINE,
+ PIO_STATUS_BLOCK,
+};
+use crate::ntkeapi::KPROFILE_SOURCE;
+use crate::ntlpcapi::{
+ ALPC_HANDLE, ALPC_MESSAGE_INFORMATION_CLASS, ALPC_PORT_INFORMATION_CLASS, PALPC_CONTEXT_ATTR,
+ PALPC_DATA_VIEW_ATTR, PALPC_HANDLE, PALPC_MESSAGE_ATTRIBUTES, PALPC_PORT_ATTRIBUTES,
+ PALPC_SECURITY_ATTR, PORT_INFORMATION_CLASS, PPORT_MESSAGE, PPORT_VIEW, PREMOTE_PORT_VIEW,
+};
+use crate::ntmisc::VDMSERVICECLASS;
+use crate::ntmmapi::{
+ MEMORY_INFORMATION_CLASS, MEMORY_PARTITION_INFORMATION_CLASS, PMEMORY_RANGE_ENTRY,
+ SECTION_INFORMATION_CLASS, SECTION_INHERIT, VIRTUAL_MEMORY_INFORMATION_CLASS,
+};
+use crate::ntobapi::OBJECT_INFORMATION_CLASS;
+use crate::ntpnpapi::{PLUGPLAY_CONTROL_CLASS, PPLUGPLAY_EVENT_BLOCK};
+use crate::ntpsapi::{
+ MEMORY_RESERVE_TYPE, PINITIAL_TEB, PPS_APC_ROUTINE, PPS_ATTRIBUTE_LIST, PPS_CREATE_INFO,
+ PROCESSINFOCLASS, THREADINFOCLASS,
+};
+use crate::ntregapi::{
+ KEY_INFORMATION_CLASS, KEY_SET_INFORMATION_CLASS, KEY_VALUE_INFORMATION_CLASS,
+ PKEY_VALUE_ENTRY,
+};
+use crate::ntseapi::PTOKEN_SECURITY_ATTRIBUTES_INFORMATION;
+use winapi::shared::basetsd::{
+ KAFFINITY, PSIZE_T, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR,
+};
+use winapi::shared::guiddef::LPGUID;
+use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION};
+use winapi::shared::ntdef::{
+ BOOLEAN, EVENT_TYPE, HANDLE, LANGID, LCID, LOGICAL, LONG, NTSTATUS, OBJECT_ATTRIBUTES,
+ PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE, PLARGE_INTEGER, PLCID, PLONG,
+ PLUID, PNTSTATUS, POBJECT_ATTRIBUTES, PUCHAR, PULARGE_INTEGER, PULONG, PULONGLONG,
+ PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE, ULONG, USHORT, VOID,
+ WAIT_TYPE,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, AUDIT_EVENT_TYPE, ENLISTMENT_INFORMATION_CLASS, EXECUTION_STATE,
+ JOBOBJECTINFOCLASS, KTMOBJECT_TYPE, LATENCY_TIME, PACCESS_MASK, PCONTEXT, PDEVICE_POWER_STATE,
+ PEXCEPTION_RECORD, PFILE_SEGMENT_ELEMENT, PGENERIC_MAPPING, PJOB_SET_ARRAY, PKTMOBJECT_CURSOR,
+ POBJECT_TYPE_LIST, POWER_ACTION, POWER_INFORMATION_LEVEL, PPRIVILEGE_SET, PSECURITY_DESCRIPTOR,
+ PSECURITY_QUALITY_OF_SERVICE, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES,
+ PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER,
+ PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER,
+ RESOURCEMANAGER_INFORMATION_CLASS, SECURITY_INFORMATION, SE_SIGNING_LEVEL, SYSTEM_POWER_STATE,
+ TOKEN_INFORMATION_CLASS, TOKEN_TYPE, TRANSACTIONMANAGER_INFORMATION_CLASS,
+ TRANSACTION_INFORMATION_CLASS,
+};
+EXTERN!{extern "system" {
+ fn ZwAcceptConnectPort(
+ PortHandle: PHANDLE,
+ PortContext: PVOID,
+ ConnectionRequest: PPORT_MESSAGE,
+ AcceptConnection: BOOLEAN,
+ ServerView: PPORT_VIEW,
+ ClientView: PREMOTE_PORT_VIEW,
+ ) -> NTSTATUS;
+ fn ZwAccessCheck(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ GenericMapping: PGENERIC_MAPPING,
+ PrivilegeSet: PPRIVILEGE_SET,
+ PrivilegeSetLength: PULONG,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwAccessCheckAndAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ DesiredAccess: ACCESS_MASK,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwAccessCheckByType(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ PrivilegeSet: PPRIVILEGE_SET,
+ PrivilegeSetLength: PULONG,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwAccessCheckByTypeAndAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ DesiredAccess: ACCESS_MASK,
+ AuditType: AUDIT_EVENT_TYPE,
+ Flags: ULONG,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwAccessCheckByTypeResultList(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ PrivilegeSet: PPRIVILEGE_SET,
+ PrivilegeSetLength: PULONG,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwAccessCheckByTypeResultListAndAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ DesiredAccess: ACCESS_MASK,
+ AuditType: AUDIT_EVENT_TYPE,
+ Flags: ULONG,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwAccessCheckByTypeResultListAndAuditAlarmByHandle(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ClientToken: HANDLE,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ DesiredAccess: ACCESS_MASK,
+ AuditType: AUDIT_EVENT_TYPE,
+ Flags: ULONG,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwAcquireCMFViewOwnership(
+ TimeStamp: PULONGLONG,
+ tokenTaken: PBOOLEAN,
+ replaceExisting: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwAddAtom(
+ AtomName: PWSTR,
+ Length: ULONG,
+ Atom: PRTL_ATOM,
+ ) -> NTSTATUS;
+ fn ZwAddAtomEx(
+ AtomName: PWSTR,
+ Length: ULONG,
+ Atom: PRTL_ATOM,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwAddBootEntry(
+ BootEntry: PBOOT_ENTRY,
+ Id: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAddDriverEntry(
+ DriverEntry: PEFI_DRIVER_ENTRY,
+ Id: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAdjustGroupsToken(
+ TokenHandle: HANDLE,
+ ResetToDefault: BOOLEAN,
+ NewState: PTOKEN_GROUPS,
+ BufferLength: ULONG,
+ PreviousState: PTOKEN_GROUPS,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAdjustPrivilegesToken(
+ TokenHandle: HANDLE,
+ DisableAllPrivileges: BOOLEAN,
+ NewState: PTOKEN_PRIVILEGES,
+ BufferLength: ULONG,
+ PreviousState: PTOKEN_PRIVILEGES,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAdjustTokenClaimsAndDeviceGroups(
+ TokenHandle: HANDLE,
+ UserResetToDefault: BOOLEAN,
+ DeviceResetToDefault: BOOLEAN,
+ DeviceGroupsResetToDefault: BOOLEAN,
+ NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ NewDeviceGroupsState: PTOKEN_GROUPS,
+ UserBufferLength: ULONG,
+ PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceBufferLength: ULONG,
+ PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceGroupsBufferLength: ULONG,
+ PreviousDeviceGroups: PTOKEN_GROUPS,
+ UserReturnLength: PULONG,
+ DeviceReturnLength: PULONG,
+ DeviceGroupsReturnBufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAlertResumeThread(
+ ThreadHandle: HANDLE,
+ PreviousSuspendCount: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAlertThread(
+ ThreadHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAlertThreadByThreadId(
+ ThreadId: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAllocateLocallyUniqueId(
+ Luid: PLUID,
+ ) -> NTSTATUS;
+ fn ZwAllocateReserveObject(
+ MemoryReserveHandle: PHANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Type: MEMORY_RESERVE_TYPE,
+ ) -> NTSTATUS;
+ fn ZwAllocateUserPhysicalPages(
+ ProcessHandle: HANDLE,
+ NumberOfPages: PULONG_PTR,
+ UserPfnArray: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwAllocateUuids(
+ Time: PULARGE_INTEGER,
+ Range: PULONG,
+ Sequence: PULONG,
+ Seed: PCHAR,
+ ) -> NTSTATUS;
+ fn ZwAllocateVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ ZeroBits: ULONG_PTR,
+ RegionSize: PSIZE_T,
+ AllocationType: ULONG,
+ Protect: ULONG,
+ ) -> NTSTATUS;
+ fn ZwAlpcAcceptConnectPort(
+ PortHandle: PHANDLE,
+ ConnectionPortHandle: HANDLE,
+ Flags: ULONG,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PortAttributes: PALPC_PORT_ATTRIBUTES,
+ PortContext: PVOID,
+ ConnectionRequest: PPORT_MESSAGE,
+ ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ AcceptConnection: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwAlpcCancelMessage(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ MessageContext: PALPC_CONTEXT_ATTR,
+ ) -> NTSTATUS;
+ fn ZwAlpcConnectPort(
+ PortHandle: PHANDLE,
+ PortName: PUNICODE_STRING,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PortAttributes: PALPC_PORT_ATTRIBUTES,
+ Flags: ULONG,
+ RequiredServerSid: PSID,
+ ConnectionMessage: PPORT_MESSAGE,
+ BufferLength: PULONG,
+ OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwAlpcConnectPortEx(
+ PortHandle: PHANDLE,
+ ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES,
+ ClientPortObjectAttributes: POBJECT_ATTRIBUTES,
+ PortAttributes: PALPC_PORT_ATTRIBUTES,
+ Flags: ULONG,
+ ServerSecurityRequirements: PSECURITY_DESCRIPTOR,
+ ConnectionMessage: PPORT_MESSAGE,
+ BufferLength: PSIZE_T,
+ OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwAlpcCreatePort(
+ PortHandle: PHANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PortAttributes: PALPC_PORT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwAlpcCreatePortSection(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ SectionHandle: HANDLE,
+ SectionSize: SIZE_T,
+ AlpcSectionHandle: PALPC_HANDLE,
+ ActualSectionSize: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwAlpcCreateResourceReserve(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ MessageSize: SIZE_T,
+ ResourceId: PALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAlpcCreateSectionView(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ViewAttributes: PALPC_DATA_VIEW_ATTR,
+ ) -> NTSTATUS;
+ fn ZwAlpcCreateSecurityContext(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ SecurityAttribute: PALPC_SECURITY_ATTR,
+ ) -> NTSTATUS;
+ fn ZwAlpcDeletePortSection(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ SectionHandle: ALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAlpcDeleteResourceReserve(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ResourceId: ALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAlpcDeleteSectionView(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ViewBase: PVOID,
+ ) -> NTSTATUS;
+ fn ZwAlpcDeleteSecurityContext(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ContextHandle: ALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAlpcDisconnectPort(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwAlpcImpersonateClientContainerOfPort(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwAlpcImpersonateClientOfPort(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ Flags: PVOID,
+ ) -> NTSTATUS;
+ fn ZwAlpcOpenSenderProcess(
+ ProcessHandle: PHANDLE,
+ PortHandle: HANDLE,
+ PortMessage: PPORT_MESSAGE,
+ Flags: ULONG,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwAlpcOpenSenderThread(
+ ThreadHandle: PHANDLE,
+ PortHandle: HANDLE,
+ PortMessage: PPORT_MESSAGE,
+ Flags: ULONG,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwAlpcQueryInformation(
+ PortHandle: HANDLE,
+ PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
+ PortInformation: PVOID,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAlpcQueryInformationMessage(
+ PortHandle: HANDLE,
+ PortMessage: PPORT_MESSAGE,
+ MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS,
+ MessageInformation: PVOID,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwAlpcRevokeSecurityContext(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ ContextHandle: ALPC_HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAlpcSendWaitReceivePort(
+ PortHandle: HANDLE,
+ Flags: ULONG,
+ SendMessageA: PPORT_MESSAGE,
+ SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ ReceiveMessage: PPORT_MESSAGE,
+ BufferLength: PSIZE_T,
+ ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwAlpcSetInformation(
+ PortHandle: HANDLE,
+ PortInformationClass: ALPC_PORT_INFORMATION_CLASS,
+ PortInformation: PVOID,
+ Length: ULONG,
+ ) -> NTSTATUS;
+ fn ZwAreMappedFilesTheSame(
+ File1MappedAsAnImage: PVOID,
+ File2MappedAsFile: PVOID,
+ ) -> NTSTATUS;
+ fn ZwAssignProcessToJobObject(
+ JobHandle: HANDLE,
+ ProcessHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwAssociateWaitCompletionPacket(
+ WaitCompletionPacketHandle: HANDLE,
+ IoCompletionHandle: HANDLE,
+ TargetObjectHandle: HANDLE,
+ KeyContext: PVOID,
+ ApcContext: PVOID,
+ IoStatus: NTSTATUS,
+ IoStatusInformation: ULONG_PTR,
+ AlreadySignaled: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCallbackReturn(
+ OutputBuffer: PVOID,
+ OutputLength: ULONG,
+ Status: NTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwCancelIoFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn ZwCancelIoFileEx(
+ FileHandle: HANDLE,
+ IoRequestToCancel: PIO_STATUS_BLOCK,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn ZwCancelSynchronousIoFile(
+ ThreadHandle: HANDLE,
+ IoRequestToCancel: PIO_STATUS_BLOCK,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn ZwCancelTimer(
+ TimerHandle: HANDLE,
+ CurrentState: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCancelTimer2(
+ TimerHandle: HANDLE,
+ Parameters: PT2_CANCEL_PARAMETERS,
+ ) -> NTSTATUS;
+ fn ZwCancelWaitCompletionPacket(
+ WaitCompletionPacketHandle: HANDLE,
+ RemoveSignaledPacket: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwClearEvent(
+ EventHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwClose(
+ Handle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCloseObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ GenerateOnClose: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCommitComplete(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwCommitEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwCommitTransaction(
+ TransactionHandle: HANDLE,
+ Wait: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCompactKeys(
+ Count: ULONG,
+ KeyArray: *mut HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCompareObjects(
+ FirstObjectHandle: HANDLE,
+ SecondObjectHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCompareTokens(
+ FirstTokenHandle: HANDLE,
+ SecondTokenHandle: HANDLE,
+ Equal: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCompleteConnectPort(
+ PortHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCompressKey(
+ Key: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwConnectPort(
+ PortHandle: PHANDLE,
+ PortName: PUNICODE_STRING,
+ SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
+ ClientView: PPORT_VIEW,
+ ServerView: PREMOTE_PORT_VIEW,
+ MaxMessageLength: PULONG,
+ ConnectionInformation: PVOID,
+ ConnectionInformationLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwContinue(
+ ContextRecord: PCONTEXT,
+ TestAlert: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCreateDebugObject(
+ DebugObjectHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateDirectoryObject(
+ DirectoryHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwCreateDirectoryObjectEx(
+ DirectoryHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ShadowDirectoryHandle: HANDLE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateEnlistment(
+ EnlistmentHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ResourceManagerHandle: HANDLE,
+ TransactionHandle: HANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ CreateOptions: ULONG,
+ NotificationMask: NOTIFICATION_MASK,
+ EnlistmentKey: PVOID,
+ ) -> NTSTATUS;
+ fn ZwCreateEvent(
+ EventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ EventType: EVENT_TYPE,
+ InitialState: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCreateEventPair(
+ EventPairHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwCreateFile(
+ FileHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ AllocationSize: PLARGE_INTEGER,
+ FileAttributes: ULONG,
+ ShareAccess: ULONG,
+ CreateDisposition: ULONG,
+ CreateOptions: ULONG,
+ EaBuffer: PVOID,
+ EaLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateIRTimer(
+ TimerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ) -> NTSTATUS;
+ fn ZwCreateIoCompletion(
+ IoCompletionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Count: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateJobObject(
+ JobHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwCreateJobSet(
+ NumJob: ULONG,
+ UserJobSet: PJOB_SET_ARRAY,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateKey(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TitleIndex: ULONG,
+ Class: PUNICODE_STRING,
+ CreateOptions: ULONG,
+ Disposition: PULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateKeyTransacted(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TitleIndex: ULONG,
+ Class: PUNICODE_STRING,
+ CreateOptions: ULONG,
+ TransactionHandle: HANDLE,
+ Disposition: PULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateKeyedEvent(
+ KeyedEventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateLowBoxToken(
+ TokenHandle: PHANDLE,
+ ExistingTokenHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PackageSid: PSID,
+ CapabilityCount: ULONG,
+ Capabilities: PSID_AND_ATTRIBUTES,
+ HandleCount: ULONG,
+ Handles: *mut HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCreateMailslotFile(
+ FileHandle: PHANDLE,
+ DesiredAccess: ULONG,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ CreateOptions: ULONG,
+ MailslotQuota: ULONG,
+ MaximumMessageSize: ULONG,
+ ReadTimeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwCreateMutant(
+ MutantHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ InitialOwner: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCreateNamedPipeFile(
+ FileHandle: PHANDLE,
+ DesiredAccess: ULONG,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ShareAccess: ULONG,
+ CreateDisposition: ULONG,
+ CreateOptions: ULONG,
+ NamedPipeType: ULONG,
+ ReadMode: ULONG,
+ CompletionMode: ULONG,
+ MaximumInstances: ULONG,
+ InboundQuota: ULONG,
+ OutboundQuota: ULONG,
+ DefaultTimeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwCreatePagingFile(
+ PageFileName: PUNICODE_STRING,
+ MinimumSize: PLARGE_INTEGER,
+ MaximumSize: PLARGE_INTEGER,
+ Priority: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreatePartition(
+ PartitionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PreferredNode: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreatePort(
+ PortHandle: PHANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ MaxConnectionInfoLength: ULONG,
+ MaxMessageLength: ULONG,
+ MaxPoolUsage: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreatePrivateNamespace(
+ NamespaceHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ BoundaryDescriptor: PVOID,
+ ) -> NTSTATUS;
+ fn ZwCreateProcess(
+ ProcessHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ParentProcess: HANDLE,
+ InheritObjectTable: BOOLEAN,
+ SectionHandle: HANDLE,
+ DebugPort: HANDLE,
+ ExceptionPort: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCreateProcessEx(
+ ProcessHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ParentProcess: HANDLE,
+ Flags: ULONG,
+ SectionHandle: HANDLE,
+ DebugPort: HANDLE,
+ ExceptionPort: HANDLE,
+ JobMemberLevel: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateProfile(
+ ProfileHandle: PHANDLE,
+ Process: HANDLE,
+ ProfileBase: PVOID,
+ ProfileSize: SIZE_T,
+ BucketSize: ULONG,
+ Buffer: PULONG,
+ BufferSize: ULONG,
+ ProfileSource: KPROFILE_SOURCE,
+ Affinity: KAFFINITY,
+ ) -> NTSTATUS;
+ fn ZwCreateProfileEx(
+ ProfileHandle: PHANDLE,
+ Process: HANDLE,
+ ProfileBase: PVOID,
+ ProfileSize: SIZE_T,
+ BucketSize: ULONG,
+ Buffer: PULONG,
+ BufferSize: ULONG,
+ ProfileSource: KPROFILE_SOURCE,
+ GroupCount: USHORT,
+ GroupAffinity: PGROUP_AFFINITY,
+ ) -> NTSTATUS;
+ fn ZwCreateResourceManager(
+ ResourceManagerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ TmHandle: HANDLE,
+ ResourceManagerGuid: LPGUID,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ CreateOptions: ULONG,
+ Description: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwCreateSection(
+ SectionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ MaximumSize: PLARGE_INTEGER,
+ SectionPageProtection: ULONG,
+ AllocationAttributes: ULONG,
+ FileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwCreateSemaphore(
+ SemaphoreHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ InitialCount: LONG,
+ MaximumCount: LONG,
+ ) -> NTSTATUS;
+ fn ZwCreateSymbolicLinkObject(
+ LinkHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ LinkTarget: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwCreateThread(
+ ThreadHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ProcessHandle: HANDLE,
+ ClientId: PCLIENT_ID,
+ ThreadContext: PCONTEXT,
+ InitialTeb: PINITIAL_TEB,
+ CreateSuspended: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwCreateThreadEx(
+ ThreadHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ProcessHandle: HANDLE,
+ StartRoutine: PVOID,
+ Argument: PVOID,
+ CreateFlags: ULONG,
+ ZeroBits: SIZE_T,
+ StackSize: SIZE_T,
+ MaximumStackSize: SIZE_T,
+ AttributeList: PPS_ATTRIBUTE_LIST,
+ ) -> NTSTATUS;
+ fn ZwCreateTimer(
+ TimerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TimerType: TIMER_TYPE,
+ ) -> NTSTATUS;
+ fn ZwCreateTimer2(
+ TimerHandle: PHANDLE,
+ Reserved1: PVOID,
+ Reserved2: PVOID,
+ Attributes: ULONG,
+ DesiredAccess: ACCESS_MASK,
+ ) -> NTSTATUS;
+ fn ZwCreateToken(
+ TokenHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TokenType: TOKEN_TYPE,
+ AuthenticationId: PLUID,
+ ExpirationTime: PLARGE_INTEGER,
+ User: PTOKEN_USER,
+ Groups: PTOKEN_GROUPS,
+ Privileges: PTOKEN_PRIVILEGES,
+ Owner: PTOKEN_OWNER,
+ PrimaryGroup: PTOKEN_PRIMARY_GROUP,
+ DefaultDacl: PTOKEN_DEFAULT_DACL,
+ TokenSource: PTOKEN_SOURCE,
+ ) -> NTSTATUS;
+ fn ZwCreateTokenEx(
+ TokenHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TokenType: TOKEN_TYPE,
+ AuthenticationId: PLUID,
+ ExpirationTime: PLARGE_INTEGER,
+ User: PTOKEN_USER,
+ Groups: PTOKEN_GROUPS,
+ Privileges: PTOKEN_PRIVILEGES,
+ UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceGroups: PTOKEN_GROUPS,
+ TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY,
+ Owner: PTOKEN_OWNER,
+ PrimaryGroup: PTOKEN_PRIMARY_GROUP,
+ DefaultDacl: PTOKEN_DEFAULT_DACL,
+ TokenSource: PTOKEN_SOURCE,
+ ) -> NTSTATUS;
+ fn ZwCreateTransaction(
+ TransactionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Uow: LPGUID,
+ TmHandle: HANDLE,
+ CreateOptions: ULONG,
+ IsolationLevel: ULONG,
+ IsolationFlags: ULONG,
+ Timeout: PLARGE_INTEGER,
+ Description: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwCreateTransactionManager(
+ TmHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ LogFileName: PUNICODE_STRING,
+ CreateOptions: ULONG,
+ CommitStrength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateUserProcess(
+ ProcessHandle: PHANDLE,
+ ThreadHandle: PHANDLE,
+ ProcessDesiredAccess: ACCESS_MASK,
+ ThreadDesiredAccess: ACCESS_MASK,
+ ProcessObjectAttributes: POBJECT_ATTRIBUTES,
+ ThreadObjectAttributes: POBJECT_ATTRIBUTES,
+ ProcessFlags: ULONG,
+ ThreadFlags: ULONG,
+ ProcessParameters: PVOID,
+ CreateInfo: PPS_CREATE_INFO,
+ AttributeList: PPS_ATTRIBUTE_LIST,
+ ) -> NTSTATUS;
+ fn ZwCreateWaitCompletionPacket(
+ WaitCompletionPacketHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwCreateWaitablePort(
+ PortHandle: PHANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ MaxConnectionInfoLength: ULONG,
+ MaxMessageLength: ULONG,
+ MaxPoolUsage: ULONG,
+ ) -> NTSTATUS;
+ fn ZwCreateWnfStateName(
+ StateName: PWNF_STATE_NAME,
+ NameLifetime: WNF_STATE_NAME_LIFETIME,
+ DataScope: WNF_DATA_SCOPE,
+ PersistData: BOOLEAN,
+ TypeId: PCWNF_TYPE_ID,
+ MaximumStateSize: ULONG,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ) -> NTSTATUS;
+ fn ZwCreateWorkerFactory(
+ WorkerFactoryHandleReturn: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ CompletionPortHandle: HANDLE,
+ WorkerProcessHandle: HANDLE,
+ StartRoutine: PVOID,
+ StartParameter: PVOID,
+ MaxThreadCount: ULONG,
+ StackReserve: SIZE_T,
+ StackCommit: SIZE_T,
+ ) -> NTSTATUS;
+ fn ZwDebugActiveProcess(
+ ProcessHandle: HANDLE,
+ DebugObjectHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwDebugContinue(
+ DebugObjectHandle: HANDLE,
+ ClientId: PCLIENT_ID,
+ ContinueStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwDelayExecution(
+ Alertable: BOOLEAN,
+ DelayInterval: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwDeleteAtom(
+ Atom: RTL_ATOM,
+ ) -> NTSTATUS;
+ fn ZwDeleteBootEntry(
+ Id: ULONG,
+ ) -> NTSTATUS;
+ fn ZwDeleteDriverEntry(
+ Id: ULONG,
+ ) -> NTSTATUS;
+ fn ZwDeleteFile(
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwDeleteKey(
+ KeyHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwDeleteObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ GenerateOnClose: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwDeletePrivateNamespace(
+ NamespaceHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwDeleteValueKey(
+ KeyHandle: HANDLE,
+ ValueName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwDeleteWnfStateData(
+ StateName: PCWNF_STATE_NAME,
+ ExplicitScope: *const VOID,
+ ) -> NTSTATUS;
+ fn ZwDeleteWnfStateName(
+ StateName: PCWNF_STATE_NAME,
+ ) -> NTSTATUS;
+ fn ZwDeviceIoControlFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ IoControlCode: ULONG,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ OutputBuffer: PVOID,
+ OutputBufferLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwDisableLastKnownGood() -> NTSTATUS;
+ fn ZwDisplayString(
+ String: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwDrawText(
+ String: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwDuplicateObject(
+ SourceProcessHandle: HANDLE,
+ SourceHandle: HANDLE,
+ TargetProcessHandle: HANDLE,
+ TargetHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ Options: ULONG,
+ ) -> NTSTATUS;
+ fn ZwDuplicateToken(
+ ExistingTokenHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ EffectiveOnly: BOOLEAN,
+ TokenType: TOKEN_TYPE,
+ NewTokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwEnableLastKnownGood() -> NTSTATUS;
+ fn ZwEnumerateBootEntries(
+ Buffer: PVOID,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwEnumerateDriverEntries(
+ Buffer: PVOID,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwEnumerateKey(
+ KeyHandle: HANDLE,
+ Index: ULONG,
+ KeyInformationClass: KEY_INFORMATION_CLASS,
+ KeyInformation: PVOID,
+ Length: ULONG,
+ ResultLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwEnumerateSystemEnvironmentValuesEx(
+ InformationClass: ULONG,
+ Buffer: PVOID,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwEnumerateTransactionObject(
+ RootObjectHandle: HANDLE,
+ QueryType: KTMOBJECT_TYPE,
+ ObjectCursor: PKTMOBJECT_CURSOR,
+ ObjectCursorLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwEnumerateValueKey(
+ KeyHandle: HANDLE,
+ Index: ULONG,
+ KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
+ KeyValueInformation: PVOID,
+ Length: ULONG,
+ ResultLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwExtendSection(
+ SectionHandle: HANDLE,
+ NewSectionSize: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwFilterToken(
+ ExistingTokenHandle: HANDLE,
+ Flags: ULONG,
+ SidsToDisable: PTOKEN_GROUPS,
+ PrivilegesToDelete: PTOKEN_PRIVILEGES,
+ RestrictedSids: PTOKEN_GROUPS,
+ NewTokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwFilterTokenEx(
+ ExistingTokenHandle: HANDLE,
+ Flags: ULONG,
+ SidsToDisable: PTOKEN_GROUPS,
+ PrivilegesToDelete: PTOKEN_PRIVILEGES,
+ RestrictedSids: PTOKEN_GROUPS,
+ DisableUserClaimsCount: ULONG,
+ UserClaimsToDisable: PUNICODE_STRING,
+ DisableDeviceClaimsCount: ULONG,
+ DeviceClaimsToDisable: PUNICODE_STRING,
+ DeviceGroupsToDisable: PTOKEN_GROUPS,
+ RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ RestrictedDeviceGroups: PTOKEN_GROUPS,
+ NewTokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwFindAtom(
+ AtomName: PWSTR,
+ Length: ULONG,
+ Atom: PRTL_ATOM,
+ ) -> NTSTATUS;
+ fn ZwFlushBuffersFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn ZwFlushBuffersFileEx(
+ FileHandle: HANDLE,
+ Flags: ULONG,
+ Parameters: PVOID,
+ ParametersSize: ULONG,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn ZwFlushInstallUILanguage(
+ InstallUILanguage: LANGID,
+ SetComittedFlag: ULONG,
+ ) -> NTSTATUS;
+ fn ZwFlushInstructionCache(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ Length: SIZE_T,
+ ) -> NTSTATUS;
+ fn ZwFlushKey(
+ KeyHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwFlushProcessWriteBuffers();
+ fn ZwFlushWriteBuffer() -> NTSTATUS;
+ fn ZwFreeUserPhysicalPages(
+ ProcessHandle: HANDLE,
+ NumberOfPages: PULONG_PTR,
+ UserPfnArray: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwFreeVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ RegionSize: PSIZE_T,
+ FreeType: ULONG,
+ ) -> NTSTATUS;
+ fn ZwFreezeRegistry(
+ TimeOutInSeconds: ULONG,
+ ) -> NTSTATUS;
+ fn ZwFreezeTransactions(
+ FreezeTimeout: PLARGE_INTEGER,
+ ThawTimeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwFsControlFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FsControlCode: ULONG,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ OutputBuffer: PVOID,
+ OutputBufferLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwGetCachedSigningLevel(
+ File: HANDLE,
+ Flags: PULONG,
+ SigningLevel: PSE_SIGNING_LEVEL,
+ Thumbprint: PUCHAR,
+ ThumbprintSize: PULONG,
+ ThumbprintAlgorithm: PULONG,
+ ) -> NTSTATUS;
+ fn ZwGetCompleteWnfStateSubscription(
+ OldDescriptorStateName: PWNF_STATE_NAME,
+ OldSubscriptionId: *mut ULONG64,
+ OldDescriptorEventMask: ULONG,
+ OldDescriptorStatus: ULONG,
+ NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR,
+ DescriptorSize: ULONG,
+ ) -> NTSTATUS;
+ fn ZwGetContextThread(
+ ThreadHandle: HANDLE,
+ ThreadContext: PCONTEXT,
+ ) -> NTSTATUS;
+ fn ZwGetCurrentProcessorNumber() -> ULONG;
+ fn ZwGetDevicePowerState(
+ Device: HANDLE,
+ State: PDEVICE_POWER_STATE,
+ ) -> NTSTATUS;
+ fn ZwGetMUIRegistryInfo(
+ Flags: ULONG,
+ DataSize: PULONG,
+ Data: PVOID,
+ ) -> NTSTATUS;
+ fn ZwGetNextProcess(
+ ProcessHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ Flags: ULONG,
+ NewProcessHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwGetNextThread(
+ ProcessHandle: HANDLE,
+ ThreadHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ Flags: ULONG,
+ NewThreadHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwGetNlsSectionPtr(
+ SectionType: ULONG,
+ SectionData: ULONG,
+ ContextData: PVOID,
+ SectionPointer: *mut PVOID,
+ SectionSize: PULONG,
+ ) -> NTSTATUS;
+ fn ZwGetNotificationResourceManager(
+ ResourceManagerHandle: HANDLE,
+ TransactionNotification: PTRANSACTION_NOTIFICATION,
+ NotificationLength: ULONG,
+ Timeout: PLARGE_INTEGER,
+ ReturnLength: PULONG,
+ Asynchronous: ULONG,
+ AsynchronousContext: ULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwGetPlugPlayEvent(
+ EventHandle: HANDLE,
+ Context: PVOID,
+ EventBlock: PPLUGPLAY_EVENT_BLOCK,
+ EventBufferSize: ULONG,
+ ) -> NTSTATUS;
+ fn ZwGetWriteWatch(
+ ProcessHandle: HANDLE,
+ Flags: ULONG,
+ BaseAddress: PVOID,
+ RegionSize: SIZE_T,
+ UserAddressArray: *mut PVOID,
+ EntriesInUserAddressArray: PULONG_PTR,
+ Granularity: PULONG,
+ ) -> NTSTATUS;
+ fn ZwImpersonateAnonymousToken(
+ ThreadHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwImpersonateClientOfPort(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwImpersonateThread(
+ ServerThreadHandle: HANDLE,
+ ClientThreadHandle: HANDLE,
+ SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
+ ) -> NTSTATUS;
+ fn ZwInitializeNlsFiles(
+ BaseAddress: *mut PVOID,
+ DefaultLocaleId: PLCID,
+ DefaultCasingTableSize: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwInitializeRegistry(
+ BootCondition: USHORT,
+ ) -> NTSTATUS;
+ fn ZwInitiatePowerAction(
+ SystemAction: POWER_ACTION,
+ LightestSystemState: SYSTEM_POWER_STATE,
+ Flags: ULONG,
+ Asynchronous: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwIsProcessInJob(
+ ProcessHandle: HANDLE,
+ JobHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwIsSystemResumeAutomatic() -> BOOLEAN;
+ fn ZwIsUILanguageComitted() -> NTSTATUS;
+ fn ZwListenPort(
+ PortHandle: HANDLE,
+ ConnectionRequest: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwLoadDriver(
+ DriverServiceName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwLoadKey(
+ TargetKey: POBJECT_ATTRIBUTES,
+ SourceFile: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwLoadKey2(
+ TargetKey: POBJECT_ATTRIBUTES,
+ SourceFile: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwLoadKeyEx(
+ TargetKey: POBJECT_ATTRIBUTES,
+ SourceFile: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ TrustClassKey: HANDLE,
+ Event: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ RootHandle: PHANDLE,
+ IoStatus: PIO_STATUS_BLOCK,
+ ) -> NTSTATUS;
+ fn ZwLockFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ByteOffset: PLARGE_INTEGER,
+ Length: PLARGE_INTEGER,
+ Key: ULONG,
+ FailImmediately: BOOLEAN,
+ ExclusiveLock: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwLockProductActivationKeys(
+ pPrivateVer: *mut ULONG,
+ pSafeMode: *mut ULONG,
+ ) -> NTSTATUS;
+ fn ZwLockRegistryKey(
+ KeyHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwLockVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ RegionSize: PSIZE_T,
+ MapType: ULONG,
+ ) -> NTSTATUS;
+ fn ZwMakePermanentObject(
+ Handle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwMakeTemporaryObject(
+ Handle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwManagePartition(
+ PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS,
+ PartitionInformation: PVOID,
+ PartitionInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwMapCMFModule(
+ What: ULONG,
+ Index: ULONG,
+ CacheIndexOut: PULONG,
+ CacheFlagsOut: PULONG,
+ ViewSizeOut: PULONG,
+ BaseAddress: *mut PVOID,
+ ) -> NTSTATUS;
+ fn ZwMapUserPhysicalPages(
+ VirtualAddress: PVOID,
+ NumberOfPages: ULONG_PTR,
+ UserPfnArray: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwMapUserPhysicalPagesScatter(
+ VirtualAddresses: *mut PVOID,
+ NumberOfPages: ULONG_PTR,
+ UserPfnArray: PULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwMapViewOfSection(
+ SectionHandle: HANDLE,
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ ZeroBits: ULONG_PTR,
+ CommitSize: SIZE_T,
+ SectionOffset: PLARGE_INTEGER,
+ ViewSize: PSIZE_T,
+ InheritDisposition: SECTION_INHERIT,
+ AllocationType: ULONG,
+ Win32Protect: ULONG,
+ ) -> NTSTATUS;
+ fn ZwModifyBootEntry(
+ BootEntry: PBOOT_ENTRY,
+ ) -> NTSTATUS;
+ fn ZwModifyDriverEntry(
+ DriverEntry: PEFI_DRIVER_ENTRY,
+ ) -> NTSTATUS;
+ fn ZwNotifyChangeDirectoryFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ CompletionFilter: ULONG,
+ WatchTree: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwNotifyChangeKey(
+ KeyHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ CompletionFilter: ULONG,
+ WatchTree: BOOLEAN,
+ Buffer: PVOID,
+ BufferSize: ULONG,
+ Asynchronous: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwNotifyChangeMultipleKeys(
+ MasterKeyHandle: HANDLE,
+ Count: ULONG,
+ SubordinateObjects: *mut OBJECT_ATTRIBUTES,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ CompletionFilter: ULONG,
+ WatchTree: BOOLEAN,
+ Buffer: PVOID,
+ BufferSize: ULONG,
+ Asynchronous: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwNotifyChangeSession(
+ SessionHandle: HANDLE,
+ ChangeSequenceNumber: ULONG,
+ ChangeTimeStamp: PLARGE_INTEGER,
+ Event: IO_SESSION_EVENT,
+ NewState: IO_SESSION_STATE,
+ PreviousState: IO_SESSION_STATE,
+ Payload: PVOID,
+ PayloadSize: ULONG,
+ ) -> NTSTATUS;
+ fn ZwOpenDirectoryObject(
+ DirectoryHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenEnlistment(
+ EnlistmentHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ RmHandle: HANDLE,
+ EnlistmentGuid: LPGUID,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenEvent(
+ EventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenEventPair(
+ EventPairHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenFile(
+ FileHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ShareAccess: ULONG,
+ OpenOptions: ULONG,
+ ) -> NTSTATUS;
+ fn ZwOpenIoCompletion(
+ IoCompletionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenJobObject(
+ JobHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenKey(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenKeyEx(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ OpenOptions: ULONG,
+ ) -> NTSTATUS;
+ fn ZwOpenKeyTransacted(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TransactionHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenKeyTransactedEx(
+ KeyHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ OpenOptions: ULONG,
+ TransactionHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenKeyedEvent(
+ KeyedEventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenMutant(
+ MutantHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ GrantedAccess: ACCESS_MASK,
+ Privileges: PPRIVILEGE_SET,
+ ObjectCreation: BOOLEAN,
+ AccessGranted: BOOLEAN,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwOpenPartition(
+ PartitionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenPrivateNamespace(
+ NamespaceHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ BoundaryDescriptor: PVOID,
+ ) -> NTSTATUS;
+ fn ZwOpenProcess(
+ ProcessHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ClientId: PCLIENT_ID,
+ ) -> NTSTATUS;
+ fn ZwOpenProcessToken(
+ ProcessHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenProcessTokenEx(
+ ProcessHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenResourceManager(
+ ResourceManagerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ TmHandle: HANDLE,
+ ResourceManagerGuid: LPGUID,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenSection(
+ SectionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenSemaphore(
+ SemaphoreHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenSession(
+ SessionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenSymbolicLinkObject(
+ LinkHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenThread(
+ ThreadHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ClientId: PCLIENT_ID,
+ ) -> NTSTATUS;
+ fn ZwOpenThreadToken(
+ ThreadHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ OpenAsSelf: BOOLEAN,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenThreadTokenEx(
+ ThreadHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ OpenAsSelf: BOOLEAN,
+ HandleAttributes: ULONG,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenTimer(
+ TimerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwOpenTransaction(
+ TransactionHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Uow: LPGUID,
+ TmHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwOpenTransactionManager(
+ TmHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ LogFileName: PUNICODE_STRING,
+ TmIdentity: LPGUID,
+ OpenOptions: ULONG,
+ ) -> NTSTATUS;
+ fn ZwPlugPlayControl(
+ PnPControlClass: PLUGPLAY_CONTROL_CLASS,
+ PnPControlData: PVOID,
+ PnPControlDataLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwPowerInformation(
+ InformationLevel: POWER_INFORMATION_LEVEL,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ OutputBuffer: PVOID,
+ OutputBufferLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwPrePrepareComplete(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwPrePrepareEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwPrepareComplete(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwPrepareEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwPrivilegeCheck(
+ ClientToken: HANDLE,
+ RequiredPrivileges: PPRIVILEGE_SET,
+ Result: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwPrivilegeObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ Privileges: PPRIVILEGE_SET,
+ AccessGranted: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwPrivilegedServiceAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ ServiceName: PUNICODE_STRING,
+ ClientToken: HANDLE,
+ Privileges: PPRIVILEGE_SET,
+ AccessGranted: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwPropagationComplete(
+ ResourceManagerHandle: HANDLE,
+ RequestCookie: ULONG,
+ BufferLength: ULONG,
+ Buffer: PVOID,
+ ) -> NTSTATUS;
+ fn ZwPropagationFailed(
+ ResourceManagerHandle: HANDLE,
+ RequestCookie: ULONG,
+ PropStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwProtectVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ RegionSize: PSIZE_T,
+ NewProtect: ULONG,
+ OldProtect: PULONG,
+ ) -> NTSTATUS;
+ fn ZwPulseEvent(
+ EventHandle: HANDLE,
+ PreviousState: PLONG,
+ ) -> NTSTATUS;
+ fn ZwQueryAttributesFile(
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ FileInformation: PFILE_BASIC_INFORMATION,
+ ) -> NTSTATUS;
+ fn ZwQueryBootEntryOrder(
+ Ids: PULONG,
+ Count: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryBootOptions(
+ BootOptions: PBOOT_OPTIONS,
+ BootOptionsLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryDebugFilterState(
+ ComponentId: ULONG,
+ Level: ULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryDefaultLocale(
+ UserProfile: BOOLEAN,
+ DefaultLocaleId: PLCID,
+ ) -> NTSTATUS;
+ fn ZwQueryDefaultUILanguage(
+ DefaultUILanguageId: *mut LANGID,
+ ) -> NTSTATUS;
+ fn ZwQueryDirectoryFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FileInformation: PVOID,
+ Length: ULONG,
+ FileInformationClass: FILE_INFORMATION_CLASS,
+ ReturnSingleEntry: BOOLEAN,
+ FileName: PUNICODE_STRING,
+ RestartScan: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwQueryDirectoryObject(
+ DirectoryHandle: HANDLE,
+ Buffer: PVOID,
+ Length: ULONG,
+ ReturnSingleEntry: BOOLEAN,
+ RestartScan: BOOLEAN,
+ Context: PULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryDriverEntryOrder(
+ Ids: PULONG,
+ Count: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryEaFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ReturnSingleEntry: BOOLEAN,
+ EaList: PVOID,
+ EaListLength: ULONG,
+ EaIndex: PULONG,
+ RestartScan: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwQueryEvent(
+ EventHandle: HANDLE,
+ EventInformationClass: EVENT_INFORMATION_CLASS,
+ EventInformation: PVOID,
+ EventInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryFullAttributesFile(
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ FileInformation: PFILE_NETWORK_OPEN_INFORMATION,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationAtom(
+ Atom: RTL_ATOM,
+ AtomInformationClass: ATOM_INFORMATION_CLASS,
+ AtomInformation: PVOID,
+ AtomInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationEnlistment(
+ EnlistmentHandle: HANDLE,
+ EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
+ EnlistmentInformation: PVOID,
+ EnlistmentInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FileInformation: PVOID,
+ Length: ULONG,
+ FileInformationClass: FILE_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationJobObject(
+ JobHandle: HANDLE,
+ JobObjectInformationClass: JOBOBJECTINFOCLASS,
+ JobObjectInformation: PVOID,
+ JobObjectInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationPort(
+ PortHandle: HANDLE,
+ PortInformationClass: PORT_INFORMATION_CLASS,
+ PortInformation: PVOID,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationProcess(
+ ProcessHandle: HANDLE,
+ ProcessInformationClass: PROCESSINFOCLASS,
+ ProcessInformation: PVOID,
+ ProcessInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationResourceManager(
+ ResourceManagerHandle: HANDLE,
+ ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
+ ResourceManagerInformation: PVOID,
+ ResourceManagerInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationThread(
+ ThreadHandle: HANDLE,
+ ThreadInformationClass: THREADINFOCLASS,
+ ThreadInformation: PVOID,
+ ThreadInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationToken(
+ TokenHandle: HANDLE,
+ TokenInformationClass: TOKEN_INFORMATION_CLASS,
+ TokenInformation: PVOID,
+ TokenInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationTransaction(
+ TransactionHandle: HANDLE,
+ TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
+ TransactionInformation: PVOID,
+ TransactionInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationTransactionManager(
+ TransactionManagerHandle: HANDLE,
+ TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
+ TransactionManagerInformation: PVOID,
+ TransactionManagerInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInformationWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
+ WorkerFactoryInformation: PVOID,
+ WorkerFactoryInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryInstallUILanguage(
+ InstallUILanguageId: *mut LANGID,
+ ) -> NTSTATUS;
+ fn ZwQueryIntervalProfile(
+ ProfileSource: KPROFILE_SOURCE,
+ Interval: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryIoCompletion(
+ IoCompletionHandle: HANDLE,
+ IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS,
+ IoCompletionInformation: PVOID,
+ IoCompletionInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryKey(
+ KeyHandle: HANDLE,
+ KeyInformationClass: KEY_INFORMATION_CLASS,
+ KeyInformation: PVOID,
+ Length: ULONG,
+ ResultLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryLicenseValue(
+ ValueName: PUNICODE_STRING,
+ Type: PULONG,
+ Data: PVOID,
+ DataSize: ULONG,
+ ResultDataSize: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryMultipleValueKey(
+ KeyHandle: HANDLE,
+ ValueEntries: PKEY_VALUE_ENTRY,
+ EntryCount: ULONG,
+ ValueBuffer: PVOID,
+ BufferLength: PULONG,
+ RequiredBufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryMutant(
+ MutantHandle: HANDLE,
+ MutantInformationClass: MUTANT_INFORMATION_CLASS,
+ MutantInformation: PVOID,
+ MutantInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryObject(
+ Handle: HANDLE,
+ ObjectInformationClass: OBJECT_INFORMATION_CLASS,
+ ObjectInformation: PVOID,
+ ObjectInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryOpenSubKeys(
+ TargetKey: POBJECT_ATTRIBUTES,
+ HandleCount: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryOpenSubKeysEx(
+ TargetKey: POBJECT_ATTRIBUTES,
+ BufferLength: ULONG,
+ Buffer: PVOID,
+ RequiredSize: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryPerformanceCounter(
+ PerformanceCounter: PLARGE_INTEGER,
+ PerformanceFrequency: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwQueryPortInformationProcess() -> NTSTATUS;
+ fn ZwQueryQuotaInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ReturnSingleEntry: BOOLEAN,
+ SidList: PVOID,
+ SidListLength: ULONG,
+ StartSid: PSID,
+ RestartScan: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwQuerySection(
+ SectionHandle: HANDLE,
+ SectionInformationClass: SECTION_INFORMATION_CLASS,
+ SectionInformation: PVOID,
+ SectionInformationLength: SIZE_T,
+ ReturnLength: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwQuerySecurityAttributesToken(
+ TokenHandle: HANDLE,
+ Attributes: PUNICODE_STRING,
+ NumberOfAttributes: ULONG,
+ Buffer: PVOID,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySecurityObject(
+ Handle: HANDLE,
+ SecurityInformation: SECURITY_INFORMATION,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ Length: ULONG,
+ LengthNeeded: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySemaphore(
+ SemaphoreHandle: HANDLE,
+ SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS,
+ SemaphoreInformation: PVOID,
+ SemaphoreInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySymbolicLinkObject(
+ LinkHandle: HANDLE,
+ LinkTarget: PUNICODE_STRING,
+ ReturnedLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySystemEnvironmentValue(
+ VariableName: PUNICODE_STRING,
+ VariableValue: PWSTR,
+ ValueLength: USHORT,
+ ReturnLength: PUSHORT,
+ ) -> NTSTATUS;
+ fn ZwQuerySystemEnvironmentValueEx(
+ VariableName: PUNICODE_STRING,
+ VendorGuid: LPGUID,
+ Value: PVOID,
+ ValueLength: PULONG,
+ Attributes: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySystemInformation(
+ SystemInformationClass: SYSTEM_INFORMATION_CLASS,
+ SystemInformation: PVOID,
+ SystemInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySystemInformationEx(
+ SystemInformationClass: SYSTEM_INFORMATION_CLASS,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ SystemInformation: PVOID,
+ SystemInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQuerySystemTime(
+ SystemTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwQueryTimer(
+ TimerHandle: HANDLE,
+ TimerInformationClass: TIMER_INFORMATION_CLASS,
+ TimerInformation: PVOID,
+ TimerInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryTimerResolution(
+ MaximumTime: PULONG,
+ MinimumTime: PULONG,
+ CurrentTime: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryValueKey(
+ KeyHandle: HANDLE,
+ ValueName: PUNICODE_STRING,
+ KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS,
+ KeyValueInformation: PVOID,
+ Length: ULONG,
+ ResultLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ MemoryInformationClass: MEMORY_INFORMATION_CLASS,
+ MemoryInformation: PVOID,
+ MemoryInformationLength: SIZE_T,
+ ReturnLength: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwQueryVolumeInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FsInformation: PVOID,
+ Length: ULONG,
+ FsInformationClass: FS_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn ZwQueryWnfStateData(
+ StateName: PCWNF_STATE_NAME,
+ TypeId: PCWNF_TYPE_ID,
+ ExplicitScope: *const VOID,
+ ChangeStamp: PWNF_CHANGE_STAMP,
+ Buffer: PVOID,
+ BufferSize: PULONG,
+ ) -> NTSTATUS;
+ fn ZwQueryWnfStateNameInformation(
+ StateName: PCWNF_STATE_NAME,
+ NameInfoClass: WNF_STATE_NAME_INFORMATION,
+ ExplicitScope: *const VOID,
+ InfoBuffer: PVOID,
+ InfoBufferSize: ULONG,
+ ) -> NTSTATUS;
+ fn ZwQueueApcThread(
+ ThreadHandle: HANDLE,
+ ApcRoutine: PPS_APC_ROUTINE,
+ ApcArgument1: PVOID,
+ ApcArgument2: PVOID,
+ ApcArgument3: PVOID,
+ ) -> NTSTATUS;
+ fn ZwQueueApcThreadEx(
+ ThreadHandle: HANDLE,
+ UserApcReserveHandle: HANDLE,
+ ApcRoutine: PPS_APC_ROUTINE,
+ ApcArgument1: PVOID,
+ ApcArgument2: PVOID,
+ ApcArgument3: PVOID,
+ ) -> NTSTATUS;
+ fn ZwRaiseException(
+ ExceptionRecord: PEXCEPTION_RECORD,
+ ContextRecord: PCONTEXT,
+ FirstChance: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwRaiseHardError(
+ ErrorStatus: NTSTATUS,
+ NumberOfParameters: ULONG,
+ UnicodeStringParameterMask: ULONG,
+ Parameters: PULONG_PTR,
+ ValidResponseOptions: ULONG,
+ Response: PULONG,
+ ) -> NTSTATUS;
+ fn ZwReadFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ByteOffset: PLARGE_INTEGER,
+ Key: PULONG,
+ ) -> NTSTATUS;
+ fn ZwReadFileScatter(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ SegmentArray: PFILE_SEGMENT_ELEMENT,
+ Length: ULONG,
+ ByteOffset: PLARGE_INTEGER,
+ Key: PULONG,
+ ) -> NTSTATUS;
+ fn ZwReadOnlyEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwReadRequestData(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ DataEntryIndex: ULONG,
+ Buffer: PVOID,
+ BufferSize: SIZE_T,
+ NumberOfBytesRead: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwReadVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ Buffer: PVOID,
+ BufferSize: SIZE_T,
+ NumberOfBytesRead: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwRecoverEnlistment(
+ EnlistmentHandle: HANDLE,
+ EnlistmentKey: PVOID,
+ ) -> NTSTATUS;
+ fn ZwRecoverResourceManager(
+ ResourceManagerHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwRecoverTransactionManager(
+ TransactionManagerHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwRegisterProtocolAddressInformation(
+ ResourceManager: HANDLE,
+ ProtocolId: PCRM_PROTOCOL_ID,
+ ProtocolInformationSize: ULONG,
+ ProtocolInformation: PVOID,
+ CreateOptions: ULONG,
+ ) -> NTSTATUS;
+ fn ZwRegisterThreadTerminatePort(
+ PortHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwReleaseCMFViewOwnership() -> NTSTATUS;
+ fn ZwReleaseKeyedEvent(
+ KeyedEventHandle: HANDLE,
+ KeyValue: PVOID,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwReleaseMutant(
+ MutantHandle: HANDLE,
+ PreviousCount: PLONG,
+ ) -> NTSTATUS;
+ fn ZwReleaseSemaphore(
+ SemaphoreHandle: HANDLE,
+ ReleaseCount: LONG,
+ PreviousCount: PLONG,
+ ) -> NTSTATUS;
+ fn ZwReleaseWorkerFactoryWorker(
+ WorkerFactoryHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwRemoveIoCompletion(
+ IoCompletionHandle: HANDLE,
+ KeyContext: *mut PVOID,
+ ApcContext: *mut PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwRemoveIoCompletionEx(
+ IoCompletionHandle: HANDLE,
+ IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION,
+ Count: ULONG,
+ NumEntriesRemoved: PULONG,
+ Timeout: PLARGE_INTEGER,
+ Alertable: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwRemoveProcessDebug(
+ ProcessHandle: HANDLE,
+ DebugObjectHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwRenameKey(
+ KeyHandle: HANDLE,
+ NewName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwRenameTransactionManager(
+ LogFileName: PUNICODE_STRING,
+ ExistingTransactionManagerGuid: LPGUID,
+ ) -> NTSTATUS;
+ fn ZwReplaceKey(
+ NewFile: POBJECT_ATTRIBUTES,
+ TargetHandle: HANDLE,
+ OldFile: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwReplacePartitionUnit(
+ TargetInstancePath: PUNICODE_STRING,
+ SpareInstancePath: PUNICODE_STRING,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwReplyPort(
+ PortHandle: HANDLE,
+ ReplyMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwReplyWaitReceivePort(
+ PortHandle: HANDLE,
+ PortContext: *mut PVOID,
+ ReplyMessage: PPORT_MESSAGE,
+ ReceiveMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwReplyWaitReceivePortEx(
+ PortHandle: HANDLE,
+ PortContext: *mut PVOID,
+ ReplyMessage: PPORT_MESSAGE,
+ ReceiveMessage: PPORT_MESSAGE,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwReplyWaitReplyPort(
+ PortHandle: HANDLE,
+ ReplyMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwRequestPort(
+ PortHandle: HANDLE,
+ RequestMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwRequestWaitReplyPort(
+ PortHandle: HANDLE,
+ RequestMessage: PPORT_MESSAGE,
+ ReplyMessage: PPORT_MESSAGE,
+ ) -> NTSTATUS;
+ fn ZwRequestWakeupLatency(
+ latency: LATENCY_TIME,
+ ) -> NTSTATUS;
+ fn ZwResetEvent(
+ EventHandle: HANDLE,
+ PreviousState: PLONG,
+ ) -> NTSTATUS;
+ fn ZwResetWriteWatch(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ RegionSize: SIZE_T,
+ ) -> NTSTATUS;
+ fn ZwRestoreKey(
+ KeyHandle: HANDLE,
+ FileHandle: HANDLE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwResumeProcess(
+ ProcessHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwResumeThread(
+ ThreadHandle: HANDLE,
+ PreviousSuspendCount: PULONG,
+ ) -> NTSTATUS;
+ fn ZwRevertContainerImpersonation() -> NTSTATUS;
+ fn ZwRollbackComplete(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwRollbackEnlistment(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwRollbackTransaction(
+ TransactionHandle: HANDLE,
+ Wait: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwRollforwardTransactionManager(
+ TransactionManagerHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwSaveKey(
+ KeyHandle: HANDLE,
+ FileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSaveKeyEx(
+ KeyHandle: HANDLE,
+ FileHandle: HANDLE,
+ Format: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSaveMergedKeys(
+ HighPrecedenceKeyHandle: HANDLE,
+ LowPrecedenceKeyHandle: HANDLE,
+ FileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSecureConnectPort(
+ PortHandle: PHANDLE,
+ PortName: PUNICODE_STRING,
+ SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
+ ClientView: PPORT_VIEW,
+ RequiredServerSid: PSID,
+ ServerView: PREMOTE_PORT_VIEW,
+ MaxMessageLength: PULONG,
+ ConnectionInformation: PVOID,
+ ConnectionInformationLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwSerializeBoot() -> NTSTATUS;
+ fn ZwSetBootEntryOrder(
+ Ids: PULONG,
+ Count: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetBootOptions(
+ BootOptions: PBOOT_OPTIONS,
+ FieldsToChange: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetCachedSigningLevel(
+ Flags: ULONG,
+ InputSigningLevel: SE_SIGNING_LEVEL,
+ SourceFiles: PHANDLE,
+ SourceFileCount: ULONG,
+ TargetFile: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetContextThread(
+ ThreadHandle: HANDLE,
+ ThreadContext: PCONTEXT,
+ ) -> NTSTATUS;
+ fn ZwSetDebugFilterState(
+ ComponentId: ULONG,
+ Level: ULONG,
+ State: BOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwSetDefaultHardErrorPort(
+ DefaultHardErrorPort: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetDefaultLocale(
+ UserProfile: BOOLEAN,
+ DefaultLocaleId: LCID,
+ ) -> NTSTATUS;
+ fn ZwSetDefaultUILanguage(
+ DefaultUILanguageId: LANGID,
+ ) -> NTSTATUS;
+ fn ZwSetDriverEntryOrder(
+ Ids: PULONG,
+ Count: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetEaFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetEvent(
+ EventHandle: HANDLE,
+ PreviousState: PLONG,
+ ) -> NTSTATUS;
+ fn ZwSetEventBoostPriority(
+ EventHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetHighEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetHighWaitLowEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetIRTimer(
+ TimerHandle: HANDLE,
+ DueTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwSetInformationDebugObject(
+ DebugObjectHandle: HANDLE,
+ DebugObjectInformationClass: DEBUGOBJECTINFOCLASS,
+ DebugInformation: PVOID,
+ DebugInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationEnlistment(
+ EnlistmentHandle: HANDLE,
+ EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS,
+ EnlistmentInformation: PVOID,
+ EnlistmentInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FileInformation: PVOID,
+ Length: ULONG,
+ FileInformationClass: FILE_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn ZwSetInformationJobObject(
+ JobHandle: HANDLE,
+ JobObjectInformationClass: JOBOBJECTINFOCLASS,
+ JobObjectInformation: PVOID,
+ JobObjectInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationKey(
+ KeyHandle: HANDLE,
+ KeySetInformationClass: KEY_SET_INFORMATION_CLASS,
+ KeySetInformation: PVOID,
+ KeySetInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationObject(
+ Handle: HANDLE,
+ ObjectInformationClass: OBJECT_INFORMATION_CLASS,
+ ObjectInformation: PVOID,
+ ObjectInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationProcess(
+ ProcessHandle: HANDLE,
+ ProcessInformationClass: PROCESSINFOCLASS,
+ ProcessInformation: PVOID,
+ ProcessInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationResourceManager(
+ ResourceManagerHandle: HANDLE,
+ ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS,
+ ResourceManagerInformation: PVOID,
+ ResourceManagerInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationThread(
+ ThreadHandle: HANDLE,
+ ThreadInformationClass: THREADINFOCLASS,
+ ThreadInformation: PVOID,
+ ThreadInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationToken(
+ TokenHandle: HANDLE,
+ TokenInformationClass: TOKEN_INFORMATION_CLASS,
+ TokenInformation: PVOID,
+ TokenInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationTransaction(
+ TransactionHandle: HANDLE,
+ TransactionInformationClass: TRANSACTION_INFORMATION_CLASS,
+ TransactionInformation: PVOID,
+ TransactionInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationTransactionManager(
+ TmHandle: HANDLE,
+ TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS,
+ TransactionManagerInformation: PVOID,
+ TransactionManagerInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationVirtualMemory(
+ ProcessHandle: HANDLE,
+ VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS,
+ NumberOfEntries: ULONG_PTR,
+ VirtualAddresses: PMEMORY_RANGE_ENTRY,
+ VmInformation: PVOID,
+ VmInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetInformationWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
+ WorkerFactoryInformation: PVOID,
+ WorkerFactoryInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetIntervalProfile(
+ Interval: ULONG,
+ Source: KPROFILE_SOURCE,
+ ) -> NTSTATUS;
+ fn ZwSetIoCompletion(
+ IoCompletionHandle: HANDLE,
+ KeyContext: PVOID,
+ ApcContext: PVOID,
+ IoStatus: NTSTATUS,
+ IoStatusInformation: ULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwSetIoCompletionEx(
+ IoCompletionHandle: HANDLE,
+ IoCompletionPacketHandle: HANDLE,
+ KeyContext: PVOID,
+ ApcContext: PVOID,
+ IoStatus: NTSTATUS,
+ IoStatusInformation: ULONG_PTR,
+ ) -> NTSTATUS;
+ fn ZwSetLdtEntries(
+ Selector0: ULONG,
+ Entry0Low: ULONG,
+ Entry0Hi: ULONG,
+ Selector1: ULONG,
+ Entry1Low: ULONG,
+ Entry1Hi: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetLowEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetLowWaitHighEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSetQuotaInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetSecurityObject(
+ Handle: HANDLE,
+ SecurityInformation: SECURITY_INFORMATION,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ) -> NTSTATUS;
+ fn ZwSetSystemEnvironmentValue(
+ VariableName: PUNICODE_STRING,
+ VariableValue: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwSetSystemEnvironmentValueEx(
+ VariableName: PUNICODE_STRING,
+ VendorGuid: LPGUID,
+ Value: PVOID,
+ ValueLength: ULONG,
+ Attributes: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetSystemInformation(
+ SystemInformationClass: SYSTEM_INFORMATION_CLASS,
+ SystemInformation: PVOID,
+ SystemInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetSystemPowerState(
+ SystemAction: POWER_ACTION,
+ LightestSystemState: SYSTEM_POWER_STATE,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetSystemTime(
+ SystemTime: PLARGE_INTEGER,
+ PreviousTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwSetThreadExecutionState(
+ NewFlags: EXECUTION_STATE,
+ PreviousFlags: *mut EXECUTION_STATE,
+ ) -> NTSTATUS;
+ fn ZwSetTimer(
+ TimerHandle: HANDLE,
+ DueTime: PLARGE_INTEGER,
+ TimerApcRoutine: PTIMER_APC_ROUTINE,
+ TimerContext: PVOID,
+ ResumeTimer: BOOLEAN,
+ Period: LONG,
+ PreviousState: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn ZwSetTimer2(
+ TimerHandle: HANDLE,
+ DueTime: PLARGE_INTEGER,
+ Period: PLARGE_INTEGER,
+ Parameters: PT2_SET_PARAMETERS,
+ ) -> NTSTATUS;
+ fn ZwSetTimerEx(
+ TimerHandle: HANDLE,
+ TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS,
+ TimerSetInformation: PVOID,
+ TimerSetInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetTimerResolution(
+ DesiredTime: ULONG,
+ SetResolution: BOOLEAN,
+ ActualTime: PULONG,
+ ) -> NTSTATUS;
+ fn ZwSetUuidSeed(
+ Seed: PCHAR,
+ ) -> NTSTATUS;
+ fn ZwSetValueKey(
+ KeyHandle: HANDLE,
+ ValueName: PUNICODE_STRING,
+ TitleIndex: ULONG,
+ Type: ULONG,
+ Data: PVOID,
+ DataSize: ULONG,
+ ) -> NTSTATUS;
+ fn ZwSetVolumeInformationFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ FsInformation: PVOID,
+ Length: ULONG,
+ FsInformationClass: FS_INFORMATION_CLASS,
+ ) -> NTSTATUS;
+ fn ZwSetWnfProcessNotificationEvent(
+ NotificationEvent: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwShutdownSystem(
+ Action: SHUTDOWN_ACTION,
+ ) -> NTSTATUS;
+ fn ZwShutdownWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ PendingWorkerCount: *mut LONG,
+ ) -> NTSTATUS;
+ fn ZwSignalAndWaitForSingleObject(
+ SignalHandle: HANDLE,
+ WaitHandle: HANDLE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwSinglePhaseReject(
+ EnlistmentHandle: HANDLE,
+ TmVirtualClock: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwStartProfile(
+ ProfileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwStopProfile(
+ ProfileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSubscribeWnfStateChange(
+ StateName: PCWNF_STATE_NAME,
+ ChangeStamp: WNF_CHANGE_STAMP,
+ EventMask: ULONG,
+ SubscriptionId: PULONG64,
+ ) -> NTSTATUS;
+ fn ZwSuspendProcess(
+ ProcessHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwSuspendThread(
+ ThreadHandle: HANDLE,
+ PreviousSuspendCount: PULONG,
+ ) -> NTSTATUS;
+ fn ZwSystemDebugControl(
+ Command: SYSDBG_COMMAND,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ OutputBuffer: PVOID,
+ OutputBufferLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwTerminateJobObject(
+ JobHandle: HANDLE,
+ ExitStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwTerminateProcess(
+ ProcessHandle: HANDLE,
+ ExitStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwTerminateThread(
+ ThreadHandle: HANDLE,
+ ExitStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn ZwTestAlert() -> NTSTATUS;
+ fn ZwThawRegistry() -> NTSTATUS;
+ fn ZwThawTransactions() -> NTSTATUS;
+ fn ZwTraceControl(
+ FunctionCode: ULONG,
+ InBuffer: PVOID,
+ InBufferLen: ULONG,
+ OutBuffer: PVOID,
+ OutBufferLen: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwTraceEvent(
+ TraceHandle: HANDLE,
+ Flags: ULONG,
+ FieldSize: ULONG,
+ Fields: PVOID,
+ ) -> NTSTATUS;
+ fn ZwTranslateFilePath(
+ InputFilePath: PFILE_PATH,
+ OutputType: ULONG,
+ OutputFilePath: PFILE_PATH,
+ OutputFilePathLength: PULONG,
+ ) -> NTSTATUS;
+ fn ZwUmsThreadYield(
+ SchedulerParam: PVOID,
+ ) -> NTSTATUS;
+ fn ZwUnloadDriver(
+ DriverServiceName: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn ZwUnloadKey(
+ TargetKey: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn ZwUnloadKey2(
+ TargetKey: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwUnloadKeyEx(
+ TargetKey: POBJECT_ATTRIBUTES,
+ Event: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwUnlockFile(
+ FileHandle: HANDLE,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ ByteOffset: PLARGE_INTEGER,
+ Length: PLARGE_INTEGER,
+ Key: ULONG,
+ ) -> NTSTATUS;
+ fn ZwUnlockVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: *mut PVOID,
+ RegionSize: PSIZE_T,
+ MapType: ULONG,
+ ) -> NTSTATUS;
+ fn ZwUnmapViewOfSection(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ ) -> NTSTATUS;
+ fn ZwUnmapViewOfSectionEx(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn ZwUnsubscribeWnfStateChange(
+ StateName: PCWNF_STATE_NAME,
+ ) -> NTSTATUS;
+ fn ZwUpdateWnfStateData(
+ StateName: PCWNF_STATE_NAME,
+ Buffer: *const VOID,
+ Length: ULONG,
+ TypeId: PCWNF_TYPE_ID,
+ ExplicitScope: *const VOID,
+ MatchingChangeStamp: WNF_CHANGE_STAMP,
+ CheckStamp: LOGICAL,
+ ) -> NTSTATUS;
+ fn ZwVdmControl(
+ Service: VDMSERVICECLASS,
+ ServiceData: PVOID,
+ ) -> NTSTATUS;
+ fn ZwWaitForAlertByThreadId(
+ Address: PVOID,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwWaitForDebugEvent(
+ DebugObjectHandle: HANDLE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ WaitStateChange: PVOID,
+ ) -> NTSTATUS;
+ fn ZwWaitForKeyedEvent(
+ KeyedEventHandle: HANDLE,
+ KeyValue: PVOID,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwWaitForMultipleObjects(
+ Count: ULONG,
+ Handles: *mut HANDLE,
+ WaitType: WAIT_TYPE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwWaitForMultipleObjects32(
+ Count: ULONG,
+ Handles: *mut LONG,
+ WaitType: WAIT_TYPE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwWaitForSingleObject(
+ Handle: HANDLE,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn ZwWaitForWorkViaWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION,
+ ) -> NTSTATUS;
+ fn ZwWaitHighEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwWaitLowEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwWorkerFactoryWorkerReady(
+ WorkerFactoryHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn ZwWriteFile(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ Buffer: PVOID,
+ Length: ULONG,
+ ByteOffset: PLARGE_INTEGER,
+ Key: PULONG,
+ ) -> NTSTATUS;
+ fn ZwWriteFileGather(
+ FileHandle: HANDLE,
+ Event: HANDLE,
+ ApcRoutine: PIO_APC_ROUTINE,
+ ApcContext: PVOID,
+ IoStatusBlock: PIO_STATUS_BLOCK,
+ SegmentArray: PFILE_SEGMENT_ELEMENT,
+ Length: ULONG,
+ ByteOffset: PLARGE_INTEGER,
+ Key: PULONG,
+ ) -> NTSTATUS;
+ fn ZwWriteRequestData(
+ PortHandle: HANDLE,
+ Message: PPORT_MESSAGE,
+ DataEntryIndex: ULONG,
+ Buffer: PVOID,
+ BufferSize: SIZE_T,
+ NumberOfBytesWritten: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwWriteVirtualMemory(
+ ProcessHandle: HANDLE,
+ BaseAddress: PVOID,
+ Buffer: PVOID,
+ BufferSize: SIZE_T,
+ NumberOfBytesWritten: PSIZE_T,
+ ) -> NTSTATUS;
+ fn ZwYieldExecution() -> NTSTATUS;
+}}
diff --git a/vendor/ntapi/src/string.rs b/vendor/ntapi/src/string.rs
new file mode 100644
index 000000000..32bfa5024
--- /dev/null
+++ b/vendor/ntapi/src/string.rs
@@ -0,0 +1,58 @@
+/// A wrapper over UTF16 string constants.
+pub struct UTF16Const(pub &'static [u16]);
+impl UTF16Const {
+ #[inline]
+ pub fn as_ptr(&self) -> *const u16 {
+ self.0.as_ptr()
+ }
+ #[inline]
+ pub fn as_mut_ptr(&self) -> *mut u16 {
+ self.0.as_ptr() as *mut u16
+ }
+ #[inline]
+ pub fn len(&self) -> usize {
+ self.0.len() - 1
+ }
+}
+impl AsRef<[u16]> for UTF16Const {
+ #[inline]
+ fn as_ref(&self) -> &[u16] {
+ &self.0[..self.len()]
+ }
+}
+impl Copy for UTF16Const {}
+impl Clone for UTF16Const {
+ #[inline]
+ fn clone(&self) -> UTF16Const { *self }
+}
+/// A wrapper over UTF8 string constants.
+pub struct UTF8Const(pub &'static str);
+impl UTF8Const {
+ #[inline]
+ pub fn as_ptr(&self) -> *const i8 {
+ self.0.as_ptr() as *const i8
+ }
+ #[inline]
+ pub fn as_mut_ptr(&self) -> *mut i8 {
+ self.0.as_ptr() as *mut i8
+ }
+ #[inline]
+ pub fn len(&self) -> usize {
+ self.0.len() - 1
+ }
+ #[inline]
+ pub fn as_str(&self) -> &str {
+ &self.0[..self.len()]
+ }
+}
+impl AsRef<str> for UTF8Const {
+ #[inline]
+ fn as_ref(&self) -> &str {
+ &self.0[..self.len()]
+ }
+}
+impl Copy for UTF8Const {}
+impl Clone for UTF8Const {
+ #[inline]
+ fn clone(&self) -> UTF8Const { *self }
+}
diff --git a/vendor/ntapi/src/subprocesstag.rs b/vendor/ntapi/src/subprocesstag.rs
new file mode 100644
index 000000000..7c8d17ce4
--- /dev/null
+++ b/vendor/ntapi/src/subprocesstag.rs
@@ -0,0 +1,77 @@
+use winapi::shared::minwindef::DWORD;
+use winapi::shared::ntdef::{LPCWSTR, LPWSTR, PVOID};
+ENUM!{enum TAG_INFO_LEVEL {
+ eTagInfoLevelNameFromTag = 1,
+ eTagInfoLevelNamesReferencingModule = 2,
+ eTagInfoLevelNameTagMapping = 3,
+ eTagInfoLevelMax = 4,
+}}
+ENUM!{enum TAG_TYPE {
+ eTagTypeService = 1,
+ eTagTypeMax = 2,
+}}
+STRUCT!{struct TAG_INFO_NAME_FROM_TAG_IN_PARAMS {
+ dwPid: DWORD,
+ dwTag: DWORD,
+}}
+pub type PTAG_INFO_NAME_FROM_TAG_IN_PARAMS = *mut TAG_INFO_NAME_FROM_TAG_IN_PARAMS;
+STRUCT!{struct TAG_INFO_NAME_FROM_TAG_OUT_PARAMS {
+ eTagType: DWORD,
+ pszName: LPWSTR,
+}}
+pub type PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS = *mut TAG_INFO_NAME_FROM_TAG_OUT_PARAMS;
+STRUCT!{struct TAG_INFO_NAME_FROM_TAG {
+ InParams: TAG_INFO_NAME_FROM_TAG_IN_PARAMS,
+ OutParams: TAG_INFO_NAME_FROM_TAG_OUT_PARAMS,
+}}
+pub type PTAG_INFO_NAME_FROM_TAG = *mut TAG_INFO_NAME_FROM_TAG;
+STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS {
+ dwPid: DWORD,
+ pszModule: LPWSTR,
+}}
+pub type PTAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS =
+ *mut TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS;
+STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS {
+ eTagType: DWORD,
+ pmszNames: LPWSTR,
+}}
+pub type PTAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS =
+ *mut TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS;
+STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE {
+ InParams: TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS,
+ OutParams: TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS,
+}}
+pub type PTAG_INFO_NAMES_REFERENCING_MODULE = *mut TAG_INFO_NAMES_REFERENCING_MODULE;
+STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS {
+ dwPid: DWORD,
+}}
+pub type PTAG_INFO_NAME_TAG_MAPPING_IN_PARAMS = *mut TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS;
+STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_ELEMENT {
+ eTagType: DWORD,
+ dwTag: DWORD,
+ pszName: LPWSTR,
+ pszGroupName: LPWSTR,
+}}
+pub type PTAG_INFO_NAME_TAG_MAPPING_ELEMENT = *mut TAG_INFO_NAME_TAG_MAPPING_ELEMENT;
+STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS {
+ cElements: DWORD,
+ pNameTagMappingElements: PTAG_INFO_NAME_TAG_MAPPING_ELEMENT,
+}}
+pub type PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS = *mut TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS;
+STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING {
+ InParams: TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS,
+ pOutParams: PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS,
+}}
+pub type PTAG_INFO_NAME_TAG_MAPPING = *mut TAG_INFO_NAME_TAG_MAPPING;
+EXTERN!{extern "system" {
+ fn I_QueryTagInformation(
+ pszMachineName: LPCWSTR,
+ eInfoLevel: TAG_INFO_LEVEL,
+ pTagInfo: PVOID,
+ ) -> DWORD;
+}}
+FN!{stdcall PQUERY_TAG_INFORMATION(
+ pszMachineName: LPCWSTR,
+ eInfoLevel: TAG_INFO_LEVEL,
+ pTagInfo: PVOID,
+) -> DWORD}
diff --git a/vendor/ntapi/src/winapi_local.rs b/vendor/ntapi/src/winapi_local.rs
new file mode 100644
index 000000000..2aa6fdd1e
--- /dev/null
+++ b/vendor/ntapi/src/winapi_local.rs
@@ -0,0 +1 @@
+pub mod um;
diff --git a/vendor/ntapi/src/winapi_local/um.rs b/vendor/ntapi/src/winapi_local/um.rs
new file mode 100644
index 000000000..5f862d511
--- /dev/null
+++ b/vendor/ntapi/src/winapi_local/um.rs
@@ -0,0 +1,2 @@
+pub(crate) mod winioctl;
+pub mod winnt;
diff --git a/vendor/ntapi/src/winapi_local/um/winioctl.rs b/vendor/ntapi/src/winapi_local/um/winioctl.rs
new file mode 100644
index 000000000..da490269a
--- /dev/null
+++ b/vendor/ntapi/src/winapi_local/um/winioctl.rs
@@ -0,0 +1,4 @@
+#[inline]
+pub(crate) const fn CTL_CODE(DeviceType: u32, Function: u32, Method: u32, Access: u32) -> u32 {
+ (DeviceType << 16) | (Access << 14) | (Function << 2) | Method
+}
diff --git a/vendor/ntapi/src/winapi_local/um/winnt.rs b/vendor/ntapi/src/winapi_local/um/winnt.rs
new file mode 100644
index 000000000..5c4f7b2fb
--- /dev/null
+++ b/vendor/ntapi/src/winapi_local/um/winnt.rs
@@ -0,0 +1,86 @@
+#[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
+use core::arch::asm;
+use winapi::shared::basetsd::{DWORD64, SIZE_T, ULONG64};
+use winapi::shared::minwindef::DWORD;
+use winapi::um::winnt::{HANDLE, PVOID};
+#[doc(hidden)]
+#[inline]
+pub const fn UInt32x32To64(a: u32, b: u32) -> u64 {
+ a as u64 * b as u64
+}
+#[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
+IFDEF!{
+use crate::ntpebteb::TEB;
+#[inline]
+#[cfg(target_pointer_width = "64")]
+pub unsafe fn _bittest64(Base: *const i64, Offset: i64) -> u8 {
+ let out: u8;
+ asm!(
+ "bt {1}, {2}",
+ "setb {0}",
+ out(reg_byte) out,
+ in(reg) Base,
+ in(reg) Offset,
+ options(nostack, pure, readonly),
+ );
+ out
+}
+#[inline]
+pub unsafe fn __readfsdword(Offset: DWORD) -> DWORD {
+ let out: u32;
+ asm!(
+ "mov {:e}, fs:[{:e}]",
+ lateout(reg) out,
+ in(reg) Offset,
+ options(nostack, pure, readonly),
+ );
+ out
+}
+#[inline]
+#[cfg(target_pointer_width = "64")]
+pub unsafe fn __readgsqword(Offset: DWORD) -> DWORD64 {
+ let out: u64;
+ asm!(
+ "mov {}, gs:[{:e}]",
+ lateout(reg) out,
+ in(reg) Offset,
+ options(nostack, pure, readonly),
+ );
+ out
+}
+#[inline] #[allow(unused_unsafe)]
+pub unsafe fn NtCurrentTeb() -> *mut TEB {
+ use winapi::um::winnt::NT_TIB;
+ let teb_offset = FIELD_OFFSET!(NT_TIB, _Self) as u32;
+ #[cfg(target_arch = "x86_64")] {
+ __readgsqword(teb_offset) as *mut TEB
+ }
+ #[cfg(target_arch = "x86")] {
+ __readfsdword(teb_offset) as *mut TEB
+ }
+}
+}
+ENUM!{enum MEM_EXTENDED_PARAMETER_TYPE {
+ MemExtendedParameterInvalidType = 0,
+ MemExtendedParameterAddressRequirements = 1,
+ MemExtendedParameterNumaNode = 2,
+ MemExtendedParameterPartitionHandle = 3,
+ MemExtendedParameterMax = 4,
+}}
+pub type PMEM_EXTENDED_PARAMETER_TYPE = *mut MEM_EXTENDED_PARAMETER_TYPE;
+UNION!{union MEM_EXTENDED_PARAMETER_u {
+ ULong64: DWORD64,
+ Pointer: PVOID,
+ Size: SIZE_T,
+ Handle: HANDLE,
+ ULong: DWORD,
+}}
+STRUCT!{struct MEM_EXTENDED_PARAMETER {
+ BitFields: ULONG64,
+ u: MEM_EXTENDED_PARAMETER_u,
+}}
+BITFIELD!{MEM_EXTENDED_PARAMETER BitFields: ULONG64 [
+ Type set_Type[0..8],
+ Reserved set_Reserved[8..64],
+]}
+pub type PMEM_EXTENDED_PARAMETER = *mut MEM_EXTENDED_PARAMETER;
diff --git a/vendor/ntapi/src/winsta.rs b/vendor/ntapi/src/winsta.rs
new file mode 100644
index 000000000..162316d06
--- /dev/null
+++ b/vendor/ntapi/src/winsta.rs
@@ -0,0 +1,848 @@
+use core::ptr::null_mut;
+use crate::ntrtl::RTL_TIME_ZONE_INFORMATION;
+use winapi::shared::basetsd::SIZE_T;
+use winapi::shared::minwindef::{BYTE, DWORD, FILETIME};
+use winapi::shared::ntdef::{
+ BOOLEAN, CHAR, HANDLE, LARGE_INTEGER, LONG, PULONG, PVOID, PWSTR, UCHAR, ULONG, UNICODE_STRING,
+ USHORT, WCHAR,
+};
+use winapi::shared::windef::HWND;
+use winapi::um::winnt::{PSID, STANDARD_RIGHTS_REQUIRED};
+pub const WINSTATION_QUERY: u32 = 0x00000001;
+pub const WINSTATION_SET: u32 = 0x00000002;
+pub const WINSTATION_RESET: u32 = 0x00000004;
+pub const WINSTATION_VIRTUAL: u32 = 0x00000008;
+pub const WINSTATION_SHADOW: u32 = 0x00000010;
+pub const WINSTATION_LOGON: u32 = 0x00000020;
+pub const WINSTATION_LOGOFF: u32 = 0x00000040;
+pub const WINSTATION_MSG: u32 = 0x00000080;
+pub const WINSTATION_CONNECT: u32 = 0x00000100;
+pub const WINSTATION_DISCONNECT: u32 = 0x00000200;
+pub const WINSTATION_GUEST_ACCESS: u32 = WINSTATION_LOGON;
+pub const WINSTATION_CURRENT_GUEST_ACCESS: u32 = WINSTATION_VIRTUAL | WINSTATION_LOGOFF;
+pub const WINSTATION_USER_ACCESS: u32 =
+ WINSTATION_GUEST_ACCESS | WINSTATION_QUERY | WINSTATION_CONNECT;
+pub const WINSTATION_CURRENT_USER_ACCESS: u32 = WINSTATION_SET | WINSTATION_RESET
+ | WINSTATION_VIRTUAL | WINSTATION_LOGOFF | WINSTATION_DISCONNECT;
+pub const WINSTATION_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | WINSTATION_QUERY | WINSTATION_SET
+ | WINSTATION_RESET | WINSTATION_VIRTUAL | WINSTATION_SHADOW | WINSTATION_LOGON | WINSTATION_MSG
+ | WINSTATION_CONNECT | WINSTATION_DISCONNECT;
+pub const WDPREFIX_LENGTH: usize = 12;
+pub const CALLBACK_LENGTH: usize = 50;
+pub const DLLNAME_LENGTH: usize = 32;
+pub const CDNAME_LENGTH: usize = 32;
+pub const WDNAME_LENGTH: usize = 32;
+pub const PDNAME_LENGTH: usize = 32;
+pub const DEVICENAME_LENGTH: usize = 128;
+pub const MODEMNAME_LENGTH: usize = DEVICENAME_LENGTH;
+pub const STACK_ADDRESS_LENGTH: usize = 128;
+pub const MAX_BR_NAME: usize = 65;
+pub const DIRECTORY_LENGTH: usize = 256;
+pub const INITIALPROGRAM_LENGTH: usize = 256;
+pub const USERNAME_LENGTH: usize = 20;
+pub const DOMAIN_LENGTH: usize = 17;
+pub const PASSWORD_LENGTH: usize = 14;
+pub const NASISPECIFICNAME_LENGTH: usize = 14;
+pub const NASIUSERNAME_LENGTH: usize = 47;
+pub const NASIPASSWORD_LENGTH: usize = 24;
+pub const NASISESSIONNAME_LENGTH: usize = 16;
+pub const NASIFILESERVER_LENGTH: usize = 47;
+pub const CLIENTDATANAME_LENGTH: usize = 7;
+pub const CLIENTNAME_LENGTH: usize = 20;
+pub const CLIENTADDRESS_LENGTH: usize = 30;
+pub const IMEFILENAME_LENGTH: usize = 32;
+pub const CLIENTLICENSE_LENGTH: usize = 32;
+pub const CLIENTMODEM_LENGTH: usize = 40;
+pub const CLIENT_PRODUCT_ID_LENGTH: usize = 32;
+pub const MAX_COUNTER_EXTENSIONS: u32 = 2;
+pub const WINSTATIONNAME_LENGTH: usize = 32;
+pub const TERMSRV_TOTAL_SESSIONS: u32 = 1;
+pub const TERMSRV_DISC_SESSIONS: u32 = 2;
+pub const TERMSRV_RECON_SESSIONS: u32 = 3;
+pub const TERMSRV_CURRENT_ACTIVE_SESSIONS: u32 = 4;
+pub const TERMSRV_CURRENT_DISC_SESSIONS: u32 = 5;
+pub const TERMSRV_PENDING_SESSIONS: u32 = 6;
+pub const TERMSRV_SUCC_TOTAL_LOGONS: u32 = 7;
+pub const TERMSRV_SUCC_LOCAL_LOGONS: u32 = 8;
+pub const TERMSRV_SUCC_REMOTE_LOGONS: u32 = 9;
+pub const TERMSRV_SUCC_SESSION0_LOGONS: u32 = 10;
+pub const TERMSRV_CURRENT_TERMINATING_SESSIONS: u32 = 11;
+pub const TERMSRV_CURRENT_LOGGEDON_SESSIONS: u32 = 12;
+pub type PTS_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION;
+pub type TS_TIME_ZONE_INFORMATION = RTL_TIME_ZONE_INFORMATION;
+pub type WINSTATIONNAME = [WCHAR; WINSTATIONNAME_LENGTH + 1];
+STRUCT!{struct VARDATA_WIRE {
+ Size: USHORT,
+ Offset: USHORT,
+}}
+pub type PVARDATA_WIRE = *mut VARDATA_WIRE;
+ENUM!{enum WINSTATIONSTATECLASS {
+ State_Active = 0,
+ State_Connected = 1,
+ State_ConnectQuery = 2,
+ State_Shadow = 3,
+ State_Disconnected = 4,
+ State_Idle = 5,
+ State_Listen = 6,
+ State_Reset = 7,
+ State_Down = 8,
+ State_Init = 9,
+}}
+UNION!{union SESSIONIDW_u {
+ SessionId: ULONG,
+ LogonId: ULONG,
+}}
+STRUCT!{struct SESSIONIDW {
+ u: SESSIONIDW_u,
+ WinStationName: WINSTATIONNAME,
+ State: WINSTATIONSTATECLASS,
+}}
+pub type PSESSIONIDW = *mut SESSIONIDW;
+ENUM!{enum WINSTATIONINFOCLASS {
+ WinStationCreateData = 0,
+ WinStationConfiguration = 1,
+ WinStationPdParams = 2,
+ WinStationWd = 3,
+ WinStationPd = 4,
+ WinStationPrinter = 5,
+ WinStationClient = 6,
+ WinStationModules = 7,
+ WinStationInformation = 8,
+ WinStationTrace = 9,
+ WinStationBeep = 10,
+ WinStationEncryptionOff = 11,
+ WinStationEncryptionPerm = 12,
+ WinStationNtSecurity = 13,
+ WinStationUserToken = 14,
+ WinStationUnused1 = 15,
+ WinStationVideoData = 16,
+ WinStationInitialProgram = 17,
+ WinStationCd = 18,
+ WinStationSystemTrace = 19,
+ WinStationVirtualData = 20,
+ WinStationClientData = 21,
+ WinStationSecureDesktopEnter = 22,
+ WinStationSecureDesktopExit = 23,
+ WinStationLoadBalanceSessionTarget = 24,
+ WinStationLoadIndicator = 25,
+ WinStationShadowInfo = 26,
+ WinStationDigProductId = 27,
+ WinStationLockedState = 28,
+ WinStationRemoteAddress = 29,
+ WinStationIdleTime = 30,
+ WinStationLastReconnectType = 31,
+ WinStationDisallowAutoReconnect = 32,
+ WinStationMprNotifyInfo = 33,
+ WinStationExecSrvSystemPipe = 34,
+ WinStationSmartCardAutoLogon = 35,
+ WinStationIsAdminLoggedOn = 36,
+ WinStationReconnectedFromId = 37,
+ WinStationEffectsPolicy = 38,
+ WinStationType = 39,
+ WinStationInformationEx = 40,
+ WinStationValidationInfo = 41,
+}}
+STRUCT!{struct WINSTATIONCREATE {
+ Bitfields: ULONG,
+ MaxInstanceCount: ULONG,
+}}
+BITFIELD!{WINSTATIONCREATE Bitfields: ULONG [
+ fEnableWinStation set_fEnableWinStation[0..1],
+]}
+pub type PWINSTATIONCREATE = *mut WINSTATIONCREATE;
+STRUCT!{struct WINSTACONFIGWIRE {
+ Comment: [WCHAR; 61],
+ OEMId: [CHAR; 4],
+ UserConfig: VARDATA_WIRE,
+ NewFields: VARDATA_WIRE,
+}}
+pub type PWINSTACONFIGWIRE = *mut WINSTACONFIGWIRE;
+ENUM!{enum CALLBACKCLASS {
+ Callback_Disable = 0,
+ Callback_Roving = 1,
+ Callback_Fixed = 2,
+}}
+ENUM!{enum SHADOWCLASS {
+ Shadow_Disable = 0,
+ Shadow_EnableInputNotify = 1,
+ Shadow_EnableInputNoNotify = 2,
+ Shadow_EnableNoInputNotify = 3,
+ Shadow_EnableNoInputNoNotify = 4,
+}}
+STRUCT!{struct USERCONFIG {
+ Bitfields: ULONG,
+ Bitfields2: ULONG,
+ UserName: [WCHAR; USERNAME_LENGTH + 1],
+ Domain: [WCHAR; DOMAIN_LENGTH + 1],
+ Password: [WCHAR; PASSWORD_LENGTH + 1],
+ WorkDirectory: [WCHAR; DIRECTORY_LENGTH + 1],
+ InitialProgram: [WCHAR; INITIALPROGRAM_LENGTH + 1],
+ CallbackNumber: [WCHAR; CALLBACK_LENGTH + 1],
+ Callback: CALLBACKCLASS,
+ Shadow: SHADOWCLASS,
+ MaxConnectionTime: ULONG,
+ MaxDisconnectionTime: ULONG,
+ MaxIdleTime: ULONG,
+ KeyboardLayout: ULONG,
+ MinEncryptionLevel: BYTE,
+ NWLogonServer: [WCHAR; NASIFILESERVER_LENGTH + 1],
+ PublishedName: [WCHAR; MAX_BR_NAME],
+ WFProfilePath: [WCHAR; DIRECTORY_LENGTH + 1],
+ WFHomeDir: [WCHAR; DIRECTORY_LENGTH + 1],
+ WFHomeDirDrive: [WCHAR; 4],
+}}
+BITFIELD!{USERCONFIG Bitfields: ULONG [
+ fInheritAutoLogon set_fInheritAutoLogon[0..1],
+ fInheritResetBroken set_fInheritResetBroken[1..2],
+ fInheritReconnectSame set_fInheritReconnectSame[2..3],
+ fInheritInitialProgram set_fInheritInitialProgram[3..4],
+ fInheritCallback set_fInheritCallback[4..5],
+ fInheritCallbackNumber set_fInheritCallbackNumber[5..6],
+ fInheritShadow set_fInheritShadow[6..7],
+ fInheritMaxSessionTime set_fInheritMaxSessionTime[7..8],
+ fInheritMaxDisconnectionTime set_fInheritMaxDisconnectionTime[8..9],
+ fInheritMaxIdleTime set_fInheritMaxIdleTime[9..10],
+ fInheritAutoClient set_fInheritAutoClient[10..11],
+ fInheritSecurity set_fInheritSecurity[11..12],
+ fPromptForPassword set_fPromptForPassword[12..13],
+ fResetBroken set_fResetBroken[13..14],
+ fReconnectSame set_fReconnectSame[14..15],
+ fLogonDisabled set_fLogonDisabled[15..16],
+ fWallPaperDisabled set_fWallPaperDisabled[16..17],
+ fAutoClientDrives set_fAutoClientDrives[17..18],
+ fAutoClientLpts set_fAutoClientLpts[18..19],
+ fForceClientLptDef set_fForceClientLptDef[19..20],
+ fRequireEncryption set_fRequireEncryption[20..21],
+ fDisableEncryption set_fDisableEncryption[21..22],
+ fUnused1 set_fUnused1[22..23],
+ fHomeDirectoryMapRoot set_fHomeDirectoryMapRoot[23..24],
+ fUseDefaultGina set_fUseDefaultGina[24..25],
+ fCursorBlinkDisabled set_fCursorBlinkDisabled[25..26],
+ fPublishedApp set_fPublishedApp[26..27],
+ fHideTitleBar set_fHideTitleBar[27..28],
+ fMaximize set_fMaximize[28..29],
+ fDisableCpm set_fDisableCpm[29..30],
+ fDisableCdm set_fDisableCdm[30..31],
+ fDisableCcm set_fDisableCcm[31..32],
+]}
+BITFIELD!{USERCONFIG Bitfields2: ULONG [
+ fDisableLPT set_fDisableLPT[0..1],
+ fDisableClip set_fDisableClip[1..2],
+ fDisableExe set_fDisableExe[2..3],
+ fDisableCam set_fDisableCam[3..4],
+ fDisableAutoReconnect set_fDisableAutoReconnect[4..5],
+ ColorDepth set_ColorDepth[5..6],
+ fInheritColorDepth set_fInheritColorDepth[6..7],
+ fErrorInvalidProfile set_fErrorInvalidProfile[7..8],
+ fPasswordIsScPin set_fPasswordIsScPin[8..9],
+ fDisablePNPRedir set_fDisablePNPRedir[9..10],
+]}
+pub type PUSERCONFIG = *mut USERCONFIG;
+ENUM!{enum SDCLASS {
+ SdNone = 0,
+ SdConsole = 1,
+ SdNetwork = 2,
+ SdAsync = 3,
+ SdOemTransport = 4,
+}}
+pub type DEVICENAME = [WCHAR; DEVICENAME_LENGTH + 1];
+pub type MODEMNAME = [WCHAR; MODEMNAME_LENGTH + 1];
+pub type NASISPECIFICNAME = [WCHAR; NASISPECIFICNAME_LENGTH + 1];
+pub type NASIUSERNAME = [WCHAR; NASIUSERNAME_LENGTH + 1];
+pub type NASIPASSWORD = [WCHAR; NASIPASSWORD_LENGTH + 1];
+pub type NASISESIONNAME = [WCHAR; NASISESSIONNAME_LENGTH + 1];
+pub type NASIFILESERVER = [WCHAR; NASIFILESERVER_LENGTH + 1];
+pub type WDNAME = [WCHAR; WDNAME_LENGTH + 1];
+pub type WDPREFIX = [WCHAR; WDPREFIX_LENGTH + 1];
+pub type CDNAME = [WCHAR; CDNAME_LENGTH + 1];
+pub type DLLNAME = [WCHAR; DLLNAME_LENGTH + 1];
+pub type PDNAME = [WCHAR; PDNAME_LENGTH + 1];
+STRUCT!{struct NETWORKCONFIG {
+ LanAdapter: LONG,
+ NetworkName: DEVICENAME,
+ Flags: ULONG,
+}}
+pub type PNETWORKCONFIG = *mut NETWORKCONFIG;
+ENUM!{enum FLOWCONTROLCLASS {
+ FlowControl_None = 0,
+ FlowControl_Hardware = 1,
+ FlowControl_Software = 2,
+}}
+ENUM!{enum RECEIVEFLOWCONTROLCLASS {
+ ReceiveFlowControl_None = 0,
+ ReceiveFlowControl_RTS = 1,
+ ReceiveFlowControl_DTR = 2,
+}}
+ENUM!{enum TRANSMITFLOWCONTROLCLASS {
+ TransmitFlowControl_None = 0,
+ TransmitFlowControl_CTS = 1,
+ TransmitFlowControl_DSR = 2,
+}}
+ENUM!{enum ASYNCCONNECTCLASS {
+ Connect_CTS = 0,
+ Connect_DSR = 1,
+ Connect_RI = 2,
+ Connect_DCD = 3,
+ Connect_FirstChar = 4,
+ Connect_Perm = 5,
+}}
+STRUCT!{struct FLOWCONTROLCONFIG {
+ Bitfields: ULONG,
+ XonChar: CHAR,
+ XoffChar: CHAR,
+ Type: FLOWCONTROLCLASS,
+ HardwareReceive: RECEIVEFLOWCONTROLCLASS,
+ HardwareTransmit: TRANSMITFLOWCONTROLCLASS,
+}}
+BITFIELD!{FLOWCONTROLCONFIG Bitfields: ULONG [
+ fEnableSoftwareTx set_fEnableSoftwareTx[0..1],
+ fEnableSoftwareRx set_fEnableSoftwareRx[1..2],
+ fEnableDTR set_fEnableDTR[2..3],
+ fEnableRTS set_fEnableRTS[3..4],
+]}
+pub type PFLOWCONTROLCONFIG = *mut FLOWCONTROLCONFIG;
+STRUCT!{struct CONNECTCONFIG {
+ Type: ASYNCCONNECTCLASS,
+ Bitfields: ULONG,
+}}
+BITFIELD!{CONNECTCONFIG Bitfields: ULONG [
+ fEnableBreakDisconnect set_fEnableBreakDisconnect[0..1],
+]}
+pub type PCONNECTCONFIG = *mut CONNECTCONFIG;
+STRUCT!{struct ASYNCCONFIG {
+ DeviceName: DEVICENAME,
+ ModemName: MODEMNAME,
+ BaudRate: ULONG,
+ Parity: ULONG,
+ StopBits: ULONG,
+ ByteSize: ULONG,
+ Bitfields: ULONG,
+ FlowControl: FLOWCONTROLCONFIG,
+ Connect: CONNECTCONFIG,
+}}
+BITFIELD!{ASYNCCONFIG Bitfields: ULONG [
+ fEnableDsrSensitivity set_fEnableDsrSensitivity[0..1],
+ fConnectionDriver set_fConnectionDriver[1..2],
+]}
+pub type PASYNCCONFIG = *mut ASYNCCONFIG;
+STRUCT!{struct NASICONFIG {
+ SpecificName: NASISPECIFICNAME,
+ UserName: NASIUSERNAME,
+ PassWord: NASIPASSWORD,
+ SessionName: NASISESIONNAME,
+ FileServer: NASIFILESERVER,
+ GlobalSession: BOOLEAN,
+}}
+pub type PNASICONFIG = *mut NASICONFIG;
+STRUCT!{struct OEMTDCONFIG {
+ Adapter: LONG,
+ DeviceName: DEVICENAME,
+ Flags: ULONG,
+}}
+pub type POEMTDCONFIG = *mut OEMTDCONFIG;
+UNION!{union PDPARAMS_u {
+ Network: NETWORKCONFIG,
+ Async: ASYNCCONFIG,
+ Nasi: NASICONFIG,
+ OemTd: OEMTDCONFIG,
+}}
+STRUCT!{struct PDPARAMS {
+ SdClass: SDCLASS,
+ u: PDPARAMS_u,
+}}
+pub type PPDPARAMS = *mut PDPARAMS;
+STRUCT!{struct WDCONFIG {
+ WdName: WDNAME,
+ WdDLL: DLLNAME,
+ WsxDLL: DLLNAME,
+ WdFlag: ULONG,
+ WdInputBufferLength: ULONG,
+ CfgDLL: DLLNAME,
+ WdPrefix: WDPREFIX,
+}}
+pub type PWDCONFIG = *mut WDCONFIG;
+STRUCT!{struct PDCONFIG2 {
+ PdName: PDNAME,
+ SdClass: SDCLASS,
+ PdDLL: DLLNAME,
+ PdFlag: ULONG,
+ OutBufLength: ULONG,
+ OutBufCount: ULONG,
+ OutBufDelay: ULONG,
+ InteractiveDelay: ULONG,
+ PortNumber: ULONG,
+ KeepAliveTimeout: ULONG,
+}}
+pub type PPDCONFIG2 = *mut PDCONFIG2;
+STRUCT!{struct WINSTATIONCLIENT {
+ Bitfields: ULONG,
+ ClientName: [WCHAR; CLIENTNAME_LENGTH + 1],
+ Domain: [WCHAR; DOMAIN_LENGTH + 1],
+ UserName: [WCHAR; USERNAME_LENGTH + 1],
+ Password: [WCHAR; PASSWORD_LENGTH + 1],
+ WorkDirectory: [WCHAR; DIRECTORY_LENGTH + 1],
+ InitialProgram: [WCHAR; INITIALPROGRAM_LENGTH + 1],
+ SerialNumber: ULONG,
+ EncryptionLevel: BYTE,
+ ClientAddressFamily: ULONG,
+ ClientAddress: [WCHAR; CLIENTADDRESS_LENGTH + 1],
+ HRes: USHORT,
+ VRes: USHORT,
+ ColorDepth: USHORT,
+ ProtocolType: USHORT,
+ KeyboardLayout: ULONG,
+ KeyboardType: ULONG,
+ KeyboardSubType: ULONG,
+ KeyboardFunctionKey: ULONG,
+ ImeFileName: [WCHAR; IMEFILENAME_LENGTH + 1],
+ ClientDirectory: [WCHAR; DIRECTORY_LENGTH + 1],
+ ClientLicense: [WCHAR; CLIENTLICENSE_LENGTH + 1],
+ ClientModem: [WCHAR; CLIENTMODEM_LENGTH + 1],
+ ClientBuildNumber: ULONG,
+ ClientHardwareId: ULONG,
+ ClientProductId: USHORT,
+ OutBufCountHost: USHORT,
+ OutBufCountClient: USHORT,
+ OutBufLength: USHORT,
+ AudioDriverName: [WCHAR; 9],
+ ClientTimeZone: TS_TIME_ZONE_INFORMATION,
+ ClientSessionId: ULONG,
+ ClientDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH],
+ PerformanceFlags: ULONG,
+ ActiveInputLocale: ULONG,
+}}
+BITFIELD!{WINSTATIONCLIENT Bitfields: ULONG [
+ fTextOnly set_fTextOnly[0..1],
+ fDisableCtrlAltDel set_fDisableCtrlAltDel[1..2],
+ fMouse set_fMouse[2..3],
+ fDoubleClickDetect set_fDoubleClickDetect[3..4],
+ fINetClient set_fINetClient[4..5],
+ fPromptForPassword set_fPromptForPassword[5..6],
+ fMaximizeShell set_fMaximizeShell[6..7],
+ fEnableWindowsKey set_fEnableWindowsKey[7..8],
+ fRemoteConsoleAudio set_fRemoteConsoleAudio[8..9],
+ fPasswordIsScPin set_fPasswordIsScPin[9..10],
+ fNoAudioPlayback set_fNoAudioPlayback[10..11],
+ fUsingSavedCreds set_fUsingSavedCreds[11..12],
+]}
+pub type PWINSTATIONCLIENT = *mut WINSTATIONCLIENT;
+STRUCT!{struct TSHARE_COUNTERS {
+ Reserved: ULONG,
+}}
+pub type PTSHARE_COUNTERS = *mut TSHARE_COUNTERS;
+UNION!{union PROTOCOLCOUNTERS_Specific {
+ TShareCounters: TSHARE_COUNTERS,
+ Reserved: [ULONG; 100],
+}}
+STRUCT!{struct PROTOCOLCOUNTERS {
+ WdBytes: ULONG,
+ WdFrames: ULONG,
+ WaitForOutBuf: ULONG,
+ Frames: ULONG,
+ Bytes: ULONG,
+ CompressedBytes: ULONG,
+ CompressFlushes: ULONG,
+ Errors: ULONG,
+ Timeouts: ULONG,
+ AsyncFramingError: ULONG,
+ AsyncOverrunError: ULONG,
+ AsyncOverflowError: ULONG,
+ AsyncParityError: ULONG,
+ TdErrors: ULONG,
+ ProtocolType: USHORT,
+ Length: USHORT,
+ Specific: PROTOCOLCOUNTERS_Specific,
+}}
+pub type PPROTOCOLCOUNTERS = *mut PROTOCOLCOUNTERS;
+STRUCT!{struct THINWIRECACHE {
+ CacheReads: ULONG,
+ CacheHits: ULONG,
+}}
+pub type PTHINWIRECACHE = *mut THINWIRECACHE;
+pub const MAX_THINWIRECACHE: usize = 4;
+STRUCT!{struct RESERVED_CACHE {
+ ThinWireCache: [THINWIRECACHE; MAX_THINWIRECACHE],
+}}
+pub type PRESERVED_CACHE = *mut RESERVED_CACHE;
+STRUCT!{struct TSHARE_CACHE {
+ Reserved: ULONG,
+}}
+pub type PTSHARE_CACHE = *mut TSHARE_CACHE;
+UNION!{union CACHE_STATISTICS_Specific {
+ ReservedCacheStats: RESERVED_CACHE,
+ TShareCacheStats: TSHARE_CACHE,
+ Reserved: [ULONG; 20],
+}}
+STRUCT!{struct CACHE_STATISTICS {
+ ProtocolType: USHORT,
+ Length: USHORT,
+ Specific: CACHE_STATISTICS_Specific,
+}}
+pub type PCACHE_STATISTICS = *mut CACHE_STATISTICS;
+STRUCT!{struct PROTOCOLSTATUS {
+ Output: PROTOCOLCOUNTERS,
+ Input: PROTOCOLCOUNTERS,
+ Cache: CACHE_STATISTICS,
+ AsyncSignal: ULONG,
+ AsyncSignalMask: ULONG,
+}}
+pub type PPROTOCOLSTATUS = *mut PROTOCOLSTATUS;
+STRUCT!{struct WINSTATIONINFORMATION {
+ ConnectState: WINSTATIONSTATECLASS,
+ WinStationName: WINSTATIONNAME,
+ LogonId: ULONG,
+ ConnectTime: LARGE_INTEGER,
+ DisconnectTime: LARGE_INTEGER,
+ LastInputTime: LARGE_INTEGER,
+ LogonTime: LARGE_INTEGER,
+ Status: PROTOCOLSTATUS,
+ Domain: [WCHAR; DOMAIN_LENGTH + 1],
+ UserName: [WCHAR; USERNAME_LENGTH + 1],
+ CurrentTime: LARGE_INTEGER,
+}}
+pub type PWINSTATIONINFORMATION = *mut WINSTATIONINFORMATION;
+STRUCT!{struct WINSTATIONUSERTOKEN {
+ ProcessId: HANDLE,
+ ThreadId: HANDLE,
+ UserToken: HANDLE,
+}}
+pub type PWINSTATIONUSERTOKEN = *mut WINSTATIONUSERTOKEN;
+STRUCT!{struct WINSTATIONVIDEODATA {
+ HResolution: USHORT,
+ VResolution: USHORT,
+ fColorDepth: USHORT,
+}}
+pub type PWINSTATIONVIDEODATA = *mut WINSTATIONVIDEODATA;
+ENUM!{enum CDCLASS {
+ CdNone = 0,
+ CdModem = 1,
+ CdClass_Maximum = 2,
+}}
+STRUCT!{struct CDCONFIG {
+ CdClass: CDCLASS,
+ CdName: CDNAME,
+ CdDLL: DLLNAME,
+ CdFlag: ULONG,
+}}
+pub type PCDCONFIG = *mut CDCONFIG;
+pub type CLIENTDATANAME = [CHAR; CLIENTDATANAME_LENGTH + 1];
+pub type PCLIENTDATANAME = *mut CHAR;
+STRUCT!{struct WINSTATIONCLIENTDATA {
+ DataName: CLIENTDATANAME,
+ fUnicodeData: BOOLEAN,
+}}
+pub type PWINSTATIONCLIENTDATA = *mut WINSTATIONCLIENTDATA;
+ENUM!{enum LOADFACTORTYPE {
+ ErrorConstraint = 0,
+ PagedPoolConstraint = 1,
+ NonPagedPoolConstraint = 2,
+ AvailablePagesConstraint = 3,
+ SystemPtesConstraint = 4,
+ CPUConstraint = 5,
+}}
+STRUCT!{struct WINSTATIONLOADINDICATORDATA {
+ RemainingSessionCapacity: ULONG,
+ LoadFactor: LOADFACTORTYPE,
+ TotalSessions: ULONG,
+ DisconnectedSessions: ULONG,
+ IdleCPU: LARGE_INTEGER,
+ TotalCPU: LARGE_INTEGER,
+ RawSessionCapacity: ULONG,
+ reserved: [ULONG; 9],
+}}
+pub type PWINSTATIONLOADINDICATORDATA = *mut WINSTATIONLOADINDICATORDATA;
+ENUM!{enum SHADOWSTATECLASS {
+ State_NoShadow = 0,
+ State_Shadowing = 1,
+ State_Shadowed = 2,
+}}
+STRUCT!{struct WINSTATIONSHADOW {
+ ShadowState: SHADOWSTATECLASS,
+ ShadowClass: SHADOWCLASS,
+ SessionId: ULONG,
+ ProtocolType: ULONG,
+}}
+pub type PWINSTATIONSHADOW = *mut WINSTATIONSHADOW;
+STRUCT!{struct WINSTATIONPRODID {
+ DigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH],
+ ClientDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH],
+ OuterMostDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH],
+ CurrentSessionId: ULONG,
+ ClientSessionId: ULONG,
+ OuterMostSessionId: ULONG,
+}}
+pub type PWINSTATIONPRODID = *mut WINSTATIONPRODID;
+STRUCT!{struct WINSTATIONREMOTEADDRESS_u_ipv4 {
+ sin_port: USHORT,
+ sin_addr: ULONG,
+ sin_zero: [UCHAR; 8],
+}}
+STRUCT!{struct WINSTATIONREMOTEADDRESS_u_ipv6 {
+ sin6_port: USHORT,
+ sin6_flowinfo: ULONG,
+ sin6_addr: [USHORT; 8],
+ sin6_scope_id: ULONG,
+}}
+UNION!{union WINSTATIONREMOTEADDRESS_u {
+ ipv4: WINSTATIONREMOTEADDRESS_u_ipv4,
+ ipv6: WINSTATIONREMOTEADDRESS_u_ipv6,
+}}
+STRUCT!{struct WINSTATIONREMOTEADDRESS {
+ sin_family: USHORT,
+ u: WINSTATIONREMOTEADDRESS_u,
+}}
+pub type PWINSTATIONREMOTEADDRESS = *mut WINSTATIONREMOTEADDRESS;
+STRUCT!{struct WINSTATIONINFORMATIONEX_LEVEL1 {
+ SessionId: ULONG,
+ SessionState: WINSTATIONSTATECLASS,
+ SessionFlags: LONG,
+ WinStationName: WINSTATIONNAME,
+ UserName: [WCHAR; USERNAME_LENGTH + 1],
+ DomainName: [WCHAR; DOMAIN_LENGTH + 1],
+ LogonTime: LARGE_INTEGER,
+ ConnectTime: LARGE_INTEGER,
+ DisconnectTime: LARGE_INTEGER,
+ LastInputTime: LARGE_INTEGER,
+ CurrentTime: LARGE_INTEGER,
+ ProtocolStatus: PROTOCOLSTATUS,
+}}
+pub type PWINSTATIONINFORMATIONEX_LEVEL1 = *mut WINSTATIONINFORMATIONEX_LEVEL1;
+STRUCT!{struct WINSTATIONINFORMATIONEX_LEVEL2 {
+ SessionId: ULONG,
+ SessionState: WINSTATIONSTATECLASS,
+ SessionFlags: LONG,
+ WinStationName: WINSTATIONNAME,
+ SamCompatibleUserName: [WCHAR; USERNAME_LENGTH + 1],
+ SamCompatibleDomainName: [WCHAR; DOMAIN_LENGTH + 1],
+ LogonTime: LARGE_INTEGER,
+ ConnectTime: LARGE_INTEGER,
+ DisconnectTime: LARGE_INTEGER,
+ LastInputTime: LARGE_INTEGER,
+ CurrentTime: LARGE_INTEGER,
+ ProtocolStatus: PROTOCOLSTATUS,
+ UserName: [WCHAR; 257],
+ DomainName: [WCHAR; 256],
+}}
+pub type PWINSTATIONINFORMATIONEX_LEVEL2 = *mut WINSTATIONINFORMATIONEX_LEVEL2;
+UNION!{union WINSTATIONINFORMATIONEX_LEVEL {
+ WinStationInfoExLevel1: WINSTATIONINFORMATIONEX_LEVEL1,
+ WinStationInfoExLevel2: WINSTATIONINFORMATIONEX_LEVEL2,
+}}
+pub type PWINSTATIONINFORMATIONEX_LEVEL = *mut WINSTATIONINFORMATIONEX_LEVEL;
+STRUCT!{struct WINSTATIONINFORMATIONEX {
+ Level: ULONG,
+ Data: WINSTATIONINFORMATIONEX_LEVEL,
+}}
+pub type PWINSTATIONINFORMATIONEX = *mut WINSTATIONINFORMATIONEX;
+pub const TS_PROCESS_INFO_MAGIC_NT4: u32 = 0x23495452;
+STRUCT!{struct TS_PROCESS_INFORMATION_NT4 {
+ MagicNumber: ULONG,
+ LogonId: ULONG,
+ ProcessSid: PVOID,
+ Pad: ULONG,
+}}
+pub type PTS_PROCESS_INFORMATION_NT4 = *mut TS_PROCESS_INFORMATION_NT4;
+pub const SIZEOF_TS4_SYSTEM_THREAD_INFORMATION: u32 = 64;
+pub const SIZEOF_TS4_SYSTEM_PROCESS_INFORMATION: u32 = 136;
+STRUCT!{struct TS_SYS_PROCESS_INFORMATION {
+ NextEntryOffset: ULONG,
+ NumberOfThreads: ULONG,
+ SpareLi1: LARGE_INTEGER,
+ SpareLi2: LARGE_INTEGER,
+ SpareLi3: LARGE_INTEGER,
+ CreateTime: LARGE_INTEGER,
+ UserTime: LARGE_INTEGER,
+ KernelTime: LARGE_INTEGER,
+ ImageName: UNICODE_STRING,
+ BasePriority: LONG,
+ UniqueProcessId: ULONG,
+ InheritedFromUniqueProcessId: ULONG,
+ HandleCount: ULONG,
+ SessionId: ULONG,
+ SpareUl3: ULONG,
+ PeakVirtualSize: SIZE_T,
+ VirtualSize: SIZE_T,
+ PageFaultCount: ULONG,
+ PeakWorkingSetSize: ULONG,
+ WorkingSetSize: ULONG,
+ QuotaPeakPagedPoolUsage: SIZE_T,
+ QuotaPagedPoolUsage: SIZE_T,
+ QuotaPeakNonPagedPoolUsage: SIZE_T,
+ QuotaNonPagedPoolUsage: SIZE_T,
+ PagefileUsage: SIZE_T,
+ PeakPagefileUsage: SIZE_T,
+ PrivatePageCount: SIZE_T,
+}}
+pub type PTS_SYS_PROCESS_INFORMATION = *mut TS_SYS_PROCESS_INFORMATION;
+STRUCT!{struct TS_ALL_PROCESSES_INFO {
+ pTsProcessInfo: PTS_SYS_PROCESS_INFORMATION,
+ SizeOfSid: ULONG,
+ pSid: PSID,
+}}
+pub type PTS_ALL_PROCESSES_INFO = *mut TS_ALL_PROCESSES_INFO;
+STRUCT!{struct TS_COUNTER_HEADER {
+ dwCounterID: DWORD,
+ bResult: BOOLEAN,
+}}
+pub type PTS_COUNTER_HEADER = *mut TS_COUNTER_HEADER;
+STRUCT!{struct TS_COUNTER {
+ CounterHead: TS_COUNTER_HEADER,
+ dwValue: DWORD,
+ StartTime: LARGE_INTEGER,
+}}
+pub type PTS_COUNTER = *mut TS_COUNTER;
+pub const WSD_LOGOFF: ULONG = 0x1;
+pub const WSD_SHUTDOWN: ULONG = 0x2;
+pub const WSD_REBOOT: ULONG = 0x4;
+pub const WSD_POWEROFF: ULONG = 0x8;
+pub const WEVENT_NONE: ULONG = 0x0;
+pub const WEVENT_CREATE: ULONG = 0x1;
+pub const WEVENT_DELETE: ULONG = 0x2;
+pub const WEVENT_RENAME: ULONG = 0x4;
+pub const WEVENT_CONNECT: ULONG = 0x8;
+pub const WEVENT_DISCONNECT: ULONG = 0x10;
+pub const WEVENT_LOGON: ULONG = 0x20;
+pub const WEVENT_LOGOFF: ULONG = 0x40;
+pub const WEVENT_STATECHANGE: ULONG = 0x80;
+pub const WEVENT_LICENSE: ULONG = 0x100;
+pub const WEVENT_ALL: ULONG = 0x7fffffff;
+pub const WEVENT_FLUSH: ULONG = 0x80000000;
+pub const KBDSHIFT: USHORT = 0x1;
+pub const KBDCTRL: USHORT = 0x2;
+pub const KBDALT: USHORT = 0x4;
+pub const WNOTIFY_ALL_SESSIONS: ULONG = 0x1;
+pub const LOGONID_CURRENT: i32 = -1;
+pub const SERVERNAME_CURRENT: PWSTR = null_mut();
+EXTERN!{extern "system" {
+ fn WinStationFreeMemory(
+ Buffer: PVOID,
+ ) -> BOOLEAN;
+ fn WinStationOpenServerW(
+ ServerName: PWSTR,
+ ) -> HANDLE;
+ fn WinStationCloseServer(
+ ServerHandle: HANDLE,
+ ) -> BOOLEAN;
+ fn WinStationServerPing(
+ ServerHandle: HANDLE,
+ ) -> BOOLEAN;
+ fn WinStationGetTermSrvCountersValue(
+ ServerHandle: HANDLE,
+ Count: ULONG,
+ Counters: PTS_COUNTER,
+ ) -> BOOLEAN;
+ fn WinStationShutdownSystem(
+ ServerHandle: HANDLE,
+ ShutdownFlags: ULONG,
+ ) -> BOOLEAN;
+ fn WinStationWaitSystemEvent(
+ ServerHandle: HANDLE,
+ EventMask: ULONG,
+ EventFlags: PULONG,
+ ) -> BOOLEAN;
+ fn WinStationRegisterConsoleNotification(
+ ServerHandle: HANDLE,
+ WindowHandle: HWND,
+ Flags: ULONG,
+ ) -> BOOLEAN;
+ fn WinStationUnRegisterConsoleNotification(
+ ServerHandle: HANDLE,
+ WindowHandle: HWND,
+ ) -> BOOLEAN;
+ fn WinStationEnumerateW(
+ ServerHandle: HANDLE,
+ SessionIds: *mut PSESSIONIDW,
+ Count: PULONG,
+ ) -> BOOLEAN;
+ fn WinStationQueryInformationW(
+ ServerHandle: HANDLE,
+ SessionId: ULONG,
+ WinStationInformationClass: WINSTATIONINFOCLASS,
+ pWinStationInformation: PVOID,
+ WinStationInformationLength: ULONG,
+ pReturnLength: PULONG,
+ ) -> BOOLEAN;
+ fn WinStationSetInformationW(
+ ServerHandle: HANDLE,
+ SessionId: ULONG,
+ WinStationInformationClass: WINSTATIONINFOCLASS,
+ pWinStationInformation: PVOID,
+ WinStationInformationLength: ULONG,
+ ) -> BOOLEAN;
+ fn WinStationNameFromLogonIdW(
+ ServerHandle: HANDLE,
+ SessionId: ULONG,
+ pWinStationName: PWSTR,
+ ) -> BOOLEAN;
+ fn WinStationSendMessageW(
+ ServerHandle: HANDLE,
+ SessionId: ULONG,
+ Title: PWSTR,
+ TitleLength: ULONG,
+ Message: PWSTR,
+ MessageLength: ULONG,
+ Style: ULONG,
+ Timeout: ULONG,
+ Response: PULONG,
+ DoNotWait: BOOLEAN,
+ ) -> BOOLEAN;
+ fn WinStationConnectW(
+ ServerHandle: HANDLE,
+ SessionId: ULONG,
+ TargetSessionId: ULONG,
+ pPassword: PWSTR,
+ bWait: BOOLEAN,
+ ) -> BOOLEAN;
+ fn WinStationDisconnect(
+ ServerHandle: HANDLE,
+ SessionId: ULONG,
+ bWait: BOOLEAN,
+ ) -> BOOLEAN;
+ fn WinStationReset(
+ ServerHandle: HANDLE,
+ SessionId: ULONG,
+ bWait: BOOLEAN,
+ ) -> BOOLEAN;
+ fn WinStationShadow(
+ ServerHandle: HANDLE,
+ TargetServerName: PWSTR,
+ TargetSessionId: ULONG,
+ HotKeyVk: UCHAR,
+ HotkeyModifiers: USHORT,
+ ) -> BOOLEAN;
+ fn WinStationShadowStop(
+ ServerHandle: HANDLE,
+ SessionId: ULONG,
+ bWait: BOOLEAN,
+ ) -> BOOLEAN;
+ fn WinStationEnumerateProcesses(
+ ServerHandle: HANDLE,
+ Processes: *mut PVOID,
+ ) -> BOOLEAN;
+ fn WinStationGetAllProcesses(
+ ServerHandle: HANDLE,
+ Level: ULONG,
+ NumberOfProcesses: PULONG,
+ Processes: *mut PTS_ALL_PROCESSES_INFO,
+ ) -> BOOLEAN;
+ fn WinStationFreeGAPMemory(
+ Level: ULONG,
+ Processes: PTS_ALL_PROCESSES_INFO,
+ NumberOfProcesses: ULONG,
+ ) -> BOOLEAN;
+ fn WinStationTerminateProcess(
+ ServerHandle: HANDLE,
+ ProcessId: ULONG,
+ ExitCode: ULONG,
+ ) -> BOOLEAN;
+ fn WinStationGetProcessSid(
+ ServerHandle: HANDLE,
+ ProcessId: ULONG,
+ ProcessStartTime: FILETIME,
+ pProcessUserSid: PVOID,
+ dwSidSize: PULONG,
+ ) -> BOOLEAN;
+ fn WinStationSwitchToServicesSession() -> BOOLEAN;
+ fn WinStationRevertFromServicesSession() -> BOOLEAN;
+ fn _WinStationWaitForConnect() -> BOOLEAN;
+}}