summaryrefslogtreecommitdiffstats
path: root/third_party/rust/ntapi/src/ntexapi.rs
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/rust/ntapi/src/ntexapi.rs')
-rw-r--r--third_party/rust/ntapi/src/ntexapi.rs2998
1 files changed, 2998 insertions, 0 deletions
diff --git a/third_party/rust/ntapi/src/ntexapi.rs b/third_party/rust/ntapi/src/ntexapi.rs
new file mode 100644
index 0000000000..5fa47c9137
--- /dev/null
+++ b/third_party/rust/ntapi/src/ntexapi.rs
@@ -0,0 +1,2998 @@
+use core::mem::uninitialized;
+use core::ptr::read_volatile;
+#[cfg(target_arch = "x86")]
+use core::sync::atomic::spin_loop_hint;
+use crate::ntapi_base::{CLIENT_ID, KPRIORITY, KSYSTEM_TIME, PRTL_ATOM, RTL_ATOM};
+use crate::ntioapi::{BUS_DATA_TYPE, FILE_IO_COMPLETION_INFORMATION, INTERFACE_TYPE};
+use crate::ntkeapi::{KPROFILE_SOURCE, KTHREAD_STATE, KWAIT_REASON};
+use crate::ntldr::RTL_PROCESS_MODULE_INFORMATION_EX;
+use crate::ntpebteb::PTEB;
+use crate::ntpoapi::COUNTED_REASON_CONTEXT;
+use winapi::shared::basetsd::{KAFFINITY, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR};
+use winapi::shared::evntrace::PROFILE_SOURCE_INFO;
+use winapi::shared::guiddef::{GUID, LPGUID};
+use winapi::shared::ntdef::{
+ BOOLEAN, CCHAR, EVENT_TYPE, HANDLE, LANGID, LARGE_INTEGER, LCID, LOGICAL, LONG, LONGLONG,
+ NTSTATUS, NT_PRODUCT_TYPE, PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE,
+ PHYSICAL_ADDRESS, PLARGE_INTEGER, PLCID, PLONG, PLUID, POBJECT_ATTRIBUTES, PUCHAR,
+ PULARGE_INTEGER, PULONG, PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE,
+ UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR, WNF_STATE_NAME,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, ANYSIZE_ARRAY, FIRMWARE_TYPE, GENERIC_MAPPING, PSECURITY_DESCRIPTOR,
+ STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, XSTATE_CONFIGURATION,
+};
+use crate::winapi_local::um::winnt::UInt32x32To64;
+EXTERN!{extern "system" {
+ fn NtDelayExecution(
+ Alertable: BOOLEAN,
+ DelayInterval: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtQuerySystemEnvironmentValue(
+ VariableName: PUNICODE_STRING,
+ VariableValue: PWSTR,
+ ValueLength: USHORT,
+ ReturnLength: PUSHORT,
+ ) -> NTSTATUS;
+ fn NtSetSystemEnvironmentValue(
+ VariableName: PUNICODE_STRING,
+ VariableValue: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn NtQuerySystemEnvironmentValueEx(
+ VariableName: PUNICODE_STRING,
+ VendorGuid: LPGUID,
+ Value: PVOID,
+ ValueLength: PULONG,
+ Attributes: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetSystemEnvironmentValueEx(
+ VariableName: PUNICODE_STRING,
+ VendorGuid: LPGUID,
+ Value: PVOID,
+ ValueLength: ULONG,
+ Attributes: ULONG,
+ ) -> NTSTATUS;
+ fn NtEnumerateSystemEnvironmentValuesEx(
+ InformationClass: ULONG,
+ Buffer: PVOID,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct BOOT_ENTRY {
+ Version: ULONG,
+ Length: ULONG,
+ Id: ULONG,
+ Attributes: ULONG,
+ FriendlyNameOffset: ULONG,
+ BootFilePathOffset: ULONG,
+ OsOptionsLength: ULONG,
+ OsOptions: [UCHAR; 1],
+}}
+pub type PBOOT_ENTRY = *mut BOOT_ENTRY;
+STRUCT!{struct BOOT_ENTRY_LIST {
+ NextEntryOffset: ULONG,
+ BootEntry: BOOT_ENTRY,
+}}
+pub type PBOOT_ENTRY_LIST = *mut BOOT_ENTRY_LIST;
+STRUCT!{struct BOOT_OPTIONS {
+ Version: ULONG,
+ Length: ULONG,
+ Timeout: ULONG,
+ CurrentBootEntryId: ULONG,
+ NextBootEntryId: ULONG,
+ HeadlessRedirection: [WCHAR; 1],
+}}
+pub type PBOOT_OPTIONS = *mut BOOT_OPTIONS;
+STRUCT!{struct FILE_PATH {
+ Version: ULONG,
+ Length: ULONG,
+ Type: ULONG,
+ FilePath: [UCHAR; 1],
+}}
+pub type PFILE_PATH = *mut FILE_PATH;
+STRUCT!{struct EFI_DRIVER_ENTRY {
+ Version: ULONG,
+ Length: ULONG,
+ Id: ULONG,
+ FriendlyNameOffset: ULONG,
+ DriverFilePathOffset: ULONG,
+}}
+pub type PEFI_DRIVER_ENTRY = *mut EFI_DRIVER_ENTRY;
+STRUCT!{struct EFI_DRIVER_ENTRY_LIST {
+ NextEntryOffset: ULONG,
+ DriverEntry: EFI_DRIVER_ENTRY,
+}}
+pub type PEFI_DRIVER_ENTRY_LIST = *mut EFI_DRIVER_ENTRY_LIST;
+EXTERN!{extern "system" {
+ fn NtAddBootEntry(
+ BootEntry: PBOOT_ENTRY,
+ Id: PULONG,
+ ) -> NTSTATUS;
+ fn NtDeleteBootEntry(
+ Id: ULONG,
+ ) -> NTSTATUS;
+ fn NtModifyBootEntry(
+ BootEntry: PBOOT_ENTRY,
+ ) -> NTSTATUS;
+ fn NtEnumerateBootEntries(
+ Buffer: PVOID,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtQueryBootEntryOrder(
+ Ids: PULONG,
+ Count: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetBootEntryOrder(
+ Ids: PULONG,
+ Count: ULONG,
+ ) -> NTSTATUS;
+ fn NtQueryBootOptions(
+ BootOptions: PBOOT_OPTIONS,
+ BootOptionsLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetBootOptions(
+ BootOptions: PBOOT_OPTIONS,
+ FieldsToChange: ULONG,
+ ) -> NTSTATUS;
+ fn NtTranslateFilePath(
+ InputFilePath: PFILE_PATH,
+ OutputType: ULONG,
+ OutputFilePath: PFILE_PATH,
+ OutputFilePathLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtAddDriverEntry(
+ DriverEntry: PEFI_DRIVER_ENTRY,
+ Id: PULONG,
+ ) -> NTSTATUS;
+ fn NtDeleteDriverEntry(
+ Id: ULONG,
+ ) -> NTSTATUS;
+ fn NtModifyDriverEntry(
+ DriverEntry: PEFI_DRIVER_ENTRY,
+ ) -> NTSTATUS;
+ fn NtEnumerateDriverEntries(
+ Buffer: PVOID,
+ BufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtQueryDriverEntryOrder(
+ Ids: PULONG,
+ Count: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetDriverEntryOrder(
+ Ids: PULONG,
+ Count: ULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum FILTER_BOOT_OPTION_OPERATION {
+ FilterBootOptionOperationOpenSystemStore = 0,
+ FilterBootOptionOperationSetElement = 1,
+ FilterBootOptionOperationDeleteElement = 2,
+ FilterBootOptionOperationMax = 3,
+}}
+EXTERN!{extern "system" {
+ fn NtFilterBootOption(
+ FilterOperation: FILTER_BOOT_OPTION_OPERATION,
+ ObjectType: ULONG,
+ ElementType: ULONG,
+ Data: PVOID,
+ DataSize: ULONG,
+ ) -> NTSTATUS;
+}}
+pub const EVENT_QUERY_STATE: u32 = 0x0001;
+ENUM!{enum EVENT_INFORMATION_CLASS {
+ EventBasicInformation = 0,
+}}
+STRUCT!{struct EVENT_BASIC_INFORMATION {
+ EventType: EVENT_TYPE,
+ EventState: LONG,
+}}
+pub type PEVENT_BASIC_INFORMATION = *mut EVENT_BASIC_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtCreateEvent(
+ EventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ EventType: EVENT_TYPE,
+ InitialState: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtOpenEvent(
+ EventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtSetEvent(
+ EventHandle: HANDLE,
+ PreviousState: PLONG,
+ ) -> NTSTATUS;
+ fn NtSetEventBoostPriority(
+ EventHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtClearEvent(
+ EventHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtResetEvent(
+ EventHandle: HANDLE,
+ PreviousState: PLONG,
+ ) -> NTSTATUS;
+ fn NtPulseEvent(
+ EventHandle: HANDLE,
+ PreviousState: PLONG,
+ ) -> NTSTATUS;
+ fn NtQueryEvent(
+ EventHandle: HANDLE,
+ EventInformationClass: EVENT_INFORMATION_CLASS,
+ EventInformation: PVOID,
+ EventInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
+pub const EVENT_PAIR_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE;
+EXTERN!{extern "system" {
+ fn NtCreateEventPair(
+ EventPairHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtOpenEventPair(
+ EventPairHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtSetLowEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtSetHighEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtWaitLowEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtWaitHighEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtSetLowWaitHighEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtSetHighWaitLowEventPair(
+ EventPairHandle: HANDLE,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum MUTANT_INFORMATION_CLASS {
+ MutantBasicInformation = 0,
+ MutantOwnerInformation = 1,
+}}
+STRUCT!{struct MUTANT_BASIC_INFORMATION {
+ CurrentCount: LONG,
+ OwnedByCaller: BOOLEAN,
+ AbandonedState: BOOLEAN,
+}}
+pub type PMUTANT_BASIC_INFORMATION = *mut MUTANT_BASIC_INFORMATION;
+STRUCT!{struct MUTANT_OWNER_INFORMATION {
+ ClientId: CLIENT_ID,
+}}
+pub type PMUTANT_OWNER_INFORMATION = *mut MUTANT_OWNER_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtCreateMutant(
+ MutantHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ InitialOwner: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtOpenMutant(
+ MutantHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtReleaseMutant(
+ MutantHandle: HANDLE,
+ PreviousCount: PLONG,
+ ) -> NTSTATUS;
+ fn NtQueryMutant(
+ MutantHandle: HANDLE,
+ MutantInformationClass: MUTANT_INFORMATION_CLASS,
+ MutantInformation: PVOID,
+ MutantInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
+pub const SEMAPHORE_QUERY_STATE: u32 = 0x0001;
+ENUM!{enum SEMAPHORE_INFORMATION_CLASS {
+ SemaphoreBasicInformation = 0,
+}}
+STRUCT!{struct SEMAPHORE_BASIC_INFORMATION {
+ CurrentCount: LONG,
+ MaximumCount: LONG,
+}}
+pub type PSEMAPHORE_BASIC_INFORMATION = *mut SEMAPHORE_BASIC_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtCreateSemaphore(
+ SemaphoreHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ InitialCount: LONG,
+ MaximumCount: LONG,
+ ) -> NTSTATUS;
+ fn NtOpenSemaphore(
+ SemaphoreHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtReleaseSemaphore(
+ SemaphoreHandle: HANDLE,
+ ReleaseCount: LONG,
+ PreviousCount: PLONG,
+ ) -> NTSTATUS;
+ fn NtQuerySemaphore(
+ SemaphoreHandle: HANDLE,
+ SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS,
+ SemaphoreInformation: PVOID,
+ SemaphoreInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum TIMER_INFORMATION_CLASS {
+ TimerBasicInformation = 0,
+}}
+STRUCT!{struct TIMER_BASIC_INFORMATION {
+ RemainingTime: LARGE_INTEGER,
+ TimerState: BOOLEAN,
+}}
+pub type PTIMER_BASIC_INFORMATION = *mut TIMER_BASIC_INFORMATION;
+FN!{stdcall PTIMER_APC_ROUTINE(
+ TimerContext: PVOID,
+ TimerLowValue: ULONG,
+ TimerHighValue: LONG,
+) -> ()}
+ENUM!{enum TIMER_SET_INFORMATION_CLASS {
+ TimerSetCoalescableTimer = 0,
+ MaxTimerInfoClass = 1,
+}}
+STRUCT!{struct TIMER_SET_COALESCABLE_TIMER_INFO {
+ DueTime: LARGE_INTEGER,
+ TimerApcRoutine: PTIMER_APC_ROUTINE,
+ TimerContext: PVOID,
+ WakeContext: *mut COUNTED_REASON_CONTEXT,
+ Period: ULONG,
+ TolerableDelay: ULONG,
+ PreviousState: PBOOLEAN,
+}}
+pub type PTIMER_SET_COALESCABLE_TIMER_INFO = *mut TIMER_SET_COALESCABLE_TIMER_INFO;
+EXTERN!{extern "system" {
+ fn NtCreateTimer(
+ TimerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TimerType: TIMER_TYPE,
+ ) -> NTSTATUS;
+ fn NtOpenTimer(
+ TimerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtSetTimer(
+ TimerHandle: HANDLE,
+ DueTime: PLARGE_INTEGER,
+ TimerApcRoutine: PTIMER_APC_ROUTINE,
+ TimerContext: PVOID,
+ ResumeTimer: BOOLEAN,
+ Period: LONG,
+ PreviousState: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtSetTimerEx(
+ TimerHandle: HANDLE,
+ TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS,
+ TimerSetInformation: PVOID,
+ TimerSetInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtCancelTimer(
+ TimerHandle: HANDLE,
+ CurrentState: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtQueryTimer(
+ TimerHandle: HANDLE,
+ TimerInformationClass: TIMER_INFORMATION_CLASS,
+ TimerInformation: PVOID,
+ TimerInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtCreateIRTimer(
+ TimerHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ) -> NTSTATUS;
+ fn NtSetIRTimer(
+ TimerHandle: HANDLE,
+ DueTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+}}
+STRUCT!{struct T2_SET_PARAMETERS {
+ Version: ULONG,
+ Reserved: ULONG,
+ NoWakeTolerance: LONGLONG,
+}}
+pub type PT2_SET_PARAMETERS = *mut T2_SET_PARAMETERS;
+pub type PT2_CANCEL_PARAMETERS = PVOID;
+EXTERN!{extern "system" {
+ fn NtCreateTimer2(
+ TimerHandle: PHANDLE,
+ Reserved1: PVOID,
+ Reserved2: PVOID,
+ Attributes: ULONG,
+ DesiredAccess: ACCESS_MASK,
+ ) -> NTSTATUS;
+ fn NtSetTimer2(
+ TimerHandle: HANDLE,
+ DueTime: PLARGE_INTEGER,
+ Period: PLARGE_INTEGER,
+ Parameters: PT2_SET_PARAMETERS,
+ ) -> NTSTATUS;
+ fn NtCancelTimer2(
+ TimerHandle: HANDLE,
+ Parameters: PT2_CANCEL_PARAMETERS,
+ ) -> NTSTATUS;
+}}
+pub const PROFILE_CONTROL: u32 = 0x0001;
+pub const PROFILE_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL;
+EXTERN!{extern "system" {
+ fn NtCreateProfile(
+ ProfileHandle: PHANDLE,
+ Process: HANDLE,
+ ProfileBase: PVOID,
+ ProfileSize: SIZE_T,
+ BucketSize: ULONG,
+ Buffer: PULONG,
+ BufferSize: ULONG,
+ ProfileSource: KPROFILE_SOURCE,
+ Affinity: KAFFINITY,
+ ) -> NTSTATUS;
+ fn NtCreateProfileEx(
+ ProfileHandle: PHANDLE,
+ Process: HANDLE,
+ ProfileBase: PVOID,
+ ProfileSize: SIZE_T,
+ BucketSize: ULONG,
+ Buffer: PULONG,
+ BufferSize: ULONG,
+ ProfileSource: KPROFILE_SOURCE,
+ GroupCount: USHORT,
+ GroupAffinity: PGROUP_AFFINITY,
+ ) -> NTSTATUS;
+ fn NtStartProfile(
+ ProfileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtStopProfile(
+ ProfileHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtQueryIntervalProfile(
+ ProfileSource: KPROFILE_SOURCE,
+ Interval: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetIntervalProfile(
+ Interval: ULONG,
+ Source: KPROFILE_SOURCE,
+ ) -> NTSTATUS;
+}}
+pub const KEYEDEVENT_WAIT: ULONG = 0x0001;
+pub const KEYEDEVENT_WAKE: ULONG = 0x0002;
+pub const KEYEDEVENT_ALL_ACCESS: ACCESS_MASK =
+ STANDARD_RIGHTS_REQUIRED | KEYEDEVENT_WAIT | KEYEDEVENT_WAKE;
+EXTERN!{extern "system" {
+ fn NtCreateKeyedEvent(
+ KeyedEventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtOpenKeyedEvent(
+ KeyedEventHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ ) -> NTSTATUS;
+ fn NtReleaseKeyedEvent(
+ KeyedEventHandle: HANDLE,
+ KeyValue: PVOID,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtWaitForKeyedEvent(
+ KeyedEventHandle: HANDLE,
+ KeyValue: PVOID,
+ Alertable: BOOLEAN,
+ Timeout: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtUmsThreadYield(
+ SchedulerParam: PVOID,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum WNF_STATE_NAME_LIFETIME {
+ WnfWellKnownStateName = 0,
+ WnfPermanentStateName = 1,
+ WnfPersistentStateName = 2,
+ WnfTemporaryStateName = 3,
+}}
+ENUM!{enum WNF_STATE_NAME_INFORMATION {
+ WnfInfoStateNameExist = 0,
+ WnfInfoSubscribersPresent = 1,
+ WnfInfoIsQuiescent = 2,
+}}
+ENUM!{enum WNF_DATA_SCOPE {
+ WnfDataScopeSystem = 0,
+ WnfDataScopeSession = 1,
+ WnfDataScopeUser = 2,
+ WnfDataScopeProcess = 3,
+ WnfDataScopeMachine = 4,
+}}
+STRUCT!{struct WNF_TYPE_ID {
+ TypeId: GUID,
+}}
+pub type PWNF_TYPE_ID = *mut WNF_TYPE_ID;
+pub type PCWNF_TYPE_ID = *const WNF_TYPE_ID;
+pub type PWNF_CHANGE_STAMP = *mut ULONG;
+pub type WNF_CHANGE_STAMP = ULONG;
+STRUCT!{struct WNF_DELIVERY_DESCRIPTOR {
+ SubscriptionId: ULONGLONG,
+ StateName: WNF_STATE_NAME,
+ ChangeStamp: WNF_CHANGE_STAMP,
+ StateDataSize: ULONG,
+ EventMask: ULONG,
+ TypeId: WNF_TYPE_ID,
+ StateDataOffset: ULONG,
+}}
+pub type PWNF_DELIVERY_DESCRIPTOR = *mut WNF_DELIVERY_DESCRIPTOR;
+EXTERN!{extern "system" {
+ fn NtCreateWnfStateName(
+ StateName: PWNF_STATE_NAME,
+ NameLifetime: WNF_STATE_NAME_LIFETIME,
+ DataScope: WNF_DATA_SCOPE,
+ PersistData: BOOLEAN,
+ TypeId: PCWNF_TYPE_ID,
+ MaximumStateSize: ULONG,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ) -> NTSTATUS;
+ fn NtDeleteWnfStateName(
+ StateName: PCWNF_STATE_NAME,
+ ) -> NTSTATUS;
+ fn NtUpdateWnfStateData(
+ StateName: PCWNF_STATE_NAME,
+ Buffer: *const VOID,
+ Length: ULONG,
+ TypeId: PCWNF_TYPE_ID,
+ ExplicitScope: *const VOID,
+ MatchingChangeStamp: WNF_CHANGE_STAMP,
+ CheckStamp: LOGICAL,
+ ) -> NTSTATUS;
+ fn NtDeleteWnfStateData(
+ StateName: PCWNF_STATE_NAME,
+ ExplicitScope: *const VOID,
+ ) -> NTSTATUS;
+ fn NtQueryWnfStateData(
+ StateName: PCWNF_STATE_NAME,
+ TypeId: PCWNF_TYPE_ID,
+ ExplicitScope: *const VOID,
+ ChangeStamp: PWNF_CHANGE_STAMP,
+ Buffer: PVOID,
+ BufferSize: PULONG,
+ ) -> NTSTATUS;
+ fn NtQueryWnfStateNameInformation(
+ StateName: PCWNF_STATE_NAME,
+ NameInfoClass: WNF_STATE_NAME_INFORMATION,
+ ExplicitScope: *const VOID,
+ InfoBuffer: PVOID,
+ InfoBufferSize: ULONG,
+ ) -> NTSTATUS;
+ fn NtSubscribeWnfStateChange(
+ StateName: PCWNF_STATE_NAME,
+ ChangeStamp: WNF_CHANGE_STAMP,
+ EventMask: ULONG,
+ SubscriptionId: PULONG64,
+ ) -> NTSTATUS;
+ fn NtUnsubscribeWnfStateChange(
+ StateName: PCWNF_STATE_NAME,
+ ) -> NTSTATUS;
+ fn NtGetCompleteWnfStateSubscription(
+ OldDescriptorStateName: PWNF_STATE_NAME,
+ OldSubscriptionId: *mut ULONG64,
+ OldDescriptorEventMask: ULONG,
+ OldDescriptorStatus: ULONG,
+ NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR,
+ DescriptorSize: ULONG,
+ ) -> NTSTATUS;
+ fn NtSetWnfProcessNotificationEvent(
+ NotificationEvent: HANDLE,
+ ) -> NTSTATUS;
+}}
+pub const WORKER_FACTORY_RELEASE_WORKER: u32 = 0x0001;
+pub const WORKER_FACTORY_WAIT: u32 = 0x0002;
+pub const WORKER_FACTORY_SET_INFORMATION: u32 = 0x0004;
+pub const WORKER_FACTORY_QUERY_INFORMATION: u32 = 0x0008;
+pub const WORKER_FACTORY_READY_WORKER: u32 = 0x0010;
+pub const WORKER_FACTORY_SHUTDOWN: u32 = 0x0020;
+pub const WORKER_FACTORY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED
+ | WORKER_FACTORY_RELEASE_WORKER | WORKER_FACTORY_WAIT | WORKER_FACTORY_SET_INFORMATION
+ | WORKER_FACTORY_QUERY_INFORMATION | WORKER_FACTORY_READY_WORKER | WORKER_FACTORY_SHUTDOWN;
+ENUM!{enum WORKERFACTORYINFOCLASS {
+ WorkerFactoryTimeout = 0,
+ WorkerFactoryRetryTimeout = 1,
+ WorkerFactoryIdleTimeout = 2,
+ WorkerFactoryBindingCount = 3,
+ WorkerFactoryThreadMinimum = 4,
+ WorkerFactoryThreadMaximum = 5,
+ WorkerFactoryPaused = 6,
+ WorkerFactoryBasicInformation = 7,
+ WorkerFactoryAdjustThreadGoal = 8,
+ WorkerFactoryCallbackType = 9,
+ WorkerFactoryStackInformation = 10,
+ WorkerFactoryThreadBasePriority = 11,
+ WorkerFactoryTimeoutWaiters = 12,
+ WorkerFactoryFlags = 13,
+ WorkerFactoryThreadSoftMaximum = 14,
+ MaxWorkerFactoryInfoClass = 15,
+}}
+pub type PWORKERFACTORYINFOCLASS = *mut WORKERFACTORYINFOCLASS;
+STRUCT!{struct WORKER_FACTORY_BASIC_INFORMATION {
+ Timeout: LARGE_INTEGER,
+ RetryTimeout: LARGE_INTEGER,
+ IdleTimeout: LARGE_INTEGER,
+ Paused: BOOLEAN,
+ TimerSet: BOOLEAN,
+ QueuedToExWorker: BOOLEAN,
+ MayCreate: BOOLEAN,
+ CreateInProgress: BOOLEAN,
+ InsertedIntoQueue: BOOLEAN,
+ Shutdown: BOOLEAN,
+ BindingCount: ULONG,
+ ThreadMinimum: ULONG,
+ ThreadMaximum: ULONG,
+ PendingWorkerCount: ULONG,
+ WaitingWorkerCount: ULONG,
+ TotalWorkerCount: ULONG,
+ ReleaseCount: ULONG,
+ InfiniteWaitGoal: LONGLONG,
+ StartRoutine: PVOID,
+ StartParameter: PVOID,
+ ProcessId: HANDLE,
+ StackReserve: SIZE_T,
+ StackCommit: SIZE_T,
+ LastThreadCreationStatus: NTSTATUS,
+}}
+pub type PWORKER_FACTORY_BASIC_INFORMATION = *mut WORKER_FACTORY_BASIC_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtCreateWorkerFactory(
+ WorkerFactoryHandleReturn: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ CompletionPortHandle: HANDLE,
+ WorkerProcessHandle: HANDLE,
+ StartRoutine: PVOID,
+ StartParameter: PVOID,
+ MaxThreadCount: ULONG,
+ StackReserve: SIZE_T,
+ StackCommit: SIZE_T,
+ ) -> NTSTATUS;
+ fn NtQueryInformationWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
+ WorkerFactoryInformation: PVOID,
+ WorkerFactoryInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS,
+ WorkerFactoryInformation: PVOID,
+ WorkerFactoryInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtShutdownWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ PendingWorkerCount: *mut LONG,
+ ) -> NTSTATUS;
+ fn NtReleaseWorkerFactoryWorker(
+ WorkerFactoryHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtWorkerFactoryWorkerReady(
+ WorkerFactoryHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtWaitForWorkViaWorkerFactory(
+ WorkerFactoryHandle: HANDLE,
+ MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION,
+ ) -> NTSTATUS;
+ fn NtQuerySystemTime(
+ SystemTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtSetSystemTime(
+ SystemTime: PLARGE_INTEGER,
+ PreviousTime: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtQueryTimerResolution(
+ MaximumTime: PULONG,
+ MinimumTime: PULONG,
+ CurrentTime: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetTimerResolution(
+ DesiredTime: ULONG,
+ SetResolution: BOOLEAN,
+ ActualTime: PULONG,
+ ) -> NTSTATUS;
+ fn NtQueryPerformanceCounter(
+ PerformanceCounter: PLARGE_INTEGER,
+ PerformanceFrequency: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtAllocateLocallyUniqueId(
+ Luid: PLUID,
+ ) -> NTSTATUS;
+ fn NtSetUuidSeed(
+ Seed: PCHAR,
+ ) -> NTSTATUS;
+ fn NtAllocateUuids(
+ Time: PULARGE_INTEGER,
+ Range: PULONG,
+ Sequence: PULONG,
+ Seed: PCHAR,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum SYSTEM_INFORMATION_CLASS {
+ SystemBasicInformation = 0,
+ SystemProcessorInformation = 1,
+ SystemPerformanceInformation = 2,
+ SystemTimeOfDayInformation = 3,
+ SystemPathInformation = 4,
+ SystemProcessInformation = 5,
+ SystemCallCountInformation = 6,
+ SystemDeviceInformation = 7,
+ SystemProcessorPerformanceInformation = 8,
+ SystemFlagsInformation = 9,
+ SystemCallTimeInformation = 10,
+ SystemModuleInformation = 11,
+ SystemLocksInformation = 12,
+ SystemStackTraceInformation = 13,
+ SystemPagedPoolInformation = 14,
+ SystemNonPagedPoolInformation = 15,
+ SystemHandleInformation = 16,
+ SystemObjectInformation = 17,
+ SystemPageFileInformation = 18,
+ SystemVdmInstemulInformation = 19,
+ SystemVdmBopInformation = 20,
+ SystemFileCacheInformation = 21,
+ SystemPoolTagInformation = 22,
+ SystemInterruptInformation = 23,
+ SystemDpcBehaviorInformation = 24,
+ SystemFullMemoryInformation = 25,
+ SystemLoadGdiDriverInformation = 26,
+ SystemUnloadGdiDriverInformation = 27,
+ SystemTimeAdjustmentInformation = 28,
+ SystemSummaryMemoryInformation = 29,
+ SystemMirrorMemoryInformation = 30,
+ SystemPerformanceTraceInformation = 31,
+ SystemObsolete0 = 32,
+ SystemExceptionInformation = 33,
+ SystemCrashDumpStateInformation = 34,
+ SystemKernelDebuggerInformation = 35,
+ SystemContextSwitchInformation = 36,
+ SystemRegistryQuotaInformation = 37,
+ SystemExtendServiceTableInformation = 38,
+ SystemPrioritySeperation = 39,
+ SystemVerifierAddDriverInformation = 40,
+ SystemVerifierRemoveDriverInformation = 41,
+ SystemProcessorIdleInformation = 42,
+ SystemLegacyDriverInformation = 43,
+ SystemCurrentTimeZoneInformation = 44,
+ SystemLookasideInformation = 45,
+ SystemTimeSlipNotification = 46,
+ SystemSessionCreate = 47,
+ SystemSessionDetach = 48,
+ SystemSessionInformation = 49,
+ SystemRangeStartInformation = 50,
+ SystemVerifierInformation = 51,
+ SystemVerifierThunkExtend = 52,
+ SystemSessionProcessInformation = 53,
+ SystemLoadGdiDriverInSystemSpace = 54,
+ SystemNumaProcessorMap = 55,
+ SystemPrefetcherInformation = 56,
+ SystemExtendedProcessInformation = 57,
+ SystemRecommendedSharedDataAlignment = 58,
+ SystemComPlusPackage = 59,
+ SystemNumaAvailableMemory = 60,
+ SystemProcessorPowerInformation = 61,
+ SystemEmulationBasicInformation = 62,
+ SystemEmulationProcessorInformation = 63,
+ SystemExtendedHandleInformation = 64,
+ SystemLostDelayedWriteInformation = 65,
+ SystemBigPoolInformation = 66,
+ SystemSessionPoolTagInformation = 67,
+ SystemSessionMappedViewInformation = 68,
+ SystemHotpatchInformation = 69,
+ SystemObjectSecurityMode = 70,
+ SystemWatchdogTimerHandler = 71,
+ SystemWatchdogTimerInformation = 72,
+ SystemLogicalProcessorInformation = 73,
+ SystemWow64SharedInformationObsolete = 74,
+ SystemRegisterFirmwareTableInformationHandler = 75,
+ SystemFirmwareTableInformation = 76,
+ SystemModuleInformationEx = 77,
+ SystemVerifierTriageInformation = 78,
+ SystemSuperfetchInformation = 79,
+ SystemMemoryListInformation = 80,
+ SystemFileCacheInformationEx = 81,
+ SystemThreadPriorityClientIdInformation = 82,
+ SystemProcessorIdleCycleTimeInformation = 83,
+ SystemVerifierCancellationInformation = 84,
+ SystemProcessorPowerInformationEx = 85,
+ SystemRefTraceInformation = 86,
+ SystemSpecialPoolInformation = 87,
+ SystemProcessIdInformation = 88,
+ SystemErrorPortInformation = 89,
+ SystemBootEnvironmentInformation = 90,
+ SystemHypervisorInformation = 91,
+ SystemVerifierInformationEx = 92,
+ SystemTimeZoneInformation = 93,
+ SystemImageFileExecutionOptionsInformation = 94,
+ SystemCoverageInformation = 95,
+ SystemPrefetchPatchInformation = 96,
+ SystemVerifierFaultsInformation = 97,
+ SystemSystemPartitionInformation = 98,
+ SystemSystemDiskInformation = 99,
+ SystemProcessorPerformanceDistribution = 100,
+ SystemNumaProximityNodeInformation = 101,
+ SystemDynamicTimeZoneInformation = 102,
+ SystemCodeIntegrityInformation = 103,
+ SystemProcessorMicrocodeUpdateInformation = 104,
+ SystemProcessorBrandString = 105,
+ SystemVirtualAddressInformation = 106,
+ SystemLogicalProcessorAndGroupInformation = 107,
+ SystemProcessorCycleTimeInformation = 108,
+ SystemStoreInformation = 109,
+ SystemRegistryAppendString = 110,
+ SystemAitSamplingValue = 111,
+ SystemVhdBootInformation = 112,
+ SystemCpuQuotaInformation = 113,
+ SystemNativeBasicInformation = 114,
+ SystemSpare1 = 115,
+ SystemLowPriorityIoInformation = 116,
+ SystemTpmBootEntropyInformation = 117,
+ SystemVerifierCountersInformation = 118,
+ SystemPagedPoolInformationEx = 119,
+ SystemSystemPtesInformationEx = 120,
+ SystemNodeDistanceInformation = 121,
+ SystemAcpiAuditInformation = 122,
+ SystemBasicPerformanceInformation = 123,
+ SystemQueryPerformanceCounterInformation = 124,
+ SystemSessionBigPoolInformation = 125,
+ SystemBootGraphicsInformation = 126,
+ SystemScrubPhysicalMemoryInformation = 127,
+ SystemBadPageInformation = 128,
+ SystemProcessorProfileControlArea = 129,
+ SystemCombinePhysicalMemoryInformation = 130,
+ SystemEntropyInterruptTimingCallback = 131,
+ SystemConsoleInformation = 132,
+ SystemPlatformBinaryInformation = 133,
+ SystemThrottleNotificationInformation = 134,
+ SystemHypervisorProcessorCountInformation = 135,
+ SystemDeviceDataInformation = 136,
+ SystemDeviceDataEnumerationInformation = 137,
+ SystemMemoryTopologyInformation = 138,
+ SystemMemoryChannelInformation = 139,
+ SystemBootLogoInformation = 140,
+ SystemProcessorPerformanceInformationEx = 141,
+ SystemSpare0 = 142,
+ SystemSecureBootPolicyInformation = 143,
+ SystemPageFileInformationEx = 144,
+ SystemSecureBootInformation = 145,
+ SystemEntropyInterruptTimingRawInformation = 146,
+ SystemPortableWorkspaceEfiLauncherInformation = 147,
+ SystemFullProcessInformation = 148,
+ SystemKernelDebuggerInformationEx = 149,
+ SystemBootMetadataInformation = 150,
+ SystemSoftRebootInformation = 151,
+ SystemElamCertificateInformation = 152,
+ SystemOfflineDumpConfigInformation = 153,
+ SystemProcessorFeaturesInformation = 154,
+ SystemRegistryReconciliationInformation = 155,
+ SystemEdidInformation = 156,
+ SystemManufacturingInformation = 157,
+ SystemEnergyEstimationConfigInformation = 158,
+ SystemHypervisorDetailInformation = 159,
+ SystemProcessorCycleStatsInformation = 160,
+ SystemVmGenerationCountInformation = 161,
+ SystemTrustedPlatformModuleInformation = 162,
+ SystemKernelDebuggerFlags = 163,
+ SystemCodeIntegrityPolicyInformation = 164,
+ SystemIsolatedUserModeInformation = 165,
+ SystemHardwareSecurityTestInterfaceResultsInformation = 166,
+ SystemSingleModuleInformation = 167,
+ SystemAllowedCpuSetsInformation = 168,
+ SystemVsmProtectionInformation = 169,
+ SystemInterruptCpuSetsInformation = 170,
+ SystemSecureBootPolicyFullInformation = 171,
+ SystemCodeIntegrityPolicyFullInformation = 172,
+ SystemAffinitizedInterruptProcessorInformation = 173,
+ SystemRootSiloInformation = 174,
+ SystemCpuSetInformation = 175,
+ SystemCpuSetTagInformation = 176,
+ SystemWin32WerStartCallout = 177,
+ SystemSecureKernelProfileInformation = 178,
+ SystemCodeIntegrityPlatformManifestInformation = 179,
+ SystemInterruptSteeringInformation = 180,
+ SystemSupportedProcessorArchitectures = 181,
+ SystemMemoryUsageInformation = 182,
+ SystemCodeIntegrityCertificateInformation = 183,
+ SystemPhysicalMemoryInformation = 184,
+ SystemControlFlowTransition = 185,
+ SystemKernelDebuggingAllowed = 186,
+ SystemActivityModerationExeState = 187,
+ SystemActivityModerationUserSettings = 188,
+ SystemCodeIntegrityPoliciesFullInformation = 189,
+ SystemCodeIntegrityUnlockInformation = 190,
+ SystemIntegrityQuotaInformation = 191,
+ SystemFlushInformation = 192,
+ SystemProcessorIdleMaskInformation = 193,
+ SystemSecureDumpEncryptionInformation = 194,
+ SystemWriteConstraintInformation = 195,
+ SystemKernelVaShadowInformation = 196,
+ SystemHypervisorSharedPageInformation = 197,
+ SystemFirmwareBootPerformanceInformation = 198,
+ SystemCodeIntegrityVerificationInformation = 199,
+ SystemFirmwarePartitionInformation = 200,
+ SystemSpeculationControlInformation = 201,
+ SystemDmaGuardPolicyInformation = 202,
+ SystemEnclaveLaunchControlInformation = 203,
+ SystemWorkloadAllowedCpuSetsInformation = 204,
+ SystemCodeIntegrityUnlockModeInformation = 205,
+ SystemLeapSecondInformation = 206,
+ SystemFlags2Information = 207,
+ MaxSystemInfoClass = 208,
+}}
+STRUCT!{struct SYSTEM_BASIC_INFORMATION {
+ Reserved: ULONG,
+ TimerResolution: ULONG,
+ PageSize: ULONG,
+ NumberOfPhysicalPages: ULONG,
+ LowestPhysicalPageNumber: ULONG,
+ HighestPhysicalPageNumber: ULONG,
+ AllocationGranularity: ULONG,
+ MinimumUserModeAddress: ULONG_PTR,
+ MaximumUserModeAddress: ULONG_PTR,
+ ActiveProcessorsAffinityMask: ULONG_PTR,
+ NumberOfProcessors: CCHAR,
+}}
+pub type PSYSTEM_BASIC_INFORMATION = *mut SYSTEM_BASIC_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_INFORMATION {
+ ProcessorArchitecture: USHORT,
+ ProcessorLevel: USHORT,
+ ProcessorRevision: USHORT,
+ MaximumProcessors: USHORT,
+ ProcessorFeatureBits: ULONG,
+}}
+pub type PSYSTEM_PROCESSOR_INFORMATION = *mut SYSTEM_PROCESSOR_INFORMATION;
+STRUCT!{struct SYSTEM_PERFORMANCE_INFORMATION {
+ IdleProcessTime: LARGE_INTEGER,
+ IoReadTransferCount: LARGE_INTEGER,
+ IoWriteTransferCount: LARGE_INTEGER,
+ IoOtherTransferCount: LARGE_INTEGER,
+ IoReadOperationCount: ULONG,
+ IoWriteOperationCount: ULONG,
+ IoOtherOperationCount: ULONG,
+ AvailablePages: ULONG,
+ CommittedPages: ULONG,
+ CommitLimit: ULONG,
+ PeakCommitment: ULONG,
+ PageFaultCount: ULONG,
+ CopyOnWriteCount: ULONG,
+ TransitionCount: ULONG,
+ CacheTransitionCount: ULONG,
+ DemandZeroCount: ULONG,
+ PageReadCount: ULONG,
+ PageReadIoCount: ULONG,
+ CacheReadCount: ULONG,
+ CacheIoCount: ULONG,
+ DirtyPagesWriteCount: ULONG,
+ DirtyWriteIoCount: ULONG,
+ MappedPagesWriteCount: ULONG,
+ MappedWriteIoCount: ULONG,
+ PagedPoolPages: ULONG,
+ NonPagedPoolPages: ULONG,
+ PagedPoolAllocs: ULONG,
+ PagedPoolFrees: ULONG,
+ NonPagedPoolAllocs: ULONG,
+ NonPagedPoolFrees: ULONG,
+ FreeSystemPtes: ULONG,
+ ResidentSystemCodePage: ULONG,
+ TotalSystemDriverPages: ULONG,
+ TotalSystemCodePages: ULONG,
+ NonPagedPoolLookasideHits: ULONG,
+ PagedPoolLookasideHits: ULONG,
+ AvailablePagedPoolPages: ULONG,
+ ResidentSystemCachePage: ULONG,
+ ResidentPagedPoolPage: ULONG,
+ ResidentSystemDriverPage: ULONG,
+ CcFastReadNoWait: ULONG,
+ CcFastReadWait: ULONG,
+ CcFastReadResourceMiss: ULONG,
+ CcFastReadNotPossible: ULONG,
+ CcFastMdlReadNoWait: ULONG,
+ CcFastMdlReadWait: ULONG,
+ CcFastMdlReadResourceMiss: ULONG,
+ CcFastMdlReadNotPossible: ULONG,
+ CcMapDataNoWait: ULONG,
+ CcMapDataWait: ULONG,
+ CcMapDataNoWaitMiss: ULONG,
+ CcMapDataWaitMiss: ULONG,
+ CcPinMappedDataCount: ULONG,
+ CcPinReadNoWait: ULONG,
+ CcPinReadWait: ULONG,
+ CcPinReadNoWaitMiss: ULONG,
+ CcPinReadWaitMiss: ULONG,
+ CcCopyReadNoWait: ULONG,
+ CcCopyReadWait: ULONG,
+ CcCopyReadNoWaitMiss: ULONG,
+ CcCopyReadWaitMiss: ULONG,
+ CcMdlReadNoWait: ULONG,
+ CcMdlReadWait: ULONG,
+ CcMdlReadNoWaitMiss: ULONG,
+ CcMdlReadWaitMiss: ULONG,
+ CcReadAheadIos: ULONG,
+ CcLazyWriteIos: ULONG,
+ CcLazyWritePages: ULONG,
+ CcDataFlushes: ULONG,
+ CcDataPages: ULONG,
+ ContextSwitches: ULONG,
+ FirstLevelTbFills: ULONG,
+ SecondLevelTbFills: ULONG,
+ SystemCalls: ULONG,
+ CcTotalDirtyPages: ULONGLONG,
+ CcDirtyPageThreshold: ULONGLONG,
+ ResidentAvailablePages: LONGLONG,
+ SharedCommittedPages: ULONGLONG,
+}}
+pub type PSYSTEM_PERFORMANCE_INFORMATION = *mut SYSTEM_PERFORMANCE_INFORMATION;
+STRUCT!{struct SYSTEM_TIMEOFDAY_INFORMATION {
+ BootTime: LARGE_INTEGER,
+ CurrentTime: LARGE_INTEGER,
+ TimeZoneBias: LARGE_INTEGER,
+ TimeZoneId: ULONG,
+ Reserved: ULONG,
+ BootTimeBias: ULONGLONG,
+ SleepTimeBias: ULONGLONG,
+}}
+pub type PSYSTEM_TIMEOFDAY_INFORMATION = *mut SYSTEM_TIMEOFDAY_INFORMATION;
+STRUCT!{struct SYSTEM_THREAD_INFORMATION {
+ KernelTime: LARGE_INTEGER,
+ UserTime: LARGE_INTEGER,
+ CreateTime: LARGE_INTEGER,
+ WaitTime: ULONG,
+ StartAddress: PVOID,
+ ClientId: CLIENT_ID,
+ Priority: KPRIORITY,
+ BasePriority: LONG,
+ ContextSwitches: ULONG,
+ ThreadState: KTHREAD_STATE,
+ WaitReason: KWAIT_REASON,
+}}
+pub type PSYSTEM_THREAD_INFORMATION = *mut SYSTEM_THREAD_INFORMATION;
+STRUCT!{struct SYSTEM_EXTENDED_THREAD_INFORMATION {
+ ThreadInfo: SYSTEM_THREAD_INFORMATION,
+ StackBase: PVOID,
+ StackLimit: PVOID,
+ Win32StartAddress: PVOID,
+ TebBase: PTEB,
+ Reserved2: ULONG_PTR,
+ Reserved3: ULONG_PTR,
+ Reserved4: ULONG_PTR,
+}}
+pub type PSYSTEM_EXTENDED_THREAD_INFORMATION = *mut SYSTEM_EXTENDED_THREAD_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESS_INFORMATION {
+ NextEntryOffset: ULONG,
+ NumberOfThreads: ULONG,
+ WorkingSetPrivateSize: LARGE_INTEGER,
+ HardFaultCount: ULONG,
+ NumberOfThreadsHighWatermark: ULONG,
+ CycleTime: ULONGLONG,
+ CreateTime: LARGE_INTEGER,
+ UserTime: LARGE_INTEGER,
+ KernelTime: LARGE_INTEGER,
+ ImageName: UNICODE_STRING,
+ BasePriority: KPRIORITY,
+ UniqueProcessId: HANDLE,
+ InheritedFromUniqueProcessId: HANDLE,
+ HandleCount: ULONG,
+ SessionId: ULONG,
+ UniqueProcessKey: ULONG_PTR,
+ PeakVirtualSize: SIZE_T,
+ VirtualSize: SIZE_T,
+ PageFaultCount: ULONG,
+ PeakWorkingSetSize: SIZE_T,
+ WorkingSetSize: SIZE_T,
+ QuotaPeakPagedPoolUsage: SIZE_T,
+ QuotaPagedPoolUsage: SIZE_T,
+ QuotaPeakNonPagedPoolUsage: SIZE_T,
+ QuotaNonPagedPoolUsage: SIZE_T,
+ PagefileUsage: SIZE_T,
+ PeakPagefileUsage: SIZE_T,
+ PrivatePageCount: SIZE_T,
+ ReadOperationCount: LARGE_INTEGER,
+ WriteOperationCount: LARGE_INTEGER,
+ OtherOperationCount: LARGE_INTEGER,
+ ReadTransferCount: LARGE_INTEGER,
+ WriteTransferCount: LARGE_INTEGER,
+ OtherTransferCount: LARGE_INTEGER,
+ Threads: [SYSTEM_THREAD_INFORMATION; 1],
+}}
+pub type PSYSTEM_PROCESS_INFORMATION = *mut SYSTEM_PROCESS_INFORMATION;
+STRUCT!{struct SYSTEM_CALL_COUNT_INFORMATION {
+ Length: ULONG,
+ NumberOfTables: ULONG,
+}}
+pub type PSYSTEM_CALL_COUNT_INFORMATION = *mut SYSTEM_CALL_COUNT_INFORMATION;
+STRUCT!{struct SYSTEM_DEVICE_INFORMATION {
+ NumberOfDisks: ULONG,
+ NumberOfFloppies: ULONG,
+ NumberOfCdRoms: ULONG,
+ NumberOfTapes: ULONG,
+ NumberOfSerialPorts: ULONG,
+ NumberOfParallelPorts: ULONG,
+}}
+pub type PSYSTEM_DEVICE_INFORMATION = *mut SYSTEM_DEVICE_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION {
+ IdleTime: LARGE_INTEGER,
+ KernelTime: LARGE_INTEGER,
+ UserTime: LARGE_INTEGER,
+ DpcTime: LARGE_INTEGER,
+ InterruptTime: LARGE_INTEGER,
+ InterruptCount: ULONG,
+}}
+pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION = *mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;
+STRUCT!{struct SYSTEM_FLAGS_INFORMATION {
+ Flags: ULONG,
+}}
+pub type PSYSTEM_FLAGS_INFORMATION = *mut SYSTEM_FLAGS_INFORMATION;
+STRUCT!{struct SYSTEM_CALL_TIME_INFORMATION {
+ Length: ULONG,
+ TotalCalls: ULONG,
+ TimeOfCalls: [LARGE_INTEGER; 1],
+}}
+pub type PSYSTEM_CALL_TIME_INFORMATION = *mut SYSTEM_CALL_TIME_INFORMATION;
+STRUCT!{struct RTL_PROCESS_LOCK_INFORMATION {
+ Address: PVOID,
+ Type: USHORT,
+ CreatorBackTraceIndex: USHORT,
+ OwningThread: HANDLE,
+ LockCount: LONG,
+ ContentionCount: ULONG,
+ EntryCount: ULONG,
+ RecursionCount: LONG,
+ NumberOfWaitingShared: ULONG,
+ NumberOfWaitingExclusive: ULONG,
+}}
+pub type PRTL_PROCESS_LOCK_INFORMATION = *mut RTL_PROCESS_LOCK_INFORMATION;
+STRUCT!{struct RTL_PROCESS_LOCKS {
+ NumberOfLocks: ULONG,
+ Locks: [RTL_PROCESS_LOCK_INFORMATION; 1],
+}}
+pub type PRTL_PROCESS_LOCKS = *mut RTL_PROCESS_LOCKS;
+STRUCT!{struct RTL_PROCESS_BACKTRACE_INFORMATION {
+ SymbolicBackTrace: PCHAR,
+ TraceCount: ULONG,
+ Index: USHORT,
+ Depth: USHORT,
+ BackTrace: [PVOID; 32],
+}}
+pub type PRTL_PROCESS_BACKTRACE_INFORMATION = *mut RTL_PROCESS_BACKTRACE_INFORMATION;
+STRUCT!{struct RTL_PROCESS_BACKTRACES {
+ CommittedMemory: ULONG,
+ ReservedMemory: ULONG,
+ NumberOfBackTraceLookups: ULONG,
+ NumberOfBackTraces: ULONG,
+ BackTraces: [RTL_PROCESS_BACKTRACE_INFORMATION; 1],
+}}
+pub type PRTL_PROCESS_BACKTRACES = *mut RTL_PROCESS_BACKTRACES;
+STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO {
+ UniqueProcessId: USHORT,
+ CreatorBackTraceIndex: USHORT,
+ ObjectTypeIndex: UCHAR,
+ HandleAttributes: UCHAR,
+ HandleValue: USHORT,
+ Object: PVOID,
+ GrantedAccess: ULONG,
+}}
+pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO;
+STRUCT!{struct SYSTEM_HANDLE_INFORMATION {
+ NumberOfHandles: ULONG,
+ Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO; 1],
+}}
+pub type PSYSTEM_HANDLE_INFORMATION = *mut SYSTEM_HANDLE_INFORMATION;
+STRUCT!{struct SYSTEM_OBJECTTYPE_INFORMATION {
+ NextEntryOffset: ULONG,
+ NumberOfObjects: ULONG,
+ NumberOfHandles: ULONG,
+ TypeIndex: ULONG,
+ InvalidAttributes: ULONG,
+ GenericMapping: GENERIC_MAPPING,
+ ValidAccessMask: ULONG,
+ PoolType: ULONG,
+ SecurityRequired: BOOLEAN,
+ WaitableObject: BOOLEAN,
+ TypeName: UNICODE_STRING,
+}}
+pub type PSYSTEM_OBJECTTYPE_INFORMATION = *mut SYSTEM_OBJECTTYPE_INFORMATION;
+STRUCT!{struct SYSTEM_OBJECT_INFORMATION {
+ NextEntryOffset: ULONG,
+ Object: PVOID,
+ CreatorUniqueProcess: HANDLE,
+ CreatorBackTraceIndex: USHORT,
+ Flags: USHORT,
+ PointerCount: LONG,
+ HandleCount: LONG,
+ PagedPoolCharge: ULONG,
+ NonPagedPoolCharge: ULONG,
+ ExclusiveProcessId: HANDLE,
+ SecurityDescriptor: PVOID,
+ NameInfo: UNICODE_STRING,
+}}
+pub type PSYSTEM_OBJECT_INFORMATION = *mut SYSTEM_OBJECT_INFORMATION;
+STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION {
+ NextEntryOffset: ULONG,
+ TotalSize: ULONG,
+ TotalInUse: ULONG,
+ PeakUsage: ULONG,
+ PageFileName: UNICODE_STRING,
+}}
+pub type PSYSTEM_PAGEFILE_INFORMATION = *mut SYSTEM_PAGEFILE_INFORMATION;
+pub const MM_WORKING_SET_MAX_HARD_ENABLE: ULONG = 0x1;
+pub const MM_WORKING_SET_MAX_HARD_DISABLE: ULONG = 0x2;
+pub const MM_WORKING_SET_MIN_HARD_ENABLE: ULONG = 0x4;
+pub const MM_WORKING_SET_MIN_HARD_DISABLE: ULONG = 0x8;
+STRUCT!{struct SYSTEM_FILECACHE_INFORMATION {
+ CurrentSize: SIZE_T,
+ PeakSize: SIZE_T,
+ PageFaultCount: ULONG,
+ MinimumWorkingSet: SIZE_T,
+ MaximumWorkingSet: SIZE_T,
+ CurrentSizeIncludingTransitionInPages: SIZE_T,
+ PeakSizeIncludingTransitionInPages: SIZE_T,
+ TransitionRePurposeCount: ULONG,
+ Flags: ULONG,
+}}
+pub type PSYSTEM_FILECACHE_INFORMATION = *mut SYSTEM_FILECACHE_INFORMATION;
+STRUCT!{struct SYSTEM_BASIC_WORKING_SET_INFORMATION {
+ CurrentSize: SIZE_T,
+ PeakSize: SIZE_T,
+ PageFaultCount: ULONG,
+}}
+pub type PSYSTEM_BASIC_WORKING_SET_INFORMATION = *mut SYSTEM_BASIC_WORKING_SET_INFORMATION;
+UNION!{union SYSTEM_POOLTAG_u {
+ Tag: [UCHAR; 4],
+ TagUlong: ULONG,
+}}
+STRUCT!{struct SYSTEM_POOLTAG {
+ u: SYSTEM_POOLTAG_u,
+ PagedAllocs: ULONG,
+ PagedFrees: ULONG,
+ PagedUsed: SIZE_T,
+ NonPagedAllocs: ULONG,
+ NonPagedFrees: ULONG,
+ NonPagedUsed: SIZE_T,
+}}
+pub type PSYSTEM_POOLTAG = *mut SYSTEM_POOLTAG;
+STRUCT!{struct SYSTEM_POOLTAG_INFORMATION {
+ Count: ULONG,
+ TagInfo: [SYSTEM_POOLTAG; 1],
+}}
+pub type PSYSTEM_POOLTAG_INFORMATION = *mut SYSTEM_POOLTAG_INFORMATION;
+STRUCT!{struct SYSTEM_INTERRUPT_INFORMATION {
+ ContextSwitches: ULONG,
+ DpcCount: ULONG,
+ DpcRate: ULONG,
+ TimeIncrement: ULONG,
+ DpcBypassCount: ULONG,
+ ApcBypassCount: ULONG,
+}}
+pub type PSYSTEM_INTERRUPT_INFORMATION = *mut SYSTEM_INTERRUPT_INFORMATION;
+STRUCT!{struct SYSTEM_DPC_BEHAVIOR_INFORMATION {
+ Spare: ULONG,
+ DpcQueueDepth: ULONG,
+ MinimumDpcRate: ULONG,
+ AdjustDpcThreshold: ULONG,
+ IdealDpcRate: ULONG,
+}}
+pub type PSYSTEM_DPC_BEHAVIOR_INFORMATION = *mut SYSTEM_DPC_BEHAVIOR_INFORMATION;
+STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION {
+ TimeAdjustment: ULONG,
+ TimeIncrement: ULONG,
+ Enable: BOOLEAN,
+}}
+pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION = *mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION;
+STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE {
+ TimeAdjustment: ULONGLONG,
+ TimeIncrement: ULONGLONG,
+ Enable: BOOLEAN,
+}}
+pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE =
+ *mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE;
+STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION {
+ TimeAdjustment: ULONG,
+ Enable: BOOLEAN,
+}}
+pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION = *mut SYSTEM_SET_TIME_ADJUST_INFORMATION;
+STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE {
+ TimeAdjustment: ULONGLONG,
+ Enable: BOOLEAN,
+}}
+pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE =
+ *mut SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE;
+ENUM!{enum EVENT_TRACE_INFORMATION_CLASS {
+ EventTraceKernelVersionInformation = 0,
+ EventTraceGroupMaskInformation = 1,
+ EventTracePerformanceInformation = 2,
+ EventTraceTimeProfileInformation = 3,
+ EventTraceSessionSecurityInformation = 4,
+ EventTraceSpinlockInformation = 5,
+ EventTraceStackTracingInformation = 6,
+ EventTraceExecutiveResourceInformation = 7,
+ EventTraceHeapTracingInformation = 8,
+ EventTraceHeapSummaryTracingInformation = 9,
+ EventTracePoolTagFilterInformation = 10,
+ EventTracePebsTracingInformation = 11,
+ EventTraceProfileConfigInformation = 12,
+ EventTraceProfileSourceListInformation = 13,
+ EventTraceProfileEventListInformation = 14,
+ EventTraceProfileCounterListInformation = 15,
+ EventTraceStackCachingInformation = 16,
+ EventTraceObjectTypeFilterInformation = 17,
+ EventTraceSoftRestartInformation = 18,
+ EventTraceLastBranchConfigurationInformation = 19,
+ EventTraceLastBranchEventListInformation = 20,
+ EventTraceProfileSourceAddInformation = 21,
+ EventTraceProfileSourceRemoveInformation = 22,
+ EventTraceProcessorTraceConfigurationInformation = 23,
+ EventTraceProcessorTraceEventListInformation = 24,
+ EventTraceCoverageSamplerInformation = 25,
+ MaxEventTraceInfoClass = 26,
+}}
+STRUCT!{struct EVENT_TRACE_VERSION_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ EventTraceKernelVersion: ULONG,
+}}
+pub type PEVENT_TRACE_VERSION_INFORMATION = *mut EVENT_TRACE_VERSION_INFORMATION;
+STRUCT!{struct PERFINFO_GROUPMASK {
+ Masks: [ULONG; 8],
+}}
+pub type PPERFINFO_GROUPMASK = *mut PERFINFO_GROUPMASK;
+STRUCT!{struct EVENT_TRACE_GROUPMASK_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ TraceHandle: HANDLE,
+ EventTraceGroupMasks: PERFINFO_GROUPMASK,
+}}
+pub type PEVENT_TRACE_GROUPMASK_INFORMATION = *mut EVENT_TRACE_GROUPMASK_INFORMATION;
+STRUCT!{struct EVENT_TRACE_PERFORMANCE_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ LogfileBytesWritten: LARGE_INTEGER,
+}}
+pub type PEVENT_TRACE_PERFORMANCE_INFORMATION = *mut EVENT_TRACE_PERFORMANCE_INFORMATION;
+STRUCT!{struct EVENT_TRACE_TIME_PROFILE_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ ProfileInterval: ULONG,
+}}
+pub type PEVENT_TRACE_TIME_PROFILE_INFORMATION = *mut EVENT_TRACE_TIME_PROFILE_INFORMATION;
+STRUCT!{struct EVENT_TRACE_SESSION_SECURITY_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ SecurityInformation: ULONG,
+ TraceHandle: HANDLE,
+ SecurityDescriptor: [UCHAR; 1],
+}}
+pub type PEVENT_TRACE_SESSION_SECURITY_INFORMATION = *mut EVENT_TRACE_SESSION_SECURITY_INFORMATION;
+STRUCT!{struct EVENT_TRACE_SPINLOCK_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ SpinLockSpinThreshold: ULONG,
+ SpinLockAcquireSampleRate: ULONG,
+ SpinLockContentionSampleRate: ULONG,
+ SpinLockHoldThreshold: ULONG,
+}}
+pub type PEVENT_TRACE_SPINLOCK_INFORMATION = *mut EVENT_TRACE_SPINLOCK_INFORMATION;
+STRUCT!{struct EVENT_TRACE_SYSTEM_EVENT_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ TraceHandle: HANDLE,
+ HookId: [ULONG; 1],
+}}
+pub type PEVENT_TRACE_SYSTEM_EVENT_INFORMATION = *mut EVENT_TRACE_SYSTEM_EVENT_INFORMATION;
+STRUCT!{struct EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ ReleaseSamplingRate: ULONG,
+ ContentionSamplingRate: ULONG,
+ NumberOfExcessiveTimeouts: ULONG,
+}}
+pub type PEVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION =
+ *mut EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION;
+STRUCT!{struct EVENT_TRACE_HEAP_TRACING_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ ProcessId: ULONG,
+}}
+pub type PEVENT_TRACE_HEAP_TRACING_INFORMATION = *mut EVENT_TRACE_HEAP_TRACING_INFORMATION;
+STRUCT!{struct EVENT_TRACE_TAG_FILTER_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ TraceHandle: HANDLE,
+ Filter: [ULONG; 1],
+}}
+pub type PEVENT_TRACE_TAG_FILTER_INFORMATION = *mut EVENT_TRACE_TAG_FILTER_INFORMATION;
+STRUCT!{struct EVENT_TRACE_PROFILE_COUNTER_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ TraceHandle: HANDLE,
+ ProfileSource: [ULONG; 1],
+}}
+pub type PEVENT_TRACE_PROFILE_COUNTER_INFORMATION = *mut EVENT_TRACE_PROFILE_COUNTER_INFORMATION;
+STRUCT!{struct EVENT_TRACE_PROFILE_LIST_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ Spare: ULONG,
+ Profile: [*mut PROFILE_SOURCE_INFO; 1],
+}}
+pub type PEVENT_TRACE_PROFILE_LIST_INFORMATION = *mut EVENT_TRACE_PROFILE_LIST_INFORMATION;
+STRUCT!{struct EVENT_TRACE_STACK_CACHING_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ TraceHandle: HANDLE,
+ Enabled: BOOLEAN,
+ Reserved: [UCHAR; 3],
+ CacheSize: ULONG,
+ BucketCount: ULONG,
+}}
+pub type PEVENT_TRACE_STACK_CACHING_INFORMATION = *mut EVENT_TRACE_STACK_CACHING_INFORMATION;
+STRUCT!{struct EVENT_TRACE_SOFT_RESTART_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ TraceHandle: HANDLE,
+ PersistTraceBuffers: BOOLEAN,
+ FileName: [WCHAR; 1],
+}}
+pub type PEVENT_TRACE_SOFT_RESTART_INFORMATION = *mut EVENT_TRACE_SOFT_RESTART_INFORMATION;
+STRUCT!{struct EVENT_TRACE_PROFILE_ADD_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ PerfEvtEventSelect: BOOLEAN,
+ PerfEvtUnitSelect: BOOLEAN,
+ PerfEvtType: ULONG,
+ CpuInfoHierarchy: [ULONG; 3],
+ InitialInterval: ULONG,
+ AllowsHalt: BOOLEAN,
+ Persist: BOOLEAN,
+ ProfileSourceDescription: [WCHAR; 1],
+}}
+pub type PEVENT_TRACE_PROFILE_ADD_INFORMATION = *mut EVENT_TRACE_PROFILE_ADD_INFORMATION;
+STRUCT!{struct EVENT_TRACE_PROFILE_REMOVE_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ ProfileSource: KPROFILE_SOURCE,
+ CpuInfoHierarchy: [ULONG; 3],
+}}
+pub type PEVENT_TRACE_PROFILE_REMOVE_INFORMATION = *mut EVENT_TRACE_PROFILE_REMOVE_INFORMATION;
+STRUCT!{struct EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION {
+ EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS,
+ CoverageSamplerInformationClass: BOOLEAN,
+ MajorVersion: UCHAR,
+ MinorVersion: UCHAR,
+ Reserved: UCHAR,
+ SamplerHandle: HANDLE,
+}}
+pub type PEVENT_TRACE_COVERAGE_SAMPLER_INFORMATION = *mut EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION;
+STRUCT!{struct SYSTEM_EXCEPTION_INFORMATION {
+ AlignmentFixupCount: ULONG,
+ ExceptionDispatchCount: ULONG,
+ FloatingEmulationCount: ULONG,
+ ByteWordEmulationCount: ULONG,
+}}
+pub type PSYSTEM_EXCEPTION_INFORMATION = *mut SYSTEM_EXCEPTION_INFORMATION;
+STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION {
+ KernelDebuggerEnabled: BOOLEAN,
+ KernelDebuggerNotPresent: BOOLEAN,
+}}
+pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION;
+STRUCT!{struct SYSTEM_CONTEXT_SWITCH_INFORMATION {
+ ContextSwitches: ULONG,
+ FindAny: ULONG,
+ FindLast: ULONG,
+ FindIdeal: ULONG,
+ IdleAny: ULONG,
+ IdleCurrent: ULONG,
+ IdleLast: ULONG,
+ IdleIdeal: ULONG,
+ PreemptAny: ULONG,
+ PreemptCurrent: ULONG,
+ PreemptLast: ULONG,
+ SwitchToIdle: ULONG,
+}}
+pub type PSYSTEM_CONTEXT_SWITCH_INFORMATION = *mut SYSTEM_CONTEXT_SWITCH_INFORMATION;
+STRUCT!{struct SYSTEM_REGISTRY_QUOTA_INFORMATION {
+ RegistryQuotaAllowed: ULONG,
+ RegistryQuotaUsed: ULONG,
+ PagedPoolSize: SIZE_T,
+}}
+pub type PSYSTEM_REGISTRY_QUOTA_INFORMATION = *mut SYSTEM_REGISTRY_QUOTA_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_IDLE_INFORMATION {
+ IdleTime: ULONGLONG,
+ C1Time: ULONGLONG,
+ C2Time: ULONGLONG,
+ C3Time: ULONGLONG,
+ C1Transitions: ULONG,
+ C2Transitions: ULONG,
+ C3Transitions: ULONG,
+ Padding: ULONG,
+}}
+pub type PSYSTEM_PROCESSOR_IDLE_INFORMATION = *mut SYSTEM_PROCESSOR_IDLE_INFORMATION;
+STRUCT!{struct SYSTEM_LEGACY_DRIVER_INFORMATION {
+ VetoType: ULONG,
+ VetoList: UNICODE_STRING,
+}}
+pub type PSYSTEM_LEGACY_DRIVER_INFORMATION = *mut SYSTEM_LEGACY_DRIVER_INFORMATION;
+STRUCT!{struct SYSTEM_LOOKASIDE_INFORMATION {
+ CurrentDepth: USHORT,
+ MaximumDepth: USHORT,
+ TotalAllocates: ULONG,
+ AllocateMisses: ULONG,
+ TotalFrees: ULONG,
+ FreeMisses: ULONG,
+ Type: ULONG,
+ Tag: ULONG,
+ Size: ULONG,
+}}
+pub type PSYSTEM_LOOKASIDE_INFORMATION = *mut SYSTEM_LOOKASIDE_INFORMATION;
+STRUCT!{struct SYSTEM_RANGE_START_INFORMATION {
+ SystemRangeStart: PVOID,
+}}
+pub type PSYSTEM_RANGE_START_INFORMATION = *mut SYSTEM_RANGE_START_INFORMATION;
+STRUCT!{struct SYSTEM_VERIFIER_INFORMATION {
+ NextEntryOffset: ULONG,
+ Level: ULONG,
+ DriverName: UNICODE_STRING,
+ RaiseIrqls: ULONG,
+ AcquireSpinLocks: ULONG,
+ SynchronizeExecutions: ULONG,
+ AllocationsAttempted: ULONG,
+ AllocationsSucceeded: ULONG,
+ AllocationsSucceededSpecialPool: ULONG,
+ AllocationsWithNoTag: ULONG,
+ TrimRequests: ULONG,
+ Trims: ULONG,
+ AllocationsFailed: ULONG,
+ AllocationsFailedDeliberately: ULONG,
+ Loads: ULONG,
+ Unloads: ULONG,
+ UnTrackedPool: ULONG,
+ CurrentPagedPoolAllocations: ULONG,
+ CurrentNonPagedPoolAllocations: ULONG,
+ PeakPagedPoolAllocations: ULONG,
+ PeakNonPagedPoolAllocations: ULONG,
+ PagedPoolUsageInBytes: SIZE_T,
+ NonPagedPoolUsageInBytes: SIZE_T,
+ PeakPagedPoolUsageInBytes: SIZE_T,
+ PeakNonPagedPoolUsageInBytes: SIZE_T,
+}}
+pub type PSYSTEM_VERIFIER_INFORMATION = *mut SYSTEM_VERIFIER_INFORMATION;
+STRUCT!{struct SYSTEM_SESSION_PROCESS_INFORMATION {
+ SessionId: ULONG,
+ SizeOfBuf: ULONG,
+ Buffer: PVOID,
+}}
+pub type PSYSTEM_SESSION_PROCESS_INFORMATION = *mut SYSTEM_SESSION_PROCESS_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_POWER_INFORMATION {
+ CurrentFrequency: UCHAR,
+ ThermalLimitFrequency: UCHAR,
+ ConstantThrottleFrequency: UCHAR,
+ DegradedThrottleFrequency: UCHAR,
+ LastBusyFrequency: UCHAR,
+ LastC3Frequency: UCHAR,
+ LastAdjustedBusyFrequency: UCHAR,
+ ProcessorMinThrottle: UCHAR,
+ ProcessorMaxThrottle: UCHAR,
+ NumberOfFrequencies: ULONG,
+ PromotionCount: ULONG,
+ DemotionCount: ULONG,
+ ErrorCount: ULONG,
+ RetryCount: ULONG,
+ CurrentFrequencyTime: ULONGLONG,
+ CurrentProcessorTime: ULONGLONG,
+ CurrentProcessorIdleTime: ULONGLONG,
+ LastProcessorTime: ULONGLONG,
+ LastProcessorIdleTime: ULONGLONG,
+ Energy: ULONGLONG,
+}}
+pub type PSYSTEM_PROCESSOR_POWER_INFORMATION = *mut SYSTEM_PROCESSOR_POWER_INFORMATION;
+STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX {
+ Object: PVOID,
+ UniqueProcessId: ULONG_PTR,
+ HandleValue: ULONG_PTR,
+ GrantedAccess: ULONG,
+ CreatorBackTraceIndex: USHORT,
+ ObjectTypeIndex: USHORT,
+ HandleAttributes: ULONG,
+ Reserved: ULONG,
+}}
+pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX;
+STRUCT!{struct SYSTEM_HANDLE_INFORMATION_EX {
+ NumberOfHandles: ULONG_PTR,
+ Reserved: ULONG_PTR,
+ Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; 1],
+}}
+pub type PSYSTEM_HANDLE_INFORMATION_EX = *mut SYSTEM_HANDLE_INFORMATION_EX;
+UNION!{union SYSTEM_BIGPOOL_ENTRY_u1 {
+ VirtualAddress: PVOID,
+ Bitfields: ULONG_PTR,
+}}
+UNION!{union SYSTEM_BIGPOOL_ENTRY_u2 {
+ Tag: [UCHAR; 4],
+ TagUlong: ULONG,
+}}
+BITFIELD!{unsafe SYSTEM_BIGPOOL_ENTRY_u1 Bitfields: ULONG_PTR [
+ NonPaged set_NonPaged[0..1],
+]}
+STRUCT!{struct SYSTEM_BIGPOOL_ENTRY {
+ u1: SYSTEM_BIGPOOL_ENTRY_u1,
+ SizeInBytes: SIZE_T,
+ u2: SYSTEM_BIGPOOL_ENTRY_u2,
+}}
+pub type PSYSTEM_BIGPOOL_ENTRY = *mut SYSTEM_BIGPOOL_ENTRY;
+STRUCT!{struct SYSTEM_BIGPOOL_INFORMATION {
+ Count: ULONG,
+ AllocatedInfo: [SYSTEM_BIGPOOL_ENTRY; 1],
+}}
+pub type PSYSTEM_BIGPOOL_INFORMATION = *mut SYSTEM_BIGPOOL_INFORMATION;
+UNION!{union SYSTEM_POOL_ENTRY_u {
+ Tag: [UCHAR; 4],
+ TagUlong: ULONG,
+ ProcessChargedQuota: PVOID,
+}}
+STRUCT!{struct SYSTEM_POOL_ENTRY {
+ Allocated: BOOLEAN,
+ Spare0: BOOLEAN,
+ AllocatorBackTraceIndex: USHORT,
+ Size: ULONG,
+ u: SYSTEM_POOL_ENTRY_u,
+}}
+pub type PSYSTEM_POOL_ENTRY = *mut SYSTEM_POOL_ENTRY;
+STRUCT!{struct SYSTEM_POOL_INFORMATION {
+ TotalSize: SIZE_T,
+ FirstEntry: PVOID,
+ EntryOverhead: USHORT,
+ PoolTagPresent: BOOLEAN,
+ Spare0: BOOLEAN,
+ NumberOfEntries: ULONG,
+ Entries: [SYSTEM_POOL_ENTRY; 1],
+}}
+pub type PSYSTEM_POOL_INFORMATION = *mut SYSTEM_POOL_INFORMATION;
+STRUCT!{struct SYSTEM_SESSION_POOLTAG_INFORMATION {
+ NextEntryOffset: SIZE_T,
+ SessionId: ULONG,
+ Count: ULONG,
+ TagInfo: [SYSTEM_POOLTAG; 1],
+}}
+pub type PSYSTEM_SESSION_POOLTAG_INFORMATION = *mut SYSTEM_SESSION_POOLTAG_INFORMATION;
+STRUCT!{struct SYSTEM_SESSION_MAPPED_VIEW_INFORMATION {
+ NextEntryOffset: SIZE_T,
+ SessionId: ULONG,
+ ViewFailures: ULONG,
+ NumberOfBytesAvailable: SIZE_T,
+ NumberOfBytesAvailableContiguous: SIZE_T,
+}}
+pub type PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION = *mut SYSTEM_SESSION_MAPPED_VIEW_INFORMATION;
+ENUM!{enum SYSTEM_FIRMWARE_TABLE_ACTION {
+ SystemFirmwareTableEnumerate = 0,
+ SystemFirmwareTableGet = 1,
+ SystemFirmwareTableMax = 2,
+}}
+STRUCT!{struct SYSTEM_FIRMWARE_TABLE_INFORMATION {
+ ProviderSignature: ULONG,
+ Action: SYSTEM_FIRMWARE_TABLE_ACTION,
+ TableID: ULONG,
+ TableBufferLength: ULONG,
+ TableBuffer: [UCHAR; 1],
+}}
+pub type PSYSTEM_FIRMWARE_TABLE_INFORMATION = *mut SYSTEM_FIRMWARE_TABLE_INFORMATION;
+STRUCT!{struct SYSTEM_MEMORY_LIST_INFORMATION {
+ ZeroPageCount: ULONG_PTR,
+ FreePageCount: ULONG_PTR,
+ ModifiedPageCount: ULONG_PTR,
+ ModifiedNoWritePageCount: ULONG_PTR,
+ BadPageCount: ULONG_PTR,
+ PageCountByPriority: [ULONG_PTR; 8],
+ RepurposedPagesByPriority: [ULONG_PTR; 8],
+ ModifiedPageCountPageFile: ULONG_PTR,
+}}
+pub type PSYSTEM_MEMORY_LIST_INFORMATION = *mut SYSTEM_MEMORY_LIST_INFORMATION;
+ENUM!{enum SYSTEM_MEMORY_LIST_COMMAND {
+ MemoryCaptureAccessedBits = 0,
+ MemoryCaptureAndResetAccessedBits = 1,
+ MemoryEmptyWorkingSets = 2,
+ MemoryFlushModifiedList = 3,
+ MemoryPurgeStandbyList = 4,
+ MemoryPurgeLowPriorityStandbyList = 5,
+ MemoryCommandMax = 6,
+}}
+STRUCT!{struct SYSTEM_THREAD_CID_PRIORITY_INFORMATION {
+ ClientId: CLIENT_ID,
+ Priority: KPRIORITY,
+}}
+pub type PSYSTEM_THREAD_CID_PRIORITY_INFORMATION = *mut SYSTEM_THREAD_CID_PRIORITY_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION {
+ CycleTime: ULONGLONG,
+}}
+pub type PSYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION =
+ *mut SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION;
+STRUCT!{struct SYSTEM_REF_TRACE_INFORMATION {
+ TraceEnable: BOOLEAN,
+ TracePermanent: BOOLEAN,
+ TraceProcessName: UNICODE_STRING,
+ TracePoolTags: UNICODE_STRING,
+}}
+pub type PSYSTEM_REF_TRACE_INFORMATION = *mut SYSTEM_REF_TRACE_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESS_ID_INFORMATION {
+ ProcessId: HANDLE,
+ ImageName: UNICODE_STRING,
+}}
+pub type PSYSTEM_PROCESS_ID_INFORMATION = *mut SYSTEM_PROCESS_ID_INFORMATION;
+STRUCT!{struct SYSTEM_BOOT_ENVIRONMENT_INFORMATION {
+ BootIdentifier: GUID,
+ FirmwareType: FIRMWARE_TYPE,
+ BootFlags: ULONGLONG,
+}}
+BITFIELD!{SYSTEM_BOOT_ENVIRONMENT_INFORMATION BootFlags: ULONGLONG [
+ DbgMenuOsSelection set_DbgMenuOsSelection[0..1],
+ DbgHiberBoot set_DbgHiberBoot[1..2],
+ DbgSoftBoot set_DbgSoftBoot[2..3],
+ DbgMeasuredLaunch set_DbgMeasuredLaunch[3..4],
+]}
+pub type PSYSTEM_BOOT_ENVIRONMENT_INFORMATION = *mut SYSTEM_BOOT_ENVIRONMENT_INFORMATION;
+STRUCT!{struct SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION {
+ FlagsToEnable: ULONG,
+ FlagsToDisable: ULONG,
+}}
+pub type PSYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION =
+ *mut SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION;
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX {
+ VerifyMode: ULONG,
+ OptionChanges: ULONG,
+ PreviousBucketName: UNICODE_STRING,
+ IrpCancelTimeoutMsec: ULONG,
+ VerifierExtensionEnabled: ULONG,
+ Reserved: [ULONG; 1],
+}}
+#[cfg(target_arch = "x86")]
+STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX {
+ VerifyMode: ULONG,
+ OptionChanges: ULONG,
+ PreviousBucketName: UNICODE_STRING,
+ IrpCancelTimeoutMsec: ULONG,
+ VerifierExtensionEnabled: ULONG,
+ Reserved: [ULONG; 3],
+}}
+pub type PSYSTEM_VERIFIER_INFORMATION_EX = *mut SYSTEM_VERIFIER_INFORMATION_EX;
+STRUCT!{struct SYSTEM_SYSTEM_PARTITION_INFORMATION {
+ SystemPartition: UNICODE_STRING,
+}}
+pub type PSYSTEM_SYSTEM_PARTITION_INFORMATION = *mut SYSTEM_SYSTEM_PARTITION_INFORMATION;
+STRUCT!{struct SYSTEM_SYSTEM_DISK_INFORMATION {
+ SystemDisk: UNICODE_STRING,
+}}
+pub type PSYSTEM_SYSTEM_DISK_INFORMATION = *mut SYSTEM_SYSTEM_DISK_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT {
+ Hits: ULONGLONG,
+ PercentFrequency: UCHAR,
+}}
+pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT = *mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT;
+STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 {
+ Hits: ULONG,
+ PercentFrequency: UCHAR,
+}}
+pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 =
+ *mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8;
+STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION {
+ ProcessorNumber: ULONG,
+ StateCount: ULONG,
+ States: [SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; 1],
+}}
+pub type PSYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION =
+ *mut SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION;
+STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION {
+ ProcessorCount: ULONG,
+ Offsets: [ULONG; 1],
+}}
+pub type PSYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION =
+ *mut SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION;
+STRUCT!{struct SYSTEM_CODEINTEGRITY_INFORMATION {
+ Length: ULONG,
+ CodeIntegrityOptions: ULONG,
+}}
+pub type PSYSTEM_CODEINTEGRITY_INFORMATION = *mut SYSTEM_CODEINTEGRITY_INFORMATION;
+ENUM!{enum SYSTEM_VA_TYPE {
+ SystemVaTypeAll = 0,
+ SystemVaTypeNonPagedPool = 1,
+ SystemVaTypePagedPool = 2,
+ SystemVaTypeSystemCache = 3,
+ SystemVaTypeSystemPtes = 4,
+ SystemVaTypeSessionSpace = 5,
+ SystemVaTypeMax = 6,
+}}
+pub type PSYSTEM_VA_TYPE = *mut SYSTEM_VA_TYPE;
+STRUCT!{struct SYSTEM_VA_LIST_INFORMATION {
+ VirtualSize: SIZE_T,
+ VirtualPeak: SIZE_T,
+ VirtualLimit: SIZE_T,
+ AllocationFailures: SIZE_T,
+}}
+pub type PSYSTEM_VA_LIST_INFORMATION = *mut SYSTEM_VA_LIST_INFORMATION;
+STRUCT!{struct SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS {
+ KeyHandle: HANDLE,
+ ValueNamePointer: PUNICODE_STRING,
+ RequiredLengthPointer: PULONG,
+ Buffer: PUCHAR,
+ BufferLength: ULONG,
+ Type: ULONG,
+ AppendBuffer: PUCHAR,
+ AppendBufferLength: ULONG,
+ CreateIfDoesntExist: BOOLEAN,
+ TruncateExistingValue: BOOLEAN,
+}}
+pub type PSYSTEM_REGISTRY_APPEND_STRING_PARAMETERS = *mut SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS;
+STRUCT!{struct SYSTEM_VHD_BOOT_INFORMATION {
+ OsDiskIsVhd: BOOLEAN,
+ OsVhdFilePathOffset: ULONG,
+ OsVhdParentVolume: [WCHAR; ANYSIZE_ARRAY],
+}}
+pub type PSYSTEM_VHD_BOOT_INFORMATION = *mut SYSTEM_VHD_BOOT_INFORMATION;
+STRUCT!{struct SYSTEM_LOW_PRIORITY_IO_INFORMATION {
+ LowPriReadOperations: ULONG,
+ LowPriWriteOperations: ULONG,
+ KernelBumpedToNormalOperations: ULONG,
+ LowPriPagingReadOperations: ULONG,
+ KernelPagingReadsBumpedToNormal: ULONG,
+ LowPriPagingWriteOperations: ULONG,
+ KernelPagingWritesBumpedToNormal: ULONG,
+ BoostedIrpCount: ULONG,
+ BoostedPagingIrpCount: ULONG,
+ BlanketBoostCount: ULONG,
+}}
+pub type PSYSTEM_LOW_PRIORITY_IO_INFORMATION = *mut SYSTEM_LOW_PRIORITY_IO_INFORMATION;
+ENUM!{enum TPM_BOOT_ENTROPY_RESULT_CODE {
+ TpmBootEntropyStructureUninitialized = 0,
+ TpmBootEntropyDisabledByPolicy = 1,
+ TpmBootEntropyNoTpmFound = 2,
+ TpmBootEntropyTpmError = 3,
+ TpmBootEntropySuccess = 4,
+}}
+STRUCT!{struct TPM_BOOT_ENTROPY_NT_RESULT {
+ Policy: ULONGLONG,
+ ResultCode: TPM_BOOT_ENTROPY_RESULT_CODE,
+ ResultStatus: NTSTATUS,
+ Time: ULONGLONG,
+ EntropyLength: ULONG,
+ EntropyData: [UCHAR; 40],
+}}
+pub type PTPM_BOOT_ENTROPY_NT_RESULT = *mut TPM_BOOT_ENTROPY_NT_RESULT;
+STRUCT!{struct SYSTEM_VERIFIER_COUNTERS_INFORMATION {
+ Legacy: SYSTEM_VERIFIER_INFORMATION,
+ RaiseIrqls: ULONG,
+ AcquireSpinLocks: ULONG,
+ SynchronizeExecutions: ULONG,
+ AllocationsWithNoTag: ULONG,
+ AllocationsFailed: ULONG,
+ AllocationsFailedDeliberately: ULONG,
+ LockedBytes: SIZE_T,
+ PeakLockedBytes: SIZE_T,
+ MappedLockedBytes: SIZE_T,
+ PeakMappedLockedBytes: SIZE_T,
+ MappedIoSpaceBytes: SIZE_T,
+ PeakMappedIoSpaceBytes: SIZE_T,
+ PagesForMdlBytes: SIZE_T,
+ PeakPagesForMdlBytes: SIZE_T,
+ ContiguousMemoryBytes: SIZE_T,
+ PeakContiguousMemoryBytes: SIZE_T,
+ ExecutePoolTypes: ULONG,
+ ExecutePageProtections: ULONG,
+ ExecutePageMappings: ULONG,
+ ExecuteWriteSections: ULONG,
+ SectionAlignmentFailures: ULONG,
+ UnsupportedRelocs: ULONG,
+ IATInExecutableSection: ULONG,
+}}
+pub type PSYSTEM_VERIFIER_COUNTERS_INFORMATION = *mut SYSTEM_VERIFIER_COUNTERS_INFORMATION;
+STRUCT!{struct SYSTEM_ACPI_AUDIT_INFORMATION {
+ RsdpCount: ULONG,
+ Bitfields: ULONG,
+}}
+BITFIELD!{SYSTEM_ACPI_AUDIT_INFORMATION Bitfields: ULONG [
+ SameRsdt set_SameRsdt[0..1],
+ SlicPresent set_SlicPresent[1..2],
+ SlicDifferent set_SlicDifferent[2..3],
+]}
+pub type PSYSTEM_ACPI_AUDIT_INFORMATION = *mut SYSTEM_ACPI_AUDIT_INFORMATION;
+STRUCT!{struct SYSTEM_BASIC_PERFORMANCE_INFORMATION {
+ AvailablePages: SIZE_T,
+ CommittedPages: SIZE_T,
+ CommitLimit: SIZE_T,
+ PeakCommitment: SIZE_T,
+}}
+pub type PSYSTEM_BASIC_PERFORMANCE_INFORMATION = *mut SYSTEM_BASIC_PERFORMANCE_INFORMATION;
+STRUCT!{struct QUERY_PERFORMANCE_COUNTER_FLAGS {
+ ul: ULONG,
+}}
+BITFIELD!{QUERY_PERFORMANCE_COUNTER_FLAGS ul: ULONG [
+ KernelTransition set_KernelTransition[0..1],
+ Reserved set_Reserved[1..32],
+]}
+STRUCT!{struct SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION {
+ Version: ULONG,
+ Flags: QUERY_PERFORMANCE_COUNTER_FLAGS,
+ ValidFlags: QUERY_PERFORMANCE_COUNTER_FLAGS,
+}}
+pub type PSYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION =
+ *mut SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION;
+ENUM!{enum SYSTEM_PIXEL_FORMAT {
+ SystemPixelFormatUnknown = 0,
+ SystemPixelFormatR8G8B8 = 1,
+ SystemPixelFormatR8G8B8X8 = 2,
+ SystemPixelFormatB8G8R8 = 3,
+ SystemPixelFormatB8G8R8X8 = 4,
+}}
+STRUCT!{struct SYSTEM_BOOT_GRAPHICS_INFORMATION {
+ FrameBuffer: LARGE_INTEGER,
+ Width: ULONG,
+ Height: ULONG,
+ PixelStride: ULONG,
+ Flags: ULONG,
+ Format: SYSTEM_PIXEL_FORMAT,
+ DisplayRotation: ULONG,
+}}
+pub type PSYSTEM_BOOT_GRAPHICS_INFORMATION = *mut SYSTEM_BOOT_GRAPHICS_INFORMATION;
+STRUCT!{struct MEMORY_SCRUB_INFORMATION {
+ Handle: HANDLE,
+ PagesScrubbed: ULONG,
+}}
+pub type PMEMORY_SCRUB_INFORMATION = *mut MEMORY_SCRUB_INFORMATION;
+STRUCT!{struct PEBS_DS_SAVE_AREA {
+ BtsBufferBase: ULONGLONG,
+ BtsIndex: ULONGLONG,
+ BtsAbsoluteMaximum: ULONGLONG,
+ BtsInterruptThreshold: ULONGLONG,
+ PebsBufferBase: ULONGLONG,
+ PebsIndex: ULONGLONG,
+ PebsAbsoluteMaximum: ULONGLONG,
+ PebsInterruptThreshold: ULONGLONG,
+ PebsCounterReset0: ULONGLONG,
+ PebsCounterReset1: ULONGLONG,
+ PebsCounterReset2: ULONGLONG,
+ PebsCounterReset3: ULONGLONG,
+}}
+pub type PPEBS_DS_SAVE_AREA = *mut PEBS_DS_SAVE_AREA;
+STRUCT!{struct PROCESSOR_PROFILE_CONTROL_AREA {
+ PebsDsSaveArea: PEBS_DS_SAVE_AREA,
+}}
+pub type PPROCESSOR_PROFILE_CONTROL_AREA = *mut PROCESSOR_PROFILE_CONTROL_AREA;
+STRUCT!{struct SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA {
+ ProcessorProfileControlArea: PROCESSOR_PROFILE_CONTROL_AREA,
+ Allocate: BOOLEAN,
+}}
+pub type PSYSTEM_PROCESSOR_PROFILE_CONTROL_AREA = *mut SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA;
+STRUCT!{struct MEMORY_COMBINE_INFORMATION {
+ Handle: HANDLE,
+ PagesCombined: ULONG_PTR,
+}}
+pub type PMEMORY_COMBINE_INFORMATION = *mut MEMORY_COMBINE_INFORMATION;
+pub const MEMORY_COMBINE_FLAGS_COMMON_PAGES_ONLY: ULONG = 0x4;
+STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX {
+ Handle: HANDLE,
+ PagesCombined: ULONG_PTR,
+ Flags: ULONG,
+}}
+pub type PMEMORY_COMBINE_INFORMATION_EX = *mut MEMORY_COMBINE_INFORMATION_EX;
+STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX2 {
+ Handle: HANDLE,
+ PagesCombined: ULONG_PTR,
+ Flags: ULONG,
+ ProcessHandle: HANDLE,
+}}
+pub type PMEMORY_COMBINE_INFORMATION_EX2 = *mut MEMORY_COMBINE_INFORMATION_EX2;
+STRUCT!{struct SYSTEM_CONSOLE_INFORMATION {
+ Bitfields: ULONG,
+}}
+BITFIELD!{SYSTEM_CONSOLE_INFORMATION Bitfields: ULONG [
+ DriverLoaded set_DriverLoaded[0..1],
+ Spare set_Spare[1..32],
+]}
+pub type PSYSTEM_CONSOLE_INFORMATION = *mut SYSTEM_CONSOLE_INFORMATION;
+STRUCT!{struct SYSTEM_PLATFORM_BINARY_INFORMATION {
+ PhysicalAddress: ULONG64,
+ HandoffBuffer: PVOID,
+ CommandLineBuffer: PVOID,
+ HandoffBufferSize: ULONG,
+ CommandLineBufferSize: ULONG,
+}}
+pub type PSYSTEM_PLATFORM_BINARY_INFORMATION = *mut SYSTEM_PLATFORM_BINARY_INFORMATION;
+STRUCT!{struct SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION {
+ NumberOfLogicalProcessors: ULONG,
+ NumberOfCores: ULONG,
+}}
+pub type PSYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION =
+ *mut SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION;
+STRUCT!{struct SYSTEM_DEVICE_DATA_INFORMATION {
+ DeviceId: UNICODE_STRING,
+ DataName: UNICODE_STRING,
+ DataType: ULONG,
+ DataBufferLength: ULONG,
+ DataBuffer: PVOID,
+}}
+pub type PSYSTEM_DEVICE_DATA_INFORMATION = *mut SYSTEM_DEVICE_DATA_INFORMATION;
+STRUCT!{struct PHYSICAL_CHANNEL_RUN {
+ NodeNumber: ULONG,
+ ChannelNumber: ULONG,
+ BasePage: ULONGLONG,
+ PageCount: ULONGLONG,
+ Flags: ULONG,
+}}
+pub type PPHYSICAL_CHANNEL_RUN = *mut PHYSICAL_CHANNEL_RUN;
+STRUCT!{struct SYSTEM_MEMORY_TOPOLOGY_INFORMATION {
+ NumberOfRuns: ULONGLONG,
+ NumberOfNodes: ULONG,
+ NumberOfChannels: ULONG,
+ Run: [PHYSICAL_CHANNEL_RUN; 1],
+}}
+pub type PSYSTEM_MEMORY_TOPOLOGY_INFORMATION = *mut SYSTEM_MEMORY_TOPOLOGY_INFORMATION;
+STRUCT!{struct SYSTEM_MEMORY_CHANNEL_INFORMATION {
+ ChannelNumber: ULONG,
+ ChannelHeatIndex: ULONG,
+ TotalPageCount: ULONGLONG,
+ ZeroPageCount: ULONGLONG,
+ FreePageCount: ULONGLONG,
+ StandbyPageCount: ULONGLONG,
+}}
+pub type PSYSTEM_MEMORY_CHANNEL_INFORMATION = *mut SYSTEM_MEMORY_CHANNEL_INFORMATION;
+STRUCT!{struct SYSTEM_BOOT_LOGO_INFORMATION {
+ Flags: ULONG,
+ BitmapOffset: ULONG,
+}}
+pub type PSYSTEM_BOOT_LOGO_INFORMATION = *mut SYSTEM_BOOT_LOGO_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX {
+ IdleTime: LARGE_INTEGER,
+ KernelTime: LARGE_INTEGER,
+ UserTime: LARGE_INTEGER,
+ DpcTime: LARGE_INTEGER,
+ InterruptTime: LARGE_INTEGER,
+ InterruptCount: ULONG,
+ Spare0: ULONG,
+ AvailableTime: LARGE_INTEGER,
+ Spare1: LARGE_INTEGER,
+ Spare2: LARGE_INTEGER,
+}}
+pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX =
+ *mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX;
+STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_INFORMATION {
+ PolicyPublisher: GUID,
+ PolicyVersion: ULONG,
+ PolicyOptions: ULONG,
+}}
+pub type PSYSTEM_SECUREBOOT_POLICY_INFORMATION = *mut SYSTEM_SECUREBOOT_POLICY_INFORMATION;
+STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION_EX {
+ Info: SYSTEM_PAGEFILE_INFORMATION,
+ MinimumSize: ULONG,
+ MaximumSize: ULONG,
+}}
+pub type PSYSTEM_PAGEFILE_INFORMATION_EX = *mut SYSTEM_PAGEFILE_INFORMATION_EX;
+STRUCT!{struct SYSTEM_SECUREBOOT_INFORMATION {
+ SecureBootEnabled: BOOLEAN,
+ SecureBootCapable: BOOLEAN,
+}}
+pub type PSYSTEM_SECUREBOOT_INFORMATION = *mut SYSTEM_SECUREBOOT_INFORMATION;
+STRUCT!{struct PROCESS_DISK_COUNTERS {
+ BytesRead: ULONGLONG,
+ BytesWritten: ULONGLONG,
+ ReadOperationCount: ULONGLONG,
+ WriteOperationCount: ULONGLONG,
+ FlushOperationCount: ULONGLONG,
+}}
+pub type PPROCESS_DISK_COUNTERS = *mut PROCESS_DISK_COUNTERS;
+UNION!{union ENERGY_STATE_DURATION_u {
+ Value: ULONGLONG,
+ LastChangeTime: ULONG,
+}}
+UNION!{union ENERGY_STATE_DURATION {
+ u: ENERGY_STATE_DURATION_u,
+ BitFields: ULONG,
+}}
+pub type PENERGY_STATE_DURATION = *mut ENERGY_STATE_DURATION;
+BITFIELD!{unsafe ENERGY_STATE_DURATION BitFields: ULONG [
+ Duration set_Duration[0..31],
+ IsInState set_IsInState[31..32],
+]}
+STRUCT!{struct PROCESS_ENERGY_VALUES {
+ Cycles: [[ULONGLONG; 4]; 2],
+ DiskEnergy: ULONGLONG,
+ NetworkTailEnergy: ULONGLONG,
+ MBBTailEnergy: ULONGLONG,
+ NetworkTxRxBytes: ULONGLONG,
+ MBBTxRxBytes: ULONGLONG,
+ ForegroundDuration: ENERGY_STATE_DURATION,
+ DesktopVisibleDuration: ENERGY_STATE_DURATION,
+ PSMForegroundDuration: ENERGY_STATE_DURATION,
+ CompositionRendered: ULONG,
+ CompositionDirtyGenerated: ULONG,
+ CompositionDirtyPropagated: ULONG,
+ Reserved1: ULONG,
+ AttributedCycles: [[ULONGLONG; 2]; 4],
+ WorkOnBehalfCycles: [[ULONGLONG; 2]; 4],
+}}
+pub type PPROCESS_ENERGY_VALUES = *mut PROCESS_ENERGY_VALUES;
+STRUCT!{struct TIMELINE_BITMAP {
+ Value: ULONGLONG,
+ EndTime: ULONG,
+ Bitmap: ULONG,
+}}
+pub type PTIMELINE_BITMAP = *mut TIMELINE_BITMAP;
+STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Timelines {
+ CpuTimeline: TIMELINE_BITMAP,
+ DiskTimeline: TIMELINE_BITMAP,
+ NetworkTimeline: TIMELINE_BITMAP,
+ MBBTimeline: TIMELINE_BITMAP,
+ ForegroundTimeline: TIMELINE_BITMAP,
+ DesktopVisibleTimeline: TIMELINE_BITMAP,
+ CompositionRenderedTimeline: TIMELINE_BITMAP,
+ CompositionDirtyGeneratedTimeline: TIMELINE_BITMAP,
+ CompositionDirtyPropagatedTimeline: TIMELINE_BITMAP,
+ InputTimeline: TIMELINE_BITMAP,
+ AudioInTimeline: TIMELINE_BITMAP,
+ AudioOutTimeline: TIMELINE_BITMAP,
+ DisplayRequiredTimeline: TIMELINE_BITMAP,
+ KeyboardInputTimeline: TIMELINE_BITMAP,
+}}
+STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Durations {
+ InputDuration: ENERGY_STATE_DURATION,
+ AudioInDuration: ENERGY_STATE_DURATION,
+ AudioOutDuration: ENERGY_STATE_DURATION,
+ DisplayRequiredDuration: ENERGY_STATE_DURATION,
+ PSMBackgroundDuration: ENERGY_STATE_DURATION,
+}}
+STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION {
+ Timelines: PROCESS_ENERGY_VALUES_EXTENSION_Timelines,
+ Durations: PROCESS_ENERGY_VALUES_EXTENSION_Durations,
+ KeyboardInput: ULONG,
+ MouseInput: ULONG,
+}}
+pub type PPROCESS_ENERGY_VALUES_EXTENSION = *mut PROCESS_ENERGY_VALUES_EXTENSION;
+STRUCT!{struct PROCESS_EXTENDED_ENERGY_VALUES {
+ Base: PROCESS_ENERGY_VALUES,
+ Extension: PROCESS_ENERGY_VALUES_EXTENSION,
+}}
+pub type PPROCESS_EXTENDED_ENERGY_VALUES = *mut PROCESS_EXTENDED_ENERGY_VALUES;
+ENUM!{enum SYSTEM_PROCESS_CLASSIFICATION {
+ SystemProcessClassificationNormal = 0,
+ SystemProcessClassificationSystem = 1,
+ SystemProcessClassificationSecureSystem = 2,
+ SystemProcessClassificationMemCompression = 3,
+ SystemProcessClassificationRegistry = 4,
+ SystemProcessClassificationMaximum = 5,
+}}
+STRUCT!{struct SYSTEM_PROCESS_INFORMATION_EXTENSION {
+ DiskCounters: PROCESS_DISK_COUNTERS,
+ ContextSwitches: ULONGLONG,
+ Flags: ULONG,
+ UserSidOffset: ULONG,
+ PackageFullNameOffset: ULONG,
+ EnergyValues: PROCESS_ENERGY_VALUES,
+ AppIdOffset: ULONG,
+ SharedCommitCharge: SIZE_T,
+ JobObjectId: ULONG,
+ SpareUlong: ULONG,
+ ProcessSequenceNumber: ULONGLONG,
+}}
+BITFIELD!{SYSTEM_PROCESS_INFORMATION_EXTENSION Flags: ULONG [
+ HasStrongId set_HasStrongId[0..1],
+ Classification set_Classification[1..5],
+ BackgroundActivityModerated set_BackgroundActivityModerated[5..6],
+ Spare set_Spare[6..32],
+]}
+pub type PSYSTEM_PROCESS_INFORMATION_EXTENSION = *mut SYSTEM_PROCESS_INFORMATION_EXTENSION;
+STRUCT!{struct SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION {
+ EfiLauncherEnabled: BOOLEAN,
+}}
+pub type PSYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION =
+ *mut SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION;
+STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX {
+ DebuggerAllowed: BOOLEAN,
+ DebuggerEnabled: BOOLEAN,
+ DebuggerPresent: BOOLEAN,
+}}
+pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION_EX = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX;
+STRUCT!{struct SYSTEM_ELAM_CERTIFICATE_INFORMATION {
+ ElamDriverFile: HANDLE,
+}}
+pub type PSYSTEM_ELAM_CERTIFICATE_INFORMATION = *mut SYSTEM_ELAM_CERTIFICATE_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_FEATURES_INFORMATION {
+ ProcessorFeatureBits: ULONGLONG,
+ Reserved: [ULONGLONG; 3],
+}}
+pub type PSYSTEM_PROCESSOR_FEATURES_INFORMATION = *mut SYSTEM_PROCESSOR_FEATURES_INFORMATION;
+STRUCT!{struct SYSTEM_MANUFACTURING_INFORMATION {
+ Options: ULONG,
+ ProfileName: UNICODE_STRING,
+}}
+pub type PSYSTEM_MANUFACTURING_INFORMATION = *mut SYSTEM_MANUFACTURING_INFORMATION;
+STRUCT!{struct SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION {
+ Enabled: BOOLEAN,
+}}
+pub type PSYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION =
+ *mut SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION;
+STRUCT!{struct HV_DETAILS {
+ Data: [ULONG; 4],
+}}
+pub type PHV_DETAILS = *mut HV_DETAILS;
+STRUCT!{struct SYSTEM_HYPERVISOR_DETAIL_INFORMATION {
+ HvVendorAndMaxFunction: HV_DETAILS,
+ HypervisorInterface: HV_DETAILS,
+ HypervisorVersion: HV_DETAILS,
+ HvFeatures: HV_DETAILS,
+ HwFeatures: HV_DETAILS,
+ EnlightenmentInfo: HV_DETAILS,
+ ImplementationLimits: HV_DETAILS,
+}}
+pub type PSYSTEM_HYPERVISOR_DETAIL_INFORMATION = *mut SYSTEM_HYPERVISOR_DETAIL_INFORMATION;
+STRUCT!{struct SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION {
+ Cycles: [[ULONGLONG; 4]; 2],
+}}
+pub type PSYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION = *mut SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION;
+STRUCT!{struct SYSTEM_TPM_INFORMATION {
+ Flags: ULONG,
+}}
+pub type PSYSTEM_TPM_INFORMATION = *mut SYSTEM_TPM_INFORMATION;
+STRUCT!{struct SYSTEM_VSM_PROTECTION_INFORMATION {
+ DmaProtectionsAvailable: BOOLEAN,
+ DmaProtectionsInUse: BOOLEAN,
+ HardwareMbecAvailable: BOOLEAN,
+}}
+pub type PSYSTEM_VSM_PROTECTION_INFORMATION = *mut SYSTEM_VSM_PROTECTION_INFORMATION;
+STRUCT!{struct SYSTEM_CODEINTEGRITYPOLICY_INFORMATION {
+ Options: ULONG,
+ HVCIOptions: ULONG,
+ Version: ULONGLONG,
+ PolicyGuid: GUID,
+}}
+pub type PSYSTEM_CODEINTEGRITYPOLICY_INFORMATION = *mut SYSTEM_CODEINTEGRITYPOLICY_INFORMATION;
+STRUCT!{struct SYSTEM_ISOLATED_USER_MODE_INFORMATION {
+ Bitfields1: BOOLEAN,
+ Bitfields2: BOOLEAN,
+ Spare0: [BOOLEAN; 6],
+ Spare1: ULONGLONG,
+}}
+BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields1: BOOLEAN [
+ SecureKernelRunning set_SecureKernelRunning[0..1],
+ HvciEnabled set_HvciEnabled[1..2],
+ HvciStrictMode set_HvciStrictMode[2..3],
+ DebugEnabled set_DebugEnabled[3..4],
+ FirmwarePageProtection set_FirmwarePageProtection[4..5],
+ EncryptionKeyAvailable set_EncryptionKeyAvailable[5..6],
+ SpareFlags set_SpareFlags[6..7],
+ TrustletRunning set_TrustletRunning[7..8],
+]}
+BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields2: BOOLEAN [
+ SpareFlags2 set_SpareFlags2[0..1],
+]}
+pub type PSYSTEM_ISOLATED_USER_MODE_INFORMATION = *mut SYSTEM_ISOLATED_USER_MODE_INFORMATION;
+STRUCT!{struct SYSTEM_SINGLE_MODULE_INFORMATION {
+ TargetModuleAddress: PVOID,
+ ExInfo: RTL_PROCESS_MODULE_INFORMATION_EX,
+}}
+pub type PSYSTEM_SINGLE_MODULE_INFORMATION = *mut SYSTEM_SINGLE_MODULE_INFORMATION;
+STRUCT!{struct SYSTEM_INTERRUPT_CPU_SET_INFORMATION {
+ Gsiv: ULONG,
+ Group: USHORT,
+ CpuSets: ULONGLONG,
+}}
+pub type PSYSTEM_INTERRUPT_CPU_SET_INFORMATION = *mut SYSTEM_INTERRUPT_CPU_SET_INFORMATION;
+STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION {
+ PolicyInformation: SYSTEM_SECUREBOOT_POLICY_INFORMATION,
+ PolicySize: ULONG,
+ Policy: [UCHAR; 1],
+}}
+pub type PSYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION =
+ *mut SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION;
+STRUCT!{struct SYSTEM_ROOT_SILO_INFORMATION {
+ NumberOfSilos: ULONG,
+ SiloIdList: [ULONG; 1],
+}}
+pub type PSYSTEM_ROOT_SILO_INFORMATION = *mut SYSTEM_ROOT_SILO_INFORMATION;
+STRUCT!{struct SYSTEM_CPU_SET_TAG_INFORMATION {
+ Tag: ULONGLONG,
+ CpuSets: [ULONGLONG; 1],
+}}
+pub type PSYSTEM_CPU_SET_TAG_INFORMATION = *mut SYSTEM_CPU_SET_TAG_INFORMATION;
+STRUCT!{struct SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION {
+ ExtentCount: ULONG,
+ ValidStructureSize: ULONG,
+ NextExtentIndex: ULONG,
+ ExtentRestart: ULONG,
+ CycleCount: ULONG,
+ TimeoutCount: ULONG,
+ CycleTime: ULONGLONG,
+ CycleTimeMax: ULONGLONG,
+ ExtentTime: ULONGLONG,
+ ExtentTimeIndex: ULONG,
+ ExtentTimeMaxIndex: ULONG,
+ ExtentTimeMax: ULONGLONG,
+ HyperFlushTimeMax: ULONGLONG,
+ TranslateVaTimeMax: ULONGLONG,
+ DebugExemptionCount: ULONGLONG,
+ TbHitCount: ULONGLONG,
+ TbMissCount: ULONGLONG,
+ VinaPendingYield: ULONGLONG,
+ HashCycles: ULONGLONG,
+ HistogramOffset: ULONG,
+ HistogramBuckets: ULONG,
+ HistogramShift: ULONG,
+ Reserved1: ULONG,
+ PageNotPresentCount: ULONGLONG,
+}}
+pub type PSYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION =
+ *mut SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION;
+STRUCT!{struct SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION {
+ PlatformManifestSize: ULONG,
+ PlatformManifest: [UCHAR; 1],
+}}
+pub type PSYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION =
+ *mut SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION;
+STRUCT!{struct SYSTEM_MEMORY_USAGE_INFORMATION {
+ TotalPhysicalBytes: ULONGLONG,
+ AvailableBytes: ULONGLONG,
+ ResidentAvailableBytes: LONGLONG,
+ CommittedBytes: ULONGLONG,
+ SharedCommittedBytes: ULONGLONG,
+ CommitLimitBytes: ULONGLONG,
+ PeakCommitmentBytes: ULONGLONG,
+}}
+pub type PSYSTEM_MEMORY_USAGE_INFORMATION = *mut SYSTEM_MEMORY_USAGE_INFORMATION;
+STRUCT!{struct SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION {
+ ImageFile: HANDLE,
+ Type: ULONG,
+}}
+pub type PSYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION =
+ *mut SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION;
+STRUCT!{struct SYSTEM_PHYSICAL_MEMORY_INFORMATION {
+ TotalPhysicalBytes: ULONGLONG,
+ LowestPhysicalAddress: ULONGLONG,
+ HighestPhysicalAddress: ULONGLONG,
+}}
+pub type PSYSTEM_PHYSICAL_MEMORY_INFORMATION = *mut SYSTEM_PHYSICAL_MEMORY_INFORMATION;
+ENUM!{enum SYSTEM_ACTIVITY_MODERATION_STATE {
+ SystemActivityModerationStateSystemManaged = 0,
+ SystemActivityModerationStateUserManagedAllowThrottling = 1,
+ SystemActivityModerationStateUserManagedDisableThrottling = 2,
+ MaxSystemActivityModerationState = 3,
+}}
+ENUM!{enum SYSTEM_ACTIVITY_MODERATION_APP_TYPE {
+ SystemActivityModerationAppTypeClassic = 0,
+ SystemActivityModerationAppTypePackaged = 1,
+ MaxSystemActivityModerationAppType = 2,
+}}
+STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_INFO {
+ Identifier: UNICODE_STRING,
+ ModerationState: SYSTEM_ACTIVITY_MODERATION_STATE,
+ AppType: SYSTEM_ACTIVITY_MODERATION_APP_TYPE,
+}}
+pub type PSYSTEM_ACTIVITY_MODERATION_INFO = *mut SYSTEM_ACTIVITY_MODERATION_INFO;
+STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS {
+ UserKeyHandle: HANDLE,
+}}
+pub type PSYSTEM_ACTIVITY_MODERATION_USER_SETTINGS = *mut SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS;
+STRUCT!{struct SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION {
+ Flags: ULONG,
+ UnlockId: [UCHAR; 32],
+}}
+BITFIELD!{SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION Flags: ULONG [
+ Locked set_Locked[0..1],
+ Unlockable set_Unlockable[1..2],
+ UnlockApplied set_UnlockApplied[2..3],
+ UnlockIdValid set_UnlockIdValid[3..4],
+ Reserved set_Reserved[4..32],
+]}
+pub type PSYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION = *mut SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION;
+STRUCT!{struct SYSTEM_FLUSH_INFORMATION {
+ SupportedFlushMethods: ULONG,
+ ProcessorCacheFlushSize: ULONG,
+ SystemFlushCapabilities: ULONGLONG,
+ Reserved: [ULONGLONG; 2],
+}}
+pub type PSYSTEM_FLUSH_INFORMATION = *mut SYSTEM_FLUSH_INFORMATION;
+STRUCT!{struct SYSTEM_WRITE_CONSTRAINT_INFORMATION {
+ WriteConstraintPolicy: ULONG,
+ Reserved: ULONG,
+}}
+pub type PSYSTEM_WRITE_CONSTRAINT_INFORMATION = *mut SYSTEM_WRITE_CONSTRAINT_INFORMATION;
+STRUCT!{struct SYSTEM_KERNEL_VA_SHADOW_INFORMATION {
+ Flags: ULONG,
+}}
+BITFIELD!{SYSTEM_KERNEL_VA_SHADOW_INFORMATION Flags: ULONG [
+ KvaShadowEnabled set_KvaShadowEnabled[0..1],
+ KvaShadowUserGlobal set_KvaShadowUserGlobal[1..2],
+ KvaShadowPcid set_KvaShadowPcid[2..3],
+ KvaShadowInvpcid set_KvaShadowInvpcid[3..4],
+ KvaShadowRequired set_KvaShadowRequired[4..5],
+ KvaShadowRequiredAvailable set_KvaShadowRequiredAvailable[5..6],
+ InvalidPteBit set_InvalidPteBit[6..12],
+ L1DataCacheFlushSupported set_L1DataCacheFlushSupported[12..13],
+ L1TerminalFaultMitigationPresent set_L1TerminalFaultMitigationPresent[13..14],
+ Reserved set_Reserved[14..32],
+]}
+pub type PSYSTEM_KERNEL_VA_SHADOW_INFORMATION = *mut SYSTEM_KERNEL_VA_SHADOW_INFORMATION;
+STRUCT!{struct SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION {
+ FileHandle: HANDLE,
+ ImageSize: ULONG,
+ Image: PVOID,
+}}
+pub type PSYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION =
+ *mut SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION;
+STRUCT!{struct SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION {
+ HypervisorSharedUserVa: PVOID,
+}}
+pub type PSYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION =
+ *mut SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION;
+STRUCT!{struct SYSTEM_SPECULATION_CONTROL_INFORMATION {
+ Flags: ULONG,
+}}
+BITFIELD!{SYSTEM_SPECULATION_CONTROL_INFORMATION Flags: ULONG [
+ BpbEnabled set_BpbEnabled[0..1],
+ BpbDisabledSystemPolicy set_BpbDisabledSystemPolicy[1..2],
+ BpbDisabledNoHardwareSupport set_BpbDisabledNoHardwareSupport[2..3],
+ SpecCtrlEnumerated set_SpecCtrlEnumerated[3..4],
+ SpecCmdEnumerated set_SpecCmdEnumerated[4..5],
+ IbrsPresent set_IbrsPresent[5..6],
+ StibpPresent set_StibpPresent[6..7],
+ SmepPresent set_SmepPresent[7..8],
+ SpeculativeStoreBypassDisableAvailable set_SpeculativeStoreBypassDisableAvailable[8..9],
+ SpeculativeStoreBypassDisableSupported set_SpeculativeStoreBypassDisableSupported[9..10],
+ SpeculativeStoreBypassDisabledSystemWide set_SpeculativeStoreBypassDisabledSystemWide[10..11],
+ SpeculativeStoreBypassDisabledKernel set_SpeculativeStoreBypassDisabledKernel[11..12],
+ SpeculativeStoreBypassDisableRequired set_SpeculativeStoreBypassDisableRequired[12..13],
+ BpbDisabledKernelToUser set_BpbDisabledKernelToUser[13..14],
+ SpecCtrlRetpolineEnabled set_SpecCtrlRetpolineEnabled[14..15],
+ SpecCtrlImportOptimizationEnabled set_SpecCtrlImportOptimizationEnabled[15..16],
+ Reserved set_Reserved[16..32],
+]}
+pub type PSYSTEM_SPECULATION_CONTROL_INFORMATION = *mut SYSTEM_SPECULATION_CONTROL_INFORMATION;
+STRUCT!{struct SYSTEM_DMA_GUARD_POLICY_INFORMATION {
+ DmaGuardPolicyEnabled: BOOLEAN,
+}}
+pub type PSYSTEM_DMA_GUARD_POLICY_INFORMATION = *mut SYSTEM_DMA_GUARD_POLICY_INFORMATION;
+STRUCT!{struct SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION {
+ EnclaveLaunchSigner: [UCHAR; 32],
+}}
+pub type PSYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION =
+ *mut SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION;
+STRUCT!{struct SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION {
+ WorkloadClass: ULONGLONG,
+ CpuSets: [ULONGLONG; 1],
+}}
+pub type PSYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION =
+ *mut SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtQuerySystemInformation(
+ SystemInformationClass: SYSTEM_INFORMATION_CLASS,
+ SystemInformation: PVOID,
+ SystemInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtQuerySystemInformationEx(
+ SystemInformationClass: SYSTEM_INFORMATION_CLASS,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ SystemInformation: PVOID,
+ SystemInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetSystemInformation(
+ SystemInformationClass: SYSTEM_INFORMATION_CLASS,
+ SystemInformation: PVOID,
+ SystemInformationLength: ULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum SYSDBG_COMMAND {
+ SysDbgQueryModuleInformation = 0,
+ SysDbgQueryTraceInformation = 1,
+ SysDbgSetTracepoint = 2,
+ SysDbgSetSpecialCall = 3,
+ SysDbgClearSpecialCalls = 4,
+ SysDbgQuerySpecialCalls = 5,
+ SysDbgBreakPoint = 6,
+ SysDbgQueryVersion = 7,
+ SysDbgReadVirtual = 8,
+ SysDbgWriteVirtual = 9,
+ SysDbgReadPhysical = 10,
+ SysDbgWritePhysical = 11,
+ SysDbgReadControlSpace = 12,
+ SysDbgWriteControlSpace = 13,
+ SysDbgReadIoSpace = 14,
+ SysDbgWriteIoSpace = 15,
+ SysDbgReadMsr = 16,
+ SysDbgWriteMsr = 17,
+ SysDbgReadBusData = 18,
+ SysDbgWriteBusData = 19,
+ SysDbgCheckLowMemory = 20,
+ SysDbgEnableKernelDebugger = 21,
+ SysDbgDisableKernelDebugger = 22,
+ SysDbgGetAutoKdEnable = 23,
+ SysDbgSetAutoKdEnable = 24,
+ SysDbgGetPrintBufferSize = 25,
+ SysDbgSetPrintBufferSize = 26,
+ SysDbgGetKdUmExceptionEnable = 27,
+ SysDbgSetKdUmExceptionEnable = 28,
+ SysDbgGetTriageDump = 29,
+ SysDbgGetKdBlockEnable = 30,
+ SysDbgSetKdBlockEnable = 31,
+ SysDbgRegisterForUmBreakInfo = 32,
+ SysDbgGetUmBreakPid = 33,
+ SysDbgClearUmBreakPid = 34,
+ SysDbgGetUmAttachPid = 35,
+ SysDbgClearUmAttachPid = 36,
+ SysDbgGetLiveKernelDump = 37,
+}}
+pub type PSYSDBG_COMMAND = *mut SYSDBG_COMMAND;
+STRUCT!{struct SYSDBG_VIRTUAL {
+ Address: PVOID,
+ Buffer: PVOID,
+ Request: ULONG,
+}}
+pub type PSYSDBG_VIRTUAL = *mut SYSDBG_VIRTUAL;
+STRUCT!{struct SYSDBG_PHYSICAL {
+ Address: PHYSICAL_ADDRESS,
+ Buffer: PVOID,
+ Request: ULONG,
+}}
+pub type PSYSDBG_PHYSICAL = *mut SYSDBG_PHYSICAL;
+STRUCT!{struct SYSDBG_CONTROL_SPACE {
+ Address: ULONG64,
+ Buffer: PVOID,
+ Request: ULONG,
+ Processor: ULONG,
+}}
+pub type PSYSDBG_CONTROL_SPACE = *mut SYSDBG_CONTROL_SPACE;
+STRUCT!{struct SYSDBG_IO_SPACE {
+ Address: ULONG64,
+ Buffer: PVOID,
+ Request: ULONG,
+ InterfaceType: INTERFACE_TYPE,
+ BusNumber: ULONG,
+ AddressSpace: ULONG,
+}}
+pub type PSYSDBG_IO_SPACE = *mut SYSDBG_IO_SPACE;
+STRUCT!{struct SYSDBG_MSR {
+ Msr: ULONG,
+ Data: ULONG64,
+}}
+pub type PSYSDBG_MSR = *mut SYSDBG_MSR;
+STRUCT!{struct SYSDBG_BUS_DATA {
+ Address: ULONG,
+ Buffer: PVOID,
+ Request: ULONG,
+ BusDataType: BUS_DATA_TYPE,
+ BusNumber: ULONG,
+ SlotNumber: ULONG,
+}}
+pub type PSYSDBG_BUS_DATA = *mut SYSDBG_BUS_DATA;
+STRUCT!{struct SYSDBG_TRIAGE_DUMP {
+ Flags: ULONG,
+ BugCheckCode: ULONG,
+ BugCheckParam1: ULONG_PTR,
+ BugCheckParam2: ULONG_PTR,
+ BugCheckParam3: ULONG_PTR,
+ BugCheckParam4: ULONG_PTR,
+ ProcessHandles: ULONG,
+ ThreadHandles: ULONG,
+ Handles: PHANDLE,
+}}
+pub type PSYSDBG_TRIAGE_DUMP = *mut SYSDBG_TRIAGE_DUMP;
+STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_FLAGS {
+ AsUlong: ULONG,
+}}
+BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_FLAGS AsUlong: ULONG [
+ UseDumpStorageStack set_UseDumpStorageStack[0..1],
+ CompressMemoryPagesData set_CompressMemoryPagesData[1..2],
+ IncludeUserSpaceMemoryPages set_IncludeUserSpaceMemoryPages[2..3],
+ AbortIfMemoryPressure set_AbortIfMemoryPressure[3..4],
+ Reserved set_Reserved[4..32],
+]}
+pub type PSYSDBG_LIVEDUMP_CONTROL_FLAGS = *mut SYSDBG_LIVEDUMP_CONTROL_FLAGS;
+STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_ADDPAGES {
+ AsUlong: ULONG,
+}}
+BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_ADDPAGES AsUlong: ULONG [
+ HypervisorPages set_HypervisorPages[0..1],
+ Reserved set_Reserved[1..32],
+]}
+pub type PSYSDBG_LIVEDUMP_CONTROL_ADDPAGES = *mut SYSDBG_LIVEDUMP_CONTROL_ADDPAGES;
+pub const SYSDBG_LIVEDUMP_CONTROL_VERSION: ULONG = 1;
+STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL {
+ Version: ULONG,
+ BugCheckCode: ULONG,
+ BugCheckParam1: ULONG_PTR,
+ BugCheckParam2: ULONG_PTR,
+ BugCheckParam3: ULONG_PTR,
+ BugCheckParam4: ULONG_PTR,
+ DumpFileHandle: HANDLE,
+ CancelEventHandle: HANDLE,
+ Flags: SYSDBG_LIVEDUMP_CONTROL_FLAGS,
+ AddPagesControl: SYSDBG_LIVEDUMP_CONTROL_ADDPAGES,
+}}
+pub type PSYSDBG_LIVEDUMP_CONTROL = *mut SYSDBG_LIVEDUMP_CONTROL;
+EXTERN!{extern "system" {
+ fn NtSystemDebugControl(
+ Command: SYSDBG_COMMAND,
+ InputBuffer: PVOID,
+ InputBufferLength: ULONG,
+ OutputBuffer: PVOID,
+ OutputBufferLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum HARDERROR_RESPONSE_OPTION {
+ OptionAbortRetryIgnore = 0,
+ OptionOk = 1,
+ OptionOkCancel = 2,
+ OptionRetryCancel = 3,
+ OptionYesNo = 4,
+ OptionYesNoCancel = 5,
+ OptionShutdownSystem = 6,
+ OptionOkNoWait = 7,
+ OptionCancelTryContinue = 8,
+}}
+ENUM!{enum HARDERROR_RESPONSE {
+ ResponseReturnToCaller = 0,
+ ResponseNotHandled = 1,
+ ResponseAbort = 2,
+ ResponseCancel = 3,
+ ResponseIgnore = 4,
+ ResponseNo = 5,
+ ResponseOk = 6,
+ ResponseRetry = 7,
+ ResponseYes = 8,
+ ResponseTryAgain = 9,
+ ResponseContinue = 10,
+}}
+pub const HARDERROR_OVERRIDE_ERRORMODE: ULONG = 0x10000000;
+EXTERN!{extern "system" {
+ fn NtRaiseHardError(
+ ErrorStatus: NTSTATUS,
+ NumberOfParameters: ULONG,
+ UnicodeStringParameterMask: ULONG,
+ Parameters: PULONG_PTR,
+ ValidResponseOptions: ULONG,
+ Response: PULONG,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum ALTERNATIVE_ARCHITECTURE_TYPE {
+ StandardDesign = 0,
+ NEC98x86 = 1,
+ EndAlternatives = 2,
+}}
+pub const PROCESSOR_FEATURE_MAX: usize = 64;
+pub const MAX_WOW64_SHARED_ENTRIES: u32 = 16;
+pub const NX_SUPPORT_POLICY_ALWAYSOFF: u32 = 0;
+pub const NX_SUPPORT_POLICY_ALWAYSON: u32 = 1;
+pub const NX_SUPPORT_POLICY_OPTIN: u32 = 2;
+pub const NX_SUPPORT_POLICY_OPTOUT: u32 = 3;
+UNION!{union KUSER_SHARED_DATA_u {
+ TickCount: KSYSTEM_TIME,
+ TickCountQuad: ULONG64,
+ ReservedTickCountOverlay: [ULONG; 3],
+}}
+STRUCT!{#[repr(packed(4))] struct KUSER_SHARED_DATA {
+ TickCountLowDeprecated: ULONG,
+ TickCountMultiplier: ULONG,
+ InterruptTime: KSYSTEM_TIME,
+ SystemTime: KSYSTEM_TIME,
+ TimeZoneBias: KSYSTEM_TIME,
+ ImageNumberLow: USHORT,
+ ImageNumberHigh: USHORT,
+ NtSystemRoot: [WCHAR; 260],
+ MaxStackTraceDepth: ULONG,
+ CryptoExponent: ULONG,
+ TimeZoneId: ULONG,
+ LargePageMinimum: ULONG,
+ AitSamplingValue: ULONG,
+ AppCompatFlag: ULONG,
+ RNGSeedVersion: ULONGLONG,
+ GlobalValidationRunlevel: ULONG,
+ TimeZoneBiasStamp: LONG,
+ NtBuildNumber: ULONG,
+ NtProductType: NT_PRODUCT_TYPE,
+ ProductTypeIsValid: BOOLEAN,
+ Reserved0: [UCHAR; 1],
+ NativeProcessorArchitecture: USHORT,
+ NtMajorVersion: ULONG,
+ NtMinorVersion: ULONG,
+ ProcessorFeatures: [BOOLEAN; PROCESSOR_FEATURE_MAX],
+ Reserved1: ULONG,
+ Reserved3: ULONG,
+ TimeSlip: ULONG,
+ AlternativeArchitecture: ALTERNATIVE_ARCHITECTURE_TYPE,
+ BootId: ULONG,
+ SystemExpirationDate: LARGE_INTEGER,
+ SuiteMask: ULONG,
+ KdDebuggerEnabled: BOOLEAN,
+ MitigationPolicies: UCHAR,
+ Reserved6: [UCHAR; 2],
+ ActiveConsoleId: ULONG,
+ DismountCount: ULONG,
+ ComPlusPackage: ULONG,
+ LastSystemRITEventTickCount: ULONG,
+ NumberOfPhysicalPages: ULONG,
+ SafeBootMode: BOOLEAN,
+ VirtualizationFlags: UCHAR,
+ Reserved12: [UCHAR; 2],
+ SharedDataFlags: ULONG,
+ DataFlagsPad: [ULONG; 1],
+ TestRetInstruction: ULONGLONG,
+ QpcFrequency: LONGLONG,
+ SystemCall: ULONG,
+ SystemCallPad0: ULONG,
+ SystemCallPad: [ULONGLONG; 2],
+ u: KUSER_SHARED_DATA_u,
+ //TickCountPad: [ULONG; 1],
+ Cookie: ULONG,
+ CookiePad: [ULONG; 1],
+ ConsoleSessionForegroundProcessId: LONGLONG,
+ TimeUpdateLock: ULONGLONG,
+ BaselineSystemTimeQpc: ULONGLONG,
+ BaselineInterruptTimeQpc: ULONGLONG,
+ QpcSystemTimeIncrement: ULONGLONG,
+ QpcInterruptTimeIncrement: ULONGLONG,
+ QpcSystemTimeIncrementShift: UCHAR,
+ QpcInterruptTimeIncrementShift: UCHAR,
+ UnparkedProcessorCount: USHORT,
+ EnclaveFeatureMask: [ULONG; 4],
+ TelemetryCoverageRound: ULONG,
+ UserModeGlobalLogger: [USHORT; 16],
+ ImageFileExecutionOptions: ULONG,
+ LangGenerationCount: ULONG,
+ Reserved4: ULONGLONG,
+ InterruptTimeBias: ULONG64,
+ QpcBias: ULONG64,
+ ActiveProcessorCount: ULONG,
+ ActiveGroupCount: UCHAR,
+ Reserved9: UCHAR,
+ QpcData: UCHAR,
+ TimeZoneBiasEffectiveStart: LARGE_INTEGER,
+ TimeZoneBiasEffectiveEnd: LARGE_INTEGER,
+ XState: XSTATE_CONFIGURATION,
+}}
+BITFIELD!{KUSER_SHARED_DATA MitigationPolicies: UCHAR [
+ NXSupportPolicy set_NXSupportPolicy[0..2],
+ SEHValidationPolicy set_SEHValidationPolicy[2..4],
+ CurDirDevicesSkippedForDlls set_CurDirDevicesSkippedForDlls[4..6],
+ Reserved set_Reserved[6..8],
+]}
+BITFIELD!{KUSER_SHARED_DATA SharedDataFlags: ULONG [
+ DbgErrorPortPresent set_DbgErrorPortPresent[0..1],
+ DbgElevationEnabled set_DbgElevationEnabled[1..2],
+ DbgVirtEnabled set_DbgVirtEnabled[2..3],
+ DbgInstallerDetectEnabled set_DbgInstallerDetectEnabled[3..4],
+ DbgLkgEnabled set_DbgLkgEnabled[4..5],
+ DbgDynProcessorEnabled set_DbgDynProcessorEnabled[5..6],
+ DbgConsoleBrokerEnabled set_DbgConsoleBrokerEnabled[6..7],
+ DbgSecureBootEnabled set_DbgSecureBootEnabled[7..8],
+ DbgMultiSessionSku set_DbgMultiSessionSku[8..9],
+ DbgMultiUsersInSessionSku set_DbgMultiUsersInSessionSku[9..10],
+ DbgStateSeparationEnabled set_DbgStateSeparationEnabled[10..11],
+ SpareBits set_SpareBits[11..32],
+]}
+BITFIELD!{KUSER_SHARED_DATA QpcData: UCHAR [
+ QpcBypassEnabled set_QpcBypassEnabled[0..1],
+ QpcShift set_QpcShift[1..2],
+]}
+pub type PKUSER_SHARED_DATA = *mut KUSER_SHARED_DATA;
+pub const USER_SHARED_DATA: *const KUSER_SHARED_DATA = 0x7ffe0000 as *const _;
+#[inline]
+pub unsafe fn NtGetTickCount64() -> ULONGLONG {
+ let mut tick_count: ULARGE_INTEGER = uninitialized();
+ #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] {
+ *tick_count.QuadPart_mut() = read_volatile(&(*USER_SHARED_DATA).u.TickCountQuad);
+ }
+ #[cfg(target_arch = "x86")] {
+ loop {
+ tick_count.s_mut().HighPart =
+ read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time) as u32;
+ tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart);
+ if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time)
+ as u32
+ {
+ break;
+ }
+ spin_loop_hint();
+ }
+ }
+ (UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24)
+ + (UInt32x32To64(
+ tick_count.s().HighPart as u32,
+ (*USER_SHARED_DATA).TickCountMultiplier,
+ ) << 8)
+}
+#[inline]
+pub unsafe fn NtGetTickCount() -> ULONG {
+ #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] {
+ ((read_volatile(&(*USER_SHARED_DATA).u.TickCountQuad)
+ * (*USER_SHARED_DATA).TickCountMultiplier as u64) >> 24) as u32
+ }
+ #[cfg(target_arch = "x86")] {
+ let mut tick_count: ULARGE_INTEGER = uninitialized();
+ loop {
+ tick_count.s_mut().HighPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time)
+ as u32;
+ tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart);
+ if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time)
+ as u32
+ {
+ break;
+ }
+ spin_loop_hint();
+ }
+ ((UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24)
+ + UInt32x32To64(
+ (tick_count.s().HighPart as u32) << 8,
+ (*USER_SHARED_DATA).TickCountMultiplier,
+ )) as u32
+ }
+}
+EXTERN!{extern "system" {
+ fn NtQueryDefaultLocale(
+ UserProfile: BOOLEAN,
+ DefaultLocaleId: PLCID,
+ ) -> NTSTATUS;
+ fn NtSetDefaultLocale(
+ UserProfile: BOOLEAN,
+ DefaultLocaleId: LCID,
+ ) -> NTSTATUS;
+ fn NtQueryInstallUILanguage(
+ InstallUILanguageId: *mut LANGID,
+ ) -> NTSTATUS;
+ fn NtFlushInstallUILanguage(
+ InstallUILanguage: LANGID,
+ SetComittedFlag: ULONG,
+ ) -> NTSTATUS;
+ fn NtQueryDefaultUILanguage(
+ DefaultUILanguageId: *mut LANGID,
+ ) -> NTSTATUS;
+ fn NtSetDefaultUILanguage(
+ DefaultUILanguageId: LANGID,
+ ) -> NTSTATUS;
+ fn NtIsUILanguageComitted() -> NTSTATUS;
+ fn NtInitializeNlsFiles(
+ BaseAddress: *mut PVOID,
+ DefaultLocaleId: PLCID,
+ DefaultCasingTableSize: PLARGE_INTEGER,
+ ) -> NTSTATUS;
+ fn NtGetNlsSectionPtr(
+ SectionType: ULONG,
+ SectionData: ULONG,
+ ContextData: PVOID,
+ SectionPointer: *mut PVOID,
+ SectionSize: PULONG,
+ ) -> NTSTATUS;
+ fn NtMapCMFModule(
+ What: ULONG,
+ Index: ULONG,
+ CacheIndexOut: PULONG,
+ CacheFlagsOut: PULONG,
+ ViewSizeOut: PULONG,
+ BaseAddress: *mut PVOID,
+ ) -> NTSTATUS;
+ fn NtGetMUIRegistryInfo(
+ Flags: ULONG,
+ DataSize: PULONG,
+ Data: PVOID,
+ ) -> NTSTATUS;
+ fn NtAddAtom(
+ AtomName: PWSTR,
+ Length: ULONG,
+ Atom: PRTL_ATOM,
+ ) -> NTSTATUS;
+}}
+pub const ATOM_FLAG_GLOBAL: ULONG = 0x2;
+EXTERN!{extern "system" {
+ fn NtAddAtomEx(
+ AtomName: PWSTR,
+ Length: ULONG,
+ Atom: PRTL_ATOM,
+ Flags: ULONG,
+ ) -> NTSTATUS;
+ fn NtFindAtom(
+ AtomName: PWSTR,
+ Length: ULONG,
+ Atom: PRTL_ATOM,
+ ) -> NTSTATUS;
+ fn NtDeleteAtom(
+ Atom: RTL_ATOM,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum ATOM_INFORMATION_CLASS {
+ AtomBasicInformation = 0,
+ AtomTableInformation = 1,
+}}
+STRUCT!{struct ATOM_BASIC_INFORMATION {
+ UsageCount: USHORT,
+ Flags: USHORT,
+ NameLength: USHORT,
+ Name: [WCHAR; 1],
+}}
+pub type PATOM_BASIC_INFORMATION = *mut ATOM_BASIC_INFORMATION;
+STRUCT!{struct ATOM_TABLE_INFORMATION {
+ NumberOfAtoms: ULONG,
+ Atoms: [RTL_ATOM; 1],
+}}
+pub type PATOM_TABLE_INFORMATION = *mut ATOM_TABLE_INFORMATION;
+EXTERN!{extern "system" {
+ fn NtQueryInformationAtom(
+ Atom: RTL_ATOM,
+ AtomInformationClass: ATOM_INFORMATION_CLASS,
+ AtomInformation: PVOID,
+ AtomInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+}}
+pub const FLG_STOP_ON_EXCEPTION: u32 = 0x00000001;
+pub const FLG_SHOW_LDR_SNAPS: u32 = 0x00000002;
+pub const FLG_DEBUG_INITIAL_COMMAND: u32 = 0x00000004;
+pub const FLG_STOP_ON_HUNG_GUI: u32 = 0x00000008;
+pub const FLG_HEAP_ENABLE_TAIL_CHECK: u32 = 0x00000010;
+pub const FLG_HEAP_ENABLE_FREE_CHECK: u32 = 0x00000020;
+pub const FLG_HEAP_VALIDATE_PARAMETERS: u32 = 0x00000040;
+pub const FLG_HEAP_VALIDATE_ALL: u32 = 0x00000080;
+pub const FLG_APPLICATION_VERIFIER: u32 = 0x00000100;
+pub const FLG_POOL_ENABLE_TAGGING: u32 = 0x00000400;
+pub const FLG_HEAP_ENABLE_TAGGING: u32 = 0x00000800;
+pub const FLG_USER_STACK_TRACE_DB: u32 = 0x00001000;
+pub const FLG_KERNEL_STACK_TRACE_DB: u32 = 0x00002000;
+pub const FLG_MAINTAIN_OBJECT_TYPELIST: u32 = 0x00004000;
+pub const FLG_HEAP_ENABLE_TAG_BY_DLL: u32 = 0x00008000;
+pub const FLG_DISABLE_STACK_EXTENSION: u32 = 0x00010000;
+pub const FLG_ENABLE_CSRDEBUG: u32 = 0x00020000;
+pub const FLG_ENABLE_KDEBUG_SYMBOL_LOAD: u32 = 0x00040000;
+pub const FLG_DISABLE_PAGE_KERNEL_STACKS: u32 = 0x00080000;
+pub const FLG_ENABLE_SYSTEM_CRIT_BREAKS: u32 = 0x00100000;
+pub const FLG_HEAP_DISABLE_COALESCING: u32 = 0x00200000;
+pub const FLG_ENABLE_CLOSE_EXCEPTIONS: u32 = 0x00400000;
+pub const FLG_ENABLE_EXCEPTION_LOGGING: u32 = 0x00800000;
+pub const FLG_ENABLE_HANDLE_TYPE_TAGGING: u32 = 0x01000000;
+pub const FLG_HEAP_PAGE_ALLOCS: u32 = 0x02000000;
+pub const FLG_DEBUG_INITIAL_COMMAND_EX: u32 = 0x04000000;
+pub const FLG_DISABLE_DBGPRINT: u32 = 0x08000000;
+pub const FLG_CRITSEC_EVENT_CREATION: u32 = 0x10000000;
+pub const FLG_LDR_TOP_DOWN: u32 = 0x20000000;
+pub const FLG_ENABLE_HANDLE_EXCEPTIONS: u32 = 0x40000000;
+pub const FLG_DISABLE_PROTDLLS: u32 = 0x80000000;
+pub const FLG_VALID_BITS: u32 = 0xfffffdff;
+pub const FLG_USERMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS
+ | FLG_HEAP_ENABLE_TAIL_CHECK | FLG_HEAP_ENABLE_FREE_CHECK | FLG_HEAP_VALIDATE_PARAMETERS
+ | FLG_HEAP_VALIDATE_ALL | FLG_APPLICATION_VERIFIER | FLG_HEAP_ENABLE_TAGGING
+ | FLG_USER_STACK_TRACE_DB | FLG_HEAP_ENABLE_TAG_BY_DLL | FLG_DISABLE_STACK_EXTENSION
+ | FLG_ENABLE_SYSTEM_CRIT_BREAKS | FLG_HEAP_DISABLE_COALESCING | FLG_DISABLE_PROTDLLS
+ | FLG_HEAP_PAGE_ALLOCS | FLG_CRITSEC_EVENT_CREATION | FLG_LDR_TOP_DOWN;
+pub const FLG_BOOTONLY_VALID_BITS: u32 = FLG_KERNEL_STACK_TRACE_DB | FLG_MAINTAIN_OBJECT_TYPELIST
+ | FLG_ENABLE_CSRDEBUG | FLG_DEBUG_INITIAL_COMMAND | FLG_DEBUG_INITIAL_COMMAND_EX
+ | FLG_DISABLE_PAGE_KERNEL_STACKS;
+pub const FLG_KERNELMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS
+ | FLG_STOP_ON_HUNG_GUI | FLG_POOL_ENABLE_TAGGING | FLG_ENABLE_KDEBUG_SYMBOL_LOAD
+ | FLG_ENABLE_CLOSE_EXCEPTIONS | FLG_ENABLE_EXCEPTION_LOGGING | FLG_ENABLE_HANDLE_TYPE_TAGGING
+ | FLG_DISABLE_DBGPRINT | FLG_ENABLE_HANDLE_EXCEPTIONS;
+EXTERN!{extern "system" {
+ fn NtQueryLicenseValue(
+ ValueName: PUNICODE_STRING,
+ Type: PULONG,
+ Data: PVOID,
+ DataSize: ULONG,
+ ResultDataSize: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetDefaultHardErrorPort(
+ DefaultHardErrorPort: HANDLE,
+ ) -> NTSTATUS;
+}}
+ENUM!{enum SHUTDOWN_ACTION {
+ ShutdownNoReboot = 0,
+ ShutdownReboot = 1,
+ ShutdownPowerOff = 2,
+}}
+EXTERN!{extern "system" {
+ fn NtShutdownSystem(
+ Action: SHUTDOWN_ACTION,
+ ) -> NTSTATUS;
+ fn NtDisplayString(
+ String: PUNICODE_STRING,
+ ) -> NTSTATUS;
+ fn NtDrawText(
+ Text: PUNICODE_STRING,
+ ) -> NTSTATUS;
+}}