ntapi-0.4.0/.cargo_vcs_info.json0000644000000001360000000000100121500ustar { "git": { "sha1": "a09a60cbccf4ad3d05d80d076ecf5e375a5826b4" }, "path_in_vcs": "" }ntapi-0.4.0/Cargo.toml0000644000000027670000000000100101620ustar # THIS FILE IS AUTOMATICALLY GENERATED BY CARGO # # When uploading crates to the registry Cargo will automatically # "normalize" Cargo.toml files for maximal compatibility # with all versions of Cargo and also rewrite `path` dependencies # to registry (e.g., crates.io) dependencies. # # If you are reading this file be aware that the original Cargo.toml # will likely look very different (and much more reasonable). # See Cargo.toml.orig for the original contents. [package] edition = "2018" name = "ntapi" version = "0.4.0" authors = ["MSxDOS "] include = [ "src/**/*", "Cargo.toml", "build.rs", "README.md", "LICENSE-APACHE", "LICENSE-MIT", ] description = "FFI bindings for Native API" documentation = "https://docs.rs/ntapi/*/x86_64-pc-windows-msvc/ntapi/" readme = "README.md" keywords = [ "windows", "ffi", "ntapi", "native", "win32", ] categories = [ "external-ffi-bindings", "no-std", "os::windows-apis", ] license = "Apache-2.0 OR MIT" repository = "https://github.com/MSxDOS/ntapi" [package.metadata.docs.rs] default-target = "x86_64-pc-windows-msvc" targets = [ "aarch64-pc-windows-msvc", "i686-pc-windows-msvc", "x86_64-pc-windows-msvc", ] [dependencies.winapi] version = "0.3.9" features = [ "cfg", "evntrace", "in6addr", "inaddr", "minwinbase", "ntsecapi", "windef", "winioctl", ] [features] default = ["user"] func-types = [] impl-default = ["winapi/impl-default"] kernel = [] user = [] ntapi-0.4.0/Cargo.toml.orig000064400000000000000000000016610072674642500136630ustar 00000000000000[package] name = "ntapi" version = "0.4.0" authors = ["MSxDOS "] description = "FFI bindings for Native API" license = "Apache-2.0 OR MIT" documentation = "https://docs.rs/ntapi/*/x86_64-pc-windows-msvc/ntapi/" repository = "https://github.com/MSxDOS/ntapi" readme = "README.md" categories = ["external-ffi-bindings", "no-std", "os::windows-apis"] keywords = ["windows", "ffi", "ntapi", "native", "win32"] include = ["src/**/*", "Cargo.toml", "build.rs", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] edition = "2018" [package.metadata.docs.rs] default-target = "x86_64-pc-windows-msvc" targets = ["aarch64-pc-windows-msvc", "i686-pc-windows-msvc", "x86_64-pc-windows-msvc"] [dependencies.winapi] version = "0.3.9" features = ["cfg", "evntrace", "in6addr", "inaddr", "minwinbase", "ntsecapi", "windef", "winioctl"] [features] default = ["user"] func-types = [] impl-default = ["winapi/impl-default"] user = [] kernel = [] ntapi-0.4.0/LICENSE-APACHE000064400000000000000000000261400072674642500127170ustar 00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ntapi-0.4.0/LICENSE-MIT000064400000000000000000000017770072674642500124400ustar 00000000000000Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"),to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ntapi-0.4.0/README.md000064400000000000000000000022060072674642500122470ustar 00000000000000# ntapi [![AppVeyor][appveyor_badge]][appveyor_link] [![Crates.io][crates_badge]][crates_link] [![Documentation][docs_badge]][docs_link] [![Lines of Code][loc_badge]][loc_link] [![Unsafe][unsafe_badge]][unsafe_link] Rust FFI bindings for Native API. Mostly based on Process Hacker [phnt](https://github.com/processhacker/processhacker/tree/master/phnt) headers as the most complete source of bindings to be found. The comments there also contain useful information on how to use specific things. ### Minimum supported Rust 1.64 [appveyor_link]: https://ci.appveyor.com/project/MSxDOS/ntapi [appveyor_badge]: https://ci.appveyor.com/api/projects/status/i1fcmm0c5b7c6b6u/branch/master?svg=true [crates_link]: https://crates.io/crates/ntapi [crates_badge]: https://img.shields.io/crates/v/ntapi.svg [docs_link]: https://docs.rs/ntapi/*/x86_64-pc-windows-msvc/ntapi/ [docs_badge]: https://docs.rs/ntapi/badge.svg [loc_link]: https://github.com/Aaronepower/tokei [loc_badge]: https://tokei.rs/b1/github/MSxDOS/ntapi [unsafe_link]: https://doc.rust-lang.org/book/ch19-01-unsafe-rust.html [unsafe_badge]: https://img.shields.io/badge/unsafe-%E2%9C%94-C901DD.svg ntapi-0.4.0/build.rs000064400000000000000000000006550072674642500124430ustar 00000000000000use std::env::var; fn main() { #[cfg(feature = "user")] { if var("TARGET").map( |t| t == "x86_64-pc-windows-gnu" || t == "i686-pc-windows-gnu" ).unwrap_or(false) { if var("WINAPI_NO_BUNDLED_LIBRARIES").is_ok() { println!("cargo:rustc-link-lib=ntdll"); } else { println!("cargo:rustc-link-lib=winapi_ntdll"); } } } } ntapi-0.4.0/src/lib.rs000064400000000000000000000027400072674642500126760ustar 00000000000000//! # Features //! **`func-types`** -- Generate [types][fn_ptr] for external functions.
//! **`impl-default`** -- Implement [`Default`] for structs and unions.
//! **`user`** *(default)* -- Link to `ntdll`.
//! **`kernel`** -- Link to `ntoskrnl` on MSVC targets.
//! //! [fn_ptr]: https://doc.rust-lang.org/reference/types.html#function-pointer-types //! [`Default`]: https://doc.rust-lang.org/std/default/trait.Default.html#tymethod.default #![cfg(all(windows, any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64")))] #![no_std] #![deny(unused, unused_qualifications)] #![warn(unused_attributes)] #![allow(bad_style, deprecated, overflowing_literals, unused_macros, clippy::cast_lossless, clippy::cast_ptr_alignment, clippy::len_without_is_empty, clippy::trivially_copy_pass_by_ref, clippy::unreadable_literal)] #[doc(hidden)] pub extern crate core as _core; #[macro_use] #[doc(hidden)] pub extern crate winapi; #[macro_use] mod macros; pub mod ntapi_base; pub mod ntdbg; pub mod ntexapi; pub mod ntgdi; pub mod ntioapi; pub mod ntkeapi; pub mod ntldr; pub mod ntlpcapi; pub mod ntmisc; pub mod ntmmapi; pub mod ntnls; pub mod ntobapi; pub mod ntpebteb; pub mod ntpfapi; pub mod ntpnpapi; pub mod ntpoapi; pub mod ntpsapi; pub mod ntregapi; pub mod ntrtl; pub mod ntsam; pub mod ntseapi; pub mod ntsmss; pub mod nttmapi; pub mod nttp; pub mod ntwow64; pub mod ntxcapi; pub mod ntzwapi; pub mod string; pub mod subprocesstag; pub mod winapi_local; pub mod winsta; ntapi-0.4.0/src/macros.rs000064400000000000000000000071300072674642500134120ustar 00000000000000#[macro_export] macro_rules! EXTERN { (extern $c:tt {$( fn $n:ident ($( $p:tt $(: $t:ty)?),* $(,)?) $(-> $r:ty)?; )+}) => { #[cfg_attr(all(target_env = "msvc", feature = "user"), link(name = "ntdll"))] #[cfg_attr(all(target_env = "msvc", feature = "kernel"), link(name = "ntoskrnl"))] extern $c {$( pub fn $n( $($p $(: $t)?),* ) $(-> $r)?; )+} $( #[cfg(feature = "func-types")] pub type $n = unsafe extern $c fn($($p $(: $t)?),*) $(-> $r)?; )+ }; (extern $c:tt {$( static mut $n:ident : $t:ty; )+}) => { #[cfg_attr(all(target_env = "msvc", feature = "user"), link(name = "ntdll"))] extern $c {$( pub static mut $n: $t; )+} }; } #[macro_export] #[doc(hidden)] macro_rules! FIELD_OFFSET { ($_type:ty, $field:ident$(.$cfields:ident)*) => { unsafe { union Transmuter { p: *const T, r: &'static T, i: usize, } #[allow(unaligned_references)] Transmuter { r: &(&Transmuter { p: $crate::_core::ptr::null::<$_type>() }.r).$field$(.$cfields)* }.i } }; } macro_rules! BITFIELD { ($base:ident $field:ident: $fieldtype:ty [ $($thing:ident $set_thing:ident[$r:expr],)+ ]) => { impl $base {$( #[inline] pub const fn $thing(&self) -> $fieldtype { const SIZE: usize = $crate::_core::mem::size_of::<$fieldtype>() * 8; self.$field << (SIZE - $r.end) >> (SIZE - $r.end + $r.start) } #[inline] pub fn $set_thing(&mut self, val: $fieldtype) { const MASK: $fieldtype = ((1 << ($r.end - $r.start)) - 1) << $r.start; self.$field &= !MASK; self.$field |= (val << $r.start) & MASK; } )+} }; (unsafe $base:ident $field:ident: $fieldtype:ty [ $($thing:ident $set_thing:ident[$r:expr],)+ ]) => { impl $base {$( #[inline] pub unsafe fn $thing(&self) -> $fieldtype { const SIZE: usize = $crate::_core::mem::size_of::<$fieldtype>() * 8; self.$field << (SIZE - $r.end) >> (SIZE - $r.end + $r.start) } #[inline] pub unsafe fn $set_thing(&mut self, val: $fieldtype) { const MASK: $fieldtype = ((1 << ($r.end - $r.start)) - 1) << $r.start; self.$field &= !MASK; self.$field |= (val << $r.start) & MASK; } )+} }; } macro_rules! UNION { ($(#[$attrs:meta])* union $name:ident { $($variant:ident: $ftype:ty,)+ }) => ( #[repr(C)] $(#[$attrs])* pub union $name { $(pub $variant: $ftype,)+ } impl Copy for $name {} impl Clone for $name { #[inline] fn clone(&self) -> $name { *self } } #[cfg(feature = "impl-default")] impl Default for $name { #[inline] fn default() -> $name { unsafe { $crate::_core::mem::zeroed() } } } ); } macro_rules! FN { (stdcall $func:ident($($p:ident: $t:ty,)*) -> $ret:ty) => ( pub type $func = Option $ret>; ); (cdecl $func:ident($($p:ident: $t:ty,)*) -> $ret:ty) => ( pub type $func = Option $ret>; ); } macro_rules! IFDEF { ($($thing:item)*) => ($($thing)*) } ntapi-0.4.0/src/ntapi_base.rs000064400000000000000000000022140072674642500142310ustar 00000000000000use winapi::shared::ntdef::{HANDLE, LONG, NTSTATUS, ULONG, ULONGLONG, USHORT}; use winapi::shared::ntstatus::FACILITY_NTWIN32; pub type KPRIORITY = LONG; pub type RTL_ATOM = USHORT; pub type PRTL_ATOM = *mut RTL_ATOM; pub const NT_FACILITY_MASK: ULONG = 0xfff; pub const NT_FACILITY_SHIFT: ULONG = 16; #[inline] pub const fn NT_FACILITY(Status: NTSTATUS) -> ULONG { (Status as u32) >> NT_FACILITY_SHIFT & NT_FACILITY_MASK } #[inline] pub const fn NT_NTWIN32(Status: NTSTATUS) -> bool { NT_FACILITY(Status) == FACILITY_NTWIN32 as u32 } #[inline] pub const fn WIN32_FROM_NTSTATUS(Status: NTSTATUS) -> ULONG { (Status as u32) & 0xffff } STRUCT!{struct CLIENT_ID { UniqueProcess: HANDLE, UniqueThread: HANDLE, }} pub type PCLIENT_ID = *mut CLIENT_ID; STRUCT!{struct CLIENT_ID32 { UniqueProcess: ULONG, UniqueThread: ULONG, }} pub type PCLIENT_ID32 = *mut CLIENT_ID32; STRUCT!{struct CLIENT_ID64 { UniqueProcess: ULONGLONG, UniqueThread: ULONGLONG, }} pub type PCLIENT_ID64 = *mut CLIENT_ID64; STRUCT!{struct KSYSTEM_TIME { LowPart: ULONG, High1Time: LONG, High2Time: LONG, }} pub type PKSYSTEM_TIME = *mut KSYSTEM_TIME; ntapi-0.4.0/src/ntdbg.rs000064400000000000000000000160060072674642500132260ustar 00000000000000use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID}; use winapi::shared::evntprov::EVENT_FILTER_DESCRIPTOR; use winapi::shared::guiddef::LPCGUID; use winapi::shared::ntdef::{ BOOLEAN, HANDLE, NTSTATUS, PCCH, PCH, PCSTR, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, PVOID, UCHAR, ULONG, ULONGLONG, }; use winapi::um::minwinbase::LPDEBUG_EVENT; use winapi::um::winnt::{ACCESS_MASK, EXCEPTION_RECORD, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE}; use winapi::vc::vadefs::va_list; EXTERN!{extern "system" { fn DbgUserBreakPoint(); fn DbgBreakPoint(); fn DbgBreakPointWithStatus( Status: ULONG, ); }} pub const DBG_STATUS_CONTROL_C: u32 = 1; pub const DBG_STATUS_SYSRQ: u32 = 2; pub const DBG_STATUS_BUGCHECK_FIRST: u32 = 3; pub const DBG_STATUS_BUGCHECK_SECOND: u32 = 4; pub const DBG_STATUS_FATAL: u32 = 5; pub const DBG_STATUS_DEBUG_CONTROL: u32 = 6; pub const DBG_STATUS_WORKER: u32 = 7; EXTERN!{extern "C" { fn DbgPrint( Format: PCSTR, ... ) -> ULONG; fn DbgPrintEx( ComponentId: ULONG, Level: ULONG, Format: PCSTR, ... ) -> ULONG; }} EXTERN!{extern "system" { fn vDbgPrintEx( ComponentId: ULONG, Level: ULONG, Format: PCCH, arglist: va_list, ) -> ULONG; fn vDbgPrintExWithPrefix( Prefix: PCH, ComponentId: ULONG, Level: ULONG, Format: PCCH, arglist: va_list, ) -> ULONG; fn DbgQueryDebugFilterState( ComponentId: ULONG, Level: ULONG, ) -> NTSTATUS; fn DbgSetDebugFilterState( ComponentId: ULONG, Level: ULONG, State: BOOLEAN, ) -> NTSTATUS; fn DbgPrompt( Prompt: PCCH, Response: PCH, Length: ULONG, ) -> ULONG; }} STRUCT!{struct DBGKM_EXCEPTION { ExceptionRecord: EXCEPTION_RECORD, FirstChance: ULONG, }} pub type PDBGKM_EXCEPTION = *mut DBGKM_EXCEPTION; STRUCT!{struct DBGKM_CREATE_THREAD { SubSystemKey: ULONG, StartAddress: PVOID, }} pub type PDBGKM_CREATE_THREAD = *mut DBGKM_CREATE_THREAD; STRUCT!{struct DBGKM_CREATE_PROCESS { SubSystemKey: ULONG, FileHandle: HANDLE, BaseOfImage: PVOID, DebugInfoFileOffset: ULONG, DebugInfoSize: ULONG, InitialThread: DBGKM_CREATE_THREAD, }} pub type PDBGKM_CREATE_PROCESS = *mut DBGKM_CREATE_PROCESS; STRUCT!{struct DBGKM_EXIT_THREAD { ExitStatus: NTSTATUS, }} pub type PDBGKM_EXIT_THREAD = *mut DBGKM_EXIT_THREAD; STRUCT!{struct DBGKM_EXIT_PROCESS { ExitStatus: NTSTATUS, }} pub type PDBGKM_EXIT_PROCESS = *mut DBGKM_EXIT_PROCESS; STRUCT!{struct DBGKM_LOAD_DLL { FileHandle: HANDLE, BaseOfDll: PVOID, DebugInfoFileOffset: ULONG, DebugInfoSize: ULONG, NamePointer: PVOID, }} pub type PDBGKM_LOAD_DLL = *mut DBGKM_LOAD_DLL; STRUCT!{struct DBGKM_UNLOAD_DLL { BaseAddress: PVOID, }} pub type PDBGKM_UNLOAD_DLL = *mut DBGKM_UNLOAD_DLL; ENUM!{enum DBG_STATE { DbgIdle = 0, DbgReplyPending = 1, DbgCreateThreadStateChange = 2, DbgCreateProcessStateChange = 3, DbgExitThreadStateChange = 4, DbgExitProcessStateChange = 5, DbgExceptionStateChange = 6, DbgBreakpointStateChange = 7, DbgSingleStepStateChange = 8, DbgLoadDllStateChange = 9, DbgUnloadDllStateChange = 10, }} pub type PDBG_STATE = *mut DBG_STATE; STRUCT!{struct DBGUI_CREATE_THREAD { HandleToThread: HANDLE, NewThread: DBGKM_CREATE_THREAD, }} pub type PDBGUI_CREATE_THREAD = *mut DBGUI_CREATE_THREAD; STRUCT!{struct DBGUI_CREATE_PROCESS { HandleToProcess: HANDLE, HandleToThread: HANDLE, NewProcess: DBGKM_CREATE_PROCESS, }} UNION!{union DBGUI_WAIT_STATE_CHANGE_StateInfo { Exception: DBGKM_EXCEPTION, CreateThread: DBGUI_CREATE_THREAD, CreateProcessInfo: DBGUI_CREATE_PROCESS, ExitThread: DBGKM_EXIT_THREAD, ExitProcess: DBGKM_EXIT_PROCESS, LoadDll: DBGKM_LOAD_DLL, UnloadDll: DBGKM_UNLOAD_DLL, }} pub type PDBGUI_CREATE_PROCESS = *mut DBGUI_CREATE_PROCESS; STRUCT!{struct DBGUI_WAIT_STATE_CHANGE { NewState: DBG_STATE, AppClientId: CLIENT_ID, StateInfo: DBGUI_WAIT_STATE_CHANGE_StateInfo, }} pub type PDBGUI_WAIT_STATE_CHANGE = *mut DBGUI_WAIT_STATE_CHANGE; pub const DEBUG_READ_EVENT: ULONG = 0x0001; pub const DEBUG_PROCESS_ASSIGN: ULONG = 0x0002; pub const DEBUG_SET_INFORMATION: ULONG = 0x0004; pub const DEBUG_QUERY_INFORMATION: ULONG = 0x0008; pub const DEBUG_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | DEBUG_READ_EVENT | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | DEBUG_QUERY_INFORMATION; pub const DEBUG_KILL_ON_CLOSE: u32 = 0x1; ENUM!{enum DEBUGOBJECTINFOCLASS { DebugObjectUnusedInformation = 0, DebugObjectKillProcessOnExitInformation = 1, MaxDebugObjectInfoClass = 2, }} pub type PDEBUGOBJECTINFOCLASS = *mut DEBUGOBJECTINFOCLASS; EXTERN!{extern "system" { fn NtCreateDebugObject( DebugObjectHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, Flags: ULONG, ) -> NTSTATUS; fn NtDebugActiveProcess( ProcessHandle: HANDLE, DebugObjectHandle: HANDLE, ) -> NTSTATUS; fn NtDebugContinue( DebugObjectHandle: HANDLE, ClientId: PCLIENT_ID, ContinueStatus: NTSTATUS, ) -> NTSTATUS; fn NtRemoveProcessDebug( ProcessHandle: HANDLE, DebugObjectHandle: HANDLE, ) -> NTSTATUS; fn NtSetInformationDebugObject( DebugObjectHandle: HANDLE, DebugObjectInformationClass: DEBUGOBJECTINFOCLASS, DebugInformation: PVOID, DebugInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtWaitForDebugEvent( DebugObjectHandle: HANDLE, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, WaitStateChange: PVOID, ) -> NTSTATUS; fn DbgUiConnectToDbg() -> NTSTATUS; fn DbgUiGetThreadDebugObject() -> HANDLE; fn DbgUiSetThreadDebugObject( DebugObject: HANDLE, ); fn DbgUiWaitStateChange( StateChange: PDBGUI_WAIT_STATE_CHANGE, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn DbgUiContinue( AppClientId: PCLIENT_ID, ContinueStatus: NTSTATUS, ) -> NTSTATUS; fn DbgUiStopDebugging( Process: HANDLE, ) -> NTSTATUS; fn DbgUiDebugActiveProcess( Process: HANDLE, ) -> NTSTATUS; fn DbgUiRemoteBreakin( Context: PVOID, ); fn DbgUiIssueRemoteBreakin( Process: HANDLE, ) -> NTSTATUS; fn DbgUiConvertStateChangeStructure( StateChange: PDBGUI_WAIT_STATE_CHANGE, DebugEvent: LPDEBUG_EVENT, ) -> NTSTATUS; }} FN!{stdcall PENABLECALLBACK( SourceId: LPCGUID, IsEnabled: ULONG, Level: UCHAR, MatchAnyKeyword: ULONGLONG, MatchAllKeyword: ULONGLONG, FilterData: *mut EVENT_FILTER_DESCRIPTOR, CallbackContext: PVOID, ) -> ()} pub type REGHANDLE = ULONGLONG; pub type PREGHANDLE = *mut ULONGLONG; EXTERN!{extern "system" { fn EtwEventRegister( ProviderId: LPCGUID, EnableCallback: PENABLECALLBACK, CallbackContext: PVOID, RegHandle: PREGHANDLE, ) -> NTSTATUS; }} ntapi-0.4.0/src/ntexapi.rs000064400000000000000000003144630072674642500136100ustar 00000000000000use core::mem::MaybeUninit; #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] use core::ptr::addr_of; use core::ptr::read_volatile; #[cfg(target_arch = "x86")] use core::hint::spin_loop; use crate::ntapi_base::{CLIENT_ID, KPRIORITY, KSYSTEM_TIME, PRTL_ATOM, RTL_ATOM}; use crate::ntioapi::{BUS_DATA_TYPE, FILE_IO_COMPLETION_INFORMATION, INTERFACE_TYPE}; use crate::ntkeapi::{KPROFILE_SOURCE, KTHREAD_STATE, KWAIT_REASON}; use crate::ntldr::RTL_PROCESS_MODULE_INFORMATION_EX; use crate::ntpebteb::PTEB; use crate::ntpoapi::COUNTED_REASON_CONTEXT; use winapi::shared::basetsd::{KAFFINITY, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR}; use winapi::shared::evntrace::PROFILE_SOURCE_INFO; use winapi::shared::guiddef::{GUID, LPGUID}; use winapi::shared::ntdef::{ BOOLEAN, CCHAR, EVENT_TYPE, HANDLE, LANGID, LARGE_INTEGER, LCID, LOGICAL, LONG, LONGLONG, NTSTATUS, NT_PRODUCT_TYPE, PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE, PHYSICAL_ADDRESS, PLARGE_INTEGER, PLCID, PLONG, PLUID, POBJECT_ATTRIBUTES, PUCHAR, PULARGE_INTEGER, PULONG, PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE, UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR, WNF_STATE_NAME, }; use winapi::um::winnt::{ ACCESS_MASK, ANYSIZE_ARRAY, FIRMWARE_TYPE, GENERIC_MAPPING, PSECURITY_DESCRIPTOR, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, XSTATE_CONFIGURATION, }; use crate::winapi_local::um::winnt::UInt32x32To64; EXTERN!{extern "system" { fn NtDelayExecution( Alertable: BOOLEAN, DelayInterval: PLARGE_INTEGER, ) -> NTSTATUS; fn NtQuerySystemEnvironmentValue( VariableName: PUNICODE_STRING, VariableValue: PWSTR, ValueLength: USHORT, ReturnLength: PUSHORT, ) -> NTSTATUS; fn NtSetSystemEnvironmentValue( VariableName: PUNICODE_STRING, VariableValue: PUNICODE_STRING, ) -> NTSTATUS; fn NtQuerySystemEnvironmentValueEx( VariableName: PUNICODE_STRING, VendorGuid: LPGUID, Value: PVOID, ValueLength: PULONG, Attributes: PULONG, ) -> NTSTATUS; fn NtSetSystemEnvironmentValueEx( VariableName: PUNICODE_STRING, VendorGuid: LPGUID, Value: PVOID, ValueLength: ULONG, Attributes: ULONG, ) -> NTSTATUS; fn NtEnumerateSystemEnvironmentValuesEx( InformationClass: ULONG, Buffer: PVOID, BufferLength: PULONG, ) -> NTSTATUS; }} STRUCT!{struct BOOT_ENTRY { Version: ULONG, Length: ULONG, Id: ULONG, Attributes: ULONG, FriendlyNameOffset: ULONG, BootFilePathOffset: ULONG, OsOptionsLength: ULONG, OsOptions: [UCHAR; 1], }} pub type PBOOT_ENTRY = *mut BOOT_ENTRY; STRUCT!{struct BOOT_ENTRY_LIST { NextEntryOffset: ULONG, BootEntry: BOOT_ENTRY, }} pub type PBOOT_ENTRY_LIST = *mut BOOT_ENTRY_LIST; STRUCT!{struct BOOT_OPTIONS { Version: ULONG, Length: ULONG, Timeout: ULONG, CurrentBootEntryId: ULONG, NextBootEntryId: ULONG, HeadlessRedirection: [WCHAR; 1], }} pub type PBOOT_OPTIONS = *mut BOOT_OPTIONS; STRUCT!{struct FILE_PATH { Version: ULONG, Length: ULONG, Type: ULONG, FilePath: [UCHAR; 1], }} pub type PFILE_PATH = *mut FILE_PATH; STRUCT!{struct EFI_DRIVER_ENTRY { Version: ULONG, Length: ULONG, Id: ULONG, FriendlyNameOffset: ULONG, DriverFilePathOffset: ULONG, }} pub type PEFI_DRIVER_ENTRY = *mut EFI_DRIVER_ENTRY; STRUCT!{struct EFI_DRIVER_ENTRY_LIST { NextEntryOffset: ULONG, DriverEntry: EFI_DRIVER_ENTRY, }} pub type PEFI_DRIVER_ENTRY_LIST = *mut EFI_DRIVER_ENTRY_LIST; EXTERN!{extern "system" { fn NtAddBootEntry( BootEntry: PBOOT_ENTRY, Id: PULONG, ) -> NTSTATUS; fn NtDeleteBootEntry( Id: ULONG, ) -> NTSTATUS; fn NtModifyBootEntry( BootEntry: PBOOT_ENTRY, ) -> NTSTATUS; fn NtEnumerateBootEntries( Buffer: PVOID, BufferLength: PULONG, ) -> NTSTATUS; fn NtQueryBootEntryOrder( Ids: PULONG, Count: PULONG, ) -> NTSTATUS; fn NtSetBootEntryOrder( Ids: PULONG, Count: ULONG, ) -> NTSTATUS; fn NtQueryBootOptions( BootOptions: PBOOT_OPTIONS, BootOptionsLength: PULONG, ) -> NTSTATUS; fn NtSetBootOptions( BootOptions: PBOOT_OPTIONS, FieldsToChange: ULONG, ) -> NTSTATUS; fn NtTranslateFilePath( InputFilePath: PFILE_PATH, OutputType: ULONG, OutputFilePath: PFILE_PATH, OutputFilePathLength: PULONG, ) -> NTSTATUS; fn NtAddDriverEntry( DriverEntry: PEFI_DRIVER_ENTRY, Id: PULONG, ) -> NTSTATUS; fn NtDeleteDriverEntry( Id: ULONG, ) -> NTSTATUS; fn NtModifyDriverEntry( DriverEntry: PEFI_DRIVER_ENTRY, ) -> NTSTATUS; fn NtEnumerateDriverEntries( Buffer: PVOID, BufferLength: PULONG, ) -> NTSTATUS; fn NtQueryDriverEntryOrder( Ids: PULONG, Count: PULONG, ) -> NTSTATUS; fn NtSetDriverEntryOrder( Ids: PULONG, Count: ULONG, ) -> NTSTATUS; }} ENUM!{enum FILTER_BOOT_OPTION_OPERATION { FilterBootOptionOperationOpenSystemStore = 0, FilterBootOptionOperationSetElement = 1, FilterBootOptionOperationDeleteElement = 2, FilterBootOptionOperationMax = 3, }} EXTERN!{extern "system" { fn NtFilterBootOption( FilterOperation: FILTER_BOOT_OPTION_OPERATION, ObjectType: ULONG, ElementType: ULONG, Data: PVOID, DataSize: ULONG, ) -> NTSTATUS; }} pub const EVENT_QUERY_STATE: u32 = 0x0001; ENUM!{enum EVENT_INFORMATION_CLASS { EventBasicInformation = 0, }} STRUCT!{struct EVENT_BASIC_INFORMATION { EventType: EVENT_TYPE, EventState: LONG, }} pub type PEVENT_BASIC_INFORMATION = *mut EVENT_BASIC_INFORMATION; EXTERN!{extern "system" { fn NtCreateEvent( EventHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, EventType: EVENT_TYPE, InitialState: BOOLEAN, ) -> NTSTATUS; fn NtOpenEvent( EventHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtSetEvent( EventHandle: HANDLE, PreviousState: PLONG, ) -> NTSTATUS; fn NtSetEventBoostPriority( EventHandle: HANDLE, ) -> NTSTATUS; fn NtClearEvent( EventHandle: HANDLE, ) -> NTSTATUS; fn NtResetEvent( EventHandle: HANDLE, PreviousState: PLONG, ) -> NTSTATUS; fn NtPulseEvent( EventHandle: HANDLE, PreviousState: PLONG, ) -> NTSTATUS; fn NtQueryEvent( EventHandle: HANDLE, EventInformationClass: EVENT_INFORMATION_CLASS, EventInformation: PVOID, EventInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; }} pub const EVENT_PAIR_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE; EXTERN!{extern "system" { fn NtCreateEventPair( EventPairHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtOpenEventPair( EventPairHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtSetLowEventPair( EventPairHandle: HANDLE, ) -> NTSTATUS; fn NtSetHighEventPair( EventPairHandle: HANDLE, ) -> NTSTATUS; fn NtWaitLowEventPair( EventPairHandle: HANDLE, ) -> NTSTATUS; fn NtWaitHighEventPair( EventPairHandle: HANDLE, ) -> NTSTATUS; fn NtSetLowWaitHighEventPair( EventPairHandle: HANDLE, ) -> NTSTATUS; fn NtSetHighWaitLowEventPair( EventPairHandle: HANDLE, ) -> NTSTATUS; }} ENUM!{enum MUTANT_INFORMATION_CLASS { MutantBasicInformation = 0, MutantOwnerInformation = 1, }} STRUCT!{struct MUTANT_BASIC_INFORMATION { CurrentCount: LONG, OwnedByCaller: BOOLEAN, AbandonedState: BOOLEAN, }} pub type PMUTANT_BASIC_INFORMATION = *mut MUTANT_BASIC_INFORMATION; STRUCT!{struct MUTANT_OWNER_INFORMATION { ClientId: CLIENT_ID, }} pub type PMUTANT_OWNER_INFORMATION = *mut MUTANT_OWNER_INFORMATION; EXTERN!{extern "system" { fn NtCreateMutant( MutantHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, InitialOwner: BOOLEAN, ) -> NTSTATUS; fn NtOpenMutant( MutantHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtReleaseMutant( MutantHandle: HANDLE, PreviousCount: PLONG, ) -> NTSTATUS; fn NtQueryMutant( MutantHandle: HANDLE, MutantInformationClass: MUTANT_INFORMATION_CLASS, MutantInformation: PVOID, MutantInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; }} pub const SEMAPHORE_QUERY_STATE: u32 = 0x0001; ENUM!{enum SEMAPHORE_INFORMATION_CLASS { SemaphoreBasicInformation = 0, }} STRUCT!{struct SEMAPHORE_BASIC_INFORMATION { CurrentCount: LONG, MaximumCount: LONG, }} pub type PSEMAPHORE_BASIC_INFORMATION = *mut SEMAPHORE_BASIC_INFORMATION; EXTERN!{extern "system" { fn NtCreateSemaphore( SemaphoreHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, InitialCount: LONG, MaximumCount: LONG, ) -> NTSTATUS; fn NtOpenSemaphore( SemaphoreHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtReleaseSemaphore( SemaphoreHandle: HANDLE, ReleaseCount: LONG, PreviousCount: PLONG, ) -> NTSTATUS; fn NtQuerySemaphore( SemaphoreHandle: HANDLE, SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS, SemaphoreInformation: PVOID, SemaphoreInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; }} ENUM!{enum TIMER_INFORMATION_CLASS { TimerBasicInformation = 0, }} STRUCT!{struct TIMER_BASIC_INFORMATION { RemainingTime: LARGE_INTEGER, TimerState: BOOLEAN, }} pub type PTIMER_BASIC_INFORMATION = *mut TIMER_BASIC_INFORMATION; FN!{stdcall PTIMER_APC_ROUTINE( TimerContext: PVOID, TimerLowValue: ULONG, TimerHighValue: LONG, ) -> ()} ENUM!{enum TIMER_SET_INFORMATION_CLASS { TimerSetCoalescableTimer = 0, MaxTimerInfoClass = 1, }} STRUCT!{struct TIMER_SET_COALESCABLE_TIMER_INFO { DueTime: LARGE_INTEGER, TimerApcRoutine: PTIMER_APC_ROUTINE, TimerContext: PVOID, WakeContext: *mut COUNTED_REASON_CONTEXT, Period: ULONG, TolerableDelay: ULONG, PreviousState: PBOOLEAN, }} pub type PTIMER_SET_COALESCABLE_TIMER_INFO = *mut TIMER_SET_COALESCABLE_TIMER_INFO; EXTERN!{extern "system" { fn NtCreateTimer( TimerHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TimerType: TIMER_TYPE, ) -> NTSTATUS; fn NtOpenTimer( TimerHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtSetTimer( TimerHandle: HANDLE, DueTime: PLARGE_INTEGER, TimerApcRoutine: PTIMER_APC_ROUTINE, TimerContext: PVOID, ResumeTimer: BOOLEAN, Period: LONG, PreviousState: PBOOLEAN, ) -> NTSTATUS; fn NtSetTimerEx( TimerHandle: HANDLE, TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS, TimerSetInformation: PVOID, TimerSetInformationLength: ULONG, ) -> NTSTATUS; fn NtCancelTimer( TimerHandle: HANDLE, CurrentState: PBOOLEAN, ) -> NTSTATUS; fn NtQueryTimer( TimerHandle: HANDLE, TimerInformationClass: TIMER_INFORMATION_CLASS, TimerInformation: PVOID, TimerInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtCreateIRTimer( TimerHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ) -> NTSTATUS; fn NtSetIRTimer( TimerHandle: HANDLE, DueTime: PLARGE_INTEGER, ) -> NTSTATUS; }} STRUCT!{struct T2_SET_PARAMETERS { Version: ULONG, Reserved: ULONG, NoWakeTolerance: LONGLONG, }} pub type PT2_SET_PARAMETERS = *mut T2_SET_PARAMETERS; pub type PT2_CANCEL_PARAMETERS = PVOID; EXTERN!{extern "system" { fn NtCreateTimer2( TimerHandle: PHANDLE, Reserved1: PVOID, Reserved2: PVOID, Attributes: ULONG, DesiredAccess: ACCESS_MASK, ) -> NTSTATUS; fn NtSetTimer2( TimerHandle: HANDLE, DueTime: PLARGE_INTEGER, Period: PLARGE_INTEGER, Parameters: PT2_SET_PARAMETERS, ) -> NTSTATUS; fn NtCancelTimer2( TimerHandle: HANDLE, Parameters: PT2_CANCEL_PARAMETERS, ) -> NTSTATUS; }} pub const PROFILE_CONTROL: u32 = 0x0001; pub const PROFILE_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL; EXTERN!{extern "system" { fn NtCreateProfile( ProfileHandle: PHANDLE, Process: HANDLE, ProfileBase: PVOID, ProfileSize: SIZE_T, BucketSize: ULONG, Buffer: PULONG, BufferSize: ULONG, ProfileSource: KPROFILE_SOURCE, Affinity: KAFFINITY, ) -> NTSTATUS; fn NtCreateProfileEx( ProfileHandle: PHANDLE, Process: HANDLE, ProfileBase: PVOID, ProfileSize: SIZE_T, BucketSize: ULONG, Buffer: PULONG, BufferSize: ULONG, ProfileSource: KPROFILE_SOURCE, GroupCount: USHORT, GroupAffinity: PGROUP_AFFINITY, ) -> NTSTATUS; fn NtStartProfile( ProfileHandle: HANDLE, ) -> NTSTATUS; fn NtStopProfile( ProfileHandle: HANDLE, ) -> NTSTATUS; fn NtQueryIntervalProfile( ProfileSource: KPROFILE_SOURCE, Interval: PULONG, ) -> NTSTATUS; fn NtSetIntervalProfile( Interval: ULONG, Source: KPROFILE_SOURCE, ) -> NTSTATUS; }} pub const KEYEDEVENT_WAIT: ULONG = 0x0001; pub const KEYEDEVENT_WAKE: ULONG = 0x0002; pub const KEYEDEVENT_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | KEYEDEVENT_WAIT | KEYEDEVENT_WAKE; EXTERN!{extern "system" { fn NtCreateKeyedEvent( KeyedEventHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, Flags: ULONG, ) -> NTSTATUS; fn NtOpenKeyedEvent( KeyedEventHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtReleaseKeyedEvent( KeyedEventHandle: HANDLE, KeyValue: PVOID, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn NtWaitForKeyedEvent( KeyedEventHandle: HANDLE, KeyValue: PVOID, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn NtUmsThreadYield( SchedulerParam: PVOID, ) -> NTSTATUS; }} ENUM!{enum WNF_STATE_NAME_LIFETIME { WnfWellKnownStateName = 0, WnfPermanentStateName = 1, WnfPersistentStateName = 2, WnfTemporaryStateName = 3, }} ENUM!{enum WNF_STATE_NAME_INFORMATION { WnfInfoStateNameExist = 0, WnfInfoSubscribersPresent = 1, WnfInfoIsQuiescent = 2, }} ENUM!{enum WNF_DATA_SCOPE { WnfDataScopeSystem = 0, WnfDataScopeSession = 1, WnfDataScopeUser = 2, WnfDataScopeProcess = 3, WnfDataScopeMachine = 4, }} STRUCT!{struct WNF_TYPE_ID { TypeId: GUID, }} pub type PWNF_TYPE_ID = *mut WNF_TYPE_ID; pub type PCWNF_TYPE_ID = *const WNF_TYPE_ID; pub type PWNF_CHANGE_STAMP = *mut ULONG; pub type WNF_CHANGE_STAMP = ULONG; STRUCT!{struct WNF_DELIVERY_DESCRIPTOR { SubscriptionId: ULONGLONG, StateName: WNF_STATE_NAME, ChangeStamp: WNF_CHANGE_STAMP, StateDataSize: ULONG, EventMask: ULONG, TypeId: WNF_TYPE_ID, StateDataOffset: ULONG, }} pub type PWNF_DELIVERY_DESCRIPTOR = *mut WNF_DELIVERY_DESCRIPTOR; EXTERN!{extern "system" { fn NtCreateWnfStateName( StateName: PWNF_STATE_NAME, NameLifetime: WNF_STATE_NAME_LIFETIME, DataScope: WNF_DATA_SCOPE, PersistData: BOOLEAN, TypeId: PCWNF_TYPE_ID, MaximumStateSize: ULONG, SecurityDescriptor: PSECURITY_DESCRIPTOR, ) -> NTSTATUS; fn NtDeleteWnfStateName( StateName: PCWNF_STATE_NAME, ) -> NTSTATUS; fn NtUpdateWnfStateData( StateName: PCWNF_STATE_NAME, Buffer: *const VOID, Length: ULONG, TypeId: PCWNF_TYPE_ID, ExplicitScope: *const VOID, MatchingChangeStamp: WNF_CHANGE_STAMP, CheckStamp: LOGICAL, ) -> NTSTATUS; fn NtDeleteWnfStateData( StateName: PCWNF_STATE_NAME, ExplicitScope: *const VOID, ) -> NTSTATUS; fn NtQueryWnfStateData( StateName: PCWNF_STATE_NAME, TypeId: PCWNF_TYPE_ID, ExplicitScope: *const VOID, ChangeStamp: PWNF_CHANGE_STAMP, Buffer: PVOID, BufferSize: PULONG, ) -> NTSTATUS; fn NtQueryWnfStateNameInformation( StateName: PCWNF_STATE_NAME, NameInfoClass: WNF_STATE_NAME_INFORMATION, ExplicitScope: *const VOID, InfoBuffer: PVOID, InfoBufferSize: ULONG, ) -> NTSTATUS; fn NtSubscribeWnfStateChange( StateName: PCWNF_STATE_NAME, ChangeStamp: WNF_CHANGE_STAMP, EventMask: ULONG, SubscriptionId: PULONG64, ) -> NTSTATUS; fn NtUnsubscribeWnfStateChange( StateName: PCWNF_STATE_NAME, ) -> NTSTATUS; fn NtGetCompleteWnfStateSubscription( OldDescriptorStateName: PWNF_STATE_NAME, OldSubscriptionId: *mut ULONG64, OldDescriptorEventMask: ULONG, OldDescriptorStatus: ULONG, NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR, DescriptorSize: ULONG, ) -> NTSTATUS; fn NtSetWnfProcessNotificationEvent( NotificationEvent: HANDLE, ) -> NTSTATUS; }} pub const WORKER_FACTORY_RELEASE_WORKER: u32 = 0x0001; pub const WORKER_FACTORY_WAIT: u32 = 0x0002; pub const WORKER_FACTORY_SET_INFORMATION: u32 = 0x0004; pub const WORKER_FACTORY_QUERY_INFORMATION: u32 = 0x0008; pub const WORKER_FACTORY_READY_WORKER: u32 = 0x0010; pub const WORKER_FACTORY_SHUTDOWN: u32 = 0x0020; pub const WORKER_FACTORY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | WORKER_FACTORY_RELEASE_WORKER | WORKER_FACTORY_WAIT | WORKER_FACTORY_SET_INFORMATION | WORKER_FACTORY_QUERY_INFORMATION | WORKER_FACTORY_READY_WORKER | WORKER_FACTORY_SHUTDOWN; ENUM!{enum WORKERFACTORYINFOCLASS { WorkerFactoryTimeout = 0, WorkerFactoryRetryTimeout = 1, WorkerFactoryIdleTimeout = 2, WorkerFactoryBindingCount = 3, WorkerFactoryThreadMinimum = 4, WorkerFactoryThreadMaximum = 5, WorkerFactoryPaused = 6, WorkerFactoryBasicInformation = 7, WorkerFactoryAdjustThreadGoal = 8, WorkerFactoryCallbackType = 9, WorkerFactoryStackInformation = 10, WorkerFactoryThreadBasePriority = 11, WorkerFactoryTimeoutWaiters = 12, WorkerFactoryFlags = 13, WorkerFactoryThreadSoftMaximum = 14, MaxWorkerFactoryInfoClass = 15, }} pub type PWORKERFACTORYINFOCLASS = *mut WORKERFACTORYINFOCLASS; STRUCT!{struct WORKER_FACTORY_BASIC_INFORMATION { Timeout: LARGE_INTEGER, RetryTimeout: LARGE_INTEGER, IdleTimeout: LARGE_INTEGER, Paused: BOOLEAN, TimerSet: BOOLEAN, QueuedToExWorker: BOOLEAN, MayCreate: BOOLEAN, CreateInProgress: BOOLEAN, InsertedIntoQueue: BOOLEAN, Shutdown: BOOLEAN, BindingCount: ULONG, ThreadMinimum: ULONG, ThreadMaximum: ULONG, PendingWorkerCount: ULONG, WaitingWorkerCount: ULONG, TotalWorkerCount: ULONG, ReleaseCount: ULONG, InfiniteWaitGoal: LONGLONG, StartRoutine: PVOID, StartParameter: PVOID, ProcessId: HANDLE, StackReserve: SIZE_T, StackCommit: SIZE_T, LastThreadCreationStatus: NTSTATUS, }} pub type PWORKER_FACTORY_BASIC_INFORMATION = *mut WORKER_FACTORY_BASIC_INFORMATION; EXTERN!{extern "system" { fn NtCreateWorkerFactory( WorkerFactoryHandleReturn: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, CompletionPortHandle: HANDLE, WorkerProcessHandle: HANDLE, StartRoutine: PVOID, StartParameter: PVOID, MaxThreadCount: ULONG, StackReserve: SIZE_T, StackCommit: SIZE_T, ) -> NTSTATUS; fn NtQueryInformationWorkerFactory( WorkerFactoryHandle: HANDLE, WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, WorkerFactoryInformation: PVOID, WorkerFactoryInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtSetInformationWorkerFactory( WorkerFactoryHandle: HANDLE, WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, WorkerFactoryInformation: PVOID, WorkerFactoryInformationLength: ULONG, ) -> NTSTATUS; fn NtShutdownWorkerFactory( WorkerFactoryHandle: HANDLE, PendingWorkerCount: *mut LONG, ) -> NTSTATUS; fn NtReleaseWorkerFactoryWorker( WorkerFactoryHandle: HANDLE, ) -> NTSTATUS; fn NtWorkerFactoryWorkerReady( WorkerFactoryHandle: HANDLE, ) -> NTSTATUS; fn NtWaitForWorkViaWorkerFactory( WorkerFactoryHandle: HANDLE, MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION, ) -> NTSTATUS; fn NtQuerySystemTime( SystemTime: PLARGE_INTEGER, ) -> NTSTATUS; fn NtSetSystemTime( SystemTime: PLARGE_INTEGER, PreviousTime: PLARGE_INTEGER, ) -> NTSTATUS; fn NtQueryTimerResolution( MaximumTime: PULONG, MinimumTime: PULONG, CurrentTime: PULONG, ) -> NTSTATUS; fn NtSetTimerResolution( DesiredTime: ULONG, SetResolution: BOOLEAN, ActualTime: PULONG, ) -> NTSTATUS; fn NtQueryPerformanceCounter( PerformanceCounter: PLARGE_INTEGER, PerformanceFrequency: PLARGE_INTEGER, ) -> NTSTATUS; fn NtAllocateLocallyUniqueId( Luid: PLUID, ) -> NTSTATUS; fn NtSetUuidSeed( Seed: PCHAR, ) -> NTSTATUS; fn NtAllocateUuids( Time: PULARGE_INTEGER, Range: PULONG, Sequence: PULONG, Seed: PCHAR, ) -> NTSTATUS; }} ENUM!{enum SYSTEM_INFORMATION_CLASS { SystemBasicInformation = 0, SystemProcessorInformation = 1, SystemPerformanceInformation = 2, SystemTimeOfDayInformation = 3, SystemPathInformation = 4, SystemProcessInformation = 5, SystemCallCountInformation = 6, SystemDeviceInformation = 7, SystemProcessorPerformanceInformation = 8, SystemFlagsInformation = 9, SystemCallTimeInformation = 10, SystemModuleInformation = 11, SystemLocksInformation = 12, SystemStackTraceInformation = 13, SystemPagedPoolInformation = 14, SystemNonPagedPoolInformation = 15, SystemHandleInformation = 16, SystemObjectInformation = 17, SystemPageFileInformation = 18, SystemVdmInstemulInformation = 19, SystemVdmBopInformation = 20, SystemFileCacheInformation = 21, SystemPoolTagInformation = 22, SystemInterruptInformation = 23, SystemDpcBehaviorInformation = 24, SystemFullMemoryInformation = 25, SystemLoadGdiDriverInformation = 26, SystemUnloadGdiDriverInformation = 27, SystemTimeAdjustmentInformation = 28, SystemSummaryMemoryInformation = 29, SystemMirrorMemoryInformation = 30, SystemPerformanceTraceInformation = 31, SystemObsolete0 = 32, SystemExceptionInformation = 33, SystemCrashDumpStateInformation = 34, SystemKernelDebuggerInformation = 35, SystemContextSwitchInformation = 36, SystemRegistryQuotaInformation = 37, SystemExtendServiceTableInformation = 38, SystemPrioritySeperation = 39, SystemVerifierAddDriverInformation = 40, SystemVerifierRemoveDriverInformation = 41, SystemProcessorIdleInformation = 42, SystemLegacyDriverInformation = 43, SystemCurrentTimeZoneInformation = 44, SystemLookasideInformation = 45, SystemTimeSlipNotification = 46, SystemSessionCreate = 47, SystemSessionDetach = 48, SystemSessionInformation = 49, SystemRangeStartInformation = 50, SystemVerifierInformation = 51, SystemVerifierThunkExtend = 52, SystemSessionProcessInformation = 53, SystemLoadGdiDriverInSystemSpace = 54, SystemNumaProcessorMap = 55, SystemPrefetcherInformation = 56, SystemExtendedProcessInformation = 57, SystemRecommendedSharedDataAlignment = 58, SystemComPlusPackage = 59, SystemNumaAvailableMemory = 60, SystemProcessorPowerInformation = 61, SystemEmulationBasicInformation = 62, SystemEmulationProcessorInformation = 63, SystemExtendedHandleInformation = 64, SystemLostDelayedWriteInformation = 65, SystemBigPoolInformation = 66, SystemSessionPoolTagInformation = 67, SystemSessionMappedViewInformation = 68, SystemHotpatchInformation = 69, SystemObjectSecurityMode = 70, SystemWatchdogTimerHandler = 71, SystemWatchdogTimerInformation = 72, SystemLogicalProcessorInformation = 73, SystemWow64SharedInformationObsolete = 74, SystemRegisterFirmwareTableInformationHandler = 75, SystemFirmwareTableInformation = 76, SystemModuleInformationEx = 77, SystemVerifierTriageInformation = 78, SystemSuperfetchInformation = 79, SystemMemoryListInformation = 80, SystemFileCacheInformationEx = 81, SystemThreadPriorityClientIdInformation = 82, SystemProcessorIdleCycleTimeInformation = 83, SystemVerifierCancellationInformation = 84, SystemProcessorPowerInformationEx = 85, SystemRefTraceInformation = 86, SystemSpecialPoolInformation = 87, SystemProcessIdInformation = 88, SystemErrorPortInformation = 89, SystemBootEnvironmentInformation = 90, SystemHypervisorInformation = 91, SystemVerifierInformationEx = 92, SystemTimeZoneInformation = 93, SystemImageFileExecutionOptionsInformation = 94, SystemCoverageInformation = 95, SystemPrefetchPatchInformation = 96, SystemVerifierFaultsInformation = 97, SystemSystemPartitionInformation = 98, SystemSystemDiskInformation = 99, SystemProcessorPerformanceDistribution = 100, SystemNumaProximityNodeInformation = 101, SystemDynamicTimeZoneInformation = 102, SystemCodeIntegrityInformation = 103, SystemProcessorMicrocodeUpdateInformation = 104, SystemProcessorBrandString = 105, SystemVirtualAddressInformation = 106, SystemLogicalProcessorAndGroupInformation = 107, SystemProcessorCycleTimeInformation = 108, SystemStoreInformation = 109, SystemRegistryAppendString = 110, SystemAitSamplingValue = 111, SystemVhdBootInformation = 112, SystemCpuQuotaInformation = 113, SystemNativeBasicInformation = 114, SystemSpare1 = 115, SystemLowPriorityIoInformation = 116, SystemTpmBootEntropyInformation = 117, SystemVerifierCountersInformation = 118, SystemPagedPoolInformationEx = 119, SystemSystemPtesInformationEx = 120, SystemNodeDistanceInformation = 121, SystemAcpiAuditInformation = 122, SystemBasicPerformanceInformation = 123, SystemQueryPerformanceCounterInformation = 124, SystemSessionBigPoolInformation = 125, SystemBootGraphicsInformation = 126, SystemScrubPhysicalMemoryInformation = 127, SystemBadPageInformation = 128, SystemProcessorProfileControlArea = 129, SystemCombinePhysicalMemoryInformation = 130, SystemEntropyInterruptTimingCallback = 131, SystemConsoleInformation = 132, SystemPlatformBinaryInformation = 133, SystemThrottleNotificationInformation = 134, SystemHypervisorProcessorCountInformation = 135, SystemDeviceDataInformation = 136, SystemDeviceDataEnumerationInformation = 137, SystemMemoryTopologyInformation = 138, SystemMemoryChannelInformation = 139, SystemBootLogoInformation = 140, SystemProcessorPerformanceInformationEx = 141, SystemSpare0 = 142, SystemSecureBootPolicyInformation = 143, SystemPageFileInformationEx = 144, SystemSecureBootInformation = 145, SystemEntropyInterruptTimingRawInformation = 146, SystemPortableWorkspaceEfiLauncherInformation = 147, SystemFullProcessInformation = 148, SystemKernelDebuggerInformationEx = 149, SystemBootMetadataInformation = 150, SystemSoftRebootInformation = 151, SystemElamCertificateInformation = 152, SystemOfflineDumpConfigInformation = 153, SystemProcessorFeaturesInformation = 154, SystemRegistryReconciliationInformation = 155, SystemEdidInformation = 156, SystemManufacturingInformation = 157, SystemEnergyEstimationConfigInformation = 158, SystemHypervisorDetailInformation = 159, SystemProcessorCycleStatsInformation = 160, SystemVmGenerationCountInformation = 161, SystemTrustedPlatformModuleInformation = 162, SystemKernelDebuggerFlags = 163, SystemCodeIntegrityPolicyInformation = 164, SystemIsolatedUserModeInformation = 165, SystemHardwareSecurityTestInterfaceResultsInformation = 166, SystemSingleModuleInformation = 167, SystemAllowedCpuSetsInformation = 168, SystemVsmProtectionInformation = 169, SystemInterruptCpuSetsInformation = 170, SystemSecureBootPolicyFullInformation = 171, SystemCodeIntegrityPolicyFullInformation = 172, SystemAffinitizedInterruptProcessorInformation = 173, SystemRootSiloInformation = 174, SystemCpuSetInformation = 175, SystemCpuSetTagInformation = 176, SystemWin32WerStartCallout = 177, SystemSecureKernelProfileInformation = 178, SystemCodeIntegrityPlatformManifestInformation = 179, SystemInterruptSteeringInformation = 180, SystemSupportedProcessorArchitectures = 181, SystemMemoryUsageInformation = 182, SystemCodeIntegrityCertificateInformation = 183, SystemPhysicalMemoryInformation = 184, SystemControlFlowTransition = 185, SystemKernelDebuggingAllowed = 186, SystemActivityModerationExeState = 187, SystemActivityModerationUserSettings = 188, SystemCodeIntegrityPoliciesFullInformation = 189, SystemCodeIntegrityUnlockInformation = 190, SystemIntegrityQuotaInformation = 191, SystemFlushInformation = 192, SystemProcessorIdleMaskInformation = 193, SystemSecureDumpEncryptionInformation = 194, SystemWriteConstraintInformation = 195, SystemKernelVaShadowInformation = 196, SystemHypervisorSharedPageInformation = 197, SystemFirmwareBootPerformanceInformation = 198, SystemCodeIntegrityVerificationInformation = 199, SystemFirmwarePartitionInformation = 200, SystemSpeculationControlInformation = 201, SystemDmaGuardPolicyInformation = 202, SystemEnclaveLaunchControlInformation = 203, SystemWorkloadAllowedCpuSetsInformation = 204, SystemCodeIntegrityUnlockModeInformation = 205, SystemLeapSecondInformation = 206, SystemFlags2Information = 207, MaxSystemInfoClass = 208, }} STRUCT!{struct SYSTEM_BASIC_INFORMATION { Reserved: ULONG, TimerResolution: ULONG, PageSize: ULONG, NumberOfPhysicalPages: ULONG, LowestPhysicalPageNumber: ULONG, HighestPhysicalPageNumber: ULONG, AllocationGranularity: ULONG, MinimumUserModeAddress: ULONG_PTR, MaximumUserModeAddress: ULONG_PTR, ActiveProcessorsAffinityMask: ULONG_PTR, NumberOfProcessors: CCHAR, }} pub type PSYSTEM_BASIC_INFORMATION = *mut SYSTEM_BASIC_INFORMATION; STRUCT!{struct SYSTEM_PROCESSOR_INFORMATION { ProcessorArchitecture: USHORT, ProcessorLevel: USHORT, ProcessorRevision: USHORT, MaximumProcessors: USHORT, ProcessorFeatureBits: ULONG, }} pub type PSYSTEM_PROCESSOR_INFORMATION = *mut SYSTEM_PROCESSOR_INFORMATION; STRUCT!{struct SYSTEM_PERFORMANCE_INFORMATION { IdleProcessTime: LARGE_INTEGER, IoReadTransferCount: LARGE_INTEGER, IoWriteTransferCount: LARGE_INTEGER, IoOtherTransferCount: LARGE_INTEGER, IoReadOperationCount: ULONG, IoWriteOperationCount: ULONG, IoOtherOperationCount: ULONG, AvailablePages: ULONG, CommittedPages: ULONG, CommitLimit: ULONG, PeakCommitment: ULONG, PageFaultCount: ULONG, CopyOnWriteCount: ULONG, TransitionCount: ULONG, CacheTransitionCount: ULONG, DemandZeroCount: ULONG, PageReadCount: ULONG, PageReadIoCount: ULONG, CacheReadCount: ULONG, CacheIoCount: ULONG, DirtyPagesWriteCount: ULONG, DirtyWriteIoCount: ULONG, MappedPagesWriteCount: ULONG, MappedWriteIoCount: ULONG, PagedPoolPages: ULONG, NonPagedPoolPages: ULONG, PagedPoolAllocs: ULONG, PagedPoolFrees: ULONG, NonPagedPoolAllocs: ULONG, NonPagedPoolFrees: ULONG, FreeSystemPtes: ULONG, ResidentSystemCodePage: ULONG, TotalSystemDriverPages: ULONG, TotalSystemCodePages: ULONG, NonPagedPoolLookasideHits: ULONG, PagedPoolLookasideHits: ULONG, AvailablePagedPoolPages: ULONG, ResidentSystemCachePage: ULONG, ResidentPagedPoolPage: ULONG, ResidentSystemDriverPage: ULONG, CcFastReadNoWait: ULONG, CcFastReadWait: ULONG, CcFastReadResourceMiss: ULONG, CcFastReadNotPossible: ULONG, CcFastMdlReadNoWait: ULONG, CcFastMdlReadWait: ULONG, CcFastMdlReadResourceMiss: ULONG, CcFastMdlReadNotPossible: ULONG, CcMapDataNoWait: ULONG, CcMapDataWait: ULONG, CcMapDataNoWaitMiss: ULONG, CcMapDataWaitMiss: ULONG, CcPinMappedDataCount: ULONG, CcPinReadNoWait: ULONG, CcPinReadWait: ULONG, CcPinReadNoWaitMiss: ULONG, CcPinReadWaitMiss: ULONG, CcCopyReadNoWait: ULONG, CcCopyReadWait: ULONG, CcCopyReadNoWaitMiss: ULONG, CcCopyReadWaitMiss: ULONG, CcMdlReadNoWait: ULONG, CcMdlReadWait: ULONG, CcMdlReadNoWaitMiss: ULONG, CcMdlReadWaitMiss: ULONG, CcReadAheadIos: ULONG, CcLazyWriteIos: ULONG, CcLazyWritePages: ULONG, CcDataFlushes: ULONG, CcDataPages: ULONG, ContextSwitches: ULONG, FirstLevelTbFills: ULONG, SecondLevelTbFills: ULONG, SystemCalls: ULONG, CcTotalDirtyPages: ULONGLONG, CcDirtyPageThreshold: ULONGLONG, ResidentAvailablePages: LONGLONG, SharedCommittedPages: ULONGLONG, }} pub type PSYSTEM_PERFORMANCE_INFORMATION = *mut SYSTEM_PERFORMANCE_INFORMATION; STRUCT!{struct SYSTEM_TIMEOFDAY_INFORMATION { BootTime: LARGE_INTEGER, CurrentTime: LARGE_INTEGER, TimeZoneBias: LARGE_INTEGER, TimeZoneId: ULONG, Reserved: ULONG, BootTimeBias: ULONGLONG, SleepTimeBias: ULONGLONG, }} pub type PSYSTEM_TIMEOFDAY_INFORMATION = *mut SYSTEM_TIMEOFDAY_INFORMATION; STRUCT!{struct SYSTEM_THREAD_INFORMATION { KernelTime: LARGE_INTEGER, UserTime: LARGE_INTEGER, CreateTime: LARGE_INTEGER, WaitTime: ULONG, StartAddress: PVOID, ClientId: CLIENT_ID, Priority: KPRIORITY, BasePriority: LONG, ContextSwitches: ULONG, ThreadState: KTHREAD_STATE, WaitReason: KWAIT_REASON, }} pub type PSYSTEM_THREAD_INFORMATION = *mut SYSTEM_THREAD_INFORMATION; STRUCT!{struct SYSTEM_EXTENDED_THREAD_INFORMATION { ThreadInfo: SYSTEM_THREAD_INFORMATION, StackBase: PVOID, StackLimit: PVOID, Win32StartAddress: PVOID, TebBase: PTEB, Reserved2: ULONG_PTR, Reserved3: ULONG_PTR, Reserved4: ULONG_PTR, }} pub type PSYSTEM_EXTENDED_THREAD_INFORMATION = *mut SYSTEM_EXTENDED_THREAD_INFORMATION; STRUCT!{struct SYSTEM_PROCESS_INFORMATION { NextEntryOffset: ULONG, NumberOfThreads: ULONG, WorkingSetPrivateSize: LARGE_INTEGER, HardFaultCount: ULONG, NumberOfThreadsHighWatermark: ULONG, CycleTime: ULONGLONG, CreateTime: LARGE_INTEGER, UserTime: LARGE_INTEGER, KernelTime: LARGE_INTEGER, ImageName: UNICODE_STRING, BasePriority: KPRIORITY, UniqueProcessId: HANDLE, InheritedFromUniqueProcessId: HANDLE, HandleCount: ULONG, SessionId: ULONG, UniqueProcessKey: ULONG_PTR, PeakVirtualSize: SIZE_T, VirtualSize: SIZE_T, PageFaultCount: ULONG, PeakWorkingSetSize: SIZE_T, WorkingSetSize: SIZE_T, QuotaPeakPagedPoolUsage: SIZE_T, QuotaPagedPoolUsage: SIZE_T, QuotaPeakNonPagedPoolUsage: SIZE_T, QuotaNonPagedPoolUsage: SIZE_T, PagefileUsage: SIZE_T, PeakPagefileUsage: SIZE_T, PrivatePageCount: SIZE_T, ReadOperationCount: LARGE_INTEGER, WriteOperationCount: LARGE_INTEGER, OtherOperationCount: LARGE_INTEGER, ReadTransferCount: LARGE_INTEGER, WriteTransferCount: LARGE_INTEGER, OtherTransferCount: LARGE_INTEGER, Threads: [SYSTEM_THREAD_INFORMATION; 1], }} pub type PSYSTEM_PROCESS_INFORMATION = *mut SYSTEM_PROCESS_INFORMATION; STRUCT!{struct SYSTEM_CALL_COUNT_INFORMATION { Length: ULONG, NumberOfTables: ULONG, }} pub type PSYSTEM_CALL_COUNT_INFORMATION = *mut SYSTEM_CALL_COUNT_INFORMATION; STRUCT!{struct SYSTEM_DEVICE_INFORMATION { NumberOfDisks: ULONG, NumberOfFloppies: ULONG, NumberOfCdRoms: ULONG, NumberOfTapes: ULONG, NumberOfSerialPorts: ULONG, NumberOfParallelPorts: ULONG, }} pub type PSYSTEM_DEVICE_INFORMATION = *mut SYSTEM_DEVICE_INFORMATION; STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION { IdleTime: LARGE_INTEGER, KernelTime: LARGE_INTEGER, UserTime: LARGE_INTEGER, DpcTime: LARGE_INTEGER, InterruptTime: LARGE_INTEGER, InterruptCount: ULONG, }} pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION = *mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; STRUCT!{struct SYSTEM_FLAGS_INFORMATION { Flags: ULONG, }} pub type PSYSTEM_FLAGS_INFORMATION = *mut SYSTEM_FLAGS_INFORMATION; STRUCT!{struct SYSTEM_CALL_TIME_INFORMATION { Length: ULONG, TotalCalls: ULONG, TimeOfCalls: [LARGE_INTEGER; 1], }} pub type PSYSTEM_CALL_TIME_INFORMATION = *mut SYSTEM_CALL_TIME_INFORMATION; STRUCT!{struct RTL_PROCESS_LOCK_INFORMATION { Address: PVOID, Type: USHORT, CreatorBackTraceIndex: USHORT, OwningThread: HANDLE, LockCount: LONG, ContentionCount: ULONG, EntryCount: ULONG, RecursionCount: LONG, NumberOfWaitingShared: ULONG, NumberOfWaitingExclusive: ULONG, }} pub type PRTL_PROCESS_LOCK_INFORMATION = *mut RTL_PROCESS_LOCK_INFORMATION; STRUCT!{struct RTL_PROCESS_LOCKS { NumberOfLocks: ULONG, Locks: [RTL_PROCESS_LOCK_INFORMATION; 1], }} pub type PRTL_PROCESS_LOCKS = *mut RTL_PROCESS_LOCKS; STRUCT!{struct RTL_PROCESS_BACKTRACE_INFORMATION { SymbolicBackTrace: PCHAR, TraceCount: ULONG, Index: USHORT, Depth: USHORT, BackTrace: [PVOID; 32], }} pub type PRTL_PROCESS_BACKTRACE_INFORMATION = *mut RTL_PROCESS_BACKTRACE_INFORMATION; STRUCT!{struct RTL_PROCESS_BACKTRACES { CommittedMemory: ULONG, ReservedMemory: ULONG, NumberOfBackTraceLookups: ULONG, NumberOfBackTraces: ULONG, BackTraces: [RTL_PROCESS_BACKTRACE_INFORMATION; 1], }} pub type PRTL_PROCESS_BACKTRACES = *mut RTL_PROCESS_BACKTRACES; STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO { UniqueProcessId: USHORT, CreatorBackTraceIndex: USHORT, ObjectTypeIndex: UCHAR, HandleAttributes: UCHAR, HandleValue: USHORT, Object: PVOID, GrantedAccess: ULONG, }} pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO; STRUCT!{struct SYSTEM_HANDLE_INFORMATION { NumberOfHandles: ULONG, Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO; 1], }} pub type PSYSTEM_HANDLE_INFORMATION = *mut SYSTEM_HANDLE_INFORMATION; STRUCT!{struct SYSTEM_OBJECTTYPE_INFORMATION { NextEntryOffset: ULONG, NumberOfObjects: ULONG, NumberOfHandles: ULONG, TypeIndex: ULONG, InvalidAttributes: ULONG, GenericMapping: GENERIC_MAPPING, ValidAccessMask: ULONG, PoolType: ULONG, SecurityRequired: BOOLEAN, WaitableObject: BOOLEAN, TypeName: UNICODE_STRING, }} pub type PSYSTEM_OBJECTTYPE_INFORMATION = *mut SYSTEM_OBJECTTYPE_INFORMATION; STRUCT!{struct SYSTEM_OBJECT_INFORMATION { NextEntryOffset: ULONG, Object: PVOID, CreatorUniqueProcess: HANDLE, CreatorBackTraceIndex: USHORT, Flags: USHORT, PointerCount: LONG, HandleCount: LONG, PagedPoolCharge: ULONG, NonPagedPoolCharge: ULONG, ExclusiveProcessId: HANDLE, SecurityDescriptor: PVOID, NameInfo: UNICODE_STRING, }} pub type PSYSTEM_OBJECT_INFORMATION = *mut SYSTEM_OBJECT_INFORMATION; STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION { NextEntryOffset: ULONG, TotalSize: ULONG, TotalInUse: ULONG, PeakUsage: ULONG, PageFileName: UNICODE_STRING, }} pub type PSYSTEM_PAGEFILE_INFORMATION = *mut SYSTEM_PAGEFILE_INFORMATION; pub const MM_WORKING_SET_MAX_HARD_ENABLE: ULONG = 0x1; pub const MM_WORKING_SET_MAX_HARD_DISABLE: ULONG = 0x2; pub const MM_WORKING_SET_MIN_HARD_ENABLE: ULONG = 0x4; pub const MM_WORKING_SET_MIN_HARD_DISABLE: ULONG = 0x8; STRUCT!{struct SYSTEM_FILECACHE_INFORMATION { CurrentSize: SIZE_T, PeakSize: SIZE_T, PageFaultCount: ULONG, MinimumWorkingSet: SIZE_T, MaximumWorkingSet: SIZE_T, CurrentSizeIncludingTransitionInPages: SIZE_T, PeakSizeIncludingTransitionInPages: SIZE_T, TransitionRePurposeCount: ULONG, Flags: ULONG, }} pub type PSYSTEM_FILECACHE_INFORMATION = *mut SYSTEM_FILECACHE_INFORMATION; STRUCT!{struct SYSTEM_BASIC_WORKING_SET_INFORMATION { CurrentSize: SIZE_T, PeakSize: SIZE_T, PageFaultCount: ULONG, }} pub type PSYSTEM_BASIC_WORKING_SET_INFORMATION = *mut SYSTEM_BASIC_WORKING_SET_INFORMATION; UNION!{union SYSTEM_POOLTAG_u { Tag: [UCHAR; 4], TagUlong: ULONG, }} STRUCT!{struct SYSTEM_POOLTAG { u: SYSTEM_POOLTAG_u, PagedAllocs: ULONG, PagedFrees: ULONG, PagedUsed: SIZE_T, NonPagedAllocs: ULONG, NonPagedFrees: ULONG, NonPagedUsed: SIZE_T, }} pub type PSYSTEM_POOLTAG = *mut SYSTEM_POOLTAG; STRUCT!{struct SYSTEM_POOLTAG_INFORMATION { Count: ULONG, TagInfo: [SYSTEM_POOLTAG; 1], }} pub type PSYSTEM_POOLTAG_INFORMATION = *mut SYSTEM_POOLTAG_INFORMATION; STRUCT!{struct SYSTEM_INTERRUPT_INFORMATION { ContextSwitches: ULONG, DpcCount: ULONG, DpcRate: ULONG, TimeIncrement: ULONG, DpcBypassCount: ULONG, ApcBypassCount: ULONG, }} pub type PSYSTEM_INTERRUPT_INFORMATION = *mut SYSTEM_INTERRUPT_INFORMATION; STRUCT!{struct SYSTEM_DPC_BEHAVIOR_INFORMATION { Spare: ULONG, DpcQueueDepth: ULONG, MinimumDpcRate: ULONG, AdjustDpcThreshold: ULONG, IdealDpcRate: ULONG, }} pub type PSYSTEM_DPC_BEHAVIOR_INFORMATION = *mut SYSTEM_DPC_BEHAVIOR_INFORMATION; STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION { TimeAdjustment: ULONG, TimeIncrement: ULONG, Enable: BOOLEAN, }} pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION = *mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION; STRUCT!{struct SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE { TimeAdjustment: ULONGLONG, TimeIncrement: ULONGLONG, Enable: BOOLEAN, }} pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE = *mut SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE; STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION { TimeAdjustment: ULONG, Enable: BOOLEAN, }} pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION = *mut SYSTEM_SET_TIME_ADJUST_INFORMATION; STRUCT!{struct SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE { TimeAdjustment: ULONGLONG, Enable: BOOLEAN, }} pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE = *mut SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE; ENUM!{enum EVENT_TRACE_INFORMATION_CLASS { EventTraceKernelVersionInformation = 0, EventTraceGroupMaskInformation = 1, EventTracePerformanceInformation = 2, EventTraceTimeProfileInformation = 3, EventTraceSessionSecurityInformation = 4, EventTraceSpinlockInformation = 5, EventTraceStackTracingInformation = 6, EventTraceExecutiveResourceInformation = 7, EventTraceHeapTracingInformation = 8, EventTraceHeapSummaryTracingInformation = 9, EventTracePoolTagFilterInformation = 10, EventTracePebsTracingInformation = 11, EventTraceProfileConfigInformation = 12, EventTraceProfileSourceListInformation = 13, EventTraceProfileEventListInformation = 14, EventTraceProfileCounterListInformation = 15, EventTraceStackCachingInformation = 16, EventTraceObjectTypeFilterInformation = 17, EventTraceSoftRestartInformation = 18, EventTraceLastBranchConfigurationInformation = 19, EventTraceLastBranchEventListInformation = 20, EventTraceProfileSourceAddInformation = 21, EventTraceProfileSourceRemoveInformation = 22, EventTraceProcessorTraceConfigurationInformation = 23, EventTraceProcessorTraceEventListInformation = 24, EventTraceCoverageSamplerInformation = 25, MaxEventTraceInfoClass = 26, }} STRUCT!{struct EVENT_TRACE_VERSION_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, EventTraceKernelVersion: ULONG, }} pub type PEVENT_TRACE_VERSION_INFORMATION = *mut EVENT_TRACE_VERSION_INFORMATION; STRUCT!{struct PERFINFO_GROUPMASK { Masks: [ULONG; 8], }} pub type PPERFINFO_GROUPMASK = *mut PERFINFO_GROUPMASK; STRUCT!{struct EVENT_TRACE_GROUPMASK_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, TraceHandle: HANDLE, EventTraceGroupMasks: PERFINFO_GROUPMASK, }} pub type PEVENT_TRACE_GROUPMASK_INFORMATION = *mut EVENT_TRACE_GROUPMASK_INFORMATION; STRUCT!{struct EVENT_TRACE_PERFORMANCE_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, LogfileBytesWritten: LARGE_INTEGER, }} pub type PEVENT_TRACE_PERFORMANCE_INFORMATION = *mut EVENT_TRACE_PERFORMANCE_INFORMATION; STRUCT!{struct EVENT_TRACE_TIME_PROFILE_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, ProfileInterval: ULONG, }} pub type PEVENT_TRACE_TIME_PROFILE_INFORMATION = *mut EVENT_TRACE_TIME_PROFILE_INFORMATION; STRUCT!{struct EVENT_TRACE_SESSION_SECURITY_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, SecurityInformation: ULONG, TraceHandle: HANDLE, SecurityDescriptor: [UCHAR; 1], }} pub type PEVENT_TRACE_SESSION_SECURITY_INFORMATION = *mut EVENT_TRACE_SESSION_SECURITY_INFORMATION; STRUCT!{struct EVENT_TRACE_SPINLOCK_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, SpinLockSpinThreshold: ULONG, SpinLockAcquireSampleRate: ULONG, SpinLockContentionSampleRate: ULONG, SpinLockHoldThreshold: ULONG, }} pub type PEVENT_TRACE_SPINLOCK_INFORMATION = *mut EVENT_TRACE_SPINLOCK_INFORMATION; STRUCT!{struct EVENT_TRACE_SYSTEM_EVENT_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, TraceHandle: HANDLE, HookId: [ULONG; 1], }} pub type PEVENT_TRACE_SYSTEM_EVENT_INFORMATION = *mut EVENT_TRACE_SYSTEM_EVENT_INFORMATION; STRUCT!{struct EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, ReleaseSamplingRate: ULONG, ContentionSamplingRate: ULONG, NumberOfExcessiveTimeouts: ULONG, }} pub type PEVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION = *mut EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION; STRUCT!{struct EVENT_TRACE_HEAP_TRACING_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, ProcessId: ULONG, }} pub type PEVENT_TRACE_HEAP_TRACING_INFORMATION = *mut EVENT_TRACE_HEAP_TRACING_INFORMATION; STRUCT!{struct EVENT_TRACE_TAG_FILTER_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, TraceHandle: HANDLE, Filter: [ULONG; 1], }} pub type PEVENT_TRACE_TAG_FILTER_INFORMATION = *mut EVENT_TRACE_TAG_FILTER_INFORMATION; STRUCT!{struct EVENT_TRACE_PROFILE_COUNTER_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, TraceHandle: HANDLE, ProfileSource: [ULONG; 1], }} pub type PEVENT_TRACE_PROFILE_COUNTER_INFORMATION = *mut EVENT_TRACE_PROFILE_COUNTER_INFORMATION; STRUCT!{struct EVENT_TRACE_PROFILE_LIST_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, Spare: ULONG, Profile: [*mut PROFILE_SOURCE_INFO; 1], }} pub type PEVENT_TRACE_PROFILE_LIST_INFORMATION = *mut EVENT_TRACE_PROFILE_LIST_INFORMATION; STRUCT!{struct EVENT_TRACE_STACK_CACHING_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, TraceHandle: HANDLE, Enabled: BOOLEAN, Reserved: [UCHAR; 3], CacheSize: ULONG, BucketCount: ULONG, }} pub type PEVENT_TRACE_STACK_CACHING_INFORMATION = *mut EVENT_TRACE_STACK_CACHING_INFORMATION; STRUCT!{struct EVENT_TRACE_SOFT_RESTART_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, TraceHandle: HANDLE, PersistTraceBuffers: BOOLEAN, FileName: [WCHAR; 1], }} pub type PEVENT_TRACE_SOFT_RESTART_INFORMATION = *mut EVENT_TRACE_SOFT_RESTART_INFORMATION; STRUCT!{struct EVENT_TRACE_PROFILE_ADD_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, PerfEvtEventSelect: BOOLEAN, PerfEvtUnitSelect: BOOLEAN, PerfEvtType: ULONG, CpuInfoHierarchy: [ULONG; 3], InitialInterval: ULONG, AllowsHalt: BOOLEAN, Persist: BOOLEAN, ProfileSourceDescription: [WCHAR; 1], }} pub type PEVENT_TRACE_PROFILE_ADD_INFORMATION = *mut EVENT_TRACE_PROFILE_ADD_INFORMATION; STRUCT!{struct EVENT_TRACE_PROFILE_REMOVE_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, ProfileSource: KPROFILE_SOURCE, CpuInfoHierarchy: [ULONG; 3], }} pub type PEVENT_TRACE_PROFILE_REMOVE_INFORMATION = *mut EVENT_TRACE_PROFILE_REMOVE_INFORMATION; STRUCT!{struct EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION { EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, CoverageSamplerInformationClass: BOOLEAN, MajorVersion: UCHAR, MinorVersion: UCHAR, Reserved: UCHAR, SamplerHandle: HANDLE, }} pub type PEVENT_TRACE_COVERAGE_SAMPLER_INFORMATION = *mut EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION; STRUCT!{struct SYSTEM_EXCEPTION_INFORMATION { AlignmentFixupCount: ULONG, ExceptionDispatchCount: ULONG, FloatingEmulationCount: ULONG, ByteWordEmulationCount: ULONG, }} pub type PSYSTEM_EXCEPTION_INFORMATION = *mut SYSTEM_EXCEPTION_INFORMATION; STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION { KernelDebuggerEnabled: BOOLEAN, KernelDebuggerNotPresent: BOOLEAN, }} pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION; STRUCT!{struct SYSTEM_CONTEXT_SWITCH_INFORMATION { ContextSwitches: ULONG, FindAny: ULONG, FindLast: ULONG, FindIdeal: ULONG, IdleAny: ULONG, IdleCurrent: ULONG, IdleLast: ULONG, IdleIdeal: ULONG, PreemptAny: ULONG, PreemptCurrent: ULONG, PreemptLast: ULONG, SwitchToIdle: ULONG, }} pub type PSYSTEM_CONTEXT_SWITCH_INFORMATION = *mut SYSTEM_CONTEXT_SWITCH_INFORMATION; STRUCT!{struct SYSTEM_REGISTRY_QUOTA_INFORMATION { RegistryQuotaAllowed: ULONG, RegistryQuotaUsed: ULONG, PagedPoolSize: SIZE_T, }} pub type PSYSTEM_REGISTRY_QUOTA_INFORMATION = *mut SYSTEM_REGISTRY_QUOTA_INFORMATION; STRUCT!{struct SYSTEM_PROCESSOR_IDLE_INFORMATION { IdleTime: ULONGLONG, C1Time: ULONGLONG, C2Time: ULONGLONG, C3Time: ULONGLONG, C1Transitions: ULONG, C2Transitions: ULONG, C3Transitions: ULONG, Padding: ULONG, }} pub type PSYSTEM_PROCESSOR_IDLE_INFORMATION = *mut SYSTEM_PROCESSOR_IDLE_INFORMATION; STRUCT!{struct SYSTEM_LEGACY_DRIVER_INFORMATION { VetoType: ULONG, VetoList: UNICODE_STRING, }} pub type PSYSTEM_LEGACY_DRIVER_INFORMATION = *mut SYSTEM_LEGACY_DRIVER_INFORMATION; STRUCT!{struct SYSTEM_LOOKASIDE_INFORMATION { CurrentDepth: USHORT, MaximumDepth: USHORT, TotalAllocates: ULONG, AllocateMisses: ULONG, TotalFrees: ULONG, FreeMisses: ULONG, Type: ULONG, Tag: ULONG, Size: ULONG, }} pub type PSYSTEM_LOOKASIDE_INFORMATION = *mut SYSTEM_LOOKASIDE_INFORMATION; STRUCT!{struct SYSTEM_RANGE_START_INFORMATION { SystemRangeStart: PVOID, }} pub type PSYSTEM_RANGE_START_INFORMATION = *mut SYSTEM_RANGE_START_INFORMATION; STRUCT!{struct SYSTEM_VERIFIER_INFORMATION { NextEntryOffset: ULONG, Level: ULONG, DriverName: UNICODE_STRING, RaiseIrqls: ULONG, AcquireSpinLocks: ULONG, SynchronizeExecutions: ULONG, AllocationsAttempted: ULONG, AllocationsSucceeded: ULONG, AllocationsSucceededSpecialPool: ULONG, AllocationsWithNoTag: ULONG, TrimRequests: ULONG, Trims: ULONG, AllocationsFailed: ULONG, AllocationsFailedDeliberately: ULONG, Loads: ULONG, Unloads: ULONG, UnTrackedPool: ULONG, CurrentPagedPoolAllocations: ULONG, CurrentNonPagedPoolAllocations: ULONG, PeakPagedPoolAllocations: ULONG, PeakNonPagedPoolAllocations: ULONG, PagedPoolUsageInBytes: SIZE_T, NonPagedPoolUsageInBytes: SIZE_T, PeakPagedPoolUsageInBytes: SIZE_T, PeakNonPagedPoolUsageInBytes: SIZE_T, }} pub type PSYSTEM_VERIFIER_INFORMATION = *mut SYSTEM_VERIFIER_INFORMATION; STRUCT!{struct SYSTEM_SESSION_PROCESS_INFORMATION { SessionId: ULONG, SizeOfBuf: ULONG, Buffer: PVOID, }} pub type PSYSTEM_SESSION_PROCESS_INFORMATION = *mut SYSTEM_SESSION_PROCESS_INFORMATION; STRUCT!{struct SYSTEM_PROCESSOR_POWER_INFORMATION { CurrentFrequency: UCHAR, ThermalLimitFrequency: UCHAR, ConstantThrottleFrequency: UCHAR, DegradedThrottleFrequency: UCHAR, LastBusyFrequency: UCHAR, LastC3Frequency: UCHAR, LastAdjustedBusyFrequency: UCHAR, ProcessorMinThrottle: UCHAR, ProcessorMaxThrottle: UCHAR, NumberOfFrequencies: ULONG, PromotionCount: ULONG, DemotionCount: ULONG, ErrorCount: ULONG, RetryCount: ULONG, CurrentFrequencyTime: ULONGLONG, CurrentProcessorTime: ULONGLONG, CurrentProcessorIdleTime: ULONGLONG, LastProcessorTime: ULONGLONG, LastProcessorIdleTime: ULONGLONG, Energy: ULONGLONG, }} pub type PSYSTEM_PROCESSOR_POWER_INFORMATION = *mut SYSTEM_PROCESSOR_POWER_INFORMATION; STRUCT!{struct SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX { Object: PVOID, UniqueProcessId: ULONG_PTR, HandleValue: ULONG_PTR, GrantedAccess: ULONG, CreatorBackTraceIndex: USHORT, ObjectTypeIndex: USHORT, HandleAttributes: ULONG, Reserved: ULONG, }} pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX = *mut SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; STRUCT!{struct SYSTEM_HANDLE_INFORMATION_EX { NumberOfHandles: ULONG_PTR, Reserved: ULONG_PTR, Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; 1], }} pub type PSYSTEM_HANDLE_INFORMATION_EX = *mut SYSTEM_HANDLE_INFORMATION_EX; UNION!{union SYSTEM_BIGPOOL_ENTRY_u1 { VirtualAddress: PVOID, Bitfields: ULONG_PTR, }} UNION!{union SYSTEM_BIGPOOL_ENTRY_u2 { Tag: [UCHAR; 4], TagUlong: ULONG, }} BITFIELD!{unsafe SYSTEM_BIGPOOL_ENTRY_u1 Bitfields: ULONG_PTR [ NonPaged set_NonPaged[0..1], ]} STRUCT!{struct SYSTEM_BIGPOOL_ENTRY { u1: SYSTEM_BIGPOOL_ENTRY_u1, SizeInBytes: SIZE_T, u2: SYSTEM_BIGPOOL_ENTRY_u2, }} pub type PSYSTEM_BIGPOOL_ENTRY = *mut SYSTEM_BIGPOOL_ENTRY; STRUCT!{struct SYSTEM_BIGPOOL_INFORMATION { Count: ULONG, AllocatedInfo: [SYSTEM_BIGPOOL_ENTRY; 1], }} pub type PSYSTEM_BIGPOOL_INFORMATION = *mut SYSTEM_BIGPOOL_INFORMATION; UNION!{union SYSTEM_POOL_ENTRY_u { Tag: [UCHAR; 4], TagUlong: ULONG, ProcessChargedQuota: PVOID, }} STRUCT!{struct SYSTEM_POOL_ENTRY { Allocated: BOOLEAN, Spare0: BOOLEAN, AllocatorBackTraceIndex: USHORT, Size: ULONG, u: SYSTEM_POOL_ENTRY_u, }} pub type PSYSTEM_POOL_ENTRY = *mut SYSTEM_POOL_ENTRY; STRUCT!{struct SYSTEM_POOL_INFORMATION { TotalSize: SIZE_T, FirstEntry: PVOID, EntryOverhead: USHORT, PoolTagPresent: BOOLEAN, Spare0: BOOLEAN, NumberOfEntries: ULONG, Entries: [SYSTEM_POOL_ENTRY; 1], }} pub type PSYSTEM_POOL_INFORMATION = *mut SYSTEM_POOL_INFORMATION; STRUCT!{struct SYSTEM_SESSION_POOLTAG_INFORMATION { NextEntryOffset: SIZE_T, SessionId: ULONG, Count: ULONG, TagInfo: [SYSTEM_POOLTAG; 1], }} pub type PSYSTEM_SESSION_POOLTAG_INFORMATION = *mut SYSTEM_SESSION_POOLTAG_INFORMATION; STRUCT!{struct SYSTEM_SESSION_MAPPED_VIEW_INFORMATION { NextEntryOffset: SIZE_T, SessionId: ULONG, ViewFailures: ULONG, NumberOfBytesAvailable: SIZE_T, NumberOfBytesAvailableContiguous: SIZE_T, }} pub type PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION = *mut SYSTEM_SESSION_MAPPED_VIEW_INFORMATION; ENUM!{enum SYSTEM_FIRMWARE_TABLE_ACTION { SystemFirmwareTableEnumerate = 0, SystemFirmwareTableGet = 1, SystemFirmwareTableMax = 2, }} STRUCT!{struct SYSTEM_FIRMWARE_TABLE_INFORMATION { ProviderSignature: ULONG, Action: SYSTEM_FIRMWARE_TABLE_ACTION, TableID: ULONG, TableBufferLength: ULONG, TableBuffer: [UCHAR; 1], }} pub type PSYSTEM_FIRMWARE_TABLE_INFORMATION = *mut SYSTEM_FIRMWARE_TABLE_INFORMATION; STRUCT!{struct SYSTEM_MEMORY_LIST_INFORMATION { ZeroPageCount: ULONG_PTR, FreePageCount: ULONG_PTR, ModifiedPageCount: ULONG_PTR, ModifiedNoWritePageCount: ULONG_PTR, BadPageCount: ULONG_PTR, PageCountByPriority: [ULONG_PTR; 8], RepurposedPagesByPriority: [ULONG_PTR; 8], ModifiedPageCountPageFile: ULONG_PTR, }} pub type PSYSTEM_MEMORY_LIST_INFORMATION = *mut SYSTEM_MEMORY_LIST_INFORMATION; ENUM!{enum SYSTEM_MEMORY_LIST_COMMAND { MemoryCaptureAccessedBits = 0, MemoryCaptureAndResetAccessedBits = 1, MemoryEmptyWorkingSets = 2, MemoryFlushModifiedList = 3, MemoryPurgeStandbyList = 4, MemoryPurgeLowPriorityStandbyList = 5, MemoryCommandMax = 6, }} STRUCT!{struct SYSTEM_THREAD_CID_PRIORITY_INFORMATION { ClientId: CLIENT_ID, Priority: KPRIORITY, }} pub type PSYSTEM_THREAD_CID_PRIORITY_INFORMATION = *mut SYSTEM_THREAD_CID_PRIORITY_INFORMATION; STRUCT!{struct SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION { CycleTime: ULONGLONG, }} pub type PSYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION = *mut SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION; STRUCT!{struct SYSTEM_REF_TRACE_INFORMATION { TraceEnable: BOOLEAN, TracePermanent: BOOLEAN, TraceProcessName: UNICODE_STRING, TracePoolTags: UNICODE_STRING, }} pub type PSYSTEM_REF_TRACE_INFORMATION = *mut SYSTEM_REF_TRACE_INFORMATION; STRUCT!{struct SYSTEM_PROCESS_ID_INFORMATION { ProcessId: HANDLE, ImageName: UNICODE_STRING, }} pub type PSYSTEM_PROCESS_ID_INFORMATION = *mut SYSTEM_PROCESS_ID_INFORMATION; STRUCT!{struct SYSTEM_BOOT_ENVIRONMENT_INFORMATION { BootIdentifier: GUID, FirmwareType: FIRMWARE_TYPE, BootFlags: ULONGLONG, }} BITFIELD!{SYSTEM_BOOT_ENVIRONMENT_INFORMATION BootFlags: ULONGLONG [ DbgMenuOsSelection set_DbgMenuOsSelection[0..1], DbgHiberBoot set_DbgHiberBoot[1..2], DbgSoftBoot set_DbgSoftBoot[2..3], DbgMeasuredLaunch set_DbgMeasuredLaunch[3..4], ]} pub type PSYSTEM_BOOT_ENVIRONMENT_INFORMATION = *mut SYSTEM_BOOT_ENVIRONMENT_INFORMATION; STRUCT!{struct SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION { FlagsToEnable: ULONG, FlagsToDisable: ULONG, }} pub type PSYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION = *mut SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION; #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX { VerifyMode: ULONG, OptionChanges: ULONG, PreviousBucketName: UNICODE_STRING, IrpCancelTimeoutMsec: ULONG, VerifierExtensionEnabled: ULONG, Reserved: [ULONG; 1], }} #[cfg(target_arch = "x86")] STRUCT!{struct SYSTEM_VERIFIER_INFORMATION_EX { VerifyMode: ULONG, OptionChanges: ULONG, PreviousBucketName: UNICODE_STRING, IrpCancelTimeoutMsec: ULONG, VerifierExtensionEnabled: ULONG, Reserved: [ULONG; 3], }} pub type PSYSTEM_VERIFIER_INFORMATION_EX = *mut SYSTEM_VERIFIER_INFORMATION_EX; STRUCT!{struct SYSTEM_SYSTEM_PARTITION_INFORMATION { SystemPartition: UNICODE_STRING, }} pub type PSYSTEM_SYSTEM_PARTITION_INFORMATION = *mut SYSTEM_SYSTEM_PARTITION_INFORMATION; STRUCT!{struct SYSTEM_SYSTEM_DISK_INFORMATION { SystemDisk: UNICODE_STRING, }} pub type PSYSTEM_SYSTEM_DISK_INFORMATION = *mut SYSTEM_SYSTEM_DISK_INFORMATION; STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT { Hits: ULONGLONG, PercentFrequency: UCHAR, }} pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT = *mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 { Hits: ULONG, PercentFrequency: UCHAR, }} pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 = *mut SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8; STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION { ProcessorNumber: ULONG, StateCount: ULONG, States: [SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; 1], }} pub type PSYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION = *mut SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION; STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION { ProcessorCount: ULONG, Offsets: [ULONG; 1], }} pub type PSYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION = *mut SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION; STRUCT!{struct SYSTEM_CODEINTEGRITY_INFORMATION { Length: ULONG, CodeIntegrityOptions: ULONG, }} pub type PSYSTEM_CODEINTEGRITY_INFORMATION = *mut SYSTEM_CODEINTEGRITY_INFORMATION; ENUM!{enum SYSTEM_VA_TYPE { SystemVaTypeAll = 0, SystemVaTypeNonPagedPool = 1, SystemVaTypePagedPool = 2, SystemVaTypeSystemCache = 3, SystemVaTypeSystemPtes = 4, SystemVaTypeSessionSpace = 5, SystemVaTypeMax = 6, }} pub type PSYSTEM_VA_TYPE = *mut SYSTEM_VA_TYPE; STRUCT!{struct SYSTEM_VA_LIST_INFORMATION { VirtualSize: SIZE_T, VirtualPeak: SIZE_T, VirtualLimit: SIZE_T, AllocationFailures: SIZE_T, }} pub type PSYSTEM_VA_LIST_INFORMATION = *mut SYSTEM_VA_LIST_INFORMATION; STRUCT!{struct SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS { KeyHandle: HANDLE, ValueNamePointer: PUNICODE_STRING, RequiredLengthPointer: PULONG, Buffer: PUCHAR, BufferLength: ULONG, Type: ULONG, AppendBuffer: PUCHAR, AppendBufferLength: ULONG, CreateIfDoesntExist: BOOLEAN, TruncateExistingValue: BOOLEAN, }} pub type PSYSTEM_REGISTRY_APPEND_STRING_PARAMETERS = *mut SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS; STRUCT!{struct SYSTEM_VHD_BOOT_INFORMATION { OsDiskIsVhd: BOOLEAN, OsVhdFilePathOffset: ULONG, OsVhdParentVolume: [WCHAR; ANYSIZE_ARRAY], }} pub type PSYSTEM_VHD_BOOT_INFORMATION = *mut SYSTEM_VHD_BOOT_INFORMATION; STRUCT!{struct SYSTEM_LOW_PRIORITY_IO_INFORMATION { LowPriReadOperations: ULONG, LowPriWriteOperations: ULONG, KernelBumpedToNormalOperations: ULONG, LowPriPagingReadOperations: ULONG, KernelPagingReadsBumpedToNormal: ULONG, LowPriPagingWriteOperations: ULONG, KernelPagingWritesBumpedToNormal: ULONG, BoostedIrpCount: ULONG, BoostedPagingIrpCount: ULONG, BlanketBoostCount: ULONG, }} pub type PSYSTEM_LOW_PRIORITY_IO_INFORMATION = *mut SYSTEM_LOW_PRIORITY_IO_INFORMATION; ENUM!{enum TPM_BOOT_ENTROPY_RESULT_CODE { TpmBootEntropyStructureUninitialized = 0, TpmBootEntropyDisabledByPolicy = 1, TpmBootEntropyNoTpmFound = 2, TpmBootEntropyTpmError = 3, TpmBootEntropySuccess = 4, }} STRUCT!{struct TPM_BOOT_ENTROPY_NT_RESULT { Policy: ULONGLONG, ResultCode: TPM_BOOT_ENTROPY_RESULT_CODE, ResultStatus: NTSTATUS, Time: ULONGLONG, EntropyLength: ULONG, EntropyData: [UCHAR; 40], }} pub type PTPM_BOOT_ENTROPY_NT_RESULT = *mut TPM_BOOT_ENTROPY_NT_RESULT; STRUCT!{struct SYSTEM_VERIFIER_COUNTERS_INFORMATION { Legacy: SYSTEM_VERIFIER_INFORMATION, RaiseIrqls: ULONG, AcquireSpinLocks: ULONG, SynchronizeExecutions: ULONG, AllocationsWithNoTag: ULONG, AllocationsFailed: ULONG, AllocationsFailedDeliberately: ULONG, LockedBytes: SIZE_T, PeakLockedBytes: SIZE_T, MappedLockedBytes: SIZE_T, PeakMappedLockedBytes: SIZE_T, MappedIoSpaceBytes: SIZE_T, PeakMappedIoSpaceBytes: SIZE_T, PagesForMdlBytes: SIZE_T, PeakPagesForMdlBytes: SIZE_T, ContiguousMemoryBytes: SIZE_T, PeakContiguousMemoryBytes: SIZE_T, ExecutePoolTypes: ULONG, ExecutePageProtections: ULONG, ExecutePageMappings: ULONG, ExecuteWriteSections: ULONG, SectionAlignmentFailures: ULONG, UnsupportedRelocs: ULONG, IATInExecutableSection: ULONG, }} pub type PSYSTEM_VERIFIER_COUNTERS_INFORMATION = *mut SYSTEM_VERIFIER_COUNTERS_INFORMATION; STRUCT!{struct SYSTEM_ACPI_AUDIT_INFORMATION { RsdpCount: ULONG, Bitfields: ULONG, }} BITFIELD!{SYSTEM_ACPI_AUDIT_INFORMATION Bitfields: ULONG [ SameRsdt set_SameRsdt[0..1], SlicPresent set_SlicPresent[1..2], SlicDifferent set_SlicDifferent[2..3], ]} pub type PSYSTEM_ACPI_AUDIT_INFORMATION = *mut SYSTEM_ACPI_AUDIT_INFORMATION; STRUCT!{struct SYSTEM_BASIC_PERFORMANCE_INFORMATION { AvailablePages: SIZE_T, CommittedPages: SIZE_T, CommitLimit: SIZE_T, PeakCommitment: SIZE_T, }} pub type PSYSTEM_BASIC_PERFORMANCE_INFORMATION = *mut SYSTEM_BASIC_PERFORMANCE_INFORMATION; STRUCT!{struct QUERY_PERFORMANCE_COUNTER_FLAGS { ul: ULONG, }} BITFIELD!{QUERY_PERFORMANCE_COUNTER_FLAGS ul: ULONG [ KernelTransition set_KernelTransition[0..1], Reserved set_Reserved[1..32], ]} STRUCT!{struct SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION { Version: ULONG, Flags: QUERY_PERFORMANCE_COUNTER_FLAGS, ValidFlags: QUERY_PERFORMANCE_COUNTER_FLAGS, }} pub type PSYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION = *mut SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION; ENUM!{enum SYSTEM_PIXEL_FORMAT { SystemPixelFormatUnknown = 0, SystemPixelFormatR8G8B8 = 1, SystemPixelFormatR8G8B8X8 = 2, SystemPixelFormatB8G8R8 = 3, SystemPixelFormatB8G8R8X8 = 4, }} STRUCT!{struct SYSTEM_BOOT_GRAPHICS_INFORMATION { FrameBuffer: LARGE_INTEGER, Width: ULONG, Height: ULONG, PixelStride: ULONG, Flags: ULONG, Format: SYSTEM_PIXEL_FORMAT, DisplayRotation: ULONG, }} pub type PSYSTEM_BOOT_GRAPHICS_INFORMATION = *mut SYSTEM_BOOT_GRAPHICS_INFORMATION; STRUCT!{struct MEMORY_SCRUB_INFORMATION { Handle: HANDLE, PagesScrubbed: ULONG, }} pub type PMEMORY_SCRUB_INFORMATION = *mut MEMORY_SCRUB_INFORMATION; STRUCT!{struct PEBS_DS_SAVE_AREA { BtsBufferBase: ULONGLONG, BtsIndex: ULONGLONG, BtsAbsoluteMaximum: ULONGLONG, BtsInterruptThreshold: ULONGLONG, PebsBufferBase: ULONGLONG, PebsIndex: ULONGLONG, PebsAbsoluteMaximum: ULONGLONG, PebsInterruptThreshold: ULONGLONG, PebsCounterReset0: ULONGLONG, PebsCounterReset1: ULONGLONG, PebsCounterReset2: ULONGLONG, PebsCounterReset3: ULONGLONG, }} pub type PPEBS_DS_SAVE_AREA = *mut PEBS_DS_SAVE_AREA; STRUCT!{struct PROCESSOR_PROFILE_CONTROL_AREA { PebsDsSaveArea: PEBS_DS_SAVE_AREA, }} pub type PPROCESSOR_PROFILE_CONTROL_AREA = *mut PROCESSOR_PROFILE_CONTROL_AREA; STRUCT!{struct SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA { ProcessorProfileControlArea: PROCESSOR_PROFILE_CONTROL_AREA, Allocate: BOOLEAN, }} pub type PSYSTEM_PROCESSOR_PROFILE_CONTROL_AREA = *mut SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA; STRUCT!{struct MEMORY_COMBINE_INFORMATION { Handle: HANDLE, PagesCombined: ULONG_PTR, }} pub type PMEMORY_COMBINE_INFORMATION = *mut MEMORY_COMBINE_INFORMATION; pub const MEMORY_COMBINE_FLAGS_COMMON_PAGES_ONLY: ULONG = 0x4; STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX { Handle: HANDLE, PagesCombined: ULONG_PTR, Flags: ULONG, }} pub type PMEMORY_COMBINE_INFORMATION_EX = *mut MEMORY_COMBINE_INFORMATION_EX; STRUCT!{struct MEMORY_COMBINE_INFORMATION_EX2 { Handle: HANDLE, PagesCombined: ULONG_PTR, Flags: ULONG, ProcessHandle: HANDLE, }} pub type PMEMORY_COMBINE_INFORMATION_EX2 = *mut MEMORY_COMBINE_INFORMATION_EX2; STRUCT!{struct SYSTEM_CONSOLE_INFORMATION { Bitfields: ULONG, }} BITFIELD!{SYSTEM_CONSOLE_INFORMATION Bitfields: ULONG [ DriverLoaded set_DriverLoaded[0..1], Spare set_Spare[1..32], ]} pub type PSYSTEM_CONSOLE_INFORMATION = *mut SYSTEM_CONSOLE_INFORMATION; STRUCT!{struct SYSTEM_PLATFORM_BINARY_INFORMATION { PhysicalAddress: ULONG64, HandoffBuffer: PVOID, CommandLineBuffer: PVOID, HandoffBufferSize: ULONG, CommandLineBufferSize: ULONG, }} pub type PSYSTEM_PLATFORM_BINARY_INFORMATION = *mut SYSTEM_PLATFORM_BINARY_INFORMATION; STRUCT!{struct SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION { NumberOfLogicalProcessors: ULONG, NumberOfCores: ULONG, }} pub type PSYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION = *mut SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION; STRUCT!{struct SYSTEM_DEVICE_DATA_INFORMATION { DeviceId: UNICODE_STRING, DataName: UNICODE_STRING, DataType: ULONG, DataBufferLength: ULONG, DataBuffer: PVOID, }} pub type PSYSTEM_DEVICE_DATA_INFORMATION = *mut SYSTEM_DEVICE_DATA_INFORMATION; STRUCT!{struct PHYSICAL_CHANNEL_RUN { NodeNumber: ULONG, ChannelNumber: ULONG, BasePage: ULONGLONG, PageCount: ULONGLONG, Flags: ULONG, }} pub type PPHYSICAL_CHANNEL_RUN = *mut PHYSICAL_CHANNEL_RUN; STRUCT!{struct SYSTEM_MEMORY_TOPOLOGY_INFORMATION { NumberOfRuns: ULONGLONG, NumberOfNodes: ULONG, NumberOfChannels: ULONG, Run: [PHYSICAL_CHANNEL_RUN; 1], }} pub type PSYSTEM_MEMORY_TOPOLOGY_INFORMATION = *mut SYSTEM_MEMORY_TOPOLOGY_INFORMATION; STRUCT!{struct SYSTEM_MEMORY_CHANNEL_INFORMATION { ChannelNumber: ULONG, ChannelHeatIndex: ULONG, TotalPageCount: ULONGLONG, ZeroPageCount: ULONGLONG, FreePageCount: ULONGLONG, StandbyPageCount: ULONGLONG, }} pub type PSYSTEM_MEMORY_CHANNEL_INFORMATION = *mut SYSTEM_MEMORY_CHANNEL_INFORMATION; STRUCT!{struct SYSTEM_BOOT_LOGO_INFORMATION { Flags: ULONG, BitmapOffset: ULONG, }} pub type PSYSTEM_BOOT_LOGO_INFORMATION = *mut SYSTEM_BOOT_LOGO_INFORMATION; STRUCT!{struct SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX { IdleTime: LARGE_INTEGER, KernelTime: LARGE_INTEGER, UserTime: LARGE_INTEGER, DpcTime: LARGE_INTEGER, InterruptTime: LARGE_INTEGER, InterruptCount: ULONG, Spare0: ULONG, AvailableTime: LARGE_INTEGER, Spare1: LARGE_INTEGER, Spare2: LARGE_INTEGER, }} pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX = *mut SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX; STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_INFORMATION { PolicyPublisher: GUID, PolicyVersion: ULONG, PolicyOptions: ULONG, }} pub type PSYSTEM_SECUREBOOT_POLICY_INFORMATION = *mut SYSTEM_SECUREBOOT_POLICY_INFORMATION; STRUCT!{struct SYSTEM_PAGEFILE_INFORMATION_EX { Info: SYSTEM_PAGEFILE_INFORMATION, MinimumSize: ULONG, MaximumSize: ULONG, }} pub type PSYSTEM_PAGEFILE_INFORMATION_EX = *mut SYSTEM_PAGEFILE_INFORMATION_EX; STRUCT!{struct SYSTEM_SECUREBOOT_INFORMATION { SecureBootEnabled: BOOLEAN, SecureBootCapable: BOOLEAN, }} pub type PSYSTEM_SECUREBOOT_INFORMATION = *mut SYSTEM_SECUREBOOT_INFORMATION; STRUCT!{struct PROCESS_DISK_COUNTERS { BytesRead: ULONGLONG, BytesWritten: ULONGLONG, ReadOperationCount: ULONGLONG, WriteOperationCount: ULONGLONG, FlushOperationCount: ULONGLONG, }} pub type PPROCESS_DISK_COUNTERS = *mut PROCESS_DISK_COUNTERS; UNION!{union ENERGY_STATE_DURATION_u { Value: ULONGLONG, LastChangeTime: ULONG, }} UNION!{union ENERGY_STATE_DURATION { u: ENERGY_STATE_DURATION_u, BitFields: ULONG, }} pub type PENERGY_STATE_DURATION = *mut ENERGY_STATE_DURATION; BITFIELD!{unsafe ENERGY_STATE_DURATION BitFields: ULONG [ Duration set_Duration[0..31], IsInState set_IsInState[31..32], ]} STRUCT!{struct PROCESS_ENERGY_VALUES { Cycles: [[ULONGLONG; 4]; 2], DiskEnergy: ULONGLONG, NetworkTailEnergy: ULONGLONG, MBBTailEnergy: ULONGLONG, NetworkTxRxBytes: ULONGLONG, MBBTxRxBytes: ULONGLONG, ForegroundDuration: ENERGY_STATE_DURATION, DesktopVisibleDuration: ENERGY_STATE_DURATION, PSMForegroundDuration: ENERGY_STATE_DURATION, CompositionRendered: ULONG, CompositionDirtyGenerated: ULONG, CompositionDirtyPropagated: ULONG, Reserved1: ULONG, AttributedCycles: [[ULONGLONG; 2]; 4], WorkOnBehalfCycles: [[ULONGLONG; 2]; 4], }} pub type PPROCESS_ENERGY_VALUES = *mut PROCESS_ENERGY_VALUES; STRUCT!{struct TIMELINE_BITMAP { Value: ULONGLONG, EndTime: ULONG, Bitmap: ULONG, }} pub type PTIMELINE_BITMAP = *mut TIMELINE_BITMAP; STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Timelines { CpuTimeline: TIMELINE_BITMAP, DiskTimeline: TIMELINE_BITMAP, NetworkTimeline: TIMELINE_BITMAP, MBBTimeline: TIMELINE_BITMAP, ForegroundTimeline: TIMELINE_BITMAP, DesktopVisibleTimeline: TIMELINE_BITMAP, CompositionRenderedTimeline: TIMELINE_BITMAP, CompositionDirtyGeneratedTimeline: TIMELINE_BITMAP, CompositionDirtyPropagatedTimeline: TIMELINE_BITMAP, InputTimeline: TIMELINE_BITMAP, AudioInTimeline: TIMELINE_BITMAP, AudioOutTimeline: TIMELINE_BITMAP, DisplayRequiredTimeline: TIMELINE_BITMAP, KeyboardInputTimeline: TIMELINE_BITMAP, }} STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION_Durations { InputDuration: ENERGY_STATE_DURATION, AudioInDuration: ENERGY_STATE_DURATION, AudioOutDuration: ENERGY_STATE_DURATION, DisplayRequiredDuration: ENERGY_STATE_DURATION, PSMBackgroundDuration: ENERGY_STATE_DURATION, }} STRUCT!{struct PROCESS_ENERGY_VALUES_EXTENSION { Timelines: PROCESS_ENERGY_VALUES_EXTENSION_Timelines, Durations: PROCESS_ENERGY_VALUES_EXTENSION_Durations, KeyboardInput: ULONG, MouseInput: ULONG, }} pub type PPROCESS_ENERGY_VALUES_EXTENSION = *mut PROCESS_ENERGY_VALUES_EXTENSION; STRUCT!{struct PROCESS_EXTENDED_ENERGY_VALUES { Base: PROCESS_ENERGY_VALUES, Extension: PROCESS_ENERGY_VALUES_EXTENSION, }} pub type PPROCESS_EXTENDED_ENERGY_VALUES = *mut PROCESS_EXTENDED_ENERGY_VALUES; ENUM!{enum SYSTEM_PROCESS_CLASSIFICATION { SystemProcessClassificationNormal = 0, SystemProcessClassificationSystem = 1, SystemProcessClassificationSecureSystem = 2, SystemProcessClassificationMemCompression = 3, SystemProcessClassificationRegistry = 4, SystemProcessClassificationMaximum = 5, }} STRUCT!{struct SYSTEM_PROCESS_INFORMATION_EXTENSION { DiskCounters: PROCESS_DISK_COUNTERS, ContextSwitches: ULONGLONG, Flags: ULONG, UserSidOffset: ULONG, PackageFullNameOffset: ULONG, EnergyValues: PROCESS_ENERGY_VALUES, AppIdOffset: ULONG, SharedCommitCharge: SIZE_T, JobObjectId: ULONG, SpareUlong: ULONG, ProcessSequenceNumber: ULONGLONG, }} BITFIELD!{SYSTEM_PROCESS_INFORMATION_EXTENSION Flags: ULONG [ HasStrongId set_HasStrongId[0..1], Classification set_Classification[1..5], BackgroundActivityModerated set_BackgroundActivityModerated[5..6], Spare set_Spare[6..32], ]} pub type PSYSTEM_PROCESS_INFORMATION_EXTENSION = *mut SYSTEM_PROCESS_INFORMATION_EXTENSION; STRUCT!{struct SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION { EfiLauncherEnabled: BOOLEAN, }} pub type PSYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION = *mut SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION; STRUCT!{struct SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX { DebuggerAllowed: BOOLEAN, DebuggerEnabled: BOOLEAN, DebuggerPresent: BOOLEAN, }} pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION_EX = *mut SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX; STRUCT!{struct SYSTEM_ELAM_CERTIFICATE_INFORMATION { ElamDriverFile: HANDLE, }} pub type PSYSTEM_ELAM_CERTIFICATE_INFORMATION = *mut SYSTEM_ELAM_CERTIFICATE_INFORMATION; STRUCT!{struct SYSTEM_PROCESSOR_FEATURES_INFORMATION { ProcessorFeatureBits: ULONGLONG, Reserved: [ULONGLONG; 3], }} pub type PSYSTEM_PROCESSOR_FEATURES_INFORMATION = *mut SYSTEM_PROCESSOR_FEATURES_INFORMATION; STRUCT!{struct SYSTEM_MANUFACTURING_INFORMATION { Options: ULONG, ProfileName: UNICODE_STRING, }} pub type PSYSTEM_MANUFACTURING_INFORMATION = *mut SYSTEM_MANUFACTURING_INFORMATION; STRUCT!{struct SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION { Enabled: BOOLEAN, }} pub type PSYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION = *mut SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION; STRUCT!{struct HV_DETAILS { Data: [ULONG; 4], }} pub type PHV_DETAILS = *mut HV_DETAILS; STRUCT!{struct SYSTEM_HYPERVISOR_DETAIL_INFORMATION { HvVendorAndMaxFunction: HV_DETAILS, HypervisorInterface: HV_DETAILS, HypervisorVersion: HV_DETAILS, HvFeatures: HV_DETAILS, HwFeatures: HV_DETAILS, EnlightenmentInfo: HV_DETAILS, ImplementationLimits: HV_DETAILS, }} pub type PSYSTEM_HYPERVISOR_DETAIL_INFORMATION = *mut SYSTEM_HYPERVISOR_DETAIL_INFORMATION; STRUCT!{struct SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION { Cycles: [[ULONGLONG; 4]; 2], }} pub type PSYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION = *mut SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION; STRUCT!{struct SYSTEM_TPM_INFORMATION { Flags: ULONG, }} pub type PSYSTEM_TPM_INFORMATION = *mut SYSTEM_TPM_INFORMATION; STRUCT!{struct SYSTEM_VSM_PROTECTION_INFORMATION { DmaProtectionsAvailable: BOOLEAN, DmaProtectionsInUse: BOOLEAN, HardwareMbecAvailable: BOOLEAN, }} pub type PSYSTEM_VSM_PROTECTION_INFORMATION = *mut SYSTEM_VSM_PROTECTION_INFORMATION; STRUCT!{struct SYSTEM_CODEINTEGRITYPOLICY_INFORMATION { Options: ULONG, HVCIOptions: ULONG, Version: ULONGLONG, PolicyGuid: GUID, }} pub type PSYSTEM_CODEINTEGRITYPOLICY_INFORMATION = *mut SYSTEM_CODEINTEGRITYPOLICY_INFORMATION; STRUCT!{struct SYSTEM_ISOLATED_USER_MODE_INFORMATION { Bitfields1: BOOLEAN, Bitfields2: BOOLEAN, Spare0: [BOOLEAN; 6], Spare1: ULONGLONG, }} BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields1: BOOLEAN [ SecureKernelRunning set_SecureKernelRunning[0..1], HvciEnabled set_HvciEnabled[1..2], HvciStrictMode set_HvciStrictMode[2..3], DebugEnabled set_DebugEnabled[3..4], FirmwarePageProtection set_FirmwarePageProtection[4..5], EncryptionKeyAvailable set_EncryptionKeyAvailable[5..6], SpareFlags set_SpareFlags[6..7], TrustletRunning set_TrustletRunning[7..8], ]} BITFIELD!{SYSTEM_ISOLATED_USER_MODE_INFORMATION Bitfields2: BOOLEAN [ SpareFlags2 set_SpareFlags2[0..1], ]} pub type PSYSTEM_ISOLATED_USER_MODE_INFORMATION = *mut SYSTEM_ISOLATED_USER_MODE_INFORMATION; STRUCT!{struct SYSTEM_SINGLE_MODULE_INFORMATION { TargetModuleAddress: PVOID, ExInfo: RTL_PROCESS_MODULE_INFORMATION_EX, }} pub type PSYSTEM_SINGLE_MODULE_INFORMATION = *mut SYSTEM_SINGLE_MODULE_INFORMATION; STRUCT!{struct SYSTEM_INTERRUPT_CPU_SET_INFORMATION { Gsiv: ULONG, Group: USHORT, CpuSets: ULONGLONG, }} pub type PSYSTEM_INTERRUPT_CPU_SET_INFORMATION = *mut SYSTEM_INTERRUPT_CPU_SET_INFORMATION; STRUCT!{struct SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION { PolicyInformation: SYSTEM_SECUREBOOT_POLICY_INFORMATION, PolicySize: ULONG, Policy: [UCHAR; 1], }} pub type PSYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION = *mut SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION; STRUCT!{struct SYSTEM_ROOT_SILO_INFORMATION { NumberOfSilos: ULONG, SiloIdList: [ULONG; 1], }} pub type PSYSTEM_ROOT_SILO_INFORMATION = *mut SYSTEM_ROOT_SILO_INFORMATION; STRUCT!{struct SYSTEM_CPU_SET_TAG_INFORMATION { Tag: ULONGLONG, CpuSets: [ULONGLONG; 1], }} pub type PSYSTEM_CPU_SET_TAG_INFORMATION = *mut SYSTEM_CPU_SET_TAG_INFORMATION; STRUCT!{struct SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION { ExtentCount: ULONG, ValidStructureSize: ULONG, NextExtentIndex: ULONG, ExtentRestart: ULONG, CycleCount: ULONG, TimeoutCount: ULONG, CycleTime: ULONGLONG, CycleTimeMax: ULONGLONG, ExtentTime: ULONGLONG, ExtentTimeIndex: ULONG, ExtentTimeMaxIndex: ULONG, ExtentTimeMax: ULONGLONG, HyperFlushTimeMax: ULONGLONG, TranslateVaTimeMax: ULONGLONG, DebugExemptionCount: ULONGLONG, TbHitCount: ULONGLONG, TbMissCount: ULONGLONG, VinaPendingYield: ULONGLONG, HashCycles: ULONGLONG, HistogramOffset: ULONG, HistogramBuckets: ULONG, HistogramShift: ULONG, Reserved1: ULONG, PageNotPresentCount: ULONGLONG, }} pub type PSYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION = *mut SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION; STRUCT!{struct SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION { PlatformManifestSize: ULONG, PlatformManifest: [UCHAR; 1], }} pub type PSYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION = *mut SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION; STRUCT!{struct SYSTEM_MEMORY_USAGE_INFORMATION { TotalPhysicalBytes: ULONGLONG, AvailableBytes: ULONGLONG, ResidentAvailableBytes: LONGLONG, CommittedBytes: ULONGLONG, SharedCommittedBytes: ULONGLONG, CommitLimitBytes: ULONGLONG, PeakCommitmentBytes: ULONGLONG, }} pub type PSYSTEM_MEMORY_USAGE_INFORMATION = *mut SYSTEM_MEMORY_USAGE_INFORMATION; STRUCT!{struct SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION { ImageFile: HANDLE, Type: ULONG, }} pub type PSYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION = *mut SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION; STRUCT!{struct SYSTEM_PHYSICAL_MEMORY_INFORMATION { TotalPhysicalBytes: ULONGLONG, LowestPhysicalAddress: ULONGLONG, HighestPhysicalAddress: ULONGLONG, }} pub type PSYSTEM_PHYSICAL_MEMORY_INFORMATION = *mut SYSTEM_PHYSICAL_MEMORY_INFORMATION; ENUM!{enum SYSTEM_ACTIVITY_MODERATION_STATE { SystemActivityModerationStateSystemManaged = 0, SystemActivityModerationStateUserManagedAllowThrottling = 1, SystemActivityModerationStateUserManagedDisableThrottling = 2, MaxSystemActivityModerationState = 3, }} ENUM!{enum SYSTEM_ACTIVITY_MODERATION_APP_TYPE { SystemActivityModerationAppTypeClassic = 0, SystemActivityModerationAppTypePackaged = 1, MaxSystemActivityModerationAppType = 2, }} STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_INFO { Identifier: UNICODE_STRING, ModerationState: SYSTEM_ACTIVITY_MODERATION_STATE, AppType: SYSTEM_ACTIVITY_MODERATION_APP_TYPE, }} pub type PSYSTEM_ACTIVITY_MODERATION_INFO = *mut SYSTEM_ACTIVITY_MODERATION_INFO; STRUCT!{struct SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS { UserKeyHandle: HANDLE, }} pub type PSYSTEM_ACTIVITY_MODERATION_USER_SETTINGS = *mut SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS; STRUCT!{struct SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION { Flags: ULONG, UnlockId: [UCHAR; 32], }} BITFIELD!{SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION Flags: ULONG [ Locked set_Locked[0..1], Unlockable set_Unlockable[1..2], UnlockApplied set_UnlockApplied[2..3], UnlockIdValid set_UnlockIdValid[3..4], Reserved set_Reserved[4..32], ]} pub type PSYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION = *mut SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION; STRUCT!{struct SYSTEM_FLUSH_INFORMATION { SupportedFlushMethods: ULONG, ProcessorCacheFlushSize: ULONG, SystemFlushCapabilities: ULONGLONG, Reserved: [ULONGLONG; 2], }} pub type PSYSTEM_FLUSH_INFORMATION = *mut SYSTEM_FLUSH_INFORMATION; STRUCT!{struct SYSTEM_WRITE_CONSTRAINT_INFORMATION { WriteConstraintPolicy: ULONG, Reserved: ULONG, }} pub type PSYSTEM_WRITE_CONSTRAINT_INFORMATION = *mut SYSTEM_WRITE_CONSTRAINT_INFORMATION; STRUCT!{struct SYSTEM_KERNEL_VA_SHADOW_INFORMATION { Flags: ULONG, }} BITFIELD!{SYSTEM_KERNEL_VA_SHADOW_INFORMATION Flags: ULONG [ KvaShadowEnabled set_KvaShadowEnabled[0..1], KvaShadowUserGlobal set_KvaShadowUserGlobal[1..2], KvaShadowPcid set_KvaShadowPcid[2..3], KvaShadowInvpcid set_KvaShadowInvpcid[3..4], KvaShadowRequired set_KvaShadowRequired[4..5], KvaShadowRequiredAvailable set_KvaShadowRequiredAvailable[5..6], InvalidPteBit set_InvalidPteBit[6..12], L1DataCacheFlushSupported set_L1DataCacheFlushSupported[12..13], L1TerminalFaultMitigationPresent set_L1TerminalFaultMitigationPresent[13..14], Reserved set_Reserved[14..32], ]} pub type PSYSTEM_KERNEL_VA_SHADOW_INFORMATION = *mut SYSTEM_KERNEL_VA_SHADOW_INFORMATION; STRUCT!{struct SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION { FileHandle: HANDLE, ImageSize: ULONG, Image: PVOID, }} pub type PSYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION = *mut SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION; STRUCT!{struct SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION { HypervisorSharedUserVa: PVOID, }} pub type PSYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION = *mut SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION; STRUCT!{struct SYSTEM_SPECULATION_CONTROL_INFORMATION { Flags: ULONG, }} BITFIELD!{SYSTEM_SPECULATION_CONTROL_INFORMATION Flags: ULONG [ BpbEnabled set_BpbEnabled[0..1], BpbDisabledSystemPolicy set_BpbDisabledSystemPolicy[1..2], BpbDisabledNoHardwareSupport set_BpbDisabledNoHardwareSupport[2..3], SpecCtrlEnumerated set_SpecCtrlEnumerated[3..4], SpecCmdEnumerated set_SpecCmdEnumerated[4..5], IbrsPresent set_IbrsPresent[5..6], StibpPresent set_StibpPresent[6..7], SmepPresent set_SmepPresent[7..8], SpeculativeStoreBypassDisableAvailable set_SpeculativeStoreBypassDisableAvailable[8..9], SpeculativeStoreBypassDisableSupported set_SpeculativeStoreBypassDisableSupported[9..10], SpeculativeStoreBypassDisabledSystemWide set_SpeculativeStoreBypassDisabledSystemWide[10..11], SpeculativeStoreBypassDisabledKernel set_SpeculativeStoreBypassDisabledKernel[11..12], SpeculativeStoreBypassDisableRequired set_SpeculativeStoreBypassDisableRequired[12..13], BpbDisabledKernelToUser set_BpbDisabledKernelToUser[13..14], SpecCtrlRetpolineEnabled set_SpecCtrlRetpolineEnabled[14..15], SpecCtrlImportOptimizationEnabled set_SpecCtrlImportOptimizationEnabled[15..16], Reserved set_Reserved[16..32], ]} pub type PSYSTEM_SPECULATION_CONTROL_INFORMATION = *mut SYSTEM_SPECULATION_CONTROL_INFORMATION; STRUCT!{struct SYSTEM_DMA_GUARD_POLICY_INFORMATION { DmaGuardPolicyEnabled: BOOLEAN, }} pub type PSYSTEM_DMA_GUARD_POLICY_INFORMATION = *mut SYSTEM_DMA_GUARD_POLICY_INFORMATION; STRUCT!{struct SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION { EnclaveLaunchSigner: [UCHAR; 32], }} pub type PSYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION = *mut SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION; STRUCT!{struct SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION { WorkloadClass: ULONGLONG, CpuSets: [ULONGLONG; 1], }} pub type PSYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION = *mut SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION; EXTERN!{extern "system" { fn NtQuerySystemInformation( SystemInformationClass: SYSTEM_INFORMATION_CLASS, SystemInformation: PVOID, SystemInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtQuerySystemInformationEx( SystemInformationClass: SYSTEM_INFORMATION_CLASS, InputBuffer: PVOID, InputBufferLength: ULONG, SystemInformation: PVOID, SystemInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtSetSystemInformation( SystemInformationClass: SYSTEM_INFORMATION_CLASS, SystemInformation: PVOID, SystemInformationLength: ULONG, ) -> NTSTATUS; }} ENUM!{enum SYSDBG_COMMAND { SysDbgQueryModuleInformation = 0, SysDbgQueryTraceInformation = 1, SysDbgSetTracepoint = 2, SysDbgSetSpecialCall = 3, SysDbgClearSpecialCalls = 4, SysDbgQuerySpecialCalls = 5, SysDbgBreakPoint = 6, SysDbgQueryVersion = 7, SysDbgReadVirtual = 8, SysDbgWriteVirtual = 9, SysDbgReadPhysical = 10, SysDbgWritePhysical = 11, SysDbgReadControlSpace = 12, SysDbgWriteControlSpace = 13, SysDbgReadIoSpace = 14, SysDbgWriteIoSpace = 15, SysDbgReadMsr = 16, SysDbgWriteMsr = 17, SysDbgReadBusData = 18, SysDbgWriteBusData = 19, SysDbgCheckLowMemory = 20, SysDbgEnableKernelDebugger = 21, SysDbgDisableKernelDebugger = 22, SysDbgGetAutoKdEnable = 23, SysDbgSetAutoKdEnable = 24, SysDbgGetPrintBufferSize = 25, SysDbgSetPrintBufferSize = 26, SysDbgGetKdUmExceptionEnable = 27, SysDbgSetKdUmExceptionEnable = 28, SysDbgGetTriageDump = 29, SysDbgGetKdBlockEnable = 30, SysDbgSetKdBlockEnable = 31, SysDbgRegisterForUmBreakInfo = 32, SysDbgGetUmBreakPid = 33, SysDbgClearUmBreakPid = 34, SysDbgGetUmAttachPid = 35, SysDbgClearUmAttachPid = 36, SysDbgGetLiveKernelDump = 37, }} pub type PSYSDBG_COMMAND = *mut SYSDBG_COMMAND; STRUCT!{struct SYSDBG_VIRTUAL { Address: PVOID, Buffer: PVOID, Request: ULONG, }} pub type PSYSDBG_VIRTUAL = *mut SYSDBG_VIRTUAL; STRUCT!{struct SYSDBG_PHYSICAL { Address: PHYSICAL_ADDRESS, Buffer: PVOID, Request: ULONG, }} pub type PSYSDBG_PHYSICAL = *mut SYSDBG_PHYSICAL; STRUCT!{struct SYSDBG_CONTROL_SPACE { Address: ULONG64, Buffer: PVOID, Request: ULONG, Processor: ULONG, }} pub type PSYSDBG_CONTROL_SPACE = *mut SYSDBG_CONTROL_SPACE; STRUCT!{struct SYSDBG_IO_SPACE { Address: ULONG64, Buffer: PVOID, Request: ULONG, InterfaceType: INTERFACE_TYPE, BusNumber: ULONG, AddressSpace: ULONG, }} pub type PSYSDBG_IO_SPACE = *mut SYSDBG_IO_SPACE; STRUCT!{struct SYSDBG_MSR { Msr: ULONG, Data: ULONG64, }} pub type PSYSDBG_MSR = *mut SYSDBG_MSR; STRUCT!{struct SYSDBG_BUS_DATA { Address: ULONG, Buffer: PVOID, Request: ULONG, BusDataType: BUS_DATA_TYPE, BusNumber: ULONG, SlotNumber: ULONG, }} pub type PSYSDBG_BUS_DATA = *mut SYSDBG_BUS_DATA; STRUCT!{struct SYSDBG_TRIAGE_DUMP { Flags: ULONG, BugCheckCode: ULONG, BugCheckParam1: ULONG_PTR, BugCheckParam2: ULONG_PTR, BugCheckParam3: ULONG_PTR, BugCheckParam4: ULONG_PTR, ProcessHandles: ULONG, ThreadHandles: ULONG, Handles: PHANDLE, }} pub type PSYSDBG_TRIAGE_DUMP = *mut SYSDBG_TRIAGE_DUMP; STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_FLAGS { AsUlong: ULONG, }} BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_FLAGS AsUlong: ULONG [ UseDumpStorageStack set_UseDumpStorageStack[0..1], CompressMemoryPagesData set_CompressMemoryPagesData[1..2], IncludeUserSpaceMemoryPages set_IncludeUserSpaceMemoryPages[2..3], AbortIfMemoryPressure set_AbortIfMemoryPressure[3..4], Reserved set_Reserved[4..32], ]} pub type PSYSDBG_LIVEDUMP_CONTROL_FLAGS = *mut SYSDBG_LIVEDUMP_CONTROL_FLAGS; STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL_ADDPAGES { AsUlong: ULONG, }} BITFIELD!{SYSDBG_LIVEDUMP_CONTROL_ADDPAGES AsUlong: ULONG [ HypervisorPages set_HypervisorPages[0..1], Reserved set_Reserved[1..32], ]} pub type PSYSDBG_LIVEDUMP_CONTROL_ADDPAGES = *mut SYSDBG_LIVEDUMP_CONTROL_ADDPAGES; pub const SYSDBG_LIVEDUMP_CONTROL_VERSION: ULONG = 1; STRUCT!{struct SYSDBG_LIVEDUMP_CONTROL { Version: ULONG, BugCheckCode: ULONG, BugCheckParam1: ULONG_PTR, BugCheckParam2: ULONG_PTR, BugCheckParam3: ULONG_PTR, BugCheckParam4: ULONG_PTR, DumpFileHandle: HANDLE, CancelEventHandle: HANDLE, Flags: SYSDBG_LIVEDUMP_CONTROL_FLAGS, AddPagesControl: SYSDBG_LIVEDUMP_CONTROL_ADDPAGES, }} pub type PSYSDBG_LIVEDUMP_CONTROL = *mut SYSDBG_LIVEDUMP_CONTROL; EXTERN!{extern "system" { fn NtSystemDebugControl( Command: SYSDBG_COMMAND, InputBuffer: PVOID, InputBufferLength: ULONG, OutputBuffer: PVOID, OutputBufferLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; }} ENUM!{enum HARDERROR_RESPONSE_OPTION { OptionAbortRetryIgnore = 0, OptionOk = 1, OptionOkCancel = 2, OptionRetryCancel = 3, OptionYesNo = 4, OptionYesNoCancel = 5, OptionShutdownSystem = 6, OptionOkNoWait = 7, OptionCancelTryContinue = 8, }} ENUM!{enum HARDERROR_RESPONSE { ResponseReturnToCaller = 0, ResponseNotHandled = 1, ResponseAbort = 2, ResponseCancel = 3, ResponseIgnore = 4, ResponseNo = 5, ResponseOk = 6, ResponseRetry = 7, ResponseYes = 8, ResponseTryAgain = 9, ResponseContinue = 10, }} pub const HARDERROR_OVERRIDE_ERRORMODE: ULONG = 0x10000000; EXTERN!{extern "system" { fn NtRaiseHardError( ErrorStatus: NTSTATUS, NumberOfParameters: ULONG, UnicodeStringParameterMask: ULONG, Parameters: PULONG_PTR, ValidResponseOptions: ULONG, Response: PULONG, ) -> NTSTATUS; }} ENUM!{enum ALTERNATIVE_ARCHITECTURE_TYPE { StandardDesign = 0, NEC98x86 = 1, EndAlternatives = 2, }} pub const PROCESSOR_FEATURE_MAX: usize = 64; pub const MAX_WOW64_SHARED_ENTRIES: u32 = 16; pub const NX_SUPPORT_POLICY_ALWAYSOFF: u32 = 0; pub const NX_SUPPORT_POLICY_ALWAYSON: u32 = 1; pub const NX_SUPPORT_POLICY_OPTIN: u32 = 2; pub const NX_SUPPORT_POLICY_OPTOUT: u32 = 3; UNION!{union KUSER_SHARED_DATA_u { TickCount: KSYSTEM_TIME, TickCountQuad: ULONG64, ReservedTickCountOverlay: [ULONG; 3], }} STRUCT!{#[repr(packed(4))] struct KUSER_SHARED_DATA { TickCountLowDeprecated: ULONG, TickCountMultiplier: ULONG, InterruptTime: KSYSTEM_TIME, SystemTime: KSYSTEM_TIME, TimeZoneBias: KSYSTEM_TIME, ImageNumberLow: USHORT, ImageNumberHigh: USHORT, NtSystemRoot: [WCHAR; 260], MaxStackTraceDepth: ULONG, CryptoExponent: ULONG, TimeZoneId: ULONG, LargePageMinimum: ULONG, AitSamplingValue: ULONG, AppCompatFlag: ULONG, RNGSeedVersion: ULONGLONG, GlobalValidationRunlevel: ULONG, TimeZoneBiasStamp: LONG, NtBuildNumber: ULONG, NtProductType: NT_PRODUCT_TYPE, ProductTypeIsValid: BOOLEAN, Reserved0: [UCHAR; 1], NativeProcessorArchitecture: USHORT, NtMajorVersion: ULONG, NtMinorVersion: ULONG, ProcessorFeatures: [BOOLEAN; PROCESSOR_FEATURE_MAX], Reserved1: ULONG, Reserved3: ULONG, TimeSlip: ULONG, AlternativeArchitecture: ALTERNATIVE_ARCHITECTURE_TYPE, BootId: ULONG, SystemExpirationDate: LARGE_INTEGER, SuiteMask: ULONG, KdDebuggerEnabled: BOOLEAN, MitigationPolicies: UCHAR, Reserved6: [UCHAR; 2], ActiveConsoleId: ULONG, DismountCount: ULONG, ComPlusPackage: ULONG, LastSystemRITEventTickCount: ULONG, NumberOfPhysicalPages: ULONG, SafeBootMode: BOOLEAN, VirtualizationFlags: UCHAR, Reserved12: [UCHAR; 2], SharedDataFlags: ULONG, DataFlagsPad: [ULONG; 1], TestRetInstruction: ULONGLONG, QpcFrequency: LONGLONG, SystemCall: ULONG, SystemCallPad0: ULONG, SystemCallPad: [ULONGLONG; 2], u: KUSER_SHARED_DATA_u, //TickCountPad: [ULONG; 1], Cookie: ULONG, CookiePad: [ULONG; 1], ConsoleSessionForegroundProcessId: LONGLONG, TimeUpdateLock: ULONGLONG, BaselineSystemTimeQpc: ULONGLONG, BaselineInterruptTimeQpc: ULONGLONG, QpcSystemTimeIncrement: ULONGLONG, QpcInterruptTimeIncrement: ULONGLONG, QpcSystemTimeIncrementShift: UCHAR, QpcInterruptTimeIncrementShift: UCHAR, UnparkedProcessorCount: USHORT, EnclaveFeatureMask: [ULONG; 4], TelemetryCoverageRound: ULONG, UserModeGlobalLogger: [USHORT; 16], ImageFileExecutionOptions: ULONG, LangGenerationCount: ULONG, Reserved4: ULONGLONG, InterruptTimeBias: ULONG64, QpcBias: ULONG64, ActiveProcessorCount: ULONG, ActiveGroupCount: UCHAR, Reserved9: UCHAR, QpcData: UCHAR, TimeZoneBiasEffectiveStart: LARGE_INTEGER, TimeZoneBiasEffectiveEnd: LARGE_INTEGER, XState: XSTATE_CONFIGURATION, }} BITFIELD!{KUSER_SHARED_DATA MitigationPolicies: UCHAR [ NXSupportPolicy set_NXSupportPolicy[0..2], SEHValidationPolicy set_SEHValidationPolicy[2..4], CurDirDevicesSkippedForDlls set_CurDirDevicesSkippedForDlls[4..6], Reserved set_Reserved[6..8], ]} BITFIELD!{KUSER_SHARED_DATA SharedDataFlags: ULONG [ DbgErrorPortPresent set_DbgErrorPortPresent[0..1], DbgElevationEnabled set_DbgElevationEnabled[1..2], DbgVirtEnabled set_DbgVirtEnabled[2..3], DbgInstallerDetectEnabled set_DbgInstallerDetectEnabled[3..4], DbgLkgEnabled set_DbgLkgEnabled[4..5], DbgDynProcessorEnabled set_DbgDynProcessorEnabled[5..6], DbgConsoleBrokerEnabled set_DbgConsoleBrokerEnabled[6..7], DbgSecureBootEnabled set_DbgSecureBootEnabled[7..8], DbgMultiSessionSku set_DbgMultiSessionSku[8..9], DbgMultiUsersInSessionSku set_DbgMultiUsersInSessionSku[9..10], DbgStateSeparationEnabled set_DbgStateSeparationEnabled[10..11], SpareBits set_SpareBits[11..32], ]} BITFIELD!{KUSER_SHARED_DATA QpcData: UCHAR [ QpcBypassEnabled set_QpcBypassEnabled[0..1], QpcShift set_QpcShift[1..2], ]} pub type PKUSER_SHARED_DATA = *mut KUSER_SHARED_DATA; pub const USER_SHARED_DATA: *const KUSER_SHARED_DATA = 0x7ffe0000 as *const _; #[inline] pub unsafe fn NtGetTickCount64() -> ULONGLONG { let mut tick_count: ULARGE_INTEGER = MaybeUninit::uninit().assume_init(); #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] { *tick_count.QuadPart_mut() = read_volatile(addr_of!((*USER_SHARED_DATA).u.TickCountQuad)); } #[cfg(target_arch = "x86")] { loop { tick_count.s_mut().HighPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time) as u32; tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart); if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time) as u32 { break; } spin_loop(); } } (UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24) + (UInt32x32To64( tick_count.s().HighPart as u32, (*USER_SHARED_DATA).TickCountMultiplier, ) << 8) } #[inline] pub unsafe fn NtGetTickCount() -> ULONG { #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] { ((read_volatile(addr_of!((*USER_SHARED_DATA).u.TickCountQuad)) * (*USER_SHARED_DATA).TickCountMultiplier as u64) >> 24) as u32 } #[cfg(target_arch = "x86")] { let mut tick_count: ULARGE_INTEGER = MaybeUninit::uninit().assume_init(); loop { tick_count.s_mut().HighPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.High1Time) as u32; tick_count.s_mut().LowPart = read_volatile(&(*USER_SHARED_DATA).u.TickCount.LowPart); if tick_count.s().HighPart == read_volatile(&(*USER_SHARED_DATA).u.TickCount.High2Time) as u32 { break; } spin_loop(); } ((UInt32x32To64(tick_count.s().LowPart, (*USER_SHARED_DATA).TickCountMultiplier) >> 24) + UInt32x32To64( (tick_count.s().HighPart as u32) << 8, (*USER_SHARED_DATA).TickCountMultiplier, )) as u32 } } EXTERN!{extern "system" { fn NtQueryDefaultLocale( UserProfile: BOOLEAN, DefaultLocaleId: PLCID, ) -> NTSTATUS; fn NtSetDefaultLocale( UserProfile: BOOLEAN, DefaultLocaleId: LCID, ) -> NTSTATUS; fn NtQueryInstallUILanguage( InstallUILanguageId: *mut LANGID, ) -> NTSTATUS; fn NtFlushInstallUILanguage( InstallUILanguage: LANGID, SetComittedFlag: ULONG, ) -> NTSTATUS; fn NtQueryDefaultUILanguage( DefaultUILanguageId: *mut LANGID, ) -> NTSTATUS; fn NtSetDefaultUILanguage( DefaultUILanguageId: LANGID, ) -> NTSTATUS; fn NtIsUILanguageComitted() -> NTSTATUS; fn NtInitializeNlsFiles( BaseAddress: *mut PVOID, DefaultLocaleId: PLCID, DefaultCasingTableSize: PLARGE_INTEGER, ) -> NTSTATUS; fn NtGetNlsSectionPtr( SectionType: ULONG, SectionData: ULONG, ContextData: PVOID, SectionPointer: *mut PVOID, SectionSize: PULONG, ) -> NTSTATUS; fn NtMapCMFModule( What: ULONG, Index: ULONG, CacheIndexOut: PULONG, CacheFlagsOut: PULONG, ViewSizeOut: PULONG, BaseAddress: *mut PVOID, ) -> NTSTATUS; fn NtGetMUIRegistryInfo( Flags: ULONG, DataSize: PULONG, Data: PVOID, ) -> NTSTATUS; fn NtAddAtom( AtomName: PWSTR, Length: ULONG, Atom: PRTL_ATOM, ) -> NTSTATUS; }} pub const ATOM_FLAG_GLOBAL: ULONG = 0x2; EXTERN!{extern "system" { fn NtAddAtomEx( AtomName: PWSTR, Length: ULONG, Atom: PRTL_ATOM, Flags: ULONG, ) -> NTSTATUS; fn NtFindAtom( AtomName: PWSTR, Length: ULONG, Atom: PRTL_ATOM, ) -> NTSTATUS; fn NtDeleteAtom( Atom: RTL_ATOM, ) -> NTSTATUS; }} ENUM!{enum ATOM_INFORMATION_CLASS { AtomBasicInformation = 0, AtomTableInformation = 1, }} STRUCT!{struct ATOM_BASIC_INFORMATION { UsageCount: USHORT, Flags: USHORT, NameLength: USHORT, Name: [WCHAR; 1], }} pub type PATOM_BASIC_INFORMATION = *mut ATOM_BASIC_INFORMATION; STRUCT!{struct ATOM_TABLE_INFORMATION { NumberOfAtoms: ULONG, Atoms: [RTL_ATOM; 1], }} pub type PATOM_TABLE_INFORMATION = *mut ATOM_TABLE_INFORMATION; EXTERN!{extern "system" { fn NtQueryInformationAtom( Atom: RTL_ATOM, AtomInformationClass: ATOM_INFORMATION_CLASS, AtomInformation: PVOID, AtomInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; }} pub const FLG_STOP_ON_EXCEPTION: u32 = 0x00000001; pub const FLG_SHOW_LDR_SNAPS: u32 = 0x00000002; pub const FLG_DEBUG_INITIAL_COMMAND: u32 = 0x00000004; pub const FLG_STOP_ON_HUNG_GUI: u32 = 0x00000008; pub const FLG_HEAP_ENABLE_TAIL_CHECK: u32 = 0x00000010; pub const FLG_HEAP_ENABLE_FREE_CHECK: u32 = 0x00000020; pub const FLG_HEAP_VALIDATE_PARAMETERS: u32 = 0x00000040; pub const FLG_HEAP_VALIDATE_ALL: u32 = 0x00000080; pub const FLG_APPLICATION_VERIFIER: u32 = 0x00000100; pub const FLG_POOL_ENABLE_TAGGING: u32 = 0x00000400; pub const FLG_HEAP_ENABLE_TAGGING: u32 = 0x00000800; pub const FLG_USER_STACK_TRACE_DB: u32 = 0x00001000; pub const FLG_KERNEL_STACK_TRACE_DB: u32 = 0x00002000; pub const FLG_MAINTAIN_OBJECT_TYPELIST: u32 = 0x00004000; pub const FLG_HEAP_ENABLE_TAG_BY_DLL: u32 = 0x00008000; pub const FLG_DISABLE_STACK_EXTENSION: u32 = 0x00010000; pub const FLG_ENABLE_CSRDEBUG: u32 = 0x00020000; pub const FLG_ENABLE_KDEBUG_SYMBOL_LOAD: u32 = 0x00040000; pub const FLG_DISABLE_PAGE_KERNEL_STACKS: u32 = 0x00080000; pub const FLG_ENABLE_SYSTEM_CRIT_BREAKS: u32 = 0x00100000; pub const FLG_HEAP_DISABLE_COALESCING: u32 = 0x00200000; pub const FLG_ENABLE_CLOSE_EXCEPTIONS: u32 = 0x00400000; pub const FLG_ENABLE_EXCEPTION_LOGGING: u32 = 0x00800000; pub const FLG_ENABLE_HANDLE_TYPE_TAGGING: u32 = 0x01000000; pub const FLG_HEAP_PAGE_ALLOCS: u32 = 0x02000000; pub const FLG_DEBUG_INITIAL_COMMAND_EX: u32 = 0x04000000; pub const FLG_DISABLE_DBGPRINT: u32 = 0x08000000; pub const FLG_CRITSEC_EVENT_CREATION: u32 = 0x10000000; pub const FLG_LDR_TOP_DOWN: u32 = 0x20000000; pub const FLG_ENABLE_HANDLE_EXCEPTIONS: u32 = 0x40000000; pub const FLG_DISABLE_PROTDLLS: u32 = 0x80000000; pub const FLG_VALID_BITS: u32 = 0xfffffdff; pub const FLG_USERMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS | FLG_HEAP_ENABLE_TAIL_CHECK | FLG_HEAP_ENABLE_FREE_CHECK | FLG_HEAP_VALIDATE_PARAMETERS | FLG_HEAP_VALIDATE_ALL | FLG_APPLICATION_VERIFIER | FLG_HEAP_ENABLE_TAGGING | FLG_USER_STACK_TRACE_DB | FLG_HEAP_ENABLE_TAG_BY_DLL | FLG_DISABLE_STACK_EXTENSION | FLG_ENABLE_SYSTEM_CRIT_BREAKS | FLG_HEAP_DISABLE_COALESCING | FLG_DISABLE_PROTDLLS | FLG_HEAP_PAGE_ALLOCS | FLG_CRITSEC_EVENT_CREATION | FLG_LDR_TOP_DOWN; pub const FLG_BOOTONLY_VALID_BITS: u32 = FLG_KERNEL_STACK_TRACE_DB | FLG_MAINTAIN_OBJECT_TYPELIST | FLG_ENABLE_CSRDEBUG | FLG_DEBUG_INITIAL_COMMAND | FLG_DEBUG_INITIAL_COMMAND_EX | FLG_DISABLE_PAGE_KERNEL_STACKS; pub const FLG_KERNELMODE_VALID_BITS: u32 = FLG_STOP_ON_EXCEPTION | FLG_SHOW_LDR_SNAPS | FLG_STOP_ON_HUNG_GUI | FLG_POOL_ENABLE_TAGGING | FLG_ENABLE_KDEBUG_SYMBOL_LOAD | FLG_ENABLE_CLOSE_EXCEPTIONS | FLG_ENABLE_EXCEPTION_LOGGING | FLG_ENABLE_HANDLE_TYPE_TAGGING | FLG_DISABLE_DBGPRINT | FLG_ENABLE_HANDLE_EXCEPTIONS; EXTERN!{extern "system" { fn NtQueryLicenseValue( ValueName: PUNICODE_STRING, Type: PULONG, Data: PVOID, DataSize: ULONG, ResultDataSize: PULONG, ) -> NTSTATUS; fn NtSetDefaultHardErrorPort( DefaultHardErrorPort: HANDLE, ) -> NTSTATUS; }} ENUM!{enum SHUTDOWN_ACTION { ShutdownNoReboot = 0, ShutdownReboot = 1, ShutdownPowerOff = 2, }} EXTERN!{extern "system" { fn NtShutdownSystem( Action: SHUTDOWN_ACTION, ) -> NTSTATUS; fn NtDisplayString( String: PUNICODE_STRING, ) -> NTSTATUS; fn NtDrawText( Text: PUNICODE_STRING, ) -> NTSTATUS; }} ntapi-0.4.0/src/ntgdi.rs000064400000000000000000000116210072674642500132330ustar 00000000000000use winapi::shared::ntdef::{PVOID, UCHAR, ULONG, USHORT}; pub const GDI_MAX_HANDLE_COUNT: usize = 0x4000; pub const GDI_HANDLE_INDEX_SHIFT: ULONG = 0; pub const GDI_HANDLE_INDEX_BITS: ULONG = 16; pub const GDI_HANDLE_INDEX_MASK: ULONG = 0xffff; pub const GDI_HANDLE_TYPE_SHIFT: ULONG = 16; pub const GDI_HANDLE_TYPE_BITS: ULONG = 5; pub const GDI_HANDLE_TYPE_MASK: ULONG = 0x1f; pub const GDI_HANDLE_ALTTYPE_SHIFT: ULONG = 21; pub const GDI_HANDLE_ALTTYPE_BITS: ULONG = 2; pub const GDI_HANDLE_ALTTYPE_MASK: ULONG = 0x3; pub const GDI_HANDLE_STOCK_SHIFT: ULONG = 23; pub const GDI_HANDLE_STOCK_BITS: ULONG = 1; pub const GDI_HANDLE_STOCK_MASK: ULONG = 0x1; pub const GDI_HANDLE_UNIQUE_SHIFT: ULONG = 24; pub const GDI_HANDLE_UNIQUE_BITS: ULONG = 8; pub const GDI_HANDLE_UNIQUE_MASK: ULONG = 0xff; #[inline] pub const fn GDI_HANDLE_INDEX(Handle: ULONG) -> ULONG { Handle & GDI_HANDLE_INDEX_MASK } #[inline] pub const fn GDI_HANDLE_TYPE(Handle: ULONG) -> ULONG { Handle >> GDI_HANDLE_TYPE_SHIFT & GDI_HANDLE_TYPE_MASK } #[inline] pub const fn GDI_HANDLE_ALTTYPE(Handle: ULONG) -> ULONG { Handle >> GDI_HANDLE_ALTTYPE_SHIFT & GDI_HANDLE_ALTTYPE_MASK } #[inline] pub const fn GDI_HANDLE_STOCK(Handle: ULONG) -> ULONG { Handle >> GDI_HANDLE_STOCK_SHIFT & GDI_HANDLE_STOCK_MASK } #[inline] pub const fn GDI_MAKE_HANDLE(Index: ULONG, Unique: ULONG) -> ULONG { Unique << GDI_HANDLE_INDEX_BITS | Index } pub const GDI_DEF_TYPE: ULONG = 0; pub const GDI_DC_TYPE: ULONG = 1; pub const GDI_DD_DIRECTDRAW_TYPE: ULONG = 2; pub const GDI_DD_SURFACE_TYPE: ULONG = 3; pub const GDI_RGN_TYPE: ULONG = 4; pub const GDI_SURF_TYPE: ULONG = 5; pub const GDI_CLIENTOBJ_TYPE: ULONG = 6; pub const GDI_PATH_TYPE: ULONG = 7; pub const GDI_PAL_TYPE: ULONG = 8; pub const GDI_ICMLCS_TYPE: ULONG = 9; pub const GDI_LFONT_TYPE: ULONG = 10; pub const GDI_RFONT_TYPE: ULONG = 11; pub const GDI_PFE_TYPE: ULONG = 12; pub const GDI_PFT_TYPE: ULONG = 13; pub const GDI_ICMCXF_TYPE: ULONG = 14; pub const GDI_ICMDLL_TYPE: ULONG = 15; pub const GDI_BRUSH_TYPE: ULONG = 16; pub const GDI_PFF_TYPE: ULONG = 17; pub const GDI_CACHE_TYPE: ULONG = 18; pub const GDI_SPACE_TYPE: ULONG = 19; pub const GDI_DBRUSH_TYPE: ULONG = 20; pub const GDI_META_TYPE: ULONG = 21; pub const GDI_EFSTATE_TYPE: ULONG = 22; pub const GDI_BMFD_TYPE: ULONG = 23; pub const GDI_VTFD_TYPE: ULONG = 24; pub const GDI_TTFD_TYPE: ULONG = 25; pub const GDI_RC_TYPE: ULONG = 26; pub const GDI_TEMP_TYPE: ULONG = 27; pub const GDI_DRVOBJ_TYPE: ULONG = 28; pub const GDI_DCIOBJ_TYPE: ULONG = 29; pub const GDI_SPOOL_TYPE: ULONG = 30; #[inline] pub const fn GDI_CLIENT_TYPE_FROM_HANDLE(Handle: ULONG) -> ULONG { Handle & (GDI_HANDLE_ALTTYPE_MASK << GDI_HANDLE_ALTTYPE_SHIFT | GDI_HANDLE_TYPE_MASK << GDI_HANDLE_TYPE_SHIFT) } #[inline] pub const fn GDI_CLIENT_TYPE_FROM_UNIQUE(Unique: ULONG) -> ULONG { GDI_CLIENT_TYPE_FROM_HANDLE(Unique << 16) } pub const GDI_ALTTYPE_1: ULONG = 1 << GDI_HANDLE_ALTTYPE_SHIFT; pub const GDI_ALTTYPE_2: ULONG = 2 << GDI_HANDLE_ALTTYPE_SHIFT; pub const GDI_ALTTYPE_3: ULONG = 3 << GDI_HANDLE_ALTTYPE_SHIFT; pub const GDI_CLIENT_BITMAP_TYPE: ULONG = GDI_SURF_TYPE << GDI_HANDLE_TYPE_SHIFT; pub const GDI_CLIENT_BRUSH_TYPE: ULONG = GDI_BRUSH_TYPE << GDI_HANDLE_TYPE_SHIFT; pub const GDI_CLIENT_CLIENTOBJ_TYPE: ULONG = GDI_CLIENTOBJ_TYPE << GDI_HANDLE_TYPE_SHIFT; pub const GDI_CLIENT_DC_TYPE: ULONG = GDI_DC_TYPE << GDI_HANDLE_TYPE_SHIFT; pub const GDI_CLIENT_FONT_TYPE: ULONG = GDI_LFONT_TYPE << GDI_HANDLE_TYPE_SHIFT; pub const GDI_CLIENT_PALETTE_TYPE: ULONG = GDI_PAL_TYPE << GDI_HANDLE_TYPE_SHIFT; pub const GDI_CLIENT_REGION_TYPE: ULONG = GDI_RGN_TYPE << GDI_HANDLE_TYPE_SHIFT; pub const GDI_CLIENT_ALTDC_TYPE: ULONG = GDI_CLIENT_DC_TYPE | GDI_ALTTYPE_1; pub const GDI_CLIENT_DIBSECTION_TYPE: ULONG = GDI_CLIENT_BITMAP_TYPE | GDI_ALTTYPE_1; pub const GDI_CLIENT_EXTPEN_TYPE: ULONG = GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_2; pub const GDI_CLIENT_METADC16_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_3; pub const GDI_CLIENT_METAFILE_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_2; pub const GDI_CLIENT_METAFILE16_TYPE: ULONG = GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_1; pub const GDI_CLIENT_PEN_TYPE: ULONG = GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_1; UNION!{union GDI_HANDLE_ENTRY_u { Object: PVOID, NextFree: PVOID, }} STRUCT!{struct GDI_HANDLE_ENTRY_Owner_s { ProcessId: USHORT, Bitfields: USHORT, }} BITFIELD!{GDI_HANDLE_ENTRY_Owner_s Bitfields: USHORT [ Lock set_Lock[0..1], Count set_Count[1..16], ]} UNION!{union GDI_HANDLE_ENTRY_Owner { s: GDI_HANDLE_ENTRY_Owner_s, Value: ULONG, }} STRUCT!{struct GDI_HANDLE_ENTRY { u: GDI_HANDLE_ENTRY_u, Owner: GDI_HANDLE_ENTRY_Owner, Unique: USHORT, Type: UCHAR, Flags: UCHAR, UserPointer: PVOID, }} pub type PGDI_HANDLE_ENTRY = *mut GDI_HANDLE_ENTRY; STRUCT!{struct GDI_SHARED_MEMORY { Handles: [GDI_HANDLE_ENTRY; GDI_MAX_HANDLE_COUNT], }} pub type PGDI_SHARED_MEMORY = *mut GDI_SHARED_MEMORY; ntapi-0.4.0/src/ntioapi.rs000064400000000000000000001453640072674642500136050ustar 00000000000000use crate::string::UTF16Const; use crate::winapi_local::um::winioctl::CTL_CODE; use winapi::shared::basetsd::ULONG_PTR; use winapi::shared::guiddef::GUID; use winapi::shared::minwindef::DWORD; use winapi::shared::ntdef::{ BOOLEAN, CCHAR, CHAR, HANDLE, LARGE_INTEGER, LONG, LONGLONG, NTSTATUS, PBOOLEAN, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, ULONGLONG, USHORT, WCHAR, }; use winapi::um::winioctl::{ FILE_ANY_ACCESS, FILE_DEVICE_MAILSLOT, FILE_DEVICE_NAMED_PIPE, METHOD_BUFFERED, METHOD_NEITHER, }; use winapi::um::winnt::{ ACCESS_MASK, FILE_ID_128, FILE_READ_DATA, FILE_WRITE_DATA, PFILE_SEGMENT_ELEMENT, PSID, SID, }; pub const FILE_SUPERSEDE: ULONG = 0x00000000; pub const FILE_OPEN: ULONG = 0x00000001; pub const FILE_CREATE: ULONG = 0x00000002; pub const FILE_OPEN_IF: ULONG = 0x00000003; pub const FILE_OVERWRITE: ULONG = 0x00000004; pub const FILE_OVERWRITE_IF: ULONG = 0x00000005; pub const FILE_MAXIMUM_DISPOSITION: ULONG = 0x00000005; pub const FILE_DIRECTORY_FILE: ULONG = 0x00000001; pub const FILE_WRITE_THROUGH: ULONG = 0x00000002; pub const FILE_SEQUENTIAL_ONLY: ULONG = 0x00000004; pub const FILE_NO_INTERMEDIATE_BUFFERING: ULONG = 0x00000008; pub const FILE_SYNCHRONOUS_IO_ALERT: ULONG = 0x00000010; pub const FILE_SYNCHRONOUS_IO_NONALERT: ULONG = 0x00000020; pub const FILE_NON_DIRECTORY_FILE: ULONG = 0x00000040; pub const FILE_CREATE_TREE_CONNECTION: ULONG = 0x00000080; pub const FILE_COMPLETE_IF_OPLOCKED: ULONG = 0x00000100; pub const FILE_NO_EA_KNOWLEDGE: ULONG = 0x00000200; pub const FILE_OPEN_FOR_RECOVERY: ULONG = 0x00000400; pub const FILE_RANDOM_ACCESS: ULONG = 0x00000800; pub const FILE_DELETE_ON_CLOSE: ULONG = 0x00001000; pub const FILE_OPEN_BY_FILE_ID: ULONG = 0x00002000; pub const FILE_OPEN_FOR_BACKUP_INTENT: ULONG = 0x00004000; pub const FILE_NO_COMPRESSION: ULONG = 0x00008000; pub const FILE_OPEN_REQUIRING_OPLOCK: ULONG = 0x00010000; pub const FILE_DISALLOW_EXCLUSIVE: ULONG = 0x00020000; pub const FILE_SESSION_AWARE: ULONG = 0x00040000; pub const FILE_RESERVE_OPFILTER: ULONG = 0x00100000; pub const FILE_OPEN_REPARSE_POINT: ULONG = 0x00200000; pub const FILE_OPEN_NO_RECALL: ULONG = 0x00400000; pub const FILE_OPEN_FOR_FREE_SPACE_QUERY: ULONG = 0x00800000; pub const FILE_COPY_STRUCTURED_STORAGE: ULONG = 0x00000041; pub const FILE_STRUCTURED_STORAGE: ULONG = 0x00000441; pub const FILE_SUPERSEDED: ULONG = 0x00000000; pub const FILE_OPENED: ULONG = 0x00000001; pub const FILE_CREATED: ULONG = 0x00000002; pub const FILE_OVERWRITTEN: ULONG = 0x00000003; pub const FILE_EXISTS: ULONG = 0x00000004; pub const FILE_DOES_NOT_EXIST: ULONG = 0x00000005; pub const FILE_WRITE_TO_END_OF_FILE: ULONG = 0xffffffff; pub const FILE_USE_FILE_POINTER_POSITION: ULONG = 0xfffffffe; pub const FILE_BYTE_ALIGNMENT: ULONG = 0x00000000; pub const FILE_WORD_ALIGNMENT: ULONG = 0x00000001; pub const FILE_LONG_ALIGNMENT: ULONG = 0x00000003; pub const FILE_QUAD_ALIGNMENT: ULONG = 0x00000007; pub const FILE_OCTA_ALIGNMENT: ULONG = 0x0000000f; pub const FILE_32_BYTE_ALIGNMENT: ULONG = 0x0000001f; pub const FILE_64_BYTE_ALIGNMENT: ULONG = 0x0000003f; pub const FILE_128_BYTE_ALIGNMENT: ULONG = 0x0000007f; pub const FILE_256_BYTE_ALIGNMENT: ULONG = 0x000000ff; pub const FILE_512_BYTE_ALIGNMENT: ULONG = 0x000001ff; pub const MAXIMUM_FILENAME_LENGTH: u32 = 256; pub const FILE_NEED_EA: ULONG = 0x00000080; pub const FILE_EA_TYPE_BINARY: ULONG = 0xfffe; pub const FILE_EA_TYPE_ASCII: ULONG = 0xfffd; pub const FILE_EA_TYPE_BITMAP: ULONG = 0xfffb; pub const FILE_EA_TYPE_METAFILE: ULONG = 0xfffa; pub const FILE_EA_TYPE_ICON: ULONG = 0xfff9; pub const FILE_EA_TYPE_EA: ULONG = 0xffee; pub const FILE_EA_TYPE_MVMT: ULONG = 0xffdf; pub const FILE_EA_TYPE_MVST: ULONG = 0xffde; pub const FILE_EA_TYPE_ASN1: ULONG = 0xffdd; pub const FILE_EA_TYPE_FAMILY_IDS: ULONG = 0xff01; pub const FILE_REMOVABLE_MEDIA: ULONG = 0x00000001; pub const FILE_READ_ONLY_DEVICE: ULONG = 0x00000002; pub const FILE_FLOPPY_DISKETTE: ULONG = 0x00000004; pub const FILE_WRITE_ONCE_MEDIA: ULONG = 0x00000008; pub const FILE_REMOTE_DEVICE: ULONG = 0x00000010; pub const FILE_DEVICE_IS_MOUNTED: ULONG = 0x00000020; pub const FILE_VIRTUAL_VOLUME: ULONG = 0x00000040; pub const FILE_AUTOGENERATED_DEVICE_NAME: ULONG = 0x00000080; pub const FILE_DEVICE_SECURE_OPEN: ULONG = 0x00000100; pub const FILE_CHARACTERISTIC_PNP_DEVICE: ULONG = 0x00000800; pub const FILE_CHARACTERISTIC_TS_DEVICE: ULONG = 0x00001000; pub const FILE_CHARACTERISTIC_WEBDAV_DEVICE: ULONG = 0x00002000; pub const FILE_CHARACTERISTIC_CSV: ULONG = 0x00010000; pub const FILE_DEVICE_ALLOW_APPCONTAINER_TRAVERSAL: ULONG = 0x00020000; pub const FILE_PORTABLE_DEVICE: ULONG = 0x00040000; pub const FILE_PIPE_BYTE_STREAM_TYPE: ULONG = 0x00000000; pub const FILE_PIPE_MESSAGE_TYPE: ULONG = 0x00000001; pub const FILE_PIPE_ACCEPT_REMOTE_CLIENTS: ULONG = 0x00000000; pub const FILE_PIPE_REJECT_REMOTE_CLIENTS: ULONG = 0x00000002; pub const FILE_PIPE_TYPE_VALID_MASK: ULONG = 0x00000003; pub const FILE_PIPE_QUEUE_OPERATION: ULONG = 0x00000000; pub const FILE_PIPE_COMPLETE_OPERATION: ULONG = 0x00000001; pub const FILE_PIPE_BYTE_STREAM_MODE: ULONG = 0x00000000; pub const FILE_PIPE_MESSAGE_MODE: ULONG = 0x00000001; pub const FILE_PIPE_INBOUND: ULONG = 0x00000000; pub const FILE_PIPE_OUTBOUND: ULONG = 0x00000001; pub const FILE_PIPE_FULL_DUPLEX: ULONG = 0x00000002; pub const FILE_PIPE_DISCONNECTED_STATE: ULONG = 0x00000001; pub const FILE_PIPE_LISTENING_STATE: ULONG = 0x00000002; pub const FILE_PIPE_CONNECTED_STATE: ULONG = 0x00000003; pub const FILE_PIPE_CLOSING_STATE: ULONG = 0x00000004; pub const FILE_PIPE_CLIENT_END: ULONG = 0x00000000; pub const FILE_PIPE_SERVER_END: ULONG = 0x00000001; pub const MAILSLOT_SIZE_AUTO: u32 = 0; UNION!{union IO_STATUS_BLOCK_u { Status: NTSTATUS, Pointer: PVOID, }} STRUCT!{struct IO_STATUS_BLOCK { u: IO_STATUS_BLOCK_u, Information: ULONG_PTR, }} pub type PIO_STATUS_BLOCK = *mut IO_STATUS_BLOCK; FN!{stdcall PIO_APC_ROUTINE( ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, Reserved: ULONG, ) -> ()} STRUCT!{struct FILE_IO_COMPLETION_INFORMATION { KeyContext: PVOID, ApcContext: PVOID, IoStatusBlock: IO_STATUS_BLOCK, }} pub type PFILE_IO_COMPLETION_INFORMATION = *mut FILE_IO_COMPLETION_INFORMATION; ENUM!{enum FILE_INFORMATION_CLASS { FileDirectoryInformation = 1, FileFullDirectoryInformation = 2, FileBothDirectoryInformation = 3, FileBasicInformation = 4, FileStandardInformation = 5, FileInternalInformation = 6, FileEaInformation = 7, FileAccessInformation = 8, FileNameInformation = 9, FileRenameInformation = 10, FileLinkInformation = 11, FileNamesInformation = 12, FileDispositionInformation = 13, FilePositionInformation = 14, FileFullEaInformation = 15, FileModeInformation = 16, FileAlignmentInformation = 17, FileAllInformation = 18, FileAllocationInformation = 19, FileEndOfFileInformation = 20, FileAlternateNameInformation = 21, FileStreamInformation = 22, FilePipeInformation = 23, FilePipeLocalInformation = 24, FilePipeRemoteInformation = 25, FileMailslotQueryInformation = 26, FileMailslotSetInformation = 27, FileCompressionInformation = 28, FileObjectIdInformation = 29, FileCompletionInformation = 30, FileMoveClusterInformation = 31, FileQuotaInformation = 32, FileReparsePointInformation = 33, FileNetworkOpenInformation = 34, FileAttributeTagInformation = 35, FileTrackingInformation = 36, FileIdBothDirectoryInformation = 37, FileIdFullDirectoryInformation = 38, FileValidDataLengthInformation = 39, FileShortNameInformation = 40, FileIoCompletionNotificationInformation = 41, FileIoStatusBlockRangeInformation = 42, FileIoPriorityHintInformation = 43, FileSfioReserveInformation = 44, FileSfioVolumeInformation = 45, FileHardLinkInformation = 46, FileProcessIdsUsingFileInformation = 47, FileNormalizedNameInformation = 48, FileNetworkPhysicalNameInformation = 49, FileIdGlobalTxDirectoryInformation = 50, FileIsRemoteDeviceInformation = 51, FileUnusedInformation = 52, FileNumaNodeInformation = 53, FileStandardLinkInformation = 54, FileRemoteProtocolInformation = 55, FileRenameInformationBypassAccessCheck = 56, FileLinkInformationBypassAccessCheck = 57, FileVolumeNameInformation = 58, FileIdInformation = 59, FileIdExtdDirectoryInformation = 60, FileReplaceCompletionInformation = 61, FileHardLinkFullIdInformation = 62, FileIdExtdBothDirectoryInformation = 63, FileDispositionInformationEx = 64, FileRenameInformationEx = 65, FileRenameInformationExBypassAccessCheck = 66, FileDesiredStorageClassInformation = 67, FileStatInformation = 68, FileMemoryPartitionInformation = 69, FileStatLxInformation = 70, FileCaseSensitiveInformation = 71, FileLinkInformationEx = 72, FileLinkInformationExBypassAccessCheck = 73, FileStorageReserveIdInformation = 74, FileCaseSensitiveInformationForceAccessCheck = 75, FileMaximumInformation = 76, }} pub type PFILE_INFORMATION_CLASS = *mut FILE_INFORMATION_CLASS; STRUCT!{struct FILE_BASIC_INFORMATION { CreationTime: LARGE_INTEGER, LastAccessTime: LARGE_INTEGER, LastWriteTime: LARGE_INTEGER, ChangeTime: LARGE_INTEGER, FileAttributes: ULONG, }} pub type PFILE_BASIC_INFORMATION = *mut FILE_BASIC_INFORMATION; STRUCT!{struct FILE_STANDARD_INFORMATION { AllocationSize: LARGE_INTEGER, EndOfFile: LARGE_INTEGER, NumberOfLinks: ULONG, DeletePending: BOOLEAN, Directory: BOOLEAN, }} pub type PFILE_STANDARD_INFORMATION = *mut FILE_STANDARD_INFORMATION; STRUCT!{struct FILE_STANDARD_INFORMATION_EX { AllocationSize: LARGE_INTEGER, EndOfFile: LARGE_INTEGER, NumberOfLinks: ULONG, DeletePending: BOOLEAN, Directory: BOOLEAN, AlternateStream: BOOLEAN, MetadataAttribute: BOOLEAN, }} pub type PFILE_STANDARD_INFORMATION_EX = *mut FILE_STANDARD_INFORMATION_EX; STRUCT!{struct FILE_INTERNAL_INFORMATION { IndexNumber: LARGE_INTEGER, }} pub type PFILE_INTERNAL_INFORMATION = *mut FILE_INTERNAL_INFORMATION; STRUCT!{struct FILE_EA_INFORMATION { EaSize: ULONG, }} pub type PFILE_EA_INFORMATION = *mut FILE_EA_INFORMATION; STRUCT!{struct FILE_ACCESS_INFORMATION { AccessFlags: ACCESS_MASK, }} pub type PFILE_ACCESS_INFORMATION = *mut FILE_ACCESS_INFORMATION; STRUCT!{struct FILE_POSITION_INFORMATION { CurrentByteOffset: LARGE_INTEGER, }} pub type PFILE_POSITION_INFORMATION = *mut FILE_POSITION_INFORMATION; STRUCT!{struct FILE_MODE_INFORMATION { Mode: ULONG, }} pub type PFILE_MODE_INFORMATION = *mut FILE_MODE_INFORMATION; STRUCT!{struct FILE_ALIGNMENT_INFORMATION { AlignmentRequirement: ULONG, }} pub type PFILE_ALIGNMENT_INFORMATION = *mut FILE_ALIGNMENT_INFORMATION; STRUCT!{struct FILE_NAME_INFORMATION { FileNameLength: ULONG, FileName: [WCHAR; 1], }} pub type PFILE_NAME_INFORMATION = *mut FILE_NAME_INFORMATION; STRUCT!{struct FILE_ALL_INFORMATION { BasicInformation: FILE_BASIC_INFORMATION, StandardInformation: FILE_STANDARD_INFORMATION, InternalInformation: FILE_INTERNAL_INFORMATION, EaInformation: FILE_EA_INFORMATION, AccessInformation: FILE_ACCESS_INFORMATION, PositionInformation: FILE_POSITION_INFORMATION, ModeInformation: FILE_MODE_INFORMATION, AlignmentInformation: FILE_ALIGNMENT_INFORMATION, NameInformation: FILE_NAME_INFORMATION, }} pub type PFILE_ALL_INFORMATION = *mut FILE_ALL_INFORMATION; STRUCT!{struct FILE_NETWORK_OPEN_INFORMATION { CreationTime: LARGE_INTEGER, LastAccessTime: LARGE_INTEGER, LastWriteTime: LARGE_INTEGER, ChangeTime: LARGE_INTEGER, AllocationSize: LARGE_INTEGER, EndOfFile: LARGE_INTEGER, FileAttributes: ULONG, }} pub type PFILE_NETWORK_OPEN_INFORMATION = *mut FILE_NETWORK_OPEN_INFORMATION; STRUCT!{struct FILE_ATTRIBUTE_TAG_INFORMATION { FileAttributes: ULONG, ReparseTag: ULONG, }} pub type PFILE_ATTRIBUTE_TAG_INFORMATION = *mut FILE_ATTRIBUTE_TAG_INFORMATION; STRUCT!{struct FILE_ALLOCATION_INFORMATION { AllocationSize: LARGE_INTEGER, }} pub type PFILE_ALLOCATION_INFORMATION = *mut FILE_ALLOCATION_INFORMATION; STRUCT!{struct FILE_COMPRESSION_INFORMATION { CompressedFileSize: LARGE_INTEGER, CompressionFormat: USHORT, CompressionUnitShift: UCHAR, ChunkShift: UCHAR, ClusterShift: UCHAR, Reserved: [UCHAR; 3], }} pub type PFILE_COMPRESSION_INFORMATION = *mut FILE_COMPRESSION_INFORMATION; STRUCT!{struct FILE_DISPOSITION_INFORMATION { DeleteFileA: BOOLEAN, }} pub type PFILE_DISPOSITION_INFORMATION = *mut FILE_DISPOSITION_INFORMATION; STRUCT!{struct FILE_END_OF_FILE_INFORMATION { EndOfFile: LARGE_INTEGER, }} pub type PFILE_END_OF_FILE_INFORMATION = *mut FILE_END_OF_FILE_INFORMATION; STRUCT!{struct FILE_VALID_DATA_LENGTH_INFORMATION { ValidDataLength: LARGE_INTEGER, }} pub type PFILE_VALID_DATA_LENGTH_INFORMATION = *mut FILE_VALID_DATA_LENGTH_INFORMATION; STRUCT!{struct FILE_LINK_INFORMATION { ReplaceIfExists: BOOLEAN, RootDirectory: HANDLE, FileNameLength: ULONG, FileName: [WCHAR; 1], }} pub type PFILE_LINK_INFORMATION = *mut FILE_LINK_INFORMATION; STRUCT!{struct FILE_MOVE_CLUSTER_INFORMATION { ClusterCount: ULONG, RootDirectory: HANDLE, FileNameLength: ULONG, FileName: [WCHAR; 1], }} pub type PFILE_MOVE_CLUSTER_INFORMATION = *mut FILE_MOVE_CLUSTER_INFORMATION; STRUCT!{struct FILE_RENAME_INFORMATION { ReplaceIfExists: BOOLEAN, RootDirectory: HANDLE, FileNameLength: ULONG, FileName: [WCHAR; 1], }} pub type PFILE_RENAME_INFORMATION = *mut FILE_RENAME_INFORMATION; STRUCT!{struct FILE_STREAM_INFORMATION { NextEntryOffset: ULONG, StreamNameLength: ULONG, StreamSize: LARGE_INTEGER, StreamAllocationSize: LARGE_INTEGER, StreamName: [WCHAR; 1], }} pub type PFILE_STREAM_INFORMATION = *mut FILE_STREAM_INFORMATION; STRUCT!{struct FILE_TRACKING_INFORMATION { DestinationFile: HANDLE, ObjectInformationLength: ULONG, ObjectInformation: [CHAR; 1], }} pub type PFILE_TRACKING_INFORMATION = *mut FILE_TRACKING_INFORMATION; STRUCT!{struct FILE_COMPLETION_INFORMATION { Port: HANDLE, Key: PVOID, }} pub type PFILE_COMPLETION_INFORMATION = *mut FILE_COMPLETION_INFORMATION; STRUCT!{struct FILE_PIPE_INFORMATION { ReadMode: ULONG, CompletionMode: ULONG, }} pub type PFILE_PIPE_INFORMATION = *mut FILE_PIPE_INFORMATION; STRUCT!{struct FILE_PIPE_LOCAL_INFORMATION { NamedPipeType: ULONG, NamedPipeConfiguration: ULONG, MaximumInstances: ULONG, CurrentInstances: ULONG, InboundQuota: ULONG, ReadDataAvailable: ULONG, OutboundQuota: ULONG, WriteQuotaAvailable: ULONG, NamedPipeState: ULONG, NamedPipeEnd: ULONG, }} pub type PFILE_PIPE_LOCAL_INFORMATION = *mut FILE_PIPE_LOCAL_INFORMATION; STRUCT!{struct FILE_PIPE_REMOTE_INFORMATION { CollectDataTime: LARGE_INTEGER, MaximumCollectionCount: ULONG, }} pub type PFILE_PIPE_REMOTE_INFORMATION = *mut FILE_PIPE_REMOTE_INFORMATION; STRUCT!{struct FILE_MAILSLOT_QUERY_INFORMATION { MaximumMessageSize: ULONG, MailslotQuota: ULONG, NextMessageSize: ULONG, MessagesAvailable: ULONG, ReadTimeout: LARGE_INTEGER, }} pub type PFILE_MAILSLOT_QUERY_INFORMATION = *mut FILE_MAILSLOT_QUERY_INFORMATION; STRUCT!{struct FILE_MAILSLOT_SET_INFORMATION { ReadTimeout: PLARGE_INTEGER, }} pub type PFILE_MAILSLOT_SET_INFORMATION = *mut FILE_MAILSLOT_SET_INFORMATION; STRUCT!{struct FILE_REPARSE_POINT_INFORMATION { FileReference: LONGLONG, Tag: ULONG, }} pub type PFILE_REPARSE_POINT_INFORMATION = *mut FILE_REPARSE_POINT_INFORMATION; STRUCT!{struct FILE_LINK_ENTRY_INFORMATION { NextEntryOffset: ULONG, ParentFileId: LONGLONG, FileNameLength: ULONG, FileName: [WCHAR; 1], }} pub type PFILE_LINK_ENTRY_INFORMATION = *mut FILE_LINK_ENTRY_INFORMATION; STRUCT!{struct FILE_LINKS_INFORMATION { BytesNeeded: ULONG, EntriesReturned: ULONG, Entry: FILE_LINK_ENTRY_INFORMATION, }} pub type PFILE_LINKS_INFORMATION = *mut FILE_LINKS_INFORMATION; STRUCT!{struct FILE_NETWORK_PHYSICAL_NAME_INFORMATION { FileNameLength: ULONG, FileName: [WCHAR; 1], }} pub type PFILE_NETWORK_PHYSICAL_NAME_INFORMATION = *mut FILE_NETWORK_PHYSICAL_NAME_INFORMATION; STRUCT!{struct FILE_STANDARD_LINK_INFORMATION { NumberOfAccessibleLinks: ULONG, TotalNumberOfLinks: ULONG, DeletePending: BOOLEAN, Directory: BOOLEAN, }} pub type PFILE_STANDARD_LINK_INFORMATION = *mut FILE_STANDARD_LINK_INFORMATION; STRUCT!{struct FILE_SFIO_RESERVE_INFORMATION { RequestsPerPeriod: ULONG, Period: ULONG, RetryFailures: BOOLEAN, Discardable: BOOLEAN, RequestSize: ULONG, NumOutstandingRequests: ULONG, }} pub type PFILE_SFIO_RESERVE_INFORMATION = *mut FILE_SFIO_RESERVE_INFORMATION; STRUCT!{struct FILE_SFIO_VOLUME_INFORMATION { MaximumRequestsPerPeriod: ULONG, MinimumPeriod: ULONG, MinimumTransferSize: ULONG, }} pub type PFILE_SFIO_VOLUME_INFORMATION = *mut FILE_SFIO_VOLUME_INFORMATION; ENUM!{enum IO_PRIORITY_HINT { IoPriorityVeryLow = 0, IoPriorityLow = 1, IoPriorityNormal = 2, IoPriorityHigh = 3, IoPriorityCritical = 4, MaxIoPriorityTypes = 5, }} STRUCT!{struct FILE_IO_PRIORITY_HINT_INFORMATION { PriorityHint: IO_PRIORITY_HINT, }} pub type PFILE_IO_PRIORITY_HINT_INFORMATION = *mut FILE_IO_PRIORITY_HINT_INFORMATION; STRUCT!{struct FILE_IO_PRIORITY_HINT_INFORMATION_EX { PriorityHint: IO_PRIORITY_HINT, BoostOutstanding: BOOLEAN, }} pub type PFILE_IO_PRIORITY_HINT_INFORMATION_EX = *mut FILE_IO_PRIORITY_HINT_INFORMATION_EX; pub const FILE_SKIP_COMPLETION_PORT_ON_SUCCESS: u32 = 0x1; pub const FILE_SKIP_SET_EVENT_ON_HANDLE: u32 = 0x2; pub const FILE_SKIP_SET_USER_EVENT_ON_FAST_IO: u32 = 0x4; STRUCT!{struct FILE_IO_COMPLETION_NOTIFICATION_INFORMATION { Flags: ULONG, }} pub type PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION = *mut FILE_IO_COMPLETION_NOTIFICATION_INFORMATION; STRUCT!{struct FILE_PROCESS_IDS_USING_FILE_INFORMATION { NumberOfProcessIdsInList: ULONG, ProcessIdList: [ULONG_PTR; 1], }} pub type PFILE_PROCESS_IDS_USING_FILE_INFORMATION = *mut FILE_PROCESS_IDS_USING_FILE_INFORMATION; STRUCT!{struct FILE_IS_REMOTE_DEVICE_INFORMATION { IsRemote: BOOLEAN, }} pub type PFILE_IS_REMOTE_DEVICE_INFORMATION = *mut FILE_IS_REMOTE_DEVICE_INFORMATION; STRUCT!{struct FILE_NUMA_NODE_INFORMATION { NodeNumber: USHORT, }} pub type PFILE_NUMA_NODE_INFORMATION = *mut FILE_NUMA_NODE_INFORMATION; STRUCT!{struct FILE_IOSTATUSBLOCK_RANGE_INFORMATION { IoStatusBlockRange: PUCHAR, Length: ULONG, }} pub type PFILE_IOSTATUSBLOCK_RANGE_INFORMATION = *mut FILE_IOSTATUSBLOCK_RANGE_INFORMATION; STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_GenericReserved { Reserved: [ULONG; 8], }} STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Server { Capabilities: ULONG, }} STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Share { Capabilities: ULONG, CachingFlags: ULONG, }} STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2 { Server: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Server, Share: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2_Share, }} UNION!{union FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific { Smb2: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific_Smb2, Reserved: [ULONG; 16], }} STRUCT!{struct FILE_REMOTE_PROTOCOL_INFORMATION { StructureVersion: USHORT, StructureSize: USHORT, Protocol: ULONG, ProtocolMajorVersion: USHORT, ProtocolMinorVersion: USHORT, ProtocolRevision: USHORT, Reserved: USHORT, Flags: ULONG, GenericReserved: FILE_REMOTE_PROTOCOL_INFORMATION_GenericReserved, ProtocolSpecific: FILE_REMOTE_PROTOCOL_INFORMATION_ProtocolSpecific, }} pub type PFILE_REMOTE_PROTOCOL_INFORMATION = *mut FILE_REMOTE_PROTOCOL_INFORMATION; pub const CHECKSUM_ENFORCEMENT_OFF: u32 = 0x00000001; STRUCT!{struct FILE_INTEGRITY_STREAM_INFORMATION { ChecksumAlgorithm: USHORT, ChecksumChunkShift: UCHAR, ClusterShift: UCHAR, Flags: ULONG, }} pub type PFILE_INTEGRITY_STREAM_INFORMATION = *mut FILE_INTEGRITY_STREAM_INFORMATION; STRUCT!{struct FILE_VOLUME_NAME_INFORMATION { DeviceNameLength: ULONG, DeviceName: [WCHAR; 1], }} pub type PFILE_VOLUME_NAME_INFORMATION = *mut FILE_VOLUME_NAME_INFORMATION; STRUCT!{struct FILE_ID_INFORMATION { VolumeSerialNumber: ULONGLONG, FileId: FILE_ID_128, }} pub type PFILE_ID_INFORMATION = *mut FILE_ID_INFORMATION; STRUCT!{struct FILE_ID_EXTD_DIR_INFORMATION { NextEntryOffset: ULONG, FileIndex: ULONG, CreationTime: LARGE_INTEGER, LastAccessTime: LARGE_INTEGER, LastWriteTime: LARGE_INTEGER, ChangeTime: LARGE_INTEGER, EndOfFile: LARGE_INTEGER, AllocationSize: LARGE_INTEGER, FileAttributes: ULONG, FileNameLength: ULONG, EaSize: ULONG, ReparsePointTag: ULONG, FileId: FILE_ID_128, FileName: [WCHAR; 1], }} pub type PFILE_ID_EXTD_DIR_INFORMATION = *mut FILE_ID_EXTD_DIR_INFORMATION; STRUCT!{struct FILE_LINK_ENTRY_FULL_ID_INFORMATION { NextEntryOffset: ULONG, ParentFileId: FILE_ID_128, FileNameLength: ULONG, FileName: [WCHAR; 1], }} pub type PFILE_LINK_ENTRY_FULL_ID_INFORMATION = *mut FILE_LINK_ENTRY_FULL_ID_INFORMATION; STRUCT!{struct FILE_ID_EXTD_BOTH_DIR_INFORMATION { NextEntryOffset: ULONG, FileIndex: ULONG, CreationTime: LARGE_INTEGER, LastAccessTime: LARGE_INTEGER, LastWriteTime: LARGE_INTEGER, ChangeTime: LARGE_INTEGER, EndOfFile: LARGE_INTEGER, AllocationSize: LARGE_INTEGER, FileAttributes: ULONG, FileNameLength: ULONG, EaSize: ULONG, ReparsePointTag: ULONG, FileId: FILE_ID_128, ShortNameLength: CCHAR, ShortName: [WCHAR; 12], FileName: [WCHAR; 1], }} pub type PFILE_ID_EXTD_BOTH_DIR_INFORMATION = *mut FILE_ID_EXTD_BOTH_DIR_INFORMATION; STRUCT!{struct FILE_STAT_INFORMATION { FileId: LARGE_INTEGER, CreationTime: LARGE_INTEGER, LastAccessTime: LARGE_INTEGER, LastWriteTime: LARGE_INTEGER, ChangeTime: LARGE_INTEGER, AllocationSize: LARGE_INTEGER, EndOfFile: LARGE_INTEGER, FileAttributes: ULONG, ReparseTag: ULONG, NumberOfLinks: ULONG, EffectiveAccess: ULONG, }} pub type PFILE_STAT_INFORMATION = *mut FILE_STAT_INFORMATION; STRUCT!{struct FILE_MEMORY_PARTITION_INFORMATION_Flags_s { NoCrossPartitionAccess: UCHAR, Spare: [UCHAR; 3], }} UNION!{union FILE_MEMORY_PARTITION_INFORMATION_Flags { s: FILE_MEMORY_PARTITION_INFORMATION_Flags_s, AllFlags: ULONG, }} STRUCT!{struct FILE_MEMORY_PARTITION_INFORMATION { OwnerPartitionHandle: HANDLE, Flags: FILE_MEMORY_PARTITION_INFORMATION_Flags, }} pub type PFILE_MEMORY_PARTITION_INFORMATION = *mut FILE_MEMORY_PARTITION_INFORMATION; STRUCT!{struct FILE_STAT_LX_INFORMATION { FileId: LARGE_INTEGER, CreationTime: LARGE_INTEGER, LastAccessTime: LARGE_INTEGER, LastWriteTime: LARGE_INTEGER, ChangeTime: LARGE_INTEGER, AllocationSize: LARGE_INTEGER, EndOfFile: LARGE_INTEGER, FileAttributes: ULONG, ReparseTag: ULONG, NumberOfLinks: ULONG, EffectiveAccess: ULONG, LxFlags: ULONG, LxUid: ULONG, LxGid: ULONG, LxMode: ULONG, LxDeviceIdMajor: ULONG, LxDeviceIdMinor: ULONG, }} pub type PFILE_STAT_LX_INFORMATION = *mut FILE_STAT_LX_INFORMATION; STRUCT!{struct FILE_CASE_SENSITIVE_INFORMATION { Flags: ULONG, }} pub type PFILE_CASE_SENSITIVE_INFORMATION = *mut FILE_CASE_SENSITIVE_INFORMATION; STRUCT!{struct FILE_DIRECTORY_INFORMATION { NextEntryOffset: ULONG, FileIndex: ULONG, CreationTime: LARGE_INTEGER, LastAccessTime: LARGE_INTEGER, LastWriteTime: LARGE_INTEGER, ChangeTime: LARGE_INTEGER, EndOfFile: LARGE_INTEGER, AllocationSize: LARGE_INTEGER, FileAttributes: ULONG, FileNameLength: ULONG, FileName: [WCHAR; 1], }} pub type PFILE_DIRECTORY_INFORMATION = *mut FILE_DIRECTORY_INFORMATION; STRUCT!{struct FILE_FULL_DIR_INFORMATION { NextEntryOffset: ULONG, FileIndex: ULONG, CreationTime: LARGE_INTEGER, LastAccessTime: LARGE_INTEGER, LastWriteTime: LARGE_INTEGER, ChangeTime: LARGE_INTEGER, EndOfFile: LARGE_INTEGER, AllocationSize: LARGE_INTEGER, FileAttributes: ULONG, FileNameLength: ULONG, EaSize: ULONG, FileName: [WCHAR; 1], }} pub type PFILE_FULL_DIR_INFORMATION = *mut FILE_FULL_DIR_INFORMATION; STRUCT!{struct FILE_ID_FULL_DIR_INFORMATION { NextEntryOffset: ULONG, FileIndex: ULONG, CreationTime: LARGE_INTEGER, LastAccessTime: LARGE_INTEGER, LastWriteTime: LARGE_INTEGER, ChangeTime: LARGE_INTEGER, EndOfFile: LARGE_INTEGER, AllocationSize: LARGE_INTEGER, FileAttributes: ULONG, FileNameLength: ULONG, EaSize: ULONG, FileId: LARGE_INTEGER, FileName: [WCHAR; 1], }} pub type PFILE_ID_FULL_DIR_INFORMATION = *mut FILE_ID_FULL_DIR_INFORMATION; STRUCT!{struct FILE_BOTH_DIR_INFORMATION { NextEntryOffset: ULONG, FileIndex: ULONG, CreationTime: LARGE_INTEGER, LastAccessTime: LARGE_INTEGER, LastWriteTime: LARGE_INTEGER, ChangeTime: LARGE_INTEGER, EndOfFile: LARGE_INTEGER, AllocationSize: LARGE_INTEGER, FileAttributes: ULONG, FileNameLength: ULONG, EaSize: ULONG, ShortNameLength: CCHAR, ShortName: [WCHAR; 12], FileName: [WCHAR; 1], }} pub type PFILE_BOTH_DIR_INFORMATION = *mut FILE_BOTH_DIR_INFORMATION; STRUCT!{struct FILE_ID_BOTH_DIR_INFORMATION { NextEntryOffset: ULONG, FileIndex: ULONG, CreationTime: LARGE_INTEGER, LastAccessTime: LARGE_INTEGER, LastWriteTime: LARGE_INTEGER, ChangeTime: LARGE_INTEGER, EndOfFile: LARGE_INTEGER, AllocationSize: LARGE_INTEGER, FileAttributes: ULONG, FileNameLength: ULONG, EaSize: ULONG, ShortNameLength: CCHAR, ShortName: [WCHAR; 12], FileId: LARGE_INTEGER, FileName: [WCHAR; 1], }} pub type PFILE_ID_BOTH_DIR_INFORMATION = *mut FILE_ID_BOTH_DIR_INFORMATION; STRUCT!{struct FILE_NAMES_INFORMATION { NextEntryOffset: ULONG, FileIndex: ULONG, FileNameLength: ULONG, FileName: [WCHAR; 1], }} pub type PFILE_NAMES_INFORMATION = *mut FILE_NAMES_INFORMATION; STRUCT!{struct FILE_ID_GLOBAL_TX_DIR_INFORMATION { NextEntryOffset: ULONG, FileIndex: ULONG, CreationTime: LARGE_INTEGER, LastAccessTime: LARGE_INTEGER, LastWriteTime: LARGE_INTEGER, ChangeTime: LARGE_INTEGER, EndOfFile: LARGE_INTEGER, AllocationSize: LARGE_INTEGER, FileAttributes: ULONG, FileNameLength: ULONG, FileId: LARGE_INTEGER, LockingTransactionId: GUID, TxInfoFlags: ULONG, FileName: [WCHAR; 1], }} pub type PFILE_ID_GLOBAL_TX_DIR_INFORMATION = *mut FILE_ID_GLOBAL_TX_DIR_INFORMATION; pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED: u32 = 0x00000001; pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX: u32 = 0x00000002; pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX: u32 = 0x00000004; STRUCT!{struct FILE_OBJECTID_INFORMATION_u_s { BirthVolumeId: [UCHAR; 16], BirthObjectId: [UCHAR; 16], DomainId: [UCHAR; 16], }} UNION!{union FILE_OBJECTID_INFORMATION_u { s: FILE_OBJECTID_INFORMATION_u_s, ExtendedInfo: [UCHAR; 48], }} STRUCT!{struct FILE_OBJECTID_INFORMATION { FileReference: LONGLONG, ObjectId: [UCHAR; 16], u: FILE_OBJECTID_INFORMATION_u, }} pub type PFILE_OBJECTID_INFORMATION = *mut FILE_OBJECTID_INFORMATION; STRUCT!{struct FILE_FULL_EA_INFORMATION { NextEntryOffset: ULONG, Flags: UCHAR, EaNameLength: UCHAR, EaValueLength: USHORT, EaName: [CHAR; 1], }} pub type PFILE_FULL_EA_INFORMATION = *mut FILE_FULL_EA_INFORMATION; STRUCT!{struct FILE_GET_EA_INFORMATION { NextEntryOffset: ULONG, EaNameLength: UCHAR, EaName: [CHAR; 1], }} pub type PFILE_GET_EA_INFORMATION = *mut FILE_GET_EA_INFORMATION; STRUCT!{struct FILE_GET_QUOTA_INFORMATION { NextEntryOffset: ULONG, SidLength: ULONG, Sid: SID, }} pub type PFILE_GET_QUOTA_INFORMATION = *mut FILE_GET_QUOTA_INFORMATION; STRUCT!{struct FILE_QUOTA_INFORMATION { NextEntryOffset: ULONG, SidLength: ULONG, ChangeTime: LARGE_INTEGER, QuotaUsed: LARGE_INTEGER, QuotaThreshold: LARGE_INTEGER, QuotaLimit: LARGE_INTEGER, Sid: SID, }} pub type PFILE_QUOTA_INFORMATION = *mut FILE_QUOTA_INFORMATION; ENUM!{enum FS_INFORMATION_CLASS { FileFsVolumeInformation = 1, FileFsLabelInformation = 2, FileFsSizeInformation = 3, FileFsDeviceInformation = 4, FileFsAttributeInformation = 5, FileFsControlInformation = 6, FileFsFullSizeInformation = 7, FileFsObjectIdInformation = 8, FileFsDriverPathInformation = 9, FileFsVolumeFlagsInformation = 10, FileFsSectorSizeInformation = 11, FileFsDataCopyInformation = 12, FileFsMetadataSizeInformation = 13, FileFsFullSizeInformationEx = 14, FileFsMaximumInformation = 15, }} pub type PFS_INFORMATION_CLASS = *mut FS_INFORMATION_CLASS; STRUCT!{struct FILE_FS_LABEL_INFORMATION { VolumeLabelLength: ULONG, VolumeLabel: [WCHAR; 1], }} pub type PFILE_FS_LABEL_INFORMATION = *mut FILE_FS_LABEL_INFORMATION; STRUCT!{struct FILE_FS_VOLUME_INFORMATION { VolumeCreationTime: LARGE_INTEGER, VolumeSerialNumber: ULONG, VolumeLabelLength: ULONG, SupportsObjects: BOOLEAN, VolumeLabel: [WCHAR; 1], }} pub type PFILE_FS_VOLUME_INFORMATION = *mut FILE_FS_VOLUME_INFORMATION; STRUCT!{struct FILE_FS_SIZE_INFORMATION { TotalAllocationUnits: LARGE_INTEGER, AvailableAllocationUnits: LARGE_INTEGER, SectorsPerAllocationUnit: ULONG, BytesPerSector: ULONG, }} pub type PFILE_FS_SIZE_INFORMATION = *mut FILE_FS_SIZE_INFORMATION; STRUCT!{struct FILE_FS_CONTROL_INFORMATION { FreeSpaceStartFiltering: LARGE_INTEGER, FreeSpaceThreshold: LARGE_INTEGER, FreeSpaceStopFiltering: LARGE_INTEGER, DefaultQuotaThreshold: LARGE_INTEGER, DefaultQuotaLimit: LARGE_INTEGER, FileSystemControlFlags: ULONG, }} pub type PFILE_FS_CONTROL_INFORMATION = *mut FILE_FS_CONTROL_INFORMATION; STRUCT!{struct FILE_FS_FULL_SIZE_INFORMATION { TotalAllocationUnits: LARGE_INTEGER, CallerAvailableAllocationUnits: LARGE_INTEGER, ActualAvailableAllocationUnits: LARGE_INTEGER, SectorsPerAllocationUnit: ULONG, BytesPerSector: ULONG, }} pub type PFILE_FS_FULL_SIZE_INFORMATION = *mut FILE_FS_FULL_SIZE_INFORMATION; STRUCT!{struct FILE_FS_OBJECTID_INFORMATION { ObjectId: [UCHAR; 16], ExtendedInfo: [UCHAR; 48], }} pub type PFILE_FS_OBJECTID_INFORMATION = *mut FILE_FS_OBJECTID_INFORMATION; STRUCT!{struct FILE_FS_DEVICE_INFORMATION { DeviceType: DWORD, Characteristics: ULONG, }} pub type PFILE_FS_DEVICE_INFORMATION = *mut FILE_FS_DEVICE_INFORMATION; STRUCT!{struct FILE_FS_ATTRIBUTE_INFORMATION { FileSystemAttributes: ULONG, MaximumComponentNameLength: LONG, FileSystemNameLength: ULONG, FileSystemName: [WCHAR; 1], }} pub type PFILE_FS_ATTRIBUTE_INFORMATION = *mut FILE_FS_ATTRIBUTE_INFORMATION; STRUCT!{struct FILE_FS_DRIVER_PATH_INFORMATION { DriverInPath: BOOLEAN, DriverNameLength: ULONG, DriverName: [WCHAR; 1], }} pub type PFILE_FS_DRIVER_PATH_INFORMATION = *mut FILE_FS_DRIVER_PATH_INFORMATION; STRUCT!{struct FILE_FS_VOLUME_FLAGS_INFORMATION { Flags: ULONG, }} pub type PFILE_FS_VOLUME_FLAGS_INFORMATION = *mut FILE_FS_VOLUME_FLAGS_INFORMATION; pub const SSINFO_FLAGS_ALIGNED_DEVICE: u32 = 0x00000001; pub const SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE: u32 = 0x00000002; pub const SSINFO_OFFSET_UNKNOWN: u32 = 0xffffffff; STRUCT!{struct FILE_FS_SECTOR_SIZE_INFORMATION { LogicalBytesPerSector: ULONG, PhysicalBytesPerSectorForAtomicity: ULONG, PhysicalBytesPerSectorForPerformance: ULONG, FileSystemEffectivePhysicalBytesPerSectorForAtomicity: ULONG, Flags: ULONG, ByteOffsetForSectorAlignment: ULONG, ByteOffsetForPartitionAlignment: ULONG, }} pub type PFILE_FS_SECTOR_SIZE_INFORMATION = *mut FILE_FS_SECTOR_SIZE_INFORMATION; STRUCT!{struct FILE_FS_DATA_COPY_INFORMATION { NumberOfCopies: ULONG, }} pub type PFILE_FS_DATA_COPY_INFORMATION = *mut FILE_FS_DATA_COPY_INFORMATION; STRUCT!{struct FILE_FS_METADATA_SIZE_INFORMATION { TotalMetadataAllocationUnits: LARGE_INTEGER, SectorsPerAllocationUnit: ULONG, BytesPerSector: ULONG, }} pub type PFILE_FS_METADATA_SIZE_INFORMATION = *mut FILE_FS_METADATA_SIZE_INFORMATION; STRUCT!{struct FILE_FS_FULL_SIZE_INFORMATION_EX { ActualTotalAllocationUnits: ULONGLONG, ActualAvailableAllocationUnits: ULONGLONG, ActualPoolUnavailableAllocationUnits: ULONGLONG, CallerTotalAllocationUnits: ULONGLONG, CallerAvailableAllocationUnits: ULONGLONG, CallerPoolUnavailableAllocationUnits: ULONGLONG, UsedAllocationUnits: ULONGLONG, TotalReservedAllocationUnits: ULONGLONG, VolumeStorageReserveAllocationUnits: ULONGLONG, AvailableCommittedAllocationUnits: ULONGLONG, PoolAvailableAllocationUnits: ULONGLONG, SectorsPerAllocationUnit: ULONG, BytesPerSector: ULONG, }} pub type PFILE_FS_FULL_SIZE_INFORMATION_EX = *mut FILE_FS_FULL_SIZE_INFORMATION_EX; EXTERN!{extern "system" { fn NtCreateFile( FileHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, IoStatusBlock: PIO_STATUS_BLOCK, AllocationSize: PLARGE_INTEGER, FileAttributes: ULONG, ShareAccess: ULONG, CreateDisposition: ULONG, CreateOptions: ULONG, EaBuffer: PVOID, EaLength: ULONG, ) -> NTSTATUS; fn NtCreateNamedPipeFile( FileHandle: PHANDLE, DesiredAccess: ULONG, ObjectAttributes: POBJECT_ATTRIBUTES, IoStatusBlock: PIO_STATUS_BLOCK, ShareAccess: ULONG, CreateDisposition: ULONG, CreateOptions: ULONG, NamedPipeType: ULONG, ReadMode: ULONG, CompletionMode: ULONG, MaximumInstances: ULONG, InboundQuota: ULONG, OutboundQuota: ULONG, DefaultTimeout: PLARGE_INTEGER, ) -> NTSTATUS; fn NtCreateMailslotFile( FileHandle: PHANDLE, DesiredAccess: ULONG, ObjectAttributes: POBJECT_ATTRIBUTES, IoStatusBlock: PIO_STATUS_BLOCK, CreateOptions: ULONG, MailslotQuota: ULONG, MaximumMessageSize: ULONG, ReadTimeout: PLARGE_INTEGER, ) -> NTSTATUS; fn NtOpenFile( FileHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, IoStatusBlock: PIO_STATUS_BLOCK, ShareAccess: ULONG, OpenOptions: ULONG, ) -> NTSTATUS; fn NtDeleteFile( ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtFlushBuffersFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, ) -> NTSTATUS; fn NtFlushBuffersFileEx( FileHandle: HANDLE, Flags: ULONG, Parameters: PVOID, ParametersSize: ULONG, IoStatusBlock: PIO_STATUS_BLOCK, ) -> NTSTATUS; fn NtQueryInformationFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, FileInformation: PVOID, Length: ULONG, FileInformationClass: FILE_INFORMATION_CLASS, ) -> NTSTATUS; fn NtQueryInformationByName( ObjectAttributes: POBJECT_ATTRIBUTES, IoStatusBlock: PIO_STATUS_BLOCK, FileInformation: PVOID, Length: ULONG, FileInformationClass: FILE_INFORMATION_CLASS, ) -> NTSTATUS; fn NtSetInformationFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, FileInformation: PVOID, Length: ULONG, FileInformationClass: FILE_INFORMATION_CLASS, ) -> NTSTATUS; fn NtQueryDirectoryFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, FileInformation: PVOID, Length: ULONG, FileInformationClass: FILE_INFORMATION_CLASS, ReturnSingleEntry: BOOLEAN, FileName: PUNICODE_STRING, RestartScan: BOOLEAN, ) -> NTSTATUS; fn NtQueryEaFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, ReturnSingleEntry: BOOLEAN, EaList: PVOID, EaListLength: ULONG, EaIndex: PULONG, RestartScan: BOOLEAN, ) -> NTSTATUS; fn NtSetEaFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, ) -> NTSTATUS; fn NtQueryQuotaInformationFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, ReturnSingleEntry: BOOLEAN, SidList: PVOID, SidListLength: ULONG, StartSid: PSID, RestartScan: BOOLEAN, ) -> NTSTATUS; fn NtSetQuotaInformationFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, ) -> NTSTATUS; fn NtQueryVolumeInformationFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, FsInformation: PVOID, Length: ULONG, FsInformationClass: FS_INFORMATION_CLASS, ) -> NTSTATUS; fn NtSetVolumeInformationFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, FsInformation: PVOID, Length: ULONG, FsInformationClass: FS_INFORMATION_CLASS, ) -> NTSTATUS; fn NtCancelIoFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, ) -> NTSTATUS; fn NtCancelIoFileEx( FileHandle: HANDLE, IoRequestToCancel: PIO_STATUS_BLOCK, IoStatusBlock: PIO_STATUS_BLOCK, ) -> NTSTATUS; fn NtCancelSynchronousIoFile( ThreadHandle: HANDLE, IoRequestToCancel: PIO_STATUS_BLOCK, IoStatusBlock: PIO_STATUS_BLOCK, ) -> NTSTATUS; fn NtDeviceIoControlFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, IoControlCode: ULONG, InputBuffer: PVOID, InputBufferLength: ULONG, OutputBuffer: PVOID, OutputBufferLength: ULONG, ) -> NTSTATUS; fn NtFsControlFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, FsControlCode: ULONG, InputBuffer: PVOID, InputBufferLength: ULONG, OutputBuffer: PVOID, OutputBufferLength: ULONG, ) -> NTSTATUS; fn NtReadFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, ByteOffset: PLARGE_INTEGER, Key: PULONG, ) -> NTSTATUS; fn NtWriteFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, ByteOffset: PLARGE_INTEGER, Key: PULONG, ) -> NTSTATUS; fn NtReadFileScatter( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, SegmentArray: PFILE_SEGMENT_ELEMENT, Length: ULONG, ByteOffset: PLARGE_INTEGER, Key: PULONG, ) -> NTSTATUS; fn NtWriteFileGather( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, SegmentArray: PFILE_SEGMENT_ELEMENT, Length: ULONG, ByteOffset: PLARGE_INTEGER, Key: PULONG, ) -> NTSTATUS; fn NtLockFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, ByteOffset: PLARGE_INTEGER, Length: PLARGE_INTEGER, Key: ULONG, FailImmediately: BOOLEAN, ExclusiveLock: BOOLEAN, ) -> NTSTATUS; fn NtUnlockFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, ByteOffset: PLARGE_INTEGER, Length: PLARGE_INTEGER, Key: ULONG, ) -> NTSTATUS; fn NtQueryAttributesFile( ObjectAttributes: POBJECT_ATTRIBUTES, FileInformation: PFILE_BASIC_INFORMATION, ) -> NTSTATUS; fn NtQueryFullAttributesFile( ObjectAttributes: POBJECT_ATTRIBUTES, FileInformation: PFILE_NETWORK_OPEN_INFORMATION, ) -> NTSTATUS; fn NtNotifyChangeDirectoryFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, CompletionFilter: ULONG, WatchTree: BOOLEAN, ) -> NTSTATUS; fn NtLoadDriver( DriverServiceName: PUNICODE_STRING, ) -> NTSTATUS; fn NtUnloadDriver( DriverServiceName: PUNICODE_STRING, ) -> NTSTATUS; }} pub const IO_COMPLETION_QUERY_STATE: u32 = 0x0001; ENUM!{enum IO_COMPLETION_INFORMATION_CLASS { IoCompletionBasicInformation = 0, }} STRUCT!{struct IO_COMPLETION_BASIC_INFORMATION { Depth: LONG, }} pub type PIO_COMPLETION_BASIC_INFORMATION = *mut IO_COMPLETION_BASIC_INFORMATION; EXTERN!{extern "system" { fn NtCreateIoCompletion( IoCompletionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, Count: ULONG, ) -> NTSTATUS; fn NtOpenIoCompletion( IoCompletionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtQueryIoCompletion( IoCompletionHandle: HANDLE, IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS, IoCompletionInformation: PVOID, IoCompletionInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtSetIoCompletion( IoCompletionHandle: HANDLE, KeyContext: PVOID, ApcContext: PVOID, IoStatus: NTSTATUS, IoStatusInformation: ULONG_PTR, ) -> NTSTATUS; fn NtSetIoCompletionEx( IoCompletionHandle: HANDLE, IoCompletionPacketHandle: HANDLE, KeyContext: PVOID, ApcContext: PVOID, IoStatus: NTSTATUS, IoStatusInformation: ULONG_PTR, ) -> NTSTATUS; fn NtRemoveIoCompletion( IoCompletionHandle: HANDLE, KeyContext: *mut PVOID, ApcContext: *mut PVOID, IoStatusBlock: PIO_STATUS_BLOCK, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn NtRemoveIoCompletionEx( IoCompletionHandle: HANDLE, IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION, Count: ULONG, NumEntriesRemoved: PULONG, Timeout: PLARGE_INTEGER, Alertable: BOOLEAN, ) -> NTSTATUS; fn NtCreateWaitCompletionPacket( WaitCompletionPacketHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtAssociateWaitCompletionPacket( WaitCompletionPacketHandle: HANDLE, IoCompletionHandle: HANDLE, TargetObjectHandle: HANDLE, KeyContext: PVOID, ApcContext: PVOID, IoStatus: NTSTATUS, IoStatusInformation: ULONG_PTR, AlreadySignaled: PBOOLEAN, ) -> NTSTATUS; fn NtCancelWaitCompletionPacket( WaitCompletionPacketHandle: HANDLE, RemoveSignaledPacket: BOOLEAN, ) -> NTSTATUS; }} ENUM!{enum IO_SESSION_EVENT { IoSessionEventIgnore = 0, IoSessionEventCreated = 1, IoSessionEventTerminated = 2, IoSessionEventConnected = 3, IoSessionEventDisconnected = 4, IoSessionEventLogon = 5, IoSessionEventLogoff = 6, IoSessionEventMax = 7, }} ENUM!{enum IO_SESSION_STATE { IoSessionStateCreated = 0, IoSessionStateInitialized = 1, IoSessionStateConnected = 2, IoSessionStateDisconnected = 3, IoSessionStateDisconnectedLoggedOn = 4, IoSessionStateLoggedOn = 5, IoSessionStateLoggedOff = 6, IoSessionStateTerminated = 7, IoSessionStateMax = 8, }} EXTERN!{extern "system" { fn NtNotifyChangeSession( SessionHandle: HANDLE, ChangeSequenceNumber: ULONG, ChangeTimeStamp: PLARGE_INTEGER, Event: IO_SESSION_EVENT, NewState: IO_SESSION_STATE, PreviousState: IO_SESSION_STATE, Payload: PVOID, PayloadSize: ULONG, ) -> NTSTATUS; }} ENUM!{enum INTERFACE_TYPE { InterfaceTypeUndefined = -1i32 as u32, Internal = 0, Isa = 1, Eisa = 2, MicroChannel = 3, TurboChannel = 4, PCIBus = 5, VMEBus = 6, NuBus = 7, PCMCIABus = 8, CBus = 9, MPIBus = 10, MPSABus = 11, ProcessorInternal = 12, InternalPowerBus = 13, PNPISABus = 14, PNPBus = 15, Vmcs = 16, MaximumInterfaceType = 17, }} pub type PINTERFACE_TYPE = *mut INTERFACE_TYPE; ENUM!{enum DMA_WIDTH { Width8Bits = 0, Width16Bits = 1, Width32Bits = 2, MaximumDmaWidth = 3, }} pub type PDMA_WIDTH = *mut DMA_WIDTH; ENUM!{enum DMA_SPEED { Compatible = 0, TypeA = 1, TypeB = 2, TypeC = 3, TypeF = 4, MaximumDmaSpeed = 5, }} pub type PDMA_SPEED = *mut DMA_SPEED; ENUM!{enum BUS_DATA_TYPE { ConfigurationSpaceUndefined = -1i32 as u32, Cmos = 0, EisaConfiguration = 1, Pos = 2, CbusConfiguration = 3, PCIConfiguration = 4, VMEConfiguration = 5, NuBusConfiguration = 6, PCMCIAConfiguration = 7, MPIConfiguration = 8, MPSAConfiguration = 9, PNPISAConfiguration = 10, SgiInternalConfiguration = 11, MaximumBusDataType = 12, }} pub type PBUS_DATA_TYPE = *mut BUS_DATA_TYPE; pub const SYMLINK_FLAG_RELATIVE: u32 = 1; STRUCT!{struct REPARSE_DATA_BUFFER_u_SymbolicLinkReparseBuffer { SubstituteNameOffset: USHORT, SubstituteNameLength: USHORT, PrintNameOffset: USHORT, PrintNameLength: USHORT, Flags: ULONG, PathBuffer: [WCHAR; 1], }} STRUCT!{struct REPARSE_DATA_BUFFER_u_MountPointReparseBuffer { SubstituteNameOffset: USHORT, SubstituteNameLength: USHORT, PrintNameOffset: USHORT, PrintNameLength: USHORT, PathBuffer: [WCHAR; 1], }} STRUCT!{struct REPARSE_DATA_BUFFER_u_GenericReparseBuffer { DataBuffer: [UCHAR; 1], }} UNION!{union REPARSE_DATA_BUFFER_u { SymbolicLinkReparseBuffer: REPARSE_DATA_BUFFER_u_SymbolicLinkReparseBuffer, MountPointReparseBuffer: REPARSE_DATA_BUFFER_u_MountPointReparseBuffer, GenericReparseBuffer: REPARSE_DATA_BUFFER_u_GenericReparseBuffer, }} STRUCT!{struct REPARSE_DATA_BUFFER { ReparseTag: ULONG, ReparseDataLength: USHORT, Reserved: USHORT, u: REPARSE_DATA_BUFFER_u, }} pub type PREPARSE_DATA_BUFFER = *mut REPARSE_DATA_BUFFER; /// "\Device\NamedPipe\" pub const DEVICE_NAMED_PIPE: UTF16Const = UTF16Const(&[ 0x005C, 0x0044, 0x0065, 0x0076, 0x0069, 0x0063, 0x0065, 0x005C, 0x004E, 0x0061, 0x006D, 0x0065, 0x0064, 0x0050, 0x0069, 0x0070, 0x0065, 0x005C, 0u16, ]); pub const FSCTL_PIPE_ASSIGN_EVENT: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_DISCONNECT: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_LISTEN: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_PEEK: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA); pub const FSTL_PIPE_QUERY_EVENT: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_TRANSCEIVE: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA); pub const FSTL_PIPE_WAIT: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_IMPERSONATE: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_SET_CLIENT_PROCESS: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_QUERY_CLIENT_PROCESS: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_GET_PIPE_ATTRIBUTE: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_SET_PIPE_ATTRIBUTE: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_GET_CONNECTION_ATTRIBUTE: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_SET_CONNECTION_ATTRIBUTE: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_GET_HANDLE_ATTRIBUTE: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_SET_HANDLE_ATTRIBUTE: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS); pub const FSTL_PIPE_FLUSH: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA); pub const FSTL_PIPE_INTERNAL_READ: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA); pub const FSTL_PIPE_INTERNAL_WRITE: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA); pub const FSTL_PIPE_INTERNAL_TRANSCEIVE: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA); pub const FSTL_PIPE_INTERNAL_READ_OVFLOW: u32 = CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA); pub const FILE_PIPE_READ_DATA: u32 = 0x00000000; pub const FILE_PIPE_WRITE_SPACE: u32 = 0x00000001; STRUCT!{struct FILE_PIPE_ASSIGN_EVENT_BUFFER { EventHandle: HANDLE, KeyValue: ULONG, }} pub type PFILE_PIPE_ASSIGN_EVENT_BUFFER = *mut FILE_PIPE_ASSIGN_EVENT_BUFFER; STRUCT!{struct FILE_PIPE_PEEK_BUFFER { NamedPipeState: ULONG, ReadDataAvailable: ULONG, NumberOfMessages: ULONG, MessageLength: ULONG, Data: [CHAR; 1], }} pub type PFILE_PIPE_PEEK_BUFFER = *mut FILE_PIPE_PEEK_BUFFER; STRUCT!{struct FILE_PIPE_EVENT_BUFFER { NamedPipeState: ULONG, EntryType: ULONG, ByteCount: ULONG, KeyValue: ULONG, NumberRequests: ULONG, }} pub type PFILE_PIPE_EVENT_BUFFER = *mut FILE_PIPE_EVENT_BUFFER; STRUCT!{struct FILE_PIPE_WAIT_FOR_BUFFER { Timeout: LARGE_INTEGER, NameLength: ULONG, TimeoutSpecified: BOOLEAN, Name: [WCHAR; 1], }} pub type PFILE_PIPE_WAIT_FOR_BUFFER = *mut FILE_PIPE_WAIT_FOR_BUFFER; STRUCT!{struct FILE_PIPE_CLIENT_PROCESS_BUFFER { ClientSession: PVOID, ClientProcess: PVOID, }} pub type PFILE_PIPE_CLIENT_PROCESS_BUFFER = *mut FILE_PIPE_CLIENT_PROCESS_BUFFER; pub const FILE_PIPE_COMPUTER_NAME_LENGTH: usize = 15; STRUCT!{struct FILE_PIPE_CLIENT_PROCESS_BUFFER_EX { ClientSession: PVOID, ClientProcess: PVOID, ClientComputerNameLength: USHORT, ClientComputerBuffer: [WCHAR; FILE_PIPE_COMPUTER_NAME_LENGTH + 1], }} pub type PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX = *mut FILE_PIPE_CLIENT_PROCESS_BUFFER_EX; pub const MAILSLOT_CLASS_FIRSTCLASS: u32 = 1; pub const MAILSLOT_CLASS_SECONDCLASS: u32 = 2; pub const FSCTL_MAILSLOT_PEEK: u32 = CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA); STRUCT!{struct FILE_MAILSLOT_PEEK_BUFFER { ReadDataAvailable: ULONG, NumberOfMessages: ULONG, MessageLength: ULONG, }} pub type PFILE_MAILSLOT_PEEK_BUFFER = *mut FILE_MAILSLOT_PEEK_BUFFER; ntapi-0.4.0/src/ntkeapi.rs000064400000000000000000000062160072674642500135650ustar 00000000000000use winapi::shared::ntdef::{BOOLEAN, NTSTATUS, PVOID, ULONG}; pub const LOW_PRIORITY: u32 = 0; pub const LOW_REALTIME_PRIORITY: u32 = 16; pub const HIGH_PRIORITY: u32 = 31; pub const MAXIMUM_PRIORITY: u32 = 32; ENUM!{enum KTHREAD_STATE { Initialized = 0, Ready = 1, Running = 2, Standby = 3, Terminated = 4, Waiting = 5, Transition = 6, DeferredReady = 7, GateWaitObsolete = 8, WaitingForProcessInSwap = 9, MaximumThreadState = 10, }} pub type PKTHREAD_STATE = *mut KTHREAD_STATE; ENUM!{enum KHETERO_CPU_POLICY { KHeteroCpuPolicyAll = 0, KHeteroCpuPolicyLarge = 1, KHeteroCpuPolicyLargeOrIdle = 2, KHeteroCpuPolicySmall = 3, KHeteroCpuPolicySmallOrIdle = 4, KHeteroCpuPolicyDynamic = 5, KHeteroCpuPolicyStaticMax = 6, KHeteroCpuPolicyBiasedSmall = 7, KHeteroCpuPolicyBiasedLarge = 8, KHeteroCpuPolicyDefault = 9, KHeteroCpuPolicyMax = 10, }} pub type PKHETERO_CPU_POLICY = *mut KHETERO_CPU_POLICY; ENUM!{enum KWAIT_REASON { Executive = 0, FreePage = 1, PageIn = 2, PoolAllocation = 3, DelayExecution = 4, Suspended = 5, UserRequest = 6, WrExecutive = 7, WrFreePage = 8, WrPageIn = 9, WrPoolAllocation = 10, WrDelayExecution = 11, WrSuspended = 12, WrUserRequest = 13, WrEventPair = 14, WrQueue = 15, WrLpcReceive = 16, WrLpcReply = 17, WrVirtualMemory = 18, WrPageOut = 19, WrRendezvous = 20, WrKeyedEvent = 21, WrTerminated = 22, WrProcessInSwap = 23, WrCpuRateControl = 24, WrCalloutStack = 25, WrKernel = 26, WrResource = 27, WrPushLock = 28, WrMutex = 29, WrQuantumEnd = 30, WrDispatchInt = 31, WrPreempted = 32, WrYieldExecution = 33, WrFastMutex = 34, WrGuardedMutex = 35, WrRundown = 36, WrAlertByThreadId = 37, WrDeferredPreempt = 38, MaximumWaitReason = 39, }} pub type PKWAIT_REASON = *mut KWAIT_REASON; ENUM!{enum KPROFILE_SOURCE { ProfileTime = 0, ProfileAlignmentFixup = 1, ProfileTotalIssues = 2, ProfilePipelineDry = 3, ProfileLoadInstructions = 4, ProfilePipelineFrozen = 5, ProfileBranchInstructions = 6, ProfileTotalNonissues = 7, ProfileDcacheMisses = 8, ProfileIcacheMisses = 9, ProfileCacheMisses = 10, ProfileBranchMispredictions = 11, ProfileStoreInstructions = 12, ProfileFpInstructions = 13, ProfileIntegerInstructions = 14, Profile2Issue = 15, Profile3Issue = 16, Profile4Issue = 17, ProfileSpecialInstructions = 18, ProfileTotalCycles = 19, ProfileIcacheIssues = 20, ProfileDcacheAccesses = 21, ProfileMemoryBarrierCycles = 22, ProfileLoadLinkedIssues = 23, ProfileMaximum = 24, }} EXTERN!{extern "system" { fn NtCallbackReturn( OutputBuffer: PVOID, OutputLength: ULONG, Status: NTSTATUS, ) -> NTSTATUS; fn NtFlushProcessWriteBuffers(); fn NtQueryDebugFilterState( ComponentId: ULONG, Level: ULONG, ) -> NTSTATUS; fn NtSetDebugFilterState( ComponentId: ULONG, Level: ULONG, State: BOOLEAN, ) -> NTSTATUS; fn NtYieldExecution() -> NTSTATUS; }} ntapi-0.4.0/src/ntldr.rs000064400000000000000000000520010072674642500132460ustar 00000000000000use winapi::shared::basetsd::{LONG_PTR, PSIZE_T, SIZE_T, ULONG_PTR}; use winapi::shared::ntdef::{ BOOLEAN, HANDLE, LARGE_INTEGER, LIST_ENTRY, LONG, LONGLONG, NTSTATUS, PANSI_STRING, PCSTR, PCUNICODE_STRING, PCWSTR, PHANDLE, POBJECT_ATTRIBUTES, PSINGLE_LIST_ENTRY, PSTR, PULONG, PUNICODE_STRING, PUSHORT, PVOID, PWSTR, RTL_BALANCED_NODE, SINGLE_LIST_ENTRY, UCHAR, ULONG, UNICODE_STRING, USHORT, }; use winapi::um::winnt::{ ACCESS_MASK, ACTIVATION_CONTEXT, IMAGE_RESOURCE_DIRECTORY_ENTRY, PCIMAGE_DELAYLOAD_DESCRIPTOR, PIMAGE_BASE_RELOCATION, PIMAGE_IMPORT_DESCRIPTOR, PIMAGE_RESOURCE_DATA_ENTRY, PIMAGE_RESOURCE_DIRECTORY, PIMAGE_RESOURCE_DIRECTORY_STRING, PIMAGE_THUNK_DATA, }; FN!{stdcall PLDR_INIT_ROUTINE( DllHandle: PVOID, Reason: ULONG, Context: PVOID, ) -> BOOLEAN} STRUCT!{struct LDR_SERVICE_TAG_RECORD { Next: *mut LDR_SERVICE_TAG_RECORD, ServiceTag: ULONG, }} pub type PLDR_SERVICE_TAG_RECORD = *mut LDR_SERVICE_TAG_RECORD; STRUCT!{struct LDRP_CSLIST { Tail: PSINGLE_LIST_ENTRY, }} pub type PLDRP_CSLIST = *mut LDRP_CSLIST; ENUM!{enum LDR_DDAG_STATE { LdrModulesMerged = -5i32 as u32, LdrModulesInitError = -4i32 as u32, LdrModulesSnapError = -3i32 as u32, LdrModulesUnloaded = -2i32 as u32, LdrModulesUnloading = -1i32 as u32, LdrModulesPlaceHolder = 0, LdrModulesMapping = 1, LdrModulesMapped = 2, LdrModulesWaitingForDependencies = 3, LdrModulesSnapping = 4, LdrModulesSnapped = 5, LdrModulesCondensed = 6, LdrModulesReadyToInit = 7, LdrModulesInitializing = 8, LdrModulesReadyToRun = 9, }} UNION!{union LDR_DDAG_NODE_u { Dependencies: LDRP_CSLIST, RemovalLink: SINGLE_LIST_ENTRY, }} STRUCT!{struct LDR_DDAG_NODE { Modules: LIST_ENTRY, ServiceTagList: PLDR_SERVICE_TAG_RECORD, LoadCount: ULONG, LoadWhileUnloadingCount: ULONG, LowestLink: ULONG, u: LDR_DDAG_NODE_u, IncomingDependencies: LDRP_CSLIST, State: LDR_DDAG_STATE, CondenseLink: SINGLE_LIST_ENTRY, PreorderNumber: ULONG, }} pub type PLDR_DDAG_NODE = *mut LDR_DDAG_NODE; STRUCT!{struct LDR_DEPENDENCY_RECORD { DependencyLink: SINGLE_LIST_ENTRY, DependencyNode: PLDR_DDAG_NODE, IncomingDependencyLink: SINGLE_LIST_ENTRY, IncomingDependencyNode: PLDR_DDAG_NODE, }} pub type PLDR_DEPENDENCY_RECORD = *mut LDR_DEPENDENCY_RECORD; ENUM!{enum LDR_DLL_LOAD_REASON { LoadReasonStaticDependency = 0, LoadReasonStaticForwarderDependency = 1, LoadReasonDynamicForwarderDependency = 2, LoadReasonDelayloadDependency = 3, LoadReasonDynamicLoad = 4, LoadReasonAsImageLoad = 5, LoadReasonAsDataLoad = 6, LoadReasonEnclavePrimary = 7, LoadReasonEnclaveDependency = 8, LoadReasonUnknown = -1i32 as u32, }} pub type PLDR_DLL_LOAD_REASON = *mut LDR_DLL_LOAD_REASON; pub const LDRP_PACKAGED_BINARY: ULONG = 0x00000001; pub const LDRP_STATIC_LINK: ULONG = 0x00000002; pub const LDRP_IMAGE_DLL: ULONG = 0x00000004; pub const LDRP_LOAD_IN_PROGRESS: ULONG = 0x00001000; pub const LDRP_UNLOAD_IN_PROGRESS: ULONG = 0x00002000; pub const LDRP_ENTRY_PROCESSED: ULONG = 0x00004000; pub const LDRP_ENTRY_INSERTED: ULONG = 0x00008000; pub const LDRP_CURRENT_LOAD: ULONG = 0x00010000; pub const LDRP_FAILED_BUILTIN_LOAD: ULONG = 0x00020000; pub const LDRP_DONT_CALL_FOR_THREADS: ULONG = 0x00040000; pub const LDRP_PROCESS_ATTACH_CALLED: ULONG = 0x00080000; pub const LDRP_DEBUG_SYMBOLS_LOADED: ULONG = 0x00100000; pub const LDRP_IMAGE_NOT_AT_BASE: ULONG = 0x00200000; pub const LDRP_COR_IMAGE: ULONG = 0x00400000; pub const LDRP_DONT_RELOCATE: ULONG = 0x00800000; pub const LDRP_SYSTEM_MAPPED: ULONG = 0x01000000; pub const LDRP_IMAGE_VERIFYING: ULONG = 0x02000000; pub const LDRP_DRIVER_DEPENDENT_DLL: ULONG = 0x04000000; pub const LDRP_ENTRY_NATIVE: ULONG = 0x08000000; pub const LDRP_REDIRECTED: ULONG = 0x10000000; pub const LDRP_NON_PAGED_DEBUG_INFO: ULONG = 0x20000000; pub const LDRP_MM_LOADED: ULONG = 0x40000000; pub const LDRP_COMPAT_DATABASE_PROCESSED: ULONG = 0x80000000; STRUCT!{struct LDRP_LOAD_CONTEXT { BaseDllName: UNICODE_STRING, somestruct: PVOID, Flags: ULONG, pstatus: *mut NTSTATUS, ParentEntry: *mut LDR_DATA_TABLE_ENTRY, Entry: *mut LDR_DATA_TABLE_ENTRY, WorkQueueListEntry: LIST_ENTRY, ReplacedEntry: *mut LDR_DATA_TABLE_ENTRY, pvImports: *mut *mut LDR_DATA_TABLE_ENTRY, ImportDllCount: ULONG, TaskCount: LONG, pvIAT: PVOID, SizeOfIAT: ULONG, CurrentDll: ULONG, piid: PIMAGE_IMPORT_DESCRIPTOR, OriginalIATProtect: ULONG, GuardCFCheckFunctionPointer: PVOID, pGuardCFCheckFunctionPointer: *mut PVOID, }} UNION!{union LDR_DATA_TABLE_ENTRY_u1 { InInitializationOrderLinks: LIST_ENTRY, InProgressLinks: LIST_ENTRY, }} UNION!{union LDR_DATA_TABLE_ENTRY_u2 { FlagGroup: [UCHAR; 4], Flags: ULONG, }} STRUCT!{struct LDR_DATA_TABLE_ENTRY { InLoadOrderLinks: LIST_ENTRY, InMemoryOrderLinks: LIST_ENTRY, u1: LDR_DATA_TABLE_ENTRY_u1, DllBase: PVOID, EntryPoint: PLDR_INIT_ROUTINE, SizeOfImage: ULONG, FullDllName: UNICODE_STRING, BaseDllName: UNICODE_STRING, u2: LDR_DATA_TABLE_ENTRY_u2, ObsoleteLoadCount: USHORT, TlsIndex: USHORT, HashLinks: LIST_ENTRY, TimeDateStamp: ULONG, EntryPointActivationContext: *mut ACTIVATION_CONTEXT, Lock: PVOID, DdagNode: PLDR_DDAG_NODE, NodeModuleLink: LIST_ENTRY, LoadContext: *mut LDRP_LOAD_CONTEXT, ParentDllBase: PVOID, SwitchBackContext: PVOID, BaseAddressIndexNode: RTL_BALANCED_NODE, MappingInfoIndexNode: RTL_BALANCED_NODE, OriginalBase: ULONG_PTR, LoadTime: LARGE_INTEGER, BaseNameHashValue: ULONG, LoadReason: LDR_DLL_LOAD_REASON, ImplicitPathOptions: ULONG, ReferenceCount: ULONG, DependentLoadFlags: ULONG, SigningLevel: UCHAR, }} BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY_u2 Flags: ULONG [ PackagedBinary set_PackagedBinary[0..1], MarkedForRemoval set_MarkedForRemoval[1..2], ImageDll set_ImageDll[2..3], LoadNotificationsSent set_LoadNotificationsSent[3..4], TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5], ProcessStaticImport set_ProcessStaticImport[5..6], InLegacyLists set_InLegacyLists[6..7], InIndexes set_InIndexes[7..8], ShimDll set_ShimDll[8..9], InExceptionTable set_InExceptionTable[9..10], ReservedFlags1 set_ReservedFlags1[10..12], LoadInProgress set_LoadInProgress[12..13], LoadConfigProcessed set_LoadConfigProcessed[13..14], EntryProcessed set_EntryProcessed[14..15], ProtectDelayLoad set_ProtectDelayLoad[15..16], ReservedFlags3 set_ReservedFlags3[16..18], DontCallForThreads set_DontCallForThreads[18..19], ProcessAttachCalled set_ProcessAttachCalled[19..20], ProcessAttachFailed set_ProcessAttachFailed[20..21], CorDeferredValidate set_CorDeferredValidate[21..22], CorImage set_CorImage[22..23], DontRelocate set_DontRelocate[23..24], CorILOnly set_CorILOnly[24..25], ReservedFlags5 set_ReservedFlags5[25..28], Redirected set_Redirected[28..29], ReservedFlags6 set_ReservedFlags6[29..31], CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32], ]} pub type PLDR_DATA_TABLE_ENTRY = *mut LDR_DATA_TABLE_ENTRY; #[inline] pub const fn LDR_IS_DATAFILE(DllHandle: ULONG_PTR) -> bool { DllHandle & 1 != 0 } #[inline] pub const fn LDR_IS_IMAGEMAPPING(DllHandle: ULONG_PTR) -> bool { DllHandle & 2 != 0 } #[inline] pub const fn LDR_IS_RESOURCE(DllHandle: ULONG_PTR) -> bool { LDR_IS_IMAGEMAPPING(DllHandle) || LDR_IS_DATAFILE(DllHandle) } EXTERN!{extern "system" { fn LdrLoadDll( DllPath: PWSTR, DllCharacteristics: PULONG, DllName: PUNICODE_STRING, DllHandle: *mut PVOID, ) -> NTSTATUS; fn LdrUnloadDll( DllHandle: PVOID, ) -> NTSTATUS; fn LdrGetDllHandle( DllPath: PWSTR, DllCharacteristics: PULONG, DllName: PUNICODE_STRING, DllHandle: *mut PVOID, ) -> NTSTATUS; }} pub const LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT: ULONG = 0x00000001; pub const LDR_GET_DLL_HANDLE_EX_PIN: ULONG = 0x00000002; EXTERN!{extern "system" { fn LdrGetDllHandleEx( Flags: ULONG, DllPath: PWSTR, DllCharacteristics: PULONG, DllName: PUNICODE_STRING, DllHandle: *mut PVOID, ) -> NTSTATUS; fn LdrGetDllHandleByMapping( BaseAddress: PVOID, DllHandle: *mut PVOID, ) -> NTSTATUS; fn LdrGetDllHandleByName( BaseDllName: PUNICODE_STRING, FullDllName: PUNICODE_STRING, DllHandle: *mut PVOID, ) -> NTSTATUS; fn LdrGetDllFullName( DllHandle: PVOID, FullDllName: PUNICODE_STRING, ) -> NTSTATUS; fn LdrGetDllDirectory( DllDirectory: PUNICODE_STRING, ) -> NTSTATUS; fn LdrSetDllDirectory( DllDirectory: PUNICODE_STRING, ) -> NTSTATUS; }} pub const LDR_ADDREF_DLL_PIN: ULONG = 0x00000001; EXTERN!{extern "system" { fn LdrAddRefDll( Flags: ULONG, DllHandle: PVOID, ) -> NTSTATUS; fn LdrGetProcedureAddress( DllHandle: PVOID, ProcedureName: PANSI_STRING, ProcedureNumber: ULONG, ProcedureAddress: *mut PVOID, ) -> NTSTATUS; }} pub const LDR_GET_PROCEDURE_ADDRESS_DONT_RECORD_FORWARDER: ULONG = 0x00000001; EXTERN!{extern "system" { fn LdrGetProcedureAddressEx( DllHandle: PVOID, ProcedureName: PANSI_STRING, ProcedureNumber: ULONG, ProcedureAddress: *mut PVOID, Flags: ULONG, ) -> NTSTATUS; fn LdrGetKnownDllSectionHandle( DllName: PCWSTR, KnownDlls32: BOOLEAN, Section: PHANDLE, ) -> NTSTATUS; fn LdrGetProcedureAddressForCaller( DllHandle: PVOID, ProcedureName: PANSI_STRING, ProcedureNumber: ULONG, ProcedureAddress: *mut PVOID, Flags: ULONG, Callback: *mut PVOID, ) -> NTSTATUS; }} pub const LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001; pub const LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY: ULONG = 0x00000002; pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID: ULONG = 0; pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED: ULONG = 1; pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED: ULONG = 2; EXTERN!{extern "system" { fn LdrLockLoaderLock( Flags: ULONG, Disposition: *mut ULONG, Cookie: *mut PVOID, ) -> NTSTATUS; }} pub const LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001; EXTERN!{extern "system" { fn LdrUnlockLoaderLock( Flags: ULONG, Cookie: PVOID, ) -> NTSTATUS; fn LdrRelocateImage( NewBase: PVOID, LoaderName: PSTR, Success: NTSTATUS, Conflict: NTSTATUS, Invalid: NTSTATUS, ) -> NTSTATUS; fn LdrRelocateImageWithBias( NewBase: PVOID, Bias: LONGLONG, LoaderName: PSTR, Success: NTSTATUS, Conflict: NTSTATUS, Invalid: NTSTATUS, ) -> NTSTATUS; fn LdrProcessRelocationBlock( VA: ULONG_PTR, SizeOfBlock: ULONG, NextOffset: PUSHORT, Diff: LONG_PTR, ) -> PIMAGE_BASE_RELOCATION; fn LdrVerifyMappedImageMatchesChecksum( BaseAddress: PVOID, NumberOfBytes: SIZE_T, FileLength: ULONG, ) -> BOOLEAN; }} FN!{stdcall PLDR_IMPORT_MODULE_CALLBACK( Parameter: PVOID, ModuleName: PSTR, ) -> ()} EXTERN!{extern "system" { fn LdrVerifyImageMatchesChecksum( ImageFileHandle: HANDLE, ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK, ImportCallbackParameter: PVOID, ImageCharacteristics: PUSHORT, ) -> NTSTATUS; }} STRUCT!{struct LDR_IMPORT_CALLBACK_INFO { ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK, ImportCallbackParameter: PVOID, }} pub type PLDR_IMPORT_CALLBACK_INFO = *mut LDR_IMPORT_CALLBACK_INFO; STRUCT!{struct LDR_SECTION_INFO { SectionHandle: HANDLE, DesiredAccess: ACCESS_MASK, ObjA: POBJECT_ATTRIBUTES, SectionPageProtection: ULONG, AllocationAttributes: ULONG, }} pub type PLDR_SECTION_INFO = *mut LDR_SECTION_INFO; STRUCT!{struct LDR_VERIFY_IMAGE_INFO { Size: ULONG, Flags: ULONG, CallbackInfo: LDR_IMPORT_CALLBACK_INFO, SectionInfo: LDR_SECTION_INFO, ImageCharacteristics: USHORT, }} pub type PLDR_VERIFY_IMAGE_INFO = *mut LDR_VERIFY_IMAGE_INFO; EXTERN!{extern "system" { fn LdrVerifyImageMatchesChecksumEx( ImageFileHandle: HANDLE, VerifyInfo: PLDR_VERIFY_IMAGE_INFO, ) -> NTSTATUS; fn LdrQueryModuleServiceTags( DllHandle: PVOID, ServiceTagBuffer: PULONG, BufferSize: PULONG, ) -> NTSTATUS; }} pub const LDR_DLL_NOTIFICATION_REASON_LOADED: ULONG = 1; pub const LDR_DLL_NOTIFICATION_REASON_UNLOADED: ULONG = 2; STRUCT!{struct LDR_DLL_LOADED_NOTIFICATION_DATA { Flags: ULONG, FullDllName: PUNICODE_STRING, BaseDllName: PUNICODE_STRING, DllBase: PVOID, SizeOfImage: ULONG, }} pub type PLDR_DLL_LOADED_NOTIFICATION_DATA = *mut LDR_DLL_LOADED_NOTIFICATION_DATA; STRUCT!{struct LDR_DLL_UNLOADED_NOTIFICATION_DATA { Flags: ULONG, FullDllName: PCUNICODE_STRING, BaseDllName: PCUNICODE_STRING, DllBase: PVOID, SizeOfImage: ULONG, }} pub type PLDR_DLL_UNLOADED_NOTIFICATION_DATA = *mut LDR_DLL_UNLOADED_NOTIFICATION_DATA; UNION!{union LDR_DLL_NOTIFICATION_DATA { Loaded: LDR_DLL_LOADED_NOTIFICATION_DATA, Unloaded: LDR_DLL_UNLOADED_NOTIFICATION_DATA, }} pub type PLDR_DLL_NOTIFICATION_DATA = *mut LDR_DLL_NOTIFICATION_DATA; FN!{stdcall PLDR_DLL_NOTIFICATION_FUNCTION( NotificationReason: ULONG, NotificationData: PLDR_DLL_NOTIFICATION_DATA, Context: PVOID, ) -> ()} EXTERN!{extern "system" { fn LdrRegisterDllNotification( Flags: ULONG, NotificationFunction: PLDR_DLL_NOTIFICATION_FUNCTION, Context: PVOID, Cookie: *mut PVOID, ) -> NTSTATUS; fn LdrUnregisterDllNotification( Cookie: PVOID, ) -> NTSTATUS; }} STRUCT!{struct PS_MITIGATION_OPTIONS_MAP { Map: [ULONG_PTR; 2], }} pub type PPS_MITIGATION_OPTIONS_MAP = *mut PS_MITIGATION_OPTIONS_MAP; STRUCT!{struct PS_MITIGATION_AUDIT_OPTIONS_MAP { Map: [ULONG_PTR; 2], }} pub type PPS_MITIGATION_AUDIT_OPTIONS_MAP = *mut PS_MITIGATION_AUDIT_OPTIONS_MAP; STRUCT!{struct PS_SYSTEM_DLL_INIT_BLOCK { Size: ULONG, SystemDllWowRelocation: ULONG_PTR, SystemDllNativeRelocation: ULONG_PTR, Wow64SharedInformation: [ULONG_PTR; 16], RngData: ULONG, Flags: ULONG, MitigationOptionsMap: PS_MITIGATION_OPTIONS_MAP, CfgBitMap: ULONG_PTR, CfgBitMapSize: ULONG_PTR, Wow64CfgBitMap: ULONG_PTR, Wow64CfgBitMapSize: ULONG_PTR, MitigationAuditOptionsMap: PS_MITIGATION_AUDIT_OPTIONS_MAP, }} BITFIELD!{PS_SYSTEM_DLL_INIT_BLOCK Flags: ULONG [ CfgOverride set_CfgOverride[0..1], Reserved set_Reserved[1..32], ]} pub type PPS_SYSTEM_DLL_INIT_BLOCK = *mut PS_SYSTEM_DLL_INIT_BLOCK; EXTERN!{extern "system" { fn LdrSystemDllInitBlock() -> PPS_SYSTEM_DLL_INIT_BLOCK; fn LdrAddLoadAsDataTable( Module: PVOID, FilePath: PWSTR, Size: SIZE_T, Handle: HANDLE, ) -> NTSTATUS; fn LdrRemoveLoadAsDataTable( InitModule: PVOID, BaseModule: *mut PVOID, Size: PSIZE_T, Flags: ULONG, ) -> NTSTATUS; fn LdrGetFileNameFromLoadAsDataTable( Module: PVOID, pFileNamePrt: *mut PVOID, ) -> NTSTATUS; fn LdrDisableThreadCalloutsForDll( DllImageBase: PVOID, ) -> NTSTATUS; fn LdrAccessResource( DllHandle: PVOID, ResourceDataEntry: PIMAGE_RESOURCE_DATA_ENTRY, ResourceBuffer: *mut PVOID, ResourceLength: *mut ULONG, ) -> NTSTATUS; }} STRUCT!{struct LDR_RESOURCE_INFO { Type: ULONG_PTR, Name: ULONG_PTR, Language: ULONG_PTR, }} pub type PLDR_RESOURCE_INFO = *mut LDR_RESOURCE_INFO; pub const RESOURCE_TYPE_LEVEL: ULONG = 0; pub const RESOURCE_NAME_LEVEL: ULONG = 1; pub const RESOURCE_LANGUAGE_LEVEL: ULONG = 2; pub const RESOURCE_DATA_LEVEL: ULONG = 3; EXTERN!{extern "system" { fn LdrFindResource_U( DllHandle: PVOID, ResourceInfo: PLDR_RESOURCE_INFO, Level: ULONG, ResourceDataEntry: *mut PIMAGE_RESOURCE_DATA_ENTRY, ) -> NTSTATUS; fn LdrFindResourceDirectory_U( DllHandle: PVOID, ResourceInfo: PLDR_RESOURCE_INFO, Level: ULONG, ResourceDirectory: *mut PIMAGE_RESOURCE_DIRECTORY, ) -> NTSTATUS; }} STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY_Path_s { Id: USHORT, NameIsPresent: USHORT, }} UNION!{union LDR_ENUM_RESOURCE_ENTRY_Path { NameOrId: ULONG_PTR, Name: PIMAGE_RESOURCE_DIRECTORY_STRING, s: LDR_ENUM_RESOURCE_ENTRY_Path_s, }} STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY { Path: [LDR_ENUM_RESOURCE_ENTRY_Path; 3], Data: PVOID, Size: ULONG, Reserved: ULONG, }} pub type PLDR_ENUM_RESOURCE_ENTRY = *mut LDR_ENUM_RESOURCE_ENTRY; #[inline] pub unsafe fn NAME_FROM_RESOURCE_ENTRY( RootDirectory: PIMAGE_RESOURCE_DIRECTORY, Entry: &IMAGE_RESOURCE_DIRECTORY_ENTRY, ) -> usize { if Entry.u.s().NameIsString() != 0 { return RootDirectory as usize + Entry.u.s().NameOffset() as usize; } *Entry.u.Id() as usize } EXTERN!{extern "system" { fn LdrEnumResources( DllHandle: PVOID, ResourceInfo: PLDR_RESOURCE_INFO, Level: ULONG, ResourceCount: *mut ULONG, Resources: PLDR_ENUM_RESOURCE_ENTRY, ) -> NTSTATUS; fn LdrFindEntryForAddress( DllHandle: PVOID, Entry: *mut PLDR_DATA_TABLE_ENTRY, ) -> NTSTATUS; }} STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION { Section: HANDLE, MappedBase: PVOID, ImageBase: PVOID, ImageSize: ULONG, Flags: ULONG, LoadOrderIndex: USHORT, InitOrderIndex: USHORT, LoadCount: USHORT, OffsetToFileName: USHORT, FullPathName: [UCHAR; 256], }} pub type PRTL_PROCESS_MODULE_INFORMATION = *mut RTL_PROCESS_MODULE_INFORMATION; STRUCT!{struct RTL_PROCESS_MODULES { NumberOfModules: ULONG, Modules: [RTL_PROCESS_MODULE_INFORMATION; 1], }} pub type PRTL_PROCESS_MODULES = *mut RTL_PROCESS_MODULES; STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION_EX { NextOffset: USHORT, BaseInfo: RTL_PROCESS_MODULE_INFORMATION, ImageChecksum: ULONG, TimeDateStamp: ULONG, DefaultBase: PVOID, }} pub type PRTL_PROCESS_MODULE_INFORMATION_EX = *mut RTL_PROCESS_MODULE_INFORMATION_EX; EXTERN!{extern "system" { fn LdrQueryProcessModuleInformation( ModuleInformation: PRTL_PROCESS_MODULES, Size: ULONG, ReturnedSize: PULONG, ) -> NTSTATUS; }} FN!{stdcall PLDR_ENUM_CALLBACK( ModuleInformation: PLDR_DATA_TABLE_ENTRY, Parameter: PVOID, Stop: *mut BOOLEAN, ) -> ()} EXTERN!{extern "system" { fn LdrEnumerateLoadedModules( ReservedFlag: BOOLEAN, EnumProc: PLDR_ENUM_CALLBACK, Context: PVOID, ) -> NTSTATUS; fn LdrOpenImageFileOptionsKey( SubKey: PUNICODE_STRING, Wow64: BOOLEAN, NewKeyHandle: PHANDLE, ) -> NTSTATUS; fn LdrQueryImageFileKeyOption( KeyHandle: HANDLE, ValueName: PCWSTR, Type: ULONG, Buffer: PVOID, BufferSize: ULONG, ReturnedLength: PULONG, ) -> NTSTATUS; fn LdrQueryImageFileExecutionOptions( SubKey: PUNICODE_STRING, ValueName: PCWSTR, ValueSize: ULONG, Buffer: PVOID, BufferSize: ULONG, ReturnedLength: PULONG, ) -> NTSTATUS; fn LdrQueryImageFileExecutionOptionsEx( SubKey: PUNICODE_STRING, ValueName: PCWSTR, Type: ULONG, Buffer: PVOID, BufferSize: ULONG, ReturnedLength: PULONG, Wow64: BOOLEAN, ) -> NTSTATUS; }} UNION!{union DELAYLOAD_PROC_DESCRIPTOR_Description { Name: PCSTR, Ordinal: ULONG, }} STRUCT!{struct DELAYLOAD_PROC_DESCRIPTOR { ImportDescribedByName: ULONG, Description: DELAYLOAD_PROC_DESCRIPTOR_Description, }} pub type PDELAYLOAD_PROC_DESCRIPTOR = *mut DELAYLOAD_PROC_DESCRIPTOR; STRUCT!{struct DELAYLOAD_INFO { Size: ULONG, DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR, ThunkAddress: PIMAGE_THUNK_DATA, TargetDllName: PCSTR, TargetApiDescriptor: DELAYLOAD_PROC_DESCRIPTOR, TargetModuleBase: PVOID, Unused: PVOID, LastError: ULONG, }} pub type PDELAYLOAD_INFO = *mut DELAYLOAD_INFO; FN!{stdcall PDELAYLOAD_FAILURE_DLL_CALLBACK( NotificationReason: ULONG, DelayloadInfo: PDELAYLOAD_INFO, ) -> PVOID} FN!{stdcall PDELAYLOAD_FAILURE_SYSTEM_ROUTINE( DllName: PCSTR, ProcName: PCSTR, ) -> PVOID} EXTERN!{extern "system" { fn LdrResolveDelayLoadedAPI( ParentModuleBase: PVOID, DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR, FailureDllHook: PDELAYLOAD_FAILURE_DLL_CALLBACK, FailureSystemHook: PDELAYLOAD_FAILURE_SYSTEM_ROUTINE, ThunkAddress: PIMAGE_THUNK_DATA, Flags: ULONG, ) -> PVOID; fn LdrResolveDelayLoadsFromDll( ParentBase: PVOID, TargetDllName: PCSTR, Flags: ULONG, ) -> NTSTATUS; fn LdrSetDefaultDllDirectories( DirectoryFlags: ULONG, ) -> NTSTATUS; fn LdrShutdownProcess() -> NTSTATUS; fn LdrShutdownThread() -> NTSTATUS; fn LdrSetImplicitPathOptions( ImplicitPathOptions: ULONG, ) -> NTSTATUS; fn LdrControlFlowGuardEnforced() -> BOOLEAN; }} ntapi-0.4.0/src/ntlpcapi.rs000064400000000000000000000524340072674642500137470ustar 00000000000000use core::mem::size_of; use crate::ntapi_base::{CLIENT_ID, CLIENT_ID64}; use winapi::ctypes::c_double; use winapi::shared::basetsd::{PSIZE_T, SIZE_T, ULONG64, ULONG_PTR}; use winapi::shared::ntdef::{ BOOLEAN, CSHORT, HANDLE, LARGE_INTEGER, NTSTATUS, OBJ_CASE_INSENSITIVE, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, ULONG, ULONGLONG, UNICODE_STRING, }; use winapi::um::winnt::{ ACCESS_MASK, PSECURITY_DESCRIPTOR, PSECURITY_QUALITY_OF_SERVICE, PSID, RTL_SRWLOCK, SECURITY_QUALITY_OF_SERVICE, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, }; pub const PORT_CONNECT: u32 = 0x0001; pub const PORT_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1; STRUCT!{struct PORT_MESSAGE_u1_s { DataLength: CSHORT, TotalLength: CSHORT, }} STRUCT!{struct PORT_MESSAGE_u2_s { Type: CSHORT, DataInfoOffset: CSHORT, }} UNION!{union PORT_MESSAGE_u1 { s: PORT_MESSAGE_u1_s, Length: ULONG, }} UNION!{union PORT_MESSAGE_u2 { s: PORT_MESSAGE_u2_s, ZeroInit: ULONG, }} UNION!{union PORT_MESSAGE_u3 { ClientId: CLIENT_ID, DoNotUseThisField: c_double, }} UNION!{union PORT_MESSAGE_u4 { ClientViewSize: SIZE_T, CallbackId: ULONG, }} STRUCT!{struct PORT_MESSAGE { u1: PORT_MESSAGE_u1, u2: PORT_MESSAGE_u2, u3: PORT_MESSAGE_u3, MessageId: ULONG, u4: PORT_MESSAGE_u4, }} pub type PPORT_MESSAGE = *mut PORT_MESSAGE; STRUCT!{struct PORT_DATA_ENTRY { Base: PVOID, Size: ULONG, }} pub type PPORT_DATA_ENTRY = *mut PORT_DATA_ENTRY; STRUCT!{struct PORT_DATA_INFORMATION { CountDataEntries: ULONG, DataEntries: [PORT_DATA_ENTRY; 1], }} pub type PPORT_DATA_INFORMATION = *mut PORT_DATA_INFORMATION; pub const LPC_REQUEST: ULONG = 1; pub const LPC_REPLY: ULONG = 2; pub const LPC_DATAGRAM: ULONG = 3; pub const LPC_LOST_REPLY: ULONG = 4; pub const LPC_PORT_CLOSED: ULONG = 5; pub const LPC_CLIENT_DIED: ULONG = 6; pub const LPC_EXCEPTION: ULONG = 7; pub const LPC_DEBUG_EVENT: ULONG = 8; pub const LPC_ERROR_EVENT: ULONG = 9; pub const LPC_CONNECTION_REQUEST: ULONG = 10; pub const LPC_KERNELMODE_MESSAGE: CSHORT = 0x8000; pub const LPC_NO_IMPERSONATE: CSHORT = 0x4000; pub const PORT_VALID_OBJECT_ATTRIBUTES: u32 = OBJ_CASE_INSENSITIVE; #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] pub const PORT_MAXIMUM_MESSAGE_LENGTH: u32 = 512; #[cfg(target_arch = "x86")] pub const PORT_MAXIMUM_MESSAGE_LENGTH: u32 = 256; pub const LPC_MAX_CONNECTION_INFO_SIZE: u32 = 16 * size_of::() as u32; pub const PORT_TOTAL_MAXIMUM_MESSAGE_LENGTH: u32 = (PORT_MAXIMUM_MESSAGE_LENGTH + size_of::() as u32 + LPC_MAX_CONNECTION_INFO_SIZE + 0xf) & !0xf; STRUCT!{struct LPC_CLIENT_DIED_MSG { PortMsg: PORT_MESSAGE, CreateTime: LARGE_INTEGER, }} pub type PLPC_CLIENT_DIED_MSG = *mut LPC_CLIENT_DIED_MSG; STRUCT!{struct PORT_VIEW { Length: ULONG, SectionHandle: HANDLE, SectionOffset: ULONG, ViewSize: SIZE_T, ViewBase: PVOID, ViewRemoteBase: PVOID, }} pub type PPORT_VIEW = *mut PORT_VIEW; STRUCT!{struct REMOTE_PORT_VIEW { Length: ULONG, ViewSize: SIZE_T, ViewBase: PVOID, }} pub type PREMOTE_PORT_VIEW = *mut REMOTE_PORT_VIEW; STRUCT!{struct PORT_MESSAGE64_u1_s { DataLength: CSHORT, TotalLength: CSHORT, }} STRUCT!{struct PORT_MESSAGE64_u2_s { Type: CSHORT, DataInfoOffset: CSHORT, }} UNION!{union PORT_MESSAGE64_u1 { s: PORT_MESSAGE64_u1_s, Length: ULONG, }} UNION!{union PORT_MESSAGE64_u2 { s: PORT_MESSAGE64_u2_s, ZeroInit: ULONG, }} UNION!{union PORT_MESSAGE64_u3 { ClientId: CLIENT_ID64, DoNotUseThisField: c_double, }} UNION!{union PORT_MESSAGE64_u4 { ClientViewSize: ULONGLONG, CallbackId: ULONG, }} STRUCT!{struct PORT_MESSAGE64 { u1: PORT_MESSAGE64_u1, u2: PORT_MESSAGE64_u2, u3: PORT_MESSAGE64_u3, MessageId: ULONG, u4: PORT_MESSAGE64_u4, }} pub type PPORT_MESSAGE64 = *mut PORT_MESSAGE64; STRUCT!{struct LPC_CLIENT_DIED_MSG64 { PortMsg: PORT_MESSAGE64, CreateTime: LARGE_INTEGER, }} pub type PLPC_CLIENT_DIED_MSG64 = *mut LPC_CLIENT_DIED_MSG64; STRUCT!{struct PORT_VIEW64 { Length: ULONG, SectionHandle: ULONGLONG, SectionOffset: ULONG, ViewSize: ULONGLONG, ViewBase: ULONGLONG, ViewRemoteBase: ULONGLONG, }} pub type PPORT_VIEW64 = *mut PORT_VIEW64; STRUCT!{struct REMOTE_PORT_VIEW64 { Length: ULONG, ViewSize: ULONGLONG, ViewBase: ULONGLONG, }} pub type PREMOTE_PORT_VIEW64 = *mut REMOTE_PORT_VIEW64; EXTERN!{extern "system" { fn NtCreatePort( PortHandle: PHANDLE, ObjectAttributes: POBJECT_ATTRIBUTES, MaxConnectionInfoLength: ULONG, MaxMessageLength: ULONG, MaxPoolUsage: ULONG, ) -> NTSTATUS; fn NtCreateWaitablePort( PortHandle: PHANDLE, ObjectAttributes: POBJECT_ATTRIBUTES, MaxConnectionInfoLength: ULONG, MaxMessageLength: ULONG, MaxPoolUsage: ULONG, ) -> NTSTATUS; fn NtConnectPort( PortHandle: PHANDLE, PortName: PUNICODE_STRING, SecurityQos: PSECURITY_QUALITY_OF_SERVICE, ClientView: PPORT_VIEW, ServerView: PREMOTE_PORT_VIEW, MaxMessageLength: PULONG, ConnectionInformation: PVOID, ConnectionInformationLength: PULONG, ) -> NTSTATUS; fn NtSecureConnectPort( PortHandle: PHANDLE, PortName: PUNICODE_STRING, SecurityQos: PSECURITY_QUALITY_OF_SERVICE, ClientView: PPORT_VIEW, RequiredServerSid: PSID, ServerView: PREMOTE_PORT_VIEW, MaxMessageLength: PULONG, ConnectionInformation: PVOID, ConnectionInformationLength: PULONG, ) -> NTSTATUS; fn NtListenPort( PortHandle: HANDLE, ConnectionRequest: PPORT_MESSAGE, ) -> NTSTATUS; fn NtAcceptConnectPort( PortHandle: PHANDLE, PortContext: PVOID, ConnectionRequest: PPORT_MESSAGE, AcceptConnection: BOOLEAN, ServerView: PPORT_VIEW, ClientView: PREMOTE_PORT_VIEW, ) -> NTSTATUS; fn NtCompleteConnectPort( PortHandle: HANDLE, ) -> NTSTATUS; fn NtRequestPort( PortHandle: HANDLE, RequestMessage: PPORT_MESSAGE, ) -> NTSTATUS; fn NtRequestWaitReplyPort( PortHandle: HANDLE, RequestMessage: PPORT_MESSAGE, ReplyMessage: PPORT_MESSAGE, ) -> NTSTATUS; fn NtReplyPort( PortHandle: HANDLE, ReplyMessage: PPORT_MESSAGE, ) -> NTSTATUS; fn NtReplyWaitReplyPort( PortHandle: HANDLE, ReplyMessage: PPORT_MESSAGE, ) -> NTSTATUS; fn NtReplyWaitReceivePort( PortHandle: HANDLE, PortContext: *mut PVOID, ReplyMessage: PPORT_MESSAGE, ReceiveMessage: PPORT_MESSAGE, ) -> NTSTATUS; fn NtReplyWaitReceivePortEx( PortHandle: HANDLE, PortContext: *mut PVOID, ReplyMessage: PPORT_MESSAGE, ReceiveMessage: PPORT_MESSAGE, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn NtImpersonateClientOfPort( PortHandle: HANDLE, Message: PPORT_MESSAGE, ) -> NTSTATUS; fn NtReadRequestData( PortHandle: HANDLE, Message: PPORT_MESSAGE, DataEntryIndex: ULONG, Buffer: PVOID, BufferSize: SIZE_T, NumberOfBytesRead: PSIZE_T, ) -> NTSTATUS; fn NtWriteRequestData( PortHandle: HANDLE, Message: PPORT_MESSAGE, DataEntryIndex: ULONG, Buffer: PVOID, BufferSize: SIZE_T, NumberOfBytesWritten: PSIZE_T, ) -> NTSTATUS; }} ENUM!{enum PORT_INFORMATION_CLASS { PortBasicInformation = 0, PortDumpInformation = 1, }} EXTERN!{extern "system" { fn NtQueryInformationPort( PortHandle: HANDLE, PortInformationClass: PORT_INFORMATION_CLASS, PortInformation: PVOID, Length: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; }} pub type PALPC_HANDLE = *mut HANDLE; pub type ALPC_HANDLE = HANDLE; pub const ALPC_PORFLG_ALLOW_LPC_REQUESTS: ULONG = 0x20000; pub const ALPC_PORFLG_WAITABLE_PORT: ULONG = 0x40000; pub const ALPC_PORFLG_SYSTEM_PROCESS: ULONG = 0x100000; #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] STRUCT!{struct ALPC_PORT_ATTRIBUTES { Flags: ULONG, SecurityQos: SECURITY_QUALITY_OF_SERVICE, MaxMessageLength: SIZE_T, MemoryBandwidth: SIZE_T, MaxPoolUsage: SIZE_T, MaxSectionSize: SIZE_T, MaxViewSize: SIZE_T, MaxTotalSectionSize: SIZE_T, DupObjectTypes: ULONG, Reserved: ULONG, }} #[cfg(target_arch = "x86")] STRUCT!{struct ALPC_PORT_ATTRIBUTES { Flags: ULONG, SecurityQos: SECURITY_QUALITY_OF_SERVICE, MaxMessageLength: SIZE_T, MemoryBandwidth: SIZE_T, MaxPoolUsage: SIZE_T, MaxSectionSize: SIZE_T, MaxViewSize: SIZE_T, MaxTotalSectionSize: SIZE_T, DupObjectTypes: ULONG, }} pub type PALPC_PORT_ATTRIBUTES = *mut ALPC_PORT_ATTRIBUTES; pub const ALPC_MESSAGE_SECURITY_ATTRIBUTE: ULONG = 0x80000000; pub const ALPC_MESSAGE_VIEW_ATTRIBUTE: ULONG = 0x40000000; pub const ALPC_MESSAGE_CONTEXT_ATTRIBUTE: ULONG = 0x20000000; pub const ALPC_MESSAGE_HANDLE_ATTRIBUTE: ULONG = 0x10000000; STRUCT!{struct ALPC_MESSAGE_ATTRIBUTES { AllocatedAttributes: ULONG, ValidAttributes: ULONG, }} pub type PALPC_MESSAGE_ATTRIBUTES = *mut ALPC_MESSAGE_ATTRIBUTES; STRUCT!{struct ALPC_COMPLETION_LIST_STATE { Value: ULONG64, }} BITFIELD!{ALPC_COMPLETION_LIST_STATE Value: ULONG64 [ Head set_Head[0..24], Tail set_Tail[24..48], ActiveThreadCount set_ActiveThreadCount[48..64], ]} pub type PALPC_COMPLETION_LIST_STATE = *mut ALPC_COMPLETION_LIST_STATE; pub const ALPC_COMPLETION_LIST_BUFFER_GRANULARITY_MASK: ULONG = 0x3f; STRUCT!{#[repr(align(128))] struct ALPC_COMPLETION_LIST_HEADER { StartMagic: ULONG64, TotalSize: ULONG, ListOffset: ULONG, ListSize: ULONG, BitmapOffset: ULONG, BitmapSize: ULONG, DataOffset: ULONG, DataSize: ULONG, AttributeFlags: ULONG, AttributeSize: ULONG, __padding0: [u64; 10], State: ALPC_COMPLETION_LIST_STATE, LastMessageId: ULONG, LastCallbackId: ULONG, __padding1: [u32; 28], PostCount: ULONG, __padding2: [u32; 31], ReturnCount: ULONG, __padding3: [u32; 31], LogSequenceNumber: ULONG, __padding4: [u64; 15], UserLock: RTL_SRWLOCK, EndMagic: ULONG64, __padding5: [u64; 14], }} pub type PALPC_COMPLETION_LIST_HEADER = *mut ALPC_COMPLETION_LIST_HEADER; STRUCT!{struct ALPC_CONTEXT_ATTR { PortContext: PVOID, MessageContext: PVOID, Sequence: ULONG, MessageId: ULONG, CallbackId: ULONG, }} pub type PALPC_CONTEXT_ATTR = *mut ALPC_CONTEXT_ATTR; pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ACCESS: ULONG = 0x10000; pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ATTRIBUTES: ULONG = 0x20000; pub const ALPC_HANDLEFLG_DUPLICATE_INHERIT: ULONG = 0x80000; STRUCT!{struct ALPC_HANDLE_ATTR32 { Flags: ULONG, Reserved0: ULONG, SameAccess: ULONG, SameAttributes: ULONG, Indirect: ULONG, Inherit: ULONG, Reserved1: ULONG, Handle: ULONG, ObjectType: ULONG, DesiredAccess: ULONG, GrantedAccess: ULONG, }} pub type PALPC_HANDLE_ATTR32 = *mut ALPC_HANDLE_ATTR32; STRUCT!{struct ALPC_HANDLE_ATTR { Flags: ULONG, Reserved0: ULONG, SameAccess: ULONG, SameAttributes: ULONG, Indirect: ULONG, Inherit: ULONG, Reserved1: ULONG, Handle: HANDLE, HandleAttrArray: PALPC_HANDLE_ATTR32, ObjectType: ULONG, HandleCount: ULONG, DesiredAccess: ACCESS_MASK, GrantedAccess: ACCESS_MASK, }} pub type PALPC_HANDLE_ATTR = *mut ALPC_HANDLE_ATTR; pub const ALPC_SECFLG_CREATE_HANDLE: ULONG = 0x20000; STRUCT!{struct ALPC_SECURITY_ATTR { Flags: ULONG, QoS: PSECURITY_QUALITY_OF_SERVICE, ContextHandle: ALPC_HANDLE, }} pub type PALPC_SECURITY_ATTR = *mut ALPC_SECURITY_ATTR; pub const ALPC_VIEWFLG_NOT_SECURE: ULONG = 0x40000; STRUCT!{struct ALPC_DATA_VIEW_ATTR { Flags: ULONG, SectionHandle: ALPC_HANDLE, ViewBase: PVOID, ViewSize: SIZE_T, }} pub type PALPC_DATA_VIEW_ATTR = *mut ALPC_DATA_VIEW_ATTR; ENUM!{enum ALPC_PORT_INFORMATION_CLASS { AlpcBasicInformation = 0, AlpcPortInformation = 1, AlpcAssociateCompletionPortInformation = 2, AlpcConnectedSIDInformation = 3, AlpcServerInformation = 4, AlpcMessageZoneInformation = 5, AlpcRegisterCompletionListInformation = 6, AlpcUnregisterCompletionListInformation = 7, AlpcAdjustCompletionListConcurrencyCountInformation = 8, AlpcRegisterCallbackInformation = 9, AlpcCompletionListRundownInformation = 10, AlpcWaitForPortReferences = 11, }} STRUCT!{struct ALPC_BASIC_INFORMATION { Flags: ULONG, SequenceNo: ULONG, PortContext: PVOID, }} pub type PALPC_BASIC_INFORMATION = *mut ALPC_BASIC_INFORMATION; STRUCT!{struct ALPC_PORT_ASSOCIATE_COMPLETION_PORT { CompletionKey: PVOID, CompletionPort: HANDLE, }} pub type PALPC_PORT_ASSOCIATE_COMPLETION_PORT = *mut ALPC_PORT_ASSOCIATE_COMPLETION_PORT; STRUCT!{struct ALPC_SERVER_INFORMATION_Out { ThreadBlocked: BOOLEAN, ConnectedProcessId: HANDLE, ConnectionPortName: UNICODE_STRING, }} UNION!{union ALPC_SERVER_INFORMATION { ThreadHandle: HANDLE, Out: ALPC_SERVER_INFORMATION_Out, }} pub type PALPC_SERVER_INFORMATION = *mut ALPC_SERVER_INFORMATION; STRUCT!{struct ALPC_PORT_MESSAGE_ZONE_INFORMATION { Buffer: PVOID, Size: ULONG, }} pub type PALPC_PORT_MESSAGE_ZONE_INFORMATION = *mut ALPC_PORT_MESSAGE_ZONE_INFORMATION; STRUCT!{struct ALPC_PORT_COMPLETION_LIST_INFORMATION { Buffer: PVOID, Size: ULONG, ConcurrencyCount: ULONG, AttributeFlags: ULONG, }} pub type PALPC_PORT_COMPLETION_LIST_INFORMATION = *mut ALPC_PORT_COMPLETION_LIST_INFORMATION; ENUM!{enum ALPC_MESSAGE_INFORMATION_CLASS { AlpcMessageSidInformation = 0, AlpcMessageTokenModifiedIdInformation = 1, AlpcMessageDirectStatusInformation = 2, AlpcMessageHandleInformation = 3, MaxAlpcMessageInfoClass = 4, }} pub type PALPC_MESSAGE_INFORMATION_CLASS = *mut ALPC_MESSAGE_INFORMATION_CLASS; STRUCT!{struct ALPC_MESSAGE_HANDLE_INFORMATION { Index: ULONG, Flags: ULONG, Handle: ULONG, ObjectType: ULONG, GrantedAccess: ACCESS_MASK, }} pub type PALPC_MESSAGE_HANDLE_INFORMATION = *mut ALPC_MESSAGE_HANDLE_INFORMATION; EXTERN!{extern "system" { fn NtAlpcCreatePort( PortHandle: PHANDLE, ObjectAttributes: POBJECT_ATTRIBUTES, PortAttributes: PALPC_PORT_ATTRIBUTES, ) -> NTSTATUS; fn NtAlpcDisconnectPort( PortHandle: HANDLE, Flags: ULONG, ) -> NTSTATUS; fn NtAlpcQueryInformation( PortHandle: HANDLE, PortInformationClass: ALPC_PORT_INFORMATION_CLASS, PortInformation: PVOID, Length: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtAlpcSetInformation( PortHandle: HANDLE, PortInformationClass: ALPC_PORT_INFORMATION_CLASS, PortInformation: PVOID, Length: ULONG, ) -> NTSTATUS; fn NtAlpcCreatePortSection( PortHandle: HANDLE, Flags: ULONG, SectionHandle: HANDLE, SectionSize: SIZE_T, AlpcSectionHandle: PALPC_HANDLE, ActualSectionSize: PSIZE_T, ) -> NTSTATUS; fn NtAlpcDeletePortSection( PortHandle: HANDLE, Flags: ULONG, SectionHandle: ALPC_HANDLE, ) -> NTSTATUS; fn NtAlpcCreateResourceReserve( PortHandle: HANDLE, Flags: ULONG, MessageSize: SIZE_T, ResourceId: PALPC_HANDLE, ) -> NTSTATUS; fn NtAlpcDeleteResourceReserve( PortHandle: HANDLE, Flags: ULONG, ResourceId: ALPC_HANDLE, ) -> NTSTATUS; fn NtAlpcCreateSectionView( PortHandle: HANDLE, Flags: ULONG, ViewAttributes: PALPC_DATA_VIEW_ATTR, ) -> NTSTATUS; fn NtAlpcDeleteSectionView( PortHandle: HANDLE, Flags: ULONG, ViewBase: PVOID, ) -> NTSTATUS; fn NtAlpcCreateSecurityContext( PortHandle: HANDLE, Flags: ULONG, SecurityAttribute: PALPC_SECURITY_ATTR, ) -> NTSTATUS; fn NtAlpcDeleteSecurityContext( PortHandle: HANDLE, Flags: ULONG, ContextHandle: ALPC_HANDLE, ) -> NTSTATUS; fn NtAlpcRevokeSecurityContext( PortHandle: HANDLE, Flags: ULONG, ContextHandle: ALPC_HANDLE, ) -> NTSTATUS; fn NtAlpcQueryInformationMessage( PortHandle: HANDLE, PortMessage: PPORT_MESSAGE, MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS, MessageInformation: PVOID, Length: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; }} pub const ALPC_MSGFLG_REPLY_MESSAGE: ULONG = 0x1; pub const ALPC_MSGFLG_LPC_MODE: ULONG = 0x2; pub const ALPC_MSGFLG_RELEASE_MESSAGE: ULONG = 0x10000; pub const ALPC_MSGFLG_SYNC_REQUEST: ULONG = 0x20000; pub const ALPC_MSGFLG_WAIT_USER_MODE: ULONG = 0x100000; pub const ALPC_MSGFLG_WAIT_ALERTABLE: ULONG = 0x200000; pub const ALPC_MSGFLG_WOW64_CALL: ULONG = 0x80000000; EXTERN!{extern "system" { fn NtAlpcConnectPort( PortHandle: PHANDLE, PortName: PUNICODE_STRING, ObjectAttributes: POBJECT_ATTRIBUTES, PortAttributes: PALPC_PORT_ATTRIBUTES, Flags: ULONG, RequiredServerSid: PSID, ConnectionMessage: PPORT_MESSAGE, BufferLength: PULONG, OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn NtAlpcConnectPortEx( PortHandle: PHANDLE, ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES, ClientPortObjectAttributes: POBJECT_ATTRIBUTES, PortAttributes: PALPC_PORT_ATTRIBUTES, Flags: ULONG, ServerSecurityRequirements: PSECURITY_DESCRIPTOR, ConnectionMessage: PPORT_MESSAGE, BufferLength: PSIZE_T, OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn NtAlpcAcceptConnectPort( PortHandle: PHANDLE, ConnectionPortHandle: HANDLE, Flags: ULONG, ObjectAttributes: POBJECT_ATTRIBUTES, PortAttributes: PALPC_PORT_ATTRIBUTES, PortContext: PVOID, ConnectionRequest: PPORT_MESSAGE, ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, AcceptConnection: BOOLEAN, ) -> NTSTATUS; fn NtAlpcSendWaitReceivePort( PortHandle: HANDLE, Flags: ULONG, SendMessageA: PPORT_MESSAGE, SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, ReceiveMessage: PPORT_MESSAGE, BufferLength: PSIZE_T, ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; }} pub const ALPC_CANCELFLG_TRY_CANCEL: ULONG = 0x1; pub const ALPC_CANCELFLG_NO_CONTEXT_CHECK: ULONG = 0x8; pub const ALPC_CANCELFLGP_FLUSH: ULONG = 0x10000; EXTERN!{extern "system" { fn NtAlpcCancelMessage( PortHandle: HANDLE, Flags: ULONG, MessageContext: PALPC_CONTEXT_ATTR, ) -> NTSTATUS; fn NtAlpcImpersonateClientOfPort( PortHandle: HANDLE, Message: PPORT_MESSAGE, Flags: PVOID, ) -> NTSTATUS; fn NtAlpcImpersonateClientContainerOfPort( PortHandle: HANDLE, Message: PPORT_MESSAGE, Flags: ULONG, ) -> NTSTATUS; fn NtAlpcOpenSenderProcess( ProcessHandle: PHANDLE, PortHandle: HANDLE, PortMessage: PPORT_MESSAGE, Flags: ULONG, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtAlpcOpenSenderThread( ThreadHandle: PHANDLE, PortHandle: HANDLE, PortMessage: PPORT_MESSAGE, Flags: ULONG, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn AlpcMaxAllowedMessageLength() -> ULONG; fn AlpcGetHeaderSize( Flags: ULONG, ) -> ULONG; fn AlpcInitializeMessageAttribute( AttributeFlags: ULONG, Buffer: PALPC_MESSAGE_ATTRIBUTES, BufferSize: ULONG, RequiredBufferSize: PULONG, ) -> NTSTATUS; fn AlpcGetMessageAttribute( Buffer: PALPC_MESSAGE_ATTRIBUTES, AttributeFlag: ULONG, ) -> PVOID; fn AlpcRegisterCompletionList( PortHandle: HANDLE, Buffer: PALPC_COMPLETION_LIST_HEADER, Size: ULONG, ConcurrencyCount: ULONG, AttributeFlags: ULONG, ) -> NTSTATUS; fn AlpcUnregisterCompletionList( PortHandle: HANDLE, ) -> NTSTATUS; fn AlpcRundownCompletionList( PortHandle: HANDLE, ) -> NTSTATUS; fn AlpcAdjustCompletionListConcurrencyCount( PortHandle: HANDLE, ConcurrencyCount: ULONG, ) -> NTSTATUS; fn AlpcRegisterCompletionListWorkerThread( CompletionList: PVOID, ) -> BOOLEAN; fn AlpcUnregisterCompletionListWorkerThread( CompletionList: PVOID, ) -> BOOLEAN; fn AlpcGetCompletionListLastMessageInformation( CompletionList: PVOID, LastMessageId: PULONG, LastCallbackId: PULONG, ); fn AlpcGetOutstandingCompletionListMessageCount( CompletionList: PVOID, ) -> ULONG; fn AlpcGetMessageFromCompletionList( CompletionList: PVOID, MessageAttributes: *mut PALPC_MESSAGE_ATTRIBUTES, ) -> PPORT_MESSAGE; fn AlpcFreeCompletionListMessage( CompletionList: PVOID, Message: PPORT_MESSAGE, ); fn AlpcGetCompletionListMessageAttributes( CompletionList: PVOID, Message: PPORT_MESSAGE, ) -> PALPC_MESSAGE_ATTRIBUTES; }} ntapi-0.4.0/src/ntmisc.rs000064400000000000000000000022640072674642500134260ustar 00000000000000use winapi::shared::ntdef::{HANDLE, NTSTATUS, PULONG, PVOID, ULONG}; use winapi::um::winnt::STANDARD_RIGHTS_ALL; pub const FLT_PORT_CONNECT: u32 = 0x0001; pub const FLT_PORT_ALL_ACCESS: u32 = FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL; ENUM!{enum VDMSERVICECLASS { VdmStartExecution = 0, VdmQueueInterrupt = 1, VdmDelayInterrupt = 2, VdmInitialize = 3, VdmFeatures = 4, VdmSetInt21Handler = 5, VdmQueryDir = 6, VdmPrinterDirectIoOpen = 7, VdmPrinterDirectIoClose = 8, VdmPrinterInitialize = 9, VdmSetLdtEntries = 10, VdmSetProcessLdtInfo = 11, VdmAdlibEmulation = 12, VdmPMCliControl = 13, VdmQueryVdmProcess = 14, }} pub type PVDMSERVICECLASS = *mut VDMSERVICECLASS; EXTERN!{extern "system" { fn NtVdmControl( Service: VDMSERVICECLASS, ServiceData: PVOID, ) -> NTSTATUS; fn NtTraceEvent( TraceHandle: HANDLE, Flags: ULONG, FieldSize: ULONG, Fields: PVOID, ) -> NTSTATUS; fn NtTraceControl( FunctionCode: ULONG, InBuffer: PVOID, InBufferLen: ULONG, OutBuffer: PVOID, OutBufferLen: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; }} ntapi-0.4.0/src/ntmmapi.rs000064400000000000000000000524540072674642500136040ustar 00000000000000use crate::winapi_local::um::winnt::PMEM_EXTENDED_PARAMETER; use winapi::shared::basetsd::{PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR}; use winapi::shared::ntdef::{ BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, }; use winapi::um::winnt::{ ACCESS_MASK, PCFG_CALL_TARGET_INFO, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, }; ENUM!{enum MEMORY_INFORMATION_CLASS { MemoryBasicInformation = 0, MemoryWorkingSetInformation = 1, MemoryMappedFilenameInformation = 2, MemoryRegionInformation = 3, MemoryWorkingSetExInformation = 4, MemorySharedCommitInformation = 5, MemoryImageInformation = 6, MemoryRegionInformationEx = 7, MemoryPrivilegedBasicInformation = 8, MemoryEnclaveImageInformation = 9, MemoryBasicInformationCapped = 10, }} STRUCT!{struct MEMORY_WORKING_SET_BLOCK { Bitfields: ULONG_PTR, }} #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [ Protection set_Protection[0..5], ShareCount set_ShareCount[5..8], Shared set_Shared[8..9], Node set_Node[9..12], VirtualPage set_VirtualPage[12..64], ]} #[cfg(target_arch = "x86")] BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [ Protection set_Protection[0..5], ShareCount set_ShareCount[5..8], Shared set_Shared[8..9], Node set_Node[9..12], VirtualPage set_VirtualPage[12..32], ]} pub type PMEMORY_WORKING_SET_BLOCK = *mut MEMORY_WORKING_SET_BLOCK; STRUCT!{struct MEMORY_WORKING_SET_INFORMATION { NumberOfEntries: ULONG_PTR, WorkingSetInfo: [MEMORY_WORKING_SET_BLOCK; 1], }} pub type PMEMORY_WORKING_SET_INFORMATION = *mut MEMORY_WORKING_SET_INFORMATION; STRUCT!{struct MEMORY_REGION_INFORMATION { AllocationBase: PVOID, AllocationProtect: ULONG, RegionType: ULONG, RegionSize: SIZE_T, CommitSize: SIZE_T, }} BITFIELD!{MEMORY_REGION_INFORMATION RegionType: ULONG [ Private set_Private[0..1], MappedDataFile set_MappedDataFile[1..2], MappedImage set_MappedImage[2..3], MappedPageFile set_MappedPageFile[3..4], MappedPhysical set_MappedPhysical[4..5], DirectMapped set_DirectMapped[5..6], SoftwareEnclave set_SoftwareEnclave[6..7], PageSize64K set_PageSize64K[7..8], PlaceholderReservation set_PlaceholderReservation[8..9], Reserved set_Reserved[9..32], ]} pub type PMEMORY_REGION_INFORMATION = *mut MEMORY_REGION_INFORMATION; ENUM!{enum MEMORY_WORKING_SET_EX_LOCATION { MemoryLocationInvalid = 0, MemoryLocationResident = 1, MemoryLocationPagefile = 2, MemoryLocationReserved = 3, }} UNION!{union MEMORY_WORKING_SET_EX_BLOCK_u { Bitfields: ULONG_PTR, Invalid: ULONG_PTR, }} STRUCT!{struct MEMORY_WORKING_SET_EX_BLOCK { u: MEMORY_WORKING_SET_EX_BLOCK_u, }} #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [ Valid set_Valid[0..1], ShareCount set_ShareCount[1..4], Win32Protection set_Win32Protection[4..15], Shared set_Shared[15..16], Node set_Node[16..22], Locked set_Locked[22..23], LargePage set_LargePage[23..24], Priority set_Priority[24..27], Reserved set_Reserved[27..30], SharedOriginal set_SharedOriginal[30..31], Bad set_Bad[31..32], ReservedUlong set_ReservedUlong[32..64], ]} #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [ Invalid_Valid set_Invalid_Valid[0..1], Invalid_Reserved0 set_Invalid_Reserved0[1..15], Invalid_Shared set_Invalid_Shared[15..16], Invalid_Reserved1 set_Invalid_Reserved1[16..21], Invalid_PageTable set_Invalid_PageTable[21..22], Invalid_Location set_Invalid_Location[22..24], Invalid_Priority set_Invalid_Priority[24..27], Invalid_ModifiedList set_Invalid_ModifiedList[27..28], Invalid_Reserved2 set_Invalid_Reserved2[28..30], Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31], Invalid_Bad set_Invalid_Bad[31..32], Invalid_ReservedUlong set_Invalid_ReservedUlong[32..64], ]} #[cfg(target_arch = "x86")] BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [ Valid set_Valid[0..1], ShareCount set_ShareCount[1..4], Win32Protection set_Win32Protection[4..15], Shared set_Shared[15..16], Node set_Node[16..22], Locked set_Locked[22..23], LargePage set_LargePage[23..24], Priority set_Priority[24..27], Reserved set_Reserved[27..30], SharedOriginal set_SharedOriginal[30..31], Bad set_Bad[31..32], ]} #[cfg(target_arch = "x86")] BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [ Invalid_Valid set_Invalid_Valid[0..1], Invalid_Reserved0 set_Invalid_Reserved0[1..15], Invalid_Shared set_Invalid_Shared[15..16], Invalid_Reserved1 set_Invalid_Reserved1[16..21], Invalid_PageTable set_Invalid_PageTable[21..22], Invalid_Location set_Invalid_Location[22..24], Invalid_Priority set_Invalid_Priority[24..27], Invalid_ModifiedList set_Invalid_ModifiedList[27..28], Invalid_Reserved2 set_Invalid_Reserved2[28..30], Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31], Invalid_Bad set_Invalid_Bad[31..32], ]} pub type PMEMORY_WORKING_SET_EX_BLOCK = *mut MEMORY_WORKING_SET_EX_BLOCK; STRUCT!{struct MEMORY_WORKING_SET_EX_INFORMATION { VirtualAddress: PVOID, VirtualAttributes: MEMORY_WORKING_SET_EX_BLOCK, }} pub type PMEMORY_WORKING_SET_EX_INFORMATION = *mut MEMORY_WORKING_SET_EX_INFORMATION; STRUCT!{struct MEMORY_SHARED_COMMIT_INFORMATION { CommitSize: SIZE_T, }} pub type PMEMORY_SHARED_COMMIT_INFORMATION = *mut MEMORY_SHARED_COMMIT_INFORMATION; STRUCT!{struct MEMORY_IMAGE_INFORMATION { ImageBase: PVOID, SizeOfImage: SIZE_T, ImageFlags: ULONG, }} BITFIELD!{MEMORY_IMAGE_INFORMATION ImageFlags: ULONG [ ImagePartialMap set_ImagePartialMap[0..1], ImageNotExecutable set_ImageNotExecutable[1..2], ImageSigningLevel set_ImageSigningLevel[2..6], Reserved set_Reserved[6..32], ]} pub type PMEMORY_IMAGE_INFORMATION = *mut MEMORY_IMAGE_INFORMATION; STRUCT!{struct MEMORY_ENCLAVE_IMAGE_INFORMATION { ImageInfo: MEMORY_IMAGE_INFORMATION, UniqueID: [UCHAR; 32], AuthorID: [UCHAR; 32], }} pub type PMEMORY_ENCLAVE_IMAGE_INFORMATION = *mut MEMORY_ENCLAVE_IMAGE_INFORMATION; pub const MMPFNLIST_ZERO: u32 = 0; pub const MMPFNLIST_FREE: u32 = 1; pub const MMPFNLIST_STANDBY: u32 = 2; pub const MMPFNLIST_MODIFIED: u32 = 3; pub const MMPFNLIST_MODIFIEDNOWRITE: u32 = 4; pub const MMPFNLIST_BAD: u32 = 5; pub const MMPFNLIST_ACTIVE: u32 = 6; pub const MMPFNLIST_TRANSITION: u32 = 7; pub const MMPFNUSE_PROCESSPRIVATE: u32 = 0; pub const MMPFNUSE_FILE: u32 = 1; pub const MMPFNUSE_PAGEFILEMAPPED: u32 = 2; pub const MMPFNUSE_PAGETABLE: u32 = 3; pub const MMPFNUSE_PAGEDPOOL: u32 = 4; pub const MMPFNUSE_NONPAGEDPOOL: u32 = 5; pub const MMPFNUSE_SYSTEMPTE: u32 = 6; pub const MMPFNUSE_SESSIONPRIVATE: u32 = 7; pub const MMPFNUSE_METAFILE: u32 = 8; pub const MMPFNUSE_AWEPAGE: u32 = 9; pub const MMPFNUSE_DRIVERLOCKPAGE: u32 = 10; pub const MMPFNUSE_KERNELSTACK: u32 = 11; STRUCT!{struct MEMORY_FRAME_INFORMATION { Bitfields: ULONGLONG, }} BITFIELD!{MEMORY_FRAME_INFORMATION Bitfields: ULONGLONG [ UseDescription set_UseDescription[0..4], ListDescription set_ListDescription[4..7], Reserved0 set_Reserved0[7..8], Pinned set_Pinned[8..9], DontUse set_DontUse[9..57], Priority set_Priority[57..60], Reserved set_Reserved[60..64], ]} STRUCT!{struct FILEOFFSET_INFORMATION { Bitfields: ULONGLONG, }} BITFIELD!{FILEOFFSET_INFORMATION Bitfields: ULONGLONG [ DontUse set_DontUse[0..9], Offset set_Offset[9..57], Reserved set_Reserved[57..64], ]} STRUCT!{struct PAGEDIR_INFORMATION { Bitfields: ULONGLONG, }} BITFIELD!{PAGEDIR_INFORMATION Bitfields: ULONGLONG [ DontUse set_DontUse[0..9], PageDirectoryBase set_PageDirectoryBase[9..57], Reserved set_Reserved[57..64], ]} STRUCT!{struct UNIQUE_PROCESS_INFORMATION { Bitfields: ULONGLONG, }} BITFIELD!{UNIQUE_PROCESS_INFORMATION Bitfields: ULONGLONG [ DontUse set_DontUse[0..9], UniqueProcessKey set_UniqueProcessKey[9..57], Reserved set_Reserved[57..64], ]} pub type PUNIQUE_PROCESS_INFORMATION = *mut UNIQUE_PROCESS_INFORMATION; UNION!{union MMPFN_IDENTITY_u1 { e1: MEMORY_FRAME_INFORMATION, e2: FILEOFFSET_INFORMATION, e3: PAGEDIR_INFORMATION, e4: UNIQUE_PROCESS_INFORMATION, }} UNION!{union MMPFN_IDENTITY_u2 { e1: ULONG_PTR, e2_CombinedPage: ULONG_PTR, FileObject: ULONG_PTR, UniqueFileObjectKey: ULONG_PTR, ProtoPteAddress: ULONG_PTR, VirtualAddress: ULONG_PTR, }} STRUCT!{struct MMPFN_IDENTITY { u1: MMPFN_IDENTITY_u1, PageFrameIndex: ULONG_PTR, u2: MMPFN_IDENTITY_u2, }} BITFIELD!{unsafe MMPFN_IDENTITY_u2 e1: ULONG_PTR [ Image set_Image[0..1], Mismatch set_Mismatch[1..2], ]} pub type PMMPFN_IDENTITY = *mut MMPFN_IDENTITY; STRUCT!{struct MMPFN_MEMSNAP_INFORMATION { InitialPageFrameIndex: ULONG_PTR, Count: ULONG_PTR, }} pub type PMMPFN_MEMSNAP_INFORMATION = *mut MMPFN_MEMSNAP_INFORMATION; ENUM!{enum SECTION_INFORMATION_CLASS { SectionBasicInformation = 0, SectionImageInformation = 1, SectionRelocationInformation = 2, SectionOriginalBaseInformation = 3, SectionInternalImageInformation = 4, MaxSectionInfoClass = 5, }} STRUCT!{struct SECTION_BASIC_INFORMATION { BaseAddress: PVOID, AllocationAttributes: ULONG, MaximumSize: LARGE_INTEGER, }} pub type PSECTION_BASIC_INFORMATION = *mut SECTION_BASIC_INFORMATION; STRUCT!{struct SECTION_IMAGE_INFORMATION_u1_s { SubSystemMinorVersion: USHORT, SubSystemMajorVersion: USHORT, }} UNION!{union SECTION_IMAGE_INFORMATION_u1 { s: SECTION_IMAGE_INFORMATION_u1_s, SubSystemVersion: ULONG, }} STRUCT!{struct SECTION_IMAGE_INFORMATION_u2_s { MajorOperatingSystemVersion: USHORT, MinorOperatingSystemVersion: USHORT, }} UNION!{union SECTION_IMAGE_INFORMATION_u2 { s: SECTION_IMAGE_INFORMATION_u2_s, OperatingSystemVersion: ULONG, }} STRUCT!{struct SECTION_IMAGE_INFORMATION { TransferAddress: PVOID, ZeroBits: ULONG, MaximumStackSize: SIZE_T, CommittedStackSize: SIZE_T, SubSystemType: ULONG, u1: SECTION_IMAGE_INFORMATION_u1, u2: SECTION_IMAGE_INFORMATION_u2, ImageCharacteristics: USHORT, DllCharacteristics: USHORT, Machine: USHORT, ImageContainsCode: BOOLEAN, ImageFlags: UCHAR, LoaderFlags: ULONG, ImageFileSize: ULONG, CheckSum: ULONG, }} BITFIELD!{SECTION_IMAGE_INFORMATION ImageFlags: UCHAR [ ComPlusNativeReady set_ComPlusNativeReady[0..1], ComPlusILOnly set_ComPlusILOnly[1..2], ImageDynamicallyRelocated set_ImageDynamicallyRelocated[2..3], ImageMappedFlat set_ImageMappedFlat[3..4], BaseBelow4gb set_BaseBelow4gb[4..5], ComPlusPrefer32bit set_ComPlusPrefer32bit[5..6], Reserved set_Reserved[6..8], ]} pub type PSECTION_IMAGE_INFORMATION = *mut SECTION_IMAGE_INFORMATION; STRUCT!{struct SECTION_INTERNAL_IMAGE_INFORMATION { SectionInformation: SECTION_IMAGE_INFORMATION, ExtendedFlags: ULONG, }} BITFIELD!{SECTION_INTERNAL_IMAGE_INFORMATION ExtendedFlags: ULONG [ ImageExportSuppressionEnabled set_ImageExportSuppressionEnabled[0..1], Reserved set_Reserved[1..32], ]} pub type PSECTION_INTERNAL_IMAGE_INFORMATION = *mut SECTION_INTERNAL_IMAGE_INFORMATION; ENUM!{enum SECTION_INHERIT { ViewShare = 1, ViewUnmap = 2, }} pub const SEC_BASED: u32 = 0x200000; pub const SEC_NO_CHANGE: u32 = 0x400000; pub const SEC_GLOBAL: u32 = 0x20000000; pub const MEM_EXECUTE_OPTION_DISABLE: u32 = 0x1; pub const MEM_EXECUTE_OPTION_ENABLE: u32 = 0x2; pub const MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION: u32 = 0x4; pub const MEM_EXECUTE_OPTION_PERMANENT: u32 = 0x8; pub const MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE: u32 = 0x10; pub const MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE: u32 = 0x20; pub const MEM_EXECUTE_OPTION_VALID_FLAGS: u32 = 0x3f; EXTERN!{extern "system" { fn NtAllocateVirtualMemory( ProcessHandle: HANDLE, BaseAddress: *mut PVOID, ZeroBits: ULONG_PTR, RegionSize: PSIZE_T, AllocationType: ULONG, Protect: ULONG, ) -> NTSTATUS; fn NtFreeVirtualMemory( ProcessHandle: HANDLE, BaseAddress: *mut PVOID, RegionSize: PSIZE_T, FreeType: ULONG, ) -> NTSTATUS; fn NtReadVirtualMemory( ProcessHandle: HANDLE, BaseAddress: PVOID, Buffer: PVOID, BufferSize: SIZE_T, NumberOfBytesRead: PSIZE_T, ) -> NTSTATUS; fn NtWriteVirtualMemory( ProcessHandle: HANDLE, BaseAddress: PVOID, Buffer: PVOID, BufferSize: SIZE_T, NumberOfBytesWritten: PSIZE_T, ) -> NTSTATUS; fn NtProtectVirtualMemory( ProcessHandle: HANDLE, BaseAddress: *mut PVOID, RegionSize: PSIZE_T, NewProtect: ULONG, OldProtect: PULONG, ) -> NTSTATUS; fn NtQueryVirtualMemory( ProcessHandle: HANDLE, BaseAddress: PVOID, MemoryInformationClass: MEMORY_INFORMATION_CLASS, MemoryInformation: PVOID, MemoryInformationLength: SIZE_T, ReturnLength: PSIZE_T, ) -> NTSTATUS; }} ENUM!{enum VIRTUAL_MEMORY_INFORMATION_CLASS { VmPrefetchInformation = 0, VmPagePriorityInformation = 1, VmCfgCallTargetInformation = 2, VmPageDirtyStateInformation = 3, }} STRUCT!{struct MEMORY_RANGE_ENTRY { VirtualAddress: PVOID, NumberOfBytes: SIZE_T, }} pub type PMEMORY_RANGE_ENTRY = *mut MEMORY_RANGE_ENTRY; STRUCT!{struct CFG_CALL_TARGET_LIST_INFORMATION { NumberOfEntries: ULONG, Reserved: ULONG, NumberOfEntriesProcessed: PULONG, CallTargetInfo: PCFG_CALL_TARGET_INFO, Section: PVOID, FileOffset: ULONGLONG, }} pub type PCFG_CALL_TARGET_LIST_INFORMATION = *mut CFG_CALL_TARGET_LIST_INFORMATION; EXTERN!{extern "system" { fn NtSetInformationVirtualMemory( ProcessHandle: HANDLE, VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS, NumberOfEntries: ULONG_PTR, VirtualAddresses: PMEMORY_RANGE_ENTRY, VmInformation: PVOID, VmInformationLength: ULONG, ) -> NTSTATUS; fn NtLockVirtualMemory( ProcessHandle: HANDLE, BaseAddress: *mut PVOID, RegionSize: PSIZE_T, MapType: ULONG, ) -> NTSTATUS; fn NtUnlockVirtualMemory( ProcessHandle: HANDLE, BaseAddress: *mut PVOID, RegionSize: PSIZE_T, MapType: ULONG, ) -> NTSTATUS; fn NtCreateSection( SectionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, MaximumSize: PLARGE_INTEGER, SectionPageProtection: ULONG, AllocationAttributes: ULONG, FileHandle: HANDLE, ) -> NTSTATUS; fn NtCreateSectionEx( SectionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, MaximumSize: PLARGE_INTEGER, SectionPageProtection: ULONG, AllocationAttributes: ULONG, FileHandle: HANDLE, ExtendedParameters: PMEM_EXTENDED_PARAMETER, ExtendedParameterCount: ULONG, ) -> NTSTATUS; fn NtOpenSection( SectionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtMapViewOfSection( SectionHandle: HANDLE, ProcessHandle: HANDLE, BaseAddress: *mut PVOID, ZeroBits: ULONG_PTR, CommitSize: SIZE_T, SectionOffset: PLARGE_INTEGER, ViewSize: PSIZE_T, InheritDisposition: SECTION_INHERIT, AllocationType: ULONG, Win32Protect: ULONG, ) -> NTSTATUS; fn NtUnmapViewOfSection( ProcessHandle: HANDLE, BaseAddress: PVOID, ) -> NTSTATUS; fn NtUnmapViewOfSectionEx( ProcessHandle: HANDLE, BaseAddress: PVOID, Flags: ULONG, ) -> NTSTATUS; fn NtExtendSection( SectionHandle: HANDLE, NewSectionSize: PLARGE_INTEGER, ) -> NTSTATUS; fn NtQuerySection( SectionHandle: HANDLE, SectionInformationClass: SECTION_INFORMATION_CLASS, SectionInformation: PVOID, SectionInformationLength: SIZE_T, ReturnLength: PSIZE_T, ) -> NTSTATUS; fn NtAreMappedFilesTheSame( File1MappedAsAnImage: PVOID, File2MappedAsFile: PVOID, ) -> NTSTATUS; }} pub const MEMORY_PARTITION_QUERY_ACCESS: u32 = 0x0001; pub const MEMORY_PARTITION_MODIFY_ACCESS: u32 = 0x0002; pub const MEMORY_PARTITION_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | MEMORY_PARTITION_QUERY_ACCESS | MEMORY_PARTITION_MODIFY_ACCESS; ENUM!{enum MEMORY_PARTITION_INFORMATION_CLASS { SystemMemoryPartitionInformation = 0, SystemMemoryPartitionMoveMemory = 1, SystemMemoryPartitionAddPagefile = 2, SystemMemoryPartitionCombineMemory = 3, SystemMemoryPartitionInitialAddMemory = 4, SystemMemoryPartitionGetMemoryEvents = 5, SystemMemoryPartitionMax = 6, }} STRUCT!{struct MEMORY_PARTITION_CONFIGURATION_INFORMATION { Flags: ULONG, NumaNode: ULONG, Channel: ULONG, NumberOfNumaNodes: ULONG, ResidentAvailablePages: ULONG_PTR, CommittedPages: ULONG_PTR, CommitLimit: ULONG_PTR, PeakCommitment: ULONG_PTR, TotalNumberOfPages: ULONG_PTR, AvailablePages: ULONG_PTR, ZeroPages: ULONG_PTR, FreePages: ULONG_PTR, StandbyPages: ULONG_PTR, StandbyPageCountByPriority: [ULONG_PTR; 8], RepurposedPagesByPriority: [ULONG_PTR; 8], MaximumCommitLimit: ULONG_PTR, DonatedPagesToPartitions: ULONG_PTR, PartitionId: ULONG, }} pub type PMEMORY_PARTITION_CONFIGURATION_INFORMATION = *mut MEMORY_PARTITION_CONFIGURATION_INFORMATION; STRUCT!{struct MEMORY_PARTITION_TRANSFER_INFORMATION { NumberOfPages: ULONG_PTR, NumaNode: ULONG, Flags: ULONG, }} pub type PMEMORY_PARTITION_TRANSFER_INFORMATION = *mut MEMORY_PARTITION_TRANSFER_INFORMATION; STRUCT!{struct MEMORY_PARTITION_PAGEFILE_INFORMATION { PageFileName: UNICODE_STRING, MinimumSize: LARGE_INTEGER, MaximumSize: LARGE_INTEGER, Flags: ULONG, }} pub type PMEMORY_PARTITION_PAGEFILE_INFORMATION = *mut MEMORY_PARTITION_PAGEFILE_INFORMATION; STRUCT!{struct MEMORY_PARTITION_PAGE_COMBINE_INFORMATION { StopHandle: HANDLE, Flags: ULONG, TotalNumberOfPages: ULONG_PTR, }} pub type PMEMORY_PARTITION_PAGE_COMBINE_INFORMATION = *mut MEMORY_PARTITION_PAGE_COMBINE_INFORMATION; STRUCT!{struct MEMORY_PARTITION_PAGE_RANGE { StartPage: ULONG_PTR, NumberOfPages: ULONG_PTR, }} pub type PMEMORY_PARTITION_PAGE_RANGE = *mut MEMORY_PARTITION_PAGE_RANGE; STRUCT!{struct MEMORY_PARTITION_INITIAL_ADD_INFORMATION { Flags: ULONG, NumberOfRanges: ULONG, NumberOfPagesAdded: ULONG_PTR, PartitionRanges: [MEMORY_PARTITION_PAGE_RANGE; 1], }} pub type PMEMORY_PARTITION_INITIAL_ADD_INFORMATION = *mut MEMORY_PARTITION_INITIAL_ADD_INFORMATION; STRUCT!{struct MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION { Flags: ULONG, HandleAttributes: ULONG, DesiredAccess: ULONG, LowCommitCondition: HANDLE, HighCommitCondition: HANDLE, MaximumCommitCondition: HANDLE, }} BITFIELD!{MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION Flags: ULONG [ CommitEvents set_CommitEvents[0..1], Spare set_Spare[1..32], ]} pub type PMEMORY_PARTITION_MEMORY_EVENTS_INFORMATION = *mut MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION; EXTERN!{extern "system" { fn NtCreatePartition( PartitionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, PreferredNode: ULONG, ) -> NTSTATUS; fn NtOpenPartition( PartitionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtManagePartition( PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS, PartitionInformation: PVOID, PartitionInformationLength: ULONG, ) -> NTSTATUS; fn NtMapUserPhysicalPages( VirtualAddress: PVOID, NumberOfPages: ULONG_PTR, UserPfnArray: PULONG_PTR, ) -> NTSTATUS; fn NtMapUserPhysicalPagesScatter( VirtualAddresses: *mut PVOID, NumberOfPages: ULONG_PTR, UserPfnArray: PULONG_PTR, ) -> NTSTATUS; fn NtAllocateUserPhysicalPages( ProcessHandle: HANDLE, NumberOfPages: PULONG_PTR, UserPfnArray: PULONG_PTR, ) -> NTSTATUS; fn NtFreeUserPhysicalPages( ProcessHandle: HANDLE, NumberOfPages: PULONG_PTR, UserPfnArray: PULONG_PTR, ) -> NTSTATUS; fn NtOpenSession( SessionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtGetWriteWatch( ProcessHandle: HANDLE, Flags: ULONG, BaseAddress: PVOID, RegionSize: SIZE_T, UserAddressArray: *mut PVOID, EntriesInUserAddressArray: PULONG_PTR, Granularity: PULONG, ) -> NTSTATUS; fn NtResetWriteWatch( ProcessHandle: HANDLE, BaseAddress: PVOID, RegionSize: SIZE_T, ) -> NTSTATUS; fn NtCreatePagingFile( PageFileName: PUNICODE_STRING, MinimumSize: PLARGE_INTEGER, MaximumSize: PLARGE_INTEGER, Priority: ULONG, ) -> NTSTATUS; fn NtFlushInstructionCache( ProcessHandle: HANDLE, BaseAddress: PVOID, Length: SIZE_T, ) -> NTSTATUS; fn NtFlushWriteBuffer() -> NTSTATUS; }} ntapi-0.4.0/src/ntnls.rs000064400000000000000000000015570072674642500132730ustar 00000000000000use winapi::shared::ntdef::{BOOLEAN, PUSHORT, PVOID, UCHAR, USHORT}; pub const MAXIMUM_LEADBYTES: usize = 12; STRUCT!{struct CPTABLEINFO { CodePage: USHORT, MaximumCharacterSize: USHORT, DefaultChar: USHORT, UniDefaultChar: USHORT, TransDefaultChar: USHORT, TransUniDefaultChar: USHORT, DBCSCodePage: USHORT, LeadByte: [UCHAR; MAXIMUM_LEADBYTES], MultiByteTable: PUSHORT, WideCharTable: PVOID, DBCSRanges: PUSHORT, DBCSOffsets: PUSHORT, }} pub type PCPTABLEINFO = *mut CPTABLEINFO; STRUCT!{struct NLSTABLEINFO { OemTableInfo: CPTABLEINFO, AnsiTableInfo: CPTABLEINFO, UpperCaseTable: PUSHORT, LowerCaseTable: PUSHORT, }} pub type PNLSTABLEINFO = *mut NLSTABLEINFO; EXTERN!{extern "C" { static mut NlsAnsiCodePage: USHORT; static mut NlsMbCodePageTag: BOOLEAN; static mut NlsMbOemCodePageTag: BOOLEAN; }} ntapi-0.4.0/src/ntobapi.rs000064400000000000000000000163710072674642500135710ustar 00000000000000use winapi::shared::ntdef::{ BOOLEAN, CHAR, HANDLE, LARGE_INTEGER, LONG, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, WAIT_TYPE, }; use winapi::um::winnt::{ ACCESS_MASK, GENERIC_MAPPING, PSECURITY_DESCRIPTOR, SECURITY_INFORMATION, STANDARD_RIGHTS_REQUIRED, }; pub const OBJECT_TYPE_CREATE: u32 = 0x0001; pub const OBJECT_TYPE_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0x1; pub const DIRECTORY_QUERY: u32 = 0x0001; pub const DIRECTORY_TRAVERSE: u32 = 0x0002; pub const DIRECTORY_CREATE_OBJECT: u32 = 0x0004; pub const DIRECTORY_CREATE_SUBDIRECTORY: u32 = 0x0008; pub const DIRECTORY_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0xf; pub const SYMBOLIC_LINK_QUERY: u32 = 0x0001; pub const SYMBOLIC_LINK_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | 0x1; pub const OBJ_PROTECT_CLOSE: u32 = 0x00000001; pub const OBJ_INHERIT: u32 = 0x00000002; pub const OBJ_AUDIT_OBJECT_CLOSE: u32 = 0x00000004; ENUM!{enum OBJECT_INFORMATION_CLASS { ObjectBasicInformation = 0, ObjectNameInformation = 1, ObjectTypeInformation = 2, ObjectTypesInformation = 3, ObjectHandleFlagInformation = 4, ObjectSessionInformation = 5, ObjectSessionObjectInformation = 6, MaxObjectInfoClass = 7, }} STRUCT!{struct OBJECT_BASIC_INFORMATION { Attributes: ULONG, GrantedAccess: ACCESS_MASK, HandleCount: ULONG, PointerCount: ULONG, PagedPoolCharge: ULONG, NonPagedPoolCharge: ULONG, Reserved: [ULONG; 3], NameInfoSize: ULONG, TypeInfoSize: ULONG, SecurityDescriptorSize: ULONG, CreationTime: LARGE_INTEGER, }} pub type POBJECT_BASIC_INFORMATION = *mut OBJECT_BASIC_INFORMATION; STRUCT!{struct OBJECT_NAME_INFORMATION { Name: UNICODE_STRING, }} pub type POBJECT_NAME_INFORMATION = *mut OBJECT_NAME_INFORMATION; STRUCT!{struct OBJECT_TYPE_INFORMATION { TypeName: UNICODE_STRING, TotalNumberOfObjects: ULONG, TotalNumberOfHandles: ULONG, TotalPagedPoolUsage: ULONG, TotalNonPagedPoolUsage: ULONG, TotalNamePoolUsage: ULONG, TotalHandleTableUsage: ULONG, HighWaterNumberOfObjects: ULONG, HighWaterNumberOfHandles: ULONG, HighWaterPagedPoolUsage: ULONG, HighWaterNonPagedPoolUsage: ULONG, HighWaterNamePoolUsage: ULONG, HighWaterHandleTableUsage: ULONG, InvalidAttributes: ULONG, GenericMapping: GENERIC_MAPPING, ValidAccessMask: ULONG, SecurityRequired: BOOLEAN, MaintainHandleCount: BOOLEAN, TypeIndex: UCHAR, ReservedByte: CHAR, PoolType: ULONG, DefaultPagedPoolCharge: ULONG, DefaultNonPagedPoolCharge: ULONG, }} pub type POBJECT_TYPE_INFORMATION = *mut OBJECT_TYPE_INFORMATION; STRUCT!{struct OBJECT_TYPES_INFORMATION { NumberOfTypes: ULONG, }} pub type POBJECT_TYPES_INFORMATION = *mut OBJECT_TYPES_INFORMATION; STRUCT!{struct OBJECT_HANDLE_FLAG_INFORMATION { Inherit: BOOLEAN, ProtectFromClose: BOOLEAN, }} pub type POBJECT_HANDLE_FLAG_INFORMATION = *mut OBJECT_HANDLE_FLAG_INFORMATION; EXTERN!{extern "system" { fn NtQueryObject( Handle: HANDLE, ObjectInformationClass: OBJECT_INFORMATION_CLASS, ObjectInformation: PVOID, ObjectInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtSetInformationObject( Handle: HANDLE, ObjectInformationClass: OBJECT_INFORMATION_CLASS, ObjectInformation: PVOID, ObjectInformationLength: ULONG, ) -> NTSTATUS; }} pub const DUPLICATE_CLOSE_SOURCE: u32 = 0x00000001; pub const DUPLICATE_SAME_ACCESS: u32 = 0x00000002; pub const DUPLICATE_SAME_ATTRIBUTES: u32 = 0x00000004; EXTERN!{extern "system" { fn NtDuplicateObject( SourceProcessHandle: HANDLE, SourceHandle: HANDLE, TargetProcessHandle: HANDLE, TargetHandle: PHANDLE, DesiredAccess: ACCESS_MASK, HandleAttributes: ULONG, Options: ULONG, ) -> NTSTATUS; fn NtMakeTemporaryObject( Handle: HANDLE, ) -> NTSTATUS; fn NtMakePermanentObject( Handle: HANDLE, ) -> NTSTATUS; fn NtSignalAndWaitForSingleObject( SignalHandle: HANDLE, WaitHandle: HANDLE, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn NtWaitForSingleObject( Handle: HANDLE, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn NtWaitForMultipleObjects( Count: ULONG, Handles: *mut HANDLE, WaitType: WAIT_TYPE, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn NtWaitForMultipleObjects32( Count: ULONG, Handles: *mut LONG, WaitType: WAIT_TYPE, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn NtSetSecurityObject( Handle: HANDLE, SecurityInformation: SECURITY_INFORMATION, SecurityDescriptor: PSECURITY_DESCRIPTOR, ) -> NTSTATUS; fn NtQuerySecurityObject( Handle: HANDLE, SecurityInformation: SECURITY_INFORMATION, SecurityDescriptor: PSECURITY_DESCRIPTOR, Length: ULONG, LengthNeeded: PULONG, ) -> NTSTATUS; fn NtClose( Handle: HANDLE, ) -> NTSTATUS; fn NtCompareObjects( FirstObjectHandle: HANDLE, SecondObjectHandle: HANDLE, ) -> NTSTATUS; fn NtCreateDirectoryObject( DirectoryHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtCreateDirectoryObjectEx( DirectoryHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ShadowDirectoryHandle: HANDLE, Flags: ULONG, ) -> NTSTATUS; fn NtOpenDirectoryObject( DirectoryHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; }} STRUCT!{struct OBJECT_DIRECTORY_INFORMATION { Name: UNICODE_STRING, TypeName: UNICODE_STRING, }} pub type POBJECT_DIRECTORY_INFORMATION = *mut OBJECT_DIRECTORY_INFORMATION; EXTERN!{extern "system" { fn NtQueryDirectoryObject( DirectoryHandle: HANDLE, Buffer: PVOID, Length: ULONG, ReturnSingleEntry: BOOLEAN, RestartScan: BOOLEAN, Context: PULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtCreatePrivateNamespace( NamespaceHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, BoundaryDescriptor: PVOID, ) -> NTSTATUS; fn NtOpenPrivateNamespace( NamespaceHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, BoundaryDescriptor: PVOID, ) -> NTSTATUS; fn NtDeletePrivateNamespace( NamespaceHandle: HANDLE, ) -> NTSTATUS; fn NtCreateSymbolicLinkObject( LinkHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, LinkTarget: PUNICODE_STRING, ) -> NTSTATUS; fn NtOpenSymbolicLinkObject( LinkHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtQuerySymbolicLinkObject( LinkHandle: HANDLE, LinkTarget: PUNICODE_STRING, ReturnedLength: PULONG, ) -> NTSTATUS; }} ntapi-0.4.0/src/ntpebteb.rs000064400000000000000000000333050072674642500137340ustar 00000000000000use core::mem::size_of; use crate::ntapi_base::CLIENT_ID; use crate::ntpsapi::{GDI_HANDLE_BUFFER, PPEB_LDR_DATA}; use crate::ntrtl::PRTL_USER_PROCESS_PARAMETERS; use winapi::shared::basetsd::{SIZE_T, ULONG_PTR}; use winapi::shared::guiddef::GUID; use winapi::shared::ntdef::{ BOOLEAN, CHAR, HANDLE, LCID, LIST_ENTRY, LONG, NTSTATUS, PROCESSOR_NUMBER, PSTR, PVOID, UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, USHORT, WCHAR, }; use winapi::um::winnt::{ ACTIVATION_CONTEXT, FLS_MAXIMUM_AVAILABLE, NT_TIB, PRTL_CRITICAL_SECTION, PSLIST_HEADER, }; STRUCT!{struct RTL_ACTIVATION_CONTEXT_STACK_FRAME { Previous: PRTL_ACTIVATION_CONTEXT_STACK_FRAME, ActivationContext: *mut ACTIVATION_CONTEXT, Flags: ULONG, }} pub type PRTL_ACTIVATION_CONTEXT_STACK_FRAME = *mut RTL_ACTIVATION_CONTEXT_STACK_FRAME; STRUCT!{struct ACTIVATION_CONTEXT_STACK { ActiveFrame: *mut RTL_ACTIVATION_CONTEXT_STACK_FRAME, FrameListCache: LIST_ENTRY, Flags: ULONG, NextCookieSequenceNumber: ULONG, StackId: ULONG, }} pub type PACTIVATION_CONTEXT_STACK = *mut ACTIVATION_CONTEXT_STACK; STRUCT!{struct API_SET_NAMESPACE { Version: ULONG, Size: ULONG, Flags: ULONG, Count: ULONG, EntryOffset: ULONG, HashOffset: ULONG, HashFactor: ULONG, }} pub type PAPI_SET_NAMESPACE = *mut API_SET_NAMESPACE; STRUCT!{struct API_SET_HASH_ENTRY { Hash: ULONG, Index: ULONG, }} pub type PAPI_SET_HASH_ENTRY = *mut API_SET_HASH_ENTRY; STRUCT!{struct API_SET_NAMESPACE_ENTRY { Flags: ULONG, NameOffset: ULONG, NameLength: ULONG, HashedLength: ULONG, ValueOffset: ULONG, ValueCount: ULONG, }} pub type PAPI_SET_NAMESPACE_ENTRY = *mut API_SET_NAMESPACE_ENTRY; STRUCT!{struct API_SET_VALUE_ENTRY { Flags: ULONG, NameOffset: ULONG, NameLength: ULONG, ValueOffset: ULONG, ValueLength: ULONG, }} pub type PAPI_SET_VALUE_ENTRY = *mut API_SET_VALUE_ENTRY; UNION!{union PEB_u { KernelCallbackTable: PVOID, UserSharedInfoPtr: PVOID, }} #[repr(C)] pub struct LEAP_SECOND_DATA([u8; 0]); //fixme STRUCT!{struct PEB { InheritedAddressSpace: BOOLEAN, ReadImageFileExecOptions: BOOLEAN, BeingDebugged: BOOLEAN, BitField: BOOLEAN, Mutant: HANDLE, ImageBaseAddress: PVOID, Ldr: PPEB_LDR_DATA, ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, SubSystemData: PVOID, ProcessHeap: PVOID, FastPebLock: PRTL_CRITICAL_SECTION, IFEOKey: PVOID, AtlThunkSListPtr: PSLIST_HEADER, CrossProcessFlags: ULONG, u: PEB_u, SystemReserved: [ULONG; 1], AtlThunkSListPtr32: ULONG, ApiSetMap: PAPI_SET_NAMESPACE, TlsExpansionCounter: ULONG, TlsBitmap: PVOID, TlsBitmapBits: [ULONG; 2], ReadOnlySharedMemoryBase: PVOID, SharedData: PVOID, ReadOnlyStaticServerData: *mut PVOID, AnsiCodePageData: PVOID, OemCodePageData: PVOID, UnicodeCaseTableData: PVOID, NumberOfProcessors: ULONG, NtGlobalFlag: ULONG, CriticalSectionTimeout: ULARGE_INTEGER, HeapSegmentReserve: SIZE_T, HeapSegmentCommit: SIZE_T, HeapDeCommitTotalFreeThreshold: SIZE_T, HeapDeCommitFreeBlockThreshold: SIZE_T, NumberOfHeaps: ULONG, MaximumNumberOfHeaps: ULONG, ProcessHeaps: *mut PVOID, GdiSharedHandleTable: PVOID, ProcessStarterHelper: PVOID, GdiDCAttributeList: ULONG, LoaderLock: PRTL_CRITICAL_SECTION, OSMajorVersion: ULONG, OSMinorVersion: ULONG, OSBuildNumber: USHORT, OSCSDVersion: USHORT, OSPlatformId: ULONG, ImageSubsystem: ULONG, ImageSubsystemMajorVersion: ULONG, ImageSubsystemMinorVersion: ULONG, ActiveProcessAffinityMask: ULONG_PTR, GdiHandleBuffer: GDI_HANDLE_BUFFER, PostProcessInitRoutine: PVOID, TlsExpansionBitmap: PVOID, TlsExpansionBitmapBits: [ULONG; 32], SessionId: ULONG, AppCompatFlags: ULARGE_INTEGER, AppCompatFlagsUser: ULARGE_INTEGER, pShimData: PVOID, AppCompatInfo: PVOID, CSDVersion: UNICODE_STRING, ActivationContextData: PVOID, ProcessAssemblyStorageMap: PVOID, SystemDefaultActivationContextData: PVOID, SystemAssemblyStorageMap: PVOID, MinimumStackCommit: SIZE_T, FlsCallback: *mut PVOID, FlsListHead: LIST_ENTRY, FlsBitmap: PVOID, FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::() * 8)], FlsHighIndex: ULONG, WerRegistrationData: PVOID, WerShipAssertPtr: PVOID, pUnused: PVOID, pImageHeaderHash: PVOID, TracingFlags: ULONG, CsrServerReadOnlySharedMemoryBase: ULONGLONG, TppWorkerpListLock: PRTL_CRITICAL_SECTION, TppWorkerpList: LIST_ENTRY, WaitOnAddressHashTable: [PVOID; 128], TelemetryCoverageHeader: PVOID, CloudFileFlags: ULONG, CloudFileDiagFlags: ULONG, PlaceholderCompatibilityMode: CHAR, PlaceholderCompatibilityModeReserved: [CHAR; 7], LeapSecondData: *mut LEAP_SECOND_DATA, LeapSecondFlags: ULONG, NtGlobalFlag2: ULONG, }} BITFIELD!{PEB BitField: BOOLEAN [ ImageUsesLargePages set_ImageUsesLargePages[0..1], IsProtectedProcess set_IsProtectedProcess[1..2], IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3], SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4], IsPackagedProcess set_IsPackagedProcess[4..5], IsAppContainer set_IsAppContainer[5..6], IsProtectedProcessLight set_IsProtectedProcessLight[6..7], IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8], ]} BITFIELD!{PEB CrossProcessFlags: ULONG [ ProcessInJob set_ProcessInJob[0..1], ProcessInitializing set_ProcessInitializing[1..2], ProcessUsingVEH set_ProcessUsingVEH[2..3], ProcessUsingVCH set_ProcessUsingVCH[3..4], ProcessUsingFTH set_ProcessUsingFTH[4..5], ProcessPreviouslyThrottled set_ProcessPreviouslyThrottled[5..6], ProcessCurrentlyThrottled set_ProcessCurrentlyThrottled[6..7], ProcessImagesHotPatched set_ProcessImagesHotPatched[7..8], ReservedBits0 set_ReservedBits0[8..32], ]} BITFIELD!{PEB TracingFlags: ULONG [ HeapTracingEnabled set_HeapTracingEnabled[0..1], CritSecTracingEnabled set_CritSecTracingEnabled[1..2], LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3], SpareTracingBits set_SpareTracingBits[3..32], ]} BITFIELD!{PEB LeapSecondFlags: ULONG [ SixtySecondEnabled set_SixtySecondEnabled[0..1], Reserved set_Reserved[1..32], ]} pub type PPEB = *mut PEB; pub const GDI_BATCH_BUFFER_SIZE: usize = 310; STRUCT!{struct GDI_TEB_BATCH { Offset: ULONG, HDC: ULONG_PTR, Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE], }} pub type PGDI_TEB_BATCH = *mut GDI_TEB_BATCH; STRUCT!{struct TEB_ACTIVE_FRAME_CONTEXT { Flags: ULONG, FrameName: PSTR, }} pub type PTEB_ACTIVE_FRAME_CONTEXT = *mut TEB_ACTIVE_FRAME_CONTEXT; STRUCT!{struct TEB_ACTIVE_FRAME { Flags: ULONG, Previous: *mut TEB_ACTIVE_FRAME, Context: PTEB_ACTIVE_FRAME_CONTEXT, }} pub type PTEB_ACTIVE_FRAME = *mut TEB_ACTIVE_FRAME; STRUCT!{struct TEB_u_s { ReservedPad0: UCHAR, ReservedPad1: UCHAR, ReservedPad2: UCHAR, IdealProcessor: UCHAR, }} UNION!{union TEB_u { CurrentIdealProcessor: PROCESSOR_NUMBER, IdealProcessorValue: ULONG, s: TEB_u_s, }} #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] STRUCT!{struct TEB { NtTib: NT_TIB, EnvironmentPointer: PVOID, ClientId: CLIENT_ID, ActiveRpcHandle: PVOID, ThreadLocalStoragePointer: PVOID, ProcessEnvironmentBlock: PPEB, LastErrorValue: ULONG, CountOfOwnedCriticalSections: ULONG, CsrClientThread: PVOID, Win32ThreadInfo: PVOID, User32Reserved: [ULONG; 26], UserReserved: [ULONG; 5], WOW32Reserved: PVOID, CurrentLocale: LCID, FpSoftwareStatusRegister: ULONG, ReservedForDebuggerInstrumentation: [PVOID; 16], SystemReserved1: [PVOID; 30], PlaceholderCompatibilityMode: CHAR, PlaceholderReserved: [CHAR; 11], ProxiedProcessId: ULONG, ActivationStack: ACTIVATION_CONTEXT_STACK, WorkingOnBehalfTicket: [UCHAR; 8], ExceptionCode: NTSTATUS, ActivationContextStackPointer: PACTIVATION_CONTEXT_STACK, InstrumentationCallbackSp: ULONG_PTR, InstrumentationCallbackPreviousPc: ULONG_PTR, InstrumentationCallbackPreviousSp: ULONG_PTR, TxFsContext: ULONG, InstrumentationCallbackDisabled: BOOLEAN, GdiTebBatch: GDI_TEB_BATCH, RealClientId: CLIENT_ID, GdiCachedProcessHandle: HANDLE, GdiClientPID: ULONG, GdiClientTID: ULONG, GdiThreadLocalInfo: PVOID, Win32ClientInfo: [ULONG_PTR; 62], glDispatchTable: [PVOID; 233], glReserved1: [ULONG_PTR; 29], glReserved2: PVOID, glSectionInfo: PVOID, glSection: PVOID, glTable: PVOID, glCurrentRC: PVOID, glContext: PVOID, LastStatusValue: NTSTATUS, StaticUnicodeString: UNICODE_STRING, StaticUnicodeBuffer: [WCHAR; 261], DeallocationStack: PVOID, TlsSlots: [PVOID; 64], TlsLinks: LIST_ENTRY, Vdm: PVOID, ReservedForNtRpc: PVOID, DbgSsReserved: [PVOID; 2], HardErrorMode: ULONG, Instrumentation: [PVOID; 11], ActivityId: GUID, SubProcessTag: PVOID, PerflibData: PVOID, EtwTraceData: PVOID, WinSockData: PVOID, GdiBatchCount: ULONG, u: TEB_u, GuaranteedStackBytes: ULONG, ReservedForPerf: PVOID, ReservedForOle: PVOID, WaitingOnLoaderLock: ULONG, SavedPriorityState: PVOID, ReservedForCodeCoverage: ULONG_PTR, ThreadPoolData: PVOID, TlsExpansionSlots: *mut PVOID, DeallocationBStore: PVOID, BStoreLimit: PVOID, MuiGeneration: ULONG, IsImpersonating: ULONG, NlsCache: PVOID, pShimData: PVOID, HeapVirtualAffinity: USHORT, LowFragHeapDataSlot: USHORT, CurrentTransactionHandle: HANDLE, ActiveFrame: PTEB_ACTIVE_FRAME, FlsData: PVOID, PreferredLanguages: PVOID, UserPrefLanguages: PVOID, MergedPrefLanguages: PVOID, MuiImpersonation: ULONG, CrossTebFlags: USHORT, SameTebFlags: USHORT, TxnScopeEnterCallback: PVOID, TxnScopeExitCallback: PVOID, TxnScopeContext: PVOID, LockCount: ULONG, WowTebOffset: LONG, ResourceRetValue: PVOID, ReservedForWdf: PVOID, ReservedForCrt: ULONGLONG, EffectiveContainerId: GUID, }} #[cfg(target_arch = "x86")] STRUCT!{struct TEB { NtTib: NT_TIB, EnvironmentPointer: PVOID, ClientId: CLIENT_ID, ActiveRpcHandle: PVOID, ThreadLocalStoragePointer: PVOID, ProcessEnvironmentBlock: PPEB, LastErrorValue: ULONG, CountOfOwnedCriticalSections: ULONG, CsrClientThread: PVOID, Win32ThreadInfo: PVOID, User32Reserved: [ULONG; 26], UserReserved: [ULONG; 5], WOW32Reserved: PVOID, CurrentLocale: LCID, FpSoftwareStatusRegister: ULONG, ReservedForDebuggerInstrumentation: [PVOID; 16], SystemReserved1: [PVOID; 26], PlaceholderCompatibilityMode: CHAR, PlaceholderReserved: [CHAR; 11], ProxiedProcessId: ULONG, ActivationStack: ACTIVATION_CONTEXT_STACK, WorkingOnBehalfTicket: [UCHAR; 8], ExceptionCode: NTSTATUS, ActivationContextStackPointer: PACTIVATION_CONTEXT_STACK, InstrumentationCallbackSp: ULONG_PTR, InstrumentationCallbackPreviousPc: ULONG_PTR, InstrumentationCallbackPreviousSp: ULONG_PTR, InstrumentationCallbackDisabled: BOOLEAN, SpareBytes: [UCHAR; 23], TxFsContext: ULONG, GdiTebBatch: GDI_TEB_BATCH, RealClientId: CLIENT_ID, GdiCachedProcessHandle: HANDLE, GdiClientPID: ULONG, GdiClientTID: ULONG, GdiThreadLocalInfo: PVOID, Win32ClientInfo: [ULONG_PTR; 62], glDispatchTable: [PVOID; 233], glReserved1: [ULONG_PTR; 29], glReserved2: PVOID, glSectionInfo: PVOID, glSection: PVOID, glTable: PVOID, glCurrentRC: PVOID, glContext: PVOID, LastStatusValue: NTSTATUS, StaticUnicodeString: UNICODE_STRING, StaticUnicodeBuffer: [WCHAR; 261], DeallocationStack: PVOID, TlsSlots: [PVOID; 64], TlsLinks: LIST_ENTRY, Vdm: PVOID, ReservedForNtRpc: PVOID, DbgSsReserved: [PVOID; 2], HardErrorMode: ULONG, Instrumentation: [PVOID; 9], ActivityId: GUID, SubProcessTag: PVOID, PerflibData: PVOID, EtwTraceData: PVOID, WinSockData: PVOID, GdiBatchCount: ULONG, u: TEB_u, GuaranteedStackBytes: ULONG, ReservedForPerf: PVOID, ReservedForOle: PVOID, WaitingOnLoaderLock: ULONG, SavedPriorityState: PVOID, ReservedForCodeCoverage: ULONG_PTR, ThreadPoolData: PVOID, TlsExpansionSlots: *mut PVOID, MuiGeneration: ULONG, IsImpersonating: ULONG, NlsCache: PVOID, pShimData: PVOID, HeapVirtualAffinity: USHORT, LowFragHeapDataSlot: USHORT, CurrentTransactionHandle: HANDLE, ActiveFrame: PTEB_ACTIVE_FRAME, FlsData: PVOID, PreferredLanguages: PVOID, UserPrefLanguages: PVOID, MergedPrefLanguages: PVOID, MuiImpersonation: ULONG, CrossTebFlags: USHORT, SameTebFlags: USHORT, TxnScopeEnterCallback: PVOID, TxnScopeExitCallback: PVOID, TxnScopeContext: PVOID, LockCount: ULONG, WowTebOffset: LONG, ResourceRetValue: PVOID, ReservedForWdf: PVOID, ReservedForCrt: ULONGLONG, EffectiveContainerId: GUID, }} BITFIELD!{TEB SameTebFlags: USHORT [ SafeThunkCall set_SafeThunkCall[0..1], InDebugPrint set_InDebugPrint[1..2], HasFiberData set_HasFiberData[2..3], SkipThreadAttach set_SkipThreadAttach[3..4], WerInShipAssertCode set_WerInShipAssertCode[4..5], RanProcessInit set_RanProcessInit[5..6], ClonedThread set_ClonedThread[6..7], SuppressDebugMsg set_SuppressDebugMsg[7..8], DisableUserStackWalk set_DisableUserStackWalk[8..9], RtlExceptionAttached set_RtlExceptionAttached[9..10], InitialThread set_InitialThread[10..11], SessionAware set_SessionAware[11..12], LoadOwner set_LoadOwner[12..13], LoaderWorker set_LoaderWorker[13..14], SkipLoaderInit set_SkipLoaderInit[14..15], SpareSameTebBits set_SpareSameTebBits[15..16], ]} pub type PTEB = *mut TEB; ntapi-0.4.0/src/ntpfapi.rs000064400000000000000000000160660072674642500135770ustar 00000000000000use crate::ntexapi::SYSTEM_MEMORY_LIST_INFORMATION; use crate::ntmmapi::MMPFN_IDENTITY; use winapi::shared::basetsd::{SIZE_T, ULONG_PTR}; use winapi::shared::ntdef::{CHAR, LONGLONG, PVOID, ULONG, ULONGLONG, WCHAR}; ENUM!{enum PF_BOOT_PHASE_ID { PfKernelInitPhase = 0, PfBootDriverInitPhase = 90, PfSystemDriverInitPhase = 120, PfSessionManagerInitPhase = 150, PfSMRegistryInitPhase = 180, PfVideoInitPhase = 210, PfPostVideoInitPhase = 240, PfBootAcceptedRegistryInitPhase = 270, PfUserShellReadyPhase = 300, PfMaxBootPhaseId = 900, }} ENUM!{enum PF_ENABLE_STATUS { PfSvNotSpecified = 0, PfSvEnabled = 1, PfSvDisabled = 2, PfSvMaxEnableStatus = 3, }} STRUCT!{struct PF_TRACE_LIMITS { MaxNumPages: ULONG, MaxNumSections: ULONG, TimerPeriod: LONGLONG, }} pub type PPF_TRACE_LIMITS = *mut PF_TRACE_LIMITS; STRUCT!{struct PF_SYSTEM_PREFETCH_PARAMETERS { EnableStatus: [PF_ENABLE_STATUS; 2], TraceLimits: [PF_TRACE_LIMITS; 2], MaxNumActiveTraces: ULONG, MaxNumSavedTraces: ULONG, RootDirPath: [WCHAR; 32], HostingApplicationList: [WCHAR; 128], }} pub type PPF_SYSTEM_PREFETCH_PARAMETERS = *mut PF_SYSTEM_PREFETCH_PARAMETERS; pub const PF_BOOT_CONTROL_VERSION: u32 = 1; STRUCT!{struct PF_BOOT_CONTROL { Version: ULONG, DisableBootPrefetching: ULONG, }} pub type PPF_BOOT_CONTROL = *mut PF_BOOT_CONTROL; ENUM!{enum PREFETCHER_INFORMATION_CLASS { PrefetcherRetrieveTrace = 1, PrefetcherSystemParameters = 2, PrefetcherBootPhase = 3, PrefetcherRetrieveBootLoaderTrace = 4, PrefetcherBootControl = 5, }} pub const PREFETCHER_INFORMATION_VERSION: ULONG = 23; pub const PREFETCHER_INFORMATION_MAGIC: ULONG = 0x6b756843; STRUCT!{struct PREFETCHER_INFORMATION { Version: ULONG, Magic: ULONG, PrefetcherInformationClass: PREFETCHER_INFORMATION_CLASS, PrefetcherInformation: PVOID, PrefetcherInformationLength: ULONG, }} pub type PPREFETCHER_INFORMATION = *mut PREFETCHER_INFORMATION; STRUCT!{struct PF_SYSTEM_SUPERFETCH_PARAMETERS { EnabledComponents: ULONG, BootID: ULONG, SavedSectInfoTracesMax: ULONG, SavedPageAccessTracesMax: ULONG, ScenarioPrefetchTimeoutStandby: ULONG, ScenarioPrefetchTimeoutHibernate: ULONG, }} pub type PPF_SYSTEM_SUPERFETCH_PARAMETERS = *mut PF_SYSTEM_SUPERFETCH_PARAMETERS; pub const PF_PFN_PRIO_REQUEST_VERSION: u32 = 1; pub const PF_PFN_PRIO_REQUEST_QUERY_MEMORY_LIST: u32 = 0x1; pub const PF_PFN_PRIO_REQUEST_VALID_FLAGS: u32 = 0x1; STRUCT!{struct PF_PFN_PRIO_REQUEST { Version: ULONG, RequestFlags: ULONG, PfnCount: ULONG_PTR, MemInfo: SYSTEM_MEMORY_LIST_INFORMATION, PageData: [MMPFN_IDENTITY; 256], }} pub type PPF_PFN_PRIO_REQUEST = *mut PF_PFN_PRIO_REQUEST; ENUM!{enum PFS_PRIVATE_PAGE_SOURCE_TYPE { PfsPrivateSourceKernel = 0, PfsPrivateSourceSession = 1, PfsPrivateSourceProcess = 2, PfsPrivateSourceMax = 3, }} UNION!{union PFS_PRIVATE_PAGE_SOURCE_u { SessionId: ULONG, ProcessId: ULONG, }} STRUCT!{struct PFS_PRIVATE_PAGE_SOURCE { Type: PFS_PRIVATE_PAGE_SOURCE_TYPE, u: PFS_PRIVATE_PAGE_SOURCE_u, ImagePathHash: ULONG, UniqueProcessHash: ULONG_PTR, }} UNION!{union PF_PRIVSOURCE_INFO_u { WsSwapPages: ULONG_PTR, SessionPagedPoolPages: ULONG_PTR, StoreSizePages: ULONG_PTR, }} pub type PPFS_PRIVATE_PAGE_SOURCE = *mut PFS_PRIVATE_PAGE_SOURCE; STRUCT!{struct PF_PRIVSOURCE_INFO { DbInfo: PFS_PRIVATE_PAGE_SOURCE, EProcess: PVOID, WsPrivatePages: SIZE_T, TotalPrivatePages: SIZE_T, SessionID: ULONG, ImageName: [CHAR; 16], u: PF_PRIVSOURCE_INFO_u, WsTotalPages: ULONG_PTR, DeepFreezeTimeMs: ULONG, BitFields: ULONG, }} BITFIELD!{PF_PRIVSOURCE_INFO BitFields: ULONG [ ModernApp set_ModernApp[0..1], DeepFrozen set_DeepFrozen[1..2], Foreground set_Foreground[2..3], PerProcessStore set_PerProcessStore[3..4], Spare set_Spare[4..32], ]} pub type PPF_PRIVSOURCE_INFO = *mut PF_PRIVSOURCE_INFO; pub const PF_PRIVSOURCE_QUERY_REQUEST_VERSION: u32 = 3; STRUCT!{struct PF_PRIVSOURCE_QUERY_REQUEST { Version: ULONG, Flags: ULONG, InfoCount: ULONG, InfoArray: [PF_PRIVSOURCE_INFO; 1], }} pub type PPF_PRIVSOURCE_QUERY_REQUEST = *mut PF_PRIVSOURCE_QUERY_REQUEST; ENUM!{enum PF_PHASED_SCENARIO_TYPE { PfScenarioTypeNone = 0, PfScenarioTypeStandby = 1, PfScenarioTypeHibernate = 2, PfScenarioTypeFUS = 3, PfScenarioTypeMax = 4, }} pub const PF_SCENARIO_PHASE_INFO_VERSION: u32 = 4; STRUCT!{struct PF_SCENARIO_PHASE_INFO { Version: ULONG, ScenType: PF_PHASED_SCENARIO_TYPE, PhaseId: ULONG, SequenceNumber: ULONG, Flags: ULONG, FUSUserId: ULONG, }} pub type PPF_SCENARIO_PHASE_INFO = *mut PF_SCENARIO_PHASE_INFO; STRUCT!{struct PF_MEMORY_LIST_NODE { Bitfields: ULONGLONG, StandbyLowPageCount: ULONGLONG, StandbyMediumPageCount: ULONGLONG, StandbyHighPageCount: ULONGLONG, FreePageCount: ULONGLONG, ModifiedPageCount: ULONGLONG, }} BITFIELD!{PF_MEMORY_LIST_NODE Bitfields: ULONGLONG [ Node set_Node[0..8], Spare set_Spare[8..64], ]} pub type PPF_MEMORY_LIST_NODE = *mut PF_MEMORY_LIST_NODE; pub const PF_MEMORY_LIST_INFO_VERSION: u32 = 1; STRUCT!{struct PF_MEMORY_LIST_INFO { Version: ULONG, Size: ULONG, NodeCount: ULONG, Nodes: [PF_MEMORY_LIST_NODE; 1], }} pub type PPF_MEMORY_LIST_INFO = *mut PF_MEMORY_LIST_INFO; STRUCT!{struct PF_PHYSICAL_MEMORY_RANGE { BasePfn: ULONG_PTR, PageCount: ULONG_PTR, }} pub type PPF_PHYSICAL_MEMORY_RANGE = *mut PF_PHYSICAL_MEMORY_RANGE; pub const PF_PHYSICAL_MEMORY_RANGE_INFO_VERSION: u32 = 1; STRUCT!{struct PF_PHYSICAL_MEMORY_RANGE_INFO { Version: ULONG, RangeCount: ULONG, Ranges: [PF_PHYSICAL_MEMORY_RANGE; 1], }} pub type PPF_PHYSICAL_MEMORY_RANGE_INFO = *mut PF_PHYSICAL_MEMORY_RANGE_INFO; pub const PF_REPURPOSED_BY_PREFETCH_INFO_VERSION: u32 = 1; STRUCT!{struct PF_REPURPOSED_BY_PREFETCH_INFO { Version: ULONG, RepurposedByPrefetch: ULONG, }} pub type PPF_REPURPOSED_BY_PREFETCH_INFO = *mut PF_REPURPOSED_BY_PREFETCH_INFO; ENUM!{enum SUPERFETCH_INFORMATION_CLASS { SuperfetchRetrieveTrace = 1, SuperfetchSystemParameters = 2, SuperfetchLogEvent = 3, SuperfetchGenerateTrace = 4, SuperfetchPrefetch = 5, SuperfetchPfnQuery = 6, SuperfetchPfnSetPriority = 7, SuperfetchPrivSourceQuery = 8, SuperfetchSequenceNumberQuery = 9, SuperfetchScenarioPhase = 10, SuperfetchWorkerPriority = 11, SuperfetchScenarioQuery = 12, SuperfetchScenarioPrefetch = 13, SuperfetchRobustnessControl = 14, SuperfetchTimeControl = 15, SuperfetchMemoryListQuery = 16, SuperfetchMemoryRangesQuery = 17, SuperfetchTracingControl = 18, SuperfetchTrimWhileAgingControl = 19, SuperfetchRepurposedByPrefetch = 20, SuperfetchInformationMax = 21, }} pub const SUPERFETCH_INFORMATION_VERSION: ULONG = 45; pub const SUPERFETCH_INFORMATION_MAGIC: ULONG = 0x6b756843; STRUCT!{struct SUPERFETCH_INFORMATION { Version: ULONG, Magic: ULONG, InfoClass: SUPERFETCH_INFORMATION_CLASS, Data: PVOID, Length: ULONG, }} pub type PSUPERFETCH_INFORMATION = *mut SUPERFETCH_INFORMATION; ntapi-0.4.0/src/ntpnpapi.rs000064400000000000000000000101500072674642500137530ustar 00000000000000use winapi::shared::cfg::PNP_VETO_TYPE; use winapi::shared::guiddef::GUID; use winapi::shared::ntdef::{HANDLE, NTSTATUS, PULONG, PUNICODE_STRING, PVOID, ULONG, WCHAR}; ENUM!{enum PLUGPLAY_EVENT_CATEGORY { HardwareProfileChangeEvent = 0, TargetDeviceChangeEvent = 1, DeviceClassChangeEvent = 2, CustomDeviceEvent = 3, DeviceInstallEvent = 4, DeviceArrivalEvent = 5, PowerEvent = 6, VetoEvent = 7, BlockedDriverEvent = 8, InvalidIDEvent = 9, MaxPlugEventCategory = 10, }} pub type PPLUGPLAY_EVENT_CATEGORY = *mut PLUGPLAY_EVENT_CATEGORY; STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_DeviceClass { ClassGuid: GUID, SymbolicLinkName: [WCHAR; 1], }} STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_TargetDevice { DeviceIds: [WCHAR; 1], }} STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_InstallDevice { DeviceId: [WCHAR; 1], }} STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_CustomNotification { NotificationStructure: PVOID, DeviceIds: [WCHAR; 1], }} STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_ProfileNotification { Notification: PVOID, }} STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_PowerNotification { NotificationCode: ULONG, NotificationData: ULONG, }} STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_VetoNotification { VetoType: PNP_VETO_TYPE, DeviceIdVetoNameBuffer: [WCHAR; 1], }} STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_BlockedDriverNotification { BlockedDriverGuid: GUID, }} STRUCT!{struct PLUGPLAY_EVENT_BLOCK_u_InvalidIDNotification { ParentId: [WCHAR; 1], }} UNION!{union PLUGPLAY_EVENT_BLOCK_u { DeviceClass: PLUGPLAY_EVENT_BLOCK_u_DeviceClass, TargetDevice: PLUGPLAY_EVENT_BLOCK_u_TargetDevice, InstallDevice: PLUGPLAY_EVENT_BLOCK_u_InstallDevice, CustomNotification: PLUGPLAY_EVENT_BLOCK_u_CustomNotification, ProfileNotification: PLUGPLAY_EVENT_BLOCK_u_ProfileNotification, PowerNotification: PLUGPLAY_EVENT_BLOCK_u_PowerNotification, VetoNotification: PLUGPLAY_EVENT_BLOCK_u_VetoNotification, BlockedDriverNotification: PLUGPLAY_EVENT_BLOCK_u_BlockedDriverNotification, InvalidIDNotification: PLUGPLAY_EVENT_BLOCK_u_InvalidIDNotification, }} STRUCT!{struct PLUGPLAY_EVENT_BLOCK { EventGuid: GUID, EventCategory: PLUGPLAY_EVENT_CATEGORY, Result: PULONG, Flags: ULONG, TotalSize: ULONG, DeviceObject: PVOID, u: PLUGPLAY_EVENT_BLOCK_u, }} pub type PPLUGPLAY_EVENT_BLOCK = *mut PLUGPLAY_EVENT_BLOCK; ENUM!{enum PLUGPLAY_CONTROL_CLASS { PlugPlayControlEnumerateDevice = 0, PlugPlayControlRegisterNewDevice = 1, PlugPlayControlDeregisterDevice = 2, PlugPlayControlInitializeDevice = 3, PlugPlayControlStartDevice = 4, PlugPlayControlUnlockDevice = 5, PlugPlayControlQueryAndRemoveDevice = 6, PlugPlayControlUserResponse = 7, PlugPlayControlGenerateLegacyDevice = 8, PlugPlayControlGetInterfaceDeviceList = 9, PlugPlayControlProperty = 10, PlugPlayControlDeviceClassAssociation = 11, PlugPlayControlGetRelatedDevice = 12, PlugPlayControlGetInterfaceDeviceAlias = 13, PlugPlayControlDeviceStatus = 14, PlugPlayControlGetDeviceDepth = 15, PlugPlayControlQueryDeviceRelations = 16, PlugPlayControlTargetDeviceRelation = 17, PlugPlayControlQueryConflictList = 18, PlugPlayControlRetrieveDock = 19, PlugPlayControlResetDevice = 20, PlugPlayControlHaltDevice = 21, PlugPlayControlGetBlockedDriverList = 22, PlugPlayControlGetDeviceInterfaceEnabled = 23, MaxPlugPlayControl = 24, }} pub type PPLUGPLAY_CONTROL_CLASS = *mut PLUGPLAY_CONTROL_CLASS; EXTERN!{extern "system" { fn NtGetPlugPlayEvent( EventHandle: HANDLE, Context: PVOID, EventBlock: PPLUGPLAY_EVENT_BLOCK, EventBufferSize: ULONG, ) -> NTSTATUS; fn NtPlugPlayControl( PnPControlClass: PLUGPLAY_CONTROL_CLASS, PnPControlData: PVOID, PnPControlDataLength: ULONG, ) -> NTSTATUS; fn NtSerializeBoot() -> NTSTATUS; fn NtEnableLastKnownGood() -> NTSTATUS; fn NtDisableLastKnownGood() -> NTSTATUS; fn NtReplacePartitionUnit( TargetInstancePath: PUNICODE_STRING, SpareInstancePath: PUNICODE_STRING, Flags: ULONG, ) -> NTSTATUS; }} ntapi-0.4.0/src/ntpoapi.rs000064400000000000000000000102250072674642500135770ustar 00000000000000use winapi::shared::ntdef::{ BOOLEAN, HANDLE, LONG, NTSTATUS, PLONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, USHORT, }; use winapi::um::winnt::{ DEVICE_POWER_STATE, EXECUTION_STATE, LATENCY_TIME, PDEVICE_POWER_STATE, PEXECUTION_STATE, POWER_ACTION, POWER_INFORMATION_LEVEL, SYSTEM_POWER_STATE, }; UNION!{union POWER_STATE { SystemState: SYSTEM_POWER_STATE, DeviceState: DEVICE_POWER_STATE, }} pub type PPOWER_STATE = *mut POWER_STATE; ENUM!{enum POWER_STATE_TYPE { SystemPowerState = 0, DevicePowerState = 1, }} pub type PPOWER_STATE_TYPE = *mut POWER_STATE_TYPE; STRUCT!{struct SYSTEM_POWER_STATE_CONTEXT { ContextAsUlong: ULONG, }} BITFIELD!{SYSTEM_POWER_STATE_CONTEXT ContextAsUlong: ULONG [ Reserved1 set_Reserved1[0..8], TargetSystemState set_TargetSystemState[8..12], EffectiveSystemState set_EffectiveSystemState[12..16], CurrentSystemState set_CurrentSystemState[16..20], IgnoreHibernationPath set_IgnoreHibernationPath[20..21], PseudoTransition set_PseudoTransition[21..22], Reserved2 set_Reserved2[22..32], ]} pub type PSYSTEM_POWER_STATE_CONTEXT = *mut SYSTEM_POWER_STATE_CONTEXT; STRUCT!{struct COUNTED_REASON_CONTEXT_u_s { ResourceFileName: UNICODE_STRING, ResourceReasonId: USHORT, StringCount: ULONG, ReasonStrings: PUNICODE_STRING, }} UNION!{union COUNTED_REASON_CONTEXT_u { s: COUNTED_REASON_CONTEXT_u_s, SimpleString: UNICODE_STRING, }} STRUCT!{struct COUNTED_REASON_CONTEXT { Version: ULONG, Flags: ULONG, u: COUNTED_REASON_CONTEXT_u, }} pub type PCOUNTED_REASON_CONTEXT = *mut COUNTED_REASON_CONTEXT; ENUM!{enum POWER_STATE_HANDLER_TYPE { PowerStateSleeping1 = 0, PowerStateSleeping2 = 1, PowerStateSleeping3 = 2, PowerStateSleeping4 = 3, PowerStateShutdownOff = 4, PowerStateShutdownReset = 5, PowerStateSleeping4Firmware = 6, PowerStateMaximum = 7, }} pub type PPOWER_STATE_HANDLER_TYPE = *mut POWER_STATE_HANDLER_TYPE; FN!{stdcall PENTER_STATE_SYSTEM_HANDLER( SystemContext: PVOID, ) -> NTSTATUS} FN!{stdcall PENTER_STATE_HANDLER( Context: PVOID, SystemHandler: PENTER_STATE_SYSTEM_HANDLER, SystemContext: PVOID, NumberProcessors: LONG, Number: PLONG, ) -> NTSTATUS} STRUCT!{struct POWER_STATE_HANDLER { Type: POWER_STATE_HANDLER_TYPE, RtcWake: BOOLEAN, Spare: [UCHAR; 3], Handler: PENTER_STATE_HANDLER, Context: PVOID, }} pub type PPOWER_STATE_HANDLER = *mut POWER_STATE_HANDLER; FN!{stdcall PENTER_STATE_NOTIFY_HANDLER( State: POWER_STATE_HANDLER_TYPE, Context: PVOID, Entering: BOOLEAN, ) -> NTSTATUS} STRUCT!{struct POWER_STATE_NOTIFY_HANDLER { Handler: PENTER_STATE_NOTIFY_HANDLER, Context: PVOID, }} pub type PPOWER_STATE_NOTIFY_HANDLER = *mut POWER_STATE_NOTIFY_HANDLER; STRUCT!{struct PROCESSOR_POWER_INFORMATION { Number: ULONG, MaxMhz: ULONG, CurrentMhz: ULONG, MhzLimit: ULONG, MaxIdleState: ULONG, CurrentIdleState: ULONG, }} pub type PPROCESSOR_POWER_INFORMATION = *mut PROCESSOR_POWER_INFORMATION; STRUCT!{struct SYSTEM_POWER_INFORMATION { MaxIdlenessAllowed: ULONG, Idleness: ULONG, TimeRemaining: ULONG, CoolingMode: UCHAR, }} pub type PSYSTEM_POWER_INFORMATION = *mut SYSTEM_POWER_INFORMATION; EXTERN!{extern "system" { fn NtPowerInformation( InformationLevel: POWER_INFORMATION_LEVEL, InputBuffer: PVOID, InputBufferLength: ULONG, OutputBuffer: PVOID, OutputBufferLength: ULONG, ) -> NTSTATUS; fn NtSetThreadExecutionState( NewFlags: EXECUTION_STATE, PreviousFlags: PEXECUTION_STATE, ) -> NTSTATUS; fn NtRequestWakeupLatency( latency: LATENCY_TIME, ) -> NTSTATUS; fn NtInitiatePowerAction( SystemAction: POWER_ACTION, LightestSystemState: SYSTEM_POWER_STATE, Flags: ULONG, Asynchronous: BOOLEAN, ) -> NTSTATUS; fn NtSetSystemPowerState( SystemAction: POWER_ACTION, LightestSystemState: SYSTEM_POWER_STATE, Flags: ULONG, ) -> NTSTATUS; fn NtGetDevicePowerState( Device: HANDLE, State: PDEVICE_POWER_STATE, ) -> NTSTATUS; fn NtIsSystemResumeAutomatic() -> BOOLEAN; }} ntapi-0.4.0/src/ntpsapi.rs000064400000000000000000001466300072674642500136150ustar 00000000000000use crate::ntapi_base::{CLIENT_ID, KPRIORITY, PCLIENT_ID}; use crate::ntexapi::{PROCESS_DISK_COUNTERS, PROCESS_ENERGY_VALUES}; use crate::ntpebteb::{PPEB, PTEB}; use winapi::ctypes::c_void; use winapi::shared::basetsd::{PSIZE_T, SIZE_T, ULONG64, ULONG_PTR}; use winapi::shared::ntdef::{ BOOLEAN, HANDLE, LARGE_INTEGER, LIST_ENTRY, LONG, LONGLONG, NTSTATUS, NT_PRODUCT_TYPE, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PROCESSOR_NUMBER, PSINGLE_LIST_ENTRY, PULONG, PVOID, SINGLE_LIST_ENTRY, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, WCHAR, }; use winapi::um::winnt::{ ACCESS_MASK, CONTEXT, HARDWARE_COUNTER_TYPE, IO_COUNTERS, JOBOBJECTINFOCLASS, JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, LDT_ENTRY, MAX_HW_COUNTERS, PCONTEXT, PJOB_SET_ARRAY, PROCESS_MITIGATION_ASLR_POLICY, PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY, PROCESS_MITIGATION_CHILD_PROCESS_POLICY, PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY, PROCESS_MITIGATION_DYNAMIC_CODE_POLICY, PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, PROCESS_MITIGATION_FONT_DISABLE_POLICY, PROCESS_MITIGATION_IMAGE_LOAD_POLICY, PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY, PROCESS_MITIGATION_POLICY, PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY, PSECURITY_QUALITY_OF_SERVICE, }; #[cfg(not(target_arch = "aarch64"))] use crate::winapi_local::um::winnt::NtCurrentTeb; pub const GDI_HANDLE_BUFFER_SIZE32: usize = 34; pub const GDI_HANDLE_BUFFER_SIZE64: usize = 60; #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] pub const GDI_HANDLE_BUFFER_SIZE: usize = GDI_HANDLE_BUFFER_SIZE64; #[cfg(target_arch = "x86")] pub const GDI_HANDLE_BUFFER_SIZE: usize = GDI_HANDLE_BUFFER_SIZE32; pub type GDI_HANDLE_BUFFER = [ULONG; GDI_HANDLE_BUFFER_SIZE]; pub type GDI_HANDLE_BUFFER32 = [ULONG; GDI_HANDLE_BUFFER_SIZE32]; pub type GDI_HANDLE_BUFFER64 = [ULONG; GDI_HANDLE_BUFFER_SIZE]; pub const TLS_EXPANSION_SLOTS: usize = 1024; STRUCT!{struct PEB_LDR_DATA { Length: ULONG, Initialized: BOOLEAN, SsHandle: HANDLE, InLoadOrderModuleList: LIST_ENTRY, InMemoryOrderModuleList: LIST_ENTRY, InInitializationOrderModuleList: LIST_ENTRY, EntryInProgress: PVOID, ShutdownInProgress: BOOLEAN, ShutdownThreadId: HANDLE, }} pub type PPEB_LDR_DATA = *mut PEB_LDR_DATA; STRUCT!{struct INITIAL_TEB_OldInitialTeb { OldStackBase: PVOID, OldStackLimit: PVOID, }} STRUCT!{struct INITIAL_TEB { OldInitialTeb: INITIAL_TEB_OldInitialTeb, StackBase: PVOID, StackLimit: PVOID, StackAllocationBase: PVOID, }} pub type PINITIAL_TEB = *mut INITIAL_TEB; STRUCT!{struct WOW64_PROCESS { Wow64: PVOID, }} pub type PWOW64_PROCESS = *mut WOW64_PROCESS; ENUM!{enum PROCESSINFOCLASS { ProcessBasicInformation = 0, ProcessQuotaLimits = 1, ProcessIoCounters = 2, ProcessVmCounters = 3, ProcessTimes = 4, ProcessBasePriority = 5, ProcessRaisePriority = 6, ProcessDebugPort = 7, ProcessExceptionPort = 8, ProcessAccessToken = 9, ProcessLdtInformation = 10, ProcessLdtSize = 11, ProcessDefaultHardErrorMode = 12, ProcessIoPortHandlers = 13, ProcessPooledUsageAndLimits = 14, ProcessWorkingSetWatch = 15, ProcessUserModeIOPL = 16, ProcessEnableAlignmentFaultFixup = 17, ProcessPriorityClass = 18, ProcessWx86Information = 19, ProcessHandleCount = 20, ProcessAffinityMask = 21, ProcessPriorityBoost = 22, ProcessDeviceMap = 23, ProcessSessionInformation = 24, ProcessForegroundInformation = 25, ProcessWow64Information = 26, ProcessImageFileName = 27, ProcessLUIDDeviceMapsEnabled = 28, ProcessBreakOnTermination = 29, ProcessDebugObjectHandle = 30, ProcessDebugFlags = 31, ProcessHandleTracing = 32, ProcessIoPriority = 33, ProcessExecuteFlags = 34, ProcessResourceManagement = 35, ProcessCookie = 36, ProcessImageInformation = 37, ProcessCycleTime = 38, ProcessPagePriority = 39, ProcessInstrumentationCallback = 40, ProcessThreadStackAllocation = 41, ProcessWorkingSetWatchEx = 42, ProcessImageFileNameWin32 = 43, ProcessImageFileMapping = 44, ProcessAffinityUpdateMode = 45, ProcessMemoryAllocationMode = 46, ProcessGroupInformation = 47, ProcessTokenVirtualizationEnabled = 48, ProcessConsoleHostProcess = 49, ProcessWindowInformation = 50, ProcessHandleInformation = 51, ProcessMitigationPolicy = 52, ProcessDynamicFunctionTableInformation = 53, ProcessHandleCheckingMode = 54, ProcessKeepAliveCount = 55, ProcessRevokeFileHandles = 56, ProcessWorkingSetControl = 57, ProcessHandleTable = 58, ProcessCheckStackExtentsMode = 59, ProcessCommandLineInformation = 60, ProcessProtectionInformation = 61, ProcessMemoryExhaustion = 62, ProcessFaultInformation = 63, ProcessTelemetryIdInformation = 64, ProcessCommitReleaseInformation = 65, ProcessDefaultCpuSetsInformation = 66, ProcessAllowedCpuSetsInformation = 67, ProcessSubsystemProcess = 68, ProcessJobMemoryInformation = 69, ProcessInPrivate = 70, ProcessRaiseUMExceptionOnInvalidHandleClose = 71, ProcessIumChallengeResponse = 72, ProcessChildProcessInformation = 73, ProcessHighGraphicsPriorityInformation = 74, ProcessSubsystemInformation = 75, ProcessEnergyValues = 76, ProcessActivityThrottleState = 77, ProcessActivityThrottlePolicy = 78, ProcessWin32kSyscallFilterInformation = 79, ProcessDisableSystemAllowedCpuSets = 80, ProcessWakeInformation = 81, ProcessEnergyTrackingState = 82, ProcessManageWritesToExecutableMemory = 83, ProcessCaptureTrustletLiveDump = 84, ProcessTelemetryCoverage = 85, ProcessEnclaveInformation = 86, ProcessEnableReadWriteVmLogging = 87, ProcessUptimeInformation = 88, ProcessImageSection = 89, ProcessDebugAuthInformation = 90, ProcessSystemResourceManagement = 91, ProcessSequenceNumber = 92, ProcessLoaderDetour = 93, ProcessSecurityDomainInformation = 94, ProcessCombineSecurityDomainsInformation = 95, ProcessEnableLogging = 96, ProcessLeapSecondInformation = 97, MaxProcessInfoClass = 98, }} ENUM!{enum THREADINFOCLASS { ThreadBasicInformation = 0, ThreadTimes = 1, ThreadPriority = 2, ThreadBasePriority = 3, ThreadAffinityMask = 4, ThreadImpersonationToken = 5, ThreadDescriptorTableEntry = 6, ThreadEnableAlignmentFaultFixup = 7, ThreadEventPair = 8, ThreadQuerySetWin32StartAddress = 9, ThreadZeroTlsCell = 10, ThreadPerformanceCount = 11, ThreadAmILastThread = 12, ThreadIdealProcessor = 13, ThreadPriorityBoost = 14, ThreadSetTlsArrayAddress = 15, ThreadIsIoPending = 16, ThreadHideFromDebugger = 17, ThreadBreakOnTermination = 18, ThreadSwitchLegacyState = 19, ThreadIsTerminated = 20, ThreadLastSystemCall = 21, ThreadIoPriority = 22, ThreadCycleTime = 23, ThreadPagePriority = 24, ThreadActualBasePriority = 25, ThreadTebInformation = 26, ThreadCSwitchMon = 27, ThreadCSwitchPmu = 28, ThreadWow64Context = 29, ThreadGroupInformation = 30, ThreadUmsInformation = 31, ThreadCounterProfiling = 32, ThreadIdealProcessorEx = 33, ThreadCpuAccountingInformation = 34, ThreadSuspendCount = 35, ThreadHeterogeneousCpuPolicy = 36, ThreadContainerId = 37, ThreadNameInformation = 38, ThreadSelectedCpuSets = 39, ThreadSystemThreadInformation = 40, ThreadActualGroupAffinity = 41, ThreadDynamicCodePolicyInfo = 42, ThreadExplicitCaseSensitivity = 43, ThreadWorkOnBehalfTicket = 44, ThreadSubsystemInformation = 45, ThreadDbgkWerReportActive = 46, ThreadAttachContainer = 47, ThreadManageWritesToExecutableMemory = 48, ThreadPowerThrottlingState = 49, ThreadWorkloadClass = 50, MaxThreadInfoClass = 51, }} STRUCT!{struct PAGE_PRIORITY_INFORMATION { PagePriority: ULONG, }} pub type PPAGE_PRIORITY_INFORMATION = *mut PAGE_PRIORITY_INFORMATION; STRUCT!{struct PROCESS_BASIC_INFORMATION { ExitStatus: NTSTATUS, PebBaseAddress: PPEB, AffinityMask: ULONG_PTR, BasePriority: KPRIORITY, UniqueProcessId: HANDLE, InheritedFromUniqueProcessId: HANDLE, }} pub type PPROCESS_BASIC_INFORMATION = *mut PROCESS_BASIC_INFORMATION; STRUCT!{struct PROCESS_EXTENDED_BASIC_INFORMATION { Size: SIZE_T, BasicInfo: PROCESS_BASIC_INFORMATION, Flags: ULONG, }} BITFIELD!{PROCESS_EXTENDED_BASIC_INFORMATION Flags: ULONG [ IsProtectedProcess set_IsProtectedProcess[0..1], IsWow64Process set_IsWow64Process[1..2], IsProcessDeleting set_IsProcessDeleting[2..3], IsCrossSessionCreate set_IsCrossSessionCreate[3..4], IsFrozen set_IsFrozen[4..5], IsBackground set_IsBackground[5..6], IsStronglyNamed set_IsStronglyNamed[6..7], IsSecureProcess set_IsSecureProcess[7..8], IsSubsystemProcess set_IsSubsystemProcess[8..9], SpareBits set_SpareBits[9..32], ]} pub type PPROCESS_EXTENDED_BASIC_INFORMATION = *mut PROCESS_EXTENDED_BASIC_INFORMATION; STRUCT!{struct VM_COUNTERS { PeakVirtualSize: SIZE_T, VirtualSize: SIZE_T, PageFaultCount: ULONG, PeakWorkingSetSize: SIZE_T, WorkingSetSize: SIZE_T, QuotaPeakPagedPoolUsage: SIZE_T, QuotaPagedPoolUsage: SIZE_T, QuotaPeakNonPagedPoolUsage: SIZE_T, QuotaNonPagedPoolUsage: SIZE_T, PagefileUsage: SIZE_T, PeakPagefileUsage: SIZE_T, }} pub type PVM_COUNTERS = *mut VM_COUNTERS; STRUCT!{struct VM_COUNTERS_EX { PeakVirtualSize: SIZE_T, VirtualSize: SIZE_T, PageFaultCount: ULONG, PeakWorkingSetSize: SIZE_T, WorkingSetSize: SIZE_T, QuotaPeakPagedPoolUsage: SIZE_T, QuotaPagedPoolUsage: SIZE_T, QuotaPeakNonPagedPoolUsage: SIZE_T, QuotaNonPagedPoolUsage: SIZE_T, PagefileUsage: SIZE_T, PeakPagefileUsage: SIZE_T, PrivateUsage: SIZE_T, }} pub type PVM_COUNTERS_EX = *mut VM_COUNTERS_EX; STRUCT!{struct VM_COUNTERS_EX2 { CountersEx: VM_COUNTERS_EX, PrivateWorkingSetSize: SIZE_T, SharedCommitUsage: SIZE_T, }} pub type PVM_COUNTERS_EX2 = *mut VM_COUNTERS_EX2; STRUCT!{struct KERNEL_USER_TIMES { CreateTime: LARGE_INTEGER, ExitTime: LARGE_INTEGER, KernelTime: LARGE_INTEGER, UserTime: LARGE_INTEGER, }} pub type PKERNEL_USER_TIMES = *mut KERNEL_USER_TIMES; STRUCT!{struct POOLED_USAGE_AND_LIMITS { PeakPagedPoolUsage: SIZE_T, PagedPoolUsage: SIZE_T, PagedPoolLimit: SIZE_T, PeakNonPagedPoolUsage: SIZE_T, NonPagedPoolUsage: SIZE_T, NonPagedPoolLimit: SIZE_T, PeakPagefileUsage: SIZE_T, PagefileUsage: SIZE_T, PagefileLimit: SIZE_T, }} pub type PPOOLED_USAGE_AND_LIMITS = *mut POOLED_USAGE_AND_LIMITS; pub const PROCESS_EXCEPTION_PORT_ALL_STATE_BITS: ULONG_PTR = 0x00000003; pub const PROCESS_EXCEPTION_PORT_ALL_STATE_FLAGS: ULONG_PTR = (1 << PROCESS_EXCEPTION_PORT_ALL_STATE_BITS) - 1; STRUCT!{struct PROCESS_EXCEPTION_PORT { ExceptionPortHandle: HANDLE, StateFlags: ULONG, }} pub type PPROCESS_EXCEPTION_PORT = *mut PROCESS_EXCEPTION_PORT; STRUCT!{struct PROCESS_ACCESS_TOKEN { Token: HANDLE, Thread: HANDLE, }} pub type PPROCESS_ACCESS_TOKEN = *mut PROCESS_ACCESS_TOKEN; STRUCT!{struct PROCESS_LDT_INFORMATION { Start: ULONG, Length: ULONG, LdtEntries: [LDT_ENTRY; 1], }} pub type PPROCESS_LDT_INFORMATION = *mut PROCESS_LDT_INFORMATION; STRUCT!{struct PROCESS_LDT_SIZE { Length: ULONG, }} pub type PPROCESS_LDT_SIZE = *mut PROCESS_LDT_SIZE; STRUCT!{struct PROCESS_WS_WATCH_INFORMATION { FaultingPc: PVOID, FaultingVa: PVOID, }} pub type PPROCESS_WS_WATCH_INFORMATION = *mut PROCESS_WS_WATCH_INFORMATION; STRUCT!{struct PROCESS_WS_WATCH_INFORMATION_EX { BasicInfo: PROCESS_WS_WATCH_INFORMATION, FaultingThreadId: ULONG_PTR, Flags: ULONG_PTR, }} pub type PPROCESS_WS_WATCH_INFORMATION_EX = *mut PROCESS_WS_WATCH_INFORMATION_EX; pub const PROCESS_PRIORITY_CLASS_UNKNOWN: u32 = 0; pub const PROCESS_PRIORITY_CLASS_IDLE: u32 = 1; pub const PROCESS_PRIORITY_CLASS_NORMAL: u32 = 2; pub const PROCESS_PRIORITY_CLASS_HIGH: u32 = 3; pub const PROCESS_PRIORITY_CLASS_REALTIME: u32 = 4; pub const PROCESS_PRIORITY_CLASS_BELOW_NORMAL: u32 = 5; pub const PROCESS_PRIORITY_CLASS_ABOVE_NORMAL: u32 = 6; STRUCT!{struct PROCESS_PRIORITY_CLASS { Foreground: BOOLEAN, PriorityClass: UCHAR, }} pub type PPROCESS_PRIORITY_CLASS = *mut PROCESS_PRIORITY_CLASS; STRUCT!{struct PROCESS_FOREGROUND_BACKGROUND { Foreground: BOOLEAN, }} pub type PPROCESS_FOREGROUND_BACKGROUND = *mut PROCESS_FOREGROUND_BACKGROUND; STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_Set { DirectoryHandle: HANDLE, }} STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_Query { DriveMap: ULONG, DriveType: [UCHAR; 32], }} UNION!{union PROCESS_DEVICEMAP_INFORMATION { Set: PROCESS_DEVICEMAP_INFORMATION_Set, Query: PROCESS_DEVICEMAP_INFORMATION_Query, }} pub type PPROCESS_DEVICEMAP_INFORMATION = *mut PROCESS_DEVICEMAP_INFORMATION; pub const PROCESS_LUID_DOSDEVICES_ONLY: ULONG = 0x00000001; STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX_u_Set { DirectoryHandle: HANDLE, }} STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX_u_Query { DriveMap: ULONG, DriveType: [UCHAR; 32], }} UNION!{union PROCESS_DEVICEMAP_INFORMATION_EX_u { Set: PROCESS_DEVICEMAP_INFORMATION_EX_u_Set, Query: PROCESS_DEVICEMAP_INFORMATION_EX_u_Query, }} STRUCT!{struct PROCESS_DEVICEMAP_INFORMATION_EX { u: PROCESS_DEVICEMAP_INFORMATION_EX_u, Flags: ULONG, }} pub type PPROCESS_DEVICEMAP_INFORMATION_EX = *mut PROCESS_DEVICEMAP_INFORMATION_EX; STRUCT!{struct PROCESS_SESSION_INFORMATION { SessionId: ULONG, }} pub type PPROCESS_SESSION_INFORMATION = *mut PROCESS_SESSION_INFORMATION; pub const PROCESS_HANDLE_EXCEPTIONS_ENABLED: ULONG = 0x00000001; pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_DISABLED: ULONG = 0x00000000; pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_ENABLED: ULONG = 0x00000001; STRUCT!{struct PROCESS_HANDLE_TRACING_ENABLE { Flags: ULONG, }} pub type PPROCESS_HANDLE_TRACING_ENABLE = *mut PROCESS_HANDLE_TRACING_ENABLE; pub const PROCESS_HANDLE_TRACING_MAX_SLOTS: ULONG = 0x20000; STRUCT!{struct PROCESS_HANDLE_TRACING_ENABLE_EX { Flags: ULONG, TotalSlots: ULONG, }} pub type PPROCESS_HANDLE_TRACING_ENABLE_EX = *mut PROCESS_HANDLE_TRACING_ENABLE_EX; pub const PROCESS_HANDLE_TRACING_MAX_STACKS: usize = 16; pub const PROCESS_HANDLE_TRACE_TYPE_OPEN: ULONG = 1; pub const PROCESS_HANDLE_TRACE_TYPE_CLOSE: ULONG = 2; pub const PROCESS_HANDLE_TRACE_TYPE_BADREF: ULONG = 3; STRUCT!{struct PROCESS_HANDLE_TRACING_ENTRY { Handle: HANDLE, ClientId: CLIENT_ID, Type: ULONG, Stacks: [PVOID; PROCESS_HANDLE_TRACING_MAX_STACKS], }} pub type PPROCESS_HANDLE_TRACING_ENTRY = *mut PROCESS_HANDLE_TRACING_ENTRY; STRUCT!{struct PROCESS_HANDLE_TRACING_QUERY { Handle: HANDLE, TotalTraces: ULONG, HandleTrace: [PROCESS_HANDLE_TRACING_ENTRY; 1], }} pub type PPROCESS_HANDLE_TRACING_QUERY = *mut PROCESS_HANDLE_TRACING_QUERY; STRUCT!{struct THREAD_TLS_INFORMATION { Flags: ULONG, NewTlsData: PVOID, OldTlsData: PVOID, ThreadId: HANDLE, }} pub type PTHREAD_TLS_INFORMATION = *mut THREAD_TLS_INFORMATION; ENUM!{enum PROCESS_TLS_INFORMATION_TYPE { ProcessTlsReplaceIndex = 0, ProcessTlsReplaceVector = 1, MaxProcessTlsOperation = 2, }} pub type PPROCESS_TLS_INFORMATION_TYPE = *mut PROCESS_TLS_INFORMATION_TYPE; STRUCT!{struct PROCESS_TLS_INFORMATION { Flags: ULONG, OperationType: ULONG, ThreadDataCount: ULONG, TlsIndex: ULONG, PreviousCount: ULONG, ThreadData: [THREAD_TLS_INFORMATION; 1], }} pub type PPROCESS_TLS_INFORMATION = *mut PROCESS_TLS_INFORMATION; STRUCT!{struct PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION { Version: ULONG, Reserved: ULONG, Callback: PVOID, }} pub type PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION = *mut PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION; STRUCT!{struct PROCESS_STACK_ALLOCATION_INFORMATION { ReserveSize: SIZE_T, ZeroBits: SIZE_T, StackBase: PVOID, }} pub type PPROCESS_STACK_ALLOCATION_INFORMATION = *mut PROCESS_STACK_ALLOCATION_INFORMATION; STRUCT!{struct PROCESS_STACK_ALLOCATION_INFORMATION_EX { PreferredNode: ULONG, Reserved0: ULONG, Reserved1: ULONG, Reserved2: ULONG, AllocInfo: PROCESS_STACK_ALLOCATION_INFORMATION, }} pub type PPROCESS_STACK_ALLOCATION_INFORMATION_EX = *mut PROCESS_STACK_ALLOCATION_INFORMATION_EX; STRUCT!{struct PROCESS_AFFINITY_UPDATE_MODE { Flags: ULONG, }} BITFIELD!{PROCESS_AFFINITY_UPDATE_MODE Flags: ULONG [ EnableAutoUpdate set_EnableAutoUpdate[0..1], Permanent set_Permanent[1..2], Reserved set_Reserved[2..32], ]} pub type PPROCESS_AFFINITY_UPDATE_MODE = *mut PROCESS_AFFINITY_UPDATE_MODE; STRUCT!{struct PROCESS_MEMORY_ALLOCATION_MODE { Flags: ULONG, }} BITFIELD!{PROCESS_MEMORY_ALLOCATION_MODE Flags: ULONG [ TopDown set_TopDown[0..1], Reserved set_Reserved[1..32], ]} pub type PPROCESS_MEMORY_ALLOCATION_MODE = *mut PROCESS_MEMORY_ALLOCATION_MODE; STRUCT!{struct PROCESS_HANDLE_INFORMATION { HandleCount: ULONG, HandleCountHighWatermark: ULONG, }} pub type PPROCESS_HANDLE_INFORMATION = *mut PROCESS_HANDLE_INFORMATION; STRUCT!{struct PROCESS_CYCLE_TIME_INFORMATION { AccumulatedCycles: ULONGLONG, CurrentCycleCount: ULONGLONG, }} pub type PPROCESS_CYCLE_TIME_INFORMATION = *mut PROCESS_CYCLE_TIME_INFORMATION; STRUCT!{struct PROCESS_WINDOW_INFORMATION { WindowFlags: ULONG, WindowTitleLength: USHORT, WindowTitle: [WCHAR; 1], }} pub type PPROCESS_WINDOW_INFORMATION = *mut PROCESS_WINDOW_INFORMATION; STRUCT!{struct PROCESS_HANDLE_TABLE_ENTRY_INFO { HandleValue: HANDLE, HandleCount: ULONG_PTR, PointerCount: ULONG_PTR, GrantedAccess: ULONG, ObjectTypeIndex: ULONG, HandleAttributes: ULONG, Reserved: ULONG, }} pub type PPROCESS_HANDLE_TABLE_ENTRY_INFO = *mut PROCESS_HANDLE_TABLE_ENTRY_INFO; STRUCT!{struct PROCESS_HANDLE_SNAPSHOT_INFORMATION { NumberOfHandles: ULONG_PTR, Reserved: ULONG_PTR, Handles: [PROCESS_HANDLE_TABLE_ENTRY_INFO; 1], }} pub type PPROCESS_HANDLE_SNAPSHOT_INFORMATION = *mut PROCESS_HANDLE_SNAPSHOT_INFORMATION; UNION!{union PROCESS_MITIGATION_POLICY_INFORMATION_u { ASLRPolicy: PROCESS_MITIGATION_ASLR_POLICY, StrictHandleCheckPolicy: PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, SystemCallDisablePolicy: PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, ExtensionPointDisablePolicy: PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, DynamicCodePolicy: PROCESS_MITIGATION_DYNAMIC_CODE_POLICY, ControlFlowGuardPolicy: PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY, SignaturePolicy: PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY, FontDisablePolicy: PROCESS_MITIGATION_FONT_DISABLE_POLICY, ImageLoadPolicy: PROCESS_MITIGATION_IMAGE_LOAD_POLICY, SystemCallFilterPolicy: PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY, PayloadRestrictionPolicy: PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY, ChildProcessPolicy: PROCESS_MITIGATION_CHILD_PROCESS_POLICY, // SideChannelIsolationPolicy: PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY, //TODO }} STRUCT!{struct PROCESS_MITIGATION_POLICY_INFORMATION { Policy: PROCESS_MITIGATION_POLICY, u: PROCESS_MITIGATION_POLICY_INFORMATION_u, }} pub type PPROCESS_MITIGATION_POLICY_INFORMATION = *mut PROCESS_MITIGATION_POLICY_INFORMATION; STRUCT!{struct PROCESS_KEEPALIVE_COUNT_INFORMATION { WakeCount: ULONG, NoWakeCount: ULONG, }} pub type PPROCESS_KEEPALIVE_COUNT_INFORMATION = *mut PROCESS_KEEPALIVE_COUNT_INFORMATION; STRUCT!{struct PROCESS_REVOKE_FILE_HANDLES_INFORMATION { TargetDevicePath: UNICODE_STRING, }} pub type PPROCESS_REVOKE_FILE_HANDLES_INFORMATION = *mut PROCESS_REVOKE_FILE_HANDLES_INFORMATION; ENUM!{enum PROCESS_WORKING_SET_OPERATION { ProcessWorkingSetSwap = 0, ProcessWorkingSetEmpty = 1, ProcessWorkingSetOperationMax = 2, }} STRUCT!{struct PROCESS_WORKING_SET_CONTROL { Version: ULONG, Operation: PROCESS_WORKING_SET_OPERATION, Flags: ULONG, }} pub type PPROCESS_WORKING_SET_CONTROL = *mut PROCESS_WORKING_SET_CONTROL; ENUM!{enum PS_PROTECTED_TYPE { PsProtectedTypeNone = 0, PsProtectedTypeProtectedLight = 1, PsProtectedTypeProtected = 2, PsProtectedTypeMax = 3, }} ENUM!{enum PS_PROTECTED_SIGNER { PsProtectedSignerNone = 0, PsProtectedSignerAuthenticode = 1, PsProtectedSignerCodeGen = 2, PsProtectedSignerAntimalware = 3, PsProtectedSignerLsa = 4, PsProtectedSignerWindows = 5, PsProtectedSignerWinTcb = 6, PsProtectedSignerWinSystem = 7, PsProtectedSignerApp = 8, PsProtectedSignerMax = 9, }} pub const PS_PROTECTED_SIGNER_MASK: UCHAR = 0xFF; pub const PS_PROTECTED_AUDIT_MASK: UCHAR = 0x08; pub const PS_PROTECTED_TYPE_MASK: UCHAR = 0x07; #[inline] pub const fn PsProtectedValue( aSigner: PS_PROTECTED_SIGNER, aAudit: u8, aType: PS_PROTECTED_TYPE, ) -> UCHAR { (aSigner as u8 & PS_PROTECTED_SIGNER_MASK) << 4 | (aAudit & PS_PROTECTED_AUDIT_MASK) << 3 | (aType as u8 & PS_PROTECTED_TYPE_MASK) } #[inline] pub fn InitializePsProtection( aProtectionLevelPtr: &mut PS_PROTECTION, aSigner: PS_PROTECTED_SIGNER, aAudit: u8, aType: PS_PROTECTED_TYPE, ) { aProtectionLevelPtr.set_Signer(aSigner as u8); aProtectionLevelPtr.set_Audit(aAudit); aProtectionLevelPtr.set_Type(aType as u8); } STRUCT!{struct PS_PROTECTION { Level: UCHAR, }} pub type PPS_PROTECTION = *mut PS_PROTECTION; BITFIELD!{PS_PROTECTION Level: UCHAR [ Type set_Type[0..3], Audit set_Audit[3..4], Signer set_Signer[4..8], ]} STRUCT!{struct PROCESS_FAULT_INFORMATION { FaultFlags: ULONG, AdditionalInfo: ULONG, }} pub type PPROCESS_FAULT_INFORMATION = *mut PROCESS_FAULT_INFORMATION; STRUCT!{struct PROCESS_TELEMETRY_ID_INFORMATION { HeaderSize: ULONG, ProcessId: ULONG, ProcessStartKey: ULONGLONG, CreateTime: ULONGLONG, CreateInterruptTime: ULONGLONG, CreateUnbiasedInterruptTime: ULONGLONG, ProcessSequenceNumber: ULONGLONG, SessionCreateTime: ULONGLONG, SessionId: ULONG, BootId: ULONG, ImageChecksum: ULONG, ImageTimeDateStamp: ULONG, UserSidOffset: ULONG, ImagePathOffset: ULONG, PackageNameOffset: ULONG, RelativeAppNameOffset: ULONG, CommandLineOffset: ULONG, }} pub type PPROCESS_TELEMETRY_ID_INFORMATION = *mut PROCESS_TELEMETRY_ID_INFORMATION; STRUCT!{struct PROCESS_COMMIT_RELEASE_INFORMATION { Version: ULONG, s: ULONG, CommitDebt: SIZE_T, CommittedMemResetSize: SIZE_T, RepurposedMemResetSize: SIZE_T, }} BITFIELD!{PROCESS_COMMIT_RELEASE_INFORMATION s: ULONG [ Eligible set_Eligible[0..1], ReleaseRepurposedMemResetCommit set_ReleaseRepurposedMemResetCommit[1..2], ForceReleaseMemResetCommit set_ForceReleaseMemResetCommit[2..3], Spare set_Spare[3..32], ]} pub type PPROCESS_COMMIT_RELEASE_INFORMATION = *mut PROCESS_COMMIT_RELEASE_INFORMATION; STRUCT!{struct PROCESS_JOB_MEMORY_INFO { SharedCommitUsage: ULONGLONG, PrivateCommitUsage: ULONGLONG, PeakPrivateCommitUsage: ULONGLONG, PrivateCommitLimit: ULONGLONG, TotalCommitLimit: ULONGLONG, }} pub type PPROCESS_JOB_MEMORY_INFO = *mut PROCESS_JOB_MEMORY_INFO; STRUCT!{struct PROCESS_CHILD_PROCESS_INFORMATION { ProhibitChildProcesses: BOOLEAN, AlwaysAllowSecureChildProcess: BOOLEAN, AuditProhibitChildProcesses: BOOLEAN, }} pub type PPROCESS_CHILD_PROCESS_INFORMATION = *mut PROCESS_CHILD_PROCESS_INFORMATION; STRUCT!{struct PROCESS_WAKE_INFORMATION { NotificationChannel: ULONGLONG, WakeCounters: [ULONG; 7], WakeFilter: *mut JOBOBJECT_WAKE_FILTER, }} pub type PPROCESS_WAKE_INFORMATION = *mut PROCESS_WAKE_INFORMATION; STRUCT!{struct PROCESS_ENERGY_TRACKING_STATE { StateUpdateMask: ULONG, StateDesiredValue: ULONG, StateSequence: ULONG, UpdateTag: ULONG, Tag: [WCHAR; 64], }} pub type PPROCESS_ENERGY_TRACKING_STATE = *mut PROCESS_ENERGY_TRACKING_STATE; BITFIELD!{PROCESS_ENERGY_TRACKING_STATE UpdateTag: ULONG [ UpdateTag set_UpdateTag[0..1], ]} STRUCT!{struct MANAGE_WRITES_TO_EXECUTABLE_MEMORY { BitFields: ULONG, }} BITFIELD!{MANAGE_WRITES_TO_EXECUTABLE_MEMORY BitFields: ULONG [ Machine set_Machine[0..16], KernelMode set_KernelMode[16..17], UserMode set_UserMode[17..18], Native set_Native[18..19], Process set_Process[19..20], ReservedZero0 set_ReservedZero0[20..32], ]} pub type PMANAGE_WRITES_TO_EXECUTABLE_MEMORY = *mut MANAGE_WRITES_TO_EXECUTABLE_MEMORY; pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM: UCHAR = 1; pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM: UCHAR = 2; pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM_V: UCHAR = 1; pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM_V: UCHAR = 2; STRUCT!{struct PROCESS_READWRITEVM_LOGGING_INFORMATION { Flags: UCHAR, }} BITFIELD!{PROCESS_READWRITEVM_LOGGING_INFORMATION Flags: UCHAR [ EnableReadVmLogging set_EnableReadVmLogging[0..1], EnableWriteVmLogging set_EnableWriteVmLogging[1..2], Unused set_Unused[2..8], ]} UNION!{union PROCESS_UPTIME_INFORMATION_u { HangCount: ULONG, GhostCount: ULONG, Crashed: ULONG, Terminated: ULONG, }} pub type PPROCESS_READWRITEVM_LOGGING_INFORMATION = *mut PROCESS_READWRITEVM_LOGGING_INFORMATION; STRUCT!{struct PROCESS_UPTIME_INFORMATION { QueryInterruptTime: ULONGLONG, QueryUnbiasedTime: ULONGLONG, EndInterruptTime: ULONGLONG, TimeSinceCreation: ULONGLONG, Uptime: ULONGLONG, SuspendedTime: ULONGLONG, u: PROCESS_UPTIME_INFORMATION_u, }} pub type PPROCESS_UPTIME_INFORMATION = *mut PROCESS_UPTIME_INFORMATION; STRUCT!{struct PROCESS_SYSTEM_RESOURCE_MANAGEMENT { Flags: ULONG, }} pub type PPROCESS_SYSTEM_RESOURCE_MANAGEMENT = *mut PROCESS_SYSTEM_RESOURCE_MANAGEMENT; BITFIELD!{PROCESS_SYSTEM_RESOURCE_MANAGEMENT Flags: ULONG [ Foreground set_Foreground[0..1], Reserved set_Reserved[1..32], ]} STRUCT!{struct PROCESS_SECURITY_DOMAIN_INFORMATION { SecurityDomain: ULONGLONG, }} pub type PPROCESS_SECURITY_DOMAIN_INFORMATION = *mut PROCESS_SECURITY_DOMAIN_INFORMATION; STRUCT!{struct PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION { ProcessHandle: HANDLE, }} pub type PPROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION = *mut PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION; STRUCT!{struct PROCESS_LOGGING_INFORMATION { Flags: ULONG, BitFields: ULONG, }} BITFIELD!{PROCESS_LOGGING_INFORMATION BitFields: ULONG [ EnableReadVmLogging set_EnableReadVmLogging[0..1], EnableWriteVmLogging set_EnableWriteVmLogging[1..2], EnableProcessSuspendResumeLogging set_EnableProcessSuspendResumeLogging[2..3], EnableThreadSuspendResumeLogging set_EnableThreadSuspendResumeLogging[3..4], Reserved set_Reserved[4..32], ]} pub type PPROCESS_LOGGING_INFORMATION = *mut PROCESS_LOGGING_INFORMATION; STRUCT!{struct PROCESS_LEAP_SECOND_INFORMATION { Flags: ULONG, Reserved: ULONG, }} pub type PPROCESS_LEAP_SECOND_INFORMATION = *mut PROCESS_LEAP_SECOND_INFORMATION; STRUCT!{struct THREAD_BASIC_INFORMATION { ExitStatus: NTSTATUS, TebBaseAddress: PTEB, ClientId: CLIENT_ID, AffinityMask: ULONG_PTR, Priority: KPRIORITY, BasePriority: LONG, }} pub type PTHREAD_BASIC_INFORMATION = *mut THREAD_BASIC_INFORMATION; STRUCT!{struct THREAD_LAST_SYSCALL_INFORMATION { FirstArgument: PVOID, SystemCallNumber: USHORT, Pad: [USHORT; 1], WaitTime: ULONG64, }} pub type PTHREAD_LAST_SYSCALL_INFORMATION = *mut THREAD_LAST_SYSCALL_INFORMATION; STRUCT!{struct THREAD_CYCLE_TIME_INFORMATION { AccumulatedCycles: ULONGLONG, CurrentCycleCount: ULONGLONG, }} pub type PTHREAD_CYCLE_TIME_INFORMATION = *mut THREAD_CYCLE_TIME_INFORMATION; STRUCT!{struct THREAD_TEB_INFORMATION { TebInformation: PVOID, TebOffset: ULONG, BytesToRead: ULONG, }} pub type PTHREAD_TEB_INFORMATION = *mut THREAD_TEB_INFORMATION; STRUCT!{struct COUNTER_READING { Type: HARDWARE_COUNTER_TYPE, Index: ULONG, Start: ULONG64, Total: ULONG64, }} pub type PCOUNTER_READING = *mut COUNTER_READING; STRUCT!{struct THREAD_PERFORMANCE_DATA { Size: USHORT, Version: USHORT, ProcessorNumber: PROCESSOR_NUMBER, ContextSwitches: ULONG, HwCountersCount: ULONG, UpdateCount: ULONG64, WaitReasonBitMap: ULONG64, HardwareCounters: ULONG64, CycleTime: COUNTER_READING, HwCounters: [COUNTER_READING; MAX_HW_COUNTERS], }} pub type PTHREAD_PERFORMANCE_DATA = *mut THREAD_PERFORMANCE_DATA; STRUCT!{struct THREAD_PROFILING_INFORMATION { HardwareCounters: ULONG64, Flags: ULONG, Enable: ULONG, PerformanceData: PTHREAD_PERFORMANCE_DATA, }} pub type PTHREAD_PROFILING_INFORMATION = *mut THREAD_PROFILING_INFORMATION; #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] STRUCT!{#[repr(align(16))] struct RTL_UMS_CONTEXT { Link: SINGLE_LIST_ENTRY, __padding: u64, Context: CONTEXT, Teb: PVOID, UserContext: PVOID, ScheduledThread: ULONG, Suspended: ULONG, VolatileContext: ULONG, Terminated: ULONG, DebugActive: ULONG, RunningOnSelfThread: ULONG, DenyRunningOnSelfThread: ULONG, Flags: LONG, KernelUpdateLock: ULONG64, PrimaryClientID: ULONG64, ContextLock: ULONG64, PrimaryUmsContext: *mut RTL_UMS_CONTEXT, SwitchCount: ULONG, KernelYieldCount: ULONG, MixedYieldCount: ULONG, YieldCount: ULONG, }} #[cfg(target_arch = "x86")] STRUCT!{struct RTL_UMS_CONTEXT { Link: SINGLE_LIST_ENTRY, Context: CONTEXT, Teb: PVOID, UserContext: PVOID, ScheduledThread: ULONG, Suspended: ULONG, VolatileContext: ULONG, Terminated: ULONG, DebugActive: ULONG, RunningOnSelfThread: ULONG, DenyRunningOnSelfThread: ULONG, Flags: LONG, KernelUpdateLock: ULONG64, PrimaryClientID: ULONG64, ContextLock: ULONG64, PrimaryUmsContext: *mut RTL_UMS_CONTEXT, SwitchCount: ULONG, KernelYieldCount: ULONG, MixedYieldCount: ULONG, YieldCount: ULONG, __padding: u32, }} pub type PRTL_UMS_CONTEXT = *mut RTL_UMS_CONTEXT; ENUM!{enum THREAD_UMS_INFORMATION_COMMAND { UmsInformationCommandInvalid = 0, UmsInformationCommandAttach = 1, UmsInformationCommandDetach = 2, UmsInformationCommandQuery = 3, }} STRUCT!{struct RTL_UMS_COMPLETION_LIST { ThreadListHead: PSINGLE_LIST_ENTRY, CompletionEvent: PVOID, CompletionFlags: ULONG, InternalListHead: SINGLE_LIST_ENTRY, }} pub type PRTL_UMS_COMPLETION_LIST = *mut RTL_UMS_COMPLETION_LIST; STRUCT!{struct THREAD_UMS_INFORMATION { Command: THREAD_UMS_INFORMATION_COMMAND, CompletionList: PRTL_UMS_COMPLETION_LIST, UmsContext: PRTL_UMS_CONTEXT, Flags: ULONG, }} BITFIELD!{THREAD_UMS_INFORMATION Flags: ULONG [ IsUmsSchedulerThread set_IsUmsSchedulerThread[0..1], IsUmsWorkerThread set_IsUmsWorkerThread[1..2], SpareBits set_SpareBits[2..32], ]} pub type PTHREAD_UMS_INFORMATION = *mut THREAD_UMS_INFORMATION; STRUCT!{struct THREAD_NAME_INFORMATION { ThreadName: UNICODE_STRING, }} pub type PTHREAD_NAME_INFORMATION = *mut THREAD_NAME_INFORMATION; ENUM!{enum SUBSYSTEM_INFORMATION_TYPE { SubsystemInformationTypeWin32 = 0, SubsystemInformationTypeWSL = 1, MaxSubsystemInformationType = 2, }} ENUM!{enum THREAD_WORKLOAD_CLASS { ThreadWorkloadClassDefault = 0, ThreadWorkloadClassGraphics = 1, MaxThreadWorkloadClass = 2, }} EXTERN!{extern "system" { fn NtCreateProcess( ProcessHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ParentProcess: HANDLE, InheritObjectTable: BOOLEAN, SectionHandle: HANDLE, DebugPort: HANDLE, ExceptionPort: HANDLE, ) -> NTSTATUS; }} pub const PROCESS_CREATE_FLAGS_BREAKAWAY: ULONG = 0x00000001; pub const PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT: ULONG = 0x00000002; pub const PROCESS_CREATE_FLAGS_INHERIT_HANDLES: ULONG = 0x00000004; pub const PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE: ULONG = 0x00000008; pub const PROCESS_CREATE_FLAGS_LARGE_PAGES: ULONG = 0x00000010; EXTERN!{extern "system" { fn NtCreateProcessEx( ProcessHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ParentProcess: HANDLE, Flags: ULONG, SectionHandle: HANDLE, DebugPort: HANDLE, ExceptionPort: HANDLE, JobMemberLevel: ULONG, ) -> NTSTATUS; fn NtOpenProcess( ProcessHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ClientId: PCLIENT_ID, ) -> NTSTATUS; fn NtTerminateProcess( ProcessHandle: HANDLE, ExitStatus: NTSTATUS, ) -> NTSTATUS; fn NtSuspendProcess( ProcessHandle: HANDLE, ) -> NTSTATUS; fn NtResumeProcess( ProcessHandle: HANDLE, ) -> NTSTATUS; }} pub const NtCurrentProcess: HANDLE = -1isize as *mut c_void; pub const ZwCurrentProcess: HANDLE = NtCurrentProcess; pub const NtCurrentThread: HANDLE = -2isize as *mut c_void; pub const ZwCurrentThread: HANDLE = NtCurrentThread; pub const NtCurrentSession: HANDLE = -3isize as *mut c_void; pub const ZwCurrentSession: HANDLE = NtCurrentSession; #[inline] #[cfg(not(target_arch = "aarch64"))] pub unsafe fn NtCurrentPeb() -> PPEB { (*NtCurrentTeb()).ProcessEnvironmentBlock } pub const NtCurrentProcessToken: HANDLE = -4isize as *mut c_void; pub const NtCurrentThreadToken: HANDLE = -5isize as *mut c_void; pub const NtCurrentEffectiveToken: HANDLE = -6isize as *mut c_void; pub const NtCurrentSilo: HANDLE = -1isize as *mut c_void; #[inline] #[cfg(not(target_arch = "aarch64"))] pub unsafe fn NtCurrentProcessId() -> HANDLE { (*NtCurrentTeb()).ClientId.UniqueProcess } #[inline] #[cfg(not(target_arch = "aarch64"))] pub unsafe fn NtCurrentThreadId() -> HANDLE { (*NtCurrentTeb()).ClientId.UniqueThread } EXTERN!{extern "system" { fn NtQueryInformationProcess( ProcessHandle: HANDLE, ProcessInformationClass: PROCESSINFOCLASS, ProcessInformation: PVOID, ProcessInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtGetNextProcess( ProcessHandle: HANDLE, DesiredAccess: ACCESS_MASK, HandleAttributes: ULONG, Flags: ULONG, NewProcessHandle: PHANDLE, ) -> NTSTATUS; fn NtGetNextThread( ProcessHandle: HANDLE, ThreadHandle: HANDLE, DesiredAccess: ACCESS_MASK, HandleAttributes: ULONG, Flags: ULONG, NewThreadHandle: PHANDLE, ) -> NTSTATUS; fn NtSetInformationProcess( ProcessHandle: HANDLE, ProcessInformationClass: PROCESSINFOCLASS, ProcessInformation: PVOID, ProcessInformationLength: ULONG, ) -> NTSTATUS; fn NtQueryPortInformationProcess() -> NTSTATUS; fn NtCreateThread( ThreadHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ProcessHandle: HANDLE, ClientId: PCLIENT_ID, ThreadContext: PCONTEXT, InitialTeb: PINITIAL_TEB, CreateSuspended: BOOLEAN, ) -> NTSTATUS; fn NtOpenThread( ThreadHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ClientId: PCLIENT_ID, ) -> NTSTATUS; fn NtTerminateThread( ThreadHandle: HANDLE, ExitStatus: NTSTATUS, ) -> NTSTATUS; fn NtSuspendThread( ThreadHandle: HANDLE, PreviousSuspendCount: PULONG, ) -> NTSTATUS; fn NtResumeThread( ThreadHandle: HANDLE, PreviousSuspendCount: PULONG, ) -> NTSTATUS; fn NtGetCurrentProcessorNumber() -> ULONG; fn NtGetContextThread( ThreadHandle: HANDLE, ThreadContext: PCONTEXT, ) -> NTSTATUS; fn NtSetContextThread( ThreadHandle: HANDLE, ThreadContext: PCONTEXT, ) -> NTSTATUS; fn NtQueryInformationThread( ThreadHandle: HANDLE, ThreadInformationClass: THREADINFOCLASS, ThreadInformation: PVOID, ThreadInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtSetInformationThread( ThreadHandle: HANDLE, ThreadInformationClass: THREADINFOCLASS, ThreadInformation: PVOID, ThreadInformationLength: ULONG, ) -> NTSTATUS; fn NtAlertThread( ThreadHandle: HANDLE, ) -> NTSTATUS; fn NtAlertResumeThread( ThreadHandle: HANDLE, PreviousSuspendCount: PULONG, ) -> NTSTATUS; fn NtTestAlert() -> NTSTATUS; fn NtImpersonateThread( ServerThreadHandle: HANDLE, ClientThreadHandle: HANDLE, SecurityQos: PSECURITY_QUALITY_OF_SERVICE, ) -> NTSTATUS; fn NtRegisterThreadTerminatePort( PortHandle: HANDLE, ) -> NTSTATUS; fn NtSetLdtEntries( Selector0: ULONG, Entry0Low: ULONG, Entry0Hi: ULONG, Selector1: ULONG, Entry1Low: ULONG, Entry1Hi: ULONG, ) -> NTSTATUS; }} FN!{cdecl PPS_APC_ROUTINE( ApcArgument1: PVOID, ApcArgument2: PVOID, ApcArgument3: PVOID, ) -> ()} EXTERN!{extern "system" { fn NtQueueApcThread( ThreadHandle: HANDLE, ApcRoutine: PPS_APC_ROUTINE, ApcArgument1: PVOID, ApcArgument2: PVOID, ApcArgument3: PVOID, ) -> NTSTATUS; }} pub const APC_FORCE_THREAD_SIGNAL: HANDLE = 1 as *mut c_void; EXTERN!{extern "system" { fn NtQueueApcThreadEx( ThreadHandle: HANDLE, UserApcReserveHandle: HANDLE, ApcRoutine: PPS_APC_ROUTINE, ApcArgument1: PVOID, ApcArgument2: PVOID, ApcArgument3: PVOID, ) -> NTSTATUS; fn NtAlertThreadByThreadId( ThreadId: HANDLE, ) -> NTSTATUS; fn NtWaitForAlertByThreadId( Address: PVOID, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; }} pub const PS_ATTRIBUTE_NUMBER_MASK: u32 = 0x0000ffff; pub const PS_ATTRIBUTE_THREAD: u32 = 0x00010000; pub const PS_ATTRIBUTE_INPUT: u32 = 0x00020000; pub const PS_ATTRIBUTE_ADDITIVE: u32 = 0x00040000; ENUM!{enum PS_ATTRIBUTE_NUM { PsAttributeParentProcess = 0, PsAttributeDebugPort = 1, PsAttributeToken = 2, PsAttributeClientId = 3, PsAttributeTebAddress = 4, PsAttributeImageName = 5, PsAttributeImageInfo = 6, PsAttributeMemoryReserve = 7, PsAttributePriorityClass = 8, PsAttributeErrorMode = 9, PsAttributeStdHandleInfo = 10, PsAttributeHandleList = 11, PsAttributeGroupAffinity = 12, PsAttributePreferredNode = 13, PsAttributeIdealProcessor = 14, PsAttributeUmsThread = 15, PsAttributeMitigationOptions = 16, PsAttributeProtectionLevel = 17, PsAttributeSecureProcess = 18, PsAttributeJobList = 19, PsAttributeChildProcessPolicy = 20, PsAttributeAllApplicationPackagesPolicy = 21, PsAttributeWin32kFilter = 22, PsAttributeSafeOpenPromptOriginClaim = 23, PsAttributeBnoIsolation = 24, PsAttributeDesktopAppPolicy = 25, PsAttributeChpe = 26, PsAttributeMax = 27, }} #[inline] pub const fn PsAttributeValue( mut Number: PS_ATTRIBUTE_NUM, Thread: bool, Input: bool, Additive: bool, ) -> ULONG_PTR { Number &= PS_ATTRIBUTE_NUMBER_MASK; if Thread { Number |= PS_ATTRIBUTE_THREAD; } if Input { Number |= PS_ATTRIBUTE_INPUT; } if Additive { Number |= PS_ATTRIBUTE_ADDITIVE; } Number as _ } pub const PS_ATTRIBUTE_PARENT_PROCESS: ULONG_PTR = 0x00060000; pub const PS_ATTRIBUTE_DEBUG_PORT: ULONG_PTR = 0x00060001; pub const PS_ATTRIBUTE_TOKEN: ULONG_PTR = 0x00060002; pub const PS_ATTRIBUTE_CLIENT_ID: ULONG_PTR = 0x00010003; pub const PS_ATTRIBUTE_TEB_ADDRESS: ULONG_PTR = 0x00010004; pub const PS_ATTRIBUTE_IMAGE_NAME: ULONG_PTR = 0x00020005; pub const PS_ATTRIBUTE_IMAGE_INFO: ULONG_PTR = 0x00000006; pub const PS_ATTRIBUTE_MEMORY_RESERVE: ULONG_PTR = 0x00020007; pub const PS_ATTRIBUTE_PRIORITY_CLASS: ULONG_PTR = 0x00020008; pub const PS_ATTRIBUTE_ERROR_MODE: ULONG_PTR = 0x00020009; pub const PS_ATTRIBUTE_STD_HANDLE_INFO: ULONG_PTR = 0x0002000a; pub const PS_ATTRIBUTE_HANDLE_LIST: ULONG_PTR = 0x0002000b; pub const PS_ATTRIBUTE_GROUP_AFFINITY: ULONG_PTR = 0x0003000c; pub const PS_ATTRIBUTE_PREFERRED_NODE: ULONG_PTR = 0x0002000d; pub const PS_ATTRIBUTE_IDEAL_PROCESSOR: ULONG_PTR = 0x0003000e; pub const PS_ATTRIBUTE_UMS_THREAD: ULONG_PTR = 0x0003000f; pub const PS_ATTRIBUTE_MITIGATION_OPTIONS: ULONG_PTR = 0x00060010; pub const PS_ATTRIBUTE_PROTECTION_LEVEL: ULONG_PTR = 0x00060011; pub const PS_ATTRIBUTE_SECURE_PROCESS: ULONG_PTR = 0x00020012; pub const PS_ATTRIBUTE_JOB_LIST: ULONG_PTR = 0x00020013; pub const PS_ATTRIBUTE_CHILD_PROCESS_POLICY: ULONG_PTR = 0x00020014; pub const PS_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY: ULONG_PTR = 0x00020015; pub const PS_ATTRIBUTE_WIN32K_FILTER: ULONG_PTR = 0x00020016; pub const PS_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM: ULONG_PTR = 0x00020017; pub const PS_ATTRIBUTE_BNO_ISOLATION: ULONG_PTR = 0x00020018; pub const PS_ATTRIBUTE_DESKTOP_APP_POLICY: ULONG_PTR = 0x00020019; UNION!{union PS_ATTRIBUTE_u { Value: ULONG_PTR, ValuePtr: PVOID, }} STRUCT!{struct PS_ATTRIBUTE { Attribute: ULONG_PTR, Size: SIZE_T, u: PS_ATTRIBUTE_u, ReturnLength: PSIZE_T, }} pub type PPS_ATTRIBUTE = *mut PS_ATTRIBUTE; STRUCT!{struct PS_ATTRIBUTE_LIST { TotalLength: SIZE_T, Attributes: [PS_ATTRIBUTE; 1], }} pub type PPS_ATTRIBUTE_LIST = *mut PS_ATTRIBUTE_LIST; STRUCT!{struct PS_MEMORY_RESERVE { ReserveAddress: PVOID, ReserveSize: SIZE_T, }} pub type PPS_MEMORY_RESERVE = *mut PS_MEMORY_RESERVE; ENUM!{enum PS_STD_HANDLE_STATE { PsNeverDuplicate = 0, PsRequestDuplicate = 1, PsAlwaysDuplicate = 2, PsMaxStdHandleStates = 3, }} pub const PS_STD_INPUT_HANDLE: u32 = 0x1; pub const PS_STD_OUTPUT_HANDLE: u32 = 0x2; pub const PS_STD_ERROR_HANDLE: u32 = 0x4; STRUCT!{struct PS_STD_HANDLE_INFO { Flags: ULONG, StdHandleSubsystemType: ULONG, }} pub type PPS_STD_HANDLE_INFO = *mut PS_STD_HANDLE_INFO; BITFIELD!{PS_STD_HANDLE_INFO Flags: ULONG [ StdHandleState set_StdHandleState[0..2], PseudoHandleMask set_PseudoHandleMask[2..5], ]} STRUCT!{struct PS_BNO_ISOLATION_PARAMETERS { IsolationPrefix: UNICODE_STRING, HandleCount: ULONG, Handles: *mut PVOID, IsolationEnabled: BOOLEAN, }} pub type PPS_BNO_ISOLATION_PARAMETERS = *mut PS_BNO_ISOLATION_PARAMETERS; ENUM!{enum PS_MITIGATION_OPTION { PS_MITIGATION_OPTION_NX = 0, PS_MITIGATION_OPTION_SEHOP = 1, PS_MITIGATION_OPTION_FORCE_RELOCATE_IMAGES = 2, PS_MITIGATION_OPTION_HEAP_TERMINATE = 3, PS_MITIGATION_OPTION_BOTTOM_UP_ASLR = 4, PS_MITIGATION_OPTION_HIGH_ENTROPY_ASLR = 5, PS_MITIGATION_OPTION_STRICT_HANDLE_CHECKS = 6, PS_MITIGATION_OPTION_WIN32K_SYSTEM_CALL_DISABLE = 7, PS_MITIGATION_OPTION_EXTENSION_POINT_DISABLE = 8, PS_MITIGATION_OPTION_PROHIBIT_DYNAMIC_CODE = 9, PS_MITIGATION_OPTION_CONTROL_FLOW_GUARD = 10, PS_MITIGATION_OPTION_BLOCK_NON_MICROSOFT_BINARIES = 11, PS_MITIGATION_OPTION_FONT_DISABLE = 12, PS_MITIGATION_OPTION_IMAGE_LOAD_NO_REMOTE = 13, PS_MITIGATION_OPTION_IMAGE_LOAD_NO_LOW_LABEL = 14, PS_MITIGATION_OPTION_IMAGE_LOAD_PREFER_SYSTEM32 = 15, PS_MITIGATION_OPTION_RETURN_FLOW_GUARD = 16, PS_MITIGATION_OPTION_LOADER_INTEGRITY_CONTINUITY = 17, PS_MITIGATION_OPTION_STRICT_CONTROL_FLOW_GUARD = 18, PS_MITIGATION_OPTION_RESTRICT_SET_THREAD_CONTEXT = 19, PS_MITIGATION_OPTION_ROP_STACKPIVOT = 20, PS_MITIGATION_OPTION_ROP_CALLER_CHECK = 21, PS_MITIGATION_OPTION_ROP_SIMEXEC = 22, PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER = 23, PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER_PLUS = 24, PS_MITIGATION_OPTION_RESTRICT_CHILD_PROCESS_CREATION = 25, PS_MITIGATION_OPTION_IMPORT_ADDRESS_FILTER = 26, PS_MITIGATION_OPTION_MODULE_TAMPERING_PROTECTION = 27, PS_MITIGATION_OPTION_RESTRICT_INDIRECT_BRANCH_PREDICTION = 28, PS_MITIGATION_OPTION_SPECULATIVE_STORE_BYPASS_DISABLE = 29, PS_MITIGATION_OPTION_ALLOW_DOWNGRADE_DYNAMIC_CODE_POLICY = 30, PS_MITIGATION_OPTION_CET_SHADOW_STACKS = 31, }} ENUM!{enum PS_CREATE_STATE { PsCreateInitialState = 0, PsCreateFailOnFileOpen = 1, PsCreateFailOnSectionCreate = 2, PsCreateFailExeFormat = 3, PsCreateFailMachineMismatch = 4, PsCreateFailExeName = 5, PsCreateSuccess = 6, PsCreateMaximumStates = 7, }} STRUCT!{struct PS_CREATE_INFO_u_InitState { InitFlags: ULONG, AdditionalFileAccess: ACCESS_MASK, }} BITFIELD!{PS_CREATE_INFO_u_InitState InitFlags: ULONG [ WriteOutputOnExit set_WriteOutputOnExit[0..1], DetectManifest set_DetectManifest[1..2], IFEOSkipDebugger set_IFEOSkipDebugger[2..3], IFEODoNotPropagateKeyState set_IFEODoNotPropagateKeyState[3..4], SpareBits1 set_SpareBits1[4..8], SpareBits2 set_SpareBits2[8..16], ProhibitedImageCharacteristics set_ProhibitedImageCharacteristics[16..32], ]} STRUCT!{struct PS_CREATE_INFO_u_SuccessState { OutputFlags: ULONG, FileHandle: HANDLE, SectionHandle: HANDLE, UserProcessParametersNative: ULONGLONG, UserProcessParametersWow64: ULONG, CurrentParameterFlags: ULONG, PebAddressNative: ULONGLONG, PebAddressWow64: ULONG, ManifestAddress: ULONGLONG, ManifestSize: ULONG, }} BITFIELD!{PS_CREATE_INFO_u_SuccessState OutputFlags: ULONG [ ProtectedProcess set_ProtectedProcess[0..1], AddressSpaceOverride set_AddressSpaceOverride[1..2], DevOverrideEnabled set_DevOverrideEnabled[2..3], ManifestDetected set_ManifestDetected[3..4], ProtectedProcessLight set_ProtectedProcessLight[4..5], SpareBits1 set_SpareBits1[5..8], SpareBits2 set_SpareBits2[8..16], SpareBits3 set_SpareBits3[16..32], ]} UNION!{union PS_CREATE_INFO_u { InitState: PS_CREATE_INFO_u_InitState, FileHandle: HANDLE, DllCharacteristics: USHORT, IFEOKey: HANDLE, SuccessState: PS_CREATE_INFO_u_SuccessState, }} STRUCT!{struct PS_CREATE_INFO { Size: SIZE_T, State: PS_CREATE_STATE, u: PS_CREATE_INFO_u, }} pub type PPS_CREATE_INFO = *mut PS_CREATE_INFO; pub const PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL: ULONG = 0x00000020; pub const PROCESS_CREATE_FLAGS_PROTECTED_PROCESS: ULONG = 0x00000040; pub const PROCESS_CREATE_FLAGS_CREATE_SESSION: ULONG = 0x00000080; pub const PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT: ULONG = 0x00000100; pub const PROCESS_CREATE_FLAGS_SUSPENDED: ULONG = 0x00000200; pub const PROCESS_CREATE_FLAGS_EXTENDED_UNKNOWN: ULONG = 0x00000400; EXTERN!{extern "system" { fn NtCreateUserProcess( ProcessHandle: PHANDLE, ThreadHandle: PHANDLE, ProcessDesiredAccess: ACCESS_MASK, ThreadDesiredAccess: ACCESS_MASK, ProcessObjectAttributes: POBJECT_ATTRIBUTES, ThreadObjectAttributes: POBJECT_ATTRIBUTES, ProcessFlags: ULONG, ThreadFlags: ULONG, ProcessParameters: PVOID, CreateInfo: PPS_CREATE_INFO, AttributeList: PPS_ATTRIBUTE_LIST, ) -> NTSTATUS; }} pub const THREAD_CREATE_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001; pub const THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH: ULONG = 0x00000002; pub const THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER: ULONG = 0x00000004; pub const THREAD_CREATE_FLAGS_HAS_SECURITY_DESCRIPTOR: ULONG = 0x00000010; pub const THREAD_CREATE_FLAGS_ACCESS_CHECK_IN_TARGET: ULONG = 0x00000020; pub const THREAD_CREATE_FLAGS_INITIAL_THREAD: ULONG = 0x00000080; EXTERN!{extern "system" { fn NtCreateThreadEx( ThreadHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ProcessHandle: HANDLE, StartRoutine: PVOID, Argument: PVOID, CreateFlags: ULONG, ZeroBits: SIZE_T, StackSize: SIZE_T, MaximumStackSize: SIZE_T, AttributeList: PPS_ATTRIBUTE_LIST, ) -> NTSTATUS; }} STRUCT!{struct JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION { BasicInfo: JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, IoInfo: IO_COUNTERS, DiskIoInfo: PROCESS_DISK_COUNTERS, ContextSwitches: ULONG64, TotalCycleTime: LARGE_INTEGER, ReadyTime: ULONG64, EnergyValues: PROCESS_ENERGY_VALUES, }} pub type PJOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION = *mut JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION; STRUCT!{struct JOBOBJECT_WAKE_INFORMATION { NotificationChannel: HANDLE, WakeCounters: [ULONG64; 7], }} pub type PJOBOBJECT_WAKE_INFORMATION = *mut JOBOBJECT_WAKE_INFORMATION; STRUCT!{struct JOBOBJECT_WAKE_INFORMATION_V1 { NotificationChannel: HANDLE, WakeCounters: [ULONG64; 4], }} pub type PJOBOBJECT_WAKE_INFORMATION_V1 = *mut JOBOBJECT_WAKE_INFORMATION_V1; STRUCT!{struct JOBOBJECT_INTERFERENCE_INFORMATION { Count: ULONG64, }} pub type PJOBOBJECT_INTERFERENCE_INFORMATION = *mut JOBOBJECT_INTERFERENCE_INFORMATION; STRUCT!{struct JOBOBJECT_WAKE_FILTER { HighEdgeFilter: ULONG, LowEdgeFilter: ULONG, }} pub type PJOBOBJECT_WAKE_FILTER = *mut JOBOBJECT_WAKE_FILTER; STRUCT!{struct JOBOBJECT_FREEZE_INFORMATION { Flags: ULONG, Freeze: BOOLEAN, Swap: BOOLEAN, Reserved0: [UCHAR; 2], WakeFilter: JOBOBJECT_WAKE_FILTER, }} pub type PJOBOBJECT_FREEZE_INFORMATION = *mut JOBOBJECT_FREEZE_INFORMATION; BITFIELD!{JOBOBJECT_FREEZE_INFORMATION Flags: ULONG [ FreezeOperation set_FreezeOperation[0..1], FilterOperation set_FilterOperation[1..2], SwapOperation set_SwapOperation[2..3], Reserved set_Reserved[3..32], ]} STRUCT!{struct JOBOBJECT_MEMORY_USAGE_INFORMATION { JobMemory: ULONG64, PeakJobMemoryUsed: ULONG64, }} pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION = *mut JOBOBJECT_MEMORY_USAGE_INFORMATION; STRUCT!{struct JOBOBJECT_MEMORY_USAGE_INFORMATION_V2 { BasicInfo: JOBOBJECT_MEMORY_USAGE_INFORMATION, JobSharedMemory: ULONG64, Reserved: [ULONG64; 2], }} pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION_V2 = *mut JOBOBJECT_MEMORY_USAGE_INFORMATION_V2; STRUCT!{struct SILO_USER_SHARED_DATA { ServiceSessionId: ULONG64, ActiveConsoleId: ULONG, ConsoleSessionForegroundProcessId: LONGLONG, NtProductType: NT_PRODUCT_TYPE, SuiteMask: ULONG, SharedUserSessionId: ULONG, IsMultiSessionSku: BOOLEAN, NtSystemRoot: [WCHAR; 260], UserModeGlobalLogger: [USHORT; 16], }} pub type PSILO_USER_SHARED_DATA = *mut SILO_USER_SHARED_DATA; STRUCT!{struct SILOOBJECT_ROOT_DIRECTORY { ControlFlags: ULONG, Path: UNICODE_STRING, }} pub type PSILOOBJECT_ROOT_DIRECTORY = *mut SILOOBJECT_ROOT_DIRECTORY; STRUCT!{struct JOBOBJECT_ENERGY_TRACKING_STATE { Value: ULONG64, UpdateMask: ULONG, DesiredState: ULONG, }} pub type PJOBOBJECT_ENERGY_TRACKING_STATE = *mut JOBOBJECT_ENERGY_TRACKING_STATE; EXTERN!{extern "system" { fn NtCreateJobObject( JobHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtOpenJobObject( JobHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtAssignProcessToJobObject( JobHandle: HANDLE, ProcessHandle: HANDLE, ) -> NTSTATUS; fn NtTerminateJobObject( JobHandle: HANDLE, ExitStatus: NTSTATUS, ) -> NTSTATUS; fn NtIsProcessInJob( ProcessHandle: HANDLE, JobHandle: HANDLE, ) -> NTSTATUS; fn NtQueryInformationJobObject( JobHandle: HANDLE, JobObjectInformationClass: JOBOBJECTINFOCLASS, JobObjectInformation: PVOID, JobObjectInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtSetInformationJobObject( JobHandle: HANDLE, JobObjectInformationClass: JOBOBJECTINFOCLASS, JobObjectInformation: PVOID, JobObjectInformationLength: ULONG, ) -> NTSTATUS; fn NtCreateJobSet( NumJob: ULONG, UserJobSet: PJOB_SET_ARRAY, Flags: ULONG, ) -> NTSTATUS; fn NtRevertContainerImpersonation() -> NTSTATUS; }} ENUM!{enum MEMORY_RESERVE_TYPE { MemoryReserveUserApc = 0, MemoryReserveIoCompletion = 1, MemoryReserveTypeMax = 2, }} EXTERN!{extern "system" { fn NtAllocateReserveObject( MemoryReserveHandle: PHANDLE, ObjectAttributes: POBJECT_ATTRIBUTES, Type: MEMORY_RESERVE_TYPE, ) -> NTSTATUS; }} ntapi-0.4.0/src/ntregapi.rs000064400000000000000000000325620072674642500137460ustar 00000000000000use crate::ntioapi::{PIO_APC_ROUTINE, PIO_STATUS_BLOCK}; use winapi::shared::ntdef::{ BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, OBJECT_ATTRIBUTES, PHANDLE, POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, UCHAR, ULONG, UNICODE_STRING, USHORT, WCHAR, }; use winapi::um::winnt::ACCESS_MASK; pub const REG_INIT_BOOT_SM: USHORT = 0x0000; pub const REG_INIT_BOOT_SETUP: USHORT = 0x0001; pub const REG_INIT_BOOT_ACCEPTED_BASE: USHORT = 0x0002; pub const REG_INIT_BOOT_ACCEPTED_MAX: USHORT = REG_INIT_BOOT_ACCEPTED_BASE; pub const REG_MAX_KEY_VALUE_NAME_LENGTH: u32 = 32767; pub const REG_MAX_KEY_NAME_LENGTH: u32 = 512; ENUM!{enum KEY_INFORMATION_CLASS { KeyBasicInformation = 0, KeyNodeInformation = 1, KeyFullInformation = 2, KeyNameInformation = 3, KeyCachedInformation = 4, KeyFlagsInformation = 5, KeyVirtualizationInformation = 6, KeyHandleTagsInformation = 7, KeyTrustInformation = 8, KeyLayerInformation = 9, MaxKeyInfoClass = 10, }} STRUCT!{struct KEY_BASIC_INFORMATION { LastWriteTime: LARGE_INTEGER, TitleIndex: ULONG, NameLength: ULONG, Name: [WCHAR; 1], }} pub type PKEY_BASIC_INFORMATION = *mut KEY_BASIC_INFORMATION; STRUCT!{struct KEY_NODE_INFORMATION { LastWriteTime: LARGE_INTEGER, TitleIndex: ULONG, ClassOffset: ULONG, ClassLength: ULONG, NameLength: ULONG, Name: [WCHAR; 1], }} pub type PKEY_NODE_INFORMATION = *mut KEY_NODE_INFORMATION; STRUCT!{struct KEY_FULL_INFORMATION { LastWriteTime: LARGE_INTEGER, TitleIndex: ULONG, ClassOffset: ULONG, ClassLength: ULONG, SubKeys: ULONG, MaxNameLen: ULONG, MaxClassLen: ULONG, Values: ULONG, MaxValueNameLen: ULONG, MaxValueDataLen: ULONG, Class: [WCHAR; 1], }} pub type PKEY_FULL_INFORMATION = *mut KEY_FULL_INFORMATION; STRUCT!{struct KEY_NAME_INFORMATION { NameLength: ULONG, Name: [WCHAR; 1], }} pub type PKEY_NAME_INFORMATION = *mut KEY_NAME_INFORMATION; STRUCT!{struct KEY_CACHED_INFORMATION { LastWriteTime: LARGE_INTEGER, TitleIndex: ULONG, SubKeys: ULONG, MaxNameLen: ULONG, Values: ULONG, MaxValueNameLen: ULONG, MaxValueDataLen: ULONG, NameLength: ULONG, Name: [WCHAR; 1], }} pub type PKEY_CACHED_INFORMATION = *mut KEY_CACHED_INFORMATION; STRUCT!{struct KEY_FLAGS_INFORMATION { UserFlags: ULONG, }} pub type PKEY_FLAGS_INFORMATION = *mut KEY_FLAGS_INFORMATION; STRUCT!{struct KEY_VIRTUALIZATION_INFORMATION { Bitfields: ULONG, }} BITFIELD!{KEY_VIRTUALIZATION_INFORMATION Bitfields: ULONG [ VirtualizationCandidate set_VirtualizationCandidate[0..1], VirtualizationEnabled set_VirtualizationEnabled[1..2], VirtualTarget set_VirtualTarget[2..3], VirtualStore set_VirtualStore[3..4], VirtualSource set_VirtualSource[4..5], Reserved set_Reserved[5..32], ]} pub type PKEY_VIRTUALIZATION_INFORMATION = *mut KEY_VIRTUALIZATION_INFORMATION; STRUCT!{struct KEY_TRUST_INFORMATION { Bitfields: ULONG, }} BITFIELD!{KEY_TRUST_INFORMATION Bitfields: ULONG [ TrustedKey set_TrustedKey[0..1], Reserved set_Reserved[1..32], ]} pub type PKEY_TRUST_INFORMATION = *mut KEY_TRUST_INFORMATION; STRUCT!{struct KEY_LAYER_INFORMATION { IsTombstone: ULONG, IsSupersedeLocal: ULONG, IsSupersedeTree: ULONG, ClassIsInherited: ULONG, Reserved: ULONG, }} pub type PKEY_LAYER_INFORMATION = *mut KEY_LAYER_INFORMATION; ENUM!{enum KEY_SET_INFORMATION_CLASS { KeyWriteTimeInformation = 0, KeyWow64FlagsInformation = 1, KeyControlFlagsInformation = 2, KeySetVirtualizationInformation = 3, KeySetDebugInformation = 4, KeySetHandleTagsInformation = 5, KeySetLayerInformation = 6, MaxKeySetInfoClass = 7, }} STRUCT!{struct KEY_WRITE_TIME_INFORMATION { LastWriteTime: LARGE_INTEGER, }} pub type PKEY_WRITE_TIME_INFORMATION = *mut KEY_WRITE_TIME_INFORMATION; STRUCT!{struct KEY_WOW64_FLAGS_INFORMATION { UserFlags: ULONG, }} pub type PKEY_WOW64_FLAGS_INFORMATION = *mut KEY_WOW64_FLAGS_INFORMATION; STRUCT!{struct KEY_HANDLE_TAGS_INFORMATION { HandleTags: ULONG, }} pub type PKEY_HANDLE_TAGS_INFORMATION = *mut KEY_HANDLE_TAGS_INFORMATION; STRUCT!{struct KEY_SET_LAYER_INFORMATION { Bitfields: ULONG, }} BITFIELD!{KEY_SET_LAYER_INFORMATION Bitfields: ULONG [ IsTombstone set_IsTombstone[0..1], IsSupersedeLocal set_IsSupersedeLocal[1..2], IsSupersedeTree set_IsSupersedeTree[2..3], ClassIsInherited set_ClassIsInherited[3..4], Reserved set_Reserved[4..32], ]} pub type PKEY_SET_LAYER_INFORMATION = *mut KEY_SET_LAYER_INFORMATION; STRUCT!{struct KEY_CONTROL_FLAGS_INFORMATION { ControlFlags: ULONG, }} pub type PKEY_CONTROL_FLAGS_INFORMATION = *mut KEY_CONTROL_FLAGS_INFORMATION; STRUCT!{struct KEY_SET_VIRTUALIZATION_INFORMATION { HandleTags: ULONG, }} BITFIELD!{KEY_SET_VIRTUALIZATION_INFORMATION HandleTags: ULONG [ VirtualTarget set_VirtualTarget[0..1], VirtualStore set_VirtualStore[1..2], VirtualSource set_VirtualSource[2..3], Reserved set_Reserved[3..32], ]} pub type PKEY_SET_VIRTUALIZATION_INFORMATION = *mut KEY_SET_VIRTUALIZATION_INFORMATION; ENUM!{enum KEY_VALUE_INFORMATION_CLASS { KeyValueBasicInformation = 0, KeyValueFullInformation = 1, KeyValuePartialInformation = 2, KeyValueFullInformationAlign64 = 3, KeyValuePartialInformationAlign64 = 4, KeyValueLayerInformation = 5, MaxKeyValueInfoClass = 6, }} STRUCT!{struct KEY_VALUE_BASIC_INFORMATION { TitleIndex: ULONG, Type: ULONG, NameLength: ULONG, Name: [WCHAR; 1], }} pub type PKEY_VALUE_BASIC_INFORMATION = *mut KEY_VALUE_BASIC_INFORMATION; STRUCT!{struct KEY_VALUE_FULL_INFORMATION { TitleIndex: ULONG, Type: ULONG, DataOffset: ULONG, DataLength: ULONG, NameLength: ULONG, Name: [WCHAR; 1], }} pub type PKEY_VALUE_FULL_INFORMATION = *mut KEY_VALUE_FULL_INFORMATION; STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION { TitleIndex: ULONG, Type: ULONG, DataLength: ULONG, Data: [UCHAR; 1], }} pub type PKEY_VALUE_PARTIAL_INFORMATION = *mut KEY_VALUE_PARTIAL_INFORMATION; STRUCT!{struct KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 { Type: ULONG, DataLength: ULONG, Data: [UCHAR; 1], }} pub type PKEY_VALUE_PARTIAL_INFORMATION_ALIGN64 = *mut KEY_VALUE_PARTIAL_INFORMATION_ALIGN64; STRUCT!{struct KEY_VALUE_LAYER_INFORMATION { IsTombstone: ULONG, Reserved: ULONG, }} pub type PKEY_VALUE_LAYER_INFORMATION = *mut KEY_VALUE_LAYER_INFORMATION; STRUCT!{struct KEY_VALUE_ENTRY { ValueName: PUNICODE_STRING, DataLength: ULONG, DataOffset: ULONG, Type: ULONG, }} pub type PKEY_VALUE_ENTRY = *mut KEY_VALUE_ENTRY; ENUM!{enum REG_ACTION { KeyAdded = 0, KeyRemoved = 1, KeyModified = 2, }} STRUCT!{struct REG_NOTIFY_INFORMATION { NextEntryOffset: ULONG, Action: REG_ACTION, KeyLength: ULONG, Key: [WCHAR; 1], }} pub type PREG_NOTIFY_INFORMATION = *mut REG_NOTIFY_INFORMATION; STRUCT!{struct KEY_PID_ARRAY { PID: HANDLE, KeyName: UNICODE_STRING, }} pub type PKEY_PID_ARRAY = *mut KEY_PID_ARRAY; STRUCT!{struct KEY_OPEN_SUBKEYS_INFORMATION { Count: ULONG, KeyArray: [KEY_PID_ARRAY; 1], }} pub type PKEY_OPEN_SUBKEYS_INFORMATION = *mut KEY_OPEN_SUBKEYS_INFORMATION; EXTERN!{extern "system" { fn NtCreateKey( KeyHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TitleIndex: ULONG, Class: PUNICODE_STRING, CreateOptions: ULONG, Disposition: PULONG, ) -> NTSTATUS; fn NtCreateKeyTransacted( KeyHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TitleIndex: ULONG, Class: PUNICODE_STRING, CreateOptions: ULONG, TransactionHandle: HANDLE, Disposition: PULONG, ) -> NTSTATUS; fn NtOpenKey( KeyHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtOpenKeyTransacted( KeyHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TransactionHandle: HANDLE, ) -> NTSTATUS; fn NtOpenKeyEx( KeyHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, OpenOptions: ULONG, ) -> NTSTATUS; fn NtOpenKeyTransactedEx( KeyHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, OpenOptions: ULONG, TransactionHandle: HANDLE, ) -> NTSTATUS; fn NtDeleteKey( KeyHandle: HANDLE, ) -> NTSTATUS; fn NtRenameKey( KeyHandle: HANDLE, NewName: PUNICODE_STRING, ) -> NTSTATUS; fn NtDeleteValueKey( KeyHandle: HANDLE, ValueName: PUNICODE_STRING, ) -> NTSTATUS; fn NtQueryKey( KeyHandle: HANDLE, KeyInformationClass: KEY_INFORMATION_CLASS, KeyInformation: PVOID, Length: ULONG, ResultLength: PULONG, ) -> NTSTATUS; fn NtSetInformationKey( KeyHandle: HANDLE, KeySetInformationClass: KEY_SET_INFORMATION_CLASS, KeySetInformation: PVOID, KeySetInformationLength: ULONG, ) -> NTSTATUS; fn NtQueryValueKey( KeyHandle: HANDLE, ValueName: PUNICODE_STRING, KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, KeyValueInformation: PVOID, Length: ULONG, ResultLength: PULONG, ) -> NTSTATUS; fn NtSetValueKey( KeyHandle: HANDLE, ValueName: PUNICODE_STRING, TitleIndex: ULONG, Type: ULONG, Data: PVOID, DataSize: ULONG, ) -> NTSTATUS; fn NtQueryMultipleValueKey( KeyHandle: HANDLE, ValueEntries: PKEY_VALUE_ENTRY, EntryCount: ULONG, ValueBuffer: PVOID, BufferLength: PULONG, RequiredBufferLength: PULONG, ) -> NTSTATUS; fn NtEnumerateKey( KeyHandle: HANDLE, Index: ULONG, KeyInformationClass: KEY_INFORMATION_CLASS, KeyInformation: PVOID, Length: ULONG, ResultLength: PULONG, ) -> NTSTATUS; fn NtEnumerateValueKey( KeyHandle: HANDLE, Index: ULONG, KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, KeyValueInformation: PVOID, Length: ULONG, ResultLength: PULONG, ) -> NTSTATUS; fn NtFlushKey( KeyHandle: HANDLE, ) -> NTSTATUS; fn NtCompactKeys( Count: ULONG, KeyArray: *mut HANDLE, ) -> NTSTATUS; fn NtCompressKey( Key: HANDLE, ) -> NTSTATUS; fn NtLoadKey( TargetKey: POBJECT_ATTRIBUTES, SourceFile: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtLoadKey2( TargetKey: POBJECT_ATTRIBUTES, SourceFile: POBJECT_ATTRIBUTES, Flags: ULONG, ) -> NTSTATUS; fn NtLoadKeyEx( TargetKey: POBJECT_ATTRIBUTES, SourceFile: POBJECT_ATTRIBUTES, Flags: ULONG, TrustClassKey: HANDLE, Event: HANDLE, DesiredAccess: ACCESS_MASK, RootHandle: PHANDLE, IoStatus: PIO_STATUS_BLOCK, ) -> NTSTATUS; fn NtReplaceKey( NewFile: POBJECT_ATTRIBUTES, TargetHandle: HANDLE, OldFile: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtSaveKey( KeyHandle: HANDLE, FileHandle: HANDLE, ) -> NTSTATUS; fn NtSaveKeyEx( KeyHandle: HANDLE, FileHandle: HANDLE, Format: ULONG, ) -> NTSTATUS; fn NtSaveMergedKeys( HighPrecedenceKeyHandle: HANDLE, LowPrecedenceKeyHandle: HANDLE, FileHandle: HANDLE, ) -> NTSTATUS; fn NtRestoreKey( KeyHandle: HANDLE, FileHandle: HANDLE, Flags: ULONG, ) -> NTSTATUS; fn NtUnloadKey( TargetKey: POBJECT_ATTRIBUTES, ) -> NTSTATUS; }} pub const REG_FORCE_UNLOAD: ULONG = 1; pub const REG_UNLOAD_LEGAL_FLAGS: ULONG = REG_FORCE_UNLOAD; EXTERN!{extern "system" { fn NtUnloadKey2( TargetKey: POBJECT_ATTRIBUTES, Flags: ULONG, ) -> NTSTATUS; fn NtUnloadKeyEx( TargetKey: POBJECT_ATTRIBUTES, Event: HANDLE, ) -> NTSTATUS; fn NtNotifyChangeKey( KeyHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, CompletionFilter: ULONG, WatchTree: BOOLEAN, Buffer: PVOID, BufferSize: ULONG, Asynchronous: BOOLEAN, ) -> NTSTATUS; fn NtNotifyChangeMultipleKeys( MasterKeyHandle: HANDLE, Count: ULONG, SubordinateObjects: *mut OBJECT_ATTRIBUTES, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, CompletionFilter: ULONG, WatchTree: BOOLEAN, Buffer: PVOID, BufferSize: ULONG, Asynchronous: BOOLEAN, ) -> NTSTATUS; fn NtQueryOpenSubKeys( TargetKey: POBJECT_ATTRIBUTES, HandleCount: PULONG, ) -> NTSTATUS; fn NtQueryOpenSubKeysEx( TargetKey: POBJECT_ATTRIBUTES, BufferLength: ULONG, Buffer: PVOID, RequiredSize: PULONG, ) -> NTSTATUS; fn NtInitializeRegistry( BootCondition: USHORT, ) -> NTSTATUS; fn NtLockRegistryKey( KeyHandle: HANDLE, ) -> NTSTATUS; fn NtLockProductActivationKeys( pPrivateVer: *mut ULONG, pSafeMode: *mut ULONG, ) -> NTSTATUS; fn NtFreezeRegistry( TimeOutInSeconds: ULONG, ) -> NTSTATUS; fn NtThawRegistry() -> NTSTATUS; }} ntapi-0.4.0/src/ntrtl.rs000064400000000000000000004050710072674642500132770ustar 00000000000000use core::ptr::null_mut; use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID}; use crate::ntexapi::{RTL_PROCESS_BACKTRACES, RTL_PROCESS_LOCKS}; use crate::ntioapi::FILE_INFORMATION_CLASS; use crate::ntldr::{RTL_PROCESS_MODULES, RTL_PROCESS_MODULE_INFORMATION_EX}; use crate::ntmmapi::SECTION_IMAGE_INFORMATION; use crate::ntnls::{PCPTABLEINFO, PNLSTABLEINFO}; use crate::ntpebteb::{PPEB, PTEB_ACTIVE_FRAME}; use crate::ntpsapi::{PINITIAL_TEB, PPS_APC_ROUTINE, PS_PROTECTION}; use crate::ntapi_base::{PRTL_ATOM, RTL_ATOM}; use crate::string::UTF16Const; use winapi::ctypes::c_void; use winapi::shared::basetsd::{PULONG64, ULONG32, ULONG64, PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR}; use winapi::shared::guiddef::GUID; use winapi::shared::in6addr::in6_addr; use winapi::shared::inaddr::in_addr; use winapi::shared::minwindef::{BOOL, DWORD, PBOOL}; #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] use winapi::shared::ntdef::{LARGE_INTEGER, RTL_BALANCED_NODE}; use winapi::shared::ntdef::{ BOOLEAN, CCHAR, CHAR, CLONG, CSHORT, HANDLE, LCID, LIST_ENTRY, LOGICAL, LONG, LUID, NTSTATUS, PANSI_STRING, PBOOLEAN, PCANSI_STRING, PCCH, PCH, PCHAR, PCOEM_STRING, PCSZ, PCUNICODE_STRING, PCWCH, PCWSTR, PHANDLE, PLARGE_INTEGER, PLCID, PLIST_ENTRY, PLONG, PLUID, PNT_PRODUCT_TYPE, POEM_STRING, PPROCESSOR_NUMBER, PRTL_BALANCED_NODE, PSINGLE_LIST_ENTRY, PSTR, PSTRING, PUCHAR, PULONG, PULONGLONG, PUNICODE_STRING, PUSHORT, PVOID, PWCH, PWCHAR, PWSTR, SINGLE_LIST_ENTRY, STRING, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, VOID, WCHAR, }; use winapi::um::minwinbase::PTHREAD_START_ROUTINE; #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] use winapi::um::winnt::{PGET_RUNTIME_FUNCTION_CALLBACK, PRUNTIME_FUNCTION, PWOW64_CONTEXT}; use winapi::um::winnt::{ ACCESS_MASK, ACL_INFORMATION_CLASS, APC_CALLBACK_FUNCTION, HEAP_INFORMATION_CLASS, HEAP_REALLOC_IN_PLACE_ONLY, HEAP_ZERO_MEMORY, OS_DEPLOYEMENT_STATE_VALUES, PACCESS_MASK, PACL, PCONTEXT, PEXCEPTION_POINTERS, PEXCEPTION_RECORD, PFLS_CALLBACK_FUNCTION, PGENERIC_MAPPING, PIMAGE_NT_HEADERS, PIMAGE_SECTION_HEADER, PLUID_AND_ATTRIBUTES, PMESSAGE_RESOURCE_ENTRY, PPERFORMANCE_DATA, PRTL_BARRIER, PRTL_CONDITION_VARIABLE, PRTL_CRITICAL_SECTION, PRTL_OSVERSIONINFOEXW, PRTL_OSVERSIONINFOW, PRTL_RESOURCE_DEBUG, PRTL_SRWLOCK, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR_CONTROL, PSID, PSID_AND_ATTRIBUTES, PSID_AND_ATTRIBUTES_HASH, PSID_IDENTIFIER_AUTHORITY, PVECTORED_EXCEPTION_HANDLER, PXSAVE_AREA_HEADER, RTL_CRITICAL_SECTION, RTL_SRWLOCK, SECURITY_DESCRIPTOR_CONTROL, SECURITY_IMPERSONATION_LEVEL, SECURITY_INFORMATION, WAITORTIMERCALLBACKFUNC, WORKERCALLBACKFUNC, }; use winapi::vc::vadefs::va_list; #[inline] pub fn InitializeListHead(ListHead: &mut LIST_ENTRY) { ListHead.Flink = ListHead; ListHead.Blink = ListHead; } #[inline] pub fn IsListEmpty(ListHead: &LIST_ENTRY) -> bool { ListHead.Flink as *const _ == ListHead as *const _ } #[inline] pub unsafe fn RemoveEntryList(Entry: &mut LIST_ENTRY) -> bool { let (Blink, Flink) = (Entry.Blink, Entry.Flink); (*Blink).Flink = Flink; (*Flink).Blink = Blink; Flink == Blink } #[inline] pub unsafe fn RemoveHeadList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY { let Entry = ListHead.Flink; let Flink = (*Entry).Flink; ListHead.Flink = Flink; (*Flink).Blink = ListHead; Entry } #[inline] pub unsafe fn RemoveTailList(ListHead: &mut LIST_ENTRY) -> PLIST_ENTRY { let Entry = ListHead.Blink; let Blink = (*Entry).Blink; ListHead.Blink = Blink; (*Blink).Flink = ListHead; Entry } #[inline] pub unsafe fn InsertTailList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) { let Blink = ListHead.Blink; Entry.Flink = ListHead; Entry.Blink = Blink; (*Blink).Flink = Entry; ListHead.Blink = Entry; } #[inline] pub unsafe fn InsertHeadList(ListHead: &mut LIST_ENTRY, Entry: &mut LIST_ENTRY) { let Flink = ListHead.Flink; Entry.Flink = Flink; Entry.Blink = ListHead; (*Flink).Blink = Entry; ListHead.Flink = Entry; } #[inline] pub unsafe fn AppendTailList(ListHead: &mut LIST_ENTRY, ListToAppend: &mut LIST_ENTRY) { let ListEnd = ListHead.Blink; (*ListHead.Blink).Flink = ListToAppend; ListHead.Blink = ListToAppend.Blink; (*ListToAppend.Blink).Flink = ListHead; ListToAppend.Blink = ListEnd; } #[inline] pub unsafe fn PopEntryList(ListHead: &mut SINGLE_LIST_ENTRY) -> PSINGLE_LIST_ENTRY { let FirstEntry = ListHead.Next; if !FirstEntry.is_null() { ListHead.Next = (*FirstEntry).Next; } FirstEntry } #[inline] pub fn PushEntryList(ListHead: &mut SINGLE_LIST_ENTRY, Entry: &mut SINGLE_LIST_ENTRY) { Entry.Next = ListHead.Next; ListHead.Next = Entry; } ENUM!{enum TABLE_SEARCH_RESULT { TableEmptyTree = 0, TableFoundNode = 1, TableInsertAsLeft = 2, TableInsertAsRight = 3, }} ENUM!{enum RTL_GENERIC_COMPARE_RESULTS { GenericLessThan = 0, GenericGreaterThan = 1, GenericEqual = 2, }} FN!{stdcall PRTL_AVL_COMPARE_ROUTINE( Table: *mut RTL_AVL_TABLE, FirstStruct: PVOID, SecondStruct: PVOID, ) -> RTL_GENERIC_COMPARE_RESULTS} FN!{stdcall PRTL_AVL_ALLOCATE_ROUTINE( Table: *mut RTL_AVL_TABLE, ByteSize: CLONG, ) -> PVOID} FN!{stdcall PRTL_AVL_FREE_ROUTINE( Table: *mut RTL_AVL_TABLE, Buffer: PVOID, ) -> ()} FN!{stdcall PRTL_AVL_MATCH_FUNCTION( Table: *mut RTL_AVL_TABLE, UserData: PVOID, MatchData: PVOID, ) -> NTSTATUS} STRUCT!{struct RTL_BALANCED_LINKS { Parent: *mut RTL_BALANCED_LINKS, LeftChild: *mut RTL_BALANCED_LINKS, RightChild: *mut RTL_BALANCED_LINKS, Balance: CHAR, Reserved: [UCHAR; 3], }} pub type PRTL_BALANCED_LINKS = *mut RTL_BALANCED_LINKS; STRUCT!{struct RTL_AVL_TABLE { BalancedRoot: RTL_BALANCED_LINKS, OrderedPointer: PVOID, WhichOrderedElement: ULONG, NumberGenericTableElements: ULONG, DepthOfTree: ULONG, RestartKey: PRTL_BALANCED_LINKS, DeleteCount: ULONG, CompareRoutine: PRTL_AVL_COMPARE_ROUTINE, AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE, FreeRoutine: PRTL_AVL_FREE_ROUTINE, TableContext: PVOID, }} pub type PRTL_AVL_TABLE = *mut RTL_AVL_TABLE; EXTERN!{extern "system" { fn RtlInitializeGenericTableAvl( Table: PRTL_AVL_TABLE, CompareRoutine: PRTL_AVL_COMPARE_ROUTINE, AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE, FreeRoutine: PRTL_AVL_FREE_ROUTINE, TableContext: PVOID, ); fn RtlInsertElementGenericTableAvl( Table: PRTL_AVL_TABLE, Buffer: PVOID, BufferSize: CLONG, NewElement: PBOOLEAN, ) -> PVOID; fn RtlInsertElementGenericTableFullAvl( Table: PRTL_AVL_TABLE, Buffer: PVOID, BufferSize: CLONG, NewElement: PBOOLEAN, NodeOrParent: PVOID, SearchResult: TABLE_SEARCH_RESULT, ) -> PVOID; fn RtlDeleteElementGenericTableAvl( Table: PRTL_AVL_TABLE, Buffer: PVOID, ) -> BOOLEAN; fn RtlLookupElementGenericTableAvl( Table: PRTL_AVL_TABLE, Buffer: PVOID, ) -> PVOID; fn RtlLookupElementGenericTableFullAvl( Table: PRTL_AVL_TABLE, Buffer: PVOID, NodeOrParent: *mut PVOID, SearchResult: *mut TABLE_SEARCH_RESULT, ) -> PVOID; fn RtlEnumerateGenericTableAvl( Table: PRTL_AVL_TABLE, Restart: BOOLEAN, ) -> PVOID; fn RtlEnumerateGenericTableWithoutSplayingAvl( Table: PRTL_AVL_TABLE, RestartKey: *mut PVOID, ) -> PVOID; fn RtlLookupFirstMatchingElementGenericTableAvl( Table: PRTL_AVL_TABLE, Buffer: PVOID, RestartKey: *mut PVOID, ) -> PVOID; fn RtlEnumerateGenericTableLikeADirectory( Table: PRTL_AVL_TABLE, MatchFunction: PRTL_AVL_MATCH_FUNCTION, MatchData: PVOID, NextFlag: ULONG, RestartKey: *mut PVOID, DeleteCount: PULONG, Buffer: PVOID, ) -> PVOID; fn RtlGetElementGenericTableAvl( Table: PRTL_AVL_TABLE, I: ULONG, ) -> PVOID; fn RtlNumberGenericTableElementsAvl( Table: PRTL_AVL_TABLE, ) -> ULONG; fn RtlIsGenericTableEmptyAvl( Table: PRTL_AVL_TABLE, ) -> BOOLEAN; }} STRUCT!{struct RTL_SPLAY_LINKS { Parent: *mut RTL_SPLAY_LINKS, LeftChild: *mut RTL_SPLAY_LINKS, RightChild: *mut RTL_SPLAY_LINKS, }} pub type PRTL_SPLAY_LINKS = *mut RTL_SPLAY_LINKS; #[inline] pub fn RtlInitializeSplayLinks(Links: &mut RTL_SPLAY_LINKS) { Links.Parent = Links; Links.LeftChild = null_mut(); Links.RightChild = null_mut(); } #[inline] pub const fn RtlParent(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS { Links.Parent } #[inline] pub const fn RtlLeftChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS { Links.LeftChild } #[inline] pub const fn RtlRightChild(Links: &RTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS { Links.RightChild } #[inline] pub unsafe fn RtlIsRoot(Links: *const RTL_SPLAY_LINKS) -> bool { (*Links).Parent as *const _ == Links } #[inline] pub unsafe fn RtlIsLeftChild(Links: *const RTL_SPLAY_LINKS) -> bool { RtlLeftChild(&*RtlParent(&*Links)) as *const _ == Links } #[inline] pub unsafe fn RtlIsRightChild(Links: *const RTL_SPLAY_LINKS) -> bool { RtlRightChild(&*RtlParent(&*Links)) as *const _ == Links } #[inline] pub fn RtlInsertAsLeftChild( ParentLinks: &mut RTL_SPLAY_LINKS, ChildLinks: &mut RTL_SPLAY_LINKS, ) { ParentLinks.LeftChild = ChildLinks; ChildLinks.Parent = ParentLinks; } #[inline] pub fn RtlInsertAsRightChild( ParentLinks: &mut RTL_SPLAY_LINKS, ChildLinks: &mut RTL_SPLAY_LINKS, ) { ParentLinks.RightChild = ChildLinks; ChildLinks.Parent = ParentLinks; } EXTERN!{extern "system" { fn RtlSplay( Links: PRTL_SPLAY_LINKS, ) -> PRTL_SPLAY_LINKS; fn RtlDelete( Links: PRTL_SPLAY_LINKS, ) -> PRTL_SPLAY_LINKS; fn RtlDeleteNoSplay( Links: PRTL_SPLAY_LINKS, Root: *mut PRTL_SPLAY_LINKS, ); fn RtlSubtreeSuccessor( Links: PRTL_SPLAY_LINKS, ) -> PRTL_SPLAY_LINKS; fn RtlSubtreePredecessor( Links: PRTL_SPLAY_LINKS, ) -> PRTL_SPLAY_LINKS; fn RtlRealSuccessor( Links: PRTL_SPLAY_LINKS, ) -> PRTL_SPLAY_LINKS; fn RtlRealPredecessor( Links: PRTL_SPLAY_LINKS, ) -> PRTL_SPLAY_LINKS; }} FN!{stdcall PRTL_GENERIC_COMPARE_ROUTINE( Table: *mut RTL_GENERIC_TABLE, FirstStruct: PVOID, SecondStruct: PVOID, ) -> RTL_GENERIC_COMPARE_RESULTS} FN!{stdcall PRTL_GENERIC_ALLOCATE_ROUTINE( Table: *mut RTL_GENERIC_TABLE, ByteSize: CLONG, ) -> PVOID} FN!{stdcall PRTL_GENERIC_FREE_ROUTINE( Table: *mut RTL_GENERIC_TABLE, Buffer: PVOID, ) -> ()} STRUCT!{struct RTL_GENERIC_TABLE { TableRoot: PRTL_SPLAY_LINKS, InsertOrderList: LIST_ENTRY, OrderedPointer: PLIST_ENTRY, WhichOrderedElement: ULONG, NumberGenericTableElements: ULONG, CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE, AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE, FreeRoutine: PRTL_GENERIC_FREE_ROUTINE, TableContext: PVOID, }} pub type PRTL_GENERIC_TABLE = *mut RTL_GENERIC_TABLE; EXTERN!{extern "system" { fn RtlInitializeGenericTable( Table: PRTL_GENERIC_TABLE, CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE, AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE, FreeRoutine: PRTL_GENERIC_FREE_ROUTINE, TableContext: PVOID, ); fn RtlInsertElementGenericTable( Table: PRTL_GENERIC_TABLE, Buffer: PVOID, BufferSize: CLONG, NewElement: PBOOLEAN, ) -> PVOID; fn RtlInsertElementGenericTableFull( Table: PRTL_GENERIC_TABLE, Buffer: PVOID, BufferSize: CLONG, NewElement: PBOOLEAN, NodeOrParent: PVOID, SearchResult: TABLE_SEARCH_RESULT, ) -> PVOID; fn RtlDeleteElementGenericTable( Table: PRTL_GENERIC_TABLE, Buffer: PVOID, ) -> BOOLEAN; fn RtlLookupElementGenericTable( Table: PRTL_GENERIC_TABLE, Buffer: PVOID, ) -> PVOID; fn RtlLookupElementGenericTableFull( Table: PRTL_GENERIC_TABLE, Buffer: PVOID, NodeOrParent: *mut PVOID, SearchResult: *mut TABLE_SEARCH_RESULT, ) -> PVOID; fn RtlEnumerateGenericTable( Table: PRTL_GENERIC_TABLE, Restart: BOOLEAN, ) -> PVOID; fn RtlEnumerateGenericTableWithoutSplaying( Table: PRTL_GENERIC_TABLE, RestartKey: *mut PVOID, ) -> PVOID; fn RtlGetElementGenericTable( Table: PRTL_GENERIC_TABLE, I: ULONG, ) -> PVOID; fn RtlNumberGenericTableElements( Table: PRTL_GENERIC_TABLE, ) -> ULONG; fn RtlIsGenericTableEmpty( Table: PRTL_GENERIC_TABLE, ) -> BOOLEAN; }} STRUCT!{struct RTL_RB_TREE { Root: PRTL_BALANCED_NODE, Min: PRTL_BALANCED_NODE, }} pub type PRTL_RB_TREE = *mut RTL_RB_TREE; EXTERN!{extern "system" { fn RtlRbInsertNodeEx( Tree: PRTL_RB_TREE, Parent: PRTL_BALANCED_NODE, Right: BOOLEAN, Node: PRTL_BALANCED_NODE, ); fn RtlRbRemoveNode( Tree: PRTL_RB_TREE, Node: PRTL_BALANCED_NODE, ); }} pub const RTL_HASH_ALLOCATED_HEADER: u32 = 0x00000001; pub const RTL_HASH_RESERVED_SIGNATURE: u32 = 0; STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENTRY { Linkage: LIST_ENTRY, Signature: ULONG_PTR, }} pub type PRTL_DYNAMIC_HASH_TABLE_ENTRY = *mut RTL_DYNAMIC_HASH_TABLE_ENTRY; #[inline] pub const fn HASH_ENTRY_KEY(x: &RTL_DYNAMIC_HASH_TABLE_ENTRY) -> ULONG_PTR { x.Signature } STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_CONTEXT { ChainHead: PLIST_ENTRY, PrevLinkage: PLIST_ENTRY, Signature: ULONG_PTR, }} pub type PRTL_DYNAMIC_HASH_TABLE_CONTEXT = *mut RTL_DYNAMIC_HASH_TABLE_CONTEXT; STRUCT!{struct RTL_DYNAMIC_HASH_TABLE_ENUMERATOR { HashEntry: RTL_DYNAMIC_HASH_TABLE_ENTRY, ChainHead: PLIST_ENTRY, BucketIndex: ULONG, }} pub type PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR = *mut RTL_DYNAMIC_HASH_TABLE_ENUMERATOR; STRUCT!{struct RTL_DYNAMIC_HASH_TABLE { Flags: ULONG, Shift: ULONG, TableSize: ULONG, Pivot: ULONG, DivisorMask: ULONG, NumEntries: ULONG, NonEmptyBuckets: ULONG, NumEnumerators: ULONG, Directory: PVOID, }} pub type PRTL_DYNAMIC_HASH_TABLE = *mut RTL_DYNAMIC_HASH_TABLE; #[inline] pub fn RtlInitHashTableContext(Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT) { Context.ChainHead = null_mut(); Context.PrevLinkage = null_mut(); } #[inline] pub fn RtlInitHashTableContextFromEnumerator( Context: &mut RTL_DYNAMIC_HASH_TABLE_CONTEXT, Enumerator: &RTL_DYNAMIC_HASH_TABLE_ENUMERATOR, ) { Context.ChainHead = Enumerator.ChainHead; Context.PrevLinkage = Enumerator.HashEntry.Linkage.Blink; } // RtlReleaseHashTableContext #[inline] pub const fn RtlTotalBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { HashTable.TableSize } #[inline] pub const fn RtlNonEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { HashTable.NonEmptyBuckets } #[inline] pub const fn RtlEmptyBucketsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { HashTable.TableSize - HashTable.NonEmptyBuckets } #[inline] pub const fn RtlTotalEntriesHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { HashTable.NumEntries } #[inline] pub const fn RtlActiveEnumeratorsHashTable(HashTable: &RTL_DYNAMIC_HASH_TABLE) -> ULONG { HashTable.NumEnumerators } EXTERN!{extern "system" { fn RtlCreateHashTable( HashTable: *mut PRTL_DYNAMIC_HASH_TABLE, Shift: ULONG, Flags: ULONG, ) -> BOOLEAN; fn RtlDeleteHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, ); fn RtlInsertEntryHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY, Signature: ULONG_PTR, Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, ) -> BOOLEAN; fn RtlRemoveEntryHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY, Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, ) -> BOOLEAN; fn RtlLookupEntryHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, Signature: ULONG_PTR, Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; fn RtlGetNextEntryHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; fn RtlInitEnumerationHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, ) -> BOOLEAN; fn RtlEnumerateEntryHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; fn RtlEndEnumerationHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, ); fn RtlInitWeakEnumerationHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, ) -> BOOLEAN; fn RtlWeaklyEnumerateEntryHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; fn RtlEndWeakEnumerationHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, ); fn RtlExpandHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, ) -> BOOLEAN; fn RtlContractHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, ) -> BOOLEAN; fn RtlInitStrongEnumerationHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, ) -> BOOLEAN; fn RtlStronglyEnumerateEntryHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; fn RtlEndStrongEnumerationHashTable( HashTable: PRTL_DYNAMIC_HASH_TABLE, Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, ); fn RtlInitializeCriticalSection( CriticalSection: PRTL_CRITICAL_SECTION, ) -> NTSTATUS; fn RtlInitializeCriticalSectionAndSpinCount( CriticalSection: PRTL_CRITICAL_SECTION, SpinCount: ULONG, ) -> NTSTATUS; fn RtlDeleteCriticalSection( CriticalSection: PRTL_CRITICAL_SECTION, ) -> NTSTATUS; fn RtlEnterCriticalSection( CriticalSection: PRTL_CRITICAL_SECTION, ) -> NTSTATUS; fn RtlLeaveCriticalSection( CriticalSection: PRTL_CRITICAL_SECTION, ) -> NTSTATUS; fn RtlTryEnterCriticalSection( CriticalSection: PRTL_CRITICAL_SECTION, ) -> LOGICAL; fn RtlIsCriticalSectionLocked( CriticalSection: PRTL_CRITICAL_SECTION, ) -> LOGICAL; fn RtlIsCriticalSectionLockedByThread( CriticalSection: PRTL_CRITICAL_SECTION, ) -> LOGICAL; fn RtlGetCriticalSectionRecursionCount( CriticalSection: PRTL_CRITICAL_SECTION, ) -> ULONG; fn RtlSetCriticalSectionSpinCount( CriticalSection: PRTL_CRITICAL_SECTION, SpinCount: ULONG, ) -> ULONG; fn RtlQueryCriticalSectionOwner( EventHandle: HANDLE, ) -> HANDLE; fn RtlCheckForOrphanedCriticalSections( ThreadHandle: HANDLE, ); }} STRUCT!{struct RTL_RESOURCE { CriticalSection: RTL_CRITICAL_SECTION, SharedSemaphore: HANDLE, NumberOfWaitingShared: ULONG, ExclusiveSemaphore: HANDLE, NumberOfWaitingExclusive: ULONG, NumberOfActive: LONG, ExclusiveOwnerThread: HANDLE, Flags: ULONG, DebugInfo: PRTL_RESOURCE_DEBUG, }} pub type PRTL_RESOURCE = *mut RTL_RESOURCE; pub const RTL_RESOURCE_FLAG_LONG_TERM: ULONG = 0x00000001; EXTERN!{extern "system" { fn RtlInitializeResource( Resource: PRTL_RESOURCE, ); fn RtlDeleteResource( Resource: PRTL_RESOURCE, ); fn RtlAcquireResourceShared( Resource: PRTL_RESOURCE, Wait: BOOLEAN, ) -> BOOLEAN; fn RtlAcquireResourceExclusive( Resource: PRTL_RESOURCE, Wait: BOOLEAN, ) -> BOOLEAN; fn RtlReleaseResource( Resource: PRTL_RESOURCE, ); fn RtlConvertSharedToExclusive( Resource: PRTL_RESOURCE, ); fn RtlConvertExclusiveToShared( Resource: PRTL_RESOURCE, ); fn RtlInitializeSRWLock( SRWLock: PRTL_SRWLOCK, ); fn RtlAcquireSRWLockExclusive( SRWLock: PRTL_SRWLOCK, ); fn RtlAcquireSRWLockShared( SRWLock: PRTL_SRWLOCK, ); fn RtlReleaseSRWLockExclusive( SRWLock: PRTL_SRWLOCK, ); fn RtlReleaseSRWLockShared( SRWLock: PRTL_SRWLOCK, ); fn RtlTryAcquireSRWLockExclusive( SRWLock: PRTL_SRWLOCK, ) -> BOOLEAN; fn RtlTryAcquireSRWLockShared( SRWLock: PRTL_SRWLOCK, ) -> BOOLEAN; fn RtlAcquireReleaseSRWLockExclusive( SRWLock: PRTL_SRWLOCK, ); fn RtlInitializeConditionVariable( ConditionVariable: PRTL_CONDITION_VARIABLE, ); fn RtlSleepConditionVariableCS( ConditionVariable: PRTL_CONDITION_VARIABLE, CriticalSection: PRTL_CRITICAL_SECTION, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn RtlSleepConditionVariableSRW( ConditionVariable: PRTL_CONDITION_VARIABLE, SRWLock: PRTL_SRWLOCK, Timeout: PLARGE_INTEGER, Flags: ULONG, ) -> NTSTATUS; fn RtlWakeConditionVariable( ConditionVariable: PRTL_CONDITION_VARIABLE, ); fn RtlWakeAllConditionVariable( ConditionVariable: PRTL_CONDITION_VARIABLE, ); }} pub const RTL_BARRIER_FLAGS_SPIN_ONLY: ULONG = 0x00000001; pub const RTL_BARRIER_FLAGS_BLOCK_ONLY: ULONG = 0x00000002; pub const RTL_BARRIER_FLAGS_NO_DELETE: ULONG = 0x00000004; EXTERN!{extern "system" { fn RtlInitBarrier( Barrier: PRTL_BARRIER, TotalThreads: ULONG, SpinCount: ULONG, ) -> NTSTATUS; fn RtlDeleteBarrier( Barrier: PRTL_BARRIER, ) -> NTSTATUS; fn RtlBarrier( Barrier: PRTL_BARRIER, Flags: ULONG, ) -> BOOLEAN; fn RtlBarrierForDelete( Barrier: PRTL_BARRIER, Flags: ULONG, ) -> BOOLEAN; fn RtlWaitOnAddress( Address: *mut VOID, CompareAddress: PVOID, AddressSize: SIZE_T, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn RtlWakeAddressAll( Address: PVOID, ); fn RtlWakeAddressSingle( Address: PVOID, ); fn RtlInitString( DestinationString: PSTRING, SourceString: PCSZ, ); fn RtlInitStringEx( DestinationString: PSTRING, SourceString: PCSZ, ) -> NTSTATUS; fn RtlInitAnsiString( DestinationString: PANSI_STRING, SourceString: PCSZ, ); fn RtlInitAnsiStringEx( DestinationString: PANSI_STRING, SourceString: PCSZ, ) -> NTSTATUS; fn RtlFreeAnsiString( AnsiString: PANSI_STRING, ); fn RtlFreeOemString( OemString: POEM_STRING, ); fn RtlCopyString( DestinationString: PSTRING, SourceString: *const STRING, ); fn RtlUpperChar( Character: CHAR, ) -> CHAR; fn RtlCompareString( String1: *const STRING, String2: *const STRING, CaseInSensitive: BOOLEAN, ) -> LONG; fn RtlEqualString( String1: *const STRING, String2: *const STRING, CaseInSensitive: BOOLEAN, ) -> BOOLEAN; fn RtlPrefixString( String1: *const STRING, String2: *const STRING, CaseInSensitive: BOOLEAN, ) -> BOOLEAN; fn RtlAppendStringToString( Destination: PSTRING, Source: *const STRING, ) -> NTSTATUS; fn RtlAppendAsciizToString( Destination: PSTRING, Source: PSTR, ) -> NTSTATUS; fn RtlUpperString( DestinationString: PSTRING, SourceString: *const STRING, ); }} #[inline] pub unsafe fn RtlIsNullOrEmptyUnicodeString(String: PUNICODE_STRING) -> bool { String.is_null() || (*String).Length == 0 } #[inline] pub fn RtlInitEmptyUnicodeString( UnicodeString: &mut UNICODE_STRING, Buffer: PWCHAR, MaximumLength: USHORT, ) { UnicodeString.Buffer = Buffer; UnicodeString.MaximumLength = MaximumLength; UnicodeString.Length = 0; } EXTERN!{extern "system" { fn RtlInitUnicodeString( DestinationString: PUNICODE_STRING, SourceString: PCWSTR, ); fn RtlInitUnicodeStringEx( DestinationString: PUNICODE_STRING, SourceString: PCWSTR, ) -> NTSTATUS; fn RtlCreateUnicodeString( DestinationString: PUNICODE_STRING, SourceString: PCWSTR, ) -> BOOLEAN; fn RtlCreateUnicodeStringFromAsciiz( DestinationString: PUNICODE_STRING, SourceString: PSTR, ) -> BOOLEAN; fn RtlFreeUnicodeString( UnicodeString: PUNICODE_STRING, ); }} pub const RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE: ULONG = 0x00000001; pub const RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING: ULONG = 0x00000002; EXTERN!{extern "system" { fn RtlDuplicateUnicodeString( Flags: ULONG, StringIn: PCUNICODE_STRING, StringOut: PUNICODE_STRING, ) -> NTSTATUS; fn RtlCopyUnicodeString( DestinationString: PUNICODE_STRING, SourceString: PCUNICODE_STRING, ); fn RtlUpcaseUnicodeChar( SourceCharacter: WCHAR, ) -> WCHAR; fn RtlDowncaseUnicodeChar( SourceCharacter: WCHAR, ) -> WCHAR; fn RtlCompareUnicodeString( String1: PCUNICODE_STRING, String2: PCUNICODE_STRING, CaseInSensitive: BOOLEAN, ) -> LONG; fn RtlCompareUnicodeStrings( String1: PCWCH, String1Length: SIZE_T, String2: PCWCH, String2Length: SIZE_T, CaseInSensitive: BOOLEAN, ) -> LONG; fn RtlEqualUnicodeString( String1: PCUNICODE_STRING, String2: PCUNICODE_STRING, CaseInSensitive: BOOLEAN, ) -> BOOLEAN; }} pub const HASH_STRING_ALGORITHM_DEFAULT: ULONG = 0; pub const HASH_STRING_ALGORITHM_X65599: ULONG = 1; pub const HASH_STRING_ALGORITHM_INVALID: ULONG = 0xffffffff; EXTERN!{extern "system" { fn RtlHashUnicodeString( String: PCUNICODE_STRING, CaseInSensitive: BOOLEAN, HashAlgorithm: ULONG, HashValue: PULONG, ) -> NTSTATUS; fn RtlValidateUnicodeString( Flags: ULONG, String: PCUNICODE_STRING, ) -> NTSTATUS; fn RtlPrefixUnicodeString( String1: PCUNICODE_STRING, String2: PCUNICODE_STRING, CaseInSensitive: BOOLEAN, ) -> BOOLEAN; fn RtlSuffixUnicodeString( String1: PUNICODE_STRING, String2: PUNICODE_STRING, CaseInSensitive: BOOLEAN, ) -> BOOLEAN; fn RtlFindUnicodeSubstring( FullString: PUNICODE_STRING, SearchString: PUNICODE_STRING, CaseInSensitive: BOOLEAN, ) -> PWCHAR; }} pub const RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END: ULONG = 0x00000001; pub const RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET: ULONG = 0x00000002; pub const RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE: ULONG = 0x00000004; EXTERN!{extern "system" { fn RtlFindCharInUnicodeString( Flags: ULONG, StringToSearch: PUNICODE_STRING, CharSet: PUNICODE_STRING, NonInclusivePrefixLength: PUSHORT, ) -> NTSTATUS; fn RtlAppendUnicodeStringToString( Destination: PUNICODE_STRING, Source: PCUNICODE_STRING, ) -> NTSTATUS; fn RtlAppendUnicodeToString( Destination: PUNICODE_STRING, Source: PCWSTR, ) -> NTSTATUS; fn RtlUpcaseUnicodeString( DestinationString: PUNICODE_STRING, SourceString: PCUNICODE_STRING, AllocateDestinationString: BOOLEAN, ) -> NTSTATUS; fn RtlDowncaseUnicodeString( DestinationString: PUNICODE_STRING, SourceString: PCUNICODE_STRING, AllocateDestinationString: BOOLEAN, ) -> NTSTATUS; fn RtlEraseUnicodeString( String: PUNICODE_STRING, ); fn RtlAnsiStringToUnicodeString( DestinationString: PUNICODE_STRING, SourceString: PCANSI_STRING, AllocateDestinationString: BOOLEAN, ) -> NTSTATUS; fn RtlUnicodeStringToAnsiString( DestinationString: PANSI_STRING, SourceString: PCUNICODE_STRING, AllocateDestinationString: BOOLEAN, ) -> NTSTATUS; fn RtlAnsiCharToUnicodeChar( SourceCharacter: *mut PUCHAR, ) -> WCHAR; fn RtlUpcaseUnicodeStringToAnsiString( DestinationString: PANSI_STRING, SourceString: PUNICODE_STRING, AllocateDestinationString: BOOLEAN, ) -> NTSTATUS; fn RtlOemStringToUnicodeString( DestinationString: PUNICODE_STRING, SourceString: PCOEM_STRING, AllocateDestinationString: BOOLEAN, ) -> NTSTATUS; fn RtlUnicodeStringToOemString( DestinationString: POEM_STRING, SourceString: PCUNICODE_STRING, AllocateDestinationString: BOOLEAN, ) -> NTSTATUS; fn RtlUpcaseUnicodeStringToOemString( DestinationString: POEM_STRING, SourceString: PUNICODE_STRING, AllocateDestinationString: BOOLEAN, ) -> NTSTATUS; fn RtlUnicodeStringToCountedOemString( DestinationString: POEM_STRING, SourceString: PCUNICODE_STRING, AllocateDestinationString: BOOLEAN, ) -> NTSTATUS; fn RtlUpcaseUnicodeStringToCountedOemString( DestinationString: POEM_STRING, SourceString: PCUNICODE_STRING, AllocateDestinationString: BOOLEAN, ) -> NTSTATUS; fn RtlMultiByteToUnicodeN( UnicodeString: PWCH, MaxBytesInUnicodeString: ULONG, BytesInUnicodeString: PULONG, MultiByteString: *const CHAR, BytesInMultiByteString: ULONG, ) -> NTSTATUS; fn RtlMultiByteToUnicodeSize( BytesInUnicodeString: PULONG, MultiByteString: *const CHAR, BytesInMultiByteString: ULONG, ) -> NTSTATUS; fn RtlUnicodeToMultiByteN( MultiByteString: PCHAR, MaxBytesInMultiByteString: ULONG, BytesInMultiByteString: PULONG, UnicodeString: PCWCH, BytesInUnicodeString: ULONG, ) -> NTSTATUS; fn RtlUnicodeToMultiByteSize( BytesInMultiByteString: PULONG, UnicodeString: PCWCH, BytesInUnicodeString: ULONG, ) -> NTSTATUS; fn RtlUpcaseUnicodeToMultiByteN( MultiByteString: PCHAR, MaxBytesInMultiByteString: ULONG, BytesInMultiByteString: PULONG, UnicodeString: PCWCH, BytesInUnicodeString: ULONG, ) -> NTSTATUS; fn RtlOemToUnicodeN( UnicodeString: PWCH, MaxBytesInUnicodeString: ULONG, BytesInUnicodeString: PULONG, OemString: PCCH, BytesInOemString: ULONG, ) -> NTSTATUS; fn RtlUnicodeToOemN( OemString: PCHAR, MaxBytesInOemString: ULONG, BytesInOemString: PULONG, UnicodeString: PCWCH, BytesInUnicodeString: ULONG, ) -> NTSTATUS; fn RtlUpcaseUnicodeToOemN( OemString: PCHAR, MaxBytesInOemString: ULONG, BytesInOemString: PULONG, UnicodeString: PCWCH, BytesInUnicodeString: ULONG, ) -> NTSTATUS; fn RtlConsoleMultiByteToUnicodeN( UnicodeString: PWCH, MaxBytesInUnicodeString: ULONG, BytesInUnicodeString: PULONG, MultiByteString: PCH, BytesInMultiByteString: ULONG, pdwSpecialChar: PULONG, ) -> NTSTATUS; fn RtlUTF8ToUnicodeN( UnicodeStringDestination: PWSTR, UnicodeStringMaxByteCount: ULONG, UnicodeStringActualByteCount: PULONG, UTF8StringSource: PCCH, UTF8StringByteCount: ULONG, ) -> NTSTATUS; fn RtlUnicodeToUTF8N( UTF8StringDestination: PCHAR, UTF8StringMaxByteCount: ULONG, UTF8StringActualByteCount: PULONG, UnicodeStringSource: PCWCH, UnicodeStringByteCount: ULONG, ) -> NTSTATUS; fn RtlCustomCPToUnicodeN( CustomCP: PCPTABLEINFO, UnicodeString: PWCH, MaxBytesInUnicodeString: ULONG, BytesInUnicodeString: PULONG, CustomCPString: PCH, BytesInCustomCPString: ULONG, ) -> NTSTATUS; fn RtlUnicodeToCustomCPN( CustomCP: PCPTABLEINFO, CustomCPString: PCH, MaxBytesInCustomCPString: ULONG, BytesInCustomCPString: PULONG, UnicodeString: PWCH, BytesInUnicodeString: ULONG, ) -> NTSTATUS; fn RtlUpcaseUnicodeToCustomCPN( CustomCP: PCPTABLEINFO, CustomCPString: PCH, MaxBytesInCustomCPString: ULONG, BytesInCustomCPString: PULONG, UnicodeString: PWCH, BytesInUnicodeString: ULONG, ) -> NTSTATUS; fn RtlInitCodePageTable( TableBase: PUSHORT, CodePageTable: PCPTABLEINFO, ); fn RtlInitNlsTables( AnsiNlsBase: PUSHORT, OemNlsBase: PUSHORT, LanguageNlsBase: PUSHORT, TableInfo: PNLSTABLEINFO, ); fn RtlResetRtlTranslations( TableInfo: PNLSTABLEINFO, ); fn RtlIsTextUnicode( Buffer: PVOID, Size: ULONG, Result: PULONG, ) -> BOOLEAN; }} ENUM!{enum RTL_NORM_FORM { NormOther = 0x0, NormC = 0x1, NormD = 0x2, NormKC = 0x5, NormKD = 0x6, NormIdna = 0xd, DisallowUnassigned = 0x100, NormCDisallowUnassigned = 0x101, NormDDisallowUnassigned = 0x102, NormKCDisallowUnassigned = 0x105, NormKDDisallowUnassigned = 0x106, NormIdnaDisallowUnassigned = 0x10d, }} EXTERN!{extern "system" { fn RtlNormalizeString( NormForm: ULONG, SourceString: PCWSTR, SourceStringLength: LONG, DestinationString: PWSTR, DestinationStringLength: PLONG, ) -> NTSTATUS; fn RtlIsNormalizedString( NormForm: ULONG, SourceString: PCWSTR, SourceStringLength: LONG, Normalized: PBOOLEAN, ) -> NTSTATUS; fn RtlIsNameInExpression( Expression: PUNICODE_STRING, Name: PUNICODE_STRING, IgnoreCase: BOOLEAN, UpcaseTable: PWCH, ) -> BOOLEAN; fn RtlIsNameInUnUpcasedExpression( Expression: PUNICODE_STRING, Name: PUNICODE_STRING, IgnoreCase: BOOLEAN, UpcaseTable: PWCH, ) -> BOOLEAN; fn RtlEqualDomainName( String1: PUNICODE_STRING, String2: PUNICODE_STRING, ) -> BOOLEAN; fn RtlEqualComputerName( String1: PUNICODE_STRING, String2: PUNICODE_STRING, ) -> BOOLEAN; fn RtlDnsHostNameToComputerName( ComputerNameString: PUNICODE_STRING, DnsHostNameString: PUNICODE_STRING, AllocateComputerNameString: BOOLEAN, ) -> NTSTATUS; fn RtlStringFromGUID( Guid: *const GUID, GuidString: PUNICODE_STRING, ) -> NTSTATUS; fn RtlStringFromGUIDEx( Guid: *mut GUID, GuidString: PUNICODE_STRING, AllocateGuidString: BOOLEAN, ) -> NTSTATUS; fn RtlGUIDFromString( GuidString: PCUNICODE_STRING, Guid: *mut GUID, ) -> NTSTATUS; fn RtlCompareAltitudes( Altitude1: PCUNICODE_STRING, Altitude2: PCUNICODE_STRING, ) -> LONG; fn RtlIdnToAscii( Flags: ULONG, SourceString: PCWSTR, SourceStringLength: LONG, DestinationString: PWSTR, DestinationStringLength: PLONG, ) -> NTSTATUS; fn RtlIdnToUnicode( Flags: ULONG, SourceString: PCWSTR, SourceStringLength: LONG, DestinationString: PWSTR, DestinationStringLength: PLONG, ) -> NTSTATUS; fn RtlIdnToNameprepUnicode( Flags: ULONG, SourceString: PCWSTR, SourceStringLength: LONG, DestinationString: PWSTR, DestinationStringLength: PLONG, ) -> NTSTATUS; }} STRUCT!{struct PREFIX_TABLE_ENTRY { NodeTypeCode: CSHORT, NameLength: CSHORT, NextPrefixTree: *mut PREFIX_TABLE_ENTRY, Links: RTL_SPLAY_LINKS, Prefix: PSTRING, }} pub type PPREFIX_TABLE_ENTRY = *mut PREFIX_TABLE_ENTRY; STRUCT!{struct PREFIX_TABLE { NodeTypeCode: CSHORT, NameLength: CSHORT, NextPrefixTree: PPREFIX_TABLE_ENTRY, }} pub type PPREFIX_TABLE = *mut PREFIX_TABLE; EXTERN!{extern "system" { fn PfxInitialize( PrefixTable: PPREFIX_TABLE, ); fn PfxInsertPrefix( PrefixTable: PPREFIX_TABLE, Prefix: PSTRING, PrefixTableEntry: PPREFIX_TABLE_ENTRY, ) -> BOOLEAN; fn PfxRemovePrefix( PrefixTable: PPREFIX_TABLE, PrefixTableEntry: PPREFIX_TABLE_ENTRY, ); fn PfxFindPrefix( PrefixTable: PPREFIX_TABLE, FullName: PSTRING, ) -> PPREFIX_TABLE_ENTRY; }} STRUCT!{struct UNICODE_PREFIX_TABLE_ENTRY { NodeTypeCode: CSHORT, NameLength: CSHORT, NextPrefixTree: *mut UNICODE_PREFIX_TABLE_ENTRY, CaseMatch: *mut UNICODE_PREFIX_TABLE_ENTRY, Links: RTL_SPLAY_LINKS, Prefix: PUNICODE_STRING, }} pub type PUNICODE_PREFIX_TABLE_ENTRY = *mut UNICODE_PREFIX_TABLE_ENTRY; STRUCT!{struct UNICODE_PREFIX_TABLE { NodeTypeCode: CSHORT, NameLength: CSHORT, NextPrefixTree: PUNICODE_PREFIX_TABLE_ENTRY, LastNextEntry: PUNICODE_PREFIX_TABLE_ENTRY, }} pub type PUNICODE_PREFIX_TABLE = *mut UNICODE_PREFIX_TABLE; EXTERN!{extern "system" { fn RtlInitializeUnicodePrefix( PrefixTable: PUNICODE_PREFIX_TABLE, ); fn RtlInsertUnicodePrefix( PrefixTable: PUNICODE_PREFIX_TABLE, Prefix: PUNICODE_STRING, PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY, ) -> BOOLEAN; fn RtlRemoveUnicodePrefix( PrefixTable: PUNICODE_PREFIX_TABLE, PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY, ); fn RtlFindUnicodePrefix( PrefixTable: PUNICODE_PREFIX_TABLE, FullName: PCUNICODE_STRING, CaseInsensitiveIndex: ULONG, ) -> PUNICODE_PREFIX_TABLE_ENTRY; fn RtlNextUnicodePrefix( PrefixTable: PUNICODE_PREFIX_TABLE, Restart: BOOLEAN, ) -> PUNICODE_PREFIX_TABLE_ENTRY; }} STRUCT!{struct COMPRESSED_DATA_INFO { CompressionFormatAndEngine: USHORT, CompressionUnitShift: UCHAR, ChunkShift: UCHAR, ClusterShift: UCHAR, Reserved: UCHAR, NumberOfChunks: USHORT, CompressedChunkSizes: [ULONG; 1], }} pub type PCOMPRESSED_DATA_INFO = *mut COMPRESSED_DATA_INFO; EXTERN!{extern "system" { fn RtlGetCompressionWorkSpaceSize( CompressionFormatAndEngine: USHORT, CompressBufferWorkSpaceSize: PULONG, CompressFragmentWorkSpaceSize: PULONG, ) -> NTSTATUS; fn RtlCompressBuffer( CompressionFormatAndEngine: USHORT, UncompressedBuffer: PUCHAR, UncompressedBufferSize: ULONG, CompressedBuffer: PUCHAR, CompressedBufferSize: ULONG, UncompressedChunkSize: ULONG, FinalCompressedSize: PULONG, WorkSpace: PVOID, ) -> NTSTATUS; fn RtlDecompressBuffer( CompressionFormat: USHORT, UncompressedBuffer: PUCHAR, UncompressedBufferSize: ULONG, CompressedBuffer: PUCHAR, CompressedBufferSize: ULONG, FinalUncompressedSize: PULONG, ) -> NTSTATUS; fn RtlDecompressBufferEx( CompressionFormat: USHORT, UncompressedBuffer: PUCHAR, UncompressedBufferSize: ULONG, CompressedBuffer: PUCHAR, CompressedBufferSize: ULONG, FinalUncompressedSize: PULONG, WorkSpace: PVOID, ) -> NTSTATUS; fn RtlDecompressFragment( CompressionFormat: USHORT, UncompressedFragment: PUCHAR, UncompressedFragmentSize: ULONG, CompressedBuffer: PUCHAR, CompressedBufferSize: ULONG, FragmentOffset: ULONG, FinalUncompressedSize: PULONG, WorkSpace: PVOID, ) -> NTSTATUS; fn RtlDescribeChunk( CompressionFormat: USHORT, CompressedBuffer: *mut PUCHAR, EndOfCompressedBufferPlus1: PUCHAR, ChunkBuffer: *mut PUCHAR, ChunkSize: PULONG, ) -> NTSTATUS; fn RtlReserveChunk( CompressionFormat: USHORT, CompressedBuffer: *mut PUCHAR, EndOfCompressedBufferPlus1: PUCHAR, ChunkBuffer: *mut PUCHAR, ChunkSize: ULONG, ) -> NTSTATUS; fn RtlDecompressChunks( UncompressedBuffer: PUCHAR, UncompressedBufferSize: ULONG, CompressedBuffer: PUCHAR, CompressedBufferSize: ULONG, CompressedTail: PUCHAR, CompressedTailSize: ULONG, CompressedDataInfo: PCOMPRESSED_DATA_INFO, ) -> NTSTATUS; fn RtlCompressChunks( UncompressedBuffer: PUCHAR, UncompressedBufferSize: ULONG, CompressedBuffer: PUCHAR, CompressedBufferSize: ULONG, CompressedDataInfo: PCOMPRESSED_DATA_INFO, CompressedDataInfoLength: ULONG, WorkSpace: PVOID, ) -> NTSTATUS; fn RtlConvertLCIDToString( LcidValue: LCID, Base: ULONG, Padding: ULONG, pResultBuf: PWSTR, Size: ULONG, ) -> NTSTATUS; fn RtlIsValidLocaleName( LocaleName: PWSTR, Flags: ULONG, ) -> BOOLEAN; fn RtlGetParentLocaleName( LocaleName: PWSTR, ParentLocaleName: PUNICODE_STRING, Flags: ULONG, AllocateDestinationString: BOOLEAN, ) -> NTSTATUS; fn RtlLcidToLocaleName( lcid: LCID, LocaleName: PUNICODE_STRING, Flags: ULONG, AllocateDestinationString: BOOLEAN, ) -> NTSTATUS; fn RtlLocaleNameToLcid( LocaleName: PWSTR, lcid: PLCID, Flags: ULONG, ) -> NTSTATUS; fn RtlLCIDToCultureName( Lcid: LCID, String: PUNICODE_STRING, ) -> BOOLEAN; fn RtlCultureNameToLCID( String: PUNICODE_STRING, Lcid: PLCID, ) -> BOOLEAN; fn RtlCleanUpTEBLangLists(); fn RtlGetLocaleFileMappingAddress( BaseAddress: *mut PVOID, DefaultLocaleId: PLCID, DefaultCasingTableSize: PLARGE_INTEGER, ) -> NTSTATUS; fn RtlGetCurrentPeb() -> PPEB; fn RtlAcquirePebLock(); fn RtlReleasePebLock(); fn RtlTryAcquirePebLock() -> LOGICAL; fn RtlAllocateFromPeb( Size: ULONG, Block: *mut PVOID, ) -> NTSTATUS; fn RtlFreeToPeb( Block: PVOID, Size: ULONG, ) -> NTSTATUS; }} pub const DOS_MAX_COMPONENT_LENGTH: u32 = 255; pub const DOS_MAX_PATH_LENGTH: u32 = DOS_MAX_COMPONENT_LENGTH + 5; STRUCT!{struct CURDIR { DosPath: UNICODE_STRING, Handle: HANDLE, }} pub type PCURDIR = *mut CURDIR; pub const RTL_USER_PROC_CURDIR_CLOSE: u32 = 0x00000002; pub const RTL_USER_PROC_CURDIR_INHERIT: u32 = 0x00000003; STRUCT!{struct RTL_DRIVE_LETTER_CURDIR { Flags: USHORT, Length: USHORT, TimeStamp: ULONG, DosPath: STRING, }} pub type PRTL_DRIVE_LETTER_CURDIR = *mut RTL_DRIVE_LETTER_CURDIR; pub const RTL_MAX_DRIVE_LETTERS: usize = 32; pub const RTL_DRIVE_LETTER_VALID: USHORT = 0x0001; STRUCT!{struct RTL_USER_PROCESS_PARAMETERS { MaximumLength: ULONG, Length: ULONG, Flags: ULONG, DebugFlags: ULONG, ConsoleHandle: HANDLE, ConsoleFlags: ULONG, StandardInput: HANDLE, StandardOutput: HANDLE, StandardError: HANDLE, CurrentDirectory: CURDIR, DllPath: UNICODE_STRING, ImagePathName: UNICODE_STRING, CommandLine: UNICODE_STRING, Environment: PVOID, StartingX: ULONG, StartingY: ULONG, CountX: ULONG, CountY: ULONG, CountCharsX: ULONG, CountCharsY: ULONG, FillAttribute: ULONG, WindowFlags: ULONG, ShowWindowFlags: ULONG, WindowTitle: UNICODE_STRING, DesktopInfo: UNICODE_STRING, ShellInfo: UNICODE_STRING, RuntimeData: UNICODE_STRING, CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR; RTL_MAX_DRIVE_LETTERS], EnvironmentSize: ULONG_PTR, EnvironmentVersion: ULONG_PTR, PackageDependencyData: PVOID, ProcessGroupId: ULONG, LoaderThreads: ULONG, }} pub type PRTL_USER_PROCESS_PARAMETERS = *mut RTL_USER_PROCESS_PARAMETERS; pub const RTL_USER_PROC_PARAMS_NORMALIZED: ULONG = 0x00000001; pub const RTL_USER_PROC_PROFILE_USER: ULONG = 0x00000002; pub const RTL_USER_PROC_PROFILE_KERNEL: ULONG = 0x00000004; pub const RTL_USER_PROC_PROFILE_SERVER: ULONG = 0x00000008; pub const RTL_USER_PROC_RESERVE_1MB: ULONG = 0x00000020; pub const RTL_USER_PROC_RESERVE_16MB: ULONG = 0x00000040; pub const RTL_USER_PROC_CASE_SENSITIVE: ULONG = 0x00000080; pub const RTL_USER_PROC_DISABLE_HEAP_DECOMMIT: ULONG = 0x00000100; pub const RTL_USER_PROC_DLL_REDIRECTION_LOCAL: ULONG = 0x00001000; pub const RTL_USER_PROC_APP_MANIFEST_PRESENT: ULONG = 0x00002000; pub const RTL_USER_PROC_IMAGE_KEY_MISSING: ULONG = 0x00004000; pub const RTL_USER_PROC_OPTIN_PROCESS: ULONG = 0x00020000; EXTERN!{extern "system" { fn RtlCreateProcessParameters( pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS, ImagePathName: PUNICODE_STRING, DllPath: PUNICODE_STRING, CurrentDirectory: PUNICODE_STRING, CommandLine: PUNICODE_STRING, Environment: PVOID, WindowTitle: PUNICODE_STRING, DesktopInfo: PUNICODE_STRING, ShellInfo: PUNICODE_STRING, RuntimeData: PUNICODE_STRING, ) -> NTSTATUS; fn RtlCreateProcessParametersEx( pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS, ImagePathName: PUNICODE_STRING, DllPath: PUNICODE_STRING, CurrentDirectory: PUNICODE_STRING, CommandLine: PUNICODE_STRING, Environment: PVOID, WindowTitle: PUNICODE_STRING, DesktopInfo: PUNICODE_STRING, ShellInfo: PUNICODE_STRING, RuntimeData: PUNICODE_STRING, Flags: ULONG, ) -> NTSTATUS; fn RtlDestroyProcessParameters( ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, ) -> NTSTATUS; fn RtlNormalizeProcessParams( ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, ) -> PRTL_USER_PROCESS_PARAMETERS; fn RtlDeNormalizeProcessParams( ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, ) -> PRTL_USER_PROCESS_PARAMETERS; }} STRUCT!{struct RTL_USER_PROCESS_INFORMATION { Length: ULONG, Process: HANDLE, Thread: HANDLE, ClientId: CLIENT_ID, ImageInformation: SECTION_IMAGE_INFORMATION, }} pub type PRTL_USER_PROCESS_INFORMATION = *mut RTL_USER_PROCESS_INFORMATION; EXTERN!{extern "system" { fn RtlCreateUserProcess( NtImagePathName: PUNICODE_STRING, AttributesDeprecated: ULONG, ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR, ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, ParentProcess: HANDLE, InheritHandles: BOOLEAN, DebugPort: HANDLE, TokenHandle: HANDLE, ProcessInformation: PRTL_USER_PROCESS_INFORMATION, ) -> NTSTATUS; fn RtlCreateUserProcessEx( NtImagePathName: PUNICODE_STRING, ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, InheritHandles: BOOLEAN, Flags: ULONG, ProcessInformation: PRTL_USER_PROCESS_INFORMATION, ) -> NTSTATUS; fn RtlExitUserProcess( ExitStatus: NTSTATUS, ); }} pub const RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED: ULONG = 0x00000001; pub const RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES: ULONG = 0x00000002; pub const RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE: ULONG = 0x00000004; EXTERN!{extern "system" { fn RtlCloneUserProcess( ProcessFlags: ULONG, ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR, ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, DebugPort: HANDLE, ProcessInformation: PRTL_USER_PROCESS_INFORMATION, ) -> NTSTATUS; fn RtlUpdateClonedCriticalSection( CriticalSection: PRTL_CRITICAL_SECTION, ); fn RtlUpdateClonedSRWLock( SRWLock: PRTL_SRWLOCK, Shared: LOGICAL, ); }} STRUCT!{struct RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION { ReflectionProcessHandle: HANDLE, ReflectionThreadHandle: HANDLE, ReflectionClientId: CLIENT_ID, }} pub type PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION = *mut RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION; EXTERN!{extern "system" { fn RtlCreateProcessReflection( ProcessHandle: HANDLE, Flags: ULONG, StartRoutine: PVOID, StartContext: PVOID, EventHandle: HANDLE, ReflectionInformation: PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION, ) -> NTSTATUS; }} EXTERN!{extern "C" { fn RtlSetProcessIsCritical( NewValue: BOOLEAN, OldValue: PBOOLEAN, CheckFlag: BOOLEAN, ) -> NTSTATUS; fn RtlSetThreadIsCritical( NewValue: BOOLEAN, OldValue: PBOOLEAN, CheckFlag: BOOLEAN, ) -> NTSTATUS; }} EXTERN!{extern "system" { fn RtlValidProcessProtection( ProcessProtection: PS_PROTECTION, ) -> BOOLEAN; fn RtlTestProtectedAccess( Source: PS_PROTECTION, Target: PS_PROTECTION, ) -> BOOLEAN; fn RtlIsCurrentProcess( ProcessHandle: HANDLE, ) -> BOOLEAN; fn RtlIsCurrentThread( ThreadHandle: HANDLE, ) -> BOOLEAN; }} FN!{stdcall PUSER_THREAD_START_ROUTINE( ThreadParameter: PVOID, ) -> NTSTATUS} EXTERN!{extern "system" { fn RtlCreateUserThread( Process: HANDLE, ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, CreateSuspended: BOOLEAN, ZeroBits: ULONG, MaximumStackSize: SIZE_T, CommittedStackSize: SIZE_T, StartAddress: PUSER_THREAD_START_ROUTINE, Parameter: PVOID, Thread: PHANDLE, ClientId: PCLIENT_ID, ) -> NTSTATUS; fn RtlExitUserThread( ExitStatus: NTSTATUS, ); fn RtlIsCurrentThreadAttachExempt() -> BOOLEAN; fn RtlCreateUserStack( CommittedStackSize: SIZE_T, MaximumStackSize: SIZE_T, ZeroBits: ULONG_PTR, PageSize: SIZE_T, ReserveAlignment: ULONG_PTR, InitialTeb: PINITIAL_TEB, ) -> NTSTATUS; fn RtlFreeUserStack( AllocationBase: PVOID, ) -> NTSTATUS; }} STRUCT!{struct CONTEXT_CHUNK { Offset: LONG, Length: ULONG, }} pub type PCONTEXT_CHUNK = *mut CONTEXT_CHUNK; STRUCT!{struct CONTEXT_EX { All: CONTEXT_CHUNK, Legacy: CONTEXT_CHUNK, XState: CONTEXT_CHUNK, }} pub type PCONTEXT_EX = *mut CONTEXT_EX; pub const CONTEXT_EX_LENGTH: usize = 4096; #[macro_export] macro_rules! RTL_CONTEXT_EX_OFFSET { ($ContextEx:expr, $Chunk:ident) => { (*$ContextEx).$Chunk.Offset }; } #[macro_export] macro_rules! RTL_CONTEXT_EX_LENGTH { ($ContextEx:expr, $Chunk:ident) => { (*$ContextEx).$Chunk.Length }; } #[macro_export] macro_rules! RTL_CONTEXT_EX_CHUNK { ($Base:expr, $Layout:expr, $Chunk:ident) => { ($Base as usize + RTL_CONTEXT_EX_OFFSET!($Layout, $Chunk) as usize) as *mut c_void }; } #[macro_export] macro_rules! RTL_CONTEXT_OFFSET { ($Context:expr, $Chunk:ident) => { RTL_CONTEXT_EX_OFFSET!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) as *const $crate::ntrtl::CONTEXT_EX, $Chunk) }; } #[macro_export] macro_rules! RTL_CONTEXT_LENGTH { ($Context:expr, $Chunk:ident) => { RTL_CONTEXT_EX_LENGTH!(($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) as *const $crate::ntrtl::CONTEXT_EX, $Chunk) }; } #[macro_export] macro_rules! RTL_CONTEXT_CHUNK { ($Context:expr, $Chunk:ident) => { RTL_CONTEXT_EX_CHUNK!( ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) as *const $crate::ntrtl::CONTEXT_EX, ($Context as *const $crate::winapi::um::winnt::CONTEXT).offset(1) as *const $crate::ntrtl::CONTEXT_EX, $Chunk ) }; } EXTERN!{extern "system" { fn RtlInitializeContext( Process: HANDLE, Context: PCONTEXT, Parameter: PVOID, InitialPc: PVOID, InitialSp: PVOID, ); fn RtlInitializeExtendedContext( Context: PCONTEXT, ContextFlags: ULONG, ContextEx: *mut PCONTEXT_EX, ) -> ULONG; fn RtlCopyExtendedContext( Destination: PCONTEXT_EX, ContextFlags: ULONG, Source: PCONTEXT_EX, ) -> ULONG; fn RtlGetExtendedContextLength( ContextFlags: ULONG, ContextLength: PULONG, ) -> ULONG; fn RtlGetExtendedFeaturesMask( ContextEx: PCONTEXT_EX, ) -> ULONG64; fn RtlLocateExtendedFeature( ContextEx: PCONTEXT_EX, FeatureId: ULONG, Length: PULONG, ) -> PVOID; fn RtlLocateLegacyContext( ContextEx: PCONTEXT_EX, Length: PULONG, ) -> PCONTEXT; fn RtlSetExtendedFeaturesMask( ContextEx: PCONTEXT_EX, FeatureMask: ULONG64, ); }} #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] EXTERN!{extern "system" { fn RtlWow64GetThreadContext( ThreadHandle: HANDLE, ThreadContext: PWOW64_CONTEXT, ) -> NTSTATUS; fn RtlWow64SetThreadContext( ThreadHandle: HANDLE, ThreadContext: PWOW64_CONTEXT, ) -> NTSTATUS; }} EXTERN!{extern "system" { fn RtlRemoteCall( Process: HANDLE, Thread: HANDLE, CallSite: PVOID, ArgumentCount: ULONG, Arguments: PULONG_PTR, PassContext: BOOLEAN, AlreadySuspended: BOOLEAN, ) -> NTSTATUS; fn RtlAddVectoredExceptionHandler( First: ULONG, Handler: PVECTORED_EXCEPTION_HANDLER, ) -> PVOID; fn RtlRemoveVectoredExceptionHandler( Handle: PVOID, ) -> ULONG; fn RtlAddVectoredContinueHandler( First: ULONG, Handler: PVECTORED_EXCEPTION_HANDLER, ) -> PVOID; fn RtlRemoveVectoredContinueHandler( Handle: PVOID, ) -> ULONG; }} FN!{stdcall PRTLP_UNHANDLED_EXCEPTION_FILTER( ExceptionInfo: PEXCEPTION_POINTERS, ) -> ULONG} EXTERN!{extern "system" { fn RtlSetUnhandledExceptionFilter( UnhandledExceptionFilter: PRTLP_UNHANDLED_EXCEPTION_FILTER, ); fn RtlUnhandledExceptionFilter( ExceptionPointers: PEXCEPTION_POINTERS, ) -> LONG; fn RtlUnhandledExceptionFilter2( ExceptionPointers: PEXCEPTION_POINTERS, Flags: ULONG, ) -> LONG; fn RtlKnownExceptionFilter( ExceptionPointers: PEXCEPTION_POINTERS, ) -> LONG; }} #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] IFDEF!{ ENUM!{enum FUNCTION_TABLE_TYPE { RF_SORTED = 0, RF_UNSORTED = 1, RF_CALLBACK = 2, RF_KERNEL_DYNAMIC = 3, }} STRUCT!{struct DYNAMIC_FUNCTION_TABLE { ListEntry: LIST_ENTRY, FunctionTable: PRUNTIME_FUNCTION, TimeStamp: LARGE_INTEGER, MinimumAddress: ULONG64, MaximumAddress: ULONG64, BaseAddress: ULONG64, Callback: PGET_RUNTIME_FUNCTION_CALLBACK, Context: PVOID, OutOfProcessCallbackDll: PWSTR, Type: FUNCTION_TABLE_TYPE, EntryCount: ULONG, TreeNode: RTL_BALANCED_NODE, }} pub type PDYNAMIC_FUNCTION_TABLE = *mut DYNAMIC_FUNCTION_TABLE; EXTERN!{extern "system" { fn RtlGetFunctionTableListHead() -> PLIST_ENTRY; }} } EXTERN!{extern "system" { fn RtlImageNtHeader( BaseOfImage: PVOID, ) -> PIMAGE_NT_HEADERS; }} pub const RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK: ULONG = 0x00000001; EXTERN!{extern "system" { fn RtlImageNtHeaderEx( Flags: ULONG, BaseOfImage: PVOID, Size: ULONG64, OutHeaders: *mut PIMAGE_NT_HEADERS, ) -> NTSTATUS; fn RtlAddressInSectionTable( NtHeaders: PIMAGE_NT_HEADERS, BaseOfImage: PVOID, VirtualAddress: ULONG, ) -> PVOID; fn RtlSectionTableFromVirtualAddress( NtHeaders: PIMAGE_NT_HEADERS, BaseOfImage: PVOID, VirtualAddress: ULONG, ) -> PIMAGE_SECTION_HEADER; fn RtlImageDirectoryEntryToData( BaseOfImage: PVOID, MappedAsImage: BOOLEAN, DirectoryEntry: USHORT, Size: PULONG, ) -> PVOID; fn RtlImageRvaToSection( NtHeaders: PIMAGE_NT_HEADERS, BaseOfImage: PVOID, Rva: ULONG, ) -> PIMAGE_SECTION_HEADER; fn RtlImageRvaToVa( NtHeaders: PIMAGE_NT_HEADERS, BaseOfImage: PVOID, Rva: ULONG, LastRvaSection: *mut PIMAGE_SECTION_HEADER, ) -> PVOID; fn RtlFindExportedRoutineByName( BaseOfImage: PVOID, RoutineName: PSTR, ) -> PVOID; fn RtlGuardCheckLongJumpTarget( PcValue: PVOID, IsFastFail: BOOL, IsLongJumpTarget: PBOOL, ) -> NTSTATUS; fn RtlCompareMemoryUlong( Source: PVOID, Length: SIZE_T, Pattern: ULONG, ) -> SIZE_T; fn RtlFillMemoryUlong( Destination: PVOID, Length: SIZE_T, Pattern: ULONG, ); fn RtlFillMemoryUlonglong( Destination: PVOID, Length: SIZE_T, Pattern: ULONGLONG, ); fn RtlCreateEnvironment( CloneCurrentEnvironment: BOOLEAN, Environment: *mut PVOID, ) -> NTSTATUS; }} pub const RTL_CREATE_ENVIRONMENT_TRANSLATE: ULONG = 0x1; pub const RTL_CREATE_ENVIRONMENT_TRANSLATE_FROM_OEM: ULONG = 0x2; pub const RTL_CREATE_ENVIRONMENT_EMPTY: ULONG = 0x4; EXTERN!{extern "system" { fn RtlCreateEnvironmentEx( SourceEnv: PVOID, Environment: *mut PVOID, Flags: ULONG, ) -> NTSTATUS; fn RtlDestroyEnvironment( Environment: PVOID, ) -> NTSTATUS; fn RtlSetCurrentEnvironment( Environment: PVOID, PreviousEnvironment: *mut PVOID, ) -> NTSTATUS; fn RtlSetEnvironmentVar( Environment: *mut PWSTR, Name: PWSTR, NameLength: SIZE_T, Value: PWSTR, ValueLength: SIZE_T, ) -> NTSTATUS; fn RtlSetEnvironmentVariable( Environment: *mut PVOID, Name: PUNICODE_STRING, Value: PUNICODE_STRING, ) -> NTSTATUS; fn RtlQueryEnvironmentVariable( Environment: PVOID, Name: PWSTR, NameLength: SIZE_T, Value: PWSTR, ValueLength: SIZE_T, ReturnLength: PSIZE_T, ) -> NTSTATUS; fn RtlQueryEnvironmentVariable_U( Environment: PVOID, Name: PUNICODE_STRING, Value: PUNICODE_STRING, ) -> NTSTATUS; fn RtlExpandEnvironmentStrings( Environment: PVOID, Src: PWSTR, SrcLength: SIZE_T, Dst: PWSTR, DstLength: SIZE_T, ReturnLength: PSIZE_T, ) -> NTSTATUS; fn RtlExpandEnvironmentStrings_U( Environment: PVOID, Source: PUNICODE_STRING, Destination: PUNICODE_STRING, ReturnedLength: PULONG, ) -> NTSTATUS; fn RtlSetEnvironmentStrings( NewEnvironment: PWCHAR, NewEnvironmentSize: SIZE_T, ) -> NTSTATUS; }} STRUCT!{struct RTLP_CURDIR_REF { ReferenceCount: LONG, DirectoryHandle: HANDLE, }} pub type PRTLP_CURDIR_REF = *mut RTLP_CURDIR_REF; STRUCT!{struct RTL_RELATIVE_NAME_U { RelativeName: UNICODE_STRING, ContainingDirectory: HANDLE, CurDirRef: PRTLP_CURDIR_REF, }} pub type PRTL_RELATIVE_NAME_U = *mut RTL_RELATIVE_NAME_U; ENUM!{enum RTL_PATH_TYPE { RtlPathTypeUnknown = 0, RtlPathTypeUncAbsolute = 1, RtlPathTypeDriveAbsolute = 2, RtlPathTypeDriveRelative = 3, RtlPathTypeRooted = 4, RtlPathTypeRelative = 5, RtlPathTypeLocalDevice = 6, RtlPathTypeRootLocalDevice = 7, }} EXTERN!{extern "C" { static mut RtlDosPathSeperatorsString: UNICODE_STRING; static mut RtlAlternateDosPathSeperatorString: UNICODE_STRING; static mut RtlNtPathSeperatorString: UNICODE_STRING; }} /// "ntdll.dll" pub const RtlNtdllName: UTF16Const = UTF16Const(&[ 0x006E, 0x0074, 0x0064, 0x006C, 0x006C, 0x002E, 0x0064, 0x006C, 0x006C, 0u16, ]); EXTERN!{extern "system" { fn RtlDetermineDosPathNameType_U( DosFileName: PWSTR, ) -> RTL_PATH_TYPE; fn RtlDetermineDosPathNameType_Ustr( DosFileName: PCUNICODE_STRING, ) -> RTL_PATH_TYPE; fn RtlIsDosDeviceName_U( DosFileName: PWSTR, ) -> ULONG; fn RtlIsDosDeviceName_Ustr( DosFileName: PUNICODE_STRING, ) -> ULONG; fn RtlGetFullPathName_U( FileName: PWSTR, BufferLength: ULONG, Buffer: PWSTR, FilePart: *mut PWSTR, ) -> ULONG; fn RtlGetFullPathName_UEx( FileName: PWSTR, BufferLength: ULONG, Buffer: PWSTR, FilePart: *mut PWSTR, BytesRequired: *mut ULONG, ) -> NTSTATUS; fn RtlGetFullPathName_UstrEx( FileName: PUNICODE_STRING, StaticString: PUNICODE_STRING, DynamicString: PUNICODE_STRING, StringUsed: *mut PUNICODE_STRING, FilePartPrefixCch: *mut SIZE_T, NameInvalid: PBOOLEAN, InputPathType: *mut RTL_PATH_TYPE, BytesRequired: *mut SIZE_T, ) -> NTSTATUS; fn RtlGetCurrentDirectory_U( BufferLength: ULONG, Buffer: PWSTR, ) -> ULONG; fn RtlSetCurrentDirectory_U( PathName: PUNICODE_STRING, ) -> NTSTATUS; fn RtlGetLongestNtPathLength() -> ULONG; fn RtlDosPathNameToNtPathName_U( DosFileName: PWSTR, NtFileName: PUNICODE_STRING, FilePart: *mut PWSTR, RelativeName: PRTL_RELATIVE_NAME_U, ) -> BOOLEAN; fn RtlDosPathNameToNtPathName_U_WithStatus( DosFileName: PWSTR, NtFileName: PUNICODE_STRING, FilePart: *mut PWSTR, RelativeName: PRTL_RELATIVE_NAME_U, ) -> NTSTATUS; fn RtlDosLongPathNameToNtPathName_U_WithStatus( DosFileName: PWSTR, NtFileName: PUNICODE_STRING, FilePart: *mut PWSTR, RelativeName: PRTL_RELATIVE_NAME_U, ) -> NTSTATUS; fn RtlDosPathNameToRelativeNtPathName_U( DosFileName: PWSTR, NtFileName: PUNICODE_STRING, FilePart: *mut PWSTR, RelativeName: PRTL_RELATIVE_NAME_U, ) -> BOOLEAN; fn RtlDosPathNameToRelativeNtPathName_U_WithStatus( DosFileName: PWSTR, NtFileName: PUNICODE_STRING, FilePart: *mut PWSTR, RelativeName: PRTL_RELATIVE_NAME_U, ) -> NTSTATUS; fn RtlDosLongPathNameToRelativeNtPathName_U_WithStatus( DosFileName: PWSTR, NtFileName: PUNICODE_STRING, FilePart: *mut PWSTR, RelativeName: PRTL_RELATIVE_NAME_U, ) -> NTSTATUS; fn RtlReleaseRelativeName( RelativeName: PRTL_RELATIVE_NAME_U, ); fn RtlDosSearchPath_U( Path: PWSTR, FileName: PWSTR, Extension: PWSTR, BufferLength: ULONG, Buffer: PWSTR, FilePart: *mut PWSTR, ) -> ULONG; }} pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION: ULONG = 0x00000001; pub const RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH: ULONG = 0x00000002; pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION: ULONG = 0x00000004; EXTERN!{extern "system" { fn RtlDosSearchPath_Ustr( Flags: ULONG, Path: PUNICODE_STRING, FileName: PUNICODE_STRING, DefaultExtension: PUNICODE_STRING, StaticString: PUNICODE_STRING, DynamicString: PUNICODE_STRING, FullFileNameOut: *mut PCUNICODE_STRING, FilePartPrefixCch: *mut SIZE_T, BytesRequired: *mut SIZE_T, ) -> NTSTATUS; fn RtlDoesFileExists_U( FileName: PWSTR, ) -> BOOLEAN; fn RtlGetLengthWithoutLastFullDosOrNtPathElement( Flags: ULONG, PathString: PUNICODE_STRING, Length: PULONG, ) -> NTSTATUS; fn RtlGetLengthWithoutTrailingPathSeperators( Flags: ULONG, PathString: PUNICODE_STRING, Length: PULONG, ) -> NTSTATUS; }} STRUCT!{struct GENERATE_NAME_CONTEXT { Checksum: USHORT, CheckSumInserted: BOOLEAN, NameLength: UCHAR, NameBuffer: [WCHAR; 8], ExtensionLength: ULONG, ExtensionBuffer: [WCHAR; 4], LastIndexValue: ULONG, }} pub type PGENERATE_NAME_CONTEXT = *mut GENERATE_NAME_CONTEXT; EXTERN!{extern "system" { fn RtlGenerate8dot3Name( Name: PCUNICODE_STRING, AllowExtendedCharacters: BOOLEAN, Context: PGENERATE_NAME_CONTEXT, Name8dot3: PUNICODE_STRING, ) -> NTSTATUS; fn RtlComputePrivatizedDllName_U( DllName: PUNICODE_STRING, RealName: PUNICODE_STRING, LocalName: PUNICODE_STRING, ) -> NTSTATUS; fn RtlGetSearchPath( SearchPathA: *mut PWSTR, ) -> BOOLEAN; fn RtlSetSearchPathMode( Flags: ULONG, ) -> NTSTATUS; fn RtlGetExePath() -> PWSTR; fn RtlGetNtSystemRoot() -> PWSTR; fn RtlAreLongPathsEnabled() -> BOOLEAN; fn RtlIsThreadWithinLoaderCallout() -> BOOLEAN; fn RtlDllShutdownInProgress() -> BOOLEAN; }} STRUCT!{struct RTL_HEAP_ENTRY_u_s1 { Settable: SIZE_T, Tag: ULONG, }} STRUCT!{struct RTL_HEAP_ENTRY_u_s2 { CommittedSize: SIZE_T, FirstBlock: PVOID, }} UNION!{union RTL_HEAP_ENTRY_u { s1: RTL_HEAP_ENTRY_u_s1, s2: RTL_HEAP_ENTRY_u_s2, }} STRUCT!{struct RTL_HEAP_ENTRY { Size: SIZE_T, Flags: USHORT, AllocatorBackTraceIndex: USHORT, u: RTL_HEAP_ENTRY_u, }} pub type PRTL_HEAP_ENTRY = *mut RTL_HEAP_ENTRY; pub const RTL_HEAP_BUSY: USHORT = 0x0001; pub const RTL_HEAP_SEGMENT: USHORT = 0x0002; pub const RTL_HEAP_SETTABLE_VALUE: USHORT = 0x0010; pub const RTL_HEAP_SETTABLE_FLAG1: USHORT = 0x0020; pub const RTL_HEAP_SETTABLE_FLAG2: USHORT = 0x0040; pub const RTL_HEAP_SETTABLE_FLAG3: USHORT = 0x0080; pub const RTL_HEAP_SETTABLE_FLAGS: USHORT = 0x00e0; pub const RTL_HEAP_UNCOMMITTED_RANGE: USHORT = 0x0100; pub const RTL_HEAP_PROTECTED_ENTRY: USHORT = 0x0200; STRUCT!{struct RTL_HEAP_TAG { NumberOfAllocations: ULONG, NumberOfFrees: ULONG, BytesAllocated: SIZE_T, TagIndex: USHORT, CreatorBackTraceIndex: USHORT, TagName: [WCHAR; 24], }} pub type PRTL_HEAP_TAG = *mut RTL_HEAP_TAG; STRUCT!{struct RTL_HEAP_INFORMATION { BaseAddress: PVOID, Flags: ULONG, EntryOverhead: USHORT, CreatorBackTraceIndex: USHORT, BytesAllocated: SIZE_T, BytesCommitted: SIZE_T, NumberOfTags: ULONG, NumberOfEntries: ULONG, NumberOfPseudoTags: ULONG, PseudoTagGranularity: ULONG, Reserved: [ULONG; 5], Tags: PRTL_HEAP_TAG, Entries: PRTL_HEAP_ENTRY, }} pub type PRTL_HEAP_INFORMATION = *mut RTL_HEAP_INFORMATION; STRUCT!{struct RTL_PROCESS_HEAPS { NumberOfHeaps: ULONG, Heaps: [RTL_HEAP_INFORMATION; 1], }} pub type PRTL_PROCESS_HEAPS = *mut RTL_PROCESS_HEAPS; FN!{stdcall PRTL_HEAP_COMMIT_ROUTINE( Base: PVOID, CommitAddress: *mut PVOID, CommitSize: PSIZE_T, ) -> NTSTATUS} STRUCT!{struct RTL_HEAP_PARAMETERS { Length: ULONG, SegmentReserve: SIZE_T, SegmentCommit: SIZE_T, DeCommitFreeBlockThreshold: SIZE_T, DeCommitTotalFreeThreshold: SIZE_T, MaximumAllocationSize: SIZE_T, VirtualMemoryThreshold: SIZE_T, InitialCommit: SIZE_T, InitialReserve: SIZE_T, CommitRoutine: PRTL_HEAP_COMMIT_ROUTINE, Reserved: [SIZE_T; 2], }} pub type PRTL_HEAP_PARAMETERS = *mut RTL_HEAP_PARAMETERS; pub const HEAP_SETTABLE_USER_VALUE: ULONG = 0x00000100; pub const HEAP_SETTABLE_USER_FLAG1: ULONG = 0x00000200; pub const HEAP_SETTABLE_USER_FLAG2: ULONG = 0x00000400; pub const HEAP_SETTABLE_USER_FLAG3: ULONG = 0x00000800; pub const HEAP_SETTABLE_USER_FLAGS: ULONG = 0x00000e00; pub const HEAP_CLASS_0: ULONG = 0x00000000; pub const HEAP_CLASS_1: ULONG = 0x00001000; pub const HEAP_CLASS_2: ULONG = 0x00002000; pub const HEAP_CLASS_3: ULONG = 0x00003000; pub const HEAP_CLASS_4: ULONG = 0x00004000; pub const HEAP_CLASS_5: ULONG = 0x00005000; pub const HEAP_CLASS_6: ULONG = 0x00006000; pub const HEAP_CLASS_7: ULONG = 0x00007000; pub const HEAP_CLASS_8: ULONG = 0x00008000; pub const HEAP_CLASS_MASK: ULONG = 0x0000f000; EXTERN!{extern "system" { fn RtlCreateHeap( Flags: ULONG, HeapBase: PVOID, ReserveSize: SIZE_T, CommitSize: SIZE_T, Lock: PVOID, Parameters: PRTL_HEAP_PARAMETERS, ) -> PVOID; fn RtlDestroyHeap( HeapHandle: PVOID, ) -> PVOID; fn RtlAllocateHeap( HeapHandle: PVOID, Flags: ULONG, Size: SIZE_T, ) -> PVOID; fn RtlFreeHeap( HeapHandle: PVOID, Flags: ULONG, BaseAddress: PVOID, ) -> BOOLEAN; fn RtlSizeHeap( HeapHandle: PVOID, Flags: ULONG, BaseAddress: PVOID, ) -> SIZE_T; fn RtlZeroHeap( HeapHandle: PVOID, Flags: ULONG, ) -> NTSTATUS; fn RtlProtectHeap( HeapHandle: PVOID, MakeReadOnly: BOOLEAN, ); }} #[inline] #[cfg(not(target_arch = "aarch64"))] pub unsafe fn RtlProcessHeap() -> PVOID { use crate::ntpsapi::NtCurrentPeb; (*NtCurrentPeb()).ProcessHeap } EXTERN!{extern "system" { fn RtlLockHeap( HeapHandle: PVOID, ) -> BOOLEAN; fn RtlUnlockHeap( HeapHandle: PVOID, ) -> BOOLEAN; fn RtlReAllocateHeap( HeapHandle: PVOID, Flags: ULONG, BaseAddress: PVOID, Size: SIZE_T, ) -> PVOID; fn RtlGetUserInfoHeap( HeapHandle: PVOID, Flags: ULONG, BaseAddress: PVOID, UserValue: *mut PVOID, UserFlags: PULONG, ) -> BOOLEAN; fn RtlSetUserValueHeap( HeapHandle: PVOID, Flags: ULONG, BaseAddress: PVOID, UserValue: PVOID, ) -> BOOLEAN; fn RtlSetUserFlagsHeap( HeapHandle: PVOID, Flags: ULONG, BaseAddress: PVOID, UserFlagsReset: ULONG, UserFlagsSet: ULONG, ) -> BOOLEAN; }} STRUCT!{struct RTL_HEAP_TAG_INFO { NumberOfAllocations: ULONG, NumberOfFrees: ULONG, BytesAllocated: SIZE_T, }} pub type PRTL_HEAP_TAG_INFO = *mut RTL_HEAP_TAG_INFO; EXTERN!{extern "system" { fn RtlCreateTagHeap( HeapHandle: PVOID, Flags: ULONG, TagPrefix: PWSTR, TagNames: PWSTR, ) -> ULONG; fn RtlQueryTagHeap( HeapHandle: PVOID, Flags: ULONG, TagIndex: USHORT, ResetCounters: BOOLEAN, TagInfo: PRTL_HEAP_TAG_INFO, ) -> PWSTR; fn RtlExtendHeap( HeapHandle: PVOID, Flags: ULONG, Base: PVOID, Size: SIZE_T, ) -> NTSTATUS; fn RtlCompactHeap( HeapHandle: PVOID, Flags: ULONG, ) -> SIZE_T; fn RtlValidateHeap( HeapHandle: PVOID, Flags: ULONG, BaseAddress: PVOID, ) -> BOOLEAN; fn RtlValidateProcessHeaps() -> BOOLEAN; fn RtlGetProcessHeaps( NumberOfHeaps: ULONG, ProcessHeaps: *mut PVOID, ) -> ULONG; }} FN!{stdcall PRTL_ENUM_HEAPS_ROUTINE( HeapHandle: PVOID, Parameter: PVOID, ) -> NTSTATUS} EXTERN!{extern "system" { fn RtlEnumProcessHeaps( EnumRoutine: PRTL_ENUM_HEAPS_ROUTINE, Parameter: PVOID, ) -> NTSTATUS; }} STRUCT!{struct RTL_HEAP_USAGE_ENTRY { Next: *mut RTL_HEAP_USAGE_ENTRY, Address: PVOID, Size: SIZE_T, AllocatorBackTraceIndex: USHORT, TagIndex: USHORT, }} pub type PRTL_HEAP_USAGE_ENTRY = *mut RTL_HEAP_USAGE_ENTRY; STRUCT!{struct RTL_HEAP_USAGE { Length: ULONG, BytesAllocated: SIZE_T, BytesCommitted: SIZE_T, BytesReserved: SIZE_T, BytesReservedMaximum: SIZE_T, Entries: PRTL_HEAP_USAGE_ENTRY, AddedEntries: PRTL_HEAP_USAGE_ENTRY, RemovedEntries: PRTL_HEAP_USAGE_ENTRY, Reserved: [ULONG_PTR; 8], }} pub type PRTL_HEAP_USAGE = *mut RTL_HEAP_USAGE; pub const HEAP_USAGE_ALLOCATED_BLOCKS: ULONG = HEAP_REALLOC_IN_PLACE_ONLY; pub const HEAP_USAGE_FREE_BUFFER: ULONG = HEAP_ZERO_MEMORY; EXTERN!{extern "system" { fn RtlUsageHeap( HeapHandle: PVOID, Flags: ULONG, Usage: PRTL_HEAP_USAGE, ) -> NTSTATUS; }} STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Block { Settable: SIZE_T, TagIndex: USHORT, AllocatorBackTraceIndex: USHORT, Reserved: [ULONG; 2], }} STRUCT!{struct RTL_HEAP_WALK_ENTRY_u_Segment { CommittedSize: ULONG, UnCommittedSize: ULONG, FirstEntry: PVOID, LastEntry: PVOID, }} UNION!{union RTL_HEAP_WALK_ENTRY_u { Block: RTL_HEAP_WALK_ENTRY_u_Block, Segment: RTL_HEAP_WALK_ENTRY_u_Segment, }} STRUCT!{struct RTL_HEAP_WALK_ENTRY { DataAddress: PVOID, DataSize: SIZE_T, OverheadBytes: UCHAR, SegmentIndex: UCHAR, Flags: USHORT, u: RTL_HEAP_WALK_ENTRY_u, }} pub type PRTL_HEAP_WALK_ENTRY = *mut RTL_HEAP_WALK_ENTRY; EXTERN!{extern "system" { fn RtlWalkHeap( HeapHandle: PVOID, Entry: PRTL_HEAP_WALK_ENTRY, ) -> NTSTATUS; }} pub const HeapDetailedFailureInformation: u32 = 0x80000001; pub const HeapSetDebuggingInformation: u32 = 0x80000002; ENUM!{enum HEAP_COMPATIBILITY_MODE { HEAP_COMPATIBILITY_STANDARD = 0, HEAP_COMPATIBILITY_LAL = 1, HEAP_COMPATIBILITY_LFH = 2, }} STRUCT!{struct PROCESS_HEAP_INFORMATION { ReserveSize: ULONG_PTR, CommitSize: ULONG_PTR, NumberOfHeaps: ULONG, FirstHeapInformationOffset: ULONG_PTR, }} pub type PPROCESS_HEAP_INFORMATION = *mut PROCESS_HEAP_INFORMATION; STRUCT!{struct HEAP_INFORMATION { Address: ULONG_PTR, Mode: ULONG, ReserveSize: ULONG_PTR, CommitSize: ULONG_PTR, FirstRegionInformationOffset: ULONG_PTR, NextHeapInformationOffset: ULONG_PTR, }} pub type PHEAP_INFORMATION = *mut HEAP_INFORMATION; UNION!{union HEAP_EXTENDED_INFORMATION_u { ProcessHeapInformation: PROCESS_HEAP_INFORMATION, HeapInformation: HEAP_INFORMATION, }} STRUCT!{struct HEAP_EXTENDED_INFORMATION { Process: HANDLE, Heap: ULONG_PTR, Level: ULONG, CallbackRoutine: PVOID, CallbackContext: PVOID, u: HEAP_EXTENDED_INFORMATION_u, }} pub type PHEAP_EXTENDED_INFORMATION = *mut HEAP_EXTENDED_INFORMATION; FN!{stdcall PRTL_HEAP_LEAK_ENUMERATION_ROUTINE( Reserved: LONG, HeapHandle: PVOID, BaseAddress: PVOID, BlockSize: SIZE_T, StackTraceDepth: ULONG, StackTrace: *mut PVOID, ) -> NTSTATUS} STRUCT!{struct HEAP_DEBUGGING_INFORMATION { InterceptorFunction: PVOID, InterceptorValue: USHORT, ExtendedOptions: ULONG, StackTraceDepth: ULONG, MinTotalBlockSize: SIZE_T, MaxTotalBlockSize: SIZE_T, HeapLeakEnumerationRoutine: PRTL_HEAP_LEAK_ENUMERATION_ROUTINE, }} pub type PHEAP_DEBUGGING_INFORMATION = *mut HEAP_DEBUGGING_INFORMATION; EXTERN!{extern "system" { fn RtlQueryHeapInformation( HeapHandle: PVOID, HeapInformationClass: HEAP_INFORMATION_CLASS, HeapInformation: PVOID, HeapInformationLength: SIZE_T, ReturnLength: PSIZE_T, ) -> NTSTATUS; fn RtlSetHeapInformation( HeapHandle: PVOID, HeapInformationClass: HEAP_INFORMATION_CLASS, HeapInformation: PVOID, HeapInformationLength: SIZE_T, ) -> NTSTATUS; fn RtlMultipleAllocateHeap( HeapHandle: PVOID, Flags: ULONG, Size: SIZE_T, Count: ULONG, Array: *mut PVOID, ) -> ULONG; fn RtlMultipleFreeHeap( HeapHandle: PVOID, Flags: ULONG, Count: ULONG, Array: *mut PVOID, ) -> ULONG; fn RtlDetectHeapLeaks(); fn RtlFlushHeaps(); }} STRUCT!{struct RTL_MEMORY_ZONE_SEGMENT { NextSegment: *mut RTL_MEMORY_ZONE_SEGMENT, Size: SIZE_T, Next: PVOID, Limit: PVOID, }} pub type PRTL_MEMORY_ZONE_SEGMENT = *mut RTL_MEMORY_ZONE_SEGMENT; STRUCT!{struct RTL_MEMORY_ZONE { Segment: RTL_MEMORY_ZONE_SEGMENT, Lock: RTL_SRWLOCK, LockCount: ULONG, FirstSegment: PRTL_MEMORY_ZONE_SEGMENT, }} pub type PRTL_MEMORY_ZONE = *mut RTL_MEMORY_ZONE; EXTERN!{extern "system" { fn RtlCreateMemoryZone( MemoryZone: *mut PVOID, InitialSize: SIZE_T, Flags: ULONG, ) -> NTSTATUS; fn RtlDestroyMemoryZone( MemoryZone: PVOID, ) -> NTSTATUS; fn RtlAllocateMemoryZone( MemoryZone: PVOID, BlockSize: SIZE_T, Block: *mut PVOID, ) -> NTSTATUS; fn RtlResetMemoryZone( MemoryZone: PVOID, ) -> NTSTATUS; fn RtlLockMemoryZone( MemoryZone: PVOID, ) -> NTSTATUS; fn RtlUnlockMemoryZone( MemoryZone: PVOID, ) -> NTSTATUS; fn RtlCreateMemoryBlockLookaside( MemoryBlockLookaside: *mut PVOID, Flags: ULONG, InitialSize: ULONG, MinimumBlockSize: ULONG, MaximumBlockSize: ULONG, ) -> NTSTATUS; fn RtlDestroyMemoryBlockLookaside( MemoryBlockLookaside: PVOID, ) -> NTSTATUS; fn RtlAllocateMemoryBlockLookaside( MemoryBlockLookaside: PVOID, BlockSize: ULONG, Block: *mut PVOID, ) -> NTSTATUS; fn RtlFreeMemoryBlockLookaside( MemoryBlockLookaside: PVOID, Block: PVOID, ) -> NTSTATUS; fn RtlExtendMemoryBlockLookaside( MemoryBlockLookaside: PVOID, Increment: ULONG, ) -> NTSTATUS; fn RtlResetMemoryBlockLookaside( MemoryBlockLookaside: PVOID, ) -> NTSTATUS; fn RtlLockMemoryBlockLookaside( MemoryBlockLookaside: PVOID, ) -> NTSTATUS; fn RtlUnlockMemoryBlockLookaside( MemoryBlockLookaside: PVOID, ) -> NTSTATUS; fn RtlGetCurrentTransaction() -> HANDLE; fn RtlSetCurrentTransaction( TransactionHandle: HANDLE, ) -> LOGICAL; }} #[inline] pub const fn RtlIsEqualLuid(L1: &LUID, L2: &LUID) -> bool { (L1.LowPart == L2.LowPart) && (L1.HighPart == L2.HighPart) } #[inline] pub const fn RtlIsZeroLuid(L1: &LUID) -> bool { (L1.LowPart | L1.HighPart as u32) == 0 } #[inline] pub const fn RtlConvertLongToLuid(Long: LONG) -> LUID { LUID { LowPart: Long as u32, HighPart: ((Long as i64) >> 32) as i32 } } #[inline] pub const fn RtlConvertUlongToLuid(Ulong: ULONG) -> LUID { LUID { LowPart: Ulong, HighPart: 0 } } EXTERN!{extern "system" { fn RtlCopyLuid( DestinationLuid: PLUID, SourceLuid: PLUID, ); fn RtlCopyLuidAndAttributesArray( Count: ULONG, Src: PLUID_AND_ATTRIBUTES, Dest: PLUID_AND_ATTRIBUTES, ); }} STRUCT!{struct RTL_PROCESS_VERIFIER_OPTIONS { SizeStruct: ULONG, Option: ULONG, OptionData: [UCHAR; 1], }} pub type PRTL_PROCESS_VERIFIER_OPTIONS = *mut RTL_PROCESS_VERIFIER_OPTIONS; UNION!{union RTL_DEBUG_INFORMATION_u { Modules: *mut RTL_PROCESS_MODULES, ModulesEx: *mut RTL_PROCESS_MODULE_INFORMATION_EX, }} STRUCT!{struct RTL_DEBUG_INFORMATION { SectionHandleClient: HANDLE, ViewBaseClient: PVOID, ViewBaseTarget: PVOID, ViewBaseDelta: ULONG_PTR, EventPairClient: HANDLE, EventPairTarget: HANDLE, TargetProcessId: HANDLE, TargetThreadHandle: HANDLE, Flags: ULONG, OffsetFree: SIZE_T, CommitSize: SIZE_T, ViewSize: SIZE_T, u: RTL_DEBUG_INFORMATION_u, BackTraces: *mut RTL_PROCESS_BACKTRACES, Heaps: *mut RTL_PROCESS_HEAPS, Locks: *mut RTL_PROCESS_LOCKS, SpecificHeap: PVOID, TargetProcessHandle: HANDLE, VerifierOptions: PRTL_PROCESS_VERIFIER_OPTIONS, ProcessHeap: PVOID, CriticalSectionHandle: HANDLE, CriticalSectionOwnerThread: HANDLE, Reserved: [PVOID; 4], }} pub type PRTL_DEBUG_INFORMATION = *mut RTL_DEBUG_INFORMATION; EXTERN!{extern "system" { fn RtlCreateQueryDebugBuffer( MaximumCommit: ULONG, UseEventPair: BOOLEAN, ) -> PRTL_DEBUG_INFORMATION; fn RtlDestroyQueryDebugBuffer( Buffer: PRTL_DEBUG_INFORMATION, ) -> NTSTATUS; fn RtlCommitDebugInfo( Buffer: PRTL_DEBUG_INFORMATION, Size: SIZE_T, ) -> PVOID; fn RtlDeCommitDebugInfo( Buffer: PRTL_DEBUG_INFORMATION, p: PVOID, Size: SIZE_T, ); }} pub const RTL_QUERY_PROCESS_MODULES: ULONG = 0x00000001; pub const RTL_QUERY_PROCESS_BACKTRACES: ULONG = 0x00000002; pub const RTL_QUERY_PROCESS_HEAP_SUMMARY: ULONG = 0x00000004; pub const RTL_QUERY_PROCESS_HEAP_TAGS: ULONG = 0x00000008; pub const RTL_QUERY_PROCESS_HEAP_ENTRIES: ULONG = 0x00000010; pub const RTL_QUERY_PROCESS_LOCKS: ULONG = 0x00000020; pub const RTL_QUERY_PROCESS_MODULES32: ULONG = 0x00000040; pub const RTL_QUERY_PROCESS_VERIFIER_OPTIONS: ULONG = 0x00000080; pub const RTL_QUERY_PROCESS_MODULESEX: ULONG = 0x00000100; pub const RTL_QUERY_PROCESS_HEAP_ENTRIES_EX: ULONG = 0x00000200; pub const RTL_QUERY_PROCESS_CS_OWNER: ULONG = 0x00000400; pub const RTL_QUERY_PROCESS_NONINVASIVE: ULONG = 0x80000000; EXTERN!{extern "system" { fn RtlQueryProcessDebugInformation( UniqueProcessId: HANDLE, Flags: ULONG, Buffer: PRTL_DEBUG_INFORMATION, ) -> NTSTATUS; fn RtlFindMessage( DllHandle: PVOID, MessageTableId: ULONG, MessageLanguageId: ULONG, MessageId: ULONG, MessageEntry: *mut PMESSAGE_RESOURCE_ENTRY, ) -> NTSTATUS; fn RtlFormatMessage( MessageFormat: PWSTR, MaximumWidth: ULONG, IgnoreInserts: BOOLEAN, ArgumentsAreAnsi: BOOLEAN, ArgumentsAreAnArray: BOOLEAN, Arguments: *mut va_list, Buffer: PWSTR, Length: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; }} STRUCT!{struct PARSE_MESSAGE_CONTEXT { fFlags: ULONG, cwSavColumn: ULONG, iwSrc: SIZE_T, iwDst: SIZE_T, iwDstSpace: SIZE_T, lpvArgStart: va_list, }} pub type PPARSE_MESSAGE_CONTEXT = *mut PARSE_MESSAGE_CONTEXT; #[inline] pub fn INIT_PARSE_MESSAGE_CONTEXT(ctx: &mut PARSE_MESSAGE_CONTEXT) { ctx.fFlags = 0; } #[inline] pub fn TEST_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG { ctx.fFlags & flag } #[inline] pub fn SET_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG { ctx.fFlags |= flag; ctx.fFlags } #[inline] pub fn CLEAR_PARSE_MESSAGE_CONTEXT_FLAG(ctx: &mut PARSE_MESSAGE_CONTEXT, flag: ULONG) -> ULONG { ctx.fFlags &= !flag; ctx.fFlags } EXTERN!{extern "system" { fn RtlFormatMessageEx( MessageFormat: PWSTR, MaximumWidth: ULONG, IgnoreInserts: BOOLEAN, ArgumentsAreAnsi: BOOLEAN, ArgumentsAreAnArray: BOOLEAN, Arguments: *mut va_list, Buffer: PWSTR, Length: ULONG, ReturnLength: PULONG, ParseContext: PPARSE_MESSAGE_CONTEXT, ) -> NTSTATUS; fn RtlNtStatusToDosError( Status: NTSTATUS, ) -> ULONG; fn RtlNtStatusToDosErrorNoTeb( Status: NTSTATUS, ) -> ULONG; fn RtlGetLastNtStatus() -> NTSTATUS; fn RtlGetLastWin32Error() -> LONG; fn RtlSetLastWin32ErrorAndNtStatusFromNtStatus( Status: NTSTATUS, ); fn RtlSetLastWin32Error( Win32Error: LONG, ); fn RtlRestoreLastWin32Error( Win32Error: LONG, ); }} pub const RTL_ERRORMODE_FAILCRITICALERRORS: ULONG = 0x0010; pub const RTL_ERRORMODE_NOGPFAULTERRORBOX: ULONG = 0x0020; pub const RTL_ERRORMODE_NOOPENFILEERRORBOX: ULONG = 0x0040; EXTERN!{extern "system" { fn RtlGetThreadErrorMode() -> ULONG; fn RtlSetThreadErrorMode( NewMode: ULONG, OldMode: PULONG, ) -> NTSTATUS; fn RtlReportException( ExceptionRecord: PEXCEPTION_RECORD, ContextRecord: PCONTEXT, Flags: ULONG, ) -> NTSTATUS; fn RtlReportExceptionEx( ExceptionRecord: PEXCEPTION_RECORD, ContextRecord: PCONTEXT, Flags: ULONG, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn RtlWerpReportException( ProcessId: ULONG, CrashReportSharedMem: HANDLE, Flags: ULONG, CrashVerticalProcessHandle: PHANDLE, ) -> NTSTATUS; fn RtlReportSilentProcessExit( ProcessHandle: HANDLE, ExitStatus: NTSTATUS, ) -> NTSTATUS; fn RtlUniform( Seed: PULONG, ) -> ULONG; fn RtlRandom( Seed: PULONG, ) -> ULONG; fn RtlRandomEx( Seed: PULONG, ) -> ULONG; fn RtlComputeImportTableHash( FileHandle: HANDLE, Hash: PCHAR, ImportTableHashRevision: ULONG, ) -> NTSTATUS; fn RtlIntegerToChar( Value: ULONG, Base: ULONG, OutputLength: LONG, String: PSTR, ) -> NTSTATUS; fn RtlCharToInteger( String: PCSZ, Base: ULONG, Value: PULONG, ) -> NTSTATUS; fn RtlLargeIntegerToChar( Value: PLARGE_INTEGER, Base: ULONG, OutputLength: LONG, String: PSTR, ) -> NTSTATUS; fn RtlIntegerToUnicodeString( Value: ULONG, Base: ULONG, String: PUNICODE_STRING, ) -> NTSTATUS; fn RtlInt64ToUnicodeString( Value: ULONGLONG, Base: ULONG, String: PUNICODE_STRING, ) -> NTSTATUS; fn RtlUnicodeStringToInteger( String: PCUNICODE_STRING, Base: ULONG, Value: PULONG, ) -> NTSTATUS; fn RtlIpv4AddressToStringExW( Address: *const in_addr, Port: USHORT, AddressString: PWSTR, AddressStringLength: PULONG, ) -> NTSTATUS; fn RtlIpv6AddressToStringExW( Address: *const in6_addr, ScopeId: ULONG, Port: USHORT, AddressString: PWSTR, AddressStringLength: PULONG, ) -> NTSTATUS; fn RtlIpv4StringToAddressExW( AddressString: PCWSTR, Strict: BOOLEAN, Address: *mut in_addr, Port: PUSHORT, ) -> NTSTATUS; fn RtlIpv6StringToAddressExW( AddressString: PCWSTR, Address: *mut in6_addr, ScopeId: PULONG, Port: PUSHORT, ) -> NTSTATUS; }} STRUCT!{struct TIME_FIELDS { Year: CSHORT, Month: CSHORT, Day: CSHORT, Hour: CSHORT, Minute: CSHORT, Second: CSHORT, Milliseconds: CSHORT, Weekday: CSHORT, }} pub type PTIME_FIELDS = *mut TIME_FIELDS; EXTERN!{extern "system" { fn RtlCutoverTimeToSystemTime( CutoverTime: PTIME_FIELDS, SystemTime: PLARGE_INTEGER, CurrentSystemTime: PLARGE_INTEGER, ThisYear: BOOLEAN, ) -> BOOLEAN; fn RtlSystemTimeToLocalTime( SystemTime: PLARGE_INTEGER, LocalTime: PLARGE_INTEGER, ) -> NTSTATUS; fn RtlLocalTimeToSystemTime( LocalTime: PLARGE_INTEGER, SystemTime: PLARGE_INTEGER, ) -> NTSTATUS; fn RtlTimeToElapsedTimeFields( Time: PLARGE_INTEGER, TimeFields: PTIME_FIELDS, ); fn RtlTimeToTimeFields( Time: PLARGE_INTEGER, TimeFields: PTIME_FIELDS, ); fn RtlTimeFieldsToTime( TimeFields: PTIME_FIELDS, Time: PLARGE_INTEGER, ) -> BOOLEAN; fn RtlTimeToSecondsSince1980( Time: PLARGE_INTEGER, ElapsedSeconds: PULONG, ) -> BOOLEAN; fn RtlSecondsSince1980ToTime( ElapsedSeconds: ULONG, Time: PLARGE_INTEGER, ); fn RtlTimeToSecondsSince1970( Time: PLARGE_INTEGER, ElapsedSeconds: PULONG, ) -> BOOLEAN; fn RtlSecondsSince1970ToTime( ElapsedSeconds: ULONG, Time: PLARGE_INTEGER, ); }} STRUCT!{struct RTL_TIME_ZONE_INFORMATION { Bias: LONG, StandardName: [WCHAR; 32], StandardStart: TIME_FIELDS, StandardBias: LONG, DaylightName: [WCHAR; 32], DaylightStart: TIME_FIELDS, DaylightBias: LONG, }} pub type PRTL_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION; EXTERN!{extern "system" { fn RtlQueryTimeZoneInformation( TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION, ) -> NTSTATUS; fn RtlSetTimeZoneInformation( TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION, ) -> NTSTATUS; }} STRUCT!{struct RTL_BITMAP { SizeOfBitMap: ULONG, Buffer: PULONG, }} pub type PRTL_BITMAP = *mut RTL_BITMAP; EXTERN!{extern "system" { fn RtlInitializeBitMap( BitMapHeader: PRTL_BITMAP, BitMapBuffer: PULONG, SizeOfBitMap: ULONG, ); fn RtlClearBit( BitMapHeader: PRTL_BITMAP, BitNumber: ULONG, ); fn RtlSetBit( BitMapHeader: PRTL_BITMAP, BitNumber: ULONG, ); fn RtlTestBit( BitMapHeader: PRTL_BITMAP, BitNumber: ULONG, ) -> BOOLEAN; fn RtlClearAllBits( BitMapHeader: PRTL_BITMAP, ); fn RtlSetAllBits( BitMapHeader: PRTL_BITMAP, ); fn RtlFindClearBits( BitMapHeader: PRTL_BITMAP, NumberToFind: ULONG, HintIndex: ULONG, ) -> ULONG; fn RtlFindSetBits( BitMapHeader: PRTL_BITMAP, NumberToFind: ULONG, HintIndex: ULONG, ) -> ULONG; fn RtlFindClearBitsAndSet( BitMapHeader: PRTL_BITMAP, NumberToFind: ULONG, HintIndex: ULONG, ) -> ULONG; fn RtlFindSetBitsAndClear( BitMapHeader: PRTL_BITMAP, NumberToFind: ULONG, HintIndex: ULONG, ) -> ULONG; fn RtlClearBits( BitMapHeader: PRTL_BITMAP, StartingIndex: ULONG, NumberToClear: ULONG, ); fn RtlSetBits( BitMapHeader: PRTL_BITMAP, StartingIndex: ULONG, NumberToSet: ULONG, ); fn RtlFindMostSignificantBit( Set: ULONGLONG, ) -> CCHAR; fn RtlFindLeastSignificantBit( Set: ULONGLONG, ) -> CCHAR; }} STRUCT!{struct RTL_BITMAP_RUN { StartingIndex: ULONG, NumberOfBits: ULONG, }} pub type PRTL_BITMAP_RUN = *mut RTL_BITMAP_RUN; EXTERN!{extern "system" { fn RtlFindClearRuns( BitMapHeader: PRTL_BITMAP, RunArray: PRTL_BITMAP_RUN, SizeOfRunArray: ULONG, LocateLongestRuns: BOOLEAN, ) -> ULONG; fn RtlFindLongestRunClear( BitMapHeader: PRTL_BITMAP, StartingIndex: PULONG, ) -> ULONG; fn RtlFindFirstRunClear( BitMapHeader: PRTL_BITMAP, StartingIndex: PULONG, ) -> ULONG; }} #[inline] pub unsafe fn RtlCheckBit(BitMapHeader: &RTL_BITMAP, BitPosition: ULONG) -> u8 { #[cfg(target_arch = "x86_64")] { core::arch::x86_64::_bittest64(BitMapHeader.Buffer as *const i64, BitPosition as i64) } #[cfg(any(target_arch = "x86", target_arch = "aarch64"))] { (*BitMapHeader.Buffer.offset(BitPosition as isize / 32) >> (BitPosition % 32) & 1) as u8 } } EXTERN!{extern "system" { fn RtlNumberOfClearBits( BitMapHeader: PRTL_BITMAP, ) -> ULONG; fn RtlNumberOfSetBits( BitMapHeader: PRTL_BITMAP, ) -> ULONG; fn RtlAreBitsClear( BitMapHeader: PRTL_BITMAP, StartingIndex: ULONG, Length: ULONG, ) -> BOOLEAN; fn RtlAreBitsSet( BitMapHeader: PRTL_BITMAP, StartingIndex: ULONG, Length: ULONG, ) -> BOOLEAN; fn RtlFindNextForwardRunClear( BitMapHeader: PRTL_BITMAP, FromIndex: ULONG, StartingRunIndex: PULONG, ) -> ULONG; fn RtlFindLastBackwardRunClear( BitMapHeader: PRTL_BITMAP, FromIndex: ULONG, StartingRunIndex: PULONG, ) -> ULONG; fn RtlNumberOfSetBitsUlongPtr( Target: ULONG_PTR, ) -> ULONG; fn RtlInterlockedClearBitRun( BitMapHeader: PRTL_BITMAP, StartingIndex: ULONG, NumberToClear: ULONG, ); fn RtlInterlockedSetBitRun( BitMapHeader: PRTL_BITMAP, StartingIndex: ULONG, NumberToSet: ULONG, ); fn RtlCopyBitMap( Source: PRTL_BITMAP, Destination: PRTL_BITMAP, TargetBit: ULONG, ); fn RtlExtractBitMap( Source: PRTL_BITMAP, Destination: PRTL_BITMAP, TargetBit: ULONG, NumberOfBits: ULONG, ); fn RtlNumberOfClearBitsInRange( BitMapHeader: PRTL_BITMAP, StartingIndex: ULONG, Length: ULONG, ) -> ULONG; fn RtlNumberOfSetBitsInRange( BitMapHeader: PRTL_BITMAP, StartingIndex: ULONG, Length: ULONG, ) -> ULONG; }} STRUCT!{struct RTL_BITMAP_EX { SizeOfBitMap: ULONG64, Buffer: PULONG64, }} pub type PRTL_BITMAP_EX = *mut RTL_BITMAP_EX; EXTERN!{extern "system" { fn RtlInitializeBitMapEx( BitMapHeader: PRTL_BITMAP_EX, BitMapBuffer: PULONG64, SizeOfBitMap: ULONG64, ); fn RtlTestBitEx( BitMapHeader: PRTL_BITMAP_EX, BitNumber: ULONG64, ) -> BOOLEAN; fn RtlClearAllBitsEx( BitMapHeader: PRTL_BITMAP_EX, ); fn RtlClearBitEx( BitMapHeader: PRTL_BITMAP_EX, BitNumber: ULONG64, ); fn RtlSetBitEx( BitMapHeader: PRTL_BITMAP_EX, BitNumber: ULONG64, ); fn RtlFindSetBitsEx( BitMapHeader: PRTL_BITMAP_EX, NumberToFind: ULONG64, HintIndex: ULONG64, ) -> ULONG64; fn RtlFindSetBitsAndClearEx( BitMapHeader: PRTL_BITMAP_EX, NumberToFind: ULONG64, HintIndex: ULONG64, ) -> ULONG64; }} UNION!{union RTL_HANDLE_TABLE_ENTRY { Flags: ULONG, NextFree: *mut RTL_HANDLE_TABLE_ENTRY, }} pub type PRTL_HANDLE_TABLE_ENTRY = *mut RTL_HANDLE_TABLE_ENTRY; pub const RTL_HANDLE_ALLOCATED: USHORT = 0x0001; STRUCT!{struct RTL_HANDLE_TABLE { MaximumNumberOfHandles: ULONG, SizeOfHandleTableEntry: ULONG, Reserved: [ULONG; 2], FreeHandles: PRTL_HANDLE_TABLE_ENTRY, CommittedHandles: PRTL_HANDLE_TABLE_ENTRY, UnCommittedHandles: PRTL_HANDLE_TABLE_ENTRY, MaxReservedHandles: PRTL_HANDLE_TABLE_ENTRY, }} pub type PRTL_HANDLE_TABLE = *mut RTL_HANDLE_TABLE; EXTERN!{extern "system" { fn RtlInitializeHandleTable( MaximumNumberOfHandles: ULONG, SizeOfHandleTableEntry: ULONG, HandleTable: PRTL_HANDLE_TABLE, ); fn RtlDestroyHandleTable( HandleTable: PRTL_HANDLE_TABLE, ) -> NTSTATUS; fn RtlAllocateHandle( HandleTable: PRTL_HANDLE_TABLE, HandleIndex: PULONG, ) -> PRTL_HANDLE_TABLE_ENTRY; fn RtlFreeHandle( HandleTable: PRTL_HANDLE_TABLE, Handle: PRTL_HANDLE_TABLE_ENTRY, ) -> BOOLEAN; fn RtlIsValidHandle( HandleTable: PRTL_HANDLE_TABLE, Handle: PRTL_HANDLE_TABLE_ENTRY, ) -> BOOLEAN; fn RtlIsValidIndexHandle( HandleTable: PRTL_HANDLE_TABLE, HandleIndex: ULONG, Handle: *mut PRTL_HANDLE_TABLE_ENTRY, ) -> BOOLEAN; }} pub const RTL_ATOM_MAXIMUM_INTEGER_ATOM: RTL_ATOM = 0xc000; pub const RTL_ATOM_INVALID_ATOM: RTL_ATOM = 0x0000; pub const RTL_ATOM_TABLE_DEFAULT_NUMBER_OF_BUCKETS: u32 = 37; pub const RTL_ATOM_MAXIMUM_NAME_LENGTH: u32 = 255; pub const RTL_ATOM_PINNED: u32 = 0x01; EXTERN!{extern "system" { fn RtlCreateAtomTable( NumberOfBuckets: ULONG, AtomTableHandle: *mut PVOID, ) -> NTSTATUS; fn RtlDestroyAtomTable( AtomTableHandle: PVOID, ) -> NTSTATUS; fn RtlEmptyAtomTable( AtomTableHandle: PVOID, IncludePinnedAtoms: BOOLEAN, ) -> NTSTATUS; fn RtlAddAtomToAtomTable( AtomTableHandle: PVOID, AtomName: PWSTR, Atom: PRTL_ATOM, ) -> NTSTATUS; fn RtlLookupAtomInAtomTable( AtomTableHandle: PVOID, AtomName: PWSTR, Atom: PRTL_ATOM, ) -> NTSTATUS; fn RtlDeleteAtomFromAtomTable( AtomTableHandle: PVOID, Atom: RTL_ATOM, ) -> NTSTATUS; fn RtlPinAtomInAtomTable( AtomTableHandle: PVOID, Atom: RTL_ATOM, ) -> NTSTATUS; fn RtlQueryAtomInAtomTable( AtomTableHandle: PVOID, Atom: RTL_ATOM, AtomUsage: PULONG, AtomFlags: PULONG, AtomName: PWSTR, AtomNameLength: PULONG, ) -> NTSTATUS; fn RtlGetIntegerAtom( AtomName: PWSTR, IntegerAtom: PUSHORT, ) -> BOOLEAN; fn RtlValidSid( Sid: PSID, ) -> BOOLEAN; fn RtlEqualSid( Sid1: PSID, Sid2: PSID, ) -> BOOLEAN; fn RtlEqualPrefixSid( Sid1: PSID, Sid2: PSID, ) -> BOOLEAN; fn RtlLengthRequiredSid( SubAuthorityCount: ULONG, ) -> ULONG; fn RtlFreeSid( Sid: PSID, ) -> PVOID; fn RtlAllocateAndInitializeSid( IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, SubAuthorityCount: UCHAR, SubAuthority0: ULONG, SubAuthority1: ULONG, SubAuthority2: ULONG, SubAuthority3: ULONG, SubAuthority4: ULONG, SubAuthority5: ULONG, SubAuthority6: ULONG, SubAuthority7: ULONG, Sid: *mut PSID, ) -> NTSTATUS; fn RtlInitializeSid( Sid: PSID, IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, SubAuthorityCount: UCHAR, ) -> NTSTATUS; }} EXTERN!{extern "C" { fn RtlInitializeSidEx( Sid: PSID, IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, SubAuthorityCount: UCHAR, ... ) -> NTSTATUS; }} EXTERN!{extern "system" { fn RtlIdentifierAuthoritySid( Sid: PSID, ) -> PSID_IDENTIFIER_AUTHORITY; fn RtlSubAuthoritySid( Sid: PSID, SubAuthority: ULONG, ) -> PULONG; fn RtlSubAuthorityCountSid( Sid: PSID, ) -> PUCHAR; fn RtlLengthSid( Sid: PSID, ) -> ULONG; fn RtlCopySid( DestinationSidLength: ULONG, DestinationSid: PSID, SourceSid: PSID, ) -> NTSTATUS; fn RtlCopySidAndAttributesArray( Count: ULONG, Src: PSID_AND_ATTRIBUTES, SidAreaSize: ULONG, Dest: PSID_AND_ATTRIBUTES, SidArea: PSID, RemainingSidArea: *mut PSID, RemainingSidAreaSize: PULONG, ) -> NTSTATUS; fn RtlCreateServiceSid( ServiceName: PUNICODE_STRING, ServiceSid: PSID, ServiceSidLength: PULONG, ) -> NTSTATUS; fn RtlSidDominates( Sid1: PSID, Sid2: PSID, Dominates: PBOOLEAN, ) -> NTSTATUS; fn RtlSidDominatesForTrust( Sid1: PSID, Sid2: PSID, DominatesTrust: PBOOLEAN, ) -> NTSTATUS; fn RtlSidEqualLevel( Sid1: PSID, Sid2: PSID, EqualLevel: PBOOLEAN, ) -> NTSTATUS; fn RtlSidIsHigherLevel( Sid1: PSID, Sid2: PSID, HigherLevel: PBOOLEAN, ) -> NTSTATUS; fn RtlCreateVirtualAccountSid( Name: PCUNICODE_STRING, BaseSubAuthority: ULONG, Sid: PSID, SidLength: PULONG, ) -> NTSTATUS; fn RtlReplaceSidInSd( SecurityDescriptor: PSECURITY_DESCRIPTOR, OldSid: PSID, NewSid: PSID, NumChanges: *mut ULONG, ) -> NTSTATUS; }} pub const MAX_UNICODE_STACK_BUFFER_LENGTH: usize = 256; EXTERN!{extern "system" { fn RtlConvertSidToUnicodeString( UnicodeString: PUNICODE_STRING, Sid: PSID, AllocateDestinationString: BOOLEAN, ) -> NTSTATUS; fn RtlSidHashInitialize( SidAttr: PSID_AND_ATTRIBUTES, SidCount: ULONG, SidAttrHash: PSID_AND_ATTRIBUTES_HASH, ) -> NTSTATUS; fn RtlSidHashLookup( SidAttrHash: PSID_AND_ATTRIBUTES_HASH, Sid: PSID, ) -> PSID_AND_ATTRIBUTES; fn RtlIsElevatedRid( SidAttr: PSID_AND_ATTRIBUTES, ) -> BOOLEAN; fn RtlDeriveCapabilitySidsFromName( UnicodeString: PUNICODE_STRING, CapabilityGroupSid: PSID, CapabilitySid: PSID, ) -> NTSTATUS; fn RtlCreateSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, Revision: ULONG, ) -> NTSTATUS; fn RtlValidSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, ) -> BOOLEAN; fn RtlLengthSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, ) -> ULONG; fn RtlValidRelativeSecurityDescriptor( SecurityDescriptorInput: PSECURITY_DESCRIPTOR, SecurityDescriptorLength: ULONG, RequiredInformation: SECURITY_INFORMATION, ) -> BOOLEAN; fn RtlGetControlSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, Control: PSECURITY_DESCRIPTOR_CONTROL, Revision: PULONG, ) -> NTSTATUS; fn RtlSetControlSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, ControlBitsOfInterest: SECURITY_DESCRIPTOR_CONTROL, ControlBitsToSet: SECURITY_DESCRIPTOR_CONTROL, ) -> NTSTATUS; fn RtlSetAttributesSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, Control: SECURITY_DESCRIPTOR_CONTROL, Revision: PULONG, ) -> NTSTATUS; fn RtlGetSecurityDescriptorRMControl( SecurityDescriptor: PSECURITY_DESCRIPTOR, RMControl: PUCHAR, ) -> BOOLEAN; fn RtlSetSecurityDescriptorRMControl( SecurityDescriptor: PSECURITY_DESCRIPTOR, RMControl: PUCHAR, ); fn RtlSetDaclSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, DaclPresent: BOOLEAN, Dacl: PACL, DaclDefaulted: BOOLEAN, ) -> NTSTATUS; fn RtlGetDaclSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, DaclPresent: PBOOLEAN, Dacl: *mut PACL, DaclDefaulted: PBOOLEAN, ) -> NTSTATUS; fn RtlSetSaclSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, SaclPresent: BOOLEAN, Sacl: PACL, SaclDefaulted: BOOLEAN, ) -> NTSTATUS; fn RtlGetSaclSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, SaclPresent: PBOOLEAN, Sacl: *mut PACL, SaclDefaulted: PBOOLEAN, ) -> NTSTATUS; fn RtlSetOwnerSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, Owner: PSID, OwnerDefaulted: BOOLEAN, ) -> NTSTATUS; fn RtlGetOwnerSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, Owner: *mut PSID, OwnerDefaulted: PBOOLEAN, ) -> NTSTATUS; fn RtlSetGroupSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, Group: PSID, GroupDefaulted: BOOLEAN, ) -> NTSTATUS; fn RtlGetGroupSecurityDescriptor( SecurityDescriptor: PSECURITY_DESCRIPTOR, Group: *mut PSID, GroupDefaulted: PBOOLEAN, ) -> NTSTATUS; fn RtlMakeSelfRelativeSD( AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, BufferLength: PULONG, ) -> NTSTATUS; fn RtlAbsoluteToSelfRelativeSD( AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, BufferLength: PULONG, ) -> NTSTATUS; fn RtlSelfRelativeToAbsoluteSD( SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, AbsoluteSecurityDescriptorSize: PULONG, Dacl: PACL, DaclSize: PULONG, Sacl: PACL, SaclSize: PULONG, Owner: PSID, OwnerSize: PULONG, PrimaryGroup: PSID, PrimaryGroupSize: PULONG, ) -> NTSTATUS; fn RtlSelfRelativeToAbsoluteSD2( pSelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, pBufferSize: PULONG, ) -> NTSTATUS; fn RtlAreAllAccessesGranted( GrantedAccess: ACCESS_MASK, DesiredAccess: ACCESS_MASK, ) -> BOOLEAN; fn RtlAreAnyAccessesGranted( GrantedAccess: ACCESS_MASK, DesiredAccess: ACCESS_MASK, ) -> BOOLEAN; fn RtlMapGenericMask( AccessMask: PACCESS_MASK, GenericMapping: PGENERIC_MAPPING, ); fn RtlCreateAcl( Acl: PACL, AclLength: ULONG, AclRevision: ULONG, ) -> NTSTATUS; fn RtlValidAcl( Acl: PACL, ) -> BOOLEAN; fn RtlQueryInformationAcl( Acl: PACL, AclInformation: PVOID, AclInformationLength: ULONG, AclInformationClass: ACL_INFORMATION_CLASS, ) -> NTSTATUS; fn RtlSetInformationAcl( Acl: PACL, AclInformation: PVOID, AclInformationLength: ULONG, AclInformationClass: ACL_INFORMATION_CLASS, ) -> NTSTATUS; fn RtlAddAce( Acl: PACL, AceRevision: ULONG, StartingAceIndex: ULONG, AceList: PVOID, AceListLength: ULONG, ) -> NTSTATUS; fn RtlDeleteAce( Acl: PACL, AceIndex: ULONG, ) -> NTSTATUS; fn RtlGetAce( Acl: PACL, AceIndex: ULONG, Ace: *mut PVOID, ) -> NTSTATUS; fn RtlFirstFreeAce( Acl: PACL, FirstFree: *mut PVOID, ) -> BOOLEAN; fn RtlFindAceByType( pAcl: PACL, AceType: UCHAR, pIndex: PULONG, ) -> PVOID; fn RtlOwnerAcesPresent( pAcl: PACL, ) -> BOOLEAN; fn RtlAddAccessAllowedAce( Acl: PACL, AceRevision: ULONG, AccessMask: ACCESS_MASK, Sid: PSID, ) -> NTSTATUS; fn RtlAddAccessAllowedAceEx( Acl: PACL, AceRevision: ULONG, AceFlags: ULONG, AccessMask: ACCESS_MASK, Sid: PSID, ) -> NTSTATUS; fn RtlAddAccessDeniedAce( Acl: PACL, AceRevision: ULONG, AccessMask: ACCESS_MASK, Sid: PSID, ) -> NTSTATUS; fn RtlAddAccessDeniedAceEx( Acl: PACL, AceRevision: ULONG, AceFlags: ULONG, AccessMask: ACCESS_MASK, Sid: PSID, ) -> NTSTATUS; fn RtlAddAuditAccessAce( Acl: PACL, AceRevision: ULONG, AccessMask: ACCESS_MASK, Sid: PSID, AuditSuccess: BOOLEAN, AuditFailure: BOOLEAN, ) -> NTSTATUS; fn RtlAddAuditAccessAceEx( Acl: PACL, AceRevision: ULONG, AceFlags: ULONG, AccessMask: ACCESS_MASK, Sid: PSID, AuditSuccess: BOOLEAN, AuditFailure: BOOLEAN, ) -> NTSTATUS; fn RtlAddAccessAllowedObjectAce( Acl: PACL, AceRevision: ULONG, AceFlags: ULONG, AccessMask: ACCESS_MASK, ObjectTypeGuid: *mut GUID, InheritedObjectTypeGuid: *mut GUID, Sid: PSID, ) -> NTSTATUS; fn RtlAddAccessDeniedObjectAce( Acl: PACL, AceRevision: ULONG, AceFlags: ULONG, AccessMask: ACCESS_MASK, ObjectTypeGuid: *mut GUID, InheritedObjectTypeGuid: *mut GUID, Sid: PSID, ) -> NTSTATUS; fn RtlAddAuditAccessObjectAce( Acl: PACL, AceRevision: ULONG, AceFlags: ULONG, AccessMask: ACCESS_MASK, ObjectTypeGuid: *mut GUID, InheritedObjectTypeGuid: *mut GUID, Sid: PSID, AuditSuccess: BOOLEAN, AuditFailure: BOOLEAN, ) -> NTSTATUS; fn RtlAddCompoundAce( Acl: PACL, AceRevision: ULONG, AceType: UCHAR, AccessMask: ACCESS_MASK, ServerSid: PSID, ClientSid: PSID, ) -> NTSTATUS; fn RtlAddMandatoryAce( Acl: PACL, AceRevision: ULONG, AceFlags: ULONG, Sid: PSID, AceType: UCHAR, AccessMask: ACCESS_MASK, ) -> NTSTATUS; fn RtlDefaultNpAcl( Acl: *mut PACL, ) -> NTSTATUS; fn RtlNewSecurityObject( ParentDescriptor: PSECURITY_DESCRIPTOR, CreatorDescriptor: PSECURITY_DESCRIPTOR, NewDescriptor: *mut PSECURITY_DESCRIPTOR, IsDirectoryObject: BOOLEAN, Token: HANDLE, GenericMapping: PGENERIC_MAPPING, ) -> NTSTATUS; fn RtlNewSecurityObjectEx( ParentDescriptor: PSECURITY_DESCRIPTOR, CreatorDescriptor: PSECURITY_DESCRIPTOR, NewDescriptor: *mut PSECURITY_DESCRIPTOR, ObjectType: *mut GUID, IsDirectoryObject: BOOLEAN, AutoInheritFlags: ULONG, Token: HANDLE, GenericMapping: PGENERIC_MAPPING, ) -> NTSTATUS; fn RtlNewSecurityObjectWithMultipleInheritance( ParentDescriptor: PSECURITY_DESCRIPTOR, CreatorDescriptor: PSECURITY_DESCRIPTOR, NewDescriptor: *mut PSECURITY_DESCRIPTOR, ObjectType: *mut *mut GUID, GuidCount: ULONG, IsDirectoryObject: BOOLEAN, AutoInheritFlags: ULONG, Token: HANDLE, GenericMapping: PGENERIC_MAPPING, ) -> NTSTATUS; fn RtlDeleteSecurityObject( ObjectDescriptor: *mut PSECURITY_DESCRIPTOR, ) -> NTSTATUS; fn RtlQuerySecurityObject( ObjectDescriptor: PSECURITY_DESCRIPTOR, SecurityInformation: SECURITY_INFORMATION, ResultantDescriptor: PSECURITY_DESCRIPTOR, DescriptorLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn RtlSetSecurityObject( SecurityInformation: SECURITY_INFORMATION, ModificationDescriptor: PSECURITY_DESCRIPTOR, ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, GenericMapping: PGENERIC_MAPPING, Token: HANDLE, ) -> NTSTATUS; fn RtlSetSecurityObjectEx( SecurityInformation: SECURITY_INFORMATION, ModificationDescriptor: PSECURITY_DESCRIPTOR, ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, AutoInheritFlags: ULONG, GenericMapping: PGENERIC_MAPPING, Token: HANDLE, ) -> NTSTATUS; fn RtlConvertToAutoInheritSecurityObject( ParentDescriptor: PSECURITY_DESCRIPTOR, CurrentSecurityDescriptor: PSECURITY_DESCRIPTOR, NewSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, ObjectType: *mut GUID, IsDirectoryObject: BOOLEAN, GenericMapping: PGENERIC_MAPPING, ) -> NTSTATUS; fn RtlNewInstanceSecurityObject( ParentDescriptorChanged: BOOLEAN, CreatorDescriptorChanged: BOOLEAN, OldClientTokenModifiedId: PLUID, NewClientTokenModifiedId: PLUID, ParentDescriptor: PSECURITY_DESCRIPTOR, CreatorDescriptor: PSECURITY_DESCRIPTOR, NewDescriptor: *mut PSECURITY_DESCRIPTOR, IsDirectoryObject: BOOLEAN, Token: HANDLE, GenericMapping: PGENERIC_MAPPING, ) -> NTSTATUS; fn RtlCopySecurityDescriptor( InputSecurityDescriptor: PSECURITY_DESCRIPTOR, OutputSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, ) -> NTSTATUS; fn RtlRunEncodeUnicodeString( Seed: PUCHAR, String: PUNICODE_STRING, ); fn RtlRunDecodeUnicodeString( Seed: UCHAR, String: PUNICODE_STRING, ); fn RtlImpersonateSelf( ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL, ) -> NTSTATUS; fn RtlImpersonateSelfEx( ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL, AdditionalAccess: ACCESS_MASK, ThreadToken: PHANDLE, ) -> NTSTATUS; fn RtlAdjustPrivilege( Privilege: ULONG, Enable: BOOLEAN, Client: BOOLEAN, WasEnabled: PBOOLEAN, ) -> NTSTATUS; }} pub const RTL_ACQUIRE_PRIVILEGE_REVERT: ULONG = 0x00000001; pub const RTL_ACQUIRE_PRIVILEGE_PROCESS: ULONG = 0x00000002; EXTERN!{extern "system" { fn RtlAcquirePrivilege( Privilege: PULONG, NumPriv: ULONG, Flags: ULONG, ReturnedState: *mut PVOID, ) -> NTSTATUS; fn RtlReleasePrivilege( StatePointer: PVOID, ); fn RtlRemovePrivileges( TokenHandle: HANDLE, PrivilegesToKeep: PULONG, PrivilegeCount: ULONG, ) -> NTSTATUS; fn RtlIsUntrustedObject( Handle: HANDLE, Object: PVOID, IsUntrustedObject: PBOOLEAN, ) -> NTSTATUS; fn RtlQueryValidationRunlevel( ComponentName: PUNICODE_STRING, ) -> ULONG; fn RtlCreateBoundaryDescriptor( Name: PUNICODE_STRING, Flags: ULONG, ) -> PVOID; fn RtlDeleteBoundaryDescriptor( BoundaryDescriptor: PVOID, ); fn RtlAddSIDToBoundaryDescriptor( BoundaryDescriptor: *mut PVOID, RequiredSid: PSID, ) -> NTSTATUS; fn RtlAddIntegrityLabelToBoundaryDescriptor( BoundaryDescriptor: *mut PVOID, IntegrityLabel: PSID, ) -> NTSTATUS; fn RtlGetVersion( lpVersionInformation: PRTL_OSVERSIONINFOW, ) -> NTSTATUS; fn RtlVerifyVersionInfo( VersionInfo: PRTL_OSVERSIONINFOEXW, TypeMask: ULONG, ConditionMask: ULONGLONG, ) -> NTSTATUS; fn RtlGetNtVersionNumbers( NtMajorVersion: PULONG, NtMinorVersion: PULONG, NtBuildNumber: PULONG, ); fn RtlGetNtGlobalFlags() -> ULONG; fn RtlGetNtProductType( NtProductType: PNT_PRODUCT_TYPE, ) -> BOOLEAN; fn RtlGetSuiteMask() -> ULONG; fn RtlRegisterWait( WaitHandle: PHANDLE, Handle: HANDLE, Function: WAITORTIMERCALLBACKFUNC, Context: PVOID, Milliseconds: ULONG, Flags: ULONG, ) -> NTSTATUS; fn RtlDeregisterWait( WaitHandle: HANDLE, ) -> NTSTATUS; fn RtlDeregisterWaitEx( WaitHandle: HANDLE, Event: HANDLE, ) -> NTSTATUS; fn RtlQueueWorkItem( Function: WORKERCALLBACKFUNC, Context: PVOID, Flags: ULONG, ) -> NTSTATUS; fn RtlSetIoCompletionCallback( FileHandle: HANDLE, CompletionProc: APC_CALLBACK_FUNCTION, Flags: ULONG, ) -> NTSTATUS; }} FN!{stdcall PRTL_START_POOL_THREAD( Function: PTHREAD_START_ROUTINE, Parameter: PVOID, ThreadHandle: PHANDLE, ) -> NTSTATUS} FN!{stdcall PRTL_EXIT_POOL_THREAD( ExitStatus: NTSTATUS, ) -> NTSTATUS} EXTERN!{extern "system" { fn RtlSetThreadPoolStartFunc( StartPoolThread: PRTL_START_POOL_THREAD, ExitPoolThread: PRTL_EXIT_POOL_THREAD, ) -> NTSTATUS; fn RtlUserThreadStart( Function: PTHREAD_START_ROUTINE, Parameter: PVOID, ); fn LdrInitializeThunk( ContextRecord: PCONTEXT, Parameter: PVOID, ); fn RtlCreateTimerQueue( TimerQueueHandle: PHANDLE, ) -> NTSTATUS; fn RtlCreateTimer( TimerQueueHandle: HANDLE, Handle: PHANDLE, Function: WAITORTIMERCALLBACKFUNC, Context: PVOID, DueTime: ULONG, Period: ULONG, Flags: ULONG, ) -> NTSTATUS; fn RtlUpdateTimer( TimerQueueHandle: HANDLE, TimerHandle: HANDLE, DueTime: ULONG, Period: ULONG, ) -> NTSTATUS; fn RtlDeleteTimer( TimerQueueHandle: HANDLE, TimerToCancel: HANDLE, Event: HANDLE, ) -> NTSTATUS; fn RtlDeleteTimerQueue( TimerQueueHandle: HANDLE, ) -> NTSTATUS; fn RtlDeleteTimerQueueEx( TimerQueueHandle: HANDLE, Event: HANDLE, ) -> NTSTATUS; fn RtlFormatCurrentUserKeyPath( CurrentUserKeyPath: PUNICODE_STRING, ) -> NTSTATUS; fn RtlOpenCurrentUser( DesiredAccess: ACCESS_MASK, CurrentUserKey: PHANDLE, ) -> NTSTATUS; }} pub const RTL_REGISTRY_ABSOLUTE: ULONG = 0; pub const RTL_REGISTRY_SERVICES: ULONG = 1; pub const RTL_REGISTRY_CONTROL: ULONG = 2; pub const RTL_REGISTRY_WINDOWS_NT: ULONG = 3; pub const RTL_REGISTRY_DEVICEMAP: ULONG = 4; pub const RTL_REGISTRY_USER: ULONG = 5; pub const RTL_REGISTRY_MAXIMUM: ULONG = 6; pub const RTL_REGISTRY_HANDLE: ULONG = 0x40000000; pub const RTL_REGISTRY_OPTIONAL: ULONG = 0x80000000; EXTERN!{extern "system" { fn RtlCreateRegistryKey( RelativeTo: ULONG, Path: PWSTR, ) -> NTSTATUS; fn RtlCheckRegistryKey( RelativeTo: ULONG, Path: PWSTR, ) -> NTSTATUS; }} FN!{stdcall PRTL_QUERY_REGISTRY_ROUTINE( ValueName: PWSTR, ValueType: ULONG, ValueData: PVOID, ValueLength: ULONG, Context: PVOID, EntryContext: PVOID, ) -> NTSTATUS} STRUCT!{struct RTL_QUERY_REGISTRY_TABLE { QueryRoutine: PRTL_QUERY_REGISTRY_ROUTINE, Flags: ULONG, Name: PWSTR, EntryContext: PVOID, DefaultType: ULONG, DefaultData: PVOID, DefaultLength: ULONG, }} pub type PRTL_QUERY_REGISTRY_TABLE = *mut RTL_QUERY_REGISTRY_TABLE; pub const RTL_QUERY_REGISTRY_SUBKEY: ULONG = 0x00000001; pub const RTL_QUERY_REGISTRY_TOPKEY: ULONG = 0x00000002; pub const RTL_QUERY_REGISTRY_REQUIRED: ULONG = 0x00000004; pub const RTL_QUERY_REGISTRY_NOVALUE: ULONG = 0x00000008; pub const RTL_QUERY_REGISTRY_NOEXPAND: ULONG = 0x00000010; pub const RTL_QUERY_REGISTRY_DIRECT: ULONG = 0x00000020; pub const RTL_QUERY_REGISTRY_DELETE: ULONG = 0x00000040; EXTERN!{extern "system" { fn RtlQueryRegistryValues( RelativeTo: ULONG, Path: PCWSTR, QueryTable: PRTL_QUERY_REGISTRY_TABLE, Context: PVOID, Environment: PVOID, ) -> NTSTATUS; fn RtlQueryRegistryValuesEx( RelativeTo: ULONG, Path: PWSTR, QueryTable: PRTL_QUERY_REGISTRY_TABLE, Context: PVOID, Environment: PVOID, ) -> NTSTATUS; fn RtlWriteRegistryValue( RelativeTo: ULONG, Path: PCWSTR, ValueName: PCWSTR, ValueType: ULONG, ValueData: PVOID, ValueLength: ULONG, ) -> NTSTATUS; fn RtlDeleteRegistryValue( RelativeTo: ULONG, Path: PCWSTR, ValueName: PCWSTR, ) -> NTSTATUS; fn RtlEnableThreadProfiling( ThreadHandle: HANDLE, Flags: ULONG, HardwareCounters: ULONG64, PerformanceDataHandle: *mut PVOID, ) -> NTSTATUS; fn RtlDisableThreadProfiling( PerformanceDataHandle: PVOID, ) -> NTSTATUS; fn RtlQueryThreadProfiling( ThreadHandle: HANDLE, Enabled: PBOOLEAN, ) -> NTSTATUS; fn RtlReadThreadProfilingData( PerformanceDataHandle: HANDLE, Flags: ULONG, PerformanceData: PPERFORMANCE_DATA, ) -> NTSTATUS; fn RtlGetNativeSystemInformation( SystemInformationClass: ULONG, NativeSystemInformation: PVOID, InformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn RtlQueueApcWow64Thread( ThreadHandle: HANDLE, ApcRoutine: PPS_APC_ROUTINE, ApcArgument1: PVOID, ApcArgument2: PVOID, ApcArgument3: PVOID, ) -> NTSTATUS; fn RtlWow64EnableFsRedirection( Wow64FsEnableRedirection: BOOLEAN, ) -> NTSTATUS; fn RtlWow64EnableFsRedirectionEx( Wow64FsEnableRedirection: PVOID, OldFsRedirectionLevel: *mut PVOID, ) -> NTSTATUS; fn RtlComputeCrc32( PartialCrc: ULONG32, Buffer: PVOID, Length: ULONG, ) -> ULONG32; fn RtlEncodePointer( Ptr: PVOID, ) -> PVOID; fn RtlDecodePointer( Ptr: PVOID, ) -> PVOID; fn RtlEncodeSystemPointer( Ptr: PVOID, ) -> PVOID; fn RtlDecodeSystemPointer( Ptr: PVOID, ) -> PVOID; fn RtlEncodeRemotePointer( ProcessHandle: HANDLE, Pointer: PVOID, EncodedPointer: *mut PVOID, ) -> NTSTATUS; fn RtlDecodeRemotePointer( ProcessHandle: HANDLE, Pointer: PVOID, DecodedPointer: *mut PVOID, ) -> NTSTATUS; fn RtlIsProcessorFeaturePresent( ProcessorFeature: ULONG, ) -> BOOLEAN; fn RtlGetCurrentProcessorNumber() -> ULONG; fn RtlGetCurrentProcessorNumberEx( ProcessorNumber: PPROCESSOR_NUMBER, ); fn RtlPushFrame( Frame: PTEB_ACTIVE_FRAME, ); fn RtlPopFrame( Frame: PTEB_ACTIVE_FRAME, ); fn RtlGetFrame() -> PTEB_ACTIVE_FRAME; }} pub const RTL_WALK_USER_MODE_STACK: ULONG = 0x00000001; pub const RTL_WALK_VALID_FLAGS: ULONG = 0x00000001; pub const RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT: ULONG = 0x00000008; EXTERN!{extern "system" { fn RtlWalkFrameChain( Callers: *mut PVOID, Count: ULONG, Flags: ULONG, ) -> ULONG; fn RtlGetCallersAddress( CallersAddress: *mut PVOID, CallersCaller: *mut PVOID, ); fn RtlGetEnabledExtendedFeatures( FeatureMask: ULONG64, ) -> ULONG64; fn RtlGetEnabledExtendedAndSupervisorFeatures( FeatureMask: ULONG64, ) -> ULONG64; fn RtlLocateSupervisorFeature( XStateHeader: PXSAVE_AREA_HEADER, FeatureId: ULONG, Length: PULONG, ) -> PVOID; }} STRUCT!{struct RTL_ELEVATION_FLAGS { Flags: ULONG, }} BITFIELD!{RTL_ELEVATION_FLAGS Flags: ULONG [ ElevationEnabled set_ElevationEnabled[0..1], VirtualizationEnabled set_VirtualizationEnabled[1..2], InstallerDetectEnabled set_InstallerDetectEnabled[2..3], ReservedBits set_ReservedBits[3..32], ]} pub type PRTL_ELEVATION_FLAGS = *mut RTL_ELEVATION_FLAGS; EXTERN!{extern "system" { fn RtlQueryElevationFlags( Flags: PRTL_ELEVATION_FLAGS, ) -> NTSTATUS; fn RtlRegisterThreadWithCsrss() -> NTSTATUS; fn RtlLockCurrentThread() -> NTSTATUS; fn RtlUnlockCurrentThread() -> NTSTATUS; fn RtlLockModuleSection( Address: PVOID, ) -> NTSTATUS; fn RtlUnlockModuleSection( Address: PVOID, ) -> NTSTATUS; }} pub const RTL_UNLOAD_EVENT_TRACE_NUMBER: u32 = 64; STRUCT!{struct RTL_UNLOAD_EVENT_TRACE { BaseAddress: PVOID, SizeOfImage: SIZE_T, Sequence: ULONG, TimeDateStamp: ULONG, CheckSum: ULONG, ImageName: [WCHAR; 32], Version: [ULONG; 2], }} pub type PRTL_UNLOAD_EVENT_TRACE = *mut RTL_UNLOAD_EVENT_TRACE; STRUCT!{struct RTL_UNLOAD_EVENT_TRACE32 { BaseAddress: ULONG, SizeOfImage: ULONG, Sequence: ULONG, TimeDateStamp: ULONG, CheckSum: ULONG, ImageName: [WCHAR; 32], Version: [ULONG; 2], }} pub type PRTL_UNLOAD_EVENT_TRACE32 = *mut RTL_UNLOAD_EVENT_TRACE32; EXTERN!{extern "system" { fn RtlGetUnloadEventTrace() -> PRTL_UNLOAD_EVENT_TRACE; fn RtlGetUnloadEventTraceEx( ElementSize: *mut PULONG, ElementCount: *mut PULONG, EventTrace: *mut PVOID, ); fn RtlQueryPerformanceCounter( PerformanceCounter: PLARGE_INTEGER, ) -> LOGICAL; fn RtlQueryPerformanceFrequency( PerformanceFrequency: PLARGE_INTEGER, ) -> LOGICAL; }} ENUM!{enum IMAGE_MITIGATION_POLICY { ImageDepPolicy = 0, ImageAslrPolicy = 1, ImageDynamicCodePolicy = 2, ImageStrictHandleCheckPolicy = 3, ImageSystemCallDisablePolicy = 4, ImageMitigationOptionsMask = 5, ImageExtensionPointDisablePolicy = 6, ImageControlFlowGuardPolicy = 7, ImageSignaturePolicy = 8, ImageFontDisablePolicy = 9, ImageImageLoadPolicy = 10, ImagePayloadRestrictionPolicy = 11, ImageChildProcessPolicy = 12, ImageSehopPolicy = 13, ImageHeapPolicy = 14, MaxImageMitigationPolicy = 15, }} UNION!{union RTL_IMAGE_MITIGATION_POLICY { Bitfields1: ULONG64, Bitfields2: ULONG64, }} BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields1: ULONG64 [ AuditState set_AuditState[0..2], AuditFlag set_AuditFlag[2..3], EnableAdditionalAuditingOption set_EnableAdditionalAuditingOption[3..4], Reserved set_Reserved[4..64], ]} BITFIELD!{unsafe RTL_IMAGE_MITIGATION_POLICY Bitfields2: ULONG64 [ PolicyState set_PolicyState[0..2], AlwaysInherit set_AlwaysInherit[2..3], EnableAdditionalPolicyOption set_EnableAdditionalPolicyOption[3..4], AuditReserved set_AuditReserved[4..64], ]} pub type PRTL_IMAGE_MITIGATION_POLICY = *mut RTL_IMAGE_MITIGATION_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_DEP_POLICY { Dep: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_DEP_POLICY = *mut RTL_IMAGE_MITIGATION_DEP_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_ASLR_POLICY { ForceRelocateImages: RTL_IMAGE_MITIGATION_POLICY, BottomUpRandomization: RTL_IMAGE_MITIGATION_POLICY, HighEntropyRandomization: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_ASLR_POLICY = *mut RTL_IMAGE_MITIGATION_ASLR_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY { BlockDynamicCode: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY = *mut RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY { StrictHandleChecks: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY = *mut RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { BlockWin32kSystemCalls: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY = *mut RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { DisableExtensionPoints: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY = *mut RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY { ControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY, StrictControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY = *mut RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY { BlockNonMicrosoftSignedBinaries: RTL_IMAGE_MITIGATION_POLICY, EnforceSigningOnModuleDependencies: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY = *mut RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY { DisableNonSystemFonts: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY = *mut RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY { BlockRemoteImageLoads: RTL_IMAGE_MITIGATION_POLICY, BlockLowLabelImageLoads: RTL_IMAGE_MITIGATION_POLICY, PreferSystem32: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY = *mut RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY { EnableExportAddressFilter: RTL_IMAGE_MITIGATION_POLICY, EnableExportAddressFilterPlus: RTL_IMAGE_MITIGATION_POLICY, EnableImportAddressFilter: RTL_IMAGE_MITIGATION_POLICY, EnableRopStackPivot: RTL_IMAGE_MITIGATION_POLICY, EnableRopCallerCheck: RTL_IMAGE_MITIGATION_POLICY, EnableRopSimExec: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY = *mut RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY { DisallowChildProcessCreation: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY = *mut RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_SEHOP_POLICY { Sehop: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_SEHOP_POLICY = *mut RTL_IMAGE_MITIGATION_SEHOP_POLICY; STRUCT!{struct RTL_IMAGE_MITIGATION_HEAP_POLICY { TerminateOnHeapErrors: RTL_IMAGE_MITIGATION_POLICY, }} pub type PRTL_IMAGE_MITIGATION_HEAP_POLICY = *mut RTL_IMAGE_MITIGATION_HEAP_POLICY; ENUM!{enum RTL_IMAGE_MITIGATION_OPTION_STATE { RtlMitigationOptionStateNotConfigured = 0, RtlMitigationOptionStateOn = 1, RtlMitigationOptionStateOff = 2, }} pub const RTL_IMAGE_MITIGATION_FLAG_RESET: ULONG = 0x1; pub const RTL_IMAGE_MITIGATION_FLAG_REMOVE: ULONG = 0x2; pub const RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT: ULONG = 0x4; pub const RTL_IMAGE_MITIGATION_FLAG_AUDIT: ULONG = 0x8; EXTERN!{extern "system" { fn RtlQueryImageMitigationPolicy( ImagePath: PWSTR, Policy: IMAGE_MITIGATION_POLICY, Flags: ULONG, Buffer: PVOID, BufferSize: ULONG, ) -> NTSTATUS; fn RtlSetImageMitigationPolicy( ImagePath: PWSTR, Policy: IMAGE_MITIGATION_POLICY, Flags: ULONG, Buffer: PVOID, BufferSize: ULONG, ) -> NTSTATUS; fn RtlGetCurrentServiceSessionId() -> ULONG; fn RtlGetActiveConsoleId() -> ULONG; fn RtlGetConsoleSessionForegroundProcessId() -> ULONGLONG; fn RtlGetTokenNamedObjectPath( Token: HANDLE, Sid: PSID, ObjectPath: PUNICODE_STRING, ) -> NTSTATUS; fn RtlGetAppContainerNamedObjectPath( Token: HANDLE, AppContainerSid: PSID, RelativePath: BOOLEAN, ObjectPath: PUNICODE_STRING, ) -> NTSTATUS; fn RtlGetAppContainerParent( AppContainerSid: PSID, AppContainerSidParent: *mut PSID, ) -> NTSTATUS; fn RtlCheckSandboxedToken( TokenHandle: HANDLE, IsSandboxed: PBOOLEAN, ) -> NTSTATUS; fn RtlCheckTokenCapability( TokenHandle: HANDLE, CapabilitySidToCheck: PSID, HasCapability: PBOOLEAN, ) -> NTSTATUS; fn RtlCapabilityCheck( TokenHandle: HANDLE, CapabilityName: PUNICODE_STRING, HasCapability: PBOOLEAN, ) -> NTSTATUS; fn RtlCheckTokenMembership( TokenHandle: HANDLE, SidToCheck: PSID, IsMember: PBOOLEAN, ) -> NTSTATUS; fn RtlCheckTokenMembershipEx( TokenHandle: HANDLE, SidToCheck: PSID, Flags: ULONG, IsMember: PBOOLEAN, ) -> NTSTATUS; fn RtlIsParentOfChildAppContainer( ParentAppContainerSid: PSID, ChildAppContainerSid: PSID, ) -> NTSTATUS; fn RtlIsCapabilitySid( Sid: PSID, ) -> BOOLEAN; fn RtlIsPackageSid( Sid: PSID, ) -> BOOLEAN; fn RtlIsValidProcessTrustLabelSid( Sid: PSID, ) -> BOOLEAN; fn RtlIsStateSeparationEnabled() -> BOOLEAN; }} ENUM!{enum APPCONTAINER_SID_TYPE { NotAppContainerSidType = 0, ChildAppContainerSidType = 1, ParentAppContainerSidType = 2, InvalidAppContainerSidType = 3, MaxAppContainerSidType = 4, }} pub type PAPPCONTAINER_SID_TYPE = *mut APPCONTAINER_SID_TYPE; EXTERN!{extern "system" { fn RtlGetAppContainerSidType( AppContainerSid: PSID, AppContainerSidType: PAPPCONTAINER_SID_TYPE, ) -> NTSTATUS; fn RtlFlsAlloc( Callback: PFLS_CALLBACK_FUNCTION, FlsIndex: PULONG, ) -> NTSTATUS; fn RtlFlsFree( FlsIndex: ULONG, ) -> NTSTATUS; }} ENUM!{enum STATE_LOCATION_TYPE { LocationTypeRegistry = 0, LocationTypeFileSystem = 1, LocationTypeMaximum = 2, }} EXTERN!{extern "system" { fn RtlGetPersistedStateLocation( SourceID: PCWSTR, CustomValue: PCWSTR, DefaultPath: PCWSTR, StateLocationType: STATE_LOCATION_TYPE, TargetPath: PWCHAR, BufferLengthIn: ULONG, BufferLengthOut: PULONG, ) -> NTSTATUS; fn RtlIsCloudFilesPlaceholder( FileAttributes: ULONG, ReparseTag: ULONG, ) -> BOOLEAN; fn RtlIsPartialPlaceholder( FileAttributes: ULONG, ReparseTag: ULONG, ) -> BOOLEAN; fn RtlIsPartialPlaceholderFileHandle( FileHandle: HANDLE, IsPartialPlaceholder: PBOOLEAN, ) -> NTSTATUS; fn RtlIsPartialPlaceholderFileInfo( InfoBuffer: *const c_void, InfoClass: FILE_INFORMATION_CLASS, IsPartialPlaceholder: PBOOLEAN, ) -> NTSTATUS; fn RtlIsNonEmptyDirectoryReparsePointAllowed( ReparseTag: ULONG, ) -> BOOLEAN; fn RtlAppxIsFileOwnedByTrustedInstaller( FileHandle: HANDLE, IsFileOwnedByTrustedInstaller: PBOOLEAN, ) -> NTSTATUS; }} STRUCT!{struct PS_PKG_CLAIM { Flags: ULONGLONG, Origin: ULONGLONG, }} pub type PPS_PKG_CLAIM = *mut PS_PKG_CLAIM; EXTERN!{extern "system" { fn RtlQueryPackageClaims( TokenHandle: HANDLE, PackageFullName: PWSTR, PackageSize: PSIZE_T, AppId: PWSTR, AppIdSize: PSIZE_T, DynamicId: *mut GUID, PkgClaim: PPS_PKG_CLAIM, AttributesPresent: PULONG64, ) -> NTSTATUS; fn RtlQueryProtectedPolicy( PolicyGuid: *mut GUID, PolicyValue: PULONG_PTR, ) -> NTSTATUS; fn RtlSetProtectedPolicy( PolicyGuid: *mut GUID, PolicyValue: ULONG_PTR, OldPolicyValue: PULONG_PTR, ) -> NTSTATUS; fn RtlIsMultiSessionSku() -> BOOLEAN; fn RtlIsMultiUsersInSessionSku() -> BOOLEAN; }} ENUM!{enum RTL_BSD_ITEM_TYPE { RtlBsdItemVersionNumber = 0, RtlBsdItemProductType = 1, RtlBsdItemAabEnabled = 2, RtlBsdItemAabTimeout = 3, RtlBsdItemBootGood = 4, RtlBsdItemBootShutdown = 5, RtlBsdSleepInProgress = 6, RtlBsdPowerTransition = 7, RtlBsdItemBootAttemptCount = 8, RtlBsdItemBootCheckpoint = 9, RtlBsdItemBootId = 10, RtlBsdItemShutdownBootId = 11, RtlBsdItemReportedAbnormalShutdownBootId = 12, RtlBsdItemErrorInfo = 13, RtlBsdItemPowerButtonPressInfo = 14, RtlBsdItemChecksum = 15, RtlBsdItemMax = 16, }} STRUCT!{struct RTL_BSD_ITEM { Type: RTL_BSD_ITEM_TYPE, DataBuffer: PVOID, DataLength: ULONG, }} pub type PRTL_BSD_ITEM = *mut RTL_BSD_ITEM; EXTERN!{extern "system" { fn RtlCreateBootStatusDataFile() -> NTSTATUS; fn RtlLockBootStatusData( FileHandle: PHANDLE, ) -> NTSTATUS; fn RtlUnlockBootStatusData( FileHandle: HANDLE, ) -> NTSTATUS; fn RtlGetSetBootStatusData( FileHandle: HANDLE, Read: BOOLEAN, DataClass: RTL_BSD_ITEM_TYPE, Buffer: PVOID, BufferSize: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn RtlCheckBootStatusIntegrity( FileHandle: HANDLE, Verified: PBOOLEAN, ) -> NTSTATUS; fn RtlCheckPortableOperatingSystem( IsPortable: PBOOLEAN, ) -> NTSTATUS; fn RtlSetPortableOperatingSystem( IsPortable: BOOLEAN, ) -> NTSTATUS; }} EXTERN!{extern "system" { fn RtlOsDeploymentState( Flags: DWORD, ) -> OS_DEPLOYEMENT_STATE_VALUES; fn RtlFindClosestEncodableLength( SourceLength: ULONGLONG, TargetLength: PULONGLONG, ) -> NTSTATUS; }} FN!{stdcall PRTL_SECURE_MEMORY_CACHE_CALLBACK( Address: PVOID, Length: SIZE_T, ) -> NTSTATUS} EXTERN!{extern "system" { fn RtlRegisterSecureMemoryCacheCallback( Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK, ) -> NTSTATUS; fn RtlDeregisterSecureMemoryCacheCallback( Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK, ) -> NTSTATUS; fn RtlFlushSecureMemoryCache( MemoryCache: PVOID, MemoryLength: SIZE_T, ) -> BOOLEAN; }} ntapi-0.4.0/src/ntsam.rs000064400000000000000000001213050072674642500132510ustar 00000000000000use crate::string::UTF8Const; use winapi::shared::basetsd::ULONG64; use winapi::shared::minwindef::DWORD; use winapi::shared::ntdef::{ BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, OEM_STRING, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, PWSTR, ULONG, UNICODE_STRING, USHORT, }; use winapi::um::ntsecapi::PDOMAIN_PASSWORD_INFORMATION; use winapi::um::subauth::LOGON_HOURS; use winapi::um::winnt::{ ACCESS_MASK, PSECURITY_DESCRIPTOR, PSID, PSID_NAME_USE, SECURITY_INFORMATION, SID_NAME_USE, STANDARD_RIGHTS_EXECUTE, STANDARD_RIGHTS_READ, STANDARD_RIGHTS_REQUIRED, STANDARD_RIGHTS_WRITE, }; pub const SAM_MAXIMUM_LOOKUP_COUNT: u32 = 1000; pub const SAM_MAXIMUM_LOOKUP_LENGTH: u32 = 32000; pub const SAM_MAX_PASSWORD_LENGTH: u32 = 256; pub const SAM_PASSWORD_ENCRYPTION_SALT_LEN: u32 = 16; pub type PSAM_HANDLE = *mut PVOID; pub type SAM_HANDLE = PVOID; pub type SAM_ENUMERATE_HANDLE = ULONG; pub type PSAM_ENUMERATE_HANDLE = *mut ULONG; STRUCT!{struct SAM_RID_ENUMERATION { RelativeId: ULONG, Name: UNICODE_STRING, }} pub type PSAM_RID_ENUMERATION = *mut SAM_RID_ENUMERATION; STRUCT!{struct SAM_SID_ENUMERATION { Sid: PSID, Name: UNICODE_STRING, }} pub type PSAM_SID_ENUMERATION = *mut SAM_SID_ENUMERATION; STRUCT!{struct SAM_BYTE_ARRAY { Size: ULONG, Data: PUCHAR, }} pub type PSAM_BYTE_ARRAY = *mut SAM_BYTE_ARRAY; STRUCT!{struct SAM_BYTE_ARRAY_32K { Size: ULONG, Data: PUCHAR, }} pub type PSAM_BYTE_ARRAY_32K = *mut SAM_BYTE_ARRAY_32K; pub type PSAM_SHELL_OBJECT_PROPERTIES = *mut SAM_BYTE_ARRAY_32K; pub type SAM_SHELL_OBJECT_PROPERTIES = SAM_BYTE_ARRAY_32K; EXTERN!{extern "system" { fn SamFreeMemory( Buffer: PVOID, ) -> NTSTATUS; fn SamCloseHandle( SamHandle: SAM_HANDLE, ) -> NTSTATUS; fn SamSetSecurityObject( ObjectHandle: SAM_HANDLE, SecurityInformation: SECURITY_INFORMATION, SecurityDescriptor: PSECURITY_DESCRIPTOR, ) -> NTSTATUS; fn SamQuerySecurityObject( ObjectHandle: SAM_HANDLE, SecurityInformation: SECURITY_INFORMATION, SecurityDescriptor: *mut PSECURITY_DESCRIPTOR, ) -> NTSTATUS; fn SamRidToSid( ObjectHandle: SAM_HANDLE, Rid: ULONG, Sid: *mut PSID, ) -> NTSTATUS; }} pub const SAM_SERVER_CONNECT: ACCESS_MASK = 0x0001; pub const SAM_SERVER_SHUTDOWN: ACCESS_MASK = 0x0002; pub const SAM_SERVER_INITIALIZE: ACCESS_MASK = 0x0004; pub const SAM_SERVER_CREATE_DOMAIN: ACCESS_MASK = 0x0008; pub const SAM_SERVER_ENUMERATE_DOMAINS: ACCESS_MASK = 0x0010; pub const SAM_SERVER_LOOKUP_DOMAIN: ACCESS_MASK = 0x0020; pub const SAM_SERVER_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SAM_SERVER_CONNECT | SAM_SERVER_INITIALIZE | SAM_SERVER_CREATE_DOMAIN | SAM_SERVER_SHUTDOWN | SAM_SERVER_ENUMERATE_DOMAINS | SAM_SERVER_LOOKUP_DOMAIN; pub const SAM_SERVER_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | SAM_SERVER_ENUMERATE_DOMAINS; pub const SAM_SERVER_WRITE: ACCESS_MASK = STANDARD_RIGHTS_WRITE | SAM_SERVER_INITIALIZE | SAM_SERVER_CREATE_DOMAIN | SAM_SERVER_SHUTDOWN; pub const SAM_SERVER_EXECUTE: ACCESS_MASK = STANDARD_RIGHTS_EXECUTE | SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN; EXTERN!{extern "system" { fn SamConnect( ServerName: PUNICODE_STRING, ServerHandle: PSAM_HANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn SamShutdownSamServer( ServerHandle: SAM_HANDLE, ) -> NTSTATUS; }} pub const DOMAIN_READ_PASSWORD_PARAMETERS: u32 = 0x0001; pub const DOMAIN_WRITE_PASSWORD_PARAMS: u32 = 0x0002; pub const DOMAIN_READ_OTHER_PARAMETERS: u32 = 0x0004; pub const DOMAIN_WRITE_OTHER_PARAMETERS: u32 = 0x0008; pub const DOMAIN_CREATE_USER: u32 = 0x0010; pub const DOMAIN_CREATE_GROUP: u32 = 0x0020; pub const DOMAIN_CREATE_ALIAS: u32 = 0x0040; pub const DOMAIN_GET_ALIAS_MEMBERSHIP: u32 = 0x0080; pub const DOMAIN_LIST_ACCOUNTS: u32 = 0x0100; pub const DOMAIN_LOOKUP: u32 = 0x0200; pub const DOMAIN_ADMINISTER_SERVER: u32 = 0x0400; pub const DOMAIN_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | DOMAIN_READ_OTHER_PARAMETERS | DOMAIN_WRITE_OTHER_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS | DOMAIN_CREATE_USER | DOMAIN_CREATE_GROUP | DOMAIN_CREATE_ALIAS | DOMAIN_GET_ALIAS_MEMBERSHIP | DOMAIN_LIST_ACCOUNTS | DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_LOOKUP | DOMAIN_ADMINISTER_SERVER; pub const DOMAIN_READ: u32 = STANDARD_RIGHTS_READ | DOMAIN_GET_ALIAS_MEMBERSHIP | DOMAIN_READ_OTHER_PARAMETERS; pub const DOMAIN_WRITE: u32 = STANDARD_RIGHTS_WRITE | DOMAIN_WRITE_OTHER_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS | DOMAIN_CREATE_USER | DOMAIN_CREATE_GROUP | DOMAIN_CREATE_ALIAS | DOMAIN_ADMINISTER_SERVER; pub const DOMAIN_EXECUTE: u32 = STANDARD_RIGHTS_EXECUTE | DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_LIST_ACCOUNTS | DOMAIN_LOOKUP; ENUM!{enum DOMAIN_INFORMATION_CLASS { DomainPasswordInformation = 1, DomainGeneralInformation = 2, DomainLogoffInformation = 3, DomainOemInformation = 4, DomainNameInformation = 5, DomainReplicationInformation = 6, DomainServerRoleInformation = 7, DomainModifiedInformation = 8, DomainStateInformation = 9, DomainUasInformation = 10, DomainGeneralInformation2 = 11, DomainLockoutInformation = 12, DomainModifiedInformation2 = 13, }} ENUM!{enum DOMAIN_SERVER_ENABLE_STATE { DomainServerEnabled = 1, DomainServerDisabled = 2, }} pub type PDOMAIN_SERVER_ENABLE_STATE = *mut DOMAIN_SERVER_ENABLE_STATE; ENUM!{enum DOMAIN_SERVER_ROLE { DomainServerRoleBackup = 2, DomainServerRolePrimary = 3, }} pub type PDOMAIN_SERVER_ROLE = *mut DOMAIN_SERVER_ROLE; STRUCT!{#[repr(packed(4))] struct DOMAIN_GENERAL_INFORMATION { ForceLogoff: LARGE_INTEGER, OemInformation: UNICODE_STRING, DomainName: UNICODE_STRING, ReplicaSourceNodeName: UNICODE_STRING, DomainModifiedCount: LARGE_INTEGER, DomainServerState: DOMAIN_SERVER_ENABLE_STATE, DomainServerRole: DOMAIN_SERVER_ROLE, UasCompatibilityRequired: BOOLEAN, UserCount: ULONG, GroupCount: ULONG, AliasCount: ULONG, }} pub type PDOMAIN_GENERAL_INFORMATION = *mut DOMAIN_GENERAL_INFORMATION; STRUCT!{#[repr(packed(4))] struct DOMAIN_GENERAL_INFORMATION2 { I1: DOMAIN_GENERAL_INFORMATION, LockoutDuration: LARGE_INTEGER, LockoutObservationWindow: LARGE_INTEGER, LockoutThreshold: USHORT, }} pub type PDOMAIN_GENERAL_INFORMATION2 = *mut DOMAIN_GENERAL_INFORMATION2; STRUCT!{struct DOMAIN_UAS_INFORMATION { UasCompatibilityRequired: BOOLEAN, }} ENUM!{enum DOMAIN_PASSWORD_CONSTRUCTION { DomainPasswordSimple = 1, DomainPasswordComplex = 2, }} STRUCT!{struct DOMAIN_LOGOFF_INFORMATION { ForceLogoff: LARGE_INTEGER, }} pub type PDOMAIN_LOGOFF_INFORMATION = *mut DOMAIN_LOGOFF_INFORMATION; STRUCT!{struct DOMAIN_OEM_INFORMATION { OemInformation: UNICODE_STRING, }} pub type PDOMAIN_OEM_INFORMATION = *mut DOMAIN_OEM_INFORMATION; STRUCT!{struct DOMAIN_NAME_INFORMATION { DomainName: UNICODE_STRING, }} pub type PDOMAIN_NAME_INFORMATION = *mut DOMAIN_NAME_INFORMATION; STRUCT!{struct DOMAIN_SERVER_ROLE_INFORMATION { DomainServerRole: DOMAIN_SERVER_ROLE, }} pub type PDOMAIN_SERVER_ROLE_INFORMATION = *mut DOMAIN_SERVER_ROLE_INFORMATION; STRUCT!{struct DOMAIN_REPLICATION_INFORMATION { ReplicaSourceNodeName: UNICODE_STRING, }} pub type PDOMAIN_REPLICATION_INFORMATION = *mut DOMAIN_REPLICATION_INFORMATION; STRUCT!{struct DOMAIN_MODIFIED_INFORMATION { DomainModifiedCount: LARGE_INTEGER, CreationTime: LARGE_INTEGER, }} pub type PDOMAIN_MODIFIED_INFORMATION = *mut DOMAIN_MODIFIED_INFORMATION; STRUCT!{struct DOMAIN_MODIFIED_INFORMATION2 { DomainModifiedCount: LARGE_INTEGER, CreationTime: LARGE_INTEGER, ModifiedCountAtLastPromotion: LARGE_INTEGER, }} pub type PDOMAIN_MODIFIED_INFORMATION2 = *mut DOMAIN_MODIFIED_INFORMATION2; STRUCT!{struct DOMAIN_STATE_INFORMATION { DomainServerState: DOMAIN_SERVER_ENABLE_STATE, }} pub type PDOMAIN_STATE_INFORMATION = *mut DOMAIN_STATE_INFORMATION; STRUCT!{struct DOMAIN_LOCKOUT_INFORMATION { LockoutDuration: LARGE_INTEGER, LockoutObservationWindow: LARGE_INTEGER, LockoutThreshold: USHORT, }} pub type PDOMAIN_LOCKOUT_INFORMATION = *mut DOMAIN_LOCKOUT_INFORMATION; ENUM!{enum DOMAIN_DISPLAY_INFORMATION { DomainDisplayUser = 1, DomainDisplayMachine = 2, DomainDisplayGroup = 3, DomainDisplayOemUser = 4, DomainDisplayOemGroup = 5, DomainDisplayServer = 6, }} pub type PDOMAIN_DISPLAY_INFORMATION = *mut DOMAIN_DISPLAY_INFORMATION; STRUCT!{struct DOMAIN_DISPLAY_USER { Index: ULONG, Rid: ULONG, AccountControl: ULONG, LogonName: UNICODE_STRING, AdminComment: UNICODE_STRING, FullName: UNICODE_STRING, }} pub type PDOMAIN_DISPLAY_USER = *mut DOMAIN_DISPLAY_USER; STRUCT!{struct DOMAIN_DISPLAY_MACHINE { Index: ULONG, Rid: ULONG, AccountControl: ULONG, Machine: UNICODE_STRING, Comment: UNICODE_STRING, }} pub type PDOMAIN_DISPLAY_MACHINE = *mut DOMAIN_DISPLAY_MACHINE; STRUCT!{struct DOMAIN_DISPLAY_GROUP { Index: ULONG, Rid: ULONG, Attributes: ULONG, Group: UNICODE_STRING, Comment: UNICODE_STRING, }} pub type PDOMAIN_DISPLAY_GROUP = *mut DOMAIN_DISPLAY_GROUP; STRUCT!{struct DOMAIN_DISPLAY_OEM_USER { Index: ULONG, User: OEM_STRING, }} pub type PDOMAIN_DISPLAY_OEM_USER = *mut DOMAIN_DISPLAY_OEM_USER; STRUCT!{struct DOMAIN_DISPLAY_OEM_GROUP { Index: ULONG, Group: OEM_STRING, }} pub type PDOMAIN_DISPLAY_OEM_GROUP = *mut DOMAIN_DISPLAY_OEM_GROUP; ENUM!{enum DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION { DomainLocalizableAccountsBasic = 1, }} pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION = *mut DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION; STRUCT!{struct DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY { Rid: ULONG, Use: SID_NAME_USE, Name: UNICODE_STRING, AdminComment: UNICODE_STRING, }} pub type PDOMAIN_LOCALIZABLE_ACCOUNT_ENTRY = *mut DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY; STRUCT!{struct DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC { Count: ULONG, Entries: *mut DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY, }} pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_BASIC = *mut DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC; UNION!{union DOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER { Basic: DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC, }} pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER = *mut DOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER; EXTERN!{extern "system" { fn SamLookupDomainInSamServer( ServerHandle: SAM_HANDLE, Name: PUNICODE_STRING, DomainId: *mut PSID, ) -> NTSTATUS; fn SamEnumerateDomainsInSamServer( ServerHandle: SAM_HANDLE, EnumerationContext: PSAM_ENUMERATE_HANDLE, Buffer: *mut PVOID, PreferedMaximumLength: ULONG, CountReturned: PULONG, ) -> NTSTATUS; fn SamOpenDomain( ServerHandle: SAM_HANDLE, DesiredAccess: ACCESS_MASK, DomainId: PSID, DomainHandle: PSAM_HANDLE, ) -> NTSTATUS; fn SamQueryInformationDomain( DomainHandle: SAM_HANDLE, DomainInformationClass: DOMAIN_INFORMATION_CLASS, Buffer: *mut PVOID, ) -> NTSTATUS; fn SamSetInformationDomain( DomainHandle: SAM_HANDLE, DomainInformationClass: DOMAIN_INFORMATION_CLASS, DomainInformation: PVOID, ) -> NTSTATUS; fn SamLookupNamesInDomain( DomainHandle: SAM_HANDLE, Count: ULONG, Names: PUNICODE_STRING, RelativeIds: *mut PULONG, Use: *mut PSID_NAME_USE, ) -> NTSTATUS; fn SamLookupIdsInDomain( DomainHandle: SAM_HANDLE, Count: ULONG, RelativeIds: PULONG, Names: *mut PUNICODE_STRING, Use: *mut PSID_NAME_USE, ) -> NTSTATUS; fn SamRemoveMemberFromForeignDomain( DomainHandle: SAM_HANDLE, MemberId: PSID, ) -> NTSTATUS; fn SamQueryLocalizableAccountsInDomain( Domain: SAM_HANDLE, Flags: ULONG, LanguageId: ULONG, Class: DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION, Buffer: *mut PVOID, ) -> NTSTATUS; }} pub const GROUP_READ_INFORMATION: ACCESS_MASK = 0x0001; pub const GROUP_WRITE_ACCOUNT: ACCESS_MASK = 0x0002; pub const GROUP_ADD_MEMBER: ACCESS_MASK = 0x0004; pub const GROUP_REMOVE_MEMBER: ACCESS_MASK = 0x0008; pub const GROUP_LIST_MEMBERS: ACCESS_MASK = 0x0010; pub const GROUP_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | GROUP_LIST_MEMBERS | GROUP_WRITE_ACCOUNT | GROUP_ADD_MEMBER | GROUP_REMOVE_MEMBER | GROUP_READ_INFORMATION; pub const GROUP_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | GROUP_LIST_MEMBERS; pub const GROUP_WRITE: ACCESS_MASK = STANDARD_RIGHTS_WRITE | GROUP_WRITE_ACCOUNT | GROUP_ADD_MEMBER | GROUP_REMOVE_MEMBER; pub const GROUP_EXECUTE: ACCESS_MASK = STANDARD_RIGHTS_EXECUTE | GROUP_READ_INFORMATION; STRUCT!{struct GROUP_MEMBERSHIP { RelativeId: ULONG, Attributes: ULONG, }} pub type PGROUP_MEMBERSHIP = *mut GROUP_MEMBERSHIP; ENUM!{enum GROUP_INFORMATION_CLASS { GroupGeneralInformation = 1, GroupNameInformation = 2, GroupAttributeInformation = 3, GroupAdminCommentInformation = 4, GroupReplicationInformation = 5, }} STRUCT!{struct GROUP_GENERAL_INFORMATION { Name: UNICODE_STRING, Attributes: ULONG, MemberCount: ULONG, AdminComment: UNICODE_STRING, }} pub type PGROUP_GENERAL_INFORMATION = *mut GROUP_GENERAL_INFORMATION; STRUCT!{struct GROUP_NAME_INFORMATION { Name: UNICODE_STRING, }} pub type PGROUP_NAME_INFORMATION = *mut GROUP_NAME_INFORMATION; STRUCT!{struct GROUP_ATTRIBUTE_INFORMATION { Attributes: ULONG, }} pub type PGROUP_ATTRIBUTE_INFORMATION = *mut GROUP_ATTRIBUTE_INFORMATION; STRUCT!{struct GROUP_ADM_COMMENT_INFORMATION { AdminComment: UNICODE_STRING, }} pub type PGROUP_ADM_COMMENT_INFORMATION = *mut GROUP_ADM_COMMENT_INFORMATION; EXTERN!{extern "system" { fn SamEnumerateGroupsInDomain( DomainHandle: SAM_HANDLE, EnumerationContext: PSAM_ENUMERATE_HANDLE, Buffer: *mut PVOID, PreferedMaximumLength: ULONG, CountReturned: PULONG, ) -> NTSTATUS; fn SamCreateGroupInDomain( DomainHandle: SAM_HANDLE, AccountName: PUNICODE_STRING, DesiredAccess: ACCESS_MASK, GroupHandle: PSAM_HANDLE, RelativeId: PULONG, ) -> NTSTATUS; fn SamOpenGroup( DomainHandle: SAM_HANDLE, DesiredAccess: ACCESS_MASK, GroupId: ULONG, GroupHandle: PSAM_HANDLE, ) -> NTSTATUS; fn SamDeleteGroup( GroupHandle: SAM_HANDLE, ) -> NTSTATUS; fn SamQueryInformationGroup( GroupHandle: SAM_HANDLE, GroupInformationClass: GROUP_INFORMATION_CLASS, Buffer: *mut PVOID, ) -> NTSTATUS; fn SamSetInformationGroup( GroupHandle: SAM_HANDLE, GroupInformationClass: GROUP_INFORMATION_CLASS, Buffer: PVOID, ) -> NTSTATUS; fn SamAddMemberToGroup( GroupHandle: SAM_HANDLE, MemberId: ULONG, Attributes: ULONG, ) -> NTSTATUS; fn SamRemoveMemberFromGroup( GroupHandle: SAM_HANDLE, MemberId: ULONG, ) -> NTSTATUS; fn SamGetMembersInGroup( GroupHandle: SAM_HANDLE, MemberIds: *mut PULONG, Attributes: *mut PULONG, MemberCount: PULONG, ) -> NTSTATUS; fn SamSetMemberAttributesOfGroup( GroupHandle: SAM_HANDLE, MemberId: ULONG, Attributes: ULONG, ) -> NTSTATUS; }} pub const ALIAS_ADD_MEMBER: ACCESS_MASK = 0x0001; pub const ALIAS_REMOVE_MEMBER: ACCESS_MASK = 0x0002; pub const ALIAS_LIST_MEMBERS: ACCESS_MASK = 0x0004; pub const ALIAS_READ_INFORMATION: ACCESS_MASK = 0x0008; pub const ALIAS_WRITE_ACCOUNT: ACCESS_MASK = 0x0010; pub const ALIAS_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | ALIAS_READ_INFORMATION | ALIAS_WRITE_ACCOUNT | ALIAS_LIST_MEMBERS | ALIAS_ADD_MEMBER | ALIAS_REMOVE_MEMBER; pub const ALIAS_READ: ACCESS_MASK = STANDARD_RIGHTS_READ | ALIAS_LIST_MEMBERS; pub const ALIAS_WRITE: ACCESS_MASK = STANDARD_RIGHTS_WRITE | ALIAS_WRITE_ACCOUNT | ALIAS_ADD_MEMBER | ALIAS_REMOVE_MEMBER; pub const ALIAS_EXECUTE: ACCESS_MASK = STANDARD_RIGHTS_EXECUTE | ALIAS_READ_INFORMATION; ENUM!{enum ALIAS_INFORMATION_CLASS { AliasGeneralInformation = 1, AliasNameInformation = 2, AliasAdminCommentInformation = 3, AliasReplicationInformation = 4, AliasExtendedInformation = 5, }} STRUCT!{struct ALIAS_GENERAL_INFORMATION { Name: UNICODE_STRING, MemberCount: ULONG, AdminComment: UNICODE_STRING, }} pub type PALIAS_GENERAL_INFORMATION = *mut ALIAS_GENERAL_INFORMATION; STRUCT!{struct ALIAS_NAME_INFORMATION { Name: UNICODE_STRING, }} pub type PALIAS_NAME_INFORMATION = *mut ALIAS_NAME_INFORMATION; STRUCT!{struct ALIAS_ADM_COMMENT_INFORMATION { AdminComment: UNICODE_STRING, }} pub type PALIAS_ADM_COMMENT_INFORMATION = *mut ALIAS_ADM_COMMENT_INFORMATION; pub const ALIAS_ALL_NAME: ULONG = 0x00000001; pub const ALIAS_ALL_MEMBER_COUNT: ULONG = 0x00000002; pub const ALIAS_ALL_ADMIN_COMMENT: ULONG = 0x00000004; pub const ALIAS_ALL_SHELL_ADMIN_OBJECT_PROPERTIES: ULONG = 0x00000008; STRUCT!{struct ALIAS_EXTENDED_INFORMATION { WhichFields: ULONG, ShellAdminObjectProperties: SAM_SHELL_OBJECT_PROPERTIES, }} pub type PALIAS_EXTENDED_INFORMATION = *mut ALIAS_EXTENDED_INFORMATION; EXTERN!{extern "system" { fn SamEnumerateAliasesInDomain( DomainHandle: SAM_HANDLE, EnumerationContext: PSAM_ENUMERATE_HANDLE, Buffer: *mut PVOID, PreferedMaximumLength: ULONG, CountReturned: PULONG, ) -> NTSTATUS; fn SamCreateAliasInDomain( DomainHandle: SAM_HANDLE, AccountName: PUNICODE_STRING, DesiredAccess: ACCESS_MASK, AliasHandle: PSAM_HANDLE, RelativeId: PULONG, ) -> NTSTATUS; fn SamOpenAlias( DomainHandle: SAM_HANDLE, DesiredAccess: ACCESS_MASK, AliasId: ULONG, AliasHandle: PSAM_HANDLE, ) -> NTSTATUS; fn SamDeleteAlias( AliasHandle: SAM_HANDLE, ) -> NTSTATUS; fn SamQueryInformationAlias( AliasHandle: SAM_HANDLE, AliasInformationClass: ALIAS_INFORMATION_CLASS, Buffer: *mut PVOID, ) -> NTSTATUS; fn SamSetInformationAlias( AliasHandle: SAM_HANDLE, AliasInformationClass: ALIAS_INFORMATION_CLASS, Buffer: PVOID, ) -> NTSTATUS; fn SamAddMemberToAlias( AliasHandle: SAM_HANDLE, MemberId: PSID, ) -> NTSTATUS; fn SamAddMultipleMembersToAlias( AliasHandle: SAM_HANDLE, MemberIds: *mut PSID, MemberCount: ULONG, ) -> NTSTATUS; fn SamRemoveMemberFromAlias( AliasHandle: SAM_HANDLE, MemberId: PSID, ) -> NTSTATUS; fn SamRemoveMultipleMembersFromAlias( AliasHandle: SAM_HANDLE, MemberIds: *mut PSID, MemberCount: ULONG, ) -> NTSTATUS; fn SamGetMembersInAlias( AliasHandle: SAM_HANDLE, MemberIds: *mut *mut PSID, MemberCount: PULONG, ) -> NTSTATUS; fn SamGetAliasMembership( DomainHandle: SAM_HANDLE, PassedCount: ULONG, Sids: *mut PSID, MembershipCount: PULONG, Aliases: *mut PULONG, ) -> NTSTATUS; }} pub const GROUP_TYPE_BUILTIN_LOCAL_GROUP: u32 = 0x00000001; pub const GROUP_TYPE_ACCOUNT_GROUP: u32 = 0x00000002; pub const GROUP_TYPE_RESOURCE_GROUP: u32 = 0x00000004; pub const GROUP_TYPE_UNIVERSAL_GROUP: u32 = 0x00000008; pub const GROUP_TYPE_APP_BASIC_GROUP: u32 = 0x00000010; pub const GROUP_TYPE_APP_QUERY_GROUP: u32 = 0x00000020; pub const GROUP_TYPE_SECURITY_ENABLED: u32 = 0x80000000; pub const GROUP_TYPE_RESOURCE_BEHAVOIR: u32 = GROUP_TYPE_RESOURCE_GROUP | GROUP_TYPE_APP_BASIC_GROUP | GROUP_TYPE_APP_QUERY_GROUP; pub const USER_READ_GENERAL: DWORD = 0x0001; pub const USER_READ_PREFERENCES: DWORD = 0x0002; pub const USER_WRITE_PREFERENCES: DWORD = 0x0004; pub const USER_READ_LOGON: DWORD = 0x0008; pub const USER_READ_ACCOUNT: DWORD = 0x0010; pub const USER_WRITE_ACCOUNT: DWORD = 0x0020; pub const USER_CHANGE_PASSWORD: DWORD = 0x0040; pub const USER_FORCE_PASSWORD_CHANGE: DWORD = 0x0080; pub const USER_LIST_GROUPS: DWORD = 0x0100; pub const USER_READ_GROUP_INFORMATION: DWORD = 0x0200; pub const USER_WRITE_GROUP_INFORMATION: DWORD = 0x0400; pub const USER_ALL_ACCESS: DWORD = STANDARD_RIGHTS_REQUIRED | USER_READ_PREFERENCES | USER_READ_LOGON | USER_LIST_GROUPS | USER_READ_GROUP_INFORMATION | USER_WRITE_PREFERENCES | USER_CHANGE_PASSWORD | USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL | USER_READ_ACCOUNT | USER_WRITE_ACCOUNT | USER_WRITE_GROUP_INFORMATION; pub const USER_READ: DWORD = STANDARD_RIGHTS_READ | USER_READ_PREFERENCES | USER_READ_LOGON | USER_READ_ACCOUNT | USER_LIST_GROUPS | USER_READ_GROUP_INFORMATION; pub const USER_WRITE: DWORD = STANDARD_RIGHTS_WRITE | USER_WRITE_PREFERENCES | USER_CHANGE_PASSWORD; pub const USER_EXECUTE: DWORD = STANDARD_RIGHTS_EXECUTE | USER_READ_GENERAL | USER_CHANGE_PASSWORD; ENUM!{enum USER_INFORMATION_CLASS { UserGeneralInformation = 1, UserPreferencesInformation = 2, UserLogonInformation = 3, UserLogonHoursInformation = 4, UserAccountInformation = 5, UserNameInformation = 6, UserAccountNameInformation = 7, UserFullNameInformation = 8, UserPrimaryGroupInformation = 9, UserHomeInformation = 10, UserScriptInformation = 11, UserProfileInformation = 12, UserAdminCommentInformation = 13, UserWorkStationsInformation = 14, UserSetPasswordInformation = 15, UserControlInformation = 16, UserExpiresInformation = 17, UserInternal1Information = 18, UserInternal2Information = 19, UserParametersInformation = 20, UserAllInformation = 21, UserInternal3Information = 22, UserInternal4Information = 23, UserInternal5Information = 24, UserInternal4InformationNew = 25, UserInternal5InformationNew = 26, UserInternal6Information = 27, UserExtendedInformation = 28, UserLogonUIInformation = 29, }} pub type PUSER_INFORMATION_CLASS = *mut USER_INFORMATION_CLASS; pub const USER_ALL_USERNAME: ULONG = 0x00000001; pub const USER_ALL_FULLNAME: ULONG = 0x00000002; pub const USER_ALL_USERID: ULONG = 0x00000004; pub const USER_ALL_PRIMARYGROUPID: ULONG = 0x00000008; pub const USER_ALL_ADMINCOMMENT: ULONG = 0x00000010; pub const USER_ALL_USERCOMMENT: ULONG = 0x00000020; pub const USER_ALL_HOMEDIRECTORY: ULONG = 0x00000040; pub const USER_ALL_HOMEDIRECTORYDRIVE: ULONG = 0x00000080; pub const USER_ALL_SCRIPTPATH: ULONG = 0x00000100; pub const USER_ALL_PROFILEPATH: ULONG = 0x00000200; pub const USER_ALL_WORKSTATIONS: ULONG = 0x00000400; pub const USER_ALL_LASTLOGON: ULONG = 0x00000800; pub const USER_ALL_LASTLOGOFF: ULONG = 0x00001000; pub const USER_ALL_LOGONHOURS: ULONG = 0x00002000; pub const USER_ALL_BADPASSWORDCOUNT: ULONG = 0x00004000; pub const USER_ALL_LOGONCOUNT: ULONG = 0x00008000; pub const USER_ALL_PASSWORDCANCHANGE: ULONG = 0x00010000; pub const USER_ALL_PASSWORDMUSTCHANGE: ULONG = 0x00020000; pub const USER_ALL_PASSWORDLASTSET: ULONG = 0x00040000; pub const USER_ALL_ACCOUNTEXPIRES: ULONG = 0x00080000; pub const USER_ALL_USERACCOUNTCONTROL: ULONG = 0x00100000; pub const USER_ALL_PARAMETERS: ULONG = 0x00200000; pub const USER_ALL_COUNTRYCODE: ULONG = 0x00400000; pub const USER_ALL_CODEPAGE: ULONG = 0x00800000; pub const USER_ALL_NTPASSWORDPRESENT: ULONG = 0x01000000; pub const USER_ALL_LMPASSWORDPRESENT: ULONG = 0x02000000; pub const USER_ALL_PRIVATEDATA: ULONG = 0x04000000; pub const USER_ALL_PASSWORDEXPIRED: ULONG = 0x08000000; pub const USER_ALL_SECURITYDESCRIPTOR: ULONG = 0x10000000; pub const USER_ALL_OWFPASSWORD: ULONG = 0x20000000; pub const USER_ALL_UNDEFINED_MASK: ULONG = 0xc0000000; pub const USER_ALL_READ_GENERAL_MASK: ULONG = USER_ALL_USERNAME | USER_ALL_FULLNAME | USER_ALL_USERID | USER_ALL_PRIMARYGROUPID | USER_ALL_ADMINCOMMENT | USER_ALL_USERCOMMENT; pub const USER_ALL_READ_LOGON_MASK: ULONG = USER_ALL_HOMEDIRECTORY | USER_ALL_HOMEDIRECTORYDRIVE | USER_ALL_SCRIPTPATH | USER_ALL_PROFILEPATH | USER_ALL_WORKSTATIONS | USER_ALL_LASTLOGON | USER_ALL_LASTLOGOFF | USER_ALL_LOGONHOURS | USER_ALL_BADPASSWORDCOUNT | USER_ALL_LOGONCOUNT | USER_ALL_PASSWORDCANCHANGE | USER_ALL_PASSWORDMUSTCHANGE; pub const USER_ALL_READ_ACCOUNT_MASK: ULONG = USER_ALL_PASSWORDLASTSET | USER_ALL_ACCOUNTEXPIRES | USER_ALL_USERACCOUNTCONTROL | USER_ALL_PARAMETERS; pub const USER_ALL_READ_PREFERENCES_MASK: ULONG = USER_ALL_COUNTRYCODE | USER_ALL_CODEPAGE; pub const USER_ALL_READ_TRUSTED_MASK: ULONG = USER_ALL_NTPASSWORDPRESENT | USER_ALL_LMPASSWORDPRESENT | USER_ALL_PASSWORDEXPIRED | USER_ALL_SECURITYDESCRIPTOR | USER_ALL_PRIVATEDATA; pub const USER_ALL_READ_CANT_MASK: ULONG = USER_ALL_UNDEFINED_MASK; pub const USER_ALL_WRITE_ACCOUNT_MASK: ULONG = USER_ALL_USERNAME | USER_ALL_FULLNAME | USER_ALL_PRIMARYGROUPID | USER_ALL_HOMEDIRECTORY | USER_ALL_HOMEDIRECTORYDRIVE | USER_ALL_SCRIPTPATH | USER_ALL_PROFILEPATH | USER_ALL_ADMINCOMMENT | USER_ALL_WORKSTATIONS | USER_ALL_LOGONHOURS | USER_ALL_ACCOUNTEXPIRES | USER_ALL_USERACCOUNTCONTROL | USER_ALL_PARAMETERS; pub const USER_ALL_WRITE_PREFERENCES_MASK: ULONG = USER_ALL_USERCOMMENT | USER_ALL_COUNTRYCODE | USER_ALL_CODEPAGE; pub const USER_ALL_WRITE_FORCE_PASSWORD_CHANGE_MASK: ULONG = USER_ALL_NTPASSWORDPRESENT | USER_ALL_LMPASSWORDPRESENT | USER_ALL_PASSWORDEXPIRED; pub const USER_ALL_WRITE_TRUSTED_MASK: ULONG = USER_ALL_LASTLOGON | USER_ALL_LASTLOGOFF | USER_ALL_BADPASSWORDCOUNT | USER_ALL_LOGONCOUNT | USER_ALL_PASSWORDLASTSET | USER_ALL_SECURITYDESCRIPTOR | USER_ALL_PRIVATEDATA; pub const USER_ALL_WRITE_CANT_MASK: ULONG = USER_ALL_USERID | USER_ALL_PASSWORDCANCHANGE | USER_ALL_PASSWORDMUSTCHANGE | USER_ALL_UNDEFINED_MASK; STRUCT!{struct USER_GENERAL_INFORMATION { UserName: UNICODE_STRING, FullName: UNICODE_STRING, PrimaryGroupId: ULONG, AdminComment: UNICODE_STRING, UserComment: UNICODE_STRING, }} pub type PUSER_GENERAL_INFORMATION = *mut USER_GENERAL_INFORMATION; STRUCT!{struct USER_PREFERENCES_INFORMATION { UserComment: UNICODE_STRING, Reserved1: UNICODE_STRING, CountryCode: USHORT, CodePage: USHORT, }} pub type PUSER_PREFERENCES_INFORMATION = *mut USER_PREFERENCES_INFORMATION; STRUCT!{struct USER_PARAMETERS_INFORMATION { Parameters: UNICODE_STRING, }} pub type PUSER_PARAMETERS_INFORMATION = *mut USER_PARAMETERS_INFORMATION; STRUCT!{#[repr(packed(4))] struct USER_LOGON_INFORMATION { UserName: UNICODE_STRING, FullName: UNICODE_STRING, UserId: ULONG, PrimaryGroupId: ULONG, HomeDirectory: UNICODE_STRING, HomeDirectoryDrive: UNICODE_STRING, ScriptPath: UNICODE_STRING, ProfilePath: UNICODE_STRING, WorkStations: UNICODE_STRING, LastLogon: LARGE_INTEGER, LastLogoff: LARGE_INTEGER, PasswordLastSet: LARGE_INTEGER, PasswordCanChange: LARGE_INTEGER, PasswordMustChange: LARGE_INTEGER, LogonHours: LOGON_HOURS, BadPasswordCount: USHORT, LogonCount: USHORT, UserAccountControl: ULONG, }} pub type PUSER_LOGON_INFORMATION = *mut USER_LOGON_INFORMATION; STRUCT!{#[repr(packed(4))] struct USER_ACCOUNT_INFORMATION { UserName: UNICODE_STRING, FullName: UNICODE_STRING, UserId: ULONG, PrimaryGroupId: ULONG, HomeDirectory: UNICODE_STRING, HomeDirectoryDrive: UNICODE_STRING, ScriptPath: UNICODE_STRING, ProfilePath: UNICODE_STRING, AdminComment: UNICODE_STRING, WorkStations: UNICODE_STRING, LastLogon: LARGE_INTEGER, LastLogoff: LARGE_INTEGER, LogonHours: LOGON_HOURS, BadPasswordCount: USHORT, LogonCount: USHORT, PasswordLastSet: LARGE_INTEGER, AccountExpires: LARGE_INTEGER, UserAccountControl: ULONG, }} pub type PUSER_ACCOUNT_INFORMATION = *mut USER_ACCOUNT_INFORMATION; STRUCT!{struct USER_ACCOUNT_NAME_INFORMATION { UserName: UNICODE_STRING, }} pub type PUSER_ACCOUNT_NAME_INFORMATION = *mut USER_ACCOUNT_NAME_INFORMATION; STRUCT!{struct USER_FULL_NAME_INFORMATION { FullName: UNICODE_STRING, }} pub type PUSER_FULL_NAME_INFORMATION = *mut USER_FULL_NAME_INFORMATION; STRUCT!{struct USER_NAME_INFORMATION { UserName: UNICODE_STRING, FullName: UNICODE_STRING, }} pub type PUSER_NAME_INFORMATION = *mut USER_NAME_INFORMATION; STRUCT!{struct USER_PRIMARY_GROUP_INFORMATION { PrimaryGroupId: ULONG, }} pub type PUSER_PRIMARY_GROUP_INFORMATION = *mut USER_PRIMARY_GROUP_INFORMATION; STRUCT!{struct USER_HOME_INFORMATION { HomeDirectory: UNICODE_STRING, HomeDirectoryDrive: UNICODE_STRING, }} pub type PUSER_HOME_INFORMATION = *mut USER_HOME_INFORMATION; STRUCT!{struct USER_SCRIPT_INFORMATION { ScriptPath: UNICODE_STRING, }} pub type PUSER_SCRIPT_INFORMATION = *mut USER_SCRIPT_INFORMATION; STRUCT!{struct USER_PROFILE_INFORMATION { ProfilePath: UNICODE_STRING, }} pub type PUSER_PROFILE_INFORMATION = *mut USER_PROFILE_INFORMATION; STRUCT!{struct USER_ADMIN_COMMENT_INFORMATION { AdminComment: UNICODE_STRING, }} pub type PUSER_ADMIN_COMMENT_INFORMATION = *mut USER_ADMIN_COMMENT_INFORMATION; STRUCT!{struct USER_WORKSTATIONS_INFORMATION { WorkStations: UNICODE_STRING, }} pub type PUSER_WORKSTATIONS_INFORMATION = *mut USER_WORKSTATIONS_INFORMATION; STRUCT!{struct USER_SET_PASSWORD_INFORMATION { Password: UNICODE_STRING, PasswordExpired: BOOLEAN, }} pub type PUSER_SET_PASSWORD_INFORMATION = *mut USER_SET_PASSWORD_INFORMATION; STRUCT!{struct USER_CONTROL_INFORMATION { UserAccountControl: ULONG, }} pub type PUSER_CONTROL_INFORMATION = *mut USER_CONTROL_INFORMATION; STRUCT!{struct USER_EXPIRES_INFORMATION { AccountExpires: LARGE_INTEGER, }} pub type PUSER_EXPIRES_INFORMATION = *mut USER_EXPIRES_INFORMATION; STRUCT!{struct USER_LOGON_HOURS_INFORMATION { LogonHours: LOGON_HOURS, }} pub type PUSER_LOGON_HOURS_INFORMATION = *mut USER_LOGON_HOURS_INFORMATION; pub type SAM_USER_TILE = SAM_BYTE_ARRAY_32K; pub type PSAM_USER_TILE = *mut SAM_BYTE_ARRAY_32K; pub const USER_EXTENDED_FIELD_USER_TILE: ULONG = 0x00001000; pub const USER_EXTENDED_FIELD_PASSWORD_HINT: ULONG = 0x00002000; pub const USER_EXTENDED_FIELD_DONT_SHOW_IN_LOGON_UI: ULONG = 0x00004000; pub const USER_EXTENDED_FIELD_SHELL_ADMIN_OBJECT_PROPERTIES: ULONG = 0x00008000; STRUCT!{struct USER_EXTENDED_INFORMATION { ExtendedWhichFields: ULONG, UserTile: SAM_USER_TILE, PasswordHint: UNICODE_STRING, DontShowInLogonUI: BOOLEAN, ShellAdminObjectProperties: SAM_SHELL_OBJECT_PROPERTIES, }} pub type PUSER_EXTENDED_INFORMATION = *mut USER_EXTENDED_INFORMATION; STRUCT!{struct USER_LOGON_UI_INFORMATION { PasswordIsBlank: BOOLEAN, AccountIsDisabled: BOOLEAN, }} pub type PUSER_LOGON_UI_INFORMATION = *mut USER_LOGON_UI_INFORMATION; STRUCT!{struct USER_PWD_CHANGE_FAILURE_INFORMATION { ExtendedFailureReason: ULONG, FilterModuleName: UNICODE_STRING, }} pub type PUSER_PWD_CHANGE_FAILURE_INFORMATION = *mut USER_PWD_CHANGE_FAILURE_INFORMATION; pub const SAM_PWD_CHANGE_NO_ERROR: u32 = 0; pub const SAM_PWD_CHANGE_PASSWORD_TOO_SHORT: u32 = 1; pub const SAM_PWD_CHANGE_PWD_IN_HISTORY: u32 = 2; pub const SAM_PWD_CHANGE_USERNAME_IN_PASSWORD: u32 = 3; pub const SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD: u32 = 4; pub const SAM_PWD_CHANGE_NOT_COMPLEX: u32 = 5; pub const SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT: u32 = 6; pub const SAM_PWD_CHANGE_FAILED_BY_FILTER: u32 = 7; pub const SAM_PWD_CHANGE_PASSWORD_TOO_LONG: u32 = 8; pub const SAM_PWD_CHANGE_FAILURE_REASON_MAX: u32 = 8; EXTERN!{extern "system" { fn SamEnumerateUsersInDomain( DomainHandle: SAM_HANDLE, EnumerationContext: PSAM_ENUMERATE_HANDLE, UserAccountControl: ULONG, Buffer: *mut PVOID, PreferedMaximumLength: ULONG, CountReturned: PULONG, ) -> NTSTATUS; fn SamCreateUserInDomain( DomainHandle: SAM_HANDLE, AccountName: PUNICODE_STRING, DesiredAccess: ACCESS_MASK, UserHandle: PSAM_HANDLE, RelativeId: PULONG, ) -> NTSTATUS; fn SamCreateUser2InDomain( DomainHandle: SAM_HANDLE, AccountName: PUNICODE_STRING, AccountType: ULONG, DesiredAccess: ACCESS_MASK, UserHandle: PSAM_HANDLE, GrantedAccess: PULONG, RelativeId: PULONG, ) -> NTSTATUS; fn SamOpenUser( DomainHandle: SAM_HANDLE, DesiredAccess: ACCESS_MASK, UserId: ULONG, UserHandle: PSAM_HANDLE, ) -> NTSTATUS; fn SamDeleteUser( UserHandle: SAM_HANDLE, ) -> NTSTATUS; fn SamQueryInformationUser( UserHandle: SAM_HANDLE, UserInformationClass: USER_INFORMATION_CLASS, Buffer: *mut PVOID, ) -> NTSTATUS; fn SamSetInformationUser( UserHandle: SAM_HANDLE, UserInformationClass: USER_INFORMATION_CLASS, Buffer: PVOID, ) -> NTSTATUS; fn SamGetGroupsForUser( UserHandle: SAM_HANDLE, Groups: *mut PGROUP_MEMBERSHIP, MembershipCount: PULONG, ) -> NTSTATUS; fn SamChangePasswordUser( UserHandle: SAM_HANDLE, OldPassword: PUNICODE_STRING, NewPassword: PUNICODE_STRING, ) -> NTSTATUS; fn SamChangePasswordUser2( ServerName: PUNICODE_STRING, UserName: PUNICODE_STRING, OldPassword: PUNICODE_STRING, NewPassword: PUNICODE_STRING, ) -> NTSTATUS; fn SamChangePasswordUser3( ServerName: PUNICODE_STRING, UserName: PUNICODE_STRING, OldPassword: PUNICODE_STRING, NewPassword: PUNICODE_STRING, EffectivePasswordPolicy: *mut PDOMAIN_PASSWORD_INFORMATION, PasswordChangeFailureInfo: *mut PUSER_PWD_CHANGE_FAILURE_INFORMATION, ) -> NTSTATUS; fn SamQueryDisplayInformation( DomainHandle: SAM_HANDLE, DisplayInformation: DOMAIN_DISPLAY_INFORMATION, Index: ULONG, EntryCount: ULONG, PreferredMaximumLength: ULONG, TotalAvailable: PULONG, TotalReturned: PULONG, ReturnedEntryCount: PULONG, SortedBuffer: *mut PVOID, ) -> NTSTATUS; fn SamGetDisplayEnumerationIndex( DomainHandle: SAM_HANDLE, DisplayInformation: DOMAIN_DISPLAY_INFORMATION, Prefix: PUNICODE_STRING, Index: PULONG, ) -> NTSTATUS; }} ENUM!{enum SECURITY_DB_DELTA_TYPE { SecurityDbNew = 1, SecurityDbRename = 2, SecurityDbDelete = 3, SecurityDbChangeMemberAdd = 4, SecurityDbChangeMemberSet = 5, SecurityDbChangeMemberDel = 6, SecurityDbChange = 7, SecurityDbChangePassword = 8, }} pub type PSECURITY_DB_DELTA_TYPE = *mut SECURITY_DB_DELTA_TYPE; ENUM!{enum SECURITY_DB_OBJECT_TYPE { SecurityDbObjectSamDomain = 1, SecurityDbObjectSamUser = 2, SecurityDbObjectSamGroup = 3, SecurityDbObjectSamAlias = 4, SecurityDbObjectLsaPolicy = 5, SecurityDbObjectLsaTDomain = 6, SecurityDbObjectLsaAccount = 7, SecurityDbObjectLsaSecret = 8, }} pub type PSECURITY_DB_OBJECT_TYPE = *mut SECURITY_DB_OBJECT_TYPE; ENUM!{enum SAM_ACCOUNT_TYPE { SamObjectUser = 1, SamObjectGroup = 2, SamObjectAlias = 3, }} pub type PSAM_ACCOUNT_TYPE = *mut SAM_ACCOUNT_TYPE; pub const SAM_USER_ACCOUNT: u32 = 0x00000001; pub const SAM_GLOBAL_GROUP_ACCOUNT: u32 = 0x00000002; pub const SAM_LOCAL_GROUP_ACCOUNT: u32 = 0x00000004; STRUCT!{struct SAM_GROUP_MEMBER_ID { MemberRid: ULONG, }} pub type PSAM_GROUP_MEMBER_ID = *mut SAM_GROUP_MEMBER_ID; STRUCT!{struct SAM_ALIAS_MEMBER_ID { MemberSid: PSID, }} pub type PSAM_ALIAS_MEMBER_ID = *mut SAM_ALIAS_MEMBER_ID; UNION!{union SAM_DELTA_DATA { GroupMemberId: SAM_GROUP_MEMBER_ID, AliasMemberId: SAM_ALIAS_MEMBER_ID, AccountControl: ULONG, }} pub type PSAM_DELTA_DATA = *mut SAM_DELTA_DATA; FN!{stdcall PSAM_DELTA_NOTIFICATION_ROUTINE( DomainSid: PSID, DeltaType: SECURITY_DB_DELTA_TYPE, ObjectType: SECURITY_DB_OBJECT_TYPE, ObjectRid: ULONG, ObjectName: PUNICODE_STRING, ModifiedCount: PLARGE_INTEGER, DeltaData: PSAM_DELTA_DATA, ) -> NTSTATUS} pub const SAM_DELTA_NOTIFY_ROUTINE: UTF8Const = UTF8Const("DeltaNotify\0"); EXTERN!{extern "system" { fn SamRegisterObjectChangeNotification( ObjectType: SECURITY_DB_OBJECT_TYPE, NotificationEventHandle: HANDLE, ) -> NTSTATUS; fn SamUnregisterObjectChangeNotification( ObjectType: SECURITY_DB_OBJECT_TYPE, NotificationEventHandle: HANDLE, ) -> NTSTATUS; }} pub const SAM_SID_COMPATIBILITY_ALL: u32 = 0; pub const SAM_SID_COMPATIBILITY_LAX: u32 = 1; pub const SAM_SID_COMPATIBILITY_STRICT: u32 = 2; EXTERN!{extern "system" { fn SamGetCompatibilityMode( ObjectHandle: SAM_HANDLE, Mode: *mut ULONG, ) -> NTSTATUS; }} ENUM!{enum PASSWORD_POLICY_VALIDATION_TYPE { SamValidateAuthentication = 1, SamValidatePasswordChange = 2, SamValidatePasswordReset = 3, }} STRUCT!{struct SAM_VALIDATE_PASSWORD_HASH { Length: ULONG, Hash: PUCHAR, }} pub type PSAM_VALIDATE_PASSWORD_HASH = *mut SAM_VALIDATE_PASSWORD_HASH; pub const SAM_VALIDATE_PASSWORD_LAST_SET: u32 = 0x00000001; pub const SAM_VALIDATE_BAD_PASSWORD_TIME: u32 = 0x00000002; pub const SAM_VALIDATE_LOCKOUT_TIME: u32 = 0x00000004; pub const SAM_VALIDATE_BAD_PASSWORD_COUNT: u32 = 0x00000008; pub const SAM_VALIDATE_PASSWORD_HISTORY_LENGTH: u32 = 0x00000010; pub const SAM_VALIDATE_PASSWORD_HISTORY: u32 = 0x00000020; STRUCT!{struct SAM_VALIDATE_PERSISTED_FIELDS { PresentFields: ULONG, PasswordLastSet: LARGE_INTEGER, BadPasswordTime: LARGE_INTEGER, LockoutTime: LARGE_INTEGER, BadPasswordCount: ULONG, PasswordHistoryLength: ULONG, PasswordHistory: PSAM_VALIDATE_PASSWORD_HASH, }} pub type PSAM_VALIDATE_PERSISTED_FIELDS = *mut SAM_VALIDATE_PERSISTED_FIELDS; ENUM!{enum SAM_VALIDATE_VALIDATION_STATUS { SamValidateSuccess = 0, SamValidatePasswordMustChange = 1, SamValidateAccountLockedOut = 2, SamValidatePasswordExpired = 3, SamValidatePasswordIncorrect = 4, SamValidatePasswordIsInHistory = 5, SamValidatePasswordTooShort = 6, SamValidatePasswordTooLong = 7, SamValidatePasswordNotComplexEnough = 8, SamValidatePasswordTooRecent = 9, SamValidatePasswordFilterError = 10, }} pub type PSAM_VALIDATE_VALIDATION_STATUS = *mut SAM_VALIDATE_VALIDATION_STATUS; STRUCT!{struct SAM_VALIDATE_STANDARD_OUTPUT_ARG { ChangedPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, ValidationStatus: SAM_VALIDATE_VALIDATION_STATUS, }} pub type PSAM_VALIDATE_STANDARD_OUTPUT_ARG = *mut SAM_VALIDATE_STANDARD_OUTPUT_ARG; STRUCT!{struct SAM_VALIDATE_AUTHENTICATION_INPUT_ARG { InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, PasswordMatched: BOOLEAN, }} pub type PSAM_VALIDATE_AUTHENTICATION_INPUT_ARG = *mut SAM_VALIDATE_AUTHENTICATION_INPUT_ARG; STRUCT!{struct SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG { InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, ClearPassword: UNICODE_STRING, UserAccountName: UNICODE_STRING, HashedPassword: SAM_VALIDATE_PASSWORD_HASH, PasswordMatch: BOOLEAN, }} pub type PSAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG = *mut SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG; STRUCT!{struct SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG { InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, ClearPassword: UNICODE_STRING, UserAccountName: UNICODE_STRING, HashedPassword: SAM_VALIDATE_PASSWORD_HASH, PasswordMustChangeAtNextLogon: BOOLEAN, ClearLockout: BOOLEAN, }} pub type PSAM_VALIDATE_PASSWORD_RESET_INPUT_ARG = *mut SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG; UNION!{union SAM_VALIDATE_INPUT_ARG { ValidateAuthenticationInput: SAM_VALIDATE_AUTHENTICATION_INPUT_ARG, ValidatePasswordChangeInput: SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG, ValidatePasswordResetInput: SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG, }} pub type PSAM_VALIDATE_INPUT_ARG = *mut SAM_VALIDATE_INPUT_ARG; UNION!{union SAM_VALIDATE_OUTPUT_ARG { ValidateAuthenticationOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG, ValidatePasswordChangeOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG, ValidatePasswordResetOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG, }} pub type PSAM_VALIDATE_OUTPUT_ARG = *mut SAM_VALIDATE_OUTPUT_ARG; EXTERN!{extern "system" { fn SamValidatePassword( ServerName: PUNICODE_STRING, ValidationType: PASSWORD_POLICY_VALIDATION_TYPE, InputArg: PSAM_VALIDATE_INPUT_ARG, OutputArg: *mut PSAM_VALIDATE_OUTPUT_ARG, ) -> NTSTATUS; }} ENUM!{enum SAM_GENERIC_OPERATION_TYPE { SamObjectChangeNotificationOperation = 0, }} pub type PSAM_GENERIC_OPERATION_TYPE = *mut SAM_GENERIC_OPERATION_TYPE; STRUCT!{struct SAM_OPERATION_OBJCHG_INPUT { Register: BOOLEAN, EventHandle: ULONG64, ObjectType: SECURITY_DB_OBJECT_TYPE, ProcessID: ULONG, }} pub type PSAM_OPERATION_OBJCHG_INPUT = *mut SAM_OPERATION_OBJCHG_INPUT; STRUCT!{struct SAM_OPERATION_OBJCHG_OUTPUT { Reserved: ULONG, }} pub type PSAM_OPERATION_OBJCHG_OUTPUT = *mut SAM_OPERATION_OBJCHG_OUTPUT; UNION!{union SAM_GENERIC_OPERATION_INPUT { ObjChangeIn: SAM_OPERATION_OBJCHG_INPUT, }} pub type PSAM_GENERIC_OPERATION_INPUT = *mut SAM_GENERIC_OPERATION_INPUT; UNION!{union SAM_GENERIC_OPERATION_OUTPUT { ObjChangeOut: SAM_OPERATION_OBJCHG_OUTPUT, }} pub type PSAM_GENERIC_OPERATION_OUTPUT = *mut SAM_GENERIC_OPERATION_OUTPUT; EXTERN!{extern "system" { fn SamPerformGenericOperation( ServerName: PWSTR, OperationType: SAM_GENERIC_OPERATION_TYPE, OperationIn: PSAM_GENERIC_OPERATION_INPUT, OperationOut: *mut PSAM_GENERIC_OPERATION_OUTPUT, ) -> NTSTATUS; }} ntapi-0.4.0/src/ntseapi.rs000064400000000000000000000405000072674642500135670ustar 00000000000000use winapi::shared::basetsd::{PLONG64, PULONG64, ULONG64}; use winapi::shared::ntdef::{ BOOLEAN, HANDLE, LONG, NTSTATUS, PBOOLEAN, PHANDLE, PLARGE_INTEGER, PLUID, PNTSTATUS, POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, ULONG, UNICODE_STRING, USHORT, }; use winapi::um::winnt::{ ACCESS_MASK, AUDIT_EVENT_TYPE, PACCESS_MASK, PGENERIC_MAPPING, POBJECT_TYPE_LIST, PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES, PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER, PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, SE_SIGNING_LEVEL, TOKEN_INFORMATION_CLASS, TOKEN_TYPE, }; pub const SE_MIN_WELL_KNOWN_PRIVILEGE: LONG = 2; pub const SE_CREATE_TOKEN_PRIVILEGE: LONG = 2; pub const SE_ASSIGNPRIMARYTOKEN_PRIVILEGE: LONG = 3; pub const SE_LOCK_MEMORY_PRIVILEGE: LONG = 4; pub const SE_INCREASE_QUOTA_PRIVILEGE: LONG = 5; pub const SE_MACHINE_ACCOUNT_PRIVILEGE: LONG = 6; pub const SE_TCB_PRIVILEGE: LONG = 7; pub const SE_SECURITY_PRIVILEGE: LONG = 8; pub const SE_TAKE_OWNERSHIP_PRIVILEGE: LONG = 9; pub const SE_LOAD_DRIVER_PRIVILEGE: LONG = 10; pub const SE_SYSTEM_PROFILE_PRIVILEGE: LONG = 11; pub const SE_SYSTEMTIME_PRIVILEGE: LONG = 12; pub const SE_PROF_SINGLE_PROCESS_PRIVILEGE: LONG = 13; pub const SE_INC_BASE_PRIORITY_PRIVILEGE: LONG = 14; pub const SE_CREATE_PAGEFILE_PRIVILEGE: LONG = 15; pub const SE_CREATE_PERMANENT_PRIVILEGE: LONG = 16; pub const SE_BACKUP_PRIVILEGE: LONG = 17; pub const SE_RESTORE_PRIVILEGE: LONG = 18; pub const SE_SHUTDOWN_PRIVILEGE: LONG = 19; pub const SE_DEBUG_PRIVILEGE: LONG = 20; pub const SE_AUDIT_PRIVILEGE: LONG = 21; pub const SE_SYSTEM_ENVIRONMENT_PRIVILEGE: LONG = 22; pub const SE_CHANGE_NOTIFY_PRIVILEGE: LONG = 23; pub const SE_REMOTE_SHUTDOWN_PRIVILEGE: LONG = 24; pub const SE_UNDOCK_PRIVILEGE: LONG = 25; pub const SE_SYNC_AGENT_PRIVILEGE: LONG = 26; pub const SE_ENABLE_DELEGATION_PRIVILEGE: LONG = 27; pub const SE_MANAGE_VOLUME_PRIVILEGE: LONG = 28; pub const SE_IMPERSONATE_PRIVILEGE: LONG = 29; pub const SE_CREATE_GLOBAL_PRIVILEGE: LONG = 30; pub const SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE: LONG = 31; pub const SE_RELABEL_PRIVILEGE: LONG = 32; pub const SE_INC_WORKING_SET_PRIVILEGE: LONG = 33; pub const SE_TIME_ZONE_PRIVILEGE: LONG = 34; pub const SE_CREATE_SYMBOLIC_LINK_PRIVILEGE: LONG = 35; pub const SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE: LONG = 36; pub const SE_MAX_WELL_KNOWN_PRIVILEGE: LONG = SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID: USHORT = 0x00; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64: USHORT = 0x01; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64: USHORT = 0x02; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING: USHORT = 0x03; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN: USHORT = 0x04; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_SID: USHORT = 0x05; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: USHORT = 0x06; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: USHORT = 0x10; pub const TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE: USHORT = 0x0001; pub const TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE: USHORT = 0x0002; pub const TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY: USHORT = 0x0004; pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT: USHORT = 0x0008; pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED: USHORT = 0x0010; pub const TOKEN_SECURITY_ATTRIBUTE_MANDATORY: USHORT = 0x0020; pub const TOKEN_SECURITY_ATTRIBUTE_COMPARE_IGNORE: USHORT = 0x0040; pub const TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS: USHORT = TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE | TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE | TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY | TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT | TOKEN_SECURITY_ATTRIBUTE_DISABLED | TOKEN_SECURITY_ATTRIBUTE_MANDATORY; pub const TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS: u32 = 0xffff0000; STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE { Version: ULONG64, Name: UNICODE_STRING, }} pub type PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE = *mut TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE; STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { pValue: PVOID, ValueLength: ULONG, }} pub type PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE = *mut TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE; UNION!{union TOKEN_SECURITY_ATTRIBUTE_V1_Values { pInt64: PLONG64, pUint64: PULONG64, pString: PUNICODE_STRING, pFqbn: PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE, pOctetString: PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, }} STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_V1 { Name: UNICODE_STRING, ValueType: USHORT, Reserved: USHORT, Flags: ULONG, ValueCount: ULONG, Values: TOKEN_SECURITY_ATTRIBUTE_V1_Values, }} pub type PTOKEN_SECURITY_ATTRIBUTE_V1 = *mut TOKEN_SECURITY_ATTRIBUTE_V1; pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1: USHORT = 1; pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION: USHORT = TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1; STRUCT!{struct TOKEN_SECURITY_ATTRIBUTES_INFORMATION { Version: USHORT, Reserved: USHORT, AttributeCount: ULONG, pAttributeV1: PTOKEN_SECURITY_ATTRIBUTE_V1, }} pub type PTOKEN_SECURITY_ATTRIBUTES_INFORMATION = *mut TOKEN_SECURITY_ATTRIBUTES_INFORMATION; STRUCT!{struct TOKEN_PROCESS_TRUST_LEVEL { TrustLevelSid: PSID, }} pub type PTOKEN_PROCESS_TRUST_LEVEL = *mut TOKEN_PROCESS_TRUST_LEVEL; EXTERN!{extern "system" { fn NtCreateToken( TokenHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TokenType: TOKEN_TYPE, AuthenticationId: PLUID, ExpirationTime: PLARGE_INTEGER, User: PTOKEN_USER, Groups: PTOKEN_GROUPS, Privileges: PTOKEN_PRIVILEGES, Owner: PTOKEN_OWNER, PrimaryGroup: PTOKEN_PRIMARY_GROUP, DefaultDacl: PTOKEN_DEFAULT_DACL, TokenSource: PTOKEN_SOURCE, ) -> NTSTATUS; fn NtCreateLowBoxToken( TokenHandle: PHANDLE, ExistingTokenHandle: HANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, PackageSid: PSID, CapabilityCount: ULONG, Capabilities: PSID_AND_ATTRIBUTES, HandleCount: ULONG, Handles: *mut HANDLE, ) -> NTSTATUS; fn NtCreateTokenEx( TokenHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TokenType: TOKEN_TYPE, AuthenticationId: PLUID, ExpirationTime: PLARGE_INTEGER, User: PTOKEN_USER, Groups: PTOKEN_GROUPS, Privileges: PTOKEN_PRIVILEGES, UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, DeviceGroups: PTOKEN_GROUPS, TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY, Owner: PTOKEN_OWNER, PrimaryGroup: PTOKEN_PRIMARY_GROUP, DefaultDacl: PTOKEN_DEFAULT_DACL, TokenSource: PTOKEN_SOURCE, ) -> NTSTATUS; fn NtOpenProcessToken( ProcessHandle: HANDLE, DesiredAccess: ACCESS_MASK, TokenHandle: PHANDLE, ) -> NTSTATUS; fn NtOpenProcessTokenEx( ProcessHandle: HANDLE, DesiredAccess: ACCESS_MASK, HandleAttributes: ULONG, TokenHandle: PHANDLE, ) -> NTSTATUS; fn NtOpenThreadToken( ThreadHandle: HANDLE, DesiredAccess: ACCESS_MASK, OpenAsSelf: BOOLEAN, TokenHandle: PHANDLE, ) -> NTSTATUS; fn NtOpenThreadTokenEx( ThreadHandle: HANDLE, DesiredAccess: ACCESS_MASK, OpenAsSelf: BOOLEAN, HandleAttributes: ULONG, TokenHandle: PHANDLE, ) -> NTSTATUS; fn NtDuplicateToken( ExistingTokenHandle: HANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, EffectiveOnly: BOOLEAN, TokenType: TOKEN_TYPE, NewTokenHandle: PHANDLE, ) -> NTSTATUS; fn NtQueryInformationToken( TokenHandle: HANDLE, TokenInformationClass: TOKEN_INFORMATION_CLASS, TokenInformation: PVOID, TokenInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtSetInformationToken( TokenHandle: HANDLE, TokenInformationClass: TOKEN_INFORMATION_CLASS, TokenInformation: PVOID, TokenInformationLength: ULONG, ) -> NTSTATUS; fn NtAdjustPrivilegesToken( TokenHandle: HANDLE, DisableAllPrivileges: BOOLEAN, NewState: PTOKEN_PRIVILEGES, BufferLength: ULONG, PreviousState: PTOKEN_PRIVILEGES, ReturnLength: PULONG, ) -> NTSTATUS; fn NtAdjustGroupsToken( TokenHandle: HANDLE, ResetToDefault: BOOLEAN, NewState: PTOKEN_GROUPS, BufferLength: ULONG, PreviousState: PTOKEN_GROUPS, ReturnLength: PULONG, ) -> NTSTATUS; fn NtAdjustTokenClaimsAndDeviceGroups( TokenHandle: HANDLE, UserResetToDefault: BOOLEAN, DeviceResetToDefault: BOOLEAN, DeviceGroupsResetToDefault: BOOLEAN, NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, NewDeviceGroupsState: PTOKEN_GROUPS, UserBufferLength: ULONG, PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, DeviceBufferLength: ULONG, PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, DeviceGroupsBufferLength: ULONG, PreviousDeviceGroups: PTOKEN_GROUPS, UserReturnLength: PULONG, DeviceReturnLength: PULONG, DeviceGroupsReturnBufferLength: PULONG, ) -> NTSTATUS; fn NtFilterToken( ExistingTokenHandle: HANDLE, Flags: ULONG, SidsToDisable: PTOKEN_GROUPS, PrivilegesToDelete: PTOKEN_PRIVILEGES, RestrictedSids: PTOKEN_GROUPS, NewTokenHandle: PHANDLE, ) -> NTSTATUS; fn NtFilterTokenEx( ExistingTokenHandle: HANDLE, Flags: ULONG, SidsToDisable: PTOKEN_GROUPS, PrivilegesToDelete: PTOKEN_PRIVILEGES, RestrictedSids: PTOKEN_GROUPS, DisableUserClaimsCount: ULONG, UserClaimsToDisable: PUNICODE_STRING, DisableDeviceClaimsCount: ULONG, DeviceClaimsToDisable: PUNICODE_STRING, DeviceGroupsToDisable: PTOKEN_GROUPS, RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, RestrictedDeviceGroups: PTOKEN_GROUPS, NewTokenHandle: PHANDLE, ) -> NTSTATUS; fn NtCompareTokens( FirstTokenHandle: HANDLE, SecondTokenHandle: HANDLE, Equal: PBOOLEAN, ) -> NTSTATUS; fn NtPrivilegeCheck( ClientToken: HANDLE, RequiredPrivileges: PPRIVILEGE_SET, Result: PBOOLEAN, ) -> NTSTATUS; fn NtImpersonateAnonymousToken( ThreadHandle: HANDLE, ) -> NTSTATUS; fn NtQuerySecurityAttributesToken( TokenHandle: HANDLE, Attributes: PUNICODE_STRING, NumberOfAttributes: ULONG, Buffer: PVOID, Length: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtAccessCheck( SecurityDescriptor: PSECURITY_DESCRIPTOR, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, GenericMapping: PGENERIC_MAPPING, PrivilegeSet: PPRIVILEGE_SET, PrivilegeSetLength: PULONG, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, ) -> NTSTATUS; fn NtAccessCheckByType( SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, PrivilegeSet: PPRIVILEGE_SET, PrivilegeSetLength: PULONG, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, ) -> NTSTATUS; fn NtAccessCheckByTypeResultList( SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, PrivilegeSet: PPRIVILEGE_SET, PrivilegeSetLength: PULONG, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, ) -> NTSTATUS; fn NtSetCachedSigningLevel( Flags: ULONG, InputSigningLevel: SE_SIGNING_LEVEL, SourceFiles: PHANDLE, SourceFileCount: ULONG, TargetFile: HANDLE, ) -> NTSTATUS; fn NtGetCachedSigningLevel( File: HANDLE, Flags: PULONG, SigningLevel: PSE_SIGNING_LEVEL, Thumbprint: PUCHAR, ThumbprintSize: PULONG, ThumbprintAlgorithm: PULONG, ) -> NTSTATUS; fn NtAccessCheckAndAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, DesiredAccess: ACCESS_MASK, GenericMapping: PGENERIC_MAPPING, ObjectCreation: BOOLEAN, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn NtAccessCheckByTypeAndAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, DesiredAccess: ACCESS_MASK, AuditType: AUDIT_EVENT_TYPE, Flags: ULONG, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, ObjectCreation: BOOLEAN, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn NtAccessCheckByTypeResultListAndAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, DesiredAccess: ACCESS_MASK, AuditType: AUDIT_EVENT_TYPE, Flags: ULONG, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, ObjectCreation: BOOLEAN, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn NtAccessCheckByTypeResultListAndAuditAlarmByHandle( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ClientToken: HANDLE, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, DesiredAccess: ACCESS_MASK, AuditType: AUDIT_EVENT_TYPE, Flags: ULONG, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, ObjectCreation: BOOLEAN, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn NtOpenObjectAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, GrantedAccess: ACCESS_MASK, Privileges: PPRIVILEGE_SET, ObjectCreation: BOOLEAN, AccessGranted: BOOLEAN, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn NtPrivilegeObjectAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, Privileges: PPRIVILEGE_SET, AccessGranted: BOOLEAN, ) -> NTSTATUS; fn NtCloseObjectAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, GenerateOnClose: BOOLEAN, ) -> NTSTATUS; fn NtDeleteObjectAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, GenerateOnClose: BOOLEAN, ) -> NTSTATUS; fn NtPrivilegedServiceAuditAlarm( SubsystemName: PUNICODE_STRING, ServiceName: PUNICODE_STRING, ClientToken: HANDLE, Privileges: PPRIVILEGE_SET, AccessGranted: BOOLEAN, ) -> NTSTATUS; }} ntapi-0.4.0/src/ntsmss.rs000064400000000000000000000007160072674642500134600ustar 00000000000000use crate::ntlpcapi::PPORT_MESSAGE; use winapi::shared::minwindef::DWORD; use winapi::shared::ntdef::{HANDLE, NTSTATUS, PHANDLE, PUNICODE_STRING}; EXTERN!{extern "system" { fn RtlConnectToSm( ApiPortName: PUNICODE_STRING, ApiPortHandle: HANDLE, ProcessImageType: DWORD, SmssConnection: PHANDLE, ) -> NTSTATUS; fn RtlSendMsgToSm( ApiPortHandle: HANDLE, MessageData: PPORT_MESSAGE, ) -> NTSTATUS; }} ntapi-0.4.0/src/nttmapi.rs000064400000000000000000000200400072674642500135750ustar 00000000000000use winapi::shared::basetsd::ULONG_PTR; use winapi::shared::guiddef::LPGUID; use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION}; use winapi::shared::ntdef::{ BOOLEAN, HANDLE, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, PUNICODE_STRING, PVOID, ULONG, }; use winapi::um::winnt::{ ACCESS_MASK, ENLISTMENT_INFORMATION_CLASS, KTMOBJECT_TYPE, PKTMOBJECT_CURSOR, RESOURCEMANAGER_INFORMATION_CLASS, TRANSACTIONMANAGER_INFORMATION_CLASS, TRANSACTION_INFORMATION_CLASS, }; EXTERN!{extern "system" { fn NtCreateTransactionManager( TmHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, LogFileName: PUNICODE_STRING, CreateOptions: ULONG, CommitStrength: ULONG, ) -> NTSTATUS; fn NtOpenTransactionManager( TmHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, LogFileName: PUNICODE_STRING, TmIdentity: LPGUID, OpenOptions: ULONG, ) -> NTSTATUS; fn NtRenameTransactionManager( LogFileName: PUNICODE_STRING, ExistingTransactionManagerGuid: LPGUID, ) -> NTSTATUS; fn NtRollforwardTransactionManager( TransactionManagerHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn NtRecoverTransactionManager( TransactionManagerHandle: HANDLE, ) -> NTSTATUS; fn NtQueryInformationTransactionManager( TransactionManagerHandle: HANDLE, TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, TransactionManagerInformation: PVOID, TransactionManagerInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtSetInformationTransactionManager( TmHandle: HANDLE, TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, TransactionManagerInformation: PVOID, TransactionManagerInformationLength: ULONG, ) -> NTSTATUS; fn NtEnumerateTransactionObject( RootObjectHandle: HANDLE, QueryType: KTMOBJECT_TYPE, ObjectCursor: PKTMOBJECT_CURSOR, ObjectCursorLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtCreateTransaction( TransactionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, Uow: LPGUID, TmHandle: HANDLE, CreateOptions: ULONG, IsolationLevel: ULONG, IsolationFlags: ULONG, Timeout: PLARGE_INTEGER, Description: PUNICODE_STRING, ) -> NTSTATUS; fn NtOpenTransaction( TransactionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, Uow: LPGUID, TmHandle: HANDLE, ) -> NTSTATUS; fn NtQueryInformationTransaction( TransactionHandle: HANDLE, TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, TransactionInformation: PVOID, TransactionInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtSetInformationTransaction( TransactionHandle: HANDLE, TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, TransactionInformation: PVOID, TransactionInformationLength: ULONG, ) -> NTSTATUS; fn NtCommitTransaction( TransactionHandle: HANDLE, Wait: BOOLEAN, ) -> NTSTATUS; fn NtRollbackTransaction( TransactionHandle: HANDLE, Wait: BOOLEAN, ) -> NTSTATUS; fn NtCreateEnlistment( EnlistmentHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ResourceManagerHandle: HANDLE, TransactionHandle: HANDLE, ObjectAttributes: POBJECT_ATTRIBUTES, CreateOptions: ULONG, NotificationMask: NOTIFICATION_MASK, EnlistmentKey: PVOID, ) -> NTSTATUS; fn NtOpenEnlistment( EnlistmentHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ResourceManagerHandle: HANDLE, EnlistmentGuid: LPGUID, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtQueryInformationEnlistment( EnlistmentHandle: HANDLE, EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, EnlistmentInformation: PVOID, EnlistmentInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtSetInformationEnlistment( EnlistmentHandle: HANDLE, EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, EnlistmentInformation: PVOID, EnlistmentInformationLength: ULONG, ) -> NTSTATUS; fn NtRecoverEnlistment( EnlistmentHandle: HANDLE, EnlistmentKey: PVOID, ) -> NTSTATUS; fn NtPrePrepareEnlistment( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn NtPrepareEnlistment( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn NtCommitEnlistment( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn NtRollbackEnlistment( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn NtPrePrepareComplete( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn NtPrepareComplete( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn NtCommitComplete( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn NtReadOnlyEnlistment( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn NtRollbackComplete( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn NtSinglePhaseReject( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn NtCreateResourceManager( ResourceManagerHandle: PHANDLE, DesiredAccess: ACCESS_MASK, TmHandle: HANDLE, RmGuid: LPGUID, ObjectAttributes: POBJECT_ATTRIBUTES, CreateOptions: ULONG, Description: PUNICODE_STRING, ) -> NTSTATUS; fn NtOpenResourceManager( ResourceManagerHandle: PHANDLE, DesiredAccess: ACCESS_MASK, TmHandle: HANDLE, ResourceManagerGuid: LPGUID, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn NtRecoverResourceManager( ResourceManagerHandle: HANDLE, ) -> NTSTATUS; fn NtGetNotificationResourceManager( ResourceManagerHandle: HANDLE, TransactionNotification: PTRANSACTION_NOTIFICATION, NotificationLength: ULONG, Timeout: PLARGE_INTEGER, ReturnLength: PULONG, Asynchronous: ULONG, AsynchronousContext: ULONG_PTR, ) -> NTSTATUS; fn NtQueryInformationResourceManager( ResourceManagerHandle: HANDLE, ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, ResourceManagerInformation: PVOID, ResourceManagerInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtSetInformationResourceManager( ResourceManagerHandle: HANDLE, ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, ResourceManagerInformation: PVOID, ResourceManagerInformationLength: ULONG, ) -> NTSTATUS; fn NtRegisterProtocolAddressInformation( ResourceManager: HANDLE, ProtocolId: PCRM_PROTOCOL_ID, ProtocolInformationSize: ULONG, ProtocolInformation: PVOID, CreateOptions: ULONG, ) -> NTSTATUS; fn NtPropagationComplete( ResourceManagerHandle: HANDLE, RequestCookie: ULONG, BufferLength: ULONG, Buffer: PVOID, ) -> NTSTATUS; fn NtPropagationFailed( ResourceManagerHandle: HANDLE, RequestCookie: ULONG, PropStatus: NTSTATUS, ) -> NTSTATUS; fn NtFreezeTransactions( FreezeTimeout: PLARGE_INTEGER, ThawTimeout: PLARGE_INTEGER, ) -> NTSTATUS; fn NtThawTransactions() -> NTSTATUS; }} ntapi-0.4.0/src/nttp.rs000064400000000000000000000126140072674642500131160ustar 00000000000000use crate::ntioapi::PIO_STATUS_BLOCK; use winapi::shared::ntdef::{HANDLE, LOGICAL, LONG, NTSTATUS, PLARGE_INTEGER, PVOID}; use winapi::um::winnt::{ PRTL_CRITICAL_SECTION, PTP_CALLBACK_ENVIRON, PTP_CALLBACK_INSTANCE, PTP_CLEANUP_GROUP, PTP_IO, PTP_POOL, PTP_POOL_STACK_INFORMATION, PTP_SIMPLE_CALLBACK, PTP_TIMER, PTP_TIMER_CALLBACK, PTP_WAIT, PTP_WAIT_CALLBACK, PTP_WORK, PTP_WORK_CALLBACK, }; #[repr(C)] pub struct TP_ALPC([u8; 0]); pub type PTP_ALPC = *mut TP_ALPC; FN!{stdcall PTP_ALPC_CALLBACK( Instance: PTP_CALLBACK_INSTANCE, Context: PVOID, Alpc: PTP_ALPC, ) -> ()} FN!{stdcall PTP_ALPC_CALLBACK_EX( Instanc: PTP_CALLBACK_INSTANCE, Contex: PVOID, Alp: PTP_ALPC, ApcContext: PVOID, ) -> ()} EXTERN!{extern "system" { fn TpAllocPool( PoolReturn: *mut PTP_POOL, Reserved: PVOID, ) -> NTSTATUS; fn TpReleasePool( Pool: PTP_POOL, ); fn TpSetPoolMaxThreads( Pool: PTP_POOL, MaxThreads: LONG, ); fn TpSetPoolMinThreads( Pool: PTP_POOL, MinThreads: LONG, ) -> NTSTATUS; fn TpQueryPoolStackInformation( Pool: PTP_POOL, PoolStackInformation: PTP_POOL_STACK_INFORMATION, ) -> NTSTATUS; fn TpSetPoolStackInformation( Pool: PTP_POOL, PoolStackInformation: PTP_POOL_STACK_INFORMATION, ) -> NTSTATUS; fn TpAllocCleanupGroup( CleanupGroupReturn: *mut PTP_CLEANUP_GROUP, ) -> NTSTATUS; fn TpReleaseCleanupGroup( CleanupGroup: PTP_CLEANUP_GROUP, ); fn TpReleaseCleanupGroupMembers( CleanupGroup: PTP_CLEANUP_GROUP, CancelPendingCallbacks: LOGICAL, CleanupParameter: PVOID, ); fn TpCallbackSetEventOnCompletion( Instance: PTP_CALLBACK_INSTANCE, Event: HANDLE, ); fn TpCallbackReleaseSemaphoreOnCompletion( Instance: PTP_CALLBACK_INSTANCE, Semaphore: HANDLE, ReleaseCount: LONG, ); fn TpCallbackReleaseMutexOnCompletion( Instance: PTP_CALLBACK_INSTANCE, Mutex: HANDLE, ); fn TpCallbackLeaveCriticalSectionOnCompletion( Instance: PTP_CALLBACK_INSTANCE, CriticalSection: PRTL_CRITICAL_SECTION, ); fn TpCallbackUnloadDllOnCompletion( Instance: PTP_CALLBACK_INSTANCE, DllHandle: PVOID, ); fn TpCallbackMayRunLong( Instance: PTP_CALLBACK_INSTANCE, ) -> NTSTATUS; fn TpDisassociateCallback( Instance: PTP_CALLBACK_INSTANCE, ); fn TpSimpleTryPost( Callback: PTP_SIMPLE_CALLBACK, Context: PVOID, CallbackEnviron: PTP_CALLBACK_ENVIRON, ) -> NTSTATUS; fn TpAllocWork( WorkReturn: *mut PTP_WORK, Callback: PTP_WORK_CALLBACK, Context: PVOID, CallbackEnviron: PTP_CALLBACK_ENVIRON, ) -> NTSTATUS; fn TpReleaseWork( Work: PTP_WORK, ); fn TpPostWork( Work: PTP_WORK, ); fn TpWaitForWork( Work: PTP_WORK, CancelPendingCallbacks: LOGICAL, ); fn TpAllocTimer( Timer: *mut PTP_TIMER, Callback: PTP_TIMER_CALLBACK, Context: PVOID, CallbackEnviron: PTP_CALLBACK_ENVIRON, ) -> NTSTATUS; fn TpReleaseTimer( Timer: PTP_TIMER, ); fn TpSetTimer( Timer: PTP_TIMER, DueTime: PLARGE_INTEGER, Period: LONG, WindowLength: LONG, ); fn TpIsTimerSet( Timer: PTP_TIMER, ) -> LOGICAL; fn TpWaitForTimer( Timer: PTP_TIMER, CancelPendingCallbacks: LOGICAL, ); fn TpAllocWait( WaitReturn: *mut PTP_WAIT, Callback: PTP_WAIT_CALLBACK, Context: PVOID, CallbackEnviron: PTP_CALLBACK_ENVIRON, ) -> NTSTATUS; fn TpReleaseWait( Wait: PTP_WAIT, ); fn TpSetWait( Wait: PTP_WAIT, Handle: HANDLE, Timeout: PLARGE_INTEGER, ); fn TpWaitForWait( Wait: PTP_WAIT, CancelPendingCallbacks: LOGICAL, ); }} FN!{stdcall PTP_IO_CALLBACK( Instance: PTP_CALLBACK_INSTANCE, Context: PVOID, ApcContext: PVOID, IoSB: PIO_STATUS_BLOCK, Io: PTP_IO, ) -> ()} EXTERN!{extern "system" { fn TpAllocIoCompletion( IoReturn: *mut PTP_IO, File: HANDLE, Callback: PTP_IO_CALLBACK, Context: PVOID, CallbackEnviron: PTP_CALLBACK_ENVIRON, ) -> NTSTATUS; fn TpReleaseIoCompletion( Io: PTP_IO, ); fn TpStartAsyncIoOperation( Io: PTP_IO, ); fn TpCancelAsyncIoOperation( Io: PTP_IO, ); fn TpWaitForIoCompletion( Io: PTP_IO, CancelPendingCallbacks: LOGICAL, ); fn TpAllocAlpcCompletion( AlpcReturn: *mut PTP_ALPC, AlpcPort: HANDLE, Callback: PTP_ALPC_CALLBACK, Context: PVOID, CallbackEnviron: PTP_CALLBACK_ENVIRON, ) -> NTSTATUS; fn TpAllocAlpcCompletionEx( AlpcReturn: *mut PTP_ALPC, AlpcPort: HANDLE, Callback: PTP_ALPC_CALLBACK_EX, Context: PVOID, CallbackEnviron: PTP_CALLBACK_ENVIRON, ) -> NTSTATUS; fn TpReleaseAlpcCompletion( Alpc: PTP_ALPC, ); fn TpWaitForAlpcCompletion( Alpc: PTP_ALPC, ); }} ENUM!{enum TP_TRACE_TYPE { TpTraceThreadPriority = 1, TpTraceThreadAffinity = 2, MaxTpTraceType = 3, }} EXTERN!{extern "system" { fn TpCaptureCaller( Type: TP_TRACE_TYPE, ); fn TpCheckTerminateWorker( Thread: HANDLE, ); }} ntapi-0.4.0/src/ntwow64.rs000064400000000000000000000422420072674642500134610ustar 00000000000000use core::mem::size_of; use crate::ntapi_base::CLIENT_ID32; use crate::ntldr::{LDR_DDAG_STATE, LDR_DLL_LOAD_REASON}; use crate::ntpsapi::GDI_HANDLE_BUFFER32; use crate::ntrtl::RTL_MAX_DRIVE_LETTERS; use crate::string::{UTF16Const, UTF8Const}; use winapi::shared::guiddef::GUID; use winapi::shared::ntdef::{ BOOLEAN, CHAR, LARGE_INTEGER, LCID, LIST_ENTRY32, LONG, NTSTATUS, PROCESSOR_NUMBER, SINGLE_LIST_ENTRY32, STRING32, UCHAR, ULARGE_INTEGER, ULONG, ULONGLONG, UNICODE_STRING, UNICODE_STRING32, USHORT, WCHAR, }; use winapi::um::winnt::{FLS_MAXIMUM_AVAILABLE, NT_TIB32}; pub const WOW64_SYSTEM_DIRECTORY: UTF8Const = UTF8Const("SysWOW64\0"); /// "SysWOW64" pub const WOW64_SYSTEM_DIRECTORY_U: UTF16Const = UTF16Const(&[ 0x0053, 0x0079, 0x0073, 0x0057, 0x004F, 0x0057, 0x0036, 0x0034, 0u16, ]); pub const WOW64_X86_TAG: UTF8Const = UTF8Const(" (x86)\0"); /// " (x86)" pub const WOW64_X86_TAG_U: UTF16Const = UTF16Const(&[ 0x0020, 0x0028, 0x0078, 0x0038, 0x0036, 0x0029, 0u16, ]); ENUM!{enum WOW64_SHARED_INFORMATION { SharedNtdll32LdrInitializeThunk = 0, SharedNtdll32KiUserExceptionDispatcher = 1, SharedNtdll32KiUserApcDispatcher = 2, SharedNtdll32KiUserCallbackDispatcher = 3, SharedNtdll32ExpInterlockedPopEntrySListFault = 4, SharedNtdll32ExpInterlockedPopEntrySListResume = 5, SharedNtdll32ExpInterlockedPopEntrySListEnd = 6, SharedNtdll32RtlUserThreadStart = 7, SharedNtdll32pQueryProcessDebugInformationRemote = 8, SharedNtdll32BaseAddress = 9, SharedNtdll32LdrSystemDllInitBlock = 10, Wow64SharedPageEntriesCount = 11, }} STRUCT!{struct RTL_BALANCED_NODE32_u_s { Left: ULONG, // WOW64_POINTER Right: ULONG, // WOW64_POINTER }} UNION!{union RTL_BALANCED_NODE32_u { Children: [ULONG; 2], // WOW64_POINTER s: RTL_BALANCED_NODE32_u_s, }} STRUCT!{struct RTL_BALANCED_NODE32 { u: RTL_BALANCED_NODE32_u, ParentValue: ULONG, }} pub type PRTL_BALANCED_NODE32 = *mut RTL_BALANCED_NODE32; STRUCT!{struct RTL_RB_TREE32 { Root: ULONG, // WOW64_POINTER Min: ULONG, // WOW64_POINTER }} pub type PRTL_RB_TREE32 = *mut RTL_RB_TREE32; STRUCT!{struct PEB_LDR_DATA32 { Length: ULONG, Initialized: BOOLEAN, SsHandle: ULONG, InLoadOrderModuleList: LIST_ENTRY32, InMemoryOrderModuleList: LIST_ENTRY32, InInitializationOrderModuleList: LIST_ENTRY32, EntryInProgress: ULONG, ShutdownInProgress: BOOLEAN, ShutdownThreadId: ULONG, }} pub type PPEB_LDR_DATA32 = *mut PEB_LDR_DATA32; STRUCT!{struct LDR_SERVICE_TAG_RECORD32 { Next: ULONG, ServiceTag: ULONG, }} pub type PLDR_SERVICE_TAG_RECORD32 = *mut LDR_SERVICE_TAG_RECORD32; STRUCT!{struct LDRP_CSLIST32 { Tail: ULONG, // WOW64_POINTER }} pub type PLDRP_CSLIST32 = *mut LDRP_CSLIST32; UNION!{union LDR_DDAG_NODE32_u { Dependencies: LDRP_CSLIST32, RemovalLink: SINGLE_LIST_ENTRY32, }} STRUCT!{struct LDR_DDAG_NODE32 { Modules: LIST_ENTRY32, ServiceTagList: ULONG, // WOW64_POINTER LoadCount: ULONG, LoadWhileUnloadingCount: ULONG, LowestLink: ULONG, u: LDR_DDAG_NODE32_u, IncomingDependencies: LDRP_CSLIST32, State: LDR_DDAG_STATE, CondenseLink: SINGLE_LIST_ENTRY32, PreorderNumber: ULONG, }} pub type PLDR_DDAG_NODE32 = *mut LDR_DDAG_NODE32; pub const LDR_DATA_TABLE_ENTRY_SIZE_WINXP_32: usize = 80; pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN7_32: usize = 144; pub const LDR_DATA_TABLE_ENTRY_SIZE_WIN8_32: usize = 152; UNION!{union LDR_DATA_TABLE_ENTRY32_u1 { InInitializationOrderLinks: LIST_ENTRY32, InProgressLinks: LIST_ENTRY32, }} UNION!{union LDR_DATA_TABLE_ENTRY32_u2 { FlagGroup: [UCHAR; 4], Flags: ULONG, }} STRUCT!{struct LDR_DATA_TABLE_ENTRY32 { InLoadOrderLinks: LIST_ENTRY32, InMemoryOrderLinks: LIST_ENTRY32, u1: LDR_DATA_TABLE_ENTRY32_u1, DllBase: ULONG, // WOW64_POINTER EntryPoint: ULONG, // WOW64_POINTER SizeOfImage: ULONG, FullDllName: UNICODE_STRING32, BaseDllName: UNICODE_STRING32, u2: LDR_DATA_TABLE_ENTRY32_u2, ObsoleteLoadCount: USHORT, TlsIndex: USHORT, HashLinks: LIST_ENTRY32, TimeDateStamp: ULONG, EntryPointActivationContext: ULONG, // WOW64_POINTER Lock: ULONG, // WOW64_POINTER DdagNode: ULONG, // WOW64_POINTER NodeModuleLink: LIST_ENTRY32, LoadContext: ULONG, // WOW64_POINTER ParentDllBase: ULONG, // WOW64_POINTER SwitchBackContext: ULONG, // WOW64_POINTER BaseAddressIndexNode: RTL_BALANCED_NODE32, MappingInfoIndexNode: RTL_BALANCED_NODE32, OriginalBase: ULONG, LoadTime: LARGE_INTEGER, BaseNameHashValue: ULONG, LoadReason: LDR_DLL_LOAD_REASON, ImplicitPathOptions: ULONG, ReferenceCount: ULONG, DependentLoadFlags: ULONG, SigningLevel: UCHAR, }} BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY32_u2 Flags: ULONG [ PackagedBinary set_PackagedBinary[0..1], MarkedForRemoval set_MarkedForRemoval[1..2], ImageDll set_ImageDll[2..3], LoadNotificationsSent set_LoadNotificationsSent[3..4], TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5], ProcessStaticImport set_ProcessStaticImport[5..6], InLegacyLists set_InLegacyLists[6..7], InIndexes set_InIndexes[7..8], ShimDll set_ShimDll[8..9], InExceptionTable set_InExceptionTable[9..10], ReservedFlags1 set_ReservedFlags1[10..12], LoadInProgress set_LoadInProgress[12..13], LoadConfigProcessed set_LoadConfigProcessed[13..14], EntryProcessed set_EntryProcessed[14..15], ProtectDelayLoad set_ProtectDelayLoad[15..16], ReservedFlags3 set_ReservedFlags3[16..18], DontCallForThreads set_DontCallForThreads[18..19], ProcessAttachCalled set_ProcessAttachCalled[19..20], ProcessAttachFailed set_ProcessAttachFailed[20..21], CorDeferredValidate set_CorDeferredValidate[21..22], CorImage set_CorImage[22..23], DontRelocate set_DontRelocate[23..24], CorILOnly set_CorILOnly[24..25], ReservedFlags5 set_ReservedFlags5[25..28], Redirected set_Redirected[28..29], ReservedFlags6 set_ReservedFlags6[29..31], CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32], ]} pub type PLDR_DATA_TABLE_ENTRY32 = *mut LDR_DATA_TABLE_ENTRY32; STRUCT!{struct CURDIR32 { DosPath: UNICODE_STRING32, Handle: ULONG, // WOW64_POINTER }} pub type PCURDIR32 = *mut CURDIR32; STRUCT!{struct RTL_DRIVE_LETTER_CURDIR32 { Flags: USHORT, Length: USHORT, TimeStamp: ULONG, DosPath: STRING32, }} pub type PRTL_DRIVE_LETTER_CURDIR32 = *mut RTL_DRIVE_LETTER_CURDIR32; STRUCT!{struct RTL_USER_PROCESS_PARAMETERS32 { MaximumLength: ULONG, Length: ULONG, Flags: ULONG, DebugFlags: ULONG, ConsoleHandle: ULONG, // WOW64_POINTER ConsoleFlags: ULONG, StandardInput: ULONG, // WOW64_POINTER StandardOutput: ULONG, // WOW64_POINTER StandardError: ULONG, // WOW64_POINTER CurrentDirectory: CURDIR32, DllPath: UNICODE_STRING32, ImagePathName: UNICODE_STRING32, CommandLine: UNICODE_STRING32, Environment: ULONG, // WOW64_POINTER StartingX: ULONG, StartingY: ULONG, CountX: ULONG, CountY: ULONG, CountCharsX: ULONG, CountCharsY: ULONG, FillAttribute: ULONG, WindowFlags: ULONG, ShowWindowFlags: ULONG, WindowTitle: UNICODE_STRING32, DesktopInfo: UNICODE_STRING32, ShellInfo: UNICODE_STRING32, RuntimeData: UNICODE_STRING32, CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR32; RTL_MAX_DRIVE_LETTERS], EnvironmentSize: ULONG, EnvironmentVersion: ULONG, PackageDependencyData: ULONG, // WOW64_POINTER ProcessGroupId: ULONG, LoaderThreads: ULONG, }} pub type PRTL_USER_PROCESS_PARAMETERS32 = *mut RTL_USER_PROCESS_PARAMETERS32; UNION!{union PEB32_u { KernelCallbackTable: ULONG, // WOW64_POINTER UserSharedInfoPtr: ULONG, // WOW64_POINTER }} STRUCT!{struct PEB32 { InheritedAddressSpace: BOOLEAN, ReadImageFileExecOptions: BOOLEAN, BeingDebugged: BOOLEAN, BitField: BOOLEAN, Mutant: ULONG, // WOW64_POINTER ImageBaseAddress: ULONG, // WOW64_POINTER Ldr: ULONG, // WOW64_POINTER ProcessParameters: ULONG, // WOW64_POINTER SubSystemData: ULONG, // WOW64_POINTER ProcessHeap: ULONG, // WOW64_POINTER FastPebLock: ULONG, // WOW64_POINTER AtlThunkSListPtr: ULONG, // WOW64_POINTER IFEOKey: ULONG, // WOW64_POINTER CrossProcessFlags: ULONG, u: PEB32_u, SystemReserved: [ULONG; 1], AtlThunkSListPtr32: ULONG, ApiSetMap: ULONG, // WOW64_POINTER TlsExpansionCounter: ULONG, TlsBitmap: ULONG, // WOW64_POINTER TlsBitmapBits: [ULONG; 2], ReadOnlySharedMemoryBase: ULONG, // WOW64_POINTER HotpatchInformation: ULONG, // WOW64_POINTER ReadOnlyStaticServerData: ULONG, // WOW64_POINTER AnsiCodePageData: ULONG, // WOW64_POINTER OemCodePageData: ULONG, // WOW64_POINTER UnicodeCaseTableData: ULONG, // WOW64_POINTER NumberOfProcessors: ULONG, NtGlobalFlag: ULONG, CriticalSectionTimeout: LARGE_INTEGER, HeapSegmentReserve: ULONG, HeapSegmentCommit: ULONG, HeapDeCommitTotalFreeThreshold: ULONG, HeapDeCommitFreeBlockThreshold: ULONG, NumberOfHeaps: ULONG, MaximumNumberOfHeaps: ULONG, ProcessHeaps: ULONG, // WOW64_POINTER GdiSharedHandleTable: ULONG, // WOW64_POINTER ProcessStarterHelper: ULONG, // WOW64_POINTER GdiDCAttributeList: ULONG, LoaderLock: ULONG, // WOW64_POINTER OSMajorVersion: ULONG, OSMinorVersion: ULONG, OSBuildNumber: USHORT, OSCSDVersion: USHORT, OSPlatformId: ULONG, ImageSubsystem: ULONG, ImageSubsystemMajorVersion: ULONG, ImageSubsystemMinorVersion: ULONG, ActiveProcessAffinityMask: ULONG, GdiHandleBuffer: GDI_HANDLE_BUFFER32, PostProcessInitRoutine: ULONG, // WOW64_POINTER TlsExpansionBitmap: ULONG, // WOW64_POINTER TlsExpansionBitmapBits: [ULONG; 32], SessionId: ULONG, AppCompatFlags: ULARGE_INTEGER, AppCompatFlagsUser: ULARGE_INTEGER, pShimData: ULONG, // WOW64_POINTER AppCompatInfo: ULONG, // WOW64_POINTER CSDVersion: UNICODE_STRING32, ActivationContextData: ULONG, // WOW64_POINTER ProcessAssemblyStorageMap: ULONG, // WOW64_POINTER SystemDefaultActivationContextData: ULONG, // WOW64_POINTER SystemAssemblyStorageMap: ULONG, // WOW64_POINTER MinimumStackCommit: ULONG, FlsCallback: ULONG, // WOW64_POINTER FlsListHead: LIST_ENTRY32, FlsBitmap: ULONG, // WOW64_POINTER FlsBitmapBits: [ULONG; FLS_MAXIMUM_AVAILABLE as usize / (size_of::() * 8)], FlsHighIndex: ULONG, WerRegistrationData: ULONG, // WOW64_POINTER WerShipAssertPtr: ULONG, // WOW64_POINTER pContextData: ULONG, // WOW64_POINTER pImageHeaderHash: ULONG, // WOW64_POINTER TracingFlags: ULONG, CsrServerReadOnlySharedMemoryBase: ULONGLONG, TppWorkerpListLock: ULONG, // WOW64_POINTER TppWorkerpList: LIST_ENTRY32, WaitOnAddressHashTable: [ULONG; 128], // WOW64_POINTER TelemetryCoverageHeader: ULONG, // WOW64_POINTER CloudFileFlags: ULONG, CloudFileDiagFlags: ULONG, PlaceholderCompatibilityMode: CHAR, PlaceholderCompatibilityModeReserved: [CHAR; 7], }} BITFIELD!{PEB32 BitField: BOOLEAN [ ImageUsesLargePages set_ImageUsesLargePages[0..1], IsProtectedProcess set_IsProtectedProcess[1..2], IsImageDynamicallyRelocated set_IsImageDynamicallyRelocated[2..3], SkipPatchingUser32Forwarders set_SkipPatchingUser32Forwarders[3..4], IsPackagedProcess set_IsPackagedProcess[4..5], IsAppContainer set_IsAppContainer[5..6], IsProtectedProcessLight set_IsProtectedProcessLight[6..7], IsLongPathAwareProcess set_IsLongPathAwareProcess[7..8], ]} BITFIELD!{PEB32 CrossProcessFlags: ULONG [ ProcessInJob set_ProcessInJob[0..1], ProcessInitializing set_ProcessInitializing[1..2], ProcessUsingVEH set_ProcessUsingVEH[2..3], ProcessUsingVCH set_ProcessUsingVCH[3..4], ProcessUsingFTH set_ProcessUsingFTH[4..5], ReservedBits0 set_ReservedBits0[5..32], ]} BITFIELD!{PEB32 TracingFlags: ULONG [ HeapTracingEnabled set_HeapTracingEnabled[0..1], CritSecTracingEnabled set_CritSecTracingEnabled[1..2], LibLoaderTracingEnabled set_LibLoaderTracingEnabled[2..3], SpareTracingBits set_SpareTracingBits[3..32], ]} pub type PPEB32 = *mut PEB32; pub const GDI_BATCH_BUFFER_SIZE: usize = 310; STRUCT!{struct GDI_TEB_BATCH32 { Offset: ULONG, HDC: ULONG, Buffer: [ULONG; GDI_BATCH_BUFFER_SIZE], }} pub type PGDI_TEB_BATCH32 = *mut GDI_TEB_BATCH32; STRUCT!{struct TEB32_u_s { ReservedPad0: UCHAR, ReservedPad1: UCHAR, ReservedPad2: UCHAR, IdealProcessor: UCHAR, }} UNION!{union TEB32_u { CurrentIdealProcessor: PROCESSOR_NUMBER, IdealProcessorValue: ULONG, s: TEB32_u_s, }} STRUCT!{struct TEB32 { NtTib: NT_TIB32, EnvironmentPointer: ULONG, // WOW64_POINTER ClientId: CLIENT_ID32, ActiveRpcHandle: ULONG, // WOW64_POINTER ThreadLocalStoragePointer: ULONG, // WOW64_POINTER ProcessEnvironmentBlock: ULONG, // WOW64_POINTER LastErrorValue: ULONG, CountOfOwnedCriticalSections: ULONG, CsrClientThread: ULONG, // WOW64_POINTER Win32ThreadInfo: ULONG, // WOW64_POINTER User32Reserved: [ULONG; 26], UserReserved: [ULONG; 5], WOW32Reserved: ULONG, // WOW64_POINTER CurrentLocale: LCID, FpSoftwareStatusRegister: ULONG, ReservedForDebuggerInstrumentation: [ULONG; 16], // WOW64_POINTER SystemReserved1: [ULONG; 36], // WOW64_POINTER WorkingOnBehalfTicket: [UCHAR; 8], ExceptionCode: NTSTATUS, ActivationContextStackPointer: ULONG, // WOW64_POINTER InstrumentationCallbackSp: ULONG, InstrumentationCallbackPreviousPc: ULONG, InstrumentationCallbackPreviousSp: ULONG, InstrumentationCallbackDisabled: BOOLEAN, SpareBytes: [UCHAR; 23], TxFsContext: ULONG, GdiTebBatch: GDI_TEB_BATCH32, RealClientId: CLIENT_ID32, GdiCachedProcessHandle: ULONG, // WOW64_POINTER GdiClientPID: ULONG, GdiClientTID: ULONG, GdiThreadLocalInfo: ULONG, // WOW64_POINTER Win32ClientInfo: [ULONG; 62], glDispatchTable: [ULONG; 233], // WOW64_POINTER glReserved1: [ULONG; 29], // WOW64_POINTER glReserved2: ULONG, // WOW64_POINTER glSectionInfo: ULONG, // WOW64_POINTER glSection: ULONG, // WOW64_POINTER glTable: ULONG, // WOW64_POINTER glCurrentRC: ULONG, // WOW64_POINTER glContext: ULONG, // WOW64_POINTER LastStatusValue: NTSTATUS, StaticUnicodeString: UNICODE_STRING32, StaticUnicodeBuffer: [WCHAR; 261], DeallocationStack: ULONG, // WOW64_POINTER TlsSlots: [ULONG; 64], // WOW64_POINTER TlsLinks: LIST_ENTRY32, Vdm: ULONG, // WOW64_POINTER ReservedForNtRpc: ULONG, // WOW64_POINTER DbgSsReserved: [ULONG; 2], // WOW64_POINTER HardErrorMode: ULONG, Instrumentation: [ULONG; 9], // WOW64_POINTER ActivityId: GUID, SubProcessTag: ULONG, // WOW64_POINTER PerflibData: ULONG, // WOW64_POINTER EtwTraceData: ULONG, // WOW64_POINTER WinSockData: ULONG, // WOW64_POINTER GdiBatchCount: ULONG, u: TEB32_u, GuaranteedStackBytes: ULONG, ReservedForPerf: ULONG, // WOW64_POINTER ReservedForOle: ULONG, // WOW64_POINTER WaitingOnLoaderLock: ULONG, SavedPriorityState: ULONG, // WOW64_POINTER ReservedForCodeCoverage: ULONG, ThreadPoolData: ULONG, // WOW64_POINTER TlsExpansionSlots: ULONG, // WOW64_POINTER MuiGeneration: ULONG, IsImpersonating: ULONG, NlsCache: ULONG, // WOW64_POINTER pShimData: ULONG, // WOW64_POINTER HeapVirtualAffinity: USHORT, LowFragHeapDataSlot: USHORT, CurrentTransactionHandle: ULONG, // WOW64_POINTER ActiveFrame: ULONG, // WOW64_POINTER FlsData: ULONG, // WOW64_POINTER PreferredLanguages: ULONG, // WOW64_POINTER UserPrefLanguages: ULONG, // WOW64_POINTER MergedPrefLanguages: ULONG, // WOW64_POINTER MuiImpersonation: ULONG, CrossTebFlags: USHORT, SameTebFlags: USHORT, TxnScopeEnterCallback: ULONG, // WOW64_POINTER TxnScopeExitCallback: ULONG, // WOW64_POINTER TxnScopeContext: ULONG, // WOW64_POINTER LockCount: ULONG, WowTebOffset: LONG, ResourceRetValue: ULONG, // WOW64_POINTER ReservedForWdf: ULONG, // WOW64_POINTER ReservedForCrt: ULONGLONG, EffectiveContainerId: GUID, }} BITFIELD!{TEB32 SameTebFlags: USHORT [ SafeThunkCall set_SafeThunkCall[0..1], InDebugPrint set_InDebugPrint[1..2], HasFiberData set_HasFiberData[2..3], SkipThreadAttach set_SkipThreadAttach[3..4], WerInShipAssertCode set_WerInShipAssertCode[4..5], RanProcessInit set_RanProcessInit[5..6], ClonedThread set_ClonedThread[6..7], SuppressDebugMsg set_SuppressDebugMsg[7..8], DisableUserStackWalk set_DisableUserStackWalk[8..9], RtlExceptionAttached set_RtlExceptionAttached[9..10], InitialThread set_InitialThread[10..11], SessionAware set_SessionAware[11..12], LoadOwner set_LoadOwner[12..13], LoaderWorker set_LoaderWorker[13..14], SpareSameTebBits set_SpareSameTebBits[14..16], ]} pub type PTEB32 = *mut TEB32; #[inline] pub fn UStr32ToUStr( Destination: &mut UNICODE_STRING, Source: &UNICODE_STRING32, ) { Destination.Length = Source.Length; Destination.MaximumLength = Source.MaximumLength; Destination.Buffer = Source.Buffer as *mut u16; } #[inline] pub fn UStrToUStr32( Destination: &mut UNICODE_STRING32, Source: &UNICODE_STRING, ) { Destination.Length = Source.Length; Destination.MaximumLength = Source.MaximumLength; Destination.Buffer = Source.Buffer as u32; } ntapi-0.4.0/src/ntxcapi.rs000064400000000000000000000014450072674642500135770ustar 00000000000000use winapi::shared::ntdef::{BOOLEAN, NTSTATUS, PSTR, PVOID, ULONG}; use winapi::um::winnt::{PCONTEXT, PEXCEPTION_RECORD}; EXTERN!{extern "system" { fn RtlDispatchException( ExceptionRecord: PEXCEPTION_RECORD, ContextRecord: PCONTEXT, ) -> BOOLEAN; fn RtlRaiseStatus( Status: NTSTATUS, ); fn RtlRaiseException( ExceptionRecord: PEXCEPTION_RECORD, ); fn NtContinue( ContextRecord: PCONTEXT, TestAlert: BOOLEAN, ) -> NTSTATUS; fn NtRaiseException( ExceptionRecord: PEXCEPTION_RECORD, ContextRecord: PCONTEXT, FirstChance: BOOLEAN, ) -> NTSTATUS; fn RtlAssert( VoidFailedAssertion: PVOID, VoidFileName: PVOID, LineNumber: ULONG, MutableMessage: PSTR, ); }} ntapi-0.4.0/src/ntzwapi.rs000064400000000000000000002461700072674642500136330ustar 00000000000000use crate::ntapi_base::{PCLIENT_ID, PRTL_ATOM, RTL_ATOM}; use crate::ntdbg::DEBUGOBJECTINFOCLASS; use crate::ntexapi::{ ATOM_INFORMATION_CLASS, EVENT_INFORMATION_CLASS, MUTANT_INFORMATION_CLASS, PBOOT_ENTRY, PBOOT_OPTIONS, PCWNF_TYPE_ID, PEFI_DRIVER_ENTRY, PFILE_PATH, PT2_CANCEL_PARAMETERS, PT2_SET_PARAMETERS, PTIMER_APC_ROUTINE, PWNF_CHANGE_STAMP, PWNF_DELIVERY_DESCRIPTOR, SEMAPHORE_INFORMATION_CLASS, SHUTDOWN_ACTION, SYSDBG_COMMAND, SYSTEM_INFORMATION_CLASS, TIMER_INFORMATION_CLASS, TIMER_SET_INFORMATION_CLASS, WNF_CHANGE_STAMP, WNF_DATA_SCOPE, WNF_STATE_NAME_INFORMATION, WNF_STATE_NAME_LIFETIME, WORKERFACTORYINFOCLASS, }; use crate::ntioapi::{ FILE_INFORMATION_CLASS, FILE_IO_COMPLETION_INFORMATION, FS_INFORMATION_CLASS, IO_COMPLETION_INFORMATION_CLASS, IO_SESSION_EVENT, IO_SESSION_STATE, PFILE_BASIC_INFORMATION, PFILE_IO_COMPLETION_INFORMATION, PFILE_NETWORK_OPEN_INFORMATION, PIO_APC_ROUTINE, PIO_STATUS_BLOCK, }; use crate::ntkeapi::KPROFILE_SOURCE; use crate::ntlpcapi::{ ALPC_HANDLE, ALPC_MESSAGE_INFORMATION_CLASS, ALPC_PORT_INFORMATION_CLASS, PALPC_CONTEXT_ATTR, PALPC_DATA_VIEW_ATTR, PALPC_HANDLE, PALPC_MESSAGE_ATTRIBUTES, PALPC_PORT_ATTRIBUTES, PALPC_SECURITY_ATTR, PORT_INFORMATION_CLASS, PPORT_MESSAGE, PPORT_VIEW, PREMOTE_PORT_VIEW, }; use crate::ntmisc::VDMSERVICECLASS; use crate::ntmmapi::{ MEMORY_INFORMATION_CLASS, MEMORY_PARTITION_INFORMATION_CLASS, PMEMORY_RANGE_ENTRY, SECTION_INFORMATION_CLASS, SECTION_INHERIT, VIRTUAL_MEMORY_INFORMATION_CLASS, }; use crate::ntobapi::OBJECT_INFORMATION_CLASS; use crate::ntpnpapi::{PLUGPLAY_CONTROL_CLASS, PPLUGPLAY_EVENT_BLOCK}; use crate::ntpsapi::{ MEMORY_RESERVE_TYPE, PINITIAL_TEB, PPS_APC_ROUTINE, PPS_ATTRIBUTE_LIST, PPS_CREATE_INFO, PROCESSINFOCLASS, THREADINFOCLASS, }; use crate::ntregapi::{ KEY_INFORMATION_CLASS, KEY_SET_INFORMATION_CLASS, KEY_VALUE_INFORMATION_CLASS, PKEY_VALUE_ENTRY, }; use crate::ntseapi::PTOKEN_SECURITY_ATTRIBUTES_INFORMATION; use winapi::shared::basetsd::{ KAFFINITY, PSIZE_T, PULONG64, PULONG_PTR, SIZE_T, ULONG64, ULONG_PTR, }; use winapi::shared::guiddef::LPGUID; use winapi::shared::ktmtypes::{NOTIFICATION_MASK, PCRM_PROTOCOL_ID, PTRANSACTION_NOTIFICATION}; use winapi::shared::ntdef::{ BOOLEAN, EVENT_TYPE, HANDLE, LANGID, LCID, LOGICAL, LONG, NTSTATUS, OBJECT_ATTRIBUTES, PBOOLEAN, PCHAR, PCWNF_STATE_NAME, PGROUP_AFFINITY, PHANDLE, PLARGE_INTEGER, PLCID, PLONG, PLUID, PNTSTATUS, POBJECT_ATTRIBUTES, PUCHAR, PULARGE_INTEGER, PULONG, PULONGLONG, PUNICODE_STRING, PUSHORT, PVOID, PWNF_STATE_NAME, PWSTR, TIMER_TYPE, ULONG, USHORT, VOID, WAIT_TYPE, }; use winapi::um::winnt::{ ACCESS_MASK, AUDIT_EVENT_TYPE, ENLISTMENT_INFORMATION_CLASS, EXECUTION_STATE, JOBOBJECTINFOCLASS, KTMOBJECT_TYPE, LATENCY_TIME, PACCESS_MASK, PCONTEXT, PDEVICE_POWER_STATE, PEXCEPTION_RECORD, PFILE_SEGMENT_ELEMENT, PGENERIC_MAPPING, PJOB_SET_ARRAY, PKTMOBJECT_CURSOR, POBJECT_TYPE_LIST, POWER_ACTION, POWER_INFORMATION_LEVEL, PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, PSECURITY_QUALITY_OF_SERVICE, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES, PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER, PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, RESOURCEMANAGER_INFORMATION_CLASS, SECURITY_INFORMATION, SE_SIGNING_LEVEL, SYSTEM_POWER_STATE, TOKEN_INFORMATION_CLASS, TOKEN_TYPE, TRANSACTIONMANAGER_INFORMATION_CLASS, TRANSACTION_INFORMATION_CLASS, }; EXTERN!{extern "system" { fn ZwAcceptConnectPort( PortHandle: PHANDLE, PortContext: PVOID, ConnectionRequest: PPORT_MESSAGE, AcceptConnection: BOOLEAN, ServerView: PPORT_VIEW, ClientView: PREMOTE_PORT_VIEW, ) -> NTSTATUS; fn ZwAccessCheck( SecurityDescriptor: PSECURITY_DESCRIPTOR, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, GenericMapping: PGENERIC_MAPPING, PrivilegeSet: PPRIVILEGE_SET, PrivilegeSetLength: PULONG, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, ) -> NTSTATUS; fn ZwAccessCheckAndAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, DesiredAccess: ACCESS_MASK, GenericMapping: PGENERIC_MAPPING, ObjectCreation: BOOLEAN, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn ZwAccessCheckByType( SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, PrivilegeSet: PPRIVILEGE_SET, PrivilegeSetLength: PULONG, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, ) -> NTSTATUS; fn ZwAccessCheckByTypeAndAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, DesiredAccess: ACCESS_MASK, AuditType: AUDIT_EVENT_TYPE, Flags: ULONG, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, ObjectCreation: BOOLEAN, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn ZwAccessCheckByTypeResultList( SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, PrivilegeSet: PPRIVILEGE_SET, PrivilegeSetLength: PULONG, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, ) -> NTSTATUS; fn ZwAccessCheckByTypeResultListAndAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, DesiredAccess: ACCESS_MASK, AuditType: AUDIT_EVENT_TYPE, Flags: ULONG, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, ObjectCreation: BOOLEAN, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn ZwAccessCheckByTypeResultListAndAuditAlarmByHandle( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ClientToken: HANDLE, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, DesiredAccess: ACCESS_MASK, AuditType: AUDIT_EVENT_TYPE, Flags: ULONG, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, ObjectCreation: BOOLEAN, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn ZwAcquireCMFViewOwnership( TimeStamp: PULONGLONG, tokenTaken: PBOOLEAN, replaceExisting: BOOLEAN, ) -> NTSTATUS; fn ZwAddAtom( AtomName: PWSTR, Length: ULONG, Atom: PRTL_ATOM, ) -> NTSTATUS; fn ZwAddAtomEx( AtomName: PWSTR, Length: ULONG, Atom: PRTL_ATOM, Flags: ULONG, ) -> NTSTATUS; fn ZwAddBootEntry( BootEntry: PBOOT_ENTRY, Id: PULONG, ) -> NTSTATUS; fn ZwAddDriverEntry( DriverEntry: PEFI_DRIVER_ENTRY, Id: PULONG, ) -> NTSTATUS; fn ZwAdjustGroupsToken( TokenHandle: HANDLE, ResetToDefault: BOOLEAN, NewState: PTOKEN_GROUPS, BufferLength: ULONG, PreviousState: PTOKEN_GROUPS, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwAdjustPrivilegesToken( TokenHandle: HANDLE, DisableAllPrivileges: BOOLEAN, NewState: PTOKEN_PRIVILEGES, BufferLength: ULONG, PreviousState: PTOKEN_PRIVILEGES, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwAdjustTokenClaimsAndDeviceGroups( TokenHandle: HANDLE, UserResetToDefault: BOOLEAN, DeviceResetToDefault: BOOLEAN, DeviceGroupsResetToDefault: BOOLEAN, NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, NewDeviceGroupsState: PTOKEN_GROUPS, UserBufferLength: ULONG, PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, DeviceBufferLength: ULONG, PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, DeviceGroupsBufferLength: ULONG, PreviousDeviceGroups: PTOKEN_GROUPS, UserReturnLength: PULONG, DeviceReturnLength: PULONG, DeviceGroupsReturnBufferLength: PULONG, ) -> NTSTATUS; fn ZwAlertResumeThread( ThreadHandle: HANDLE, PreviousSuspendCount: PULONG, ) -> NTSTATUS; fn ZwAlertThread( ThreadHandle: HANDLE, ) -> NTSTATUS; fn ZwAlertThreadByThreadId( ThreadId: HANDLE, ) -> NTSTATUS; fn ZwAllocateLocallyUniqueId( Luid: PLUID, ) -> NTSTATUS; fn ZwAllocateReserveObject( MemoryReserveHandle: PHANDLE, ObjectAttributes: POBJECT_ATTRIBUTES, Type: MEMORY_RESERVE_TYPE, ) -> NTSTATUS; fn ZwAllocateUserPhysicalPages( ProcessHandle: HANDLE, NumberOfPages: PULONG_PTR, UserPfnArray: PULONG_PTR, ) -> NTSTATUS; fn ZwAllocateUuids( Time: PULARGE_INTEGER, Range: PULONG, Sequence: PULONG, Seed: PCHAR, ) -> NTSTATUS; fn ZwAllocateVirtualMemory( ProcessHandle: HANDLE, BaseAddress: *mut PVOID, ZeroBits: ULONG_PTR, RegionSize: PSIZE_T, AllocationType: ULONG, Protect: ULONG, ) -> NTSTATUS; fn ZwAlpcAcceptConnectPort( PortHandle: PHANDLE, ConnectionPortHandle: HANDLE, Flags: ULONG, ObjectAttributes: POBJECT_ATTRIBUTES, PortAttributes: PALPC_PORT_ATTRIBUTES, PortContext: PVOID, ConnectionRequest: PPORT_MESSAGE, ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, AcceptConnection: BOOLEAN, ) -> NTSTATUS; fn ZwAlpcCancelMessage( PortHandle: HANDLE, Flags: ULONG, MessageContext: PALPC_CONTEXT_ATTR, ) -> NTSTATUS; fn ZwAlpcConnectPort( PortHandle: PHANDLE, PortName: PUNICODE_STRING, ObjectAttributes: POBJECT_ATTRIBUTES, PortAttributes: PALPC_PORT_ATTRIBUTES, Flags: ULONG, RequiredServerSid: PSID, ConnectionMessage: PPORT_MESSAGE, BufferLength: PULONG, OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwAlpcConnectPortEx( PortHandle: PHANDLE, ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES, ClientPortObjectAttributes: POBJECT_ATTRIBUTES, PortAttributes: PALPC_PORT_ATTRIBUTES, Flags: ULONG, ServerSecurityRequirements: PSECURITY_DESCRIPTOR, ConnectionMessage: PPORT_MESSAGE, BufferLength: PSIZE_T, OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwAlpcCreatePort( PortHandle: PHANDLE, ObjectAttributes: POBJECT_ATTRIBUTES, PortAttributes: PALPC_PORT_ATTRIBUTES, ) -> NTSTATUS; fn ZwAlpcCreatePortSection( PortHandle: HANDLE, Flags: ULONG, SectionHandle: HANDLE, SectionSize: SIZE_T, AlpcSectionHandle: PALPC_HANDLE, ActualSectionSize: PSIZE_T, ) -> NTSTATUS; fn ZwAlpcCreateResourceReserve( PortHandle: HANDLE, Flags: ULONG, MessageSize: SIZE_T, ResourceId: PALPC_HANDLE, ) -> NTSTATUS; fn ZwAlpcCreateSectionView( PortHandle: HANDLE, Flags: ULONG, ViewAttributes: PALPC_DATA_VIEW_ATTR, ) -> NTSTATUS; fn ZwAlpcCreateSecurityContext( PortHandle: HANDLE, Flags: ULONG, SecurityAttribute: PALPC_SECURITY_ATTR, ) -> NTSTATUS; fn ZwAlpcDeletePortSection( PortHandle: HANDLE, Flags: ULONG, SectionHandle: ALPC_HANDLE, ) -> NTSTATUS; fn ZwAlpcDeleteResourceReserve( PortHandle: HANDLE, Flags: ULONG, ResourceId: ALPC_HANDLE, ) -> NTSTATUS; fn ZwAlpcDeleteSectionView( PortHandle: HANDLE, Flags: ULONG, ViewBase: PVOID, ) -> NTSTATUS; fn ZwAlpcDeleteSecurityContext( PortHandle: HANDLE, Flags: ULONG, ContextHandle: ALPC_HANDLE, ) -> NTSTATUS; fn ZwAlpcDisconnectPort( PortHandle: HANDLE, Flags: ULONG, ) -> NTSTATUS; fn ZwAlpcImpersonateClientContainerOfPort( PortHandle: HANDLE, Message: PPORT_MESSAGE, Flags: ULONG, ) -> NTSTATUS; fn ZwAlpcImpersonateClientOfPort( PortHandle: HANDLE, Message: PPORT_MESSAGE, Flags: PVOID, ) -> NTSTATUS; fn ZwAlpcOpenSenderProcess( ProcessHandle: PHANDLE, PortHandle: HANDLE, PortMessage: PPORT_MESSAGE, Flags: ULONG, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwAlpcOpenSenderThread( ThreadHandle: PHANDLE, PortHandle: HANDLE, PortMessage: PPORT_MESSAGE, Flags: ULONG, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwAlpcQueryInformation( PortHandle: HANDLE, PortInformationClass: ALPC_PORT_INFORMATION_CLASS, PortInformation: PVOID, Length: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwAlpcQueryInformationMessage( PortHandle: HANDLE, PortMessage: PPORT_MESSAGE, MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS, MessageInformation: PVOID, Length: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwAlpcRevokeSecurityContext( PortHandle: HANDLE, Flags: ULONG, ContextHandle: ALPC_HANDLE, ) -> NTSTATUS; fn ZwAlpcSendWaitReceivePort( PortHandle: HANDLE, Flags: ULONG, SendMessageA: PPORT_MESSAGE, SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, ReceiveMessage: PPORT_MESSAGE, BufferLength: PSIZE_T, ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwAlpcSetInformation( PortHandle: HANDLE, PortInformationClass: ALPC_PORT_INFORMATION_CLASS, PortInformation: PVOID, Length: ULONG, ) -> NTSTATUS; fn ZwAreMappedFilesTheSame( File1MappedAsAnImage: PVOID, File2MappedAsFile: PVOID, ) -> NTSTATUS; fn ZwAssignProcessToJobObject( JobHandle: HANDLE, ProcessHandle: HANDLE, ) -> NTSTATUS; fn ZwAssociateWaitCompletionPacket( WaitCompletionPacketHandle: HANDLE, IoCompletionHandle: HANDLE, TargetObjectHandle: HANDLE, KeyContext: PVOID, ApcContext: PVOID, IoStatus: NTSTATUS, IoStatusInformation: ULONG_PTR, AlreadySignaled: PBOOLEAN, ) -> NTSTATUS; fn ZwCallbackReturn( OutputBuffer: PVOID, OutputLength: ULONG, Status: NTSTATUS, ) -> NTSTATUS; fn ZwCancelIoFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, ) -> NTSTATUS; fn ZwCancelIoFileEx( FileHandle: HANDLE, IoRequestToCancel: PIO_STATUS_BLOCK, IoStatusBlock: PIO_STATUS_BLOCK, ) -> NTSTATUS; fn ZwCancelSynchronousIoFile( ThreadHandle: HANDLE, IoRequestToCancel: PIO_STATUS_BLOCK, IoStatusBlock: PIO_STATUS_BLOCK, ) -> NTSTATUS; fn ZwCancelTimer( TimerHandle: HANDLE, CurrentState: PBOOLEAN, ) -> NTSTATUS; fn ZwCancelTimer2( TimerHandle: HANDLE, Parameters: PT2_CANCEL_PARAMETERS, ) -> NTSTATUS; fn ZwCancelWaitCompletionPacket( WaitCompletionPacketHandle: HANDLE, RemoveSignaledPacket: BOOLEAN, ) -> NTSTATUS; fn ZwClearEvent( EventHandle: HANDLE, ) -> NTSTATUS; fn ZwClose( Handle: HANDLE, ) -> NTSTATUS; fn ZwCloseObjectAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, GenerateOnClose: BOOLEAN, ) -> NTSTATUS; fn ZwCommitComplete( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwCommitEnlistment( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwCommitTransaction( TransactionHandle: HANDLE, Wait: BOOLEAN, ) -> NTSTATUS; fn ZwCompactKeys( Count: ULONG, KeyArray: *mut HANDLE, ) -> NTSTATUS; fn ZwCompareObjects( FirstObjectHandle: HANDLE, SecondObjectHandle: HANDLE, ) -> NTSTATUS; fn ZwCompareTokens( FirstTokenHandle: HANDLE, SecondTokenHandle: HANDLE, Equal: PBOOLEAN, ) -> NTSTATUS; fn ZwCompleteConnectPort( PortHandle: HANDLE, ) -> NTSTATUS; fn ZwCompressKey( Key: HANDLE, ) -> NTSTATUS; fn ZwConnectPort( PortHandle: PHANDLE, PortName: PUNICODE_STRING, SecurityQos: PSECURITY_QUALITY_OF_SERVICE, ClientView: PPORT_VIEW, ServerView: PREMOTE_PORT_VIEW, MaxMessageLength: PULONG, ConnectionInformation: PVOID, ConnectionInformationLength: PULONG, ) -> NTSTATUS; fn ZwContinue( ContextRecord: PCONTEXT, TestAlert: BOOLEAN, ) -> NTSTATUS; fn ZwCreateDebugObject( DebugObjectHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, Flags: ULONG, ) -> NTSTATUS; fn ZwCreateDirectoryObject( DirectoryHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwCreateDirectoryObjectEx( DirectoryHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ShadowDirectoryHandle: HANDLE, Flags: ULONG, ) -> NTSTATUS; fn ZwCreateEnlistment( EnlistmentHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ResourceManagerHandle: HANDLE, TransactionHandle: HANDLE, ObjectAttributes: POBJECT_ATTRIBUTES, CreateOptions: ULONG, NotificationMask: NOTIFICATION_MASK, EnlistmentKey: PVOID, ) -> NTSTATUS; fn ZwCreateEvent( EventHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, EventType: EVENT_TYPE, InitialState: BOOLEAN, ) -> NTSTATUS; fn ZwCreateEventPair( EventPairHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwCreateFile( FileHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, IoStatusBlock: PIO_STATUS_BLOCK, AllocationSize: PLARGE_INTEGER, FileAttributes: ULONG, ShareAccess: ULONG, CreateDisposition: ULONG, CreateOptions: ULONG, EaBuffer: PVOID, EaLength: ULONG, ) -> NTSTATUS; fn ZwCreateIRTimer( TimerHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ) -> NTSTATUS; fn ZwCreateIoCompletion( IoCompletionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, Count: ULONG, ) -> NTSTATUS; fn ZwCreateJobObject( JobHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwCreateJobSet( NumJob: ULONG, UserJobSet: PJOB_SET_ARRAY, Flags: ULONG, ) -> NTSTATUS; fn ZwCreateKey( KeyHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TitleIndex: ULONG, Class: PUNICODE_STRING, CreateOptions: ULONG, Disposition: PULONG, ) -> NTSTATUS; fn ZwCreateKeyTransacted( KeyHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TitleIndex: ULONG, Class: PUNICODE_STRING, CreateOptions: ULONG, TransactionHandle: HANDLE, Disposition: PULONG, ) -> NTSTATUS; fn ZwCreateKeyedEvent( KeyedEventHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, Flags: ULONG, ) -> NTSTATUS; fn ZwCreateLowBoxToken( TokenHandle: PHANDLE, ExistingTokenHandle: HANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, PackageSid: PSID, CapabilityCount: ULONG, Capabilities: PSID_AND_ATTRIBUTES, HandleCount: ULONG, Handles: *mut HANDLE, ) -> NTSTATUS; fn ZwCreateMailslotFile( FileHandle: PHANDLE, DesiredAccess: ULONG, ObjectAttributes: POBJECT_ATTRIBUTES, IoStatusBlock: PIO_STATUS_BLOCK, CreateOptions: ULONG, MailslotQuota: ULONG, MaximumMessageSize: ULONG, ReadTimeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwCreateMutant( MutantHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, InitialOwner: BOOLEAN, ) -> NTSTATUS; fn ZwCreateNamedPipeFile( FileHandle: PHANDLE, DesiredAccess: ULONG, ObjectAttributes: POBJECT_ATTRIBUTES, IoStatusBlock: PIO_STATUS_BLOCK, ShareAccess: ULONG, CreateDisposition: ULONG, CreateOptions: ULONG, NamedPipeType: ULONG, ReadMode: ULONG, CompletionMode: ULONG, MaximumInstances: ULONG, InboundQuota: ULONG, OutboundQuota: ULONG, DefaultTimeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwCreatePagingFile( PageFileName: PUNICODE_STRING, MinimumSize: PLARGE_INTEGER, MaximumSize: PLARGE_INTEGER, Priority: ULONG, ) -> NTSTATUS; fn ZwCreatePartition( PartitionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, PreferredNode: ULONG, ) -> NTSTATUS; fn ZwCreatePort( PortHandle: PHANDLE, ObjectAttributes: POBJECT_ATTRIBUTES, MaxConnectionInfoLength: ULONG, MaxMessageLength: ULONG, MaxPoolUsage: ULONG, ) -> NTSTATUS; fn ZwCreatePrivateNamespace( NamespaceHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, BoundaryDescriptor: PVOID, ) -> NTSTATUS; fn ZwCreateProcess( ProcessHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ParentProcess: HANDLE, InheritObjectTable: BOOLEAN, SectionHandle: HANDLE, DebugPort: HANDLE, ExceptionPort: HANDLE, ) -> NTSTATUS; fn ZwCreateProcessEx( ProcessHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ParentProcess: HANDLE, Flags: ULONG, SectionHandle: HANDLE, DebugPort: HANDLE, ExceptionPort: HANDLE, JobMemberLevel: ULONG, ) -> NTSTATUS; fn ZwCreateProfile( ProfileHandle: PHANDLE, Process: HANDLE, ProfileBase: PVOID, ProfileSize: SIZE_T, BucketSize: ULONG, Buffer: PULONG, BufferSize: ULONG, ProfileSource: KPROFILE_SOURCE, Affinity: KAFFINITY, ) -> NTSTATUS; fn ZwCreateProfileEx( ProfileHandle: PHANDLE, Process: HANDLE, ProfileBase: PVOID, ProfileSize: SIZE_T, BucketSize: ULONG, Buffer: PULONG, BufferSize: ULONG, ProfileSource: KPROFILE_SOURCE, GroupCount: USHORT, GroupAffinity: PGROUP_AFFINITY, ) -> NTSTATUS; fn ZwCreateResourceManager( ResourceManagerHandle: PHANDLE, DesiredAccess: ACCESS_MASK, TmHandle: HANDLE, ResourceManagerGuid: LPGUID, ObjectAttributes: POBJECT_ATTRIBUTES, CreateOptions: ULONG, Description: PUNICODE_STRING, ) -> NTSTATUS; fn ZwCreateSection( SectionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, MaximumSize: PLARGE_INTEGER, SectionPageProtection: ULONG, AllocationAttributes: ULONG, FileHandle: HANDLE, ) -> NTSTATUS; fn ZwCreateSemaphore( SemaphoreHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, InitialCount: LONG, MaximumCount: LONG, ) -> NTSTATUS; fn ZwCreateSymbolicLinkObject( LinkHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, LinkTarget: PUNICODE_STRING, ) -> NTSTATUS; fn ZwCreateThread( ThreadHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ProcessHandle: HANDLE, ClientId: PCLIENT_ID, ThreadContext: PCONTEXT, InitialTeb: PINITIAL_TEB, CreateSuspended: BOOLEAN, ) -> NTSTATUS; fn ZwCreateThreadEx( ThreadHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ProcessHandle: HANDLE, StartRoutine: PVOID, Argument: PVOID, CreateFlags: ULONG, ZeroBits: SIZE_T, StackSize: SIZE_T, MaximumStackSize: SIZE_T, AttributeList: PPS_ATTRIBUTE_LIST, ) -> NTSTATUS; fn ZwCreateTimer( TimerHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TimerType: TIMER_TYPE, ) -> NTSTATUS; fn ZwCreateTimer2( TimerHandle: PHANDLE, Reserved1: PVOID, Reserved2: PVOID, Attributes: ULONG, DesiredAccess: ACCESS_MASK, ) -> NTSTATUS; fn ZwCreateToken( TokenHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TokenType: TOKEN_TYPE, AuthenticationId: PLUID, ExpirationTime: PLARGE_INTEGER, User: PTOKEN_USER, Groups: PTOKEN_GROUPS, Privileges: PTOKEN_PRIVILEGES, Owner: PTOKEN_OWNER, PrimaryGroup: PTOKEN_PRIMARY_GROUP, DefaultDacl: PTOKEN_DEFAULT_DACL, TokenSource: PTOKEN_SOURCE, ) -> NTSTATUS; fn ZwCreateTokenEx( TokenHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TokenType: TOKEN_TYPE, AuthenticationId: PLUID, ExpirationTime: PLARGE_INTEGER, User: PTOKEN_USER, Groups: PTOKEN_GROUPS, Privileges: PTOKEN_PRIVILEGES, UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, DeviceGroups: PTOKEN_GROUPS, TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY, Owner: PTOKEN_OWNER, PrimaryGroup: PTOKEN_PRIMARY_GROUP, DefaultDacl: PTOKEN_DEFAULT_DACL, TokenSource: PTOKEN_SOURCE, ) -> NTSTATUS; fn ZwCreateTransaction( TransactionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, Uow: LPGUID, TmHandle: HANDLE, CreateOptions: ULONG, IsolationLevel: ULONG, IsolationFlags: ULONG, Timeout: PLARGE_INTEGER, Description: PUNICODE_STRING, ) -> NTSTATUS; fn ZwCreateTransactionManager( TmHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, LogFileName: PUNICODE_STRING, CreateOptions: ULONG, CommitStrength: ULONG, ) -> NTSTATUS; fn ZwCreateUserProcess( ProcessHandle: PHANDLE, ThreadHandle: PHANDLE, ProcessDesiredAccess: ACCESS_MASK, ThreadDesiredAccess: ACCESS_MASK, ProcessObjectAttributes: POBJECT_ATTRIBUTES, ThreadObjectAttributes: POBJECT_ATTRIBUTES, ProcessFlags: ULONG, ThreadFlags: ULONG, ProcessParameters: PVOID, CreateInfo: PPS_CREATE_INFO, AttributeList: PPS_ATTRIBUTE_LIST, ) -> NTSTATUS; fn ZwCreateWaitCompletionPacket( WaitCompletionPacketHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwCreateWaitablePort( PortHandle: PHANDLE, ObjectAttributes: POBJECT_ATTRIBUTES, MaxConnectionInfoLength: ULONG, MaxMessageLength: ULONG, MaxPoolUsage: ULONG, ) -> NTSTATUS; fn ZwCreateWnfStateName( StateName: PWNF_STATE_NAME, NameLifetime: WNF_STATE_NAME_LIFETIME, DataScope: WNF_DATA_SCOPE, PersistData: BOOLEAN, TypeId: PCWNF_TYPE_ID, MaximumStateSize: ULONG, SecurityDescriptor: PSECURITY_DESCRIPTOR, ) -> NTSTATUS; fn ZwCreateWorkerFactory( WorkerFactoryHandleReturn: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, CompletionPortHandle: HANDLE, WorkerProcessHandle: HANDLE, StartRoutine: PVOID, StartParameter: PVOID, MaxThreadCount: ULONG, StackReserve: SIZE_T, StackCommit: SIZE_T, ) -> NTSTATUS; fn ZwDebugActiveProcess( ProcessHandle: HANDLE, DebugObjectHandle: HANDLE, ) -> NTSTATUS; fn ZwDebugContinue( DebugObjectHandle: HANDLE, ClientId: PCLIENT_ID, ContinueStatus: NTSTATUS, ) -> NTSTATUS; fn ZwDelayExecution( Alertable: BOOLEAN, DelayInterval: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwDeleteAtom( Atom: RTL_ATOM, ) -> NTSTATUS; fn ZwDeleteBootEntry( Id: ULONG, ) -> NTSTATUS; fn ZwDeleteDriverEntry( Id: ULONG, ) -> NTSTATUS; fn ZwDeleteFile( ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwDeleteKey( KeyHandle: HANDLE, ) -> NTSTATUS; fn ZwDeleteObjectAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, GenerateOnClose: BOOLEAN, ) -> NTSTATUS; fn ZwDeletePrivateNamespace( NamespaceHandle: HANDLE, ) -> NTSTATUS; fn ZwDeleteValueKey( KeyHandle: HANDLE, ValueName: PUNICODE_STRING, ) -> NTSTATUS; fn ZwDeleteWnfStateData( StateName: PCWNF_STATE_NAME, ExplicitScope: *const VOID, ) -> NTSTATUS; fn ZwDeleteWnfStateName( StateName: PCWNF_STATE_NAME, ) -> NTSTATUS; fn ZwDeviceIoControlFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, IoControlCode: ULONG, InputBuffer: PVOID, InputBufferLength: ULONG, OutputBuffer: PVOID, OutputBufferLength: ULONG, ) -> NTSTATUS; fn ZwDisableLastKnownGood() -> NTSTATUS; fn ZwDisplayString( String: PUNICODE_STRING, ) -> NTSTATUS; fn ZwDrawText( String: PUNICODE_STRING, ) -> NTSTATUS; fn ZwDuplicateObject( SourceProcessHandle: HANDLE, SourceHandle: HANDLE, TargetProcessHandle: HANDLE, TargetHandle: PHANDLE, DesiredAccess: ACCESS_MASK, HandleAttributes: ULONG, Options: ULONG, ) -> NTSTATUS; fn ZwDuplicateToken( ExistingTokenHandle: HANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, EffectiveOnly: BOOLEAN, TokenType: TOKEN_TYPE, NewTokenHandle: PHANDLE, ) -> NTSTATUS; fn ZwEnableLastKnownGood() -> NTSTATUS; fn ZwEnumerateBootEntries( Buffer: PVOID, BufferLength: PULONG, ) -> NTSTATUS; fn ZwEnumerateDriverEntries( Buffer: PVOID, BufferLength: PULONG, ) -> NTSTATUS; fn ZwEnumerateKey( KeyHandle: HANDLE, Index: ULONG, KeyInformationClass: KEY_INFORMATION_CLASS, KeyInformation: PVOID, Length: ULONG, ResultLength: PULONG, ) -> NTSTATUS; fn ZwEnumerateSystemEnvironmentValuesEx( InformationClass: ULONG, Buffer: PVOID, BufferLength: PULONG, ) -> NTSTATUS; fn ZwEnumerateTransactionObject( RootObjectHandle: HANDLE, QueryType: KTMOBJECT_TYPE, ObjectCursor: PKTMOBJECT_CURSOR, ObjectCursorLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwEnumerateValueKey( KeyHandle: HANDLE, Index: ULONG, KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, KeyValueInformation: PVOID, Length: ULONG, ResultLength: PULONG, ) -> NTSTATUS; fn ZwExtendSection( SectionHandle: HANDLE, NewSectionSize: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwFilterToken( ExistingTokenHandle: HANDLE, Flags: ULONG, SidsToDisable: PTOKEN_GROUPS, PrivilegesToDelete: PTOKEN_PRIVILEGES, RestrictedSids: PTOKEN_GROUPS, NewTokenHandle: PHANDLE, ) -> NTSTATUS; fn ZwFilterTokenEx( ExistingTokenHandle: HANDLE, Flags: ULONG, SidsToDisable: PTOKEN_GROUPS, PrivilegesToDelete: PTOKEN_PRIVILEGES, RestrictedSids: PTOKEN_GROUPS, DisableUserClaimsCount: ULONG, UserClaimsToDisable: PUNICODE_STRING, DisableDeviceClaimsCount: ULONG, DeviceClaimsToDisable: PUNICODE_STRING, DeviceGroupsToDisable: PTOKEN_GROUPS, RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, RestrictedDeviceGroups: PTOKEN_GROUPS, NewTokenHandle: PHANDLE, ) -> NTSTATUS; fn ZwFindAtom( AtomName: PWSTR, Length: ULONG, Atom: PRTL_ATOM, ) -> NTSTATUS; fn ZwFlushBuffersFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, ) -> NTSTATUS; fn ZwFlushBuffersFileEx( FileHandle: HANDLE, Flags: ULONG, Parameters: PVOID, ParametersSize: ULONG, IoStatusBlock: PIO_STATUS_BLOCK, ) -> NTSTATUS; fn ZwFlushInstallUILanguage( InstallUILanguage: LANGID, SetComittedFlag: ULONG, ) -> NTSTATUS; fn ZwFlushInstructionCache( ProcessHandle: HANDLE, BaseAddress: PVOID, Length: SIZE_T, ) -> NTSTATUS; fn ZwFlushKey( KeyHandle: HANDLE, ) -> NTSTATUS; fn ZwFlushProcessWriteBuffers(); fn ZwFlushWriteBuffer() -> NTSTATUS; fn ZwFreeUserPhysicalPages( ProcessHandle: HANDLE, NumberOfPages: PULONG_PTR, UserPfnArray: PULONG_PTR, ) -> NTSTATUS; fn ZwFreeVirtualMemory( ProcessHandle: HANDLE, BaseAddress: *mut PVOID, RegionSize: PSIZE_T, FreeType: ULONG, ) -> NTSTATUS; fn ZwFreezeRegistry( TimeOutInSeconds: ULONG, ) -> NTSTATUS; fn ZwFreezeTransactions( FreezeTimeout: PLARGE_INTEGER, ThawTimeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwFsControlFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, FsControlCode: ULONG, InputBuffer: PVOID, InputBufferLength: ULONG, OutputBuffer: PVOID, OutputBufferLength: ULONG, ) -> NTSTATUS; fn ZwGetCachedSigningLevel( File: HANDLE, Flags: PULONG, SigningLevel: PSE_SIGNING_LEVEL, Thumbprint: PUCHAR, ThumbprintSize: PULONG, ThumbprintAlgorithm: PULONG, ) -> NTSTATUS; fn ZwGetCompleteWnfStateSubscription( OldDescriptorStateName: PWNF_STATE_NAME, OldSubscriptionId: *mut ULONG64, OldDescriptorEventMask: ULONG, OldDescriptorStatus: ULONG, NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR, DescriptorSize: ULONG, ) -> NTSTATUS; fn ZwGetContextThread( ThreadHandle: HANDLE, ThreadContext: PCONTEXT, ) -> NTSTATUS; fn ZwGetCurrentProcessorNumber() -> ULONG; fn ZwGetDevicePowerState( Device: HANDLE, State: PDEVICE_POWER_STATE, ) -> NTSTATUS; fn ZwGetMUIRegistryInfo( Flags: ULONG, DataSize: PULONG, Data: PVOID, ) -> NTSTATUS; fn ZwGetNextProcess( ProcessHandle: HANDLE, DesiredAccess: ACCESS_MASK, HandleAttributes: ULONG, Flags: ULONG, NewProcessHandle: PHANDLE, ) -> NTSTATUS; fn ZwGetNextThread( ProcessHandle: HANDLE, ThreadHandle: HANDLE, DesiredAccess: ACCESS_MASK, HandleAttributes: ULONG, Flags: ULONG, NewThreadHandle: PHANDLE, ) -> NTSTATUS; fn ZwGetNlsSectionPtr( SectionType: ULONG, SectionData: ULONG, ContextData: PVOID, SectionPointer: *mut PVOID, SectionSize: PULONG, ) -> NTSTATUS; fn ZwGetNotificationResourceManager( ResourceManagerHandle: HANDLE, TransactionNotification: PTRANSACTION_NOTIFICATION, NotificationLength: ULONG, Timeout: PLARGE_INTEGER, ReturnLength: PULONG, Asynchronous: ULONG, AsynchronousContext: ULONG_PTR, ) -> NTSTATUS; fn ZwGetPlugPlayEvent( EventHandle: HANDLE, Context: PVOID, EventBlock: PPLUGPLAY_EVENT_BLOCK, EventBufferSize: ULONG, ) -> NTSTATUS; fn ZwGetWriteWatch( ProcessHandle: HANDLE, Flags: ULONG, BaseAddress: PVOID, RegionSize: SIZE_T, UserAddressArray: *mut PVOID, EntriesInUserAddressArray: PULONG_PTR, Granularity: PULONG, ) -> NTSTATUS; fn ZwImpersonateAnonymousToken( ThreadHandle: HANDLE, ) -> NTSTATUS; fn ZwImpersonateClientOfPort( PortHandle: HANDLE, Message: PPORT_MESSAGE, ) -> NTSTATUS; fn ZwImpersonateThread( ServerThreadHandle: HANDLE, ClientThreadHandle: HANDLE, SecurityQos: PSECURITY_QUALITY_OF_SERVICE, ) -> NTSTATUS; fn ZwInitializeNlsFiles( BaseAddress: *mut PVOID, DefaultLocaleId: PLCID, DefaultCasingTableSize: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwInitializeRegistry( BootCondition: USHORT, ) -> NTSTATUS; fn ZwInitiatePowerAction( SystemAction: POWER_ACTION, LightestSystemState: SYSTEM_POWER_STATE, Flags: ULONG, Asynchronous: BOOLEAN, ) -> NTSTATUS; fn ZwIsProcessInJob( ProcessHandle: HANDLE, JobHandle: HANDLE, ) -> NTSTATUS; fn ZwIsSystemResumeAutomatic() -> BOOLEAN; fn ZwIsUILanguageComitted() -> NTSTATUS; fn ZwListenPort( PortHandle: HANDLE, ConnectionRequest: PPORT_MESSAGE, ) -> NTSTATUS; fn ZwLoadDriver( DriverServiceName: PUNICODE_STRING, ) -> NTSTATUS; fn ZwLoadKey( TargetKey: POBJECT_ATTRIBUTES, SourceFile: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwLoadKey2( TargetKey: POBJECT_ATTRIBUTES, SourceFile: POBJECT_ATTRIBUTES, Flags: ULONG, ) -> NTSTATUS; fn ZwLoadKeyEx( TargetKey: POBJECT_ATTRIBUTES, SourceFile: POBJECT_ATTRIBUTES, Flags: ULONG, TrustClassKey: HANDLE, Event: HANDLE, DesiredAccess: ACCESS_MASK, RootHandle: PHANDLE, IoStatus: PIO_STATUS_BLOCK, ) -> NTSTATUS; fn ZwLockFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, ByteOffset: PLARGE_INTEGER, Length: PLARGE_INTEGER, Key: ULONG, FailImmediately: BOOLEAN, ExclusiveLock: BOOLEAN, ) -> NTSTATUS; fn ZwLockProductActivationKeys( pPrivateVer: *mut ULONG, pSafeMode: *mut ULONG, ) -> NTSTATUS; fn ZwLockRegistryKey( KeyHandle: HANDLE, ) -> NTSTATUS; fn ZwLockVirtualMemory( ProcessHandle: HANDLE, BaseAddress: *mut PVOID, RegionSize: PSIZE_T, MapType: ULONG, ) -> NTSTATUS; fn ZwMakePermanentObject( Handle: HANDLE, ) -> NTSTATUS; fn ZwMakeTemporaryObject( Handle: HANDLE, ) -> NTSTATUS; fn ZwManagePartition( PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS, PartitionInformation: PVOID, PartitionInformationLength: ULONG, ) -> NTSTATUS; fn ZwMapCMFModule( What: ULONG, Index: ULONG, CacheIndexOut: PULONG, CacheFlagsOut: PULONG, ViewSizeOut: PULONG, BaseAddress: *mut PVOID, ) -> NTSTATUS; fn ZwMapUserPhysicalPages( VirtualAddress: PVOID, NumberOfPages: ULONG_PTR, UserPfnArray: PULONG_PTR, ) -> NTSTATUS; fn ZwMapUserPhysicalPagesScatter( VirtualAddresses: *mut PVOID, NumberOfPages: ULONG_PTR, UserPfnArray: PULONG_PTR, ) -> NTSTATUS; fn ZwMapViewOfSection( SectionHandle: HANDLE, ProcessHandle: HANDLE, BaseAddress: *mut PVOID, ZeroBits: ULONG_PTR, CommitSize: SIZE_T, SectionOffset: PLARGE_INTEGER, ViewSize: PSIZE_T, InheritDisposition: SECTION_INHERIT, AllocationType: ULONG, Win32Protect: ULONG, ) -> NTSTATUS; fn ZwModifyBootEntry( BootEntry: PBOOT_ENTRY, ) -> NTSTATUS; fn ZwModifyDriverEntry( DriverEntry: PEFI_DRIVER_ENTRY, ) -> NTSTATUS; fn ZwNotifyChangeDirectoryFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, CompletionFilter: ULONG, WatchTree: BOOLEAN, ) -> NTSTATUS; fn ZwNotifyChangeKey( KeyHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, CompletionFilter: ULONG, WatchTree: BOOLEAN, Buffer: PVOID, BufferSize: ULONG, Asynchronous: BOOLEAN, ) -> NTSTATUS; fn ZwNotifyChangeMultipleKeys( MasterKeyHandle: HANDLE, Count: ULONG, SubordinateObjects: *mut OBJECT_ATTRIBUTES, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, CompletionFilter: ULONG, WatchTree: BOOLEAN, Buffer: PVOID, BufferSize: ULONG, Asynchronous: BOOLEAN, ) -> NTSTATUS; fn ZwNotifyChangeSession( SessionHandle: HANDLE, ChangeSequenceNumber: ULONG, ChangeTimeStamp: PLARGE_INTEGER, Event: IO_SESSION_EVENT, NewState: IO_SESSION_STATE, PreviousState: IO_SESSION_STATE, Payload: PVOID, PayloadSize: ULONG, ) -> NTSTATUS; fn ZwOpenDirectoryObject( DirectoryHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenEnlistment( EnlistmentHandle: PHANDLE, DesiredAccess: ACCESS_MASK, RmHandle: HANDLE, EnlistmentGuid: LPGUID, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenEvent( EventHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenEventPair( EventPairHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenFile( FileHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, IoStatusBlock: PIO_STATUS_BLOCK, ShareAccess: ULONG, OpenOptions: ULONG, ) -> NTSTATUS; fn ZwOpenIoCompletion( IoCompletionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenJobObject( JobHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenKey( KeyHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenKeyEx( KeyHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, OpenOptions: ULONG, ) -> NTSTATUS; fn ZwOpenKeyTransacted( KeyHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TransactionHandle: HANDLE, ) -> NTSTATUS; fn ZwOpenKeyTransactedEx( KeyHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, OpenOptions: ULONG, TransactionHandle: HANDLE, ) -> NTSTATUS; fn ZwOpenKeyedEvent( KeyedEventHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenMutant( MutantHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenObjectAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, GrantedAccess: ACCESS_MASK, Privileges: PPRIVILEGE_SET, ObjectCreation: BOOLEAN, AccessGranted: BOOLEAN, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn ZwOpenPartition( PartitionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenPrivateNamespace( NamespaceHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, BoundaryDescriptor: PVOID, ) -> NTSTATUS; fn ZwOpenProcess( ProcessHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ClientId: PCLIENT_ID, ) -> NTSTATUS; fn ZwOpenProcessToken( ProcessHandle: HANDLE, DesiredAccess: ACCESS_MASK, TokenHandle: PHANDLE, ) -> NTSTATUS; fn ZwOpenProcessTokenEx( ProcessHandle: HANDLE, DesiredAccess: ACCESS_MASK, HandleAttributes: ULONG, TokenHandle: PHANDLE, ) -> NTSTATUS; fn ZwOpenResourceManager( ResourceManagerHandle: PHANDLE, DesiredAccess: ACCESS_MASK, TmHandle: HANDLE, ResourceManagerGuid: LPGUID, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenSection( SectionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenSemaphore( SemaphoreHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenSession( SessionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenSymbolicLinkObject( LinkHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenThread( ThreadHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ClientId: PCLIENT_ID, ) -> NTSTATUS; fn ZwOpenThreadToken( ThreadHandle: HANDLE, DesiredAccess: ACCESS_MASK, OpenAsSelf: BOOLEAN, TokenHandle: PHANDLE, ) -> NTSTATUS; fn ZwOpenThreadTokenEx( ThreadHandle: HANDLE, DesiredAccess: ACCESS_MASK, OpenAsSelf: BOOLEAN, HandleAttributes: ULONG, TokenHandle: PHANDLE, ) -> NTSTATUS; fn ZwOpenTimer( TimerHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwOpenTransaction( TransactionHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, Uow: LPGUID, TmHandle: HANDLE, ) -> NTSTATUS; fn ZwOpenTransactionManager( TmHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, LogFileName: PUNICODE_STRING, TmIdentity: LPGUID, OpenOptions: ULONG, ) -> NTSTATUS; fn ZwPlugPlayControl( PnPControlClass: PLUGPLAY_CONTROL_CLASS, PnPControlData: PVOID, PnPControlDataLength: ULONG, ) -> NTSTATUS; fn ZwPowerInformation( InformationLevel: POWER_INFORMATION_LEVEL, InputBuffer: PVOID, InputBufferLength: ULONG, OutputBuffer: PVOID, OutputBufferLength: ULONG, ) -> NTSTATUS; fn ZwPrePrepareComplete( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwPrePrepareEnlistment( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwPrepareComplete( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwPrepareEnlistment( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwPrivilegeCheck( ClientToken: HANDLE, RequiredPrivileges: PPRIVILEGE_SET, Result: PBOOLEAN, ) -> NTSTATUS; fn ZwPrivilegeObjectAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, Privileges: PPRIVILEGE_SET, AccessGranted: BOOLEAN, ) -> NTSTATUS; fn ZwPrivilegedServiceAuditAlarm( SubsystemName: PUNICODE_STRING, ServiceName: PUNICODE_STRING, ClientToken: HANDLE, Privileges: PPRIVILEGE_SET, AccessGranted: BOOLEAN, ) -> NTSTATUS; fn ZwPropagationComplete( ResourceManagerHandle: HANDLE, RequestCookie: ULONG, BufferLength: ULONG, Buffer: PVOID, ) -> NTSTATUS; fn ZwPropagationFailed( ResourceManagerHandle: HANDLE, RequestCookie: ULONG, PropStatus: NTSTATUS, ) -> NTSTATUS; fn ZwProtectVirtualMemory( ProcessHandle: HANDLE, BaseAddress: *mut PVOID, RegionSize: PSIZE_T, NewProtect: ULONG, OldProtect: PULONG, ) -> NTSTATUS; fn ZwPulseEvent( EventHandle: HANDLE, PreviousState: PLONG, ) -> NTSTATUS; fn ZwQueryAttributesFile( ObjectAttributes: POBJECT_ATTRIBUTES, FileInformation: PFILE_BASIC_INFORMATION, ) -> NTSTATUS; fn ZwQueryBootEntryOrder( Ids: PULONG, Count: PULONG, ) -> NTSTATUS; fn ZwQueryBootOptions( BootOptions: PBOOT_OPTIONS, BootOptionsLength: PULONG, ) -> NTSTATUS; fn ZwQueryDebugFilterState( ComponentId: ULONG, Level: ULONG, ) -> NTSTATUS; fn ZwQueryDefaultLocale( UserProfile: BOOLEAN, DefaultLocaleId: PLCID, ) -> NTSTATUS; fn ZwQueryDefaultUILanguage( DefaultUILanguageId: *mut LANGID, ) -> NTSTATUS; fn ZwQueryDirectoryFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, FileInformation: PVOID, Length: ULONG, FileInformationClass: FILE_INFORMATION_CLASS, ReturnSingleEntry: BOOLEAN, FileName: PUNICODE_STRING, RestartScan: BOOLEAN, ) -> NTSTATUS; fn ZwQueryDirectoryObject( DirectoryHandle: HANDLE, Buffer: PVOID, Length: ULONG, ReturnSingleEntry: BOOLEAN, RestartScan: BOOLEAN, Context: PULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryDriverEntryOrder( Ids: PULONG, Count: PULONG, ) -> NTSTATUS; fn ZwQueryEaFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, ReturnSingleEntry: BOOLEAN, EaList: PVOID, EaListLength: ULONG, EaIndex: PULONG, RestartScan: BOOLEAN, ) -> NTSTATUS; fn ZwQueryEvent( EventHandle: HANDLE, EventInformationClass: EVENT_INFORMATION_CLASS, EventInformation: PVOID, EventInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryFullAttributesFile( ObjectAttributes: POBJECT_ATTRIBUTES, FileInformation: PFILE_NETWORK_OPEN_INFORMATION, ) -> NTSTATUS; fn ZwQueryInformationAtom( Atom: RTL_ATOM, AtomInformationClass: ATOM_INFORMATION_CLASS, AtomInformation: PVOID, AtomInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryInformationEnlistment( EnlistmentHandle: HANDLE, EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, EnlistmentInformation: PVOID, EnlistmentInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryInformationFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, FileInformation: PVOID, Length: ULONG, FileInformationClass: FILE_INFORMATION_CLASS, ) -> NTSTATUS; fn ZwQueryInformationJobObject( JobHandle: HANDLE, JobObjectInformationClass: JOBOBJECTINFOCLASS, JobObjectInformation: PVOID, JobObjectInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryInformationPort( PortHandle: HANDLE, PortInformationClass: PORT_INFORMATION_CLASS, PortInformation: PVOID, Length: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryInformationProcess( ProcessHandle: HANDLE, ProcessInformationClass: PROCESSINFOCLASS, ProcessInformation: PVOID, ProcessInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryInformationResourceManager( ResourceManagerHandle: HANDLE, ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, ResourceManagerInformation: PVOID, ResourceManagerInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryInformationThread( ThreadHandle: HANDLE, ThreadInformationClass: THREADINFOCLASS, ThreadInformation: PVOID, ThreadInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryInformationToken( TokenHandle: HANDLE, TokenInformationClass: TOKEN_INFORMATION_CLASS, TokenInformation: PVOID, TokenInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryInformationTransaction( TransactionHandle: HANDLE, TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, TransactionInformation: PVOID, TransactionInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryInformationTransactionManager( TransactionManagerHandle: HANDLE, TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, TransactionManagerInformation: PVOID, TransactionManagerInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryInformationWorkerFactory( WorkerFactoryHandle: HANDLE, WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, WorkerFactoryInformation: PVOID, WorkerFactoryInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryInstallUILanguage( InstallUILanguageId: *mut LANGID, ) -> NTSTATUS; fn ZwQueryIntervalProfile( ProfileSource: KPROFILE_SOURCE, Interval: PULONG, ) -> NTSTATUS; fn ZwQueryIoCompletion( IoCompletionHandle: HANDLE, IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS, IoCompletionInformation: PVOID, IoCompletionInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryKey( KeyHandle: HANDLE, KeyInformationClass: KEY_INFORMATION_CLASS, KeyInformation: PVOID, Length: ULONG, ResultLength: PULONG, ) -> NTSTATUS; fn ZwQueryLicenseValue( ValueName: PUNICODE_STRING, Type: PULONG, Data: PVOID, DataSize: ULONG, ResultDataSize: PULONG, ) -> NTSTATUS; fn ZwQueryMultipleValueKey( KeyHandle: HANDLE, ValueEntries: PKEY_VALUE_ENTRY, EntryCount: ULONG, ValueBuffer: PVOID, BufferLength: PULONG, RequiredBufferLength: PULONG, ) -> NTSTATUS; fn ZwQueryMutant( MutantHandle: HANDLE, MutantInformationClass: MUTANT_INFORMATION_CLASS, MutantInformation: PVOID, MutantInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryObject( Handle: HANDLE, ObjectInformationClass: OBJECT_INFORMATION_CLASS, ObjectInformation: PVOID, ObjectInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryOpenSubKeys( TargetKey: POBJECT_ATTRIBUTES, HandleCount: PULONG, ) -> NTSTATUS; fn ZwQueryOpenSubKeysEx( TargetKey: POBJECT_ATTRIBUTES, BufferLength: ULONG, Buffer: PVOID, RequiredSize: PULONG, ) -> NTSTATUS; fn ZwQueryPerformanceCounter( PerformanceCounter: PLARGE_INTEGER, PerformanceFrequency: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwQueryPortInformationProcess() -> NTSTATUS; fn ZwQueryQuotaInformationFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, ReturnSingleEntry: BOOLEAN, SidList: PVOID, SidListLength: ULONG, StartSid: PSID, RestartScan: BOOLEAN, ) -> NTSTATUS; fn ZwQuerySection( SectionHandle: HANDLE, SectionInformationClass: SECTION_INFORMATION_CLASS, SectionInformation: PVOID, SectionInformationLength: SIZE_T, ReturnLength: PSIZE_T, ) -> NTSTATUS; fn ZwQuerySecurityAttributesToken( TokenHandle: HANDLE, Attributes: PUNICODE_STRING, NumberOfAttributes: ULONG, Buffer: PVOID, Length: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQuerySecurityObject( Handle: HANDLE, SecurityInformation: SECURITY_INFORMATION, SecurityDescriptor: PSECURITY_DESCRIPTOR, Length: ULONG, LengthNeeded: PULONG, ) -> NTSTATUS; fn ZwQuerySemaphore( SemaphoreHandle: HANDLE, SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS, SemaphoreInformation: PVOID, SemaphoreInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQuerySymbolicLinkObject( LinkHandle: HANDLE, LinkTarget: PUNICODE_STRING, ReturnedLength: PULONG, ) -> NTSTATUS; fn ZwQuerySystemEnvironmentValue( VariableName: PUNICODE_STRING, VariableValue: PWSTR, ValueLength: USHORT, ReturnLength: PUSHORT, ) -> NTSTATUS; fn ZwQuerySystemEnvironmentValueEx( VariableName: PUNICODE_STRING, VendorGuid: LPGUID, Value: PVOID, ValueLength: PULONG, Attributes: PULONG, ) -> NTSTATUS; fn ZwQuerySystemInformation( SystemInformationClass: SYSTEM_INFORMATION_CLASS, SystemInformation: PVOID, SystemInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQuerySystemInformationEx( SystemInformationClass: SYSTEM_INFORMATION_CLASS, InputBuffer: PVOID, InputBufferLength: ULONG, SystemInformation: PVOID, SystemInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQuerySystemTime( SystemTime: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwQueryTimer( TimerHandle: HANDLE, TimerInformationClass: TIMER_INFORMATION_CLASS, TimerInformation: PVOID, TimerInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwQueryTimerResolution( MaximumTime: PULONG, MinimumTime: PULONG, CurrentTime: PULONG, ) -> NTSTATUS; fn ZwQueryValueKey( KeyHandle: HANDLE, ValueName: PUNICODE_STRING, KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, KeyValueInformation: PVOID, Length: ULONG, ResultLength: PULONG, ) -> NTSTATUS; fn ZwQueryVirtualMemory( ProcessHandle: HANDLE, BaseAddress: PVOID, MemoryInformationClass: MEMORY_INFORMATION_CLASS, MemoryInformation: PVOID, MemoryInformationLength: SIZE_T, ReturnLength: PSIZE_T, ) -> NTSTATUS; fn ZwQueryVolumeInformationFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, FsInformation: PVOID, Length: ULONG, FsInformationClass: FS_INFORMATION_CLASS, ) -> NTSTATUS; fn ZwQueryWnfStateData( StateName: PCWNF_STATE_NAME, TypeId: PCWNF_TYPE_ID, ExplicitScope: *const VOID, ChangeStamp: PWNF_CHANGE_STAMP, Buffer: PVOID, BufferSize: PULONG, ) -> NTSTATUS; fn ZwQueryWnfStateNameInformation( StateName: PCWNF_STATE_NAME, NameInfoClass: WNF_STATE_NAME_INFORMATION, ExplicitScope: *const VOID, InfoBuffer: PVOID, InfoBufferSize: ULONG, ) -> NTSTATUS; fn ZwQueueApcThread( ThreadHandle: HANDLE, ApcRoutine: PPS_APC_ROUTINE, ApcArgument1: PVOID, ApcArgument2: PVOID, ApcArgument3: PVOID, ) -> NTSTATUS; fn ZwQueueApcThreadEx( ThreadHandle: HANDLE, UserApcReserveHandle: HANDLE, ApcRoutine: PPS_APC_ROUTINE, ApcArgument1: PVOID, ApcArgument2: PVOID, ApcArgument3: PVOID, ) -> NTSTATUS; fn ZwRaiseException( ExceptionRecord: PEXCEPTION_RECORD, ContextRecord: PCONTEXT, FirstChance: BOOLEAN, ) -> NTSTATUS; fn ZwRaiseHardError( ErrorStatus: NTSTATUS, NumberOfParameters: ULONG, UnicodeStringParameterMask: ULONG, Parameters: PULONG_PTR, ValidResponseOptions: ULONG, Response: PULONG, ) -> NTSTATUS; fn ZwReadFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, ByteOffset: PLARGE_INTEGER, Key: PULONG, ) -> NTSTATUS; fn ZwReadFileScatter( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, SegmentArray: PFILE_SEGMENT_ELEMENT, Length: ULONG, ByteOffset: PLARGE_INTEGER, Key: PULONG, ) -> NTSTATUS; fn ZwReadOnlyEnlistment( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwReadRequestData( PortHandle: HANDLE, Message: PPORT_MESSAGE, DataEntryIndex: ULONG, Buffer: PVOID, BufferSize: SIZE_T, NumberOfBytesRead: PSIZE_T, ) -> NTSTATUS; fn ZwReadVirtualMemory( ProcessHandle: HANDLE, BaseAddress: PVOID, Buffer: PVOID, BufferSize: SIZE_T, NumberOfBytesRead: PSIZE_T, ) -> NTSTATUS; fn ZwRecoverEnlistment( EnlistmentHandle: HANDLE, EnlistmentKey: PVOID, ) -> NTSTATUS; fn ZwRecoverResourceManager( ResourceManagerHandle: HANDLE, ) -> NTSTATUS; fn ZwRecoverTransactionManager( TransactionManagerHandle: HANDLE, ) -> NTSTATUS; fn ZwRegisterProtocolAddressInformation( ResourceManager: HANDLE, ProtocolId: PCRM_PROTOCOL_ID, ProtocolInformationSize: ULONG, ProtocolInformation: PVOID, CreateOptions: ULONG, ) -> NTSTATUS; fn ZwRegisterThreadTerminatePort( PortHandle: HANDLE, ) -> NTSTATUS; fn ZwReleaseCMFViewOwnership() -> NTSTATUS; fn ZwReleaseKeyedEvent( KeyedEventHandle: HANDLE, KeyValue: PVOID, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwReleaseMutant( MutantHandle: HANDLE, PreviousCount: PLONG, ) -> NTSTATUS; fn ZwReleaseSemaphore( SemaphoreHandle: HANDLE, ReleaseCount: LONG, PreviousCount: PLONG, ) -> NTSTATUS; fn ZwReleaseWorkerFactoryWorker( WorkerFactoryHandle: HANDLE, ) -> NTSTATUS; fn ZwRemoveIoCompletion( IoCompletionHandle: HANDLE, KeyContext: *mut PVOID, ApcContext: *mut PVOID, IoStatusBlock: PIO_STATUS_BLOCK, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwRemoveIoCompletionEx( IoCompletionHandle: HANDLE, IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION, Count: ULONG, NumEntriesRemoved: PULONG, Timeout: PLARGE_INTEGER, Alertable: BOOLEAN, ) -> NTSTATUS; fn ZwRemoveProcessDebug( ProcessHandle: HANDLE, DebugObjectHandle: HANDLE, ) -> NTSTATUS; fn ZwRenameKey( KeyHandle: HANDLE, NewName: PUNICODE_STRING, ) -> NTSTATUS; fn ZwRenameTransactionManager( LogFileName: PUNICODE_STRING, ExistingTransactionManagerGuid: LPGUID, ) -> NTSTATUS; fn ZwReplaceKey( NewFile: POBJECT_ATTRIBUTES, TargetHandle: HANDLE, OldFile: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwReplacePartitionUnit( TargetInstancePath: PUNICODE_STRING, SpareInstancePath: PUNICODE_STRING, Flags: ULONG, ) -> NTSTATUS; fn ZwReplyPort( PortHandle: HANDLE, ReplyMessage: PPORT_MESSAGE, ) -> NTSTATUS; fn ZwReplyWaitReceivePort( PortHandle: HANDLE, PortContext: *mut PVOID, ReplyMessage: PPORT_MESSAGE, ReceiveMessage: PPORT_MESSAGE, ) -> NTSTATUS; fn ZwReplyWaitReceivePortEx( PortHandle: HANDLE, PortContext: *mut PVOID, ReplyMessage: PPORT_MESSAGE, ReceiveMessage: PPORT_MESSAGE, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwReplyWaitReplyPort( PortHandle: HANDLE, ReplyMessage: PPORT_MESSAGE, ) -> NTSTATUS; fn ZwRequestPort( PortHandle: HANDLE, RequestMessage: PPORT_MESSAGE, ) -> NTSTATUS; fn ZwRequestWaitReplyPort( PortHandle: HANDLE, RequestMessage: PPORT_MESSAGE, ReplyMessage: PPORT_MESSAGE, ) -> NTSTATUS; fn ZwRequestWakeupLatency( latency: LATENCY_TIME, ) -> NTSTATUS; fn ZwResetEvent( EventHandle: HANDLE, PreviousState: PLONG, ) -> NTSTATUS; fn ZwResetWriteWatch( ProcessHandle: HANDLE, BaseAddress: PVOID, RegionSize: SIZE_T, ) -> NTSTATUS; fn ZwRestoreKey( KeyHandle: HANDLE, FileHandle: HANDLE, Flags: ULONG, ) -> NTSTATUS; fn ZwResumeProcess( ProcessHandle: HANDLE, ) -> NTSTATUS; fn ZwResumeThread( ThreadHandle: HANDLE, PreviousSuspendCount: PULONG, ) -> NTSTATUS; fn ZwRevertContainerImpersonation() -> NTSTATUS; fn ZwRollbackComplete( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwRollbackEnlistment( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwRollbackTransaction( TransactionHandle: HANDLE, Wait: BOOLEAN, ) -> NTSTATUS; fn ZwRollforwardTransactionManager( TransactionManagerHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwSaveKey( KeyHandle: HANDLE, FileHandle: HANDLE, ) -> NTSTATUS; fn ZwSaveKeyEx( KeyHandle: HANDLE, FileHandle: HANDLE, Format: ULONG, ) -> NTSTATUS; fn ZwSaveMergedKeys( HighPrecedenceKeyHandle: HANDLE, LowPrecedenceKeyHandle: HANDLE, FileHandle: HANDLE, ) -> NTSTATUS; fn ZwSecureConnectPort( PortHandle: PHANDLE, PortName: PUNICODE_STRING, SecurityQos: PSECURITY_QUALITY_OF_SERVICE, ClientView: PPORT_VIEW, RequiredServerSid: PSID, ServerView: PREMOTE_PORT_VIEW, MaxMessageLength: PULONG, ConnectionInformation: PVOID, ConnectionInformationLength: PULONG, ) -> NTSTATUS; fn ZwSerializeBoot() -> NTSTATUS; fn ZwSetBootEntryOrder( Ids: PULONG, Count: ULONG, ) -> NTSTATUS; fn ZwSetBootOptions( BootOptions: PBOOT_OPTIONS, FieldsToChange: ULONG, ) -> NTSTATUS; fn ZwSetCachedSigningLevel( Flags: ULONG, InputSigningLevel: SE_SIGNING_LEVEL, SourceFiles: PHANDLE, SourceFileCount: ULONG, TargetFile: HANDLE, ) -> NTSTATUS; fn ZwSetContextThread( ThreadHandle: HANDLE, ThreadContext: PCONTEXT, ) -> NTSTATUS; fn ZwSetDebugFilterState( ComponentId: ULONG, Level: ULONG, State: BOOLEAN, ) -> NTSTATUS; fn ZwSetDefaultHardErrorPort( DefaultHardErrorPort: HANDLE, ) -> NTSTATUS; fn ZwSetDefaultLocale( UserProfile: BOOLEAN, DefaultLocaleId: LCID, ) -> NTSTATUS; fn ZwSetDefaultUILanguage( DefaultUILanguageId: LANGID, ) -> NTSTATUS; fn ZwSetDriverEntryOrder( Ids: PULONG, Count: ULONG, ) -> NTSTATUS; fn ZwSetEaFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, ) -> NTSTATUS; fn ZwSetEvent( EventHandle: HANDLE, PreviousState: PLONG, ) -> NTSTATUS; fn ZwSetEventBoostPriority( EventHandle: HANDLE, ) -> NTSTATUS; fn ZwSetHighEventPair( EventPairHandle: HANDLE, ) -> NTSTATUS; fn ZwSetHighWaitLowEventPair( EventPairHandle: HANDLE, ) -> NTSTATUS; fn ZwSetIRTimer( TimerHandle: HANDLE, DueTime: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwSetInformationDebugObject( DebugObjectHandle: HANDLE, DebugObjectInformationClass: DEBUGOBJECTINFOCLASS, DebugInformation: PVOID, DebugInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwSetInformationEnlistment( EnlistmentHandle: HANDLE, EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, EnlistmentInformation: PVOID, EnlistmentInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetInformationFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, FileInformation: PVOID, Length: ULONG, FileInformationClass: FILE_INFORMATION_CLASS, ) -> NTSTATUS; fn ZwSetInformationJobObject( JobHandle: HANDLE, JobObjectInformationClass: JOBOBJECTINFOCLASS, JobObjectInformation: PVOID, JobObjectInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetInformationKey( KeyHandle: HANDLE, KeySetInformationClass: KEY_SET_INFORMATION_CLASS, KeySetInformation: PVOID, KeySetInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetInformationObject( Handle: HANDLE, ObjectInformationClass: OBJECT_INFORMATION_CLASS, ObjectInformation: PVOID, ObjectInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetInformationProcess( ProcessHandle: HANDLE, ProcessInformationClass: PROCESSINFOCLASS, ProcessInformation: PVOID, ProcessInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetInformationResourceManager( ResourceManagerHandle: HANDLE, ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, ResourceManagerInformation: PVOID, ResourceManagerInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetInformationThread( ThreadHandle: HANDLE, ThreadInformationClass: THREADINFOCLASS, ThreadInformation: PVOID, ThreadInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetInformationToken( TokenHandle: HANDLE, TokenInformationClass: TOKEN_INFORMATION_CLASS, TokenInformation: PVOID, TokenInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetInformationTransaction( TransactionHandle: HANDLE, TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, TransactionInformation: PVOID, TransactionInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetInformationTransactionManager( TmHandle: HANDLE, TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, TransactionManagerInformation: PVOID, TransactionManagerInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetInformationVirtualMemory( ProcessHandle: HANDLE, VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS, NumberOfEntries: ULONG_PTR, VirtualAddresses: PMEMORY_RANGE_ENTRY, VmInformation: PVOID, VmInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetInformationWorkerFactory( WorkerFactoryHandle: HANDLE, WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, WorkerFactoryInformation: PVOID, WorkerFactoryInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetIntervalProfile( Interval: ULONG, Source: KPROFILE_SOURCE, ) -> NTSTATUS; fn ZwSetIoCompletion( IoCompletionHandle: HANDLE, KeyContext: PVOID, ApcContext: PVOID, IoStatus: NTSTATUS, IoStatusInformation: ULONG_PTR, ) -> NTSTATUS; fn ZwSetIoCompletionEx( IoCompletionHandle: HANDLE, IoCompletionPacketHandle: HANDLE, KeyContext: PVOID, ApcContext: PVOID, IoStatus: NTSTATUS, IoStatusInformation: ULONG_PTR, ) -> NTSTATUS; fn ZwSetLdtEntries( Selector0: ULONG, Entry0Low: ULONG, Entry0Hi: ULONG, Selector1: ULONG, Entry1Low: ULONG, Entry1Hi: ULONG, ) -> NTSTATUS; fn ZwSetLowEventPair( EventPairHandle: HANDLE, ) -> NTSTATUS; fn ZwSetLowWaitHighEventPair( EventPairHandle: HANDLE, ) -> NTSTATUS; fn ZwSetQuotaInformationFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, ) -> NTSTATUS; fn ZwSetSecurityObject( Handle: HANDLE, SecurityInformation: SECURITY_INFORMATION, SecurityDescriptor: PSECURITY_DESCRIPTOR, ) -> NTSTATUS; fn ZwSetSystemEnvironmentValue( VariableName: PUNICODE_STRING, VariableValue: PUNICODE_STRING, ) -> NTSTATUS; fn ZwSetSystemEnvironmentValueEx( VariableName: PUNICODE_STRING, VendorGuid: LPGUID, Value: PVOID, ValueLength: ULONG, Attributes: ULONG, ) -> NTSTATUS; fn ZwSetSystemInformation( SystemInformationClass: SYSTEM_INFORMATION_CLASS, SystemInformation: PVOID, SystemInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetSystemPowerState( SystemAction: POWER_ACTION, LightestSystemState: SYSTEM_POWER_STATE, Flags: ULONG, ) -> NTSTATUS; fn ZwSetSystemTime( SystemTime: PLARGE_INTEGER, PreviousTime: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwSetThreadExecutionState( NewFlags: EXECUTION_STATE, PreviousFlags: *mut EXECUTION_STATE, ) -> NTSTATUS; fn ZwSetTimer( TimerHandle: HANDLE, DueTime: PLARGE_INTEGER, TimerApcRoutine: PTIMER_APC_ROUTINE, TimerContext: PVOID, ResumeTimer: BOOLEAN, Period: LONG, PreviousState: PBOOLEAN, ) -> NTSTATUS; fn ZwSetTimer2( TimerHandle: HANDLE, DueTime: PLARGE_INTEGER, Period: PLARGE_INTEGER, Parameters: PT2_SET_PARAMETERS, ) -> NTSTATUS; fn ZwSetTimerEx( TimerHandle: HANDLE, TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS, TimerSetInformation: PVOID, TimerSetInformationLength: ULONG, ) -> NTSTATUS; fn ZwSetTimerResolution( DesiredTime: ULONG, SetResolution: BOOLEAN, ActualTime: PULONG, ) -> NTSTATUS; fn ZwSetUuidSeed( Seed: PCHAR, ) -> NTSTATUS; fn ZwSetValueKey( KeyHandle: HANDLE, ValueName: PUNICODE_STRING, TitleIndex: ULONG, Type: ULONG, Data: PVOID, DataSize: ULONG, ) -> NTSTATUS; fn ZwSetVolumeInformationFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, FsInformation: PVOID, Length: ULONG, FsInformationClass: FS_INFORMATION_CLASS, ) -> NTSTATUS; fn ZwSetWnfProcessNotificationEvent( NotificationEvent: HANDLE, ) -> NTSTATUS; fn ZwShutdownSystem( Action: SHUTDOWN_ACTION, ) -> NTSTATUS; fn ZwShutdownWorkerFactory( WorkerFactoryHandle: HANDLE, PendingWorkerCount: *mut LONG, ) -> NTSTATUS; fn ZwSignalAndWaitForSingleObject( SignalHandle: HANDLE, WaitHandle: HANDLE, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwSinglePhaseReject( EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwStartProfile( ProfileHandle: HANDLE, ) -> NTSTATUS; fn ZwStopProfile( ProfileHandle: HANDLE, ) -> NTSTATUS; fn ZwSubscribeWnfStateChange( StateName: PCWNF_STATE_NAME, ChangeStamp: WNF_CHANGE_STAMP, EventMask: ULONG, SubscriptionId: PULONG64, ) -> NTSTATUS; fn ZwSuspendProcess( ProcessHandle: HANDLE, ) -> NTSTATUS; fn ZwSuspendThread( ThreadHandle: HANDLE, PreviousSuspendCount: PULONG, ) -> NTSTATUS; fn ZwSystemDebugControl( Command: SYSDBG_COMMAND, InputBuffer: PVOID, InputBufferLength: ULONG, OutputBuffer: PVOID, OutputBufferLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwTerminateJobObject( JobHandle: HANDLE, ExitStatus: NTSTATUS, ) -> NTSTATUS; fn ZwTerminateProcess( ProcessHandle: HANDLE, ExitStatus: NTSTATUS, ) -> NTSTATUS; fn ZwTerminateThread( ThreadHandle: HANDLE, ExitStatus: NTSTATUS, ) -> NTSTATUS; fn ZwTestAlert() -> NTSTATUS; fn ZwThawRegistry() -> NTSTATUS; fn ZwThawTransactions() -> NTSTATUS; fn ZwTraceControl( FunctionCode: ULONG, InBuffer: PVOID, InBufferLen: ULONG, OutBuffer: PVOID, OutBufferLen: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn ZwTraceEvent( TraceHandle: HANDLE, Flags: ULONG, FieldSize: ULONG, Fields: PVOID, ) -> NTSTATUS; fn ZwTranslateFilePath( InputFilePath: PFILE_PATH, OutputType: ULONG, OutputFilePath: PFILE_PATH, OutputFilePathLength: PULONG, ) -> NTSTATUS; fn ZwUmsThreadYield( SchedulerParam: PVOID, ) -> NTSTATUS; fn ZwUnloadDriver( DriverServiceName: PUNICODE_STRING, ) -> NTSTATUS; fn ZwUnloadKey( TargetKey: POBJECT_ATTRIBUTES, ) -> NTSTATUS; fn ZwUnloadKey2( TargetKey: POBJECT_ATTRIBUTES, Flags: ULONG, ) -> NTSTATUS; fn ZwUnloadKeyEx( TargetKey: POBJECT_ATTRIBUTES, Event: HANDLE, ) -> NTSTATUS; fn ZwUnlockFile( FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK, ByteOffset: PLARGE_INTEGER, Length: PLARGE_INTEGER, Key: ULONG, ) -> NTSTATUS; fn ZwUnlockVirtualMemory( ProcessHandle: HANDLE, BaseAddress: *mut PVOID, RegionSize: PSIZE_T, MapType: ULONG, ) -> NTSTATUS; fn ZwUnmapViewOfSection( ProcessHandle: HANDLE, BaseAddress: PVOID, ) -> NTSTATUS; fn ZwUnmapViewOfSectionEx( ProcessHandle: HANDLE, BaseAddress: PVOID, Flags: ULONG, ) -> NTSTATUS; fn ZwUnsubscribeWnfStateChange( StateName: PCWNF_STATE_NAME, ) -> NTSTATUS; fn ZwUpdateWnfStateData( StateName: PCWNF_STATE_NAME, Buffer: *const VOID, Length: ULONG, TypeId: PCWNF_TYPE_ID, ExplicitScope: *const VOID, MatchingChangeStamp: WNF_CHANGE_STAMP, CheckStamp: LOGICAL, ) -> NTSTATUS; fn ZwVdmControl( Service: VDMSERVICECLASS, ServiceData: PVOID, ) -> NTSTATUS; fn ZwWaitForAlertByThreadId( Address: PVOID, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwWaitForDebugEvent( DebugObjectHandle: HANDLE, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, WaitStateChange: PVOID, ) -> NTSTATUS; fn ZwWaitForKeyedEvent( KeyedEventHandle: HANDLE, KeyValue: PVOID, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwWaitForMultipleObjects( Count: ULONG, Handles: *mut HANDLE, WaitType: WAIT_TYPE, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwWaitForMultipleObjects32( Count: ULONG, Handles: *mut LONG, WaitType: WAIT_TYPE, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwWaitForSingleObject( Handle: HANDLE, Alertable: BOOLEAN, Timeout: PLARGE_INTEGER, ) -> NTSTATUS; fn ZwWaitForWorkViaWorkerFactory( WorkerFactoryHandle: HANDLE, MiniPacket: *mut FILE_IO_COMPLETION_INFORMATION, ) -> NTSTATUS; fn ZwWaitHighEventPair( EventPairHandle: HANDLE, ) -> NTSTATUS; fn ZwWaitLowEventPair( EventPairHandle: HANDLE, ) -> NTSTATUS; fn ZwWorkerFactoryWorkerReady( WorkerFactoryHandle: HANDLE, ) -> NTSTATUS; fn ZwWriteFile( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, Buffer: PVOID, Length: ULONG, ByteOffset: PLARGE_INTEGER, Key: PULONG, ) -> NTSTATUS; fn ZwWriteFileGather( FileHandle: HANDLE, Event: HANDLE, ApcRoutine: PIO_APC_ROUTINE, ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, SegmentArray: PFILE_SEGMENT_ELEMENT, Length: ULONG, ByteOffset: PLARGE_INTEGER, Key: PULONG, ) -> NTSTATUS; fn ZwWriteRequestData( PortHandle: HANDLE, Message: PPORT_MESSAGE, DataEntryIndex: ULONG, Buffer: PVOID, BufferSize: SIZE_T, NumberOfBytesWritten: PSIZE_T, ) -> NTSTATUS; fn ZwWriteVirtualMemory( ProcessHandle: HANDLE, BaseAddress: PVOID, Buffer: PVOID, BufferSize: SIZE_T, NumberOfBytesWritten: PSIZE_T, ) -> NTSTATUS; fn ZwYieldExecution() -> NTSTATUS; }} ntapi-0.4.0/src/string.rs000064400000000000000000000024120072674642500134320ustar 00000000000000/// A wrapper over UTF16 string constants. pub struct UTF16Const(pub &'static [u16]); impl UTF16Const { #[inline] pub fn as_ptr(&self) -> *const u16 { self.0.as_ptr() } #[inline] pub fn as_mut_ptr(&self) -> *mut u16 { self.0.as_ptr() as *mut u16 } #[inline] pub fn len(&self) -> usize { self.0.len() - 1 } } impl AsRef<[u16]> for UTF16Const { #[inline] fn as_ref(&self) -> &[u16] { &self.0[..self.len()] } } impl Copy for UTF16Const {} impl Clone for UTF16Const { #[inline] fn clone(&self) -> UTF16Const { *self } } /// A wrapper over UTF8 string constants. pub struct UTF8Const(pub &'static str); impl UTF8Const { #[inline] pub fn as_ptr(&self) -> *const i8 { self.0.as_ptr() as *const i8 } #[inline] pub fn as_mut_ptr(&self) -> *mut i8 { self.0.as_ptr() as *mut i8 } #[inline] pub fn len(&self) -> usize { self.0.len() - 1 } #[inline] pub fn as_str(&self) -> &str { &self.0[..self.len()] } } impl AsRef for UTF8Const { #[inline] fn as_ref(&self) -> &str { &self.0[..self.len()] } } impl Copy for UTF8Const {} impl Clone for UTF8Const { #[inline] fn clone(&self) -> UTF8Const { *self } } ntapi-0.4.0/src/subprocesstag.rs000064400000000000000000000052620072674642500150160ustar 00000000000000use winapi::shared::minwindef::DWORD; use winapi::shared::ntdef::{LPCWSTR, LPWSTR, PVOID}; ENUM!{enum TAG_INFO_LEVEL { eTagInfoLevelNameFromTag = 1, eTagInfoLevelNamesReferencingModule = 2, eTagInfoLevelNameTagMapping = 3, eTagInfoLevelMax = 4, }} ENUM!{enum TAG_TYPE { eTagTypeService = 1, eTagTypeMax = 2, }} STRUCT!{struct TAG_INFO_NAME_FROM_TAG_IN_PARAMS { dwPid: DWORD, dwTag: DWORD, }} pub type PTAG_INFO_NAME_FROM_TAG_IN_PARAMS = *mut TAG_INFO_NAME_FROM_TAG_IN_PARAMS; STRUCT!{struct TAG_INFO_NAME_FROM_TAG_OUT_PARAMS { eTagType: DWORD, pszName: LPWSTR, }} pub type PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS = *mut TAG_INFO_NAME_FROM_TAG_OUT_PARAMS; STRUCT!{struct TAG_INFO_NAME_FROM_TAG { InParams: TAG_INFO_NAME_FROM_TAG_IN_PARAMS, OutParams: TAG_INFO_NAME_FROM_TAG_OUT_PARAMS, }} pub type PTAG_INFO_NAME_FROM_TAG = *mut TAG_INFO_NAME_FROM_TAG; STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS { dwPid: DWORD, pszModule: LPWSTR, }} pub type PTAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS = *mut TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS; STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS { eTagType: DWORD, pmszNames: LPWSTR, }} pub type PTAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS = *mut TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS; STRUCT!{struct TAG_INFO_NAMES_REFERENCING_MODULE { InParams: TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS, OutParams: TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS, }} pub type PTAG_INFO_NAMES_REFERENCING_MODULE = *mut TAG_INFO_NAMES_REFERENCING_MODULE; STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS { dwPid: DWORD, }} pub type PTAG_INFO_NAME_TAG_MAPPING_IN_PARAMS = *mut TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS; STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_ELEMENT { eTagType: DWORD, dwTag: DWORD, pszName: LPWSTR, pszGroupName: LPWSTR, }} pub type PTAG_INFO_NAME_TAG_MAPPING_ELEMENT = *mut TAG_INFO_NAME_TAG_MAPPING_ELEMENT; STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS { cElements: DWORD, pNameTagMappingElements: PTAG_INFO_NAME_TAG_MAPPING_ELEMENT, }} pub type PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS = *mut TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS; STRUCT!{struct TAG_INFO_NAME_TAG_MAPPING { InParams: TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS, pOutParams: PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS, }} pub type PTAG_INFO_NAME_TAG_MAPPING = *mut TAG_INFO_NAME_TAG_MAPPING; EXTERN!{extern "system" { fn I_QueryTagInformation( pszMachineName: LPCWSTR, eInfoLevel: TAG_INFO_LEVEL, pTagInfo: PVOID, ) -> DWORD; }} FN!{stdcall PQUERY_TAG_INFORMATION( pszMachineName: LPCWSTR, eInfoLevel: TAG_INFO_LEVEL, pTagInfo: PVOID, ) -> DWORD} ntapi-0.4.0/src/winapi_local/um/winioctl.rs000064400000000000000000000002570072674642500170430ustar 00000000000000#[inline] pub(crate) const fn CTL_CODE(DeviceType: u32, Function: u32, Method: u32, Access: u32) -> u32 { (DeviceType << 16) | (Access << 14) | (Function << 2) | Method } ntapi-0.4.0/src/winapi_local/um/winnt.rs000064400000000000000000000036040072674642500163510ustar 00000000000000use winapi::shared::basetsd::{DWORD64, SIZE_T, ULONG64}; use winapi::shared::minwindef::DWORD; use winapi::um::winnt::{HANDLE, PVOID}; #[doc(hidden)] #[inline] pub const fn UInt32x32To64(a: u32, b: u32) -> u64 { a as u64 * b as u64 } #[cfg(not(target_arch = "aarch64"))] IFDEF!{ use core::arch::asm; use crate::ntpebteb::TEB; #[inline] pub unsafe fn __readfsdword(Offset: DWORD) -> DWORD { let out: u32; asm!( "mov {:e}, fs:[{:e}]", lateout(reg) out, in(reg) Offset, options(nostack, pure, readonly), ); out } #[inline] #[cfg(target_pointer_width = "64")] pub unsafe fn __readgsqword(Offset: DWORD) -> DWORD64 { let out: u64; asm!( "mov {}, gs:[{:e}]", lateout(reg) out, in(reg) Offset, options(nostack, pure, readonly), ); out } #[inline] #[allow(unused_unsafe)] pub unsafe fn NtCurrentTeb() -> *mut TEB { use winapi::um::winnt::NT_TIB; let teb_offset = FIELD_OFFSET!(NT_TIB, _Self) as u32; #[cfg(target_arch = "x86_64")] { __readgsqword(teb_offset) as *mut TEB } #[cfg(target_arch = "x86")] { __readfsdword(teb_offset) as *mut TEB } } } ENUM!{enum MEM_EXTENDED_PARAMETER_TYPE { MemExtendedParameterInvalidType = 0, MemExtendedParameterAddressRequirements = 1, MemExtendedParameterNumaNode = 2, MemExtendedParameterPartitionHandle = 3, MemExtendedParameterMax = 4, }} pub type PMEM_EXTENDED_PARAMETER_TYPE = *mut MEM_EXTENDED_PARAMETER_TYPE; UNION!{union MEM_EXTENDED_PARAMETER_u { ULong64: DWORD64, Pointer: PVOID, Size: SIZE_T, Handle: HANDLE, ULong: DWORD, }} STRUCT!{struct MEM_EXTENDED_PARAMETER { BitFields: ULONG64, u: MEM_EXTENDED_PARAMETER_u, }} BITFIELD!{MEM_EXTENDED_PARAMETER BitFields: ULONG64 [ Type set_Type[0..8], Reserved set_Reserved[8..64], ]} pub type PMEM_EXTENDED_PARAMETER = *mut MEM_EXTENDED_PARAMETER; ntapi-0.4.0/src/winapi_local/um.rs000064400000000000000000000000500072674642500152020ustar 00000000000000pub(crate) mod winioctl; pub mod winnt; ntapi-0.4.0/src/winapi_local.rs000064400000000000000000000000140072674642500145610ustar 00000000000000pub mod um; ntapi-0.4.0/src/winsta.rs000064400000000000000000000662730072674642500134500ustar 00000000000000use core::ptr::null_mut; use crate::ntrtl::RTL_TIME_ZONE_INFORMATION; use winapi::shared::basetsd::SIZE_T; use winapi::shared::minwindef::{BYTE, DWORD, FILETIME}; use winapi::shared::ntdef::{ BOOLEAN, CHAR, HANDLE, LARGE_INTEGER, LONG, PULONG, PVOID, PWSTR, UCHAR, ULONG, UNICODE_STRING, USHORT, WCHAR, }; use winapi::shared::windef::HWND; use winapi::um::winnt::{PSID, STANDARD_RIGHTS_REQUIRED}; pub const WINSTATION_QUERY: u32 = 0x00000001; pub const WINSTATION_SET: u32 = 0x00000002; pub const WINSTATION_RESET: u32 = 0x00000004; pub const WINSTATION_VIRTUAL: u32 = 0x00000008; pub const WINSTATION_SHADOW: u32 = 0x00000010; pub const WINSTATION_LOGON: u32 = 0x00000020; pub const WINSTATION_LOGOFF: u32 = 0x00000040; pub const WINSTATION_MSG: u32 = 0x00000080; pub const WINSTATION_CONNECT: u32 = 0x00000100; pub const WINSTATION_DISCONNECT: u32 = 0x00000200; pub const WINSTATION_GUEST_ACCESS: u32 = WINSTATION_LOGON; pub const WINSTATION_CURRENT_GUEST_ACCESS: u32 = WINSTATION_VIRTUAL | WINSTATION_LOGOFF; pub const WINSTATION_USER_ACCESS: u32 = WINSTATION_GUEST_ACCESS | WINSTATION_QUERY | WINSTATION_CONNECT; pub const WINSTATION_CURRENT_USER_ACCESS: u32 = WINSTATION_SET | WINSTATION_RESET | WINSTATION_VIRTUAL | WINSTATION_LOGOFF | WINSTATION_DISCONNECT; pub const WINSTATION_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | WINSTATION_QUERY | WINSTATION_SET | WINSTATION_RESET | WINSTATION_VIRTUAL | WINSTATION_SHADOW | WINSTATION_LOGON | WINSTATION_MSG | WINSTATION_CONNECT | WINSTATION_DISCONNECT; pub const WDPREFIX_LENGTH: usize = 12; pub const CALLBACK_LENGTH: usize = 50; pub const DLLNAME_LENGTH: usize = 32; pub const CDNAME_LENGTH: usize = 32; pub const WDNAME_LENGTH: usize = 32; pub const PDNAME_LENGTH: usize = 32; pub const DEVICENAME_LENGTH: usize = 128; pub const MODEMNAME_LENGTH: usize = DEVICENAME_LENGTH; pub const STACK_ADDRESS_LENGTH: usize = 128; pub const MAX_BR_NAME: usize = 65; pub const DIRECTORY_LENGTH: usize = 256; pub const INITIALPROGRAM_LENGTH: usize = 256; pub const USERNAME_LENGTH: usize = 20; pub const DOMAIN_LENGTH: usize = 17; pub const PASSWORD_LENGTH: usize = 14; pub const NASISPECIFICNAME_LENGTH: usize = 14; pub const NASIUSERNAME_LENGTH: usize = 47; pub const NASIPASSWORD_LENGTH: usize = 24; pub const NASISESSIONNAME_LENGTH: usize = 16; pub const NASIFILESERVER_LENGTH: usize = 47; pub const CLIENTDATANAME_LENGTH: usize = 7; pub const CLIENTNAME_LENGTH: usize = 20; pub const CLIENTADDRESS_LENGTH: usize = 30; pub const IMEFILENAME_LENGTH: usize = 32; pub const CLIENTLICENSE_LENGTH: usize = 32; pub const CLIENTMODEM_LENGTH: usize = 40; pub const CLIENT_PRODUCT_ID_LENGTH: usize = 32; pub const MAX_COUNTER_EXTENSIONS: u32 = 2; pub const WINSTATIONNAME_LENGTH: usize = 32; pub const TERMSRV_TOTAL_SESSIONS: u32 = 1; pub const TERMSRV_DISC_SESSIONS: u32 = 2; pub const TERMSRV_RECON_SESSIONS: u32 = 3; pub const TERMSRV_CURRENT_ACTIVE_SESSIONS: u32 = 4; pub const TERMSRV_CURRENT_DISC_SESSIONS: u32 = 5; pub const TERMSRV_PENDING_SESSIONS: u32 = 6; pub const TERMSRV_SUCC_TOTAL_LOGONS: u32 = 7; pub const TERMSRV_SUCC_LOCAL_LOGONS: u32 = 8; pub const TERMSRV_SUCC_REMOTE_LOGONS: u32 = 9; pub const TERMSRV_SUCC_SESSION0_LOGONS: u32 = 10; pub const TERMSRV_CURRENT_TERMINATING_SESSIONS: u32 = 11; pub const TERMSRV_CURRENT_LOGGEDON_SESSIONS: u32 = 12; pub type PTS_TIME_ZONE_INFORMATION = *mut RTL_TIME_ZONE_INFORMATION; pub type TS_TIME_ZONE_INFORMATION = RTL_TIME_ZONE_INFORMATION; pub type WINSTATIONNAME = [WCHAR; WINSTATIONNAME_LENGTH + 1]; STRUCT!{struct VARDATA_WIRE { Size: USHORT, Offset: USHORT, }} pub type PVARDATA_WIRE = *mut VARDATA_WIRE; ENUM!{enum WINSTATIONSTATECLASS { State_Active = 0, State_Connected = 1, State_ConnectQuery = 2, State_Shadow = 3, State_Disconnected = 4, State_Idle = 5, State_Listen = 6, State_Reset = 7, State_Down = 8, State_Init = 9, }} UNION!{union SESSIONIDW_u { SessionId: ULONG, LogonId: ULONG, }} STRUCT!{struct SESSIONIDW { u: SESSIONIDW_u, WinStationName: WINSTATIONNAME, State: WINSTATIONSTATECLASS, }} pub type PSESSIONIDW = *mut SESSIONIDW; ENUM!{enum WINSTATIONINFOCLASS { WinStationCreateData = 0, WinStationConfiguration = 1, WinStationPdParams = 2, WinStationWd = 3, WinStationPd = 4, WinStationPrinter = 5, WinStationClient = 6, WinStationModules = 7, WinStationInformation = 8, WinStationTrace = 9, WinStationBeep = 10, WinStationEncryptionOff = 11, WinStationEncryptionPerm = 12, WinStationNtSecurity = 13, WinStationUserToken = 14, WinStationUnused1 = 15, WinStationVideoData = 16, WinStationInitialProgram = 17, WinStationCd = 18, WinStationSystemTrace = 19, WinStationVirtualData = 20, WinStationClientData = 21, WinStationSecureDesktopEnter = 22, WinStationSecureDesktopExit = 23, WinStationLoadBalanceSessionTarget = 24, WinStationLoadIndicator = 25, WinStationShadowInfo = 26, WinStationDigProductId = 27, WinStationLockedState = 28, WinStationRemoteAddress = 29, WinStationIdleTime = 30, WinStationLastReconnectType = 31, WinStationDisallowAutoReconnect = 32, WinStationMprNotifyInfo = 33, WinStationExecSrvSystemPipe = 34, WinStationSmartCardAutoLogon = 35, WinStationIsAdminLoggedOn = 36, WinStationReconnectedFromId = 37, WinStationEffectsPolicy = 38, WinStationType = 39, WinStationInformationEx = 40, WinStationValidationInfo = 41, }} STRUCT!{struct WINSTATIONCREATE { Bitfields: ULONG, MaxInstanceCount: ULONG, }} BITFIELD!{WINSTATIONCREATE Bitfields: ULONG [ fEnableWinStation set_fEnableWinStation[0..1], ]} pub type PWINSTATIONCREATE = *mut WINSTATIONCREATE; STRUCT!{struct WINSTACONFIGWIRE { Comment: [WCHAR; 61], OEMId: [CHAR; 4], UserConfig: VARDATA_WIRE, NewFields: VARDATA_WIRE, }} pub type PWINSTACONFIGWIRE = *mut WINSTACONFIGWIRE; ENUM!{enum CALLBACKCLASS { Callback_Disable = 0, Callback_Roving = 1, Callback_Fixed = 2, }} ENUM!{enum SHADOWCLASS { Shadow_Disable = 0, Shadow_EnableInputNotify = 1, Shadow_EnableInputNoNotify = 2, Shadow_EnableNoInputNotify = 3, Shadow_EnableNoInputNoNotify = 4, }} STRUCT!{struct USERCONFIG { Bitfields: ULONG, Bitfields2: ULONG, UserName: [WCHAR; USERNAME_LENGTH + 1], Domain: [WCHAR; DOMAIN_LENGTH + 1], Password: [WCHAR; PASSWORD_LENGTH + 1], WorkDirectory: [WCHAR; DIRECTORY_LENGTH + 1], InitialProgram: [WCHAR; INITIALPROGRAM_LENGTH + 1], CallbackNumber: [WCHAR; CALLBACK_LENGTH + 1], Callback: CALLBACKCLASS, Shadow: SHADOWCLASS, MaxConnectionTime: ULONG, MaxDisconnectionTime: ULONG, MaxIdleTime: ULONG, KeyboardLayout: ULONG, MinEncryptionLevel: BYTE, NWLogonServer: [WCHAR; NASIFILESERVER_LENGTH + 1], PublishedName: [WCHAR; MAX_BR_NAME], WFProfilePath: [WCHAR; DIRECTORY_LENGTH + 1], WFHomeDir: [WCHAR; DIRECTORY_LENGTH + 1], WFHomeDirDrive: [WCHAR; 4], }} BITFIELD!{USERCONFIG Bitfields: ULONG [ fInheritAutoLogon set_fInheritAutoLogon[0..1], fInheritResetBroken set_fInheritResetBroken[1..2], fInheritReconnectSame set_fInheritReconnectSame[2..3], fInheritInitialProgram set_fInheritInitialProgram[3..4], fInheritCallback set_fInheritCallback[4..5], fInheritCallbackNumber set_fInheritCallbackNumber[5..6], fInheritShadow set_fInheritShadow[6..7], fInheritMaxSessionTime set_fInheritMaxSessionTime[7..8], fInheritMaxDisconnectionTime set_fInheritMaxDisconnectionTime[8..9], fInheritMaxIdleTime set_fInheritMaxIdleTime[9..10], fInheritAutoClient set_fInheritAutoClient[10..11], fInheritSecurity set_fInheritSecurity[11..12], fPromptForPassword set_fPromptForPassword[12..13], fResetBroken set_fResetBroken[13..14], fReconnectSame set_fReconnectSame[14..15], fLogonDisabled set_fLogonDisabled[15..16], fWallPaperDisabled set_fWallPaperDisabled[16..17], fAutoClientDrives set_fAutoClientDrives[17..18], fAutoClientLpts set_fAutoClientLpts[18..19], fForceClientLptDef set_fForceClientLptDef[19..20], fRequireEncryption set_fRequireEncryption[20..21], fDisableEncryption set_fDisableEncryption[21..22], fUnused1 set_fUnused1[22..23], fHomeDirectoryMapRoot set_fHomeDirectoryMapRoot[23..24], fUseDefaultGina set_fUseDefaultGina[24..25], fCursorBlinkDisabled set_fCursorBlinkDisabled[25..26], fPublishedApp set_fPublishedApp[26..27], fHideTitleBar set_fHideTitleBar[27..28], fMaximize set_fMaximize[28..29], fDisableCpm set_fDisableCpm[29..30], fDisableCdm set_fDisableCdm[30..31], fDisableCcm set_fDisableCcm[31..32], ]} BITFIELD!{USERCONFIG Bitfields2: ULONG [ fDisableLPT set_fDisableLPT[0..1], fDisableClip set_fDisableClip[1..2], fDisableExe set_fDisableExe[2..3], fDisableCam set_fDisableCam[3..4], fDisableAutoReconnect set_fDisableAutoReconnect[4..5], ColorDepth set_ColorDepth[5..6], fInheritColorDepth set_fInheritColorDepth[6..7], fErrorInvalidProfile set_fErrorInvalidProfile[7..8], fPasswordIsScPin set_fPasswordIsScPin[8..9], fDisablePNPRedir set_fDisablePNPRedir[9..10], ]} pub type PUSERCONFIG = *mut USERCONFIG; ENUM!{enum SDCLASS { SdNone = 0, SdConsole = 1, SdNetwork = 2, SdAsync = 3, SdOemTransport = 4, }} pub type DEVICENAME = [WCHAR; DEVICENAME_LENGTH + 1]; pub type MODEMNAME = [WCHAR; MODEMNAME_LENGTH + 1]; pub type NASISPECIFICNAME = [WCHAR; NASISPECIFICNAME_LENGTH + 1]; pub type NASIUSERNAME = [WCHAR; NASIUSERNAME_LENGTH + 1]; pub type NASIPASSWORD = [WCHAR; NASIPASSWORD_LENGTH + 1]; pub type NASISESIONNAME = [WCHAR; NASISESSIONNAME_LENGTH + 1]; pub type NASIFILESERVER = [WCHAR; NASIFILESERVER_LENGTH + 1]; pub type WDNAME = [WCHAR; WDNAME_LENGTH + 1]; pub type WDPREFIX = [WCHAR; WDPREFIX_LENGTH + 1]; pub type CDNAME = [WCHAR; CDNAME_LENGTH + 1]; pub type DLLNAME = [WCHAR; DLLNAME_LENGTH + 1]; pub type PDNAME = [WCHAR; PDNAME_LENGTH + 1]; STRUCT!{struct NETWORKCONFIG { LanAdapter: LONG, NetworkName: DEVICENAME, Flags: ULONG, }} pub type PNETWORKCONFIG = *mut NETWORKCONFIG; ENUM!{enum FLOWCONTROLCLASS { FlowControl_None = 0, FlowControl_Hardware = 1, FlowControl_Software = 2, }} ENUM!{enum RECEIVEFLOWCONTROLCLASS { ReceiveFlowControl_None = 0, ReceiveFlowControl_RTS = 1, ReceiveFlowControl_DTR = 2, }} ENUM!{enum TRANSMITFLOWCONTROLCLASS { TransmitFlowControl_None = 0, TransmitFlowControl_CTS = 1, TransmitFlowControl_DSR = 2, }} ENUM!{enum ASYNCCONNECTCLASS { Connect_CTS = 0, Connect_DSR = 1, Connect_RI = 2, Connect_DCD = 3, Connect_FirstChar = 4, Connect_Perm = 5, }} STRUCT!{struct FLOWCONTROLCONFIG { Bitfields: ULONG, XonChar: CHAR, XoffChar: CHAR, Type: FLOWCONTROLCLASS, HardwareReceive: RECEIVEFLOWCONTROLCLASS, HardwareTransmit: TRANSMITFLOWCONTROLCLASS, }} BITFIELD!{FLOWCONTROLCONFIG Bitfields: ULONG [ fEnableSoftwareTx set_fEnableSoftwareTx[0..1], fEnableSoftwareRx set_fEnableSoftwareRx[1..2], fEnableDTR set_fEnableDTR[2..3], fEnableRTS set_fEnableRTS[3..4], ]} pub type PFLOWCONTROLCONFIG = *mut FLOWCONTROLCONFIG; STRUCT!{struct CONNECTCONFIG { Type: ASYNCCONNECTCLASS, Bitfields: ULONG, }} BITFIELD!{CONNECTCONFIG Bitfields: ULONG [ fEnableBreakDisconnect set_fEnableBreakDisconnect[0..1], ]} pub type PCONNECTCONFIG = *mut CONNECTCONFIG; STRUCT!{struct ASYNCCONFIG { DeviceName: DEVICENAME, ModemName: MODEMNAME, BaudRate: ULONG, Parity: ULONG, StopBits: ULONG, ByteSize: ULONG, Bitfields: ULONG, FlowControl: FLOWCONTROLCONFIG, Connect: CONNECTCONFIG, }} BITFIELD!{ASYNCCONFIG Bitfields: ULONG [ fEnableDsrSensitivity set_fEnableDsrSensitivity[0..1], fConnectionDriver set_fConnectionDriver[1..2], ]} pub type PASYNCCONFIG = *mut ASYNCCONFIG; STRUCT!{struct NASICONFIG { SpecificName: NASISPECIFICNAME, UserName: NASIUSERNAME, PassWord: NASIPASSWORD, SessionName: NASISESIONNAME, FileServer: NASIFILESERVER, GlobalSession: BOOLEAN, }} pub type PNASICONFIG = *mut NASICONFIG; STRUCT!{struct OEMTDCONFIG { Adapter: LONG, DeviceName: DEVICENAME, Flags: ULONG, }} pub type POEMTDCONFIG = *mut OEMTDCONFIG; UNION!{union PDPARAMS_u { Network: NETWORKCONFIG, Async: ASYNCCONFIG, Nasi: NASICONFIG, OemTd: OEMTDCONFIG, }} STRUCT!{struct PDPARAMS { SdClass: SDCLASS, u: PDPARAMS_u, }} pub type PPDPARAMS = *mut PDPARAMS; STRUCT!{struct WDCONFIG { WdName: WDNAME, WdDLL: DLLNAME, WsxDLL: DLLNAME, WdFlag: ULONG, WdInputBufferLength: ULONG, CfgDLL: DLLNAME, WdPrefix: WDPREFIX, }} pub type PWDCONFIG = *mut WDCONFIG; STRUCT!{struct PDCONFIG2 { PdName: PDNAME, SdClass: SDCLASS, PdDLL: DLLNAME, PdFlag: ULONG, OutBufLength: ULONG, OutBufCount: ULONG, OutBufDelay: ULONG, InteractiveDelay: ULONG, PortNumber: ULONG, KeepAliveTimeout: ULONG, }} pub type PPDCONFIG2 = *mut PDCONFIG2; STRUCT!{struct WINSTATIONCLIENT { Bitfields: ULONG, ClientName: [WCHAR; CLIENTNAME_LENGTH + 1], Domain: [WCHAR; DOMAIN_LENGTH + 1], UserName: [WCHAR; USERNAME_LENGTH + 1], Password: [WCHAR; PASSWORD_LENGTH + 1], WorkDirectory: [WCHAR; DIRECTORY_LENGTH + 1], InitialProgram: [WCHAR; INITIALPROGRAM_LENGTH + 1], SerialNumber: ULONG, EncryptionLevel: BYTE, ClientAddressFamily: ULONG, ClientAddress: [WCHAR; CLIENTADDRESS_LENGTH + 1], HRes: USHORT, VRes: USHORT, ColorDepth: USHORT, ProtocolType: USHORT, KeyboardLayout: ULONG, KeyboardType: ULONG, KeyboardSubType: ULONG, KeyboardFunctionKey: ULONG, ImeFileName: [WCHAR; IMEFILENAME_LENGTH + 1], ClientDirectory: [WCHAR; DIRECTORY_LENGTH + 1], ClientLicense: [WCHAR; CLIENTLICENSE_LENGTH + 1], ClientModem: [WCHAR; CLIENTMODEM_LENGTH + 1], ClientBuildNumber: ULONG, ClientHardwareId: ULONG, ClientProductId: USHORT, OutBufCountHost: USHORT, OutBufCountClient: USHORT, OutBufLength: USHORT, AudioDriverName: [WCHAR; 9], ClientTimeZone: TS_TIME_ZONE_INFORMATION, ClientSessionId: ULONG, ClientDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH], PerformanceFlags: ULONG, ActiveInputLocale: ULONG, }} BITFIELD!{WINSTATIONCLIENT Bitfields: ULONG [ fTextOnly set_fTextOnly[0..1], fDisableCtrlAltDel set_fDisableCtrlAltDel[1..2], fMouse set_fMouse[2..3], fDoubleClickDetect set_fDoubleClickDetect[3..4], fINetClient set_fINetClient[4..5], fPromptForPassword set_fPromptForPassword[5..6], fMaximizeShell set_fMaximizeShell[6..7], fEnableWindowsKey set_fEnableWindowsKey[7..8], fRemoteConsoleAudio set_fRemoteConsoleAudio[8..9], fPasswordIsScPin set_fPasswordIsScPin[9..10], fNoAudioPlayback set_fNoAudioPlayback[10..11], fUsingSavedCreds set_fUsingSavedCreds[11..12], ]} pub type PWINSTATIONCLIENT = *mut WINSTATIONCLIENT; STRUCT!{struct TSHARE_COUNTERS { Reserved: ULONG, }} pub type PTSHARE_COUNTERS = *mut TSHARE_COUNTERS; UNION!{union PROTOCOLCOUNTERS_Specific { TShareCounters: TSHARE_COUNTERS, Reserved: [ULONG; 100], }} STRUCT!{struct PROTOCOLCOUNTERS { WdBytes: ULONG, WdFrames: ULONG, WaitForOutBuf: ULONG, Frames: ULONG, Bytes: ULONG, CompressedBytes: ULONG, CompressFlushes: ULONG, Errors: ULONG, Timeouts: ULONG, AsyncFramingError: ULONG, AsyncOverrunError: ULONG, AsyncOverflowError: ULONG, AsyncParityError: ULONG, TdErrors: ULONG, ProtocolType: USHORT, Length: USHORT, Specific: PROTOCOLCOUNTERS_Specific, }} pub type PPROTOCOLCOUNTERS = *mut PROTOCOLCOUNTERS; STRUCT!{struct THINWIRECACHE { CacheReads: ULONG, CacheHits: ULONG, }} pub type PTHINWIRECACHE = *mut THINWIRECACHE; pub const MAX_THINWIRECACHE: usize = 4; STRUCT!{struct RESERVED_CACHE { ThinWireCache: [THINWIRECACHE; MAX_THINWIRECACHE], }} pub type PRESERVED_CACHE = *mut RESERVED_CACHE; STRUCT!{struct TSHARE_CACHE { Reserved: ULONG, }} pub type PTSHARE_CACHE = *mut TSHARE_CACHE; UNION!{union CACHE_STATISTICS_Specific { ReservedCacheStats: RESERVED_CACHE, TShareCacheStats: TSHARE_CACHE, Reserved: [ULONG; 20], }} STRUCT!{struct CACHE_STATISTICS { ProtocolType: USHORT, Length: USHORT, Specific: CACHE_STATISTICS_Specific, }} pub type PCACHE_STATISTICS = *mut CACHE_STATISTICS; STRUCT!{struct PROTOCOLSTATUS { Output: PROTOCOLCOUNTERS, Input: PROTOCOLCOUNTERS, Cache: CACHE_STATISTICS, AsyncSignal: ULONG, AsyncSignalMask: ULONG, }} pub type PPROTOCOLSTATUS = *mut PROTOCOLSTATUS; STRUCT!{struct WINSTATIONINFORMATION { ConnectState: WINSTATIONSTATECLASS, WinStationName: WINSTATIONNAME, LogonId: ULONG, ConnectTime: LARGE_INTEGER, DisconnectTime: LARGE_INTEGER, LastInputTime: LARGE_INTEGER, LogonTime: LARGE_INTEGER, Status: PROTOCOLSTATUS, Domain: [WCHAR; DOMAIN_LENGTH + 1], UserName: [WCHAR; USERNAME_LENGTH + 1], CurrentTime: LARGE_INTEGER, }} pub type PWINSTATIONINFORMATION = *mut WINSTATIONINFORMATION; STRUCT!{struct WINSTATIONUSERTOKEN { ProcessId: HANDLE, ThreadId: HANDLE, UserToken: HANDLE, }} pub type PWINSTATIONUSERTOKEN = *mut WINSTATIONUSERTOKEN; STRUCT!{struct WINSTATIONVIDEODATA { HResolution: USHORT, VResolution: USHORT, fColorDepth: USHORT, }} pub type PWINSTATIONVIDEODATA = *mut WINSTATIONVIDEODATA; ENUM!{enum CDCLASS { CdNone = 0, CdModem = 1, CdClass_Maximum = 2, }} STRUCT!{struct CDCONFIG { CdClass: CDCLASS, CdName: CDNAME, CdDLL: DLLNAME, CdFlag: ULONG, }} pub type PCDCONFIG = *mut CDCONFIG; pub type CLIENTDATANAME = [CHAR; CLIENTDATANAME_LENGTH + 1]; pub type PCLIENTDATANAME = *mut CHAR; STRUCT!{struct WINSTATIONCLIENTDATA { DataName: CLIENTDATANAME, fUnicodeData: BOOLEAN, }} pub type PWINSTATIONCLIENTDATA = *mut WINSTATIONCLIENTDATA; ENUM!{enum LOADFACTORTYPE { ErrorConstraint = 0, PagedPoolConstraint = 1, NonPagedPoolConstraint = 2, AvailablePagesConstraint = 3, SystemPtesConstraint = 4, CPUConstraint = 5, }} STRUCT!{struct WINSTATIONLOADINDICATORDATA { RemainingSessionCapacity: ULONG, LoadFactor: LOADFACTORTYPE, TotalSessions: ULONG, DisconnectedSessions: ULONG, IdleCPU: LARGE_INTEGER, TotalCPU: LARGE_INTEGER, RawSessionCapacity: ULONG, reserved: [ULONG; 9], }} pub type PWINSTATIONLOADINDICATORDATA = *mut WINSTATIONLOADINDICATORDATA; ENUM!{enum SHADOWSTATECLASS { State_NoShadow = 0, State_Shadowing = 1, State_Shadowed = 2, }} STRUCT!{struct WINSTATIONSHADOW { ShadowState: SHADOWSTATECLASS, ShadowClass: SHADOWCLASS, SessionId: ULONG, ProtocolType: ULONG, }} pub type PWINSTATIONSHADOW = *mut WINSTATIONSHADOW; STRUCT!{struct WINSTATIONPRODID { DigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH], ClientDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH], OuterMostDigProductId: [WCHAR; CLIENT_PRODUCT_ID_LENGTH], CurrentSessionId: ULONG, ClientSessionId: ULONG, OuterMostSessionId: ULONG, }} pub type PWINSTATIONPRODID = *mut WINSTATIONPRODID; STRUCT!{struct WINSTATIONREMOTEADDRESS_u_ipv4 { sin_port: USHORT, sin_addr: ULONG, sin_zero: [UCHAR; 8], }} STRUCT!{struct WINSTATIONREMOTEADDRESS_u_ipv6 { sin6_port: USHORT, sin6_flowinfo: ULONG, sin6_addr: [USHORT; 8], sin6_scope_id: ULONG, }} UNION!{union WINSTATIONREMOTEADDRESS_u { ipv4: WINSTATIONREMOTEADDRESS_u_ipv4, ipv6: WINSTATIONREMOTEADDRESS_u_ipv6, }} STRUCT!{struct WINSTATIONREMOTEADDRESS { sin_family: USHORT, u: WINSTATIONREMOTEADDRESS_u, }} pub type PWINSTATIONREMOTEADDRESS = *mut WINSTATIONREMOTEADDRESS; STRUCT!{struct WINSTATIONINFORMATIONEX_LEVEL1 { SessionId: ULONG, SessionState: WINSTATIONSTATECLASS, SessionFlags: LONG, WinStationName: WINSTATIONNAME, UserName: [WCHAR; USERNAME_LENGTH + 1], DomainName: [WCHAR; DOMAIN_LENGTH + 1], LogonTime: LARGE_INTEGER, ConnectTime: LARGE_INTEGER, DisconnectTime: LARGE_INTEGER, LastInputTime: LARGE_INTEGER, CurrentTime: LARGE_INTEGER, ProtocolStatus: PROTOCOLSTATUS, }} pub type PWINSTATIONINFORMATIONEX_LEVEL1 = *mut WINSTATIONINFORMATIONEX_LEVEL1; STRUCT!{struct WINSTATIONINFORMATIONEX_LEVEL2 { SessionId: ULONG, SessionState: WINSTATIONSTATECLASS, SessionFlags: LONG, WinStationName: WINSTATIONNAME, SamCompatibleUserName: [WCHAR; USERNAME_LENGTH + 1], SamCompatibleDomainName: [WCHAR; DOMAIN_LENGTH + 1], LogonTime: LARGE_INTEGER, ConnectTime: LARGE_INTEGER, DisconnectTime: LARGE_INTEGER, LastInputTime: LARGE_INTEGER, CurrentTime: LARGE_INTEGER, ProtocolStatus: PROTOCOLSTATUS, UserName: [WCHAR; 257], DomainName: [WCHAR; 256], }} pub type PWINSTATIONINFORMATIONEX_LEVEL2 = *mut WINSTATIONINFORMATIONEX_LEVEL2; UNION!{union WINSTATIONINFORMATIONEX_LEVEL { WinStationInfoExLevel1: WINSTATIONINFORMATIONEX_LEVEL1, WinStationInfoExLevel2: WINSTATIONINFORMATIONEX_LEVEL2, }} pub type PWINSTATIONINFORMATIONEX_LEVEL = *mut WINSTATIONINFORMATIONEX_LEVEL; STRUCT!{struct WINSTATIONINFORMATIONEX { Level: ULONG, Data: WINSTATIONINFORMATIONEX_LEVEL, }} pub type PWINSTATIONINFORMATIONEX = *mut WINSTATIONINFORMATIONEX; pub const TS_PROCESS_INFO_MAGIC_NT4: u32 = 0x23495452; STRUCT!{struct TS_PROCESS_INFORMATION_NT4 { MagicNumber: ULONG, LogonId: ULONG, ProcessSid: PVOID, Pad: ULONG, }} pub type PTS_PROCESS_INFORMATION_NT4 = *mut TS_PROCESS_INFORMATION_NT4; pub const SIZEOF_TS4_SYSTEM_THREAD_INFORMATION: u32 = 64; pub const SIZEOF_TS4_SYSTEM_PROCESS_INFORMATION: u32 = 136; STRUCT!{struct TS_SYS_PROCESS_INFORMATION { NextEntryOffset: ULONG, NumberOfThreads: ULONG, SpareLi1: LARGE_INTEGER, SpareLi2: LARGE_INTEGER, SpareLi3: LARGE_INTEGER, CreateTime: LARGE_INTEGER, UserTime: LARGE_INTEGER, KernelTime: LARGE_INTEGER, ImageName: UNICODE_STRING, BasePriority: LONG, UniqueProcessId: ULONG, InheritedFromUniqueProcessId: ULONG, HandleCount: ULONG, SessionId: ULONG, SpareUl3: ULONG, PeakVirtualSize: SIZE_T, VirtualSize: SIZE_T, PageFaultCount: ULONG, PeakWorkingSetSize: ULONG, WorkingSetSize: ULONG, QuotaPeakPagedPoolUsage: SIZE_T, QuotaPagedPoolUsage: SIZE_T, QuotaPeakNonPagedPoolUsage: SIZE_T, QuotaNonPagedPoolUsage: SIZE_T, PagefileUsage: SIZE_T, PeakPagefileUsage: SIZE_T, PrivatePageCount: SIZE_T, }} pub type PTS_SYS_PROCESS_INFORMATION = *mut TS_SYS_PROCESS_INFORMATION; STRUCT!{struct TS_ALL_PROCESSES_INFO { pTsProcessInfo: PTS_SYS_PROCESS_INFORMATION, SizeOfSid: ULONG, pSid: PSID, }} pub type PTS_ALL_PROCESSES_INFO = *mut TS_ALL_PROCESSES_INFO; STRUCT!{struct TS_COUNTER_HEADER { dwCounterID: DWORD, bResult: BOOLEAN, }} pub type PTS_COUNTER_HEADER = *mut TS_COUNTER_HEADER; STRUCT!{struct TS_COUNTER { CounterHead: TS_COUNTER_HEADER, dwValue: DWORD, StartTime: LARGE_INTEGER, }} pub type PTS_COUNTER = *mut TS_COUNTER; pub const WSD_LOGOFF: ULONG = 0x1; pub const WSD_SHUTDOWN: ULONG = 0x2; pub const WSD_REBOOT: ULONG = 0x4; pub const WSD_POWEROFF: ULONG = 0x8; pub const WEVENT_NONE: ULONG = 0x0; pub const WEVENT_CREATE: ULONG = 0x1; pub const WEVENT_DELETE: ULONG = 0x2; pub const WEVENT_RENAME: ULONG = 0x4; pub const WEVENT_CONNECT: ULONG = 0x8; pub const WEVENT_DISCONNECT: ULONG = 0x10; pub const WEVENT_LOGON: ULONG = 0x20; pub const WEVENT_LOGOFF: ULONG = 0x40; pub const WEVENT_STATECHANGE: ULONG = 0x80; pub const WEVENT_LICENSE: ULONG = 0x100; pub const WEVENT_ALL: ULONG = 0x7fffffff; pub const WEVENT_FLUSH: ULONG = 0x80000000; pub const KBDSHIFT: USHORT = 0x1; pub const KBDCTRL: USHORT = 0x2; pub const KBDALT: USHORT = 0x4; pub const WNOTIFY_ALL_SESSIONS: ULONG = 0x1; pub const LOGONID_CURRENT: i32 = -1; pub const SERVERNAME_CURRENT: PWSTR = null_mut(); EXTERN!{extern "system" { fn WinStationFreeMemory( Buffer: PVOID, ) -> BOOLEAN; fn WinStationOpenServerW( ServerName: PWSTR, ) -> HANDLE; fn WinStationCloseServer( ServerHandle: HANDLE, ) -> BOOLEAN; fn WinStationServerPing( ServerHandle: HANDLE, ) -> BOOLEAN; fn WinStationGetTermSrvCountersValue( ServerHandle: HANDLE, Count: ULONG, Counters: PTS_COUNTER, ) -> BOOLEAN; fn WinStationShutdownSystem( ServerHandle: HANDLE, ShutdownFlags: ULONG, ) -> BOOLEAN; fn WinStationWaitSystemEvent( ServerHandle: HANDLE, EventMask: ULONG, EventFlags: PULONG, ) -> BOOLEAN; fn WinStationRegisterConsoleNotification( ServerHandle: HANDLE, WindowHandle: HWND, Flags: ULONG, ) -> BOOLEAN; fn WinStationUnRegisterConsoleNotification( ServerHandle: HANDLE, WindowHandle: HWND, ) -> BOOLEAN; fn WinStationEnumerateW( ServerHandle: HANDLE, SessionIds: *mut PSESSIONIDW, Count: PULONG, ) -> BOOLEAN; fn WinStationQueryInformationW( ServerHandle: HANDLE, SessionId: ULONG, WinStationInformationClass: WINSTATIONINFOCLASS, pWinStationInformation: PVOID, WinStationInformationLength: ULONG, pReturnLength: PULONG, ) -> BOOLEAN; fn WinStationSetInformationW( ServerHandle: HANDLE, SessionId: ULONG, WinStationInformationClass: WINSTATIONINFOCLASS, pWinStationInformation: PVOID, WinStationInformationLength: ULONG, ) -> BOOLEAN; fn WinStationNameFromLogonIdW( ServerHandle: HANDLE, SessionId: ULONG, pWinStationName: PWSTR, ) -> BOOLEAN; fn WinStationSendMessageW( ServerHandle: HANDLE, SessionId: ULONG, Title: PWSTR, TitleLength: ULONG, Message: PWSTR, MessageLength: ULONG, Style: ULONG, Timeout: ULONG, Response: PULONG, DoNotWait: BOOLEAN, ) -> BOOLEAN; fn WinStationConnectW( ServerHandle: HANDLE, SessionId: ULONG, TargetSessionId: ULONG, pPassword: PWSTR, bWait: BOOLEAN, ) -> BOOLEAN; fn WinStationDisconnect( ServerHandle: HANDLE, SessionId: ULONG, bWait: BOOLEAN, ) -> BOOLEAN; fn WinStationReset( ServerHandle: HANDLE, SessionId: ULONG, bWait: BOOLEAN, ) -> BOOLEAN; fn WinStationShadow( ServerHandle: HANDLE, TargetServerName: PWSTR, TargetSessionId: ULONG, HotKeyVk: UCHAR, HotkeyModifiers: USHORT, ) -> BOOLEAN; fn WinStationShadowStop( ServerHandle: HANDLE, SessionId: ULONG, bWait: BOOLEAN, ) -> BOOLEAN; fn WinStationEnumerateProcesses( ServerHandle: HANDLE, Processes: *mut PVOID, ) -> BOOLEAN; fn WinStationGetAllProcesses( ServerHandle: HANDLE, Level: ULONG, NumberOfProcesses: PULONG, Processes: *mut PTS_ALL_PROCESSES_INFO, ) -> BOOLEAN; fn WinStationFreeGAPMemory( Level: ULONG, Processes: PTS_ALL_PROCESSES_INFO, NumberOfProcesses: ULONG, ) -> BOOLEAN; fn WinStationTerminateProcess( ServerHandle: HANDLE, ProcessId: ULONG, ExitCode: ULONG, ) -> BOOLEAN; fn WinStationGetProcessSid( ServerHandle: HANDLE, ProcessId: ULONG, ProcessStartTime: FILETIME, pProcessUserSid: PVOID, dwSidSize: PULONG, ) -> BOOLEAN; fn WinStationSwitchToServicesSession() -> BOOLEAN; fn WinStationRevertFromServicesSession() -> BOOLEAN; fn _WinStationWaitForConnect() -> BOOLEAN; }}