summaryrefslogtreecommitdiffstats
path: root/vendor/ntapi/src/ntpsapi.rs
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/ntapi/src/ntpsapi.rs')
-rw-r--r--vendor/ntapi/src/ntpsapi.rs1471
1 files changed, 1471 insertions, 0 deletions
diff --git a/vendor/ntapi/src/ntpsapi.rs b/vendor/ntapi/src/ntpsapi.rs
new file mode 100644
index 000000000..b2ba28afe
--- /dev/null
+++ b/vendor/ntapi/src/ntpsapi.rs
@@ -0,0 +1,1471 @@
+use crate::ntapi_base::{CLIENT_ID, KPRIORITY, PCLIENT_ID};
+use crate::ntexapi::{PROCESS_DISK_COUNTERS, PROCESS_ENERGY_VALUES};
+use crate::ntpebteb::{PPEB, PTEB};
+use winapi::ctypes::c_void;
+use winapi::shared::basetsd::{PSIZE_T, SIZE_T, ULONG64, ULONG_PTR};
+use winapi::shared::ntdef::{
+ BOOLEAN, HANDLE, LARGE_INTEGER, LIST_ENTRY, LONG, LONGLONG, NTSTATUS, NT_PRODUCT_TYPE,
+ PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PROCESSOR_NUMBER, PSINGLE_LIST_ENTRY, PULONG,
+ PVOID, SINGLE_LIST_ENTRY, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, WCHAR,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, CONTEXT, HARDWARE_COUNTER_TYPE, IO_COUNTERS, JOBOBJECTINFOCLASS,
+ JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, LDT_ENTRY, MAX_HW_COUNTERS, PCONTEXT, PJOB_SET_ARRAY,
+ PROCESS_MITIGATION_ASLR_POLICY, PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY,
+ PROCESS_MITIGATION_CHILD_PROCESS_POLICY, PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY,
+ PROCESS_MITIGATION_DYNAMIC_CODE_POLICY, PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY,
+ PROCESS_MITIGATION_FONT_DISABLE_POLICY, PROCESS_MITIGATION_IMAGE_LOAD_POLICY,
+ PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY, PROCESS_MITIGATION_POLICY,
+ PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY,
+ PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY, PSECURITY_QUALITY_OF_SERVICE,
+};
+#[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
+use crate::winapi_local::um::winnt::NtCurrentTeb;
+pub const GDI_HANDLE_BUFFER_SIZE32: usize = 34;
+pub const GDI_HANDLE_BUFFER_SIZE64: usize = 60;
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+pub const GDI_HANDLE_BUFFER_SIZE: usize = GDI_HANDLE_BUFFER_SIZE64;
+#[cfg(target_arch = "x86")]
+pub const GDI_HANDLE_BUFFER_SIZE: usize = GDI_HANDLE_BUFFER_SIZE32;
+pub type GDI_HANDLE_BUFFER = [ULONG; GDI_HANDLE_BUFFER_SIZE];
+pub type GDI_HANDLE_BUFFER32 = [ULONG; GDI_HANDLE_BUFFER_SIZE32];
+pub type GDI_HANDLE_BUFFER64 = [ULONG; GDI_HANDLE_BUFFER_SIZE];
+pub const TLS_EXPANSION_SLOTS: usize = 1024;
+STRUCT!{struct PEB_LDR_DATA {
+ Length: ULONG,
+ Initialized: BOOLEAN,
+ SsHandle: HANDLE,
+ InLoadOrderModuleList: LIST_ENTRY,
+ InMemoryOrderModuleList: LIST_ENTRY,
+ InInitializationOrderModuleList: LIST_ENTRY,
+ EntryInProgress: PVOID,
+ ShutdownInProgress: BOOLEAN,
+ ShutdownThreadId: HANDLE,
+}}
+pub type PPEB_LDR_DATA = *mut PEB_LDR_DATA;
+STRUCT!{struct INITIAL_TEB_OldInitialTeb {
+ OldStackBase: PVOID,
+ OldStackLimit: PVOID,
+}}
+STRUCT!{struct INITIAL_TEB {
+ OldInitialTeb: INITIAL_TEB_OldInitialTeb,
+ StackBase: PVOID,
+ StackLimit: PVOID,
+ StackAllocationBase: PVOID,
+}}
+pub type PINITIAL_TEB = *mut INITIAL_TEB;
+STRUCT!{struct WOW64_PROCESS {
+ Wow64: PVOID,
+}}
+pub type PWOW64_PROCESS = *mut WOW64_PROCESS;
+ENUM!{enum PROCESSINFOCLASS {
+ ProcessBasicInformation = 0,
+ ProcessQuotaLimits = 1,
+ ProcessIoCounters = 2,
+ ProcessVmCounters = 3,
+ ProcessTimes = 4,
+ ProcessBasePriority = 5,
+ ProcessRaisePriority = 6,
+ ProcessDebugPort = 7,
+ ProcessExceptionPort = 8,
+ ProcessAccessToken = 9,
+ ProcessLdtInformation = 10,
+ ProcessLdtSize = 11,
+ ProcessDefaultHardErrorMode = 12,
+ ProcessIoPortHandlers = 13,
+ ProcessPooledUsageAndLimits = 14,
+ ProcessWorkingSetWatch = 15,
+ ProcessUserModeIOPL = 16,
+ ProcessEnableAlignmentFaultFixup = 17,
+ ProcessPriorityClass = 18,
+ ProcessWx86Information = 19,
+ ProcessHandleCount = 20,
+ ProcessAffinityMask = 21,
+ ProcessPriorityBoost = 22,
+ ProcessDeviceMap = 23,
+ ProcessSessionInformation = 24,
+ ProcessForegroundInformation = 25,
+ ProcessWow64Information = 26,
+ ProcessImageFileName = 27,
+ ProcessLUIDDeviceMapsEnabled = 28,
+ ProcessBreakOnTermination = 29,
+ ProcessDebugObjectHandle = 30,
+ ProcessDebugFlags = 31,
+ ProcessHandleTracing = 32,
+ ProcessIoPriority = 33,
+ ProcessExecuteFlags = 34,
+ ProcessResourceManagement = 35,
+ ProcessCookie = 36,
+ ProcessImageInformation = 37,
+ ProcessCycleTime = 38,
+ ProcessPagePriority = 39,
+ ProcessInstrumentationCallback = 40,
+ ProcessThreadStackAllocation = 41,
+ ProcessWorkingSetWatchEx = 42,
+ ProcessImageFileNameWin32 = 43,
+ ProcessImageFileMapping = 44,
+ ProcessAffinityUpdateMode = 45,
+ ProcessMemoryAllocationMode = 46,
+ ProcessGroupInformation = 47,
+ ProcessTokenVirtualizationEnabled = 48,
+ ProcessConsoleHostProcess = 49,
+ ProcessWindowInformation = 50,
+ ProcessHandleInformation = 51,
+ ProcessMitigationPolicy = 52,
+ ProcessDynamicFunctionTableInformation = 53,
+ ProcessHandleCheckingMode = 54,
+ ProcessKeepAliveCount = 55,
+ ProcessRevokeFileHandles = 56,
+ ProcessWorkingSetControl = 57,
+ ProcessHandleTable = 58,
+ ProcessCheckStackExtentsMode = 59,
+ ProcessCommandLineInformation = 60,
+ ProcessProtectionInformation = 61,
+ ProcessMemoryExhaustion = 62,
+ ProcessFaultInformation = 63,
+ ProcessTelemetryIdInformation = 64,
+ ProcessCommitReleaseInformation = 65,
+ ProcessDefaultCpuSetsInformation = 66,
+ ProcessAllowedCpuSetsInformation = 67,
+ ProcessSubsystemProcess = 68,
+ ProcessJobMemoryInformation = 69,
+ ProcessInPrivate = 70,
+ ProcessRaiseUMExceptionOnInvalidHandleClose = 71,
+ ProcessIumChallengeResponse = 72,
+ ProcessChildProcessInformation = 73,
+ ProcessHighGraphicsPriorityInformation = 74,
+ ProcessSubsystemInformation = 75,
+ ProcessEnergyValues = 76,
+ ProcessActivityThrottleState = 77,
+ ProcessActivityThrottlePolicy = 78,
+ ProcessWin32kSyscallFilterInformation = 79,
+ ProcessDisableSystemAllowedCpuSets = 80,
+ ProcessWakeInformation = 81,
+ ProcessEnergyTrackingState = 82,
+ ProcessManageWritesToExecutableMemory = 83,
+ ProcessCaptureTrustletLiveDump = 84,
+ ProcessTelemetryCoverage = 85,
+ ProcessEnclaveInformation = 86,
+ ProcessEnableReadWriteVmLogging = 87,
+ ProcessUptimeInformation = 88,
+ ProcessImageSection = 89,
+ ProcessDebugAuthInformation = 90,
+ ProcessSystemResourceManagement = 91,
+ ProcessSequenceNumber = 92,
+ ProcessLoaderDetour = 93,
+ ProcessSecurityDomainInformation = 94,
+ ProcessCombineSecurityDomainsInformation = 95,
+ ProcessEnableLogging = 96,
+ ProcessLeapSecondInformation = 97,
+ MaxProcessInfoClass = 98,
+}}
+ENUM!{enum THREADINFOCLASS {
+ ThreadBasicInformation = 0,
+ ThreadTimes = 1,
+ ThreadPriority = 2,
+ ThreadBasePriority = 3,
+ ThreadAffinityMask = 4,
+ ThreadImpersonationToken = 5,
+ ThreadDescriptorTableEntry = 6,
+ ThreadEnableAlignmentFaultFixup = 7,
+ ThreadEventPair = 8,
+ ThreadQuerySetWin32StartAddress = 9,
+ ThreadZeroTlsCell = 10,
+ ThreadPerformanceCount = 11,
+ ThreadAmILastThread = 12,
+ ThreadIdealProcessor = 13,
+ ThreadPriorityBoost = 14,
+ ThreadSetTlsArrayAddress = 15,
+ ThreadIsIoPending = 16,
+ ThreadHideFromDebugger = 17,
+ ThreadBreakOnTermination = 18,
+ ThreadSwitchLegacyState = 19,
+ ThreadIsTerminated = 20,
+ ThreadLastSystemCall = 21,
+ ThreadIoPriority = 22,
+ ThreadCycleTime = 23,
+ ThreadPagePriority = 24,
+ ThreadActualBasePriority = 25,
+ ThreadTebInformation = 26,
+ ThreadCSwitchMon = 27,
+ ThreadCSwitchPmu = 28,
+ ThreadWow64Context = 29,
+ ThreadGroupInformation = 30,
+ ThreadUmsInformation = 31,
+ ThreadCounterProfiling = 32,
+ ThreadIdealProcessorEx = 33,
+ ThreadCpuAccountingInformation = 34,
+ ThreadSuspendCount = 35,
+ ThreadHeterogeneousCpuPolicy = 36,
+ ThreadContainerId = 37,
+ ThreadNameInformation = 38,
+ ThreadSelectedCpuSets = 39,
+ ThreadSystemThreadInformation = 40,
+ ThreadActualGroupAffinity = 41,
+ ThreadDynamicCodePolicyInfo = 42,
+ ThreadExplicitCaseSensitivity = 43,
+ ThreadWorkOnBehalfTicket = 44,
+ ThreadSubsystemInformation = 45,
+ ThreadDbgkWerReportActive = 46,
+ ThreadAttachContainer = 47,
+ ThreadManageWritesToExecutableMemory = 48,
+ ThreadPowerThrottlingState = 49,
+ ThreadWorkloadClass = 50,
+ MaxThreadInfoClass = 51,
+}}
+STRUCT!{struct PAGE_PRIORITY_INFORMATION {
+ PagePriority: ULONG,
+}}
+pub type PPAGE_PRIORITY_INFORMATION = *mut PAGE_PRIORITY_INFORMATION;
+STRUCT!{struct PROCESS_BASIC_INFORMATION {
+ ExitStatus: NTSTATUS,
+ PebBaseAddress: PPEB,
+ AffinityMask: ULONG_PTR,
+ BasePriority: KPRIORITY,
+ UniqueProcessId: HANDLE,
+ InheritedFromUniqueProcessId: HANDLE,
+}}
+pub type PPROCESS_BASIC_INFORMATION = *mut PROCESS_BASIC_INFORMATION;
+STRUCT!{struct PROCESS_EXTENDED_BASIC_INFORMATION {
+ Size: SIZE_T,
+ BasicInfo: PROCESS_BASIC_INFORMATION,
+ Flags: ULONG,
+}}
+BITFIELD!{PROCESS_EXTENDED_BASIC_INFORMATION Flags: ULONG [
+ IsProtectedProcess set_IsProtectedProcess[0..1],
+ IsWow64Process set_IsWow64Process[1..2],
+ IsProcessDeleting set_IsProcessDeleting[2..3],
+ IsCrossSessionCreate set_IsCrossSessionCreate[3..4],
+ IsFrozen set_IsFrozen[4..5],
+ IsBackground set_IsBackground[5..6],
+ IsStronglyNamed set_IsStronglyNamed[6..7],
+ IsSecureProcess set_IsSecureProcess[7..8],
+ IsSubsystemProcess set_IsSubsystemProcess[8..9],
+ SpareBits set_SpareBits[9..32],
+]}
+pub type PPROCESS_EXTENDED_BASIC_INFORMATION = *mut PROCESS_EXTENDED_BASIC_INFORMATION;
+STRUCT!{struct VM_COUNTERS {
+ PeakVirtualSize: SIZE_T,
+ VirtualSize: SIZE_T,
+ PageFaultCount: ULONG,
+ PeakWorkingSetSize: SIZE_T,
+ WorkingSetSize: SIZE_T,
+ QuotaPeakPagedPoolUsage: SIZE_T,
+ QuotaPagedPoolUsage: SIZE_T,
+ QuotaPeakNonPagedPoolUsage: SIZE_T,
+ QuotaNonPagedPoolUsage: SIZE_T,
+ PagefileUsage: SIZE_T,
+ PeakPagefileUsage: SIZE_T,
+}}
+pub type PVM_COUNTERS = *mut VM_COUNTERS;
+STRUCT!{struct VM_COUNTERS_EX {
+ PeakVirtualSize: SIZE_T,
+ VirtualSize: SIZE_T,
+ PageFaultCount: ULONG,
+ PeakWorkingSetSize: SIZE_T,
+ WorkingSetSize: SIZE_T,
+ QuotaPeakPagedPoolUsage: SIZE_T,
+ QuotaPagedPoolUsage: SIZE_T,
+ QuotaPeakNonPagedPoolUsage: SIZE_T,
+ QuotaNonPagedPoolUsage: SIZE_T,
+ PagefileUsage: SIZE_T,
+ PeakPagefileUsage: SIZE_T,
+ PrivateUsage: SIZE_T,
+}}
+pub type PVM_COUNTERS_EX = *mut VM_COUNTERS_EX;
+STRUCT!{struct VM_COUNTERS_EX2 {
+ CountersEx: VM_COUNTERS_EX,
+ PrivateWorkingSetSize: SIZE_T,
+ SharedCommitUsage: SIZE_T,
+}}
+pub type PVM_COUNTERS_EX2 = *mut VM_COUNTERS_EX2;
+STRUCT!{struct KERNEL_USER_TIMES {
+ CreateTime: LARGE_INTEGER,
+ ExitTime: LARGE_INTEGER,
+ KernelTime: LARGE_INTEGER,
+ UserTime: LARGE_INTEGER,
+}}
+pub type PKERNEL_USER_TIMES = *mut KERNEL_USER_TIMES;
+STRUCT!{struct POOLED_USAGE_AND_LIMITS {
+ PeakPagedPoolUsage: SIZE_T,
+ PagedPoolUsage: SIZE_T,
+ PagedPoolLimit: SIZE_T,
+ PeakNonPagedPoolUsage: SIZE_T,
+ NonPagedPoolUsage: SIZE_T,
+ NonPagedPoolLimit: SIZE_T,
+ PeakPagefileUsage: SIZE_T,
+ PagefileUsage: SIZE_T,
+ PagefileLimit: SIZE_T,
+}}
+pub type PPOOLED_USAGE_AND_LIMITS = *mut POOLED_USAGE_AND_LIMITS;
+pub const PROCESS_EXCEPTION_PORT_ALL_STATE_BITS: ULONG_PTR = 0x00000003;
+pub const PROCESS_EXCEPTION_PORT_ALL_STATE_FLAGS: ULONG_PTR =
+ (1 << PROCESS_EXCEPTION_PORT_ALL_STATE_BITS) - 1;
+STRUCT!{struct PROCESS_EXCEPTION_PORT {
+ ExceptionPortHandle: HANDLE,
+ StateFlags: ULONG,
+}}
+pub type PPROCESS_EXCEPTION_PORT = *mut PROCESS_EXCEPTION_PORT;
+STRUCT!{struct PROCESS_ACCESS_TOKEN {
+ Token: HANDLE,
+ Thread: HANDLE,
+}}
+pub type PPROCESS_ACCESS_TOKEN = *mut PROCESS_ACCESS_TOKEN;
+STRUCT!{struct PROCESS_LDT_INFORMATION {
+ Start: ULONG,
+ Length: ULONG,
+ LdtEntries: [LDT_ENTRY; 1],
+}}
+pub type PPROCESS_LDT_INFORMATION = *mut PROCESS_LDT_INFORMATION;
+STRUCT!{struct PROCESS_LDT_SIZE {
+ Length: ULONG,
+}}
+pub type PPROCESS_LDT_SIZE = *mut PROCESS_LDT_SIZE;
+STRUCT!{struct PROCESS_WS_WATCH_INFORMATION {
+ FaultingPc: PVOID,
+ FaultingVa: PVOID,
+}}
+pub type PPROCESS_WS_WATCH_INFORMATION = *mut PROCESS_WS_WATCH_INFORMATION;
+STRUCT!{struct PROCESS_WS_WATCH_INFORMATION_EX {
+ BasicInfo: PROCESS_WS_WATCH_INFORMATION,
+ FaultingThreadId: ULONG_PTR,
+ Flags: ULONG_PTR,
+}}
+pub type PPROCESS_WS_WATCH_INFORMATION_EX = *mut PROCESS_WS_WATCH_INFORMATION_EX;
+pub const PROCESS_PRIORITY_CLASS_UNKNOWN: u32 = 0;
+pub const PROCESS_PRIORITY_CLASS_IDLE: u32 = 1;
+pub const PROCESS_PRIORITY_CLASS_NORMAL: u32 = 2;
+pub const PROCESS_PRIORITY_CLASS_HIGH: u32 = 3;
+pub const PROCESS_PRIORITY_CLASS_REALTIME: u32 = 4;
+pub const PROCESS_PRIORITY_CLASS_BELOW_NORMAL: u32 = 5;
+pub const PROCESS_PRIORITY_CLASS_ABOVE_NORMAL: u32 = 6;
+STRUCT!{struct PROCESS_PRIORITY_CLASS {
+ Foreground: BOOLEAN,
+ PriorityClass: UCHAR,
+}}
+pub type PPROCESS_PRIORITY_CLASS = *mut PROCESS_PRIORITY_CLASS;
+STRUCT!{struct PROCESS_FOREGROUND_BACKGROUND {
+ Foreground: BOOLEAN,
+}}
+pub type PPROCESS_FOREGROUND_BACKGROUND = *mut PROCESS_FOREGROUND_BACKGROUND;
+STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_Set {
+ DirectoryHandle: HANDLE,
+}}
+STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_Query {
+ DriveMap: ULONG,
+ DriveType: [UCHAR; 32],
+}}
+UNION!{union PROCESS_DEVICEMAP_INFORMATION {
+ Set: PROCESS_DEVICEMAP_INFORMATION_Set,
+ Query: PROCESS_DEVICEMAP_INFORMATION_Query,
+}}
+pub type PPROCESS_DEVICEMAP_INFORMATION = *mut PROCESS_DEVICEMAP_INFORMATION;
+pub const PROCESS_LUID_DOSDEVICES_ONLY: ULONG = 0x00000001;
+STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX_u_Set {
+ DirectoryHandle: HANDLE,
+}}
+STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX_u_Query {
+ DriveMap: ULONG,
+ DriveType: [UCHAR; 32],
+}}
+UNION!{union PROCESS_DEVICEMAP_INFORMATION_EX_u {
+ Set: PROCESS_DEVICEMAP_INFORMATION_EX_u_Set,
+ Query: PROCESS_DEVICEMAP_INFORMATION_EX_u_Query,
+}}
+STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX {
+ u: PROCESS_DEVICEMAP_INFORMATION_EX_u,
+ Flags: ULONG,
+}}
+pub type PPROCESS_DEVICEMAP_INFORMATION_EX = *mut PROCESS_DEVICEMAP_INFORMATION_EX;
+STRUCT!{struct PROCESS_SESSION_INFORMATION {
+ SessionId: ULONG,
+}}
+pub type PPROCESS_SESSION_INFORMATION = *mut PROCESS_SESSION_INFORMATION;
+pub const PROCESS_HANDLE_EXCEPTIONS_ENABLED: ULONG = 0x00000001;
+pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_DISABLED: ULONG = 0x00000000;
+pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_ENABLED: ULONG = 0x00000001;
+STRUCT!{struct PROCESS_HANDLE_TRACING_ENABLE {
+ Flags: ULONG,
+}}
+pub type PPROCESS_HANDLE_TRACING_ENABLE = *mut PROCESS_HANDLE_TRACING_ENABLE;
+pub const PROCESS_HANDLE_TRACING_MAX_SLOTS: ULONG = 0x20000;
+STRUCT!{struct PROCESS_HANDLE_TRACING_ENABLE_EX {
+ Flags: ULONG,
+ TotalSlots: ULONG,
+}}
+pub type PPROCESS_HANDLE_TRACING_ENABLE_EX = *mut PROCESS_HANDLE_TRACING_ENABLE_EX;
+pub const PROCESS_HANDLE_TRACING_MAX_STACKS: usize = 16;
+pub const PROCESS_HANDLE_TRACE_TYPE_OPEN: ULONG = 1;
+pub const PROCESS_HANDLE_TRACE_TYPE_CLOSE: ULONG = 2;
+pub const PROCESS_HANDLE_TRACE_TYPE_BADREF: ULONG = 3;
+STRUCT!{struct PROCESS_HANDLE_TRACING_ENTRY {
+ Handle: HANDLE,
+ ClientId: CLIENT_ID,
+ Type: ULONG,
+ Stacks: [PVOID; PROCESS_HANDLE_TRACING_MAX_STACKS],
+}}
+pub type PPROCESS_HANDLE_TRACING_ENTRY = *mut PROCESS_HANDLE_TRACING_ENTRY;
+STRUCT!{struct PROCESS_HANDLE_TRACING_QUERY {
+ Handle: HANDLE,
+ TotalTraces: ULONG,
+ HandleTrace: [PROCESS_HANDLE_TRACING_ENTRY; 1],
+}}
+pub type PPROCESS_HANDLE_TRACING_QUERY = *mut PROCESS_HANDLE_TRACING_QUERY;
+STRUCT!{struct THREAD_TLS_INFORMATION {
+ Flags: ULONG,
+ NewTlsData: PVOID,
+ OldTlsData: PVOID,
+ ThreadId: HANDLE,
+}}
+pub type PTHREAD_TLS_INFORMATION = *mut THREAD_TLS_INFORMATION;
+ENUM!{enum PROCESS_TLS_INFORMATION_TYPE {
+ ProcessTlsReplaceIndex = 0,
+ ProcessTlsReplaceVector = 1,
+ MaxProcessTlsOperation = 2,
+}}
+pub type PPROCESS_TLS_INFORMATION_TYPE = *mut PROCESS_TLS_INFORMATION_TYPE;
+STRUCT!{struct PROCESS_TLS_INFORMATION {
+ Flags: ULONG,
+ OperationType: ULONG,
+ ThreadDataCount: ULONG,
+ TlsIndex: ULONG,
+ PreviousCount: ULONG,
+ ThreadData: [THREAD_TLS_INFORMATION; 1],
+}}
+pub type PPROCESS_TLS_INFORMATION = *mut PROCESS_TLS_INFORMATION;
+STRUCT!{struct PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION {
+ Version: ULONG,
+ Reserved: ULONG,
+ Callback: PVOID,
+}}
+pub type PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION =
+ *mut PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION;
+STRUCT!{struct PROCESS_STACK_ALLOCATION_INFORMATION {
+ ReserveSize: SIZE_T,
+ ZeroBits: SIZE_T,
+ StackBase: PVOID,
+}}
+pub type PPROCESS_STACK_ALLOCATION_INFORMATION = *mut PROCESS_STACK_ALLOCATION_INFORMATION;
+STRUCT!{struct PROCESS_STACK_ALLOCATION_INFORMATION_EX {
+ PreferredNode: ULONG,
+ Reserved0: ULONG,
+ Reserved1: ULONG,
+ Reserved2: ULONG,
+ AllocInfo: PROCESS_STACK_ALLOCATION_INFORMATION,
+}}
+pub type PPROCESS_STACK_ALLOCATION_INFORMATION_EX = *mut PROCESS_STACK_ALLOCATION_INFORMATION_EX;
+STRUCT!{struct PROCESS_AFFINITY_UPDATE_MODE {
+ Flags: ULONG,
+}}
+BITFIELD!{PROCESS_AFFINITY_UPDATE_MODE Flags: ULONG [
+ EnableAutoUpdate set_EnableAutoUpdate[0..1],
+ Permanent set_Permanent[1..2],
+ Reserved set_Reserved[2..32],
+]}
+pub type PPROCESS_AFFINITY_UPDATE_MODE = *mut PROCESS_AFFINITY_UPDATE_MODE;
+STRUCT!{struct PROCESS_MEMORY_ALLOCATION_MODE {
+ Flags: ULONG,
+}}
+BITFIELD!{PROCESS_MEMORY_ALLOCATION_MODE Flags: ULONG [
+ TopDown set_TopDown[0..1],
+ Reserved set_Reserved[1..32],
+]}
+pub type PPROCESS_MEMORY_ALLOCATION_MODE = *mut PROCESS_MEMORY_ALLOCATION_MODE;
+STRUCT!{struct PROCESS_HANDLE_INFORMATION {
+ HandleCount: ULONG,
+ HandleCountHighWatermark: ULONG,
+}}
+pub type PPROCESS_HANDLE_INFORMATION = *mut PROCESS_HANDLE_INFORMATION;
+STRUCT!{struct PROCESS_CYCLE_TIME_INFORMATION {
+ AccumulatedCycles: ULONGLONG,
+ CurrentCycleCount: ULONGLONG,
+}}
+pub type PPROCESS_CYCLE_TIME_INFORMATION = *mut PROCESS_CYCLE_TIME_INFORMATION;
+STRUCT!{struct PROCESS_WINDOW_INFORMATION {
+ WindowFlags: ULONG,
+ WindowTitleLength: USHORT,
+ WindowTitle: [WCHAR; 1],
+}}
+pub type PPROCESS_WINDOW_INFORMATION = *mut PROCESS_WINDOW_INFORMATION;
+STRUCT!{struct PROCESS_HANDLE_TABLE_ENTRY_INFO {
+ HandleValue: HANDLE,
+ HandleCount: ULONG_PTR,
+ PointerCount: ULONG_PTR,
+ GrantedAccess: ULONG,
+ ObjectTypeIndex: ULONG,
+ HandleAttributes: ULONG,
+ Reserved: ULONG,
+}}
+pub type PPROCESS_HANDLE_TABLE_ENTRY_INFO = *mut PROCESS_HANDLE_TABLE_ENTRY_INFO;
+STRUCT!{struct PROCESS_HANDLE_SNAPSHOT_INFORMATION {
+ NumberOfHandles: ULONG_PTR,
+ Reserved: ULONG_PTR,
+ Handles: [PROCESS_HANDLE_TABLE_ENTRY_INFO; 1],
+}}
+pub type PPROCESS_HANDLE_SNAPSHOT_INFORMATION = *mut PROCESS_HANDLE_SNAPSHOT_INFORMATION;
+UNION!{union PROCESS_MITIGATION_POLICY_INFORMATION_u {
+ ASLRPolicy: PROCESS_MITIGATION_ASLR_POLICY,
+ StrictHandleCheckPolicy: PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY,
+ SystemCallDisablePolicy: PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY,
+ ExtensionPointDisablePolicy: PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY,
+ DynamicCodePolicy: PROCESS_MITIGATION_DYNAMIC_CODE_POLICY,
+ ControlFlowGuardPolicy: PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY,
+ SignaturePolicy: PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY,
+ FontDisablePolicy: PROCESS_MITIGATION_FONT_DISABLE_POLICY,
+ ImageLoadPolicy: PROCESS_MITIGATION_IMAGE_LOAD_POLICY,
+ SystemCallFilterPolicy: PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY,
+ PayloadRestrictionPolicy: PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY,
+ ChildProcessPolicy: PROCESS_MITIGATION_CHILD_PROCESS_POLICY,
+ // SideChannelIsolationPolicy: PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY, //TODO
+}}
+STRUCT!{struct PROCESS_MITIGATION_POLICY_INFORMATION {
+ Policy: PROCESS_MITIGATION_POLICY,
+ u: PROCESS_MITIGATION_POLICY_INFORMATION_u,
+}}
+pub type PPROCESS_MITIGATION_POLICY_INFORMATION = *mut PROCESS_MITIGATION_POLICY_INFORMATION;
+STRUCT!{struct PROCESS_KEEPALIVE_COUNT_INFORMATION {
+ WakeCount: ULONG,
+ NoWakeCount: ULONG,
+}}
+pub type PPROCESS_KEEPALIVE_COUNT_INFORMATION = *mut PROCESS_KEEPALIVE_COUNT_INFORMATION;
+STRUCT!{struct PROCESS_REVOKE_FILE_HANDLES_INFORMATION {
+ TargetDevicePath: UNICODE_STRING,
+}}
+pub type PPROCESS_REVOKE_FILE_HANDLES_INFORMATION = *mut PROCESS_REVOKE_FILE_HANDLES_INFORMATION;
+ENUM!{enum PROCESS_WORKING_SET_OPERATION {
+ ProcessWorkingSetSwap = 0,
+ ProcessWorkingSetEmpty = 1,
+ ProcessWorkingSetOperationMax = 2,
+}}
+STRUCT!{struct PROCESS_WORKING_SET_CONTROL {
+ Version: ULONG,
+ Operation: PROCESS_WORKING_SET_OPERATION,
+ Flags: ULONG,
+}}
+pub type PPROCESS_WORKING_SET_CONTROL = *mut PROCESS_WORKING_SET_CONTROL;
+ENUM!{enum PS_PROTECTED_TYPE {
+ PsProtectedTypeNone = 0,
+ PsProtectedTypeProtectedLight = 1,
+ PsProtectedTypeProtected = 2,
+ PsProtectedTypeMax = 3,
+}}
+ENUM!{enum PS_PROTECTED_SIGNER {
+ PsProtectedSignerNone = 0,
+ PsProtectedSignerAuthenticode = 1,
+ PsProtectedSignerCodeGen = 2,
+ PsProtectedSignerAntimalware = 3,
+ PsProtectedSignerLsa = 4,
+ PsProtectedSignerWindows = 5,
+ PsProtectedSignerWinTcb = 6,
+ PsProtectedSignerWinSystem = 7,
+ PsProtectedSignerApp = 8,
+ PsProtectedSignerMax = 9,
+}}
+pub const PS_PROTECTED_SIGNER_MASK: UCHAR = 0xFF;
+pub const PS_PROTECTED_AUDIT_MASK: UCHAR = 0x08;
+pub const PS_PROTECTED_TYPE_MASK: UCHAR = 0x07;
+#[inline]
+pub const fn PsProtectedValue(
+ aSigner: PS_PROTECTED_SIGNER,
+ aAudit: u8,
+ aType: PS_PROTECTED_TYPE,
+) -> UCHAR {
+ (aSigner as u8 & PS_PROTECTED_SIGNER_MASK) << 4 | (aAudit & PS_PROTECTED_AUDIT_MASK) << 3
+ | (aType as u8 & PS_PROTECTED_TYPE_MASK)
+}
+#[inline]
+pub fn InitializePsProtection(
+ aProtectionLevelPtr: &mut PS_PROTECTION,
+ aSigner: PS_PROTECTED_SIGNER,
+ aAudit: u8,
+ aType: PS_PROTECTED_TYPE,
+) {
+ aProtectionLevelPtr.set_Signer(aSigner as u8);
+ aProtectionLevelPtr.set_Audit(aAudit);
+ aProtectionLevelPtr.set_Type(aType as u8);
+}
+STRUCT!{struct PS_PROTECTION {
+ Level: UCHAR,
+}}
+pub type PPS_PROTECTION = *mut PS_PROTECTION;
+BITFIELD!{PS_PROTECTION Level: UCHAR [
+ Type set_Type[0..3],
+ Audit set_Audit[3..4],
+ Signer set_Signer[4..8],
+]}
+STRUCT!{struct PROCESS_FAULT_INFORMATION {
+ FaultFlags: ULONG,
+ AdditionalInfo: ULONG,
+}}
+pub type PPROCESS_FAULT_INFORMATION = *mut PROCESS_FAULT_INFORMATION;
+STRUCT!{struct PROCESS_TELEMETRY_ID_INFORMATION {
+ HeaderSize: ULONG,
+ ProcessId: ULONG,
+ ProcessStartKey: ULONGLONG,
+ CreateTime: ULONGLONG,
+ CreateInterruptTime: ULONGLONG,
+ CreateUnbiasedInterruptTime: ULONGLONG,
+ ProcessSequenceNumber: ULONGLONG,
+ SessionCreateTime: ULONGLONG,
+ SessionId: ULONG,
+ BootId: ULONG,
+ ImageChecksum: ULONG,
+ ImageTimeDateStamp: ULONG,
+ UserSidOffset: ULONG,
+ ImagePathOffset: ULONG,
+ PackageNameOffset: ULONG,
+ RelativeAppNameOffset: ULONG,
+ CommandLineOffset: ULONG,
+}}
+pub type PPROCESS_TELEMETRY_ID_INFORMATION = *mut PROCESS_TELEMETRY_ID_INFORMATION;
+STRUCT!{struct PROCESS_COMMIT_RELEASE_INFORMATION {
+ Version: ULONG,
+ s: ULONG,
+ CommitDebt: SIZE_T,
+ CommittedMemResetSize: SIZE_T,
+ RepurposedMemResetSize: SIZE_T,
+}}
+BITFIELD!{PROCESS_COMMIT_RELEASE_INFORMATION s: ULONG [
+ Eligible set_Eligible[0..1],
+ ReleaseRepurposedMemResetCommit set_ReleaseRepurposedMemResetCommit[1..2],
+ ForceReleaseMemResetCommit set_ForceReleaseMemResetCommit[2..3],
+ Spare set_Spare[3..32],
+]}
+pub type PPROCESS_COMMIT_RELEASE_INFORMATION = *mut PROCESS_COMMIT_RELEASE_INFORMATION;
+STRUCT!{struct PROCESS_JOB_MEMORY_INFO {
+ SharedCommitUsage: ULONGLONG,
+ PrivateCommitUsage: ULONGLONG,
+ PeakPrivateCommitUsage: ULONGLONG,
+ PrivateCommitLimit: ULONGLONG,
+ TotalCommitLimit: ULONGLONG,
+}}
+pub type PPROCESS_JOB_MEMORY_INFO = *mut PROCESS_JOB_MEMORY_INFO;
+STRUCT!{struct PROCESS_CHILD_PROCESS_INFORMATION {
+ ProhibitChildProcesses: BOOLEAN,
+ AlwaysAllowSecureChildProcess: BOOLEAN,
+ AuditProhibitChildProcesses: BOOLEAN,
+}}
+pub type PPROCESS_CHILD_PROCESS_INFORMATION = *mut PROCESS_CHILD_PROCESS_INFORMATION;
+STRUCT!{struct PROCESS_WAKE_INFORMATION {
+ NotificationChannel: ULONGLONG,
+ WakeCounters: [ULONG; 7],
+ WakeFilter: *mut JOBOBJECT_WAKE_FILTER,
+}}
+pub type PPROCESS_WAKE_INFORMATION = *mut PROCESS_WAKE_INFORMATION;
+STRUCT!{struct PROCESS_ENERGY_TRACKING_STATE {
+ StateUpdateMask: ULONG,
+ StateDesiredValue: ULONG,
+ StateSequence: ULONG,
+ UpdateTag: ULONG,
+ Tag: [WCHAR; 64],
+}}
+pub type PPROCESS_ENERGY_TRACKING_STATE = *mut PROCESS_ENERGY_TRACKING_STATE;
+BITFIELD!{PROCESS_ENERGY_TRACKING_STATE UpdateTag: ULONG [
+ UpdateTag set_UpdateTag[0..1],
+]}
+STRUCT!{struct MANAGE_WRITES_TO_EXECUTABLE_MEMORY {
+ BitFields: ULONG,
+}}
+BITFIELD!{MANAGE_WRITES_TO_EXECUTABLE_MEMORY BitFields: ULONG [
+ Machine set_Machine[0..16],
+ KernelMode set_KernelMode[16..17],
+ UserMode set_UserMode[17..18],
+ Native set_Native[18..19],
+ Process set_Process[19..20],
+ ReservedZero0 set_ReservedZero0[20..32],
+]}
+pub type PMANAGE_WRITES_TO_EXECUTABLE_MEMORY = *mut MANAGE_WRITES_TO_EXECUTABLE_MEMORY;
+pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM: UCHAR = 1;
+pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM: UCHAR = 2;
+pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM_V: UCHAR = 1;
+pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM_V: UCHAR = 2;
+STRUCT!{struct PROCESS_READWRITEVM_LOGGING_INFORMATION {
+ Flags: UCHAR,
+}}
+BITFIELD!{PROCESS_READWRITEVM_LOGGING_INFORMATION Flags: UCHAR [
+ EnableReadVmLogging set_EnableReadVmLogging[0..1],
+ EnableWriteVmLogging set_EnableWriteVmLogging[1..2],
+ Unused set_Unused[2..8],
+]}
+UNION!{union PROCESS_UPTIME_INFORMATION_u {
+ HangCount: ULONG,
+ GhostCount: ULONG,
+ Crashed: ULONG,
+ Terminated: ULONG,
+}}
+pub type PPROCESS_READWRITEVM_LOGGING_INFORMATION = *mut PROCESS_READWRITEVM_LOGGING_INFORMATION;
+STRUCT!{struct PROCESS_UPTIME_INFORMATION {
+ QueryInterruptTime: ULONGLONG,
+ QueryUnbiasedTime: ULONGLONG,
+ EndInterruptTime: ULONGLONG,
+ TimeSinceCreation: ULONGLONG,
+ Uptime: ULONGLONG,
+ SuspendedTime: ULONGLONG,
+ u: PROCESS_UPTIME_INFORMATION_u,
+}}
+pub type PPROCESS_UPTIME_INFORMATION = *mut PROCESS_UPTIME_INFORMATION;
+STRUCT!{struct PROCESS_SYSTEM_RESOURCE_MANAGEMENT {
+ Flags: ULONG,
+}}
+pub type PPROCESS_SYSTEM_RESOURCE_MANAGEMENT = *mut PROCESS_SYSTEM_RESOURCE_MANAGEMENT;
+BITFIELD!{PROCESS_SYSTEM_RESOURCE_MANAGEMENT Flags: ULONG [
+ Foreground set_Foreground[0..1],
+ Reserved set_Reserved[1..32],
+]}
+STRUCT!{struct PROCESS_SECURITY_DOMAIN_INFORMATION {
+ SecurityDomain: ULONGLONG,
+}}
+pub type PPROCESS_SECURITY_DOMAIN_INFORMATION = *mut PROCESS_SECURITY_DOMAIN_INFORMATION;
+STRUCT!{struct PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION {
+ ProcessHandle: HANDLE,
+}}
+pub type PPROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION =
+ *mut PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION;
+STRUCT!{struct PROCESS_LOGGING_INFORMATION {
+ Flags: ULONG,
+ BitFields: ULONG,
+}}
+BITFIELD!{PROCESS_LOGGING_INFORMATION BitFields: ULONG [
+ EnableReadVmLogging set_EnableReadVmLogging[0..1],
+ EnableWriteVmLogging set_EnableWriteVmLogging[1..2],
+ EnableProcessSuspendResumeLogging set_EnableProcessSuspendResumeLogging[2..3],
+ EnableThreadSuspendResumeLogging set_EnableThreadSuspendResumeLogging[3..4],
+ Reserved set_Reserved[4..32],
+]}
+pub type PPROCESS_LOGGING_INFORMATION = *mut PROCESS_LOGGING_INFORMATION;
+STRUCT!{struct PROCESS_LEAP_SECOND_INFORMATION {
+ Flags: ULONG,
+ Reserved: ULONG,
+}}
+pub type PPROCESS_LEAP_SECOND_INFORMATION = *mut PROCESS_LEAP_SECOND_INFORMATION;
+STRUCT!{struct THREAD_BASIC_INFORMATION {
+ ExitStatus: NTSTATUS,
+ TebBaseAddress: PTEB,
+ ClientId: CLIENT_ID,
+ AffinityMask: ULONG_PTR,
+ Priority: KPRIORITY,
+ BasePriority: LONG,
+}}
+pub type PTHREAD_BASIC_INFORMATION = *mut THREAD_BASIC_INFORMATION;
+STRUCT!{struct THREAD_LAST_SYSCALL_INFORMATION {
+ FirstArgument: PVOID,
+ SystemCallNumber: USHORT,
+ Pad: [USHORT; 1],
+ WaitTime: ULONG64,
+}}
+pub type PTHREAD_LAST_SYSCALL_INFORMATION = *mut THREAD_LAST_SYSCALL_INFORMATION;
+STRUCT!{struct THREAD_CYCLE_TIME_INFORMATION {
+ AccumulatedCycles: ULONGLONG,
+ CurrentCycleCount: ULONGLONG,
+}}
+pub type PTHREAD_CYCLE_TIME_INFORMATION = *mut THREAD_CYCLE_TIME_INFORMATION;
+STRUCT!{struct THREAD_TEB_INFORMATION {
+ TebInformation: PVOID,
+ TebOffset: ULONG,
+ BytesToRead: ULONG,
+}}
+pub type PTHREAD_TEB_INFORMATION = *mut THREAD_TEB_INFORMATION;
+STRUCT!{struct COUNTER_READING {
+ Type: HARDWARE_COUNTER_TYPE,
+ Index: ULONG,
+ Start: ULONG64,
+ Total: ULONG64,
+}}
+pub type PCOUNTER_READING = *mut COUNTER_READING;
+STRUCT!{struct THREAD_PERFORMANCE_DATA {
+ Size: USHORT,
+ Version: USHORT,
+ ProcessorNumber: PROCESSOR_NUMBER,
+ ContextSwitches: ULONG,
+ HwCountersCount: ULONG,
+ UpdateCount: ULONG64,
+ WaitReasonBitMap: ULONG64,
+ HardwareCounters: ULONG64,
+ CycleTime: COUNTER_READING,
+ HwCounters: [COUNTER_READING; MAX_HW_COUNTERS],
+}}
+pub type PTHREAD_PERFORMANCE_DATA = *mut THREAD_PERFORMANCE_DATA;
+STRUCT!{struct THREAD_PROFILING_INFORMATION {
+ HardwareCounters: ULONG64,
+ Flags: ULONG,
+ Enable: ULONG,
+ PerformanceData: PTHREAD_PERFORMANCE_DATA,
+}}
+pub type PTHREAD_PROFILING_INFORMATION = *mut THREAD_PROFILING_INFORMATION;
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+STRUCT!{#[repr(align(16))] struct RTL_UMS_CONTEXT {
+ Link: SINGLE_LIST_ENTRY,
+ __padding: u64,
+ Context: CONTEXT,
+ Teb: PVOID,
+ UserContext: PVOID,
+ ScheduledThread: ULONG,
+ Suspended: ULONG,
+ VolatileContext: ULONG,
+ Terminated: ULONG,
+ DebugActive: ULONG,
+ RunningOnSelfThread: ULONG,
+ DenyRunningOnSelfThread: ULONG,
+ Flags: LONG,
+ KernelUpdateLock: ULONG64,
+ PrimaryClientID: ULONG64,
+ ContextLock: ULONG64,
+ PrimaryUmsContext: *mut RTL_UMS_CONTEXT,
+ SwitchCount: ULONG,
+ KernelYieldCount: ULONG,
+ MixedYieldCount: ULONG,
+ YieldCount: ULONG,
+}}
+#[cfg(target_arch = "x86")]
+STRUCT!{struct RTL_UMS_CONTEXT {
+ Link: SINGLE_LIST_ENTRY,
+ Context: CONTEXT,
+ Teb: PVOID,
+ UserContext: PVOID,
+ ScheduledThread: ULONG,
+ Suspended: ULONG,
+ VolatileContext: ULONG,
+ Terminated: ULONG,
+ DebugActive: ULONG,
+ RunningOnSelfThread: ULONG,
+ DenyRunningOnSelfThread: ULONG,
+ Flags: LONG,
+ KernelUpdateLock: ULONG64,
+ PrimaryClientID: ULONG64,
+ ContextLock: ULONG64,
+ PrimaryUmsContext: *mut RTL_UMS_CONTEXT,
+ SwitchCount: ULONG,
+ KernelYieldCount: ULONG,
+ MixedYieldCount: ULONG,
+ YieldCount: ULONG,
+ __padding: u32,
+}}
+pub type PRTL_UMS_CONTEXT = *mut RTL_UMS_CONTEXT;
+ENUM!{enum THREAD_UMS_INFORMATION_COMMAND {
+ UmsInformationCommandInvalid = 0,
+ UmsInformationCommandAttach = 1,
+ UmsInformationCommandDetach = 2,
+ UmsInformationCommandQuery = 3,
+}}
+STRUCT!{struct RTL_UMS_COMPLETION_LIST {
+ ThreadListHead: PSINGLE_LIST_ENTRY,
+ CompletionEvent: PVOID,
+ CompletionFlags: ULONG,
+ InternalListHead: SINGLE_LIST_ENTRY,
+}}
+pub type PRTL_UMS_COMPLETION_LIST = *mut RTL_UMS_COMPLETION_LIST;
+STRUCT!{struct THREAD_UMS_INFORMATION {
+ Command: THREAD_UMS_INFORMATION_COMMAND,
+ CompletionList: PRTL_UMS_COMPLETION_LIST,
+ UmsContext: PRTL_UMS_CONTEXT,
+ Flags: ULONG,
+}}
+BITFIELD!{THREAD_UMS_INFORMATION Flags: ULONG [
+ IsUmsSchedulerThread set_IsUmsSchedulerThread[0..1],
+ IsUmsWorkerThread set_IsUmsWorkerThread[1..2],
+ SpareBits set_SpareBits[2..32],
+]}
+pub type PTHREAD_UMS_INFORMATION = *mut THREAD_UMS_INFORMATION;
+STRUCT!{struct THREAD_NAME_INFORMATION {
+ ThreadName: UNICODE_STRING,
+}}
+pub type PTHREAD_NAME_INFORMATION = *mut THREAD_NAME_INFORMATION;
+ENUM!{enum SUBSYSTEM_INFORMATION_TYPE {
+ SubsystemInformationTypeWin32 = 0,
+ SubsystemInformationTypeWSL = 1,
+ MaxSubsystemInformationType = 2,
+}}
+ENUM!{enum THREAD_WORKLOAD_CLASS {
+ ThreadWorkloadClassDefault = 0,
+ ThreadWorkloadClassGraphics = 1,
+ MaxThreadWorkloadClass = 2,
+}}
+EXTERN!{extern "system" {
+ fn NtCreateProcess(
+ ProcessHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ParentProcess: HANDLE,
+ InheritObjectTable: BOOLEAN,
+ SectionHandle: HANDLE,
+ DebugPort: HANDLE,
+ ExceptionPort: HANDLE,
+ ) -> NTSTATUS;
+}}
+pub const PROCESS_CREATE_FLAGS_BREAKAWAY: ULONG = 0x00000001;
+pub const PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT: ULONG = 0x00000002;
+pub const PROCESS_CREATE_FLAGS_INHERIT_HANDLES: ULONG = 0x00000004;
+pub const PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE: ULONG = 0x00000008;
+pub const PROCESS_CREATE_FLAGS_LARGE_PAGES: ULONG = 0x00000010;
+EXTERN!{extern "system" {
+ fn NtCreateProcessEx(
+ ProcessHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ParentProcess: HANDLE,
+ Flags: ULONG,
+ SectionHandle: HANDLE,
+ DebugPort: HANDLE,
+ ExceptionPort: HANDLE,
+ JobMemberLevel: ULONG,
+ ) -> NTSTATUS;
+ fn NtOpenProcess(
+ ProcessHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ClientId: PCLIENT_ID,
+ ) -> NTSTATUS;
+ fn NtTerminateProcess(
+ ProcessHandle: HANDLE,
+ ExitStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn NtSuspendProcess(
+ ProcessHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtResumeProcess(
+ ProcessHandle: HANDLE,
+ ) -> NTSTATUS;
+}}
+pub const NtCurrentProcess: HANDLE = -1isize as *mut c_void;
+pub const ZwCurrentProcess: HANDLE = NtCurrentProcess;
+pub const NtCurrentThread: HANDLE = -2isize as *mut c_void;
+pub const ZwCurrentThread: HANDLE = NtCurrentThread;
+pub const NtCurrentSession: HANDLE = -3isize as *mut c_void;
+pub const ZwCurrentSession: HANDLE = NtCurrentSession;
+#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
+pub unsafe fn NtCurrentPeb() -> PPEB {
+ (*NtCurrentTeb()).ProcessEnvironmentBlock
+}
+pub const NtCurrentProcessToken: HANDLE = -4isize as *mut c_void;
+pub const NtCurrentThreadToken: HANDLE = -5isize as *mut c_void;
+pub const NtCurrentEffectiveToken: HANDLE = -6isize as *mut c_void;
+pub const NtCurrentSilo: HANDLE = -1isize as *mut c_void;
+#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
+pub unsafe fn NtCurrentProcessId() -> HANDLE {
+ (*NtCurrentTeb()).ClientId.UniqueProcess
+}
+#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))]
+pub unsafe fn NtCurrentThreadId() -> HANDLE {
+ (*NtCurrentTeb()).ClientId.UniqueThread
+}
+EXTERN!{extern "system" {
+ fn NtQueryInformationProcess(
+ ProcessHandle: HANDLE,
+ ProcessInformationClass: PROCESSINFOCLASS,
+ ProcessInformation: PVOID,
+ ProcessInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtGetNextProcess(
+ ProcessHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ Flags: ULONG,
+ NewProcessHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtGetNextThread(
+ ProcessHandle: HANDLE,
+ ThreadHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ Flags: ULONG,
+ NewThreadHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtSetInformationProcess(
+ ProcessHandle: HANDLE,
+ ProcessInformationClass: PROCESSINFOCLASS,
+ ProcessInformation: PVOID,
+ ProcessInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtQueryPortInformationProcess() -> NTSTATUS;
+ fn NtCreateThread(
+ ThreadHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ProcessHandle: HANDLE,
+ ClientId: PCLIENT_ID,
+ ThreadContext: PCONTEXT,
+ InitialTeb: PINITIAL_TEB,
+ CreateSuspended: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtOpenThread(
+ ThreadHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ClientId: PCLIENT_ID,
+ ) -> NTSTATUS;
+ fn NtTerminateThread(
+ ThreadHandle: HANDLE,
+ ExitStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn NtSuspendThread(
+ ThreadHandle: HANDLE,
+ PreviousSuspendCount: PULONG,
+ ) -> NTSTATUS;
+ fn NtResumeThread(
+ ThreadHandle: HANDLE,
+ PreviousSuspendCount: PULONG,
+ ) -> NTSTATUS;
+ fn NtGetCurrentProcessorNumber() -> ULONG;
+ fn NtGetContextThread(
+ ThreadHandle: HANDLE,
+ ThreadContext: PCONTEXT,
+ ) -> NTSTATUS;
+ fn NtSetContextThread(
+ ThreadHandle: HANDLE,
+ ThreadContext: PCONTEXT,
+ ) -> NTSTATUS;
+ fn NtQueryInformationThread(
+ ThreadHandle: HANDLE,
+ ThreadInformationClass: THREADINFOCLASS,
+ ThreadInformation: PVOID,
+ ThreadInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationThread(
+ ThreadHandle: HANDLE,
+ ThreadInformationClass: THREADINFOCLASS,
+ ThreadInformation: PVOID,
+ ThreadInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtAlertThread(
+ ThreadHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtAlertResumeThread(
+ ThreadHandle: HANDLE,
+ PreviousSuspendCount: PULONG,
+ ) -> NTSTATUS;
+ fn NtTestAlert() -> NTSTATUS;
+ fn NtImpersonateThread(
+ ServerThreadHandle: HANDLE,
+ ClientThreadHandle: HANDLE,
+ SecurityQos: PSECURITY_QUALITY_OF_SERVICE,
+ ) -> NTSTATUS;
+ fn NtRegisterThreadTerminatePort(
+ PortHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtSetLdtEntries(
+ Selector0: ULONG,
+ Entry0Low: ULONG,
+ Entry0Hi: ULONG,
+ Selector1: ULONG,
+ Entry1Low: ULONG,
+ Entry1Hi: ULONG,
+ ) -> NTSTATUS;
+}}
+FN!{cdecl PPS_APC_ROUTINE(
+ ApcArgument1: PVOID,
+ ApcArgument2: PVOID,
+ ApcArgument3: PVOID,
+) -> ()}
+EXTERN!{extern "system" {
+ fn NtQueueApcThread(
+ ThreadHandle: HANDLE,
+ ApcRoutine: PPS_APC_ROUTINE,
+ ApcArgument1: PVOID,
+ ApcArgument2: PVOID,
+ ApcArgument3: PVOID,
+ ) -> NTSTATUS;
+}}
+pub const APC_FORCE_THREAD_SIGNAL: HANDLE = 1 as *mut c_void;
+EXTERN!{extern "system" {
+ fn NtQueueApcThreadEx(
+ ThreadHandle: HANDLE,
+ UserApcReserveHandle: HANDLE,
+ ApcRoutine: PPS_APC_ROUTINE,
+ ApcArgument1: PVOID,
+ ApcArgument2: PVOID,
+ ApcArgument3: PVOID,
+ ) -> NTSTATUS;
+ fn NtAlertThreadByThreadId(
+ ThreadId: HANDLE,
+ ) -> NTSTATUS;
+ fn NtWaitForAlertByThreadId(
+ Address: PVOID,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+}}
+pub const PS_ATTRIBUTE_NUMBER_MASK: u32 = 0x0000ffff;
+pub const PS_ATTRIBUTE_THREAD: u32 = 0x00010000;
+pub const PS_ATTRIBUTE_INPUT: u32 = 0x00020000;
+pub const PS_ATTRIBUTE_ADDITIVE: u32 = 0x00040000;
+ENUM!{enum PS_ATTRIBUTE_NUM {
+ PsAttributeParentProcess = 0,
+ PsAttributeDebugPort = 1,
+ PsAttributeToken = 2,
+ PsAttributeClientId = 3,
+ PsAttributeTebAddress = 4,
+ PsAttributeImageName = 5,
+ PsAttributeImageInfo = 6,
+ PsAttributeMemoryReserve = 7,
+ PsAttributePriorityClass = 8,
+ PsAttributeErrorMode = 9,
+ PsAttributeStdHandleInfo = 10,
+ PsAttributeHandleList = 11,
+ PsAttributeGroupAffinity = 12,
+ PsAttributePreferredNode = 13,
+ PsAttributeIdealProcessor = 14,
+ PsAttributeUmsThread = 15,
+ PsAttributeMitigationOptions = 16,
+ PsAttributeProtectionLevel = 17,
+ PsAttributeSecureProcess = 18,
+ PsAttributeJobList = 19,
+ PsAttributeChildProcessPolicy = 20,
+ PsAttributeAllApplicationPackagesPolicy = 21,
+ PsAttributeWin32kFilter = 22,
+ PsAttributeSafeOpenPromptOriginClaim = 23,
+ PsAttributeBnoIsolation = 24,
+ PsAttributeDesktopAppPolicy = 25,
+ PsAttributeChpe = 26,
+ PsAttributeMax = 27,
+}}
+#[inline]
+pub const fn PsAttributeValue(
+ Number: PS_ATTRIBUTE_NUM,
+ Thread: bool,
+ Input: bool,
+ Additive: bool,
+) -> ULONG_PTR { //fixme
+ (Number & PS_ATTRIBUTE_NUMBER_MASK | [0, PS_ATTRIBUTE_THREAD][Thread as usize]
+ | [0, PS_ATTRIBUTE_INPUT][Input as usize] | [0, PS_ATTRIBUTE_ADDITIVE][Additive as usize]
+ ) as usize
+}
+pub const PS_ATTRIBUTE_PARENT_PROCESS: ULONG_PTR = 0x00060000;
+pub const PS_ATTRIBUTE_DEBUG_PORT: ULONG_PTR = 0x00060001;
+pub const PS_ATTRIBUTE_TOKEN: ULONG_PTR = 0x00060002;
+pub const PS_ATTRIBUTE_CLIENT_ID: ULONG_PTR = 0x00010003;
+pub const PS_ATTRIBUTE_TEB_ADDRESS: ULONG_PTR = 0x00010004;
+pub const PS_ATTRIBUTE_IMAGE_NAME: ULONG_PTR = 0x00020005;
+pub const PS_ATTRIBUTE_IMAGE_INFO: ULONG_PTR = 0x00000006;
+pub const PS_ATTRIBUTE_MEMORY_RESERVE: ULONG_PTR = 0x00020007;
+pub const PS_ATTRIBUTE_PRIORITY_CLASS: ULONG_PTR = 0x00020008;
+pub const PS_ATTRIBUTE_ERROR_MODE: ULONG_PTR = 0x00020009;
+pub const PS_ATTRIBUTE_STD_HANDLE_INFO: ULONG_PTR = 0x0002000a;
+pub const PS_ATTRIBUTE_HANDLE_LIST: ULONG_PTR = 0x0002000b;
+pub const PS_ATTRIBUTE_GROUP_AFFINITY: ULONG_PTR = 0x0003000c;
+pub const PS_ATTRIBUTE_PREFERRED_NODE: ULONG_PTR = 0x0002000d;
+pub const PS_ATTRIBUTE_IDEAL_PROCESSOR: ULONG_PTR = 0x0003000e;
+pub const PS_ATTRIBUTE_UMS_THREAD: ULONG_PTR = 0x0003000f;
+pub const PS_ATTRIBUTE_MITIGATION_OPTIONS: ULONG_PTR = 0x00060010;
+pub const PS_ATTRIBUTE_PROTECTION_LEVEL: ULONG_PTR = 0x00060011;
+pub const PS_ATTRIBUTE_SECURE_PROCESS: ULONG_PTR = 0x00020012;
+pub const PS_ATTRIBUTE_JOB_LIST: ULONG_PTR = 0x00020013;
+pub const PS_ATTRIBUTE_CHILD_PROCESS_POLICY: ULONG_PTR = 0x00020014;
+pub const PS_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY: ULONG_PTR = 0x00020015;
+pub const PS_ATTRIBUTE_WIN32K_FILTER: ULONG_PTR = 0x00020016;
+pub const PS_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM: ULONG_PTR = 0x00020017;
+pub const PS_ATTRIBUTE_BNO_ISOLATION: ULONG_PTR = 0x00020018;
+pub const PS_ATTRIBUTE_DESKTOP_APP_POLICY: ULONG_PTR = 0x00020019;
+UNION!{union PS_ATTRIBUTE_u {
+ Value: ULONG_PTR,
+ ValuePtr: PVOID,
+}}
+STRUCT!{struct PS_ATTRIBUTE {
+ Attribute: ULONG_PTR,
+ Size: SIZE_T,
+ u: PS_ATTRIBUTE_u,
+ ReturnLength: PSIZE_T,
+}}
+pub type PPS_ATTRIBUTE = *mut PS_ATTRIBUTE;
+STRUCT!{struct PS_ATTRIBUTE_LIST {
+ TotalLength: SIZE_T,
+ Attributes: [PS_ATTRIBUTE; 1],
+}}
+pub type PPS_ATTRIBUTE_LIST = *mut PS_ATTRIBUTE_LIST;
+STRUCT!{struct PS_MEMORY_RESERVE {
+ ReserveAddress: PVOID,
+ ReserveSize: SIZE_T,
+}}
+pub type PPS_MEMORY_RESERVE = *mut PS_MEMORY_RESERVE;
+ENUM!{enum PS_STD_HANDLE_STATE {
+ PsNeverDuplicate = 0,
+ PsRequestDuplicate = 1,
+ PsAlwaysDuplicate = 2,
+ PsMaxStdHandleStates = 3,
+}}
+pub const PS_STD_INPUT_HANDLE: u32 = 0x1;
+pub const PS_STD_OUTPUT_HANDLE: u32 = 0x2;
+pub const PS_STD_ERROR_HANDLE: u32 = 0x4;
+STRUCT!{struct PS_STD_HANDLE_INFO {
+ Flags: ULONG,
+ StdHandleSubsystemType: ULONG,
+}}
+pub type PPS_STD_HANDLE_INFO = *mut PS_STD_HANDLE_INFO;
+BITFIELD!{PS_STD_HANDLE_INFO Flags: ULONG [
+ StdHandleState set_StdHandleState[0..2],
+ PseudoHandleMask set_PseudoHandleMask[2..5],
+]}
+STRUCT!{struct PS_BNO_ISOLATION_PARAMETERS {
+ IsolationPrefix: UNICODE_STRING,
+ HandleCount: ULONG,
+ Handles: *mut PVOID,
+ IsolationEnabled: BOOLEAN,
+}}
+pub type PPS_BNO_ISOLATION_PARAMETERS = *mut PS_BNO_ISOLATION_PARAMETERS;
+ENUM!{enum PS_MITIGATION_OPTION {
+ PS_MITIGATION_OPTION_NX = 0,
+ PS_MITIGATION_OPTION_SEHOP = 1,
+ PS_MITIGATION_OPTION_FORCE_RELOCATE_IMAGES = 2,
+ PS_MITIGATION_OPTION_HEAP_TERMINATE = 3,
+ PS_MITIGATION_OPTION_BOTTOM_UP_ASLR = 4,
+ PS_MITIGATION_OPTION_HIGH_ENTROPY_ASLR = 5,
+ PS_MITIGATION_OPTION_STRICT_HANDLE_CHECKS = 6,
+ PS_MITIGATION_OPTION_WIN32K_SYSTEM_CALL_DISABLE = 7,
+ PS_MITIGATION_OPTION_EXTENSION_POINT_DISABLE = 8,
+ PS_MITIGATION_OPTION_PROHIBIT_DYNAMIC_CODE = 9,
+ PS_MITIGATION_OPTION_CONTROL_FLOW_GUARD = 10,
+ PS_MITIGATION_OPTION_BLOCK_NON_MICROSOFT_BINARIES = 11,
+ PS_MITIGATION_OPTION_FONT_DISABLE = 12,
+ PS_MITIGATION_OPTION_IMAGE_LOAD_NO_REMOTE = 13,
+ PS_MITIGATION_OPTION_IMAGE_LOAD_NO_LOW_LABEL = 14,
+ PS_MITIGATION_OPTION_IMAGE_LOAD_PREFER_SYSTEM32 = 15,
+ PS_MITIGATION_OPTION_RETURN_FLOW_GUARD = 16,
+ PS_MITIGATION_OPTION_LOADER_INTEGRITY_CONTINUITY = 17,
+ PS_MITIGATION_OPTION_STRICT_CONTROL_FLOW_GUARD = 18,
+ PS_MITIGATION_OPTION_RESTRICT_SET_THREAD_CONTEXT = 19,
+ PS_MITIGATION_OPTION_ROP_STACKPIVOT = 20,
+ PS_MITIGATION_OPTION_ROP_CALLER_CHECK = 21,
+ PS_MITIGATION_OPTION_ROP_SIMEXEC = 22,
+ PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER = 23,
+ PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER_PLUS = 24,
+ PS_MITIGATION_OPTION_RESTRICT_CHILD_PROCESS_CREATION = 25,
+ PS_MITIGATION_OPTION_IMPORT_ADDRESS_FILTER = 26,
+ PS_MITIGATION_OPTION_MODULE_TAMPERING_PROTECTION = 27,
+ PS_MITIGATION_OPTION_RESTRICT_INDIRECT_BRANCH_PREDICTION = 28,
+ PS_MITIGATION_OPTION_SPECULATIVE_STORE_BYPASS_DISABLE = 29,
+ PS_MITIGATION_OPTION_ALLOW_DOWNGRADE_DYNAMIC_CODE_POLICY = 30,
+ PS_MITIGATION_OPTION_CET_SHADOW_STACKS = 31,
+}}
+ENUM!{enum PS_CREATE_STATE {
+ PsCreateInitialState = 0,
+ PsCreateFailOnFileOpen = 1,
+ PsCreateFailOnSectionCreate = 2,
+ PsCreateFailExeFormat = 3,
+ PsCreateFailMachineMismatch = 4,
+ PsCreateFailExeName = 5,
+ PsCreateSuccess = 6,
+ PsCreateMaximumStates = 7,
+}}
+STRUCT!{struct PS_CREATE_INFO_u_InitState {
+ InitFlags: ULONG,
+ AdditionalFileAccess: ACCESS_MASK,
+}}
+BITFIELD!{PS_CREATE_INFO_u_InitState InitFlags: ULONG [
+ WriteOutputOnExit set_WriteOutputOnExit[0..1],
+ DetectManifest set_DetectManifest[1..2],
+ IFEOSkipDebugger set_IFEOSkipDebugger[2..3],
+ IFEODoNotPropagateKeyState set_IFEODoNotPropagateKeyState[3..4],
+ SpareBits1 set_SpareBits1[4..8],
+ SpareBits2 set_SpareBits2[8..16],
+ ProhibitedImageCharacteristics set_ProhibitedImageCharacteristics[16..32],
+]}
+STRUCT!{struct PS_CREATE_INFO_u_SuccessState {
+ OutputFlags: ULONG,
+ FileHandle: HANDLE,
+ SectionHandle: HANDLE,
+ UserProcessParametersNative: ULONGLONG,
+ UserProcessParametersWow64: ULONG,
+ CurrentParameterFlags: ULONG,
+ PebAddressNative: ULONGLONG,
+ PebAddressWow64: ULONG,
+ ManifestAddress: ULONGLONG,
+ ManifestSize: ULONG,
+}}
+BITFIELD!{PS_CREATE_INFO_u_SuccessState OutputFlags: ULONG [
+ ProtectedProcess set_ProtectedProcess[0..1],
+ AddressSpaceOverride set_AddressSpaceOverride[1..2],
+ DevOverrideEnabled set_DevOverrideEnabled[2..3],
+ ManifestDetected set_ManifestDetected[3..4],
+ ProtectedProcessLight set_ProtectedProcessLight[4..5],
+ SpareBits1 set_SpareBits1[5..8],
+ SpareBits2 set_SpareBits2[8..16],
+ SpareBits3 set_SpareBits3[16..32],
+]}
+UNION!{union PS_CREATE_INFO_u {
+ InitState: PS_CREATE_INFO_u_InitState,
+ FileHandle: HANDLE,
+ DllCharacteristics: USHORT,
+ IFEOKey: HANDLE,
+ SuccessState: PS_CREATE_INFO_u_SuccessState,
+}}
+STRUCT!{struct PS_CREATE_INFO {
+ Size: SIZE_T,
+ State: PS_CREATE_STATE,
+ u: PS_CREATE_INFO_u,
+}}
+pub type PPS_CREATE_INFO = *mut PS_CREATE_INFO;
+pub const PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL: ULONG = 0x00000020;
+pub const PROCESS_CREATE_FLAGS_PROTECTED_PROCESS: ULONG = 0x00000040;
+pub const PROCESS_CREATE_FLAGS_CREATE_SESSION: ULONG = 0x00000080;
+pub const PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT: ULONG = 0x00000100;
+pub const PROCESS_CREATE_FLAGS_SUSPENDED: ULONG = 0x00000200;
+pub const PROCESS_CREATE_FLAGS_EXTENDED_UNKNOWN: ULONG = 0x00000400;
+EXTERN!{extern "system" {
+ fn NtCreateUserProcess(
+ ProcessHandle: PHANDLE,
+ ThreadHandle: PHANDLE,
+ ProcessDesiredAccess: ACCESS_MASK,
+ ThreadDesiredAccess: ACCESS_MASK,
+ ProcessObjectAttributes: POBJECT_ATTRIBUTES,
+ ThreadObjectAttributes: POBJECT_ATTRIBUTES,
+ ProcessFlags: ULONG,
+ ThreadFlags: ULONG,
+ ProcessParameters: PVOID,
+ CreateInfo: PPS_CREATE_INFO,
+ AttributeList: PPS_ATTRIBUTE_LIST,
+ ) -> NTSTATUS;
+}}
+pub const THREAD_CREATE_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001;
+pub const THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH: ULONG = 0x00000002;
+pub const THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER: ULONG = 0x00000004;
+pub const THREAD_CREATE_FLAGS_HAS_SECURITY_DESCRIPTOR: ULONG = 0x00000010;
+pub const THREAD_CREATE_FLAGS_ACCESS_CHECK_IN_TARGET: ULONG = 0x00000020;
+pub const THREAD_CREATE_FLAGS_INITIAL_THREAD: ULONG = 0x00000080;
+EXTERN!{extern "system" {
+ fn NtCreateThreadEx(
+ ThreadHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ProcessHandle: HANDLE,
+ StartRoutine: PVOID,
+ Argument: PVOID,
+ CreateFlags: ULONG,
+ ZeroBits: SIZE_T,
+ StackSize: SIZE_T,
+ MaximumStackSize: SIZE_T,
+ AttributeList: PPS_ATTRIBUTE_LIST,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION {
+ BasicInfo: JOBOBJECT_BASIC_ACCOUNTING_INFORMATION,
+ IoInfo: IO_COUNTERS,
+ DiskIoInfo: PROCESS_DISK_COUNTERS,
+ ContextSwitches: ULONG64,
+ TotalCycleTime: LARGE_INTEGER,
+ ReadyTime: ULONG64,
+ EnergyValues: PROCESS_ENERGY_VALUES,
+}}
+pub type PJOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION =
+ *mut JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION;
+STRUCT!{struct JOBOBJECT_WAKE_INFORMATION {
+ NotificationChannel: HANDLE,
+ WakeCounters: [ULONG64; 7],
+}}
+pub type PJOBOBJECT_WAKE_INFORMATION = *mut JOBOBJECT_WAKE_INFORMATION;
+STRUCT!{struct JOBOBJECT_WAKE_INFORMATION_V1 {
+ NotificationChannel: HANDLE,
+ WakeCounters: [ULONG64; 4],
+}}
+pub type PJOBOBJECT_WAKE_INFORMATION_V1 = *mut JOBOBJECT_WAKE_INFORMATION_V1;
+STRUCT!{struct JOBOBJECT_INTERFERENCE_INFORMATION {
+ Count: ULONG64,
+}}
+pub type PJOBOBJECT_INTERFERENCE_INFORMATION = *mut JOBOBJECT_INTERFERENCE_INFORMATION;
+STRUCT!{struct JOBOBJECT_WAKE_FILTER {
+ HighEdgeFilter: ULONG,
+ LowEdgeFilter: ULONG,
+}}
+pub type PJOBOBJECT_WAKE_FILTER = *mut JOBOBJECT_WAKE_FILTER;
+STRUCT!{struct JOBOBJECT_FREEZE_INFORMATION {
+ Flags: ULONG,
+ Freeze: BOOLEAN,
+ Swap: BOOLEAN,
+ Reserved0: [UCHAR; 2],
+ WakeFilter: JOBOBJECT_WAKE_FILTER,
+}}
+pub type PJOBOBJECT_FREEZE_INFORMATION = *mut JOBOBJECT_FREEZE_INFORMATION;
+BITFIELD!{JOBOBJECT_FREEZE_INFORMATION Flags: ULONG [
+ FreezeOperation set_FreezeOperation[0..1],
+ FilterOperation set_FilterOperation[1..2],
+ SwapOperation set_SwapOperation[2..3],
+ Reserved set_Reserved[3..32],
+]}
+STRUCT!{struct JOBOBJECT_MEMORY_USAGE_INFORMATION {
+ JobMemory: ULONG64,
+ PeakJobMemoryUsed: ULONG64,
+}}
+pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION = *mut JOBOBJECT_MEMORY_USAGE_INFORMATION;
+STRUCT!{struct JOBOBJECT_MEMORY_USAGE_INFORMATION_V2 {
+ BasicInfo: JOBOBJECT_MEMORY_USAGE_INFORMATION,
+ JobSharedMemory: ULONG64,
+ Reserved: [ULONG64; 2],
+}}
+pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION_V2 = *mut JOBOBJECT_MEMORY_USAGE_INFORMATION_V2;
+STRUCT!{struct SILO_USER_SHARED_DATA {
+ ServiceSessionId: ULONG64,
+ ActiveConsoleId: ULONG,
+ ConsoleSessionForegroundProcessId: LONGLONG,
+ NtProductType: NT_PRODUCT_TYPE,
+ SuiteMask: ULONG,
+ SharedUserSessionId: ULONG,
+ IsMultiSessionSku: BOOLEAN,
+ NtSystemRoot: [WCHAR; 260],
+ UserModeGlobalLogger: [USHORT; 16],
+}}
+pub type PSILO_USER_SHARED_DATA = *mut SILO_USER_SHARED_DATA;
+STRUCT!{struct SILOOBJECT_ROOT_DIRECTORY {
+ ControlFlags: ULONG,
+ Path: UNICODE_STRING,
+}}
+pub type PSILOOBJECT_ROOT_DIRECTORY = *mut SILOOBJECT_ROOT_DIRECTORY;
+STRUCT!{struct JOBOBJECT_ENERGY_TRACKING_STATE {
+ Value: ULONG64,
+ UpdateMask: ULONG,
+ DesiredState: ULONG,
+}}
+pub type PJOBOBJECT_ENERGY_TRACKING_STATE = *mut JOBOBJECT_ENERGY_TRACKING_STATE;
+EXTERN!{extern "system" {
+ fn NtCreateJobObject(
+ JobHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtOpenJobObject(
+ JobHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtAssignProcessToJobObject(
+ JobHandle: HANDLE,
+ ProcessHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtTerminateJobObject(
+ JobHandle: HANDLE,
+ ExitStatus: NTSTATUS,
+ ) -> NTSTATUS;
+ fn NtIsProcessInJob(
+ ProcessHandle: HANDLE,
+ JobHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtQueryInformationJobObject(
+ JobHandle: HANDLE,
+ JobObjectInformationClass: JOBOBJECTINFOCLASS,
+ JobObjectInformation: PVOID,
+ JobObjectInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationJobObject(
+ JobHandle: HANDLE,
+ JobObjectInformationClass: JOBOBJECTINFOCLASS,
+ JobObjectInformation: PVOID,
+ JobObjectInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtCreateJobSet(
+ NumJob: ULONG,
+ UserJobSet: PJOB_SET_ARRAY,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtRevertContainerImpersonation() -> NTSTATUS;
+}}
+ENUM!{enum MEMORY_RESERVE_TYPE {
+ MemoryReserveUserApc = 0,
+ MemoryReserveIoCompletion = 1,
+ MemoryReserveTypeMax = 2,
+}}
+EXTERN!{extern "system" {
+ fn NtAllocateReserveObject(
+ MemoryReserveHandle: PHANDLE,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Type: MEMORY_RESERVE_TYPE,
+ ) -> NTSTATUS;
+}}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-14 22:57:08 +0000