diff options
Diffstat (limited to 'vendor/ntapi')
42 files changed, 21197 insertions, 0 deletions
diff --git a/vendor/ntapi/.cargo-checksum.json b/vendor/ntapi/.cargo-checksum.json new file mode 100644 index 000000000..8a9d4be0f --- /dev/null +++ b/vendor/ntapi/.cargo-checksum.json @@ -0,0 +1 @@ +{"files":{"Cargo.toml":"766a317c4703d827a8405fca763dcc4aab451c7424b666bfccd39caad3341c85","LICENSE-APACHE":"cf90d659de5c1e6418267ab8043b756e65508ee5d8d50b29eb2d2fe444c2c3eb","LICENSE-MIT":"11a7964ccc0dd115d16720ab1d826c5d03e52838748ffaba3d21bae8bcacd82a","README.md":"3be48f39b5fea8f1091aeef02338ef2c0ca7321750ec043bee9ab3c7ac990e54","build.rs":"13a274ea4cb1886872626b8a98269e9bf2e1f93cb1068fc8c797e421746cac7e","src/lib.rs":"5bd23124340783c9d7ba365b85dd7b78efe7345ccfa6a734ecb4a13604f423c9","src/macros.rs":"b0a852ebea2e1aed3e7d70eeadc8356778b064d2eca6e796598e9ab37ac54175","src/ntapi_base.rs":"b2edefaf68709c32f7fb4377ea21457afd3c7546ba59596f9f25bbaeb220f4d4","src/ntdbg.rs":"f891d4b26ef9d6c68ca098ab70bb4b1dd4d7e1d05e0f65c32bc6cb1151528f91","src/ntexapi.rs":"9dc7765b30daddc21068b7ca7a2c07f96b97e2f80f81ef631f8cc8b979a4c8c9","src/ntgdi.rs":"9fa6610566d77e95294432957f8cb8564cef3bb09d2d8d0adcf23047fa3a5221","src/ntioapi.rs":"577f3c3d83a95a965fff62efbdaa01769e9b3cf713f0d296a948f34cdfddcedc","src/ntkeapi.rs":"1ede6613c94303e6087e30e64ee1f1623eada9d088ce50992904e1812b263923","src/ntldr.rs":"c9be16003da83f82599a419995fbf4f15e047f24166f700dd4b08c0e58adb5a8","src/ntlpcapi.rs":"da5070b1c1adad34091aedd01d2b888daa4dc9446fdcd69668565e6eeb2db11f","src/ntmisc.rs":"4904e383065828b86013ebd3b85d45b384b522899954ac89c561963061acc962","src/ntmmapi.rs":"3a371e9edb7df91d1242f9dae92bf6d295c9b6c3ca65846c8d1ebbba55bdf7ee","src/ntnls.rs":"ef90b985da124d2f4c4b8cb0addab766a0928843b4afa4bce40b3a9fcddaf163","src/ntobapi.rs":"3071d8bc73e40d92d769e4093744820c0a5e116ecf4a94676ca3cdc008adfd8e","src/ntpebteb.rs":"94a9fbc1b3c48fa368f1b602fa205d41d3201e4d8c638c0898402eb3ebb5b72a","src/ntpfapi.rs":"37270db61f2562cd5481302c2a5a64be186b8c7126eacfe12b6c66e9bec4bf61","src/ntpnpapi.rs":"cfcaa3dd6110f25a48c51c011bb8369e83e3817e142afb412e40d6e4b868a036","src/ntpoapi.rs":"a535206a89cd42f81e3b931e5802f8b3343fd35387e9f3fedd9b042a78853f34","src/ntpsapi.rs":"5f4b3d176bbbbe6aee3d38a905990911732dbf08569c1fe4e273b38e46d63d49","src/ntregapi.rs":"a6f5a830b48e88fd0a4824036fffda2d2d80d1cad07baf37607121142f2c4777","src/ntrtl.rs":"9ac601ec4425cde859e7fda902a77fe2ff6612fb13c28168e83fe528ec78d64a","src/ntsam.rs":"dc59cfa944c27cf02b782fdbf110de4757ca6ae77806820a64a17742670242b4","src/ntseapi.rs":"c87688e028aa05513e361bb72288ef3af2f3dfe8e923745a84409d8fdeee57fd","src/ntsmss.rs":"6ac1f029b56a2a8856569c3acbedd7c560d2ccfac030aa2f2178f52d9312cdc5","src/nttmapi.rs":"7092c8b35aae642572c333b0fef1fe4a32f5a9c563249b585766317051670db5","src/nttp.rs":"47be534d36af7d6a715c87ef646824162bd3eb47f86a85ed8357c987c1a4fcdd","src/ntwow64.rs":"725baf7b32d24c0800abf730b58335e682332b821636ca699c40e80ba7148f94","src/ntxcapi.rs":"54fcadd43a0e146ade8ebdd750b09872d0e8f7a1295a9646910529048d5f6dca","src/ntzwapi.rs":"012932586fdbcac8eff57d90ce640e10d20e150dc7702100d1ea46f6f261f868","src/string.rs":"ac0e73f37384e03f14d9dc47fcfb3620a4157e122481f30c82b16fb21ab86a40","src/subprocesstag.rs":"4c85e44c91521cb20e5c6624b0cf4b27ca6ac7c3e560854ad34e0e66fb809971","src/winapi_local.rs":"2003099deec5e7039e5d2dd0aa6a43120816f67e94f4d9909c7f6689b62747e4","src/winapi_local/um.rs":"48859dfb53520bdd569c052ac26d06de2d16c57403ffbe4febbc1e1f25847f45","src/winapi_local/um/winioctl.rs":"00020fcda499ce558edfa4d684f5b4e198cbcfa5b3b8e9b62a122c0aca46514f","src/winapi_local/um/winnt.rs":"fc1a3ba99e305ec752528a00ceb02457fe73f4a7875370fe2ffaaaa5336ebfbf","src/winsta.rs":"c5a28c5c55f08745b2b100a5a374af821cf173b053eb8ee54ae19a85455d3fac"},"package":"c28774a7fd2fbb4f0babd8237ce554b73af68021b5f695a3cebd6c59bac0980f"}
\ No newline at end of file diff --git a/vendor/ntapi/Cargo.toml b/vendor/ntapi/Cargo.toml new file mode 100644 index 000000000..35516ff80 --- /dev/null +++ b/vendor/ntapi/Cargo.toml @@ -0,0 +1,40 @@ +# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO +# +# When uploading crates to the registry Cargo will automatically +# "normalize" Cargo.toml files for maximal compatibility +# with all versions of Cargo and also rewrite `path` dependencies +# to registry (e.g., crates.io) dependencies. +# +# If you are reading this file be aware that the original Cargo.toml +# will likely look very different (and much more reasonable). +# See Cargo.toml.orig for the original contents. + +[package] +edition = "2018" +name = "ntapi" +version = "0.3.7" +authors = ["MSxDOS <melcodos@gmail.com>"] +include = ["src/**/*", "Cargo.toml", "build.rs", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] +description = "FFI bindings for Native API" +documentation = "https://docs.rs/ntapi/*/x86_64-pc-windows-msvc/ntapi/" +readme = "README.md" +keywords = ["windows", "ffi", "ntapi", "native", "win32"] +categories = ["external-ffi-bindings", "no-std", "os::windows-apis"] +license = "Apache-2.0 OR MIT" +repository = "https://github.com/MSxDOS/ntapi" +[package.metadata.docs.rs] +default-target = "x86_64-pc-windows-msvc" +features = ["beta"] +targets = ["aarch64-pc-windows-msvc", "i686-pc-windows-msvc", "x86_64-pc-windows-msvc"] +[dependencies.winapi] +version = "0.3.9" +features = ["cfg", "evntrace", "in6addr", "inaddr", "minwinbase", "ntsecapi", "windef", "winioctl"] + +[features] +beta = [] +default = ["user"] +func-types = [] +impl-default = ["winapi/impl-default"] +kernel = [] +nightly = ["beta"] +user = [] diff --git a/vendor/ntapi/LICENSE-APACHE b/vendor/ntapi/LICENSE-APACHE new file mode 100644 index 000000000..e72929ee9 --- /dev/null +++ b/vendor/ntapi/LICENSE-APACHE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +
\ No newline at end of file diff --git a/vendor/ntapi/LICENSE-MIT b/vendor/ntapi/LICENSE-MIT new file mode 100644 index 000000000..0235c6ac8 --- /dev/null +++ b/vendor/ntapi/LICENSE-MIT @@ -0,0 +1,17 @@ +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"),to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/ntapi/README.md b/vendor/ntapi/README.md new file mode 100644 index 000000000..d438de3e2 --- /dev/null +++ b/vendor/ntapi/README.md @@ -0,0 +1,17 @@ +# ntapi [![AppVeyor][appveyor_badge]][appveyor_link] [![Crates.io][crates_badge]][crates_link] [![Documentation][docs_badge]][docs_link] [![Lines of Code][loc_badge]][loc_link] [![Unsafe][unsafe_badge]][unsafe_link] + +Rust FFI bindings for Native API. Mostly based on Process Hacker [phnt](https://github.com/processhacker/processhacker/tree/master/phnt) headers as the most complete source of bindings to be found. The comments there also contain useful information on how to use specific things. + +### Minimum supported Rust +Always the latest stable. Some [features][docs_link] require a beta compiler. + +[appveyor_link]: https://ci.appveyor.com/project/MSxDOS/ntapi +[appveyor_badge]: https://ci.appveyor.com/api/projects/status/i1fcmm0c5b7c6b6u/branch/master?svg=true +[crates_link]: https://crates.io/crates/ntapi +[crates_badge]: https://img.shields.io/crates/v/ntapi.svg +[docs_link]: https://docs.rs/ntapi/*/x86_64-pc-windows-msvc/ntapi/ +[docs_badge]: https://docs.rs/ntapi/badge.svg +[loc_link]: https://github.com/Aaronepower/tokei +[loc_badge]: https://tokei.rs/b1/github/MSxDOS/ntapi +[unsafe_link]: https://doc.rust-lang.org/book/ch19-01-unsafe-rust.html +[unsafe_badge]: https://img.shields.io/badge/unsafe-%E2%9C%94-C901DD.svg diff --git a/vendor/ntapi/build.rs b/vendor/ntapi/build.rs new file mode 100644 index 000000000..bbd46f595 --- /dev/null +++ b/vendor/ntapi/build.rs @@ -0,0 +1,15 @@ +use std::env::var; + +fn main() { + #[cfg(feature = "user")] { + if var("TARGET").map( + |t| t == "x86_64-pc-windows-gnu" || t == "i686-pc-windows-gnu" + ).unwrap_or(false) { + if var("WINAPI_NO_BUNDLED_LIBRARIES").is_ok() { + println!("cargo:rustc-link-lib=ntdll"); + } else { + println!("cargo:rustc-link-lib=winapi_ntdll"); + } + } + } +} diff --git a/vendor/ntapi/src/lib.rs b/vendor/ntapi/src/lib.rs new file mode 100644 index 000000000..6b06b6c57 --- /dev/null +++ b/vendor/ntapi/src/lib.rs @@ -0,0 +1,70 @@ +//! # Features +//! **`func-types`** -- Generate [types][fn_ptr] for external functions.<br/> +//! **`impl-default`** -- Implement [`Default`] for structs and unions.<br/> +//! **`user`** *(default)* -- Link to `ntdll`.<br/> +//! **`kernel`** -- Link to `ntoskrnl` on MSVC targets.<br/> +//! **`beta`** -- Unlock unstable features that require a beta compiler: +//! - [`NtCurrentTeb`] +//! - [`__readfsdword`] +//! - [`__readgsqword`] +//! - [`_bittest64`] +//! - [`NtCurrentPeb`] +//! - [`NtCurrentProcessId`] +//! - [`NtCurrentThreadId`] +//! - [`RtlProcessHeap`] +//! - [`RtlCheckBit`] implementation using [`_bittest64`] on x86_64. +//! +//! [`NtCurrentTeb`]: winapi_local/um/winnt/fn.NtCurrentTeb.html +//! [`__readfsdword`]: winapi_local/um/winnt/fn.__readfsdword.html +//! [`__readgsqword`]: winapi_local/um/winnt/fn.__readgsqword.html +//! [`_bittest64`]: winapi_local/um/winnt/fn._bittest64.html +//! [`NtCurrentPeb`]: ntpsapi/fn.NtCurrentPeb.html +//! [`NtCurrentProcessId`]: ntpsapi/fn.NtCurrentProcessId.html +//! [`NtCurrentThreadId`]: ntpsapi/fn.NtCurrentThreadId.html +//! [`RtlProcessHeap`]: ntrtl/fn.RtlProcessHeap.html +//! [`RtlCheckBit`]: ntrtl/fn.RtlCheckBit.html +//! [fn_ptr]: https://doc.rust-lang.org/reference/types.html#function-pointer-types +//! [`Default`]: https://doc.rust-lang.org/std/default/trait.Default.html#tymethod.default +#![cfg(all(windows, any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64")))] +#![no_std] +#![deny(unused, unused_qualifications)] +#![warn(unused_attributes)] +#![allow(bad_style, deprecated, overflowing_literals, unused_macros, clippy::cast_lossless, clippy::cast_ptr_alignment, clippy::len_without_is_empty, clippy::trivially_copy_pass_by_ref, clippy::unreadable_literal)] +#[doc(hidden)] +pub extern crate core as _core; +#[macro_use] +#[doc(hidden)] +pub extern crate winapi; +#[macro_use] +mod macros; +pub mod ntapi_base; +pub mod ntdbg; +pub mod ntexapi; +pub mod ntgdi; +pub mod ntioapi; +pub mod ntkeapi; +pub mod ntldr; +pub mod ntlpcapi; +pub mod ntmisc; +pub mod ntmmapi; +pub mod ntnls; +pub mod ntobapi; +pub mod ntpebteb; +pub mod ntpfapi; +pub mod ntpnpapi; +pub mod ntpoapi; +pub mod ntpsapi; +pub mod ntregapi; +pub mod ntrtl; +pub mod ntsam; +pub mod ntseapi; +pub mod ntsmss; +pub mod nttmapi; +pub mod nttp; +pub mod ntwow64; +pub mod ntxcapi; +pub mod ntzwapi; +pub mod string; +pub mod subprocesstag; +pub mod winapi_local; +pub mod winsta; diff --git a/vendor/ntapi/src/macros.rs b/vendor/ntapi/src/macros.rs new file mode 100644 index 000000000..92cdd9678 --- /dev/null +++ b/vendor/ntapi/src/macros.rs @@ -0,0 +1,112 @@ +#[macro_export] +macro_rules! EXTERN { + (extern $c:tt {$( + fn $n:ident ($( $p:tt $(: $t:ty)?),* $(,)?) $(-> $r:ty)?; + )+}) => { + #[cfg_attr(all(target_env = "msvc", feature = "user"), link(name = "ntdll"))] + #[cfg_attr(all(target_env = "msvc", feature = "kernel"), link(name = "ntoskrnl"))] + extern $c {$( + pub fn $n( + $($p $(: $t)?),* + ) $(-> $r)?; + )+} + $( + #[cfg(feature = "func-types")] + pub type $n = unsafe extern $c fn($($p $(: $t)?),*) $(-> $r)?; + )+ + }; + (extern $c:tt {$( + static mut $n:ident : $t:ty; + )+}) => { + #[cfg_attr(all(target_env = "msvc", feature = "user"), link(name = "ntdll"))] + extern $c {$( + pub static mut $n: $t; + )+} + }; +} +#[macro_export] +#[doc(hidden)] +macro_rules! FIELD_OFFSET { + ($_type:ty, $field:ident$(.$cfields:ident)*) => { + unsafe { + union Transmuter<T: 'static> { + p: *const T, + r: &'static T, + i: usize, + } + #[allow(unaligned_references)] + Transmuter { + r: &(&Transmuter { + p: $crate::_core::ptr::null::<$_type>() + }.r).$field$(.$cfields)* + }.i + } + }; +} +macro_rules! BITFIELD { + ($base:ident $field:ident: $fieldtype:ty [ + $($thing:ident $set_thing:ident[$r:expr],)+ + ]) => { + impl $base {$( + #[inline] + pub const fn $thing(&self) -> $fieldtype { + const SIZE: usize = $crate::_core::mem::size_of::<$fieldtype>() * 8; + self.$field << (SIZE - $r.end) >> (SIZE - $r.end + $r.start) + } + #[inline] + pub fn $set_thing(&mut self, val: $fieldtype) { + const MASK: $fieldtype = ((1 << ($r.end - $r.start)) - 1) << $r.start; + self.$field &= !MASK; + self.$field |= (val << $r.start) & MASK; + } + )+} + }; + (unsafe $base:ident $field:ident: $fieldtype:ty [ + $($thing:ident $set_thing:ident[$r:expr],)+ + ]) => { + impl $base {$( + #[inline] + pub unsafe fn $thing(&self) -> $fieldtype { + const SIZE: usize = $crate::_core::mem::size_of::<$fieldtype>() * 8; + self.$field << (SIZE - $r.end) >> (SIZE - $r.end + $r.start) + } + #[inline] + pub unsafe fn $set_thing(&mut self, val: $fieldtype) { + const MASK: $fieldtype = ((1 << ($r.end - $r.start)) - 1) << $r.start; + self.$field &= !MASK; + self.$field |= (val << $r.start) & MASK; + } + )+} + }; +} +macro_rules! UNION { + ($(#[$attrs:meta])* union $name:ident { + $($variant:ident: $ftype:ty,)+ + }) => ( + #[repr(C)] $(#[$attrs])* + pub union $name { + $(pub $variant: $ftype,)+ + } + impl Copy for $name {} + impl Clone for $name { + #[inline] + fn clone(&self) -> $name { *self } + } + #[cfg(feature = "impl-default")] + impl Default for $name { + #[inline] + fn default() -> $name { unsafe { $crate::_core::mem::zeroed() } } + } + ); +} +macro_rules! FN { + (stdcall $func:ident($($p:ident: $t:ty,)*) -> $ret:ty) => ( + pub type $func = Option<unsafe extern "system" fn($($p: $t,)*) -> $ret>; + ); + (cdecl $func:ident($($p:ident: $t:ty,)*) -> $ret:ty) => ( + pub type $func = Option<unsafe extern "C" fn($($p: $t,)*) -> $ret>; + ); +} +macro_rules! IFDEF { + ($($thing:item)*) => ($($thing)*) +} diff --git a/vendor/ntapi/src/ntapi_base.rs b/vendor/ntapi/src/ntapi_base.rs new file mode 100644 index 000000000..aa341af0b --- /dev/null +++ b/vendor/ntapi/src/ntapi_base.rs @@ -0,0 +1,40 @@ +use winapi::shared::ntdef::{HANDLE, LONG, NTSTATUS, ULONG, ULONGLONG, USHORT}; +use winapi::shared::ntstatus::FACILITY_NTWIN32; +pub type KPRIORITY = LONG; +pub type RTL_ATOM = USHORT; +pub type PRTL_ATOM = *mut RTL_ATOM; +pub const NT_FACILITY_MASK: ULONG = 0xfff; +pub const NT_FACILITY_SHIFT: ULONG = 16; +#[inline] +pub const fn NT_FACILITY(Status: NTSTATUS) -> ULONG { + (Status as u32) >> NT_FACILITY_SHIFT & NT_FACILITY_MASK +} +#[inline] +pub const fn NT_NTWIN32(Status: NTSTATUS) -> bool { + NT_FACILITY(Status) == FACILITY_NTWIN32 as u32 +} +#[inline] +pub const fn WIN32_FROM_NTSTATUS(Status: NTSTATUS) -> ULONG { + (Status as u32) & 0xffff +} +STRUCT!{struct CLIENT_ID { + UniqueProcess: HANDLE, + UniqueThread: HANDLE, +}} +pub type PCLIENT_ID = *mut CLIENT_ID; +STRUCT!{struct CLIENT_ID32 { + UniqueProcess: ULONG, + UniqueThread: ULONG, +}} +pub type PCLIENT_ID32 = *mut CLIENT_ID32; +STRUCT!{struct CLIENT_ID64 { + UniqueProcess: ULONGLONG, + UniqueThread: ULONGLONG, +}} +pub type PCLIENT_ID64 = *mut CLIENT_ID64; +STRUCT!{struct KSYSTEM_TIME { + LowPart: ULONG, + High1Time: LONG, + High2Time: LONG, +}} +pub type PKSYSTEM_TIME = *mut KSYSTEM_TIME; diff --git a/vendor/ntapi/src/ntdbg.rs b/vendor/ntapi/src/ntdbg.rs new file mode 100644 index 000000000..991e8f9da --- /dev/null +++ b/vendor/ntapi/src/ntdbg.rs @@ -0,0 +1,239 @@ +use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID}; +use winapi::shared::evntprov::EVENT_FILTER_DESCRIPTOR; +use winapi::shared::guiddef::LPCGUID; +use winapi::shared::ntdef::{ + BOOLEAN, HANDLE, NTSTATUS, PCCH, PCH, PCSTR, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, + PULONG, PVOID, UCHAR, ULONG, ULONGLONG, +}; +use winapi::um::minwinbase::LPDEBUG_EVENT; +use winapi::um::winnt::{ACCESS_MASK, EXCEPTION_RECORD, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE}; +use winapi::vc::vadefs::va_list; +EXTERN!{extern "system" { + fn DbgUserBreakPoint(); + fn DbgBreakPoint(); + fn DbgBreakPointWithStatus( + Status: ULONG, + ); +}} +pub const DBG_STATUS_CONTROL_C: u32 = 1; +pub const DBG_STATUS_SYSRQ: u32 = 2; +pub const DBG_STATUS_BUGCHECK_FIRST: u32 = 3; +pub const DBG_STATUS_BUGCHECK_SECOND: u32 = 4; +pub const DBG_STATUS_FATAL: u32 = 5; +pub const DBG_STATUS_DEBUG_CONTROL: u32 = 6; +pub const DBG_STATUS_WORKER: u32 = 7; +EXTERN!{extern "C" { + fn DbgPrint( + Format: PCSTR, + ... + ) -> ULONG; + fn DbgPrintEx( + ComponentId: ULONG, + Level: ULONG, + Format: PCSTR, + ... + ) -> ULONG; +}} +EXTERN!{extern "system" { + fn vDbgPrintEx( + ComponentId: ULONG, + Level: ULONG, + Format: PCCH, + arglist: va_list, + ) -> ULONG; + fn vDbgPrintExWithPrefix( + Prefix: PCH, + ComponentId: ULONG, + Level: ULONG, + Format: PCCH, + arglist: va_list, + ) -> ULONG; + fn DbgQueryDebugFilterState( + ComponentId: ULONG, + Level: ULONG, + ) -> NTSTATUS; + fn DbgSetDebugFilterState( + ComponentId: ULONG, + Level: ULONG, + State: BOOLEAN, + ) -> NTSTATUS; + fn DbgPrompt( + Prompt: PCCH, + Response: PCH, + Length: ULONG, + ) -> ULONG; +}} +STRUCT!{struct DBGKM_EXCEPTION { + ExceptionRecord: EXCEPTION_RECORD, + FirstChance: ULONG, +}} +pub type PDBGKM_EXCEPTION = *mut DBGKM_EXCEPTION; +STRUCT!{struct DBGKM_CREATE_THREAD { + SubSystemKey: ULONG, + StartAddress: PVOID, +}} +pub type PDBGKM_CREATE_THREAD = *mut DBGKM_CREATE_THREAD; +STRUCT!{struct DBGKM_CREATE_PROCESS { + SubSystemKey: ULONG, + FileHandle: HANDLE, + BaseOfImage: PVOID, + DebugInfoFileOffset: ULONG, + DebugInfoSize: ULONG, + InitialThread: DBGKM_CREATE_THREAD, +}} +pub type PDBGKM_CREATE_PROCESS = *mut DBGKM_CREATE_PROCESS; +STRUCT!{struct DBGKM_EXIT_THREAD { + ExitStatus: NTSTATUS, +}} +pub type PDBGKM_EXIT_THREAD = *mut DBGKM_EXIT_THREAD; +STRUCT!{struct DBGKM_EXIT_PROCESS { + ExitStatus: NTSTATUS, +}} +pub type PDBGKM_EXIT_PROCESS = *mut DBGKM_EXIT_PROCESS; +STRUCT!{struct DBGKM_LOAD_DLL { + FileHandle: HANDLE, + BaseOfDll: PVOID, + DebugInfoFileOffset: ULONG, + DebugInfoSize: ULONG, + NamePointer: PVOID, +}} +pub type PDBGKM_LOAD_DLL = *mut DBGKM_LOAD_DLL; +STRUCT!{struct DBGKM_UNLOAD_DLL { + BaseAddress: PVOID, +}} +pub type PDBGKM_UNLOAD_DLL = *mut DBGKM_UNLOAD_DLL; +ENUM!{enum DBG_STATE { + DbgIdle = 0, + DbgReplyPending = 1, + DbgCreateThreadStateChange = 2, + DbgCreateProcessStateChange = 3, + DbgExitThreadStateChange = 4, + DbgExitProcessStateChange = 5, + DbgExceptionStateChange = 6, + DbgBreakpointStateChange = 7, + DbgSingleStepStateChange = 8, + DbgLoadDllStateChange = 9, + DbgUnloadDllStateChange = 10, +}} +pub type PDBG_STATE = *mut DBG_STATE; +STRUCT!{struct DBGUI_CREATE_THREAD { + HandleToThread: HANDLE, + NewThread: DBGKM_CREATE_THREAD, +}} +pub type PDBGUI_CREATE_THREAD = *mut DBGUI_CREATE_THREAD; +STRUCT!{struct DBGUI_CREATE_PROCESS { + HandleToProcess: HANDLE, + HandleToThread: HANDLE, + NewProcess: DBGKM_CREATE_PROCESS, +}} +UNION!{union DBGUI_WAIT_STATE_CHANGE_StateInfo { + Exception: DBGKM_EXCEPTION, + CreateThread: DBGUI_CREATE_THREAD, + CreateProcessInfo: DBGUI_CREATE_PROCESS, + ExitThread: DBGKM_EXIT_THREAD, + ExitProcess: DBGKM_EXIT_PROCESS, + LoadDll: DBGKM_LOAD_DLL, + UnloadDll: DBGKM_UNLOAD_DLL, +}} +pub type PDBGUI_CREATE_PROCESS = *mut DBGUI_CREATE_PROCESS; +STRUCT!{struct DBGUI_WAIT_STATE_CHANGE { + NewState: DBG_STATE, + AppClientId: CLIENT_ID, + StateInfo: DBGUI_WAIT_STATE_CHANGE_StateInfo, +}} +pub type PDBGUI_WAIT_STATE_CHANGE = *mut DBGUI_WAIT_STATE_CHANGE; +pub const DEBUG_READ_EVENT: ULONG = 0x0001; +pub const DEBUG_PROCESS_ASSIGN: ULONG = 0x0002; +pub const DEBUG_SET_INFORMATION: ULONG = 0x0004; +pub const DEBUG_QUERY_INFORMATION: ULONG = 0x0008; +pub const DEBUG_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | DEBUG_READ_EVENT + | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | DEBUG_QUERY_INFORMATION; +pub const DEBUG_KILL_ON_CLOSE: u32 = 0x1; +ENUM!{enum DEBUGOBJECTINFOCLASS { + DebugObjectUnusedInformation = 0, + DebugObjectKillProcessOnExitInformation = 1, + MaxDebugObjectInfoClass = 2, +}} +pub type PDEBUGOBJECTINFOCLASS = *mut DEBUGOBJECTINFOCLASS; +EXTERN!{extern "system" { + fn NtCreateDebugObject( + DebugObjectHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + fn NtDebugActiveProcess( + ProcessHandle: HANDLE, + DebugObjectHandle: HANDLE, + ) -> NTSTATUS; + fn NtDebugContinue( + DebugObjectHandle: HANDLE, + ClientId: PCLIENT_ID, + ContinueStatus: NTSTATUS, + ) -> NTSTATUS; + fn NtRemoveProcessDebug( + ProcessHandle: HANDLE, + DebugObjectHandle: HANDLE, + ) -> NTSTATUS; + fn NtSetInformationDebugObject( + DebugObjectHandle: HANDLE, + DebugObjectInformationClass: DEBUGOBJECTINFOCLASS, + DebugInformation: PVOID, + DebugInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtWaitForDebugEvent( + DebugObjectHandle: HANDLE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + WaitStateChange: PVOID, + ) -> NTSTATUS; + fn DbgUiConnectToDbg() -> NTSTATUS; + fn DbgUiGetThreadDebugObject() -> HANDLE; + fn DbgUiSetThreadDebugObject( + DebugObject: HANDLE, + ); + fn DbgUiWaitStateChange( + StateChange: PDBGUI_WAIT_STATE_CHANGE, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn DbgUiContinue( + AppClientId: PCLIENT_ID, + ContinueStatus: NTSTATUS, + ) -> NTSTATUS; + fn DbgUiStopDebugging( + Process: HANDLE, + ) -> NTSTATUS; + fn DbgUiDebugActiveProcess( + Process: HANDLE, + ) -> NTSTATUS; + fn DbgUiRemoteBreakin( + Context: PVOID, + ); + fn DbgUiIssueRemoteBreakin( + Process: HANDLE, + ) -> NTSTATUS; + fn DbgUiConvertStateChangeStructure( + StateChange: PDBGUI_WAIT_STATE_CHANGE, + DebugEvent: LPDEBUG_EVENT, + ) -> NTSTATUS; +}} +FN!{stdcall PENABLECALLBACK( + SourceId: LPCGUID, + IsEnabled: ULONG, + Level: UCHAR, + MatchAnyKeyword: ULONGLONG, + MatchAllKeyword: ULONGLONG, + FilterData: *mut EVENT_FILTER_DESCRIPTOR, + CallbackContext: PVOID, +) -> ()} +pub type REGHANDLE = ULONGLONG; +pub type PREGHANDLE = *mut ULONGLONG; +EXTERN!{extern "system" { + fn EtwEventRegister( + ProviderId: LPCGUID, + EnableCallback: PENABLECALLBACK, + CallbackContext: PVOID, + RegHandle: PREGHANDLE, + ) -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/ntexapi.rs b/vendor/ntapi/src/ntexapi.rs new file mode 100644 index 000000000..5fa47c913 --- /dev/null +++ b/vendor/ntapi/src/ntexapi.rs @@ -0,0 +1,2998 @@ +use core::mem::uninitialized; +use core::ptr::read_volatile; +#[cfg(target_arch = "x86")] +use core::sync::atomic::spin_loop_hint; +use crate::ntapi_base::{CLIENT_ID, KPRIORITY, KSYSTEM_TIME, PRTL_ATOM, RTL_ATOM}; +use crate::ntioapi::{BUS_DATA_TYPE, FILE_IO_COMPLETION_INFORMATION, INTERFACE_TYPE}; +use crate::ntkeapi::{KPROFILE_SOURCE, KTHREAD_STATE, KWAIT_REASON}; +use crate::ntldr::RTL_PROCESS_MODULE_INFORMATION_EX; +use crate::ntpebteb::PTEB; +use crate::ntpoapi::COUNTED_REASON_CONTEXT; +use winapi::shared::basetsd::{KAFFINITY, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR}; +use winapi::shared::evntrace::PROFILE_SOURCE_INFO; +use winapi::shared::guiddef::{GUID, LPGUID}; +use winapi::shared::ntdef::{ + BOOLEAN, CCHAR, EVENT_TYPE, HANDLE, LANGID, LARGE_INTEGER, LCID, LOGICAL, LONG, LONGLONG, + NTSTATUS, NT_PRODUCT_TYPE, PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE, + PHYSICAL_ADDRESS, PLARGE_INTEGER, PLCID, PLONG, PLUID, POBJECT_ATTRIBUTES, PUCHAR, + PULARGE_INTEGER, PULONG, PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE, + UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR, WNF_STATE_NAME, +}; +use winapi::um::winnt::{ + ACCESS_MASK, ANYSIZE_ARRAY, FIRMWARE_TYPE, GENERIC_MAPPING, PSECURITY_DESCRIPTOR, + STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, XSTATE_CONFIGURATION, +}; +use crate::winapi_local::um::winnt::UInt32x32To64; +EXTERN!{extern "system" { + fn NtDelayExecution( + Alertable: BOOLEAN, + DelayInterval: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtQuerySystemEnvironmentValue( + VariableName: PUNICODE_STRING, + VariableValue: PWSTR, + ValueLength: USHORT, + ReturnLength: PUSHORT, + ) -> NTSTATUS; + fn NtSetSystemEnvironmentValue( + VariableName: PUNICODE_STRING, + VariableValue: PUNICODE_STRING, + ) -> NTSTATUS; + fn NtQuerySystemEnvironmentValueEx( + VariableName: PUNICODE_STRING, + VendorGuid: LPGUID, + Value: PVOID, + ValueLength: PULONG, + Attributes: PULONG, + ) -> NTSTATUS; + fn NtSetSystemEnvironmentValueEx( + VariableName: PUNICODE_STRING, + VendorGuid: LPGUID, + Value: PVOID, + ValueLength: ULONG, + Attributes: ULONG, + ) -> NTSTATUS; + fn NtEnumerateSystemEnvironmentValuesEx( + InformationClass: ULONG, + Buffer: PVOID, + BufferLength: PULONG, + ) -> NTSTATUS; +}} +STRUCT!{struct BOOT_ENTRY { + Version: ULONG, + Length: ULONG, + Id: ULONG, + Attributes: ULONG, + FriendlyNameOffset: ULONG, + BootFilePathOffset: ULONG, + OsOptionsLength: ULONG, + OsOptions: [UCHAR; 1], +}} +pub type PBOOT_ENTRY = *mut BOOT_ENTRY; +STRUCT!{struct BOOT_ENTRY_LIST { + NextEntryOffset: ULONG, + BootEntry: BOOT_ENTRY, +}} +pub type PBOOT_ENTRY_LIST = *mut BOOT_ENTRY_LIST; +STRUCT!{struct BOOT_OPTIONS { + Version: ULONG, + Length: ULONG, + Timeout: ULONG, + CurrentBootEntryId: ULONG, + NextBootEntryId: ULONG, + HeadlessRedirection: [WCHAR; 1], +}} +pub type PBOOT_OPTIONS = *mut BOOT_OPTIONS; +STRUCT!{struct FILE_PATH { + Version: ULONG, + Length: ULONG, + Type: ULONG, + FilePath: [UCHAR; 1], +}} +pub type PFILE_PATH = *mut FILE_PATH; +STRUCT!{struct EFI_DRIVER_ENTRY { + Version: ULONG, + Length: ULONG, + Id: ULONG, + FriendlyNameOffset: ULONG, + DriverFilePathOffset: ULONG, +}} +pub type PEFI_DRIVER_ENTRY = *mut EFI_DRIVER_ENTRY; +STRUCT!{struct EFI_DRIVER_ENTRY_LIST { + NextEntryOffset: ULONG, + DriverEntry: EFI_DRIVER_ENTRY, +}} +pub type PEFI_DRIVER_ENTRY_LIST = *mut EFI_DRIVER_ENTRY_LIST; +EXTERN!{extern "system" { + fn NtAddBootEntry( + BootEntry: PBOOT_ENTRY, + Id: PULONG, + ) -> NTSTATUS; + fn NtDeleteBootEntry( + Id: ULONG, + ) -> NTSTATUS; + fn NtModifyBootEntry( + BootEntry: PBOOT_ENTRY, + ) -> NTSTATUS; + fn NtEnumerateBootEntries( + Buffer: PVOID, + BufferLength: PULONG, + ) -> NTSTATUS; + fn NtQueryBootEntryOrder( + Ids: PULONG, + Count: PULONG, + ) -> NTSTATUS; + fn NtSetBootEntryOrder( + Ids: PULONG, + Count: ULONG, + ) -> NTSTATUS; + fn NtQueryBootOptions( + BootOptions: PBOOT_OPTIONS, + BootOptionsLength: PULONG, + ) -> NTSTATUS; + fn NtSetBootOptions( + BootOptions: PBOOT_OPTIONS, + FieldsToChange: ULONG, + ) -> NTSTATUS; + fn NtTranslateFilePath( + InputFilePath: PFILE_PATH, + OutputType: ULONG, + OutputFilePath: PFILE_PATH, + OutputFilePathLength: PULONG, + ) -> NTSTATUS; + fn NtAddDriverEntry( + DriverEntry: PEFI_DRIVER_ENTRY, + Id: PULONG, + ) -> NTSTATUS; + fn NtDeleteDriverEntry( + Id: ULONG, + ) -> NTSTATUS; + fn NtModifyDriverEntry( + DriverEntry: PEFI_DRIVER_ENTRY, + ) -> NTSTATUS; + fn NtEnumerateDriverEntries( + Buffer: PVOID, + BufferLength: PULONG, + ) -> NTSTATUS; + fn NtQueryDriverEntryOrder( + Ids: PULONG, + Count: PULONG, + ) -> NTSTATUS; + fn NtSetDriverEntryOrder( + Ids: PULONG, + Count: ULONG, + ) -> NTSTATUS; +}} +ENUM!{enum FILTER_BOOT_OPTION_OPERATION { + FilterBootOptionOperationOpenSystemStore = 0, + FilterBootOptionOperationSetElement = 1, + FilterBootOptionOperationDeleteElement = 2, + FilterBootOptionOperationMax = 3, +}} +EXTERN!{extern "system" { + fn NtFilterBootOption( + FilterOperation: FILTER_BOOT_OPTION_OPERATION, + ObjectType: ULONG, + ElementType: ULONG, + Data: PVOID, + DataSize: ULONG, + ) -> NTSTATUS; +}} +pub const EVENT_QUERY_STATE: u32 = 0x0001; +ENUM!{enum EVENT_INFORMATION_CLASS { + EventBasicInformation = 0, +}} +STRUCT!{struct EVENT_BASIC_INFORMATION { + EventType: EVENT_TYPE, + EventState: LONG, +}} +pub type PEVENT_BASIC_INFORMATION = *mut EVENT_BASIC_INFORMATION; +EXTERN!{extern "system" { + fn NtCreateEvent( + EventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + EventType: EVENT_TYPE, + InitialState: BOOLEAN, + ) -> NTSTATUS; + fn NtOpenEvent( + EventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtSetEvent( + EventHandle: HANDLE, + PreviousState: PLONG, + ) -> NTSTATUS; + fn NtSetEventBoostPriority( + EventHandle: HANDLE, + ) -> NTSTATUS; + fn NtClearEvent( + EventHandle: HANDLE, + ) -> NTSTATUS; + fn NtResetEvent( + EventHandle: HANDLE, + PreviousState: PLONG, + ) -> NTSTATUS; + fn NtPulseEvent( + EventHandle: HANDLE, + PreviousState: PLONG, + ) -> NTSTATUS; + fn NtQueryEvent( + EventHandle: HANDLE, + EventInformationClass: EVENT_INFORMATION_CLASS, + EventInformation: PVOID, + EventInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; +}} +pub const EVENT_PAIR_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE; +EXTERN!{extern "system" { + fn NtCreateEventPair( + EventPairHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtOpenEventPair( + EventPairHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtSetLowEventPair( + EventPairHandle: HANDLE, + ) -> NTSTATUS; + fn NtSetHighEventPair( + EventPairHandle: HANDLE, + ) -> NTSTATUS; + fn NtWaitLowEventPair( + EventPairHandle: HANDLE, + ) -> NTSTATUS; + fn NtWaitHighEventPair( + EventPairHandle: HANDLE, + ) -> NTSTATUS; + fn NtSetLowWaitHighEventPair( + EventPairHandle: HANDLE, + ) -> NTSTATUS; + fn NtSetHighWaitLowEventPair( + EventPairHandle: HANDLE, + ) -> NTSTATUS; +}} +ENUM!{enum MUTANT_INFORMATION_CLASS { + MutantBasicInformation = 0, + MutantOwnerInformation = 1, +}} +STRUCT!{struct MUTANT_BASIC_INFORMATION { + CurrentCount: LONG, + OwnedByCaller: BOOLEAN, + AbandonedState: BOOLEAN, +}} +pub type PMUTANT_BASIC_INFORMATION = *mut MUTANT_BASIC_INFORMATION; +STRUCT!{struct MUTANT_OWNER_INFORMATION { + ClientId: CLIENT_ID, +}} +pub type PMUTANT_OWNER_INFORMATION = *mut MUTANT_OWNER_INFORMATION; +EXTERN!{extern "system" { + fn NtCreateMutant( + MutantHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + InitialOwner: BOOLEAN, + ) -> NTSTATUS; + fn NtOpenMutant( + MutantHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtReleaseMutant( + MutantHandle: HANDLE, + PreviousCount: PLONG, + ) -> NTSTATUS; + fn NtQueryMutant( + MutantHandle: HANDLE, + MutantInformationClass: MUTANT_INFORMATION_CLASS, + MutantInformation: PVOID, + MutantInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; +}} +pub const SEMAPHORE_QUERY_STATE: u32 = 0x0001; +ENUM!{enum SEMAPHORE_INFORMATION_CLASS { + SemaphoreBasicInformation = 0, +}} +STRUCT!{struct SEMAPHORE_BASIC_INFORMATION { + CurrentCount: LONG, + MaximumCount: LONG, +}} +pub type PSEMAPHORE_BASIC_INFORMATION = *mut SEMAPHORE_BASIC_INFORMATION; +EXTERN!{extern "system" { + fn NtCreateSemaphore( + SemaphoreHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + InitialCount: LONG, + MaximumCount: LONG, + ) -> NTSTATUS; + fn NtOpenSemaphore( + SemaphoreHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtReleaseSemaphore( + SemaphoreHandle: HANDLE, + ReleaseCount: LONG, + PreviousCount: PLONG, + ) -> NTSTATUS; + fn NtQuerySemaphore( + SemaphoreHandle: HANDLE, + SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS, + SemaphoreInformation: PVOID, + SemaphoreInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; +}} +ENUM!{enum TIMER_INFORMATION_CLASS { + TimerBasicInformation = 0, +}} +STRUCT!{struct TIMER_BASIC_INFORMATION { + RemainingTime: LARGE_INTEGER, + TimerState: BOOLEAN, +}} +pub type PTIMER_BASIC_INFORMATION = *mut TIMER_BASIC_INFORMATION; +FN!{stdcall PTIMER_APC_ROUTINE( + TimerContext: PVOID, + TimerLowValue: ULONG, + TimerHighValue: LONG, +) -> ()} +ENUM!{enum TIMER_SET_INFORMATION_CLASS { + TimerSetCoalescableTimer = 0, + MaxTimerInfoClass = 1, +}} +STRUCT!{struct TIMER_SET_COALESCABLE_TIMER_INFO { + DueTime: LARGE_INTEGER, + TimerApcRoutine: PTIMER_APC_ROUTINE, + TimerContext: PVOID, + WakeContext: *mut COUNTED_REASON_CONTEXT, + Period: ULONG, + TolerableDelay: ULONG, + PreviousState: PBOOLEAN, +}} +pub type PTIMER_SET_COALESCABLE_TIMER_INFO = *mut TIMER_SET_COALESCABLE_TIMER_INFO; +EXTERN!{extern "system" { + fn NtCreateTimer( + TimerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TimerType: TIMER_TYPE, + ) -> NTSTATUS; + fn NtOpenTimer( + TimerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtSetTimer( + TimerHandle: HANDLE, + DueTime: PLARGE_INTEGER, + TimerApcRoutine: PTIMER_APC_ROUTINE, + TimerContext: PVOID, + ResumeTimer: BOOLEAN, + Period: LONG, + PreviousState: PBOOLEAN, + ) -> NTSTATUS; + fn NtSetTimerEx( + TimerHandle: HANDLE, + TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS, + TimerSetInformation: PVOID, + TimerSetInformationLength: ULONG, + ) -> NTSTATUS; + fn NtCancelTimer( + TimerHandle: HANDLE, + CurrentState: PBOOLEAN, + ) -> NTSTATUS; + fn NtQueryTimer( + TimerHandle: HANDLE, + TimerInformationClass: TIMER_INFORMATION_CLASS, + TimerInformation: PVOID, + TimerInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtCreateIRTimer( + TimerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ) -> NTSTATUS; + fn NtSetIRTimer( + TimerHandle: HANDLE, + DueTime: PLARGE_INTEGER, + ) -> NTSTATUS; +}} +STRUCT!{struct T2_SET_PARAMETERS { + Version: ULONG, + Reserved: ULONG, + NoWakeTolerance: LONGLONG, +}} +pub type PT2_SET_PARAMETERS = *mut T2_SET_PARAMETERS; +pub type PT2_CANCEL_PARAMETERS = PVOID; +EXTERN!{extern "system" { + fn NtCreateTimer2( + TimerHandle: PHANDLE, + Reserved1: PVOID, + Reserved2: PVOID, + Attributes: ULONG, + DesiredAccess: ACCESS_MASK, + ) -> NTSTATUS; + fn NtSetTimer2( + TimerHandle: HANDLE, + DueTime: PLARGE_INTEGER, + Period: PLARGE_INTEGER, + Parameters: PT2_SET_PARAMETERS, + ) -> NTSTATUS; + fn NtCancelTimer2( + TimerHandle: HANDLE, + Parameters: PT2_CANCEL_PARAMETERS, + ) -> NTSTATUS; +}} +pub const PROFILE_CONTROL: u32 = 0x0001; +pub const PROFILE_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL; +EXTERN!{extern "system" { + fn NtCreateProfile( + ProfileHandle: PHANDLE, + Process: HANDLE, + ProfileBase: PVOID, + ProfileSize: SIZE_T, + BucketSize: ULONG, + Buffer: PULONG, + BufferSize: ULONG, + ProfileSource: KPROFILE_SOURCE, + Affinity: KAFFINITY, + ) -> NTSTATUS; + fn NtCreateProfileEx( + ProfileHandle: PHANDLE, + Process: HANDLE, + ProfileBase: PVOID, + ProfileSize: SIZE_T, + BucketSize: ULONG, + Buffer: PULONG, + BufferSize: ULONG, + ProfileSource: KPROFILE_SOURCE, + GroupCount: USHORT, + GroupAffinity: PGROUP_AFFINITY, + ) -> NTSTATUS; + fn NtStartProfile( + ProfileHandle: HANDLE, + ) -> NTSTATUS; + fn NtStopProfile( + ProfileHandle: HANDLE, + ) -> NTSTATUS; + fn NtQueryIntervalProfile( + ProfileSource: KPROFILE_SOURCE, + Interval: PULONG, + ) -> NTSTATUS; + fn NtSetIntervalProfile( + Interval: ULONG, + Source: KPROFILE_SOURCE, + ) -> NTSTATUS; +}} +pub const KEYEDEVENT_WAIT: ULONG = 0x0001; +pub const KEYEDEVENT_WAKE: ULONG = 0x0002; +pub const KEYEDEVENT_ALL_ACCESS: ACCESS_MASK = + STANDARD_RIGHTS_REQUIRED | KEYEDEVENT_WAIT | KEYEDEVENT_WAKE; +EXTERN!{extern "system" { + fn NtCreateKeyedEvent( + KeyedEventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + fn NtOpenKeyedEvent( + KeyedEventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtReleaseKeyedEvent( + KeyedEventHandle: HANDLE, + KeyValue: PVOID, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtWaitForKeyedEvent( + KeyedEventHandle: HANDLE, + KeyValue: PVOID, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtUmsThreadYield( + SchedulerParam: PVOID, + ) -> NTSTATUS; +}} +ENUM!{enum WNF_STATE_NAME_LIFETIME { + WnfWellKnownStateName = 0, + WnfPermanentStateName = 1, + WnfPersistentStateName = 2, + WnfTemporaryStateName = 3, +}} +ENUM!{enum WNF_STATE_NAME_INFORMATION { + WnfInfoStateNameExist = 0, + WnfInfoSubscribersPresent = 1, + WnfInfoIsQuiescent = 2, +}} +ENUM!{enum WNF_DATA_SCOPE { + WnfDataScopeSystem = 0, + WnfDataScopeSession = 1, + WnfDataScopeUser = 2, + WnfDataScopeProcess = 3, + WnfDataScopeMachine = 4, +}} +STRUCT!{struct WNF_TYPE_ID { + TypeId: GUID, +}} +pub type PWNF_TYPE_ID = *mut WNF_TYPE_ID; +pub type PCWNF_TYPE_ID = *const WNF_TYPE_ID; +pub type PWNF_CHANGE_STAMP = *mut ULONG; +pub type WNF_CHANGE_STAMP = ULONG; +STRUCT!{struct WNF_DELIVERY_DESCRIPTOR { + SubscriptionId: ULONGLONG, + StateName: WNF_STATE_NAME, + ChangeStamp: WNF_CHANGE_STAMP, + StateDataSize: ULONG, + EventMask: ULONG, + TypeId: WNF_TYPE_ID, + StateDataOffset: ULONG, +}} +pub type PWNF_DELIVERY_DESCRIPTOR = *mut WNF_DELIVERY_DESCRIPTOR; +EXTERN!{extern "system" { + fn NtCreateWnfStateName( + StateName: PWNF_STATE_NAME, + NameLifetime: WNF_STATE_NAME_LIFETIME, + DataScope: WNF_DATA_SCOPE, + PersistData: BOOLEAN, + TypeId: PCWNF_TYPE_ID, + MaximumStateSize: ULONG, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + fn NtDeleteWnfStateName( + StateName: PCWNF_STATE_NAME, + ) -> NTSTATUS; + fn NtUpdateWnfStateData( + StateName: PCWNF_STATE_NAME, + Buffer: *const VOID, + Length: ULONG, + TypeId: PCWNF_TYPE_ID, + ExplicitScope: *const VOID, + MatchingChangeStamp: WNF_CHANGE_STAMP, + CheckStamp: LOGICAL, + ) -> NTSTATUS; + fn NtDeleteWnfStateData( + StateName: PCWNF_STATE_NAME, + ExplicitScope: *const VOID, + ) -> NTSTATUS; + fn NtQueryWnfStateData( + StateName: PCWNF_STATE_NAME, + TypeId: PCWNF_TYPE_ID, + ExplicitScope: *const VOID, + ChangeStamp: PWNF_CHANGE_STAMP, + Buffer: PVOID, + BufferSize: PULONG, + ) -> NTSTATUS; + fn NtQueryWnfStateNameInformation( + StateName: PCWNF_STATE_NAME, + NameInfoClass: WNF_STATE_NAME_INFORMATION, + ExplicitScope: *const VOID, + InfoBuffer: PVOID, + InfoBufferSize: ULONG, + ) -> NTSTATUS; + fn NtSubscribeWnfStateChange( + StateName: PCWNF_STATE_NAME, + ChangeStamp: WNF_CHANGE_STAMP, + EventMask: ULONG, + SubscriptionId: PULONG64, + ) -> NTSTATUS; + fn NtUnsubscribeWnfStateChange( + StateName: PCWNF_STATE_NAME, + ) -> NTSTATUS; + fn NtGetCompleteWnfStateSubscription( + OldDescriptorStateName: PWNF_STATE_NAME, + OldSubscriptionId: *mut ULONG64, + OldDescriptorEventMask: ULONG, + OldDescriptorStatus: ULONG, + NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR, + DescriptorSize: ULONG, + ) -> NTSTATUS; + fn NtSetWnfProcessNotificationEvent( + NotificationEvent: HANDLE, + ) -> NTSTATUS; +}} +pub const WORKER_FACTORY_RELEASE_WORKER: u32 = 0x0001; +pub const WORKER_FACTORY_WAIT: u32 = 0x0002; +pub const WORKER_FACTORY_SET_INFORMATION: u32 = 0x0004; +pub const WORKER_FACTORY_QUERY_INFORMATION: u32 = 0x0008; +pub const WORKER_FACTORY_READY_WORKER: u32 = 0x0010; +pub const WORKER_FACTORY_SHUTDOWN: u32 = 0x0020; +pub const WORKER_FACTORY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED + | WORKER_FACTORY_RELEASE_WORKER | WORKER_FACTORY_WAIT | WORKER_FACTORY_SET_INFORMATION + | WORKER_FACTORY_QUERY_INFORMATION | WORKER_FACTORY_READY_WORKER | WORKER_FACTORY_SHUTDOWN; +ENUM!{enum WORKERFACTORYINFOCLASS { + WorkerFactoryTimeout = 0, + WorkerFactoryRetryTimeout = 1, + WorkerFactoryIdleTimeout = 2, + WorkerFactoryBindingCount = 3, + WorkerFactoryThreadMinimum = 4, + WorkerFactoryThreadMaximum = 5, + WorkerFactoryPaused = 6, + WorkerFactoryBasicInformation = 7, + WorkerFactoryAdjustThreadGoal = 8, + WorkerFactoryCallbackType = 9, + WorkerFactoryStackInformation = 10, + WorkerFactoryThreadBasePriority = 11, + WorkerFactoryTimeoutWaiters = 12, + WorkerFactoryFlags = 13, + WorkerFactoryThreadSoftMaximum = 14, + MaxWorkerFactoryInfoClass = 15, +}} +pub type PWORKERFACTORYINFOCLASS = *mut WORKERFACTORYINFOCLASS; +STRUCT!{struct WORKER_FACTORY_BASIC_INFORMATION { + Timeout: LARGE_INTEGER, + RetryTimeout: LARGE_INTEGER, + IdleTimeout: LARGE_INTEGER, + Paused: BOOLEAN, + TimerSet: BOOLEAN, + QueuedToExWorker: BOOLEAN, + MayCreate: BOOLEAN, + CreateInProgress: BOOLEAN, + InsertedIntoQueue: BOOLEAN, + Shutdown: BOOLEAN, + BindingCount: ULONG, + ThreadMinimum: ULONG, + ThreadMaximum: ULONG, + PendingWorkerCount: ULONG, + WaitingWorkerCount: ULONG, + TotalWorkerCount: ULONG, + ReleaseCount: ULONG, + InfiniteWaitGoal: LONGLONG, + StartRoutine: PVOID, + StartParameter: PVOID, + ProcessId: HANDLE, + StackReserve: SIZE_T, + StackCommit: SIZE_T, + LastThreadCreationStatus: NTSTATUS, +}} +pub type PWORKER_FACTORY_BASIC_INFORMATION = *mut WORKER_FACTORY_BASIC_INFORMATION; +EXTERN!{extern "system" { + fn NtCreateWorkerFactory( + WorkerFactoryHandleReturn: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + CompletionPortHandle: HANDLE, + WorkerProcessHandle: HANDLE, + StartRoutine: PVOID, + StartParameter: PVOID, + MaxThreadCount: ULONG, + StackReserve: SIZE_T, + StackCommit: SIZE_T, + ) -> NTSTATUS; + fn NtQueryInformationWorkerFactory( + WorkerFactoryHandle: HANDLE, + WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, + WorkerFactoryInformation: PVOID, + WorkerFactoryInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtSetInformationWorkerFactory( + WorkerFactoryHandle: HANDLE, + WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, + WorkerFactoryInformation: PVOID, + WorkerFactoryInformationLength: ULONG, + ) -> NTSTATUS; + fn NtShutdownWorkerFactory( + WorkerFactoryHandle: HANDLE, + PendingWorkerCount: *mut LONG, + ) -> NTSTATUS; + fn NtReleaseWorkerFactoryWorker( + WorkerFactoryHandle: HANDLE, + ) -> NTSTATUS; + fn NtWorkerFactoryWorkerReady( + WorkerFactoryHandle: HANDLE, + ) -> NTSTATUS; + fn NtWaitForWorkViaWorkerFactory( + WorkerFactoryHandle: HANDLE, + MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION, + ) -> NTSTATUS; + fn NtQuerySystemTime( + SystemTime: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtSetSystemTime( + SystemTime: PLARGE_INTEGER, + PreviousTime: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtQueryTimerResolution( + MaximumTime: PULONG, + MinimumTime: PULONG, + CurrentTime: PULONG, + ) -> NTSTATUS; + fn NtSetTimerResolution( + DesiredTime: ULONG, + SetResolution: BOOLEAN, + ActualTime: PULONG, + ) -> NTSTATUS; + fn NtQueryPerformanceCounter( + PerformanceCounter: PLARGE_INTEGER, + PerformanceFrequency: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtAllocateLocallyUniqueId( + Luid: PLUID, + ) -> NTSTATUS; + fn NtSetUuidSeed( + Seed: PCHAR, + ) -> NTSTATUS; + fn NtAllocateUuids( + Time: PULARGE_INTEGER, + Range: PULONG, + Sequence: PULONG, + Seed: PCHAR, + ) -> NTSTATUS; +}} +ENUM!{enum SYSTEM_INFORMATION_CLASS { + SystemBasicInformation = 0, + SystemProcessorInformation = 1, + SystemPerformanceInformation = 2, + SystemTimeOfDayInformation = 3, + SystemPathInformation = 4, + SystemProcessInformation = 5, + SystemCallCountInformation = 6, + SystemDeviceInformation = 7, + SystemProcessorPerformanceInformation = 8, + SystemFlagsInformation = 9, + SystemCallTimeInformation = 10, + SystemModuleInformation = 11, + SystemLocksInformation = 12, + SystemStackTraceInformation = 13, + SystemPagedPoolInformation = 14, + SystemNonPagedPoolInformation = 15, + SystemHandleInformation = 16, + SystemObjectInformation = 17, + SystemPageFileInformation = 18, + SystemVdmInstemulInformation = 19, + SystemVdmBopInformation = 20, + SystemFileCacheInformation = 21, + SystemPoolTagInformation = 22, + SystemInterruptInformation = 23, + SystemDpcBehaviorInformation = 24, + SystemFullMemoryInformation = 25, + SystemLoadGdiDriverInformation = 26, + SystemUnloadGdiDriverInformation = 27, + SystemTimeAdjustmentInformation = 28, + SystemSummaryMemoryInformation = 29, + SystemMirrorMemoryInformation = 30, + SystemPerformanceTraceInformation = 31, + SystemObsolete0 = 32, + SystemExceptionInformation = 33, + SystemCrashDumpStateInformation = 34, + SystemKernelDebuggerInformation = 35, + SystemContextSwitchInformation = 36, + SystemRegistryQuotaInformation = 37, + SystemExtendServiceTableInformation = 38, + SystemPrioritySeperation = 39, + SystemVerifierAddDriverInformation = 40, + SystemVerifierRemoveDriverInformation = 41, + SystemProcessorIdleInformation = 42, + SystemLegacyDriverInformation = 43, + SystemCurrentTimeZoneInformation = 44, + SystemLookasideInformation = 45, + SystemTimeSlipNotification = 46, + SystemSessionCreate = 47, + SystemSessionDetach = 48, + SystemSessionInformation = 49, + SystemRangeStartInformation = 50, + SystemVerifierInformation = 51, + SystemVerifierThunkExtend = 52, + SystemSessionProcessInformation = 53, + SystemLoadGdiDriverInSystemSpace = 54, + SystemNumaProcessorMap = 55, + SystemPrefetcherInformation = 56, + SystemExtendedProcessInformation = 57, + SystemRecommendedSharedDataAlignment = 58, + SystemComPlusPackage = 59, + SystemNumaAvailableMemory = 60, + SystemProcessorPowerInformation = 61, + SystemEmulationBasicInformation = 62, + SystemEmulationProcessorInformation = 63, + SystemExtendedHandleInformation = 64, + SystemLostDelayedWriteInformation = 65, + SystemBigPoolInformation = 66, + SystemSessionPoolTagInformation = 67, + SystemSessionMappedViewInformation = 68, + SystemHotpatchInformation = 69, + SystemObjectSecurityMode = 70, + SystemWatchdogTimerHandler = 71, + SystemWatchdogTimerInformation = 72, + SystemLogicalProcessorInformation = 73, + SystemWow64SharedInformationObsolete = 74, + SystemRegisterFirmwareTableInformationHandler = 75, + SystemFirmwareTableInformation = 76, + SystemModuleInformationEx = 77, + SystemVerifierTriageInformation = 78, + SystemSuperfetchInformation = 79, + SystemMemoryListInformation = 80, + SystemFileCacheInformationEx = 81, + SystemThreadPriorityClientIdInformation = 82, + SystemProcessorIdleCycleTimeInformation = 83, + SystemVerifierCancellationInformation = 84, + SystemProcessorPowerInformationEx = 85, + SystemRefTraceInformation = 86, + SystemSpecialPoolInformation = 87, + SystemProcessIdInformation = 88, + SystemErrorPortInformation = 89, + SystemBootEnvironmentInformation = 90, + SystemHypervisorInformation = 91, + SystemVerifierInformationEx = 92, + SystemTimeZoneInformation = 93, + SystemImageFileExecutionOptionsInformation = 94, + SystemCoverageInformation = 95, + SystemPrefetchPatchInformation = 96, + SystemVerifierFaultsInformation = 97, + SystemSystemPartitionInformation = 98, + SystemSystemDiskInformation = 99, + SystemProcessorPerformanceDistribution = 100, + SystemNumaProximityNodeInformation = 101, + SystemDynamicTimeZoneInformation = 102, + SystemCodeIntegrityInformation = 103, + SystemProcessorMicrocodeUpdateInformation = 104, + SystemProcessorBrandString = 105, + SystemVirtualAddressInformation = 106, + SystemLogicalProcessorAndGroupInformation = 107, + SystemProcessorCycleTimeInformation = 108, + SystemStoreInformation = 109, + SystemRegistryAppendString = 110, + SystemAitSamplingValue = 111, + SystemVhdBootInformation = 112, + SystemCpuQuotaInformation = 113, + SystemNativeBasicInformation = 114, + SystemSpare1 = 115, + SystemLowPriorityIoInformation = 116, + SystemTpmBootEntropyInformation = 117, + SystemVerifierCountersInformation = 118, + SystemPagedPoolInformationEx = 119, + SystemSystemPtesInformationEx = 120, + SystemNodeDistanceInformation = 121, + SystemAcpiAuditInformation = 122, + SystemBasicPerformanceInformation = 123, + SystemQueryPerformanceCounterInformation = 124, + SystemSessionBigPoolInformation = 125, + SystemBootGraphicsInformation = 126, + SystemScrubPhysicalMemoryInformation = 127, + SystemBadPageInformation = 128, + SystemProcessorProfileControlArea = 129, + SystemCombinePhysicalMemoryInformation = 130, + SystemEntropyInterruptTimingCallback = 131, + SystemConsoleInformation = 132, + SystemPlatformBinaryInformation = 133, + SystemThrottleNotificationInformation = 134, + SystemHypervisorProcessorCountInformation = 135, + SystemDeviceDataInformation = 136, + SystemDeviceDataEnumerationInformation = 137, + SystemMemoryTopologyInformation = 138, + SystemMemoryChannelInformation = 139, + SystemBootLogoInformation = 140, + SystemProcessorPerformanceInformationEx = 141, + SystemSpare0 = 142, + SystemSecureBootPolicyInformation = 143, + SystemPageFileInformationEx = 144, + SystemSecureBootInformation = 145, + SystemEntropyInterruptTimingRawInformation = 146, + SystemPortableWorkspaceEfiLauncherInformation = 147, + SystemFullProcessInformation = 148, + SystemKernelDebuggerInformationEx = 149, + SystemBootMetadataInformation = 150, + SystemSoftRebootInformation = 151, + SystemElamCertificateInformation = 152, + SystemOfflineDumpConfigInformation = 153, + SystemProcessorFeaturesInformation = 154, + SystemRegistryReconciliationInformation = 155, + SystemEdidInformation = 156, + SystemManufacturingInformation = 157, + SystemEnergyEstimationConfigInformation = 158, + SystemHypervisorDetailInformation = 159, + SystemProcessorCycleStatsInformation = 160, + SystemVmGenerationCountInformation = 161, + SystemTrustedPlatformModuleInformation = 162, + SystemKernelDebuggerFlags = 163, + SystemCodeIntegrityPolicyInformation = 164, + SystemIsolatedUserModeInformation = 165, + SystemHardwareSecurityTestInterfaceResultsInformation = 166, + SystemSingleModuleInformation = 167, + SystemAllowedCpuSetsInformation = 168, + SystemVsmProtectionInformation = 169, + SystemInterruptCpuSetsInformation = 170, + SystemSecureBootPolicyFullInformation = 171, + SystemCodeIntegrityPolicyFullInformation = 172, + SystemAffinitizedInterruptProcessorInformation = 173, + SystemRootSiloInformation = 174, + SystemCpuSetInformation = 175, + SystemCpuSetTagInformation = 176, + SystemWin32WerStartCallout = 177, + SystemSecureKernelProfileInformation = 178, + SystemCodeIntegrityPlatformManifestInformation = 179, + SystemInterruptSteeringInformation = 180, + SystemSupportedProcessorArchitectures = 181, + SystemMemoryUsageInformation = 182, + SystemCodeIntegrityCertificateInformation = 183, + SystemPhysicalMemoryInformation = 184, + SystemControlFlowTransition = 185, + SystemKernelDebuggingAllowed = 186, + SystemActivityModerationExeState = 187, + SystemActivityModerationUserSettings = 188, + SystemCodeIntegrityPoliciesFullInformation = 189, + SystemCodeIntegrityUnlockInformation = 190, + SystemIntegrityQuotaInformation = 191, + SystemFlushInformation = 192, + SystemProcessorIdleMaskInformation = 193, + SystemSecureDumpEncryptionInformation = 194, + SystemWriteConstraintInformation = 195, + SystemKernelVaShadowInformation = 196, + SystemHypervisorSharedPageInformation = 197, + SystemFirmwareBootPerformanceInformation = 198, + SystemCodeIntegrityVerificationInformation = 199, + SystemFirmwarePartitionInformation = 200, + SystemSpeculationControlInformation = 201, + SystemDmaGuardPolicyInformation = 202, + SystemEnclaveLaunchControlInformation = 203, + SystemWorkloadAllowedCpuSetsInformation = 204, + SystemCodeIntegrityUnlockModeInformation = 205, + SystemLeapSecondInformation = 206, + SystemFlags2Information = 207, + MaxSystemInfoClass = 208, +}} +STRUCT!{struct SYSTEM_BASIC_INFORMATION { + Reserved: ULONG, + TimerResolution: ULONG, + PageSize: ULONG, + NumberOfPhysicalPages: ULONG, + LowestPhysicalPageNumber: ULONG, + HighestPhysicalPageNumber: ULONG, + AllocationGranularity: ULONG, + MinimumUserModeAddress: ULONG_PTR, + MaximumUserModeAddress: ULONG_PTR, + ActiveProcessorsAffinityMask: ULONG_PTR, + NumberOfProcessors: CCHAR, +}} +pub type PSYSTEM_BASIC_INFORMATION = *mut SYSTEM_BASIC_INFORMATION; +STRUCT!{struct SYSTEM_PROCESSOR_INFORMATION { + ProcessorArchitecture: USHORT, + ProcessorLevel: USHORT, + ProcessorRevision: USHORT, + MaximumProcessors: USHORT, + ProcessorFeatureBits: ULONG, +}} +pub type PSYSTEM_PROCESSOR_INFORMATION = *mut SYSTEM_PROCESSOR_INFORMATION; +STRUCT!{struct SYSTEM_PERFORMANCE_INFORMATION { + IdleProcessTime: LARGE_INTEGER, + IoReadTransferCount: LARGE_INTEGER, + IoWriteTransferCount: LARGE_INTEGER, + IoOtherTransferCount: LARGE_INTEGER, + IoReadOperationCount: ULONG, + IoWriteOperationCount: ULONG, + IoOtherOperationCount: ULONG, + AvailablePages: ULONG, + CommittedPages: ULONG, + CommitLimit: ULONG, + PeakCommitment: ULONG, + PageFaultCount: ULONG, + CopyOnWriteCount: ULONG, + TransitionCount: ULONG, + CacheTransitionCount: ULONG, + DemandZeroCount: ULONG, + PageReadCount: ULONG, + PageReadIoCount: ULONG, + CacheReadCount: ULONG, + CacheIoCount: ULONG, + DirtyPagesWriteCount: ULONG, + DirtyWriteIoCount: ULONG, + MappedPagesWriteCount: ULONG, + MappedWriteIoCount: ULONG, + PagedPoolPages: ULONG, + NonPagedPoolPages: ULONG, + PagedPoolAllocs: ULONG, + PagedPoolFrees: ULONG, + NonPagedPoolAllocs: ULONG, + NonPagedPoolFrees: ULONG, + FreeSystemPtes: ULONG, + ResidentSystemCodePage: ULONG, + TotalSystemDriverPages: ULONG, + TotalSystemCodePages: ULONG, + NonPagedPoolLookasideHits: ULONG, + PagedPoolLookasideHits: ULONG, + AvailablePagedPoolPages: ULONG, + ResidentSystemCachePage: ULONG, + ResidentPagedPoolPage: ULONG, + ResidentSystemDriverPage: ULONG, + CcFastReadNoWait: ULONG, + CcFastReadWait: ULONG, + CcFastReadResourceMiss: ULONG, + CcFastReadNotPossible: ULONG, + CcFastMdlReadNoWait: ULONG, + CcFastMdlReadWait: ULONG, + CcFastMdlReadResourceMiss: ULONG, + CcFastMdlReadNotPossible: ULONG, + CcMapDataNoWait: ULONG, + CcMapDataWait: ULONG, + CcMapDataNoWaitMiss: ULONG, + CcMapDataWaitMiss: ULONG, + CcPinMappedDataCount: ULONG, + CcPinReadNoWait: ULONG, + CcPinReadWait: ULONG, + CcPinReadNoWaitMiss: ULONG, + CcPinReadWaitMiss: ULONG, + CcCopyReadNoWait: ULONG, + CcCopyReadWait: ULONG, + CcCopyReadNoWaitMiss: ULONG, + CcCopyReadWaitMiss: ULONG, + CcMdlReadNoWait: ULONG, + CcMdlReadWait: ULONG, + CcMdlReadNoWaitMiss: ULONG, + CcMdlReadWaitMiss: ULONG, + CcReadAheadIos: ULONG, + CcLazyWriteIos: ULONG, + CcLazyWritePages: ULONG, + CcDataFlushes: ULONG, + CcDataPages: ULONG, + ContextSwitches: ULONG, + FirstLevelTbFills: ULONG, + SecondLevelTbFills: ULONG, + SystemCalls: ULONG, + CcTotalDirtyPages: ULONGLONG, + CcDirtyPageThreshold: ULONGLONG, + ResidentAvailablePages: LONGLONG, + SharedCommittedPages: ULONGLONG, +}} +pub type PSYSTEM_PERFORMANCE_INFORMATION = *mut SYSTEM_PERFORMANCE_INFORMATION; +STRUCT!{struct SYSTEM_TIMEOFDAY_INFORMATION { + BootTime: LARGE_INTEGER, + CurrentTime: LARGE_INTEGER, + TimeZoneBias: LARGE_INTEGER, + TimeZoneId: ULONG, + Reserved: ULONG, + BootTimeBias: ULONGLONG, + SleepTimeBias: ULONGLONG, +}} +pub type PSYSTEM_TIMEOFDAY_INFORMATION = *mut SYSTEM_TIMEOFDAY_INFORMATION; +STRUCT!{struct SYSTEM_THREAD_INFORMATION { + KernelTime: LARGE_INTEGER, + UserTime: LARGE_INTEGER, + CreateTime: LARGE_INTEGER, + WaitTime: ULONG, + StartAddress: PVOID, + ClientId: CLIENT_ID, + Priority: KPRIORITY, + BasePriority: LONG, + ContextSwitches: ULONG, + ThreadState: KTHREAD_STATE, + WaitReason: KWAIT_REASON, +}} +pub type PSYSTEM_THREAD_INFORMATION = *mut SYSTEM_THREAD_INFORMATION; +STRUCT!{struct SYSTEM_EXTENDED_THREAD_INFORMATION { + ThreadInfo: SYSTEM_THREAD_INFORMATION, + StackBase: PVOID, + StackLimit: PVOID, + Win32StartAddress: PVOID, + TebBase: PTEB, + Reserved2: ULONG_PTR, + Reserved3: ULONG_PTR, + Reserved4: ULONG_PTR, +}} +pub type PSYSTEM_EXTENDED_THREAD_INFORMATION = *mut SYSTEM_EXTENDED_THREAD_INFORMATION; +STRUCT!{struct SYSTEM_PROCESS_INFORMATION { + NextEntryOffset: ULONG, + NumberOfThreads: ULONG, + WorkingSetPrivateSize: LARGE_INTEGER, + HardFaultCount: ULONG, + NumberOfThreadsHighWatermark: ULONG, + CycleTime: ULONGLONG, + CreateTime: LARGE_INTEGER, + UserTime: LARGE_INTEGER, + KernelTime: LARGE_INTEGER, + ImageName: UNICODE_STRING, + BasePriority: KPRIORITY, + UniqueProcessId: HANDLE, + InheritedFromUniqueProcessId: HANDLE, + HandleCount: ULONG, + SessionId: ULONG, + UniqueProcessKey: ULONG_PTR, + PeakVirtualSize: SIZE_T, + VirtualSize: SIZE_T, + PageFaultCount: ULONG, + PeakWorkingSetSize: SIZE_T, + WorkingSetSize: SIZE_T, + QuotaPeakPagedPoolUsage: SIZE_T, + QuotaPagedPoolUsage: SIZE_T, + QuotaPeakNonPagedPoolUsage: SIZE_T, + QuotaNonPagedPoolUsage: SIZE_T, + PagefileUsage: SIZE_T, + PeakPagefileUsage: SIZE_T, + PrivatePageCount: SIZE_T, + ReadOperationCount: LARGE_INTEGER, + WriteOperationCount: LARGE_INTEGER, + OtherOperationCount: LARGE_INTEGER, + ReadTransferCount: LARGE_INTEGER, + WriteTransferCount: LARGE_INTEGER, + OtherTransferCount: LARGE_INTEGER, + Threads: [SYSTEM_THREAD_INFORMATION; 1], +}} +pub type PSYSTEM_PROCESS_INFORMATION = *mut SYSTEM_PROCESS_INFORMATION; +STRUCT!{struct SYSTEM_CALL_COUNT_INFORMATION { + Length: ULONG, + NumberOfTables: ULONG, +}} +pub type PSYSTEM_CALL_COUNT_INFORMATION = *mut SYSTEM_CALL_COUNT_INFORMATION; +STRUCT!{struct SYSTEM_DEVICE_INFORMATION { + NumberOfDisks: ULONG, + NumberOfFloppies: ULONG, + NumberOfCdRoms: ULONG, + NumberOfTapes: ULONG, + NumberOfSerialPorts: ULONG, + NumberOfParallelPorts: ULONG, +}} +pub type PSYSTEM_DEVICE_INFORMATION = *mut SYSTEM_DEVICE_INFORMATION; +STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION { + IdleTime: LARGE_INTEGER, + KernelTime: LARGE_INTEGER, + UserTime: LARGE_INTEGER, + DpcTime: LARGE_INTEGER, + InterruptTime: LARGE_INTEGER, + InterruptCount: ULONG, +}} +pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION = *mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; +STRUCT!{struct SYSTEM_FLAGS_INFORMATION { + Flags: ULONG, +}} +pub type PSYSTEM_FLAGS_INFORMATION = *mut SYSTEM_FLAGS_INFORMATION; +STRUCT!{struct SYSTEM_CALL_TIME_INFORMATION { + Length: ULONG, + TotalCalls: ULONG, + TimeOfCalls: [LARGE_INTEGER; 1], +}} +pub type PSYSTEM_CALL_TIME_INFORMATION = *mut SYSTEM_CALL_TIME_INFORMATION; +STRUCT!{struct RTL_PROCESS_LOCK_INFORMATION { + Address: PVOID, + Type: USHORT, + CreatorBackTraceIndex: USHORT, + OwningThread: HANDLE, + LockCount: LONG, + ContentionCount: ULONG, + EntryCount: ULONG, + RecursionCount: LONG, + NumberOfWaitingShared: ULONG, + NumberOfWaitingExclusive: ULONG, +}} +pub type PRTL_PROCESS_LOCK_INFORMATION = *mut RTL_PROCESS_LOCK_INFORMATION; +STRUCT!{struct RTL_PROCESS_LOCKS { + NumberOfLocks: ULONG, + Locks: [RTL_PROCESS_LOCK_INFORMATION; 1], +}} +pub type PRTL_PROCESS_LOCKS = *mut RTL_PROCESS_LOCKS; +STRUCT!{struct RTL_PROCESS_BACKTRACE_INFORMATION { + SymbolicBackTrace: PCHAR, + TraceCount: ULONG, + Index: USHORT, + Depth: USHORT, + BackTrace: [PVOID; 32], +}} +pub type PRTL_PROCESS_BACKTRACE_INFORMATION = *mut RTL_PROCESS_BACKTRACE_INFORMATION; +STRUCT!{struct RTL_PROCESS_BACKTRACES { + CommittedMemory: ULONG, + ReservedMemory: ULONG, + NumberOfBackTraceLookups: ULONG, + NumberOfBackTraces: ULONG, + BackTraces: [RTL_PROCESS_BACKTRACE_INFORMATION; 1], +}} +pub type PRTL_PROCESS_BACKTRACES = *mut RTL_PROCESS_BACKTRACES; +STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO { + UniqueProcessId: USHORT, + CreatorBackTraceIndex: USHORT, + ObjectTypeIndex: UCHAR, + HandleAttributes: UCHAR, + HandleValue: USHORT, + Object: PVOID, + GrantedAccess: ULONG, +}} +pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO; +STRUCT!{struct SYSTEM_HANDLE_INFORMATION { + NumberOfHandles: ULONG, + Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO; 1], +}} +pub type PSYSTEM_HANDLE_INFORMATION = *mut SYSTEM_HANDLE_INFORMATION; +STRUCT!{struct SYSTEM_OBJECTTYPE_INFORMATION { + NextEntryOffset: ULONG, + NumberOfObjects: ULONG, + NumberOfHandles: ULONG, + TypeIndex: ULONG, + InvalidAttributes: ULONG, + GenericMapping: GENERIC_MAPPING, + ValidAccessMask: ULONG, + PoolType: ULONG, + SecurityRequired: BOOLEAN, + WaitableObject: BOOLEAN, + TypeName: UNICODE_STRING, +}} +pub type PSYSTEM_OBJECTTYPE_INFORMATION = *mut SYSTEM_OBJECTTYPE_INFORMATION; +STRUCT!{struct SYSTEM_OBJECT_INFORMATION { + NextEntryOffset: ULONG, + Object: PVOID, + CreatorUniqueProcess: HANDLE, + CreatorBackTraceIndex: USHORT, + Flags: USHORT, + PointerCount: LONG, + HandleCount: LONG, + PagedPoolCharge: ULONG, + NonPagedPoolCharge: ULONG, + ExclusiveProcessId: HANDLE, + SecurityDescriptor: PVOID, + NameInfo: UNICODE_STRING, +}} +pub type PSYSTEM_OBJECT_INFORMATION = *mut SYSTEM_OBJECT_INFORMATION; +STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION { + NextEntryOffset: ULONG, + TotalSize: ULONG, + TotalInUse: ULONG, + PeakUsage: ULONG, + PageFileName: UNICODE_STRING, +}} +pub type PSYSTEM_PAGEFILE_INFORMATION = *mut SYSTEM_PAGEFILE_INFORMATION; +pub const MM_WORKING_SET_MAX_HARD_ENABLE: ULONG = 0x1; +pub const MM_WORKING_SET_MAX_HARD_DISABLE: ULONG = 0x2; +pub const MM_WORKING_SET_MIN_HARD_ENABLE: ULONG = 0x4; +pub const MM_WORKING_SET_MIN_HARD_DISABLE: ULONG = 0x8; +STRUCT!{struct SYSTEM_FILECACHE_INFORMATION { + CurrentSize: SIZE_T, + PeakSize: SIZE_T, + PageFaultCount: ULONG, + MinimumWorkingSet: SIZE_T, + MaximumWorkingSet: SIZE_T, + CurrentSizeIncludingTransitionInPages: SIZE_T, + PeakSizeIncludingTransitionInPages: SIZE_T, + TransitionRePurposeCount: ULONG, + Flags: ULONG, +}} +pub type PSYSTEM_FILECACHE_INFORMATION = *mut SYSTEM_FILECACHE_INFORMATION; +STRUCT!{struct SYSTEM_BASIC_WORKING_SET_INFORMATION { + CurrentSize: SIZE_T, + PeakSize: SIZE_T, + PageFaultCount: ULONG, +}} +pub type PSYSTEM_BASIC_WORKING_SET_INFORMATION = *mut SYSTEM_BASIC_WORKING_SET_INFORMATION; +UNION!{union SYSTEM_POOLTAG_u { + Tag: [UCHAR; 4], + TagUlong: ULONG, +}} +STRUCT!{struct SYSTEM_POOLTAG { + u: SYSTEM_POOLTAG_u, + PagedAllocs: ULONG, + PagedFrees: ULONG, + PagedUsed: SIZE_T, + NonPagedAllocs: ULONG, + NonPagedFrees: ULONG, + NonPagedUsed: SIZE_T, +}} +pub type PSYSTEM_POOLTAG = *mut SYSTEM_POOLTAG; +STRUCT!{struct SYSTEM_POOLTAG_INFORMATION { + Count: ULONG, + TagInfo: [SYSTEM_POOLTAG; 1], +}} +pub type PSYSTEM_POOLTAG_INFORMATION = *mut SYSTEM_POOLTAG_INFORMATION; +STRUCT!{struct SYSTEM_INTERRUPT_INFORMATION { + ContextSwitches: ULONG, + DpcCount: ULONG, + DpcRate: ULONG, + TimeIncrement: ULONG, + DpcBypassCount: ULONG, + ApcBypassCount: ULONG, +}} +pub type PSYSTEM_INTERRUPT_INFORMATION = *mut SYSTEM_INTERRUPT_INFORMATION; +STRUCT!{struct SYSTEM_DPC_BEHAVIOR_INFORMATION { + Spare: ULONG, + DpcQueueDepth: ULONG, + MinimumDpcRate: ULONG, + AdjustDpcThreshold: ULONG, + IdealDpcRate: ULONG, +}} +pub type PSYSTEM_DPC_BEHAVIOR_INFORMATION = *mut SYSTEM_DPC_BEHAVIOR_INFORMATION; +STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION { + TimeAdjustment: ULONG, + TimeIncrement: ULONG, + Enable: BOOLEAN, +}} +pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION = *mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION; +STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE { + TimeAdjustment: ULONGLONG, + TimeIncrement: ULONGLONG, + Enable: BOOLEAN, +}} +pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE = + *mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE; +STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION { + TimeAdjustment: ULONG, + Enable: BOOLEAN, +}} +pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION = *mut SYSTEM_SET_TIME_ADJUST_INFORMATION; +STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE { + TimeAdjustment: ULONGLONG, + Enable: BOOLEAN, +}} +pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE = + *mut SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE; +ENUM!{enum EVENT_TRACE_INFORMATION_CLASS { + EventTraceKernelVersionInformation = 0, + EventTraceGroupMaskInformation = 1, + EventTracePerformanceInformation = 2, + EventTraceTimeProfileInformation = 3, + EventTraceSessionSecurityInformation = 4, + EventTraceSpinlockInformation = 5, + EventTraceStackTracingInformation = 6, + EventTraceExecutiveResourceInformation = 7, + EventTraceHeapTracingInformation = 8, + EventTraceHeapSummaryTracingInformation = 9, + EventTracePoolTagFilterInformation = 10, + EventTracePebsTracingInformation = 11, + EventTraceProfileConfigInformation = 12, + EventTraceProfileSourceListInformation = 13, + EventTraceProfileEventListInformation = 14, + EventTraceProfileCounterListInformation = 15, + EventTraceStackCachingInformation = 16, + EventTraceObjectTypeFilterInformation = 17, + EventTraceSoftRestartInformation = 18, + EventTraceLastBranchConfigurationInformation = 19, + EventTraceLastBranchEventListInformation = 20, + EventTraceProfileSourceAddInformation = 21, + EventTraceProfileSourceRemoveInformation = 22, + EventTraceProcessorTraceConfigurationInformation = 23, + EventTraceProcessorTraceEventListInformation = 24, + EventTraceCoverageSamplerInformation = 25, + MaxEventTraceInfoClass = 26, +}} +STRUCT!{struct EVENT_TRACE_VERSION_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + EventTraceKernelVersion: ULONG, +}} +pub type PEVENT_TRACE_VERSION_INFORMATION = *mut EVENT_TRACE_VERSION_INFORMATION; +STRUCT!{struct PERFINFO_GROUPMASK { + Masks: [ULONG; 8], +}} +pub type PPERFINFO_GROUPMASK = *mut PERFINFO_GROUPMASK; +STRUCT!{struct EVENT_TRACE_GROUPMASK_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + TraceHandle: HANDLE, + EventTraceGroupMasks: PERFINFO_GROUPMASK, +}} +pub type PEVENT_TRACE_GROUPMASK_INFORMATION = *mut EVENT_TRACE_GROUPMASK_INFORMATION; +STRUCT!{struct EVENT_TRACE_PERFORMANCE_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + LogfileBytesWritten: LARGE_INTEGER, +}} +pub type PEVENT_TRACE_PERFORMANCE_INFORMATION = *mut EVENT_TRACE_PERFORMANCE_INFORMATION; +STRUCT!{struct EVENT_TRACE_TIME_PROFILE_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + ProfileInterval: ULONG, +}} +pub type PEVENT_TRACE_TIME_PROFILE_INFORMATION = *mut EVENT_TRACE_TIME_PROFILE_INFORMATION; +STRUCT!{struct EVENT_TRACE_SESSION_SECURITY_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + SecurityInformation: ULONG, + TraceHandle: HANDLE, + SecurityDescriptor: [UCHAR; 1], +}} +pub type PEVENT_TRACE_SESSION_SECURITY_INFORMATION = *mut EVENT_TRACE_SESSION_SECURITY_INFORMATION; +STRUCT!{struct EVENT_TRACE_SPINLOCK_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + SpinLockSpinThreshold: ULONG, + SpinLockAcquireSampleRate: ULONG, + SpinLockContentionSampleRate: ULONG, + SpinLockHoldThreshold: ULONG, +}} +pub type PEVENT_TRACE_SPINLOCK_INFORMATION = *mut EVENT_TRACE_SPINLOCK_INFORMATION; +STRUCT!{struct EVENT_TRACE_SYSTEM_EVENT_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + TraceHandle: HANDLE, + HookId: [ULONG; 1], +}} +pub type PEVENT_TRACE_SYSTEM_EVENT_INFORMATION = *mut EVENT_TRACE_SYSTEM_EVENT_INFORMATION; +STRUCT!{struct EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + ReleaseSamplingRate: ULONG, + ContentionSamplingRate: ULONG, + NumberOfExcessiveTimeouts: ULONG, +}} +pub type PEVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION = + *mut EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION; +STRUCT!{struct EVENT_TRACE_HEAP_TRACING_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + ProcessId: ULONG, +}} +pub type PEVENT_TRACE_HEAP_TRACING_INFORMATION = *mut EVENT_TRACE_HEAP_TRACING_INFORMATION; +STRUCT!{struct EVENT_TRACE_TAG_FILTER_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + TraceHandle: HANDLE, + Filter: [ULONG; 1], +}} +pub type PEVENT_TRACE_TAG_FILTER_INFORMATION = *mut EVENT_TRACE_TAG_FILTER_INFORMATION; +STRUCT!{struct EVENT_TRACE_PROFILE_COUNTER_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + TraceHandle: HANDLE, + ProfileSource: [ULONG; 1], +}} +pub type PEVENT_TRACE_PROFILE_COUNTER_INFORMATION = *mut EVENT_TRACE_PROFILE_COUNTER_INFORMATION; +STRUCT!{struct EVENT_TRACE_PROFILE_LIST_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + Spare: ULONG, + Profile: [*mut PROFILE_SOURCE_INFO; 1], +}} +pub type PEVENT_TRACE_PROFILE_LIST_INFORMATION = *mut EVENT_TRACE_PROFILE_LIST_INFORMATION; +STRUCT!{struct EVENT_TRACE_STACK_CACHING_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + TraceHandle: HANDLE, + Enabled: BOOLEAN, + Reserved: [UCHAR; 3], + CacheSize: ULONG, + BucketCount: ULONG, +}} +pub type PEVENT_TRACE_STACK_CACHING_INFORMATION = *mut EVENT_TRACE_STACK_CACHING_INFORMATION; +STRUCT!{struct EVENT_TRACE_SOFT_RESTART_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + TraceHandle: HANDLE, + PersistTraceBuffers: BOOLEAN, + FileName: [WCHAR; 1], +}} +pub type PEVENT_TRACE_SOFT_RESTART_INFORMATION = *mut EVENT_TRACE_SOFT_RESTART_INFORMATION; +STRUCT!{struct EVENT_TRACE_PROFILE_ADD_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + PerfEvtEventSelect: BOOLEAN, + PerfEvtUnitSelect: BOOLEAN, + PerfEvtType: ULONG, + CpuInfoHierarchy: [ULONG; 3], + InitialInterval: ULONG, + AllowsHalt: BOOLEAN, + Persist: BOOLEAN, + ProfileSourceDescription: [WCHAR; 1], +}} +pub type PEVENT_TRACE_PROFILE_ADD_INFORMATION = *mut EVENT_TRACE_PROFILE_ADD_INFORMATION; +STRUCT!{struct EVENT_TRACE_PROFILE_REMOVE_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + ProfileSource: KPROFILE_SOURCE, + CpuInfoHierarchy: [ULONG; 3], +}} +pub type PEVENT_TRACE_PROFILE_REMOVE_INFORMATION = *mut EVENT_TRACE_PROFILE_REMOVE_INFORMATION; +STRUCT!{struct EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION { + EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + CoverageSamplerInformationClass: BOOLEAN, + MajorVersion: UCHAR, + MinorVersion: UCHAR, + Reserved: UCHAR, + SamplerHandle: HANDLE, +}} +pub type PEVENT_TRACE_COVERAGE_SAMPLER_INFORMATION = *mut EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION; +STRUCT!{struct SYSTEM_EXCEPTION_INFORMATION { + AlignmentFixupCount: ULONG, + ExceptionDispatchCount: ULONG, + FloatingEmulationCount: ULONG, + ByteWordEmulationCount: ULONG, +}} +pub type PSYSTEM_EXCEPTION_INFORMATION = *mut SYSTEM_EXCEPTION_INFORMATION; +STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION { + KernelDebuggerEnabled: BOOLEAN, + KernelDebuggerNotPresent: BOOLEAN, +}} +pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION; +STRUCT!{struct SYSTEM_CONTEXT_SWITCH_INFORMATION { + ContextSwitches: ULONG, + FindAny: ULONG, + FindLast: ULONG, + FindIdeal: ULONG, + IdleAny: ULONG, + IdleCurrent: ULONG, + IdleLast: ULONG, + IdleIdeal: ULONG, + PreemptAny: ULONG, + PreemptCurrent: ULONG, + PreemptLast: ULONG, + SwitchToIdle: ULONG, +}} +pub type PSYSTEM_CONTEXT_SWITCH_INFORMATION = *mut SYSTEM_CONTEXT_SWITCH_INFORMATION; +STRUCT!{struct SYSTEM_REGISTRY_QUOTA_INFORMATION { + RegistryQuotaAllowed: ULONG, + RegistryQuotaUsed: ULONG, + PagedPoolSize: SIZE_T, +}} +pub type PSYSTEM_REGISTRY_QUOTA_INFORMATION = *mut SYSTEM_REGISTRY_QUOTA_INFORMATION; +STRUCT!{struct SYSTEM_PROCESSOR_IDLE_INFORMATION { + IdleTime: ULONGLONG, + C1Time: ULONGLONG, + C2Time: ULONGLONG, + C3Time: ULONGLONG, + C1Transitions: ULONG, + C2Transitions: ULONG, + C3Transitions: ULONG, + Padding: ULONG, +}} +pub type PSYSTEM_PROCESSOR_IDLE_INFORMATION = *mut SYSTEM_PROCESSOR_IDLE_INFORMATION; +STRUCT!{struct SYSTEM_LEGACY_DRIVER_INFORMATION { + VetoType: ULONG, + VetoList: UNICODE_STRING, +}} +pub type PSYSTEM_LEGACY_DRIVER_INFORMATION = *mut SYSTEM_LEGACY_DRIVER_INFORMATION; +STRUCT!{struct SYSTEM_LOOKASIDE_INFORMATION { + CurrentDepth: USHORT, + MaximumDepth: USHORT, + TotalAllocates: ULONG, + AllocateMisses: ULONG, + TotalFrees: ULONG, + FreeMisses: ULONG, + Type: ULONG, + Tag: ULONG, + Size: ULONG, +}} +pub type PSYSTEM_LOOKASIDE_INFORMATION = *mut SYSTEM_LOOKASIDE_INFORMATION; +STRUCT!{struct SYSTEM_RANGE_START_INFORMATION { + SystemRangeStart: PVOID, +}} +pub type PSYSTEM_RANGE_START_INFORMATION = *mut SYSTEM_RANGE_START_INFORMATION; +STRUCT!{struct SYSTEM_VERIFIER_INFORMATION { + NextEntryOffset: ULONG, + Level: ULONG, + DriverName: UNICODE_STRING, + RaiseIrqls: ULONG, + AcquireSpinLocks: ULONG, + SynchronizeExecutions: ULONG, + AllocationsAttempted: ULONG, + AllocationsSucceeded: ULONG, + AllocationsSucceededSpecialPool: ULONG, + AllocationsWithNoTag: ULONG, + TrimRequests: ULONG, + Trims: ULONG, + AllocationsFailed: ULONG, + AllocationsFailedDeliberately: ULONG, + Loads: ULONG, + Unloads: ULONG, + UnTrackedPool: ULONG, + CurrentPagedPoolAllocations: ULONG, + CurrentNonPagedPoolAllocations: ULONG, + PeakPagedPoolAllocations: ULONG, + PeakNonPagedPoolAllocations: ULONG, + PagedPoolUsageInBytes: SIZE_T, + NonPagedPoolUsageInBytes: SIZE_T, + PeakPagedPoolUsageInBytes: SIZE_T, + PeakNonPagedPoolUsageInBytes: SIZE_T, +}} +pub type PSYSTEM_VERIFIER_INFORMATION = *mut SYSTEM_VERIFIER_INFORMATION; +STRUCT!{struct SYSTEM_SESSION_PROCESS_INFORMATION { + SessionId: ULONG, + SizeOfBuf: ULONG, + Buffer: PVOID, +}} +pub type PSYSTEM_SESSION_PROCESS_INFORMATION = *mut SYSTEM_SESSION_PROCESS_INFORMATION; +STRUCT!{struct SYSTEM_PROCESSOR_POWER_INFORMATION { + CurrentFrequency: UCHAR, + ThermalLimitFrequency: UCHAR, + ConstantThrottleFrequency: UCHAR, + DegradedThrottleFrequency: UCHAR, + LastBusyFrequency: UCHAR, + LastC3Frequency: UCHAR, + LastAdjustedBusyFrequency: UCHAR, + ProcessorMinThrottle: UCHAR, + ProcessorMaxThrottle: UCHAR, + NumberOfFrequencies: ULONG, + PromotionCount: ULONG, + DemotionCount: ULONG, + ErrorCount: ULONG, + RetryCount: ULONG, + CurrentFrequencyTime: ULONGLONG, + CurrentProcessorTime: ULONGLONG, + CurrentProcessorIdleTime: ULONGLONG, + LastProcessorTime: ULONGLONG, + LastProcessorIdleTime: ULONGLONG, + Energy: ULONGLONG, +}} +pub type PSYSTEM_PROCESSOR_POWER_INFORMATION = *mut SYSTEM_PROCESSOR_POWER_INFORMATION; +STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX { + Object: PVOID, + UniqueProcessId: ULONG_PTR, + HandleValue: ULONG_PTR, + GrantedAccess: ULONG, + CreatorBackTraceIndex: USHORT, + ObjectTypeIndex: USHORT, + HandleAttributes: ULONG, + Reserved: ULONG, +}} +pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; +STRUCT!{struct SYSTEM_HANDLE_INFORMATION_EX { + NumberOfHandles: ULONG_PTR, + Reserved: ULONG_PTR, + Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; 1], +}} +pub type PSYSTEM_HANDLE_INFORMATION_EX = *mut SYSTEM_HANDLE_INFORMATION_EX; +UNION!{union SYSTEM_BIGPOOL_ENTRY_u1 { + VirtualAddress: PVOID, + Bitfields: ULONG_PTR, +}} +UNION!{union SYSTEM_BIGPOOL_ENTRY_u2 { + Tag: [UCHAR; 4], + TagUlong: ULONG, +}} +BITFIELD!{unsafe SYSTEM_BIGPOOL_ENTRY_u1 Bitfields: ULONG_PTR [ + NonPaged set_NonPaged[0..1], +]} +STRUCT!{struct SYSTEM_BIGPOOL_ENTRY { + u1: SYSTEM_BIGPOOL_ENTRY_u1, + SizeInBytes: SIZE_T, + u2: SYSTEM_BIGPOOL_ENTRY_u2, +}} +pub type PSYSTEM_BIGPOOL_ENTRY = *mut SYSTEM_BIGPOOL_ENTRY; +STRUCT!{struct SYSTEM_BIGPOOL_INFORMATION { + Count: ULONG, + AllocatedInfo: [SYSTEM_BIGPOOL_ENTRY; 1], +}} +pub type PSYSTEM_BIGPOOL_INFORMATION = *mut SYSTEM_BIGPOOL_INFORMATION; +UNION!{union SYSTEM_POOL_ENTRY_u { + Tag: [UCHAR; 4], + TagUlong: ULONG, + ProcessChargedQuota: PVOID, +}} +STRUCT!{struct SYSTEM_POOL_ENTRY { + Allocated: BOOLEAN, + Spare0: BOOLEAN, + AllocatorBackTraceIndex: USHORT, + Size: ULONG, + u: SYSTEM_POOL_ENTRY_u, +}} +pub type PSYSTEM_POOL_ENTRY = *mut SYSTEM_POOL_ENTRY; +STRUCT!{struct SYSTEM_POOL_INFORMATION { + TotalSize: SIZE_T, + FirstEntry: PVOID, + EntryOverhead: USHORT, + PoolTagPresent: BOOLEAN, + Spare0: BOOLEAN, + NumberOfEntries: ULONG, + Entries: [SYSTEM_POOL_ENTRY; 1], +}} +pub type PSYSTEM_POOL_INFORMATION = *mut SYSTEM_POOL_INFORMATION; +STRUCT!{struct SYSTEM_SESSION_POOLTAG_INFORMATION { + NextEntryOffset: SIZE_T, + SessionId: ULONG, + Count: ULONG, + TagInfo: [SYSTEM_POOLTAG; 1], +}} +pub type PSYSTEM_SESSION_POOLTAG_INFORMATION = *mut SYSTEM_SESSION_POOLTAG_INFORMATION; +STRUCT!{struct SYSTEM_SESSION_MAPPED_VIEW_INFORMATION { + NextEntryOffset: SIZE_T, + SessionId: ULONG, + ViewFailures: ULONG, + NumberOfBytesAvailable: SIZE_T, + NumberOfBytesAvailableContiguous: SIZE_T, +}} +pub type PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION = *mut SYSTEM_SESSION_MAPPED_VIEW_INFORMATION; +ENUM!{enum SYSTEM_FIRMWARE_TABLE_ACTION { + SystemFirmwareTableEnumerate = 0, + SystemFirmwareTableGet = 1, + SystemFirmwareTableMax = 2, +}} +STRUCT!{struct SYSTEM_FIRMWARE_TABLE_INFORMATION { + ProviderSignature: ULONG, + Action: SYSTEM_FIRMWARE_TABLE_ACTION, + TableID: ULONG, + TableBufferLength: ULONG, + TableBuffer: [UCHAR; 1], +}} +pub type PSYSTEM_FIRMWARE_TABLE_INFORMATION = *mut SYSTEM_FIRMWARE_TABLE_INFORMATION; +STRUCT!{struct SYSTEM_MEMORY_LIST_INFORMATION { + ZeroPageCount: ULONG_PTR, + FreePageCount: ULONG_PTR, + ModifiedPageCount: ULONG_PTR, + ModifiedNoWritePageCount: ULONG_PTR, + BadPageCount: ULONG_PTR, + PageCountByPriority: [ULONG_PTR; 8], + RepurposedPagesByPriority: [ULONG_PTR; 8], + ModifiedPageCountPageFile: ULONG_PTR, +}} +pub type PSYSTEM_MEMORY_LIST_INFORMATION = *mut SYSTEM_MEMORY_LIST_INFORMATION; +ENUM!{enum SYSTEM_MEMORY_LIST_COMMAND { + MemoryCaptureAccessedBits = 0, + MemoryCaptureAndResetAccessedBits = 1, + MemoryEmptyWorkingSets = 2, + MemoryFlushModifiedList = 3, + MemoryPurgeStandbyList = 4, + MemoryPurgeLowPriorityStandbyList = 5, + MemoryCommandMax = 6, +}} +STRUCT!{struct SYSTEM_THREAD_CID_PRIORITY_INFORMATION { + ClientId: CLIENT_ID, + Priority: KPRIORITY, +}} +pub type PSYSTEM_THREAD_CID_PRIORITY_INFORMATION = *mut SYSTEM_THREAD_CID_PRIORITY_INFORMATION; +STRUCT!{struct SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION { + CycleTime: ULONGLONG, +}} +pub type PSYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION = + *mut SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION; +STRUCT!{struct SYSTEM_REF_TRACE_INFORMATION { + TraceEnable: BOOLEAN, + TracePermanent: BOOLEAN, + TraceProcessName: UNICODE_STRING, + TracePoolTags: UNICODE_STRING, +}} +pub type PSYSTEM_REF_TRACE_INFORMATION = *mut SYSTEM_REF_TRACE_INFORMATION; +STRUCT!{struct SYSTEM_PROCESS_ID_INFORMATION { + ProcessId: HANDLE, + ImageName: UNICODE_STRING, +}} +pub type PSYSTEM_PROCESS_ID_INFORMATION = *mut SYSTEM_PROCESS_ID_INFORMATION; +STRUCT!{struct SYSTEM_BOOT_ENVIRONMENT_INFORMATION { + BootIdentifier: GUID, + FirmwareType: FIRMWARE_TYPE, + BootFlags: ULONGLONG, +}} +BITFIELD!{SYSTEM_BOOT_ENVIRONMENT_INFORMATION BootFlags: ULONGLONG [ + DbgMenuOsSelection set_DbgMenuOsSelection[0..1], + DbgHiberBoot set_DbgHiberBoot[1..2], + DbgSoftBoot set_DbgSoftBoot[2..3], + DbgMeasuredLaunch set_DbgMeasuredLaunch[3..4], +]} +pub type PSYSTEM_BOOT_ENVIRONMENT_INFORMATION = *mut SYSTEM_BOOT_ENVIRONMENT_INFORMATION; +STRUCT!{struct SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION { + FlagsToEnable: ULONG, + FlagsToDisable: ULONG, +}} +pub type PSYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION = + *mut SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION; +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX { + VerifyMode: ULONG, + OptionChanges: ULONG, + PreviousBucketName: UNICODE_STRING, + IrpCancelTimeoutMsec: ULONG, + VerifierExtensionEnabled: ULONG, + Reserved: [ULONG; 1], +}} +#[cfg(target_arch = "x86")] +STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX { + VerifyMode: ULONG, + OptionChanges: ULONG, + PreviousBucketName: UNICODE_STRING, + IrpCancelTimeoutMsec: ULONG, + VerifierExtensionEnabled: ULONG, + Reserved: [ULONG; 3], +}} +pub type PSYSTEM_VERIFIER_INFORMATION_EX = *mut SYSTEM_VERIFIER_INFORMATION_EX; +STRUCT!{struct SYSTEM_SYSTEM_PARTITION_INFORMATION { + SystemPartition: UNICODE_STRING, +}} +pub type PSYSTEM_SYSTEM_PARTITION_INFORMATION = *mut SYSTEM_SYSTEM_PARTITION_INFORMATION; +STRUCT!{struct SYSTEM_SYSTEM_DISK_INFORMATION { + SystemDisk: UNICODE_STRING, +}} +pub type PSYSTEM_SYSTEM_DISK_INFORMATION = *mut SYSTEM_SYSTEM_DISK_INFORMATION; +STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT { + Hits: ULONGLONG, + PercentFrequency: UCHAR, +}} +pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT = *mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; +STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 { + Hits: ULONG, + PercentFrequency: UCHAR, +}} +pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 = + *mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8; +STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION { + ProcessorNumber: ULONG, + StateCount: ULONG, + States: [SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; 1], +}} +pub type PSYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION = + *mut SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION; +STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION { + ProcessorCount: ULONG, + Offsets: [ULONG; 1], +}} +pub type PSYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION = + *mut SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION; +STRUCT!{struct SYSTEM_CODEINTEGRITY_INFORMATION { + Length: ULONG, + CodeIntegrityOptions: ULONG, +}} +pub type PSYSTEM_CODEINTEGRITY_INFORMATION = *mut SYSTEM_CODEINTEGRITY_INFORMATION; +ENUM!{enum SYSTEM_VA_TYPE { + SystemVaTypeAll = 0, + SystemVaTypeNonPagedPool = 1, + SystemVaTypePagedPool = 2, + SystemVaTypeSystemCache = 3, + SystemVaTypeSystemPtes = 4, + SystemVaTypeSessionSpace = 5, + SystemVaTypeMax = 6, +}} +pub type PSYSTEM_VA_TYPE = *mut SYSTEM_VA_TYPE; +STRUCT!{struct SYSTEM_VA_LIST_INFORMATION { + VirtualSize: SIZE_T, + VirtualPeak: SIZE_T, + VirtualLimit: SIZE_T, + AllocationFailures: SIZE_T, +}} +pub type PSYSTEM_VA_LIST_INFORMATION = *mut SYSTEM_VA_LIST_INFORMATION; +STRUCT!{struct SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS { + KeyHandle: HANDLE, + ValueNamePointer: PUNICODE_STRING, + RequiredLengthPointer: PULONG, + Buffer: PUCHAR, + BufferLength: ULONG, + Type: ULONG, + AppendBuffer: PUCHAR, + AppendBufferLength: ULONG, + CreateIfDoesntExist: BOOLEAN, + TruncateExistingValue: BOOLEAN, +}} +pub type PSYSTEM_REGISTRY_APPEND_STRING_PARAMETERS = *mut SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS; +STRUCT!{struct SYSTEM_VHD_BOOT_INFORMATION { + OsDiskIsVhd: BOOLEAN, + OsVhdFilePathOffset: ULONG, + OsVhdParentVolume: [WCHAR; ANYSIZE_ARRAY], +}} +pub type PSYSTEM_VHD_BOOT_INFORMATION = *mut SYSTEM_VHD_BOOT_INFORMATION; +STRUCT!{struct SYSTEM_LOW_PRIORITY_IO_INFORMATION { + LowPriReadOperations: ULONG, + LowPriWriteOperations: ULONG, + KernelBumpedToNormalOperations: ULONG, + LowPriPagingReadOperations: ULONG, + KernelPagingReadsBumpedToNormal: ULONG, + LowPriPagingWriteOperations: ULONG, + KernelPagingWritesBumpedToNormal: ULONG, + BoostedIrpCount: ULONG, + BoostedPagingIrpCount: ULONG, + BlanketBoostCount: ULONG, +}} +pub type PSYSTEM_LOW_PRIORITY_IO_INFORMATION = *mut SYSTEM_LOW_PRIORITY_IO_INFORMATION; +ENUM!{enum TPM_BOOT_ENTROPY_RESULT_CODE { + TpmBootEntropyStructureUninitialized = 0, + TpmBootEntropyDisabledByPolicy = 1, + TpmBootEntropyNoTpmFound = 2, + TpmBootEntropyTpmError = 3, + TpmBootEntropySuccess = 4, +}} +STRUCT!{struct TPM_BOOT_ENTROPY_NT_RESULT { + Policy: ULONGLONG, + ResultCode: TPM_BOOT_ENTROPY_RESULT_CODE, + ResultStatus: NTSTATUS, + Time: ULONGLONG, + EntropyLength: ULONG, + EntropyData: [UCHAR; 40], +}} +pub type PTPM_BOOT_ENTROPY_NT_RESULT = *mut TPM_BOOT_ENTROPY_NT_RESULT; +STRUCT!{struct SYSTEM_VERIFIER_COUNTERS_INFORMATION { + Legacy: SYSTEM_VERIFIER_INFORMATION, + RaiseIrqls: ULONG, + AcquireSpinLocks: ULONG, + SynchronizeExecutions: ULONG, + AllocationsWithNoTag: ULONG, + AllocationsFailed: ULONG, + AllocationsFailedDeliberately: ULONG, + LockedBytes: SIZE_T, + PeakLockedBytes: SIZE_T, + MappedLockedBytes: SIZE_T, + PeakMappedLockedBytes: SIZE_T, + MappedIoSpaceBytes: SIZE_T, + PeakMappedIoSpaceBytes: SIZE_T, + PagesForMdlBytes: SIZE_T, + PeakPagesForMdlBytes: SIZE_T, + ContiguousMemoryBytes: SIZE_T, + PeakContiguousMemoryBytes: SIZE_T, + ExecutePoolTypes: ULONG, + ExecutePageProtections: ULONG, + ExecutePageMappings: ULONG, + ExecuteWriteSections: ULONG, + SectionAlignmentFailures: ULONG, + UnsupportedRelocs: ULONG, + IATInExecutableSection: ULONG, +}} +pub type PSYSTEM_VERIFIER_COUNTERS_INFORMATION = *mut SYSTEM_VERIFIER_COUNTERS_INFORMATION; +STRUCT!{struct SYSTEM_ACPI_AUDIT_INFORMATION { + RsdpCount: ULONG, + Bitfields: ULONG, +}} +BITFIELD!{SYSTEM_ACPI_AUDIT_INFORMATION Bitfields: ULONG [ + SameRsdt set_SameRsdt[0..1], + SlicPresent set_SlicPresent[1..2], + SlicDifferent set_SlicDifferent[2..3], +]} +pub type PSYSTEM_ACPI_AUDIT_INFORMATION = *mut SYSTEM_ACPI_AUDIT_INFORMATION; +STRUCT!{struct SYSTEM_BASIC_PERFORMANCE_INFORMATION { + AvailablePages: SIZE_T, + CommittedPages: SIZE_T, + CommitLimit: SIZE_T, + PeakCommitment: SIZE_T, +}} +pub type PSYSTEM_BASIC_PERFORMANCE_INFORMATION = *mut SYSTEM_BASIC_PERFORMANCE_INFORMATION; +STRUCT!{struct QUERY_PERFORMANCE_COUNTER_FLAGS { + ul: ULONG, +}} +BITFIELD!{QUERY_PERFORMANCE_COUNTER_FLAGS ul: ULONG [ + KernelTransition set_KernelTransition[0..1], + Reserved set_Reserved[1..32], +]} +STRUCT!{struct SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION { + Version: ULONG, + Flags: QUERY_PERFORMANCE_COUNTER_FLAGS, + ValidFlags: QUERY_PERFORMANCE_COUNTER_FLAGS, +}} +pub type PSYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION = + *mut SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION; +ENUM!{enum SYSTEM_PIXEL_FORMAT { + SystemPixelFormatUnknown = 0, + SystemPixelFormatR8G8B8 = 1, + SystemPixelFormatR8G8B8X8 = 2, + SystemPixelFormatB8G8R8 = 3, + SystemPixelFormatB8G8R8X8 = 4, +}} +STRUCT!{struct SYSTEM_BOOT_GRAPHICS_INFORMATION { + FrameBuffer: LARGE_INTEGER, + Width: ULONG, + Height: ULONG, + PixelStride: ULONG, + Flags: ULONG, + Format: SYSTEM_PIXEL_FORMAT, + DisplayRotation: ULONG, +}} +pub type PSYSTEM_BOOT_GRAPHICS_INFORMATION = *mut SYSTEM_BOOT_GRAPHICS_INFORMATION; +STRUCT!{struct MEMORY_SCRUB_INFORMATION { + Handle: HANDLE, + PagesScrubbed: ULONG, +}} +pub type PMEMORY_SCRUB_INFORMATION = *mut MEMORY_SCRUB_INFORMATION; +STRUCT!{struct PEBS_DS_SAVE_AREA { + BtsBufferBase: ULONGLONG, + BtsIndex: ULONGLONG, + BtsAbsoluteMaximum: ULONGLONG, + BtsInterruptThreshold: ULONGLONG, + PebsBufferBase: ULONGLONG, + PebsIndex: ULONGLONG, + PebsAbsoluteMaximum: ULONGLONG, + PebsInterruptThreshold: ULONGLONG, + PebsCounterReset0: ULONGLONG, + PebsCounterReset1: ULONGLONG, + PebsCounterReset2: ULONGLONG, + PebsCounterReset3: ULONGLONG, +}} +pub type PPEBS_DS_SAVE_AREA = *mut PEBS_DS_SAVE_AREA; +STRUCT!{struct PROCESSOR_PROFILE_CONTROL_AREA { + PebsDsSaveArea: PEBS_DS_SAVE_AREA, +}} +pub type PPROCESSOR_PROFILE_CONTROL_AREA = *mut PROCESSOR_PROFILE_CONTROL_AREA; +STRUCT!{struct SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA { + ProcessorProfileControlArea: PROCESSOR_PROFILE_CONTROL_AREA, + Allocate: BOOLEAN, +}} +pub type PSYSTEM_PROCESSOR_PROFILE_CONTROL_AREA = *mut SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA; +STRUCT!{struct MEMORY_COMBINE_INFORMATION { + Handle: HANDLE, + PagesCombined: ULONG_PTR, +}} +pub type PMEMORY_COMBINE_INFORMATION = *mut MEMORY_COMBINE_INFORMATION; +pub const MEMORY_COMBINE_FLAGS_COMMON_PAGES_ONLY: ULONG = 0x4; +STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX { + Handle: HANDLE, + PagesCombined: ULONG_PTR, + Flags: ULONG, +}} +pub type PMEMORY_COMBINE_INFORMATION_EX = *mut MEMORY_COMBINE_INFORMATION_EX; +STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX2 { + Handle: HANDLE, + PagesCombined: ULONG_PTR, + Flags: ULONG, + ProcessHandle: HANDLE, +}} +pub type PMEMORY_COMBINE_INFORMATION_EX2 = *mut MEMORY_COMBINE_INFORMATION_EX2; +STRUCT!{struct SYSTEM_CONSOLE_INFORMATION { + Bitfields: ULONG, +}} +BITFIELD!{SYSTEM_CONSOLE_INFORMATION Bitfields: ULONG [ + DriverLoaded set_DriverLoaded[0..1], + Spare set_Spare[1..32], +]} +pub type PSYSTEM_CONSOLE_INFORMATION = *mut SYSTEM_CONSOLE_INFORMATION; +STRUCT!{struct SYSTEM_PLATFORM_BINARY_INFORMATION { + PhysicalAddress: ULONG64, + HandoffBuffer: PVOID, + CommandLineBuffer: PVOID, + HandoffBufferSize: ULONG, + CommandLineBufferSize: ULONG, +}} +pub type PSYSTEM_PLATFORM_BINARY_INFORMATION = *mut SYSTEM_PLATFORM_BINARY_INFORMATION; +STRUCT!{struct SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION { + NumberOfLogicalProcessors: ULONG, + NumberOfCores: ULONG, +}} +pub type PSYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION = + *mut SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION; +STRUCT!{struct SYSTEM_DEVICE_DATA_INFORMATION { + DeviceId: UNICODE_STRING, + DataName: UNICODE_STRING, + DataType: ULONG, + DataBufferLength: ULONG, + DataBuffer: PVOID, +}} +pub type PSYSTEM_DEVICE_DATA_INFORMATION = *mut SYSTEM_DEVICE_DATA_INFORMATION; +STRUCT!{struct PHYSICAL_CHANNEL_RUN { + NodeNumber: ULONG, + ChannelNumber: ULONG, + BasePage: ULONGLONG, + PageCount: ULONGLONG, + Flags: ULONG, +}} +pub type PPHYSICAL_CHANNEL_RUN = *mut PHYSICAL_CHANNEL_RUN; +STRUCT!{struct SYSTEM_MEMORY_TOPOLOGY_INFORMATION { + NumberOfRuns: ULONGLONG, + NumberOfNodes: ULONG, + NumberOfChannels: ULONG, + Run: [PHYSICAL_CHANNEL_RUN; 1], +}} +pub type PSYSTEM_MEMORY_TOPOLOGY_INFORMATION = *mut SYSTEM_MEMORY_TOPOLOGY_INFORMATION; +STRUCT!{struct SYSTEM_MEMORY_CHANNEL_INFORMATION { + ChannelNumber: ULONG, + ChannelHeatIndex: ULONG, + TotalPageCount: ULONGLONG, + ZeroPageCount: ULONGLONG, + FreePageCount: ULONGLONG, + StandbyPageCount: ULONGLONG, +}} +pub type PSYSTEM_MEMORY_CHANNEL_INFORMATION = *mut SYSTEM_MEMORY_CHANNEL_INFORMATION; +STRUCT!{struct SYSTEM_BOOT_LOGO_INFORMATION { + Flags: ULONG, + BitmapOffset: ULONG, +}} +pub type PSYSTEM_BOOT_LOGO_INFORMATION = *mut SYSTEM_BOOT_LOGO_INFORMATION; +STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX { + IdleTime: LARGE_INTEGER, + KernelTime: LARGE_INTEGER, + UserTime: LARGE_INTEGER, + DpcTime: LARGE_INTEGER, + InterruptTime: LARGE_INTEGER, + InterruptCount: ULONG, + Spare0: ULONG, + AvailableTime: LARGE_INTEGER, + Spare1: LARGE_INTEGER, + Spare2: LARGE_INTEGER, +}} +pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX = + *mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX; +STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_INFORMATION { + PolicyPublisher: GUID, + PolicyVersion: ULONG, + PolicyOptions: ULONG, +}} +pub type PSYSTEM_SECUREBOOT_POLICY_INFORMATION = *mut SYSTEM_SECUREBOOT_POLICY_INFORMATION; +STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION_EX { + Info: SYSTEM_PAGEFILE_INFORMATION, + MinimumSize: ULONG, + MaximumSize: ULONG, +}} +pub type PSYSTEM_PAGEFILE_INFORMATION_EX = *mut SYSTEM_PAGEFILE_INFORMATION_EX; +STRUCT!{struct SYSTEM_SECUREBOOT_INFORMATION { + SecureBootEnabled: BOOLEAN, + SecureBootCapable: BOOLEAN, +}} +pub type PSYSTEM_SECUREBOOT_INFORMATION = *mut SYSTEM_SECUREBOOT_INFORMATION; +STRUCT!{struct PROCESS_DISK_COUNTERS { + BytesRead: ULONGLONG, + BytesWritten: ULONGLONG, + ReadOperationCount: ULONGLONG, + WriteOperationCount: ULONGLONG, + FlushOperationCount: ULONGLONG, +}} +pub type PPROCESS_DISK_COUNTERS = *mut PROCESS_DISK_COUNTERS; +UNION!{union ENERGY_STATE_DURATION_u { + Value: ULONGLONG, + LastChangeTime: ULONG, +}} +UNION!{union ENERGY_STATE_DURATION { + u: ENERGY_STATE_DURATION_u, + BitFields: ULONG, +}} +pub type PENERGY_STATE_DURATION = *mut ENERGY_STATE_DURATION; +BITFIELD!{unsafe ENERGY_STATE_DURATION BitFields: ULONG [ + Duration set_Duration[0..31], + IsInState set_IsInState[31..32], +]} +STRUCT!{struct PROCESS_ENERGY_VALUES { + Cycles: [[ULONGLONG; 4]; 2], + DiskEnergy: ULONGLONG, + NetworkTailEnergy: ULONGLONG, + MBBTailEnergy: ULONGLONG, + NetworkTxRxBytes: ULONGLONG, + MBBTxRxBytes: ULONGLONG, + ForegroundDuration: ENERGY_STATE_DURATION, + DesktopVisibleDuration: ENERGY_STATE_DURATION, + PSMForegroundDuration: ENERGY_STATE_DURATION, + CompositionRendered: ULONG, + CompositionDirtyGenerated: ULONG, + CompositionDirtyPropagated: ULONG, + Reserved1: ULONG, + AttributedCycles: [[ULONGLONG; 2]; 4], + WorkOnBehalfCycles: [[ULONGLONG; 2]; 4], +}} +pub type PPROCESS_ENERGY_VALUES = *mut PROCESS_ENERGY_VALUES; +STRUCT!{struct TIMELINE_BITMAP { + Value: ULONGLONG, + EndTime: ULONG, + Bitmap: ULONG, +}} +pub type PTIMELINE_BITMAP = *mut TIMELINE_BITMAP; +STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Timelines { + CpuTimeline: TIMELINE_BITMAP, + DiskTimeline: TIMELINE_BITMAP, + NetworkTimeline: TIMELINE_BITMAP, + MBBTimeline: TIMELINE_BITMAP, + ForegroundTimeline: TIMELINE_BITMAP, + DesktopVisibleTimeline: TIMELINE_BITMAP, + CompositionRenderedTimeline: TIMELINE_BITMAP, + CompositionDirtyGeneratedTimeline: TIMELINE_BITMAP, + CompositionDirtyPropagatedTimeline: TIMELINE_BITMAP, + InputTimeline: TIMELINE_BITMAP, + AudioInTimeline: TIMELINE_BITMAP, + AudioOutTimeline: TIMELINE_BITMAP, + DisplayRequiredTimeline: TIMELINE_BITMAP, + KeyboardInputTimeline: TIMELINE_BITMAP, +}} +STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Durations { + InputDuration: ENERGY_STATE_DURATION, + AudioInDuration: ENERGY_STATE_DURATION, + AudioOutDuration: ENERGY_STATE_DURATION, + DisplayRequiredDuration: ENERGY_STATE_DURATION, + PSMBackgroundDuration: ENERGY_STATE_DURATION, +}} +STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION { + Timelines: PROCESS_ENERGY_VALUES_EXTENSION_Timelines, + Durations: PROCESS_ENERGY_VALUES_EXTENSION_Durations, + KeyboardInput: ULONG, + MouseInput: ULONG, +}} +pub type PPROCESS_ENERGY_VALUES_EXTENSION = *mut PROCESS_ENERGY_VALUES_EXTENSION; +STRUCT!{struct PROCESS_EXTENDED_ENERGY_VALUES { + Base: PROCESS_ENERGY_VALUES, + Extension: PROCESS_ENERGY_VALUES_EXTENSION, +}} +pub type PPROCESS_EXTENDED_ENERGY_VALUES = *mut PROCESS_EXTENDED_ENERGY_VALUES; +ENUM!{enum SYSTEM_PROCESS_CLASSIFICATION { + SystemProcessClassificationNormal = 0, + SystemProcessClassificationSystem = 1, + SystemProcessClassificationSecureSystem = 2, + SystemProcessClassificationMemCompression = 3, + SystemProcessClassificationRegistry = 4, + SystemProcessClassificationMaximum = 5, +}} +STRUCT!{struct SYSTEM_PROCESS_INFORMATION_EXTENSION { + DiskCounters: PROCESS_DISK_COUNTERS, + ContextSwitches: ULONGLONG, + Flags: ULONG, + UserSidOffset: ULONG, + PackageFullNameOffset: ULONG, + EnergyValues: PROCESS_ENERGY_VALUES, + AppIdOffset: ULONG, + SharedCommitCharge: SIZE_T, + JobObjectId: ULONG, + SpareUlong: ULONG, + ProcessSequenceNumber: ULONGLONG, +}} +BITFIELD!{SYSTEM_PROCESS_INFORMATION_EXTENSION Flags: ULONG [ + HasStrongId set_HasStrongId[0..1], + Classification set_Classification[1..5], + BackgroundActivityModerated set_BackgroundActivityModerated[5..6], + Spare set_Spare[6..32], +]} +pub type PSYSTEM_PROCESS_INFORMATION_EXTENSION = *mut SYSTEM_PROCESS_INFORMATION_EXTENSION; +STRUCT!{struct SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION { + EfiLauncherEnabled: BOOLEAN, +}} +pub type PSYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION = + *mut SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION; +STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX { + DebuggerAllowed: BOOLEAN, + DebuggerEnabled: BOOLEAN, + DebuggerPresent: BOOLEAN, +}} +pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION_EX = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX; +STRUCT!{struct SYSTEM_ELAM_CERTIFICATE_INFORMATION { + ElamDriverFile: HANDLE, +}} +pub type PSYSTEM_ELAM_CERTIFICATE_INFORMATION = *mut SYSTEM_ELAM_CERTIFICATE_INFORMATION; +STRUCT!{struct SYSTEM_PROCESSOR_FEATURES_INFORMATION { + ProcessorFeatureBits: ULONGLONG, + Reserved: [ULONGLONG; 3], +}} +pub type PSYSTEM_PROCESSOR_FEATURES_INFORMATION = *mut SYSTEM_PROCESSOR_FEATURES_INFORMATION; +STRUCT!{struct SYSTEM_MANUFACTURING_INFORMATION { + Options: ULONG, + ProfileName: UNICODE_STRING, +}} +pub type PSYSTEM_MANUFACTURING_INFORMATION = *mut SYSTEM_MANUFACTURING_INFORMATION; +STRUCT!{struct SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION { + Enabled: BOOLEAN, +}} +pub type PSYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION = + *mut SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION; +STRUCT!{struct HV_DETAILS { + Data: [ULONG; 4], +}} +pub type PHV_DETAILS = *mut HV_DETAILS; +STRUCT!{struct SYSTEM_HYPERVISOR_DETAIL_INFORMATION { + HvVendorAndMaxFunction: HV_DETAILS, + HypervisorInterface: HV_DETAILS, + HypervisorVersion: HV_DETAILS, + HvFeatures: HV_DETAILS, + HwFeatures: HV_DETAILS, + EnlightenmentInfo: HV_DETAILS, + ImplementationLimits: HV_DETAILS, +}} +pub type PSYSTEM_HYPERVISOR_DETAIL_INFORMATION = *mut SYSTEM_HYPERVISOR_DETAIL_INFORMATION; +STRUCT!{struct SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION { + Cycles: [[ULONGLONG; 4]; 2], +}} +pub type PSYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION = *mut SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION; +STRUCT!{struct SYSTEM_TPM_INFORMATION { + Flags: ULONG, +}} +pub type PSYSTEM_TPM_INFORMATION = *mut SYSTEM_TPM_INFORMATION; +STRUCT!{struct SYSTEM_VSM_PROTECTION_INFORMATION { + DmaProtectionsAvailable: BOOLEAN, + DmaProtectionsInUse: BOOLEAN, + HardwareMbecAvailable: BOOLEAN, +}} +pub type PSYSTEM_VSM_PROTECTION_INFORMATION = *mut SYSTEM_VSM_PROTECTION_INFORMATION; +STRUCT!{struct SYSTEM_CODEINTEGRITYPOLICY_INFORMATION { + Options: ULONG, + HVCIOptions: ULONG, + Version: ULONGLONG, + PolicyGuid: GUID, +}} +pub type PSYSTEM_CODEINTEGRITYPOLICY_INFORMATION = *mut SYSTEM_CODEINTEGRITYPOLICY_INFORMATION; +STRUCT!{struct SYSTEM_ISOLATED_USER_MODE_INFORMATION { + Bitfields1: BOOLEAN, + Bitfields2: BOOLEAN, + Spare0: [BOOLEAN; 6], + Spare1: ULONGLONG, +}} +BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields1: BOOLEAN [ + SecureKernelRunning set_SecureKernelRunning[0..1], + HvciEnabled set_HvciEnabled[1..2], + HvciStrictMode set_HvciStrictMode[2..3], + DebugEnabled set_DebugEnabled[3..4], + FirmwarePageProtection set_FirmwarePageProtection[4..5], + EncryptionKeyAvailable set_EncryptionKeyAvailable[5..6], + SpareFlags set_SpareFlags[6..7], + TrustletRunning set_TrustletRunning[7..8], +]} +BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields2: BOOLEAN [ + SpareFlags2 set_SpareFlags2[0..1], +]} +pub type PSYSTEM_ISOLATED_USER_MODE_INFORMATION = *mut SYSTEM_ISOLATED_USER_MODE_INFORMATION; +STRUCT!{struct SYSTEM_SINGLE_MODULE_INFORMATION { + TargetModuleAddress: PVOID, + ExInfo: RTL_PROCESS_MODULE_INFORMATION_EX, +}} +pub type PSYSTEM_SINGLE_MODULE_INFORMATION = *mut SYSTEM_SINGLE_MODULE_INFORMATION; +STRUCT!{struct SYSTEM_INTERRUPT_CPU_SET_INFORMATION { + Gsiv: ULONG, + Group: USHORT, + CpuSets: ULONGLONG, +}} +pub type PSYSTEM_INTERRUPT_CPU_SET_INFORMATION = *mut SYSTEM_INTERRUPT_CPU_SET_INFORMATION; +STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION { + PolicyInformation: SYSTEM_SECUREBOOT_POLICY_INFORMATION, + PolicySize: ULONG, + Policy: [UCHAR; 1], +}} +pub type PSYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION = + *mut SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION; +STRUCT!{struct SYSTEM_ROOT_SILO_INFORMATION { + NumberOfSilos: ULONG, + SiloIdList: [ULONG; 1], +}} +pub type PSYSTEM_ROOT_SILO_INFORMATION = *mut SYSTEM_ROOT_SILO_INFORMATION; +STRUCT!{struct SYSTEM_CPU_SET_TAG_INFORMATION { + Tag: ULONGLONG, + CpuSets: [ULONGLONG; 1], +}} +pub type PSYSTEM_CPU_SET_TAG_INFORMATION = *mut SYSTEM_CPU_SET_TAG_INFORMATION; +STRUCT!{struct SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION { + ExtentCount: ULONG, + ValidStructureSize: ULONG, + NextExtentIndex: ULONG, + ExtentRestart: ULONG, + CycleCount: ULONG, + TimeoutCount: ULONG, + CycleTime: ULONGLONG, + CycleTimeMax: ULONGLONG, + ExtentTime: ULONGLONG, + ExtentTimeIndex: ULONG, + ExtentTimeMaxIndex: ULONG, + ExtentTimeMax: ULONGLONG, + HyperFlushTimeMax: ULONGLONG, + TranslateVaTimeMax: ULONGLONG, + DebugExemptionCount: ULONGLONG, + TbHitCount: ULONGLONG, + TbMissCount: ULONGLONG, + VinaPendingYield: ULONGLONG, + HashCycles: ULONGLONG, + HistogramOffset: ULONG, + HistogramBuckets: ULONG, + HistogramShift: ULONG, + Reserved1: ULONG, + PageNotPresentCount: ULONGLONG, +}} +pub type PSYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION = + *mut SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION; +STRUCT!{struct SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION { + PlatformManifestSize: ULONG, + PlatformManifest: [UCHAR; 1], +}} +pub type PSYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION = + *mut SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION; +STRUCT!{struct SYSTEM_MEMORY_USAGE_INFORMATION { + TotalPhysicalBytes: ULONGLONG, + AvailableBytes: ULONGLONG, + ResidentAvailableBytes: LONGLONG, + CommittedBytes: ULONGLONG, + SharedCommittedBytes: ULONGLONG, + CommitLimitBytes: ULONGLONG, + PeakCommitmentBytes: ULONGLONG, +}} +pub type PSYSTEM_MEMORY_USAGE_INFORMATION = *mut SYSTEM_MEMORY_USAGE_INFORMATION; +STRUCT!{struct SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION { + ImageFile: HANDLE, + Type: ULONG, +}} +pub type PSYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION = + *mut SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION; +STRUCT!{struct SYSTEM_PHYSICAL_MEMORY_INFORMATION { + TotalPhysicalBytes: ULONGLONG, + LowestPhysicalAddress: ULONGLONG, + HighestPhysicalAddress: ULONGLONG, +}} +pub type PSYSTEM_PHYSICAL_MEMORY_INFORMATION = *mut SYSTEM_PHYSICAL_MEMORY_INFORMATION; +ENUM!{enum SYSTEM_ACTIVITY_MODERATION_STATE { + SystemActivityModerationStateSystemManaged = 0, + SystemActivityModerationStateUserManagedAllowThrottling = 1, + SystemActivityModerationStateUserManagedDisableThrottling = 2, + MaxSystemActivityModerationState = 3, +}} +ENUM!{enum SYSTEM_ACTIVITY_MODERATION_APP_TYPE { + SystemActivityModerationAppTypeClassic = 0, + SystemActivityModerationAppTypePackaged = 1, + MaxSystemActivityModerationAppType = 2, +}} +STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_INFO { + Identifier: UNICODE_STRING, + ModerationState: SYSTEM_ACTIVITY_MODERATION_STATE, + AppType: SYSTEM_ACTIVITY_MODERATION_APP_TYPE, +}} +pub type PSYSTEM_ACTIVITY_MODERATION_INFO = *mut SYSTEM_ACTIVITY_MODERATION_INFO; +STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS { + UserKeyHandle: HANDLE, +}} +pub type PSYSTEM_ACTIVITY_MODERATION_USER_SETTINGS = *mut SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS; +STRUCT!{struct SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION { + Flags: ULONG, + UnlockId: [UCHAR; 32], +}} +BITFIELD!{SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION Flags: ULONG [ + Locked set_Locked[0..1], + Unlockable set_Unlockable[1..2], + UnlockApplied set_UnlockApplied[2..3], + UnlockIdValid set_UnlockIdValid[3..4], + Reserved set_Reserved[4..32], +]} +pub type PSYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION = *mut SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION; +STRUCT!{struct SYSTEM_FLUSH_INFORMATION { + SupportedFlushMethods: ULONG, + ProcessorCacheFlushSize: ULONG, + SystemFlushCapabilities: ULONGLONG, + Reserved: [ULONGLONG; 2], +}} +pub type PSYSTEM_FLUSH_INFORMATION = *mut SYSTEM_FLUSH_INFORMATION; +STRUCT!{struct SYSTEM_WRITE_CONSTRAINT_INFORMATION { + WriteConstraintPolicy: ULONG, + Reserved: ULONG, +}} +pub type PSYSTEM_WRITE_CONSTRAINT_INFORMATION = *mut SYSTEM_WRITE_CONSTRAINT_INFORMATION; +STRUCT!{struct SYSTEM_KERNEL_VA_SHADOW_INFORMATION { + Flags: ULONG, +}} +BITFIELD!{SYSTEM_KERNEL_VA_SHADOW_INFORMATION Flags: ULONG [ + KvaShadowEnabled set_KvaShadowEnabled[0..1], + KvaShadowUserGlobal set_KvaShadowUserGlobal[1..2], + KvaShadowPcid set_KvaShadowPcid[2..3], + KvaShadowInvpcid set_KvaShadowInvpcid[3..4], + KvaShadowRequired set_KvaShadowRequired[4..5], + KvaShadowRequiredAvailable set_KvaShadowRequiredAvailable[5..6], + InvalidPteBit set_InvalidPteBit[6..12], + L1DataCacheFlushSupported set_L1DataCacheFlushSupported[12..13], + L1TerminalFaultMitigationPresent set_L1TerminalFaultMitigationPresent[13..14], + Reserved set_Reserved[14..32], +]} +pub type PSYSTEM_KERNEL_VA_SHADOW_INFORMATION = *mut SYSTEM_KERNEL_VA_SHADOW_INFORMATION; +STRUCT!{struct SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION { + FileHandle: HANDLE, + ImageSize: ULONG, + Image: PVOID, +}} +pub type PSYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION = + *mut SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION; +STRUCT!{struct SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION { + HypervisorSharedUserVa: PVOID, +}} +pub type PSYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION = + *mut SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION; +STRUCT!{struct SYSTEM_SPECULATION_CONTROL_INFORMATION { + Flags: ULONG, +}} +BITFIELD!{SYSTEM_SPECULATION_CONTROL_INFORMATION Flags: ULONG [ + BpbEnabled set_BpbEnabled[0..1], + BpbDisabledSystemPolicy set_BpbDisabledSystemPolicy[1..2], + BpbDisabledNoHardwareSupport set_BpbDisabledNoHardwareSupport[2..3], + SpecCtrlEnumerated set_SpecCtrlEnumerated[3..4], + SpecCmdEnumerated set_SpecCmdEnumerated[4..5], + IbrsPresent set_IbrsPresent[5..6], + StibpPresent set_StibpPresent[6..7], + SmepPresent set_SmepPresent[7..8], + SpeculativeStoreBypassDisableAvailable set_SpeculativeStoreBypassDisableAvailable[8..9], + SpeculativeStoreBypassDisableSupported set_SpeculativeStoreBypassDisableSupported[9..10], + SpeculativeStoreBypassDisabledSystemWide set_SpeculativeStoreBypassDisabledSystemWide[10..11], + SpeculativeStoreBypassDisabledKernel set_SpeculativeStoreBypassDisabledKernel[11..12], + SpeculativeStoreBypassDisableRequired set_SpeculativeStoreBypassDisableRequired[12..13], + BpbDisabledKernelToUser set_BpbDisabledKernelToUser[13..14], + SpecCtrlRetpolineEnabled set_SpecCtrlRetpolineEnabled[14..15], + SpecCtrlImportOptimizationEnabled set_SpecCtrlImportOptimizationEnabled[15..16], + Reserved set_Reserved[16..32], +]} +pub type PSYSTEM_SPECULATION_CONTROL_INFORMATION = *mut SYSTEM_SPECULATION_CONTROL_INFORMATION; +STRUCT!{struct SYSTEM_DMA_GUARD_POLICY_INFORMATION { + DmaGuardPolicyEnabled: BOOLEAN, +}} +pub type PSYSTEM_DMA_GUARD_POLICY_INFORMATION = *mut SYSTEM_DMA_GUARD_POLICY_INFORMATION; +STRUCT!{struct SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION { + EnclaveLaunchSigner: [UCHAR; 32], +}} +pub type PSYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION = + *mut SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION; +STRUCT!{struct SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION { + WorkloadClass: ULONGLONG, + CpuSets: [ULONGLONG; 1], +}} +pub type PSYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION = + *mut SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION; +EXTERN!{extern "system" { + fn NtQuerySystemInformation( + SystemInformationClass: SYSTEM_INFORMATION_CLASS, + SystemInformation: PVOID, + SystemInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtQuerySystemInformationEx( + SystemInformationClass: SYSTEM_INFORMATION_CLASS, + InputBuffer: PVOID, + InputBufferLength: ULONG, + SystemInformation: PVOID, + SystemInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtSetSystemInformation( + SystemInformationClass: SYSTEM_INFORMATION_CLASS, + SystemInformation: PVOID, + SystemInformationLength: ULONG, + ) -> NTSTATUS; +}} +ENUM!{enum SYSDBG_COMMAND { + SysDbgQueryModuleInformation = 0, + SysDbgQueryTraceInformation = 1, + SysDbgSetTracepoint = 2, + SysDbgSetSpecialCall = 3, + SysDbgClearSpecialCalls = 4, + SysDbgQuerySpecialCalls = 5, + SysDbgBreakPoint = 6, + SysDbgQueryVersion = 7, + SysDbgReadVirtual = 8, + SysDbgWriteVirtual = 9, + SysDbgReadPhysical = 10, + SysDbgWritePhysical = 11, + SysDbgReadControlSpace = 12, + SysDbgWriteControlSpace = 13, + SysDbgReadIoSpace = 14, + SysDbgWriteIoSpace = 15, + SysDbgReadMsr = 16, + SysDbgWriteMsr = 17, + SysDbgReadBusData = 18, + SysDbgWriteBusData = 19, + SysDbgCheckLowMemory = 20, + SysDbgEnableKernelDebugger = 21, + SysDbgDisableKernelDebugger = 22, + SysDbgGetAutoKdEnable = 23, + SysDbgSetAutoKdEnable = 24, + SysDbgGetPrintBufferSize = 25, + SysDbgSetPrintBufferSize = 26, + SysDbgGetKdUmExceptionEnable = 27, + SysDbgSetKdUmExceptionEnable = 28, + SysDbgGetTriageDump = 29, + SysDbgGetKdBlockEnable = 30, + SysDbgSetKdBlockEnable = 31, + SysDbgRegisterForUmBreakInfo = 32, + SysDbgGetUmBreakPid = 33, + SysDbgClearUmBreakPid = 34, + SysDbgGetUmAttachPid = 35, + SysDbgClearUmAttachPid = 36, + SysDbgGetLiveKernelDump = 37, +}} +pub type PSYSDBG_COMMAND = *mut SYSDBG_COMMAND; +STRUCT!{struct SYSDBG_VIRTUAL { + Address: PVOID, + Buffer: PVOID, + Request: ULONG, +}} +pub type PSYSDBG_VIRTUAL = *mut SYSDBG_VIRTUAL; +STRUCT!{struct SYSDBG_PHYSICAL { + Address: PHYSICAL_ADDRESS, + Buffer: PVOID, + Request: ULONG, +}} +pub type PSYSDBG_PHYSICAL = *mut SYSDBG_PHYSICAL; +STRUCT!{struct SYSDBG_CONTROL_SPACE { + Address: ULONG64, + Buffer: PVOID, + Request: ULONG, + Processor: ULONG, +}} +pub type PSYSDBG_CONTROL_SPACE = *mut SYSDBG_CONTROL_SPACE; +STRUCT!{struct SYSDBG_IO_SPACE { + Address: ULONG64, + Buffer: PVOID, + Request: ULONG, + InterfaceType: INTERFACE_TYPE, + BusNumber: ULONG, + AddressSpace: ULONG, +}} +pub type PSYSDBG_IO_SPACE = *mut SYSDBG_IO_SPACE; +STRUCT!{struct SYSDBG_MSR { + Msr: ULONG, + Data: ULONG64, +}} +pub type PSYSDBG_MSR = *mut SYSDBG_MSR; +STRUCT!{struct SYSDBG_BUS_DATA { + Address: ULONG, + Buffer: PVOID, + Request: ULONG, + BusDataType: BUS_DATA_TYPE, + BusNumber: ULONG, + SlotNumber: ULONG, +}} +pub type PSYSDBG_BUS_DATA = *mut SYSDBG_BUS_DATA; +STRUCT!{struct SYSDBG_TRIAGE_DUMP { + Flags: ULONG, + BugCheckCode: ULONG, + BugCheckParam1: ULONG_PTR, + BugCheckParam2: ULONG_PTR, + BugCheckParam3: ULONG_PTR, + BugCheckParam4: ULONG_PTR, + ProcessHandles: ULONG, + ThreadHandles: ULONG, + Handles: PHANDLE, +}} +pub type PSYSDBG_TRIAGE_DUMP = *mut SYSDBG_TRIAGE_DUMP; +STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_FLAGS { + AsUlong: ULONG, +}} +BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_FLAGS AsUlong: ULONG [ + UseDumpStorageStack set_UseDumpStorageStack[0..1], + CompressMemoryPagesData set_CompressMemoryPagesData[1..2], + IncludeUserSpaceMemoryPages set_IncludeUserSpaceMemoryPages[2..3], + AbortIfMemoryPressure set_AbortIfMemoryPressure[3..4], + Reserved set_Reserved[4..32], +]} +pub type PSYSDBG_LIVEDUMP_CONTROL_FLAGS = *mut SYSDBG_LIVEDUMP_CONTROL_FLAGS; +STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_ADDPAGES { + AsUlong: ULONG, +}} +BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_ADDPAGES AsUlong: ULONG [ + HypervisorPages set_HypervisorPages[0..1], + Reserved set_Reserved[1..32], +]} +pub type PSYSDBG_LIVEDUMP_CONTROL_ADDPAGES = *mut SYSDBG_LIVEDUMP_CONTROL_ADDPAGES; +pub const SYSDBG_LIVEDUMP_CONTROL_VERSION: ULONG = 1; +STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL { + Version: ULONG, + BugCheckCode: ULONG, + BugCheckParam1: ULONG_PTR, + BugCheckParam2: ULONG_PTR, + BugCheckParam3: ULONG_PTR, + BugCheckParam4: ULONG_PTR, + DumpFileHandle: HANDLE, + CancelEventHandle: HANDLE, + Flags: SYSDBG_LIVEDUMP_CONTROL_FLAGS, + AddPagesControl: SYSDBG_LIVEDUMP_CONTROL_ADDPAGES, +}} +pub type PSYSDBG_LIVEDUMP_CONTROL = *mut SYSDBG_LIVEDUMP_CONTROL; +EXTERN!{extern "system" { + fn NtSystemDebugControl( + Command: SYSDBG_COMMAND, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; +}} +ENUM!{enum HARDERROR_RESPONSE_OPTION { + OptionAbortRetryIgnore = 0, + OptionOk = 1, + OptionOkCancel = 2, + OptionRetryCancel = 3, + OptionYesNo = 4, + OptionYesNoCancel = 5, + OptionShutdownSystem = 6, + OptionOkNoWait = 7, + OptionCancelTryContinue = 8, +}} +ENUM!{enum HARDERROR_RESPONSE { + ResponseReturnToCaller = 0, + ResponseNotHandled = 1, + ResponseAbort = 2, + ResponseCancel = 3, + ResponseIgnore = 4, + ResponseNo = 5, + ResponseOk = 6, + ResponseRetry = 7, + ResponseYes = 8, + ResponseTryAgain = 9, + ResponseContinue = 10, +}} +pub const HARDERROR_OVERRIDE_ERRORMODE: ULONG = 0x10000000; +EXTERN!{extern "system" { + fn NtRaiseHardError( + ErrorStatus: NTSTATUS, + NumberOfParameters: ULONG, + UnicodeStringParameterMask: ULONG, + Parameters: PULONG_PTR, + ValidResponseOptions: ULONG, + Response: PULONG, + ) -> NTSTATUS; +}} +ENUM!{enum ALTERNATIVE_ARCHITECTURE_TYPE { + StandardDesign = 0, + NEC98x86 = 1, + EndAlternatives = 2, +}} +pub const PROCESSOR_FEATURE_MAX: usize = 64; +pub const MAX_WOW64_SHARED_ENTRIES: u32 = 16; +pub const NX_SUPPORT_POLICY_ALWAYSOFF: u32 = 0; +pub const NX_SUPPORT_POLICY_ALWAYSON: u32 = 1; +pub const NX_SUPPORT_POLICY_OPTIN: u32 = 2; +pub const NX_SUPPORT_POLICY_OPTOUT: u32 = 3; +UNION!{union KUSER_SHARED_DATA_u { + TickCount: KSYSTEM_TIME, + TickCountQuad: ULONG64, + ReservedTickCountOverlay: [ULONG; 3], +}} +STRUCT!{#[repr(packed(4))] struct KUSER_SHARED_DATA { + TickCountLowDeprecated: ULONG, + TickCountMultiplier: ULONG, + InterruptTime: KSYSTEM_TIME, + SystemTime: KSYSTEM_TIME, + TimeZoneBias: KSYSTEM_TIME, + ImageNumberLow: USHORT, + ImageNumberHigh: USHORT, + NtSystemRoot: [WCHAR; 260], + MaxStackTraceDepth: ULONG, + CryptoExponent: ULONG, + TimeZoneId: ULONG, + LargePageMinimum: ULONG, + AitSamplingValue: ULONG, + AppCompatFlag: ULONG, + RNGSeedVersion: ULONGLONG, + GlobalValidationRunlevel: ULONG, + TimeZoneBiasStamp: LONG, + NtBuildNumber: ULONG, + NtProductType: NT_PRODUCT_TYPE, + ProductTypeIsValid: BOOLEAN, + Reserved0: [UCHAR; 1], + NativeProcessorArchitecture: USHORT, + NtMajorVersion: ULONG, + NtMinorVersion: ULONG, + ProcessorFeatures: [BOOLEAN; PROCESSOR_FEATURE_MAX], + Reserved1: ULONG, + Reserved3: ULONG, + TimeSlip: ULONG, + AlternativeArchitecture: ALTERNATIVE_ARCHITECTURE_TYPE, + BootId: ULONG, + SystemExpirationDate: LARGE_INTEGER, + SuiteMask: ULONG, + KdDebuggerEnabled: BOOLEAN, + MitigationPolicies: UCHAR, + Reserved6: [UCHAR; 2], + ActiveConsoleId: ULONG, + DismountCount: ULONG, + ComPlusPackage: ULONG, + LastSystemRITEventTickCount: ULONG, + NumberOfPhysicalPages: ULONG, + SafeBootMode: BOOLEAN, + VirtualizationFlags: UCHAR, + Reserved12: [UCHAR; 2], + SharedDataFlags: ULONG, + DataFlagsPad: [ULONG; 1], + TestRetInstruction: ULONGLONG, + QpcFrequency: LONGLONG, + SystemCall: ULONG, + SystemCallPad0: ULONG, + SystemCallPad: [ULONGLONG; 2], + u: KUSER_SHARED_DATA_u, + //TickCountPad: [ULONG; 1], + Cookie: ULONG, + CookiePad: [ULONG; 1], + ConsoleSessionForegroundProcessId: LONGLONG, + TimeUpdateLock: ULONGLONG, + BaselineSystemTimeQpc: ULONGLONG, + BaselineInterruptTimeQpc: ULONGLONG, + QpcSystemTimeIncrement: ULONGLONG, + QpcInterruptTimeIncrement: ULONGLONG, + QpcSystemTimeIncrementShift: UCHAR, + QpcInterruptTimeIncrementShift: UCHAR, + UnparkedProcessorCount: USHORT, + EnclaveFeatureMask: [ULONG; 4], + TelemetryCoverageRound: ULONG, + UserModeGlobalLogger: [USHORT; 16], + ImageFileExecutionOptions: ULONG, + LangGenerationCount: ULONG, + Reserved4: ULONGLONG, + InterruptTimeBias: ULONG64, + QpcBias: ULONG64, + ActiveProcessorCount: ULONG, + ActiveGroupCount: UCHAR, + Reserved9: UCHAR, + QpcData: UCHAR, + TimeZoneBiasEffectiveStart: LARGE_INTEGER, + TimeZoneBiasEffectiveEnd: LARGE_INTEGER, + XState: XSTATE_CONFIGURATION, +}} +BITFIELD!{KUSER_SHARED_DATA MitigationPolicies: UCHAR [ + NXSupportPolicy set_NXSupportPolicy[0..2], + SEHValidationPolicy set_SEHValidationPolicy[2..4], + CurDirDevicesSkippedForDlls set_CurDirDevicesSkippedForDlls[4..6], + Reserved set_Reserved[6..8], +]} +BITFIELD!{KUSER_SHARED_DATA SharedDataFlags: ULONG [ + DbgErrorPortPresent set_DbgErrorPortPresent[0..1], + DbgElevationEnabled set_DbgElevationEnabled[1..2], + DbgVirtEnabled set_DbgVirtEnabled[2..3], + DbgInstallerDetectEnabled set_DbgInstallerDetectEnabled[3..4], + DbgLkgEnabled set_DbgLkgEnabled[4..5], + DbgDynProcessorEnabled set_DbgDynProcessorEnabled[5..6], + DbgConsoleBrokerEnabled set_DbgConsoleBrokerEnabled[6..7], + DbgSecureBootEnabled set_DbgSecureBootEnabled[7..8], + DbgMultiSessionSku set_DbgMultiSessionSku[8..9], + DbgMultiUsersInSessionSku set_DbgMultiUsersInSessionSku[9..10], + DbgStateSeparationEnabled set_DbgStateSeparationEnabled[10..11], + SpareBits set_SpareBits[11..32], +]} +BITFIELD!{KUSER_SHARED_DATA QpcData: UCHAR [ + QpcBypassEnabled set_QpcBypassEnabled[0..1], + QpcShift set_QpcShift[1..2], +]} +pub type PKUSER_SHARED_DATA = *mut KUSER_SHARED_DATA; +pub const USER_SHARED_DATA: *const KUSER_SHARED_DATA = 0x7ffe0000 as *const _; +#[inline] +pub unsafe fn NtGetTickCount64() -> ULONGLONG { + let mut tick_count: ULARGE_INTEGER = uninitialized(); + #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] { + *tick_count.QuadPart_mut() = read_volatile(&(*USER_SHARED_DATA).u.TickCountQuad); + } + #[cfg(target_arch = "x86")] { + loop { + tick_count.s_mut().HighPart = + read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time) as u32; + tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart); + if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time) + as u32 + { + break; + } + spin_loop_hint(); + } + } + (UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24) + + (UInt32x32To64( + tick_count.s().HighPart as u32, + (*USER_SHARED_DATA).TickCountMultiplier, + ) << 8) +} +#[inline] +pub unsafe fn NtGetTickCount() -> ULONG { + #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] { + ((read_volatile(&(*USER_SHARED_DATA).u.TickCountQuad) + * (*USER_SHARED_DATA).TickCountMultiplier as u64) >> 24) as u32 + } + #[cfg(target_arch = "x86")] { + let mut tick_count: ULARGE_INTEGER = uninitialized(); + loop { + tick_count.s_mut().HighPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time) + as u32; + tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart); + if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time) + as u32 + { + break; + } + spin_loop_hint(); + } + ((UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24) + + UInt32x32To64( + (tick_count.s().HighPart as u32) << 8, + (*USER_SHARED_DATA).TickCountMultiplier, + )) as u32 + } +} +EXTERN!{extern "system" { + fn NtQueryDefaultLocale( + UserProfile: BOOLEAN, + DefaultLocaleId: PLCID, + ) -> NTSTATUS; + fn NtSetDefaultLocale( + UserProfile: BOOLEAN, + DefaultLocaleId: LCID, + ) -> NTSTATUS; + fn NtQueryInstallUILanguage( + InstallUILanguageId: *mut LANGID, + ) -> NTSTATUS; + fn NtFlushInstallUILanguage( + InstallUILanguage: LANGID, + SetComittedFlag: ULONG, + ) -> NTSTATUS; + fn NtQueryDefaultUILanguage( + DefaultUILanguageId: *mut LANGID, + ) -> NTSTATUS; + fn NtSetDefaultUILanguage( + DefaultUILanguageId: LANGID, + ) -> NTSTATUS; + fn NtIsUILanguageComitted() -> NTSTATUS; + fn NtInitializeNlsFiles( + BaseAddress: *mut PVOID, + DefaultLocaleId: PLCID, + DefaultCasingTableSize: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtGetNlsSectionPtr( + SectionType: ULONG, + SectionData: ULONG, + ContextData: PVOID, + SectionPointer: *mut PVOID, + SectionSize: PULONG, + ) -> NTSTATUS; + fn NtMapCMFModule( + What: ULONG, + Index: ULONG, + CacheIndexOut: PULONG, + CacheFlagsOut: PULONG, + ViewSizeOut: PULONG, + BaseAddress: *mut PVOID, + ) -> NTSTATUS; + fn NtGetMUIRegistryInfo( + Flags: ULONG, + DataSize: PULONG, + Data: PVOID, + ) -> NTSTATUS; + fn NtAddAtom( + AtomName: PWSTR, + Length: ULONG, + Atom: PRTL_ATOM, + ) -> NTSTATUS; +}} +pub const ATOM_FLAG_GLOBAL: ULONG = 0x2; +EXTERN!{extern "system" { + fn NtAddAtomEx( + AtomName: PWSTR, + Length: ULONG, + Atom: PRTL_ATOM, + Flags: ULONG, + ) -> NTSTATUS; + fn NtFindAtom( + AtomName: PWSTR, + Length: ULONG, + Atom: PRTL_ATOM, + ) -> NTSTATUS; + fn NtDeleteAtom( + Atom: RTL_ATOM, + ) -> NTSTATUS; +}} +ENUM!{enum ATOM_INFORMATION_CLASS { + AtomBasicInformation = 0, + AtomTableInformation = 1, +}} +STRUCT!{struct ATOM_BASIC_INFORMATION { + UsageCount: USHORT, + Flags: USHORT, + NameLength: USHORT, + Name: [WCHAR; 1], +}} +pub type PATOM_BASIC_INFORMATION = *mut ATOM_BASIC_INFORMATION; +STRUCT!{struct ATOM_TABLE_INFORMATION { + NumberOfAtoms: ULONG, + Atoms: [RTL_ATOM; 1], +}} +pub type PATOM_TABLE_INFORMATION = *mut ATOM_TABLE_INFORMATION; +EXTERN!{extern "system" { + fn NtQueryInformationAtom( + Atom: RTL_ATOM, + AtomInformationClass: ATOM_INFORMATION_CLASS, + AtomInformation: PVOID, + AtomInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; +}} +pub const FLG_STOP_ON_EXCEPTION: u32 = 0x00000001; +pub const FLG_SHOW_LDR_SNAPS: u32 = 0x00000002; +pub const FLG_DEBUG_INITIAL_COMMAND: u32 = 0x00000004; +pub const FLG_STOP_ON_HUNG_GUI: u32 = 0x00000008; +pub const FLG_HEAP_ENABLE_TAIL_CHECK: u32 = 0x00000010; +pub const FLG_HEAP_ENABLE_FREE_CHECK: u32 = 0x00000020; +pub const FLG_HEAP_VALIDATE_PARAMETERS: u32 = 0x00000040; +pub const FLG_HEAP_VALIDATE_ALL: u32 = 0x00000080; +pub const FLG_APPLICATION_VERIFIER: u32 = 0x00000100; +pub const FLG_POOL_ENABLE_TAGGING: u32 = 0x00000400; +pub const FLG_HEAP_ENABLE_TAGGING: u32 = 0x00000800; +pub const FLG_USER_STACK_TRACE_DB: u32 = 0x00001000; +pub const FLG_KERNEL_STACK_TRACE_DB: u32 = 0x00002000; +pub const FLG_MAINTAIN_OBJECT_TYPELIST: u32 = 0x00004000; +pub const FLG_HEAP_ENABLE_TAG_BY_DLL: u32 = 0x00008000; +pub const FLG_DISABLE_STACK_EXTENSION: u32 = 0x00010000; +pub const FLG_ENABLE_CSRDEBUG: u32 = 0x00020000; +pub const FLG_ENABLE_KDEBUG_SYMBOL_LOAD: u32 = 0x00040000; +pub const FLG_DISABLE_PAGE_KERNEL_STACKS: u32 = 0x00080000; +pub const FLG_ENABLE_SYSTEM_CRIT_BREAKS: u32 = 0x00100000; +pub const FLG_HEAP_DISABLE_COALESCING: u32 = 0x00200000; +pub const FLG_ENABLE_CLOSE_EXCEPTIONS: u32 = 0x00400000; +pub const FLG_ENABLE_EXCEPTION_LOGGING: u32 = 0x00800000; +pub const FLG_ENABLE_HANDLE_TYPE_TAGGING: u32 = 0x01000000; +pub const FLG_HEAP_PAGE_ALLOCS: u32 = 0x02000000; +pub const FLG_DEBUG_INITIAL_COMMAND_EX: u32 = 0x04000000; +pub const FLG_DISABLE_DBGPRINT: u32 = 0x08000000; +pub const FLG_CRITSEC_EVENT_CREATION: u32 = 0x10000000; +pub const FLG_LDR_TOP_DOWN: u32 = 0x20000000; +pub const FLG_ENABLE_HANDLE_EXCEPTIONS: u32 = 0x40000000; +pub const FLG_DISABLE_PROTDLLS: u32 = 0x80000000; +pub const FLG_VALID_BITS: u32 = 0xfffffdff; +pub const FLG_USERMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS + | FLG_HEAP_ENABLE_TAIL_CHECK | FLG_HEAP_ENABLE_FREE_CHECK | FLG_HEAP_VALIDATE_PARAMETERS + | FLG_HEAP_VALIDATE_ALL | FLG_APPLICATION_VERIFIER | FLG_HEAP_ENABLE_TAGGING + | FLG_USER_STACK_TRACE_DB | FLG_HEAP_ENABLE_TAG_BY_DLL | FLG_DISABLE_STACK_EXTENSION + | FLG_ENABLE_SYSTEM_CRIT_BREAKS | FLG_HEAP_DISABLE_COALESCING | FLG_DISABLE_PROTDLLS + | FLG_HEAP_PAGE_ALLOCS | FLG_CRITSEC_EVENT_CREATION | FLG_LDR_TOP_DOWN; +pub const FLG_BOOTONLY_VALID_BITS: u32 = FLG_KERNEL_STACK_TRACE_DB | FLG_MAINTAIN_OBJECT_TYPELIST + | FLG_ENABLE_CSRDEBUG | FLG_DEBUG_INITIAL_COMMAND | FLG_DEBUG_INITIAL_COMMAND_EX + | FLG_DISABLE_PAGE_KERNEL_STACKS; +pub const FLG_KERNELMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS + | FLG_STOP_ON_HUNG_GUI | FLG_POOL_ENABLE_TAGGING | FLG_ENABLE_KDEBUG_SYMBOL_LOAD + | FLG_ENABLE_CLOSE_EXCEPTIONS | FLG_ENABLE_EXCEPTION_LOGGING | FLG_ENABLE_HANDLE_TYPE_TAGGING + | FLG_DISABLE_DBGPRINT | FLG_ENABLE_HANDLE_EXCEPTIONS; +EXTERN!{extern "system" { + fn NtQueryLicenseValue( + ValueName: PUNICODE_STRING, + Type: PULONG, + Data: PVOID, + DataSize: ULONG, + ResultDataSize: PULONG, + ) -> NTSTATUS; + fn NtSetDefaultHardErrorPort( + DefaultHardErrorPort: HANDLE, + ) -> NTSTATUS; +}} +ENUM!{enum SHUTDOWN_ACTION { + ShutdownNoReboot = 0, + ShutdownReboot = 1, + ShutdownPowerOff = 2, +}} +EXTERN!{extern "system" { + fn NtShutdownSystem( + Action: SHUTDOWN_ACTION, + ) -> NTSTATUS; + fn NtDisplayString( + String: PUNICODE_STRING, + ) -> NTSTATUS; + fn NtDrawText( + Text: PUNICODE_STRING, + ) -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/ntgdi.rs b/vendor/ntapi/src/ntgdi.rs new file mode 100644 index 000000000..ac6e387d4 --- /dev/null +++ b/vendor/ntapi/src/ntgdi.rs @@ -0,0 +1,123 @@ +use winapi::shared::ntdef::{PVOID, UCHAR, ULONG, USHORT}; +pub const GDI_MAX_HANDLE_COUNT: usize = 0x4000; +pub const GDI_HANDLE_INDEX_SHIFT: ULONG = 0; +pub const GDI_HANDLE_INDEX_BITS: ULONG = 16; +pub const GDI_HANDLE_INDEX_MASK: ULONG = 0xffff; +pub const GDI_HANDLE_TYPE_SHIFT: ULONG = 16; +pub const GDI_HANDLE_TYPE_BITS: ULONG = 5; +pub const GDI_HANDLE_TYPE_MASK: ULONG = 0x1f; +pub const GDI_HANDLE_ALTTYPE_SHIFT: ULONG = 21; +pub const GDI_HANDLE_ALTTYPE_BITS: ULONG = 2; +pub const GDI_HANDLE_ALTTYPE_MASK: ULONG = 0x3; +pub const GDI_HANDLE_STOCK_SHIFT: ULONG = 23; +pub const GDI_HANDLE_STOCK_BITS: ULONG = 1; +pub const GDI_HANDLE_STOCK_MASK: ULONG = 0x1; +pub const GDI_HANDLE_UNIQUE_SHIFT: ULONG = 24; +pub const GDI_HANDLE_UNIQUE_BITS: ULONG = 8; +pub const GDI_HANDLE_UNIQUE_MASK: ULONG = 0xff; +#[inline] +pub const fn GDI_HANDLE_INDEX(Handle: ULONG) -> ULONG { + Handle & GDI_HANDLE_INDEX_MASK +} +#[inline] +pub const fn GDI_HANDLE_TYPE(Handle: ULONG) -> ULONG { + Handle >> GDI_HANDLE_TYPE_SHIFT & GDI_HANDLE_TYPE_MASK +} +#[inline] +pub const fn GDI_HANDLE_ALTTYPE(Handle: ULONG) -> ULONG { + Handle >> GDI_HANDLE_ALTTYPE_SHIFT & GDI_HANDLE_ALTTYPE_MASK +} +#[inline] +pub const fn GDI_HANDLE_STOCK(Handle: ULONG) -> ULONG { + Handle >> GDI_HANDLE_STOCK_SHIFT & GDI_HANDLE_STOCK_MASK +} +#[inline] +pub const fn GDI_MAKE_HANDLE(Index: ULONG, Unique: ULONG) -> ULONG { + Unique << GDI_HANDLE_INDEX_BITS | Index +} +pub const GDI_DEF_TYPE: ULONG = 0; +pub const GDI_DC_TYPE: ULONG = 1; +pub const GDI_DD_DIRECTDRAW_TYPE: ULONG = 2; +pub const GDI_DD_SURFACE_TYPE: ULONG = 3; +pub const GDI_RGN_TYPE: ULONG = 4; +pub const GDI_SURF_TYPE: ULONG = 5; +pub const GDI_CLIENTOBJ_TYPE: ULONG = 6; +pub const GDI_PATH_TYPE: ULONG = 7; +pub const GDI_PAL_TYPE: ULONG = 8; +pub const GDI_ICMLCS_TYPE: ULONG = 9; +pub const GDI_LFONT_TYPE: ULONG = 10; +pub const GDI_RFONT_TYPE: ULONG = 11; +pub const GDI_PFE_TYPE: ULONG = 12; +pub const GDI_PFT_TYPE: ULONG = 13; +pub const GDI_ICMCXF_TYPE: ULONG = 14; +pub const GDI_ICMDLL_TYPE: ULONG = 15; +pub const GDI_BRUSH_TYPE: ULONG = 16; +pub const GDI_PFF_TYPE: ULONG = 17; +pub const GDI_CACHE_TYPE: ULONG = 18; +pub const GDI_SPACE_TYPE: ULONG = 19; +pub const GDI_DBRUSH_TYPE: ULONG = 20; +pub const GDI_META_TYPE: ULONG = 21; +pub const GDI_EFSTATE_TYPE: ULONG = 22; +pub const GDI_BMFD_TYPE: ULONG = 23; +pub const GDI_VTFD_TYPE: ULONG = 24; +pub const GDI_TTFD_TYPE: ULONG = 25; +pub const GDI_RC_TYPE: ULONG = 26; +pub const GDI_TEMP_TYPE: ULONG = 27; +pub const GDI_DRVOBJ_TYPE: ULONG = 28; +pub const GDI_DCIOBJ_TYPE: ULONG = 29; +pub const GDI_SPOOL_TYPE: ULONG = 30; +#[inline] +pub const fn GDI_CLIENT_TYPE_FROM_HANDLE(Handle: ULONG) -> ULONG { + Handle & (GDI_HANDLE_ALTTYPE_MASK << GDI_HANDLE_ALTTYPE_SHIFT | GDI_HANDLE_TYPE_MASK + << GDI_HANDLE_TYPE_SHIFT) +} +#[inline] +pub const fn GDI_CLIENT_TYPE_FROM_UNIQUE(Unique: ULONG) -> ULONG { + GDI_CLIENT_TYPE_FROM_HANDLE(Unique << 16) +} +pub const GDI_ALTTYPE_1: ULONG = 1 << GDI_HANDLE_ALTTYPE_SHIFT; +pub const GDI_ALTTYPE_2: ULONG = 2 << GDI_HANDLE_ALTTYPE_SHIFT; +pub const GDI_ALTTYPE_3: ULONG = 3 << GDI_HANDLE_ALTTYPE_SHIFT; +pub const GDI_CLIENT_BITMAP_TYPE: ULONG = GDI_SURF_TYPE << GDI_HANDLE_TYPE_SHIFT; +pub const GDI_CLIENT_BRUSH_TYPE: ULONG = GDI_BRUSH_TYPE << GDI_HANDLE_TYPE_SHIFT; +pub const GDI_CLIENT_CLIENTOBJ_TYPE: ULONG = GDI_CLIENTOBJ_TYPE << GDI_HANDLE_TYPE_SHIFT; +pub const GDI_CLIENT_DC_TYPE: ULONG = GDI_DC_TYPE << GDI_HANDLE_TYPE_SHIFT; +pub const GDI_CLIENT_FONT_TYPE: ULONG = GDI_LFONT_TYPE << GDI_HANDLE_TYPE_SHIFT; +pub const GDI_CLIENT_PALETTE_TYPE: ULONG = GDI_PAL_TYPE << GDI_HANDLE_TYPE_SHIFT; +pub const GDI_CLIENT_REGION_TYPE: ULONG = GDI_RGN_TYPE << GDI_HANDLE_TYPE_SHIFT; +pub const GDI_CLIENT_ALTDC_TYPE: ULONG = GDI_CLIENT_DC_TYPE | GDI_ALTTYPE_1; +pub const GDI_CLIENT_DIBSECTION_TYPE: ULONG = GDI_CLIENT_BITMAP_TYPE | GDI_ALTTYPE_1; +pub const GDI_CLIENT_EXTPEN_TYPE: ULONG = GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_2; +pub const GDI_CLIENT_METADC16_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_3; +pub const GDI_CLIENT_METAFILE_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_2; +pub const GDI_CLIENT_METAFILE16_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_1; +pub const GDI_CLIENT_PEN_TYPE: ULONG = GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_1; +UNION!{union GDI_HANDLE_ENTRY_u { + Object: PVOID, + NextFree: PVOID, +}} +STRUCT!{struct GDI_HANDLE_ENTRY_Owner_s { + ProcessId: USHORT, + Bitfields: USHORT, +}} +BITFIELD!{GDI_HANDLE_ENTRY_Owner_s Bitfields: USHORT [ + Lock set_Lock[0..1], + Count set_Count[1..16], +]} +UNION!{union GDI_HANDLE_ENTRY_Owner { + s: GDI_HANDLE_ENTRY_Owner_s, + Value: ULONG, +}} +STRUCT!{struct GDI_HANDLE_ENTRY { + u: GDI_HANDLE_ENTRY_u, + Owner: GDI_HANDLE_ENTRY_Owner, + Unique: USHORT, + Type: UCHAR, + Flags: UCHAR, + UserPointer: PVOID, +}} +pub type PGDI_HANDLE_ENTRY = *mut GDI_HANDLE_ENTRY; +STRUCT!{struct GDI_SHARED_MEMORY { + Handles: [GDI_HANDLE_ENTRY; GDI_MAX_HANDLE_COUNT], +}} +pub type PGDI_SHARED_MEMORY = *mut GDI_SHARED_MEMORY; diff --git a/vendor/ntapi/src/ntioapi.rs b/vendor/ntapi/src/ntioapi.rs new file mode 100644 index 000000000..48c416b21 --- /dev/null +++ b/vendor/ntapi/src/ntioapi.rs @@ -0,0 +1,1464 @@ +use crate::string::UTF16Const; +use crate::winapi_local::um::winioctl::CTL_CODE; +use winapi::shared::basetsd::ULONG_PTR; +use winapi::shared::guiddef::GUID; +use winapi::shared::minwindef::DWORD; +use winapi::shared::ntdef::{ + BOOLEAN, CCHAR, CHAR, HANDLE, LARGE_INTEGER, LONG, LONGLONG, NTSTATUS, PBOOLEAN, PHANDLE, + PLARGE_INTEGER, POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, + ULONGLONG, USHORT, WCHAR, +}; +use winapi::um::winioctl::{ + FILE_ANY_ACCESS, FILE_DEVICE_MAILSLOT, FILE_DEVICE_NAMED_PIPE, METHOD_BUFFERED, METHOD_NEITHER, +}; +use winapi::um::winnt::{ + ACCESS_MASK, FILE_ID_128, FILE_READ_DATA, FILE_WRITE_DATA, PFILE_SEGMENT_ELEMENT, PSID, SID, +}; +pub const FILE_SUPERSEDE: ULONG = 0x00000000; +pub const FILE_OPEN: ULONG = 0x00000001; +pub const FILE_CREATE: ULONG = 0x00000002; +pub const FILE_OPEN_IF: ULONG = 0x00000003; +pub const FILE_OVERWRITE: ULONG = 0x00000004; +pub const FILE_OVERWRITE_IF: ULONG = 0x00000005; +pub const FILE_MAXIMUM_DISPOSITION: ULONG = 0x00000005; +pub const FILE_DIRECTORY_FILE: ULONG = 0x00000001; +pub const FILE_WRITE_THROUGH: ULONG = 0x00000002; +pub const FILE_SEQUENTIAL_ONLY: ULONG = 0x00000004; +pub const FILE_NO_INTERMEDIATE_BUFFERING: ULONG = 0x00000008; +pub const FILE_SYNCHRONOUS_IO_ALERT: ULONG = 0x00000010; +pub const FILE_SYNCHRONOUS_IO_NONALERT: ULONG = 0x00000020; +pub const FILE_NON_DIRECTORY_FILE: ULONG = 0x00000040; +pub const FILE_CREATE_TREE_CONNECTION: ULONG = 0x00000080; +pub const FILE_COMPLETE_IF_OPLOCKED: ULONG = 0x00000100; +pub const FILE_NO_EA_KNOWLEDGE: ULONG = 0x00000200; +pub const FILE_OPEN_FOR_RECOVERY: ULONG = 0x00000400; +pub const FILE_RANDOM_ACCESS: ULONG = 0x00000800; +pub const FILE_DELETE_ON_CLOSE: ULONG = 0x00001000; +pub const FILE_OPEN_BY_FILE_ID: ULONG = 0x00002000; +pub const FILE_OPEN_FOR_BACKUP_INTENT: ULONG = 0x00004000; +pub const FILE_NO_COMPRESSION: ULONG = 0x00008000; +pub const FILE_OPEN_REQUIRING_OPLOCK: ULONG = 0x00010000; +pub const FILE_DISALLOW_EXCLUSIVE: ULONG = 0x00020000; +pub const FILE_SESSION_AWARE: ULONG = 0x00040000; +pub const FILE_RESERVE_OPFILTER: ULONG = 0x00100000; +pub const FILE_OPEN_REPARSE_POINT: ULONG = 0x00200000; +pub const FILE_OPEN_NO_RECALL: ULONG = 0x00400000; +pub const FILE_OPEN_FOR_FREE_SPACE_QUERY: ULONG = 0x00800000; +pub const FILE_COPY_STRUCTURED_STORAGE: ULONG = 0x00000041; +pub const FILE_STRUCTURED_STORAGE: ULONG = 0x00000441; +pub const FILE_SUPERSEDED: ULONG = 0x00000000; +pub const FILE_OPENED: ULONG = 0x00000001; +pub const FILE_CREATED: ULONG = 0x00000002; +pub const FILE_OVERWRITTEN: ULONG = 0x00000003; +pub const FILE_EXISTS: ULONG = 0x00000004; +pub const FILE_DOES_NOT_EXIST: ULONG = 0x00000005; +pub const FILE_WRITE_TO_END_OF_FILE: ULONG = 0xffffffff; +pub const FILE_USE_FILE_POINTER_POSITION: ULONG = 0xfffffffe; +pub const FILE_BYTE_ALIGNMENT: ULONG = 0x00000000; +pub const FILE_WORD_ALIGNMENT: ULONG = 0x00000001; +pub const FILE_LONG_ALIGNMENT: ULONG = 0x00000003; +pub const FILE_QUAD_ALIGNMENT: ULONG = 0x00000007; +pub const FILE_OCTA_ALIGNMENT: ULONG = 0x0000000f; +pub const FILE_32_BYTE_ALIGNMENT: ULONG = 0x0000001f; +pub const FILE_64_BYTE_ALIGNMENT: ULONG = 0x0000003f; +pub const FILE_128_BYTE_ALIGNMENT: ULONG = 0x0000007f; +pub const FILE_256_BYTE_ALIGNMENT: ULONG = 0x000000ff; +pub const FILE_512_BYTE_ALIGNMENT: ULONG = 0x000001ff; +pub const MAXIMUM_FILENAME_LENGTH: u32 = 256; +pub const FILE_NEED_EA: ULONG = 0x00000080; +pub const FILE_EA_TYPE_BINARY: ULONG = 0xfffe; +pub const FILE_EA_TYPE_ASCII: ULONG = 0xfffd; +pub const FILE_EA_TYPE_BITMAP: ULONG = 0xfffb; +pub const FILE_EA_TYPE_METAFILE: ULONG = 0xfffa; +pub const FILE_EA_TYPE_ICON: ULONG = 0xfff9; +pub const FILE_EA_TYPE_EA: ULONG = 0xffee; +pub const FILE_EA_TYPE_MVMT: ULONG = 0xffdf; +pub const FILE_EA_TYPE_MVST: ULONG = 0xffde; +pub const FILE_EA_TYPE_ASN1: ULONG = 0xffdd; +pub const FILE_EA_TYPE_FAMILY_IDS: ULONG = 0xff01; +pub const FILE_REMOVABLE_MEDIA: ULONG = 0x00000001; +pub const FILE_READ_ONLY_DEVICE: ULONG = 0x00000002; +pub const FILE_FLOPPY_DISKETTE: ULONG = 0x00000004; +pub const FILE_WRITE_ONCE_MEDIA: ULONG = 0x00000008; +pub const FILE_REMOTE_DEVICE: ULONG = 0x00000010; +pub const FILE_DEVICE_IS_MOUNTED: ULONG = 0x00000020; +pub const FILE_VIRTUAL_VOLUME: ULONG = 0x00000040; +pub const FILE_AUTOGENERATED_DEVICE_NAME: ULONG = 0x00000080; +pub const FILE_DEVICE_SECURE_OPEN: ULONG = 0x00000100; +pub const FILE_CHARACTERISTIC_PNP_DEVICE: ULONG = 0x00000800; +pub const FILE_CHARACTERISTIC_TS_DEVICE: ULONG = 0x00001000; +pub const FILE_CHARACTERISTIC_WEBDAV_DEVICE: ULONG = 0x00002000; +pub const FILE_CHARACTERISTIC_CSV: ULONG = 0x00010000; +pub const FILE_DEVICE_ALLOW_APPCONTAINER_TRAVERSAL: ULONG = 0x00020000; +pub const FILE_PORTABLE_DEVICE: ULONG = 0x00040000; +pub const FILE_PIPE_BYTE_STREAM_TYPE: ULONG = 0x00000000; +pub const FILE_PIPE_MESSAGE_TYPE: ULONG = 0x00000001; +pub const FILE_PIPE_ACCEPT_REMOTE_CLIENTS: ULONG = 0x00000000; +pub const FILE_PIPE_REJECT_REMOTE_CLIENTS: ULONG = 0x00000002; +pub const FILE_PIPE_TYPE_VALID_MASK: ULONG = 0x00000003; +pub const FILE_PIPE_QUEUE_OPERATION: ULONG = 0x00000000; +pub const FILE_PIPE_COMPLETE_OPERATION: ULONG = 0x00000001; +pub const FILE_PIPE_BYTE_STREAM_MODE: ULONG = 0x00000000; +pub const FILE_PIPE_MESSAGE_MODE: ULONG = 0x00000001; +pub const FILE_PIPE_INBOUND: ULONG = 0x00000000; +pub const FILE_PIPE_OUTBOUND: ULONG = 0x00000001; +pub const FILE_PIPE_FULL_DUPLEX: ULONG = 0x00000002; +pub const FILE_PIPE_DISCONNECTED_STATE: ULONG = 0x00000001; +pub const FILE_PIPE_LISTENING_STATE: ULONG = 0x00000002; +pub const FILE_PIPE_CONNECTED_STATE: ULONG = 0x00000003; +pub const FILE_PIPE_CLOSING_STATE: ULONG = 0x00000004; +pub const FILE_PIPE_CLIENT_END: ULONG = 0x00000000; +pub const FILE_PIPE_SERVER_END: ULONG = 0x00000001; +pub const MAILSLOT_SIZE_AUTO: u32 = 0; +UNION!{union IO_STATUS_BLOCK_u { + Status: NTSTATUS, + Pointer: PVOID, +}} +STRUCT!{struct IO_STATUS_BLOCK { + u: IO_STATUS_BLOCK_u, + Information: ULONG_PTR, +}} +pub type PIO_STATUS_BLOCK = *mut IO_STATUS_BLOCK; +FN!{stdcall PIO_APC_ROUTINE( + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Reserved: ULONG, +) -> ()} +STRUCT!{struct FILE_IO_COMPLETION_INFORMATION { + KeyContext: PVOID, + ApcContext: PVOID, + IoStatusBlock: IO_STATUS_BLOCK, +}} +pub type PFILE_IO_COMPLETION_INFORMATION = *mut FILE_IO_COMPLETION_INFORMATION; +ENUM!{enum FILE_INFORMATION_CLASS { + FileDirectoryInformation = 1, + FileFullDirectoryInformation = 2, + FileBothDirectoryInformation = 3, + FileBasicInformation = 4, + FileStandardInformation = 5, + FileInternalInformation = 6, + FileEaInformation = 7, + FileAccessInformation = 8, + FileNameInformation = 9, + FileRenameInformation = 10, + FileLinkInformation = 11, + FileNamesInformation = 12, + FileDispositionInformation = 13, + FilePositionInformation = 14, + FileFullEaInformation = 15, + FileModeInformation = 16, + FileAlignmentInformation = 17, + FileAllInformation = 18, + FileAllocationInformation = 19, + FileEndOfFileInformation = 20, + FileAlternateNameInformation = 21, + FileStreamInformation = 22, + FilePipeInformation = 23, + FilePipeLocalInformation = 24, + FilePipeRemoteInformation = 25, + FileMailslotQueryInformation = 26, + FileMailslotSetInformation = 27, + FileCompressionInformation = 28, + FileObjectIdInformation = 29, + FileCompletionInformation = 30, + FileMoveClusterInformation = 31, + FileQuotaInformation = 32, + FileReparsePointInformation = 33, + FileNetworkOpenInformation = 34, + FileAttributeTagInformation = 35, + FileTrackingInformation = 36, + FileIdBothDirectoryInformation = 37, + FileIdFullDirectoryInformation = 38, + FileValidDataLengthInformation = 39, + FileShortNameInformation = 40, + FileIoCompletionNotificationInformation = 41, + FileIoStatusBlockRangeInformation = 42, + FileIoPriorityHintInformation = 43, + FileSfioReserveInformation = 44, + FileSfioVolumeInformation = 45, + FileHardLinkInformation = 46, + FileProcessIdsUsingFileInformation = 47, + FileNormalizedNameInformation = 48, + FileNetworkPhysicalNameInformation = 49, + FileIdGlobalTxDirectoryInformation = 50, + FileIsRemoteDeviceInformation = 51, + FileUnusedInformation = 52, + FileNumaNodeInformation = 53, + FileStandardLinkInformation = 54, + FileRemoteProtocolInformation = 55, + FileRenameInformationBypassAccessCheck = 56, + FileLinkInformationBypassAccessCheck = 57, + FileVolumeNameInformation = 58, + FileIdInformation = 59, + FileIdExtdDirectoryInformation = 60, + FileReplaceCompletionInformation = 61, + FileHardLinkFullIdInformation = 62, + FileIdExtdBothDirectoryInformation = 63, + FileDispositionInformationEx = 64, + FileRenameInformationEx = 65, + FileRenameInformationExBypassAccessCheck = 66, + FileDesiredStorageClassInformation = 67, + FileStatInformation = 68, + FileMemoryPartitionInformation = 69, + FileStatLxInformation = 70, + FileCaseSensitiveInformation = 71, + FileLinkInformationEx = 72, + FileLinkInformationExBypassAccessCheck = 73, + FileStorageReserveIdInformation = 74, + FileCaseSensitiveInformationForceAccessCheck = 75, + FileMaximumInformation = 76, +}} +pub type PFILE_INFORMATION_CLASS = *mut FILE_INFORMATION_CLASS; +STRUCT!{struct FILE_BASIC_INFORMATION { + CreationTime: LARGE_INTEGER, + LastAccessTime: LARGE_INTEGER, + LastWriteTime: LARGE_INTEGER, + ChangeTime: LARGE_INTEGER, + FileAttributes: ULONG, +}} +pub type PFILE_BASIC_INFORMATION = *mut FILE_BASIC_INFORMATION; +STRUCT!{struct FILE_STANDARD_INFORMATION { + AllocationSize: LARGE_INTEGER, + EndOfFile: LARGE_INTEGER, + NumberOfLinks: ULONG, + DeletePending: BOOLEAN, + Directory: BOOLEAN, +}} +pub type PFILE_STANDARD_INFORMATION = *mut FILE_STANDARD_INFORMATION; +STRUCT!{struct FILE_STANDARD_INFORMATION_EX { + AllocationSize: LARGE_INTEGER, + EndOfFile: LARGE_INTEGER, + NumberOfLinks: ULONG, + DeletePending: BOOLEAN, + Directory: BOOLEAN, + AlternateStream: BOOLEAN, + MetadataAttribute: BOOLEAN, +}} +pub type PFILE_STANDARD_INFORMATION_EX = *mut FILE_STANDARD_INFORMATION_EX; +STRUCT!{struct FILE_INTERNAL_INFORMATION { + IndexNumber: LARGE_INTEGER, +}} +pub type PFILE_INTERNAL_INFORMATION = *mut FILE_INTERNAL_INFORMATION; +STRUCT!{struct FILE_EA_INFORMATION { + EaSize: ULONG, +}} +pub type PFILE_EA_INFORMATION = *mut FILE_EA_INFORMATION; +STRUCT!{struct FILE_ACCESS_INFORMATION { + AccessFlags: ACCESS_MASK, +}} +pub type PFILE_ACCESS_INFORMATION = *mut FILE_ACCESS_INFORMATION; +STRUCT!{struct FILE_POSITION_INFORMATION { + CurrentByteOffset: LARGE_INTEGER, +}} +pub type PFILE_POSITION_INFORMATION = *mut FILE_POSITION_INFORMATION; +STRUCT!{struct FILE_MODE_INFORMATION { + Mode: ULONG, +}} +pub type PFILE_MODE_INFORMATION = *mut FILE_MODE_INFORMATION; +STRUCT!{struct FILE_ALIGNMENT_INFORMATION { + AlignmentRequirement: ULONG, +}} +pub type PFILE_ALIGNMENT_INFORMATION = *mut FILE_ALIGNMENT_INFORMATION; +STRUCT!{struct FILE_NAME_INFORMATION { + FileNameLength: ULONG, + FileName: [WCHAR; 1], +}} +pub type PFILE_NAME_INFORMATION = *mut FILE_NAME_INFORMATION; +STRUCT!{struct FILE_ALL_INFORMATION { + BasicInformation: FILE_BASIC_INFORMATION, + StandardInformation: FILE_STANDARD_INFORMATION, + InternalInformation: FILE_INTERNAL_INFORMATION, + EaInformation: FILE_EA_INFORMATION, + AccessInformation: FILE_ACCESS_INFORMATION, + PositionInformation: FILE_POSITION_INFORMATION, + ModeInformation: FILE_MODE_INFORMATION, + AlignmentInformation: FILE_ALIGNMENT_INFORMATION, + NameInformation: FILE_NAME_INFORMATION, +}} +pub type PFILE_ALL_INFORMATION = *mut FILE_ALL_INFORMATION; +STRUCT!{struct FILE_NETWORK_OPEN_INFORMATION { + CreationTime: LARGE_INTEGER, + LastAccessTime: LARGE_INTEGER, + LastWriteTime: LARGE_INTEGER, + ChangeTime: LARGE_INTEGER, + AllocationSize: LARGE_INTEGER, + EndOfFile: LARGE_INTEGER, + FileAttributes: ULONG, +}} +pub type PFILE_NETWORK_OPEN_INFORMATION = *mut FILE_NETWORK_OPEN_INFORMATION; +STRUCT!{struct FILE_ATTRIBUTE_TAG_INFORMATION { + FileAttributes: ULONG, + ReparseTag: ULONG, +}} +pub type PFILE_ATTRIBUTE_TAG_INFORMATION = *mut FILE_ATTRIBUTE_TAG_INFORMATION; +STRUCT!{struct FILE_ALLOCATION_INFORMATION { + AllocationSize: LARGE_INTEGER, +}} +pub type PFILE_ALLOCATION_INFORMATION = *mut FILE_ALLOCATION_INFORMATION; +STRUCT!{struct FILE_COMPRESSION_INFORMATION { + CompressedFileSize: LARGE_INTEGER, + CompressionFormat: USHORT, + CompressionUnitShift: UCHAR, + ChunkShift: UCHAR, + ClusterShift: UCHAR, + Reserved: [UCHAR; 3], +}} +pub type PFILE_COMPRESSION_INFORMATION = *mut FILE_COMPRESSION_INFORMATION; +STRUCT!{struct FILE_DISPOSITION_INFORMATION { + DeleteFileA: BOOLEAN, +}} +pub type PFILE_DISPOSITION_INFORMATION = *mut FILE_DISPOSITION_INFORMATION; +STRUCT!{struct FILE_END_OF_FILE_INFORMATION { + EndOfFile: LARGE_INTEGER, +}} +pub type PFILE_END_OF_FILE_INFORMATION = *mut FILE_END_OF_FILE_INFORMATION; +STRUCT!{struct FILE_VALID_DATA_LENGTH_INFORMATION { + ValidDataLength: LARGE_INTEGER, +}} +pub type PFILE_VALID_DATA_LENGTH_INFORMATION = *mut FILE_VALID_DATA_LENGTH_INFORMATION; +STRUCT!{struct FILE_LINK_INFORMATION { + ReplaceIfExists: BOOLEAN, + RootDirectory: HANDLE, + FileNameLength: ULONG, + FileName: [WCHAR; 1], +}} +pub type PFILE_LINK_INFORMATION = *mut FILE_LINK_INFORMATION; +STRUCT!{struct FILE_MOVE_CLUSTER_INFORMATION { + ClusterCount: ULONG, + RootDirectory: HANDLE, + FileNameLength: ULONG, + FileName: [WCHAR; 1], +}} +pub type PFILE_MOVE_CLUSTER_INFORMATION = *mut FILE_MOVE_CLUSTER_INFORMATION; +STRUCT!{struct FILE_RENAME_INFORMATION { + ReplaceIfExists: BOOLEAN, + RootDirectory: HANDLE, + FileNameLength: ULONG, + FileName: [WCHAR; 1], +}} +pub type PFILE_RENAME_INFORMATION = *mut FILE_RENAME_INFORMATION; +STRUCT!{struct FILE_STREAM_INFORMATION { + NextEntryOffset: ULONG, + StreamNameLength: ULONG, + StreamSize: LARGE_INTEGER, + StreamAllocationSize: LARGE_INTEGER, + StreamName: [WCHAR; 1], +}} +pub type PFILE_STREAM_INFORMATION = *mut FILE_STREAM_INFORMATION; +STRUCT!{struct FILE_TRACKING_INFORMATION { + DestinationFile: HANDLE, + ObjectInformationLength: ULONG, + ObjectInformation: [CHAR; 1], +}} +pub type PFILE_TRACKING_INFORMATION = *mut FILE_TRACKING_INFORMATION; +STRUCT!{struct FILE_COMPLETION_INFORMATION { + Port: HANDLE, + Key: PVOID, +}} +pub type PFILE_COMPLETION_INFORMATION = *mut FILE_COMPLETION_INFORMATION; +STRUCT!{struct FILE_PIPE_INFORMATION { + ReadMode: ULONG, + CompletionMode: ULONG, +}} +pub type PFILE_PIPE_INFORMATION = *mut FILE_PIPE_INFORMATION; +STRUCT!{struct FILE_PIPE_LOCAL_INFORMATION { + NamedPipeType: ULONG, + NamedPipeConfiguration: ULONG, + MaximumInstances: ULONG, + CurrentInstances: ULONG, + InboundQuota: ULONG, + ReadDataAvailable: ULONG, + OutboundQuota: ULONG, + WriteQuotaAvailable: ULONG, + NamedPipeState: ULONG, + NamedPipeEnd: ULONG, +}} +pub type PFILE_PIPE_LOCAL_INFORMATION = *mut FILE_PIPE_LOCAL_INFORMATION; +STRUCT!{struct FILE_PIPE_REMOTE_INFORMATION { + CollectDataTime: LARGE_INTEGER, + MaximumCollectionCount: ULONG, +}} +pub type PFILE_PIPE_REMOTE_INFORMATION = *mut FILE_PIPE_REMOTE_INFORMATION; +STRUCT!{struct FILE_MAILSLOT_QUERY_INFORMATION { + MaximumMessageSize: ULONG, + MailslotQuota: ULONG, + NextMessageSize: ULONG, + MessagesAvailable: ULONG, + ReadTimeout: LARGE_INTEGER, +}} +pub type PFILE_MAILSLOT_QUERY_INFORMATION = *mut FILE_MAILSLOT_QUERY_INFORMATION; +STRUCT!{struct FILE_MAILSLOT_SET_INFORMATION { + ReadTimeout: PLARGE_INTEGER, +}} +pub type PFILE_MAILSLOT_SET_INFORMATION = *mut FILE_MAILSLOT_SET_INFORMATION; +STRUCT!{struct FILE_REPARSE_POINT_INFORMATION { + FileReference: LONGLONG, + Tag: ULONG, +}} +pub type PFILE_REPARSE_POINT_INFORMATION = *mut FILE_REPARSE_POINT_INFORMATION; +STRUCT!{struct FILE_LINK_ENTRY_INFORMATION { + NextEntryOffset: ULONG, + ParentFileId: LONGLONG, + FileNameLength: ULONG, + FileName: [WCHAR; 1], +}} +pub type PFILE_LINK_ENTRY_INFORMATION = *mut FILE_LINK_ENTRY_INFORMATION; +STRUCT!{struct FILE_LINKS_INFORMATION { + BytesNeeded: ULONG, + EntriesReturned: ULONG, + Entry: FILE_LINK_ENTRY_INFORMATION, +}} +pub type PFILE_LINKS_INFORMATION = *mut FILE_LINKS_INFORMATION; +STRUCT!{struct FILE_NETWORK_PHYSICAL_NAME_INFORMATION { + FileNameLength: ULONG, + FileName: [WCHAR; 1], +}} +pub type PFILE_NETWORK_PHYSICAL_NAME_INFORMATION = *mut FILE_NETWORK_PHYSICAL_NAME_INFORMATION; +STRUCT!{struct FILE_STANDARD_LINK_INFORMATION { + NumberOfAccessibleLinks: ULONG, + TotalNumberOfLinks: ULONG, + DeletePending: BOOLEAN, + Directory: BOOLEAN, +}} +pub type PFILE_STANDARD_LINK_INFORMATION = *mut FILE_STANDARD_LINK_INFORMATION; +STRUCT!{struct FILE_SFIO_RESERVE_INFORMATION { + RequestsPerPeriod: ULONG, + Period: ULONG, + RetryFailures: BOOLEAN, + Discardable: BOOLEAN, + RequestSize: ULONG, + NumOutstandingRequests: ULONG, +}} +pub type PFILE_SFIO_RESERVE_INFORMATION = *mut FILE_SFIO_RESERVE_INFORMATION; +STRUCT!{struct FILE_SFIO_VOLUME_INFORMATION { + MaximumRequestsPerPeriod: ULONG, + MinimumPeriod: ULONG, + MinimumTransferSize: ULONG, +}} +pub type PFILE_SFIO_VOLUME_INFORMATION = *mut FILE_SFIO_VOLUME_INFORMATION; +ENUM!{enum IO_PRIORITY_HINT { + IoPriorityVeryLow = 0, + IoPriorityLow = 1, + IoPriorityNormal = 2, + IoPriorityHigh = 3, + IoPriorityCritical = 4, + MaxIoPriorityTypes = 5, +}} +STRUCT!{struct FILE_IO_PRIORITY_HINT_INFORMATION { + PriorityHint: IO_PRIORITY_HINT, +}} +pub type PFILE_IO_PRIORITY_HINT_INFORMATION = *mut FILE_IO_PRIORITY_HINT_INFORMATION; +STRUCT!{struct FILE_IO_PRIORITY_HINT_INFORMATION_EX { + PriorityHint: IO_PRIORITY_HINT, + BoostOutstanding: BOOLEAN, +}} +pub type PFILE_IO_PRIORITY_HINT_INFORMATION_EX = *mut FILE_IO_PRIORITY_HINT_INFORMATION_EX; +pub const FILE_SKIP_COMPLETION_PORT_ON_SUCCESS: u32 = 0x1; +pub const FILE_SKIP_SET_EVENT_ON_HANDLE: u32 = 0x2; +pub const FILE_SKIP_SET_USER_EVENT_ON_FAST_IO: u32 = 0x4; +STRUCT!{struct FILE_IO_COMPLETION_NOTIFICATION_INFORMATION { + Flags: ULONG, +}} +pub type PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION = + *mut FILE_IO_COMPLETION_NOTIFICATION_INFORMATION; +STRUCT!{struct FILE_PROCESS_IDS_USING_FILE_INFORMATION { + NumberOfProcessIdsInList: ULONG, + ProcessIdList: [ULONG_PTR; 1], +}} +pub type PFILE_PROCESS_IDS_USING_FILE_INFORMATION = *mut FILE_PROCESS_IDS_USING_FILE_INFORMATION; +STRUCT!{struct FILE_IS_REMOTE_DEVICE_INFORMATION { + IsRemote: BOOLEAN, +}} +pub type PFILE_IS_REMOTE_DEVICE_INFORMATION = *mut FILE_IS_REMOTE_DEVICE_INFORMATION; +STRUCT!{struct FILE_NUMA_NODE_INFORMATION { + NodeNumber: USHORT, +}} +pub type PFILE_NUMA_NODE_INFORMATION = *mut FILE_NUMA_NODE_INFORMATION; +STRUCT!{struct FILE_IOSTATUSBLOCK_RANGE_INFORMATION { + IoStatusBlockRange: PUCHAR, + Length: ULONG, +}} +pub type PFILE_IOSTATUSBLOCK_RANGE_INFORMATION = *mut FILE_IOSTATUSBLOCK_RANGE_INFORMATION; +STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_GenericReserved { + Reserved: [ULONG; 8], +}} +STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Server { + Capabilities: ULONG, +}} +STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Share { + Capabilities: ULONG, + CachingFlags: ULONG, +}} +STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2 { + Server: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Server, + Share: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Share, +}} +UNION!{union FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific { + Smb2: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2, + Reserved: [ULONG; 16], +}} +STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION { + StructureVersion: USHORT, + StructureSize: USHORT, + Protocol: ULONG, + ProtocolMajorVersion: USHORT, + ProtocolMinorVersion: USHORT, + ProtocolRevision: USHORT, + Reserved: USHORT, + Flags: ULONG, + GenericReserved: FILE_REMOTE_PROTOCOL_INFORMATION_GenericReserved, + ProtocolSpecific: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific, +}} +pub type PFILE_REMOTE_PROTOCOL_INFORMATION = *mut FILE_REMOTE_PROTOCOL_INFORMATION; +pub const CHECKSUM_ENFORCEMENT_OFF: u32 = 0x00000001; +STRUCT!{struct FILE_INTEGRITY_STREAM_INFORMATION { + ChecksumAlgorithm: USHORT, + ChecksumChunkShift: UCHAR, + ClusterShift: UCHAR, + Flags: ULONG, +}} +pub type PFILE_INTEGRITY_STREAM_INFORMATION = *mut FILE_INTEGRITY_STREAM_INFORMATION; +STRUCT!{struct FILE_VOLUME_NAME_INFORMATION { + DeviceNameLength: ULONG, + DeviceName: [WCHAR; 1], +}} +pub type PFILE_VOLUME_NAME_INFORMATION = *mut FILE_VOLUME_NAME_INFORMATION; +STRUCT!{struct FILE_ID_INFORMATION { + VolumeSerialNumber: ULONGLONG, + FileId: FILE_ID_128, +}} +pub type PFILE_ID_INFORMATION = *mut FILE_ID_INFORMATION; +STRUCT!{struct FILE_ID_EXTD_DIR_INFORMATION { + NextEntryOffset: ULONG, + FileIndex: ULONG, + CreationTime: LARGE_INTEGER, + LastAccessTime: LARGE_INTEGER, + LastWriteTime: LARGE_INTEGER, + ChangeTime: LARGE_INTEGER, + EndOfFile: LARGE_INTEGER, + AllocationSize: LARGE_INTEGER, + FileAttributes: ULONG, + FileNameLength: ULONG, + EaSize: ULONG, + ReparsePointTag: ULONG, + FileId: FILE_ID_128, + FileName: [WCHAR; 1], +}} +pub type PFILE_ID_EXTD_DIR_INFORMATION = *mut FILE_ID_EXTD_DIR_INFORMATION; +STRUCT!{struct FILE_LINK_ENTRY_FULL_ID_INFORMATION { + NextEntryOffset: ULONG, + ParentFileId: FILE_ID_128, + FileNameLength: ULONG, + FileName: [WCHAR; 1], +}} +pub type PFILE_LINK_ENTRY_FULL_ID_INFORMATION = *mut FILE_LINK_ENTRY_FULL_ID_INFORMATION; +STRUCT!{struct FILE_ID_EXTD_BOTH_DIR_INFORMATION { + NextEntryOffset: ULONG, + FileIndex: ULONG, + CreationTime: LARGE_INTEGER, + LastAccessTime: LARGE_INTEGER, + LastWriteTime: LARGE_INTEGER, + ChangeTime: LARGE_INTEGER, + EndOfFile: LARGE_INTEGER, + AllocationSize: LARGE_INTEGER, + FileAttributes: ULONG, + FileNameLength: ULONG, + EaSize: ULONG, + ReparsePointTag: ULONG, + FileId: FILE_ID_128, + ShortNameLength: CCHAR, + ShortName: [WCHAR; 12], + FileName: [WCHAR; 1], +}} +pub type PFILE_ID_EXTD_BOTH_DIR_INFORMATION = *mut FILE_ID_EXTD_BOTH_DIR_INFORMATION; +STRUCT!{struct FILE_STAT_INFORMATION { + FileId: LARGE_INTEGER, + CreationTime: LARGE_INTEGER, + LastAccessTime: LARGE_INTEGER, + LastWriteTime: LARGE_INTEGER, + ChangeTime: LARGE_INTEGER, + AllocationSize: LARGE_INTEGER, + EndOfFile: LARGE_INTEGER, + FileAttributes: ULONG, + ReparseTag: ULONG, + NumberOfLinks: ULONG, + EffectiveAccess: ULONG, +}} +pub type PFILE_STAT_INFORMATION = *mut FILE_STAT_INFORMATION; +STRUCT!{struct FILE_MEMORY_PARTITION_INFORMATION_Flags_s { + NoCrossPartitionAccess: UCHAR, + Spare: [UCHAR; 3], +}} +UNION!{union FILE_MEMORY_PARTITION_INFORMATION_Flags { + s: FILE_MEMORY_PARTITION_INFORMATION_Flags_s, + AllFlags: ULONG, +}} +STRUCT!{struct FILE_MEMORY_PARTITION_INFORMATION { + OwnerPartitionHandle: HANDLE, + Flags: FILE_MEMORY_PARTITION_INFORMATION_Flags, +}} +pub type PFILE_MEMORY_PARTITION_INFORMATION = *mut FILE_MEMORY_PARTITION_INFORMATION; +STRUCT!{struct FILE_STAT_LX_INFORMATION { + FileId: LARGE_INTEGER, + CreationTime: LARGE_INTEGER, + LastAccessTime: LARGE_INTEGER, + LastWriteTime: LARGE_INTEGER, + ChangeTime: LARGE_INTEGER, + AllocationSize: LARGE_INTEGER, + EndOfFile: LARGE_INTEGER, + FileAttributes: ULONG, + ReparseTag: ULONG, + NumberOfLinks: ULONG, + EffectiveAccess: ULONG, + LxFlags: ULONG, + LxUid: ULONG, + LxGid: ULONG, + LxMode: ULONG, + LxDeviceIdMajor: ULONG, + LxDeviceIdMinor: ULONG, +}} +pub type PFILE_STAT_LX_INFORMATION = *mut FILE_STAT_LX_INFORMATION; +STRUCT!{struct FILE_CASE_SENSITIVE_INFORMATION { + Flags: ULONG, +}} +pub type PFILE_CASE_SENSITIVE_INFORMATION = *mut FILE_CASE_SENSITIVE_INFORMATION; +STRUCT!{struct FILE_DIRECTORY_INFORMATION { + NextEntryOffset: ULONG, + FileIndex: ULONG, + CreationTime: LARGE_INTEGER, + LastAccessTime: LARGE_INTEGER, + LastWriteTime: LARGE_INTEGER, + ChangeTime: LARGE_INTEGER, + EndOfFile: LARGE_INTEGER, + AllocationSize: LARGE_INTEGER, + FileAttributes: ULONG, + FileNameLength: ULONG, + FileName: [WCHAR; 1], +}} +pub type PFILE_DIRECTORY_INFORMATION = *mut FILE_DIRECTORY_INFORMATION; +STRUCT!{struct FILE_FULL_DIR_INFORMATION { + NextEntryOffset: ULONG, + FileIndex: ULONG, + CreationTime: LARGE_INTEGER, + LastAccessTime: LARGE_INTEGER, + LastWriteTime: LARGE_INTEGER, + ChangeTime: LARGE_INTEGER, + EndOfFile: LARGE_INTEGER, + AllocationSize: LARGE_INTEGER, + FileAttributes: ULONG, + FileNameLength: ULONG, + EaSize: ULONG, + FileName: [WCHAR; 1], +}} +pub type PFILE_FULL_DIR_INFORMATION = *mut FILE_FULL_DIR_INFORMATION; +STRUCT!{struct FILE_ID_FULL_DIR_INFORMATION { + NextEntryOffset: ULONG, + FileIndex: ULONG, + CreationTime: LARGE_INTEGER, + LastAccessTime: LARGE_INTEGER, + LastWriteTime: LARGE_INTEGER, + ChangeTime: LARGE_INTEGER, + EndOfFile: LARGE_INTEGER, + AllocationSize: LARGE_INTEGER, + FileAttributes: ULONG, + FileNameLength: ULONG, + EaSize: ULONG, + FileId: LARGE_INTEGER, + FileName: [WCHAR; 1], +}} +pub type PFILE_ID_FULL_DIR_INFORMATION = *mut FILE_ID_FULL_DIR_INFORMATION; +STRUCT!{struct FILE_BOTH_DIR_INFORMATION { + NextEntryOffset: ULONG, + FileIndex: ULONG, + CreationTime: LARGE_INTEGER, + LastAccessTime: LARGE_INTEGER, + LastWriteTime: LARGE_INTEGER, + ChangeTime: LARGE_INTEGER, + EndOfFile: LARGE_INTEGER, + AllocationSize: LARGE_INTEGER, + FileAttributes: ULONG, + FileNameLength: ULONG, + EaSize: ULONG, + ShortNameLength: CCHAR, + ShortName: [WCHAR; 12], + FileName: [WCHAR; 1], +}} +pub type PFILE_BOTH_DIR_INFORMATION = *mut FILE_BOTH_DIR_INFORMATION; +STRUCT!{struct FILE_ID_BOTH_DIR_INFORMATION { + NextEntryOffset: ULONG, + FileIndex: ULONG, + CreationTime: LARGE_INTEGER, + LastAccessTime: LARGE_INTEGER, + LastWriteTime: LARGE_INTEGER, + ChangeTime: LARGE_INTEGER, + EndOfFile: LARGE_INTEGER, + AllocationSize: LARGE_INTEGER, + FileAttributes: ULONG, + FileNameLength: ULONG, + EaSize: ULONG, + ShortNameLength: CCHAR, + ShortName: [WCHAR; 12], + FileId: LARGE_INTEGER, + FileName: [WCHAR; 1], +}} +pub type PFILE_ID_BOTH_DIR_INFORMATION = *mut FILE_ID_BOTH_DIR_INFORMATION; +STRUCT!{struct FILE_NAMES_INFORMATION { + NextEntryOffset: ULONG, + FileIndex: ULONG, + FileNameLength: ULONG, + FileName: [WCHAR; 1], +}} +pub type PFILE_NAMES_INFORMATION = *mut FILE_NAMES_INFORMATION; +STRUCT!{struct FILE_ID_GLOBAL_TX_DIR_INFORMATION { + NextEntryOffset: ULONG, + FileIndex: ULONG, + CreationTime: LARGE_INTEGER, + LastAccessTime: LARGE_INTEGER, + LastWriteTime: LARGE_INTEGER, + ChangeTime: LARGE_INTEGER, + EndOfFile: LARGE_INTEGER, + AllocationSize: LARGE_INTEGER, + FileAttributes: ULONG, + FileNameLength: ULONG, + FileId: LARGE_INTEGER, + LockingTransactionId: GUID, + TxInfoFlags: ULONG, + FileName: [WCHAR; 1], +}} +pub type PFILE_ID_GLOBAL_TX_DIR_INFORMATION = *mut FILE_ID_GLOBAL_TX_DIR_INFORMATION; +pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED: u32 = 0x00000001; +pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX: u32 = 0x00000002; +pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX: u32 = 0x00000004; +STRUCT!{struct FILE_OBJECTID_INFORMATION_u_s { + BirthVolumeId: [UCHAR; 16], + BirthObjectId: [UCHAR; 16], + DomainId: [UCHAR; 16], +}} +UNION!{union FILE_OBJECTID_INFORMATION_u { + s: FILE_OBJECTID_INFORMATION_u_s, + ExtendedInfo: [UCHAR; 48], +}} +STRUCT!{struct FILE_OBJECTID_INFORMATION { + FileReference: LONGLONG, + ObjectId: [UCHAR; 16], + u: FILE_OBJECTID_INFORMATION_u, +}} +pub type PFILE_OBJECTID_INFORMATION = *mut FILE_OBJECTID_INFORMATION; +STRUCT!{struct FILE_FULL_EA_INFORMATION { + NextEntryOffset: ULONG, + Flags: UCHAR, + EaNameLength: UCHAR, + EaValueLength: USHORT, + EaName: [CHAR; 1], +}} +pub type PFILE_FULL_EA_INFORMATION = *mut FILE_FULL_EA_INFORMATION; +STRUCT!{struct FILE_GET_EA_INFORMATION { + NextEntryOffset: ULONG, + EaNameLength: UCHAR, + EaName: [CHAR; 1], +}} +pub type PFILE_GET_EA_INFORMATION = *mut FILE_GET_EA_INFORMATION; +STRUCT!{struct FILE_GET_QUOTA_INFORMATION { + NextEntryOffset: ULONG, + SidLength: ULONG, + Sid: SID, +}} +pub type PFILE_GET_QUOTA_INFORMATION = *mut FILE_GET_QUOTA_INFORMATION; +STRUCT!{struct FILE_QUOTA_INFORMATION { + NextEntryOffset: ULONG, + SidLength: ULONG, + ChangeTime: LARGE_INTEGER, + QuotaUsed: LARGE_INTEGER, + QuotaThreshold: LARGE_INTEGER, + QuotaLimit: LARGE_INTEGER, + Sid: SID, +}} +pub type PFILE_QUOTA_INFORMATION = *mut FILE_QUOTA_INFORMATION; +ENUM!{enum FS_INFORMATION_CLASS { + FileFsVolumeInformation = 1, + FileFsLabelInformation = 2, + FileFsSizeInformation = 3, + FileFsDeviceInformation = 4, + FileFsAttributeInformation = 5, + FileFsControlInformation = 6, + FileFsFullSizeInformation = 7, + FileFsObjectIdInformation = 8, + FileFsDriverPathInformation = 9, + FileFsVolumeFlagsInformation = 10, + FileFsSectorSizeInformation = 11, + FileFsDataCopyInformation = 12, + FileFsMetadataSizeInformation = 13, + FileFsFullSizeInformationEx = 14, + FileFsMaximumInformation = 15, +}} +pub type PFS_INFORMATION_CLASS = *mut FS_INFORMATION_CLASS; +STRUCT!{struct FILE_FS_LABEL_INFORMATION { + VolumeLabelLength: ULONG, + VolumeLabel: [WCHAR; 1], +}} +pub type PFILE_FS_LABEL_INFORMATION = *mut FILE_FS_LABEL_INFORMATION; +STRUCT!{struct FILE_FS_VOLUME_INFORMATION { + VolumeCreationTime: LARGE_INTEGER, + VolumeSerialNumber: ULONG, + VolumeLabelLength: ULONG, + SupportsObjects: BOOLEAN, + VolumeLabel: [WCHAR; 1], +}} +pub type PFILE_FS_VOLUME_INFORMATION = *mut FILE_FS_VOLUME_INFORMATION; +STRUCT!{struct FILE_FS_SIZE_INFORMATION { + TotalAllocationUnits: LARGE_INTEGER, + AvailableAllocationUnits: LARGE_INTEGER, + SectorsPerAllocationUnit: ULONG, + BytesPerSector: ULONG, +}} +pub type PFILE_FS_SIZE_INFORMATION = *mut FILE_FS_SIZE_INFORMATION; +STRUCT!{struct FILE_FS_CONTROL_INFORMATION { + FreeSpaceStartFiltering: LARGE_INTEGER, + FreeSpaceThreshold: LARGE_INTEGER, + FreeSpaceStopFiltering: LARGE_INTEGER, + DefaultQuotaThreshold: LARGE_INTEGER, + DefaultQuotaLimit: LARGE_INTEGER, + FileSystemControlFlags: ULONG, +}} +pub type PFILE_FS_CONTROL_INFORMATION = *mut FILE_FS_CONTROL_INFORMATION; +STRUCT!{struct FILE_FS_FULL_SIZE_INFORMATION { + TotalAllocationUnits: LARGE_INTEGER, + CallerAvailableAllocationUnits: LARGE_INTEGER, + ActualAvailableAllocationUnits: LARGE_INTEGER, + SectorsPerAllocationUnit: ULONG, + BytesPerSector: ULONG, +}} +pub type PFILE_FS_FULL_SIZE_INFORMATION = *mut FILE_FS_FULL_SIZE_INFORMATION; +STRUCT!{struct FILE_FS_OBJECTID_INFORMATION { + ObjectId: [UCHAR; 16], + ExtendedInfo: [UCHAR; 48], +}} +pub type PFILE_FS_OBJECTID_INFORMATION = *mut FILE_FS_OBJECTID_INFORMATION; +STRUCT!{struct FILE_FS_DEVICE_INFORMATION { + DeviceType: DWORD, + Characteristics: ULONG, +}} +pub type PFILE_FS_DEVICE_INFORMATION = *mut FILE_FS_DEVICE_INFORMATION; +STRUCT!{struct FILE_FS_ATTRIBUTE_INFORMATION { + FileSystemAttributes: ULONG, + MaximumComponentNameLength: LONG, + FileSystemNameLength: ULONG, + FileSystemName: [WCHAR; 1], +}} +pub type PFILE_FS_ATTRIBUTE_INFORMATION = *mut FILE_FS_ATTRIBUTE_INFORMATION; +STRUCT!{struct FILE_FS_DRIVER_PATH_INFORMATION { + DriverInPath: BOOLEAN, + DriverNameLength: ULONG, + DriverName: [WCHAR; 1], +}} +pub type PFILE_FS_DRIVER_PATH_INFORMATION = *mut FILE_FS_DRIVER_PATH_INFORMATION; +STRUCT!{struct FILE_FS_VOLUME_FLAGS_INFORMATION { + Flags: ULONG, +}} +pub type PFILE_FS_VOLUME_FLAGS_INFORMATION = *mut FILE_FS_VOLUME_FLAGS_INFORMATION; +pub const SSINFO_FLAGS_ALIGNED_DEVICE: u32 = 0x00000001; +pub const SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE: u32 = 0x00000002; +pub const SSINFO_OFFSET_UNKNOWN: u32 = 0xffffffff; +STRUCT!{struct FILE_FS_SECTOR_SIZE_INFORMATION { + LogicalBytesPerSector: ULONG, + PhysicalBytesPerSectorForAtomicity: ULONG, + PhysicalBytesPerSectorForPerformance: ULONG, + FileSystemEffectivePhysicalBytesPerSectorForAtomicity: ULONG, + Flags: ULONG, + ByteOffsetForSectorAlignment: ULONG, + ByteOffsetForPartitionAlignment: ULONG, +}} +pub type PFILE_FS_SECTOR_SIZE_INFORMATION = *mut FILE_FS_SECTOR_SIZE_INFORMATION; +STRUCT!{struct FILE_FS_DATA_COPY_INFORMATION { + NumberOfCopies: ULONG, +}} +pub type PFILE_FS_DATA_COPY_INFORMATION = *mut FILE_FS_DATA_COPY_INFORMATION; +STRUCT!{struct FILE_FS_METADATA_SIZE_INFORMATION { + TotalMetadataAllocationUnits: LARGE_INTEGER, + SectorsPerAllocationUnit: ULONG, + BytesPerSector: ULONG, +}} +pub type PFILE_FS_METADATA_SIZE_INFORMATION = *mut FILE_FS_METADATA_SIZE_INFORMATION; +STRUCT!{struct FILE_FS_FULL_SIZE_INFORMATION_EX { + ActualTotalAllocationUnits: ULONGLONG, + ActualAvailableAllocationUnits: ULONGLONG, + ActualPoolUnavailableAllocationUnits: ULONGLONG, + CallerTotalAllocationUnits: ULONGLONG, + CallerAvailableAllocationUnits: ULONGLONG, + CallerPoolUnavailableAllocationUnits: ULONGLONG, + UsedAllocationUnits: ULONGLONG, + TotalReservedAllocationUnits: ULONGLONG, + VolumeStorageReserveAllocationUnits: ULONGLONG, + AvailableCommittedAllocationUnits: ULONGLONG, + PoolAvailableAllocationUnits: ULONGLONG, + SectorsPerAllocationUnit: ULONG, + BytesPerSector: ULONG, +}} +pub type PFILE_FS_FULL_SIZE_INFORMATION_EX = *mut FILE_FS_FULL_SIZE_INFORMATION_EX; +EXTERN!{extern "system" { + fn NtCreateFile( + FileHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + AllocationSize: PLARGE_INTEGER, + FileAttributes: ULONG, + ShareAccess: ULONG, + CreateDisposition: ULONG, + CreateOptions: ULONG, + EaBuffer: PVOID, + EaLength: ULONG, + ) -> NTSTATUS; + fn NtCreateNamedPipeFile( + FileHandle: PHANDLE, + DesiredAccess: ULONG, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + ShareAccess: ULONG, + CreateDisposition: ULONG, + CreateOptions: ULONG, + NamedPipeType: ULONG, + ReadMode: ULONG, + CompletionMode: ULONG, + MaximumInstances: ULONG, + InboundQuota: ULONG, + OutboundQuota: ULONG, + DefaultTimeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtCreateMailslotFile( + FileHandle: PHANDLE, + DesiredAccess: ULONG, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + CreateOptions: ULONG, + MailslotQuota: ULONG, + MaximumMessageSize: ULONG, + ReadTimeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtOpenFile( + FileHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + ShareAccess: ULONG, + OpenOptions: ULONG, + ) -> NTSTATUS; + fn NtDeleteFile( + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtFlushBuffersFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + fn NtFlushBuffersFileEx( + FileHandle: HANDLE, + Flags: ULONG, + Parameters: PVOID, + ParametersSize: ULONG, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + fn NtQueryInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ) -> NTSTATUS; + fn NtQueryInformationByName( + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ) -> NTSTATUS; + fn NtSetInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ) -> NTSTATUS; + fn NtQueryDirectoryFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ReturnSingleEntry: BOOLEAN, + FileName: PUNICODE_STRING, + RestartScan: BOOLEAN, + ) -> NTSTATUS; + fn NtQueryEaFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ReturnSingleEntry: BOOLEAN, + EaList: PVOID, + EaListLength: ULONG, + EaIndex: PULONG, + RestartScan: BOOLEAN, + ) -> NTSTATUS; + fn NtSetEaFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ) -> NTSTATUS; + fn NtQueryQuotaInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ReturnSingleEntry: BOOLEAN, + SidList: PVOID, + SidListLength: ULONG, + StartSid: PSID, + RestartScan: BOOLEAN, + ) -> NTSTATUS; + fn NtSetQuotaInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ) -> NTSTATUS; + fn NtQueryVolumeInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FsInformation: PVOID, + Length: ULONG, + FsInformationClass: FS_INFORMATION_CLASS, + ) -> NTSTATUS; + fn NtSetVolumeInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FsInformation: PVOID, + Length: ULONG, + FsInformationClass: FS_INFORMATION_CLASS, + ) -> NTSTATUS; + fn NtCancelIoFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + fn NtCancelIoFileEx( + FileHandle: HANDLE, + IoRequestToCancel: PIO_STATUS_BLOCK, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + fn NtCancelSynchronousIoFile( + ThreadHandle: HANDLE, + IoRequestToCancel: PIO_STATUS_BLOCK, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + fn NtDeviceIoControlFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + IoControlCode: ULONG, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ) -> NTSTATUS; + fn NtFsControlFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + FsControlCode: ULONG, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ) -> NTSTATUS; + fn NtReadFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + fn NtWriteFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + fn NtReadFileScatter( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + SegmentArray: PFILE_SEGMENT_ELEMENT, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + fn NtWriteFileGather( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + SegmentArray: PFILE_SEGMENT_ELEMENT, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + fn NtLockFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + ByteOffset: PLARGE_INTEGER, + Length: PLARGE_INTEGER, + Key: ULONG, + FailImmediately: BOOLEAN, + ExclusiveLock: BOOLEAN, + ) -> NTSTATUS; + fn NtUnlockFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + ByteOffset: PLARGE_INTEGER, + Length: PLARGE_INTEGER, + Key: ULONG, + ) -> NTSTATUS; + fn NtQueryAttributesFile( + ObjectAttributes: POBJECT_ATTRIBUTES, + FileInformation: PFILE_BASIC_INFORMATION, + ) -> NTSTATUS; + fn NtQueryFullAttributesFile( + ObjectAttributes: POBJECT_ATTRIBUTES, + FileInformation: PFILE_NETWORK_OPEN_INFORMATION, + ) -> NTSTATUS; + fn NtNotifyChangeDirectoryFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + ) -> NTSTATUS; + fn NtLoadDriver( + DriverServiceName: PUNICODE_STRING, + ) -> NTSTATUS; + fn NtUnloadDriver( + DriverServiceName: PUNICODE_STRING, + ) -> NTSTATUS; +}} +pub const IO_COMPLETION_QUERY_STATE: u32 = 0x0001; +ENUM!{enum IO_COMPLETION_INFORMATION_CLASS { + IoCompletionBasicInformation = 0, +}} +STRUCT!{struct IO_COMPLETION_BASIC_INFORMATION { + Depth: LONG, +}} +pub type PIO_COMPLETION_BASIC_INFORMATION = *mut IO_COMPLETION_BASIC_INFORMATION; +EXTERN!{extern "system" { + fn NtCreateIoCompletion( + IoCompletionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Count: ULONG, + ) -> NTSTATUS; + fn NtOpenIoCompletion( + IoCompletionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtQueryIoCompletion( + IoCompletionHandle: HANDLE, + IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS, + IoCompletionInformation: PVOID, + IoCompletionInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtSetIoCompletion( + IoCompletionHandle: HANDLE, + KeyContext: PVOID, + ApcContext: PVOID, + IoStatus: NTSTATUS, + IoStatusInformation: ULONG_PTR, + ) -> NTSTATUS; + fn NtSetIoCompletionEx( + IoCompletionHandle: HANDLE, + IoCompletionPacketHandle: HANDLE, + KeyContext: PVOID, + ApcContext: PVOID, + IoStatus: NTSTATUS, + IoStatusInformation: ULONG_PTR, + ) -> NTSTATUS; + fn NtRemoveIoCompletion( + IoCompletionHandle: HANDLE, + KeyContext: *mut PVOID, + ApcContext: *mut PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtRemoveIoCompletionEx( + IoCompletionHandle: HANDLE, + IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION, + Count: ULONG, + NumEntriesRemoved: PULONG, + Timeout: PLARGE_INTEGER, + Alertable: BOOLEAN, + ) -> NTSTATUS; + fn NtCreateWaitCompletionPacket( + WaitCompletionPacketHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtAssociateWaitCompletionPacket( + WaitCompletionPacketHandle: HANDLE, + IoCompletionHandle: HANDLE, + TargetObjectHandle: HANDLE, + KeyContext: PVOID, + ApcContext: PVOID, + IoStatus: NTSTATUS, + IoStatusInformation: ULONG_PTR, + AlreadySignaled: PBOOLEAN, + ) -> NTSTATUS; + fn NtCancelWaitCompletionPacket( + WaitCompletionPacketHandle: HANDLE, + RemoveSignaledPacket: BOOLEAN, + ) -> NTSTATUS; +}} +ENUM!{enum IO_SESSION_EVENT { + IoSessionEventIgnore = 0, + IoSessionEventCreated = 1, + IoSessionEventTerminated = 2, + IoSessionEventConnected = 3, + IoSessionEventDisconnected = 4, + IoSessionEventLogon = 5, + IoSessionEventLogoff = 6, + IoSessionEventMax = 7, +}} +ENUM!{enum IO_SESSION_STATE { + IoSessionStateCreated = 0, + IoSessionStateInitialized = 1, + IoSessionStateConnected = 2, + IoSessionStateDisconnected = 3, + IoSessionStateDisconnectedLoggedOn = 4, + IoSessionStateLoggedOn = 5, + IoSessionStateLoggedOff = 6, + IoSessionStateTerminated = 7, + IoSessionStateMax = 8, +}} +EXTERN!{extern "system" { + fn NtNotifyChangeSession( + SessionHandle: HANDLE, + ChangeSequenceNumber: ULONG, + ChangeTimeStamp: PLARGE_INTEGER, + Event: IO_SESSION_EVENT, + NewState: IO_SESSION_STATE, + PreviousState: IO_SESSION_STATE, + Payload: PVOID, + PayloadSize: ULONG, + ) -> NTSTATUS; +}} +ENUM!{enum INTERFACE_TYPE { + InterfaceTypeUndefined = -1i32 as u32, + Internal = 0, + Isa = 1, + Eisa = 2, + MicroChannel = 3, + TurboChannel = 4, + PCIBus = 5, + VMEBus = 6, + NuBus = 7, + PCMCIABus = 8, + CBus = 9, + MPIBus = 10, + MPSABus = 11, + ProcessorInternal = 12, + InternalPowerBus = 13, + PNPISABus = 14, + PNPBus = 15, + Vmcs = 16, + MaximumInterfaceType = 17, +}} +pub type PINTERFACE_TYPE = *mut INTERFACE_TYPE; +ENUM!{enum DMA_WIDTH { + Width8Bits = 0, + Width16Bits = 1, + Width32Bits = 2, + MaximumDmaWidth = 3, +}} +pub type PDMA_WIDTH = *mut DMA_WIDTH; +ENUM!{enum DMA_SPEED { + Compatible = 0, + TypeA = 1, + TypeB = 2, + TypeC = 3, + TypeF = 4, + MaximumDmaSpeed = 5, +}} +pub type PDMA_SPEED = *mut DMA_SPEED; +ENUM!{enum BUS_DATA_TYPE { + ConfigurationSpaceUndefined = -1i32 as u32, + Cmos = 0, + EisaConfiguration = 1, + Pos = 2, + CbusConfiguration = 3, + PCIConfiguration = 4, + VMEConfiguration = 5, + NuBusConfiguration = 6, + PCMCIAConfiguration = 7, + MPIConfiguration = 8, + MPSAConfiguration = 9, + PNPISAConfiguration = 10, + SgiInternalConfiguration = 11, + MaximumBusDataType = 12, +}} +pub type PBUS_DATA_TYPE = *mut BUS_DATA_TYPE; +pub const SYMLINK_FLAG_RELATIVE: u32 = 1; +STRUCT!{struct REPARSE_DATA_BUFFER_u_SymbolicLinkReparseBuffer { + SubstituteNameOffset: USHORT, + SubstituteNameLength: USHORT, + PrintNameOffset: USHORT, + PrintNameLength: USHORT, + Flags: ULONG, + PathBuffer: [WCHAR; 1], +}} +STRUCT!{struct REPARSE_DATA_BUFFER_u_MountPointReparseBuffer { + SubstituteNameOffset: USHORT, + SubstituteNameLength: USHORT, + PrintNameOffset: USHORT, + PrintNameLength: USHORT, + PathBuffer: [WCHAR; 1], +}} +STRUCT!{struct REPARSE_DATA_BUFFER_u_GenericReparseBuffer { + DataBuffer: [UCHAR; 1], +}} +UNION!{union REPARSE_DATA_BUFFER_u { + SymbolicLinkReparseBuffer: REPARSE_DATA_BUFFER_u_SymbolicLinkReparseBuffer, + MountPointReparseBuffer: REPARSE_DATA_BUFFER_u_MountPointReparseBuffer, + GenericReparseBuffer: REPARSE_DATA_BUFFER_u_GenericReparseBuffer, +}} +STRUCT!{struct REPARSE_DATA_BUFFER { + ReparseTag: ULONG, + ReparseDataLength: USHORT, + Reserved: USHORT, + u: REPARSE_DATA_BUFFER_u, +}} +pub type PREPARSE_DATA_BUFFER = *mut REPARSE_DATA_BUFFER; +/// "\Device\NamedPipe\" +pub const DEVICE_NAMED_PIPE: UTF16Const = UTF16Const(&[ + 0x005C, 0x0044, 0x0065, 0x0076, 0x0069, 0x0063, 0x0065, 0x005C, 0x004E, 0x0061, 0x006D, 0x0065, + 0x0064, 0x0050, 0x0069, 0x0070, 0x0065, 0x005C, 0u16, +]); +pub const FSCTL_PIPE_ASSIGN_EVENT: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_DISCONNECT: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_LISTEN: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_PEEK: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA); +pub const FSTL_PIPE_QUERY_EVENT: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_TRANSCEIVE: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA); +pub const FSTL_PIPE_WAIT: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_IMPERSONATE: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_SET_CLIENT_PROCESS: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_QUERY_CLIENT_PROCESS: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_GET_PIPE_ATTRIBUTE: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_SET_PIPE_ATTRIBUTE: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_GET_CONNECTION_ATTRIBUTE: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_SET_CONNECTION_ATTRIBUTE: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_GET_HANDLE_ATTRIBUTE: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_SET_HANDLE_ATTRIBUTE: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS); +pub const FSTL_PIPE_FLUSH: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA); +pub const FSTL_PIPE_INTERNAL_READ: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA); +pub const FSTL_PIPE_INTERNAL_WRITE: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA); +pub const FSTL_PIPE_INTERNAL_TRANSCEIVE: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA); +pub const FSTL_PIPE_INTERNAL_READ_OVFLOW: u32 = + CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA); +pub const FILE_PIPE_READ_DATA: u32 = 0x00000000; +pub const FILE_PIPE_WRITE_SPACE: u32 = 0x00000001; +STRUCT!{struct FILE_PIPE_ASSIGN_EVENT_BUFFER { + EventHandle: HANDLE, + KeyValue: ULONG, +}} +pub type PFILE_PIPE_ASSIGN_EVENT_BUFFER = *mut FILE_PIPE_ASSIGN_EVENT_BUFFER; +STRUCT!{struct FILE_PIPE_PEEK_BUFFER { + NamedPipeState: ULONG, + ReadDataAvailable: ULONG, + NumberOfMessages: ULONG, + MessageLength: ULONG, + Data: [CHAR; 1], +}} +pub type PFILE_PIPE_PEEK_BUFFER = *mut FILE_PIPE_PEEK_BUFFER; +STRUCT!{struct FILE_PIPE_EVENT_BUFFER { + NamedPipeState: ULONG, + EntryType: ULONG, + ByteCount: ULONG, + KeyValue: ULONG, + NumberRequests: ULONG, +}} +pub type PFILE_PIPE_EVENT_BUFFER = *mut FILE_PIPE_EVENT_BUFFER; +STRUCT!{struct FILE_PIPE_WAIT_FOR_BUFFER { + Timeout: LARGE_INTEGER, + NameLength: ULONG, + TimeoutSpecified: BOOLEAN, + Name: [WCHAR; 1], +}} +pub type PFILE_PIPE_WAIT_FOR_BUFFER = *mut FILE_PIPE_WAIT_FOR_BUFFER; +STRUCT!{struct FILE_PIPE_CLIENT_PROCESS_BUFFER { + ClientSession: PVOID, + ClientProcess: PVOID, +}} +pub type PFILE_PIPE_CLIENT_PROCESS_BUFFER = *mut FILE_PIPE_CLIENT_PROCESS_BUFFER; +pub const FILE_PIPE_COMPUTER_NAME_LENGTH: usize = 15; +STRUCT!{struct FILE_PIPE_CLIENT_PROCESS_BUFFER_EX { + ClientSession: PVOID, + ClientProcess: PVOID, + ClientComputerNameLength: USHORT, + ClientComputerBuffer: [WCHAR; FILE_PIPE_COMPUTER_NAME_LENGTH + 1], +}} +pub type PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX = *mut FILE_PIPE_CLIENT_PROCESS_BUFFER_EX; +pub const MAILSLOT_CLASS_FIRSTCLASS: u32 = 1; +pub const MAILSLOT_CLASS_SECONDCLASS: u32 = 2; +pub const FSCTL_MAILSLOT_PEEK: u32 = + CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA); +STRUCT!{struct FILE_MAILSLOT_PEEK_BUFFER { + ReadDataAvailable: ULONG, + NumberOfMessages: ULONG, + MessageLength: ULONG, +}} +pub type PFILE_MAILSLOT_PEEK_BUFFER = *mut FILE_MAILSLOT_PEEK_BUFFER; diff --git a/vendor/ntapi/src/ntkeapi.rs b/vendor/ntapi/src/ntkeapi.rs new file mode 100644 index 000000000..a26f39b39 --- /dev/null +++ b/vendor/ntapi/src/ntkeapi.rs @@ -0,0 +1,121 @@ +use winapi::shared::ntdef::{BOOLEAN, NTSTATUS, PVOID, ULONG}; +pub const LOW_PRIORITY: u32 = 0; +pub const LOW_REALTIME_PRIORITY: u32 = 16; +pub const HIGH_PRIORITY: u32 = 31; +pub const MAXIMUM_PRIORITY: u32 = 32; +ENUM!{enum KTHREAD_STATE { + Initialized = 0, + Ready = 1, + Running = 2, + Standby = 3, + Terminated = 4, + Waiting = 5, + Transition = 6, + DeferredReady = 7, + GateWaitObsolete = 8, + WaitingForProcessInSwap = 9, + MaximumThreadState = 10, +}} +pub type PKTHREAD_STATE = *mut KTHREAD_STATE; +ENUM!{enum KHETERO_CPU_POLICY { + KHeteroCpuPolicyAll = 0, + KHeteroCpuPolicyLarge = 1, + KHeteroCpuPolicyLargeOrIdle = 2, + KHeteroCpuPolicySmall = 3, + KHeteroCpuPolicySmallOrIdle = 4, + KHeteroCpuPolicyDynamic = 5, + KHeteroCpuPolicyStaticMax = 6, + KHeteroCpuPolicyBiasedSmall = 7, + KHeteroCpuPolicyBiasedLarge = 8, + KHeteroCpuPolicyDefault = 9, + KHeteroCpuPolicyMax = 10, +}} +pub type PKHETERO_CPU_POLICY = *mut KHETERO_CPU_POLICY; +ENUM!{enum KWAIT_REASON { + Executive = 0, + FreePage = 1, + PageIn = 2, + PoolAllocation = 3, + DelayExecution = 4, + Suspended = 5, + UserRequest = 6, + WrExecutive = 7, + WrFreePage = 8, + WrPageIn = 9, + WrPoolAllocation = 10, + WrDelayExecution = 11, + WrSuspended = 12, + WrUserRequest = 13, + WrEventPair = 14, + WrQueue = 15, + WrLpcReceive = 16, + WrLpcReply = 17, + WrVirtualMemory = 18, + WrPageOut = 19, + WrRendezvous = 20, + WrKeyedEvent = 21, + WrTerminated = 22, + WrProcessInSwap = 23, + WrCpuRateControl = 24, + WrCalloutStack = 25, + WrKernel = 26, + WrResource = 27, + WrPushLock = 28, + WrMutex = 29, + WrQuantumEnd = 30, + WrDispatchInt = 31, + WrPreempted = 32, + WrYieldExecution = 33, + WrFastMutex = 34, + WrGuardedMutex = 35, + WrRundown = 36, + WrAlertByThreadId = 37, + WrDeferredPreempt = 38, + MaximumWaitReason = 39, +}} +pub type PKWAIT_REASON = *mut KWAIT_REASON; +ENUM!{enum KPROFILE_SOURCE { + ProfileTime = 0, + ProfileAlignmentFixup = 1, + ProfileTotalIssues = 2, + ProfilePipelineDry = 3, + ProfileLoadInstructions = 4, + ProfilePipelineFrozen = 5, + ProfileBranchInstructions = 6, + ProfileTotalNonissues = 7, + ProfileDcacheMisses = 8, + ProfileIcacheMisses = 9, + ProfileCacheMisses = 10, + ProfileBranchMispredictions = 11, + ProfileStoreInstructions = 12, + ProfileFpInstructions = 13, + ProfileIntegerInstructions = 14, + Profile2Issue = 15, + Profile3Issue = 16, + Profile4Issue = 17, + ProfileSpecialInstructions = 18, + ProfileTotalCycles = 19, + ProfileIcacheIssues = 20, + ProfileDcacheAccesses = 21, + ProfileMemoryBarrierCycles = 22, + ProfileLoadLinkedIssues = 23, + ProfileMaximum = 24, +}} +EXTERN!{extern "system" { + fn NtCallbackReturn( + OutputBuffer: PVOID, + OutputLength: ULONG, + Status: NTSTATUS, + ) -> NTSTATUS; + fn NtFlushProcessWriteBuffers(); + fn NtQueryDebugFilterState( + ComponentId: ULONG, + Level: ULONG, + ) -> NTSTATUS; + fn NtSetDebugFilterState( + ComponentId: ULONG, + Level: ULONG, + State: BOOLEAN, + ) -> NTSTATUS; + fn NtYieldExecution() -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/ntldr.rs b/vendor/ntapi/src/ntldr.rs new file mode 100644 index 000000000..1114dd8e2 --- /dev/null +++ b/vendor/ntapi/src/ntldr.rs @@ -0,0 +1,661 @@ +use winapi::shared::basetsd::{LONG_PTR, PSIZE_T, SIZE_T, ULONG_PTR}; +use winapi::shared::ntdef::{ + BOOLEAN, HANDLE, LARGE_INTEGER, LIST_ENTRY, LONG, LONGLONG, NTSTATUS, PANSI_STRING, PCSTR, + PCUNICODE_STRING, PCWSTR, PHANDLE, POBJECT_ATTRIBUTES, PSINGLE_LIST_ENTRY, PSTR, PULONG, + PUNICODE_STRING, PUSHORT, PVOID, PWSTR, RTL_BALANCED_NODE, SINGLE_LIST_ENTRY, UCHAR, ULONG, + UNICODE_STRING, USHORT, +}; +use winapi::um::winnt::{ + ACCESS_MASK, ACTIVATION_CONTEXT, IMAGE_RESOURCE_DIRECTORY_ENTRY, PCIMAGE_DELAYLOAD_DESCRIPTOR, + PIMAGE_BASE_RELOCATION, PIMAGE_IMPORT_DESCRIPTOR, PIMAGE_RESOURCE_DATA_ENTRY, + PIMAGE_RESOURCE_DIRECTORY, PIMAGE_RESOURCE_DIRECTORY_STRING, PIMAGE_THUNK_DATA, +}; +FN!{stdcall PLDR_INIT_ROUTINE( + DllHandle: PVOID, + Reason: ULONG, + Context: PVOID, +) -> BOOLEAN} +STRUCT!{struct LDR_SERVICE_TAG_RECORD { + Next: *mut LDR_SERVICE_TAG_RECORD, + ServiceTag: ULONG, +}} +pub type PLDR_SERVICE_TAG_RECORD = *mut LDR_SERVICE_TAG_RECORD; +STRUCT!{struct LDRP_CSLIST { + Tail: PSINGLE_LIST_ENTRY, +}} +pub type PLDRP_CSLIST = *mut LDRP_CSLIST; +ENUM!{enum LDR_DDAG_STATE { + LdrModulesMerged = -5i32 as u32, + LdrModulesInitError = -4i32 as u32, + LdrModulesSnapError = -3i32 as u32, + LdrModulesUnloaded = -2i32 as u32, + LdrModulesUnloading = -1i32 as u32, + LdrModulesPlaceHolder = 0, + LdrModulesMapping = 1, + LdrModulesMapped = 2, + LdrModulesWaitingForDependencies = 3, + LdrModulesSnapping = 4, + LdrModulesSnapped = 5, + LdrModulesCondensed = 6, + LdrModulesReadyToInit = 7, + LdrModulesInitializing = 8, + LdrModulesReadyToRun = 9, +}} +UNION!{union LDR_DDAG_NODE_u { + Dependencies: LDRP_CSLIST, + RemovalLink: SINGLE_LIST_ENTRY, +}} +STRUCT!{struct LDR_DDAG_NODE { + Modules: LIST_ENTRY, + ServiceTagList: PLDR_SERVICE_TAG_RECORD, + LoadCount: ULONG, + LoadWhileUnloadingCount: ULONG, + LowestLink: ULONG, + u: LDR_DDAG_NODE_u, + IncomingDependencies: LDRP_CSLIST, + State: LDR_DDAG_STATE, + CondenseLink: SINGLE_LIST_ENTRY, + PreorderNumber: ULONG, +}} +pub type PLDR_DDAG_NODE = *mut LDR_DDAG_NODE; +STRUCT!{struct LDR_DEPENDENCY_RECORD { + DependencyLink: SINGLE_LIST_ENTRY, + DependencyNode: PLDR_DDAG_NODE, + IncomingDependencyLink: SINGLE_LIST_ENTRY, + IncomingDependencyNode: PLDR_DDAG_NODE, +}} +pub type PLDR_DEPENDENCY_RECORD = *mut LDR_DEPENDENCY_RECORD; +ENUM!{enum LDR_DLL_LOAD_REASON { + LoadReasonStaticDependency = 0, + LoadReasonStaticForwarderDependency = 1, + LoadReasonDynamicForwarderDependency = 2, + LoadReasonDelayloadDependency = 3, + LoadReasonDynamicLoad = 4, + LoadReasonAsImageLoad = 5, + LoadReasonAsDataLoad = 6, + LoadReasonEnclavePrimary = 7, + LoadReasonEnclaveDependency = 8, + LoadReasonUnknown = -1i32 as u32, +}} +pub type PLDR_DLL_LOAD_REASON = *mut LDR_DLL_LOAD_REASON; +pub const LDRP_PACKAGED_BINARY: ULONG = 0x00000001; +pub const LDRP_STATIC_LINK: ULONG = 0x00000002; +pub const LDRP_IMAGE_DLL: ULONG = 0x00000004; +pub const LDRP_LOAD_IN_PROGRESS: ULONG = 0x00001000; +pub const LDRP_UNLOAD_IN_PROGRESS: ULONG = 0x00002000; +pub const LDRP_ENTRY_PROCESSED: ULONG = 0x00004000; +pub const LDRP_ENTRY_INSERTED: ULONG = 0x00008000; +pub const LDRP_CURRENT_LOAD: ULONG = 0x00010000; +pub const LDRP_FAILED_BUILTIN_LOAD: ULONG = 0x00020000; +pub const LDRP_DONT_CALL_FOR_THREADS: ULONG = 0x00040000; +pub const LDRP_PROCESS_ATTACH_CALLED: ULONG = 0x00080000; +pub const LDRP_DEBUG_SYMBOLS_LOADED: ULONG = 0x00100000; +pub const LDRP_IMAGE_NOT_AT_BASE: ULONG = 0x00200000; +pub const LDRP_COR_IMAGE: ULONG = 0x00400000; +pub const LDRP_DONT_RELOCATE: ULONG = 0x00800000; +pub const LDRP_SYSTEM_MAPPED: ULONG = 0x01000000; +pub const LDRP_IMAGE_VERIFYING: ULONG = 0x02000000; +pub const LDRP_DRIVER_DEPENDENT_DLL: ULONG = 0x04000000; +pub const LDRP_ENTRY_NATIVE: ULONG = 0x08000000; +pub const LDRP_REDIRECTED: ULONG = 0x10000000; +pub const LDRP_NON_PAGED_DEBUG_INFO: ULONG = 0x20000000; +pub const LDRP_MM_LOADED: ULONG = 0x40000000; +pub const LDRP_COMPAT_DATABASE_PROCESSED: ULONG = 0x80000000; +STRUCT!{struct LDRP_LOAD_CONTEXT { + BaseDllName: UNICODE_STRING, + somestruct: PVOID, + Flags: ULONG, + pstatus: *mut NTSTATUS, + ParentEntry: *mut LDR_DATA_TABLE_ENTRY, + Entry: *mut LDR_DATA_TABLE_ENTRY, + WorkQueueListEntry: LIST_ENTRY, + ReplacedEntry: *mut LDR_DATA_TABLE_ENTRY, + pvImports: *mut *mut LDR_DATA_TABLE_ENTRY, + ImportDllCount: ULONG, + TaskCount: LONG, + pvIAT: PVOID, + SizeOfIAT: ULONG, + CurrentDll: ULONG, + piid: PIMAGE_IMPORT_DESCRIPTOR, + OriginalIATProtect: ULONG, + GuardCFCheckFunctionPointer: PVOID, + pGuardCFCheckFunctionPointer: *mut PVOID, +}} +UNION!{union LDR_DATA_TABLE_ENTRY_u1 { + InInitializationOrderLinks: LIST_ENTRY, + InProgressLinks: LIST_ENTRY, +}} +UNION!{union LDR_DATA_TABLE_ENTRY_u2 { + FlagGroup: [UCHAR; 4], + Flags: ULONG, +}} +STRUCT!{struct LDR_DATA_TABLE_ENTRY { + InLoadOrderLinks: LIST_ENTRY, + InMemoryOrderLinks: LIST_ENTRY, + u1: LDR_DATA_TABLE_ENTRY_u1, + DllBase: PVOID, + EntryPoint: PLDR_INIT_ROUTINE, + SizeOfImage: ULONG, + FullDllName: UNICODE_STRING, + BaseDllName: UNICODE_STRING, + u2: LDR_DATA_TABLE_ENTRY_u2, + ObsoleteLoadCount: USHORT, + TlsIndex: USHORT, + HashLinks: LIST_ENTRY, + TimeDateStamp: ULONG, + EntryPointActivationContext: *mut ACTIVATION_CONTEXT, + Lock: PVOID, + DdagNode: PLDR_DDAG_NODE, + NodeModuleLink: LIST_ENTRY, + LoadContext: *mut LDRP_LOAD_CONTEXT, + ParentDllBase: PVOID, + SwitchBackContext: PVOID, + BaseAddressIndexNode: RTL_BALANCED_NODE, + MappingInfoIndexNode: RTL_BALANCED_NODE, + OriginalBase: ULONG_PTR, + LoadTime: LARGE_INTEGER, + BaseNameHashValue: ULONG, + LoadReason: LDR_DLL_LOAD_REASON, + ImplicitPathOptions: ULONG, + ReferenceCount: ULONG, + DependentLoadFlags: ULONG, + SigningLevel: UCHAR, +}} +BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY_u2 Flags: ULONG [ + PackagedBinary set_PackagedBinary[0..1], + MarkedForRemoval set_MarkedForRemoval[1..2], + ImageDll set_ImageDll[2..3], + LoadNotificationsSent set_LoadNotificationsSent[3..4], + TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5], + ProcessStaticImport set_ProcessStaticImport[5..6], + InLegacyLists set_InLegacyLists[6..7], + InIndexes set_InIndexes[7..8], + ShimDll set_ShimDll[8..9], + InExceptionTable set_InExceptionTable[9..10], + ReservedFlags1 set_ReservedFlags1[10..12], + LoadInProgress set_LoadInProgress[12..13], + LoadConfigProcessed set_LoadConfigProcessed[13..14], + EntryProcessed set_EntryProcessed[14..15], + ProtectDelayLoad set_ProtectDelayLoad[15..16], + ReservedFlags3 set_ReservedFlags3[16..18], + DontCallForThreads set_DontCallForThreads[18..19], + ProcessAttachCalled set_ProcessAttachCalled[19..20], + ProcessAttachFailed set_ProcessAttachFailed[20..21], + CorDeferredValidate set_CorDeferredValidate[21..22], + CorImage set_CorImage[22..23], + DontRelocate set_DontRelocate[23..24], + CorILOnly set_CorILOnly[24..25], + ReservedFlags5 set_ReservedFlags5[25..28], + Redirected set_Redirected[28..29], + ReservedFlags6 set_ReservedFlags6[29..31], + CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32], +]} +pub type PLDR_DATA_TABLE_ENTRY = *mut LDR_DATA_TABLE_ENTRY; +#[inline] +pub const fn LDR_IS_DATAFILE(DllHandle: ULONG_PTR) -> bool { + DllHandle & 1 != 0 +} +#[inline] +pub const fn LDR_IS_IMAGEMAPPING(DllHandle: ULONG_PTR) -> bool { + DllHandle & 2 != 0 +} +#[inline] +pub const fn LDR_IS_RESOURCE(DllHandle: ULONG_PTR) -> bool { + (LDR_IS_IMAGEMAPPING(DllHandle) | LDR_IS_DATAFILE(DllHandle)) as u8 != 0 //fixme +} +EXTERN!{extern "system" { + fn LdrLoadDll( + DllPath: PWSTR, + DllCharacteristics: PULONG, + DllName: PUNICODE_STRING, + DllHandle: *mut PVOID, + ) -> NTSTATUS; + fn LdrUnloadDll( + DllHandle: PVOID, + ) -> NTSTATUS; + fn LdrGetDllHandle( + DllPath: PWSTR, + DllCharacteristics: PULONG, + DllName: PUNICODE_STRING, + DllHandle: *mut PVOID, + ) -> NTSTATUS; +}} +pub const LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT: ULONG = 0x00000001; +pub const LDR_GET_DLL_HANDLE_EX_PIN: ULONG = 0x00000002; +EXTERN!{extern "system" { + fn LdrGetDllHandleEx( + Flags: ULONG, + DllPath: PWSTR, + DllCharacteristics: PULONG, + DllName: PUNICODE_STRING, + DllHandle: *mut PVOID, + ) -> NTSTATUS; + fn LdrGetDllHandleByMapping( + BaseAddress: PVOID, + DllHandle: *mut PVOID, + ) -> NTSTATUS; + fn LdrGetDllHandleByName( + BaseDllName: PUNICODE_STRING, + FullDllName: PUNICODE_STRING, + DllHandle: *mut PVOID, + ) -> NTSTATUS; + fn LdrGetDllFullName( + DllHandle: PVOID, + FullDllName: PUNICODE_STRING, + ) -> NTSTATUS; + fn LdrGetDllDirectory( + DllDirectory: PUNICODE_STRING, + ) -> NTSTATUS; + fn LdrSetDllDirectory( + DllDirectory: PUNICODE_STRING, + ) -> NTSTATUS; +}} +pub const LDR_ADDREF_DLL_PIN: ULONG = 0x00000001; +EXTERN!{extern "system" { + fn LdrAddRefDll( + Flags: ULONG, + DllHandle: PVOID, + ) -> NTSTATUS; + fn LdrGetProcedureAddress( + DllHandle: PVOID, + ProcedureName: PANSI_STRING, + ProcedureNumber: ULONG, + ProcedureAddress: *mut PVOID, + ) -> NTSTATUS; +}} +pub const LDR_GET_PROCEDURE_ADDRESS_DONT_RECORD_FORWARDER: ULONG = 0x00000001; +EXTERN!{extern "system" { + fn LdrGetProcedureAddressEx( + DllHandle: PVOID, + ProcedureName: PANSI_STRING, + ProcedureNumber: ULONG, + ProcedureAddress: *mut PVOID, + Flags: ULONG, + ) -> NTSTATUS; + fn LdrGetKnownDllSectionHandle( + DllName: PCWSTR, + KnownDlls32: BOOLEAN, + Section: PHANDLE, + ) -> NTSTATUS; + fn LdrGetProcedureAddressForCaller( + DllHandle: PVOID, + ProcedureName: PANSI_STRING, + ProcedureNumber: ULONG, + ProcedureAddress: *mut PVOID, + Flags: ULONG, + Callback: *mut PVOID, + ) -> NTSTATUS; +}} +pub const LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001; +pub const LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY: ULONG = 0x00000002; +pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID: ULONG = 0; +pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED: ULONG = 1; +pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED: ULONG = 2; +EXTERN!{extern "system" { + fn LdrLockLoaderLock( + Flags: ULONG, + Disposition: *mut ULONG, + Cookie: *mut PVOID, + ) -> NTSTATUS; +}} +pub const LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001; +EXTERN!{extern "system" { + fn LdrUnlockLoaderLock( + Flags: ULONG, + Cookie: PVOID, + ) -> NTSTATUS; + fn LdrRelocateImage( + NewBase: PVOID, + LoaderName: PSTR, + Success: NTSTATUS, + Conflict: NTSTATUS, + Invalid: NTSTATUS, + ) -> NTSTATUS; + fn LdrRelocateImageWithBias( + NewBase: PVOID, + Bias: LONGLONG, + LoaderName: PSTR, + Success: NTSTATUS, + Conflict: NTSTATUS, + Invalid: NTSTATUS, + ) -> NTSTATUS; + fn LdrProcessRelocationBlock( + VA: ULONG_PTR, + SizeOfBlock: ULONG, + NextOffset: PUSHORT, + Diff: LONG_PTR, + ) -> PIMAGE_BASE_RELOCATION; + fn LdrVerifyMappedImageMatchesChecksum( + BaseAddress: PVOID, + NumberOfBytes: SIZE_T, + FileLength: ULONG, + ) -> BOOLEAN; +}} +FN!{stdcall PLDR_IMPORT_MODULE_CALLBACK( + Parameter: PVOID, + ModuleName: PSTR, +) -> ()} +EXTERN!{extern "system" { + fn LdrVerifyImageMatchesChecksum( + ImageFileHandle: HANDLE, + ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK, + ImportCallbackParameter: PVOID, + ImageCharacteristics: PUSHORT, + ) -> NTSTATUS; +}} +STRUCT!{struct LDR_IMPORT_CALLBACK_INFO { + ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK, + ImportCallbackParameter: PVOID, +}} +pub type PLDR_IMPORT_CALLBACK_INFO = *mut LDR_IMPORT_CALLBACK_INFO; +STRUCT!{struct LDR_SECTION_INFO { + SectionHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjA: POBJECT_ATTRIBUTES, + SectionPageProtection: ULONG, + AllocationAttributes: ULONG, +}} +pub type PLDR_SECTION_INFO = *mut LDR_SECTION_INFO; +STRUCT!{struct LDR_VERIFY_IMAGE_INFO { + Size: ULONG, + Flags: ULONG, + CallbackInfo: LDR_IMPORT_CALLBACK_INFO, + SectionInfo: LDR_SECTION_INFO, + ImageCharacteristics: USHORT, +}} +pub type PLDR_VERIFY_IMAGE_INFO = *mut LDR_VERIFY_IMAGE_INFO; +EXTERN!{extern "system" { + fn LdrVerifyImageMatchesChecksumEx( + ImageFileHandle: HANDLE, + VerifyInfo: PLDR_VERIFY_IMAGE_INFO, + ) -> NTSTATUS; + fn LdrQueryModuleServiceTags( + DllHandle: PVOID, + ServiceTagBuffer: PULONG, + BufferSize: PULONG, + ) -> NTSTATUS; +}} +pub const LDR_DLL_NOTIFICATION_REASON_LOADED: ULONG = 1; +pub const LDR_DLL_NOTIFICATION_REASON_UNLOADED: ULONG = 2; +STRUCT!{struct LDR_DLL_LOADED_NOTIFICATION_DATA { + Flags: ULONG, + FullDllName: PUNICODE_STRING, + BaseDllName: PUNICODE_STRING, + DllBase: PVOID, + SizeOfImage: ULONG, +}} +pub type PLDR_DLL_LOADED_NOTIFICATION_DATA = *mut LDR_DLL_LOADED_NOTIFICATION_DATA; +STRUCT!{struct LDR_DLL_UNLOADED_NOTIFICATION_DATA { + Flags: ULONG, + FullDllName: PCUNICODE_STRING, + BaseDllName: PCUNICODE_STRING, + DllBase: PVOID, + SizeOfImage: ULONG, +}} +pub type PLDR_DLL_UNLOADED_NOTIFICATION_DATA = *mut LDR_DLL_UNLOADED_NOTIFICATION_DATA; +UNION!{union LDR_DLL_NOTIFICATION_DATA { + Loaded: LDR_DLL_LOADED_NOTIFICATION_DATA, + Unloaded: LDR_DLL_UNLOADED_NOTIFICATION_DATA, +}} +pub type PLDR_DLL_NOTIFICATION_DATA = *mut LDR_DLL_NOTIFICATION_DATA; +FN!{stdcall PLDR_DLL_NOTIFICATION_FUNCTION( + NotificationReason: ULONG, + NotificationData: PLDR_DLL_NOTIFICATION_DATA, + Context: PVOID, +) -> ()} +EXTERN!{extern "system" { + fn LdrRegisterDllNotification( + Flags: ULONG, + NotificationFunction: PLDR_DLL_NOTIFICATION_FUNCTION, + Context: PVOID, + Cookie: *mut PVOID, + ) -> NTSTATUS; + fn LdrUnregisterDllNotification( + Cookie: PVOID, + ) -> NTSTATUS; +}} +STRUCT!{struct PS_MITIGATION_OPTIONS_MAP { + Map: [ULONG_PTR; 2], +}} +pub type PPS_MITIGATION_OPTIONS_MAP = *mut PS_MITIGATION_OPTIONS_MAP; +STRUCT!{struct PS_MITIGATION_AUDIT_OPTIONS_MAP { + Map: [ULONG_PTR; 2], +}} +pub type PPS_MITIGATION_AUDIT_OPTIONS_MAP = *mut PS_MITIGATION_AUDIT_OPTIONS_MAP; +STRUCT!{struct PS_SYSTEM_DLL_INIT_BLOCK { + Size: ULONG, + SystemDllWowRelocation: ULONG_PTR, + SystemDllNativeRelocation: ULONG_PTR, + Wow64SharedInformation: [ULONG_PTR; 16], + RngData: ULONG, + Flags: ULONG, + MitigationOptionsMap: PS_MITIGATION_OPTIONS_MAP, + CfgBitMap: ULONG_PTR, + CfgBitMapSize: ULONG_PTR, + Wow64CfgBitMap: ULONG_PTR, + Wow64CfgBitMapSize: ULONG_PTR, + MitigationAuditOptionsMap: PS_MITIGATION_AUDIT_OPTIONS_MAP, +}} +BITFIELD!{PS_SYSTEM_DLL_INIT_BLOCK Flags: ULONG [ + CfgOverride set_CfgOverride[0..1], + Reserved set_Reserved[1..32], +]} +pub type PPS_SYSTEM_DLL_INIT_BLOCK = *mut PS_SYSTEM_DLL_INIT_BLOCK; +EXTERN!{extern "system" { + fn LdrSystemDllInitBlock() -> PPS_SYSTEM_DLL_INIT_BLOCK; + fn LdrAddLoadAsDataTable( + Module: PVOID, + FilePath: PWSTR, + Size: SIZE_T, + Handle: HANDLE, + ) -> NTSTATUS; + fn LdrRemoveLoadAsDataTable( + InitModule: PVOID, + BaseModule: *mut PVOID, + Size: PSIZE_T, + Flags: ULONG, + ) -> NTSTATUS; + fn LdrGetFileNameFromLoadAsDataTable( + Module: PVOID, + pFileNamePrt: *mut PVOID, + ) -> NTSTATUS; + fn LdrDisableThreadCalloutsForDll( + DllImageBase: PVOID, + ) -> NTSTATUS; + fn LdrAccessResource( + DllHandle: PVOID, + ResourceDataEntry: PIMAGE_RESOURCE_DATA_ENTRY, + ResourceBuffer: *mut PVOID, + ResourceLength: *mut ULONG, + ) -> NTSTATUS; +}} +STRUCT!{struct LDR_RESOURCE_INFO { + Type: ULONG_PTR, + Name: ULONG_PTR, + Language: ULONG_PTR, +}} +pub type PLDR_RESOURCE_INFO = *mut LDR_RESOURCE_INFO; +pub const RESOURCE_TYPE_LEVEL: ULONG = 0; +pub const RESOURCE_NAME_LEVEL: ULONG = 1; +pub const RESOURCE_LANGUAGE_LEVEL: ULONG = 2; +pub const RESOURCE_DATA_LEVEL: ULONG = 3; +EXTERN!{extern "system" { + fn LdrFindResource_U( + DllHandle: PVOID, + ResourceInfo: PLDR_RESOURCE_INFO, + Level: ULONG, + ResourceDataEntry: *mut PIMAGE_RESOURCE_DATA_ENTRY, + ) -> NTSTATUS; + fn LdrFindResourceDirectory_U( + DllHandle: PVOID, + ResourceInfo: PLDR_RESOURCE_INFO, + Level: ULONG, + ResourceDirectory: *mut PIMAGE_RESOURCE_DIRECTORY, + ) -> NTSTATUS; +}} +STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY_Path_s { + Id: USHORT, + NameIsPresent: USHORT, +}} +UNION!{union LDR_ENUM_RESOURCE_ENTRY_Path { + NameOrId: ULONG_PTR, + Name: PIMAGE_RESOURCE_DIRECTORY_STRING, + s: LDR_ENUM_RESOURCE_ENTRY_Path_s, +}} +STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY { + Path: [LDR_ENUM_RESOURCE_ENTRY_Path; 3], + Data: PVOID, + Size: ULONG, + Reserved: ULONG, +}} +pub type PLDR_ENUM_RESOURCE_ENTRY = *mut LDR_ENUM_RESOURCE_ENTRY; +#[inline] +pub unsafe fn NAME_FROM_RESOURCE_ENTRY( + RootDirectory: PIMAGE_RESOURCE_DIRECTORY, + Entry: &IMAGE_RESOURCE_DIRECTORY_ENTRY, +) -> usize { + if Entry.u.s().NameIsString() != 0 { + return RootDirectory as usize + Entry.u.s().NameOffset() as usize; + } + *Entry.u.Id() as usize +} +EXTERN!{extern "system" { + fn LdrEnumResources( + DllHandle: PVOID, + ResourceInfo: PLDR_RESOURCE_INFO, + Level: ULONG, + ResourceCount: *mut ULONG, + Resources: PLDR_ENUM_RESOURCE_ENTRY, + ) -> NTSTATUS; + fn LdrFindEntryForAddress( + DllHandle: PVOID, + Entry: *mut PLDR_DATA_TABLE_ENTRY, + ) -> NTSTATUS; +}} +STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION { + Section: HANDLE, + MappedBase: PVOID, + ImageBase: PVOID, + ImageSize: ULONG, + Flags: ULONG, + LoadOrderIndex: USHORT, + InitOrderIndex: USHORT, + LoadCount: USHORT, + OffsetToFileName: USHORT, + FullPathName: [UCHAR; 256], +}} +pub type PRTL_PROCESS_MODULE_INFORMATION = *mut RTL_PROCESS_MODULE_INFORMATION; +STRUCT!{struct RTL_PROCESS_MODULES { + NumberOfModules: ULONG, + Modules: [RTL_PROCESS_MODULE_INFORMATION; 1], +}} +pub type PRTL_PROCESS_MODULES = *mut RTL_PROCESS_MODULES; +STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION_EX { + NextOffset: USHORT, + BaseInfo: RTL_PROCESS_MODULE_INFORMATION, + ImageChecksum: ULONG, + TimeDateStamp: ULONG, + DefaultBase: PVOID, +}} +pub type PRTL_PROCESS_MODULE_INFORMATION_EX = *mut RTL_PROCESS_MODULE_INFORMATION_EX; +EXTERN!{extern "system" { + fn LdrQueryProcessModuleInformation( + ModuleInformation: PRTL_PROCESS_MODULES, + Size: ULONG, + ReturnedSize: PULONG, + ) -> NTSTATUS; +}} +FN!{stdcall PLDR_ENUM_CALLBACK( + ModuleInformation: PLDR_DATA_TABLE_ENTRY, + Parameter: PVOID, + Stop: *mut BOOLEAN, +) -> ()} +EXTERN!{extern "system" { + fn LdrEnumerateLoadedModules( + ReservedFlag: BOOLEAN, + EnumProc: PLDR_ENUM_CALLBACK, + Context: PVOID, + ) -> NTSTATUS; + fn LdrOpenImageFileOptionsKey( + SubKey: PUNICODE_STRING, + Wow64: BOOLEAN, + NewKeyHandle: PHANDLE, + ) -> NTSTATUS; + fn LdrQueryImageFileKeyOption( + KeyHandle: HANDLE, + ValueName: PCWSTR, + Type: ULONG, + Buffer: PVOID, + BufferSize: ULONG, + ReturnedLength: PULONG, + ) -> NTSTATUS; + fn LdrQueryImageFileExecutionOptions( + SubKey: PUNICODE_STRING, + ValueName: PCWSTR, + ValueSize: ULONG, + Buffer: PVOID, + BufferSize: ULONG, + ReturnedLength: PULONG, + ) -> NTSTATUS; + fn LdrQueryImageFileExecutionOptionsEx( + SubKey: PUNICODE_STRING, + ValueName: PCWSTR, + Type: ULONG, + Buffer: PVOID, + BufferSize: ULONG, + ReturnedLength: PULONG, + Wow64: BOOLEAN, + ) -> NTSTATUS; +}} +UNION!{union DELAYLOAD_PROC_DESCRIPTOR_Description { + Name: PCSTR, + Ordinal: ULONG, +}} +STRUCT!{struct DELAYLOAD_PROC_DESCRIPTOR { + ImportDescribedByName: ULONG, + Description: DELAYLOAD_PROC_DESCRIPTOR_Description, +}} +pub type PDELAYLOAD_PROC_DESCRIPTOR = *mut DELAYLOAD_PROC_DESCRIPTOR; +STRUCT!{struct DELAYLOAD_INFO { + Size: ULONG, + DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR, + ThunkAddress: PIMAGE_THUNK_DATA, + TargetDllName: PCSTR, + TargetApiDescriptor: DELAYLOAD_PROC_DESCRIPTOR, + TargetModuleBase: PVOID, + Unused: PVOID, + LastError: ULONG, +}} +pub type PDELAYLOAD_INFO = *mut DELAYLOAD_INFO; +FN!{stdcall PDELAYLOAD_FAILURE_DLL_CALLBACK( + NotificationReason: ULONG, + DelayloadInfo: PDELAYLOAD_INFO, +) -> PVOID} +FN!{stdcall PDELAYLOAD_FAILURE_SYSTEM_ROUTINE( + DllName: PCSTR, + ProcName: PCSTR, +) -> PVOID} +EXTERN!{extern "system" { + fn LdrResolveDelayLoadedAPI( + ParentModuleBase: PVOID, + DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR, + FailureDllHook: PDELAYLOAD_FAILURE_DLL_CALLBACK, + FailureSystemHook: PDELAYLOAD_FAILURE_SYSTEM_ROUTINE, + ThunkAddress: PIMAGE_THUNK_DATA, + Flags: ULONG, + ) -> PVOID; + fn LdrResolveDelayLoadsFromDll( + ParentBase: PVOID, + TargetDllName: PCSTR, + Flags: ULONG, + ) -> NTSTATUS; + fn LdrSetDefaultDllDirectories( + DirectoryFlags: ULONG, + ) -> NTSTATUS; + fn LdrShutdownProcess() -> NTSTATUS; + fn LdrShutdownThread() -> NTSTATUS; + fn LdrSetImplicitPathOptions( + ImplicitPathOptions: ULONG, + ) -> NTSTATUS; + fn LdrControlFlowGuardEnforced() -> BOOLEAN; +}} diff --git a/vendor/ntapi/src/ntlpcapi.rs b/vendor/ntapi/src/ntlpcapi.rs new file mode 100644 index 000000000..012c9056f --- /dev/null +++ b/vendor/ntapi/src/ntlpcapi.rs @@ -0,0 +1,692 @@ +use core::mem::size_of; +use crate::ntapi_base::{CLIENT_ID, CLIENT_ID64}; +use winapi::ctypes::c_double; +use winapi::shared::basetsd::{PSIZE_T, SIZE_T, ULONG64, ULONG_PTR}; +use winapi::shared::ntdef::{ + BOOLEAN, CSHORT, HANDLE, LARGE_INTEGER, NTSTATUS, OBJ_CASE_INSENSITIVE, PHANDLE, + PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, ULONG, ULONGLONG, + UNICODE_STRING, +}; +use winapi::um::winnt::{ + ACCESS_MASK, PSECURITY_DESCRIPTOR, PSECURITY_QUALITY_OF_SERVICE, PSID, RTL_SRWLOCK, + SECURITY_QUALITY_OF_SERVICE, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, +}; +pub const PORT_CONNECT: u32 = 0x0001; +pub const PORT_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1; +STRUCT!{struct PORT_MESSAGE_u1_s { + DataLength: CSHORT, + TotalLength: CSHORT, +}} +STRUCT!{struct PORT_MESSAGE_u2_s { + Type: CSHORT, + DataInfoOffset: CSHORT, +}} +UNION!{union PORT_MESSAGE_u1 { + s: PORT_MESSAGE_u1_s, + Length: ULONG, +}} +UNION!{union PORT_MESSAGE_u2 { + s: PORT_MESSAGE_u2_s, + ZeroInit: ULONG, +}} +UNION!{union PORT_MESSAGE_u3 { + ClientId: CLIENT_ID, + DoNotUseThisField: c_double, +}} +UNION!{union PORT_MESSAGE_u4 { + ClientViewSize: SIZE_T, + CallbackId: ULONG, +}} +STRUCT!{struct PORT_MESSAGE { + u1: PORT_MESSAGE_u1, + u2: PORT_MESSAGE_u2, + u3: PORT_MESSAGE_u3, + MessageId: ULONG, + u4: PORT_MESSAGE_u4, +}} +pub type PPORT_MESSAGE = *mut PORT_MESSAGE; +STRUCT!{struct PORT_DATA_ENTRY { + Base: PVOID, + Size: ULONG, +}} +pub type PPORT_DATA_ENTRY = *mut PORT_DATA_ENTRY; +STRUCT!{struct PORT_DATA_INFORMATION { + CountDataEntries: ULONG, + DataEntries: [PORT_DATA_ENTRY; 1], +}} +pub type PPORT_DATA_INFORMATION = *mut PORT_DATA_INFORMATION; +pub const LPC_REQUEST: ULONG = 1; +pub const LPC_REPLY: ULONG = 2; +pub const LPC_DATAGRAM: ULONG = 3; +pub const LPC_LOST_REPLY: ULONG = 4; +pub const LPC_PORT_CLOSED: ULONG = 5; +pub const LPC_CLIENT_DIED: ULONG = 6; +pub const LPC_EXCEPTION: ULONG = 7; +pub const LPC_DEBUG_EVENT: ULONG = 8; +pub const LPC_ERROR_EVENT: ULONG = 9; +pub const LPC_CONNECTION_REQUEST: ULONG = 10; +pub const LPC_KERNELMODE_MESSAGE: CSHORT = 0x8000; +pub const LPC_NO_IMPERSONATE: CSHORT = 0x4000; +pub const PORT_VALID_OBJECT_ATTRIBUTES: u32 = OBJ_CASE_INSENSITIVE; +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +pub const PORT_MAXIMUM_MESSAGE_LENGTH: u32 = 512; +#[cfg(target_arch = "x86")] +pub const PORT_MAXIMUM_MESSAGE_LENGTH: u32 = 256; +pub const LPC_MAX_CONNECTION_INFO_SIZE: u32 = 16 * size_of::<ULONG_PTR>() as u32; +pub const PORT_TOTAL_MAXIMUM_MESSAGE_LENGTH: u32 = (PORT_MAXIMUM_MESSAGE_LENGTH + + size_of::<PORT_MESSAGE>() as u32 + + LPC_MAX_CONNECTION_INFO_SIZE + + 0xf) & !0xf; +STRUCT!{struct LPC_CLIENT_DIED_MSG { + PortMsg: PORT_MESSAGE, + CreateTime: LARGE_INTEGER, +}} +pub type PLPC_CLIENT_DIED_MSG = *mut LPC_CLIENT_DIED_MSG; +STRUCT!{struct PORT_VIEW { + Length: ULONG, + SectionHandle: HANDLE, + SectionOffset: ULONG, + ViewSize: SIZE_T, + ViewBase: PVOID, + ViewRemoteBase: PVOID, +}} +pub type PPORT_VIEW = *mut PORT_VIEW; +STRUCT!{struct REMOTE_PORT_VIEW { + Length: ULONG, + ViewSize: SIZE_T, + ViewBase: PVOID, +}} +pub type PREMOTE_PORT_VIEW = *mut REMOTE_PORT_VIEW; +STRUCT!{struct PORT_MESSAGE64_u1_s { + DataLength: CSHORT, + TotalLength: CSHORT, +}} +STRUCT!{struct PORT_MESSAGE64_u2_s { + Type: CSHORT, + DataInfoOffset: CSHORT, +}} +UNION!{union PORT_MESSAGE64_u1 { + s: PORT_MESSAGE64_u1_s, + Length: ULONG, +}} +UNION!{union PORT_MESSAGE64_u2 { + s: PORT_MESSAGE64_u2_s, + ZeroInit: ULONG, +}} +UNION!{union PORT_MESSAGE64_u3 { + ClientId: CLIENT_ID64, + DoNotUseThisField: c_double, +}} +UNION!{union PORT_MESSAGE64_u4 { + ClientViewSize: ULONGLONG, + CallbackId: ULONG, +}} +STRUCT!{struct PORT_MESSAGE64 { + u1: PORT_MESSAGE64_u1, + u2: PORT_MESSAGE64_u2, + u3: PORT_MESSAGE64_u3, + MessageId: ULONG, + u4: PORT_MESSAGE64_u4, +}} +pub type PPORT_MESSAGE64 = *mut PORT_MESSAGE64; +STRUCT!{struct LPC_CLIENT_DIED_MSG64 { + PortMsg: PORT_MESSAGE64, + CreateTime: LARGE_INTEGER, +}} +pub type PLPC_CLIENT_DIED_MSG64 = *mut LPC_CLIENT_DIED_MSG64; +STRUCT!{struct PORT_VIEW64 { + Length: ULONG, + SectionHandle: ULONGLONG, + SectionOffset: ULONG, + ViewSize: ULONGLONG, + ViewBase: ULONGLONG, + ViewRemoteBase: ULONGLONG, +}} +pub type PPORT_VIEW64 = *mut PORT_VIEW64; +STRUCT!{struct REMOTE_PORT_VIEW64 { + Length: ULONG, + ViewSize: ULONGLONG, + ViewBase: ULONGLONG, +}} +pub type PREMOTE_PORT_VIEW64 = *mut REMOTE_PORT_VIEW64; +EXTERN!{extern "system" { + fn NtCreatePort( + PortHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaxConnectionInfoLength: ULONG, + MaxMessageLength: ULONG, + MaxPoolUsage: ULONG, + ) -> NTSTATUS; + fn NtCreateWaitablePort( + PortHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaxConnectionInfoLength: ULONG, + MaxMessageLength: ULONG, + MaxPoolUsage: ULONG, + ) -> NTSTATUS; + fn NtConnectPort( + PortHandle: PHANDLE, + PortName: PUNICODE_STRING, + SecurityQos: PSECURITY_QUALITY_OF_SERVICE, + ClientView: PPORT_VIEW, + ServerView: PREMOTE_PORT_VIEW, + MaxMessageLength: PULONG, + ConnectionInformation: PVOID, + ConnectionInformationLength: PULONG, + ) -> NTSTATUS; + fn NtSecureConnectPort( + PortHandle: PHANDLE, + PortName: PUNICODE_STRING, + SecurityQos: PSECURITY_QUALITY_OF_SERVICE, + ClientView: PPORT_VIEW, + RequiredServerSid: PSID, + ServerView: PREMOTE_PORT_VIEW, + MaxMessageLength: PULONG, + ConnectionInformation: PVOID, + ConnectionInformationLength: PULONG, + ) -> NTSTATUS; + fn NtListenPort( + PortHandle: HANDLE, + ConnectionRequest: PPORT_MESSAGE, + ) -> NTSTATUS; + fn NtAcceptConnectPort( + PortHandle: PHANDLE, + PortContext: PVOID, + ConnectionRequest: PPORT_MESSAGE, + AcceptConnection: BOOLEAN, + ServerView: PPORT_VIEW, + ClientView: PREMOTE_PORT_VIEW, + ) -> NTSTATUS; + fn NtCompleteConnectPort( + PortHandle: HANDLE, + ) -> NTSTATUS; + fn NtRequestPort( + PortHandle: HANDLE, + RequestMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + fn NtRequestWaitReplyPort( + PortHandle: HANDLE, + RequestMessage: PPORT_MESSAGE, + ReplyMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + fn NtReplyPort( + PortHandle: HANDLE, + ReplyMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + fn NtReplyWaitReplyPort( + PortHandle: HANDLE, + ReplyMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + fn NtReplyWaitReceivePort( + PortHandle: HANDLE, + PortContext: *mut PVOID, + ReplyMessage: PPORT_MESSAGE, + ReceiveMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + fn NtReplyWaitReceivePortEx( + PortHandle: HANDLE, + PortContext: *mut PVOID, + ReplyMessage: PPORT_MESSAGE, + ReceiveMessage: PPORT_MESSAGE, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtImpersonateClientOfPort( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + ) -> NTSTATUS; + fn NtReadRequestData( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + DataEntryIndex: ULONG, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesRead: PSIZE_T, + ) -> NTSTATUS; + fn NtWriteRequestData( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + DataEntryIndex: ULONG, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesWritten: PSIZE_T, + ) -> NTSTATUS; +}} +ENUM!{enum PORT_INFORMATION_CLASS { + PortBasicInformation = 0, + PortDumpInformation = 1, +}} +EXTERN!{extern "system" { + fn NtQueryInformationPort( + PortHandle: HANDLE, + PortInformationClass: PORT_INFORMATION_CLASS, + PortInformation: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; +}} +pub type PALPC_HANDLE = *mut HANDLE; +pub type ALPC_HANDLE = HANDLE; +pub const ALPC_PORFLG_ALLOW_LPC_REQUESTS: ULONG = 0x20000; +pub const ALPC_PORFLG_WAITABLE_PORT: ULONG = 0x40000; +pub const ALPC_PORFLG_SYSTEM_PROCESS: ULONG = 0x100000; +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +STRUCT!{struct ALPC_PORT_ATTRIBUTES { + Flags: ULONG, + SecurityQos: SECURITY_QUALITY_OF_SERVICE, + MaxMessageLength: SIZE_T, + MemoryBandwidth: SIZE_T, + MaxPoolUsage: SIZE_T, + MaxSectionSize: SIZE_T, + MaxViewSize: SIZE_T, + MaxTotalSectionSize: SIZE_T, + DupObjectTypes: ULONG, + Reserved: ULONG, +}} +#[cfg(target_arch = "x86")] +STRUCT!{struct ALPC_PORT_ATTRIBUTES { + Flags: ULONG, + SecurityQos: SECURITY_QUALITY_OF_SERVICE, + MaxMessageLength: SIZE_T, + MemoryBandwidth: SIZE_T, + MaxPoolUsage: SIZE_T, + MaxSectionSize: SIZE_T, + MaxViewSize: SIZE_T, + MaxTotalSectionSize: SIZE_T, + DupObjectTypes: ULONG, +}} +pub type PALPC_PORT_ATTRIBUTES = *mut ALPC_PORT_ATTRIBUTES; +pub const ALPC_MESSAGE_SECURITY_ATTRIBUTE: ULONG = 0x80000000; +pub const ALPC_MESSAGE_VIEW_ATTRIBUTE: ULONG = 0x40000000; +pub const ALPC_MESSAGE_CONTEXT_ATTRIBUTE: ULONG = 0x20000000; +pub const ALPC_MESSAGE_HANDLE_ATTRIBUTE: ULONG = 0x10000000; +STRUCT!{struct ALPC_MESSAGE_ATTRIBUTES { + AllocatedAttributes: ULONG, + ValidAttributes: ULONG, +}} +pub type PALPC_MESSAGE_ATTRIBUTES = *mut ALPC_MESSAGE_ATTRIBUTES; +STRUCT!{struct ALPC_COMPLETION_LIST_STATE { + Value: ULONG64, +}} +BITFIELD!{ALPC_COMPLETION_LIST_STATE Value: ULONG64 [ + Head set_Head[0..24], + Tail set_Tail[24..48], + ActiveThreadCount set_ActiveThreadCount[48..64], +]} +pub type PALPC_COMPLETION_LIST_STATE = *mut ALPC_COMPLETION_LIST_STATE; +pub const ALPC_COMPLETION_LIST_BUFFER_GRANULARITY_MASK: ULONG = 0x3f; +STRUCT!{#[repr(align(128))] struct ALPC_COMPLETION_LIST_HEADER { + StartMagic: ULONG64, + TotalSize: ULONG, + ListOffset: ULONG, + ListSize: ULONG, + BitmapOffset: ULONG, + BitmapSize: ULONG, + DataOffset: ULONG, + DataSize: ULONG, + AttributeFlags: ULONG, + AttributeSize: ULONG, + __padding0: [u64; 10], + State: ALPC_COMPLETION_LIST_STATE, + LastMessageId: ULONG, + LastCallbackId: ULONG, + __padding1: [u32; 28], + PostCount: ULONG, + __padding2: [u32; 31], + ReturnCount: ULONG, + __padding3: [u32; 31], + LogSequenceNumber: ULONG, + __padding4: [u64; 15], + UserLock: RTL_SRWLOCK, + EndMagic: ULONG64, + __padding5: [u64; 14], +}} +pub type PALPC_COMPLETION_LIST_HEADER = *mut ALPC_COMPLETION_LIST_HEADER; +STRUCT!{struct ALPC_CONTEXT_ATTR { + PortContext: PVOID, + MessageContext: PVOID, + Sequence: ULONG, + MessageId: ULONG, + CallbackId: ULONG, +}} +pub type PALPC_CONTEXT_ATTR = *mut ALPC_CONTEXT_ATTR; +pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ACCESS: ULONG = 0x10000; +pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ATTRIBUTES: ULONG = 0x20000; +pub const ALPC_HANDLEFLG_DUPLICATE_INHERIT: ULONG = 0x80000; +STRUCT!{struct ALPC_HANDLE_ATTR32 { + Flags: ULONG, + Reserved0: ULONG, + SameAccess: ULONG, + SameAttributes: ULONG, + Indirect: ULONG, + Inherit: ULONG, + Reserved1: ULONG, + Handle: ULONG, + ObjectType: ULONG, + DesiredAccess: ULONG, + GrantedAccess: ULONG, +}} +pub type PALPC_HANDLE_ATTR32 = *mut ALPC_HANDLE_ATTR32; +STRUCT!{struct ALPC_HANDLE_ATTR { + Flags: ULONG, + Reserved0: ULONG, + SameAccess: ULONG, + SameAttributes: ULONG, + Indirect: ULONG, + Inherit: ULONG, + Reserved1: ULONG, + Handle: HANDLE, + HandleAttrArray: PALPC_HANDLE_ATTR32, + ObjectType: ULONG, + HandleCount: ULONG, + DesiredAccess: ACCESS_MASK, + GrantedAccess: ACCESS_MASK, +}} +pub type PALPC_HANDLE_ATTR = *mut ALPC_HANDLE_ATTR; +pub const ALPC_SECFLG_CREATE_HANDLE: ULONG = 0x20000; +STRUCT!{struct ALPC_SECURITY_ATTR { + Flags: ULONG, + QoS: PSECURITY_QUALITY_OF_SERVICE, + ContextHandle: ALPC_HANDLE, +}} +pub type PALPC_SECURITY_ATTR = *mut ALPC_SECURITY_ATTR; +pub const ALPC_VIEWFLG_NOT_SECURE: ULONG = 0x40000; +STRUCT!{struct ALPC_DATA_VIEW_ATTR { + Flags: ULONG, + SectionHandle: ALPC_HANDLE, + ViewBase: PVOID, + ViewSize: SIZE_T, +}} +pub type PALPC_DATA_VIEW_ATTR = *mut ALPC_DATA_VIEW_ATTR; +ENUM!{enum ALPC_PORT_INFORMATION_CLASS { + AlpcBasicInformation = 0, + AlpcPortInformation = 1, + AlpcAssociateCompletionPortInformation = 2, + AlpcConnectedSIDInformation = 3, + AlpcServerInformation = 4, + AlpcMessageZoneInformation = 5, + AlpcRegisterCompletionListInformation = 6, + AlpcUnregisterCompletionListInformation = 7, + AlpcAdjustCompletionListConcurrencyCountInformation = 8, + AlpcRegisterCallbackInformation = 9, + AlpcCompletionListRundownInformation = 10, + AlpcWaitForPortReferences = 11, +}} +STRUCT!{struct ALPC_BASIC_INFORMATION { + Flags: ULONG, + SequenceNo: ULONG, + PortContext: PVOID, +}} +pub type PALPC_BASIC_INFORMATION = *mut ALPC_BASIC_INFORMATION; +STRUCT!{struct ALPC_PORT_ASSOCIATE_COMPLETION_PORT { + CompletionKey: PVOID, + CompletionPort: HANDLE, +}} +pub type PALPC_PORT_ASSOCIATE_COMPLETION_PORT = *mut ALPC_PORT_ASSOCIATE_COMPLETION_PORT; +STRUCT!{struct ALPC_SERVER_INFORMATION_Out { + ThreadBlocked: BOOLEAN, + ConnectedProcessId: HANDLE, + ConnectionPortName: UNICODE_STRING, +}} +UNION!{union ALPC_SERVER_INFORMATION { + ThreadHandle: HANDLE, + Out: ALPC_SERVER_INFORMATION_Out, +}} +pub type PALPC_SERVER_INFORMATION = *mut ALPC_SERVER_INFORMATION; +STRUCT!{struct ALPC_PORT_MESSAGE_ZONE_INFORMATION { + Buffer: PVOID, + Size: ULONG, +}} +pub type PALPC_PORT_MESSAGE_ZONE_INFORMATION = *mut ALPC_PORT_MESSAGE_ZONE_INFORMATION; +STRUCT!{struct ALPC_PORT_COMPLETION_LIST_INFORMATION { + Buffer: PVOID, + Size: ULONG, + ConcurrencyCount: ULONG, + AttributeFlags: ULONG, +}} +pub type PALPC_PORT_COMPLETION_LIST_INFORMATION = *mut ALPC_PORT_COMPLETION_LIST_INFORMATION; +ENUM!{enum ALPC_MESSAGE_INFORMATION_CLASS { + AlpcMessageSidInformation = 0, + AlpcMessageTokenModifiedIdInformation = 1, + AlpcMessageDirectStatusInformation = 2, + AlpcMessageHandleInformation = 3, + MaxAlpcMessageInfoClass = 4, +}} +pub type PALPC_MESSAGE_INFORMATION_CLASS = *mut ALPC_MESSAGE_INFORMATION_CLASS; +STRUCT!{struct ALPC_MESSAGE_HANDLE_INFORMATION { + Index: ULONG, + Flags: ULONG, + Handle: ULONG, + ObjectType: ULONG, + GrantedAccess: ACCESS_MASK, +}} +pub type PALPC_MESSAGE_HANDLE_INFORMATION = *mut ALPC_MESSAGE_HANDLE_INFORMATION; +EXTERN!{extern "system" { + fn NtAlpcCreatePort( + PortHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtAlpcDisconnectPort( + PortHandle: HANDLE, + Flags: ULONG, + ) -> NTSTATUS; + fn NtAlpcQueryInformation( + PortHandle: HANDLE, + PortInformationClass: ALPC_PORT_INFORMATION_CLASS, + PortInformation: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtAlpcSetInformation( + PortHandle: HANDLE, + PortInformationClass: ALPC_PORT_INFORMATION_CLASS, + PortInformation: PVOID, + Length: ULONG, + ) -> NTSTATUS; + fn NtAlpcCreatePortSection( + PortHandle: HANDLE, + Flags: ULONG, + SectionHandle: HANDLE, + SectionSize: SIZE_T, + AlpcSectionHandle: PALPC_HANDLE, + ActualSectionSize: PSIZE_T, + ) -> NTSTATUS; + fn NtAlpcDeletePortSection( + PortHandle: HANDLE, + Flags: ULONG, + SectionHandle: ALPC_HANDLE, + ) -> NTSTATUS; + fn NtAlpcCreateResourceReserve( + PortHandle: HANDLE, + Flags: ULONG, + MessageSize: SIZE_T, + ResourceId: PALPC_HANDLE, + ) -> NTSTATUS; + fn NtAlpcDeleteResourceReserve( + PortHandle: HANDLE, + Flags: ULONG, + ResourceId: ALPC_HANDLE, + ) -> NTSTATUS; + fn NtAlpcCreateSectionView( + PortHandle: HANDLE, + Flags: ULONG, + ViewAttributes: PALPC_DATA_VIEW_ATTR, + ) -> NTSTATUS; + fn NtAlpcDeleteSectionView( + PortHandle: HANDLE, + Flags: ULONG, + ViewBase: PVOID, + ) -> NTSTATUS; + fn NtAlpcCreateSecurityContext( + PortHandle: HANDLE, + Flags: ULONG, + SecurityAttribute: PALPC_SECURITY_ATTR, + ) -> NTSTATUS; + fn NtAlpcDeleteSecurityContext( + PortHandle: HANDLE, + Flags: ULONG, + ContextHandle: ALPC_HANDLE, + ) -> NTSTATUS; + fn NtAlpcRevokeSecurityContext( + PortHandle: HANDLE, + Flags: ULONG, + ContextHandle: ALPC_HANDLE, + ) -> NTSTATUS; + fn NtAlpcQueryInformationMessage( + PortHandle: HANDLE, + PortMessage: PPORT_MESSAGE, + MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS, + MessageInformation: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; +}} +pub const ALPC_MSGFLG_REPLY_MESSAGE: ULONG = 0x1; +pub const ALPC_MSGFLG_LPC_MODE: ULONG = 0x2; +pub const ALPC_MSGFLG_RELEASE_MESSAGE: ULONG = 0x10000; +pub const ALPC_MSGFLG_SYNC_REQUEST: ULONG = 0x20000; +pub const ALPC_MSGFLG_WAIT_USER_MODE: ULONG = 0x100000; +pub const ALPC_MSGFLG_WAIT_ALERTABLE: ULONG = 0x200000; +pub const ALPC_MSGFLG_WOW64_CALL: ULONG = 0x80000000; +EXTERN!{extern "system" { + fn NtAlpcConnectPort( + PortHandle: PHANDLE, + PortName: PUNICODE_STRING, + ObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + Flags: ULONG, + RequiredServerSid: PSID, + ConnectionMessage: PPORT_MESSAGE, + BufferLength: PULONG, + OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtAlpcConnectPortEx( + PortHandle: PHANDLE, + ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES, + ClientPortObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + Flags: ULONG, + ServerSecurityRequirements: PSECURITY_DESCRIPTOR, + ConnectionMessage: PPORT_MESSAGE, + BufferLength: PSIZE_T, + OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtAlpcAcceptConnectPort( + PortHandle: PHANDLE, + ConnectionPortHandle: HANDLE, + Flags: ULONG, + ObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + PortContext: PVOID, + ConnectionRequest: PPORT_MESSAGE, + ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + AcceptConnection: BOOLEAN, + ) -> NTSTATUS; + fn NtAlpcSendWaitReceivePort( + PortHandle: HANDLE, + Flags: ULONG, + SendMessageA: PPORT_MESSAGE, + SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + ReceiveMessage: PPORT_MESSAGE, + BufferLength: PSIZE_T, + ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; +}} +pub const ALPC_CANCELFLG_TRY_CANCEL: ULONG = 0x1; +pub const ALPC_CANCELFLG_NO_CONTEXT_CHECK: ULONG = 0x8; +pub const ALPC_CANCELFLGP_FLUSH: ULONG = 0x10000; +EXTERN!{extern "system" { + fn NtAlpcCancelMessage( + PortHandle: HANDLE, + Flags: ULONG, + MessageContext: PALPC_CONTEXT_ATTR, + ) -> NTSTATUS; + fn NtAlpcImpersonateClientOfPort( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + Flags: PVOID, + ) -> NTSTATUS; + fn NtAlpcImpersonateClientContainerOfPort( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + Flags: ULONG, + ) -> NTSTATUS; + fn NtAlpcOpenSenderProcess( + ProcessHandle: PHANDLE, + PortHandle: HANDLE, + PortMessage: PPORT_MESSAGE, + Flags: ULONG, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtAlpcOpenSenderThread( + ThreadHandle: PHANDLE, + PortHandle: HANDLE, + PortMessage: PPORT_MESSAGE, + Flags: ULONG, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn AlpcMaxAllowedMessageLength() -> ULONG; + fn AlpcGetHeaderSize( + Flags: ULONG, + ) -> ULONG; + fn AlpcInitializeMessageAttribute( + AttributeFlags: ULONG, + Buffer: PALPC_MESSAGE_ATTRIBUTES, + BufferSize: ULONG, + RequiredBufferSize: PULONG, + ) -> NTSTATUS; + fn AlpcGetMessageAttribute( + Buffer: PALPC_MESSAGE_ATTRIBUTES, + AttributeFlag: ULONG, + ) -> PVOID; + fn AlpcRegisterCompletionList( + PortHandle: HANDLE, + Buffer: PALPC_COMPLETION_LIST_HEADER, + Size: ULONG, + ConcurrencyCount: ULONG, + AttributeFlags: ULONG, + ) -> NTSTATUS; + fn AlpcUnregisterCompletionList( + PortHandle: HANDLE, + ) -> NTSTATUS; + fn AlpcRundownCompletionList( + PortHandle: HANDLE, + ) -> NTSTATUS; + fn AlpcAdjustCompletionListConcurrencyCount( + PortHandle: HANDLE, + ConcurrencyCount: ULONG, + ) -> NTSTATUS; + fn AlpcRegisterCompletionListWorkerThread( + CompletionList: PVOID, + ) -> BOOLEAN; + fn AlpcUnregisterCompletionListWorkerThread( + CompletionList: PVOID, + ) -> BOOLEAN; + fn AlpcGetCompletionListLastMessageInformation( + CompletionList: PVOID, + LastMessageId: PULONG, + LastCallbackId: PULONG, + ); + fn AlpcGetOutstandingCompletionListMessageCount( + CompletionList: PVOID, + ) -> ULONG; + fn AlpcGetMessageFromCompletionList( + CompletionList: PVOID, + MessageAttributes: *mut PALPC_MESSAGE_ATTRIBUTES, + ) -> PPORT_MESSAGE; + fn AlpcFreeCompletionListMessage( + CompletionList: PVOID, + Message: PPORT_MESSAGE, + ); + fn AlpcGetCompletionListMessageAttributes( + CompletionList: PVOID, + Message: PPORT_MESSAGE, + ) -> PALPC_MESSAGE_ATTRIBUTES; +}} diff --git a/vendor/ntapi/src/ntmisc.rs b/vendor/ntapi/src/ntmisc.rs new file mode 100644 index 000000000..7f579999e --- /dev/null +++ b/vendor/ntapi/src/ntmisc.rs @@ -0,0 +1,42 @@ +use winapi::shared::ntdef::{HANDLE, NTSTATUS, PULONG, PVOID, ULONG}; +use winapi::um::winnt::STANDARD_RIGHTS_ALL; +pub const FLT_PORT_CONNECT: u32 = 0x0001; +pub const FLT_PORT_ALL_ACCESS: u32 = FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL; +ENUM!{enum VDMSERVICECLASS { + VdmStartExecution = 0, + VdmQueueInterrupt = 1, + VdmDelayInterrupt = 2, + VdmInitialize = 3, + VdmFeatures = 4, + VdmSetInt21Handler = 5, + VdmQueryDir = 6, + VdmPrinterDirectIoOpen = 7, + VdmPrinterDirectIoClose = 8, + VdmPrinterInitialize = 9, + VdmSetLdtEntries = 10, + VdmSetProcessLdtInfo = 11, + VdmAdlibEmulation = 12, + VdmPMCliControl = 13, + VdmQueryVdmProcess = 14, +}} +pub type PVDMSERVICECLASS = *mut VDMSERVICECLASS; +EXTERN!{extern "system" { + fn NtVdmControl( + Service: VDMSERVICECLASS, + ServiceData: PVOID, + ) -> NTSTATUS; + fn NtTraceEvent( + TraceHandle: HANDLE, + Flags: ULONG, + FieldSize: ULONG, + Fields: PVOID, + ) -> NTSTATUS; + fn NtTraceControl( + FunctionCode: ULONG, + InBuffer: PVOID, + InBufferLen: ULONG, + OutBuffer: PVOID, + OutBufferLen: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/ntmmapi.rs b/vendor/ntapi/src/ntmmapi.rs new file mode 100644 index 000000000..7cae677aa --- /dev/null +++ b/vendor/ntapi/src/ntmmapi.rs @@ -0,0 +1,630 @@ +use crate::winapi_local::um::winnt::PMEM_EXTENDED_PARAMETER; +use winapi::shared::basetsd::{PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR}; +use winapi::shared::ntdef::{ + BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, + PUNICODE_STRING, PVOID, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, +}; +use winapi::um::winnt::{ + ACCESS_MASK, PCFG_CALL_TARGET_INFO, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, +}; +ENUM!{enum MEMORY_INFORMATION_CLASS { + MemoryBasicInformation = 0, + MemoryWorkingSetInformation = 1, + MemoryMappedFilenameInformation = 2, + MemoryRegionInformation = 3, + MemoryWorkingSetExInformation = 4, + MemorySharedCommitInformation = 5, + MemoryImageInformation = 6, + MemoryRegionInformationEx = 7, + MemoryPrivilegedBasicInformation = 8, + MemoryEnclaveImageInformation = 9, + MemoryBasicInformationCapped = 10, +}} +STRUCT!{struct MEMORY_WORKING_SET_BLOCK { + Bitfields: ULONG_PTR, +}} +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [ + Protection set_Protection[0..5], + ShareCount set_ShareCount[5..8], + Shared set_Shared[8..9], + Node set_Node[9..12], + VirtualPage set_VirtualPage[12..64], +]} +#[cfg(target_arch = "x86")] +BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [ + Protection set_Protection[0..5], + ShareCount set_ShareCount[5..8], + Shared set_Shared[8..9], + Node set_Node[9..12], + VirtualPage set_VirtualPage[12..32], +]} +pub type PMEMORY_WORKING_SET_BLOCK = *mut MEMORY_WORKING_SET_BLOCK; +STRUCT!{struct MEMORY_WORKING_SET_INFORMATION { + NumberOfEntries: ULONG_PTR, + WorkingSetInfo: [MEMORY_WORKING_SET_BLOCK; 1], +}} +pub type PMEMORY_WORKING_SET_INFORMATION = *mut MEMORY_WORKING_SET_INFORMATION; +STRUCT!{struct MEMORY_REGION_INFORMATION { + AllocationBase: PVOID, + AllocationProtect: ULONG, + RegionType: ULONG, + RegionSize: SIZE_T, + CommitSize: SIZE_T, +}} +BITFIELD!{MEMORY_REGION_INFORMATION RegionType: ULONG [ + Private set_Private[0..1], + MappedDataFile set_MappedDataFile[1..2], + MappedImage set_MappedImage[2..3], + MappedPageFile set_MappedPageFile[3..4], + MappedPhysical set_MappedPhysical[4..5], + DirectMapped set_DirectMapped[5..6], + SoftwareEnclave set_SoftwareEnclave[6..7], + PageSize64K set_PageSize64K[7..8], + PlaceholderReservation set_PlaceholderReservation[8..9], + Reserved set_Reserved[9..32], +]} +pub type PMEMORY_REGION_INFORMATION = *mut MEMORY_REGION_INFORMATION; +ENUM!{enum MEMORY_WORKING_SET_EX_LOCATION { + MemoryLocationInvalid = 0, + MemoryLocationResident = 1, + MemoryLocationPagefile = 2, + MemoryLocationReserved = 3, +}} +UNION!{union MEMORY_WORKING_SET_EX_BLOCK_u { + Bitfields: ULONG_PTR, + Invalid: ULONG_PTR, +}} +STRUCT!{struct MEMORY_WORKING_SET_EX_BLOCK { + u: MEMORY_WORKING_SET_EX_BLOCK_u, +}} +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [ + Valid set_Valid[0..1], + ShareCount set_ShareCount[1..4], + Win32Protection set_Win32Protection[4..15], + Shared set_Shared[15..16], + Node set_Node[16..22], + Locked set_Locked[22..23], + LargePage set_LargePage[23..24], + Priority set_Priority[24..27], + Reserved set_Reserved[27..30], + SharedOriginal set_SharedOriginal[30..31], + Bad set_Bad[31..32], + ReservedUlong set_ReservedUlong[32..64], +]} +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [ + Invalid_Valid set_Invalid_Valid[0..1], + Invalid_Reserved0 set_Invalid_Reserved0[1..15], + Invalid_Shared set_Invalid_Shared[15..16], + Invalid_Reserved1 set_Invalid_Reserved1[16..21], + Invalid_PageTable set_Invalid_PageTable[21..22], + Invalid_Location set_Invalid_Location[22..24], + Invalid_Priority set_Invalid_Priority[24..27], + Invalid_ModifiedList set_Invalid_ModifiedList[27..28], + Invalid_Reserved2 set_Invalid_Reserved2[28..30], + Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31], + Invalid_Bad set_Invalid_Bad[31..32], + Invalid_ReservedUlong set_Invalid_ReservedUlong[32..64], +]} +#[cfg(target_arch = "x86")] +BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [ + Valid set_Valid[0..1], + ShareCount set_ShareCount[1..4], + Win32Protection set_Win32Protection[4..15], + Shared set_Shared[15..16], + Node set_Node[16..22], + Locked set_Locked[22..23], + LargePage set_LargePage[23..24], + Priority set_Priority[24..27], + Reserved set_Reserved[27..30], + SharedOriginal set_SharedOriginal[30..31], + Bad set_Bad[31..32], +]} +#[cfg(target_arch = "x86")] +BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [ + Invalid_Valid set_Invalid_Valid[0..1], + Invalid_Reserved0 set_Invalid_Reserved0[1..15], + Invalid_Shared set_Invalid_Shared[15..16], + Invalid_Reserved1 set_Invalid_Reserved1[16..21], + Invalid_PageTable set_Invalid_PageTable[21..22], + Invalid_Location set_Invalid_Location[22..24], + Invalid_Priority set_Invalid_Priority[24..27], + Invalid_ModifiedList set_Invalid_ModifiedList[27..28], + Invalid_Reserved2 set_Invalid_Reserved2[28..30], + Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31], + Invalid_Bad set_Invalid_Bad[31..32], +]} +pub type PMEMORY_WORKING_SET_EX_BLOCK = *mut MEMORY_WORKING_SET_EX_BLOCK; +STRUCT!{struct MEMORY_WORKING_SET_EX_INFORMATION { + VirtualAddress: PVOID, + VirtualAttributes: MEMORY_WORKING_SET_EX_BLOCK, +}} +pub type PMEMORY_WORKING_SET_EX_INFORMATION = *mut MEMORY_WORKING_SET_EX_INFORMATION; +STRUCT!{struct MEMORY_SHARED_COMMIT_INFORMATION { + CommitSize: SIZE_T, +}} +pub type PMEMORY_SHARED_COMMIT_INFORMATION = *mut MEMORY_SHARED_COMMIT_INFORMATION; +STRUCT!{struct MEMORY_IMAGE_INFORMATION { + ImageBase: PVOID, + SizeOfImage: SIZE_T, + ImageFlags: ULONG, +}} +BITFIELD!{MEMORY_IMAGE_INFORMATION ImageFlags: ULONG [ + ImagePartialMap set_ImagePartialMap[0..1], + ImageNotExecutable set_ImageNotExecutable[1..2], + ImageSigningLevel set_ImageSigningLevel[2..6], + Reserved set_Reserved[6..32], +]} +pub type PMEMORY_IMAGE_INFORMATION = *mut MEMORY_IMAGE_INFORMATION; +STRUCT!{struct MEMORY_ENCLAVE_IMAGE_INFORMATION { + ImageInfo: MEMORY_IMAGE_INFORMATION, + UniqueID: [UCHAR; 32], + AuthorID: [UCHAR; 32], +}} +pub type PMEMORY_ENCLAVE_IMAGE_INFORMATION = *mut MEMORY_ENCLAVE_IMAGE_INFORMATION; +pub const MMPFNLIST_ZERO: u32 = 0; +pub const MMPFNLIST_FREE: u32 = 1; +pub const MMPFNLIST_STANDBY: u32 = 2; +pub const MMPFNLIST_MODIFIED: u32 = 3; +pub const MMPFNLIST_MODIFIEDNOWRITE: u32 = 4; +pub const MMPFNLIST_BAD: u32 = 5; +pub const MMPFNLIST_ACTIVE: u32 = 6; +pub const MMPFNLIST_TRANSITION: u32 = 7; +pub const MMPFNUSE_PROCESSPRIVATE: u32 = 0; +pub const MMPFNUSE_FILE: u32 = 1; +pub const MMPFNUSE_PAGEFILEMAPPED: u32 = 2; +pub const MMPFNUSE_PAGETABLE: u32 = 3; +pub const MMPFNUSE_PAGEDPOOL: u32 = 4; +pub const MMPFNUSE_NONPAGEDPOOL: u32 = 5; +pub const MMPFNUSE_SYSTEMPTE: u32 = 6; +pub const MMPFNUSE_SESSIONPRIVATE: u32 = 7; +pub const MMPFNUSE_METAFILE: u32 = 8; +pub const MMPFNUSE_AWEPAGE: u32 = 9; +pub const MMPFNUSE_DRIVERLOCKPAGE: u32 = 10; +pub const MMPFNUSE_KERNELSTACK: u32 = 11; +STRUCT!{struct MEMORY_FRAME_INFORMATION { + Bitfields: ULONGLONG, +}} +BITFIELD!{MEMORY_FRAME_INFORMATION Bitfields: ULONGLONG [ + UseDescription set_UseDescription[0..4], + ListDescription set_ListDescription[4..7], + Reserved0 set_Reserved0[7..8], + Pinned set_Pinned[8..9], + DontUse set_DontUse[9..57], + Priority set_Priority[57..60], + Reserved set_Reserved[60..64], +]} +STRUCT!{struct FILEOFFSET_INFORMATION { + Bitfields: ULONGLONG, +}} +BITFIELD!{FILEOFFSET_INFORMATION Bitfields: ULONGLONG [ + DontUse set_DontUse[0..9], + Offset set_Offset[9..57], + Reserved set_Reserved[57..64], +]} +STRUCT!{struct PAGEDIR_INFORMATION { + Bitfields: ULONGLONG, +}} +BITFIELD!{PAGEDIR_INFORMATION Bitfields: ULONGLONG [ + DontUse set_DontUse[0..9], + PageDirectoryBase set_PageDirectoryBase[9..57], + Reserved set_Reserved[57..64], +]} +STRUCT!{struct UNIQUE_PROCESS_INFORMATION { + Bitfields: ULONGLONG, +}} +BITFIELD!{UNIQUE_PROCESS_INFORMATION Bitfields: ULONGLONG [ + DontUse set_DontUse[0..9], + UniqueProcessKey set_UniqueProcessKey[9..57], + Reserved set_Reserved[57..64], +]} +pub type PUNIQUE_PROCESS_INFORMATION = *mut UNIQUE_PROCESS_INFORMATION; +UNION!{union MMPFN_IDENTITY_u1 { + e1: MEMORY_FRAME_INFORMATION, + e2: FILEOFFSET_INFORMATION, + e3: PAGEDIR_INFORMATION, + e4: UNIQUE_PROCESS_INFORMATION, +}} +UNION!{union MMPFN_IDENTITY_u2 { + e1: ULONG_PTR, + e2_CombinedPage: ULONG_PTR, + FileObject: ULONG_PTR, + UniqueFileObjectKey: ULONG_PTR, + ProtoPteAddress: ULONG_PTR, + VirtualAddress: ULONG_PTR, +}} +STRUCT!{struct MMPFN_IDENTITY { + u1: MMPFN_IDENTITY_u1, + PageFrameIndex: ULONG_PTR, + u2: MMPFN_IDENTITY_u2, +}} +BITFIELD!{unsafe MMPFN_IDENTITY_u2 e1: ULONG_PTR [ + Image set_Image[0..1], + Mismatch set_Mismatch[1..2], +]} +pub type PMMPFN_IDENTITY = *mut MMPFN_IDENTITY; +STRUCT!{struct MMPFN_MEMSNAP_INFORMATION { + InitialPageFrameIndex: ULONG_PTR, + Count: ULONG_PTR, +}} +pub type PMMPFN_MEMSNAP_INFORMATION = *mut MMPFN_MEMSNAP_INFORMATION; +ENUM!{enum SECTION_INFORMATION_CLASS { + SectionBasicInformation = 0, + SectionImageInformation = 1, + SectionRelocationInformation = 2, + SectionOriginalBaseInformation = 3, + SectionInternalImageInformation = 4, + MaxSectionInfoClass = 5, +}} +STRUCT!{struct SECTION_BASIC_INFORMATION { + BaseAddress: PVOID, + AllocationAttributes: ULONG, + MaximumSize: LARGE_INTEGER, +}} +pub type PSECTION_BASIC_INFORMATION = *mut SECTION_BASIC_INFORMATION; +STRUCT!{struct SECTION_IMAGE_INFORMATION_u1_s { + SubSystemMinorVersion: USHORT, + SubSystemMajorVersion: USHORT, +}} +UNION!{union SECTION_IMAGE_INFORMATION_u1 { + s: SECTION_IMAGE_INFORMATION_u1_s, + SubSystemVersion: ULONG, +}} +STRUCT!{struct SECTION_IMAGE_INFORMATION_u2_s { + MajorOperatingSystemVersion: USHORT, + MinorOperatingSystemVersion: USHORT, +}} +UNION!{union SECTION_IMAGE_INFORMATION_u2 { + s: SECTION_IMAGE_INFORMATION_u2_s, + OperatingSystemVersion: ULONG, +}} +STRUCT!{struct SECTION_IMAGE_INFORMATION { + TransferAddress: PVOID, + ZeroBits: ULONG, + MaximumStackSize: SIZE_T, + CommittedStackSize: SIZE_T, + SubSystemType: ULONG, + u1: SECTION_IMAGE_INFORMATION_u1, + u2: SECTION_IMAGE_INFORMATION_u2, + ImageCharacteristics: USHORT, + DllCharacteristics: USHORT, + Machine: USHORT, + ImageContainsCode: BOOLEAN, + ImageFlags: UCHAR, + LoaderFlags: ULONG, + ImageFileSize: ULONG, + CheckSum: ULONG, +}} +BITFIELD!{SECTION_IMAGE_INFORMATION ImageFlags: UCHAR [ + ComPlusNativeReady set_ComPlusNativeReady[0..1], + ComPlusILOnly set_ComPlusILOnly[1..2], + ImageDynamicallyRelocated set_ImageDynamicallyRelocated[2..3], + ImageMappedFlat set_ImageMappedFlat[3..4], + BaseBelow4gb set_BaseBelow4gb[4..5], + ComPlusPrefer32bit set_ComPlusPrefer32bit[5..6], + Reserved set_Reserved[6..8], +]} +pub type PSECTION_IMAGE_INFORMATION = *mut SECTION_IMAGE_INFORMATION; +STRUCT!{struct SECTION_INTERNAL_IMAGE_INFORMATION { + SectionInformation: SECTION_IMAGE_INFORMATION, + ExtendedFlags: ULONG, +}} +BITFIELD!{SECTION_INTERNAL_IMAGE_INFORMATION ExtendedFlags: ULONG [ + ImageExportSuppressionEnabled set_ImageExportSuppressionEnabled[0..1], + Reserved set_Reserved[1..32], +]} +pub type PSECTION_INTERNAL_IMAGE_INFORMATION = *mut SECTION_INTERNAL_IMAGE_INFORMATION; +ENUM!{enum SECTION_INHERIT { + ViewShare = 1, + ViewUnmap = 2, +}} +pub const SEC_BASED: u32 = 0x200000; +pub const SEC_NO_CHANGE: u32 = 0x400000; +pub const SEC_GLOBAL: u32 = 0x20000000; +pub const MEM_EXECUTE_OPTION_DISABLE: u32 = 0x1; +pub const MEM_EXECUTE_OPTION_ENABLE: u32 = 0x2; +pub const MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION: u32 = 0x4; +pub const MEM_EXECUTE_OPTION_PERMANENT: u32 = 0x8; +pub const MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE: u32 = 0x10; +pub const MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE: u32 = 0x20; +pub const MEM_EXECUTE_OPTION_VALID_FLAGS: u32 = 0x3f; +EXTERN!{extern "system" { + fn NtAllocateVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + ZeroBits: ULONG_PTR, + RegionSize: PSIZE_T, + AllocationType: ULONG, + Protect: ULONG, + ) -> NTSTATUS; + fn NtFreeVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + FreeType: ULONG, + ) -> NTSTATUS; + fn NtReadVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesRead: PSIZE_T, + ) -> NTSTATUS; + fn NtWriteVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesWritten: PSIZE_T, + ) -> NTSTATUS; + fn NtProtectVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + NewProtect: ULONG, + OldProtect: PULONG, + ) -> NTSTATUS; + fn NtQueryVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + MemoryInformationClass: MEMORY_INFORMATION_CLASS, + MemoryInformation: PVOID, + MemoryInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; +}} +ENUM!{enum VIRTUAL_MEMORY_INFORMATION_CLASS { + VmPrefetchInformation = 0, + VmPagePriorityInformation = 1, + VmCfgCallTargetInformation = 2, + VmPageDirtyStateInformation = 3, +}} +STRUCT!{struct MEMORY_RANGE_ENTRY { + VirtualAddress: PVOID, + NumberOfBytes: SIZE_T, +}} +pub type PMEMORY_RANGE_ENTRY = *mut MEMORY_RANGE_ENTRY; +STRUCT!{struct CFG_CALL_TARGET_LIST_INFORMATION { + NumberOfEntries: ULONG, + Reserved: ULONG, + NumberOfEntriesProcessed: PULONG, + CallTargetInfo: PCFG_CALL_TARGET_INFO, + Section: PVOID, + FileOffset: ULONGLONG, +}} +pub type PCFG_CALL_TARGET_LIST_INFORMATION = *mut CFG_CALL_TARGET_LIST_INFORMATION; +EXTERN!{extern "system" { + fn NtSetInformationVirtualMemory( + ProcessHandle: HANDLE, + VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS, + NumberOfEntries: ULONG_PTR, + VirtualAddresses: PMEMORY_RANGE_ENTRY, + VmInformation: PVOID, + VmInformationLength: ULONG, + ) -> NTSTATUS; + fn NtLockVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + MapType: ULONG, + ) -> NTSTATUS; + fn NtUnlockVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + MapType: ULONG, + ) -> NTSTATUS; + fn NtCreateSection( + SectionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaximumSize: PLARGE_INTEGER, + SectionPageProtection: ULONG, + AllocationAttributes: ULONG, + FileHandle: HANDLE, + ) -> NTSTATUS; + fn NtCreateSectionEx( + SectionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaximumSize: PLARGE_INTEGER, + SectionPageProtection: ULONG, + AllocationAttributes: ULONG, + FileHandle: HANDLE, + ExtendedParameters: PMEM_EXTENDED_PARAMETER, + ExtendedParameterCount: ULONG, + ) -> NTSTATUS; + fn NtOpenSection( + SectionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtMapViewOfSection( + SectionHandle: HANDLE, + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + ZeroBits: ULONG_PTR, + CommitSize: SIZE_T, + SectionOffset: PLARGE_INTEGER, + ViewSize: PSIZE_T, + InheritDisposition: SECTION_INHERIT, + AllocationType: ULONG, + Win32Protect: ULONG, + ) -> NTSTATUS; + fn NtUnmapViewOfSection( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + ) -> NTSTATUS; + fn NtUnmapViewOfSectionEx( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Flags: ULONG, + ) -> NTSTATUS; + fn NtExtendSection( + SectionHandle: HANDLE, + NewSectionSize: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtQuerySection( + SectionHandle: HANDLE, + SectionInformationClass: SECTION_INFORMATION_CLASS, + SectionInformation: PVOID, + SectionInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + fn NtAreMappedFilesTheSame( + File1MappedAsAnImage: PVOID, + File2MappedAsFile: PVOID, + ) -> NTSTATUS; +}} +pub const MEMORY_PARTITION_QUERY_ACCESS: u32 = 0x0001; +pub const MEMORY_PARTITION_MODIFY_ACCESS: u32 = 0x0002; +pub const MEMORY_PARTITION_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE + | MEMORY_PARTITION_QUERY_ACCESS | MEMORY_PARTITION_MODIFY_ACCESS; +ENUM!{enum MEMORY_PARTITION_INFORMATION_CLASS { + SystemMemoryPartitionInformation = 0, + SystemMemoryPartitionMoveMemory = 1, + SystemMemoryPartitionAddPagefile = 2, + SystemMemoryPartitionCombineMemory = 3, + SystemMemoryPartitionInitialAddMemory = 4, + SystemMemoryPartitionGetMemoryEvents = 5, + SystemMemoryPartitionMax = 6, +}} +STRUCT!{struct MEMORY_PARTITION_CONFIGURATION_INFORMATION { + Flags: ULONG, + NumaNode: ULONG, + Channel: ULONG, + NumberOfNumaNodes: ULONG, + ResidentAvailablePages: ULONG_PTR, + CommittedPages: ULONG_PTR, + CommitLimit: ULONG_PTR, + PeakCommitment: ULONG_PTR, + TotalNumberOfPages: ULONG_PTR, + AvailablePages: ULONG_PTR, + ZeroPages: ULONG_PTR, + FreePages: ULONG_PTR, + StandbyPages: ULONG_PTR, + StandbyPageCountByPriority: [ULONG_PTR; 8], + RepurposedPagesByPriority: [ULONG_PTR; 8], + MaximumCommitLimit: ULONG_PTR, + DonatedPagesToPartitions: ULONG_PTR, + PartitionId: ULONG, +}} +pub type PMEMORY_PARTITION_CONFIGURATION_INFORMATION = + *mut MEMORY_PARTITION_CONFIGURATION_INFORMATION; +STRUCT!{struct MEMORY_PARTITION_TRANSFER_INFORMATION { + NumberOfPages: ULONG_PTR, + NumaNode: ULONG, + Flags: ULONG, +}} +pub type PMEMORY_PARTITION_TRANSFER_INFORMATION = *mut MEMORY_PARTITION_TRANSFER_INFORMATION; +STRUCT!{struct MEMORY_PARTITION_PAGEFILE_INFORMATION { + PageFileName: UNICODE_STRING, + MinimumSize: LARGE_INTEGER, + MaximumSize: LARGE_INTEGER, + Flags: ULONG, +}} +pub type PMEMORY_PARTITION_PAGEFILE_INFORMATION = *mut MEMORY_PARTITION_PAGEFILE_INFORMATION; +STRUCT!{struct MEMORY_PARTITION_PAGE_COMBINE_INFORMATION { + StopHandle: HANDLE, + Flags: ULONG, + TotalNumberOfPages: ULONG_PTR, +}} +pub type PMEMORY_PARTITION_PAGE_COMBINE_INFORMATION = + *mut MEMORY_PARTITION_PAGE_COMBINE_INFORMATION; +STRUCT!{struct MEMORY_PARTITION_PAGE_RANGE { + StartPage: ULONG_PTR, + NumberOfPages: ULONG_PTR, +}} +pub type PMEMORY_PARTITION_PAGE_RANGE = *mut MEMORY_PARTITION_PAGE_RANGE; +STRUCT!{struct MEMORY_PARTITION_INITIAL_ADD_INFORMATION { + Flags: ULONG, + NumberOfRanges: ULONG, + NumberOfPagesAdded: ULONG_PTR, + PartitionRanges: [MEMORY_PARTITION_PAGE_RANGE; 1], +}} +pub type PMEMORY_PARTITION_INITIAL_ADD_INFORMATION = *mut MEMORY_PARTITION_INITIAL_ADD_INFORMATION; +STRUCT!{struct MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION { + Flags: ULONG, + HandleAttributes: ULONG, + DesiredAccess: ULONG, + LowCommitCondition: HANDLE, + HighCommitCondition: HANDLE, + MaximumCommitCondition: HANDLE, +}} +BITFIELD!{MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION Flags: ULONG [ + CommitEvents set_CommitEvents[0..1], + Spare set_Spare[1..32], +]} +pub type PMEMORY_PARTITION_MEMORY_EVENTS_INFORMATION = + *mut MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION; +EXTERN!{extern "system" { + fn NtCreatePartition( + PartitionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + PreferredNode: ULONG, + ) -> NTSTATUS; + fn NtOpenPartition( + PartitionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtManagePartition( + PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS, + PartitionInformation: PVOID, + PartitionInformationLength: ULONG, + ) -> NTSTATUS; + fn NtMapUserPhysicalPages( + VirtualAddress: PVOID, + NumberOfPages: ULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + fn NtMapUserPhysicalPagesScatter( + VirtualAddresses: *mut PVOID, + NumberOfPages: ULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + fn NtAllocateUserPhysicalPages( + ProcessHandle: HANDLE, + NumberOfPages: PULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + fn NtFreeUserPhysicalPages( + ProcessHandle: HANDLE, + NumberOfPages: PULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + fn NtOpenSession( + SessionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtGetWriteWatch( + ProcessHandle: HANDLE, + Flags: ULONG, + BaseAddress: PVOID, + RegionSize: SIZE_T, + UserAddressArray: *mut PVOID, + EntriesInUserAddressArray: PULONG_PTR, + Granularity: PULONG, + ) -> NTSTATUS; + fn NtResetWriteWatch( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + RegionSize: SIZE_T, + ) -> NTSTATUS; + fn NtCreatePagingFile( + PageFileName: PUNICODE_STRING, + MinimumSize: PLARGE_INTEGER, + MaximumSize: PLARGE_INTEGER, + Priority: ULONG, + ) -> NTSTATUS; + fn NtFlushInstructionCache( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Length: SIZE_T, + ) -> NTSTATUS; + fn NtFlushWriteBuffer() -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/ntnls.rs b/vendor/ntapi/src/ntnls.rs new file mode 100644 index 000000000..592a1988f --- /dev/null +++ b/vendor/ntapi/src/ntnls.rs @@ -0,0 +1,29 @@ +use winapi::shared::ntdef::{BOOLEAN, PUSHORT, PVOID, UCHAR, USHORT}; +pub const MAXIMUM_LEADBYTES: usize = 12; +STRUCT!{struct CPTABLEINFO { + CodePage: USHORT, + MaximumCharacterSize: USHORT, + DefaultChar: USHORT, + UniDefaultChar: USHORT, + TransDefaultChar: USHORT, + TransUniDefaultChar: USHORT, + DBCSCodePage: USHORT, + LeadByte: [UCHAR; MAXIMUM_LEADBYTES], + MultiByteTable: PUSHORT, + WideCharTable: PVOID, + DBCSRanges: PUSHORT, + DBCSOffsets: PUSHORT, +}} +pub type PCPTABLEINFO = *mut CPTABLEINFO; +STRUCT!{struct NLSTABLEINFO { + OemTableInfo: CPTABLEINFO, + AnsiTableInfo: CPTABLEINFO, + UpperCaseTable: PUSHORT, + LowerCaseTable: PUSHORT, +}} +pub type PNLSTABLEINFO = *mut NLSTABLEINFO; +EXTERN!{extern "C" { + static mut NlsAnsiCodePage: USHORT; + static mut NlsMbCodePageTag: BOOLEAN; + static mut NlsMbOemCodePageTag: BOOLEAN; +}} diff --git a/vendor/ntapi/src/ntobapi.rs b/vendor/ntapi/src/ntobapi.rs new file mode 100644 index 000000000..388ec6199 --- /dev/null +++ b/vendor/ntapi/src/ntobapi.rs @@ -0,0 +1,226 @@ +use winapi::shared::ntdef::{ + BOOLEAN, CHAR, HANDLE, LARGE_INTEGER, LONG, NTSTATUS, PHANDLE, PLARGE_INTEGER, + POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, WAIT_TYPE, +}; +use winapi::um::winnt::{ + ACCESS_MASK, GENERIC_MAPPING, PSECURITY_DESCRIPTOR, SECURITY_INFORMATION, + STANDARD_RIGHTS_REQUIRED, +}; +pub const OBJECT_TYPE_CREATE: u32 = 0x0001; +pub const OBJECT_TYPE_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0x1; +pub const DIRECTORY_QUERY: u32 = 0x0001; +pub const DIRECTORY_TRAVERSE: u32 = 0x0002; +pub const DIRECTORY_CREATE_OBJECT: u32 = 0x0004; +pub const DIRECTORY_CREATE_SUBDIRECTORY: u32 = 0x0008; +pub const DIRECTORY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0xf; +pub const SYMBOLIC_LINK_QUERY: u32 = 0x0001; +pub const SYMBOLIC_LINK_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0x1; +pub const OBJ_PROTECT_CLOSE: u32 = 0x00000001; +pub const OBJ_INHERIT: u32 = 0x00000002; +pub const OBJ_AUDIT_OBJECT_CLOSE: u32 = 0x00000004; +ENUM!{enum OBJECT_INFORMATION_CLASS { + ObjectBasicInformation = 0, + ObjectNameInformation = 1, + ObjectTypeInformation = 2, + ObjectTypesInformation = 3, + ObjectHandleFlagInformation = 4, + ObjectSessionInformation = 5, + ObjectSessionObjectInformation = 6, + MaxObjectInfoClass = 7, +}} +STRUCT!{struct OBJECT_BASIC_INFORMATION { + Attributes: ULONG, + GrantedAccess: ACCESS_MASK, + HandleCount: ULONG, + PointerCount: ULONG, + PagedPoolCharge: ULONG, + NonPagedPoolCharge: ULONG, + Reserved: [ULONG; 3], + NameInfoSize: ULONG, + TypeInfoSize: ULONG, + SecurityDescriptorSize: ULONG, + CreationTime: LARGE_INTEGER, +}} +pub type POBJECT_BASIC_INFORMATION = *mut OBJECT_BASIC_INFORMATION; +STRUCT!{struct OBJECT_NAME_INFORMATION { + Name: UNICODE_STRING, +}} +pub type POBJECT_NAME_INFORMATION = *mut OBJECT_NAME_INFORMATION; +STRUCT!{struct OBJECT_TYPE_INFORMATION { + TypeName: UNICODE_STRING, + TotalNumberOfObjects: ULONG, + TotalNumberOfHandles: ULONG, + TotalPagedPoolUsage: ULONG, + TotalNonPagedPoolUsage: ULONG, + TotalNamePoolUsage: ULONG, + TotalHandleTableUsage: ULONG, + HighWaterNumberOfObjects: ULONG, + HighWaterNumberOfHandles: ULONG, + HighWaterPagedPoolUsage: ULONG, + HighWaterNonPagedPoolUsage: ULONG, + HighWaterNamePoolUsage: ULONG, + HighWaterHandleTableUsage: ULONG, + InvalidAttributes: ULONG, + GenericMapping: GENERIC_MAPPING, + ValidAccessMask: ULONG, + SecurityRequired: BOOLEAN, + MaintainHandleCount: BOOLEAN, + TypeIndex: UCHAR, + ReservedByte: CHAR, + PoolType: ULONG, + DefaultPagedPoolCharge: ULONG, + DefaultNonPagedPoolCharge: ULONG, +}} +pub type POBJECT_TYPE_INFORMATION = *mut OBJECT_TYPE_INFORMATION; +STRUCT!{struct OBJECT_TYPES_INFORMATION { + NumberOfTypes: ULONG, +}} +pub type POBJECT_TYPES_INFORMATION = *mut OBJECT_TYPES_INFORMATION; +STRUCT!{struct OBJECT_HANDLE_FLAG_INFORMATION { + Inherit: BOOLEAN, + ProtectFromClose: BOOLEAN, +}} +pub type POBJECT_HANDLE_FLAG_INFORMATION = *mut OBJECT_HANDLE_FLAG_INFORMATION; +EXTERN!{extern "system" { + fn NtQueryObject( + Handle: HANDLE, + ObjectInformationClass: OBJECT_INFORMATION_CLASS, + ObjectInformation: PVOID, + ObjectInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtSetInformationObject( + Handle: HANDLE, + ObjectInformationClass: OBJECT_INFORMATION_CLASS, + ObjectInformation: PVOID, + ObjectInformationLength: ULONG, + ) -> NTSTATUS; +}} +pub const DUPLICATE_CLOSE_SOURCE: u32 = 0x00000001; +pub const DUPLICATE_SAME_ACCESS: u32 = 0x00000002; +pub const DUPLICATE_SAME_ATTRIBUTES: u32 = 0x00000004; +EXTERN!{extern "system" { + fn NtDuplicateObject( + SourceProcessHandle: HANDLE, + SourceHandle: HANDLE, + TargetProcessHandle: HANDLE, + TargetHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + Options: ULONG, + ) -> NTSTATUS; + fn NtMakeTemporaryObject( + Handle: HANDLE, + ) -> NTSTATUS; + fn NtMakePermanentObject( + Handle: HANDLE, + ) -> NTSTATUS; + fn NtSignalAndWaitForSingleObject( + SignalHandle: HANDLE, + WaitHandle: HANDLE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtWaitForSingleObject( + Handle: HANDLE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtWaitForMultipleObjects( + Count: ULONG, + Handles: *mut HANDLE, + WaitType: WAIT_TYPE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtWaitForMultipleObjects32( + Count: ULONG, + Handles: *mut LONG, + WaitType: WAIT_TYPE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtSetSecurityObject( + Handle: HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + fn NtQuerySecurityObject( + Handle: HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Length: ULONG, + LengthNeeded: PULONG, + ) -> NTSTATUS; + fn NtClose( + Handle: HANDLE, + ) -> NTSTATUS; + fn NtCompareObjects( + FirstObjectHandle: HANDLE, + SecondObjectHandle: HANDLE, + ) -> NTSTATUS; + fn NtCreateDirectoryObject( + DirectoryHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtCreateDirectoryObjectEx( + DirectoryHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ShadowDirectoryHandle: HANDLE, + Flags: ULONG, + ) -> NTSTATUS; + fn NtOpenDirectoryObject( + DirectoryHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; +}} +STRUCT!{struct OBJECT_DIRECTORY_INFORMATION { + Name: UNICODE_STRING, + TypeName: UNICODE_STRING, +}} +pub type POBJECT_DIRECTORY_INFORMATION = *mut OBJECT_DIRECTORY_INFORMATION; +EXTERN!{extern "system" { + fn NtQueryDirectoryObject( + DirectoryHandle: HANDLE, + Buffer: PVOID, + Length: ULONG, + ReturnSingleEntry: BOOLEAN, + RestartScan: BOOLEAN, + Context: PULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtCreatePrivateNamespace( + NamespaceHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + BoundaryDescriptor: PVOID, + ) -> NTSTATUS; + fn NtOpenPrivateNamespace( + NamespaceHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + BoundaryDescriptor: PVOID, + ) -> NTSTATUS; + fn NtDeletePrivateNamespace( + NamespaceHandle: HANDLE, + ) -> NTSTATUS; + fn NtCreateSymbolicLinkObject( + LinkHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + LinkTarget: PUNICODE_STRING, + ) -> NTSTATUS; + fn NtOpenSymbolicLinkObject( + LinkHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtQuerySymbolicLinkObject( + LinkHandle: HANDLE, + LinkTarget: PUNICODE_STRING, + ReturnedLength: PULONG, + ) -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/ntpebteb.rs b/vendor/ntapi/src/ntpebteb.rs new file mode 100644 index 000000000..b51705863 --- /dev/null +++ b/vendor/ntapi/src/ntpebteb.rs @@ -0,0 +1,431 @@ +use core::mem::size_of; +use crate::ntapi_base::CLIENT_ID; +use crate::ntpsapi::{GDI_HANDLE_BUFFER, PPEB_LDR_DATA}; +use crate::ntrtl::PRTL_USER_PROCESS_PARAMETERS; +use winapi::shared::basetsd::{SIZE_T, ULONG_PTR}; +use winapi::shared::guiddef::GUID; +use winapi::shared::ntdef::{ + BOOLEAN, CHAR, HANDLE, LCID, LIST_ENTRY, LONG, NTSTATUS, PROCESSOR_NUMBER, PSTR, PVOID, UCHAR, + ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, USHORT, WCHAR, +}; +use winapi::um::winnt::{ + ACTIVATION_CONTEXT, FLS_MAXIMUM_AVAILABLE, NT_TIB, PRTL_CRITICAL_SECTION, PSLIST_HEADER, +}; +STRUCT!{struct RTL_ACTIVATION_CONTEXT_STACK_FRAME { + Previous: PRTL_ACTIVATION_CONTEXT_STACK_FRAME, + ActivationContext: *mut ACTIVATION_CONTEXT, + Flags: ULONG, +}} +pub type PRTL_ACTIVATION_CONTEXT_STACK_FRAME = *mut RTL_ACTIVATION_CONTEXT_STACK_FRAME; +STRUCT!{struct ACTIVATION_CONTEXT_STACK { + ActiveFrame: *mut RTL_ACTIVATION_CONTEXT_STACK_FRAME, + FrameListCache: LIST_ENTRY, + Flags: ULONG, + NextCookieSequenceNumber: ULONG, + StackId: ULONG, +}} +pub type PACTIVATION_CONTEXT_STACK = *mut ACTIVATION_CONTEXT_STACK; +STRUCT!{struct API_SET_NAMESPACE { + Version: ULONG, + Size: ULONG, + Flags: ULONG, + Count: ULONG, + EntryOffset: ULONG, + HashOffset: ULONG, + HashFactor: ULONG, +}} +pub type PAPI_SET_NAMESPACE = *mut API_SET_NAMESPACE; +STRUCT!{struct API_SET_HASH_ENTRY { + Hash: ULONG, + Index: ULONG, +}} +pub type PAPI_SET_HASH_ENTRY = *mut API_SET_HASH_ENTRY; +STRUCT!{struct API_SET_NAMESPACE_ENTRY { + Flags: ULONG, + NameOffset: ULONG, + NameLength: ULONG, + HashedLength: ULONG, + ValueOffset: ULONG, + ValueCount: ULONG, +}} +pub type PAPI_SET_NAMESPACE_ENTRY = *mut API_SET_NAMESPACE_ENTRY; +STRUCT!{struct API_SET_VALUE_ENTRY { + Flags: ULONG, + NameOffset: ULONG, + NameLength: ULONG, + ValueOffset: ULONG, + ValueLength: ULONG, +}} +pub type PAPI_SET_VALUE_ENTRY = *mut API_SET_VALUE_ENTRY; +UNION!{union PEB_u { + KernelCallbackTable: PVOID, + UserSharedInfoPtr: PVOID, +}} +#[repr(C)] +pub struct LEAP_SECOND_DATA([u8; 0]); //fixme +STRUCT!{struct PEB { + InheritedAddressSpace: BOOLEAN, + ReadImageFileExecOptions: BOOLEAN, + BeingDebugged: BOOLEAN, + BitField: BOOLEAN, + Mutant: HANDLE, + ImageBaseAddress: PVOID, + Ldr: PPEB_LDR_DATA, + ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, + SubSystemData: PVOID, + ProcessHeap: PVOID, + FastPebLock: PRTL_CRITICAL_SECTION, + IFEOKey: PVOID, + AtlThunkSListPtr: PSLIST_HEADER, + CrossProcessFlags: ULONG, + u: PEB_u, + SystemReserved: [ULONG; 1], + AtlThunkSListPtr32: ULONG, + ApiSetMap: PAPI_SET_NAMESPACE, + TlsExpansionCounter: ULONG, + TlsBitmap: PVOID, + TlsBitmapBits: [ULONG; 2], + ReadOnlySharedMemoryBase: PVOID, + SharedData: PVOID, + ReadOnlyStaticServerData: *mut PVOID, + AnsiCodePageData: PVOID, + OemCodePageData: PVOID, + UnicodeCaseTableData: PVOID, + NumberOfProcessors: ULONG, + NtGlobalFlag: ULONG, + CriticalSectionTimeout: ULARGE_INTEGER, + HeapSegmentReserve: SIZE_T, + HeapSegmentCommit: SIZE_T, + HeapDeCommitTotalFreeThreshold: SIZE_T, + HeapDeCommitFreeBlockThreshold: SIZE_T, + NumberOfHeaps: ULONG, + MaximumNumberOfHeaps: ULONG, + ProcessHeaps: *mut PVOID, + GdiSharedHandleTable: PVOID, + ProcessStarterHelper: PVOID, + GdiDCAttributeList: ULONG, + LoaderLock: PRTL_CRITICAL_SECTION, + OSMajorVersion: ULONG, + OSMinorVersion: ULONG, + OSBuildNumber: USHORT, + OSCSDVersion: USHORT, + OSPlatformId: ULONG, + ImageSubsystem: ULONG, + ImageSubsystemMajorVersion: ULONG, + ImageSubsystemMinorVersion: ULONG, + ActiveProcessAffinityMask: ULONG_PTR, + GdiHandleBuffer: GDI_HANDLE_BUFFER, + PostProcessInitRoutine: PVOID, + TlsExpansionBitmap: PVOID, + TlsExpansionBitmapBits: [ULONG; 32], + SessionId: ULONG, + AppCompatFlags: ULARGE_INTEGER, + AppCompatFlagsUser: ULARGE_INTEGER, + pShimData: PVOID, + AppCompatInfo: PVOID, + CSDVersion: UNICODE_STRING, + ActivationContextData: PVOID, + ProcessAssemblyStorageMap: PVOID, + SystemDefaultActivationContextData: PVOID, + SystemAssemblyStorageMap: PVOID, + MinimumStackCommit: SIZE_T, + FlsCallback: *mut PVOID, + FlsListHead: LIST_ENTRY, + FlsBitmap: PVOID, + FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::<ULONG>() * 8)], + FlsHighIndex: ULONG, + WerRegistrationData: PVOID, + WerShipAssertPtr: PVOID, + pUnused: PVOID, + pImageHeaderHash: PVOID, + TracingFlags: ULONG, + CsrServerReadOnlySharedMemoryBase: ULONGLONG, + TppWorkerpListLock: PRTL_CRITICAL_SECTION, + TppWorkerpList: LIST_ENTRY, + WaitOnAddressHashTable: [PVOID; 128], + TelemetryCoverageHeader: PVOID, + CloudFileFlags: ULONG, + CloudFileDiagFlags: ULONG, + PlaceholderCompatibilityMode: CHAR, + PlaceholderCompatibilityModeReserved: [CHAR; 7], + LeapSecondData: *mut LEAP_SECOND_DATA, + LeapSecondFlags: ULONG, + NtGlobalFlag2: ULONG, +}} +BITFIELD!{PEB BitField: BOOLEAN [ + ImageUsesLargePages set_ImageUsesLargePages[0..1], + IsProtectedProcess set_IsProtectedProcess[1..2], + IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3], + SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4], + IsPackagedProcess set_IsPackagedProcess[4..5], + IsAppContainer set_IsAppContainer[5..6], + IsProtectedProcessLight set_IsProtectedProcessLight[6..7], + IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8], +]} +BITFIELD!{PEB CrossProcessFlags: ULONG [ + ProcessInJob set_ProcessInJob[0..1], + ProcessInitializing set_ProcessInitializing[1..2], + ProcessUsingVEH set_ProcessUsingVEH[2..3], + ProcessUsingVCH set_ProcessUsingVCH[3..4], + ProcessUsingFTH set_ProcessUsingFTH[4..5], + ProcessPreviouslyThrottled set_ProcessPreviouslyThrottled[5..6], + ProcessCurrentlyThrottled set_ProcessCurrentlyThrottled[6..7], + ProcessImagesHotPatched set_ProcessImagesHotPatched[7..8], + ReservedBits0 set_ReservedBits0[8..32], +]} +BITFIELD!{PEB TracingFlags: ULONG [ + HeapTracingEnabled set_HeapTracingEnabled[0..1], + CritSecTracingEnabled set_CritSecTracingEnabled[1..2], + LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3], + SpareTracingBits set_SpareTracingBits[3..32], +]} +BITFIELD!{PEB LeapSecondFlags: ULONG [ + SixtySecondEnabled set_SixtySecondEnabled[0..1], + Reserved set_Reserved[1..32], +]} +pub type PPEB = *mut PEB; +pub const GDI_BATCH_BUFFER_SIZE: usize = 310; +STRUCT!{struct GDI_TEB_BATCH { + Offset: ULONG, + HDC: ULONG_PTR, + Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE], +}} +pub type PGDI_TEB_BATCH = *mut GDI_TEB_BATCH; +STRUCT!{struct TEB_ACTIVE_FRAME_CONTEXT { + Flags: ULONG, + FrameName: PSTR, +}} +pub type PTEB_ACTIVE_FRAME_CONTEXT = *mut TEB_ACTIVE_FRAME_CONTEXT; +STRUCT!{struct TEB_ACTIVE_FRAME { + Flags: ULONG, + Previous: *mut TEB_ACTIVE_FRAME, + Context: PTEB_ACTIVE_FRAME_CONTEXT, +}} +pub type PTEB_ACTIVE_FRAME = *mut TEB_ACTIVE_FRAME; +STRUCT!{struct TEB_u_s { + ReservedPad0: UCHAR, + ReservedPad1: UCHAR, + ReservedPad2: UCHAR, + IdealProcessor: UCHAR, +}} +UNION!{union TEB_u { + CurrentIdealProcessor: PROCESSOR_NUMBER, + IdealProcessorValue: ULONG, + s: TEB_u_s, +}} +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +STRUCT!{struct TEB { + NtTib: NT_TIB, + EnvironmentPointer: PVOID, + ClientId: CLIENT_ID, + ActiveRpcHandle: PVOID, + ThreadLocalStoragePointer: PVOID, + ProcessEnvironmentBlock: PPEB, + LastErrorValue: ULONG, + CountOfOwnedCriticalSections: ULONG, + CsrClientThread: PVOID, + Win32ThreadInfo: PVOID, + User32Reserved: [ULONG; 26], + UserReserved: [ULONG; 5], + WOW32Reserved: PVOID, + CurrentLocale: LCID, + FpSoftwareStatusRegister: ULONG, + ReservedForDebuggerInstrumentation: [PVOID; 16], + SystemReserved1: [PVOID; 30], + PlaceholderCompatibilityMode: CHAR, + PlaceholderReserved: [CHAR; 11], + ProxiedProcessId: ULONG, + ActivationStack: ACTIVATION_CONTEXT_STACK, + WorkingOnBehalfTicket: [UCHAR; 8], + ExceptionCode: NTSTATUS, + ActivationContextStackPointer: PACTIVATION_CONTEXT_STACK, + InstrumentationCallbackSp: ULONG_PTR, + InstrumentationCallbackPreviousPc: ULONG_PTR, + InstrumentationCallbackPreviousSp: ULONG_PTR, + TxFsContext: ULONG, + InstrumentationCallbackDisabled: BOOLEAN, + GdiTebBatch: GDI_TEB_BATCH, + RealClientId: CLIENT_ID, + GdiCachedProcessHandle: HANDLE, + GdiClientPID: ULONG, + GdiClientTID: ULONG, + GdiThreadLocalInfo: PVOID, + Win32ClientInfo: [ULONG_PTR; 62], + glDispatchTable: [PVOID; 233], + glReserved1: [ULONG_PTR; 29], + glReserved2: PVOID, + glSectionInfo: PVOID, + glSection: PVOID, + glTable: PVOID, + glCurrentRC: PVOID, + glContext: PVOID, + LastStatusValue: NTSTATUS, + StaticUnicodeString: UNICODE_STRING, + StaticUnicodeBuffer: [WCHAR; 261], + DeallocationStack: PVOID, + TlsSlots: [PVOID; 64], + TlsLinks: LIST_ENTRY, + Vdm: PVOID, + ReservedForNtRpc: PVOID, + DbgSsReserved: [PVOID; 2], + HardErrorMode: ULONG, + Instrumentation: [PVOID; 11], + ActivityId: GUID, + SubProcessTag: PVOID, + PerflibData: PVOID, + EtwTraceData: PVOID, + WinSockData: PVOID, + GdiBatchCount: ULONG, + u: TEB_u, + GuaranteedStackBytes: ULONG, + ReservedForPerf: PVOID, + ReservedForOle: PVOID, + WaitingOnLoaderLock: ULONG, + SavedPriorityState: PVOID, + ReservedForCodeCoverage: ULONG_PTR, + ThreadPoolData: PVOID, + TlsExpansionSlots: *mut PVOID, + DeallocationBStore: PVOID, + BStoreLimit: PVOID, + MuiGeneration: ULONG, + IsImpersonating: ULONG, + NlsCache: PVOID, + pShimData: PVOID, + HeapVirtualAffinity: USHORT, + LowFragHeapDataSlot: USHORT, + CurrentTransactionHandle: HANDLE, + ActiveFrame: PTEB_ACTIVE_FRAME, + FlsData: PVOID, + PreferredLanguages: PVOID, + UserPrefLanguages: PVOID, + MergedPrefLanguages: PVOID, + MuiImpersonation: ULONG, + CrossTebFlags: USHORT, + SameTebFlags: USHORT, + TxnScopeEnterCallback: PVOID, + TxnScopeExitCallback: PVOID, + TxnScopeContext: PVOID, + LockCount: ULONG, + WowTebOffset: LONG, + ResourceRetValue: PVOID, + ReservedForWdf: PVOID, + ReservedForCrt: ULONGLONG, + EffectiveContainerId: GUID, +}} +#[cfg(target_arch = "x86")] +STRUCT!{struct TEB { + NtTib: NT_TIB, + EnvironmentPointer: PVOID, + ClientId: CLIENT_ID, + ActiveRpcHandle: PVOID, + ThreadLocalStoragePointer: PVOID, + ProcessEnvironmentBlock: PPEB, + LastErrorValue: ULONG, + CountOfOwnedCriticalSections: ULONG, + CsrClientThread: PVOID, + Win32ThreadInfo: PVOID, + User32Reserved: [ULONG; 26], + UserReserved: [ULONG; 5], + WOW32Reserved: PVOID, + CurrentLocale: LCID, + FpSoftwareStatusRegister: ULONG, + ReservedForDebuggerInstrumentation: [PVOID; 16], + SystemReserved1: [PVOID; 26], + PlaceholderCompatibilityMode: CHAR, + PlaceholderReserved: [CHAR; 11], + ProxiedProcessId: ULONG, + ActivationStack: ACTIVATION_CONTEXT_STACK, + WorkingOnBehalfTicket: [UCHAR; 8], + ExceptionCode: NTSTATUS, + ActivationContextStackPointer: PACTIVATION_CONTEXT_STACK, + InstrumentationCallbackSp: ULONG_PTR, + InstrumentationCallbackPreviousPc: ULONG_PTR, + InstrumentationCallbackPreviousSp: ULONG_PTR, + InstrumentationCallbackDisabled: BOOLEAN, + SpareBytes: [UCHAR; 23], + TxFsContext: ULONG, + GdiTebBatch: GDI_TEB_BATCH, + RealClientId: CLIENT_ID, + GdiCachedProcessHandle: HANDLE, + GdiClientPID: ULONG, + GdiClientTID: ULONG, + GdiThreadLocalInfo: PVOID, + Win32ClientInfo: [ULONG_PTR; 62], + glDispatchTable: [PVOID; 233], + glReserved1: [ULONG_PTR; 29], + glReserved2: PVOID, + glSectionInfo: PVOID, + glSection: PVOID, + glTable: PVOID, + glCurrentRC: PVOID, + glContext: PVOID, + LastStatusValue: NTSTATUS, + StaticUnicodeString: UNICODE_STRING, + StaticUnicodeBuffer: [WCHAR; 261], + DeallocationStack: PVOID, + TlsSlots: [PVOID; 64], + TlsLinks: LIST_ENTRY, + Vdm: PVOID, + ReservedForNtRpc: PVOID, + DbgSsReserved: [PVOID; 2], + HardErrorMode: ULONG, + Instrumentation: [PVOID; 9], + ActivityId: GUID, + SubProcessTag: PVOID, + PerflibData: PVOID, + EtwTraceData: PVOID, + WinSockData: PVOID, + GdiBatchCount: ULONG, + u: TEB_u, + GuaranteedStackBytes: ULONG, + ReservedForPerf: PVOID, + ReservedForOle: PVOID, + WaitingOnLoaderLock: ULONG, + SavedPriorityState: PVOID, + ReservedForCodeCoverage: ULONG_PTR, + ThreadPoolData: PVOID, + TlsExpansionSlots: *mut PVOID, + MuiGeneration: ULONG, + IsImpersonating: ULONG, + NlsCache: PVOID, + pShimData: PVOID, + HeapVirtualAffinity: USHORT, + LowFragHeapDataSlot: USHORT, + CurrentTransactionHandle: HANDLE, + ActiveFrame: PTEB_ACTIVE_FRAME, + FlsData: PVOID, + PreferredLanguages: PVOID, + UserPrefLanguages: PVOID, + MergedPrefLanguages: PVOID, + MuiImpersonation: ULONG, + CrossTebFlags: USHORT, + SameTebFlags: USHORT, + TxnScopeEnterCallback: PVOID, + TxnScopeExitCallback: PVOID, + TxnScopeContext: PVOID, + LockCount: ULONG, + WowTebOffset: LONG, + ResourceRetValue: PVOID, + ReservedForWdf: PVOID, + ReservedForCrt: ULONGLONG, + EffectiveContainerId: GUID, +}} +BITFIELD!{TEB SameTebFlags: USHORT [ + SafeThunkCall set_SafeThunkCall[0..1], + InDebugPrint set_InDebugPrint[1..2], + HasFiberData set_HasFiberData[2..3], + SkipThreadAttach set_SkipThreadAttach[3..4], + WerInShipAssertCode set_WerInShipAssertCode[4..5], + RanProcessInit set_RanProcessInit[5..6], + ClonedThread set_ClonedThread[6..7], + SuppressDebugMsg set_SuppressDebugMsg[7..8], + DisableUserStackWalk set_DisableUserStackWalk[8..9], + RtlExceptionAttached set_RtlExceptionAttached[9..10], + InitialThread set_InitialThread[10..11], + SessionAware set_SessionAware[11..12], + LoadOwner set_LoadOwner[12..13], + LoaderWorker set_LoaderWorker[13..14], + SkipLoaderInit set_SkipLoaderInit[14..15], + SpareSameTebBits set_SpareSameTebBits[15..16], +]} +pub type PTEB = *mut TEB; diff --git a/vendor/ntapi/src/ntpfapi.rs b/vendor/ntapi/src/ntpfapi.rs new file mode 100644 index 000000000..d6323611b --- /dev/null +++ b/vendor/ntapi/src/ntpfapi.rs @@ -0,0 +1,219 @@ +use crate::ntexapi::SYSTEM_MEMORY_LIST_INFORMATION; +use crate::ntmmapi::MMPFN_IDENTITY; +use winapi::shared::basetsd::{SIZE_T, ULONG_PTR}; +use winapi::shared::ntdef::{CHAR, LONGLONG, PVOID, ULONG, ULONGLONG, WCHAR}; +ENUM!{enum PF_BOOT_PHASE_ID { + PfKernelInitPhase = 0, + PfBootDriverInitPhase = 90, + PfSystemDriverInitPhase = 120, + PfSessionManagerInitPhase = 150, + PfSMRegistryInitPhase = 180, + PfVideoInitPhase = 210, + PfPostVideoInitPhase = 240, + PfBootAcceptedRegistryInitPhase = 270, + PfUserShellReadyPhase = 300, + PfMaxBootPhaseId = 900, +}} +ENUM!{enum PF_ENABLE_STATUS { + PfSvNotSpecified = 0, + PfSvEnabled = 1, + PfSvDisabled = 2, + PfSvMaxEnableStatus = 3, +}} +STRUCT!{struct PF_TRACE_LIMITS { + MaxNumPages: ULONG, + MaxNumSections: ULONG, + TimerPeriod: LONGLONG, +}} +pub type PPF_TRACE_LIMITS = *mut PF_TRACE_LIMITS; +STRUCT!{struct PF_SYSTEM_PREFETCH_PARAMETERS { + EnableStatus: [PF_ENABLE_STATUS; 2], + TraceLimits: [PF_TRACE_LIMITS; 2], + MaxNumActiveTraces: ULONG, + MaxNumSavedTraces: ULONG, + RootDirPath: [WCHAR; 32], + HostingApplicationList: [WCHAR; 128], +}} +pub type PPF_SYSTEM_PREFETCH_PARAMETERS = *mut PF_SYSTEM_PREFETCH_PARAMETERS; +pub const PF_BOOT_CONTROL_VERSION: u32 = 1; +STRUCT!{struct PF_BOOT_CONTROL { + Version: ULONG, + DisableBootPrefetching: ULONG, +}} +pub type PPF_BOOT_CONTROL = *mut PF_BOOT_CONTROL; +ENUM!{enum PREFETCHER_INFORMATION_CLASS { + PrefetcherRetrieveTrace = 1, + PrefetcherSystemParameters = 2, + PrefetcherBootPhase = 3, + PrefetcherRetrieveBootLoaderTrace = 4, + PrefetcherBootControl = 5, +}} +pub const PREFETCHER_INFORMATION_VERSION: ULONG = 23; +pub const PREFETCHER_INFORMATION_MAGIC: ULONG = 0x6b756843; +STRUCT!{struct PREFETCHER_INFORMATION { + Version: ULONG, + Magic: ULONG, + PrefetcherInformationClass: PREFETCHER_INFORMATION_CLASS, + PrefetcherInformation: PVOID, + PrefetcherInformationLength: ULONG, +}} +pub type PPREFETCHER_INFORMATION = *mut PREFETCHER_INFORMATION; +STRUCT!{struct PF_SYSTEM_SUPERFETCH_PARAMETERS { + EnabledComponents: ULONG, + BootID: ULONG, + SavedSectInfoTracesMax: ULONG, + SavedPageAccessTracesMax: ULONG, + ScenarioPrefetchTimeoutStandby: ULONG, + ScenarioPrefetchTimeoutHibernate: ULONG, +}} +pub type PPF_SYSTEM_SUPERFETCH_PARAMETERS = *mut PF_SYSTEM_SUPERFETCH_PARAMETERS; +pub const PF_PFN_PRIO_REQUEST_VERSION: u32 = 1; +pub const PF_PFN_PRIO_REQUEST_QUERY_MEMORY_LIST: u32 = 0x1; +pub const PF_PFN_PRIO_REQUEST_VALID_FLAGS: u32 = 0x1; +STRUCT!{struct PF_PFN_PRIO_REQUEST { + Version: ULONG, + RequestFlags: ULONG, + PfnCount: ULONG_PTR, + MemInfo: SYSTEM_MEMORY_LIST_INFORMATION, + PageData: [MMPFN_IDENTITY; 256], +}} +pub type PPF_PFN_PRIO_REQUEST = *mut PF_PFN_PRIO_REQUEST; +ENUM!{enum PFS_PRIVATE_PAGE_SOURCE_TYPE { + PfsPrivateSourceKernel = 0, + PfsPrivateSourceSession = 1, + PfsPrivateSourceProcess = 2, + PfsPrivateSourceMax = 3, +}} +UNION!{union PFS_PRIVATE_PAGE_SOURCE_u { + SessionId: ULONG, + ProcessId: ULONG, +}} +STRUCT!{struct PFS_PRIVATE_PAGE_SOURCE { + Type: PFS_PRIVATE_PAGE_SOURCE_TYPE, + u: PFS_PRIVATE_PAGE_SOURCE_u, + ImagePathHash: ULONG, + UniqueProcessHash: ULONG_PTR, +}} +UNION!{union PF_PRIVSOURCE_INFO_u { + WsSwapPages: ULONG_PTR, + SessionPagedPoolPages: ULONG_PTR, + StoreSizePages: ULONG_PTR, +}} +pub type PPFS_PRIVATE_PAGE_SOURCE = *mut PFS_PRIVATE_PAGE_SOURCE; +STRUCT!{struct PF_PRIVSOURCE_INFO { + DbInfo: PFS_PRIVATE_PAGE_SOURCE, + EProcess: PVOID, + WsPrivatePages: SIZE_T, + TotalPrivatePages: SIZE_T, + SessionID: ULONG, + ImageName: [CHAR; 16], + u: PF_PRIVSOURCE_INFO_u, + WsTotalPages: ULONG_PTR, + DeepFreezeTimeMs: ULONG, + BitFields: ULONG, +}} +BITFIELD!{PF_PRIVSOURCE_INFO BitFields: ULONG [ + ModernApp set_ModernApp[0..1], + DeepFrozen set_DeepFrozen[1..2], + Foreground set_Foreground[2..3], + PerProcessStore set_PerProcessStore[3..4], + Spare set_Spare[4..32], +]} +pub type PPF_PRIVSOURCE_INFO = *mut PF_PRIVSOURCE_INFO; +pub const PF_PRIVSOURCE_QUERY_REQUEST_VERSION: u32 = 3; +STRUCT!{struct PF_PRIVSOURCE_QUERY_REQUEST { + Version: ULONG, + Flags: ULONG, + InfoCount: ULONG, + InfoArray: [PF_PRIVSOURCE_INFO; 1], +}} +pub type PPF_PRIVSOURCE_QUERY_REQUEST = *mut PF_PRIVSOURCE_QUERY_REQUEST; +ENUM!{enum PF_PHASED_SCENARIO_TYPE { + PfScenarioTypeNone = 0, + PfScenarioTypeStandby = 1, + PfScenarioTypeHibernate = 2, + PfScenarioTypeFUS = 3, + PfScenarioTypeMax = 4, +}} +pub const PF_SCENARIO_PHASE_INFO_VERSION: u32 = 4; +STRUCT!{struct PF_SCENARIO_PHASE_INFO { + Version: ULONG, + ScenType: PF_PHASED_SCENARIO_TYPE, + PhaseId: ULONG, + SequenceNumber: ULONG, + Flags: ULONG, + FUSUserId: ULONG, +}} +pub type PPF_SCENARIO_PHASE_INFO = *mut PF_SCENARIO_PHASE_INFO; +STRUCT!{struct PF_MEMORY_LIST_NODE { + Bitfields: ULONGLONG, + StandbyLowPageCount: ULONGLONG, + StandbyMediumPageCount: ULONGLONG, + StandbyHighPageCount: ULONGLONG, + FreePageCount: ULONGLONG, + ModifiedPageCount: ULONGLONG, +}} +BITFIELD!{PF_MEMORY_LIST_NODE Bitfields: ULONGLONG [ + Node set_Node[0..8], + Spare set_Spare[8..64], +]} +pub type PPF_MEMORY_LIST_NODE = *mut PF_MEMORY_LIST_NODE; +pub const PF_MEMORY_LIST_INFO_VERSION: u32 = 1; +STRUCT!{struct PF_MEMORY_LIST_INFO { + Version: ULONG, + Size: ULONG, + NodeCount: ULONG, + Nodes: [PF_MEMORY_LIST_NODE; 1], +}} +pub type PPF_MEMORY_LIST_INFO = *mut PF_MEMORY_LIST_INFO; +STRUCT!{struct PF_PHYSICAL_MEMORY_RANGE { + BasePfn: ULONG_PTR, + PageCount: ULONG_PTR, +}} +pub type PPF_PHYSICAL_MEMORY_RANGE = *mut PF_PHYSICAL_MEMORY_RANGE; +pub const PF_PHYSICAL_MEMORY_RANGE_INFO_VERSION: u32 = 1; +STRUCT!{struct PF_PHYSICAL_MEMORY_RANGE_INFO { + Version: ULONG, + RangeCount: ULONG, + Ranges: [PF_PHYSICAL_MEMORY_RANGE; 1], +}} +pub type PPF_PHYSICAL_MEMORY_RANGE_INFO = *mut PF_PHYSICAL_MEMORY_RANGE_INFO; +pub const PF_REPURPOSED_BY_PREFETCH_INFO_VERSION: u32 = 1; +STRUCT!{struct PF_REPURPOSED_BY_PREFETCH_INFO { + Version: ULONG, + RepurposedByPrefetch: ULONG, +}} +pub type PPF_REPURPOSED_BY_PREFETCH_INFO = *mut PF_REPURPOSED_BY_PREFETCH_INFO; +ENUM!{enum SUPERFETCH_INFORMATION_CLASS { + SuperfetchRetrieveTrace = 1, + SuperfetchSystemParameters = 2, + SuperfetchLogEvent = 3, + SuperfetchGenerateTrace = 4, + SuperfetchPrefetch = 5, + SuperfetchPfnQuery = 6, + SuperfetchPfnSetPriority = 7, + SuperfetchPrivSourceQuery = 8, + SuperfetchSequenceNumberQuery = 9, + SuperfetchScenarioPhase = 10, + SuperfetchWorkerPriority = 11, + SuperfetchScenarioQuery = 12, + SuperfetchScenarioPrefetch = 13, + SuperfetchRobustnessControl = 14, + SuperfetchTimeControl = 15, + SuperfetchMemoryListQuery = 16, + SuperfetchMemoryRangesQuery = 17, + SuperfetchTracingControl = 18, + SuperfetchTrimWhileAgingControl = 19, + SuperfetchRepurposedByPrefetch = 20, + SuperfetchInformationMax = 21, +}} +pub const SUPERFETCH_INFORMATION_VERSION: ULONG = 45; +pub const SUPERFETCH_INFORMATION_MAGIC: ULONG = 0x6b756843; +STRUCT!{struct SUPERFETCH_INFORMATION { + Version: ULONG, + Magic: ULONG, + InfoClass: SUPERFETCH_INFORMATION_CLASS, + Data: PVOID, + Length: ULONG, +}} +pub type PSUPERFETCH_INFORMATION = *mut SUPERFETCH_INFORMATION; diff --git a/vendor/ntapi/src/ntpnpapi.rs b/vendor/ntapi/src/ntpnpapi.rs new file mode 100644 index 000000000..0afc698b2 --- /dev/null +++ b/vendor/ntapi/src/ntpnpapi.rs @@ -0,0 +1,118 @@ +use winapi::shared::cfg::PNP_VETO_TYPE; +use winapi::shared::guiddef::GUID; +use winapi::shared::ntdef::{HANDLE, NTSTATUS, PULONG, PUNICODE_STRING, PVOID, ULONG, WCHAR}; +ENUM!{enum PLUGPLAY_EVENT_CATEGORY { + HardwareProfileChangeEvent = 0, + TargetDeviceChangeEvent = 1, + DeviceClassChangeEvent = 2, + CustomDeviceEvent = 3, + DeviceInstallEvent = 4, + DeviceArrivalEvent = 5, + PowerEvent = 6, + VetoEvent = 7, + BlockedDriverEvent = 8, + InvalidIDEvent = 9, + MaxPlugEventCategory = 10, +}} +pub type PPLUGPLAY_EVENT_CATEGORY = *mut PLUGPLAY_EVENT_CATEGORY; +STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_DeviceClass { + ClassGuid: GUID, + SymbolicLinkName: [WCHAR; 1], +}} +STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_TargetDevice { + DeviceIds: [WCHAR; 1], +}} +STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_InstallDevice { + DeviceId: [WCHAR; 1], +}} +STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_CustomNotification { + NotificationStructure: PVOID, + DeviceIds: [WCHAR; 1], +}} +STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_ProfileNotification { + Notification: PVOID, +}} +STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_PowerNotification { + NotificationCode: ULONG, + NotificationData: ULONG, +}} +STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_VetoNotification { + VetoType: PNP_VETO_TYPE, + DeviceIdVetoNameBuffer: [WCHAR; 1], +}} +STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_BlockedDriverNotification { + BlockedDriverGuid: GUID, +}} +STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_InvalidIDNotification { + ParentId: [WCHAR; 1], +}} +UNION!{union PLUGPLAY_EVENT_BLOCK_u { + DeviceClass: PLUGPLAY_EVENT_BLOCK_u_DeviceClass, + TargetDevice: PLUGPLAY_EVENT_BLOCK_u_TargetDevice, + InstallDevice: PLUGPLAY_EVENT_BLOCK_u_InstallDevice, + CustomNotification: PLUGPLAY_EVENT_BLOCK_u_CustomNotification, + ProfileNotification: PLUGPLAY_EVENT_BLOCK_u_ProfileNotification, + PowerNotification: PLUGPLAY_EVENT_BLOCK_u_PowerNotification, + VetoNotification: PLUGPLAY_EVENT_BLOCK_u_VetoNotification, + BlockedDriverNotification: PLUGPLAY_EVENT_BLOCK_u_BlockedDriverNotification, + InvalidIDNotification: PLUGPLAY_EVENT_BLOCK_u_InvalidIDNotification, +}} +STRUCT!{struct PLUGPLAY_EVENT_BLOCK { + EventGuid: GUID, + EventCategory: PLUGPLAY_EVENT_CATEGORY, + Result: PULONG, + Flags: ULONG, + TotalSize: ULONG, + DeviceObject: PVOID, + u: PLUGPLAY_EVENT_BLOCK_u, +}} +pub type PPLUGPLAY_EVENT_BLOCK = *mut PLUGPLAY_EVENT_BLOCK; +ENUM!{enum PLUGPLAY_CONTROL_CLASS { + PlugPlayControlEnumerateDevice = 0, + PlugPlayControlRegisterNewDevice = 1, + PlugPlayControlDeregisterDevice = 2, + PlugPlayControlInitializeDevice = 3, + PlugPlayControlStartDevice = 4, + PlugPlayControlUnlockDevice = 5, + PlugPlayControlQueryAndRemoveDevice = 6, + PlugPlayControlUserResponse = 7, + PlugPlayControlGenerateLegacyDevice = 8, + PlugPlayControlGetInterfaceDeviceList = 9, + PlugPlayControlProperty = 10, + PlugPlayControlDeviceClassAssociation = 11, + PlugPlayControlGetRelatedDevice = 12, + PlugPlayControlGetInterfaceDeviceAlias = 13, + PlugPlayControlDeviceStatus = 14, + PlugPlayControlGetDeviceDepth = 15, + PlugPlayControlQueryDeviceRelations = 16, + PlugPlayControlTargetDeviceRelation = 17, + PlugPlayControlQueryConflictList = 18, + PlugPlayControlRetrieveDock = 19, + PlugPlayControlResetDevice = 20, + PlugPlayControlHaltDevice = 21, + PlugPlayControlGetBlockedDriverList = 22, + PlugPlayControlGetDeviceInterfaceEnabled = 23, + MaxPlugPlayControl = 24, +}} +pub type PPLUGPLAY_CONTROL_CLASS = *mut PLUGPLAY_CONTROL_CLASS; +EXTERN!{extern "system" { + fn NtGetPlugPlayEvent( + EventHandle: HANDLE, + Context: PVOID, + EventBlock: PPLUGPLAY_EVENT_BLOCK, + EventBufferSize: ULONG, + ) -> NTSTATUS; + fn NtPlugPlayControl( + PnPControlClass: PLUGPLAY_CONTROL_CLASS, + PnPControlData: PVOID, + PnPControlDataLength: ULONG, + ) -> NTSTATUS; + fn NtSerializeBoot() -> NTSTATUS; + fn NtEnableLastKnownGood() -> NTSTATUS; + fn NtDisableLastKnownGood() -> NTSTATUS; + fn NtReplacePartitionUnit( + TargetInstancePath: PUNICODE_STRING, + SpareInstancePath: PUNICODE_STRING, + Flags: ULONG, + ) -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/ntpoapi.rs b/vendor/ntapi/src/ntpoapi.rs new file mode 100644 index 000000000..ecc68fc85 --- /dev/null +++ b/vendor/ntapi/src/ntpoapi.rs @@ -0,0 +1,134 @@ +use winapi::shared::ntdef::{ + BOOLEAN, HANDLE, LONG, NTSTATUS, PLONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, + USHORT, +}; +use winapi::um::winnt::{ + DEVICE_POWER_STATE, EXECUTION_STATE, LATENCY_TIME, PDEVICE_POWER_STATE, PEXECUTION_STATE, + POWER_ACTION, POWER_INFORMATION_LEVEL, SYSTEM_POWER_STATE, +}; +UNION!{union POWER_STATE { + SystemState: SYSTEM_POWER_STATE, + DeviceState: DEVICE_POWER_STATE, +}} +pub type PPOWER_STATE = *mut POWER_STATE; +ENUM!{enum POWER_STATE_TYPE { + SystemPowerState = 0, + DevicePowerState = 1, +}} +pub type PPOWER_STATE_TYPE = *mut POWER_STATE_TYPE; +STRUCT!{struct SYSTEM_POWER_STATE_CONTEXT { + ContextAsUlong: ULONG, +}} +BITFIELD!{SYSTEM_POWER_STATE_CONTEXT ContextAsUlong: ULONG [ + Reserved1 set_Reserved1[0..8], + TargetSystemState set_TargetSystemState[8..12], + EffectiveSystemState set_EffectiveSystemState[12..16], + CurrentSystemState set_CurrentSystemState[16..20], + IgnoreHibernationPath set_IgnoreHibernationPath[20..21], + PseudoTransition set_PseudoTransition[21..22], + Reserved2 set_Reserved2[22..32], +]} +pub type PSYSTEM_POWER_STATE_CONTEXT = *mut SYSTEM_POWER_STATE_CONTEXT; +STRUCT!{struct COUNTED_REASON_CONTEXT_u_s { + ResourceFileName: UNICODE_STRING, + ResourceReasonId: USHORT, + StringCount: ULONG, + ReasonStrings: PUNICODE_STRING, +}} +UNION!{union COUNTED_REASON_CONTEXT_u { + s: COUNTED_REASON_CONTEXT_u_s, + SimpleString: UNICODE_STRING, +}} +STRUCT!{struct COUNTED_REASON_CONTEXT { + Version: ULONG, + Flags: ULONG, + u: COUNTED_REASON_CONTEXT_u, +}} +pub type PCOUNTED_REASON_CONTEXT = *mut COUNTED_REASON_CONTEXT; +ENUM!{enum POWER_STATE_HANDLER_TYPE { + PowerStateSleeping1 = 0, + PowerStateSleeping2 = 1, + PowerStateSleeping3 = 2, + PowerStateSleeping4 = 3, + PowerStateShutdownOff = 4, + PowerStateShutdownReset = 5, + PowerStateSleeping4Firmware = 6, + PowerStateMaximum = 7, +}} +pub type PPOWER_STATE_HANDLER_TYPE = *mut POWER_STATE_HANDLER_TYPE; +FN!{stdcall PENTER_STATE_SYSTEM_HANDLER( + SystemContext: PVOID, +) -> NTSTATUS} +FN!{stdcall PENTER_STATE_HANDLER( + Context: PVOID, + SystemHandler: PENTER_STATE_SYSTEM_HANDLER, + SystemContext: PVOID, + NumberProcessors: LONG, + Number: PLONG, +) -> NTSTATUS} +STRUCT!{struct POWER_STATE_HANDLER { + Type: POWER_STATE_HANDLER_TYPE, + RtcWake: BOOLEAN, + Spare: [UCHAR; 3], + Handler: PENTER_STATE_HANDLER, + Context: PVOID, +}} +pub type PPOWER_STATE_HANDLER = *mut POWER_STATE_HANDLER; +FN!{stdcall PENTER_STATE_NOTIFY_HANDLER( + State: POWER_STATE_HANDLER_TYPE, + Context: PVOID, + Entering: BOOLEAN, +) -> NTSTATUS} +STRUCT!{struct POWER_STATE_NOTIFY_HANDLER { + Handler: PENTER_STATE_NOTIFY_HANDLER, + Context: PVOID, +}} +pub type PPOWER_STATE_NOTIFY_HANDLER = *mut POWER_STATE_NOTIFY_HANDLER; +STRUCT!{struct PROCESSOR_POWER_INFORMATION { + Number: ULONG, + MaxMhz: ULONG, + CurrentMhz: ULONG, + MhzLimit: ULONG, + MaxIdleState: ULONG, + CurrentIdleState: ULONG, +}} +pub type PPROCESSOR_POWER_INFORMATION = *mut PROCESSOR_POWER_INFORMATION; +STRUCT!{struct SYSTEM_POWER_INFORMATION { + MaxIdlenessAllowed: ULONG, + Idleness: ULONG, + TimeRemaining: ULONG, + CoolingMode: UCHAR, +}} +pub type PSYSTEM_POWER_INFORMATION = *mut SYSTEM_POWER_INFORMATION; +EXTERN!{extern "system" { + fn NtPowerInformation( + InformationLevel: POWER_INFORMATION_LEVEL, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ) -> NTSTATUS; + fn NtSetThreadExecutionState( + NewFlags: EXECUTION_STATE, + PreviousFlags: PEXECUTION_STATE, + ) -> NTSTATUS; + fn NtRequestWakeupLatency( + latency: LATENCY_TIME, + ) -> NTSTATUS; + fn NtInitiatePowerAction( + SystemAction: POWER_ACTION, + LightestSystemState: SYSTEM_POWER_STATE, + Flags: ULONG, + Asynchronous: BOOLEAN, + ) -> NTSTATUS; + fn NtSetSystemPowerState( + SystemAction: POWER_ACTION, + LightestSystemState: SYSTEM_POWER_STATE, + Flags: ULONG, + ) -> NTSTATUS; + fn NtGetDevicePowerState( + Device: HANDLE, + State: PDEVICE_POWER_STATE, + ) -> NTSTATUS; + fn NtIsSystemResumeAutomatic() -> BOOLEAN; +}} diff --git a/vendor/ntapi/src/ntpsapi.rs b/vendor/ntapi/src/ntpsapi.rs new file mode 100644 index 000000000..b2ba28afe --- /dev/null +++ b/vendor/ntapi/src/ntpsapi.rs @@ -0,0 +1,1471 @@ +use crate::ntapi_base::{CLIENT_ID, KPRIORITY, PCLIENT_ID}; +use crate::ntexapi::{PROCESS_DISK_COUNTERS, PROCESS_ENERGY_VALUES}; +use crate::ntpebteb::{PPEB, PTEB}; +use winapi::ctypes::c_void; +use winapi::shared::basetsd::{PSIZE_T, SIZE_T, ULONG64, ULONG_PTR}; +use winapi::shared::ntdef::{ + BOOLEAN, HANDLE, LARGE_INTEGER, LIST_ENTRY, LONG, LONGLONG, NTSTATUS, NT_PRODUCT_TYPE, + PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PROCESSOR_NUMBER, PSINGLE_LIST_ENTRY, PULONG, + PVOID, SINGLE_LIST_ENTRY, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, WCHAR, +}; +use winapi::um::winnt::{ + ACCESS_MASK, CONTEXT, HARDWARE_COUNTER_TYPE, IO_COUNTERS, JOBOBJECTINFOCLASS, + JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, LDT_ENTRY, MAX_HW_COUNTERS, PCONTEXT, PJOB_SET_ARRAY, + PROCESS_MITIGATION_ASLR_POLICY, PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY, + PROCESS_MITIGATION_CHILD_PROCESS_POLICY, PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY, + PROCESS_MITIGATION_DYNAMIC_CODE_POLICY, PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, + PROCESS_MITIGATION_FONT_DISABLE_POLICY, PROCESS_MITIGATION_IMAGE_LOAD_POLICY, + PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY, PROCESS_MITIGATION_POLICY, + PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, + PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY, PSECURITY_QUALITY_OF_SERVICE, +}; +#[cfg(all(feature = "beta", not(target_arch = "aarch64")))] +use crate::winapi_local::um::winnt::NtCurrentTeb; +pub const GDI_HANDLE_BUFFER_SIZE32: usize = 34; +pub const GDI_HANDLE_BUFFER_SIZE64: usize = 60; +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +pub const GDI_HANDLE_BUFFER_SIZE: usize = GDI_HANDLE_BUFFER_SIZE64; +#[cfg(target_arch = "x86")] +pub const GDI_HANDLE_BUFFER_SIZE: usize = GDI_HANDLE_BUFFER_SIZE32; +pub type GDI_HANDLE_BUFFER = [ULONG; GDI_HANDLE_BUFFER_SIZE]; +pub type GDI_HANDLE_BUFFER32 = [ULONG; GDI_HANDLE_BUFFER_SIZE32]; +pub type GDI_HANDLE_BUFFER64 = [ULONG; GDI_HANDLE_BUFFER_SIZE]; +pub const TLS_EXPANSION_SLOTS: usize = 1024; +STRUCT!{struct PEB_LDR_DATA { + Length: ULONG, + Initialized: BOOLEAN, + SsHandle: HANDLE, + InLoadOrderModuleList: LIST_ENTRY, + InMemoryOrderModuleList: LIST_ENTRY, + InInitializationOrderModuleList: LIST_ENTRY, + EntryInProgress: PVOID, + ShutdownInProgress: BOOLEAN, + ShutdownThreadId: HANDLE, +}} +pub type PPEB_LDR_DATA = *mut PEB_LDR_DATA; +STRUCT!{struct INITIAL_TEB_OldInitialTeb { + OldStackBase: PVOID, + OldStackLimit: PVOID, +}} +STRUCT!{struct INITIAL_TEB { + OldInitialTeb: INITIAL_TEB_OldInitialTeb, + StackBase: PVOID, + StackLimit: PVOID, + StackAllocationBase: PVOID, +}} +pub type PINITIAL_TEB = *mut INITIAL_TEB; +STRUCT!{struct WOW64_PROCESS { + Wow64: PVOID, +}} +pub type PWOW64_PROCESS = *mut WOW64_PROCESS; +ENUM!{enum PROCESSINFOCLASS { + ProcessBasicInformation = 0, + ProcessQuotaLimits = 1, + ProcessIoCounters = 2, + ProcessVmCounters = 3, + ProcessTimes = 4, + ProcessBasePriority = 5, + ProcessRaisePriority = 6, + ProcessDebugPort = 7, + ProcessExceptionPort = 8, + ProcessAccessToken = 9, + ProcessLdtInformation = 10, + ProcessLdtSize = 11, + ProcessDefaultHardErrorMode = 12, + ProcessIoPortHandlers = 13, + ProcessPooledUsageAndLimits = 14, + ProcessWorkingSetWatch = 15, + ProcessUserModeIOPL = 16, + ProcessEnableAlignmentFaultFixup = 17, + ProcessPriorityClass = 18, + ProcessWx86Information = 19, + ProcessHandleCount = 20, + ProcessAffinityMask = 21, + ProcessPriorityBoost = 22, + ProcessDeviceMap = 23, + ProcessSessionInformation = 24, + ProcessForegroundInformation = 25, + ProcessWow64Information = 26, + ProcessImageFileName = 27, + ProcessLUIDDeviceMapsEnabled = 28, + ProcessBreakOnTermination = 29, + ProcessDebugObjectHandle = 30, + ProcessDebugFlags = 31, + ProcessHandleTracing = 32, + ProcessIoPriority = 33, + ProcessExecuteFlags = 34, + ProcessResourceManagement = 35, + ProcessCookie = 36, + ProcessImageInformation = 37, + ProcessCycleTime = 38, + ProcessPagePriority = 39, + ProcessInstrumentationCallback = 40, + ProcessThreadStackAllocation = 41, + ProcessWorkingSetWatchEx = 42, + ProcessImageFileNameWin32 = 43, + ProcessImageFileMapping = 44, + ProcessAffinityUpdateMode = 45, + ProcessMemoryAllocationMode = 46, + ProcessGroupInformation = 47, + ProcessTokenVirtualizationEnabled = 48, + ProcessConsoleHostProcess = 49, + ProcessWindowInformation = 50, + ProcessHandleInformation = 51, + ProcessMitigationPolicy = 52, + ProcessDynamicFunctionTableInformation = 53, + ProcessHandleCheckingMode = 54, + ProcessKeepAliveCount = 55, + ProcessRevokeFileHandles = 56, + ProcessWorkingSetControl = 57, + ProcessHandleTable = 58, + ProcessCheckStackExtentsMode = 59, + ProcessCommandLineInformation = 60, + ProcessProtectionInformation = 61, + ProcessMemoryExhaustion = 62, + ProcessFaultInformation = 63, + ProcessTelemetryIdInformation = 64, + ProcessCommitReleaseInformation = 65, + ProcessDefaultCpuSetsInformation = 66, + ProcessAllowedCpuSetsInformation = 67, + ProcessSubsystemProcess = 68, + ProcessJobMemoryInformation = 69, + ProcessInPrivate = 70, + ProcessRaiseUMExceptionOnInvalidHandleClose = 71, + ProcessIumChallengeResponse = 72, + ProcessChildProcessInformation = 73, + ProcessHighGraphicsPriorityInformation = 74, + ProcessSubsystemInformation = 75, + ProcessEnergyValues = 76, + ProcessActivityThrottleState = 77, + ProcessActivityThrottlePolicy = 78, + ProcessWin32kSyscallFilterInformation = 79, + ProcessDisableSystemAllowedCpuSets = 80, + ProcessWakeInformation = 81, + ProcessEnergyTrackingState = 82, + ProcessManageWritesToExecutableMemory = 83, + ProcessCaptureTrustletLiveDump = 84, + ProcessTelemetryCoverage = 85, + ProcessEnclaveInformation = 86, + ProcessEnableReadWriteVmLogging = 87, + ProcessUptimeInformation = 88, + ProcessImageSection = 89, + ProcessDebugAuthInformation = 90, + ProcessSystemResourceManagement = 91, + ProcessSequenceNumber = 92, + ProcessLoaderDetour = 93, + ProcessSecurityDomainInformation = 94, + ProcessCombineSecurityDomainsInformation = 95, + ProcessEnableLogging = 96, + ProcessLeapSecondInformation = 97, + MaxProcessInfoClass = 98, +}} +ENUM!{enum THREADINFOCLASS { + ThreadBasicInformation = 0, + ThreadTimes = 1, + ThreadPriority = 2, + ThreadBasePriority = 3, + ThreadAffinityMask = 4, + ThreadImpersonationToken = 5, + ThreadDescriptorTableEntry = 6, + ThreadEnableAlignmentFaultFixup = 7, + ThreadEventPair = 8, + ThreadQuerySetWin32StartAddress = 9, + ThreadZeroTlsCell = 10, + ThreadPerformanceCount = 11, + ThreadAmILastThread = 12, + ThreadIdealProcessor = 13, + ThreadPriorityBoost = 14, + ThreadSetTlsArrayAddress = 15, + ThreadIsIoPending = 16, + ThreadHideFromDebugger = 17, + ThreadBreakOnTermination = 18, + ThreadSwitchLegacyState = 19, + ThreadIsTerminated = 20, + ThreadLastSystemCall = 21, + ThreadIoPriority = 22, + ThreadCycleTime = 23, + ThreadPagePriority = 24, + ThreadActualBasePriority = 25, + ThreadTebInformation = 26, + ThreadCSwitchMon = 27, + ThreadCSwitchPmu = 28, + ThreadWow64Context = 29, + ThreadGroupInformation = 30, + ThreadUmsInformation = 31, + ThreadCounterProfiling = 32, + ThreadIdealProcessorEx = 33, + ThreadCpuAccountingInformation = 34, + ThreadSuspendCount = 35, + ThreadHeterogeneousCpuPolicy = 36, + ThreadContainerId = 37, + ThreadNameInformation = 38, + ThreadSelectedCpuSets = 39, + ThreadSystemThreadInformation = 40, + ThreadActualGroupAffinity = 41, + ThreadDynamicCodePolicyInfo = 42, + ThreadExplicitCaseSensitivity = 43, + ThreadWorkOnBehalfTicket = 44, + ThreadSubsystemInformation = 45, + ThreadDbgkWerReportActive = 46, + ThreadAttachContainer = 47, + ThreadManageWritesToExecutableMemory = 48, + ThreadPowerThrottlingState = 49, + ThreadWorkloadClass = 50, + MaxThreadInfoClass = 51, +}} +STRUCT!{struct PAGE_PRIORITY_INFORMATION { + PagePriority: ULONG, +}} +pub type PPAGE_PRIORITY_INFORMATION = *mut PAGE_PRIORITY_INFORMATION; +STRUCT!{struct PROCESS_BASIC_INFORMATION { + ExitStatus: NTSTATUS, + PebBaseAddress: PPEB, + AffinityMask: ULONG_PTR, + BasePriority: KPRIORITY, + UniqueProcessId: HANDLE, + InheritedFromUniqueProcessId: HANDLE, +}} +pub type PPROCESS_BASIC_INFORMATION = *mut PROCESS_BASIC_INFORMATION; +STRUCT!{struct PROCESS_EXTENDED_BASIC_INFORMATION { + Size: SIZE_T, + BasicInfo: PROCESS_BASIC_INFORMATION, + Flags: ULONG, +}} +BITFIELD!{PROCESS_EXTENDED_BASIC_INFORMATION Flags: ULONG [ + IsProtectedProcess set_IsProtectedProcess[0..1], + IsWow64Process set_IsWow64Process[1..2], + IsProcessDeleting set_IsProcessDeleting[2..3], + IsCrossSessionCreate set_IsCrossSessionCreate[3..4], + IsFrozen set_IsFrozen[4..5], + IsBackground set_IsBackground[5..6], + IsStronglyNamed set_IsStronglyNamed[6..7], + IsSecureProcess set_IsSecureProcess[7..8], + IsSubsystemProcess set_IsSubsystemProcess[8..9], + SpareBits set_SpareBits[9..32], +]} +pub type PPROCESS_EXTENDED_BASIC_INFORMATION = *mut PROCESS_EXTENDED_BASIC_INFORMATION; +STRUCT!{struct VM_COUNTERS { + PeakVirtualSize: SIZE_T, + VirtualSize: SIZE_T, + PageFaultCount: ULONG, + PeakWorkingSetSize: SIZE_T, + WorkingSetSize: SIZE_T, + QuotaPeakPagedPoolUsage: SIZE_T, + QuotaPagedPoolUsage: SIZE_T, + QuotaPeakNonPagedPoolUsage: SIZE_T, + QuotaNonPagedPoolUsage: SIZE_T, + PagefileUsage: SIZE_T, + PeakPagefileUsage: SIZE_T, +}} +pub type PVM_COUNTERS = *mut VM_COUNTERS; +STRUCT!{struct VM_COUNTERS_EX { + PeakVirtualSize: SIZE_T, + VirtualSize: SIZE_T, + PageFaultCount: ULONG, + PeakWorkingSetSize: SIZE_T, + WorkingSetSize: SIZE_T, + QuotaPeakPagedPoolUsage: SIZE_T, + QuotaPagedPoolUsage: SIZE_T, + QuotaPeakNonPagedPoolUsage: SIZE_T, + QuotaNonPagedPoolUsage: SIZE_T, + PagefileUsage: SIZE_T, + PeakPagefileUsage: SIZE_T, + PrivateUsage: SIZE_T, +}} +pub type PVM_COUNTERS_EX = *mut VM_COUNTERS_EX; +STRUCT!{struct VM_COUNTERS_EX2 { + CountersEx: VM_COUNTERS_EX, + PrivateWorkingSetSize: SIZE_T, + SharedCommitUsage: SIZE_T, +}} +pub type PVM_COUNTERS_EX2 = *mut VM_COUNTERS_EX2; +STRUCT!{struct KERNEL_USER_TIMES { + CreateTime: LARGE_INTEGER, + ExitTime: LARGE_INTEGER, + KernelTime: LARGE_INTEGER, + UserTime: LARGE_INTEGER, +}} +pub type PKERNEL_USER_TIMES = *mut KERNEL_USER_TIMES; +STRUCT!{struct POOLED_USAGE_AND_LIMITS { + PeakPagedPoolUsage: SIZE_T, + PagedPoolUsage: SIZE_T, + PagedPoolLimit: SIZE_T, + PeakNonPagedPoolUsage: SIZE_T, + NonPagedPoolUsage: SIZE_T, + NonPagedPoolLimit: SIZE_T, + PeakPagefileUsage: SIZE_T, + PagefileUsage: SIZE_T, + PagefileLimit: SIZE_T, +}} +pub type PPOOLED_USAGE_AND_LIMITS = *mut POOLED_USAGE_AND_LIMITS; +pub const PROCESS_EXCEPTION_PORT_ALL_STATE_BITS: ULONG_PTR = 0x00000003; +pub const PROCESS_EXCEPTION_PORT_ALL_STATE_FLAGS: ULONG_PTR = + (1 << PROCESS_EXCEPTION_PORT_ALL_STATE_BITS) - 1; +STRUCT!{struct PROCESS_EXCEPTION_PORT { + ExceptionPortHandle: HANDLE, + StateFlags: ULONG, +}} +pub type PPROCESS_EXCEPTION_PORT = *mut PROCESS_EXCEPTION_PORT; +STRUCT!{struct PROCESS_ACCESS_TOKEN { + Token: HANDLE, + Thread: HANDLE, +}} +pub type PPROCESS_ACCESS_TOKEN = *mut PROCESS_ACCESS_TOKEN; +STRUCT!{struct PROCESS_LDT_INFORMATION { + Start: ULONG, + Length: ULONG, + LdtEntries: [LDT_ENTRY; 1], +}} +pub type PPROCESS_LDT_INFORMATION = *mut PROCESS_LDT_INFORMATION; +STRUCT!{struct PROCESS_LDT_SIZE { + Length: ULONG, +}} +pub type PPROCESS_LDT_SIZE = *mut PROCESS_LDT_SIZE; +STRUCT!{struct PROCESS_WS_WATCH_INFORMATION { + FaultingPc: PVOID, + FaultingVa: PVOID, +}} +pub type PPROCESS_WS_WATCH_INFORMATION = *mut PROCESS_WS_WATCH_INFORMATION; +STRUCT!{struct PROCESS_WS_WATCH_INFORMATION_EX { + BasicInfo: PROCESS_WS_WATCH_INFORMATION, + FaultingThreadId: ULONG_PTR, + Flags: ULONG_PTR, +}} +pub type PPROCESS_WS_WATCH_INFORMATION_EX = *mut PROCESS_WS_WATCH_INFORMATION_EX; +pub const PROCESS_PRIORITY_CLASS_UNKNOWN: u32 = 0; +pub const PROCESS_PRIORITY_CLASS_IDLE: u32 = 1; +pub const PROCESS_PRIORITY_CLASS_NORMAL: u32 = 2; +pub const PROCESS_PRIORITY_CLASS_HIGH: u32 = 3; +pub const PROCESS_PRIORITY_CLASS_REALTIME: u32 = 4; +pub const PROCESS_PRIORITY_CLASS_BELOW_NORMAL: u32 = 5; +pub const PROCESS_PRIORITY_CLASS_ABOVE_NORMAL: u32 = 6; +STRUCT!{struct PROCESS_PRIORITY_CLASS { + Foreground: BOOLEAN, + PriorityClass: UCHAR, +}} +pub type PPROCESS_PRIORITY_CLASS = *mut PROCESS_PRIORITY_CLASS; +STRUCT!{struct PROCESS_FOREGROUND_BACKGROUND { + Foreground: BOOLEAN, +}} +pub type PPROCESS_FOREGROUND_BACKGROUND = *mut PROCESS_FOREGROUND_BACKGROUND; +STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_Set { + DirectoryHandle: HANDLE, +}} +STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_Query { + DriveMap: ULONG, + DriveType: [UCHAR; 32], +}} +UNION!{union PROCESS_DEVICEMAP_INFORMATION { + Set: PROCESS_DEVICEMAP_INFORMATION_Set, + Query: PROCESS_DEVICEMAP_INFORMATION_Query, +}} +pub type PPROCESS_DEVICEMAP_INFORMATION = *mut PROCESS_DEVICEMAP_INFORMATION; +pub const PROCESS_LUID_DOSDEVICES_ONLY: ULONG = 0x00000001; +STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX_u_Set { + DirectoryHandle: HANDLE, +}} +STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX_u_Query { + DriveMap: ULONG, + DriveType: [UCHAR; 32], +}} +UNION!{union PROCESS_DEVICEMAP_INFORMATION_EX_u { + Set: PROCESS_DEVICEMAP_INFORMATION_EX_u_Set, + Query: PROCESS_DEVICEMAP_INFORMATION_EX_u_Query, +}} +STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX { + u: PROCESS_DEVICEMAP_INFORMATION_EX_u, + Flags: ULONG, +}} +pub type PPROCESS_DEVICEMAP_INFORMATION_EX = *mut PROCESS_DEVICEMAP_INFORMATION_EX; +STRUCT!{struct PROCESS_SESSION_INFORMATION { + SessionId: ULONG, +}} +pub type PPROCESS_SESSION_INFORMATION = *mut PROCESS_SESSION_INFORMATION; +pub const PROCESS_HANDLE_EXCEPTIONS_ENABLED: ULONG = 0x00000001; +pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_DISABLED: ULONG = 0x00000000; +pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_ENABLED: ULONG = 0x00000001; +STRUCT!{struct PROCESS_HANDLE_TRACING_ENABLE { + Flags: ULONG, +}} +pub type PPROCESS_HANDLE_TRACING_ENABLE = *mut PROCESS_HANDLE_TRACING_ENABLE; +pub const PROCESS_HANDLE_TRACING_MAX_SLOTS: ULONG = 0x20000; +STRUCT!{struct PROCESS_HANDLE_TRACING_ENABLE_EX { + Flags: ULONG, + TotalSlots: ULONG, +}} +pub type PPROCESS_HANDLE_TRACING_ENABLE_EX = *mut PROCESS_HANDLE_TRACING_ENABLE_EX; +pub const PROCESS_HANDLE_TRACING_MAX_STACKS: usize = 16; +pub const PROCESS_HANDLE_TRACE_TYPE_OPEN: ULONG = 1; +pub const PROCESS_HANDLE_TRACE_TYPE_CLOSE: ULONG = 2; +pub const PROCESS_HANDLE_TRACE_TYPE_BADREF: ULONG = 3; +STRUCT!{struct PROCESS_HANDLE_TRACING_ENTRY { + Handle: HANDLE, + ClientId: CLIENT_ID, + Type: ULONG, + Stacks: [PVOID; PROCESS_HANDLE_TRACING_MAX_STACKS], +}} +pub type PPROCESS_HANDLE_TRACING_ENTRY = *mut PROCESS_HANDLE_TRACING_ENTRY; +STRUCT!{struct PROCESS_HANDLE_TRACING_QUERY { + Handle: HANDLE, + TotalTraces: ULONG, + HandleTrace: [PROCESS_HANDLE_TRACING_ENTRY; 1], +}} +pub type PPROCESS_HANDLE_TRACING_QUERY = *mut PROCESS_HANDLE_TRACING_QUERY; +STRUCT!{struct THREAD_TLS_INFORMATION { + Flags: ULONG, + NewTlsData: PVOID, + OldTlsData: PVOID, + ThreadId: HANDLE, +}} +pub type PTHREAD_TLS_INFORMATION = *mut THREAD_TLS_INFORMATION; +ENUM!{enum PROCESS_TLS_INFORMATION_TYPE { + ProcessTlsReplaceIndex = 0, + ProcessTlsReplaceVector = 1, + MaxProcessTlsOperation = 2, +}} +pub type PPROCESS_TLS_INFORMATION_TYPE = *mut PROCESS_TLS_INFORMATION_TYPE; +STRUCT!{struct PROCESS_TLS_INFORMATION { + Flags: ULONG, + OperationType: ULONG, + ThreadDataCount: ULONG, + TlsIndex: ULONG, + PreviousCount: ULONG, + ThreadData: [THREAD_TLS_INFORMATION; 1], +}} +pub type PPROCESS_TLS_INFORMATION = *mut PROCESS_TLS_INFORMATION; +STRUCT!{struct PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION { + Version: ULONG, + Reserved: ULONG, + Callback: PVOID, +}} +pub type PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION = + *mut PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION; +STRUCT!{struct PROCESS_STACK_ALLOCATION_INFORMATION { + ReserveSize: SIZE_T, + ZeroBits: SIZE_T, + StackBase: PVOID, +}} +pub type PPROCESS_STACK_ALLOCATION_INFORMATION = *mut PROCESS_STACK_ALLOCATION_INFORMATION; +STRUCT!{struct PROCESS_STACK_ALLOCATION_INFORMATION_EX { + PreferredNode: ULONG, + Reserved0: ULONG, + Reserved1: ULONG, + Reserved2: ULONG, + AllocInfo: PROCESS_STACK_ALLOCATION_INFORMATION, +}} +pub type PPROCESS_STACK_ALLOCATION_INFORMATION_EX = *mut PROCESS_STACK_ALLOCATION_INFORMATION_EX; +STRUCT!{struct PROCESS_AFFINITY_UPDATE_MODE { + Flags: ULONG, +}} +BITFIELD!{PROCESS_AFFINITY_UPDATE_MODE Flags: ULONG [ + EnableAutoUpdate set_EnableAutoUpdate[0..1], + Permanent set_Permanent[1..2], + Reserved set_Reserved[2..32], +]} +pub type PPROCESS_AFFINITY_UPDATE_MODE = *mut PROCESS_AFFINITY_UPDATE_MODE; +STRUCT!{struct PROCESS_MEMORY_ALLOCATION_MODE { + Flags: ULONG, +}} +BITFIELD!{PROCESS_MEMORY_ALLOCATION_MODE Flags: ULONG [ + TopDown set_TopDown[0..1], + Reserved set_Reserved[1..32], +]} +pub type PPROCESS_MEMORY_ALLOCATION_MODE = *mut PROCESS_MEMORY_ALLOCATION_MODE; +STRUCT!{struct PROCESS_HANDLE_INFORMATION { + HandleCount: ULONG, + HandleCountHighWatermark: ULONG, +}} +pub type PPROCESS_HANDLE_INFORMATION = *mut PROCESS_HANDLE_INFORMATION; +STRUCT!{struct PROCESS_CYCLE_TIME_INFORMATION { + AccumulatedCycles: ULONGLONG, + CurrentCycleCount: ULONGLONG, +}} +pub type PPROCESS_CYCLE_TIME_INFORMATION = *mut PROCESS_CYCLE_TIME_INFORMATION; +STRUCT!{struct PROCESS_WINDOW_INFORMATION { + WindowFlags: ULONG, + WindowTitleLength: USHORT, + WindowTitle: [WCHAR; 1], +}} +pub type PPROCESS_WINDOW_INFORMATION = *mut PROCESS_WINDOW_INFORMATION; +STRUCT!{struct PROCESS_HANDLE_TABLE_ENTRY_INFO { + HandleValue: HANDLE, + HandleCount: ULONG_PTR, + PointerCount: ULONG_PTR, + GrantedAccess: ULONG, + ObjectTypeIndex: ULONG, + HandleAttributes: ULONG, + Reserved: ULONG, +}} +pub type PPROCESS_HANDLE_TABLE_ENTRY_INFO = *mut PROCESS_HANDLE_TABLE_ENTRY_INFO; +STRUCT!{struct PROCESS_HANDLE_SNAPSHOT_INFORMATION { + NumberOfHandles: ULONG_PTR, + Reserved: ULONG_PTR, + Handles: [PROCESS_HANDLE_TABLE_ENTRY_INFO; 1], +}} +pub type PPROCESS_HANDLE_SNAPSHOT_INFORMATION = *mut PROCESS_HANDLE_SNAPSHOT_INFORMATION; +UNION!{union PROCESS_MITIGATION_POLICY_INFORMATION_u { + ASLRPolicy: PROCESS_MITIGATION_ASLR_POLICY, + StrictHandleCheckPolicy: PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, + SystemCallDisablePolicy: PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, + ExtensionPointDisablePolicy: PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, + DynamicCodePolicy: PROCESS_MITIGATION_DYNAMIC_CODE_POLICY, + ControlFlowGuardPolicy: PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY, + SignaturePolicy: PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY, + FontDisablePolicy: PROCESS_MITIGATION_FONT_DISABLE_POLICY, + ImageLoadPolicy: PROCESS_MITIGATION_IMAGE_LOAD_POLICY, + SystemCallFilterPolicy: PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY, + PayloadRestrictionPolicy: PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY, + ChildProcessPolicy: PROCESS_MITIGATION_CHILD_PROCESS_POLICY, + // SideChannelIsolationPolicy: PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY, //TODO +}} +STRUCT!{struct PROCESS_MITIGATION_POLICY_INFORMATION { + Policy: PROCESS_MITIGATION_POLICY, + u: PROCESS_MITIGATION_POLICY_INFORMATION_u, +}} +pub type PPROCESS_MITIGATION_POLICY_INFORMATION = *mut PROCESS_MITIGATION_POLICY_INFORMATION; +STRUCT!{struct PROCESS_KEEPALIVE_COUNT_INFORMATION { + WakeCount: ULONG, + NoWakeCount: ULONG, +}} +pub type PPROCESS_KEEPALIVE_COUNT_INFORMATION = *mut PROCESS_KEEPALIVE_COUNT_INFORMATION; +STRUCT!{struct PROCESS_REVOKE_FILE_HANDLES_INFORMATION { + TargetDevicePath: UNICODE_STRING, +}} +pub type PPROCESS_REVOKE_FILE_HANDLES_INFORMATION = *mut PROCESS_REVOKE_FILE_HANDLES_INFORMATION; +ENUM!{enum PROCESS_WORKING_SET_OPERATION { + ProcessWorkingSetSwap = 0, + ProcessWorkingSetEmpty = 1, + ProcessWorkingSetOperationMax = 2, +}} +STRUCT!{struct PROCESS_WORKING_SET_CONTROL { + Version: ULONG, + Operation: PROCESS_WORKING_SET_OPERATION, + Flags: ULONG, +}} +pub type PPROCESS_WORKING_SET_CONTROL = *mut PROCESS_WORKING_SET_CONTROL; +ENUM!{enum PS_PROTECTED_TYPE { + PsProtectedTypeNone = 0, + PsProtectedTypeProtectedLight = 1, + PsProtectedTypeProtected = 2, + PsProtectedTypeMax = 3, +}} +ENUM!{enum PS_PROTECTED_SIGNER { + PsProtectedSignerNone = 0, + PsProtectedSignerAuthenticode = 1, + PsProtectedSignerCodeGen = 2, + PsProtectedSignerAntimalware = 3, + PsProtectedSignerLsa = 4, + PsProtectedSignerWindows = 5, + PsProtectedSignerWinTcb = 6, + PsProtectedSignerWinSystem = 7, + PsProtectedSignerApp = 8, + PsProtectedSignerMax = 9, +}} +pub const PS_PROTECTED_SIGNER_MASK: UCHAR = 0xFF; +pub const PS_PROTECTED_AUDIT_MASK: UCHAR = 0x08; +pub const PS_PROTECTED_TYPE_MASK: UCHAR = 0x07; +#[inline] +pub const fn PsProtectedValue( + aSigner: PS_PROTECTED_SIGNER, + aAudit: u8, + aType: PS_PROTECTED_TYPE, +) -> UCHAR { + (aSigner as u8 & PS_PROTECTED_SIGNER_MASK) << 4 | (aAudit & PS_PROTECTED_AUDIT_MASK) << 3 + | (aType as u8 & PS_PROTECTED_TYPE_MASK) +} +#[inline] +pub fn InitializePsProtection( + aProtectionLevelPtr: &mut PS_PROTECTION, + aSigner: PS_PROTECTED_SIGNER, + aAudit: u8, + aType: PS_PROTECTED_TYPE, +) { + aProtectionLevelPtr.set_Signer(aSigner as u8); + aProtectionLevelPtr.set_Audit(aAudit); + aProtectionLevelPtr.set_Type(aType as u8); +} +STRUCT!{struct PS_PROTECTION { + Level: UCHAR, +}} +pub type PPS_PROTECTION = *mut PS_PROTECTION; +BITFIELD!{PS_PROTECTION Level: UCHAR [ + Type set_Type[0..3], + Audit set_Audit[3..4], + Signer set_Signer[4..8], +]} +STRUCT!{struct PROCESS_FAULT_INFORMATION { + FaultFlags: ULONG, + AdditionalInfo: ULONG, +}} +pub type PPROCESS_FAULT_INFORMATION = *mut PROCESS_FAULT_INFORMATION; +STRUCT!{struct PROCESS_TELEMETRY_ID_INFORMATION { + HeaderSize: ULONG, + ProcessId: ULONG, + ProcessStartKey: ULONGLONG, + CreateTime: ULONGLONG, + CreateInterruptTime: ULONGLONG, + CreateUnbiasedInterruptTime: ULONGLONG, + ProcessSequenceNumber: ULONGLONG, + SessionCreateTime: ULONGLONG, + SessionId: ULONG, + BootId: ULONG, + ImageChecksum: ULONG, + ImageTimeDateStamp: ULONG, + UserSidOffset: ULONG, + ImagePathOffset: ULONG, + PackageNameOffset: ULONG, + RelativeAppNameOffset: ULONG, + CommandLineOffset: ULONG, +}} +pub type PPROCESS_TELEMETRY_ID_INFORMATION = *mut PROCESS_TELEMETRY_ID_INFORMATION; +STRUCT!{struct PROCESS_COMMIT_RELEASE_INFORMATION { + Version: ULONG, + s: ULONG, + CommitDebt: SIZE_T, + CommittedMemResetSize: SIZE_T, + RepurposedMemResetSize: SIZE_T, +}} +BITFIELD!{PROCESS_COMMIT_RELEASE_INFORMATION s: ULONG [ + Eligible set_Eligible[0..1], + ReleaseRepurposedMemResetCommit set_ReleaseRepurposedMemResetCommit[1..2], + ForceReleaseMemResetCommit set_ForceReleaseMemResetCommit[2..3], + Spare set_Spare[3..32], +]} +pub type PPROCESS_COMMIT_RELEASE_INFORMATION = *mut PROCESS_COMMIT_RELEASE_INFORMATION; +STRUCT!{struct PROCESS_JOB_MEMORY_INFO { + SharedCommitUsage: ULONGLONG, + PrivateCommitUsage: ULONGLONG, + PeakPrivateCommitUsage: ULONGLONG, + PrivateCommitLimit: ULONGLONG, + TotalCommitLimit: ULONGLONG, +}} +pub type PPROCESS_JOB_MEMORY_INFO = *mut PROCESS_JOB_MEMORY_INFO; +STRUCT!{struct PROCESS_CHILD_PROCESS_INFORMATION { + ProhibitChildProcesses: BOOLEAN, + AlwaysAllowSecureChildProcess: BOOLEAN, + AuditProhibitChildProcesses: BOOLEAN, +}} +pub type PPROCESS_CHILD_PROCESS_INFORMATION = *mut PROCESS_CHILD_PROCESS_INFORMATION; +STRUCT!{struct PROCESS_WAKE_INFORMATION { + NotificationChannel: ULONGLONG, + WakeCounters: [ULONG; 7], + WakeFilter: *mut JOBOBJECT_WAKE_FILTER, +}} +pub type PPROCESS_WAKE_INFORMATION = *mut PROCESS_WAKE_INFORMATION; +STRUCT!{struct PROCESS_ENERGY_TRACKING_STATE { + StateUpdateMask: ULONG, + StateDesiredValue: ULONG, + StateSequence: ULONG, + UpdateTag: ULONG, + Tag: [WCHAR; 64], +}} +pub type PPROCESS_ENERGY_TRACKING_STATE = *mut PROCESS_ENERGY_TRACKING_STATE; +BITFIELD!{PROCESS_ENERGY_TRACKING_STATE UpdateTag: ULONG [ + UpdateTag set_UpdateTag[0..1], +]} +STRUCT!{struct MANAGE_WRITES_TO_EXECUTABLE_MEMORY { + BitFields: ULONG, +}} +BITFIELD!{MANAGE_WRITES_TO_EXECUTABLE_MEMORY BitFields: ULONG [ + Machine set_Machine[0..16], + KernelMode set_KernelMode[16..17], + UserMode set_UserMode[17..18], + Native set_Native[18..19], + Process set_Process[19..20], + ReservedZero0 set_ReservedZero0[20..32], +]} +pub type PMANAGE_WRITES_TO_EXECUTABLE_MEMORY = *mut MANAGE_WRITES_TO_EXECUTABLE_MEMORY; +pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM: UCHAR = 1; +pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM: UCHAR = 2; +pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM_V: UCHAR = 1; +pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM_V: UCHAR = 2; +STRUCT!{struct PROCESS_READWRITEVM_LOGGING_INFORMATION { + Flags: UCHAR, +}} +BITFIELD!{PROCESS_READWRITEVM_LOGGING_INFORMATION Flags: UCHAR [ + EnableReadVmLogging set_EnableReadVmLogging[0..1], + EnableWriteVmLogging set_EnableWriteVmLogging[1..2], + Unused set_Unused[2..8], +]} +UNION!{union PROCESS_UPTIME_INFORMATION_u { + HangCount: ULONG, + GhostCount: ULONG, + Crashed: ULONG, + Terminated: ULONG, +}} +pub type PPROCESS_READWRITEVM_LOGGING_INFORMATION = *mut PROCESS_READWRITEVM_LOGGING_INFORMATION; +STRUCT!{struct PROCESS_UPTIME_INFORMATION { + QueryInterruptTime: ULONGLONG, + QueryUnbiasedTime: ULONGLONG, + EndInterruptTime: ULONGLONG, + TimeSinceCreation: ULONGLONG, + Uptime: ULONGLONG, + SuspendedTime: ULONGLONG, + u: PROCESS_UPTIME_INFORMATION_u, +}} +pub type PPROCESS_UPTIME_INFORMATION = *mut PROCESS_UPTIME_INFORMATION; +STRUCT!{struct PROCESS_SYSTEM_RESOURCE_MANAGEMENT { + Flags: ULONG, +}} +pub type PPROCESS_SYSTEM_RESOURCE_MANAGEMENT = *mut PROCESS_SYSTEM_RESOURCE_MANAGEMENT; +BITFIELD!{PROCESS_SYSTEM_RESOURCE_MANAGEMENT Flags: ULONG [ + Foreground set_Foreground[0..1], + Reserved set_Reserved[1..32], +]} +STRUCT!{struct PROCESS_SECURITY_DOMAIN_INFORMATION { + SecurityDomain: ULONGLONG, +}} +pub type PPROCESS_SECURITY_DOMAIN_INFORMATION = *mut PROCESS_SECURITY_DOMAIN_INFORMATION; +STRUCT!{struct PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION { + ProcessHandle: HANDLE, +}} +pub type PPROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION = + *mut PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION; +STRUCT!{struct PROCESS_LOGGING_INFORMATION { + Flags: ULONG, + BitFields: ULONG, +}} +BITFIELD!{PROCESS_LOGGING_INFORMATION BitFields: ULONG [ + EnableReadVmLogging set_EnableReadVmLogging[0..1], + EnableWriteVmLogging set_EnableWriteVmLogging[1..2], + EnableProcessSuspendResumeLogging set_EnableProcessSuspendResumeLogging[2..3], + EnableThreadSuspendResumeLogging set_EnableThreadSuspendResumeLogging[3..4], + Reserved set_Reserved[4..32], +]} +pub type PPROCESS_LOGGING_INFORMATION = *mut PROCESS_LOGGING_INFORMATION; +STRUCT!{struct PROCESS_LEAP_SECOND_INFORMATION { + Flags: ULONG, + Reserved: ULONG, +}} +pub type PPROCESS_LEAP_SECOND_INFORMATION = *mut PROCESS_LEAP_SECOND_INFORMATION; +STRUCT!{struct THREAD_BASIC_INFORMATION { + ExitStatus: NTSTATUS, + TebBaseAddress: PTEB, + ClientId: CLIENT_ID, + AffinityMask: ULONG_PTR, + Priority: KPRIORITY, + BasePriority: LONG, +}} +pub type PTHREAD_BASIC_INFORMATION = *mut THREAD_BASIC_INFORMATION; +STRUCT!{struct THREAD_LAST_SYSCALL_INFORMATION { + FirstArgument: PVOID, + SystemCallNumber: USHORT, + Pad: [USHORT; 1], + WaitTime: ULONG64, +}} +pub type PTHREAD_LAST_SYSCALL_INFORMATION = *mut THREAD_LAST_SYSCALL_INFORMATION; +STRUCT!{struct THREAD_CYCLE_TIME_INFORMATION { + AccumulatedCycles: ULONGLONG, + CurrentCycleCount: ULONGLONG, +}} +pub type PTHREAD_CYCLE_TIME_INFORMATION = *mut THREAD_CYCLE_TIME_INFORMATION; +STRUCT!{struct THREAD_TEB_INFORMATION { + TebInformation: PVOID, + TebOffset: ULONG, + BytesToRead: ULONG, +}} +pub type PTHREAD_TEB_INFORMATION = *mut THREAD_TEB_INFORMATION; +STRUCT!{struct COUNTER_READING { + Type: HARDWARE_COUNTER_TYPE, + Index: ULONG, + Start: ULONG64, + Total: ULONG64, +}} +pub type PCOUNTER_READING = *mut COUNTER_READING; +STRUCT!{struct THREAD_PERFORMANCE_DATA { + Size: USHORT, + Version: USHORT, + ProcessorNumber: PROCESSOR_NUMBER, + ContextSwitches: ULONG, + HwCountersCount: ULONG, + UpdateCount: ULONG64, + WaitReasonBitMap: ULONG64, + HardwareCounters: ULONG64, + CycleTime: COUNTER_READING, + HwCounters: [COUNTER_READING; MAX_HW_COUNTERS], +}} +pub type PTHREAD_PERFORMANCE_DATA = *mut THREAD_PERFORMANCE_DATA; +STRUCT!{struct THREAD_PROFILING_INFORMATION { + HardwareCounters: ULONG64, + Flags: ULONG, + Enable: ULONG, + PerformanceData: PTHREAD_PERFORMANCE_DATA, +}} +pub type PTHREAD_PROFILING_INFORMATION = *mut THREAD_PROFILING_INFORMATION; +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +STRUCT!{#[repr(align(16))] struct RTL_UMS_CONTEXT { + Link: SINGLE_LIST_ENTRY, + __padding: u64, + Context: CONTEXT, + Teb: PVOID, + UserContext: PVOID, + ScheduledThread: ULONG, + Suspended: ULONG, + VolatileContext: ULONG, + Terminated: ULONG, + DebugActive: ULONG, + RunningOnSelfThread: ULONG, + DenyRunningOnSelfThread: ULONG, + Flags: LONG, + KernelUpdateLock: ULONG64, + PrimaryClientID: ULONG64, + ContextLock: ULONG64, + PrimaryUmsContext: *mut RTL_UMS_CONTEXT, + SwitchCount: ULONG, + KernelYieldCount: ULONG, + MixedYieldCount: ULONG, + YieldCount: ULONG, +}} +#[cfg(target_arch = "x86")] +STRUCT!{struct RTL_UMS_CONTEXT { + Link: SINGLE_LIST_ENTRY, + Context: CONTEXT, + Teb: PVOID, + UserContext: PVOID, + ScheduledThread: ULONG, + Suspended: ULONG, + VolatileContext: ULONG, + Terminated: ULONG, + DebugActive: ULONG, + RunningOnSelfThread: ULONG, + DenyRunningOnSelfThread: ULONG, + Flags: LONG, + KernelUpdateLock: ULONG64, + PrimaryClientID: ULONG64, + ContextLock: ULONG64, + PrimaryUmsContext: *mut RTL_UMS_CONTEXT, + SwitchCount: ULONG, + KernelYieldCount: ULONG, + MixedYieldCount: ULONG, + YieldCount: ULONG, + __padding: u32, +}} +pub type PRTL_UMS_CONTEXT = *mut RTL_UMS_CONTEXT; +ENUM!{enum THREAD_UMS_INFORMATION_COMMAND { + UmsInformationCommandInvalid = 0, + UmsInformationCommandAttach = 1, + UmsInformationCommandDetach = 2, + UmsInformationCommandQuery = 3, +}} +STRUCT!{struct RTL_UMS_COMPLETION_LIST { + ThreadListHead: PSINGLE_LIST_ENTRY, + CompletionEvent: PVOID, + CompletionFlags: ULONG, + InternalListHead: SINGLE_LIST_ENTRY, +}} +pub type PRTL_UMS_COMPLETION_LIST = *mut RTL_UMS_COMPLETION_LIST; +STRUCT!{struct THREAD_UMS_INFORMATION { + Command: THREAD_UMS_INFORMATION_COMMAND, + CompletionList: PRTL_UMS_COMPLETION_LIST, + UmsContext: PRTL_UMS_CONTEXT, + Flags: ULONG, +}} +BITFIELD!{THREAD_UMS_INFORMATION Flags: ULONG [ + IsUmsSchedulerThread set_IsUmsSchedulerThread[0..1], + IsUmsWorkerThread set_IsUmsWorkerThread[1..2], + SpareBits set_SpareBits[2..32], +]} +pub type PTHREAD_UMS_INFORMATION = *mut THREAD_UMS_INFORMATION; +STRUCT!{struct THREAD_NAME_INFORMATION { + ThreadName: UNICODE_STRING, +}} +pub type PTHREAD_NAME_INFORMATION = *mut THREAD_NAME_INFORMATION; +ENUM!{enum SUBSYSTEM_INFORMATION_TYPE { + SubsystemInformationTypeWin32 = 0, + SubsystemInformationTypeWSL = 1, + MaxSubsystemInformationType = 2, +}} +ENUM!{enum THREAD_WORKLOAD_CLASS { + ThreadWorkloadClassDefault = 0, + ThreadWorkloadClassGraphics = 1, + MaxThreadWorkloadClass = 2, +}} +EXTERN!{extern "system" { + fn NtCreateProcess( + ProcessHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ParentProcess: HANDLE, + InheritObjectTable: BOOLEAN, + SectionHandle: HANDLE, + DebugPort: HANDLE, + ExceptionPort: HANDLE, + ) -> NTSTATUS; +}} +pub const PROCESS_CREATE_FLAGS_BREAKAWAY: ULONG = 0x00000001; +pub const PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT: ULONG = 0x00000002; +pub const PROCESS_CREATE_FLAGS_INHERIT_HANDLES: ULONG = 0x00000004; +pub const PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE: ULONG = 0x00000008; +pub const PROCESS_CREATE_FLAGS_LARGE_PAGES: ULONG = 0x00000010; +EXTERN!{extern "system" { + fn NtCreateProcessEx( + ProcessHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ParentProcess: HANDLE, + Flags: ULONG, + SectionHandle: HANDLE, + DebugPort: HANDLE, + ExceptionPort: HANDLE, + JobMemberLevel: ULONG, + ) -> NTSTATUS; + fn NtOpenProcess( + ProcessHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ClientId: PCLIENT_ID, + ) -> NTSTATUS; + fn NtTerminateProcess( + ProcessHandle: HANDLE, + ExitStatus: NTSTATUS, + ) -> NTSTATUS; + fn NtSuspendProcess( + ProcessHandle: HANDLE, + ) -> NTSTATUS; + fn NtResumeProcess( + ProcessHandle: HANDLE, + ) -> NTSTATUS; +}} +pub const NtCurrentProcess: HANDLE = -1isize as *mut c_void; +pub const ZwCurrentProcess: HANDLE = NtCurrentProcess; +pub const NtCurrentThread: HANDLE = -2isize as *mut c_void; +pub const ZwCurrentThread: HANDLE = NtCurrentThread; +pub const NtCurrentSession: HANDLE = -3isize as *mut c_void; +pub const ZwCurrentSession: HANDLE = NtCurrentSession; +#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))] +pub unsafe fn NtCurrentPeb() -> PPEB { + (*NtCurrentTeb()).ProcessEnvironmentBlock +} +pub const NtCurrentProcessToken: HANDLE = -4isize as *mut c_void; +pub const NtCurrentThreadToken: HANDLE = -5isize as *mut c_void; +pub const NtCurrentEffectiveToken: HANDLE = -6isize as *mut c_void; +pub const NtCurrentSilo: HANDLE = -1isize as *mut c_void; +#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))] +pub unsafe fn NtCurrentProcessId() -> HANDLE { + (*NtCurrentTeb()).ClientId.UniqueProcess +} +#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))] +pub unsafe fn NtCurrentThreadId() -> HANDLE { + (*NtCurrentTeb()).ClientId.UniqueThread +} +EXTERN!{extern "system" { + fn NtQueryInformationProcess( + ProcessHandle: HANDLE, + ProcessInformationClass: PROCESSINFOCLASS, + ProcessInformation: PVOID, + ProcessInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtGetNextProcess( + ProcessHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + Flags: ULONG, + NewProcessHandle: PHANDLE, + ) -> NTSTATUS; + fn NtGetNextThread( + ProcessHandle: HANDLE, + ThreadHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + Flags: ULONG, + NewThreadHandle: PHANDLE, + ) -> NTSTATUS; + fn NtSetInformationProcess( + ProcessHandle: HANDLE, + ProcessInformationClass: PROCESSINFOCLASS, + ProcessInformation: PVOID, + ProcessInformationLength: ULONG, + ) -> NTSTATUS; + fn NtQueryPortInformationProcess() -> NTSTATUS; + fn NtCreateThread( + ThreadHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ProcessHandle: HANDLE, + ClientId: PCLIENT_ID, + ThreadContext: PCONTEXT, + InitialTeb: PINITIAL_TEB, + CreateSuspended: BOOLEAN, + ) -> NTSTATUS; + fn NtOpenThread( + ThreadHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ClientId: PCLIENT_ID, + ) -> NTSTATUS; + fn NtTerminateThread( + ThreadHandle: HANDLE, + ExitStatus: NTSTATUS, + ) -> NTSTATUS; + fn NtSuspendThread( + ThreadHandle: HANDLE, + PreviousSuspendCount: PULONG, + ) -> NTSTATUS; + fn NtResumeThread( + ThreadHandle: HANDLE, + PreviousSuspendCount: PULONG, + ) -> NTSTATUS; + fn NtGetCurrentProcessorNumber() -> ULONG; + fn NtGetContextThread( + ThreadHandle: HANDLE, + ThreadContext: PCONTEXT, + ) -> NTSTATUS; + fn NtSetContextThread( + ThreadHandle: HANDLE, + ThreadContext: PCONTEXT, + ) -> NTSTATUS; + fn NtQueryInformationThread( + ThreadHandle: HANDLE, + ThreadInformationClass: THREADINFOCLASS, + ThreadInformation: PVOID, + ThreadInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtSetInformationThread( + ThreadHandle: HANDLE, + ThreadInformationClass: THREADINFOCLASS, + ThreadInformation: PVOID, + ThreadInformationLength: ULONG, + ) -> NTSTATUS; + fn NtAlertThread( + ThreadHandle: HANDLE, + ) -> NTSTATUS; + fn NtAlertResumeThread( + ThreadHandle: HANDLE, + PreviousSuspendCount: PULONG, + ) -> NTSTATUS; + fn NtTestAlert() -> NTSTATUS; + fn NtImpersonateThread( + ServerThreadHandle: HANDLE, + ClientThreadHandle: HANDLE, + SecurityQos: PSECURITY_QUALITY_OF_SERVICE, + ) -> NTSTATUS; + fn NtRegisterThreadTerminatePort( + PortHandle: HANDLE, + ) -> NTSTATUS; + fn NtSetLdtEntries( + Selector0: ULONG, + Entry0Low: ULONG, + Entry0Hi: ULONG, + Selector1: ULONG, + Entry1Low: ULONG, + Entry1Hi: ULONG, + ) -> NTSTATUS; +}} +FN!{cdecl PPS_APC_ROUTINE( + ApcArgument1: PVOID, + ApcArgument2: PVOID, + ApcArgument3: PVOID, +) -> ()} +EXTERN!{extern "system" { + fn NtQueueApcThread( + ThreadHandle: HANDLE, + ApcRoutine: PPS_APC_ROUTINE, + ApcArgument1: PVOID, + ApcArgument2: PVOID, + ApcArgument3: PVOID, + ) -> NTSTATUS; +}} +pub const APC_FORCE_THREAD_SIGNAL: HANDLE = 1 as *mut c_void; +EXTERN!{extern "system" { + fn NtQueueApcThreadEx( + ThreadHandle: HANDLE, + UserApcReserveHandle: HANDLE, + ApcRoutine: PPS_APC_ROUTINE, + ApcArgument1: PVOID, + ApcArgument2: PVOID, + ApcArgument3: PVOID, + ) -> NTSTATUS; + fn NtAlertThreadByThreadId( + ThreadId: HANDLE, + ) -> NTSTATUS; + fn NtWaitForAlertByThreadId( + Address: PVOID, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; +}} +pub const PS_ATTRIBUTE_NUMBER_MASK: u32 = 0x0000ffff; +pub const PS_ATTRIBUTE_THREAD: u32 = 0x00010000; +pub const PS_ATTRIBUTE_INPUT: u32 = 0x00020000; +pub const PS_ATTRIBUTE_ADDITIVE: u32 = 0x00040000; +ENUM!{enum PS_ATTRIBUTE_NUM { + PsAttributeParentProcess = 0, + PsAttributeDebugPort = 1, + PsAttributeToken = 2, + PsAttributeClientId = 3, + PsAttributeTebAddress = 4, + PsAttributeImageName = 5, + PsAttributeImageInfo = 6, + PsAttributeMemoryReserve = 7, + PsAttributePriorityClass = 8, + PsAttributeErrorMode = 9, + PsAttributeStdHandleInfo = 10, + PsAttributeHandleList = 11, + PsAttributeGroupAffinity = 12, + PsAttributePreferredNode = 13, + PsAttributeIdealProcessor = 14, + PsAttributeUmsThread = 15, + PsAttributeMitigationOptions = 16, + PsAttributeProtectionLevel = 17, + PsAttributeSecureProcess = 18, + PsAttributeJobList = 19, + PsAttributeChildProcessPolicy = 20, + PsAttributeAllApplicationPackagesPolicy = 21, + PsAttributeWin32kFilter = 22, + PsAttributeSafeOpenPromptOriginClaim = 23, + PsAttributeBnoIsolation = 24, + PsAttributeDesktopAppPolicy = 25, + PsAttributeChpe = 26, + PsAttributeMax = 27, +}} +#[inline] +pub const fn PsAttributeValue( + Number: PS_ATTRIBUTE_NUM, + Thread: bool, + Input: bool, + Additive: bool, +) -> ULONG_PTR { //fixme + (Number & PS_ATTRIBUTE_NUMBER_MASK | [0, PS_ATTRIBUTE_THREAD][Thread as usize] + | [0, PS_ATTRIBUTE_INPUT][Input as usize] | [0, PS_ATTRIBUTE_ADDITIVE][Additive as usize] + ) as usize +} +pub const PS_ATTRIBUTE_PARENT_PROCESS: ULONG_PTR = 0x00060000; +pub const PS_ATTRIBUTE_DEBUG_PORT: ULONG_PTR = 0x00060001; +pub const PS_ATTRIBUTE_TOKEN: ULONG_PTR = 0x00060002; +pub const PS_ATTRIBUTE_CLIENT_ID: ULONG_PTR = 0x00010003; +pub const PS_ATTRIBUTE_TEB_ADDRESS: ULONG_PTR = 0x00010004; +pub const PS_ATTRIBUTE_IMAGE_NAME: ULONG_PTR = 0x00020005; +pub const PS_ATTRIBUTE_IMAGE_INFO: ULONG_PTR = 0x00000006; +pub const PS_ATTRIBUTE_MEMORY_RESERVE: ULONG_PTR = 0x00020007; +pub const PS_ATTRIBUTE_PRIORITY_CLASS: ULONG_PTR = 0x00020008; +pub const PS_ATTRIBUTE_ERROR_MODE: ULONG_PTR = 0x00020009; +pub const PS_ATTRIBUTE_STD_HANDLE_INFO: ULONG_PTR = 0x0002000a; +pub const PS_ATTRIBUTE_HANDLE_LIST: ULONG_PTR = 0x0002000b; +pub const PS_ATTRIBUTE_GROUP_AFFINITY: ULONG_PTR = 0x0003000c; +pub const PS_ATTRIBUTE_PREFERRED_NODE: ULONG_PTR = 0x0002000d; +pub const PS_ATTRIBUTE_IDEAL_PROCESSOR: ULONG_PTR = 0x0003000e; +pub const PS_ATTRIBUTE_UMS_THREAD: ULONG_PTR = 0x0003000f; +pub const PS_ATTRIBUTE_MITIGATION_OPTIONS: ULONG_PTR = 0x00060010; +pub const PS_ATTRIBUTE_PROTECTION_LEVEL: ULONG_PTR = 0x00060011; +pub const PS_ATTRIBUTE_SECURE_PROCESS: ULONG_PTR = 0x00020012; +pub const PS_ATTRIBUTE_JOB_LIST: ULONG_PTR = 0x00020013; +pub const PS_ATTRIBUTE_CHILD_PROCESS_POLICY: ULONG_PTR = 0x00020014; +pub const PS_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY: ULONG_PTR = 0x00020015; +pub const PS_ATTRIBUTE_WIN32K_FILTER: ULONG_PTR = 0x00020016; +pub const PS_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM: ULONG_PTR = 0x00020017; +pub const PS_ATTRIBUTE_BNO_ISOLATION: ULONG_PTR = 0x00020018; +pub const PS_ATTRIBUTE_DESKTOP_APP_POLICY: ULONG_PTR = 0x00020019; +UNION!{union PS_ATTRIBUTE_u { + Value: ULONG_PTR, + ValuePtr: PVOID, +}} +STRUCT!{struct PS_ATTRIBUTE { + Attribute: ULONG_PTR, + Size: SIZE_T, + u: PS_ATTRIBUTE_u, + ReturnLength: PSIZE_T, +}} +pub type PPS_ATTRIBUTE = *mut PS_ATTRIBUTE; +STRUCT!{struct PS_ATTRIBUTE_LIST { + TotalLength: SIZE_T, + Attributes: [PS_ATTRIBUTE; 1], +}} +pub type PPS_ATTRIBUTE_LIST = *mut PS_ATTRIBUTE_LIST; +STRUCT!{struct PS_MEMORY_RESERVE { + ReserveAddress: PVOID, + ReserveSize: SIZE_T, +}} +pub type PPS_MEMORY_RESERVE = *mut PS_MEMORY_RESERVE; +ENUM!{enum PS_STD_HANDLE_STATE { + PsNeverDuplicate = 0, + PsRequestDuplicate = 1, + PsAlwaysDuplicate = 2, + PsMaxStdHandleStates = 3, +}} +pub const PS_STD_INPUT_HANDLE: u32 = 0x1; +pub const PS_STD_OUTPUT_HANDLE: u32 = 0x2; +pub const PS_STD_ERROR_HANDLE: u32 = 0x4; +STRUCT!{struct PS_STD_HANDLE_INFO { + Flags: ULONG, + StdHandleSubsystemType: ULONG, +}} +pub type PPS_STD_HANDLE_INFO = *mut PS_STD_HANDLE_INFO; +BITFIELD!{PS_STD_HANDLE_INFO Flags: ULONG [ + StdHandleState set_StdHandleState[0..2], + PseudoHandleMask set_PseudoHandleMask[2..5], +]} +STRUCT!{struct PS_BNO_ISOLATION_PARAMETERS { + IsolationPrefix: UNICODE_STRING, + HandleCount: ULONG, + Handles: *mut PVOID, + IsolationEnabled: BOOLEAN, +}} +pub type PPS_BNO_ISOLATION_PARAMETERS = *mut PS_BNO_ISOLATION_PARAMETERS; +ENUM!{enum PS_MITIGATION_OPTION { + PS_MITIGATION_OPTION_NX = 0, + PS_MITIGATION_OPTION_SEHOP = 1, + PS_MITIGATION_OPTION_FORCE_RELOCATE_IMAGES = 2, + PS_MITIGATION_OPTION_HEAP_TERMINATE = 3, + PS_MITIGATION_OPTION_BOTTOM_UP_ASLR = 4, + PS_MITIGATION_OPTION_HIGH_ENTROPY_ASLR = 5, + PS_MITIGATION_OPTION_STRICT_HANDLE_CHECKS = 6, + PS_MITIGATION_OPTION_WIN32K_SYSTEM_CALL_DISABLE = 7, + PS_MITIGATION_OPTION_EXTENSION_POINT_DISABLE = 8, + PS_MITIGATION_OPTION_PROHIBIT_DYNAMIC_CODE = 9, + PS_MITIGATION_OPTION_CONTROL_FLOW_GUARD = 10, + PS_MITIGATION_OPTION_BLOCK_NON_MICROSOFT_BINARIES = 11, + PS_MITIGATION_OPTION_FONT_DISABLE = 12, + PS_MITIGATION_OPTION_IMAGE_LOAD_NO_REMOTE = 13, + PS_MITIGATION_OPTION_IMAGE_LOAD_NO_LOW_LABEL = 14, + PS_MITIGATION_OPTION_IMAGE_LOAD_PREFER_SYSTEM32 = 15, + PS_MITIGATION_OPTION_RETURN_FLOW_GUARD = 16, + PS_MITIGATION_OPTION_LOADER_INTEGRITY_CONTINUITY = 17, + PS_MITIGATION_OPTION_STRICT_CONTROL_FLOW_GUARD = 18, + PS_MITIGATION_OPTION_RESTRICT_SET_THREAD_CONTEXT = 19, + PS_MITIGATION_OPTION_ROP_STACKPIVOT = 20, + PS_MITIGATION_OPTION_ROP_CALLER_CHECK = 21, + PS_MITIGATION_OPTION_ROP_SIMEXEC = 22, + PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER = 23, + PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER_PLUS = 24, + PS_MITIGATION_OPTION_RESTRICT_CHILD_PROCESS_CREATION = 25, + PS_MITIGATION_OPTION_IMPORT_ADDRESS_FILTER = 26, + PS_MITIGATION_OPTION_MODULE_TAMPERING_PROTECTION = 27, + PS_MITIGATION_OPTION_RESTRICT_INDIRECT_BRANCH_PREDICTION = 28, + PS_MITIGATION_OPTION_SPECULATIVE_STORE_BYPASS_DISABLE = 29, + PS_MITIGATION_OPTION_ALLOW_DOWNGRADE_DYNAMIC_CODE_POLICY = 30, + PS_MITIGATION_OPTION_CET_SHADOW_STACKS = 31, +}} +ENUM!{enum PS_CREATE_STATE { + PsCreateInitialState = 0, + PsCreateFailOnFileOpen = 1, + PsCreateFailOnSectionCreate = 2, + PsCreateFailExeFormat = 3, + PsCreateFailMachineMismatch = 4, + PsCreateFailExeName = 5, + PsCreateSuccess = 6, + PsCreateMaximumStates = 7, +}} +STRUCT!{struct PS_CREATE_INFO_u_InitState { + InitFlags: ULONG, + AdditionalFileAccess: ACCESS_MASK, +}} +BITFIELD!{PS_CREATE_INFO_u_InitState InitFlags: ULONG [ + WriteOutputOnExit set_WriteOutputOnExit[0..1], + DetectManifest set_DetectManifest[1..2], + IFEOSkipDebugger set_IFEOSkipDebugger[2..3], + IFEODoNotPropagateKeyState set_IFEODoNotPropagateKeyState[3..4], + SpareBits1 set_SpareBits1[4..8], + SpareBits2 set_SpareBits2[8..16], + ProhibitedImageCharacteristics set_ProhibitedImageCharacteristics[16..32], +]} +STRUCT!{struct PS_CREATE_INFO_u_SuccessState { + OutputFlags: ULONG, + FileHandle: HANDLE, + SectionHandle: HANDLE, + UserProcessParametersNative: ULONGLONG, + UserProcessParametersWow64: ULONG, + CurrentParameterFlags: ULONG, + PebAddressNative: ULONGLONG, + PebAddressWow64: ULONG, + ManifestAddress: ULONGLONG, + ManifestSize: ULONG, +}} +BITFIELD!{PS_CREATE_INFO_u_SuccessState OutputFlags: ULONG [ + ProtectedProcess set_ProtectedProcess[0..1], + AddressSpaceOverride set_AddressSpaceOverride[1..2], + DevOverrideEnabled set_DevOverrideEnabled[2..3], + ManifestDetected set_ManifestDetected[3..4], + ProtectedProcessLight set_ProtectedProcessLight[4..5], + SpareBits1 set_SpareBits1[5..8], + SpareBits2 set_SpareBits2[8..16], + SpareBits3 set_SpareBits3[16..32], +]} +UNION!{union PS_CREATE_INFO_u { + InitState: PS_CREATE_INFO_u_InitState, + FileHandle: HANDLE, + DllCharacteristics: USHORT, + IFEOKey: HANDLE, + SuccessState: PS_CREATE_INFO_u_SuccessState, +}} +STRUCT!{struct PS_CREATE_INFO { + Size: SIZE_T, + State: PS_CREATE_STATE, + u: PS_CREATE_INFO_u, +}} +pub type PPS_CREATE_INFO = *mut PS_CREATE_INFO; +pub const PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL: ULONG = 0x00000020; +pub const PROCESS_CREATE_FLAGS_PROTECTED_PROCESS: ULONG = 0x00000040; +pub const PROCESS_CREATE_FLAGS_CREATE_SESSION: ULONG = 0x00000080; +pub const PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT: ULONG = 0x00000100; +pub const PROCESS_CREATE_FLAGS_SUSPENDED: ULONG = 0x00000200; +pub const PROCESS_CREATE_FLAGS_EXTENDED_UNKNOWN: ULONG = 0x00000400; +EXTERN!{extern "system" { + fn NtCreateUserProcess( + ProcessHandle: PHANDLE, + ThreadHandle: PHANDLE, + ProcessDesiredAccess: ACCESS_MASK, + ThreadDesiredAccess: ACCESS_MASK, + ProcessObjectAttributes: POBJECT_ATTRIBUTES, + ThreadObjectAttributes: POBJECT_ATTRIBUTES, + ProcessFlags: ULONG, + ThreadFlags: ULONG, + ProcessParameters: PVOID, + CreateInfo: PPS_CREATE_INFO, + AttributeList: PPS_ATTRIBUTE_LIST, + ) -> NTSTATUS; +}} +pub const THREAD_CREATE_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001; +pub const THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH: ULONG = 0x00000002; +pub const THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER: ULONG = 0x00000004; +pub const THREAD_CREATE_FLAGS_HAS_SECURITY_DESCRIPTOR: ULONG = 0x00000010; +pub const THREAD_CREATE_FLAGS_ACCESS_CHECK_IN_TARGET: ULONG = 0x00000020; +pub const THREAD_CREATE_FLAGS_INITIAL_THREAD: ULONG = 0x00000080; +EXTERN!{extern "system" { + fn NtCreateThreadEx( + ThreadHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ProcessHandle: HANDLE, + StartRoutine: PVOID, + Argument: PVOID, + CreateFlags: ULONG, + ZeroBits: SIZE_T, + StackSize: SIZE_T, + MaximumStackSize: SIZE_T, + AttributeList: PPS_ATTRIBUTE_LIST, + ) -> NTSTATUS; +}} +STRUCT!{struct JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION { + BasicInfo: JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, + IoInfo: IO_COUNTERS, + DiskIoInfo: PROCESS_DISK_COUNTERS, + ContextSwitches: ULONG64, + TotalCycleTime: LARGE_INTEGER, + ReadyTime: ULONG64, + EnergyValues: PROCESS_ENERGY_VALUES, +}} +pub type PJOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION = + *mut JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION; +STRUCT!{struct JOBOBJECT_WAKE_INFORMATION { + NotificationChannel: HANDLE, + WakeCounters: [ULONG64; 7], +}} +pub type PJOBOBJECT_WAKE_INFORMATION = *mut JOBOBJECT_WAKE_INFORMATION; +STRUCT!{struct JOBOBJECT_WAKE_INFORMATION_V1 { + NotificationChannel: HANDLE, + WakeCounters: [ULONG64; 4], +}} +pub type PJOBOBJECT_WAKE_INFORMATION_V1 = *mut JOBOBJECT_WAKE_INFORMATION_V1; +STRUCT!{struct JOBOBJECT_INTERFERENCE_INFORMATION { + Count: ULONG64, +}} +pub type PJOBOBJECT_INTERFERENCE_INFORMATION = *mut JOBOBJECT_INTERFERENCE_INFORMATION; +STRUCT!{struct JOBOBJECT_WAKE_FILTER { + HighEdgeFilter: ULONG, + LowEdgeFilter: ULONG, +}} +pub type PJOBOBJECT_WAKE_FILTER = *mut JOBOBJECT_WAKE_FILTER; +STRUCT!{struct JOBOBJECT_FREEZE_INFORMATION { + Flags: ULONG, + Freeze: BOOLEAN, + Swap: BOOLEAN, + Reserved0: [UCHAR; 2], + WakeFilter: JOBOBJECT_WAKE_FILTER, +}} +pub type PJOBOBJECT_FREEZE_INFORMATION = *mut JOBOBJECT_FREEZE_INFORMATION; +BITFIELD!{JOBOBJECT_FREEZE_INFORMATION Flags: ULONG [ + FreezeOperation set_FreezeOperation[0..1], + FilterOperation set_FilterOperation[1..2], + SwapOperation set_SwapOperation[2..3], + Reserved set_Reserved[3..32], +]} +STRUCT!{struct JOBOBJECT_MEMORY_USAGE_INFORMATION { + JobMemory: ULONG64, + PeakJobMemoryUsed: ULONG64, +}} +pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION = *mut JOBOBJECT_MEMORY_USAGE_INFORMATION; +STRUCT!{struct JOBOBJECT_MEMORY_USAGE_INFORMATION_V2 { + BasicInfo: JOBOBJECT_MEMORY_USAGE_INFORMATION, + JobSharedMemory: ULONG64, + Reserved: [ULONG64; 2], +}} +pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION_V2 = *mut JOBOBJECT_MEMORY_USAGE_INFORMATION_V2; +STRUCT!{struct SILO_USER_SHARED_DATA { + ServiceSessionId: ULONG64, + ActiveConsoleId: ULONG, + ConsoleSessionForegroundProcessId: LONGLONG, + NtProductType: NT_PRODUCT_TYPE, + SuiteMask: ULONG, + SharedUserSessionId: ULONG, + IsMultiSessionSku: BOOLEAN, + NtSystemRoot: [WCHAR; 260], + UserModeGlobalLogger: [USHORT; 16], +}} +pub type PSILO_USER_SHARED_DATA = *mut SILO_USER_SHARED_DATA; +STRUCT!{struct SILOOBJECT_ROOT_DIRECTORY { + ControlFlags: ULONG, + Path: UNICODE_STRING, +}} +pub type PSILOOBJECT_ROOT_DIRECTORY = *mut SILOOBJECT_ROOT_DIRECTORY; +STRUCT!{struct JOBOBJECT_ENERGY_TRACKING_STATE { + Value: ULONG64, + UpdateMask: ULONG, + DesiredState: ULONG, +}} +pub type PJOBOBJECT_ENERGY_TRACKING_STATE = *mut JOBOBJECT_ENERGY_TRACKING_STATE; +EXTERN!{extern "system" { + fn NtCreateJobObject( + JobHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtOpenJobObject( + JobHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtAssignProcessToJobObject( + JobHandle: HANDLE, + ProcessHandle: HANDLE, + ) -> NTSTATUS; + fn NtTerminateJobObject( + JobHandle: HANDLE, + ExitStatus: NTSTATUS, + ) -> NTSTATUS; + fn NtIsProcessInJob( + ProcessHandle: HANDLE, + JobHandle: HANDLE, + ) -> NTSTATUS; + fn NtQueryInformationJobObject( + JobHandle: HANDLE, + JobObjectInformationClass: JOBOBJECTINFOCLASS, + JobObjectInformation: PVOID, + JobObjectInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtSetInformationJobObject( + JobHandle: HANDLE, + JobObjectInformationClass: JOBOBJECTINFOCLASS, + JobObjectInformation: PVOID, + JobObjectInformationLength: ULONG, + ) -> NTSTATUS; + fn NtCreateJobSet( + NumJob: ULONG, + UserJobSet: PJOB_SET_ARRAY, + Flags: ULONG, + ) -> NTSTATUS; + fn NtRevertContainerImpersonation() -> NTSTATUS; +}} +ENUM!{enum MEMORY_RESERVE_TYPE { + MemoryReserveUserApc = 0, + MemoryReserveIoCompletion = 1, + MemoryReserveTypeMax = 2, +}} +EXTERN!{extern "system" { + fn NtAllocateReserveObject( + MemoryReserveHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + Type: MEMORY_RESERVE_TYPE, + ) -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/ntregapi.rs b/vendor/ntapi/src/ntregapi.rs new file mode 100644 index 000000000..ccd79b2bf --- /dev/null +++ b/vendor/ntapi/src/ntregapi.rs @@ -0,0 +1,450 @@ +use crate::ntioapi::{PIO_APC_ROUTINE, PIO_STATUS_BLOCK}; +use winapi::shared::ntdef::{ + BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, OBJECT_ATTRIBUTES, PHANDLE, POBJECT_ATTRIBUTES, + PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, USHORT, WCHAR, +}; +use winapi::um::winnt::ACCESS_MASK; +pub const REG_INIT_BOOT_SM: USHORT = 0x0000; +pub const REG_INIT_BOOT_SETUP: USHORT = 0x0001; +pub const REG_INIT_BOOT_ACCEPTED_BASE: USHORT = 0x0002; +pub const REG_INIT_BOOT_ACCEPTED_MAX: USHORT = REG_INIT_BOOT_ACCEPTED_BASE; +pub const REG_MAX_KEY_VALUE_NAME_LENGTH: u32 = 32767; +pub const REG_MAX_KEY_NAME_LENGTH: u32 = 512; +ENUM!{enum KEY_INFORMATION_CLASS { + KeyBasicInformation = 0, + KeyNodeInformation = 1, + KeyFullInformation = 2, + KeyNameInformation = 3, + KeyCachedInformation = 4, + KeyFlagsInformation = 5, + KeyVirtualizationInformation = 6, + KeyHandleTagsInformation = 7, + KeyTrustInformation = 8, + KeyLayerInformation = 9, + MaxKeyInfoClass = 10, +}} +STRUCT!{struct KEY_BASIC_INFORMATION { + LastWriteTime: LARGE_INTEGER, + TitleIndex: ULONG, + NameLength: ULONG, + Name: [WCHAR; 1], +}} +pub type PKEY_BASIC_INFORMATION = *mut KEY_BASIC_INFORMATION; +STRUCT!{struct KEY_NODE_INFORMATION { + LastWriteTime: LARGE_INTEGER, + TitleIndex: ULONG, + ClassOffset: ULONG, + ClassLength: ULONG, + NameLength: ULONG, + Name: [WCHAR; 1], +}} +pub type PKEY_NODE_INFORMATION = *mut KEY_NODE_INFORMATION; +STRUCT!{struct KEY_FULL_INFORMATION { + LastWriteTime: LARGE_INTEGER, + TitleIndex: ULONG, + ClassOffset: ULONG, + ClassLength: ULONG, + SubKeys: ULONG, + MaxNameLen: ULONG, + MaxClassLen: ULONG, + Values: ULONG, + MaxValueNameLen: ULONG, + MaxValueDataLen: ULONG, + Class: [WCHAR; 1], +}} +pub type PKEY_FULL_INFORMATION = *mut KEY_FULL_INFORMATION; +STRUCT!{struct KEY_NAME_INFORMATION { + NameLength: ULONG, + Name: [WCHAR; 1], +}} +pub type PKEY_NAME_INFORMATION = *mut KEY_NAME_INFORMATION; +STRUCT!{struct KEY_CACHED_INFORMATION { + LastWriteTime: LARGE_INTEGER, + TitleIndex: ULONG, + SubKeys: ULONG, + MaxNameLen: ULONG, + Values: ULONG, + MaxValueNameLen: ULONG, + MaxValueDataLen: ULONG, + NameLength: ULONG, + Name: [WCHAR; 1], +}} +pub type PKEY_CACHED_INFORMATION = *mut KEY_CACHED_INFORMATION; +STRUCT!{struct KEY_FLAGS_INFORMATION { + UserFlags: ULONG, +}} +pub type PKEY_FLAGS_INFORMATION = *mut KEY_FLAGS_INFORMATION; +STRUCT!{struct KEY_VIRTUALIZATION_INFORMATION { + Bitfields: ULONG, +}} +BITFIELD!{KEY_VIRTUALIZATION_INFORMATION Bitfields: ULONG [ + VirtualizationCandidate set_VirtualizationCandidate[0..1], + VirtualizationEnabled set_VirtualizationEnabled[1..2], + VirtualTarget set_VirtualTarget[2..3], + VirtualStore set_VirtualStore[3..4], + VirtualSource set_VirtualSource[4..5], + Reserved set_Reserved[5..32], +]} +pub type PKEY_VIRTUALIZATION_INFORMATION = *mut KEY_VIRTUALIZATION_INFORMATION; +STRUCT!{struct KEY_TRUST_INFORMATION { + Bitfields: ULONG, +}} +BITFIELD!{KEY_TRUST_INFORMATION Bitfields: ULONG [ + TrustedKey set_TrustedKey[0..1], + Reserved set_Reserved[1..32], +]} +pub type PKEY_TRUST_INFORMATION = *mut KEY_TRUST_INFORMATION; +STRUCT!{struct KEY_LAYER_INFORMATION { + IsTombstone: ULONG, + IsSupersedeLocal: ULONG, + IsSupersedeTree: ULONG, + ClassIsInherited: ULONG, + Reserved: ULONG, +}} +pub type PKEY_LAYER_INFORMATION = *mut KEY_LAYER_INFORMATION; +ENUM!{enum KEY_SET_INFORMATION_CLASS { + KeyWriteTimeInformation = 0, + KeyWow64FlagsInformation = 1, + KeyControlFlagsInformation = 2, + KeySetVirtualizationInformation = 3, + KeySetDebugInformation = 4, + KeySetHandleTagsInformation = 5, + KeySetLayerInformation = 6, + MaxKeySetInfoClass = 7, +}} +STRUCT!{struct KEY_WRITE_TIME_INFORMATION { + LastWriteTime: LARGE_INTEGER, +}} +pub type PKEY_WRITE_TIME_INFORMATION = *mut KEY_WRITE_TIME_INFORMATION; +STRUCT!{struct KEY_WOW64_FLAGS_INFORMATION { + UserFlags: ULONG, +}} +pub type PKEY_WOW64_FLAGS_INFORMATION = *mut KEY_WOW64_FLAGS_INFORMATION; +STRUCT!{struct KEY_HANDLE_TAGS_INFORMATION { + HandleTags: ULONG, +}} +pub type PKEY_HANDLE_TAGS_INFORMATION = *mut KEY_HANDLE_TAGS_INFORMATION; +STRUCT!{struct KEY_SET_LAYER_INFORMATION { + Bitfields: ULONG, +}} +BITFIELD!{KEY_SET_LAYER_INFORMATION Bitfields: ULONG [ + IsTombstone set_IsTombstone[0..1], + IsSupersedeLocal set_IsSupersedeLocal[1..2], + IsSupersedeTree set_IsSupersedeTree[2..3], + ClassIsInherited set_ClassIsInherited[3..4], + Reserved set_Reserved[4..32], +]} +pub type PKEY_SET_LAYER_INFORMATION = *mut KEY_SET_LAYER_INFORMATION; +STRUCT!{struct KEY_CONTROL_FLAGS_INFORMATION { + ControlFlags: ULONG, +}} +pub type PKEY_CONTROL_FLAGS_INFORMATION = *mut KEY_CONTROL_FLAGS_INFORMATION; +STRUCT!{struct KEY_SET_VIRTUALIZATION_INFORMATION { + HandleTags: ULONG, +}} +BITFIELD!{KEY_SET_VIRTUALIZATION_INFORMATION HandleTags: ULONG [ + VirtualTarget set_VirtualTarget[0..1], + VirtualStore set_VirtualStore[1..2], + VirtualSource set_VirtualSource[2..3], + Reserved set_Reserved[3..32], +]} +pub type PKEY_SET_VIRTUALIZATION_INFORMATION = *mut KEY_SET_VIRTUALIZATION_INFORMATION; +ENUM!{enum KEY_VALUE_INFORMATION_CLASS { + KeyValueBasicInformation = 0, + KeyValueFullInformation = 1, + KeyValuePartialInformation = 2, + KeyValueFullInformationAlign64 = 3, + KeyValuePartialInformationAlign64 = 4, + KeyValueLayerInformation = 5, + MaxKeyValueInfoClass = 6, +}} +STRUCT!{struct KEY_VALUE_BASIC_INFORMATION { + TitleIndex: ULONG, + Type: ULONG, + NameLength: ULONG, + Name: [WCHAR; 1], +}} +pub type PKEY_VALUE_BASIC_INFORMATION = *mut KEY_VALUE_BASIC_INFORMATION; +STRUCT!{struct KEY_VALUE_FULL_INFORMATION { + TitleIndex: ULONG, + Type: ULONG, + DataOffset: ULONG, + DataLength: ULONG, + NameLength: ULONG, + Name: [WCHAR; 1], +}} +pub type PKEY_VALUE_FULL_INFORMATION = *mut KEY_VALUE_FULL_INFORMATION; +STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION { + TitleIndex: ULONG, + Type: ULONG, + DataLength: ULONG, + Data: [UCHAR; 1], +}} +pub type PKEY_VALUE_PARTIAL_INFORMATION = *mut KEY_VALUE_PARTIAL_INFORMATION; +STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 { + Type: ULONG, + DataLength: ULONG, + Data: [UCHAR; 1], +}} +pub type PKEY_VALUE_PARTIAL_INFORMATION_ALIGN64 = *mut KEY_VALUE_PARTIAL_INFORMATION_ALIGN64; +STRUCT!{struct KEY_VALUE_LAYER_INFORMATION { + IsTombstone: ULONG, + Reserved: ULONG, +}} +pub type PKEY_VALUE_LAYER_INFORMATION = *mut KEY_VALUE_LAYER_INFORMATION; +STRUCT!{struct KEY_VALUE_ENTRY { + ValueName: PUNICODE_STRING, + DataLength: ULONG, + DataOffset: ULONG, + Type: ULONG, +}} +pub type PKEY_VALUE_ENTRY = *mut KEY_VALUE_ENTRY; +ENUM!{enum REG_ACTION { + KeyAdded = 0, + KeyRemoved = 1, + KeyModified = 2, +}} +STRUCT!{struct REG_NOTIFY_INFORMATION { + NextEntryOffset: ULONG, + Action: REG_ACTION, + KeyLength: ULONG, + Key: [WCHAR; 1], +}} +pub type PREG_NOTIFY_INFORMATION = *mut REG_NOTIFY_INFORMATION; +STRUCT!{struct KEY_PID_ARRAY { + PID: HANDLE, + KeyName: UNICODE_STRING, +}} +pub type PKEY_PID_ARRAY = *mut KEY_PID_ARRAY; +STRUCT!{struct KEY_OPEN_SUBKEYS_INFORMATION { + Count: ULONG, + KeyArray: [KEY_PID_ARRAY; 1], +}} +pub type PKEY_OPEN_SUBKEYS_INFORMATION = *mut KEY_OPEN_SUBKEYS_INFORMATION; +EXTERN!{extern "system" { + fn NtCreateKey( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TitleIndex: ULONG, + Class: PUNICODE_STRING, + CreateOptions: ULONG, + Disposition: PULONG, + ) -> NTSTATUS; + fn NtCreateKeyTransacted( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TitleIndex: ULONG, + Class: PUNICODE_STRING, + CreateOptions: ULONG, + TransactionHandle: HANDLE, + Disposition: PULONG, + ) -> NTSTATUS; + fn NtOpenKey( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtOpenKeyTransacted( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TransactionHandle: HANDLE, + ) -> NTSTATUS; + fn NtOpenKeyEx( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + OpenOptions: ULONG, + ) -> NTSTATUS; + fn NtOpenKeyTransactedEx( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + OpenOptions: ULONG, + TransactionHandle: HANDLE, + ) -> NTSTATUS; + fn NtDeleteKey( + KeyHandle: HANDLE, + ) -> NTSTATUS; + fn NtRenameKey( + KeyHandle: HANDLE, + NewName: PUNICODE_STRING, + ) -> NTSTATUS; + fn NtDeleteValueKey( + KeyHandle: HANDLE, + ValueName: PUNICODE_STRING, + ) -> NTSTATUS; + fn NtQueryKey( + KeyHandle: HANDLE, + KeyInformationClass: KEY_INFORMATION_CLASS, + KeyInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + fn NtSetInformationKey( + KeyHandle: HANDLE, + KeySetInformationClass: KEY_SET_INFORMATION_CLASS, + KeySetInformation: PVOID, + KeySetInformationLength: ULONG, + ) -> NTSTATUS; + fn NtQueryValueKey( + KeyHandle: HANDLE, + ValueName: PUNICODE_STRING, + KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, + KeyValueInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + fn NtSetValueKey( + KeyHandle: HANDLE, + ValueName: PUNICODE_STRING, + TitleIndex: ULONG, + Type: ULONG, + Data: PVOID, + DataSize: ULONG, + ) -> NTSTATUS; + fn NtQueryMultipleValueKey( + KeyHandle: HANDLE, + ValueEntries: PKEY_VALUE_ENTRY, + EntryCount: ULONG, + ValueBuffer: PVOID, + BufferLength: PULONG, + RequiredBufferLength: PULONG, + ) -> NTSTATUS; + fn NtEnumerateKey( + KeyHandle: HANDLE, + Index: ULONG, + KeyInformationClass: KEY_INFORMATION_CLASS, + KeyInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + fn NtEnumerateValueKey( + KeyHandle: HANDLE, + Index: ULONG, + KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, + KeyValueInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + fn NtFlushKey( + KeyHandle: HANDLE, + ) -> NTSTATUS; + fn NtCompactKeys( + Count: ULONG, + KeyArray: *mut HANDLE, + ) -> NTSTATUS; + fn NtCompressKey( + Key: HANDLE, + ) -> NTSTATUS; + fn NtLoadKey( + TargetKey: POBJECT_ATTRIBUTES, + SourceFile: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtLoadKey2( + TargetKey: POBJECT_ATTRIBUTES, + SourceFile: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + fn NtLoadKeyEx( + TargetKey: POBJECT_ATTRIBUTES, + SourceFile: POBJECT_ATTRIBUTES, + Flags: ULONG, + TrustClassKey: HANDLE, + Event: HANDLE, + DesiredAccess: ACCESS_MASK, + RootHandle: PHANDLE, + IoStatus: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + fn NtReplaceKey( + NewFile: POBJECT_ATTRIBUTES, + TargetHandle: HANDLE, + OldFile: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtSaveKey( + KeyHandle: HANDLE, + FileHandle: HANDLE, + ) -> NTSTATUS; + fn NtSaveKeyEx( + KeyHandle: HANDLE, + FileHandle: HANDLE, + Format: ULONG, + ) -> NTSTATUS; + fn NtSaveMergedKeys( + HighPrecedenceKeyHandle: HANDLE, + LowPrecedenceKeyHandle: HANDLE, + FileHandle: HANDLE, + ) -> NTSTATUS; + fn NtRestoreKey( + KeyHandle: HANDLE, + FileHandle: HANDLE, + Flags: ULONG, + ) -> NTSTATUS; + fn NtUnloadKey( + TargetKey: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; +}} +pub const REG_FORCE_UNLOAD: ULONG = 1; +pub const REG_UNLOAD_LEGAL_FLAGS: ULONG = REG_FORCE_UNLOAD; +EXTERN!{extern "system" { + fn NtUnloadKey2( + TargetKey: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + fn NtUnloadKeyEx( + TargetKey: POBJECT_ATTRIBUTES, + Event: HANDLE, + ) -> NTSTATUS; + fn NtNotifyChangeKey( + KeyHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + Buffer: PVOID, + BufferSize: ULONG, + Asynchronous: BOOLEAN, + ) -> NTSTATUS; + fn NtNotifyChangeMultipleKeys( + MasterKeyHandle: HANDLE, + Count: ULONG, + SubordinateObjects: *mut OBJECT_ATTRIBUTES, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + Buffer: PVOID, + BufferSize: ULONG, + Asynchronous: BOOLEAN, + ) -> NTSTATUS; + fn NtQueryOpenSubKeys( + TargetKey: POBJECT_ATTRIBUTES, + HandleCount: PULONG, + ) -> NTSTATUS; + fn NtQueryOpenSubKeysEx( + TargetKey: POBJECT_ATTRIBUTES, + BufferLength: ULONG, + Buffer: PVOID, + RequiredSize: PULONG, + ) -> NTSTATUS; + fn NtInitializeRegistry( + BootCondition: USHORT, + ) -> NTSTATUS; + fn NtLockRegistryKey( + KeyHandle: HANDLE, + ) -> NTSTATUS; + fn NtLockProductActivationKeys( + pPrivateVer: *mut ULONG, + pSafeMode: *mut ULONG, + ) -> NTSTATUS; + fn NtFreezeRegistry( + TimeOutInSeconds: ULONG, + ) -> NTSTATUS; + fn NtThawRegistry() -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/ntrtl.rs b/vendor/ntapi/src/ntrtl.rs new file mode 100644 index 000000000..9dfa19f7c --- /dev/null +++ b/vendor/ntapi/src/ntrtl.rs @@ -0,0 +1,4378 @@ +use core::ptr::null_mut; +use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID}; +use crate::ntexapi::{RTL_PROCESS_BACKTRACES, RTL_PROCESS_LOCKS}; +use crate::ntioapi::FILE_INFORMATION_CLASS; +use crate::ntldr::{RTL_PROCESS_MODULES, RTL_PROCESS_MODULE_INFORMATION_EX}; +use crate::ntmmapi::SECTION_IMAGE_INFORMATION; +use crate::ntnls::{PCPTABLEINFO, PNLSTABLEINFO}; +use crate::ntpebteb::{PPEB, PTEB_ACTIVE_FRAME}; +use crate::ntpsapi::{PINITIAL_TEB, PPS_APC_ROUTINE, PS_PROTECTION}; +use crate::ntapi_base::{PRTL_ATOM, RTL_ATOM}; +use crate::string::UTF16Const; +use winapi::ctypes::c_void; +use winapi::shared::basetsd::{PULONG64, ULONG32, ULONG64, PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR}; +use winapi::shared::guiddef::GUID; +use winapi::shared::in6addr::in6_addr; +use winapi::shared::inaddr::in_addr; +use winapi::shared::minwindef::{BOOL, DWORD, PBOOL}; +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +use winapi::shared::ntdef::{LARGE_INTEGER, RTL_BALANCED_NODE}; +use winapi::shared::ntdef::{ + BOOLEAN, CCHAR, CHAR, CLONG, CSHORT, HANDLE, LCID, LIST_ENTRY, LOGICAL, LONG, LUID, NTSTATUS, + PANSI_STRING, PBOOLEAN, PCANSI_STRING, PCCH, PCH, PCHAR, PCOEM_STRING, PCSZ, PCUNICODE_STRING, + PCWCH, PCWSTR, PHANDLE, PLARGE_INTEGER, PLCID, PLIST_ENTRY, PLONG, PLUID, PNT_PRODUCT_TYPE, + POEM_STRING, PPROCESSOR_NUMBER, PRTL_BALANCED_NODE, PSINGLE_LIST_ENTRY, PSTR, PSTRING, PUCHAR, + PULONG, PULONGLONG, PUNICODE_STRING, PUSHORT, PVOID, PWCH, PWCHAR, PWSTR, SINGLE_LIST_ENTRY, + STRING, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR, +}; +use winapi::um::minwinbase::PTHREAD_START_ROUTINE; +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +use winapi::um::winnt::{PGET_RUNTIME_FUNCTION_CALLBACK, PRUNTIME_FUNCTION, PWOW64_CONTEXT}; +use winapi::um::winnt::{ + ACCESS_MASK, ACL_INFORMATION_CLASS, APC_CALLBACK_FUNCTION, HEAP_INFORMATION_CLASS, + HEAP_REALLOC_IN_PLACE_ONLY, HEAP_ZERO_MEMORY, OS_DEPLOYEMENT_STATE_VALUES, PACCESS_MASK, PACL, + PCONTEXT, PEXCEPTION_POINTERS, PEXCEPTION_RECORD, PFLS_CALLBACK_FUNCTION, PGENERIC_MAPPING, + PIMAGE_NT_HEADERS, PIMAGE_SECTION_HEADER, PLUID_AND_ATTRIBUTES, PMESSAGE_RESOURCE_ENTRY, + PPERFORMANCE_DATA, PRTL_BARRIER, PRTL_CONDITION_VARIABLE, PRTL_CRITICAL_SECTION, + PRTL_OSVERSIONINFOEXW, PRTL_OSVERSIONINFOW, PRTL_RESOURCE_DEBUG, PRTL_SRWLOCK, + PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR_CONTROL, PSID, PSID_AND_ATTRIBUTES, + PSID_AND_ATTRIBUTES_HASH, PSID_IDENTIFIER_AUTHORITY, PVECTORED_EXCEPTION_HANDLER, + PXSAVE_AREA_HEADER, RTL_CRITICAL_SECTION, RTL_SRWLOCK, SECURITY_DESCRIPTOR_CONTROL, + SECURITY_IMPERSONATION_LEVEL, SECURITY_INFORMATION, WAITORTIMERCALLBACKFUNC, + WORKERCALLBACKFUNC, +}; +use winapi::vc::vadefs::va_list; +#[inline] +pub fn InitializeListHead(ListHead: &mut LIST_ENTRY) { + ListHead.Flink = ListHead; + ListHead.Blink = ListHead; +} +#[inline] +pub fn IsListEmpty(ListHead: &LIST_ENTRY) -> bool { + ListHead.Flink as *const _ == ListHead as *const _ +} +#[inline] +pub unsafe fn RemoveEntryList(Entry: &mut LIST_ENTRY) -> bool { + let (Blink, Flink) = (Entry.Blink, Entry.Flink); + (*Blink).Flink = Flink; + (*Flink).Blink = Blink; + Flink == Blink +} +#[inline] +pub unsafe fn RemoveHeadList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY { + let Entry = ListHead.Flink; + let Flink = (*Entry).Flink; + ListHead.Flink = Flink; + (*Flink).Blink = ListHead; + Entry +} +#[inline] +pub unsafe fn RemoveTailList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY { + let Entry = ListHead.Blink; + let Blink = (*Entry).Blink; + ListHead.Blink = Blink; + (*Blink).Flink = ListHead; + Entry +} +#[inline] +pub unsafe fn InsertTailList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) { + let Blink = ListHead.Blink; + Entry.Flink = ListHead; + Entry.Blink = Blink; + (*Blink).Flink = Entry; + ListHead.Blink = Entry; +} +#[inline] +pub unsafe fn InsertHeadList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) { + let Flink = ListHead.Flink; + Entry.Flink = Flink; + Entry.Blink = ListHead; + (*Flink).Blink = Entry; + ListHead.Flink = Entry; +} +#[inline] +pub unsafe fn AppendTailList(ListHead: &mut LIST_ENTRY, ListToAppend: &mut LIST_ENTRY) { + let ListEnd = ListHead.Blink; + (*ListHead.Blink).Flink = ListToAppend; + ListHead.Blink = ListToAppend.Blink; + (*ListToAppend.Blink).Flink = ListHead; + ListToAppend.Blink = ListEnd; +} +#[inline] +pub unsafe fn PopEntryList(ListHead: &mut SINGLE_LIST_ENTRY) -> PSINGLE_LIST_ENTRY { + let FirstEntry = ListHead.Next; + if !FirstEntry.is_null() { + ListHead.Next = (*FirstEntry).Next; + } + FirstEntry +} +#[inline] +pub fn PushEntryList(ListHead: &mut SINGLE_LIST_ENTRY, Entry: &mut SINGLE_LIST_ENTRY) { + Entry.Next = ListHead.Next; + ListHead.Next = Entry; +} +ENUM!{enum TABLE_SEARCH_RESULT { + TableEmptyTree = 0, + TableFoundNode = 1, + TableInsertAsLeft = 2, + TableInsertAsRight = 3, +}} +ENUM!{enum RTL_GENERIC_COMPARE_RESULTS { + GenericLessThan = 0, + GenericGreaterThan = 1, + GenericEqual = 2, +}} +FN!{stdcall PRTL_AVL_COMPARE_ROUTINE( + Table: *mut RTL_AVL_TABLE, + FirstStruct: PVOID, + SecondStruct: PVOID, +) -> RTL_GENERIC_COMPARE_RESULTS} +FN!{stdcall PRTL_AVL_ALLOCATE_ROUTINE( + Table: *mut RTL_AVL_TABLE, + ByteSize: CLONG, +) -> PVOID} +FN!{stdcall PRTL_AVL_FREE_ROUTINE( + Table: *mut RTL_AVL_TABLE, + Buffer: PVOID, +) -> ()} +FN!{stdcall PRTL_AVL_MATCH_FUNCTION( + Table: *mut RTL_AVL_TABLE, + UserData: PVOID, + MatchData: PVOID, +) -> NTSTATUS} +STRUCT!{struct RTL_BALANCED_LINKS { + Parent: *mut RTL_BALANCED_LINKS, + LeftChild: *mut RTL_BALANCED_LINKS, + RightChild: *mut RTL_BALANCED_LINKS, + Balance: CHAR, + Reserved: [UCHAR; 3], +}} +pub type PRTL_BALANCED_LINKS = *mut RTL_BALANCED_LINKS; +STRUCT!{struct RTL_AVL_TABLE { + BalancedRoot: RTL_BALANCED_LINKS, + OrderedPointer: PVOID, + WhichOrderedElement: ULONG, + NumberGenericTableElements: ULONG, + DepthOfTree: ULONG, + RestartKey: PRTL_BALANCED_LINKS, + DeleteCount: ULONG, + CompareRoutine: PRTL_AVL_COMPARE_ROUTINE, + AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE, + FreeRoutine: PRTL_AVL_FREE_ROUTINE, + TableContext: PVOID, +}} +pub type PRTL_AVL_TABLE = *mut RTL_AVL_TABLE; +EXTERN!{extern "system" { + fn RtlInitializeGenericTableAvl( + Table: PRTL_AVL_TABLE, + CompareRoutine: PRTL_AVL_COMPARE_ROUTINE, + AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE, + FreeRoutine: PRTL_AVL_FREE_ROUTINE, + TableContext: PVOID, + ); + fn RtlInsertElementGenericTableAvl( + Table: PRTL_AVL_TABLE, + Buffer: PVOID, + BufferSize: CLONG, + NewElement: PBOOLEAN, + ) -> PVOID; + fn RtlInsertElementGenericTableFullAvl( + Table: PRTL_AVL_TABLE, + Buffer: PVOID, + BufferSize: CLONG, + NewElement: PBOOLEAN, + NodeOrParent: PVOID, + SearchResult: TABLE_SEARCH_RESULT, + ) -> PVOID; + fn RtlDeleteElementGenericTableAvl( + Table: PRTL_AVL_TABLE, + Buffer: PVOID, + ) -> BOOLEAN; + fn RtlLookupElementGenericTableAvl( + Table: PRTL_AVL_TABLE, + Buffer: PVOID, + ) -> PVOID; + fn RtlLookupElementGenericTableFullAvl( + Table: PRTL_AVL_TABLE, + Buffer: PVOID, + NodeOrParent: *mut PVOID, + SearchResult: *mut TABLE_SEARCH_RESULT, + ) -> PVOID; + fn RtlEnumerateGenericTableAvl( + Table: PRTL_AVL_TABLE, + Restart: BOOLEAN, + ) -> PVOID; + fn RtlEnumerateGenericTableWithoutSplayingAvl( + Table: PRTL_AVL_TABLE, + RestartKey: *mut PVOID, + ) -> PVOID; + fn RtlLookupFirstMatchingElementGenericTableAvl( + Table: PRTL_AVL_TABLE, + Buffer: PVOID, + RestartKey: *mut PVOID, + ) -> PVOID; + fn RtlEnumerateGenericTableLikeADirectory( + Table: PRTL_AVL_TABLE, + MatchFunction: PRTL_AVL_MATCH_FUNCTION, + MatchData: PVOID, + NextFlag: ULONG, + RestartKey: *mut PVOID, + DeleteCount: PULONG, + Buffer: PVOID, + ) -> PVOID; + fn RtlGetElementGenericTableAvl( + Table: PRTL_AVL_TABLE, + I: ULONG, + ) -> PVOID; + fn RtlNumberGenericTableElementsAvl( + Table: PRTL_AVL_TABLE, + ) -> ULONG; + fn RtlIsGenericTableEmptyAvl( + Table: PRTL_AVL_TABLE, + ) -> BOOLEAN; +}} +STRUCT!{struct RTL_SPLAY_LINKS { + Parent: *mut RTL_SPLAY_LINKS, + LeftChild: *mut RTL_SPLAY_LINKS, + RightChild: *mut RTL_SPLAY_LINKS, +}} +pub type PRTL_SPLAY_LINKS = *mut RTL_SPLAY_LINKS; +#[inline] +pub fn RtlInitializeSplayLinks(Links: &mut RTL_SPLAY_LINKS) { + Links.Parent = Links; + Links.LeftChild = null_mut(); + Links.RightChild = null_mut(); +} +#[inline] +pub const fn RtlParent(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS { + Links.Parent +} +#[inline] +pub const fn RtlLeftChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS { + Links.LeftChild +} +#[inline] +pub const fn RtlRightChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS { + Links.RightChild +} +#[inline] +pub unsafe fn RtlIsRoot(Links: *const RTL_SPLAY_LINKS) -> bool { + (*Links).Parent as *const _ == Links +} +#[inline] +pub unsafe fn RtlIsLeftChild(Links: *const RTL_SPLAY_LINKS) -> bool { + RtlLeftChild(&*RtlParent(&*Links)) as *const _ == Links +} +#[inline] +pub unsafe fn RtlIsRightChild(Links: *const RTL_SPLAY_LINKS) -> bool { + RtlRightChild(&*RtlParent(&*Links)) as *const _ == Links +} +#[inline] +pub fn RtlInsertAsLeftChild( + ParentLinks: &mut RTL_SPLAY_LINKS, + ChildLinks: &mut RTL_SPLAY_LINKS, +) { + ParentLinks.LeftChild = ChildLinks; + ChildLinks.Parent = ParentLinks; +} +#[inline] +pub fn RtlInsertAsRightChild( + ParentLinks: &mut RTL_SPLAY_LINKS, + ChildLinks: &mut RTL_SPLAY_LINKS, +) { + ParentLinks.RightChild = ChildLinks; + ChildLinks.Parent = ParentLinks; +} +EXTERN!{extern "system" { + fn RtlSplay( + Links: PRTL_SPLAY_LINKS, + ) -> PRTL_SPLAY_LINKS; + fn RtlDelete( + Links: PRTL_SPLAY_LINKS, + ) -> PRTL_SPLAY_LINKS; + fn RtlDeleteNoSplay( + Links: PRTL_SPLAY_LINKS, + Root: *mut PRTL_SPLAY_LINKS, + ); + fn RtlSubtreeSuccessor( + Links: PRTL_SPLAY_LINKS, + ) -> PRTL_SPLAY_LINKS; + fn RtlSubtreePredecessor( + Links: PRTL_SPLAY_LINKS, + ) -> PRTL_SPLAY_LINKS; + fn RtlRealSuccessor( + Links: PRTL_SPLAY_LINKS, + ) -> PRTL_SPLAY_LINKS; + fn RtlRealPredecessor( + Links: PRTL_SPLAY_LINKS, + ) -> PRTL_SPLAY_LINKS; +}} +FN!{stdcall PRTL_GENERIC_COMPARE_ROUTINE( + Table: *mut RTL_GENERIC_TABLE, + FirstStruct: PVOID, + SecondStruct: PVOID, +) -> RTL_GENERIC_COMPARE_RESULTS} +FN!{stdcall PRTL_GENERIC_ALLOCATE_ROUTINE( + Table: *mut RTL_GENERIC_TABLE, + ByteSize: CLONG, +) -> PVOID} +FN!{stdcall PRTL_GENERIC_FREE_ROUTINE( + Table: *mut RTL_GENERIC_TABLE, + Buffer: PVOID, +) -> ()} +STRUCT!{struct RTL_GENERIC_TABLE { + TableRoot: PRTL_SPLAY_LINKS, + InsertOrderList: LIST_ENTRY, + OrderedPointer: PLIST_ENTRY, + WhichOrderedElement: ULONG, + NumberGenericTableElements: ULONG, + CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE, + AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE, + FreeRoutine: PRTL_GENERIC_FREE_ROUTINE, + TableContext: PVOID, +}} +pub type PRTL_GENERIC_TABLE = *mut RTL_GENERIC_TABLE; +EXTERN!{extern "system" { + fn RtlInitializeGenericTable( + Table: PRTL_GENERIC_TABLE, + CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE, + AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE, + FreeRoutine: PRTL_GENERIC_FREE_ROUTINE, + TableContext: PVOID, + ); + fn RtlInsertElementGenericTable( + Table: PRTL_GENERIC_TABLE, + Buffer: PVOID, + BufferSize: CLONG, + NewElement: PBOOLEAN, + ) -> PVOID; + fn RtlInsertElementGenericTableFull( + Table: PRTL_GENERIC_TABLE, + Buffer: PVOID, + BufferSize: CLONG, + NewElement: PBOOLEAN, + NodeOrParent: PVOID, + SearchResult: TABLE_SEARCH_RESULT, + ) -> PVOID; + fn RtlDeleteElementGenericTable( + Table: PRTL_GENERIC_TABLE, + Buffer: PVOID, + ) -> BOOLEAN; + fn RtlLookupElementGenericTable( + Table: PRTL_GENERIC_TABLE, + Buffer: PVOID, + ) -> PVOID; + fn RtlLookupElementGenericTableFull( + Table: PRTL_GENERIC_TABLE, + Buffer: PVOID, + NodeOrParent: *mut PVOID, + SearchResult: *mut TABLE_SEARCH_RESULT, + ) -> PVOID; + fn RtlEnumerateGenericTable( + Table: PRTL_GENERIC_TABLE, + Restart: BOOLEAN, + ) -> PVOID; + fn RtlEnumerateGenericTableWithoutSplaying( + Table: PRTL_GENERIC_TABLE, + RestartKey: *mut PVOID, + ) -> PVOID; + fn RtlGetElementGenericTable( + Table: PRTL_GENERIC_TABLE, + I: ULONG, + ) -> PVOID; + fn RtlNumberGenericTableElements( + Table: PRTL_GENERIC_TABLE, + ) -> ULONG; + fn RtlIsGenericTableEmpty( + Table: PRTL_GENERIC_TABLE, + ) -> BOOLEAN; +}} +STRUCT!{struct RTL_RB_TREE { + Root: PRTL_BALANCED_NODE, + Min: PRTL_BALANCED_NODE, +}} +pub type PRTL_RB_TREE = *mut RTL_RB_TREE; +EXTERN!{extern "system" { + fn RtlRbInsertNodeEx( + Tree: PRTL_RB_TREE, + Parent: PRTL_BALANCED_NODE, + Right: BOOLEAN, + Node: PRTL_BALANCED_NODE, + ); + fn RtlRbRemoveNode( + Tree: PRTL_RB_TREE, + Node: PRTL_BALANCED_NODE, + ); +}} +pub const RTL_HASH_ALLOCATED_HEADER: u32 = 0x00000001; +pub const RTL_HASH_RESERVED_SIGNATURE: u32 = 0; +STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENTRY { + Linkage: LIST_ENTRY, + Signature: ULONG_PTR, +}} +pub type PRTL_DYNAMIC_HASH_TABLE_ENTRY = *mut RTL_DYNAMIC_HASH_TABLE_ENTRY; +#[inline] +pub const fn HASH_ENTRY_KEY(x: &RTL_DYNAMIC_HASH_TABLE_ENTRY) -> ULONG_PTR { + x.Signature +} +STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_CONTEXT { + ChainHead: PLIST_ENTRY, + PrevLinkage: PLIST_ENTRY, + Signature: ULONG_PTR, +}} +pub type PRTL_DYNAMIC_HASH_TABLE_CONTEXT = *mut RTL_DYNAMIC_HASH_TABLE_CONTEXT; +STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENUMERATOR { + HashEntry: RTL_DYNAMIC_HASH_TABLE_ENTRY, + ChainHead: PLIST_ENTRY, + BucketIndex: ULONG, +}} +pub type PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR = *mut RTL_DYNAMIC_HASH_TABLE_ENUMERATOR; +STRUCT!{struct RTL_DYNAMIC_HASH_TABLE { + Flags: ULONG, + Shift: ULONG, + TableSize: ULONG, + Pivot: ULONG, + DivisorMask: ULONG, + NumEntries: ULONG, + NonEmptyBuckets: ULONG, + NumEnumerators: ULONG, + Directory: PVOID, +}} +pub type PRTL_DYNAMIC_HASH_TABLE = *mut RTL_DYNAMIC_HASH_TABLE; +#[inline] +pub fn RtlInitHashTableContext(Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT) { + Context.ChainHead = null_mut(); + Context.PrevLinkage = null_mut(); +} +#[inline] +pub fn RtlInitHashTableContextFromEnumerator( + Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT, + Enumerator: &RTL_DYNAMIC_HASH_TABLE_ENUMERATOR, +) { + Context.ChainHead = Enumerator.ChainHead; + Context.PrevLinkage = Enumerator.HashEntry.Linkage.Blink; +} +// RtlReleaseHashTableContext +#[inline] +pub const fn RtlTotalBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { + HashTable.TableSize +} +#[inline] +pub const fn RtlNonEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { + HashTable.NonEmptyBuckets +} +#[inline] +pub const fn RtlEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { + HashTable.TableSize - HashTable.NonEmptyBuckets +} +#[inline] +pub const fn RtlTotalEntriesHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { + HashTable.NumEntries +} +#[inline] +pub const fn RtlActiveEnumeratorsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { + HashTable.NumEnumerators +} +EXTERN!{extern "system" { + fn RtlCreateHashTable( + HashTable: *mut PRTL_DYNAMIC_HASH_TABLE, + Shift: ULONG, + Flags: ULONG, + ) -> BOOLEAN; + fn RtlDeleteHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + ); + fn RtlInsertEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY, + Signature: ULONG_PTR, + Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, + ) -> BOOLEAN; + fn RtlRemoveEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY, + Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, + ) -> BOOLEAN; + fn RtlLookupEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Signature: ULONG_PTR, + Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, + ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; + fn RtlGetNextEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, + ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; + fn RtlInitEnumerationHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ) -> BOOLEAN; + fn RtlEnumerateEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; + fn RtlEndEnumerationHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ); + fn RtlInitWeakEnumerationHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ) -> BOOLEAN; + fn RtlWeaklyEnumerateEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; + fn RtlEndWeakEnumerationHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ); + fn RtlExpandHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + ) -> BOOLEAN; + fn RtlContractHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + ) -> BOOLEAN; + fn RtlInitStrongEnumerationHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ) -> BOOLEAN; + fn RtlStronglyEnumerateEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; + fn RtlEndStrongEnumerationHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ); + fn RtlInitializeCriticalSection( + CriticalSection: PRTL_CRITICAL_SECTION, + ) -> NTSTATUS; + fn RtlInitializeCriticalSectionAndSpinCount( + CriticalSection: PRTL_CRITICAL_SECTION, + SpinCount: ULONG, + ) -> NTSTATUS; + fn RtlDeleteCriticalSection( + CriticalSection: PRTL_CRITICAL_SECTION, + ) -> NTSTATUS; + fn RtlEnterCriticalSection( + CriticalSection: PRTL_CRITICAL_SECTION, + ) -> NTSTATUS; + fn RtlLeaveCriticalSection( + CriticalSection: PRTL_CRITICAL_SECTION, + ) -> NTSTATUS; + fn RtlTryEnterCriticalSection( + CriticalSection: PRTL_CRITICAL_SECTION, + ) -> LOGICAL; + fn RtlIsCriticalSectionLocked( + CriticalSection: PRTL_CRITICAL_SECTION, + ) -> LOGICAL; + fn RtlIsCriticalSectionLockedByThread( + CriticalSection: PRTL_CRITICAL_SECTION, + ) -> LOGICAL; + fn RtlGetCriticalSectionRecursionCount( + CriticalSection: PRTL_CRITICAL_SECTION, + ) -> ULONG; + fn RtlSetCriticalSectionSpinCount( + CriticalSection: PRTL_CRITICAL_SECTION, + SpinCount: ULONG, + ) -> ULONG; + fn RtlQueryCriticalSectionOwner( + EventHandle: HANDLE, + ) -> HANDLE; + fn RtlCheckForOrphanedCriticalSections( + ThreadHandle: HANDLE, + ); +}} +STRUCT!{struct RTL_RESOURCE { + CriticalSection: RTL_CRITICAL_SECTION, + SharedSemaphore: HANDLE, + NumberOfWaitingShared: ULONG, + ExclusiveSemaphore: HANDLE, + NumberOfWaitingExclusive: ULONG, + NumberOfActive: LONG, + ExclusiveOwnerThread: HANDLE, + Flags: ULONG, + DebugInfo: PRTL_RESOURCE_DEBUG, +}} +pub type PRTL_RESOURCE = *mut RTL_RESOURCE; +pub const RTL_RESOURCE_FLAG_LONG_TERM: ULONG = 0x00000001; +EXTERN!{extern "system" { + fn RtlInitializeResource( + Resource: PRTL_RESOURCE, + ); + fn RtlDeleteResource( + Resource: PRTL_RESOURCE, + ); + fn RtlAcquireResourceShared( + Resource: PRTL_RESOURCE, + Wait: BOOLEAN, + ) -> BOOLEAN; + fn RtlAcquireResourceExclusive( + Resource: PRTL_RESOURCE, + Wait: BOOLEAN, + ) -> BOOLEAN; + fn RtlReleaseResource( + Resource: PRTL_RESOURCE, + ); + fn RtlConvertSharedToExclusive( + Resource: PRTL_RESOURCE, + ); + fn RtlConvertExclusiveToShared( + Resource: PRTL_RESOURCE, + ); + fn RtlInitializeSRWLock( + SRWLock: PRTL_SRWLOCK, + ); + fn RtlAcquireSRWLockExclusive( + SRWLock: PRTL_SRWLOCK, + ); + fn RtlAcquireSRWLockShared( + SRWLock: PRTL_SRWLOCK, + ); + fn RtlReleaseSRWLockExclusive( + SRWLock: PRTL_SRWLOCK, + ); + fn RtlReleaseSRWLockShared( + SRWLock: PRTL_SRWLOCK, + ); + fn RtlTryAcquireSRWLockExclusive( + SRWLock: PRTL_SRWLOCK, + ) -> BOOLEAN; + fn RtlTryAcquireSRWLockShared( + SRWLock: PRTL_SRWLOCK, + ) -> BOOLEAN; + fn RtlAcquireReleaseSRWLockExclusive( + SRWLock: PRTL_SRWLOCK, + ); + fn RtlInitializeConditionVariable( + ConditionVariable: PRTL_CONDITION_VARIABLE, + ); + fn RtlSleepConditionVariableCS( + ConditionVariable: PRTL_CONDITION_VARIABLE, + CriticalSection: PRTL_CRITICAL_SECTION, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn RtlSleepConditionVariableSRW( + ConditionVariable: PRTL_CONDITION_VARIABLE, + SRWLock: PRTL_SRWLOCK, + Timeout: PLARGE_INTEGER, + Flags: ULONG, + ) -> NTSTATUS; + fn RtlWakeConditionVariable( + ConditionVariable: PRTL_CONDITION_VARIABLE, + ); + fn RtlWakeAllConditionVariable( + ConditionVariable: PRTL_CONDITION_VARIABLE, + ); +}} +pub const RTL_BARRIER_FLAGS_SPIN_ONLY: ULONG = 0x00000001; +pub const RTL_BARRIER_FLAGS_BLOCK_ONLY: ULONG = 0x00000002; +pub const RTL_BARRIER_FLAGS_NO_DELETE: ULONG = 0x00000004; +EXTERN!{extern "system" { + fn RtlInitBarrier( + Barrier: PRTL_BARRIER, + TotalThreads: ULONG, + SpinCount: ULONG, + ) -> NTSTATUS; + fn RtlDeleteBarrier( + Barrier: PRTL_BARRIER, + ) -> NTSTATUS; + fn RtlBarrier( + Barrier: PRTL_BARRIER, + Flags: ULONG, + ) -> BOOLEAN; + fn RtlBarrierForDelete( + Barrier: PRTL_BARRIER, + Flags: ULONG, + ) -> BOOLEAN; + fn RtlWaitOnAddress( + Address: *mut VOID, + CompareAddress: PVOID, + AddressSize: SIZE_T, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn RtlWakeAddressAll( + Address: PVOID, + ); + fn RtlWakeAddressSingle( + Address: PVOID, + ); + fn RtlInitString( + DestinationString: PSTRING, + SourceString: PCSZ, + ); + fn RtlInitStringEx( + DestinationString: PSTRING, + SourceString: PCSZ, + ) -> NTSTATUS; + fn RtlInitAnsiString( + DestinationString: PANSI_STRING, + SourceString: PCSZ, + ); + fn RtlInitAnsiStringEx( + DestinationString: PANSI_STRING, + SourceString: PCSZ, + ) -> NTSTATUS; + fn RtlFreeAnsiString( + AnsiString: PANSI_STRING, + ); + fn RtlFreeOemString( + OemString: POEM_STRING, + ); + fn RtlCopyString( + DestinationString: PSTRING, + SourceString: *const STRING, + ); + fn RtlUpperChar( + Character: CHAR, + ) -> CHAR; + fn RtlCompareString( + String1: *const STRING, + String2: *const STRING, + CaseInSensitive: BOOLEAN, + ) -> LONG; + fn RtlEqualString( + String1: *const STRING, + String2: *const STRING, + CaseInSensitive: BOOLEAN, + ) -> BOOLEAN; + fn RtlPrefixString( + String1: *const STRING, + String2: *const STRING, + CaseInSensitive: BOOLEAN, + ) -> BOOLEAN; + fn RtlAppendStringToString( + Destination: PSTRING, + Source: *const STRING, + ) -> NTSTATUS; + fn RtlAppendAsciizToString( + Destination: PSTRING, + Source: PSTR, + ) -> NTSTATUS; + fn RtlUpperString( + DestinationString: PSTRING, + SourceString: *const STRING, + ); +}} +#[inline] +pub unsafe fn RtlIsNullOrEmptyUnicodeString(String: PUNICODE_STRING) -> bool { + String.is_null() || (*String).Length == 0 +} +#[inline] +pub fn RtlInitEmptyUnicodeString( + UnicodeString: &mut UNICODE_STRING, + Buffer: PWCHAR, + MaximumLength: USHORT, +) { + UnicodeString.Buffer = Buffer; + UnicodeString.MaximumLength = MaximumLength; + UnicodeString.Length = 0; +} +EXTERN!{extern "system" { + fn RtlInitUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: PCWSTR, + ); + fn RtlInitUnicodeStringEx( + DestinationString: PUNICODE_STRING, + SourceString: PCWSTR, + ) -> NTSTATUS; + fn RtlCreateUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: PCWSTR, + ) -> BOOLEAN; + fn RtlCreateUnicodeStringFromAsciiz( + DestinationString: PUNICODE_STRING, + SourceString: PSTR, + ) -> BOOLEAN; + fn RtlFreeUnicodeString( + UnicodeString: PUNICODE_STRING, + ); +}} +pub const RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE: ULONG = 0x00000001; +pub const RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING: ULONG = 0x00000002; +EXTERN!{extern "system" { + fn RtlDuplicateUnicodeString( + Flags: ULONG, + StringIn: PCUNICODE_STRING, + StringOut: PUNICODE_STRING, + ) -> NTSTATUS; + fn RtlCopyUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: PCUNICODE_STRING, + ); + fn RtlUpcaseUnicodeChar( + SourceCharacter: WCHAR, + ) -> WCHAR; + fn RtlDowncaseUnicodeChar( + SourceCharacter: WCHAR, + ) -> WCHAR; + fn RtlCompareUnicodeString( + String1: PCUNICODE_STRING, + String2: PCUNICODE_STRING, + CaseInSensitive: BOOLEAN, + ) -> LONG; + fn RtlCompareUnicodeStrings( + String1: PCWCH, + String1Length: SIZE_T, + String2: PCWCH, + String2Length: SIZE_T, + CaseInSensitive: BOOLEAN, + ) -> LONG; + fn RtlEqualUnicodeString( + String1: PCUNICODE_STRING, + String2: PCUNICODE_STRING, + CaseInSensitive: BOOLEAN, + ) -> BOOLEAN; +}} +pub const HASH_STRING_ALGORITHM_DEFAULT: ULONG = 0; +pub const HASH_STRING_ALGORITHM_X65599: ULONG = 1; +pub const HASH_STRING_ALGORITHM_INVALID: ULONG = 0xffffffff; +EXTERN!{extern "system" { + fn RtlHashUnicodeString( + String: PCUNICODE_STRING, + CaseInSensitive: BOOLEAN, + HashAlgorithm: ULONG, + HashValue: PULONG, + ) -> NTSTATUS; + fn RtlValidateUnicodeString( + Flags: ULONG, + String: PCUNICODE_STRING, + ) -> NTSTATUS; + fn RtlPrefixUnicodeString( + String1: PCUNICODE_STRING, + String2: PCUNICODE_STRING, + CaseInSensitive: BOOLEAN, + ) -> BOOLEAN; + fn RtlSuffixUnicodeString( + String1: PUNICODE_STRING, + String2: PUNICODE_STRING, + CaseInSensitive: BOOLEAN, + ) -> BOOLEAN; + fn RtlFindUnicodeSubstring( + FullString: PUNICODE_STRING, + SearchString: PUNICODE_STRING, + CaseInSensitive: BOOLEAN, + ) -> PWCHAR; +}} +pub const RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END: ULONG = 0x00000001; +pub const RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET: ULONG = 0x00000002; +pub const RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE: ULONG = 0x00000004; +EXTERN!{extern "system" { + fn RtlFindCharInUnicodeString( + Flags: ULONG, + StringToSearch: PUNICODE_STRING, + CharSet: PUNICODE_STRING, + NonInclusivePrefixLength: PUSHORT, + ) -> NTSTATUS; + fn RtlAppendUnicodeStringToString( + Destination: PUNICODE_STRING, + Source: PCUNICODE_STRING, + ) -> NTSTATUS; + fn RtlAppendUnicodeToString( + Destination: PUNICODE_STRING, + Source: PCWSTR, + ) -> NTSTATUS; + fn RtlUpcaseUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: PCUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + fn RtlDowncaseUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: PCUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + fn RtlEraseUnicodeString( + String: PUNICODE_STRING, + ); + fn RtlAnsiStringToUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: PCANSI_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + fn RtlUnicodeStringToAnsiString( + DestinationString: PANSI_STRING, + SourceString: PCUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + fn RtlAnsiCharToUnicodeChar( + SourceCharacter: *mut PUCHAR, + ) -> WCHAR; + fn RtlUpcaseUnicodeStringToAnsiString( + DestinationString: PANSI_STRING, + SourceString: PUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + fn RtlOemStringToUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: PCOEM_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + fn RtlUnicodeStringToOemString( + DestinationString: POEM_STRING, + SourceString: PCUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + fn RtlUpcaseUnicodeStringToOemString( + DestinationString: POEM_STRING, + SourceString: PUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + fn RtlUnicodeStringToCountedOemString( + DestinationString: POEM_STRING, + SourceString: PCUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + fn RtlUpcaseUnicodeStringToCountedOemString( + DestinationString: POEM_STRING, + SourceString: PCUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + fn RtlMultiByteToUnicodeN( + UnicodeString: PWCH, + MaxBytesInUnicodeString: ULONG, + BytesInUnicodeString: PULONG, + MultiByteString: *const CHAR, + BytesInMultiByteString: ULONG, + ) -> NTSTATUS; + fn RtlMultiByteToUnicodeSize( + BytesInUnicodeString: PULONG, + MultiByteString: *const CHAR, + BytesInMultiByteString: ULONG, + ) -> NTSTATUS; + fn RtlUnicodeToMultiByteN( + MultiByteString: PCHAR, + MaxBytesInMultiByteString: ULONG, + BytesInMultiByteString: PULONG, + UnicodeString: PCWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + fn RtlUnicodeToMultiByteSize( + BytesInMultiByteString: PULONG, + UnicodeString: PCWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + fn RtlUpcaseUnicodeToMultiByteN( + MultiByteString: PCHAR, + MaxBytesInMultiByteString: ULONG, + BytesInMultiByteString: PULONG, + UnicodeString: PCWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + fn RtlOemToUnicodeN( + UnicodeString: PWCH, + MaxBytesInUnicodeString: ULONG, + BytesInUnicodeString: PULONG, + OemString: PCCH, + BytesInOemString: ULONG, + ) -> NTSTATUS; + fn RtlUnicodeToOemN( + OemString: PCHAR, + MaxBytesInOemString: ULONG, + BytesInOemString: PULONG, + UnicodeString: PCWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + fn RtlUpcaseUnicodeToOemN( + OemString: PCHAR, + MaxBytesInOemString: ULONG, + BytesInOemString: PULONG, + UnicodeString: PCWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + fn RtlConsoleMultiByteToUnicodeN( + UnicodeString: PWCH, + MaxBytesInUnicodeString: ULONG, + BytesInUnicodeString: PULONG, + MultiByteString: PCH, + BytesInMultiByteString: ULONG, + pdwSpecialChar: PULONG, + ) -> NTSTATUS; + fn RtlUTF8ToUnicodeN( + UnicodeStringDestination: PWSTR, + UnicodeStringMaxByteCount: ULONG, + UnicodeStringActualByteCount: PULONG, + UTF8StringSource: PCCH, + UTF8StringByteCount: ULONG, + ) -> NTSTATUS; + fn RtlUnicodeToUTF8N( + UTF8StringDestination: PCHAR, + UTF8StringMaxByteCount: ULONG, + UTF8StringActualByteCount: PULONG, + UnicodeStringSource: PCWCH, + UnicodeStringByteCount: ULONG, + ) -> NTSTATUS; + fn RtlCustomCPToUnicodeN( + CustomCP: PCPTABLEINFO, + UnicodeString: PWCH, + MaxBytesInUnicodeString: ULONG, + BytesInUnicodeString: PULONG, + CustomCPString: PCH, + BytesInCustomCPString: ULONG, + ) -> NTSTATUS; + fn RtlUnicodeToCustomCPN( + CustomCP: PCPTABLEINFO, + CustomCPString: PCH, + MaxBytesInCustomCPString: ULONG, + BytesInCustomCPString: PULONG, + UnicodeString: PWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + fn RtlUpcaseUnicodeToCustomCPN( + CustomCP: PCPTABLEINFO, + CustomCPString: PCH, + MaxBytesInCustomCPString: ULONG, + BytesInCustomCPString: PULONG, + UnicodeString: PWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + fn RtlInitCodePageTable( + TableBase: PUSHORT, + CodePageTable: PCPTABLEINFO, + ); + fn RtlInitNlsTables( + AnsiNlsBase: PUSHORT, + OemNlsBase: PUSHORT, + LanguageNlsBase: PUSHORT, + TableInfo: PNLSTABLEINFO, + ); + fn RtlResetRtlTranslations( + TableInfo: PNLSTABLEINFO, + ); + fn RtlIsTextUnicode( + Buffer: PVOID, + Size: ULONG, + Result: PULONG, + ) -> BOOLEAN; +}} +ENUM!{enum RTL_NORM_FORM { + NormOther = 0x0, + NormC = 0x1, + NormD = 0x2, + NormKC = 0x5, + NormKD = 0x6, + NormIdna = 0xd, + DisallowUnassigned = 0x100, + NormCDisallowUnassigned = 0x101, + NormDDisallowUnassigned = 0x102, + NormKCDisallowUnassigned = 0x105, + NormKDDisallowUnassigned = 0x106, + NormIdnaDisallowUnassigned = 0x10d, +}} +EXTERN!{extern "system" { + fn RtlNormalizeString( + NormForm: ULONG, + SourceString: PCWSTR, + SourceStringLength: LONG, + DestinationString: PWSTR, + DestinationStringLength: PLONG, + ) -> NTSTATUS; + fn RtlIsNormalizedString( + NormForm: ULONG, + SourceString: PCWSTR, + SourceStringLength: LONG, + Normalized: PBOOLEAN, + ) -> NTSTATUS; + fn RtlIsNameInExpression( + Expression: PUNICODE_STRING, + Name: PUNICODE_STRING, + IgnoreCase: BOOLEAN, + UpcaseTable: PWCH, + ) -> BOOLEAN; + fn RtlIsNameInUnUpcasedExpression( + Expression: PUNICODE_STRING, + Name: PUNICODE_STRING, + IgnoreCase: BOOLEAN, + UpcaseTable: PWCH, + ) -> BOOLEAN; + fn RtlEqualDomainName( + String1: PUNICODE_STRING, + String2: PUNICODE_STRING, + ) -> BOOLEAN; + fn RtlEqualComputerName( + String1: PUNICODE_STRING, + String2: PUNICODE_STRING, + ) -> BOOLEAN; + fn RtlDnsHostNameToComputerName( + ComputerNameString: PUNICODE_STRING, + DnsHostNameString: PUNICODE_STRING, + AllocateComputerNameString: BOOLEAN, + ) -> NTSTATUS; + fn RtlStringFromGUID( + Guid: *const GUID, + GuidString: PUNICODE_STRING, + ) -> NTSTATUS; + fn RtlStringFromGUIDEx( + Guid: *mut GUID, + GuidString: PUNICODE_STRING, + AllocateGuidString: BOOLEAN, + ) -> NTSTATUS; + fn RtlGUIDFromString( + GuidString: PCUNICODE_STRING, + Guid: *mut GUID, + ) -> NTSTATUS; + fn RtlCompareAltitudes( + Altitude1: PCUNICODE_STRING, + Altitude2: PCUNICODE_STRING, + ) -> LONG; + fn RtlIdnToAscii( + Flags: ULONG, + SourceString: PCWSTR, + SourceStringLength: LONG, + DestinationString: PWSTR, + DestinationStringLength: PLONG, + ) -> NTSTATUS; + fn RtlIdnToUnicode( + Flags: ULONG, + SourceString: PCWSTR, + SourceStringLength: LONG, + DestinationString: PWSTR, + DestinationStringLength: PLONG, + ) -> NTSTATUS; + fn RtlIdnToNameprepUnicode( + Flags: ULONG, + SourceString: PCWSTR, + SourceStringLength: LONG, + DestinationString: PWSTR, + DestinationStringLength: PLONG, + ) -> NTSTATUS; +}} +STRUCT!{struct PREFIX_TABLE_ENTRY { + NodeTypeCode: CSHORT, + NameLength: CSHORT, + NextPrefixTree: *mut PREFIX_TABLE_ENTRY, + Links: RTL_SPLAY_LINKS, + Prefix: PSTRING, +}} +pub type PPREFIX_TABLE_ENTRY = *mut PREFIX_TABLE_ENTRY; +STRUCT!{struct PREFIX_TABLE { + NodeTypeCode: CSHORT, + NameLength: CSHORT, + NextPrefixTree: PPREFIX_TABLE_ENTRY, +}} +pub type PPREFIX_TABLE = *mut PREFIX_TABLE; +EXTERN!{extern "system" { + fn PfxInitialize( + PrefixTable: PPREFIX_TABLE, + ); + fn PfxInsertPrefix( + PrefixTable: PPREFIX_TABLE, + Prefix: PSTRING, + PrefixTableEntry: PPREFIX_TABLE_ENTRY, + ) -> BOOLEAN; + fn PfxRemovePrefix( + PrefixTable: PPREFIX_TABLE, + PrefixTableEntry: PPREFIX_TABLE_ENTRY, + ); + fn PfxFindPrefix( + PrefixTable: PPREFIX_TABLE, + FullName: PSTRING, + ) -> PPREFIX_TABLE_ENTRY; +}} +STRUCT!{struct UNICODE_PREFIX_TABLE_ENTRY { + NodeTypeCode: CSHORT, + NameLength: CSHORT, + NextPrefixTree: *mut UNICODE_PREFIX_TABLE_ENTRY, + CaseMatch: *mut UNICODE_PREFIX_TABLE_ENTRY, + Links: RTL_SPLAY_LINKS, + Prefix: PUNICODE_STRING, +}} +pub type PUNICODE_PREFIX_TABLE_ENTRY = *mut UNICODE_PREFIX_TABLE_ENTRY; +STRUCT!{struct UNICODE_PREFIX_TABLE { + NodeTypeCode: CSHORT, + NameLength: CSHORT, + NextPrefixTree: PUNICODE_PREFIX_TABLE_ENTRY, + LastNextEntry: PUNICODE_PREFIX_TABLE_ENTRY, +}} +pub type PUNICODE_PREFIX_TABLE = *mut UNICODE_PREFIX_TABLE; +EXTERN!{extern "system" { + fn RtlInitializeUnicodePrefix( + PrefixTable: PUNICODE_PREFIX_TABLE, + ); + fn RtlInsertUnicodePrefix( + PrefixTable: PUNICODE_PREFIX_TABLE, + Prefix: PUNICODE_STRING, + PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY, + ) -> BOOLEAN; + fn RtlRemoveUnicodePrefix( + PrefixTable: PUNICODE_PREFIX_TABLE, + PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY, + ); + fn RtlFindUnicodePrefix( + PrefixTable: PUNICODE_PREFIX_TABLE, + FullName: PCUNICODE_STRING, + CaseInsensitiveIndex: ULONG, + ) -> PUNICODE_PREFIX_TABLE_ENTRY; + fn RtlNextUnicodePrefix( + PrefixTable: PUNICODE_PREFIX_TABLE, + Restart: BOOLEAN, + ) -> PUNICODE_PREFIX_TABLE_ENTRY; +}} +STRUCT!{struct COMPRESSED_DATA_INFO { + CompressionFormatAndEngine: USHORT, + CompressionUnitShift: UCHAR, + ChunkShift: UCHAR, + ClusterShift: UCHAR, + Reserved: UCHAR, + NumberOfChunks: USHORT, + CompressedChunkSizes: [ULONG; 1], +}} +pub type PCOMPRESSED_DATA_INFO = *mut COMPRESSED_DATA_INFO; +EXTERN!{extern "system" { + fn RtlGetCompressionWorkSpaceSize( + CompressionFormatAndEngine: USHORT, + CompressBufferWorkSpaceSize: PULONG, + CompressFragmentWorkSpaceSize: PULONG, + ) -> NTSTATUS; + fn RtlCompressBuffer( + CompressionFormatAndEngine: USHORT, + UncompressedBuffer: PUCHAR, + UncompressedBufferSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + UncompressedChunkSize: ULONG, + FinalCompressedSize: PULONG, + WorkSpace: PVOID, + ) -> NTSTATUS; + fn RtlDecompressBuffer( + CompressionFormat: USHORT, + UncompressedBuffer: PUCHAR, + UncompressedBufferSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + FinalUncompressedSize: PULONG, + ) -> NTSTATUS; + fn RtlDecompressBufferEx( + CompressionFormat: USHORT, + UncompressedBuffer: PUCHAR, + UncompressedBufferSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + FinalUncompressedSize: PULONG, + WorkSpace: PVOID, + ) -> NTSTATUS; + fn RtlDecompressFragment( + CompressionFormat: USHORT, + UncompressedFragment: PUCHAR, + UncompressedFragmentSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + FragmentOffset: ULONG, + FinalUncompressedSize: PULONG, + WorkSpace: PVOID, + ) -> NTSTATUS; + fn RtlDescribeChunk( + CompressionFormat: USHORT, + CompressedBuffer: *mut PUCHAR, + EndOfCompressedBufferPlus1: PUCHAR, + ChunkBuffer: *mut PUCHAR, + ChunkSize: PULONG, + ) -> NTSTATUS; + fn RtlReserveChunk( + CompressionFormat: USHORT, + CompressedBuffer: *mut PUCHAR, + EndOfCompressedBufferPlus1: PUCHAR, + ChunkBuffer: *mut PUCHAR, + ChunkSize: ULONG, + ) -> NTSTATUS; + fn RtlDecompressChunks( + UncompressedBuffer: PUCHAR, + UncompressedBufferSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + CompressedTail: PUCHAR, + CompressedTailSize: ULONG, + CompressedDataInfo: PCOMPRESSED_DATA_INFO, + ) -> NTSTATUS; + fn RtlCompressChunks( + UncompressedBuffer: PUCHAR, + UncompressedBufferSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + CompressedDataInfo: PCOMPRESSED_DATA_INFO, + CompressedDataInfoLength: ULONG, + WorkSpace: PVOID, + ) -> NTSTATUS; + fn RtlConvertLCIDToString( + LcidValue: LCID, + Base: ULONG, + Padding: ULONG, + pResultBuf: PWSTR, + Size: ULONG, + ) -> NTSTATUS; + fn RtlIsValidLocaleName( + LocaleName: PWSTR, + Flags: ULONG, + ) -> BOOLEAN; + fn RtlGetParentLocaleName( + LocaleName: PWSTR, + ParentLocaleName: PUNICODE_STRING, + Flags: ULONG, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + fn RtlLcidToLocaleName( + lcid: LCID, + LocaleName: PUNICODE_STRING, + Flags: ULONG, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + fn RtlLocaleNameToLcid( + LocaleName: PWSTR, + lcid: PLCID, + Flags: ULONG, + ) -> NTSTATUS; + fn RtlLCIDToCultureName( + Lcid: LCID, + String: PUNICODE_STRING, + ) -> BOOLEAN; + fn RtlCultureNameToLCID( + String: PUNICODE_STRING, + Lcid: PLCID, + ) -> BOOLEAN; + fn RtlCleanUpTEBLangLists(); + fn RtlGetLocaleFileMappingAddress( + BaseAddress: *mut PVOID, + DefaultLocaleId: PLCID, + DefaultCasingTableSize: PLARGE_INTEGER, + ) -> NTSTATUS; + fn RtlGetCurrentPeb() -> PPEB; + fn RtlAcquirePebLock(); + fn RtlReleasePebLock(); + fn RtlTryAcquirePebLock() -> LOGICAL; + fn RtlAllocateFromPeb( + Size: ULONG, + Block: *mut PVOID, + ) -> NTSTATUS; + fn RtlFreeToPeb( + Block: PVOID, + Size: ULONG, + ) -> NTSTATUS; +}} +pub const DOS_MAX_COMPONENT_LENGTH: u32 = 255; +pub const DOS_MAX_PATH_LENGTH: u32 = DOS_MAX_COMPONENT_LENGTH + 5; +STRUCT!{struct CURDIR { + DosPath: UNICODE_STRING, + Handle: HANDLE, +}} +pub type PCURDIR = *mut CURDIR; +pub const RTL_USER_PROC_CURDIR_CLOSE: u32 = 0x00000002; +pub const RTL_USER_PROC_CURDIR_INHERIT: u32 = 0x00000003; +STRUCT!{struct RTL_DRIVE_LETTER_CURDIR { + Flags: USHORT, + Length: USHORT, + TimeStamp: ULONG, + DosPath: STRING, +}} +pub type PRTL_DRIVE_LETTER_CURDIR = *mut RTL_DRIVE_LETTER_CURDIR; +pub const RTL_MAX_DRIVE_LETTERS: usize = 32; +pub const RTL_DRIVE_LETTER_VALID: USHORT = 0x0001; +STRUCT!{struct RTL_USER_PROCESS_PARAMETERS { + MaximumLength: ULONG, + Length: ULONG, + Flags: ULONG, + DebugFlags: ULONG, + ConsoleHandle: HANDLE, + ConsoleFlags: ULONG, + StandardInput: HANDLE, + StandardOutput: HANDLE, + StandardError: HANDLE, + CurrentDirectory: CURDIR, + DllPath: UNICODE_STRING, + ImagePathName: UNICODE_STRING, + CommandLine: UNICODE_STRING, + Environment: PVOID, + StartingX: ULONG, + StartingY: ULONG, + CountX: ULONG, + CountY: ULONG, + CountCharsX: ULONG, + CountCharsY: ULONG, + FillAttribute: ULONG, + WindowFlags: ULONG, + ShowWindowFlags: ULONG, + WindowTitle: UNICODE_STRING, + DesktopInfo: UNICODE_STRING, + ShellInfo: UNICODE_STRING, + RuntimeData: UNICODE_STRING, + CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR; RTL_MAX_DRIVE_LETTERS], + EnvironmentSize: ULONG_PTR, + EnvironmentVersion: ULONG_PTR, + PackageDependencyData: PVOID, + ProcessGroupId: ULONG, + LoaderThreads: ULONG, +}} +pub type PRTL_USER_PROCESS_PARAMETERS = *mut RTL_USER_PROCESS_PARAMETERS; +pub const RTL_USER_PROC_PARAMS_NORMALIZED: ULONG = 0x00000001; +pub const RTL_USER_PROC_PROFILE_USER: ULONG = 0x00000002; +pub const RTL_USER_PROC_PROFILE_KERNEL: ULONG = 0x00000004; +pub const RTL_USER_PROC_PROFILE_SERVER: ULONG = 0x00000008; +pub const RTL_USER_PROC_RESERVE_1MB: ULONG = 0x00000020; +pub const RTL_USER_PROC_RESERVE_16MB: ULONG = 0x00000040; +pub const RTL_USER_PROC_CASE_SENSITIVE: ULONG = 0x00000080; +pub const RTL_USER_PROC_DISABLE_HEAP_DECOMMIT: ULONG = 0x00000100; +pub const RTL_USER_PROC_DLL_REDIRECTION_LOCAL: ULONG = 0x00001000; +pub const RTL_USER_PROC_APP_MANIFEST_PRESENT: ULONG = 0x00002000; +pub const RTL_USER_PROC_IMAGE_KEY_MISSING: ULONG = 0x00004000; +pub const RTL_USER_PROC_OPTIN_PROCESS: ULONG = 0x00020000; +EXTERN!{extern "system" { + fn RtlCreateProcessParameters( + pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS, + ImagePathName: PUNICODE_STRING, + DllPath: PUNICODE_STRING, + CurrentDirectory: PUNICODE_STRING, + CommandLine: PUNICODE_STRING, + Environment: PVOID, + WindowTitle: PUNICODE_STRING, + DesktopInfo: PUNICODE_STRING, + ShellInfo: PUNICODE_STRING, + RuntimeData: PUNICODE_STRING, + ) -> NTSTATUS; + fn RtlCreateProcessParametersEx( + pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS, + ImagePathName: PUNICODE_STRING, + DllPath: PUNICODE_STRING, + CurrentDirectory: PUNICODE_STRING, + CommandLine: PUNICODE_STRING, + Environment: PVOID, + WindowTitle: PUNICODE_STRING, + DesktopInfo: PUNICODE_STRING, + ShellInfo: PUNICODE_STRING, + RuntimeData: PUNICODE_STRING, + Flags: ULONG, + ) -> NTSTATUS; + fn RtlDestroyProcessParameters( + ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, + ) -> NTSTATUS; + fn RtlNormalizeProcessParams( + ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, + ) -> PRTL_USER_PROCESS_PARAMETERS; + fn RtlDeNormalizeProcessParams( + ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, + ) -> PRTL_USER_PROCESS_PARAMETERS; +}} +STRUCT!{struct RTL_USER_PROCESS_INFORMATION { + Length: ULONG, + Process: HANDLE, + Thread: HANDLE, + ClientId: CLIENT_ID, + ImageInformation: SECTION_IMAGE_INFORMATION, +}} +pub type PRTL_USER_PROCESS_INFORMATION = *mut RTL_USER_PROCESS_INFORMATION; +EXTERN!{extern "system" { + fn RtlCreateUserProcess( + NtImagePathName: PUNICODE_STRING, + AttributesDeprecated: ULONG, + ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, + ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR, + ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, + ParentProcess: HANDLE, + InheritHandles: BOOLEAN, + DebugPort: HANDLE, + TokenHandle: HANDLE, + ProcessInformation: PRTL_USER_PROCESS_INFORMATION, + ) -> NTSTATUS; + fn RtlCreateUserProcessEx( + NtImagePathName: PUNICODE_STRING, + ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, + InheritHandles: BOOLEAN, + Flags: ULONG, + ProcessInformation: PRTL_USER_PROCESS_INFORMATION, + ) -> NTSTATUS; + fn RtlExitUserProcess( + ExitStatus: NTSTATUS, + ); +}} +pub const RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001; +pub const RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES: ULONG = 0x00000002; +pub const RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE: ULONG = 0x00000004; +EXTERN!{extern "system" { + fn RtlCloneUserProcess( + ProcessFlags: ULONG, + ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR, + ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, + DebugPort: HANDLE, + ProcessInformation: PRTL_USER_PROCESS_INFORMATION, + ) -> NTSTATUS; + fn RtlUpdateClonedCriticalSection( + CriticalSection: PRTL_CRITICAL_SECTION, + ); + fn RtlUpdateClonedSRWLock( + SRWLock: PRTL_SRWLOCK, + Shared: LOGICAL, + ); +}} +STRUCT!{struct RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION { + ReflectionProcessHandle: HANDLE, + ReflectionThreadHandle: HANDLE, + ReflectionClientId: CLIENT_ID, +}} +pub type PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION = + *mut RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION; +EXTERN!{extern "system" { + fn RtlCreateProcessReflection( + ProcessHandle: HANDLE, + Flags: ULONG, + StartRoutine: PVOID, + StartContext: PVOID, + EventHandle: HANDLE, + ReflectionInformation: PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION, + ) -> NTSTATUS; +}} +EXTERN!{extern "C" { + fn RtlSetProcessIsCritical( + NewValue: BOOLEAN, + OldValue: PBOOLEAN, + CheckFlag: BOOLEAN, + ) -> NTSTATUS; + fn RtlSetThreadIsCritical( + NewValue: BOOLEAN, + OldValue: PBOOLEAN, + CheckFlag: BOOLEAN, + ) -> NTSTATUS; +}} +EXTERN!{extern "system" { + fn RtlValidProcessProtection( + ProcessProtection: PS_PROTECTION, + ) -> BOOLEAN; + fn RtlTestProtectedAccess( + Source: PS_PROTECTION, + Target: PS_PROTECTION, + ) -> BOOLEAN; + fn RtlIsCurrentProcess( + ProcessHandle: HANDLE, + ) -> BOOLEAN; + fn RtlIsCurrentThread( + ThreadHandle: HANDLE, + ) -> BOOLEAN; +}} +FN!{stdcall PUSER_THREAD_START_ROUTINE( + ThreadParameter: PVOID, +) -> NTSTATUS} +EXTERN!{extern "system" { + fn RtlCreateUserThread( + Process: HANDLE, + ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, + CreateSuspended: BOOLEAN, + ZeroBits: ULONG, + MaximumStackSize: SIZE_T, + CommittedStackSize: SIZE_T, + StartAddress: PUSER_THREAD_START_ROUTINE, + Parameter: PVOID, + Thread: PHANDLE, + ClientId: PCLIENT_ID, + ) -> NTSTATUS; + fn RtlExitUserThread( + ExitStatus: NTSTATUS, + ); + fn RtlIsCurrentThreadAttachExempt() -> BOOLEAN; + fn RtlCreateUserStack( + CommittedStackSize: SIZE_T, + MaximumStackSize: SIZE_T, + ZeroBits: ULONG_PTR, + PageSize: SIZE_T, + ReserveAlignment: ULONG_PTR, + InitialTeb: PINITIAL_TEB, + ) -> NTSTATUS; + fn RtlFreeUserStack( + AllocationBase: PVOID, + ) -> NTSTATUS; +}} +STRUCT!{struct CONTEXT_CHUNK { + Offset: LONG, + Length: ULONG, +}} +pub type PCONTEXT_CHUNK = *mut CONTEXT_CHUNK; +STRUCT!{struct CONTEXT_EX { + All: CONTEXT_CHUNK, + Legacy: CONTEXT_CHUNK, + XState: CONTEXT_CHUNK, +}} +pub type PCONTEXT_EX = *mut CONTEXT_EX; +pub const CONTEXT_EX_LENGTH: usize = 4096; +#[macro_export] +macro_rules! RTL_CONTEXT_EX_OFFSET { + ($ContextEx:expr, $Chunk:ident) => { + (*$ContextEx).$Chunk.Offset + }; +} +#[macro_export] +macro_rules! RTL_CONTEXT_EX_LENGTH { + ($ContextEx:expr, $Chunk:ident) => { + (*$ContextEx).$Chunk.Length + }; +} +#[macro_export] +macro_rules! RTL_CONTEXT_EX_CHUNK { + ($Base:expr, $Layout:expr, $Chunk:ident) => { + ($Base as usize + RTL_CONTEXT_EX_OFFSET!($Layout, $Chunk) as usize) as *mut c_void + }; +} +#[macro_export] +macro_rules! RTL_CONTEXT_OFFSET { + ($Context:expr, $Chunk:ident) => { + RTL_CONTEXT_EX_OFFSET!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) + as *const $crate::ntrtl::CONTEXT_EX, $Chunk) + }; +} +#[macro_export] +macro_rules! RTL_CONTEXT_LENGTH { + ($Context:expr, $Chunk:ident) => { + RTL_CONTEXT_EX_LENGTH!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) + as *const $crate::ntrtl::CONTEXT_EX, $Chunk) + }; +} +#[macro_export] +macro_rules! RTL_CONTEXT_CHUNK { + ($Context:expr, $Chunk:ident) => { + RTL_CONTEXT_EX_CHUNK!( + ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) + as *const $crate::ntrtl::CONTEXT_EX, + ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) + as *const $crate::ntrtl::CONTEXT_EX, + $Chunk + ) + }; +} +EXTERN!{extern "system" { + fn RtlInitializeContext( + Process: HANDLE, + Context: PCONTEXT, + Parameter: PVOID, + InitialPc: PVOID, + InitialSp: PVOID, + ); + fn RtlInitializeExtendedContext( + Context: PCONTEXT, + ContextFlags: ULONG, + ContextEx: *mut PCONTEXT_EX, + ) -> ULONG; + fn RtlCopyExtendedContext( + Destination: PCONTEXT_EX, + ContextFlags: ULONG, + Source: PCONTEXT_EX, + ) -> ULONG; + fn RtlGetExtendedContextLength( + ContextFlags: ULONG, + ContextLength: PULONG, + ) -> ULONG; + fn RtlGetExtendedFeaturesMask( + ContextEx: PCONTEXT_EX, + ) -> ULONG64; + fn RtlLocateExtendedFeature( + ContextEx: PCONTEXT_EX, + FeatureId: ULONG, + Length: PULONG, + ) -> PVOID; + fn RtlLocateLegacyContext( + ContextEx: PCONTEXT_EX, + Length: PULONG, + ) -> PCONTEXT; + fn RtlSetExtendedFeaturesMask( + ContextEx: PCONTEXT_EX, + FeatureMask: ULONG64, + ); +}} +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +EXTERN!{extern "system" { + fn RtlWow64GetThreadContext( + ThreadHandle: HANDLE, + ThreadContext: PWOW64_CONTEXT, + ) -> NTSTATUS; + fn RtlWow64SetThreadContext( + ThreadHandle: HANDLE, + ThreadContext: PWOW64_CONTEXT, + ) -> NTSTATUS; +}} +EXTERN!{extern "system" { + fn RtlRemoteCall( + Process: HANDLE, + Thread: HANDLE, + CallSite: PVOID, + ArgumentCount: ULONG, + Arguments: PULONG_PTR, + PassContext: BOOLEAN, + AlreadySuspended: BOOLEAN, + ) -> NTSTATUS; + fn RtlAddVectoredExceptionHandler( + First: ULONG, + Handler: PVECTORED_EXCEPTION_HANDLER, + ) -> PVOID; + fn RtlRemoveVectoredExceptionHandler( + Handle: PVOID, + ) -> ULONG; + fn RtlAddVectoredContinueHandler( + First: ULONG, + Handler: PVECTORED_EXCEPTION_HANDLER, + ) -> PVOID; + fn RtlRemoveVectoredContinueHandler( + Handle: PVOID, + ) -> ULONG; +}} +FN!{stdcall PRTLP_UNHANDLED_EXCEPTION_FILTER( + ExceptionInfo: PEXCEPTION_POINTERS, +) -> ULONG} +EXTERN!{extern "system" { + fn RtlSetUnhandledExceptionFilter( + UnhandledExceptionFilter: PRTLP_UNHANDLED_EXCEPTION_FILTER, + ); + fn RtlUnhandledExceptionFilter( + ExceptionPointers: PEXCEPTION_POINTERS, + ) -> LONG; + fn RtlUnhandledExceptionFilter2( + ExceptionPointers: PEXCEPTION_POINTERS, + Flags: ULONG, + ) -> LONG; + fn RtlKnownExceptionFilter( + ExceptionPointers: PEXCEPTION_POINTERS, + ) -> LONG; +}} +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +IFDEF!{ +ENUM!{enum FUNCTION_TABLE_TYPE { + RF_SORTED = 0, + RF_UNSORTED = 1, + RF_CALLBACK = 2, + RF_KERNEL_DYNAMIC = 3, +}} +STRUCT!{struct DYNAMIC_FUNCTION_TABLE { + ListEntry: LIST_ENTRY, + FunctionTable: PRUNTIME_FUNCTION, + TimeStamp: LARGE_INTEGER, + MinimumAddress: ULONG64, + MaximumAddress: ULONG64, + BaseAddress: ULONG64, + Callback: PGET_RUNTIME_FUNCTION_CALLBACK, + Context: PVOID, + OutOfProcessCallbackDll: PWSTR, + Type: FUNCTION_TABLE_TYPE, + EntryCount: ULONG, + TreeNode: RTL_BALANCED_NODE, +}} +pub type PDYNAMIC_FUNCTION_TABLE = *mut DYNAMIC_FUNCTION_TABLE; +EXTERN!{extern "system" { + fn RtlGetFunctionTableListHead() -> PLIST_ENTRY; +}} +} +EXTERN!{extern "system" { + fn RtlImageNtHeader( + BaseOfImage: PVOID, + ) -> PIMAGE_NT_HEADERS; +}} +pub const RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK: ULONG = 0x00000001; +EXTERN!{extern "system" { + fn RtlImageNtHeaderEx( + Flags: ULONG, + BaseOfImage: PVOID, + Size: ULONG64, + OutHeaders: *mut PIMAGE_NT_HEADERS, + ) -> NTSTATUS; + fn RtlAddressInSectionTable( + NtHeaders: PIMAGE_NT_HEADERS, + BaseOfImage: PVOID, + VirtualAddress: ULONG, + ) -> PVOID; + fn RtlSectionTableFromVirtualAddress( + NtHeaders: PIMAGE_NT_HEADERS, + BaseOfImage: PVOID, + VirtualAddress: ULONG, + ) -> PIMAGE_SECTION_HEADER; + fn RtlImageDirectoryEntryToData( + BaseOfImage: PVOID, + MappedAsImage: BOOLEAN, + DirectoryEntry: USHORT, + Size: PULONG, + ) -> PVOID; + fn RtlImageRvaToSection( + NtHeaders: PIMAGE_NT_HEADERS, + BaseOfImage: PVOID, + Rva: ULONG, + ) -> PIMAGE_SECTION_HEADER; + fn RtlImageRvaToVa( + NtHeaders: PIMAGE_NT_HEADERS, + BaseOfImage: PVOID, + Rva: ULONG, + LastRvaSection: *mut PIMAGE_SECTION_HEADER, + ) -> PVOID; + fn RtlFindExportedRoutineByName( + BaseOfImage: PVOID, + RoutineName: PSTR, + ) -> PVOID; + fn RtlGuardCheckLongJumpTarget( + PcValue: PVOID, + IsFastFail: BOOL, + IsLongJumpTarget: PBOOL, + ) -> NTSTATUS; + fn RtlCompareMemoryUlong( + Source: PVOID, + Length: SIZE_T, + Pattern: ULONG, + ) -> SIZE_T; + fn RtlFillMemoryUlong( + Destination: PVOID, + Length: SIZE_T, + Pattern: ULONG, + ); + fn RtlFillMemoryUlonglong( + Destination: PVOID, + Length: SIZE_T, + Pattern: ULONGLONG, + ); + fn RtlCreateEnvironment( + CloneCurrentEnvironment: BOOLEAN, + Environment: *mut PVOID, + ) -> NTSTATUS; +}} +pub const RTL_CREATE_ENVIRONMENT_TRANSLATE: ULONG = 0x1; +pub const RTL_CREATE_ENVIRONMENT_TRANSLATE_FROM_OEM: ULONG = 0x2; +pub const RTL_CREATE_ENVIRONMENT_EMPTY: ULONG = 0x4; +EXTERN!{extern "system" { + fn RtlCreateEnvironmentEx( + SourceEnv: PVOID, + Environment: *mut PVOID, + Flags: ULONG, + ) -> NTSTATUS; + fn RtlDestroyEnvironment( + Environment: PVOID, + ) -> NTSTATUS; + fn RtlSetCurrentEnvironment( + Environment: PVOID, + PreviousEnvironment: *mut PVOID, + ) -> NTSTATUS; + fn RtlSetEnvironmentVar( + Environment: *mut PWSTR, + Name: PWSTR, + NameLength: SIZE_T, + Value: PWSTR, + ValueLength: SIZE_T, + ) -> NTSTATUS; + fn RtlSetEnvironmentVariable( + Environment: *mut PVOID, + Name: PUNICODE_STRING, + Value: PUNICODE_STRING, + ) -> NTSTATUS; + fn RtlQueryEnvironmentVariable( + Environment: PVOID, + Name: PWSTR, + NameLength: SIZE_T, + Value: PWSTR, + ValueLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + fn RtlQueryEnvironmentVariable_U( + Environment: PVOID, + Name: PUNICODE_STRING, + Value: PUNICODE_STRING, + ) -> NTSTATUS; + fn RtlExpandEnvironmentStrings( + Environment: PVOID, + Src: PWSTR, + SrcLength: SIZE_T, + Dst: PWSTR, + DstLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + fn RtlExpandEnvironmentStrings_U( + Environment: PVOID, + Source: PUNICODE_STRING, + Destination: PUNICODE_STRING, + ReturnedLength: PULONG, + ) -> NTSTATUS; + fn RtlSetEnvironmentStrings( + NewEnvironment: PWCHAR, + NewEnvironmentSize: SIZE_T, + ) -> NTSTATUS; +}} +STRUCT!{struct RTLP_CURDIR_REF { + ReferenceCount: LONG, + DirectoryHandle: HANDLE, +}} +pub type PRTLP_CURDIR_REF = *mut RTLP_CURDIR_REF; +STRUCT!{struct RTL_RELATIVE_NAME_U { + RelativeName: UNICODE_STRING, + ContainingDirectory: HANDLE, + CurDirRef: PRTLP_CURDIR_REF, +}} +pub type PRTL_RELATIVE_NAME_U = *mut RTL_RELATIVE_NAME_U; +ENUM!{enum RTL_PATH_TYPE { + RtlPathTypeUnknown = 0, + RtlPathTypeUncAbsolute = 1, + RtlPathTypeDriveAbsolute = 2, + RtlPathTypeDriveRelative = 3, + RtlPathTypeRooted = 4, + RtlPathTypeRelative = 5, + RtlPathTypeLocalDevice = 6, + RtlPathTypeRootLocalDevice = 7, +}} +EXTERN!{extern "C" { + static mut RtlDosPathSeperatorsString: UNICODE_STRING; + static mut RtlAlternateDosPathSeperatorString: UNICODE_STRING; + static mut RtlNtPathSeperatorString: UNICODE_STRING; +}} +/// "ntdll.dll" +pub const RtlNtdllName: UTF16Const = UTF16Const(&[ + 0x006E, 0x0074, 0x0064, 0x006C, 0x006C, 0x002E, 0x0064, 0x006C, 0x006C, 0u16, +]); +EXTERN!{extern "system" { + fn RtlDetermineDosPathNameType_U( + DosFileName: PWSTR, + ) -> RTL_PATH_TYPE; + fn RtlDetermineDosPathNameType_Ustr( + DosFileName: PCUNICODE_STRING, + ) -> RTL_PATH_TYPE; + fn RtlIsDosDeviceName_U( + DosFileName: PWSTR, + ) -> ULONG; + fn RtlIsDosDeviceName_Ustr( + DosFileName: PUNICODE_STRING, + ) -> ULONG; + fn RtlGetFullPathName_U( + FileName: PWSTR, + BufferLength: ULONG, + Buffer: PWSTR, + FilePart: *mut PWSTR, + ) -> ULONG; + fn RtlGetFullPathName_UEx( + FileName: PWSTR, + BufferLength: ULONG, + Buffer: PWSTR, + FilePart: *mut PWSTR, + BytesRequired: *mut ULONG, + ) -> NTSTATUS; + fn RtlGetFullPathName_UstrEx( + FileName: PUNICODE_STRING, + StaticString: PUNICODE_STRING, + DynamicString: PUNICODE_STRING, + StringUsed: *mut PUNICODE_STRING, + FilePartPrefixCch: *mut SIZE_T, + NameInvalid: PBOOLEAN, + InputPathType: *mut RTL_PATH_TYPE, + BytesRequired: *mut SIZE_T, + ) -> NTSTATUS; + fn RtlGetCurrentDirectory_U( + BufferLength: ULONG, + Buffer: PWSTR, + ) -> ULONG; + fn RtlSetCurrentDirectory_U( + PathName: PUNICODE_STRING, + ) -> NTSTATUS; + fn RtlGetLongestNtPathLength() -> ULONG; + fn RtlDosPathNameToNtPathName_U( + DosFileName: PWSTR, + NtFileName: PUNICODE_STRING, + FilePart: *mut PWSTR, + RelativeName: PRTL_RELATIVE_NAME_U, + ) -> BOOLEAN; + fn RtlDosPathNameToNtPathName_U_WithStatus( + DosFileName: PWSTR, + NtFileName: PUNICODE_STRING, + FilePart: *mut PWSTR, + RelativeName: PRTL_RELATIVE_NAME_U, + ) -> NTSTATUS; + fn RtlDosLongPathNameToNtPathName_U_WithStatus( + DosFileName: PWSTR, + NtFileName: PUNICODE_STRING, + FilePart: *mut PWSTR, + RelativeName: PRTL_RELATIVE_NAME_U, + ) -> NTSTATUS; + fn RtlDosPathNameToRelativeNtPathName_U( + DosFileName: PWSTR, + NtFileName: PUNICODE_STRING, + FilePart: *mut PWSTR, + RelativeName: PRTL_RELATIVE_NAME_U, + ) -> BOOLEAN; + fn RtlDosPathNameToRelativeNtPathName_U_WithStatus( + DosFileName: PWSTR, + NtFileName: PUNICODE_STRING, + FilePart: *mut PWSTR, + RelativeName: PRTL_RELATIVE_NAME_U, + ) -> NTSTATUS; + fn RtlDosLongPathNameToRelativeNtPathName_U_WithStatus( + DosFileName: PWSTR, + NtFileName: PUNICODE_STRING, + FilePart: *mut PWSTR, + RelativeName: PRTL_RELATIVE_NAME_U, + ) -> NTSTATUS; + fn RtlReleaseRelativeName( + RelativeName: PRTL_RELATIVE_NAME_U, + ); + fn RtlDosSearchPath_U( + Path: PWSTR, + FileName: PWSTR, + Extension: PWSTR, + BufferLength: ULONG, + Buffer: PWSTR, + FilePart: *mut PWSTR, + ) -> ULONG; +}} +pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION: ULONG = 0x00000001; +pub const RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH: ULONG = 0x00000002; +pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION: ULONG = 0x00000004; +EXTERN!{extern "system" { + fn RtlDosSearchPath_Ustr( + Flags: ULONG, + Path: PUNICODE_STRING, + FileName: PUNICODE_STRING, + DefaultExtension: PUNICODE_STRING, + StaticString: PUNICODE_STRING, + DynamicString: PUNICODE_STRING, + FullFileNameOut: *mut PCUNICODE_STRING, + FilePartPrefixCch: *mut SIZE_T, + BytesRequired: *mut SIZE_T, + ) -> NTSTATUS; + fn RtlDoesFileExists_U( + FileName: PWSTR, + ) -> BOOLEAN; + fn RtlGetLengthWithoutLastFullDosOrNtPathElement( + Flags: ULONG, + PathString: PUNICODE_STRING, + Length: PULONG, + ) -> NTSTATUS; + fn RtlGetLengthWithoutTrailingPathSeperators( + Flags: ULONG, + PathString: PUNICODE_STRING, + Length: PULONG, + ) -> NTSTATUS; +}} +STRUCT!{struct GENERATE_NAME_CONTEXT { + Checksum: USHORT, + CheckSumInserted: BOOLEAN, + NameLength: UCHAR, + NameBuffer: [WCHAR; 8], + ExtensionLength: ULONG, + ExtensionBuffer: [WCHAR; 4], + LastIndexValue: ULONG, +}} +pub type PGENERATE_NAME_CONTEXT = *mut GENERATE_NAME_CONTEXT; +EXTERN!{extern "system" { + fn RtlGenerate8dot3Name( + Name: PCUNICODE_STRING, + AllowExtendedCharacters: BOOLEAN, + Context: PGENERATE_NAME_CONTEXT, + Name8dot3: PUNICODE_STRING, + ) -> NTSTATUS; + fn RtlComputePrivatizedDllName_U( + DllName: PUNICODE_STRING, + RealName: PUNICODE_STRING, + LocalName: PUNICODE_STRING, + ) -> NTSTATUS; + fn RtlGetSearchPath( + SearchPathA: *mut PWSTR, + ) -> BOOLEAN; + fn RtlSetSearchPathMode( + Flags: ULONG, + ) -> NTSTATUS; + fn RtlGetExePath() -> PWSTR; + fn RtlGetNtSystemRoot() -> PWSTR; + fn RtlAreLongPathsEnabled() -> BOOLEAN; + fn RtlIsThreadWithinLoaderCallout() -> BOOLEAN; + fn RtlDllShutdownInProgress() -> BOOLEAN; +}} +STRUCT!{struct RTL_HEAP_ENTRY_u_s1 { + Settable: SIZE_T, + Tag: ULONG, +}} +STRUCT!{struct RTL_HEAP_ENTRY_u_s2 { + CommittedSize: SIZE_T, + FirstBlock: PVOID, +}} +UNION!{union RTL_HEAP_ENTRY_u { + s1: RTL_HEAP_ENTRY_u_s1, + s2: RTL_HEAP_ENTRY_u_s2, +}} +STRUCT!{struct RTL_HEAP_ENTRY { + Size: SIZE_T, + Flags: USHORT, + AllocatorBackTraceIndex: USHORT, + u: RTL_HEAP_ENTRY_u, +}} +pub type PRTL_HEAP_ENTRY = *mut RTL_HEAP_ENTRY; +pub const RTL_HEAP_BUSY: USHORT = 0x0001; +pub const RTL_HEAP_SEGMENT: USHORT = 0x0002; +pub const RTL_HEAP_SETTABLE_VALUE: USHORT = 0x0010; +pub const RTL_HEAP_SETTABLE_FLAG1: USHORT = 0x0020; +pub const RTL_HEAP_SETTABLE_FLAG2: USHORT = 0x0040; +pub const RTL_HEAP_SETTABLE_FLAG3: USHORT = 0x0080; +pub const RTL_HEAP_SETTABLE_FLAGS: USHORT = 0x00e0; +pub const RTL_HEAP_UNCOMMITTED_RANGE: USHORT = 0x0100; +pub const RTL_HEAP_PROTECTED_ENTRY: USHORT = 0x0200; +STRUCT!{struct RTL_HEAP_TAG { + NumberOfAllocations: ULONG, + NumberOfFrees: ULONG, + BytesAllocated: SIZE_T, + TagIndex: USHORT, + CreatorBackTraceIndex: USHORT, + TagName: [WCHAR; 24], +}} +pub type PRTL_HEAP_TAG = *mut RTL_HEAP_TAG; +STRUCT!{struct RTL_HEAP_INFORMATION { + BaseAddress: PVOID, + Flags: ULONG, + EntryOverhead: USHORT, + CreatorBackTraceIndex: USHORT, + BytesAllocated: SIZE_T, + BytesCommitted: SIZE_T, + NumberOfTags: ULONG, + NumberOfEntries: ULONG, + NumberOfPseudoTags: ULONG, + PseudoTagGranularity: ULONG, + Reserved: [ULONG; 5], + Tags: PRTL_HEAP_TAG, + Entries: PRTL_HEAP_ENTRY, +}} +pub type PRTL_HEAP_INFORMATION = *mut RTL_HEAP_INFORMATION; +STRUCT!{struct RTL_PROCESS_HEAPS { + NumberOfHeaps: ULONG, + Heaps: [RTL_HEAP_INFORMATION; 1], +}} +pub type PRTL_PROCESS_HEAPS = *mut RTL_PROCESS_HEAPS; +FN!{stdcall PRTL_HEAP_COMMIT_ROUTINE( + Base: PVOID, + CommitAddress: *mut PVOID, + CommitSize: PSIZE_T, +) -> NTSTATUS} +STRUCT!{struct RTL_HEAP_PARAMETERS { + Length: ULONG, + SegmentReserve: SIZE_T, + SegmentCommit: SIZE_T, + DeCommitFreeBlockThreshold: SIZE_T, + DeCommitTotalFreeThreshold: SIZE_T, + MaximumAllocationSize: SIZE_T, + VirtualMemoryThreshold: SIZE_T, + InitialCommit: SIZE_T, + InitialReserve: SIZE_T, + CommitRoutine: PRTL_HEAP_COMMIT_ROUTINE, + Reserved: [SIZE_T; 2], +}} +pub type PRTL_HEAP_PARAMETERS = *mut RTL_HEAP_PARAMETERS; +pub const HEAP_SETTABLE_USER_VALUE: ULONG = 0x00000100; +pub const HEAP_SETTABLE_USER_FLAG1: ULONG = 0x00000200; +pub const HEAP_SETTABLE_USER_FLAG2: ULONG = 0x00000400; +pub const HEAP_SETTABLE_USER_FLAG3: ULONG = 0x00000800; +pub const HEAP_SETTABLE_USER_FLAGS: ULONG = 0x00000e00; +pub const HEAP_CLASS_0: ULONG = 0x00000000; +pub const HEAP_CLASS_1: ULONG = 0x00001000; +pub const HEAP_CLASS_2: ULONG = 0x00002000; +pub const HEAP_CLASS_3: ULONG = 0x00003000; +pub const HEAP_CLASS_4: ULONG = 0x00004000; +pub const HEAP_CLASS_5: ULONG = 0x00005000; +pub const HEAP_CLASS_6: ULONG = 0x00006000; +pub const HEAP_CLASS_7: ULONG = 0x00007000; +pub const HEAP_CLASS_8: ULONG = 0x00008000; +pub const HEAP_CLASS_MASK: ULONG = 0x0000f000; +EXTERN!{extern "system" { + fn RtlCreateHeap( + Flags: ULONG, + HeapBase: PVOID, + ReserveSize: SIZE_T, + CommitSize: SIZE_T, + Lock: PVOID, + Parameters: PRTL_HEAP_PARAMETERS, + ) -> PVOID; + fn RtlDestroyHeap( + HeapHandle: PVOID, + ) -> PVOID; + fn RtlAllocateHeap( + HeapHandle: PVOID, + Flags: ULONG, + Size: SIZE_T, + ) -> PVOID; + fn RtlFreeHeap( + HeapHandle: PVOID, + Flags: ULONG, + BaseAddress: PVOID, + ) -> BOOLEAN; + fn RtlSizeHeap( + HeapHandle: PVOID, + Flags: ULONG, + BaseAddress: PVOID, + ) -> SIZE_T; + fn RtlZeroHeap( + HeapHandle: PVOID, + Flags: ULONG, + ) -> NTSTATUS; + fn RtlProtectHeap( + HeapHandle: PVOID, + MakeReadOnly: BOOLEAN, + ); +}} +#[inline] #[cfg(all(feature = "beta", not(target_arch = "aarch64")))] +pub unsafe fn RtlProcessHeap() -> PVOID { + use crate::ntpsapi::NtCurrentPeb; + (*NtCurrentPeb()).ProcessHeap +} +EXTERN!{extern "system" { + fn RtlLockHeap( + HeapHandle: PVOID, + ) -> BOOLEAN; + fn RtlUnlockHeap( + HeapHandle: PVOID, + ) -> BOOLEAN; + fn RtlReAllocateHeap( + HeapHandle: PVOID, + Flags: ULONG, + BaseAddress: PVOID, + Size: SIZE_T, + ) -> PVOID; + fn RtlGetUserInfoHeap( + HeapHandle: PVOID, + Flags: ULONG, + BaseAddress: PVOID, + UserValue: *mut PVOID, + UserFlags: PULONG, + ) -> BOOLEAN; + fn RtlSetUserValueHeap( + HeapHandle: PVOID, + Flags: ULONG, + BaseAddress: PVOID, + UserValue: PVOID, + ) -> BOOLEAN; + fn RtlSetUserFlagsHeap( + HeapHandle: PVOID, + Flags: ULONG, + BaseAddress: PVOID, + UserFlagsReset: ULONG, + UserFlagsSet: ULONG, + ) -> BOOLEAN; +}} +STRUCT!{struct RTL_HEAP_TAG_INFO { + NumberOfAllocations: ULONG, + NumberOfFrees: ULONG, + BytesAllocated: SIZE_T, +}} +pub type PRTL_HEAP_TAG_INFO = *mut RTL_HEAP_TAG_INFO; +EXTERN!{extern "system" { + fn RtlCreateTagHeap( + HeapHandle: PVOID, + Flags: ULONG, + TagPrefix: PWSTR, + TagNames: PWSTR, + ) -> ULONG; + fn RtlQueryTagHeap( + HeapHandle: PVOID, + Flags: ULONG, + TagIndex: USHORT, + ResetCounters: BOOLEAN, + TagInfo: PRTL_HEAP_TAG_INFO, + ) -> PWSTR; + fn RtlExtendHeap( + HeapHandle: PVOID, + Flags: ULONG, + Base: PVOID, + Size: SIZE_T, + ) -> NTSTATUS; + fn RtlCompactHeap( + HeapHandle: PVOID, + Flags: ULONG, + ) -> SIZE_T; + fn RtlValidateHeap( + HeapHandle: PVOID, + Flags: ULONG, + BaseAddress: PVOID, + ) -> BOOLEAN; + fn RtlValidateProcessHeaps() -> BOOLEAN; + fn RtlGetProcessHeaps( + NumberOfHeaps: ULONG, + ProcessHeaps: *mut PVOID, + ) -> ULONG; +}} +FN!{stdcall PRTL_ENUM_HEAPS_ROUTINE( + HeapHandle: PVOID, + Parameter: PVOID, +) -> NTSTATUS} +EXTERN!{extern "system" { + fn RtlEnumProcessHeaps( + EnumRoutine: PRTL_ENUM_HEAPS_ROUTINE, + Parameter: PVOID, + ) -> NTSTATUS; +}} +STRUCT!{struct RTL_HEAP_USAGE_ENTRY { + Next: *mut RTL_HEAP_USAGE_ENTRY, + Address: PVOID, + Size: SIZE_T, + AllocatorBackTraceIndex: USHORT, + TagIndex: USHORT, +}} +pub type PRTL_HEAP_USAGE_ENTRY = *mut RTL_HEAP_USAGE_ENTRY; +STRUCT!{struct RTL_HEAP_USAGE { + Length: ULONG, + BytesAllocated: SIZE_T, + BytesCommitted: SIZE_T, + BytesReserved: SIZE_T, + BytesReservedMaximum: SIZE_T, + Entries: PRTL_HEAP_USAGE_ENTRY, + AddedEntries: PRTL_HEAP_USAGE_ENTRY, + RemovedEntries: PRTL_HEAP_USAGE_ENTRY, + Reserved: [ULONG_PTR; 8], +}} +pub type PRTL_HEAP_USAGE = *mut RTL_HEAP_USAGE; +pub const HEAP_USAGE_ALLOCATED_BLOCKS: ULONG = HEAP_REALLOC_IN_PLACE_ONLY; +pub const HEAP_USAGE_FREE_BUFFER: ULONG = HEAP_ZERO_MEMORY; +EXTERN!{extern "system" { + fn RtlUsageHeap( + HeapHandle: PVOID, + Flags: ULONG, + Usage: PRTL_HEAP_USAGE, + ) -> NTSTATUS; +}} +STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Block { + Settable: SIZE_T, + TagIndex: USHORT, + AllocatorBackTraceIndex: USHORT, + Reserved: [ULONG; 2], +}} +STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Segment { + CommittedSize: ULONG, + UnCommittedSize: ULONG, + FirstEntry: PVOID, + LastEntry: PVOID, +}} +UNION!{union RTL_HEAP_WALK_ENTRY_u { + Block: RTL_HEAP_WALK_ENTRY_u_Block, + Segment: RTL_HEAP_WALK_ENTRY_u_Segment, +}} +STRUCT!{struct RTL_HEAP_WALK_ENTRY { + DataAddress: PVOID, + DataSize: SIZE_T, + OverheadBytes: UCHAR, + SegmentIndex: UCHAR, + Flags: USHORT, + u: RTL_HEAP_WALK_ENTRY_u, +}} +pub type PRTL_HEAP_WALK_ENTRY = *mut RTL_HEAP_WALK_ENTRY; +EXTERN!{extern "system" { + fn RtlWalkHeap( + HeapHandle: PVOID, + Entry: PRTL_HEAP_WALK_ENTRY, + ) -> NTSTATUS; +}} +pub const HeapDetailedFailureInformation: u32 = 0x80000001; +pub const HeapSetDebuggingInformation: u32 = 0x80000002; +ENUM!{enum HEAP_COMPATIBILITY_MODE { + HEAP_COMPATIBILITY_STANDARD = 0, + HEAP_COMPATIBILITY_LAL = 1, + HEAP_COMPATIBILITY_LFH = 2, +}} +STRUCT!{struct PROCESS_HEAP_INFORMATION { + ReserveSize: ULONG_PTR, + CommitSize: ULONG_PTR, + NumberOfHeaps: ULONG, + FirstHeapInformationOffset: ULONG_PTR, +}} +pub type PPROCESS_HEAP_INFORMATION = *mut PROCESS_HEAP_INFORMATION; +STRUCT!{struct HEAP_INFORMATION { + Address: ULONG_PTR, + Mode: ULONG, + ReserveSize: ULONG_PTR, + CommitSize: ULONG_PTR, + FirstRegionInformationOffset: ULONG_PTR, + NextHeapInformationOffset: ULONG_PTR, +}} +pub type PHEAP_INFORMATION = *mut HEAP_INFORMATION; +UNION!{union HEAP_EXTENDED_INFORMATION_u { + ProcessHeapInformation: PROCESS_HEAP_INFORMATION, + HeapInformation: HEAP_INFORMATION, +}} +STRUCT!{struct HEAP_EXTENDED_INFORMATION { + Process: HANDLE, + Heap: ULONG_PTR, + Level: ULONG, + CallbackRoutine: PVOID, + CallbackContext: PVOID, + u: HEAP_EXTENDED_INFORMATION_u, +}} +pub type PHEAP_EXTENDED_INFORMATION = *mut HEAP_EXTENDED_INFORMATION; +FN!{stdcall PRTL_HEAP_LEAK_ENUMERATION_ROUTINE( + Reserved: LONG, + HeapHandle: PVOID, + BaseAddress: PVOID, + BlockSize: SIZE_T, + StackTraceDepth: ULONG, + StackTrace: *mut PVOID, +) -> NTSTATUS} +STRUCT!{struct HEAP_DEBUGGING_INFORMATION { + InterceptorFunction: PVOID, + InterceptorValue: USHORT, + ExtendedOptions: ULONG, + StackTraceDepth: ULONG, + MinTotalBlockSize: SIZE_T, + MaxTotalBlockSize: SIZE_T, + HeapLeakEnumerationRoutine: PRTL_HEAP_LEAK_ENUMERATION_ROUTINE, +}} +pub type PHEAP_DEBUGGING_INFORMATION = *mut HEAP_DEBUGGING_INFORMATION; +EXTERN!{extern "system" { + fn RtlQueryHeapInformation( + HeapHandle: PVOID, + HeapInformationClass: HEAP_INFORMATION_CLASS, + HeapInformation: PVOID, + HeapInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + fn RtlSetHeapInformation( + HeapHandle: PVOID, + HeapInformationClass: HEAP_INFORMATION_CLASS, + HeapInformation: PVOID, + HeapInformationLength: SIZE_T, + ) -> NTSTATUS; + fn RtlMultipleAllocateHeap( + HeapHandle: PVOID, + Flags: ULONG, + Size: SIZE_T, + Count: ULONG, + Array: *mut PVOID, + ) -> ULONG; + fn RtlMultipleFreeHeap( + HeapHandle: PVOID, + Flags: ULONG, + Count: ULONG, + Array: *mut PVOID, + ) -> ULONG; + fn RtlDetectHeapLeaks(); + fn RtlFlushHeaps(); +}} +STRUCT!{struct RTL_MEMORY_ZONE_SEGMENT { + NextSegment: *mut RTL_MEMORY_ZONE_SEGMENT, + Size: SIZE_T, + Next: PVOID, + Limit: PVOID, +}} +pub type PRTL_MEMORY_ZONE_SEGMENT = *mut RTL_MEMORY_ZONE_SEGMENT; +STRUCT!{struct RTL_MEMORY_ZONE { + Segment: RTL_MEMORY_ZONE_SEGMENT, + Lock: RTL_SRWLOCK, + LockCount: ULONG, + FirstSegment: PRTL_MEMORY_ZONE_SEGMENT, +}} +pub type PRTL_MEMORY_ZONE = *mut RTL_MEMORY_ZONE; +EXTERN!{extern "system" { + fn RtlCreateMemoryZone( + MemoryZone: *mut PVOID, + InitialSize: SIZE_T, + Flags: ULONG, + ) -> NTSTATUS; + fn RtlDestroyMemoryZone( + MemoryZone: PVOID, + ) -> NTSTATUS; + fn RtlAllocateMemoryZone( + MemoryZone: PVOID, + BlockSize: SIZE_T, + Block: *mut PVOID, + ) -> NTSTATUS; + fn RtlResetMemoryZone( + MemoryZone: PVOID, + ) -> NTSTATUS; + fn RtlLockMemoryZone( + MemoryZone: PVOID, + ) -> NTSTATUS; + fn RtlUnlockMemoryZone( + MemoryZone: PVOID, + ) -> NTSTATUS; + fn RtlCreateMemoryBlockLookaside( + MemoryBlockLookaside: *mut PVOID, + Flags: ULONG, + InitialSize: ULONG, + MinimumBlockSize: ULONG, + MaximumBlockSize: ULONG, + ) -> NTSTATUS; + fn RtlDestroyMemoryBlockLookaside( + MemoryBlockLookaside: PVOID, + ) -> NTSTATUS; + fn RtlAllocateMemoryBlockLookaside( + MemoryBlockLookaside: PVOID, + BlockSize: ULONG, + Block: *mut PVOID, + ) -> NTSTATUS; + fn RtlFreeMemoryBlockLookaside( + MemoryBlockLookaside: PVOID, + Block: PVOID, + ) -> NTSTATUS; + fn RtlExtendMemoryBlockLookaside( + MemoryBlockLookaside: PVOID, + Increment: ULONG, + ) -> NTSTATUS; + fn RtlResetMemoryBlockLookaside( + MemoryBlockLookaside: PVOID, + ) -> NTSTATUS; + fn RtlLockMemoryBlockLookaside( + MemoryBlockLookaside: PVOID, + ) -> NTSTATUS; + fn RtlUnlockMemoryBlockLookaside( + MemoryBlockLookaside: PVOID, + ) -> NTSTATUS; + fn RtlGetCurrentTransaction() -> HANDLE; + fn RtlSetCurrentTransaction( + TransactionHandle: HANDLE, + ) -> LOGICAL; +}} +#[inline] +pub const fn RtlIsEqualLuid(L1: &LUID, L2: &LUID) -> bool { + ((L1.LowPart == L2.LowPart) & (L1.HighPart == L2.HighPart)) as u8 != 0 //fixme +} +#[inline] +pub const fn RtlIsZeroLuid(L1: &LUID) -> bool { + (L1.LowPart | L1.HighPart as u32) == 0 +} +#[inline] +pub const fn RtlConvertLongToLuid(Long: LONG) -> LUID { + LUID { LowPart: Long as u32, HighPart: ((Long as i64) >> 32) as i32 } +} +#[inline] +pub const fn RtlConvertUlongToLuid(Ulong: ULONG) -> LUID { + LUID { LowPart: Ulong, HighPart: 0 } +} +EXTERN!{extern "system" { + fn RtlCopyLuid( + DestinationLuid: PLUID, + SourceLuid: PLUID, + ); + fn RtlCopyLuidAndAttributesArray( + Count: ULONG, + Src: PLUID_AND_ATTRIBUTES, + Dest: PLUID_AND_ATTRIBUTES, + ); +}} +STRUCT!{struct RTL_PROCESS_VERIFIER_OPTIONS { + SizeStruct: ULONG, + Option: ULONG, + OptionData: [UCHAR; 1], +}} +pub type PRTL_PROCESS_VERIFIER_OPTIONS = *mut RTL_PROCESS_VERIFIER_OPTIONS; +UNION!{union RTL_DEBUG_INFORMATION_u { + Modules: *mut RTL_PROCESS_MODULES, + ModulesEx: *mut RTL_PROCESS_MODULE_INFORMATION_EX, +}} +STRUCT!{struct RTL_DEBUG_INFORMATION { + SectionHandleClient: HANDLE, + ViewBaseClient: PVOID, + ViewBaseTarget: PVOID, + ViewBaseDelta: ULONG_PTR, + EventPairClient: HANDLE, + EventPairTarget: HANDLE, + TargetProcessId: HANDLE, + TargetThreadHandle: HANDLE, + Flags: ULONG, + OffsetFree: SIZE_T, + CommitSize: SIZE_T, + ViewSize: SIZE_T, + u: RTL_DEBUG_INFORMATION_u, + BackTraces: *mut RTL_PROCESS_BACKTRACES, + Heaps: *mut RTL_PROCESS_HEAPS, + Locks: *mut RTL_PROCESS_LOCKS, + SpecificHeap: PVOID, + TargetProcessHandle: HANDLE, + VerifierOptions: PRTL_PROCESS_VERIFIER_OPTIONS, + ProcessHeap: PVOID, + CriticalSectionHandle: HANDLE, + CriticalSectionOwnerThread: HANDLE, + Reserved: [PVOID; 4], +}} +pub type PRTL_DEBUG_INFORMATION = *mut RTL_DEBUG_INFORMATION; +EXTERN!{extern "system" { + fn RtlCreateQueryDebugBuffer( + MaximumCommit: ULONG, + UseEventPair: BOOLEAN, + ) -> PRTL_DEBUG_INFORMATION; + fn RtlDestroyQueryDebugBuffer( + Buffer: PRTL_DEBUG_INFORMATION, + ) -> NTSTATUS; + fn RtlCommitDebugInfo( + Buffer: PRTL_DEBUG_INFORMATION, + Size: SIZE_T, + ) -> PVOID; + fn RtlDeCommitDebugInfo( + Buffer: PRTL_DEBUG_INFORMATION, + p: PVOID, + Size: SIZE_T, + ); +}} +pub const RTL_QUERY_PROCESS_MODULES: ULONG = 0x00000001; +pub const RTL_QUERY_PROCESS_BACKTRACES: ULONG = 0x00000002; +pub const RTL_QUERY_PROCESS_HEAP_SUMMARY: ULONG = 0x00000004; +pub const RTL_QUERY_PROCESS_HEAP_TAGS: ULONG = 0x00000008; +pub const RTL_QUERY_PROCESS_HEAP_ENTRIES: ULONG = 0x00000010; +pub const RTL_QUERY_PROCESS_LOCKS: ULONG = 0x00000020; +pub const RTL_QUERY_PROCESS_MODULES32: ULONG = 0x00000040; +pub const RTL_QUERY_PROCESS_VERIFIER_OPTIONS: ULONG = 0x00000080; +pub const RTL_QUERY_PROCESS_MODULESEX: ULONG = 0x00000100; +pub const RTL_QUERY_PROCESS_HEAP_ENTRIES_EX: ULONG = 0x00000200; +pub const RTL_QUERY_PROCESS_CS_OWNER: ULONG = 0x00000400; +pub const RTL_QUERY_PROCESS_NONINVASIVE: ULONG = 0x80000000; +EXTERN!{extern "system" { + fn RtlQueryProcessDebugInformation( + UniqueProcessId: HANDLE, + Flags: ULONG, + Buffer: PRTL_DEBUG_INFORMATION, + ) -> NTSTATUS; + fn RtlFindMessage( + DllHandle: PVOID, + MessageTableId: ULONG, + MessageLanguageId: ULONG, + MessageId: ULONG, + MessageEntry: *mut PMESSAGE_RESOURCE_ENTRY, + ) -> NTSTATUS; + fn RtlFormatMessage( + MessageFormat: PWSTR, + MaximumWidth: ULONG, + IgnoreInserts: BOOLEAN, + ArgumentsAreAnsi: BOOLEAN, + ArgumentsAreAnArray: BOOLEAN, + Arguments: *mut va_list, + Buffer: PWSTR, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; +}} +STRUCT!{struct PARSE_MESSAGE_CONTEXT { + fFlags: ULONG, + cwSavColumn: ULONG, + iwSrc: SIZE_T, + iwDst: SIZE_T, + iwDstSpace: SIZE_T, + lpvArgStart: va_list, +}} +pub type PPARSE_MESSAGE_CONTEXT = *mut PARSE_MESSAGE_CONTEXT; +#[inline] +pub fn INIT_PARSE_MESSAGE_CONTEXT(ctx: &mut PARSE_MESSAGE_CONTEXT) { + ctx.fFlags = 0; +} +#[inline] +pub fn TEST_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG { + ctx.fFlags & flag +} +#[inline] +pub fn SET_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG { + ctx.fFlags |= flag; + ctx.fFlags +} +#[inline] +pub fn CLEAR_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG { + ctx.fFlags &= !flag; + ctx.fFlags +} +EXTERN!{extern "system" { + fn RtlFormatMessageEx( + MessageFormat: PWSTR, + MaximumWidth: ULONG, + IgnoreInserts: BOOLEAN, + ArgumentsAreAnsi: BOOLEAN, + ArgumentsAreAnArray: BOOLEAN, + Arguments: *mut va_list, + Buffer: PWSTR, + Length: ULONG, + ReturnLength: PULONG, + ParseContext: PPARSE_MESSAGE_CONTEXT, + ) -> NTSTATUS; + fn RtlNtStatusToDosError( + Status: NTSTATUS, + ) -> ULONG; + fn RtlNtStatusToDosErrorNoTeb( + Status: NTSTATUS, + ) -> ULONG; + fn RtlGetLastNtStatus() -> NTSTATUS; + fn RtlGetLastWin32Error() -> LONG; + fn RtlSetLastWin32ErrorAndNtStatusFromNtStatus( + Status: NTSTATUS, + ); + fn RtlSetLastWin32Error( + Win32Error: LONG, + ); + fn RtlRestoreLastWin32Error( + Win32Error: LONG, + ); +}} +pub const RTL_ERRORMODE_FAILCRITICALERRORS: ULONG = 0x0010; +pub const RTL_ERRORMODE_NOGPFAULTERRORBOX: ULONG = 0x0020; +pub const RTL_ERRORMODE_NOOPENFILEERRORBOX: ULONG = 0x0040; +EXTERN!{extern "system" { + fn RtlGetThreadErrorMode() -> ULONG; + fn RtlSetThreadErrorMode( + NewMode: ULONG, + OldMode: PULONG, + ) -> NTSTATUS; + fn RtlReportException( + ExceptionRecord: PEXCEPTION_RECORD, + ContextRecord: PCONTEXT, + Flags: ULONG, + ) -> NTSTATUS; + fn RtlReportExceptionEx( + ExceptionRecord: PEXCEPTION_RECORD, + ContextRecord: PCONTEXT, + Flags: ULONG, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn RtlWerpReportException( + ProcessId: ULONG, + CrashReportSharedMem: HANDLE, + Flags: ULONG, + CrashVerticalProcessHandle: PHANDLE, + ) -> NTSTATUS; + fn RtlReportSilentProcessExit( + ProcessHandle: HANDLE, + ExitStatus: NTSTATUS, + ) -> NTSTATUS; + fn RtlUniform( + Seed: PULONG, + ) -> ULONG; + fn RtlRandom( + Seed: PULONG, + ) -> ULONG; + fn RtlRandomEx( + Seed: PULONG, + ) -> ULONG; + fn RtlComputeImportTableHash( + FileHandle: HANDLE, + Hash: PCHAR, + ImportTableHashRevision: ULONG, + ) -> NTSTATUS; + fn RtlIntegerToChar( + Value: ULONG, + Base: ULONG, + OutputLength: LONG, + String: PSTR, + ) -> NTSTATUS; + fn RtlCharToInteger( + String: PCSZ, + Base: ULONG, + Value: PULONG, + ) -> NTSTATUS; + fn RtlLargeIntegerToChar( + Value: PLARGE_INTEGER, + Base: ULONG, + OutputLength: LONG, + String: PSTR, + ) -> NTSTATUS; + fn RtlIntegerToUnicodeString( + Value: ULONG, + Base: ULONG, + String: PUNICODE_STRING, + ) -> NTSTATUS; + fn RtlInt64ToUnicodeString( + Value: ULONGLONG, + Base: ULONG, + String: PUNICODE_STRING, + ) -> NTSTATUS; + fn RtlUnicodeStringToInteger( + String: PCUNICODE_STRING, + Base: ULONG, + Value: PULONG, + ) -> NTSTATUS; + fn RtlIpv4AddressToStringExW( + Address: *const in_addr, + Port: USHORT, + AddressString: PWSTR, + AddressStringLength: PULONG, + ) -> NTSTATUS; + fn RtlIpv6AddressToStringExW( + Address: *const in6_addr, + ScopeId: ULONG, + Port: USHORT, + AddressString: PWSTR, + AddressStringLength: PULONG, + ) -> NTSTATUS; + fn RtlIpv4StringToAddressExW( + AddressString: PCWSTR, + Strict: BOOLEAN, + Address: *mut in_addr, + Port: PUSHORT, + ) -> NTSTATUS; + fn RtlIpv6StringToAddressExW( + AddressString: PCWSTR, + Address: *mut in6_addr, + ScopeId: PULONG, + Port: PUSHORT, + ) -> NTSTATUS; +}} +STRUCT!{struct TIME_FIELDS { + Year: CSHORT, + Month: CSHORT, + Day: CSHORT, + Hour: CSHORT, + Minute: CSHORT, + Second: CSHORT, + Milliseconds: CSHORT, + Weekday: CSHORT, +}} +pub type PTIME_FIELDS = *mut TIME_FIELDS; +EXTERN!{extern "system" { + fn RtlCutoverTimeToSystemTime( + CutoverTime: PTIME_FIELDS, + SystemTime: PLARGE_INTEGER, + CurrentSystemTime: PLARGE_INTEGER, + ThisYear: BOOLEAN, + ) -> BOOLEAN; + fn RtlSystemTimeToLocalTime( + SystemTime: PLARGE_INTEGER, + LocalTime: PLARGE_INTEGER, + ) -> NTSTATUS; + fn RtlLocalTimeToSystemTime( + LocalTime: PLARGE_INTEGER, + SystemTime: PLARGE_INTEGER, + ) -> NTSTATUS; + fn RtlTimeToElapsedTimeFields( + Time: PLARGE_INTEGER, + TimeFields: PTIME_FIELDS, + ); + fn RtlTimeToTimeFields( + Time: PLARGE_INTEGER, + TimeFields: PTIME_FIELDS, + ); + fn RtlTimeFieldsToTime( + TimeFields: PTIME_FIELDS, + Time: PLARGE_INTEGER, + ) -> BOOLEAN; + fn RtlTimeToSecondsSince1980( + Time: PLARGE_INTEGER, + ElapsedSeconds: PULONG, + ) -> BOOLEAN; + fn RtlSecondsSince1980ToTime( + ElapsedSeconds: ULONG, + Time: PLARGE_INTEGER, + ); + fn RtlTimeToSecondsSince1970( + Time: PLARGE_INTEGER, + ElapsedSeconds: PULONG, + ) -> BOOLEAN; + fn RtlSecondsSince1970ToTime( + ElapsedSeconds: ULONG, + Time: PLARGE_INTEGER, + ); +}} +STRUCT!{struct RTL_TIME_ZONE_INFORMATION { + Bias: LONG, + StandardName: [WCHAR; 32], + StandardStart: TIME_FIELDS, + StandardBias: LONG, + DaylightName: [WCHAR; 32], + DaylightStart: TIME_FIELDS, + DaylightBias: LONG, +}} +pub type PRTL_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION; +EXTERN!{extern "system" { + fn RtlQueryTimeZoneInformation( + TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION, + ) -> NTSTATUS; + fn RtlSetTimeZoneInformation( + TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION, + ) -> NTSTATUS; +}} +STRUCT!{struct RTL_BITMAP { + SizeOfBitMap: ULONG, + Buffer: PULONG, +}} +pub type PRTL_BITMAP = *mut RTL_BITMAP; +EXTERN!{extern "system" { + fn RtlInitializeBitMap( + BitMapHeader: PRTL_BITMAP, + BitMapBuffer: PULONG, + SizeOfBitMap: ULONG, + ); + fn RtlClearBit( + BitMapHeader: PRTL_BITMAP, + BitNumber: ULONG, + ); + fn RtlSetBit( + BitMapHeader: PRTL_BITMAP, + BitNumber: ULONG, + ); + fn RtlTestBit( + BitMapHeader: PRTL_BITMAP, + BitNumber: ULONG, + ) -> BOOLEAN; + fn RtlClearAllBits( + BitMapHeader: PRTL_BITMAP, + ); + fn RtlSetAllBits( + BitMapHeader: PRTL_BITMAP, + ); + fn RtlFindClearBits( + BitMapHeader: PRTL_BITMAP, + NumberToFind: ULONG, + HintIndex: ULONG, + ) -> ULONG; + fn RtlFindSetBits( + BitMapHeader: PRTL_BITMAP, + NumberToFind: ULONG, + HintIndex: ULONG, + ) -> ULONG; + fn RtlFindClearBitsAndSet( + BitMapHeader: PRTL_BITMAP, + NumberToFind: ULONG, + HintIndex: ULONG, + ) -> ULONG; + fn RtlFindSetBitsAndClear( + BitMapHeader: PRTL_BITMAP, + NumberToFind: ULONG, + HintIndex: ULONG, + ) -> ULONG; + fn RtlClearBits( + BitMapHeader: PRTL_BITMAP, + StartingIndex: ULONG, + NumberToClear: ULONG, + ); + fn RtlSetBits( + BitMapHeader: PRTL_BITMAP, + StartingIndex: ULONG, + NumberToSet: ULONG, + ); + fn RtlFindMostSignificantBit( + Set: ULONGLONG, + ) -> CCHAR; + fn RtlFindLeastSignificantBit( + Set: ULONGLONG, + ) -> CCHAR; +}} +STRUCT!{struct RTL_BITMAP_RUN { + StartingIndex: ULONG, + NumberOfBits: ULONG, +}} +pub type PRTL_BITMAP_RUN = *mut RTL_BITMAP_RUN; +EXTERN!{extern "system" { + fn RtlFindClearRuns( + BitMapHeader: PRTL_BITMAP, + RunArray: PRTL_BITMAP_RUN, + SizeOfRunArray: ULONG, + LocateLongestRuns: BOOLEAN, + ) -> ULONG; + fn RtlFindLongestRunClear( + BitMapHeader: PRTL_BITMAP, + StartingIndex: PULONG, + ) -> ULONG; + fn RtlFindFirstRunClear( + BitMapHeader: PRTL_BITMAP, + StartingIndex: PULONG, + ) -> ULONG; +}} +#[inline] +pub unsafe fn RtlCheckBit(BitMapHeader: &RTL_BITMAP, BitPosition: ULONG) -> u8 { + #[cfg(all(target_arch = "x86_64", feature = "beta"))] { + use crate::winapi_local::um::winnt::_bittest64; + _bittest64(BitMapHeader.Buffer as *const i64, BitPosition as i64) + } + #[cfg(any( + target_arch = "x86", + all(target_arch = "x86_64", not(feature = "beta")), + target_arch = "aarch64", + ))] { + (*BitMapHeader.Buffer.offset(BitPosition as isize / 32) >> (BitPosition % 32) & 1) as u8 + } +} +EXTERN!{extern "system" { + fn RtlNumberOfClearBits( + BitMapHeader: PRTL_BITMAP, + ) -> ULONG; + fn RtlNumberOfSetBits( + BitMapHeader: PRTL_BITMAP, + ) -> ULONG; + fn RtlAreBitsClear( + BitMapHeader: PRTL_BITMAP, + StartingIndex: ULONG, + Length: ULONG, + ) -> BOOLEAN; + fn RtlAreBitsSet( + BitMapHeader: PRTL_BITMAP, + StartingIndex: ULONG, + Length: ULONG, + ) -> BOOLEAN; + fn RtlFindNextForwardRunClear( + BitMapHeader: PRTL_BITMAP, + FromIndex: ULONG, + StartingRunIndex: PULONG, + ) -> ULONG; + fn RtlFindLastBackwardRunClear( + BitMapHeader: PRTL_BITMAP, + FromIndex: ULONG, + StartingRunIndex: PULONG, + ) -> ULONG; + fn RtlNumberOfSetBitsUlongPtr( + Target: ULONG_PTR, + ) -> ULONG; + fn RtlInterlockedClearBitRun( + BitMapHeader: PRTL_BITMAP, + StartingIndex: ULONG, + NumberToClear: ULONG, + ); + fn RtlInterlockedSetBitRun( + BitMapHeader: PRTL_BITMAP, + StartingIndex: ULONG, + NumberToSet: ULONG, + ); + fn RtlCopyBitMap( + Source: PRTL_BITMAP, + Destination: PRTL_BITMAP, + TargetBit: ULONG, + ); + fn RtlExtractBitMap( + Source: PRTL_BITMAP, + Destination: PRTL_BITMAP, + TargetBit: ULONG, + NumberOfBits: ULONG, + ); + fn RtlNumberOfClearBitsInRange( + BitMapHeader: PRTL_BITMAP, + StartingIndex: ULONG, + Length: ULONG, + ) -> ULONG; + fn RtlNumberOfSetBitsInRange( + BitMapHeader: PRTL_BITMAP, + StartingIndex: ULONG, + Length: ULONG, + ) -> ULONG; +}} +STRUCT!{struct RTL_BITMAP_EX { + SizeOfBitMap: ULONG64, + Buffer: PULONG64, +}} +pub type PRTL_BITMAP_EX = *mut RTL_BITMAP_EX; +EXTERN!{extern "system" { + fn RtlInitializeBitMapEx( + BitMapHeader: PRTL_BITMAP_EX, + BitMapBuffer: PULONG64, + SizeOfBitMap: ULONG64, + ); + fn RtlTestBitEx( + BitMapHeader: PRTL_BITMAP_EX, + BitNumber: ULONG64, + ) -> BOOLEAN; + fn RtlClearAllBitsEx( + BitMapHeader: PRTL_BITMAP_EX, + ); + fn RtlClearBitEx( + BitMapHeader: PRTL_BITMAP_EX, + BitNumber: ULONG64, + ); + fn RtlSetBitEx( + BitMapHeader: PRTL_BITMAP_EX, + BitNumber: ULONG64, + ); + fn RtlFindSetBitsEx( + BitMapHeader: PRTL_BITMAP_EX, + NumberToFind: ULONG64, + HintIndex: ULONG64, + ) -> ULONG64; + fn RtlFindSetBitsAndClearEx( + BitMapHeader: PRTL_BITMAP_EX, + NumberToFind: ULONG64, + HintIndex: ULONG64, + ) -> ULONG64; +}} +UNION!{union RTL_HANDLE_TABLE_ENTRY { + Flags: ULONG, + NextFree: *mut RTL_HANDLE_TABLE_ENTRY, +}} +pub type PRTL_HANDLE_TABLE_ENTRY = *mut RTL_HANDLE_TABLE_ENTRY; +pub const RTL_HANDLE_ALLOCATED: USHORT = 0x0001; +STRUCT!{struct RTL_HANDLE_TABLE { + MaximumNumberOfHandles: ULONG, + SizeOfHandleTableEntry: ULONG, + Reserved: [ULONG; 2], + FreeHandles: PRTL_HANDLE_TABLE_ENTRY, + CommittedHandles: PRTL_HANDLE_TABLE_ENTRY, + UnCommittedHandles: PRTL_HANDLE_TABLE_ENTRY, + MaxReservedHandles: PRTL_HANDLE_TABLE_ENTRY, +}} +pub type PRTL_HANDLE_TABLE = *mut RTL_HANDLE_TABLE; +EXTERN!{extern "system" { + fn RtlInitializeHandleTable( + MaximumNumberOfHandles: ULONG, + SizeOfHandleTableEntry: ULONG, + HandleTable: PRTL_HANDLE_TABLE, + ); + fn RtlDestroyHandleTable( + HandleTable: PRTL_HANDLE_TABLE, + ) -> NTSTATUS; + fn RtlAllocateHandle( + HandleTable: PRTL_HANDLE_TABLE, + HandleIndex: PULONG, + ) -> PRTL_HANDLE_TABLE_ENTRY; + fn RtlFreeHandle( + HandleTable: PRTL_HANDLE_TABLE, + Handle: PRTL_HANDLE_TABLE_ENTRY, + ) -> BOOLEAN; + fn RtlIsValidHandle( + HandleTable: PRTL_HANDLE_TABLE, + Handle: PRTL_HANDLE_TABLE_ENTRY, + ) -> BOOLEAN; + fn RtlIsValidIndexHandle( + HandleTable: PRTL_HANDLE_TABLE, + HandleIndex: ULONG, + Handle: *mut PRTL_HANDLE_TABLE_ENTRY, + ) -> BOOLEAN; +}} +pub const RTL_ATOM_MAXIMUM_INTEGER_ATOM: RTL_ATOM = 0xc000; +pub const RTL_ATOM_INVALID_ATOM: RTL_ATOM = 0x0000; +pub const RTL_ATOM_TABLE_DEFAULT_NUMBER_OF_BUCKETS: u32 = 37; +pub const RTL_ATOM_MAXIMUM_NAME_LENGTH: u32 = 255; +pub const RTL_ATOM_PINNED: u32 = 0x01; +EXTERN!{extern "system" { + fn RtlCreateAtomTable( + NumberOfBuckets: ULONG, + AtomTableHandle: *mut PVOID, + ) -> NTSTATUS; + fn RtlDestroyAtomTable( + AtomTableHandle: PVOID, + ) -> NTSTATUS; + fn RtlEmptyAtomTable( + AtomTableHandle: PVOID, + IncludePinnedAtoms: BOOLEAN, + ) -> NTSTATUS; + fn RtlAddAtomToAtomTable( + AtomTableHandle: PVOID, + AtomName: PWSTR, + Atom: PRTL_ATOM, + ) -> NTSTATUS; + fn RtlLookupAtomInAtomTable( + AtomTableHandle: PVOID, + AtomName: PWSTR, + Atom: PRTL_ATOM, + ) -> NTSTATUS; + fn RtlDeleteAtomFromAtomTable( + AtomTableHandle: PVOID, + Atom: RTL_ATOM, + ) -> NTSTATUS; + fn RtlPinAtomInAtomTable( + AtomTableHandle: PVOID, + Atom: RTL_ATOM, + ) -> NTSTATUS; + fn RtlQueryAtomInAtomTable( + AtomTableHandle: PVOID, + Atom: RTL_ATOM, + AtomUsage: PULONG, + AtomFlags: PULONG, + AtomName: PWSTR, + AtomNameLength: PULONG, + ) -> NTSTATUS; + fn RtlGetIntegerAtom( + AtomName: PWSTR, + IntegerAtom: PUSHORT, + ) -> BOOLEAN; + fn RtlValidSid( + Sid: PSID, + ) -> BOOLEAN; + fn RtlEqualSid( + Sid1: PSID, + Sid2: PSID, + ) -> BOOLEAN; + fn RtlEqualPrefixSid( + Sid1: PSID, + Sid2: PSID, + ) -> BOOLEAN; + fn RtlLengthRequiredSid( + SubAuthorityCount: ULONG, + ) -> ULONG; + fn RtlFreeSid( + Sid: PSID, + ) -> PVOID; + fn RtlAllocateAndInitializeSid( + IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, + SubAuthorityCount: UCHAR, + SubAuthority0: ULONG, + SubAuthority1: ULONG, + SubAuthority2: ULONG, + SubAuthority3: ULONG, + SubAuthority4: ULONG, + SubAuthority5: ULONG, + SubAuthority6: ULONG, + SubAuthority7: ULONG, + Sid: *mut PSID, + ) -> NTSTATUS; + fn RtlInitializeSid( + Sid: PSID, + IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, + SubAuthorityCount: UCHAR, + ) -> NTSTATUS; +}} +EXTERN!{extern "C" { + fn RtlInitializeSidEx( + Sid: PSID, + IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, + SubAuthorityCount: UCHAR, + ... + ) -> NTSTATUS; +}} +EXTERN!{extern "system" { + fn RtlIdentifierAuthoritySid( + Sid: PSID, + ) -> PSID_IDENTIFIER_AUTHORITY; + fn RtlSubAuthoritySid( + Sid: PSID, + SubAuthority: ULONG, + ) -> PULONG; + fn RtlSubAuthorityCountSid( + Sid: PSID, + ) -> PUCHAR; + fn RtlLengthSid( + Sid: PSID, + ) -> ULONG; + fn RtlCopySid( + DestinationSidLength: ULONG, + DestinationSid: PSID, + SourceSid: PSID, + ) -> NTSTATUS; + fn RtlCopySidAndAttributesArray( + Count: ULONG, + Src: PSID_AND_ATTRIBUTES, + SidAreaSize: ULONG, + Dest: PSID_AND_ATTRIBUTES, + SidArea: PSID, + RemainingSidArea: *mut PSID, + RemainingSidAreaSize: PULONG, + ) -> NTSTATUS; + fn RtlCreateServiceSid( + ServiceName: PUNICODE_STRING, + ServiceSid: PSID, + ServiceSidLength: PULONG, + ) -> NTSTATUS; + fn RtlSidDominates( + Sid1: PSID, + Sid2: PSID, + Dominates: PBOOLEAN, + ) -> NTSTATUS; + fn RtlSidDominatesForTrust( + Sid1: PSID, + Sid2: PSID, + DominatesTrust: PBOOLEAN, + ) -> NTSTATUS; + fn RtlSidEqualLevel( + Sid1: PSID, + Sid2: PSID, + EqualLevel: PBOOLEAN, + ) -> NTSTATUS; + fn RtlSidIsHigherLevel( + Sid1: PSID, + Sid2: PSID, + HigherLevel: PBOOLEAN, + ) -> NTSTATUS; + fn RtlCreateVirtualAccountSid( + Name: PCUNICODE_STRING, + BaseSubAuthority: ULONG, + Sid: PSID, + SidLength: PULONG, + ) -> NTSTATUS; + fn RtlReplaceSidInSd( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + OldSid: PSID, + NewSid: PSID, + NumChanges: *mut ULONG, + ) -> NTSTATUS; +}} +pub const MAX_UNICODE_STACK_BUFFER_LENGTH: usize = 256; +EXTERN!{extern "system" { + fn RtlConvertSidToUnicodeString( + UnicodeString: PUNICODE_STRING, + Sid: PSID, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + fn RtlSidHashInitialize( + SidAttr: PSID_AND_ATTRIBUTES, + SidCount: ULONG, + SidAttrHash: PSID_AND_ATTRIBUTES_HASH, + ) -> NTSTATUS; + fn RtlSidHashLookup( + SidAttrHash: PSID_AND_ATTRIBUTES_HASH, + Sid: PSID, + ) -> PSID_AND_ATTRIBUTES; + fn RtlIsElevatedRid( + SidAttr: PSID_AND_ATTRIBUTES, + ) -> BOOLEAN; + fn RtlDeriveCapabilitySidsFromName( + UnicodeString: PUNICODE_STRING, + CapabilityGroupSid: PSID, + CapabilitySid: PSID, + ) -> NTSTATUS; + fn RtlCreateSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Revision: ULONG, + ) -> NTSTATUS; + fn RtlValidSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> BOOLEAN; + fn RtlLengthSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> ULONG; + fn RtlValidRelativeSecurityDescriptor( + SecurityDescriptorInput: PSECURITY_DESCRIPTOR, + SecurityDescriptorLength: ULONG, + RequiredInformation: SECURITY_INFORMATION, + ) -> BOOLEAN; + fn RtlGetControlSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Control: PSECURITY_DESCRIPTOR_CONTROL, + Revision: PULONG, + ) -> NTSTATUS; + fn RtlSetControlSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ControlBitsOfInterest: SECURITY_DESCRIPTOR_CONTROL, + ControlBitsToSet: SECURITY_DESCRIPTOR_CONTROL, + ) -> NTSTATUS; + fn RtlSetAttributesSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Control: SECURITY_DESCRIPTOR_CONTROL, + Revision: PULONG, + ) -> NTSTATUS; + fn RtlGetSecurityDescriptorRMControl( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + RMControl: PUCHAR, + ) -> BOOLEAN; + fn RtlSetSecurityDescriptorRMControl( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + RMControl: PUCHAR, + ); + fn RtlSetDaclSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + DaclPresent: BOOLEAN, + Dacl: PACL, + DaclDefaulted: BOOLEAN, + ) -> NTSTATUS; + fn RtlGetDaclSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + DaclPresent: PBOOLEAN, + Dacl: *mut PACL, + DaclDefaulted: PBOOLEAN, + ) -> NTSTATUS; + fn RtlSetSaclSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + SaclPresent: BOOLEAN, + Sacl: PACL, + SaclDefaulted: BOOLEAN, + ) -> NTSTATUS; + fn RtlGetSaclSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + SaclPresent: PBOOLEAN, + Sacl: *mut PACL, + SaclDefaulted: PBOOLEAN, + ) -> NTSTATUS; + fn RtlSetOwnerSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Owner: PSID, + OwnerDefaulted: BOOLEAN, + ) -> NTSTATUS; + fn RtlGetOwnerSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Owner: *mut PSID, + OwnerDefaulted: PBOOLEAN, + ) -> NTSTATUS; + fn RtlSetGroupSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Group: PSID, + GroupDefaulted: BOOLEAN, + ) -> NTSTATUS; + fn RtlGetGroupSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Group: *mut PSID, + GroupDefaulted: PBOOLEAN, + ) -> NTSTATUS; + fn RtlMakeSelfRelativeSD( + AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, + SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, + BufferLength: PULONG, + ) -> NTSTATUS; + fn RtlAbsoluteToSelfRelativeSD( + AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, + SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, + BufferLength: PULONG, + ) -> NTSTATUS; + fn RtlSelfRelativeToAbsoluteSD( + SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, + AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, + AbsoluteSecurityDescriptorSize: PULONG, + Dacl: PACL, + DaclSize: PULONG, + Sacl: PACL, + SaclSize: PULONG, + Owner: PSID, + OwnerSize: PULONG, + PrimaryGroup: PSID, + PrimaryGroupSize: PULONG, + ) -> NTSTATUS; + fn RtlSelfRelativeToAbsoluteSD2( + pSelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, + pBufferSize: PULONG, + ) -> NTSTATUS; + fn RtlAreAllAccessesGranted( + GrantedAccess: ACCESS_MASK, + DesiredAccess: ACCESS_MASK, + ) -> BOOLEAN; + fn RtlAreAnyAccessesGranted( + GrantedAccess: ACCESS_MASK, + DesiredAccess: ACCESS_MASK, + ) -> BOOLEAN; + fn RtlMapGenericMask( + AccessMask: PACCESS_MASK, + GenericMapping: PGENERIC_MAPPING, + ); + fn RtlCreateAcl( + Acl: PACL, + AclLength: ULONG, + AclRevision: ULONG, + ) -> NTSTATUS; + fn RtlValidAcl( + Acl: PACL, + ) -> BOOLEAN; + fn RtlQueryInformationAcl( + Acl: PACL, + AclInformation: PVOID, + AclInformationLength: ULONG, + AclInformationClass: ACL_INFORMATION_CLASS, + ) -> NTSTATUS; + fn RtlSetInformationAcl( + Acl: PACL, + AclInformation: PVOID, + AclInformationLength: ULONG, + AclInformationClass: ACL_INFORMATION_CLASS, + ) -> NTSTATUS; + fn RtlAddAce( + Acl: PACL, + AceRevision: ULONG, + StartingAceIndex: ULONG, + AceList: PVOID, + AceListLength: ULONG, + ) -> NTSTATUS; + fn RtlDeleteAce( + Acl: PACL, + AceIndex: ULONG, + ) -> NTSTATUS; + fn RtlGetAce( + Acl: PACL, + AceIndex: ULONG, + Ace: *mut PVOID, + ) -> NTSTATUS; + fn RtlFirstFreeAce( + Acl: PACL, + FirstFree: *mut PVOID, + ) -> BOOLEAN; + fn RtlFindAceByType( + pAcl: PACL, + AceType: UCHAR, + pIndex: PULONG, + ) -> PVOID; + fn RtlOwnerAcesPresent( + pAcl: PACL, + ) -> BOOLEAN; + fn RtlAddAccessAllowedAce( + Acl: PACL, + AceRevision: ULONG, + AccessMask: ACCESS_MASK, + Sid: PSID, + ) -> NTSTATUS; + fn RtlAddAccessAllowedAceEx( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ACCESS_MASK, + Sid: PSID, + ) -> NTSTATUS; + fn RtlAddAccessDeniedAce( + Acl: PACL, + AceRevision: ULONG, + AccessMask: ACCESS_MASK, + Sid: PSID, + ) -> NTSTATUS; + fn RtlAddAccessDeniedAceEx( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ACCESS_MASK, + Sid: PSID, + ) -> NTSTATUS; + fn RtlAddAuditAccessAce( + Acl: PACL, + AceRevision: ULONG, + AccessMask: ACCESS_MASK, + Sid: PSID, + AuditSuccess: BOOLEAN, + AuditFailure: BOOLEAN, + ) -> NTSTATUS; + fn RtlAddAuditAccessAceEx( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ACCESS_MASK, + Sid: PSID, + AuditSuccess: BOOLEAN, + AuditFailure: BOOLEAN, + ) -> NTSTATUS; + fn RtlAddAccessAllowedObjectAce( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ACCESS_MASK, + ObjectTypeGuid: *mut GUID, + InheritedObjectTypeGuid: *mut GUID, + Sid: PSID, + ) -> NTSTATUS; + fn RtlAddAccessDeniedObjectAce( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ACCESS_MASK, + ObjectTypeGuid: *mut GUID, + InheritedObjectTypeGuid: *mut GUID, + Sid: PSID, + ) -> NTSTATUS; + fn RtlAddAuditAccessObjectAce( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ACCESS_MASK, + ObjectTypeGuid: *mut GUID, + InheritedObjectTypeGuid: *mut GUID, + Sid: PSID, + AuditSuccess: BOOLEAN, + AuditFailure: BOOLEAN, + ) -> NTSTATUS; + fn RtlAddCompoundAce( + Acl: PACL, + AceRevision: ULONG, + AceType: UCHAR, + AccessMask: ACCESS_MASK, + ServerSid: PSID, + ClientSid: PSID, + ) -> NTSTATUS; + fn RtlAddMandatoryAce( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + Sid: PSID, + AceType: UCHAR, + AccessMask: ACCESS_MASK, + ) -> NTSTATUS; + fn RtlDefaultNpAcl( + Acl: *mut PACL, + ) -> NTSTATUS; + fn RtlNewSecurityObject( + ParentDescriptor: PSECURITY_DESCRIPTOR, + CreatorDescriptor: PSECURITY_DESCRIPTOR, + NewDescriptor: *mut PSECURITY_DESCRIPTOR, + IsDirectoryObject: BOOLEAN, + Token: HANDLE, + GenericMapping: PGENERIC_MAPPING, + ) -> NTSTATUS; + fn RtlNewSecurityObjectEx( + ParentDescriptor: PSECURITY_DESCRIPTOR, + CreatorDescriptor: PSECURITY_DESCRIPTOR, + NewDescriptor: *mut PSECURITY_DESCRIPTOR, + ObjectType: *mut GUID, + IsDirectoryObject: BOOLEAN, + AutoInheritFlags: ULONG, + Token: HANDLE, + GenericMapping: PGENERIC_MAPPING, + ) -> NTSTATUS; + fn RtlNewSecurityObjectWithMultipleInheritance( + ParentDescriptor: PSECURITY_DESCRIPTOR, + CreatorDescriptor: PSECURITY_DESCRIPTOR, + NewDescriptor: *mut PSECURITY_DESCRIPTOR, + ObjectType: *mut *mut GUID, + GuidCount: ULONG, + IsDirectoryObject: BOOLEAN, + AutoInheritFlags: ULONG, + Token: HANDLE, + GenericMapping: PGENERIC_MAPPING, + ) -> NTSTATUS; + fn RtlDeleteSecurityObject( + ObjectDescriptor: *mut PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + fn RtlQuerySecurityObject( + ObjectDescriptor: PSECURITY_DESCRIPTOR, + SecurityInformation: SECURITY_INFORMATION, + ResultantDescriptor: PSECURITY_DESCRIPTOR, + DescriptorLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn RtlSetSecurityObject( + SecurityInformation: SECURITY_INFORMATION, + ModificationDescriptor: PSECURITY_DESCRIPTOR, + ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + GenericMapping: PGENERIC_MAPPING, + Token: HANDLE, + ) -> NTSTATUS; + fn RtlSetSecurityObjectEx( + SecurityInformation: SECURITY_INFORMATION, + ModificationDescriptor: PSECURITY_DESCRIPTOR, + ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + AutoInheritFlags: ULONG, + GenericMapping: PGENERIC_MAPPING, + Token: HANDLE, + ) -> NTSTATUS; + fn RtlConvertToAutoInheritSecurityObject( + ParentDescriptor: PSECURITY_DESCRIPTOR, + CurrentSecurityDescriptor: PSECURITY_DESCRIPTOR, + NewSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + ObjectType: *mut GUID, + IsDirectoryObject: BOOLEAN, + GenericMapping: PGENERIC_MAPPING, + ) -> NTSTATUS; + fn RtlNewInstanceSecurityObject( + ParentDescriptorChanged: BOOLEAN, + CreatorDescriptorChanged: BOOLEAN, + OldClientTokenModifiedId: PLUID, + NewClientTokenModifiedId: PLUID, + ParentDescriptor: PSECURITY_DESCRIPTOR, + CreatorDescriptor: PSECURITY_DESCRIPTOR, + NewDescriptor: *mut PSECURITY_DESCRIPTOR, + IsDirectoryObject: BOOLEAN, + Token: HANDLE, + GenericMapping: PGENERIC_MAPPING, + ) -> NTSTATUS; + fn RtlCopySecurityDescriptor( + InputSecurityDescriptor: PSECURITY_DESCRIPTOR, + OutputSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + fn RtlRunEncodeUnicodeString( + Seed: PUCHAR, + String: PUNICODE_STRING, + ); + fn RtlRunDecodeUnicodeString( + Seed: UCHAR, + String: PUNICODE_STRING, + ); + fn RtlImpersonateSelf( + ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL, + ) -> NTSTATUS; + fn RtlImpersonateSelfEx( + ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL, + AdditionalAccess: ACCESS_MASK, + ThreadToken: PHANDLE, + ) -> NTSTATUS; + fn RtlAdjustPrivilege( + Privilege: ULONG, + Enable: BOOLEAN, + Client: BOOLEAN, + WasEnabled: PBOOLEAN, + ) -> NTSTATUS; +}} +pub const RTL_ACQUIRE_PRIVILEGE_REVERT: ULONG = 0x00000001; +pub const RTL_ACQUIRE_PRIVILEGE_PROCESS: ULONG = 0x00000002; +EXTERN!{extern "system" { + fn RtlAcquirePrivilege( + Privilege: PULONG, + NumPriv: ULONG, + Flags: ULONG, + ReturnedState: *mut PVOID, + ) -> NTSTATUS; + fn RtlReleasePrivilege( + StatePointer: PVOID, + ); + fn RtlRemovePrivileges( + TokenHandle: HANDLE, + PrivilegesToKeep: PULONG, + PrivilegeCount: ULONG, + ) -> NTSTATUS; + fn RtlIsUntrustedObject( + Handle: HANDLE, + Object: PVOID, + IsUntrustedObject: PBOOLEAN, + ) -> NTSTATUS; + fn RtlQueryValidationRunlevel( + ComponentName: PUNICODE_STRING, + ) -> ULONG; + fn RtlCreateBoundaryDescriptor( + Name: PUNICODE_STRING, + Flags: ULONG, + ) -> PVOID; + fn RtlDeleteBoundaryDescriptor( + BoundaryDescriptor: PVOID, + ); + fn RtlAddSIDToBoundaryDescriptor( + BoundaryDescriptor: *mut PVOID, + RequiredSid: PSID, + ) -> NTSTATUS; + fn RtlAddIntegrityLabelToBoundaryDescriptor( + BoundaryDescriptor: *mut PVOID, + IntegrityLabel: PSID, + ) -> NTSTATUS; + fn RtlGetVersion( + lpVersionInformation: PRTL_OSVERSIONINFOW, + ) -> NTSTATUS; + fn RtlVerifyVersionInfo( + VersionInfo: PRTL_OSVERSIONINFOEXW, + TypeMask: ULONG, + ConditionMask: ULONGLONG, + ) -> NTSTATUS; + fn RtlGetNtVersionNumbers( + NtMajorVersion: PULONG, + NtMinorVersion: PULONG, + NtBuildNumber: PULONG, + ); + fn RtlGetNtGlobalFlags() -> ULONG; + fn RtlGetNtProductType( + NtProductType: PNT_PRODUCT_TYPE, + ) -> BOOLEAN; + fn RtlGetSuiteMask() -> ULONG; + fn RtlRegisterWait( + WaitHandle: PHANDLE, + Handle: HANDLE, + Function: WAITORTIMERCALLBACKFUNC, + Context: PVOID, + Milliseconds: ULONG, + Flags: ULONG, + ) -> NTSTATUS; + fn RtlDeregisterWait( + WaitHandle: HANDLE, + ) -> NTSTATUS; + fn RtlDeregisterWaitEx( + WaitHandle: HANDLE, + Event: HANDLE, + ) -> NTSTATUS; + fn RtlQueueWorkItem( + Function: WORKERCALLBACKFUNC, + Context: PVOID, + Flags: ULONG, + ) -> NTSTATUS; + fn RtlSetIoCompletionCallback( + FileHandle: HANDLE, + CompletionProc: APC_CALLBACK_FUNCTION, + Flags: ULONG, + ) -> NTSTATUS; +}} +FN!{stdcall PRTL_START_POOL_THREAD( + Function: PTHREAD_START_ROUTINE, + Parameter: PVOID, + ThreadHandle: PHANDLE, +) -> NTSTATUS} +FN!{stdcall PRTL_EXIT_POOL_THREAD( + ExitStatus: NTSTATUS, +) -> NTSTATUS} +EXTERN!{extern "system" { + fn RtlSetThreadPoolStartFunc( + StartPoolThread: PRTL_START_POOL_THREAD, + ExitPoolThread: PRTL_EXIT_POOL_THREAD, + ) -> NTSTATUS; + fn RtlUserThreadStart( + Function: PTHREAD_START_ROUTINE, + Parameter: PVOID, + ); + fn LdrInitializeThunk( + ContextRecord: PCONTEXT, + Parameter: PVOID, + ); + fn RtlCreateTimerQueue( + TimerQueueHandle: PHANDLE, + ) -> NTSTATUS; + fn RtlCreateTimer( + TimerQueueHandle: HANDLE, + Handle: PHANDLE, + Function: WAITORTIMERCALLBACKFUNC, + Context: PVOID, + DueTime: ULONG, + Period: ULONG, + Flags: ULONG, + ) -> NTSTATUS; + fn RtlUpdateTimer( + TimerQueueHandle: HANDLE, + TimerHandle: HANDLE, + DueTime: ULONG, + Period: ULONG, + ) -> NTSTATUS; + fn RtlDeleteTimer( + TimerQueueHandle: HANDLE, + TimerToCancel: HANDLE, + Event: HANDLE, + ) -> NTSTATUS; + fn RtlDeleteTimerQueue( + TimerQueueHandle: HANDLE, + ) -> NTSTATUS; + fn RtlDeleteTimerQueueEx( + TimerQueueHandle: HANDLE, + Event: HANDLE, + ) -> NTSTATUS; + fn RtlFormatCurrentUserKeyPath( + CurrentUserKeyPath: PUNICODE_STRING, + ) -> NTSTATUS; + fn RtlOpenCurrentUser( + DesiredAccess: ACCESS_MASK, + CurrentUserKey: PHANDLE, + ) -> NTSTATUS; +}} +pub const RTL_REGISTRY_ABSOLUTE: ULONG = 0; +pub const RTL_REGISTRY_SERVICES: ULONG = 1; +pub const RTL_REGISTRY_CONTROL: ULONG = 2; +pub const RTL_REGISTRY_WINDOWS_NT: ULONG = 3; +pub const RTL_REGISTRY_DEVICEMAP: ULONG = 4; +pub const RTL_REGISTRY_USER: ULONG = 5; +pub const RTL_REGISTRY_MAXIMUM: ULONG = 6; +pub const RTL_REGISTRY_HANDLE: ULONG = 0x40000000; +pub const RTL_REGISTRY_OPTIONAL: ULONG = 0x80000000; +EXTERN!{extern "system" { + fn RtlCreateRegistryKey( + RelativeTo: ULONG, + Path: PWSTR, + ) -> NTSTATUS; + fn RtlCheckRegistryKey( + RelativeTo: ULONG, + Path: PWSTR, + ) -> NTSTATUS; +}} +FN!{stdcall PRTL_QUERY_REGISTRY_ROUTINE( + ValueName: PWSTR, + ValueType: ULONG, + ValueData: PVOID, + ValueLength: ULONG, + Context: PVOID, + EntryContext: PVOID, +) -> NTSTATUS} +STRUCT!{struct RTL_QUERY_REGISTRY_TABLE { + QueryRoutine: PRTL_QUERY_REGISTRY_ROUTINE, + Flags: ULONG, + Name: PWSTR, + EntryContext: PVOID, + DefaultType: ULONG, + DefaultData: PVOID, + DefaultLength: ULONG, +}} +pub type PRTL_QUERY_REGISTRY_TABLE = *mut RTL_QUERY_REGISTRY_TABLE; +pub const RTL_QUERY_REGISTRY_SUBKEY: ULONG = 0x00000001; +pub const RTL_QUERY_REGISTRY_TOPKEY: ULONG = 0x00000002; +pub const RTL_QUERY_REGISTRY_REQUIRED: ULONG = 0x00000004; +pub const RTL_QUERY_REGISTRY_NOVALUE: ULONG = 0x00000008; +pub const RTL_QUERY_REGISTRY_NOEXPAND: ULONG = 0x00000010; +pub const RTL_QUERY_REGISTRY_DIRECT: ULONG = 0x00000020; +pub const RTL_QUERY_REGISTRY_DELETE: ULONG = 0x00000040; +EXTERN!{extern "system" { + fn RtlQueryRegistryValues( + RelativeTo: ULONG, + Path: PCWSTR, + QueryTable: PRTL_QUERY_REGISTRY_TABLE, + Context: PVOID, + Environment: PVOID, + ) -> NTSTATUS; + fn RtlQueryRegistryValuesEx( + RelativeTo: ULONG, + Path: PWSTR, + QueryTable: PRTL_QUERY_REGISTRY_TABLE, + Context: PVOID, + Environment: PVOID, + ) -> NTSTATUS; + fn RtlWriteRegistryValue( + RelativeTo: ULONG, + Path: PCWSTR, + ValueName: PCWSTR, + ValueType: ULONG, + ValueData: PVOID, + ValueLength: ULONG, + ) -> NTSTATUS; + fn RtlDeleteRegistryValue( + RelativeTo: ULONG, + Path: PCWSTR, + ValueName: PCWSTR, + ) -> NTSTATUS; + fn RtlEnableThreadProfiling( + ThreadHandle: HANDLE, + Flags: ULONG, + HardwareCounters: ULONG64, + PerformanceDataHandle: *mut PVOID, + ) -> NTSTATUS; + fn RtlDisableThreadProfiling( + PerformanceDataHandle: PVOID, + ) -> NTSTATUS; + fn RtlQueryThreadProfiling( + ThreadHandle: HANDLE, + Enabled: PBOOLEAN, + ) -> NTSTATUS; + fn RtlReadThreadProfilingData( + PerformanceDataHandle: HANDLE, + Flags: ULONG, + PerformanceData: PPERFORMANCE_DATA, + ) -> NTSTATUS; + fn RtlGetNativeSystemInformation( + SystemInformationClass: ULONG, + NativeSystemInformation: PVOID, + InformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn RtlQueueApcWow64Thread( + ThreadHandle: HANDLE, + ApcRoutine: PPS_APC_ROUTINE, + ApcArgument1: PVOID, + ApcArgument2: PVOID, + ApcArgument3: PVOID, + ) -> NTSTATUS; + fn RtlWow64EnableFsRedirection( + Wow64FsEnableRedirection: BOOLEAN, + ) -> NTSTATUS; + fn RtlWow64EnableFsRedirectionEx( + Wow64FsEnableRedirection: PVOID, + OldFsRedirectionLevel: *mut PVOID, + ) -> NTSTATUS; + fn RtlComputeCrc32( + PartialCrc: ULONG32, + Buffer: PVOID, + Length: ULONG, + ) -> ULONG32; + fn RtlEncodePointer( + Ptr: PVOID, + ) -> PVOID; + fn RtlDecodePointer( + Ptr: PVOID, + ) -> PVOID; + fn RtlEncodeSystemPointer( + Ptr: PVOID, + ) -> PVOID; + fn RtlDecodeSystemPointer( + Ptr: PVOID, + ) -> PVOID; + fn RtlEncodeRemotePointer( + ProcessHandle: HANDLE, + Pointer: PVOID, + EncodedPointer: *mut PVOID, + ) -> NTSTATUS; + fn RtlDecodeRemotePointer( + ProcessHandle: HANDLE, + Pointer: PVOID, + DecodedPointer: *mut PVOID, + ) -> NTSTATUS; + fn RtlIsProcessorFeaturePresent( + ProcessorFeature: ULONG, + ) -> BOOLEAN; + fn RtlGetCurrentProcessorNumber() -> ULONG; + fn RtlGetCurrentProcessorNumberEx( + ProcessorNumber: PPROCESSOR_NUMBER, + ); + fn RtlPushFrame( + Frame: PTEB_ACTIVE_FRAME, + ); + fn RtlPopFrame( + Frame: PTEB_ACTIVE_FRAME, + ); + fn RtlGetFrame() -> PTEB_ACTIVE_FRAME; +}} +pub const RTL_WALK_USER_MODE_STACK: ULONG = 0x00000001; +pub const RTL_WALK_VALID_FLAGS: ULONG = 0x00000001; +pub const RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT: ULONG = 0x00000008; +EXTERN!{extern "system" { + fn RtlWalkFrameChain( + Callers: *mut PVOID, + Count: ULONG, + Flags: ULONG, + ) -> ULONG; + fn RtlGetCallersAddress( + CallersAddress: *mut PVOID, + CallersCaller: *mut PVOID, + ); + fn RtlGetEnabledExtendedFeatures( + FeatureMask: ULONG64, + ) -> ULONG64; + fn RtlGetEnabledExtendedAndSupervisorFeatures( + FeatureMask: ULONG64, + ) -> ULONG64; + fn RtlLocateSupervisorFeature( + XStateHeader: PXSAVE_AREA_HEADER, + FeatureId: ULONG, + Length: PULONG, + ) -> PVOID; +}} +STRUCT!{struct RTL_ELEVATION_FLAGS { + Flags: ULONG, +}} +BITFIELD!{RTL_ELEVATION_FLAGS Flags: ULONG [ + ElevationEnabled set_ElevationEnabled[0..1], + VirtualizationEnabled set_VirtualizationEnabled[1..2], + InstallerDetectEnabled set_InstallerDetectEnabled[2..3], + ReservedBits set_ReservedBits[3..32], +]} +pub type PRTL_ELEVATION_FLAGS = *mut RTL_ELEVATION_FLAGS; +EXTERN!{extern "system" { + fn RtlQueryElevationFlags( + Flags: PRTL_ELEVATION_FLAGS, + ) -> NTSTATUS; + fn RtlRegisterThreadWithCsrss() -> NTSTATUS; + fn RtlLockCurrentThread() -> NTSTATUS; + fn RtlUnlockCurrentThread() -> NTSTATUS; + fn RtlLockModuleSection( + Address: PVOID, + ) -> NTSTATUS; + fn RtlUnlockModuleSection( + Address: PVOID, + ) -> NTSTATUS; +}} +pub const RTL_UNLOAD_EVENT_TRACE_NUMBER: u32 = 64; +STRUCT!{struct RTL_UNLOAD_EVENT_TRACE { + BaseAddress: PVOID, + SizeOfImage: SIZE_T, + Sequence: ULONG, + TimeDateStamp: ULONG, + CheckSum: ULONG, + ImageName: [WCHAR; 32], + Version: [ULONG; 2], +}} +pub type PRTL_UNLOAD_EVENT_TRACE = *mut RTL_UNLOAD_EVENT_TRACE; +STRUCT!{struct RTL_UNLOAD_EVENT_TRACE32 { + BaseAddress: ULONG, + SizeOfImage: ULONG, + Sequence: ULONG, + TimeDateStamp: ULONG, + CheckSum: ULONG, + ImageName: [WCHAR; 32], + Version: [ULONG; 2], +}} +pub type PRTL_UNLOAD_EVENT_TRACE32 = *mut RTL_UNLOAD_EVENT_TRACE32; +EXTERN!{extern "system" { + fn RtlGetUnloadEventTrace() -> PRTL_UNLOAD_EVENT_TRACE; + fn RtlGetUnloadEventTraceEx( + ElementSize: *mut PULONG, + ElementCount: *mut PULONG, + EventTrace: *mut PVOID, + ); + fn RtlQueryPerformanceCounter( + PerformanceCounter: PLARGE_INTEGER, + ) -> LOGICAL; + fn RtlQueryPerformanceFrequency( + PerformanceFrequency: PLARGE_INTEGER, + ) -> LOGICAL; +}} +ENUM!{enum IMAGE_MITIGATION_POLICY { + ImageDepPolicy = 0, + ImageAslrPolicy = 1, + ImageDynamicCodePolicy = 2, + ImageStrictHandleCheckPolicy = 3, + ImageSystemCallDisablePolicy = 4, + ImageMitigationOptionsMask = 5, + ImageExtensionPointDisablePolicy = 6, + ImageControlFlowGuardPolicy = 7, + ImageSignaturePolicy = 8, + ImageFontDisablePolicy = 9, + ImageImageLoadPolicy = 10, + ImagePayloadRestrictionPolicy = 11, + ImageChildProcessPolicy = 12, + ImageSehopPolicy = 13, + ImageHeapPolicy = 14, + MaxImageMitigationPolicy = 15, +}} +UNION!{union RTL_IMAGE_MITIGATION_POLICY { + Bitfields1: ULONG64, + Bitfields2: ULONG64, +}} +BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields1: ULONG64 [ + AuditState set_AuditState[0..2], + AuditFlag set_AuditFlag[2..3], + EnableAdditionalAuditingOption set_EnableAdditionalAuditingOption[3..4], + Reserved set_Reserved[4..64], +]} +BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields2: ULONG64 [ + PolicyState set_PolicyState[0..2], + AlwaysInherit set_AlwaysInherit[2..3], + EnableAdditionalPolicyOption set_EnableAdditionalPolicyOption[3..4], + AuditReserved set_AuditReserved[4..64], +]} +pub type PRTL_IMAGE_MITIGATION_POLICY = *mut RTL_IMAGE_MITIGATION_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_DEP_POLICY { + Dep: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_DEP_POLICY = *mut RTL_IMAGE_MITIGATION_DEP_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_ASLR_POLICY { + ForceRelocateImages: RTL_IMAGE_MITIGATION_POLICY, + BottomUpRandomization: RTL_IMAGE_MITIGATION_POLICY, + HighEntropyRandomization: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_ASLR_POLICY = *mut RTL_IMAGE_MITIGATION_ASLR_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY { + BlockDynamicCode: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY = *mut RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY { + StrictHandleChecks: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY = + *mut RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { + BlockWin32kSystemCalls: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY = + *mut RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { + DisableExtensionPoints: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY = + *mut RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY { + ControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY, + StrictControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY = + *mut RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY { + BlockNonMicrosoftSignedBinaries: RTL_IMAGE_MITIGATION_POLICY, + EnforceSigningOnModuleDependencies: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY = + *mut RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY { + DisableNonSystemFonts: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY = *mut RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY { + BlockRemoteImageLoads: RTL_IMAGE_MITIGATION_POLICY, + BlockLowLabelImageLoads: RTL_IMAGE_MITIGATION_POLICY, + PreferSystem32: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY = *mut RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY { + EnableExportAddressFilter: RTL_IMAGE_MITIGATION_POLICY, + EnableExportAddressFilterPlus: RTL_IMAGE_MITIGATION_POLICY, + EnableImportAddressFilter: RTL_IMAGE_MITIGATION_POLICY, + EnableRopStackPivot: RTL_IMAGE_MITIGATION_POLICY, + EnableRopCallerCheck: RTL_IMAGE_MITIGATION_POLICY, + EnableRopSimExec: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY = + *mut RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY { + DisallowChildProcessCreation: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY = + *mut RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_SEHOP_POLICY { + Sehop: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_SEHOP_POLICY = *mut RTL_IMAGE_MITIGATION_SEHOP_POLICY; +STRUCT!{struct RTL_IMAGE_MITIGATION_HEAP_POLICY { + TerminateOnHeapErrors: RTL_IMAGE_MITIGATION_POLICY, +}} +pub type PRTL_IMAGE_MITIGATION_HEAP_POLICY = *mut RTL_IMAGE_MITIGATION_HEAP_POLICY; +ENUM!{enum RTL_IMAGE_MITIGATION_OPTION_STATE { + RtlMitigationOptionStateNotConfigured = 0, + RtlMitigationOptionStateOn = 1, + RtlMitigationOptionStateOff = 2, +}} +pub const RTL_IMAGE_MITIGATION_FLAG_RESET: ULONG = 0x1; +pub const RTL_IMAGE_MITIGATION_FLAG_REMOVE: ULONG = 0x2; +pub const RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT: ULONG = 0x4; +pub const RTL_IMAGE_MITIGATION_FLAG_AUDIT: ULONG = 0x8; +EXTERN!{extern "system" { + fn RtlQueryImageMitigationPolicy( + ImagePath: PWSTR, + Policy: IMAGE_MITIGATION_POLICY, + Flags: ULONG, + Buffer: PVOID, + BufferSize: ULONG, + ) -> NTSTATUS; + fn RtlSetImageMitigationPolicy( + ImagePath: PWSTR, + Policy: IMAGE_MITIGATION_POLICY, + Flags: ULONG, + Buffer: PVOID, + BufferSize: ULONG, + ) -> NTSTATUS; + fn RtlGetCurrentServiceSessionId() -> ULONG; + fn RtlGetActiveConsoleId() -> ULONG; + fn RtlGetConsoleSessionForegroundProcessId() -> ULONGLONG; + fn RtlGetTokenNamedObjectPath( + Token: HANDLE, + Sid: PSID, + ObjectPath: PUNICODE_STRING, + ) -> NTSTATUS; + fn RtlGetAppContainerNamedObjectPath( + Token: HANDLE, + AppContainerSid: PSID, + RelativePath: BOOLEAN, + ObjectPath: PUNICODE_STRING, + ) -> NTSTATUS; + fn RtlGetAppContainerParent( + AppContainerSid: PSID, + AppContainerSidParent: *mut PSID, + ) -> NTSTATUS; + fn RtlCheckSandboxedToken( + TokenHandle: HANDLE, + IsSandboxed: PBOOLEAN, + ) -> NTSTATUS; + fn RtlCheckTokenCapability( + TokenHandle: HANDLE, + CapabilitySidToCheck: PSID, + HasCapability: PBOOLEAN, + ) -> NTSTATUS; + fn RtlCapabilityCheck( + TokenHandle: HANDLE, + CapabilityName: PUNICODE_STRING, + HasCapability: PBOOLEAN, + ) -> NTSTATUS; + fn RtlCheckTokenMembership( + TokenHandle: HANDLE, + SidToCheck: PSID, + IsMember: PBOOLEAN, + ) -> NTSTATUS; + fn RtlCheckTokenMembershipEx( + TokenHandle: HANDLE, + SidToCheck: PSID, + Flags: ULONG, + IsMember: PBOOLEAN, + ) -> NTSTATUS; + fn RtlIsParentOfChildAppContainer( + ParentAppContainerSid: PSID, + ChildAppContainerSid: PSID, + ) -> NTSTATUS; + fn RtlIsCapabilitySid( + Sid: PSID, + ) -> BOOLEAN; + fn RtlIsPackageSid( + Sid: PSID, + ) -> BOOLEAN; + fn RtlIsValidProcessTrustLabelSid( + Sid: PSID, + ) -> BOOLEAN; + fn RtlIsStateSeparationEnabled() -> BOOLEAN; +}} +ENUM!{enum APPCONTAINER_SID_TYPE { + NotAppContainerSidType = 0, + ChildAppContainerSidType = 1, + ParentAppContainerSidType = 2, + InvalidAppContainerSidType = 3, + MaxAppContainerSidType = 4, +}} +pub type PAPPCONTAINER_SID_TYPE = *mut APPCONTAINER_SID_TYPE; +EXTERN!{extern "system" { + fn RtlGetAppContainerSidType( + AppContainerSid: PSID, + AppContainerSidType: PAPPCONTAINER_SID_TYPE, + ) -> NTSTATUS; + fn RtlFlsAlloc( + Callback: PFLS_CALLBACK_FUNCTION, + FlsIndex: PULONG, + ) -> NTSTATUS; + fn RtlFlsFree( + FlsIndex: ULONG, + ) -> NTSTATUS; +}} +ENUM!{enum STATE_LOCATION_TYPE { + LocationTypeRegistry = 0, + LocationTypeFileSystem = 1, + LocationTypeMaximum = 2, +}} +EXTERN!{extern "system" { + fn RtlGetPersistedStateLocation( + SourceID: PCWSTR, + CustomValue: PCWSTR, + DefaultPath: PCWSTR, + StateLocationType: STATE_LOCATION_TYPE, + TargetPath: PWCHAR, + BufferLengthIn: ULONG, + BufferLengthOut: PULONG, + ) -> NTSTATUS; + fn RtlIsCloudFilesPlaceholder( + FileAttributes: ULONG, + ReparseTag: ULONG, + ) -> BOOLEAN; + fn RtlIsPartialPlaceholder( + FileAttributes: ULONG, + ReparseTag: ULONG, + ) -> BOOLEAN; + fn RtlIsPartialPlaceholderFileHandle( + FileHandle: HANDLE, + IsPartialPlaceholder: PBOOLEAN, + ) -> NTSTATUS; + fn RtlIsPartialPlaceholderFileInfo( + InfoBuffer: *const c_void, + InfoClass: FILE_INFORMATION_CLASS, + IsPartialPlaceholder: PBOOLEAN, + ) -> NTSTATUS; + fn RtlIsNonEmptyDirectoryReparsePointAllowed( + ReparseTag: ULONG, + ) -> BOOLEAN; + fn RtlAppxIsFileOwnedByTrustedInstaller( + FileHandle: HANDLE, + IsFileOwnedByTrustedInstaller: PBOOLEAN, + ) -> NTSTATUS; +}} +STRUCT!{struct PS_PKG_CLAIM { + Flags: ULONGLONG, + Origin: ULONGLONG, +}} +pub type PPS_PKG_CLAIM = *mut PS_PKG_CLAIM; +EXTERN!{extern "system" { + fn RtlQueryPackageClaims( + TokenHandle: HANDLE, + PackageFullName: PWSTR, + PackageSize: PSIZE_T, + AppId: PWSTR, + AppIdSize: PSIZE_T, + DynamicId: *mut GUID, + PkgClaim: PPS_PKG_CLAIM, + AttributesPresent: PULONG64, + ) -> NTSTATUS; + fn RtlQueryProtectedPolicy( + PolicyGuid: *mut GUID, + PolicyValue: PULONG_PTR, + ) -> NTSTATUS; + fn RtlSetProtectedPolicy( + PolicyGuid: *mut GUID, + PolicyValue: ULONG_PTR, + OldPolicyValue: PULONG_PTR, + ) -> NTSTATUS; + fn RtlIsMultiSessionSku() -> BOOLEAN; + fn RtlIsMultiUsersInSessionSku() -> BOOLEAN; +}} +ENUM!{enum RTL_BSD_ITEM_TYPE { + RtlBsdItemVersionNumber = 0, + RtlBsdItemProductType = 1, + RtlBsdItemAabEnabled = 2, + RtlBsdItemAabTimeout = 3, + RtlBsdItemBootGood = 4, + RtlBsdItemBootShutdown = 5, + RtlBsdSleepInProgress = 6, + RtlBsdPowerTransition = 7, + RtlBsdItemBootAttemptCount = 8, + RtlBsdItemBootCheckpoint = 9, + RtlBsdItemBootId = 10, + RtlBsdItemShutdownBootId = 11, + RtlBsdItemReportedAbnormalShutdownBootId = 12, + RtlBsdItemErrorInfo = 13, + RtlBsdItemPowerButtonPressInfo = 14, + RtlBsdItemChecksum = 15, + RtlBsdItemMax = 16, +}} +STRUCT!{struct RTL_BSD_ITEM { + Type: RTL_BSD_ITEM_TYPE, + DataBuffer: PVOID, + DataLength: ULONG, +}} +pub type PRTL_BSD_ITEM = *mut RTL_BSD_ITEM; +EXTERN!{extern "system" { + fn RtlCreateBootStatusDataFile() -> NTSTATUS; + fn RtlLockBootStatusData( + FileHandle: PHANDLE, + ) -> NTSTATUS; + fn RtlUnlockBootStatusData( + FileHandle: HANDLE, + ) -> NTSTATUS; + fn RtlGetSetBootStatusData( + FileHandle: HANDLE, + Read: BOOLEAN, + DataClass: RTL_BSD_ITEM_TYPE, + Buffer: PVOID, + BufferSize: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn RtlCheckBootStatusIntegrity( + FileHandle: HANDLE, + Verified: PBOOLEAN, + ) -> NTSTATUS; + fn RtlCheckPortableOperatingSystem( + IsPortable: PBOOLEAN, + ) -> NTSTATUS; + fn RtlSetPortableOperatingSystem( + IsPortable: BOOLEAN, + ) -> NTSTATUS; +}} +EXTERN!{extern "system" { + fn RtlOsDeploymentState( + Flags: DWORD, + ) -> OS_DEPLOYEMENT_STATE_VALUES; + fn RtlFindClosestEncodableLength( + SourceLength: ULONGLONG, + TargetLength: PULONGLONG, + ) -> NTSTATUS; +}} +FN!{stdcall PRTL_SECURE_MEMORY_CACHE_CALLBACK( + Address: PVOID, + Length: SIZE_T, +) -> NTSTATUS} +EXTERN!{extern "system" { + fn RtlRegisterSecureMemoryCacheCallback( + Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK, + ) -> NTSTATUS; + fn RtlDeregisterSecureMemoryCacheCallback( + Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK, + ) -> NTSTATUS; + fn RtlFlushSecureMemoryCache( + MemoryCache: PVOID, + MemoryLength: SIZE_T, + ) -> BOOLEAN; +}} diff --git a/vendor/ntapi/src/ntsam.rs b/vendor/ntapi/src/ntsam.rs new file mode 100644 index 000000000..a591f0bd8 --- /dev/null +++ b/vendor/ntapi/src/ntsam.rs @@ -0,0 +1,1077 @@ +use crate::string::UTF8Const; +use winapi::shared::basetsd::ULONG64; +use winapi::shared::minwindef::DWORD; +use winapi::shared::ntdef::{ + BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, OEM_STRING, PLARGE_INTEGER, POBJECT_ATTRIBUTES, + PUCHAR, PULONG, PUNICODE_STRING, PVOID, PWSTR, ULONG, UNICODE_STRING, USHORT, +}; +use winapi::um::ntsecapi::PDOMAIN_PASSWORD_INFORMATION; +use winapi::um::subauth::LOGON_HOURS; +use winapi::um::winnt::{ + ACCESS_MASK, PSECURITY_DESCRIPTOR, PSID, PSID_NAME_USE, SECURITY_INFORMATION, SID_NAME_USE, + STANDARD_RIGHTS_EXECUTE, STANDARD_RIGHTS_READ, STANDARD_RIGHTS_REQUIRED, STANDARD_RIGHTS_WRITE, +}; +pub const SAM_MAXIMUM_LOOKUP_COUNT: u32 = 1000; +pub const SAM_MAXIMUM_LOOKUP_LENGTH: u32 = 32000; +pub const SAM_MAX_PASSWORD_LENGTH: u32 = 256; +pub const SAM_PASSWORD_ENCRYPTION_SALT_LEN: u32 = 16; +pub type PSAM_HANDLE = *mut PVOID; +pub type SAM_HANDLE = PVOID; +pub type SAM_ENUMERATE_HANDLE = ULONG; +pub type PSAM_ENUMERATE_HANDLE = *mut ULONG; +STRUCT!{struct SAM_RID_ENUMERATION { + RelativeId: ULONG, + Name: UNICODE_STRING, +}} +pub type PSAM_RID_ENUMERATION = *mut SAM_RID_ENUMERATION; +STRUCT!{struct SAM_SID_ENUMERATION { + Sid: PSID, + Name: UNICODE_STRING, +}} +pub type PSAM_SID_ENUMERATION = *mut SAM_SID_ENUMERATION; +STRUCT!{struct SAM_BYTE_ARRAY { + Size: ULONG, + Data: PUCHAR, +}} +pub type PSAM_BYTE_ARRAY = *mut SAM_BYTE_ARRAY; +STRUCT!{struct SAM_BYTE_ARRAY_32K { + Size: ULONG, + Data: PUCHAR, +}} +pub type PSAM_BYTE_ARRAY_32K = *mut SAM_BYTE_ARRAY_32K; +pub type PSAM_SHELL_OBJECT_PROPERTIES = *mut SAM_BYTE_ARRAY_32K; +pub type SAM_SHELL_OBJECT_PROPERTIES = SAM_BYTE_ARRAY_32K; +EXTERN!{extern "system" { + fn SamFreeMemory( + Buffer: PVOID, + ) -> NTSTATUS; + fn SamCloseHandle( + SamHandle: SAM_HANDLE, + ) -> NTSTATUS; + fn SamSetSecurityObject( + ObjectHandle: SAM_HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + fn SamQuerySecurityObject( + ObjectHandle: SAM_HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + fn SamRidToSid( + ObjectHandle: SAM_HANDLE, + Rid: ULONG, + Sid: *mut PSID, + ) -> NTSTATUS; +}} +pub const SAM_SERVER_CONNECT: ACCESS_MASK = 0x0001; +pub const SAM_SERVER_SHUTDOWN: ACCESS_MASK = 0x0002; +pub const SAM_SERVER_INITIALIZE: ACCESS_MASK = 0x0004; +pub const SAM_SERVER_CREATE_DOMAIN: ACCESS_MASK = 0x0008; +pub const SAM_SERVER_ENUMERATE_DOMAINS: ACCESS_MASK = 0x0010; +pub const SAM_SERVER_LOOKUP_DOMAIN: ACCESS_MASK = 0x0020; +pub const SAM_SERVER_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SAM_SERVER_CONNECT + | SAM_SERVER_INITIALIZE | SAM_SERVER_CREATE_DOMAIN | SAM_SERVER_SHUTDOWN + | SAM_SERVER_ENUMERATE_DOMAINS | SAM_SERVER_LOOKUP_DOMAIN; +pub const SAM_SERVER_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | SAM_SERVER_ENUMERATE_DOMAINS; +pub const SAM_SERVER_WRITE: ACCESS_MASK = + STANDARD_RIGHTS_WRITE | SAM_SERVER_INITIALIZE | SAM_SERVER_CREATE_DOMAIN | SAM_SERVER_SHUTDOWN; +pub const SAM_SERVER_EXECUTE: ACCESS_MASK = + STANDARD_RIGHTS_EXECUTE | SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN; +EXTERN!{extern "system" { + fn SamConnect( + ServerName: PUNICODE_STRING, + ServerHandle: PSAM_HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn SamShutdownSamServer( + ServerHandle: SAM_HANDLE, + ) -> NTSTATUS; +}} +pub const DOMAIN_READ_PASSWORD_PARAMETERS: u32 = 0x0001; +pub const DOMAIN_WRITE_PASSWORD_PARAMS: u32 = 0x0002; +pub const DOMAIN_READ_OTHER_PARAMETERS: u32 = 0x0004; +pub const DOMAIN_WRITE_OTHER_PARAMETERS: u32 = 0x0008; +pub const DOMAIN_CREATE_USER: u32 = 0x0010; +pub const DOMAIN_CREATE_GROUP: u32 = 0x0020; +pub const DOMAIN_CREATE_ALIAS: u32 = 0x0040; +pub const DOMAIN_GET_ALIAS_MEMBERSHIP: u32 = 0x0080; +pub const DOMAIN_LIST_ACCOUNTS: u32 = 0x0100; +pub const DOMAIN_LOOKUP: u32 = 0x0200; +pub const DOMAIN_ADMINISTER_SERVER: u32 = 0x0400; +pub const DOMAIN_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | DOMAIN_READ_OTHER_PARAMETERS + | DOMAIN_WRITE_OTHER_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS | DOMAIN_CREATE_USER + | DOMAIN_CREATE_GROUP | DOMAIN_CREATE_ALIAS | DOMAIN_GET_ALIAS_MEMBERSHIP + | DOMAIN_LIST_ACCOUNTS | DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_LOOKUP + | DOMAIN_ADMINISTER_SERVER; +pub const DOMAIN_READ: u32 = + STANDARD_RIGHTS_READ | DOMAIN_GET_ALIAS_MEMBERSHIP | DOMAIN_READ_OTHER_PARAMETERS; +pub const DOMAIN_WRITE: u32 = STANDARD_RIGHTS_WRITE | DOMAIN_WRITE_OTHER_PARAMETERS + | DOMAIN_WRITE_PASSWORD_PARAMS | DOMAIN_CREATE_USER | DOMAIN_CREATE_GROUP | DOMAIN_CREATE_ALIAS + | DOMAIN_ADMINISTER_SERVER; +pub const DOMAIN_EXECUTE: u32 = STANDARD_RIGHTS_EXECUTE | DOMAIN_READ_PASSWORD_PARAMETERS + | DOMAIN_LIST_ACCOUNTS | DOMAIN_LOOKUP; +ENUM!{enum DOMAIN_INFORMATION_CLASS { + DomainPasswordInformation = 1, + DomainGeneralInformation = 2, + DomainLogoffInformation = 3, + DomainOemInformation = 4, + DomainNameInformation = 5, + DomainReplicationInformation = 6, + DomainServerRoleInformation = 7, + DomainModifiedInformation = 8, + DomainStateInformation = 9, + DomainUasInformation = 10, + DomainGeneralInformation2 = 11, + DomainLockoutInformation = 12, + DomainModifiedInformation2 = 13, +}} +ENUM!{enum DOMAIN_SERVER_ENABLE_STATE { + DomainServerEnabled = 1, + DomainServerDisabled = 2, +}} +pub type PDOMAIN_SERVER_ENABLE_STATE = *mut DOMAIN_SERVER_ENABLE_STATE; +ENUM!{enum DOMAIN_SERVER_ROLE { + DomainServerRoleBackup = 2, + DomainServerRolePrimary = 3, +}} +pub type PDOMAIN_SERVER_ROLE = *mut DOMAIN_SERVER_ROLE; +STRUCT!{#[repr(packed(4))] struct DOMAIN_GENERAL_INFORMATION { + ForceLogoff: LARGE_INTEGER, + OemInformation: UNICODE_STRING, + DomainName: UNICODE_STRING, + ReplicaSourceNodeName: UNICODE_STRING, + DomainModifiedCount: LARGE_INTEGER, + DomainServerState: DOMAIN_SERVER_ENABLE_STATE, + DomainServerRole: DOMAIN_SERVER_ROLE, + UasCompatibilityRequired: BOOLEAN, + UserCount: ULONG, + GroupCount: ULONG, + AliasCount: ULONG, +}} +pub type PDOMAIN_GENERAL_INFORMATION = *mut DOMAIN_GENERAL_INFORMATION; +STRUCT!{#[repr(packed(4))] struct DOMAIN_GENERAL_INFORMATION2 { + I1: DOMAIN_GENERAL_INFORMATION, + LockoutDuration: LARGE_INTEGER, + LockoutObservationWindow: LARGE_INTEGER, + LockoutThreshold: USHORT, +}} +pub type PDOMAIN_GENERAL_INFORMATION2 = *mut DOMAIN_GENERAL_INFORMATION2; +STRUCT!{struct DOMAIN_UAS_INFORMATION { + UasCompatibilityRequired: BOOLEAN, +}} +ENUM!{enum DOMAIN_PASSWORD_CONSTRUCTION { + DomainPasswordSimple = 1, + DomainPasswordComplex = 2, +}} +STRUCT!{struct DOMAIN_LOGOFF_INFORMATION { + ForceLogoff: LARGE_INTEGER, +}} +pub type PDOMAIN_LOGOFF_INFORMATION = *mut DOMAIN_LOGOFF_INFORMATION; +STRUCT!{struct DOMAIN_OEM_INFORMATION { + OemInformation: UNICODE_STRING, +}} +pub type PDOMAIN_OEM_INFORMATION = *mut DOMAIN_OEM_INFORMATION; +STRUCT!{struct DOMAIN_NAME_INFORMATION { + DomainName: UNICODE_STRING, +}} +pub type PDOMAIN_NAME_INFORMATION = *mut DOMAIN_NAME_INFORMATION; +STRUCT!{struct DOMAIN_SERVER_ROLE_INFORMATION { + DomainServerRole: DOMAIN_SERVER_ROLE, +}} +pub type PDOMAIN_SERVER_ROLE_INFORMATION = *mut DOMAIN_SERVER_ROLE_INFORMATION; +STRUCT!{struct DOMAIN_REPLICATION_INFORMATION { + ReplicaSourceNodeName: UNICODE_STRING, +}} +pub type PDOMAIN_REPLICATION_INFORMATION = *mut DOMAIN_REPLICATION_INFORMATION; +STRUCT!{struct DOMAIN_MODIFIED_INFORMATION { + DomainModifiedCount: LARGE_INTEGER, + CreationTime: LARGE_INTEGER, +}} +pub type PDOMAIN_MODIFIED_INFORMATION = *mut DOMAIN_MODIFIED_INFORMATION; +STRUCT!{struct DOMAIN_MODIFIED_INFORMATION2 { + DomainModifiedCount: LARGE_INTEGER, + CreationTime: LARGE_INTEGER, + ModifiedCountAtLastPromotion: LARGE_INTEGER, +}} +pub type PDOMAIN_MODIFIED_INFORMATION2 = *mut DOMAIN_MODIFIED_INFORMATION2; +STRUCT!{struct DOMAIN_STATE_INFORMATION { + DomainServerState: DOMAIN_SERVER_ENABLE_STATE, +}} +pub type PDOMAIN_STATE_INFORMATION = *mut DOMAIN_STATE_INFORMATION; +STRUCT!{struct DOMAIN_LOCKOUT_INFORMATION { + LockoutDuration: LARGE_INTEGER, + LockoutObservationWindow: LARGE_INTEGER, + LockoutThreshold: USHORT, +}} +pub type PDOMAIN_LOCKOUT_INFORMATION = *mut DOMAIN_LOCKOUT_INFORMATION; +ENUM!{enum DOMAIN_DISPLAY_INFORMATION { + DomainDisplayUser = 1, + DomainDisplayMachine = 2, + DomainDisplayGroup = 3, + DomainDisplayOemUser = 4, + DomainDisplayOemGroup = 5, + DomainDisplayServer = 6, +}} +pub type PDOMAIN_DISPLAY_INFORMATION = *mut DOMAIN_DISPLAY_INFORMATION; +STRUCT!{struct DOMAIN_DISPLAY_USER { + Index: ULONG, + Rid: ULONG, + AccountControl: ULONG, + LogonName: UNICODE_STRING, + AdminComment: UNICODE_STRING, + FullName: UNICODE_STRING, +}} +pub type PDOMAIN_DISPLAY_USER = *mut DOMAIN_DISPLAY_USER; +STRUCT!{struct DOMAIN_DISPLAY_MACHINE { + Index: ULONG, + Rid: ULONG, + AccountControl: ULONG, + Machine: UNICODE_STRING, + Comment: UNICODE_STRING, +}} +pub type PDOMAIN_DISPLAY_MACHINE = *mut DOMAIN_DISPLAY_MACHINE; +STRUCT!{struct DOMAIN_DISPLAY_GROUP { + Index: ULONG, + Rid: ULONG, + Attributes: ULONG, + Group: UNICODE_STRING, + Comment: UNICODE_STRING, +}} +pub type PDOMAIN_DISPLAY_GROUP = *mut DOMAIN_DISPLAY_GROUP; +STRUCT!{struct DOMAIN_DISPLAY_OEM_USER { + Index: ULONG, + User: OEM_STRING, +}} +pub type PDOMAIN_DISPLAY_OEM_USER = *mut DOMAIN_DISPLAY_OEM_USER; +STRUCT!{struct DOMAIN_DISPLAY_OEM_GROUP { + Index: ULONG, + Group: OEM_STRING, +}} +pub type PDOMAIN_DISPLAY_OEM_GROUP = *mut DOMAIN_DISPLAY_OEM_GROUP; +ENUM!{enum DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION { + DomainLocalizableAccountsBasic = 1, +}} +pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION = *mut DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION; +STRUCT!{struct DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY { + Rid: ULONG, + Use: SID_NAME_USE, + Name: UNICODE_STRING, + AdminComment: UNICODE_STRING, +}} +pub type PDOMAIN_LOCALIZABLE_ACCOUNT_ENTRY = *mut DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY; +STRUCT!{struct DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC { + Count: ULONG, + Entries: *mut DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY, +}} +pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_BASIC = *mut DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC; +UNION!{union DOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER { + Basic: DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC, +}} +pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER = *mut DOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER; +EXTERN!{extern "system" { + fn SamLookupDomainInSamServer( + ServerHandle: SAM_HANDLE, + Name: PUNICODE_STRING, + DomainId: *mut PSID, + ) -> NTSTATUS; + fn SamEnumerateDomainsInSamServer( + ServerHandle: SAM_HANDLE, + EnumerationContext: PSAM_ENUMERATE_HANDLE, + Buffer: *mut PVOID, + PreferedMaximumLength: ULONG, + CountReturned: PULONG, + ) -> NTSTATUS; + fn SamOpenDomain( + ServerHandle: SAM_HANDLE, + DesiredAccess: ACCESS_MASK, + DomainId: PSID, + DomainHandle: PSAM_HANDLE, + ) -> NTSTATUS; + fn SamQueryInformationDomain( + DomainHandle: SAM_HANDLE, + DomainInformationClass: DOMAIN_INFORMATION_CLASS, + Buffer: *mut PVOID, + ) -> NTSTATUS; + fn SamSetInformationDomain( + DomainHandle: SAM_HANDLE, + DomainInformationClass: DOMAIN_INFORMATION_CLASS, + DomainInformation: PVOID, + ) -> NTSTATUS; + fn SamLookupNamesInDomain( + DomainHandle: SAM_HANDLE, + Count: ULONG, + Names: PUNICODE_STRING, + RelativeIds: *mut PULONG, + Use: *mut PSID_NAME_USE, + ) -> NTSTATUS; + fn SamLookupIdsInDomain( + DomainHandle: SAM_HANDLE, + Count: ULONG, + RelativeIds: PULONG, + Names: *mut PUNICODE_STRING, + Use: *mut PSID_NAME_USE, + ) -> NTSTATUS; + fn SamRemoveMemberFromForeignDomain( + DomainHandle: SAM_HANDLE, + MemberId: PSID, + ) -> NTSTATUS; + fn SamQueryLocalizableAccountsInDomain( + Domain: SAM_HANDLE, + Flags: ULONG, + LanguageId: ULONG, + Class: DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION, + Buffer: *mut PVOID, + ) -> NTSTATUS; +}} +pub const GROUP_READ_INFORMATION: ACCESS_MASK = 0x0001; +pub const GROUP_WRITE_ACCOUNT: ACCESS_MASK = 0x0002; +pub const GROUP_ADD_MEMBER: ACCESS_MASK = 0x0004; +pub const GROUP_REMOVE_MEMBER: ACCESS_MASK = 0x0008; +pub const GROUP_LIST_MEMBERS: ACCESS_MASK = 0x0010; +pub const GROUP_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | GROUP_LIST_MEMBERS + | GROUP_WRITE_ACCOUNT | GROUP_ADD_MEMBER | GROUP_REMOVE_MEMBER | GROUP_READ_INFORMATION; +pub const GROUP_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | GROUP_LIST_MEMBERS; +pub const GROUP_WRITE: ACCESS_MASK = + STANDARD_RIGHTS_WRITE | GROUP_WRITE_ACCOUNT | GROUP_ADD_MEMBER | GROUP_REMOVE_MEMBER; +pub const GROUP_EXECUTE: ACCESS_MASK = STANDARD_RIGHTS_EXECUTE | GROUP_READ_INFORMATION; +STRUCT!{struct GROUP_MEMBERSHIP { + RelativeId: ULONG, + Attributes: ULONG, +}} +pub type PGROUP_MEMBERSHIP = *mut GROUP_MEMBERSHIP; +ENUM!{enum GROUP_INFORMATION_CLASS { + GroupGeneralInformation = 1, + GroupNameInformation = 2, + GroupAttributeInformation = 3, + GroupAdminCommentInformation = 4, + GroupReplicationInformation = 5, +}} +STRUCT!{struct GROUP_GENERAL_INFORMATION { + Name: UNICODE_STRING, + Attributes: ULONG, + MemberCount: ULONG, + AdminComment: UNICODE_STRING, +}} +pub type PGROUP_GENERAL_INFORMATION = *mut GROUP_GENERAL_INFORMATION; +STRUCT!{struct GROUP_NAME_INFORMATION { + Name: UNICODE_STRING, +}} +pub type PGROUP_NAME_INFORMATION = *mut GROUP_NAME_INFORMATION; +STRUCT!{struct GROUP_ATTRIBUTE_INFORMATION { + Attributes: ULONG, +}} +pub type PGROUP_ATTRIBUTE_INFORMATION = *mut GROUP_ATTRIBUTE_INFORMATION; +STRUCT!{struct GROUP_ADM_COMMENT_INFORMATION { + AdminComment: UNICODE_STRING, +}} +pub type PGROUP_ADM_COMMENT_INFORMATION = *mut GROUP_ADM_COMMENT_INFORMATION; +EXTERN!{extern "system" { + fn SamEnumerateGroupsInDomain( + DomainHandle: SAM_HANDLE, + EnumerationContext: PSAM_ENUMERATE_HANDLE, + Buffer: *mut PVOID, + PreferedMaximumLength: ULONG, + CountReturned: PULONG, + ) -> NTSTATUS; + fn SamCreateGroupInDomain( + DomainHandle: SAM_HANDLE, + AccountName: PUNICODE_STRING, + DesiredAccess: ACCESS_MASK, + GroupHandle: PSAM_HANDLE, + RelativeId: PULONG, + ) -> NTSTATUS; + fn SamOpenGroup( + DomainHandle: SAM_HANDLE, + DesiredAccess: ACCESS_MASK, + GroupId: ULONG, + GroupHandle: PSAM_HANDLE, + ) -> NTSTATUS; + fn SamDeleteGroup( + GroupHandle: SAM_HANDLE, + ) -> NTSTATUS; + fn SamQueryInformationGroup( + GroupHandle: SAM_HANDLE, + GroupInformationClass: GROUP_INFORMATION_CLASS, + Buffer: *mut PVOID, + ) -> NTSTATUS; + fn SamSetInformationGroup( + GroupHandle: SAM_HANDLE, + GroupInformationClass: GROUP_INFORMATION_CLASS, + Buffer: PVOID, + ) -> NTSTATUS; + fn SamAddMemberToGroup( + GroupHandle: SAM_HANDLE, + MemberId: ULONG, + Attributes: ULONG, + ) -> NTSTATUS; + fn SamRemoveMemberFromGroup( + GroupHandle: SAM_HANDLE, + MemberId: ULONG, + ) -> NTSTATUS; + fn SamGetMembersInGroup( + GroupHandle: SAM_HANDLE, + MemberIds: *mut PULONG, + Attributes: *mut PULONG, + MemberCount: PULONG, + ) -> NTSTATUS; + fn SamSetMemberAttributesOfGroup( + GroupHandle: SAM_HANDLE, + MemberId: ULONG, + Attributes: ULONG, + ) -> NTSTATUS; +}} +pub const ALIAS_ADD_MEMBER: ACCESS_MASK = 0x0001; +pub const ALIAS_REMOVE_MEMBER: ACCESS_MASK = 0x0002; +pub const ALIAS_LIST_MEMBERS: ACCESS_MASK = 0x0004; +pub const ALIAS_READ_INFORMATION: ACCESS_MASK = 0x0008; +pub const ALIAS_WRITE_ACCOUNT: ACCESS_MASK = 0x0010; +pub const ALIAS_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | ALIAS_READ_INFORMATION + | ALIAS_WRITE_ACCOUNT | ALIAS_LIST_MEMBERS | ALIAS_ADD_MEMBER | ALIAS_REMOVE_MEMBER; +pub const ALIAS_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | ALIAS_LIST_MEMBERS; +pub const ALIAS_WRITE: ACCESS_MASK = + STANDARD_RIGHTS_WRITE | ALIAS_WRITE_ACCOUNT | ALIAS_ADD_MEMBER | ALIAS_REMOVE_MEMBER; +pub const ALIAS_EXECUTE: ACCESS_MASK = STANDARD_RIGHTS_EXECUTE | ALIAS_READ_INFORMATION; +ENUM!{enum ALIAS_INFORMATION_CLASS { + AliasGeneralInformation = 1, + AliasNameInformation = 2, + AliasAdminCommentInformation = 3, + AliasReplicationInformation = 4, + AliasExtendedInformation = 5, +}} +STRUCT!{struct ALIAS_GENERAL_INFORMATION { + Name: UNICODE_STRING, + MemberCount: ULONG, + AdminComment: UNICODE_STRING, +}} +pub type PALIAS_GENERAL_INFORMATION = *mut ALIAS_GENERAL_INFORMATION; +STRUCT!{struct ALIAS_NAME_INFORMATION { + Name: UNICODE_STRING, +}} +pub type PALIAS_NAME_INFORMATION = *mut ALIAS_NAME_INFORMATION; +STRUCT!{struct ALIAS_ADM_COMMENT_INFORMATION { + AdminComment: UNICODE_STRING, +}} +pub type PALIAS_ADM_COMMENT_INFORMATION = *mut ALIAS_ADM_COMMENT_INFORMATION; +pub const ALIAS_ALL_NAME: ULONG = 0x00000001; +pub const ALIAS_ALL_MEMBER_COUNT: ULONG = 0x00000002; +pub const ALIAS_ALL_ADMIN_COMMENT: ULONG = 0x00000004; +pub const ALIAS_ALL_SHELL_ADMIN_OBJECT_PROPERTIES: ULONG = 0x00000008; +STRUCT!{struct ALIAS_EXTENDED_INFORMATION { + WhichFields: ULONG, + ShellAdminObjectProperties: SAM_SHELL_OBJECT_PROPERTIES, +}} +pub type PALIAS_EXTENDED_INFORMATION = *mut ALIAS_EXTENDED_INFORMATION; +EXTERN!{extern "system" { + fn SamEnumerateAliasesInDomain( + DomainHandle: SAM_HANDLE, + EnumerationContext: PSAM_ENUMERATE_HANDLE, + Buffer: *mut PVOID, + PreferedMaximumLength: ULONG, + CountReturned: PULONG, + ) -> NTSTATUS; + fn SamCreateAliasInDomain( + DomainHandle: SAM_HANDLE, + AccountName: PUNICODE_STRING, + DesiredAccess: ACCESS_MASK, + AliasHandle: PSAM_HANDLE, + RelativeId: PULONG, + ) -> NTSTATUS; + fn SamOpenAlias( + DomainHandle: SAM_HANDLE, + DesiredAccess: ACCESS_MASK, + AliasId: ULONG, + AliasHandle: PSAM_HANDLE, + ) -> NTSTATUS; + fn SamDeleteAlias( + AliasHandle: SAM_HANDLE, + ) -> NTSTATUS; + fn SamQueryInformationAlias( + AliasHandle: SAM_HANDLE, + AliasInformationClass: ALIAS_INFORMATION_CLASS, + Buffer: *mut PVOID, + ) -> NTSTATUS; + fn SamSetInformationAlias( + AliasHandle: SAM_HANDLE, + AliasInformationClass: ALIAS_INFORMATION_CLASS, + Buffer: PVOID, + ) -> NTSTATUS; + fn SamAddMemberToAlias( + AliasHandle: SAM_HANDLE, + MemberId: PSID, + ) -> NTSTATUS; + fn SamAddMultipleMembersToAlias( + AliasHandle: SAM_HANDLE, + MemberIds: *mut PSID, + MemberCount: ULONG, + ) -> NTSTATUS; + fn SamRemoveMemberFromAlias( + AliasHandle: SAM_HANDLE, + MemberId: PSID, + ) -> NTSTATUS; + fn SamRemoveMultipleMembersFromAlias( + AliasHandle: SAM_HANDLE, + MemberIds: *mut PSID, + MemberCount: ULONG, + ) -> NTSTATUS; + fn SamGetMembersInAlias( + AliasHandle: SAM_HANDLE, + MemberIds: *mut *mut PSID, + MemberCount: PULONG, + ) -> NTSTATUS; + fn SamGetAliasMembership( + DomainHandle: SAM_HANDLE, + PassedCount: ULONG, + Sids: *mut PSID, + MembershipCount: PULONG, + Aliases: *mut PULONG, + ) -> NTSTATUS; +}} +pub const GROUP_TYPE_BUILTIN_LOCAL_GROUP: u32 = 0x00000001; +pub const GROUP_TYPE_ACCOUNT_GROUP: u32 = 0x00000002; +pub const GROUP_TYPE_RESOURCE_GROUP: u32 = 0x00000004; +pub const GROUP_TYPE_UNIVERSAL_GROUP: u32 = 0x00000008; +pub const GROUP_TYPE_APP_BASIC_GROUP: u32 = 0x00000010; +pub const GROUP_TYPE_APP_QUERY_GROUP: u32 = 0x00000020; +pub const GROUP_TYPE_SECURITY_ENABLED: u32 = 0x80000000; +pub const GROUP_TYPE_RESOURCE_BEHAVOIR: u32 = + GROUP_TYPE_RESOURCE_GROUP | GROUP_TYPE_APP_BASIC_GROUP | GROUP_TYPE_APP_QUERY_GROUP; +pub const USER_READ_GENERAL: DWORD = 0x0001; +pub const USER_READ_PREFERENCES: DWORD = 0x0002; +pub const USER_WRITE_PREFERENCES: DWORD = 0x0004; +pub const USER_READ_LOGON: DWORD = 0x0008; +pub const USER_READ_ACCOUNT: DWORD = 0x0010; +pub const USER_WRITE_ACCOUNT: DWORD = 0x0020; +pub const USER_CHANGE_PASSWORD: DWORD = 0x0040; +pub const USER_FORCE_PASSWORD_CHANGE: DWORD = 0x0080; +pub const USER_LIST_GROUPS: DWORD = 0x0100; +pub const USER_READ_GROUP_INFORMATION: DWORD = 0x0200; +pub const USER_WRITE_GROUP_INFORMATION: DWORD = 0x0400; +pub const USER_ALL_ACCESS: DWORD = STANDARD_RIGHTS_REQUIRED | USER_READ_PREFERENCES + | USER_READ_LOGON | USER_LIST_GROUPS | USER_READ_GROUP_INFORMATION | USER_WRITE_PREFERENCES + | USER_CHANGE_PASSWORD | USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL | USER_READ_ACCOUNT + | USER_WRITE_ACCOUNT | USER_WRITE_GROUP_INFORMATION; +pub const USER_READ: DWORD = STANDARD_RIGHTS_READ | USER_READ_PREFERENCES | USER_READ_LOGON + | USER_READ_ACCOUNT | USER_LIST_GROUPS | USER_READ_GROUP_INFORMATION; +pub const USER_WRITE: DWORD = + STANDARD_RIGHTS_WRITE | USER_WRITE_PREFERENCES | USER_CHANGE_PASSWORD; +pub const USER_EXECUTE: DWORD = STANDARD_RIGHTS_EXECUTE | USER_READ_GENERAL | USER_CHANGE_PASSWORD; +ENUM!{enum USER_INFORMATION_CLASS { + UserGeneralInformation = 1, + UserPreferencesInformation = 2, + UserLogonInformation = 3, + UserLogonHoursInformation = 4, + UserAccountInformation = 5, + UserNameInformation = 6, + UserAccountNameInformation = 7, + UserFullNameInformation = 8, + UserPrimaryGroupInformation = 9, + UserHomeInformation = 10, + UserScriptInformation = 11, + UserProfileInformation = 12, + UserAdminCommentInformation = 13, + UserWorkStationsInformation = 14, + UserSetPasswordInformation = 15, + UserControlInformation = 16, + UserExpiresInformation = 17, + UserInternal1Information = 18, + UserInternal2Information = 19, + UserParametersInformation = 20, + UserAllInformation = 21, + UserInternal3Information = 22, + UserInternal4Information = 23, + UserInternal5Information = 24, + UserInternal4InformationNew = 25, + UserInternal5InformationNew = 26, + UserInternal6Information = 27, + UserExtendedInformation = 28, + UserLogonUIInformation = 29, +}} +pub type PUSER_INFORMATION_CLASS = *mut USER_INFORMATION_CLASS; +pub const USER_ALL_USERNAME: ULONG = 0x00000001; +pub const USER_ALL_FULLNAME: ULONG = 0x00000002; +pub const USER_ALL_USERID: ULONG = 0x00000004; +pub const USER_ALL_PRIMARYGROUPID: ULONG = 0x00000008; +pub const USER_ALL_ADMINCOMMENT: ULONG = 0x00000010; +pub const USER_ALL_USERCOMMENT: ULONG = 0x00000020; +pub const USER_ALL_HOMEDIRECTORY: ULONG = 0x00000040; +pub const USER_ALL_HOMEDIRECTORYDRIVE: ULONG = 0x00000080; +pub const USER_ALL_SCRIPTPATH: ULONG = 0x00000100; +pub const USER_ALL_PROFILEPATH: ULONG = 0x00000200; +pub const USER_ALL_WORKSTATIONS: ULONG = 0x00000400; +pub const USER_ALL_LASTLOGON: ULONG = 0x00000800; +pub const USER_ALL_LASTLOGOFF: ULONG = 0x00001000; +pub const USER_ALL_LOGONHOURS: ULONG = 0x00002000; +pub const USER_ALL_BADPASSWORDCOUNT: ULONG = 0x00004000; +pub const USER_ALL_LOGONCOUNT: ULONG = 0x00008000; +pub const USER_ALL_PASSWORDCANCHANGE: ULONG = 0x00010000; +pub const USER_ALL_PASSWORDMUSTCHANGE: ULONG = 0x00020000; +pub const USER_ALL_PASSWORDLASTSET: ULONG = 0x00040000; +pub const USER_ALL_ACCOUNTEXPIRES: ULONG = 0x00080000; +pub const USER_ALL_USERACCOUNTCONTROL: ULONG = 0x00100000; +pub const USER_ALL_PARAMETERS: ULONG = 0x00200000; +pub const USER_ALL_COUNTRYCODE: ULONG = 0x00400000; +pub const USER_ALL_CODEPAGE: ULONG = 0x00800000; +pub const USER_ALL_NTPASSWORDPRESENT: ULONG = 0x01000000; +pub const USER_ALL_LMPASSWORDPRESENT: ULONG = 0x02000000; +pub const USER_ALL_PRIVATEDATA: ULONG = 0x04000000; +pub const USER_ALL_PASSWORDEXPIRED: ULONG = 0x08000000; +pub const USER_ALL_SECURITYDESCRIPTOR: ULONG = 0x10000000; +pub const USER_ALL_OWFPASSWORD: ULONG = 0x20000000; +pub const USER_ALL_UNDEFINED_MASK: ULONG = 0xc0000000; +pub const USER_ALL_READ_GENERAL_MASK: ULONG = USER_ALL_USERNAME | USER_ALL_FULLNAME + | USER_ALL_USERID | USER_ALL_PRIMARYGROUPID | USER_ALL_ADMINCOMMENT | USER_ALL_USERCOMMENT; +pub const USER_ALL_READ_LOGON_MASK: ULONG = USER_ALL_HOMEDIRECTORY | USER_ALL_HOMEDIRECTORYDRIVE + | USER_ALL_SCRIPTPATH | USER_ALL_PROFILEPATH | USER_ALL_WORKSTATIONS | USER_ALL_LASTLOGON + | USER_ALL_LASTLOGOFF | USER_ALL_LOGONHOURS | USER_ALL_BADPASSWORDCOUNT | USER_ALL_LOGONCOUNT + | USER_ALL_PASSWORDCANCHANGE | USER_ALL_PASSWORDMUSTCHANGE; +pub const USER_ALL_READ_ACCOUNT_MASK: ULONG = USER_ALL_PASSWORDLASTSET | USER_ALL_ACCOUNTEXPIRES + | USER_ALL_USERACCOUNTCONTROL | USER_ALL_PARAMETERS; +pub const USER_ALL_READ_PREFERENCES_MASK: ULONG = USER_ALL_COUNTRYCODE | USER_ALL_CODEPAGE; +pub const USER_ALL_READ_TRUSTED_MASK: ULONG = USER_ALL_NTPASSWORDPRESENT + | USER_ALL_LMPASSWORDPRESENT | USER_ALL_PASSWORDEXPIRED | USER_ALL_SECURITYDESCRIPTOR + | USER_ALL_PRIVATEDATA; +pub const USER_ALL_READ_CANT_MASK: ULONG = USER_ALL_UNDEFINED_MASK; +pub const USER_ALL_WRITE_ACCOUNT_MASK: ULONG = USER_ALL_USERNAME | USER_ALL_FULLNAME + | USER_ALL_PRIMARYGROUPID | USER_ALL_HOMEDIRECTORY | USER_ALL_HOMEDIRECTORYDRIVE + | USER_ALL_SCRIPTPATH | USER_ALL_PROFILEPATH | USER_ALL_ADMINCOMMENT | USER_ALL_WORKSTATIONS + | USER_ALL_LOGONHOURS | USER_ALL_ACCOUNTEXPIRES | USER_ALL_USERACCOUNTCONTROL + | USER_ALL_PARAMETERS; +pub const USER_ALL_WRITE_PREFERENCES_MASK: ULONG = + USER_ALL_USERCOMMENT | USER_ALL_COUNTRYCODE | USER_ALL_CODEPAGE; +pub const USER_ALL_WRITE_FORCE_PASSWORD_CHANGE_MASK: ULONG = + USER_ALL_NTPASSWORDPRESENT | USER_ALL_LMPASSWORDPRESENT | USER_ALL_PASSWORDEXPIRED; +pub const USER_ALL_WRITE_TRUSTED_MASK: ULONG = USER_ALL_LASTLOGON | USER_ALL_LASTLOGOFF + | USER_ALL_BADPASSWORDCOUNT | USER_ALL_LOGONCOUNT | USER_ALL_PASSWORDLASTSET + | USER_ALL_SECURITYDESCRIPTOR | USER_ALL_PRIVATEDATA; +pub const USER_ALL_WRITE_CANT_MASK: ULONG = USER_ALL_USERID | USER_ALL_PASSWORDCANCHANGE + | USER_ALL_PASSWORDMUSTCHANGE | USER_ALL_UNDEFINED_MASK; +STRUCT!{struct USER_GENERAL_INFORMATION { + UserName: UNICODE_STRING, + FullName: UNICODE_STRING, + PrimaryGroupId: ULONG, + AdminComment: UNICODE_STRING, + UserComment: UNICODE_STRING, +}} +pub type PUSER_GENERAL_INFORMATION = *mut USER_GENERAL_INFORMATION; +STRUCT!{struct USER_PREFERENCES_INFORMATION { + UserComment: UNICODE_STRING, + Reserved1: UNICODE_STRING, + CountryCode: USHORT, + CodePage: USHORT, +}} +pub type PUSER_PREFERENCES_INFORMATION = *mut USER_PREFERENCES_INFORMATION; +STRUCT!{struct USER_PARAMETERS_INFORMATION { + Parameters: UNICODE_STRING, +}} +pub type PUSER_PARAMETERS_INFORMATION = *mut USER_PARAMETERS_INFORMATION; +STRUCT!{#[repr(packed(4))] struct USER_LOGON_INFORMATION { + UserName: UNICODE_STRING, + FullName: UNICODE_STRING, + UserId: ULONG, + PrimaryGroupId: ULONG, + HomeDirectory: UNICODE_STRING, + HomeDirectoryDrive: UNICODE_STRING, + ScriptPath: UNICODE_STRING, + ProfilePath: UNICODE_STRING, + WorkStations: UNICODE_STRING, + LastLogon: LARGE_INTEGER, + LastLogoff: LARGE_INTEGER, + PasswordLastSet: LARGE_INTEGER, + PasswordCanChange: LARGE_INTEGER, + PasswordMustChange: LARGE_INTEGER, + LogonHours: LOGON_HOURS, + BadPasswordCount: USHORT, + LogonCount: USHORT, + UserAccountControl: ULONG, +}} +pub type PUSER_LOGON_INFORMATION = *mut USER_LOGON_INFORMATION; +STRUCT!{#[repr(packed(4))] struct USER_ACCOUNT_INFORMATION { + UserName: UNICODE_STRING, + FullName: UNICODE_STRING, + UserId: ULONG, + PrimaryGroupId: ULONG, + HomeDirectory: UNICODE_STRING, + HomeDirectoryDrive: UNICODE_STRING, + ScriptPath: UNICODE_STRING, + ProfilePath: UNICODE_STRING, + AdminComment: UNICODE_STRING, + WorkStations: UNICODE_STRING, + LastLogon: LARGE_INTEGER, + LastLogoff: LARGE_INTEGER, + LogonHours: LOGON_HOURS, + BadPasswordCount: USHORT, + LogonCount: USHORT, + PasswordLastSet: LARGE_INTEGER, + AccountExpires: LARGE_INTEGER, + UserAccountControl: ULONG, +}} +pub type PUSER_ACCOUNT_INFORMATION = *mut USER_ACCOUNT_INFORMATION; +STRUCT!{struct USER_ACCOUNT_NAME_INFORMATION { + UserName: UNICODE_STRING, +}} +pub type PUSER_ACCOUNT_NAME_INFORMATION = *mut USER_ACCOUNT_NAME_INFORMATION; +STRUCT!{struct USER_FULL_NAME_INFORMATION { + FullName: UNICODE_STRING, +}} +pub type PUSER_FULL_NAME_INFORMATION = *mut USER_FULL_NAME_INFORMATION; +STRUCT!{struct USER_NAME_INFORMATION { + UserName: UNICODE_STRING, + FullName: UNICODE_STRING, +}} +pub type PUSER_NAME_INFORMATION = *mut USER_NAME_INFORMATION; +STRUCT!{struct USER_PRIMARY_GROUP_INFORMATION { + PrimaryGroupId: ULONG, +}} +pub type PUSER_PRIMARY_GROUP_INFORMATION = *mut USER_PRIMARY_GROUP_INFORMATION; +STRUCT!{struct USER_HOME_INFORMATION { + HomeDirectory: UNICODE_STRING, + HomeDirectoryDrive: UNICODE_STRING, +}} +pub type PUSER_HOME_INFORMATION = *mut USER_HOME_INFORMATION; +STRUCT!{struct USER_SCRIPT_INFORMATION { + ScriptPath: UNICODE_STRING, +}} +pub type PUSER_SCRIPT_INFORMATION = *mut USER_SCRIPT_INFORMATION; +STRUCT!{struct USER_PROFILE_INFORMATION { + ProfilePath: UNICODE_STRING, +}} +pub type PUSER_PROFILE_INFORMATION = *mut USER_PROFILE_INFORMATION; +STRUCT!{struct USER_ADMIN_COMMENT_INFORMATION { + AdminComment: UNICODE_STRING, +}} +pub type PUSER_ADMIN_COMMENT_INFORMATION = *mut USER_ADMIN_COMMENT_INFORMATION; +STRUCT!{struct USER_WORKSTATIONS_INFORMATION { + WorkStations: UNICODE_STRING, +}} +pub type PUSER_WORKSTATIONS_INFORMATION = *mut USER_WORKSTATIONS_INFORMATION; +STRUCT!{struct USER_SET_PASSWORD_INFORMATION { + Password: UNICODE_STRING, + PasswordExpired: BOOLEAN, +}} +pub type PUSER_SET_PASSWORD_INFORMATION = *mut USER_SET_PASSWORD_INFORMATION; +STRUCT!{struct USER_CONTROL_INFORMATION { + UserAccountControl: ULONG, +}} +pub type PUSER_CONTROL_INFORMATION = *mut USER_CONTROL_INFORMATION; +STRUCT!{struct USER_EXPIRES_INFORMATION { + AccountExpires: LARGE_INTEGER, +}} +pub type PUSER_EXPIRES_INFORMATION = *mut USER_EXPIRES_INFORMATION; +STRUCT!{struct USER_LOGON_HOURS_INFORMATION { + LogonHours: LOGON_HOURS, +}} +pub type PUSER_LOGON_HOURS_INFORMATION = *mut USER_LOGON_HOURS_INFORMATION; +pub type SAM_USER_TILE = SAM_BYTE_ARRAY_32K; +pub type PSAM_USER_TILE = *mut SAM_BYTE_ARRAY_32K; +pub const USER_EXTENDED_FIELD_USER_TILE: ULONG = 0x00001000; +pub const USER_EXTENDED_FIELD_PASSWORD_HINT: ULONG = 0x00002000; +pub const USER_EXTENDED_FIELD_DONT_SHOW_IN_LOGON_UI: ULONG = 0x00004000; +pub const USER_EXTENDED_FIELD_SHELL_ADMIN_OBJECT_PROPERTIES: ULONG = 0x00008000; +STRUCT!{struct USER_EXTENDED_INFORMATION { + ExtendedWhichFields: ULONG, + UserTile: SAM_USER_TILE, + PasswordHint: UNICODE_STRING, + DontShowInLogonUI: BOOLEAN, + ShellAdminObjectProperties: SAM_SHELL_OBJECT_PROPERTIES, +}} +pub type PUSER_EXTENDED_INFORMATION = *mut USER_EXTENDED_INFORMATION; +STRUCT!{struct USER_LOGON_UI_INFORMATION { + PasswordIsBlank: BOOLEAN, + AccountIsDisabled: BOOLEAN, +}} +pub type PUSER_LOGON_UI_INFORMATION = *mut USER_LOGON_UI_INFORMATION; +STRUCT!{struct USER_PWD_CHANGE_FAILURE_INFORMATION { + ExtendedFailureReason: ULONG, + FilterModuleName: UNICODE_STRING, +}} +pub type PUSER_PWD_CHANGE_FAILURE_INFORMATION = *mut USER_PWD_CHANGE_FAILURE_INFORMATION; +pub const SAM_PWD_CHANGE_NO_ERROR: u32 = 0; +pub const SAM_PWD_CHANGE_PASSWORD_TOO_SHORT: u32 = 1; +pub const SAM_PWD_CHANGE_PWD_IN_HISTORY: u32 = 2; +pub const SAM_PWD_CHANGE_USERNAME_IN_PASSWORD: u32 = 3; +pub const SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD: u32 = 4; +pub const SAM_PWD_CHANGE_NOT_COMPLEX: u32 = 5; +pub const SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT: u32 = 6; +pub const SAM_PWD_CHANGE_FAILED_BY_FILTER: u32 = 7; +pub const SAM_PWD_CHANGE_PASSWORD_TOO_LONG: u32 = 8; +pub const SAM_PWD_CHANGE_FAILURE_REASON_MAX: u32 = 8; +EXTERN!{extern "system" { + fn SamEnumerateUsersInDomain( + DomainHandle: SAM_HANDLE, + EnumerationContext: PSAM_ENUMERATE_HANDLE, + UserAccountControl: ULONG, + Buffer: *mut PVOID, + PreferedMaximumLength: ULONG, + CountReturned: PULONG, + ) -> NTSTATUS; + fn SamCreateUserInDomain( + DomainHandle: SAM_HANDLE, + AccountName: PUNICODE_STRING, + DesiredAccess: ACCESS_MASK, + UserHandle: PSAM_HANDLE, + RelativeId: PULONG, + ) -> NTSTATUS; + fn SamCreateUser2InDomain( + DomainHandle: SAM_HANDLE, + AccountName: PUNICODE_STRING, + AccountType: ULONG, + DesiredAccess: ACCESS_MASK, + UserHandle: PSAM_HANDLE, + GrantedAccess: PULONG, + RelativeId: PULONG, + ) -> NTSTATUS; + fn SamOpenUser( + DomainHandle: SAM_HANDLE, + DesiredAccess: ACCESS_MASK, + UserId: ULONG, + UserHandle: PSAM_HANDLE, + ) -> NTSTATUS; + fn SamDeleteUser( + UserHandle: SAM_HANDLE, + ) -> NTSTATUS; + fn SamQueryInformationUser( + UserHandle: SAM_HANDLE, + UserInformationClass: USER_INFORMATION_CLASS, + Buffer: *mut PVOID, + ) -> NTSTATUS; + fn SamSetInformationUser( + UserHandle: SAM_HANDLE, + UserInformationClass: USER_INFORMATION_CLASS, + Buffer: PVOID, + ) -> NTSTATUS; + fn SamGetGroupsForUser( + UserHandle: SAM_HANDLE, + Groups: *mut PGROUP_MEMBERSHIP, + MembershipCount: PULONG, + ) -> NTSTATUS; + fn SamChangePasswordUser( + UserHandle: SAM_HANDLE, + OldPassword: PUNICODE_STRING, + NewPassword: PUNICODE_STRING, + ) -> NTSTATUS; + fn SamChangePasswordUser2( + ServerName: PUNICODE_STRING, + UserName: PUNICODE_STRING, + OldPassword: PUNICODE_STRING, + NewPassword: PUNICODE_STRING, + ) -> NTSTATUS; + fn SamChangePasswordUser3( + ServerName: PUNICODE_STRING, + UserName: PUNICODE_STRING, + OldPassword: PUNICODE_STRING, + NewPassword: PUNICODE_STRING, + EffectivePasswordPolicy: *mut PDOMAIN_PASSWORD_INFORMATION, + PasswordChangeFailureInfo: *mut PUSER_PWD_CHANGE_FAILURE_INFORMATION, + ) -> NTSTATUS; + fn SamQueryDisplayInformation( + DomainHandle: SAM_HANDLE, + DisplayInformation: DOMAIN_DISPLAY_INFORMATION, + Index: ULONG, + EntryCount: ULONG, + PreferredMaximumLength: ULONG, + TotalAvailable: PULONG, + TotalReturned: PULONG, + ReturnedEntryCount: PULONG, + SortedBuffer: *mut PVOID, + ) -> NTSTATUS; + fn SamGetDisplayEnumerationIndex( + DomainHandle: SAM_HANDLE, + DisplayInformation: DOMAIN_DISPLAY_INFORMATION, + Prefix: PUNICODE_STRING, + Index: PULONG, + ) -> NTSTATUS; +}} +ENUM!{enum SECURITY_DB_DELTA_TYPE { + SecurityDbNew = 1, + SecurityDbRename = 2, + SecurityDbDelete = 3, + SecurityDbChangeMemberAdd = 4, + SecurityDbChangeMemberSet = 5, + SecurityDbChangeMemberDel = 6, + SecurityDbChange = 7, + SecurityDbChangePassword = 8, +}} +pub type PSECURITY_DB_DELTA_TYPE = *mut SECURITY_DB_DELTA_TYPE; +ENUM!{enum SECURITY_DB_OBJECT_TYPE { + SecurityDbObjectSamDomain = 1, + SecurityDbObjectSamUser = 2, + SecurityDbObjectSamGroup = 3, + SecurityDbObjectSamAlias = 4, + SecurityDbObjectLsaPolicy = 5, + SecurityDbObjectLsaTDomain = 6, + SecurityDbObjectLsaAccount = 7, + SecurityDbObjectLsaSecret = 8, +}} +pub type PSECURITY_DB_OBJECT_TYPE = *mut SECURITY_DB_OBJECT_TYPE; +ENUM!{enum SAM_ACCOUNT_TYPE { + SamObjectUser = 1, + SamObjectGroup = 2, + SamObjectAlias = 3, +}} +pub type PSAM_ACCOUNT_TYPE = *mut SAM_ACCOUNT_TYPE; +pub const SAM_USER_ACCOUNT: u32 = 0x00000001; +pub const SAM_GLOBAL_GROUP_ACCOUNT: u32 = 0x00000002; +pub const SAM_LOCAL_GROUP_ACCOUNT: u32 = 0x00000004; +STRUCT!{struct SAM_GROUP_MEMBER_ID { + MemberRid: ULONG, +}} +pub type PSAM_GROUP_MEMBER_ID = *mut SAM_GROUP_MEMBER_ID; +STRUCT!{struct SAM_ALIAS_MEMBER_ID { + MemberSid: PSID, +}} +pub type PSAM_ALIAS_MEMBER_ID = *mut SAM_ALIAS_MEMBER_ID; +UNION!{union SAM_DELTA_DATA { + GroupMemberId: SAM_GROUP_MEMBER_ID, + AliasMemberId: SAM_ALIAS_MEMBER_ID, + AccountControl: ULONG, +}} +pub type PSAM_DELTA_DATA = *mut SAM_DELTA_DATA; +FN!{stdcall PSAM_DELTA_NOTIFICATION_ROUTINE( + DomainSid: PSID, + DeltaType: SECURITY_DB_DELTA_TYPE, + ObjectType: SECURITY_DB_OBJECT_TYPE, + ObjectRid: ULONG, + ObjectName: PUNICODE_STRING, + ModifiedCount: PLARGE_INTEGER, + DeltaData: PSAM_DELTA_DATA, +) -> NTSTATUS} +pub const SAM_DELTA_NOTIFY_ROUTINE: UTF8Const = UTF8Const("DeltaNotify\0"); +EXTERN!{extern "system" { + fn SamRegisterObjectChangeNotification( + ObjectType: SECURITY_DB_OBJECT_TYPE, + NotificationEventHandle: HANDLE, + ) -> NTSTATUS; + fn SamUnregisterObjectChangeNotification( + ObjectType: SECURITY_DB_OBJECT_TYPE, + NotificationEventHandle: HANDLE, + ) -> NTSTATUS; +}} +pub const SAM_SID_COMPATIBILITY_ALL: u32 = 0; +pub const SAM_SID_COMPATIBILITY_LAX: u32 = 1; +pub const SAM_SID_COMPATIBILITY_STRICT: u32 = 2; +EXTERN!{extern "system" { + fn SamGetCompatibilityMode( + ObjectHandle: SAM_HANDLE, + Mode: *mut ULONG, + ) -> NTSTATUS; +}} +ENUM!{enum PASSWORD_POLICY_VALIDATION_TYPE { + SamValidateAuthentication = 1, + SamValidatePasswordChange = 2, + SamValidatePasswordReset = 3, +}} +STRUCT!{struct SAM_VALIDATE_PASSWORD_HASH { + Length: ULONG, + Hash: PUCHAR, +}} +pub type PSAM_VALIDATE_PASSWORD_HASH = *mut SAM_VALIDATE_PASSWORD_HASH; +pub const SAM_VALIDATE_PASSWORD_LAST_SET: u32 = 0x00000001; +pub const SAM_VALIDATE_BAD_PASSWORD_TIME: u32 = 0x00000002; +pub const SAM_VALIDATE_LOCKOUT_TIME: u32 = 0x00000004; +pub const SAM_VALIDATE_BAD_PASSWORD_COUNT: u32 = 0x00000008; +pub const SAM_VALIDATE_PASSWORD_HISTORY_LENGTH: u32 = 0x00000010; +pub const SAM_VALIDATE_PASSWORD_HISTORY: u32 = 0x00000020; +STRUCT!{struct SAM_VALIDATE_PERSISTED_FIELDS { + PresentFields: ULONG, + PasswordLastSet: LARGE_INTEGER, + BadPasswordTime: LARGE_INTEGER, + LockoutTime: LARGE_INTEGER, + BadPasswordCount: ULONG, + PasswordHistoryLength: ULONG, + PasswordHistory: PSAM_VALIDATE_PASSWORD_HASH, +}} +pub type PSAM_VALIDATE_PERSISTED_FIELDS = *mut SAM_VALIDATE_PERSISTED_FIELDS; +ENUM!{enum SAM_VALIDATE_VALIDATION_STATUS { + SamValidateSuccess = 0, + SamValidatePasswordMustChange = 1, + SamValidateAccountLockedOut = 2, + SamValidatePasswordExpired = 3, + SamValidatePasswordIncorrect = 4, + SamValidatePasswordIsInHistory = 5, + SamValidatePasswordTooShort = 6, + SamValidatePasswordTooLong = 7, + SamValidatePasswordNotComplexEnough = 8, + SamValidatePasswordTooRecent = 9, + SamValidatePasswordFilterError = 10, +}} +pub type PSAM_VALIDATE_VALIDATION_STATUS = *mut SAM_VALIDATE_VALIDATION_STATUS; +STRUCT!{struct SAM_VALIDATE_STANDARD_OUTPUT_ARG { + ChangedPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, + ValidationStatus: SAM_VALIDATE_VALIDATION_STATUS, +}} +pub type PSAM_VALIDATE_STANDARD_OUTPUT_ARG = *mut SAM_VALIDATE_STANDARD_OUTPUT_ARG; +STRUCT!{struct SAM_VALIDATE_AUTHENTICATION_INPUT_ARG { + InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, + PasswordMatched: BOOLEAN, +}} +pub type PSAM_VALIDATE_AUTHENTICATION_INPUT_ARG = *mut SAM_VALIDATE_AUTHENTICATION_INPUT_ARG; +STRUCT!{struct SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG { + InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, + ClearPassword: UNICODE_STRING, + UserAccountName: UNICODE_STRING, + HashedPassword: SAM_VALIDATE_PASSWORD_HASH, + PasswordMatch: BOOLEAN, +}} +pub type PSAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG = *mut SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG; +STRUCT!{struct SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG { + InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, + ClearPassword: UNICODE_STRING, + UserAccountName: UNICODE_STRING, + HashedPassword: SAM_VALIDATE_PASSWORD_HASH, + PasswordMustChangeAtNextLogon: BOOLEAN, + ClearLockout: BOOLEAN, +}} +pub type PSAM_VALIDATE_PASSWORD_RESET_INPUT_ARG = *mut SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG; +UNION!{union SAM_VALIDATE_INPUT_ARG { + ValidateAuthenticationInput: SAM_VALIDATE_AUTHENTICATION_INPUT_ARG, + ValidatePasswordChangeInput: SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG, + ValidatePasswordResetInput: SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG, +}} +pub type PSAM_VALIDATE_INPUT_ARG = *mut SAM_VALIDATE_INPUT_ARG; +UNION!{union SAM_VALIDATE_OUTPUT_ARG { + ValidateAuthenticationOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG, + ValidatePasswordChangeOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG, + ValidatePasswordResetOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG, +}} +pub type PSAM_VALIDATE_OUTPUT_ARG = *mut SAM_VALIDATE_OUTPUT_ARG; +EXTERN!{extern "system" { + fn SamValidatePassword( + ServerName: PUNICODE_STRING, + ValidationType: PASSWORD_POLICY_VALIDATION_TYPE, + InputArg: PSAM_VALIDATE_INPUT_ARG, + OutputArg: *mut PSAM_VALIDATE_OUTPUT_ARG, + ) -> NTSTATUS; +}} +ENUM!{enum SAM_GENERIC_OPERATION_TYPE { + SamObjectChangeNotificationOperation = 0, +}} +pub type PSAM_GENERIC_OPERATION_TYPE = *mut SAM_GENERIC_OPERATION_TYPE; +STRUCT!{struct SAM_OPERATION_OBJCHG_INPUT { + Register: BOOLEAN, + EventHandle: ULONG64, + ObjectType: SECURITY_DB_OBJECT_TYPE, + ProcessID: ULONG, +}} +pub type PSAM_OPERATION_OBJCHG_INPUT = *mut SAM_OPERATION_OBJCHG_INPUT; +STRUCT!{struct SAM_OPERATION_OBJCHG_OUTPUT { + Reserved: ULONG, +}} +pub type PSAM_OPERATION_OBJCHG_OUTPUT = *mut SAM_OPERATION_OBJCHG_OUTPUT; +UNION!{union SAM_GENERIC_OPERATION_INPUT { + ObjChangeIn: SAM_OPERATION_OBJCHG_INPUT, +}} +pub type PSAM_GENERIC_OPERATION_INPUT = *mut SAM_GENERIC_OPERATION_INPUT; +UNION!{union SAM_GENERIC_OPERATION_OUTPUT { + ObjChangeOut: SAM_OPERATION_OBJCHG_OUTPUT, +}} +pub type PSAM_GENERIC_OPERATION_OUTPUT = *mut SAM_GENERIC_OPERATION_OUTPUT; +EXTERN!{extern "system" { + fn SamPerformGenericOperation( + ServerName: PWSTR, + OperationType: SAM_GENERIC_OPERATION_TYPE, + OperationIn: PSAM_GENERIC_OPERATION_INPUT, + OperationOut: *mut PSAM_GENERIC_OPERATION_OUTPUT, + ) -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/ntseapi.rs b/vendor/ntapi/src/ntseapi.rs new file mode 100644 index 000000000..4cac9f4f8 --- /dev/null +++ b/vendor/ntapi/src/ntseapi.rs @@ -0,0 +1,439 @@ +use winapi::shared::basetsd::{PLONG64, PULONG64, ULONG64}; +use winapi::shared::ntdef::{ + BOOLEAN, HANDLE, LONG, NTSTATUS, PBOOLEAN, PHANDLE, PLARGE_INTEGER, PLUID, PNTSTATUS, + POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, ULONG, UNICODE_STRING, USHORT, +}; +use winapi::um::winnt::{ + ACCESS_MASK, AUDIT_EVENT_TYPE, PACCESS_MASK, PGENERIC_MAPPING, POBJECT_TYPE_LIST, + PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES, + PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER, + PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, SE_SIGNING_LEVEL, + TOKEN_INFORMATION_CLASS, TOKEN_TYPE, +}; +pub const SE_MIN_WELL_KNOWN_PRIVILEGE: LONG = 2; +pub const SE_CREATE_TOKEN_PRIVILEGE: LONG = 2; +pub const SE_ASSIGNPRIMARYTOKEN_PRIVILEGE: LONG = 3; +pub const SE_LOCK_MEMORY_PRIVILEGE: LONG = 4; +pub const SE_INCREASE_QUOTA_PRIVILEGE: LONG = 5; +pub const SE_MACHINE_ACCOUNT_PRIVILEGE: LONG = 6; +pub const SE_TCB_PRIVILEGE: LONG = 7; +pub const SE_SECURITY_PRIVILEGE: LONG = 8; +pub const SE_TAKE_OWNERSHIP_PRIVILEGE: LONG = 9; +pub const SE_LOAD_DRIVER_PRIVILEGE: LONG = 10; +pub const SE_SYSTEM_PROFILE_PRIVILEGE: LONG = 11; +pub const SE_SYSTEMTIME_PRIVILEGE: LONG = 12; +pub const SE_PROF_SINGLE_PROCESS_PRIVILEGE: LONG = 13; +pub const SE_INC_BASE_PRIORITY_PRIVILEGE: LONG = 14; +pub const SE_CREATE_PAGEFILE_PRIVILEGE: LONG = 15; +pub const SE_CREATE_PERMANENT_PRIVILEGE: LONG = 16; +pub const SE_BACKUP_PRIVILEGE: LONG = 17; +pub const SE_RESTORE_PRIVILEGE: LONG = 18; +pub const SE_SHUTDOWN_PRIVILEGE: LONG = 19; +pub const SE_DEBUG_PRIVILEGE: LONG = 20; +pub const SE_AUDIT_PRIVILEGE: LONG = 21; +pub const SE_SYSTEM_ENVIRONMENT_PRIVILEGE: LONG = 22; +pub const SE_CHANGE_NOTIFY_PRIVILEGE: LONG = 23; +pub const SE_REMOTE_SHUTDOWN_PRIVILEGE: LONG = 24; +pub const SE_UNDOCK_PRIVILEGE: LONG = 25; +pub const SE_SYNC_AGENT_PRIVILEGE: LONG = 26; +pub const SE_ENABLE_DELEGATION_PRIVILEGE: LONG = 27; +pub const SE_MANAGE_VOLUME_PRIVILEGE: LONG = 28; +pub const SE_IMPERSONATE_PRIVILEGE: LONG = 29; +pub const SE_CREATE_GLOBAL_PRIVILEGE: LONG = 30; +pub const SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE: LONG = 31; +pub const SE_RELABEL_PRIVILEGE: LONG = 32; +pub const SE_INC_WORKING_SET_PRIVILEGE: LONG = 33; +pub const SE_TIME_ZONE_PRIVILEGE: LONG = 34; +pub const SE_CREATE_SYMBOLIC_LINK_PRIVILEGE: LONG = 35; +pub const SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE: LONG = 36; +pub const SE_MAX_WELL_KNOWN_PRIVILEGE: LONG = SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID: USHORT = 0x00; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64: USHORT = 0x01; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64: USHORT = 0x02; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING: USHORT = 0x03; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN: USHORT = 0x04; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_SID: USHORT = 0x05; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: USHORT = 0x06; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: USHORT = 0x10; +pub const TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE: USHORT = 0x0001; +pub const TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE: USHORT = 0x0002; +pub const TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY: USHORT = 0x0004; +pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT: USHORT = 0x0008; +pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED: USHORT = 0x0010; +pub const TOKEN_SECURITY_ATTRIBUTE_MANDATORY: USHORT = 0x0020; +pub const TOKEN_SECURITY_ATTRIBUTE_COMPARE_IGNORE: USHORT = 0x0040; +pub const TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS: USHORT = TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE + | TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE | TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY + | TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT | TOKEN_SECURITY_ATTRIBUTE_DISABLED + | TOKEN_SECURITY_ATTRIBUTE_MANDATORY; +pub const TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS: u32 = 0xffff0000; +STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE { + Version: ULONG64, + Name: UNICODE_STRING, +}} +pub type PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE = *mut TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE; +STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { + pValue: PVOID, + ValueLength: ULONG, +}} +pub type PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE = + *mut TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE; +UNION!{union TOKEN_SECURITY_ATTRIBUTE_V1_Values { + pInt64: PLONG64, + pUint64: PULONG64, + pString: PUNICODE_STRING, + pFqbn: PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE, + pOctetString: PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, +}} +STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_V1 { + Name: UNICODE_STRING, + ValueType: USHORT, + Reserved: USHORT, + Flags: ULONG, + ValueCount: ULONG, + Values: TOKEN_SECURITY_ATTRIBUTE_V1_Values, +}} +pub type PTOKEN_SECURITY_ATTRIBUTE_V1 = *mut TOKEN_SECURITY_ATTRIBUTE_V1; +pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1: USHORT = 1; +pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION: USHORT = + TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1; +STRUCT!{struct TOKEN_SECURITY_ATTRIBUTES_INFORMATION { + Version: USHORT, + Reserved: USHORT, + AttributeCount: ULONG, + pAttributeV1: PTOKEN_SECURITY_ATTRIBUTE_V1, +}} +pub type PTOKEN_SECURITY_ATTRIBUTES_INFORMATION = *mut TOKEN_SECURITY_ATTRIBUTES_INFORMATION; +STRUCT!{struct TOKEN_PROCESS_TRUST_LEVEL { + TrustLevelSid: PSID, +}} +pub type PTOKEN_PROCESS_TRUST_LEVEL = *mut TOKEN_PROCESS_TRUST_LEVEL; +EXTERN!{extern "system" { + fn NtCreateToken( + TokenHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TokenType: TOKEN_TYPE, + AuthenticationId: PLUID, + ExpirationTime: PLARGE_INTEGER, + User: PTOKEN_USER, + Groups: PTOKEN_GROUPS, + Privileges: PTOKEN_PRIVILEGES, + Owner: PTOKEN_OWNER, + PrimaryGroup: PTOKEN_PRIMARY_GROUP, + DefaultDacl: PTOKEN_DEFAULT_DACL, + TokenSource: PTOKEN_SOURCE, + ) -> NTSTATUS; + fn NtCreateLowBoxToken( + TokenHandle: PHANDLE, + ExistingTokenHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + PackageSid: PSID, + CapabilityCount: ULONG, + Capabilities: PSID_AND_ATTRIBUTES, + HandleCount: ULONG, + Handles: *mut HANDLE, + ) -> NTSTATUS; + fn NtCreateTokenEx( + TokenHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TokenType: TOKEN_TYPE, + AuthenticationId: PLUID, + ExpirationTime: PLARGE_INTEGER, + User: PTOKEN_USER, + Groups: PTOKEN_GROUPS, + Privileges: PTOKEN_PRIVILEGES, + UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceGroups: PTOKEN_GROUPS, + TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY, + Owner: PTOKEN_OWNER, + PrimaryGroup: PTOKEN_PRIMARY_GROUP, + DefaultDacl: PTOKEN_DEFAULT_DACL, + TokenSource: PTOKEN_SOURCE, + ) -> NTSTATUS; + fn NtOpenProcessToken( + ProcessHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + fn NtOpenProcessTokenEx( + ProcessHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + fn NtOpenThreadToken( + ThreadHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + OpenAsSelf: BOOLEAN, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + fn NtOpenThreadTokenEx( + ThreadHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + OpenAsSelf: BOOLEAN, + HandleAttributes: ULONG, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + fn NtDuplicateToken( + ExistingTokenHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + EffectiveOnly: BOOLEAN, + TokenType: TOKEN_TYPE, + NewTokenHandle: PHANDLE, + ) -> NTSTATUS; + fn NtQueryInformationToken( + TokenHandle: HANDLE, + TokenInformationClass: TOKEN_INFORMATION_CLASS, + TokenInformation: PVOID, + TokenInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtSetInformationToken( + TokenHandle: HANDLE, + TokenInformationClass: TOKEN_INFORMATION_CLASS, + TokenInformation: PVOID, + TokenInformationLength: ULONG, + ) -> NTSTATUS; + fn NtAdjustPrivilegesToken( + TokenHandle: HANDLE, + DisableAllPrivileges: BOOLEAN, + NewState: PTOKEN_PRIVILEGES, + BufferLength: ULONG, + PreviousState: PTOKEN_PRIVILEGES, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtAdjustGroupsToken( + TokenHandle: HANDLE, + ResetToDefault: BOOLEAN, + NewState: PTOKEN_GROUPS, + BufferLength: ULONG, + PreviousState: PTOKEN_GROUPS, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtAdjustTokenClaimsAndDeviceGroups( + TokenHandle: HANDLE, + UserResetToDefault: BOOLEAN, + DeviceResetToDefault: BOOLEAN, + DeviceGroupsResetToDefault: BOOLEAN, + NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + NewDeviceGroupsState: PTOKEN_GROUPS, + UserBufferLength: ULONG, + PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceBufferLength: ULONG, + PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceGroupsBufferLength: ULONG, + PreviousDeviceGroups: PTOKEN_GROUPS, + UserReturnLength: PULONG, + DeviceReturnLength: PULONG, + DeviceGroupsReturnBufferLength: PULONG, + ) -> NTSTATUS; + fn NtFilterToken( + ExistingTokenHandle: HANDLE, + Flags: ULONG, + SidsToDisable: PTOKEN_GROUPS, + PrivilegesToDelete: PTOKEN_PRIVILEGES, + RestrictedSids: PTOKEN_GROUPS, + NewTokenHandle: PHANDLE, + ) -> NTSTATUS; + fn NtFilterTokenEx( + ExistingTokenHandle: HANDLE, + Flags: ULONG, + SidsToDisable: PTOKEN_GROUPS, + PrivilegesToDelete: PTOKEN_PRIVILEGES, + RestrictedSids: PTOKEN_GROUPS, + DisableUserClaimsCount: ULONG, + UserClaimsToDisable: PUNICODE_STRING, + DisableDeviceClaimsCount: ULONG, + DeviceClaimsToDisable: PUNICODE_STRING, + DeviceGroupsToDisable: PTOKEN_GROUPS, + RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + RestrictedDeviceGroups: PTOKEN_GROUPS, + NewTokenHandle: PHANDLE, + ) -> NTSTATUS; + fn NtCompareTokens( + FirstTokenHandle: HANDLE, + SecondTokenHandle: HANDLE, + Equal: PBOOLEAN, + ) -> NTSTATUS; + fn NtPrivilegeCheck( + ClientToken: HANDLE, + RequiredPrivileges: PPRIVILEGE_SET, + Result: PBOOLEAN, + ) -> NTSTATUS; + fn NtImpersonateAnonymousToken( + ThreadHandle: HANDLE, + ) -> NTSTATUS; + fn NtQuerySecurityAttributesToken( + TokenHandle: HANDLE, + Attributes: PUNICODE_STRING, + NumberOfAttributes: ULONG, + Buffer: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtAccessCheck( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + GenericMapping: PGENERIC_MAPPING, + PrivilegeSet: PPRIVILEGE_SET, + PrivilegeSetLength: PULONG, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + ) -> NTSTATUS; + fn NtAccessCheckByType( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + PrivilegeSet: PPRIVILEGE_SET, + PrivilegeSetLength: PULONG, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + ) -> NTSTATUS; + fn NtAccessCheckByTypeResultList( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + PrivilegeSet: PPRIVILEGE_SET, + PrivilegeSetLength: PULONG, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + ) -> NTSTATUS; + fn NtSetCachedSigningLevel( + Flags: ULONG, + InputSigningLevel: SE_SIGNING_LEVEL, + SourceFiles: PHANDLE, + SourceFileCount: ULONG, + TargetFile: HANDLE, + ) -> NTSTATUS; + fn NtGetCachedSigningLevel( + File: HANDLE, + Flags: PULONG, + SigningLevel: PSE_SIGNING_LEVEL, + Thumbprint: PUCHAR, + ThumbprintSize: PULONG, + ThumbprintAlgorithm: PULONG, + ) -> NTSTATUS; + fn NtAccessCheckAndAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + DesiredAccess: ACCESS_MASK, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + fn NtAccessCheckByTypeAndAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + DesiredAccess: ACCESS_MASK, + AuditType: AUDIT_EVENT_TYPE, + Flags: ULONG, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + fn NtAccessCheckByTypeResultListAndAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + DesiredAccess: ACCESS_MASK, + AuditType: AUDIT_EVENT_TYPE, + Flags: ULONG, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + fn NtAccessCheckByTypeResultListAndAuditAlarmByHandle( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ClientToken: HANDLE, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + DesiredAccess: ACCESS_MASK, + AuditType: AUDIT_EVENT_TYPE, + Flags: ULONG, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + fn NtOpenObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + GrantedAccess: ACCESS_MASK, + Privileges: PPRIVILEGE_SET, + ObjectCreation: BOOLEAN, + AccessGranted: BOOLEAN, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + fn NtPrivilegeObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + Privileges: PPRIVILEGE_SET, + AccessGranted: BOOLEAN, + ) -> NTSTATUS; + fn NtCloseObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + GenerateOnClose: BOOLEAN, + ) -> NTSTATUS; + fn NtDeleteObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + GenerateOnClose: BOOLEAN, + ) -> NTSTATUS; + fn NtPrivilegedServiceAuditAlarm( + SubsystemName: PUNICODE_STRING, + ServiceName: PUNICODE_STRING, + ClientToken: HANDLE, + Privileges: PPRIVILEGE_SET, + AccessGranted: BOOLEAN, + ) -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/ntsmss.rs b/vendor/ntapi/src/ntsmss.rs new file mode 100644 index 000000000..b22991fb7 --- /dev/null +++ b/vendor/ntapi/src/ntsmss.rs @@ -0,0 +1,15 @@ +use crate::ntlpcapi::PPORT_MESSAGE; +use winapi::shared::minwindef::DWORD; +use winapi::shared::ntdef::{HANDLE, NTSTATUS, PHANDLE, PUNICODE_STRING}; +EXTERN!{extern "system" { + fn RtlConnectToSm( + ApiPortName: PUNICODE_STRING, + ApiPortHandle: HANDLE, + ProcessImageType: DWORD, + SmssConnection: PHANDLE, + ) -> NTSTATUS; + fn RtlSendMsgToSm( + ApiPortHandle: HANDLE, + MessageData: PPORT_MESSAGE, + ) -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/nttmapi.rs b/vendor/ntapi/src/nttmapi.rs new file mode 100644 index 000000000..3ed499a92 --- /dev/null +++ b/vendor/ntapi/src/nttmapi.rs @@ -0,0 +1,239 @@ +use winapi::shared::basetsd::ULONG_PTR; +use winapi::shared::guiddef::LPGUID; +use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION}; +use winapi::shared::ntdef::{ + BOOLEAN, HANDLE, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, + PUNICODE_STRING, PVOID, ULONG, +}; +use winapi::um::winnt::{ + ACCESS_MASK, ENLISTMENT_INFORMATION_CLASS, KTMOBJECT_TYPE, PKTMOBJECT_CURSOR, + RESOURCEMANAGER_INFORMATION_CLASS, TRANSACTIONMANAGER_INFORMATION_CLASS, + TRANSACTION_INFORMATION_CLASS, +}; +EXTERN!{extern "system" { + fn NtCreateTransactionManager( + TmHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + LogFileName: PUNICODE_STRING, + CreateOptions: ULONG, + CommitStrength: ULONG, + ) -> NTSTATUS; + fn NtOpenTransactionManager( + TmHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + LogFileName: PUNICODE_STRING, + TmIdentity: LPGUID, + OpenOptions: ULONG, + ) -> NTSTATUS; + fn NtRenameTransactionManager( + LogFileName: PUNICODE_STRING, + ExistingTransactionManagerGuid: LPGUID, + ) -> NTSTATUS; + fn NtRollforwardTransactionManager( + TransactionManagerHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtRecoverTransactionManager( + TransactionManagerHandle: HANDLE, + ) -> NTSTATUS; + fn NtQueryInformationTransactionManager( + TransactionManagerHandle: HANDLE, + TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, + TransactionManagerInformation: PVOID, + TransactionManagerInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtSetInformationTransactionManager( + TmHandle: HANDLE, + TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, + TransactionManagerInformation: PVOID, + TransactionManagerInformationLength: ULONG, + ) -> NTSTATUS; + fn NtEnumerateTransactionObject( + RootObjectHandle: HANDLE, + QueryType: KTMOBJECT_TYPE, + ObjectCursor: PKTMOBJECT_CURSOR, + ObjectCursorLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtCreateTransaction( + TransactionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Uow: LPGUID, + TmHandle: HANDLE, + CreateOptions: ULONG, + IsolationLevel: ULONG, + IsolationFlags: ULONG, + Timeout: PLARGE_INTEGER, + Description: PUNICODE_STRING, + ) -> NTSTATUS; + fn NtOpenTransaction( + TransactionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Uow: LPGUID, + TmHandle: HANDLE, + ) -> NTSTATUS; + fn NtQueryInformationTransaction( + TransactionHandle: HANDLE, + TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, + TransactionInformation: PVOID, + TransactionInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtSetInformationTransaction( + TransactionHandle: HANDLE, + TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, + TransactionInformation: PVOID, + TransactionInformationLength: ULONG, + ) -> NTSTATUS; + fn NtCommitTransaction( + TransactionHandle: HANDLE, + Wait: BOOLEAN, + ) -> NTSTATUS; + fn NtRollbackTransaction( + TransactionHandle: HANDLE, + Wait: BOOLEAN, + ) -> NTSTATUS; + fn NtCreateEnlistment( + EnlistmentHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ResourceManagerHandle: HANDLE, + TransactionHandle: HANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + CreateOptions: ULONG, + NotificationMask: NOTIFICATION_MASK, + EnlistmentKey: PVOID, + ) -> NTSTATUS; + fn NtOpenEnlistment( + EnlistmentHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ResourceManagerHandle: HANDLE, + EnlistmentGuid: LPGUID, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtQueryInformationEnlistment( + EnlistmentHandle: HANDLE, + EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, + EnlistmentInformation: PVOID, + EnlistmentInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtSetInformationEnlistment( + EnlistmentHandle: HANDLE, + EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, + EnlistmentInformation: PVOID, + EnlistmentInformationLength: ULONG, + ) -> NTSTATUS; + fn NtRecoverEnlistment( + EnlistmentHandle: HANDLE, + EnlistmentKey: PVOID, + ) -> NTSTATUS; + fn NtPrePrepareEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtPrepareEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtCommitEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtRollbackEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtPrePrepareComplete( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtPrepareComplete( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtCommitComplete( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtReadOnlyEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtRollbackComplete( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtSinglePhaseReject( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtCreateResourceManager( + ResourceManagerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + TmHandle: HANDLE, + RmGuid: LPGUID, + ObjectAttributes: POBJECT_ATTRIBUTES, + CreateOptions: ULONG, + Description: PUNICODE_STRING, + ) -> NTSTATUS; + fn NtOpenResourceManager( + ResourceManagerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + TmHandle: HANDLE, + ResourceManagerGuid: LPGUID, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn NtRecoverResourceManager( + ResourceManagerHandle: HANDLE, + ) -> NTSTATUS; + fn NtGetNotificationResourceManager( + ResourceManagerHandle: HANDLE, + TransactionNotification: PTRANSACTION_NOTIFICATION, + NotificationLength: ULONG, + Timeout: PLARGE_INTEGER, + ReturnLength: PULONG, + Asynchronous: ULONG, + AsynchronousContext: ULONG_PTR, + ) -> NTSTATUS; + fn NtQueryInformationResourceManager( + ResourceManagerHandle: HANDLE, + ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, + ResourceManagerInformation: PVOID, + ResourceManagerInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn NtSetInformationResourceManager( + ResourceManagerHandle: HANDLE, + ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, + ResourceManagerInformation: PVOID, + ResourceManagerInformationLength: ULONG, + ) -> NTSTATUS; + fn NtRegisterProtocolAddressInformation( + ResourceManager: HANDLE, + ProtocolId: PCRM_PROTOCOL_ID, + ProtocolInformationSize: ULONG, + ProtocolInformation: PVOID, + CreateOptions: ULONG, + ) -> NTSTATUS; + fn NtPropagationComplete( + ResourceManagerHandle: HANDLE, + RequestCookie: ULONG, + BufferLength: ULONG, + Buffer: PVOID, + ) -> NTSTATUS; + fn NtPropagationFailed( + ResourceManagerHandle: HANDLE, + RequestCookie: ULONG, + PropStatus: NTSTATUS, + ) -> NTSTATUS; + fn NtFreezeTransactions( + FreezeTimeout: PLARGE_INTEGER, + ThawTimeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn NtThawTransactions() -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/nttp.rs b/vendor/ntapi/src/nttp.rs new file mode 100644 index 000000000..a41eb344a --- /dev/null +++ b/vendor/ntapi/src/nttp.rs @@ -0,0 +1,207 @@ +use crate::ntioapi::PIO_STATUS_BLOCK; +use winapi::shared::ntdef::{HANDLE, LOGICAL, LONG, NTSTATUS, PLARGE_INTEGER, PVOID}; +use winapi::um::winnt::{ + PRTL_CRITICAL_SECTION, PTP_CALLBACK_ENVIRON, PTP_CALLBACK_INSTANCE, PTP_CLEANUP_GROUP, PTP_IO, + PTP_POOL, PTP_POOL_STACK_INFORMATION, PTP_SIMPLE_CALLBACK, PTP_TIMER, PTP_TIMER_CALLBACK, + PTP_WAIT, PTP_WAIT_CALLBACK, PTP_WORK, PTP_WORK_CALLBACK, +}; +#[repr(C)] +pub struct TP_ALPC([u8; 0]); +pub type PTP_ALPC = *mut TP_ALPC; +FN!{stdcall PTP_ALPC_CALLBACK( + Instance: PTP_CALLBACK_INSTANCE, + Context: PVOID, + Alpc: PTP_ALPC, +) -> ()} +FN!{stdcall PTP_ALPC_CALLBACK_EX( + Instanc: PTP_CALLBACK_INSTANCE, + Contex: PVOID, + Alp: PTP_ALPC, + ApcContext: PVOID, +) -> ()} +EXTERN!{extern "system" { + fn TpAllocPool( + PoolReturn: *mut PTP_POOL, + Reserved: PVOID, + ) -> NTSTATUS; + fn TpReleasePool( + Pool: PTP_POOL, + ); + fn TpSetPoolMaxThreads( + Pool: PTP_POOL, + MaxThreads: LONG, + ); + fn TpSetPoolMinThreads( + Pool: PTP_POOL, + MinThreads: LONG, + ) -> NTSTATUS; + fn TpQueryPoolStackInformation( + Pool: PTP_POOL, + PoolStackInformation: PTP_POOL_STACK_INFORMATION, + ) -> NTSTATUS; + fn TpSetPoolStackInformation( + Pool: PTP_POOL, + PoolStackInformation: PTP_POOL_STACK_INFORMATION, + ) -> NTSTATUS; + fn TpAllocCleanupGroup( + CleanupGroupReturn: *mut PTP_CLEANUP_GROUP, + ) -> NTSTATUS; + fn TpReleaseCleanupGroup( + CleanupGroup: PTP_CLEANUP_GROUP, + ); + fn TpReleaseCleanupGroupMembers( + CleanupGroup: PTP_CLEANUP_GROUP, + CancelPendingCallbacks: LOGICAL, + CleanupParameter: PVOID, + ); + fn TpCallbackSetEventOnCompletion( + Instance: PTP_CALLBACK_INSTANCE, + Event: HANDLE, + ); + fn TpCallbackReleaseSemaphoreOnCompletion( + Instance: PTP_CALLBACK_INSTANCE, + Semaphore: HANDLE, + ReleaseCount: LONG, + ); + fn TpCallbackReleaseMutexOnCompletion( + Instance: PTP_CALLBACK_INSTANCE, + Mutex: HANDLE, + ); + fn TpCallbackLeaveCriticalSectionOnCompletion( + Instance: PTP_CALLBACK_INSTANCE, + CriticalSection: PRTL_CRITICAL_SECTION, + ); + fn TpCallbackUnloadDllOnCompletion( + Instance: PTP_CALLBACK_INSTANCE, + DllHandle: PVOID, + ); + fn TpCallbackMayRunLong( + Instance: PTP_CALLBACK_INSTANCE, + ) -> NTSTATUS; + fn TpDisassociateCallback( + Instance: PTP_CALLBACK_INSTANCE, + ); + fn TpSimpleTryPost( + Callback: PTP_SIMPLE_CALLBACK, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + fn TpAllocWork( + WorkReturn: *mut PTP_WORK, + Callback: PTP_WORK_CALLBACK, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + fn TpReleaseWork( + Work: PTP_WORK, + ); + fn TpPostWork( + Work: PTP_WORK, + ); + fn TpWaitForWork( + Work: PTP_WORK, + CancelPendingCallbacks: LOGICAL, + ); + fn TpAllocTimer( + Timer: *mut PTP_TIMER, + Callback: PTP_TIMER_CALLBACK, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + fn TpReleaseTimer( + Timer: PTP_TIMER, + ); + fn TpSetTimer( + Timer: PTP_TIMER, + DueTime: PLARGE_INTEGER, + Period: LONG, + WindowLength: LONG, + ); + fn TpIsTimerSet( + Timer: PTP_TIMER, + ) -> LOGICAL; + fn TpWaitForTimer( + Timer: PTP_TIMER, + CancelPendingCallbacks: LOGICAL, + ); + fn TpAllocWait( + WaitReturn: *mut PTP_WAIT, + Callback: PTP_WAIT_CALLBACK, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + fn TpReleaseWait( + Wait: PTP_WAIT, + ); + fn TpSetWait( + Wait: PTP_WAIT, + Handle: HANDLE, + Timeout: PLARGE_INTEGER, + ); + fn TpWaitForWait( + Wait: PTP_WAIT, + CancelPendingCallbacks: LOGICAL, + ); +}} +FN!{stdcall PTP_IO_CALLBACK( + Instance: PTP_CALLBACK_INSTANCE, + Context: PVOID, + ApcContext: PVOID, + IoSB: PIO_STATUS_BLOCK, + Io: PTP_IO, +) -> ()} +EXTERN!{extern "system" { + fn TpAllocIoCompletion( + IoReturn: *mut PTP_IO, + File: HANDLE, + Callback: PTP_IO_CALLBACK, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + fn TpReleaseIoCompletion( + Io: PTP_IO, + ); + fn TpStartAsyncIoOperation( + Io: PTP_IO, + ); + fn TpCancelAsyncIoOperation( + Io: PTP_IO, + ); + fn TpWaitForIoCompletion( + Io: PTP_IO, + CancelPendingCallbacks: LOGICAL, + ); + fn TpAllocAlpcCompletion( + AlpcReturn: *mut PTP_ALPC, + AlpcPort: HANDLE, + Callback: PTP_ALPC_CALLBACK, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + fn TpAllocAlpcCompletionEx( + AlpcReturn: *mut PTP_ALPC, + AlpcPort: HANDLE, + Callback: PTP_ALPC_CALLBACK_EX, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + fn TpReleaseAlpcCompletion( + Alpc: PTP_ALPC, + ); + fn TpWaitForAlpcCompletion( + Alpc: PTP_ALPC, + ); +}} +ENUM!{enum TP_TRACE_TYPE { + TpTraceThreadPriority = 1, + TpTraceThreadAffinity = 2, + MaxTpTraceType = 3, +}} +EXTERN!{extern "system" { + fn TpCaptureCaller( + Type: TP_TRACE_TYPE, + ); + fn TpCheckTerminateWorker( + Thread: HANDLE, + ); +}} diff --git a/vendor/ntapi/src/ntwow64.rs b/vendor/ntapi/src/ntwow64.rs new file mode 100644 index 000000000..9a95ae2ae --- /dev/null +++ b/vendor/ntapi/src/ntwow64.rs @@ -0,0 +1,476 @@ +use core::mem::size_of; +use crate::ntapi_base::CLIENT_ID32; +use crate::ntldr::{LDR_DDAG_STATE, LDR_DLL_LOAD_REASON}; +use crate::ntpsapi::GDI_HANDLE_BUFFER32; +use crate::ntrtl::RTL_MAX_DRIVE_LETTERS; +use crate::string::{UTF16Const, UTF8Const}; +use winapi::shared::guiddef::GUID; +use winapi::shared::ntdef::{ + BOOLEAN, CHAR, LARGE_INTEGER, LCID, LIST_ENTRY32, LONG, NTSTATUS, PROCESSOR_NUMBER, + SINGLE_LIST_ENTRY32, STRING32, UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, + UNICODE_STRING32, USHORT, WCHAR, +}; +use winapi::um::winnt::{FLS_MAXIMUM_AVAILABLE, NT_TIB32}; +pub const WOW64_SYSTEM_DIRECTORY: UTF8Const = UTF8Const("SysWOW64\0"); +/// "SysWOW64" +pub const WOW64_SYSTEM_DIRECTORY_U: UTF16Const = UTF16Const(&[ + 0x0053, 0x0079, 0x0073, 0x0057, 0x004F, 0x0057, 0x0036, 0x0034, 0u16, +]); +pub const WOW64_X86_TAG: UTF8Const = UTF8Const(" (x86)\0"); +/// " (x86)" +pub const WOW64_X86_TAG_U: UTF16Const = UTF16Const(&[ + 0x0020, 0x0028, 0x0078, 0x0038, 0x0036, 0x0029, 0u16, +]); +ENUM!{enum WOW64_SHARED_INFORMATION { + SharedNtdll32LdrInitializeThunk = 0, + SharedNtdll32KiUserExceptionDispatcher = 1, + SharedNtdll32KiUserApcDispatcher = 2, + SharedNtdll32KiUserCallbackDispatcher = 3, + SharedNtdll32ExpInterlockedPopEntrySListFault = 4, + SharedNtdll32ExpInterlockedPopEntrySListResume = 5, + SharedNtdll32ExpInterlockedPopEntrySListEnd = 6, + SharedNtdll32RtlUserThreadStart = 7, + SharedNtdll32pQueryProcessDebugInformationRemote = 8, + SharedNtdll32BaseAddress = 9, + SharedNtdll32LdrSystemDllInitBlock = 10, + Wow64SharedPageEntriesCount = 11, +}} +STRUCT!{struct RTL_BALANCED_NODE32_u_s { + Left: ULONG, // WOW64_POINTER + Right: ULONG, // WOW64_POINTER +}} +UNION!{union RTL_BALANCED_NODE32_u { + Children: [ULONG; 2], // WOW64_POINTER + s: RTL_BALANCED_NODE32_u_s, +}} +STRUCT!{struct RTL_BALANCED_NODE32 { + u: RTL_BALANCED_NODE32_u, + ParentValue: ULONG, +}} +pub type PRTL_BALANCED_NODE32 = *mut RTL_BALANCED_NODE32; +STRUCT!{struct RTL_RB_TREE32 { + Root: ULONG, // WOW64_POINTER + Min: ULONG, // WOW64_POINTER +}} +pub type PRTL_RB_TREE32 = *mut RTL_RB_TREE32; +STRUCT!{struct PEB_LDR_DATA32 { + Length: ULONG, + Initialized: BOOLEAN, + SsHandle: ULONG, + InLoadOrderModuleList: LIST_ENTRY32, + InMemoryOrderModuleList: LIST_ENTRY32, + InInitializationOrderModuleList: LIST_ENTRY32, + EntryInProgress: ULONG, + ShutdownInProgress: BOOLEAN, + ShutdownThreadId: ULONG, +}} +pub type PPEB_LDR_DATA32 = *mut PEB_LDR_DATA32; +STRUCT!{struct LDR_SERVICE_TAG_RECORD32 { + Next: ULONG, + ServiceTag: ULONG, +}} +pub type PLDR_SERVICE_TAG_RECORD32 = *mut LDR_SERVICE_TAG_RECORD32; +STRUCT!{struct LDRP_CSLIST32 { + Tail: ULONG, // WOW64_POINTER +}} +pub type PLDRP_CSLIST32 = *mut LDRP_CSLIST32; +UNION!{union LDR_DDAG_NODE32_u { + Dependencies: LDRP_CSLIST32, + RemovalLink: SINGLE_LIST_ENTRY32, +}} +STRUCT!{struct LDR_DDAG_NODE32 { + Modules: LIST_ENTRY32, + ServiceTagList: ULONG, // WOW64_POINTER + LoadCount: ULONG, + LoadWhileUnloadingCount: ULONG, + LowestLink: ULONG, + u: LDR_DDAG_NODE32_u, + IncomingDependencies: LDRP_CSLIST32, + State: LDR_DDAG_STATE, + CondenseLink: SINGLE_LIST_ENTRY32, + PreorderNumber: ULONG, +}} +pub type PLDR_DDAG_NODE32 = *mut LDR_DDAG_NODE32; +pub const LDR_DATA_TABLE_ENTRY_SIZE_WINXP_32: usize = 80; +pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN7_32: usize = 144; +pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN8_32: usize = 152; +UNION!{union LDR_DATA_TABLE_ENTRY32_u1 { + InInitializationOrderLinks: LIST_ENTRY32, + InProgressLinks: LIST_ENTRY32, +}} +UNION!{union LDR_DATA_TABLE_ENTRY32_u2 { + FlagGroup: [UCHAR; 4], + Flags: ULONG, +}} +STRUCT!{struct LDR_DATA_TABLE_ENTRY32 { + InLoadOrderLinks: LIST_ENTRY32, + InMemoryOrderLinks: LIST_ENTRY32, + u1: LDR_DATA_TABLE_ENTRY32_u1, + DllBase: ULONG, // WOW64_POINTER + EntryPoint: ULONG, // WOW64_POINTER + SizeOfImage: ULONG, + FullDllName: UNICODE_STRING32, + BaseDllName: UNICODE_STRING32, + u2: LDR_DATA_TABLE_ENTRY32_u2, + ObsoleteLoadCount: USHORT, + TlsIndex: USHORT, + HashLinks: LIST_ENTRY32, + TimeDateStamp: ULONG, + EntryPointActivationContext: ULONG, // WOW64_POINTER + Lock: ULONG, // WOW64_POINTER + DdagNode: ULONG, // WOW64_POINTER + NodeModuleLink: LIST_ENTRY32, + LoadContext: ULONG, // WOW64_POINTER + ParentDllBase: ULONG, // WOW64_POINTER + SwitchBackContext: ULONG, // WOW64_POINTER + BaseAddressIndexNode: RTL_BALANCED_NODE32, + MappingInfoIndexNode: RTL_BALANCED_NODE32, + OriginalBase: ULONG, + LoadTime: LARGE_INTEGER, + BaseNameHashValue: ULONG, + LoadReason: LDR_DLL_LOAD_REASON, + ImplicitPathOptions: ULONG, + ReferenceCount: ULONG, + DependentLoadFlags: ULONG, + SigningLevel: UCHAR, +}} +BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY32_u2 Flags: ULONG [ + PackagedBinary set_PackagedBinary[0..1], + MarkedForRemoval set_MarkedForRemoval[1..2], + ImageDll set_ImageDll[2..3], + LoadNotificationsSent set_LoadNotificationsSent[3..4], + TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5], + ProcessStaticImport set_ProcessStaticImport[5..6], + InLegacyLists set_InLegacyLists[6..7], + InIndexes set_InIndexes[7..8], + ShimDll set_ShimDll[8..9], + InExceptionTable set_InExceptionTable[9..10], + ReservedFlags1 set_ReservedFlags1[10..12], + LoadInProgress set_LoadInProgress[12..13], + LoadConfigProcessed set_LoadConfigProcessed[13..14], + EntryProcessed set_EntryProcessed[14..15], + ProtectDelayLoad set_ProtectDelayLoad[15..16], + ReservedFlags3 set_ReservedFlags3[16..18], + DontCallForThreads set_DontCallForThreads[18..19], + ProcessAttachCalled set_ProcessAttachCalled[19..20], + ProcessAttachFailed set_ProcessAttachFailed[20..21], + CorDeferredValidate set_CorDeferredValidate[21..22], + CorImage set_CorImage[22..23], + DontRelocate set_DontRelocate[23..24], + CorILOnly set_CorILOnly[24..25], + ReservedFlags5 set_ReservedFlags5[25..28], + Redirected set_Redirected[28..29], + ReservedFlags6 set_ReservedFlags6[29..31], + CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32], +]} +pub type PLDR_DATA_TABLE_ENTRY32 = *mut LDR_DATA_TABLE_ENTRY32; +STRUCT!{struct CURDIR32 { + DosPath: UNICODE_STRING32, + Handle: ULONG, // WOW64_POINTER +}} +pub type PCURDIR32 = *mut CURDIR32; +STRUCT!{struct RTL_DRIVE_LETTER_CURDIR32 { + Flags: USHORT, + Length: USHORT, + TimeStamp: ULONG, + DosPath: STRING32, +}} +pub type PRTL_DRIVE_LETTER_CURDIR32 = *mut RTL_DRIVE_LETTER_CURDIR32; +STRUCT!{struct RTL_USER_PROCESS_PARAMETERS32 { + MaximumLength: ULONG, + Length: ULONG, + Flags: ULONG, + DebugFlags: ULONG, + ConsoleHandle: ULONG, // WOW64_POINTER + ConsoleFlags: ULONG, + StandardInput: ULONG, // WOW64_POINTER + StandardOutput: ULONG, // WOW64_POINTER + StandardError: ULONG, // WOW64_POINTER + CurrentDirectory: CURDIR32, + DllPath: UNICODE_STRING32, + ImagePathName: UNICODE_STRING32, + CommandLine: UNICODE_STRING32, + Environment: ULONG, // WOW64_POINTER + StartingX: ULONG, + StartingY: ULONG, + CountX: ULONG, + CountY: ULONG, + CountCharsX: ULONG, + CountCharsY: ULONG, + FillAttribute: ULONG, + WindowFlags: ULONG, + ShowWindowFlags: ULONG, + WindowTitle: UNICODE_STRING32, + DesktopInfo: UNICODE_STRING32, + ShellInfo: UNICODE_STRING32, + RuntimeData: UNICODE_STRING32, + CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR32; RTL_MAX_DRIVE_LETTERS], + EnvironmentSize: ULONG, + EnvironmentVersion: ULONG, + PackageDependencyData: ULONG, // WOW64_POINTER + ProcessGroupId: ULONG, + LoaderThreads: ULONG, +}} +pub type PRTL_USER_PROCESS_PARAMETERS32 = *mut RTL_USER_PROCESS_PARAMETERS32; +UNION!{union PEB32_u { + KernelCallbackTable: ULONG, // WOW64_POINTER + UserSharedInfoPtr: ULONG, // WOW64_POINTER +}} +STRUCT!{struct PEB32 { + InheritedAddressSpace: BOOLEAN, + ReadImageFileExecOptions: BOOLEAN, + BeingDebugged: BOOLEAN, + BitField: BOOLEAN, + Mutant: ULONG, // WOW64_POINTER + ImageBaseAddress: ULONG, // WOW64_POINTER + Ldr: ULONG, // WOW64_POINTER + ProcessParameters: ULONG, // WOW64_POINTER + SubSystemData: ULONG, // WOW64_POINTER + ProcessHeap: ULONG, // WOW64_POINTER + FastPebLock: ULONG, // WOW64_POINTER + AtlThunkSListPtr: ULONG, // WOW64_POINTER + IFEOKey: ULONG, // WOW64_POINTER + CrossProcessFlags: ULONG, + u: PEB32_u, + SystemReserved: [ULONG; 1], + AtlThunkSListPtr32: ULONG, + ApiSetMap: ULONG, // WOW64_POINTER + TlsExpansionCounter: ULONG, + TlsBitmap: ULONG, // WOW64_POINTER + TlsBitmapBits: [ULONG; 2], + ReadOnlySharedMemoryBase: ULONG, // WOW64_POINTER + HotpatchInformation: ULONG, // WOW64_POINTER + ReadOnlyStaticServerData: ULONG, // WOW64_POINTER + AnsiCodePageData: ULONG, // WOW64_POINTER + OemCodePageData: ULONG, // WOW64_POINTER + UnicodeCaseTableData: ULONG, // WOW64_POINTER + NumberOfProcessors: ULONG, + NtGlobalFlag: ULONG, + CriticalSectionTimeout: LARGE_INTEGER, + HeapSegmentReserve: ULONG, + HeapSegmentCommit: ULONG, + HeapDeCommitTotalFreeThreshold: ULONG, + HeapDeCommitFreeBlockThreshold: ULONG, + NumberOfHeaps: ULONG, + MaximumNumberOfHeaps: ULONG, + ProcessHeaps: ULONG, // WOW64_POINTER + GdiSharedHandleTable: ULONG, // WOW64_POINTER + ProcessStarterHelper: ULONG, // WOW64_POINTER + GdiDCAttributeList: ULONG, + LoaderLock: ULONG, // WOW64_POINTER + OSMajorVersion: ULONG, + OSMinorVersion: ULONG, + OSBuildNumber: USHORT, + OSCSDVersion: USHORT, + OSPlatformId: ULONG, + ImageSubsystem: ULONG, + ImageSubsystemMajorVersion: ULONG, + ImageSubsystemMinorVersion: ULONG, + ActiveProcessAffinityMask: ULONG, + GdiHandleBuffer: GDI_HANDLE_BUFFER32, + PostProcessInitRoutine: ULONG, // WOW64_POINTER + TlsExpansionBitmap: ULONG, // WOW64_POINTER + TlsExpansionBitmapBits: [ULONG; 32], + SessionId: ULONG, + AppCompatFlags: ULARGE_INTEGER, + AppCompatFlagsUser: ULARGE_INTEGER, + pShimData: ULONG, // WOW64_POINTER + AppCompatInfo: ULONG, // WOW64_POINTER + CSDVersion: UNICODE_STRING32, + ActivationContextData: ULONG, // WOW64_POINTER + ProcessAssemblyStorageMap: ULONG, // WOW64_POINTER + SystemDefaultActivationContextData: ULONG, // WOW64_POINTER + SystemAssemblyStorageMap: ULONG, // WOW64_POINTER + MinimumStackCommit: ULONG, + FlsCallback: ULONG, // WOW64_POINTER + FlsListHead: LIST_ENTRY32, + FlsBitmap: ULONG, // WOW64_POINTER + FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::<ULONG>() * 8)], + FlsHighIndex: ULONG, + WerRegistrationData: ULONG, // WOW64_POINTER + WerShipAssertPtr: ULONG, // WOW64_POINTER + pContextData: ULONG, // WOW64_POINTER + pImageHeaderHash: ULONG, // WOW64_POINTER + TracingFlags: ULONG, + CsrServerReadOnlySharedMemoryBase: ULONGLONG, + TppWorkerpListLock: ULONG, // WOW64_POINTER + TppWorkerpList: LIST_ENTRY32, + WaitOnAddressHashTable: [ULONG; 128], // WOW64_POINTER + TelemetryCoverageHeader: ULONG, // WOW64_POINTER + CloudFileFlags: ULONG, + CloudFileDiagFlags: ULONG, + PlaceholderCompatibilityMode: CHAR, + PlaceholderCompatibilityModeReserved: [CHAR; 7], +}} +BITFIELD!{PEB32 BitField: BOOLEAN [ + ImageUsesLargePages set_ImageUsesLargePages[0..1], + IsProtectedProcess set_IsProtectedProcess[1..2], + IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3], + SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4], + IsPackagedProcess set_IsPackagedProcess[4..5], + IsAppContainer set_IsAppContainer[5..6], + IsProtectedProcessLight set_IsProtectedProcessLight[6..7], + IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8], +]} +BITFIELD!{PEB32 CrossProcessFlags: ULONG [ + ProcessInJob set_ProcessInJob[0..1], + ProcessInitializing set_ProcessInitializing[1..2], + ProcessUsingVEH set_ProcessUsingVEH[2..3], + ProcessUsingVCH set_ProcessUsingVCH[3..4], + ProcessUsingFTH set_ProcessUsingFTH[4..5], + ReservedBits0 set_ReservedBits0[5..32], +]} +BITFIELD!{PEB32 TracingFlags: ULONG [ + HeapTracingEnabled set_HeapTracingEnabled[0..1], + CritSecTracingEnabled set_CritSecTracingEnabled[1..2], + LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3], + SpareTracingBits set_SpareTracingBits[3..32], +]} +pub type PPEB32 = *mut PEB32; +pub const GDI_BATCH_BUFFER_SIZE: usize = 310; +STRUCT!{struct GDI_TEB_BATCH32 { + Offset: ULONG, + HDC: ULONG, + Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE], +}} +pub type PGDI_TEB_BATCH32 = *mut GDI_TEB_BATCH32; +STRUCT!{struct TEB32_u_s { + ReservedPad0: UCHAR, + ReservedPad1: UCHAR, + ReservedPad2: UCHAR, + IdealProcessor: UCHAR, +}} +UNION!{union TEB32_u { + CurrentIdealProcessor: PROCESSOR_NUMBER, + IdealProcessorValue: ULONG, + s: TEB32_u_s, +}} +STRUCT!{struct TEB32 { + NtTib: NT_TIB32, + EnvironmentPointer: ULONG, // WOW64_POINTER + ClientId: CLIENT_ID32, + ActiveRpcHandle: ULONG, // WOW64_POINTER + ThreadLocalStoragePointer: ULONG, // WOW64_POINTER + ProcessEnvironmentBlock: ULONG, // WOW64_POINTER + LastErrorValue: ULONG, + CountOfOwnedCriticalSections: ULONG, + CsrClientThread: ULONG, // WOW64_POINTER + Win32ThreadInfo: ULONG, // WOW64_POINTER + User32Reserved: [ULONG; 26], + UserReserved: [ULONG; 5], + WOW32Reserved: ULONG, // WOW64_POINTER + CurrentLocale: LCID, + FpSoftwareStatusRegister: ULONG, + ReservedForDebuggerInstrumentation: [ULONG; 16], // WOW64_POINTER + SystemReserved1: [ULONG; 36], // WOW64_POINTER + WorkingOnBehalfTicket: [UCHAR; 8], + ExceptionCode: NTSTATUS, + ActivationContextStackPointer: ULONG, // WOW64_POINTER + InstrumentationCallbackSp: ULONG, + InstrumentationCallbackPreviousPc: ULONG, + InstrumentationCallbackPreviousSp: ULONG, + InstrumentationCallbackDisabled: BOOLEAN, + SpareBytes: [UCHAR; 23], + TxFsContext: ULONG, + GdiTebBatch: GDI_TEB_BATCH32, + RealClientId: CLIENT_ID32, + GdiCachedProcessHandle: ULONG, // WOW64_POINTER + GdiClientPID: ULONG, + GdiClientTID: ULONG, + GdiThreadLocalInfo: ULONG, // WOW64_POINTER + Win32ClientInfo: [ULONG; 62], + glDispatchTable: [ULONG; 233], // WOW64_POINTER + glReserved1: [ULONG; 29], // WOW64_POINTER + glReserved2: ULONG, // WOW64_POINTER + glSectionInfo: ULONG, // WOW64_POINTER + glSection: ULONG, // WOW64_POINTER + glTable: ULONG, // WOW64_POINTER + glCurrentRC: ULONG, // WOW64_POINTER + glContext: ULONG, // WOW64_POINTER + LastStatusValue: NTSTATUS, + StaticUnicodeString: UNICODE_STRING32, + StaticUnicodeBuffer: [WCHAR; 261], + DeallocationStack: ULONG, // WOW64_POINTER + TlsSlots: [ULONG; 64], // WOW64_POINTER + TlsLinks: LIST_ENTRY32, + Vdm: ULONG, // WOW64_POINTER + ReservedForNtRpc: ULONG, // WOW64_POINTER + DbgSsReserved: [ULONG; 2], // WOW64_POINTER + HardErrorMode: ULONG, + Instrumentation: [ULONG; 9], // WOW64_POINTER + ActivityId: GUID, + SubProcessTag: ULONG, // WOW64_POINTER + PerflibData: ULONG, // WOW64_POINTER + EtwTraceData: ULONG, // WOW64_POINTER + WinSockData: ULONG, // WOW64_POINTER + GdiBatchCount: ULONG, + u: TEB32_u, + GuaranteedStackBytes: ULONG, + ReservedForPerf: ULONG, // WOW64_POINTER + ReservedForOle: ULONG, // WOW64_POINTER + WaitingOnLoaderLock: ULONG, + SavedPriorityState: ULONG, // WOW64_POINTER + ReservedForCodeCoverage: ULONG, + ThreadPoolData: ULONG, // WOW64_POINTER + TlsExpansionSlots: ULONG, // WOW64_POINTER + MuiGeneration: ULONG, + IsImpersonating: ULONG, + NlsCache: ULONG, // WOW64_POINTER + pShimData: ULONG, // WOW64_POINTER + HeapVirtualAffinity: USHORT, + LowFragHeapDataSlot: USHORT, + CurrentTransactionHandle: ULONG, // WOW64_POINTER + ActiveFrame: ULONG, // WOW64_POINTER + FlsData: ULONG, // WOW64_POINTER + PreferredLanguages: ULONG, // WOW64_POINTER + UserPrefLanguages: ULONG, // WOW64_POINTER + MergedPrefLanguages: ULONG, // WOW64_POINTER + MuiImpersonation: ULONG, + CrossTebFlags: USHORT, + SameTebFlags: USHORT, + TxnScopeEnterCallback: ULONG, // WOW64_POINTER + TxnScopeExitCallback: ULONG, // WOW64_POINTER + TxnScopeContext: ULONG, // WOW64_POINTER + LockCount: ULONG, + WowTebOffset: LONG, + ResourceRetValue: ULONG, // WOW64_POINTER + ReservedForWdf: ULONG, // WOW64_POINTER + ReservedForCrt: ULONGLONG, + EffectiveContainerId: GUID, +}} +BITFIELD!{TEB32 SameTebFlags: USHORT [ + SafeThunkCall set_SafeThunkCall[0..1], + InDebugPrint set_InDebugPrint[1..2], + HasFiberData set_HasFiberData[2..3], + SkipThreadAttach set_SkipThreadAttach[3..4], + WerInShipAssertCode set_WerInShipAssertCode[4..5], + RanProcessInit set_RanProcessInit[5..6], + ClonedThread set_ClonedThread[6..7], + SuppressDebugMsg set_SuppressDebugMsg[7..8], + DisableUserStackWalk set_DisableUserStackWalk[8..9], + RtlExceptionAttached set_RtlExceptionAttached[9..10], + InitialThread set_InitialThread[10..11], + SessionAware set_SessionAware[11..12], + LoadOwner set_LoadOwner[12..13], + LoaderWorker set_LoaderWorker[13..14], + SpareSameTebBits set_SpareSameTebBits[14..16], +]} +pub type PTEB32 = *mut TEB32; +#[inline] +pub fn UStr32ToUStr( + Destination: &mut UNICODE_STRING, + Source: &UNICODE_STRING32, +) { + Destination.Length = Source.Length; + Destination.MaximumLength = Source.MaximumLength; + Destination.Buffer = Source.Buffer as *mut u16; +} +#[inline] +pub fn UStrToUStr32( + Destination: &mut UNICODE_STRING32, + Source: &UNICODE_STRING, +) { + Destination.Length = Source.Length; + Destination.MaximumLength = Source.MaximumLength; + Destination.Buffer = Source.Buffer as u32; +} diff --git a/vendor/ntapi/src/ntxcapi.rs b/vendor/ntapi/src/ntxcapi.rs new file mode 100644 index 000000000..56644dd51 --- /dev/null +++ b/vendor/ntapi/src/ntxcapi.rs @@ -0,0 +1,29 @@ +use winapi::shared::ntdef::{BOOLEAN, NTSTATUS, PSTR, PVOID, ULONG}; +use winapi::um::winnt::{PCONTEXT, PEXCEPTION_RECORD}; +EXTERN!{extern "system" { + fn RtlDispatchException( + ExceptionRecord: PEXCEPTION_RECORD, + ContextRecord: PCONTEXT, + ) -> BOOLEAN; + fn RtlRaiseStatus( + Status: NTSTATUS, + ); + fn RtlRaiseException( + ExceptionRecord: PEXCEPTION_RECORD, + ); + fn NtContinue( + ContextRecord: PCONTEXT, + TestAlert: BOOLEAN, + ) -> NTSTATUS; + fn NtRaiseException( + ExceptionRecord: PEXCEPTION_RECORD, + ContextRecord: PCONTEXT, + FirstChance: BOOLEAN, + ) -> NTSTATUS; + fn RtlAssert( + VoidFailedAssertion: PVOID, + VoidFileName: PVOID, + LineNumber: ULONG, + MutableMessage: PSTR, + ); +}} diff --git a/vendor/ntapi/src/ntzwapi.rs b/vendor/ntapi/src/ntzwapi.rs new file mode 100644 index 000000000..9638bf836 --- /dev/null +++ b/vendor/ntapi/src/ntzwapi.rs @@ -0,0 +1,2699 @@ +use crate::ntapi_base::{PCLIENT_ID, PRTL_ATOM, RTL_ATOM}; +use crate::ntdbg::DEBUGOBJECTINFOCLASS; +use crate::ntexapi::{ + ATOM_INFORMATION_CLASS, EVENT_INFORMATION_CLASS, MUTANT_INFORMATION_CLASS, PBOOT_ENTRY, + PBOOT_OPTIONS, PCWNF_TYPE_ID, PEFI_DRIVER_ENTRY, PFILE_PATH, PT2_CANCEL_PARAMETERS, + PT2_SET_PARAMETERS, PTIMER_APC_ROUTINE, PWNF_CHANGE_STAMP, PWNF_DELIVERY_DESCRIPTOR, + SEMAPHORE_INFORMATION_CLASS, SHUTDOWN_ACTION, SYSDBG_COMMAND, SYSTEM_INFORMATION_CLASS, + TIMER_INFORMATION_CLASS, TIMER_SET_INFORMATION_CLASS, WNF_CHANGE_STAMP, WNF_DATA_SCOPE, + WNF_STATE_NAME_INFORMATION, WNF_STATE_NAME_LIFETIME, WORKERFACTORYINFOCLASS, +}; +use crate::ntioapi::{ + FILE_INFORMATION_CLASS, FILE_IO_COMPLETION_INFORMATION, FS_INFORMATION_CLASS, + IO_COMPLETION_INFORMATION_CLASS, IO_SESSION_EVENT, IO_SESSION_STATE, PFILE_BASIC_INFORMATION, + PFILE_IO_COMPLETION_INFORMATION, PFILE_NETWORK_OPEN_INFORMATION, PIO_APC_ROUTINE, + PIO_STATUS_BLOCK, +}; +use crate::ntkeapi::KPROFILE_SOURCE; +use crate::ntlpcapi::{ + ALPC_HANDLE, ALPC_MESSAGE_INFORMATION_CLASS, ALPC_PORT_INFORMATION_CLASS, PALPC_CONTEXT_ATTR, + PALPC_DATA_VIEW_ATTR, PALPC_HANDLE, PALPC_MESSAGE_ATTRIBUTES, PALPC_PORT_ATTRIBUTES, + PALPC_SECURITY_ATTR, PORT_INFORMATION_CLASS, PPORT_MESSAGE, PPORT_VIEW, PREMOTE_PORT_VIEW, +}; +use crate::ntmisc::VDMSERVICECLASS; +use crate::ntmmapi::{ + MEMORY_INFORMATION_CLASS, MEMORY_PARTITION_INFORMATION_CLASS, PMEMORY_RANGE_ENTRY, + SECTION_INFORMATION_CLASS, SECTION_INHERIT, VIRTUAL_MEMORY_INFORMATION_CLASS, +}; +use crate::ntobapi::OBJECT_INFORMATION_CLASS; +use crate::ntpnpapi::{PLUGPLAY_CONTROL_CLASS, PPLUGPLAY_EVENT_BLOCK}; +use crate::ntpsapi::{ + MEMORY_RESERVE_TYPE, PINITIAL_TEB, PPS_APC_ROUTINE, PPS_ATTRIBUTE_LIST, PPS_CREATE_INFO, + PROCESSINFOCLASS, THREADINFOCLASS, +}; +use crate::ntregapi::{ + KEY_INFORMATION_CLASS, KEY_SET_INFORMATION_CLASS, KEY_VALUE_INFORMATION_CLASS, + PKEY_VALUE_ENTRY, +}; +use crate::ntseapi::PTOKEN_SECURITY_ATTRIBUTES_INFORMATION; +use winapi::shared::basetsd::{ + KAFFINITY, PSIZE_T, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR, +}; +use winapi::shared::guiddef::LPGUID; +use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION}; +use winapi::shared::ntdef::{ + BOOLEAN, EVENT_TYPE, HANDLE, LANGID, LCID, LOGICAL, LONG, NTSTATUS, OBJECT_ATTRIBUTES, + PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE, PLARGE_INTEGER, PLCID, PLONG, + PLUID, PNTSTATUS, POBJECT_ATTRIBUTES, PUCHAR, PULARGE_INTEGER, PULONG, PULONGLONG, + PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE, ULONG, USHORT, VOID, + WAIT_TYPE, +}; +use winapi::um::winnt::{ + ACCESS_MASK, AUDIT_EVENT_TYPE, ENLISTMENT_INFORMATION_CLASS, EXECUTION_STATE, + JOBOBJECTINFOCLASS, KTMOBJECT_TYPE, LATENCY_TIME, PACCESS_MASK, PCONTEXT, PDEVICE_POWER_STATE, + PEXCEPTION_RECORD, PFILE_SEGMENT_ELEMENT, PGENERIC_MAPPING, PJOB_SET_ARRAY, PKTMOBJECT_CURSOR, + POBJECT_TYPE_LIST, POWER_ACTION, POWER_INFORMATION_LEVEL, PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, + PSECURITY_QUALITY_OF_SERVICE, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES, + PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER, + PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, + RESOURCEMANAGER_INFORMATION_CLASS, SECURITY_INFORMATION, SE_SIGNING_LEVEL, SYSTEM_POWER_STATE, + TOKEN_INFORMATION_CLASS, TOKEN_TYPE, TRANSACTIONMANAGER_INFORMATION_CLASS, + TRANSACTION_INFORMATION_CLASS, +}; +EXTERN!{extern "system" { + fn ZwAcceptConnectPort( + PortHandle: PHANDLE, + PortContext: PVOID, + ConnectionRequest: PPORT_MESSAGE, + AcceptConnection: BOOLEAN, + ServerView: PPORT_VIEW, + ClientView: PREMOTE_PORT_VIEW, + ) -> NTSTATUS; + fn ZwAccessCheck( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + GenericMapping: PGENERIC_MAPPING, + PrivilegeSet: PPRIVILEGE_SET, + PrivilegeSetLength: PULONG, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + ) -> NTSTATUS; + fn ZwAccessCheckAndAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + DesiredAccess: ACCESS_MASK, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + fn ZwAccessCheckByType( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + PrivilegeSet: PPRIVILEGE_SET, + PrivilegeSetLength: PULONG, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + ) -> NTSTATUS; + fn ZwAccessCheckByTypeAndAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + DesiredAccess: ACCESS_MASK, + AuditType: AUDIT_EVENT_TYPE, + Flags: ULONG, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + fn ZwAccessCheckByTypeResultList( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + PrivilegeSet: PPRIVILEGE_SET, + PrivilegeSetLength: PULONG, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + ) -> NTSTATUS; + fn ZwAccessCheckByTypeResultListAndAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + DesiredAccess: ACCESS_MASK, + AuditType: AUDIT_EVENT_TYPE, + Flags: ULONG, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + fn ZwAccessCheckByTypeResultListAndAuditAlarmByHandle( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ClientToken: HANDLE, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + DesiredAccess: ACCESS_MASK, + AuditType: AUDIT_EVENT_TYPE, + Flags: ULONG, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + fn ZwAcquireCMFViewOwnership( + TimeStamp: PULONGLONG, + tokenTaken: PBOOLEAN, + replaceExisting: BOOLEAN, + ) -> NTSTATUS; + fn ZwAddAtom( + AtomName: PWSTR, + Length: ULONG, + Atom: PRTL_ATOM, + ) -> NTSTATUS; + fn ZwAddAtomEx( + AtomName: PWSTR, + Length: ULONG, + Atom: PRTL_ATOM, + Flags: ULONG, + ) -> NTSTATUS; + fn ZwAddBootEntry( + BootEntry: PBOOT_ENTRY, + Id: PULONG, + ) -> NTSTATUS; + fn ZwAddDriverEntry( + DriverEntry: PEFI_DRIVER_ENTRY, + Id: PULONG, + ) -> NTSTATUS; + fn ZwAdjustGroupsToken( + TokenHandle: HANDLE, + ResetToDefault: BOOLEAN, + NewState: PTOKEN_GROUPS, + BufferLength: ULONG, + PreviousState: PTOKEN_GROUPS, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwAdjustPrivilegesToken( + TokenHandle: HANDLE, + DisableAllPrivileges: BOOLEAN, + NewState: PTOKEN_PRIVILEGES, + BufferLength: ULONG, + PreviousState: PTOKEN_PRIVILEGES, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwAdjustTokenClaimsAndDeviceGroups( + TokenHandle: HANDLE, + UserResetToDefault: BOOLEAN, + DeviceResetToDefault: BOOLEAN, + DeviceGroupsResetToDefault: BOOLEAN, + NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + NewDeviceGroupsState: PTOKEN_GROUPS, + UserBufferLength: ULONG, + PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceBufferLength: ULONG, + PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceGroupsBufferLength: ULONG, + PreviousDeviceGroups: PTOKEN_GROUPS, + UserReturnLength: PULONG, + DeviceReturnLength: PULONG, + DeviceGroupsReturnBufferLength: PULONG, + ) -> NTSTATUS; + fn ZwAlertResumeThread( + ThreadHandle: HANDLE, + PreviousSuspendCount: PULONG, + ) -> NTSTATUS; + fn ZwAlertThread( + ThreadHandle: HANDLE, + ) -> NTSTATUS; + fn ZwAlertThreadByThreadId( + ThreadId: HANDLE, + ) -> NTSTATUS; + fn ZwAllocateLocallyUniqueId( + Luid: PLUID, + ) -> NTSTATUS; + fn ZwAllocateReserveObject( + MemoryReserveHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + Type: MEMORY_RESERVE_TYPE, + ) -> NTSTATUS; + fn ZwAllocateUserPhysicalPages( + ProcessHandle: HANDLE, + NumberOfPages: PULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + fn ZwAllocateUuids( + Time: PULARGE_INTEGER, + Range: PULONG, + Sequence: PULONG, + Seed: PCHAR, + ) -> NTSTATUS; + fn ZwAllocateVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + ZeroBits: ULONG_PTR, + RegionSize: PSIZE_T, + AllocationType: ULONG, + Protect: ULONG, + ) -> NTSTATUS; + fn ZwAlpcAcceptConnectPort( + PortHandle: PHANDLE, + ConnectionPortHandle: HANDLE, + Flags: ULONG, + ObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + PortContext: PVOID, + ConnectionRequest: PPORT_MESSAGE, + ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + AcceptConnection: BOOLEAN, + ) -> NTSTATUS; + fn ZwAlpcCancelMessage( + PortHandle: HANDLE, + Flags: ULONG, + MessageContext: PALPC_CONTEXT_ATTR, + ) -> NTSTATUS; + fn ZwAlpcConnectPort( + PortHandle: PHANDLE, + PortName: PUNICODE_STRING, + ObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + Flags: ULONG, + RequiredServerSid: PSID, + ConnectionMessage: PPORT_MESSAGE, + BufferLength: PULONG, + OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwAlpcConnectPortEx( + PortHandle: PHANDLE, + ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES, + ClientPortObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + Flags: ULONG, + ServerSecurityRequirements: PSECURITY_DESCRIPTOR, + ConnectionMessage: PPORT_MESSAGE, + BufferLength: PSIZE_T, + OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwAlpcCreatePort( + PortHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwAlpcCreatePortSection( + PortHandle: HANDLE, + Flags: ULONG, + SectionHandle: HANDLE, + SectionSize: SIZE_T, + AlpcSectionHandle: PALPC_HANDLE, + ActualSectionSize: PSIZE_T, + ) -> NTSTATUS; + fn ZwAlpcCreateResourceReserve( + PortHandle: HANDLE, + Flags: ULONG, + MessageSize: SIZE_T, + ResourceId: PALPC_HANDLE, + ) -> NTSTATUS; + fn ZwAlpcCreateSectionView( + PortHandle: HANDLE, + Flags: ULONG, + ViewAttributes: PALPC_DATA_VIEW_ATTR, + ) -> NTSTATUS; + fn ZwAlpcCreateSecurityContext( + PortHandle: HANDLE, + Flags: ULONG, + SecurityAttribute: PALPC_SECURITY_ATTR, + ) -> NTSTATUS; + fn ZwAlpcDeletePortSection( + PortHandle: HANDLE, + Flags: ULONG, + SectionHandle: ALPC_HANDLE, + ) -> NTSTATUS; + fn ZwAlpcDeleteResourceReserve( + PortHandle: HANDLE, + Flags: ULONG, + ResourceId: ALPC_HANDLE, + ) -> NTSTATUS; + fn ZwAlpcDeleteSectionView( + PortHandle: HANDLE, + Flags: ULONG, + ViewBase: PVOID, + ) -> NTSTATUS; + fn ZwAlpcDeleteSecurityContext( + PortHandle: HANDLE, + Flags: ULONG, + ContextHandle: ALPC_HANDLE, + ) -> NTSTATUS; + fn ZwAlpcDisconnectPort( + PortHandle: HANDLE, + Flags: ULONG, + ) -> NTSTATUS; + fn ZwAlpcImpersonateClientContainerOfPort( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + Flags: ULONG, + ) -> NTSTATUS; + fn ZwAlpcImpersonateClientOfPort( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + Flags: PVOID, + ) -> NTSTATUS; + fn ZwAlpcOpenSenderProcess( + ProcessHandle: PHANDLE, + PortHandle: HANDLE, + PortMessage: PPORT_MESSAGE, + Flags: ULONG, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwAlpcOpenSenderThread( + ThreadHandle: PHANDLE, + PortHandle: HANDLE, + PortMessage: PPORT_MESSAGE, + Flags: ULONG, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwAlpcQueryInformation( + PortHandle: HANDLE, + PortInformationClass: ALPC_PORT_INFORMATION_CLASS, + PortInformation: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwAlpcQueryInformationMessage( + PortHandle: HANDLE, + PortMessage: PPORT_MESSAGE, + MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS, + MessageInformation: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwAlpcRevokeSecurityContext( + PortHandle: HANDLE, + Flags: ULONG, + ContextHandle: ALPC_HANDLE, + ) -> NTSTATUS; + fn ZwAlpcSendWaitReceivePort( + PortHandle: HANDLE, + Flags: ULONG, + SendMessageA: PPORT_MESSAGE, + SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + ReceiveMessage: PPORT_MESSAGE, + BufferLength: PSIZE_T, + ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwAlpcSetInformation( + PortHandle: HANDLE, + PortInformationClass: ALPC_PORT_INFORMATION_CLASS, + PortInformation: PVOID, + Length: ULONG, + ) -> NTSTATUS; + fn ZwAreMappedFilesTheSame( + File1MappedAsAnImage: PVOID, + File2MappedAsFile: PVOID, + ) -> NTSTATUS; + fn ZwAssignProcessToJobObject( + JobHandle: HANDLE, + ProcessHandle: HANDLE, + ) -> NTSTATUS; + fn ZwAssociateWaitCompletionPacket( + WaitCompletionPacketHandle: HANDLE, + IoCompletionHandle: HANDLE, + TargetObjectHandle: HANDLE, + KeyContext: PVOID, + ApcContext: PVOID, + IoStatus: NTSTATUS, + IoStatusInformation: ULONG_PTR, + AlreadySignaled: PBOOLEAN, + ) -> NTSTATUS; + fn ZwCallbackReturn( + OutputBuffer: PVOID, + OutputLength: ULONG, + Status: NTSTATUS, + ) -> NTSTATUS; + fn ZwCancelIoFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + fn ZwCancelIoFileEx( + FileHandle: HANDLE, + IoRequestToCancel: PIO_STATUS_BLOCK, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + fn ZwCancelSynchronousIoFile( + ThreadHandle: HANDLE, + IoRequestToCancel: PIO_STATUS_BLOCK, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + fn ZwCancelTimer( + TimerHandle: HANDLE, + CurrentState: PBOOLEAN, + ) -> NTSTATUS; + fn ZwCancelTimer2( + TimerHandle: HANDLE, + Parameters: PT2_CANCEL_PARAMETERS, + ) -> NTSTATUS; + fn ZwCancelWaitCompletionPacket( + WaitCompletionPacketHandle: HANDLE, + RemoveSignaledPacket: BOOLEAN, + ) -> NTSTATUS; + fn ZwClearEvent( + EventHandle: HANDLE, + ) -> NTSTATUS; + fn ZwClose( + Handle: HANDLE, + ) -> NTSTATUS; + fn ZwCloseObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + GenerateOnClose: BOOLEAN, + ) -> NTSTATUS; + fn ZwCommitComplete( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwCommitEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwCommitTransaction( + TransactionHandle: HANDLE, + Wait: BOOLEAN, + ) -> NTSTATUS; + fn ZwCompactKeys( + Count: ULONG, + KeyArray: *mut HANDLE, + ) -> NTSTATUS; + fn ZwCompareObjects( + FirstObjectHandle: HANDLE, + SecondObjectHandle: HANDLE, + ) -> NTSTATUS; + fn ZwCompareTokens( + FirstTokenHandle: HANDLE, + SecondTokenHandle: HANDLE, + Equal: PBOOLEAN, + ) -> NTSTATUS; + fn ZwCompleteConnectPort( + PortHandle: HANDLE, + ) -> NTSTATUS; + fn ZwCompressKey( + Key: HANDLE, + ) -> NTSTATUS; + fn ZwConnectPort( + PortHandle: PHANDLE, + PortName: PUNICODE_STRING, + SecurityQos: PSECURITY_QUALITY_OF_SERVICE, + ClientView: PPORT_VIEW, + ServerView: PREMOTE_PORT_VIEW, + MaxMessageLength: PULONG, + ConnectionInformation: PVOID, + ConnectionInformationLength: PULONG, + ) -> NTSTATUS; + fn ZwContinue( + ContextRecord: PCONTEXT, + TestAlert: BOOLEAN, + ) -> NTSTATUS; + fn ZwCreateDebugObject( + DebugObjectHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + fn ZwCreateDirectoryObject( + DirectoryHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwCreateDirectoryObjectEx( + DirectoryHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ShadowDirectoryHandle: HANDLE, + Flags: ULONG, + ) -> NTSTATUS; + fn ZwCreateEnlistment( + EnlistmentHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ResourceManagerHandle: HANDLE, + TransactionHandle: HANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + CreateOptions: ULONG, + NotificationMask: NOTIFICATION_MASK, + EnlistmentKey: PVOID, + ) -> NTSTATUS; + fn ZwCreateEvent( + EventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + EventType: EVENT_TYPE, + InitialState: BOOLEAN, + ) -> NTSTATUS; + fn ZwCreateEventPair( + EventPairHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwCreateFile( + FileHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + AllocationSize: PLARGE_INTEGER, + FileAttributes: ULONG, + ShareAccess: ULONG, + CreateDisposition: ULONG, + CreateOptions: ULONG, + EaBuffer: PVOID, + EaLength: ULONG, + ) -> NTSTATUS; + fn ZwCreateIRTimer( + TimerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ) -> NTSTATUS; + fn ZwCreateIoCompletion( + IoCompletionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Count: ULONG, + ) -> NTSTATUS; + fn ZwCreateJobObject( + JobHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwCreateJobSet( + NumJob: ULONG, + UserJobSet: PJOB_SET_ARRAY, + Flags: ULONG, + ) -> NTSTATUS; + fn ZwCreateKey( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TitleIndex: ULONG, + Class: PUNICODE_STRING, + CreateOptions: ULONG, + Disposition: PULONG, + ) -> NTSTATUS; + fn ZwCreateKeyTransacted( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TitleIndex: ULONG, + Class: PUNICODE_STRING, + CreateOptions: ULONG, + TransactionHandle: HANDLE, + Disposition: PULONG, + ) -> NTSTATUS; + fn ZwCreateKeyedEvent( + KeyedEventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + fn ZwCreateLowBoxToken( + TokenHandle: PHANDLE, + ExistingTokenHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + PackageSid: PSID, + CapabilityCount: ULONG, + Capabilities: PSID_AND_ATTRIBUTES, + HandleCount: ULONG, + Handles: *mut HANDLE, + ) -> NTSTATUS; + fn ZwCreateMailslotFile( + FileHandle: PHANDLE, + DesiredAccess: ULONG, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + CreateOptions: ULONG, + MailslotQuota: ULONG, + MaximumMessageSize: ULONG, + ReadTimeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwCreateMutant( + MutantHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + InitialOwner: BOOLEAN, + ) -> NTSTATUS; + fn ZwCreateNamedPipeFile( + FileHandle: PHANDLE, + DesiredAccess: ULONG, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + ShareAccess: ULONG, + CreateDisposition: ULONG, + CreateOptions: ULONG, + NamedPipeType: ULONG, + ReadMode: ULONG, + CompletionMode: ULONG, + MaximumInstances: ULONG, + InboundQuota: ULONG, + OutboundQuota: ULONG, + DefaultTimeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwCreatePagingFile( + PageFileName: PUNICODE_STRING, + MinimumSize: PLARGE_INTEGER, + MaximumSize: PLARGE_INTEGER, + Priority: ULONG, + ) -> NTSTATUS; + fn ZwCreatePartition( + PartitionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + PreferredNode: ULONG, + ) -> NTSTATUS; + fn ZwCreatePort( + PortHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaxConnectionInfoLength: ULONG, + MaxMessageLength: ULONG, + MaxPoolUsage: ULONG, + ) -> NTSTATUS; + fn ZwCreatePrivateNamespace( + NamespaceHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + BoundaryDescriptor: PVOID, + ) -> NTSTATUS; + fn ZwCreateProcess( + ProcessHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ParentProcess: HANDLE, + InheritObjectTable: BOOLEAN, + SectionHandle: HANDLE, + DebugPort: HANDLE, + ExceptionPort: HANDLE, + ) -> NTSTATUS; + fn ZwCreateProcessEx( + ProcessHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ParentProcess: HANDLE, + Flags: ULONG, + SectionHandle: HANDLE, + DebugPort: HANDLE, + ExceptionPort: HANDLE, + JobMemberLevel: ULONG, + ) -> NTSTATUS; + fn ZwCreateProfile( + ProfileHandle: PHANDLE, + Process: HANDLE, + ProfileBase: PVOID, + ProfileSize: SIZE_T, + BucketSize: ULONG, + Buffer: PULONG, + BufferSize: ULONG, + ProfileSource: KPROFILE_SOURCE, + Affinity: KAFFINITY, + ) -> NTSTATUS; + fn ZwCreateProfileEx( + ProfileHandle: PHANDLE, + Process: HANDLE, + ProfileBase: PVOID, + ProfileSize: SIZE_T, + BucketSize: ULONG, + Buffer: PULONG, + BufferSize: ULONG, + ProfileSource: KPROFILE_SOURCE, + GroupCount: USHORT, + GroupAffinity: PGROUP_AFFINITY, + ) -> NTSTATUS; + fn ZwCreateResourceManager( + ResourceManagerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + TmHandle: HANDLE, + ResourceManagerGuid: LPGUID, + ObjectAttributes: POBJECT_ATTRIBUTES, + CreateOptions: ULONG, + Description: PUNICODE_STRING, + ) -> NTSTATUS; + fn ZwCreateSection( + SectionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaximumSize: PLARGE_INTEGER, + SectionPageProtection: ULONG, + AllocationAttributes: ULONG, + FileHandle: HANDLE, + ) -> NTSTATUS; + fn ZwCreateSemaphore( + SemaphoreHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + InitialCount: LONG, + MaximumCount: LONG, + ) -> NTSTATUS; + fn ZwCreateSymbolicLinkObject( + LinkHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + LinkTarget: PUNICODE_STRING, + ) -> NTSTATUS; + fn ZwCreateThread( + ThreadHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ProcessHandle: HANDLE, + ClientId: PCLIENT_ID, + ThreadContext: PCONTEXT, + InitialTeb: PINITIAL_TEB, + CreateSuspended: BOOLEAN, + ) -> NTSTATUS; + fn ZwCreateThreadEx( + ThreadHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ProcessHandle: HANDLE, + StartRoutine: PVOID, + Argument: PVOID, + CreateFlags: ULONG, + ZeroBits: SIZE_T, + StackSize: SIZE_T, + MaximumStackSize: SIZE_T, + AttributeList: PPS_ATTRIBUTE_LIST, + ) -> NTSTATUS; + fn ZwCreateTimer( + TimerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TimerType: TIMER_TYPE, + ) -> NTSTATUS; + fn ZwCreateTimer2( + TimerHandle: PHANDLE, + Reserved1: PVOID, + Reserved2: PVOID, + Attributes: ULONG, + DesiredAccess: ACCESS_MASK, + ) -> NTSTATUS; + fn ZwCreateToken( + TokenHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TokenType: TOKEN_TYPE, + AuthenticationId: PLUID, + ExpirationTime: PLARGE_INTEGER, + User: PTOKEN_USER, + Groups: PTOKEN_GROUPS, + Privileges: PTOKEN_PRIVILEGES, + Owner: PTOKEN_OWNER, + PrimaryGroup: PTOKEN_PRIMARY_GROUP, + DefaultDacl: PTOKEN_DEFAULT_DACL, + TokenSource: PTOKEN_SOURCE, + ) -> NTSTATUS; + fn ZwCreateTokenEx( + TokenHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TokenType: TOKEN_TYPE, + AuthenticationId: PLUID, + ExpirationTime: PLARGE_INTEGER, + User: PTOKEN_USER, + Groups: PTOKEN_GROUPS, + Privileges: PTOKEN_PRIVILEGES, + UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceGroups: PTOKEN_GROUPS, + TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY, + Owner: PTOKEN_OWNER, + PrimaryGroup: PTOKEN_PRIMARY_GROUP, + DefaultDacl: PTOKEN_DEFAULT_DACL, + TokenSource: PTOKEN_SOURCE, + ) -> NTSTATUS; + fn ZwCreateTransaction( + TransactionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Uow: LPGUID, + TmHandle: HANDLE, + CreateOptions: ULONG, + IsolationLevel: ULONG, + IsolationFlags: ULONG, + Timeout: PLARGE_INTEGER, + Description: PUNICODE_STRING, + ) -> NTSTATUS; + fn ZwCreateTransactionManager( + TmHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + LogFileName: PUNICODE_STRING, + CreateOptions: ULONG, + CommitStrength: ULONG, + ) -> NTSTATUS; + fn ZwCreateUserProcess( + ProcessHandle: PHANDLE, + ThreadHandle: PHANDLE, + ProcessDesiredAccess: ACCESS_MASK, + ThreadDesiredAccess: ACCESS_MASK, + ProcessObjectAttributes: POBJECT_ATTRIBUTES, + ThreadObjectAttributes: POBJECT_ATTRIBUTES, + ProcessFlags: ULONG, + ThreadFlags: ULONG, + ProcessParameters: PVOID, + CreateInfo: PPS_CREATE_INFO, + AttributeList: PPS_ATTRIBUTE_LIST, + ) -> NTSTATUS; + fn ZwCreateWaitCompletionPacket( + WaitCompletionPacketHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwCreateWaitablePort( + PortHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaxConnectionInfoLength: ULONG, + MaxMessageLength: ULONG, + MaxPoolUsage: ULONG, + ) -> NTSTATUS; + fn ZwCreateWnfStateName( + StateName: PWNF_STATE_NAME, + NameLifetime: WNF_STATE_NAME_LIFETIME, + DataScope: WNF_DATA_SCOPE, + PersistData: BOOLEAN, + TypeId: PCWNF_TYPE_ID, + MaximumStateSize: ULONG, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + fn ZwCreateWorkerFactory( + WorkerFactoryHandleReturn: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + CompletionPortHandle: HANDLE, + WorkerProcessHandle: HANDLE, + StartRoutine: PVOID, + StartParameter: PVOID, + MaxThreadCount: ULONG, + StackReserve: SIZE_T, + StackCommit: SIZE_T, + ) -> NTSTATUS; + fn ZwDebugActiveProcess( + ProcessHandle: HANDLE, + DebugObjectHandle: HANDLE, + ) -> NTSTATUS; + fn ZwDebugContinue( + DebugObjectHandle: HANDLE, + ClientId: PCLIENT_ID, + ContinueStatus: NTSTATUS, + ) -> NTSTATUS; + fn ZwDelayExecution( + Alertable: BOOLEAN, + DelayInterval: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwDeleteAtom( + Atom: RTL_ATOM, + ) -> NTSTATUS; + fn ZwDeleteBootEntry( + Id: ULONG, + ) -> NTSTATUS; + fn ZwDeleteDriverEntry( + Id: ULONG, + ) -> NTSTATUS; + fn ZwDeleteFile( + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwDeleteKey( + KeyHandle: HANDLE, + ) -> NTSTATUS; + fn ZwDeleteObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + GenerateOnClose: BOOLEAN, + ) -> NTSTATUS; + fn ZwDeletePrivateNamespace( + NamespaceHandle: HANDLE, + ) -> NTSTATUS; + fn ZwDeleteValueKey( + KeyHandle: HANDLE, + ValueName: PUNICODE_STRING, + ) -> NTSTATUS; + fn ZwDeleteWnfStateData( + StateName: PCWNF_STATE_NAME, + ExplicitScope: *const VOID, + ) -> NTSTATUS; + fn ZwDeleteWnfStateName( + StateName: PCWNF_STATE_NAME, + ) -> NTSTATUS; + fn ZwDeviceIoControlFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + IoControlCode: ULONG, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ) -> NTSTATUS; + fn ZwDisableLastKnownGood() -> NTSTATUS; + fn ZwDisplayString( + String: PUNICODE_STRING, + ) -> NTSTATUS; + fn ZwDrawText( + String: PUNICODE_STRING, + ) -> NTSTATUS; + fn ZwDuplicateObject( + SourceProcessHandle: HANDLE, + SourceHandle: HANDLE, + TargetProcessHandle: HANDLE, + TargetHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + Options: ULONG, + ) -> NTSTATUS; + fn ZwDuplicateToken( + ExistingTokenHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + EffectiveOnly: BOOLEAN, + TokenType: TOKEN_TYPE, + NewTokenHandle: PHANDLE, + ) -> NTSTATUS; + fn ZwEnableLastKnownGood() -> NTSTATUS; + fn ZwEnumerateBootEntries( + Buffer: PVOID, + BufferLength: PULONG, + ) -> NTSTATUS; + fn ZwEnumerateDriverEntries( + Buffer: PVOID, + BufferLength: PULONG, + ) -> NTSTATUS; + fn ZwEnumerateKey( + KeyHandle: HANDLE, + Index: ULONG, + KeyInformationClass: KEY_INFORMATION_CLASS, + KeyInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + fn ZwEnumerateSystemEnvironmentValuesEx( + InformationClass: ULONG, + Buffer: PVOID, + BufferLength: PULONG, + ) -> NTSTATUS; + fn ZwEnumerateTransactionObject( + RootObjectHandle: HANDLE, + QueryType: KTMOBJECT_TYPE, + ObjectCursor: PKTMOBJECT_CURSOR, + ObjectCursorLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwEnumerateValueKey( + KeyHandle: HANDLE, + Index: ULONG, + KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, + KeyValueInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + fn ZwExtendSection( + SectionHandle: HANDLE, + NewSectionSize: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwFilterToken( + ExistingTokenHandle: HANDLE, + Flags: ULONG, + SidsToDisable: PTOKEN_GROUPS, + PrivilegesToDelete: PTOKEN_PRIVILEGES, + RestrictedSids: PTOKEN_GROUPS, + NewTokenHandle: PHANDLE, + ) -> NTSTATUS; + fn ZwFilterTokenEx( + ExistingTokenHandle: HANDLE, + Flags: ULONG, + SidsToDisable: PTOKEN_GROUPS, + PrivilegesToDelete: PTOKEN_PRIVILEGES, + RestrictedSids: PTOKEN_GROUPS, + DisableUserClaimsCount: ULONG, + UserClaimsToDisable: PUNICODE_STRING, + DisableDeviceClaimsCount: ULONG, + DeviceClaimsToDisable: PUNICODE_STRING, + DeviceGroupsToDisable: PTOKEN_GROUPS, + RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + RestrictedDeviceGroups: PTOKEN_GROUPS, + NewTokenHandle: PHANDLE, + ) -> NTSTATUS; + fn ZwFindAtom( + AtomName: PWSTR, + Length: ULONG, + Atom: PRTL_ATOM, + ) -> NTSTATUS; + fn ZwFlushBuffersFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + fn ZwFlushBuffersFileEx( + FileHandle: HANDLE, + Flags: ULONG, + Parameters: PVOID, + ParametersSize: ULONG, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + fn ZwFlushInstallUILanguage( + InstallUILanguage: LANGID, + SetComittedFlag: ULONG, + ) -> NTSTATUS; + fn ZwFlushInstructionCache( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Length: SIZE_T, + ) -> NTSTATUS; + fn ZwFlushKey( + KeyHandle: HANDLE, + ) -> NTSTATUS; + fn ZwFlushProcessWriteBuffers(); + fn ZwFlushWriteBuffer() -> NTSTATUS; + fn ZwFreeUserPhysicalPages( + ProcessHandle: HANDLE, + NumberOfPages: PULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + fn ZwFreeVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + FreeType: ULONG, + ) -> NTSTATUS; + fn ZwFreezeRegistry( + TimeOutInSeconds: ULONG, + ) -> NTSTATUS; + fn ZwFreezeTransactions( + FreezeTimeout: PLARGE_INTEGER, + ThawTimeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwFsControlFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + FsControlCode: ULONG, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ) -> NTSTATUS; + fn ZwGetCachedSigningLevel( + File: HANDLE, + Flags: PULONG, + SigningLevel: PSE_SIGNING_LEVEL, + Thumbprint: PUCHAR, + ThumbprintSize: PULONG, + ThumbprintAlgorithm: PULONG, + ) -> NTSTATUS; + fn ZwGetCompleteWnfStateSubscription( + OldDescriptorStateName: PWNF_STATE_NAME, + OldSubscriptionId: *mut ULONG64, + OldDescriptorEventMask: ULONG, + OldDescriptorStatus: ULONG, + NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR, + DescriptorSize: ULONG, + ) -> NTSTATUS; + fn ZwGetContextThread( + ThreadHandle: HANDLE, + ThreadContext: PCONTEXT, + ) -> NTSTATUS; + fn ZwGetCurrentProcessorNumber() -> ULONG; + fn ZwGetDevicePowerState( + Device: HANDLE, + State: PDEVICE_POWER_STATE, + ) -> NTSTATUS; + fn ZwGetMUIRegistryInfo( + Flags: ULONG, + DataSize: PULONG, + Data: PVOID, + ) -> NTSTATUS; + fn ZwGetNextProcess( + ProcessHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + Flags: ULONG, + NewProcessHandle: PHANDLE, + ) -> NTSTATUS; + fn ZwGetNextThread( + ProcessHandle: HANDLE, + ThreadHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + Flags: ULONG, + NewThreadHandle: PHANDLE, + ) -> NTSTATUS; + fn ZwGetNlsSectionPtr( + SectionType: ULONG, + SectionData: ULONG, + ContextData: PVOID, + SectionPointer: *mut PVOID, + SectionSize: PULONG, + ) -> NTSTATUS; + fn ZwGetNotificationResourceManager( + ResourceManagerHandle: HANDLE, + TransactionNotification: PTRANSACTION_NOTIFICATION, + NotificationLength: ULONG, + Timeout: PLARGE_INTEGER, + ReturnLength: PULONG, + Asynchronous: ULONG, + AsynchronousContext: ULONG_PTR, + ) -> NTSTATUS; + fn ZwGetPlugPlayEvent( + EventHandle: HANDLE, + Context: PVOID, + EventBlock: PPLUGPLAY_EVENT_BLOCK, + EventBufferSize: ULONG, + ) -> NTSTATUS; + fn ZwGetWriteWatch( + ProcessHandle: HANDLE, + Flags: ULONG, + BaseAddress: PVOID, + RegionSize: SIZE_T, + UserAddressArray: *mut PVOID, + EntriesInUserAddressArray: PULONG_PTR, + Granularity: PULONG, + ) -> NTSTATUS; + fn ZwImpersonateAnonymousToken( + ThreadHandle: HANDLE, + ) -> NTSTATUS; + fn ZwImpersonateClientOfPort( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + ) -> NTSTATUS; + fn ZwImpersonateThread( + ServerThreadHandle: HANDLE, + ClientThreadHandle: HANDLE, + SecurityQos: PSECURITY_QUALITY_OF_SERVICE, + ) -> NTSTATUS; + fn ZwInitializeNlsFiles( + BaseAddress: *mut PVOID, + DefaultLocaleId: PLCID, + DefaultCasingTableSize: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwInitializeRegistry( + BootCondition: USHORT, + ) -> NTSTATUS; + fn ZwInitiatePowerAction( + SystemAction: POWER_ACTION, + LightestSystemState: SYSTEM_POWER_STATE, + Flags: ULONG, + Asynchronous: BOOLEAN, + ) -> NTSTATUS; + fn ZwIsProcessInJob( + ProcessHandle: HANDLE, + JobHandle: HANDLE, + ) -> NTSTATUS; + fn ZwIsSystemResumeAutomatic() -> BOOLEAN; + fn ZwIsUILanguageComitted() -> NTSTATUS; + fn ZwListenPort( + PortHandle: HANDLE, + ConnectionRequest: PPORT_MESSAGE, + ) -> NTSTATUS; + fn ZwLoadDriver( + DriverServiceName: PUNICODE_STRING, + ) -> NTSTATUS; + fn ZwLoadKey( + TargetKey: POBJECT_ATTRIBUTES, + SourceFile: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwLoadKey2( + TargetKey: POBJECT_ATTRIBUTES, + SourceFile: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + fn ZwLoadKeyEx( + TargetKey: POBJECT_ATTRIBUTES, + SourceFile: POBJECT_ATTRIBUTES, + Flags: ULONG, + TrustClassKey: HANDLE, + Event: HANDLE, + DesiredAccess: ACCESS_MASK, + RootHandle: PHANDLE, + IoStatus: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + fn ZwLockFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + ByteOffset: PLARGE_INTEGER, + Length: PLARGE_INTEGER, + Key: ULONG, + FailImmediately: BOOLEAN, + ExclusiveLock: BOOLEAN, + ) -> NTSTATUS; + fn ZwLockProductActivationKeys( + pPrivateVer: *mut ULONG, + pSafeMode: *mut ULONG, + ) -> NTSTATUS; + fn ZwLockRegistryKey( + KeyHandle: HANDLE, + ) -> NTSTATUS; + fn ZwLockVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + MapType: ULONG, + ) -> NTSTATUS; + fn ZwMakePermanentObject( + Handle: HANDLE, + ) -> NTSTATUS; + fn ZwMakeTemporaryObject( + Handle: HANDLE, + ) -> NTSTATUS; + fn ZwManagePartition( + PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS, + PartitionInformation: PVOID, + PartitionInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwMapCMFModule( + What: ULONG, + Index: ULONG, + CacheIndexOut: PULONG, + CacheFlagsOut: PULONG, + ViewSizeOut: PULONG, + BaseAddress: *mut PVOID, + ) -> NTSTATUS; + fn ZwMapUserPhysicalPages( + VirtualAddress: PVOID, + NumberOfPages: ULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + fn ZwMapUserPhysicalPagesScatter( + VirtualAddresses: *mut PVOID, + NumberOfPages: ULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + fn ZwMapViewOfSection( + SectionHandle: HANDLE, + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + ZeroBits: ULONG_PTR, + CommitSize: SIZE_T, + SectionOffset: PLARGE_INTEGER, + ViewSize: PSIZE_T, + InheritDisposition: SECTION_INHERIT, + AllocationType: ULONG, + Win32Protect: ULONG, + ) -> NTSTATUS; + fn ZwModifyBootEntry( + BootEntry: PBOOT_ENTRY, + ) -> NTSTATUS; + fn ZwModifyDriverEntry( + DriverEntry: PEFI_DRIVER_ENTRY, + ) -> NTSTATUS; + fn ZwNotifyChangeDirectoryFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + ) -> NTSTATUS; + fn ZwNotifyChangeKey( + KeyHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + Buffer: PVOID, + BufferSize: ULONG, + Asynchronous: BOOLEAN, + ) -> NTSTATUS; + fn ZwNotifyChangeMultipleKeys( + MasterKeyHandle: HANDLE, + Count: ULONG, + SubordinateObjects: *mut OBJECT_ATTRIBUTES, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + Buffer: PVOID, + BufferSize: ULONG, + Asynchronous: BOOLEAN, + ) -> NTSTATUS; + fn ZwNotifyChangeSession( + SessionHandle: HANDLE, + ChangeSequenceNumber: ULONG, + ChangeTimeStamp: PLARGE_INTEGER, + Event: IO_SESSION_EVENT, + NewState: IO_SESSION_STATE, + PreviousState: IO_SESSION_STATE, + Payload: PVOID, + PayloadSize: ULONG, + ) -> NTSTATUS; + fn ZwOpenDirectoryObject( + DirectoryHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenEnlistment( + EnlistmentHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + RmHandle: HANDLE, + EnlistmentGuid: LPGUID, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenEvent( + EventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenEventPair( + EventPairHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenFile( + FileHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + ShareAccess: ULONG, + OpenOptions: ULONG, + ) -> NTSTATUS; + fn ZwOpenIoCompletion( + IoCompletionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenJobObject( + JobHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenKey( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenKeyEx( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + OpenOptions: ULONG, + ) -> NTSTATUS; + fn ZwOpenKeyTransacted( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TransactionHandle: HANDLE, + ) -> NTSTATUS; + fn ZwOpenKeyTransactedEx( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + OpenOptions: ULONG, + TransactionHandle: HANDLE, + ) -> NTSTATUS; + fn ZwOpenKeyedEvent( + KeyedEventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenMutant( + MutantHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + GrantedAccess: ACCESS_MASK, + Privileges: PPRIVILEGE_SET, + ObjectCreation: BOOLEAN, + AccessGranted: BOOLEAN, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + fn ZwOpenPartition( + PartitionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenPrivateNamespace( + NamespaceHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + BoundaryDescriptor: PVOID, + ) -> NTSTATUS; + fn ZwOpenProcess( + ProcessHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ClientId: PCLIENT_ID, + ) -> NTSTATUS; + fn ZwOpenProcessToken( + ProcessHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + fn ZwOpenProcessTokenEx( + ProcessHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + fn ZwOpenResourceManager( + ResourceManagerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + TmHandle: HANDLE, + ResourceManagerGuid: LPGUID, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenSection( + SectionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenSemaphore( + SemaphoreHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenSession( + SessionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenSymbolicLinkObject( + LinkHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenThread( + ThreadHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ClientId: PCLIENT_ID, + ) -> NTSTATUS; + fn ZwOpenThreadToken( + ThreadHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + OpenAsSelf: BOOLEAN, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + fn ZwOpenThreadTokenEx( + ThreadHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + OpenAsSelf: BOOLEAN, + HandleAttributes: ULONG, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + fn ZwOpenTimer( + TimerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwOpenTransaction( + TransactionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Uow: LPGUID, + TmHandle: HANDLE, + ) -> NTSTATUS; + fn ZwOpenTransactionManager( + TmHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + LogFileName: PUNICODE_STRING, + TmIdentity: LPGUID, + OpenOptions: ULONG, + ) -> NTSTATUS; + fn ZwPlugPlayControl( + PnPControlClass: PLUGPLAY_CONTROL_CLASS, + PnPControlData: PVOID, + PnPControlDataLength: ULONG, + ) -> NTSTATUS; + fn ZwPowerInformation( + InformationLevel: POWER_INFORMATION_LEVEL, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ) -> NTSTATUS; + fn ZwPrePrepareComplete( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwPrePrepareEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwPrepareComplete( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwPrepareEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwPrivilegeCheck( + ClientToken: HANDLE, + RequiredPrivileges: PPRIVILEGE_SET, + Result: PBOOLEAN, + ) -> NTSTATUS; + fn ZwPrivilegeObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + Privileges: PPRIVILEGE_SET, + AccessGranted: BOOLEAN, + ) -> NTSTATUS; + fn ZwPrivilegedServiceAuditAlarm( + SubsystemName: PUNICODE_STRING, + ServiceName: PUNICODE_STRING, + ClientToken: HANDLE, + Privileges: PPRIVILEGE_SET, + AccessGranted: BOOLEAN, + ) -> NTSTATUS; + fn ZwPropagationComplete( + ResourceManagerHandle: HANDLE, + RequestCookie: ULONG, + BufferLength: ULONG, + Buffer: PVOID, + ) -> NTSTATUS; + fn ZwPropagationFailed( + ResourceManagerHandle: HANDLE, + RequestCookie: ULONG, + PropStatus: NTSTATUS, + ) -> NTSTATUS; + fn ZwProtectVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + NewProtect: ULONG, + OldProtect: PULONG, + ) -> NTSTATUS; + fn ZwPulseEvent( + EventHandle: HANDLE, + PreviousState: PLONG, + ) -> NTSTATUS; + fn ZwQueryAttributesFile( + ObjectAttributes: POBJECT_ATTRIBUTES, + FileInformation: PFILE_BASIC_INFORMATION, + ) -> NTSTATUS; + fn ZwQueryBootEntryOrder( + Ids: PULONG, + Count: PULONG, + ) -> NTSTATUS; + fn ZwQueryBootOptions( + BootOptions: PBOOT_OPTIONS, + BootOptionsLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryDebugFilterState( + ComponentId: ULONG, + Level: ULONG, + ) -> NTSTATUS; + fn ZwQueryDefaultLocale( + UserProfile: BOOLEAN, + DefaultLocaleId: PLCID, + ) -> NTSTATUS; + fn ZwQueryDefaultUILanguage( + DefaultUILanguageId: *mut LANGID, + ) -> NTSTATUS; + fn ZwQueryDirectoryFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ReturnSingleEntry: BOOLEAN, + FileName: PUNICODE_STRING, + RestartScan: BOOLEAN, + ) -> NTSTATUS; + fn ZwQueryDirectoryObject( + DirectoryHandle: HANDLE, + Buffer: PVOID, + Length: ULONG, + ReturnSingleEntry: BOOLEAN, + RestartScan: BOOLEAN, + Context: PULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryDriverEntryOrder( + Ids: PULONG, + Count: PULONG, + ) -> NTSTATUS; + fn ZwQueryEaFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ReturnSingleEntry: BOOLEAN, + EaList: PVOID, + EaListLength: ULONG, + EaIndex: PULONG, + RestartScan: BOOLEAN, + ) -> NTSTATUS; + fn ZwQueryEvent( + EventHandle: HANDLE, + EventInformationClass: EVENT_INFORMATION_CLASS, + EventInformation: PVOID, + EventInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryFullAttributesFile( + ObjectAttributes: POBJECT_ATTRIBUTES, + FileInformation: PFILE_NETWORK_OPEN_INFORMATION, + ) -> NTSTATUS; + fn ZwQueryInformationAtom( + Atom: RTL_ATOM, + AtomInformationClass: ATOM_INFORMATION_CLASS, + AtomInformation: PVOID, + AtomInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryInformationEnlistment( + EnlistmentHandle: HANDLE, + EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, + EnlistmentInformation: PVOID, + EnlistmentInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ) -> NTSTATUS; + fn ZwQueryInformationJobObject( + JobHandle: HANDLE, + JobObjectInformationClass: JOBOBJECTINFOCLASS, + JobObjectInformation: PVOID, + JobObjectInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryInformationPort( + PortHandle: HANDLE, + PortInformationClass: PORT_INFORMATION_CLASS, + PortInformation: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryInformationProcess( + ProcessHandle: HANDLE, + ProcessInformationClass: PROCESSINFOCLASS, + ProcessInformation: PVOID, + ProcessInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryInformationResourceManager( + ResourceManagerHandle: HANDLE, + ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, + ResourceManagerInformation: PVOID, + ResourceManagerInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryInformationThread( + ThreadHandle: HANDLE, + ThreadInformationClass: THREADINFOCLASS, + ThreadInformation: PVOID, + ThreadInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryInformationToken( + TokenHandle: HANDLE, + TokenInformationClass: TOKEN_INFORMATION_CLASS, + TokenInformation: PVOID, + TokenInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryInformationTransaction( + TransactionHandle: HANDLE, + TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, + TransactionInformation: PVOID, + TransactionInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryInformationTransactionManager( + TransactionManagerHandle: HANDLE, + TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, + TransactionManagerInformation: PVOID, + TransactionManagerInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryInformationWorkerFactory( + WorkerFactoryHandle: HANDLE, + WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, + WorkerFactoryInformation: PVOID, + WorkerFactoryInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryInstallUILanguage( + InstallUILanguageId: *mut LANGID, + ) -> NTSTATUS; + fn ZwQueryIntervalProfile( + ProfileSource: KPROFILE_SOURCE, + Interval: PULONG, + ) -> NTSTATUS; + fn ZwQueryIoCompletion( + IoCompletionHandle: HANDLE, + IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS, + IoCompletionInformation: PVOID, + IoCompletionInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryKey( + KeyHandle: HANDLE, + KeyInformationClass: KEY_INFORMATION_CLASS, + KeyInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryLicenseValue( + ValueName: PUNICODE_STRING, + Type: PULONG, + Data: PVOID, + DataSize: ULONG, + ResultDataSize: PULONG, + ) -> NTSTATUS; + fn ZwQueryMultipleValueKey( + KeyHandle: HANDLE, + ValueEntries: PKEY_VALUE_ENTRY, + EntryCount: ULONG, + ValueBuffer: PVOID, + BufferLength: PULONG, + RequiredBufferLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryMutant( + MutantHandle: HANDLE, + MutantInformationClass: MUTANT_INFORMATION_CLASS, + MutantInformation: PVOID, + MutantInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryObject( + Handle: HANDLE, + ObjectInformationClass: OBJECT_INFORMATION_CLASS, + ObjectInformation: PVOID, + ObjectInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryOpenSubKeys( + TargetKey: POBJECT_ATTRIBUTES, + HandleCount: PULONG, + ) -> NTSTATUS; + fn ZwQueryOpenSubKeysEx( + TargetKey: POBJECT_ATTRIBUTES, + BufferLength: ULONG, + Buffer: PVOID, + RequiredSize: PULONG, + ) -> NTSTATUS; + fn ZwQueryPerformanceCounter( + PerformanceCounter: PLARGE_INTEGER, + PerformanceFrequency: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwQueryPortInformationProcess() -> NTSTATUS; + fn ZwQueryQuotaInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ReturnSingleEntry: BOOLEAN, + SidList: PVOID, + SidListLength: ULONG, + StartSid: PSID, + RestartScan: BOOLEAN, + ) -> NTSTATUS; + fn ZwQuerySection( + SectionHandle: HANDLE, + SectionInformationClass: SECTION_INFORMATION_CLASS, + SectionInformation: PVOID, + SectionInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + fn ZwQuerySecurityAttributesToken( + TokenHandle: HANDLE, + Attributes: PUNICODE_STRING, + NumberOfAttributes: ULONG, + Buffer: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQuerySecurityObject( + Handle: HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Length: ULONG, + LengthNeeded: PULONG, + ) -> NTSTATUS; + fn ZwQuerySemaphore( + SemaphoreHandle: HANDLE, + SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS, + SemaphoreInformation: PVOID, + SemaphoreInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQuerySymbolicLinkObject( + LinkHandle: HANDLE, + LinkTarget: PUNICODE_STRING, + ReturnedLength: PULONG, + ) -> NTSTATUS; + fn ZwQuerySystemEnvironmentValue( + VariableName: PUNICODE_STRING, + VariableValue: PWSTR, + ValueLength: USHORT, + ReturnLength: PUSHORT, + ) -> NTSTATUS; + fn ZwQuerySystemEnvironmentValueEx( + VariableName: PUNICODE_STRING, + VendorGuid: LPGUID, + Value: PVOID, + ValueLength: PULONG, + Attributes: PULONG, + ) -> NTSTATUS; + fn ZwQuerySystemInformation( + SystemInformationClass: SYSTEM_INFORMATION_CLASS, + SystemInformation: PVOID, + SystemInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQuerySystemInformationEx( + SystemInformationClass: SYSTEM_INFORMATION_CLASS, + InputBuffer: PVOID, + InputBufferLength: ULONG, + SystemInformation: PVOID, + SystemInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQuerySystemTime( + SystemTime: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwQueryTimer( + TimerHandle: HANDLE, + TimerInformationClass: TIMER_INFORMATION_CLASS, + TimerInformation: PVOID, + TimerInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryTimerResolution( + MaximumTime: PULONG, + MinimumTime: PULONG, + CurrentTime: PULONG, + ) -> NTSTATUS; + fn ZwQueryValueKey( + KeyHandle: HANDLE, + ValueName: PUNICODE_STRING, + KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, + KeyValueInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + fn ZwQueryVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + MemoryInformationClass: MEMORY_INFORMATION_CLASS, + MemoryInformation: PVOID, + MemoryInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + fn ZwQueryVolumeInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FsInformation: PVOID, + Length: ULONG, + FsInformationClass: FS_INFORMATION_CLASS, + ) -> NTSTATUS; + fn ZwQueryWnfStateData( + StateName: PCWNF_STATE_NAME, + TypeId: PCWNF_TYPE_ID, + ExplicitScope: *const VOID, + ChangeStamp: PWNF_CHANGE_STAMP, + Buffer: PVOID, + BufferSize: PULONG, + ) -> NTSTATUS; + fn ZwQueryWnfStateNameInformation( + StateName: PCWNF_STATE_NAME, + NameInfoClass: WNF_STATE_NAME_INFORMATION, + ExplicitScope: *const VOID, + InfoBuffer: PVOID, + InfoBufferSize: ULONG, + ) -> NTSTATUS; + fn ZwQueueApcThread( + ThreadHandle: HANDLE, + ApcRoutine: PPS_APC_ROUTINE, + ApcArgument1: PVOID, + ApcArgument2: PVOID, + ApcArgument3: PVOID, + ) -> NTSTATUS; + fn ZwQueueApcThreadEx( + ThreadHandle: HANDLE, + UserApcReserveHandle: HANDLE, + ApcRoutine: PPS_APC_ROUTINE, + ApcArgument1: PVOID, + ApcArgument2: PVOID, + ApcArgument3: PVOID, + ) -> NTSTATUS; + fn ZwRaiseException( + ExceptionRecord: PEXCEPTION_RECORD, + ContextRecord: PCONTEXT, + FirstChance: BOOLEAN, + ) -> NTSTATUS; + fn ZwRaiseHardError( + ErrorStatus: NTSTATUS, + NumberOfParameters: ULONG, + UnicodeStringParameterMask: ULONG, + Parameters: PULONG_PTR, + ValidResponseOptions: ULONG, + Response: PULONG, + ) -> NTSTATUS; + fn ZwReadFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + fn ZwReadFileScatter( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + SegmentArray: PFILE_SEGMENT_ELEMENT, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + fn ZwReadOnlyEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwReadRequestData( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + DataEntryIndex: ULONG, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesRead: PSIZE_T, + ) -> NTSTATUS; + fn ZwReadVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesRead: PSIZE_T, + ) -> NTSTATUS; + fn ZwRecoverEnlistment( + EnlistmentHandle: HANDLE, + EnlistmentKey: PVOID, + ) -> NTSTATUS; + fn ZwRecoverResourceManager( + ResourceManagerHandle: HANDLE, + ) -> NTSTATUS; + fn ZwRecoverTransactionManager( + TransactionManagerHandle: HANDLE, + ) -> NTSTATUS; + fn ZwRegisterProtocolAddressInformation( + ResourceManager: HANDLE, + ProtocolId: PCRM_PROTOCOL_ID, + ProtocolInformationSize: ULONG, + ProtocolInformation: PVOID, + CreateOptions: ULONG, + ) -> NTSTATUS; + fn ZwRegisterThreadTerminatePort( + PortHandle: HANDLE, + ) -> NTSTATUS; + fn ZwReleaseCMFViewOwnership() -> NTSTATUS; + fn ZwReleaseKeyedEvent( + KeyedEventHandle: HANDLE, + KeyValue: PVOID, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwReleaseMutant( + MutantHandle: HANDLE, + PreviousCount: PLONG, + ) -> NTSTATUS; + fn ZwReleaseSemaphore( + SemaphoreHandle: HANDLE, + ReleaseCount: LONG, + PreviousCount: PLONG, + ) -> NTSTATUS; + fn ZwReleaseWorkerFactoryWorker( + WorkerFactoryHandle: HANDLE, + ) -> NTSTATUS; + fn ZwRemoveIoCompletion( + IoCompletionHandle: HANDLE, + KeyContext: *mut PVOID, + ApcContext: *mut PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwRemoveIoCompletionEx( + IoCompletionHandle: HANDLE, + IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION, + Count: ULONG, + NumEntriesRemoved: PULONG, + Timeout: PLARGE_INTEGER, + Alertable: BOOLEAN, + ) -> NTSTATUS; + fn ZwRemoveProcessDebug( + ProcessHandle: HANDLE, + DebugObjectHandle: HANDLE, + ) -> NTSTATUS; + fn ZwRenameKey( + KeyHandle: HANDLE, + NewName: PUNICODE_STRING, + ) -> NTSTATUS; + fn ZwRenameTransactionManager( + LogFileName: PUNICODE_STRING, + ExistingTransactionManagerGuid: LPGUID, + ) -> NTSTATUS; + fn ZwReplaceKey( + NewFile: POBJECT_ATTRIBUTES, + TargetHandle: HANDLE, + OldFile: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwReplacePartitionUnit( + TargetInstancePath: PUNICODE_STRING, + SpareInstancePath: PUNICODE_STRING, + Flags: ULONG, + ) -> NTSTATUS; + fn ZwReplyPort( + PortHandle: HANDLE, + ReplyMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + fn ZwReplyWaitReceivePort( + PortHandle: HANDLE, + PortContext: *mut PVOID, + ReplyMessage: PPORT_MESSAGE, + ReceiveMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + fn ZwReplyWaitReceivePortEx( + PortHandle: HANDLE, + PortContext: *mut PVOID, + ReplyMessage: PPORT_MESSAGE, + ReceiveMessage: PPORT_MESSAGE, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwReplyWaitReplyPort( + PortHandle: HANDLE, + ReplyMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + fn ZwRequestPort( + PortHandle: HANDLE, + RequestMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + fn ZwRequestWaitReplyPort( + PortHandle: HANDLE, + RequestMessage: PPORT_MESSAGE, + ReplyMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + fn ZwRequestWakeupLatency( + latency: LATENCY_TIME, + ) -> NTSTATUS; + fn ZwResetEvent( + EventHandle: HANDLE, + PreviousState: PLONG, + ) -> NTSTATUS; + fn ZwResetWriteWatch( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + RegionSize: SIZE_T, + ) -> NTSTATUS; + fn ZwRestoreKey( + KeyHandle: HANDLE, + FileHandle: HANDLE, + Flags: ULONG, + ) -> NTSTATUS; + fn ZwResumeProcess( + ProcessHandle: HANDLE, + ) -> NTSTATUS; + fn ZwResumeThread( + ThreadHandle: HANDLE, + PreviousSuspendCount: PULONG, + ) -> NTSTATUS; + fn ZwRevertContainerImpersonation() -> NTSTATUS; + fn ZwRollbackComplete( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwRollbackEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwRollbackTransaction( + TransactionHandle: HANDLE, + Wait: BOOLEAN, + ) -> NTSTATUS; + fn ZwRollforwardTransactionManager( + TransactionManagerHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwSaveKey( + KeyHandle: HANDLE, + FileHandle: HANDLE, + ) -> NTSTATUS; + fn ZwSaveKeyEx( + KeyHandle: HANDLE, + FileHandle: HANDLE, + Format: ULONG, + ) -> NTSTATUS; + fn ZwSaveMergedKeys( + HighPrecedenceKeyHandle: HANDLE, + LowPrecedenceKeyHandle: HANDLE, + FileHandle: HANDLE, + ) -> NTSTATUS; + fn ZwSecureConnectPort( + PortHandle: PHANDLE, + PortName: PUNICODE_STRING, + SecurityQos: PSECURITY_QUALITY_OF_SERVICE, + ClientView: PPORT_VIEW, + RequiredServerSid: PSID, + ServerView: PREMOTE_PORT_VIEW, + MaxMessageLength: PULONG, + ConnectionInformation: PVOID, + ConnectionInformationLength: PULONG, + ) -> NTSTATUS; + fn ZwSerializeBoot() -> NTSTATUS; + fn ZwSetBootEntryOrder( + Ids: PULONG, + Count: ULONG, + ) -> NTSTATUS; + fn ZwSetBootOptions( + BootOptions: PBOOT_OPTIONS, + FieldsToChange: ULONG, + ) -> NTSTATUS; + fn ZwSetCachedSigningLevel( + Flags: ULONG, + InputSigningLevel: SE_SIGNING_LEVEL, + SourceFiles: PHANDLE, + SourceFileCount: ULONG, + TargetFile: HANDLE, + ) -> NTSTATUS; + fn ZwSetContextThread( + ThreadHandle: HANDLE, + ThreadContext: PCONTEXT, + ) -> NTSTATUS; + fn ZwSetDebugFilterState( + ComponentId: ULONG, + Level: ULONG, + State: BOOLEAN, + ) -> NTSTATUS; + fn ZwSetDefaultHardErrorPort( + DefaultHardErrorPort: HANDLE, + ) -> NTSTATUS; + fn ZwSetDefaultLocale( + UserProfile: BOOLEAN, + DefaultLocaleId: LCID, + ) -> NTSTATUS; + fn ZwSetDefaultUILanguage( + DefaultUILanguageId: LANGID, + ) -> NTSTATUS; + fn ZwSetDriverEntryOrder( + Ids: PULONG, + Count: ULONG, + ) -> NTSTATUS; + fn ZwSetEaFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ) -> NTSTATUS; + fn ZwSetEvent( + EventHandle: HANDLE, + PreviousState: PLONG, + ) -> NTSTATUS; + fn ZwSetEventBoostPriority( + EventHandle: HANDLE, + ) -> NTSTATUS; + fn ZwSetHighEventPair( + EventPairHandle: HANDLE, + ) -> NTSTATUS; + fn ZwSetHighWaitLowEventPair( + EventPairHandle: HANDLE, + ) -> NTSTATUS; + fn ZwSetIRTimer( + TimerHandle: HANDLE, + DueTime: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwSetInformationDebugObject( + DebugObjectHandle: HANDLE, + DebugObjectInformationClass: DEBUGOBJECTINFOCLASS, + DebugInformation: PVOID, + DebugInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwSetInformationEnlistment( + EnlistmentHandle: HANDLE, + EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, + EnlistmentInformation: PVOID, + EnlistmentInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ) -> NTSTATUS; + fn ZwSetInformationJobObject( + JobHandle: HANDLE, + JobObjectInformationClass: JOBOBJECTINFOCLASS, + JobObjectInformation: PVOID, + JobObjectInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetInformationKey( + KeyHandle: HANDLE, + KeySetInformationClass: KEY_SET_INFORMATION_CLASS, + KeySetInformation: PVOID, + KeySetInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetInformationObject( + Handle: HANDLE, + ObjectInformationClass: OBJECT_INFORMATION_CLASS, + ObjectInformation: PVOID, + ObjectInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetInformationProcess( + ProcessHandle: HANDLE, + ProcessInformationClass: PROCESSINFOCLASS, + ProcessInformation: PVOID, + ProcessInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetInformationResourceManager( + ResourceManagerHandle: HANDLE, + ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, + ResourceManagerInformation: PVOID, + ResourceManagerInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetInformationThread( + ThreadHandle: HANDLE, + ThreadInformationClass: THREADINFOCLASS, + ThreadInformation: PVOID, + ThreadInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetInformationToken( + TokenHandle: HANDLE, + TokenInformationClass: TOKEN_INFORMATION_CLASS, + TokenInformation: PVOID, + TokenInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetInformationTransaction( + TransactionHandle: HANDLE, + TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, + TransactionInformation: PVOID, + TransactionInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetInformationTransactionManager( + TmHandle: HANDLE, + TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, + TransactionManagerInformation: PVOID, + TransactionManagerInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetInformationVirtualMemory( + ProcessHandle: HANDLE, + VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS, + NumberOfEntries: ULONG_PTR, + VirtualAddresses: PMEMORY_RANGE_ENTRY, + VmInformation: PVOID, + VmInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetInformationWorkerFactory( + WorkerFactoryHandle: HANDLE, + WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, + WorkerFactoryInformation: PVOID, + WorkerFactoryInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetIntervalProfile( + Interval: ULONG, + Source: KPROFILE_SOURCE, + ) -> NTSTATUS; + fn ZwSetIoCompletion( + IoCompletionHandle: HANDLE, + KeyContext: PVOID, + ApcContext: PVOID, + IoStatus: NTSTATUS, + IoStatusInformation: ULONG_PTR, + ) -> NTSTATUS; + fn ZwSetIoCompletionEx( + IoCompletionHandle: HANDLE, + IoCompletionPacketHandle: HANDLE, + KeyContext: PVOID, + ApcContext: PVOID, + IoStatus: NTSTATUS, + IoStatusInformation: ULONG_PTR, + ) -> NTSTATUS; + fn ZwSetLdtEntries( + Selector0: ULONG, + Entry0Low: ULONG, + Entry0Hi: ULONG, + Selector1: ULONG, + Entry1Low: ULONG, + Entry1Hi: ULONG, + ) -> NTSTATUS; + fn ZwSetLowEventPair( + EventPairHandle: HANDLE, + ) -> NTSTATUS; + fn ZwSetLowWaitHighEventPair( + EventPairHandle: HANDLE, + ) -> NTSTATUS; + fn ZwSetQuotaInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ) -> NTSTATUS; + fn ZwSetSecurityObject( + Handle: HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + fn ZwSetSystemEnvironmentValue( + VariableName: PUNICODE_STRING, + VariableValue: PUNICODE_STRING, + ) -> NTSTATUS; + fn ZwSetSystemEnvironmentValueEx( + VariableName: PUNICODE_STRING, + VendorGuid: LPGUID, + Value: PVOID, + ValueLength: ULONG, + Attributes: ULONG, + ) -> NTSTATUS; + fn ZwSetSystemInformation( + SystemInformationClass: SYSTEM_INFORMATION_CLASS, + SystemInformation: PVOID, + SystemInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetSystemPowerState( + SystemAction: POWER_ACTION, + LightestSystemState: SYSTEM_POWER_STATE, + Flags: ULONG, + ) -> NTSTATUS; + fn ZwSetSystemTime( + SystemTime: PLARGE_INTEGER, + PreviousTime: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwSetThreadExecutionState( + NewFlags: EXECUTION_STATE, + PreviousFlags: *mut EXECUTION_STATE, + ) -> NTSTATUS; + fn ZwSetTimer( + TimerHandle: HANDLE, + DueTime: PLARGE_INTEGER, + TimerApcRoutine: PTIMER_APC_ROUTINE, + TimerContext: PVOID, + ResumeTimer: BOOLEAN, + Period: LONG, + PreviousState: PBOOLEAN, + ) -> NTSTATUS; + fn ZwSetTimer2( + TimerHandle: HANDLE, + DueTime: PLARGE_INTEGER, + Period: PLARGE_INTEGER, + Parameters: PT2_SET_PARAMETERS, + ) -> NTSTATUS; + fn ZwSetTimerEx( + TimerHandle: HANDLE, + TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS, + TimerSetInformation: PVOID, + TimerSetInformationLength: ULONG, + ) -> NTSTATUS; + fn ZwSetTimerResolution( + DesiredTime: ULONG, + SetResolution: BOOLEAN, + ActualTime: PULONG, + ) -> NTSTATUS; + fn ZwSetUuidSeed( + Seed: PCHAR, + ) -> NTSTATUS; + fn ZwSetValueKey( + KeyHandle: HANDLE, + ValueName: PUNICODE_STRING, + TitleIndex: ULONG, + Type: ULONG, + Data: PVOID, + DataSize: ULONG, + ) -> NTSTATUS; + fn ZwSetVolumeInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FsInformation: PVOID, + Length: ULONG, + FsInformationClass: FS_INFORMATION_CLASS, + ) -> NTSTATUS; + fn ZwSetWnfProcessNotificationEvent( + NotificationEvent: HANDLE, + ) -> NTSTATUS; + fn ZwShutdownSystem( + Action: SHUTDOWN_ACTION, + ) -> NTSTATUS; + fn ZwShutdownWorkerFactory( + WorkerFactoryHandle: HANDLE, + PendingWorkerCount: *mut LONG, + ) -> NTSTATUS; + fn ZwSignalAndWaitForSingleObject( + SignalHandle: HANDLE, + WaitHandle: HANDLE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwSinglePhaseReject( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwStartProfile( + ProfileHandle: HANDLE, + ) -> NTSTATUS; + fn ZwStopProfile( + ProfileHandle: HANDLE, + ) -> NTSTATUS; + fn ZwSubscribeWnfStateChange( + StateName: PCWNF_STATE_NAME, + ChangeStamp: WNF_CHANGE_STAMP, + EventMask: ULONG, + SubscriptionId: PULONG64, + ) -> NTSTATUS; + fn ZwSuspendProcess( + ProcessHandle: HANDLE, + ) -> NTSTATUS; + fn ZwSuspendThread( + ThreadHandle: HANDLE, + PreviousSuspendCount: PULONG, + ) -> NTSTATUS; + fn ZwSystemDebugControl( + Command: SYSDBG_COMMAND, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwTerminateJobObject( + JobHandle: HANDLE, + ExitStatus: NTSTATUS, + ) -> NTSTATUS; + fn ZwTerminateProcess( + ProcessHandle: HANDLE, + ExitStatus: NTSTATUS, + ) -> NTSTATUS; + fn ZwTerminateThread( + ThreadHandle: HANDLE, + ExitStatus: NTSTATUS, + ) -> NTSTATUS; + fn ZwTestAlert() -> NTSTATUS; + fn ZwThawRegistry() -> NTSTATUS; + fn ZwThawTransactions() -> NTSTATUS; + fn ZwTraceControl( + FunctionCode: ULONG, + InBuffer: PVOID, + InBufferLen: ULONG, + OutBuffer: PVOID, + OutBufferLen: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + fn ZwTraceEvent( + TraceHandle: HANDLE, + Flags: ULONG, + FieldSize: ULONG, + Fields: PVOID, + ) -> NTSTATUS; + fn ZwTranslateFilePath( + InputFilePath: PFILE_PATH, + OutputType: ULONG, + OutputFilePath: PFILE_PATH, + OutputFilePathLength: PULONG, + ) -> NTSTATUS; + fn ZwUmsThreadYield( + SchedulerParam: PVOID, + ) -> NTSTATUS; + fn ZwUnloadDriver( + DriverServiceName: PUNICODE_STRING, + ) -> NTSTATUS; + fn ZwUnloadKey( + TargetKey: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + fn ZwUnloadKey2( + TargetKey: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + fn ZwUnloadKeyEx( + TargetKey: POBJECT_ATTRIBUTES, + Event: HANDLE, + ) -> NTSTATUS; + fn ZwUnlockFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + ByteOffset: PLARGE_INTEGER, + Length: PLARGE_INTEGER, + Key: ULONG, + ) -> NTSTATUS; + fn ZwUnlockVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + MapType: ULONG, + ) -> NTSTATUS; + fn ZwUnmapViewOfSection( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + ) -> NTSTATUS; + fn ZwUnmapViewOfSectionEx( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Flags: ULONG, + ) -> NTSTATUS; + fn ZwUnsubscribeWnfStateChange( + StateName: PCWNF_STATE_NAME, + ) -> NTSTATUS; + fn ZwUpdateWnfStateData( + StateName: PCWNF_STATE_NAME, + Buffer: *const VOID, + Length: ULONG, + TypeId: PCWNF_TYPE_ID, + ExplicitScope: *const VOID, + MatchingChangeStamp: WNF_CHANGE_STAMP, + CheckStamp: LOGICAL, + ) -> NTSTATUS; + fn ZwVdmControl( + Service: VDMSERVICECLASS, + ServiceData: PVOID, + ) -> NTSTATUS; + fn ZwWaitForAlertByThreadId( + Address: PVOID, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwWaitForDebugEvent( + DebugObjectHandle: HANDLE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + WaitStateChange: PVOID, + ) -> NTSTATUS; + fn ZwWaitForKeyedEvent( + KeyedEventHandle: HANDLE, + KeyValue: PVOID, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwWaitForMultipleObjects( + Count: ULONG, + Handles: *mut HANDLE, + WaitType: WAIT_TYPE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwWaitForMultipleObjects32( + Count: ULONG, + Handles: *mut LONG, + WaitType: WAIT_TYPE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwWaitForSingleObject( + Handle: HANDLE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + fn ZwWaitForWorkViaWorkerFactory( + WorkerFactoryHandle: HANDLE, + MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION, + ) -> NTSTATUS; + fn ZwWaitHighEventPair( + EventPairHandle: HANDLE, + ) -> NTSTATUS; + fn ZwWaitLowEventPair( + EventPairHandle: HANDLE, + ) -> NTSTATUS; + fn ZwWorkerFactoryWorkerReady( + WorkerFactoryHandle: HANDLE, + ) -> NTSTATUS; + fn ZwWriteFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + fn ZwWriteFileGather( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + SegmentArray: PFILE_SEGMENT_ELEMENT, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + fn ZwWriteRequestData( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + DataEntryIndex: ULONG, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesWritten: PSIZE_T, + ) -> NTSTATUS; + fn ZwWriteVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesWritten: PSIZE_T, + ) -> NTSTATUS; + fn ZwYieldExecution() -> NTSTATUS; +}} diff --git a/vendor/ntapi/src/string.rs b/vendor/ntapi/src/string.rs new file mode 100644 index 000000000..32bfa5024 --- /dev/null +++ b/vendor/ntapi/src/string.rs @@ -0,0 +1,58 @@ +/// A wrapper over UTF16 string constants. +pub struct UTF16Const(pub &'static [u16]); +impl UTF16Const { + #[inline] + pub fn as_ptr(&self) -> *const u16 { + self.0.as_ptr() + } + #[inline] + pub fn as_mut_ptr(&self) -> *mut u16 { + self.0.as_ptr() as *mut u16 + } + #[inline] + pub fn len(&self) -> usize { + self.0.len() - 1 + } +} +impl AsRef<[u16]> for UTF16Const { + #[inline] + fn as_ref(&self) -> &[u16] { + &self.0[..self.len()] + } +} +impl Copy for UTF16Const {} +impl Clone for UTF16Const { + #[inline] + fn clone(&self) -> UTF16Const { *self } +} +/// A wrapper over UTF8 string constants. +pub struct UTF8Const(pub &'static str); +impl UTF8Const { + #[inline] + pub fn as_ptr(&self) -> *const i8 { + self.0.as_ptr() as *const i8 + } + #[inline] + pub fn as_mut_ptr(&self) -> *mut i8 { + self.0.as_ptr() as *mut i8 + } + #[inline] + pub fn len(&self) -> usize { + self.0.len() - 1 + } + #[inline] + pub fn as_str(&self) -> &str { + &self.0[..self.len()] + } +} +impl AsRef<str> for UTF8Const { + #[inline] + fn as_ref(&self) -> &str { + &self.0[..self.len()] + } +} +impl Copy for UTF8Const {} +impl Clone for UTF8Const { + #[inline] + fn clone(&self) -> UTF8Const { *self } +} diff --git a/vendor/ntapi/src/subprocesstag.rs b/vendor/ntapi/src/subprocesstag.rs new file mode 100644 index 000000000..7c8d17ce4 --- /dev/null +++ b/vendor/ntapi/src/subprocesstag.rs @@ -0,0 +1,77 @@ +use winapi::shared::minwindef::DWORD; +use winapi::shared::ntdef::{LPCWSTR, LPWSTR, PVOID}; +ENUM!{enum TAG_INFO_LEVEL { + eTagInfoLevelNameFromTag = 1, + eTagInfoLevelNamesReferencingModule = 2, + eTagInfoLevelNameTagMapping = 3, + eTagInfoLevelMax = 4, +}} +ENUM!{enum TAG_TYPE { + eTagTypeService = 1, + eTagTypeMax = 2, +}} +STRUCT!{struct TAG_INFO_NAME_FROM_TAG_IN_PARAMS { + dwPid: DWORD, + dwTag: DWORD, +}} +pub type PTAG_INFO_NAME_FROM_TAG_IN_PARAMS = *mut TAG_INFO_NAME_FROM_TAG_IN_PARAMS; +STRUCT!{struct TAG_INFO_NAME_FROM_TAG_OUT_PARAMS { + eTagType: DWORD, + pszName: LPWSTR, +}} +pub type PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS = *mut TAG_INFO_NAME_FROM_TAG_OUT_PARAMS; +STRUCT!{struct TAG_INFO_NAME_FROM_TAG { + InParams: TAG_INFO_NAME_FROM_TAG_IN_PARAMS, + OutParams: TAG_INFO_NAME_FROM_TAG_OUT_PARAMS, +}} +pub type PTAG_INFO_NAME_FROM_TAG = *mut TAG_INFO_NAME_FROM_TAG; +STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS { + dwPid: DWORD, + pszModule: LPWSTR, +}} +pub type PTAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS = + *mut TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS; +STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS { + eTagType: DWORD, + pmszNames: LPWSTR, +}} +pub type PTAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS = + *mut TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS; +STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE { + InParams: TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS, + OutParams: TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS, +}} +pub type PTAG_INFO_NAMES_REFERENCING_MODULE = *mut TAG_INFO_NAMES_REFERENCING_MODULE; +STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS { + dwPid: DWORD, +}} +pub type PTAG_INFO_NAME_TAG_MAPPING_IN_PARAMS = *mut TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS; +STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_ELEMENT { + eTagType: DWORD, + dwTag: DWORD, + pszName: LPWSTR, + pszGroupName: LPWSTR, +}} +pub type PTAG_INFO_NAME_TAG_MAPPING_ELEMENT = *mut TAG_INFO_NAME_TAG_MAPPING_ELEMENT; +STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS { + cElements: DWORD, + pNameTagMappingElements: PTAG_INFO_NAME_TAG_MAPPING_ELEMENT, +}} +pub type PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS = *mut TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS; +STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING { + InParams: TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS, + pOutParams: PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS, +}} +pub type PTAG_INFO_NAME_TAG_MAPPING = *mut TAG_INFO_NAME_TAG_MAPPING; +EXTERN!{extern "system" { + fn I_QueryTagInformation( + pszMachineName: LPCWSTR, + eInfoLevel: TAG_INFO_LEVEL, + pTagInfo: PVOID, + ) -> DWORD; +}} +FN!{stdcall PQUERY_TAG_INFORMATION( + pszMachineName: LPCWSTR, + eInfoLevel: TAG_INFO_LEVEL, + pTagInfo: PVOID, +) -> DWORD} diff --git a/vendor/ntapi/src/winapi_local.rs b/vendor/ntapi/src/winapi_local.rs new file mode 100644 index 000000000..2aa6fdd1e --- /dev/null +++ b/vendor/ntapi/src/winapi_local.rs @@ -0,0 +1 @@ +pub mod um; diff --git a/vendor/ntapi/src/winapi_local/um.rs b/vendor/ntapi/src/winapi_local/um.rs new file mode 100644 index 000000000..5f862d511 --- /dev/null +++ b/vendor/ntapi/src/winapi_local/um.rs @@ -0,0 +1,2 @@ +pub(crate) mod winioctl; +pub mod winnt; diff --git a/vendor/ntapi/src/winapi_local/um/winioctl.rs b/vendor/ntapi/src/winapi_local/um/winioctl.rs new file mode 100644 index 000000000..da490269a --- /dev/null +++ b/vendor/ntapi/src/winapi_local/um/winioctl.rs @@ -0,0 +1,4 @@ +#[inline] +pub(crate) const fn CTL_CODE(DeviceType: u32, Function: u32, Method: u32, Access: u32) -> u32 { + (DeviceType << 16) | (Access << 14) | (Function << 2) | Method +} diff --git a/vendor/ntapi/src/winapi_local/um/winnt.rs b/vendor/ntapi/src/winapi_local/um/winnt.rs new file mode 100644 index 000000000..5c4f7b2fb --- /dev/null +++ b/vendor/ntapi/src/winapi_local/um/winnt.rs @@ -0,0 +1,86 @@ +#[cfg(all(feature = "beta", not(target_arch = "aarch64")))] +use core::arch::asm; +use winapi::shared::basetsd::{DWORD64, SIZE_T, ULONG64}; +use winapi::shared::minwindef::DWORD; +use winapi::um::winnt::{HANDLE, PVOID}; +#[doc(hidden)] +#[inline] +pub const fn UInt32x32To64(a: u32, b: u32) -> u64 { + a as u64 * b as u64 +} +#[cfg(all(feature = "beta", not(target_arch = "aarch64")))] +IFDEF!{ +use crate::ntpebteb::TEB; +#[inline] +#[cfg(target_pointer_width = "64")] +pub unsafe fn _bittest64(Base: *const i64, Offset: i64) -> u8 { + let out: u8; + asm!( + "bt {1}, {2}", + "setb {0}", + out(reg_byte) out, + in(reg) Base, + in(reg) Offset, + options(nostack, pure, readonly), + ); + out +} +#[inline] +pub unsafe fn __readfsdword(Offset: DWORD) -> DWORD { + let out: u32; + asm!( + "mov {:e}, fs:[{:e}]", + lateout(reg) out, + in(reg) Offset, + options(nostack, pure, readonly), + ); + out +} +#[inline] +#[cfg(target_pointer_width = "64")] +pub unsafe fn __readgsqword(Offset: DWORD) -> DWORD64 { + let out: u64; + asm!( + "mov {}, gs:[{:e}]", + lateout(reg) out, + in(reg) Offset, + options(nostack, pure, readonly), + ); + out +} +#[inline] #[allow(unused_unsafe)] +pub unsafe fn NtCurrentTeb() -> *mut TEB { + use winapi::um::winnt::NT_TIB; + let teb_offset = FIELD_OFFSET!(NT_TIB, _Self) as u32; + #[cfg(target_arch = "x86_64")] { + __readgsqword(teb_offset) as *mut TEB + } + #[cfg(target_arch = "x86")] { + __readfsdword(teb_offset) as *mut TEB + } +} +} +ENUM!{enum MEM_EXTENDED_PARAMETER_TYPE { + MemExtendedParameterInvalidType = 0, + MemExtendedParameterAddressRequirements = 1, + MemExtendedParameterNumaNode = 2, + MemExtendedParameterPartitionHandle = 3, + MemExtendedParameterMax = 4, +}} +pub type PMEM_EXTENDED_PARAMETER_TYPE = *mut MEM_EXTENDED_PARAMETER_TYPE; +UNION!{union MEM_EXTENDED_PARAMETER_u { + ULong64: DWORD64, + Pointer: PVOID, + Size: SIZE_T, + Handle: HANDLE, + ULong: DWORD, +}} +STRUCT!{struct MEM_EXTENDED_PARAMETER { + BitFields: ULONG64, + u: MEM_EXTENDED_PARAMETER_u, +}} +BITFIELD!{MEM_EXTENDED_PARAMETER BitFields: ULONG64 [ + Type set_Type[0..8], + Reserved set_Reserved[8..64], +]} +pub type PMEM_EXTENDED_PARAMETER = *mut MEM_EXTENDED_PARAMETER; diff --git a/vendor/ntapi/src/winsta.rs b/vendor/ntapi/src/winsta.rs new file mode 100644 index 000000000..162316d06 --- /dev/null +++ b/vendor/ntapi/src/winsta.rs @@ -0,0 +1,848 @@ +use core::ptr::null_mut; +use crate::ntrtl::RTL_TIME_ZONE_INFORMATION; +use winapi::shared::basetsd::SIZE_T; +use winapi::shared::minwindef::{BYTE, DWORD, FILETIME}; +use winapi::shared::ntdef::{ + BOOLEAN, CHAR, HANDLE, LARGE_INTEGER, LONG, PULONG, PVOID, PWSTR, UCHAR, ULONG, UNICODE_STRING, + USHORT, WCHAR, +}; +use winapi::shared::windef::HWND; +use winapi::um::winnt::{PSID, STANDARD_RIGHTS_REQUIRED}; +pub const WINSTATION_QUERY: u32 = 0x00000001; +pub const WINSTATION_SET: u32 = 0x00000002; +pub const WINSTATION_RESET: u32 = 0x00000004; +pub const WINSTATION_VIRTUAL: u32 = 0x00000008; +pub const WINSTATION_SHADOW: u32 = 0x00000010; +pub const WINSTATION_LOGON: u32 = 0x00000020; +pub const WINSTATION_LOGOFF: u32 = 0x00000040; +pub const WINSTATION_MSG: u32 = 0x00000080; +pub const WINSTATION_CONNECT: u32 = 0x00000100; +pub const WINSTATION_DISCONNECT: u32 = 0x00000200; +pub const WINSTATION_GUEST_ACCESS: u32 = WINSTATION_LOGON; +pub const WINSTATION_CURRENT_GUEST_ACCESS: u32 = WINSTATION_VIRTUAL | WINSTATION_LOGOFF; +pub const WINSTATION_USER_ACCESS: u32 = + WINSTATION_GUEST_ACCESS | WINSTATION_QUERY | WINSTATION_CONNECT; +pub const WINSTATION_CURRENT_USER_ACCESS: u32 = WINSTATION_SET | WINSTATION_RESET + | WINSTATION_VIRTUAL | WINSTATION_LOGOFF | WINSTATION_DISCONNECT; +pub const WINSTATION_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | WINSTATION_QUERY | WINSTATION_SET + | WINSTATION_RESET | WINSTATION_VIRTUAL | WINSTATION_SHADOW | WINSTATION_LOGON | WINSTATION_MSG + | WINSTATION_CONNECT | WINSTATION_DISCONNECT; +pub const WDPREFIX_LENGTH: usize = 12; +pub const CALLBACK_LENGTH: usize = 50; +pub const DLLNAME_LENGTH: usize = 32; +pub const CDNAME_LENGTH: usize = 32; +pub const WDNAME_LENGTH: usize = 32; +pub const PDNAME_LENGTH: usize = 32; +pub const DEVICENAME_LENGTH: usize = 128; +pub const MODEMNAME_LENGTH: usize = DEVICENAME_LENGTH; +pub const STACK_ADDRESS_LENGTH: usize = 128; +pub const MAX_BR_NAME: usize = 65; +pub const DIRECTORY_LENGTH: usize = 256; +pub const INITIALPROGRAM_LENGTH: usize = 256; +pub const USERNAME_LENGTH: usize = 20; +pub const DOMAIN_LENGTH: usize = 17; +pub const PASSWORD_LENGTH: usize = 14; +pub const NASISPECIFICNAME_LENGTH: usize = 14; +pub const NASIUSERNAME_LENGTH: usize = 47; +pub const NASIPASSWORD_LENGTH: usize = 24; +pub const NASISESSIONNAME_LENGTH: usize = 16; +pub const NASIFILESERVER_LENGTH: usize = 47; +pub const CLIENTDATANAME_LENGTH: usize = 7; +pub const CLIENTNAME_LENGTH: usize = 20; +pub const CLIENTADDRESS_LENGTH: usize = 30; +pub const IMEFILENAME_LENGTH: usize = 32; +pub const CLIENTLICENSE_LENGTH: usize = 32; +pub const CLIENTMODEM_LENGTH: usize = 40; +pub const CLIENT_PRODUCT_ID_LENGTH: usize = 32; +pub const MAX_COUNTER_EXTENSIONS: u32 = 2; +pub const WINSTATIONNAME_LENGTH: usize = 32; +pub const TERMSRV_TOTAL_SESSIONS: u32 = 1; +pub const TERMSRV_DISC_SESSIONS: u32 = 2; +pub const TERMSRV_RECON_SESSIONS: u32 = 3; +pub const TERMSRV_CURRENT_ACTIVE_SESSIONS: u32 = 4; +pub const TERMSRV_CURRENT_DISC_SESSIONS: u32 = 5; +pub const TERMSRV_PENDING_SESSIONS: u32 = 6; +pub const TERMSRV_SUCC_TOTAL_LOGONS: u32 = 7; +pub const TERMSRV_SUCC_LOCAL_LOGONS: u32 = 8; +pub const TERMSRV_SUCC_REMOTE_LOGONS: u32 = 9; +pub const TERMSRV_SUCC_SESSION0_LOGONS: u32 = 10; +pub const TERMSRV_CURRENT_TERMINATING_SESSIONS: u32 = 11; +pub const TERMSRV_CURRENT_LOGGEDON_SESSIONS: u32 = 12; +pub type PTS_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION; +pub type TS_TIME_ZONE_INFORMATION = RTL_TIME_ZONE_INFORMATION; +pub type WINSTATIONNAME = [WCHAR; WINSTATIONNAME_LENGTH + 1]; +STRUCT!{struct VARDATA_WIRE { + Size: USHORT, + Offset: USHORT, +}} +pub type PVARDATA_WIRE = *mut VARDATA_WIRE; +ENUM!{enum WINSTATIONSTATECLASS { + State_Active = 0, + State_Connected = 1, + State_ConnectQuery = 2, + State_Shadow = 3, + State_Disconnected = 4, + State_Idle = 5, + State_Listen = 6, + State_Reset = 7, + State_Down = 8, + State_Init = 9, +}} +UNION!{union SESSIONIDW_u { + SessionId: ULONG, + LogonId: ULONG, +}} +STRUCT!{struct SESSIONIDW { + u: SESSIONIDW_u, + WinStationName: WINSTATIONNAME, + State: WINSTATIONSTATECLASS, +}} +pub type PSESSIONIDW = *mut SESSIONIDW; +ENUM!{enum WINSTATIONINFOCLASS { + WinStationCreateData = 0, + WinStationConfiguration = 1, + WinStationPdParams = 2, + WinStationWd = 3, + WinStationPd = 4, + WinStationPrinter = 5, + WinStationClient = 6, + WinStationModules = 7, + WinStationInformation = 8, + WinStationTrace = 9, + WinStationBeep = 10, + WinStationEncryptionOff = 11, + WinStationEncryptionPerm = 12, + WinStationNtSecurity = 13, + WinStationUserToken = 14, + WinStationUnused1 = 15, + WinStationVideoData = 16, + WinStationInitialProgram = 17, + WinStationCd = 18, + WinStationSystemTrace = 19, + WinStationVirtualData = 20, + WinStationClientData = 21, + WinStationSecureDesktopEnter = 22, + WinStationSecureDesktopExit = 23, + WinStationLoadBalanceSessionTarget = 24, + WinStationLoadIndicator = 25, + WinStationShadowInfo = 26, + WinStationDigProductId = 27, + WinStationLockedState = 28, + WinStationRemoteAddress = 29, + WinStationIdleTime = 30, + WinStationLastReconnectType = 31, + WinStationDisallowAutoReconnect = 32, + WinStationMprNotifyInfo = 33, + WinStationExecSrvSystemPipe = 34, + WinStationSmartCardAutoLogon = 35, + WinStationIsAdminLoggedOn = 36, + WinStationReconnectedFromId = 37, + WinStationEffectsPolicy = 38, + WinStationType = 39, + WinStationInformationEx = 40, + WinStationValidationInfo = 41, +}} +STRUCT!{struct WINSTATIONCREATE { + Bitfields: ULONG, + MaxInstanceCount: ULONG, +}} +BITFIELD!{WINSTATIONCREATE Bitfields: ULONG [ + fEnableWinStation set_fEnableWinStation[0..1], +]} +pub type PWINSTATIONCREATE = *mut WINSTATIONCREATE; +STRUCT!{struct WINSTACONFIGWIRE { + Comment: [WCHAR; 61], + OEMId: [CHAR; 4], + UserConfig: VARDATA_WIRE, + NewFields: VARDATA_WIRE, +}} +pub type PWINSTACONFIGWIRE = *mut WINSTACONFIGWIRE; +ENUM!{enum CALLBACKCLASS { + Callback_Disable = 0, + Callback_Roving = 1, + Callback_Fixed = 2, +}} +ENUM!{enum SHADOWCLASS { + Shadow_Disable = 0, + Shadow_EnableInputNotify = 1, + Shadow_EnableInputNoNotify = 2, + Shadow_EnableNoInputNotify = 3, + Shadow_EnableNoInputNoNotify = 4, +}} +STRUCT!{struct USERCONFIG { + Bitfields: ULONG, + Bitfields2: ULONG, + UserName: [WCHAR; USERNAME_LENGTH + 1], + Domain: [WCHAR; DOMAIN_LENGTH + 1], + Password: [WCHAR; PASSWORD_LENGTH + 1], + WorkDirectory: [WCHAR; DIRECTORY_LENGTH + 1], + InitialProgram: [WCHAR; INITIALPROGRAM_LENGTH + 1], + CallbackNumber: [WCHAR; CALLBACK_LENGTH + 1], + Callback: CALLBACKCLASS, + Shadow: SHADOWCLASS, + MaxConnectionTime: ULONG, + MaxDisconnectionTime: ULONG, + MaxIdleTime: ULONG, + KeyboardLayout: ULONG, + MinEncryptionLevel: BYTE, + NWLogonServer: [WCHAR; NASIFILESERVER_LENGTH + 1], + PublishedName: [WCHAR; MAX_BR_NAME], + WFProfilePath: [WCHAR; DIRECTORY_LENGTH + 1], + WFHomeDir: [WCHAR; DIRECTORY_LENGTH + 1], + WFHomeDirDrive: [WCHAR; 4], +}} +BITFIELD!{USERCONFIG Bitfields: ULONG [ + fInheritAutoLogon set_fInheritAutoLogon[0..1], + fInheritResetBroken set_fInheritResetBroken[1..2], + fInheritReconnectSame set_fInheritReconnectSame[2..3], + fInheritInitialProgram set_fInheritInitialProgram[3..4], + fInheritCallback set_fInheritCallback[4..5], + fInheritCallbackNumber set_fInheritCallbackNumber[5..6], + fInheritShadow set_fInheritShadow[6..7], + fInheritMaxSessionTime set_fInheritMaxSessionTime[7..8], + fInheritMaxDisconnectionTime set_fInheritMaxDisconnectionTime[8..9], + fInheritMaxIdleTime set_fInheritMaxIdleTime[9..10], + fInheritAutoClient set_fInheritAutoClient[10..11], + fInheritSecurity set_fInheritSecurity[11..12], + fPromptForPassword set_fPromptForPassword[12..13], + fResetBroken set_fResetBroken[13..14], + fReconnectSame set_fReconnectSame[14..15], + fLogonDisabled set_fLogonDisabled[15..16], + fWallPaperDisabled set_fWallPaperDisabled[16..17], + fAutoClientDrives set_fAutoClientDrives[17..18], + fAutoClientLpts set_fAutoClientLpts[18..19], + fForceClientLptDef set_fForceClientLptDef[19..20], + fRequireEncryption set_fRequireEncryption[20..21], + fDisableEncryption set_fDisableEncryption[21..22], + fUnused1 set_fUnused1[22..23], + fHomeDirectoryMapRoot set_fHomeDirectoryMapRoot[23..24], + fUseDefaultGina set_fUseDefaultGina[24..25], + fCursorBlinkDisabled set_fCursorBlinkDisabled[25..26], + fPublishedApp set_fPublishedApp[26..27], + fHideTitleBar set_fHideTitleBar[27..28], + fMaximize set_fMaximize[28..29], + fDisableCpm set_fDisableCpm[29..30], + fDisableCdm set_fDisableCdm[30..31], + fDisableCcm set_fDisableCcm[31..32], +]} +BITFIELD!{USERCONFIG Bitfields2: ULONG [ + fDisableLPT set_fDisableLPT[0..1], + fDisableClip set_fDisableClip[1..2], + fDisableExe set_fDisableExe[2..3], + fDisableCam set_fDisableCam[3..4], + fDisableAutoReconnect set_fDisableAutoReconnect[4..5], + ColorDepth set_ColorDepth[5..6], + fInheritColorDepth set_fInheritColorDepth[6..7], + fErrorInvalidProfile set_fErrorInvalidProfile[7..8], + fPasswordIsScPin set_fPasswordIsScPin[8..9], + fDisablePNPRedir set_fDisablePNPRedir[9..10], +]} +pub type PUSERCONFIG = *mut USERCONFIG; +ENUM!{enum SDCLASS { + SdNone = 0, + SdConsole = 1, + SdNetwork = 2, + SdAsync = 3, + SdOemTransport = 4, +}} +pub type DEVICENAME = [WCHAR; DEVICENAME_LENGTH + 1]; +pub type MODEMNAME = [WCHAR; MODEMNAME_LENGTH + 1]; +pub type NASISPECIFICNAME = [WCHAR; NASISPECIFICNAME_LENGTH + 1]; +pub type NASIUSERNAME = [WCHAR; NASIUSERNAME_LENGTH + 1]; +pub type NASIPASSWORD = [WCHAR; NASIPASSWORD_LENGTH + 1]; +pub type NASISESIONNAME = [WCHAR; NASISESSIONNAME_LENGTH + 1]; +pub type NASIFILESERVER = [WCHAR; NASIFILESERVER_LENGTH + 1]; +pub type WDNAME = [WCHAR; WDNAME_LENGTH + 1]; +pub type WDPREFIX = [WCHAR; WDPREFIX_LENGTH + 1]; +pub type CDNAME = [WCHAR; CDNAME_LENGTH + 1]; +pub type DLLNAME = [WCHAR; DLLNAME_LENGTH + 1]; +pub type PDNAME = [WCHAR; PDNAME_LENGTH + 1]; +STRUCT!{struct NETWORKCONFIG { + LanAdapter: LONG, + NetworkName: DEVICENAME, + Flags: ULONG, +}} +pub type PNETWORKCONFIG = *mut NETWORKCONFIG; +ENUM!{enum FLOWCONTROLCLASS { + FlowControl_None = 0, + FlowControl_Hardware = 1, + FlowControl_Software = 2, +}} +ENUM!{enum RECEIVEFLOWCONTROLCLASS { + ReceiveFlowControl_None = 0, + ReceiveFlowControl_RTS = 1, + ReceiveFlowControl_DTR = 2, +}} +ENUM!{enum TRANSMITFLOWCONTROLCLASS { + TransmitFlowControl_None = 0, + TransmitFlowControl_CTS = 1, + TransmitFlowControl_DSR = 2, +}} +ENUM!{enum ASYNCCONNECTCLASS { + Connect_CTS = 0, + Connect_DSR = 1, + Connect_RI = 2, + Connect_DCD = 3, + Connect_FirstChar = 4, + Connect_Perm = 5, +}} +STRUCT!{struct FLOWCONTROLCONFIG { + Bitfields: ULONG, + XonChar: CHAR, + XoffChar: CHAR, + Type: FLOWCONTROLCLASS, + HardwareReceive: RECEIVEFLOWCONTROLCLASS, + HardwareTransmit: TRANSMITFLOWCONTROLCLASS, +}} +BITFIELD!{FLOWCONTROLCONFIG Bitfields: ULONG [ + fEnableSoftwareTx set_fEnableSoftwareTx[0..1], + fEnableSoftwareRx set_fEnableSoftwareRx[1..2], + fEnableDTR set_fEnableDTR[2..3], + fEnableRTS set_fEnableRTS[3..4], +]} +pub type PFLOWCONTROLCONFIG = *mut FLOWCONTROLCONFIG; +STRUCT!{struct CONNECTCONFIG { + Type: ASYNCCONNECTCLASS, + Bitfields: ULONG, +}} +BITFIELD!{CONNECTCONFIG Bitfields: ULONG [ + fEnableBreakDisconnect set_fEnableBreakDisconnect[0..1], +]} +pub type PCONNECTCONFIG = *mut CONNECTCONFIG; +STRUCT!{struct ASYNCCONFIG { + DeviceName: DEVICENAME, + ModemName: MODEMNAME, + BaudRate: ULONG, + Parity: ULONG, + StopBits: ULONG, + ByteSize: ULONG, + Bitfields: ULONG, + FlowControl: FLOWCONTROLCONFIG, + Connect: CONNECTCONFIG, +}} +BITFIELD!{ASYNCCONFIG Bitfields: ULONG [ + fEnableDsrSensitivity set_fEnableDsrSensitivity[0..1], + fConnectionDriver set_fConnectionDriver[1..2], +]} +pub type PASYNCCONFIG = *mut ASYNCCONFIG; +STRUCT!{struct NASICONFIG { + SpecificName: NASISPECIFICNAME, + UserName: NASIUSERNAME, + PassWord: NASIPASSWORD, + SessionName: NASISESIONNAME, + FileServer: NASIFILESERVER, + GlobalSession: BOOLEAN, +}} +pub type PNASICONFIG = *mut NASICONFIG; +STRUCT!{struct OEMTDCONFIG { + Adapter: LONG, + DeviceName: DEVICENAME, + Flags: ULONG, +}} +pub type POEMTDCONFIG = *mut OEMTDCONFIG; +UNION!{union PDPARAMS_u { + Network: NETWORKCONFIG, + Async: ASYNCCONFIG, + Nasi: NASICONFIG, + OemTd: OEMTDCONFIG, +}} +STRUCT!{struct PDPARAMS { + SdClass: SDCLASS, + u: PDPARAMS_u, +}} +pub type PPDPARAMS = *mut PDPARAMS; +STRUCT!{struct WDCONFIG { + WdName: WDNAME, + WdDLL: DLLNAME, + WsxDLL: DLLNAME, + WdFlag: ULONG, + WdInputBufferLength: ULONG, + CfgDLL: DLLNAME, + WdPrefix: WDPREFIX, +}} +pub type PWDCONFIG = *mut WDCONFIG; +STRUCT!{struct PDCONFIG2 { + PdName: PDNAME, + SdClass: SDCLASS, + PdDLL: DLLNAME, + PdFlag: ULONG, + OutBufLength: ULONG, + OutBufCount: ULONG, + OutBufDelay: ULONG, + InteractiveDelay: ULONG, + PortNumber: ULONG, + KeepAliveTimeout: ULONG, +}} +pub type PPDCONFIG2 = *mut PDCONFIG2; +STRUCT!{struct WINSTATIONCLIENT { + Bitfields: ULONG, + ClientName: [WCHAR; CLIENTNAME_LENGTH + 1], + Domain: [WCHAR; DOMAIN_LENGTH + 1], + UserName: [WCHAR; USERNAME_LENGTH + 1], + Password: [WCHAR; PASSWORD_LENGTH + 1], + WorkDirectory: [WCHAR; DIRECTORY_LENGTH + 1], + InitialProgram: [WCHAR; INITIALPROGRAM_LENGTH + 1], + SerialNumber: ULONG, + EncryptionLevel: BYTE, + ClientAddressFamily: ULONG, + ClientAddress: [WCHAR; CLIENTADDRESS_LENGTH + 1], + HRes: USHORT, + VRes: USHORT, + ColorDepth: USHORT, + ProtocolType: USHORT, + KeyboardLayout: ULONG, + KeyboardType: ULONG, + KeyboardSubType: ULONG, + KeyboardFunctionKey: ULONG, + ImeFileName: [WCHAR; IMEFILENAME_LENGTH + 1], + ClientDirectory: [WCHAR; DIRECTORY_LENGTH + 1], + ClientLicense: [WCHAR; CLIENTLICENSE_LENGTH + 1], + ClientModem: [WCHAR; CLIENTMODEM_LENGTH + 1], + ClientBuildNumber: ULONG, + ClientHardwareId: ULONG, + ClientProductId: USHORT, + OutBufCountHost: USHORT, + OutBufCountClient: USHORT, + OutBufLength: USHORT, + AudioDriverName: [WCHAR; 9], + ClientTimeZone: TS_TIME_ZONE_INFORMATION, + ClientSessionId: ULONG, + ClientDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH], + PerformanceFlags: ULONG, + ActiveInputLocale: ULONG, +}} +BITFIELD!{WINSTATIONCLIENT Bitfields: ULONG [ + fTextOnly set_fTextOnly[0..1], + fDisableCtrlAltDel set_fDisableCtrlAltDel[1..2], + fMouse set_fMouse[2..3], + fDoubleClickDetect set_fDoubleClickDetect[3..4], + fINetClient set_fINetClient[4..5], + fPromptForPassword set_fPromptForPassword[5..6], + fMaximizeShell set_fMaximizeShell[6..7], + fEnableWindowsKey set_fEnableWindowsKey[7..8], + fRemoteConsoleAudio set_fRemoteConsoleAudio[8..9], + fPasswordIsScPin set_fPasswordIsScPin[9..10], + fNoAudioPlayback set_fNoAudioPlayback[10..11], + fUsingSavedCreds set_fUsingSavedCreds[11..12], +]} +pub type PWINSTATIONCLIENT = *mut WINSTATIONCLIENT; +STRUCT!{struct TSHARE_COUNTERS { + Reserved: ULONG, +}} +pub type PTSHARE_COUNTERS = *mut TSHARE_COUNTERS; +UNION!{union PROTOCOLCOUNTERS_Specific { + TShareCounters: TSHARE_COUNTERS, + Reserved: [ULONG; 100], +}} +STRUCT!{struct PROTOCOLCOUNTERS { + WdBytes: ULONG, + WdFrames: ULONG, + WaitForOutBuf: ULONG, + Frames: ULONG, + Bytes: ULONG, + CompressedBytes: ULONG, + CompressFlushes: ULONG, + Errors: ULONG, + Timeouts: ULONG, + AsyncFramingError: ULONG, + AsyncOverrunError: ULONG, + AsyncOverflowError: ULONG, + AsyncParityError: ULONG, + TdErrors: ULONG, + ProtocolType: USHORT, + Length: USHORT, + Specific: PROTOCOLCOUNTERS_Specific, +}} +pub type PPROTOCOLCOUNTERS = *mut PROTOCOLCOUNTERS; +STRUCT!{struct THINWIRECACHE { + CacheReads: ULONG, + CacheHits: ULONG, +}} +pub type PTHINWIRECACHE = *mut THINWIRECACHE; +pub const MAX_THINWIRECACHE: usize = 4; +STRUCT!{struct RESERVED_CACHE { + ThinWireCache: [THINWIRECACHE; MAX_THINWIRECACHE], +}} +pub type PRESERVED_CACHE = *mut RESERVED_CACHE; +STRUCT!{struct TSHARE_CACHE { + Reserved: ULONG, +}} +pub type PTSHARE_CACHE = *mut TSHARE_CACHE; +UNION!{union CACHE_STATISTICS_Specific { + ReservedCacheStats: RESERVED_CACHE, + TShareCacheStats: TSHARE_CACHE, + Reserved: [ULONG; 20], +}} +STRUCT!{struct CACHE_STATISTICS { + ProtocolType: USHORT, + Length: USHORT, + Specific: CACHE_STATISTICS_Specific, +}} +pub type PCACHE_STATISTICS = *mut CACHE_STATISTICS; +STRUCT!{struct PROTOCOLSTATUS { + Output: PROTOCOLCOUNTERS, + Input: PROTOCOLCOUNTERS, + Cache: CACHE_STATISTICS, + AsyncSignal: ULONG, + AsyncSignalMask: ULONG, +}} +pub type PPROTOCOLSTATUS = *mut PROTOCOLSTATUS; +STRUCT!{struct WINSTATIONINFORMATION { + ConnectState: WINSTATIONSTATECLASS, + WinStationName: WINSTATIONNAME, + LogonId: ULONG, + ConnectTime: LARGE_INTEGER, + DisconnectTime: LARGE_INTEGER, + LastInputTime: LARGE_INTEGER, + LogonTime: LARGE_INTEGER, + Status: PROTOCOLSTATUS, + Domain: [WCHAR; DOMAIN_LENGTH + 1], + UserName: [WCHAR; USERNAME_LENGTH + 1], + CurrentTime: LARGE_INTEGER, +}} +pub type PWINSTATIONINFORMATION = *mut WINSTATIONINFORMATION; +STRUCT!{struct WINSTATIONUSERTOKEN { + ProcessId: HANDLE, + ThreadId: HANDLE, + UserToken: HANDLE, +}} +pub type PWINSTATIONUSERTOKEN = *mut WINSTATIONUSERTOKEN; +STRUCT!{struct WINSTATIONVIDEODATA { + HResolution: USHORT, + VResolution: USHORT, + fColorDepth: USHORT, +}} +pub type PWINSTATIONVIDEODATA = *mut WINSTATIONVIDEODATA; +ENUM!{enum CDCLASS { + CdNone = 0, + CdModem = 1, + CdClass_Maximum = 2, +}} +STRUCT!{struct CDCONFIG { + CdClass: CDCLASS, + CdName: CDNAME, + CdDLL: DLLNAME, + CdFlag: ULONG, +}} +pub type PCDCONFIG = *mut CDCONFIG; +pub type CLIENTDATANAME = [CHAR; CLIENTDATANAME_LENGTH + 1]; +pub type PCLIENTDATANAME = *mut CHAR; +STRUCT!{struct WINSTATIONCLIENTDATA { + DataName: CLIENTDATANAME, + fUnicodeData: BOOLEAN, +}} +pub type PWINSTATIONCLIENTDATA = *mut WINSTATIONCLIENTDATA; +ENUM!{enum LOADFACTORTYPE { + ErrorConstraint = 0, + PagedPoolConstraint = 1, + NonPagedPoolConstraint = 2, + AvailablePagesConstraint = 3, + SystemPtesConstraint = 4, + CPUConstraint = 5, +}} +STRUCT!{struct WINSTATIONLOADINDICATORDATA { + RemainingSessionCapacity: ULONG, + LoadFactor: LOADFACTORTYPE, + TotalSessions: ULONG, + DisconnectedSessions: ULONG, + IdleCPU: LARGE_INTEGER, + TotalCPU: LARGE_INTEGER, + RawSessionCapacity: ULONG, + reserved: [ULONG; 9], +}} +pub type PWINSTATIONLOADINDICATORDATA = *mut WINSTATIONLOADINDICATORDATA; +ENUM!{enum SHADOWSTATECLASS { + State_NoShadow = 0, + State_Shadowing = 1, + State_Shadowed = 2, +}} +STRUCT!{struct WINSTATIONSHADOW { + ShadowState: SHADOWSTATECLASS, + ShadowClass: SHADOWCLASS, + SessionId: ULONG, + ProtocolType: ULONG, +}} +pub type PWINSTATIONSHADOW = *mut WINSTATIONSHADOW; +STRUCT!{struct WINSTATIONPRODID { + DigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH], + ClientDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH], + OuterMostDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH], + CurrentSessionId: ULONG, + ClientSessionId: ULONG, + OuterMostSessionId: ULONG, +}} +pub type PWINSTATIONPRODID = *mut WINSTATIONPRODID; +STRUCT!{struct WINSTATIONREMOTEADDRESS_u_ipv4 { + sin_port: USHORT, + sin_addr: ULONG, + sin_zero: [UCHAR; 8], +}} +STRUCT!{struct WINSTATIONREMOTEADDRESS_u_ipv6 { + sin6_port: USHORT, + sin6_flowinfo: ULONG, + sin6_addr: [USHORT; 8], + sin6_scope_id: ULONG, +}} +UNION!{union WINSTATIONREMOTEADDRESS_u { + ipv4: WINSTATIONREMOTEADDRESS_u_ipv4, + ipv6: WINSTATIONREMOTEADDRESS_u_ipv6, +}} +STRUCT!{struct WINSTATIONREMOTEADDRESS { + sin_family: USHORT, + u: WINSTATIONREMOTEADDRESS_u, +}} +pub type PWINSTATIONREMOTEADDRESS = *mut WINSTATIONREMOTEADDRESS; +STRUCT!{struct WINSTATIONINFORMATIONEX_LEVEL1 { + SessionId: ULONG, + SessionState: WINSTATIONSTATECLASS, + SessionFlags: LONG, + WinStationName: WINSTATIONNAME, + UserName: [WCHAR; USERNAME_LENGTH + 1], + DomainName: [WCHAR; DOMAIN_LENGTH + 1], + LogonTime: LARGE_INTEGER, + ConnectTime: LARGE_INTEGER, + DisconnectTime: LARGE_INTEGER, + LastInputTime: LARGE_INTEGER, + CurrentTime: LARGE_INTEGER, + ProtocolStatus: PROTOCOLSTATUS, +}} +pub type PWINSTATIONINFORMATIONEX_LEVEL1 = *mut WINSTATIONINFORMATIONEX_LEVEL1; +STRUCT!{struct WINSTATIONINFORMATIONEX_LEVEL2 { + SessionId: ULONG, + SessionState: WINSTATIONSTATECLASS, + SessionFlags: LONG, + WinStationName: WINSTATIONNAME, + SamCompatibleUserName: [WCHAR; USERNAME_LENGTH + 1], + SamCompatibleDomainName: [WCHAR; DOMAIN_LENGTH + 1], + LogonTime: LARGE_INTEGER, + ConnectTime: LARGE_INTEGER, + DisconnectTime: LARGE_INTEGER, + LastInputTime: LARGE_INTEGER, + CurrentTime: LARGE_INTEGER, + ProtocolStatus: PROTOCOLSTATUS, + UserName: [WCHAR; 257], + DomainName: [WCHAR; 256], +}} +pub type PWINSTATIONINFORMATIONEX_LEVEL2 = *mut WINSTATIONINFORMATIONEX_LEVEL2; +UNION!{union WINSTATIONINFORMATIONEX_LEVEL { + WinStationInfoExLevel1: WINSTATIONINFORMATIONEX_LEVEL1, + WinStationInfoExLevel2: WINSTATIONINFORMATIONEX_LEVEL2, +}} +pub type PWINSTATIONINFORMATIONEX_LEVEL = *mut WINSTATIONINFORMATIONEX_LEVEL; +STRUCT!{struct WINSTATIONINFORMATIONEX { + Level: ULONG, + Data: WINSTATIONINFORMATIONEX_LEVEL, +}} +pub type PWINSTATIONINFORMATIONEX = *mut WINSTATIONINFORMATIONEX; +pub const TS_PROCESS_INFO_MAGIC_NT4: u32 = 0x23495452; +STRUCT!{struct TS_PROCESS_INFORMATION_NT4 { + MagicNumber: ULONG, + LogonId: ULONG, + ProcessSid: PVOID, + Pad: ULONG, +}} +pub type PTS_PROCESS_INFORMATION_NT4 = *mut TS_PROCESS_INFORMATION_NT4; +pub const SIZEOF_TS4_SYSTEM_THREAD_INFORMATION: u32 = 64; +pub const SIZEOF_TS4_SYSTEM_PROCESS_INFORMATION: u32 = 136; +STRUCT!{struct TS_SYS_PROCESS_INFORMATION { + NextEntryOffset: ULONG, + NumberOfThreads: ULONG, + SpareLi1: LARGE_INTEGER, + SpareLi2: LARGE_INTEGER, + SpareLi3: LARGE_INTEGER, + CreateTime: LARGE_INTEGER, + UserTime: LARGE_INTEGER, + KernelTime: LARGE_INTEGER, + ImageName: UNICODE_STRING, + BasePriority: LONG, + UniqueProcessId: ULONG, + InheritedFromUniqueProcessId: ULONG, + HandleCount: ULONG, + SessionId: ULONG, + SpareUl3: ULONG, + PeakVirtualSize: SIZE_T, + VirtualSize: SIZE_T, + PageFaultCount: ULONG, + PeakWorkingSetSize: ULONG, + WorkingSetSize: ULONG, + QuotaPeakPagedPoolUsage: SIZE_T, + QuotaPagedPoolUsage: SIZE_T, + QuotaPeakNonPagedPoolUsage: SIZE_T, + QuotaNonPagedPoolUsage: SIZE_T, + PagefileUsage: SIZE_T, + PeakPagefileUsage: SIZE_T, + PrivatePageCount: SIZE_T, +}} +pub type PTS_SYS_PROCESS_INFORMATION = *mut TS_SYS_PROCESS_INFORMATION; +STRUCT!{struct TS_ALL_PROCESSES_INFO { + pTsProcessInfo: PTS_SYS_PROCESS_INFORMATION, + SizeOfSid: ULONG, + pSid: PSID, +}} +pub type PTS_ALL_PROCESSES_INFO = *mut TS_ALL_PROCESSES_INFO; +STRUCT!{struct TS_COUNTER_HEADER { + dwCounterID: DWORD, + bResult: BOOLEAN, +}} +pub type PTS_COUNTER_HEADER = *mut TS_COUNTER_HEADER; +STRUCT!{struct TS_COUNTER { + CounterHead: TS_COUNTER_HEADER, + dwValue: DWORD, + StartTime: LARGE_INTEGER, +}} +pub type PTS_COUNTER = *mut TS_COUNTER; +pub const WSD_LOGOFF: ULONG = 0x1; +pub const WSD_SHUTDOWN: ULONG = 0x2; +pub const WSD_REBOOT: ULONG = 0x4; +pub const WSD_POWEROFF: ULONG = 0x8; +pub const WEVENT_NONE: ULONG = 0x0; +pub const WEVENT_CREATE: ULONG = 0x1; +pub const WEVENT_DELETE: ULONG = 0x2; +pub const WEVENT_RENAME: ULONG = 0x4; +pub const WEVENT_CONNECT: ULONG = 0x8; +pub const WEVENT_DISCONNECT: ULONG = 0x10; +pub const WEVENT_LOGON: ULONG = 0x20; +pub const WEVENT_LOGOFF: ULONG = 0x40; +pub const WEVENT_STATECHANGE: ULONG = 0x80; +pub const WEVENT_LICENSE: ULONG = 0x100; +pub const WEVENT_ALL: ULONG = 0x7fffffff; +pub const WEVENT_FLUSH: ULONG = 0x80000000; +pub const KBDSHIFT: USHORT = 0x1; +pub const KBDCTRL: USHORT = 0x2; +pub const KBDALT: USHORT = 0x4; +pub const WNOTIFY_ALL_SESSIONS: ULONG = 0x1; +pub const LOGONID_CURRENT: i32 = -1; +pub const SERVERNAME_CURRENT: PWSTR = null_mut(); +EXTERN!{extern "system" { + fn WinStationFreeMemory( + Buffer: PVOID, + ) -> BOOLEAN; + fn WinStationOpenServerW( + ServerName: PWSTR, + ) -> HANDLE; + fn WinStationCloseServer( + ServerHandle: HANDLE, + ) -> BOOLEAN; + fn WinStationServerPing( + ServerHandle: HANDLE, + ) -> BOOLEAN; + fn WinStationGetTermSrvCountersValue( + ServerHandle: HANDLE, + Count: ULONG, + Counters: PTS_COUNTER, + ) -> BOOLEAN; + fn WinStationShutdownSystem( + ServerHandle: HANDLE, + ShutdownFlags: ULONG, + ) -> BOOLEAN; + fn WinStationWaitSystemEvent( + ServerHandle: HANDLE, + EventMask: ULONG, + EventFlags: PULONG, + ) -> BOOLEAN; + fn WinStationRegisterConsoleNotification( + ServerHandle: HANDLE, + WindowHandle: HWND, + Flags: ULONG, + ) -> BOOLEAN; + fn WinStationUnRegisterConsoleNotification( + ServerHandle: HANDLE, + WindowHandle: HWND, + ) -> BOOLEAN; + fn WinStationEnumerateW( + ServerHandle: HANDLE, + SessionIds: *mut PSESSIONIDW, + Count: PULONG, + ) -> BOOLEAN; + fn WinStationQueryInformationW( + ServerHandle: HANDLE, + SessionId: ULONG, + WinStationInformationClass: WINSTATIONINFOCLASS, + pWinStationInformation: PVOID, + WinStationInformationLength: ULONG, + pReturnLength: PULONG, + ) -> BOOLEAN; + fn WinStationSetInformationW( + ServerHandle: HANDLE, + SessionId: ULONG, + WinStationInformationClass: WINSTATIONINFOCLASS, + pWinStationInformation: PVOID, + WinStationInformationLength: ULONG, + ) -> BOOLEAN; + fn WinStationNameFromLogonIdW( + ServerHandle: HANDLE, + SessionId: ULONG, + pWinStationName: PWSTR, + ) -> BOOLEAN; + fn WinStationSendMessageW( + ServerHandle: HANDLE, + SessionId: ULONG, + Title: PWSTR, + TitleLength: ULONG, + Message: PWSTR, + MessageLength: ULONG, + Style: ULONG, + Timeout: ULONG, + Response: PULONG, + DoNotWait: BOOLEAN, + ) -> BOOLEAN; + fn WinStationConnectW( + ServerHandle: HANDLE, + SessionId: ULONG, + TargetSessionId: ULONG, + pPassword: PWSTR, + bWait: BOOLEAN, + ) -> BOOLEAN; + fn WinStationDisconnect( + ServerHandle: HANDLE, + SessionId: ULONG, + bWait: BOOLEAN, + ) -> BOOLEAN; + fn WinStationReset( + ServerHandle: HANDLE, + SessionId: ULONG, + bWait: BOOLEAN, + ) -> BOOLEAN; + fn WinStationShadow( + ServerHandle: HANDLE, + TargetServerName: PWSTR, + TargetSessionId: ULONG, + HotKeyVk: UCHAR, + HotkeyModifiers: USHORT, + ) -> BOOLEAN; + fn WinStationShadowStop( + ServerHandle: HANDLE, + SessionId: ULONG, + bWait: BOOLEAN, + ) -> BOOLEAN; + fn WinStationEnumerateProcesses( + ServerHandle: HANDLE, + Processes: *mut PVOID, + ) -> BOOLEAN; + fn WinStationGetAllProcesses( + ServerHandle: HANDLE, + Level: ULONG, + NumberOfProcesses: PULONG, + Processes: *mut PTS_ALL_PROCESSES_INFO, + ) -> BOOLEAN; + fn WinStationFreeGAPMemory( + Level: ULONG, + Processes: PTS_ALL_PROCESSES_INFO, + NumberOfProcesses: ULONG, + ) -> BOOLEAN; + fn WinStationTerminateProcess( + ServerHandle: HANDLE, + ProcessId: ULONG, + ExitCode: ULONG, + ) -> BOOLEAN; + fn WinStationGetProcessSid( + ServerHandle: HANDLE, + ProcessId: ULONG, + ProcessStartTime: FILETIME, + pProcessUserSid: PVOID, + dwSidSize: PULONG, + ) -> BOOLEAN; + fn WinStationSwitchToServicesSession() -> BOOLEAN; + fn WinStationRevertFromServicesSession() -> BOOLEAN; + fn _WinStationWaitForConnect() -> BOOLEAN; +}} |