diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..66a486a --- /dev/null +++ b/.gitignore @@ -0,0 +1,17 @@ +# Generated by Cargo +# will have compiled files and executables +debug/ +target/ + +# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries +# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html +# Cargo.lock + +# These are backup files generated by rustfmt +**/*.rs.bk + +# MSVC Windows builds of rustc generate these, which store debugging information +*.pdb + +# VS Code folder +.vscode/ \ No newline at end of file diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..9098bc5 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "deps/phnt-nightly"] + path = deps/phnt-nightly + url = https://github.com/oberrich/phnt_nightly.git + branch = master diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 0000000..90855c8 --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,565 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "aho-corasick" +version = "1.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" +dependencies = [ + "memchr", +] + +[[package]] +name = "android-tzdata" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0" + +[[package]] +name = "android_system_properties" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" +dependencies = [ + "libc", +] + +[[package]] +name = "autocfg" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" + +[[package]] +name = "bindgen" +version = "0.69.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" +dependencies = [ + "bitflags", + "cexpr", + "clang-sys", + "itertools", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn", + "which", +] + +[[package]] +name = "bitflags" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" + +[[package]] +name = "bumpalo" +version = "3.15.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ff69b9dd49fd426c69a0db9fc04dd934cdb6645ff000864d98f7e2af8830eaa" + +[[package]] +name = "cc" +version = "1.0.91" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd97381a8cc6493395a5afc4c691c1084b3768db713b73aa215217aa245d153" + +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "chrono" +version = "0.4.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a0d04d43504c61aa6c7531f1871dd0d418d91130162063b789da00fd7057a5e" +dependencies = [ + "android-tzdata", + "iana-time-zone", + "js-sys", + "num-traits", + "wasm-bindgen", + "windows-targets", +] + +[[package]] +name = "clang-sys" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "core-foundation-sys" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f" + +[[package]] +name = "cty" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b365fabc795046672053e29c954733ec3b05e4be654ab130fe8f1f94d7051f35" + +[[package]] +name = "displaydoc" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "either" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11157ac094ffbdde99aa67b23417ebdd801842852b500e395a45a9c0aac03e4a" + +[[package]] +name = "errno" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +dependencies = [ + "libc", + "windows-sys", +] + +[[package]] +name = "glob" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" + +[[package]] +name = "home" +version = "0.5.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "iana-time-zone" +version = "0.1.60" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141" +dependencies = [ + "android_system_properties", + "core-foundation-sys", + "iana-time-zone-haiku", + "js-sys", + "wasm-bindgen", + "windows-core", +] + +[[package]] +name = "iana-time-zone-haiku" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" +dependencies = [ + "cc", +] + +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + +[[package]] +name = "js-sys" +version = "0.3.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" +dependencies = [ + "wasm-bindgen", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" + +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + +[[package]] +name = "libc" +version = "0.2.153" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" + +[[package]] +name = "libloading" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" +dependencies = [ + "cfg-if", + "windows-targets", +] + +[[package]] +name = "linux-raw-sys" +version = "0.4.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" + +[[package]] +name = "log" +version = "0.4.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" + +[[package]] +name = "memchr" +version = "2.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "nt-string" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f64f73b19d9405e886b53b9dee286e7fbb622a5276a7fd143c2d8e4dac3a0c6c" +dependencies = [ + "displaydoc", + "widestring", +] + +[[package]] +name = "num-traits" +version = "0.2.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" + +[[package]] +name = "phnt" +version = "0.0.1" +dependencies = [ + "bindgen", + "chrono", + "cty", + "nt-string", + "regex", + "windows", + "windows-targets", +] + +[[package]] +name = "prettyplease" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d3928fb5db768cb86f891ff014f0144589297e3c6a1aba6ed7cecfdace270c7" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "proc-macro2" +version = "1.0.79" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "regex" +version = "1.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" + +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + +[[package]] +name = "rustix" +version = "0.38.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "65e04861e65f21776e67888bfbea442b3642beaa0138fdb1dd7a84a52dffdb89" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys", + "windows-sys", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "syn" +version = "2.0.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44cfb93f38070beee36b3fef7d4f5a16f27751d94b187b666a5cc5e9b0d30687" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + +[[package]] +name = "wasm-bindgen" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" +dependencies = [ + "cfg-if", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" +dependencies = [ + "bumpalo", + "log", + "once_cell", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" + +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + +[[package]] +name = "widestring" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "653f141f39ec16bba3c5abe400a0c60da7468261cc2cbf36805022876bc721a8" + +[[package]] +name = "windows" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e48a53791691ab099e5e2ad123536d0fff50652600abaf43bbf952894110d0be" +dependencies = [ + "windows-core", + "windows-targets", +] + +[[package]] +name = "windows-core" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dd37b7e5ab9018759f893a1952c9420d060016fc19a472b4bb20d1bdd694d1b" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bcf46cf4c365c6f2d1cc93ce535f2c8b244591df96ceee75d8e83deb70a9cac9" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da9f259dd3bcf6990b55bffd094c4f7235817ba4ceebde8e6d11cd0c5633b675" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b474d8268f99e0995f25b9f095bc7434632601028cf86590aea5c8a5cb7801d3" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1515e9a29e5bed743cb4415a9ecf5dfca648ce85ee42e15873c3cd8610ff8e02" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5eee091590e89cc02ad514ffe3ead9eb6b660aedca2183455434b93546371a03" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77ca79f2451b49fa9e2af39f0747fe999fcda4f5e241b2898624dca97a1f2177" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32b752e52a2da0ddfbdbcc6fceadfeede4c939ed16d13e648833a61dfb611ed8" diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 0000000..31d0d00 --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "phnt" +version = "0.0.1" +license = "MIT" +authors = ["oberrich "] +repository = "https://github.com/oberrich/phnt-rs" +homepage = "https://github.com/oberrich/phnt-rs" +edition = "2021" +build = "src/build.rs" + +[build-dependencies] +windows.features = ["Win32_Foundation"] +windows-targets = ">=0.52.0" +windows.version = ">=0.52.0" +bindgen = "0.69.4" +regex = "1.10.3" +chrono = "0.4.37" + +[dependencies] +windows.features = ["Win32_Foundation"] +windows-targets = ">=0.52.0" +windows.version = ">=0.52.0" +nt-string = "0.1.1" +cty = "0.2.2" \ No newline at end of file diff --git a/deps/phnt-nightly/LICENSE b/deps/phnt-nightly/LICENSE new file mode 100644 index 0000000..0eaa759 --- /dev/null +++ b/deps/phnt-nightly/LICENSE @@ -0,0 +1,686 @@ +Process Hacker is distributed under the GNU GPL version 3, with the +following exception: + + Permission is granted to dynamically (but not statically) link this + program with independent modules, regardless of the license terms of + these independent modules, provided that this program is not modified + in any way. An independent module is a module which is not derived + from or based on this program. If you modify this program, this + additional permission no longer applies unless authorized by the + copyright holders. + + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. + diff --git a/deps/phnt-nightly/README.md b/deps/phnt-nightly/README.md new file mode 100644 index 0000000..9ebad7d --- /dev/null +++ b/deps/phnt-nightly/README.md @@ -0,0 +1,32 @@ +## Information + +This is an unofficial standalone version of the [Process Hacker](https://github.com/processhacker/processhacker) Native API headers (phnt). The headers are directly pulled from Process Hacker master branch every night and may contain untested code. +If you are looking for a stable release check out the [official phnt repository](https://github.com/processhacker/phnt) + +*** + +This collection of Native API header files has been maintained since 2009 for the Process Hacker project, and is the most up-to-date set of Native API definitions that we know of. We have gathered these definitions from official Microsoft header files and symbol files, as well as a lot of reverse engineering and guessing. See `phnt.h` for more information. + +## Usage + +First make sure that your program is using the latest Windows SDK. + +These header files are designed to be used by user-mode programs. Instead of `#include `, place + +``` +#include +#include +``` + +at the top of your program. The first line provides access to the Win32 API as well as the `NTSTATUS` values. The second line provides access to the entire Native API. By default, only definitions present in Windows XP are included into your program. To change this, use one of the following: + +``` +#define PHNT_VERSION PHNT_WINXP // Windows XP +#define PHNT_VERSION PHNT_WS03 // Windows Server 2003 +#define PHNT_VERSION PHNT_VISTA // Windows Vista +#define PHNT_VERSION PHNT_WIN7 // Windows 7 +#define PHNT_VERSION PHNT_WIN8 // Windows 8 +#define PHNT_VERSION PHNT_WINBLUE // Windows 8.1 +#define PHNT_VERSION PHNT_THRESHOLD // Windows 10 +``` + diff --git a/deps/phnt-nightly/ntbcd.h b/deps/phnt-nightly/ntbcd.h new file mode 100644 index 0000000..e0b40ab --- /dev/null +++ b/deps/phnt-nightly/ntbcd.h @@ -0,0 +1,2133 @@ +/* + * Boot Configuration Data (BCD) support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTBCD_H +#define _NTBCD_H + +#ifndef PHNT_INLINE_BCD_GUIDS +// 5189B25C-5558-4BF2-BCA4-289B11BD29E2 // {badmemory} +DEFINE_GUID(GUID_BAD_MEMORY_GROUP, 0x5189B25C, 0x5558, 0x4BF2, 0xBC, 0xA4, 0x28, 0x9B, 0x11, 0xBD, 0x29, 0xE2); +// 6EFB52BF-1766-41DB-A6B3-0EE5EFF72BD7 // {bootloadersettings} +DEFINE_GUID(GUID_BOOT_LOADER_SETTINGS_GROUP, 0x6EFB52BF, 0x1766, 0x41DB, 0xA6, 0xB3, 0x0E, 0xE5, 0xEF, 0xF7, 0x2B, 0xD7); +// FA926493-6F1C-4193-A414-58F0B2456D1E // {current} +DEFINE_GUID(GUID_CURRENT_BOOT_ENTRY, 0xFA926493, 0x6F1C, 0x4193, 0xA4, 0x14, 0x58, 0xF0, 0xB2, 0x45, 0x6D, 0x1E); +// 4636856E-540F-4170-A130-A84776F4C654 // {eventsettings} {dbgsettings} +DEFINE_GUID(GUID_DEBUGGER_SETTINGS_GROUP, 0x4636856E, 0x540F, 0x4170, 0xA1, 0x30, 0xA8, 0x47, 0x76, 0xF4, 0xC6, 0x54); +// 1CAE1EB7-A0DF-4D4D-9851-4860E34EF535 // {default} +DEFINE_GUID(GUID_DEFAULT_BOOT_ENTRY, 0x1CAE1EB7, 0xA0DF, 0x4D4D, 0x98, 0x51, 0x48, 0x60, 0xE3, 0x4E, 0xF5, 0x35); +// 0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9 // {emssettings} +DEFINE_GUID(GUID_EMS_SETTINGS_GROUP, 0x0CE4991B, 0xE6B3, 0x4B16, 0xB2, 0x3C, 0x5E, 0x0D, 0x92, 0x50, 0xE5, 0xD9); +// A5A30FA2-3D06-4E9F-B5F4-A01DF9D1FCBA // {fwbootmgr} +DEFINE_GUID(GUID_FIRMWARE_BOOTMGR, 0xA5A30FA2, 0x3D06, 0x4E9F, 0xB5, 0xF4, 0xA0, 0x1D, 0xF9, 0xD1, 0xFC, 0xBA); +// 7EA2E1AC-2E61-4728-AAA3-896D9D0A9F0E // {globalsettings} +DEFINE_GUID(GUID_GLOBAL_SETTINGS_GROUP, 0x7EA2E1AC, 0x2E61, 0x4728, 0xAA, 0xA3, 0x89, 0x6D, 0x9D, 0x0A, 0x9F, 0x0E); +// 7FF607E0-4395-11DB-B0DE-0800200C9A66 // {hypervisorsettings} +DEFINE_GUID(GUID_HYPERVISOR_SETTINGS_GROUP, 0x7FF607E0, 0x4395, 0x11DB, 0xB0, 0xDE, 0x08, 0x00, 0x20, 0x0C, 0x9A, 0x66); +// 313E8EED-7098-4586-A9BF-309C61F8D449 // {kerneldbgsettings} +DEFINE_GUID(GUID_KERNEL_DEBUGGER_SETTINGS_GROUP, 0x313E8EED, 0x7098, 0x4586, 0xA9, 0xBF, 0x30, 0x9C, 0x61, 0xF8, 0xD4, 0x49); +// 1AFA9C49-16AB-4A5C-4A90-212802DA9460 // {resumeloadersettings} +DEFINE_GUID(GUID_RESUME_LOADER_SETTINGS_GROUP, 0x1AFA9C49, 0x16AB, 0x4A5C, 0x4A, 0x90, 0x21, 0x28, 0x02, 0xDA, 0x94, 0x60); +// 9DEA862C-5CDD-4E70-ACC1-F32B344D4795 // {bootmgr} +DEFINE_GUID(GUID_WINDOWS_BOOTMGR, 0x9DEA862C, 0x5CDD, 0x4E70, 0xAC, 0xC1, 0xF3, 0x2B, 0x34, 0x4D, 0x47, 0x95); +// 466F5A88-0AF2-4F76-9038-095B170DC21C // {ntldr} {legacy} +DEFINE_GUID(GUID_WINDOWS_LEGACY_NTLDR, 0x466F5A88, 0x0AF2, 0x4F76, 0x90, 0x38, 0x09, 0x5B, 0x17, 0x0D, 0xC2, 0x1C); +// B2721D73-1DB4-4C62-BF78-C548A880142D // {memdiag} +DEFINE_GUID(GUID_WINDOWS_MEMORY_TESTER, 0xB2721D73, 0x1DB4, 0x4C62, 0xBF, 0x78, 0xC5, 0x48, 0xA8, 0x80, 0x14, 0x2D); +// B012B84D-C47C-4ED5-B722-C0C42163E569 +DEFINE_GUID(GUID_WINDOWS_OS_TARGET_TEMPLATE_EFI, 0xB012B84D, 0xC47C, 0x4ED5, 0xB7, 0x22, 0xC0, 0xC4, 0x21, 0x63, 0xE5, 0x69); +// A1943BBC-EA85-487C-97C7-C9EDE908A38A +DEFINE_GUID(GUID_WINDOWS_OS_TARGET_TEMPLATE_PCAT, 0xA1943BBC, 0xEA85, 0x487C, 0x97, 0xC7, 0xC9, 0xED, 0xE9, 0x08, 0xA3, 0x8A); +// {0C334284-9A41-4DE1-99B3-A7E87E8FF07E} +DEFINE_GUID(GUID_WINDOWS_RESUME_TARGET_TEMPLATE_EFI, 0x0C334284, 0x9A41, 0x4DE1, 0x99, 0xB3, 0xA7, 0xE8, 0x7E, 0x8F, 0xF0, 0x7E); +// {98B02A23-0674-4CE7-BDAD-E0A15A8FF97B} +DEFINE_GUID(GUID_WINDOWS_RESUME_TARGET_TEMPLATE_PCAT, 0x98B02A23, 0x0674, 0x4CE7, 0xBD, 0xAD, 0xE0, 0xA1, 0x5A, 0x8F, 0xF9, 0x7B); +// A1943BBC-EA85-487C-97C7-C9EDE908A38A +DEFINE_GUID(GUID_WINDOWS_SETUP_EFI, 0x7254A080, 0x1510, 0x4E85, 0xAC, 0x0F, 0xE7, 0xFB, 0x3D, 0x44, 0x47, 0x36); +// CBD971BF-B7B8-4885-951A-FA03044F5D71 +DEFINE_GUID(GUID_WINDOWS_SETUP_PCAT, 0xCBD971BF, 0xB7B8, 0x4885, 0x95, 0x1A, 0xFA, 0x03, 0x04, 0x4F, 0x5D, 0x71); +// AE5534E0-A924-466C-B836-758539A3EE3A // {ramdiskoptions} +DEFINE_GUID(GUID_WINDOWS_SETUP_RAMDISK_OPTIONS, 0xAE5534E0, 0xA924, 0x466C, 0xB8, 0x36, 0x75, 0x85, 0x39, 0xA3, 0xEE, 0x3A); +// {7619dcc9-fafe-11d9-b411-000476eba25f} +DEFINE_GUID(GUID_WINDOWS_SETUP_BOOT_ENTRY, 0x7619dcc9, 0xfafe, 0x11d9, 0xb4, 0x11, 0x00, 0x04, 0x76, 0xeb, 0xa2, 0x5f); +#else +NTSYSAPI GUID GUID_BAD_MEMORY_GROUP; // {badmemory} +NTSYSAPI GUID GUID_BOOT_LOADER_SETTINGS_GROUP; // {bootloadersettings} +NTSYSAPI GUID GUID_CURRENT_BOOT_ENTRY; // {current} +NTSYSAPI GUID GUID_DEBUGGER_SETTINGS_GROUP; // {eventsettings} {dbgsettings} +NTSYSAPI GUID GUID_DEFAULT_BOOT_ENTRY; // {default} +NTSYSAPI GUID GUID_EMS_SETTINGS_GROUP; // {emssettings} +NTSYSAPI GUID GUID_FIRMWARE_BOOTMGR; // {fwbootmgr} +NTSYSAPI GUID GUID_GLOBAL_SETTINGS_GROUP; // {globalsettings} +NTSYSAPI GUID GUID_HYPERVISOR_SETTINGS_GROUP; // {hypervisorsettings} +NTSYSAPI GUID GUID_KERNEL_DEBUGGER_SETTINGS_GROUP; // {kerneldbgsettings} +NTSYSAPI GUID GUID_RESUME_LOADER_SETTINGS_GROUP; // {resumeloadersettings} +NTSYSAPI GUID GUID_WINDOWS_BOOTMGR; // {bootmgr} +NTSYSAPI GUID GUID_WINDOWS_LEGACY_NTLDR; // {ntldr} {legacy} +NTSYSAPI GUID GUID_WINDOWS_MEMORY_TESTER; // {memdiag} +NTSYSAPI GUID GUID_WINDOWS_OS_TARGET_TEMPLATE_EFI; +NTSYSAPI GUID GUID_WINDOWS_OS_TARGET_TEMPLATE_PCAT; +NTSYSAPI GUID GUID_WINDOWS_RESUME_TARGET_TEMPLATE_EFI; +NTSYSAPI GUID GUID_WINDOWS_RESUME_TARGET_TEMPLATE_PCAT; +NTSYSAPI GUID GUID_WINDOWS_SETUP_EFI; +NTSYSAPI GUID GUID_WINDOWS_SETUP_PCAT; +NTSYSAPI GUID GUID_WINDOWS_SETUP_RAMDISK_OPTIONS; // {ramdiskoptions} +#endif + +typedef enum _BCD_MESSAGE_TYPE +{ + BCD_MESSAGE_TYPE_NONE, + BCD_MESSAGE_TYPE_TRACE, + BCD_MESSAGE_TYPE_INFORMATION, + BCD_MESSAGE_TYPE_WARNING, + BCD_MESSAGE_TYPE_ERROR, + BCD_MESSAGE_TYPE_MAXIMUM +} BCD_MESSAGE_TYPE; + +typedef VOID (NTAPI* BCD_MESSAGE_CALLBACK)( + _In_ BCD_MESSAGE_TYPE type, + _In_ PWSTR Message + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdSetLogging( + _In_ BCD_MESSAGE_TYPE BcdLoggingLevel, + _In_ BCD_MESSAGE_CALLBACK BcdMessageCallbackRoutine + ); + +NTSYSAPI +VOID +NTAPI +BcdInitializeBcdSyncMutant( + VOID + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdGetSystemStorePath( + _Out_ PWSTR* BcdSystemStorePath // RtlFreeHeap(RtlProcessHeap(), 0, BcdSystemStorePath); + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdSetSystemStoreDevice( + _In_ UNICODE_STRING SystemPartition + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdOpenSystemStore( + _Out_ PHANDLE BcdStoreHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdOpenStoreFromFile( + _In_ UNICODE_STRING BcdFilePath, + _Out_ PHANDLE BcdStoreHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdCreateStore( + _In_ UNICODE_STRING BcdFilePath, + _Out_ PHANDLE BcdStoreHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdExportStore( + _In_ UNICODE_STRING BcdFilePath + ); + +#if (PHNT_VERSION > PHNT_WIN11) +NTSYSAPI +NTSTATUS +NTAPI +BcdExportStoreEx( + _In_ HANDLE BcdStoreHandle, + _In_ ULONG Flags, + _In_ UNICODE_STRING BcdFilePath + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +BcdImportStore( + _In_ UNICODE_STRING BcdFilePath + ); + +typedef enum _BCD_IMPORT_FLAGS +{ + BCD_IMPORT_NONE, + BCD_IMPORT_DELETE_FIRMWARE_OBJECTS +} BCD_IMPORT_FLAGS; + +NTSYSAPI +NTSTATUS +NTAPI +BcdImportStoreWithFlags( + _In_ UNICODE_STRING BcdFilePath, + _In_ BCD_IMPORT_FLAGS BcdImportFlags + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdDeleteObjectReferences( + _In_ HANDLE BcdStoreHandle, + _In_ PGUID Identifier + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdDeleteSystemStore( + VOID + ); + +typedef enum _BCD_OPEN_FLAGS +{ + BCD_OPEN_NONE, + BCD_OPEN_OPEN_STORE_OFFLINE, + BCD_OPEN_SYNC_FIRMWARE_ENTRIES +} BCD_OPEN_FLAGS; + +NTSYSAPI +NTSTATUS +NTAPI +BcdOpenStore( + _In_ UNICODE_STRING BcdFilePath, + _In_ BCD_OPEN_FLAGS BcdOpenFlags, + _Out_ PHANDLE BcdStoreHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdCloseStore( + _In_ HANDLE BcdStoreHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdFlushStore( + _In_ HANDLE BcdStoreHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdForciblyUnloadStore( + _In_ HANDLE BcdStoreHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdMarkAsSystemStore( + _In_ HANDLE BcdStoreHandle + ); + +typedef enum _BCD_OBJECT_TYPE +{ + BCD_OBJECT_TYPE_NONE, + BCD_OBJECT_TYPE_APPLICATION, // 0x10000000 + BCD_OBJECT_TYPE_INHERITED, // 0x20000000 + BCD_OBJECT_TYPE_DEVICE, // 0x30000000 +} BCD_OBJECT_TYPE; + +typedef enum _BCD_APPLICATION_OBJECT_TYPE +{ + BCD_APPLICATION_OBJECT_NONE = 0, + BCD_APPLICATION_OBJECT_FIRMWARE_BOOT_MANAGER = 1, // 0x00000001 + BCD_APPLICATION_OBJECT_WINDOWS_BOOT_MANAGER = 2, // 0x00000002 + BCD_APPLICATION_OBJECT_WINDOWS_BOOT_LOADER = 3, // 0x00000003 + BCD_APPLICATION_OBJECT_WINDOWS_RESUME_APPLICATION = 4, // 0x00000004 + BCD_APPLICATION_OBJECT_MEMORY_TESTER = 5, // 0x00000005 + BCD_APPLICATION_OBJECT_LEGACY_NTLDR = 6, // 0x00000006 + BCD_APPLICATION_OBJECT_LEGACY_SETUPLDR = 7, // 0x00000007 + BCD_APPLICATION_OBJECT_BOOT_SECTOR = 8, // 0x00000008 + BCD_APPLICATION_OBJECT_STARTUP_MODULE = 9, // 0x00000009 + BCD_APPLICATION_OBJECT_GENERIC_APPLICATION = 10, // 0x0000000a + BCD_APPLICATION_OBJECT_RESERVED = 0xFFFFF // 0x000fffff +} BCD_APPLICATION_OBJECT_TYPE; + +typedef enum _BCD_APPLICATION_IMAGE_TYPE +{ + BCD_APPLICATION_IMAGE_NONE, + BCD_APPLICATION_IMAGE_FIRMWARE_APPLICATION, // 0x00100000 + BCD_APPLICATION_IMAGE_BOOT_APPLICATION, // 0x00200000 + BCD_APPLICATION_IMAGE_LEGACY_LOADER, // 0x00300000 + BCD_APPLICATION_IMAGE_REALMODE_CODE, // 0x00400000 +} BCD_APPLICATION_IMAGE_TYPE; + +typedef enum _BCD_INHERITED_CLASS_TYPE +{ + BCD_INHERITED_CLASS_NONE, + BCD_INHERITED_CLASS_LIBRARY, + BCD_INHERITED_CLASS_APPLICATION, + BCD_INHERITED_CLASS_DEVICE +} BCD_INHERITED_CLASS_TYPE; + +#define MAKE_BCD_OBJECT(ObjectType, ImageType, ApplicationType) \ + (((ULONG)(ObjectType) << 28) | \ + (((ULONG)(ImageType) & 0xF) << 20) | \ + ((ULONG)(ApplicationType) & 0xFFFFF)) + +#define MAKE_BCD_APPLICATION_OBJECT(ImageType, ApplicationType) \ + MAKE_BCD_OBJECT(BCD_OBJECT_TYPE_APPLICATION, (ULONG)(ImageType), (ULONG)(ApplicationType)) + +#define GET_BCD_OBJECT_TYPE(DataType) \ + ((BCD_OBJECT_TYPE)(((((ULONG)DataType)) >> 28) & 0xF)) +#define GET_BCD_APPLICATION_IMAGE(DataType) \ + ((BCD_APPLICATION_IMAGE_TYPE)(((((ULONG)DataType)) >> 20) & 0xF)) +#define GET_BCD_APPLICATION_OBJECT(DataType) \ + ((BCD_APPLICATION_OBJECT_TYPE)((((ULONG)DataType)) & 0xFFFFF)) + +#define BCD_OBJECT_OSLOADER_TYPE \ + MAKE_BCD_APPLICATION_OBJECT(BCD_APPLICATION_IMAGE_BOOT_APPLICATION, BCD_APPLICATION_OBJECT_WINDOWS_BOOT_LOADER) + +typedef union _BCD_OBJECT_DATATYPE +{ + ULONG PackedValue; + union + { + struct + { + ULONG Reserved : 28; + BCD_OBJECT_TYPE ObjectType : 4; + }; + struct + { + BCD_APPLICATION_OBJECT_TYPE ApplicationType : 20; + BCD_APPLICATION_IMAGE_TYPE ImageType : 4; + ULONG Reserved : 4; + BCD_OBJECT_TYPE ObjectType : 4; + } Application; + struct + { + ULONG Value : 20; + BCD_INHERITED_CLASS_TYPE Class : 4; + ULONG Reserved : 4; + BCD_OBJECT_TYPE ObjectType : 4; + } Inherit; + struct + { + ULONG Reserved : 28; + BCD_OBJECT_TYPE ObjectType : 4; + } Device; + }; +} BCD_OBJECT_DATATYPE, *PBCD_OBJECT_DATATYPE; + +static_assert(sizeof(BCD_OBJECT_DATATYPE) == sizeof(ULONG), "sizeof(BCD_OBJECT_DATATYPE) is invalid."); + +#define BCD_OBJECT_DESCRIPTION_VERSION 0x1 + +typedef struct _BCD_OBJECT_DESCRIPTION +{ + ULONG Version; // BCD_OBJECT_DESCRIPTION_VERSION + ULONG Type; // BCD_OBJECT_DATATYPE +} BCD_OBJECT_DESCRIPTION, *PBCD_OBJECT_DESCRIPTION; + +typedef struct _BCD_OBJECT +{ + GUID Identifer; + PBCD_OBJECT_DESCRIPTION Description; +} BCD_OBJECT, *PBCD_OBJECT; + +NTSYSAPI +NTSTATUS +NTAPI +BcdEnumerateObjects( + _In_ HANDLE BcdStoreHandle, + _In_ PBCD_OBJECT_DESCRIPTION BcdEnumDescriptor, + _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, // BCD_OBJECT[] + _Inout_ PULONG BufferSize, + _Out_ PULONG ObjectCount + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdOpenObject( + _In_ HANDLE BcdStoreHandle, + _In_ const GUID* Identifier, + _Out_ PHANDLE BcdObjectHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdCreateObject( + _In_ HANDLE BcdStoreHandle, + _In_ PGUID Identifier, + _In_ PBCD_OBJECT_DESCRIPTION Description, + _Out_ PHANDLE BcdObjectHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdDeleteObject( + _In_ HANDLE BcdObjectHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdCloseObject( + _In_ HANDLE BcdObjectHandle + ); + +typedef enum _BCD_COPY_FLAGS +{ + BCD_COPY_NONE = 0x0, + BCD_COPY_COPY_CREATE_NEW_OBJECT_IDENTIFIER = 0x1, + BCD_COPY_COPY_DELETE_EXISTING_OBJECT = 0x2, + BCD_COPY_COPY_UNKNOWN_FIRMWARE_APPLICATION = 0x4, + BCD_COPY_IGNORE_SETUP_TEMPLATE_ELEMENTS = 0x8, + BCD_COPY_RETAIN_ELEMENT_DATA = 0x10, + BCD_COPY_MIGRATE_ELEMENT_DATA = 0x20 +} BCD_COPY_FLAGS; + +NTSYSAPI +NTSTATUS +NTAPI +BcdCopyObject( + _In_ HANDLE BcdStoreHandle, + _In_ HANDLE BcdObjectHandle, + _In_ BCD_COPY_FLAGS BcdCopyFlags, + _In_ HANDLE TargetStoreHandle, + _Out_ PHANDLE TargetObjectHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdCopyObjectEx( + _In_ HANDLE BcdStoreHandle, + _In_ HANDLE BcdObjectHandle, + _In_ BCD_COPY_FLAGS BcdCopyFlags, + _In_ HANDLE TargetStoreHandle, + _In_ PGUID TargetObjectId, + _Out_ PHANDLE TargetObjectHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdCopyObjects( + _In_ HANDLE BcdStoreHandle, + _In_ BCD_OBJECT_DESCRIPTION Characteristics, + _In_ BCD_COPY_FLAGS BcdCopyFlags, + _In_ HANDLE TargetStoreHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdMigrateObjectElementValues( + _In_ HANDLE TemplateObjectHandle, + _In_ HANDLE SourceObjectHandle, + _In_ HANDLE TargetObjectHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdQueryObject( + _In_ HANDLE BcdObjectHandle, + _In_ ULONG BcdVersion, // BCD_OBJECT_DESCRIPTION_VERSION + _Out_ BCD_OBJECT_DESCRIPTION Description, + _Out_ PGUID Identifier + ); + +typedef enum _BCD_ELEMENT_DATATYPE_FORMAT +{ + BCD_ELEMENT_DATATYPE_FORMAT_UNKNOWN, + BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, // 0x01000000 + BCD_ELEMENT_DATATYPE_FORMAT_STRING, // 0x02000000 + BCD_ELEMENT_DATATYPE_FORMAT_OBJECT, // 0x03000000 + BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, // 0x04000000 + BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, // 0x05000000 + BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, // 0x06000000 + BCD_ELEMENT_DATATYPE_FORMAT_INTEGERLIST, // 0x07000000 + BCD_ELEMENT_DATATYPE_FORMAT_BINARY // 0x08000000 +} BCD_ELEMENT_DATATYPE_FORMAT; + +typedef enum _BCD_ELEMENT_DATATYPE_CLASS +{ + BCD_ELEMENT_DATATYPE_CLASS_NONE, + BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, // 0x10000000 + BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, // 0x20000000 + BCD_ELEMENT_DATATYPE_CLASS_DEVICE, // 0x30000000 + BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, // 0x40000000 + BCD_ELEMENT_DATATYPE_CLASS_OEM // 0x50000000 +} BCD_ELEMENT_DATATYPE_CLASS; + +typedef enum _BCD_ELEMENT_DEVICE_TYPE +{ + BCD_ELEMENT_DEVICE_TYPE_NONE, + BCD_ELEMENT_DEVICE_TYPE_BOOT_DEVICE, + BCD_ELEMENT_DEVICE_TYPE_PARTITION, + BCD_ELEMENT_DEVICE_TYPE_FILE, + BCD_ELEMENT_DEVICE_TYPE_RAMDISK, + BCD_ELEMENT_DEVICE_TYPE_UNKNOWN, + BCD_ELEMENT_DEVICE_TYPE_QUALIFIED_PARTITION, + BCD_ELEMENT_DEVICE_TYPE_VMBUS, + BCD_ELEMENT_DEVICE_TYPE_LOCATE_DEVICE, + BCD_ELEMENT_DEVICE_TYPE_URI, + BCD_ELEMENT_DEVICE_TYPE_COMPOSITE +} BCD_ELEMENT_DEVICE_TYPE; + +#define MAKE_BCDE_DATA_TYPE(Class, Format, Subtype) \ + (((((ULONG)Class) & 0xF) << 28) | ((((ULONG)Format) & 0xF) << 24) | (((ULONG)Subtype) & 0x00FFFFFF)) + +#define GET_BCDE_DATA_CLASS(DataType) \ + ((BCD_ELEMENT_DATATYPE_CLASS)(((((ULONG)DataType)) >> 28) & 0xF)) +#define GET_BCDE_DATA_FORMAT(DataType) \ + ((BCD_ELEMENT_DATATYPE_FORMAT)(((((ULONG)DataType)) >> 24) & 0xF)) +#define GET_BCDE_DATA_SUBTYPE(DataType) \ + ((ULONG)((((ULONG)DataType)) & 0x00FFFFFF)) + +typedef union _BCD_ELEMENT_DATATYPE +{ + ULONG PackedValue; + struct + { + ULONG SubType : 24; + BCD_ELEMENT_DATATYPE_FORMAT Format : 4; + BCD_ELEMENT_DATATYPE_CLASS Class : 4; + }; +} BCD_ELEMENT_DATATYPE, *PBCD_ELEMENT_DATATYPE; + +static_assert(sizeof(BCD_ELEMENT_DATATYPE) == sizeof(ULONG), "sizeof(BCD_ELEMENT_DATATYPE) is invalid."); + +NTSYSAPI +NTSTATUS +NTAPI +BcdEnumerateElementTypes( + _In_ HANDLE BcdObjectHandle, + _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, // BCD_ELEMENT_DATATYPE[] + _Inout_ PULONG BufferSize, + _Out_ PULONG ElementCount + ); + +typedef struct _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION +{ + ULONG PartitionStyle; + ULONG Reserved; + struct + { + union + { + ULONG DiskSignature; + ULONG64 PartitionOffset; + } Mbr; + union + { + GUID DiskSignature; + GUID PartitionSignature; + } Gpt; + }; +} BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION, *PBCD_ELEMENT_DEVICE_QUALIFIED_PARTITION; + +typedef struct _BCD_ELEMENT_DEVICE +{ + ULONG DeviceType; + GUID AdditionalOptions; + struct + { + union + { + ULONG ParentOffset; + WCHAR Path[ANYSIZE_ARRAY]; + } File; + union + { + WCHAR Path[ANYSIZE_ARRAY]; + } Partition; + union + { + ULONG Type; + ULONG ParentOffset; + ULONG ElementType; + WCHAR Path[ANYSIZE_ARRAY]; + } Locate; + union + { + GUID InterfaceInstance; + } Vmbus; + union + { + ULONG Data[ANYSIZE_ARRAY]; + } Unknown; + BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION QualifiedPartition; + }; +} BCD_ELEMENT_DEVICE, *PBCD_ELEMENT_DEVICE; + +typedef struct _BCD_ELEMENT_STRING +{ + WCHAR Value[ANYSIZE_ARRAY]; +} BCD_ELEMENT_STRING, *PBCD_ELEMENT_STRING; + +typedef struct _BCD_ELEMENT_OBJECT +{ + GUID Object; +} BCD_ELEMENT_OBJECT, *PBCD_ELEMENT_OBJECT; + +typedef struct _BCD_ELEMENT_OBJECT_LIST +{ + GUID ObjectList[ANYSIZE_ARRAY]; +} BCD_ELEMENT_OBJECT_LIST, *PBCD_ELEMENT_OBJECT_LIST; + +typedef struct _BCD_ELEMENT_INTEGER +{ + ULONG64 Value; +} BCD_ELEMENT_INTEGER, *PBCD_ELEMENT_INTEGER; + +typedef struct _BCD_ELEMENT_INTEGER_LIST +{ + ULONG64 Value[ANYSIZE_ARRAY]; +} BCD_ELEMENT_INTEGER_LIST, *PBCD_ELEMENT_INTEGER_LIST; + +typedef struct _BCD_ELEMENT_BOOLEAN +{ + BOOLEAN Value; + //BOOLEAN Pad; // sym +} BCD_ELEMENT_BOOLEAN, *PBCD_ELEMENT_BOOLEAN; + +#define BCD_ELEMENT_DESCRIPTION_VERSION 0x1 + +typedef struct BCD_ELEMENT_DESCRIPTION +{ + ULONG Version; // BCD_ELEMENT_DESCRIPTION_VERSION + ULONG Type; + ULONG DataSize; +} BCD_ELEMENT_DESCRIPTION, *PBCD_ELEMENT_DESCRIPTION; + +typedef struct _BCD_ELEMENT +{ + PBCD_ELEMENT_DESCRIPTION Description; + PVOID Data; +} BCD_ELEMENT, *PBCD_ELEMENT; + +NTSYSAPI +NTSTATUS +NTAPI +BcdEnumerateElements( + _In_ HANDLE BcdObjectHandle, + _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, // BCD_ELEMENT[] + _Inout_ PULONG BufferSize, + _Out_ PULONG ElementCount + ); + +typedef enum _BCD_FLAGS +{ + BCD_FLAG_NONE = 0x0, + BCD_FLAG_QUALIFIED_PARTITION = 0x1, + BCD_FLAG_NO_DEVICE_TRANSLATION = 0x2, + BCD_FLAG_ENUMERATE_INHERITED_OBJECTS = 0x4, + BCD_FLAG_ENUMERATE_DEVICE_OPTIONS = 0x8, + BCD_FLAG_OBSERVE_PRECEDENCE = 0x10, + BCD_FLAG_DISABLE_VHD_NT_TRANSLATION = 0x20, + BCD_FLAG_DISABLE_VHD_DEVICE_DETECTION = 0x40, + BCD_FLAG_DISABLE_POLICY_CHECKS = 0x80 +} BCD_FLAGS; + +NTSYSAPI +NTSTATUS +NTAPI +BcdEnumerateElementsWithFlags( + _In_ HANDLE BcdObjectHandle, + _In_ BCD_FLAGS BcdFlags, + _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, // BCD_ELEMENT[] + _Inout_ PULONG BufferSize, + _Out_ PULONG ElementCount + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdEnumerateAndUnpackElements( + _In_ HANDLE BcdStoreHandle, + _In_ HANDLE BcdObjectHandle, + _In_ BCD_FLAGS BcdFlags, + _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, // BCD_ELEMENT[] + _Inout_ PULONG BufferSize, + _Out_ PULONG ElementCount + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdGetElementData( + _In_ HANDLE BcdObjectHandle, + _In_ ULONG BcdElement, // BCD_ELEMENT_DATATYPE + _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, + _Inout_ PULONG BufferSize + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdGetElementDataWithFlags( + _In_ HANDLE BcdObjectHandle, + _In_ ULONG BcdElement, // BCD_ELEMENT_DATATYPE + _In_ BCD_FLAGS BcdFlags, + _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, + _Inout_ PULONG BufferSize + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdSetElementData( + _In_ HANDLE BcdObjectHandle, + _In_ ULONG BcdElement, // BCD_ELEMENT_DATATYPE + _In_reads_bytes_opt_(BufferSize) PVOID Buffer, + _In_ ULONG BufferSize + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdSetElementDataWithFlags( + _In_ HANDLE BcdObjectHandle, + _In_ ULONG BcdElement, // BCD_ELEMENT_DATATYPE + _In_ BCD_FLAGS BcdFlags, + _In_reads_bytes_opt_(BufferSize) PVOID Buffer, + _In_ ULONG BufferSize + ); + +NTSYSAPI +NTSTATUS +NTAPI +BcdDeleteElement( + _In_ HANDLE BcdObjectHandle, + _In_ ULONG BcdElement // BCD_ELEMENT_DATATYPE + ); + +// Element types + +typedef enum _BcdBootMgrElementTypes +{ + /// + /// The order in which BCD objects should be displayed. + /// Objects are displayed using the string specified by the BcdLibraryString_Description element. + /// + /// 0x24000001 + BcdBootMgrObjectList_DisplayOrder = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, 1), + /// + /// List of boot environment applications the boot manager should execute. + /// The applications are executed in the order they appear in this list. + /// If the firmware boot manager does not support loading multiple applications, this list cannot contain more than one entry. + /// + /// 0x24000002 + BcdBootMgrObjectList_BootSequence = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, 2), + /// + /// The default boot environment application to load if the user does not select one. + /// + /// 0x23000003 + BcdBootMgrObject_DefaultObject = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECT, 3), + /// + /// The maximum number of seconds a boot selection menu is to be displayed to the user. + /// The menu is displayed until the user selects an option or the time-out expires. + /// If this value is not specified, the boot manager waits for the user to make a selection. + /// + /// 0x25000004 + BcdBootMgrInteger_Timeout = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 4), + /// + /// Indicates that a resume operation should be attempted during a system restart. + /// + /// 0x26000005 + BcdBootMgrBoolean_AttemptResume = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 5), + /// + /// The resume application object. + /// + /// 0x23000006 + BcdBootMgrObject_ResumeObject = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECT, 6), + /// + /// + /// + /// 0x24000007 + BcdBootMgrObjectList_StartupSequence = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, 7), + /// + /// The boot manager tools display order list. + /// + /// 0x24000010 + BcdBootMgrObjectList_ToolsDisplayOrder = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, 16), + /// + /// Forces the display of the legacy boot menu, regardless of the number of OS entries in the BCD store and their BcdOSLoaderInteger_BootMenuPolicy. + /// + /// 0x26000020 + BcdBootMgrBoolean_DisplayBootMenu = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 32), + /// + /// Indicates whether the display of errors should be suppressed. + /// If this setting is enabled, the boot manager exits to the multi-OS menu on OS launch error. + /// + /// 0x26000021 + BcdBootMgrBoolean_NoErrorDisplay = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 33), + /// + /// The device on which the boot application resides. + /// + /// 0x21000022 + BcdBootMgrDevice_BcdDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 34), + /// + /// The boot application. + /// + /// 0x22000023 + BcdBootMgrString_BcdFilePath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 35), + /// + /// + /// + /// 0x26000024 + BcdBootMgrBoolean_HormEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 36), + /// + /// + /// + /// 0x26000025 + BcdBootMgrBoolean_HiberRoot = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 37), + /// + /// + /// + /// 0x22000026 + BcdBootMgrString_PasswordOverride = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 38), + /// + /// + /// + /// 0x22000027 + BcdBootMgrString_PinpassPhraseOverride = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 39), + /// + /// Controls whether custom actions are processed before a boot sequence. + /// Note This value is supported starting in Windows 8 and Windows Server 2012. + /// + /// 0x26000028 + BcdBootMgrBoolean_ProcessCustomActionsFirst = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 40), + /// + /// Custom Bootstrap Actions. + /// + /// 0x27000030 + BcdBootMgrIntegerList_CustomActionsList = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGERLIST, 48), + /// + /// Controls whether a boot sequence persists across multiple boots. + /// Note This value is supported starting in Windows 8 and Windows Server 2012. + /// + /// 0x26000031 + BcdBootMgrBoolean_PersistBootSequence = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 49), + /// + /// + /// + /// 0x26000032 + BcdBootMgrBoolean_SkipStartupSequence = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 50), +} BcdBootMgrElementTypes; + +typedef enum _BcdLibrary_FirstMegabytePolicy +{ + /// + /// Use none of the first megabyte of memory. + /// + FirstMegabytePolicyUseNone, + /// + /// Use all of the first megabyte of memory. + /// + FirstMegabytePolicyUseAll, + /// + /// Reserved for future use. + /// + FirstMegabytePolicyUsePrivate +} BcdLibrary_FirstMegabytePolicy; + +typedef enum _BcdLibrary_DebuggerType +{ + DebuggerSerial = 0, + Debugger1394 = 1, + DebuggerUsb = 2, + DebuggerNet = 3, + DebuggerLocal = 4 +} BcdLibrary_DebuggerType; + +typedef enum _BcdLibrary_DebuggerStartPolicy +{ + /// + /// The debugger will start active. + /// + DebuggerStartActive, + /// + /// The debugger will start in the auto-enabled state. + /// If a debugger is attached it will be used; otherwise the debugger port will be available for other applications. + /// + DebuggerStartAutoEnable, + /// + /// The debugger will not start. + /// + DebuggerStartDisable +} BcdLibrary_DebuggerStartPolicy; + +typedef enum _BcdLibrary_ConfigAccessPolicy +{ + /// + /// Access to PCI configuration space through the memory-mapped region is allowed. + /// + ConfigAccessPolicyDefault, + /// + /// Access to PCI configuration space through the memory-mapped region is not allowed. + /// This setting is used for platforms that implement memory-mapped configuration space incorrectly. + /// The CFC/CF8 access mechanism can be used to access configuration space on these platforms. + /// + ConfigAccessPolicyDisallowMmConfig +} BcdLibrary_ConfigAccessPolicy; + +typedef enum _BcdLibrary_UxDisplayMessageType +{ + DisplayMessageTypeDefault = 0, + DisplayMessageTypeResume = 1, + DisplayMessageTypeHyperV = 2, + DisplayMessageTypeRecovery = 3, + DisplayMessageTypeStartupRepair = 4, + DisplayMessageTypeSystemImageRecovery = 5, + DisplayMessageTypeCommandPrompt = 6, + DisplayMessageTypeSystemRestore = 7, + DisplayMessageTypePushButtonReset = 8, +} BcdLibrary_UxDisplayMessageType; + +typedef enum BcdLibrary_SafeBoot +{ + /// + /// Load the drivers and services specified by name or group under the following registry key: + /// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal. + /// + SafemodeMinimal = 0, + /// + /// Load the drivers and services specified by name or group under the following registry key: + /// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network + /// + SafemodeNetwork = 1, + /// + /// Boot the system into a repair mode that restores the Active Directory service from backup medium. + /// + SafemodeDsRepair = 2 +} BcdLibrary_SafeBoot; + +// BcdLibraryElementTypes based on geoffchappell: https://www.geoffchappell.com/notes/windows/boot/bcd/elements.htm (dmex) +typedef enum _BcdLibraryElementTypes +{ + /// + /// Device on which a boot environment application resides. + /// + /// 0x11000001 + BcdLibraryDevice_ApplicationDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 1), + /// + /// Path to a boot environment application. + /// + /// 0x12000002 + BcdLibraryString_ApplicationPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 2), + /// + /// Display name of the boot environment application. + /// + /// 0x12000004 + BcdLibraryString_Description = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 4), + /// + /// Preferred locale, in RFC 3066 format. + /// + /// 0x12000005 + BcdLibraryString_PreferredLocale = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 5), + /// + /// List of BCD objects from which the current object should inherit elements. + /// + /// 0x14000006 + BcdLibraryObjectList_InheritedObjects = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, 6), + /// + /// Maximum physical address a boot environment application should recognize. All memory above this address is ignored. + /// + /// 0x15000007 + BcdLibraryInteger_TruncatePhysicalMemory = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 7), + /// + /// List of boot environment applications to be executed if the associated application fails. The applications are executed in the order they appear in this list. + /// + /// 0x14000008 + BcdLibraryObjectList_RecoverySequence = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST, 8), + /// + /// Indicates whether the recovery sequence executes automatically if the boot application fails. Otherwise, the recovery sequence only runs on demand. + /// + /// 0x16000009 + BcdLibraryBoolean_AutoRecoveryEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 9), + /// + /// List of page frame numbers describing faulty memory in the system. + /// + /// 0x1700000A + BcdLibraryIntegerList_BadMemoryList = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGERLIST, 10), + /// + /// If TRUE, indicates that a boot application can use memory listed in the BcdLibraryIntegerList_BadMemoryList. + /// + /// 0x1600000B + BcdLibraryBoolean_AllowBadMemoryAccess = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 11), + /// + /// Indicates how the first megabyte of memory is to be used. The Integer property is one of the values from the BcdLibrary_FirstMegabytePolicy enumeration. + /// + /// 0x1500000C + BcdLibraryInteger_FirstMegabytePolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 12), + /// + /// Relocates physical memory on certain AMD processors. + /// This value is not used in Windows 8 or Windows Server 2012. + /// + /// 0x1500000D + BcdLibraryInteger_RelocatePhysicalMemory = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 13), + /// + /// Specifies a minimum physical address to use in the boot environment. + /// + /// 0x1500000E + BcdLibraryInteger_AvoidLowPhysicalMemory = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 14), + /// + /// + /// + /// 0x1600000F + BcdLibraryBoolean_TraditionalKsegMappings = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 15), + /// + /// Indicates whether the boot debugger should be enabled. + /// + /// 0x16000010 + BcdLibraryBoolean_DebuggerEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 16), + /// + /// Debugger type. The Integer property is one of the values from the BcdLibrary_DebuggerType enumeration. + /// + /// 0x15000011 + BcdLibraryInteger_DebuggerType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 17), + /// + /// I/O port address for the serial debugger. + /// + /// 0x15000012 + BcdLibraryInteger_SerialDebuggerPortAddress = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 18), + /// + /// Serial port number for serial debugging. + /// If this value is not specified, the default is specified by the DBGP ACPI table settings. + /// + /// 0x15000013 + BcdLibraryInteger_SerialDebuggerPort = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 19), + /// + /// Baud rate for serial debugging. + /// + /// 0x15000014 + BcdLibraryInteger_SerialDebuggerBaudRate = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 20), + /// + /// Channel number for 1394 debugging. + /// + /// 0x15000015 + BcdLibraryInteger_1394DebuggerChannel = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 21), + /// + /// The target name for the USB debugger. The target name is arbitrary but must match between the debugger and the debug target. + /// + /// 0x12000016 + BcdLibraryString_UsbDebuggerTargetName = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 22), + /// + /// If TRUE, the debugger will ignore user mode exceptions and only stop for kernel mode exceptions. + /// + /// 0x16000017 + BcdLibraryBoolean_DebuggerIgnoreUsermodeExceptions = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 23), + /// + /// Indicates the debugger start policy. The Integer property is one of the values from the BcdLibrary_DebuggerStartPolicy enumeration. + /// + /// 0x15000018 + BcdLibraryInteger_DebuggerStartPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 24), + /// + /// Defines the PCI bus, device, and function numbers of the debugging device. For example, 1.5.0 describes the debugging device on bus 1, device 5, function 0. + /// + /// 0x12000019 + BcdLibraryString_DebuggerBusParameters = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 25), + /// + /// Defines the host IP address for the network debugger. + /// + /// 0x1500001A + BcdLibraryInteger_DebuggerNetHostIP = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 26), + /// + /// Defines the network port for the network debugger. + /// + /// 0x1500001B + BcdLibraryInteger_DebuggerNetPort = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 27), + /// + /// Controls the use of DHCP by the network debugger. Setting this to false causes the OS to only use link-local addresses. + /// This value is supported starting in Windows 8 and Windows Server 2012. + /// + /// 0x1600001C + BcdLibraryBoolean_DebuggerNetDhcp = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 28), + /// + /// Holds the key used to encrypt the network debug connection. + /// This value is supported starting in Windows 8 and Windows Server 2012. + /// + /// 0x1200001D + BcdLibraryString_DebuggerNetKey = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 29), + /// + /// + /// + /// 0x1600001E + BcdLibraryBoolean_DebuggerNetVM = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 30), + /// + /// + /// + /// 0x1200001F + BcdLibraryString_DebuggerNetHostIpv6 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 31), + /// + /// Indicates whether EMS redirection should be enabled. + /// + /// 0x16000020 + BcdLibraryBoolean_EmsEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 32), + /// + /// COM port number for EMS redirection. + /// + /// 0x15000022 + BcdLibraryInteger_EmsPort = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 34), + /// + /// Baud rate for EMS redirection. + /// + /// 0x15000023 + BcdLibraryInteger_EmsBaudRate = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 35), + /// + /// String that is appended to the load options string passed to the kernel to be consumed by kernel-mode components. + /// This is useful for communicating with kernel-mode components that are not BCD-aware. + /// + /// 0x12000030 + BcdLibraryString_LoadOptionsString = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 48), + /// + /// + /// + /// 0x16000031 + BcdLibraryBoolean_AttemptNonBcdStart = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 49), + /// + /// Indicates whether the advanced options boot menu (F8) is displayed. + /// + /// 0x16000040 + BcdLibraryBoolean_DisplayAdvancedOptions = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 64), + /// + /// Indicates whether the boot options editor is enabled. + /// + /// 0x16000041 + BcdLibraryBoolean_DisplayOptionsEdit = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 65), + /// + /// + /// + /// 0x15000042 + BcdLibraryInteger_FVEKeyRingAddress = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 66), + /// + /// Allows a device override for the bootstat.dat log in the boot manager and winload.exe. + /// + /// 0x11000043 + BcdLibraryDevice_BsdLogDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 67), + /// + /// Allows a path override for the bootstat.dat log file in the boot manager and winload.exe. + /// + /// 0x12000044 + BcdLibraryString_BsdLogPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 68), + /// + /// Indicates whether graphics mode is disabled and boot applications must use text mode display. + /// + /// 0x16000045 + BcdLibraryBoolean_BsdPreserveLog = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 69), + /// + /// + /// + /// 0x16000046 + BcdLibraryBoolean_GraphicsModeDisabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 70), + /// + /// Indicates the access policy for PCI configuration space. + /// + /// 0x15000047 + BcdLibraryInteger_ConfigAccessPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 71), + /// + /// Disables integrity checks. + /// Cannot be set when secure boot is enabled. + /// This value is ignored by Windows 7 and Windows 8. + /// + /// 0x16000048 + BcdLibraryBoolean_DisableIntegrityChecks = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 72), + /// + /// Indicates whether the test code signing certificate is supported. + /// + /// 0x16000049 + BcdLibraryBoolean_AllowPrereleaseSignatures = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 73), + /// + /// Overrides the default location of the boot fonts. + /// + /// 0x1200004A + BcdLibraryString_FontPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 74), + /// + /// + /// + /// 0x1500004B + BcdLibraryInteger_SiPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 75), + /// + /// This value (if present) should not be modified. + /// + /// 0x1500004C + BcdLibraryInteger_FveBandId = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 76), + /// + /// Specifies that legacy BIOS systems should use INT 16h Function 10h for console input instead of INT 16h Function 0h. + /// + /// 0x16000050 + BcdLibraryBoolean_ConsoleExtendedInput = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 80), + /// + /// + /// + /// 0x15000051 + BcdLibraryInteger_InitialConsoleInput = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 81), + /// + /// Forces a specific graphics resolution at boot. + /// Possible values include GraphicsResolution1024x768 (0), GraphicsResolution800x600 (1), and GraphicsResolution1024x600 (2). + /// + /// 0x15000052 + BcdLibraryInteger_GraphicsResolution = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 82), + /// + /// If enabled, specifies that boot error screens are not shown when OS launch errors occur, and the system is reset rather than exiting directly back to the firmware. + /// + /// 0x16000053 + BcdLibraryBoolean_RestartOnFailure = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 83), + /// + /// Forces highest available graphics resolution at boot. + /// This value can only be used on UEFI systems. + /// This value is supported starting in Windows 8 and Windows Server 2012. + /// + /// 0x16000054 + BcdLibraryBoolean_GraphicsForceHighestMode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 84), + /// + /// This setting is used to differentiate between the Windows 7 and Windows 8 implementations of UEFI. + /// Do not modify this setting. + /// If this setting is removed from a Windows 8 installation, it will not boot. + /// If this setting is added to a Windows 7 installation, it will not boot. + /// + /// 0x16000060 + BcdLibraryBoolean_IsolatedExecutionContext = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 96), + /// + /// This setting disables the progress bar and default Windows logo. If a custom text string has been defined, it is also disabled by this setting. + /// The Integer property is one of the values from the BcdLibrary_UxDisplayMessageType enumeration. + /// + /// 0x15000065 + BcdLibraryInteger_BootUxDisplayMessage = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 101), + /// + /// + /// + /// 0x15000066 + BcdLibraryInteger_BootUxDisplayMessageOverride = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 102), + /// + /// This setting disables the boot logo. + /// + /// 0x16000067 + BcdLibraryBoolean_BootUxLogoDisable = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 103), + /// + /// This setting disables the boot status text. + /// + /// 0x16000068 + BcdLibraryBoolean_BootUxTextDisable = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 104), + /// + /// This setting disables the boot progress bar. + /// + /// 0x16000069 + BcdLibraryBoolean_BootUxProgressDisable = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 105), + /// + /// This setting disables the boot transition fading. + /// + /// 0x1600006A + BcdLibraryBoolean_BootUxFadeDisable = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 106), + /// + /// + /// + /// 0x1600006B + BcdLibraryBoolean_BootUxReservePoolDebug = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 107), + /// + /// + /// + /// 0x1600006C + BcdLibraryBoolean_BootUxDisable = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 108), + /// + /// + /// + /// 0x1500006D + BcdLibraryInteger_BootUxFadeFrames = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 109), + /// + /// + /// + /// 0x1600006E + BcdLibraryBoolean_BootUxDumpStats = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 110), + /// + /// + /// + /// 0x1600006F + BcdLibraryBoolean_BootUxShowStats = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 111), + /// + /// + /// + /// 0x16000071 + BcdLibraryBoolean_MultiBootSystem = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 113), + /// + /// + /// + /// 0x16000072 + BcdLibraryBoolean_ForceNoKeyboard = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 114), + /// + /// + /// + /// 0x15000073 + BcdLibraryInteger_AliasWindowsKey = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 115), + /// + /// Disables the 1-minute timer that triggers shutdown on boot error screens, and the F8 menu, on UEFI systems. + /// + /// 0x16000074 + BcdLibraryBoolean_BootShutdownDisabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 116), + /// + /// + /// + /// 0x15000075 + BcdLibraryInteger_PerformanceFrequency = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 117), + /// + /// + /// + /// 0x15000076 + BcdLibraryInteger_SecurebootRawPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 118), + /// + /// Indicates whether or not an in-memory BCD setting passed between boot apps will trigger BitLocker recovery. + /// This value should not be modified as it could trigger a BitLocker recovery action. + /// + /// 0x17000077 + BcdLibraryIntegerList_AllowedInMemorySettings = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 119), + /// + /// + /// + /// 0x15000079 + BcdLibraryInteger_BootUxBitmapTransitionTime = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 121), + /// + /// + /// + /// 0x1600007A + BcdLibraryBoolean_TwoBootImages = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 122), + /// + /// Force the use of FIPS cryptography checks on boot applications. + /// BcdLibraryBoolean_ForceFipsCrypto is documented with wrong value 0x16000079 + /// + /// 0x1600007B + BcdLibraryBoolean_ForceFipsCrypto = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 123), + /// + /// + /// + /// 0x1500007D + BcdLibraryInteger_BootErrorUx = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 125), + /// + /// + /// + /// 0x1600007E + BcdLibraryBoolean_AllowFlightSignatures = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 126), + /// + /// + /// + /// 0x1500007F + BcdLibraryInteger_BootMeasurementLogFormat = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 127), + /// + /// + /// + /// 0x15000080 + BcdLibraryInteger_DisplayRotation = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 128), + /// + /// + /// + /// 0x15000081 + BcdLibraryInteger_LogControl = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 129), + /// + /// + /// + /// 0x16000082 + BcdLibraryBoolean_NoFirmwareSync = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 130), + /// + /// + /// + /// 0x11000084 + BcdLibraryDevice_WindowsSystemDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 132), + /// + /// + /// + /// 0x16000087 + BcdLibraryBoolean_NumLockOn = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 135), + /// + /// + /// + /// 0x12000088 + BcdLibraryString_AdditionalCiPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_LIBRARY, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 136), +} BcdLibraryElementTypes; + +typedef enum _BcdTemplateElementTypes +{ + /// + /// + /// + /// 0x45000001 + BcdSetupInteger_DeviceType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 1), + /// + /// + /// + /// 0x42000002 + BcdSetupString_ApplicationRelativePath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 2), + /// + /// + /// + /// 0x42000003 + BcdSetupString_RamdiskDeviceRelativePath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 3), + /// + /// + /// + /// 0x46000004 + BcdSetupBoolean_OmitOsLoaderElements = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 4), + /// + /// + /// + /// 0x47000006 + BcdSetupIntegerList_ElementsToMigrateList = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, BCD_ELEMENT_DATATYPE_FORMAT_INTEGERLIST, 6), + /// + /// + /// + /// 0x46000010 + BcdSetupBoolean_RecoveryOs = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 16), +} BcdTemplateElementTypes; + +/// +/// Specifies the no-execute page protection policies. +/// +typedef enum _BcdOSLoader_NxPolicy +{ + /// + /// The no-execute page protection is off by default. + /// + NxPolicyOptIn = 0, + /// + /// The no-execute page protection is on by default. + /// + NxPolicyOptOut = 1, + /// + /// The no-execute page protection is always off. + /// + NxPolicyAlwaysOff = 2, + /// + /// The no-execute page protection is always on. + /// + NxPolicyAlwaysOn = 3 +} BcdOSLoader_NxPolicy; + +/// +/// Specifies the Physical Address Extension (PAE) policies. +/// +typedef enum _BcdOSLoader_PAEPolicy +{ + /// + /// Enable PAE if hot-pluggable memory is defined above 4GB. + /// + PaePolicyDefault = 0, + /// + /// PAE is enabled. + /// + PaePolicyForceEnable = 1, + /// + /// PAE is disabled. + /// + PaePolicyForceDisable = 2 +} BcdOSLoader_PAEPolicy; + +typedef enum _BcdOSLoader_BootStatusPolicy +{ + /// + /// Display all boot failures. + /// + BootStatusPolicyDisplayAllFailures = 0, + /// + /// Ignore all boot failures. + /// + BootStatusPolicyIgnoreAllFailures = 1, + /// + /// Ignore all shutdown failures. + /// + BootStatusPolicyIgnoreShutdownFailures = 2, + /// + /// Ignore all boot failures. + /// + BootStatusPolicyIgnoreBootFailures = 3, + /// + /// Ignore checkpoint failures. + /// + BootStatusPolicyIgnoreCheckpointFailures = 4, + /// + /// Display shutdown failures. + /// + BootStatusPolicyDisplayShutdownFailures = 5, + /// + /// Display boot failures. + /// + BootStatusPolicyDisplayBootFailures = 6, + /// + /// Display checkpoint failures. + /// + BootStatusPolicyDisplayCheckpointFailures = 7 +} BcdOSLoaderBootStatusPolicy; + +// BcdOSLoaderElementTypes based on geoffchappell: https://www.geoffchappell.com/notes/windows/boot/bcd/elements.htm (dmex) +typedef enum _BcdOSLoaderElementTypes +{ + /// + /// The device on which the operating system resides. + /// + /// 0x21000001 + BcdOSLoaderDevice_OSDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 1), + /// + /// The file path to the operating system (%SystemRoot% minus the volume). + /// + /// 0x22000002 + BcdOSLoaderString_SystemRoot = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 2), + /// + /// The resume application associated with the operating system. + /// + /// 0x23000003 + BcdOSLoaderObject_AssociatedResumeObject = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_OBJECT, 3), + /// + /// + /// + /// 0x26000004 + BcdOSLoaderBoolean_StampDisks = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 4), + /// + /// Indicates whether the operating system loader should determine the kernel and HAL to load based on the platform features. + /// + /// 0x26000010 + BcdOSLoaderBoolean_DetectKernelAndHal = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 16), + /// + /// The kernel to be loaded by the operating system loader. This value overrides the default kernel. + /// + /// 0x22000011 + BcdOSLoaderString_KernelPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 17), + /// + /// The HAL to be loaded by the operating system loader. This value overrides the default HAL. + /// + /// 0x22000012 + BcdOSLoaderString_HalPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 18), + /// + /// The transport DLL to be loaded by the operating system loader. This value overrides the default Kdcom.dll. + /// + /// 0x22000013 + BcdOSLoaderString_DbgTransportPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 19), + /// + /// The no-execute page protection policy. The Integer property is one of the values from the BcdOSLoader_NxPolicy enumeration. + /// + /// 0x25000020 + BcdOSLoaderInteger_NxPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 32), + /// + /// The Physical Address Extension (PAE) policy. The Integer property is one of the values from the BcdOSLoader_PAEPolicy enumeration. + /// + /// 0x25000021 + BcdOSLoaderInteger_PAEPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 33), + /// + /// Indicates that the system should be started in Windows Preinstallation Environment (Windows PE) mode. + /// + /// 0x26000022 + BcdOSLoaderBoolean_WinPEMode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 34), + /// + /// Indicates that the system should not automatically reboot when it crashes. + /// + /// 0x26000024 + BcdOSLoaderBoolean_DisableCrashAutoReboot = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 36), + /// + /// Indicates that the system should use the last-known good settings. + /// + /// 0x26000025 + BcdOSLoaderBoolean_UseLastGoodSettings = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 37), + /// + /// + /// + /// 0x26000026 + BcdOSLoaderBoolean_DisableCodeIntegrityChecks = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 38), + /// + /// Indicates whether the test code signing certificate is supported. + /// + /// 0x26000027 + BcdOSLoaderBoolean_AllowPrereleaseSignatures = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 39), + /// + /// Indicates whether the system should utilize the first 4GB of physical memory. + /// This option requires 5GB of physical memory, and on x86 systems it requires PAE to be enabled. + /// + /// 0x26000030 + BcdOSLoaderBoolean_NoLowMemory = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 48), + /// + /// The amount of memory the system should ignore. + /// + /// 0x25000031 + BcdOSLoaderInteger_RemoveMemory = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 49), + /// + /// The amount of memory that should be utilized by the process address space, in bytes. + /// This value should be between 2GB and 3GB. + /// Increasing this value from the default 2GB decreases the amount of virtual address space available to the system and device drivers. + /// + /// 0x25000032 + BcdOSLoaderInteger_IncreaseUserVa = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 50), + /// + /// + /// + /// 0x25000033 + BcdOSLoaderInteger_PerformaceDataMemory = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 51), + /// + /// Indicates whether the system should use the standard VGA display driver instead of a high-performance display driver. + /// + /// 0x26000040 + BcdOSLoaderBoolean_UseVgaDriver = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 64), + /// + /// Indicates whether the system should initialize the VGA driver responsible for displaying simple graphics during the boot process. + /// If not, there is no display is presented during the boot process. + /// + /// 0x26000041 + BcdOSLoaderBoolean_DisableBootDisplay = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 65), + /// + /// Indicates whether the VGA driver should avoid VESA BIOS calls. + /// Note This value is ignored by Windows 8 and Windows Server 2012. + /// + /// 0x26000042 + BcdOSLoaderBoolean_DisableVesaBios = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 66), + /// + /// Disables the use of VGA modes in the OS. + /// + /// 0x26000043 + BcdOSLoaderBoolean_DisableVgaMode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 67), + /// + /// Indicates that cluster-mode APIC addressing should be utilized, and the value is the maximum number of processors per cluster. + /// + /// 0x25000050 + BcdOSLoaderInteger_ClusterModeAddressing = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 80), + /// + /// Indicates whether to enable physical-destination mode for all APIC messages. + /// + /// 0x26000051 + BcdOSLoaderBoolean_UsePhysicalDestination = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 81), + /// + /// The maximum number of APIC clusters that should be used by cluster-mode addressing. + /// + /// 0x25000052 + BcdOSLoaderInteger_RestrictApicCluster = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 82), + /// + /// + /// + /// 0x22000053 + BcdOSLoaderString_OSLoaderTypeEVStore = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 83), + /// + /// Used to force legacy APIC mode, even if the processors and chipset support extended APIC mode. + /// + /// 0x26000054 + BcdOSLoaderBoolean_UseLegacyApicMode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 84), + /// + /// Enables the use of extended APIC mode, if supported. + /// Zero (0) indicates default behavior, one (1) indicates that extended APIC mode is disabled, and two (2) indicates that extended APIC mode is enabled. + /// The system defaults to using extended APIC mode if available. + /// + /// 0x25000055 + BcdOSLoaderInteger_X2ApicPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 85), + /// + /// Indicates whether the operating system should initialize or start non-boot processors. + /// + /// 0x26000060 + BcdOSLoaderBoolean_UseBootProcessorOnly = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 96), + /// + /// The maximum number of processors that can be utilized by the system; all other processors are ignored. + /// + /// 0x25000061 + BcdOSLoaderInteger_NumberOfProcessors = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 97), + /// + /// Indicates whether the system should use the maximum number of processors. + /// + /// 0x26000062 + BcdOSLoaderBoolean_ForceMaximumProcessors = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 98), + /// + /// Indicates whether processor specific configuration flags are to be used. + /// + /// 0x25000063 + BcdOSLoaderBoolean_ProcessorConfigurationFlags = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 99), + /// + /// Maximizes the number of groups created when assigning nodes to processor groups. + /// + /// 0x26000064 + BcdOSLoaderBoolean_MaximizeGroupsCreated = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 100), + /// + /// This setting makes drivers group aware and can be used to determine improper group usage. + /// + /// 0x26000065 + BcdOSLoaderBoolean_ForceGroupAwareness = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 101), + /// + /// Specifies the size of all processor groups. Must be set to a power of 2. + /// + /// 0x25000066 + BcdOSLoaderInteger_GroupSize = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 102), + /// + /// Indicates whether the system should use I/O and IRQ resources created by the system firmware instead of using dynamically configured resources. + /// + /// 0x26000070 + BcdOSLoaderInteger_UseFirmwarePciSettings = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 112), + /// + /// The PCI Message Signaled Interrupt (MSI) policy. Zero (0) indicates default, and one (1) indicates that MSI interrupts are disabled. + /// + /// 0x25000071 + BcdOSLoaderInteger_MsiPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 113), + /// + /// Undocumented. Zero (0) indicates default, and one (1) indicates that PCI Express is forcefully disabled. + /// + /// 0x25000072 + BcdOSLoaderInteger_PciExpressPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 114), + /// + /// The Integer property is one of the values from the BcdLibrary_SafeBoot enumeration. + /// + /// 0x25000080 + BcdOSLoaderInteger_SafeBoot = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 128), + /// + /// Indicates whether the system should use the shell specified under the following registry key instead of the default shell: + /// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell. + /// + /// 0x26000081 + BcdOSLoaderBoolean_SafeBootAlternateShell = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 129), + /// + /// Indicates whether the system should write logging information to %SystemRoot%\Ntbtlog.txt during initialization. + /// + /// 0x26000090 + BcdOSLoaderBoolean_BootLogInitialization = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 144), + /// + /// Indicates whether the system should display verbose information. + /// + /// 0x26000091 + BcdOSLoaderBoolean_VerboseObjectLoadMode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 145), + /// + /// Indicates whether the kernel debugger should be enabled using the settings in the inherited debugger object. + /// + /// 0x260000A0 + BcdOSLoaderBoolean_KernelDebuggerEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 160), + /// + /// Indicates whether the HAL should call DbgBreakPoint at the start of HalInitSystem for phase 0 initialization of the kernel. + /// + /// 0x260000A1 + BcdOSLoaderBoolean_DebuggerHalBreakpoint = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 161), + /// + /// Forces the use of the platform clock as the system's performance counter. + /// + /// 0x260000A2 + BcdOSLoaderBoolean_UsePlatformClock = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 162), + /// + /// Forces the OS to assume the presence of legacy PC devices like CMOS and keyboard controllers. + /// This value should only be used for debugging. + /// + /// 0x260000A3 + BcdOSLoaderBoolean_ForceLegacyPlatform = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 163), + /// + /// + /// + /// 0x260000A4 + BcdOSLoaderBoolean_UsePlatformTick = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 164), + /// + /// + /// + /// 0x260000A5 + BcdOSLoaderBoolean_DisableDynamicTick = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 165), + /// + /// Controls the TSC synchronization policy. Possible values include default (0), legacy (1), or enhanced (2). + /// This value is supported starting in Windows 8 and Windows Server 2012. + /// + /// 0x250000A6 + BcdOSLoaderInteger_TscSyncPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 166), + /// + /// Indicates whether EMS should be enabled in the kernel. + /// + /// 0x260000B0 + BcdOSLoaderBoolean_EmsEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 176), + /// + /// + /// + /// 0x250000C0 + BcdOSLoaderInteger_ForceFailure = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 192), + /// + /// Indicates the driver load failure policy. Zero (0) indicates that a failed driver load is fatal and the boot will not continue, + /// one (1) indicates that the standard error control is used. + /// + /// 0x250000C1 + BcdOSLoaderInteger_DriverLoadFailurePolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 193), + /// + /// Defines the type of boot menus the system will use. Possible values include menupolicylegacy (0) or menupolicystandard (1). + /// The default value is menupolicylegacy (0). + /// + /// 0x250000C2 + BcdOSLoaderInteger_BootMenuPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 194), + /// + /// Controls whether the system boots to the legacy menu (F8 menu) on the next boot. + /// Note This value is supported starting in Windows 8 and Windows Server 2012. + /// + /// 0x260000C3 + BcdOSLoaderBoolean_AdvancedOptionsOneTime = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 195), + /// + /// + /// + /// 0x260000C4 + BcdOSLoaderBoolean_OptionsEditOneTime = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 196), + /// + /// The boot status policy. The Integer property is one of the values from the BcdOSLoaderBootStatusPolicy enumeration + /// + /// 0x250000E0 + BcdOSLoaderInteger_BootStatusPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 224), + /// + /// The OS loader removes this entry for security reasons. This option can only be triggered by using the F8 menu; a user must be physically present to trigger this option. + /// This value is supported starting in Windows 8 and Windows Server 2012. + /// + /// 0x260000E1 + BcdOSLoaderBoolean_DisableElamDrivers = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 225), + /// + /// Controls the hypervisor launch type. Options are HyperVisorLaunchOff (0) and HypervisorLaunchAuto (1). + /// + /// 0x250000F0 + BcdOSLoaderInteger_HypervisorLaunchType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 240), + /// + /// + /// + /// 0x250000F1 + BcdOSLoaderString_HypervisorPath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 241), + /// + /// Controls whether the hypervisor debugger is enabled. + /// + /// 0x260000F2 + BcdOSLoaderBoolean_HypervisorDebuggerEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 242), + /// + /// Controls the hypervisor debugger type. Can be set to SERIAL (0), 1394 (1), or NET (2). + /// + /// 0x250000F3 + BcdOSLoaderInteger_HypervisorDebuggerType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 243), + /// + /// Specifies the serial port number for serial debugging. + /// + /// 0x250000F4 + BcdOSLoaderInteger_HypervisorDebuggerPortNumber = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 244), + /// + /// Specifies the baud rate for serial debugging. + /// + /// 0x250000F5 + BcdOSLoaderInteger_HypervisorDebuggerBaudrate = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 245), + /// + /// Specifies the channel number for 1394 debugging. + /// + /// 0x250000F6 + BcdOSLoaderInteger_HypervisorDebugger1394Channel = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 246), + /// + /// Values are Disabled (0), Basic (1), and Standard (2). + /// + /// 0x250000F7 + BcdOSLoaderInteger_BootUxPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 247), + /// + /// + /// + /// 0x220000F8 + BcdOSLoaderInteger_HypervisorSlatDisabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 248), + /// + /// Defines the PCI bus, device, and function numbers of the debugging device used with the hypervisor. + /// For example, 1.5.0 describes the debugging device on bus 1, device 5, function 0. + /// + /// 0x220000F9 + BcdOSLoaderString_HypervisorDebuggerBusParams = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 249), + /// + /// + /// + /// 0x250000FA + BcdOSLoaderInteger_HypervisorNumProc = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 250), + /// + /// + /// + /// 0x250000FB + BcdOSLoaderInteger_HypervisorRootProcPerNode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 251), + /// + /// + /// + /// 0x260000FC + BcdOSLoaderBoolean_HypervisorUseLargeVTlb = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 252), + /// + /// + /// + /// 0x250000FD + BcdOSLoaderInteger_HypervisorDebuggerNetHostIp = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 253), + /// + /// + /// + /// 0x250000FE + BcdOSLoaderInteger_HypervisorDebuggerNetHostPort = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 254), + /// + /// + /// + /// 0x250000FF + BcdOSLoaderInteger_HypervisorDebuggerPages = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 255), + /// + /// + /// + /// 0x25000100 + BcdOSLoaderInteger_TpmBootEntropyPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 256), + /// + /// + /// + /// 0x22000110 + BcdOSLoaderString_HypervisorDebuggerNetKey = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 272), + /// + /// + /// + /// 0x22000112 + BcdOSLoaderString_HypervisorProductSkuType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 274), + /// + /// + /// + /// 0x22000113 + BcdOSLoaderInteger_HypervisorRootProc = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 275), + /// + /// + /// + /// 0x26000114 + BcdOSLoaderBoolean_HypervisorDebuggerNetDhcp = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 276), + /// + /// + /// + /// 0x25000115 + BcdOSLoaderInteger_HypervisorIommuPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 277), + /// + /// + /// + /// 0x26000116 + BcdOSLoaderBoolean_HypervisorUseVApic = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 278), + /// + /// + /// + /// 0x22000117 + BcdOSLoaderString_HypervisorLoadOptions = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 279), + /// + /// + /// + /// 0x25000118 + BcdOSLoaderInteger_HypervisorMsrFilterPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 280), + /// + /// + /// + /// 0x25000119 + BcdOSLoaderInteger_HypervisorMmioNxPolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 281), + /// + /// + /// + /// 0x2500011A + BcdOSLoaderInteger_HypervisorSchedulerType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 282), + /// + /// + /// + /// 0x2200011B + BcdOSLoaderString_HypervisorRootProcNumaNodes = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 283), + /// + /// + /// + /// 0x2500011C + BcdOSLoaderInteger_HypervisorPerfmon = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 284), + /// + /// + /// + /// 0x2500011D + BcdOSLoaderInteger_HypervisorRootProcPerCore = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 285), + /// + /// + /// + /// 0x2200011E + BcdOSLoaderString_HypervisorRootProcNumaNodeLps = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 286), + /// + /// + /// + /// 0x25000120 + BcdOSLoaderInteger_XSavePolicy = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 288), + /// + /// + /// + /// 0x25000121 + BcdOSLoaderInteger_XSaveAddFeature0 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 289), + /// + /// + /// + /// 0x25000122 + BcdOSLoaderInteger_XSaveAddFeature1 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 290), + /// + /// + /// + /// 0x25000123 + BcdOSLoaderInteger_XSaveAddFeature2 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 291), + /// + /// + /// + /// 0x25000124 + BcdOSLoaderInteger_XSaveAddFeature3 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 292), + /// + /// + /// + /// 0x25000125 + BcdOSLoaderInteger_XSaveAddFeature4 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 293), + /// + /// + /// + /// 0x25000126 + BcdOSLoaderInteger_XSaveAddFeature5 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 294), + /// + /// + /// + /// 0x25000127 + BcdOSLoaderInteger_XSaveAddFeature6 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 295), + /// + /// + /// + /// 0x25000128 + BcdOSLoaderInteger_XSaveAddFeature7 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 296), + /// + /// + /// + /// 0x25000129 + BcdOSLoaderInteger_XSaveRemoveFeature = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 297), + /// + /// + /// + /// 0x2500012A + BcdOSLoaderInteger_XSaveProcessorsMask = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 298), + /// + /// + /// + /// 0x2500012B + BcdOSLoaderInteger_XSaveDisable = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 299), + /// + /// + /// + /// 0x2500012C + BcdOSLoaderInteger_KernelDebuggerType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 300), + /// + /// + /// + /// 0x2200012D + BcdOSLoaderString_KernelDebuggerBusParameters = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 301), + /// + /// + /// + /// 0x2500012E + BcdOSLoaderInteger_KernelDebuggerPortAddress = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 302), + /// + /// + /// + /// 0x2500012F + BcdOSLoaderInteger_KernelDebuggerPortNumber = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 303), + /// + /// + /// + /// 0x25000130 + BcdOSLoaderInteger_ClaimedTpmCounter = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 304), + /// + /// + /// + /// 0x25000131 + BcdOSLoaderInteger_KernelDebugger1394Channel = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 305), + /// + /// + /// + /// 0x22000132 + BcdOSLoaderString_KernelDebuggerUsbTargetname = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 306), + /// + /// + /// + /// 0x25000133 + BcdOSLoaderInteger_KernelDebuggerNetHostIp = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 307), + /// + /// + /// + /// 0x25000134 + BcdOSLoaderInteger_KernelDebuggerNetHostPort = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 308), + /// + /// + /// + /// 0x26000135 + BcdOSLoaderBoolean_KernelDebuggerNetDhcp = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 309), + /// + /// + /// + /// 0x22000136 + BcdOSLoaderString_KernelDebuggerNetKey = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 310), + /// + /// + /// + /// 0x22000137 + BcdOSLoaderString_IMCHiveName = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 311), + /// + /// + /// + /// 0x21000138 + BcdOSLoaderDevice_IMCDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 312), + /// + /// + /// + /// 0x25000139 + BcdOSLoaderInteger_KernelDebuggerBaudrate = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 313), + /// + /// + /// + /// 0x22000140 + BcdOSLoaderString_ManufacturingMode = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 320), + /// + /// + /// + /// 0x26000141 + BcdOSLoaderBoolean_EventLoggingEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 321), + /// + /// + /// + /// 0x25000142 + BcdOSLoaderInteger_VsmLaunchType = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 322), + /// + /// Undocumented. Zero (0) indicates default, one (1) indicates that disabled and two (2) indicates strict mode. + /// + /// 0x25000144 + BcdOSLoaderInteger_HypervisorEnforcedCodeIntegrity = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_INTEGER, 324), + /// + /// + /// + /// 0x26000145 + BcdOSLoaderBoolean_DtraceEnabled = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN, 325), + /// + /// + /// + /// 0x21000150 + BcdOSLoaderDevice_SystemDataDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 336), + /// + /// + /// + /// 0x21000151 + BcdOSLoaderDevice_OsArcDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 337), + /// + /// + /// + /// 0x21000153 + BcdOSLoaderDevice_OsDataDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 339), + /// + /// + /// + /// 0x21000154 + BcdOSLoaderDevice_BspDevice = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 340), + /// + /// + /// + /// 0x21000155 + BcdOSLoaderDevice_BspFilepath = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_DEVICE, 341), + /// + /// + /// + /// 0x22000156 + BcdOSLoaderString_KernelDebuggerNetHostIpv6 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 342), + /// + /// + /// + /// 0x22000161 + BcdOSLoaderString_HypervisorDebuggerNetHostIpv6 = MAKE_BCDE_DATA_TYPE(BCD_ELEMENT_DATATYPE_CLASS_APPLICATION, BCD_ELEMENT_DATATYPE_FORMAT_STRING, 353), +} BcdOSLoaderElementTypes; + +#endif diff --git a/deps/phnt-nightly/ntdbg.h b/deps/phnt-nightly/ntdbg.h new file mode 100644 index 0000000..1ecc3fc --- /dev/null +++ b/deps/phnt-nightly/ntdbg.h @@ -0,0 +1,380 @@ +/* + * Debugger support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTDBG_H +#define _NTDBG_H + +// Debugging + +NTSYSAPI +VOID +NTAPI +DbgUserBreakPoint( + VOID + ); + +NTSYSAPI +VOID +NTAPI +DbgBreakPoint( + VOID + ); + +NTSYSAPI +VOID +NTAPI +DbgBreakPointWithStatus( + _In_ ULONG Status + ); + +#define DBG_STATUS_CONTROL_C 1 +#define DBG_STATUS_SYSRQ 2 +#define DBG_STATUS_BUGCHECK_FIRST 3 +#define DBG_STATUS_BUGCHECK_SECOND 4 +#define DBG_STATUS_FATAL 5 +#define DBG_STATUS_DEBUG_CONTROL 6 +#define DBG_STATUS_WORKER 7 + +NTSYSAPI +ULONG +STDAPIVCALLTYPE +DbgPrint( + _In_z_ _Printf_format_string_ PCSTR Format, + ... + ); + +NTSYSAPI +ULONG +STDAPIVCALLTYPE +DbgPrintEx( + _In_ ULONG ComponentId, + _In_ ULONG Level, + _In_z_ _Printf_format_string_ PCSTR Format, + ... + ); + +NTSYSAPI +ULONG +NTAPI +vDbgPrintEx( + _In_ ULONG ComponentId, + _In_ ULONG Level, + _In_z_ PCCH Format, + _In_ va_list arglist + ); + +NTSYSAPI +ULONG +NTAPI +vDbgPrintExWithPrefix( + _In_z_ PCCH Prefix, + _In_ ULONG ComponentId, + _In_ ULONG Level, + _In_z_ PCCH Format, + _In_ va_list arglist + ); + +NTSYSAPI +NTSTATUS +NTAPI +DbgQueryDebugFilterState( + _In_ ULONG ComponentId, + _In_ ULONG Level + ); + +NTSYSAPI +NTSTATUS +NTAPI +DbgSetDebugFilterState( + _In_ ULONG ComponentId, + _In_ ULONG Level, + _In_ BOOLEAN State + ); + +NTSYSAPI +ULONG +NTAPI +DbgPrompt( + _In_ PCCH Prompt, + _Out_writes_bytes_(Length) PCH Response, + _In_ ULONG Length + ); + +// Definitions + +typedef struct _DBGKM_EXCEPTION +{ + EXCEPTION_RECORD ExceptionRecord; + ULONG FirstChance; +} DBGKM_EXCEPTION, *PDBGKM_EXCEPTION; + +typedef struct _DBGKM_CREATE_THREAD +{ + ULONG SubSystemKey; + PVOID StartAddress; +} DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD; + +typedef struct _DBGKM_CREATE_PROCESS +{ + ULONG SubSystemKey; + HANDLE FileHandle; + PVOID BaseOfImage; + ULONG DebugInfoFileOffset; + ULONG DebugInfoSize; + DBGKM_CREATE_THREAD InitialThread; +} DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS; + +typedef struct _DBGKM_EXIT_THREAD +{ + NTSTATUS ExitStatus; +} DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD; + +typedef struct _DBGKM_EXIT_PROCESS +{ + NTSTATUS ExitStatus; +} DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS; + +typedef struct _DBGKM_LOAD_DLL +{ + HANDLE FileHandle; + PVOID BaseOfDll; + ULONG DebugInfoFileOffset; + ULONG DebugInfoSize; + PVOID NamePointer; +} DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL; + +typedef struct _DBGKM_UNLOAD_DLL +{ + PVOID BaseAddress; +} DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL; + +typedef enum _DBG_STATE +{ + DbgIdle, + DbgReplyPending, + DbgCreateThreadStateChange, + DbgCreateProcessStateChange, + DbgExitThreadStateChange, + DbgExitProcessStateChange, + DbgExceptionStateChange, + DbgBreakpointStateChange, + DbgSingleStepStateChange, + DbgLoadDllStateChange, + DbgUnloadDllStateChange +} DBG_STATE, *PDBG_STATE; + +typedef struct _DBGUI_CREATE_THREAD +{ + HANDLE HandleToThread; + DBGKM_CREATE_THREAD NewThread; +} DBGUI_CREATE_THREAD, *PDBGUI_CREATE_THREAD; + +typedef struct _DBGUI_CREATE_PROCESS +{ + HANDLE HandleToProcess; + HANDLE HandleToThread; + DBGKM_CREATE_PROCESS NewProcess; +} DBGUI_CREATE_PROCESS, *PDBGUI_CREATE_PROCESS; + +typedef struct _DBGUI_WAIT_STATE_CHANGE +{ + DBG_STATE NewState; + CLIENT_ID AppClientId; + union + { + DBGKM_EXCEPTION Exception; + DBGUI_CREATE_THREAD CreateThread; + DBGUI_CREATE_PROCESS CreateProcessInfo; + DBGKM_EXIT_THREAD ExitThread; + DBGKM_EXIT_PROCESS ExitProcess; + DBGKM_LOAD_DLL LoadDll; + DBGKM_UNLOAD_DLL UnloadDll; + } StateInfo; +} DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE; + +#define DEBUG_READ_EVENT 0x0001 +#define DEBUG_PROCESS_ASSIGN 0x0002 +#define DEBUG_SET_INFORMATION 0x0004 +#define DEBUG_QUERY_INFORMATION 0x0008 +#define DEBUG_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \ + DEBUG_READ_EVENT | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | \ + DEBUG_QUERY_INFORMATION) + +#define DEBUG_KILL_ON_CLOSE 0x1 + +typedef enum _DEBUGOBJECTINFOCLASS +{ + DebugObjectUnusedInformation, + DebugObjectKillProcessOnExitInformation, // s: ULONG + MaxDebugObjectInfoClass +} DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS; + +// System calls + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateDebugObject( + _Out_ PHANDLE DebugObjectHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDebugActiveProcess( + _In_ HANDLE ProcessHandle, + _In_ HANDLE DebugObjectHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDebugContinue( + _In_ HANDLE DebugObjectHandle, + _In_ PCLIENT_ID ClientId, + _In_ NTSTATUS ContinueStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRemoveProcessDebug( + _In_ HANDLE ProcessHandle, + _In_ HANDLE DebugObjectHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationDebugObject( + _In_ HANDLE DebugObjectHandle, + _In_ DEBUGOBJECTINFOCLASS DebugObjectInformationClass, + _In_ PVOID DebugInformation, + _In_ ULONG DebugInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWaitForDebugEvent( + _In_ HANDLE DebugObjectHandle, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout, + _Out_ PDBGUI_WAIT_STATE_CHANGE WaitStateChange + ); + +// Debugging UI + +NTSYSAPI +NTSTATUS +NTAPI +DbgUiConnectToDbg( + VOID + ); + +NTSYSAPI +HANDLE +NTAPI +DbgUiGetThreadDebugObject( + VOID + ); + +NTSYSAPI +VOID +NTAPI +DbgUiSetThreadDebugObject( + _In_ HANDLE DebugObject + ); + +NTSYSAPI +NTSTATUS +NTAPI +DbgUiWaitStateChange( + _Out_ PDBGUI_WAIT_STATE_CHANGE StateChange, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSAPI +NTSTATUS +NTAPI +DbgUiContinue( + _In_ PCLIENT_ID AppClientId, + _In_ NTSTATUS ContinueStatus + ); + +NTSYSAPI +NTSTATUS +NTAPI +DbgUiStopDebugging( + _In_ HANDLE Process + ); + +NTSYSAPI +NTSTATUS +NTAPI +DbgUiDebugActiveProcess( + _In_ HANDLE Process + ); + +NTSYSAPI +VOID +NTAPI +DbgUiRemoteBreakin( + _In_ PVOID Context + ); + +NTSYSAPI +NTSTATUS +NTAPI +DbgUiIssueRemoteBreakin( + _In_ HANDLE Process + ); + +NTSYSAPI +NTSTATUS +NTAPI +DbgUiConvertStateChangeStructure( + _In_ PDBGUI_WAIT_STATE_CHANGE StateChange, + _Out_ LPDEBUG_EVENT DebugEvent + ); + +NTSYSAPI +NTSTATUS +NTAPI +DbgUiConvertStateChangeStructureEx( + _In_ PDBGUI_WAIT_STATE_CHANGE StateChange, + _Out_ LPDEBUG_EVENT DebugEvent + ); + +typedef struct _EVENT_FILTER_DESCRIPTOR *PEVENT_FILTER_DESCRIPTOR; + +typedef VOID (NTAPI *PENABLECALLBACK)( + _In_ LPCGUID SourceId, + _In_ ULONG IsEnabled, + _In_ UCHAR Level, + _In_ ULONGLONG MatchAnyKeyword, + _In_ ULONGLONG MatchAllKeyword, + _In_opt_ PEVENT_FILTER_DESCRIPTOR FilterData, + _Inout_opt_ PVOID CallbackContext + ); + +typedef ULONGLONG REGHANDLE, *PREGHANDLE; + +NTSYSAPI +NTSTATUS +NTAPI +EtwEventRegister( + _In_ LPCGUID ProviderId, + _In_opt_ PENABLECALLBACK EnableCallback, + _In_opt_ PVOID CallbackContext, + _Out_ PREGHANDLE RegHandle + ); + +#endif diff --git a/deps/phnt-nightly/ntexapi.h b/deps/phnt-nightly/ntexapi.h new file mode 100644 index 0000000..96b74fb --- /dev/null +++ b/deps/phnt-nightly/ntexapi.h @@ -0,0 +1,7096 @@ +/* + * Executive support library functions + * + * This file is part of System Informer. + */ + +#ifndef _NTEXAPI_H +#define _NTEXAPI_H + +#include + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +// Thread execution + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDelayExecution( + _In_ BOOLEAN Alertable, + _In_ PLARGE_INTEGER DelayInterval + ); + +// Environment values + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQuerySystemEnvironmentValue( + _In_ PUNICODE_STRING VariableName, + _Out_writes_bytes_(ValueLength) PWSTR VariableValue, + _In_ USHORT ValueLength, + _Out_opt_ PUSHORT ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetSystemEnvironmentValue( + _In_ PUNICODE_STRING VariableName, + _In_ PUNICODE_STRING VariableValue + ); + +#define EFI_VARIABLE_NON_VOLATILE 0x00000001 +#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 +#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 +#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008 +#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010 +#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020 +#define EFI_VARIABLE_APPEND_WRITE 0x00000040 +#define EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS 0x00000080 + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQuerySystemEnvironmentValueEx( + _In_ PUNICODE_STRING VariableName, + _In_ PCGUID VendorGuid, + _Out_writes_bytes_opt_(*ValueLength) PVOID Value, + _Inout_ PULONG ValueLength, + _Out_opt_ PULONG Attributes // EFI_VARIABLE_* + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetSystemEnvironmentValueEx( + _In_ PUNICODE_STRING VariableName, + _In_ PCGUID VendorGuid, + _In_reads_bytes_opt_(ValueLength) PVOID Value, + _In_ ULONG ValueLength, // 0 = delete variable + _In_ ULONG Attributes // EFI_VARIABLE_* + ); + +typedef enum _SYSTEM_ENVIRONMENT_INFORMATION_CLASS +{ + SystemEnvironmentNameInformation = 1, // q: VARIABLE_NAME + SystemEnvironmentValueInformation = 2, // q: VARIABLE_NAME_AND_VALUE + MaxSystemEnvironmentInfoClass +} SYSTEM_ENVIRONMENT_INFORMATION_CLASS; + +typedef struct _VARIABLE_NAME +{ + ULONG NextEntryOffset; + GUID VendorGuid; + WCHAR Name[ANYSIZE_ARRAY]; +} VARIABLE_NAME, *PVARIABLE_NAME; + +typedef struct _VARIABLE_NAME_AND_VALUE +{ + ULONG NextEntryOffset; + ULONG ValueOffset; + ULONG ValueLength; + ULONG Attributes; + GUID VendorGuid; + WCHAR Name[ANYSIZE_ARRAY]; + //BYTE Value[ANYSIZE_ARRAY]; +} VARIABLE_NAME_AND_VALUE, *PVARIABLE_NAME_AND_VALUE; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtEnumerateSystemEnvironmentValuesEx( + _In_ ULONG InformationClass, // SYSTEM_ENVIRONMENT_INFORMATION_CLASS + _Out_ PVOID Buffer, + _Inout_ PULONG BufferLength + ); + +// EFI + +// private +typedef struct _BOOT_ENTRY +{ + ULONG Version; + ULONG Length; + ULONG Id; + ULONG Attributes; + ULONG FriendlyNameOffset; + ULONG BootFilePathOffset; + ULONG OsOptionsLength; + _Field_size_bytes_(OsOptionsLength) UCHAR OsOptions[1]; +} BOOT_ENTRY, *PBOOT_ENTRY; + +// private +typedef struct _BOOT_ENTRY_LIST +{ + ULONG NextEntryOffset; + BOOT_ENTRY BootEntry; +} BOOT_ENTRY_LIST, *PBOOT_ENTRY_LIST; + +// private +typedef struct _BOOT_OPTIONS +{ + ULONG Version; + ULONG Length; + ULONG Timeout; + ULONG CurrentBootEntryId; + ULONG NextBootEntryId; + WCHAR HeadlessRedirection[1]; +} BOOT_OPTIONS, *PBOOT_OPTIONS; + +// private +typedef struct _FILE_PATH +{ + ULONG Version; + ULONG Length; + ULONG Type; + _Field_size_bytes_(Length) UCHAR FilePath[1]; +} FILE_PATH, *PFILE_PATH; + +// private +typedef struct _EFI_DRIVER_ENTRY +{ + ULONG Version; + ULONG Length; + ULONG Id; + ULONG FriendlyNameOffset; + ULONG DriverFilePathOffset; +} EFI_DRIVER_ENTRY, *PEFI_DRIVER_ENTRY; + +// private +typedef struct _EFI_DRIVER_ENTRY_LIST +{ + ULONG NextEntryOffset; + EFI_DRIVER_ENTRY DriverEntry; +} EFI_DRIVER_ENTRY_LIST, *PEFI_DRIVER_ENTRY_LIST; + +#if (PHNT_VERSION >= PHNT_WINXP) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAddBootEntry( + _In_ PBOOT_ENTRY BootEntry, + _Out_opt_ PULONG Id + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDeleteBootEntry( + _In_ ULONG Id + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtModifyBootEntry( + _In_ PBOOT_ENTRY BootEntry + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtEnumerateBootEntries( + _Out_writes_bytes_opt_(*BufferLength) PVOID Buffer, + _Inout_ PULONG BufferLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryBootEntryOrder( + _Out_writes_opt_(*Count) PULONG Ids, + _Inout_ PULONG Count + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetBootEntryOrder( + _In_reads_(Count) PULONG Ids, + _In_ ULONG Count + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryBootOptions( + _Out_writes_bytes_opt_(*BootOptionsLength) PBOOT_OPTIONS BootOptions, + _Inout_ PULONG BootOptionsLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetBootOptions( + _In_ PBOOT_OPTIONS BootOptions, + _In_ ULONG FieldsToChange + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtTranslateFilePath( + _In_ PFILE_PATH InputFilePath, + _In_ ULONG OutputType, + _Out_writes_bytes_opt_(*OutputFilePathLength) PFILE_PATH OutputFilePath, + _Inout_opt_ PULONG OutputFilePathLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAddDriverEntry( + _In_ PEFI_DRIVER_ENTRY DriverEntry, + _Out_opt_ PULONG Id + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDeleteDriverEntry( + _In_ ULONG Id + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtModifyDriverEntry( + _In_ PEFI_DRIVER_ENTRY DriverEntry + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtEnumerateDriverEntries( + _Out_writes_bytes_opt_(*BufferLength) PVOID Buffer, + _Inout_ PULONG BufferLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryDriverEntryOrder( + _Out_writes_opt_(*Count) PULONG Ids, + _Inout_ PULONG Count + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetDriverEntryOrder( + _In_reads_(Count) PULONG Ids, + _In_ ULONG Count + ); + +#endif + +typedef enum _FILTER_BOOT_OPTION_OPERATION +{ + FilterBootOptionOperationOpenSystemStore, + FilterBootOptionOperationSetElement, + FilterBootOptionOperationDeleteElement, + FilterBootOptionOperationMax +} FILTER_BOOT_OPTION_OPERATION; + +#if (PHNT_VERSION >= PHNT_WIN8) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFilterBootOption( + _In_ FILTER_BOOT_OPTION_OPERATION FilterOperation, + _In_ ULONG ObjectType, + _In_ ULONG ElementType, + _In_reads_bytes_opt_(DataSize) PVOID Data, + _In_ ULONG DataSize + ); + +#endif + +// Event + +#ifndef EVENT_QUERY_STATE +#define EVENT_QUERY_STATE 0x0001 +#endif + +#ifndef EVENT_MODIFY_STATE +#define EVENT_MODIFY_STATE 0x0002 +#endif + +#ifndef EVENT_ALL_ACCESS +#define EVENT_ALL_ACCESS (EVENT_QUERY_STATE|EVENT_MODIFY_STATE|STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE) +#endif + +typedef enum _EVENT_INFORMATION_CLASS +{ + EventBasicInformation +} EVENT_INFORMATION_CLASS; + +typedef struct _EVENT_BASIC_INFORMATION +{ + EVENT_TYPE EventType; + LONG EventState; +} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateEvent( + _Out_ PHANDLE EventHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ EVENT_TYPE EventType, + _In_ BOOLEAN InitialState + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenEvent( + _Out_ PHANDLE EventHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetEvent( + _In_ HANDLE EventHandle, + _Out_opt_ PLONG PreviousState + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetEventBoostPriority( + _In_ HANDLE EventHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtClearEvent( + _In_ HANDLE EventHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtResetEvent( + _In_ HANDLE EventHandle, + _Out_opt_ PLONG PreviousState + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtPulseEvent( + _In_ HANDLE EventHandle, + _Out_opt_ PLONG PreviousState + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryEvent( + _In_ HANDLE EventHandle, + _In_ EVENT_INFORMATION_CLASS EventInformationClass, + _Out_writes_bytes_(EventInformationLength) PVOID EventInformation, + _In_ ULONG EventInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +// Event Pair + +#define EVENT_PAIR_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateEventPair( + _Out_ PHANDLE EventPairHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenEventPair( + _Out_ PHANDLE EventPairHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetLowEventPair( + _In_ HANDLE EventPairHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetHighEventPair( + _In_ HANDLE EventPairHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWaitLowEventPair( + _In_ HANDLE EventPairHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWaitHighEventPair( + _In_ HANDLE EventPairHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetLowWaitHighEventPair( + _In_ HANDLE EventPairHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetHighWaitLowEventPair( + _In_ HANDLE EventPairHandle + ); + +// Mutant + +#ifndef MUTANT_QUERY_STATE +#define MUTANT_QUERY_STATE 0x0001 +#endif + +#ifndef MUTANT_ALL_ACCESS +#define MUTANT_ALL_ACCESS (MUTANT_QUERY_STATE|STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE) +#endif + +typedef enum _MUTANT_INFORMATION_CLASS +{ + MutantBasicInformation, // MUTANT_BASIC_INFORMATION + MutantOwnerInformation // MUTANT_OWNER_INFORMATION +} MUTANT_INFORMATION_CLASS; + +typedef struct _MUTANT_BASIC_INFORMATION +{ + LONG CurrentCount; + BOOLEAN OwnedByCaller; + BOOLEAN AbandonedState; +} MUTANT_BASIC_INFORMATION, *PMUTANT_BASIC_INFORMATION; + +typedef struct _MUTANT_OWNER_INFORMATION +{ + CLIENT_ID ClientId; +} MUTANT_OWNER_INFORMATION, *PMUTANT_OWNER_INFORMATION; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateMutant( + _Out_ PHANDLE MutantHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ BOOLEAN InitialOwner + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenMutant( + _Out_ PHANDLE MutantHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReleaseMutant( + _In_ HANDLE MutantHandle, + _Out_opt_ PLONG PreviousCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryMutant( + _In_ HANDLE MutantHandle, + _In_ MUTANT_INFORMATION_CLASS MutantInformationClass, + _Out_writes_bytes_(MutantInformationLength) PVOID MutantInformation, + _In_ ULONG MutantInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +// Semaphore + +#ifndef SEMAPHORE_QUERY_STATE +#define SEMAPHORE_QUERY_STATE 0x0001 +#endif + +#ifndef SEMAPHORE_MODIFY_STATE +#define SEMAPHORE_MODIFY_STATE 0x0002 +#endif + +#ifndef SEMAPHORE_ALL_ACCESS +#define SEMAPHORE_ALL_ACCESS (SEMAPHORE_QUERY_STATE|SEMAPHORE_MODIFY_STATE|STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE) +#endif + +typedef enum _SEMAPHORE_INFORMATION_CLASS +{ + SemaphoreBasicInformation +} SEMAPHORE_INFORMATION_CLASS; + +typedef struct _SEMAPHORE_BASIC_INFORMATION +{ + LONG CurrentCount; + LONG MaximumCount; +} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateSemaphore( + _Out_ PHANDLE SemaphoreHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ LONG InitialCount, + _In_ LONG MaximumCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenSemaphore( + _Out_ PHANDLE SemaphoreHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReleaseSemaphore( + _In_ HANDLE SemaphoreHandle, + _In_ LONG ReleaseCount, + _Out_opt_ PLONG PreviousCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQuerySemaphore( + _In_ HANDLE SemaphoreHandle, + _In_ SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass, + _Out_writes_bytes_(SemaphoreInformationLength) PVOID SemaphoreInformation, + _In_ ULONG SemaphoreInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +// Timer + +#ifndef TIMER_QUERY_STATE +#define TIMER_QUERY_STATE 0x0001 +#endif + +#ifndef TIMER_MODIFY_STATE +#define TIMER_MODIFY_STATE 0x0002 +#endif + +#ifndef TIMER_ALL_ACCESS +#define TIMER_ALL_ACCESS (TIMER_QUERY_STATE|TIMER_MODIFY_STATE|STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE) +#endif + +typedef enum _TIMER_INFORMATION_CLASS +{ + TimerBasicInformation // TIMER_BASIC_INFORMATION +} TIMER_INFORMATION_CLASS; + +typedef struct _TIMER_BASIC_INFORMATION +{ + LARGE_INTEGER RemainingTime; + BOOLEAN TimerState; +} TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION; + +typedef VOID (NTAPI *PTIMER_APC_ROUTINE)( + _In_ PVOID TimerContext, + _In_ ULONG TimerLowValue, + _In_ LONG TimerHighValue + ); + +typedef enum _TIMER_SET_INFORMATION_CLASS +{ + TimerSetCoalescableTimer, // TIMER_SET_COALESCABLE_TIMER_INFO + MaxTimerInfoClass +} TIMER_SET_INFORMATION_CLASS; + +#if (PHNT_VERSION >= PHNT_WIN7) +typedef struct _COUNTED_REASON_CONTEXT *PCOUNTED_REASON_CONTEXT; + +typedef struct _TIMER_SET_COALESCABLE_TIMER_INFO +{ + _In_ LARGE_INTEGER DueTime; + _In_opt_ PTIMER_APC_ROUTINE TimerApcRoutine; + _In_opt_ PVOID TimerContext; + _In_opt_ PCOUNTED_REASON_CONTEXT WakeContext; + _In_opt_ ULONG Period; + _In_ ULONG TolerableDelay; + _Out_opt_ PBOOLEAN PreviousState; +} TIMER_SET_COALESCABLE_TIMER_INFO, *PTIMER_SET_COALESCABLE_TIMER_INFO; +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateTimer( + _Out_ PHANDLE TimerHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ TIMER_TYPE TimerType + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenTimer( + _Out_ PHANDLE TimerHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetTimer( + _In_ HANDLE TimerHandle, + _In_ PLARGE_INTEGER DueTime, + _In_opt_ PTIMER_APC_ROUTINE TimerApcRoutine, + _In_opt_ PVOID TimerContext, + _In_ BOOLEAN ResumeTimer, + _In_opt_ LONG Period, + _Out_opt_ PBOOLEAN PreviousState + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetTimerEx( + _In_ HANDLE TimerHandle, + _In_ TIMER_SET_INFORMATION_CLASS TimerSetInformationClass, + _Inout_updates_bytes_opt_(TimerSetInformationLength) PVOID TimerSetInformation, + _In_ ULONG TimerSetInformationLength + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCancelTimer( + _In_ HANDLE TimerHandle, + _Out_opt_ PBOOLEAN CurrentState + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryTimer( + _In_ HANDLE TimerHandle, + _In_ TIMER_INFORMATION_CLASS TimerInformationClass, + _Out_writes_bytes_(TimerInformationLength) PVOID TimerInformation, + _In_ ULONG TimerInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +#if (PHNT_VERSION >= PHNT_WIN8) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateIRTimer( + _Out_ PHANDLE TimerHandle, + _In_ ACCESS_MASK DesiredAccess + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetIRTimer( + _In_ HANDLE TimerHandle, + _In_opt_ PLARGE_INTEGER DueTime + ); + +#endif + +typedef struct _T2_SET_PARAMETERS_V0 +{ + ULONG Version; + ULONG Reserved; + LONGLONG NoWakeTolerance; +} T2_SET_PARAMETERS, *PT2_SET_PARAMETERS; + +typedef PVOID PT2_CANCEL_PARAMETERS; + +#if (PHNT_VERSION >= PHNT_THRESHOLD) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateTimer2( + _Out_ PHANDLE TimerHandle, + _In_opt_ PVOID Reserved1, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG Attributes, + _In_ ACCESS_MASK DesiredAccess + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetTimer2( + _In_ HANDLE TimerHandle, + _In_ PLARGE_INTEGER DueTime, + _In_opt_ PLARGE_INTEGER Period, + _In_ PT2_SET_PARAMETERS Parameters + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCancelTimer2( + _In_ HANDLE TimerHandle, + _In_ PT2_CANCEL_PARAMETERS Parameters + ); + +#endif + +// Profile + +#define PROFILE_CONTROL 0x0001 +#define PROFILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateProfile( + _Out_ PHANDLE ProfileHandle, + _In_opt_ HANDLE Process, + _In_ PVOID ProfileBase, + _In_ SIZE_T ProfileSize, + _In_ ULONG BucketSize, + _In_reads_bytes_(BufferSize) PULONG Buffer, + _In_ ULONG BufferSize, + _In_ KPROFILE_SOURCE ProfileSource, + _In_ KAFFINITY Affinity + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateProfileEx( + _Out_ PHANDLE ProfileHandle, + _In_opt_ HANDLE Process, + _In_ PVOID ProfileBase, + _In_ SIZE_T ProfileSize, + _In_ ULONG BucketSize, + _In_reads_bytes_(BufferSize) PULONG Buffer, + _In_ ULONG BufferSize, + _In_ KPROFILE_SOURCE ProfileSource, + _In_ USHORT GroupCount, + _In_reads_(GroupCount) PGROUP_AFFINITY GroupAffinity + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtStartProfile( + _In_ HANDLE ProfileHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtStopProfile( + _In_ HANDLE ProfileHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryIntervalProfile( + _In_ KPROFILE_SOURCE ProfileSource, + _Out_ PULONG Interval + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetIntervalProfile( + _In_ ULONG Interval, + _In_ KPROFILE_SOURCE Source + ); + +// Keyed Event + +#define KEYEDEVENT_WAIT 0x0001 +#define KEYEDEVENT_WAKE 0x0002 +#define KEYEDEVENT_ALL_ACCESS \ + (STANDARD_RIGHTS_REQUIRED | KEYEDEVENT_WAIT | KEYEDEVENT_WAKE) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateKeyedEvent( + _Out_ PHANDLE KeyedEventHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _Reserved_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenKeyedEvent( + _Out_ PHANDLE KeyedEventHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReleaseKeyedEvent( + _In_opt_ HANDLE KeyedEventHandle, + _In_ PVOID KeyValue, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWaitForKeyedEvent( + _In_opt_ HANDLE KeyedEventHandle, + _In_ PVOID KeyValue, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout + ); + +// UMS + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtUmsThreadYield( + _In_ PVOID SchedulerParam + ); +#endif + +// WNF + +// begin_private + +typedef struct _WNF_STATE_NAME +{ + ULONG Data[2]; +} WNF_STATE_NAME, *PWNF_STATE_NAME; + +typedef const WNF_STATE_NAME *PCWNF_STATE_NAME; + +typedef enum _WNF_STATE_NAME_LIFETIME +{ + WnfWellKnownStateName, + WnfPermanentStateName, + WnfPersistentStateName, + WnfTemporaryStateName +} WNF_STATE_NAME_LIFETIME; + +typedef enum _WNF_STATE_NAME_INFORMATION +{ + WnfInfoStateNameExist, + WnfInfoSubscribersPresent, + WnfInfoIsQuiescent +} WNF_STATE_NAME_INFORMATION; + +typedef enum _WNF_DATA_SCOPE +{ + WnfDataScopeSystem, + WnfDataScopeSession, + WnfDataScopeUser, + WnfDataScopeProcess, + WnfDataScopeMachine, // REDSTONE3 + WnfDataScopePhysicalMachine, // WIN11 +} WNF_DATA_SCOPE; + +typedef struct _WNF_TYPE_ID +{ + GUID TypeId; +} WNF_TYPE_ID, *PWNF_TYPE_ID; + +typedef const WNF_TYPE_ID *PCWNF_TYPE_ID; + +// rev +typedef ULONG WNF_CHANGE_STAMP, *PWNF_CHANGE_STAMP; + +typedef struct _WNF_DELIVERY_DESCRIPTOR +{ + ULONGLONG SubscriptionId; + WNF_STATE_NAME StateName; + WNF_CHANGE_STAMP ChangeStamp; + ULONG StateDataSize; + ULONG EventMask; + WNF_TYPE_ID TypeId; + ULONG StateDataOffset; +} WNF_DELIVERY_DESCRIPTOR, *PWNF_DELIVERY_DESCRIPTOR; + +// end_private + +#if (PHNT_VERSION >= PHNT_WIN8) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateWnfStateName( + _Out_ PWNF_STATE_NAME StateName, + _In_ WNF_STATE_NAME_LIFETIME NameLifetime, + _In_ WNF_DATA_SCOPE DataScope, + _In_ BOOLEAN PersistData, + _In_opt_ PCWNF_TYPE_ID TypeId, + _In_ ULONG MaximumStateSize, + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDeleteWnfStateName( + _In_ PCWNF_STATE_NAME StateName + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtUpdateWnfStateData( + _In_ PCWNF_STATE_NAME StateName, + _In_reads_bytes_opt_(Length) const VOID* Buffer, + _In_opt_ ULONG Length, + _In_opt_ PCWNF_TYPE_ID TypeId, + _In_opt_ const VOID* ExplicitScope, + _In_ WNF_CHANGE_STAMP MatchingChangeStamp, + _In_ LOGICAL CheckStamp + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDeleteWnfStateData( + _In_ PCWNF_STATE_NAME StateName, + _In_opt_ const VOID* ExplicitScope + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryWnfStateData( + _In_ PCWNF_STATE_NAME StateName, + _In_opt_ PCWNF_TYPE_ID TypeId, + _In_opt_ const VOID* ExplicitScope, + _Out_ PWNF_CHANGE_STAMP ChangeStamp, + _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, + _Inout_ PULONG BufferSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryWnfStateNameInformation( + _In_ PCWNF_STATE_NAME StateName, + _In_ WNF_STATE_NAME_INFORMATION NameInfoClass, + _In_opt_ const VOID* ExplicitScope, + _Out_writes_bytes_(InfoBufferSize) PVOID InfoBuffer, + _In_ ULONG InfoBufferSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSubscribeWnfStateChange( + _In_ PCWNF_STATE_NAME StateName, + _In_opt_ WNF_CHANGE_STAMP ChangeStamp, + _In_ ULONG EventMask, + _Out_opt_ PULONG64 SubscriptionId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtUnsubscribeWnfStateChange( + _In_ PCWNF_STATE_NAME StateName + ); + +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtGetCompleteWnfStateSubscription( + _In_opt_ PWNF_STATE_NAME OldDescriptorStateName, + _In_opt_ ULONG64 *OldSubscriptionId, + _In_opt_ ULONG OldDescriptorEventMask, + _In_opt_ ULONG OldDescriptorStatus, + _Out_writes_bytes_(DescriptorSize) PWNF_DELIVERY_DESCRIPTOR NewDeliveryDescriptor, + _In_ ULONG DescriptorSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetWnfProcessNotificationEvent( + _In_ HANDLE NotificationEvent + ); + +#endif + +// Worker factory + +// begin_rev + +#define WORKER_FACTORY_RELEASE_WORKER 0x0001 +#define WORKER_FACTORY_WAIT 0x0002 +#define WORKER_FACTORY_SET_INFORMATION 0x0004 +#define WORKER_FACTORY_QUERY_INFORMATION 0x0008 +#define WORKER_FACTORY_READY_WORKER 0x0010 +#define WORKER_FACTORY_SHUTDOWN 0x0020 + +#define WORKER_FACTORY_ALL_ACCESS ( \ + STANDARD_RIGHTS_REQUIRED | \ + WORKER_FACTORY_RELEASE_WORKER | \ + WORKER_FACTORY_WAIT | \ + WORKER_FACTORY_SET_INFORMATION | \ + WORKER_FACTORY_QUERY_INFORMATION | \ + WORKER_FACTORY_READY_WORKER | \ + WORKER_FACTORY_SHUTDOWN \ + ) + +// end_rev + +// begin_private + +typedef enum _WORKERFACTORYINFOCLASS +{ + WorkerFactoryTimeout, // LARGE_INTEGER + WorkerFactoryRetryTimeout, // LARGE_INTEGER + WorkerFactoryIdleTimeout, // s: LARGE_INTEGER + WorkerFactoryBindingCount, // s: ULONG + WorkerFactoryThreadMinimum, // s: ULONG + WorkerFactoryThreadMaximum, // s: ULONG + WorkerFactoryPaused, // ULONG or BOOLEAN + WorkerFactoryBasicInformation, // q: WORKER_FACTORY_BASIC_INFORMATION + WorkerFactoryAdjustThreadGoal, + WorkerFactoryCallbackType, + WorkerFactoryStackInformation, // 10 + WorkerFactoryThreadBasePriority, // s: ULONG + WorkerFactoryTimeoutWaiters, // s: ULONG, since THRESHOLD + WorkerFactoryFlags, // s: ULONG + WorkerFactoryThreadSoftMaximum, // s: ULONG + WorkerFactoryThreadCpuSets, // since REDSTONE5 + MaxWorkerFactoryInfoClass +} WORKERFACTORYINFOCLASS, *PWORKERFACTORYINFOCLASS; + +typedef struct _WORKER_FACTORY_BASIC_INFORMATION +{ + LARGE_INTEGER Timeout; + LARGE_INTEGER RetryTimeout; + LARGE_INTEGER IdleTimeout; + BOOLEAN Paused; + BOOLEAN TimerSet; + BOOLEAN QueuedToExWorker; + BOOLEAN MayCreate; + BOOLEAN CreateInProgress; + BOOLEAN InsertedIntoQueue; + BOOLEAN Shutdown; + ULONG BindingCount; + ULONG ThreadMinimum; + ULONG ThreadMaximum; + ULONG PendingWorkerCount; + ULONG WaitingWorkerCount; + ULONG TotalWorkerCount; + ULONG ReleaseCount; + LONGLONG InfiniteWaitGoal; + PVOID StartRoutine; + PVOID StartParameter; + HANDLE ProcessId; + SIZE_T StackReserve; + SIZE_T StackCommit; + NTSTATUS LastThreadCreationStatus; +} WORKER_FACTORY_BASIC_INFORMATION, *PWORKER_FACTORY_BASIC_INFORMATION; + +// end_private + +#if (PHNT_VERSION >= PHNT_VISTA) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateWorkerFactory( + _Out_ PHANDLE WorkerFactoryHandleReturn, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE CompletionPortHandle, + _In_ HANDLE WorkerProcessHandle, + _In_ PVOID StartRoutine, + _In_opt_ PVOID StartParameter, + _In_opt_ ULONG MaxThreadCount, + _In_opt_ SIZE_T StackReserve, + _In_opt_ SIZE_T StackCommit + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInformationWorkerFactory( + _In_ HANDLE WorkerFactoryHandle, + _In_ WORKERFACTORYINFOCLASS WorkerFactoryInformationClass, + _Out_writes_bytes_(WorkerFactoryInformationLength) PVOID WorkerFactoryInformation, + _In_ ULONG WorkerFactoryInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationWorkerFactory( + _In_ HANDLE WorkerFactoryHandle, + _In_ WORKERFACTORYINFOCLASS WorkerFactoryInformationClass, + _In_reads_bytes_(WorkerFactoryInformationLength) PVOID WorkerFactoryInformation, + _In_ ULONG WorkerFactoryInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtShutdownWorkerFactory( + _In_ HANDLE WorkerFactoryHandle, + _Inout_ volatile LONG *PendingWorkerCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReleaseWorkerFactoryWorker( + _In_ HANDLE WorkerFactoryHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWorkerFactoryWorkerReady( + _In_ HANDLE WorkerFactoryHandle + ); + +#if (PHNT_VERSION >= PHNT_WIN8) + +typedef struct _FILE_IO_COMPLETION_INFORMATION *PFILE_IO_COMPLETION_INFORMATION; +typedef struct _PORT_MESSAGE *PPORT_MESSAGE; + +typedef struct _WORKER_FACTORY_DEFERRED_WORK +{ + PPORT_MESSAGE AlpcSendMessage; + PVOID AlpcSendMessagePort; + ULONG AlpcSendMessageFlags; + ULONG Flags; +} WORKER_FACTORY_DEFERRED_WORK, *PWORKER_FACTORY_DEFERRED_WORK; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWaitForWorkViaWorkerFactory( + _In_ HANDLE WorkerFactoryHandle, + _Out_writes_to_(Count, *PacketsReturned) PFILE_IO_COMPLETION_INFORMATION MiniPackets, + _In_ ULONG Count, + _Out_ PULONG PacketsReturned, + _In_ PWORKER_FACTORY_DEFERRED_WORK DeferredWork + ); + +#else + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWaitForWorkViaWorkerFactory( + _In_ HANDLE WorkerFactoryHandle, + _Out_ PFILE_IO_COMPLETION_INFORMATION MiniPacket + ); + +#endif + +#endif + +// Time + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQuerySystemTime( + _Out_ PLARGE_INTEGER SystemTime + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetSystemTime( + _In_opt_ PLARGE_INTEGER SystemTime, + _Out_opt_ PLARGE_INTEGER PreviousTime + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryTimerResolution( + _Out_ PULONG MaximumTime, + _Out_ PULONG MinimumTime, + _Out_ PULONG CurrentTime + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetTimerResolution( + _In_ ULONG DesiredTime, + _In_ BOOLEAN SetResolution, + _Out_ PULONG ActualTime + ); + +// Performance Counter + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryPerformanceCounter( + _Out_ PLARGE_INTEGER PerformanceCounter, + _Out_opt_ PLARGE_INTEGER PerformanceFrequency + ); + +#if (PHNT_VERSION >= PHNT_REDSTONE2) +// rev +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryAuxiliaryCounterFrequency( + _Out_ PLARGE_INTEGER AuxiliaryCounterFrequency + ); + +// rev +NTSYSCALLAPI +NTSTATUS +NTAPI +NtConvertBetweenAuxiliaryCounterAndPerformanceCounter( + _In_ BOOLEAN ConvertAuxiliaryToPerformanceCounter, + _In_ PLARGE_INTEGER PerformanceOrAuxiliaryCounterValue, + _Out_ PLARGE_INTEGER ConvertedValue, + _Out_opt_ PLARGE_INTEGER ConversionError + ); +#endif + +// LUIDs + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAllocateLocallyUniqueId( + _Out_ PLUID Luid + ); + +// UUIDs + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetUuidSeed( + _In_ PCHAR Seed + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAllocateUuids( + _Out_ PULARGE_INTEGER Time, + _Out_ PULONG Range, + _Out_ PULONG Sequence, + _Out_ PCHAR Seed + ); + +// System Information + +#endif // (PHNT_MODE != PHNT_MODE_KERNEL) + +// rev +// private +typedef enum _SYSTEM_INFORMATION_CLASS +{ + SystemBasicInformation, // q: SYSTEM_BASIC_INFORMATION + SystemProcessorInformation, // q: SYSTEM_PROCESSOR_INFORMATION + SystemPerformanceInformation, // q: SYSTEM_PERFORMANCE_INFORMATION + SystemTimeOfDayInformation, // q: SYSTEM_TIMEOFDAY_INFORMATION + SystemPathInformation, // not implemented + SystemProcessInformation, // q: SYSTEM_PROCESS_INFORMATION + SystemCallCountInformation, // q: SYSTEM_CALL_COUNT_INFORMATION + SystemDeviceInformation, // q: SYSTEM_DEVICE_INFORMATION + SystemProcessorPerformanceInformation, // q: SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION (EX in: USHORT ProcessorGroup) + SystemFlagsInformation, // q: SYSTEM_FLAGS_INFORMATION + SystemCallTimeInformation, // not implemented // SYSTEM_CALL_TIME_INFORMATION // 10 + SystemModuleInformation, // q: RTL_PROCESS_MODULES + SystemLocksInformation, // q: RTL_PROCESS_LOCKS + SystemStackTraceInformation, // q: RTL_PROCESS_BACKTRACES + SystemPagedPoolInformation, // not implemented + SystemNonPagedPoolInformation, // not implemented + SystemHandleInformation, // q: SYSTEM_HANDLE_INFORMATION + SystemObjectInformation, // q: SYSTEM_OBJECTTYPE_INFORMATION mixed with SYSTEM_OBJECT_INFORMATION + SystemPageFileInformation, // q: SYSTEM_PAGEFILE_INFORMATION + SystemVdmInstemulInformation, // q: SYSTEM_VDM_INSTEMUL_INFO + SystemVdmBopInformation, // not implemented // 20 + SystemFileCacheInformation, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypeSystemCache) + SystemPoolTagInformation, // q: SYSTEM_POOLTAG_INFORMATION + SystemInterruptInformation, // q: SYSTEM_INTERRUPT_INFORMATION (EX in: USHORT ProcessorGroup) + SystemDpcBehaviorInformation, // q: SYSTEM_DPC_BEHAVIOR_INFORMATION; s: SYSTEM_DPC_BEHAVIOR_INFORMATION (requires SeLoadDriverPrivilege) + SystemFullMemoryInformation, // not implemented // SYSTEM_MEMORY_USAGE_INFORMATION + SystemLoadGdiDriverInformation, // s (kernel-mode only) + SystemUnloadGdiDriverInformation, // s (kernel-mode only) + SystemTimeAdjustmentInformation, // q: SYSTEM_QUERY_TIME_ADJUST_INFORMATION; s: SYSTEM_SET_TIME_ADJUST_INFORMATION (requires SeSystemtimePrivilege) + SystemSummaryMemoryInformation, // not implemented // SYSTEM_MEMORY_USAGE_INFORMATION + SystemMirrorMemoryInformation, // s (requires license value "Kernel-MemoryMirroringSupported") (requires SeShutdownPrivilege) // 30 + SystemPerformanceTraceInformation, // q; s: (type depends on EVENT_TRACE_INFORMATION_CLASS) + SystemObsolete0, // not implemented + SystemExceptionInformation, // q: SYSTEM_EXCEPTION_INFORMATION + SystemCrashDumpStateInformation, // s: SYSTEM_CRASH_DUMP_STATE_INFORMATION (requires SeDebugPrivilege) + SystemKernelDebuggerInformation, // q: SYSTEM_KERNEL_DEBUGGER_INFORMATION + SystemContextSwitchInformation, // q: SYSTEM_CONTEXT_SWITCH_INFORMATION + SystemRegistryQuotaInformation, // q: SYSTEM_REGISTRY_QUOTA_INFORMATION; s (requires SeIncreaseQuotaPrivilege) + SystemExtendServiceTableInformation, // s (requires SeLoadDriverPrivilege) // loads win32k only + SystemPrioritySeperation, // s (requires SeTcbPrivilege) + SystemVerifierAddDriverInformation, // s (requires SeDebugPrivilege) // 40 + SystemVerifierRemoveDriverInformation, // s (requires SeDebugPrivilege) + SystemProcessorIdleInformation, // q: SYSTEM_PROCESSOR_IDLE_INFORMATION (EX in: USHORT ProcessorGroup) + SystemLegacyDriverInformation, // q: SYSTEM_LEGACY_DRIVER_INFORMATION + SystemCurrentTimeZoneInformation, // q; s: RTL_TIME_ZONE_INFORMATION + SystemLookasideInformation, // q: SYSTEM_LOOKASIDE_INFORMATION + SystemTimeSlipNotification, // s: HANDLE (NtCreateEvent) (requires SeSystemtimePrivilege) + SystemSessionCreate, // not implemented + SystemSessionDetach, // not implemented + SystemSessionInformation, // not implemented (SYSTEM_SESSION_INFORMATION) + SystemRangeStartInformation, // q: SYSTEM_RANGE_START_INFORMATION // 50 + SystemVerifierInformation, // q: SYSTEM_VERIFIER_INFORMATION; s (requires SeDebugPrivilege) + SystemVerifierThunkExtend, // s (kernel-mode only) + SystemSessionProcessInformation, // q: SYSTEM_SESSION_PROCESS_INFORMATION + SystemLoadGdiDriverInSystemSpace, // s: SYSTEM_GDI_DRIVER_INFORMATION (kernel-mode only) (same as SystemLoadGdiDriverInformation) + SystemNumaProcessorMap, // q: SYSTEM_NUMA_INFORMATION + SystemPrefetcherInformation, // q; s: PREFETCHER_INFORMATION // PfSnQueryPrefetcherInformation + SystemExtendedProcessInformation, // q: SYSTEM_PROCESS_INFORMATION + SystemRecommendedSharedDataAlignment, // q: ULONG // KeGetRecommendedSharedDataAlignment + SystemComPlusPackage, // q; s: ULONG + SystemNumaAvailableMemory, // q: SYSTEM_NUMA_INFORMATION // 60 + SystemProcessorPowerInformation, // q: SYSTEM_PROCESSOR_POWER_INFORMATION (EX in: USHORT ProcessorGroup) + SystemEmulationBasicInformation, // q: SYSTEM_BASIC_INFORMATION + SystemEmulationProcessorInformation, // q: SYSTEM_PROCESSOR_INFORMATION + SystemExtendedHandleInformation, // q: SYSTEM_HANDLE_INFORMATION_EX + SystemLostDelayedWriteInformation, // q: ULONG + SystemBigPoolInformation, // q: SYSTEM_BIGPOOL_INFORMATION + SystemSessionPoolTagInformation, // q: SYSTEM_SESSION_POOLTAG_INFORMATION + SystemSessionMappedViewInformation, // q: SYSTEM_SESSION_MAPPED_VIEW_INFORMATION + SystemHotpatchInformation, // q; s: SYSTEM_HOTPATCH_CODE_INFORMATION + SystemObjectSecurityMode, // q: ULONG // 70 + SystemWatchdogTimerHandler, // s: SYSTEM_WATCHDOG_HANDLER_INFORMATION // (kernel-mode only) + SystemWatchdogTimerInformation, // q: SYSTEM_WATCHDOG_TIMER_INFORMATION // (kernel-mode only) + SystemLogicalProcessorInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION (EX in: USHORT ProcessorGroup) + SystemWow64SharedInformationObsolete, // not implemented + SystemRegisterFirmwareTableInformationHandler, // s: SYSTEM_FIRMWARE_TABLE_HANDLER // (kernel-mode only) + SystemFirmwareTableInformation, // SYSTEM_FIRMWARE_TABLE_INFORMATION + SystemModuleInformationEx, // q: RTL_PROCESS_MODULE_INFORMATION_EX + SystemVerifierTriageInformation, // not implemented + SystemSuperfetchInformation, // q; s: SUPERFETCH_INFORMATION // PfQuerySuperfetchInformation + SystemMemoryListInformation, // q: SYSTEM_MEMORY_LIST_INFORMATION; s: SYSTEM_MEMORY_LIST_COMMAND (requires SeProfileSingleProcessPrivilege) // 80 + SystemFileCacheInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (same as SystemFileCacheInformation) + SystemThreadPriorityClientIdInformation, // s: SYSTEM_THREAD_CID_PRIORITY_INFORMATION (requires SeIncreaseBasePriorityPrivilege) + SystemProcessorIdleCycleTimeInformation, // q: SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION[] (EX in: USHORT ProcessorGroup) + SystemVerifierCancellationInformation, // SYSTEM_VERIFIER_CANCELLATION_INFORMATION // name:wow64:whNT32QuerySystemVerifierCancellationInformation + SystemProcessorPowerInformationEx, // not implemented + SystemRefTraceInformation, // q; s: SYSTEM_REF_TRACE_INFORMATION // ObQueryRefTraceInformation + SystemSpecialPoolInformation, // q; s: SYSTEM_SPECIAL_POOL_INFORMATION (requires SeDebugPrivilege) // MmSpecialPoolTag, then MmSpecialPoolCatchOverruns != 0 + SystemProcessIdInformation, // q: SYSTEM_PROCESS_ID_INFORMATION + SystemErrorPortInformation, // s (requires SeTcbPrivilege) + SystemBootEnvironmentInformation, // q: SYSTEM_BOOT_ENVIRONMENT_INFORMATION // 90 + SystemHypervisorInformation, // q: SYSTEM_HYPERVISOR_QUERY_INFORMATION + SystemVerifierInformationEx, // q; s: SYSTEM_VERIFIER_INFORMATION_EX + SystemTimeZoneInformation, // q; s: RTL_TIME_ZONE_INFORMATION (requires SeTimeZonePrivilege) + SystemImageFileExecutionOptionsInformation, // s: SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION (requires SeTcbPrivilege) + SystemCoverageInformation, // q: COVERAGE_MODULES s: COVERAGE_MODULE_REQUEST // ExpCovQueryInformation (requires SeDebugPrivilege) + SystemPrefetchPatchInformation, // SYSTEM_PREFETCH_PATCH_INFORMATION + SystemVerifierFaultsInformation, // s: SYSTEM_VERIFIER_FAULTS_INFORMATION (requires SeDebugPrivilege) + SystemSystemPartitionInformation, // q: SYSTEM_SYSTEM_PARTITION_INFORMATION + SystemSystemDiskInformation, // q: SYSTEM_SYSTEM_DISK_INFORMATION + SystemProcessorPerformanceDistribution, // q: SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION (EX in: USHORT ProcessorGroup) // 100 + SystemNumaProximityNodeInformation, // q; s: SYSTEM_NUMA_PROXIMITY_MAP + SystemDynamicTimeZoneInformation, // q; s: RTL_DYNAMIC_TIME_ZONE_INFORMATION (requires SeTimeZonePrivilege) + SystemCodeIntegrityInformation, // q: SYSTEM_CODEINTEGRITY_INFORMATION // SeCodeIntegrityQueryInformation + SystemProcessorMicrocodeUpdateInformation, // s: SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION + SystemProcessorBrandString, // q: CHAR[] // HaliQuerySystemInformation -> HalpGetProcessorBrandString, info class 23 + SystemVirtualAddressInformation, // q: SYSTEM_VA_LIST_INFORMATION[]; s: SYSTEM_VA_LIST_INFORMATION[] (requires SeIncreaseQuotaPrivilege) // MmQuerySystemVaInformation + SystemLogicalProcessorAndGroupInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX (EX in: LOGICAL_PROCESSOR_RELATIONSHIP RelationshipType) // since WIN7 // KeQueryLogicalProcessorRelationship + SystemProcessorCycleTimeInformation, // q: SYSTEM_PROCESSOR_CYCLE_TIME_INFORMATION[] (EX in: USHORT ProcessorGroup) + SystemStoreInformation, // q; s: SYSTEM_STORE_INFORMATION (requires SeProfileSingleProcessPrivilege) // SmQueryStoreInformation + SystemRegistryAppendString, // s: SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS // 110 + SystemAitSamplingValue, // s: ULONG (requires SeProfileSingleProcessPrivilege) + SystemVhdBootInformation, // q: SYSTEM_VHD_BOOT_INFORMATION + SystemCpuQuotaInformation, // q; s: PS_CPU_QUOTA_QUERY_INFORMATION + SystemNativeBasicInformation, // q: SYSTEM_BASIC_INFORMATION + SystemErrorPortTimeouts, // SYSTEM_ERROR_PORT_TIMEOUTS + SystemLowPriorityIoInformation, // q: SYSTEM_LOW_PRIORITY_IO_INFORMATION + SystemTpmBootEntropyInformation, // q: TPM_BOOT_ENTROPY_NT_RESULT // ExQueryTpmBootEntropyInformation + SystemVerifierCountersInformation, // q: SYSTEM_VERIFIER_COUNTERS_INFORMATION + SystemPagedPoolInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypePagedPool) + SystemSystemPtesInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypeSystemPtes) // 120 + SystemNodeDistanceInformation, // q: USHORT[4*NumaNodes] // (EX in: USHORT NodeNumber) + SystemAcpiAuditInformation, // q: SYSTEM_ACPI_AUDIT_INFORMATION // HaliQuerySystemInformation -> HalpAuditQueryResults, info class 26 + SystemBasicPerformanceInformation, // q: SYSTEM_BASIC_PERFORMANCE_INFORMATION // name:wow64:whNtQuerySystemInformation_SystemBasicPerformanceInformation + SystemQueryPerformanceCounterInformation, // q: SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION // since WIN7 SP1 + SystemSessionBigPoolInformation, // q: SYSTEM_SESSION_POOLTAG_INFORMATION // since WIN8 + SystemBootGraphicsInformation, // q; s: SYSTEM_BOOT_GRAPHICS_INFORMATION (kernel-mode only) + SystemScrubPhysicalMemoryInformation, // q; s: MEMORY_SCRUB_INFORMATION + SystemBadPageInformation, + SystemProcessorProfileControlArea, // q; s: SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA + SystemCombinePhysicalMemoryInformation, // s: MEMORY_COMBINE_INFORMATION, MEMORY_COMBINE_INFORMATION_EX, MEMORY_COMBINE_INFORMATION_EX2 // 130 + SystemEntropyInterruptTimingInformation, // q; s: SYSTEM_ENTROPY_TIMING_INFORMATION + SystemConsoleInformation, // q; s: SYSTEM_CONSOLE_INFORMATION + SystemPlatformBinaryInformation, // q: SYSTEM_PLATFORM_BINARY_INFORMATION (requires SeTcbPrivilege) + SystemPolicyInformation, // q: SYSTEM_POLICY_INFORMATION (Warbird/Encrypt/Decrypt/Execute) + SystemHypervisorProcessorCountInformation, // q: SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION + SystemDeviceDataInformation, // q: SYSTEM_DEVICE_DATA_INFORMATION + SystemDeviceDataEnumerationInformation, // q: SYSTEM_DEVICE_DATA_INFORMATION + SystemMemoryTopologyInformation, // q: SYSTEM_MEMORY_TOPOLOGY_INFORMATION + SystemMemoryChannelInformation, // q: SYSTEM_MEMORY_CHANNEL_INFORMATION + SystemBootLogoInformation, // q: SYSTEM_BOOT_LOGO_INFORMATION // 140 + SystemProcessorPerformanceInformationEx, // q: SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX // (EX in: USHORT ProcessorGroup) // since WINBLUE + SystemCriticalProcessErrorLogInformation, + SystemSecureBootPolicyInformation, // q: SYSTEM_SECUREBOOT_POLICY_INFORMATION + SystemPageFileInformationEx, // q: SYSTEM_PAGEFILE_INFORMATION_EX + SystemSecureBootInformation, // q: SYSTEM_SECUREBOOT_INFORMATION + SystemEntropyInterruptTimingRawInformation, + SystemPortableWorkspaceEfiLauncherInformation, // q: SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION + SystemFullProcessInformation, // q: SYSTEM_PROCESS_INFORMATION with SYSTEM_PROCESS_INFORMATION_EXTENSION (requires admin) + SystemKernelDebuggerInformationEx, // q: SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX + SystemBootMetadataInformation, // 150 + SystemSoftRebootInformation, // q: ULONG + SystemElamCertificateInformation, // s: SYSTEM_ELAM_CERTIFICATE_INFORMATION + SystemOfflineDumpConfigInformation, // q: OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2 + SystemProcessorFeaturesInformation, // q: SYSTEM_PROCESSOR_FEATURES_INFORMATION + SystemRegistryReconciliationInformation, // s: NULL (requires admin) (flushes registry hives) + SystemEdidInformation, // q: SYSTEM_EDID_INFORMATION + SystemManufacturingInformation, // q: SYSTEM_MANUFACTURING_INFORMATION // since THRESHOLD + SystemEnergyEstimationConfigInformation, // q: SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION + SystemHypervisorDetailInformation, // q: SYSTEM_HYPERVISOR_DETAIL_INFORMATION + SystemProcessorCycleStatsInformation, // q: SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION (EX in: USHORT ProcessorGroup) // 160 + SystemVmGenerationCountInformation, + SystemTrustedPlatformModuleInformation, // q: SYSTEM_TPM_INFORMATION + SystemKernelDebuggerFlags, // SYSTEM_KERNEL_DEBUGGER_FLAGS + SystemCodeIntegrityPolicyInformation, // q; s: SYSTEM_CODEINTEGRITYPOLICY_INFORMATION + SystemIsolatedUserModeInformation, // q: SYSTEM_ISOLATED_USER_MODE_INFORMATION + SystemHardwareSecurityTestInterfaceResultsInformation, + SystemSingleModuleInformation, // q: SYSTEM_SINGLE_MODULE_INFORMATION + SystemAllowedCpuSetsInformation, // s: SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION + SystemVsmProtectionInformation, // q: SYSTEM_VSM_PROTECTION_INFORMATION (previously SystemDmaProtectionInformation) + SystemInterruptCpuSetsInformation, // q: SYSTEM_INTERRUPT_CPU_SET_INFORMATION // 170 + SystemSecureBootPolicyFullInformation, // q: SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION + SystemCodeIntegrityPolicyFullInformation, + SystemAffinitizedInterruptProcessorInformation, // (requires SeIncreaseBasePriorityPrivilege) + SystemRootSiloInformation, // q: SYSTEM_ROOT_SILO_INFORMATION + SystemCpuSetInformation, // q: SYSTEM_CPU_SET_INFORMATION // since THRESHOLD2 + SystemCpuSetTagInformation, // q: SYSTEM_CPU_SET_TAG_INFORMATION + SystemWin32WerStartCallout, + SystemSecureKernelProfileInformation, // q: SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION + SystemCodeIntegrityPlatformManifestInformation, // q: SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION // since REDSTONE + SystemInterruptSteeringInformation, // q: in: SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT, out: SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT // NtQuerySystemInformationEx // 180 + SystemSupportedProcessorArchitectures, // p: in opt: HANDLE, out: SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION[] // NtQuerySystemInformationEx + SystemMemoryUsageInformation, // q: SYSTEM_MEMORY_USAGE_INFORMATION + SystemCodeIntegrityCertificateInformation, // q: SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION + SystemPhysicalMemoryInformation, // q: SYSTEM_PHYSICAL_MEMORY_INFORMATION // since REDSTONE2 + SystemControlFlowTransition, // (Warbird/Encrypt/Decrypt/Execute) + SystemKernelDebuggingAllowed, // s: ULONG + SystemActivityModerationExeState, // SYSTEM_ACTIVITY_MODERATION_EXE_STATE + SystemActivityModerationUserSettings, // SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS + SystemCodeIntegrityPoliciesFullInformation, + SystemCodeIntegrityUnlockInformation, // SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION // 190 + SystemIntegrityQuotaInformation, + SystemFlushInformation, // q: SYSTEM_FLUSH_INFORMATION + SystemProcessorIdleMaskInformation, // q: ULONG_PTR[ActiveGroupCount] // since REDSTONE3 + SystemSecureDumpEncryptionInformation, + SystemWriteConstraintInformation, // SYSTEM_WRITE_CONSTRAINT_INFORMATION + SystemKernelVaShadowInformation, // SYSTEM_KERNEL_VA_SHADOW_INFORMATION + SystemHypervisorSharedPageInformation, // SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION // since REDSTONE4 + SystemFirmwareBootPerformanceInformation, + SystemCodeIntegrityVerificationInformation, // SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION + SystemFirmwarePartitionInformation, // SYSTEM_FIRMWARE_PARTITION_INFORMATION // 200 + SystemSpeculationControlInformation, // SYSTEM_SPECULATION_CONTROL_INFORMATION // (CVE-2017-5715) REDSTONE3 and above. + SystemDmaGuardPolicyInformation, // SYSTEM_DMA_GUARD_POLICY_INFORMATION + SystemEnclaveLaunchControlInformation, // SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION + SystemWorkloadAllowedCpuSetsInformation, // SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION // since REDSTONE5 + SystemCodeIntegrityUnlockModeInformation, // SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION + SystemLeapSecondInformation, // SYSTEM_LEAP_SECOND_INFORMATION + SystemFlags2Information, // q: SYSTEM_FLAGS_INFORMATION + SystemSecurityModelInformation, // SYSTEM_SECURITY_MODEL_INFORMATION // since 19H1 + SystemCodeIntegritySyntheticCacheInformation, + SystemFeatureConfigurationInformation, // SYSTEM_FEATURE_CONFIGURATION_INFORMATION // since 20H1 // 210 + SystemFeatureConfigurationSectionInformation, // SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION + SystemFeatureUsageSubscriptionInformation, // SYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS + SystemSecureSpeculationControlInformation, // SECURE_SPECULATION_CONTROL_INFORMATION + SystemSpacesBootInformation, // since 20H2 + SystemFwRamdiskInformation, // SYSTEM_FIRMWARE_RAMDISK_INFORMATION + SystemWheaIpmiHardwareInformation, + SystemDifSetRuleClassInformation, // SYSTEM_DIF_VOLATILE_INFORMATION + SystemDifClearRuleClassInformation, + SystemDifApplyPluginVerificationOnDriver, // SYSTEM_DIF_PLUGIN_DRIVER_INFORMATION + SystemDifRemovePluginVerificationOnDriver, // SYSTEM_DIF_PLUGIN_DRIVER_INFORMATION // 220 + SystemShadowStackInformation, // SYSTEM_SHADOW_STACK_INFORMATION + SystemBuildVersionInformation, // q: in: ULONG (LayerNumber), out: SYSTEM_BUILD_VERSION_INFORMATION // NtQuerySystemInformationEx // 222 + SystemPoolLimitInformation, // SYSTEM_POOL_LIMIT_INFORMATION (requires SeIncreaseQuotaPrivilege) + SystemCodeIntegrityAddDynamicStore, + SystemCodeIntegrityClearDynamicStores, + SystemDifPoolTrackingInformation, + SystemPoolZeroingInformation, // q: SYSTEM_POOL_ZEROING_INFORMATION + SystemDpcWatchdogInformation, // q; s: SYSTEM_DPC_WATCHDOG_CONFIGURATION_INFORMATION + SystemDpcWatchdogInformation2, // q; s: SYSTEM_DPC_WATCHDOG_CONFIGURATION_INFORMATION_V2 + SystemSupportedProcessorArchitectures2, // q: in opt: HANDLE, out: SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION[] // NtQuerySystemInformationEx // 230 + SystemSingleProcessorRelationshipInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX // (EX in: PROCESSOR_NUMBER Processor) + SystemXfgCheckFailureInformation, // q: SYSTEM_XFG_FAILURE_INFORMATION + SystemIommuStateInformation, // SYSTEM_IOMMU_STATE_INFORMATION // since 22H1 + SystemHypervisorMinrootInformation, // SYSTEM_HYPERVISOR_MINROOT_INFORMATION + SystemHypervisorBootPagesInformation, // SYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION + SystemPointerAuthInformation, // SYSTEM_POINTER_AUTH_INFORMATION + SystemSecureKernelDebuggerInformation, + SystemOriginalImageFeatureInformation, // q: in: SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT, out: SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT // NtQuerySystemInformationEx + MaxSystemInfoClass +} SYSTEM_INFORMATION_CLASS; + +typedef struct _SYSTEM_BASIC_INFORMATION +{ + ULONG Reserved; + ULONG TimerResolution; + ULONG PageSize; + ULONG NumberOfPhysicalPages; + ULONG LowestPhysicalPageNumber; + ULONG HighestPhysicalPageNumber; + ULONG AllocationGranularity; + ULONG_PTR MinimumUserModeAddress; + ULONG_PTR MaximumUserModeAddress; + KAFFINITY ActiveProcessorsAffinityMask; + CCHAR NumberOfProcessors; +} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION; + +typedef struct _SYSTEM_PROCESSOR_INFORMATION +{ + USHORT ProcessorArchitecture; + USHORT ProcessorLevel; + USHORT ProcessorRevision; + USHORT MaximumProcessors; + ULONG ProcessorFeatureBits; +} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION; + +typedef struct _SYSTEM_PERFORMANCE_INFORMATION +{ + LARGE_INTEGER IdleProcessTime; + LARGE_INTEGER IoReadTransferCount; + LARGE_INTEGER IoWriteTransferCount; + LARGE_INTEGER IoOtherTransferCount; + ULONG IoReadOperationCount; + ULONG IoWriteOperationCount; + ULONG IoOtherOperationCount; + ULONG AvailablePages; + ULONG CommittedPages; + ULONG CommitLimit; + ULONG PeakCommitment; + ULONG PageFaultCount; + ULONG CopyOnWriteCount; + ULONG TransitionCount; + ULONG CacheTransitionCount; + ULONG DemandZeroCount; + ULONG PageReadCount; + ULONG PageReadIoCount; + ULONG CacheReadCount; + ULONG CacheIoCount; + ULONG DirtyPagesWriteCount; + ULONG DirtyWriteIoCount; + ULONG MappedPagesWriteCount; + ULONG MappedWriteIoCount; + ULONG PagedPoolPages; + ULONG NonPagedPoolPages; + ULONG PagedPoolAllocs; + ULONG PagedPoolFrees; + ULONG NonPagedPoolAllocs; + ULONG NonPagedPoolFrees; + ULONG FreeSystemPtes; + ULONG ResidentSystemCodePage; + ULONG TotalSystemDriverPages; + ULONG TotalSystemCodePages; + ULONG NonPagedPoolLookasideHits; + ULONG PagedPoolLookasideHits; + ULONG AvailablePagedPoolPages; + ULONG ResidentSystemCachePage; + ULONG ResidentPagedPoolPage; + ULONG ResidentSystemDriverPage; + ULONG CcFastReadNoWait; + ULONG CcFastReadWait; + ULONG CcFastReadResourceMiss; + ULONG CcFastReadNotPossible; + ULONG CcFastMdlReadNoWait; + ULONG CcFastMdlReadWait; + ULONG CcFastMdlReadResourceMiss; + ULONG CcFastMdlReadNotPossible; + ULONG CcMapDataNoWait; + ULONG CcMapDataWait; + ULONG CcMapDataNoWaitMiss; + ULONG CcMapDataWaitMiss; + ULONG CcPinMappedDataCount; + ULONG CcPinReadNoWait; + ULONG CcPinReadWait; + ULONG CcPinReadNoWaitMiss; + ULONG CcPinReadWaitMiss; + ULONG CcCopyReadNoWait; + ULONG CcCopyReadWait; + ULONG CcCopyReadNoWaitMiss; + ULONG CcCopyReadWaitMiss; + ULONG CcMdlReadNoWait; + ULONG CcMdlReadWait; + ULONG CcMdlReadNoWaitMiss; + ULONG CcMdlReadWaitMiss; + ULONG CcReadAheadIos; + ULONG CcLazyWriteIos; + ULONG CcLazyWritePages; + ULONG CcDataFlushes; + ULONG CcDataPages; + ULONG ContextSwitches; + ULONG FirstLevelTbFills; + ULONG SecondLevelTbFills; + ULONG SystemCalls; + ULONGLONG CcTotalDirtyPages; // since THRESHOLD + ULONGLONG CcDirtyPageThreshold; // since THRESHOLD + LONGLONG ResidentAvailablePages; // since THRESHOLD + ULONGLONG SharedCommittedPages; // since THRESHOLD +} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION; + +typedef struct _SYSTEM_TIMEOFDAY_INFORMATION +{ + LARGE_INTEGER BootTime; + LARGE_INTEGER CurrentTime; + LARGE_INTEGER TimeZoneBias; + ULONG TimeZoneId; + ULONG Reserved; + ULONGLONG BootTimeBias; + ULONGLONG SleepTimeBias; +} SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION; + +typedef struct _SYSTEM_THREAD_INFORMATION +{ + LARGE_INTEGER KernelTime; + LARGE_INTEGER UserTime; + LARGE_INTEGER CreateTime; + ULONG WaitTime; + ULONG_PTR StartAddress; + CLIENT_ID ClientId; + KPRIORITY Priority; + KPRIORITY BasePriority; + ULONG ContextSwitches; + KTHREAD_STATE ThreadState; + KWAIT_REASON WaitReason; +} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION; + +typedef struct _TEB *PTEB; + +// private +typedef struct _SYSTEM_EXTENDED_THREAD_INFORMATION +{ + SYSTEM_THREAD_INFORMATION ThreadInfo; + PVOID StackBase; + PVOID StackLimit; + ULONG_PTR Win32StartAddress; + PTEB TebBase; // since VISTA + ULONG_PTR Reserved2; + ULONG_PTR Reserved3; + ULONG_PTR Reserved4; +} SYSTEM_EXTENDED_THREAD_INFORMATION, *PSYSTEM_EXTENDED_THREAD_INFORMATION; + +typedef struct _SYSTEM_PROCESS_INFORMATION +{ + ULONG NextEntryOffset; + ULONG NumberOfThreads; + LARGE_INTEGER WorkingSetPrivateSize; // since VISTA + ULONG HardFaultCount; // since WIN7 + ULONG NumberOfThreadsHighWatermark; // since WIN7 + ULONGLONG CycleTime; // since WIN7 + LARGE_INTEGER CreateTime; + LARGE_INTEGER UserTime; + LARGE_INTEGER KernelTime; + UNICODE_STRING ImageName; + KPRIORITY BasePriority; + HANDLE UniqueProcessId; + HANDLE InheritedFromUniqueProcessId; + ULONG HandleCount; + ULONG SessionId; + ULONG_PTR UniqueProcessKey; // since VISTA (requires SystemExtendedProcessInformation) + SIZE_T PeakVirtualSize; + SIZE_T VirtualSize; + ULONG PageFaultCount; + SIZE_T PeakWorkingSetSize; + SIZE_T WorkingSetSize; + SIZE_T QuotaPeakPagedPoolUsage; + SIZE_T QuotaPagedPoolUsage; + SIZE_T QuotaPeakNonPagedPoolUsage; + SIZE_T QuotaNonPagedPoolUsage; + SIZE_T PagefileUsage; + SIZE_T PeakPagefileUsage; + SIZE_T PrivatePageCount; + LARGE_INTEGER ReadOperationCount; + LARGE_INTEGER WriteOperationCount; + LARGE_INTEGER OtherOperationCount; + LARGE_INTEGER ReadTransferCount; + LARGE_INTEGER WriteTransferCount; + LARGE_INTEGER OtherTransferCount; + SYSTEM_THREAD_INFORMATION Threads[1]; // SystemProcessInformation + // SYSTEM_EXTENDED_THREAD_INFORMATION Threads[1]; // SystemExtendedProcessinformation + // SYSTEM_EXTENDED_THREAD_INFORMATION + SYSTEM_PROCESS_INFORMATION_EXTENSION // SystemFullProcessInformation +} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION; + +typedef struct _SYSTEM_CALL_COUNT_INFORMATION +{ + ULONG Length; + ULONG NumberOfTables; +} SYSTEM_CALL_COUNT_INFORMATION, *PSYSTEM_CALL_COUNT_INFORMATION; + +typedef struct _SYSTEM_DEVICE_INFORMATION +{ + ULONG NumberOfDisks; + ULONG NumberOfFloppies; + ULONG NumberOfCdRoms; + ULONG NumberOfTapes; + ULONG NumberOfSerialPorts; + ULONG NumberOfParallelPorts; +} SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION; + +typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION +{ + LARGE_INTEGER IdleTime; + LARGE_INTEGER KernelTime; + LARGE_INTEGER UserTime; + LARGE_INTEGER DpcTime; + LARGE_INTEGER InterruptTime; + ULONG InterruptCount; +} SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; + +typedef struct _SYSTEM_FLAGS_INFORMATION +{ + ULONG Flags; // NtGlobalFlag +} SYSTEM_FLAGS_INFORMATION, *PSYSTEM_FLAGS_INFORMATION; + +// private +typedef struct _SYSTEM_CALL_TIME_INFORMATION +{ + ULONG Length; + ULONG TotalCalls; + LARGE_INTEGER TimeOfCalls[1]; +} SYSTEM_CALL_TIME_INFORMATION, *PSYSTEM_CALL_TIME_INFORMATION; + +// private +typedef struct _RTL_PROCESS_LOCK_INFORMATION +{ + PVOID Address; + USHORT Type; + USHORT CreatorBackTraceIndex; + HANDLE OwningThread; + LONG LockCount; + ULONG ContentionCount; + ULONG EntryCount; + LONG RecursionCount; + ULONG NumberOfWaitingShared; + ULONG NumberOfWaitingExclusive; +} RTL_PROCESS_LOCK_INFORMATION, *PRTL_PROCESS_LOCK_INFORMATION; + +// private +typedef struct _RTL_PROCESS_LOCKS +{ + ULONG NumberOfLocks; + _Field_size_(NumberOfLocks) RTL_PROCESS_LOCK_INFORMATION Locks[1]; +} RTL_PROCESS_LOCKS, *PRTL_PROCESS_LOCKS; + +// private +typedef struct _RTL_PROCESS_BACKTRACE_INFORMATION +{ + PCHAR SymbolicBackTrace; + ULONG TraceCount; + USHORT Index; + USHORT Depth; + PVOID BackTrace[32]; +} RTL_PROCESS_BACKTRACE_INFORMATION, *PRTL_PROCESS_BACKTRACE_INFORMATION; + +// private +typedef struct _RTL_PROCESS_BACKTRACES +{ + ULONG CommittedMemory; + ULONG ReservedMemory; + ULONG NumberOfBackTraceLookups; + ULONG NumberOfBackTraces; + _Field_size_(NumberOfBackTraces) RTL_PROCESS_BACKTRACE_INFORMATION BackTraces[1]; +} RTL_PROCESS_BACKTRACES, *PRTL_PROCESS_BACKTRACES; + +typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO +{ + USHORT UniqueProcessId; + USHORT CreatorBackTraceIndex; + UCHAR ObjectTypeIndex; + UCHAR HandleAttributes; + USHORT HandleValue; + PVOID Object; + ULONG GrantedAccess; +} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO; + +typedef struct _SYSTEM_HANDLE_INFORMATION +{ + ULONG NumberOfHandles; + _Field_size_(NumberOfHandles) SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1]; +} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; + +typedef struct _SYSTEM_OBJECTTYPE_INFORMATION +{ + ULONG NextEntryOffset; + ULONG NumberOfObjects; + ULONG NumberOfHandles; + ULONG TypeIndex; + ULONG InvalidAttributes; + GENERIC_MAPPING GenericMapping; + ULONG ValidAccessMask; + ULONG PoolType; + BOOLEAN SecurityRequired; + BOOLEAN WaitableObject; + UNICODE_STRING TypeName; +} SYSTEM_OBJECTTYPE_INFORMATION, *PSYSTEM_OBJECTTYPE_INFORMATION; + +typedef struct _SYSTEM_OBJECT_INFORMATION +{ + ULONG NextEntryOffset; + PVOID Object; + HANDLE CreatorUniqueProcess; + USHORT CreatorBackTraceIndex; + USHORT Flags; + LONG PointerCount; + LONG HandleCount; + ULONG PagedPoolCharge; + ULONG NonPagedPoolCharge; + HANDLE ExclusiveProcessId; + PVOID SecurityDescriptor; + UNICODE_STRING NameInfo; +} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION; + +typedef struct _SYSTEM_PAGEFILE_INFORMATION +{ + ULONG NextEntryOffset; + ULONG TotalSize; + ULONG TotalInUse; + ULONG PeakUsage; + UNICODE_STRING PageFileName; +} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION; + +typedef struct _SYSTEM_VDM_INSTEMUL_INFO +{ + ULONG SegmentNotPresent; + ULONG VdmOpcode0F; + ULONG OpcodeESPrefix; + ULONG OpcodeCSPrefix; + ULONG OpcodeSSPrefix; + ULONG OpcodeDSPrefix; + ULONG OpcodeFSPrefix; + ULONG OpcodeGSPrefix; + ULONG OpcodeOPER32Prefix; + ULONG OpcodeADDR32Prefix; + ULONG OpcodeINSB; + ULONG OpcodeINSW; + ULONG OpcodeOUTSB; + ULONG OpcodeOUTSW; + ULONG OpcodePUSHF; + ULONG OpcodePOPF; + ULONG OpcodeINTnn; + ULONG OpcodeINTO; + ULONG OpcodeIRET; + ULONG OpcodeINBimm; + ULONG OpcodeINWimm; + ULONG OpcodeOUTBimm; + ULONG OpcodeOUTWimm; + ULONG OpcodeINB; + ULONG OpcodeINW; + ULONG OpcodeOUTB; + ULONG OpcodeOUTW; + ULONG OpcodeLOCKPrefix; + ULONG OpcodeREPNEPrefix; + ULONG OpcodeREPPrefix; + ULONG OpcodeHLT; + ULONG OpcodeCLI; + ULONG OpcodeSTI; + ULONG BopCount; +} SYSTEM_VDM_INSTEMUL_INFO, *PSYSTEM_VDM_INSTEMUL_INFO; + +#define MM_WORKING_SET_MAX_HARD_ENABLE 0x1 +#define MM_WORKING_SET_MAX_HARD_DISABLE 0x2 +#define MM_WORKING_SET_MIN_HARD_ENABLE 0x4 +#define MM_WORKING_SET_MIN_HARD_DISABLE 0x8 + +typedef struct _SYSTEM_FILECACHE_INFORMATION +{ + SIZE_T CurrentSize; + SIZE_T PeakSize; + ULONG PageFaultCount; + SIZE_T MinimumWorkingSet; + SIZE_T MaximumWorkingSet; + SIZE_T CurrentSizeIncludingTransitionInPages; + SIZE_T PeakSizeIncludingTransitionInPages; + ULONG TransitionRePurposeCount; + ULONG Flags; +} SYSTEM_FILECACHE_INFORMATION, *PSYSTEM_FILECACHE_INFORMATION; + +// Can be used instead of SYSTEM_FILECACHE_INFORMATION +typedef struct _SYSTEM_BASIC_WORKING_SET_INFORMATION +{ + SIZE_T CurrentSize; + SIZE_T PeakSize; + ULONG PageFaultCount; +} SYSTEM_BASIC_WORKING_SET_INFORMATION, *PSYSTEM_BASIC_WORKING_SET_INFORMATION; + +typedef struct _SYSTEM_POOLTAG +{ + union + { + UCHAR Tag[4]; + ULONG TagUlong; + }; + ULONG PagedAllocs; + ULONG PagedFrees; + SIZE_T PagedUsed; + ULONG NonPagedAllocs; + ULONG NonPagedFrees; + SIZE_T NonPagedUsed; +} SYSTEM_POOLTAG, *PSYSTEM_POOLTAG; + +typedef struct _SYSTEM_POOLTAG_INFORMATION +{ + ULONG Count; + _Field_size_(Count) SYSTEM_POOLTAG TagInfo[1]; +} SYSTEM_POOLTAG_INFORMATION, *PSYSTEM_POOLTAG_INFORMATION; + +typedef struct _SYSTEM_INTERRUPT_INFORMATION +{ + ULONG ContextSwitches; + ULONG DpcCount; + ULONG DpcRate; + ULONG TimeIncrement; + ULONG DpcBypassCount; + ULONG ApcBypassCount; +} SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION; + +typedef struct _SYSTEM_DPC_BEHAVIOR_INFORMATION +{ + ULONG Spare; + ULONG DpcQueueDepth; + ULONG MinimumDpcRate; + ULONG AdjustDpcThreshold; + ULONG IdealDpcRate; +} SYSTEM_DPC_BEHAVIOR_INFORMATION, *PSYSTEM_DPC_BEHAVIOR_INFORMATION; + +typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION +{ + ULONG TimeAdjustment; + ULONG TimeIncrement; + BOOLEAN Enable; +} SYSTEM_QUERY_TIME_ADJUST_INFORMATION, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION; + +typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE +{ + ULONGLONG TimeAdjustment; + ULONGLONG TimeIncrement; + BOOLEAN Enable; +} SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE; + +typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION +{ + ULONG TimeAdjustment; + BOOLEAN Enable; +} SYSTEM_SET_TIME_ADJUST_INFORMATION, *PSYSTEM_SET_TIME_ADJUST_INFORMATION; + +typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE +{ + ULONGLONG TimeAdjustment; + BOOLEAN Enable; +} SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE, *PSYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE; + +#ifndef _TRACEHANDLE_DEFINED +#define _TRACEHANDLE_DEFINED +typedef ULONG64 TRACEHANDLE, *PTRACEHANDLE; +#endif + +typedef enum _EVENT_TRACE_INFORMATION_CLASS +{ + EventTraceKernelVersionInformation, // EVENT_TRACE_VERSION_INFORMATION + EventTraceGroupMaskInformation, // EVENT_TRACE_GROUPMASK_INFORMATION + EventTracePerformanceInformation, // EVENT_TRACE_PERFORMANCE_INFORMATION + EventTraceTimeProfileInformation, // EVENT_TRACE_TIME_PROFILE_INFORMATION + EventTraceSessionSecurityInformation, // EVENT_TRACE_SESSION_SECURITY_INFORMATION + EventTraceSpinlockInformation, // EVENT_TRACE_SPINLOCK_INFORMATION + EventTraceStackTracingInformation, // EVENT_TRACE_STACK_TRACING_INFORMATION + EventTraceExecutiveResourceInformation, // EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION + EventTraceHeapTracingInformation, // EVENT_TRACE_HEAP_TRACING_INFORMATION + EventTraceHeapSummaryTracingInformation, // EVENT_TRACE_HEAP_TRACING_INFORMATION + EventTracePoolTagFilterInformation, // EVENT_TRACE_POOLTAG_FILTER_INFORMATION + EventTracePebsTracingInformation, // EVENT_TRACE_PEBS_TRACING_INFORMATION + EventTraceProfileConfigInformation, // EVENT_TRACE_PROFILE_CONFIG_INFORMATION + EventTraceProfileSourceListInformation, // EVENT_TRACE_PROFILE_LIST_INFORMATION + EventTraceProfileEventListInformation, // EVENT_TRACE_PROFILE_EVENT_INFORMATION + EventTraceProfileCounterListInformation, // EVENT_TRACE_PROFILE_COUNTER_INFORMATION + EventTraceStackCachingInformation, // EVENT_TRACE_STACK_CACHING_INFORMATION + EventTraceObjectTypeFilterInformation, // EVENT_TRACE_OBJECT_TYPE_FILTER_INFORMATION + EventTraceSoftRestartInformation, // EVENT_TRACE_SOFT_RESTART_INFORMATION + EventTraceLastBranchConfigurationInformation, // REDSTONE3 + EventTraceLastBranchEventListInformation, + EventTraceProfileSourceAddInformation, // EVENT_TRACE_PROFILE_ADD_INFORMATION // REDSTONE4 + EventTraceProfileSourceRemoveInformation, // EVENT_TRACE_PROFILE_REMOVE_INFORMATION + EventTraceProcessorTraceConfigurationInformation, + EventTraceProcessorTraceEventListInformation, + EventTraceCoverageSamplerInformation, // EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION + EventTraceUnifiedStackCachingInformation, // since 21H1 + MaxEventTraceInfoClass +} EVENT_TRACE_INFORMATION_CLASS; + +typedef struct _TRACE_ENABLE_FLAG_EXTENSION +{ + USHORT Offset; // Offset to the flag array in structure + UCHAR Length; // Length of flag array in ULONGs + UCHAR Flag; // Must be set to EVENT_TRACE_FLAG_EXTENSION +} TRACE_ENABLE_FLAG_EXTENSION, *PTRACE_ENABLE_FLAG_EXTENSION; + +typedef struct _TRACE_ENABLE_FLAG_EXT_HEADER +{ + USHORT Length; // Length in ULONGs + USHORT Items; // # of items +} TRACE_ENABLE_FLAG_EXT_HEADER, *PTRACE_ENABLE_FLAG_EXT_HEADER; + +typedef struct _TRACE_ENABLE_FLAG_EXT_ITEM +{ + USHORT Offset; // Offset to the next block + USHORT Type; // Extension type +} TRACE_ENABLE_FLAG_EXT_ITEM, *PTRACE_ENABLE_FLAG_EXT_ITEM; + +#define EVENT_TRACE_FLAG_EXT_ITEMS 0x80FF0000 // New extension structure +#define EVENT_TRACE_FLAG_EXT_LEN_NEW_STRUCT 0xFF // Pseudo length to denote new struct format + +#define ETW_MINIMUM_CACHED_STACK_LENGTH 4 +#define ETW_SW_ARRAY_SIZE 256 // Frame Count allocated in lookaside list +#define ETW_STACK_SW_ARRAY_SIZE 192 // Frame Count allocated in stack +#define ETW_MAX_STACKWALK_FILTER 256 // Max number of HookId's +#define ETW_MAX_TAG_FILTER 4 +#define ETW_MAX_POOLTAG_FILTER ETW_MAX_TAG_FILTER + +#define ETW_EXT_ENABLE_FLAGS 0x0001 +#define ETW_EXT_PIDS 0x0002 +#define ETW_EXT_STACKWALK_FILTER 0x0003 +#define ETW_EXT_POOLTAG_FILTER 0x0004 +#define ETW_EXT_STACK_CACHING 0x0005 + +// Extended item for configuring stack caching. +typedef struct _ETW_STACK_CACHING_CONFIG +{ + ULONG CacheSize; + ULONG BucketCount; +} ETW_STACK_CACHING_CONFIG, *PETW_STACK_CACHING_CONFIG; + +// The second bit is set if the trace is used by PM & CP (fixed headers) +// If not, the data block is used by for finer data for performance analysis +// +#define TRACE_HEADER_EVENT_TRACE 0x40000000 +// +// If set, the data block is SYSTEM_TRACE_HEADER +// +#define TRACE_HEADER_ENUM_MASK 0x00FF0000 + +#define PERF_MASK_INDEX (0xe0000000) +#define PERF_MASK_GROUP (~PERF_MASK_INDEX) +#define PERF_NUM_MASKS 8 + +#define PERF_GET_MASK_INDEX(GM) (((GM) & PERF_MASK_INDEX) >> 29) +#define PERF_GET_MASK_GROUP(GM) ((GM) & PERF_MASK_GROUP) +#define PERFINFO_OR_GROUP_WITH_GROUPMASK(Group, pGroupMask) \ + (pGroupMask)->Masks[PERF_GET_MASK_INDEX(Group)] |= PERF_GET_MASK_GROUP(Group); + +// Masks[0] +#define PERF_PROCESS EVENT_TRACE_FLAG_PROCESS +#define PERF_THREAD EVENT_TRACE_FLAG_THREAD +#define PERF_PROC_THREAD EVENT_TRACE_FLAG_PROCESS | EVENT_TRACE_FLAG_THREAD +#define PERF_LOADER EVENT_TRACE_FLAG_IMAGE_LOAD +#define PERF_PERF_COUNTER EVENT_TRACE_FLAG_PROCESS_COUNTERS +#define PERF_FILENAME EVENT_TRACE_FLAG_DISK_FILE_IO +#define PERF_DISK_IO EVENT_TRACE_FLAG_DISK_FILE_IO | EVENT_TRACE_FLAG_DISK_IO +#define PERF_DISK_IO_INIT EVENT_TRACE_FLAG_DISK_IO_INIT +#define PERF_ALL_FAULTS EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS +#define PERF_HARD_FAULTS EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS +#define PERF_VAMAP EVENT_TRACE_FLAG_VAMAP +#define PERF_NETWORK EVENT_TRACE_FLAG_NETWORK_TCPIP +#define PERF_REGISTRY EVENT_TRACE_FLAG_REGISTRY +#define PERF_DBGPRINT EVENT_TRACE_FLAG_DBGPRINT +#define PERF_JOB EVENT_TRACE_FLAG_JOB +#define PERF_ALPC EVENT_TRACE_FLAG_ALPC +#define PERF_SPLIT_IO EVENT_TRACE_FLAG_SPLIT_IO +#define PERF_DEBUG_EVENTS EVENT_TRACE_FLAG_DEBUG_EVENTS +#define PERF_FILE_IO EVENT_TRACE_FLAG_FILE_IO +#define PERF_FILE_IO_INIT EVENT_TRACE_FLAG_FILE_IO_INIT +#define PERF_NO_SYSCONFIG EVENT_TRACE_FLAG_NO_SYSCONFIG + +// Masks[1] +#define PERF_MEMORY 0x20000001 +#define PERF_PROFILE 0x20000002 // equivalent to EVENT_TRACE_FLAG_PROFILE +#define PERF_CONTEXT_SWITCH 0x20000004 // equivalent to EVENT_TRACE_FLAG_CSWITCH +#define PERF_FOOTPRINT 0x20000008 +#define PERF_DRIVERS 0x20000010 // equivalent to EVENT_TRACE_FLAG_DRIVER +#define PERF_REFSET 0x20000020 +#define PERF_POOL 0x20000040 +#define PERF_POOLTRACE 0x20000041 +#define PERF_DPC 0x20000080 // equivalent to EVENT_TRACE_FLAG_DPC +#define PERF_COMPACT_CSWITCH 0x20000100 +#define PERF_DISPATCHER 0x20000200 // equivalent to EVENT_TRACE_FLAG_DISPATCHER +#define PERF_PMC_PROFILE 0x20000400 +#define PERF_PROFILING 0x20000402 +#define PERF_PROCESS_INSWAP 0x20000800 +#define PERF_AFFINITY 0x20001000 +#define PERF_PRIORITY 0x20002000 +#define PERF_INTERRUPT 0x20004000 // equivalent to EVENT_TRACE_FLAG_INTERRUPT +#define PERF_VIRTUAL_ALLOC 0x20008000 // equivalent to EVENT_TRACE_FLAG_VIRTUAL_ALLOC +#define PERF_SPINLOCK 0x20010000 +#define PERF_SYNC_OBJECTS 0x20020000 +#define PERF_DPC_QUEUE 0x20040000 +#define PERF_MEMINFO 0x20080000 +#define PERF_CONTMEM_GEN 0x20100000 +#define PERF_SPINLOCK_CNTRS 0x20200000 +#define PERF_SPININSTR 0x20210000 +#define PERF_SESSION 0x20400000 +#define PERF_PFSECTION 0x20400000 +#define PERF_MEMINFO_WS 0x20800000 +#define PERF_KERNEL_QUEUE 0x21000000 +#define PERF_INTERRUPT_STEER 0x22000000 +#define PERF_SHOULD_YIELD 0x24000000 +#define PERF_WS 0x28000000 +//#define PERF_POOLTRACE (PERF_MEMORY | PERF_POOL) +//#define PERF_PROFILING (PERF_PROFILE | PERF_PMC_PROFILE) +//#define PERF_SPININSTR (PERF_SPINLOCK | PERF_SPINLOCK_CNTRS) + +// Masks[2] +#define PERF_ANTI_STARVATION 0x40000001 +#define PERF_PROCESS_FREEZE 0x40000002 +#define PERF_PFN_LIST 0x40000004 +#define PERF_WS_DETAIL 0x40000008 +#define PERF_WS_ENTRY 0x40000010 +#define PERF_HEAP 0x40000020 +#define PERF_SYSCALL 0x40000040 // equivalent to EVENT_TRACE_FLAG_SYSTEMCALL +#define PERF_UMS 0x40000080 +#define PERF_BACKTRACE 0x40000100 +#define PERF_VULCAN 0x40000200 +#define PERF_OBJECTS 0x40000400 +#define PERF_EVENTS 0x40000800 +#define PERF_FULLTRACE 0x40001000 +#define PERF_DFSS 0x40002000 +#define PERF_PREFETCH 0x40004000 +#define PERF_PROCESSOR_IDLE 0x40008000 +#define PERF_CPU_CONFIG 0x40010000 +#define PERF_TIMER 0x40020000 +#define PERF_CLOCK_INTERRUPT 0x40040000 +#define PERF_LOAD_BALANCER 0x40080000 +#define PERF_CLOCK_TIMER 0x40100000 +#define PERF_IDLE_SELECTION 0x40200000 +#define PERF_IPI 0x40400000 +#define PERF_IO_TIMER 0x40800000 +#define PERF_REG_HIVE 0x41000000 +#define PERF_REG_NOTIF 0x42000000 +#define PERF_PPM_EXIT_LATENCY 0x44000000 +#define PERF_WORKER_THREAD 0x48000000 + +// Masks[4] +#define PERF_OPTICAL_IO 0x80000001 +#define PERF_OPTICAL_IO_INIT 0x80000002 +// Reserved 0x80000004 +#define PERF_DLL_INFO 0x80000008 +#define PERF_DLL_FLUSH_WS 0x80000010 +// Reserved 0x80000020 +#define PERF_OB_HANDLE 0x80000040 +#define PERF_OB_OBJECT 0x80000080 +// Reserved 0x80000100 +#define PERF_WAKE_DROP 0x80000200 +#define PERF_WAKE_EVENT 0x80000400 +#define PERF_DEBUGGER 0x80000800 +#define PERF_PROC_ATTACH 0x80001000 +#define PERF_WAKE_COUNTER 0x80002000 +// Reserved 0x80004000 +#define PERF_POWER 0x80008000 +#define PERF_SOFT_TRIM 0x80010000 +#define PERF_CC 0x80020000 +// Reserved 0x80040000 +#define PERF_FLT_IO_INIT 0x80080000 +#define PERF_FLT_IO 0x80100000 +#define PERF_FLT_FASTIO 0x80200000 +#define PERF_FLT_IO_FAILURE 0x80400000 +#define PERF_HV_PROFILE 0x80800000 +#define PERF_WDF_DPC 0x81000000 +#define PERF_WDF_INTERRUPT 0x82000000 +#define PERF_CACHE_FLUSH 0x84000000 + +// Masks[5] +#define PERF_HIBER_RUNDOWN 0xA0000001 + +// Masks[6] +#define PERF_SYSCFG_SYSTEM 0xC0000001 +#define PERF_SYSCFG_GRAPHICS 0xC0000002 +#define PERF_SYSCFG_STORAGE 0xC0000004 +#define PERF_SYSCFG_NETWORK 0xC0000008 +#define PERF_SYSCFG_SERVICES 0xC0000010 +#define PERF_SYSCFG_PNP 0xC0000020 +#define PERF_SYSCFG_OPTICAL 0xC0000040 +#define PERF_SYSCFG_ALL 0xDFFFFFFF + +// Masks[7] - Control Mask. All flags that change system behavior go here. +#define PERF_CLUSTER_OFF 0xE0000001 +#define PERF_MEMORY_CONTROL 0xE0000002 + +// The predefined event groups or families for NT subsystems +#define EVENT_TRACE_GROUP_HEADER 0x0000 +#define EVENT_TRACE_GROUP_IO 0x0100 +#define EVENT_TRACE_GROUP_MEMORY 0x0200 +#define EVENT_TRACE_GROUP_PROCESS 0x0300 +#define EVENT_TRACE_GROUP_FILE 0x0400 +#define EVENT_TRACE_GROUP_THREAD 0x0500 +#define EVENT_TRACE_GROUP_TCPIP 0x0600 +#define EVENT_TRACE_GROUP_JOB 0x0700 +#define EVENT_TRACE_GROUP_UDPIP 0x0800 +#define EVENT_TRACE_GROUP_REGISTRY 0x0900 +#define EVENT_TRACE_GROUP_DBGPRINT 0x0A00 +#define EVENT_TRACE_GROUP_CONFIG 0x0B00 +#define EVENT_TRACE_GROUP_SPARE1 0x0C00 // Spare1 +#define EVENT_TRACE_GROUP_WNF 0x0D00 +#define EVENT_TRACE_GROUP_POOL 0x0E00 +#define EVENT_TRACE_GROUP_PERFINFO 0x0F00 +#define EVENT_TRACE_GROUP_HEAP 0x1000 +#define EVENT_TRACE_GROUP_OBJECT 0x1100 +#define EVENT_TRACE_GROUP_POWER 0x1200 +#define EVENT_TRACE_GROUP_MODBOUND 0x1300 +#define EVENT_TRACE_GROUP_IMAGE 0x1400 +#define EVENT_TRACE_GROUP_DPC 0x1500 +#define EVENT_TRACE_GROUP_CC 0x1600 +#define EVENT_TRACE_GROUP_CRITSEC 0x1700 +#define EVENT_TRACE_GROUP_STACKWALK 0x1800 +#define EVENT_TRACE_GROUP_UMS 0x1900 +#define EVENT_TRACE_GROUP_ALPC 0x1A00 +#define EVENT_TRACE_GROUP_SPLITIO 0x1B00 +#define EVENT_TRACE_GROUP_THREAD_POOL 0x1C00 +#define EVENT_TRACE_GROUP_HYPERVISOR 0x1D00 +#define EVENT_TRACE_GROUP_HYPERVISORX 0x1E00 + +// +// Event for header +// +#define WMI_LOG_TYPE_HEADER (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_INFO) +#define WMI_LOG_TYPE_HEADER_EXTENSION (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_EXTENSION) +#define WMI_LOG_TYPE_RUNDOWN_COMPLETE (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_CHECKPOINT) +#define WMI_LOG_TYPE_GROUP_MASKS_END (EVENT_TRACE_GROUP_HEADER | 0x20) +#define WMI_LOG_TYPE_RUNDOWN_BEGIN (EVENT_TRACE_GROUP_HEADER | 0x30) +#define WMI_LOG_TYPE_RUNDOWN_END (EVENT_TRACE_GROUP_HEADER | 0x31) +#define WMI_LOG_TYPE_DBGID_RSDS (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_DBGID_RSDS) +#define WMI_LOG_TYPE_DBGID_NB10 (EVENT_TRACE_GROUP_HEADER | 0x41) +#define WMI_LOG_TYPE_BUILD_LAB (EVENT_TRACE_GROUP_HEADER | 0x42) +#define WMI_LOG_TYPE_BINARY_PATH (EVENT_TRACE_GROUP_HEADER | 0x43) + +// +// Event for system config +// +#define WMI_LOG_TYPE_CONFIG_CPU (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_CPU) +#define WMI_LOG_TYPE_CONFIG_PHYSICALDISK (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK) +#define WMI_LOG_TYPE_CONFIG_LOGICALDISK (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_LOGICALDISK) +#define WMI_LOG_TYPE_CONFIG_OPTICALMEDIA (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_OPTICALMEDIA) +#define WMI_LOG_TYPE_CONFIG_NIC (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_NIC) +#define WMI_LOG_TYPE_CONFIG_VIDEO (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_VIDEO) +#define WMI_LOG_TYPE_CONFIG_SERVICES (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_SERVICES) +#define WMI_LOG_TYPE_CONFIG_POWER (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_POWER) +#define WMI_LOG_TYPE_CONFIG_OSVERSION (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_OSVERSION) +#define WMI_LOG_TYPE_CONFIG_VISUALTHEME (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_VISUALTHEME) +#define WMI_LOG_TYPE_CONFIG_SYSTEMRANGE (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_SYSTEMRANGE) +#define WMI_LOG_TYPE_CONFIG_SYSDLLINFO (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_SYSDLLINFO) +#define WMI_LOG_TYPE_CONFIG_IRQ (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_IRQ) +#define WMI_LOG_TYPE_CONFIG_PNP (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PNP) +#define WMI_LOG_TYPE_CONFIG_IDECHANNEL (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_IDECHANNEL) +#define WMI_LOG_TYPE_CONFIG_NUMANODE (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_NUMANODE) +#define WMI_LOG_TYPE_CONFIG_PLATFORM (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PLATFORM) +#define WMI_LOG_TYPE_CONFIG_PROCESSORGROUP (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PROCESSORGROUP) +#define WMI_LOG_TYPE_CONFIG_PROCESSORNUMBER (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PROCESSORNUMBER) +#define WMI_LOG_TYPE_CONFIG_DPI (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_DPI) +#define WMI_LOG_TYPE_CONFIG_CODEINTEGRITY (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_CI_INFO) +#define WMI_LOG_TYPE_CONFIG_MACHINEID (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_MACHINEID) + +// +// Event for Image and File Name +// +#define PERFINFO_LOG_TYPE_FILENAME (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_INFO) +#define PERFINFO_LOG_TYPE_FILENAME_CREATE (EVENT_TRACE_GROUP_FILE | 0x20) +#define PERFINFO_LOG_TYPE_FILENAME_SAME (EVENT_TRACE_GROUP_FILE | 0x21) +#define PERFINFO_LOG_TYPE_FILENAME_NULL (EVENT_TRACE_GROUP_FILE | 0x22) +#define PERFINFO_LOG_TYPE_FILENAME_DELETE (EVENT_TRACE_GROUP_FILE | 0x23) +#define PERFINFO_LOG_TYPE_FILENAME_RUNDOWN (EVENT_TRACE_GROUP_FILE | 0x24) + +#define PERFINFO_LOG_TYPE_MAPFILE (EVENT_TRACE_GROUP_FILE | 0x25) +#define PERFINFO_LOG_TYPE_UNMAPFILE (EVENT_TRACE_GROUP_FILE | 0x26) +#define PERFINFO_LOG_TYPE_MAPFILE_DC_START (EVENT_TRACE_GROUP_FILE | 0x27) +#define PERFINFO_LOG_TYPE_MAPFILE_DC_END (EVENT_TRACE_GROUP_FILE | 0x28) + +#define PERFINFO_LOG_TYPE_FILE_IO_CREATE (EVENT_TRACE_GROUP_FILE | 0x40) +#define PERFINFO_LOG_TYPE_FILE_IO_CLEANUP (EVENT_TRACE_GROUP_FILE | 0x41) +#define PERFINFO_LOG_TYPE_FILE_IO_CLOSE (EVENT_TRACE_GROUP_FILE | 0x42) +#define PERFINFO_LOG_TYPE_FILE_IO_READ (EVENT_TRACE_GROUP_FILE | 0x43) +#define PERFINFO_LOG_TYPE_FILE_IO_WRITE (EVENT_TRACE_GROUP_FILE | 0x44) +#define PERFINFO_LOG_TYPE_FILE_IO_SET_INFORMATION (EVENT_TRACE_GROUP_FILE | 0x45) +#define PERFINFO_LOG_TYPE_FILE_IO_DELETE (EVENT_TRACE_GROUP_FILE | 0x46) +#define PERFINFO_LOG_TYPE_FILE_IO_RENAME (EVENT_TRACE_GROUP_FILE | 0x47) +#define PERFINFO_LOG_TYPE_FILE_IO_DIRENUM (EVENT_TRACE_GROUP_FILE | 0x48) +#define PERFINFO_LOG_TYPE_FILE_IO_FLUSH (EVENT_TRACE_GROUP_FILE | 0x49) +#define PERFINFO_LOG_TYPE_FILE_IO_QUERY_INFORMATION (EVENT_TRACE_GROUP_FILE | 0x4A) +#define PERFINFO_LOG_TYPE_FILE_IO_FS_CONTROL (EVENT_TRACE_GROUP_FILE | 0x4B) +#define PERFINFO_LOG_TYPE_FILE_IO_OPERATION_END (EVENT_TRACE_GROUP_FILE | 0x4C) +#define PERFINFO_LOG_TYPE_FILE_IO_DIRNOTIFY (EVENT_TRACE_GROUP_FILE | 0x4D) +#define PERFINFO_LOG_TYPE_FILE_IO_CREATE_NEW (EVENT_TRACE_GROUP_FILE | 0x4E) +#define PERFINFO_LOG_TYPE_FILE_IO_DELETE_PATH (EVENT_TRACE_GROUP_FILE | 0x4F) +#define PERFINFO_LOG_TYPE_FILE_IO_RENAME_PATH (EVENT_TRACE_GROUP_FILE | 0x50) +#define PERFINFO_LOG_TYPE_FILE_IO_SETLINK_PATH (EVENT_TRACE_GROUP_FILE | 0x51) +#define PERFINFO_LOG_TYPE_FILE_IO_SETLINK (EVENT_TRACE_GROUP_FILE | 0x52) + +// +// Event types for minifilter callbacks +// + +#define PERFINFO_LOG_TYPE_FLT_PREOP_INIT (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_PREOP_INIT) +#define PERFINFO_LOG_TYPE_FLT_POSTOP_INIT (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_POSTOP_INIT) +#define PERFINFO_LOG_TYPE_FLT_PREOP_COMPLETION (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_PREOP_COMPLETION) +#define PERFINFO_LOG_TYPE_FLT_POSTOP_COMPLETION (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_POSTOP_COMPLETION) +#define PERFINFO_LOG_TYPE_FLT_PREOP_FAILURE (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_PREOP_FAILURE) +#define PERFINFO_LOG_TYPE_FLT_POSTOP_FAILURE (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_POSTOP_FAILURE) + +// +// Event types for Job +// + +#define WMI_LOG_TYPE_JOB_CREATE (EVENT_TRACE_GROUP_JOB | 0x20) +#define WMI_LOG_TYPE_JOB_TERMINATE (EVENT_TRACE_GROUP_JOB | 0x21) +#define WMI_LOG_TYPE_JOB_OPEN (EVENT_TRACE_GROUP_JOB | 0x22) +#define WMI_LOG_TYPE_JOB_ASSIGN_PROCESS (EVENT_TRACE_GROUP_JOB | 0x23) +#define WMI_LOG_TYPE_JOB_REMOVE_PROCESS (EVENT_TRACE_GROUP_JOB | 0x24) +#define WMI_LOG_TYPE_JOB_SET (EVENT_TRACE_GROUP_JOB | 0x25) +#define WMI_LOG_TYPE_JOB_QUERY (EVENT_TRACE_GROUP_JOB | 0x26) +#define WMI_LOG_TYPE_JOB_SET_FAILED (EVENT_TRACE_GROUP_JOB | 0x27) +#define WMI_LOG_TYPE_JOB_QUERY_FAILED (EVENT_TRACE_GROUP_JOB | 0x28) +#define WMI_LOG_TYPE_JOB_SET_NOTIFICATION (EVENT_TRACE_GROUP_JOB | 0x29) +#define WMI_LOG_TYPE_JOB_SEND_NOTIFICATION (EVENT_TRACE_GROUP_JOB | 0x2A) +#define WMI_LOG_TYPE_JOB_QUERY_VIOLATION (EVENT_TRACE_GROUP_JOB | 0x2B) +#define WMI_LOG_TYPE_JOB_SET_CPU_RATE (EVENT_TRACE_GROUP_JOB | 0x2C) +#define WMI_LOG_TYPE_JOB_SET_NET_RATE (EVENT_TRACE_GROUP_JOB | 0x2D) + +// +// Event types for Process +// + +#define WMI_LOG_TYPE_PROCESS_CREATE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_START) +#define WMI_LOG_TYPE_PROCESS_DELETE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_END) +#define WMI_LOG_TYPE_PROCESS_DC_START (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_DC_START) +#define WMI_LOG_TYPE_PROCESS_DC_END (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_DC_END) +#define WMI_LOG_TYPE_PROCESS_LOAD_IMAGE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_LOAD) +#define WMI_LOG_TYPE_PROCESS_TERMINATE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_TERMINATE) + +#define PERFINFO_LOG_TYPE_PROCESS_PERFCTR_END (EVENT_TRACE_GROUP_PROCESS | 0x20) +#define PERFINFO_LOG_TYPE_PROCESS_PERFCTR_RD (EVENT_TRACE_GROUP_PROCESS | 0x21) +// Reserved (EVENT_TRACE_GROUP_PROCESS | 0x22) +#define PERFINFO_LOG_TYPE_INSWAPPROCESS (EVENT_TRACE_GROUP_PROCESS | 0x23) +#define PERFINFO_LOG_TYPE_PROCESS_FREEZE (EVENT_TRACE_GROUP_PROCESS | 0x24) +#define PERFINFO_LOG_TYPE_PROCESS_THAW (EVENT_TRACE_GROUP_PROCESS | 0x25) +#define PERFINFO_LOG_TYPE_BOOT_PHASE_START (EVENT_TRACE_GROUP_PROCESS | 0x26) +#define PERFINFO_LOG_TYPE_ZOMBIE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x27) +#define PERFINFO_LOG_TYPE_PROCESS_SET_AFFINITY (EVENT_TRACE_GROUP_PROCESS | 0x28) + +#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_USER (EVENT_TRACE_GROUP_PROCESS | 0x30) +#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x31) +#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x32) +#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x33) +#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x34) + +#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_USER (EVENT_TRACE_GROUP_PROCESS | 0x40) +#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x41) +#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x42) +#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x43) +#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x44) + +#define PERFINFO_LOG_TYPE_WAKE_DROP_USER (EVENT_TRACE_GROUP_PROCESS | 0x50) +#define PERFINFO_LOG_TYPE_WAKE_DROP_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x51) +#define PERFINFO_LOG_TYPE_WAKE_DROP_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x52) +#define PERFINFO_LOG_TYPE_WAKE_DROP_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x53) +#define PERFINFO_LOG_TYPE_WAKE_DROP_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x54) + +#define PERFINFO_LOG_TYPE_WAKE_EVENT_USER (EVENT_TRACE_GROUP_PROCESS | 0x60) +#define PERFINFO_LOG_TYPE_WAKE_EVENT_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x61) +#define PERFINFO_LOG_TYPE_WAKE_EVENT_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x62) +#define PERFINFO_LOG_TYPE_WAKE_EVENT_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x63) +#define PERFINFO_LOG_TYPE_WAKE_EVENT_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x64) + +#define PERFINFO_LOG_TYPE_DEBUG_EVENT (EVENT_TRACE_GROUP_PROCESS | 0x70) + +// +// Event types for Image and Library Loader +// + +#define WMI_LOG_TYPE_IMAGE_LOAD (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_START) // reserved for future +#define WMI_LOG_TYPE_IMAGE_UNLOAD (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_END) +#define WMI_LOG_TYPE_IMAGE_DC_START (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_DC_START) +#define WMI_LOG_TYPE_IMAGE_DC_END (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_DC_END) +#define WMI_LOG_TYPE_IMAGE_RELOCATION (EVENT_TRACE_GROUP_IMAGE | 0x20) +#define WMI_LOG_TYPE_IMAGE_KERNEL_BASE (EVENT_TRACE_GROUP_IMAGE | 0x21) +#define WMI_LOG_TYPE_IMAGE_HYPERCALL_PAGE (EVENT_TRACE_GROUP_IMAGE | 0x22) + +#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_ATTEMPT (EVENT_TRACE_GROUP_IMAGE | 0x80) // 128 +#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_SUCCESS (EVENT_TRACE_GROUP_IMAGE | 0x81) +#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_FAIL (EVENT_TRACE_GROUP_IMAGE | 0x82) +#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_WAIT (EVENT_TRACE_GROUP_IMAGE | 0x83) +#define PERFINFO_LOG_TYPE_LDR_PROC_INIT_DONE (EVENT_TRACE_GROUP_IMAGE | 0x84) // 132 +#define PERFINFO_LOG_TYPE_LDR_CREATE_SECTION (EVENT_TRACE_GROUP_IMAGE | 0x85) +#define PERFINFO_LOG_TYPE_LDR_SECTION_CREATED (EVENT_TRACE_GROUP_IMAGE | 0x86) +#define PERFINFO_LOG_TYPE_LDR_MAP_VIEW (EVENT_TRACE_GROUP_IMAGE | 0x87) + +#define PERFINFO_LOG_TYPE_LDR_RELOCATE_IMAGE (EVENT_TRACE_GROUP_IMAGE | 0x90) // 144 +#define PERFINFO_LOG_TYPE_LDR_IMAGE_RELOCATED (EVENT_TRACE_GROUP_IMAGE | 0x91) +#define PERFINFO_LOG_TYPE_LDR_HANDLE_OLD_DESCRIPTORS (EVENT_TRACE_GROUP_IMAGE | 0x92) +#define PERFINFO_LOG_TYPE_LDR_OLD_DESCRIPTORS_HANDLED (EVENT_TRACE_GROUP_IMAGE | 0x93) +#define PERFINFO_LOG_TYPE_LDR_HANDLE_NEW_DESCRIPTORS (EVENT_TRACE_GROUP_IMAGE | 0x94) // 148 +#define PERFINFO_LOG_TYPE_LDR_NEW_DESCRIPTORS_HANDLED (EVENT_TRACE_GROUP_IMAGE | 0x95) +#define PERFINFO_LOG_TYPE_LDR_DLLMAIN_EXIT (EVENT_TRACE_GROUP_IMAGE | 0x96) + +#define PERFINFO_LOG_TYPE_LDR_FIND_DLL (EVENT_TRACE_GROUP_IMAGE | 0xA0) // 160 +#define PERFINFO_LOG_TYPE_LDR_VIEW_MAPPED (EVENT_TRACE_GROUP_IMAGE | 0xA1) +#define PERFINFO_LOG_TYPE_LDR_LOCK_RELEASE (EVENT_TRACE_GROUP_IMAGE | 0xA2) +#define PERFINFO_LOG_TYPE_LDR_DLLMAIN_ENTER (EVENT_TRACE_GROUP_IMAGE | 0xA3) +#define PERFINFO_LOG_TYPE_LDR_ERROR (EVENT_TRACE_GROUP_IMAGE | 0xA4) // 164 + +#define PERFINFO_LOG_TYPE_LDR_VIEW_MAPPING (EVENT_TRACE_GROUP_IMAGE | 0xA5) // 165 +#define PERFINFO_LOG_TYPE_LDR_SNAPPING (EVENT_TRACE_GROUP_IMAGE | 0xA6) +#define PERFINFO_LOG_TYPE_LDR_SNAPPED (EVENT_TRACE_GROUP_IMAGE | 0xA7) +#define PERFINFO_LOG_TYPE_LDR_LOADING (EVENT_TRACE_GROUP_IMAGE | 0xA8) +#define PERFINFO_LOG_TYPE_LDR_LOADED (EVENT_TRACE_GROUP_IMAGE | 0xA9) +#define PERFINFO_LOG_TYPE_LDR_FOUND_KNOWN_DLL (EVENT_TRACE_GROUP_IMAGE | 0xAA) // 170 +#define PERFINFO_LOG_TYPE_LDR_ABNORMAL (EVENT_TRACE_GROUP_IMAGE | 0xAB) +#define PERFINFO_LOG_TYPE_LDR_PLACEHOLDER (EVENT_TRACE_GROUP_IMAGE | 0xAC) +#define PERFINFO_LOG_TYPE_LDR_RDY_TO_INIT (EVENT_TRACE_GROUP_IMAGE | 0xAD) +#define PERFINFO_LOG_TYPE_LDR_RDY_TO_RUN (EVENT_TRACE_GROUP_IMAGE | 0xAE) // 174 + + +#define PERFINFO_LOG_TYPE_LDR_NEW_DLL_LOAD (EVENT_TRACE_GROUP_IMAGE | 0xB0) // 176 +#define PERFINFO_LOG_TYPE_LDR_NEW_DLL_AS_DATA (EVENT_TRACE_GROUP_IMAGE | 0xB1) // 177 + +#define PERFINFO_LOG_TYPE_LDR_EXTERNAL_PATH (EVENT_TRACE_GROUP_IMAGE | 0xC0) // 192 +#define PERFINFO_LOG_TYPE_LDR_GENERATED_PATH (EVENT_TRACE_GROUP_IMAGE | 0xC1) + +#define PERFINFO_LOG_TYPE_LDR_APISET_RESOLVING (EVENT_TRACE_GROUP_IMAGE | 0xD0) // 208 +#define PERFINFO_LOG_TYPE_LDR_APISET_HOSTED (EVENT_TRACE_GROUP_IMAGE | 0xD1) // 209 +#define PERFINFO_LOG_TYPE_LDR_APISET_UNHOSTED (EVENT_TRACE_GROUP_IMAGE | 0xD2) // 210 +#define PERFINFO_LOG_TYPE_LDR_APISET_UNRESOLVED (EVENT_TRACE_GROUP_IMAGE | 0xD3) // 211 + +#define PERFINFO_LOG_TYPE_LDR_SEARCH_SECURITY (EVENT_TRACE_GROUP_IMAGE | 0xD4) // 212 +#define PERFINFO_LOG_TYPE_LDR_SEARCH_PATH_SECURITY (EVENT_TRACE_GROUP_IMAGE | 0xD5) // 213 + +// +// Event types for Thread +// + +#define WMI_LOG_TYPE_THREAD_CREATE (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_START) +#define WMI_LOG_TYPE_THREAD_DELETE (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_END) +#define WMI_LOG_TYPE_THREAD_DC_START (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_DC_START) +#define WMI_LOG_TYPE_THREAD_DC_END (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_DC_END) + +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x20) +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x21) +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x22) +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x23) +#define PERFINFO_LOG_TYPE_CONTEXTSWAP (EVENT_TRACE_GROUP_THREAD | 0x24) +#define PERFINFO_LOG_TYPE_CONTEXTSWAP_BATCH (EVENT_TRACE_GROUP_THREAD | 0x25) +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x26) +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x27) +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x28) +#define PERFINFO_LOG_TYPE_SPINLOCK (EVENT_TRACE_GROUP_THREAD | 0x29) +#define PERFINFO_LOG_TYPE_QUEUE (EVENT_TRACE_GROUP_THREAD | 0x2A) +#define PERFINFO_LOG_TYPE_RESOURCE (EVENT_TRACE_GROUP_THREAD | 0x2B) +#define PERFINFO_LOG_TYPE_PUSHLOCK (EVENT_TRACE_GROUP_THREAD | 0x2C) +#define PERFINFO_LOG_TYPE_WAIT_SINGLE (EVENT_TRACE_GROUP_THREAD | 0x2D) +#define PERFINFO_LOG_TYPE_WAIT_MULTIPLE (EVENT_TRACE_GROUP_THREAD | 0x2E) +#define PERFINFO_LOG_TYPE_DELAY_EXECUTION (EVENT_TRACE_GROUP_THREAD | 0x2F) +#define PERFINFO_LOG_TYPE_THREAD_SET_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x30) +#define PERFINFO_LOT_TYPE_THREAD_SET_BASE_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x31) +#define PERFINFO_LOG_TYPE_THREAD_SET_BASE_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x31) +#define PERFINFO_LOG_TYPE_READY_THREAD (EVENT_TRACE_GROUP_THREAD | 0x32) +#define PERFINFO_LOG_TYPE_THREAD_SET_PAGE_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x33) +#define PERFINFO_LOG_TYPE_THREAD_SET_IO_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x34) +#define PERFINFO_LOG_TYPE_THREAD_SET_AFFINITY (EVENT_TRACE_GROUP_THREAD | 0x35) +#define PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM (EVENT_TRACE_GROUP_THREAD | 0x39) +#define PERFINFO_LOG_TYPE_DFSS_START_NEW_INTERVAL (EVENT_TRACE_GROUP_THREAD | 0x3A) +#define PERFINFO_LOG_TYPE_DFSS_PROCESS_IDLE_ONLY_QUEUE (EVENT_TRACE_GROUP_THREAD | 0x3B) +#define PERFINFO_LOG_TYPE_ANTI_STARVATION_BOOST (EVENT_TRACE_GROUP_THREAD | 0x3C) +#define PERFINFO_LOG_TYPE_THREAD_MIGRATION (EVENT_TRACE_GROUP_THREAD | 0x3D) +#define PERFINFO_LOG_TYPE_KQUEUE_ENQUEUE (EVENT_TRACE_GROUP_THREAD | 0x3E) +#define PERFINFO_LOG_TYPE_KQUEUE_DEQUEUE (EVENT_TRACE_GROUP_THREAD | 0x3F) +#define PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM_START (EVENT_TRACE_GROUP_THREAD | 0x40) +#define PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM_END (EVENT_TRACE_GROUP_THREAD | 0x41) +#define PERFINFO_LOG_TYPE_AUTO_BOOST_SET_FLOOR (EVENT_TRACE_GROUP_THREAD | 0x42) +#define PERFINFO_LOG_TYPE_AUTO_BOOST_CLEAR_FLOOR (EVENT_TRACE_GROUP_THREAD | 0x43) +#define PERFINFO_LOG_TYPE_AUTO_BOOST_NO_ENTRIES (EVENT_TRACE_GROUP_THREAD | 0x44) +#define PERFINFO_LOG_TYPE_THREAD_SUBPROCESSTAG_CHANGED (EVENT_TRACE_GROUP_THREAD | 0x45) + +// +// Event types for Network subsystem (TCPIP/UDPIP) +// + +#define WMI_LOG_TYPE_TCPIP_SEND (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_SEND) +#define WMI_LOG_TYPE_TCPIP_RECEIVE (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RECEIVE) +#define WMI_LOG_TYPE_TCPIP_CONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_CONNECT) +#define WMI_LOG_TYPE_TCPIP_DISCONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_DISCONNECT) +#define WMI_LOG_TYPE_TCPIP_RETRANSMIT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RETRANSMIT) +#define WMI_LOG_TYPE_TCPIP_ACCEPT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACCEPT) +#define WMI_LOG_TYPE_TCPIP_RECONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RECONNECT) +#define WMI_LOG_TYPE_TCPIP_FAIL (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_CONNFAIL) +#define WMI_LOG_TYPE_TCPIP_TCPCOPY (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_COPY_TCP) +#define WMI_LOG_TYPE_TCPIP_ARPCOPY (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_COPY_ARP) +#define WMI_LOG_TYPE_TCPIP_FULLACK (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACKFULL) +#define WMI_LOG_TYPE_TCPIP_PARTACK (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACKPART) +#define WMI_LOG_TYPE_TCPIP_DUPACK (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACKDUP) + +#define WMI_LOG_TYPE_UDP_SEND (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_SEND) +#define WMI_LOG_TYPE_UDP_RECEIVE (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_RECEIVE) +#define WMI_LOG_TYPE_UDP_FAIL (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_CONNFAIL) + +// +// Network events with IPV6 +// +#define WMI_LOG_TYPE_TCPIP_SEND_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1A) +#define WMI_LOG_TYPE_TCPIP_RECEIVE_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1B) +#define WMI_LOG_TYPE_TCPIP_CONNECT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1C) +#define WMI_LOG_TYPE_TCPIP_DISCONNECT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1D) +#define WMI_LOG_TYPE_TCPIP_RETRANSMIT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1E) +#define WMI_LOG_TYPE_TCPIP_ACCEPT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1F) +#define WMI_LOG_TYPE_TCPIP_RECONNECT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x20) +#define WMI_LOG_TYPE_TCPIP_FAIL_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x21) +#define WMI_LOG_TYPE_TCPIP_TCPCOPY_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x22) +#define WMI_LOG_TYPE_TCPIP_ARPCOPY_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x23) +#define WMI_LOG_TYPE_TCPIP_FULLACK_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x24) +#define WMI_LOG_TYPE_TCPIP_PARTACK_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x25) +#define WMI_LOG_TYPE_TCPIP_DUPACK_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x26) + +#define WMI_LOG_TYPE_UDP_SEND_IPV6 (EVENT_TRACE_GROUP_UDPIP | 0x1A) +#define WMI_LOG_TYPE_UDP_RECEIVE_IPV6 (EVENT_TRACE_GROUP_UDPIP | 0x1B) + +// +// Event types for IO subsystem +// + +#define WMI_LOG_TYPE_IO_READ (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_READ) +#define WMI_LOG_TYPE_IO_WRITE (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_WRITE) +#define WMI_LOG_TYPE_IO_READ_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_READ_INIT) +#define WMI_LOG_TYPE_IO_WRITE_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_WRITE_INIT) +#define WMI_LOG_TYPE_IO_FLUSH (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_FLUSH) +#define WMI_LOG_TYPE_IO_FLUSH_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_FLUSH_INIT) +#define WMI_LOG_TYPE_IO_REDIRECTED_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_REDIRECTED_INIT) + +#define PERFINFO_LOG_TYPE_DRIVER_INIT (EVENT_TRACE_GROUP_IO | 0x20) +#define PERFINFO_LOG_TYPE_DRIVER_INIT_COMPLETE (EVENT_TRACE_GROUP_IO | 0x21) +#define PERFINFO_LOG_TYPE_DRIVER_MAJORFUNCTION_CALL (EVENT_TRACE_GROUP_IO | 0x22) +#define PERFINFO_LOG_TYPE_DRIVER_MAJORFUNCTION_RETURN (EVENT_TRACE_GROUP_IO | 0x23) +#define PERFINFO_LOG_TYPE_DRIVER_COMPLETIONROUTINE_CALL (EVENT_TRACE_GROUP_IO | 0x24) +#define PERFINFO_LOG_TYPE_DRIVER_COMPLETIONROUTINE_RETURN (EVENT_TRACE_GROUP_IO | 0x25) +#define PERFINFO_LOG_TYPE_DRIVER_ADD_DEVICE_CALL (EVENT_TRACE_GROUP_IO | 0x26) +#define PERFINFO_LOG_TYPE_DRIVER_ADD_DEVICE_RETURN (EVENT_TRACE_GROUP_IO | 0x27) +#define PERFINFO_LOG_TYPE_DRIVER_STARTIO_CALL (EVENT_TRACE_GROUP_IO | 0x28) +#define PERFINFO_LOG_TYPE_DRIVER_STARTIO_RETURN (EVENT_TRACE_GROUP_IO | 0x29) +// Reserved (EVENT_TRACE_GROUP_IO | 0x2a) +// Reserved (EVENT_TRACE_GROUP_IO | 0x2b) +// Reserved (EVENT_TRACE_GROUP_IO | 0x2c) +// Reserved (EVENT_TRACE_GROUP_IO | 0x2d) +// Reserved (EVENT_TRACE_GROUP_IO | 0x2e) +// Reserved (EVENT_TRACE_GROUP_IO | 0x2f) +#define PERFINFO_LOG_TYPE_PREFETCH_ACTION (EVENT_TRACE_GROUP_IO | 0x30) +#define PERFINFO_LOG_TYPE_PREFETCH_REQUEST (EVENT_TRACE_GROUP_IO | 0x31) +#define PERFINFO_LOG_TYPE_PREFETCH_READLIST (EVENT_TRACE_GROUP_IO | 0x32) +#define PERFINFO_LOG_TYPE_PREFETCH_READ (EVENT_TRACE_GROUP_IO | 0x33) +#define PERFINFO_LOG_TYPE_DRIVER_COMPLETE_REQUEST (EVENT_TRACE_GROUP_IO | 0x34) +#define PERFINFO_LOG_TYPE_DRIVER_COMPLETE_REQUEST_RETURN (EVENT_TRACE_GROUP_IO | 0x35) +#define PERFINFO_LOG_TYPE_BOOT_PREFETCH_INFORMATION (EVENT_TRACE_GROUP_IO | 0x36) +#define PERFINFO_LOG_TYPE_OPTICAL_IO_READ (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_READ) +#define PERFINFO_LOG_TYPE_OPTICAL_IO_WRITE (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_WRITE) +#define PERFINFO_LOG_TYPE_OPTICAL_IO_FLUSH (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH) +#define PERFINFO_LOG_TYPE_OPTICAL_IO_READ_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_READ_INIT) +#define PERFINFO_LOG_TYPE_OPTICAL_IO_WRITE_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_WRITE_INIT) +#define PERFINFO_LOG_TYPE_OPTICAL_IO_FLUSH_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH_INIT) + +// +// Event types for Memory subsystem +// +#define WMI_LOG_TYPE_PAGE_FAULT_TRANSITION (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_TF) +#define WMI_LOG_TYPE_PAGE_FAULT_DEMAND_ZERO (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_DZF) +#define WMI_LOG_TYPE_PAGE_FAULT_COPY_ON_WRITE (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_COW) +#define WMI_LOG_TYPE_PAGE_FAULT_GUARD_PAGE (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_GPF) +#define WMI_LOG_TYPE_PAGE_FAULT_HARD_PAGE_FAULT (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_HPF) +#define WMI_LOG_TYPE_PAGE_FAULT_ACCESS_VIOLATION (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_AV) + +#define PERFINFO_LOG_TYPE_HARDFAULT (EVENT_TRACE_GROUP_MEMORY | 0x20) +#define PERFINFO_LOG_TYPE_REMOVEPAGEBYCOLOR (EVENT_TRACE_GROUP_MEMORY | 0x21) +#define PERFINFO_LOG_TYPE_REMOVEPAGEFROMLIST (EVENT_TRACE_GROUP_MEMORY | 0x22) +#define PERFINFO_LOG_TYPE_PAGEINMEMORY (EVENT_TRACE_GROUP_MEMORY | 0x23) +#define PERFINFO_LOG_TYPE_INSERTINFREELIST (EVENT_TRACE_GROUP_MEMORY | 0x24) +#define PERFINFO_LOG_TYPE_INSERTINMODIFIEDLIST (EVENT_TRACE_GROUP_MEMORY | 0x25) +#define PERFINFO_LOG_TYPE_INSERTINLIST (EVENT_TRACE_GROUP_MEMORY | 0x26) +#define PERFINFO_LOG_TYPE_INSERTATFRONT (EVENT_TRACE_GROUP_MEMORY | 0x28) +#define PERFINFO_LOG_TYPE_UNLINKFROMSTANDBY (EVENT_TRACE_GROUP_MEMORY | 0x29) +#define PERFINFO_LOG_TYPE_UNLINKFFREEORZERO (EVENT_TRACE_GROUP_MEMORY | 0x2a) +#define PERFINFO_LOG_TYPE_WORKINGSETMANAGER (EVENT_TRACE_GROUP_MEMORY | 0x2b) +#define PERFINFO_LOG_TYPE_TRIMPROCESS (EVENT_TRACE_GROUP_MEMORY | 0x2c) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x2d) +#define PERFINFO_LOG_TYPE_ZEROSHARECOUNT (EVENT_TRACE_GROUP_MEMORY | 0x2e) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x2f) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x30) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x31) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x32) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x33) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x34) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x35) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x36) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x37) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x38) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x39) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3a) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3b) +#define PERFINFO_LOG_TYPE_WSINFOPROCESS (EVENT_TRACE_GROUP_MEMORY | 0x3c) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3d) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3e) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3f) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x40) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x41) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x42) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x43) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x44) +#define PERFINFO_LOG_TYPE_FAULTADDR_WITH_IP (EVENT_TRACE_GROUP_MEMORY | 0x45) +#define PERFINFO_LOG_TYPE_TRIMSESSION (EVENT_TRACE_GROUP_MEMORY | 0x46) +#define PERFINFO_LOG_TYPE_MEMORYSNAPLITE (EVENT_TRACE_GROUP_MEMORY | 0x47) +#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x48) +#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_CREATE (EVENT_TRACE_GROUP_MEMORY | 0x49) +#define PERFINFO_LOG_TYPE_WSINFOSESSION (EVENT_TRACE_GROUP_MEMORY | 0x4a) +#define PERFINFO_LOG_TYPE_CREATE_SESSION (EVENT_TRACE_GROUP_MEMORY | 0x4b) +#define PERFINFO_LOG_TYPE_SESSION_RUNDOWN_DC_END (EVENT_TRACE_GROUP_MEMORY | 0x4c) +#define PERFINFO_LOG_TYPE_SESSION_RUNDOWN_DC_START (EVENT_TRACE_GROUP_MEMORY | 0x4d) +#define PERFINFO_LOG_TYPE_SESSION_DELETE (EVENT_TRACE_GROUP_MEMORY | 0x4e) +#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_DELETE (EVENT_TRACE_GROUP_MEMORY | 0x4f) + +#define PERFINFO_LOG_TYPE_VIRTUAL_ALLOC (EVENT_TRACE_GROUP_MEMORY | 0x62) +#define PERFINFO_LOG_TYPE_VIRTUAL_FREE (EVENT_TRACE_GROUP_MEMORY | 0x63) +#define PERFINFO_LOG_TYPE_HEAP_RANGE_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x64) +#define PERFINFO_LOG_TYPE_HEAP_RANGE_CREATE (EVENT_TRACE_GROUP_MEMORY | 0x65) +#define PERFINFO_LOG_TYPE_HEAP_RANGE_RESERVE (EVENT_TRACE_GROUP_MEMORY | 0x66) +#define PERFINFO_LOG_TYPE_HEAP_RANGE_RELEASE (EVENT_TRACE_GROUP_MEMORY | 0x67) +#define PERFINFO_LOG_TYPE_HEAP_RANGE_DESTROY (EVENT_TRACE_GROUP_MEMORY | 0x68) + +#define PERFINFO_LOG_TYPE_PAGEFILE_BACK (EVENT_TRACE_GROUP_MEMORY | 0x69) +#define PERFINFO_LOG_TYPE_MEMINFO (EVENT_TRACE_GROUP_MEMORY | 0x70) +#define PERFINFO_LOG_TYPE_CONTMEM_GENERATE (EVENT_TRACE_GROUP_MEMORY | 0x71) +#define PERFINFO_LOG_TYPE_FILE_STORE_FAULT (EVENT_TRACE_GROUP_MEMORY | 0x72) +#define PERFINFO_LOG_TYPE_INMEMORY_STORE_FAULT (EVENT_TRACE_GROUP_MEMORY | 0x73) +#define PERFINFO_LOG_TYPE_COMPRESSED_PAGE (EVENT_TRACE_GROUP_MEMORY | 0x74) +#define PERFINFO_LOG_TYPE_PAGEINMEMORY_ACTIVE (EVENT_TRACE_GROUP_MEMORY | 0x75) +#define PERFINFO_LOG_TYPE_PAGE_ACCESS (EVENT_TRACE_GROUP_MEMORY | 0x76) +#define PERFINFO_LOG_TYPE_PAGE_RELEASE (EVENT_TRACE_GROUP_MEMORY | 0x77) +#define PERFINFO_LOG_TYPE_PAGE_RANGE_ACCESS (EVENT_TRACE_GROUP_MEMORY | 0x78) +#define PERFINFO_LOG_TYPE_PAGE_RANGE_RELEASE (EVENT_TRACE_GROUP_MEMORY | 0x79) +#define PERFINFO_LOG_TYPE_PAGE_COMBINE (EVENT_TRACE_GROUP_MEMORY | 0x7a) +#define PERFINFO_LOG_TYPE_KERNEL_MEMUSAGE (EVENT_TRACE_GROUP_MEMORY | 0x7b) +#define PERFINFO_LOG_TYPE_MM_STATS (EVENT_TRACE_GROUP_MEMORY | 0x7c) +#define PERFINFO_LOG_TYPE_MEMINFOEX_WS (EVENT_TRACE_GROUP_MEMORY | 0x7d) +#define PERFINFO_LOG_TYPE_MEMINFOEX_SESSIONWS (EVENT_TRACE_GROUP_MEMORY | 0x7e) + +#define PERFINFO_LOG_TYPE_VIRTUAL_ROTATE (EVENT_TRACE_GROUP_MEMORY | 0x7f) +#define PERFINFO_LOG_TYPE_VIRTUAL_ALLOC_DC_START (EVENT_TRACE_GROUP_MEMORY | 0x80) +#define PERFINFO_LOG_TYPE_VIRTUAL_ALLOC_DC_END (EVENT_TRACE_GROUP_MEMORY | 0x81) + +#define PERFINFO_LOG_TYPE_PAGE_ACCESS_EX (EVENT_TRACE_GROUP_MEMORY | 0x82) +#define PERFINFO_LOG_TYPE_REMOVEFROMWS (EVENT_TRACE_GROUP_MEMORY | 0x83) +#define PERFINFO_LOG_TYPE_WSSHAREABLE_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x84) +#define PERFINFO_LOG_TYPE_INMEMORYACTIVE_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x85) + +#define PERFINFO_LOG_TYPE_MEM_RESET_INFO (EVENT_TRACE_GROUP_MEMORY | 0x86) +#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_OBJECT_CREATE (EVENT_TRACE_GROUP_MEMORY | 0x87) +#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_OBJECT_DELETE (EVENT_TRACE_GROUP_MEMORY | 0x88) + +// +// +// Event types for Registry subsystem +// +#define WMI_LOG_TYPE_REG_RUNDOWNBEGIN (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN) +#define WMI_LOG_TYPE_REG_RUNDOWNEND (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGKCBRUNDOWNEND) + +#define PERFINFO_LOG_TYPE_CMCELLREFERRED (EVENT_TRACE_GROUP_REGISTRY | 0x20) +#define PERFINFO_LOG_TYPE_REG_SET_VALUE (EVENT_TRACE_GROUP_REGISTRY | 0x21) +#define PERFINFO_LOG_TYPE_REG_COUNTERS (EVENT_TRACE_GROUP_REGISTRY | 0x22) +#define PERFINFO_LOG_TYPE_REG_CONFIG (EVENT_TRACE_GROUP_REGISTRY | 0x23) +#define PERFINFO_LOG_TYPE_REG_HIVE_INITIALIZE (EVENT_TRACE_GROUP_REGISTRY | 0x24) +#define PERFINFO_LOG_TYPE_REG_HIVE_DESTROY (EVENT_TRACE_GROUP_REGISTRY | 0x25) +#define PERFINFO_LOG_TYPE_REG_HIVE_LINK (EVENT_TRACE_GROUP_REGISTRY | 0x26) +#define PERFINFO_LOG_TYPE_REG_HIVE_RUNDOWN_DC_END (EVENT_TRACE_GROUP_REGISTRY | 0x27) +#define PERFINFO_LOG_TYPE_REG_HIVE_DIRTY (EVENT_TRACE_GROUP_REGISTRY | 0x28) +// Reserved +#define PERFINFO_LOG_TYPE_REG_NOTIF_REGISTER (EVENT_TRACE_GROUP_REGISTRY | 0x30) +#define PERFINFO_LOG_TYPE_REG_NOTIF_DELIVER (EVENT_TRACE_GROUP_REGISTRY | 0x31) + +// +// Event types for PERF tracing specific subsystem +// +#define PERFINFO_LOG_TYPE_RUNDOWN_CHECKPOINT (EVENT_TRACE_GROUP_PERFINFO | 0x20) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x21) +#define PERFINFO_LOG_TYPE_MARK (EVENT_TRACE_GROUP_PERFINFO | 0x22) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x23) +#define PERFINFO_LOG_TYPE_ASYNCMARK (EVENT_TRACE_GROUP_PERFINFO | 0x24) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x25) +#define PERFINFO_LOG_TYPE_IMAGENAME (EVENT_TRACE_GROUP_PERFINFO | 0x26) +#define PERFINFO_LOG_TYPE_DELAYS_CC_CAN_I_WRITE (EVENT_TRACE_GROUP_PERFINFO | 0x27) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x28) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x29) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2a) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2b) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2c) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2d) +#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE (EVENT_TRACE_GROUP_PERFINFO | 0x2e) +#define PERFINFO_LOG_TYPE_PMC_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x2f) +#define PERFINFO_LOG_TYPE_PMC_CONFIG (EVENT_TRACE_GROUP_PERFINFO | 0x30) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x31) +#define PERFINFO_LOG_TYPE_MSI_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x32) +#define PERFINFO_LOG_TYPE_SYSCALL_ENTER (EVENT_TRACE_GROUP_PERFINFO | 0x33) +#define PERFINFO_LOG_TYPE_SYSCALL_EXIT (EVENT_TRACE_GROUP_PERFINFO | 0x34) +#define PERFINFO_LOG_TYPE_BACKTRACE (EVENT_TRACE_GROUP_PERFINFO | 0x35) +#define PERFINFO_LOG_TYPE_BACKTRACE_USERSTACK (EVENT_TRACE_GROUP_PERFINFO | 0x36) +#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_CACHE (EVENT_TRACE_GROUP_PERFINFO | 0x37) +#define PERFINFO_LOG_TYPE_EXCEPTION_STACK (EVENT_TRACE_GROUP_PERFINFO | 0x38) +#define PERFINFO_LOG_TYPE_BRANCH_TRACE (EVENT_TRACE_GROUP_PERFINFO | 0x39) +#define PERFINFO_LOG_TYPE_DEBUGGER_ENABLED (EVENT_TRACE_GROUP_PERFINFO | 0x3a) +#define PERFINFO_LOG_TYPE_DEBUGGER_EXIT (EVENT_TRACE_GROUP_PERFINFO | 0x3b) +#define PERFINFO_LOG_TYPE_BRANCH_TRACE_DEBUG (EVENT_TRACE_GROUP_PERFINFO | 0x40) +#define PERFINFO_LOG_TYPE_BRANCH_ADDRESS_DEBUG (EVENT_TRACE_GROUP_PERFINFO | 0x41) +#define PERFINFO_LOG_TYPE_THREADED_DPC (EVENT_TRACE_GROUP_PERFINFO | 0x42) +#define PERFINFO_LOG_TYPE_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x43) +#define PERFINFO_LOG_TYPE_DPC (EVENT_TRACE_GROUP_PERFINFO | 0x44) +#define PERFINFO_LOG_TYPE_TIMERDPC (EVENT_TRACE_GROUP_PERFINFO | 0x45) +#define PERFINFO_LOG_TYPE_IOTIMER_EXPIRATION (EVENT_TRACE_GROUP_PERFINFO | 0x46) +#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_NMI (EVENT_TRACE_GROUP_PERFINFO | 0x47) +#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_SET_INTERVAL (EVENT_TRACE_GROUP_PERFINFO | 0x48) +#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_DC_START (EVENT_TRACE_GROUP_PERFINFO | 0x49) +#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_DC_END (EVENT_TRACE_GROUP_PERFINFO | 0x4a) +#define PERFINFO_LOG_TYPE_SPINLOCK_DC_START (EVENT_TRACE_GROUP_PERFINFO | 0x4b) +#define PERFINFO_LOG_TYPE_SPINLOCK_DC_END (EVENT_TRACE_GROUP_PERFINFO | 0x4c) +#define PERFINFO_LOG_TYPE_ERESOURCE_DC_START (EVENT_TRACE_GROUP_PERFINFO | 0x4d) +#define PERFINFO_LOG_TYPE_ERESOURCE_DC_END (EVENT_TRACE_GROUP_PERFINFO | 0x4e) +#define PERFINFO_LOG_TYPE_CLOCK_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x4f) +#define PERFINFO_LOG_TYPE_TIMER_EXPIRATION_START (EVENT_TRACE_GROUP_PERFINFO | 0x50) +#define PERFINFO_LOG_TYPE_TIMER_EXPIRATION (EVENT_TRACE_GROUP_PERFINFO | 0x51) +#define PERFINFO_LOG_TYPE_TIMER_SET_PERIODIC (EVENT_TRACE_GROUP_PERFINFO | 0x52) +#define PERFINFO_LOG_TYPE_TIMER_SET_ONE_SHOT (EVENT_TRACE_GROUP_PERFINFO | 0x53) +#define PERFINFO_LOG_TYPE_TIMER_SET_THREAD (EVENT_TRACE_GROUP_PERFINFO | 0x54) +#define PERFINFO_LOG_TYPE_TIMER_CANCEL (EVENT_TRACE_GROUP_PERFINFO | 0x55) +#define PERFINFO_LOG_TYPE_TIME_ADJUSTMENT (EVENT_TRACE_GROUP_PERFINFO | 0x56) +#define PERFINFO_LOG_TYPE_CLOCK_MODE_SWITCH (EVENT_TRACE_GROUP_PERFINFO | 0x57) +#define PERFINFO_LOG_TYPE_CLOCK_TIME_UPDATE (EVENT_TRACE_GROUP_PERFINFO | 0x58) +#define PERFINFO_LOG_TYPE_CLOCK_DYNAMIC_TICK_VETO (EVENT_TRACE_GROUP_PERFINFO | 0x59) +#define PERFINFO_LOG_TYPE_CLOCK_CONFIGURATION (EVENT_TRACE_GROUP_PERFINFO | 0x5a) +#define PERFINFO_LOG_TYPE_IPI (EVENT_TRACE_GROUP_PERFINFO | 0x5b) +#define PERFINFO_LOG_TYPE_UNEXPECTED_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x5c) +#define PERFINFO_LOG_TYPE_IOTIMER_START (EVENT_TRACE_GROUP_PERFINFO | 0x5d) +#define PERFINFO_LOG_TYPE_IOTIMER_STOP (EVENT_TRACE_GROUP_PERFINFO | 0x5e) +#define PERFINFO_LOG_TYPE_PASSIVE_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x5f) +#define PERFINFO_LOG_TYPE_WDF_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x60) +#define PERFINFO_LOG_TYPE_WDF_PASSIVE_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x61) +#define PERFINFO_LOG_TYPE_WDF_DPC (EVENT_TRACE_GROUP_PERFINFO | 0x62) +#define PERFINFO_LOG_TYPE_CPU_CACHE_FLUSH (EVENT_TRACE_GROUP_PERFINFO | 0x63) +#define PERFINFO_LOG_TYPE_DPC_ENQUEUE (EVENT_TRACE_GROUP_PERFINFO | 0x64) +#define PERFINFO_LOG_TYPE_DPC_EXECUTION (EVENT_TRACE_GROUP_PERFINFO | 0x65) +#define PERFINFO_LOG_TYPE_INTERRUPT_STEERING (EVENT_TRACE_GROUP_PERFINFO | 0x66) +#define PERFINFO_LOG_TYPE_WDF_WORK_ITEM (EVENT_TRACE_GROUP_PERFINFO | 0x67) +#define PERFINFO_LOG_TYPE_KTIMER2_SET (EVENT_TRACE_GROUP_PERFINFO | 0x68) +#define PERFINFO_LOG_TYPE_KTIMER2_EXPIRATION (EVENT_TRACE_GROUP_PERFINFO | 0x69) +#define PERFINFO_LOG_TYPE_KTIMER2_CANCEL (EVENT_TRACE_GROUP_PERFINFO | 0x6a) +#define PERFINFO_LOG_TYPE_KTIMER2_DISABLE (EVENT_TRACE_GROUP_PERFINFO | 0x6b) +#define PERFINFO_LOG_TYPE_KTIMER2_FINALIZATION (EVENT_TRACE_GROUP_PERFINFO | 0x6c) +#define PERFINFO_LOG_TYPE_SHOULD_YIELD_PROCESSOR (EVENT_TRACE_GROUP_PERFINFO | 0x6d) + +// +// Event types for ICE. +// + +#define PERFINFO_LOG_TYPE_FUNCTION_CALL (EVENT_TRACE_GROUP_PERFINFO | 0x80) +#define PERFINFO_LOG_TYPE_FUNCTION_RETURN (EVENT_TRACE_GROUP_PERFINFO | 0x81) +#define PERFINFO_LOG_TYPE_FUNCTION_ENTER (EVENT_TRACE_GROUP_PERFINFO | 0x82) +#define PERFINFO_LOG_TYPE_FUNCTION_EXIT (EVENT_TRACE_GROUP_PERFINFO | 0x83) +#define PERFINFO_LOG_TYPE_TAILCALL (EVENT_TRACE_GROUP_PERFINFO | 0x84) +#define PERFINFO_LOG_TYPE_TRAP (EVENT_TRACE_GROUP_PERFINFO | 0x85) +#define PERFINFO_LOG_TYPE_SPINLOCK_ACQUIRE (EVENT_TRACE_GROUP_PERFINFO | 0x86) +#define PERFINFO_LOG_TYPE_SPINLOCK_RELEASE (EVENT_TRACE_GROUP_PERFINFO | 0x87) +#define PERFINFO_LOG_TYPE_CAP_COMMENT (EVENT_TRACE_GROUP_PERFINFO | 0x88) +#define PERFINFO_LOG_TYPE_CAP_RUNDOWN (EVENT_TRACE_GROUP_PERFINFO | 0x89) + +// +// Event types for Debugger subsystem. +// + +#define PERFINFO_LOG_TYPE_DEBUG_PRINT (EVENT_TRACE_GROUP_DBGPRINT | 0x20) + +// +// Event types for WNF facility +// + +#define PERFINFO_LOG_TYPE_WNF_SUBSCRIBE (EVENT_TRACE_GROUP_WNF | 0x20) +#define PERFINFO_LOG_TYPE_WNF_UNSUBSCRIBE (EVENT_TRACE_GROUP_WNF | 0x21) +#define PERFINFO_LOG_TYPE_WNF_CALLBACK (EVENT_TRACE_GROUP_WNF | 0x22) +#define PERFINFO_LOG_TYPE_WNF_PUBLISH (EVENT_TRACE_GROUP_WNF | 0x23) +#define PERFINFO_LOG_TYPE_WNF_NAME_SUB_RUNDOWN (EVENT_TRACE_GROUP_WNF | 0x24) + +// +// Event types for Pool subsystem. +// + +#define PERFINFO_LOG_TYPE_ALLOCATEPOOL (EVENT_TRACE_GROUP_POOL | 0x20) +#define PERFINFO_LOG_TYPE_ALLOCATEPOOL_SESSION (EVENT_TRACE_GROUP_POOL | 0x21) +#define PERFINFO_LOG_TYPE_FREEPOOL (EVENT_TRACE_GROUP_POOL | 0x22) +#define PERFINFO_LOG_TYPE_FREEPOOL_SESSION (EVENT_TRACE_GROUP_POOL | 0x23) +#define PERFINFO_LOG_TYPE_ADDPOOLPAGE (EVENT_TRACE_GROUP_POOL | 0x24) +#define PERFINFO_LOG_TYPE_ADDPOOLPAGE_SESSION (EVENT_TRACE_GROUP_POOL | 0x25) +#define PERFINFO_LOG_TYPE_BIGPOOLPAGE (EVENT_TRACE_GROUP_POOL | 0x26) +#define PERFINFO_LOG_TYPE_BIGPOOLPAGE_SESSION (EVENT_TRACE_GROUP_POOL | 0x27) +#define PERFINFO_LOG_TYPE_POOLSNAP_DC_START (EVENT_TRACE_GROUP_POOL | 0x28) +#define PERFINFO_LOG_TYPE_POOLSNAP_DC_END (EVENT_TRACE_GROUP_POOL | 0x29) +#define PERFINFO_LOG_TYPE_BIGPOOLSNAP_DC_START (EVENT_TRACE_GROUP_POOL | 0x2a) +#define PERFINFO_LOG_TYPE_BIGPOOLSNAP_DC_END (EVENT_TRACE_GROUP_POOL | 0x2b) +#define PERFINFO_LOG_TYPE_POOLSNAP_SESSION_DC_START (EVENT_TRACE_GROUP_POOL | 0x2c) +#define PERFINFO_LOG_TYPE_POOLSNAP_SESSION_DC_END (EVENT_TRACE_GROUP_POOL | 0x2d) +#define PERFINFO_LOG_TYPE_SESSIONBIGPOOLSNAP_DC_START (EVENT_TRACE_GROUP_POOL | 0x2e) +#define PERFINFO_LOG_TYPE_SESSIONBIGPOOLSNAP_DC_END (EVENT_TRACE_GROUP_POOL | 0x2f) + +// +// Event types for Heap subsystem +// +#define PERFINFO_LOG_TYPE_HEAP_CREATE (EVENT_TRACE_GROUP_HEAP | 0x20) +#define PERFINFO_LOG_TYPE_HEAP_ALLOC (EVENT_TRACE_GROUP_HEAP | 0x21) +#define PERFINFO_LOG_TYPE_HEAP_REALLOC (EVENT_TRACE_GROUP_HEAP | 0x22) +#define PERFINFO_LOG_TYPE_HEAP_DESTROY (EVENT_TRACE_GROUP_HEAP | 0x23) +#define PERFINFO_LOG_TYPE_HEAP_FREE (EVENT_TRACE_GROUP_HEAP | 0x24) +#define PERFINFO_LOG_TYPE_HEAP_EXTEND (EVENT_TRACE_GROUP_HEAP | 0x25) +#define PERFINFO_LOG_TYPE_HEAP_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x26) +#define PERFINFO_LOG_TYPE_HEAP_CREATE_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x27) +#define PERFINFO_LOG_TYPE_HEAP_DESTROY_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x28) +#define PERFINFO_LOG_TYPE_HEAP_EXTEND_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x29) +#define PERFINFO_LOG_TYPE_HEAP_CONTRACT (EVENT_TRACE_GROUP_HEAP | 0x2a) +#define PERFINFO_LOG_TYPE_HEAP_LOCK (EVENT_TRACE_GROUP_HEAP | 0x2b) +#define PERFINFO_LOG_TYPE_HEAP_UNLOCK (EVENT_TRACE_GROUP_HEAP | 0x2c) +#define PERFINFO_LOG_TYPE_HEAP_VALIDATE (EVENT_TRACE_GROUP_HEAP | 0x2d) +#define PERFINFO_LOG_TYPE_HEAP_WALK (EVENT_TRACE_GROUP_HEAP | 0x2e) + +#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ALLOC (EVENT_TRACE_GROUP_HEAP | 0x2f) +#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_FREE (EVENT_TRACE_GROUP_HEAP | 0x30) +#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ALLOC_CACHE (EVENT_TRACE_GROUP_HEAP | 0x31) +#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_FREE_CACHE (EVENT_TRACE_GROUP_HEAP | 0x32) +#define PERFINFO_LOG_TYPE_HEAP_COMMIT (EVENT_TRACE_GROUP_HEAP | 0x33) +#define PERFINFO_LOG_TYPE_HEAP_DECOMMIT (EVENT_TRACE_GROUP_HEAP | 0x34) +#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_INIT (EVENT_TRACE_GROUP_HEAP | 0x35) +#define PERFINFO_LOG_TYPE_HEAP_AFFINITY_ENABLE (EVENT_TRACE_GROUP_HEAP | 0x36) +//Reserved (EVENT_TRACE_GROUP_HEAP | 0x37) +#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ACTIVATED (EVENT_TRACE_GROUP_HEAP | 0x38) +#define PERFINFO_LOG_TYPE_HEAP_AFFINITY_ASSIGN (EVENT_TRACE_GROUP_HEAP | 0x39) +#define PERFINFO_LOG_TYPE_HEAP_REUSE_THRESHOLD_ACTIVATED (EVENT_TRACE_GROUP_HEAP | 0x3a) + +// +// Event Types for Critical Section Subsystem +// + +#define PERFINFO_LOG_TYPE_CRITSEC_ENTER (EVENT_TRACE_GROUP_CRITSEC | 0x20) +#define PERFINFO_LOG_TYPE_CRITSEC_LEAVE (EVENT_TRACE_GROUP_CRITSEC | 0x21) +#define PERFINFO_LOG_TYPE_CRITSEC_COLLISION (EVENT_TRACE_GROUP_CRITSEC | 0x22) +#define PERFINFO_LOG_TYPE_CRITSEC_INITIALIZE (EVENT_TRACE_GROUP_CRITSEC | 0x23) + +// +// Event types for Stackwalk subsystem +// + +#define PERFINFO_LOG_TYPE_STACKWALK (EVENT_TRACE_GROUP_STACKWALK | 0x20) +//Reserved (EVENT_TRACE_GROUP_STACKWALK | 0x21) +#define PERFINFO_LOG_TYPE_STACKTRACE_CREATE (EVENT_TRACE_GROUP_STACKWALK | 0x22) +#define PERFINFO_LOG_TYPE_STACKTRACE_DELETE (EVENT_TRACE_GROUP_STACKWALK | 0x23) +#define PERFINFO_LOG_TYPE_STACKTRACE_RUNDOWN (EVENT_TRACE_GROUP_STACKWALK | 0x24) +#define PERFINFO_LOG_TYPE_STACKTRACE_KEY_KERNEL (EVENT_TRACE_GROUP_STACKWALK | 0x25) +#define PERFINFO_LOG_TYPE_STACKTRACE_KEY_USER (EVENT_TRACE_GROUP_STACKWALK | 0x26) + +// +// Event types for ALPC +// + +#define WMI_LOG_TYPE_ALPC_SEND_MESSAGE (EVENT_TRACE_GROUP_ALPC | 0x21) +#define WMI_LOG_TYPE_ALPC_RECEIVE_MESSAGE (EVENT_TRACE_GROUP_ALPC | 0x22) +#define WMI_LOG_TYPE_ALPC_WAIT_FOR_REPLY (EVENT_TRACE_GROUP_ALPC | 0x23) +#define WMI_LOG_TYPE_ALPC_WAIT_FOR_NEW_MESSAGE (EVENT_TRACE_GROUP_ALPC | 0x24) +#define WMI_LOG_TYPE_ALPC_UNWAIT (EVENT_TRACE_GROUP_ALPC | 0x25) +#define WMI_LOG_TYPE_ALPC_CONNECT_REQUEST (EVENT_TRACE_GROUP_ALPC | 0x26) +#define WMI_LOG_TYPE_ALPC_CONNECT_SUCCESS (EVENT_TRACE_GROUP_ALPC | 0x27) +#define WMI_LOG_TYPE_ALPC_CONNECT_FAIL (EVENT_TRACE_GROUP_ALPC | 0x28) +#define WMI_LOG_TYPE_ALPC_CLOSE_PORT (EVENT_TRACE_GROUP_ALPC | 0x29) + + +// +// Event types for Object Manager subsystem +// + +#define PERFINFO_LOG_TYPE_CREATE_HANDLE (EVENT_TRACE_GROUP_OBJECT | 0x20) +#define PERFINFO_LOG_TYPE_CLOSE_HANDLE (EVENT_TRACE_GROUP_OBJECT | 0x21) +#define PERFINFO_LOG_TYPE_DUPLICATE_HANDLE (EVENT_TRACE_GROUP_OBJECT | 0x22) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x23) +#define PERFINFO_LOG_TYPE_OBJECT_TYPE_DC_START (EVENT_TRACE_GROUP_OBJECT | 0x24) +#define PERFINFO_LOG_TYPE_OBJECT_TYPE_DC_END (EVENT_TRACE_GROUP_OBJECT | 0x25) +#define PERFINFO_LOG_TYPE_OBJECT_HANDLE_DC_START (EVENT_TRACE_GROUP_OBJECT | 0x26) +#define PERFINFO_LOG_TYPE_OBJECT_HANDLE_DC_END (EVENT_TRACE_GROUP_OBJECT | 0x27) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x28) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x29) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2a) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2b) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2c) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2d) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2e) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2f) +#define PERFINFO_LOG_TYPE_CREATE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x30) +#define PERFINFO_LOG_TYPE_DELETE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x31) +#define PERFINFO_LOG_TYPE_REFERENCE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x32) +#define PERFINFO_LOG_TYPE_DEREFERENCE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x33) + +// +// Event types for Power subsystem +// + +#define PERFINFO_LOG_TYPE_BATTERY_LIFE_INFO (EVENT_TRACE_GROUP_POWER | 0x20) +#define PERFINFO_LOG_TYPE_IDLE_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x21) +#define PERFINFO_LOG_TYPE_SET_POWER_ACTION (EVENT_TRACE_GROUP_POWER | 0x22) +#define PERFINFO_LOG_TYPE_SET_POWER_ACTION_RET (EVENT_TRACE_GROUP_POWER | 0x23) +#define PERFINFO_LOG_TYPE_SET_DEVICES_STATE (EVENT_TRACE_GROUP_POWER | 0x24) +#define PERFINFO_LOG_TYPE_SET_DEVICES_STATE_RET (EVENT_TRACE_GROUP_POWER | 0x25) +#define PERFINFO_LOG_TYPE_PO_NOTIFY_DEVICE (EVENT_TRACE_GROUP_POWER | 0x26) +#define PERFINFO_LOG_TYPE_PO_NOTIFY_DEVICE_COMPLETE (EVENT_TRACE_GROUP_POWER | 0x27) +#define PERFINFO_LOG_TYPE_PO_SESSION_CALLOUT (EVENT_TRACE_GROUP_POWER | 0x28) +#define PERFINFO_LOG_TYPE_PO_SESSION_CALLOUT_RET (EVENT_TRACE_GROUP_POWER | 0x29) +#define PERFINFO_LOG_TYPE_PO_PRESLEEP (EVENT_TRACE_GROUP_POWER | 0x30) +#define PERFINFO_LOG_TYPE_PO_POSTSLEEP (EVENT_TRACE_GROUP_POWER | 0x31) +#define PERFINFO_LOG_TYPE_PO_CALIBRATED_PERFCOUNTER (EVENT_TRACE_GROUP_POWER | 0x32) +#define PERFINFO_LOG_TYPE_PPM_PERF_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x33) +#define PERFINFO_LOG_TYPE_PPM_THROTTLE_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x34) +#define PERFINFO_LOG_TYPE_PPM_IDLE_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x35) +#define PERFINFO_LOG_TYPE_PPM_THERMAL_CONSTRAINT (EVENT_TRACE_GROUP_POWER | 0x36) +#define PERFINFO_LOG_TYPE_PO_SIGNAL_RESUME_UI (EVENT_TRACE_GROUP_POWER | 0x37) +#define PERFINFO_LOG_TYPE_PO_SIGNAL_VIDEO_ON (EVENT_TRACE_GROUP_POWER | 0x38) +#define PERFINFO_LOG_TYPE_PPM_IDLE_STATE_ENTER (EVENT_TRACE_GROUP_POWER | 0x39) +#define PERFINFO_LOG_TYPE_PPM_IDLE_STATE_EXIT (EVENT_TRACE_GROUP_POWER | 0x3a) +#define PERFINFO_LOG_TYPE_PPM_PLATFORM_IDLE_STATE_ENTER (EVENT_TRACE_GROUP_POWER | 0x3b) +#define PERFINFO_LOG_TYPE_PPM_IDLE_EXIT_LATENCY (EVENT_TRACE_GROUP_POWER | 0x3c) +#define PERFINFO_LOG_TYPE_PPM_IDLE_PROCESSOR_SELECTION (EVENT_TRACE_GROUP_POWER | 0x3d) +#define PERFINFO_LOG_TYPE_PPM_IDLE_PLATFORM_SELECTION (EVENT_TRACE_GROUP_POWER | 0x3e) +#define PERFINFO_LOG_TYPE_PPM_COORDINATED_IDLE_ENTER (EVENT_TRACE_GROUP_POWER | 0x3f) +#define PERFINFO_LOG_TYPE_PPM_COORDINATED_IDLE_EXIT (EVENT_TRACE_GROUP_POWER | 0x40) + +// +// Event types for MODBound subsystem +// +#define PERFINFO_LOG_TYPE_COWHEADER (EVENT_TRACE_GROUP_MODBOUND | 0x18) +#define PERFINFO_LOG_TYPE_COWBLOB (EVENT_TRACE_GROUP_MODBOUND | 0x19) +#define PERFINFO_LOG_TYPE_COWBLOB_CLOSED (EVENT_TRACE_GROUP_MODBOUND | 0x1a) +#define PERFINFO_LOG_TYPE_MODULEBOUND_ENT (EVENT_TRACE_GROUP_MODBOUND | 0x20) +#define PERFINFO_LOG_TYPE_MODULEBOUND_JUMP (EVENT_TRACE_GROUP_MODBOUND | 0x21) +#define PERFINFO_LOG_TYPE_MODULEBOUND_RET (EVENT_TRACE_GROUP_MODBOUND | 0x22) +#define PERFINFO_LOG_TYPE_MODULEBOUND_CALL (EVENT_TRACE_GROUP_MODBOUND | 0x23) +#define PERFINFO_LOG_TYPE_MODULEBOUND_CALLRET (EVENT_TRACE_GROUP_MODBOUND | 0x24) +#define PERFINFO_LOG_TYPE_MODULEBOUND_INT2E (EVENT_TRACE_GROUP_MODBOUND | 0x25) +#define PERFINFO_LOG_TYPE_MODULEBOUND_INT2B (EVENT_TRACE_GROUP_MODBOUND | 0x26) +#define PERFINFO_LOG_TYPE_MODULEBOUND_FULLTRACE (EVENT_TRACE_GROUP_MODBOUND | 0x27) + +// +// Event types for the thread class scheduler +// +// TODO: Because MMCSS is a DLL it doesn't need to use UMGL. +// +#define PERFINFO_LOG_TYPE_MMCSS_START (0x20) +#define PERFINFO_LOG_TYPE_MMCSS_STOP (0x21) +#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_EVENT (0x22) +#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_WAKEUP (0x23) +#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_SLEEP (0x24) +#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_SLEEP_RESP (0x25) + + +// +// Event types for SplitIo +// + +#define PERFINFO_LOG_TYPE_SPLITIO_VOLMGR (EVENT_TRACE_GROUP_SPLITIO | 0x20) + +// Event types for ThreadPool +#define PERFINFO_LOG_TYPE_TP_CALLBACK_ENQUEUE (EVENT_TRACE_GROUP_THREAD_POOL | 0x20) +#define PERFINFO_LOG_TYPE_TP_CALLBACK_DEQUEUE (EVENT_TRACE_GROUP_THREAD_POOL | 0x21) +#define PERFINFO_LOG_TYPE_TP_CALLBACK_START (EVENT_TRACE_GROUP_THREAD_POOL | 0x22) +#define PERFINFO_LOG_TYPE_TP_CALLBACK_STOP (EVENT_TRACE_GROUP_THREAD_POOL | 0x23) +#define PERFINFO_LOG_TYPE_TP_CALLBACK_CANCEL (EVENT_TRACE_GROUP_THREAD_POOL | 0x24) +#define PERFINFO_LOG_TYPE_TP_POOL_CREATE (EVENT_TRACE_GROUP_THREAD_POOL | 0x25) +#define PERFINFO_LOG_TYPE_TP_POOL_CLOSE (EVENT_TRACE_GROUP_THREAD_POOL | 0x26) +#define PERFINFO_LOG_TYPE_TP_POOL_TH_MIN_SET (EVENT_TRACE_GROUP_THREAD_POOL | 0x27) +#define PERFINFO_LOG_TYPE_TP_POOL_TH_MAX_SET (EVENT_TRACE_GROUP_THREAD_POOL | 0x28) +#define PERFINFO_LOG_TYPE_TP_WORKER_NUMANODE_SWITCH (EVENT_TRACE_GROUP_THREAD_POOL | 0x29) +#define PERFINFO_LOG_TYPE_TP_TIMER_SET (EVENT_TRACE_GROUP_THREAD_POOL | 0x2a) +#define PERFINFO_LOG_TYPE_TP_TIMER_CANCELLED (EVENT_TRACE_GROUP_THREAD_POOL | 0x2b) +#define PERFINFO_LOG_TYPE_TP_TIMER_SET_NTTIMER (EVENT_TRACE_GROUP_THREAD_POOL | 0x2c) +#define PERFINFO_LOG_TYPE_TP_TIMER_CANCEL_NTTIMER (EVENT_TRACE_GROUP_THREAD_POOL | 0x2d) +#define PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION_BEGIN (EVENT_TRACE_GROUP_THREAD_POOL | 0x2e) +#define PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION_END (EVENT_TRACE_GROUP_THREAD_POOL | 0x2f) +#define PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION (EVENT_TRACE_GROUP_THREAD_POOL | 0x30) + +// Event types for UMS +#define PERFINFO_LOG_TYPE_UMS_DIRECTED_SWITCH_START (EVENT_TRACE_GROUP_UMS | 0x20) +#define PERFINFO_LOG_TYPE_UMS_DIRECTED_SWITCH_END (EVENT_TRACE_GROUP_UMS | 0x21) +#define PERFINFO_LOG_TYPE_UMS_PARK (EVENT_TRACE_GROUP_UMS | 0x22) +#define PERFINFO_LOG_TYPE_UMS_DISASSOCIATE (EVENT_TRACE_GROUP_UMS | 0x23) +#define PERFINFO_LOG_TYPE_UMS_CONTEXT_SWITCH (EVENT_TRACE_GROUP_UMS | 0x24) + +// Event types for Cache manager +#define PERFINFO_LOG_TYPE_CC_WORKITEM_ENQUEUE (EVENT_TRACE_GROUP_CC | 0x00) +#define PERFINFO_LOG_TYPE_CC_WORKITEM_DEQUEUE (EVENT_TRACE_GROUP_CC | 0x01) +#define PERFINFO_LOG_TYPE_CC_WORKITEM_COMPLETE (EVENT_TRACE_GROUP_CC | 0x02) +#define PERFINFO_LOG_TYPE_CC_READ_AHEAD (EVENT_TRACE_GROUP_CC | 0x03) +#define PERFINFO_LOG_TYPE_CC_WRITE_BEHIND (EVENT_TRACE_GROUP_CC | 0x04) +#define PERFINFO_LOG_TYPE_CC_LAZY_WRITE_SCAN (EVENT_TRACE_GROUP_CC | 0x05) +#define PERFINFO_LOG_TYPE_CC_CAN_I_WRITE_FAIL (EVENT_TRACE_GROUP_CC | 0x06) +//#define PERFINFO_LOG_TYPE_CC_MAP_VIEW (EVENT_TRACE_GROUP_CC | 0x07) +//#define PERFINFO_LOG_TYPE_CC_UNMAP_VIEW (EVENT_TRACE_GROUP_CC | 0x08) +#define PERFINFO_LOG_TYPE_CC_FLUSH_CACHE (EVENT_TRACE_GROUP_CC | 0x09) +#define PERFINFO_LOG_TYPE_CC_FLUSH_SECTION (EVENT_TRACE_GROUP_CC | 0x0a) +#define PERFINFO_LOG_TYPE_CC_READ_AHEAD_PREFETCH (EVENT_TRACE_GROUP_CC | 0x0b) +#define PERFINFO_LOG_TYPE_CC_SCHEDULE_READ_AHEAD (EVENT_TRACE_GROUP_CC | 0x0c) +#define PERFINFO_LOG_TYPE_CC_LOGGED_STREAM_INFO (EVENT_TRACE_GROUP_CC | 0x0d) +#define PERFINFO_LOG_TYPE_CC_EXTRA_WRITEBEHIND_THREAD (EVENT_TRACE_GROUP_CC | 0x0e) + +typedef ULONG PERFINFO_MASK; + +typedef struct _PERFINFO_GROUPMASK +{ + ULONG Masks[PERF_NUM_MASKS]; +} PERFINFO_GROUPMASK, *PPERFINFO_GROUPMASK; + +typedef struct _EVENT_TRACE_VERSION_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + ULONG EventTraceKernelVersion; +} EVENT_TRACE_VERSION_INFORMATION, *PEVENT_TRACE_VERSION_INFORMATION; + +typedef struct _EVENT_TRACE_GROUPMASK_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + TRACEHANDLE TraceHandle; + PERFINFO_GROUPMASK EventTraceGroupMasks; +} EVENT_TRACE_GROUPMASK_INFORMATION, *PEVENT_TRACE_GROUPMASK_INFORMATION; + +typedef struct _EVENT_TRACE_PERFORMANCE_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + LARGE_INTEGER LogfileBytesWritten; +} EVENT_TRACE_PERFORMANCE_INFORMATION, *PEVENT_TRACE_PERFORMANCE_INFORMATION; + +typedef struct _EVENT_TRACE_TIME_PROFILE_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + ULONG ProfileInterval; +} EVENT_TRACE_TIME_PROFILE_INFORMATION, *PEVENT_TRACE_TIME_PROFILE_INFORMATION; + +typedef struct _EVENT_TRACE_SESSION_SECURITY_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + ULONG SecurityInformation; + TRACEHANDLE TraceHandle; + UCHAR SecurityDescriptor[1]; +} EVENT_TRACE_SESSION_SECURITY_INFORMATION, *PEVENT_TRACE_SESSION_SECURITY_INFORMATION; + +typedef struct _EVENT_TRACE_SPINLOCK_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + ULONG SpinLockSpinThreshold; + ULONG SpinLockAcquireSampleRate; + ULONG SpinLockContentionSampleRate; + ULONG SpinLockHoldThreshold; +} EVENT_TRACE_SPINLOCK_INFORMATION, *PEVENT_TRACE_SPINLOCK_INFORMATION; + +typedef struct _EVENT_TRACE_SYSTEM_EVENT_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + TRACEHANDLE TraceHandle; + ULONG HookId[1]; +} EVENT_TRACE_SYSTEM_EVENT_INFORMATION, *PEVENT_TRACE_SYSTEM_EVENT_INFORMATION; + +typedef EVENT_TRACE_SYSTEM_EVENT_INFORMATION EVENT_TRACE_STACK_TRACING_INFORMATION, *PEVENT_TRACE_STACK_TRACING_INFORMATION; +typedef EVENT_TRACE_SYSTEM_EVENT_INFORMATION EVENT_TRACE_PEBS_TRACING_INFORMATION, *PEVENT_TRACE_PEBS_TRACING_INFORMATION; +typedef EVENT_TRACE_SYSTEM_EVENT_INFORMATION EVENT_TRACE_PROFILE_EVENT_INFORMATION, *PEVENT_TRACE_PROFILE_EVENT_INFORMATION; + +typedef struct _EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + ULONG ReleaseSamplingRate; + ULONG ContentionSamplingRate; + ULONG NumberOfExcessiveTimeouts; +} EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION, *PEVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION; + +typedef struct _EVENT_TRACE_HEAP_TRACING_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + ULONG ProcessId[1]; +} EVENT_TRACE_HEAP_TRACING_INFORMATION, *PEVENT_TRACE_HEAP_TRACING_INFORMATION; + +typedef struct _EVENT_TRACE_TAG_FILTER_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + TRACEHANDLE TraceHandle; + ULONG Filter[1]; +} EVENT_TRACE_TAG_FILTER_INFORMATION, *PEVENT_TRACE_TAG_FILTER_INFORMATION; + +typedef EVENT_TRACE_TAG_FILTER_INFORMATION EVENT_TRACE_POOLTAG_FILTER_INFORMATION, *PEVENT_TRACE_POOLTAG_FILTER_INFORMATION; +typedef EVENT_TRACE_TAG_FILTER_INFORMATION EVENT_TRACE_OBJECT_TYPE_FILTER_INFORMATION, *PEVENT_TRACE_OBJECT_TYPE_FILTER_INFORMATION; + +// ProfileSource +#define ETW_MAX_PROFILING_SOURCES 4 +#define ETW_MAX_PMC_EVENTS 4 +#define ETW_MAX_PMC_COUNTERS 4 + +typedef struct _EVENT_TRACE_PROFILE_COUNTER_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + TRACEHANDLE TraceHandle; + ULONG ProfileSource[1]; +} EVENT_TRACE_PROFILE_COUNTER_INFORMATION, *PEVENT_TRACE_PROFILE_COUNTER_INFORMATION; + +typedef EVENT_TRACE_PROFILE_COUNTER_INFORMATION EVENT_TRACE_PROFILE_CONFIG_INFORMATION, *PEVENT_TRACE_PROFILE_CONFIG_INFORMATION; + +//typedef struct _PROFILE_SOURCE_INFO +//{ +// ULONG NextEntryOffset; +// ULONG Source; +// ULONG MinInterval; +// ULONG MaxInterval; +// PVOID Reserved; +// WCHAR Description[1]; +//} PROFILE_SOURCE_INFO, *PPROFILE_SOURCE_INFO; + +typedef struct _PROFILE_SOURCE_INFO *PPROFILE_SOURCE_INFO; + +typedef struct _EVENT_TRACE_PROFILE_LIST_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + ULONG Spare; + PPROFILE_SOURCE_INFO Profile[1]; +} EVENT_TRACE_PROFILE_LIST_INFORMATION, *PEVENT_TRACE_PROFILE_LIST_INFORMATION; + +typedef struct _EVENT_TRACE_STACK_CACHING_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + TRACEHANDLE TraceHandle; + BOOLEAN Enabled; + UCHAR Reserved[3]; + ULONG CacheSize; + ULONG BucketCount; +} EVENT_TRACE_STACK_CACHING_INFORMATION, *PEVENT_TRACE_STACK_CACHING_INFORMATION; + +typedef struct _EVENT_TRACE_SOFT_RESTART_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + TRACEHANDLE TraceHandle; + BOOLEAN PersistTraceBuffers; + WCHAR FileName[1]; +} EVENT_TRACE_SOFT_RESTART_INFORMATION, *PEVENT_TRACE_SOFT_RESTART_INFORMATION; + +typedef struct _EVENT_TRACE_PROFILE_ADD_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + BOOLEAN PerfEvtEventSelect; + BOOLEAN PerfEvtUnitSelect; + ULONG PerfEvtType; + ULONG CpuInfoHierarchy[0x3]; + ULONG InitialInterval; + BOOLEAN AllowsHalt; + BOOLEAN Persist; + WCHAR ProfileSourceDescription[0x1]; +} EVENT_TRACE_PROFILE_ADD_INFORMATION, *PEVENT_TRACE_PROFILE_ADD_INFORMATION; + +typedef struct _EVENT_TRACE_PROFILE_REMOVE_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + KPROFILE_SOURCE ProfileSource; + ULONG CpuInfoHierarchy[0x3]; +} EVENT_TRACE_PROFILE_REMOVE_INFORMATION, *PEVENT_TRACE_PROFILE_REMOVE_INFORMATION; + +typedef struct _EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION +{ + EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass; + UCHAR CoverageSamplerInformationClass; + UCHAR MajorVersion; + UCHAR MinorVersion; + UCHAR Reserved; + HANDLE SamplerHandle; +} EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION, *PEVENT_TRACE_COVERAGE_SAMPLER_INFORMATION; + +typedef struct _SYSTEM_EXCEPTION_INFORMATION +{ + ULONG AlignmentFixupCount; + ULONG ExceptionDispatchCount; + ULONG FloatingEmulationCount; + ULONG ByteWordEmulationCount; +} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION; + +typedef enum _SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS +{ + SystemCrashDumpDisable, + SystemCrashDumpReconfigure, + SystemCrashDumpInitializationComplete +} SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS, *PSYSTEM_CRASH_DUMP_CONFIGURATION_CLASS; + +typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION +{ + SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS CrashDumpConfigurationClass; +} SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION; + +typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION +{ + BOOLEAN KernelDebuggerEnabled; + BOOLEAN KernelDebuggerNotPresent; +} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION; + +typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION +{ + ULONG ContextSwitches; + ULONG FindAny; + ULONG FindLast; + ULONG FindIdeal; + ULONG IdleAny; + ULONG IdleCurrent; + ULONG IdleLast; + ULONG IdleIdeal; + ULONG PreemptAny; + ULONG PreemptCurrent; + ULONG PreemptLast; + ULONG SwitchToIdle; +} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION; + +typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION +{ + ULONG RegistryQuotaAllowed; + ULONG RegistryQuotaUsed; + SIZE_T PagedPoolSize; +} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION; + +typedef struct _SYSTEM_PROCESSOR_IDLE_INFORMATION +{ + ULONGLONG IdleTime; + ULONGLONG C1Time; + ULONGLONG C2Time; + ULONGLONG C3Time; + ULONG C1Transitions; + ULONG C2Transitions; + ULONG C3Transitions; + ULONG Padding; +} SYSTEM_PROCESSOR_IDLE_INFORMATION, *PSYSTEM_PROCESSOR_IDLE_INFORMATION; + +typedef struct _SYSTEM_LEGACY_DRIVER_INFORMATION +{ + ULONG VetoType; + UNICODE_STRING VetoList; +} SYSTEM_LEGACY_DRIVER_INFORMATION, *PSYSTEM_LEGACY_DRIVER_INFORMATION; + +typedef struct _SYSTEM_LOOKASIDE_INFORMATION +{ + USHORT CurrentDepth; + USHORT MaximumDepth; + ULONG TotalAllocates; + ULONG AllocateMisses; + ULONG TotalFrees; + ULONG FreeMisses; + ULONG Type; + ULONG Tag; + ULONG Size; +} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION; + +// private +typedef struct _SYSTEM_RANGE_START_INFORMATION +{ + ULONG_PTR SystemRangeStart; +} SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION; + +typedef struct _SYSTEM_VERIFIER_INFORMATION_LEGACY // pre-19H1 +{ + ULONG NextEntryOffset; + ULONG Level; + UNICODE_STRING DriverName; + + ULONG RaiseIrqls; + ULONG AcquireSpinLocks; + ULONG SynchronizeExecutions; + ULONG AllocationsAttempted; + + ULONG AllocationsSucceeded; + ULONG AllocationsSucceededSpecialPool; + ULONG AllocationsWithNoTag; + ULONG TrimRequests; + + ULONG Trims; + ULONG AllocationsFailed; + ULONG AllocationsFailedDeliberately; + ULONG Loads; + + ULONG Unloads; + ULONG UnTrackedPool; + ULONG CurrentPagedPoolAllocations; + ULONG CurrentNonPagedPoolAllocations; + + ULONG PeakPagedPoolAllocations; + ULONG PeakNonPagedPoolAllocations; + + SIZE_T PagedPoolUsageInBytes; + SIZE_T NonPagedPoolUsageInBytes; + SIZE_T PeakPagedPoolUsageInBytes; + SIZE_T PeakNonPagedPoolUsageInBytes; +} SYSTEM_VERIFIER_INFORMATION_LEGACY, *PSYSTEM_VERIFIER_INFORMATION_LEGACY; + +typedef struct _SYSTEM_VERIFIER_INFORMATION +{ + ULONG NextEntryOffset; + ULONG Level; + ULONG RuleClasses[2]; + ULONG TriageContext; + ULONG AreAllDriversBeingVerified; + + UNICODE_STRING DriverName; + + ULONG RaiseIrqls; + ULONG AcquireSpinLocks; + ULONG SynchronizeExecutions; + ULONG AllocationsAttempted; + + ULONG AllocationsSucceeded; + ULONG AllocationsSucceededSpecialPool; + ULONG AllocationsWithNoTag; + ULONG TrimRequests; + + ULONG Trims; + ULONG AllocationsFailed; + ULONG AllocationsFailedDeliberately; + ULONG Loads; + + ULONG Unloads; + ULONG UnTrackedPool; + ULONG CurrentPagedPoolAllocations; + ULONG CurrentNonPagedPoolAllocations; + + ULONG PeakPagedPoolAllocations; + ULONG PeakNonPagedPoolAllocations; + + SIZE_T PagedPoolUsageInBytes; + SIZE_T NonPagedPoolUsageInBytes; + SIZE_T PeakPagedPoolUsageInBytes; + SIZE_T PeakNonPagedPoolUsageInBytes; +} SYSTEM_VERIFIER_INFORMATION, *PSYSTEM_VERIFIER_INFORMATION; + +// private +typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION +{ + ULONG SessionId; + ULONG SizeOfBuf; + PVOID Buffer; +} SYSTEM_SESSION_PROCESS_INFORMATION, *PSYSTEM_SESSION_PROCESS_INFORMATION; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +typedef struct _IMAGE_EXPORT_DIRECTORY *PIMAGE_EXPORT_DIRECTORY; // from ntrtl.h + +// private +typedef struct _SYSTEM_GDI_DRIVER_INFORMATION +{ + UNICODE_STRING DriverName; + PVOID ImageAddress; + PVOID SectionPointer; + PVOID EntryPoint; + PIMAGE_EXPORT_DIRECTORY ExportSectionPointer; + ULONG ImageLength; +} SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION; +#endif + +// geoffchappell +#ifdef _WIN64 +#define MAXIMUM_NODE_COUNT 0x40 +#else +#define MAXIMUM_NODE_COUNT 0x10 +#endif + +// private +typedef struct _SYSTEM_NUMA_INFORMATION +{ + ULONG HighestNodeNumber; + ULONG Reserved; + union + { + GROUP_AFFINITY ActiveProcessorsGroupAffinity[MAXIMUM_NODE_COUNT]; + ULONGLONG AvailableMemory[MAXIMUM_NODE_COUNT]; + ULONGLONG Pad[MAXIMUM_NODE_COUNT * 2]; + }; +} SYSTEM_NUMA_INFORMATION, *PSYSTEM_NUMA_INFORMATION; + +typedef struct _SYSTEM_PROCESSOR_POWER_INFORMATION +{ + UCHAR CurrentFrequency; + UCHAR ThermalLimitFrequency; + UCHAR ConstantThrottleFrequency; + UCHAR DegradedThrottleFrequency; + UCHAR LastBusyFrequency; + UCHAR LastC3Frequency; + UCHAR LastAdjustedBusyFrequency; + UCHAR ProcessorMinThrottle; + UCHAR ProcessorMaxThrottle; + ULONG NumberOfFrequencies; + ULONG PromotionCount; + ULONG DemotionCount; + ULONG ErrorCount; + ULONG RetryCount; + ULONGLONG CurrentFrequencyTime; + ULONGLONG CurrentProcessorTime; + ULONGLONG CurrentProcessorIdleTime; + ULONGLONG LastProcessorTime; + ULONGLONG LastProcessorIdleTime; + ULONGLONG Energy; +} SYSTEM_PROCESSOR_POWER_INFORMATION, *PSYSTEM_PROCESSOR_POWER_INFORMATION; + +typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX +{ + PVOID Object; + ULONG_PTR UniqueProcessId; + ULONG_PTR HandleValue; + ULONG GrantedAccess; + USHORT CreatorBackTraceIndex; + USHORT ObjectTypeIndex; + ULONG HandleAttributes; + ULONG Reserved; +} SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; + +typedef struct _SYSTEM_HANDLE_INFORMATION_EX +{ + ULONG_PTR NumberOfHandles; + ULONG_PTR Reserved; + _Field_size_(NumberOfHandles) SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handles[1]; +} SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX; + +typedef struct _SYSTEM_BIGPOOL_ENTRY +{ + union + { + PVOID VirtualAddress; + ULONG_PTR NonPaged : 1; + }; + SIZE_T SizeInBytes; + union + { + UCHAR Tag[4]; + ULONG TagUlong; + }; +} SYSTEM_BIGPOOL_ENTRY, *PSYSTEM_BIGPOOL_ENTRY; + +typedef struct _SYSTEM_BIGPOOL_INFORMATION +{ + ULONG Count; + _Field_size_(Count) SYSTEM_BIGPOOL_ENTRY AllocatedInfo[1]; +} SYSTEM_BIGPOOL_INFORMATION, *PSYSTEM_BIGPOOL_INFORMATION; + +typedef struct _SYSTEM_POOL_ENTRY +{ + BOOLEAN Allocated; + BOOLEAN Spare0; + USHORT AllocatorBackTraceIndex; + ULONG Size; + union + { + UCHAR Tag[4]; + ULONG TagUlong; + PVOID ProcessChargedQuota; + }; +} SYSTEM_POOL_ENTRY, *PSYSTEM_POOL_ENTRY; + +typedef struct _SYSTEM_POOL_INFORMATION +{ + SIZE_T TotalSize; + PVOID FirstEntry; + USHORT EntryOverhead; + BOOLEAN PoolTagPresent; + BOOLEAN Spare0; + ULONG NumberOfEntries; + _Field_size_(NumberOfEntries) SYSTEM_POOL_ENTRY Entries[1]; +} SYSTEM_POOL_INFORMATION, *PSYSTEM_POOL_INFORMATION; + +typedef struct _SYSTEM_SESSION_POOLTAG_INFORMATION +{ + SIZE_T NextEntryOffset; + ULONG SessionId; + ULONG Count; + _Field_size_(Count) SYSTEM_POOLTAG TagInfo[1]; +} SYSTEM_SESSION_POOLTAG_INFORMATION, *PSYSTEM_SESSION_POOLTAG_INFORMATION; + +typedef struct _SYSTEM_SESSION_MAPPED_VIEW_INFORMATION +{ + SIZE_T NextEntryOffset; + ULONG SessionId; + ULONG ViewFailures; + SIZE_T NumberOfBytesAvailable; + SIZE_T NumberOfBytesAvailableContiguous; +} SYSTEM_SESSION_MAPPED_VIEW_INFORMATION, *PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION; + +typedef enum _WATCHDOG_HANDLER_ACTION +{ + WdActionSetTimeoutValue, + WdActionQueryTimeoutValue, + WdActionResetTimer, + WdActionStopTimer, + WdActionStartTimer, + WdActionSetTriggerAction, + WdActionQueryTriggerAction, + WdActionQueryState +} WATCHDOG_HANDLER_ACTION; + +typedef NTSTATUS (NTAPI *PSYSTEM_WATCHDOG_HANDLER)(_In_ WATCHDOG_HANDLER_ACTION Action, _In_ PVOID Context, _Inout_ PULONG DataValue, _In_ BOOLEAN NoLocks); + +// private +typedef struct _SYSTEM_WATCHDOG_HANDLER_INFORMATION +{ + PSYSTEM_WATCHDOG_HANDLER WdHandler; + PVOID Context; +} SYSTEM_WATCHDOG_HANDLER_INFORMATION, *PSYSTEM_WATCHDOG_HANDLER_INFORMATION; + +typedef enum _WATCHDOG_INFORMATION_CLASS +{ + WdInfoTimeoutValue = 0, + WdInfoResetTimer = 1, + WdInfoStopTimer = 2, + WdInfoStartTimer = 3, + WdInfoTriggerAction = 4, + WdInfoState = 5, + WdInfoTriggerReset = 6, + WdInfoNop = 7, + WdInfoGeneratedLastReset = 8, + WdInfoInvalid = 9, +} WATCHDOG_INFORMATION_CLASS; + +// private +typedef struct _SYSTEM_WATCHDOG_TIMER_INFORMATION +{ + WATCHDOG_INFORMATION_CLASS WdInfoClass; + ULONG DataValue; +} SYSTEM_WATCHDOG_TIMER_INFORMATION, *PSYSTEM_WATCHDOG_TIMER_INFORMATION; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +// private +typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION +{ + SystemFirmwareTableEnumerate, + SystemFirmwareTableGet, + SystemFirmwareTableMax +} SYSTEM_FIRMWARE_TABLE_ACTION; + +// private +typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION +{ + ULONG ProviderSignature; // (same as the GetSystemFirmwareTable function) + SYSTEM_FIRMWARE_TABLE_ACTION Action; + ULONG TableID; + ULONG TableBufferLength; + _Field_size_bytes_(TableBufferLength) UCHAR TableBuffer[1]; +} SYSTEM_FIRMWARE_TABLE_INFORMATION, *PSYSTEM_FIRMWARE_TABLE_INFORMATION; +#endif + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +// private +typedef NTSTATUS (__cdecl* PFNFTH)( + _Inout_ PSYSTEM_FIRMWARE_TABLE_INFORMATION SystemFirmwareTableInfo + ); + +// private +typedef struct _SYSTEM_FIRMWARE_TABLE_HANDLER +{ + ULONG ProviderSignature; + BOOLEAN Register; + PFNFTH FirmwareTableHandler; + PVOID DriverObject; +} SYSTEM_FIRMWARE_TABLE_HANDLER, *PSYSTEM_FIRMWARE_TABLE_HANDLER; +#endif + +// private +typedef struct _SYSTEM_MEMORY_LIST_INFORMATION +{ + ULONG_PTR ZeroPageCount; + ULONG_PTR FreePageCount; + ULONG_PTR ModifiedPageCount; + ULONG_PTR ModifiedNoWritePageCount; + ULONG_PTR BadPageCount; + ULONG_PTR PageCountByPriority[8]; + ULONG_PTR RepurposedPagesByPriority[8]; + ULONG_PTR ModifiedPageCountPageFile; +} SYSTEM_MEMORY_LIST_INFORMATION, *PSYSTEM_MEMORY_LIST_INFORMATION; + +// private +typedef enum _SYSTEM_MEMORY_LIST_COMMAND +{ + MemoryCaptureAccessedBits, + MemoryCaptureAndResetAccessedBits, + MemoryEmptyWorkingSets, + MemoryFlushModifiedList, + MemoryPurgeStandbyList, + MemoryPurgeLowPriorityStandbyList, + MemoryCommandMax +} SYSTEM_MEMORY_LIST_COMMAND; + +// private +typedef struct _SYSTEM_THREAD_CID_PRIORITY_INFORMATION +{ + CLIENT_ID ClientId; + KPRIORITY Priority; +} SYSTEM_THREAD_CID_PRIORITY_INFORMATION, *PSYSTEM_THREAD_CID_PRIORITY_INFORMATION; + +// private +typedef struct _SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION +{ + ULONGLONG CycleTime; +} SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION, *PSYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION; + +// private +typedef struct _SYSTEM_VERIFIER_ISSUE +{ + ULONGLONG IssueType; + PVOID Address; + ULONGLONG Parameters[2]; +} SYSTEM_VERIFIER_ISSUE, *PSYSTEM_VERIFIER_ISSUE; + +// private +typedef struct _SYSTEM_VERIFIER_CANCELLATION_INFORMATION +{ + ULONG CancelProbability; + ULONG CancelThreshold; + ULONG CompletionThreshold; + ULONG CancellationVerifierDisabled; + ULONG AvailableIssues; + SYSTEM_VERIFIER_ISSUE Issues[128]; +} SYSTEM_VERIFIER_CANCELLATION_INFORMATION, *PSYSTEM_VERIFIER_CANCELLATION_INFORMATION; + +// private +typedef struct _SYSTEM_REF_TRACE_INFORMATION +{ + BOOLEAN TraceEnable; + BOOLEAN TracePermanent; + UNICODE_STRING TraceProcessName; + UNICODE_STRING TracePoolTags; +} SYSTEM_REF_TRACE_INFORMATION, *PSYSTEM_REF_TRACE_INFORMATION; + +// private +typedef struct _SYSTEM_SPECIAL_POOL_INFORMATION +{ + ULONG PoolTag; + ULONG Flags; +} SYSTEM_SPECIAL_POOL_INFORMATION, *PSYSTEM_SPECIAL_POOL_INFORMATION; + +// private +typedef struct _SYSTEM_PROCESS_ID_INFORMATION +{ + HANDLE ProcessId; + UNICODE_STRING ImageName; +} SYSTEM_PROCESS_ID_INFORMATION, *PSYSTEM_PROCESS_ID_INFORMATION; + +// private +typedef struct _SYSTEM_HYPERVISOR_QUERY_INFORMATION +{ + BOOLEAN HypervisorConnected; + BOOLEAN HypervisorDebuggingEnabled; + BOOLEAN HypervisorPresent; + BOOLEAN Spare0[5]; + ULONGLONG EnabledEnlightenments; +} SYSTEM_HYPERVISOR_QUERY_INFORMATION, *PSYSTEM_HYPERVISOR_QUERY_INFORMATION; + +// private +typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION +{ + GUID BootIdentifier; + FIRMWARE_TYPE FirmwareType; + union + { + ULONGLONG BootFlags; + struct + { + ULONGLONG DbgMenuOsSelection : 1; // REDSTONE4 + ULONGLONG DbgHiberBoot : 1; + ULONGLONG DbgSoftBoot : 1; + ULONGLONG DbgMeasuredLaunch : 1; + ULONGLONG DbgMeasuredLaunchCapable : 1; // 19H1 + ULONGLONG DbgSystemHiveReplace : 1; + ULONGLONG DbgMeasuredLaunchSmmProtections : 1; + ULONGLONG DbgMeasuredLaunchSmmLevel : 7; // 20H1 + }; + }; +} SYSTEM_BOOT_ENVIRONMENT_INFORMATION, *PSYSTEM_BOOT_ENVIRONMENT_INFORMATION; + +// private +typedef struct _SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION +{ + ULONG FlagsToEnable; + ULONG FlagsToDisable; +} SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION, *PSYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION; + +// private +typedef enum _COVERAGE_REQUEST_CODES +{ + CoverageAllModules = 0, + CoverageSearchByHash = 1, + CoverageSearchByName = 2 +} COVERAGE_REQUEST_CODES; + +// private +typedef struct _COVERAGE_MODULE_REQUEST +{ + COVERAGE_REQUEST_CODES RequestType; + union + { + UCHAR MD5Hash[16]; + UNICODE_STRING ModuleName; + } SearchInfo; +} COVERAGE_MODULE_REQUEST, *PCOVERAGE_MODULE_REQUEST; + +// private +typedef struct _COVERAGE_MODULE_INFO +{ + ULONG ModuleInfoSize; + ULONG IsBinaryLoaded; + UNICODE_STRING ModulePathName; + ULONG CoverageSectionSize; + UCHAR CoverageSection[1]; +} COVERAGE_MODULE_INFO, *PCOVERAGE_MODULE_INFO; + +// private +typedef struct _COVERAGE_MODULES +{ + ULONG ListAndReset; + ULONG NumberOfModules; + COVERAGE_MODULE_REQUEST ModuleRequestInfo; + COVERAGE_MODULE_INFO Modules[1]; +} COVERAGE_MODULES, *PCOVERAGE_MODULES; + +// private +typedef struct _SYSTEM_PREFETCH_PATCH_INFORMATION +{ + ULONG PrefetchPatchCount; +} SYSTEM_PREFETCH_PATCH_INFORMATION, *PSYSTEM_PREFETCH_PATCH_INFORMATION; + +// private +typedef struct _SYSTEM_VERIFIER_FAULTS_INFORMATION +{ + ULONG Probability; + ULONG MaxProbability; + UNICODE_STRING PoolTags; + UNICODE_STRING Applications; +} SYSTEM_VERIFIER_FAULTS_INFORMATION, *PSYSTEM_VERIFIER_FAULTS_INFORMATION; + +// private +typedef struct _SYSTEM_VERIFIER_INFORMATION_EX +{ + ULONG VerifyMode; + ULONG OptionChanges; + UNICODE_STRING PreviousBucketName; + ULONG IrpCancelTimeoutMsec; + ULONG VerifierExtensionEnabled; +#ifdef _WIN64 + ULONG Reserved[1]; +#else + ULONG Reserved[3]; +#endif +} SYSTEM_VERIFIER_INFORMATION_EX, *PSYSTEM_VERIFIER_INFORMATION_EX; + +// private +typedef struct _SYSTEM_SYSTEM_PARTITION_INFORMATION +{ + UNICODE_STRING SystemPartition; +} SYSTEM_SYSTEM_PARTITION_INFORMATION, *PSYSTEM_SYSTEM_PARTITION_INFORMATION; + +// private +typedef struct _SYSTEM_SYSTEM_DISK_INFORMATION +{ + UNICODE_STRING SystemDisk; +} SYSTEM_SYSTEM_DISK_INFORMATION, *PSYSTEM_SYSTEM_DISK_INFORMATION; + +// private +typedef struct _SYSTEM_NUMA_PROXIMITY_MAP +{ + ULONG NodeProximityId; + USHORT NodeNumber; +} SYSTEM_NUMA_PROXIMITY_MAP, *PSYSTEM_NUMA_PROXIMITY_MAP; + +// private (Windows 8.1 and above) +typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT +{ + ULONGLONG Hits; + UCHAR PercentFrequency; +} SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT, *PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; + +// private (Windows 7 and Windows 8) +typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 +{ + ULONG Hits; + UCHAR PercentFrequency; +} SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8, *PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8; + +// private +typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION +{ + ULONG ProcessorNumber; + ULONG StateCount; + _Field_size_(StateCount) SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT States[1]; +} SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION, *PSYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION; + +// private +typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION +{ + ULONG ProcessorCount; + ULONG Offsets[1]; +} SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION, *PSYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION; + +#define CODEINTEGRITY_OPTION_ENABLED 0x01 +#define CODEINTEGRITY_OPTION_TESTSIGN 0x02 +#define CODEINTEGRITY_OPTION_UMCI_ENABLED 0x04 +#define CODEINTEGRITY_OPTION_UMCI_AUDITMODE_ENABLED 0x08 +#define CODEINTEGRITY_OPTION_UMCI_EXCLUSIONPATHS_ENABLED 0x10 +#define CODEINTEGRITY_OPTION_TEST_BUILD 0x20 +#define CODEINTEGRITY_OPTION_PREPRODUCTION_BUILD 0x40 +#define CODEINTEGRITY_OPTION_DEBUGMODE_ENABLED 0x80 +#define CODEINTEGRITY_OPTION_FLIGHT_BUILD 0x100 +#define CODEINTEGRITY_OPTION_FLIGHTING_ENABLED 0x200 +#define CODEINTEGRITY_OPTION_HVCI_KMCI_ENABLED 0x400 +#define CODEINTEGRITY_OPTION_HVCI_KMCI_AUDITMODE_ENABLED 0x800 +#define CODEINTEGRITY_OPTION_HVCI_KMCI_STRICTMODE_ENABLED 0x1000 +#define CODEINTEGRITY_OPTION_HVCI_IUM_ENABLED 0x2000 +#define CODEINTEGRITY_OPTION_WHQL_ENFORCEMENT_ENABLED 0x4000 +#define CODEINTEGRITY_OPTION_WHQL_AUDITMODE_ENABLED 0x8000 + +// private +typedef struct _SYSTEM_CODEINTEGRITY_INFORMATION +{ + ULONG Length; + ULONG CodeIntegrityOptions; +} SYSTEM_CODEINTEGRITY_INFORMATION, *PSYSTEM_CODEINTEGRITY_INFORMATION; + +// private +typedef struct _SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION +{ + ULONG Operation; +} SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION, *PSYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION; + +// private +typedef enum _SYSTEM_VA_TYPE +{ + SystemVaTypeAll, + SystemVaTypeNonPagedPool, + SystemVaTypePagedPool, + SystemVaTypeSystemCache, + SystemVaTypeSystemPtes, + SystemVaTypeSessionSpace, + SystemVaTypeMax +} SYSTEM_VA_TYPE, *PSYSTEM_VA_TYPE; + +// private +typedef struct _SYSTEM_VA_LIST_INFORMATION +{ + SIZE_T VirtualSize; + SIZE_T VirtualPeak; + SIZE_T VirtualLimit; + SIZE_T AllocationFailures; +} SYSTEM_VA_LIST_INFORMATION, *PSYSTEM_VA_LIST_INFORMATION; + +// rev +typedef enum _STORE_INFORMATION_CLASS +{ + StorePageRequest = 1, + StoreStatsRequest = 2, // q: SM_STATS_REQUEST // SmProcessStatsRequest + StoreCreateRequest = 3, // s: SM_CREATE_REQUEST (requires SeProfileSingleProcessPrivilege) + StoreDeleteRequest = 4, // s: SM_DELETE_REQUEST (requires SeProfileSingleProcessPrivilege) + StoreListRequest = 5, // q: SM_STORE_LIST_REQUEST / SM_STORE_LIST_REQUEST_EX // SmProcessListRequest + Available1 = 6, + StoreEmptyRequest = 7, + CacheListRequest = 8, // q: SMC_CACHE_LIST_REQUEST // SmcProcessListRequest + CacheCreateRequest = 9, // s: SMC_CACHE_CREATE_REQUEST (requires SeProfileSingleProcessPrivilege) + CacheDeleteRequest = 10, // s: SMC_CACHE_DELETE_REQUEST (requires SeProfileSingleProcessPrivilege) + CacheStoreCreateRequest = 11, // s: SMC_STORE_CREATE_REQUEST (requires SeProfileSingleProcessPrivilege) + CacheStoreDeleteRequest = 12, // s: SMC_STORE_DELETE_REQUEST (requires SeProfileSingleProcessPrivilege) + CacheStatsRequest = 13, // q: SMC_CACHE_STATS_REQUEST // SmcProcessStatsRequest + Available2 = 14, + RegistrationRequest = 15, // q: SM_REGISTRATION_REQUEST (requires SeProfileSingleProcessPrivilege) // SmProcessRegistrationRequest + GlobalCacheStatsRequest = 16, + StoreResizeRequest = 17, // s: SM_STORE_RESIZE_REQUEST (requires SeProfileSingleProcessPrivilege) + CacheStoreResizeRequest = 18, // s: SMC_STORE_RESIZE_REQUEST (requires SeProfileSingleProcessPrivilege) + SmConfigRequest = 19, // s: SM_CONFIG_REQUEST (requires SeProfileSingleProcessPrivilege) + StoreHighMemoryPriorityRequest = 20, // s: SM_STORE_HIGH_MEM_PRIORITY_REQUEST (requires SeProfileSingleProcessPrivilege) + SystemStoreTrimRequest = 21, // s: SM_SYSTEM_STORE_TRIM_REQUEST (requires SeProfileSingleProcessPrivilege) + MemCompressionInfoRequest = 22, // q: SM_MEM_COMPRESSION_INFO_REQUEST // SmProcessCompressionInfoRequest + ProcessStoreInfoRequest = 23, // SmProcessProcessStoreInfoRequest + StoreInformationMax +} STORE_INFORMATION_CLASS; + +// rev +#define SYSTEM_STORE_INFORMATION_VERSION 1 + +// rev +typedef struct _SYSTEM_STORE_INFORMATION +{ + _In_ ULONG Version; + _In_ STORE_INFORMATION_CLASS StoreInformationClass; + _Inout_ PVOID Data; + _Inout_ ULONG Length; +} SYSTEM_STORE_INFORMATION, *PSYSTEM_STORE_INFORMATION; + +#define SYSTEM_STORE_STATS_INFORMATION_VERSION 2 + +typedef enum _ST_STATS_LEVEL +{ + StStatsLevelBasic = 0, + StStatsLevelIoStats = 1, + StStatsLevelRegionSpace = 2, // requires SeProfileSingleProcessPrivilege + StStatsLevelSpaceBitmap = 3, // requires SeProfileSingleProcessPrivilege + StStatsLevelMax = 4 +} ST_STATS_LEVEL; + +typedef struct _SM_STATS_REQUEST +{ + ULONG Version : 8; // SYSTEM_STORE_STATS_INFORMATION_VERSION + ULONG DetailLevel : 8; // ST_STATS_LEVEL + ULONG StoreId : 16; + ULONG BufferSize; + PVOID Buffer; // PST_STATS +} SM_STATS_REQUEST, *PSM_STATS_REQUEST; + +typedef struct _ST_DATA_MGR_STATS +{ + ULONG RegionCount; + ULONG PagesStored; + ULONG UniquePagesStored; + ULONG LazyCleanupRegionCount; + struct { + ULONG RegionsInUse; + ULONG SpaceUsed; + } Space[8]; +} ST_DATA_MGR_STATS, *PST_DATA_MGR_STATS; + +typedef struct _ST_IO_STATS_PERIOD +{ + ULONG PageCounts[5]; +} ST_IO_STATS_PERIOD, *PST_IO_STATS_PERIOD; + +typedef struct _ST_IO_STATS +{ + ULONG PeriodCount; + ST_IO_STATS_PERIOD Periods[64]; +} ST_IO_STATS, *PST_IO_STATS; + +typedef struct _ST_READ_LATENCY_BUCKET +{ + ULONG LatencyUs; + ULONG Count; +} ST_READ_LATENCY_BUCKET, *PST_READ_LATENCY_BUCKET; + +typedef struct _ST_READ_LATENCY_STATS +{ + ST_READ_LATENCY_BUCKET Buckets[8]; +} ST_READ_LATENCY_STATS, *PST_READ_LATENCY_STATS; + +// rev +typedef struct _ST_STATS_REGION_INFO +{ + USHORT SpaceUsed; + UCHAR Priority; + UCHAR Spare; +} ST_STATS_REGION_INFO, *PST_STATS_REGION_INFO; + +// rev +typedef struct _ST_STATS_SPACE_BITMAP +{ + SIZE_T CompressedBytes; + ULONG BytesPerBit; + UCHAR StoreBitmap[1]; +} ST_STATS_SPACE_BITMAP, *PST_STATS_SPACE_BITMAP; + +// rev +typedef struct _ST_STATS +{ + ULONG Version : 8; + ULONG Level : 4; + ULONG StoreType : 4; + ULONG NoDuplication : 1; + ULONG NoCompression : 1; + ULONG EncryptionStrength : 12; + ULONG VirtualRegions : 1; + ULONG Spare0 : 1; + ULONG Size; + USHORT CompressionFormat; + USHORT Spare; + + struct + { + ULONG RegionSize; + ULONG RegionCount; + ULONG RegionCountMax; + ULONG Granularity; + ST_DATA_MGR_STATS UserData; + ST_DATA_MGR_STATS Metadata; + } Basic; + + struct + { + ST_IO_STATS IoStats; + ST_READ_LATENCY_STATS ReadLatencyStats; + } Io; + + // ST_STATS_REGION_INFO[RegionCountMax] + // ST_STATS_SPACE_BITMAP +} ST_STATS, *PST_STATS; + +#define SYSTEM_STORE_CREATE_INFORMATION_VERSION 6 + +typedef enum _SM_STORE_TYPE +{ + StoreTypeInMemory=0, + StoreTypeFile=1, + StoreTypeMax=2 +} SM_STORE_TYPE; + +typedef struct _SM_STORE_BASIC_PARAMS +{ + union + { + struct + { + ULONG StoreType : 8; // SM_STORE_TYPE + ULONG NoDuplication : 1; + ULONG FailNoCompression : 1; + ULONG NoCompression : 1 ; + ULONG NoEncryption : 1; + ULONG NoEvictOnAdd : 1; + ULONG PerformsFileIo : 1; + ULONG VdlNotSet : 1 ; + ULONG UseIntermediateAddBuffer : 1; + ULONG CompressNoHuff : 1; + ULONG LockActiveRegions : 1; + ULONG VirtualRegions : 1; + ULONG Spare : 13; + }; + ULONG StoreFlags; + }; + ULONG Granularity; + ULONG RegionSize; + ULONG RegionCountMax; +} SM_STORE_BASIC_PARAMS, *PSM_STORE_BASIC_PARAMS; + +typedef struct _SMKM_REGION_EXTENT +{ + ULONG RegionCount; + SIZE_T ByteOffset; +} SMKM_REGION_EXTENT, *PSMKM_REGION_EXTENT; + +typedef struct _FILE_OBJECT *PFILE_OBJECT; +typedef struct _DEVICE_OBJECT *PDEVICE_OBJECT; +typedef struct _IRP *PIRP; +typedef struct _RTL_BITMAP *PRTL_BITMAP; + +typedef struct _SMKM_FILE_INFO +{ + HANDLE FileHandle; + PFILE_OBJECT FileObject; + PFILE_OBJECT VolumeFileObject; + PDEVICE_OBJECT VolumeDeviceObject; + HANDLE VolumePnpHandle; + PIRP UsageNotificationIrp; + PSMKM_REGION_EXTENT Extents; + ULONG ExtentCount; +} SMKM_FILE_INFO, *PSMKM_FILE_INFO; + +typedef struct _SM_STORE_CACHE_BACKED_PARAMS +{ + ULONG SectorSize; + PCHAR EncryptionKey; + ULONG EncryptionKeySize; + PSMKM_FILE_INFO FileInfo; + PVOID EtaContext; + PRTL_BITMAP StoreRegionBitmap; +} SM_STORE_CACHE_BACKED_PARAMS, *PSM_STORE_CACHE_BACKED_PARAMS; + +typedef struct _SM_STORE_PARAMETERS +{ + SM_STORE_BASIC_PARAMS Store; + ULONG Priority; + ULONG Flags; + SM_STORE_CACHE_BACKED_PARAMS CacheBacked; +} SM_STORE_PARAMETERS, *PSM_STORE_PARAMETERS; + +typedef struct _SM_CREATE_REQUEST +{ + ULONG Version : 8; // SYSTEM_STORE_CREATE_INFORMATION_VERSION + ULONG AcquireReference : 1; + ULONG KeyedStore : 1; + ULONG Spare : 22; + SM_STORE_PARAMETERS Params; + ULONG StoreId; +} SM_CREATE_REQUEST, *PSM_CREATE_REQUEST; + +#define SYSTEM_STORE_DELETE_INFORMATION_VERSION 1 + +typedef struct _SM_DELETE_REQUEST +{ + ULONG Version : 8; // SYSTEM_STORE_DELETE_INFORMATION_VERSION + ULONG Spare : 24; + ULONG StoreId; +} SM_DELETE_REQUEST, *PSM_DELETE_REQUEST; + +#define SYSTEM_STORE_LIST_INFORMATION_VERSION 2 + +typedef struct _SM_STORE_LIST_REQUEST +{ + ULONG Version : 8; // SYSTEM_STORE_LIST_INFORMATION_VERSION + ULONG StoreCount : 8; // = 0 + ULONG ExtendedRequest : 1; // SM_STORE_LIST_REQUEST_EX if set + ULONG Spare : 15; + ULONG StoreId[32]; +} SM_STORE_LIST_REQUEST, *PSM_STORE_LIST_REQUEST; + +typedef struct _SM_STORE_LIST_REQUEST_EX +{ + SM_STORE_LIST_REQUEST Request; + WCHAR NameBuffer[32][64]; +} SM_STORE_LIST_REQUEST_EX, *PSM_STORE_LIST_REQUEST_EX; + +#define SYSTEM_CACHE_LIST_INFORMATION_VERSION 2 + +typedef struct _SMC_CACHE_LIST_REQUEST +{ + ULONG Version : 8; // SYSTEM_CACHE_LIST_INFORMATION_VERSION + ULONG CacheCount : 8; // = 0 + ULONG Spare : 16; + ULONG CacheId[16]; +} SMC_CACHE_LIST_REQUEST, *PSMC_CACHE_LIST_REQUEST; + +#define SYSTEM_CACHE_CREATE_INFORMATION_VERSION 3 + +typedef struct _SMC_CACHE_PARAMETERS +{ + SIZE_T CacheFileSize; + ULONG StoreAlignment; + ULONG PerformsFileIo : 1; + ULONG VdlNotSet : 1; + ULONG Spare : 30; + ULONG CacheFlags; + ULONG Priority; +} SMC_CACHE_PARAMETERS, *PSMC_CACHE_PARAMETERS; + +typedef struct _SMC_CACHE_CREATE_PARAMETERS +{ + SMC_CACHE_PARAMETERS CacheParameters; + WCHAR TemplateFilePath[512]; +} SMC_CACHE_CREATE_PARAMETERS, *PSMC_CACHE_CREATE_PARAMETERS; + +typedef struct _SMC_CACHE_CREATE_REQUEST +{ + ULONG Version : 8; // SYSTEM_CACHE_CREATE_INFORMATION_VERSION + ULONG Spare : 24; + ULONG CacheId; + SMC_CACHE_CREATE_PARAMETERS CacheCreateParams; +} SMC_CACHE_CREATE_REQUEST, *PSMC_CACHE_CREATE_REQUEST; + +#define SYSTEM_CACHE_DELETE_INFORMATION_VERSION 1 + +typedef struct _SMC_CACHE_DELETE_REQUEST +{ + ULONG Version : 8; // SYSTEM_CACHE_DELETE_INFORMATION_VERSION + ULONG Spare : 24; + ULONG CacheId; +} SMC_CACHE_DELETE_REQUEST, *PSMC_CACHE_DELETE_REQUEST; + +#define SYSTEM_CACHE_STORE_CREATE_INFORMATION_VERSION 2 + +typedef enum _SM_STORE_MANAGER_TYPE +{ + SmStoreManagerTypePhysical=0, + SmStoreManagerTypeVirtual=1, + SmStoreManagerTypeMax=2 +} SM_STORE_MANAGER_TYPE; + +typedef struct _SMC_STORE_CREATE_REQUEST +{ + ULONG Version : 8; // SYSTEM_CACHE_STORE_CREATE_INFORMATION_VERSION + ULONG Spare : 24; + SM_STORE_BASIC_PARAMS StoreParams; + ULONG CacheId; + SM_STORE_MANAGER_TYPE StoreManagerType; + ULONG StoreId; +} SMC_STORE_CREATE_REQUEST, *PSMC_STORE_CREATE_REQUEST; + +#define SYSTEM_CACHE_STORE_DELETE_INFORMATION_VERSION 1 + +typedef struct _SMC_STORE_DELETE_REQUEST +{ + ULONG Version : 8; // SYSTEM_CACHE_STORE_DELETE_INFORMATION_VERSION + ULONG Spare : 24; + ULONG CacheId; + SM_STORE_MANAGER_TYPE StoreManagerType; + ULONG StoreId; +} SMC_STORE_DELETE_REQUEST, *PSMC_STORE_DELETE_REQUEST; + +#define SYSTEM_CACHE_STATS_INFORMATION_VERSION 3 + +typedef struct _SMC_CACHE_STATS +{ + SIZE_T TotalFileSize; + ULONG StoreCount; + ULONG RegionCount; + ULONG RegionSizeBytes; + ULONG FileCount : 6; + ULONG PerformsFileIo : 1; + ULONG Spare : 25; + ULONG StoreIds[16]; + ULONG PhysicalStoreBitmap; + ULONG Priority; + WCHAR TemplateFilePath[512]; +} SMC_CACHE_STATS, *PSMC_CACHE_STATS; + +typedef struct _SMC_CACHE_STATS_REQUEST +{ + ULONG Version : 8; // SYSTEM_CACHE_STATS_INFORMATION_VERSION + ULONG NoFilePath : 1; + ULONG Spare : 23; + ULONG CacheId; + SMC_CACHE_STATS CacheStats; +} SMC_CACHE_STATS_REQUEST, *PSMC_CACHE_STATS_REQUEST; + +#define SYSTEM_STORE_REGISTRATION_INFORMATION_VERSION 2 + +typedef struct _SM_REGISTRATION_INFO +{ + HANDLE CachesUpdatedEvent; +} SM_REGISTRATION_INFO, *PSM_REGISTRATION_INFO; + +typedef struct _SM_REGISTRATION_REQUEST +{ + ULONG Version : 8; // SYSTEM_STORE_REGISTRATION_INFORMATION_VERSION + ULONG Spare : 24; + SM_REGISTRATION_INFO RegInfo; +} SM_REGISTRATION_REQUEST, *PSM_REGISTRATION_REQUEST; + +typedef struct _RTL_BITMAP *PRTL_BITMAP; + +#define SYSTEM_STORE_RESIZE_INFORMATION_VERSION 6 + +typedef struct _SM_STORE_RESIZE_REQUEST +{ + ULONG Version : 8; // SYSTEM_STORE_RESIZE_INFORMATION_VERSION + ULONG AddRegions : 1; + ULONG Spare : 23; + ULONG StoreId; + ULONG NumberOfRegions; + PRTL_BITMAP RegionBitmap; +} SM_STORE_RESIZE_REQUEST, *PSM_STORE_RESIZE_REQUEST; + +#define SYSTEM_CACHE_STORE_RESIZE_INFORMATION_VERSION 1 + +typedef struct _SMC_STORE_RESIZE_REQUEST +{ + ULONG Version : 8; // SYSTEM_CACHE_STORE_RESIZE_INFORMATION_VERSION + ULONG AddRegions : 1; + ULONG Spare : 23; + ULONG CacheId; + ULONG StoreId; + SM_STORE_MANAGER_TYPE StoreManagerType; + ULONG RegionCount; +} SMC_STORE_RESIZE_REQUEST, *PSMC_STORE_RESIZE_REQUEST; + +#define SYSTEM_STORE_CONFIG_INFORMATION_VERSION 4 + +typedef enum _SM_CONFIG_TYPE +{ + SmConfigDirtyPageCompression = 0, + SmConfigAsyncInswap = 1, + SmConfigPrefetchSeekThreshold = 2, + SmConfigTypeMax = 3 +} SM_CONFIG_TYPE; + +typedef struct _SM_CONFIG_REQUEST +{ + ULONG Version : 8; // SYSTEM_STORE_CONFIG_INFORMATION_VERSION + ULONG Spare : 16; + ULONG ConfigType : 8; // SM_CONFIG_TYPE + ULONG ConfigValue; +} SM_CONFIG_REQUEST, *PSM_CONFIG_REQUEST; + +#define SYSTEM_STORE_HIGH_MEM_PRIORITY_INFORMATION_VERSION 1 + +// rev +typedef struct _SM_STORE_HIGH_MEM_PRIORITY_REQUEST +{ + ULONG Version : 8; // SYSTEM_STORE_HIGH_MEM_PRIORITY_INFORMATION_VERSION + ULONG SetHighMemoryPriority : 1; + ULONG Spare : 23; + HANDLE ProcessHandle; +} SM_STORE_HIGH_MEM_PRIORITY_REQUEST, *PSM_STORE_HIGH_MEM_PRIORITY_REQUEST; + +#define SYSTEM_STORE_TRIM_INFORMATION_VERSION 1 + +// rev +typedef struct _SM_SYSTEM_STORE_TRIM_REQUEST +{ + ULONG Version : 8; // SYSTEM_STORE_TRIM_INFORMATION_VERSION + ULONG Spare : 24; + SIZE_T PagesToTrim; // ULONG? +} SM_SYSTEM_STORE_TRIM_REQUEST, *PSM_SYSTEM_STORE_TRIM_REQUEST; + +// rev +#define SYSTEM_STORE_COMPRESSION_INFORMATION_VERSION 3 + +// rev +typedef struct _SM_MEM_COMPRESSION_INFO_REQUEST +{ + ULONG Version : 8; // SYSTEM_STORE_COMPRESSION_INFORMATION_VERSION + ULONG Spare : 24; + ULONG CompressionPid; + ULONG WorkingSetSize; + SIZE_T TotalDataCompressed; + SIZE_T TotalCompressedSize; + SIZE_T TotalUniqueDataCompressed; +} SM_MEM_COMPRESSION_INFO_REQUEST, *PSM_MEM_COMPRESSION_INFO_REQUEST; + +// private +typedef struct _SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS +{ + HANDLE KeyHandle; + PUNICODE_STRING ValueNamePointer; + PULONG RequiredLengthPointer; + PUCHAR Buffer; + ULONG BufferLength; + ULONG Type; + PUCHAR AppendBuffer; + ULONG AppendBufferLength; + BOOLEAN CreateIfDoesntExist; + BOOLEAN TruncateExistingValue; +} SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS, *PSYSTEM_REGISTRY_APPEND_STRING_PARAMETERS; + +// msdn +typedef struct _SYSTEM_VHD_BOOT_INFORMATION +{ + BOOLEAN OsDiskIsVhd; + ULONG OsVhdFilePathOffset; + WCHAR OsVhdParentVolume[1]; +} SYSTEM_VHD_BOOT_INFORMATION, *PSYSTEM_VHD_BOOT_INFORMATION; + +// private +typedef struct _PS_CPU_QUOTA_QUERY_ENTRY +{ + ULONG SessionId; + ULONG Weight; +} PS_CPU_QUOTA_QUERY_ENTRY, *PPS_CPU_QUOTA_QUERY_ENTRY; + +// private +typedef struct _PS_CPU_QUOTA_QUERY_INFORMATION +{ + ULONG SessionCount; + PS_CPU_QUOTA_QUERY_ENTRY SessionInformation[1]; +} PS_CPU_QUOTA_QUERY_INFORMATION, *PPS_CPU_QUOTA_QUERY_INFORMATION; + +// private +typedef struct _SYSTEM_ERROR_PORT_TIMEOUTS +{ + ULONG StartTimeout; + ULONG CommTimeout; +} SYSTEM_ERROR_PORT_TIMEOUTS, *PSYSTEM_ERROR_PORT_TIMEOUTS; + +// private +typedef struct _SYSTEM_LOW_PRIORITY_IO_INFORMATION +{ + ULONG LowPriReadOperations; + ULONG LowPriWriteOperations; + ULONG KernelBumpedToNormalOperations; + ULONG LowPriPagingReadOperations; + ULONG KernelPagingReadsBumpedToNormal; + ULONG LowPriPagingWriteOperations; + ULONG KernelPagingWritesBumpedToNormal; + ULONG BoostedIrpCount; + ULONG BoostedPagingIrpCount; + ULONG BlanketBoostCount; +} SYSTEM_LOW_PRIORITY_IO_INFORMATION, *PSYSTEM_LOW_PRIORITY_IO_INFORMATION; + +// symbols +typedef enum _TPM_BOOT_ENTROPY_RESULT_CODE +{ + TpmBootEntropyStructureUninitialized, + TpmBootEntropyDisabledByPolicy, + TpmBootEntropyNoTpmFound, + TpmBootEntropyTpmError, + TpmBootEntropySuccess +} TPM_BOOT_ENTROPY_RESULT_CODE; + +// Contents of KeLoaderBlock->Extension->TpmBootEntropyResult (TPM_BOOT_ENTROPY_LDR_RESULT). +// EntropyData is truncated to 40 bytes. + +// private +typedef struct _TPM_BOOT_ENTROPY_NT_RESULT +{ + ULONGLONG Policy; + TPM_BOOT_ENTROPY_RESULT_CODE ResultCode; + NTSTATUS ResultStatus; + ULONGLONG Time; + ULONG EntropyLength; + UCHAR EntropyData[40]; +} TPM_BOOT_ENTROPY_NT_RESULT, *PTPM_BOOT_ENTROPY_NT_RESULT; + +// private +typedef struct _SYSTEM_VERIFIER_COUNTERS_INFORMATION +{ + SYSTEM_VERIFIER_INFORMATION Legacy; + ULONG RaiseIrqls; + ULONG AcquireSpinLocks; + ULONG SynchronizeExecutions; + ULONG AllocationsWithNoTag; + ULONG AllocationsFailed; + ULONG AllocationsFailedDeliberately; + SIZE_T LockedBytes; + SIZE_T PeakLockedBytes; + SIZE_T MappedLockedBytes; + SIZE_T PeakMappedLockedBytes; + SIZE_T MappedIoSpaceBytes; + SIZE_T PeakMappedIoSpaceBytes; + SIZE_T PagesForMdlBytes; + SIZE_T PeakPagesForMdlBytes; + SIZE_T ContiguousMemoryBytes; + SIZE_T PeakContiguousMemoryBytes; + ULONG ExecutePoolTypes; // REDSTONE2 + ULONG ExecutePageProtections; + ULONG ExecutePageMappings; + ULONG ExecuteWriteSections; + ULONG SectionAlignmentFailures; + ULONG UnsupportedRelocs; + ULONG IATInExecutableSection; +} SYSTEM_VERIFIER_COUNTERS_INFORMATION, *PSYSTEM_VERIFIER_COUNTERS_INFORMATION; + +// private +typedef struct _SYSTEM_ACPI_AUDIT_INFORMATION +{ + ULONG RsdpCount; + ULONG SameRsdt : 1; + ULONG SlicPresent : 1; + ULONG SlicDifferent : 1; +} SYSTEM_ACPI_AUDIT_INFORMATION, *PSYSTEM_ACPI_AUDIT_INFORMATION; + +// private +typedef struct _SYSTEM_BASIC_PERFORMANCE_INFORMATION +{ + SIZE_T AvailablePages; + SIZE_T CommittedPages; + SIZE_T CommitLimit; + SIZE_T PeakCommitment; +} SYSTEM_BASIC_PERFORMANCE_INFORMATION, *PSYSTEM_BASIC_PERFORMANCE_INFORMATION; + +// begin_msdn + +typedef struct _QUERY_PERFORMANCE_COUNTER_FLAGS +{ + union + { + struct + { + ULONG KernelTransition : 1; + ULONG Reserved : 31; + }; + ULONG ul; + }; +} QUERY_PERFORMANCE_COUNTER_FLAGS; + +typedef struct _SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION +{ + ULONG Version; + QUERY_PERFORMANCE_COUNTER_FLAGS Flags; + QUERY_PERFORMANCE_COUNTER_FLAGS ValidFlags; +} SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION, *PSYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION; + +// end_msdn + +// private +typedef enum _SYSTEM_PIXEL_FORMAT +{ + SystemPixelFormatUnknown, + SystemPixelFormatR8G8B8, + SystemPixelFormatR8G8B8X8, + SystemPixelFormatB8G8R8, + SystemPixelFormatB8G8R8X8 +} SYSTEM_PIXEL_FORMAT; + +// private +typedef struct _SYSTEM_BOOT_GRAPHICS_INFORMATION +{ + LARGE_INTEGER FrameBuffer; + ULONG Width; + ULONG Height; + ULONG PixelStride; + ULONG Flags; + SYSTEM_PIXEL_FORMAT Format; + ULONG DisplayRotation; +} SYSTEM_BOOT_GRAPHICS_INFORMATION, *PSYSTEM_BOOT_GRAPHICS_INFORMATION; + +// private +typedef struct _MEMORY_SCRUB_INFORMATION +{ + HANDLE Handle; + ULONG PagesScrubbed; +} MEMORY_SCRUB_INFORMATION, *PMEMORY_SCRUB_INFORMATION; + +// private +typedef struct _PEBS_DS_SAVE_AREA32 +{ + ULONG BtsBufferBase; + ULONG BtsIndex; + ULONG BtsAbsoluteMaximum; + ULONG BtsInterruptThreshold; + ULONG PebsBufferBase; + ULONG PebsIndex; + ULONG PebsAbsoluteMaximum; + ULONG PebsInterruptThreshold; + ULONG PebsGpCounterReset[8]; + ULONG PebsFixedCounterReset[4]; +} PEBS_DS_SAVE_AREA32, *PPEBS_DS_SAVE_AREA32; + +// private +typedef struct _PEBS_DS_SAVE_AREA64 +{ + ULONGLONG BtsBufferBase; + ULONGLONG BtsIndex; + ULONGLONG BtsAbsoluteMaximum; + ULONGLONG BtsInterruptThreshold; + ULONGLONG PebsBufferBase; + ULONGLONG PebsIndex; + ULONGLONG PebsAbsoluteMaximum; + ULONGLONG PebsInterruptThreshold; + ULONGLONG PebsGpCounterReset[8]; + ULONGLONG PebsFixedCounterReset[4]; +} PEBS_DS_SAVE_AREA64, *PPEBS_DS_SAVE_AREA64; + +// private +typedef union _PEBS_DS_SAVE_AREA +{ + PEBS_DS_SAVE_AREA32 As32Bit; + PEBS_DS_SAVE_AREA64 As64Bit; +} PEBS_DS_SAVE_AREA, *PPEBS_DS_SAVE_AREA; + +// private +typedef struct _PROCESSOR_PROFILE_CONTROL_AREA +{ + PEBS_DS_SAVE_AREA PebsDsSaveArea; +} PROCESSOR_PROFILE_CONTROL_AREA, *PPROCESSOR_PROFILE_CONTROL_AREA; + +// private +typedef struct _SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA +{ + PROCESSOR_PROFILE_CONTROL_AREA ProcessorProfileControlArea; + BOOLEAN Allocate; +} SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA, *PSYSTEM_PROCESSOR_PROFILE_CONTROL_AREA; + +// private +typedef struct _MEMORY_COMBINE_INFORMATION +{ + HANDLE Handle; + ULONG_PTR PagesCombined; +} MEMORY_COMBINE_INFORMATION, *PMEMORY_COMBINE_INFORMATION; + +// rev +#define MEMORY_COMBINE_FLAGS_COMMON_PAGES_ONLY 0x4 + +// private +typedef struct _MEMORY_COMBINE_INFORMATION_EX +{ + HANDLE Handle; + ULONG_PTR PagesCombined; + ULONG Flags; +} MEMORY_COMBINE_INFORMATION_EX, *PMEMORY_COMBINE_INFORMATION_EX; + +// private +typedef struct _MEMORY_COMBINE_INFORMATION_EX2 +{ + HANDLE Handle; + ULONG_PTR PagesCombined; + ULONG Flags; + HANDLE ProcessHandle; +} MEMORY_COMBINE_INFORMATION_EX2, *PMEMORY_COMBINE_INFORMATION_EX2; + +// private +typedef struct _SYSTEM_ENTROPY_TIMING_INFORMATION +{ + VOID (NTAPI *EntropyRoutine)(PVOID, ULONG); + VOID (NTAPI *InitializationRoutine)(PVOID, ULONG, PVOID); + PVOID InitializationContext; +} SYSTEM_ENTROPY_TIMING_INFORMATION, *PSYSTEM_ENTROPY_TIMING_INFORMATION; + +// private +typedef struct _SYSTEM_CONSOLE_INFORMATION +{ + ULONG DriverLoaded : 1; + ULONG Spare : 31; +} SYSTEM_CONSOLE_INFORMATION, *PSYSTEM_CONSOLE_INFORMATION; + +// private +typedef struct _SYSTEM_PLATFORM_BINARY_INFORMATION +{ + ULONG64 PhysicalAddress; + PVOID HandoffBuffer; + PVOID CommandLineBuffer; + ULONG HandoffBufferSize; + ULONG CommandLineBufferSize; +} SYSTEM_PLATFORM_BINARY_INFORMATION, *PSYSTEM_PLATFORM_BINARY_INFORMATION; + +// private +typedef struct _SYSTEM_POLICY_INFORMATION +{ + PVOID InputData; + PVOID OutputData; + ULONG InputDataSize; + ULONG OutputDataSize; + ULONG Version; +} SYSTEM_POLICY_INFORMATION, *PSYSTEM_POLICY_INFORMATION; + +// private +typedef struct _SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION +{ + ULONG NumberOfLogicalProcessors; + ULONG NumberOfCores; +} SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION, *PSYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION; + +// private +typedef struct _SYSTEM_DEVICE_DATA_INFORMATION +{ + UNICODE_STRING DeviceId; + UNICODE_STRING DataName; + ULONG DataType; + ULONG DataBufferLength; + PVOID DataBuffer; +} SYSTEM_DEVICE_DATA_INFORMATION, *PSYSTEM_DEVICE_DATA_INFORMATION; + +// private +typedef struct _PHYSICAL_CHANNEL_RUN +{ + ULONG NodeNumber; + ULONG ChannelNumber; + ULONGLONG BasePage; + ULONGLONG PageCount; + ULONG Flags; +} PHYSICAL_CHANNEL_RUN, *PPHYSICAL_CHANNEL_RUN; + +// private +typedef struct _SYSTEM_MEMORY_TOPOLOGY_INFORMATION +{ + ULONGLONG NumberOfRuns; + ULONG NumberOfNodes; + ULONG NumberOfChannels; + PHYSICAL_CHANNEL_RUN Run[1]; +} SYSTEM_MEMORY_TOPOLOGY_INFORMATION, *PSYSTEM_MEMORY_TOPOLOGY_INFORMATION; + +// private +typedef struct _SYSTEM_MEMORY_CHANNEL_INFORMATION +{ + ULONG ChannelNumber; + ULONG ChannelHeatIndex; + ULONGLONG TotalPageCount; + ULONGLONG ZeroPageCount; + ULONGLONG FreePageCount; + ULONGLONG StandbyPageCount; +} SYSTEM_MEMORY_CHANNEL_INFORMATION, *PSYSTEM_MEMORY_CHANNEL_INFORMATION; + +// private +typedef struct _SYSTEM_BOOT_LOGO_INFORMATION +{ + ULONG Flags; + ULONG BitmapOffset; +} SYSTEM_BOOT_LOGO_INFORMATION, *PSYSTEM_BOOT_LOGO_INFORMATION; + +// private +typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX +{ + LARGE_INTEGER IdleTime; + LARGE_INTEGER KernelTime; + LARGE_INTEGER UserTime; + LARGE_INTEGER DpcTime; + LARGE_INTEGER InterruptTime; + ULONG InterruptCount; + ULONG Spare0; + LARGE_INTEGER AvailableTime; + LARGE_INTEGER Spare1; + LARGE_INTEGER Spare2; +} SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX; + +// private +typedef struct _SYSTEM_SECUREBOOT_POLICY_INFORMATION +{ + GUID PolicyPublisher; + ULONG PolicyVersion; + ULONG PolicyOptions; +} SYSTEM_SECUREBOOT_POLICY_INFORMATION, *PSYSTEM_SECUREBOOT_POLICY_INFORMATION; + +// private +typedef struct _SYSTEM_PAGEFILE_INFORMATION_EX +{ + union // HACK union declaration for convenience (dmex) + { + SYSTEM_PAGEFILE_INFORMATION Info; + struct + { + ULONG NextEntryOffset; + ULONG TotalSize; + ULONG TotalInUse; + ULONG PeakUsage; + UNICODE_STRING PageFileName; + }; + }; + + ULONG MinimumSize; + ULONG MaximumSize; +} SYSTEM_PAGEFILE_INFORMATION_EX, *PSYSTEM_PAGEFILE_INFORMATION_EX; + +// private +typedef struct _SYSTEM_SECUREBOOT_INFORMATION +{ + BOOLEAN SecureBootEnabled; + BOOLEAN SecureBootCapable; +} SYSTEM_SECUREBOOT_INFORMATION, *PSYSTEM_SECUREBOOT_INFORMATION; + +// private +typedef struct _PROCESS_DISK_COUNTERS +{ + ULONGLONG BytesRead; + ULONGLONG BytesWritten; + ULONGLONG ReadOperationCount; + ULONGLONG WriteOperationCount; + ULONGLONG FlushOperationCount; +} PROCESS_DISK_COUNTERS, *PPROCESS_DISK_COUNTERS; + +// private +typedef union _ENERGY_STATE_DURATION +{ + ULONGLONG Value; + struct + { + ULONG LastChangeTime; + ULONG Duration : 31; + ULONG IsInState : 1; + }; +} ENERGY_STATE_DURATION, *PENERGY_STATE_DURATION; + +typedef struct _PROCESS_ENERGY_VALUES +{ + ULONGLONG Cycles[4][2]; + ULONGLONG DiskEnergy; + ULONGLONG NetworkTailEnergy; + ULONGLONG MBBTailEnergy; + ULONGLONG NetworkTxRxBytes; + ULONGLONG MBBTxRxBytes; + union + { + ENERGY_STATE_DURATION Durations[3]; + struct + { + ENERGY_STATE_DURATION ForegroundDuration; + ENERGY_STATE_DURATION DesktopVisibleDuration; + ENERGY_STATE_DURATION PSMForegroundDuration; + }; + }; + ULONG CompositionRendered; + ULONG CompositionDirtyGenerated; + ULONG CompositionDirtyPropagated; + ULONG Reserved1; + ULONGLONG AttributedCycles[4][2]; + ULONGLONG WorkOnBehalfCycles[4][2]; +} PROCESS_ENERGY_VALUES, *PPROCESS_ENERGY_VALUES; + +typedef union _TIMELINE_BITMAP +{ + ULONGLONG Value; + struct + { + ULONG EndTime; + ULONG Bitmap; + }; +} TIMELINE_BITMAP, *PTIMELINE_BITMAP; + +typedef struct _PROCESS_ENERGY_VALUES_EXTENSION +{ + union + { + TIMELINE_BITMAP Timelines[14]; // 9 for REDSTONE2, 14 for REDSTONE3/4/5 + struct + { + TIMELINE_BITMAP CpuTimeline; + TIMELINE_BITMAP DiskTimeline; + TIMELINE_BITMAP NetworkTimeline; + TIMELINE_BITMAP MBBTimeline; + TIMELINE_BITMAP ForegroundTimeline; + TIMELINE_BITMAP DesktopVisibleTimeline; + TIMELINE_BITMAP CompositionRenderedTimeline; + TIMELINE_BITMAP CompositionDirtyGeneratedTimeline; + TIMELINE_BITMAP CompositionDirtyPropagatedTimeline; + TIMELINE_BITMAP InputTimeline; // REDSTONE3 + TIMELINE_BITMAP AudioInTimeline; + TIMELINE_BITMAP AudioOutTimeline; + TIMELINE_BITMAP DisplayRequiredTimeline; + TIMELINE_BITMAP KeyboardInputTimeline; + }; + }; + + union // REDSTONE3 + { + ENERGY_STATE_DURATION Durations[5]; + struct + { + ENERGY_STATE_DURATION InputDuration; + ENERGY_STATE_DURATION AudioInDuration; + ENERGY_STATE_DURATION AudioOutDuration; + ENERGY_STATE_DURATION DisplayRequiredDuration; + ENERGY_STATE_DURATION PSMBackgroundDuration; + }; + }; + + ULONG KeyboardInput; + ULONG MouseInput; +} PROCESS_ENERGY_VALUES_EXTENSION, *PPROCESS_ENERGY_VALUES_EXTENSION; + +typedef struct _PROCESS_EXTENDED_ENERGY_VALUES +{ + PROCESS_ENERGY_VALUES Base; + PROCESS_ENERGY_VALUES_EXTENSION Extension; +} PROCESS_EXTENDED_ENERGY_VALUES, *PPROCESS_EXTENDED_ENERGY_VALUES; + +// private +typedef enum _SYSTEM_PROCESS_CLASSIFICATION +{ + SystemProcessClassificationNormal, + SystemProcessClassificationSystem, + SystemProcessClassificationSecureSystem, + SystemProcessClassificationMemCompression, + SystemProcessClassificationRegistry, // REDSTONE4 + SystemProcessClassificationMaximum +} SYSTEM_PROCESS_CLASSIFICATION; + +// private +typedef struct _SYSTEM_PROCESS_INFORMATION_EXTENSION +{ + PROCESS_DISK_COUNTERS DiskCounters; + ULONGLONG ContextSwitches; + union + { + ULONG Flags; + struct + { + ULONG HasStrongId : 1; + ULONG Classification : 4; // SYSTEM_PROCESS_CLASSIFICATION + ULONG BackgroundActivityModerated : 1; + ULONG Spare : 26; + }; + }; + ULONG UserSidOffset; + ULONG PackageFullNameOffset; // since THRESHOLD + PROCESS_ENERGY_VALUES EnergyValues; // since THRESHOLD + ULONG AppIdOffset; // since THRESHOLD + SIZE_T SharedCommitCharge; // since THRESHOLD2 + ULONG JobObjectId; // since REDSTONE + ULONG SpareUlong; // since REDSTONE + ULONGLONG ProcessSequenceNumber; +} SYSTEM_PROCESS_INFORMATION_EXTENSION, *PSYSTEM_PROCESS_INFORMATION_EXTENSION; + +// private +typedef struct _SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION +{ + BOOLEAN EfiLauncherEnabled; +} SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION, *PSYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION; + +// private +typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX +{ + BOOLEAN DebuggerAllowed; + BOOLEAN DebuggerEnabled; + BOOLEAN DebuggerPresent; +} SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION_EX; + +// private +typedef struct _SYSTEM_ELAM_CERTIFICATE_INFORMATION +{ + HANDLE ElamDriverFile; +} SYSTEM_ELAM_CERTIFICATE_INFORMATION, *PSYSTEM_ELAM_CERTIFICATE_INFORMATION; + +// private +typedef struct _OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2 +{ + ULONG Version; + ULONG AbnormalResetOccurred; + ULONG OfflineMemoryDumpCapable; + LARGE_INTEGER ResetDataAddress; + ULONG ResetDataSize; +} OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2, *POFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2; + +// private +typedef struct _OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V1 +{ + ULONG Version; + ULONG AbnormalResetOccurred; + ULONG OfflineMemoryDumpCapable; +} OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V1, *POFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V1; + +// private +typedef struct _SYSTEM_PROCESSOR_FEATURES_INFORMATION +{ + ULONGLONG ProcessorFeatureBits; + ULONGLONG Reserved[3]; +} SYSTEM_PROCESSOR_FEATURES_INFORMATION, *PSYSTEM_PROCESSOR_FEATURES_INFORMATION; + +// EDID v1.4 standard data format +typedef struct _SYSTEM_EDID_INFORMATION +{ + UCHAR Edid[128]; +} SYSTEM_EDID_INFORMATION, *PSYSTEM_EDID_INFORMATION; + +// private +typedef struct _SYSTEM_MANUFACTURING_INFORMATION +{ + ULONG Options; + UNICODE_STRING ProfileName; +} SYSTEM_MANUFACTURING_INFORMATION, *PSYSTEM_MANUFACTURING_INFORMATION; + +// private +typedef struct _SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION +{ + BOOLEAN Enabled; +} SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION, *PSYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION; + +// private +typedef struct _HV_DETAILS +{ + ULONG Data[4]; +} HV_DETAILS, *PHV_DETAILS; + +// private +typedef struct _SYSTEM_HYPERVISOR_DETAIL_INFORMATION +{ + HV_DETAILS HvVendorAndMaxFunction; + HV_DETAILS HypervisorInterface; + HV_DETAILS HypervisorVersion; + HV_DETAILS HvFeatures; + HV_DETAILS HwFeatures; + HV_DETAILS EnlightenmentInfo; + HV_DETAILS ImplementationLimits; +} SYSTEM_HYPERVISOR_DETAIL_INFORMATION, *PSYSTEM_HYPERVISOR_DETAIL_INFORMATION; + +// private +typedef struct _SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION +{ + ULONGLONG Cycles[4][2]; +} SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION, *PSYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION; + +// private +typedef struct _SYSTEM_TPM_INFORMATION +{ + ULONG Flags; +} SYSTEM_TPM_INFORMATION, *PSYSTEM_TPM_INFORMATION; + +// private +typedef struct _SYSTEM_VSM_PROTECTION_INFORMATION +{ + BOOLEAN DmaProtectionsAvailable; + BOOLEAN DmaProtectionsInUse; + BOOLEAN HardwareMbecAvailable; // REDSTONE4 (CVE-2018-3639) + BOOLEAN ApicVirtualizationAvailable; // 20H1 +} SYSTEM_VSM_PROTECTION_INFORMATION, *PSYSTEM_VSM_PROTECTION_INFORMATION; + +// private +typedef struct _SYSTEM_KERNEL_DEBUGGER_FLAGS +{ + BOOLEAN KernelDebuggerIgnoreUmExceptions; +} SYSTEM_KERNEL_DEBUGGER_FLAGS, *PSYSTEM_KERNEL_DEBUGGER_FLAGS; + +// SYSTEM_CODEINTEGRITYPOLICY_INFORMATION Options +#define CODEINTEGRITYPOLICY_OPTION_ENABLED 0x01 +#define CODEINTEGRITYPOLICY_OPTION_AUDIT 0x02 +#define CODEINTEGRITYPOLICY_OPTION_REQUIRE_WHQL 0x04 +#define CODEINTEGRITYPOLICY_OPTION_DISABLED_FLIGHTSIGNING 0x08 +#define CODEINTEGRITYPOLICY_OPTION_ENABLED_UMCI 0x10 +#define CODEINTEGRITYPOLICY_OPTION_ENABLED_UPDATE_POLICY_NOREBOOT 0x20 +#define CODEINTEGRITYPOLICY_OPTION_ENABLED_SECURE_SETTING_POLICY 0x40 +#define CODEINTEGRITYPOLICY_OPTION_ENABLED_UNSIGNED_SYSTEMINTEGRITY_POLICY 0x80 +#define CODEINTEGRITYPOLICY_OPTION_DYNAMIC_CODE_POLICY_ENABLED 0x100 +#define CODEINTEGRITYPOLICY_OPTION_RELOAD_POLICY_NO_REBOOT 0x10000000 // NtSetSystemInformation reloads SiPolicy.p7b +#define CODEINTEGRITYPOLICY_OPTION_CONDITIONAL_LOCKDOWN 0x20000000 +#define CODEINTEGRITYPOLICY_OPTION_NOLOCKDOWN 0x40000000 +#define CODEINTEGRITYPOLICY_OPTION_LOCKDOWN 0x80000000 + +// SYSTEM_CODEINTEGRITYPOLICY_INFORMATION HVCIOptions +#define CODEINTEGRITYPOLICY_HVCIOPTION_ENABLED 0x01 +#define CODEINTEGRITYPOLICY_HVCIOPTION_STRICT 0x02 +#define CODEINTEGRITYPOLICY_HVCIOPTION_DEBUG 0x04 + +// private +typedef struct _SYSTEM_CODEINTEGRITYPOLICY_INFORMATION +{ + ULONG Options; + ULONG HVCIOptions; + ULONGLONG Version; + GUID PolicyGuid; +} SYSTEM_CODEINTEGRITYPOLICY_INFORMATION, *PSYSTEM_CODEINTEGRITYPOLICY_INFORMATION; + +// private +typedef struct _SYSTEM_ISOLATED_USER_MODE_INFORMATION +{ + BOOLEAN SecureKernelRunning : 1; + BOOLEAN HvciEnabled : 1; + BOOLEAN HvciStrictMode : 1; + BOOLEAN DebugEnabled : 1; + BOOLEAN FirmwarePageProtection : 1; + BOOLEAN EncryptionKeyAvailable : 1; + BOOLEAN SpareFlags : 2; + BOOLEAN TrustletRunning : 1; + BOOLEAN HvciDisableAllowed : 1; + BOOLEAN SpareFlags2 : 6; + BOOLEAN Spare0[6]; + ULONGLONG Spare1; +} SYSTEM_ISOLATED_USER_MODE_INFORMATION, *PSYSTEM_ISOLATED_USER_MODE_INFORMATION; + +// private +typedef struct _SYSTEM_SINGLE_MODULE_INFORMATION +{ + PVOID TargetModuleAddress; + RTL_PROCESS_MODULE_INFORMATION_EX ExInfo; +} SYSTEM_SINGLE_MODULE_INFORMATION, *PSYSTEM_SINGLE_MODULE_INFORMATION; + +// private +typedef struct _SYSTEM_INTERRUPT_CPU_SET_INFORMATION +{ + ULONG Gsiv; + USHORT Group; + ULONGLONG CpuSets; +} SYSTEM_INTERRUPT_CPU_SET_INFORMATION, *PSYSTEM_INTERRUPT_CPU_SET_INFORMATION; + +// private +typedef struct _SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION +{ + SYSTEM_SECUREBOOT_POLICY_INFORMATION PolicyInformation; + ULONG PolicySize; + UCHAR Policy[1]; +} SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION, *PSYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION; + +// private +typedef struct _SYSTEM_ROOT_SILO_INFORMATION +{ + ULONG NumberOfSilos; + ULONG SiloIdList[1]; +} SYSTEM_ROOT_SILO_INFORMATION, *PSYSTEM_ROOT_SILO_INFORMATION; + +// private +typedef struct _SYSTEM_CPU_SET_TAG_INFORMATION +{ + ULONGLONG Tag; + ULONGLONG CpuSets[1]; +} SYSTEM_CPU_SET_TAG_INFORMATION, *PSYSTEM_CPU_SET_TAG_INFORMATION; + +// private +typedef struct _SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION +{ + ULONG ExtentCount; + ULONG ValidStructureSize; + ULONG NextExtentIndex; + ULONG ExtentRestart; + ULONG CycleCount; + ULONG TimeoutCount; + ULONGLONG CycleTime; + ULONGLONG CycleTimeMax; + ULONGLONG ExtentTime; + ULONG ExtentTimeIndex; + ULONG ExtentTimeMaxIndex; + ULONGLONG ExtentTimeMax; + ULONGLONG HyperFlushTimeMax; + ULONGLONG TranslateVaTimeMax; + ULONGLONG DebugExemptionCount; + ULONGLONG TbHitCount; + ULONGLONG TbMissCount; + ULONGLONG VinaPendingYield; + ULONGLONG HashCycles; + ULONG HistogramOffset; + ULONG HistogramBuckets; + ULONG HistogramShift; + ULONG Reserved1; + ULONGLONG PageNotPresentCount; +} SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION, *PSYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION; + +// private +typedef struct _SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION +{ + ULONG PlatformManifestSize; + UCHAR PlatformManifest[1]; +} SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION, *PSYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION; + +// private +typedef struct _SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT +{ + ULONG Gsiv; + UCHAR ControllerInterrupt; + UCHAR EdgeInterrupt; + UCHAR IsPrimaryInterrupt; + GROUP_AFFINITY TargetAffinity; +} SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT, *PSYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT; + +// private +typedef union _SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT +{ + ULONG AsULONG; + struct + { + ULONG Enabled : 1; + ULONG Reserved : 31; + }; +} SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT, *PSYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT; + +#if !defined(NTDDI_WIN10_FE) || (NTDDI_VERSION < NTDDI_WIN10_FE) +// private +typedef struct _SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION +{ + ULONG Machine : 16; + ULONG KernelMode : 1; + ULONG UserMode : 1; + ULONG Native : 1; + ULONG Process : 1; + ULONG WoW64Container : 1; + ULONG ReservedZero0 : 11; +} SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION, *PSYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION; +#endif + +// private +typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION +{ + ULONGLONG TotalPhysicalBytes; + ULONGLONG AvailableBytes; + LONGLONG ResidentAvailableBytes; + ULONGLONG CommittedBytes; + ULONGLONG SharedCommittedBytes; + ULONGLONG CommitLimitBytes; + ULONGLONG PeakCommitmentBytes; +} SYSTEM_MEMORY_USAGE_INFORMATION, *PSYSTEM_MEMORY_USAGE_INFORMATION; + +// private +typedef struct _SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION +{ + HANDLE ImageFile; + ULONG Type; // REDSTONE4 +} SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION, *PSYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION; + +// private +typedef struct _SYSTEM_PHYSICAL_MEMORY_INFORMATION +{ + ULONGLONG TotalPhysicalBytes; + ULONGLONG LowestPhysicalAddress; + ULONGLONG HighestPhysicalAddress; +} SYSTEM_PHYSICAL_MEMORY_INFORMATION, *PSYSTEM_PHYSICAL_MEMORY_INFORMATION; + +// private +typedef enum _SYSTEM_ACTIVITY_MODERATION_STATE +{ + SystemActivityModerationStateSystemManaged, + SystemActivityModerationStateUserManagedAllowThrottling, + SystemActivityModerationStateUserManagedDisableThrottling, + MaxSystemActivityModerationState +} SYSTEM_ACTIVITY_MODERATION_STATE; + +// private - REDSTONE2 +typedef struct _SYSTEM_ACTIVITY_MODERATION_EXE_STATE // REDSTONE3: Renamed SYSTEM_ACTIVITY_MODERATION_INFO +{ + UNICODE_STRING ExePathNt; + SYSTEM_ACTIVITY_MODERATION_STATE ModerationState; +} SYSTEM_ACTIVITY_MODERATION_EXE_STATE, *PSYSTEM_ACTIVITY_MODERATION_EXE_STATE; + +typedef enum _SYSTEM_ACTIVITY_MODERATION_APP_TYPE +{ + SystemActivityModerationAppTypeClassic, + SystemActivityModerationAppTypePackaged, + MaxSystemActivityModerationAppType +} SYSTEM_ACTIVITY_MODERATION_APP_TYPE; + +// private - REDSTONE3 +typedef struct _SYSTEM_ACTIVITY_MODERATION_INFO +{ + UNICODE_STRING Identifier; + SYSTEM_ACTIVITY_MODERATION_STATE ModerationState; + SYSTEM_ACTIVITY_MODERATION_APP_TYPE AppType; +} SYSTEM_ACTIVITY_MODERATION_INFO, *PSYSTEM_ACTIVITY_MODERATION_INFO; + +// private +typedef struct _SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS +{ + HANDLE UserKeyHandle; +} SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS, *PSYSTEM_ACTIVITY_MODERATION_USER_SETTINGS; + +// private +typedef struct _SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION +{ + union + { + ULONG Flags; + struct + { + ULONG Locked : 1; + ULONG UnlockApplied : 1; // Unlockable field removed 19H1 + ULONG UnlockIdValid : 1; + ULONG Reserved : 29; + }; + }; + UCHAR UnlockId[32]; // REDSTONE4 +} SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION, *PSYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION; + +// private +typedef struct _SYSTEM_FLUSH_INFORMATION +{ + ULONG SupportedFlushMethods; + ULONG ProcessorCacheFlushSize; + ULONGLONG SystemFlushCapabilities; + ULONGLONG Reserved[2]; +} SYSTEM_FLUSH_INFORMATION, *PSYSTEM_FLUSH_INFORMATION; + +// private +typedef struct _SYSTEM_WRITE_CONSTRAINT_INFORMATION +{ + ULONG WriteConstraintPolicy; + ULONG Reserved; +} SYSTEM_WRITE_CONSTRAINT_INFORMATION, *PSYSTEM_WRITE_CONSTRAINT_INFORMATION; + +// private +typedef struct _SYSTEM_KERNEL_VA_SHADOW_INFORMATION +{ + union + { + ULONG KvaShadowFlags; + struct + { + ULONG KvaShadowEnabled : 1; + ULONG KvaShadowUserGlobal : 1; + ULONG KvaShadowPcid : 1; + ULONG KvaShadowInvpcid : 1; + ULONG KvaShadowRequired : 1; // REDSTONE4 + ULONG KvaShadowRequiredAvailable : 1; + ULONG InvalidPteBit : 6; + ULONG L1DataCacheFlushSupported : 1; + ULONG L1TerminalFaultMitigationPresent : 1; + ULONG Reserved : 18; + }; + }; +} SYSTEM_KERNEL_VA_SHADOW_INFORMATION, *PSYSTEM_KERNEL_VA_SHADOW_INFORMATION; + +// private +typedef struct _SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION +{ + HANDLE FileHandle; + ULONG ImageSize; + PVOID Image; +} SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION, *PSYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION; + +// private +typedef struct _SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION +{ + PVOID HypervisorSharedUserVa; +} SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION, *PSYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION; + +// private +typedef struct _SYSTEM_FIRMWARE_PARTITION_INFORMATION +{ + UNICODE_STRING FirmwarePartition; +} SYSTEM_FIRMWARE_PARTITION_INFORMATION, *PSYSTEM_FIRMWARE_PARTITION_INFORMATION; + +// private +typedef struct _SYSTEM_SPECULATION_CONTROL_INFORMATION +{ + union + { + ULONG Flags; + struct + { + ULONG BpbEnabled : 1; + ULONG BpbDisabledSystemPolicy : 1; + ULONG BpbDisabledNoHardwareSupport : 1; + ULONG SpecCtrlEnumerated : 1; + ULONG SpecCmdEnumerated : 1; + ULONG IbrsPresent : 1; + ULONG StibpPresent : 1; + ULONG SmepPresent : 1; + ULONG SpeculativeStoreBypassDisableAvailable : 1; // REDSTONE4 (CVE-2018-3639) + ULONG SpeculativeStoreBypassDisableSupported : 1; + ULONG SpeculativeStoreBypassDisabledSystemWide : 1; + ULONG SpeculativeStoreBypassDisabledKernel : 1; + ULONG SpeculativeStoreBypassDisableRequired : 1; + ULONG BpbDisabledKernelToUser : 1; + ULONG SpecCtrlRetpolineEnabled : 1; + ULONG SpecCtrlImportOptimizationEnabled : 1; + ULONG EnhancedIbrs : 1; // since 19H1 + ULONG HvL1tfStatusAvailable : 1; + ULONG HvL1tfProcessorNotAffected : 1; + ULONG HvL1tfMigitationEnabled : 1; + ULONG HvL1tfMigitationNotEnabled_Hardware : 1; + ULONG HvL1tfMigitationNotEnabled_LoadOption : 1; + ULONG HvL1tfMigitationNotEnabled_CoreScheduler : 1; + ULONG EnhancedIbrsReported : 1; + ULONG MdsHardwareProtected : 1; // since 19H2 + ULONG MbClearEnabled : 1; + ULONG MbClearReported : 1; + ULONG ReservedTaa : 4; + ULONG Reserved : 1; + }; + } SpeculationControlFlags; + union + { + ULONG Flags; // Since KB4074629 (2023) + struct + { + ULONG Reserved1 : 5; + ULONG BhbEnabled : 1; + ULONG BhbDisabledSystemPolicy : 1; + ULONG BhbDisabledNoHardwareSupport : 1; + ULONG Reserved2 : 3; + ULONG RdclHardwareProtectedReported : 1; + ULONG RdclHardwareProtected : 1; + ULONG Reserved3 : 4; + ULONG Reserved4 : 3; + ULONG Reserved : 12; + }; + } SpeculationControlFlags2; +} SYSTEM_SPECULATION_CONTROL_INFORMATION, *PSYSTEM_SPECULATION_CONTROL_INFORMATION; + +// private +typedef struct _SYSTEM_DMA_GUARD_POLICY_INFORMATION +{ + BOOLEAN DmaGuardPolicyEnabled; +} SYSTEM_DMA_GUARD_POLICY_INFORMATION, *PSYSTEM_DMA_GUARD_POLICY_INFORMATION; + +// private +typedef struct _SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION +{ + UCHAR EnclaveLaunchSigner[32]; +} SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION, *PSYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION; + +// private +typedef struct _SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION +{ + ULONGLONG WorkloadClass; + ULONGLONG CpuSets[1]; +} SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION, *PSYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION; + +// private +typedef struct _SYSTEM_SECURITY_MODEL_INFORMATION +{ + union + { + ULONG SecurityModelFlags; + struct + { + ULONG SModeAdminlessEnabled : 1; + ULONG AllowDeviceOwnerProtectionDowngrade : 1; + ULONG Reserved : 30; + }; + }; +} SYSTEM_SECURITY_MODEL_INFORMATION, *PSYSTEM_SECURITY_MODEL_INFORMATION; + +typedef struct _RTL_FEATURE_CONFIGURATION *PRTL_FEATURE_CONFIGURATION; // from ntrtl.h + +// private +typedef struct _SYSTEM_FEATURE_CONFIGURATION_INFORMATION +{ + ULONGLONG ChangeStamp; + PRTL_FEATURE_CONFIGURATION Configuration; +} SYSTEM_FEATURE_CONFIGURATION_INFORMATION, *PSYSTEM_FEATURE_CONFIGURATION_INFORMATION; + +// private +typedef struct _SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY +{ + ULONGLONG ChangeStamp; + PVOID Section; + ULONGLONG Size; +} SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY, *PSYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY; + +// private +typedef struct _SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION +{ + ULONGLONG OverallChangeStamp; + SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY Descriptors[3]; +} SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION, *PSYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION; + +// private +typedef struct _RTL_FEATURE_USAGE_SUBSCRIPTION_TARGET +{ + ULONG Data[2]; +} RTL_FEATURE_USAGE_SUBSCRIPTION_TARGET, *PRTL_FEATURE_USAGE_SUBSCRIPTION_TARGET; + +// private +typedef struct _SYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS +{ + ULONG FeatureId; + USHORT ReportingKind; + USHORT ReportingOptions; + RTL_FEATURE_USAGE_SUBSCRIPTION_TARGET ReportingTarget; +} SYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS, *PSYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS; + +// private +typedef union _SECURE_SPECULATION_CONTROL_INFORMATION +{ + ULONG KvaShadowSupported : 1; + ULONG KvaShadowEnabled : 1; + ULONG KvaShadowUserGlobal : 1; + ULONG KvaShadowPcid : 1; + ULONG MbClearEnabled : 1; + ULONG L1TFMitigated : 1; // since 20H2 + ULONG BpbEnabled : 1; + ULONG IbrsPresent : 1; + ULONG EnhancedIbrs : 1; + ULONG StibpPresent : 1; + ULONG SsbdSupported : 1; + ULONG SsbdRequired : 1; + ULONG BpbKernelToUser : 1; + ULONG BpbUserToKernel : 1; + ULONG ReturnSpeculate : 1; + ULONG BranchConfusionSafe : 1; + ULONG Reserved : 16; +} SECURE_SPECULATION_CONTROL_INFORMATION, *PSECURE_SPECULATION_CONTROL_INFORMATION; + +// private +typedef struct _SYSTEM_FIRMWARE_RAMDISK_INFORMATION +{ + ULONG Version; + ULONG BlockSize; + ULONG_PTR BaseAddress; + SIZE_T Size; +} SYSTEM_FIRMWARE_RAMDISK_INFORMATION, *PSYSTEM_FIRMWARE_RAMDISK_INFORMATION; + +// private +typedef struct _SYSTEM_SHADOW_STACK_INFORMATION +{ + union + { + ULONG Flags; + struct + { + ULONG CetCapable : 1; + ULONG UserCetAllowed : 1; + ULONG ReservedForUserCet : 6; + ULONG KernelCetEnabled : 1; + ULONG KernelCetAuditModeEnabled : 1; + ULONG ReservedForKernelCet : 6; // since Windows 10 build 21387 + ULONG Reserved : 16; + }; + }; +} SYSTEM_SHADOW_STACK_INFORMATION, *PSYSTEM_SHADOW_STACK_INFORMATION; + +// private +typedef union _SYSTEM_BUILD_VERSION_INFORMATION_FLAGS +{ + ULONG Value32; + struct + { + ULONG IsTopLevel : 1; + ULONG IsChecked : 1; + }; +} SYSTEM_BUILD_VERSION_INFORMATION_FLAGS, *PSYSTEM_BUILD_VERSION_INFORMATION_FLAGS; + +// private +typedef struct _SYSTEM_BUILD_VERSION_INFORMATION +{ + USHORT LayerNumber; + USHORT LayerCount; + ULONG OsMajorVersion; + ULONG OsMinorVersion; + ULONG NtBuildNumber; + ULONG NtBuildQfe; + UCHAR LayerName[128]; + UCHAR NtBuildBranch[128]; + UCHAR NtBuildLab[128]; + UCHAR NtBuildLabEx[128]; + UCHAR NtBuildStamp[26]; + UCHAR NtBuildArch[16]; + SYSTEM_BUILD_VERSION_INFORMATION_FLAGS Flags; +} SYSTEM_BUILD_VERSION_INFORMATION, *PSYSTEM_BUILD_VERSION_INFORMATION; + +// private +typedef struct _SYSTEM_POOL_LIMIT_MEM_INFO +{ + ULONGLONG MemoryLimit; + ULONGLONG NotificationLimit; +} SYSTEM_POOL_LIMIT_MEM_INFO, *PSYSTEM_POOL_LIMIT_MEM_INFO; + +// private +typedef struct _SYSTEM_POOL_LIMIT_INFO +{ + ULONG PoolTag; + SYSTEM_POOL_LIMIT_MEM_INFO MemLimits[2]; + WNF_STATE_NAME NotificationHandle; +} SYSTEM_POOL_LIMIT_INFO, *PSYSTEM_POOL_LIMIT_INFO; + +// private +typedef struct _SYSTEM_POOL_LIMIT_INFORMATION +{ + ULONG Version; + ULONG EntryCount; + _Field_size_(EntryCount) SYSTEM_POOL_LIMIT_INFO LimitEntries[1]; +} SYSTEM_POOL_LIMIT_INFORMATION, *PSYSTEM_POOL_LIMIT_INFORMATION; + +// private +//typedef struct _SYSTEM_POOL_ZEROING_INFORMATION +//{ +// BOOLEAN PoolZeroingSupportPresent; +//} SYSTEM_POOL_ZEROING_INFORMATION, *PSYSTEM_POOL_ZEROING_INFORMATION; + +// private +typedef struct _HV_MINROOT_NUMA_LPS +{ + ULONG NodeIndex; + ULONG_PTR Mask[16]; +} HV_MINROOT_NUMA_LPS, *PHV_MINROOT_NUMA_LPS; + +// private +typedef struct _SYSTEM_XFG_FAILURE_INFORMATION +{ + PVOID ReturnAddress; + PVOID TargetAddress; + ULONG DispatchMode; + ULONGLONG XfgValue; +} SYSTEM_XFG_FAILURE_INFORMATION, *PSYSTEM_XFG_FAILURE_INFORMATION; + +// private +typedef enum _SYSTEM_IOMMU_STATE +{ + IommuStateBlock, + IommuStateUnblock +} SYSTEM_IOMMU_STATE; + +// private +typedef struct _SYSTEM_IOMMU_STATE_INFORMATION +{ + SYSTEM_IOMMU_STATE State; + PVOID Pdo; +} SYSTEM_IOMMU_STATE_INFORMATION, *PSYSTEM_IOMMU_STATE_INFORMATION; + +// private +typedef struct _SYSTEM_HYPERVISOR_MINROOT_INFORMATION +{ + ULONG NumProc; + ULONG RootProc; + ULONG RootProcNumaNodesSpecified; + USHORT RootProcNumaNodes[64]; + ULONG RootProcPerCore; + ULONG RootProcPerNode; + ULONG RootProcNumaNodesLpsSpecified; + HV_MINROOT_NUMA_LPS RootProcNumaNodeLps[64]; +} SYSTEM_HYPERVISOR_MINROOT_INFORMATION, *PSYSTEM_HYPERVISOR_MINROOT_INFORMATION; + +// private +typedef struct _SYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION +{ + ULONG RangeCount; + ULONG_PTR RangeArray[1]; +} SYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION, *PSYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION; + +// private +typedef struct _SYSTEM_POINTER_AUTH_INFORMATION +{ + union + { + USHORT SupportedFlags; + struct + { + USHORT AddressAuthSupported : 1; + USHORT AddressAuthQarma : 1; + USHORT GenericAuthSupported : 1; + USHORT GenericAuthQarma : 1; + USHORT SupportedReserved : 12; + }; + }; + union + { + USHORT EnabledFlags; + struct + { + USHORT UserPerProcessIpAuthEnabled : 1; + USHORT UserGlobalIpAuthEnabled : 1; + USHORT UserEnabledReserved : 6; + USHORT KernelIpAuthEnabled : 1; + USHORT KernelEnabledReserved : 7; + }; + }; +} SYSTEM_POINTER_AUTH_INFORMATION, *PSYSTEM_POINTER_AUTH_INFORMATION; + +// private +typedef struct _SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT +{ + ULONG Version; + PWSTR FeatureName; + ULONG BornOnVersion; +} SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT, *PSYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT; + +// private +typedef struct _SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT +{ + ULONG Version; + BOOLEAN FeatureIsEnabled; +} SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT, *PSYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQuerySystemInformation( + _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, + _Out_writes_bytes_opt_(SystemInformationLength) PVOID SystemInformation, + _In_ ULONG SystemInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQuerySystemInformationEx( + _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, + _In_reads_bytes_(InputBufferLength) PVOID InputBuffer, + _In_ ULONG InputBufferLength, + _Out_writes_bytes_opt_(SystemInformationLength) PVOID SystemInformation, + _In_ ULONG SystemInformationLength, + _Out_opt_ PULONG ReturnLength + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetSystemInformation( + _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, + _In_reads_bytes_opt_(SystemInformationLength) PVOID SystemInformation, + _In_ ULONG SystemInformationLength + ); + +// SysDbg APIs + +// private +typedef enum _SYSDBG_COMMAND +{ + SysDbgQueryModuleInformation, + SysDbgQueryTraceInformation, + SysDbgSetTracepoint, + SysDbgSetSpecialCall, // PVOID + SysDbgClearSpecialCalls, // void + SysDbgQuerySpecialCalls, + SysDbgBreakPoint, + SysDbgQueryVersion, // DBGKD_GET_VERSION64 + SysDbgReadVirtual, // SYSDBG_VIRTUAL + SysDbgWriteVirtual, // SYSDBG_VIRTUAL + SysDbgReadPhysical, // SYSDBG_PHYSICAL // 10 + SysDbgWritePhysical, // SYSDBG_PHYSICAL + SysDbgReadControlSpace, // SYSDBG_CONTROL_SPACE + SysDbgWriteControlSpace, // SYSDBG_CONTROL_SPACE + SysDbgReadIoSpace, // SYSDBG_IO_SPACE + SysDbgWriteIoSpace, // SYSDBG_IO_SPACE + SysDbgReadMsr, // SYSDBG_MSR + SysDbgWriteMsr, // SYSDBG_MSR + SysDbgReadBusData, // SYSDBG_BUS_DATA + SysDbgWriteBusData, // SYSDBG_BUS_DATA + SysDbgCheckLowMemory, // 20 + SysDbgEnableKernelDebugger, + SysDbgDisableKernelDebugger, + SysDbgGetAutoKdEnable, + SysDbgSetAutoKdEnable, + SysDbgGetPrintBufferSize, + SysDbgSetPrintBufferSize, + SysDbgGetKdUmExceptionEnable, + SysDbgSetKdUmExceptionEnable, + SysDbgGetTriageDump, // SYSDBG_TRIAGE_DUMP + SysDbgGetKdBlockEnable, // 30 + SysDbgSetKdBlockEnable, + SysDbgRegisterForUmBreakInfo, + SysDbgGetUmBreakPid, + SysDbgClearUmBreakPid, + SysDbgGetUmAttachPid, + SysDbgClearUmAttachPid, + SysDbgGetLiveKernelDump, // SYSDBG_LIVEDUMP_CONTROL + SysDbgKdPullRemoteFile, // SYSDBG_KD_PULL_REMOTE_FILE + SysDbgMaxInfoClass +} SYSDBG_COMMAND, *PSYSDBG_COMMAND; + +typedef struct _SYSDBG_VIRTUAL +{ + PVOID Address; + PVOID Buffer; + ULONG Request; +} SYSDBG_VIRTUAL, *PSYSDBG_VIRTUAL; + +typedef struct _SYSDBG_PHYSICAL +{ + PHYSICAL_ADDRESS Address; + PVOID Buffer; + ULONG Request; +} SYSDBG_PHYSICAL, *PSYSDBG_PHYSICAL; + +typedef struct _SYSDBG_CONTROL_SPACE +{ + ULONG64 Address; + PVOID Buffer; + ULONG Request; + ULONG Processor; +} SYSDBG_CONTROL_SPACE, *PSYSDBG_CONTROL_SPACE; + +enum _INTERFACE_TYPE; + +typedef struct _SYSDBG_IO_SPACE +{ + ULONG64 Address; + PVOID Buffer; + ULONG Request; + enum _INTERFACE_TYPE InterfaceType; + ULONG BusNumber; + ULONG AddressSpace; +} SYSDBG_IO_SPACE, *PSYSDBG_IO_SPACE; + +typedef struct _SYSDBG_MSR +{ + ULONG Msr; + ULONG64 Data; +} SYSDBG_MSR, *PSYSDBG_MSR; + +enum _BUS_DATA_TYPE; + +typedef struct _SYSDBG_BUS_DATA +{ + ULONG Address; + PVOID Buffer; + ULONG Request; + enum _BUS_DATA_TYPE BusDataType; + ULONG BusNumber; + ULONG SlotNumber; +} SYSDBG_BUS_DATA, *PSYSDBG_BUS_DATA; + +// private +typedef struct _SYSDBG_TRIAGE_DUMP +{ + ULONG Flags; + ULONG BugCheckCode; + ULONG_PTR BugCheckParam1; + ULONG_PTR BugCheckParam2; + ULONG_PTR BugCheckParam3; + ULONG_PTR BugCheckParam4; + ULONG ProcessHandles; + ULONG ThreadHandles; + PHANDLE Handles; +} SYSDBG_TRIAGE_DUMP, *PSYSDBG_TRIAGE_DUMP; + +// private +typedef union _SYSDBG_LIVEDUMP_CONTROL_FLAGS +{ + struct + { + ULONG UseDumpStorageStack : 1; + ULONG CompressMemoryPagesData : 1; + ULONG IncludeUserSpaceMemoryPages : 1; + ULONG AbortIfMemoryPressure : 1; // REDSTONE4 + ULONG SelectiveDump : 1; // WIN11 + ULONG Reserved : 27; + }; + ULONG AsUlong; +} SYSDBG_LIVEDUMP_CONTROL_FLAGS, *PSYSDBG_LIVEDUMP_CONTROL_FLAGS; + +// private +typedef union _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES +{ + struct + { + ULONG HypervisorPages : 1; + ULONG NonEssentialHypervisorPages : 1; // since WIN11 + ULONG Reserved : 30; + }; + ULONG AsUlong; +} SYSDBG_LIVEDUMP_CONTROL_ADDPAGES, *PSYSDBG_LIVEDUMP_CONTROL_ADDPAGES; + +#define SYSDBG_LIVEDUMP_SELECTIVE_CONTROL_VERSION 1 + +// rev +typedef struct _SYSDBG_LIVEDUMP_SELECTIVE_CONTROL +{ + ULONG Version; + ULONG Size; + union + { + ULONGLONG Flags; + struct + { + ULONGLONG ThreadKernelStacks : 1; + ULONGLONG ReservedFlags : 63; + }; + }; + ULONGLONG Reserved[4]; +} SYSDBG_LIVEDUMP_SELECTIVE_CONTROL, *PSYSDBG_LIVEDUMP_SELECTIVE_CONTROL; + +#define SYSDBG_LIVEDUMP_CONTROL_VERSION_1 1 +#define SYSDBG_LIVEDUMP_CONTROL_VERSION_2 2 +#define SYSDBG_LIVEDUMP_CONTROL_VERSION SYSDBG_LIVEDUMP_CONTROL_VERSION_2 + +// private +typedef struct _SYSDBG_LIVEDUMP_CONTROL +{ + ULONG Version; + ULONG BugCheckCode; + ULONG_PTR BugCheckParam1; + ULONG_PTR BugCheckParam2; + ULONG_PTR BugCheckParam3; + ULONG_PTR BugCheckParam4; + HANDLE DumpFileHandle; + HANDLE CancelEventHandle; + SYSDBG_LIVEDUMP_CONTROL_FLAGS Flags; + SYSDBG_LIVEDUMP_CONTROL_ADDPAGES AddPagesControl; + PSYSDBG_LIVEDUMP_SELECTIVE_CONTROL SelectiveControl; // since WIN11 +} SYSDBG_LIVEDUMP_CONTROL, *PSYSDBG_LIVEDUMP_CONTROL; + +// private +typedef struct _SYSDBG_KD_PULL_REMOTE_FILE +{ + UNICODE_STRING ImageFileName; +} SYSDBG_KD_PULL_REMOTE_FILE, *PSYSDBG_KD_PULL_REMOTE_FILE; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSystemDebugControl( + _In_ SYSDBG_COMMAND Command, + _Inout_updates_bytes_opt_(InputBufferLength) PVOID InputBuffer, + _In_ ULONG InputBufferLength, + _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, + _In_ ULONG OutputBufferLength, + _Out_opt_ PULONG ReturnLength + ); + +// Hard errors + +typedef enum _HARDERROR_RESPONSE_OPTION +{ + OptionAbortRetryIgnore, + OptionOk, + OptionOkCancel, + OptionRetryCancel, + OptionYesNo, + OptionYesNoCancel, + OptionShutdownSystem, + OptionOkNoWait, + OptionCancelTryContinue +} HARDERROR_RESPONSE_OPTION; + +typedef enum _HARDERROR_RESPONSE +{ + ResponseReturnToCaller, + ResponseNotHandled, + ResponseAbort, + ResponseCancel, + ResponseIgnore, + ResponseNo, + ResponseOk, + ResponseRetry, + ResponseYes, + ResponseTryAgain, + ResponseContinue +} HARDERROR_RESPONSE; + +#define HARDERROR_OVERRIDE_ERRORMODE 0x10000000 + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRaiseHardError( + _In_ NTSTATUS ErrorStatus, + _In_ ULONG NumberOfParameters, + _In_ ULONG UnicodeStringParameterMask, + _In_reads_(NumberOfParameters) PULONG_PTR Parameters, + _In_ ULONG ValidResponseOptions, + _Out_ PULONG Response + ); + +// +// Kernel-user shared data +// + +typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE +{ + StandardDesign, + NEC98x86, + EndAlternatives +} ALTERNATIVE_ARCHITECTURE_TYPE; + +#define PROCESSOR_FEATURE_MAX 64 + +#define MAX_WOW64_SHARED_ENTRIES 16 + +// +// Define NX support policy values. +// + +#define NX_SUPPORT_POLICY_ALWAYSOFF 0 +#define NX_SUPPORT_POLICY_ALWAYSON 1 +#define NX_SUPPORT_POLICY_OPTIN 2 +#define NX_SUPPORT_POLICY_OPTOUT 3 + +// +// SEH chain validation policies. +// + +#define SEH_VALIDATION_POLICY_ON 0 +#define SEH_VALIDATION_POLICY_OFF 1 +#define SEH_VALIDATION_POLICY_TELEMETRY 2 +#define SEH_VALIDATION_POLICY_DEFER 3 + +// +// Global shared data flags and manipulation macros. +// + +#define SHARED_GLOBAL_FLAGS_ERROR_PORT_V 0x0 +#define SHARED_GLOBAL_FLAGS_ERROR_PORT \ + (1UL << SHARED_GLOBAL_FLAGS_ERROR_PORT_V) + +#define SHARED_GLOBAL_FLAGS_ELEVATION_ENABLED_V 0x1 +#define SHARED_GLOBAL_FLAGS_ELEVATION_ENABLED \ + (1UL << SHARED_GLOBAL_FLAGS_ELEVATION_ENABLED_V) + +#define SHARED_GLOBAL_FLAGS_VIRT_ENABLED_V 0x2 +#define SHARED_GLOBAL_FLAGS_VIRT_ENABLED \ + (1UL << SHARED_GLOBAL_FLAGS_VIRT_ENABLED_V) + +#define SHARED_GLOBAL_FLAGS_INSTALLER_DETECT_ENABLED_V 0x3 +#define SHARED_GLOBAL_FLAGS_INSTALLER_DETECT_ENABLED \ + (1UL << SHARED_GLOBAL_FLAGS_INSTALLER_DETECT_ENABLED_V) + +#define SHARED_GLOBAL_FLAGS_LKG_ENABLED_V 0x4 +#define SHARED_GLOBAL_FLAGS_LKG_ENABLED \ + (1UL << SHARED_GLOBAL_FLAGS_LKG_ENABLED_V) + +#define SHARED_GLOBAL_FLAGS_DYNAMIC_PROC_ENABLED_V 0x5 +#define SHARED_GLOBAL_FLAGS_DYNAMIC_PROC_ENABLED \ + (1UL << SHARED_GLOBAL_FLAGS_DYNAMIC_PROC_ENABLED_V) + +#define SHARED_GLOBAL_FLAGS_CONSOLE_BROKER_ENABLED_V 0x6 +#define SHARED_GLOBAL_FLAGS_CONSOLE_BROKER_ENABLED \ + (1UL << SHARED_GLOBAL_FLAGS_CONSOLE_BROKER_ENABLED_V) + +#define SHARED_GLOBAL_FLAGS_SECURE_BOOT_ENABLED_V 0x7 +#define SHARED_GLOBAL_FLAGS_SECURE_BOOT_ENABLED \ + (1UL << SHARED_GLOBAL_FLAGS_SECURE_BOOT_ENABLED_V) + +#define SHARED_GLOBAL_FLAGS_MULTI_SESSION_SKU_V 0x8 +#define SHARED_GLOBAL_FLAGS_MULTI_SESSION_SKU \ + (1UL << SHARED_GLOBAL_FLAGS_MULTI_SESSION_SKU_V) + +#define SHARED_GLOBAL_FLAGS_MULTIUSERS_IN_SESSION_SKU_V 0x9 +#define SHARED_GLOBAL_FLAGS_MULTIUSERS_IN_SESSION_SKU \ + (1UL << SHARED_GLOBAL_FLAGS_MULTIUSERS_IN_SESSION_SKU_V) + +#define SHARED_GLOBAL_FLAGS_STATE_SEPARATION_ENABLED_V 0xA +#define SHARED_GLOBAL_FLAGS_STATE_SEPARATION_ENABLED \ + (1UL << SHARED_GLOBAL_FLAGS_STATE_SEPARATION_ENABLED_V) + +#define SHARED_GLOBAL_FLAGS_SET_GLOBAL_DATA_FLAG 0x40000000 +#define SHARED_GLOBAL_FLAGS_CLEAR_GLOBAL_DATA_FLAG 0x80000000 + +// +// Define legal values for the SystemCall member. +// + +#define SYSTEM_CALL_SYSCALL 0 +#define SYSTEM_CALL_INT_2E 1 + +// +// Define flags for QPC bypass information. None of these flags may be set +// unless bypass is enabled. This is for compat with existing code which +// compares this value to zero to detect bypass enablement. +// + +#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_ENABLED (0x01) +#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_HV_PAGE (0x02) +#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_DISABLE_32BIT (0x04) +#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_MFENCE (0x10) +#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_LFENCE (0x20) +#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_A73_ERRATA (0x40) +#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_RDTSCP (0x80) + + +typedef struct _KUSER_SHARED_DATA +{ + // + // Current low 32-bit of tick count and tick count multiplier. + // + // N.B. The tick count is updated each time the clock ticks. + // + + ULONG TickCountLowDeprecated; + ULONG TickCountMultiplier; + + // + // Current 64-bit interrupt time in 100ns units. + // + + volatile KSYSTEM_TIME InterruptTime; + + // + // Current 64-bit system time in 100ns units. + // + + volatile KSYSTEM_TIME SystemTime; + + // + // Current 64-bit time zone bias. + // + + volatile KSYSTEM_TIME TimeZoneBias; + + // + // Support image magic number range for the host system. + // + // N.B. This is an inclusive range. + // + + USHORT ImageNumberLow; + USHORT ImageNumberHigh; + + // + // Copy of system root in unicode. + // + // N.B. This field must be accessed via the RtlGetNtSystemRoot API for + // an accurate result. + // + + WCHAR NtSystemRoot[260]; + + // + // Maximum stack trace depth if tracing enabled. + // + + ULONG MaxStackTraceDepth; + + // + // Crypto exponent value. + // + + ULONG CryptoExponent; + + // + // Time zone ID. + // + + ULONG TimeZoneId; + ULONG LargePageMinimum; + + // + // This value controls the AIT Sampling rate. + // + + ULONG AitSamplingValue; + + // + // This value controls switchback processing. + // + + ULONG AppCompatFlag; + + // + // Current Kernel Root RNG state seed version + // + + ULONGLONG RNGSeedVersion; + + // + // This value controls assertion failure handling. + // + + ULONG GlobalValidationRunlevel; + + volatile LONG TimeZoneBiasStamp; + + // + // The shared collective build number undecorated with C or F. + // GetVersionEx hides the real number + // + + ULONG NtBuildNumber; + + // + // Product type. + // + // N.B. This field must be accessed via the RtlGetNtProductType API for + // an accurate result. + // + + NT_PRODUCT_TYPE NtProductType; + BOOLEAN ProductTypeIsValid; + BOOLEAN Reserved0[1]; + USHORT NativeProcessorArchitecture; + + // + // The NT Version. + // + // N. B. Note that each process sees a version from its PEB, but if the + // process is running with an altered view of the system version, + // the following two fields are used to correctly identify the + // version + // + + ULONG NtMajorVersion; + ULONG NtMinorVersion; + + // + // Processor features. + // + + BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; + + // + // Reserved fields - do not use. + // + + ULONG Reserved1; + ULONG Reserved3; + + // + // Time slippage while in debugger. + // + + volatile ULONG TimeSlip; + + // + // Alternative system architecture, e.g., NEC PC98xx on x86. + // + + ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; + + // + // Boot sequence, incremented for each boot attempt by the OS loader. + // + + ULONG BootId; + + // + // If the system is an evaluation unit, the following field contains the + // date and time that the evaluation unit expires. A value of 0 indicates + // that there is no expiration. A non-zero value is the UTC absolute time + // that the system expires. + // + + LARGE_INTEGER SystemExpirationDate; + + // + // Suite support. + // + // N.B. This field must be accessed via the RtlGetSuiteMask API for + // an accurate result. + // + + ULONG SuiteMask; + + // + // TRUE if a kernel debugger is connected/enabled. + // + + BOOLEAN KdDebuggerEnabled; + + // + // Mitigation policies. + // + + union + { + UCHAR MitigationPolicies; + struct + { + UCHAR NXSupportPolicy : 2; + UCHAR SEHValidationPolicy : 2; + UCHAR CurDirDevicesSkippedForDlls : 2; + UCHAR Reserved : 2; + }; + }; + + // + // Measured duration of a single processor yield, in cycles. This is used by + // lock packages to determine how many times to spin waiting for a state + // change before blocking. + // + + USHORT CyclesPerYield; + + // + // Current console session Id. Always zero on non-TS systems. + // + // N.B. This field must be accessed via the RtlGetActiveConsoleId API for an + // accurate result. + // + + volatile ULONG ActiveConsoleId; + + // + // Force-dismounts cause handles to become invalid. Rather than always + // probe handles, a serial number of dismounts is maintained that clients + // can use to see if they need to probe handles. + // + + volatile ULONG DismountCount; + + // + // This field indicates the status of the 64-bit COM+ package on the + // system. It indicates whether the Itermediate Language (IL) COM+ + // images need to use the 64-bit COM+ runtime or the 32-bit COM+ runtime. + // + + ULONG ComPlusPackage; + + // + // Time in tick count for system-wide last user input across all terminal + // sessions. For MP performance, it is not updated all the time (e.g. once + // a minute per session). It is used for idle detection. + // + + ULONG LastSystemRITEventTickCount; + + // + // Number of physical pages in the system. This can dynamically change as + // physical memory can be added or removed from a running system. + // + + ULONG NumberOfPhysicalPages; + + // + // True if the system was booted in safe boot mode. + // + + BOOLEAN SafeBootMode; + + // + // Virtualization flags. + // + + union + { + UCHAR VirtualizationFlags; + +#if defined(_ARM64_) + + // + // N.B. Keep this bitfield in sync with the one in arc.w. + // + + struct + { + UCHAR ArchStartedInEl2 : 1; + UCHAR QcSlIsSupported : 1; + UCHAR : 6; + }; + +#endif + + }; + + // + // Reserved (available for reuse). + // + + UCHAR Reserved12[2]; + + // + // This is a packed bitfield that contains various flags concerning + // the system state. They must be manipulated using interlocked + // operations. + // + // N.B. DbgMultiSessionSku must be accessed via the RtlIsMultiSessionSku + // API for an accurate result + // + + union + { + ULONG SharedDataFlags; + struct + { + // + // The following bit fields are for the debugger only. Do not use. + // Use the bit definitions instead. + // + + ULONG DbgErrorPortPresent : 1; + ULONG DbgElevationEnabled : 1; + ULONG DbgVirtEnabled : 1; + ULONG DbgInstallerDetectEnabled : 1; + ULONG DbgLkgEnabled : 1; + ULONG DbgDynProcessorEnabled : 1; + ULONG DbgConsoleBrokerEnabled : 1; + ULONG DbgSecureBootEnabled : 1; + ULONG DbgMultiSessionSku : 1; + ULONG DbgMultiUsersInSessionSku : 1; + ULONG DbgStateSeparationEnabled : 1; + ULONG SpareBits : 21; + } DUMMYSTRUCTNAME2; + } DUMMYUNIONNAME2; + + ULONG DataFlagsPad[1]; + + // + // Depending on the processor, the code for fast system call will differ, + // Stub code is provided pointers below to access the appropriate code. + // + // N.B. The following field is only used on 32-bit systems. + // + + ULONGLONG TestRetInstruction; + LONGLONG QpcFrequency; + + // + // On AMD64, this value is initialized to a nonzero value if the system + // operates with an altered view of the system service call mechanism. + // + + ULONG SystemCall; + + // + // Reserved field - do not use. Used to be UserCetAvailableEnvironments. + // + + ULONG Reserved2; + + // + // Reserved, available for reuse. + // + + ULONGLONG SystemCallPad[2]; + + // + // The 64-bit tick count. + // + + union + { + volatile KSYSTEM_TIME TickCount; + volatile ULONG64 TickCountQuad; + struct + { + ULONG ReservedTickCountOverlay[3]; + ULONG TickCountPad[1]; + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME3; + + // + // Cookie for encoding pointers system wide. + // + + ULONG Cookie; + ULONG CookiePad[1]; + + // + // Client id of the process having the focus in the current + // active console session id. + // + // N.B. This field must be accessed via the + // RtlGetConsoleSessionForegroundProcessId API for an accurate result. + // + + LONGLONG ConsoleSessionForegroundProcessId; + + // + // N.B. The following data is used to implement the precise time + // services. It is aligned on a 64-byte cache-line boundary and + // arranged in the order of typical accesses. + // + // Placeholder for the (internal) time update lock. + // + + ULONGLONG TimeUpdateLock; + + // + // The performance counter value used to establish the current system time. + // + + ULONGLONG BaselineSystemTimeQpc; + + // + // The performance counter value used to compute the last interrupt time. + // + + ULONGLONG BaselineInterruptTimeQpc; + + // + // The scaled number of system time seconds represented by a single + // performance count (this value may vary to achieve time synchronization). + // + + ULONGLONG QpcSystemTimeIncrement; + + // + // The scaled number of interrupt time seconds represented by a single + // performance count (this value is constant after the system is booted). + // + + ULONGLONG QpcInterruptTimeIncrement; + + // + // The scaling shift count applied to the performance counter system time + // increment. + // + + UCHAR QpcSystemTimeIncrementShift; + + // + // The scaling shift count applied to the performance counter interrupt time + // increment. + // + + UCHAR QpcInterruptTimeIncrementShift; + + // + // The count of unparked processors. + // + + USHORT UnparkedProcessorCount; + + // + // A bitmask of enclave features supported on this system. + // + // N.B. This field must be accessed via the RtlIsEnclaveFeaturePresent API for an + // accurate result. + // + + ULONG EnclaveFeatureMask[4]; + + // + // Current coverage round for telemetry based coverage. + // + + ULONG TelemetryCoverageRound; + + // + // The following field is used for ETW user mode global logging + // (UMGL). + // + + USHORT UserModeGlobalLogger[16]; + + // + // Settings that can enable the use of Image File Execution Options + // from HKCU in addition to the original HKLM. + // + + ULONG ImageFileExecutionOptions; + + // + // Generation of the kernel structure holding system language information + // + + ULONG LangGenerationCount; + + // + // Reserved (available for reuse). + // + + ULONGLONG Reserved4; + + // + // Current 64-bit interrupt time bias in 100ns units. + // + + volatile ULONGLONG InterruptTimeBias; + + // + // Current 64-bit performance counter bias, in performance counter units + // before the shift is applied. + // + + volatile ULONGLONG QpcBias; + + // + // Number of active processors and groups. + // + + ULONG ActiveProcessorCount; + volatile UCHAR ActiveGroupCount; + + // + // Reserved (available for re-use). + // + + UCHAR Reserved9; + + union + { + USHORT QpcData; + struct + { + // + // A boolean indicating whether performance counter queries + // can read the counter directly (bypassing the system call). + // + + volatile UCHAR QpcBypassEnabled; + + // + // Shift applied to the raw counter value to derive the + // QPC count. + // + + UCHAR QpcShift; + }; + }; + + LARGE_INTEGER TimeZoneBiasEffectiveStart; + LARGE_INTEGER TimeZoneBiasEffectiveEnd; + + // + // Extended processor state configuration + // + + XSTATE_CONFIGURATION XState; + + KSYSTEM_TIME FeatureConfigurationChangeStamp; + ULONG Spare; + + ULONG64 UserPointerAuthMask; + +} KUSER_SHARED_DATA, *PKUSER_SHARED_DATA; + +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TickCountLowDeprecated) == 0x0); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TickCountMultiplier) == 0x4); +C_ASSERT(__alignof(KSYSTEM_TIME) == 4); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, InterruptTime) == 0x08); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemTime) == 0x014); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeZoneBias) == 0x020); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ImageNumberLow) == 0x02c); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ImageNumberHigh) == 0x02e); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NtSystemRoot) == 0x030); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, MaxStackTraceDepth) == 0x238); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, CryptoExponent) == 0x23c); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeZoneId) == 0x240); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, LargePageMinimum) == 0x244); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, AitSamplingValue) == 0x248); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, AppCompatFlag) == 0x24c); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, RNGSeedVersion) == 0x250); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, GlobalValidationRunlevel) == 0x258); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeZoneBiasStamp) == 0x25c); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NtBuildNumber) == 0x260); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NtProductType) == 0x264); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ProductTypeIsValid) == 0x268); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NativeProcessorArchitecture) == 0x26a); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NtMajorVersion) == 0x26c); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NtMinorVersion) == 0x270); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ProcessorFeatures) == 0x274); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved1) == 0x2b4); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved3) == 0x2b8); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeSlip) == 0x2bc); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, AlternativeArchitecture) == 0x2c0); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemExpirationDate) == 0x2c8); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SuiteMask) == 0x2d0); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, KdDebuggerEnabled) == 0x2d4); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, MitigationPolicies) == 0x2d5); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, CyclesPerYield) == 0x2d6); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ActiveConsoleId) == 0x2d8); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, DismountCount) == 0x2dc); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ComPlusPackage) == 0x2e0); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, LastSystemRITEventTickCount) == 0x2e4); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, NumberOfPhysicalPages) == 0x2e8); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SafeBootMode) == 0x2ec); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, VirtualizationFlags) == 0x2ed); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved12) == 0x2ee); +#if defined(_MSC_EXTENSIONS) +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SharedDataFlags) == 0x2f0); +#endif +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TestRetInstruction) == 0x2f8); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcFrequency) == 0x300); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemCall) == 0x308); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved2) == 0x30c); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemCallPad) == 0x310); +#if defined(_MSC_EXTENSIONS) +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TickCount) == 0x320); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TickCountQuad) == 0x320); +#endif +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Cookie) == 0x330); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ConsoleSessionForegroundProcessId) == 0x338); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeUpdateLock) == 0x340); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, BaselineSystemTimeQpc) == 0x348); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, BaselineInterruptTimeQpc) == 0x350); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcSystemTimeIncrement) == 0x358); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcInterruptTimeIncrement) == 0x360); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcSystemTimeIncrementShift) == 0x368); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcInterruptTimeIncrementShift) == 0x369); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, UnparkedProcessorCount) == 0x36a); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, EnclaveFeatureMask) == 0x36c); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TelemetryCoverageRound) == 0x37c); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, UserModeGlobalLogger) == 0x380); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ImageFileExecutionOptions) == 0x3a0); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, LangGenerationCount) == 0x3a4); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved4) == 0x3a8); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, InterruptTimeBias) == 0x3b0); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcBias) == 0x3b8); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ActiveProcessorCount) == 0x3c0); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, ActiveGroupCount) == 0x3c4); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved9) == 0x3c5); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcData) == 0x3c6); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcBypassEnabled) == 0x3c6); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, QpcShift) == 0x3c7); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeZoneBiasEffectiveStart) == 0x3c8); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TimeZoneBiasEffectiveEnd) == 0x3d0); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, XState) == 0x3d8); +#if !defined(NTDDI_WIN10_FE) || (NTDDI_VERSION < NTDDI_WIN10_FE) +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, FeatureConfigurationChangeStamp) == 0x710); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, UserPointerAuthMask) == 0x720); +#if !defined(WINDOWS_IGNORE_PACKING_MISMATCH) +C_ASSERT(sizeof(KUSER_SHARED_DATA) == 0x728); +#endif +#else +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, FeatureConfigurationChangeStamp) == 0x720); +C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, UserPointerAuthMask) == 0x730); +#if !defined(WINDOWS_IGNORE_PACKING_MISMATCH) +C_ASSERT(sizeof(KUSER_SHARED_DATA) == 0x738); +#endif +#endif + +#define USER_SHARED_DATA ((KUSER_SHARED_DATA * const)0x7ffe0000) + +FORCEINLINE +ULONGLONG +NtGetTickCount64( + VOID + ) +{ + ULARGE_INTEGER tickCount; + +#ifdef _WIN64 + + tickCount.QuadPart = USER_SHARED_DATA->TickCountQuad; + +#else + + while (TRUE) + { + tickCount.HighPart = (ULONG)USER_SHARED_DATA->TickCount.High1Time; + tickCount.LowPart = USER_SHARED_DATA->TickCount.LowPart; + + if (tickCount.HighPart == (ULONG)USER_SHARED_DATA->TickCount.High2Time) + break; + + YieldProcessor(); + } + +#endif + + return (UInt32x32To64(tickCount.LowPart, USER_SHARED_DATA->TickCountMultiplier) >> 24) + + (UInt32x32To64(tickCount.HighPart, USER_SHARED_DATA->TickCountMultiplier) << 8); +} + +FORCEINLINE +ULONG +NtGetTickCount( + VOID + ) +{ +#ifdef _WIN64 + + return (ULONG)((USER_SHARED_DATA->TickCountQuad * USER_SHARED_DATA->TickCountMultiplier) >> 24); + +#else + + ULARGE_INTEGER tickCount; + + while (TRUE) + { + tickCount.HighPart = (ULONG)USER_SHARED_DATA->TickCount.High1Time; + tickCount.LowPart = USER_SHARED_DATA->TickCount.LowPart; + + if (tickCount.HighPart == (ULONG)USER_SHARED_DATA->TickCount.High2Time) + break; + + YieldProcessor(); + } + + return (ULONG)((UInt32x32To64(tickCount.LowPart, USER_SHARED_DATA->TickCountMultiplier) >> 24) + + UInt32x32To64((tickCount.HighPart << 8) & 0xffffffff, USER_SHARED_DATA->TickCountMultiplier)); + +#endif +} + +// Locale + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryDefaultLocale( + _In_ BOOLEAN UserProfile, + _Out_ PLCID DefaultLocaleId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetDefaultLocale( + _In_ BOOLEAN UserProfile, + _In_ LCID DefaultLocaleId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInstallUILanguage( + _Out_ LANGID *InstallUILanguageId + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFlushInstallUILanguage( + _In_ LANGID InstallUILanguage, + _In_ ULONG SetComittedFlag + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryDefaultUILanguage( + _Out_ LANGID *DefaultUILanguageId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetDefaultUILanguage( + _In_ LANGID DefaultUILanguageId + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSCALLAPI +NTSTATUS +NTAPI +NtIsUILanguageComitted( + VOID + ); +#endif + +// NLS + +// begin_private + +#if (PHNT_VERSION >= PHNT_VISTA) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtInitializeNlsFiles( + _Out_ PVOID *BaseAddress, + _Out_ PLCID DefaultLocaleId, + _Out_ PLARGE_INTEGER DefaultCasingTableSize, + _Out_opt_ PULONG CurrentNLSVersion + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtGetNlsSectionPtr( + _In_ ULONG SectionType, + _In_ ULONG SectionData, + _In_ PVOID ContextData, + _Out_ PVOID *SectionPointer, + _Out_ PULONG SectionSize + ); + +#if (PHNT_VERSION < PHNT_WIN7) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAcquireCMFViewOwnership( + _Out_ PULONGLONG TimeStamp, + _Out_ PBOOLEAN tokenTaken, + _In_ BOOLEAN replaceExisting + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReleaseCMFViewOwnership( + VOID + ); + +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtMapCMFModule( + _In_ ULONG What, + _In_ ULONG Index, + _Out_opt_ PULONG CacheIndexOut, + _Out_opt_ PULONG CacheFlagsOut, + _Out_opt_ PULONG ViewSizeOut, + _Out_opt_ PVOID *BaseAddress + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtGetMUIRegistryInfo( + _In_ ULONG Flags, + _Inout_ PULONG DataSize, + _Out_ PVOID Data + ); + +#endif + +// end_private + +// Global atoms + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAddAtom( + _In_reads_bytes_opt_(Length) PWSTR AtomName, + _In_ ULONG Length, + _Out_opt_ PRTL_ATOM Atom + ); + +#if (PHNT_VERSION >= PHNT_WIN8) + +#define ATOM_FLAG_GLOBAL 0x2 + +// rev +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAddAtomEx( + _In_reads_bytes_opt_(Length) PWSTR AtomName, + _In_ ULONG Length, + _Out_opt_ PRTL_ATOM Atom, + _In_ ULONG Flags + ); + +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFindAtom( + _In_reads_bytes_opt_(Length) PWSTR AtomName, + _In_ ULONG Length, + _Out_opt_ PRTL_ATOM Atom + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDeleteAtom( + _In_ RTL_ATOM Atom + ); + +typedef enum _ATOM_INFORMATION_CLASS +{ + AtomBasicInformation, + AtomTableInformation +} ATOM_INFORMATION_CLASS; + +typedef struct _ATOM_BASIC_INFORMATION +{ + USHORT UsageCount; + USHORT Flags; + USHORT NameLength; + _Field_size_bytes_(NameLength) WCHAR Name[1]; +} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION; + +typedef struct _ATOM_TABLE_INFORMATION +{ + ULONG NumberOfAtoms; + _Field_size_(NumberOfAtoms) RTL_ATOM Atoms[1]; +} ATOM_TABLE_INFORMATION, *PATOM_TABLE_INFORMATION; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInformationAtom( + _In_ RTL_ATOM Atom, + _In_ ATOM_INFORMATION_CLASS AtomInformationClass, + _Out_writes_bytes_(AtomInformationLength) PVOID AtomInformation, + _In_ ULONG AtomInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +// Global flags + +#define FLG_STOP_ON_EXCEPTION 0x00000001 // uk +#define FLG_SHOW_LDR_SNAPS 0x00000002 // uk +#define FLG_DEBUG_INITIAL_COMMAND 0x00000004 // k +#define FLG_STOP_ON_HUNG_GUI 0x00000008 // k + +#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010 // u +#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020 // u +#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040 // u +#define FLG_HEAP_VALIDATE_ALL 0x00000080 // u + +#define FLG_APPLICATION_VERIFIER 0x00000100 // u +#define FLG_MONITOR_SILENT_PROCESS_EXIT 0x00000200 // uk +#define FLG_POOL_ENABLE_TAGGING 0x00000400 // k +#define FLG_HEAP_ENABLE_TAGGING 0x00000800 // u + +#define FLG_USER_STACK_TRACE_DB 0x00001000 // u,32 +#define FLG_KERNEL_STACK_TRACE_DB 0x00002000 // k,32 +#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000 // k +#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000 // u + +#define FLG_DISABLE_STACK_EXTENSION 0x00010000 // u +#define FLG_ENABLE_CSRDEBUG 0x00020000 // k +#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000 // k +#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000 // k + +#define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000 // u +#define FLG_HEAP_DISABLE_COALESCING 0x00200000 // u +#define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000 // k +#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000 // k + +#define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000 // k +#define FLG_HEAP_PAGE_ALLOCS 0x02000000 // u +#define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000 // k +#define FLG_DISABLE_DBGPRINT 0x08000000 // k + +#define FLG_CRITSEC_EVENT_CREATION 0x10000000 // u +#define FLG_STOP_ON_UNHANDLED_EXCEPTION 0x20000000 // u,64 +#define FLG_ENABLE_HANDLE_EXCEPTIONS 0x40000000 // k +#define FLG_DISABLE_PROTDLLS 0x80000000 // u + +#define FLG_VALID_BITS 0xfffffdff + +#define FLG_USERMODE_VALID_BITS (FLG_STOP_ON_EXCEPTION | \ + FLG_SHOW_LDR_SNAPS | \ + FLG_HEAP_ENABLE_TAIL_CHECK | \ + FLG_HEAP_ENABLE_FREE_CHECK | \ + FLG_HEAP_VALIDATE_PARAMETERS | \ + FLG_HEAP_VALIDATE_ALL | \ + FLG_APPLICATION_VERIFIER | \ + FLG_HEAP_ENABLE_TAGGING | \ + FLG_USER_STACK_TRACE_DB | \ + FLG_HEAP_ENABLE_TAG_BY_DLL | \ + FLG_DISABLE_STACK_EXTENSION | \ + FLG_ENABLE_SYSTEM_CRIT_BREAKS | \ + FLG_HEAP_DISABLE_COALESCING | \ + FLG_DISABLE_PROTDLLS | \ + FLG_HEAP_PAGE_ALLOCS | \ + FLG_CRITSEC_EVENT_CREATION | \ + FLG_LDR_TOP_DOWN) + +#define FLG_BOOTONLY_VALID_BITS (FLG_KERNEL_STACK_TRACE_DB | \ + FLG_MAINTAIN_OBJECT_TYPELIST | \ + FLG_ENABLE_CSRDEBUG | \ + FLG_DEBUG_INITIAL_COMMAND | \ + FLG_DEBUG_INITIAL_COMMAND_EX | \ + FLG_DISABLE_PAGE_KERNEL_STACKS) + +#define FLG_KERNELMODE_VALID_BITS (FLG_STOP_ON_EXCEPTION | \ + FLG_SHOW_LDR_SNAPS | \ + FLG_STOP_ON_HUNG_GUI | \ + FLG_POOL_ENABLE_TAGGING | \ + FLG_ENABLE_KDEBUG_SYMBOL_LOAD | \ + FLG_ENABLE_CLOSE_EXCEPTIONS | \ + FLG_ENABLE_EXCEPTION_LOGGING | \ + FLG_ENABLE_HANDLE_TYPE_TAGGING | \ + FLG_DISABLE_DBGPRINT | \ + FLG_ENABLE_HANDLE_EXCEPTIONS) + +// Licensing + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryLicenseValue( + _In_ PUNICODE_STRING ValueName, + _Out_opt_ PULONG Type, + _Out_writes_bytes_to_opt_(DataSize, *ResultDataSize) PVOID Data, + _In_ ULONG DataSize, + _Out_ PULONG ResultDataSize + ); + +// Misc. + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetDefaultHardErrorPort( + _In_ HANDLE DefaultHardErrorPort + ); + +typedef enum _SHUTDOWN_ACTION +{ + ShutdownNoReboot, + ShutdownReboot, + ShutdownPowerOff, + ShutdownRebootForRecovery // since WIN11 +} SHUTDOWN_ACTION; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtShutdownSystem( + _In_ SHUTDOWN_ACTION Action + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDisplayString( + _In_ PUNICODE_STRING String + ); + +// Boot graphics + +#if (PHNT_VERSION >= PHNT_WIN7) +// rev +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDrawText( + _In_ PUNICODE_STRING Text + ); +#endif + +#endif // (PHNT_MODE != PHNT_MODE_KERNEL) + +#endif diff --git a/deps/phnt-nightly/ntgdi.h b/deps/phnt-nightly/ntgdi.h new file mode 100644 index 0000000..bf70b71 --- /dev/null +++ b/deps/phnt-nightly/ntgdi.h @@ -0,0 +1,127 @@ +/* + * Graphics device interface support + * + * This file is part of System Informer. + */ + +#ifndef _NTGDI_H +#define _NTGDI_H + +#define GDI_MAX_HANDLE_COUNT 0xFFFF // 0x4000 + +#define GDI_HANDLE_INDEX_SHIFT 0 +#define GDI_HANDLE_INDEX_BITS 16 +#define GDI_HANDLE_INDEX_MASK 0xffff + +#define GDI_HANDLE_TYPE_SHIFT 16 +#define GDI_HANDLE_TYPE_BITS 5 +#define GDI_HANDLE_TYPE_MASK 0x1f + +#define GDI_HANDLE_ALTTYPE_SHIFT 21 +#define GDI_HANDLE_ALTTYPE_BITS 2 +#define GDI_HANDLE_ALTTYPE_MASK 0x3 + +#define GDI_HANDLE_STOCK_SHIFT 23 +#define GDI_HANDLE_STOCK_BITS 1 +#define GDI_HANDLE_STOCK_MASK 0x1 + +#define GDI_HANDLE_UNIQUE_SHIFT 24 +#define GDI_HANDLE_UNIQUE_BITS 8 +#define GDI_HANDLE_UNIQUE_MASK 0xff + +#define GDI_HANDLE_INDEX(Handle) ((ULONG)(Handle) & GDI_HANDLE_INDEX_MASK) +#define GDI_HANDLE_TYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_TYPE_SHIFT) & GDI_HANDLE_TYPE_MASK) +#define GDI_HANDLE_ALTTYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_ALTTYPE_SHIFT) & GDI_HANDLE_ALTTYPE_MASK) +#define GDI_HANDLE_STOCK(Handle) (((ULONG)(Handle) >> GDI_HANDLE_STOCK_SHIFT)) & GDI_HANDLE_STOCK_MASK) + +#define GDI_MAKE_HANDLE(Index, Unique) ((ULONG)(((ULONG)(Unique) << GDI_HANDLE_INDEX_BITS) | (ULONG)(Index))) + +// GDI server-side types + +#define GDI_DEF_TYPE 0 // invalid handle +#define GDI_DC_TYPE 1 +#define GDI_DD_DIRECTDRAW_TYPE 2 +#define GDI_DD_SURFACE_TYPE 3 +#define GDI_RGN_TYPE 4 +#define GDI_SURF_TYPE 5 +#define GDI_CLIENTOBJ_TYPE 6 +#define GDI_PATH_TYPE 7 +#define GDI_PAL_TYPE 8 +#define GDI_ICMLCS_TYPE 9 +#define GDI_LFONT_TYPE 10 +#define GDI_RFONT_TYPE 11 +#define GDI_PFE_TYPE 12 +#define GDI_PFT_TYPE 13 +#define GDI_ICMCXF_TYPE 14 +#define GDI_ICMDLL_TYPE 15 +#define GDI_BRUSH_TYPE 16 +#define GDI_PFF_TYPE 17 // unused +#define GDI_CACHE_TYPE 18 // unused +#define GDI_SPACE_TYPE 19 +#define GDI_DBRUSH_TYPE 20 // unused +#define GDI_META_TYPE 21 +#define GDI_EFSTATE_TYPE 22 +#define GDI_BMFD_TYPE 23 // unused +#define GDI_VTFD_TYPE 24 // unused +#define GDI_TTFD_TYPE 25 // unused +#define GDI_RC_TYPE 26 // unused +#define GDI_TEMP_TYPE 27 // unused +#define GDI_DRVOBJ_TYPE 28 +#define GDI_DCIOBJ_TYPE 29 // unused +#define GDI_SPOOL_TYPE 30 + +// GDI client-side types + +#define GDI_CLIENT_TYPE_FROM_HANDLE(Handle) ((ULONG)(Handle) & ((GDI_HANDLE_ALTTYPE_MASK << GDI_HANDLE_ALTTYPE_SHIFT) | \ + (GDI_HANDLE_TYPE_MASK << GDI_HANDLE_TYPE_SHIFT))) +#define GDI_CLIENT_TYPE_FROM_UNIQUE(Unique) GDI_CLIENT_TYPE_FROM_HANDLE((ULONG)(Unique) << 16) + +#define GDI_ALTTYPE_1 (1 << GDI_HANDLE_ALTTYPE_SHIFT) +#define GDI_ALTTYPE_2 (2 << GDI_HANDLE_ALTTYPE_SHIFT) +#define GDI_ALTTYPE_3 (3 << GDI_HANDLE_ALTTYPE_SHIFT) + +#define GDI_CLIENT_BITMAP_TYPE (GDI_SURF_TYPE << GDI_HANDLE_TYPE_SHIFT) +#define GDI_CLIENT_BRUSH_TYPE (GDI_BRUSH_TYPE << GDI_HANDLE_TYPE_SHIFT) +#define GDI_CLIENT_CLIENTOBJ_TYPE (GDI_CLIENTOBJ_TYPE << GDI_HANDLE_TYPE_SHIFT) +#define GDI_CLIENT_DC_TYPE (GDI_DC_TYPE << GDI_HANDLE_TYPE_SHIFT) +#define GDI_CLIENT_FONT_TYPE (GDI_LFONT_TYPE << GDI_HANDLE_TYPE_SHIFT) +#define GDI_CLIENT_PALETTE_TYPE (GDI_PAL_TYPE << GDI_HANDLE_TYPE_SHIFT) +#define GDI_CLIENT_REGION_TYPE (GDI_RGN_TYPE << GDI_HANDLE_TYPE_SHIFT) + +#define GDI_CLIENT_ALTDC_TYPE (GDI_CLIENT_DC_TYPE | GDI_ALTTYPE_1) +#define GDI_CLIENT_DIBSECTION_TYPE (GDI_CLIENT_BITMAP_TYPE | GDI_ALTTYPE_1) +#define GDI_CLIENT_EXTPEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_2) +#define GDI_CLIENT_METADC16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_3) +#define GDI_CLIENT_METAFILE_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_2) +#define GDI_CLIENT_METAFILE16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_1) +#define GDI_CLIENT_PEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_1) + +typedef struct _GDI_HANDLE_ENTRY +{ + union + { + PVOID Object; + PVOID NextFree; + }; + union + { + struct + { + USHORT ProcessId; + USHORT Lock : 1; + USHORT Count : 15; + }; + ULONG Value; + } Owner; + USHORT Unique; + UCHAR Type; + UCHAR Flags; + PVOID UserPointer; +} GDI_HANDLE_ENTRY, *PGDI_HANDLE_ENTRY; + +typedef struct _GDI_SHARED_MEMORY +{ + GDI_HANDLE_ENTRY Handles[GDI_MAX_HANDLE_COUNT]; +} GDI_SHARED_MEMORY, *PGDI_SHARED_MEMORY; + +#endif diff --git a/deps/phnt-nightly/ntimage.h b/deps/phnt-nightly/ntimage.h new file mode 100644 index 0000000..8007a99 --- /dev/null +++ b/deps/phnt-nightly/ntimage.h @@ -0,0 +1,211 @@ +/* + * PE format support + * + * This file is part of System Informer. + */ + +#ifndef _NTIMAGE_H +#define _NTIMAGE_H + +#include + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +#define IMAGE_FILE_MACHINE_CHPE_X86 0x3A64 +#define IMAGE_FILE_MACHINE_ARM64EC 0xA641 +#define IMAGE_FILE_MACHINE_ARM64X 0xA64E +#endif + +typedef struct _IMAGE_DEBUG_POGO_ENTRY +{ + ULONG Rva; + ULONG Size; + CHAR Name[1]; +} IMAGE_DEBUG_POGO_ENTRY, *PIMAGE_DEBUG_POGO_ENTRY; + +typedef struct _IMAGE_DEBUG_POGO_SIGNATURE +{ + ULONG Signature; +} IMAGE_DEBUG_POGO_SIGNATURE, *PIMAGE_DEBUG_POGO_SIGNATURE; + +#define IMAGE_DEBUG_POGO_SIGNATURE_LTCG 'LTCG' // coffgrp LTCG (0x4C544347) +#define IMAGE_DEBUG_POGO_SIGNATURE_PGU 'PGU\0' // coffgrp PGU (0x50475500) + +typedef struct _IMAGE_RELOCATION_RECORD +{ + USHORT Offset : 12; + USHORT Type : 4; +} IMAGE_RELOCATION_RECORD, *PIMAGE_RELOCATION_RECORD; + +typedef struct _IMAGE_CHPE_METADATA_X86 +{ + ULONG Version; + ULONG CHPECodeAddressRangeOffset; + ULONG CHPECodeAddressRangeCount; + ULONG WowA64ExceptionHandlerFunctionPointer; + ULONG WowA64DispatchCallFunctionPointer; + ULONG WowA64DispatchIndirectCallFunctionPointer; + ULONG WowA64DispatchIndirectCallCfgFunctionPointer; + ULONG WowA64DispatchRetFunctionPointer; + ULONG WowA64DispatchRetLeafFunctionPointer; + ULONG WowA64DispatchJumpFunctionPointer; + ULONG CompilerIATPointer; // Present if Version >= 2 + ULONG WowA64RdtscFunctionPointer; // Present if Version >= 3 +} IMAGE_CHPE_METADATA_X86, *PIMAGE_CHPE_METADATA_X86; + +typedef struct _IMAGE_CHPE_RANGE_ENTRY +{ + union + { + ULONG StartOffset; + struct + { + ULONG NativeCode : 1; + ULONG AddressBits : 31; + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME; + + ULONG Length; +} IMAGE_CHPE_RANGE_ENTRY, *PIMAGE_CHPE_RANGE_ENTRY; + +typedef struct _IMAGE_ARM64EC_METADATA +{ + ULONG Version; + ULONG CodeMap; + ULONG CodeMapCount; + ULONG CodeRangesToEntryPoints; + ULONG RedirectionMetadata; + ULONG tbd__os_arm64x_dispatch_call_no_redirect; + ULONG tbd__os_arm64x_dispatch_ret; + ULONG tbd__os_arm64x_dispatch_call; + ULONG tbd__os_arm64x_dispatch_icall; + ULONG tbd__os_arm64x_dispatch_icall_cfg; + ULONG AlternateEntryPoint; + ULONG AuxiliaryIAT; + ULONG CodeRangesToEntryPointsCount; + ULONG RedirectionMetadataCount; + ULONG GetX64InformationFunctionPointer; + ULONG SetX64InformationFunctionPointer; + ULONG ExtraRFETable; + ULONG ExtraRFETableSize; + ULONG __os_arm64x_dispatch_fptr; + ULONG AuxiliaryIATCopy; +} IMAGE_ARM64EC_METADATA, *PIMAGE_ARM64EC_METADATA; + +// rev +#define IMAGE_ARM64EC_CODE_MAP_TYPE_ARM64 0 +#define IMAGE_ARM64EC_CODE_MAP_TYPE_ARM64EC 1 +#define IMAGE_ARM64EC_CODE_MAP_TYPE_AMD64 2 + +// rev +typedef struct _IMAGE_ARM64EC_CODE_MAP_ENTRY +{ + union + { + ULONG StartOffset; + struct + { + ULONG Type : 2; + ULONG AddressBits : 30; + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME; + + ULONG Length; +} IMAGE_ARM64EC_CODE_MAP_ENTRY, *PIMAGE_ARM64EC_CODE_MAP_ENTRY; + +typedef struct _IMAGE_ARM64EC_REDIRECTION_ENTRY +{ + ULONG Source; + ULONG Destination; +} IMAGE_ARM64EC_REDIRECTION_ENTRY, *PIMAGE_ARM64EC_REDIRECTION_ENTRY; + +typedef struct _IMAGE_ARM64EC_CODE_RANGE_ENTRY_POINT +{ + ULONG StartRva; + ULONG EndRva; + ULONG EntryPoint; +} IMAGE_ARM64EC_CODE_RANGE_ENTRY_POINT, *PIMAGE_ARM64EC_CODE_RANGE_ENTRY_POINT; + +#define IMAGE_DVRT_ARM64X_FIXUP_TYPE_ZEROFILL 0 +#define IMAGE_DVRT_ARM64X_FIXUP_TYPE_VALUE 1 +#define IMAGE_DVRT_ARM64X_FIXUP_TYPE_DELTA 2 + +#define IMAGE_DVRT_ARM64X_FIXUP_SIZE_2BYTES 1 +#define IMAGE_DVRT_ARM64X_FIXUP_SIZE_4BYTES 2 +#define IMAGE_DVRT_ARM64X_FIXUP_SIZE_8BYTES 3 + +typedef struct _IMAGE_DVRT_ARM64X_FIXUP_RECORD +{ + USHORT Offset : 12; + USHORT Type : 2; + USHORT Size : 2; + // Value of variable Size when IMAGE_DVRT_ARM64X_FIXUP_TYPE_VALUE +} IMAGE_DVRT_ARM64X_FIXUP_RECORD, *PIMAGE_DVRT_ARM64X_FIXUP_RECORD; + +typedef struct _IMAGE_DVRT_ARM64X_DELTA_FIXUP_RECORD +{ + USHORT Offset : 12; + USHORT Type : 2; // IMAGE_DVRT_ARM64X_FIXUP_TYPE_DELTA + USHORT Sign : 1; // 1 = -, 0 = + + USHORT Scale : 1; // 1 = 8, 0 = 4 + // USHORT Value; // Delta = Value * Scale * Sign +} IMAGE_DVRT_ARM64X_DELTA_FIXUP_RECORD, *PIMAGE_DVRT_ARM64X_DELTA_FIXUP_RECORD; + +#include + +#define IMAGE_DYNAMIC_RELOCATION_ARM64X 0x00000006 +#define IMAGE_DYNAMIC_RELOCATION_MM_SHARED_USER_DATA_VA 0x7FFE0000 +#define IMAGE_DYNAMIC_RELOCATION_KI_USER_SHARED_DATA64 0xFFFFF78000000000UI64 + +// Note: The Windows SDK defines UNALIGNED for PIMAGE_IMPORT_DESCRIPTOR but +// doesn't include UNALIGNED for PIMAGE_THUNK_DATA (See GH#1694) (dmex) +typedef IMAGE_THUNK_DATA32 UNALIGNED *UNALIGNED_PIMAGE_THUNK_DATA32; +typedef IMAGE_THUNK_DATA64 UNALIGNED *UNALIGNED_PIMAGE_THUNK_DATA64; + +// Note: Required for legacy SDK support (dmex) +#if !defined(NTDDI_WIN10_NI) || (NTDDI_VERSION < NTDDI_WIN10_NI) +#define IMAGE_DYNAMIC_RELOCATION_GUARD_RF_PROLOGUE 0x00000001 +#define IMAGE_DYNAMIC_RELOCATION_GUARD_RF_EPILOGUE 0x00000002 +#define IMAGE_DYNAMIC_RELOCATION_GUARD_IMPORT_CONTROL_TRANSFER 0x00000003 +#define IMAGE_DYNAMIC_RELOCATION_GUARD_INDIR_CONTROL_TRANSFER 0x00000004 +#define IMAGE_DYNAMIC_RELOCATION_GUARD_SWITCHTABLE_BRANCH 0x00000005 +#define IMAGE_DYNAMIC_RELOCATION_FUNCTION_OVERRIDE 0x00000007 + +typedef struct _IMAGE_FUNCTION_OVERRIDE_HEADER { + ULONG FuncOverrideSize; + // IMAGE_FUNCTION_OVERRIDE_DYNAMIC_RELOCATION FuncOverrideInfo[ANYSIZE_ARRAY]; // FuncOverrideSize bytes in size + // IMAGE_BDD_INFO BDDInfo; // BDD region, size in bytes: DVRTEntrySize - sizeof(IMAGE_FUNCTION_OVERRIDE_HEADER) - FuncOverrideSize +} IMAGE_FUNCTION_OVERRIDE_HEADER; +typedef IMAGE_FUNCTION_OVERRIDE_HEADER UNALIGNED *PIMAGE_FUNCTION_OVERRIDE_HEADER; + +typedef struct _IMAGE_BDD_INFO { + ULONG Version; // decides the semantics of serialized BDD + ULONG BDDSize; + // IMAGE_BDD_DYNAMIC_RELOCATION BDDNodes[ANYSIZE_ARRAY]; // BDDSize size in bytes. +} IMAGE_BDD_INFO, *PIMAGE_BDD_INFO; + +typedef struct _IMAGE_FUNCTION_OVERRIDE_DYNAMIC_RELOCATION { + ULONG OriginalRva; // RVA of original function + ULONG BDDOffset; // Offset into the BDD region + ULONG RvaSize; // Size in bytes taken by RVAs. Must be multiple of sizeof(DWORD). + ULONG BaseRelocSize; // Size in bytes taken by BaseRelocs + // DWORD RVAs[RvaSize / sizeof(DWORD)]; // Array containing overriding func RVAs. + // IMAGE_BASE_RELOCATION BaseRelocs[ANYSIZE_ARRAY]; + // ^Base relocations (RVA + Size + TO) + // ^Padded with extra TOs for 4B alignment + // ^BaseRelocSize size in bytes +} IMAGE_FUNCTION_OVERRIDE_DYNAMIC_RELOCATION, *PIMAGE_FUNCTION_OVERRIDE_DYNAMIC_RELOCATION; + +typedef struct _IMAGE_BDD_DYNAMIC_RELOCATION { + USHORT Left; // Index of FALSE edge in BDD array + USHORT Right; // Index of TRUE edge in BDD array + ULONG Value; // Either FeatureNumber or Index into RVAs array +} IMAGE_BDD_DYNAMIC_RELOCATION, *PIMAGE_BDD_DYNAMIC_RELOCATION; + +// Function override relocation types in DVRT records. +#define IMAGE_FUNCTION_OVERRIDE_INVALID 0 +#define IMAGE_FUNCTION_OVERRIDE_X64_REL32 1 // 32-bit relative address from byte following reloc +#define IMAGE_FUNCTION_OVERRIDE_ARM64_BRANCH26 2 // 26 bit offset << 2 & sign ext. for B & BL +#define IMAGE_FUNCTION_OVERRIDE_ARM64_THUNK 3 +#endif + +#endif diff --git a/deps/phnt-nightly/ntioapi.h b/deps/phnt-nightly/ntioapi.h new file mode 100644 index 0000000..a926860 --- /dev/null +++ b/deps/phnt-nightly/ntioapi.h @@ -0,0 +1,2948 @@ +/* + * File management support + * + * This file is part of System Informer. + */ + +#ifndef _NTIOAPI_H +#define _NTIOAPI_H + +// Create disposition + +#define FILE_SUPERSEDE 0x00000000 +#define FILE_OPEN 0x00000001 +#define FILE_CREATE 0x00000002 +#define FILE_OPEN_IF 0x00000003 +#define FILE_OVERWRITE 0x00000004 +#define FILE_OVERWRITE_IF 0x00000005 +#define FILE_MAXIMUM_DISPOSITION 0x00000005 + +// Create/open flags + +#define FILE_DIRECTORY_FILE 0x00000001 +#define FILE_WRITE_THROUGH 0x00000002 +#define FILE_SEQUENTIAL_ONLY 0x00000004 +#define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008 + +#define FILE_SYNCHRONOUS_IO_ALERT 0x00000010 +#define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020 +#define FILE_NON_DIRECTORY_FILE 0x00000040 +#define FILE_CREATE_TREE_CONNECTION 0x00000080 + +#if (PHNT_VERSION >= PHNT_REDSTONE5) +#define TREE_CONNECT_NO_CLIENT_BUFFERING 0x00000008 +#define TREE_CONNECT_WRITE_THROUGH 0x00000002 +#endif + +#define FILE_COMPLETE_IF_OPLOCKED 0x00000100 +#define FILE_NO_EA_KNOWLEDGE 0x00000200 +#define FILE_OPEN_REMOTE_INSTANCE 0x00000400 +#define FILE_RANDOM_ACCESS 0x00000800 + +#define FILE_DELETE_ON_CLOSE 0x00001000 +#define FILE_OPEN_BY_FILE_ID 0x00002000 +#define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000 +#define FILE_NO_COMPRESSION 0x00008000 + +#if (PHNT_VERSION >= PHNT_WIN7) +#define FILE_OPEN_REQUIRING_OPLOCK 0x00010000 +#define FILE_DISALLOW_EXCLUSIVE 0x00020000 +#endif +#if (PHNT_VERSION >= PHNT_WIN8) +#define FILE_SESSION_AWARE 0x00040000 +#endif + +#define FILE_RESERVE_OPFILTER 0x00100000 +#define FILE_OPEN_REPARSE_POINT 0x00200000 +#define FILE_OPEN_NO_RECALL 0x00400000 +#define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000 + +// Extended create/open flags + +#define FILE_CONTAINS_EXTENDED_CREATE_INFORMATION 0x10000000 +#define FILE_VALID_EXTENDED_OPTION_FLAGS 0x10000000 + +#if (PHNT_VERSION >= PHNT_WIN11) +typedef struct _EXTENDED_CREATE_INFORMATION +{ + LONGLONG ExtendedCreateFlags; + PVOID EaBuffer; + ULONG EaLength; +} EXTENDED_CREATE_INFORMATION, *PEXTENDED_CREATE_INFORMATION; + +typedef struct _EXTENDED_CREATE_INFORMATION_32 +{ + LONGLONG ExtendedCreateFlags; + void* POINTER_32 EaBuffer; + ULONG EaLength; +} EXTENDED_CREATE_INFORMATION_32, *PEXTENDED_CREATE_INFORMATION_32; + +#define EX_CREATE_FLAG_FILE_SOURCE_OPEN_FOR_COPY 0x00000001 +#define EX_CREATE_FLAG_FILE_DEST_OPEN_FOR_COPY 0x00000002 +#endif + +#define FILE_VALID_OPTION_FLAGS 0x00ffffff +#define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032 +#define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032 +#define FILE_VALID_SET_FLAGS 0x00000036 + +#define FILE_COPY_STRUCTURED_STORAGE 0x00000041 +#define FILE_STRUCTURED_STORAGE 0x00000441 + +// I/O status information values for NtCreateFile/NtOpenFile + +#define FILE_SUPERSEDED 0x00000000 +#define FILE_OPENED 0x00000001 +#define FILE_CREATED 0x00000002 +#define FILE_OVERWRITTEN 0x00000003 +#define FILE_EXISTS 0x00000004 +#define FILE_DOES_NOT_EXIST 0x00000005 + +// Special ByteOffset parameters + +#define FILE_WRITE_TO_END_OF_FILE 0xffffffff +#define FILE_USE_FILE_POINTER_POSITION 0xfffffffe + +// Alignment requirement values + +#define FILE_BYTE_ALIGNMENT 0x00000000 +#define FILE_WORD_ALIGNMENT 0x00000001 +#define FILE_LONG_ALIGNMENT 0x00000003 +#define FILE_QUAD_ALIGNMENT 0x00000007 +#define FILE_OCTA_ALIGNMENT 0x0000000f +#define FILE_32_BYTE_ALIGNMENT 0x0000001f +#define FILE_64_BYTE_ALIGNMENT 0x0000003f +#define FILE_128_BYTE_ALIGNMENT 0x0000007f +#define FILE_256_BYTE_ALIGNMENT 0x000000ff +#define FILE_512_BYTE_ALIGNMENT 0x000001ff + +// Maximum length of a filename string + +#define DOS_MAX_COMPONENT_LENGTH 255 +#define DOS_MAX_PATH_LENGTH (DOS_MAX_COMPONENT_LENGTH + 5) + +#define MAXIMUM_FILENAME_LENGTH 256 + +// Extended attributes + +#define FILE_NEED_EA 0x00000080 + +#define FILE_EA_TYPE_BINARY 0xfffe +#define FILE_EA_TYPE_ASCII 0xfffd +#define FILE_EA_TYPE_BITMAP 0xfffb +#define FILE_EA_TYPE_METAFILE 0xfffa +#define FILE_EA_TYPE_ICON 0xfff9 +#define FILE_EA_TYPE_EA 0xffee +#define FILE_EA_TYPE_MVMT 0xffdf +#define FILE_EA_TYPE_MVST 0xffde +#define FILE_EA_TYPE_ASN1 0xffdd +#define FILE_EA_TYPE_FAMILY_IDS 0xff01 + +// Device characteristics + +#define FILE_REMOVABLE_MEDIA 0x00000001 +#define FILE_READ_ONLY_DEVICE 0x00000002 +#define FILE_FLOPPY_DISKETTE 0x00000004 +#define FILE_WRITE_ONCE_MEDIA 0x00000008 +#define FILE_REMOTE_DEVICE 0x00000010 +#define FILE_DEVICE_IS_MOUNTED 0x00000020 +#define FILE_VIRTUAL_VOLUME 0x00000040 +#define FILE_AUTOGENERATED_DEVICE_NAME 0x00000080 +#define FILE_DEVICE_SECURE_OPEN 0x00000100 +#define FILE_CHARACTERISTIC_PNP_DEVICE 0x00000800 +#define FILE_CHARACTERISTIC_TS_DEVICE 0x00001000 +#define FILE_CHARACTERISTIC_WEBDAV_DEVICE 0x00002000 +#define FILE_CHARACTERISTIC_CSV 0x00010000 +#define FILE_DEVICE_ALLOW_APPCONTAINER_TRAVERSAL 0x00020000 +#define FILE_PORTABLE_DEVICE 0x00040000 +#define FILE_REMOTE_DEVICE_VSMB 0x00080000 +#define FILE_DEVICE_REQUIRE_SECURITY_CHECK 0x00100000 + +// Named pipe values + +// NamedPipeType for NtCreateNamedPipeFile +#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000 +#define FILE_PIPE_MESSAGE_TYPE 0x00000001 +#define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000 +#define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002 +#define FILE_PIPE_TYPE_VALID_MASK 0x00000003 + +// CompletionMode for NtCreateNamedPipeFile +#define FILE_PIPE_QUEUE_OPERATION 0x00000000 +#define FILE_PIPE_COMPLETE_OPERATION 0x00000001 + +// ReadMode for NtCreateNamedPipeFile +#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000 +#define FILE_PIPE_MESSAGE_MODE 0x00000001 + +// NamedPipeConfiguration for NtQueryInformationFile +#define FILE_PIPE_INBOUND 0x00000000 +#define FILE_PIPE_OUTBOUND 0x00000001 +#define FILE_PIPE_FULL_DUPLEX 0x00000002 + +// NamedPipeState for NtQueryInformationFile +#define FILE_PIPE_DISCONNECTED_STATE 0x00000001 +#define FILE_PIPE_LISTENING_STATE 0x00000002 +#define FILE_PIPE_CONNECTED_STATE 0x00000003 +#define FILE_PIPE_CLOSING_STATE 0x00000004 + +// NamedPipeEnd for NtQueryInformationFile +#define FILE_PIPE_CLIENT_END 0x00000000 +#define FILE_PIPE_SERVER_END 0x00000001 + +// Win32 pipe instance limit (0xff) +#define FILE_PIPE_UNLIMITED_INSTANCES 0xffffffff + +// Mailslot values + +#define MAILSLOT_SIZE_AUTO 0 + +typedef struct _IO_STATUS_BLOCK +{ + union + { + NTSTATUS Status; + PVOID Pointer; + }; + ULONG_PTR Information; +} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; + +typedef VOID (NTAPI *PIO_APC_ROUTINE)( + _In_ PVOID ApcContext, + _In_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG Reserved + ); + +// private +typedef struct _FILE_IO_COMPLETION_INFORMATION +{ + PVOID KeyContext; + PVOID ApcContext; + IO_STATUS_BLOCK IoStatusBlock; +} FILE_IO_COMPLETION_INFORMATION, *PFILE_IO_COMPLETION_INFORMATION; + +typedef enum _FILE_INFORMATION_CLASS +{ + FileDirectoryInformation = 1, // q: FILE_DIRECTORY_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) + FileFullDirectoryInformation, // q: FILE_FULL_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) + FileBothDirectoryInformation, // q: FILE_BOTH_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) + FileBasicInformation, // q; s: FILE_BASIC_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES) + FileStandardInformation, // q: FILE_STANDARD_INFORMATION, FILE_STANDARD_INFORMATION_EX + FileInternalInformation, // q: FILE_INTERNAL_INFORMATION + FileEaInformation, // q: FILE_EA_INFORMATION + FileAccessInformation, // q: FILE_ACCESS_INFORMATION + FileNameInformation, // q: FILE_NAME_INFORMATION + FileRenameInformation, // s: FILE_RENAME_INFORMATION (requires DELETE) // 10 + FileLinkInformation, // s: FILE_LINK_INFORMATION + FileNamesInformation, // q: FILE_NAMES_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) + FileDispositionInformation, // s: FILE_DISPOSITION_INFORMATION (requires DELETE) + FilePositionInformation, // q; s: FILE_POSITION_INFORMATION + FileFullEaInformation, // FILE_FULL_EA_INFORMATION + FileModeInformation, // q; s: FILE_MODE_INFORMATION + FileAlignmentInformation, // q: FILE_ALIGNMENT_INFORMATION + FileAllInformation, // q: FILE_ALL_INFORMATION (requires FILE_READ_ATTRIBUTES) + FileAllocationInformation, // s: FILE_ALLOCATION_INFORMATION (requires FILE_WRITE_DATA) + FileEndOfFileInformation, // s: FILE_END_OF_FILE_INFORMATION (requires FILE_WRITE_DATA) // 20 + FileAlternateNameInformation, // q: FILE_NAME_INFORMATION + FileStreamInformation, // q: FILE_STREAM_INFORMATION + FilePipeInformation, // q; s: FILE_PIPE_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES) + FilePipeLocalInformation, // q: FILE_PIPE_LOCAL_INFORMATION (requires FILE_READ_ATTRIBUTES) + FilePipeRemoteInformation, // q; s: FILE_PIPE_REMOTE_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES) + FileMailslotQueryInformation, // q: FILE_MAILSLOT_QUERY_INFORMATION + FileMailslotSetInformation, // s: FILE_MAILSLOT_SET_INFORMATION + FileCompressionInformation, // q: FILE_COMPRESSION_INFORMATION + FileObjectIdInformation, // q: FILE_OBJECTID_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) + FileCompletionInformation, // s: FILE_COMPLETION_INFORMATION // 30 + FileMoveClusterInformation, // s: FILE_MOVE_CLUSTER_INFORMATION (requires FILE_WRITE_DATA) + FileQuotaInformation, // q: FILE_QUOTA_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) + FileReparsePointInformation, // q: FILE_REPARSE_POINT_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) + FileNetworkOpenInformation, // q: FILE_NETWORK_OPEN_INFORMATION (requires FILE_READ_ATTRIBUTES) + FileAttributeTagInformation, // q: FILE_ATTRIBUTE_TAG_INFORMATION (requires FILE_READ_ATTRIBUTES) + FileTrackingInformation, // s: FILE_TRACKING_INFORMATION (requires FILE_WRITE_DATA) + FileIdBothDirectoryInformation, // q: FILE_ID_BOTH_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) + FileIdFullDirectoryInformation, // q: FILE_ID_FULL_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) + FileValidDataLengthInformation, // s: FILE_VALID_DATA_LENGTH_INFORMATION (requires FILE_WRITE_DATA and/or SeManageVolumePrivilege) + FileShortNameInformation, // s: FILE_NAME_INFORMATION (requires DELETE) // 40 + FileIoCompletionNotificationInformation, // q; s: FILE_IO_COMPLETION_NOTIFICATION_INFORMATION (q: requires FILE_READ_ATTRIBUTES) // since VISTA + FileIoStatusBlockRangeInformation, // s: FILE_IOSTATUSBLOCK_RANGE_INFORMATION (requires SeLockMemoryPrivilege) + FileIoPriorityHintInformation, // q; s: FILE_IO_PRIORITY_HINT_INFORMATION, FILE_IO_PRIORITY_HINT_INFORMATION_EX (q: requires FILE_READ_DATA) + FileSfioReserveInformation, // q; s: FILE_SFIO_RESERVE_INFORMATION (q: requires FILE_READ_DATA) + FileSfioVolumeInformation, // q: FILE_SFIO_VOLUME_INFORMATION (requires FILE_READ_ATTRIBUTES) + FileHardLinkInformation, // q: FILE_LINKS_INFORMATION + FileProcessIdsUsingFileInformation, // q: FILE_PROCESS_IDS_USING_FILE_INFORMATION (requires FILE_READ_ATTRIBUTES) + FileNormalizedNameInformation, // q: FILE_NAME_INFORMATION + FileNetworkPhysicalNameInformation, // q: FILE_NETWORK_PHYSICAL_NAME_INFORMATION + FileIdGlobalTxDirectoryInformation, // q: FILE_ID_GLOBAL_TX_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) // since WIN7 // 50 + FileIsRemoteDeviceInformation, // q: FILE_IS_REMOTE_DEVICE_INFORMATION (requires FILE_READ_ATTRIBUTES) + FileUnusedInformation, + FileNumaNodeInformation, // q: FILE_NUMA_NODE_INFORMATION + FileStandardLinkInformation, // q: FILE_STANDARD_LINK_INFORMATION + FileRemoteProtocolInformation, // q: FILE_REMOTE_PROTOCOL_INFORMATION + FileRenameInformationBypassAccessCheck, // (kernel-mode only); s: FILE_RENAME_INFORMATION // since WIN8 + FileLinkInformationBypassAccessCheck, // (kernel-mode only); s: FILE_LINK_INFORMATION + FileVolumeNameInformation, // q: FILE_VOLUME_NAME_INFORMATION + FileIdInformation, // q: FILE_ID_INFORMATION + FileIdExtdDirectoryInformation, // q: FILE_ID_EXTD_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) // 60 + FileReplaceCompletionInformation, // s: FILE_COMPLETION_INFORMATION // since WINBLUE + FileHardLinkFullIdInformation, // q: FILE_LINK_ENTRY_FULL_ID_INFORMATION // FILE_LINKS_FULL_ID_INFORMATION + FileIdExtdBothDirectoryInformation, // q: FILE_ID_EXTD_BOTH_DIR_INFORMATION (requires FILE_LIST_DIRECTORY) (NtQueryDirectoryFile[Ex]) // since THRESHOLD + FileDispositionInformationEx, // s: FILE_DISPOSITION_INFO_EX (requires DELETE) // since REDSTONE + FileRenameInformationEx, // s: FILE_RENAME_INFORMATION_EX + FileRenameInformationExBypassAccessCheck, // (kernel-mode only); s: FILE_RENAME_INFORMATION_EX + FileDesiredStorageClassInformation, // q; s: FILE_DESIRED_STORAGE_CLASS_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES) // since REDSTONE2 + FileStatInformation, // q: FILE_STAT_INFORMATION (requires FILE_READ_ATTRIBUTES) + FileMemoryPartitionInformation, // s: FILE_MEMORY_PARTITION_INFORMATION // since REDSTONE3 + FileStatLxInformation, // q: FILE_STAT_LX_INFORMATION (requires FILE_READ_ATTRIBUTES and FILE_READ_EA) // since REDSTONE4 // 70 + FileCaseSensitiveInformation, // q; s: FILE_CASE_SENSITIVE_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES) + FileLinkInformationEx, // s: FILE_LINK_INFORMATION_EX // since REDSTONE5 + FileLinkInformationExBypassAccessCheck, // (kernel-mode only); s: FILE_LINK_INFORMATION_EX + FileStorageReserveIdInformation, // q; s: FILE_STORAGE_RESERVE_ID_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES) + FileCaseSensitiveInformationForceAccessCheck, // q; s: FILE_CASE_SENSITIVE_INFORMATION + FileKnownFolderInformation, // q; s: FILE_KNOWN_FOLDER_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES) // since WIN11 + FileStatBasicInformation, // since 23H2 + FileId64ExtdDirectoryInformation, + FileId64ExtdBothDirectoryInformation, + FileIdAllExtdDirectoryInformation, + FileIdAllExtdBothDirectoryInformation, + FileMaximumInformation +} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS; + +// NtQueryInformationFile/NtSetInformationFile types + +typedef struct _FILE_BASIC_INFORMATION +{ + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + ULONG FileAttributes; +} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION; + +typedef struct _FILE_STANDARD_INFORMATION +{ + LARGE_INTEGER AllocationSize; + LARGE_INTEGER EndOfFile; + ULONG NumberOfLinks; + BOOLEAN DeletePending; + BOOLEAN Directory; +} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION; + +//#if (PHNT_VERSION >= PHNT_THRESHOLD) +typedef struct _FILE_STANDARD_INFORMATION_EX +{ + LARGE_INTEGER AllocationSize; + LARGE_INTEGER EndOfFile; + ULONG NumberOfLinks; + BOOLEAN DeletePending; + BOOLEAN Directory; + BOOLEAN AlternateStream; + BOOLEAN MetadataAttribute; +} FILE_STANDARD_INFORMATION_EX, *PFILE_STANDARD_INFORMATION_EX; +//#endif + +typedef struct _FILE_INTERNAL_INFORMATION +{ + union + { + LARGE_INTEGER IndexNumber; + struct + { + LONGLONG MftRecordIndex : 48; // rev + LONGLONG SequenceNumber : 16; // rev + }; + }; +} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; + +typedef struct _FILE_EA_INFORMATION +{ + ULONG EaSize; +} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; + +typedef struct _FILE_ACCESS_INFORMATION +{ + ACCESS_MASK AccessFlags; +} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION; + +typedef struct _FILE_POSITION_INFORMATION +{ + LARGE_INTEGER CurrentByteOffset; +} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION; + +typedef struct _FILE_MODE_INFORMATION +{ + ULONG Mode; +} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION; + +typedef struct _FILE_ALIGNMENT_INFORMATION +{ + ULONG AlignmentRequirement; +} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION; + +typedef struct _FILE_NAME_INFORMATION +{ + ULONG FileNameLength; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION; + +typedef struct _FILE_ALL_INFORMATION +{ + FILE_BASIC_INFORMATION BasicInformation; + FILE_STANDARD_INFORMATION StandardInformation; + FILE_INTERNAL_INFORMATION InternalInformation; + FILE_EA_INFORMATION EaInformation; + FILE_ACCESS_INFORMATION AccessInformation; + FILE_POSITION_INFORMATION PositionInformation; + FILE_MODE_INFORMATION ModeInformation; + FILE_ALIGNMENT_INFORMATION AlignmentInformation; + FILE_NAME_INFORMATION NameInformation; +} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION; + +typedef struct _FILE_NETWORK_OPEN_INFORMATION +{ + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER AllocationSize; + LARGE_INTEGER EndOfFile; + ULONG FileAttributes; +} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION; + +typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION +{ + ULONG FileAttributes; + ULONG ReparseTag; +} FILE_ATTRIBUTE_TAG_INFORMATION, *PFILE_ATTRIBUTE_TAG_INFORMATION; + +typedef struct _FILE_ALLOCATION_INFORMATION +{ + LARGE_INTEGER AllocationSize; +} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION; + +typedef struct _FILE_COMPRESSION_INFORMATION +{ + LARGE_INTEGER CompressedFileSize; + USHORT CompressionFormat; + UCHAR CompressionUnitShift; + UCHAR ChunkShift; + UCHAR ClusterShift; + UCHAR Reserved[3]; +} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; + +typedef struct _FILE_DISPOSITION_INFORMATION +{ + BOOLEAN DeleteFile; +} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION; + +typedef struct _FILE_END_OF_FILE_INFORMATION +{ + LARGE_INTEGER EndOfFile; +} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION; + +//#if (PHNT_VERSION >= PHNT_REDSTONE5) +#define FLAGS_END_OF_FILE_INFO_EX_EXTEND_PAGING 0x00000001 +#define FLAGS_END_OF_FILE_INFO_EX_NO_EXTRA_PAGING_EXTEND 0x00000002 +#define FLAGS_END_OF_FILE_INFO_EX_TIME_CONSTRAINED 0x00000004 +#define FLAGS_DELAY_REASONS_LOG_FILE_FULL 0x00000001 +#define FLAGS_DELAY_REASONS_BITMAP_SCANNED 0x00000002 + +typedef struct _FILE_END_OF_FILE_INFORMATION_EX +{ + LARGE_INTEGER EndOfFile; + LARGE_INTEGER PagingFileSizeInMM; + LARGE_INTEGER PagingFileMaxSize; + ULONG Flags; +} FILE_END_OF_FILE_INFORMATION_EX, *PFILE_END_OF_FILE_INFORMATION_EX; +//#endif + +typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION +{ + LARGE_INTEGER ValidDataLength; +} FILE_VALID_DATA_LENGTH_INFORMATION, *PFILE_VALID_DATA_LENGTH_INFORMATION; + +#define FILE_LINK_REPLACE_IF_EXISTS 0x00000001 // since RS5 +#define FILE_LINK_POSIX_SEMANTICS 0x00000002 + +#define FILE_LINK_SUPPRESS_STORAGE_RESERVE_INHERITANCE 0x00000008 +#define FILE_LINK_NO_INCREASE_AVAILABLE_SPACE 0x00000010 +#define FILE_LINK_NO_DECREASE_AVAILABLE_SPACE 0x00000020 +#define FILE_LINK_PRESERVE_AVAILABLE_SPACE 0x00000030 +#define FILE_LINK_IGNORE_READONLY_ATTRIBUTE 0x00000040 +#define FILE_LINK_FORCE_RESIZE_TARGET_SR 0x00000080 // since 19H1 +#define FILE_LINK_FORCE_RESIZE_SOURCE_SR 0x00000100 +#define FILE_LINK_FORCE_RESIZE_SR 0x00000180 + +typedef struct _FILE_LINK_INFORMATION +{ + BOOLEAN ReplaceIfExists; + HANDLE RootDirectory; + ULONG FileNameLength; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; + +typedef struct _FILE_LINK_INFORMATION_EX +{ + ULONG Flags; + HANDLE RootDirectory; + ULONG FileNameLength; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_LINK_INFORMATION_EX, *PFILE_LINK_INFORMATION_EX; + +typedef struct _FILE_MOVE_CLUSTER_INFORMATION +{ + ULONG ClusterCount; + HANDLE RootDirectory; + ULONG FileNameLength; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION; + +typedef struct _FILE_RENAME_INFORMATION +{ + BOOLEAN ReplaceIfExists; + HANDLE RootDirectory; + ULONG FileNameLength; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; + +#define FILE_RENAME_REPLACE_IF_EXISTS 0x00000001 // since REDSTONE +#define FILE_RENAME_POSIX_SEMANTICS 0x00000002 +#define FILE_RENAME_SUPPRESS_PIN_STATE_INHERITANCE 0x00000004 // since REDSTONE3 +#define FILE_RENAME_SUPPRESS_STORAGE_RESERVE_INHERITANCE 0x00000008 // since REDSTONE5 +#define FILE_RENAME_NO_INCREASE_AVAILABLE_SPACE 0x00000010 +#define FILE_RENAME_NO_DECREASE_AVAILABLE_SPACE 0x00000020 +#define FILE_RENAME_PRESERVE_AVAILABLE_SPACE 0x00000030 +#define FILE_RENAME_IGNORE_READONLY_ATTRIBUTE 0x00000040 +#define FILE_RENAME_FORCE_RESIZE_TARGET_SR 0x00000080 // since 19H1 +#define FILE_RENAME_FORCE_RESIZE_SOURCE_SR 0x00000100 +#define FILE_RENAME_FORCE_RESIZE_SR 0x00000180 + +typedef struct _FILE_RENAME_INFORMATION_EX +{ + ULONG Flags; + HANDLE RootDirectory; + ULONG FileNameLength; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_RENAME_INFORMATION_EX, *PFILE_RENAME_INFORMATION_EX; + +typedef struct _FILE_STREAM_INFORMATION +{ + ULONG NextEntryOffset; + ULONG StreamNameLength; + LARGE_INTEGER StreamSize; + LARGE_INTEGER StreamAllocationSize; + _Field_size_bytes_(StreamNameLength) WCHAR StreamName[1]; +} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION; + +typedef struct _FILE_TRACKING_INFORMATION +{ + HANDLE DestinationFile; + ULONG ObjectInformationLength; + _Field_size_bytes_(ObjectInformationLength) CHAR ObjectInformation[1]; +} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION; + +typedef struct _FILE_COMPLETION_INFORMATION +{ + HANDLE Port; + PVOID Key; +} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION; + +typedef struct _FILE_PIPE_INFORMATION +{ + ULONG ReadMode; + ULONG CompletionMode; +} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; + +typedef struct _FILE_PIPE_LOCAL_INFORMATION +{ + ULONG NamedPipeType; + ULONG NamedPipeConfiguration; + ULONG MaximumInstances; + ULONG CurrentInstances; + ULONG InboundQuota; + ULONG ReadDataAvailable; + ULONG OutboundQuota; + ULONG WriteQuotaAvailable; + ULONG NamedPipeState; + ULONG NamedPipeEnd; +} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; + +typedef struct _FILE_PIPE_REMOTE_INFORMATION +{ + LARGE_INTEGER CollectDataTime; + ULONG MaximumCollectionCount; +} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; + +typedef struct _FILE_MAILSLOT_QUERY_INFORMATION +{ + ULONG MaximumMessageSize; + ULONG MailslotQuota; + ULONG NextMessageSize; + ULONG MessagesAvailable; + LARGE_INTEGER ReadTimeout; +} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION; + +typedef struct _FILE_MAILSLOT_SET_INFORMATION +{ + PLARGE_INTEGER ReadTimeout; +} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; + +typedef struct _FILE_REPARSE_POINT_INFORMATION +{ + LONGLONG FileReference; + ULONG Tag; +} FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION; + +typedef struct _FILE_LINK_ENTRY_INFORMATION +{ + ULONG NextEntryOffset; + LONGLONG ParentFileId; // LARGE_INTEGER + ULONG FileNameLength; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_LINK_ENTRY_INFORMATION, *PFILE_LINK_ENTRY_INFORMATION; + +typedef struct _FILE_LINKS_INFORMATION +{ + ULONG BytesNeeded; + ULONG EntriesReturned; + FILE_LINK_ENTRY_INFORMATION Entry; +} FILE_LINKS_INFORMATION, *PFILE_LINKS_INFORMATION; + +typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION +{ + ULONG FileNameLength; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_NETWORK_PHYSICAL_NAME_INFORMATION, *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION; + +typedef struct _FILE_STANDARD_LINK_INFORMATION +{ + ULONG NumberOfAccessibleLinks; + ULONG TotalNumberOfLinks; + BOOLEAN DeletePending; + BOOLEAN Directory; +} FILE_STANDARD_LINK_INFORMATION, *PFILE_STANDARD_LINK_INFORMATION; + +typedef struct _FILE_SFIO_RESERVE_INFORMATION +{ + ULONG RequestsPerPeriod; + ULONG Period; + BOOLEAN RetryFailures; + BOOLEAN Discardable; + ULONG RequestSize; + ULONG NumOutstandingRequests; +} FILE_SFIO_RESERVE_INFORMATION, *PFILE_SFIO_RESERVE_INFORMATION; + +typedef struct _FILE_SFIO_VOLUME_INFORMATION +{ + ULONG MaximumRequestsPerPeriod; + ULONG MinimumPeriod; + ULONG MinimumTransferSize; +} FILE_SFIO_VOLUME_INFORMATION, *PFILE_SFIO_VOLUME_INFORMATION; + +typedef enum _IO_PRIORITY_HINT +{ + IoPriorityVeryLow = 0, // Defragging, content indexing and other background I/Os. + IoPriorityLow, // Prefetching for applications. + IoPriorityNormal, // Normal I/Os. + IoPriorityHigh, // Used by filesystems for checkpoint I/O. + IoPriorityCritical, // Used by memory manager. Not available for applications. + MaxIoPriorityTypes +} IO_PRIORITY_HINT; + +typedef struct DECLSPEC_ALIGN(8) _FILE_IO_PRIORITY_HINT_INFORMATION +{ + IO_PRIORITY_HINT PriorityHint; +} FILE_IO_PRIORITY_HINT_INFORMATION, *PFILE_IO_PRIORITY_HINT_INFORMATION; + +typedef struct _FILE_IO_PRIORITY_HINT_INFORMATION_EX +{ + IO_PRIORITY_HINT PriorityHint; + BOOLEAN BoostOutstanding; +} FILE_IO_PRIORITY_HINT_INFORMATION_EX, *PFILE_IO_PRIORITY_HINT_INFORMATION_EX; + +#define FILE_SKIP_COMPLETION_PORT_ON_SUCCESS 0x1 +#define FILE_SKIP_SET_EVENT_ON_HANDLE 0x2 +#define FILE_SKIP_SET_USER_EVENT_ON_FAST_IO 0x4 + +typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION +{ + ULONG Flags; +} FILE_IO_COMPLETION_NOTIFICATION_INFORMATION, *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION; + +typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION +{ + ULONG NumberOfProcessIdsInList; + _Field_size_(NumberOfProcessIdsInList) ULONG_PTR ProcessIdList[1]; +} FILE_PROCESS_IDS_USING_FILE_INFORMATION, *PFILE_PROCESS_IDS_USING_FILE_INFORMATION; + +typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION +{ + BOOLEAN IsRemote; +} FILE_IS_REMOTE_DEVICE_INFORMATION, *PFILE_IS_REMOTE_DEVICE_INFORMATION; + +typedef struct _FILE_NUMA_NODE_INFORMATION +{ + USHORT NodeNumber; +} FILE_NUMA_NODE_INFORMATION, *PFILE_NUMA_NODE_INFORMATION; + +typedef struct _FILE_IOSTATUSBLOCK_RANGE_INFORMATION +{ + PUCHAR IoStatusBlockRange; + ULONG Length; +} FILE_IOSTATUSBLOCK_RANGE_INFORMATION, *PFILE_IOSTATUSBLOCK_RANGE_INFORMATION; + +// Win32 FILE_REMOTE_PROTOCOL_INFO +typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION +{ + // Structure Version + USHORT StructureVersion; // 1 for Win7, 2 for Win8 SMB3, 3 for Blue SMB3, 4 for RS5 + USHORT StructureSize; // sizeof(FILE_REMOTE_PROTOCOL_INFORMATION) + + ULONG Protocol; // Protocol (WNNC_NET_*) defined in winnetwk.h or ntifs.h. + + // Protocol Version & Type + USHORT ProtocolMajorVersion; + USHORT ProtocolMinorVersion; + USHORT ProtocolRevision; + + USHORT Reserved; + + // Protocol-Generic Information + ULONG Flags; + + struct + { + ULONG Reserved[8]; + } GenericReserved; + + // Protocol specific information + +#if (_WIN32_WINNT < PHNT_WIN8) + struct + { + ULONG Reserved[16]; + } ProtocolSpecificReserved; +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) + union + { + struct + { + struct + { + ULONG Capabilities; + } Server; + struct + { + ULONG Capabilities; +#if (PHNT_VERSION >= PHNT_21H1) + ULONG ShareFlags; +#else + ULONG CachingFlags; +#endif +#if (PHNT_VERSION >= PHNT_REDSTONE5) + UCHAR ShareType; + UCHAR Reserved0[3]; + ULONG Reserved1; +#endif + } Share; + } Smb2; + ULONG Reserved[16]; + } ProtocolSpecific; +#endif +} FILE_REMOTE_PROTOCOL_INFORMATION, *PFILE_REMOTE_PROTOCOL_INFORMATION; + +#define CHECKSUM_ENFORCEMENT_OFF 0x00000001 + +typedef struct _FILE_INTEGRITY_STREAM_INFORMATION +{ + USHORT ChecksumAlgorithm; + UCHAR ChecksumChunkShift; + UCHAR ClusterShift; + ULONG Flags; +} FILE_INTEGRITY_STREAM_INFORMATION, *PFILE_INTEGRITY_STREAM_INFORMATION; + +typedef struct _FILE_VOLUME_NAME_INFORMATION +{ + ULONG DeviceNameLength; + _Field_size_bytes_(DeviceNameLength) WCHAR DeviceName[1]; +} FILE_VOLUME_NAME_INFORMATION, *PFILE_VOLUME_NAME_INFORMATION; + +#ifndef FILE_INVALID_FILE_ID +#define FILE_INVALID_FILE_ID ((LONGLONG)-1LL) +#endif + +#define FILE_ID_IS_INVALID(FID) ((FID).QuadPart == FILE_INVALID_FILE_ID) + +#define FILE_ID_128_IS_INVALID(FID128) \ + (((FID128).Identifier[0] == (UCHAR)-1) && \ + ((FID128).Identifier[1] == (UCHAR)-1) && \ + ((FID128).Identifier[2] == (UCHAR)-1) && \ + ((FID128).Identifier[3] == (UCHAR)-1) && \ + ((FID128).Identifier[4] == (UCHAR)-1) && \ + ((FID128).Identifier[5] == (UCHAR)-1) && \ + ((FID128).Identifier[6] == (UCHAR)-1) && \ + ((FID128).Identifier[7] == (UCHAR)-1) && \ + ((FID128).Identifier[8] == (UCHAR)-1) && \ + ((FID128).Identifier[9] == (UCHAR)-1) && \ + ((FID128).Identifier[10] == (UCHAR)-1) && \ + ((FID128).Identifier[11] == (UCHAR)-1) && \ + ((FID128).Identifier[12] == (UCHAR)-1) && \ + ((FID128).Identifier[13] == (UCHAR)-1) && \ + ((FID128).Identifier[14] == (UCHAR)-1) && \ + ((FID128).Identifier[15] == (UCHAR)-1)) + +#define MAKE_INVALID_FILE_ID_128(FID128) { \ + ((FID128).Identifier[0] = (UCHAR)-1); \ + ((FID128).Identifier[1] = (UCHAR)-1); \ + ((FID128).Identifier[2] = (UCHAR)-1); \ + ((FID128).Identifier[3] = (UCHAR)-1); \ + ((FID128).Identifier[4] = (UCHAR)-1); \ + ((FID128).Identifier[5] = (UCHAR)-1); \ + ((FID128).Identifier[6] = (UCHAR)-1); \ + ((FID128).Identifier[7] = (UCHAR)-1); \ + ((FID128).Identifier[8] = (UCHAR)-1); \ + ((FID128).Identifier[9] = (UCHAR)-1); \ + ((FID128).Identifier[10] = (UCHAR)-1); \ + ((FID128).Identifier[11] = (UCHAR)-1); \ + ((FID128).Identifier[12] = (UCHAR)-1); \ + ((FID128).Identifier[13] = (UCHAR)-1); \ + ((FID128).Identifier[14] = (UCHAR)-1); \ + ((FID128).Identifier[15] = (UCHAR)-1); \ +} + +typedef struct _FILE_ID_INFORMATION +{ + ULONGLONG VolumeSerialNumber; + union + { + FILE_ID_128 FileId; + struct + { + LONGLONG FileIdLowPart : 64; // rev + LONGLONG FileIdHighPart : 64; // rev + }; + }; +} FILE_ID_INFORMATION, *PFILE_ID_INFORMATION; + +typedef struct _FILE_ID_EXTD_DIR_INFORMATION +{ + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + ULONG ReparsePointTag; + FILE_ID_128 FileId; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_ID_EXTD_DIR_INFORMATION, *PFILE_ID_EXTD_DIR_INFORMATION; + +typedef struct _FILE_LINK_ENTRY_FULL_ID_INFORMATION +{ + ULONG NextEntryOffset; + FILE_ID_128 ParentFileId; + ULONG FileNameLength; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_LINK_ENTRY_FULL_ID_INFORMATION, *PFILE_LINK_ENTRY_FULL_ID_INFORMATION; + +typedef struct _FILE_LINKS_FULL_ID_INFORMATION +{ + ULONG BytesNeeded; + ULONG EntriesReturned; + FILE_LINK_ENTRY_FULL_ID_INFORMATION Entry; +} FILE_LINKS_FULL_ID_INFORMATION, *PFILE_LINKS_FULL_ID_INFORMATION; + +typedef struct _FILE_ID_EXTD_BOTH_DIR_INFORMATION +{ + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + ULONG ReparsePointTag; + FILE_ID_128 FileId; + CCHAR ShortNameLength; + WCHAR ShortName[12]; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_ID_EXTD_BOTH_DIR_INFORMATION, *PFILE_ID_EXTD_BOTH_DIR_INFORMATION; + +typedef struct _FILE_STAT_INFORMATION +{ + LARGE_INTEGER FileId; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER AllocationSize; + LARGE_INTEGER EndOfFile; + ULONG FileAttributes; + ULONG ReparseTag; + ULONG NumberOfLinks; + ACCESS_MASK EffectiveAccess; +} FILE_STAT_INFORMATION, *PFILE_STAT_INFORMATION; + +typedef struct _FILE_MEMORY_PARTITION_INFORMATION +{ + HANDLE OwnerPartitionHandle; + union + { + struct + { + UCHAR NoCrossPartitionAccess; + UCHAR Spare[3]; + }; + ULONG AllFlags; + } Flags; +} FILE_MEMORY_PARTITION_INFORMATION, *PFILE_MEMORY_PARTITION_INFORMATION; + +// LxFlags +#define LX_FILE_METADATA_HAS_UID 0x1 +#define LX_FILE_METADATA_HAS_GID 0x2 +#define LX_FILE_METADATA_HAS_MODE 0x4 +#define LX_FILE_METADATA_HAS_DEVICE_ID 0x8 +#define LX_FILE_CASE_SENSITIVE_DIR 0x10 + +typedef struct _FILE_STAT_LX_INFORMATION +{ + LARGE_INTEGER FileId; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER AllocationSize; + LARGE_INTEGER EndOfFile; + ULONG FileAttributes; + ULONG ReparseTag; + ULONG NumberOfLinks; + ACCESS_MASK EffectiveAccess; + ULONG LxFlags; + ULONG LxUid; + ULONG LxGid; + ULONG LxMode; + ULONG LxDeviceIdMajor; + ULONG LxDeviceIdMinor; +} FILE_STAT_LX_INFORMATION, *PFILE_STAT_LX_INFORMATION; + +typedef struct _FILE_STORAGE_RESERVE_ID_INFORMATION { + STORAGE_RESERVE_ID StorageReserveId; +} FILE_STORAGE_RESERVE_ID_INFORMATION, *PFILE_STORAGE_RESERVE_ID_INFORMATION; + +#define FILE_CS_FLAG_CASE_SENSITIVE_DIR 0x00000001 + +typedef struct _FILE_CASE_SENSITIVE_INFORMATION +{ + ULONG Flags; +} FILE_CASE_SENSITIVE_INFORMATION, *PFILE_CASE_SENSITIVE_INFORMATION; + +typedef enum _FILE_KNOWN_FOLDER_TYPE +{ + KnownFolderNone, + KnownFolderDesktop, + KnownFolderDocuments, + KnownFolderDownloads, + KnownFolderMusic, + KnownFolderPictures, + KnownFolderVideos, + KnownFolderOther, + KnownFolderMax = 7 +} FILE_KNOWN_FOLDER_TYPE; + +typedef struct _FILE_KNOWN_FOLDER_INFORMATION +{ + FILE_KNOWN_FOLDER_TYPE Type; +} FILE_KNOWN_FOLDER_INFORMATION, *PFILE_KNOWN_FOLDER_INFORMATION; + +// NtQueryDirectoryFile types + +typedef struct _FILE_DIRECTORY_INFORMATION +{ + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; + +typedef struct _FILE_FULL_DIR_INFORMATION +{ + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION; + +typedef struct _FILE_ID_FULL_DIR_INFORMATION +{ + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + LARGE_INTEGER FileId; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION; + +typedef struct _FILE_BOTH_DIR_INFORMATION +{ + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + CCHAR ShortNameLength; + WCHAR ShortName[12]; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; + +typedef struct _FILE_ID_BOTH_DIR_INFORMATION +{ + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + CCHAR ShortNameLength; + WCHAR ShortName[12]; + LARGE_INTEGER FileId; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION; + +typedef struct _FILE_NAMES_INFORMATION +{ + ULONG NextEntryOffset; + ULONG FileIndex; + ULONG FileNameLength; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION; + +typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION +{ + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + LARGE_INTEGER FileId; + GUID LockingTransactionId; + ULONG TxInfoFlags; + _Field_size_bytes_(FileNameLength) WCHAR FileName[1]; +} FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION; + +#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001 +#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002 +#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004 + +typedef struct _FILE_OBJECTID_INFORMATION +{ + LONGLONG FileReference; + UCHAR ObjectId[16]; // GUID + union + { + struct + { + UCHAR BirthVolumeId[16]; + UCHAR BirthObjectId[16]; + UCHAR DomainId[16]; + }; + UCHAR ExtendedInfo[48]; + }; +} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION; + +typedef struct _FILE_DIRECTORY_NEXT_INFORMATION +{ + ULONG NextEntryOffset; +} FILE_DIRECTORY_NEXT_INFORMATION, *PFILE_DIRECTORY_NEXT_INFORMATION; + +// NtQueryEaFile/NtSetEaFile types + +typedef struct _FILE_FULL_EA_INFORMATION +{ + ULONG NextEntryOffset; + UCHAR Flags; + UCHAR EaNameLength; + USHORT EaValueLength; + _Field_size_bytes_(EaNameLength) CHAR EaName[1]; + // ... + // UCHAR EaValue[1] +} FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION; + +typedef struct _FILE_GET_EA_INFORMATION +{ + ULONG NextEntryOffset; + UCHAR EaNameLength; + _Field_size_bytes_(EaNameLength) CHAR EaName[1]; +} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION; + +// NtQueryQuotaInformationFile/NtSetQuotaInformationFile types + +typedef struct _FILE_GET_QUOTA_INFORMATION +{ + ULONG NextEntryOffset; + ULONG SidLength; + _Field_size_bytes_(SidLength) SID Sid; +} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION; + +typedef struct _FILE_QUOTA_INFORMATION +{ + ULONG NextEntryOffset; + ULONG SidLength; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER QuotaUsed; + LARGE_INTEGER QuotaThreshold; + LARGE_INTEGER QuotaLimit; + _Field_size_bytes_(SidLength) SID Sid; +} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; + +typedef enum _FSINFOCLASS +{ + FileFsVolumeInformation = 1, // q: FILE_FS_VOLUME_INFORMATION + FileFsLabelInformation, // s: FILE_FS_LABEL_INFORMATION (requires FILE_WRITE_DATA to volume) + FileFsSizeInformation, // q: FILE_FS_SIZE_INFORMATION + FileFsDeviceInformation, // q: FILE_FS_DEVICE_INFORMATION + FileFsAttributeInformation, // q: FILE_FS_ATTRIBUTE_INFORMATION + FileFsControlInformation, // q, s: FILE_FS_CONTROL_INFORMATION (q: requires FILE_READ_DATA; s: requires FILE_WRITE_DATA to volume) + FileFsFullSizeInformation, // q: FILE_FS_FULL_SIZE_INFORMATION + FileFsObjectIdInformation, // q; s: FILE_FS_OBJECTID_INFORMATION (s: requires FILE_WRITE_DATA to volume) + FileFsDriverPathInformation, // q: FILE_FS_DRIVER_PATH_INFORMATION + FileFsVolumeFlagsInformation, // q; s: FILE_FS_VOLUME_FLAGS_INFORMATION (q: requires FILE_READ_ATTRIBUTES; s: requires FILE_WRITE_ATTRIBUTES to volume) // 10 + FileFsSectorSizeInformation, // q: FILE_FS_SECTOR_SIZE_INFORMATION // since WIN8 + FileFsDataCopyInformation, // q: FILE_FS_DATA_COPY_INFORMATION + FileFsMetadataSizeInformation, // q: FILE_FS_METADATA_SIZE_INFORMATION // since THRESHOLD + FileFsFullSizeInformationEx, // q: FILE_FS_FULL_SIZE_INFORMATION_EX // since REDSTONE5 + FileFsGuidInformation, // q: FILE_FS_GUID_INFORMATION // since 23H2 + FileFsMaximumInformation +} FSINFOCLASS, *PFSINFOCLASS; +typedef enum _FSINFOCLASS FS_INFORMATION_CLASS; + +// NtQueryVolumeInformation/NtSetVolumeInformation types + +typedef struct _FILE_FS_VOLUME_INFORMATION +{ + LARGE_INTEGER VolumeCreationTime; + ULONG VolumeSerialNumber; + ULONG VolumeLabelLength; + BOOLEAN SupportsObjects; + _Field_size_bytes_(VolumeLabelLength) WCHAR VolumeLabel[1]; +} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION; + +typedef struct _FILE_FS_LABEL_INFORMATION +{ + ULONG VolumeLabelLength; + _Field_size_bytes_(VolumeLabelLength) WCHAR VolumeLabel[1]; +} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION; + +typedef struct _FILE_FS_SIZE_INFORMATION +{ + LARGE_INTEGER TotalAllocationUnits; + LARGE_INTEGER AvailableAllocationUnits; + ULONG SectorsPerAllocationUnit; + ULONG BytesPerSector; +} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION; + +// FileSystemControlFlags +#define FILE_VC_QUOTA_NONE 0x00000000 +#define FILE_VC_QUOTA_TRACK 0x00000001 +#define FILE_VC_QUOTA_ENFORCE 0x00000002 +#define FILE_VC_QUOTA_MASK 0x00000003 +#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008 +#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010 +#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020 +#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040 +#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080 +#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100 +#define FILE_VC_QUOTAS_REBUILDING 0x00000200 +#define FILE_VC_VALID_MASK 0x000003ff + +typedef struct _FILE_FS_CONTROL_INFORMATION +{ + LARGE_INTEGER FreeSpaceStartFiltering; + LARGE_INTEGER FreeSpaceThreshold; + LARGE_INTEGER FreeSpaceStopFiltering; + LARGE_INTEGER DefaultQuotaThreshold; + LARGE_INTEGER DefaultQuotaLimit; + ULONG FileSystemControlFlags; // FILE_VC_* +} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION; + +typedef struct _FILE_FS_FULL_SIZE_INFORMATION +{ + LARGE_INTEGER TotalAllocationUnits; + LARGE_INTEGER CallerAvailableAllocationUnits; + LARGE_INTEGER ActualAvailableAllocationUnits; + ULONG SectorsPerAllocationUnit; + ULONG BytesPerSector; +} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION; + +typedef struct _FILE_FS_OBJECTID_INFORMATION +{ + UCHAR ObjectId[16]; + union + { + struct + { + UCHAR BirthVolumeId[16]; + UCHAR BirthObjectId[16]; + UCHAR DomainId[16]; + }; + UCHAR ExtendedInfo[48]; + }; +} FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION; + +typedef struct _FILE_FS_DEVICE_INFORMATION +{ + DEVICE_TYPE DeviceType; + ULONG Characteristics; +} FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION; + +typedef struct _FILE_FS_ATTRIBUTE_INFORMATION +{ + ULONG FileSystemAttributes; + LONG MaximumComponentNameLength; + ULONG FileSystemNameLength; + _Field_size_bytes_(FileSystemNameLength) WCHAR FileSystemName[1]; +} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; + +typedef struct _FILE_FS_DRIVER_PATH_INFORMATION +{ + BOOLEAN DriverInPath; + ULONG DriverNameLength; + _Field_size_bytes_(DriverNameLength) WCHAR DriverName[1]; +} FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION; + +typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION +{ + ULONG Flags; +} FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION; + +#define SSINFO_FLAGS_ALIGNED_DEVICE 0x00000001 +#define SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE 0x00000002 +#define SSINFO_FLAGS_NO_SEEK_PENALTY 0x00000004 +#define SSINFO_FLAGS_TRIM_ENABLED 0x00000008 +#define SSINFO_FLAGS_BYTE_ADDRESSABLE 0x00000010 // since REDSTONE + +// If set for Sector and Partition fields, alignment is not known. +#define SSINFO_OFFSET_UNKNOWN 0xffffffff + +typedef struct _FILE_FS_SECTOR_SIZE_INFORMATION +{ + ULONG LogicalBytesPerSector; + ULONG PhysicalBytesPerSectorForAtomicity; + ULONG PhysicalBytesPerSectorForPerformance; + ULONG FileSystemEffectivePhysicalBytesPerSectorForAtomicity; + ULONG Flags; // SSINFO_FLAGS_* + ULONG ByteOffsetForSectorAlignment; + ULONG ByteOffsetForPartitionAlignment; +} FILE_FS_SECTOR_SIZE_INFORMATION, *PFILE_FS_SECTOR_SIZE_INFORMATION; + +typedef struct _FILE_FS_DATA_COPY_INFORMATION +{ + ULONG NumberOfCopies; +} FILE_FS_DATA_COPY_INFORMATION, *PFILE_FS_DATA_COPY_INFORMATION; + +typedef struct _FILE_FS_METADATA_SIZE_INFORMATION +{ + LARGE_INTEGER TotalMetadataAllocationUnits; + ULONG SectorsPerAllocationUnit; + ULONG BytesPerSector; +} FILE_FS_METADATA_SIZE_INFORMATION, *PFILE_FS_METADATA_SIZE_INFORMATION; + +typedef struct _FILE_FS_FULL_SIZE_INFORMATION_EX +{ + ULONGLONG ActualTotalAllocationUnits; + ULONGLONG ActualAvailableAllocationUnits; + ULONGLONG ActualPoolUnavailableAllocationUnits; + ULONGLONG CallerTotalAllocationUnits; + ULONGLONG CallerAvailableAllocationUnits; + ULONGLONG CallerPoolUnavailableAllocationUnits; + ULONGLONG UsedAllocationUnits; + ULONGLONG TotalReservedAllocationUnits; + ULONGLONG VolumeStorageReserveAllocationUnits; + ULONGLONG AvailableCommittedAllocationUnits; + ULONGLONG PoolAvailableAllocationUnits; + ULONG SectorsPerAllocationUnit; + ULONG BytesPerSector; +} FILE_FS_FULL_SIZE_INFORMATION_EX, *PFILE_FS_FULL_SIZE_INFORMATION_EX; + +typedef struct _FILE_FS_GUID_INFORMATION +{ + GUID FsGuid; +} FILE_FS_GUID_INFORMATION, *PFILE_FS_GUID_INFORMATION; + +// System calls + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateFile( + _Out_ PHANDLE FileHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_opt_ PLARGE_INTEGER AllocationSize, + _In_ ULONG FileAttributes, + _In_ ULONG ShareAccess, + _In_ ULONG CreateDisposition, + _In_ ULONG CreateOptions, + _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, + _In_ ULONG EaLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateNamedPipeFile( + _Out_ PHANDLE FileHandle, + _In_ ULONG DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG ShareAccess, + _In_ ULONG CreateDisposition, + _In_ ULONG CreateOptions, + _In_ ULONG NamedPipeType, + _In_ ULONG ReadMode, + _In_ ULONG CompletionMode, + _In_ ULONG MaximumInstances, + _In_ ULONG InboundQuota, + _In_ ULONG OutboundQuota, + _In_ PLARGE_INTEGER DefaultTimeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateMailslotFile( + _Out_ PHANDLE FileHandle, + _In_ ULONG DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG CreateOptions, + _In_ ULONG MailslotQuota, + _In_ ULONG MaximumMessageSize, + _In_ PLARGE_INTEGER ReadTimeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenFile( + _Out_ PHANDLE FileHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG ShareAccess, + _In_ ULONG OpenOptions + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDeleteFile( + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFlushBuffersFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock + ); + +#define FLUSH_FLAGS_FILE_DATA_ONLY 0x00000001 +#define FLUSH_FLAGS_NO_SYNC 0x00000002 +#define FLUSH_FLAGS_FILE_DATA_SYNC_ONLY 0x00000004 // REDSTONE1 + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFlushBuffersFileEx( + _In_ HANDLE FileHandle, + _In_ ULONG Flags, + _In_reads_bytes_(ParametersSize) PVOID Parameters, + _In_ ULONG ParametersSize, + _Out_ PIO_STATUS_BLOCK IoStatusBlock + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInformationFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID FileInformation, + _In_ ULONG Length, + _In_ FILE_INFORMATION_CLASS FileInformationClass + ); + +#if (PHNT_VERSION >= PHNT_REDSTONE2) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInformationByName( + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID FileInformation, + _In_ ULONG Length, + _In_ FILE_INFORMATION_CLASS FileInformationClass + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_reads_bytes_(Length) PVOID FileInformation, + _In_ ULONG Length, + _In_ FILE_INFORMATION_CLASS FileInformationClass + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryDirectoryFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID FileInformation, + _In_ ULONG Length, + _In_ FILE_INFORMATION_CLASS FileInformationClass, + _In_ BOOLEAN ReturnSingleEntry, + _In_opt_ PUNICODE_STRING FileName, + _In_ BOOLEAN RestartScan + ); + +#if (PHNT_VERSION >= PHNT_REDSTONE3) +// QueryFlags values for NtQueryDirectoryFileEx +#define FILE_QUERY_RESTART_SCAN 0x00000001 +#define FILE_QUERY_RETURN_SINGLE_ENTRY 0x00000002 +#define FILE_QUERY_INDEX_SPECIFIED 0x00000004 +#define FILE_QUERY_RETURN_ON_DISK_ENTRIES_ONLY 0x00000008 +#if (PHNT_VERSION >= PHNT_REDSTONE5) +#define FILE_QUERY_NO_CURSOR_UPDATE 0x00000010 +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryDirectoryFileEx( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID FileInformation, + _In_ ULONG Length, + _In_ FILE_INFORMATION_CLASS FileInformationClass, + _In_ ULONG QueryFlags, + _In_opt_ PUNICODE_STRING FileName + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryEaFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID Buffer, + _In_ ULONG Length, + _In_ BOOLEAN ReturnSingleEntry, + _In_reads_bytes_opt_(EaListLength) PVOID EaList, + _In_ ULONG EaListLength, + _In_opt_ PULONG EaIndex, + _In_ BOOLEAN RestartScan + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetEaFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_reads_bytes_(Length) PVOID Buffer, + _In_ ULONG Length + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryQuotaInformationFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID Buffer, + _In_ ULONG Length, + _In_ BOOLEAN ReturnSingleEntry, + _In_reads_bytes_opt_(SidListLength) PVOID SidList, + _In_ ULONG SidListLength, + _In_opt_ PSID StartSid, + _In_ BOOLEAN RestartScan + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetQuotaInformationFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_reads_bytes_(Length) PVOID Buffer, + _In_ ULONG Length + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryVolumeInformationFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID FsInformation, + _In_ ULONG Length, + _In_ FSINFOCLASS FsInformationClass + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetVolumeInformationFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_reads_bytes_(Length) PVOID FsInformation, + _In_ ULONG Length, + _In_ FSINFOCLASS FsInformationClass + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCancelIoFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCancelIoFileEx( + _In_ HANDLE FileHandle, + _In_opt_ PIO_STATUS_BLOCK IoRequestToCancel, + _Out_ PIO_STATUS_BLOCK IoStatusBlock + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCancelSynchronousIoFile( + _In_ HANDLE ThreadHandle, + _In_opt_ PIO_STATUS_BLOCK IoRequestToCancel, + _Out_ PIO_STATUS_BLOCK IoStatusBlock + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDeviceIoControlFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG IoControlCode, + _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, + _In_ ULONG InputBufferLength, + _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, + _In_ ULONG OutputBufferLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFsControlFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG FsControlCode, + _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, + _In_ ULONG InputBufferLength, + _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, + _In_ ULONG OutputBufferLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReadFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID Buffer, + _In_ ULONG Length, + _In_opt_ PLARGE_INTEGER ByteOffset, + _In_opt_ PULONG Key + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWriteFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_reads_bytes_(Length) PVOID Buffer, + _In_ ULONG Length, + _In_opt_ PLARGE_INTEGER ByteOffset, + _In_opt_ PULONG Key + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReadFileScatter( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ PFILE_SEGMENT_ELEMENT SegmentArray, + _In_ ULONG Length, + _In_opt_ PLARGE_INTEGER ByteOffset, + _In_opt_ PULONG Key + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWriteFileGather( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ PFILE_SEGMENT_ELEMENT SegmentArray, + _In_ ULONG Length, + _In_opt_ PLARGE_INTEGER ByteOffset, + _In_opt_ PULONG Key + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtLockFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ PLARGE_INTEGER ByteOffset, + _In_ PLARGE_INTEGER Length, + _In_ ULONG Key, + _In_ BOOLEAN FailImmediately, + _In_ BOOLEAN ExclusiveLock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtUnlockFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ PLARGE_INTEGER ByteOffset, + _In_ PLARGE_INTEGER Length, + _In_ ULONG Key + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryAttributesFile( + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PFILE_BASIC_INFORMATION FileInformation + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryFullAttributesFile( + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtNotifyChangeDirectoryFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID Buffer, // FILE_NOTIFY_INFORMATION + _In_ ULONG Length, + _In_ ULONG CompletionFilter, + _In_ BOOLEAN WatchTree + ); + +// private +typedef enum _DIRECTORY_NOTIFY_INFORMATION_CLASS +{ + DirectoryNotifyInformation = 1, // FILE_NOTIFY_INFORMATION + DirectoryNotifyExtendedInformation, // FILE_NOTIFY_EXTENDED_INFORMATION + DirectoryNotifyFullInformation, // since 22H2 + DirectoryNotifyMaximumInformation +} DIRECTORY_NOTIFY_INFORMATION_CLASS, *PDIRECTORY_NOTIFY_INFORMATION_CLASS; + +#if (PHNT_VERSION >= PHNT_REDSTONE3) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtNotifyChangeDirectoryFileEx( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID Buffer, + _In_ ULONG Length, + _In_ ULONG CompletionFilter, + _In_ BOOLEAN WatchTree, + _In_opt_ DIRECTORY_NOTIFY_INFORMATION_CLASS DirectoryNotifyInformationClass + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtLoadDriver( + _In_ PUNICODE_STRING DriverServiceName + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtUnloadDriver( + _In_ PUNICODE_STRING DriverServiceName + ); + +// I/O completion port + +#ifndef IO_COMPLETION_QUERY_STATE +#define IO_COMPLETION_QUERY_STATE 0x0001 +#endif + +#ifndef IO_COMPLETION_MODIFY_STATE +#define IO_COMPLETION_MODIFY_STATE 0x0002 +#endif + +#ifndef IO_COMPLETION_ALL_ACCESS +#define IO_COMPLETION_ALL_ACCESS (IO_COMPLETION_QUERY_STATE|IO_COMPLETION_MODIFY_STATE|STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE) +#endif + +typedef enum _IO_COMPLETION_INFORMATION_CLASS +{ + IoCompletionBasicInformation +} IO_COMPLETION_INFORMATION_CLASS; + +typedef struct _IO_COMPLETION_BASIC_INFORMATION +{ + LONG Depth; +} IO_COMPLETION_BASIC_INFORMATION, *PIO_COMPLETION_BASIC_INFORMATION; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateIoCompletion( + _Out_ PHANDLE IoCompletionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ ULONG Count + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenIoCompletion( + _Out_ PHANDLE IoCompletionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryIoCompletion( + _In_ HANDLE IoCompletionHandle, + _In_ IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass, + _Out_writes_bytes_(IoCompletionInformationLength) PVOID IoCompletionInformation, + _In_ ULONG IoCompletionInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetIoCompletion( + _In_ HANDLE IoCompletionHandle, + _In_opt_ PVOID KeyContext, + _In_opt_ PVOID ApcContext, + _In_ NTSTATUS IoStatus, + _In_ ULONG_PTR IoStatusInformation + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetIoCompletionEx( + _In_ HANDLE IoCompletionHandle, + _In_ HANDLE IoCompletionPacketHandle, + _In_opt_ PVOID KeyContext, + _In_opt_ PVOID ApcContext, + _In_ NTSTATUS IoStatus, + _In_ ULONG_PTR IoStatusInformation + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRemoveIoCompletion( + _In_ HANDLE IoCompletionHandle, + _Out_ PVOID *KeyContext, + _Out_ PVOID *ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_opt_ PLARGE_INTEGER Timeout + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRemoveIoCompletionEx( + _In_ HANDLE IoCompletionHandle, + _Out_writes_to_(Count, *NumEntriesRemoved) PFILE_IO_COMPLETION_INFORMATION IoCompletionInformation, + _In_ ULONG Count, + _Out_ PULONG NumEntriesRemoved, + _In_opt_ PLARGE_INTEGER Timeout, + _In_ BOOLEAN Alertable + ); +#endif + +// Wait completion packet + +#if (PHNT_VERSION >= PHNT_WIN8) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateWaitCompletionPacket( + _Out_ PHANDLE WaitCompletionPacketHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAssociateWaitCompletionPacket( + _In_ HANDLE WaitCompletionPacketHandle, + _In_ HANDLE IoCompletionHandle, + _In_ HANDLE TargetObjectHandle, + _In_opt_ PVOID KeyContext, + _In_opt_ PVOID ApcContext, + _In_ NTSTATUS IoStatus, + _In_ ULONG_PTR IoStatusInformation, + _Out_opt_ PBOOLEAN AlreadySignaled + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCancelWaitCompletionPacket( + _In_ HANDLE WaitCompletionPacketHandle, + _In_ BOOLEAN RemoveSignaledPacket + ); + +#endif + +// Sessions + +typedef enum _IO_SESSION_EVENT +{ + IoSessionEventIgnore, + IoSessionEventCreated, + IoSessionEventTerminated, + IoSessionEventConnected, + IoSessionEventDisconnected, + IoSessionEventLogon, + IoSessionEventLogoff, + IoSessionEventMax +} IO_SESSION_EVENT; + +typedef enum _IO_SESSION_STATE +{ + IoSessionStateCreated = 1, + IoSessionStateInitialized = 2, + IoSessionStateConnected = 3, + IoSessionStateDisconnected = 4, + IoSessionStateDisconnectedLoggedOn = 5, + IoSessionStateLoggedOn = 6, + IoSessionStateLoggedOff = 7, + IoSessionStateTerminated = 8, + IoSessionStateMax +} IO_SESSION_STATE; + +// Sessions + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenSession( + _Out_ PHANDLE SessionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); +#endif + +#endif + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtNotifyChangeSession( + _In_ HANDLE SessionHandle, + _In_ ULONG ChangeSequenceNumber, + _In_ PLARGE_INTEGER ChangeTimeStamp, + _In_ IO_SESSION_EVENT Event, + _In_ IO_SESSION_STATE NewState, + _In_ IO_SESSION_STATE PreviousState, + _In_reads_bytes_opt_(PayloadSize) PVOID Payload, + _In_ ULONG PayloadSize + ); +#endif + +// I/O Ring + +#if (PHNT_VERSION >= PHNT_WIN11) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateIoRing( + _Out_ PHANDLE IoRingHandle, + _In_ ULONG CreateParametersLength, + _In_ PVOID CreateParameters, + _In_ ULONG OutputParametersLength, + _Out_ PVOID OutputParameters + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSubmitIoRing( + _In_ HANDLE IoRingHandle, + _In_ ULONG Flags, + _In_opt_ ULONG WaitOperations, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryIoRingCapabilities( + _In_ SIZE_T IoRingCapabilitiesLength, + _Out_ PVOID IoRingCapabilities + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationIoRing( + _In_ HANDLE IoRingHandle, + _In_ ULONG IoRingInformationClass, + _In_ ULONG IoRingInformationLength, + _In_ PVOID IoRingInformation + ); +#endif + +// Other types + +typedef enum _INTERFACE_TYPE +{ + InterfaceTypeUndefined = -1, + Internal = 0, + Isa = 1, + Eisa = 2, + MicroChannel = 3, + TurboChannel = 4, + PCIBus = 5, + VMEBus = 6, + NuBus = 7, + PCMCIABus = 8, + CBus = 9, + MPIBus = 10, + MPSABus = 11, + ProcessorInternal = 12, + InternalPowerBus = 13, + PNPISABus = 14, + PNPBus = 15, + Vmcs = 16, + ACPIBus = 17, + MaximumInterfaceType +} INTERFACE_TYPE, *PINTERFACE_TYPE; + +typedef enum _DMA_WIDTH +{ + Width8Bits, + Width16Bits, + Width32Bits, + Width64Bits, + WidthNoWrap, + MaximumDmaWidth +} DMA_WIDTH, *PDMA_WIDTH; + +typedef enum _DMA_SPEED +{ + Compatible, + TypeA, + TypeB, + TypeC, + TypeF, + MaximumDmaSpeed +} DMA_SPEED, *PDMA_SPEED; + +typedef enum _BUS_DATA_TYPE +{ + ConfigurationSpaceUndefined = -1, + Cmos, + EisaConfiguration, + Pos, + CbusConfiguration, + PCIConfiguration, + VMEConfiguration, + NuBusConfiguration, + PCMCIAConfiguration, + MPIConfiguration, + MPSAConfiguration, + PNPISAConfiguration, + SgiInternalConfiguration, + MaximumBusDataType +} BUS_DATA_TYPE, *PBUS_DATA_TYPE; + +// Control structures + +// Reparse structure for FSCTL_SET_REPARSE_POINT, FSCTL_GET_REPARSE_POINT, FSCTL_DELETE_REPARSE_POINT + +#define SYMLINK_FLAG_RELATIVE 0x00000001 + +#if (PHNT_VERSION >= PHNT_REDSTONE4) +#define SYMLINK_DIRECTORY 0x80000000 // If set then this is a directory symlink +#define SYMLINK_FILE 0x40000000 // If set then this is a file symlink +#endif + +typedef struct _REPARSE_DATA_BUFFER +{ + ULONG ReparseTag; + USHORT ReparseDataLength; + USHORT Reserved; + + _Field_size_bytes_(ReparseDataLength) + union + { + struct + { + USHORT SubstituteNameOffset; + USHORT SubstituteNameLength; + USHORT PrintNameOffset; + USHORT PrintNameLength; + ULONG Flags; + WCHAR PathBuffer[1]; + } SymbolicLinkReparseBuffer; + struct + { + USHORT SubstituteNameOffset; + USHORT SubstituteNameLength; + USHORT PrintNameOffset; + USHORT PrintNameLength; + WCHAR PathBuffer[1]; + } MountPointReparseBuffer; + struct + { + ULONG StringCount; + WCHAR StringList[1]; + } AppExecLinkReparseBuffer; + struct + { + UCHAR DataBuffer[1]; + } GenericReparseBuffer; + }; +} REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER; + +#define REPARSE_DATA_BUFFER_HEADER_SIZE UFIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer) + +#if (PHNT_VERSION >= PHNT_REDSTONE) +// Reparse structure for FSCTL_SET_REPARSE_POINT_EX + +typedef struct _REPARSE_DATA_BUFFER_EX +{ + ULONG Flags; + + // + // This is the existing reparse tag on the file if any, if the + // caller wants to replace the reparse tag too. + // + // - To set the reparse data along with the reparse tag that + // could be different, pass the current reparse tag of the + // file. + // + // - To update the reparse data while having the same reparse + // tag, the caller should give the existing reparse tag in + // this ExistingReparseTag field. + // + // - To set the reparse tag along with reparse data on a file + // that doesn't have a reparse tag yet, set this to zero. + // + // If the ExistingReparseTag does not match the reparse tag on + // the file, the FSCTL_SET_REPARSE_POINT_EX would fail with + // STATUS_IO_REPARSE_TAG_MISMATCH. NOTE: If a file doesn't have + // a reparse tag, ExistingReparseTag should be 0. + // + + ULONG ExistingReparseTag; + + // For non-Microsoft reparse tags, this is the existing reparse + // guid on the file if any, if the caller wants to replace the + // reparse tag and / or guid along with the data. + // + // If ExistingReparseTag is 0, the file is not expected to have + // any reparse tags, so ExistingReparseGuid is ignored. And for + // non-Microsoft tags ExistingReparseGuid should match the guid + // in the file if ExistingReparseTag is non zero. + + GUID ExistingReparseGuid; + + // + // Reserved + // + ULONGLONG Reserved; + + // + // Reparse data to set + // + union + { + REPARSE_DATA_BUFFER ReparseDataBuffer; + REPARSE_GUID_DATA_BUFFER ReparseGuidDataBuffer; + }; +} REPARSE_DATA_BUFFER_EX, *PREPARSE_DATA_BUFFER_EX; + +// REPARSE_DATA_BUFFER_EX Flags +// +// REPARSE_DATA_EX_FLAG_GIVEN_TAG_OR_NONE - Forces the FSCTL to set the +// reparse tag if the file has no tag or the tag on the file is same as +// the one in ExistingReparseTag. NOTE: If the ExistingReparseTag is +// not a Microsoft tag then the ExistingReparseGuid should match if the +// file has the ExistingReparseTag. +// +#define REPARSE_DATA_EX_FLAG_GIVEN_TAG_OR_NONE (0x00000001) + +#define REPARSE_GUID_DATA_BUFFER_EX_HEADER_SIZE \ + UFIELD_OFFSET(REPARSE_DATA_BUFFER_EX, ReparseGuidDataBuffer.GenericReparseBuffer) + +#define REPARSE_DATA_BUFFER_EX_HEADER_SIZE \ + UFIELD_OFFSET(REPARSE_DATA_BUFFER_EX, ReparseDataBuffer.GenericReparseBuffer) + +#endif // PHNT_REDSTONE + +// Named pipe FS control definitions + +#define DEVICE_NAMED_PIPE L"\\Device\\NamedPipe\\" + +#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA) +#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) +#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_GET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_SET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_GET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_SET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_GET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_SET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_FLUSH CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_PIPE_DISABLE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 17, METHOD_BUFFERED, FILE_ANY_ACCESS) // since REDSTONE +#define FSCTL_PIPE_SILO_ARRIVAL CTL_CODE(FILE_DEVICE_NAMED_PIPE, 18, METHOD_BUFFERED, FILE_WRITE_DATA) // since REDSTONE3 +#define FSCTL_PIPE_CREATE_SYMLINK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 19, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) // requires SeTcbPrivilege +#define FSCTL_PIPE_DELETE_SYMLINK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 20, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) +#define FSCTL_PIPE_QUERY_CLIENT_PROCESS_V2 CTL_CODE(FILE_DEVICE_NAMED_PIPE, 21, METHOD_BUFFERED, FILE_ANY_ACCESS) // since 19H1 + +#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA) +#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) +#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA) + +// Flags for query event + +#define FILE_PIPE_READ_DATA 0x00000000 +#define FILE_PIPE_WRITE_SPACE 0x00000001 + +// Input for FSCTL_PIPE_ASSIGN_EVENT +typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER +{ + HANDLE EventHandle; + ULONG KeyValue; +} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER; + +// Output for FILE_PIPE_PEEK_BUFFER +typedef struct _FILE_PIPE_PEEK_BUFFER +{ + ULONG NamedPipeState; + ULONG ReadDataAvailable; + ULONG NumberOfMessages; + ULONG MessageLength; + _Field_size_bytes_(MessageLength) CHAR Data[1]; +} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER; + +// Output for FSCTL_PIPE_QUERY_EVENT +typedef struct _FILE_PIPE_EVENT_BUFFER +{ + ULONG NamedPipeState; + ULONG EntryType; + ULONG ByteCount; + ULONG KeyValue; + ULONG NumberRequests; +} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER; + +// Input for FSCTL_PIPE_WAIT +typedef struct _FILE_PIPE_WAIT_FOR_BUFFER +{ + LARGE_INTEGER Timeout; + ULONG NameLength; + BOOLEAN TimeoutSpecified; + _Field_size_bytes_(NameLength) WCHAR Name[1]; +} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER; + +// Input for FSCTL_PIPE_SET_CLIENT_PROCESS, Output for FSCTL_PIPE_QUERY_CLIENT_PROCESS +typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER +{ +#if !defined(BUILD_WOW6432) + PVOID ClientSession; + PVOID ClientProcess; +#else + ULONGLONG ClientSession; + ULONGLONG ClientProcess; +#endif +} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER; + +// Control structure for FSCTL_PIPE_QUERY_CLIENT_PROCESS_V2 + +typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_V2 +{ + ULONGLONG ClientSession; +#if !defined(BUILD_WOW6432) + PVOID ClientProcess; +#else + ULONGLONG ClientProcess; +#endif +} FILE_PIPE_CLIENT_PROCESS_BUFFER_V2, *PFILE_PIPE_CLIENT_PROCESS_BUFFER_V2; + +#define FILE_PIPE_COMPUTER_NAME_LENGTH 15 + +// Input for FSCTL_PIPE_SET_CLIENT_PROCESS, Output for FSCTL_PIPE_QUERY_CLIENT_PROCESS +typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX +{ +#if !defined(BUILD_WOW6432) + PVOID ClientSession; + PVOID ClientProcess; +#else + ULONGLONG ClientSession; + ULONGLONG ClientProcess; +#endif + USHORT ClientComputerNameLength; // in bytes + WCHAR ClientComputerBuffer[FILE_PIPE_COMPUTER_NAME_LENGTH + 1]; // null-terminated +} FILE_PIPE_CLIENT_PROCESS_BUFFER_EX, *PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX; + +// Control structure for FSCTL_PIPE_SILO_ARRIVAL + +typedef struct _FILE_PIPE_SILO_ARRIVAL_INPUT +{ + HANDLE JobHandle; +} FILE_PIPE_SILO_ARRIVAL_INPUT, *PFILE_PIPE_SILO_ARRIVAL_INPUT; + +// +// Flags for create symlink +// + +// +// A global symlink will cause resolution of the symlink's target to occur in +// the host silo (i.e. not in any current silo). For example, if there is a +// symlink at \Device\Silos\37\Device\NamedPipe\symlink then the target will be +// resolved as \Device\NamedPipe\target instead of \Device\Silos\37\Device\NamedPipe\target +// +#define FILE_PIPE_SYMLINK_FLAG_GLOBAL 0x1 + +// +// A relative symlink will cause resolution of the symlink's target to occur relative +// to the root of the named pipe file system. For example, if there is a symlink at +// \Device\NamedPipe\symlink that has a target called "target", then the target will +// be resolved as \Device\NamedPipe\target +// +#define FILE_PIPE_SYMLINK_FLAG_RELATIVE 0x2 + +#define FILE_PIPE_SYMLINK_VALID_FLAGS \ + (FILE_PIPE_SYMLINK_FLAG_GLOBAL | FILE_PIPE_SYMLINK_FLAG_RELATIVE) + +// Control structure for FSCTL_PIPE_CREATE_SYMLINK + +typedef struct _FILE_PIPE_CREATE_SYMLINK_INPUT +{ + USHORT NameOffset; + USHORT NameLength; + USHORT SubstituteNameOffset; + USHORT SubstituteNameLength; + ULONG Flags; +} FILE_PIPE_CREATE_SYMLINK_INPUT, *PFILE_PIPE_CREATE_SYMLINK_INPUT; + +// Control structure for FSCTL_PIPE_DELETE_SYMLINK + +typedef struct _FILE_PIPE_DELETE_SYMLINK_INPUT +{ + USHORT NameOffset; + USHORT NameLength; +} FILE_PIPE_DELETE_SYMLINK_INPUT, *PFILE_PIPE_DELETE_SYMLINK_INPUT; + +// Mailslot FS control definitions + +#define MAILSLOT_CLASS_FIRSTCLASS 1 +#define MAILSLOT_CLASS_SECONDCLASS 2 + +#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA) + +// Output for FSCTL_MAILSLOT_PEEK +typedef struct _FILE_MAILSLOT_PEEK_BUFFER +{ + ULONG ReadDataAvailable; + ULONG NumberOfMessages; + ULONG MessageLength; +} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER; + +// Mount manager FS control definitions + +#define MOUNTMGR_DEVICE_NAME L"\\Device\\MountPointManager" +#define MOUNTMGRCONTROLTYPE 0x0000006D // 'm' +#define MOUNTDEVCONTROLTYPE 0x0000004D // 'M' + +#define IOCTL_MOUNTMGR_CREATE_POINT CTL_CODE(MOUNTMGRCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) +#define IOCTL_MOUNTMGR_DELETE_POINTS CTL_CODE(MOUNTMGRCONTROLTYPE, 1, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) +#define IOCTL_MOUNTMGR_QUERY_POINTS CTL_CODE(MOUNTMGRCONTROLTYPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define IOCTL_MOUNTMGR_DELETE_POINTS_DBONLY CTL_CODE(MOUNTMGRCONTROLTYPE, 3, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) +#define IOCTL_MOUNTMGR_NEXT_DRIVE_LETTER CTL_CODE(MOUNTMGRCONTROLTYPE, 4, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) +#define IOCTL_MOUNTMGR_AUTO_DL_ASSIGNMENTS CTL_CODE(MOUNTMGRCONTROLTYPE, 5, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) +#define IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED CTL_CODE(MOUNTMGRCONTROLTYPE, 6, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) +#define IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED CTL_CODE(MOUNTMGRCONTROLTYPE, 7, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) +#define IOCTL_MOUNTMGR_CHANGE_NOTIFY CTL_CODE(MOUNTMGRCONTROLTYPE, 8, METHOD_BUFFERED, FILE_READ_ACCESS) +#define IOCTL_MOUNTMGR_KEEP_LINKS_WHEN_OFFLINE CTL_CODE(MOUNTMGRCONTROLTYPE, 9, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) +#define IOCTL_MOUNTMGR_CHECK_UNPROCESSED_VOLUMES CTL_CODE(MOUNTMGRCONTROLTYPE, 10, METHOD_BUFFERED, FILE_READ_ACCESS) +#define IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION CTL_CODE(MOUNTMGRCONTROLTYPE, 11, METHOD_BUFFERED, FILE_READ_ACCESS) +#define IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH CTL_CODE(MOUNTMGRCONTROLTYPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS CTL_CODE(MOUNTMGRCONTROLTYPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define IOCTL_MOUNTMGR_SCRUB_REGISTRY CTL_CODE(MOUNTMGRCONTROLTYPE, 14, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) +#define IOCTL_MOUNTMGR_QUERY_AUTO_MOUNT CTL_CODE(MOUNTMGRCONTROLTYPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define IOCTL_MOUNTMGR_SET_AUTO_MOUNT CTL_CODE(MOUNTMGRCONTROLTYPE, 16, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) +#define IOCTL_MOUNTMGR_BOOT_DL_ASSIGNMENT CTL_CODE(MOUNTMGRCONTROLTYPE, 17, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) // since WIN7 +#define IOCTL_MOUNTMGR_TRACELOG_CACHE CTL_CODE(MOUNTMGRCONTROLTYPE, 18, METHOD_BUFFERED, FILE_READ_ACCESS) +#define IOCTL_MOUNTMGR_PREPARE_VOLUME_DELETE CTL_CODE(MOUNTMGRCONTROLTYPE, 19, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) +#define IOCTL_MOUNTMGR_CANCEL_VOLUME_DELETE CTL_CODE(MOUNTMGRCONTROLTYPE, 20, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) // since WIN8 +#define IOCTL_MOUNTMGR_SILO_ARRIVAL CTL_CODE(MOUNTMGRCONTROLTYPE, 21, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) // since RS1 + +#define IOCTL_MOUNTDEV_QUERY_DEVICE_NAME CTL_CODE(MOUNTDEVCONTROLTYPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) + +// Input structure for IOCTL_MOUNTMGR_CREATE_POINT. +typedef struct _MOUNTMGR_CREATE_POINT_INPUT +{ + USHORT SymbolicLinkNameOffset; + USHORT SymbolicLinkNameLength; + USHORT DeviceNameOffset; + USHORT DeviceNameLength; +} MOUNTMGR_CREATE_POINT_INPUT, *PMOUNTMGR_CREATE_POINT_INPUT; + +// Input structure for IOCTL_MOUNTMGR_DELETE_POINTS, IOCTL_MOUNTMGR_QUERY_POINTS, and IOCTL_MOUNTMGR_DELETE_POINTS_DBONLY. +typedef struct _MOUNTMGR_MOUNT_POINT +{ + ULONG SymbolicLinkNameOffset; + USHORT SymbolicLinkNameLength; + USHORT Reserved1; + ULONG UniqueIdOffset; + USHORT UniqueIdLength; + USHORT Reserved2; + ULONG DeviceNameOffset; + USHORT DeviceNameLength; + USHORT Reserved3; +} MOUNTMGR_MOUNT_POINT, *PMOUNTMGR_MOUNT_POINT; + +// Output structure for IOCTL_MOUNTMGR_DELETE_POINTS, IOCTL_MOUNTMGR_QUERY_POINTS, and IOCTL_MOUNTMGR_DELETE_POINTS_DBONLY. +typedef struct _MOUNTMGR_MOUNT_POINTS +{ + ULONG Size; + ULONG NumberOfMountPoints; + _Field_size_(NumberOfMountPoints) MOUNTMGR_MOUNT_POINT MountPoints[1]; +} MOUNTMGR_MOUNT_POINTS, *PMOUNTMGR_MOUNT_POINTS; + +// Input structure for IOCTL_MOUNTMGR_NEXT_DRIVE_LETTER. +typedef struct _MOUNTMGR_DRIVE_LETTER_TARGET +{ + USHORT DeviceNameLength; + _Field_size_bytes_(DeviceNameLength) WCHAR DeviceName[1]; +} MOUNTMGR_DRIVE_LETTER_TARGET, *PMOUNTMGR_DRIVE_LETTER_TARGET; + +// Output structure for IOCTL_MOUNTMGR_NEXT_DRIVE_LETTER. +typedef struct _MOUNTMGR_DRIVE_LETTER_INFORMATION +{ + BOOLEAN DriveLetterWasAssigned; + UCHAR CurrentDriveLetter; +} MOUNTMGR_DRIVE_LETTER_INFORMATION, *PMOUNTMGR_DRIVE_LETTER_INFORMATION; + +// Input structure for IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED and +// IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED. +typedef struct _MOUNTMGR_VOLUME_MOUNT_POINT +{ + USHORT SourceVolumeNameOffset; + USHORT SourceVolumeNameLength; + USHORT TargetVolumeNameOffset; + USHORT TargetVolumeNameLength; +} MOUNTMGR_VOLUME_MOUNT_POINT, *PMOUNTMGR_VOLUME_MOUNT_POINT; + +// Input structure for IOCTL_MOUNTMGR_CHANGE_NOTIFY. +// Output structure for IOCTL_MOUNTMGR_CHANGE_NOTIFY. +typedef struct _MOUNTMGR_CHANGE_NOTIFY_INFO +{ + ULONG EpicNumber; +} MOUNTMGR_CHANGE_NOTIFY_INFO, *PMOUNTMGR_CHANGE_NOTIFY_INFO; + +// Input structure for IOCTL_MOUNTMGR_KEEP_LINKS_WHEN_OFFLINE, +// IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION, +// IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH, and +// IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS. +// IOCTL_MOUNTMGR_PREPARE_VOLUME_DELETE +// IOCTL_MOUNTMGR_CANCEL_VOLUME_DELETE +typedef struct _MOUNTMGR_TARGET_NAME +{ + USHORT DeviceNameLength; + _Field_size_bytes_(DeviceNameLength) WCHAR DeviceName[1]; +} MOUNTMGR_TARGET_NAME, *PMOUNTMGR_TARGET_NAME; + +// Input / Output structure for querying / setting the auto-mount setting +typedef enum _MOUNTMGR_AUTO_MOUNT_STATE +{ + Disabled = 0, + Enabled +} MOUNTMGR_AUTO_MOUNT_STATE; + +// IOCTL_MOUNTMGR_QUERY_AUTO_MOUNT +typedef struct _MOUNTMGR_QUERY_AUTO_MOUNT +{ + MOUNTMGR_AUTO_MOUNT_STATE CurrentState; +} MOUNTMGR_QUERY_AUTO_MOUNT, *PMOUNTMGR_QUERY_AUTO_MOUNT; + +// IOCTL_MOUNTMGR_SET_AUTO_MOUNT +typedef struct _MOUNTMGR_SET_AUTO_MOUNT +{ + MOUNTMGR_AUTO_MOUNT_STATE NewState; +} MOUNTMGR_SET_AUTO_MOUNT, *PMOUNTMGR_SET_AUTO_MOUNT; + +// Input structure for IOCTL_MOUNTMGR_SILO_ARRIVAL. +typedef struct _MOUNTMGR_SILO_ARRIVAL_INPUT +{ + HANDLE JobHandle; +} MOUNTMGR_SILO_ARRIVAL_INPUT, *PMOUNTMGR_SILO_ARRIVAL_INPUT; + +// Macro that defines what a "drive letter" mount point is. This macro can +// be used to scan the result from QUERY_POINTS to discover which mount points +// are find "drive letter" mount points. +#define MOUNTMGR_IS_DRIVE_LETTER(s) ( \ + (s)->Length == 28 && \ + (s)->Buffer[0] == '\\' && \ + (s)->Buffer[1] == 'D' && \ + (s)->Buffer[2] == 'o' && \ + (s)->Buffer[3] == 's' && \ + (s)->Buffer[4] == 'D' && \ + (s)->Buffer[5] == 'e' && \ + (s)->Buffer[6] == 'v' && \ + (s)->Buffer[7] == 'i' && \ + (s)->Buffer[8] == 'c' && \ + (s)->Buffer[9] == 'e' && \ + (s)->Buffer[10] == 's' && \ + (s)->Buffer[11] == '\\' && \ + (s)->Buffer[12] >= 'A' && \ + (s)->Buffer[12] <= 'Z' && \ + (s)->Buffer[13] == ':') + +// Macro that defines what a "volume name" mount point is. This macro can +// be used to scan the result from QUERY_POINTS to discover which mount points +// are "volume name" mount points. +#define MOUNTMGR_IS_VOLUME_NAME(s) ( \ + ((s)->Length == 96 || ((s)->Length == 98 && (s)->Buffer[48] == '\\')) && \ + (s)->Buffer[0] == '\\' && \ + ((s)->Buffer[1] == '?' || (s)->Buffer[1] == '\\') && \ + (s)->Buffer[2] == '?' && \ + (s)->Buffer[3] == '\\' && \ + (s)->Buffer[4] == 'V' && \ + (s)->Buffer[5] == 'o' && \ + (s)->Buffer[6] == 'l' && \ + (s)->Buffer[7] == 'u' && \ + (s)->Buffer[8] == 'm' && \ + (s)->Buffer[9] == 'e' && \ + (s)->Buffer[10] == '{' && \ + (s)->Buffer[19] == '-' && \ + (s)->Buffer[24] == '-' && \ + (s)->Buffer[29] == '-' && \ + (s)->Buffer[34] == '-' && \ + (s)->Buffer[47] == '}') + +// Output structure for IOCTL_MOUNTDEV_QUERY_DEVICE_NAME. +typedef struct _MOUNTDEV_NAME +{ + USHORT NameLength; + _Field_size_bytes_(NameLength) WCHAR Name[1]; +} MOUNTDEV_NAME, * PMOUNTDEV_NAME; + +// Output structure for IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH and IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS. +typedef struct _MOUNTMGR_VOLUME_PATHS +{ + ULONG MultiSzLength; + _Field_size_bytes_(MultiSzLength) WCHAR MultiSz[1]; +} MOUNTMGR_VOLUME_PATHS, *PMOUNTMGR_VOLUME_PATHS; + +#define MOUNTMGR_IS_DOS_VOLUME_NAME(s) ( \ + MOUNTMGR_IS_VOLUME_NAME(s) && \ + (s)->Length == 96 && \ + (s)->Buffer[1] == '\\') + +#define MOUNTMGR_IS_DOS_VOLUME_NAME_WB(s) ( \ + MOUNTMGR_IS_VOLUME_NAME(s) && \ + (s)->Length == 98 && \ + (s)->Buffer[1] == '\\') + +#define MOUNTMGR_IS_NT_VOLUME_NAME(s) ( \ + MOUNTMGR_IS_VOLUME_NAME(s) && \ + (s)->Length == 96 && \ + (s)->Buffer[1] == '?') + +#define MOUNTMGR_IS_NT_VOLUME_NAME_WB(s) ( \ + MOUNTMGR_IS_VOLUME_NAME(s) && \ + (s)->Length == 98 && \ + (s)->Buffer[1] == '?') + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +// +// Major Function Codes +// +#define IRP_MJ_CREATE 0x00 +#define IRP_MJ_CREATE_NAMED_PIPE 0x01 +#define IRP_MJ_CLOSE 0x02 +#define IRP_MJ_READ 0x03 +#define IRP_MJ_WRITE 0x04 +#define IRP_MJ_QUERY_INFORMATION 0x05 +#define IRP_MJ_SET_INFORMATION 0x06 +#define IRP_MJ_QUERY_EA 0x07 +#define IRP_MJ_SET_EA 0x08 +#define IRP_MJ_FLUSH_BUFFERS 0x09 +#define IRP_MJ_QUERY_VOLUME_INFORMATION 0x0a +#define IRP_MJ_SET_VOLUME_INFORMATION 0x0b +#define IRP_MJ_DIRECTORY_CONTROL 0x0c +#define IRP_MJ_FILE_SYSTEM_CONTROL 0x0d +#define IRP_MJ_DEVICE_CONTROL 0x0e +#define IRP_MJ_INTERNAL_DEVICE_CONTROL 0x0f +#define IRP_MJ_SHUTDOWN 0x10 +#define IRP_MJ_LOCK_CONTROL 0x11 +#define IRP_MJ_CLEANUP 0x12 +#define IRP_MJ_CREATE_MAILSLOT 0x13 +#define IRP_MJ_QUERY_SECURITY 0x14 +#define IRP_MJ_SET_SECURITY 0x15 +#define IRP_MJ_POWER 0x16 +#define IRP_MJ_SYSTEM_CONTROL 0x17 +#define IRP_MJ_DEVICE_CHANGE 0x18 +#define IRP_MJ_QUERY_QUOTA 0x19 +#define IRP_MJ_SET_QUOTA 0x1a +#define IRP_MJ_PNP 0x1b +#define IRP_MJ_PNP_POWER IRP_MJ_PNP // Obsolete.... +#define IRP_MJ_MAXIMUM_FUNCTION 0x1b +#define IRP_MJ_ACQUIRE_FOR_SECTION_SYNCHRONIZATION ((UCHAR)-1) +#define IRP_MJ_RELEASE_FOR_SECTION_SYNCHRONIZATION ((UCHAR)-2) +#define IRP_MJ_ACQUIRE_FOR_MOD_WRITE ((UCHAR)-3) +#define IRP_MJ_RELEASE_FOR_MOD_WRITE ((UCHAR)-4) +#define IRP_MJ_ACQUIRE_FOR_CC_FLUSH ((UCHAR)-5) +#define IRP_MJ_RELEASE_FOR_CC_FLUSH ((UCHAR)-6) +#define IRP_MJ_QUERY_OPEN ((UCHAR)-7) +#define IRP_MJ_FAST_IO_CHECK_IF_POSSIBLE ((UCHAR)-13) +#define IRP_MJ_NETWORK_QUERY_OPEN ((UCHAR)-14) +#define IRP_MJ_MDL_READ ((UCHAR)-15) +#define IRP_MJ_MDL_READ_COMPLETE ((UCHAR)-16) +#define IRP_MJ_PREPARE_MDL_WRITE ((UCHAR)-17) +#define IRP_MJ_MDL_WRITE_COMPLETE ((UCHAR)-18) +#define IRP_MJ_VOLUME_MOUNT ((UCHAR)-19) +#define IRP_MJ_VOLUME_DISMOUNT ((UCHAR)-20) +#define FLT_INTERNAL_OPERATION_COUNT 22 + +// +// Minor Function Codes +// +#define IRP_MN_SCSI_CLASS 0x01 +// PNP minor function codes +#define IRP_MN_START_DEVICE 0x00 +#define IRP_MN_QUERY_REMOVE_DEVICE 0x01 +#define IRP_MN_REMOVE_DEVICE 0x02 +#define IRP_MN_CANCEL_REMOVE_DEVICE 0x03 +#define IRP_MN_STOP_DEVICE 0x04 +#define IRP_MN_QUERY_STOP_DEVICE 0x05 +#define IRP_MN_CANCEL_STOP_DEVICE 0x06 +#define IRP_MN_QUERY_DEVICE_RELATIONS 0x07 +#define IRP_MN_QUERY_INTERFACE 0x08 +#define IRP_MN_QUERY_CAPABILITIES 0x09 +#define IRP_MN_QUERY_RESOURCES 0x0A +#define IRP_MN_QUERY_RESOURCE_REQUIREMENTS 0x0B +#define IRP_MN_QUERY_DEVICE_TEXT 0x0C +#define IRP_MN_FILTER_RESOURCE_REQUIREMENTS 0x0D +#define IRP_MN_READ_CONFIG 0x0F +#define IRP_MN_WRITE_CONFIG 0x10 +#define IRP_MN_EJECT 0x11 +#define IRP_MN_SET_LOCK 0x12 +#define IRP_MN_QUERY_ID 0x13 +#define IRP_MN_QUERY_PNP_DEVICE_STATE 0x14 +#define IRP_MN_QUERY_BUS_INFORMATION 0x15 +#define IRP_MN_DEVICE_USAGE_NOTIFICATION 0x16 +#define IRP_MN_SURPRISE_REMOVAL 0x17 +#if (PHNT_VERSION >= PHNT_WIN7) +#define IRP_MN_DEVICE_ENUMERATED 0x19 +#endif +// POWER minor function codes +#define IRP_MN_WAIT_WAKE 0x00 +#define IRP_MN_POWER_SEQUENCE 0x01 +#define IRP_MN_SET_POWER 0x02 +#define IRP_MN_QUERY_POWER 0x03 +// WMI minor function codes under IRP_MJ_SYSTEM_CONTROL +#define IRP_MN_QUERY_ALL_DATA 0x00 +#define IRP_MN_QUERY_SINGLE_INSTANCE 0x01 +#define IRP_MN_CHANGE_SINGLE_INSTANCE 0x02 +#define IRP_MN_CHANGE_SINGLE_ITEM 0x03 +#define IRP_MN_ENABLE_EVENTS 0x04 +#define IRP_MN_DISABLE_EVENTS 0x05 +#define IRP_MN_ENABLE_COLLECTION 0x06 +#define IRP_MN_DISABLE_COLLECTION 0x07 +#define IRP_MN_REGINFO 0x08 +#define IRP_MN_EXECUTE_METHOD 0x09 +// Minor code 0x0a is reserved +#define IRP_MN_REGINFO_EX 0x0b +// Minor code 0x0c is reserved +// Minor code 0x0d is reserved + +// +// Filter Manager Callback Data Flags +// +#define FLTFL_CALLBACK_DATA_REISSUE_MASK 0x0000FFFF +#define FLTFL_CALLBACK_DATA_IRP_OPERATION 0x00000001 // Set for Irp operations +#define FLTFL_CALLBACK_DATA_FAST_IO_OPERATION 0x00000002 // Set for Fast Io operations +#define FLTFL_CALLBACK_DATA_FS_FILTER_OPERATION 0x00000004 // Set for Fs Filter operations +#define FLTFL_CALLBACK_DATA_SYSTEM_BUFFER 0x00000008 // Set if the buffer passed in for the i/o was a system buffer +#define FLTFL_CALLBACK_DATA_GENERATED_IO 0x00010000 // Set if this is I/O generated by a mini-filter +#define FLTFL_CALLBACK_DATA_REISSUED_IO 0x00020000 // Set if this I/O was reissued +#define FLTFL_CALLBACK_DATA_DRAINING_IO 0x00040000 // set if this operation is being drained. If set, +#define FLTFL_CALLBACK_DATA_POST_OPERATION 0x00080000 // Set if this is a POST operation +#define FLTFL_CALLBACK_DATA_NEW_SYSTEM_BUFFER 0x00100000 +#define FLTFL_CALLBACK_DATA_DIRTY 0x80000000 // Set by caller if parameters were changed + +// +// IRP Flags +// +#define IRP_NOCACHE 0x00000001 +#define IRP_PAGING_IO 0x00000002 +#define IRP_MOUNT_COMPLETION 0x00000002 +#define IRP_SYNCHRONOUS_API 0x00000004 +#define IRP_ASSOCIATED_IRP 0x00000008 +#define IRP_BUFFERED_IO 0x00000010 +#define IRP_DEALLOCATE_BUFFER 0x00000020 +#define IRP_INPUT_OPERATION 0x00000040 +#define IRP_SYNCHRONOUS_PAGING_IO 0x00000040 +#define IRP_CREATE_OPERATION 0x00000080 +#define IRP_READ_OPERATION 0x00000100 +#define IRP_WRITE_OPERATION 0x00000200 +#define IRP_CLOSE_OPERATION 0x00000400 +#define IRP_DEFER_IO_COMPLETION 0x00000800 +#define IRP_OB_QUERY_NAME 0x00001000 +#define IRP_HOLD_DEVICE_QUEUE 0x00002000 +#define IRP_UM_DRIVER_INITIATED_IO 0x00400000 + +// +// File Object Flags +// +#define FO_FILE_OPEN 0x00000001 +#define FO_SYNCHRONOUS_IO 0x00000002 +#define FO_ALERTABLE_IO 0x00000004 +#define FO_NO_INTERMEDIATE_BUFFERING 0x00000008 +#define FO_WRITE_THROUGH 0x00000010 +#define FO_SEQUENTIAL_ONLY 0x00000020 +#define FO_CACHE_SUPPORTED 0x00000040 +#define FO_NAMED_PIPE 0x00000080 +#define FO_STREAM_FILE 0x00000100 +#define FO_MAILSLOT 0x00000200 +#define FO_GENERATE_AUDIT_ON_CLOSE 0x00000400 +#define FO_QUEUE_IRP_TO_THREAD FO_GENERATE_AUDIT_ON_CLOSE +#define FO_DIRECT_DEVICE_OPEN 0x00000800 +#define FO_FILE_MODIFIED 0x00001000 +#define FO_FILE_SIZE_CHANGED 0x00002000 +#define FO_CLEANUP_COMPLETE 0x00004000 +#define FO_TEMPORARY_FILE 0x00008000 +#define FO_DELETE_ON_CLOSE 0x00010000 +#define FO_OPENED_CASE_SENSITIVE 0x00020000 +#define FO_HANDLE_CREATED 0x00040000 +#define FO_FILE_FAST_IO_READ 0x00080000 +#define FO_RANDOM_ACCESS 0x00100000 +#define FO_FILE_OPEN_CANCELLED 0x00200000 +#define FO_VOLUME_OPEN 0x00400000 +#define FO_BYPASS_IO_ENABLED 0x00800000 //when set BYPASS IO is enabled on this handle +#define FO_REMOTE_ORIGIN 0x01000000 +#define FO_DISALLOW_EXCLUSIVE 0x02000000 +#define FO_SKIP_COMPLETION_PORT FO_DISALLOW_EXCLUSIVE +#define FO_SKIP_SET_EVENT 0x04000000 +#define FO_SKIP_SET_FAST_IO 0x08000000 +#define FO_INDIRECT_WAIT_OBJECT 0x10000000 +#define FO_SECTION_MINSTORE_TREATMENT 0x20000000 + +// +// Define stack location (IO_STACK_LOCATION) flags +// +#define SL_PENDING_RETURNED 0x01 +#define SL_ERROR_RETURNED 0x02 +#define SL_INVOKE_ON_CANCEL 0x20 +#define SL_INVOKE_ON_SUCCESS 0x40 +#define SL_INVOKE_ON_ERROR 0x80 +// Create / Create Named Pipe (IRP_MJ_CREATE/IRP_MJ_CREATE_NAMED_PIPE) +#define SL_FORCE_ACCESS_CHECK 0x01 +#define SL_OPEN_PAGING_FILE 0x02 +#define SL_OPEN_TARGET_DIRECTORY 0x04 +#define SL_STOP_ON_SYMLINK 0x08 +#define SL_IGNORE_READONLY_ATTRIBUTE 0x40 +#define SL_CASE_SENSITIVE 0x80 +// Read / Write (IRP_MJ_READ/IRP_MJ_WRITE) +#define SL_KEY_SPECIFIED 0x01 +#define SL_OVERRIDE_VERIFY_VOLUME 0x02 +#define SL_WRITE_THROUGH 0x04 +#define SL_FT_SEQUENTIAL_WRITE 0x08 +#define SL_FORCE_DIRECT_WRITE 0x10 +#define SL_REALTIME_STREAM 0x20 // valid only with optical media +#define SL_PERSISTENT_MEMORY_FIXED_MAPPING 0x20 // valid only with persistent memory device and IRP_MJ_WRITE +#define SL_BYPASS_IO 0x40 +// IRP_MJ_FLUSH_BUFFERS +#define SL_FORCE_ASYNCHRONOUS 0x01 +// Device I/O Control +#define SL_READ_ACCESS_GRANTED 0x01 +#define SL_WRITE_ACCESS_GRANTED 0x04 // Gap for SL_OVERRIDE_VERIFY_VOLUME +// Lock (IRP_MJ_LOCK_CONTROL) +#define SL_FAIL_IMMEDIATELY 0x01 +#define SL_EXCLUSIVE_LOCK 0x02 +// QueryDirectory / QueryEa / QueryQuota (IRP_MJ_DIRECTORY_CONTROL/IRP_MJ_QUERY_EA/IRP_MJ_QUERY_QUOTA)) +#define SL_RESTART_SCAN 0x01 +#define SL_RETURN_SINGLE_ENTRY 0x02 +#define SL_INDEX_SPECIFIED 0x04 +#define SL_RETURN_ON_DISK_ENTRIES_ONLY 0x08 +#define SL_NO_CURSOR_UPDATE 0x10 +#define SL_QUERY_DIRECTORY_MASK 0x1b +// NotifyDirectory (IRP_MJ_DIRECTORY_CONTROL) +#define SL_WATCH_TREE 0x01 +// FileSystemControl (IRP_MJ_FILE_SYSTEM_CONTROL) +#define SL_ALLOW_RAW_MOUNT 0x01 +// SetInformationFile (IRP_MJ_SET_INFORMATION) / QueryInformationFile +#define SL_BYPASS_ACCESS_CHECK 0x01 +#define SL_INFO_FORCE_ACCESS_CHECK 0x01 +#define SL_INFO_IGNORE_READONLY_ATTRIBUTE 0x40 // same value as IO_IGNORE_READONLY_ATTRIBUTE + +// +// Device Object (DO) flags +// +#define DO_VERIFY_VOLUME 0x00000002 +#define DO_BUFFERED_IO 0x00000004 +#define DO_EXCLUSIVE 0x00000008 +#define DO_DIRECT_IO 0x00000010 +#define DO_MAP_IO_BUFFER 0x00000020 +#define DO_DEVICE_INITIALIZING 0x00000080 +#define DO_SHUTDOWN_REGISTERED 0x00000800 +#define DO_BUS_ENUMERATED_DEVICE 0x00001000 +#define DO_POWER_PAGABLE 0x00002000 +#define DO_POWER_INRUSH 0x00004000 +#define DO_DEVICE_TO_BE_RESET 0x04000000 +#define DO_DAX_VOLUME 0x10000000 + +// +// KSecDD FS control definitions +// +#define KSEC_DEVICE_NAME L"\\Device\\KSecDD" +#define IOCTL_KSEC_CONNECT_LSA CTL_CODE(FILE_DEVICE_KSEC, 0, METHOD_BUFFERED, FILE_WRITE_ACCESS ) +#define IOCTL_KSEC_RNG CTL_CODE(FILE_DEVICE_KSEC, 1, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_RNG_REKEY CTL_CODE(FILE_DEVICE_KSEC, 2, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_ENCRYPT_MEMORY CTL_CODE(FILE_DEVICE_KSEC, 3, METHOD_OUT_DIRECT, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_DECRYPT_MEMORY CTL_CODE(FILE_DEVICE_KSEC, 4, METHOD_OUT_DIRECT, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_ENCRYPT_MEMORY_CROSS_PROC CTL_CODE(FILE_DEVICE_KSEC, 5, METHOD_OUT_DIRECT, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_DECRYPT_MEMORY_CROSS_PROC CTL_CODE(FILE_DEVICE_KSEC, 6, METHOD_OUT_DIRECT, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_ENCRYPT_MEMORY_SAME_LOGON CTL_CODE(FILE_DEVICE_KSEC, 7, METHOD_OUT_DIRECT, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_DECRYPT_MEMORY_SAME_LOGON CTL_CODE(FILE_DEVICE_KSEC, 8, METHOD_OUT_DIRECT, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_FIPS_GET_FUNCTION_TABLE CTL_CODE(FILE_DEVICE_KSEC, 9, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_ALLOC_POOL CTL_CODE(FILE_DEVICE_KSEC, 10, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_FREE_POOL CTL_CODE(FILE_DEVICE_KSEC, 11, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_COPY_POOL CTL_CODE(FILE_DEVICE_KSEC, 12, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_DUPLICATE_HANDLE CTL_CODE(FILE_DEVICE_KSEC, 13, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_REGISTER_EXTENSION CTL_CODE(FILE_DEVICE_KSEC, 14, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_CLIENT_CALLBACK CTL_CODE(FILE_DEVICE_KSEC, 15, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_GET_BCRYPT_EXTENSION CTL_CODE(FILE_DEVICE_KSEC, 16, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_GET_SSL_EXTENSION CTL_CODE(FILE_DEVICE_KSEC, 17, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_GET_DEVICECONTROL_EXTENSION CTL_CODE(FILE_DEVICE_KSEC, 18, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_ALLOC_VM CTL_CODE(FILE_DEVICE_KSEC, 19, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_FREE_VM CTL_CODE(FILE_DEVICE_KSEC, 20, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_COPY_VM CTL_CODE(FILE_DEVICE_KSEC, 21, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_CLIENT_FREE_VM CTL_CODE(FILE_DEVICE_KSEC, 22, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_INSERT_PROTECTED_PROCESS_ADDRESS CTL_CODE(FILE_DEVICE_KSEC, 23, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_REMOVE_PROTECTED_PROCESS_ADDRESS CTL_CODE(FILE_DEVICE_KSEC, 24, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_GET_BCRYPT_EXTENSION2 CTL_CODE(FILE_DEVICE_KSEC, 25, METHOD_BUFFERED, FILE_ANY_ACCESS ) +#define IOCTL_KSEC_IPC_GET_QUEUED_FUNCTION_CALLS CTL_CODE(FILE_DEVICE_KSEC, 26, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) +#define IOCTL_KSEC_IPC_SET_FUNCTION_RETURN CTL_CODE(FILE_DEVICE_KSEC, 27, METHOD_NEITHER, FILE_ANY_ACCESS) + +// pub +typedef enum _FS_FILTER_SECTION_SYNC_TYPE +{ + SyncTypeOther = 0, + SyncTypeCreateSection +} FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE; + +//pub +typedef enum _CREATE_FILE_TYPE +{ + CreateFileTypeNone, + CreateFileTypeNamedPipe, + CreateFileTypeMailslot +} CREATE_FILE_TYPE; + +// pub +typedef struct _NAMED_PIPE_CREATE_PARAMETERS +{ + ULONG NamedPipeType; + ULONG ReadMode; + ULONG CompletionMode; + ULONG MaximumInstances; + ULONG InboundQuota; + ULONG OutboundQuota; + LARGE_INTEGER DefaultTimeout; + BOOLEAN TimeoutSpecified; +} NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS; + +// pub +typedef struct _MAILSLOT_CREATE_PARAMETERS +{ + ULONG MailslotQuota; + ULONG MaximumMessageSize; + LARGE_INTEGER ReadTimeout; + BOOLEAN TimeoutSpecified; +} MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS; + +#if (PHNT_VERSION >= PHNT_WIN7) + +// pub +typedef struct _OPLOCK_KEY_ECP_CONTEXT +{ + GUID OplockKey; + ULONG Reserved; +} OPLOCK_KEY_ECP_CONTEXT, *POPLOCK_KEY_ECP_CONTEXT; + +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) + +// pub +typedef struct _OPLOCK_KEY_CONTEXT +{ + USHORT Version; // OPLOCK_KEY_VERSION_* + USHORT Flags; // OPLOCK_KEY_FLAG_* + GUID ParentOplockKey; + GUID TargetOplockKey; + ULONG Reserved; +} OPLOCK_KEY_CONTEXT, *POPLOCK_KEY_CONTEXT; + +#define OPLOCK_KEY_VERSION_WIN7 0x0001 +#define OPLOCK_KEY_VERSION_WIN8 0x0002 + +#define OPLOCK_KEY_FLAG_PARENT_KEY 0x0001 +#define OPLOCK_KEY_FLAG_TARGET_KEY 0x0002 + +#endif + +#endif // (PHNT_MODE != PHNT_MODE_KERNEL) + +#endif diff --git a/deps/phnt-nightly/ntkeapi.h b/deps/phnt-nightly/ntkeapi.h new file mode 100644 index 0000000..af9c67e --- /dev/null +++ b/deps/phnt-nightly/ntkeapi.h @@ -0,0 +1,174 @@ +/* + * Kernel executive support library + * + * This file is part of System Informer. + */ + +#ifndef _NTKEAPI_H +#define _NTKEAPI_H + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +#define LOW_PRIORITY 0 // Lowest thread priority level +#define LOW_REALTIME_PRIORITY 16 // Lowest realtime priority level +#define HIGH_PRIORITY 31 // Highest thread priority level +#define MAXIMUM_PRIORITY 32 // Number of thread priority levels +#endif + +typedef enum _KTHREAD_STATE +{ + Initialized, + Ready, + Running, + Standby, + Terminated, + Waiting, + Transition, + DeferredReady, + GateWaitObsolete, + WaitingForProcessInSwap, + MaximumThreadState +} KTHREAD_STATE, *PKTHREAD_STATE; + +// private +typedef enum _KHETERO_CPU_POLICY +{ + KHeteroCpuPolicyAll = 0, + KHeteroCpuPolicyLarge = 1, + KHeteroCpuPolicyLargeOrIdle = 2, + KHeteroCpuPolicySmall = 3, + KHeteroCpuPolicySmallOrIdle = 4, + KHeteroCpuPolicyDynamic = 5, + KHeteroCpuPolicyStaticMax = 5, // valid + KHeteroCpuPolicyBiasedSmall = 6, + KHeteroCpuPolicyBiasedLarge = 7, + KHeteroCpuPolicyDefault = 8, + KHeteroCpuPolicyMax = 9 +} KHETERO_CPU_POLICY, *PKHETERO_CPU_POLICY; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +typedef enum _KWAIT_REASON +{ + Executive, + FreePage, + PageIn, + PoolAllocation, + DelayExecution, + Suspended, + UserRequest, + WrExecutive, + WrFreePage, + WrPageIn, + WrPoolAllocation, + WrDelayExecution, + WrSuspended, + WrUserRequest, + WrEventPair, + WrQueue, + WrLpcReceive, + WrLpcReply, + WrVirtualMemory, + WrPageOut, + WrRendezvous, + WrKeyedEvent, + WrTerminated, + WrProcessInSwap, + WrCpuRateControl, + WrCalloutStack, + WrKernel, + WrResource, + WrPushLock, + WrMutex, + WrQuantumEnd, + WrDispatchInt, + WrPreempted, + WrYieldExecution, + WrFastMutex, + WrGuardedMutex, + WrRundown, + WrAlertByThreadId, + WrDeferredPreempt, + WrPhysicalFault, + WrIoRing, + WrMdlCache, + MaximumWaitReason +} KWAIT_REASON, *PKWAIT_REASON; + +typedef enum _KPROFILE_SOURCE +{ + ProfileTime, + ProfileAlignmentFixup, + ProfileTotalIssues, + ProfilePipelineDry, + ProfileLoadInstructions, + ProfilePipelineFrozen, + ProfileBranchInstructions, + ProfileTotalNonissues, + ProfileDcacheMisses, + ProfileIcacheMisses, + ProfileCacheMisses, + ProfileBranchMispredictions, + ProfileStoreInstructions, + ProfileFpInstructions, + ProfileIntegerInstructions, + Profile2Issue, + Profile3Issue, + Profile4Issue, + ProfileSpecialInstructions, + ProfileTotalCycles, + ProfileIcacheIssues, + ProfileDcacheAccesses, + ProfileMemoryBarrierCycles, + ProfileLoadLinkedIssues, + ProfileMaximum +} KPROFILE_SOURCE; + +#endif + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCallbackReturn( + _In_reads_bytes_opt_(OutputLength) PVOID OutputBuffer, + _In_ ULONG OutputLength, + _In_ NTSTATUS Status + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFlushProcessWriteBuffers( + VOID + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryDebugFilterState( + _In_ ULONG ComponentId, + _In_ ULONG Level + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetDebugFilterState( + _In_ ULONG ComponentId, + _In_ ULONG Level, + _In_ BOOLEAN State + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtYieldExecution( + VOID + ); + +#endif + +#endif diff --git a/deps/phnt-nightly/ntldr.h b/deps/phnt-nightly/ntldr.h new file mode 100644 index 0000000..eb71424 --- /dev/null +++ b/deps/phnt-nightly/ntldr.h @@ -0,0 +1,1185 @@ +/* + * Loader support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTLDR_H +#define _NTLDR_H + +// DLLs + +typedef BOOLEAN (NTAPI *PLDR_INIT_ROUTINE)( + _In_ PVOID DllHandle, + _In_ ULONG Reason, + _In_opt_ PVOID Context + ); + +// symbols +typedef struct _LDR_SERVICE_TAG_RECORD +{ + struct _LDR_SERVICE_TAG_RECORD *Next; + ULONG ServiceTag; +} LDR_SERVICE_TAG_RECORD, *PLDR_SERVICE_TAG_RECORD; + +// symbols +typedef struct _LDRP_CSLIST +{ + PSINGLE_LIST_ENTRY Tail; +} LDRP_CSLIST, *PLDRP_CSLIST; + +// symbols +typedef enum _LDR_DDAG_STATE +{ + LdrModulesMerged = -5, + LdrModulesInitError = -4, + LdrModulesSnapError = -3, + LdrModulesUnloaded = -2, + LdrModulesUnloading = -1, + LdrModulesPlaceHolder = 0, + LdrModulesMapping = 1, + LdrModulesMapped = 2, + LdrModulesWaitingForDependencies = 3, + LdrModulesSnapping = 4, + LdrModulesSnapped = 5, + LdrModulesCondensed = 6, + LdrModulesReadyToInit = 7, + LdrModulesInitializing = 8, + LdrModulesReadyToRun = 9 +} LDR_DDAG_STATE; + +// symbols +typedef struct _LDR_DDAG_NODE +{ + LIST_ENTRY Modules; + PLDR_SERVICE_TAG_RECORD ServiceTagList; + ULONG LoadCount; + ULONG LoadWhileUnloadingCount; + ULONG LowestLink; + union + { + LDRP_CSLIST Dependencies; + SINGLE_LIST_ENTRY RemovalLink; + }; + LDRP_CSLIST IncomingDependencies; + LDR_DDAG_STATE State; + SINGLE_LIST_ENTRY CondenseLink; + ULONG PreorderNumber; +} LDR_DDAG_NODE, *PLDR_DDAG_NODE; + +// rev +typedef struct _LDR_DEPENDENCY_RECORD +{ + SINGLE_LIST_ENTRY DependencyLink; + PLDR_DDAG_NODE DependencyNode; + SINGLE_LIST_ENTRY IncomingDependencyLink; + PLDR_DDAG_NODE IncomingDependencyNode; +} LDR_DEPENDENCY_RECORD, *PLDR_DEPENDENCY_RECORD; + +// symbols +typedef enum _LDR_DLL_LOAD_REASON +{ + LoadReasonStaticDependency, + LoadReasonStaticForwarderDependency, + LoadReasonDynamicForwarderDependency, + LoadReasonDelayloadDependency, + LoadReasonDynamicLoad, + LoadReasonAsImageLoad, + LoadReasonAsDataLoad, + LoadReasonEnclavePrimary, // since REDSTONE3 + LoadReasonEnclaveDependency, + LoadReasonPatchImage, // since WIN11 + LoadReasonUnknown = -1 +} LDR_DLL_LOAD_REASON, *PLDR_DLL_LOAD_REASON; + +typedef enum _LDR_HOT_PATCH_STATE +{ + LdrHotPatchBaseImage, + LdrHotPatchNotApplied, + LdrHotPatchAppliedReverse, + LdrHotPatchAppliedForward, + LdrHotPatchFailedToPatch, + LdrHotPatchStateMax, +} LDR_HOT_PATCH_STATE, *PLDR_HOT_PATCH_STATE; + +typedef struct _ACTIVATION_CONTEXT *PACTIVATION_CONTEXT; +typedef struct _LDRP_LOAD_CONTEXT *PLDRP_LOAD_CONTEXT; + +// LDR_DATA_TABLE_ENTRY->Flags +#define LDRP_PACKAGED_BINARY 0x00000001 +#define LDRP_MARKED_FOR_REMOVAL 0x00000002 +#define LDRP_IMAGE_DLL 0x00000004 +#define LDRP_LOAD_NOTIFICATIONS_SENT 0x00000008 +#define LDRP_TELEMETRY_ENTRY_PROCESSED 0x00000010 +#define LDRP_PROCESS_STATIC_IMPORT 0x00000020 +#define LDRP_IN_LEGACY_LISTS 0x00000040 +#define LDRP_IN_INDEXES 0x00000080 +#define LDRP_SHIM_DLL 0x00000100 +#define LDRP_IN_EXCEPTION_TABLE 0x00000200 +#define LDRP_LOAD_IN_PROGRESS 0x00001000 +#define LDRP_LOAD_CONFIG_PROCESSED 0x00002000 +#define LDRP_ENTRY_PROCESSED 0x00004000 +#define LDRP_PROTECT_DELAY_LOAD 0x00008000 +#define LDRP_DONT_CALL_FOR_THREADS 0x00040000 +#define LDRP_PROCESS_ATTACH_CALLED 0x00080000 +#define LDRP_PROCESS_ATTACH_FAILED 0x00100000 +#define LDRP_COR_DEFERRED_VALIDATE 0x00200000 +#define LDRP_COR_IMAGE 0x00400000 +#define LDRP_DONT_RELOCATE 0x00800000 +#define LDRP_COR_IL_ONLY 0x01000000 +#define LDRP_CHPE_IMAGE 0x02000000 +#define LDRP_CHPE_EMULATOR_IMAGE 0x04000000 +#define LDRP_REDIRECTED 0x10000000 +#define LDRP_COMPAT_DATABASE_PROCESSED 0x80000000 + +#define LDR_DATA_TABLE_ENTRY_SIZE_WINXP FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, DdagNode) +#define LDR_DATA_TABLE_ENTRY_SIZE_WIN7 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, BaseNameHashValue) +#define LDR_DATA_TABLE_ENTRY_SIZE_WIN8 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, ImplicitPathOptions) +#define LDR_DATA_TABLE_ENTRY_SIZE_WIN10 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, SigningLevel) +#define LDR_DATA_TABLE_ENTRY_SIZE_WIN11 sizeof(LDR_DATA_TABLE_ENTRY) + +// symbols +typedef struct _LDR_DATA_TABLE_ENTRY +{ + LIST_ENTRY InLoadOrderLinks; + LIST_ENTRY InMemoryOrderLinks; + LIST_ENTRY InInitializationOrderLinks; + PVOID DllBase; + PLDR_INIT_ROUTINE EntryPoint; + ULONG SizeOfImage; + UNICODE_STRING FullDllName; + UNICODE_STRING BaseDllName; + union + { + UCHAR FlagGroup[4]; + ULONG Flags; + struct + { + ULONG PackagedBinary : 1; + ULONG MarkedForRemoval : 1; + ULONG ImageDll : 1; + ULONG LoadNotificationsSent : 1; + ULONG TelemetryEntryProcessed : 1; + ULONG ProcessStaticImport : 1; + ULONG InLegacyLists : 1; + ULONG InIndexes : 1; + ULONG ShimDll : 1; + ULONG InExceptionTable : 1; + ULONG ReservedFlags1 : 2; + ULONG LoadInProgress : 1; + ULONG LoadConfigProcessed : 1; + ULONG EntryProcessed : 1; + ULONG ProtectDelayLoad : 1; + ULONG ReservedFlags3 : 2; + ULONG DontCallForThreads : 1; + ULONG ProcessAttachCalled : 1; + ULONG ProcessAttachFailed : 1; + ULONG CorDeferredValidate : 1; + ULONG CorImage : 1; + ULONG DontRelocate : 1; + ULONG CorILOnly : 1; + ULONG ChpeImage : 1; + ULONG ChpeEmulatorImage : 1; + ULONG ReservedFlags5 : 1; + ULONG Redirected : 1; + ULONG ReservedFlags6 : 2; + ULONG CompatDatabaseProcessed : 1; + }; + }; + USHORT ObsoleteLoadCount; + USHORT TlsIndex; + LIST_ENTRY HashLinks; + ULONG TimeDateStamp; + PACTIVATION_CONTEXT EntryPointActivationContext; + PVOID Lock; // RtlAcquireSRWLockExclusive + PLDR_DDAG_NODE DdagNode; + LIST_ENTRY NodeModuleLink; + PLDRP_LOAD_CONTEXT LoadContext; + PVOID ParentDllBase; + PVOID SwitchBackContext; + RTL_BALANCED_NODE BaseAddressIndexNode; + RTL_BALANCED_NODE MappingInfoIndexNode; + ULONG_PTR OriginalBase; + LARGE_INTEGER LoadTime; + ULONG BaseNameHashValue; + LDR_DLL_LOAD_REASON LoadReason; // since WIN8 + ULONG ImplicitPathOptions; + ULONG ReferenceCount; // since WIN10 + ULONG DependentLoadFlags; + UCHAR SigningLevel; // since REDSTONE2 + ULONG CheckSum; // since 22H1 + PVOID ActivePatchImageBase; + LDR_HOT_PATCH_STATE HotPatchState; +} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY; + +#define LDR_IS_DATAFILE(DllHandle) (((ULONG_PTR)(DllHandle)) & (ULONG_PTR)1) +#define LDR_IS_IMAGEMAPPING(DllHandle) (((ULONG_PTR)(DllHandle)) & (ULONG_PTR)2) +#define LDR_IS_RESOURCE(DllHandle) (LDR_IS_IMAGEMAPPING(DllHandle) || LDR_IS_DATAFILE(DllHandle)) +#define LDR_MAPPEDVIEW_TO_DATAFILE(BaseAddress) ((PVOID)(((ULONG_PTR)(BaseAddress)) | (ULONG_PTR)1)) +#define LDR_MAPPEDVIEW_TO_IMAGEMAPPING(BaseAddress) ((PVOID)(((ULONG_PTR)(BaseAddress)) | (ULONG_PTR)2)) +#define LDR_DATAFILE_TO_MAPPEDVIEW(DllHandle) ((PVOID)(((ULONG_PTR)(DllHandle)) & ~(ULONG_PTR)1)) +#define LDR_IMAGEMAPPING_TO_MAPPEDVIEW(DllHandle) ((PVOID)(((ULONG_PTR)(DllHandle)) & ~(ULONG_PTR)2)) + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +NTSYSAPI +NTSTATUS +NTAPI +LdrLoadDll( + _In_opt_ PWSTR DllPath, + _In_opt_ PULONG DllCharacteristics, + _In_ PUNICODE_STRING DllName, + _Out_ PVOID *DllHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrUnloadDll( + _In_ PVOID DllHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrGetDllHandle( + _In_opt_ PWSTR DllPath, + _In_opt_ PULONG DllCharacteristics, + _In_ PUNICODE_STRING DllName, + _Out_ PVOID *DllHandle + ); + +#define LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT 0x00000001 +#define LDR_GET_DLL_HANDLE_EX_PIN 0x00000002 + +NTSYSAPI +NTSTATUS +NTAPI +LdrGetDllHandleEx( + _In_ ULONG Flags, + _In_opt_ PWSTR DllPath, + _In_opt_ PULONG DllCharacteristics, + _In_ PUNICODE_STRING DllName, + _Out_ PVOID *DllHandle + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +// rev +NTSYSAPI +NTSTATUS +NTAPI +LdrGetDllHandleByMapping( + _In_ PVOID BaseAddress, + _Out_ PVOID *DllHandle + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN7) +// rev +NTSYSAPI +NTSTATUS +NTAPI +LdrGetDllHandleByName( + _In_opt_ PUNICODE_STRING BaseDllName, + _In_opt_ PUNICODE_STRING FullDllName, + _Out_ PVOID *DllHandle + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) +// rev +NTSYSAPI +NTSTATUS +NTAPI +LdrGetDllFullName( + _In_ PVOID DllHandle, + _Out_ PUNICODE_STRING FullDllName + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +LdrGetDllPath( + _In_ PCWSTR DllName, + _In_ ULONG Flags, // LOAD_LIBRARY_SEARCH_* + _Out_ PWSTR* DllPath, + _Out_ PWSTR* SearchPaths + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +LdrGetDllDirectory( + _Out_ PUNICODE_STRING DllDirectory + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +LdrSetDllDirectory( + _In_ PUNICODE_STRING DllDirectory + ); +#endif + +#define LDR_ADDREF_DLL_PIN 0x00000001 + +NTSYSAPI +NTSTATUS +NTAPI +LdrAddRefDll( + _In_ ULONG Flags, + _In_ PVOID DllHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrGetProcedureAddress( + _In_ PVOID DllHandle, + _In_opt_ PANSI_STRING ProcedureName, + _In_opt_ ULONG ProcedureNumber, + _Out_ PVOID *ProcedureAddress + ); + +// rev +#define LDR_GET_PROCEDURE_ADDRESS_DONT_RECORD_FORWARDER 0x00000001 + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +LdrGetProcedureAddressEx( + _In_ PVOID DllHandle, + _In_opt_ PANSI_STRING ProcedureName, + _In_opt_ ULONG ProcedureNumber, + _Out_ PVOID *ProcedureAddress, + _In_ ULONG Flags + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +LdrGetKnownDllSectionHandle( + _In_ PCWSTR DllName, + _In_ BOOLEAN KnownDlls32, + _Out_ PHANDLE Section + ); + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +// rev +NTSYSAPI +NTSTATUS +NTAPI +LdrGetProcedureAddressForCaller( + _In_ PVOID DllHandle, + _In_opt_ PANSI_STRING ProcedureName, + _In_opt_ ULONG ProcedureNumber, + _Out_ PVOID *ProcedureAddress, + _In_ ULONG Flags, + _In_ PVOID *Callback + ); +#endif + +#define LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS 0x00000001 +#define LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY 0x00000002 + +#define LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID 0 +#define LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED 1 +#define LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED 2 + +NTSYSAPI +NTSTATUS +NTAPI +LdrLockLoaderLock( + _In_ ULONG Flags, + _Out_opt_ ULONG *Disposition, + _Out_opt_ PVOID *Cookie + ); + +#define LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS 0x00000001 + +NTSYSAPI +NTSTATUS +NTAPI +LdrUnlockLoaderLock( + _In_ ULONG Flags, + _In_opt_ PVOID Cookie + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrRelocateImage( + _In_ PVOID NewBase, + _In_opt_ PSTR LoaderName, + _In_ NTSTATUS Success, + _In_ NTSTATUS Conflict, + _In_ NTSTATUS Invalid + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrRelocateImageWithBias( + _In_ PVOID NewBase, + _In_opt_ LONGLONG Bias, + _In_opt_ PSTR LoaderName, + _In_ NTSTATUS Success, + _In_ NTSTATUS Conflict, + _In_ NTSTATUS Invalid + ); + +NTSYSAPI +PIMAGE_BASE_RELOCATION +NTAPI +LdrProcessRelocationBlock( + _In_ ULONG_PTR VA, + _In_ ULONG SizeOfBlock, + _In_ PUSHORT NextOffset, + _In_ LONG_PTR Diff + ); + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSAPI +PIMAGE_BASE_RELOCATION +NTAPI +LdrProcessRelocationBlockEx( + _In_ ULONG Machine, // IMAGE_FILE_MACHINE_AMD64|IMAGE_FILE_MACHINE_ARM|IMAGE_FILE_MACHINE_THUMB|IMAGE_FILE_MACHINE_ARMNT + _In_ ULONG_PTR VA, + _In_ ULONG SizeOfBlock, + _In_ PUSHORT NextOffset, + _In_ LONG_PTR Diff + ); +#endif + +NTSYSAPI +BOOLEAN +NTAPI +LdrVerifyMappedImageMatchesChecksum( + _In_ PVOID BaseAddress, + _In_ SIZE_T NumberOfBytes, + _In_ ULONG FileLength + ); + +typedef VOID (NTAPI *PLDR_IMPORT_MODULE_CALLBACK)( + _In_ PVOID Parameter, + _In_ PSTR ModuleName + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrVerifyImageMatchesChecksum( + _In_ HANDLE ImageFileHandle, + _In_opt_ PLDR_IMPORT_MODULE_CALLBACK ImportCallbackRoutine, + _In_ PVOID ImportCallbackParameter, + _Out_opt_ PUSHORT ImageCharacteristics + ); + +// private +typedef struct _LDR_IMPORT_CALLBACK_INFO +{ + PLDR_IMPORT_MODULE_CALLBACK ImportCallbackRoutine; + PVOID ImportCallbackParameter; +} LDR_IMPORT_CALLBACK_INFO, *PLDR_IMPORT_CALLBACK_INFO; + +// private +typedef struct _LDR_SECTION_INFO +{ + HANDLE SectionHandle; + ACCESS_MASK DesiredAccess; + POBJECT_ATTRIBUTES ObjA; + ULONG SectionPageProtection; + ULONG AllocationAttributes; +} LDR_SECTION_INFO, *PLDR_SECTION_INFO; + +// private +typedef struct _LDR_VERIFY_IMAGE_INFO +{ + ULONG Size; + ULONG Flags; + LDR_IMPORT_CALLBACK_INFO CallbackInfo; + LDR_SECTION_INFO SectionInfo; + USHORT ImageCharacteristics; +} LDR_VERIFY_IMAGE_INFO, *PLDR_VERIFY_IMAGE_INFO; + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +LdrVerifyImageMatchesChecksumEx( + _In_ HANDLE ImageFileHandle, + _Inout_ PLDR_VERIFY_IMAGE_INFO VerifyInfo + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +LdrQueryModuleServiceTags( + _In_ PVOID DllHandle, + _Out_writes_(*BufferSize) PULONG ServiceTagBuffer, + _Inout_ PULONG BufferSize + ); +#endif + +// begin_msdn:"DLL Load Notification" + +#define LDR_DLL_NOTIFICATION_REASON_LOADED 1 +#define LDR_DLL_NOTIFICATION_REASON_UNLOADED 2 + +typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA +{ + ULONG Flags; + PUNICODE_STRING FullDllName; + PUNICODE_STRING BaseDllName; + PVOID DllBase; + ULONG SizeOfImage; +} LDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_LOADED_NOTIFICATION_DATA; + +typedef struct _LDR_DLL_UNLOADED_NOTIFICATION_DATA +{ + ULONG Flags; + PCUNICODE_STRING FullDllName; + PCUNICODE_STRING BaseDllName; + PVOID DllBase; + ULONG SizeOfImage; +} LDR_DLL_UNLOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA; + +typedef union _LDR_DLL_NOTIFICATION_DATA +{ + LDR_DLL_LOADED_NOTIFICATION_DATA Loaded; + LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded; +} LDR_DLL_NOTIFICATION_DATA, *PLDR_DLL_NOTIFICATION_DATA; + +typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)( + _In_ ULONG NotificationReason, + _In_ PLDR_DLL_NOTIFICATION_DATA NotificationData, + _In_opt_ PVOID Context + ); + +#if (PHNT_VERSION >= PHNT_VISTA) + +NTSYSAPI +NTSTATUS +NTAPI +LdrRegisterDllNotification( + _In_ ULONG Flags, + _In_ PLDR_DLL_NOTIFICATION_FUNCTION NotificationFunction, + _In_opt_ PVOID Context, + _Out_ PVOID *Cookie + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrUnregisterDllNotification( + _In_ PVOID Cookie + ); + +#endif + +// end_msdn + +// rev +NTSYSAPI +PUNICODE_STRING +NTAPI +LdrStandardizeSystemPath( + _In_ PUNICODE_STRING SystemPath + ); + +#if (PHNT_VERSION >= PHNT_WINBLUE) +typedef struct _LDR_FAILURE_DATA +{ + NTSTATUS Status; + WCHAR DllName[0x20]; + WCHAR AdditionalInfo[0x20]; +} LDR_FAILURE_DATA, *PLDR_FAILURE_DATA; + +NTSYSAPI +PLDR_FAILURE_DATA +NTAPI +LdrGetFailureData( + VOID + ); +#endif + +// private +typedef struct _PS_MITIGATION_OPTIONS_MAP +{ + ULONG_PTR Map[3]; // 2 < 20H1 +} PS_MITIGATION_OPTIONS_MAP, *PPS_MITIGATION_OPTIONS_MAP; + +// private +typedef struct _PS_MITIGATION_AUDIT_OPTIONS_MAP +{ + ULONG_PTR Map[3]; // 2 < 20H1 +} PS_MITIGATION_AUDIT_OPTIONS_MAP, *PPS_MITIGATION_AUDIT_OPTIONS_MAP; + +// private +typedef struct _PS_SYSTEM_DLL_INIT_BLOCK +{ + ULONG Size; + ULONG_PTR SystemDllWowRelocation; + ULONG_PTR SystemDllNativeRelocation; + ULONG_PTR Wow64SharedInformation[16]; // use WOW64_SHARED_INFORMATION as index + ULONG RngData; + union + { + ULONG Flags; + struct + { + ULONG CfgOverride : 1; + ULONG Reserved : 31; + }; + }; + PS_MITIGATION_OPTIONS_MAP MitigationOptionsMap; + ULONG_PTR CfgBitMap; + ULONG_PTR CfgBitMapSize; + ULONG_PTR Wow64CfgBitMap; + ULONG_PTR Wow64CfgBitMapSize; + PS_MITIGATION_AUDIT_OPTIONS_MAP MitigationAuditOptionsMap; // REDSTONE3 +} PS_SYSTEM_DLL_INIT_BLOCK, *PPS_SYSTEM_DLL_INIT_BLOCK; + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +// rev +NTSYSAPI PS_SYSTEM_DLL_INIT_BLOCK LdrSystemDllInitBlock; +#endif + +// Load as data table + +#if (PHNT_VERSION >= PHNT_VISTA) + +typedef struct _ACTIVATION_CONTEXT *PACTIVATION_CONTEXT; + +// private +NTSYSAPI +NTSTATUS +NTAPI +LdrAddLoadAsDataTable( + _In_ PVOID Module, + _In_ PWSTR FilePath, + _In_ SIZE_T Size, + _In_ HANDLE Handle, + _In_opt_ PACTIVATION_CONTEXT ActCtx + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +LdrRemoveLoadAsDataTable( + _In_ PVOID InitModule, + _Out_opt_ PVOID *BaseModule, + _Out_opt_ PSIZE_T Size, + _In_ ULONG Flags + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +LdrGetFileNameFromLoadAsDataTable( + _In_ PVOID Module, + _Out_ PVOID *pFileNamePrt + ); + +#endif + +NTSYSAPI +NTSTATUS +NTAPI +LdrDisableThreadCalloutsForDll( + _In_ PVOID DllImageBase + ); + +// Resources + +NTSYSAPI +NTSTATUS +NTAPI +LdrAccessResource( + _In_ PVOID DllHandle, + _In_ PIMAGE_RESOURCE_DATA_ENTRY ResourceDataEntry, + _Out_opt_ PVOID *ResourceBuffer, + _Out_opt_ ULONG *ResourceLength + ); + +typedef struct _LDR_RESOURCE_INFO +{ + ULONG_PTR Type; + ULONG_PTR Name; + ULONG_PTR Language; +} LDR_RESOURCE_INFO, *PLDR_RESOURCE_INFO; + +#define RESOURCE_TYPE_LEVEL 0 +#define RESOURCE_NAME_LEVEL 1 +#define RESOURCE_LANGUAGE_LEVEL 2 +#define RESOURCE_DATA_LEVEL 3 + +NTSYSAPI +NTSTATUS +NTAPI +LdrFindResource_U( + _In_ PVOID DllHandle, + _In_ PLDR_RESOURCE_INFO ResourceInfo, + _In_ ULONG Level, + _Out_ PIMAGE_RESOURCE_DATA_ENTRY *ResourceDataEntry + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrFindResourceEx_U( + _In_ ULONG Flags, + _In_ PVOID DllHandle, + _In_ PLDR_RESOURCE_INFO ResourceInfo, + _In_ ULONG Level, + _Out_ PIMAGE_RESOURCE_DATA_ENTRY *ResourceDataEntry + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrFindResourceDirectory_U( + _In_ PVOID DllHandle, + _In_ PLDR_RESOURCE_INFO ResourceInfo, + _In_ ULONG Level, + _Out_ PIMAGE_RESOURCE_DIRECTORY *ResourceDirectory + ); + +// private +typedef struct _LDR_ENUM_RESOURCE_ENTRY +{ + union + { + ULONG_PTR NameOrId; + PIMAGE_RESOURCE_DIRECTORY_STRING Name; + struct + { + USHORT Id; + USHORT NameIsPresent; + }; + } Path[3]; + PVOID Data; + ULONG Size; + ULONG Reserved; +} LDR_ENUM_RESOURCE_ENTRY, *PLDR_ENUM_RESOURCE_ENTRY; + +#define NAME_FROM_RESOURCE_ENTRY(RootDirectory, Entry) \ + ((Entry)->NameIsString ? (ULONG_PTR)((ULONG_PTR)(RootDirectory) + (ULONG_PTR)((Entry)->NameOffset)) : (Entry)->Id) + +NTSYSAPI +NTSTATUS +NTAPI +LdrEnumResources( + _In_ PVOID DllHandle, + _In_ PLDR_RESOURCE_INFO ResourceInfo, + _In_ ULONG Level, + _Inout_ ULONG *ResourceCount, + _Out_writes_to_opt_(*ResourceCount, *ResourceCount) PLDR_ENUM_RESOURCE_ENTRY Resources + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrFindEntryForAddress( + _In_ PVOID DllHandle, + _Out_ PLDR_DATA_TABLE_ENTRY *Entry + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +LdrLoadAlternateResourceModule( + _In_ PVOID DllHandle, + _Out_ PVOID *ResourceDllBase, + _Out_opt_ ULONG_PTR *ResourceOffset, + _In_ ULONG Flags + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +LdrLoadAlternateResourceModuleEx( + _In_ PVOID DllHandle, + _In_ LANGID LanguageId, + _Out_ PVOID *ResourceDllBase, + _Out_opt_ ULONG_PTR *ResourceOffset, + _In_ ULONG Flags + ); + +// rev +NTSYSAPI +BOOLEAN +NTAPI +LdrUnloadAlternateResourceModule( + _In_ PVOID DllHandle + ); + +// rev +NTSYSAPI +BOOLEAN +NTAPI +LdrUnloadAlternateResourceModuleEx( + _In_ PVOID DllHandle, + _In_ ULONG Flags + ); + +#endif // (PHNT_MODE != PHNT_MODE_KERNEL) + +// Module information + +typedef struct _RTL_PROCESS_MODULE_INFORMATION +{ + PVOID Section; + PVOID MappedBase; + PVOID ImageBase; + ULONG ImageSize; + ULONG Flags; + USHORT LoadOrderIndex; + USHORT InitOrderIndex; + USHORT LoadCount; + USHORT OffsetToFileName; + UCHAR FullPathName[256]; +} RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION; + +typedef struct _RTL_PROCESS_MODULES +{ + ULONG NumberOfModules; + _Field_size_(NumberOfModules) RTL_PROCESS_MODULE_INFORMATION Modules[1]; +} RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES; + +// private +typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX +{ + USHORT NextOffset; + RTL_PROCESS_MODULE_INFORMATION BaseInfo; + ULONG ImageChecksum; + ULONG TimeDateStamp; + PVOID DefaultBase; +} RTL_PROCESS_MODULE_INFORMATION_EX, *PRTL_PROCESS_MODULE_INFORMATION_EX; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +NTSYSAPI +NTSTATUS +NTAPI +LdrQueryProcessModuleInformation( + _In_opt_ PRTL_PROCESS_MODULES ModuleInformation, + _In_opt_ ULONG Size, + _Out_ PULONG ReturnedSize + ); + +typedef VOID (NTAPI *PLDR_ENUM_CALLBACK)( + _In_ PLDR_DATA_TABLE_ENTRY ModuleInformation, + _In_ PVOID Parameter, + _Out_ BOOLEAN *Stop + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrEnumerateLoadedModules( + _In_ BOOLEAN ReservedFlag, + _In_ PLDR_ENUM_CALLBACK EnumProc, + _In_ PVOID Context + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrOpenImageFileOptionsKey( + _In_ PUNICODE_STRING SubKey, + _In_ BOOLEAN Wow64, + _Out_ PHANDLE NewKeyHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrQueryImageFileKeyOption( + _In_ HANDLE KeyHandle, + _In_ PCWSTR ValueName, + _In_ ULONG Type, + _Out_ PVOID Buffer, + _In_ ULONG BufferSize, + _Out_opt_ PULONG ReturnedLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrQueryImageFileExecutionOptions( + _In_ PUNICODE_STRING SubKey, + _In_ PCWSTR ValueName, + _In_ ULONG ValueSize, + _Out_ PVOID Buffer, + _In_ ULONG BufferSize, + _Out_opt_ PULONG ReturnedLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +LdrQueryImageFileExecutionOptionsEx( + _In_ PUNICODE_STRING SubKey, + _In_ PCWSTR ValueName, + _In_ ULONG Type, + _Out_ PVOID Buffer, + _In_ ULONG BufferSize, + _Out_opt_ PULONG ReturnedLength, + _In_ BOOLEAN Wow64 + ); + +// private +typedef struct _DELAYLOAD_PROC_DESCRIPTOR +{ + ULONG ImportDescribedByName; + union + { + PCSTR Name; + ULONG Ordinal; + } Description; +} DELAYLOAD_PROC_DESCRIPTOR, *PDELAYLOAD_PROC_DESCRIPTOR; + +// private +typedef struct _DELAYLOAD_INFO +{ + ULONG Size; + PCIMAGE_DELAYLOAD_DESCRIPTOR DelayloadDescriptor; + PIMAGE_THUNK_DATA ThunkAddress; + PCSTR TargetDllName; + DELAYLOAD_PROC_DESCRIPTOR TargetApiDescriptor; + PVOID TargetModuleBase; + PVOID Unused; + ULONG LastError; +} DELAYLOAD_INFO, *PDELAYLOAD_INFO; + +// private +typedef PVOID (NTAPI *PDELAYLOAD_FAILURE_DLL_CALLBACK)( + _In_ ULONG NotificationReason, + _In_ PDELAYLOAD_INFO DelayloadInfo + ); + +// rev +typedef PVOID (NTAPI *PDELAYLOAD_FAILURE_SYSTEM_ROUTINE)( + _In_ PCSTR DllName, + _In_ PCSTR ProcedureName + ); + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +// rev from QueryOptionalDelayLoadedAPI +NTSYSAPI +NTSTATUS +NTAPI +LdrQueryOptionalDelayLoadedAPI( + _In_ PVOID ParentModuleBase, + _In_ PCSTR DllName, + _In_ PCSTR ProcedureName, + _Reserved_ ULONG Flags + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) +// rev from ResolveDelayLoadedAPI +NTSYSAPI +PVOID +NTAPI +LdrResolveDelayLoadedAPI( + _In_ PVOID ParentModuleBase, + _In_ PCIMAGE_DELAYLOAD_DESCRIPTOR DelayloadDescriptor, + _In_opt_ PDELAYLOAD_FAILURE_DLL_CALLBACK FailureDllHook, + _In_opt_ PDELAYLOAD_FAILURE_SYSTEM_ROUTINE FailureSystemHook, // kernel32.DelayLoadFailureHook + _Out_ PIMAGE_THUNK_DATA ThunkAddress, + _Reserved_ ULONG Flags + ); + +// rev from ResolveDelayLoadsFromDll +NTSYSAPI +NTSTATUS +NTAPI +LdrResolveDelayLoadsFromDll( + _In_ PVOID ParentModuleBase, + _In_ PCSTR TargetDllName, + _Reserved_ ULONG Flags + ); + +// rev from SetDefaultDllDirectories +NTSYSAPI +NTSTATUS +NTAPI +LdrSetDefaultDllDirectories( + _In_ ULONG DirectoryFlags + ); + +// rev from AddDllDirectory +NTSYSAPI +NTSTATUS +NTAPI +LdrAddDllDirectory( + _In_ PUNICODE_STRING NewDirectory, + _Out_ PDLL_DIRECTORY_COOKIE Cookie + ); + +// rev from RemoveDllDirectory +NTSYSAPI +NTSTATUS +NTAPI +LdrRemoveDllDirectory( + _In_ DLL_DIRECTORY_COOKIE Cookie + ); +#endif + +// rev +DECLSPEC_NORETURN +NTSYSAPI +VOID +NTAPI +LdrShutdownProcess( + VOID + ); + +// rev +DECLSPEC_NORETURN +NTSYSAPI +VOID +NTAPI +LdrShutdownThread( + VOID + ); + +#if (PHNT_VERSION >= PHNT_WINBLUE) +// rev +NTSYSAPI +NTSTATUS +NTAPI +LdrSetImplicitPathOptions( + _In_ ULONG ImplicitPathOptions + ); + +// rev +NTSYSAPI +BOOLEAN +NTAPI +LdrControlFlowGuardEnforced( + VOID + ); +#endif + +#if (PHNT_VERSION >= PHNT_19H1) +// rev +NTSYSAPI +BOOLEAN +NTAPI +LdrIsModuleSxsRedirected( + _In_ PVOID DllHandle + ); +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +// rev +NTSYSAPI +NTSTATUS +NTAPI +LdrUpdatePackageSearchPath( + _In_ PWSTR SearchPath + ); +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) + +// rev +#define ENCLAVE_STATE_CREATED 0x00000000ul // LdrpCreateSoftwareEnclave initial state +#define ENCLAVE_STATE_INITIALIZED 0x00000001ul // ZwInitializeEnclave successful (LdrInitializeEnclave) +#define ENCLAVE_STATE_INITIALIZED_VBS 0x00000002ul // only for ENCLAVE_TYPE_VBS (LdrInitializeEnclave) + +// rev +typedef struct _LDR_SOFTWARE_ENCLAVE +{ + LIST_ENTRY Links; // ntdll!LdrpEnclaveList + RTL_CRITICAL_SECTION CriticalSection; + ULONG EnclaveType; // ENCLAVE_TYPE_* + LONG ReferenceCount; + ULONG EnclaveState; // ENCLAVE_STATE_* + PVOID BaseAddress; + SIZE_T Size; + PVOID PreviousBaseAddress; + LIST_ENTRY Modules; // LDR_DATA_TABLE_ENTRY.InLoadOrderLinks + PLDR_DATA_TABLE_ENTRY PrimaryModule; + PLDR_DATA_TABLE_ENTRY BCryptModule; + PLDR_DATA_TABLE_ENTRY BCryptPrimitivesModule; +} LDR_SOFTWARE_ENCLAVE, *PLDR_SOFTWARE_ENCLAVE; + +// rev from CreateEnclave +NTSYSAPI +NTSTATUS +NTAPI +LdrCreateEnclave( + _In_ HANDLE ProcessHandle, + _Inout_ PVOID* BaseAddress, + _In_ ULONG Reserved, + _In_ SIZE_T Size, + _In_ SIZE_T InitialCommitment, + _In_ ULONG EnclaveType, + _In_reads_bytes_(EnclaveInformationLength) PVOID EnclaveInformation, + _In_ ULONG EnclaveInformationLength, + _Out_ PULONG EnclaveError + ); + +// rev from InitializeEnclave +NTSYSAPI +NTSTATUS +NTAPI +LdrInitializeEnclave( + _In_ HANDLE ProcessHandle, + _In_ PVOID BaseAddress, + _In_reads_bytes_(EnclaveInformationLength) PVOID EnclaveInformation, + _In_ ULONG EnclaveInformationLength, + _Out_ PULONG EnclaveError + ); + +// rev from DeleteEnclave +NTSYSAPI +NTSTATUS +NTAPI +LdrDeleteEnclave( + _In_ PVOID BaseAddress + ); + +// rev from CallEnclave +NTSYSAPI +NTSTATUS +NTAPI +LdrCallEnclave( + _In_ PENCLAVE_ROUTINE Routine, + _In_ ULONG Flags, // ENCLAVE_CALL_FLAG_* + _Inout_ PVOID* RoutineParamReturn + ); + +// rev from LoadEnclaveImage +NTSYSAPI +NTSTATUS +NTAPI +LdrLoadEnclaveModule( + _In_ PVOID BaseAddress, + _In_opt_ PWSTR DllPath, + _In_ PUNICODE_STRING DllName + ); + +#endif + +#endif // (PHNT_MODE != PHNT_MODE_KERNEL) + +#endif diff --git a/deps/phnt-nightly/ntlpcapi.h b/deps/phnt-nightly/ntlpcapi.h new file mode 100644 index 0000000..8bc4702 --- /dev/null +++ b/deps/phnt-nightly/ntlpcapi.h @@ -0,0 +1,1055 @@ +/* + * Local Inter-process Communication support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTLPCAPI_H +#define _NTLPCAPI_H + +#define PORT_CONNECT 0x0001 +#define PORT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1) + +typedef struct _PORT_MESSAGE +{ + union + { + struct + { + CSHORT DataLength; + CSHORT TotalLength; + } s1; + ULONG Length; + } u1; + union + { + struct + { + CSHORT Type; + CSHORT DataInfoOffset; + } s2; + ULONG ZeroInit; + } u2; + union + { + CLIENT_ID ClientId; + double DoNotUseThisField; + }; + ULONG MessageId; + union + { + SIZE_T ClientViewSize; // only valid for LPC_CONNECTION_REQUEST messages + ULONG CallbackId; // only valid for LPC_REQUEST messages + }; +} PORT_MESSAGE, *PPORT_MESSAGE; + +typedef struct _PORT_DATA_ENTRY +{ + PVOID Base; + ULONG Size; +} PORT_DATA_ENTRY, *PPORT_DATA_ENTRY; + +typedef struct _PORT_DATA_INFORMATION +{ + ULONG CountDataEntries; + _Field_size_(CountDataEntries) PORT_DATA_ENTRY DataEntries[1]; +} PORT_DATA_INFORMATION, *PPORT_DATA_INFORMATION; + +#define LPC_REQUEST 1 +#define LPC_REPLY 2 +#define LPC_DATAGRAM 3 +#define LPC_LOST_REPLY 4 +#define LPC_PORT_CLOSED 5 +#define LPC_CLIENT_DIED 6 +#define LPC_EXCEPTION 7 +#define LPC_DEBUG_EVENT 8 +#define LPC_ERROR_EVENT 9 +#define LPC_CONNECTION_REQUEST 10 +#define LPC_CONTINUATION_REQUIRED 0x2000 + +#define LPC_KERNELMODE_MESSAGE (CSHORT)0x8000 +#define LPC_NO_IMPERSONATE (CSHORT)0x4000 + +#define PORT_VALID_OBJECT_ATTRIBUTES OBJ_CASE_INSENSITIVE + +#ifdef _WIN64 +#define PORT_MAXIMUM_MESSAGE_LENGTH 512 +#else +#define PORT_MAXIMUM_MESSAGE_LENGTH 256 +#endif + +#define LPC_MAX_CONNECTION_INFO_SIZE (16 * sizeof(ULONG_PTR)) + +#define PORT_TOTAL_MAXIMUM_MESSAGE_LENGTH \ + ((PORT_MAXIMUM_MESSAGE_LENGTH + sizeof(PORT_MESSAGE) + LPC_MAX_CONNECTION_INFO_SIZE + 0xf) & ~0xf) + +typedef struct _LPC_CLIENT_DIED_MSG +{ + PORT_MESSAGE PortMsg; + LARGE_INTEGER CreateTime; +} LPC_CLIENT_DIED_MSG, *PLPC_CLIENT_DIED_MSG; + +typedef struct _PORT_VIEW +{ + ULONG Length; + HANDLE SectionHandle; + ULONG SectionOffset; + SIZE_T ViewSize; + PVOID ViewBase; + PVOID ViewRemoteBase; +} PORT_VIEW, *PPORT_VIEW; + +typedef struct _REMOTE_PORT_VIEW +{ + ULONG Length; + SIZE_T ViewSize; + PVOID ViewBase; +} REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW; + +// WOW64 definitions + +// Except in a small number of special cases, WOW64 programs using the LPC APIs must use the 64-bit versions of the +// PORT_MESSAGE, PORT_VIEW and REMOTE_PORT_VIEW data structures. Note that we take a different approach than the +// official NT headers, which produce 64-bit versions in a 32-bit environment when USE_LPC6432 is defined. + +typedef struct _PORT_MESSAGE64 +{ + union + { + struct + { + CSHORT DataLength; + CSHORT TotalLength; + } s1; + ULONG Length; + } u1; + union + { + struct + { + CSHORT Type; + CSHORT DataInfoOffset; + } s2; + ULONG ZeroInit; + } u2; + union + { + CLIENT_ID64 ClientId; + double DoNotUseThisField; + }; + ULONG MessageId; + union + { + ULONGLONG ClientViewSize; // only valid for LPC_CONNECTION_REQUEST messages + ULONG CallbackId; // only valid for LPC_REQUEST messages + }; +} PORT_MESSAGE64, *PPORT_MESSAGE64; + +typedef struct _LPC_CLIENT_DIED_MSG64 +{ + PORT_MESSAGE64 PortMsg; + LARGE_INTEGER CreateTime; +} LPC_CLIENT_DIED_MSG64, *PLPC_CLIENT_DIED_MSG64; + +typedef struct _PORT_VIEW64 +{ + ULONG Length; + ULONGLONG SectionHandle; + ULONG SectionOffset; + ULONGLONG ViewSize; + ULONGLONG ViewBase; + ULONGLONG ViewRemoteBase; +} PORT_VIEW64, *PPORT_VIEW64; + +typedef struct _REMOTE_PORT_VIEW64 +{ + ULONG Length; + ULONGLONG ViewSize; + ULONGLONG ViewBase; +} REMOTE_PORT_VIEW64, *PREMOTE_PORT_VIEW64; + +// Port creation + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreatePort( + _Out_ PHANDLE PortHandle, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG MaxConnectionInfoLength, + _In_ ULONG MaxMessageLength, + _In_opt_ ULONG MaxPoolUsage + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateWaitablePort( + _Out_ PHANDLE PortHandle, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG MaxConnectionInfoLength, + _In_ ULONG MaxMessageLength, + _In_opt_ ULONG MaxPoolUsage + ); + +// Port connection (client) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtConnectPort( + _Out_ PHANDLE PortHandle, + _In_ PUNICODE_STRING PortName, + _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos, + _Inout_opt_ PPORT_VIEW ClientView, + _Inout_opt_ PREMOTE_PORT_VIEW ServerView, + _Out_opt_ PULONG MaxMessageLength, + _Inout_updates_bytes_to_opt_(*ConnectionInformationLength, *ConnectionInformationLength) PVOID ConnectionInformation, + _Inout_opt_ PULONG ConnectionInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSecureConnectPort( + _Out_ PHANDLE PortHandle, + _In_ PUNICODE_STRING PortName, + _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos, + _Inout_opt_ PPORT_VIEW ClientView, + _In_opt_ PSID RequiredServerSid, + _Inout_opt_ PREMOTE_PORT_VIEW ServerView, + _Out_opt_ PULONG MaxMessageLength, + _Inout_updates_bytes_to_opt_(*ConnectionInformationLength, *ConnectionInformationLength) PVOID ConnectionInformation, + _Inout_opt_ PULONG ConnectionInformationLength + ); + +// Port connection (server) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtListenPort( + _In_ HANDLE PortHandle, + _Out_ PPORT_MESSAGE ConnectionRequest + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAcceptConnectPort( + _Out_ PHANDLE PortHandle, + _In_opt_ PVOID PortContext, + _In_ PPORT_MESSAGE ConnectionRequest, + _In_ BOOLEAN AcceptConnection, + _Inout_opt_ PPORT_VIEW ServerView, + _Out_opt_ PREMOTE_PORT_VIEW ClientView + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCompleteConnectPort( + _In_ HANDLE PortHandle + ); + +// General + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRequestPort( + _In_ HANDLE PortHandle, + _In_reads_bytes_(RequestMessage->u1.s1.TotalLength) PPORT_MESSAGE RequestMessage + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRequestWaitReplyPort( + _In_ HANDLE PortHandle, + _In_reads_bytes_(RequestMessage->u1.s1.TotalLength) PPORT_MESSAGE RequestMessage, + _Out_ PPORT_MESSAGE ReplyMessage + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReplyPort( + _In_ HANDLE PortHandle, + _In_reads_bytes_(ReplyMessage->u1.s1.TotalLength) PPORT_MESSAGE ReplyMessage + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReplyWaitReplyPort( + _In_ HANDLE PortHandle, + _Inout_ PPORT_MESSAGE ReplyMessage + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReplyWaitReceivePort( + _In_ HANDLE PortHandle, + _Out_opt_ PVOID *PortContext, + _In_reads_bytes_opt_(ReplyMessage->u1.s1.TotalLength) PPORT_MESSAGE ReplyMessage, + _Out_ PPORT_MESSAGE ReceiveMessage + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReplyWaitReceivePortEx( + _In_ HANDLE PortHandle, + _Out_opt_ PVOID *PortContext, + _In_reads_bytes_opt_(ReplyMessage->u1.s1.TotalLength) PPORT_MESSAGE ReplyMessage, + _Out_ PPORT_MESSAGE ReceiveMessage, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtImpersonateClientOfPort( + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE Message + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReadRequestData( + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE Message, + _In_ ULONG DataEntryIndex, + _Out_writes_bytes_to_(BufferSize, *NumberOfBytesRead) PVOID Buffer, + _In_ SIZE_T BufferSize, + _Out_opt_ PSIZE_T NumberOfBytesRead + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWriteRequestData( + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE Message, + _In_ ULONG DataEntryIndex, + _In_reads_bytes_(BufferSize) PVOID Buffer, + _In_ SIZE_T BufferSize, + _Out_opt_ PSIZE_T NumberOfBytesWritten + ); + +typedef enum _PORT_INFORMATION_CLASS +{ + PortBasicInformation, + PortDumpInformation +} PORT_INFORMATION_CLASS; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInformationPort( + _In_ HANDLE PortHandle, + _In_ PORT_INFORMATION_CLASS PortInformationClass, + _Out_writes_bytes_to_(Length, *ReturnLength) PVOID PortInformation, + _In_ ULONG Length, + _Out_opt_ PULONG ReturnLength + ); + +// Asynchronous Local Inter-process Communication + +// rev +typedef HANDLE ALPC_HANDLE, *PALPC_HANDLE; + +#define ALPC_PORFLG_LPC_MODE 0x1000 // kernel only +#define ALPC_PORFLG_ALLOW_IMPERSONATION 0x10000 +#define ALPC_PORFLG_ALLOW_LPC_REQUESTS 0x20000 // rev +#define ALPC_PORFLG_WAITABLE_PORT 0x40000 // dbg +#define ALPC_PORFLG_ALLOW_DUP_OBJECT 0x80000 +#define ALPC_PORFLG_SYSTEM_PROCESS 0x100000 // dbg +#define ALPC_PORFLG_WAKE_POLICY1 0x200000 +#define ALPC_PORFLG_WAKE_POLICY2 0x400000 +#define ALPC_PORFLG_WAKE_POLICY3 0x800000 +#define ALPC_PORFLG_DIRECT_MESSAGE 0x1000000 +#define ALPC_PORFLG_ALLOW_MULTIHANDLE_ATTRIBUTE 0x2000000 + +#define ALPC_PORFLG_OBJECT_TYPE_FILE 0x0001 +#define ALPC_PORFLG_OBJECT_TYPE_INVALID 0x0002 +#define ALPC_PORFLG_OBJECT_TYPE_THREAD 0x0004 +#define ALPC_PORFLG_OBJECT_TYPE_SEMAPHORE 0x0008 +#define ALPC_PORFLG_OBJECT_TYPE_EVENT 0x0010 +#define ALPC_PORFLG_OBJECT_TYPE_PROCESS 0X0020 +#define ALPC_PORFLG_OBJECT_TYPE_MUTEX 0x0040 +#define ALPC_PORFLG_OBJECT_TYPE_SECTION 0x0080 +#define ALPC_PORFLG_OBJECT_TYPE_REGKEY 0x0100 +#define ALPC_PORFLG_OBJECT_TYPE_TOKEN 0x0200 +#define ALPC_PORFLG_OBJECT_TYPE_COMPOSITION 0x0400 +#define ALPC_PORFLG_OBJECT_TYPE_JOB 0x0800 +#define ALPC_PORFLG_OBJECT_TYPE_ALL \ + (ALPC_PORFLG_OBJECT_TYPE_FILE | ALPC_PORFLG_OBJECT_TYPE_THREAD | \ + ALPC_PORFLG_OBJECT_TYPE_SEMAPHORE | ALPC_PORFLG_OBJECT_TYPE_EVENT | \ + ALPC_PORFLG_OBJECT_TYPE_PROCESS | ALPC_PORFLG_OBJECT_TYPE_MUTEX | \ + ALPC_PORFLG_OBJECT_TYPE_SECTION | ALPC_PORFLG_OBJECT_TYPE_REGKEY | \ + ALPC_PORFLG_OBJECT_TYPE_TOKEN | ALPC_PORFLG_OBJECT_TYPE_COMPOSITION | \ + ALPC_PORFLG_OBJECT_TYPE_JOB) + +// symbols +typedef struct _ALPC_PORT_ATTRIBUTES +{ + ULONG Flags; + SECURITY_QUALITY_OF_SERVICE SecurityQos; + SIZE_T MaxMessageLength; + SIZE_T MemoryBandwidth; + SIZE_T MaxPoolUsage; + SIZE_T MaxSectionSize; + SIZE_T MaxViewSize; + SIZE_T MaxTotalSectionSize; + ULONG DupObjectTypes; +#ifdef _WIN64 + ULONG Reserved; +#endif +} ALPC_PORT_ATTRIBUTES, *PALPC_PORT_ATTRIBUTES; + +// begin_rev +#define ALPC_MESSAGE_SECURITY_ATTRIBUTE 0x80000000 +#define ALPC_MESSAGE_VIEW_ATTRIBUTE 0x40000000 +#define ALPC_MESSAGE_CONTEXT_ATTRIBUTE 0x20000000 +#define ALPC_MESSAGE_HANDLE_ATTRIBUTE 0x10000000 +// end_rev + +// symbols +typedef struct _ALPC_MESSAGE_ATTRIBUTES +{ + ULONG AllocatedAttributes; + ULONG ValidAttributes; +} ALPC_MESSAGE_ATTRIBUTES, *PALPC_MESSAGE_ATTRIBUTES; + +// symbols +typedef struct _ALPC_COMPLETION_LIST_STATE +{ + union + { + struct + { + ULONG64 Head : 24; + ULONG64 Tail : 24; + ULONG64 ActiveThreadCount : 16; + } s1; + ULONG64 Value; + } u1; +} ALPC_COMPLETION_LIST_STATE, *PALPC_COMPLETION_LIST_STATE; + +#define ALPC_COMPLETION_LIST_BUFFER_GRANULARITY_MASK 0x3f // dbg + +// symbols +typedef struct DECLSPEC_ALIGN(128) _ALPC_COMPLETION_LIST_HEADER +{ + ULONG64 StartMagic; + + ULONG TotalSize; + ULONG ListOffset; + ULONG ListSize; + ULONG BitmapOffset; + ULONG BitmapSize; + ULONG DataOffset; + ULONG DataSize; + ULONG AttributeFlags; + ULONG AttributeSize; + + DECLSPEC_ALIGN(128) ALPC_COMPLETION_LIST_STATE State; + ULONG LastMessageId; + ULONG LastCallbackId; + DECLSPEC_ALIGN(128) ULONG PostCount; + DECLSPEC_ALIGN(128) ULONG ReturnCount; + DECLSPEC_ALIGN(128) ULONG LogSequenceNumber; + DECLSPEC_ALIGN(128) RTL_SRWLOCK UserLock; + + ULONG64 EndMagic; +} ALPC_COMPLETION_LIST_HEADER, *PALPC_COMPLETION_LIST_HEADER; + +// private +typedef struct _ALPC_CONTEXT_ATTR +{ + PVOID PortContext; + PVOID MessageContext; + ULONG Sequence; + ULONG MessageId; + ULONG CallbackId; +} ALPC_CONTEXT_ATTR, *PALPC_CONTEXT_ATTR; + +// begin_rev +#define ALPC_HANDLEFLG_DUPLICATE_SAME_ACCESS 0x10000 +#define ALPC_HANDLEFLG_DUPLICATE_SAME_ATTRIBUTES 0x20000 +#define ALPC_HANDLEFLG_DUPLICATE_INHERIT 0x80000 +// end_rev + +// private +typedef struct _ALPC_HANDLE_ATTR32 +{ + ULONG Flags; + ULONG Reserved0; + ULONG SameAccess; + ULONG SameAttributes; + ULONG Indirect; + ULONG Inherit; + ULONG Reserved1; + ULONG Handle; + ULONG ObjectType; // ObjectTypeCode, not ObjectTypeIndex + ULONG DesiredAccess; + ULONG GrantedAccess; +} ALPC_HANDLE_ATTR32, *PALPC_HANDLE_ATTR32; + +// private +typedef struct _ALPC_HANDLE_ATTR +{ + ULONG Flags; + ULONG Reserved0; + ULONG SameAccess; + ULONG SameAttributes; + ULONG Indirect; + ULONG Inherit; + ULONG Reserved1; + HANDLE Handle; + PALPC_HANDLE_ATTR32 HandleAttrArray; + ULONG ObjectType; // ObjectTypeCode, not ObjectTypeIndex + ULONG HandleCount; + ACCESS_MASK DesiredAccess; + ACCESS_MASK GrantedAccess; +} ALPC_HANDLE_ATTR, *PALPC_HANDLE_ATTR; + +#define ALPC_SECFLG_CREATE_HANDLE 0x20000 // dbg +#define ALPC_SECFLG_NOSECTIONHANDLE 0x40000 + +// private +typedef struct _ALPC_SECURITY_ATTR +{ + ULONG Flags; + PSECURITY_QUALITY_OF_SERVICE QoS; + ALPC_HANDLE ContextHandle; // dbg +} ALPC_SECURITY_ATTR, *PALPC_SECURITY_ATTR; + +// begin_rev +#define ALPC_VIEWFLG_NOT_SECURE 0x40000 +// end_rev + +// private +typedef struct _ALPC_DATA_VIEW_ATTR +{ + ULONG Flags; + ALPC_HANDLE SectionHandle; + PVOID ViewBase; // must be zero on input + SIZE_T ViewSize; +} ALPC_DATA_VIEW_ATTR, *PALPC_DATA_VIEW_ATTR; + +// private +typedef enum _ALPC_PORT_INFORMATION_CLASS +{ + AlpcBasicInformation, // q: out ALPC_BASIC_INFORMATION + AlpcPortInformation, // s: in ALPC_PORT_ATTRIBUTES + AlpcAssociateCompletionPortInformation, // s: in ALPC_PORT_ASSOCIATE_COMPLETION_PORT + AlpcConnectedSIDInformation, // q: in SID + AlpcServerInformation, // q: inout ALPC_SERVER_INFORMATION + AlpcMessageZoneInformation, // s: in ALPC_PORT_MESSAGE_ZONE_INFORMATION + AlpcRegisterCompletionListInformation, // s: in ALPC_PORT_COMPLETION_LIST_INFORMATION + AlpcUnregisterCompletionListInformation, // s: VOID + AlpcAdjustCompletionListConcurrencyCountInformation, // s: in ULONG + AlpcRegisterCallbackInformation, // s: ALPC_REGISTER_CALLBACK // kernel-mode only + AlpcCompletionListRundownInformation, // s: VOID // 10 + AlpcWaitForPortReferences, + AlpcServerSessionInformation // q: ALPC_SERVER_SESSION_INFORMATION // since 19H2 +} ALPC_PORT_INFORMATION_CLASS; + +// private +typedef struct _ALPC_BASIC_INFORMATION +{ + ULONG Flags; + ULONG SequenceNo; + PVOID PortContext; +} ALPC_BASIC_INFORMATION, *PALPC_BASIC_INFORMATION; + +// private +typedef struct _ALPC_PORT_ASSOCIATE_COMPLETION_PORT +{ + PVOID CompletionKey; + HANDLE CompletionPort; +} ALPC_PORT_ASSOCIATE_COMPLETION_PORT, *PALPC_PORT_ASSOCIATE_COMPLETION_PORT; + +// private +typedef struct _ALPC_SERVER_INFORMATION +{ + union + { + struct + { + HANDLE ThreadHandle; + } In; + struct + { + BOOLEAN ThreadBlocked; + HANDLE ConnectedProcessId; + UNICODE_STRING ConnectionPortName; + } Out; + }; +} ALPC_SERVER_INFORMATION, *PALPC_SERVER_INFORMATION; + +// private +typedef struct _ALPC_PORT_MESSAGE_ZONE_INFORMATION +{ + PVOID Buffer; + ULONG Size; +} ALPC_PORT_MESSAGE_ZONE_INFORMATION, *PALPC_PORT_MESSAGE_ZONE_INFORMATION; + +// private +typedef struct _ALPC_PORT_COMPLETION_LIST_INFORMATION +{ + PVOID Buffer; // PALPC_COMPLETION_LIST_HEADER + ULONG Size; + ULONG ConcurrencyCount; + ULONG AttributeFlags; +} ALPC_PORT_COMPLETION_LIST_INFORMATION, *PALPC_PORT_COMPLETION_LIST_INFORMATION; + +// private +typedef struct _ALPC_REGISTER_CALLBACK +{ + PVOID CallbackObject; // PCALLBACK_OBJECT + PVOID CallbackContext; +} ALPC_REGISTER_CALLBACK, *PALPC_REGISTER_CALLBACK; + +// private +typedef struct _ALPC_SERVER_SESSION_INFORMATION +{ + ULONG SessionId; + ULONG ProcessId; +} ALPC_SERVER_SESSION_INFORMATION, *PALPC_SERVER_SESSION_INFORMATION; + +// private +typedef enum _ALPC_MESSAGE_INFORMATION_CLASS +{ + AlpcMessageSidInformation, // q: out SID + AlpcMessageTokenModifiedIdInformation, // q: out LUID + AlpcMessageDirectStatusInformation, + AlpcMessageHandleInformation, // ALPC_MESSAGE_HANDLE_INFORMATION + MaxAlpcMessageInfoClass +} ALPC_MESSAGE_INFORMATION_CLASS, *PALPC_MESSAGE_INFORMATION_CLASS; + +typedef struct _ALPC_MESSAGE_HANDLE_INFORMATION +{ + ULONG Index; + ULONG Flags; + ULONG Handle; + ULONG ObjectType; + ACCESS_MASK GrantedAccess; +} ALPC_MESSAGE_HANDLE_INFORMATION, *PALPC_MESSAGE_HANDLE_INFORMATION; + +// begin_private + +#if (PHNT_VERSION >= PHNT_VISTA) + +// System calls + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcCreatePort( + _Out_ PHANDLE PortHandle, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcDisconnectPort( + _In_ HANDLE PortHandle, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcQueryInformation( + _In_opt_ HANDLE PortHandle, + _In_ ALPC_PORT_INFORMATION_CLASS PortInformationClass, + _Inout_updates_bytes_to_(Length, *ReturnLength) PVOID PortInformation, + _In_ ULONG Length, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcSetInformation( + _In_ HANDLE PortHandle, + _In_ ALPC_PORT_INFORMATION_CLASS PortInformationClass, + _In_reads_bytes_opt_(Length) PVOID PortInformation, + _In_ ULONG Length + ); + +#define ALPC_CREATEPORTSECTIONFLG_SECURE 0x40000 // rev + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcCreatePortSection( + _In_ HANDLE PortHandle, + _In_ ULONG Flags, + _In_opt_ HANDLE SectionHandle, + _In_ SIZE_T SectionSize, + _Out_ PALPC_HANDLE AlpcSectionHandle, + _Out_ PSIZE_T ActualSectionSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcDeletePortSection( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _In_ ALPC_HANDLE SectionHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcCreateResourceReserve( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _In_ SIZE_T MessageSize, + _Out_ PALPC_HANDLE ResourceId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcDeleteResourceReserve( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _In_ ALPC_HANDLE ResourceId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcCreateSectionView( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _Inout_ PALPC_DATA_VIEW_ATTR ViewAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcDeleteSectionView( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _In_ PVOID ViewBase + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcCreateSecurityContext( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _Inout_ PALPC_SECURITY_ATTR SecurityAttribute + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcDeleteSecurityContext( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _In_ ALPC_HANDLE ContextHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcRevokeSecurityContext( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _In_ ALPC_HANDLE ContextHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcQueryInformationMessage( + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE PortMessage, + _In_ ALPC_MESSAGE_INFORMATION_CLASS MessageInformationClass, + _Out_writes_bytes_to_opt_(Length, *ReturnLength) PVOID MessageInformation, + _In_ ULONG Length, + _Out_opt_ PULONG ReturnLength + ); + +#define ALPC_MSGFLG_REPLY_MESSAGE 0x1 +#define ALPC_MSGFLG_LPC_MODE 0x2 +#define ALPC_MSGFLG_RELEASE_MESSAGE 0x10000 // dbg +#define ALPC_MSGFLG_SYNC_REQUEST 0x20000 // dbg +#define ALPC_MSGFLG_TRACK_PORT_REFERENCES 0x40000 +#define ALPC_MSGFLG_WAIT_USER_MODE 0x100000 +#define ALPC_MSGFLG_WAIT_ALERTABLE 0x200000 +#define ALPC_MSGFLG_WOW64_CALL 0x80000000 // dbg + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcConnectPort( + _Out_ PHANDLE PortHandle, + _In_ PUNICODE_STRING PortName, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes, + _In_ ULONG Flags, + _In_opt_ PSID RequiredServerSid, + _Inout_updates_bytes_to_opt_(*BufferLength, *BufferLength) PPORT_MESSAGE ConnectionMessage, + _Inout_opt_ PSIZE_T BufferLength, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES InMessageAttributes, + _In_opt_ PLARGE_INTEGER Timeout + ); + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcConnectPortEx( + _Out_ PHANDLE PortHandle, + _In_ POBJECT_ATTRIBUTES ConnectionPortObjectAttributes, + _In_opt_ POBJECT_ATTRIBUTES ClientPortObjectAttributes, + _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes, + _In_ ULONG Flags, + _In_opt_ PSECURITY_DESCRIPTOR ServerSecurityRequirements, + _Inout_updates_bytes_to_opt_(*BufferLength, *BufferLength) PPORT_MESSAGE ConnectionMessage, + _Inout_opt_ PSIZE_T BufferLength, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES InMessageAttributes, + _In_opt_ PLARGE_INTEGER Timeout + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcAcceptConnectPort( + _Out_ PHANDLE PortHandle, + _In_ HANDLE ConnectionPortHandle, + _In_ ULONG Flags, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes, + _In_opt_ PVOID PortContext, + _In_reads_bytes_(ConnectionRequest->u1.s1.TotalLength) PPORT_MESSAGE ConnectionRequest, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES ConnectionMessageAttributes, + _In_ BOOLEAN AcceptConnection + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcSendWaitReceivePort( + _In_ HANDLE PortHandle, + _In_ ULONG Flags, + _In_reads_bytes_opt_(SendMessage->u1.s1.TotalLength) PPORT_MESSAGE SendMessage, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES SendMessageAttributes, + _Out_writes_bytes_to_opt_(*BufferLength, *BufferLength) PPORT_MESSAGE ReceiveMessage, + _Inout_opt_ PSIZE_T BufferLength, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES ReceiveMessageAttributes, + _In_opt_ PLARGE_INTEGER Timeout + ); + +#define ALPC_CANCELFLG_TRY_CANCEL 0x1 // dbg +#define ALPC_CANCELFLG_NO_CONTEXT_CHECK 0x8 +#define ALPC_CANCELFLGP_FLUSH 0x10000 // dbg + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcCancelMessage( + _In_ HANDLE PortHandle, + _In_ ULONG Flags, + _In_ PALPC_CONTEXT_ATTR MessageContext + ); + +#define ALPC_IMPERSONATEFLG_ANONYMOUS 0x1 +#define ALPC_IMPERSONATEFLG_REQUIRE_IMPERSONATE 0x2 +//ALPC_IMPERSONATEFLG 0x3-0x10 (SECURITY_IMPERSONATION_LEVEL) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcImpersonateClientOfPort( + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE Message, + _In_ PVOID Flags + ); + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcImpersonateClientContainerOfPort( + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE Message, + _Reserved_ ULONG Flags + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcOpenSenderProcess( + _Out_ PHANDLE ProcessHandle, + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE PortMessage, + _Reserved_ ULONG Flags, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlpcOpenSenderThread( + _Out_ PHANDLE ThreadHandle, + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE PortMessage, + _Reserved_ ULONG Flags, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +// Support functions + +NTSYSAPI +ULONG +NTAPI +AlpcMaxAllowedMessageLength( + VOID + ); + +NTSYSAPI +ULONG +NTAPI +AlpcGetHeaderSize( + _In_ ULONG Flags + ); + +#define ALPC_ATTRFLG_ALLOCATEDATTR 0x20000000 +#define ALPC_ATTRFLG_VALIDATTR 0x40000000 +#define ALPC_ATTRFLG_KEEPRUNNINGATTR 0x60000000 + +NTSYSAPI +NTSTATUS +NTAPI +AlpcInitializeMessageAttribute( + _In_ ULONG AttributeFlags, + _Out_opt_ PALPC_MESSAGE_ATTRIBUTES Buffer, + _In_ SIZE_T BufferSize, + _Out_ PSIZE_T RequiredBufferSize + ); + +NTSYSAPI +PVOID +NTAPI +AlpcGetMessageAttribute( + _In_ PALPC_MESSAGE_ATTRIBUTES Buffer, + _In_ ULONG AttributeFlag + ); + +NTSYSAPI +NTSTATUS +NTAPI +AlpcRegisterCompletionList( + _In_ HANDLE PortHandle, + _Out_ PALPC_COMPLETION_LIST_HEADER Buffer, + _In_ ULONG Size, + _In_ ULONG ConcurrencyCount, + _In_ ULONG AttributeFlags + ); + +NTSYSAPI +NTSTATUS +NTAPI +AlpcUnregisterCompletionList( + _In_ HANDLE PortHandle + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +// rev +NTSYSAPI +NTSTATUS +NTAPI +AlpcRundownCompletionList( + _In_ HANDLE PortHandle + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +AlpcAdjustCompletionListConcurrencyCount( + _In_ HANDLE PortHandle, + _In_ ULONG ConcurrencyCount + ); + +NTSYSAPI +BOOLEAN +NTAPI +AlpcRegisterCompletionListWorkerThread( + _Inout_ PVOID CompletionList + ); + +NTSYSAPI +BOOLEAN +NTAPI +AlpcUnregisterCompletionListWorkerThread( + _Inout_ PVOID CompletionList + ); + +NTSYSAPI +VOID +NTAPI +AlpcGetCompletionListLastMessageInformation( + _In_ PVOID CompletionList, + _Out_ PULONG LastMessageId, + _Out_ PULONG LastCallbackId + ); + +NTSYSAPI +ULONG +NTAPI +AlpcGetOutstandingCompletionListMessageCount( + _In_ PVOID CompletionList + ); + +NTSYSAPI +PPORT_MESSAGE +NTAPI +AlpcGetMessageFromCompletionList( + _In_ PVOID CompletionList, + _Out_opt_ PALPC_MESSAGE_ATTRIBUTES *MessageAttributes + ); + +NTSYSAPI +VOID +NTAPI +AlpcFreeCompletionListMessage( + _Inout_ PVOID CompletionList, + _In_ PPORT_MESSAGE Message + ); + +NTSYSAPI +PALPC_MESSAGE_ATTRIBUTES +NTAPI +AlpcGetCompletionListMessageAttributes( + _In_ PVOID CompletionList, + _In_ PPORT_MESSAGE Message + ); + +#endif + +// end_private + +#endif diff --git a/deps/phnt-nightly/ntmisc.h b/deps/phnt-nightly/ntmisc.h new file mode 100644 index 0000000..ac6f429 --- /dev/null +++ b/deps/phnt-nightly/ntmisc.h @@ -0,0 +1,640 @@ +/* + * Trace Control support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTMISC_H +#define _NTMISC_H + +// Filter manager + +#define FLT_PORT_CONNECT 0x0001 +#define FLT_PORT_ALL_ACCESS (FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL) + +// VDM + +typedef enum _VDMSERVICECLASS +{ + VdmStartExecution, + VdmQueueInterrupt, + VdmDelayInterrupt, + VdmInitialize, + VdmFeatures, + VdmSetInt21Handler, + VdmQueryDir, + VdmPrinterDirectIoOpen, + VdmPrinterDirectIoClose, + VdmPrinterInitialize, + VdmSetLdtEntries, + VdmSetProcessLdtInfo, + VdmAdlibEmulation, + VdmPMCliControl, + VdmQueryVdmProcess, + VdmPreInitialize +} VDMSERVICECLASS, *PVDMSERVICECLASS; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtVdmControl( + _In_ VDMSERVICECLASS Service, + _Inout_ PVOID ServiceData + ); + +// WMI/ETW + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtTraceEvent( + _In_ HANDLE TraceHandle, + _In_ ULONG Flags, + _In_ ULONG FieldSize, + _In_ PVOID Fields + ); + +// rev +typedef enum _ETWTRACECONTROLCODE +{ + EtwStartLoggerCode = 1, // inout WMI_LOGGER_INFORMATION + EtwStopLoggerCode = 2, // inout WMI_LOGGER_INFORMATION + EtwQueryLoggerCode = 3, // inout WMI_LOGGER_INFORMATION + EtwUpdateLoggerCode = 4, // inout WMI_LOGGER_INFORMATION + EtwFlushLoggerCode = 5, // inout WMI_LOGGER_INFORMATION + EtwIncrementLoggerFile = 6, // inout WMI_LOGGER_INFORMATION + EtwRealtimeTransition = 7, // inout WMI_LOGGER_INFORMATION + // reserved + EtwRealtimeConnectCode = 11, + EtwActivityIdCreate = 12, + EtwWdiScenarioCode = 13, + EtwRealtimeDisconnectCode = 14, // in HANDLE + EtwRegisterGuidsCode = 15, + EtwReceiveNotification = 16, + EtwSendDataBlock = 17, // ETW_ENABLE_NOTIFICATION_PACKET + EtwSendReplyDataBlock = 18, + EtwReceiveReplyDataBlock = 19, + EtwWdiSemUpdate = 20, + EtwEnumTraceGuidList = 21, // out GUID[] + EtwGetTraceGuidInfo = 22, // in GUID, out ETW_TRACE_GUID_INFO + EtwEnumerateTraceGuids = 23, + EtwRegisterSecurityProv = 24, + EtwReferenceTimeCode = 25, // in ULONG LoggerId, out ETW_REF_CLOCK + EtwTrackBinaryCode = 26, // in HANDLE + EtwAddNotificationEvent = 27, + EtwUpdateDisallowList = 28, + EtwSetEnableAllKeywordsCode = 29, + EtwSetProviderTraitsCode = 30, + EtwUseDescriptorTypeCode = 31, + EtwEnumTraceGroupList = 32, + EtwGetTraceGroupInfo = 33, + EtwGetDisallowList = 34, + EtwSetCompressionSettings = 35, + EtwGetCompressionSettings = 36, + EtwUpdatePeriodicCaptureState = 37, + EtwGetPrivateSessionTraceHandle = 38, + EtwRegisterPrivateSession = 39, + EtwQuerySessionDemuxObject = 40, + EtwSetProviderBinaryTracking = 41, + EtwMaxLoggers = 42, // out ULONG + EtwMaxPmcCounter = 43, // out ULONG + EtwQueryUsedProcessorCount = 44, // ULONG // since WIN11 + EtwGetPmcOwnership = 45, + EtwGetPmcSessions = 46, +} ETWTRACECONTROLCODE; + +// public TRACE_PROVIDER_INSTANCE_INFO +typedef struct _ETW_TRACE_PROVIDER_INSTANCE_INFO +{ + ULONG NextOffset; + ULONG EnableCount; + ULONG Pid; + ULONG Flags; +} ETW_TRACE_PROVIDER_INSTANCE_INFO, *PETW_TRACE_PROVIDER_INSTANCE_INFO; + +// public TRACE_GUID_INFO +typedef struct _ETW_TRACE_GUID_INFO +{ + ULONG InstanceCount; + ULONG Reserved; + //ETW_TRACE_PROVIDER_INSTANCE_INFO Instances[1]; +} ETW_TRACE_GUID_INFO, *PETW_TRACE_GUID_INFO; + +typedef struct _ETW_REF_CLOCK +{ + LARGE_INTEGER StartTime; + LARGE_INTEGER StartPerfClock; +} ETW_REF_CLOCK, *PETW_REF_CLOCK; + +#if (PHNT_VERSION >= PHNT_VISTA) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtTraceControl( + _In_ ETWTRACECONTROLCODE TraceControlCode, + _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, + _In_ ULONG InputBufferLength, + _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, + _In_ ULONG OutputBufferLength, + _Out_ PULONG ReturnLength + ); + +#endif + +// +// Maximum supported buffer size in KB - Win8 (16MB) +// +// N.B. Prior to Win8 the value was 1MB (1024KB). +#define MIN_ETW_BUFFER_SIZE 1 // in KBytes +#define MAX_ETW_BUFFER_SIZE (16 * 1024) // in KBytes +#define MAX_ETW_BUFFER_SIZE_WIN7 (1 * 1024) // in KBytes +#define MAX_ETW_EVENT_SIZE 0xFFFF // MAX_USHORT + +#define ETW_KERNEL_RUNDOWN_START 0x00000001 +#define ETW_KERNEL_RUNDOWN_STOP 0x00000002 +#define ETW_CKCL_RUNDOWN_START 0x00000004 +#define ETW_CKCL_RUNDOWN_STOP 0x00000008 +#define ETW_FILENAME_RUNDOWN 0x00000010 + +// +// Constants for UMGL (User Mode Global Logging). +// +// N.B. There is enough space reserved in UserSharedData +// to support up to 16 providers, but to avoid needless +// scanning MAX_PROVIDERS constant is currently set to 8. +// +// N.B. Heap and CritSec providers can be controlled with IFEO +// making the indexes fixed. +#define ETW_UMGL_INDEX_HEAP 0 +#define ETW_UMGL_INDEX_CRITSEC 1 +#define ETW_UMGL_INDEX_LDR 2 +#define ETW_UMGL_INDEX_THREAD_POOL 3 +#define ETW_UMGL_INDEX_HEAPRANGE 4 +#define ETW_UMGL_INDEX_HEAPSUMMARY 5 +#define ETW_UMGL_INDEX_UMS 6 +#define ETW_UMGL_INDEX_WNF 7 +#define ETW_UMGL_INDEX_THREAD 8 +#define ETW_UMGL_INDEX_SPARE2 9 +#define ETW_UMGL_INDEX_SPARE3 10 +#define ETW_UMGL_INDEX_SPARE4 11 +#define ETW_UMGL_INDEX_SPARE5 12 +#define ETW_UMGL_INDEX_SPARE6 13 +#define ETW_UMGL_INDEX_SPARE7 14 +#define ETW_UMGL_INDEX_SPARE8 15 + +#define ETW_UMGL_MAX_PROVIDERS 9 + +typedef struct _ETW_UMGL_KEY +{ + UCHAR LoggerId; + UCHAR Flags; +} ETW_UMGL_KEY, *PETW_UMGL_KEY; + +#define UMGL_LOGGER_ID(Index) (((PETW_UMGL_KEY)(&USER_SHARED_DATA->UserModeGlobalLogger[Index]))->LoggerId) +#define UMGL_LOGGER_FLAGS(Index) (((PETW_UMGL_KEY)(&USER_SHARED_DATA->UserModeGlobalLogger[Index]))->Flags) +#define IS_UMGL_LOGGING_ENABLED(Index) (UMGL_LOGGER_ID(Index) != 0) +#define IS_UMGL_FLAG_ENABLED(Index, Flag) ((UMGL_LOGGER_FLAGS(Index) & Flag) != 0) + +#define IS_HEAP_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_HEAP) && (NtCurrentPeb()->HeapTracingEnabled != FALSE)) +#define IS_HEAP_RANGE_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_HEAPRANGE)) +#define HEAP_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_HEAP)) + +#define IS_CRITSEC_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_CRITSEC) && (NtCurrentPeb()->CritSecTracingEnabled != FALSE)) +#define CRITSEC_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_CRITSEC)) +#define IS_LOADER_LOGGING_ENABLED_FLAG(Flag) (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_LDR) && ((UMGL_LOGGER_FLAGS(ETW_UMGL_INDEX_LDR) & Flag) != 0) ) +#define IS_PER_PROCESS_LOADER_LOGGING_ENABLED_FLAG(Flag) (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_LDR) && (NtCurrentPeb()->LibLoaderTracingEnabled != FALSE) && ((UMGL_LOGGER_FLAGS(ETW_UMGL_INDEX_LDR) & Flag) != 0) ) +#define IS_GLOBAL_LOADER_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_LDR)) +#define LOADER_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_LDR)) +#define HEAPRANGE_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_HEAPRANGE)) +#define IS_THREAD_POOL_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_THREAD_POOL)) +#define THREAD_POOL_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_THREAD_POOL)) +#define IS_UMS_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_UMS)) +#define UMS_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_UMS)) +#define HEAPSUMMARY_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_HEAPSUMMARY)) +#define IS_HEAPSUMMARY_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_HEAPSUMMARY)) +#define WNF_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_WNF)) +#define IS_WNF_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_WNF)) +#define UMGL_THREAD_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_THREAD)) +#define IS_UMGL_THREAD_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_THREAD)) + +// +// Flags used by user mode loader logging to UMGL. +// +#define ETW_UMGL_LDR_MUI_VERBOSE_FLAG 0x0001 +#define ETW_UMGL_LDR_MUI_TEST_FLAG 0x0002 +#define ETW_UMGL_LDR_RELOCATION_FLAG 0x0004 +#define ETW_UMGL_LDR_NEW_DLL_FLAG 0x0010 +#define ETW_UMGL_LDR_TEST_FLAG 0x0020 +#define ETW_UMGL_LDR_SECURITY_FLAG 0x0040 + +// +// Constants for heap log +// +#define MEMORY_FROM_LOOKASIDE 1 //Activity from LookAside +#define MEMORY_FROM_LOWFRAG 2 //Activity from Low Frag Heap +#define MEMORY_FROM_MAINPATH 3 //Activity from Main Code Path +#define MEMORY_FROM_SLOWPATH 4 //Activity from Slow C +#define MEMORY_FROM_INVALID 5 +#define MEMORY_FROM_SEGMENT_HEAP 6 //Activity from segment heap. + +// +// Header preparation macro for UMGL +// +#define TRACE_HEADER_TYPE_SYSTEM32 1 +#define TRACE_HEADER_TYPE_SYSTEM64 2 +#define TRACE_HEADER_TYPE_COMPACT32 3 +#define TRACE_HEADER_TYPE_COMPACT64 4 +#define TRACE_HEADER_TYPE_FULL_HEADER32 10 +#define TRACE_HEADER_TYPE_INSTANCE32 11 +#define TRACE_HEADER_TYPE_TIMED 12 // Not used +#define TRACE_HEADER_TYPE_ERROR 13 // Error while logging event +#define TRACE_HEADER_TYPE_WNODE_HEADER 14 // Not used +#define TRACE_HEADER_TYPE_MESSAGE 15 +#define TRACE_HEADER_TYPE_PERFINFO32 16 +#define TRACE_HEADER_TYPE_PERFINFO64 17 +#define TRACE_HEADER_TYPE_EVENT_HEADER32 18 +#define TRACE_HEADER_TYPE_EVENT_HEADER64 19 +#define TRACE_HEADER_TYPE_FULL_HEADER64 20 +#define TRACE_HEADER_TYPE_INSTANCE64 21 + +#define EVENT_HEADER_SIZE_MASK 0x0000FFFF + +#define SYSTEM_TRACE_VERSION 2 + +#define TRACE_HEADER_FLAG 0x80000000 + +#define EVENT_HEADER_EVENT64 ((USHORT)(((TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE) >> 16) | TRACE_HEADER_TYPE_EVENT_HEADER64)) +#define EVENT_HEADER_EVENT32 ((USHORT)(((TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE) >> 16) | TRACE_HEADER_TYPE_EVENT_HEADER32)) +#define EVENT_HEADER_ERROR ((USHORT)(((TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE) >> 16) | TRACE_HEADER_TYPE_ERROR)) +#define TRACE_HEADER_FULL32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_FULL_HEADER32 << 16)) +#define TRACE_HEADER_FULL64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_FULL_HEADER64 << 16)) +#define TRACE_HEADER_INSTANCE32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_INSTANCE32 << 16)) +#define TRACE_HEADER_INSTANCE64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_INSTANCE64 << 16)) + +#ifdef _WIN64 +#define EVENT_HEADER_EVENT EVENT_HEADER_EVENT64 +#define TRACE_HEADER_FULL TRACE_HEADER_FULL64 +#define TRACE_HEADER_INSTANCE TRACE_HEADER_INSTANCE64 +#else +#define EVENT_HEADER_EVENT EVENT_HEADER_EVENT32 +#define TRACE_HEADER_FULL TRACE_HEADER_FULL32 +#define TRACE_HEADER_INSTANCE TRACE_HEADER_INSTANCE32 +#endif + +#define PREPARE_ETW_TRACE_HEADER_GUID(Header, EventStruct, EventType, EventGuid, LoggerId) \ + (Header)->Size = sizeof(EventStruct); \ + (Header)->Class.Type = (EventType); \ + RtlCopyMemory(&((Header)->Guid), (EventGuid), sizeof(*(EventGuid))); \ + +// Used with OpenTrace(), prevents conversion of TimeStamps to UTC +#define EVENT_TRACE_USE_RAWTIMESTAMP 0x00000002 +// Used with OpenTrace(), retrieves event from file as is. +#define EVENT_TRACE_GET_RAWEVENT 0x00000100 +// Used with OpenTrace() to ReadBehind a live logger session +#define EVENT_TRACE_READ_BEHIND 0x00000200 +// Used in EventCallbacks to indicate that the InstanceId field is a sequence number. +#define EVENT_TRACE_USE_SEQUENCE 0x0004 +// Kernel Event Version is used to indicate if any kernel event has changed. +#define ETW_KERNEL_EVENT_VERSION 60 + +typedef struct _ETW_KERNEL_HEADER_EXTENSION +{ + PERFINFO_GROUPMASK GroupMasks; + ULONG Version; +} ETW_KERNEL_HEADER_EXTENSION, *PETW_KERNEL_HEADER_EXTENSION; + +#define ETW_SET_MARK_WITH_FLUSH 0x00000001 + +typedef struct _ETW_SET_MARK_INFORMATION +{ + ULONG Flag; + WCHAR Mark[1]; +} ETW_SET_MARK_INFORMATION, *PETW_SET_MARK_INFORMATION; + +// +// Data Block structure for ETW notification +// +typedef enum _ETW_NOTIFICATION_TYPE +{ + EtwNotificationTypeNoReply = 1, // No data block reply + EtwNotificationTypeLegacyEnable, // Enable notification for RegisterTraceGuids + EtwNotificationTypeEnable, // Enable notification for EventRegister + EtwNotificationTypePrivateLogger, // Private logger notification for ETW + EtwNotificationTypePerflib, // PERFLIB V2 counter data request/delivery block + EtwNotificationTypeAudio, // Private notification for audio policy + EtwNotificationTypeSession, // Session related ETW notifications + EtwNotificationTypeReserved, // For internal use (test) + EtwNotificationTypeCredentialUI, // Private notification for media center elevation detection + EtwNotificationTypeInProcSession, // Private in-proc session related ETW notifications + EtwNotificationTypeMax +} ETW_NOTIFICATION_TYPE; + +#define ETW_MAX_DATA_BLOCK_BUFFER_SIZE (65536) + +typedef struct _ETW_NOTIFICATION_HEADER +{ + ETW_NOTIFICATION_TYPE NotificationType; // Notification type + ULONG NotificationSize; // Notification size in bytes + ULONG Offset; // Offset to the next notification + BOOLEAN ReplyRequested; // Reply Requested + ULONG Timeout; // Timeout in milliseconds when requesting reply + union + { + ULONG ReplyCount; // Out to sender: the number of notifications sent + ULONG NotifyeeCount; // Out to notifyee: the order during notification + }; + ULONGLONG Reserved2; + ULONG TargetPID; + ULONG SourcePID; + GUID DestinationGuid; // Desctination GUID + GUID SourceGuid; // Source GUID +} ETW_NOTIFICATION_HEADER, *PETW_NOTIFICATION_HEADER; + +typedef ULONG (NTAPI *PETW_NOTIFICATION_CALLBACK)( + _In_ PETW_NOTIFICATION_HEADER NotificationHeader, + _In_ PVOID Context + ); + +typedef enum _ETW_SESSION_NOTIFICATION_TYPE +{ + EtwSessionNotificationMediaChanged = 1, + EtwSessionNotificationSessionTerminated, + EtwSessionNotificationLogfileError, + EtwSessionNotificationRealtimeError, + EtwSessionNotificationSessionStarted, + EtwSessionNotificationMax +} ETW_SESSION_NOTIFICATION_TYPE; + +typedef struct _ETW_SESSION_NOTIFICATION_PACKET +{ + ETW_NOTIFICATION_HEADER NotificationHeader; + ETW_SESSION_NOTIFICATION_TYPE Type; + NTSTATUS Status; + TRACEHANDLE TraceHandle; + ULONG Reserved[2]; +} ETW_SESSION_NOTIFICATION_PACKET, *PETW_SESSION_NOTIFICATION_PACKET; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +#ifndef EVENT_DESCRIPTOR_DEF +#define EVENT_DESCRIPTOR_DEF +typedef struct _EVENT_DESCRIPTOR +{ + USHORT Id; + UCHAR Version; + UCHAR Channel; + UCHAR Level; + UCHAR Opcode; + USHORT Task; + ULONGLONG Keyword; +} EVENT_DESCRIPTOR, *PEVENT_DESCRIPTOR; +typedef const EVENT_DESCRIPTOR* PCEVENT_DESCRIPTOR; +#endif + +NTSYSAPI +ULONG +NTAPI +EtwSetMark( + _In_opt_ TRACEHANDLE TraceHandle, + _In_ PETW_SET_MARK_INFORMATION MarkInfo, + _In_ ULONG Size + ); + +typedef struct _EVENT_DATA_DESCRIPTOR EVENT_DATA_DESCRIPTOR, *PEVENT_DATA_DESCRIPTOR; + +NTSYSAPI +ULONG +NTAPI +EtwEventWriteFull( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ USHORT EventProperty, + _In_opt_ LPCGUID ActivityId, + _In_opt_ LPCGUID RelatedActivityId, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +//NTSYSAPI +//ULONG +//NTAPI +//EtwEventRegister( +// _In_ LPCGUID ProviderId, +// _In_opt_ PENABLECALLBACK EnableCallback, +// _In_opt_ PVOID CallbackContext, +// _Out_ PREGHANDLE RegHandle +// ); + +NTSYSAPI +ULONG +NTAPI +EtwEventUnregister( + _In_ REGHANDLE RegHandle + ); + +typedef enum _EVENT_INFO_CLASS EVENT_INFO_CLASS; + +NTSYSAPI +ULONG +NTAPI +EtwEventSetInformation( + _In_ REGHANDLE RegHandle, + _In_ EVENT_INFO_CLASS InformationClass, + _In_reads_bytes_(InformationLength) PVOID EventInformation, + _In_ ULONG InformationLength + ); + +NTSYSAPI +ULONG +NTAPI +EtwRegisterSecurityProvider( + VOID + ); + +NTSYSAPI +BOOLEAN +NTAPI +EtwEventProviderEnabled( + _In_ REGHANDLE RegHandle, + _In_ UCHAR Level, + _In_ ULONGLONG Keyword + ); + +NTSYSAPI +BOOLEAN +NTAPI +EtwEventEnabled( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor + ); + +NTSYSAPI +ULONG +NTAPI +EtwEventWrite( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +NTSYSAPI +ULONG +NTAPI +EtwEventWriteTransfer( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_opt_ LPCGUID ActivityId, + _In_opt_ LPCGUID RelatedActivityId, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +NTSYSAPI +ULONG +NTAPI +EtwEventWriteString( + _In_ REGHANDLE RegHandle, + _In_ UCHAR Level, + _In_ ULONGLONG Keyword, + _In_ PCWSTR String + ); + +ULONG +NTAPI +EtwEventWriteEx( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ ULONG64 Filter, + _In_ ULONG Flags, + _In_opt_ LPCGUID ActivityId, + _In_opt_ LPCGUID RelatedActivityId, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +NTSYSAPI +ULONG +NTAPI +EtwEventWriteStartScenario( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +NTSYSAPI +ULONG +NTAPI +EtwEventWriteEndScenario( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +NTSYSAPI +ULONG +NTAPI +EtwWriteUMSecurityEvent( + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ USHORT EventProperty, + _In_ ULONG UserDataCount, + _In_opt_ PEVENT_DATA_DESCRIPTOR UserData + ); + +ULONG +NTAPI +EtwEventWriteNoRegistration( + _In_ LPCGUID ProviderId, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +NTSYSAPI +ULONG +NTAPI +EtwEventActivityIdControl( + _In_ ULONG ControlCode, + _Inout_ LPGUID ActivityId + ); + +NTSYSAPI +ULONG +NTAPI +EtwNotificationRegister( + _In_ LPCGUID Guid, + _In_ ULONG Type, + _In_ PETW_NOTIFICATION_CALLBACK Callback, + _In_opt_ PVOID Context, + _Out_ PREGHANDLE RegHandle + ); + +NTSYSAPI +ULONG +NTAPI +EtwNotificationUnregister ( + _In_ REGHANDLE RegHandle, + _Out_opt_ PVOID * Context + ); + +NTSYSAPI +ULONG +NTAPI +EtwSendNotification( + _In_ PETW_NOTIFICATION_HEADER DataBlock, + _In_ ULONG ReceiveDataBlockSize, + _Inout_ PVOID ReceiveDataBlock, + _Out_ PULONG ReplyReceived, + _Out_ PULONG ReplySizeNeeded + ); + +NTSYSAPI +ULONG +NTAPI +EtwReplyNotification( + _In_ PETW_NOTIFICATION_HEADER Notification + ); + +NTSYSAPI +ULONG +NTAPI +EtwEnumerateProcessRegGuids( + _Out_writes_bytes_opt_(OutBufferSize) PVOID OutBuffer, + _In_ ULONG OutBufferSize, + _Out_ PULONG ReturnLength + ); + +NTSYSAPI +ULONG +NTAPI +EtwQueryRealtimeConsumer( + _In_ TRACEHANDLE TraceHandle, + _Out_ PULONG EventsLostCount, + _Out_ PULONG BuffersLostCount + ); + +// private +typedef struct _TELEMETRY_COVERAGE_POINT +{ + PWSTR Name; + ULONG Hash; + ULONG LastCoveredRound; + ULONG Flags; +} TELEMETRY_COVERAGE_POINT, *PTELEMETRY_COVERAGE_POINT; + +// rev +#if (PHNT_VERSION >= PHNT_REDSTONE3) +NTSYSAPI +BOOLEAN +NTAPI +EtwCheckCoverage( + _Inout_ PTELEMETRY_COVERAGE_POINT CoveragePoint + ); +#endif + +#endif + +#endif diff --git a/deps/phnt-nightly/ntmmapi.h b/deps/phnt-nightly/ntmmapi.h new file mode 100644 index 0000000..282b576 --- /dev/null +++ b/deps/phnt-nightly/ntmmapi.h @@ -0,0 +1,1215 @@ +/* + * Memory Manager Support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTMMAPI_H +#define _NTMMAPI_H + +// Protection constants + +#define PAGE_NOACCESS 0x01 +#define PAGE_READONLY 0x02 +#define PAGE_READWRITE 0x04 +#define PAGE_WRITECOPY 0x08 +#define PAGE_EXECUTE 0x10 +#define PAGE_EXECUTE_READ 0x20 +#define PAGE_EXECUTE_READWRITE 0x40 +#define PAGE_EXECUTE_WRITECOPY 0x80 +#define PAGE_GUARD 0x100 +#define PAGE_NOCACHE 0x200 +#define PAGE_WRITECOMBINE 0x400 + +#define PAGE_REVERT_TO_FILE_MAP 0x80000000 +#define PAGE_ENCLAVE_THREAD_CONTROL 0x80000000 +#define PAGE_TARGETS_NO_UPDATE 0x40000000 +#define PAGE_TARGETS_INVALID 0x40000000 +#define PAGE_ENCLAVE_UNVALIDATED 0x20000000 +#define PAGE_ENCLAVE_NO_CHANGE 0x20000000 +#define PAGE_ENCLAVE_MASK 0x10000000 +#define PAGE_ENCLAVE_DECOMMIT (PAGE_ENCLAVE_MASK | 0) +#define PAGE_ENCLAVE_SS_FIRST (PAGE_ENCLAVE_MASK | 1) +#define PAGE_ENCLAVE_SS_REST (PAGE_ENCLAVE_MASK | 2) + +// Region and section constants + +#define MEM_COMMIT 0x00001000 +#define MEM_RESERVE 0x00002000 +#define MEM_DECOMMIT 0x00004000 +#define MEM_RELEASE 0x00008000 +#define MEM_FREE 0x00010000 +#define MEM_PRIVATE 0x00020000 +#define MEM_MAPPED 0x00040000 +#define MEM_RESET 0x00080000 +#define MEM_TOP_DOWN 0x00100000 +#define MEM_WRITE_WATCH 0x00200000 +#define MEM_PHYSICAL 0x00400000 +#define MEM_ROTATE 0x00800000 +#define MEM_DIFFERENT_IMAGE_BASE_OK 0x00800000 +#define MEM_RESET_UNDO 0x01000000 +#define MEM_LARGE_PAGES 0x20000000 +#define MEM_DOS_LIM 0x40000000 +#define MEM_4MB_PAGES 0x80000000 +#define MEM_64K_PAGES (MEM_LARGE_PAGES | MEM_PHYSICAL) + +#define MEM_UNMAP_WITH_TRANSIENT_BOOST 0x00000001 +#define MEM_COALESCE_PLACEHOLDERS 0x00000001 +#define MEM_PRESERVE_PLACEHOLDER 0x00000002 +#define MEM_REPLACE_PLACEHOLDER 0x00004000 +#define MEM_RESERVE_PLACEHOLDER 0x00040000 + +#define SEC_HUGE_PAGES 0x00020000 +#define SEC_PARTITION_OWNER_HANDLE 0x00040000 +#define SEC_64K_PAGES 0x00080000 +#define SEC_BASED 0x00200000 +#define SEC_NO_CHANGE 0x00400000 +#define SEC_FILE 0x00800000 +#define SEC_IMAGE 0x01000000 +#define SEC_PROTECTED_IMAGE 0x02000000 +#define SEC_RESERVE 0x04000000 +#define SEC_COMMIT 0x08000000 +#define SEC_NOCACHE 0x10000000 +#define SEC_GLOBAL 0x20000000 +#define SEC_WRITECOMBINE 0x40000000 +#define SEC_LARGE_PAGES 0x80000000 +#define SEC_IMAGE_NO_EXECUTE (SEC_IMAGE | SEC_NOCACHE) +#if (PHNT_MODE == PHNT_MODE_KERNEL) +#define MEM_IMAGE SEC_IMAGE +#endif + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +typedef enum _MEMORY_INFORMATION_CLASS +{ + MemoryBasicInformation, // q: MEMORY_BASIC_INFORMATION + MemoryWorkingSetInformation, // q: MEMORY_WORKING_SET_INFORMATION + MemoryMappedFilenameInformation, // q: UNICODE_STRING + MemoryRegionInformation, // q: MEMORY_REGION_INFORMATION + MemoryWorkingSetExInformation, // q: MEMORY_WORKING_SET_EX_INFORMATION // since VISTA + MemorySharedCommitInformation, // q: MEMORY_SHARED_COMMIT_INFORMATION // since WIN8 + MemoryImageInformation, // q: MEMORY_IMAGE_INFORMATION + MemoryRegionInformationEx, // MEMORY_REGION_INFORMATION + MemoryPrivilegedBasicInformation, // MEMORY_BASIC_INFORMATION + MemoryEnclaveImageInformation, // MEMORY_ENCLAVE_IMAGE_INFORMATION // since REDSTONE3 + MemoryBasicInformationCapped, // 10 + MemoryPhysicalContiguityInformation, // MEMORY_PHYSICAL_CONTIGUITY_INFORMATION // since 20H1 + MemoryBadInformation, // since WIN11 + MemoryBadInformationAllProcesses, // since 22H1 + MaxMemoryInfoClass +} MEMORY_INFORMATION_CLASS; +#else +#define MemoryBasicInformation 0x0 +#define MemoryWorkingSetInformation 0x1 +#define MemoryMappedFilenameInformation 0x2 +#define MemoryRegionInformation 0x3 +#define MemoryWorkingSetExInformation 0x4 +#define MemorySharedCommitInformation 0x5 +#define MemoryImageInformation 0x6 +#define MemoryRegionInformationEx 0x7 +#define MemoryPrivilegedBasicInformation 0x8 +#define MemoryEnclaveImageInformation 0x9 +#define MemoryBasicInformationCapped 0xA +#define MemoryPhysicalContiguityInformation 0xB +#define MemoryBadInformation 0xC +#define MemoryBadInformationAllProcesses 0xD +#endif + +typedef struct _MEMORY_WORKING_SET_BLOCK +{ + ULONG_PTR Protection : 5; + ULONG_PTR ShareCount : 3; + ULONG_PTR Shared : 1; + ULONG_PTR Node : 3; +#ifdef _WIN64 + ULONG_PTR VirtualPage : 52; +#else + ULONG VirtualPage : 20; +#endif +} MEMORY_WORKING_SET_BLOCK, *PMEMORY_WORKING_SET_BLOCK; + +typedef struct _MEMORY_WORKING_SET_INFORMATION +{ + ULONG_PTR NumberOfEntries; + _Field_size_(NumberOfEntries) MEMORY_WORKING_SET_BLOCK WorkingSetInfo[1]; +} MEMORY_WORKING_SET_INFORMATION, *PMEMORY_WORKING_SET_INFORMATION; + +// private +typedef struct _MEMORY_REGION_INFORMATION +{ + PVOID AllocationBase; + ULONG AllocationProtect; + union + { + ULONG RegionType; + struct + { + ULONG Private : 1; + ULONG MappedDataFile : 1; + ULONG MappedImage : 1; + ULONG MappedPageFile : 1; + ULONG MappedPhysical : 1; + ULONG DirectMapped : 1; + ULONG SoftwareEnclave : 1; // REDSTONE3 + ULONG PageSize64K : 1; + ULONG PlaceholderReservation : 1; // REDSTONE4 + ULONG MappedAwe : 1; // 21H1 + ULONG MappedWriteWatch : 1; + ULONG PageSizeLarge : 1; + ULONG PageSizeHuge : 1; + ULONG Reserved : 19; + }; + }; + SIZE_T RegionSize; + SIZE_T CommitSize; + ULONG_PTR PartitionId; // 19H1 + ULONG_PTR NodePreference; // 20H1 +} MEMORY_REGION_INFORMATION, *PMEMORY_REGION_INFORMATION; + +// private +typedef enum _MEMORY_WORKING_SET_EX_LOCATION +{ + MemoryLocationInvalid, + MemoryLocationResident, + MemoryLocationPagefile, + MemoryLocationReserved +} MEMORY_WORKING_SET_EX_LOCATION; + +// private +typedef struct _MEMORY_WORKING_SET_EX_BLOCK +{ + union + { + struct + { + ULONG_PTR Valid : 1; + ULONG_PTR ShareCount : 3; + ULONG_PTR Win32Protection : 11; + ULONG_PTR Shared : 1; + ULONG_PTR Node : 6; + ULONG_PTR Locked : 1; + ULONG_PTR LargePage : 1; + ULONG_PTR Priority : 3; + ULONG_PTR Reserved : 3; + ULONG_PTR SharedOriginal : 1; + ULONG_PTR Bad : 1; + ULONG_PTR Win32GraphicsProtection : 4; // 19H1 +#ifdef _WIN64 + ULONG_PTR ReservedUlong : 28; +#endif + }; + struct + { + ULONG_PTR Valid : 1; + ULONG_PTR Reserved0 : 14; + ULONG_PTR Shared : 1; + ULONG_PTR Reserved1 : 5; + ULONG_PTR PageTable : 1; + ULONG_PTR Location : 2; + ULONG_PTR Priority : 3; + ULONG_PTR ModifiedList : 1; + ULONG_PTR Reserved2 : 2; + ULONG_PTR SharedOriginal : 1; + ULONG_PTR Bad : 1; +#ifdef _WIN64 + ULONG_PTR ReservedUlong : 32; +#endif + } Invalid; + }; +} MEMORY_WORKING_SET_EX_BLOCK, *PMEMORY_WORKING_SET_EX_BLOCK; + +// private +typedef struct _MEMORY_WORKING_SET_EX_INFORMATION +{ + PVOID VirtualAddress; + union + { + MEMORY_WORKING_SET_EX_BLOCK VirtualAttributes; + ULONG_PTR Long; + } u1; +} MEMORY_WORKING_SET_EX_INFORMATION, *PMEMORY_WORKING_SET_EX_INFORMATION; + +// private +typedef struct _MEMORY_SHARED_COMMIT_INFORMATION +{ + SIZE_T CommitSize; +} MEMORY_SHARED_COMMIT_INFORMATION, *PMEMORY_SHARED_COMMIT_INFORMATION; + +// private +typedef struct _MEMORY_IMAGE_INFORMATION +{ + PVOID ImageBase; + SIZE_T SizeOfImage; + union + { + ULONG ImageFlags; + struct + { + ULONG ImagePartialMap : 1; + ULONG ImageNotExecutable : 1; + ULONG ImageSigningLevel : 4; // REDSTONE3 + ULONG Reserved : 26; + }; + }; +} MEMORY_IMAGE_INFORMATION, *PMEMORY_IMAGE_INFORMATION; + +// private +typedef struct _MEMORY_ENCLAVE_IMAGE_INFORMATION +{ + MEMORY_IMAGE_INFORMATION ImageInfo; + UCHAR UniqueID[32]; + UCHAR AuthorID[32]; +} MEMORY_ENCLAVE_IMAGE_INFORMATION, *PMEMORY_ENCLAVE_IMAGE_INFORMATION; + +// private +typedef enum _MEMORY_PHYSICAL_CONTIGUITY_UNIT_STATE +{ + MemoryNotContiguous, + MemoryAlignedAndContiguous, + MemoryNotResident, + MemoryNotEligibleToMakeContiguous, + MemoryContiguityStateMax, +} MEMORY_PHYSICAL_CONTIGUITY_UNIT_STATE; + +// private +typedef struct _MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION +{ + union + { + struct + { + ULONG State : 2; + ULONG Reserved : 30; + }; + ULONG AllInformation; + }; +} MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION, *PMEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION; + +// private +typedef struct _MEMORY_PHYSICAL_CONTIGUITY_INFORMATION +{ + PVOID VirtualAddress; + ULONG_PTR Size; + ULONG_PTR ContiguityUnitSize; + ULONG Flags; + PMEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION ContiguityUnitInformation; +} MEMORY_PHYSICAL_CONTIGUITY_INFORMATION, *PMEMORY_PHYSICAL_CONTIGUITY_INFORMATION; + +#define MMPFNLIST_ZERO 0 +#define MMPFNLIST_FREE 1 +#define MMPFNLIST_STANDBY 2 +#define MMPFNLIST_MODIFIED 3 +#define MMPFNLIST_MODIFIEDNOWRITE 4 +#define MMPFNLIST_BAD 5 +#define MMPFNLIST_ACTIVE 6 +#define MMPFNLIST_TRANSITION 7 + +//typedef enum _MMLISTS +//{ +// ZeroedPageList = 0, +// FreePageList = 1, +// StandbyPageList = 2, +// ModifiedPageList = 3, +// ModifiedNoWritePageList = 4, +// BadPageList = 5, +// ActiveAndValid = 6, +// TransitionPage = 7 +//} MMLISTS; + +#define MMPFNUSE_PROCESSPRIVATE 0 +#define MMPFNUSE_FILE 1 +#define MMPFNUSE_PAGEFILEMAPPED 2 +#define MMPFNUSE_PAGETABLE 3 +#define MMPFNUSE_PAGEDPOOL 4 +#define MMPFNUSE_NONPAGEDPOOL 5 +#define MMPFNUSE_SYSTEMPTE 6 +#define MMPFNUSE_SESSIONPRIVATE 7 +#define MMPFNUSE_METAFILE 8 +#define MMPFNUSE_AWEPAGE 9 +#define MMPFNUSE_DRIVERLOCKPAGE 10 +#define MMPFNUSE_KERNELSTACK 11 + +//typedef enum _MMPFNUSE +//{ +// ProcessPrivatePage, +// MemoryMappedFilePage, +// PageFileMappedPage, +// PageTablePage, +// PagedPoolPage, +// NonPagedPoolPage, +// SystemPTEPage, +// SessionPrivatePage, +// MetafilePage, +// AWEPage, +// DriverLockedPage, +// KernelStackPage +//} MMPFNUSE; + +// private +typedef struct _MEMORY_FRAME_INFORMATION +{ + ULONGLONG UseDescription : 4; // MMPFNUSE_* + ULONGLONG ListDescription : 3; // MMPFNLIST_* + ULONGLONG Cold : 1; // 19H1 + ULONGLONG Pinned : 1; // 1 - pinned, 0 - not pinned + ULONGLONG DontUse : 48; // *_INFORMATION overlay + ULONGLONG Priority : 3; + ULONGLONG NonTradeable : 1; + ULONGLONG Reserved : 3; +} MEMORY_FRAME_INFORMATION; + +// private +typedef struct _FILEOFFSET_INFORMATION +{ + ULONGLONG DontUse : 9; // MEMORY_FRAME_INFORMATION overlay + ULONGLONG Offset : 48; // mapped files + ULONGLONG Reserved : 7; +} FILEOFFSET_INFORMATION; + +// private +typedef struct _PAGEDIR_INFORMATION +{ + ULONGLONG DontUse : 9; // MEMORY_FRAME_INFORMATION overlay + ULONGLONG PageDirectoryBase : 48; // private pages + ULONGLONG Reserved : 7; +} PAGEDIR_INFORMATION; + +// private +typedef struct _UNIQUE_PROCESS_INFORMATION +{ + ULONGLONG DontUse : 9; // MEMORY_FRAME_INFORMATION overlay + ULONGLONG UniqueProcessKey : 48; // ProcessId + ULONGLONG Reserved : 7; +} UNIQUE_PROCESS_INFORMATION, *PUNIQUE_PROCESS_INFORMATION; + +// private +typedef struct _MMPFN_IDENTITY +{ + union + { + MEMORY_FRAME_INFORMATION e1; // all + FILEOFFSET_INFORMATION e2; // mapped files + PAGEDIR_INFORMATION e3; // private pages + UNIQUE_PROCESS_INFORMATION e4; // owning process + } u1; + ULONG_PTR PageFrameIndex; // all + union + { + struct + { + ULONG_PTR Image : 1; + ULONG_PTR Mismatch : 1; + } e1; + struct + { + ULONG_PTR CombinedPage; + } e2; + ULONG_PTR FileObject; // mapped files + ULONG_PTR UniqueFileObjectKey; + ULONG_PTR ProtoPteAddress; + ULONG_PTR VirtualAddress; // everything else + } u2; +} MMPFN_IDENTITY, *PMMPFN_IDENTITY; + +typedef struct _MMPFN_MEMSNAP_INFORMATION +{ + ULONG_PTR InitialPageFrameIndex; + ULONG_PTR Count; +} MMPFN_MEMSNAP_INFORMATION, *PMMPFN_MEMSNAP_INFORMATION; + +typedef enum _SECTION_INFORMATION_CLASS +{ + SectionBasicInformation, // q; SECTION_BASIC_INFORMATION + SectionImageInformation, // q; SECTION_IMAGE_INFORMATION + SectionRelocationInformation, // q; ULONG_PTR RelocationDelta // name:wow64:whNtQuerySection_SectionRelocationInformation // since WIN7 + SectionOriginalBaseInformation, // q; PVOID BaseAddress // since REDSTONE + SectionInternalImageInformation, // SECTION_INTERNAL_IMAGE_INFORMATION // since REDSTONE2 + MaxSectionInfoClass +} SECTION_INFORMATION_CLASS; + +typedef struct _SECTION_BASIC_INFORMATION +{ + PVOID BaseAddress; + ULONG AllocationAttributes; + LARGE_INTEGER MaximumSize; +} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION; + +// symbols +typedef struct _SECTION_IMAGE_INFORMATION +{ + PVOID TransferAddress; + ULONG ZeroBits; + SIZE_T MaximumStackSize; + SIZE_T CommittedStackSize; + ULONG SubSystemType; + union + { + struct + { + USHORT SubSystemMinorVersion; + USHORT SubSystemMajorVersion; + }; + ULONG SubSystemVersion; + }; + union + { + struct + { + USHORT MajorOperatingSystemVersion; + USHORT MinorOperatingSystemVersion; + }; + ULONG OperatingSystemVersion; + }; + USHORT ImageCharacteristics; + USHORT DllCharacteristics; + USHORT Machine; + BOOLEAN ImageContainsCode; + union + { + UCHAR ImageFlags; + struct + { + UCHAR ComPlusNativeReady : 1; + UCHAR ComPlusILOnly : 1; + UCHAR ImageDynamicallyRelocated : 1; + UCHAR ImageMappedFlat : 1; + UCHAR BaseBelow4gb : 1; + UCHAR ComPlusPrefer32bit : 1; + UCHAR Reserved : 2; + }; + }; + ULONG LoaderFlags; + ULONG ImageFileSize; + ULONG CheckSum; +} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION; + +// symbols +typedef struct _SECTION_INTERNAL_IMAGE_INFORMATION +{ + SECTION_IMAGE_INFORMATION SectionInformation; + union + { + ULONG ExtendedFlags; + struct + { + ULONG ImageExportSuppressionEnabled : 1; + ULONG ImageCetShadowStacksReady : 1; // 20H1 + ULONG ImageXfgEnabled : 1; // 20H2 + ULONG ImageCetShadowStacksStrictMode : 1; + ULONG ImageCetSetContextIpValidationRelaxedMode : 1; + ULONG ImageCetDynamicApisAllowInProc : 1; + ULONG ImageCetDowngradeReserved1 : 1; + ULONG ImageCetDowngradeReserved2 : 1; + ULONG Reserved : 24; + }; + }; +} SECTION_INTERNAL_IMAGE_INFORMATION, *PSECTION_INTERNAL_IMAGE_INFORMATION; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +typedef enum _SECTION_INHERIT +{ + ViewShare = 1, + ViewUnmap = 2 +} SECTION_INHERIT; +#endif + +#define MEM_EXECUTE_OPTION_ENABLE 0x1 +#define MEM_EXECUTE_OPTION_DISABLE 0x2 +#define MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION 0x4 +#define MEM_EXECUTE_OPTION_PERMANENT 0x8 +#define MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE 0x10 +#define MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE 0x20 +#define MEM_EXECUTE_OPTION_DISABLE_EXCEPTION_CHAIN_VALIDATION 0x40 +#define MEM_EXECUTE_OPTION_VALID_FLAGS 0x7f + +// Virtual memory + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +_Must_inspect_result_ +_When_(return == 0, __drv_allocatesMem(mem)) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAllocateVirtualMemory( + _In_ HANDLE ProcessHandle, + _Inout_ _At_(*BaseAddress, _Readable_bytes_(*RegionSize) _Writable_bytes_(*RegionSize) _Post_readable_byte_size_(*RegionSize)) PVOID *BaseAddress, + _In_ ULONG_PTR ZeroBits, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG AllocationType, + _In_ ULONG Protect + ); + +#if (PHNT_VERSION >= PHNT_REDSTONE5) + +_Must_inspect_result_ +_When_(return == 0, __drv_allocatesMem(mem)) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAllocateVirtualMemoryEx( + _In_ HANDLE ProcessHandle, + _Inout_ _At_(*BaseAddress, _Readable_bytes_(*RegionSize) _Writable_bytes_(*RegionSize) _Post_readable_byte_size_(*RegionSize)) PVOID *BaseAddress, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG AllocationType, + _In_ ULONG PageProtection, + _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters, + _In_ ULONG ExtendedParameterCount + ); + +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFreeVirtualMemory( + _In_ HANDLE ProcessHandle, + _Inout_ PVOID *BaseAddress, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG FreeType + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReadVirtualMemory( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _Out_writes_bytes_(BufferSize) PVOID Buffer, + _In_ SIZE_T BufferSize, + _Out_opt_ PSIZE_T NumberOfBytesRead + ); + +#if (PHNT_VERSION >= PHNT_WIN11) +// rev +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReadVirtualMemoryEx( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _Out_writes_bytes_(BufferSize) PVOID Buffer, + _In_ SIZE_T BufferSize, + _Out_opt_ PSIZE_T NumberOfBytesRead, + _In_ ULONG Flags + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWriteVirtualMemory( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _In_reads_bytes_(BufferSize) PVOID Buffer, + _In_ SIZE_T BufferSize, + _Out_opt_ PSIZE_T NumberOfBytesWritten + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtProtectVirtualMemory( + _In_ HANDLE ProcessHandle, + _Inout_ PVOID *BaseAddress, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG NewProtect, + _Out_ PULONG OldProtect + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryVirtualMemory( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _In_ MEMORY_INFORMATION_CLASS MemoryInformationClass, + _Out_writes_bytes_(MemoryInformationLength) PVOID MemoryInformation, + _In_ SIZE_T MemoryInformationLength, + _Out_opt_ PSIZE_T ReturnLength + ); + +typedef struct _IO_STATUS_BLOCK* PIO_STATUS_BLOCK; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFlushVirtualMemory( + _In_ HANDLE ProcessHandle, + _Inout_ PVOID *BaseAddress, + _Inout_ PSIZE_T RegionSize, + _Out_ PIO_STATUS_BLOCK IoStatus + ); + +#endif + +// begin_private +#if (PHNT_MODE != PHNT_MODE_KERNEL) +typedef enum _VIRTUAL_MEMORY_INFORMATION_CLASS +{ + VmPrefetchInformation, // ULONG + VmPagePriorityInformation, // OFFER_PRIORITY + VmCfgCallTargetInformation, // CFG_CALL_TARGET_LIST_INFORMATION // REDSTONE2 + VmPageDirtyStateInformation, // REDSTONE3 + VmImageHotPatchInformation, // 19H1 + VmPhysicalContiguityInformation, // 20H1 + VmVirtualMachinePrepopulateInformation, + VmRemoveFromWorkingSetInformation, + MaxVmInfoClass +} VIRTUAL_MEMORY_INFORMATION_CLASS; +#else +#define VmPrefetchInformation 0x0 +#define VmPagePriorityInformation 0x1 +#define VmCfgCallTargetInformation 0x2 +#define VmPageDirtyStateInformation 0x3 +#define VmImageHotPatchInformation 0x4 +#define VmPhysicalContiguityInformation 0x5 +#define VmVirtualMachinePrepopulateInformation 0x6 +#define VmRemoveFromWorkingSetInformation 0x7 +#define MaxVmInfoClass 0x8 +#endif + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +typedef struct _MEMORY_RANGE_ENTRY +{ + PVOID VirtualAddress; + SIZE_T NumberOfBytes; +} MEMORY_RANGE_ENTRY, *PMEMORY_RANGE_ENTRY; + +typedef struct _CFG_CALL_TARGET_LIST_INFORMATION +{ + ULONG NumberOfEntries; + ULONG Reserved; + PULONG NumberOfEntriesProcessed; + PCFG_CALL_TARGET_INFO CallTargetInfo; + PVOID Section; // since REDSTONE5 + ULONGLONG FileOffset; +} CFG_CALL_TARGET_LIST_INFORMATION, *PCFG_CALL_TARGET_LIST_INFORMATION; +#endif +// end_private + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +#if (PHNT_VERSION >= PHNT_WIN8) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationVirtualMemory( + _In_ HANDLE ProcessHandle, + _In_ VIRTUAL_MEMORY_INFORMATION_CLASS VmInformationClass, + _In_ ULONG_PTR NumberOfEntries, + _In_reads_(NumberOfEntries) PMEMORY_RANGE_ENTRY VirtualAddresses, + _In_reads_bytes_(VmInformationLength) PVOID VmInformation, + _In_ ULONG VmInformationLength + ); + +#endif + +#define MAP_PROCESS 1 +#define MAP_SYSTEM 2 + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtLockVirtualMemory( + _In_ HANDLE ProcessHandle, + _Inout_ PVOID *BaseAddress, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG MapType + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtUnlockVirtualMemory( + _In_ HANDLE ProcessHandle, + _Inout_ PVOID *BaseAddress, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG MapType + ); + +#endif + +// Sections + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateSection( + _Out_ PHANDLE SectionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PLARGE_INTEGER MaximumSize, + _In_ ULONG SectionPageProtection, + _In_ ULONG AllocationAttributes, + _In_opt_ HANDLE FileHandle + ); + +#if (PHNT_VERSION >= PHNT_REDSTONE5) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateSectionEx( + _Out_ PHANDLE SectionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PLARGE_INTEGER MaximumSize, + _In_ ULONG SectionPageProtection, + _In_ ULONG AllocationAttributes, + _In_opt_ HANDLE FileHandle, + _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters, + _In_ ULONG ExtendedParameterCount + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenSection( + _Out_ PHANDLE SectionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtMapViewOfSection( + _In_ HANDLE SectionHandle, + _In_ HANDLE ProcessHandle, + _Inout_ _At_(*BaseAddress, _Readable_bytes_(*ViewSize) _Writable_bytes_(*ViewSize) _Post_readable_byte_size_(*ViewSize)) PVOID *BaseAddress, + _In_ ULONG_PTR ZeroBits, + _In_ SIZE_T CommitSize, + _Inout_opt_ PLARGE_INTEGER SectionOffset, + _Inout_ PSIZE_T ViewSize, + _In_ SECTION_INHERIT InheritDisposition, + _In_ ULONG AllocationType, + _In_ ULONG Win32Protect + ); + +#if (PHNT_VERSION >= PHNT_REDSTONE5) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtMapViewOfSectionEx( + _In_ HANDLE SectionHandle, + _In_ HANDLE ProcessHandle, + _Inout_ _At_(*BaseAddress, _Readable_bytes_(*ViewSize) _Writable_bytes_(*ViewSize) _Post_readable_byte_size_(*ViewSize)) PVOID *BaseAddress, + _Inout_opt_ PLARGE_INTEGER SectionOffset, + _Inout_ PSIZE_T ViewSize, + _In_ ULONG AllocationType, + _In_ ULONG Win32Protect, + _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters, + _In_ ULONG ExtendedParameterCount + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtUnmapViewOfSection( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress + ); + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtUnmapViewOfSectionEx( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _In_ ULONG Flags + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtExtendSection( + _In_ HANDLE SectionHandle, + _Inout_ PLARGE_INTEGER NewSectionSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQuerySection( + _In_ HANDLE SectionHandle, + _In_ SECTION_INFORMATION_CLASS SectionInformationClass, + _Out_writes_bytes_(SectionInformationLength) PVOID SectionInformation, + _In_ SIZE_T SectionInformationLength, + _Out_opt_ PSIZE_T ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAreMappedFilesTheSame( + _In_ PVOID File1MappedAsAnImage, + _In_ PVOID File2MappedAsFile + ); + +#endif + +// Partitions + +#ifndef MEMORY_PARTITION_QUERY_ACCESS +#define MEMORY_PARTITION_QUERY_ACCESS 0x0001 +#define MEMORY_PARTITION_MODIFY_ACCESS 0x0002 +#define MEMORY_PARTITION_ALL_ACCESS \ + (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \ + MEMORY_PARTITION_QUERY_ACCESS | MEMORY_PARTITION_MODIFY_ACCESS) +#endif + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +// private +typedef enum _PARTITION_INFORMATION_CLASS +{ + SystemMemoryPartitionInformation, // q: MEMORY_PARTITION_CONFIGURATION_INFORMATION + SystemMemoryPartitionMoveMemory, // s: MEMORY_PARTITION_TRANSFER_INFORMATION + SystemMemoryPartitionAddPagefile, // s: MEMORY_PARTITION_PAGEFILE_INFORMATION + SystemMemoryPartitionCombineMemory, // q; s: MEMORY_PARTITION_PAGE_COMBINE_INFORMATION + SystemMemoryPartitionInitialAddMemory, // q; s: MEMORY_PARTITION_INITIAL_ADD_INFORMATION + SystemMemoryPartitionGetMemoryEvents, // MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION // since REDSTONE2 + SystemMemoryPartitionSetAttributes, + SystemMemoryPartitionNodeInformation, + SystemMemoryPartitionCreateLargePages, + SystemMemoryPartitionDedicatedMemoryInformation, + SystemMemoryPartitionOpenDedicatedMemory, // 10 + SystemMemoryPartitionMemoryChargeAttributes, + SystemMemoryPartitionClearAttributes, + SystemMemoryPartitionSetMemoryThresholds, // since WIN11 + SystemMemoryPartitionMax +} PARTITION_INFORMATION_CLASS, *PPARTITION_INFORMATION_CLASS; +#else +#define SystemMemoryPartitionInformation 0x0 +#define SystemMemoryPartitionMoveMemory 0x1 +#define SystemMemoryPartitionAddPagefile 0x2 +#define SystemMemoryPartitionCombineMemory 0x3 +#define SystemMemoryPartitionInitialAddMemory 0x4 +#define SystemMemoryPartitionGetMemoryEvents 0x5 +#define SystemMemoryPartitionSetAttributes 0x6 +#define SystemMemoryPartitionNodeInformation 0x7 +#define SystemMemoryPartitionCreateLargePages 0x8 +#define SystemMemoryPartitionDedicatedMemoryInformation 0x9 +#define SystemMemoryPartitionOpenDedicatedMemory 0xA +#define SystemMemoryPartitionMemoryChargeAttributes 0xB +#define SystemMemoryPartitionClearAttributes 0xC +#define SystemMemoryPartitionSetMemoryThresholds 0xD +#define SystemMemoryPartitionMax 0xE +#endif + +// private +typedef struct _MEMORY_PARTITION_CONFIGURATION_INFORMATION +{ + ULONG Flags; + ULONG NumaNode; + ULONG Channel; + ULONG NumberOfNumaNodes; + ULONG_PTR ResidentAvailablePages; + ULONG_PTR CommittedPages; + ULONG_PTR CommitLimit; + ULONG_PTR PeakCommitment; + ULONG_PTR TotalNumberOfPages; + ULONG_PTR AvailablePages; + ULONG_PTR ZeroPages; + ULONG_PTR FreePages; + ULONG_PTR StandbyPages; + ULONG_PTR StandbyPageCountByPriority[8]; // since REDSTONE2 + ULONG_PTR RepurposedPagesByPriority[8]; + ULONG_PTR MaximumCommitLimit; + ULONG_PTR Reserved; // DonatedPagesToPartitions + ULONG PartitionId; // since REDSTONE3 +} MEMORY_PARTITION_CONFIGURATION_INFORMATION, *PMEMORY_PARTITION_CONFIGURATION_INFORMATION; + +// private +typedef struct _MEMORY_PARTITION_TRANSFER_INFORMATION +{ + ULONG_PTR NumberOfPages; + ULONG NumaNode; + ULONG Flags; +} MEMORY_PARTITION_TRANSFER_INFORMATION, *PMEMORY_PARTITION_TRANSFER_INFORMATION; + +// private +typedef struct _MEMORY_PARTITION_PAGEFILE_INFORMATION +{ + UNICODE_STRING PageFileName; + LARGE_INTEGER MinimumSize; + LARGE_INTEGER MaximumSize; + ULONG Flags; +} MEMORY_PARTITION_PAGEFILE_INFORMATION, *PMEMORY_PARTITION_PAGEFILE_INFORMATION; + +// private +typedef struct _MEMORY_PARTITION_PAGE_COMBINE_INFORMATION +{ + HANDLE StopHandle; + ULONG Flags; + ULONG_PTR TotalNumberOfPages; +} MEMORY_PARTITION_PAGE_COMBINE_INFORMATION, *PMEMORY_PARTITION_PAGE_COMBINE_INFORMATION; + +// private +typedef struct _MEMORY_PARTITION_PAGE_RANGE +{ + ULONG_PTR StartPage; + ULONG_PTR NumberOfPages; +} MEMORY_PARTITION_PAGE_RANGE, *PMEMORY_PARTITION_PAGE_RANGE; + +// private +typedef struct _MEMORY_PARTITION_INITIAL_ADD_INFORMATION +{ + ULONG Flags; + ULONG NumberOfRanges; + ULONG_PTR NumberOfPagesAdded; + MEMORY_PARTITION_PAGE_RANGE PartitionRanges[1]; +} MEMORY_PARTITION_INITIAL_ADD_INFORMATION, *PMEMORY_PARTITION_INITIAL_ADD_INFORMATION; + +// private +typedef struct _MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION +{ + union + { + struct + { + ULONG CommitEvents : 1; + ULONG Spare : 31; + }; + ULONG AllFlags; + } Flags; + + ULONG HandleAttributes; + ULONG DesiredAccess; + HANDLE LowCommitCondition; // \KernelObjects\LowCommitCondition + HANDLE HighCommitCondition; // \KernelObjects\HighCommitCondition + HANDLE MaximumCommitCondition; // \KernelObjects\MaximumCommitCondition +} MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION, *PMEMORY_PARTITION_MEMORY_EVENTS_INFORMATION; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +#if (PHNT_VERSION >= PHNT_THRESHOLD) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreatePartition( + _In_opt_ HANDLE ParentPartitionHandle, + _Out_ PHANDLE PartitionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG PreferredNode + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenPartition( + _Out_ PHANDLE PartitionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtManagePartition( + _In_ HANDLE TargetHandle, + _In_opt_ HANDLE SourceHandle, + _In_ PARTITION_INFORMATION_CLASS PartitionInformationClass, + _Inout_updates_bytes_(PartitionInformationLength) PVOID PartitionInformation, + _In_ ULONG PartitionInformationLength + ); + +#endif + +#endif + +// User physical pages + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtMapUserPhysicalPages( + _In_ PVOID VirtualAddress, + _In_ ULONG_PTR NumberOfPages, + _In_reads_opt_(NumberOfPages) PULONG_PTR UserPfnArray + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtMapUserPhysicalPagesScatter( + _In_reads_(NumberOfPages) PVOID *VirtualAddresses, + _In_ ULONG_PTR NumberOfPages, + _In_reads_opt_(NumberOfPages) PULONG_PTR UserPfnArray + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAllocateUserPhysicalPages( + _In_ HANDLE ProcessHandle, + _Inout_ PULONG_PTR NumberOfPages, + _Out_writes_(*NumberOfPages) PULONG_PTR UserPfnArray + ); + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAllocateUserPhysicalPagesEx( + _In_ HANDLE ProcessHandle, + _Inout_ PULONG_PTR NumberOfPages, + _Out_writes_(*NumberOfPages) PULONG_PTR UserPfnArray, + _Inout_updates_opt_(ParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters, + _In_ ULONG ExtendedParameterCount + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFreeUserPhysicalPages( + _In_ HANDLE ProcessHandle, + _Inout_ PULONG_PTR NumberOfPages, + _In_reads_(*NumberOfPages) PULONG_PTR UserPfnArray + ); + +#endif + +// Misc. + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtGetWriteWatch( + _In_ HANDLE ProcessHandle, + _In_ ULONG Flags, + _In_ PVOID BaseAddress, + _In_ SIZE_T RegionSize, + _Out_writes_(*EntriesInUserAddressArray) PVOID *UserAddressArray, + _Inout_ PULONG_PTR EntriesInUserAddressArray, + _Out_ PULONG Granularity + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtResetWriteWatch( + _In_ HANDLE ProcessHandle, + _In_ PVOID BaseAddress, + _In_ SIZE_T RegionSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreatePagingFile( + _In_ PUNICODE_STRING PageFileName, + _In_ PLARGE_INTEGER MinimumSize, + _In_ PLARGE_INTEGER MaximumSize, + _In_ ULONG Priority + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFlushInstructionCache( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _In_ SIZE_T Length + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFlushWriteBuffer( + VOID + ); + +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +// Enclave support + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateEnclave( + _In_ HANDLE ProcessHandle, + _Inout_ PVOID* BaseAddress, + _In_ ULONG_PTR ZeroBits, + _In_ SIZE_T Size, + _In_ SIZE_T InitialCommitment, + _In_ ULONG EnclaveType, + _In_reads_bytes_(EnclaveInformationLength) PVOID EnclaveInformation, + _In_ ULONG EnclaveInformationLength, + _Out_opt_ PULONG EnclaveError + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtLoadEnclaveData( + _In_ HANDLE ProcessHandle, + _In_ PVOID BaseAddress, + _In_reads_bytes_(BufferSize) PVOID Buffer, + _In_ SIZE_T BufferSize, + _In_ ULONG Protect, + _In_reads_bytes_(PageInformationLength) PVOID PageInformation, + _In_ ULONG PageInformationLength, + _Out_opt_ PSIZE_T NumberOfBytesWritten, + _Out_opt_ PULONG EnclaveError + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtInitializeEnclave( + _In_ HANDLE ProcessHandle, + _In_ PVOID BaseAddress, + _In_reads_bytes_(EnclaveInformationLength) PVOID EnclaveInformation, + _In_ ULONG EnclaveInformationLength, + _Out_opt_ PULONG EnclaveError + ); + +// rev +#define TERMINATE_ENCLAVE_VALID_FLAGS 0x00000005ul +#define TERMINATE_ENCLAVE_FLAG_NO_WAIT 0x00000001ul +#define TERMINATE_ENCLAVE_FLAG_WAIT_ERROR 0x00000004ul // STATUS_PENDING -> STATUS_ENCLAVE_NOT_TERMINATED + +// rev +NTSYSCALLAPI +NTSTATUS +NTAPI +NtTerminateEnclave( + _In_ PVOID BaseAddress, + _In_ ULONG Flags // TERMINATE_ENCLAVE_FLAG_* + ); + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +// rev +#define ENCLAVE_CALL_VALID_FLAGS 0x00000001ul +#define ENCLAVE_CALL_FLAG_NO_WAIT 0x00000001ul + +// rev +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCallEnclave( + _In_ PENCLAVE_ROUTINE Routine, + _In_ PVOID Reserved, // reserved for dispatch (RtlEnclaveCallDispatch) + _In_ ULONG Flags, // ENCLAVE_CALL_FLAG_* + _Inout_ PVOID* RoutineParamReturn // input routine parameter, output routine return value + ); +#endif + +#endif + +#endif diff --git a/deps/phnt-nightly/ntnls.h b/deps/phnt-nightly/ntnls.h new file mode 100644 index 0000000..6babac8 --- /dev/null +++ b/deps/phnt-nightly/ntnls.h @@ -0,0 +1,42 @@ +/* + * National Language Support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTNLS_H +#define _NTNLS_H + +#define MAXIMUM_LEADBYTES 12 + +typedef struct _CPTABLEINFO +{ + USHORT CodePage; + USHORT MaximumCharacterSize; + USHORT DefaultChar; + USHORT UniDefaultChar; + USHORT TransDefaultChar; + USHORT TransUniDefaultChar; + USHORT DBCSCodePage; + UCHAR LeadByte[MAXIMUM_LEADBYTES]; + PUSHORT MultiByteTable; + PVOID WideCharTable; + PUSHORT DBCSRanges; + PUSHORT DBCSOffsets; +} CPTABLEINFO, *PCPTABLEINFO; + +typedef struct _NLSTABLEINFO +{ + CPTABLEINFO OemTableInfo; + CPTABLEINFO AnsiTableInfo; + PUSHORT UpperCaseTable; + PUSHORT LowerCaseTable; +} NLSTABLEINFO, *PNLSTABLEINFO; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +NTSYSAPI USHORT NlsAnsiCodePage; +NTSYSAPI BOOLEAN NlsMbCodePageTag; +NTSYSAPI BOOLEAN NlsMbOemCodePageTag; +#endif + +#endif diff --git a/deps/phnt-nightly/ntobapi.h b/deps/phnt-nightly/ntobapi.h new file mode 100644 index 0000000..b77ce30 --- /dev/null +++ b/deps/phnt-nightly/ntobapi.h @@ -0,0 +1,442 @@ +/* + * Object Manager support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTOBAPI_H +#define _NTOBAPI_H + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +#define OBJECT_TYPE_CREATE 0x0001 +#define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | OBJECT_TYPE_CREATE) +#endif + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +#define DIRECTORY_QUERY 0x0001 +#define DIRECTORY_TRAVERSE 0x0002 +#define DIRECTORY_CREATE_OBJECT 0x0004 +#define DIRECTORY_CREATE_SUBDIRECTORY 0x0008 +#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | DIRECTORY_QUERY | DIRECTORY_TRAVERSE | DIRECTORY_CREATE_OBJECT | DIRECTORY_CREATE_SUBDIRECTORY) +#endif + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +#define SYMBOLIC_LINK_QUERY 0x0001 +#define SYMBOLIC_LINK_SET 0x0002 +#define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY) +#define SYMBOLIC_LINK_ALL_ACCESS_EX (STANDARD_RIGHTS_REQUIRED | 0xFFFF) +#endif + +#ifndef OBJ_PROTECT_CLOSE +#define OBJ_PROTECT_CLOSE 0x00000001 +#endif +#ifndef OBJ_INHERIT +#define OBJ_INHERIT 0x00000002 +#endif +#ifndef OBJ_AUDIT_OBJECT_CLOSE +#define OBJ_AUDIT_OBJECT_CLOSE 0x00000004 +#endif + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +typedef enum _OBJECT_INFORMATION_CLASS +{ + ObjectBasicInformation, // q: OBJECT_BASIC_INFORMATION + ObjectNameInformation, // q: OBJECT_NAME_INFORMATION + ObjectTypeInformation, // q: OBJECT_TYPE_INFORMATION + ObjectTypesInformation, // q: OBJECT_TYPES_INFORMATION + ObjectHandleFlagInformation, // qs: OBJECT_HANDLE_FLAG_INFORMATION + ObjectSessionInformation, // s: void // change object session // (requires SeTcbPrivilege) + ObjectSessionObjectInformation, // s: void // change object session // (requires SeTcbPrivilege) + MaxObjectInfoClass +} OBJECT_INFORMATION_CLASS; +#else +#define ObjectBasicInformation 0 +#define ObjectNameInformation 1 +#define ObjectTypeInformation 2 +#define ObjectTypesInformation 3 +#define ObjectHandleFlagInformation 4 +#define ObjectSessionInformation 5 +#define ObjectSessionObjectInformation 6 +#endif + +typedef struct _OBJECT_BASIC_INFORMATION +{ + ULONG Attributes; + ACCESS_MASK GrantedAccess; + ULONG HandleCount; + ULONG PointerCount; + ULONG PagedPoolCharge; + ULONG NonPagedPoolCharge; + ULONG Reserved[3]; + ULONG NameInfoSize; + ULONG TypeInfoSize; + ULONG SecurityDescriptorSize; + LARGE_INTEGER CreationTime; +} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +typedef struct _OBJECT_NAME_INFORMATION +{ + UNICODE_STRING Name; +} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; +#endif + +typedef struct _OBJECT_TYPE_INFORMATION +{ + UNICODE_STRING TypeName; + ULONG TotalNumberOfObjects; + ULONG TotalNumberOfHandles; + ULONG TotalPagedPoolUsage; + ULONG TotalNonPagedPoolUsage; + ULONG TotalNamePoolUsage; + ULONG TotalHandleTableUsage; + ULONG HighWaterNumberOfObjects; + ULONG HighWaterNumberOfHandles; + ULONG HighWaterPagedPoolUsage; + ULONG HighWaterNonPagedPoolUsage; + ULONG HighWaterNamePoolUsage; + ULONG HighWaterHandleTableUsage; + ULONG InvalidAttributes; + GENERIC_MAPPING GenericMapping; + ULONG ValidAccessMask; + BOOLEAN SecurityRequired; + BOOLEAN MaintainHandleCount; + UCHAR TypeIndex; // since WINBLUE + CHAR ReservedByte; + ULONG PoolType; + ULONG DefaultPagedPoolCharge; + ULONG DefaultNonPagedPoolCharge; +} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; + +typedef struct _OBJECT_TYPES_INFORMATION +{ + ULONG NumberOfTypes; +} OBJECT_TYPES_INFORMATION, *POBJECT_TYPES_INFORMATION; + +typedef struct _OBJECT_HANDLE_FLAG_INFORMATION +{ + BOOLEAN Inherit; + BOOLEAN ProtectFromClose; +} OBJECT_HANDLE_FLAG_INFORMATION, *POBJECT_HANDLE_FLAG_INFORMATION; + +// Objects, handles + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryObject( + _In_opt_ HANDLE Handle, + _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, + _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, + _In_ ULONG ObjectInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationObject( + _In_ HANDLE Handle, + _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, + _In_reads_bytes_(ObjectInformationLength) PVOID ObjectInformation, + _In_ ULONG ObjectInformationLength + ); + +#define DUPLICATE_CLOSE_SOURCE 0x00000001 +#define DUPLICATE_SAME_ACCESS 0x00000002 +#define DUPLICATE_SAME_ATTRIBUTES 0x00000004 + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDuplicateObject( + _In_ HANDLE SourceProcessHandle, + _In_ HANDLE SourceHandle, + _In_opt_ HANDLE TargetProcessHandle, + _Out_opt_ PHANDLE TargetHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ ULONG HandleAttributes, + _In_ ULONG Options + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtMakeTemporaryObject( + _In_ HANDLE Handle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtMakePermanentObject( + _In_ HANDLE Handle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSignalAndWaitForSingleObject( + _In_ HANDLE SignalHandle, + _In_ HANDLE WaitHandle, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWaitForSingleObject( + _In_ HANDLE Handle, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWaitForMultipleObjects( + _In_ ULONG Count, + _In_reads_(Count) HANDLE Handles[], + _In_ WAIT_TYPE WaitType, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout + ); + +#if (PHNT_VERSION >= PHNT_WS03) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWaitForMultipleObjects32( + _In_ ULONG Count, + _In_reads_(Count) LONG Handles[], + _In_ WAIT_TYPE WaitType, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetSecurityObject( + _In_ HANDLE Handle, + _In_ SECURITY_INFORMATION SecurityInformation, + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQuerySecurityObject( + _In_ HANDLE Handle, + _In_ SECURITY_INFORMATION SecurityInformation, + _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ ULONG Length, + _Out_ PULONG LengthNeeded + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtClose( + _In_ _Post_ptr_invalid_ HANDLE Handle + ); + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCompareObjects( + _In_ HANDLE FirstObjectHandle, + _In_ HANDLE SecondObjectHandle + ); +#endif + +#endif + +// Directory objects + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateDirectoryObject( + _Out_ PHANDLE DirectoryHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateDirectoryObjectEx( + _Out_ PHANDLE DirectoryHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ShadowDirectoryHandle, + _In_ ULONG Flags + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenDirectoryObject( + _Out_ PHANDLE DirectoryHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +typedef struct _OBJECT_DIRECTORY_INFORMATION +{ + UNICODE_STRING Name; + UNICODE_STRING TypeName; +} OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryDirectoryObject( + _In_ HANDLE DirectoryHandle, + _Out_writes_bytes_opt_(Length) PVOID Buffer, + _In_ ULONG Length, + _In_ BOOLEAN ReturnSingleEntry, + _In_ BOOLEAN RestartScan, + _Inout_ PULONG Context, + _Out_opt_ PULONG ReturnLength + ); + +#endif + +// Private namespaces + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +#if (PHNT_VERSION >= PHNT_VISTA) + +// private +typedef enum _BOUNDARY_ENTRY_TYPE +{ + OBNS_Invalid, + OBNS_Name, + OBNS_SID, + OBNS_IL +} BOUNDARY_ENTRY_TYPE; + +// private +typedef struct _OBJECT_BOUNDARY_ENTRY +{ + BOUNDARY_ENTRY_TYPE EntryType; + ULONG EntrySize; +} OBJECT_BOUNDARY_ENTRY, *POBJECT_BOUNDARY_ENTRY; + +// rev +#define OBJECT_BOUNDARY_DESCRIPTOR_VERSION 1 + +// private +typedef struct _OBJECT_BOUNDARY_DESCRIPTOR +{ + ULONG Version; + ULONG Items; + ULONG TotalSize; + union + { + ULONG Flags; + struct + { + ULONG AddAppContainerSid : 1; + ULONG Reserved : 31; + }; + }; +} OBJECT_BOUNDARY_DESCRIPTOR, *POBJECT_BOUNDARY_DESCRIPTOR; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreatePrivateNamespace( + _Out_ PHANDLE NamespaceHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ POBJECT_BOUNDARY_DESCRIPTOR BoundaryDescriptor + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenPrivateNamespace( + _Out_ PHANDLE NamespaceHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ POBJECT_BOUNDARY_DESCRIPTOR BoundaryDescriptor + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDeletePrivateNamespace( + _In_ HANDLE NamespaceHandle + ); + +#endif + +#endif + +// Symbolic links + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateSymbolicLinkObject( + _Out_ PHANDLE LinkHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ PUNICODE_STRING LinkTarget + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenSymbolicLinkObject( + _Out_ PHANDLE LinkHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQuerySymbolicLinkObject( + _In_ HANDLE LinkHandle, + _Inout_ PUNICODE_STRING LinkTarget, + _Out_opt_ PULONG ReturnedLength + ); + +typedef enum _SYMBOLIC_LINK_INFO_CLASS +{ + SymbolicLinkGlobalInformation = 1, // s: ULONG + SymbolicLinkAccessMask, // s: ACCESS_MASK + MaxnSymbolicLinkInfoClass +} SYMBOLIC_LINK_INFO_CLASS; + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationSymbolicLink( + _In_ HANDLE LinkHandle, + _In_ SYMBOLIC_LINK_INFO_CLASS SymbolicLinkInformationClass, + _In_reads_bytes_(SymbolicLinkInformationLength) PVOID SymbolicLinkInformation, + _In_ ULONG SymbolicLinkInformationLength + ); +#endif + +#endif + +#endif diff --git a/deps/phnt-nightly/ntpebteb.h b/deps/phnt-nightly/ntpebteb.h new file mode 100644 index 0000000..7c11fa0 --- /dev/null +++ b/deps/phnt-nightly/ntpebteb.h @@ -0,0 +1,514 @@ +/* + * Process and Thread Environment Block support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTPEBTEB_H +#define _NTPEBTEB_H + +typedef struct _RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS; +typedef struct _RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION; +typedef struct _SILO_USER_SHARED_DATA *PSILO_USER_SHARED_DATA; +typedef struct _LEAP_SECOND_DATA *PLEAP_SECOND_DATA; + +#include + +// private +#define KACF_OLDGETSHORTPATHNAME 0x00000001 +#define KACF_VERSIONLIE_NOT_USED 0x00000002 +#define KACF_GETDISKFREESPACE 0x00000008 +#define KACF_FTMFROMCURRENTAPT 0x00000020 +#define KACF_DISALLOWORBINDINGCHANGES 0x00000040 +#define KACF_OLE32VALIDATEPTRS 0x00000080 +#define KACF_DISABLECICERO 0x00000100 +#define KACF_OLE32ENABLEASYNCDOCFILE 0x00000200 +#define KACF_OLE32ENABLELEGACYEXCEPTIONHANDLING 0x00000400 +#define KACF_RPCDISABLENDRCLIENTHARDENING 0x00000800 +#define KACF_RPCDISABLENDRMAYBENULL_SIZEIS 0x00001000 +#define KACF_DISABLEALLDDEHACK_NOT_USED 0x00002000 +#define KACF_RPCDISABLENDR61_RANGE 0x00004000 +#define KACF_RPC32ENABLELEGACYEXCEPTIONHANDLING 0x00008000 +#define KACF_OLE32DOCFILEUSELEGACYNTFSFLAGS 0x00010000 +#define KACF_RPCDISABLENDRCONSTIIDCHECK 0x00020000 +#define KACF_USERDISABLEFORWARDERPATCH 0x00040000 +#define KACF_OLE32DISABLENEW_WMPAINT_DISPATCH 0x00100000 +#define KACF_ADDRESTRICTEDSIDINCOINITIALIZESECURITY 0x00200000 +#define KACF_ALLOCDEBUGINFOFORCRITSECTIONS 0x00400000 +#define KACF_OLEAUT32ENABLEUNSAFELOADTYPELIBRELATIVE 0x00800000 +#define KACF_ALLOWMAXIMIZEDWINDOWGAMMA 0x01000000 +#define KACF_DONOTADDTOCACHE 0x80000000 + +// private +typedef struct _API_SET_NAMESPACE +{ + ULONG Version; + ULONG Size; + ULONG Flags; + ULONG Count; + ULONG EntryOffset; + ULONG HashOffset; + ULONG HashFactor; +} API_SET_NAMESPACE, *PAPI_SET_NAMESPACE; + +// private +typedef struct _API_SET_HASH_ENTRY +{ + ULONG Hash; + ULONG Index; +} API_SET_HASH_ENTRY, *PAPI_SET_HASH_ENTRY; + +// private +typedef struct _API_SET_NAMESPACE_ENTRY +{ + ULONG Flags; + ULONG NameOffset; + ULONG NameLength; + ULONG HashedLength; + ULONG ValueOffset; + ULONG ValueCount; +} API_SET_NAMESPACE_ENTRY, *PAPI_SET_NAMESPACE_ENTRY; + +// private +typedef struct _API_SET_VALUE_ENTRY +{ + ULONG Flags; + ULONG NameOffset; + ULONG NameLength; + ULONG ValueOffset; + ULONG ValueLength; +} API_SET_VALUE_ENTRY, *PAPI_SET_VALUE_ENTRY; + +// private +typedef struct _TELEMETRY_COVERAGE_HEADER +{ + UCHAR MajorVersion; + UCHAR MinorVersion; + struct + { + USHORT TracingEnabled : 1; + USHORT Reserved1 : 15; + }; + ULONG HashTableEntries; + ULONG HashIndexMask; + ULONG TableUpdateVersion; + ULONG TableSizeInBytes; + ULONG LastResetTick; + ULONG ResetRound; + ULONG Reserved2; + ULONG RecordedCount; + ULONG Reserved3[4]; + ULONG HashTable[ANYSIZE_ARRAY]; +} TELEMETRY_COVERAGE_HEADER, *PTELEMETRY_COVERAGE_HEADER; + +// symbols +typedef struct _PEB +{ + BOOLEAN InheritedAddressSpace; + BOOLEAN ReadImageFileExecOptions; + BOOLEAN BeingDebugged; + union + { + BOOLEAN BitField; + struct + { + BOOLEAN ImageUsesLargePages : 1; + BOOLEAN IsProtectedProcess : 1; + BOOLEAN IsImageDynamicallyRelocated : 1; + BOOLEAN SkipPatchingUser32Forwarders : 1; + BOOLEAN IsPackagedProcess : 1; + BOOLEAN IsAppContainer : 1; + BOOLEAN IsProtectedProcessLight : 1; + BOOLEAN IsLongPathAwareProcess : 1; + }; + }; + + HANDLE Mutant; + + PVOID ImageBaseAddress; + PPEB_LDR_DATA Ldr; + PRTL_USER_PROCESS_PARAMETERS ProcessParameters; + PVOID SubSystemData; + PVOID ProcessHeap; + PRTL_CRITICAL_SECTION FastPebLock; + PSLIST_HEADER AtlThunkSListPtr; + PVOID IFEOKey; + + union + { + ULONG CrossProcessFlags; + struct + { + ULONG ProcessInJob : 1; + ULONG ProcessInitializing : 1; + ULONG ProcessUsingVEH : 1; + ULONG ProcessUsingVCH : 1; + ULONG ProcessUsingFTH : 1; + ULONG ProcessPreviouslyThrottled : 1; + ULONG ProcessCurrentlyThrottled : 1; + ULONG ProcessImagesHotPatched : 1; // REDSTONE5 + ULONG ReservedBits0 : 24; + }; + }; + union + { + PVOID KernelCallbackTable; + PVOID UserSharedInfoPtr; + }; + ULONG SystemReserved; + ULONG AtlThunkSListPtr32; + PAPI_SET_NAMESPACE ApiSetMap; + ULONG TlsExpansionCounter; + PRTL_BITMAP TlsBitmap; + ULONG TlsBitmapBits[2]; // TLS_MINIMUM_AVAILABLE + + PVOID ReadOnlySharedMemoryBase; + PSILO_USER_SHARED_DATA SharedData; // HotpatchInformation + PVOID *ReadOnlyStaticServerData; + + PVOID AnsiCodePageData; // PCPTABLEINFO + PVOID OemCodePageData; // PCPTABLEINFO + PVOID UnicodeCaseTableData; // PNLSTABLEINFO + + ULONG NumberOfProcessors; + ULONG NtGlobalFlag; + + ULARGE_INTEGER CriticalSectionTimeout; + SIZE_T HeapSegmentReserve; + SIZE_T HeapSegmentCommit; + SIZE_T HeapDeCommitTotalFreeThreshold; + SIZE_T HeapDeCommitFreeBlockThreshold; + + ULONG NumberOfHeaps; + ULONG MaximumNumberOfHeaps; + PVOID *ProcessHeaps; // PHEAP + + PVOID GdiSharedHandleTable; // PGDI_SHARED_MEMORY + PVOID ProcessStarterHelper; + ULONG GdiDCAttributeList; + + PRTL_CRITICAL_SECTION LoaderLock; + + ULONG OSMajorVersion; + ULONG OSMinorVersion; + USHORT OSBuildNumber; + USHORT OSCSDVersion; + ULONG OSPlatformId; + ULONG ImageSubsystem; + ULONG ImageSubsystemMajorVersion; + ULONG ImageSubsystemMinorVersion; + KAFFINITY ActiveProcessAffinityMask; + GDI_HANDLE_BUFFER GdiHandleBuffer; + PVOID PostProcessInitRoutine; + + PRTL_BITMAP TlsExpansionBitmap; + ULONG TlsExpansionBitmapBits[32]; // TLS_EXPANSION_SLOTS + + ULONG SessionId; + + ULARGE_INTEGER AppCompatFlags; // KACF_* + ULARGE_INTEGER AppCompatFlagsUser; + PVOID pShimData; + PVOID AppCompatInfo; // APPCOMPAT_EXE_DATA + + UNICODE_STRING CSDVersion; + + PACTIVATION_CONTEXT_DATA ActivationContextData; + PASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; + PACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; + PASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; + + SIZE_T MinimumStackCommit; + + PVOID SparePointers[2]; // 19H1 (previously FlsCallback to FlsHighIndex) + PVOID PatchLoaderData; + PVOID ChpeV2ProcessInfo; // _CHPEV2_PROCESS_INFO + + ULONG AppModelFeatureState; + ULONG SpareUlongs[2]; + + USHORT ActiveCodePage; + USHORT OemCodePage; + USHORT UseCaseMapping; + USHORT UnusedNlsField; + + PVOID WerRegistrationData; + PVOID WerShipAssertPtr; + + union + { + PVOID pContextData; // WIN7 + PVOID pUnused; // WIN10 + PVOID EcCodeBitMap; // WIN11 + }; + + PVOID pImageHeaderHash; + union + { + ULONG TracingFlags; + struct + { + ULONG HeapTracingEnabled : 1; + ULONG CritSecTracingEnabled : 1; + ULONG LibLoaderTracingEnabled : 1; + ULONG SpareTracingBits : 29; + }; + }; + ULONGLONG CsrServerReadOnlySharedMemoryBase; + PRTL_CRITICAL_SECTION TppWorkerpListLock; + LIST_ENTRY TppWorkerpList; + PVOID WaitOnAddressHashTable[128]; + PTELEMETRY_COVERAGE_HEADER TelemetryCoverageHeader; // REDSTONE3 + ULONG CloudFileFlags; + ULONG CloudFileDiagFlags; // REDSTONE4 + CHAR PlaceholderCompatibilityMode; + CHAR PlaceholderCompatibilityModeReserved[7]; + PLEAP_SECOND_DATA LeapSecondData; // REDSTONE5 + union + { + ULONG LeapSecondFlags; + struct + { + ULONG SixtySecondEnabled : 1; + ULONG Reserved : 31; + }; + }; + ULONG NtGlobalFlag2; + ULONGLONG ExtendedFeatureDisableMask; // since WIN11 +} PEB, *PPEB; + +#ifdef _WIN64 +C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x2C0); +//C_ASSERT(sizeof(PEB) == 0x7B0); // REDSTONE3 +//C_ASSERT(sizeof(PEB) == 0x7B8); // REDSTONE4 +//C_ASSERT(sizeof(PEB) == 0x7C8); // REDSTONE5 // 19H1 +C_ASSERT(sizeof(PEB) == 0x7d0); // WIN11 +#else +C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x1D4); +//C_ASSERT(sizeof(PEB) == 0x468); // REDSTONE3 +//C_ASSERT(sizeof(PEB) == 0x470); // REDSTONE4 +//C_ASSERT(sizeof(PEB) == 0x480); // REDSTONE5 // 19H1 +C_ASSERT(sizeof(PEB) == 0x488); // WIN11 +#endif + +#define GDI_BATCH_BUFFER_SIZE 310 + +typedef struct _GDI_TEB_BATCH +{ + ULONG Offset; + ULONG_PTR HDC; + ULONG Buffer[GDI_BATCH_BUFFER_SIZE]; +} GDI_TEB_BATCH, *PGDI_TEB_BATCH; + +typedef struct _TEB_ACTIVE_FRAME_CONTEXT +{ + ULONG Flags; + PSTR FrameName; +} TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT; + +typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX +{ + TEB_ACTIVE_FRAME_CONTEXT BasicContext; + PSTR SourceLocation; +} TEB_ACTIVE_FRAME_CONTEXT_EX, *PTEB_ACTIVE_FRAME_CONTEXT_EX; + +typedef struct _TEB_ACTIVE_FRAME +{ + ULONG Flags; + struct _TEB_ACTIVE_FRAME *Previous; + PTEB_ACTIVE_FRAME_CONTEXT Context; +} TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME; + +typedef struct _TEB_ACTIVE_FRAME_EX +{ + TEB_ACTIVE_FRAME BasicFrame; + PVOID ExtensionIdentifier; +} TEB_ACTIVE_FRAME_EX, *PTEB_ACTIVE_FRAME_EX; + +#define STATIC_UNICODE_BUFFER_LENGTH 261 +#define WIN32_CLIENT_INFO_LENGTH 62 + +typedef struct _TEB +{ + NT_TIB NtTib; + + PVOID EnvironmentPointer; + CLIENT_ID ClientId; + PVOID ActiveRpcHandle; + PVOID ThreadLocalStoragePointer; + PPEB ProcessEnvironmentBlock; + + ULONG LastErrorValue; + ULONG CountOfOwnedCriticalSections; + PVOID CsrClientThread; + PVOID Win32ThreadInfo; + ULONG User32Reserved[26]; + ULONG UserReserved[5]; + PVOID WOW32Reserved; + LCID CurrentLocale; + ULONG FpSoftwareStatusRegister; + PVOID ReservedForDebuggerInstrumentation[16]; +#ifdef _WIN64 + PVOID SystemReserved1[30]; +#else + PVOID SystemReserved1[26]; +#endif + + CHAR PlaceholderCompatibilityMode; + BOOLEAN PlaceholderHydrationAlwaysExplicit; + CHAR PlaceholderReserved[10]; + + ULONG ProxiedProcessId; + ACTIVATION_CONTEXT_STACK ActivationStack; + + UCHAR WorkingOnBehalfTicket[8]; + NTSTATUS ExceptionCode; + + PACTIVATION_CONTEXT_STACK ActivationContextStackPointer; + ULONG_PTR InstrumentationCallbackSp; + ULONG_PTR InstrumentationCallbackPreviousPc; + ULONG_PTR InstrumentationCallbackPreviousSp; +#ifdef _WIN64 + ULONG TxFsContext; +#endif + + BOOLEAN InstrumentationCallbackDisabled; +#ifdef _WIN64 + BOOLEAN UnalignedLoadStoreExceptions; +#endif +#ifndef _WIN64 + UCHAR SpareBytes[23]; + ULONG TxFsContext; +#endif + GDI_TEB_BATCH GdiTebBatch; + CLIENT_ID RealClientId; + HANDLE GdiCachedProcessHandle; + ULONG GdiClientPID; + ULONG GdiClientTID; + PVOID GdiThreadLocalInfo; + ULONG_PTR Win32ClientInfo[WIN32_CLIENT_INFO_LENGTH]; + + PVOID glDispatchTable[233]; + ULONG_PTR glReserved1[29]; + PVOID glReserved2; + PVOID glSectionInfo; + PVOID glSection; + PVOID glTable; + PVOID glCurrentRC; + PVOID glContext; + + NTSTATUS LastStatusValue; + UNICODE_STRING StaticUnicodeString; + WCHAR StaticUnicodeBuffer[STATIC_UNICODE_BUFFER_LENGTH]; + + PVOID DeallocationStack; + PVOID TlsSlots[TLS_MINIMUM_AVAILABLE]; + LIST_ENTRY TlsLinks; + + PVOID Vdm; + PVOID ReservedForNtRpc; + PVOID DbgSsReserved[2]; + + ULONG HardErrorMode; +#ifdef _WIN64 + PVOID Instrumentation[11]; +#else + PVOID Instrumentation[9]; +#endif + GUID ActivityId; + + PVOID SubProcessTag; + PVOID PerflibData; + PVOID EtwTraceData; + PVOID WinSockData; + ULONG GdiBatchCount; + + union + { + PROCESSOR_NUMBER CurrentIdealProcessor; + ULONG IdealProcessorValue; + struct + { + UCHAR ReservedPad0; + UCHAR ReservedPad1; + UCHAR ReservedPad2; + UCHAR IdealProcessor; + }; + }; + + ULONG GuaranteedStackBytes; + PVOID ReservedForPerf; + PVOID ReservedForOle; // tagSOleTlsData + ULONG WaitingOnLoaderLock; + PVOID SavedPriorityState; + ULONG_PTR ReservedForCodeCoverage; + PVOID ThreadPoolData; + PVOID *TlsExpansionSlots; +#ifdef _WIN64 + PVOID DeallocationBStore; + PVOID BStoreLimit; +#endif + ULONG MuiGeneration; + ULONG IsImpersonating; + PVOID NlsCache; + PVOID pShimData; + ULONG HeapData; + HANDLE CurrentTransactionHandle; + PTEB_ACTIVE_FRAME ActiveFrame; + PVOID FlsData; + + PVOID PreferredLanguages; + PVOID UserPrefLanguages; + PVOID MergedPrefLanguages; + ULONG MuiImpersonation; + + union + { + USHORT CrossTebFlags; + USHORT SpareCrossTebBits : 16; + }; + union + { + USHORT SameTebFlags; + struct + { + USHORT SafeThunkCall : 1; + USHORT InDebugPrint : 1; + USHORT HasFiberData : 1; + USHORT SkipThreadAttach : 1; + USHORT WerInShipAssertCode : 1; + USHORT RanProcessInit : 1; + USHORT ClonedThread : 1; + USHORT SuppressDebugMsg : 1; + USHORT DisableUserStackWalk : 1; + USHORT RtlExceptionAttached : 1; + USHORT InitialThread : 1; + USHORT SessionAware : 1; + USHORT LoadOwner : 1; + USHORT LoaderWorker : 1; + USHORT SkipLoaderInit : 1; + USHORT SkipFileAPIBrokering : 1; + }; + }; + + PVOID TxnScopeEnterCallback; + PVOID TxnScopeExitCallback; + PVOID TxnScopeContext; + ULONG LockCount; + LONG WowTebOffset; + PVOID ResourceRetValue; + PVOID ReservedForWdf; + ULONGLONG ReservedForCrt; + GUID EffectiveContainerId; + ULONGLONG LastSleepCounter; // Win11 + ULONG SpinCallCount; + ULONGLONG ExtendedFeatureDisableMask; +} TEB, *PTEB; + +#ifdef _WIN64 +C_ASSERT(sizeof(TEB) == 0x1850); // WIN11 +#else +C_ASSERT(sizeof(TEB) == 0x1018); // WIN11 +#endif + +#endif diff --git a/deps/phnt-nightly/ntpfapi.h b/deps/phnt-nightly/ntpfapi.h new file mode 100644 index 0000000..dc7354f --- /dev/null +++ b/deps/phnt-nightly/ntpfapi.h @@ -0,0 +1,456 @@ +/* + * Prefetcher (Superfetch) support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTPFAPI_H +#define _NTPFAPI_H + +// begin_private + +// Prefetch + +typedef enum _PF_BOOT_PHASE_ID +{ + PfKernelInitPhase = 0, + PfBootDriverInitPhase = 90, + PfSystemDriverInitPhase = 120, + PfSessionManagerInitPhase = 150, + PfSMRegistryInitPhase = 180, + PfVideoInitPhase = 210, + PfPostVideoInitPhase = 240, + PfBootAcceptedRegistryInitPhase = 270, + PfUserShellReadyPhase = 300, + PfMaxBootPhaseId = 900 +} PF_BOOT_PHASE_ID; + +typedef enum _PF_ENABLE_STATUS +{ + PfSvNotSpecified, + PfSvEnabled, + PfSvDisabled, + PfSvMaxEnableStatus +} PF_ENABLE_STATUS; + +typedef struct _PF_TRACE_LIMITS +{ + ULONG MaxNumPages; + ULONG MaxNumSections; + LONGLONG TimerPeriod; +} PF_TRACE_LIMITS, *PPF_TRACE_LIMITS; + +typedef struct _PF_SYSTEM_PREFETCH_PARAMETERS +{ + PF_ENABLE_STATUS EnableStatus[2]; + PF_TRACE_LIMITS TraceLimits[2]; + ULONG MaxNumActiveTraces; + ULONG MaxNumSavedTraces; + WCHAR RootDirPath[32]; + WCHAR HostingApplicationList[128]; +} PF_SYSTEM_PREFETCH_PARAMETERS, *PPF_SYSTEM_PREFETCH_PARAMETERS; + +#define PF_BOOT_CONTROL_VERSION 1 + +typedef struct _PF_BOOT_CONTROL +{ + ULONG Version; + ULONG DisableBootPrefetching; +} PF_BOOT_CONTROL, *PPF_BOOT_CONTROL; + +typedef enum _PREFETCHER_INFORMATION_CLASS +{ + PrefetcherRetrieveTrace = 1, // q: CHAR[] + PrefetcherSystemParameters, // q: PF_SYSTEM_PREFETCH_PARAMETERS + PrefetcherBootPhase, // s: PF_BOOT_PHASE_ID + PrefetcherSpare1, // PrefetcherRetrieveBootLoaderTrace // q: CHAR[] + PrefetcherBootControl, // s: PF_BOOT_CONTROL + PrefetcherScenarioPolicyControl, + PrefetcherSpare2, + PrefetcherAppLaunchScenarioControl, + PrefetcherInformationMax +} PREFETCHER_INFORMATION_CLASS; + +#define PREFETCHER_INFORMATION_VERSION 23 // rev +#define PREFETCHER_INFORMATION_MAGIC ('kuhC') // rev + +typedef struct _PREFETCHER_INFORMATION +{ + _In_ ULONG Version; + _In_ ULONG Magic; + _In_ PREFETCHER_INFORMATION_CLASS PrefetcherInformationClass; + _Inout_ PVOID PrefetcherInformation; + _Inout_ ULONG PrefetcherInformationLength; +} PREFETCHER_INFORMATION, *PPREFETCHER_INFORMATION; + +// Superfetch + +typedef struct _PF_SYSTEM_SUPERFETCH_PARAMETERS +{ + ULONG EnabledComponents; + ULONG BootID; + ULONG SavedSectInfoTracesMax; + ULONG SavedPageAccessTracesMax; + ULONG ScenarioPrefetchTimeoutStandby; + ULONG ScenarioPrefetchTimeoutHibernate; + ULONG ScenarioPrefetchTimeoutHiberBoot; +} PF_SYSTEM_SUPERFETCH_PARAMETERS, *PPF_SYSTEM_SUPERFETCH_PARAMETERS; + +// rev +typedef enum _PF_EVENT_TYPE +{ + PfEventTypeImageLoad = 0, + PfEventTypeAppLaunch = 1, + PfEventTypeStartTrace = 2, + PfEventTypeEndTrace = 3, + PfEventTypeTimestamp = 4, + PfEventTypeOperation = 5, + PfEventTypeRepurpose = 6, + PfEventTypeForegroundProcess = 7, + PfEventTypeTimeRange = 8, + PfEventTypeUserInput = 9, + PfEventTypeFileAccess = 10, + PfEventTypeUnmap = 11, + PfEventTypeUtilization = 11, + PfEventTypeMemInfo = 12, + PfEventTypeFileDelete = 13, + PfEventTypeAppExit = 14, + PfEventTypeSystemTime = 15, + PfEventTypePower = 16, + PfEventTypeSessionChange = 17, + PfEventTypeHardFaultTimeStamp = 18, + PfEventTypeVirtualFree = 19, + PfEventTypePerfInfo = 20, + PfEventTypeProcessSnapshot = 21, + PfEventTypeUserSnapshot = 22, + PfEventTypeStreamSequenceNumber = 23, + PfEventTypeFileTruncate = 24, + PfEventTypeFileRename = 25, + PfEventTypeFileCreate = 26, + PfEventTypeAgCxContext = 27, + PfEventTypePowerAction = 28, + PfEventTypeHardFaultTS = 29, + PfEventTypeRobustInfo = 30, + PfEventTypeFileDefrag = 31, + PfEventTypeMax = 32 +} PF_EVENT_TYPE; + +// rev +typedef struct _PF_LOG_EVENT_DATA +{ + ULONG EventType : 5; // PF_EVENT_TYPE + ULONG Flags : 2; + ULONG DataSize : 25; + PVOID EventData; +} PF_LOG_EVENT_DATA, *PPF_LOG_EVENT_DATA; + +#define PF_PFN_PRIO_REQUEST_VERSION 1 +#define PF_PFN_PRIO_REQUEST_QUERY_MEMORY_LIST 0x1 +#define PF_PFN_PRIO_REQUEST_VALID_FLAGS 0x1 + +typedef struct _PF_PFN_PRIO_REQUEST +{ + ULONG Version; + ULONG RequestFlags; + ULONG_PTR PfnCount; + SYSTEM_MEMORY_LIST_INFORMATION MemInfo; + MMPFN_IDENTITY PageData[256]; +} PF_PFN_PRIO_REQUEST, *PPF_PFN_PRIO_REQUEST; + +typedef enum _PFS_PRIVATE_PAGE_SOURCE_TYPE +{ + PfsPrivateSourceKernel, + PfsPrivateSourceSession, + PfsPrivateSourceProcess, + PfsPrivateSourceMax +} PFS_PRIVATE_PAGE_SOURCE_TYPE; + +typedef struct _PFS_PRIVATE_PAGE_SOURCE +{ + PFS_PRIVATE_PAGE_SOURCE_TYPE Type; + union + { + ULONG SessionId; + ULONG ProcessId; + }; + ULONG ImagePathHash; + ULONG_PTR UniqueProcessHash; +} PFS_PRIVATE_PAGE_SOURCE, *PPFS_PRIVATE_PAGE_SOURCE; + +typedef struct _PF_PRIVSOURCE_INFO +{ + PFS_PRIVATE_PAGE_SOURCE DbInfo; + PVOID EProcess; + SIZE_T WsPrivatePages; + SIZE_T TotalPrivatePages; + ULONG SessionID; + CHAR ImageName[16]; + union { + ULONG_PTR WsSwapPages; // process only PF_PRIVSOURCE_QUERY_WS_SWAP_PAGES. + ULONG_PTR SessionPagedPoolPages; // session only. + ULONG_PTR StoreSizePages; // process only PF_PRIVSOURCE_QUERY_STORE_INFO. + }; + ULONG_PTR WsTotalPages; // process/session only. + ULONG DeepFreezeTimeMs; // process only. + ULONG ModernApp : 1; // process only. + ULONG DeepFrozen : 1; // process only. If set, DeepFreezeTimeMs contains the time at which the freeze occurred + ULONG Foreground : 1; // process only. + ULONG PerProcessStore : 1; // process only. + ULONG Spare : 28; +} PF_PRIVSOURCE_INFO, *PPF_PRIVSOURCE_INFO; + +// rev +#define PF_PRIVSOURCE_QUERY_REQUEST_VERSION 8 +#define PF_PRIVSOURCE_QUERY_REQUEST_FLAGS_QUERYWSPAGES 0x1 +#define PF_PRIVSOURCE_QUERY_REQUEST_FLAGS_QUERYCOMPRESSEDPAGES 0x2 +#define PF_PRIVSOURCE_QUERY_REQUEST_FLAGS_QUERYSKIPPAGES 0x4 // ?? + +// rev +typedef struct _PF_PRIVSOURCE_QUERY_REQUEST +{ + ULONG Version; + ULONG Flags; + ULONG InfoCount; + PF_PRIVSOURCE_INFO InfoArray[1]; +} PF_PRIVSOURCE_QUERY_REQUEST, *PPF_PRIVSOURCE_QUERY_REQUEST; + +// rev +typedef enum _PF_PHASED_SCENARIO_TYPE +{ + PfScenarioTypeNone, + PfScenarioTypeStandby, + PfScenarioTypeHibernate, + PfScenarioTypeFUS, + PfScenarioTypeMax +} PF_PHASED_SCENARIO_TYPE; + +// rev +#define PF_SCENARIO_PHASE_INFO_VERSION 4 + +// rev +typedef struct _PF_SCENARIO_PHASE_INFO +{ + ULONG Version; + PF_PHASED_SCENARIO_TYPE ScenType; + ULONG PhaseId; + ULONG SequenceNumber; + ULONG Flags; + ULONG FUSUserId; +} PF_SCENARIO_PHASE_INFO, *PPF_SCENARIO_PHASE_INFO; + +// rev +typedef struct _PF_MEMORY_LIST_NODE +{ + ULONGLONG Node : 8; + ULONGLONG Spare : 56; + ULONGLONG StandbyLowPageCount; + ULONGLONG StandbyMediumPageCount; + ULONGLONG StandbyHighPageCount; + ULONGLONG FreePageCount; + ULONGLONG ModifiedPageCount; +} PF_MEMORY_LIST_NODE, *PPF_MEMORY_LIST_NODE; + +// rev +typedef struct _PF_ROBUST_PROCESS_ENTRY +{ + ULONG ImagePathHash; + ULONG Pid; + ULONG Alignment; +} PF_ROBUST_PROCESS_ENTRY, *PPF_ROBUST_PROCESS_ENTRY; + +// rev +typedef struct _PF_ROBUST_FILE_ENTRY +{ + ULONG FilePathHash; +} PF_ROBUST_FILE_ENTRY, *PPF_ROBUST_FILE_ENTRY; + +// rev +typedef enum _PF_ROBUSTNESS_CONTROL_COMMAND +{ + PfRpControlUpdate = 0, + PfRpControlReset = 1, + PfRpControlRobustAllStart = 2, + PfRpControlRobustAllStop = 3, + PfRpControlCommandMax = 4 +} PF_ROBUSTNESS_CONTROL_COMMAND; + +// rev +#define PF_ROBUSTNESS_CONTROL_VERSION 1 + +// rev +typedef struct _PF_ROBUSTNESS_CONTROL +{ + ULONG Version; + PF_ROBUSTNESS_CONTROL_COMMAND Command; + ULONG DeprioProcessCount; + ULONG ExemptProcessCount; + ULONG DeprioFileCount; + ULONG ExemptFileCount; + PF_ROBUST_PROCESS_ENTRY ProcessEntries[1]; + PF_ROBUST_FILE_ENTRY FileEntries[1]; +} PF_ROBUSTNESS_CONTROL, *PPF_ROBUSTNESS_CONTROL; + +// rev +typedef struct _PF_TIME_CONTROL +{ + LONG TimeAdjustment; +} PF_TIME_CONTROL, *PPF_TIME_CONTROL; + +#define PF_MEMORY_LIST_INFO_VERSION 1 + +typedef struct _PF_MEMORY_LIST_INFO +{ + ULONG Version; + ULONG Size; + ULONG NodeCount; + PF_MEMORY_LIST_NODE Nodes[1]; +} PF_MEMORY_LIST_INFO, *PPF_MEMORY_LIST_INFO; + +typedef struct _PF_PHYSICAL_MEMORY_RANGE +{ + ULONG_PTR BasePfn; + ULONG_PTR PageCount; +} PF_PHYSICAL_MEMORY_RANGE, *PPF_PHYSICAL_MEMORY_RANGE; + +#define PF_PHYSICAL_MEMORY_RANGE_INFO_V1_VERSION 1 + +typedef struct _PF_PHYSICAL_MEMORY_RANGE_INFO_V1 +{ + ULONG Version; + ULONG RangeCount; + PF_PHYSICAL_MEMORY_RANGE Ranges[1]; +} PF_PHYSICAL_MEMORY_RANGE_INFO_V1, *PPF_PHYSICAL_MEMORY_RANGE_INFO_V1; + +#define PF_PHYSICAL_MEMORY_RANGE_INFO_V2_VERSION 2 + +typedef struct _PF_PHYSICAL_MEMORY_RANGE_INFO_V2 +{ + ULONG Version; + ULONG Flags; + ULONG RangeCount; + PF_PHYSICAL_MEMORY_RANGE Ranges[ANYSIZE_ARRAY]; +} PF_PHYSICAL_MEMORY_RANGE_INFO_V2, *PPF_PHYSICAL_MEMORY_RANGE_INFO_V2; + +// rev +#define PF_REPURPOSED_BY_PREFETCH_INFO_VERSION 1 + +// rev +typedef struct _PF_REPURPOSED_BY_PREFETCH_INFO +{ + ULONG Version; + SIZE_T RepurposedByPrefetch; +} PF_REPURPOSED_BY_PREFETCH_INFO, *PPF_REPURPOSED_BY_PREFETCH_INFO; + +// rev +#define PF_VIRTUAL_QUERY_VERSION 1 + +// rev +typedef struct _PF_VIRTUAL_QUERY +{ + ULONG Version; + union + { + ULONG Flags; + struct + { + ULONG FaultInPageTables : 1; + ULONG ReportPageTables : 1; + ULONG Spare : 30; + }; + }; + PVOID QueryBuffer; // MEMORY_WORKING_SET_EX_INFORMATION[NumberOfPages] (input: VirtualAddress[], output: VirtualAttributes[]) + SIZE_T QueryBufferSize; // NumberOfPages * sizeof(MEMORY_WORKING_SET_EX_INFORMATION) + HANDLE ProcessHandle; +} PF_VIRTUAL_QUERY, *PPF_VIRTUAL_QUERY; + +// rev +#define PF_MIN_WS_AGE_RATE_CONTROL_VERSION 1 + +// rev +typedef struct _PF_MIN_WS_AGE_RATE_CONTROL +{ + ULONG Version; + ULONG SecondsToOldestAge; +} PF_MIN_WS_AGE_RATE_CONTROL, *PPF_MIN_WS_AGE_RATE_CONTROL; + +// rev +#define PF_DEPRIORITIZE_OLD_PAGES_VERSION 3 + +// rev +typedef struct _PF_DEPRIORITIZE_OLD_PAGES +{ + ULONG Version; + HANDLE ProcessHandle; + union + { + ULONG Flags; + struct + { + ULONG TargetPriority : 4; + ULONG TrimPages : 2; + ULONG Spare : 26; + }; + }; +} PF_DEPRIORITIZE_OLD_PAGES, *PPF_DEPRIORITIZE_OLD_PAGES; + +// rev +#define PF_GPU_UTILIZATION_INFO_VERSION 1 + +// rev +typedef struct _PF_GPU_UTILIZATION_INFO +{ + ULONG Version; + ULONG SessionId; + ULONGLONG GpuTime; +} PF_GPU_UTILIZATION_INFO, *PPF_GPU_UTILIZATION_INFO; + +// rev +typedef enum _SUPERFETCH_INFORMATION_CLASS +{ + SuperfetchRetrieveTrace = 1, // q: CHAR[] + SuperfetchSystemParameters, // q: PF_SYSTEM_SUPERFETCH_PARAMETERS + SuperfetchLogEvent, // s: PF_LOG_EVENT_DATA + SuperfetchGenerateTrace, // s: NULL + SuperfetchPrefetch, + SuperfetchPfnQuery, // q: PF_PFN_PRIO_REQUEST + SuperfetchPfnSetPriority, + SuperfetchPrivSourceQuery, // q: PF_PRIVSOURCE_QUERY_REQUEST + SuperfetchSequenceNumberQuery, // q: ULONG + SuperfetchScenarioPhase, // 10 + SuperfetchWorkerPriority, // s: KPRIORITY + SuperfetchScenarioQuery, // q: PF_SCENARIO_PHASE_INFO + SuperfetchScenarioPrefetch, + SuperfetchRobustnessControl, // s: PF_ROBUSTNESS_CONTROL + SuperfetchTimeControl, // s: PF_TIME_CONTROL + SuperfetchMemoryListQuery, // q: PF_MEMORY_LIST_INFO + SuperfetchMemoryRangesQuery, // q: PF_PHYSICAL_MEMORY_RANGE_INFO + SuperfetchTracingControl, + SuperfetchTrimWhileAgingControl, + SuperfetchRepurposedByPrefetch, // q: PF_REPURPOSED_BY_PREFETCH_INFO // 20 + SuperfetchChannelPowerRequest, + SuperfetchMovePages, + SuperfetchVirtualQuery, // q: PF_VIRTUAL_QUERY + SuperfetchCombineStatsQuery, + SuperfetchSetMinWsAgeRate, // s: PF_MIN_WS_AGE_RATE_CONTROL + SuperfetchDeprioritizeOldPagesInWs, // s: PF_DEPRIORITIZE_OLD_PAGES + SuperfetchFileExtentsQuery, // q: PF_FILE_EXTENTS_INFO + SuperfetchGpuUtilizationQuery, // q: PF_GPU_UTILIZATION_INFO + SuperfetchPfnSet, // s: PF_PFN_PRIO_REQUEST // since WIN11 + SuperfetchInformationMax +} SUPERFETCH_INFORMATION_CLASS; + +#define SUPERFETCH_INFORMATION_VERSION 45 // rev +#define SUPERFETCH_INFORMATION_MAGIC ('kuhC') // rev + +typedef struct _SUPERFETCH_INFORMATION +{ + _In_ ULONG Version; + _In_ ULONG Magic; + _In_ SUPERFETCH_INFORMATION_CLASS SuperfetchInformationClass; + _Inout_ PVOID SuperfetchInformation; + _Inout_ ULONG SuperfetchInformationLength; +} SUPERFETCH_INFORMATION, *PSUPERFETCH_INFORMATION; + +// end_private + +#endif diff --git a/deps/phnt-nightly/ntpnpapi.h b/deps/phnt-nightly/ntpnpapi.h new file mode 100644 index 0000000..dd1147e --- /dev/null +++ b/deps/phnt-nightly/ntpnpapi.h @@ -0,0 +1,207 @@ +/* + * Plug and Play support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTPNPAPI_H +#define _NTPNPAPI_H + +typedef enum _PLUGPLAY_EVENT_CATEGORY +{ + HardwareProfileChangeEvent, + TargetDeviceChangeEvent, + DeviceClassChangeEvent, + CustomDeviceEvent, + DeviceInstallEvent, + DeviceArrivalEvent, + PowerEvent, + VetoEvent, + BlockedDriverEvent, + InvalidIDEvent, + MaxPlugEventCategory +} PLUGPLAY_EVENT_CATEGORY, *PPLUGPLAY_EVENT_CATEGORY; + +typedef struct _PLUGPLAY_EVENT_BLOCK +{ + GUID EventGuid; + PLUGPLAY_EVENT_CATEGORY EventCategory; + PULONG Result; + ULONG Flags; + ULONG TotalSize; + PVOID DeviceObject; + + union + { + struct + { + GUID ClassGuid; + WCHAR SymbolicLinkName[1]; + } DeviceClass; + struct + { + WCHAR DeviceIds[1]; + } TargetDevice; + struct + { + WCHAR DeviceId[1]; + } InstallDevice; + struct + { + PVOID NotificationStructure; + WCHAR DeviceIds[1]; + } CustomNotification; + struct + { + PVOID Notification; + } ProfileNotification; + struct + { + ULONG NotificationCode; + ULONG NotificationData; + } PowerNotification; + struct + { + PNP_VETO_TYPE VetoType; + WCHAR DeviceIdVetoNameBuffer[1]; // DeviceIdVetoName + } VetoNotification; + struct + { + GUID BlockedDriverGuid; + } BlockedDriverNotification; + struct + { + WCHAR ParentId[1]; + } InvalidIDNotification; + } u; +} PLUGPLAY_EVENT_BLOCK, *PPLUGPLAY_EVENT_BLOCK; + +typedef enum _PLUGPLAY_CONTROL_CLASS +{ + PlugPlayControlEnumerateDevice, // PLUGPLAY_CONTROL_ENUMERATE_DEVICE_DATA + PlugPlayControlRegisterNewDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA + PlugPlayControlDeregisterDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA + PlugPlayControlInitializeDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA + PlugPlayControlStartDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA + PlugPlayControlUnlockDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA + PlugPlayControlQueryAndRemoveDevice, // PLUGPLAY_CONTROL_QUERY_AND_REMOVE_DATA + PlugPlayControlUserResponse, // PLUGPLAY_CONTROL_USER_RESPONSE_DATA + PlugPlayControlGenerateLegacyDevice, // PLUGPLAY_CONTROL_LEGACY_DEVGEN_DATA + PlugPlayControlGetInterfaceDeviceList, // PLUGPLAY_CONTROL_INTERFACE_LIST_DATA + PlugPlayControlProperty, // PLUGPLAY_CONTROL_PROPERTY_DATA + PlugPlayControlDeviceClassAssociation, // PLUGPLAY_CONTROL_CLASS_ASSOCIATION_DATA + PlugPlayControlGetRelatedDevice, // PLUGPLAY_CONTROL_RELATED_DEVICE_DATA + PlugPlayControlGetInterfaceDeviceAlias, // PLUGPLAY_CONTROL_INTERFACE_ALIAS_DATA + PlugPlayControlDeviceStatus, // PLUGPLAY_CONTROL_STATUS_DATA + PlugPlayControlGetDeviceDepth, // PLUGPLAY_CONTROL_DEPTH_DATA + PlugPlayControlQueryDeviceRelations, // PLUGPLAY_CONTROL_DEVICE_RELATIONS_DATA + PlugPlayControlTargetDeviceRelation, // PLUGPLAY_CONTROL_TARGET_RELATION_DATA + PlugPlayControlQueryConflictList, // PLUGPLAY_CONTROL_CONFLICT_LIST + PlugPlayControlRetrieveDock, // PLUGPLAY_CONTROL_RETRIEVE_DOCK_DATA + PlugPlayControlResetDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA + PlugPlayControlHaltDevice, // PLUGPLAY_CONTROL_DEVICE_CONTROL_DATA + PlugPlayControlGetBlockedDriverList, // PLUGPLAY_CONTROL_BLOCKED_DRIVER_DATA + PlugPlayControlGetDeviceInterfaceEnabled, // PLUGPLAY_CONTROL_DEVICE_INTERFACE_ENABLED + MaxPlugPlayControl +} PLUGPLAY_CONTROL_CLASS, *PPLUGPLAY_CONTROL_CLASS; + +// pub +typedef enum _DEVICE_RELATION_TYPE +{ + BusRelations, + EjectionRelations, + PowerRelations, + RemovalRelations, + TargetDeviceRelation, + SingleBusRelations, + TransportRelations +} DEVICE_RELATION_TYPE, *PDEVICE_RELATION_TYPE; + +// pub +typedef enum _BUS_QUERY_ID_TYPE +{ + BusQueryDeviceID = 0, // \ + BusQueryHardwareIDs = 1, // Hardware ids + BusQueryCompatibleIDs = 2, // compatible device ids + BusQueryInstanceID = 3, // persistent id for this instance of the device + BusQueryDeviceSerialNumber = 4, // serial number for this device + BusQueryContainerID = 5 // unique id of the device's physical container +} BUS_QUERY_ID_TYPE, *PBUS_QUERY_ID_TYPE; + +// pub +typedef enum _DEVICE_TEXT_TYPE +{ + DeviceTextDescription = 0, // DeviceDesc property + DeviceTextLocationInformation = 1 // DeviceLocation property +} DEVICE_TEXT_TYPE, *PDEVICE_TEXT_TYPE; + +// pub +typedef enum _DEVICE_USAGE_NOTIFICATION_TYPE +{ + DeviceUsageTypeUndefined, + DeviceUsageTypePaging, + DeviceUsageTypeHibernation, + DeviceUsageTypeDumpFile, + DeviceUsageTypeBoot, + DeviceUsageTypePostDisplay, + DeviceUsageTypeGuestAssigned +} DEVICE_USAGE_NOTIFICATION_TYPE, *PDEVICE_USAGE_NOTIFICATION_TYPE; + +#if (PHNT_VERSION < PHNT_WIN8) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtGetPlugPlayEvent( + _In_ HANDLE EventHandle, + _In_opt_ PVOID Context, + _Out_writes_bytes_(EventBufferSize) PPLUGPLAY_EVENT_BLOCK EventBlock, + _In_ ULONG EventBufferSize + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtPlugPlayControl( + _In_ PLUGPLAY_CONTROL_CLASS PnPControlClass, + _Inout_updates_bytes_(PnPControlDataLength) PVOID PnPControlData, + _In_ ULONG PnPControlDataLength + ); + +#if (PHNT_VERSION >= PHNT_WIN7) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSerializeBoot( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtEnableLastKnownGood( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDisableLastKnownGood( + VOID + ); + +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReplacePartitionUnit( + _In_ PUNICODE_STRING TargetInstancePath, + _In_ PUNICODE_STRING SpareInstancePath, + _In_ ULONG Flags + ); +#endif + +#endif diff --git a/deps/phnt-nightly/ntpoapi.h b/deps/phnt-nightly/ntpoapi.h new file mode 100644 index 0000000..302feed --- /dev/null +++ b/deps/phnt-nightly/ntpoapi.h @@ -0,0 +1,791 @@ +/* + * Power Management support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTPOAPI_H +#define _NTPOAPI_H + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +// POWER_INFORMATION_LEVEL +// Note: We don't use an enum for these values to minimize conflicts with the Windows SDK. (dmex) +#define SystemPowerPolicyAc 0 // SYSTEM_POWER_POLICY // GET: InputBuffer NULL. SET: InputBuffer not NULL. +#define SystemPowerPolicyDc 1 // SYSTEM_POWER_POLICY +#define VerifySystemPolicyAc 2 // SYSTEM_POWER_POLICY +#define VerifySystemPolicyDc 3 // SYSTEM_POWER_POLICY +#define SystemPowerCapabilities 4 // SYSTEM_POWER_CAPABILITIES +#define SystemBatteryState 5 // SYSTEM_BATTERY_STATE +#define SystemPowerStateHandler 6 // POWER_STATE_HANDLER // (kernel-mode only) +#define ProcessorStateHandler 7 // PROCESSOR_STATE_HANDLER // (kernel-mode only) +#define SystemPowerPolicyCurrent 8 // SYSTEM_POWER_POLICY +#define AdministratorPowerPolicy 9 // ADMINISTRATOR_POWER_POLICY +#define SystemReserveHiberFile 10 // BOOLEAN // (requires SeCreatePagefilePrivilege) // TRUE: hibernation file created. FALSE: hibernation file deleted. +#define ProcessorInformation 11 // PROCESSOR_POWER_INFORMATION +#define SystemPowerInformation 12 // SYSTEM_POWER_INFORMATION +#define ProcessorStateHandler2 13 // PROCESSOR_STATE_HANDLER2 // not implemented +#define LastWakeTime 14 // ULONGLONG // InterruptTime +#define LastSleepTime 15 // ULONGLONG // InterruptTime +#define SystemExecutionState 16 // EXECUTION_STATE // NtSetThreadExecutionState +#define SystemPowerStateNotifyHandler 17 // POWER_STATE_NOTIFY_HANDLER // (kernel-mode only) +#define ProcessorPowerPolicyAc 18 // PROCESSOR_POWER_POLICY // not implemented +#define ProcessorPowerPolicyDc 19 // PROCESSOR_POWER_POLICY // not implemented +#define VerifyProcessorPowerPolicyAc 20 // PROCESSOR_POWER_POLICY // not implemented +#define VerifyProcessorPowerPolicyDc 21 // PROCESSOR_POWER_POLICY // not implemented +#define ProcessorPowerPolicyCurrent 22 // PROCESSOR_POWER_POLICY // not implemented +#define SystemPowerStateLogging 23 // SYSTEM_POWER_STATE_DISABLE_REASON[] +#define SystemPowerLoggingEntry 24 // SYSTEM_POWER_LOGGING_ENTRY[] // (kernel-mode only) +#define SetPowerSettingValue 25 // (kernel-mode only) +#define NotifyUserPowerSetting 26 // not implemented +#define PowerInformationLevelUnused0 27 // not implemented +#define SystemMonitorHiberBootPowerOff 28 // NULL (PowerMonitorOff) +#define SystemVideoState 29 // MONITOR_DISPLAY_STATE +#define TraceApplicationPowerMessage 30 // (kernel-mode only) +#define TraceApplicationPowerMessageEnd 31 // (kernel-mode only) +#define ProcessorPerfStates 32 // (kernel-mode only) +#define ProcessorIdleStates 33 // PROCESSOR_IDLE_STATES // (kernel-mode only) +#define ProcessorCap 34 // PROCESSOR_CAP // (kernel-mode only) +#define SystemWakeSource 35 // out: POWER_WAKE_SOURCE_INFO +#define SystemHiberFileInformation 36 // out: SYSTEM_HIBERFILE_INFORMATION +#define TraceServicePowerMessage 37 +#define ProcessorLoad 38 // in: PROCESSOR_LOAD (sets), in: PPROCESSOR_NUMBER (clears) +#define PowerShutdownNotification 39 // (kernel-mode only) +#define MonitorCapabilities 40 // (kernel-mode only) +#define SessionPowerInit 41 // (kernel-mode only) +#define SessionDisplayState 42 // (kernel-mode only) +#define PowerRequestCreate 43 // in: COUNTED_REASON_CONTEXT, out: HANDLE +#define PowerRequestAction 44 // in: POWER_REQUEST_ACTION +#define GetPowerRequestList 45 // out: POWER_REQUEST_LIST +#define ProcessorInformationEx 46 // in: USHORT ProcessorGroup, out: PROCESSOR_POWER_INFORMATION +#define NotifyUserModeLegacyPowerEvent 47 // (kernel-mode only) +#define GroupPark 48 // (debug-mode boot only) +#define ProcessorIdleDomains 49 // (kernel-mode only) +#define WakeTimerList 50 // out: WAKE_TIMER_INFO[] +#define SystemHiberFileSize 51 // ULONG +#define ProcessorIdleStatesHv 52 // (kernel-mode only) +#define ProcessorPerfStatesHv 53 // (kernel-mode only) +#define ProcessorPerfCapHv 54 // PROCESSOR_PERF_CAP_HV // (kernel-mode only) +#define ProcessorSetIdle 55 // (debug-mode boot only) +#define LogicalProcessorIdling 56 // (kernel-mode only) +#define UserPresence 57 // POWER_USER_PRESENCE // not implemented +#define PowerSettingNotificationName 58 +#define GetPowerSettingValue 59 // GUID +#define IdleResiliency 60 // POWER_IDLE_RESILIENCY +#define SessionRITState 61 // POWER_SESSION_RIT_STATE +#define SessionConnectNotification 62 // POWER_SESSION_WINLOGON +#define SessionPowerCleanup 63 +#define SessionLockState 64 // POWER_SESSION_WINLOGON +#define SystemHiberbootState 65 // BOOLEAN // fast startup supported +#define PlatformInformation 66 // BOOLEAN // connected standby supported +#define PdcInvocation 67 // (kernel-mode only) +#define MonitorInvocation 68 // (kernel-mode only) +#define FirmwareTableInformationRegistered 69 // (kernel-mode only) +#define SetShutdownSelectedTime 70 // NULL +#define SuspendResumeInvocation 71 // (kernel-mode only) +#define PlmPowerRequestCreate 72 // in: COUNTED_REASON_CONTEXT, out: HANDLE +#define ScreenOff 73 // NULL (PowerMonitorOff) +#define CsDeviceNotification 74 // (kernel-mode only) +#define PlatformRole 75 // POWER_PLATFORM_ROLE +#define LastResumePerformance 76 // RESUME_PERFORMANCE +#define DisplayBurst 77 // NULL (PowerMonitorOn) +#define ExitLatencySamplingPercentage 78 +#define RegisterSpmPowerSettings 79 // (kernel-mode only) +#define PlatformIdleStates 80 // (kernel-mode only) +#define ProcessorIdleVeto 81 // (kernel-mode only) // deprecated +#define PlatformIdleVeto 82 // (kernel-mode only) // deprecated +#define SystemBatteryStatePrecise 83 // SYSTEM_BATTERY_STATE +#define ThermalEvent 84 // THERMAL_EVENT // PowerReportThermalEvent +#define PowerRequestActionInternal 85 // POWER_REQUEST_ACTION_INTERNAL +#define BatteryDeviceState 86 +#define PowerInformationInternal 87 // POWER_INFORMATION_LEVEL_INTERNAL // PopPowerInformationInternal +#define ThermalStandby 88 // NULL // shutdown with thermal standby as reason. +#define SystemHiberFileType 89 // ULONG // zero ? reduced : full // powercfg.exe /h /type +#define PhysicalPowerButtonPress 90 // BOOLEAN +#define QueryPotentialDripsConstraint 91 // (kernel-mode only) +#define EnergyTrackerCreate 92 +#define EnergyTrackerQuery 93 +#define UpdateBlackBoxRecorder 94 +#define SessionAllowExternalDmaDevices 95 +#define SendSuspendResumeNotification 96 // since WIN11 +#define BlackBoxRecorderDirectAccessBuffer 97 +#define PowerInformationLevelMaximum 98 +#endif + +typedef struct _PROCESSOR_POWER_INFORMATION +{ + ULONG Number; + ULONG MaxMhz; + ULONG CurrentMhz; + ULONG MhzLimit; + ULONG MaxIdleState; + ULONG CurrentIdleState; +} PROCESSOR_POWER_INFORMATION, *PPROCESSOR_POWER_INFORMATION; + +typedef struct _SYSTEM_POWER_INFORMATION +{ + ULONG MaxIdlenessAllowed; + ULONG Idleness; + ULONG TimeRemaining; + UCHAR CoolingMode; +} SYSTEM_POWER_INFORMATION, *PSYSTEM_POWER_INFORMATION; + +typedef struct _SYSTEM_HIBERFILE_INFORMATION +{ + ULONG NumberOfMcbPairs; + LARGE_INTEGER Mcb[1]; +} SYSTEM_HIBERFILE_INFORMATION, *PSYSTEM_HIBERFILE_INFORMATION; + +#define POWER_REQUEST_CONTEXT_NOT_SPECIFIED DIAGNOSTIC_REASON_NOT_SPECIFIED + +// wdm +typedef struct _COUNTED_REASON_CONTEXT +{ + ULONG Version; + ULONG Flags; + union + { + struct + { + UNICODE_STRING ResourceFileName; + USHORT ResourceReasonId; + ULONG StringCount; + _Field_size_(StringCount) PUNICODE_STRING ReasonStrings; + }; + UNICODE_STRING SimpleString; + }; +} COUNTED_REASON_CONTEXT, *PCOUNTED_REASON_CONTEXT; + +typedef enum _POWER_REQUEST_TYPE_INTERNAL // POWER_REQUEST_TYPE +{ + PowerRequestDisplayRequiredInternal, + PowerRequestSystemRequiredInternal, + PowerRequestAwayModeRequiredInternal, + PowerRequestExecutionRequiredInternal, // Windows 8+ + PowerRequestPerfBoostRequiredInternal, // Windows 8+ + PowerRequestActiveLockScreenInternal, // Windows 10 RS1+ (reserved on Windows 8) + // Values 6 and 7 are reserved for Windows 8 only + PowerRequestInternalInvalid, + PowerRequestInternalUnknown, + PowerRequestFullScreenVideoRequired // Windows 8 only +} POWER_REQUEST_TYPE_INTERNAL; + +typedef struct _POWER_REQUEST_ACTION +{ + HANDLE PowerRequestHandle; + POWER_REQUEST_TYPE_INTERNAL RequestType; + BOOLEAN SetAction; + HANDLE ProcessHandle; // Windows 8+ and only for requests created via PlmPowerRequestCreate +} POWER_REQUEST_ACTION, *PPOWER_REQUEST_ACTION; + +typedef union _POWER_STATE +{ + SYSTEM_POWER_STATE SystemState; + DEVICE_POWER_STATE DeviceState; +} POWER_STATE, *PPOWER_STATE; + +typedef enum _POWER_STATE_TYPE +{ + SystemPowerState = 0, + DevicePowerState +} POWER_STATE_TYPE, *PPOWER_STATE_TYPE; + +// wdm +typedef struct _SYSTEM_POWER_STATE_CONTEXT +{ + union + { + struct + { + ULONG Reserved1 : 8; + ULONG TargetSystemState : 4; + ULONG EffectiveSystemState : 4; + ULONG CurrentSystemState : 4; + ULONG IgnoreHibernationPath : 1; + ULONG PseudoTransition : 1; + ULONG KernelSoftReboot : 1; + ULONG DirectedDripsTransition : 1; + ULONG Reserved2 : 8; + }; + ULONG ContextAsUlong; + }; +} SYSTEM_POWER_STATE_CONTEXT, *PSYSTEM_POWER_STATE_CONTEXT; + +typedef enum _REQUESTER_TYPE +{ + KernelRequester = 0, + UserProcessRequester = 1, + UserSharedServiceRequester = 2 +} REQUESTER_TYPE; + +typedef struct _COUNTED_REASON_CONTEXT_RELATIVE +{ + ULONG Flags; + union + { + struct + { + SIZE_T ResourceFileNameOffset; + USHORT ResourceReasonId; + ULONG StringCount; + SIZE_T SubstitutionStringsOffset; + } DUMMYSTRUCTNAME; + SIZE_T SimpleStringOffset; + } DUMMYUNIONNAME; +} COUNTED_REASON_CONTEXT_RELATIVE, *PCOUNTED_REASON_CONTEXT_RELATIVE; + +typedef struct _DIAGNOSTIC_BUFFER +{ + SIZE_T Size; + REQUESTER_TYPE CallerType; + union + { + struct + { + SIZE_T ProcessImageNameOffset; // PWSTR + ULONG ProcessId; + ULONG ServiceTag; + } DUMMYSTRUCTNAME; + struct + { + SIZE_T DeviceDescriptionOffset; // PWSTR + SIZE_T DevicePathOffset; // PWSTR + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME; + SIZE_T ReasonOffset; // PCOUNTED_REASON_CONTEXT_RELATIVE +} DIAGNOSTIC_BUFFER, *PDIAGNOSTIC_BUFFER; + +typedef struct _WAKE_TIMER_INFO +{ + SIZE_T OffsetToNext; + ULARGE_INTEGER DueTime; + ULONG Period; + DIAGNOSTIC_BUFFER ReasonContext; +} WAKE_TIMER_INFO, * PWAKE_TIMER_INFO; + +// rev +typedef struct _PROCESSOR_PERF_CAP_HV +{ + ULONG Version; + ULONG InitialApicId; + ULONG Ppc; + ULONG Tpc; + ULONG ThermalCap; +} PROCESSOR_PERF_CAP_HV, *PPROCESSOR_PERF_CAP_HV; + +typedef struct PROCESSOR_IDLE_TIMES +{ + ULONG64 StartTime; + ULONG64 EndTime; + ULONG Reserved[4]; +} PROCESSOR_IDLE_TIMES, *PPROCESSOR_IDLE_TIMES; + +_Function_class_(PROCESSOR_IDLE_HANDLER) +typedef NTSTATUS (FASTCALL PROCESSOR_IDLE_HANDLER)( + _In_ ULONG_PTR Context, + _Inout_ PPROCESSOR_IDLE_TIMES IdleTimes + ); + +typedef PROCESSOR_IDLE_HANDLER *PPROCESSOR_IDLE_HANDLER; + +#define PROCESSOR_STATE_TYPE_PERFORMANCE 0x1 +#define PROCESSOR_STATE_TYPE_THROTTLE 0x2 + +#define IDLE_STATE_FLAGS_C1_HLT 0x01 // describes C1 only +#define IDLE_STATE_FLAGS_C1_IO_HLT 0x02 // describes C1 only +#define IDLE_STATE_FLAGS_IO 0x04 // describes C2 and C3 only +#define IDLE_STATE_FLAGS_MWAIT 0x08 // describes C1, C2, C3, C4, ... + +typedef struct _PROCESSOR_IDLE_STATE +{ + UCHAR StateType; + ULONG StateFlags; + ULONG HardwareLatency; + ULONG Power; + ULONG_PTR Context; + PPROCESSOR_IDLE_HANDLER Handler; +} PROCESSOR_IDLE_STATE, *PPROCESSOR_IDLE_STATE; + +typedef struct _PROCESSOR_IDLE_STATES +{ + ULONG Size; + ULONG Revision; + ULONG Count; + ULONG Type; + KAFFINITY TargetProcessors; + PROCESSOR_IDLE_STATE State[ANYSIZE_ARRAY]; +} PROCESSOR_IDLE_STATES, *PPROCESSOR_IDLE_STATES; + +// rev +typedef struct _PROCESSOR_LOAD +{ + PROCESSOR_NUMBER ProcessorNumber; + UCHAR BusyPercentage; + UCHAR FrequencyPercentage; + USHORT Padding; +} PROCESSOR_LOAD, *PPROCESSOR_LOAD; + +// rev +typedef struct _PROCESSOR_CAP +{ + ULONG Version; + PROCESSOR_NUMBER ProcessorNumber; + ULONG PlatformCap; + ULONG ThermalCap; + ULONG LimitReasons; +} PROCESSOR_CAP, *PPROCESSOR_CAP; + +typedef struct _PO_WAKE_SOURCE_INFO +{ + ULONG Count; + ULONG Offsets[ANYSIZE_ARRAY]; // POWER_WAKE_SOURCE_HEADER, POWER_WAKE_SOURCE_INTERNAL, POWER_WAKE_SOURCE_TIMER, POWER_WAKE_SOURCE_FIXED +} PO_WAKE_SOURCE_INFO, *PPO_WAKE_SOURCE_INFO; + +typedef struct _PO_WAKE_SOURCE_HISTORY +{ + ULONG Count; + ULONG Offsets[ANYSIZE_ARRAY]; // POWER_WAKE_SOURCE_HEADER, POWER_WAKE_SOURCE_INTERNAL, POWER_WAKE_SOURCE_TIMER, POWER_WAKE_SOURCE_FIXED +} PO_WAKE_SOURCE_HISTORY, *PPO_WAKE_SOURCE_HISTORY; + +typedef enum _PO_WAKE_SOURCE_TYPE +{ + DeviceWakeSourceType = 0, + FixedWakeSourceType = 1, + TimerWakeSourceType = 2, + TimerPresumedWakeSourceType = 3, + InternalWakeSourceType = 4 +} PO_WAKE_SOURCE_TYPE, *PPO_WAKE_SOURCE_TYPE; + +typedef enum _PO_INTERNAL_WAKE_SOURCE_TYPE +{ + InternalWakeSourceDozeToHibernate = 0, + InternalWakeSourcePredictedUserPresence = 1 +} PO_INTERNAL_WAKE_SOURCE_TYPE; + +typedef enum _PO_FIXED_WAKE_SOURCE_TYPE +{ + FixedWakeSourcePowerButton = 0, + FixedWakeSourceSleepButton = 1, + FixedWakeSourceRtc = 2, + FixedWakeSourceDozeToHibernate = 3 +} PO_FIXED_WAKE_SOURCE_TYPE, *PPO_FIXED_WAKE_SOURCE_TYPE; + +typedef struct _PO_WAKE_SOURCE_HEADER +{ + PO_WAKE_SOURCE_TYPE Type; + ULONG Size; +} PO_WAKE_SOURCE_HEADER, *PPO_WAKE_SOURCE_HEADER; + +typedef struct _PO_WAKE_SOURCE_DEVICE +{ + PO_WAKE_SOURCE_HEADER Header; + WCHAR InstancePath[ANYSIZE_ARRAY]; +} PO_WAKE_SOURCE_DEVICE, *PPO_WAKE_SOURCE_DEVICE; + +typedef struct _PO_WAKE_SOURCE_FIXED +{ + PO_WAKE_SOURCE_HEADER Header; + PO_FIXED_WAKE_SOURCE_TYPE FixedWakeSourceType; +} PO_WAKE_SOURCE_FIXED, *PPO_WAKE_SOURCE_FIXED; + +typedef struct _PO_WAKE_SOURCE_INTERNAL +{ + PO_WAKE_SOURCE_HEADER Header; + PO_INTERNAL_WAKE_SOURCE_TYPE InternalWakeSourceType; +} PO_WAKE_SOURCE_INTERNAL, *PPO_WAKE_SOURCE_INTERNAL; + +typedef struct _PO_WAKE_SOURCE_TIMER +{ + PO_WAKE_SOURCE_HEADER Header; + DIAGNOSTIC_BUFFER Reason; +} PO_WAKE_SOURCE_TIMER, *PPO_WAKE_SOURCE_TIMER; + +// The number of supported request types per version +#define POWER_REQUEST_SUPPORTED_TYPES_V1 3 // Windows 7 +#define POWER_REQUEST_SUPPORTED_TYPES_V2 9 // Windows 8 +#define POWER_REQUEST_SUPPORTED_TYPES_V3 5 // Windows 8.1 and Windows 10 TH1-TH2 +#define POWER_REQUEST_SUPPORTED_TYPES_V4 6 // Windows 10 RS1+ + +typedef struct _POWER_REQUEST +{ + union + { + struct + { + ULONG SupportedRequestMask; + ULONG PowerRequestCount[POWER_REQUEST_SUPPORTED_TYPES_V1]; + DIAGNOSTIC_BUFFER DiagnosticBuffer; + } V1; +#if (PHNT_VERSION >= PHNT_WIN8) + struct + { + ULONG SupportedRequestMask; + ULONG PowerRequestCount[POWER_REQUEST_SUPPORTED_TYPES_V2]; + DIAGNOSTIC_BUFFER DiagnosticBuffer; + } V2; +#endif +#if (PHNT_VERSION >= PHNT_WINBLUE) + struct + { + ULONG SupportedRequestMask; + ULONG PowerRequestCount[POWER_REQUEST_SUPPORTED_TYPES_V3]; + DIAGNOSTIC_BUFFER DiagnosticBuffer; + } V3; +#endif +#if (PHNT_VERSION >= PHNT_REDSTONE) + struct + { + ULONG SupportedRequestMask; + ULONG PowerRequestCount[POWER_REQUEST_SUPPORTED_TYPES_V4]; + DIAGNOSTIC_BUFFER DiagnosticBuffer; + } V4; +#endif + }; +} POWER_REQUEST, *PPOWER_REQUEST; + +typedef struct _POWER_REQUEST_LIST +{ + ULONG_PTR Count; + ULONG_PTR PowerRequestOffsets[ANYSIZE_ARRAY]; // PPOWER_REQUEST +} POWER_REQUEST_LIST, *PPOWER_REQUEST_LIST; + +typedef enum _POWER_STATE_HANDLER_TYPE +{ + PowerStateSleeping1 = 0, + PowerStateSleeping2 = 1, + PowerStateSleeping3 = 2, + PowerStateSleeping4 = 3, + PowerStateShutdownOff = 4, + PowerStateShutdownReset = 5, + PowerStateSleeping4Firmware = 6, + PowerStateMaximum = 7 +} POWER_STATE_HANDLER_TYPE, *PPOWER_STATE_HANDLER_TYPE; + +typedef NTSTATUS (NTAPI *PENTER_STATE_SYSTEM_HANDLER)( + _In_ PVOID SystemContext + ); + +typedef NTSTATUS (NTAPI *PENTER_STATE_HANDLER)( + _In_ PVOID Context, + _In_opt_ PENTER_STATE_SYSTEM_HANDLER SystemHandler, + _In_ PVOID SystemContext, + _In_ LONG NumberProcessors, + _In_ LONG volatile *Number + ); + +typedef struct _POWER_STATE_HANDLER +{ + POWER_STATE_HANDLER_TYPE Type; + BOOLEAN RtcWake; + UCHAR Spare[3]; + PENTER_STATE_HANDLER Handler; + PVOID Context; +} POWER_STATE_HANDLER, *PPOWER_STATE_HANDLER; + +typedef NTSTATUS (NTAPI *PENTER_STATE_NOTIFY_HANDLER)( + _In_ POWER_STATE_HANDLER_TYPE State, + _In_ PVOID Context, + _In_ BOOLEAN Entering + ); + +typedef struct _POWER_STATE_NOTIFY_HANDLER +{ + PENTER_STATE_NOTIFY_HANDLER Handler; + PVOID Context; +} POWER_STATE_NOTIFY_HANDLER, *PPOWER_STATE_NOTIFY_HANDLER; + +typedef struct _POWER_REQUEST_ACTION_INTERNAL +{ + PVOID PowerRequestPointer; + POWER_REQUEST_TYPE_INTERNAL RequestType; + BOOLEAN SetAction; +} POWER_REQUEST_ACTION_INTERNAL, *PPOWER_REQUEST_ACTION_INTERNAL; + +typedef enum _POWER_INFORMATION_LEVEL_INTERNAL +{ + PowerInternalAcpiInterfaceRegister, + PowerInternalS0LowPowerIdleInfo, // POWER_S0_LOW_POWER_IDLE_INFO + PowerInternalReapplyBrightnessSettings, + PowerInternalUserAbsencePrediction, // POWER_USER_ABSENCE_PREDICTION + PowerInternalUserAbsencePredictionCapability, // POWER_USER_ABSENCE_PREDICTION_CAPABILITY + PowerInternalPoProcessorLatencyHint, // POWER_PROCESSOR_LATENCY_HINT + PowerInternalStandbyNetworkRequest, // POWER_STANDBY_NETWORK_REQUEST (requires PopNetBIServiceSid) + PowerInternalDirtyTransitionInformation, // out: BOOLEAN + PowerInternalSetBackgroundTaskState, // POWER_SET_BACKGROUND_TASK_STATE + PowerInternalTtmOpenTerminal, + PowerInternalTtmCreateTerminal, // 10 + PowerInternalTtmEvacuateDevices, + PowerInternalTtmCreateTerminalEventQueue, + PowerInternalTtmGetTerminalEvent, + PowerInternalTtmSetDefaultDeviceAssignment, + PowerInternalTtmAssignDevice, + PowerInternalTtmSetDisplayState, + PowerInternalTtmSetDisplayTimeouts, + PowerInternalBootSessionStandbyActivationInformation, // out: POWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO + PowerInternalSessionPowerState, // in: POWER_SESSION_POWER_STATE + PowerInternalSessionTerminalInput, // 20 + PowerInternalSetWatchdog, + PowerInternalPhysicalPowerButtonPressInfoAtBoot, + PowerInternalExternalMonitorConnected, + PowerInternalHighPrecisionBrightnessSettings, + PowerInternalWinrtScreenToggle, + PowerInternalPpmQosDisable, + PowerInternalTransitionCheckpoint, + PowerInternalInputControllerState, + PowerInternalFirmwareResetReason, + PowerInternalPpmSchedulerQosSupport, // out: POWER_INTERNAL_PROCESSOR_QOS_SUPPORT // 30 + PowerInternalBootStatGet, + PowerInternalBootStatSet, + PowerInternalCallHasNotReturnedWatchdog, + PowerInternalBootStatCheckIntegrity, + PowerInternalBootStatRestoreDefaults, // in: void + PowerInternalHostEsStateUpdate, // in: POWER_INTERNAL_HOST_ENERGY_SAVER_STATE + PowerInternalGetPowerActionState, // out: ULONG + PowerInternalBootStatUnlock, + PowerInternalWakeOnVoiceState, + PowerInternalDeepSleepBlock, // 40 + PowerInternalIsPoFxDevice, + PowerInternalPowerTransitionExtensionAtBoot, + PowerInternalProcessorBrandedFrequency, // in: POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT, out: POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_OUTPUT + PowerInternalTimeBrokerExpirationReason, + PowerInternalNotifyUserShutdownStatus, + PowerInternalPowerRequestTerminalCoreWindow, + PowerInternalProcessorIdleVeto, + PowerInternalPlatformIdleVeto, + PowerInternalIsLongPowerButtonBugcheckEnabled, + PowerInternalAutoChkCausedReboot, // 50 + PowerInternalSetWakeAlarmOverride, + + PowerInternalDirectedFxAddTestDevice = 53, + PowerInternalDirectedFxRemoveTestDevice, + + PowerInternalDirectedFxSetMode = 56, + PowerInternalRegisterPowerPlane, + PowerInternalSetDirectedDripsFlags, + PowerInternalClearDirectedDripsFlags, + PowerInternalRetrieveHiberFileResumeContext, // 60 + PowerInternalReadHiberFilePage, + PowerInternalLastBootSucceeded, // out: BOOLEAN + PowerInternalQuerySleepStudyHelperRoutineBlock, + PowerInternalDirectedDripsQueryCapabilities, + PowerInternalClearConstraints, + PowerInternalSoftParkVelocityEnabled, + PowerInternalQueryIntelPepCapabilities, + PowerInternalGetSystemIdleLoopEnablement, // since WIN11 + PowerInternalGetVmPerfControlSupport, + PowerInternalGetVmPerfControlConfig, // 70 + PowerInternalSleepDetailedDiagUpdate, + PowerInternalProcessorClassFrequencyBandsStats, + PowerInternalHostGlobalUserPresenceStateUpdate, + PowerInternalCpuNodeIdleIntervalStats, + PowerInternalClassIdleIntervalStats, + PowerInternalCpuNodeConcurrencyStats, + PowerInternalClassConcurrencyStats, + PowerInternalQueryProcMeasurementCapabilities, + PowerInternalQueryProcMeasurementValues, + PowerInternalPrepareForSystemInitiatedReboot, // 80 + PowerInternalGetAdaptiveSessionState, + PowerInternalSetConsoleLockedState, + PowerInternalOverrideSystemInitiatedRebootState, + PowerInternalFanImpactStats, + PowerInternalFanRpmBuckets, + PowerInternalPowerBootAppDiagInfo, // out: POWER_INTERNAL_BOOTAPP_DIAGNOSTIC + PowerInternalUnregisterShutdownNotification, // since 22H1 + PowerInternalManageTransitionStateRecord, + PowerInternalGetAcpiTimeAndAlarmCapabilities, // since 22H2 + PowerInternalSuspendResumeRequest, + PowerInternalEnergyEstimationInfo, // since 23H2 + PowerInformationInternalMaximum +} POWER_INFORMATION_LEVEL_INTERNAL; + +typedef enum _POWER_S0_DISCONNECTED_REASON +{ + PoS0DisconnectedReasonNone, + PoS0DisconnectedReasonNonCompliantNic, + PoS0DisconnectedReasonSettingPolicy, + PoS0DisconnectedReasonEnforceDsPolicy, + PoS0DisconnectedReasonCsChecksFailed, + PoS0DisconnectedReasonSmartStandby, + PoS0DisconnectedReasonMaximum +} POWER_S0_DISCONNECTED_REASON; + +typedef struct _POWER_S0_LOW_POWER_IDLE_INFO +{ + POWER_S0_DISCONNECTED_REASON DisconnectedReason; + union + { + BOOLEAN Storage : 1; + BOOLEAN WiFi : 1; + BOOLEAN Mbn : 1; + BOOLEAN Ethernet : 1; + BOOLEAN Reserved : 4; + UCHAR AsUCHAR; + } CsDeviceCompliance; + union + { + BOOLEAN DisconnectInStandby : 1; + BOOLEAN EnforceDs : 1; + BOOLEAN Reserved : 6; + UCHAR AsUCHAR; + } Policy; +} POWER_S0_LOW_POWER_IDLE_INFO, *PPOWER_S0_LOW_POWER_IDLE_INFO; + +typedef struct _POWER_INFORMATION_INTERNAL_HEADER +{ + POWER_INFORMATION_LEVEL_INTERNAL InternalType; + ULONG Version; +} POWER_INFORMATION_INTERNAL_HEADER, *PPOWER_INFORMATION_INTERNAL_HEADER; + +typedef struct _POWER_USER_ABSENCE_PREDICTION +{ + POWER_INFORMATION_INTERNAL_HEADER Header; + LARGE_INTEGER ReturnTime; +} POWER_USER_ABSENCE_PREDICTION, *PPOWER_USER_ABSENCE_PREDICTION; + +typedef struct _POWER_USER_ABSENCE_PREDICTION_CAPABILITY +{ + BOOLEAN AbsencePredictionCapability; +} POWER_USER_ABSENCE_PREDICTION_CAPABILITY, *PPOWER_USER_ABSENCE_PREDICTION_CAPABILITY; + +// rev +typedef struct _POWER_PROCESSOR_LATENCY_HINT +{ + POWER_INFORMATION_INTERNAL_HEADER PowerInformationInternalHeader; + ULONG Type; +} POWER_PROCESSOR_LATENCY_HINT, *PPO_PROCESSOR_LATENCY_HINT; + +// rev +typedef struct _POWER_STANDBY_NETWORK_REQUEST +{ + POWER_INFORMATION_INTERNAL_HEADER PowerInformationInternalHeader; + BOOLEAN Active; +} POWER_STANDBY_NETWORK_REQUEST, *PPOWER_STANDBY_NETWORK_REQUEST; + +// rev +typedef struct _POWER_SET_BACKGROUND_TASK_STATE +{ + POWER_INFORMATION_INTERNAL_HEADER PowerInformationInternalHeader; + BOOLEAN Engaged; +} POWER_SET_BACKGROUND_TASK_STATE, *PPOWER_SET_BACKGROUND_TASK_STATE; + +// rev +typedef struct _POWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO +{ + ULONG StandbyTotalTime; + ULONG DripsTotalTime; + ULONG ActivatorClientTotalActiveTime; + ULONG PerActivatorClientTotalActiveTime[98]; +} POWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO, *PPOWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO; + +// rev +typedef struct _POWER_SESSION_POWER_STATE +{ + POWER_INFORMATION_INTERNAL_HEADER Header; + ULONG SessionId; + BOOLEAN On; + BOOLEAN IsConsole; + POWER_MONITOR_REQUEST_REASON RequestReason; +} POWER_SESSION_POWER_STATE, *PPOWER_SESSION_POWER_STATE; + +// rev +typedef struct _POWER_INTERNAL_PROCESSOR_QOS_SUPPORT +{ + BOOLEAN QosSupportedAndConfigured; + BOOLEAN SchedulerDirectedPerfStatesSupported; + BOOLEAN QosGroupPolicyDisable; +} POWER_INTERNAL_PROCESSOR_QOS_SUPPORT, *PPOWER_INTERNAL_PROCESSOR_QOS_SUPPORT; + +// rev +typedef struct _POWER_INTERNAL_HOST_ENERGY_SAVER_STATE +{ + POWER_INFORMATION_INTERNAL_HEADER Header; + BOOLEAN EsEnabledOnHost; +} POWER_INTERNAL_HOST_ENERGY_SAVER_STATE, *PPOWER_INTERNAL_HOST_ENERGY_SAVER_STATE; + +// rev +typedef struct _POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT +{ + POWER_INFORMATION_LEVEL_INTERNAL InternalType; + PROCESSOR_NUMBER ProcessorNumber; // ULONG_MAX +} POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT, *PPOWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT; + +// rev +typedef struct _POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_OUTPUT +{ + ULONG Version; + ULONG NominalFrequency; // if (Domain) Prcb->PowerState.CheckContext.Domain.NominalFrequency else Prcb->MHz +} POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_OUTPUT, *PPOWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_OUTPUT; + +// rev +typedef struct _POWER_INTERNAL_BOOTAPP_DIAGNOSTIC +{ + ULONG BootAppErrorDiagCode; // bcdedit last status + ULONG BootAppFailureStatus; // bcdedit last status +} POWER_INTERNAL_BOOTAPP_DIAGNOSTIC, *PPOWER_INTERNAL_BOOTAPP_DIAGNOSTIC; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtPowerInformation( + _In_ POWER_INFORMATION_LEVEL InformationLevel, + _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, + _In_ ULONG InputBufferLength, + _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, + _In_ ULONG OutputBufferLength + ); + +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetThreadExecutionState( + _In_ EXECUTION_STATE NewFlags, // ES_* flags + _Out_ EXECUTION_STATE *PreviousFlags + ); + +#if (PHNT_VERSION < PHNT_WIN7) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRequestWakeupLatency( + _In_ LATENCY_TIME latency + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtInitiatePowerAction( + _In_ POWER_ACTION SystemAction, + _In_ SYSTEM_POWER_STATE LightestSystemState, + _In_ ULONG Flags, // POWER_ACTION_* flags + _In_ BOOLEAN Asynchronous + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetSystemPowerState( + _In_ POWER_ACTION SystemAction, + _In_ SYSTEM_POWER_STATE LightestSystemState, + _In_ ULONG Flags // POWER_ACTION_* flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtGetDevicePowerState( + _In_ HANDLE Device, + _Out_ PDEVICE_POWER_STATE State + ); + +NTSYSCALLAPI +BOOLEAN +NTAPI +NtIsSystemResumeAutomatic( + VOID + ); + +#endif diff --git a/deps/phnt-nightly/ntpsapi.h b/deps/phnt-nightly/ntpsapi.h new file mode 100644 index 0000000..98418f9 --- /dev/null +++ b/deps/phnt-nightly/ntpsapi.h @@ -0,0 +1,2723 @@ +/* + * Process support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTPSAPI_H +#define _NTPSAPI_H + +#if (PHNT_MODE == PHNT_MODE_KERNEL) +#define PROCESS_TERMINATE 0x0001 +#define PROCESS_CREATE_THREAD 0x0002 +#define PROCESS_SET_SESSIONID 0x0004 +#define PROCESS_VM_OPERATION 0x0008 +#define PROCESS_VM_READ 0x0010 +#define PROCESS_VM_WRITE 0x0020 +//#define PROCESS_DUP_HANDLE 0x0040 +#define PROCESS_CREATE_PROCESS 0x0080 +#define PROCESS_SET_QUOTA 0x0100 +#define PROCESS_SET_INFORMATION 0x0200 +#define PROCESS_QUERY_INFORMATION 0x0400 +#define PROCESS_SET_PORT 0x0800 +#define PROCESS_SUSPEND_RESUME 0x0800 +#define PROCESS_QUERY_LIMITED_INFORMATION 0x1000 +#else +#ifndef PROCESS_SET_PORT +#define PROCESS_SET_PORT 0x0800 +#endif +#endif + +#if (PHNT_MODE == PHNT_MODE_KERNEL) +#define THREAD_QUERY_INFORMATION 0x0040 +#define THREAD_SET_THREAD_TOKEN 0x0080 +#define THREAD_IMPERSONATE 0x0100 +#define THREAD_DIRECT_IMPERSONATION 0x0200 +#else +#ifndef THREAD_ALERT +#define THREAD_ALERT 0x0004 +#endif +#endif + +#if (PHNT_MODE == PHNT_MODE_KERNEL) +#define JOB_OBJECT_ASSIGN_PROCESS 0x0001 +#define JOB_OBJECT_SET_ATTRIBUTES 0x0002 +#define JOB_OBJECT_QUERY 0x0004 +#define JOB_OBJECT_TERMINATE 0x0008 +#define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x0010 +#define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3F) +//#define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1f) // pre-Vista full access +#endif + +#define GDI_HANDLE_BUFFER_SIZE32 34 +#define GDI_HANDLE_BUFFER_SIZE64 60 + +#ifndef _WIN64 +#define GDI_HANDLE_BUFFER_SIZE GDI_HANDLE_BUFFER_SIZE32 +#else +#define GDI_HANDLE_BUFFER_SIZE GDI_HANDLE_BUFFER_SIZE64 +#endif + +typedef ULONG GDI_HANDLE_BUFFER[GDI_HANDLE_BUFFER_SIZE]; + +typedef ULONG GDI_HANDLE_BUFFER32[GDI_HANDLE_BUFFER_SIZE32]; +typedef ULONG GDI_HANDLE_BUFFER64[GDI_HANDLE_BUFFER_SIZE64]; + +#ifndef FLS_MAXIMUM_AVAILABLE +#define FLS_MAXIMUM_AVAILABLE 128 +#endif +#ifndef TLS_MINIMUM_AVAILABLE +#define TLS_MINIMUM_AVAILABLE 64 +#endif +#ifndef TLS_EXPANSION_SLOTS +#define TLS_EXPANSION_SLOTS 1024 +#endif + +// symbols +typedef struct _PEB_LDR_DATA +{ + ULONG Length; + BOOLEAN Initialized; + HANDLE SsHandle; + LIST_ENTRY InLoadOrderModuleList; + LIST_ENTRY InMemoryOrderModuleList; + LIST_ENTRY InInitializationOrderModuleList; + PVOID EntryInProgress; + BOOLEAN ShutdownInProgress; + HANDLE ShutdownThreadId; +} PEB_LDR_DATA, *PPEB_LDR_DATA; + +typedef struct _INITIAL_TEB +{ + struct + { + PVOID OldStackBase; + PVOID OldStackLimit; + } OldInitialTeb; + PVOID StackBase; + PVOID StackLimit; + PVOID StackAllocationBase; +} INITIAL_TEB, *PINITIAL_TEB; + +typedef struct _WOW64_PROCESS +{ + PVOID Wow64; +} WOW64_PROCESS, *PWOW64_PROCESS; + +#include + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +typedef enum _PROCESSINFOCLASS +{ + ProcessBasicInformation, // q: PROCESS_BASIC_INFORMATION, PROCESS_EXTENDED_BASIC_INFORMATION + ProcessQuotaLimits, // qs: QUOTA_LIMITS, QUOTA_LIMITS_EX + ProcessIoCounters, // q: IO_COUNTERS + ProcessVmCounters, // q: VM_COUNTERS, VM_COUNTERS_EX, VM_COUNTERS_EX2 + ProcessTimes, // q: KERNEL_USER_TIMES + ProcessBasePriority, // s: KPRIORITY + ProcessRaisePriority, // s: ULONG + ProcessDebugPort, // q: HANDLE + ProcessExceptionPort, // s: PROCESS_EXCEPTION_PORT (requires SeTcbPrivilege) + ProcessAccessToken, // s: PROCESS_ACCESS_TOKEN + ProcessLdtInformation, // qs: PROCESS_LDT_INFORMATION // 10 + ProcessLdtSize, // s: PROCESS_LDT_SIZE + ProcessDefaultHardErrorMode, // qs: ULONG + ProcessIoPortHandlers, // (kernel-mode only) // s: PROCESS_IO_PORT_HANDLER_INFORMATION + ProcessPooledUsageAndLimits, // q: POOLED_USAGE_AND_LIMITS + ProcessWorkingSetWatch, // q: PROCESS_WS_WATCH_INFORMATION[]; s: void + ProcessUserModeIOPL, // qs: ULONG (requires SeTcbPrivilege) + ProcessEnableAlignmentFaultFixup, // s: BOOLEAN + ProcessPriorityClass, // qs: PROCESS_PRIORITY_CLASS + ProcessWx86Information, // qs: ULONG (requires SeTcbPrivilege) (VdmAllowed) + ProcessHandleCount, // q: ULONG, PROCESS_HANDLE_INFORMATION // 20 + ProcessAffinityMask, // (q >WIN7)s: KAFFINITY, qs: GROUP_AFFINITY + ProcessPriorityBoost, // qs: ULONG + ProcessDeviceMap, // qs: PROCESS_DEVICEMAP_INFORMATION, PROCESS_DEVICEMAP_INFORMATION_EX + ProcessSessionInformation, // q: PROCESS_SESSION_INFORMATION + ProcessForegroundInformation, // s: PROCESS_FOREGROUND_BACKGROUND + ProcessWow64Information, // q: ULONG_PTR + ProcessImageFileName, // q: UNICODE_STRING + ProcessLUIDDeviceMapsEnabled, // q: ULONG + ProcessBreakOnTermination, // qs: ULONG + ProcessDebugObjectHandle, // q: HANDLE // 30 + ProcessDebugFlags, // qs: ULONG + ProcessHandleTracing, // q: PROCESS_HANDLE_TRACING_QUERY; s: PROCESS_HANDLE_TRACING_ENABLE[_EX] or void to disable + ProcessIoPriority, // qs: IO_PRIORITY_HINT + ProcessExecuteFlags, // qs: ULONG (MEM_EXECUTE_OPTION_*) + ProcessTlsInformation, // PROCESS_TLS_INFORMATION // ProcessResourceManagement + ProcessCookie, // q: ULONG + ProcessImageInformation, // q: SECTION_IMAGE_INFORMATION + ProcessCycleTime, // q: PROCESS_CYCLE_TIME_INFORMATION // since VISTA + ProcessPagePriority, // qs: PAGE_PRIORITY_INFORMATION + ProcessInstrumentationCallback, // s: PVOID or PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION // 40 + ProcessThreadStackAllocation, // s: PROCESS_STACK_ALLOCATION_INFORMATION, PROCESS_STACK_ALLOCATION_INFORMATION_EX + ProcessWorkingSetWatchEx, // q: PROCESS_WS_WATCH_INFORMATION_EX[]; s: void + ProcessImageFileNameWin32, // q: UNICODE_STRING + ProcessImageFileMapping, // q: HANDLE (input) + ProcessAffinityUpdateMode, // qs: PROCESS_AFFINITY_UPDATE_MODE + ProcessMemoryAllocationMode, // qs: PROCESS_MEMORY_ALLOCATION_MODE + ProcessGroupInformation, // q: USHORT[] + ProcessTokenVirtualizationEnabled, // s: ULONG + ProcessConsoleHostProcess, // qs: ULONG_PTR // ProcessOwnerInformation + ProcessWindowInformation, // q: PROCESS_WINDOW_INFORMATION // 50 + ProcessHandleInformation, // q: PROCESS_HANDLE_SNAPSHOT_INFORMATION // since WIN8 + ProcessMitigationPolicy, // s: PROCESS_MITIGATION_POLICY_INFORMATION + ProcessDynamicFunctionTableInformation, // s: PROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION + ProcessHandleCheckingMode, // qs: ULONG; s: 0 disables, otherwise enables + ProcessKeepAliveCount, // q: PROCESS_KEEPALIVE_COUNT_INFORMATION + ProcessRevokeFileHandles, // s: PROCESS_REVOKE_FILE_HANDLES_INFORMATION + ProcessWorkingSetControl, // s: PROCESS_WORKING_SET_CONTROL (requires SeDebugPrivilege) + ProcessHandleTable, // q: ULONG[] // since WINBLUE + ProcessCheckStackExtentsMode, // qs: ULONG // KPROCESS->CheckStackExtents (CFG) + ProcessCommandLineInformation, // q: UNICODE_STRING // 60 + ProcessProtectionInformation, // q: PS_PROTECTION + ProcessMemoryExhaustion, // s: PROCESS_MEMORY_EXHAUSTION_INFO // since THRESHOLD + ProcessFaultInformation, // s: PROCESS_FAULT_INFORMATION + ProcessTelemetryIdInformation, // q: PROCESS_TELEMETRY_ID_INFORMATION + ProcessCommitReleaseInformation, // qs: PROCESS_COMMIT_RELEASE_INFORMATION + ProcessDefaultCpuSetsInformation, // qs: SYSTEM_CPU_SET_INFORMATION[5] + ProcessAllowedCpuSetsInformation, // qs: SYSTEM_CPU_SET_INFORMATION[5] + ProcessSubsystemProcess, + ProcessJobMemoryInformation, // q: PROCESS_JOB_MEMORY_INFO + ProcessInPrivate, // q: BOOLEAN; s: void // ETW // since THRESHOLD2 // 70 + ProcessRaiseUMExceptionOnInvalidHandleClose, // qs: ULONG; s: 0 disables, otherwise enables + ProcessIumChallengeResponse, + ProcessChildProcessInformation, // q: PROCESS_CHILD_PROCESS_INFORMATION + ProcessHighGraphicsPriorityInformation, // qs: BOOLEAN (requires SeTcbPrivilege) + ProcessSubsystemInformation, // q: SUBSYSTEM_INFORMATION_TYPE // since REDSTONE2 + ProcessEnergyValues, // q: PROCESS_ENERGY_VALUES, PROCESS_EXTENDED_ENERGY_VALUES + ProcessPowerThrottlingState, // qs: POWER_THROTTLING_PROCESS_STATE + ProcessReserved3Information, // ProcessActivityThrottlePolicy // PROCESS_ACTIVITY_THROTTLE_POLICY + ProcessWin32kSyscallFilterInformation, // q: WIN32K_SYSCALL_FILTER + ProcessDisableSystemAllowedCpuSets, // s: BOOLEAN // 80 + ProcessWakeInformation, // q: PROCESS_WAKE_INFORMATION + ProcessEnergyTrackingState, // qs: PROCESS_ENERGY_TRACKING_STATE + ProcessManageWritesToExecutableMemory, // MANAGE_WRITES_TO_EXECUTABLE_MEMORY // since REDSTONE3 + ProcessCaptureTrustletLiveDump, + ProcessTelemetryCoverage, // q: TELEMETRY_COVERAGE_HEADER; s: TELEMETRY_COVERAGE_POINT + ProcessEnclaveInformation, + ProcessEnableReadWriteVmLogging, // qs: PROCESS_READWRITEVM_LOGGING_INFORMATION + ProcessUptimeInformation, // q: PROCESS_UPTIME_INFORMATION + ProcessImageSection, // q: HANDLE + ProcessDebugAuthInformation, // since REDSTONE4 // 90 + ProcessSystemResourceManagement, // s: PROCESS_SYSTEM_RESOURCE_MANAGEMENT + ProcessSequenceNumber, // q: ULONGLONG + ProcessLoaderDetour, // since REDSTONE5 + ProcessSecurityDomainInformation, // q: PROCESS_SECURITY_DOMAIN_INFORMATION + ProcessCombineSecurityDomainsInformation, // s: PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION + ProcessEnableLogging, // qs: PROCESS_LOGGING_INFORMATION + ProcessLeapSecondInformation, // qs: PROCESS_LEAP_SECOND_INFORMATION + ProcessFiberShadowStackAllocation, // s: PROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION // since 19H1 + ProcessFreeFiberShadowStackAllocation, // s: PROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION + ProcessAltSystemCallInformation, // s: PROCESS_SYSCALL_PROVIDER_INFORMATION // since 20H1 // 100 + ProcessDynamicEHContinuationTargets, // s: PROCESS_DYNAMIC_EH_CONTINUATION_TARGETS_INFORMATION + ProcessDynamicEnforcedCetCompatibleRanges, // s: PROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGE_INFORMATION // since 20H2 + ProcessCreateStateChange, // since WIN11 + ProcessApplyStateChange, + ProcessEnableOptionalXStateFeatures, // s: ULONG64 // optional XState feature bitmask + ProcessAltPrefetchParam, // since 22H1 + ProcessAssignCpuPartitions, + ProcessPriorityClassEx, // s: PROCESS_PRIORITY_CLASS_EX + ProcessMembershipInformation, // q: PROCESS_MEMBERSHIP_INFORMATION + ProcessEffectiveIoPriority, // q: IO_PRIORITY_HINT + ProcessEffectivePagePriority, // q: ULONG + MaxProcessInfoClass +} PROCESSINFOCLASS; +#endif + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +typedef enum _THREADINFOCLASS +{ + ThreadBasicInformation, // q: THREAD_BASIC_INFORMATION + ThreadTimes, // q: KERNEL_USER_TIMES + ThreadPriority, // s: KPRIORITY (requires SeIncreaseBasePriorityPrivilege) + ThreadBasePriority, // s: KPRIORITY + ThreadAffinityMask, // s: KAFFINITY + ThreadImpersonationToken, // s: HANDLE + ThreadDescriptorTableEntry, // q: DESCRIPTOR_TABLE_ENTRY (or WOW64_DESCRIPTOR_TABLE_ENTRY) + ThreadEnableAlignmentFaultFixup, // s: BOOLEAN + ThreadEventPair, + ThreadQuerySetWin32StartAddress, // q: ULONG_PTR + ThreadZeroTlsCell, // s: ULONG // TlsIndex // 10 + ThreadPerformanceCount, // q: LARGE_INTEGER + ThreadAmILastThread, // q: ULONG + ThreadIdealProcessor, // s: ULONG + ThreadPriorityBoost, // qs: ULONG + ThreadSetTlsArrayAddress, // s: ULONG_PTR // Obsolete + ThreadIsIoPending, // q: ULONG + ThreadHideFromDebugger, // q: BOOLEAN; s: void + ThreadBreakOnTermination, // qs: ULONG + ThreadSwitchLegacyState, // s: void // NtCurrentThread // NPX/FPU + ThreadIsTerminated, // q: ULONG // 20 + ThreadLastSystemCall, // q: THREAD_LAST_SYSCALL_INFORMATION + ThreadIoPriority, // qs: IO_PRIORITY_HINT (requires SeIncreaseBasePriorityPrivilege) + ThreadCycleTime, // q: THREAD_CYCLE_TIME_INFORMATION + ThreadPagePriority, // qs: PAGE_PRIORITY_INFORMATION + ThreadActualBasePriority, // s: LONG (requires SeIncreaseBasePriorityPrivilege) + ThreadTebInformation, // q: THREAD_TEB_INFORMATION (requires THREAD_GET_CONTEXT + THREAD_SET_CONTEXT) + ThreadCSwitchMon, // Obsolete + ThreadCSwitchPmu, + ThreadWow64Context, // qs: WOW64_CONTEXT, ARM_NT_CONTEXT since 20H1 + ThreadGroupInformation, // qs: GROUP_AFFINITY // 30 + ThreadUmsInformation, // q: THREAD_UMS_INFORMATION // Obsolete + ThreadCounterProfiling, // q: BOOLEAN; s: THREAD_PROFILING_INFORMATION? + ThreadIdealProcessorEx, // qs: PROCESSOR_NUMBER; s: previous PROCESSOR_NUMBER on return + ThreadCpuAccountingInformation, // q: BOOLEAN; s: HANDLE (NtOpenSession) // NtCurrentThread // since WIN8 + ThreadSuspendCount, // q: ULONG // since WINBLUE + ThreadHeterogeneousCpuPolicy, // q: KHETERO_CPU_POLICY // since THRESHOLD + ThreadContainerId, // q: GUID + ThreadNameInformation, // qs: THREAD_NAME_INFORMATION + ThreadSelectedCpuSets, + ThreadSystemThreadInformation, // q: SYSTEM_THREAD_INFORMATION // 40 + ThreadActualGroupAffinity, // q: GROUP_AFFINITY // since THRESHOLD2 + ThreadDynamicCodePolicyInfo, // q: ULONG; s: ULONG (NtCurrentThread) + ThreadExplicitCaseSensitivity, // qs: ULONG; s: 0 disables, otherwise enables + ThreadWorkOnBehalfTicket, // RTL_WORK_ON_BEHALF_TICKET_EX + ThreadSubsystemInformation, // q: SUBSYSTEM_INFORMATION_TYPE // since REDSTONE2 + ThreadDbgkWerReportActive, // s: ULONG; s: 0 disables, otherwise enables + ThreadAttachContainer, // s: HANDLE (job object) // NtCurrentThread + ThreadManageWritesToExecutableMemory, // MANAGE_WRITES_TO_EXECUTABLE_MEMORY // since REDSTONE3 + ThreadPowerThrottlingState, // POWER_THROTTLING_THREAD_STATE // since REDSTONE3 (set), WIN11 22H2 (query) + ThreadWorkloadClass, // THREAD_WORKLOAD_CLASS // since REDSTONE5 // 50 + ThreadCreateStateChange, // since WIN11 + ThreadApplyStateChange, + ThreadStrongerBadHandleChecks, // since 22H1 + ThreadEffectiveIoPriority, // q: IO_PRIORITY_HINT + ThreadEffectivePagePriority, // q: ULONG + MaxThreadInfoClass +} THREADINFOCLASS; +#endif + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +// Use with both ProcessPagePriority and ThreadPagePriority +typedef struct _PAGE_PRIORITY_INFORMATION +{ + ULONG PagePriority; +} PAGE_PRIORITY_INFORMATION, *PPAGE_PRIORITY_INFORMATION; +#endif + +// Process information structures + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +typedef struct _PROCESS_BASIC_INFORMATION +{ + NTSTATUS ExitStatus; + PPEB PebBaseAddress; + KAFFINITY AffinityMask; + KPRIORITY BasePriority; + HANDLE UniqueProcessId; + HANDLE InheritedFromUniqueProcessId; +} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; + +typedef struct _PROCESS_EXTENDED_BASIC_INFORMATION +{ + SIZE_T Size; // set to sizeof structure on input + PROCESS_BASIC_INFORMATION BasicInfo; + union + { + ULONG Flags; + struct + { + ULONG IsProtectedProcess : 1; + ULONG IsWow64Process : 1; + ULONG IsProcessDeleting : 1; + ULONG IsCrossSessionCreate : 1; + ULONG IsFrozen : 1; + ULONG IsBackground : 1; + ULONG IsStronglyNamed : 1; + ULONG IsSecureProcess : 1; + ULONG IsSubsystemProcess : 1; + ULONG SpareBits : 23; + }; + }; +} PROCESS_EXTENDED_BASIC_INFORMATION, *PPROCESS_EXTENDED_BASIC_INFORMATION; + +typedef struct _VM_COUNTERS +{ + SIZE_T PeakVirtualSize; + SIZE_T VirtualSize; + ULONG PageFaultCount; + SIZE_T PeakWorkingSetSize; + SIZE_T WorkingSetSize; + SIZE_T QuotaPeakPagedPoolUsage; + SIZE_T QuotaPagedPoolUsage; + SIZE_T QuotaPeakNonPagedPoolUsage; + SIZE_T QuotaNonPagedPoolUsage; + SIZE_T PagefileUsage; + SIZE_T PeakPagefileUsage; +} VM_COUNTERS, *PVM_COUNTERS; + +typedef struct _VM_COUNTERS_EX +{ + SIZE_T PeakVirtualSize; + SIZE_T VirtualSize; + ULONG PageFaultCount; + SIZE_T PeakWorkingSetSize; + SIZE_T WorkingSetSize; + SIZE_T QuotaPeakPagedPoolUsage; + SIZE_T QuotaPagedPoolUsage; + SIZE_T QuotaPeakNonPagedPoolUsage; + SIZE_T QuotaNonPagedPoolUsage; + SIZE_T PagefileUsage; + SIZE_T PeakPagefileUsage; + SIZE_T PrivateUsage; +} VM_COUNTERS_EX, *PVM_COUNTERS_EX; + +typedef struct _VM_COUNTERS_EX2 +{ + VM_COUNTERS_EX CountersEx; + SIZE_T PrivateWorkingSetSize; + SIZE_T SharedCommitUsage; +} VM_COUNTERS_EX2, *PVM_COUNTERS_EX2; + +typedef struct _KERNEL_USER_TIMES +{ + LARGE_INTEGER CreateTime; + LARGE_INTEGER ExitTime; + LARGE_INTEGER KernelTime; + LARGE_INTEGER UserTime; +} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES; + +typedef struct _POOLED_USAGE_AND_LIMITS +{ + SIZE_T PeakPagedPoolUsage; + SIZE_T PagedPoolUsage; + SIZE_T PagedPoolLimit; + SIZE_T PeakNonPagedPoolUsage; + SIZE_T NonPagedPoolUsage; + SIZE_T NonPagedPoolLimit; + SIZE_T PeakPagefileUsage; + SIZE_T PagefileUsage; + SIZE_T PagefileLimit; +} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS; + +#define PROCESS_EXCEPTION_PORT_ALL_STATE_BITS 0x00000003 +#define PROCESS_EXCEPTION_PORT_ALL_STATE_FLAGS ((ULONG_PTR)((1UL << PROCESS_EXCEPTION_PORT_ALL_STATE_BITS) - 1)) + +typedef struct _PROCESS_EXCEPTION_PORT +{ + _In_ HANDLE ExceptionPortHandle; // Handle to the exception port. No particular access required. + _Inout_ ULONG StateFlags; // Miscellaneous state flags to be cached along with the exception port in the kernel. +} PROCESS_EXCEPTION_PORT, *PPROCESS_EXCEPTION_PORT; + +typedef struct _PROCESS_ACCESS_TOKEN +{ + HANDLE Token; // needs TOKEN_ASSIGN_PRIMARY access + HANDLE Thread; // handle to initial/only thread; needs THREAD_QUERY_INFORMATION access +} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN; + +typedef struct _PROCESS_LDT_INFORMATION +{ + ULONG Start; + ULONG Length; + LDT_ENTRY LdtEntries[1]; +} PROCESS_LDT_INFORMATION, *PPROCESS_LDT_INFORMATION; + +typedef struct _PROCESS_LDT_SIZE +{ + ULONG Length; +} PROCESS_LDT_SIZE, *PPROCESS_LDT_SIZE; + +typedef struct _PROCESS_WS_WATCH_INFORMATION +{ + PVOID FaultingPc; + PVOID FaultingVa; +} PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION; + +#endif + +// psapi:PSAPI_WS_WATCH_INFORMATION_EX +typedef struct _PROCESS_WS_WATCH_INFORMATION_EX +{ + PROCESS_WS_WATCH_INFORMATION BasicInfo; + ULONG_PTR FaultingThreadId; + ULONG_PTR Flags; +} PROCESS_WS_WATCH_INFORMATION_EX, *PPROCESS_WS_WATCH_INFORMATION_EX; + +#define PROCESS_PRIORITY_CLASS_UNKNOWN 0 +#define PROCESS_PRIORITY_CLASS_IDLE 1 +#define PROCESS_PRIORITY_CLASS_NORMAL 2 +#define PROCESS_PRIORITY_CLASS_HIGH 3 +#define PROCESS_PRIORITY_CLASS_REALTIME 4 +#define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5 +#define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6 + +typedef struct _PROCESS_PRIORITY_CLASS +{ + BOOLEAN Foreground; + UCHAR PriorityClass; +} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS; + +typedef struct _PROCESS_PRIORITY_CLASS_EX +{ + union + { + struct + { + USHORT ForegroundValid : 1; + USHORT PriorityClassValid : 1; + }; + USHORT AllFlags; + }; + UCHAR PriorityClass; + BOOLEAN Foreground; +} PROCESS_PRIORITY_CLASS_EX, *PPROCESS_PRIORITY_CLASS_EX; + +typedef struct _PROCESS_FOREGROUND_BACKGROUND +{ + BOOLEAN Foreground; +} PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +typedef struct _PROCESS_DEVICEMAP_INFORMATION +{ + union + { + struct + { + HANDLE DirectoryHandle; // needs DIRECTORY_TRAVERSE access + } Set; + struct + { + ULONG DriveMap; // bit mask + UCHAR DriveType[32]; // DRIVE_* WinBase.h + } Query; + }; +} PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION; + +#define PROCESS_LUID_DOSDEVICES_ONLY 0x00000001 + +typedef struct _PROCESS_DEVICEMAP_INFORMATION_EX +{ + union + { + struct + { + HANDLE DirectoryHandle; // needs DIRECTORY_TRAVERSE access + } Set; + struct + { + ULONG DriveMap; // bit mask + UCHAR DriveType[32]; // DRIVE_* WinBase.h + } Query; + }; + ULONG Flags; // PROCESS_LUID_DOSDEVICES_ONLY +} PROCESS_DEVICEMAP_INFORMATION_EX, *PPROCESS_DEVICEMAP_INFORMATION_EX; + +typedef struct _PROCESS_SESSION_INFORMATION +{ + ULONG SessionId; +} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION; + +#define PROCESS_HANDLE_EXCEPTIONS_ENABLED 0x00000001 + +#define PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_DISABLED 0x00000000 +#define PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_ENABLED 0x00000001 + +typedef struct _PROCESS_HANDLE_TRACING_ENABLE +{ + ULONG Flags; +} PROCESS_HANDLE_TRACING_ENABLE, *PPROCESS_HANDLE_TRACING_ENABLE; + +#define PROCESS_HANDLE_TRACING_MAX_SLOTS 0x20000 + +typedef struct _PROCESS_HANDLE_TRACING_ENABLE_EX +{ + ULONG Flags; + ULONG TotalSlots; +} PROCESS_HANDLE_TRACING_ENABLE_EX, *PPROCESS_HANDLE_TRACING_ENABLE_EX; + +#define PROCESS_HANDLE_TRACING_MAX_STACKS 16 + +#define PROCESS_HANDLE_TRACE_TYPE_OPEN 1 +#define PROCESS_HANDLE_TRACE_TYPE_CLOSE 2 +#define PROCESS_HANDLE_TRACE_TYPE_BADREF 3 + +typedef struct _PROCESS_HANDLE_TRACING_ENTRY +{ + HANDLE Handle; + CLIENT_ID ClientId; + ULONG Type; + PVOID Stacks[PROCESS_HANDLE_TRACING_MAX_STACKS]; +} PROCESS_HANDLE_TRACING_ENTRY, *PPROCESS_HANDLE_TRACING_ENTRY; + +typedef struct _PROCESS_HANDLE_TRACING_QUERY +{ + _In_opt_ HANDLE Handle; + _Out_ ULONG TotalTraces; + _Out_ _Field_size_(TotalTraces) PROCESS_HANDLE_TRACING_ENTRY HandleTrace[1]; +} PROCESS_HANDLE_TRACING_QUERY, *PPROCESS_HANDLE_TRACING_QUERY; + +#endif + +typedef struct _THREAD_TLS_INFORMATION +{ + ULONG Flags; + PVOID NewTlsData; + PVOID OldTlsData; + HANDLE ThreadId; +} THREAD_TLS_INFORMATION, *PTHREAD_TLS_INFORMATION; + +typedef enum _PROCESS_TLS_INFORMATION_TYPE +{ + ProcessTlsReplaceIndex, + ProcessTlsReplaceVector, + MaxProcessTlsOperation +} PROCESS_TLS_INFORMATION_TYPE, *PPROCESS_TLS_INFORMATION_TYPE; + +typedef struct _PROCESS_TLS_INFORMATION +{ + ULONG Flags; + ULONG OperationType; + ULONG ThreadDataCount; + ULONG TlsIndex; + ULONG PreviousCount; + _Field_size_(ThreadDataCount) THREAD_TLS_INFORMATION ThreadData[1]; +} PROCESS_TLS_INFORMATION, *PPROCESS_TLS_INFORMATION; + +typedef struct _PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION +{ + ULONG Version; + ULONG Reserved; + PVOID Callback; +} PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION, *PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION; + +typedef struct _PROCESS_STACK_ALLOCATION_INFORMATION +{ + SIZE_T ReserveSize; + SIZE_T ZeroBits; + PVOID StackBase; +} PROCESS_STACK_ALLOCATION_INFORMATION, *PPROCESS_STACK_ALLOCATION_INFORMATION; + +typedef struct _PROCESS_STACK_ALLOCATION_INFORMATION_EX +{ + ULONG PreferredNode; + ULONG Reserved0; + ULONG Reserved1; + ULONG Reserved2; + PROCESS_STACK_ALLOCATION_INFORMATION AllocInfo; +} PROCESS_STACK_ALLOCATION_INFORMATION_EX, *PPROCESS_STACK_ALLOCATION_INFORMATION_EX; + +typedef union _PROCESS_AFFINITY_UPDATE_MODE +{ + ULONG Flags; + struct + { + ULONG EnableAutoUpdate : 1; + ULONG Permanent : 1; + ULONG Reserved : 30; + }; +} PROCESS_AFFINITY_UPDATE_MODE, *PPROCESS_AFFINITY_UPDATE_MODE; + +typedef union _PROCESS_MEMORY_ALLOCATION_MODE +{ + ULONG Flags; + struct + { + ULONG TopDown : 1; + ULONG Reserved : 31; + }; +} PROCESS_MEMORY_ALLOCATION_MODE, *PPROCESS_MEMORY_ALLOCATION_MODE; + +typedef struct _PROCESS_HANDLE_INFORMATION +{ + ULONG HandleCount; + ULONG HandleCountHighWatermark; +} PROCESS_HANDLE_INFORMATION, *PPROCESS_HANDLE_INFORMATION; + +typedef struct _PROCESS_CYCLE_TIME_INFORMATION +{ + ULONGLONG AccumulatedCycles; + ULONGLONG CurrentCycleCount; +} PROCESS_CYCLE_TIME_INFORMATION, *PPROCESS_CYCLE_TIME_INFORMATION; + +typedef struct _PROCESS_WINDOW_INFORMATION +{ + ULONG WindowFlags; + USHORT WindowTitleLength; + _Field_size_bytes_(WindowTitleLength) WCHAR WindowTitle[1]; +} PROCESS_WINDOW_INFORMATION, *PPROCESS_WINDOW_INFORMATION; + +typedef struct _PROCESS_HANDLE_TABLE_ENTRY_INFO +{ + HANDLE HandleValue; + ULONG_PTR HandleCount; + ULONG_PTR PointerCount; + ULONG GrantedAccess; + ULONG ObjectTypeIndex; + ULONG HandleAttributes; + ULONG Reserved; +} PROCESS_HANDLE_TABLE_ENTRY_INFO, *PPROCESS_HANDLE_TABLE_ENTRY_INFO; + +typedef struct _PROCESS_HANDLE_SNAPSHOT_INFORMATION +{ + ULONG_PTR NumberOfHandles; + ULONG_PTR Reserved; + _Field_size_(NumberOfHandles) PROCESS_HANDLE_TABLE_ENTRY_INFO Handles[1]; +} PROCESS_HANDLE_SNAPSHOT_INFORMATION, *PPROCESS_HANDLE_SNAPSHOT_INFORMATION; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +#if !defined(NTDDI_WIN10_FE) || (NTDDI_VERSION < NTDDI_WIN10_FE) +typedef struct _PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY +{ + union { + ULONG Flags; + struct { + ULONG EnforceRedirectionTrust : 1; + ULONG AuditRedirectionTrust : 1; + ULONG ReservedFlags : 30; + }; + }; +} PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY, *PPROCESS_MITIGATION_REDIRECTION_TRUST_POLICY; +#endif + +#if !defined(NTDDI_WIN10_NI) || (NTDDI_VERSION < NTDDI_WIN10_NI) +#define ProcessUserPointerAuthPolicy 17 +#define ProcessSEHOPPolicy 18 + +typedef struct _PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY { + union { + ULONG Flags; + struct { + ULONG EnablePointerAuthUserIp : 1; + ULONG ReservedFlags : 31; + }; + }; +} PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY, *PPROCESS_MITIGATION_USER_POINTER_AUTH_POLICY; + +typedef struct _PROCESS_MITIGATION_SEHOP_POLICY { + union { + ULONG Flags; + struct { + ULONG EnableSehop : 1; + ULONG ReservedFlags : 31; + }; + }; +} PROCESS_MITIGATION_SEHOP_POLICY, *PPROCESS_MITIGATION_SEHOP_POLICY; +#endif + +typedef struct _PROCESS_MITIGATION_POLICY_INFORMATION +{ + PROCESS_MITIGATION_POLICY Policy; + union + { + PROCESS_MITIGATION_ASLR_POLICY ASLRPolicy; + PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY StrictHandleCheckPolicy; + PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY SystemCallDisablePolicy; + PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY ExtensionPointDisablePolicy; + PROCESS_MITIGATION_DYNAMIC_CODE_POLICY DynamicCodePolicy; + PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY ControlFlowGuardPolicy; + PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY SignaturePolicy; + PROCESS_MITIGATION_FONT_DISABLE_POLICY FontDisablePolicy; + PROCESS_MITIGATION_IMAGE_LOAD_POLICY ImageLoadPolicy; + PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY SystemCallFilterPolicy; + PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY PayloadRestrictionPolicy; + PROCESS_MITIGATION_CHILD_PROCESS_POLICY ChildProcessPolicy; + PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY SideChannelIsolationPolicy; + PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY UserShadowStackPolicy; + PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY RedirectionTrustPolicy; + PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY UserPointerAuthPolicy; + PROCESS_MITIGATION_SEHOP_POLICY SEHOPPolicy; + }; +} PROCESS_MITIGATION_POLICY_INFORMATION, *PPROCESS_MITIGATION_POLICY_INFORMATION; + +// private +typedef struct _PROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION +{ + struct _DYNAMIC_FUNCTION_TABLE* DynamicFunctionTable; + BOOLEAN Remove; +} PROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION, *PPROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION; + +typedef struct _PROCESS_KEEPALIVE_COUNT_INFORMATION +{ + ULONG WakeCount; + ULONG NoWakeCount; +} PROCESS_KEEPALIVE_COUNT_INFORMATION, *PPROCESS_KEEPALIVE_COUNT_INFORMATION; + +typedef struct _PROCESS_REVOKE_FILE_HANDLES_INFORMATION +{ + UNICODE_STRING TargetDevicePath; +} PROCESS_REVOKE_FILE_HANDLES_INFORMATION, *PPROCESS_REVOKE_FILE_HANDLES_INFORMATION; + +// begin_private + +typedef enum _PROCESS_WORKING_SET_OPERATION +{ + ProcessWorkingSetSwap, + ProcessWorkingSetEmpty, + ProcessWorkingSetOperationMax +} PROCESS_WORKING_SET_OPERATION; + +typedef struct _PROCESS_WORKING_SET_CONTROL +{ + ULONG Version; + PROCESS_WORKING_SET_OPERATION Operation; + ULONG Flags; +} PROCESS_WORKING_SET_CONTROL, *PPROCESS_WORKING_SET_CONTROL; + +typedef enum _PS_PROTECTED_TYPE +{ + PsProtectedTypeNone, + PsProtectedTypeProtectedLight, + PsProtectedTypeProtected, + PsProtectedTypeMax +} PS_PROTECTED_TYPE; + +typedef enum _PS_PROTECTED_SIGNER +{ + PsProtectedSignerNone, + PsProtectedSignerAuthenticode, + PsProtectedSignerCodeGen, + PsProtectedSignerAntimalware, + PsProtectedSignerLsa, + PsProtectedSignerWindows, + PsProtectedSignerWinTcb, + PsProtectedSignerWinSystem, + PsProtectedSignerApp, + PsProtectedSignerMax +} PS_PROTECTED_SIGNER; + +#define PS_PROTECTED_SIGNER_MASK 0xFF +#define PS_PROTECTED_AUDIT_MASK 0x08 +#define PS_PROTECTED_TYPE_MASK 0x07 + +// vProtectionLevel.Level = PsProtectedValue(PsProtectedSignerCodeGen, FALSE, PsProtectedTypeProtectedLight) +#define PsProtectedValue(aSigner, aAudit, aType) ( \ + ((aSigner & PS_PROTECTED_SIGNER_MASK) << 4) | \ + ((aAudit & PS_PROTECTED_AUDIT_MASK) << 3) | \ + (aType & PS_PROTECTED_TYPE_MASK)\ + ) + +// InitializePsProtection(&vProtectionLevel, PsProtectedSignerCodeGen, FALSE, PsProtectedTypeProtectedLight) +#define InitializePsProtection(aProtectionLevelPtr, aSigner, aAudit, aType) { \ + (aProtectionLevelPtr)->Signer = aSigner; \ + (aProtectionLevelPtr)->Audit = aAudit; \ + (aProtectionLevelPtr)->Type = aType; \ + } + +typedef struct _PS_PROTECTION +{ + union + { + UCHAR Level; + struct + { + UCHAR Type : 3; + UCHAR Audit : 1; + UCHAR Signer : 4; + }; + }; +} PS_PROTECTION, *PPS_PROTECTION; + +typedef struct _PROCESS_FAULT_INFORMATION +{ + ULONG FaultFlags; + ULONG AdditionalInfo; +} PROCESS_FAULT_INFORMATION, *PPROCESS_FAULT_INFORMATION; + +typedef struct _PROCESS_TELEMETRY_ID_INFORMATION +{ + ULONG HeaderSize; + ULONG ProcessId; + ULONGLONG ProcessStartKey; + ULONGLONG CreateTime; + ULONGLONG CreateInterruptTime; + ULONGLONG CreateUnbiasedInterruptTime; + ULONGLONG ProcessSequenceNumber; + ULONGLONG SessionCreateTime; + ULONG SessionId; + ULONG BootId; + ULONG ImageChecksum; + ULONG ImageTimeDateStamp; + ULONG UserSidOffset; + ULONG ImagePathOffset; + ULONG PackageNameOffset; + ULONG RelativeAppNameOffset; + ULONG CommandLineOffset; +} PROCESS_TELEMETRY_ID_INFORMATION, *PPROCESS_TELEMETRY_ID_INFORMATION; + +typedef struct _PROCESS_COMMIT_RELEASE_INFORMATION +{ + ULONG Version; + struct + { + ULONG Eligible : 1; + ULONG ReleaseRepurposedMemResetCommit : 1; + ULONG ForceReleaseMemResetCommit : 1; + ULONG Spare : 29; + }; + SIZE_T CommitDebt; + SIZE_T CommittedMemResetSize; + SIZE_T RepurposedMemResetSize; +} PROCESS_COMMIT_RELEASE_INFORMATION, *PPROCESS_COMMIT_RELEASE_INFORMATION; + +typedef struct _PROCESS_JOB_MEMORY_INFO +{ + ULONGLONG SharedCommitUsage; + ULONGLONG PrivateCommitUsage; + ULONGLONG PeakPrivateCommitUsage; + ULONGLONG PrivateCommitLimit; + ULONGLONG TotalCommitLimit; +} PROCESS_JOB_MEMORY_INFO, *PPROCESS_JOB_MEMORY_INFO; + +typedef struct _PROCESS_CHILD_PROCESS_INFORMATION +{ + BOOLEAN ProhibitChildProcesses; + BOOLEAN AlwaysAllowSecureChildProcess; // REDSTONE3 + BOOLEAN AuditProhibitChildProcesses; +} PROCESS_CHILD_PROCESS_INFORMATION, *PPROCESS_CHILD_PROCESS_INFORMATION; + +#define POWER_THROTTLING_PROCESS_CURRENT_VERSION 1 +#define POWER_THROTTLING_PROCESS_EXECUTION_SPEED 0x1 +#define POWER_THROTTLING_PROCESS_DELAYTIMERS 0x2 +#define POWER_THROTTLING_PROCESS_IGNORE_TIMER_RESOLUTION 0x4 // since WIN11 +#define POWER_THROTTLING_PROCESS_VALID_FLAGS ((POWER_THROTTLING_PROCESS_EXECUTION_SPEED | POWER_THROTTLING_PROCESS_DELAYTIMERS | POWER_THROTTLING_PROCESS_IGNORE_TIMER_RESOLUTION)) + +typedef struct _POWER_THROTTLING_PROCESS_STATE +{ + ULONG Version; + ULONG ControlMask; + ULONG StateMask; +} POWER_THROTTLING_PROCESS_STATE, *PPOWER_THROTTLING_PROCESS_STATE; + +// rev (tyranid) +#define WIN32K_SYSCALL_FILTER_STATE_ENABLE 0x1 +#define WIN32K_SYSCALL_FILTER_STATE_AUDIT 0x2 + +typedef struct _WIN32K_SYSCALL_FILTER +{ + ULONG FilterState; + ULONG FilterSet; +} WIN32K_SYSCALL_FILTER, *PWIN32K_SYSCALL_FILTER; + +typedef struct _JOBOBJECT_WAKE_FILTER *PJOBOBJECT_WAKE_FILTER; // from ntpsapi.h + +typedef struct _PROCESS_WAKE_INFORMATION +{ + ULONGLONG NotificationChannel; + ULONG WakeCounters[7]; + PJOBOBJECT_WAKE_FILTER WakeFilter; +} PROCESS_WAKE_INFORMATION, *PPROCESS_WAKE_INFORMATION; + +typedef struct _PROCESS_ENERGY_TRACKING_STATE +{ + ULONG StateUpdateMask; + ULONG StateDesiredValue; + ULONG StateSequence; + ULONG UpdateTag : 1; + WCHAR Tag[64]; +} PROCESS_ENERGY_TRACKING_STATE, *PPROCESS_ENERGY_TRACKING_STATE; + +typedef struct _MANAGE_WRITES_TO_EXECUTABLE_MEMORY +{ + ULONG Version : 8; + ULONG ProcessEnableWriteExceptions : 1; + ULONG ThreadAllowWrites : 1; + ULONG Spare : 22; + PVOID KernelWriteToExecutableSignal; // 19H1 +} MANAGE_WRITES_TO_EXECUTABLE_MEMORY, *PMANAGE_WRITES_TO_EXECUTABLE_MEMORY; + +#define POWER_THROTTLING_THREAD_CURRENT_VERSION 1 +#define POWER_THROTTLING_THREAD_EXECUTION_SPEED 0x1 +#define POWER_THROTTLING_THREAD_VALID_FLAGS (POWER_THROTTLING_THREAD_EXECUTION_SPEED) + +typedef struct _POWER_THROTTLING_THREAD_STATE +{ + ULONG Version; + ULONG ControlMask; + ULONG StateMask; +} POWER_THROTTLING_THREAD_STATE, *PPOWER_THROTTLING_THREAD_STATE; + +#define PROCESS_READWRITEVM_LOGGING_ENABLE_READVM 1 +#define PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM 2 +#define PROCESS_READWRITEVM_LOGGING_ENABLE_READVM_V 1UL +#define PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM_V 2UL + +typedef union _PROCESS_READWRITEVM_LOGGING_INFORMATION +{ + UCHAR Flags; + struct + { + UCHAR EnableReadVmLogging : 1; + UCHAR EnableWriteVmLogging : 1; + UCHAR Unused : 6; + }; +} PROCESS_READWRITEVM_LOGGING_INFORMATION, *PPROCESS_READWRITEVM_LOGGING_INFORMATION; + +typedef struct _PROCESS_UPTIME_INFORMATION +{ + ULONGLONG QueryInterruptTime; + ULONGLONG QueryUnbiasedTime; + ULONGLONG EndInterruptTime; + ULONGLONG TimeSinceCreation; + ULONGLONG Uptime; + ULONGLONG SuspendedTime; + struct + { + ULONG HangCount : 4; + ULONG GhostCount : 4; + ULONG Crashed : 1; + ULONG Terminated : 1; + }; +} PROCESS_UPTIME_INFORMATION, *PPROCESS_UPTIME_INFORMATION; + +typedef union _PROCESS_SYSTEM_RESOURCE_MANAGEMENT +{ + ULONG Flags; + struct + { + ULONG Foreground : 1; + ULONG Reserved : 31; + }; +} PROCESS_SYSTEM_RESOURCE_MANAGEMENT, *PPROCESS_SYSTEM_RESOURCE_MANAGEMENT; + +typedef struct _PROCESS_SECURITY_DOMAIN_INFORMATION +{ + ULONGLONG SecurityDomain; +} PROCESS_SECURITY_DOMAIN_INFORMATION, *PPROCESS_SECURITY_DOMAIN_INFORMATION; + +typedef struct _PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION +{ + HANDLE ProcessHandle; +} PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION, *PPROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION; + +typedef union _PROCESS_LOGGING_INFORMATION +{ + ULONG Flags; + struct + { + ULONG EnableReadVmLogging : 1; + ULONG EnableWriteVmLogging : 1; + ULONG EnableProcessSuspendResumeLogging : 1; + ULONG EnableThreadSuspendResumeLogging : 1; + ULONG EnableLocalExecProtectVmLogging : 1; + ULONG EnableRemoteExecProtectVmLogging : 1; + ULONG Reserved : 26; + }; +} PROCESS_LOGGING_INFORMATION, *PPROCESS_LOGGING_INFORMATION; + +typedef struct _PROCESS_LEAP_SECOND_INFORMATION +{ + ULONG Flags; + ULONG Reserved; +} PROCESS_LEAP_SECOND_INFORMATION, *PPROCESS_LEAP_SECOND_INFORMATION; + +typedef struct _PROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION +{ + ULONGLONG ReserveSize; + ULONGLONG CommitSize; + ULONG PreferredNode; + ULONG Reserved; + PVOID Ssp; +} PROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION, *PPROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION; + +typedef struct _PROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION +{ + PVOID Ssp; +} PROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION, *PPROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION; + +typedef struct _PROCESS_SYSCALL_PROVIDER_INFORMATION +{ + GUID ProviderId; + UCHAR Level; +} PROCESS_SYSCALL_PROVIDER_INFORMATION, *PPROCESS_SYSCALL_PROVIDER_INFORMATION; + +//typedef struct _PROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGE +//{ +// ULONG_PTR BaseAddress; +// SIZE_T Size; +// ULONG Flags; +//} PROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGE, *PPROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGE; +// +//typedef struct _PROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGES_INFORMATION +//{ +// USHORT NumberOfRanges; +// USHORT Reserved; +// ULONG Reserved2; +// PPROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGE Ranges; +//} PROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGES_INFORMATION, *PPROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGES_INFORMATION; + +typedef struct _PROCESS_MEMBERSHIP_INFORMATION +{ + ULONG ServerSiloId; +} PROCESS_MEMBERSHIP_INFORMATION, *PPROCESS_MEMBERSHIP_INFORMATION; + +// end_private + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryPortInformationProcess( + VOID + ); + +#endif + +// Thread information structures + +typedef struct _THREAD_BASIC_INFORMATION +{ + NTSTATUS ExitStatus; + PTEB TebBaseAddress; + CLIENT_ID ClientId; + KAFFINITY AffinityMask; + KPRIORITY Priority; + KPRIORITY BasePriority; +} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; + +typedef struct _THREAD_LAST_SYSCALL_INFORMATION +{ + PVOID FirstArgument; + USHORT SystemCallNumber; +#ifdef WIN64 + USHORT Pad[0x3]; // since REDSTONE2 +#else + USHORT Pad[0x1]; // since REDSTONE2 +#endif + ULONG64 WaitTime; +} THREAD_LAST_SYSCALL_INFORMATION, *PTHREAD_LAST_SYSCALL_INFORMATION; + +typedef struct _THREAD_CYCLE_TIME_INFORMATION +{ + ULONGLONG AccumulatedCycles; + ULONGLONG CurrentCycleCount; +} THREAD_CYCLE_TIME_INFORMATION, *PTHREAD_CYCLE_TIME_INFORMATION; + +typedef struct _THREAD_TEB_INFORMATION +{ + PVOID TebInformation; // buffer to place data in + ULONG TebOffset; // offset in TEB to begin reading from + ULONG BytesToRead; // number of bytes to read +} THREAD_TEB_INFORMATION, *PTHREAD_TEB_INFORMATION; + +// symbols +typedef struct _COUNTER_READING +{ + HARDWARE_COUNTER_TYPE Type; + ULONG Index; + ULONG64 Start; + ULONG64 Total; +} COUNTER_READING, *PCOUNTER_READING; + +// symbols +typedef struct _THREAD_PERFORMANCE_DATA +{ + USHORT Size; + USHORT Version; + PROCESSOR_NUMBER ProcessorNumber; + ULONG ContextSwitches; + ULONG HwCountersCount; + ULONG64 UpdateCount; + ULONG64 WaitReasonBitMap; + ULONG64 HardwareCounters; + COUNTER_READING CycleTime; + COUNTER_READING HwCounters[MAX_HW_COUNTERS]; +} THREAD_PERFORMANCE_DATA, *PTHREAD_PERFORMANCE_DATA; + +typedef struct _THREAD_PROFILING_INFORMATION +{ + ULONG64 HardwareCounters; + ULONG Flags; + ULONG Enable; + PTHREAD_PERFORMANCE_DATA PerformanceData; +} THREAD_PROFILING_INFORMATION, *PTHREAD_PROFILING_INFORMATION; + +typedef struct _RTL_UMS_CONTEXT +{ + SINGLE_LIST_ENTRY Link; + CONTEXT Context; + PVOID Teb; + PVOID UserContext; + volatile ULONG ScheduledThread : 1; + volatile ULONG Suspended : 1; + volatile ULONG VolatileContext : 1; + volatile ULONG Terminated : 1; + volatile ULONG DebugActive : 1; + volatile ULONG RunningOnSelfThread : 1; + volatile ULONG DenyRunningOnSelfThread : 1; + volatile LONG Flags; + volatile ULONG64 KernelUpdateLock : 2; + volatile ULONG64 PrimaryClientID : 62; + volatile ULONG64 ContextLock; + struct _RTL_UMS_CONTEXT* PrimaryUmsContext; + ULONG SwitchCount; + ULONG KernelYieldCount; + ULONG MixedYieldCount; + ULONG YieldCount; +} RTL_UMS_CONTEXT, *PRTL_UMS_CONTEXT; + +typedef enum _THREAD_UMS_INFORMATION_COMMAND +{ + UmsInformationCommandInvalid, + UmsInformationCommandAttach, + UmsInformationCommandDetach, + UmsInformationCommandQuery +} THREAD_UMS_INFORMATION_COMMAND; + +typedef struct _RTL_UMS_COMPLETION_LIST +{ + PSINGLE_LIST_ENTRY ThreadListHead; + PVOID CompletionEvent; + ULONG CompletionFlags; + SINGLE_LIST_ENTRY InternalListHead; +} RTL_UMS_COMPLETION_LIST, *PRTL_UMS_COMPLETION_LIST; + +typedef struct _THREAD_UMS_INFORMATION +{ + THREAD_UMS_INFORMATION_COMMAND Command; + PRTL_UMS_COMPLETION_LIST CompletionList; + PRTL_UMS_CONTEXT UmsContext; + union + { + ULONG Flags; + struct + { + ULONG IsUmsSchedulerThread : 1; + ULONG IsUmsWorkerThread : 1; + ULONG SpareBits : 30; + }; + }; +} THREAD_UMS_INFORMATION, *PTHREAD_UMS_INFORMATION; + +typedef struct _THREAD_NAME_INFORMATION +{ + UNICODE_STRING ThreadName; +} THREAD_NAME_INFORMATION, *PTHREAD_NAME_INFORMATION; + +typedef struct _ALPC_WORK_ON_BEHALF_TICKET +{ + ULONG ThreadId; + ULONG ThreadCreationTimeLow; +} ALPC_WORK_ON_BEHALF_TICKET, *PALPC_WORK_ON_BEHALF_TICKET; + +typedef struct _RTL_WORK_ON_BEHALF_TICKET_EX +{ + ALPC_WORK_ON_BEHALF_TICKET Ticket; + union + { + ULONG Flags; + struct + { + ULONG CurrentThread : 1; + ULONG Reserved1 : 31; + }; + }; + ULONG Reserved2; +} RTL_WORK_ON_BEHALF_TICKET_EX, *PRTL_WORK_ON_BEHALF_TICKET_EX; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +typedef enum _SUBSYSTEM_INFORMATION_TYPE +{ + SubsystemInformationTypeWin32, + SubsystemInformationTypeWSL, + MaxSubsystemInformationType +} SUBSYSTEM_INFORMATION_TYPE; +#endif + +typedef enum _THREAD_WORKLOAD_CLASS +{ + ThreadWorkloadClassDefault, + ThreadWorkloadClassGraphics, + MaxThreadWorkloadClass +} THREAD_WORKLOAD_CLASS; + +#if defined(_ARM64_) + +#define CONTEXT_ARM 0x00200000L + +#define CONTEXT_ARM_CONTROL (CONTEXT_ARM | 0x1L) +#define CONTEXT_ARM_INTEGER (CONTEXT_ARM | 0x2L) +#define CONTEXT_ARM_FLOATING_POINT (CONTEXT_ARM | 0x4L) +#define CONTEXT_ARM_DEBUG_REGISTERS (CONTEXT_ARM | 0x8L) + +#define CONTEXT_ARM_FULL (CONTEXT_ARM_CONTROL | CONTEXT_ARM_INTEGER | CONTEXT_ARM_FLOATING_POINT) + +#define CONTEXT_ARM_ALL (CONTEXT_ARM_CONTROL | CONTEXT_ARM_INTEGER | CONTEXT_ARM_FLOATING_POINT | CONTEXT_ARM_DEBUG_REGISTERS) + +#define ARM_MAX_BREAKPOINTS 8 +#define ARM_MAX_WATCHPOINTS 1 + +typedef struct _ARM_NT_NEON128 { + ULONGLONG Low; + LONGLONG High; +} ARM_NT_NEON128, *PARM_NT_NEON128; + +typedef struct DECLSPEC_ALIGN(8) DECLSPEC_NOINITALL _ARM_NT_CONTEXT { + + // + // Control flags. + // + + DWORD ContextFlags; + + // + // Integer registers + // + + DWORD R0; + DWORD R1; + DWORD R2; + DWORD R3; + DWORD R4; + DWORD R5; + DWORD R6; + DWORD R7; + DWORD R8; + DWORD R9; + DWORD R10; + DWORD R11; + DWORD R12; + + // + // Control Registers + // + + DWORD Sp; + DWORD Lr; + DWORD Pc; + DWORD Cpsr; + + // + // Floating Point/NEON Registers + // + + DWORD Fpscr; + DWORD Padding; + union { + ARM_NT_NEON128 Q[16]; + ULONGLONG D[32]; + DWORD S[32]; + } DUMMYUNIONNAME; + + // + // Debug registers + // + + DWORD Bvr[ARM_MAX_BREAKPOINTS]; + DWORD Bcr[ARM_MAX_BREAKPOINTS]; + DWORD Wvr[ARM_MAX_WATCHPOINTS]; + DWORD Wcr[ARM_MAX_WATCHPOINTS]; + + DWORD Padding2[2]; + +} ARM_NT_CONTEXT, *PARM_NT_CONTEXT; + +#endif + +// Processes + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateProcess( + _Out_ PHANDLE ProcessHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ParentProcess, + _In_ BOOLEAN InheritObjectTable, + _In_opt_ HANDLE SectionHandle, + _In_opt_ HANDLE DebugPort, + _In_opt_ HANDLE TokenHandle + ); + +// begin_rev +#define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001 // NtCreateProcessEx & NtCreateUserProcess +#define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002 // NtCreateProcessEx & NtCreateUserProcess +#define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004 // NtCreateProcessEx & NtCreateUserProcess +#define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008 // NtCreateProcessEx only +#define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010 // NtCreateProcessEx only, requires SeLockMemory +#define PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL 0x00000020 // NtCreateProcessEx only, requires SeLockMemory +#define PROCESS_CREATE_FLAGS_PROTECTED_PROCESS 0x00000040 // NtCreateUserProcess only +#define PROCESS_CREATE_FLAGS_CREATE_SESSION 0x00000080 // NtCreateProcessEx & NtCreateUserProcess, requires SeLoadDriver +#define PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT 0x00000100 // NtCreateProcessEx & NtCreateUserProcess +#define PROCESS_CREATE_FLAGS_SUSPENDED 0x00000200 // NtCreateProcessEx & NtCreateUserProcess +#define PROCESS_CREATE_FLAGS_FORCE_BREAKAWAY 0x00000400 // NtCreateProcessEx & NtCreateUserProcess, requires SeTcb +#define PROCESS_CREATE_FLAGS_MINIMAL_PROCESS 0x00000800 // NtCreateProcessEx only +#define PROCESS_CREATE_FLAGS_RELEASE_SECTION 0x00001000 // NtCreateProcessEx & NtCreateUserProcess +#define PROCESS_CREATE_FLAGS_CLONE_MINIMAL 0x00002000 // NtCreateProcessEx only +#define PROCESS_CREATE_FLAGS_CLONE_MINIMAL_REDUCED_COMMIT 0x00004000 // +#define PROCESS_CREATE_FLAGS_AUXILIARY_PROCESS 0x00008000 // NtCreateProcessEx & NtCreateUserProcess, requires SeTcb +#define PROCESS_CREATE_FLAGS_CREATE_STORE 0x00020000 // NtCreateProcessEx & NtCreateUserProcess +#define PROCESS_CREATE_FLAGS_USE_PROTECTED_ENVIRONMENT 0x00040000 // NtCreateProcessEx & NtCreateUserProcess +// end_rev + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateProcessEx( + _Out_ PHANDLE ProcessHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ParentProcess, + _In_ ULONG Flags, // PROCESS_CREATE_FLAGS_* + _In_opt_ HANDLE SectionHandle, + _In_opt_ HANDLE DebugPort, + _In_opt_ HANDLE TokenHandle, + _Reserved_ ULONG Reserved // JobMemberLevel + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenProcess( + _Out_ PHANDLE ProcessHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PCLIENT_ID ClientId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtTerminateProcess( + _In_opt_ HANDLE ProcessHandle, + _In_ NTSTATUS ExitStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSuspendProcess( + _In_ HANDLE ProcessHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtResumeProcess( + _In_ HANDLE ProcessHandle + ); + +#define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1) +#define ZwCurrentProcess() NtCurrentProcess() +#define NtCurrentThread() ((HANDLE)(LONG_PTR)-2) +#define ZwCurrentThread() NtCurrentThread() +#define NtCurrentSession() ((HANDLE)(LONG_PTR)-3) +#define ZwCurrentSession() NtCurrentSession() +#define NtCurrentPeb() (NtCurrentTeb()->ProcessEnvironmentBlock) + +// Windows 8 and above +#define NtCurrentProcessToken() ((HANDLE)(LONG_PTR)-4) // NtOpenProcessToken(NtCurrentProcess()) +#define NtCurrentThreadToken() ((HANDLE)(LONG_PTR)-5) // NtOpenThreadToken(NtCurrentThread()) +#define NtCurrentThreadEffectiveToken() ((HANDLE)(LONG_PTR)-6) // NtOpenThreadToken(NtCurrentThread()) + NtOpenProcessToken(NtCurrentProcess()) + +#define NtCurrentSilo() ((HANDLE)(LONG_PTR)-1) + +// Not NT, but useful. +EXTERN_C IMAGE_DOS_HEADER __ImageBase; +#define NtCurrentImageBase() ((PVOID)&__ImageBase) + +// Not NT, but useful. +#define NtCurrentProcessId() (NtCurrentTeb()->ClientId.UniqueProcess) +#define NtCurrentThreadId() (NtCurrentTeb()->ClientId.UniqueThread) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInformationProcess( + _In_ HANDLE ProcessHandle, + _In_ PROCESSINFOCLASS ProcessInformationClass, + _Out_writes_bytes_(ProcessInformationLength) PVOID ProcessInformation, + _In_ ULONG ProcessInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +#if (PHNT_VERSION >= PHNT_WS03) + +#define PROCESS_GET_NEXT_FLAGS_PREVIOUS_PROCESS 0x00000001 + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtGetNextProcess( + _In_opt_ HANDLE ProcessHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ ULONG HandleAttributes, + _In_ ULONG Flags, + _Out_ PHANDLE NewProcessHandle + ); +#endif + +#if (PHNT_VERSION >= PHNT_WS03) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtGetNextThread( + _In_ HANDLE ProcessHandle, + _In_opt_ HANDLE ThreadHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ ULONG HandleAttributes, + _In_ ULONG Flags, + _Out_ PHANDLE NewThreadHandle + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationProcess( + _In_ HANDLE ProcessHandle, + _In_ PROCESSINFOCLASS ProcessInformationClass, + _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation, + _In_ ULONG ProcessInformationLength + ); + +#endif + +#define STATECHANGE_SET_ATTRIBUTES 0x0001 + +typedef enum _PROCESS_STATE_CHANGE_TYPE +{ + ProcessStateChangeSuspend, + ProcessStateChangeResume, + ProcessStateChangeMax, +} PROCESS_STATE_CHANGE_TYPE, *PPROCESS_STATE_CHANGE_TYPE; + +#if (PHNT_VERSION >= PHNT_WIN11) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateProcessStateChange( + _Out_ PHANDLE ProcessStateChangeHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ProcessHandle, + _In_opt_ ULONG64 Reserved + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtChangeProcessState( + _In_ HANDLE ProcessStateChangeHandle, + _In_ HANDLE ProcessHandle, + _In_ PROCESS_STATE_CHANGE_TYPE StateChangeType, + _In_opt_ PVOID ExtendedInformation, + _In_opt_ SIZE_T ExtendedInformationLength, + _In_opt_ ULONG64 Reserved + ); + +#endif + +typedef enum _THREAD_STATE_CHANGE_TYPE +{ + ThreadStateChangeSuspend, + ThreadStateChangeResume, + ThreadStateChangeMax, +} THREAD_STATE_CHANGE_TYPE, *PTHREAD_STATE_CHANGE_TYPE; + +#if (PHNT_VERSION >= PHNT_WIN11) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateThreadStateChange( + _Out_ PHANDLE ThreadStateChangeHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ThreadHandle, + _In_opt_ ULONG64 Reserved + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtChangeThreadState( + _In_ HANDLE ThreadStateChangeHandle, + _In_ HANDLE ThreadHandle, + _In_ THREAD_STATE_CHANGE_TYPE StateChangeType, + _In_opt_ PVOID ExtendedInformation, + _In_opt_ SIZE_T ExtendedInformationLength, + _In_opt_ ULONG64 Reserved + ); + +#endif + +// Threads + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateThread( + _Out_ PHANDLE ThreadHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ProcessHandle, + _Out_ PCLIENT_ID ClientId, + _In_ PCONTEXT ThreadContext, + _In_ PINITIAL_TEB InitialTeb, + _In_ BOOLEAN CreateSuspended + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenThread( + _Out_ PHANDLE ThreadHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PCLIENT_ID ClientId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtTerminateThread( + _In_opt_ HANDLE ThreadHandle, + _In_ NTSTATUS ExitStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSuspendThread( + _In_ HANDLE ThreadHandle, + _Out_opt_ PULONG PreviousSuspendCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtResumeThread( + _In_ HANDLE ThreadHandle, + _Out_opt_ PULONG PreviousSuspendCount + ); + +NTSYSCALLAPI +ULONG +NTAPI +NtGetCurrentProcessorNumber( + VOID + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSCALLAPI +ULONG +NTAPI +NtGetCurrentProcessorNumberEx( + _Out_opt_ PPROCESSOR_NUMBER ProcessorNumber + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtGetContextThread( + _In_ HANDLE ThreadHandle, + _Inout_ PCONTEXT ThreadContext + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetContextThread( + _In_ HANDLE ThreadHandle, + _In_ PCONTEXT ThreadContext + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInformationThread( + _In_ HANDLE ThreadHandle, + _In_ THREADINFOCLASS ThreadInformationClass, + _Out_writes_bytes_(ThreadInformationLength) PVOID ThreadInformation, + _In_ ULONG ThreadInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationThread( + _In_ HANDLE ThreadHandle, + _In_ THREADINFOCLASS ThreadInformationClass, + _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, + _In_ ULONG ThreadInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlertThread( + _In_ HANDLE ThreadHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlertResumeThread( + _In_ HANDLE ThreadHandle, + _Out_opt_ PULONG PreviousSuspendCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtTestAlert( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtImpersonateThread( + _In_ HANDLE ServerThreadHandle, + _In_ HANDLE ClientThreadHandle, + _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRegisterThreadTerminatePort( + _In_ HANDLE PortHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetLdtEntries( + _In_ ULONG Selector0, + _In_ ULONG Entry0Low, + _In_ ULONG Entry0Hi, + _In_ ULONG Selector1, + _In_ ULONG Entry1Low, + _In_ ULONG Entry1Hi + ); + +typedef VOID (NTAPI* PPS_APC_ROUTINE)( + _In_opt_ PVOID ApcArgument1, + _In_opt_ PVOID ApcArgument2, + _In_opt_ PVOID ApcArgument3 + ); + +#define Wow64EncodeApcRoutine(ApcRoutine) \ + ((PVOID)((0 - ((LONG_PTR)(ApcRoutine))) << 2)) + +#define Wow64DecodeApcRoutine(ApcRoutine) \ + ((PVOID)(0 - (((LONG_PTR)(ApcRoutine)) >> 2))) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueueApcThread( + _In_ HANDLE ThreadHandle, + _In_ PPS_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcArgument1, + _In_opt_ PVOID ApcArgument2, + _In_opt_ PVOID ApcArgument3 + ); + +#if (PHNT_VERSION >= PHNT_WIN7) + +#define QUEUE_USER_APC_SPECIAL_USER_APC ((HANDLE)0x1) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueueApcThreadEx( + _In_ HANDLE ThreadHandle, + _In_opt_ HANDLE ReserveHandle, // NtAllocateReserveObject // SPECIAL_USER_APC + _In_ PPS_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcArgument1, + _In_opt_ PVOID ApcArgument2, + _In_opt_ PVOID ApcArgument3 + ); + +#endif + +#if (PHNT_VERSION >= PHNT_WIN11) + +// QUEUE_USER_APC_FLAGS enum (dmex) +#define QUEUE_USER_APC_FLAGS_NONE 0x0 +#define QUEUE_USER_APC_FLAGS_SPECIAL_USER_APC 0x1 +#define QUEUE_USER_APC_CALLBACK_DATA_CONTEXT 0x00010000 // APC_CALLBACK_DATA + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueueApcThreadEx2( + _In_ HANDLE ThreadHandle, + _In_opt_ HANDLE ReserveHandle, // NtAllocateReserveObject + _In_ ULONG ApcFlags, // QUEUE_USER_APC_FLAGS + _In_ PPS_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcArgument1, + _In_opt_ PVOID ApcArgument2, + _In_opt_ PVOID ApcArgument3 + ); + +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) + +// rev +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAlertThreadByThreadId( + _In_ HANDLE ThreadId + ); + +// rev +NTSYSCALLAPI +NTSTATUS +NTAPI +NtWaitForAlertByThreadId( + _In_ PVOID Address, + _In_opt_ PLARGE_INTEGER Timeout + ); + +#endif + +#endif + +// User processes and threads + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +// Attributes (Win32 CreateProcess) + +// PROC_THREAD_ATTRIBUTE_NUM (dmex) +#define ProcThreadAttributeParentProcess 0 // in HANDLE +#define ProcThreadAttributeExtendedFlags 1 // in ULONG (EXTENDED_PROCESS_CREATION_FLAG_*) +#define ProcThreadAttributeHandleList 2 // in HANDLE[] +#define ProcThreadAttributeGroupAffinity 3 // in GROUP_AFFINITY // since WIN7 +#define ProcThreadAttributePreferredNode 4 // in USHORT +#define ProcThreadAttributeIdealProcessor 5 // in PROCESSOR_NUMBER +#define ProcThreadAttributeUmsThread 6 // in UMS_CREATE_THREAD_ATTRIBUTES +#define ProcThreadAttributeMitigationPolicy 7 // in ULONG, ULONG64, or ULONG64[2] +#define ProcThreadAttributePackageFullName 8 // in WCHAR[] // since WIN8 +#define ProcThreadAttributeSecurityCapabilities 9 // in SECURITY_CAPABILITIES +#define ProcThreadAttributeConsoleReference 10 // BaseGetConsoleReference (kernelbase.dll) +#define ProcThreadAttributeProtectionLevel 11 // in ULONG (PROTECTION_LEVEL_*) // since WINBLUE +#define ProcThreadAttributeOsMaxVersionTested 12 // in MAXVERSIONTESTED_INFO // since THRESHOLD // (from exe.manifest) +#define ProcThreadAttributeJobList 13 // in HANDLE[] +#define ProcThreadAttributeChildProcessPolicy 14 // in ULONG (PROCESS_CREATION_CHILD_PROCESS_*) // since THRESHOLD2 +#define ProcThreadAttributeAllApplicationPackagesPolicy 15 // in ULONG (PROCESS_CREATION_ALL_APPLICATION_PACKAGES_*) // since REDSTONE +#define ProcThreadAttributeWin32kFilter 16 // in WIN32K_SYSCALL_FILTER +#define ProcThreadAttributeSafeOpenPromptOriginClaim 17 // in SE_SAFE_OPEN_PROMPT_RESULTS +#define ProcThreadAttributeDesktopAppPolicy 18 // in ULONG (PROCESS_CREATION_DESKTOP_APP_*) // since RS2 +#define ProcThreadAttributeBnoIsolation 19 // in PROC_THREAD_BNOISOLATION_ATTRIBUTE +#define ProcThreadAttributePseudoConsole 22 // in HANDLE (HPCON) // since RS5 +#define ProcThreadAttributeIsolationManifest 23 // in ISOLATION_MANIFEST_PROPERTIES // rev (diversenok) // since 19H2+ +#define ProcThreadAttributeMitigationAuditPolicy 24 // in ULONG, ULONG64, or ULONG64[2] // since 21H1 +#define ProcThreadAttributeMachineType 25 // in USHORT // since 21H2 +#define ProcThreadAttributeComponentFilter 26 // in ULONG +#define ProcThreadAttributeEnableOptionalXStateFeatures 27 // in ULONG64 // since WIN11 +#define ProcThreadAttributeCreateStore 28 // ULONG // rev (diversenok) +#define ProcThreadAttributeTrustedApp 29 + +#ifndef PROC_THREAD_ATTRIBUTE_EXTENDED_FLAGS +#define PROC_THREAD_ATTRIBUTE_EXTENDED_FLAGS \ + ProcThreadAttributeValue(ProcThreadAttributeExtendedFlags, FALSE, TRUE, TRUE) +#endif +#ifndef PROC_THREAD_ATTRIBUTE_PACKAGE_FULL_NAME +#define PROC_THREAD_ATTRIBUTE_PACKAGE_FULL_NAME \ + ProcThreadAttributeValue(ProcThreadAttributePackageFullName, FALSE, TRUE, FALSE) +#endif +#ifndef PROC_THREAD_ATTRIBUTE_CONSOLE_REFERENCE +#define PROC_THREAD_ATTRIBUTE_CONSOLE_REFERENCE \ + ProcThreadAttributeValue(ProcThreadAttributeConsoleReference, FALSE, TRUE, FALSE) +#endif +#ifndef PROC_THREAD_ATTRIBUTE_OSMAXVERSIONTESTED +#define PROC_THREAD_ATTRIBUTE_OSMAXVERSIONTESTED \ + ProcThreadAttributeValue(ProcThreadAttributeOsMaxVersionTested, FALSE, TRUE, FALSE) +#endif +#ifndef PROC_THREAD_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM +#define PROC_THREAD_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM \ + ProcThreadAttributeValue(ProcThreadAttributeSafeOpenPromptOriginClaim, FALSE, TRUE, FALSE) +#endif +#ifndef PROC_THREAD_ATTRIBUTE_BNO_ISOLATION +#define PROC_THREAD_ATTRIBUTE_BNO_ISOLATION \ + ProcThreadAttributeValue(ProcThreadAttributeBnoIsolation, FALSE, TRUE, FALSE) +#endif +#ifndef PROC_THREAD_ATTRIBUTE_ISOLATION_MANIFEST +#define PROC_THREAD_ATTRIBUTE_ISOLATION_MANIFEST \ + ProcThreadAttributeValue(ProcThreadAttributeIsolationManifest, FALSE, TRUE, FALSE) +#endif +#ifndef PROC_THREAD_ATTRIBUTE_CREATE_STORE +#define PROC_THREAD_ATTRIBUTE_CREATE_STORE \ + ProcThreadAttributeValue(ProcThreadAttributeCreateStore, FALSE, TRUE, FALSE) +#endif +#ifndef PROC_THREAD_ATTRIBUTE_TRUSTED_APP +#define PROC_THREAD_ATTRIBUTE_TRUSTED_APP \ + ProcThreadAttributeValue(ProcThreadAttributeTrustedApp, FALSE, TRUE, FALSE) +#endif + +// private +typedef struct _PROC_THREAD_ATTRIBUTE +{ + ULONG_PTR Attribute; + SIZE_T Size; + ULONG_PTR Value; +} PROC_THREAD_ATTRIBUTE, *PPROC_THREAD_ATTRIBUTE; + +// private +typedef struct _PROC_THREAD_ATTRIBUTE_LIST +{ + ULONG PresentFlags; + ULONG AttributeCount; + ULONG LastAttribute; + ULONG SpareUlong0; + PPROC_THREAD_ATTRIBUTE ExtendedFlagsAttribute; + _Field_size_(AttributeCount) PROC_THREAD_ATTRIBUTE Attributes[1]; +} PROC_THREAD_ATTRIBUTE_LIST, *PPROC_THREAD_ATTRIBUTE_LIST; + +// private +#define EXTENDED_PROCESS_CREATION_FLAG_ELEVATION_HANDLED 0x00000001 +#define EXTENDED_PROCESS_CREATION_FLAG_FORCELUA 0x00000002 +#define EXTENDED_PROCESS_CREATION_FLAG_FORCE_BREAKAWAY 0x00000004 // requires SeTcbPrivilege // since WINBLUE + +#define PROTECTION_LEVEL_WINTCB_LIGHT 0x00000000 +#define PROTECTION_LEVEL_WINDOWS 0x00000001 +#define PROTECTION_LEVEL_WINDOWS_LIGHT 0x00000002 +#define PROTECTION_LEVEL_ANTIMALWARE_LIGHT 0x00000003 +#define PROTECTION_LEVEL_LSA_LIGHT 0x00000004 +#define PROTECTION_LEVEL_WINTCB 0x00000005 +#define PROTECTION_LEVEL_CODEGEN_LIGHT 0x00000006 +#define PROTECTION_LEVEL_AUTHENTICODE 0x00000007 +#define PROTECTION_LEVEL_PPL_APP 0x00000008 + +#define PROTECTION_LEVEL_SAME 0xFFFFFFFF +#define PROTECTION_LEVEL_NONE 0xFFFFFFFE + +// private +typedef enum _SE_SAFE_OPEN_PROMPT_EXPERIENCE_RESULTS +{ + SeSafeOpenExperienceNone = 0x00, + SeSafeOpenExperienceCalled = 0x01, + SeSafeOpenExperienceAppRepCalled = 0x02, + SeSafeOpenExperiencePromptDisplayed = 0x04, + SeSafeOpenExperienceUAC = 0x08, + SeSafeOpenExperienceUninstaller = 0x10, + SeSafeOpenExperienceIgnoreUnknownOrBad = 0x20, + SeSafeOpenExperienceDefenderTrustedInstaller = 0x40, + SeSafeOpenExperienceMOTWPresent = 0x80, + SeSafeOpenExperienceElevatedNoPropagation = 0x100 +} SE_SAFE_OPEN_PROMPT_EXPERIENCE_RESULTS; + +// private +typedef struct _SE_SAFE_OPEN_PROMPT_RESULTS +{ + SE_SAFE_OPEN_PROMPT_EXPERIENCE_RESULTS Results; + WCHAR Path[MAX_PATH]; +} SE_SAFE_OPEN_PROMPT_RESULTS, *PSE_SAFE_OPEN_PROMPT_RESULTS; + +typedef struct _PROC_THREAD_BNOISOLATION_ATTRIBUTE +{ + BOOL IsolationEnabled; + WCHAR IsolationPrefix[0x88]; +} PROC_THREAD_BNOISOLATION_ATTRIBUTE, *PPROC_THREAD_BNOISOLATION_ATTRIBUTE; + +// private +typedef struct _ISOLATION_MANIFEST_PROPERTIES +{ + UNICODE_STRING InstancePath; + UNICODE_STRING FriendlyName; + UNICODE_STRING Description; + ULONG_PTR Level; +} ISOLATION_MANIFEST_PROPERTIES, *PISOLATION_MANIFEST_PROPERTIES; + +// Attributes (Native) + +// private +typedef enum _PS_ATTRIBUTE_NUM +{ + PsAttributeParentProcess, // in HANDLE + PsAttributeDebugObject, // in HANDLE + PsAttributeToken, // in HANDLE + PsAttributeClientId, // out PCLIENT_ID + PsAttributeTebAddress, // out PTEB * + PsAttributeImageName, // in PWSTR + PsAttributeImageInfo, // out PSECTION_IMAGE_INFORMATION + PsAttributeMemoryReserve, // in PPS_MEMORY_RESERVE + PsAttributePriorityClass, // in UCHAR + PsAttributeErrorMode, // in ULONG + PsAttributeStdHandleInfo, // 10, in PPS_STD_HANDLE_INFO + PsAttributeHandleList, // in HANDLE[] + PsAttributeGroupAffinity, // in PGROUP_AFFINITY + PsAttributePreferredNode, // in PUSHORT + PsAttributeIdealProcessor, // in PPROCESSOR_NUMBER + PsAttributeUmsThread, // ? in PUMS_CREATE_THREAD_ATTRIBUTES + PsAttributeMitigationOptions, // in PPS_MITIGATION_OPTIONS_MAP (PROCESS_CREATION_MITIGATION_POLICY_*) // since WIN8 + PsAttributeProtectionLevel, // in PS_PROTECTION // since WINBLUE + PsAttributeSecureProcess, // in PPS_TRUSTLET_CREATE_ATTRIBUTES, since THRESHOLD + PsAttributeJobList, // in HANDLE[] + PsAttributeChildProcessPolicy, // 20, in PULONG (PROCESS_CREATION_CHILD_PROCESS_*) // since THRESHOLD2 + PsAttributeAllApplicationPackagesPolicy, // in PULONG (PROCESS_CREATION_ALL_APPLICATION_PACKAGES_*) // since REDSTONE + PsAttributeWin32kFilter, // in PWIN32K_SYSCALL_FILTER + PsAttributeSafeOpenPromptOriginClaim, // in SE_SAFE_OPEN_PROMPT_RESULTS + PsAttributeBnoIsolation, // in PPS_BNO_ISOLATION_PARAMETERS // since REDSTONE2 + PsAttributeDesktopAppPolicy, // in PULONG (PROCESS_CREATION_DESKTOP_APP_*) + PsAttributeChpe, // in BOOLEAN // since REDSTONE3 + PsAttributeMitigationAuditOptions, // in PPS_MITIGATION_AUDIT_OPTIONS_MAP (PROCESS_CREATION_MITIGATION_AUDIT_POLICY_*) // since 21H1 + PsAttributeMachineType, // in USHORT // since 21H2 + PsAttributeComponentFilter, + PsAttributeEnableOptionalXStateFeatures, // since WIN11 + PsAttributeMax +} PS_ATTRIBUTE_NUM; + +// private +#define PS_ATTRIBUTE_NUMBER_MASK 0x0000ffff +#define PS_ATTRIBUTE_THREAD 0x00010000 // may be used with thread creation +#define PS_ATTRIBUTE_INPUT 0x00020000 // input only +#define PS_ATTRIBUTE_ADDITIVE 0x00040000 // "accumulated" e.g. bitmasks, counters, etc. + +// begin_rev + +#define PsAttributeValue(Number, Thread, Input, Additive) \ + (((Number) & PS_ATTRIBUTE_NUMBER_MASK) | \ + ((Thread) ? PS_ATTRIBUTE_THREAD : 0) | \ + ((Input) ? PS_ATTRIBUTE_INPUT : 0) | \ + ((Additive) ? PS_ATTRIBUTE_ADDITIVE : 0)) + +#define PS_ATTRIBUTE_PARENT_PROCESS \ + PsAttributeValue(PsAttributeParentProcess, FALSE, TRUE, TRUE) +#define PS_ATTRIBUTE_DEBUG_OBJECT \ + PsAttributeValue(PsAttributeDebugObject, FALSE, TRUE, TRUE) +#define PS_ATTRIBUTE_TOKEN \ + PsAttributeValue(PsAttributeToken, FALSE, TRUE, TRUE) +#define PS_ATTRIBUTE_CLIENT_ID \ + PsAttributeValue(PsAttributeClientId, TRUE, FALSE, FALSE) +#define PS_ATTRIBUTE_TEB_ADDRESS \ + PsAttributeValue(PsAttributeTebAddress, TRUE, FALSE, FALSE) +#define PS_ATTRIBUTE_IMAGE_NAME \ + PsAttributeValue(PsAttributeImageName, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_IMAGE_INFO \ + PsAttributeValue(PsAttributeImageInfo, FALSE, FALSE, FALSE) +#define PS_ATTRIBUTE_MEMORY_RESERVE \ + PsAttributeValue(PsAttributeMemoryReserve, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_PRIORITY_CLASS \ + PsAttributeValue(PsAttributePriorityClass, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_ERROR_MODE \ + PsAttributeValue(PsAttributeErrorMode, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_STD_HANDLE_INFO \ + PsAttributeValue(PsAttributeStdHandleInfo, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_HANDLE_LIST \ + PsAttributeValue(PsAttributeHandleList, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_GROUP_AFFINITY \ + PsAttributeValue(PsAttributeGroupAffinity, TRUE, TRUE, FALSE) +#define PS_ATTRIBUTE_PREFERRED_NODE \ + PsAttributeValue(PsAttributePreferredNode, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_IDEAL_PROCESSOR \ + PsAttributeValue(PsAttributeIdealProcessor, TRUE, TRUE, FALSE) +#define PS_ATTRIBUTE_UMS_THREAD \ + PsAttributeValue(PsAttributeUmsThread, TRUE, TRUE, FALSE) +#define PS_ATTRIBUTE_MITIGATION_OPTIONS \ + PsAttributeValue(PsAttributeMitigationOptions, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_PROTECTION_LEVEL \ + PsAttributeValue(PsAttributeProtectionLevel, FALSE, TRUE, TRUE) +#define PS_ATTRIBUTE_SECURE_PROCESS \ + PsAttributeValue(PsAttributeSecureProcess, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_JOB_LIST \ + PsAttributeValue(PsAttributeJobList, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_CHILD_PROCESS_POLICY \ + PsAttributeValue(PsAttributeChildProcessPolicy, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY \ + PsAttributeValue(PsAttributeAllApplicationPackagesPolicy, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_WIN32K_FILTER \ + PsAttributeValue(PsAttributeWin32kFilter, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM \ + PsAttributeValue(PsAttributeSafeOpenPromptOriginClaim, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_BNO_ISOLATION \ + PsAttributeValue(PsAttributeBnoIsolation, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_DESKTOP_APP_POLICY \ + PsAttributeValue(PsAttributeDesktopAppPolicy, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_CHPE \ + PsAttributeValue(PsAttributeChpe, FALSE, TRUE, TRUE) +#define PS_ATTRIBUTE_MITIGATION_AUDIT_OPTIONS \ + PsAttributeValue(PsAttributeMitigationAuditOptions, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_MACHINE_TYPE \ + PsAttributeValue(PsAttributeMachineType, FALSE, TRUE, TRUE) +#define PS_ATTRIBUTE_COMPONENT_FILTER \ + PsAttributeValue(PsAttributeComponentFilter, FALSE, TRUE, FALSE) +#define PS_ATTRIBUTE_ENABLE_OPTIONAL_XSTATE_FEATURES \ + PsAttributeValue(PsAttributeEnableOptionalXStateFeatures, TRUE, TRUE, FALSE) + +// end_rev + +// begin_private + +typedef struct _PS_ATTRIBUTE +{ + ULONG_PTR Attribute; + SIZE_T Size; + union + { + ULONG_PTR Value; + PVOID ValuePtr; + }; + PSIZE_T ReturnLength; +} PS_ATTRIBUTE, *PPS_ATTRIBUTE; + +typedef struct _PS_ATTRIBUTE_LIST +{ + SIZE_T TotalLength; + PS_ATTRIBUTE Attributes[1]; +} PS_ATTRIBUTE_LIST, *PPS_ATTRIBUTE_LIST; + +typedef struct _PS_MEMORY_RESERVE +{ + PVOID ReserveAddress; + SIZE_T ReserveSize; +} PS_MEMORY_RESERVE, *PPS_MEMORY_RESERVE; + +typedef enum _PS_STD_HANDLE_STATE +{ + PsNeverDuplicate, + PsRequestDuplicate, // duplicate standard handles specified by PseudoHandleMask, and only if StdHandleSubsystemType matches the image subsystem + PsAlwaysDuplicate, // always duplicate standard handles + PsMaxStdHandleStates +} PS_STD_HANDLE_STATE; + +// begin_rev +#define PS_STD_INPUT_HANDLE 0x1 +#define PS_STD_OUTPUT_HANDLE 0x2 +#define PS_STD_ERROR_HANDLE 0x4 +// end_rev + +typedef struct _PS_STD_HANDLE_INFO +{ + union + { + ULONG Flags; + struct + { + ULONG StdHandleState : 2; // PS_STD_HANDLE_STATE + ULONG PseudoHandleMask : 3; // PS_STD_* + }; + }; + ULONG StdHandleSubsystemType; +} PS_STD_HANDLE_INFO, *PPS_STD_HANDLE_INFO; + +typedef union _PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS +{ + UCHAR Trustlet : 1; + UCHAR Ntos : 1; + UCHAR WriteHandle : 1; + UCHAR ReadHandle : 1; + UCHAR Reserved : 4; + UCHAR AccessRights; +} PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS, *PPS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS; + +typedef struct _PS_TRUSTLET_ATTRIBUTE_TYPE +{ + union + { + struct + { + UCHAR Version; + UCHAR DataCount; + UCHAR SemanticType; + PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS AccessRights; + }; + ULONG AttributeType; + }; +} PS_TRUSTLET_ATTRIBUTE_TYPE, *PPS_TRUSTLET_ATTRIBUTE_TYPE; + +typedef struct _PS_TRUSTLET_ATTRIBUTE_HEADER +{ + PS_TRUSTLET_ATTRIBUTE_TYPE AttributeType; + ULONG InstanceNumber : 8; + ULONG Reserved : 24; +} PS_TRUSTLET_ATTRIBUTE_HEADER, *PPS_TRUSTLET_ATTRIBUTE_HEADER; + +typedef struct _PS_TRUSTLET_ATTRIBUTE_DATA +{ + PS_TRUSTLET_ATTRIBUTE_HEADER Header; + ULONGLONG Data[1]; +} PS_TRUSTLET_ATTRIBUTE_DATA, *PPS_TRUSTLET_ATTRIBUTE_DATA; + +typedef struct _PS_TRUSTLET_CREATE_ATTRIBUTES +{ + ULONGLONG TrustletIdentity; + PS_TRUSTLET_ATTRIBUTE_DATA Attributes[1]; +} PS_TRUSTLET_CREATE_ATTRIBUTES, *PPS_TRUSTLET_CREATE_ATTRIBUTES; + +// private +typedef struct _PS_BNO_ISOLATION_PARAMETERS +{ + UNICODE_STRING IsolationPrefix; + ULONG HandleCount; + PVOID *Handles; + BOOLEAN IsolationEnabled; +} PS_BNO_ISOLATION_PARAMETERS, *PPS_BNO_ISOLATION_PARAMETERS; + +// private +typedef enum _PS_MITIGATION_OPTION +{ + PS_MITIGATION_OPTION_NX, + PS_MITIGATION_OPTION_SEHOP, + PS_MITIGATION_OPTION_FORCE_RELOCATE_IMAGES, + PS_MITIGATION_OPTION_HEAP_TERMINATE, + PS_MITIGATION_OPTION_BOTTOM_UP_ASLR, + PS_MITIGATION_OPTION_HIGH_ENTROPY_ASLR, + PS_MITIGATION_OPTION_STRICT_HANDLE_CHECKS, + PS_MITIGATION_OPTION_WIN32K_SYSTEM_CALL_DISABLE, + PS_MITIGATION_OPTION_EXTENSION_POINT_DISABLE, + PS_MITIGATION_OPTION_PROHIBIT_DYNAMIC_CODE, + PS_MITIGATION_OPTION_CONTROL_FLOW_GUARD, + PS_MITIGATION_OPTION_BLOCK_NON_MICROSOFT_BINARIES, + PS_MITIGATION_OPTION_FONT_DISABLE, + PS_MITIGATION_OPTION_IMAGE_LOAD_NO_REMOTE, + PS_MITIGATION_OPTION_IMAGE_LOAD_NO_LOW_LABEL, + PS_MITIGATION_OPTION_IMAGE_LOAD_PREFER_SYSTEM32, + PS_MITIGATION_OPTION_RETURN_FLOW_GUARD, + PS_MITIGATION_OPTION_LOADER_INTEGRITY_CONTINUITY, + PS_MITIGATION_OPTION_STRICT_CONTROL_FLOW_GUARD, + PS_MITIGATION_OPTION_RESTRICT_SET_THREAD_CONTEXT, + PS_MITIGATION_OPTION_ROP_STACKPIVOT, // since REDSTONE3 + PS_MITIGATION_OPTION_ROP_CALLER_CHECK, + PS_MITIGATION_OPTION_ROP_SIMEXEC, + PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER, + PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER_PLUS, + PS_MITIGATION_OPTION_RESTRICT_CHILD_PROCESS_CREATION, + PS_MITIGATION_OPTION_IMPORT_ADDRESS_FILTER, + PS_MITIGATION_OPTION_MODULE_TAMPERING_PROTECTION, + PS_MITIGATION_OPTION_RESTRICT_INDIRECT_BRANCH_PREDICTION, + PS_MITIGATION_OPTION_SPECULATIVE_STORE_BYPASS_DISABLE, // since REDSTONE5 + PS_MITIGATION_OPTION_ALLOW_DOWNGRADE_DYNAMIC_CODE_POLICY, + PS_MITIGATION_OPTION_CET_USER_SHADOW_STACKS, + PS_MITIGATION_OPTION_USER_CET_SET_CONTEXT_IP_VALIDATION, // since 21H1 + PS_MITIGATION_OPTION_BLOCK_NON_CET_BINARIES, + PS_MITIGATION_OPTION_CET_DYNAMIC_APIS_OUT_OF_PROC_ONLY, + PS_MITIGATION_OPTION_REDIRECTION_TRUST, // since 22H1 + PS_MITIGATION_OPTION_RESTRICT_CORE_SHARING, +} PS_MITIGATION_OPTION; + +// windows-internals-book:"Chapter 5" +typedef enum _PS_CREATE_STATE +{ + PsCreateInitialState, + PsCreateFailOnFileOpen, + PsCreateFailOnSectionCreate, + PsCreateFailExeFormat, + PsCreateFailMachineMismatch, + PsCreateFailExeName, // Debugger specified + PsCreateSuccess, + PsCreateMaximumStates +} PS_CREATE_STATE; + +typedef struct _PS_CREATE_INFO +{ + SIZE_T Size; + PS_CREATE_STATE State; + union + { + // PsCreateInitialState + struct + { + union + { + ULONG InitFlags; + struct + { + UCHAR WriteOutputOnExit : 1; + UCHAR DetectManifest : 1; + UCHAR IFEOSkipDebugger : 1; + UCHAR IFEODoNotPropagateKeyState : 1; + UCHAR SpareBits1 : 4; + UCHAR SpareBits2 : 8; + USHORT ProhibitedImageCharacteristics : 16; + }; + }; + ACCESS_MASK AdditionalFileAccess; + } InitState; + + // PsCreateFailOnSectionCreate + struct + { + HANDLE FileHandle; + } FailSection; + + // PsCreateFailExeFormat + struct + { + USHORT DllCharacteristics; + } ExeFormat; + + // PsCreateFailExeName + struct + { + HANDLE IFEOKey; + } ExeName; + + // PsCreateSuccess + struct + { + union + { + ULONG OutputFlags; + struct + { + UCHAR ProtectedProcess : 1; + UCHAR AddressSpaceOverride : 1; + UCHAR DevOverrideEnabled : 1; // from Image File Execution Options + UCHAR ManifestDetected : 1; + UCHAR ProtectedProcessLight : 1; + UCHAR SpareBits1 : 3; + UCHAR SpareBits2 : 8; + USHORT SpareBits3 : 16; + }; + }; + HANDLE FileHandle; + HANDLE SectionHandle; + ULONGLONG UserProcessParametersNative; + ULONG UserProcessParametersWow64; + ULONG CurrentParameterFlags; + ULONGLONG PebAddressNative; + ULONG PebAddressWow64; + ULONGLONG ManifestAddress; + ULONG ManifestSize; + } SuccessState; + }; +} PS_CREATE_INFO, *PPS_CREATE_INFO; + +// end_private + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateUserProcess( + _Out_ PHANDLE ProcessHandle, + _Out_ PHANDLE ThreadHandle, + _In_ ACCESS_MASK ProcessDesiredAccess, + _In_ ACCESS_MASK ThreadDesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ProcessObjectAttributes, + _In_opt_ POBJECT_ATTRIBUTES ThreadObjectAttributes, + _In_ ULONG ProcessFlags, // PROCESS_CREATE_FLAGS_* + _In_ ULONG ThreadFlags, // THREAD_CREATE_FLAGS_* + _In_opt_ PVOID ProcessParameters, // PRTL_USER_PROCESS_PARAMETERS + _Inout_ PPS_CREATE_INFO CreateInfo, + _In_opt_ PPS_ATTRIBUTE_LIST AttributeList + ); +#endif + +// begin_rev +#define THREAD_CREATE_FLAGS_NONE 0x00000000 +#define THREAD_CREATE_FLAGS_CREATE_SUSPENDED 0x00000001 // NtCreateUserProcess & NtCreateThreadEx +#define THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH 0x00000002 // NtCreateThreadEx only +#define THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER 0x00000004 // NtCreateThreadEx only +#define THREAD_CREATE_FLAGS_LOADER_WORKER 0x00000010 // NtCreateThreadEx only +#define THREAD_CREATE_FLAGS_SKIP_LOADER_INIT 0x00000020 // NtCreateThreadEx only +#define THREAD_CREATE_FLAGS_BYPASS_PROCESS_FREEZE 0x00000040 // NtCreateThreadEx only +// end_rev + +#if (PHNT_VERSION >= PHNT_VISTA) + +typedef NTSTATUS (NTAPI *PUSER_THREAD_START_ROUTINE)( + _In_ PVOID ThreadParameter + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateThreadEx( + _Out_ PHANDLE ThreadHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ProcessHandle, + _In_ PUSER_THREAD_START_ROUTINE StartRoutine, + _In_opt_ PVOID Argument, + _In_ ULONG CreateFlags, // THREAD_CREATE_FLAGS_* + _In_ SIZE_T ZeroBits, + _In_ SIZE_T StackSize, + _In_ SIZE_T MaximumStackSize, + _In_opt_ PPS_ATTRIBUTE_LIST AttributeList + ); + +#endif + +#endif + +// Job objects + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +// JOBOBJECTINFOCLASS +// Note: We don't use an enum since it conflicts with the Windows SDK. +#define JobObjectBasicAccountingInformation 1 // q: JOBOBJECT_BASIC_ACCOUNTING_INFORMATION +#define JobObjectBasicLimitInformation 2 // q; s: JOBOBJECT_BASIC_LIMIT_INFORMATION +#define JobObjectBasicProcessIdList 3 // q: JOBOBJECT_BASIC_PROCESS_ID_LIST +#define JobObjectBasicUIRestrictions 4 // q; s: JOBOBJECT_BASIC_UI_RESTRICTIONS +#define JobObjectSecurityLimitInformation 5 // JOBOBJECT_SECURITY_LIMIT_INFORMATION +#define JobObjectEndOfJobTimeInformation 6 // q; s: JOBOBJECT_END_OF_JOB_TIME_INFORMATION +#define JobObjectAssociateCompletionPortInformation 7 // s: JOBOBJECT_ASSOCIATE_COMPLETION_PORT +#define JobObjectBasicAndIoAccountingInformation 8 // q: JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION +#define JobObjectExtendedLimitInformation 9 // q; s: JOBOBJECT_EXTENDED_LIMIT_INFORMATION[V2] +#define JobObjectJobSetInformation 10 // JOBOBJECT_JOBSET_INFORMATION +#define JobObjectGroupInformation 11 // USHORT +#define JobObjectNotificationLimitInformation 12 // JOBOBJECT_NOTIFICATION_LIMIT_INFORMATION +#define JobObjectLimitViolationInformation 13 // JOBOBJECT_LIMIT_VIOLATION_INFORMATION +#define JobObjectGroupInformationEx 14 // GROUP_AFFINITY (ARRAY) +#define JobObjectCpuRateControlInformation 15 // JOBOBJECT_CPU_RATE_CONTROL_INFORMATION +#define JobObjectCompletionFilter 16 +#define JobObjectCompletionCounter 17 +#define JobObjectFreezeInformation 18 // JOBOBJECT_FREEZE_INFORMATION +#define JobObjectExtendedAccountingInformation 19 // JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION +#define JobObjectWakeInformation 20 // JOBOBJECT_WAKE_INFORMATION +#define JobObjectBackgroundInformation 21 +#define JobObjectSchedulingRankBiasInformation 22 +#define JobObjectTimerVirtualizationInformation 23 +#define JobObjectCycleTimeNotification 24 +#define JobObjectClearEvent 25 +#define JobObjectInterferenceInformation 26 // JOBOBJECT_INTERFERENCE_INFORMATION +#define JobObjectClearPeakJobMemoryUsed 27 +#define JobObjectMemoryUsageInformation 28 // JOBOBJECT_MEMORY_USAGE_INFORMATION // JOBOBJECT_MEMORY_USAGE_INFORMATION_V2 +#define JobObjectSharedCommit 29 +#define JobObjectContainerId 30 // JOBOBJECT_CONTAINER_IDENTIFIER_V2 +#define JobObjectIoRateControlInformation 31 // JOBOBJECT_IO_RATE_CONTROL_INFORMATION_NATIVE, JOBOBJECT_IO_RATE_CONTROL_INFORMATION_NATIVE_V2, JOBOBJECT_IO_RATE_CONTROL_INFORMATION_NATIVE_V3 +#define JobObjectNetRateControlInformation 32 // JOBOBJECT_NET_RATE_CONTROL_INFORMATION +#define JobObjectNotificationLimitInformation2 33 // JOBOBJECT_NOTIFICATION_LIMIT_INFORMATION_2 +#define JobObjectLimitViolationInformation2 34 // JOBOBJECT_LIMIT_VIOLATION_INFORMATION_2 +#define JobObjectCreateSilo 35 +#define JobObjectSiloBasicInformation 36 // SILOOBJECT_BASIC_INFORMATION +#define JobObjectSiloRootDirectory 37 // SILOOBJECT_ROOT_DIRECTORY +#define JobObjectServerSiloBasicInformation 38 // SERVERSILO_BASIC_INFORMATION +#define JobObjectServerSiloUserSharedData 39 // SILO_USER_SHARED_DATA // NtQueryInformationJobObject(NULL, 39, Buffer, sizeof(SILO_USER_SHARED_DATA), 0); +#define JobObjectServerSiloInitialize 40 // SERVERSILO_INIT_INFORMATION +#define JobObjectServerSiloRunningState 41 +#define JobObjectIoAttribution 42 // JOBOBJECT_IO_ATTRIBUTION_INFORMATION +#define JobObjectMemoryPartitionInformation 43 +#define JobObjectContainerTelemetryId 44 +#define JobObjectSiloSystemRoot 45 +#define JobObjectEnergyTrackingState 46 // JOBOBJECT_ENERGY_TRACKING_STATE +#define JobObjectThreadImpersonationInformation 47 +#define JobObjectIoPriorityLimit 48 // JOBOBJECT_IO_PRIORITY_LIMIT +#define JobObjectPagePriorityLimit 49 // JOBOBJECT_PAGE_PRIORITY_LIMIT +#define MaxJobObjectInfoClass 50 + +// rev // extended limit v2 +#define JOB_OBJECT_LIMIT_SILO_READY 0x00400000 + +// private +typedef struct _JOBOBJECT_EXTENDED_LIMIT_INFORMATION_V2 +{ + JOBOBJECT_BASIC_LIMIT_INFORMATION BasicLimitInformation; + IO_COUNTERS IoInfo; + SIZE_T ProcessMemoryLimit; + SIZE_T JobMemoryLimit; + SIZE_T PeakProcessMemoryUsed; + SIZE_T PeakJobMemoryUsed; + SIZE_T JobTotalMemoryLimit; +} JOBOBJECT_EXTENDED_LIMIT_INFORMATION_V2, *PJOBOBJECT_EXTENDED_LIMIT_INFORMATION_V2; + +// private +typedef struct _JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION +{ + JOBOBJECT_BASIC_ACCOUNTING_INFORMATION BasicInfo; + IO_COUNTERS IoInfo; + PROCESS_DISK_COUNTERS DiskIoInfo; + ULONG64 ContextSwitches; + LARGE_INTEGER TotalCycleTime; + ULONG64 ReadyTime; + PROCESS_ENERGY_VALUES EnergyValues; +} JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION, *PJOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION; + +// private +typedef struct _JOBOBJECT_WAKE_INFORMATION +{ + HANDLE NotificationChannel; + ULONG64 WakeCounters[7]; +} JOBOBJECT_WAKE_INFORMATION, *PJOBOBJECT_WAKE_INFORMATION; + +// private +typedef struct _JOBOBJECT_WAKE_INFORMATION_V1 +{ + HANDLE NotificationChannel; + ULONG64 WakeCounters[4]; +} JOBOBJECT_WAKE_INFORMATION_V1, *PJOBOBJECT_WAKE_INFORMATION_V1; + +// private +typedef struct _JOBOBJECT_INTERFERENCE_INFORMATION +{ + ULONG64 Count; +} JOBOBJECT_INTERFERENCE_INFORMATION, *PJOBOBJECT_INTERFERENCE_INFORMATION; + +// private +typedef struct _JOBOBJECT_WAKE_FILTER +{ + ULONG HighEdgeFilter; + ULONG LowEdgeFilter; +} JOBOBJECT_WAKE_FILTER, *PJOBOBJECT_WAKE_FILTER; + +// private +typedef struct _JOBOBJECT_FREEZE_INFORMATION +{ + union + { + ULONG Flags; + struct + { + ULONG FreezeOperation : 1; + ULONG FilterOperation : 1; + ULONG SwapOperation : 1; + ULONG Reserved : 29; + }; + }; + BOOLEAN Freeze; + BOOLEAN Swap; + UCHAR Reserved0[2]; + JOBOBJECT_WAKE_FILTER WakeFilter; +} JOBOBJECT_FREEZE_INFORMATION, *PJOBOBJECT_FREEZE_INFORMATION; + +// private +typedef struct _JOBOBJECT_CONTAINER_IDENTIFIER_V2 +{ + GUID ContainerId; + GUID ContainerTelemetryId; + ULONG JobId; +} JOBOBJECT_CONTAINER_IDENTIFIER_V2, *PJOBOBJECT_CONTAINER_IDENTIFIER_V2; + +// private +typedef struct _JOBOBJECT_MEMORY_USAGE_INFORMATION +{ + ULONG64 JobMemory; + ULONG64 PeakJobMemoryUsed; +} JOBOBJECT_MEMORY_USAGE_INFORMATION, *PJOBOBJECT_MEMORY_USAGE_INFORMATION; + +// private +typedef struct _JOBOBJECT_MEMORY_USAGE_INFORMATION_V2 +{ + JOBOBJECT_MEMORY_USAGE_INFORMATION BasicInfo; + ULONG64 JobSharedMemory; + ULONG64 Reserved[2]; +} JOBOBJECT_MEMORY_USAGE_INFORMATION_V2, *PJOBOBJECT_MEMORY_USAGE_INFORMATION_V2; + +// private +typedef struct _SILO_USER_SHARED_DATA +{ + ULONG ServiceSessionId; + ULONG ActiveConsoleId; + LONGLONG ConsoleSessionForegroundProcessId; + NT_PRODUCT_TYPE NtProductType; + ULONG SuiteMask; + ULONG SharedUserSessionId; // since RS2 + BOOLEAN IsMultiSessionSku; + WCHAR NtSystemRoot[260]; + USHORT UserModeGlobalLogger[16]; + ULONG TimeZoneId; // since 21H2 + LONG TimeZoneBiasStamp; + KSYSTEM_TIME TimeZoneBias; + LARGE_INTEGER TimeZoneBiasEffectiveStart; + LARGE_INTEGER TimeZoneBiasEffectiveEnd; +} SILO_USER_SHARED_DATA, *PSILO_USER_SHARED_DATA; + +// rev +#define SILO_OBJECT_ROOT_DIRECTORY_SHADOW_ROOT 0x00000001 +#define SILO_OBJECT_ROOT_DIRECTORY_INITIALIZE 0x00000002 +#define SILO_OBJECT_ROOT_DIRECTORY_SHADOW_DOS_DEVICES 0x00000004 + +// private +typedef struct _SILOOBJECT_ROOT_DIRECTORY +{ + union + { + ULONG ControlFlags; // SILO_OBJECT_ROOT_DIRECTORY_* + UNICODE_STRING Path; + }; +} SILOOBJECT_ROOT_DIRECTORY, *PSILOOBJECT_ROOT_DIRECTORY; + +// private +typedef struct _SERVERSILO_INIT_INFORMATION +{ + HANDLE DeleteEvent; + BOOLEAN IsDownlevelContainer; +} SERVERSILO_INIT_INFORMATION, * PSERVERSILO_INIT_INFORMATION; + +// private +typedef struct _JOBOBJECT_ENERGY_TRACKING_STATE +{ + ULONG64 Value; + ULONG UpdateMask; + ULONG DesiredState; +} JOBOBJECT_ENERGY_TRACKING_STATE, *PJOBOBJECT_ENERGY_TRACKING_STATE; + +// private +typedef enum _JOBOBJECT_IO_PRIORITY_LIMIT_FLAGS +{ + JOBOBJECT_IO_PRIORITY_LIMIT_ENABLE = 0x1, + JOBOBJECT_IO_PRIORITY_LIMIT_VALID_FLAGS = 0x1, +} JOBOBJECT_IO_PRIORITY_LIMIT_FLAGS; + +// private +typedef struct _JOBOBJECT_IO_PRIORITY_LIMIT +{ + JOBOBJECT_IO_PRIORITY_LIMIT_FLAGS Flags; + ULONG Priority; +} JOBOBJECT_IO_PRIORITY_LIMIT, *PJOBOBJECT_IO_PRIORITY_LIMIT; + +// private +typedef enum _JOBOBJECT_PAGE_PRIORITY_LIMIT_FLAGS +{ + JOBOBJECT_PAGE_PRIORITY_LIMIT_ENABLE = 0x1, + JOBOBJECT_PAGE_PRIORITY_LIMIT_VALID_FLAGS = 0x1, +} JOBOBJECT_PAGE_PRIORITY_LIMIT_FLAGS; + +// private +typedef struct _JOBOBJECT_PAGE_PRIORITY_LIMIT +{ + JOBOBJECT_PAGE_PRIORITY_LIMIT_FLAGS Flags; + ULONG Priority; +} JOBOBJECT_PAGE_PRIORITY_LIMIT, *PJOBOBJECT_PAGE_PRIORITY_LIMIT; + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateJobObject( + _Out_ PHANDLE JobHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenJobObject( + _Out_ PHANDLE JobHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAssignProcessToJobObject( + _In_ HANDLE JobHandle, + _In_ HANDLE ProcessHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtTerminateJobObject( + _In_ HANDLE JobHandle, + _In_ NTSTATUS ExitStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtIsProcessInJob( + _In_ HANDLE ProcessHandle, + _In_opt_ HANDLE JobHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInformationJobObject( + _In_opt_ HANDLE JobHandle, + _In_ JOBOBJECTINFOCLASS JobObjectInformationClass, + _Out_writes_bytes_(JobObjectInformationLength) PVOID JobObjectInformation, + _In_ ULONG JobObjectInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationJobObject( + _In_ HANDLE JobHandle, + _In_ JOBOBJECTINFOCLASS JobObjectInformationClass, + _In_reads_bytes_(JobObjectInformationLength) PVOID JobObjectInformation, + _In_ ULONG JobObjectInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateJobSet( + _In_ ULONG NumJob, + _In_reads_(NumJob) PJOB_SET_ARRAY UserJobSet, + _In_ ULONG Flags + ); + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRevertContainerImpersonation( + VOID + ); +#endif + +#endif + +// Reserve objects + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +// private +typedef enum _MEMORY_RESERVE_TYPE +{ + MemoryReserveUserApc, + MemoryReserveIoCompletion, + MemoryReserveTypeMax +} MEMORY_RESERVE_TYPE; + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAllocateReserveObject( + _Out_ PHANDLE MemoryReserveHandle, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ MEMORY_RESERVE_TYPE Type + ); +#endif + +// Process snapshotting + +#if (PHNT_VERSION >= PHNT_WINBLUE) +// rev +NTSYSCALLAPI +NTSTATUS +NTAPI +PssNtCaptureSnapshot( + _Out_ PHANDLE SnapshotHandle, + _In_ HANDLE ProcessHandle, + _In_ ULONG CaptureFlags, + _In_ ULONG ThreadContextFlags + ); +#endif + +// rev +#define MEMORY_BULK_INFORMATION_FLAG_BASIC 0x00000001 + +// rev +typedef struct _NTPSS_MEMORY_BULK_INFORMATION +{ + ULONG QueryFlags; + ULONG NumberOfEntries; + PVOID NextValidAddress; +} NTPSS_MEMORY_BULK_INFORMATION, *PNTPSS_MEMORY_BULK_INFORMATION; + +#if (PHNT_VERSION >= PHNT_20H1) +// rev +NTSYSCALLAPI +NTSTATUS +NTAPI +NtPssCaptureVaSpaceBulk( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _In_ PNTPSS_MEMORY_BULK_INFORMATION BulkInformation, + _In_ SIZE_T BulkInformationLength, + _Out_opt_ PSIZE_T ReturnLength + ); +#endif + +#endif + +#endif diff --git a/deps/phnt-nightly/ntregapi.h b/deps/phnt-nightly/ntregapi.h new file mode 100644 index 0000000..cb4ec08 --- /dev/null +++ b/deps/phnt-nightly/ntregapi.h @@ -0,0 +1,887 @@ +/* + * Registry support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTREGAPI_H +#define _NTREGAPI_H + +// Boot condition flags (NtInitializeRegistry) + +#define REG_INIT_BOOT_SM 0x0000 +#define REG_INIT_BOOT_SETUP 0x0001 +#define REG_INIT_BOOT_ACCEPTED_BASE 0x0002 +#define REG_INIT_BOOT_ACCEPTED_MAX REG_INIT_BOOT_ACCEPTED_BASE + 999 + +#define REG_MAX_KEY_VALUE_NAME_LENGTH 32767 +#define REG_MAX_KEY_NAME_LENGTH 512 + +typedef enum _KEY_INFORMATION_CLASS +{ + KeyBasicInformation, // KEY_BASIC_INFORMATION + KeyNodeInformation, // KEY_NODE_INFORMATION + KeyFullInformation, // KEY_FULL_INFORMATION + KeyNameInformation, // KEY_NAME_INFORMATION + KeyCachedInformation, // KEY_CACHED_INFORMATION + KeyFlagsInformation, // KEY_FLAGS_INFORMATION + KeyVirtualizationInformation, // KEY_VIRTUALIZATION_INFORMATION + KeyHandleTagsInformation, // KEY_HANDLE_TAGS_INFORMATION + KeyTrustInformation, // KEY_TRUST_INFORMATION + KeyLayerInformation, // KEY_LAYER_INFORMATION + MaxKeyInfoClass +} KEY_INFORMATION_CLASS; + +typedef struct _KEY_BASIC_INFORMATION +{ + LARGE_INTEGER LastWriteTime; + ULONG TitleIndex; + ULONG NameLength; + _Field_size_bytes_(NameLength) WCHAR Name[1]; +} KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION; + +typedef struct _KEY_NODE_INFORMATION +{ + LARGE_INTEGER LastWriteTime; + ULONG TitleIndex; + ULONG ClassOffset; + ULONG ClassLength; + ULONG NameLength; + _Field_size_bytes_(NameLength) WCHAR Name[1]; + // ... + // WCHAR Class[1]; +} KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION; + +typedef struct _KEY_FULL_INFORMATION +{ + LARGE_INTEGER LastWriteTime; + ULONG TitleIndex; + ULONG ClassOffset; + ULONG ClassLength; + ULONG SubKeys; + ULONG MaxNameLength; + ULONG MaxClassLength; + ULONG Values; + ULONG MaxValueNameLength; + ULONG MaxValueDataLength; + WCHAR Class[1]; +} KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION; + +typedef struct _KEY_NAME_INFORMATION +{ + ULONG NameLength; + _Field_size_bytes_(NameLength) WCHAR Name[1]; +} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION; + +typedef struct _KEY_CACHED_INFORMATION +{ + LARGE_INTEGER LastWriteTime; + ULONG TitleIndex; + ULONG SubKeys; + ULONG MaxNameLength; + ULONG Values; + ULONG MaxValueNameLength; + ULONG MaxValueDataLength; + ULONG NameLength; + _Field_size_bytes_(NameLength) WCHAR Name[1]; +} KEY_CACHED_INFORMATION, *PKEY_CACHED_INFORMATION; + +// rev +#define REG_FLAG_VOLATILE 0x0001 +#define REG_FLAG_LINK 0x0002 + +// msdn +#define REG_KEY_DONT_VIRTUALIZE 0x0002 +#define REG_KEY_DONT_SILENT_FAIL 0x0004 +#define REG_KEY_RECURSE_FLAG 0x0008 + +// private +typedef struct _KEY_FLAGS_INFORMATION +{ + ULONG Wow64Flags; + ULONG KeyFlags; // REG_FLAG_* + ULONG ControlFlags; // REG_KEY_* +} KEY_FLAGS_INFORMATION, *PKEY_FLAGS_INFORMATION; + +typedef struct _KEY_VIRTUALIZATION_INFORMATION +{ + ULONG VirtualizationCandidate : 1; // Tells whether the key is part of the virtualization namespace scope (only HKLM\Software for now). + ULONG VirtualizationEnabled : 1; // Tells whether virtualization is enabled on this key. Can be 1 only if above flag is 1. + ULONG VirtualTarget : 1; // Tells if the key is a virtual key. Can be 1 only if above 2 are 0. Valid only on the virtual store key handles. + ULONG VirtualStore : 1; // Tells if the key is a part of the virtual store path. Valid only on the virtual store key handles. + ULONG VirtualSource : 1; // Tells if the key has ever been virtualized, can be 1 only if VirtualizationCandidate is 1. + ULONG Reserved : 27; +} KEY_VIRTUALIZATION_INFORMATION, *PKEY_VIRTUALIZATION_INFORMATION; + +// private +typedef struct _KEY_TRUST_INFORMATION +{ + ULONG TrustedKey : 1; + ULONG Reserved : 31; +} KEY_TRUST_INFORMATION, *PKEY_TRUST_INFORMATION; + +// private +typedef struct _KEY_LAYER_INFORMATION +{ + ULONG IsTombstone : 1; + ULONG IsSupersedeLocal : 1; + ULONG IsSupersedeTree : 1; + ULONG ClassIsInherited : 1; + ULONG Reserved : 28; +} KEY_LAYER_INFORMATION, *PKEY_LAYER_INFORMATION; + +typedef enum _KEY_SET_INFORMATION_CLASS +{ + KeyWriteTimeInformation, // KEY_WRITE_TIME_INFORMATION + KeyWow64FlagsInformation, // KEY_WOW64_FLAGS_INFORMATION + KeyControlFlagsInformation, // KEY_CONTROL_FLAGS_INFORMATION + KeySetVirtualizationInformation, // KEY_SET_VIRTUALIZATION_INFORMATION + KeySetDebugInformation, + KeySetHandleTagsInformation, // KEY_HANDLE_TAGS_INFORMATION + KeySetLayerInformation, // KEY_SET_LAYER_INFORMATION + MaxKeySetInfoClass +} KEY_SET_INFORMATION_CLASS; + +typedef struct _KEY_WRITE_TIME_INFORMATION +{ + LARGE_INTEGER LastWriteTime; +} KEY_WRITE_TIME_INFORMATION, *PKEY_WRITE_TIME_INFORMATION; + +typedef struct _KEY_WOW64_FLAGS_INFORMATION +{ + ULONG UserFlags; +} KEY_WOW64_FLAGS_INFORMATION, *PKEY_WOW64_FLAGS_INFORMATION; + +typedef struct _KEY_HANDLE_TAGS_INFORMATION +{ + ULONG HandleTags; +} KEY_HANDLE_TAGS_INFORMATION, *PKEY_HANDLE_TAGS_INFORMATION; + +typedef struct _KEY_SET_LAYER_INFORMATION +{ + ULONG IsTombstone : 1; + ULONG IsSupersedeLocal : 1; + ULONG IsSupersedeTree : 1; + ULONG ClassIsInherited : 1; + ULONG Reserved : 28; +} KEY_SET_LAYER_INFORMATION, *PKEY_SET_LAYER_INFORMATION; + +typedef struct _KEY_CONTROL_FLAGS_INFORMATION +{ + ULONG ControlFlags; +} KEY_CONTROL_FLAGS_INFORMATION, *PKEY_CONTROL_FLAGS_INFORMATION; + +typedef struct _KEY_SET_VIRTUALIZATION_INFORMATION +{ + ULONG VirtualTarget : 1; + ULONG VirtualStore : 1; + ULONG VirtualSource : 1; // true if key has been virtualized at least once + ULONG Reserved : 29; +} KEY_SET_VIRTUALIZATION_INFORMATION, *PKEY_SET_VIRTUALIZATION_INFORMATION; + +typedef enum _KEY_VALUE_INFORMATION_CLASS +{ + KeyValueBasicInformation, // KEY_VALUE_BASIC_INFORMATION + KeyValueFullInformation, // KEY_VALUE_FULL_INFORMATION + KeyValuePartialInformation, // KEY_VALUE_PARTIAL_INFORMATION + KeyValueFullInformationAlign64, + KeyValuePartialInformationAlign64, // KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 + KeyValueLayerInformation, // KEY_VALUE_LAYER_INFORMATION + MaxKeyValueInfoClass +} KEY_VALUE_INFORMATION_CLASS; + +typedef struct _KEY_VALUE_BASIC_INFORMATION +{ + ULONG TitleIndex; + ULONG Type; + ULONG NameLength; + _Field_size_bytes_(NameLength) WCHAR Name[1]; +} KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION; + +typedef struct _KEY_VALUE_FULL_INFORMATION +{ + ULONG TitleIndex; + ULONG Type; + ULONG DataOffset; + ULONG DataLength; + ULONG NameLength; + _Field_size_bytes_(NameLength) WCHAR Name[1]; + // ... + // UCHAR Data[1]; +} KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION; + +typedef struct _KEY_VALUE_PARTIAL_INFORMATION +{ + ULONG TitleIndex; + ULONG Type; + ULONG DataLength; + _Field_size_bytes_(DataLength) UCHAR Data[1]; +} KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION; + +typedef struct _KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 +{ + ULONG Type; + ULONG DataLength; + _Field_size_bytes_(DataLength) UCHAR Data[1]; +} KEY_VALUE_PARTIAL_INFORMATION_ALIGN64, *PKEY_VALUE_PARTIAL_INFORMATION_ALIGN64; + +// private +typedef struct _KEY_VALUE_LAYER_INFORMATION +{ + ULONG IsTombstone : 1; + ULONG Reserved : 31; +} KEY_VALUE_LAYER_INFORMATION, *PKEY_VALUE_LAYER_INFORMATION; + +// private +typedef enum _CM_EXTENDED_PARAMETER_TYPE +{ + CmExtendedParameterInvalidType, + CmExtendedParameterTrustClassKey, + CmExtendedParameterEvent, + CmExtendedParameterFileAccessToken, + CmExtendedParameterMax, +} CM_EXTENDED_PARAMETER_TYPE; + +#define CM_EXTENDED_PARAMETER_TYPE_BITS 8 + +// private +typedef struct DECLSPEC_ALIGN(8) _CM_EXTENDED_PARAMETER +{ + struct + { + ULONG64 Type : CM_EXTENDED_PARAMETER_TYPE_BITS; + ULONG64 Reserved : 64 - CM_EXTENDED_PARAMETER_TYPE_BITS; + }; + + union + { + ULONG64 ULong64; + PVOID Pointer; + SIZE_T Size; + HANDLE Handle; + ULONG ULong; + ACCESS_MASK AccessMask; + }; +} CM_EXTENDED_PARAMETER, *PCM_EXTENDED_PARAMETER; + +typedef struct _KEY_VALUE_ENTRY +{ + PUNICODE_STRING ValueName; + ULONG DataLength; + ULONG DataOffset; + ULONG Type; +} KEY_VALUE_ENTRY, *PKEY_VALUE_ENTRY; + +typedef enum _REG_ACTION +{ + KeyAdded, + KeyRemoved, + KeyModified +} REG_ACTION; + +typedef struct _REG_NOTIFY_INFORMATION +{ + ULONG NextEntryOffset; + REG_ACTION Action; + ULONG KeyLength; + _Field_size_bytes_(KeyLength) WCHAR Key[1]; +} REG_NOTIFY_INFORMATION, *PREG_NOTIFY_INFORMATION; + +typedef struct _KEY_PID_ARRAY +{ + HANDLE ProcessId; + UNICODE_STRING KeyName; +} KEY_PID_ARRAY, *PKEY_PID_ARRAY; + +typedef struct _KEY_OPEN_SUBKEYS_INFORMATION +{ + ULONG Count; + KEY_PID_ARRAY KeyArray[1]; +} KEY_OPEN_SUBKEYS_INFORMATION, *PKEY_OPEN_SUBKEYS_INFORMATION; + +// Differencing registry & virtualization // since REDSTONE + +// rev +#define VR_DEVICE_NAME L"\\Device\\VRegDriver" + +// rev +#define IOCTL_VR_INITIALIZE_JOB_FOR_VREG CTL_CODE(FILE_DEVICE_UNKNOWN, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_INITIALIZE_JOB_FOR_VREG +#define IOCTL_VR_LOAD_DIFFERENCING_HIVE CTL_CODE(FILE_DEVICE_UNKNOWN, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_LOAD_DIFFERENCING_HIVE +#define IOCTL_VR_CREATE_NAMESPACE_NODE CTL_CODE(FILE_DEVICE_UNKNOWN, 3, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_CREATE_NAMESPACE_NODE +#define IOCTL_VR_MODIFY_FLAGS CTL_CODE(FILE_DEVICE_UNKNOWN, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_MODIFY_FLAGS +#define IOCTL_VR_CREATE_MULTIPLE_NAMESPACE_NODES CTL_CODE(FILE_DEVICE_UNKNOWN, 5, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_CREATE_MULTIPLE_NAMESPACE_NODES +#define IOCTL_VR_UNLOAD_DYNAMICALLY_LOADED_HIVES CTL_CODE(FILE_DEVICE_UNKNOWN, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_UNLOAD_DYNAMICALLY_LOADED_HIVES +#define IOCTL_VR_GET_VIRTUAL_ROOT_KEY CTL_CODE(FILE_DEVICE_UNKNOWN, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_GET_VIRTUAL_ROOT; out: VR_GET_VIRTUAL_ROOT_RESULT +#define IOCTL_VR_LOAD_DIFFERENCING_HIVE_FOR_HOST CTL_CODE(FILE_DEVICE_UNKNOWN, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_LOAD_DIFFERENCING_HIVE_FOR_HOST +#define IOCTL_VR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST CTL_CODE(FILE_DEVICE_UNKNOWN, 9, METHOD_BUFFERED, FILE_ANY_ACCESS) // in: VR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST + +// private +typedef struct _VR_INITIALIZE_JOB_FOR_VREG +{ + HANDLE Job; +} VR_INITIALIZE_JOB_FOR_VREG, *PVR_INITIALIZE_JOB_FOR_VREG; + +// rev +#define VR_FLAG_INHERIT_TRUST_CLASS 0x00000001 +#define VR_FLAG_WRITE_THROUGH_HIVE 0x00000002 // since REDSTONE2 +#define VR_FLAG_LOCAL_MACHINE_TRUST_CLASS 0x00000004 // since 21H1 + +// rev + private +typedef struct _VR_LOAD_DIFFERENCING_HIVE +{ + HANDLE Job; + ULONG NextLayerIsHost; + ULONG Flags; // VR_FLAG_* + ULONG LoadFlags; // NtLoadKeyEx flags + WORD KeyPathLength; + WORD HivePathLength; + WORD NextLayerKeyPathLength; + HANDLE FileAccessToken; // since 20H1 + WCHAR Strings[ANYSIZE_ARRAY]; + // ... + // WCHAR KeyPath[1]; + // WCHAR HivePath[1]; + // WCHAR NextLayerKeyPath[1]; +} VR_LOAD_DIFFERENCING_HIVE, *PVR_LOAD_DIFFERENCING_HIVE; + +// rev + private +typedef struct _VR_CREATE_NAMESPACE_NODE +{ + HANDLE Job; + WORD ContainerPathLength; + WORD HostPathLength; + ULONG Flags; + ACCESS_MASK AccessMask; // since 20H1 + WCHAR Strings[ANYSIZE_ARRAY]; + // ... + // WCHAR ContainerPath[1]; + // WCHAR HostPath[1]; +} VR_CREATE_NAMESPACE_NODE, *PVR_CREATE_NAMESPACE_NODE; + +// private +typedef struct _VR_MODIFY_FLAGS +{ + HANDLE Job; + ULONG AddFlags; + ULONG RemoveFlags; +} VR_MODIFY_FLAGS, *PVR_MODIFY_FLAGS; + +// private +typedef struct _NAMESPACE_NODE_DATA +{ + ACCESS_MASK AccessMask; + WORD ContainerPathLength; + WORD HostPathLength; + ULONG Flags; + WCHAR Strings[ANYSIZE_ARRAY]; + // ... + // WCHAR ContainerPath[1]; + // WCHAR HostPath[1]; +} NAMESPACE_NODE_DATA, *PNAMESPACE_NODE_DATA; + +// private +typedef struct _VR_CREATE_MULTIPLE_NAMESPACE_NODES +{ + HANDLE Job; + ULONG NumNewKeys; + NAMESPACE_NODE_DATA Keys[1]; +} VR_CREATE_MULTIPLE_NAMESPACE_NODES, *PVR_CREATE_MULTIPLE_NAMESPACE_NODES; + +// private +typedef struct _VR_UNLOAD_DYNAMICALLY_LOADED_HIVES +{ + HANDLE Job; +} VR_UNLOAD_DYNAMICALLY_LOADED_HIVES, *PVR_UNLOAD_DYNAMICALLY_LOADED_HIVES; + +// rev +#define VR_KEY_COMROOT 0 // \Registry\ComRoot\Classes +#define VR_KEY_MACHINE_SOFTWARE 1 // \Registry\Machine\Software // since REDSTONE2 +#define VR_KEY_CONTROL_SET 2 // \Registry\Machine\System\ControlSet001 // since REDSTONE2 + +// rev +typedef struct _VR_GET_VIRTUAL_ROOT +{ + HANDLE Job; + ULONG Index; // VR_KEY_* // since REDSTONE2 +} VR_GET_VIRTUAL_ROOT, *PVR_GET_VIRTUAL_ROOT; + +// rev +typedef struct _VR_GET_VIRTUAL_ROOT_RESULT +{ + HANDLE Key; +} VR_GET_VIRTUAL_ROOT_RESULT, *PVR_GET_VIRTUAL_ROOT_RESULT; + +// rev +typedef struct _VR_LOAD_DIFFERENCING_HIVE_FOR_HOST +{ + ULONG LoadFlags; // NtLoadKeyEx flags + ULONG Flags; // VR_FLAG_* // since REDSTONE2 + WORD KeyPathLength; + WORD HivePathLength; + WORD NextLayerKeyPathLength; + HANDLE FileAccessToken; // since 20H1 + WCHAR Strings[ANYSIZE_ARRAY]; + // ... + // WCHAR KeyPath[1]; + // WCHAR HivePath[1]; + // WCHAR NextLayerKeyPath[1]; +} VR_LOAD_DIFFERENCING_HIVE_FOR_HOST, *PVR_LOAD_DIFFERENCING_HIVE_FOR_HOST; + +// rev +typedef struct _VR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST +{ + ULONG Reserved; + WORD TargetKeyPathLength; + WCHAR TargetKeyPath[ANYSIZE_ARRAY]; +} VR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST, *PVR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST; + +// System calls + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateKey( + _Out_ PHANDLE KeyHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Reserved_ ULONG TitleIndex, + _In_opt_ PUNICODE_STRING Class, + _In_ ULONG CreateOptions, + _Out_opt_ PULONG Disposition + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateKeyTransacted( + _Out_ PHANDLE KeyHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Reserved_ ULONG TitleIndex, + _In_opt_ PUNICODE_STRING Class, + _In_ ULONG CreateOptions, + _In_ HANDLE TransactionHandle, + _Out_opt_ PULONG Disposition + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenKey( + _Out_ PHANDLE KeyHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenKeyTransacted( + _Out_ PHANDLE KeyHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE TransactionHandle + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenKeyEx( + _Out_ PHANDLE KeyHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG OpenOptions + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenKeyTransactedEx( + _Out_ PHANDLE KeyHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG OpenOptions, + _In_ HANDLE TransactionHandle + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDeleteKey( + _In_ HANDLE KeyHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRenameKey( + _In_ HANDLE KeyHandle, + _In_ PUNICODE_STRING NewName + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDeleteValueKey( + _In_ HANDLE KeyHandle, + _In_ PUNICODE_STRING ValueName + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryKey( + _In_ HANDLE KeyHandle, + _In_ KEY_INFORMATION_CLASS KeyInformationClass, + _Out_writes_bytes_opt_(Length) PVOID KeyInformation, + _In_ ULONG Length, + _Out_ PULONG ResultLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationKey( + _In_ HANDLE KeyHandle, + _In_ KEY_SET_INFORMATION_CLASS KeySetInformationClass, + _In_reads_bytes_(KeySetInformationLength) PVOID KeySetInformation, + _In_ ULONG KeySetInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryValueKey( + _In_ HANDLE KeyHandle, + _In_ PUNICODE_STRING ValueName, + _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, + _Out_writes_bytes_opt_(Length) PVOID KeyValueInformation, + _In_ ULONG Length, + _Out_ PULONG ResultLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetValueKey( + _In_ HANDLE KeyHandle, + _In_ PUNICODE_STRING ValueName, + _In_opt_ ULONG TitleIndex, + _In_ ULONG Type, + _In_reads_bytes_opt_(DataSize) PVOID Data, + _In_ ULONG DataSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryMultipleValueKey( + _In_ HANDLE KeyHandle, + _Inout_updates_(EntryCount) PKEY_VALUE_ENTRY ValueEntries, + _In_ ULONG EntryCount, + _Out_writes_bytes_(*BufferLength) PVOID ValueBuffer, + _Inout_ PULONG BufferLength, + _Out_opt_ PULONG RequiredBufferLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtEnumerateKey( + _In_ HANDLE KeyHandle, + _In_ ULONG Index, + _In_ KEY_INFORMATION_CLASS KeyInformationClass, + _Out_writes_bytes_opt_(Length) PVOID KeyInformation, + _In_ ULONG Length, + _Out_ PULONG ResultLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtEnumerateValueKey( + _In_ HANDLE KeyHandle, + _In_ ULONG Index, + _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, + _Out_writes_bytes_opt_(Length) PVOID KeyValueInformation, + _In_ ULONG Length, + _Out_ PULONG ResultLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFlushKey( + _In_ HANDLE KeyHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCompactKeys( + _In_ ULONG Count, + _In_reads_(Count) HANDLE KeyArray[] + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCompressKey( + _In_ HANDLE KeyHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtLoadKey( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_ POBJECT_ATTRIBUTES SourceFile + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtLoadKey2( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_ POBJECT_ATTRIBUTES SourceFile, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtLoadKeyEx( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_ POBJECT_ATTRIBUTES SourceFile, + _In_ ULONG Flags, + _In_opt_ HANDLE TrustClassKey, // this and below were added on Win10 + _In_opt_ HANDLE Event, + _In_opt_ ACCESS_MASK DesiredAccess, + _Out_opt_ PHANDLE RootHandle, + _Reserved_ PVOID Reserved // previously PIO_STATUS_BLOCK + ); + +// rev by tyranid +#if (PHNT_VERSION >= PHNT_20H1) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtLoadKey3( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_ POBJECT_ATTRIBUTES SourceFile, + _In_ ULONG Flags, + _In_reads_(ExtendedParameterCount) PCM_EXTENDED_PARAMETER ExtendedParameters, + _In_ ULONG ExtendedParameterCount, + _In_opt_ ACCESS_MASK DesiredAccess, + _Out_opt_ PHANDLE RootHandle, + _Reserved_ PVOID Reserved + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReplaceKey( + _In_ POBJECT_ATTRIBUTES NewFile, + _In_ HANDLE TargetHandle, + _In_ POBJECT_ATTRIBUTES OldFile + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSaveKey( + _In_ HANDLE KeyHandle, + _In_ HANDLE FileHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSaveKeyEx( + _In_ HANDLE KeyHandle, + _In_ HANDLE FileHandle, + _In_ ULONG Format + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSaveMergedKeys( + _In_ HANDLE HighPrecedenceKeyHandle, + _In_ HANDLE LowPrecedenceKeyHandle, + _In_ HANDLE FileHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRestoreKey( + _In_ HANDLE KeyHandle, + _In_ HANDLE FileHandle, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtUnloadKey( + _In_ POBJECT_ATTRIBUTES TargetKey + ); + +// +// NtUnloadKey2 Flags (from winnt.h) +// +//#define REG_FORCE_UNLOAD 1 +//#define REG_UNLOAD_LEGAL_FLAGS (REG_FORCE_UNLOAD) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtUnloadKey2( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtUnloadKeyEx( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_opt_ HANDLE Event + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtNotifyChangeKey( + _In_ HANDLE KeyHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG CompletionFilter, + _In_ BOOLEAN WatchTree, + _Out_writes_bytes_opt_(BufferSize) PVOID Buffer, + _In_ ULONG BufferSize, + _In_ BOOLEAN Asynchronous + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtNotifyChangeMultipleKeys( + _In_ HANDLE MasterKeyHandle, + _In_opt_ ULONG Count, + _In_reads_opt_(Count) OBJECT_ATTRIBUTES SubordinateObjects[], + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG CompletionFilter, + _In_ BOOLEAN WatchTree, + _Out_writes_bytes_opt_(BufferSize) PVOID Buffer, + _In_ ULONG BufferSize, + _In_ BOOLEAN Asynchronous + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryOpenSubKeys( + _In_ POBJECT_ATTRIBUTES TargetKey, + _Out_ PULONG HandleCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryOpenSubKeysEx( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_ ULONG BufferLength, + _Out_writes_bytes_opt_(BufferLength) PVOID Buffer, + _Out_ PULONG RequiredSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtInitializeRegistry( + _In_ USHORT BootCondition + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtLockRegistryKey( + _In_ HANDLE KeyHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtLockProductActivationKeys( + _Inout_opt_ ULONG *pPrivateVer, + _Out_opt_ ULONG *pSafeMode + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFreezeRegistry( + _In_ ULONG TimeOutInSeconds + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSCALLAPI +NTSTATUS +NTAPI +NtThawRegistry( + VOID + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE) +NTSTATUS NtCreateRegistryTransaction( + _Out_ HANDLE *RegistryTransactionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjAttributes, + _Reserved_ ULONG CreateOptions + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE) +NTSTATUS NtOpenRegistryTransaction( + _Out_ HANDLE *RegistryTransactionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjAttributes + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE) +NTSTATUS NtCommitRegistryTransaction( + _In_ HANDLE RegistryTransactionHandle, + _Reserved_ ULONG Flags + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE) +NTSTATUS NtRollbackRegistryTransaction( + _In_ HANDLE RegistryTransactionHandle, + _Reserved_ ULONG Flags + ); +#endif + +#endif diff --git a/deps/phnt-nightly/ntrtl.h b/deps/phnt-nightly/ntrtl.h new file mode 100644 index 0000000..e51f0f6 --- /dev/null +++ b/deps/phnt-nightly/ntrtl.h @@ -0,0 +1,10249 @@ +/* + * RTL support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTRTL_H +#define _NTRTL_H + +#define RtlOffsetToPointer(Base, Offset) ((PCHAR)(((PCHAR)(Base)) + ((ULONG_PTR)(Offset)))) +#define RtlPointerToOffset(Base, Pointer) ((ULONG)(((PCHAR)(Pointer)) - ((PCHAR)(Base)))) + +#define RTL_PTR_ADD(Pointer, Value) ((PVOID)((ULONG_PTR)(Pointer) + (ULONG_PTR)(Value))) +#define RTL_PTR_SUBTRACT(Pointer, Value) ((PVOID)((ULONG_PTR)(Pointer) - (ULONG_PTR)(Value))) + +#define RTL_MILLISEC_TO_100NANOSEC(m) ((m) * 10000ui64) +#define RTL_SEC_TO_100NANOSEC(s) ((s) * 10000000ui64) +#define RTL_SEC_TO_MILLISEC(s) ((s) * 1000ui64) + +#define RTL_MEG (1024UL * 1024UL) +#define RTL_IMAGE_MAX_DOS_HEADER (256UL * RTL_MEG) + +// Linked lists + +FORCEINLINE VOID InitializeListHead( + _Out_ PLIST_ENTRY ListHead + ) +{ + ListHead->Flink = ListHead->Blink = ListHead; +} + +_Check_return_ FORCEINLINE BOOLEAN IsListEmpty( + _In_ PLIST_ENTRY ListHead + ) +{ + return ListHead->Flink == ListHead; +} + +FORCEINLINE BOOLEAN RemoveEntryList( + _In_ PLIST_ENTRY Entry + ) +{ + PLIST_ENTRY Blink; + PLIST_ENTRY Flink; + + Flink = Entry->Flink; + Blink = Entry->Blink; + Blink->Flink = Flink; + Flink->Blink = Blink; + + return Flink == Blink; +} + +FORCEINLINE PLIST_ENTRY RemoveHeadList( + _Inout_ PLIST_ENTRY ListHead + ) +{ + PLIST_ENTRY Flink; + PLIST_ENTRY Entry; + + Entry = ListHead->Flink; + Flink = Entry->Flink; + ListHead->Flink = Flink; + Flink->Blink = ListHead; + + return Entry; +} + +FORCEINLINE PLIST_ENTRY RemoveTailList( + _Inout_ PLIST_ENTRY ListHead + ) +{ + PLIST_ENTRY Blink; + PLIST_ENTRY Entry; + + Entry = ListHead->Blink; + Blink = Entry->Blink; + ListHead->Blink = Blink; + Blink->Flink = ListHead; + + return Entry; +} + +FORCEINLINE VOID InsertTailList( + _Inout_ PLIST_ENTRY ListHead, + _Inout_ PLIST_ENTRY Entry + ) +{ + PLIST_ENTRY Blink; + + Blink = ListHead->Blink; + Entry->Flink = ListHead; + Entry->Blink = Blink; + Blink->Flink = Entry; + ListHead->Blink = Entry; +} + +FORCEINLINE VOID InsertHeadList( + _Inout_ PLIST_ENTRY ListHead, + _Inout_ PLIST_ENTRY Entry + ) +{ + PLIST_ENTRY Flink; + + Flink = ListHead->Flink; + Entry->Flink = Flink; + Entry->Blink = ListHead; + Flink->Blink = Entry; + ListHead->Flink = Entry; +} + +FORCEINLINE VOID AppendTailList( + _Inout_ PLIST_ENTRY ListHead, + _Inout_ PLIST_ENTRY ListToAppend + ) +{ + PLIST_ENTRY ListEnd = ListHead->Blink; + + ListHead->Blink->Flink = ListToAppend; + ListHead->Blink = ListToAppend->Blink; + ListToAppend->Blink->Flink = ListHead; + ListToAppend->Blink = ListEnd; +} + +FORCEINLINE PSINGLE_LIST_ENTRY PopEntryList( + _Inout_ PSINGLE_LIST_ENTRY ListHead + ) +{ + PSINGLE_LIST_ENTRY FirstEntry; + + FirstEntry = ListHead->Next; + + if (FirstEntry) + ListHead->Next = FirstEntry->Next; + + return FirstEntry; +} + +FORCEINLINE VOID PushEntryList( + _Inout_ PSINGLE_LIST_ENTRY ListHead, + _Inout_ PSINGLE_LIST_ENTRY Entry + ) +{ + Entry->Next = ListHead->Next; + ListHead->Next = Entry; +} + +// AVL and splay trees + +typedef enum _TABLE_SEARCH_RESULT +{ + TableEmptyTree, + TableFoundNode, + TableInsertAsLeft, + TableInsertAsRight +} TABLE_SEARCH_RESULT; + +typedef enum _RTL_GENERIC_COMPARE_RESULTS +{ + GenericLessThan, + GenericGreaterThan, + GenericEqual +} RTL_GENERIC_COMPARE_RESULTS; + +typedef RTL_GENERIC_COMPARE_RESULTS (NTAPI *PRTL_AVL_COMPARE_ROUTINE)( + _In_ struct _RTL_AVL_TABLE *Table, + _In_ PVOID FirstStruct, + _In_ PVOID SecondStruct + ); + +typedef PVOID (NTAPI *PRTL_AVL_ALLOCATE_ROUTINE)( + _In_ struct _RTL_AVL_TABLE *Table, + _In_ CLONG ByteSize + ); + +typedef VOID (NTAPI *PRTL_AVL_FREE_ROUTINE)( + _In_ struct _RTL_AVL_TABLE *Table, + _In_ _Post_invalid_ PVOID Buffer + ); + +typedef NTSTATUS (NTAPI *PRTL_AVL_MATCH_FUNCTION)( + _In_ struct _RTL_AVL_TABLE *Table, + _In_ PVOID UserData, + _In_ PVOID MatchData + ); + +typedef struct _RTL_BALANCED_LINKS +{ + struct _RTL_BALANCED_LINKS *Parent; + struct _RTL_BALANCED_LINKS *LeftChild; + struct _RTL_BALANCED_LINKS *RightChild; + CHAR Balance; + UCHAR Reserved[3]; +} RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS; + +typedef struct _RTL_AVL_TABLE +{ + RTL_BALANCED_LINKS BalancedRoot; + PVOID OrderedPointer; + ULONG WhichOrderedElement; + ULONG NumberGenericTableElements; + ULONG DepthOfTree; + PRTL_BALANCED_LINKS RestartKey; + ULONG DeleteCount; + PRTL_AVL_COMPARE_ROUTINE CompareRoutine; + PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine; + PRTL_AVL_FREE_ROUTINE FreeRoutine; + PVOID TableContext; +} RTL_AVL_TABLE, *PRTL_AVL_TABLE; + +NTSYSAPI +VOID +NTAPI +RtlInitializeGenericTableAvl( + _Out_ PRTL_AVL_TABLE Table, + _In_ PRTL_AVL_COMPARE_ROUTINE CompareRoutine, + _In_ PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine, + _In_ PRTL_AVL_FREE_ROUTINE FreeRoutine, + _In_opt_ PVOID TableContext + ); + +NTSYSAPI +PVOID +NTAPI +RtlInsertElementGenericTableAvl( + _In_ PRTL_AVL_TABLE Table, + _In_reads_bytes_(BufferSize) PVOID Buffer, + _In_ CLONG BufferSize, + _Out_opt_ PBOOLEAN NewElement + ); + +NTSYSAPI +PVOID +NTAPI +RtlInsertElementGenericTableFullAvl( + _In_ PRTL_AVL_TABLE Table, + _In_reads_bytes_(BufferSize) PVOID Buffer, + _In_ CLONG BufferSize, + _Out_opt_ PBOOLEAN NewElement, + _In_ PVOID NodeOrParent, + _In_ TABLE_SEARCH_RESULT SearchResult + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlDeleteElementGenericTableAvl( + _In_ PRTL_AVL_TABLE Table, + _In_ PVOID Buffer + ); + +_Check_return_ +NTSYSAPI +PVOID +NTAPI +RtlLookupElementGenericTableAvl( + _In_ PRTL_AVL_TABLE Table, + _In_ PVOID Buffer + ); + +NTSYSAPI +PVOID +NTAPI +RtlLookupElementGenericTableFullAvl( + _In_ PRTL_AVL_TABLE Table, + _In_ PVOID Buffer, + _Out_ PVOID *NodeOrParent, + _Out_ TABLE_SEARCH_RESULT *SearchResult + ); + +_Check_return_ +NTSYSAPI +PVOID +NTAPI +RtlEnumerateGenericTableAvl( + _In_ PRTL_AVL_TABLE Table, + _In_ BOOLEAN Restart + ); + +_Check_return_ +NTSYSAPI +PVOID +NTAPI +RtlEnumerateGenericTableWithoutSplayingAvl( + _In_ PRTL_AVL_TABLE Table, + _Inout_ PVOID *RestartKey + ); + +_Check_return_ +NTSYSAPI +PVOID +NTAPI +RtlLookupFirstMatchingElementGenericTableAvl( + _In_ PRTL_AVL_TABLE Table, + _In_ PVOID Buffer, + _Out_ PVOID *RestartKey + ); + +_Check_return_ +NTSYSAPI +PVOID +NTAPI +RtlEnumerateGenericTableLikeADirectory( + _In_ PRTL_AVL_TABLE Table, + _In_opt_ PRTL_AVL_MATCH_FUNCTION MatchFunction, + _In_opt_ PVOID MatchData, + _In_ ULONG NextFlag, + _Inout_ PVOID *RestartKey, + _Inout_ PULONG DeleteCount, + _In_ PVOID Buffer + ); + +_Check_return_ +NTSYSAPI +PVOID +NTAPI +RtlGetElementGenericTableAvl( + _In_ PRTL_AVL_TABLE Table, + _In_ ULONG I + ); + +NTSYSAPI +ULONG +NTAPI +RtlNumberGenericTableElementsAvl( + _In_ PRTL_AVL_TABLE Table + ); + +_Check_return_ +NTSYSAPI +BOOLEAN +NTAPI +RtlIsGenericTableEmptyAvl( + _In_ PRTL_AVL_TABLE Table + ); + +typedef struct _RTL_SPLAY_LINKS +{ + struct _RTL_SPLAY_LINKS *Parent; + struct _RTL_SPLAY_LINKS *LeftChild; + struct _RTL_SPLAY_LINKS *RightChild; +} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS; + +#define RtlInitializeSplayLinks(Links) \ +{ \ + PRTL_SPLAY_LINKS _SplayLinks; \ + _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \ + _SplayLinks->Parent = _SplayLinks; \ + _SplayLinks->LeftChild = NULL; \ + _SplayLinks->RightChild = NULL; \ +} + +#define RtlParent(Links) ((PRTL_SPLAY_LINKS)(Links)->Parent) +#define RtlLeftChild(Links) ((PRTL_SPLAY_LINKS)(Links)->LeftChild) +#define RtlRightChild(Links) ((PRTL_SPLAY_LINKS)(Links)->RightChild) +#define RtlIsRoot(Links) ((RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))) +#define RtlIsLeftChild(Links) ((RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))) +#define RtlIsRightChild(Links) ((RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))) + +#define RtlInsertAsLeftChild(ParentLinks, ChildLinks) \ +{ \ + PRTL_SPLAY_LINKS _SplayParent; \ + PRTL_SPLAY_LINKS _SplayChild; \ + _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \ + _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \ + _SplayParent->LeftChild = _SplayChild; \ + _SplayChild->Parent = _SplayParent; \ +} + +#define RtlInsertAsRightChild(ParentLinks, ChildLinks) \ +{ \ + PRTL_SPLAY_LINKS _SplayParent; \ + PRTL_SPLAY_LINKS _SplayChild; \ + _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \ + _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \ + _SplayParent->RightChild = _SplayChild; \ + _SplayChild->Parent = _SplayParent; \ +} + +NTSYSAPI +PRTL_SPLAY_LINKS +NTAPI +RtlSplay( + _Inout_ PRTL_SPLAY_LINKS Links + ); + +NTSYSAPI +PRTL_SPLAY_LINKS +NTAPI +RtlDelete( + _In_ PRTL_SPLAY_LINKS Links + ); + +NTSYSAPI +VOID +NTAPI +RtlDeleteNoSplay( + _In_ PRTL_SPLAY_LINKS Links, + _Inout_ PRTL_SPLAY_LINKS *Root + ); + +_Check_return_ +NTSYSAPI +PRTL_SPLAY_LINKS +NTAPI +RtlSubtreeSuccessor( + _In_ PRTL_SPLAY_LINKS Links + ); + +_Check_return_ +NTSYSAPI +PRTL_SPLAY_LINKS +NTAPI +RtlSubtreePredecessor( + _In_ PRTL_SPLAY_LINKS Links + ); + +_Check_return_ +NTSYSAPI +PRTL_SPLAY_LINKS +NTAPI +RtlRealSuccessor( + _In_ PRTL_SPLAY_LINKS Links + ); + +_Check_return_ +NTSYSAPI +PRTL_SPLAY_LINKS +NTAPI +RtlRealPredecessor( + _In_ PRTL_SPLAY_LINKS Links + ); + +struct _RTL_GENERIC_TABLE; + +typedef RTL_GENERIC_COMPARE_RESULTS (NTAPI *PRTL_GENERIC_COMPARE_ROUTINE)( + _In_ struct _RTL_GENERIC_TABLE *Table, + _In_ PVOID FirstStruct, + _In_ PVOID SecondStruct + ); + +typedef PVOID (NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE)( + _In_ struct _RTL_GENERIC_TABLE *Table, + _In_ CLONG ByteSize + ); + +typedef VOID (NTAPI *PRTL_GENERIC_FREE_ROUTINE)( + _In_ struct _RTL_GENERIC_TABLE *Table, + _In_ _Post_invalid_ PVOID Buffer + ); + +typedef struct _RTL_GENERIC_TABLE +{ + PRTL_SPLAY_LINKS TableRoot; + LIST_ENTRY InsertOrderList; + PLIST_ENTRY OrderedPointer; + ULONG WhichOrderedElement; + ULONG NumberGenericTableElements; + PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine; + PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine; + PRTL_GENERIC_FREE_ROUTINE FreeRoutine; + PVOID TableContext; +} RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE; + +NTSYSAPI +VOID +NTAPI +RtlInitializeGenericTable( + _Out_ PRTL_GENERIC_TABLE Table, + _In_ PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine, + _In_ PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine, + _In_ PRTL_GENERIC_FREE_ROUTINE FreeRoutine, + _In_opt_ PVOID TableContext + ); + +NTSYSAPI +PVOID +NTAPI +RtlInsertElementGenericTable( + _In_ PRTL_GENERIC_TABLE Table, + _In_reads_bytes_(BufferSize) PVOID Buffer, + _In_ CLONG BufferSize, + _Out_opt_ PBOOLEAN NewElement + ); + +NTSYSAPI +PVOID +NTAPI +RtlInsertElementGenericTableFull( + _In_ PRTL_GENERIC_TABLE Table, + _In_reads_bytes_(BufferSize) PVOID Buffer, + _In_ CLONG BufferSize, + _Out_opt_ PBOOLEAN NewElement, + _In_ PVOID NodeOrParent, + _In_ TABLE_SEARCH_RESULT SearchResult + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlDeleteElementGenericTable( + _In_ PRTL_GENERIC_TABLE Table, + _In_ PVOID Buffer + ); + +_Check_return_ +NTSYSAPI +PVOID +NTAPI +RtlLookupElementGenericTable( + _In_ PRTL_GENERIC_TABLE Table, + _In_ PVOID Buffer + ); + +NTSYSAPI +PVOID +NTAPI +RtlLookupElementGenericTableFull( + _In_ PRTL_GENERIC_TABLE Table, + _In_ PVOID Buffer, + _Out_ PVOID *NodeOrParent, + _Out_ TABLE_SEARCH_RESULT *SearchResult + ); + +_Check_return_ +NTSYSAPI +PVOID +NTAPI +RtlEnumerateGenericTable( + _In_ PRTL_GENERIC_TABLE Table, + _In_ BOOLEAN Restart + ); + +_Check_return_ +NTSYSAPI +PVOID +NTAPI +RtlEnumerateGenericTableWithoutSplaying( + _In_ PRTL_GENERIC_TABLE Table, + _Inout_ PVOID *RestartKey + ); + +_Check_return_ +NTSYSAPI +PVOID +NTAPI +RtlGetElementGenericTable( + _In_ PRTL_GENERIC_TABLE Table, + _In_ ULONG I + ); + +NTSYSAPI +ULONG +NTAPI +RtlNumberGenericTableElements( + _In_ PRTL_GENERIC_TABLE Table + ); + +_Check_return_ +NTSYSAPI +BOOLEAN +NTAPI +RtlIsGenericTableEmpty( + _In_ PRTL_GENERIC_TABLE Table + ); + +// RB trees + +typedef struct _RTL_RB_TREE +{ + PRTL_BALANCED_NODE Root; + PRTL_BALANCED_NODE Min; +} RTL_RB_TREE, *PRTL_RB_TREE; + +#if (PHNT_VERSION >= PHNT_WIN8) + +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlRbInsertNodeEx( + _In_ PRTL_RB_TREE Tree, + _In_opt_ PRTL_BALANCED_NODE Parent, + _In_ BOOLEAN Right, + _Out_ PRTL_BALANCED_NODE Node + ); + +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlRbRemoveNode( + _In_ PRTL_RB_TREE Tree, + _In_ PRTL_BALANCED_NODE Node + ); + +#endif + +// Hash tables + +// begin_ntddk + +#define RTL_HASH_ALLOCATED_HEADER 0x00000001 +#define RTL_HASH_RESERVED_SIGNATURE 0 + +typedef struct _RTL_DYNAMIC_HASH_TABLE_ENTRY +{ + LIST_ENTRY Linkage; + ULONG_PTR Signature; +} RTL_DYNAMIC_HASH_TABLE_ENTRY, *PRTL_DYNAMIC_HASH_TABLE_ENTRY; + +#define HASH_ENTRY_KEY(x) ((x)->Signature) + +typedef struct _RTL_DYNAMIC_HASH_TABLE_CONTEXT +{ + PLIST_ENTRY ChainHead; + PLIST_ENTRY PrevLinkage; + ULONG_PTR Signature; +} RTL_DYNAMIC_HASH_TABLE_CONTEXT, *PRTL_DYNAMIC_HASH_TABLE_CONTEXT; + +typedef struct _RTL_DYNAMIC_HASH_TABLE_ENUMERATOR +{ + RTL_DYNAMIC_HASH_TABLE_ENTRY HashEntry; + PLIST_ENTRY ChainHead; + ULONG BucketIndex; +} RTL_DYNAMIC_HASH_TABLE_ENUMERATOR, *PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR; + +typedef struct _RTL_DYNAMIC_HASH_TABLE +{ + // Entries initialized at creation. + ULONG Flags; + ULONG Shift; + + // Entries used in bucket computation. + ULONG TableSize; + ULONG Pivot; + ULONG DivisorMask; + + // Counters. + ULONG NumEntries; + ULONG NonEmptyBuckets; + ULONG NumEnumerators; + + // The directory. This field is for internal use only. + PVOID Directory; +} RTL_DYNAMIC_HASH_TABLE, *PRTL_DYNAMIC_HASH_TABLE; + +#if (PHNT_VERSION >= PHNT_WIN7) + +FORCEINLINE +VOID +RtlInitHashTableContext( + _Inout_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context + ) +{ + Context->ChainHead = NULL; + Context->PrevLinkage = NULL; +} + +FORCEINLINE +VOID +RtlInitHashTableContextFromEnumerator( + _Inout_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context, + _In_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator + ) +{ + Context->ChainHead = Enumerator->ChainHead; + Context->PrevLinkage = Enumerator->HashEntry.Linkage.Blink; +} + +FORCEINLINE +VOID +RtlReleaseHashTableContext( + _Inout_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context + ) +{ + UNREFERENCED_PARAMETER(Context); + return; +} + +FORCEINLINE +ULONG +RtlTotalBucketsHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable + ) +{ + return HashTable->TableSize; +} + +FORCEINLINE +ULONG +RtlNonEmptyBucketsHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable + ) +{ + return HashTable->NonEmptyBuckets; +} + +FORCEINLINE +ULONG +RtlEmptyBucketsHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable + ) +{ + return HashTable->TableSize - HashTable->NonEmptyBuckets; +} + +FORCEINLINE +ULONG +RtlTotalEntriesHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable + ) +{ + return HashTable->NumEntries; +} + +FORCEINLINE +ULONG +RtlActiveEnumeratorsHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable + ) +{ + return HashTable->NumEnumerators; +} + +_Must_inspect_result_ +NTSYSAPI +BOOLEAN +NTAPI +RtlCreateHashTable( + _Inout_ _When_(*HashTable == NULL, __drv_allocatesMem(Mem)) PRTL_DYNAMIC_HASH_TABLE *HashTable, + _In_ ULONG Shift, + _In_ _Reserved_ ULONG Flags + ); + +NTSYSAPI +LOGICAL +NTAPI +RtlDeleteHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlInsertEntryHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable, + _In_ PRTL_DYNAMIC_HASH_TABLE_ENTRY Entry, + _In_ ULONG_PTR Signature, + _Inout_opt_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlRemoveEntryHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable, + _In_ PRTL_DYNAMIC_HASH_TABLE_ENTRY Entry, + _Inout_opt_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context + ); + +_Must_inspect_result_ +NTSYSAPI +PRTL_DYNAMIC_HASH_TABLE_ENTRY +NTAPI +RtlLookupEntryHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable, + _In_ ULONG_PTR Signature, + _Out_opt_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context + ); + +_Must_inspect_result_ +NTSYSAPI +PRTL_DYNAMIC_HASH_TABLE_ENTRY +NTAPI +RtlGetNextEntryHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable, + _In_ PRTL_DYNAMIC_HASH_TABLE_CONTEXT Context + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlInitEnumerationHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable, + _Out_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator + ); + +_Must_inspect_result_ +NTSYSAPI +PRTL_DYNAMIC_HASH_TABLE_ENTRY +NTAPI +RtlEnumerateEntryHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable, + _Inout_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator + ); + +NTSYSAPI +VOID +NTAPI +RtlEndEnumerationHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable, + _Inout_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlInitWeakEnumerationHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable, + _Out_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator + ); + +_Must_inspect_result_ +NTSYSAPI +PRTL_DYNAMIC_HASH_TABLE_ENTRY +NTAPI +RtlWeaklyEnumerateEntryHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable, + _Inout_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator + ); + +NTSYSAPI +VOID +NTAPI +RtlEndWeakEnumerationHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable, + _Inout_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlExpandHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlContractHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable + ); + +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) + +NTSYSAPI +BOOLEAN +NTAPI +RtlInitStrongEnumerationHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable, + _Out_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator + ); + +_Must_inspect_result_ +NTSYSAPI +PRTL_DYNAMIC_HASH_TABLE_ENTRY +NTAPI +RtlStronglyEnumerateEntryHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable, + _Inout_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator + ); + +NTSYSAPI +VOID +NTAPI +RtlEndStrongEnumerationHashTable( + _In_ PRTL_DYNAMIC_HASH_TABLE HashTable, + _Inout_ PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR Enumerator + ); + +#endif + +// end_ntddk + +// Critical sections + +NTSYSAPI +NTSTATUS +NTAPI +RtlInitializeCriticalSection( + _Out_ PRTL_CRITICAL_SECTION CriticalSection + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlInitializeCriticalSectionAndSpinCount( + _Inout_ PRTL_CRITICAL_SECTION CriticalSection, + _In_ ULONG SpinCount + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlInitializeCriticalSectionEx( + _Out_ PRTL_CRITICAL_SECTION CriticalSection, + _In_ ULONG SpinCount, + _In_ ULONG Flags + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDeleteCriticalSection( + _Inout_ PRTL_CRITICAL_SECTION CriticalSection + ); + +_Acquires_exclusive_lock_(*CriticalSection) +NTSYSAPI +NTSTATUS +NTAPI +RtlEnterCriticalSection( + _Inout_ PRTL_CRITICAL_SECTION CriticalSection + ); + +_Releases_exclusive_lock_(*CriticalSection) +NTSYSAPI +NTSTATUS +NTAPI +RtlLeaveCriticalSection( + _Inout_ PRTL_CRITICAL_SECTION CriticalSection + ); + +_When_(return != 0, _Acquires_exclusive_lock_(*CriticalSection)) +NTSYSAPI +LOGICAL +NTAPI +RtlTryEnterCriticalSection( + _Inout_ PRTL_CRITICAL_SECTION CriticalSection + ); + +NTSYSAPI +LOGICAL +NTAPI +RtlIsCriticalSectionLocked( + _In_ PRTL_CRITICAL_SECTION CriticalSection + ); + +NTSYSAPI +LOGICAL +NTAPI +RtlIsCriticalSectionLockedByThread( + _In_ PRTL_CRITICAL_SECTION CriticalSection + ); + +NTSYSAPI +ULONG +NTAPI +RtlGetCriticalSectionRecursionCount( + _In_ PRTL_CRITICAL_SECTION CriticalSection + ); + +NTSYSAPI +ULONG +NTAPI +RtlSetCriticalSectionSpinCount( + _Inout_ PRTL_CRITICAL_SECTION CriticalSection, + _In_ ULONG SpinCount + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +HANDLE +NTAPI +RtlQueryCriticalSectionOwner( + _In_ HANDLE EventHandle + ); +#endif + +NTSYSAPI +VOID +NTAPI +RtlCheckForOrphanedCriticalSections( + _In_ HANDLE ThreadHandle + ); + +// Resources + +typedef struct _RTL_RESOURCE +{ + RTL_CRITICAL_SECTION CriticalSection; + + HANDLE SharedSemaphore; + volatile ULONG NumberOfWaitingShared; + HANDLE ExclusiveSemaphore; + volatile ULONG NumberOfWaitingExclusive; + + volatile LONG NumberOfActive; // negative: exclusive acquire; zero: not acquired; positive: shared acquire(s) + HANDLE ExclusiveOwnerThread; + + ULONG Flags; // RTL_RESOURCE_FLAG_* + + PRTL_RESOURCE_DEBUG DebugInfo; +} RTL_RESOURCE, *PRTL_RESOURCE; + +#define RTL_RESOURCE_FLAG_LONG_TERM ((ULONG)0x00000001) + +NTSYSAPI +VOID +NTAPI +RtlInitializeResource( + _Out_ PRTL_RESOURCE Resource + ); + +NTSYSAPI +VOID +NTAPI +RtlDeleteResource( + _Inout_ PRTL_RESOURCE Resource + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlAcquireResourceShared( + _Inout_ PRTL_RESOURCE Resource, + _In_ BOOLEAN Wait + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlAcquireResourceExclusive( + _Inout_ PRTL_RESOURCE Resource, + _In_ BOOLEAN Wait + ); + +NTSYSAPI +VOID +NTAPI +RtlReleaseResource( + _Inout_ PRTL_RESOURCE Resource + ); + +NTSYSAPI +VOID +NTAPI +RtlConvertSharedToExclusive( + _Inout_ PRTL_RESOURCE Resource + ); + +NTSYSAPI +VOID +NTAPI +RtlConvertExclusiveToShared( + _Inout_ PRTL_RESOURCE Resource + ); + +// Slim reader-writer locks, condition variables, and barriers + +#if (PHNT_VERSION >= PHNT_VISTA) + +// winbase:InitializeSRWLock +NTSYSAPI +VOID +NTAPI +RtlInitializeSRWLock( + _Out_ PRTL_SRWLOCK SRWLock + ); + +// winbase:AcquireSRWLockExclusive +_Acquires_exclusive_lock_(*SRWLock) +NTSYSAPI +VOID +NTAPI +RtlAcquireSRWLockExclusive( + _Inout_ PRTL_SRWLOCK SRWLock + ); + +// winbase:AcquireSRWLockShared +_Acquires_shared_lock_(*SRWLock) +NTSYSAPI +VOID +NTAPI +RtlAcquireSRWLockShared( + _Inout_ PRTL_SRWLOCK SRWLock + ); + +// winbase:ReleaseSRWLockExclusive +_Releases_exclusive_lock_(*SRWLock) +NTSYSAPI +VOID +NTAPI +RtlReleaseSRWLockExclusive( + _Inout_ PRTL_SRWLOCK SRWLock + ); + +// winbase:ReleaseSRWLockShared +_Releases_shared_lock_(*SRWLock) +NTSYSAPI +VOID +NTAPI +RtlReleaseSRWLockShared( + _Inout_ PRTL_SRWLOCK SRWLock + ); + +// winbase:TryAcquireSRWLockExclusive +_When_(return != 0, _Acquires_exclusive_lock_(*SRWLock)) +NTSYSAPI +BOOLEAN +NTAPI +RtlTryAcquireSRWLockExclusive( + _Inout_ PRTL_SRWLOCK SRWLock + ); + +// winbase:TryAcquireSRWLockShared +_When_(return != 0, _Acquires_shared_lock_(*SRWLock)) +NTSYSAPI +BOOLEAN +NTAPI +RtlTryAcquireSRWLockShared( + _Inout_ PRTL_SRWLOCK SRWLock + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +// rev +NTSYSAPI +VOID +NTAPI +RtlAcquireReleaseSRWLockExclusive( + _Inout_ PRTL_SRWLOCK SRWLock + ); +#endif + +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) + +// winbase:InitializeConditionVariable +NTSYSAPI +VOID +NTAPI +RtlInitializeConditionVariable( + _Out_ PRTL_CONDITION_VARIABLE ConditionVariable + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlSleepConditionVariableCS( + _Inout_ PRTL_CONDITION_VARIABLE ConditionVariable, + _Inout_ PRTL_CRITICAL_SECTION CriticalSection, + _In_opt_ PLARGE_INTEGER Timeout + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlSleepConditionVariableSRW( + _Inout_ PRTL_CONDITION_VARIABLE ConditionVariable, + _Inout_ PRTL_SRWLOCK SRWLock, + _In_opt_ PLARGE_INTEGER Timeout, + _In_ ULONG Flags + ); + +// winbase:WakeConditionVariable +NTSYSAPI +VOID +NTAPI +RtlWakeConditionVariable( + _Inout_ PRTL_CONDITION_VARIABLE ConditionVariable + ); + +// winbase:WakeAllConditionVariable +NTSYSAPI +VOID +NTAPI +RtlWakeAllConditionVariable( + _Inout_ PRTL_CONDITION_VARIABLE ConditionVariable + ); + +#endif + +// begin_rev +#define RTL_BARRIER_FLAGS_SPIN_ONLY 0x00000001 // never block on event - always spin +#define RTL_BARRIER_FLAGS_BLOCK_ONLY 0x00000002 // always block on event - never spin +#define RTL_BARRIER_FLAGS_NO_DELETE 0x00000004 // use if barrier will never be deleted +// end_rev + +// begin_private + +#if (PHNT_VERSION >= PHNT_VISTA) + +NTSYSAPI +NTSTATUS +NTAPI +RtlInitBarrier( + _Out_ PRTL_BARRIER Barrier, + _In_ ULONG TotalThreads, + _In_ ULONG SpinCount + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDeleteBarrier( + _In_ PRTL_BARRIER Barrier + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlBarrier( + _Inout_ PRTL_BARRIER Barrier, + _In_ ULONG Flags + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlBarrierForDelete( + _Inout_ PRTL_BARRIER Barrier, + _In_ ULONG Flags + ); + +#endif + +// end_private + +// Wait on address + +// begin_rev + +#if (PHNT_VERSION >= PHNT_WIN8) + +NTSYSAPI +NTSTATUS +NTAPI +RtlWaitOnAddress( + _In_reads_bytes_(AddressSize) volatile VOID *Address, + _In_reads_bytes_(AddressSize) PVOID CompareAddress, + _In_ SIZE_T AddressSize, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSAPI +VOID +NTAPI +RtlWakeAddressAll( + _In_ PVOID Address + ); + +NTSYSAPI +VOID +NTAPI +RtlWakeAddressSingle( + _In_ PVOID Address + ); + +#endif + +// end_rev + +#if (PHNT_VERSION >= PHNT_WIN11_22H2) +FORCEINLINE +VOID +RtlCopyVolatileMemory( + _Out_writes_bytes_(Size) VOID *Destination, + _In_reads_bytes_(Size) volatile const VOID *Source, + _In_ SIZE_T Size + ) +{ + RtlCopyMemory(Destination, (const VOID *)Source, Size); + BarrierAfterRead(); +} +#endif + +FORCEINLINE +HANDLE +RtlReadHandleNoFence( + _In_reads_bytes_(sizeof(HANDLE)) volatile CONST HANDLE *Address + ) +{ + return (HANDLE)ReadPointerNoFence((PVOID *)Address); +} + +// Strings + +FORCEINLINE +VOID +NTAPI +RtlInitEmptyAnsiString( + _Out_ PANSI_STRING AnsiString, + _Pre_maybenull_ _Pre_readable_size_(MaximumLength) PCHAR Buffer, + _In_ USHORT MaximumLength + ) +{ + memset(AnsiString, 0, sizeof(ANSI_STRING)); + AnsiString->MaximumLength = MaximumLength; + AnsiString->Buffer = Buffer; +} + +#ifndef PHNT_NO_INLINE_INIT_STRING +FORCEINLINE VOID RtlInitString( + _Out_ PSTRING DestinationString, + _In_opt_ PCSTR SourceString + ) +{ + if (SourceString) + DestinationString->MaximumLength = (DestinationString->Length = (USHORT)strlen(SourceString)) + sizeof(ANSI_NULL); + else + DestinationString->MaximumLength = DestinationString->Length = 0; + + DestinationString->Buffer = (PCHAR)SourceString; +} +#else +NTSYSAPI +VOID +NTAPI +RtlInitString( + _Out_ PSTRING DestinationString, + _In_opt_ PCSTR SourceString + ); +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +NTSYSAPI +NTSTATUS +NTAPI +RtlInitStringEx( + _Out_ PSTRING DestinationString, + _In_opt_z_ PCSZ SourceString + ); +#endif + +#ifndef PHNT_NO_INLINE_INIT_STRING +FORCEINLINE VOID RtlInitAnsiString( + _Out_ PANSI_STRING DestinationString, + _In_opt_ PCSTR SourceString + ) +{ + if (SourceString) + DestinationString->MaximumLength = (DestinationString->Length = (USHORT)strlen(SourceString)) + sizeof(ANSI_NULL); + else + DestinationString->MaximumLength = DestinationString->Length = 0; + + DestinationString->Buffer = (PCHAR)SourceString; +} +#else +NTSYSAPI +VOID +NTAPI +RtlInitAnsiString( + _Out_ PANSI_STRING DestinationString, + _In_opt_ PCSTR SourceString + ); +#endif + +#if (PHNT_VERSION >= PHNT_WS03) +NTSYSAPI +NTSTATUS +NTAPI +RtlInitAnsiStringEx( + _Out_ PANSI_STRING DestinationString, + _In_opt_z_ PCSZ SourceString + ); +#endif + +NTSYSAPI +VOID +NTAPI +RtlFreeAnsiString( + _Inout_ _At_(AnsiString->Buffer, _Frees_ptr_opt_) PANSI_STRING AnsiString + ); + +#if (PHNT_VERSION >= PHNT_20H1) +NTSYSAPI +VOID +NTAPI +RtlInitUTF8String( + _Out_ PUTF8_STRING DestinationString, + _In_opt_z_ PCSZ SourceString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlInitUTF8StringEx( + _Out_ PUTF8_STRING DestinationString, + _In_opt_z_ PCSZ SourceString + ); + +NTSYSAPI +VOID +NTAPI +RtlFreeUTF8String( + _Inout_ _At_(Utf8String->Buffer, _Frees_ptr_opt_) PUTF8_STRING Utf8String + ); +#endif + +NTSYSAPI +VOID +NTAPI +RtlFreeOemString( + _Inout_ POEM_STRING OemString + ); + +NTSYSAPI +VOID +NTAPI +RtlCopyString( + _In_ PSTRING DestinationString, + _In_opt_ PSTRING SourceString + ); + +NTSYSAPI +CHAR +NTAPI +RtlUpperChar( + _In_ CHAR Character + ); + +_Must_inspect_result_ +NTSYSAPI +LONG +NTAPI +RtlCompareString( + _In_ PSTRING String1, + _In_ PSTRING String2, + _In_ BOOLEAN CaseInSensitive + ); + +_Must_inspect_result_ +NTSYSAPI +BOOLEAN +NTAPI +RtlEqualString( + _In_ PSTRING String1, + _In_ PSTRING String2, + _In_ BOOLEAN CaseInSensitive + ); + +_Must_inspect_result_ +NTSYSAPI +BOOLEAN +NTAPI +RtlPrefixString( + _In_ PSTRING String1, + _In_ PSTRING String2, + _In_ BOOLEAN CaseInSensitive + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAppendStringToString( + _Inout_ PSTRING Destination, + _In_ PSTRING Source + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAppendAsciizToString( + _In_ PSTRING Destination, + _In_opt_ PCSTR Source + ); + +NTSYSAPI +VOID +NTAPI +RtlUpperString( + _Inout_ PSTRING DestinationString, + _In_ const STRING* SourceString + ); + +FORCEINLINE +BOOLEAN +RtlIsNullOrEmptyUnicodeString( + _In_opt_ PUNICODE_STRING String + ) +{ + return !String || String->Length == 0; +} + +FORCEINLINE +VOID +NTAPI +RtlInitEmptyUnicodeString( + _Out_ PUNICODE_STRING DestinationString, + _Writable_bytes_(MaximumLength) _When_(MaximumLength != 0, _Notnull_) PWCHAR Buffer, + _In_ USHORT MaximumLength + ) +{ + memset(DestinationString, 0, sizeof(UNICODE_STRING)); + DestinationString->MaximumLength = MaximumLength; + DestinationString->Buffer = Buffer; +} + +#ifndef PHNT_NO_INLINE_INIT_STRING +FORCEINLINE VOID RtlInitUnicodeString( + _Out_ PUNICODE_STRING DestinationString, + _In_opt_z_ PCWSTR SourceString + ) +{ + if (SourceString) + DestinationString->MaximumLength = (DestinationString->Length = (USHORT)(wcslen(SourceString) * sizeof(WCHAR))) + sizeof(UNICODE_NULL); + else + DestinationString->MaximumLength = DestinationString->Length = 0; + + DestinationString->Buffer = (PWCH)SourceString; +} +#else +NTSYSAPI +VOID +NTAPI +RtlInitUnicodeString( + _Out_ PUNICODE_STRING DestinationString, + _In_opt_z_ PCWSTR SourceString + ); +#endif + +#ifndef PHNT_NO_INLINE_INIT_STRING +FORCEINLINE NTSTATUS RtlInitUnicodeStringEx( + _Out_ PUNICODE_STRING DestinationString, + _In_opt_z_ PCWSTR SourceString + ) +{ + size_t stringLength; + + DestinationString->Length = 0; + DestinationString->Buffer = (PWCH)SourceString; + + if (!SourceString) + return STATUS_SUCCESS; + + stringLength = wcslen(SourceString); + + if (stringLength <= UNICODE_STRING_MAX_CHARS - 1) + { + DestinationString->Length = (USHORT)stringLength * sizeof(WCHAR); + DestinationString->MaximumLength = DestinationString->Length + sizeof(UNICODE_NULL); + return STATUS_SUCCESS; + } + + return STATUS_NAME_TOO_LONG; +} +#else +NTSYSAPI +NTSTATUS +NTAPI +RtlInitUnicodeStringEx( + _Out_ PUNICODE_STRING DestinationString, + _In_opt_z_ PCWSTR SourceString + ); +#endif + +_Success_(return != 0) +_Must_inspect_result_ +NTSYSAPI +BOOLEAN +NTAPI +RtlCreateUnicodeString( + _Out_ PUNICODE_STRING DestinationString, + _In_z_ PCWSTR SourceString + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlCreateUnicodeStringFromAsciiz( + _Out_ PUNICODE_STRING DestinationString, + _In_ PCSTR SourceString + ); + +NTSYSAPI +VOID +NTAPI +RtlFreeUnicodeString( + _Inout_ _At_(UnicodeString->Buffer, _Frees_ptr_opt_) PUNICODE_STRING UnicodeString + ); + +#define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE (0x00000001) +#define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING (0x00000002) + +NTSYSAPI +NTSTATUS +NTAPI +RtlDuplicateUnicodeString( + _In_ ULONG Flags, + _In_ PUNICODE_STRING StringIn, + _Out_ PUNICODE_STRING StringOut + ); + +NTSYSAPI +VOID +NTAPI +RtlCopyUnicodeString( + _In_ PUNICODE_STRING DestinationString, + _In_opt_ PCUNICODE_STRING SourceString + ); + +NTSYSAPI +WCHAR +NTAPI +RtlUpcaseUnicodeChar( + _In_ WCHAR SourceCharacter + ); + +NTSYSAPI +WCHAR +NTAPI +RtlDowncaseUnicodeChar( + _In_ WCHAR SourceCharacter + ); + +_Must_inspect_result_ +NTSYSAPI +LONG +NTAPI +RtlCompareUnicodeString( + _In_ PUNICODE_STRING String1, + _In_ PUNICODE_STRING String2, + _In_ BOOLEAN CaseInSensitive + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +_Must_inspect_result_ +NTSYSAPI +LONG +NTAPI +RtlCompareUnicodeStrings( + _In_reads_(String1Length) PCWCH String1, + _In_ SIZE_T String1Length, + _In_reads_(String2Length) PCWCH String2, + _In_ SIZE_T String2Length, + _In_ BOOLEAN CaseInSensitive + ); +#endif + +_Must_inspect_result_ +NTSYSAPI +BOOLEAN +NTAPI +RtlEqualUnicodeString( + _In_ PUNICODE_STRING String1, + _In_ PUNICODE_STRING String2, + _In_ BOOLEAN CaseInSensitive + ); + +#define HASH_STRING_ALGORITHM_DEFAULT 0 +#define HASH_STRING_ALGORITHM_X65599 1 +#define HASH_STRING_ALGORITHM_INVALID 0xffffffff + +NTSYSAPI +NTSTATUS +NTAPI +RtlHashUnicodeString( + _In_ PUNICODE_STRING String, + _In_ BOOLEAN CaseInSensitive, + _In_ ULONG HashAlgorithm, + _Out_ PULONG HashValue + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlValidateUnicodeString( + _In_ ULONG Flags, + _In_ PUNICODE_STRING String + ); + +_Must_inspect_result_ +NTSYSAPI +BOOLEAN +NTAPI +RtlPrefixUnicodeString( + _In_ PUNICODE_STRING String1, + _In_ PUNICODE_STRING String2, + _In_ BOOLEAN CaseInSensitive + ); + +#if (PHNT_MODE == PHNT_MODE_KERNEL && PHNT_VERSION >= PHNT_THRESHOLD) +_Must_inspect_result_ +NTSYSAPI +BOOLEAN +NTAPI +RtlSuffixUnicodeString( + _In_ PUNICODE_STRING String1, + _In_ PUNICODE_STRING String2, + _In_ BOOLEAN CaseInSensitive + ); +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +_Must_inspect_result_ +NTSYSAPI +PWCHAR +NTAPI +RtlFindUnicodeSubstring( + _In_ PUNICODE_STRING FullString, + _In_ PUNICODE_STRING SearchString, + _In_ BOOLEAN CaseInSensitive + ); +#endif + +#define RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END 0x00000001 +#define RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET 0x00000002 +#define RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE 0x00000004 + +NTSYSAPI +NTSTATUS +NTAPI +RtlFindCharInUnicodeString( + _In_ ULONG Flags, + _In_ PUNICODE_STRING StringToSearch, + _In_ PUNICODE_STRING CharSet, + _Out_ PUSHORT NonInclusivePrefixLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAppendUnicodeStringToString( + _In_ PUNICODE_STRING Destination, + _In_ PCUNICODE_STRING Source + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAppendUnicodeToString( + _In_ PUNICODE_STRING Destination, + _In_opt_ PCWSTR Source + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUpcaseUnicodeString( + _Inout_ PUNICODE_STRING DestinationString, + _In_ PUNICODE_STRING SourceString, + _In_ BOOLEAN AllocateDestinationString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDowncaseUnicodeString( + _Inout_ PUNICODE_STRING DestinationString, + _In_ PUNICODE_STRING SourceString, + _In_ BOOLEAN AllocateDestinationString + ); + +NTSYSAPI +VOID +NTAPI +RtlEraseUnicodeString( + _Inout_ PUNICODE_STRING String + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAnsiStringToUnicodeString( + _Inout_ PUNICODE_STRING DestinationString, + _In_ PANSI_STRING SourceString, + _In_ BOOLEAN AllocateDestinationString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUnicodeStringToAnsiString( + _Inout_ PANSI_STRING DestinationString, + _In_ PUNICODE_STRING SourceString, + _In_ BOOLEAN AllocateDestinationString + ); + +// rev +NTSYSAPI +ULONG +NTAPI +RtlUnicodeStringToAnsiSize( + _In_ PUNICODE_STRING SourceString + ); + +#if (PHNT_VERSION >= PHNT_20H1) +NTSYSAPI +NTSTATUS +NTAPI +RtlUnicodeStringToUTF8String( + _Inout_ PUTF8_STRING DestinationString, + _In_ PCUNICODE_STRING SourceString, + _In_ BOOLEAN AllocateDestinationString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUTF8StringToUnicodeString( + _Inout_ PUNICODE_STRING DestinationString, + _In_ PUTF8_STRING SourceString, + _In_ BOOLEAN AllocateDestinationString + ); +#endif + +NTSYSAPI +WCHAR +NTAPI +RtlAnsiCharToUnicodeChar( + _Inout_ PUCHAR *SourceCharacter + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUpcaseUnicodeStringToAnsiString( + _Inout_ PANSI_STRING DestinationString, + _In_ PUNICODE_STRING SourceString, + _In_ BOOLEAN AllocateDestinationString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlOemStringToUnicodeString( + _Inout_ PUNICODE_STRING DestinationString, + _In_ POEM_STRING SourceString, + _In_ BOOLEAN AllocateDestinationString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUnicodeStringToOemString( + _Inout_ POEM_STRING DestinationString, + _In_ PUNICODE_STRING SourceString, + _In_ BOOLEAN AllocateDestinationString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUpcaseUnicodeStringToOemString( + _Inout_ POEM_STRING DestinationString, + _In_ PUNICODE_STRING SourceString, + _In_ BOOLEAN AllocateDestinationString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlOemStringToCountedUnicodeString( + _Inout_ PUNICODE_STRING DestinationString, + _In_ PCOEM_STRING SourceString, + _In_ BOOLEAN AllocateDestinationString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUnicodeStringToCountedOemString( + _Inout_ POEM_STRING DestinationString, + _In_ PUNICODE_STRING SourceString, + _In_ BOOLEAN AllocateDestinationString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUpcaseUnicodeStringToCountedOemString( + _Inout_ POEM_STRING DestinationString, + _In_ PUNICODE_STRING SourceString, + _In_ BOOLEAN AllocateDestinationString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlMultiByteToUnicodeN( + _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString, + _In_ ULONG MaxBytesInUnicodeString, + _Out_opt_ PULONG BytesInUnicodeString, + _In_reads_bytes_(BytesInMultiByteString) PCSTR MultiByteString, + _In_ ULONG BytesInMultiByteString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlMultiByteToUnicodeSize( + _Out_ PULONG BytesInUnicodeString, + _In_reads_bytes_(BytesInMultiByteString) PCSTR MultiByteString, + _In_ ULONG BytesInMultiByteString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUnicodeToMultiByteN( + _Out_writes_bytes_to_(MaxBytesInMultiByteString, *BytesInMultiByteString) PCHAR MultiByteString, + _In_ ULONG MaxBytesInMultiByteString, + _Out_opt_ PULONG BytesInMultiByteString, + _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString, + _In_ ULONG BytesInUnicodeString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUnicodeToMultiByteSize( + _Out_ PULONG BytesInMultiByteString, + _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString, + _In_ ULONG BytesInUnicodeString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUpcaseUnicodeToMultiByteN( + _Out_writes_bytes_to_(MaxBytesInMultiByteString, *BytesInMultiByteString) PCHAR MultiByteString, + _In_ ULONG MaxBytesInMultiByteString, + _Out_opt_ PULONG BytesInMultiByteString, + _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString, + _In_ ULONG BytesInUnicodeString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlOemToUnicodeN( + _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWSTR UnicodeString, + _In_ ULONG MaxBytesInUnicodeString, + _Out_opt_ PULONG BytesInUnicodeString, + _In_reads_bytes_(BytesInOemString) PCCH OemString, + _In_ ULONG BytesInOemString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUnicodeToOemN( + _Out_writes_bytes_to_(MaxBytesInOemString, *BytesInOemString) PCHAR OemString, + _In_ ULONG MaxBytesInOemString, + _Out_opt_ PULONG BytesInOemString, + _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString, + _In_ ULONG BytesInUnicodeString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUpcaseUnicodeToOemN( + _Out_writes_bytes_to_(MaxBytesInOemString, *BytesInOemString) PCHAR OemString, + _In_ ULONG MaxBytesInOemString, + _Out_opt_ PULONG BytesInOemString, + _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString, + _In_ ULONG BytesInUnicodeString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlConsoleMultiByteToUnicodeN( + _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString, + _In_ ULONG MaxBytesInUnicodeString, + _Out_opt_ PULONG BytesInUnicodeString, + _In_reads_bytes_(BytesInMultiByteString) PCCH MultiByteString, + _In_ ULONG BytesInMultiByteString, + _Out_ PULONG pdwSpecialChar + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSAPI +NTSTATUS +NTAPI +RtlUTF8ToUnicodeN( + _Out_writes_bytes_to_(UnicodeStringMaxByteCount, *UnicodeStringActualByteCount) PWSTR UnicodeStringDestination, + _In_ ULONG UnicodeStringMaxByteCount, + _Out_opt_ PULONG UnicodeStringActualByteCount, + _In_reads_bytes_(UTF8StringByteCount) PCCH UTF8StringSource, + _In_ ULONG UTF8StringByteCount + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSAPI +NTSTATUS +NTAPI +RtlUnicodeToUTF8N( + _Out_writes_bytes_to_(UTF8StringMaxByteCount, *UTF8StringActualByteCount) PCHAR UTF8StringDestination, + _In_ ULONG UTF8StringMaxByteCount, + _Out_opt_ PULONG UTF8StringActualByteCount, + _In_reads_bytes_(UnicodeStringByteCount) PCWCH UnicodeStringSource, + _In_ ULONG UnicodeStringByteCount + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlCustomCPToUnicodeN( + _In_ PCPTABLEINFO CustomCP, + _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString, + _In_ ULONG MaxBytesInUnicodeString, + _Out_opt_ PULONG BytesInUnicodeString, + _In_reads_bytes_(BytesInCustomCPString) PCH CustomCPString, + _In_ ULONG BytesInCustomCPString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUnicodeToCustomCPN( + _In_ PCPTABLEINFO CustomCP, + _Out_writes_bytes_to_(MaxBytesInCustomCPString, *BytesInCustomCPString) PCH CustomCPString, + _In_ ULONG MaxBytesInCustomCPString, + _Out_opt_ PULONG BytesInCustomCPString, + _In_reads_bytes_(BytesInUnicodeString) PWCH UnicodeString, + _In_ ULONG BytesInUnicodeString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUpcaseUnicodeToCustomCPN( + _In_ PCPTABLEINFO CustomCP, + _Out_writes_bytes_to_(MaxBytesInCustomCPString, *BytesInCustomCPString) PCH CustomCPString, + _In_ ULONG MaxBytesInCustomCPString, + _Out_opt_ PULONG BytesInCustomCPString, + _In_reads_bytes_(BytesInUnicodeString) PWCH UnicodeString, + _In_ ULONG BytesInUnicodeString + ); + +NTSYSAPI +VOID +NTAPI +RtlInitCodePageTable( + _In_reads_z_(2) PUSHORT TableBase, + _Inout_ PCPTABLEINFO CodePageTable + ); + +NTSYSAPI +VOID +NTAPI +RtlInitNlsTables( + _In_ PUSHORT AnsiNlsBase, + _In_ PUSHORT OemNlsBase, + _In_ PUSHORT LanguageNlsBase, + _Out_ PNLSTABLEINFO TableInfo // PCPTABLEINFO? + ); + +NTSYSAPI +VOID +NTAPI +RtlResetRtlTranslations( + _In_ PNLSTABLEINFO TableInfo + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlIsTextUnicode( + _In_ PVOID Buffer, + _In_ ULONG Size, + _Inout_opt_ PULONG Result + ); + +typedef enum _RTL_NORM_FORM +{ + NormOther = 0x0, + NormC = 0x1, + NormD = 0x2, + NormKC = 0x5, + NormKD = 0x6, + NormIdna = 0xd, + DisallowUnassigned = 0x100, + NormCDisallowUnassigned = 0x101, + NormDDisallowUnassigned = 0x102, + NormKCDisallowUnassigned = 0x105, + NormKDDisallowUnassigned = 0x106, + NormIdnaDisallowUnassigned = 0x10d +} RTL_NORM_FORM; + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSAPI +NTSTATUS +NTAPI +RtlNormalizeString( + _In_ ULONG NormForm, // RTL_NORM_FORM + _In_ PCWSTR SourceString, + _In_ LONG SourceStringLength, + _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString, + _Inout_ PLONG DestinationStringLength + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSAPI +NTSTATUS +NTAPI +RtlIsNormalizedString( + _In_ ULONG NormForm, // RTL_NORM_FORM + _In_ PCWSTR SourceString, + _In_ LONG SourceStringLength, + _Out_ PBOOLEAN Normalized + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN7) +// ntifs:FsRtlIsNameInExpression +NTSYSAPI +BOOLEAN +NTAPI +RtlIsNameInExpression( + _In_ PUNICODE_STRING Expression, + _In_ PUNICODE_STRING Name, + _In_ BOOLEAN IgnoreCase, + _In_opt_ PWCH UpcaseTable + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE4) +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlIsNameInUnUpcasedExpression( + _In_ PUNICODE_STRING Expression, + _In_ PUNICODE_STRING Name, + _In_ BOOLEAN IgnoreCase, + _In_opt_ PWCH UpcaseTable + ); +#endif + +#if (PHNT_VERSION >= PHNT_19H1) +NTSYSAPI +BOOLEAN +NTAPI +RtlDoesNameContainWildCards( + _In_ PUNICODE_STRING Expression + ); +#endif + +NTSYSAPI +BOOLEAN +NTAPI +RtlEqualDomainName( + _In_ PUNICODE_STRING String1, + _In_ PUNICODE_STRING String2 + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlEqualComputerName( + _In_ PUNICODE_STRING String1, + _In_ PUNICODE_STRING String2 + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDnsHostNameToComputerName( + _Out_ PUNICODE_STRING ComputerNameString, + _In_ PUNICODE_STRING DnsHostNameString, + _In_ BOOLEAN AllocateComputerNameString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlStringFromGUID( + _In_ PGUID Guid, + _Out_ PUNICODE_STRING GuidString + ); + +#if (PHNT_VERSION >= PHNT_WINBLUE) + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlStringFromGUIDEx( + _In_ PGUID Guid, + _Inout_ PUNICODE_STRING GuidString, + _In_ BOOLEAN AllocateGuidString + ); + +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlGUIDFromString( + _In_ PUNICODE_STRING GuidString, + _Out_ PGUID Guid + ); + +#if (PHNT_VERSION >= PHNT_VISTA) + +NTSYSAPI +LONG +NTAPI +RtlCompareAltitudes( + _In_ PUNICODE_STRING Altitude1, + _In_ PUNICODE_STRING Altitude2 + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlIdnToAscii( + _In_ ULONG Flags, + _In_ PCWSTR SourceString, + _In_ LONG SourceStringLength, + _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString, + _Inout_ PLONG DestinationStringLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlIdnToUnicode( + _In_ ULONG Flags, + _In_ PCWSTR SourceString, + _In_ LONG SourceStringLength, + _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString, + _Inout_ PLONG DestinationStringLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlIdnToNameprepUnicode( + _In_ ULONG Flags, + _In_ PCWSTR SourceString, + _In_ LONG SourceStringLength, + _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString, + _Inout_ PLONG DestinationStringLength + ); + +#endif + +// Prefix + +typedef struct _PREFIX_TABLE_ENTRY +{ + CSHORT NodeTypeCode; + CSHORT NameLength; + struct _PREFIX_TABLE_ENTRY *NextPrefixTree; + RTL_SPLAY_LINKS Links; + PSTRING Prefix; +} PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY; + +typedef struct _PREFIX_TABLE +{ + CSHORT NodeTypeCode; + CSHORT NameLength; + PPREFIX_TABLE_ENTRY NextPrefixTree; +} PREFIX_TABLE, *PPREFIX_TABLE; + +NTSYSAPI +VOID +NTAPI +PfxInitialize( + _Out_ PPREFIX_TABLE PrefixTable + ); + +NTSYSAPI +BOOLEAN +NTAPI +PfxInsertPrefix( + _In_ PPREFIX_TABLE PrefixTable, + _In_ PSTRING Prefix, + _Out_ PPREFIX_TABLE_ENTRY PrefixTableEntry + ); + +NTSYSAPI +VOID +NTAPI +PfxRemovePrefix( + _In_ PPREFIX_TABLE PrefixTable, + _In_ PPREFIX_TABLE_ENTRY PrefixTableEntry + ); + +NTSYSAPI +PPREFIX_TABLE_ENTRY +NTAPI +PfxFindPrefix( + _In_ PPREFIX_TABLE PrefixTable, + _In_ PSTRING FullName + ); + +typedef struct _UNICODE_PREFIX_TABLE_ENTRY +{ + CSHORT NodeTypeCode; + CSHORT NameLength; + struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree; + struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch; + RTL_SPLAY_LINKS Links; + PUNICODE_STRING Prefix; +} UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY; + +typedef struct _UNICODE_PREFIX_TABLE +{ + CSHORT NodeTypeCode; + CSHORT NameLength; + PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree; + PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry; +} UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE; + +NTSYSAPI +VOID +NTAPI +RtlInitializeUnicodePrefix( + _Out_ PUNICODE_PREFIX_TABLE PrefixTable + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlInsertUnicodePrefix( + _In_ PUNICODE_PREFIX_TABLE PrefixTable, + _In_ PUNICODE_STRING Prefix, + _Out_ PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry + ); + +NTSYSAPI +VOID +NTAPI +RtlRemoveUnicodePrefix( + _In_ PUNICODE_PREFIX_TABLE PrefixTable, + _In_ PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry + ); + +NTSYSAPI +PUNICODE_PREFIX_TABLE_ENTRY +NTAPI +RtlFindUnicodePrefix( + _In_ PUNICODE_PREFIX_TABLE PrefixTable, + _In_ PUNICODE_STRING FullName, + _In_ ULONG CaseInsensitiveIndex + ); + +NTSYSAPI +PUNICODE_PREFIX_TABLE_ENTRY +NTAPI +RtlNextUnicodePrefix( + _In_ PUNICODE_PREFIX_TABLE PrefixTable, + _In_ BOOLEAN Restart + ); + +// Compression + +typedef struct _COMPRESSED_DATA_INFO +{ + USHORT CompressionFormatAndEngine; // COMPRESSION_FORMAT_* and COMPRESSION_ENGINE_* + + UCHAR CompressionUnitShift; + UCHAR ChunkShift; + UCHAR ClusterShift; + UCHAR Reserved; + + USHORT NumberOfChunks; + + ULONG CompressedChunkSizes[1]; +} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO; + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetCompressionWorkSpaceSize( + _In_ USHORT CompressionFormatAndEngine, + _Out_ PULONG CompressBufferWorkSpaceSize, + _Out_ PULONG CompressFragmentWorkSpaceSize + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCompressBuffer( + _In_ USHORT CompressionFormatAndEngine, + _In_reads_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer, + _In_ ULONG UncompressedBufferSize, + _Out_writes_bytes_to_(CompressedBufferSize, *FinalCompressedSize) PUCHAR CompressedBuffer, + _In_ ULONG CompressedBufferSize, + _In_ ULONG UncompressedChunkSize, + _Out_ PULONG FinalCompressedSize, + _In_ PVOID WorkSpace + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDecompressBuffer( + _In_ USHORT CompressionFormat, + _Out_writes_bytes_to_(UncompressedBufferSize, *FinalUncompressedSize) PUCHAR UncompressedBuffer, + _In_ ULONG UncompressedBufferSize, + _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer, + _In_ ULONG CompressedBufferSize, + _Out_ PULONG FinalUncompressedSize + ); + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSAPI +NTSTATUS +NTAPI +RtlDecompressBufferEx( + _In_ USHORT CompressionFormat, + _Out_writes_bytes_to_(UncompressedBufferSize, *FinalUncompressedSize) PUCHAR UncompressedBuffer, + _In_ ULONG UncompressedBufferSize, + _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer, + _In_ ULONG CompressedBufferSize, + _Out_ PULONG FinalUncompressedSize, + _In_opt_ PVOID WorkSpace + ); +#endif + +#if (PHNT_VERSION >= PHNT_WINBLUE) +NTSYSAPI +NTSTATUS +NTAPI +RtlDecompressBufferEx2( + _In_ USHORT CompressionFormat, + _Out_writes_bytes_to_(UncompressedBufferSize, *FinalUncompressedSize) PUCHAR UncompressedBuffer, + _In_ ULONG UncompressedBufferSize, + _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer, + _In_ ULONG CompressedBufferSize, + _In_ ULONG UncompressedChunkSize, + _Out_ PULONG FinalUncompressedSize, + _In_opt_ PVOID WorkSpace + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlDecompressFragment( + _In_ USHORT CompressionFormat, + _Out_writes_bytes_to_(UncompressedFragmentSize, *FinalUncompressedSize) PUCHAR UncompressedFragment, + _In_ ULONG UncompressedFragmentSize, + _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer, + _In_ ULONG CompressedBufferSize, + _In_range_(<, CompressedBufferSize) ULONG FragmentOffset, + _Out_ PULONG FinalUncompressedSize, + _In_ PVOID WorkSpace + ); + +#if (PHNT_VERSION >= PHNT_WINBLUE) +NTSYSAPI +NTSTATUS +NTAPI +RtlDecompressFragmentEx( + _In_ USHORT CompressionFormat, + _Out_writes_bytes_to_(UncompressedFragmentSize, *FinalUncompressedSize) PUCHAR UncompressedFragment, + _In_ ULONG UncompressedFragmentSize, + _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer, + _In_ ULONG CompressedBufferSize, + _In_range_(<, CompressedBufferSize) ULONG FragmentOffset, + _In_ ULONG UncompressedChunkSize, + _Out_ PULONG FinalUncompressedSize, + _In_ PVOID WorkSpace + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlDescribeChunk( + _In_ USHORT CompressionFormat, + _Inout_ PUCHAR *CompressedBuffer, + _In_ PUCHAR EndOfCompressedBufferPlus1, + _Out_ PUCHAR *ChunkBuffer, + _Out_ PULONG ChunkSize + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlReserveChunk( + _In_ USHORT CompressionFormat, + _Inout_ PUCHAR *CompressedBuffer, + _In_ PUCHAR EndOfCompressedBufferPlus1, + _Out_ PUCHAR *ChunkBuffer, + _In_ ULONG ChunkSize + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDecompressChunks( + _Out_writes_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer, + _In_ ULONG UncompressedBufferSize, + _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer, + _In_ ULONG CompressedBufferSize, + _In_reads_bytes_(CompressedTailSize) PUCHAR CompressedTail, + _In_ ULONG CompressedTailSize, + _In_ PCOMPRESSED_DATA_INFO CompressedDataInfo + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCompressChunks( + _In_reads_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer, + _In_ ULONG UncompressedBufferSize, + _Out_writes_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer, + _In_range_(>=, (UncompressedBufferSize - (UncompressedBufferSize / 16))) ULONG CompressedBufferSize, + _Inout_updates_bytes_(CompressedDataInfoLength) PCOMPRESSED_DATA_INFO CompressedDataInfo, + _In_range_(>, sizeof(COMPRESSED_DATA_INFO)) ULONG CompressedDataInfoLength, + _In_ PVOID WorkSpace + ); + +// Locale + +#if (PHNT_VERSION >= PHNT_VISTA) + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlConvertLCIDToString( + _In_ LCID LcidValue, + _In_ ULONG Base, + _In_ ULONG Padding, // string is padded to this width + _Out_writes_(Size) PWSTR pResultBuf, + _In_ ULONG Size + ); + +// private +NTSYSAPI +BOOLEAN +NTAPI +RtlIsValidLocaleName( + _In_ PCWSTR LocaleName, + _In_ ULONG Flags + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlGetParentLocaleName( + _In_ PCWSTR LocaleName, + _Inout_ PUNICODE_STRING ParentLocaleName, + _In_ ULONG Flags, + _In_ BOOLEAN AllocateDestinationString + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlLcidToLocaleName( + _In_ LCID lcid, // sic + _Inout_ PUNICODE_STRING LocaleName, + _In_ ULONG Flags, + _In_ BOOLEAN AllocateDestinationString + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlLocaleNameToLcid( + _In_ PCWSTR LocaleName, + _Out_ PLCID lcid, + _In_ ULONG Flags + ); + +// private +NTSYSAPI +BOOLEAN +NTAPI +RtlLCIDToCultureName( + _In_ LCID Lcid, + _Inout_ PUNICODE_STRING String + ); + +// private +NTSYSAPI +BOOLEAN +NTAPI +RtlCultureNameToLCID( + _In_ PUNICODE_STRING String, + _Out_ PLCID Lcid + ); + +// private +NTSYSAPI +VOID +NTAPI +RtlCleanUpTEBLangLists( + VOID + ); + +#endif + +#if (PHNT_VERSION >= PHNT_WIN7) + +// rev from GetThreadPreferredUILanguages +NTSYSAPI +NTSTATUS +NTAPI +RtlGetThreadPreferredUILanguages( + _In_ ULONG Flags, // MUI_LANGUAGE_NAME + _Out_ PULONG NumberOfLanguages, + _Out_writes_opt_(*ReturnLength) PZZWSTR Languages, + _Inout_ PULONG ReturnLength + ); + +// rev from GetProcessPreferredUILanguages +NTSYSAPI +NTSTATUS +NTAPI +RtlGetProcessPreferredUILanguages( + _In_ ULONG Flags, // MUI_LANGUAGE_NAME + _Out_ PULONG NumberOfLanguages, + _Out_writes_opt_(*ReturnLength) PZZWSTR Languages, + _Inout_ PULONG ReturnLength + ); + +// rev from GetSystemPreferredUILanguages +NTSYSAPI +NTSTATUS +NTAPI +RtlGetSystemPreferredUILanguages( + _In_ ULONG Flags, // MUI_LANGUAGE_NAME + _In_ PCWSTR LocaleName, + _Out_ PULONG NumberOfLanguages, + _Out_writes_opt_(*ReturnLength) PZZWSTR Languages, + _Inout_ PULONG ReturnLength + ); + +// rev from GetSystemDefaultUILanguage +NTSYSAPI +NTSTATUS +NTAPI +RtlpGetSystemDefaultUILanguage( + _Out_ LANGID DefaultUILanguageId, + _Inout_ PLCID Lcid + ); + +// rev from GetUserPreferredUILanguages +NTSYSAPI +NTSTATUS +NTAPI +RtlGetUserPreferredUILanguages( + _In_ ULONG Flags, // MUI_LANGUAGE_NAME + _In_ PCWSTR LocaleName, + _Out_ PULONG NumberOfLanguages, + _Out_writes_opt_(*ReturnLength) PZZWSTR Languages, + _Inout_ PULONG ReturnLength + ); + +// rev from GetUILanguageInfo +NTSYSAPI +NTSTATUS +NTAPI +RtlGetUILanguageInfo( + _In_ ULONG Flags, + _In_ PCZZWSTR Languages, + _Out_writes_opt_(*NumberOfFallbackLanguages) PZZWSTR FallbackLanguages, + _Inout_opt_ PULONG NumberOfFallbackLanguages, + _Out_ PULONG Attributes + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlGetLocaleFileMappingAddress( + _Out_ PVOID *BaseAddress, + _Out_ PLCID DefaultLocaleId, + _Out_ PLARGE_INTEGER DefaultCasingTableSize, + _Out_opt_ PULONG CurrentNLSVersion + ); + +#endif + +// PEB + +NTSYSAPI +PPEB +NTAPI +RtlGetCurrentPeb( + VOID + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAcquirePebLock( + VOID + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlReleasePebLock( + VOID + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +LOGICAL +NTAPI +RtlTryAcquirePebLock( + VOID + ); +#endif + +#if (PHNT_VERSION < PHNT_VISTA) +NTSYSAPI +NTSTATUS +NTAPI +RtlAllocateFromPeb( + _In_ ULONG Size, + _Out_ PVOID *Block + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlFreeToPeb( + _In_ PVOID Block, + _In_ ULONG Size + ); +#endif + +// Processes + +typedef struct _CURDIR +{ + UNICODE_STRING DosPath; + HANDLE Handle; +} CURDIR, *PCURDIR; + +#define RTL_USER_PROC_CURDIR_CLOSE 0x00000002 +#define RTL_USER_PROC_CURDIR_INHERIT 0x00000003 + +typedef struct _RTL_DRIVE_LETTER_CURDIR +{ + USHORT Flags; + USHORT Length; + ULONG TimeStamp; + STRING DosPath; +} RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR; + +#define RTL_MAX_DRIVE_LETTERS 32 +#define RTL_DRIVE_LETTER_VALID (USHORT)0x0001 + +typedef struct _RTL_USER_PROCESS_PARAMETERS +{ + ULONG MaximumLength; + ULONG Length; + + ULONG Flags; + ULONG DebugFlags; + + HANDLE ConsoleHandle; + ULONG ConsoleFlags; + HANDLE StandardInput; + HANDLE StandardOutput; + HANDLE StandardError; + + CURDIR CurrentDirectory; + UNICODE_STRING DllPath; + UNICODE_STRING ImagePathName; + UNICODE_STRING CommandLine; + PVOID Environment; + + ULONG StartingX; + ULONG StartingY; + ULONG CountX; + ULONG CountY; + ULONG CountCharsX; + ULONG CountCharsY; + ULONG FillAttribute; + + ULONG WindowFlags; + ULONG ShowWindowFlags; + UNICODE_STRING WindowTitle; + UNICODE_STRING DesktopInfo; + UNICODE_STRING ShellInfo; + UNICODE_STRING RuntimeData; + RTL_DRIVE_LETTER_CURDIR CurrentDirectories[RTL_MAX_DRIVE_LETTERS]; + + ULONG_PTR EnvironmentSize; + ULONG_PTR EnvironmentVersion; + + PVOID PackageDependencyData; + ULONG ProcessGroupId; + ULONG LoaderThreads; + + UNICODE_STRING RedirectionDllName; // REDSTONE4 + UNICODE_STRING HeapPartitionName; // 19H1 + ULONG_PTR DefaultThreadpoolCpuSetMasks; + ULONG DefaultThreadpoolCpuSetMaskCount; + ULONG DefaultThreadpoolThreadMaximum; + ULONG HeapMemoryTypeMask; // WIN11 +} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; + +#define RTL_USER_PROC_PARAMS_NORMALIZED 0x00000001 +#define RTL_USER_PROC_PROFILE_USER 0x00000002 +#define RTL_USER_PROC_PROFILE_KERNEL 0x00000004 +#define RTL_USER_PROC_PROFILE_SERVER 0x00000008 +#define RTL_USER_PROC_RESERVE_1MB 0x00000020 +#define RTL_USER_PROC_RESERVE_16MB 0x00000040 +#define RTL_USER_PROC_CASE_SENSITIVE 0x00000080 +#define RTL_USER_PROC_DISABLE_HEAP_DECOMMIT 0x00000100 +#define RTL_USER_PROC_DLL_REDIRECTION_LOCAL 0x00001000 +#define RTL_USER_PROC_APP_MANIFEST_PRESENT 0x00002000 +#define RTL_USER_PROC_IMAGE_KEY_MISSING 0x00004000 +#define RTL_USER_PROC_OPTIN_PROCESS 0x00020000 + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateProcessParameters( + _Out_ PRTL_USER_PROCESS_PARAMETERS *pProcessParameters, + _In_ PUNICODE_STRING ImagePathName, + _In_opt_ PUNICODE_STRING DllPath, + _In_opt_ PUNICODE_STRING CurrentDirectory, + _In_opt_ PUNICODE_STRING CommandLine, + _In_opt_ PVOID Environment, + _In_opt_ PUNICODE_STRING WindowTitle, + _In_opt_ PUNICODE_STRING DesktopInfo, + _In_opt_ PUNICODE_STRING ShellInfo, + _In_opt_ PUNICODE_STRING RuntimeData + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateProcessParametersEx( + _Out_ PRTL_USER_PROCESS_PARAMETERS *pProcessParameters, + _In_ PUNICODE_STRING ImagePathName, + _In_opt_ PUNICODE_STRING DllPath, + _In_opt_ PUNICODE_STRING CurrentDirectory, + _In_opt_ PUNICODE_STRING CommandLine, + _In_opt_ PVOID Environment, + _In_opt_ PUNICODE_STRING WindowTitle, + _In_opt_ PUNICODE_STRING DesktopInfo, + _In_opt_ PUNICODE_STRING ShellInfo, + _In_opt_ PUNICODE_STRING RuntimeData, + _In_ ULONG Flags // pass RTL_USER_PROC_PARAMS_NORMALIZED to keep parameters normalized + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlDestroyProcessParameters( + _In_ _Post_invalid_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters + ); + +NTSYSAPI +PRTL_USER_PROCESS_PARAMETERS +NTAPI +RtlNormalizeProcessParams( + _Inout_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters + ); + +NTSYSAPI +PRTL_USER_PROCESS_PARAMETERS +NTAPI +RtlDeNormalizeProcessParams( + _Inout_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters + ); + +typedef struct _RTL_USER_PROCESS_INFORMATION +{ + ULONG Length; + HANDLE ProcessHandle; + HANDLE ThreadHandle; + CLIENT_ID ClientId; + SECTION_IMAGE_INFORMATION ImageInformation; +} RTL_USER_PROCESS_INFORMATION, *PRTL_USER_PROCESS_INFORMATION; + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateUserProcess( + _In_ PUNICODE_STRING NtImagePathName, + _In_ ULONG AttributesDeprecated, + _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters, + _In_opt_ PSECURITY_DESCRIPTOR ProcessSecurityDescriptor, + _In_opt_ PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, + _In_opt_ HANDLE ParentProcess, + _In_ BOOLEAN InheritHandles, + _In_opt_ HANDLE DebugPort, + _In_opt_ HANDLE TokenHandle, // used to be ExceptionPort + _Out_ PRTL_USER_PROCESS_INFORMATION ProcessInformation + ); + +#if (PHNT_VERSION >= PHNT_REDSTONE2) + +#define RTL_USER_PROCESS_EXTENDED_PARAMETERS_VERSION 1 + +// private +typedef struct _RTL_USER_PROCESS_EXTENDED_PARAMETERS +{ + USHORT Version; + USHORT NodeNumber; + PSECURITY_DESCRIPTOR ProcessSecurityDescriptor; + PSECURITY_DESCRIPTOR ThreadSecurityDescriptor; + HANDLE ParentProcess; + HANDLE DebugPort; + HANDLE TokenHandle; + HANDLE JobHandle; +} RTL_USER_PROCESS_EXTENDED_PARAMETERS, *PRTL_USER_PROCESS_EXTENDED_PARAMETERS; + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateUserProcessEx( + _In_ PUNICODE_STRING NtImagePathName, + _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters, + _In_ BOOLEAN InheritHandles, + _In_opt_ PRTL_USER_PROCESS_EXTENDED_PARAMETERS ProcessExtendedParameters, + _Out_ PRTL_USER_PROCESS_INFORMATION ProcessInformation + ); + +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +DECLSPEC_NORETURN +NTSYSAPI +VOID +NTAPI +RtlExitUserProcess( + _In_ NTSTATUS ExitStatus + ); +#else + +#define RtlExitUserProcess RtlExitUserProcess_R + +DECLSPEC_NORETURN +FORCEINLINE VOID RtlExitUserProcess_R( + _In_ NTSTATUS ExitStatus + ) +{ + ExitProcess(ExitStatus); +} + +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) + +// begin_rev +#define RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED 0x00000001 +#define RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES 0x00000002 +#define RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE 0x00000004 // don't update synchronization objects +// end_rev + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlCloneUserProcess( + _In_ ULONG ProcessFlags, + _In_opt_ PSECURITY_DESCRIPTOR ProcessSecurityDescriptor, + _In_opt_ PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, + _In_opt_ HANDLE DebugPort, + _Out_ PRTL_USER_PROCESS_INFORMATION ProcessInformation + ); + +// private +NTSYSAPI +VOID +NTAPI +RtlUpdateClonedCriticalSection( + _Inout_ PRTL_CRITICAL_SECTION CriticalSection + ); + +// private +NTSYSAPI +VOID +NTAPI +RtlUpdateClonedSRWLock( + _Inout_ PRTL_SRWLOCK SRWLock, + _In_ LOGICAL Shared // TRUE to set to shared acquire + ); + +// rev +#define RTL_PROCESS_REFLECTION_FLAGS_INHERIT_HANDLES 0x2 +#define RTL_PROCESS_REFLECTION_FLAGS_NO_SUSPEND 0x4 +#define RTL_PROCESS_REFLECTION_FLAGS_NO_SYNCHRONIZE 0x8 +#define RTL_PROCESS_REFLECTION_FLAGS_NO_CLOSE_EVENT 0x10 + +// private +typedef struct _RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION +{ + HANDLE ReflectionProcessHandle; + HANDLE ReflectionThreadHandle; + CLIENT_ID ReflectionClientId; +} RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION, *PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION; + +typedef RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION PROCESS_REFLECTION_INFORMATION, *PPROCESS_REFLECTION_INFORMATION; + +#if (PHNT_VERSION >= PHNT_WIN7) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateProcessReflection( + _In_ HANDLE ProcessHandle, + _In_ ULONG Flags, // RTL_PROCESS_REFLECTION_FLAGS_* + _In_opt_ PVOID StartRoutine, + _In_opt_ PVOID StartContext, + _In_opt_ HANDLE EventHandle, + _Out_opt_ PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION ReflectionInformation + ); +#endif + +#endif + +NTSYSAPI +NTSTATUS +STDAPIVCALLTYPE +RtlSetProcessIsCritical( + _In_ BOOLEAN NewValue, + _Out_opt_ PBOOLEAN OldValue, + _In_ BOOLEAN CheckFlag + ); + +NTSYSAPI +NTSTATUS +STDAPIVCALLTYPE +RtlSetThreadIsCritical( + _In_ BOOLEAN NewValue, + _Out_opt_ PBOOLEAN OldValue, + _In_ BOOLEAN CheckFlag + ); + +// rev +NTSYSAPI +PVOID +NTAPI +RtlSetThreadSubProcessTag( + _In_ PVOID SubProcessTag + ); + +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlValidProcessProtection( + _In_ PS_PROTECTION ProcessProtection + ); + +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlTestProtectedAccess( + _In_ PS_PROTECTION Source, + _In_ PS_PROTECTION Target + ); + +#if (PHNT_VERSION >= PHNT_REDSTONE3) +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlIsCurrentProcess( // NtCompareObjects(NtCurrentProcess(), ProcessHandle) + _In_ HANDLE ProcessHandle + ); + +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlIsCurrentThread( // NtCompareObjects(NtCurrentThread(), ThreadHandle) + _In_ HANDLE ThreadHandle + ); +#endif + +// Threads + +typedef NTSTATUS (NTAPI *PUSER_THREAD_START_ROUTINE)( + _In_ PVOID ThreadParameter + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateUserThread( + _In_ HANDLE ProcessHandle, + _In_opt_ PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, + _In_ BOOLEAN CreateSuspended, + _In_opt_ ULONG ZeroBits, + _In_opt_ SIZE_T MaximumStackSize, + _In_opt_ SIZE_T CommittedStackSize, + _In_ PUSER_THREAD_START_ROUTINE StartAddress, + _In_opt_ PVOID Parameter, + _Out_opt_ PHANDLE ThreadHandle, + _Out_opt_ PCLIENT_ID ClientId + ); + +#if (PHNT_VERSION >= PHNT_VISTA) // should be PHNT_WINXP, but is PHNT_VISTA for consistency with RtlExitUserProcess +DECLSPEC_NORETURN +NTSYSAPI +VOID +NTAPI +RtlExitUserThread( + _In_ NTSTATUS ExitStatus + ); +#else + +#define RtlExitUserThread RtlExitUserThread_R + +DECLSPEC_NORETURN +FORCEINLINE VOID RtlExitUserThread_R( + _In_ NTSTATUS ExitStatus + ) +{ + ExitThread(ExitStatus); +} + +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) + +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlIsCurrentThreadAttachExempt( + VOID + ); + +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateUserStack( + _In_opt_ SIZE_T CommittedStackSize, + _In_opt_ SIZE_T MaximumStackSize, + _In_opt_ ULONG_PTR ZeroBits, + _In_ SIZE_T PageSize, + _In_ ULONG_PTR ReserveAlignment, + _Out_ PINITIAL_TEB InitialTeb + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlFreeUserStack( + _In_ PVOID AllocationBase + ); + +#endif + +// Extended thread context + +typedef struct _CONTEXT_CHUNK +{ + LONG Offset; // Offset may be negative. + ULONG Length; +} CONTEXT_CHUNK, *PCONTEXT_CHUNK; + +typedef struct _CONTEXT_EX +{ + CONTEXT_CHUNK All; + CONTEXT_CHUNK Legacy; + CONTEXT_CHUNK XState; + CONTEXT_CHUNK KernelCet; +} CONTEXT_EX, *PCONTEXT_EX; + +#if defined(_AMD64_) || defined(_ARM64_) || defined(_ARM64EC_) +#define CONTEXT_ALIGN 0x10 +#else +#define CONTEXT_ALIGN 0x8 +#endif + +#if defined(_AMD64_) +#define CONTEXT_FRAME_LENGTH 0x4D0 +#define CONTEXT_EX_PADDING 0x10 +#elif defined(_ARM64_) || defined(_ARM64EC_) +#define CONTEXT_FRAME_LENGTH 0x390 +#define CONTEXT_EX_PADDING 0x10 +#elif defined(_M_ARM) +#define CONTEXT_FRAME_LENGTH 0x1a0 +#define CONTEXT_EX_PADDING 0x8 +#else +#define CONTEXT_FRAME_LENGTH 0x2CC +#define CONTEXT_EX_PADDING 0x4 +#endif + +#define CONTEXT_ALIGNMENT(Size, Align) \ + (((ULONG_PTR)(Size) + (Align) - 1) & ~((Align) - 1)) + +#define CONTEXT_EX_LENGTH \ + CONTEXT_ALIGNMENT(sizeof(CONTEXT_EX), CONTEXT_ALIGN) + +C_ASSERT(CONTEXT_FRAME_LENGTH == sizeof(CONTEXT)); +C_ASSERT(CONTEXT_EX_LENGTH == 0x20); + +#define RTL_CONTEXT_EX_OFFSET(ContextEx, Chunk) ((ContextEx)->Chunk.Offset) +#define RTL_CONTEXT_EX_LENGTH(ContextEx, Chunk) ((ContextEx)->Chunk.Length) +#define RTL_CONTEXT_EX_CHUNK(Base, Layout, Chunk) ((PVOID)((PCHAR)(Base) + RTL_CONTEXT_EX_OFFSET(Layout, Chunk))) +#define RTL_CONTEXT_OFFSET(Context, Chunk) RTL_CONTEXT_EX_OFFSET((PCONTEXT_EX)(Context + 1), Chunk) +#define RTL_CONTEXT_LENGTH(Context, Chunk) RTL_CONTEXT_EX_LENGTH((PCONTEXT_EX)(Context + 1), Chunk) +#define RTL_CONTEXT_CHUNK(Context, Chunk) RTL_CONTEXT_EX_CHUNK((PCONTEXT_EX)(Context + 1), (PCONTEXT_EX)(Context + 1), Chunk) + +#if defined(_M_AMD64) +// returns constant 0xf0e0d0c0a0908070 (dmex) +NTSYSAPI +ULONG64 +NTAPI +RtlInitializeContext( + _Reserved_ HANDLE Reserved, + _Out_ PCONTEXT Context, + _In_opt_ PVOID Parameter, + _In_opt_ PVOID InitialPc, + _In_opt_ PVOID InitialSp + ); +#else +// returns status of NtWriteVirtualMemory (dmex) +NTSYSAPI +NTSTATUS +NTAPI +RtlInitializeContext( + _In_ HANDLE ProcessHandle, + _Out_ PCONTEXT Context, + _In_opt_ PVOID Parameter, + _In_opt_ PVOID InitialPc, + _In_opt_ PVOID InitialSp + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlInitializeExtendedContext( + _Out_ PCONTEXT Context, + _In_ ULONG ContextFlags, + _Out_ PCONTEXT_EX* ContextEx + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlInitializeExtendedContext2( + _Out_ PCONTEXT Context, + _In_ ULONG ContextFlags, + _Out_ PCONTEXT_EX* ContextEx, + _In_ ULONG64 EnabledExtendedFeatures // RtlGetEnabledExtendedFeatures(-1) + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCopyContext( + _Inout_ PCONTEXT Context, + _In_ ULONG ContextFlags, + _Out_ PCONTEXT Source + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCopyExtendedContext( + _Out_ PCONTEXT_EX Destination, + _In_ ULONG ContextFlags, + _In_ PCONTEXT_EX Source + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetExtendedContextLength( + _In_ ULONG ContextFlags, + _Out_ PULONG ContextLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetExtendedContextLength2( + _In_ ULONG ContextFlags, + _Out_ PULONG ContextLength, + _In_ ULONG64 EnabledExtendedFeatures // RtlGetEnabledExtendedFeatures(-1) + ); + +NTSYSAPI +ULONG64 +NTAPI +RtlGetExtendedFeaturesMask( + _In_ PCONTEXT_EX ContextEx + ); + +NTSYSAPI +PVOID +NTAPI +RtlLocateExtendedFeature( + _In_ PCONTEXT_EX ContextEx, + _In_ ULONG FeatureId, + _Out_opt_ PULONG Length + ); + +NTSYSAPI +PCONTEXT +NTAPI +RtlLocateLegacyContext( + _In_ PCONTEXT_EX ContextEx, + _Out_opt_ PULONG Length + ); + +NTSYSAPI +VOID +NTAPI +RtlSetExtendedFeaturesMask( + _In_ PCONTEXT_EX ContextEx, + _In_ ULONG64 FeatureMask + ); + +#ifdef _WIN64 +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlWow64GetThreadContext( + _In_ HANDLE ThreadHandle, + _Inout_ PWOW64_CONTEXT ThreadContext + ); +#endif + +#ifdef _WIN64 +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlWow64SetThreadContext( + _In_ HANDLE ThreadHandle, + _In_ PWOW64_CONTEXT ThreadContext + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlRemoteCall( + _In_ HANDLE ProcessHandle, + _In_ HANDLE ThreadHandle, + _In_ PVOID CallSite, + _In_ ULONG ArgumentCount, + _In_opt_ PULONG_PTR Arguments, + _In_ BOOLEAN PassContext, + _In_ BOOLEAN AlreadySuspended + ); + +// Vectored Exception Handlers + +NTSYSAPI +PVOID +NTAPI +RtlAddVectoredExceptionHandler( + _In_ ULONG First, + _In_ PVECTORED_EXCEPTION_HANDLER Handler + ); + +NTSYSAPI +ULONG +NTAPI +RtlRemoveVectoredExceptionHandler( + _In_ PVOID Handle + ); + +NTSYSAPI +PVOID +NTAPI +RtlAddVectoredContinueHandler( + _In_ ULONG First, + _In_ PVECTORED_EXCEPTION_HANDLER Handler + ); + +NTSYSAPI +ULONG +NTAPI +RtlRemoveVectoredContinueHandler( + _In_ PVOID Handle + ); + +// Runtime exception handling + +typedef ULONG (NTAPI *PRTLP_UNHANDLED_EXCEPTION_FILTER)( + _In_ PEXCEPTION_POINTERS ExceptionInfo + ); + +NTSYSAPI +VOID +NTAPI +RtlSetUnhandledExceptionFilter( + _In_ PRTLP_UNHANDLED_EXCEPTION_FILTER UnhandledExceptionFilter + ); + +// rev +NTSYSAPI +LONG +NTAPI +RtlUnhandledExceptionFilter( + _In_ PEXCEPTION_POINTERS ExceptionPointers + ); + +// rev +NTSYSAPI +LONG +NTAPI +RtlUnhandledExceptionFilter2( + _In_ PEXCEPTION_POINTERS ExceptionPointers, + _In_ ULONG Flags + ); + +// rev +NTSYSAPI +LONG +NTAPI +RtlKnownExceptionFilter( + _In_ PEXCEPTION_POINTERS ExceptionPointers + ); + +#ifdef _WIN64 + +// private +typedef enum _FUNCTION_TABLE_TYPE +{ + RF_SORTED, + RF_UNSORTED, + RF_CALLBACK, + RF_KERNEL_DYNAMIC +} FUNCTION_TABLE_TYPE; + +// private +typedef struct _DYNAMIC_FUNCTION_TABLE +{ + LIST_ENTRY ListEntry; + PRUNTIME_FUNCTION FunctionTable; + LARGE_INTEGER TimeStamp; + ULONG64 MinimumAddress; + ULONG64 MaximumAddress; + ULONG64 BaseAddress; + PGET_RUNTIME_FUNCTION_CALLBACK Callback; + PVOID Context; + PWSTR OutOfProcessCallbackDll; + FUNCTION_TABLE_TYPE Type; + ULONG EntryCount; + RTL_BALANCED_NODE TreeNodeMin; + RTL_BALANCED_NODE TreeNodeMax; +} DYNAMIC_FUNCTION_TABLE, *PDYNAMIC_FUNCTION_TABLE; + +// rev +NTSYSAPI +PLIST_ENTRY +NTAPI +RtlGetFunctionTableListHead( + VOID + ); + +#endif + +// Activation Contexts + +#define INVALID_ACTIVATION_CONTEXT ((HANDLE)(LONG_PTR)-1) +#define ACTCTX_PROCESS_DEFAULT ((HANDLE)(LONG_PTR)0) +#define ACTCTX_EMPTY ((HANDLE)(LONG_PTR)-3) +#define ACTCTX_SYSTEM_DEFAULT ((HANDLE)(LONG_PTR)-4) +#define IS_SPECIAL_ACTCTX(x) (((((LONG_PTR)(x)) - 1) | 7) == -1) + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlGetActiveActivationContext( + _Out_ PACTIVATION_CONTEXT ActivationContext + ); + +// private +NTSYSAPI +VOID +NTAPI +RtlAddRefActivationContext( + _In_ PACTIVATION_CONTEXT ActivationContext + ); + +// private +NTSYSAPI +VOID +NTAPI +RtlReleaseActivationContext( + _In_ PACTIVATION_CONTEXT ActivationContext + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlZombifyActivationContext( + _In_ PACTIVATION_CONTEXT ActivationContext + ); + +// private +NTSYSAPI +BOOLEAN +NTAPI +RtlIsActivationContextActive( + _In_ PACTIVATION_CONTEXT ActivationContext + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlActivateActivationContext( + _Reserved_ ULONG Flags, + _In_ PACTIVATION_CONTEXT ActivationContext, + _Out_ PULONG_PTR Cookie + ); + +#define RTL_ACTIVATE_ACTIVATION_CONTEXT_EX_FLAG_RELEASE_ON_STACK_DEALLOCATION 0x00000001 + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlActivateActivationContextEx( + _In_ ULONG Flags, + _In_ PTEB Teb, + _In_ PACTIVATION_CONTEXT ActivationContext, + _Out_ PULONG_PTR Cookie + ); + +#define RTL_DEACTIVATE_ACTIVATION_CONTEXT_FLAG_FORCE_EARLY_DEACTIVATION 0x00000001 + +// private +NTSYSAPI +VOID +NTAPI +RtlDeactivateActivationContext( + _In_ ULONG Flags, + _In_ ULONG_PTR Cookie + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateActivationContext( + _Reserved_ ULONG Flags, + _In_ PACTIVATION_CONTEXT_DATA ActivationContextData, + _In_opt_ ULONG ExtraBytes, + _In_opt_ PACTIVATION_CONTEXT_NOTIFY_ROUTINE NotificationRoutine, + _In_opt_ PVOID NotificationContext, + _Out_ PACTIVATION_CONTEXT *ActivationContext + ); + +#define FIND_ACTIVATION_CONTEXT_SECTION_KEY_RETURN_ACTIVATION_CONTEXT 0x00000001 +#define FIND_ACTIVATION_CONTEXT_SECTION_KEY_RETURN_FLAGS 0x00000002 +#define FIND_ACTIVATION_CONTEXT_SECTION_KEY_RETURN_ASSEMBLY_METADATA 0x00000004 + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlFindActivationContextSectionString( + _In_ ULONG Flags, + _In_opt_ PGUID ExtensionGuid, + _In_ ULONG SectionId, // ACTIVATION_CONTEXT_SECTION_* + _In_ PUNICODE_STRING StringToFind, + _Inout_ PACTCTX_SECTION_KEYED_DATA ReturnedData + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlFindActivationContextSectionGuid( + _In_ ULONG Flags, + _In_opt_ PGUID ExtensionGuid, + _In_ ULONG SectionId, // ACTIVATION_CONTEXT_SECTION_* + _In_ PGUID GuidToFind, + _Inout_ PACTCTX_SECTION_KEYED_DATA ReturnedData + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryActivationContextApplicationSettings( + _Reserved_ ULONG Flags, + _In_ PACTIVATION_CONTEXT ActivationContext, + _In_ PWSTR SettingsNameSpace, + _In_ PWSTR SettingName, + _Out_writes_bytes_(BufferLength) PWSTR Buffer, + _In_ SIZE_T BufferLength, + _Out_opt_ PSIZE_T RequiredLength + ); + +// ACTIVATION_CONTEXT_INFO_CLASS +// ActivationContextBasicInformation // q: ACTIVATION_CONTEXT_BASIC_INFORMATION +// ActivationContextDetailedInformation // q: ACTIVATION_CONTEXT_DETAILED_INFORMATION +// AssemblyDetailedInformationInActivationContext // q: ACTIVATION_CONTEXT_ASSEMBLY_DETAILED_INFORMATION +// FileInformationInAssemblyOfAssemblyInActivationContext // q: ASSEMBLY_FILE_DETAILED_INFORMATION +// RunlevelInformationInActivationContext // q: ACTIVATION_CONTEXT_RUN_LEVEL_INFORMATION +// CompatibilityInformationInActivationContext // q: ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION[_LEGACY] +// ActivationContextManifestResourceName // q: ULONG + +#define RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_USE_ACTIVE_ACTIVATION_CONTEXT 0x00000001 +#define RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_ACTIVATION_CONTEXT_IS_MODULE 0x00000002 +#define RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_ACTIVATION_CONTEXT_IS_ADDRESS 0x00000004 +#define RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_NO_ADDREF 0x80000000 + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryInformationActivationContext( + _In_ ULONG Flags, + _In_opt_ PACTIVATION_CONTEXT ActivationContext, + _In_opt_ PACTIVATION_CONTEXT_QUERY_INDEX SubInstanceIndex, + _In_ ACTIVATION_CONTEXT_INFO_CLASS ActivationContextInformationClass, + _Out_writes_bytes_(ActivationContextInformationLength) PVOID ActivationContextInformation, + _In_ SIZE_T ActivationContextInformationLength, + _Out_opt_ PSIZE_T ReturnLength + ); + +#ifdef PHNT_INLINE_ACTIVE_ACTIVATION_CONTEXT +// private +FORCEINLINE +NTSTATUS +NTAPI +RtlQueryInformationActiveActivationContext( + _In_ ACTIVATION_CONTEXT_INFO_CLASS ActivationContextInformationClass, + _Out_writes_bytes_(ActivationContextInformationLength) PVOID ActivationContextInformation, + _In_ SIZE_T ActivationContextInformationLength, + _Out_opt_ PSIZE_T ReturnLength + ) +{ + return RtlQueryInformationActivationContext( + RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_USE_ACTIVE_ACTIVATION_CONTEXT, + NULL, + 0, + ActivationContextInformationClass, + ActivationContextInformation, + ActivationContextInformationLength, + ReturnLength + ); +} +#else +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryInformationActiveActivationContext( + _In_ ACTIVATION_CONTEXT_INFO_CLASS ActivationContextInformationClass, + _Out_writes_bytes_(ActivationContextInformationLength) PVOID ActivationContextInformation, + _In_ SIZE_T ActivationContextInformationLength, + _Out_opt_ PSIZE_T ReturnLength + ); +#endif + +// Images + +NTSYSAPI +PIMAGE_NT_HEADERS +NTAPI +RtlImageNtHeader( + _In_ PVOID BaseOfImage + ); + +#define RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK 0x00000001 + +NTSYSAPI +NTSTATUS +NTAPI +RtlImageNtHeaderEx( + _In_ ULONG Flags, + _In_ PVOID BaseOfImage, + _In_ ULONG64 Size, + _Out_ PIMAGE_NT_HEADERS *OutHeaders + ); + +NTSYSAPI +PVOID +NTAPI +RtlAddressInSectionTable( + _In_ PIMAGE_NT_HEADERS NtHeaders, + _In_ PVOID BaseOfImage, + _In_ ULONG VirtualAddress + ); + +NTSYSAPI +PIMAGE_SECTION_HEADER +NTAPI +RtlSectionTableFromVirtualAddress( + _In_ PIMAGE_NT_HEADERS NtHeaders, + _In_ PVOID BaseOfImage, + _In_ ULONG VirtualAddress + ); + +NTSYSAPI +PVOID +NTAPI +RtlImageDirectoryEntryToData( + _In_ PVOID BaseOfImage, + _In_ BOOLEAN MappedAsImage, + _In_ USHORT DirectoryEntry, + _Out_ PULONG Size + ); + +NTSYSAPI +PIMAGE_SECTION_HEADER +NTAPI +RtlImageRvaToSection( + _In_ PIMAGE_NT_HEADERS NtHeaders, + _In_ PVOID BaseOfImage, + _In_ ULONG Rva + ); + +NTSYSAPI +PVOID +NTAPI +RtlImageRvaToVa( + _In_ PIMAGE_NT_HEADERS NtHeaders, + _In_ PVOID BaseOfImage, + _In_ ULONG Rva, + _Out_opt_ PIMAGE_SECTION_HEADER *LastRvaSection + ); + +#if (PHNT_VERSION >= PHNT_REDSTONE) + +// rev +NTSYSAPI +PVOID +NTAPI +RtlFindExportedRoutineByName( + _In_ PVOID BaseOfImage, + _In_ PCSTR RoutineName + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlGuardCheckLongJumpTarget( + _In_ PVOID PcValue, + _In_ BOOL IsFastFail, + _Out_ PBOOL IsLongJumpTarget + ); + +#endif + +#if (PHNT_VERSION >= PHNT_WIN11_22H2) +NTSYSAPI +VOID +NTAPI +RtlValidateUserCallTarget( + _In_ PVOID Address, + _Out_ PULONG Flags + ); +#endif + +// Memory + +_Must_inspect_result_ +NTSYSAPI +SIZE_T +NTAPI +RtlCompareMemoryUlong( + _In_reads_bytes_(Length) PVOID Source, + _In_ SIZE_T Length, + _In_ ULONG Pattern + ); + +#if defined(_M_AMD64) +FORCEINLINE +VOID +RtlFillMemoryUlong( + _Out_writes_bytes_all_(Length) PVOID Destination, + _In_ SIZE_T Length, + _In_ ULONG Pattern + ) +{ + PULONG Address = (PULONG)Destination; + + // + // If the number of DWORDs is not zero, then fill the specified buffer + // with the specified pattern. + // + + if ((Length /= 4) != 0) { + + // + // If the destination is not quadword aligned (ignoring low bits), + // then align the destination by storing one DWORD. + // + + if (((ULONG64)Address & 4) != 0) { + *Address = Pattern; + if ((Length -= 1) == 0) { + return; + } + + Address += 1; + } + + // + // If the number of QWORDs is not zero, then fill the destination + // buffer a QWORD at a time. + // + + __stosq((PULONG64)(Address), + Pattern | ((ULONG64)Pattern << 32), + Length / 2); + + if ((Length & 1) != 0) { + Address[Length - 1] = Pattern; + } + } + + return; +} +#else +NTSYSAPI +VOID +NTAPI +RtlFillMemoryUlong( + _Out_writes_bytes_all_(Length) PVOID Destination, + _In_ SIZE_T Length, + _In_ ULONG Pattern + ); +#endif + +#if defined(_M_AMD64) + +#define RtlFillMemoryUlonglong(Destination, Length, Pattern) \ + __stosq((PULONG64)(Destination), Pattern, (Length) / 8) + +#else +NTSYSAPI +VOID +NTAPI +RtlFillMemoryUlonglong( + _Out_writes_bytes_all_(Length) PVOID Destination, + _In_ SIZE_T Length, + _In_ ULONGLONG Pattern + ); +#endif + +#if (PHNT_VERSION >= PHNT_19H2) +NTSYSAPI +BOOLEAN +NTAPI +RtlIsZeroMemory( + _In_ PVOID Buffer, + _In_ SIZE_T Length + ); +#endif + +// Environment + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateEnvironment( + _In_ BOOLEAN CloneCurrentEnvironment, + _Out_ PVOID *Environment + ); + +// begin_rev +#define RTL_CREATE_ENVIRONMENT_TRANSLATE 0x1 // translate from multi-byte to Unicode +#define RTL_CREATE_ENVIRONMENT_TRANSLATE_FROM_OEM 0x2 // translate from OEM to Unicode (Translate flag must also be set) +#define RTL_CREATE_ENVIRONMENT_EMPTY 0x4 // create empty environment block +// end_rev + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateEnvironmentEx( + _In_opt_ PVOID SourceEnvironment, + _Out_ PVOID *Environment, + _In_ ULONG Flags + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlDestroyEnvironment( + _In_ _Post_invalid_ PVOID Environment + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetCurrentEnvironment( + _In_ PVOID Environment, + _Out_opt_ PVOID *PreviousEnvironment + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlSetEnvironmentVar( + _Inout_opt_ PVOID *Environment, + _In_reads_(NameLength) PCWSTR Name, + _In_ SIZE_T NameLength, + _In_reads_(ValueLength) PCWSTR Value, + _In_opt_ SIZE_T ValueLength + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetEnvironmentVariable( + _Inout_opt_ PVOID *Environment, + _In_ PUNICODE_STRING Name, + _In_opt_ PUNICODE_STRING Value + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryEnvironmentVariable( + _In_opt_ PVOID Environment, + _In_reads_(NameLength) PCWSTR Name, + _In_ SIZE_T NameLength, + _Out_writes_opt_(ValueLength) PWSTR Value, + _In_opt_ SIZE_T ValueLength, + _Out_ PSIZE_T ReturnLength + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryEnvironmentVariable_U( + _In_opt_ PVOID Environment, + _In_ PUNICODE_STRING Name, + _Inout_ PUNICODE_STRING Value + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlExpandEnvironmentStrings( + _In_opt_ PVOID Environment, + _In_reads_(SourceLength) PCWSTR Source, + _In_ SIZE_T SourceLength, + _Out_writes_(DestinationLength) PWSTR Destination, + _In_ SIZE_T DestinationLength, + _Out_opt_ PSIZE_T ReturnLength + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlExpandEnvironmentStrings_U( + _In_opt_ PVOID Environment, + _In_ PUNICODE_STRING Source, + _Inout_ PUNICODE_STRING Destination, + _Out_opt_ PULONG ReturnedLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetEnvironmentStrings( + _In_ PCWCHAR NewEnvironment, + _In_ SIZE_T NewEnvironmentSize + ); + +// Directory and path support + +typedef struct _RTLP_CURDIR_REF +{ + LONG ReferenceCount; + HANDLE DirectoryHandle; +} RTLP_CURDIR_REF, *PRTLP_CURDIR_REF; + +typedef struct _RTL_RELATIVE_NAME_U +{ + UNICODE_STRING RelativeName; + HANDLE ContainingDirectory; + PRTLP_CURDIR_REF CurDirRef; +} RTL_RELATIVE_NAME_U, *PRTL_RELATIVE_NAME_U; + +typedef enum _RTL_PATH_TYPE +{ + RtlPathTypeUnknown, + RtlPathTypeUncAbsolute, + RtlPathTypeDriveAbsolute, + RtlPathTypeDriveRelative, + RtlPathTypeRooted, + RtlPathTypeRelative, + RtlPathTypeLocalDevice, + RtlPathTypeRootLocalDevice +} RTL_PATH_TYPE; + +// Data exports (ntdll.lib/ntdllp.lib) + +NTSYSAPI PWSTR RtlNtdllName; +NTSYSAPI UNICODE_STRING RtlDosPathSeperatorsString; +NTSYSAPI UNICODE_STRING RtlAlternateDosPathSeperatorString; +NTSYSAPI UNICODE_STRING RtlNtPathSeperatorString; + +#ifndef PHNT_INLINE_SEPERATOR_STRINGS +#define RtlNtdllName L"ntdll.dll" +#define RtlDosPathSeperatorsString ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\/")) +#define RtlAlternateDosPathSeperatorString ((UNICODE_STRING)RTL_CONSTANT_STRING(L"/")) +#define RtlNtPathSeperatorString ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\")) + +#define RtlDosDevicesPrefix ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\??\\")) +#define RtlDosDevicesUncPrefix ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\??\\UNC\\")) +#define RtlSlashSlashDot ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\\\.\\")) +#define RtlNullString ((UNICODE_STRING)RTL_CONSTANT_STRING(L"")) +#define RtlWin32NtRootSlash ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\\\?\\")) +#define RtlWin32NtRoot ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\\\?")) +#define RtlWin32NtUncRoot ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\\\?\\UNC")) +#define RtlWin32NtUncRootSlash ((UNICODE_STRING)RTL_CONSTANT_STRING(L"\\\\?\\UNC\\")) +#define RtlDefaultExtension ((UNICODE_STRING)RTL_CONSTANT_STRING(L".DLL")) +#endif + +// Path functions + +NTSYSAPI +RTL_PATH_TYPE +NTAPI +RtlDetermineDosPathNameType_U( + _In_ PCWSTR DosFileName + ); + +NTSYSAPI +ULONG +NTAPI +RtlIsDosDeviceName_U( + _In_ PCWSTR DosFileName + ); + +NTSYSAPI +ULONG +NTAPI +RtlGetFullPathName_U( + _In_ PCWSTR FileName, + _In_ ULONG BufferLength, + _Out_writes_bytes_(BufferLength) PWSTR Buffer, + _Out_opt_ PWSTR *FilePart + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlGetFullPathName_UEx( + _In_ PCWSTR FileName, + _In_ ULONG BufferLength, + _Out_writes_bytes_(BufferLength) PWSTR Buffer, + _Out_opt_ PWSTR *FilePart, + _Out_opt_ ULONG *BytesRequired + ); +#endif + +#if (PHNT_VERSION >= PHNT_WS03) +NTSYSAPI +NTSTATUS +NTAPI +RtlGetFullPathName_UstrEx( + _In_ PUNICODE_STRING FileName, + _Inout_ PUNICODE_STRING StaticString, + _Out_opt_ PUNICODE_STRING DynamicString, + _Out_opt_ PUNICODE_STRING *StringUsed, + _Out_opt_ SIZE_T *FilePartPrefixCch, + _Out_opt_ PBOOLEAN NameInvalid, + _Out_ RTL_PATH_TYPE *InputPathType, + _Out_opt_ SIZE_T *BytesRequired + ); +#endif + +NTSYSAPI +ULONG +NTAPI +RtlGetCurrentDirectory_U( + _In_ ULONG BufferLength, + _Out_writes_bytes_(BufferLength) PWSTR Buffer + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetCurrentDirectory_U( + _In_ PUNICODE_STRING PathName + ); + +NTSYSAPI +ULONG +NTAPI +RtlGetLongestNtPathLength( + VOID + ); + +// rev +typedef struct _RTL_BUFFER +{ + PUCHAR Buffer; + PUCHAR StaticBuffer; + SIZE_T Size; + SIZE_T StaticSize; +} RTL_BUFFER, *PRTL_BUFFER; + +// rev +typedef struct _RTL_UNICODE_STRING_BUFFER +{ + UNICODE_STRING String; + RTL_BUFFER ByteBuffer; + UCHAR MinimumStaticBufferForTerminalNul[2]; +} RTL_UNICODE_STRING_BUFFER, *PRTL_UNICODE_STRING_BUFFER; + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlNtPathNameToDosPathName( + _Reserved_ ULONG Flags, + _Inout_ PRTL_UNICODE_STRING_BUFFER Path, + _Out_opt_ PULONG Disposition, // RtlDetermineDosPathNameType_U + _Out_opt_ PWSTR* FilePart + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlDosPathNameToNtPathName_U( + _In_ PCWSTR DosFileName, + _Out_ PUNICODE_STRING NtFileName, + _Out_opt_ PWSTR *FilePart, + _Out_opt_ PRTL_RELATIVE_NAME_U RelativeName + ); + +#if (PHNT_VERSION >= PHNT_WS03) +NTSYSAPI +NTSTATUS +NTAPI +RtlDosPathNameToNtPathName_U_WithStatus( + _In_ PCWSTR DosFileName, + _Out_ PUNICODE_STRING NtFileName, + _Out_opt_ PWSTR *FilePart, + _Out_opt_ PRTL_RELATIVE_NAME_U RelativeName + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE3) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlDosLongPathNameToNtPathName_U_WithStatus( + _In_ PCWSTR DosFileName, + _Out_ PUNICODE_STRING NtFileName, + _Out_opt_ PWSTR *FilePart, + _Out_opt_ PRTL_RELATIVE_NAME_U RelativeName + ); +#endif + +#if (PHNT_VERSION >= PHNT_WS03) +NTSYSAPI +BOOLEAN +NTAPI +RtlDosPathNameToRelativeNtPathName_U( + _In_ PCWSTR DosFileName, + _Out_ PUNICODE_STRING NtFileName, + _Out_opt_ PWSTR *FilePart, + _Out_opt_ PRTL_RELATIVE_NAME_U RelativeName + ); +#endif + +#if (PHNT_VERSION >= PHNT_WS03) +NTSYSAPI +NTSTATUS +NTAPI +RtlDosPathNameToRelativeNtPathName_U_WithStatus( + _In_ PCWSTR DosFileName, + _Out_ PUNICODE_STRING NtFileName, + _Out_opt_ PWSTR *FilePart, + _Out_opt_ PRTL_RELATIVE_NAME_U RelativeName + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE3) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlDosLongPathNameToRelativeNtPathName_U_WithStatus( + _In_ PCWSTR DosFileName, + _Out_ PUNICODE_STRING NtFileName, + _Out_opt_ PWSTR *FilePart, + _Out_opt_ PRTL_RELATIVE_NAME_U RelativeName + ); +#endif + +#if (PHNT_VERSION >= PHNT_WS03) +NTSYSAPI +VOID +NTAPI +RtlReleaseRelativeName( + _Inout_ PRTL_RELATIVE_NAME_U RelativeName + ); +#endif + +NTSYSAPI +ULONG +NTAPI +RtlDosSearchPath_U( + _In_ PCWSTR Path, + _In_ PCWSTR FileName, + _In_opt_ PCWSTR Extension, + _In_ ULONG BufferLength, + _Out_writes_bytes_(BufferLength) PWSTR Buffer, + _Out_opt_ PWSTR *FilePart + ); + +#define RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION 0x00000001 +#define RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH 0x00000002 +#define RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION 0x00000004 + +NTSYSAPI +NTSTATUS +NTAPI +RtlDosSearchPath_Ustr( + _In_ ULONG Flags, + _In_ PUNICODE_STRING Path, + _In_ PUNICODE_STRING FileName, + _In_opt_ PUNICODE_STRING DefaultExtension, + _Out_opt_ PUNICODE_STRING StaticString, + _Out_opt_ PUNICODE_STRING DynamicString, + _Out_opt_ PCUNICODE_STRING *FullFileNameOut, + _Out_opt_ SIZE_T *FilePartPrefixCch, + _Out_opt_ SIZE_T *BytesRequired + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlDoesFileExists_U( + _In_ PCWSTR FileName + ); + +// ros +NTSYSAPI +NTSTATUS +NTAPI +RtlDosApplyFileIsolationRedirection_Ustr( + _In_ ULONG Flags, + _In_ PUNICODE_STRING OriginalName, + _In_ PUNICODE_STRING Extension, + _In_opt_ PUNICODE_STRING StaticString, + _In_opt_ PUNICODE_STRING DynamicString, + _In_opt_ PUNICODE_STRING* NewName, + _In_ PULONG NewFlags, + _In_ PSIZE_T FileNameSize, + _In_ PSIZE_T RequiredLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetLengthWithoutLastFullDosOrNtPathElement( + _Reserved_ ULONG Flags, + _In_ PUNICODE_STRING PathString, + _Out_ PULONG Length + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetLengthWithoutTrailingPathSeperators( + _Reserved_ ULONG Flags, + _In_ PUNICODE_STRING PathString, + _Out_ PULONG Length + ); + +typedef struct _GENERATE_NAME_CONTEXT +{ + USHORT Checksum; + BOOLEAN CheckSumInserted; + UCHAR NameLength; + WCHAR NameBuffer[8]; + ULONG ExtensionLength; + WCHAR ExtensionBuffer[4]; + ULONG LastIndexValue; +} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT; + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlGenerate8dot3Name( + _In_ PUNICODE_STRING Name, + _In_ BOOLEAN AllowExtendedCharacters, + _Inout_ PGENERATE_NAME_CONTEXT Context, + _Inout_ PUNICODE_STRING Name8dot3 + ); + +#if (PHNT_VERSION >= PHNT_WIN8) + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlComputePrivatizedDllName_U( + _In_ PUNICODE_STRING DllName, + _Out_ PUNICODE_STRING RealName, + _Out_ PUNICODE_STRING LocalName + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlGetSearchPath( + _Out_ PWSTR *SearchPath + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlSetSearchPathMode( + _In_ ULONG Flags + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlGetExePath( + _In_ PCWSTR DosPathName, + _Out_ PWSTR* SearchPath + ); + +// rev +NTSYSAPI +VOID +NTAPI +RtlReleasePath( + _In_ PWSTR Path + ); + +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE) +// rev +NTSYSAPI +ULONG +NTAPI +RtlReplaceSystemDirectoryInPath( + _Inout_ PUNICODE_STRING Destination, + _In_ USHORT Machine, // IMAGE_FILE_MACHINE_I386 + _In_ USHORT TargetMachine, // IMAGE_FILE_MACHINE_TARGET_HOST + _In_ BOOLEAN IncludePathSeperator + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN10_21H2) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlWow64GetProcessMachines( + _In_ HANDLE ProcessHandle, + _Out_ PUSHORT ProcessMachine, + _Out_ PUSHORT NativeMachine + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN11) +// rev +#define IMAGE_FILE_NATIVE_MACHINE_I386 0x1 +#define IMAGE_FILE_NATIVE_MACHINE_AMD64 0x2 +#define IMAGE_FILE_NATIVE_MACHINE_ARMNT 0x4 +#define IMAGE_FILE_NATIVE_MACHINE_ARM64 0x8 + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlGetImageFileMachines( + _In_ PCWSTR FileName, + _Out_ PUSHORT FileMachines + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE2) + +#ifdef PHNT_INLINE_SYSTEMROOT +// rev +FORCEINLINE +PWSTR +NTAPI +RtlGetNtSystemRoot( + VOID + ) +{ + if (NtCurrentPeb()->SharedData && NtCurrentPeb()->SharedData->ServiceSessionId) // RtlGetCurrentServiceSessionId + return NtCurrentPeb()->SharedData->NtSystemRoot; + else + return USER_SHARED_DATA->NtSystemRoot; +} +#else +// private +NTSYSAPI +PWSTR +NTAPI +RtlGetNtSystemRoot( + VOID + ); +#endif + +#ifdef PHNT_INLINE_LONGPATH +// rev +FORCEINLINE +BOOLEAN +NTAPI +RtlAreLongPathsEnabled( + VOID + ) +{ + return NtCurrentPeb()->IsLongPathAwareProcess; +} +#else +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlAreLongPathsEnabled( + VOID + ); +#endif + +#endif + +NTSYSAPI +BOOLEAN +NTAPI +RtlIsThreadWithinLoaderCallout( + VOID + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlDllShutdownInProgress( + VOID + ); + +// Heaps + +typedef struct _RTL_HEAP_ENTRY +{ + SIZE_T Size; + USHORT Flags; + USHORT AllocatorBackTraceIndex; + union + { + struct + { + SIZE_T Settable; + ULONG Tag; + } s1; + struct + { + SIZE_T CommittedSize; + PVOID FirstBlock; + } s2; + } u; +} RTL_HEAP_ENTRY, *PRTL_HEAP_ENTRY; + +#define RTL_HEAP_BUSY (USHORT)0x0001 +#define RTL_HEAP_SEGMENT (USHORT)0x0002 +#define RTL_HEAP_SETTABLE_VALUE (USHORT)0x0010 +#define RTL_HEAP_SETTABLE_FLAG1 (USHORT)0x0020 +#define RTL_HEAP_SETTABLE_FLAG2 (USHORT)0x0040 +#define RTL_HEAP_SETTABLE_FLAG3 (USHORT)0x0080 +#define RTL_HEAP_SETTABLE_FLAGS (USHORT)0x00e0 +#define RTL_HEAP_UNCOMMITTED_RANGE (USHORT)0x1000 +#define RTL_HEAP_PROTECTED_ENTRY (USHORT)0x2000 +#define RTL_HEAP_LARGE_ALLOC (USHORT)0x4000 +#define RTL_HEAP_LFH_ALLOC (USHORT)0x8000 + +typedef struct _RTL_HEAP_TAG +{ + ULONG NumberOfAllocations; + ULONG NumberOfFrees; + SIZE_T BytesAllocated; + USHORT TagIndex; + USHORT CreatorBackTraceIndex; + WCHAR TagName[24]; +} RTL_HEAP_TAG, *PRTL_HEAP_TAG; + +// Windows 7/8/10 +typedef struct _RTL_HEAP_INFORMATION_V1 +{ + PVOID BaseAddress; + ULONG Flags; + USHORT EntryOverhead; + USHORT CreatorBackTraceIndex; + SIZE_T BytesAllocated; + SIZE_T BytesCommitted; + ULONG NumberOfTags; + ULONG NumberOfEntries; + ULONG NumberOfPseudoTags; + ULONG PseudoTagGranularity; + ULONG Reserved[5]; + PRTL_HEAP_TAG Tags; + PRTL_HEAP_ENTRY Entries; +} RTL_HEAP_INFORMATION_V1, *PRTL_HEAP_INFORMATION_V1; + +// Windows 11 > 22000 +typedef struct _RTL_HEAP_INFORMATION_V2 +{ + PVOID BaseAddress; + ULONG Flags; + USHORT EntryOverhead; + USHORT CreatorBackTraceIndex; + SIZE_T BytesAllocated; + SIZE_T BytesCommitted; + ULONG NumberOfTags; + ULONG NumberOfEntries; + ULONG NumberOfPseudoTags; + ULONG PseudoTagGranularity; + ULONG Reserved[5]; + PRTL_HEAP_TAG Tags; + PRTL_HEAP_ENTRY Entries; + ULONG64 HeapTag; +} RTL_HEAP_INFORMATION_V2, *PRTL_HEAP_INFORMATION_V2; + +#define RTL_HEAP_SIGNATURE 0xFFEEFFEEUL +#define RTL_HEAP_SEGMENT_SIGNATURE 0xDDEEDDEEUL + +typedef struct _RTL_PROCESS_HEAPS_V1 +{ + ULONG NumberOfHeaps; + _Field_size_(NumberOfHeaps) RTL_HEAP_INFORMATION_V1 Heaps[1]; +} RTL_PROCESS_HEAPS_V1, *PRTL_PROCESS_HEAPS_V1; + +typedef struct _RTL_PROCESS_HEAPS_V2 +{ + ULONG NumberOfHeaps; + _Field_size_(NumberOfHeaps) RTL_HEAP_INFORMATION_V2 Heaps[1]; +} RTL_PROCESS_HEAPS_V2, *PRTL_PROCESS_HEAPS_V2; + +// Segment heap parameters. + +typedef enum _RTL_MEMORY_TYPE +{ + MemoryTypePaged, + MemoryTypeNonPaged, + MemoryType64KPage, + MemoryTypeLargePage, + MemoryTypeHugePage, + MemoryTypeCustom, + MemoryTypeMax +} RTL_MEMORY_TYPE, *PRTL_MEMORY_TYPE; + +typedef enum _HEAP_MEMORY_INFO_CLASS +{ + HeapMemoryBasicInformation +} HEAP_MEMORY_INFO_CLASS; + +typedef NTSTATUS ALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK( + _Inout_ HANDLE CallbackContext, + _In_ HANDLE ProcessHandle, + _Inout_ _At_ (*BaseAddress, _Readable_bytes_ (*RegionSize) _Writable_bytes_ (*RegionSize) _Post_readable_byte_size_ (*RegionSize)) PVOID* BaseAddress, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG AllocationType, + _In_ ULONG PageProtection, + _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters, + _In_ ULONG ExtendedParameterCount + ); + +typedef ALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK *PALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK; + +typedef NTSTATUS FREE_VIRTUAL_MEMORY_EX_CALLBACK( + _Inout_ HANDLE CallbackContext, + _In_ HANDLE ProcessHandle, + _Inout_ __drv_freesMem(Mem) PVOID *BaseAddress, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG FreeType + ); + +typedef FREE_VIRTUAL_MEMORY_EX_CALLBACK *PFREE_VIRTUAL_MEMORY_EX_CALLBACK; + +typedef NTSTATUS QUERY_VIRTUAL_MEMORY_CALLBACK( + _Inout_ HANDLE CallbackContext, + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _In_ HEAP_MEMORY_INFO_CLASS MemoryInformationClass, + _Out_writes_bytes_(MemoryInformationLength) PVOID MemoryInformation, + _In_ SIZE_T MemoryInformationLength, + _Out_opt_ PSIZE_T ReturnLength + ); + +typedef QUERY_VIRTUAL_MEMORY_CALLBACK *PQUERY_VIRTUAL_MEMORY_CALLBACK; + +typedef struct _RTL_SEGMENT_HEAP_VA_CALLBACKS +{ + HANDLE CallbackContext; + PALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK AllocateVirtualMemory; + PFREE_VIRTUAL_MEMORY_EX_CALLBACK FreeVirtualMemory; + PQUERY_VIRTUAL_MEMORY_CALLBACK QueryVirtualMemory; +} RTL_SEGMENT_HEAP_VA_CALLBACKS, *PRTL_SEGMENT_HEAP_VA_CALLBACKS; + +#define RTL_SEGHEAP_MEM_SOURCE_ANY_NODE ((ULONG)-1) + +typedef struct _RTL_SEGMENT_HEAP_MEMORY_SOURCE +{ + ULONG Flags; + ULONG MemoryTypeMask; // Mask of RTL_MEMORY_TYPE members. + ULONG NumaNode; + union + { + HANDLE PartitionHandle; + RTL_SEGMENT_HEAP_VA_CALLBACKS *Callbacks; + }; + SIZE_T Reserved[2]; +} RTL_SEGMENT_HEAP_MEMORY_SOURCE, *PRTL_SEGMENT_HEAP_MEMORY_SOURCE; + +#define SEGMENT_HEAP_PARAMETERS_VERSION 3 +#define SEGMENT_HEAP_FLG_USE_PAGE_HEAP 0x1 +#define SEGMENT_HEAP_PARAMS_VALID_FLAGS SEGMENT_HEAP_FLG_USE_PAGE_HEAP + +typedef struct _RTL_SEGMENT_HEAP_PARAMETERS +{ + USHORT Version; + USHORT Size; + ULONG Flags; + RTL_SEGMENT_HEAP_MEMORY_SOURCE MemorySource; + SIZE_T Reserved[4]; +} RTL_SEGMENT_HEAP_PARAMETERS, *PRTL_SEGMENT_HEAP_PARAMETERS; + +// Heap parameters. + +typedef +_Function_class_(RTL_HEAP_COMMIT_ROUTINE) +NTSTATUS +NTAPI +RTL_HEAP_COMMIT_ROUTINE( + _In_ PVOID Base, + _Inout_ PVOID* CommitAddress, + _Inout_ PSIZE_T CommitSize + ); + +typedef RTL_HEAP_COMMIT_ROUTINE* PRTL_HEAP_COMMIT_ROUTINE; + +typedef struct _RTL_HEAP_PARAMETERS +{ + ULONG Length; + SIZE_T SegmentReserve; + SIZE_T SegmentCommit; + SIZE_T DeCommitFreeBlockThreshold; + SIZE_T DeCommitTotalFreeThreshold; + SIZE_T MaximumAllocationSize; + SIZE_T VirtualMemoryThreshold; + SIZE_T InitialCommit; + SIZE_T InitialReserve; + PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; + SIZE_T Reserved[2]; +} RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; + +#define HEAP_SETTABLE_USER_VALUE 0x00000100 +#define HEAP_SETTABLE_USER_FLAG1 0x00000200 +#define HEAP_SETTABLE_USER_FLAG2 0x00000400 +#define HEAP_SETTABLE_USER_FLAG3 0x00000800 +#define HEAP_SETTABLE_USER_FLAGS 0x00000e00 + +#define HEAP_CLASS_0 0x00000000 // Process heap +#define HEAP_CLASS_1 0x00001000 // Private heap +#define HEAP_CLASS_2 0x00002000 // Kernel heap +#define HEAP_CLASS_3 0x00003000 // GDI heap +#define HEAP_CLASS_4 0x00004000 // User heap +#define HEAP_CLASS_5 0x00005000 // Console heap +#define HEAP_CLASS_6 0x00006000 // User desktop heap +#define HEAP_CLASS_7 0x00007000 // CSR shared heap +#define HEAP_CLASS_8 0x00008000 // CSR port heap +#define HEAP_CLASS_MASK 0x0000f000 + +_Must_inspect_result_ +NTSYSAPI +PVOID +NTAPI +RtlCreateHeap( + _In_ ULONG Flags, + _In_opt_ PVOID HeapBase, + _In_opt_ SIZE_T ReserveSize, + _In_opt_ SIZE_T CommitSize, + _In_opt_ PVOID Lock, + _When_((Flags & HEAP_CREATE_SEGMENT_HEAP) != 0, _In_reads_bytes_opt_(sizeof(RTL_SEGMENT_HEAP_PARAMETERS))) + _When_((Flags & HEAP_CREATE_SEGMENT_HEAP) == 0, _In_reads_bytes_opt_(sizeof(RTL_HEAP_PARAMETERS))) + _In_opt_ PVOID Parameters + ); + +NTSYSAPI +PVOID +NTAPI +RtlDestroyHeap( + _In_ _Post_invalid_ PVOID HeapHandle + ); + +NTSYSAPI +_Success_(return != 0) +_Must_inspect_result_ +_Ret_maybenull_ +_Post_writable_byte_size_(Size) +__drv_allocatesMem(Mem) +DECLSPEC_ALLOCATOR +PVOID +NTAPI +RtlAllocateHeap( + _In_ PVOID HeapHandle, + _In_opt_ ULONG Flags, + _In_ SIZE_T Size + ); + +#if (PHNT_VERSION >= PHNT_WIN8) +_Success_(return != 0) +NTSYSAPI +LOGICAL +NTAPI +RtlFreeHeap( + _In_ PVOID HeapHandle, + _In_opt_ ULONG Flags, + _Frees_ptr_opt_ PVOID BaseAddress + ); +#else +_Success_(return) +NTSYSAPI +BOOLEAN +NTAPI +RtlFreeHeap( + _In_ PVOID HeapHandle, + _In_opt_ ULONG Flags, + _Frees_ptr_opt_ PVOID BaseAddress + ); +#endif + +NTSYSAPI +SIZE_T +NTAPI +RtlSizeHeap( + _In_ PVOID HeapHandle, + _In_ ULONG Flags, + _In_ PVOID BaseAddress + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlZeroHeap( + _In_ PVOID HeapHandle, + _In_ ULONG Flags + ); + +NTSYSAPI +VOID +NTAPI +RtlProtectHeap( + _In_ PVOID HeapHandle, + _In_ BOOLEAN MakeReadOnly + ); + +#define RtlProcessHeap() (NtCurrentPeb()->ProcessHeap) + +NTSYSAPI +BOOLEAN +NTAPI +RtlLockHeap( + _In_ PVOID HeapHandle + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlUnlockHeap( + _In_ PVOID HeapHandle + ); + +NTSYSAPI +_Success_(return != 0) +_Must_inspect_result_ +_Ret_maybenull_ +_Post_writable_byte_size_(Size) +_When_(Size > 0, __drv_allocatesMem(Mem)) +DECLSPEC_ALLOCATOR +PVOID +NTAPI +RtlReAllocateHeap( + _In_ PVOID HeapHandle, + _In_ ULONG Flags, + _Frees_ptr_opt_ PVOID BaseAddress, + _In_ SIZE_T Size + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlGetUserInfoHeap( + _In_ PVOID HeapHandle, + _In_ ULONG Flags, + _In_ PVOID BaseAddress, + _Out_opt_ PVOID *UserValue, + _Out_opt_ PULONG UserFlags + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlSetUserValueHeap( + _In_ PVOID HeapHandle, + _In_ ULONG Flags, + _In_ PVOID BaseAddress, + _In_ PVOID UserValue + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlSetUserFlagsHeap( + _In_ PVOID HeapHandle, + _In_ ULONG Flags, + _In_ PVOID BaseAddress, + _In_ ULONG UserFlagsReset, + _In_ ULONG UserFlagsSet + ); + +typedef struct _RTL_HEAP_TAG_INFO +{ + ULONG NumberOfAllocations; + ULONG NumberOfFrees; + SIZE_T BytesAllocated; +} RTL_HEAP_TAG_INFO, *PRTL_HEAP_TAG_INFO; + +#define RTL_HEAP_MAKE_TAG HEAP_MAKE_TAG_FLAGS + +NTSYSAPI +ULONG +NTAPI +RtlCreateTagHeap( + _In_ PVOID HeapHandle, + _In_ ULONG Flags, + _In_opt_ PWSTR TagPrefix, + _In_ PWSTR TagNames + ); + +NTSYSAPI +PWSTR +NTAPI +RtlQueryTagHeap( + _In_ PVOID HeapHandle, + _In_ ULONG Flags, + _In_ USHORT TagIndex, + _In_ BOOLEAN ResetCounters, + _Out_opt_ PRTL_HEAP_TAG_INFO TagInfo + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlExtendHeap( + _In_ PVOID HeapHandle, + _In_ ULONG Flags, + _In_ PVOID Base, + _In_ SIZE_T Size + ); + +NTSYSAPI +SIZE_T +NTAPI +RtlCompactHeap( + _In_ PVOID HeapHandle, + _In_ ULONG Flags + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlValidateHeap( + _In_opt_ PVOID HeapHandle, + _In_ ULONG Flags, + _In_opt_ PVOID BaseAddress + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlValidateProcessHeaps( + VOID + ); + +NTSYSAPI +ULONG +NTAPI +RtlGetProcessHeaps( + _In_ ULONG NumberOfHeaps, + _Out_ PVOID *ProcessHeaps + ); + +_Function_class_(RTL_ENUM_HEAPS_ROUTINE) +typedef NTSTATUS (NTAPI RTL_ENUM_HEAPS_ROUTINE)( + _In_ PVOID HeapHandle, + _In_ PVOID Parameter + ); +typedef RTL_ENUM_HEAPS_ROUTINE *PRTL_ENUM_HEAPS_ROUTINE; + +NTSYSAPI +NTSTATUS +NTAPI +RtlEnumProcessHeaps( + _In_ PRTL_ENUM_HEAPS_ROUTINE EnumRoutine, + _In_ PVOID Parameter + ); + +typedef struct _RTL_HEAP_USAGE_ENTRY +{ + struct _RTL_HEAP_USAGE_ENTRY *Next; + PVOID Address; + SIZE_T Size; + USHORT AllocatorBackTraceIndex; + USHORT TagIndex; +} RTL_HEAP_USAGE_ENTRY, *PRTL_HEAP_USAGE_ENTRY; + +typedef struct _RTL_HEAP_USAGE +{ + ULONG Length; + SIZE_T BytesAllocated; + SIZE_T BytesCommitted; + SIZE_T BytesReserved; + SIZE_T BytesReservedMaximum; + PRTL_HEAP_USAGE_ENTRY Entries; + PRTL_HEAP_USAGE_ENTRY AddedEntries; + PRTL_HEAP_USAGE_ENTRY RemovedEntries; + ULONG_PTR Reserved[8]; +} RTL_HEAP_USAGE, *PRTL_HEAP_USAGE; + +#define HEAP_USAGE_ALLOCATED_BLOCKS HEAP_REALLOC_IN_PLACE_ONLY +#define HEAP_USAGE_FREE_BUFFER HEAP_ZERO_MEMORY + +NTSYSAPI +NTSTATUS +NTAPI +RtlUsageHeap( + _In_ PVOID HeapHandle, + _In_ ULONG Flags, + _Inout_ PRTL_HEAP_USAGE Usage + ); + +typedef struct _RTL_HEAP_WALK_ENTRY +{ + PVOID DataAddress; + SIZE_T DataSize; + UCHAR OverheadBytes; + UCHAR SegmentIndex; + USHORT Flags; + union + { + struct + { + SIZE_T Settable; + USHORT TagIndex; + USHORT AllocatorBackTraceIndex; + ULONG Reserved[2]; + } Block; + struct + { + ULONG CommittedSize; + ULONG UnCommittedSize; + PVOID FirstEntry; + PVOID LastEntry; + } Segment; + }; +} RTL_HEAP_WALK_ENTRY, *PRTL_HEAP_WALK_ENTRY; + +NTSYSAPI +NTSTATUS +NTAPI +RtlWalkHeap( + _In_ PVOID HeapHandle, + _Inout_ PRTL_HEAP_WALK_ENTRY Entry + ); + +// HEAP_INFORMATION_CLASS +#define HeapCompatibilityInformation 0x0 // q; s: ULONG +#define HeapEnableTerminationOnCorruption 0x1 // q; s: NULL +#define HeapExtendedInformation 0x2 // q; s: HEAP_EXTENDED_INFORMATION +#define HeapOptimizeResources 0x3 // q; s: HEAP_OPTIMIZE_RESOURCES_INFORMATION +#define HeapTaggingInformation 0x4 +#define HeapStackDatabase 0x5 // q: RTL_HEAP_STACK_QUERY; s: RTL_HEAP_STACK_CONTROL +#define HeapMemoryLimit 0x6 // since 19H2 +#define HeapTag 0x7 // since 20H1 +#define HeapDetailedFailureInformation 0x80000001 +#define HeapSetDebuggingInformation 0x80000002 // q; s: HEAP_DEBUGGING_INFORMATION + +typedef enum _HEAP_COMPATIBILITY_MODE +{ + HEAP_COMPATIBILITY_STANDARD = 0UL, + HEAP_COMPATIBILITY_LAL = 1UL, + HEAP_COMPATIBILITY_LFH = 2UL, +} HEAP_COMPATIBILITY_MODE; + +typedef struct _RTLP_TAG_INFO +{ + GUID Id; + ULONG_PTR CurrentAllocatedBytes; +} RTLP_TAG_INFO, *PRTLP_TAG_INFO; + +typedef struct _RTLP_HEAP_TAGGING_INFO +{ + USHORT Version; + USHORT Flags; + PVOID ProcessHandle; + ULONG_PTR EntriesCount; + RTLP_TAG_INFO Entries[1]; +} RTLP_HEAP_TAGGING_INFO, *PRTLP_HEAP_TAGGING_INFO; + +typedef struct _PROCESS_HEAP_INFORMATION +{ + SIZE_T ReserveSize; + SIZE_T CommitSize; + ULONG NumberOfHeaps; + ULONG_PTR FirstHeapInformationOffset; +} PROCESS_HEAP_INFORMATION, *PPROCESS_HEAP_INFORMATION; + +typedef struct _HEAP_REGION_INFORMATION +{ + PVOID Address; + SIZE_T ReserveSize; + SIZE_T CommitSize; + ULONG_PTR FirstRangeInformationOffset; + ULONG_PTR NextRegionInformationOffset; +} HEAP_REGION_INFORMATION, *PHEAP_REGION_INFORMATION; + +typedef struct _HEAP_RANGE_INFORMATION +{ + PVOID Address; + SIZE_T Size; + ULONG Type; + ULONG Protection; + ULONG_PTR FirstBlockInformationOffset; + ULONG_PTR NextRangeInformationOffset; +} HEAP_RANGE_INFORMATION, *PHEAP_RANGE_INFORMATION; + +typedef struct _HEAP_BLOCK_INFORMATION +{ + PVOID Address; + ULONG Flags; + SIZE_T DataSize; + ULONG_PTR OverheadSize; + ULONG_PTR NextBlockInformationOffset; +} HEAP_BLOCK_INFORMATION, *PHEAP_BLOCK_INFORMATION; + +typedef struct _HEAP_INFORMATION +{ + PVOID Address; + ULONG Mode; + SIZE_T ReserveSize; + SIZE_T CommitSize; + ULONG_PTR FirstRegionInformationOffset; + ULONG_PTR NextHeapInformationOffset; +} HEAP_INFORMATION, *PHEAP_INFORMATION; + +typedef struct _SEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION +{ + SIZE_T SegmentReserveSize; + SIZE_T SegmentCommitSize; + ULONG_PTR SegmentCount; + SIZE_T AllocatedSize; + SIZE_T LargeAllocReserveSize; + SIZE_T LargeAllocCommitSize; +} SEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION, *PSEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION; + +#define HeapPerformanceCountersInformationStandardHeapVersion 0x1 +#define HeapPerformanceCountersInformationSegmentHeapVersion 0x2 + +typedef struct _HEAP_PERFORMANCE_COUNTERS_INFORMATION +{ + ULONG Size; + ULONG Version; + ULONG HeapIndex; + ULONG LastHeapIndex; + PVOID BaseAddress; + SIZE_T ReserveSize; + SIZE_T CommitSize; + ULONG SegmentCount; + SIZE_T LargeUCRMemory; + ULONG UCRLength; + SIZE_T AllocatedSpace; + SIZE_T FreeSpace; + ULONG FreeListLength; + ULONG Contention; + ULONG VirtualBlocks; + ULONG CommitRate; + ULONG DecommitRate; + SEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION SegmentHeapPerfInformation; // since WIN8 +} HEAP_PERFORMANCE_COUNTERS_INFORMATION, *PHEAP_PERFORMANCE_COUNTERS_INFORMATION; + +typedef struct _HEAP_INFORMATION_ITEM +{ + ULONG Level; + SIZE_T Size; + union + { + PROCESS_HEAP_INFORMATION ProcessHeapInformation; + HEAP_INFORMATION HeapInformation; + HEAP_REGION_INFORMATION HeapRegionInformation; + HEAP_RANGE_INFORMATION HeapRangeInformation; + HEAP_BLOCK_INFORMATION HeapBlockInformation; + HEAP_PERFORMANCE_COUNTERS_INFORMATION HeapPerfInformation; + ULONG_PTR DynamicStart; + }; +} HEAP_INFORMATION_ITEM, *PHEAP_INFORMATION_ITEM; + +typedef NTSTATUS (NTAPI *PRTL_HEAP_EXTENDED_ENUMERATION_ROUTINE)( + _In_ PHEAP_INFORMATION_ITEM Information, + _In_opt_ PVOID Context + ); + +// HEAP_EXTENDED_INFORMATION Level +#define HeapExtendedProcessHeapInformationLevel 0x1 +#define HeapExtendedHeapInformationLevel 0x2 +#define HeapExtendedHeapRegionInformationLevel 0x3 +#define HeapExtendedHeapRangeInformationLevel 0x4 +#define HeapExtendedHeapBlockInformationLevel 0x5 +#define HeapExtendedHeapHeapPerfInformationLevel 0x80000000 + +typedef struct _HEAP_EXTENDED_INFORMATION +{ + HANDLE ProcessHandle; + PVOID HeapHandle; + ULONG Level; + PRTL_HEAP_EXTENDED_ENUMERATION_ROUTINE CallbackRoutine; + PVOID CallbackContext; + union + { + PROCESS_HEAP_INFORMATION ProcessHeapInformation; + HEAP_INFORMATION HeapInformation; + }; +} HEAP_EXTENDED_INFORMATION, *PHEAP_EXTENDED_INFORMATION; + +// rev +typedef NTSTATUS (NTAPI *RTL_HEAP_STACK_WRITE_ROUTINE)( + _In_ PVOID Information, // TODO: 3 missing structures (dmex) + _In_ ULONG Size, + _In_opt_ PVOID Context + ); + +// rev +typedef struct _RTLP_HEAP_STACK_TRACE_SERIALIZATION_INIT +{ + ULONG Count; + ULONG Total; + ULONG Flags; +} RTLP_HEAP_STACK_TRACE_SERIALIZATION_INIT, *PRTLP_HEAP_STACK_TRACE_SERIALIZATION_INIT; + +// rev +typedef struct _RTLP_HEAP_STACK_TRACE_SERIALIZATION_HEADER +{ + USHORT Version; + USHORT PointerSize; + PVOID Heap; + SIZE_T TotalCommit; + SIZE_T TotalReserve; +} RTLP_HEAP_STACK_TRACE_SERIALIZATION_HEADER, *PRTLP_HEAP_STACK_TRACE_SERIALIZATION_HEADER; + +// rev +typedef struct _RTLP_HEAP_STACK_TRACE_SERIALIZATION_ALLOCATION +{ + PVOID Address; + ULONG Flags; + SIZE_T DataSize; +} RTLP_HEAP_STACK_TRACE_SERIALIZATION_ALLOCATION, *PRTLP_HEAP_STACK_TRACE_SERIALIZATION_ALLOCATION; + +// rev +typedef struct _RTLP_HEAP_STACK_TRACE_SERIALIZATION_STACKFRAME +{ + PVOID StackFrame[8]; +} RTLP_HEAP_STACK_TRACE_SERIALIZATION_STACKFRAME, *PRTLP_HEAP_STACK_TRACE_SERIALIZATION_STACKFRAME; + +#define HEAP_STACK_QUERY_VERSION 0x2 + +typedef struct _RTL_HEAP_STACK_QUERY +{ + ULONG Version; + HANDLE ProcessHandle; + RTL_HEAP_STACK_WRITE_ROUTINE WriteRoutine; + PVOID SerializationContext; + UCHAR QueryLevel; + UCHAR Flags; +} RTL_HEAP_STACK_QUERY, *PRTL_HEAP_STACK_QUERY; + +#define HEAP_STACK_CONTROL_VERSION 0x1 +#define HEAP_STACK_CONTROL_FLAGS_STACKTRACE_ENABLE 0x1 +#define HEAP_STACK_CONTROL_FLAGS_STACKTRACE_DISABLE 0x2 + +typedef struct _RTL_HEAP_STACK_CONTROL +{ + USHORT Version; + USHORT Flags; + HANDLE ProcessHandle; +} RTL_HEAP_STACK_CONTROL, *PRTL_HEAP_STACK_CONTROL; + +// rev +typedef NTSTATUS (NTAPI *PRTL_HEAP_DEBUGGING_INTERCEPTOR_ROUTINE)( + _In_ PVOID HeapHandle, + _In_ ULONG Action, + _In_ ULONG StackFramesToCapture, + _In_ PVOID *StackTrace + ); + +// rev +typedef NTSTATUS (NTAPI *PRTL_HEAP_LEAK_ENUMERATION_ROUTINE)( + _In_ LONG Reserved, + _In_ PVOID HeapHandle, + _In_ PVOID BaseAddress, + _In_ SIZE_T BlockSize, + _In_ ULONG StackTraceDepth, + _In_ PVOID *StackTrace + ); + +// symbols +typedef struct _HEAP_DEBUGGING_INFORMATION +{ + PRTL_HEAP_DEBUGGING_INTERCEPTOR_ROUTINE InterceptorFunction; + USHORT InterceptorValue; + ULONG ExtendedOptions; + ULONG StackTraceDepth; + SIZE_T MinTotalBlockSize; + SIZE_T MaxTotalBlockSize; + PRTL_HEAP_LEAK_ENUMERATION_ROUTINE HeapLeakEnumerationRoutine; +} HEAP_DEBUGGING_INFORMATION, *PHEAP_DEBUGGING_INFORMATION; + +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryHeapInformation( + _In_opt_ PVOID HeapHandle, + _In_ HEAP_INFORMATION_CLASS HeapInformationClass, + _Out_opt_ PVOID HeapInformation, + _In_opt_ SIZE_T HeapInformationLength, + _Out_opt_ PSIZE_T ReturnLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetHeapInformation( + _In_opt_ PVOID HeapHandle, + _In_ HEAP_INFORMATION_CLASS HeapInformationClass, + _In_opt_ PVOID HeapInformation, + _In_opt_ SIZE_T HeapInformationLength + ); + +NTSYSAPI +ULONG +NTAPI +RtlMultipleAllocateHeap( + _In_ PVOID HeapHandle, + _In_ ULONG Flags, + _In_ SIZE_T Size, + _In_ ULONG Count, + _Out_ PVOID *Array + ); + +NTSYSAPI +ULONG +NTAPI +RtlMultipleFreeHeap( + _In_ PVOID HeapHandle, + _In_ ULONG Flags, + _In_ ULONG Count, + _In_ PVOID *Array + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSAPI +VOID +NTAPI +RtlDetectHeapLeaks( + VOID + ); +#endif + +NTSYSAPI +VOID +NTAPI +RtlFlushHeaps( + VOID + ); + +// Memory zones + +// begin_private + +typedef struct _RTL_MEMORY_ZONE_SEGMENT +{ + struct _RTL_MEMORY_ZONE_SEGMENT *NextSegment; + SIZE_T Size; + PVOID Next; + PVOID Limit; +} RTL_MEMORY_ZONE_SEGMENT, *PRTL_MEMORY_ZONE_SEGMENT; + +typedef struct _RTL_MEMORY_ZONE +{ + RTL_MEMORY_ZONE_SEGMENT Segment; + RTL_SRWLOCK Lock; + ULONG LockCount; + PRTL_MEMORY_ZONE_SEGMENT FirstSegment; +} RTL_MEMORY_ZONE, *PRTL_MEMORY_ZONE; + +#if (PHNT_VERSION >= PHNT_VISTA) + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateMemoryZone( + _Out_ PVOID *MemoryZone, + _In_ SIZE_T InitialSize, + _Reserved_ ULONG Flags + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDestroyMemoryZone( + _In_ _Post_invalid_ PVOID MemoryZone + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAllocateMemoryZone( + _In_ PVOID MemoryZone, + _In_ SIZE_T BlockSize, + _Out_ PVOID *Block + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlResetMemoryZone( + _In_ PVOID MemoryZone + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlLockMemoryZone( + _In_ PVOID MemoryZone + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUnlockMemoryZone( + _In_ PVOID MemoryZone + ); + +#endif + +// Memory block lookaside lists + +#if (PHNT_VERSION >= PHNT_VISTA) + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateMemoryBlockLookaside( + _Out_ PVOID *MemoryBlockLookaside, + _Reserved_ ULONG Flags, + _In_ ULONG InitialSize, + _In_ ULONG MinimumBlockSize, + _In_ ULONG MaximumBlockSize + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDestroyMemoryBlockLookaside( + _In_ PVOID MemoryBlockLookaside + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAllocateMemoryBlockLookaside( + _In_ PVOID MemoryBlockLookaside, + _In_ ULONG BlockSize, + _Out_ PVOID *Block + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlFreeMemoryBlockLookaside( + _In_ PVOID MemoryBlockLookaside, + _In_ PVOID Block + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlExtendMemoryBlockLookaside( + _In_ PVOID MemoryBlockLookaside, + _In_ ULONG Increment + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlResetMemoryBlockLookaside( + _In_ PVOID MemoryBlockLookaside + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlLockMemoryBlockLookaside( + _In_ PVOID MemoryBlockLookaside + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUnlockMemoryBlockLookaside( + _In_ PVOID MemoryBlockLookaside + ); + +#endif + +// end_private + +// Transactions + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +HANDLE +NTAPI +RtlGetCurrentTransaction( + VOID + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +LOGICAL +NTAPI +RtlSetCurrentTransaction( + _In_opt_ HANDLE TransactionHandle + ); +#endif + +// LUIDs + +FORCEINLINE BOOLEAN RtlIsEqualLuid( // RtlEqualLuid + _In_ PLUID L1, + _In_ PLUID L2 + ) +{ + return L1->LowPart == L2->LowPart && + L1->HighPart == L2->HighPart; +} + +FORCEINLINE BOOLEAN RtlIsZeroLuid( + _In_ PLUID L1 + ) +{ + return (L1->LowPart | L1->HighPart) == 0; +} + +FORCEINLINE +LUID +NTAPI_INLINE +RtlConvertLongToLuid( + _In_ LONG Long + ) +{ + LUID tempLuid; + LARGE_INTEGER tempLi; + + tempLi.QuadPart = Long; + tempLuid.LowPart = tempLi.LowPart; + tempLuid.HighPart = tempLi.HighPart; + + return tempLuid; +} + +FORCEINLINE +LUID +NTAPI_INLINE +RtlConvertUlongToLuid( + _In_ ULONG Ulong + ) +{ + LUID tempLuid; + + tempLuid.LowPart = Ulong; + tempLuid.HighPart = 0; + + return tempLuid; +} + +NTSYSAPI +VOID +NTAPI +RtlCopyLuid( + _Out_ PLUID DestinationLuid, + _In_ PLUID SourceLuid + ); + +// ros +NTSYSAPI +VOID +NTAPI +RtlCopyLuidAndAttributesArray( + _In_ ULONG Count, + _In_ PLUID_AND_ATTRIBUTES Src, + _In_ PLUID_AND_ATTRIBUTES Dest + ); + +// Byte swap routines. + +#ifndef PHNT_RTL_BYTESWAP +#define RtlUshortByteSwap(_x) _byteswap_ushort((USHORT)(_x)) +#define RtlUlongByteSwap(_x) _byteswap_ulong((_x)) +#define RtlUlonglongByteSwap(_x) _byteswap_uint64((_x)) +#else +NTSYSAPI +USHORT +FASTCALL +RtlUshortByteSwap( + _In_ USHORT Source + ); + +NTSYSAPI +ULONG +FASTCALL +RtlUlongByteSwap( + _In_ ULONG Source + ); + +NTSYSAPI +ULONGLONG +FASTCALL +RtlUlonglongByteSwap( + _In_ ULONGLONG Source + ); +#endif + +// Debugging + +// private +typedef struct _RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES; +typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX *PRTL_PROCESS_MODULE_INFORMATION_EX; +typedef struct _RTL_PROCESS_BACKTRACES *PRTL_PROCESS_BACKTRACES; +typedef struct _RTL_PROCESS_LOCKS *PRTL_PROCESS_LOCKS; + +typedef struct _RTL_PROCESS_VERIFIER_OPTIONS +{ + ULONG SizeStruct; + ULONG Option; + UCHAR OptionData[1]; +} RTL_PROCESS_VERIFIER_OPTIONS, *PRTL_PROCESS_VERIFIER_OPTIONS; + +// private +typedef struct _RTL_DEBUG_INFORMATION +{ + HANDLE SectionHandleClient; + PVOID ViewBaseClient; + PVOID ViewBaseTarget; + ULONG_PTR ViewBaseDelta; + HANDLE EventPairClient; + HANDLE EventPairTarget; + HANDLE TargetProcessId; + HANDLE TargetThreadHandle; + ULONG Flags; + SIZE_T OffsetFree; + SIZE_T CommitSize; + SIZE_T ViewSize; + union + { + PRTL_PROCESS_MODULES Modules; + PRTL_PROCESS_MODULE_INFORMATION_EX ModulesEx; + }; + PRTL_PROCESS_BACKTRACES BackTraces; + PVOID Heaps; + PRTL_PROCESS_LOCKS Locks; + PVOID SpecificHeap; + HANDLE TargetProcessHandle; + PRTL_PROCESS_VERIFIER_OPTIONS VerifierOptions; + PVOID ProcessHeap; + HANDLE CriticalSectionHandle; + HANDLE CriticalSectionOwnerThread; + PVOID Reserved[4]; +} RTL_DEBUG_INFORMATION, *PRTL_DEBUG_INFORMATION; + +NTSYSAPI +PRTL_DEBUG_INFORMATION +NTAPI +RtlCreateQueryDebugBuffer( + _In_opt_ ULONG MaximumCommit, + _In_ BOOLEAN UseEventPair + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDestroyQueryDebugBuffer( + _In_ PRTL_DEBUG_INFORMATION Buffer + ); + +#if (PHNT_VERSION >= PHNT_VISTA) + +// private +NTSYSAPI +PVOID +NTAPI +RtlCommitDebugInfo( + _Inout_ PRTL_DEBUG_INFORMATION Buffer, + _In_ SIZE_T Size + ); + +// private +NTSYSAPI +VOID +NTAPI +RtlDeCommitDebugInfo( + _Inout_ PRTL_DEBUG_INFORMATION Buffer, + _In_ PVOID p, + _In_ SIZE_T Size + ); + +#endif + +#define RTL_QUERY_PROCESS_MODULES 0x00000001 +#define RTL_QUERY_PROCESS_BACKTRACES 0x00000002 +#define RTL_QUERY_PROCESS_HEAP_SUMMARY 0x00000004 +#define RTL_QUERY_PROCESS_HEAP_TAGS 0x00000008 +#define RTL_QUERY_PROCESS_HEAP_ENTRIES 0x00000010 +#define RTL_QUERY_PROCESS_LOCKS 0x00000020 +#define RTL_QUERY_PROCESS_MODULES32 0x00000040 +#define RTL_QUERY_PROCESS_VERIFIER_OPTIONS 0x00000080 // rev +#define RTL_QUERY_PROCESS_MODULESEX 0x00000100 // rev +#define RTL_QUERY_PROCESS_HEAP_SEGMENTS 0x00000200 +#define RTL_QUERY_PROCESS_CS_OWNER 0x00000400 // rev +#define RTL_QUERY_PROCESS_NONINVASIVE 0x80000000 +#define RTL_QUERY_PROCESS_NONINVASIVE_CS_OWNER 0x80000800 // WIN11 + +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryProcessDebugInformation( + _In_ HANDLE UniqueProcessId, + _In_ ULONG Flags, + _Inout_ PRTL_DEBUG_INFORMATION Buffer + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlSetProcessDebugInformation( + _In_ HANDLE UniqueProcessId, + _In_ ULONG Flags, + _Inout_ PRTL_DEBUG_INFORMATION Buffer + ); + +// rev +FORCEINLINE +BOOLEAN +NTAPI +RtlIsAnyDebuggerPresent( + VOID + ) +{ + BOOLEAN result; + + result = NtCurrentPeb()->BeingDebugged; + + if (!result) + return USER_SHARED_DATA->KdDebuggerEnabled; + + return result; +} + +// Messages + +NTSYSAPI +NTSTATUS +NTAPI +RtlFindMessage( + _In_ PVOID DllHandle, + _In_ ULONG MessageTableId, + _In_ ULONG MessageLanguageId, + _In_ ULONG MessageId, + _Out_ PMESSAGE_RESOURCE_ENTRY *MessageEntry + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlFormatMessage( + _In_ PWSTR MessageFormat, + _In_ ULONG MaximumWidth, + _In_ BOOLEAN IgnoreInserts, + _In_ BOOLEAN ArgumentsAreAnsi, + _In_ BOOLEAN ArgumentsAreAnArray, + _In_ va_list *Arguments, + _Out_writes_bytes_to_(Length, *ReturnLength) PWSTR Buffer, + _In_ ULONG Length, + _Out_opt_ PULONG ReturnLength + ); + +typedef struct _PARSE_MESSAGE_CONTEXT +{ + ULONG fFlags; + ULONG cwSavColumn; + SIZE_T iwSrc; + SIZE_T iwDst; + SIZE_T iwDstSpace; + va_list lpvArgStart; +} PARSE_MESSAGE_CONTEXT, *PPARSE_MESSAGE_CONTEXT; + +#define INIT_PARSE_MESSAGE_CONTEXT(ctx) { (ctx)->fFlags = 0; } +#define TEST_PARSE_MESSAGE_CONTEXT_FLAG(ctx, flag) ((ctx)->fFlags & (flag)) +#define SET_PARSE_MESSAGE_CONTEXT_FLAG(ctx, flag) ((ctx)->fFlags |= (flag)) +#define CLEAR_PARSE_MESSAGE_CONTEXT_FLAG(ctx, flag) ((ctx)->fFlags &= ~(flag)) + +NTSYSAPI +NTSTATUS +NTAPI +RtlFormatMessageEx( + _In_ PWSTR MessageFormat, + _In_ ULONG MaximumWidth, + _In_ BOOLEAN IgnoreInserts, + _In_ BOOLEAN ArgumentsAreAnsi, + _In_ BOOLEAN ArgumentsAreAnArray, + _In_ va_list *Arguments, + _Out_writes_bytes_to_(Length, *ReturnLength) PWSTR Buffer, + _In_ ULONG Length, + _Out_opt_ PULONG ReturnLength, + _Out_opt_ PPARSE_MESSAGE_CONTEXT ParseContext + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetFileMUIPath( + _In_ ULONG Flags, + _In_ PCWSTR FilePath, + _Inout_opt_ PWSTR Language, + _Inout_ PULONG LanguageLength, + _Out_opt_ PWSTR FileMUIPath, + _Inout_ PULONG FileMUIPathLength, + _Inout_ PULONGLONG Enumerator + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlLoadString( + _In_ PVOID DllHandle, + _In_ ULONG StringId, + _In_opt_ PCWSTR StringLanguage, + _In_ ULONG Flags, + _Out_ PCWSTR *ReturnString, + _Out_opt_ PUSHORT ReturnStringLen, + _Out_writes_(ReturnLanguageLen) PWSTR ReturnLanguageName, + _Inout_opt_ PULONG ReturnLanguageLen + ); + +// Errors + +NTSYSAPI +ULONG +NTAPI +RtlNtStatusToDosError( + _In_ NTSTATUS Status + ); + +NTSYSAPI +ULONG +NTAPI +RtlNtStatusToDosErrorNoTeb( + _In_ NTSTATUS Status + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetLastNtStatus( + VOID + ); + +NTSYSAPI +LONG +NTAPI +RtlGetLastWin32Error( + VOID + ); + +NTSYSAPI +VOID +NTAPI +RtlSetLastWin32ErrorAndNtStatusFromNtStatus( + _In_ NTSTATUS Status + ); + +NTSYSAPI +VOID +NTAPI +RtlSetLastWin32Error( + _In_ LONG Win32Error + ); + +NTSYSAPI +VOID +NTAPI +RtlRestoreLastWin32Error( + _In_ LONG Win32Error + ); + +#define RTL_ERRORMODE_FAILCRITICALERRORS 0x0010 +#define RTL_ERRORMODE_NOGPFAULTERRORBOX 0x0020 +#define RTL_ERRORMODE_NOOPENFILEERRORBOX 0x0040 + +NTSYSAPI +ULONG +NTAPI +RtlGetThreadErrorMode( + VOID + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetThreadErrorMode( + _In_ ULONG NewMode, + _Out_opt_ PULONG OldMode + ); + +// Windows Error Reporting + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlReportException( + _In_ PEXCEPTION_RECORD ExceptionRecord, + _In_ PCONTEXT ContextRecord, + _In_ ULONG Flags + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlReportExceptionEx( + _In_ PEXCEPTION_RECORD ExceptionRecord, + _In_ PCONTEXT ContextRecord, + _In_ ULONG Flags, + _In_ PLARGE_INTEGER Timeout + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlWerpReportException( + _In_ ULONG ProcessId, + _In_ HANDLE CrashReportSharedMem, + _In_ ULONG Flags, + _Out_ PHANDLE CrashVerticalProcessHandle + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN7) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlReportSilentProcessExit( + _In_ HANDLE ProcessHandle, + _In_ NTSTATUS ExitStatus + ); +#endif + +// Random + +NTSYSAPI +ULONG +NTAPI +RtlUniform( + _Inout_ PULONG Seed + ); + +_Ret_range_(<=, MAXLONG) +NTSYSAPI +ULONG +NTAPI +RtlRandom( + _Inout_ PULONG Seed + ); + +_Ret_range_(<=, MAXLONG) +NTSYSAPI +ULONG +NTAPI +RtlRandomEx( + _Inout_ PULONG Seed + ); + +#define RTL_IMPORT_TABLE_HASH_REVISION 1 + +NTSYSAPI +NTSTATUS +NTAPI +RtlComputeImportTableHash( + _In_ HANDLE FileHandle, + _Out_writes_bytes_(16) PCHAR Hash, + _In_ ULONG ImportTableHashRevision // must be 1 + ); + +// Integer conversion + +NTSYSAPI +NTSTATUS +NTAPI +RtlIntegerToChar( + _In_ ULONG Value, + _In_opt_ ULONG Base, + _In_ LONG OutputLength, // negative to pad to width + _Out_ PSTR String + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCharToInteger( + _In_ PCSTR String, + _In_opt_ ULONG Base, + _Out_ PULONG Value + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlLargeIntegerToChar( + _In_ PLARGE_INTEGER Value, + _In_opt_ ULONG Base, + _In_ LONG OutputLength, + _Out_ PSTR String + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlIntegerToUnicodeString( + _In_ ULONG Value, + _In_opt_ ULONG Base, + _Inout_ PUNICODE_STRING String + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlInt64ToUnicodeString( + _In_ ULONGLONG Value, + _In_opt_ ULONG Base, + _Inout_ PUNICODE_STRING String + ); + +#ifdef _WIN64 +#define RtlIntPtrToUnicodeString(Value, Base, String) RtlInt64ToUnicodeString(Value, Base, String) +#else +#define RtlIntPtrToUnicodeString(Value, Base, String) RtlIntegerToUnicodeString(Value, Base, String) +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlUnicodeStringToInteger( + _In_ PUNICODE_STRING String, + _In_opt_ ULONG Base, + _Out_ PULONG Value + ); + +// IPv4/6 conversion + +typedef struct in_addr IN_ADDR, *PIN_ADDR; +typedef struct in6_addr IN6_ADDR, *PIN6_ADDR; +typedef IN_ADDR const *PCIN_ADDR; +typedef IN6_ADDR const *PCIN6_ADDR; + +NTSYSAPI +PWSTR +NTAPI +RtlIpv4AddressToStringW( + _In_ PCIN_ADDR Address, + _Out_writes_(16) PWSTR AddressString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlIpv4AddressToStringExW( + _In_ PCIN_ADDR Address, + _In_ USHORT Port, + _Out_writes_to_(*AddressStringLength, *AddressStringLength) PWSTR AddressString, + _Inout_ PULONG AddressStringLength + ); + +NTSYSAPI +PWSTR +NTAPI +RtlIpv6AddressToStringW( + _In_ PCIN6_ADDR Address, + _Out_writes_(46) PWSTR AddressString + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlIpv6AddressToStringExW( + _In_ PCIN6_ADDR Address, + _In_ ULONG ScopeId, + _In_ USHORT Port, + _Out_writes_to_(*AddressStringLength, *AddressStringLength) PWSTR AddressString, + _Inout_ PULONG AddressStringLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlIpv4StringToAddressW( + _In_ PCWSTR AddressString, + _In_ BOOLEAN Strict, + _Out_ LPCWSTR *Terminator, + _Out_ PIN_ADDR Address + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlIpv4StringToAddressExW( + _In_ PCWSTR AddressString, + _In_ BOOLEAN Strict, + _Out_ PIN_ADDR Address, + _Out_ PUSHORT Port + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlIpv6StringToAddressW( + _In_ PCWSTR AddressString, + _Out_ PCWSTR *Terminator, + _Out_ PIN6_ADDR Address + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlIpv6StringToAddressExW( + _In_ PCWSTR AddressString, + _Out_ PIN6_ADDR Address, + _Out_ PULONG ScopeId, + _Out_ PUSHORT Port + ); + +#define RtlIpv4AddressToString RtlIpv4AddressToStringW +#define RtlIpv4AddressToStringEx RtlIpv4AddressToStringExW +#define RtlIpv6AddressToString RtlIpv6AddressToStringW +#define RtlIpv6AddressToStringEx RtlIpv6AddressToStringExW +#define RtlIpv4StringToAddress RtlIpv4StringToAddressW +#define RtlIpv4StringToAddressEx RtlIpv4StringToAddressExW +#define RtlIpv6StringToAddress RtlIpv6StringToAddressW +#define RtlIpv6StringToAddressEx RtlIpv6StringToAddressExW + +// Time + +typedef struct _TIME_FIELDS +{ + CSHORT Year; // 1601... + CSHORT Month; // 1..12 + CSHORT Day; // 1..31 + CSHORT Hour; // 0..23 + CSHORT Minute; // 0..59 + CSHORT Second; // 0..59 + CSHORT Milliseconds; // 0..999 + CSHORT Weekday; // 0..6 = Sunday..Saturday +} TIME_FIELDS, *PTIME_FIELDS; + +NTSYSAPI +BOOLEAN +NTAPI +RtlCutoverTimeToSystemTime( + _In_ PTIME_FIELDS CutoverTime, + _Out_ PLARGE_INTEGER SystemTime, + _In_ PLARGE_INTEGER CurrentSystemTime, + _In_ BOOLEAN ThisYear + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSystemTimeToLocalTime( + _In_ PLARGE_INTEGER SystemTime, + _Out_ PLARGE_INTEGER LocalTime + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlLocalTimeToSystemTime( + _In_ PLARGE_INTEGER LocalTime, + _Out_ PLARGE_INTEGER SystemTime + ); + +NTSYSAPI +VOID +NTAPI +RtlTimeToElapsedTimeFields( + _In_ PLARGE_INTEGER Time, + _Out_ PTIME_FIELDS TimeFields + ); + +NTSYSAPI +VOID +NTAPI +RtlTimeToTimeFields( + _In_ PLARGE_INTEGER Time, + _Out_ PTIME_FIELDS TimeFields + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlTimeFieldsToTime( + _In_ PTIME_FIELDS TimeFields, // Weekday is ignored + _Out_ PLARGE_INTEGER Time + ); + +#define SecondsToStartOf1980 11960006400 +#define SecondsToStartOf1970 11644473600 + +NTSYSAPI +BOOLEAN +NTAPI +RtlTimeToSecondsSince1980( + _In_ PLARGE_INTEGER Time, + _Out_ PULONG ElapsedSeconds + ); + +NTSYSAPI +VOID +NTAPI +RtlSecondsSince1980ToTime( + _In_ ULONG ElapsedSeconds, + _Out_ PLARGE_INTEGER Time + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlTimeToSecondsSince1970( + _In_ PLARGE_INTEGER Time, + _Out_ PULONG ElapsedSeconds + ); + +NTSYSAPI +VOID +NTAPI +RtlSecondsSince1970ToTime( + _In_ ULONG ElapsedSeconds, + _Out_ PLARGE_INTEGER Time + ); + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSAPI +LARGE_INTEGER +NTAPI +RtlGetSystemTimePrecise( + VOID + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN10_21H2) +NTSYSAPI +KSYSTEM_TIME +NTAPI +RtlGetSystemTimeAndBias( + _Out_ KSYSTEM_TIME TimeZoneBias, + _Out_opt_ PLARGE_INTEGER TimeZoneBiasEffectiveStart, + _Out_opt_ PLARGE_INTEGER TimeZoneBiasEffectiveEnd + ); +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +NTSYSAPI +LARGE_INTEGER +NTAPI +RtlGetInterruptTimePrecise( + _Out_ PLARGE_INTEGER PerformanceCounter + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSAPI +BOOLEAN +NTAPI +RtlQueryUnbiasedInterruptTime( + _Out_ PLARGE_INTEGER InterruptTime + ); +#endif + +// Time zones + +typedef struct _RTL_TIME_ZONE_INFORMATION +{ + LONG Bias; + WCHAR StandardName[32]; + TIME_FIELDS StandardStart; + LONG StandardBias; + WCHAR DaylightName[32]; + TIME_FIELDS DaylightStart; + LONG DaylightBias; +} RTL_TIME_ZONE_INFORMATION, *PRTL_TIME_ZONE_INFORMATION; + +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryTimeZoneInformation( + _Out_ PRTL_TIME_ZONE_INFORMATION TimeZoneInformation + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetTimeZoneInformation( + _In_ PRTL_TIME_ZONE_INFORMATION TimeZoneInformation + ); + +// Interlocked bit manipulation interfaces + +#define RtlInterlockedSetBits(Flags, Flag) \ + InterlockedOr((PLONG)(Flags), Flag) + +#define RtlInterlockedAndBits(Flags, Flag) \ + InterlockedAnd((PLONG)(Flags), Flag) + +#define RtlInterlockedClearBits(Flags, Flag) \ + RtlInterlockedAndBits(Flags, ~(Flag)) + +#define RtlInterlockedXorBits(Flags, Flag) \ + InterlockedXor(Flags, Flag) + +#define RtlInterlockedSetBitsDiscardReturn(Flags, Flag) \ + (VOID) RtlInterlockedSetBits(Flags, Flag) + +#define RtlInterlockedAndBitsDiscardReturn(Flags, Flag) \ + (VOID) RtlInterlockedAndBits(Flags, Flag) + +#define RtlInterlockedClearBitsDiscardReturn(Flags, Flag) \ + RtlInterlockedAndBitsDiscardReturn(Flags, ~(Flag)) + +// Bitmaps + +typedef struct _RTL_BITMAP +{ + ULONG SizeOfBitMap; + PULONG Buffer; +} RTL_BITMAP, *PRTL_BITMAP; + +NTSYSAPI +VOID +NTAPI +RtlInitializeBitMap( + _Out_ PRTL_BITMAP BitMapHeader, + _In_ PULONG BitMapBuffer, + _In_ ULONG SizeOfBitMap + ); + +#if (PHNT_MODE == PHNT_MODE_KERNEL || PHNT_VERSION >= PHNT_WIN8) +NTSYSAPI +VOID +NTAPI +RtlClearBit( + _In_ PRTL_BITMAP BitMapHeader, + _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitNumber + ); +#endif + +#if (PHNT_MODE == PHNT_MODE_KERNEL || PHNT_VERSION >= PHNT_WIN8) +NTSYSAPI +VOID +NTAPI +RtlSetBit( + _In_ PRTL_BITMAP BitMapHeader, + _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitNumber + ); +#endif + +_Check_return_ +NTSYSAPI +BOOLEAN +NTAPI +RtlTestBit( + _In_ PRTL_BITMAP BitMapHeader, + _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitNumber + ); + +NTSYSAPI +VOID +NTAPI +RtlClearAllBits( + _In_ PRTL_BITMAP BitMapHeader + ); + +NTSYSAPI +VOID +NTAPI +RtlSetAllBits( + _In_ PRTL_BITMAP BitMapHeader + ); + +_Success_(return != -1) +_Check_return_ +NTSYSAPI +ULONG +NTAPI +RtlFindClearBits( + _In_ PRTL_BITMAP BitMapHeader, + _In_ ULONG NumberToFind, + _In_ ULONG HintIndex + ); + +_Success_(return != -1) +_Check_return_ +NTSYSAPI +ULONG +NTAPI +RtlFindSetBits( + _In_ PRTL_BITMAP BitMapHeader, + _In_ ULONG NumberToFind, + _In_ ULONG HintIndex + ); + +_Success_(return != -1) +NTSYSAPI +ULONG +NTAPI +RtlFindClearBitsAndSet( + _In_ PRTL_BITMAP BitMapHeader, + _In_ ULONG NumberToFind, + _In_ ULONG HintIndex + ); + +_Success_(return != -1) +NTSYSAPI +ULONG +NTAPI +RtlFindSetBitsAndClear( + _In_ PRTL_BITMAP BitMapHeader, + _In_ ULONG NumberToFind, + _In_ ULONG HintIndex + ); + +NTSYSAPI +VOID +NTAPI +RtlClearBits( + _In_ PRTL_BITMAP BitMapHeader, + _In_range_(0, BitMapHeader->SizeOfBitMap - NumberToClear) ULONG StartingIndex, + _In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex) ULONG NumberToClear + ); + +NTSYSAPI +VOID +NTAPI +RtlSetBits( + _In_ PRTL_BITMAP BitMapHeader, + _In_range_(0, BitMapHeader->SizeOfBitMap - NumberToSet) ULONG StartingIndex, + _In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex) ULONG NumberToSet + ); + +NTSYSAPI +CCHAR +NTAPI +RtlFindMostSignificantBit( + _In_ ULONGLONG Set + ); + +NTSYSAPI +CCHAR +NTAPI +RtlFindLeastSignificantBit( + _In_ ULONGLONG Set + ); + +typedef struct _RTL_BITMAP_RUN +{ + ULONG StartingIndex; + ULONG NumberOfBits; +} RTL_BITMAP_RUN, *PRTL_BITMAP_RUN; + +NTSYSAPI +ULONG +NTAPI +RtlFindClearRuns( + _In_ PRTL_BITMAP BitMapHeader, + _Out_writes_to_(SizeOfRunArray, return) PRTL_BITMAP_RUN RunArray, + _In_range_(>, 0) ULONG SizeOfRunArray, + _In_ BOOLEAN LocateLongestRuns + ); + +NTSYSAPI +ULONG +NTAPI +RtlFindLongestRunClear( + _In_ PRTL_BITMAP BitMapHeader, + _Out_ PULONG StartingIndex + ); + +NTSYSAPI +ULONG +NTAPI +RtlFindFirstRunClear( + _In_ PRTL_BITMAP BitMapHeader, + _Out_ PULONG StartingIndex + ); + +_Check_return_ +FORCEINLINE +BOOLEAN +RtlCheckBit( + _In_ PRTL_BITMAP BitMapHeader, + _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG BitPosition + ) +{ +#ifdef _WIN64 + return BitTest64((LONG64 const *)BitMapHeader->Buffer, (LONG64)BitPosition); +#else + return (((PLONG)BitMapHeader->Buffer)[BitPosition / 32] >> (BitPosition % 32)) & 0x1; +#endif +} + +NTSYSAPI +ULONG +NTAPI +RtlNumberOfClearBits( + _In_ PRTL_BITMAP BitMapHeader + ); + +NTSYSAPI +ULONG +NTAPI +RtlNumberOfSetBits( + _In_ PRTL_BITMAP BitMapHeader + ); + +_Check_return_ +NTSYSAPI +BOOLEAN +NTAPI +RtlAreBitsClear( + _In_ PRTL_BITMAP BitMapHeader, + _In_ ULONG StartingIndex, + _In_ ULONG Length + ); + +_Check_return_ +NTSYSAPI +BOOLEAN +NTAPI +RtlAreBitsSet( + _In_ PRTL_BITMAP BitMapHeader, + _In_ ULONG StartingIndex, + _In_ ULONG Length + ); + +NTSYSAPI +ULONG +NTAPI +RtlFindNextForwardRunClear( + _In_ PRTL_BITMAP BitMapHeader, + _In_ ULONG FromIndex, + _Out_ PULONG StartingRunIndex + ); + +NTSYSAPI +ULONG +NTAPI +RtlFindLastBackwardRunClear( + _In_ PRTL_BITMAP BitMapHeader, + _In_ ULONG FromIndex, + _Out_ PULONG StartingRunIndex + ); + +#if (PHNT_VERSION >= PHNT_VISTA) + +NTSYSAPI +ULONG +NTAPI +RtlNumberOfSetBitsUlongPtr( + _In_ ULONG_PTR Target + ); + +#endif + +#if (PHNT_VERSION >= PHNT_WIN7) + +// rev +NTSYSAPI +VOID +NTAPI +RtlInterlockedClearBitRun( + _In_ PRTL_BITMAP BitMapHeader, + _In_range_(0, BitMapHeader->SizeOfBitMap - NumberToClear) ULONG StartingIndex, + _In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex) ULONG NumberToClear + ); + +// rev +NTSYSAPI +VOID +NTAPI +RtlInterlockedSetBitRun( + _In_ PRTL_BITMAP BitMapHeader, + _In_range_(0, BitMapHeader->SizeOfBitMap - NumberToSet) ULONG StartingIndex, + _In_range_(0, BitMapHeader->SizeOfBitMap - StartingIndex) ULONG NumberToSet + ); + +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) + +NTSYSAPI +VOID +NTAPI +RtlCopyBitMap( + _In_ PRTL_BITMAP Source, + _In_ PRTL_BITMAP Destination, + _In_range_(0, Destination->SizeOfBitMap - 1) ULONG TargetBit + ); + +NTSYSAPI +VOID +NTAPI +RtlExtractBitMap( + _In_ PRTL_BITMAP Source, + _In_ PRTL_BITMAP Destination, + _In_range_(0, Source->SizeOfBitMap - 1) ULONG TargetBit, + _In_range_(0, Source->SizeOfBitMap) ULONG NumberOfBits + ); + +NTSYSAPI +ULONG +NTAPI +RtlNumberOfClearBitsInRange( + _In_ PRTL_BITMAP BitMapHeader, + _In_ ULONG StartingIndex, + _In_ ULONG Length + ); + +NTSYSAPI +ULONG +NTAPI +RtlNumberOfSetBitsInRange( + _In_ PRTL_BITMAP BitMapHeader, + _In_ ULONG StartingIndex, + _In_ ULONG Length + ); + +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) + +// private +typedef struct _RTL_BITMAP_EX +{ + ULONG64 SizeOfBitMap; + PULONG64 Buffer; +} RTL_BITMAP_EX, *PRTL_BITMAP_EX; + +// rev +NTSYSAPI +VOID +NTAPI +RtlInitializeBitMapEx( + _Out_ PRTL_BITMAP_EX BitMapHeader, + _In_ PULONG64 BitMapBuffer, + _In_ ULONG64 SizeOfBitMap + ); + +// rev +_Check_return_ +NTSYSAPI +BOOLEAN +NTAPI +RtlTestBitEx( + _In_ PRTL_BITMAP_EX BitMapHeader, + _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG64 BitNumber + ); + +// rev +NTSYSAPI +VOID +NTAPI +RtlClearAllBitsEx( + _In_ PRTL_BITMAP_EX BitMapHeader + ); + +// rev +NTSYSAPI +VOID +NTAPI +RtlClearBitEx( + _In_ PRTL_BITMAP_EX BitMapHeader, + _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG64 BitNumber + ); + +// rev +NTSYSAPI +VOID +NTAPI +RtlSetBitEx( + _In_ PRTL_BITMAP_EX BitMapHeader, + _In_range_(<, BitMapHeader->SizeOfBitMap) ULONG64 BitNumber + ); + +// rev +NTSYSAPI +ULONG64 +NTAPI +RtlFindSetBitsEx( + _In_ PRTL_BITMAP_EX BitMapHeader, + _In_ ULONG64 NumberToFind, + _In_ ULONG64 HintIndex + ); + +NTSYSAPI +ULONG64 +NTAPI +RtlFindSetBitsAndClearEx( + _In_ PRTL_BITMAP_EX BitMapHeader, + _In_ ULONG64 NumberToFind, + _In_ ULONG64 HintIndex + ); + +#endif + +// Handle tables + +typedef struct _RTL_HANDLE_TABLE_ENTRY +{ + union + { + ULONG Flags; // allocated entries have the low bit set + struct _RTL_HANDLE_TABLE_ENTRY *NextFree; + }; +} RTL_HANDLE_TABLE_ENTRY, *PRTL_HANDLE_TABLE_ENTRY; + +#define RTL_HANDLE_ALLOCATED (USHORT)0x0001 + +typedef struct _RTL_HANDLE_TABLE +{ + ULONG MaximumNumberOfHandles; + ULONG SizeOfHandleTableEntry; + ULONG Reserved[2]; + PRTL_HANDLE_TABLE_ENTRY FreeHandles; + PRTL_HANDLE_TABLE_ENTRY CommittedHandles; + PRTL_HANDLE_TABLE_ENTRY UnCommittedHandles; + PRTL_HANDLE_TABLE_ENTRY MaxReservedHandles; +} RTL_HANDLE_TABLE, *PRTL_HANDLE_TABLE; + +NTSYSAPI +VOID +NTAPI +RtlInitializeHandleTable( + _In_ ULONG MaximumNumberOfHandles, + _In_ ULONG SizeOfHandleTableEntry, + _Out_ PRTL_HANDLE_TABLE HandleTable + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDestroyHandleTable( + _Inout_ PRTL_HANDLE_TABLE HandleTable + ); + +NTSYSAPI +PRTL_HANDLE_TABLE_ENTRY +NTAPI +RtlAllocateHandle( + _In_ PRTL_HANDLE_TABLE HandleTable, + _Out_opt_ PULONG HandleIndex + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlFreeHandle( + _In_ PRTL_HANDLE_TABLE HandleTable, + _In_ PRTL_HANDLE_TABLE_ENTRY Handle + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlIsValidHandle( + _In_ PRTL_HANDLE_TABLE HandleTable, + _In_ PRTL_HANDLE_TABLE_ENTRY Handle + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlIsValidIndexHandle( + _In_ PRTL_HANDLE_TABLE HandleTable, + _In_ ULONG HandleIndex, + _Out_ PRTL_HANDLE_TABLE_ENTRY *Handle + ); + +// Atom tables + +#define RTL_ATOM_MAXIMUM_INTEGER_ATOM (RTL_ATOM)0xc000 +#define RTL_ATOM_INVALID_ATOM (RTL_ATOM)0x0000 +#define RTL_ATOM_TABLE_DEFAULT_NUMBER_OF_BUCKETS 37 +#define RTL_ATOM_MAXIMUM_NAME_LENGTH 255 +#define RTL_ATOM_PINNED 0x01 + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateAtomTable( + _In_ ULONG NumberOfBuckets, + _Out_ PVOID *AtomTableHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDestroyAtomTable( + _In_ _Post_invalid_ PVOID AtomTableHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlEmptyAtomTable( + _In_ PVOID AtomTableHandle, + _In_ BOOLEAN IncludePinnedAtoms + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddAtomToAtomTable( + _In_ PVOID AtomTableHandle, + _In_ PWSTR AtomName, + _Inout_opt_ PRTL_ATOM Atom + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlLookupAtomInAtomTable( + _In_ PVOID AtomTableHandle, + _In_ PWSTR AtomName, + _Out_opt_ PRTL_ATOM Atom + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDeleteAtomFromAtomTable( + _In_ PVOID AtomTableHandle, + _In_ RTL_ATOM Atom + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlPinAtomInAtomTable( + _In_ PVOID AtomTableHandle, + _In_ RTL_ATOM Atom + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryAtomInAtomTable( + _In_ PVOID AtomTableHandle, + _In_ RTL_ATOM Atom, + _Out_opt_ PULONG AtomUsage, + _Out_opt_ PULONG AtomFlags, + _Inout_updates_bytes_to_opt_(*AtomNameLength, *AtomNameLength) PWSTR AtomName, + _Inout_opt_ PULONG AtomNameLength + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlGetIntegerAtom( + _In_ PWSTR AtomName, + _Out_opt_ PUSHORT IntegerAtom + ); +#endif + +// SIDs + +_Must_inspect_result_ +NTSYSAPI +BOOLEAN +NTAPI +RtlValidSid( + _In_ PSID Sid + ); + +_Must_inspect_result_ +NTSYSAPI +BOOLEAN +NTAPI +RtlEqualSid( + _In_ PSID Sid1, + _In_ PSID Sid2 + ); + +_Must_inspect_result_ +NTSYSAPI +BOOLEAN +NTAPI +RtlEqualPrefixSid( + _In_ PSID Sid1, + _In_ PSID Sid2 + ); + +NTSYSAPI +ULONG +NTAPI +RtlLengthRequiredSid( + _In_ ULONG SubAuthorityCount + ); + +NTSYSAPI +PVOID +NTAPI +RtlFreeSid( + _In_ _Post_invalid_ PSID Sid + ); + +_Must_inspect_result_ +NTSYSAPI +NTSTATUS +NTAPI +RtlAllocateAndInitializeSid( + _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, + _In_ UCHAR SubAuthorityCount, + _In_ ULONG SubAuthority0, + _In_ ULONG SubAuthority1, + _In_ ULONG SubAuthority2, + _In_ ULONG SubAuthority3, + _In_ ULONG SubAuthority4, + _In_ ULONG SubAuthority5, + _In_ ULONG SubAuthority6, + _In_ ULONG SubAuthority7, + _Outptr_ PSID *Sid + ); + +#if (PHNT_VERSION >= PHNT_WINBLUE) +_Must_inspect_result_ +NTSYSAPI +NTSTATUS +NTAPI +RtlAllocateAndInitializeSidEx( + _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, + _In_ UCHAR SubAuthorityCount, + _In_reads_(SubAuthorityCount) PULONG SubAuthorities, + _Outptr_ PSID *Sid + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlInitializeSid( + _Out_ PSID Sid, + _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, + _In_ UCHAR SubAuthorityCount + ); + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +NTSYSAPI +NTSTATUS +NTAPI +RtlInitializeSidEx( + _Out_writes_bytes_(SECURITY_SID_SIZE(SubAuthorityCount)) PSID Sid, + _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, + _In_ UCHAR SubAuthorityCount, + ... + ); +#endif + +NTSYSAPI +PSID_IDENTIFIER_AUTHORITY +NTAPI +RtlIdentifierAuthoritySid( + _In_ PSID Sid + ); + +NTSYSAPI +PULONG +NTAPI +RtlSubAuthoritySid( + _In_ PSID Sid, + _In_ ULONG SubAuthority + ); + +NTSYSAPI +PUCHAR +NTAPI +RtlSubAuthorityCountSid( + _In_ PSID Sid + ); + +NTSYSAPI +ULONG +NTAPI +RtlLengthSid( + _In_ PSID Sid + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCopySid( + _In_ ULONG DestinationSidLength, + _Out_writes_bytes_(DestinationSidLength) PSID DestinationSid, + _In_ PSID SourceSid + ); + +// ros +NTSYSAPI +NTSTATUS +NTAPI +RtlCopySidAndAttributesArray( + _In_ ULONG Count, + _In_ PSID_AND_ATTRIBUTES Src, + _In_ ULONG SidAreaSize, + _In_ PSID_AND_ATTRIBUTES Dest, + _In_ PSID SidArea, + _Out_ PSID *RemainingSidArea, + _Out_ PULONG RemainingSidAreaSize + ); + +#if (PHNT_VERSION >= PHNT_VISTA) + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateServiceSid( + _In_ PUNICODE_STRING ServiceName, + _Out_writes_bytes_opt_(*ServiceSidLength) PSID ServiceSid, + _Inout_ PULONG ServiceSidLength + ); + +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlSidDominates( + _In_ PSID Sid1, + _In_ PSID Sid2, + _Out_ PBOOLEAN Dominates + ); + +#endif + +#if (PHNT_VERSION >= PHNT_WINBLUE) + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlSidDominatesForTrust( + _In_ PSID Sid1, + _In_ PSID Sid2, + _Out_ PBOOLEAN DominatesTrust // TokenProcessTrustLevel + ); + +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlSidEqualLevel( + _In_ PSID Sid1, + _In_ PSID Sid2, + _Out_ PBOOLEAN EqualLevel + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlSidIsHigherLevel( + _In_ PSID Sid1, + _In_ PSID Sid2, + _Out_ PBOOLEAN HigherLevel + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateVirtualAccountSid( + _In_ PUNICODE_STRING Name, + _In_ ULONG BaseSubAuthority, + _Out_writes_bytes_(*SidLength) PSID Sid, + _Inout_ PULONG SidLength + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN7) +NTSYSAPI +NTSTATUS +NTAPI +RtlReplaceSidInSd( + _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ PSID OldSid, + _In_ PSID NewSid, + _Out_ ULONG *NumChanges + ); +#endif + +#define MAX_UNICODE_STACK_BUFFER_LENGTH 256 + +NTSYSAPI +NTSTATUS +NTAPI +RtlLengthSidAsUnicodeString( + _In_ PSID Sid, + _Out_ PULONG StringLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlConvertSidToUnicodeString( + _Inout_ PUNICODE_STRING UnicodeString, + _In_ PSID Sid, + _In_ BOOLEAN AllocateDestinationString + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlSidHashInitialize( + _In_reads_(SidCount) PSID_AND_ATTRIBUTES SidAttr, + _In_ ULONG SidCount, + _Out_ PSID_AND_ATTRIBUTES_HASH SidAttrHash + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +PSID_AND_ATTRIBUTES +NTAPI +RtlSidHashLookup( + _In_ PSID_AND_ATTRIBUTES_HASH SidAttrHash, + _In_ PSID Sid + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlIsElevatedRid( + _In_ PSID_AND_ATTRIBUTES SidAttr + ); +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlDeriveCapabilitySidsFromName( + _Inout_ PUNICODE_STRING UnicodeString, + _Out_ PSID CapabilityGroupSid, + _Out_ PSID CapabilitySid + ); +#endif + +// Security Descriptors + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateSecurityDescriptor( + _Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ ULONG Revision + ); + +_Check_return_ +NTSYSAPI +BOOLEAN +NTAPI +RtlValidSecurityDescriptor( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor + ); + +NTSYSAPI +ULONG +NTAPI +RtlLengthSecurityDescriptor( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor + ); + +_Check_return_ +NTSYSAPI +BOOLEAN +NTAPI +RtlValidRelativeSecurityDescriptor( + _In_reads_bytes_(SecurityDescriptorLength) PSECURITY_DESCRIPTOR SecurityDescriptorInput, + _In_ ULONG SecurityDescriptorLength, + _In_ SECURITY_INFORMATION RequiredInformation + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetControlSecurityDescriptor( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _Out_ PSECURITY_DESCRIPTOR_CONTROL Control, + _Out_ PULONG Revision + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetControlSecurityDescriptor( + _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, + _In_ SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetAttributesSecurityDescriptor( + _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ SECURITY_DESCRIPTOR_CONTROL Control, + _Out_ PULONG Revision + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlGetSecurityDescriptorRMControl( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _Out_ PUCHAR RMControl + ); + +NTSYSAPI +VOID +NTAPI +RtlSetSecurityDescriptorRMControl( + _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_opt_ PUCHAR RMControl + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetDaclSecurityDescriptor( + _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ BOOLEAN DaclPresent, + _In_opt_ PACL Dacl, + _In_ BOOLEAN DaclDefaulted + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetDaclSecurityDescriptor( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _Out_ PBOOLEAN DaclPresent, + _Outptr_result_maybenull_ PACL *Dacl, + _Out_ PBOOLEAN DaclDefaulted + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetSaclSecurityDescriptor( + _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ BOOLEAN SaclPresent, + _In_opt_ PACL Sacl, + _In_ BOOLEAN SaclDefaulted + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetSaclSecurityDescriptor( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _Out_ PBOOLEAN SaclPresent, + _Out_ PACL *Sacl, + _Out_ PBOOLEAN SaclDefaulted + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetOwnerSecurityDescriptor( + _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_opt_ PSID Owner, + _In_ BOOLEAN OwnerDefaulted + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetOwnerSecurityDescriptor( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _Outptr_result_maybenull_ PSID *Owner, + _Out_ PBOOLEAN OwnerDefaulted + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetGroupSecurityDescriptor( + _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_opt_ PSID Group, + _In_ BOOLEAN GroupDefaulted + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetGroupSecurityDescriptor( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _Outptr_result_maybenull_ PSID *Group, + _Out_ PBOOLEAN GroupDefaulted + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlMakeSelfRelativeSD( + _In_ PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, + _Out_writes_bytes_(*BufferLength) PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, + _Inout_ PULONG BufferLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAbsoluteToSelfRelativeSD( + _In_ PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, + _Out_writes_bytes_to_opt_(*BufferLength, *BufferLength) PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, + _Inout_ PULONG BufferLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSelfRelativeToAbsoluteSD( + _In_ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, + _Out_writes_bytes_to_opt_(*AbsoluteSecurityDescriptorSize, *AbsoluteSecurityDescriptorSize) PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, + _Inout_ PULONG AbsoluteSecurityDescriptorSize, + _Out_writes_bytes_to_opt_(*DaclSize, *DaclSize) PACL Dacl, + _Inout_ PULONG DaclSize, + _Out_writes_bytes_to_opt_(*SaclSize, *SaclSize) PACL Sacl, + _Inout_ PULONG SaclSize, + _Out_writes_bytes_to_opt_(*OwnerSize, *OwnerSize) PSID Owner, + _Inout_ PULONG OwnerSize, + _Out_writes_bytes_to_opt_(*PrimaryGroupSize, *PrimaryGroupSize) PSID PrimaryGroup, + _Inout_ PULONG PrimaryGroupSize + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlSelfRelativeToAbsoluteSD2( + _Inout_ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, + _Inout_ PULONG BufferSize + ); + +#if (PHNT_VERSION >= PHNT_19H2) +__drv_maxIRQL(APC_LEVEL) +NTSYSAPI +BOOLEAN +NTAPI +RtlNormalizeSecurityDescriptor( + _Inout_ PSECURITY_DESCRIPTOR *SecurityDescriptor, + _In_ ULONG SecurityDescriptorLength, + _Out_opt_ PSECURITY_DESCRIPTOR *NewSecurityDescriptor, + _Out_opt_ PULONG NewSecurityDescriptorLength, + _In_ BOOLEAN CheckOnly + ); +#endif + +// Access masks + +#ifndef PHNT_NO_INLINE_ACCESSES_GRANTED +FORCEINLINE +BOOLEAN +NTAPI +RtlAreAllAccessesGranted( + _In_ ACCESS_MASK GrantedAccess, + _In_ ACCESS_MASK DesiredAccess + ) +{ + return (~GrantedAccess & DesiredAccess) == 0; +} + +FORCEINLINE +BOOLEAN +NTAPI +RtlAreAnyAccessesGranted( + _In_ ACCESS_MASK GrantedAccess, + _In_ ACCESS_MASK DesiredAccess + ) +{ + return (GrantedAccess & DesiredAccess) != 0; +} +#else +NTSYSAPI +BOOLEAN +NTAPI +RtlAreAllAccessesGranted( + _In_ ACCESS_MASK GrantedAccess, + _In_ ACCESS_MASK DesiredAccess + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlAreAnyAccessesGranted( + _In_ ACCESS_MASK GrantedAccess, + _In_ ACCESS_MASK DesiredAccess + ); +#endif + +NTSYSAPI +VOID +NTAPI +RtlMapGenericMask( + _Inout_ PACCESS_MASK AccessMask, + _In_ PGENERIC_MAPPING GenericMapping + ); + +// ACLs + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateAcl( + _Out_writes_bytes_(AclLength) PACL Acl, + _In_ ULONG AclLength, + _In_ ULONG AclRevision + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlValidAcl( + _In_ PACL Acl + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryInformationAcl( + _In_ PACL Acl, + _Out_writes_bytes_(AclInformationLength) PVOID AclInformation, + _In_ ULONG AclInformationLength, + _In_ ACL_INFORMATION_CLASS AclInformationClass + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetInformationAcl( + _Inout_ PACL Acl, + _In_reads_bytes_(AclInformationLength) PVOID AclInformation, + _In_ ULONG AclInformationLength, + _In_ ACL_INFORMATION_CLASS AclInformationClass + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddAce( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ULONG StartingAceIndex, + _In_reads_bytes_(AceListLength) PVOID AceList, + _In_ ULONG AceListLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDeleteAce( + _Inout_ PACL Acl, + _In_ ULONG AceIndex + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetAce( + _In_ PACL Acl, + _In_ ULONG AceIndex, + _Outptr_ PVOID *Ace + ); + +NTSYSAPI +BOOLEAN +NTAPI +RtlFirstFreeAce( + _In_ PACL Acl, + _Out_ PVOID *FirstFree + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +PVOID +NTAPI +RtlFindAceByType( + _In_ PACL Acl, + _In_ UCHAR AceType, + _Out_opt_ PULONG Index + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +BOOLEAN +NTAPI +RtlOwnerAcesPresent( + _In_ PACL pAcl + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddAccessAllowedAce( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ACCESS_MASK AccessMask, + _In_ PSID Sid + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddAccessAllowedAceEx( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ULONG AceFlags, + _In_ ACCESS_MASK AccessMask, + _In_ PSID Sid + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddAccessDeniedAce( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ACCESS_MASK AccessMask, + _In_ PSID Sid + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddAccessDeniedAceEx( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ULONG AceFlags, + _In_ ACCESS_MASK AccessMask, + _In_ PSID Sid + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddAuditAccessAce( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ACCESS_MASK AccessMask, + _In_ PSID Sid, + _In_ BOOLEAN AuditSuccess, + _In_ BOOLEAN AuditFailure + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddAuditAccessAceEx( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ULONG AceFlags, + _In_ ACCESS_MASK AccessMask, + _In_ PSID Sid, + _In_ BOOLEAN AuditSuccess, + _In_ BOOLEAN AuditFailure + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddAccessAllowedObjectAce( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ULONG AceFlags, + _In_ ACCESS_MASK AccessMask, + _In_opt_ PGUID ObjectTypeGuid, + _In_opt_ PGUID InheritedObjectTypeGuid, + _In_ PSID Sid + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddAccessDeniedObjectAce( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ULONG AceFlags, + _In_ ACCESS_MASK AccessMask, + _In_opt_ PGUID ObjectTypeGuid, + _In_opt_ PGUID InheritedObjectTypeGuid, + _In_ PSID Sid + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddAuditAccessObjectAce( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ULONG AceFlags, + _In_ ACCESS_MASK AccessMask, + _In_opt_ PGUID ObjectTypeGuid, + _In_opt_ PGUID InheritedObjectTypeGuid, + _In_ PSID Sid, + _In_ BOOLEAN AuditSuccess, + _In_ BOOLEAN AuditFailure + ); + +// private +#define COMPOUND_ACE_IMPERSONATION 1 + +// private +typedef struct _COMPOUND_ACCESS_ALLOWED_ACE +{ + ACE_HEADER Header; + ACCESS_MASK Mask; + USHORT CompoundAceType; // COMPOUND_ACE_* + USHORT Reserved; + ULONG SidStart; // Server SID + // Client SID follows +} COMPOUND_ACCESS_ALLOWED_ACE, *PCOMPOUND_ACCESS_ALLOWED_ACE; + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddCompoundAce( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ UCHAR AceType, // COMPOUND_ACE_* + _In_ ACCESS_MASK AccessMask, + _In_ PSID ServerSid, + _In_ PSID ClientSid + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlAddMandatoryAce( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ULONG AceFlags, + _In_ PSID Sid, + _In_ UCHAR AceType, + _In_ ACCESS_MASK AccessMask + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSAPI +NTSTATUS +NTAPI +RtlAddResourceAttributeAce( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ULONG AceFlags, + _In_ ULONG AccessMask, + _In_ PSID Sid, + _In_ PCLAIM_SECURITY_ATTRIBUTES_INFORMATION AttributeInfo, + _Out_ PULONG ReturnLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddScopedPolicyIDAce( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ULONG AceFlags, + _In_ ULONG AccessMask, + _In_ PSID Sid + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlAddProcessTrustLabelAce( + _Inout_ PACL Acl, + _In_ ULONG AceRevision, + _In_ ULONG AceFlags, + _In_ PSID ProcessTrustLabelSid, + _In_ UCHAR AceType, // SYSTEM_PROCESS_TRUST_LABEL_ACE_TYPE + _In_ ACCESS_MASK AccessMask + ); +#endif + +// Named pipes + +NTSYSAPI +NTSTATUS +NTAPI +RtlDefaultNpAcl( + _Out_ PACL *Acl + ); + +// Security objects + +NTSYSAPI +NTSTATUS +NTAPI +RtlNewSecurityObject( + _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, + _In_opt_ PSECURITY_DESCRIPTOR CreatorDescriptor, + _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, + _In_ BOOLEAN IsDirectoryObject, + _In_opt_ HANDLE Token, + _In_ PGENERIC_MAPPING GenericMapping + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlNewSecurityObjectEx( + _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, + _In_opt_ PSECURITY_DESCRIPTOR CreatorDescriptor, + _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, + _In_opt_ GUID *ObjectType, + _In_ BOOLEAN IsDirectoryObject, + _In_ ULONG AutoInheritFlags, // SEF_* + _In_opt_ HANDLE Token, + _In_ PGENERIC_MAPPING GenericMapping + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlNewSecurityObjectWithMultipleInheritance( + _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, + _In_opt_ PSECURITY_DESCRIPTOR CreatorDescriptor, + _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, + _In_opt_ GUID **ObjectType, + _In_ ULONG GuidCount, + _In_ BOOLEAN IsDirectoryObject, + _In_ ULONG AutoInheritFlags, // SEF_* + _In_opt_ HANDLE Token, + _In_ PGENERIC_MAPPING GenericMapping + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDeleteSecurityObject( + _Inout_ PSECURITY_DESCRIPTOR *ObjectDescriptor + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlQuerySecurityObject( + _In_ PSECURITY_DESCRIPTOR ObjectDescriptor, + _In_ SECURITY_INFORMATION SecurityInformation, + _Out_opt_ PSECURITY_DESCRIPTOR ResultantDescriptor, + _In_ ULONG DescriptorLength, + _Out_ PULONG ReturnLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetSecurityObject( + _In_ SECURITY_INFORMATION SecurityInformation, + _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, + _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, + _In_ PGENERIC_MAPPING GenericMapping, + _In_opt_ HANDLE TokenHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetSecurityObjectEx( + _In_ SECURITY_INFORMATION SecurityInformation, + _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, + _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, + _In_ ULONG AutoInheritFlags, // SEF_* + _In_ PGENERIC_MAPPING GenericMapping, + _In_opt_ HANDLE TokenHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlConvertToAutoInheritSecurityObject( + _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, + _In_ PSECURITY_DESCRIPTOR CurrentSecurityDescriptor, + _Out_ PSECURITY_DESCRIPTOR *NewSecurityDescriptor, + _In_opt_ GUID *ObjectType, + _In_ BOOLEAN IsDirectoryObject, + _In_ PGENERIC_MAPPING GenericMapping + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlNewInstanceSecurityObject( + _In_ BOOLEAN ParentDescriptorChanged, + _In_ BOOLEAN CreatorDescriptorChanged, + _In_ PLUID OldClientTokenModifiedId, + _Out_ PLUID NewClientTokenModifiedId, + _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, + _In_opt_ PSECURITY_DESCRIPTOR CreatorDescriptor, + _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, + _In_ BOOLEAN IsDirectoryObject, + _In_ HANDLE TokenHandle, + _In_ PGENERIC_MAPPING GenericMapping + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCopySecurityDescriptor( + _In_ PSECURITY_DESCRIPTOR InputSecurityDescriptor, + _Out_ PSECURITY_DESCRIPTOR *OutputSecurityDescriptor + ); + +// private +typedef struct _RTL_ACE_DATA +{ + UCHAR AceType; + UCHAR InheritFlags; + UCHAR AceFlags; + ACCESS_MASK AccessMask; + PSID* Sid; +} RTL_ACE_DATA, *PRTL_ACE_DATA; + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateUserSecurityObject( + _In_ PRTL_ACE_DATA AceData, + _In_ ULONG AceCount, + _In_ PSID OwnerSid, + _In_ PSID GroupSid, + _In_ BOOLEAN IsDirectoryObject, + _In_ PGENERIC_MAPPING GenericMapping, + _Out_ PSECURITY_DESCRIPTOR* NewSecurityDescriptor + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateAndSetSD( + _In_ PRTL_ACE_DATA AceData, + _In_ ULONG AceCount, + _In_opt_ PSID OwnerSid, + _In_opt_ PSID GroupSid, + _Out_ PSECURITY_DESCRIPTOR* NewSecurityDescriptor + ); + +// Misc. security + +NTSYSAPI +VOID +NTAPI +RtlRunEncodeUnicodeString( + _Inout_ PUCHAR Seed, + _Inout_ PUNICODE_STRING String + ); + +NTSYSAPI +VOID +NTAPI +RtlRunDecodeUnicodeString( + _In_ UCHAR Seed, + _Inout_ PUNICODE_STRING String + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlImpersonateSelf( + _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlImpersonateSelfEx( + _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, + _In_opt_ ACCESS_MASK AdditionalAccess, + _Out_opt_ PHANDLE ThreadToken + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlAdjustPrivilege( + _In_ ULONG Privilege, + _In_ BOOLEAN Enable, + _In_ BOOLEAN Client, + _Out_ PBOOLEAN WasEnabled + ); + +#define RTL_ACQUIRE_PRIVILEGE_REVERT 0x00000001 +#define RTL_ACQUIRE_PRIVILEGE_PROCESS 0x00000002 + +NTSYSAPI +NTSTATUS +NTAPI +RtlAcquirePrivilege( + _In_ PULONG Privilege, + _In_ ULONG NumPriv, + _In_ ULONG Flags, + _Out_ PVOID *ReturnedState + ); + +NTSYSAPI +VOID +NTAPI +RtlReleasePrivilege( + _In_ PVOID StatePointer + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlRemovePrivileges( + _In_ HANDLE TokenHandle, + _In_ PULONG PrivilegesToKeep, + _In_ ULONG PrivilegeCount + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlIsUntrustedObject( + _In_opt_ HANDLE Handle, + _In_opt_ PVOID Object, + _Out_ PBOOLEAN IsUntrustedObject + ); + +NTSYSAPI +ULONG +NTAPI +RtlQueryValidationRunlevel( + _In_opt_ PUNICODE_STRING ComponentName + ); + +#endif + +// Private namespaces + +#if (PHNT_VERSION >= PHNT_VISTA) + +// rev +#define BOUNDARY_DESCRIPTOR_ADD_APPCONTAINER_SID 0x0001 + +// begin_private + +_Ret_maybenull_ +_Success_(return != NULL) +NTSYSAPI +POBJECT_BOUNDARY_DESCRIPTOR +NTAPI +RtlCreateBoundaryDescriptor( + _In_ PUNICODE_STRING Name, + _In_ ULONG Flags + ); + +NTSYSAPI +VOID +NTAPI +RtlDeleteBoundaryDescriptor( + _In_ _Post_invalid_ POBJECT_BOUNDARY_DESCRIPTOR BoundaryDescriptor + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAddSIDToBoundaryDescriptor( + _Inout_ POBJECT_BOUNDARY_DESCRIPTOR *BoundaryDescriptor, + _In_ PSID RequiredSid + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlAddIntegrityLabelToBoundaryDescriptor( + _Inout_ POBJECT_BOUNDARY_DESCRIPTOR *BoundaryDescriptor, + _In_ PSID IntegrityLabel + ); +#endif + +// end_private + +#endif + +// Version + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetVersion( + _Out_ PRTL_OSVERSIONINFOEXW VersionInformation // PRTL_OSVERSIONINFOW + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlVerifyVersionInfo( + _In_ PRTL_OSVERSIONINFOEXW VersionInformation, // PRTL_OSVERSIONINFOW + _In_ ULONG TypeMask, + _In_ ULONGLONG ConditionMask + ); + +// rev +NTSYSAPI +VOID +NTAPI +RtlGetNtVersionNumbers( + _Out_opt_ PULONG NtMajorVersion, + _Out_opt_ PULONG NtMinorVersion, + _Out_opt_ PULONG NtBuildNumber + ); + +// System information + +// rev +NTSYSAPI +ULONG +NTAPI +RtlGetNtGlobalFlags( + VOID + ); + +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlGetNtProductType( + _Out_ PNT_PRODUCT_TYPE NtProductType + ); + +#if (PHNT_VERSION >= PHNT_REDSTONE) +// private +NTSYSAPI +ULONG +NTAPI +RtlGetSuiteMask( + VOID + ); +#endif + +// Thread pool (old) + +NTSYSAPI +NTSTATUS +NTAPI +RtlRegisterWait( + _Out_ PHANDLE WaitHandle, + _In_ HANDLE Handle, + _In_ WAITORTIMERCALLBACKFUNC Function, + _In_opt_ PVOID Context, + _In_ ULONG Milliseconds, + _In_ ULONG Flags + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDeregisterWait( + _In_ HANDLE WaitHandle + ); + +#define RTL_WAITER_DEREGISTER_WAIT_FOR_COMPLETION ((HANDLE)(LONG_PTR)-1) + +NTSYSAPI +NTSTATUS +NTAPI +RtlDeregisterWaitEx( + _In_ HANDLE WaitHandle, + _In_opt_ HANDLE CompletionEvent // optional: RTL_WAITER_DEREGISTER_WAIT_FOR_COMPLETION + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlQueueWorkItem( + _In_ WORKERCALLBACKFUNC Function, + _In_opt_ PVOID Context, + _In_ ULONG Flags + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetIoCompletionCallback( + _In_ HANDLE FileHandle, + _In_ APC_CALLBACK_FUNCTION CompletionProc, + _In_ ULONG Flags + ); + +_Function_class_(RTL_START_POOL_THREAD) +typedef NTSTATUS (NTAPI RTL_START_POOL_THREAD)( + _In_ PTHREAD_START_ROUTINE Function, + _In_ PVOID Parameter, + _Out_ PHANDLE ThreadHandle + ); +typedef RTL_START_POOL_THREAD *PRTL_START_POOL_THREAD; + +_Function_class_(RTL_EXIT_POOL_THREAD) +typedef NTSTATUS (NTAPI RTL_EXIT_POOL_THREAD)( + _In_ NTSTATUS ExitStatus + ); +typedef RTL_EXIT_POOL_THREAD *PRTL_EXIT_POOL_THREAD; + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetThreadPoolStartFunc( + _In_ PRTL_START_POOL_THREAD StartPoolThread, + _In_ PRTL_EXIT_POOL_THREAD ExitPoolThread + ); + +NTSYSAPI +VOID +NTAPI +RtlUserThreadStart( + _In_ PTHREAD_START_ROUTINE Function, + _In_ PVOID Parameter + ); + +NTSYSAPI +VOID +NTAPI +LdrInitializeThunk( + _In_ PCONTEXT ContextRecord, + _In_ PVOID Parameter + ); + +// Thread execution + +NTSYSCALLAPI +NTSTATUS +NTAPI +RtlDelayExecution( + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER DelayInterval + ); + +// Timer support + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateTimerQueue( + _Out_ PHANDLE TimerQueueHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateTimer( + _In_ HANDLE TimerQueueHandle, + _Out_ PHANDLE Handle, + _In_ WAITORTIMERCALLBACKFUNC Function, + _In_opt_ PVOID Context, + _In_ ULONG DueTime, + _In_ ULONG Period, + _In_ ULONG Flags + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetTimer( + _In_ HANDLE TimerQueueHandle, + _Out_ PHANDLE Handle, + _In_ WAITORTIMERCALLBACKFUNC Function, + _In_opt_ PVOID Context, + _In_ ULONG DueTime, + _In_ ULONG Period, + _In_ ULONG Flags + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUpdateTimer( + _In_ HANDLE TimerQueueHandle, + _In_ HANDLE TimerHandle, + _In_ ULONG DueTime, + _In_ ULONG Period + ); + +#define RTL_TIMER_DELETE_WAIT_FOR_COMPLETION ((HANDLE)(LONG_PTR)-1) + +NTSYSAPI +NTSTATUS +NTAPI +RtlDeleteTimer( + _In_ HANDLE TimerQueueHandle, + _In_ HANDLE TimerToCancel, + _In_opt_ HANDLE Event // optional: RTL_TIMER_DELETE_WAIT_FOR_COMPLETION + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDeleteTimerQueue( + _In_ HANDLE TimerQueueHandle + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDeleteTimerQueueEx( + _In_ HANDLE TimerQueueHandle, + _In_opt_ HANDLE Event + ); + +// Registry access + +NTSYSAPI +NTSTATUS +NTAPI +RtlFormatCurrentUserKeyPath( + _Out_ PUNICODE_STRING CurrentUserKeyPath + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlOpenCurrentUser( + _In_ ACCESS_MASK DesiredAccess, + _Out_ PHANDLE CurrentUserKey + ); + +#define RTL_REGISTRY_ABSOLUTE 0 +#define RTL_REGISTRY_SERVICES 1 // \Registry\Machine\System\CurrentControlSet\Services +#define RTL_REGISTRY_CONTROL 2 // \Registry\Machine\System\CurrentControlSet\Control +#define RTL_REGISTRY_WINDOWS_NT 3 // \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion +#define RTL_REGISTRY_DEVICEMAP 4 // \Registry\Machine\Hardware\DeviceMap +#define RTL_REGISTRY_USER 5 // \Registry\User\CurrentUser +#define RTL_REGISTRY_MAXIMUM 6 +#define RTL_REGISTRY_HANDLE 0x40000000 +#define RTL_REGISTRY_OPTIONAL 0x80000000 + +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateRegistryKey( + _In_ ULONG RelativeTo, + _In_ PWSTR Path + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCheckRegistryKey( + _In_ ULONG RelativeTo, + _In_ PWSTR Path + ); + +_Function_class_(RTL_QUERY_REGISTRY_ROUTINE) +typedef NTSTATUS (NTAPI RTL_QUERY_REGISTRY_ROUTINE)( + _In_ PWSTR ValueName, + _In_ ULONG ValueType, + _In_ PVOID ValueData, + _In_ ULONG ValueLength, + _In_opt_ PVOID Context, + _In_opt_ PVOID EntryContext + ); +typedef RTL_QUERY_REGISTRY_ROUTINE *PRTL_QUERY_REGISTRY_ROUTINE; + +typedef struct _RTL_QUERY_REGISTRY_TABLE +{ + PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine; + ULONG Flags; + PWSTR Name; + PVOID EntryContext; + ULONG DefaultType; + PVOID DefaultData; + ULONG DefaultLength; +} RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE; + +#define RTL_QUERY_REGISTRY_SUBKEY 0x00000001 +#define RTL_QUERY_REGISTRY_TOPKEY 0x00000002 +#define RTL_QUERY_REGISTRY_REQUIRED 0x00000004 +#define RTL_QUERY_REGISTRY_NOVALUE 0x00000008 +#define RTL_QUERY_REGISTRY_NOEXPAND 0x00000010 +#define RTL_QUERY_REGISTRY_DIRECT 0x00000020 +#define RTL_QUERY_REGISTRY_DELETE 0x00000040 + +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryRegistryValues( + _In_ ULONG RelativeTo, + _In_ PCWSTR Path, + _Inout_ _At_(*(*QueryTable).EntryContext, _Pre_unknown_) PRTL_QUERY_REGISTRY_TABLE QueryTable, + _In_opt_ PVOID Context, + _In_opt_ PVOID Environment + ); + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryRegistryValuesEx( + _In_ ULONG RelativeTo, + _In_ PCWSTR Path, + _Inout_ _At_(*(*QueryTable).EntryContext, _Pre_unknown_) PRTL_QUERY_REGISTRY_TABLE QueryTable, + _In_opt_ PVOID Context, + _In_opt_ PVOID Environment + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE4) +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryRegistryValueWithFallback( + _In_opt_ HANDLE PrimaryHandle, + _In_opt_ HANDLE FallbackHandle, + _In_ PUNICODE_STRING ValueName, + _In_ ULONG ValueLength, + _Out_opt_ PULONG ValueType, + _Out_writes_bytes_to_(ValueLength, *ResultLength) PVOID ValueData, + _Out_range_(<= , ValueLength) PULONG ResultLength + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlWriteRegistryValue( + _In_ ULONG RelativeTo, + _In_ PCWSTR Path, + _In_ PCWSTR ValueName, + _In_ ULONG ValueType, + _In_ PVOID ValueData, + _In_ ULONG ValueLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDeleteRegistryValue( + _In_ ULONG RelativeTo, + _In_ PCWSTR Path, + _In_ PCWSTR ValueName + ); + +// Thread profiling + +#if (PHNT_VERSION >= PHNT_WIN7) + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlEnableThreadProfiling( + _In_ HANDLE ThreadHandle, + _In_ ULONG Flags, + _In_ ULONG64 HardwareCounters, + _Out_ PVOID *PerformanceDataHandle + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlDisableThreadProfiling( + _In_ PVOID PerformanceDataHandle + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryThreadProfiling( + _In_ HANDLE ThreadHandle, + _Out_ PBOOLEAN Enabled + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlReadThreadProfilingData( + _In_ HANDLE PerformanceDataHandle, + _In_ ULONG Flags, + _Out_ PPERFORMANCE_DATA PerformanceData + ); + +#endif + +// WOW64 + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetNativeSystemInformation( + _In_ ULONG SystemInformationClass, + _In_ PVOID NativeSystemInformation, + _In_ ULONG InformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlQueueApcWow64Thread( + _In_ HANDLE ThreadHandle, + _In_ PPS_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcArgument1, + _In_opt_ PVOID ApcArgument2, + _In_opt_ PVOID ApcArgument3 + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlWow64EnableFsRedirection( + _In_ BOOLEAN Wow64FsEnableRedirection + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlWow64EnableFsRedirectionEx( + _In_ PVOID Wow64FsEnableRedirection, + _Out_ PVOID *OldFsRedirectionLevel + ); + +// Misc. + +NTSYSAPI +ULONG32 +NTAPI +RtlComputeCrc32( + _In_ ULONG32 PartialCrc, + _In_ PVOID Buffer, + _In_ ULONG Length + ); + +NTSYSAPI +PVOID +NTAPI +RtlEncodePointer( + _In_ PVOID Ptr + ); + +NTSYSAPI +PVOID +NTAPI +RtlDecodePointer( + _In_ PVOID Ptr + ); + +NTSYSAPI +PVOID +NTAPI +RtlEncodeSystemPointer( + _In_ PVOID Ptr + ); + +NTSYSAPI +PVOID +NTAPI +RtlDecodeSystemPointer( + _In_ PVOID Ptr + ); + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlEncodeRemotePointer( + _In_ HANDLE ProcessHandle, + _In_ PVOID Pointer, + _Out_ PVOID *EncodedPointer + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlDecodeRemotePointer( + _In_ HANDLE ProcessHandle, + _In_ PVOID Pointer, + _Out_ PVOID *DecodedPointer + ); +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) + +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlIsProcessorFeaturePresent( + _In_ ULONG ProcessorFeature + ); + +#endif + +// rev +NTSYSAPI +ULONG +NTAPI +RtlGetCurrentProcessorNumber( + VOID + ); + +#if (PHNT_VERSION >= PHNT_WIN7) + +// rev +NTSYSAPI +VOID +NTAPI +RtlGetCurrentProcessorNumberEx( + _Out_ PPROCESSOR_NUMBER ProcessorNumber + ); + +#endif + +// Stack support + +NTSYSAPI +VOID +NTAPI +RtlPushFrame( + _In_ PTEB_ACTIVE_FRAME Frame + ); + +NTSYSAPI +VOID +NTAPI +RtlPopFrame( + _In_ PTEB_ACTIVE_FRAME Frame + ); + +NTSYSAPI +PTEB_ACTIVE_FRAME +NTAPI +RtlGetFrame( + VOID + ); + +#define RTL_WALK_USER_MODE_STACK 0x00000001 +#define RTL_WALK_VALID_FLAGS 0x00000001 +#define RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT 0x00000008 + +// private +NTSYSAPI +ULONG +NTAPI +RtlWalkFrameChain( + _Out_writes_(Count - (Flags >> RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT)) PVOID *Callers, + _In_ ULONG Count, + _In_ ULONG Flags + ); + +// rev +NTSYSAPI +VOID +NTAPI +RtlGetCallersAddress( // Use the intrinsic _ReturnAddress instead. + _Out_ PVOID *CallersAddress, + _Out_ PVOID *CallersCaller + ); + +#if (PHNT_VERSION >= PHNT_WIN7) + +NTSYSAPI +ULONG64 +NTAPI +RtlGetEnabledExtendedFeatures( + _In_ ULONG64 FeatureMask + ); + +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE4) + +// msdn +NTSYSAPI +ULONG64 +NTAPI +RtlGetEnabledExtendedAndSupervisorFeatures( + _In_ ULONG64 FeatureMask + ); + +// msdn +_Ret_maybenull_ +_Success_(return != NULL) +NTSYSAPI +PVOID +NTAPI +RtlLocateSupervisorFeature( + _In_ PXSAVE_AREA_HEADER XStateHeader, + _In_range_(XSTATE_AVX, MAXIMUM_XSTATE_FEATURES - 1) ULONG FeatureId, + _Out_opt_ PULONG Length + ); + +#endif + +// private +typedef union _RTL_ELEVATION_FLAGS +{ + ULONG Flags; + struct + { + ULONG ElevationEnabled : 1; + ULONG VirtualizationEnabled : 1; + ULONG InstallerDetectEnabled : 1; + ULONG ReservedBits : 29; + }; +} RTL_ELEVATION_FLAGS, *PRTL_ELEVATION_FLAGS; + +#if (PHNT_VERSION >= PHNT_VISTA) + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryElevationFlags( + _Out_ PRTL_ELEVATION_FLAGS Flags + ); + +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlRegisterThreadWithCsrss( + VOID + ); + +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlLockCurrentThread( + VOID + ); + +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlUnlockCurrentThread( + VOID + ); + +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlLockModuleSection( + _In_ PVOID Address + ); + +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlUnlockModuleSection( + _In_ PVOID Address + ); + +#endif + +// begin_msdn:"Winternl" + +#define RTL_UNLOAD_EVENT_TRACE_NUMBER 64 + +// private +typedef struct _RTL_UNLOAD_EVENT_TRACE +{ + PVOID BaseAddress; + SIZE_T SizeOfImage; + ULONG Sequence; + ULONG TimeDateStamp; + ULONG CheckSum; + WCHAR ImageName[32]; + ULONG Version[2]; +} RTL_UNLOAD_EVENT_TRACE, *PRTL_UNLOAD_EVENT_TRACE; + +typedef struct _RTL_UNLOAD_EVENT_TRACE32 +{ + ULONG BaseAddress; + ULONG SizeOfImage; + ULONG Sequence; + ULONG TimeDateStamp; + ULONG CheckSum; + WCHAR ImageName[32]; + ULONG Version[2]; +} RTL_UNLOAD_EVENT_TRACE32, *PRTL_UNLOAD_EVENT_TRACE32; + +NTSYSAPI +PRTL_UNLOAD_EVENT_TRACE +NTAPI +RtlGetUnloadEventTrace( + VOID + ); + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSAPI +VOID +NTAPI +RtlGetUnloadEventTraceEx( + _Out_ PULONG *ElementSize, + _Out_ PULONG *ElementCount, + _Out_ PVOID *EventTrace // works across all processes + ); +#endif + +// end_msdn + +#if (PHNT_VERSION >= PHNT_WIN7) +// rev +NTSYSAPI +LOGICAL +NTAPI +RtlQueryPerformanceCounter( + _Out_ PLARGE_INTEGER PerformanceCounter + ); + +// rev +NTSYSAPI +LOGICAL +NTAPI +RtlQueryPerformanceFrequency( + _Out_ PLARGE_INTEGER PerformanceFrequency + ); +#endif + +// Image Mitigation + +// rev +typedef enum _IMAGE_MITIGATION_POLICY +{ + ImageDepPolicy, // RTL_IMAGE_MITIGATION_DEP_POLICY + ImageAslrPolicy, // RTL_IMAGE_MITIGATION_ASLR_POLICY + ImageDynamicCodePolicy, // RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY + ImageStrictHandleCheckPolicy, // RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY + ImageSystemCallDisablePolicy, // RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY + ImageMitigationOptionsMask, + ImageExtensionPointDisablePolicy, // RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY + ImageControlFlowGuardPolicy, // RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY + ImageSignaturePolicy, // RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY + ImageFontDisablePolicy, // RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY + ImageImageLoadPolicy, // RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY + ImagePayloadRestrictionPolicy, // RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY + ImageChildProcessPolicy, // RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY + ImageSehopPolicy, // RTL_IMAGE_MITIGATION_SEHOP_POLICY + ImageHeapPolicy, // RTL_IMAGE_MITIGATION_HEAP_POLICY + ImageUserShadowStackPolicy, // RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY + ImageRedirectionTrustPolicy, // RTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY + ImageUserPointerAuthPolicy, // RTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY + MaxImageMitigationPolicy +} IMAGE_MITIGATION_POLICY; + +// rev +typedef union _RTL_IMAGE_MITIGATION_POLICY +{ + struct + { + ULONG64 AuditState : 2; + ULONG64 AuditFlag : 1; + ULONG64 EnableAdditionalAuditingOption : 1; + ULONG64 Reserved : 60; + }; + struct + { + ULONG64 PolicyState : 2; + ULONG64 AlwaysInherit : 1; + ULONG64 EnableAdditionalPolicyOption : 1; + ULONG64 AuditReserved : 60; + }; +} RTL_IMAGE_MITIGATION_POLICY, *PRTL_IMAGE_MITIGATION_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_DEP_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY Dep; +} RTL_IMAGE_MITIGATION_DEP_POLICY, *PRTL_IMAGE_MITIGATION_DEP_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_ASLR_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY ForceRelocateImages; + RTL_IMAGE_MITIGATION_POLICY BottomUpRandomization; + RTL_IMAGE_MITIGATION_POLICY HighEntropyRandomization; +} RTL_IMAGE_MITIGATION_ASLR_POLICY, *PRTL_IMAGE_MITIGATION_ASLR_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY BlockDynamicCode; +} RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY, *PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY StrictHandleChecks; +} RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY, *PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY BlockWin32kSystemCalls; +} RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY DisableExtensionPoints; +} RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY ControlFlowGuard; + RTL_IMAGE_MITIGATION_POLICY StrictControlFlowGuard; +} RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY, *PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY BlockNonMicrosoftSignedBinaries; + RTL_IMAGE_MITIGATION_POLICY EnforceSigningOnModuleDependencies; +} RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY, *PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY DisableNonSystemFonts; +} RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY BlockRemoteImageLoads; + RTL_IMAGE_MITIGATION_POLICY BlockLowLabelImageLoads; + RTL_IMAGE_MITIGATION_POLICY PreferSystem32; +} RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY, *PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY EnableExportAddressFilter; + RTL_IMAGE_MITIGATION_POLICY EnableExportAddressFilterPlus; + RTL_IMAGE_MITIGATION_POLICY EnableImportAddressFilter; + RTL_IMAGE_MITIGATION_POLICY EnableRopStackPivot; + RTL_IMAGE_MITIGATION_POLICY EnableRopCallerCheck; + RTL_IMAGE_MITIGATION_POLICY EnableRopSimExec; + WCHAR EafPlusModuleList[512]; // 19H1 +} RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY, *PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY DisallowChildProcessCreation; +} RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY, *PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_SEHOP_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY Sehop; +} RTL_IMAGE_MITIGATION_SEHOP_POLICY, *PRTL_IMAGE_MITIGATION_SEHOP_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_HEAP_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY TerminateOnHeapErrors; +} RTL_IMAGE_MITIGATION_HEAP_POLICY, *PRTL_IMAGE_MITIGATION_HEAP_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY UserShadowStack; + RTL_IMAGE_MITIGATION_POLICY SetContextIpValidation; + RTL_IMAGE_MITIGATION_POLICY BlockNonCetBinaries; +} RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY, *PRTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY BlockUntrustedRedirections; +} RTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY, *PRTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY; + +// rev +typedef struct _RTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY +{ + RTL_IMAGE_MITIGATION_POLICY PointerAuthUserIp; +} RTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY, *PRTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY; + +// rev +typedef enum _RTL_IMAGE_MITIGATION_OPTION_STATE +{ + RtlMitigationOptionStateNotConfigured, + RtlMitigationOptionStateOn, + RtlMitigationOptionStateOff, + RtlMitigationOptionStateForce, + RtlMitigationOptionStateOption +} RTL_IMAGE_MITIGATION_OPTION_STATE; + +#define RTL_IMAGE_MITIGATION_OPTION_STATEMASK 3UL +#define RTL_IMAGE_MITIGATION_OPTION_FORCEMASK 4UL +#define RTL_IMAGE_MITIGATION_OPTION_OPTIONMASK 8UL + +// rev from PROCESS_MITIGATION_FLAGS +#define RTL_IMAGE_MITIGATION_FLAG_RESET 0x1 +#define RTL_IMAGE_MITIGATION_FLAG_REMOVE 0x2 +#define RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT 0x4 +#define RTL_IMAGE_MITIGATION_FLAG_AUDIT 0x8 + +#if (PHNT_VERSION >= PHNT_REDSTONE3) + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryImageMitigationPolicy( + _In_opt_ PWSTR ImagePath, // NULL for system-wide defaults + _In_ IMAGE_MITIGATION_POLICY Policy, + _In_ ULONG Flags, + _Inout_ PVOID Buffer, + _In_ ULONG BufferSize + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlSetImageMitigationPolicy( + _In_opt_ PWSTR ImagePath, // NULL for system-wide defaults + _In_ IMAGE_MITIGATION_POLICY Policy, + _In_ ULONG Flags, + _Inout_ PVOID Buffer, + _In_ ULONG BufferSize + ); + +#endif + +// session + +// rev +NTSYSAPI +ULONG +NTAPI +RtlGetCurrentServiceSessionId( + VOID + ); + +// private +NTSYSAPI +ULONG +NTAPI +RtlGetActiveConsoleId( + VOID + ); + +#if (PHNT_VERSION >= PHNT_REDSTONE) +// private +NTSYSAPI +ULONGLONG +NTAPI +RtlGetConsoleSessionForegroundProcessId( + VOID + ); +#endif + +// Appcontainer + +#if (PHNT_VERSION >= PHNT_REDSTONE2) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlGetTokenNamedObjectPath( + _In_ HANDLE TokenHandle, + _In_opt_ PSID Sid, + _Out_ PUNICODE_STRING ObjectPath // RtlFreeUnicodeString + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlGetAppContainerNamedObjectPath( + _In_opt_ HANDLE TokenHandle, + _In_opt_ PSID AppContainerSid, + _In_ BOOLEAN RelativePath, + _Out_ PUNICODE_STRING ObjectPath // RtlFreeUnicodeString + ); +#endif + +#if (PHNT_VERSION >= PHNT_WINBLUE) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlGetAppContainerParent( + _In_ PSID AppContainerSid, + _Out_ PSID* AppContainerSidParent // RtlFreeSid + ); +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlCheckSandboxedToken( + _In_opt_ HANDLE TokenHandle, + _Out_ PBOOLEAN IsSandboxed + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlCheckTokenCapability( + _In_opt_ HANDLE TokenHandle, + _In_ PSID CapabilitySidToCheck, + _Out_ PBOOLEAN HasCapability + ); +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlCapabilityCheck( + _In_opt_ HANDLE TokenHandle, + _In_ PUNICODE_STRING CapabilityName, + _Out_ PBOOLEAN HasCapability + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlCheckTokenMembership( + _In_opt_ HANDLE TokenHandle, + _In_ PSID SidToCheck, + _Out_ PBOOLEAN IsMember + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlCheckTokenMembershipEx( + _In_opt_ HANDLE TokenHandle, + _In_ PSID SidToCheck, + _In_ ULONG Flags, // CTMF_VALID_FLAGS + _Out_ PBOOLEAN IsMember + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE4) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryTokenHostIdAsUlong64( + _In_ HANDLE TokenHandle, + _Out_ PULONG64 HostId // (WIN://PKGHOSTID) + ); +#endif + +#if (PHNT_VERSION >= PHNT_WINBLUE) +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlIsParentOfChildAppContainer( + _In_ PSID ParentAppContainerSid, + _In_ PSID ChildAppContainerSid + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN11) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlIsApiSetImplemented( + _In_ PCSTR ApiSetName + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlIsCapabilitySid( + _In_ PSID Sid + ); + +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlIsPackageSid( + _In_ PSID Sid + ); +#endif + +#if (PHNT_VERSION >= PHNT_WINBLUE) +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlIsValidProcessTrustLabelSid( + _In_ PSID Sid + ); +#endif + +typedef enum _APPCONTAINER_SID_TYPE +{ + NotAppContainerSidType, + ChildAppContainerSidType, + ParentAppContainerSidType, + InvalidAppContainerSidType, + MaxAppContainerSidType +} APPCONTAINER_SID_TYPE, *PAPPCONTAINER_SID_TYPE; + +#if (PHNT_VERSION >= PHNT_WINBLUE) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlGetAppContainerSidType( + _In_ PSID AppContainerSid, + _Out_ PAPPCONTAINER_SID_TYPE AppContainerSidType + ); +#endif + +NTSYSAPI +NTSTATUS +NTAPI +RtlFlsAlloc( + _In_ PFLS_CALLBACK_FUNCTION Callback, + _Out_ PULONG FlsIndex + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlFlsFree( + _In_ ULONG FlsIndex + ); + +#if (PHNT_VERSION >= PHNT_20H1) +NTSYSAPI +NTSTATUS +NTAPI +RtlFlsGetValue( + _In_ ULONG FlsIndex, + _Out_ PVOID* FlsData + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlFlsSetValue( + _In_ ULONG FlsIndex, + _In_ PVOID FlsData + ); +#endif + +// State isolation + +typedef enum _STATE_LOCATION_TYPE +{ + LocationTypeRegistry, + LocationTypeFileSystem, + LocationTypeMaximum +} STATE_LOCATION_TYPE; + +#if (PHNT_VERSION >= PHNT_REDSTONE3) +// private +NTSYSAPI +BOOLEAN +NTAPI +RtlIsStateSeparationEnabled( + VOID + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +RtlGetPersistedStateLocation( + _In_ PCWSTR SourceID, + _In_opt_ PCWSTR CustomValue, + _In_opt_ PCWSTR DefaultPath, + _In_ STATE_LOCATION_TYPE StateLocationType, + _Out_writes_bytes_to_opt_(BufferLengthIn, *BufferLengthOut) PWCHAR TargetPath, + _In_ ULONG BufferLengthIn, + _Out_opt_ PULONG BufferLengthOut + ); +#endif + +// Cloud Filters + +#if (PHNT_VERSION >= PHNT_REDSTONE3) +// msdn +NTSYSAPI +BOOLEAN +NTAPI +RtlIsCloudFilesPlaceholder( + _In_ ULONG FileAttributes, + _In_ ULONG ReparseTag + ); + +// msdn +NTSYSAPI +BOOLEAN +NTAPI +RtlIsPartialPlaceholder( + _In_ ULONG FileAttributes, + _In_ ULONG ReparseTag + ); + +// msdn +NTSYSAPI +NTSTATUS +NTAPI +RtlIsPartialPlaceholderFileHandle( + _In_ HANDLE FileHandle, + _Out_ PBOOLEAN IsPartialPlaceholder + ); + +// msdn +NTSYSAPI +NTSTATUS +NTAPI +RtlIsPartialPlaceholderFileInfo( + _In_ PVOID InfoBuffer, + _In_ FILE_INFORMATION_CLASS InfoClass, + _Out_ PBOOLEAN IsPartialPlaceholder + ); + +#undef PHCM_MAX +#define PHCM_APPLICATION_DEFAULT ((CHAR)0) +#define PHCM_DISGUISE_PLACEHOLDERS ((CHAR)1) +#define PHCM_EXPOSE_PLACEHOLDERS ((CHAR)2) +#define PHCM_MAX ((CHAR)2) + +#define PHCM_ERROR_INVALID_PARAMETER ((CHAR)-1) +#define PHCM_ERROR_NO_TEB ((CHAR)-2) + +NTSYSAPI +CHAR +NTAPI +RtlQueryThreadPlaceholderCompatibilityMode( + VOID + ); + +NTSYSAPI +CHAR +NTAPI +RtlSetThreadPlaceholderCompatibilityMode( + _In_ CHAR Mode + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE4) + +#undef PHCM_MAX +#define PHCM_DISGUISE_FULL_PLACEHOLDERS ((CHAR)3) +#define PHCM_MAX ((CHAR)3) +#define PHCM_ERROR_NO_PEB ((CHAR)-3) + +NTSYSAPI +CHAR +NTAPI +RtlQueryProcessPlaceholderCompatibilityMode( + VOID + ); + +NTSYSAPI +CHAR +NTAPI +RtlSetProcessPlaceholderCompatibilityMode( + _In_ CHAR Mode + ); + +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE2) +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlIsNonEmptyDirectoryReparsePointAllowed( + _In_ ULONG ReparseTag + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlAppxIsFileOwnedByTrustedInstaller( + _In_ HANDLE FileHandle, + _Out_ PBOOLEAN IsFileOwnedByTrustedInstaller + ); +#endif + +// Windows Internals book +#define PSM_ACTIVATION_TOKEN_PACKAGED_APPLICATION 0x1 +#define PSM_ACTIVATION_TOKEN_SHARED_ENTITY 0x2 +#define PSM_ACTIVATION_TOKEN_FULL_TRUST 0x4 +#define PSM_ACTIVATION_TOKEN_NATIVE_SERVICE 0x8 +#define PSM_ACTIVATION_TOKEN_DEVELOPMENT_APP 0x10 +#define PSM_ACTIVATION_TOKEN_BREAKAWAY_INHIBITED 0x20 +#define PSM_ACTIVATION_TOKEN_RUNTIME_BROKER 0x40 // rev +#define PSM_ACTIVATION_TOKEN_UNIVERSAL_CONSOLE 0x200 // rev +#define PSM_ACTIVATION_TOKEN_WIN32ALACARTE_PROCESS 0x10000 // rev + +// PackageOrigin appmodel.h +//#define PackageOrigin_Unknown 0 +//#define PackageOrigin_Unsigned 1 +//#define PackageOrigin_Inbox 2 +//#define PackageOrigin_Store 3 +//#define PackageOrigin_DeveloperUnsigned 4 +//#define PackageOrigin_DeveloperSigned 5 +//#define PackageOrigin_LineOfBusiness 6 + +#define PSMP_MINIMUM_SYSAPP_CLAIM_VALUES 2 +#define PSMP_MAXIMUM_SYSAPP_CLAIM_VALUES 4 + +// private +typedef struct _PS_PKG_CLAIM +{ + ULONG Flags; // PSM_ACTIVATION_TOKEN_* + ULONG Origin; // PackageOrigin +} PS_PKG_CLAIM, *PPS_PKG_CLAIM; + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryPackageClaims( + _In_ HANDLE TokenHandle, + _Out_writes_bytes_to_opt_(*PackageSize, *PackageSize) PWSTR PackageFullName, + _Inout_opt_ PSIZE_T PackageSize, + _Out_writes_bytes_to_opt_(*AppIdSize, *AppIdSize) PWSTR AppId, + _Inout_opt_ PSIZE_T AppIdSize, + _Out_opt_ PGUID DynamicId, + _Out_opt_ PPS_PKG_CLAIM PkgClaim, + _Out_opt_ PULONG64 AttributesPresent + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryPackageIdentity( + _In_ HANDLE TokenHandle, + _Out_writes_bytes_to_(*PackageSize, *PackageSize) PWSTR PackageFullName, + _Inout_ PSIZE_T PackageSize, + _Out_writes_bytes_to_opt_(*AppIdSize, *AppIdSize) PWSTR AppId, + _Inout_opt_ PSIZE_T AppIdSize, + _Out_opt_ PBOOLEAN Packaged + ); +#endif + +#if (PHNT_VERSION >= PHNT_WINBLUE) +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryPackageIdentityEx( + _In_ HANDLE TokenHandle, + _Out_writes_bytes_to_(*PackageSize, *PackageSize) PWSTR PackageFullName, + _Inout_ PSIZE_T PackageSize, + _Out_writes_bytes_to_opt_(*AppIdSize, *AppIdSize) PWSTR AppId, + _Inout_opt_ PSIZE_T AppIdSize, + _Out_opt_ PGUID DynamicId, + _Out_opt_ PULONG64 Flags + ); +#endif + +// Protected policies + +#if (PHNT_VERSION >= PHNT_WINBLUE) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryProtectedPolicy( + _In_ PGUID PolicyGuid, + _Out_ PULONG_PTR PolicyValue + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlSetProtectedPolicy( + _In_ PGUID PolicyGuid, + _In_ ULONG_PTR PolicyValue, + _Out_ PULONG_PTR OldPolicyValue + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE) +// rev +NTSYSAPI +BOOLEAN +NTAPI +RtlIsEnclaveFeaturePresent( + _In_ ULONG FeatureMask + ); +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +// private +NTSYSAPI +BOOLEAN +NTAPI +RtlIsMultiSessionSku( + VOID + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE) +// private +NTSYSAPI +BOOLEAN +NTAPI +RtlIsMultiUsersInSessionSku( + VOID + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN11) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlGetSessionProperties( + _In_ ULONG SessionId, + _Out_ PULONG SharedUserSessionId + ); +#endif + +// private +typedef enum _RTL_BSD_ITEM_TYPE +{ + RtlBsdItemVersionNumber, // q; s: ULONG + RtlBsdItemProductType, // q; s: NT_PRODUCT_TYPE (ULONG) + RtlBsdItemAabEnabled, // q: s: BOOLEAN // AutoAdvancedBoot + RtlBsdItemAabTimeout, // q: s: UCHAR // AdvancedBootMenuTimeout + RtlBsdItemBootGood, // q: s: BOOLEAN // LastBootSucceeded + RtlBsdItemBootShutdown, // q: s: BOOLEAN // LastBootShutdown + RtlBsdSleepInProgress, // q: s: BOOLEAN // SleepInProgress + RtlBsdPowerTransition, // q: s: RTL_BSD_DATA_POWER_TRANSITION + RtlBsdItemBootAttemptCount, // q: s: UCHAR // BootAttemptCount + RtlBsdItemBootCheckpoint, // q: s: UCHAR // LastBootCheckpoint + RtlBsdItemBootId, // q; s: ULONG (USER_SHARED_DATA->BootId) + RtlBsdItemShutdownBootId, // q; s: ULONG + RtlBsdItemReportedAbnormalShutdownBootId, // q; s: ULONG + RtlBsdItemErrorInfo, // RTL_BSD_DATA_ERROR_INFO + RtlBsdItemPowerButtonPressInfo, // RTL_BSD_POWER_BUTTON_PRESS_INFO + RtlBsdItemChecksum, // q: s: UCHAR + RtlBsdPowerTransitionExtension, + RtlBsdItemFeatureConfigurationState, // q; s: ULONG + RtlBsdItemMax +} RTL_BSD_ITEM_TYPE; + +// ros +typedef struct _RTL_BSD_DATA_POWER_TRANSITION +{ + LARGE_INTEGER PowerButtonTimestamp; + struct + { + BOOLEAN SystemRunning : 1; + BOOLEAN ConnectedStandbyInProgress : 1; + BOOLEAN UserShutdownInProgress : 1; + BOOLEAN SystemShutdownInProgress : 1; + BOOLEAN SleepInProgress : 4; + } Flags; + UCHAR ConnectedStandbyScenarioInstanceId; + UCHAR ConnectedStandbyEntryReason; + UCHAR ConnectedStandbyExitReason; + USHORT SystemSleepTransitionCount; + LARGE_INTEGER LastReferenceTime; + ULONG LastReferenceTimeChecksum; + ULONG LastUpdateBootId; +} RTL_BSD_DATA_POWER_TRANSITION, *PRTL_BSD_DATA_POWER_TRANSITION; + +// ros +typedef struct _RTL_BSD_DATA_ERROR_INFO +{ + ULONG BootId; + ULONG RepeatCount; + ULONG OtherErrorCount; + ULONG Code; + ULONG OtherErrorCount2; +} RTL_BSD_DATA_ERROR_INFO, *PRTL_BSD_DATA_ERROR_INFO; + +// ros +typedef struct _RTL_BSD_POWER_BUTTON_PRESS_INFO +{ + LARGE_INTEGER LastPressTime; + ULONG CumulativePressCount; + USHORT LastPressBootId; + UCHAR LastPowerWatchdogStage; + struct + { + UCHAR WatchdogArmed : 1; + UCHAR ShutdownInProgress : 1; + } Flags; + LARGE_INTEGER LastReleaseTime; + ULONG CumulativeReleaseCount; + USHORT LastReleaseBootId; + USHORT ErrorCount; + UCHAR CurrentConnectedStandbyPhase; + ULONG TransitionLatestCheckpointId; + ULONG TransitionLatestCheckpointType; + ULONG TransitionLatestCheckpointSequenceNumber; +} RTL_BSD_POWER_BUTTON_PRESS_INFO, *PRTL_BSD_POWER_BUTTON_PRESS_INFO; + +// private +typedef struct _RTL_BSD_ITEM +{ + RTL_BSD_ITEM_TYPE Type; + PVOID DataBuffer; + ULONG DataLength; +} RTL_BSD_ITEM, *PRTL_BSD_ITEM; + +// ros +NTSYSAPI +NTSTATUS +NTAPI +RtlCreateBootStatusDataFile( + VOID + ); + +// ros +NTSYSAPI +NTSTATUS +NTAPI +RtlLockBootStatusData( + _Out_ PHANDLE FileHandle + ); + +// ros +NTSYSAPI +NTSTATUS +NTAPI +RtlUnlockBootStatusData( + _In_ HANDLE FileHandle + ); + +// ros +NTSYSAPI +NTSTATUS +NTAPI +RtlGetSetBootStatusData( + _In_ HANDLE FileHandle, + _In_ BOOLEAN Read, + _In_ RTL_BSD_ITEM_TYPE DataClass, + _In_ PVOID Buffer, + _In_ ULONG BufferSize, + _Out_opt_ PULONG ReturnLength + ); + +#if (PHNT_VERSION >= PHNT_REDSTONE) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlCheckBootStatusIntegrity( + _In_ HANDLE FileHandle, + _Out_ PBOOLEAN Verified + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlRestoreBootStatusDefaults( + _In_ HANDLE FileHandle + ); +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE3) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlRestoreSystemBootStatusDefaults( + VOID + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlGetSystemBootStatus( + _In_ RTL_BSD_ITEM_TYPE BootStatusInformationClass, + _Out_ PVOID DataBuffer, + _In_ ULONG DataLength, + _Out_opt_ PULONG ReturnLength + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlSetSystemBootStatus( + _In_ RTL_BSD_ITEM_TYPE BootStatusInformationClass, + _In_ PVOID DataBuffer, + _In_ ULONG DataLength, + _Out_opt_ PULONG ReturnLength + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlCheckPortableOperatingSystem( + _Out_ PBOOLEAN IsPortable // VOID + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlSetPortableOperatingSystem( + _In_ BOOLEAN IsPortable + ); + +// rev +NTSYSAPI +ULONG +NTAPI +RtlSetProxiedProcessId( + _In_ ULONG ProxiedProcessId + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) + +NTSYSAPI +NTSTATUS +NTAPI +RtlFindClosestEncodableLength( + _In_ ULONGLONG SourceLength, + _Out_ PULONGLONG TargetLength + ); + +#endif + +// Memory cache + +_Function_class_(RTL_SECURE_MEMORY_CACHE_CALLBACK) +typedef NTSTATUS (NTAPI RTL_SECURE_MEMORY_CACHE_CALLBACK)( + _In_ PVOID Address, + _In_ SIZE_T Length + ); +typedef RTL_SECURE_MEMORY_CACHE_CALLBACK *PRTL_SECURE_MEMORY_CACHE_CALLBACK; + +// ros +NTSYSAPI +NTSTATUS +NTAPI +RtlRegisterSecureMemoryCacheCallback( + _In_ PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDeregisterSecureMemoryCacheCallback( + _In_ PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback + ); + +// ros +NTSYSAPI +BOOLEAN +NTAPI +RtlFlushSecureMemoryCache( + _In_ PVOID MemoryCache, + _In_opt_ SIZE_T MemoryLength + ); + +#if (PHNT_VERSION >= PHNT_20H1) + +// Feature configuration + +typedef struct __RTL_FEATURE_USAGE_REPORT +{ + ULONG FeatureId; + USHORT ReportingKind; + USHORT ReportingOptions; +} RTL_FEATURE_USAGE_REPORT, *PRTL_FEATURE_USAGE_REPORT; + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlNotifyFeatureUsage( + _In_ PRTL_FEATURE_USAGE_REPORT FeatureUsageReport + ); + +typedef enum _RTL_FEATURE_CONFIGURATION_TYPE +{ + RtlFeatureConfigurationBoot, + RtlFeatureConfigurationRuntime, + RtlFeatureConfigurationCount +} RTL_FEATURE_CONFIGURATION_TYPE; + +// rev +typedef struct _RTL_FEATURE_CONFIGURATION +{ + ULONG FeatureId; + union + { + ULONG Flags; + struct + { + ULONG Priority : 4; + ULONG EnabledState : 2; + ULONG IsWexpConfiguration : 1; + ULONG HasSubscriptions : 1; + ULONG Variant : 6; + ULONG VariantPayloadKind : 2; + ULONG Reserved : 16; + }; + }; + ULONG VariantPayload; +} RTL_FEATURE_CONFIGURATION, *PRTL_FEATURE_CONFIGURATION; + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryFeatureConfiguration( + _In_ ULONG FeatureId, + _In_ RTL_FEATURE_CONFIGURATION_TYPE FeatureType, + _Inout_ PULONGLONG ChangeStamp, + _In_ PRTL_FEATURE_CONFIGURATION FeatureConfiguration + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlSetFeatureConfigurations( + _Inout_ PULONGLONG ChangeStamp, + _In_ RTL_FEATURE_CONFIGURATION_TYPE FeatureType, + _In_ PRTL_FEATURE_CONFIGURATION FeatureConfiguration, + _In_ ULONG FeatureConfigurationCount + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryAllFeatureConfigurations( + _In_ RTL_FEATURE_CONFIGURATION_TYPE FeatureType, + _Inout_ PULONGLONG ChangeStamp, + _Out_ PRTL_FEATURE_CONFIGURATION FeatureConfigurations, + _Inout_ PULONG FeatureConfigurationCount + ); + +// rev +NTSYSAPI +ULONGLONG +NTAPI +RtlQueryFeatureConfigurationChangeStamp( + VOID + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryFeatureUsageNotificationSubscriptions( + _Out_ PRTL_FEATURE_CONFIGURATION FeatureConfiguration, + _Inout_ PULONG FeatureConfigurationCount + ); + +_Function_class_(RTL_FEATURE_CONFIGURATION_CHANGE_NOTIFICATION) +typedef VOID (NTAPI RTL_FEATURE_CONFIGURATION_CHANGE_NOTIFICATION)( + _In_opt_ PVOID Context + ); +typedef RTL_FEATURE_CONFIGURATION_CHANGE_NOTIFICATION *PRTL_FEATURE_CONFIGURATION_CHANGE_NOTIFICATION; + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlRegisterFeatureConfigurationChangeNotification( + _In_ PRTL_FEATURE_CONFIGURATION_CHANGE_NOTIFICATION Callback, + _In_opt_ PVOID Context, + _Inout_opt_ PULONGLONG ChangeStamp, + _Out_ PHANDLE NotificationHandle + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlUnregisterFeatureConfigurationChangeNotification( + _In_ HANDLE NotificationHandle + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlSubscribeForFeatureUsageNotification( + _In_ PRTL_FEATURE_CONFIGURATION FeatureConfiguration, + _In_ ULONG FeatureConfigurationCount + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlUnsubscribeFromFeatureUsageNotifications( + _In_ PRTL_FEATURE_CONFIGURATION FeatureConfiguration, + _In_ ULONG FeatureConfigurationCount + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) + +#ifndef _RTL_RUN_ONCE_DEF +#define _RTL_RUN_ONCE_DEF +// +// Run once initializer +// +#define RTL_RUN_ONCE_INIT {0} +// +// Run once flags +// +#define RTL_RUN_ONCE_CHECK_ONLY 0x00000001UL +#define RTL_RUN_ONCE_ASYNC 0x00000002UL +#define RTL_RUN_ONCE_INIT_FAILED 0x00000004UL +// +// The context stored in the run once structure must +// leave the following number of low order bits unused. +// +#define RTL_RUN_ONCE_CTX_RESERVED_BITS 2 + +typedef union _RTL_RUN_ONCE +{ + PVOID Ptr; +} RTL_RUN_ONCE, *PRTL_RUN_ONCE; +#endif + +NTSYSAPI +VOID +NTAPI +RtlRunOnceInitialize( + _Out_ PRTL_RUN_ONCE RunOnce + ); + +typedef _Function_class_(RTL_RUN_ONCE_INIT_FN) +LOGICAL NTAPI RTL_RUN_ONCE_INIT_FN( + _Inout_ PRTL_RUN_ONCE RunOnce, + _Inout_opt_ PVOID Parameter, + _Inout_opt_ PVOID *Context + ); +typedef RTL_RUN_ONCE_INIT_FN *PRTL_RUN_ONCE_INIT_FN; + +_Maybe_raises_SEH_exception_ +NTSYSAPI +NTSTATUS +NTAPI +RtlRunOnceExecuteOnce( + _Inout_ PRTL_RUN_ONCE RunOnce, + _In_ __callback PRTL_RUN_ONCE_INIT_FN InitFn, + _Inout_opt_ PVOID Parameter, + _Outptr_opt_result_maybenull_ PVOID *Context + ); + +_Must_inspect_result_ +NTSYSAPI +NTSTATUS +NTAPI +RtlRunOnceBeginInitialize( + _Inout_ PRTL_RUN_ONCE RunOnce, + _In_ ULONG Flags, + _Outptr_opt_result_maybenull_ PVOID *Context + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlRunOnceComplete( + _Inout_ PRTL_RUN_ONCE RunOnce, + _In_ ULONG Flags, + _In_opt_ PVOID Context + ); + +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD) + +#define WNF_STATE_KEY 0x41C64E6DA3BC0074 + +_Must_inspect_result_ +NTSYSAPI +BOOLEAN +NTAPI +RtlEqualWnfChangeStamps( + _In_ WNF_CHANGE_STAMP ChangeStamp1, + _In_ WNF_CHANGE_STAMP ChangeStamp2 + ); + +_Always_(_Post_satisfies_(return == STATUS_NO_MEMORY || return == STATUS_RETRY || return == STATUS_SUCCESS)) +typedef _Function_class_(WNF_USER_CALLBACK) +NTSTATUS NTAPI WNF_USER_CALLBACK( + _In_ WNF_STATE_NAME StateName, + _In_ WNF_CHANGE_STAMP ChangeStamp, + _In_opt_ PWNF_TYPE_ID TypeId, + _In_opt_ PVOID CallbackContext, + _In_reads_bytes_opt_(Length) const VOID* Buffer, + _In_ ULONG Length + ); +typedef WNF_USER_CALLBACK *PWNF_USER_CALLBACK; + +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryWnfStateData( + _Out_ PWNF_CHANGE_STAMP ChangeStamp, + _In_ WNF_STATE_NAME StateName, + _In_ PWNF_USER_CALLBACK Callback, + _In_opt_ PVOID CallbackContext, + _In_opt_ PWNF_TYPE_ID TypeId + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlPublishWnfStateData( + _In_ WNF_STATE_NAME StateName, + _In_opt_ PCWNF_TYPE_ID TypeId, + _In_reads_bytes_opt_(Length) const VOID* Buffer, + _In_opt_ ULONG Length, + _In_opt_ const VOID* ExplicitScope + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSubscribeWnfStateChangeNotification( + _Outptr_ PVOID* SubscriptionHandle, // PWNF_USER_SUBSCRIPTION + _In_ WNF_STATE_NAME StateName, + _In_ WNF_CHANGE_STAMP ChangeStamp, + _In_ PWNF_USER_CALLBACK Callback, + _In_opt_ PVOID CallbackContext, + _In_opt_ PCWNF_TYPE_ID TypeId, + _In_opt_ ULONG SerializationGroup, + _Reserved_ ULONG Flags + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlUnsubscribeWnfStateChangeNotification( + _In_ PWNF_USER_CALLBACK Callback + ); + +#endif + +#if (PHNT_VERSION >= PHNT_WIN11) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCopyFileChunk( + _In_ HANDLE SourceHandle, + _In_ HANDLE DestinationHandle, + _In_opt_ HANDLE EventHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG Length, + _In_ PLARGE_INTEGER SourceOffset, + _In_ PLARGE_INTEGER DestOffset, + _In_opt_ PULONG SourceKey, + _In_opt_ PULONG DestKey, + _In_ ULONG Flags + ); + +#endif + +#if (PHNT_VERSION >= PHNT_WIN11) +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlQueryPropertyStore( + _In_ ULONG_PTR Key, + _Out_ PULONG_PTR Context + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlRemovePropertyStore( + _In_ ULONG_PTR Key, + _Out_ PULONG_PTR Context + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlCompareExchangePropertyStore( + _In_ ULONG_PTR Key, + _In_ PULONG_PTR Comperand, + _In_opt_ PULONG_PTR Exchange, + _Out_ PULONG_PTR Context + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN11) +typedef enum _THREAD_STATE_CHANGE_TYPE THREAD_STATE_CHANGE_TYPE, *PTHREAD_STATE_CHANGE_TYPE; + +// rev +NTSYSAPI +NTSTATUS +NTAPI +RtlWow64ChangeThreadState( + _In_ HANDLE ThreadStateChangeHandle, + _In_ HANDLE ThreadHandle, + _In_ THREAD_STATE_CHANGE_TYPE StateChangeType, + _In_opt_ PVOID ExtendedInformation, + _In_opt_ SIZE_T ExtendedInformationLength, + _In_opt_ ULONG64 Reserved + ); +#endif + +#endif // _NTRTL_H + +/* + * RTL forward symbol typedefs + * + * This file is part of System Informer. + */ +#ifndef _NTRTL_FWD_H +#define _NTRTL_FWD_H + +// begin_forwarders +#ifndef PHNT_INLINE_NAME_FORWARDERS +#define RtlGetNativeSystemInformation NtQuerySystemInformation +#define RtlGetTickCount NtGetTickCount +#define RtlGuardRestoreContext RtlRestoreContext +#define RtlRandom RtlRandomEx +#define RtlOpenImageFileOptionsKey LdrOpenImageFileOptionsKey +#define RtlQueryImageFileExecutionOptions LdrQueryImageFileExecutionOptionsEx +#define RtlQueryImageFileKeyOption LdrQueryImageFileKeyOption +#define RtlSetTimer RtlCreateTimer +#define RtlRestoreLastWin32Error RtlSetLastWin32Error +#endif + +#ifndef PHNT_INLINE_PEB_FORWARDERS +FORCEINLINE +PPEB +NTAPI +RtlGetCurrentPeb( + VOID + ) +{ + return NtCurrentPeb(); +} + +FORCEINLINE +NTSTATUS +NTAPI +RtlAcquirePebLock( + VOID + ) +{ + return RtlEnterCriticalSection(NtCurrentPeb()->FastPebLock); +} + +FORCEINLINE +NTSTATUS +NTAPI +RtlReleasePebLock( + VOID + ) +{ + return RtlLeaveCriticalSection(NtCurrentPeb()->FastPebLock); +} +#endif + +#ifndef PHNT_INLINE_FREE_FORWARDERS +//#define RtlFreeUnicodeString(UnicodeString) {if ((UnicodeString)->Buffer) RtlFreeHeap(RtlProcessHeap(), 0, (UnicodeString)->Buffer); memset(UnicodeString, 0, sizeof(UNICODE_STRING));} +FORCEINLINE +VOID +NTAPI +RtlFreeUnicodeString( + _Inout_ _At_(UnicodeString->Buffer, _Frees_ptr_opt_) PUNICODE_STRING UnicodeString + ) +{ + if (UnicodeString->Buffer) + { + RtlFreeHeap(RtlProcessHeap(), 0, UnicodeString->Buffer); + memset(UnicodeString, 0, sizeof(UNICODE_STRING)); + } +} + +//#define RtlFreeAnsiString(UnicodeString) {if ((AnsiString)->Buffer) RtlFreeHeap(RtlProcessHeap(), 0, (AnsiString)->Buffer); memset(AnsiString, 0, sizeof(ANSI_STRING));} +FORCEINLINE +VOID +NTAPI +RtlFreeAnsiString( + _Inout_ _At_(AnsiString->Buffer, _Frees_ptr_opt_) PANSI_STRING AnsiString + ) +{ + if (AnsiString->Buffer) + { + RtlFreeHeap(RtlProcessHeap(), 0, AnsiString->Buffer); + memset(AnsiString, 0, sizeof(ANSI_STRING)); + } +} + +//#define RtlFreeUTF8String(Utf8String) {if ((Utf8String)->Buffer) RtlFreeHeap(RtlProcessHeap(), 0, (Utf8String)->Buffer); memset(Utf8String, 0, sizeof(UTF8_STRING));} +FORCEINLINE +VOID +NTAPI +RtlFreeUTF8String( + _Inout_ _At_(Utf8String->Buffer, _Frees_ptr_opt_) PUTF8_STRING Utf8String + ) +{ + if (Utf8String->Buffer) + { + RtlFreeHeap(RtlProcessHeap(), 0, Utf8String->Buffer); + memset(Utf8String, 0, sizeof(UTF8_STRING)); + } +} + +//#define RtlFreeSid(Sid) RtlFreeHeap(RtlProcessHeap(), 0, (Sid)) +FORCEINLINE +PVOID +NTAPI +RtlFreeSid( + _In_ _Post_invalid_ PSID Sid + ) +{ + RtlFreeHeap(RtlProcessHeap(), 0, Sid); + return NULL; +} + +//#define RtlDeleteBoundaryDescriptor(BoundaryDescriptor) RtlFreeHeap(RtlProcessHeap(), 0, (BoundaryDescriptor)) +FORCEINLINE +VOID +NTAPI +RtlDeleteBoundaryDescriptor( + _In_ _Post_invalid_ POBJECT_BOUNDARY_DESCRIPTOR BoundaryDescriptor + ) +{ + RtlFreeHeap(RtlProcessHeap(), 0, BoundaryDescriptor); +} + +//#define RtlDeleteSecurityObject(ObjectDescriptor) RtlFreeHeap(RtlProcessHeap(), 0, *(ObjectDescriptor)) +//FORCEINLINE +//NTSTATUS +//RtlDeleteSecurityObject( +// _Inout_ PSECURITY_DESCRIPTOR *ObjectDescriptor +// ) +//{ +// RtlFreeHeap(RtlProcessHeap(), 0, *ObjectDescriptor); +// return STATUS_SUCCESS; +//} + +//#define RtlDestroyEnvironment(Environment) RtlFreeHeap(RtlProcessHeap(), 0, (Environment)) +FORCEINLINE +NTSTATUS +NTAPI +RtlDestroyEnvironment( + _In_ _Post_invalid_ PVOID Environment + ) +{ + RtlFreeHeap(RtlProcessHeap(), 0, Environment); + return STATUS_SUCCESS; +} + +//#define RtlDestroyProcessParameters(ProcessParameters) RtlFreeHeap(RtlProcessHeap(), 0, (ProcessParameters)) +FORCEINLINE +NTSTATUS +NTAPI +RtlDestroyProcessParameters( + _In_ _Post_invalid_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters + ) +{ + RtlFreeHeap(RtlProcessHeap(), 0, ProcessParameters); + return STATUS_SUCCESS; +} +#endif +// end_forwarders + +#endif // _NTRTL_FWD_H diff --git a/deps/phnt-nightly/ntsam.h b/deps/phnt-nightly/ntsam.h new file mode 100644 index 0000000..d741aa3 --- /dev/null +++ b/deps/phnt-nightly/ntsam.h @@ -0,0 +1,1894 @@ +/* + * Security Account Manager support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTSAM_H +#define _NTSAM_H + +#define SAM_MAXIMUM_LOOKUP_COUNT (1000) +#define SAM_MAXIMUM_LOOKUP_LENGTH (32000) +#define SAM_MAX_PASSWORD_LENGTH (256) +#define SAM_PASSWORD_ENCRYPTION_SALT_LEN (16) + +typedef PVOID SAM_HANDLE, *PSAM_HANDLE; +typedef ULONG SAM_ENUMERATE_HANDLE, *PSAM_ENUMERATE_HANDLE; + +typedef struct _SAM_RID_ENUMERATION +{ + ULONG RelativeId; + UNICODE_STRING Name; +} SAM_RID_ENUMERATION, *PSAM_RID_ENUMERATION; + +typedef struct _SAM_SID_ENUMERATION +{ + PSID Sid; + UNICODE_STRING Name; +} SAM_SID_ENUMERATION, *PSAM_SID_ENUMERATION; + +typedef struct _SAM_BYTE_ARRAY +{ + ULONG Size; + _Field_size_bytes_(Size) PUCHAR Data; +} SAM_BYTE_ARRAY, *PSAM_BYTE_ARRAY; + +typedef struct _SAM_BYTE_ARRAY_32K +{ + ULONG Size; + _Field_size_bytes_(Size) PUCHAR Data; +} SAM_BYTE_ARRAY_32K, *PSAM_BYTE_ARRAY_32K; + +typedef SAM_BYTE_ARRAY_32K SAM_SHELL_OBJECT_PROPERTIES, *PSAM_SHELL_OBJECT_PROPERTIES; + +// Basic + +NTSTATUS +NTAPI +SamFreeMemory( + _In_ PVOID Buffer + ); + +NTSTATUS +NTAPI +SamCloseHandle( + _In_ SAM_HANDLE SamHandle + ); + +_Check_return_ +NTSTATUS +NTAPI +SamSetSecurityObject( + _In_ SAM_HANDLE ObjectHandle, + _In_ SECURITY_INFORMATION SecurityInformation, + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor + ); + +_Check_return_ +NTSTATUS +NTAPI +SamQuerySecurityObject( + _In_ SAM_HANDLE ObjectHandle, + _In_ SECURITY_INFORMATION SecurityInformation, + _Outptr_ PSECURITY_DESCRIPTOR *SecurityDescriptor + ); + +_Check_return_ +NTSTATUS +NTAPI +SamRidToSid( + _In_ SAM_HANDLE ObjectHandle, + _In_ ULONG Rid, + _Outptr_ PSID *Sid + ); + +// Server + +#define SAM_SERVER_CONNECT 0x0001 +#define SAM_SERVER_SHUTDOWN 0x0002 +#define SAM_SERVER_INITIALIZE 0x0004 +#define SAM_SERVER_CREATE_DOMAIN 0x0008 +#define SAM_SERVER_ENUMERATE_DOMAINS 0x0010 +#define SAM_SERVER_LOOKUP_DOMAIN 0x0020 + +#define SAM_SERVER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ + SAM_SERVER_CONNECT | \ + SAM_SERVER_INITIALIZE | \ + SAM_SERVER_CREATE_DOMAIN | \ + SAM_SERVER_SHUTDOWN | \ + SAM_SERVER_ENUMERATE_DOMAINS | \ + SAM_SERVER_LOOKUP_DOMAIN) + +#define SAM_SERVER_READ (STANDARD_RIGHTS_READ | \ + SAM_SERVER_ENUMERATE_DOMAINS) + +#define SAM_SERVER_WRITE (STANDARD_RIGHTS_WRITE | \ + SAM_SERVER_INITIALIZE | \ + SAM_SERVER_CREATE_DOMAIN | \ + SAM_SERVER_SHUTDOWN) + +#define SAM_SERVER_EXECUTE (STANDARD_RIGHTS_EXECUTE | \ + SAM_SERVER_CONNECT | \ + SAM_SERVER_LOOKUP_DOMAIN) + +typedef struct _RPC_AUTH_IDENTITY_HANDLE *PRPC_AUTH_IDENTITY_HANDLE; + +// Functions + +_Check_return_ +NTSTATUS +NTAPI +SamConnect( + _In_opt_ PUNICODE_STRING ServerName, + _Out_ PSAM_HANDLE ServerHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +_Check_return_ +NTSTATUS +NTAPI +SamConnectWithCreds( + _In_ PUNICODE_STRING ServerName, + _Out_ PSAM_HANDLE ServerHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ PRPC_AUTH_IDENTITY_HANDLE Creds, + _In_ PWCHAR Spn, + _Out_ BOOL* pfDstIsW2K + ); + +_Check_return_ +NTSTATUS +NTAPI +SamShutdownSamServer( + _In_ SAM_HANDLE ServerHandle + ); + +// Domain + +#define DOMAIN_READ_PASSWORD_PARAMETERS 0x0001 +#define DOMAIN_WRITE_PASSWORD_PARAMS 0x0002 +#define DOMAIN_READ_OTHER_PARAMETERS 0x0004 +#define DOMAIN_WRITE_OTHER_PARAMETERS 0x0008 +#define DOMAIN_CREATE_USER 0x0010 +#define DOMAIN_CREATE_GROUP 0x0020 +#define DOMAIN_CREATE_ALIAS 0x0040 +#define DOMAIN_GET_ALIAS_MEMBERSHIP 0x0080 +#define DOMAIN_LIST_ACCOUNTS 0x0100 +#define DOMAIN_LOOKUP 0x0200 +#define DOMAIN_ADMINISTER_SERVER 0x0400 + +#define DOMAIN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ + DOMAIN_READ_OTHER_PARAMETERS | \ + DOMAIN_WRITE_OTHER_PARAMETERS | \ + DOMAIN_WRITE_PASSWORD_PARAMS | \ + DOMAIN_CREATE_USER | \ + DOMAIN_CREATE_GROUP | \ + DOMAIN_CREATE_ALIAS | \ + DOMAIN_GET_ALIAS_MEMBERSHIP | \ + DOMAIN_LIST_ACCOUNTS | \ + DOMAIN_READ_PASSWORD_PARAMETERS | \ + DOMAIN_LOOKUP | \ + DOMAIN_ADMINISTER_SERVER) + +#define DOMAIN_READ (STANDARD_RIGHTS_READ | \ + DOMAIN_GET_ALIAS_MEMBERSHIP | \ + DOMAIN_READ_OTHER_PARAMETERS) + +#define DOMAIN_WRITE (STANDARD_RIGHTS_WRITE | \ + DOMAIN_WRITE_OTHER_PARAMETERS | \ + DOMAIN_WRITE_PASSWORD_PARAMS | \ + DOMAIN_CREATE_USER | \ + DOMAIN_CREATE_GROUP | \ + DOMAIN_CREATE_ALIAS | \ + DOMAIN_ADMINISTER_SERVER) + +#define DOMAIN_EXECUTE (STANDARD_RIGHTS_EXECUTE | \ + DOMAIN_READ_PASSWORD_PARAMETERS | \ + DOMAIN_LIST_ACCOUNTS | \ + DOMAIN_LOOKUP) + +#define DOMAIN_PROMOTION_INCREMENT { 0x0, 0x10 } +#define DOMAIN_PROMOTION_MASK { 0x0, 0xfffffff0 } + +// SamQueryInformationDomain/SamSetInformationDomain types + +typedef enum _DOMAIN_INFORMATION_CLASS +{ + DomainPasswordInformation = 1, // q; s: DOMAIN_PASSWORD_INFORMATION + DomainGeneralInformation, // q: DOMAIN_GENERAL_INFORMATION + DomainLogoffInformation, // q; s: DOMAIN_LOGOFF_INFORMATION + DomainOemInformation, // q; s: DOMAIN_OEM_INFORMATION + DomainNameInformation, // q: DOMAIN_NAME_INFORMATION + DomainReplicationInformation, // q; s: DOMAIN_REPLICATION_INFORMATION + DomainServerRoleInformation, // q; s: DOMAIN_SERVER_ROLE_INFORMATION + DomainModifiedInformation, // q: DOMAIN_MODIFIED_INFORMATION + DomainStateInformation, // q; s: DOMAIN_STATE_INFORMATION + DomainUasInformation, // q; s: DOMAIN_UAS_INFORMATION + DomainGeneralInformation2, // q: DOMAIN_GENERAL_INFORMATION2 + DomainLockoutInformation, // q; s: DOMAIN_LOCKOUT_INFORMATION + DomainModifiedInformation2 // q: DOMAIN_MODIFIED_INFORMATION2 +} DOMAIN_INFORMATION_CLASS; + +typedef enum _DOMAIN_SERVER_ENABLE_STATE +{ + DomainServerEnabled = 1, + DomainServerDisabled +} DOMAIN_SERVER_ENABLE_STATE, *PDOMAIN_SERVER_ENABLE_STATE; + +typedef enum _DOMAIN_SERVER_ROLE +{ + DomainServerRoleBackup = 2, + DomainServerRolePrimary +} DOMAIN_SERVER_ROLE, *PDOMAIN_SERVER_ROLE; + +#include +typedef struct _DOMAIN_GENERAL_INFORMATION +{ + LARGE_INTEGER ForceLogoff; + UNICODE_STRING OemInformation; + UNICODE_STRING DomainName; + UNICODE_STRING ReplicaSourceNodeName; + LARGE_INTEGER DomainModifiedCount; + DOMAIN_SERVER_ENABLE_STATE DomainServerState; + DOMAIN_SERVER_ROLE DomainServerRole; + BOOLEAN UasCompatibilityRequired; + ULONG UserCount; + ULONG GroupCount; + ULONG AliasCount; +} DOMAIN_GENERAL_INFORMATION, *PDOMAIN_GENERAL_INFORMATION; +#include + +#include +typedef struct _DOMAIN_GENERAL_INFORMATION2 +{ + DOMAIN_GENERAL_INFORMATION I1; + LARGE_INTEGER LockoutDuration; // delta time + LARGE_INTEGER LockoutObservationWindow; // delta time + USHORT LockoutThreshold; +} DOMAIN_GENERAL_INFORMATION2, *PDOMAIN_GENERAL_INFORMATION2; +#include + +typedef struct _DOMAIN_UAS_INFORMATION +{ + BOOLEAN UasCompatibilityRequired; +} DOMAIN_UAS_INFORMATION; + +#ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED // defined in ntsecapi.h +#define _DOMAIN_PASSWORD_INFORMATION_DEFINED + +typedef struct _DOMAIN_PASSWORD_INFORMATION +{ + USHORT MinPasswordLength; + USHORT PasswordHistoryLength; + ULONG PasswordProperties; + LARGE_INTEGER MaxPasswordAge; + LARGE_INTEGER MinPasswordAge; +} DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION; + +// PasswordProperties flags + +#define DOMAIN_PASSWORD_COMPLEX 0x00000001L +#define DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002L +#define DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004L +#define DOMAIN_LOCKOUT_ADMINS 0x00000008L +#define DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010L +#define DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020L +#define DOMAIN_NO_LM_OWF_CHANGE 0x00000040L + +#endif + +typedef enum _DOMAIN_PASSWORD_CONSTRUCTION +{ + DomainPasswordSimple = 1, + DomainPasswordComplex +} DOMAIN_PASSWORD_CONSTRUCTION; + +typedef struct _DOMAIN_LOGOFF_INFORMATION +{ + LARGE_INTEGER ForceLogoff; +} DOMAIN_LOGOFF_INFORMATION, *PDOMAIN_LOGOFF_INFORMATION; + +typedef struct _DOMAIN_OEM_INFORMATION +{ + UNICODE_STRING OemInformation; +} DOMAIN_OEM_INFORMATION, *PDOMAIN_OEM_INFORMATION; + +typedef struct _DOMAIN_NAME_INFORMATION +{ + UNICODE_STRING DomainName; +} DOMAIN_NAME_INFORMATION, *PDOMAIN_NAME_INFORMATION; + +typedef struct _DOMAIN_SERVER_ROLE_INFORMATION +{ + DOMAIN_SERVER_ROLE DomainServerRole; +} DOMAIN_SERVER_ROLE_INFORMATION, *PDOMAIN_SERVER_ROLE_INFORMATION; + +typedef struct _DOMAIN_REPLICATION_INFORMATION +{ + UNICODE_STRING ReplicaSourceNodeName; +} DOMAIN_REPLICATION_INFORMATION, *PDOMAIN_REPLICATION_INFORMATION; + +typedef struct _DOMAIN_MODIFIED_INFORMATION +{ + LARGE_INTEGER DomainModifiedCount; + LARGE_INTEGER CreationTime; +} DOMAIN_MODIFIED_INFORMATION, *PDOMAIN_MODIFIED_INFORMATION; + +typedef struct _DOMAIN_MODIFIED_INFORMATION2 +{ + LARGE_INTEGER DomainModifiedCount; + LARGE_INTEGER CreationTime; + LARGE_INTEGER ModifiedCountAtLastPromotion; +} DOMAIN_MODIFIED_INFORMATION2, *PDOMAIN_MODIFIED_INFORMATION2; + +typedef struct _DOMAIN_STATE_INFORMATION +{ + DOMAIN_SERVER_ENABLE_STATE DomainServerState; +} DOMAIN_STATE_INFORMATION, *PDOMAIN_STATE_INFORMATION; + +typedef struct _DOMAIN_LOCKOUT_INFORMATION +{ + LARGE_INTEGER LockoutDuration; // delta time + LARGE_INTEGER LockoutObservationWindow; // delta time + USHORT LockoutThreshold; // zero means no lockout +} DOMAIN_LOCKOUT_INFORMATION, *PDOMAIN_LOCKOUT_INFORMATION; + +// SamQueryDisplayInformation types + +typedef enum _DOMAIN_DISPLAY_INFORMATION +{ + DomainDisplayUser = 1, // DOMAIN_DISPLAY_USER + DomainDisplayMachine, // DOMAIN_DISPLAY_MACHINE + DomainDisplayGroup, // DOMAIN_DISPLAY_GROUP + DomainDisplayOemUser, // DOMAIN_DISPLAY_OEM_USER + DomainDisplayOemGroup, // DOMAIN_DISPLAY_OEM_GROUP + DomainDisplayServer +} DOMAIN_DISPLAY_INFORMATION, *PDOMAIN_DISPLAY_INFORMATION; + +typedef struct _DOMAIN_DISPLAY_USER +{ + ULONG Index; + ULONG Rid; + ULONG AccountControl; + UNICODE_STRING LogonName; + UNICODE_STRING AdminComment; + UNICODE_STRING FullName; +} DOMAIN_DISPLAY_USER, *PDOMAIN_DISPLAY_USER; + +typedef struct _DOMAIN_DISPLAY_MACHINE +{ + ULONG Index; + ULONG Rid; + ULONG AccountControl; + UNICODE_STRING Machine; + UNICODE_STRING Comment; +} DOMAIN_DISPLAY_MACHINE, *PDOMAIN_DISPLAY_MACHINE; + +typedef struct _DOMAIN_DISPLAY_GROUP +{ + ULONG Index; + ULONG Rid; + ULONG Attributes; + UNICODE_STRING Group; + UNICODE_STRING Comment; +} DOMAIN_DISPLAY_GROUP, *PDOMAIN_DISPLAY_GROUP; + +typedef struct _DOMAIN_DISPLAY_OEM_USER +{ + ULONG Index; + OEM_STRING User; +} DOMAIN_DISPLAY_OEM_USER, *PDOMAIN_DISPLAY_OEM_USER; + +typedef struct _DOMAIN_DISPLAY_OEM_GROUP +{ + ULONG Index; + OEM_STRING Group; +} DOMAIN_DISPLAY_OEM_GROUP, *PDOMAIN_DISPLAY_OEM_GROUP; + +// SamQueryLocalizableAccountsInDomain types + +typedef enum _DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION +{ + DomainLocalizableAccountsBasic = 1, +} DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION, *PDOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION; + +typedef struct _DOMAIN_LOCALIZABLE_ACCOUNTS_ENTRY +{ + ULONG Rid; + SID_NAME_USE Use; + UNICODE_STRING Name; + UNICODE_STRING AdminComment; +} DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY, *PDOMAIN_LOCALIZABLE_ACCOUNT_ENTRY; + +typedef struct _DOMAIN_LOCALIZABLE_ACCOUNTS +{ + ULONG Count; + _Field_size_(Count) DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY *Entries; +} DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC, *PDOMAIN_LOCALIZABLE_ACCOUNTS_BASIC; + +typedef union _DOMAIN_LOCALIZABLE_INFO_BUFFER +{ + DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC Basic; +} DOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER, *PDOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER; + +// Functions + +_Check_return_ +NTSTATUS +NTAPI +SamLookupDomainInSamServer( + _In_ SAM_HANDLE ServerHandle, + _In_ PUNICODE_STRING Name, + _Outptr_ PSID *DomainId + ); + +_Check_return_ +NTSTATUS +NTAPI +SamEnumerateDomainsInSamServer( + _In_ SAM_HANDLE ServerHandle, + _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext, + _Outptr_ PVOID *Buffer, // PSAM_SID_ENUMERATION *Buffer + _In_ ULONG PreferedMaximumLength, + _Out_ PULONG CountReturned + ); + +_Check_return_ +NTSTATUS +NTAPI +SamOpenDomain( + _In_ SAM_HANDLE ServerHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ PSID DomainId, + _Out_ PSAM_HANDLE DomainHandle + ); + +_Check_return_ +NTSTATUS +NTAPI +SamQueryInformationDomain( + _In_ SAM_HANDLE DomainHandle, + _In_ DOMAIN_INFORMATION_CLASS DomainInformationClass, + _Outptr_ PVOID *Buffer + ); + +_Check_return_ +NTSTATUS +NTAPI +SamSetInformationDomain( + _In_ SAM_HANDLE DomainHandle, + _In_ DOMAIN_INFORMATION_CLASS DomainInformationClass, + _In_ PVOID DomainInformation + ); + +_Check_return_ +NTSTATUS +NTAPI +SamLookupNamesInDomain( + _In_ SAM_HANDLE DomainHandle, + _In_ ULONG Count, + _In_reads_(Count) PUNICODE_STRING Names, + _Out_ _Deref_post_count_(Count) PULONG *RelativeIds, + _Out_ _Deref_post_count_(Count) PSID_NAME_USE *Use + ); + +_Check_return_ +NTSTATUS +NTAPI +SamLookupNamesInDomain2( + _In_ SAM_HANDLE DomainHandle, + _In_ ULONG Count, + _In_reads_(Count) PUNICODE_STRING Names, + _Out_ _Deref_post_count_(Count) PSID* Sids, + _Out_ _Deref_post_count_(Count) PSID_NAME_USE* Use + ); + +_Check_return_ +NTSTATUS +NTAPI +SamLookupIdsInDomain( + _In_ SAM_HANDLE DomainHandle, + _In_ ULONG Count, + _In_reads_(Count) PULONG RelativeIds, + _Out_ _Deref_post_count_(Count) PUNICODE_STRING *Names, + _Out_ _Deref_post_opt_count_(Count) PSID_NAME_USE *Use + ); + +_Check_return_ +NTSTATUS +NTAPI +SamRemoveMemberFromForeignDomain( + _In_ SAM_HANDLE DomainHandle, + _In_ PSID MemberId + ); + +_Check_return_ +NTSTATUS +NTAPI +SamQueryLocalizableAccountsInDomain( + _In_ SAM_HANDLE Domain, + _In_ ULONG Flags, + _In_ ULONG LanguageId, + _In_ DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION Class, + _Outptr_ PVOID *Buffer + ); + +// Group + +#define GROUP_READ_INFORMATION 0x0001 +#define GROUP_WRITE_ACCOUNT 0x0002 +#define GROUP_ADD_MEMBER 0x0004 +#define GROUP_REMOVE_MEMBER 0x0008 +#define GROUP_LIST_MEMBERS 0x0010 + +#define GROUP_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ + GROUP_LIST_MEMBERS | \ + GROUP_WRITE_ACCOUNT | \ + GROUP_ADD_MEMBER | \ + GROUP_REMOVE_MEMBER | \ + GROUP_READ_INFORMATION) + +#define GROUP_READ (STANDARD_RIGHTS_READ | \ + GROUP_LIST_MEMBERS) + +#define GROUP_WRITE (STANDARD_RIGHTS_WRITE | \ + GROUP_WRITE_ACCOUNT | \ + GROUP_ADD_MEMBER | \ + GROUP_REMOVE_MEMBER) + +#define GROUP_EXECUTE (STANDARD_RIGHTS_EXECUTE | \ + GROUP_READ_INFORMATION) + +typedef struct _GROUP_MEMBERSHIP +{ + ULONG RelativeId; + ULONG Attributes; +} GROUP_MEMBERSHIP, *PGROUP_MEMBERSHIP; + +// SamQueryInformationGroup/SamSetInformationGroup types + +typedef enum _GROUP_INFORMATION_CLASS +{ + GroupGeneralInformation = 1, // q: GROUP_GENERAL_INFORMATION + GroupNameInformation, // q; s: GROUP_NAME_INFORMATION + GroupAttributeInformation, // q; s: GROUP_ATTRIBUTE_INFORMATION + GroupAdminCommentInformation, // q; s: GROUP_ADM_COMMENT_INFORMATION + GroupReplicationInformation +} GROUP_INFORMATION_CLASS; + +typedef struct _GROUP_GENERAL_INFORMATION +{ + UNICODE_STRING Name; + ULONG Attributes; + ULONG MemberCount; + UNICODE_STRING AdminComment; +} GROUP_GENERAL_INFORMATION, *PGROUP_GENERAL_INFORMATION; + +typedef struct _GROUP_NAME_INFORMATION +{ + UNICODE_STRING Name; +} GROUP_NAME_INFORMATION, *PGROUP_NAME_INFORMATION; + +typedef struct _GROUP_ATTRIBUTE_INFORMATION +{ + ULONG Attributes; +} GROUP_ATTRIBUTE_INFORMATION, *PGROUP_ATTRIBUTE_INFORMATION; + +typedef struct _GROUP_ADM_COMMENT_INFORMATION +{ + UNICODE_STRING AdminComment; +} GROUP_ADM_COMMENT_INFORMATION, *PGROUP_ADM_COMMENT_INFORMATION; + +// Functions + +_Check_return_ +NTSTATUS +NTAPI +SamEnumerateGroupsInDomain( + _In_ SAM_HANDLE DomainHandle, + _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext, + _Outptr_ PVOID *Buffer, // PSAM_RID_ENUMERATION * + _In_ ULONG PreferedMaximumLength, + _Out_ PULONG CountReturned + ); + +_Check_return_ +NTSTATUS +NTAPI +SamCreateGroupInDomain( + _In_ SAM_HANDLE DomainHandle, + _In_ PUNICODE_STRING AccountName, + _In_ ACCESS_MASK DesiredAccess, + _Out_ PSAM_HANDLE GroupHandle, + _Out_ PULONG RelativeId + ); + +_Check_return_ +NTSTATUS +NTAPI +SamOpenGroup( + _In_ SAM_HANDLE DomainHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ ULONG GroupId, + _Out_ PSAM_HANDLE GroupHandle + ); + +_Check_return_ +NTSTATUS +NTAPI +SamDeleteGroup( + _In_ SAM_HANDLE GroupHandle + ); + +_Check_return_ +NTSTATUS +NTAPI +SamQueryInformationGroup( + _In_ SAM_HANDLE GroupHandle, + _In_ GROUP_INFORMATION_CLASS GroupInformationClass, + _Outptr_ PVOID *Buffer + ); + +_Check_return_ +NTSTATUS +NTAPI +SamSetInformationGroup( + _In_ SAM_HANDLE GroupHandle, + _In_ GROUP_INFORMATION_CLASS GroupInformationClass, + _In_ PVOID Buffer + ); + +_Check_return_ +NTSTATUS +NTAPI +SamAddMemberToGroup( + _In_ SAM_HANDLE GroupHandle, + _In_ ULONG MemberId, + _In_ ULONG Attributes + ); + +_Check_return_ +NTSTATUS +NTAPI +SamRemoveMemberFromGroup( + _In_ SAM_HANDLE GroupHandle, + _In_ ULONG MemberId + ); + +_Check_return_ +NTSTATUS +NTAPI +SamGetMembersInGroup( + _In_ SAM_HANDLE GroupHandle, + _Out_ _Deref_post_count_(*MemberCount) PULONG *MemberIds, + _Out_ _Deref_post_count_(*MemberCount) PULONG *Attributes, + _Out_ PULONG MemberCount + ); + +_Check_return_ +NTSTATUS +NTAPI +SamSetMemberAttributesOfGroup( + _In_ SAM_HANDLE GroupHandle, + _In_ ULONG MemberId, + _In_ ULONG Attributes + ); + +// Alias + +#define ALIAS_ADD_MEMBER 0x0001 +#define ALIAS_REMOVE_MEMBER 0x0002 +#define ALIAS_LIST_MEMBERS 0x0004 +#define ALIAS_READ_INFORMATION 0x0008 +#define ALIAS_WRITE_ACCOUNT 0x0010 + +#define ALIAS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ + ALIAS_READ_INFORMATION | \ + ALIAS_WRITE_ACCOUNT | \ + ALIAS_LIST_MEMBERS | \ + ALIAS_ADD_MEMBER | \ + ALIAS_REMOVE_MEMBER) + +#define ALIAS_READ (STANDARD_RIGHTS_READ | \ + ALIAS_LIST_MEMBERS) + +#define ALIAS_WRITE (STANDARD_RIGHTS_WRITE | \ + ALIAS_WRITE_ACCOUNT | \ + ALIAS_ADD_MEMBER | \ + ALIAS_REMOVE_MEMBER) + +#define ALIAS_EXECUTE (STANDARD_RIGHTS_EXECUTE | \ + ALIAS_READ_INFORMATION) + +// SamQueryInformationAlias/SamSetInformationAlias types + +typedef enum _ALIAS_INFORMATION_CLASS +{ + AliasGeneralInformation = 1, // q: ALIAS_GENERAL_INFORMATION + AliasNameInformation, // q; s: ALIAS_NAME_INFORMATION + AliasAdminCommentInformation, // q; s: ALIAS_ADM_COMMENT_INFORMATION + AliasReplicationInformation, + AliasExtendedInformation, +} ALIAS_INFORMATION_CLASS; + +typedef struct _ALIAS_GENERAL_INFORMATION +{ + UNICODE_STRING Name; + ULONG MemberCount; + UNICODE_STRING AdminComment; +} ALIAS_GENERAL_INFORMATION, *PALIAS_GENERAL_INFORMATION; + +typedef struct _ALIAS_NAME_INFORMATION +{ + UNICODE_STRING Name; +} ALIAS_NAME_INFORMATION, *PALIAS_NAME_INFORMATION; + +typedef struct _ALIAS_ADM_COMMENT_INFORMATION +{ + UNICODE_STRING AdminComment; +} ALIAS_ADM_COMMENT_INFORMATION, *PALIAS_ADM_COMMENT_INFORMATION; + +#define ALIAS_ALL_NAME (0x00000001L) +#define ALIAS_ALL_MEMBER_COUNT (0x00000002L) +#define ALIAS_ALL_ADMIN_COMMENT (0x00000004L) +#define ALIAS_ALL_SHELL_ADMIN_OBJECT_PROPERTIES (0x00000008L) + +typedef struct _ALIAS_EXTENDED_INFORMATION +{ + ULONG WhichFields; + SAM_SHELL_OBJECT_PROPERTIES ShellAdminObjectProperties; +} ALIAS_EXTENDED_INFORMATION, *PALIAS_EXTENDED_INFORMATION; + +// Functions + +_Check_return_ +NTSTATUS +NTAPI +SamEnumerateAliasesInDomain( + _In_ SAM_HANDLE DomainHandle, + _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext, + _Outptr_ PVOID *Buffer, // PSAM_RID_ENUMERATION *Buffer + _In_ ULONG PreferedMaximumLength, + _Out_ PULONG CountReturned + ); + +_Check_return_ +NTSTATUS +NTAPI +SamCreateAliasInDomain( + _In_ SAM_HANDLE DomainHandle, + _In_ PUNICODE_STRING AccountName, + _In_ ACCESS_MASK DesiredAccess, + _Out_ PSAM_HANDLE AliasHandle, + _Out_ PULONG RelativeId + ); + +_Check_return_ +NTSTATUS +NTAPI +SamOpenAlias( + _In_ SAM_HANDLE DomainHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ ULONG AliasId, + _Out_ PSAM_HANDLE AliasHandle + ); + +_Check_return_ +NTSTATUS +NTAPI +SamDeleteAlias( + _In_ SAM_HANDLE AliasHandle + ); + +_Check_return_ +NTSTATUS +NTAPI +SamQueryInformationAlias( + _In_ SAM_HANDLE AliasHandle, + _In_ ALIAS_INFORMATION_CLASS AliasInformationClass, + _Outptr_ PVOID *Buffer + ); + +_Check_return_ +NTSTATUS +NTAPI +SamSetInformationAlias( + _In_ SAM_HANDLE AliasHandle, + _In_ ALIAS_INFORMATION_CLASS AliasInformationClass, + _In_ PVOID Buffer + ); + +_Check_return_ +NTSTATUS +NTAPI +SamAddMemberToAlias( + _In_ SAM_HANDLE AliasHandle, + _In_ PSID MemberId + ); + +_Check_return_ +NTSTATUS +NTAPI +SamAddMultipleMembersToAlias( + _In_ SAM_HANDLE AliasHandle, + _In_reads_(MemberCount) PSID *MemberIds, + _In_ ULONG MemberCount + ); + +_Check_return_ +NTSTATUS +NTAPI +SamRemoveMemberFromAlias( + _In_ SAM_HANDLE AliasHandle, + _In_ PSID MemberId + ); + +_Check_return_ +NTSTATUS +NTAPI +SamRemoveMultipleMembersFromAlias( + _In_ SAM_HANDLE AliasHandle, + _In_reads_(MemberCount) PSID *MemberIds, + _In_ ULONG MemberCount + ); + +_Check_return_ +NTSTATUS +NTAPI +SamGetMembersInAlias( + _In_ SAM_HANDLE AliasHandle, + _Out_ _Deref_post_count_(*MemberCount) PSID **MemberIds, + _Out_ PULONG MemberCount + ); + +_Check_return_ +NTSTATUS +NTAPI +SamGetAliasMembership( + _In_ SAM_HANDLE DomainHandle, + _In_ ULONG PassedCount, + _In_reads_(PassedCount) PSID *Sids, + _Out_ PULONG MembershipCount, + _Out_ _Deref_post_count_(*MembershipCount) PULONG *Aliases + ); + +// Group types + +#define GROUP_TYPE_BUILTIN_LOCAL_GROUP 0x00000001 +#define GROUP_TYPE_ACCOUNT_GROUP 0x00000002 +#define GROUP_TYPE_RESOURCE_GROUP 0x00000004 +#define GROUP_TYPE_UNIVERSAL_GROUP 0x00000008 +#define GROUP_TYPE_APP_BASIC_GROUP 0x00000010 +#define GROUP_TYPE_APP_QUERY_GROUP 0x00000020 +#define GROUP_TYPE_SECURITY_ENABLED 0x80000000 + +#define GROUP_TYPE_RESOURCE_BEHAVOIR (GROUP_TYPE_RESOURCE_GROUP | \ + GROUP_TYPE_APP_BASIC_GROUP | \ + GROUP_TYPE_APP_QUERY_GROUP) + +// User + +#define USER_READ_GENERAL 0x0001 +#define USER_READ_PREFERENCES 0x0002 +#define USER_WRITE_PREFERENCES 0x0004 +#define USER_READ_LOGON 0x0008 +#define USER_READ_ACCOUNT 0x0010 +#define USER_WRITE_ACCOUNT 0x0020 +#define USER_CHANGE_PASSWORD 0x0040 +#define USER_FORCE_PASSWORD_CHANGE 0x0080 +#define USER_LIST_GROUPS 0x0100 +#define USER_READ_GROUP_INFORMATION 0x0200 +#define USER_WRITE_GROUP_INFORMATION 0x0400 + +#define USER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ + USER_READ_PREFERENCES | \ + USER_READ_LOGON | \ + USER_LIST_GROUPS | \ + USER_READ_GROUP_INFORMATION | \ + USER_WRITE_PREFERENCES | \ + USER_CHANGE_PASSWORD | \ + USER_FORCE_PASSWORD_CHANGE | \ + USER_READ_GENERAL | \ + USER_READ_ACCOUNT | \ + USER_WRITE_ACCOUNT | \ + USER_WRITE_GROUP_INFORMATION) + +#define USER_READ (STANDARD_RIGHTS_READ | \ + USER_READ_PREFERENCES | \ + USER_READ_LOGON | \ + USER_READ_ACCOUNT | \ + USER_LIST_GROUPS | \ + USER_READ_GROUP_INFORMATION) + +#define USER_WRITE (STANDARD_RIGHTS_WRITE | \ + USER_WRITE_PREFERENCES | \ + USER_CHANGE_PASSWORD) + +#define USER_EXECUTE (STANDARD_RIGHTS_EXECUTE | \ + USER_READ_GENERAL | \ + USER_CHANGE_PASSWORD) + +// User account control flags + +#define USER_ACCOUNT_DISABLED (0x00000001) +#define USER_HOME_DIRECTORY_REQUIRED (0x00000002) +#define USER_PASSWORD_NOT_REQUIRED (0x00000004) +#define USER_TEMP_DUPLICATE_ACCOUNT (0x00000008) +#define USER_NORMAL_ACCOUNT (0x00000010) +#define USER_MNS_LOGON_ACCOUNT (0x00000020) +#define USER_INTERDOMAIN_TRUST_ACCOUNT (0x00000040) +#define USER_WORKSTATION_TRUST_ACCOUNT (0x00000080) +#define USER_SERVER_TRUST_ACCOUNT (0x00000100) +#define USER_DONT_EXPIRE_PASSWORD (0x00000200) +#define USER_ACCOUNT_AUTO_LOCKED (0x00000400) +#define USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED (0x00000800) +#define USER_SMARTCARD_REQUIRED (0x00001000) +#define USER_TRUSTED_FOR_DELEGATION (0x00002000) +#define USER_NOT_DELEGATED (0x00004000) +#define USER_USE_DES_KEY_ONLY (0x00008000) +#define USER_DONT_REQUIRE_PREAUTH (0x00010000) +#define USER_PASSWORD_EXPIRED (0x00020000) +#define USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (0x00040000) +#define USER_NO_AUTH_DATA_REQUIRED (0x00080000) +#define USER_PARTIAL_SECRETS_ACCOUNT (0x00100000) +#define USER_USE_AES_KEYS (0x00200000) + +#define NEXT_FREE_ACCOUNT_CONTROL_BIT (USER_USE_AES_KEYS << 1) + +#define USER_MACHINE_ACCOUNT_MASK ( \ + USER_INTERDOMAIN_TRUST_ACCOUNT | \ + USER_WORKSTATION_TRUST_ACCOUNT | \ + USER_SERVER_TRUST_ACCOUNT \ + ) + +#define USER_ACCOUNT_TYPE_MASK ( \ + USER_TEMP_DUPLICATE_ACCOUNT | \ + USER_NORMAL_ACCOUNT | \ + USER_MACHINE_ACCOUNT_MASK \ + ) + +#define USER_COMPUTED_ACCOUNT_CONTROL_BITS ( \ + USER_ACCOUNT_AUTO_LOCKED | \ + USER_PASSWORD_EXPIRED \ + ) + +// Logon times may be expressed in day, hour, or minute granularity. + +#define SAM_DAYS_PER_WEEK (7) +#define SAM_HOURS_PER_WEEK (24 * SAM_DAYS_PER_WEEK) +#define SAM_MINUTES_PER_WEEK (60 * SAM_HOURS_PER_WEEK) + +typedef struct _LOGON_HOURS +{ + USHORT UnitsPerWeek; + + // UnitsPerWeek is the number of equal length time units the week is + // divided into. This value is used to compute the length of the bit + // string in logon_hours. Must be less than or equal to + // SAM_UNITS_PER_WEEK (10080) for this release. + // + // LogonHours is a bit map of valid logon times. Each bit represents + // a unique division in a week. The largest bit map supported is 1260 + // bytes (10080 bits), which represents minutes per week. In this case + // the first bit (bit 0, byte 0) is Sunday, 00:00:00 - 00-00:59; bit 1, + // byte 0 is Sunday, 00:01:00 - 00:01:59, etc. A NULL pointer means + // DONT_CHANGE for SamSetInformationUser() calls. + + PUCHAR LogonHours; +} LOGON_HOURS, *PLOGON_HOURS; + +typedef struct _SR_SECURITY_DESCRIPTOR +{ + ULONG Length; + PUCHAR SecurityDescriptor; +} SR_SECURITY_DESCRIPTOR, *PSR_SECURITY_DESCRIPTOR; + +// SamQueryInformationUser/SamSetInformationUser types + +typedef enum _USER_INFORMATION_CLASS +{ + UserGeneralInformation = 1, // q: USER_GENERAL_INFORMATION + UserPreferencesInformation, // q; s: USER_PREFERENCES_INFORMATION + UserLogonInformation, // q: USER_LOGON_INFORMATION + UserLogonHoursInformation, // q; s: USER_LOGON_HOURS_INFORMATION + UserAccountInformation, // q: USER_ACCOUNT_INFORMATION + UserNameInformation, // q; s: USER_NAME_INFORMATION + UserAccountNameInformation, // q; s: USER_ACCOUNT_NAME_INFORMATION + UserFullNameInformation, // q; s: USER_FULL_NAME_INFORMATION + UserPrimaryGroupInformation, // q; s: USER_PRIMARY_GROUP_INFORMATION + UserHomeInformation, // q; s: USER_HOME_INFORMATION // 10 + UserScriptInformation, // q; s: USER_SCRIPT_INFORMATION + UserProfileInformation, // q; s: USER_PROFILE_INFORMATION + UserAdminCommentInformation, // q; s: USER_ADMIN_COMMENT_INFORMATION + UserWorkStationsInformation, // q; s: USER_WORKSTATIONS_INFORMATION + UserSetPasswordInformation, // s: USER_SET_PASSWORD_INFORMATION + UserControlInformation, // q; s: USER_CONTROL_INFORMATION + UserExpiresInformation, // q; s: USER_EXPIRES_INFORMATION + UserInternal1Information, // USER_INTERNAL1_INFORMATION + UserInternal2Information, // USER_INTERNAL2_INFORMATION + UserParametersInformation, // q; s: USER_PARAMETERS_INFORMATION // 20 + UserAllInformation, // USER_ALL_INFORMATION + UserInternal3Information, // USER_INTERNAL3_INFORMATION + UserInternal4Information, // USER_INTERNAL4_INFORMATION + UserInternal5Information, // USER_INTERNAL5_INFORMATION + UserInternal4InformationNew, // USER_INTERNAL4_INFORMATION_NEW + UserInternal5InformationNew, // USER_INTERNAL5_INFORMATION_NEW + UserInternal6Information, // USER_INTERNAL6_INFORMATION + UserExtendedInformation, // USER_EXTENDED_INFORMATION + UserLogonUIInformation, // USER_LOGON_UI_INFORMATION + UserUnknownTodoInformation, + UserInternal7Information, // USER_INTERNAL7_INFORMATION + UserInternal8Information, // USER_INTERNAL8_INFORMATION +} USER_INFORMATION_CLASS, *PUSER_INFORMATION_CLASS; + +typedef struct _USER_GENERAL_INFORMATION +{ + UNICODE_STRING UserName; + UNICODE_STRING FullName; + ULONG PrimaryGroupId; + UNICODE_STRING AdminComment; + UNICODE_STRING UserComment; +} USER_GENERAL_INFORMATION, *PUSER_GENERAL_INFORMATION; + +typedef struct _USER_PREFERENCES_INFORMATION +{ + UNICODE_STRING UserComment; + UNICODE_STRING Reserved1; + USHORT CountryCode; + USHORT CodePage; +} USER_PREFERENCES_INFORMATION, *PUSER_PREFERENCES_INFORMATION; + +#include +typedef struct _USER_LOGON_INFORMATION +{ + UNICODE_STRING UserName; + UNICODE_STRING FullName; + ULONG UserId; + ULONG PrimaryGroupId; + UNICODE_STRING HomeDirectory; + UNICODE_STRING HomeDirectoryDrive; + UNICODE_STRING ScriptPath; + UNICODE_STRING ProfilePath; + UNICODE_STRING WorkStations; + LARGE_INTEGER LastLogon; + LARGE_INTEGER LastLogoff; + LARGE_INTEGER PasswordLastSet; + LARGE_INTEGER PasswordCanChange; + LARGE_INTEGER PasswordMustChange; + LOGON_HOURS LogonHours; + USHORT BadPasswordCount; + USHORT LogonCount; + ULONG UserAccountControl; +} USER_LOGON_INFORMATION, * PUSER_LOGON_INFORMATION; +#include + +typedef struct _USER_LOGON_HOURS_INFORMATION +{ + LOGON_HOURS LogonHours; +} USER_LOGON_HOURS_INFORMATION, * PUSER_LOGON_HOURS_INFORMATION; + +#include +typedef struct _USER_ACCOUNT_INFORMATION +{ + UNICODE_STRING UserName; + UNICODE_STRING FullName; + ULONG UserId; + ULONG PrimaryGroupId; + UNICODE_STRING HomeDirectory; + UNICODE_STRING HomeDirectoryDrive; + UNICODE_STRING ScriptPath; + UNICODE_STRING ProfilePath; + UNICODE_STRING AdminComment; + UNICODE_STRING WorkStations; + LARGE_INTEGER LastLogon; + LARGE_INTEGER LastLogoff; + LOGON_HOURS LogonHours; + USHORT BadPasswordCount; + USHORT LogonCount; + LARGE_INTEGER PasswordLastSet; + LARGE_INTEGER AccountExpires; + ULONG UserAccountControl; +} USER_ACCOUNT_INFORMATION, * PUSER_ACCOUNT_INFORMATION; +#include + +typedef struct _USER_NAME_INFORMATION +{ + UNICODE_STRING UserName; + UNICODE_STRING FullName; +} USER_NAME_INFORMATION, *PUSER_NAME_INFORMATION; + +typedef struct _USER_ACCOUNT_NAME_INFORMATION +{ + UNICODE_STRING UserName; +} USER_ACCOUNT_NAME_INFORMATION, *PUSER_ACCOUNT_NAME_INFORMATION; + +typedef struct _USER_FULL_NAME_INFORMATION +{ + UNICODE_STRING FullName; +} USER_FULL_NAME_INFORMATION, *PUSER_FULL_NAME_INFORMATION; + +typedef struct _USER_PRIMARY_GROUP_INFORMATION +{ + ULONG PrimaryGroupId; +} USER_PRIMARY_GROUP_INFORMATION, *PUSER_PRIMARY_GROUP_INFORMATION; + +typedef struct _USER_HOME_INFORMATION +{ + UNICODE_STRING HomeDirectory; + UNICODE_STRING HomeDirectoryDrive; +} USER_HOME_INFORMATION, *PUSER_HOME_INFORMATION; + +typedef struct _USER_SCRIPT_INFORMATION +{ + UNICODE_STRING ScriptPath; +} USER_SCRIPT_INFORMATION, *PUSER_SCRIPT_INFORMATION; + +typedef struct _USER_PROFILE_INFORMATION +{ + UNICODE_STRING ProfilePath; +} USER_PROFILE_INFORMATION, *PUSER_PROFILE_INFORMATION; + +typedef struct _USER_ADMIN_COMMENT_INFORMATION +{ + UNICODE_STRING AdminComment; +} USER_ADMIN_COMMENT_INFORMATION, *PUSER_ADMIN_COMMENT_INFORMATION; + +typedef struct _USER_WORKSTATIONS_INFORMATION +{ + UNICODE_STRING WorkStations; +} USER_WORKSTATIONS_INFORMATION, *PUSER_WORKSTATIONS_INFORMATION; + +typedef struct _USER_SET_PASSWORD_INFORMATION +{ + UNICODE_STRING Password; + BOOLEAN PasswordExpired; +} USER_SET_PASSWORD_INFORMATION, *PUSER_SET_PASSWORD_INFORMATION; + +typedef struct _USER_CONTROL_INFORMATION +{ + ULONG UserAccountControl; +} USER_CONTROL_INFORMATION, *PUSER_CONTROL_INFORMATION; + +typedef struct _USER_EXPIRES_INFORMATION +{ + LARGE_INTEGER AccountExpires; +} USER_EXPIRES_INFORMATION, *PUSER_EXPIRES_INFORMATION; + +#define CYPHER_BLOCK_LENGTH 8 + +typedef struct _CYPHER_BLOCK +{ + CHAR data[CYPHER_BLOCK_LENGTH]; +} CYPHER_BLOCK, *PCYPHER_BLOCK; + +typedef struct _ENCRYPTED_NT_OWF_PASSWORD +{ + CYPHER_BLOCK data[2]; +} ENCRYPTED_NT_OWF_PASSWORD, *PENCRYPTED_NT_OWF_PASSWORD; + +typedef struct _ENCRYPTED_LM_OWF_PASSWORD +{ + CYPHER_BLOCK data[2]; +} ENCRYPTED_LM_OWF_PASSWORD, *PENCRYPTED_LM_OWF_PASSWORD; + +typedef struct _USER_INTERNAL1_INFORMATION +{ + ENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword; + ENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword; + BOOLEAN NtPasswordPresent; + BOOLEAN LmPasswordPresent; + BOOLEAN PasswordExpired; +} USER_INTERNAL1_INFORMATION, *PUSER_INTERNAL1_INFORMATION; + +typedef struct _USER_INTERNAL2_INFORMATION +{ + ULONG StatisticsToApply; + LARGE_INTEGER LastLogon; + LARGE_INTEGER LastLogoff; + USHORT BadPasswordCount; + USHORT LogonCount; +} USER_INTERNAL2_INFORMATION, *PUSER_INTERNAL2_INFORMATION; + +typedef struct _USER_PARAMETERS_INFORMATION +{ + UNICODE_STRING Parameters; +} USER_PARAMETERS_INFORMATION, *PUSER_PARAMETERS_INFORMATION; + +// Flags for WhichFields in USER_ALL_INFORMATION + +#define USER_ALL_USERNAME 0x00000001 +#define USER_ALL_FULLNAME 0x00000002 +#define USER_ALL_USERID 0x00000004 +#define USER_ALL_PRIMARYGROUPID 0x00000008 +#define USER_ALL_ADMINCOMMENT 0x00000010 +#define USER_ALL_USERCOMMENT 0x00000020 +#define USER_ALL_HOMEDIRECTORY 0x00000040 +#define USER_ALL_HOMEDIRECTORYDRIVE 0x00000080 +#define USER_ALL_SCRIPTPATH 0x00000100 +#define USER_ALL_PROFILEPATH 0x00000200 +#define USER_ALL_WORKSTATIONS 0x00000400 +#define USER_ALL_LASTLOGON 0x00000800 +#define USER_ALL_LASTLOGOFF 0x00001000 +#define USER_ALL_LOGONHOURS 0x00002000 +#define USER_ALL_BADPASSWORDCOUNT 0x00004000 +#define USER_ALL_LOGONCOUNT 0x00008000 +#define USER_ALL_PASSWORDCANCHANGE 0x00010000 +#define USER_ALL_PASSWORDMUSTCHANGE 0x00020000 +#define USER_ALL_PASSWORDLASTSET 0x00040000 +#define USER_ALL_ACCOUNTEXPIRES 0x00080000 +#define USER_ALL_USERACCOUNTCONTROL 0x00100000 +#define USER_ALL_PARAMETERS 0x00200000 +#define USER_ALL_COUNTRYCODE 0x00400000 +#define USER_ALL_CODEPAGE 0x00800000 +#define USER_ALL_NTPASSWORDPRESENT 0x01000000 // field AND boolean +#define USER_ALL_LMPASSWORDPRESENT 0x02000000 // field AND boolean +#define USER_ALL_PRIVATEDATA 0x04000000 // field AND boolean +#define USER_ALL_PASSWORDEXPIRED 0x08000000 +#define USER_ALL_SECURITYDESCRIPTOR 0x10000000 +#define USER_ALL_OWFPASSWORD 0x20000000 // boolean + +#define USER_ALL_UNDEFINED_MASK 0xc0000000 + +// Fields that require USER_READ_GENERAL access to read. + +#define USER_ALL_READ_GENERAL_MASK \ + (USER_ALL_USERNAME | \ + USER_ALL_FULLNAME | \ + USER_ALL_USERID | \ + USER_ALL_PRIMARYGROUPID | \ + USER_ALL_ADMINCOMMENT | \ + USER_ALL_USERCOMMENT) + +// Fields that require USER_READ_LOGON access to read. + +#define USER_ALL_READ_LOGON_MASK \ + (USER_ALL_HOMEDIRECTORY | \ + USER_ALL_HOMEDIRECTORYDRIVE | \ + USER_ALL_SCRIPTPATH | \ + USER_ALL_PROFILEPATH | \ + USER_ALL_WORKSTATIONS | \ + USER_ALL_LASTLOGON | \ + USER_ALL_LASTLOGOFF | \ + USER_ALL_LOGONHOURS | \ + USER_ALL_BADPASSWORDCOUNT | \ + USER_ALL_LOGONCOUNT | \ + USER_ALL_PASSWORDCANCHANGE | \ + USER_ALL_PASSWORDMUSTCHANGE) + +// Fields that require USER_READ_ACCOUNT access to read. + +#define USER_ALL_READ_ACCOUNT_MASK \ + (USER_ALL_PASSWORDLASTSET | \ + USER_ALL_ACCOUNTEXPIRES | \ + USER_ALL_USERACCOUNTCONTROL | \ + USER_ALL_PARAMETERS) + +// Fields that require USER_READ_PREFERENCES access to read. + +#define USER_ALL_READ_PREFERENCES_MASK \ + (USER_ALL_COUNTRYCODE | USER_ALL_CODEPAGE) + +// Fields that can only be read by trusted clients. + +#define USER_ALL_READ_TRUSTED_MASK \ + (USER_ALL_NTPASSWORDPRESENT | \ + USER_ALL_LMPASSWORDPRESENT | \ + USER_ALL_PASSWORDEXPIRED | \ + USER_ALL_SECURITYDESCRIPTOR | \ + USER_ALL_PRIVATEDATA) + +// Fields that can't be read. + +#define USER_ALL_READ_CANT_MASK USER_ALL_UNDEFINED_MASK + +// Fields that require USER_WRITE_ACCOUNT access to write. + +#define USER_ALL_WRITE_ACCOUNT_MASK \ + (USER_ALL_USERNAME | \ + USER_ALL_FULLNAME | \ + USER_ALL_PRIMARYGROUPID | \ + USER_ALL_HOMEDIRECTORY | \ + USER_ALL_HOMEDIRECTORYDRIVE | \ + USER_ALL_SCRIPTPATH | \ + USER_ALL_PROFILEPATH | \ + USER_ALL_ADMINCOMMENT | \ + USER_ALL_WORKSTATIONS | \ + USER_ALL_LOGONHOURS | \ + USER_ALL_ACCOUNTEXPIRES | \ + USER_ALL_USERACCOUNTCONTROL | \ + USER_ALL_PARAMETERS) + +// Fields that require USER_WRITE_PREFERENCES access to write. + +#define USER_ALL_WRITE_PREFERENCES_MASK \ + (USER_ALL_USERCOMMENT | USER_ALL_COUNTRYCODE | USER_ALL_CODEPAGE) + +// Fields that require USER_FORCE_PASSWORD_CHANGE access to write. +// +// Note that non-trusted clients only set the NT password as a +// UNICODE string. The wrapper will convert it to an LM password, +// OWF and encrypt both versions. Trusted clients can pass in OWF +// versions of either or both. + +#define USER_ALL_WRITE_FORCE_PASSWORD_CHANGE_MASK \ + (USER_ALL_NTPASSWORDPRESENT | \ + USER_ALL_LMPASSWORDPRESENT | \ + USER_ALL_PASSWORDEXPIRED) + +// Fields that can only be written by trusted clients. + +#define USER_ALL_WRITE_TRUSTED_MASK \ + (USER_ALL_LASTLOGON | \ + USER_ALL_LASTLOGOFF | \ + USER_ALL_BADPASSWORDCOUNT | \ + USER_ALL_LOGONCOUNT | \ + USER_ALL_PASSWORDLASTSET | \ + USER_ALL_SECURITYDESCRIPTOR | \ + USER_ALL_PRIVATEDATA) + +// Fields that can't be written. + +#define USER_ALL_WRITE_CANT_MASK \ + (USER_ALL_USERID | \ + USER_ALL_PASSWORDCANCHANGE | \ + USER_ALL_PASSWORDMUSTCHANGE | \ + USER_ALL_UNDEFINED_MASK) + +#include +typedef struct _USER_ALL_INFORMATION +{ + LARGE_INTEGER LastLogon; + LARGE_INTEGER LastLogoff; + LARGE_INTEGER PasswordLastSet; + LARGE_INTEGER AccountExpires; + LARGE_INTEGER PasswordCanChange; + LARGE_INTEGER PasswordMustChange; + UNICODE_STRING UserName; + UNICODE_STRING FullName; + UNICODE_STRING HomeDirectory; + UNICODE_STRING HomeDirectoryDrive; + UNICODE_STRING ScriptPath; + UNICODE_STRING ProfilePath; + UNICODE_STRING AdminComment; + UNICODE_STRING WorkStations; + UNICODE_STRING UserComment; + UNICODE_STRING Parameters; + UNICODE_STRING LmPassword; + UNICODE_STRING NtPassword; + UNICODE_STRING PrivateData; + SR_SECURITY_DESCRIPTOR SecurityDescriptor; + ULONG UserId; + ULONG PrimaryGroupId; + ULONG UserAccountControl; + ULONG WhichFields; + LOGON_HOURS LogonHours; + USHORT BadPasswordCount; + USHORT LogonCount; + USHORT CountryCode; + USHORT CodePage; + BOOLEAN LmPasswordPresent; + BOOLEAN NtPasswordPresent; + BOOLEAN PasswordExpired; + BOOLEAN PrivateDataSensitive; +} USER_ALL_INFORMATION, *PUSER_ALL_INFORMATION; +#include + +#include +typedef struct _USER_INTERNAL3_INFORMATION +{ + USER_ALL_INFORMATION I1; + LARGE_INTEGER LastBadPasswordTime; +} USER_INTERNAL3_INFORMATION, *PUSER_INTERNAL3_INFORMATION; +#include + +typedef struct _ENCRYPTED_USER_PASSWORD +{ + UCHAR Buffer[(SAM_MAX_PASSWORD_LENGTH * 2) + 4]; +} ENCRYPTED_USER_PASSWORD, *PENCRYPTED_USER_PASSWORD; + +typedef struct _USER_INTERNAL4_INFORMATION +{ + USER_ALL_INFORMATION I1; + ENCRYPTED_USER_PASSWORD UserPassword; +} USER_INTERNAL4_INFORMATION, *PUSER_INTERNAL4_INFORMATION; + +typedef struct _USER_INTERNAL5_INFORMATION +{ + ENCRYPTED_USER_PASSWORD UserPassword; + BOOLEAN PasswordExpired; +} USER_INTERNAL5_INFORMATION, *PUSER_INTERNAL5_INFORMATION; + +typedef struct _ENCRYPTED_USER_PASSWORD_NEW +{ + UCHAR Buffer[(SAM_MAX_PASSWORD_LENGTH * 2) + 4 + SAM_PASSWORD_ENCRYPTION_SALT_LEN]; +} ENCRYPTED_USER_PASSWORD_NEW, *PENCRYPTED_USER_PASSWORD_NEW; + +typedef struct _USER_INTERNAL4_INFORMATION_NEW +{ + USER_ALL_INFORMATION I1; + ENCRYPTED_USER_PASSWORD_NEW UserPassword; +} USER_INTERNAL4_INFORMATION_NEW, *PUSER_INTERNAL4_INFORMATION_NEW; + +typedef struct _USER_INTERNAL5_INFORMATION_NEW +{ + ENCRYPTED_USER_PASSWORD_NEW UserPassword; + BOOLEAN PasswordExpired; +} USER_INTERNAL5_INFORMATION_NEW, *PUSER_INTERNAL5_INFORMATION_NEW; + +typedef struct _USER_ALLOWED_TO_DELEGATE_TO_LIST +{ + ULONG Size; + ULONG NumSPNs; + UNICODE_STRING SPNList[ANYSIZE_ARRAY]; +} USER_ALLOWED_TO_DELEGATE_TO_LIST, *PUSER_ALLOWED_TO_DELEGATE_TO_LIST; + +#define USER_EXTENDED_FIELD_UPN 0x00000001L +#define USER_EXTENDED_FIELD_A2D2 0x00000002L + +typedef struct _USER_INTERNAL6_INFORMATION +{ + USER_ALL_INFORMATION I1; + LARGE_INTEGER LastBadPasswordTime; + ULONG ExtendedFields; + BOOLEAN UPNDefaulted; + UNICODE_STRING UPN; + PUSER_ALLOWED_TO_DELEGATE_TO_LIST A2D2List; +} USER_INTERNAL6_INFORMATION, *PUSER_INTERNAL6_INFORMATION; + +typedef SAM_BYTE_ARRAY_32K SAM_USER_TILE, *PSAM_USER_TILE; + +// 0xff000fff is reserved for internal callers and implementation. + +#define USER_EXTENDED_FIELD_USER_TILE (0x00001000L) +#define USER_EXTENDED_FIELD_PASSWORD_HINT (0x00002000L) +#define USER_EXTENDED_FIELD_DONT_SHOW_IN_LOGON_UI (0x00004000L) +#define USER_EXTENDED_FIELD_SHELL_ADMIN_OBJECT_PROPERTIES (0x00008000L) + +typedef struct _USER_EXTENDED_INFORMATION +{ + ULONG ExtendedWhichFields; + SAM_USER_TILE UserTile; + UNICODE_STRING PasswordHint; + BOOLEAN DontShowInLogonUI; + SAM_SHELL_OBJECT_PROPERTIES ShellAdminObjectProperties; +} USER_EXTENDED_INFORMATION, *PUSER_EXTENDED_INFORMATION; + +// For local callers only. +typedef struct _USER_LOGON_UI_INFORMATION +{ + BOOLEAN PasswordIsBlank; + BOOLEAN AccountIsDisabled; +} USER_LOGON_UI_INFORMATION, *PUSER_LOGON_UI_INFORMATION; + +typedef struct _ENCRYPTED_PASSWORD_AES +{ + UCHAR AuthData[64]; + UCHAR Salt[SAM_PASSWORD_ENCRYPTION_SALT_LEN]; + ULONG cbCipher; + PUCHAR Cipher; + ULONGLONG PBKDF2Iterations; +} ENCRYPTED_PASSWORD_AES, *PENCRYPTED_PASSWORD_AES; + +typedef struct _USER_INTERNAL7_INFORMATION +{ + ENCRYPTED_PASSWORD_AES UserPassword; + BOOLEAN PasswordExpired; +} USER_INTERNAL7_INFORMATION, *PUSER_INTERNAL7_INFORMATION; + +typedef struct _USER_INTERNAL8_INFORMATION +{ + USER_ALL_INFORMATION I1; + ENCRYPTED_PASSWORD_AES UserPassword; +} USER_INTERNAL8_INFORMATION, *PUSER_INTERNAL8_INFORMATION; + +// SamChangePasswordUser3 types + +// Error values: +// * SAM_PWD_CHANGE_NO_ERROR +// * SAM_PWD_CHANGE_PASSWORD_TOO_SHORT +// * SAM_PWD_CHANGE_PWD_IN_HISTORY +// * SAM_PWD_CHANGE_USERNAME_IN_PASSWORD +// * SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD +// * SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT +// * SAM_PWD_CHANGE_FAILED_BY_FILTER + +typedef struct _USER_PWD_CHANGE_FAILURE_INFORMATION +{ + ULONG ExtendedFailureReason; + UNICODE_STRING FilterModuleName; +} USER_PWD_CHANGE_FAILURE_INFORMATION,*PUSER_PWD_CHANGE_FAILURE_INFORMATION; + +// ExtendedFailureReason values + +#define SAM_PWD_CHANGE_NO_ERROR 0 +#define SAM_PWD_CHANGE_PASSWORD_TOO_SHORT 1 +#define SAM_PWD_CHANGE_PWD_IN_HISTORY 2 +#define SAM_PWD_CHANGE_USERNAME_IN_PASSWORD 3 +#define SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD 4 +#define SAM_PWD_CHANGE_NOT_COMPLEX 5 +#define SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT 6 +#define SAM_PWD_CHANGE_FAILED_BY_FILTER 7 +#define SAM_PWD_CHANGE_PASSWORD_TOO_LONG 8 +#define SAM_PWD_CHANGE_FAILURE_REASON_MAX 8 + +// Functions + +_Check_return_ +NTSTATUS +NTAPI +SamEnumerateUsersInDomain( + _In_ SAM_HANDLE DomainHandle, + _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext, + _In_ ULONG UserAccountControl, + _Outptr_ PVOID *Buffer, // PSAM_RID_ENUMERATION * + _In_ ULONG PreferedMaximumLength, + _Out_ PULONG CountReturned + ); + +_Check_return_ +NTSTATUS +NTAPI +SamCreateUserInDomain( + _In_ SAM_HANDLE DomainHandle, + _In_ PUNICODE_STRING AccountName, + _In_ ACCESS_MASK DesiredAccess, + _Out_ PSAM_HANDLE UserHandle, + _Out_ PULONG RelativeId + ); + +_Check_return_ +NTSTATUS +NTAPI +SamCreateUser2InDomain( + _In_ SAM_HANDLE DomainHandle, + _In_ PUNICODE_STRING AccountName, + _In_ ULONG AccountType, + _In_ ACCESS_MASK DesiredAccess, + _Out_ PSAM_HANDLE UserHandle, + _Out_ PULONG GrantedAccess, + _Out_ PULONG RelativeId + ); + +_Check_return_ +NTSTATUS +NTAPI +SamOpenUser( + _In_ SAM_HANDLE DomainHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ ULONG UserId, + _Out_ PSAM_HANDLE UserHandle + ); + +_Check_return_ +NTSTATUS +NTAPI +SamDeleteUser( + _In_ SAM_HANDLE UserHandle + ); + +_Check_return_ +NTSTATUS +NTAPI +SamQueryInformationUser( + _In_ SAM_HANDLE UserHandle, + _In_ USER_INFORMATION_CLASS UserInformationClass, + _Outptr_ PVOID *Buffer + ); + +_Check_return_ +NTSTATUS +NTAPI +SamSetInformationUser( + _In_ SAM_HANDLE UserHandle, + _In_ USER_INFORMATION_CLASS UserInformationClass, + _In_ PVOID Buffer + ); + +_Check_return_ +NTSTATUS +NTAPI +SamGetGroupsForUser( + _In_ SAM_HANDLE UserHandle, + _Out_ _Deref_post_count_(*MembershipCount) PGROUP_MEMBERSHIP *Groups, + _Out_ PULONG MembershipCount + ); + +_Check_return_ +NTSTATUS +NTAPI +SamChangePasswordUser( + _In_ SAM_HANDLE UserHandle, + _In_ PUNICODE_STRING OldPassword, + _In_ PUNICODE_STRING NewPassword + ); + +_Check_return_ +NTSTATUS +NTAPI +SamChangePasswordUser2( + _In_ PUNICODE_STRING ServerName, + _In_ PUNICODE_STRING UserName, + _In_ PUNICODE_STRING OldPassword, + _In_ PUNICODE_STRING NewPassword + ); + +_Check_return_ +NTSTATUS +NTAPI +SamChangePasswordUser3( + _In_ PUNICODE_STRING ServerName, + _In_ PUNICODE_STRING UserName, + _In_ PUNICODE_STRING OldPassword, + _In_ PUNICODE_STRING NewPassword, + _Outptr_ PDOMAIN_PASSWORD_INFORMATION *EffectivePasswordPolicy, + _Outptr_ PUSER_PWD_CHANGE_FAILURE_INFORMATION *PasswordChangeFailureInfo + ); + +_Check_return_ +NTSTATUS +NTAPI +SamQueryDisplayInformation( + _In_ SAM_HANDLE DomainHandle, + _In_ DOMAIN_DISPLAY_INFORMATION DisplayInformation, + _In_ ULONG Index, + _In_ ULONG EntryCount, + _In_ ULONG PreferredMaximumLength, + _Out_ PULONG TotalAvailable, + _Out_ PULONG TotalReturned, + _Out_ PULONG ReturnedEntryCount, + _Outptr_ PVOID *SortedBuffer + ); + +_Check_return_ +NTSTATUS +NTAPI +SamGetDisplayEnumerationIndex( + _In_ SAM_HANDLE DomainHandle, + _In_ DOMAIN_DISPLAY_INFORMATION DisplayInformation, + _In_ PUNICODE_STRING Prefix, + _Out_ PULONG Index + ); + +// Database replication + +typedef enum _SECURITY_DB_DELTA_TYPE +{ + SecurityDbNew = 1, + SecurityDbRename, + SecurityDbDelete, + SecurityDbChangeMemberAdd, + SecurityDbChangeMemberSet, + SecurityDbChangeMemberDel, + SecurityDbChange, + SecurityDbChangePassword +} SECURITY_DB_DELTA_TYPE, *PSECURITY_DB_DELTA_TYPE; + +typedef enum _SECURITY_DB_OBJECT_TYPE +{ + SecurityDbObjectSamDomain = 1, + SecurityDbObjectSamUser, + SecurityDbObjectSamGroup, + SecurityDbObjectSamAlias, + SecurityDbObjectLsaPolicy, + SecurityDbObjectLsaTDomain, + SecurityDbObjectLsaAccount, + SecurityDbObjectLsaSecret +} SECURITY_DB_OBJECT_TYPE, *PSECURITY_DB_OBJECT_TYPE; + +typedef enum _SAM_ACCOUNT_TYPE +{ + SamObjectUser = 1, + SamObjectGroup, + SamObjectAlias +} SAM_ACCOUNT_TYPE, *PSAM_ACCOUNT_TYPE; + +#define SAM_USER_ACCOUNT (0x00000001) +#define SAM_GLOBAL_GROUP_ACCOUNT (0x00000002) +#define SAM_LOCAL_GROUP_ACCOUNT (0x00000004) + +typedef struct _SAM_GROUP_MEMBER_ID +{ + ULONG MemberRid; +} SAM_GROUP_MEMBER_ID, *PSAM_GROUP_MEMBER_ID; + +typedef struct _SAM_ALIAS_MEMBER_ID +{ + PSID MemberSid; +} SAM_ALIAS_MEMBER_ID, *PSAM_ALIAS_MEMBER_ID; + +typedef union _SAM_DELTA_DATA +{ + SAM_GROUP_MEMBER_ID GroupMemberId; + SAM_ALIAS_MEMBER_ID AliasMemberId; + ULONG AccountControl; +} SAM_DELTA_DATA, *PSAM_DELTA_DATA; + +typedef NTSTATUS (NTAPI *PSAM_DELTA_NOTIFICATION_ROUTINE)( + _In_ PSID DomainSid, + _In_ SECURITY_DB_DELTA_TYPE DeltaType, + _In_ SECURITY_DB_OBJECT_TYPE ObjectType, + _In_ ULONG ObjectRid, + _In_opt_ PUNICODE_STRING ObjectName, + _In_ PLARGE_INTEGER ModifiedCount, + _In_opt_ PSAM_DELTA_DATA DeltaData + ); + +#define SAM_DELTA_NOTIFY_ROUTINE "DeltaNotify" + +_Check_return_ +NTSTATUS +NTAPI +SamRegisterObjectChangeNotification( + _In_ SECURITY_DB_OBJECT_TYPE ObjectType, + _In_ HANDLE NotificationEventHandle + ); + +NTSTATUS +NTAPI +SamUnregisterObjectChangeNotification( + _In_ SECURITY_DB_OBJECT_TYPE ObjectType, + _In_ HANDLE NotificationEventHandle + ); + +// Compatibility mode + +#define SAM_SID_COMPATIBILITY_ALL 0 +#define SAM_SID_COMPATIBILITY_LAX 1 +#define SAM_SID_COMPATIBILITY_STRICT 2 + +_Check_return_ +NTSTATUS +NTAPI +SamGetCompatibilityMode( + _In_ SAM_HANDLE ObjectHandle, + _Out_ ULONG *Mode + ); + +// Password validation + +typedef enum _PASSWORD_POLICY_VALIDATION_TYPE +{ + SamValidateAuthentication = 1, + SamValidatePasswordChange, + SamValidatePasswordReset +} PASSWORD_POLICY_VALIDATION_TYPE; + +typedef struct _SAM_VALIDATE_PASSWORD_HASH +{ + ULONG Length; + _Field_size_bytes_(Length) PUCHAR Hash; +} SAM_VALIDATE_PASSWORD_HASH, *PSAM_VALIDATE_PASSWORD_HASH; + +// Flags for PresentFields in SAM_VALIDATE_PERSISTED_FIELDS + +#define SAM_VALIDATE_PASSWORD_LAST_SET 0x00000001 +#define SAM_VALIDATE_BAD_PASSWORD_TIME 0x00000002 +#define SAM_VALIDATE_LOCKOUT_TIME 0x00000004 +#define SAM_VALIDATE_BAD_PASSWORD_COUNT 0x00000008 +#define SAM_VALIDATE_PASSWORD_HISTORY_LENGTH 0x00000010 +#define SAM_VALIDATE_PASSWORD_HISTORY 0x00000020 + +typedef struct _SAM_VALIDATE_PERSISTED_FIELDS +{ + ULONG PresentFields; + LARGE_INTEGER PasswordLastSet; + LARGE_INTEGER BadPasswordTime; + LARGE_INTEGER LockoutTime; + ULONG BadPasswordCount; + ULONG PasswordHistoryLength; + _Field_size_bytes_(PasswordHistoryLength) PSAM_VALIDATE_PASSWORD_HASH PasswordHistory; +} SAM_VALIDATE_PERSISTED_FIELDS, *PSAM_VALIDATE_PERSISTED_FIELDS; + +typedef enum _SAM_VALIDATE_VALIDATION_STATUS +{ + SamValidateSuccess = 0, + SamValidatePasswordMustChange, + SamValidateAccountLockedOut, + SamValidatePasswordExpired, + SamValidatePasswordIncorrect, + SamValidatePasswordIsInHistory, + SamValidatePasswordTooShort, + SamValidatePasswordTooLong, + SamValidatePasswordNotComplexEnough, + SamValidatePasswordTooRecent, + SamValidatePasswordFilterError +} SAM_VALIDATE_VALIDATION_STATUS, *PSAM_VALIDATE_VALIDATION_STATUS; + +typedef struct _SAM_VALIDATE_STANDARD_OUTPUT_ARG +{ + SAM_VALIDATE_PERSISTED_FIELDS ChangedPersistedFields; + SAM_VALIDATE_VALIDATION_STATUS ValidationStatus; +} SAM_VALIDATE_STANDARD_OUTPUT_ARG, *PSAM_VALIDATE_STANDARD_OUTPUT_ARG; + +typedef struct _SAM_VALIDATE_AUTHENTICATION_INPUT_ARG +{ + SAM_VALIDATE_PERSISTED_FIELDS InputPersistedFields; + BOOLEAN PasswordMatched; +} SAM_VALIDATE_AUTHENTICATION_INPUT_ARG, *PSAM_VALIDATE_AUTHENTICATION_INPUT_ARG; + +typedef struct _SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG +{ + SAM_VALIDATE_PERSISTED_FIELDS InputPersistedFields; + UNICODE_STRING ClearPassword; + UNICODE_STRING UserAccountName; + SAM_VALIDATE_PASSWORD_HASH HashedPassword; + BOOLEAN PasswordMatch; // denotes if the old password supplied by user matched or not +} SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG, *PSAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG; + +typedef struct _SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG +{ + SAM_VALIDATE_PERSISTED_FIELDS InputPersistedFields; + UNICODE_STRING ClearPassword; + UNICODE_STRING UserAccountName; + SAM_VALIDATE_PASSWORD_HASH HashedPassword; + BOOLEAN PasswordMustChangeAtNextLogon; // looked at only for password reset + BOOLEAN ClearLockout; // can be used clear user account lockout +}SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG, *PSAM_VALIDATE_PASSWORD_RESET_INPUT_ARG; + +typedef union _SAM_VALIDATE_INPUT_ARG +{ + SAM_VALIDATE_AUTHENTICATION_INPUT_ARG ValidateAuthenticationInput; + SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG ValidatePasswordChangeInput; + SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG ValidatePasswordResetInput; +} SAM_VALIDATE_INPUT_ARG, *PSAM_VALIDATE_INPUT_ARG; + +typedef union _SAM_VALIDATE_OUTPUT_ARG +{ + SAM_VALIDATE_STANDARD_OUTPUT_ARG ValidateAuthenticationOutput; + SAM_VALIDATE_STANDARD_OUTPUT_ARG ValidatePasswordChangeOutput; + SAM_VALIDATE_STANDARD_OUTPUT_ARG ValidatePasswordResetOutput; +} SAM_VALIDATE_OUTPUT_ARG, *PSAM_VALIDATE_OUTPUT_ARG; + +_Check_return_ +NTSTATUS +NTAPI +SamValidatePassword( + _In_opt_ PUNICODE_STRING ServerName, + _In_ PASSWORD_POLICY_VALIDATION_TYPE ValidationType, + _In_ PSAM_VALIDATE_INPUT_ARG InputArg, + _Out_ PSAM_VALIDATE_OUTPUT_ARG *OutputArg + ); + +// Generic operation + +typedef enum _SAM_GENERIC_OPERATION_TYPE +{ + SamObjectChangeNotificationOperation +} SAM_GENERIC_OPERATION_TYPE, *PSAM_GENERIC_OPERATION_TYPE; + +typedef struct _SAM_OPERATION_OBJCHG_INPUT +{ + BOOLEAN Register; + ULONG64 EventHandle; + SECURITY_DB_OBJECT_TYPE ObjectType; + ULONG ProcessID; +} SAM_OPERATION_OBJCHG_INPUT, *PSAM_OPERATION_OBJCHG_INPUT; + +typedef struct _SAM_OPERATION_OBJCHG_OUTPUT +{ + ULONG Reserved; +} SAM_OPERATION_OBJCHG_OUTPUT, *PSAM_OPERATION_OBJCHG_OUTPUT; + +typedef union _SAM_GENERIC_OPERATION_INPUT +{ + SAM_OPERATION_OBJCHG_INPUT ObjChangeIn; +} SAM_GENERIC_OPERATION_INPUT, *PSAM_GENERIC_OPERATION_INPUT; + +typedef union _SAM_GENERIC_OPERATION_OUTPUT +{ + SAM_OPERATION_OBJCHG_OUTPUT ObjChangeOut; +} SAM_GENERIC_OPERATION_OUTPUT, *PSAM_GENERIC_OPERATION_OUTPUT; + +_Check_return_ +NTSTATUS +NTAPI +SamPerformGenericOperation( + _In_opt_ PWSTR ServerName, + _In_ SAM_GENERIC_OPERATION_TYPE OperationType, + _In_ PSAM_GENERIC_OPERATION_INPUT OperationIn, + _Out_ PSAM_GENERIC_OPERATION_OUTPUT *OperationOut + ); + +#endif diff --git a/deps/phnt-nightly/ntseapi.h b/deps/phnt-nightly/ntseapi.h new file mode 100644 index 0000000..19030c8 --- /dev/null +++ b/deps/phnt-nightly/ntseapi.h @@ -0,0 +1,710 @@ +/* + * Authorization functions + * + * This file is part of System Informer. + */ + +#ifndef _NTSEAPI_H +#define _NTSEAPI_H + +// Privileges + +#define SE_MIN_WELL_KNOWN_PRIVILEGE (2L) +#define SE_CREATE_TOKEN_PRIVILEGE (2L) +#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L) +#define SE_LOCK_MEMORY_PRIVILEGE (4L) +#define SE_INCREASE_QUOTA_PRIVILEGE (5L) + +#define SE_MACHINE_ACCOUNT_PRIVILEGE (6L) +#define SE_TCB_PRIVILEGE (7L) +#define SE_SECURITY_PRIVILEGE (8L) +#define SE_TAKE_OWNERSHIP_PRIVILEGE (9L) +#define SE_LOAD_DRIVER_PRIVILEGE (10L) +#define SE_SYSTEM_PROFILE_PRIVILEGE (11L) +#define SE_SYSTEMTIME_PRIVILEGE (12L) +#define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L) +#define SE_INC_BASE_PRIORITY_PRIVILEGE (14L) +#define SE_CREATE_PAGEFILE_PRIVILEGE (15L) +#define SE_CREATE_PERMANENT_PRIVILEGE (16L) +#define SE_BACKUP_PRIVILEGE (17L) +#define SE_RESTORE_PRIVILEGE (18L) +#define SE_SHUTDOWN_PRIVILEGE (19L) +#define SE_DEBUG_PRIVILEGE (20L) +#define SE_AUDIT_PRIVILEGE (21L) +#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L) +#define SE_CHANGE_NOTIFY_PRIVILEGE (23L) +#define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L) +#define SE_UNDOCK_PRIVILEGE (25L) +#define SE_SYNC_AGENT_PRIVILEGE (26L) +#define SE_ENABLE_DELEGATION_PRIVILEGE (27L) +#define SE_MANAGE_VOLUME_PRIVILEGE (28L) +#define SE_IMPERSONATE_PRIVILEGE (29L) +#define SE_CREATE_GLOBAL_PRIVILEGE (30L) +#define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE (31L) +#define SE_RELABEL_PRIVILEGE (32L) +#define SE_INC_WORKING_SET_PRIVILEGE (33L) +#define SE_TIME_ZONE_PRIVILEGE (34L) +#define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE (35L) +#define SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE (36L) +#define SE_MAX_WELL_KNOWN_PRIVILEGE SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE + +// Authz + +// begin_rev + +#if (PHNT_MODE == PHNT_MODE_KERNEL) +typedef enum _TOKEN_INFORMATION_CLASS +{ + TokenUser = 1, // q: TOKEN_USER, SE_TOKEN_USER + TokenGroups, // q: TOKEN_GROUPS + TokenPrivileges, // q: TOKEN_PRIVILEGES + TokenOwner, // q; s: TOKEN_OWNER + TokenPrimaryGroup, // q; s: TOKEN_PRIMARY_GROUP + TokenDefaultDacl, // q; s: TOKEN_DEFAULT_DACL + TokenSource, // q: TOKEN_SOURCE + TokenType, // q: TOKEN_TYPE + TokenImpersonationLevel, // q: SECURITY_IMPERSONATION_LEVEL + TokenStatistics, // q: TOKEN_STATISTICS // 10 + TokenRestrictedSids, // q: TOKEN_GROUPS + TokenSessionId, // q; s: ULONG (requires SeTcbPrivilege) + TokenGroupsAndPrivileges, // q: TOKEN_GROUPS_AND_PRIVILEGES + TokenSessionReference, // s: ULONG (requires SeTcbPrivilege) + TokenSandBoxInert, // q: ULONG + TokenAuditPolicy, // q; s: TOKEN_AUDIT_POLICY (requires SeSecurityPrivilege/SeTcbPrivilege) + TokenOrigin, // q; s: TOKEN_ORIGIN (requires SeTcbPrivilege) + TokenElevationType, // q: TOKEN_ELEVATION_TYPE + TokenLinkedToken, // q; s: TOKEN_LINKED_TOKEN (requires SeCreateTokenPrivilege) + TokenElevation, // q: TOKEN_ELEVATION // 20 + TokenHasRestrictions, // q: ULONG + TokenAccessInformation, // q: TOKEN_ACCESS_INFORMATION + TokenVirtualizationAllowed, // q; s: ULONG (requires SeCreateTokenPrivilege) + TokenVirtualizationEnabled, // q; s: ULONG + TokenIntegrityLevel, // q; s: TOKEN_MANDATORY_LABEL + TokenUIAccess, // q; s: ULONG (requires SeTcbPrivilege) + TokenMandatoryPolicy, // q; s: TOKEN_MANDATORY_POLICY (requires SeTcbPrivilege) + TokenLogonSid, // q: TOKEN_GROUPS + TokenIsAppContainer, // q: ULONG // since WIN8 + TokenCapabilities, // q: TOKEN_GROUPS // 30 + TokenAppContainerSid, // q: TOKEN_APPCONTAINER_INFORMATION + TokenAppContainerNumber, // q: ULONG + TokenUserClaimAttributes, // q: CLAIM_SECURITY_ATTRIBUTES_INFORMATION + TokenDeviceClaimAttributes, // q: CLAIM_SECURITY_ATTRIBUTES_INFORMATION + TokenRestrictedUserClaimAttributes, // q: CLAIM_SECURITY_ATTRIBUTES_INFORMATION + TokenRestrictedDeviceClaimAttributes, // q: CLAIM_SECURITY_ATTRIBUTES_INFORMATION + TokenDeviceGroups, // q: TOKEN_GROUPS + TokenRestrictedDeviceGroups, // q: TOKEN_GROUPS + TokenSecurityAttributes, // q; s: TOKEN_SECURITY_ATTRIBUTES_[AND_OPERATION_]INFORMATION (requires SeTcbPrivilege) + TokenIsRestricted, // q: ULONG // 40 + TokenProcessTrustLevel, // q: TOKEN_PROCESS_TRUST_LEVEL // since WINBLUE + TokenPrivateNameSpace, // q; s: ULONG (requires SeTcbPrivilege) // since THRESHOLD + TokenSingletonAttributes, // q: TOKEN_SECURITY_ATTRIBUTES_INFORMATION // since REDSTONE + TokenBnoIsolation, // q: TOKEN_BNO_ISOLATION_INFORMATION // since REDSTONE2 + TokenChildProcessFlags, // s: ULONG (requires SeTcbPrivilege) // since REDSTONE3 + TokenIsLessPrivilegedAppContainer, // q: ULONG // since REDSTONE5 + TokenIsSandboxed, // q: ULONG // since 19H1 + TokenIsAppSilo, // q: ULONG // since WIN11 22H2 // previously TokenOriginatingProcessTrustLevel // q: TOKEN_PROCESS_TRUST_LEVEL + MaxTokenInfoClass +} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS; +#endif + +// Types + +#define TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID 0x00 +#define TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64 0x01 +#define TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64 0x02 +#define TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING 0x03 +#define TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN 0x04 +#define TOKEN_SECURITY_ATTRIBUTE_TYPE_SID 0x05 +#define TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN 0x06 +#define TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING 0x10 + +// Flags + +#define TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE 0x0001 +#define TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE 0x0002 +#define TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY 0x0004 +#define TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT 0x0008 +#define TOKEN_SECURITY_ATTRIBUTE_DISABLED 0x0010 +#define TOKEN_SECURITY_ATTRIBUTE_MANDATORY 0x0020 +#define TOKEN_SECURITY_ATTRIBUTE_COMPARE_IGNORE 0x0040 + +#define TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS ( \ + TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE | \ + TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE | \ + TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY | \ + TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT | \ + TOKEN_SECURITY_ATTRIBUTE_DISABLED | \ + TOKEN_SECURITY_ATTRIBUTE_MANDATORY) + +#define TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS 0xffff0000 + +// end_rev + +// private +typedef struct _TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE +{ + ULONG64 Version; + UNICODE_STRING Name; +} TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE, *PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE; + +// private +typedef struct _TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE +{ + PVOID pValue; + ULONG ValueLength; +} TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, *PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE; + +// private +typedef struct _TOKEN_SECURITY_ATTRIBUTE_V1 +{ + UNICODE_STRING Name; + USHORT ValueType; + USHORT Reserved; + ULONG Flags; + ULONG ValueCount; + union + { + PLONG64 pInt64; + PULONG64 pUint64; + PUNICODE_STRING pString; + PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE pFqbn; + PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE pOctetString; + } Values; +} TOKEN_SECURITY_ATTRIBUTE_V1, *PTOKEN_SECURITY_ATTRIBUTE_V1; + +// rev +#define TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1 1 +// rev +#define TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1 + +// private +typedef struct _TOKEN_SECURITY_ATTRIBUTES_INFORMATION +{ + USHORT Version; + USHORT Reserved; + ULONG AttributeCount; + union + { + PTOKEN_SECURITY_ATTRIBUTE_V1 pAttributeV1; + } Attribute; +} TOKEN_SECURITY_ATTRIBUTES_INFORMATION, *PTOKEN_SECURITY_ATTRIBUTES_INFORMATION; + +// private +typedef enum _TOKEN_SECURITY_ATTRIBUTE_OPERATION +{ + TOKEN_SECURITY_ATTRIBUTE_OPERATION_NONE, + TOKEN_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL, + TOKEN_SECURITY_ATTRIBUTE_OPERATION_ADD, + TOKEN_SECURITY_ATTRIBUTE_OPERATION_DELETE, + TOKEN_SECURITY_ATTRIBUTE_OPERATION_REPLACE +} TOKEN_SECURITY_ATTRIBUTE_OPERATION, *PTOKEN_SECURITY_ATTRIBUTE_OPERATION; + +// private +typedef struct _TOKEN_SECURITY_ATTRIBUTES_AND_OPERATION_INFORMATION +{ + PTOKEN_SECURITY_ATTRIBUTES_INFORMATION Attributes; + PTOKEN_SECURITY_ATTRIBUTE_OPERATION Operations; +} TOKEN_SECURITY_ATTRIBUTES_AND_OPERATION_INFORMATION, *PTOKEN_SECURITY_ATTRIBUTES_AND_OPERATION_INFORMATION; + +// rev +typedef struct _TOKEN_PROCESS_TRUST_LEVEL +{ + PSID TrustLevelSid; +} TOKEN_PROCESS_TRUST_LEVEL, *PTOKEN_PROCESS_TRUST_LEVEL; + +// Tokens + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateToken( + _Out_ PHANDLE TokenHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ TOKEN_TYPE Type, + _In_ PLUID AuthenticationId, + _In_ PLARGE_INTEGER ExpirationTime, + _In_ PTOKEN_USER User, + _In_ PTOKEN_GROUPS Groups, + _In_ PTOKEN_PRIVILEGES Privileges, + _In_opt_ PTOKEN_OWNER Owner, + _In_ PTOKEN_PRIMARY_GROUP PrimaryGroup, + _In_opt_ PTOKEN_DEFAULT_DACL DefaultDacl, + _In_ PTOKEN_SOURCE Source + ); + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateLowBoxToken( + _Out_ PHANDLE TokenHandle, + _In_ HANDLE ExistingTokenHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ PSID PackageSid, + _In_ ULONG CapabilityCount, + _In_reads_opt_(CapabilityCount) PSID_AND_ATTRIBUTES Capabilities, + _In_ ULONG HandleCount, + _In_reads_opt_(HandleCount) HANDLE *Handles + ); +#endif + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateTokenEx( + _Out_ PHANDLE TokenHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ TOKEN_TYPE Type, + _In_ PLUID AuthenticationId, + _In_ PLARGE_INTEGER ExpirationTime, + _In_ PTOKEN_USER User, + _In_ PTOKEN_GROUPS Groups, + _In_ PTOKEN_PRIVILEGES Privileges, + _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION UserAttributes, + _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION DeviceAttributes, + _In_opt_ PTOKEN_GROUPS DeviceGroups, + _In_opt_ PTOKEN_MANDATORY_POLICY MandatoryPolicy, + _In_opt_ PTOKEN_OWNER Owner, + _In_ PTOKEN_PRIMARY_GROUP PrimaryGroup, + _In_opt_ PTOKEN_DEFAULT_DACL DefaultDacl, + _In_ PTOKEN_SOURCE Source + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenProcessToken( + _In_ HANDLE ProcessHandle, + _In_ ACCESS_MASK DesiredAccess, + _Out_ PHANDLE TokenHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenProcessTokenEx( + _In_ HANDLE ProcessHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ ULONG HandleAttributes, + _Out_ PHANDLE TokenHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenThreadToken( + _In_ HANDLE ThreadHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ BOOLEAN OpenAsSelf, + _Out_ PHANDLE TokenHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenThreadTokenEx( + _In_ HANDLE ThreadHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ BOOLEAN OpenAsSelf, + _In_ ULONG HandleAttributes, + _Out_ PHANDLE TokenHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDuplicateToken( + _In_ HANDLE ExistingTokenHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ BOOLEAN EffectiveOnly, + _In_ TOKEN_TYPE Type, + _Out_ PHANDLE NewTokenHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInformationToken( + _In_ HANDLE TokenHandle, + _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, + _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, + _In_ ULONG TokenInformationLength, + _Out_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationToken( + _In_ HANDLE TokenHandle, + _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, + _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, + _In_ ULONG TokenInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAdjustPrivilegesToken( + _In_ HANDLE TokenHandle, + _In_ BOOLEAN DisableAllPrivileges, + _In_opt_ PTOKEN_PRIVILEGES NewState, + _In_ ULONG BufferLength, + _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAdjustGroupsToken( + _In_ HANDLE TokenHandle, + _In_ BOOLEAN ResetToDefault, + _In_opt_ PTOKEN_GROUPS NewState, + _In_opt_ ULONG BufferLength, + _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, + _Out_opt_ PULONG ReturnLength + ); + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAdjustTokenClaimsAndDeviceGroups( + _In_ HANDLE TokenHandle, + _In_ BOOLEAN UserResetToDefault, + _In_ BOOLEAN DeviceResetToDefault, + _In_ BOOLEAN DeviceGroupsResetToDefault, + _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewUserState, + _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewDeviceState, + _In_opt_ PTOKEN_GROUPS NewDeviceGroupsState, + _In_ ULONG UserBufferLength, + _Out_writes_bytes_to_opt_(UserBufferLength, *UserReturnLength) PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousUserState, + _In_ ULONG DeviceBufferLength, + _Out_writes_bytes_to_opt_(DeviceBufferLength, *DeviceReturnLength) PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousDeviceState, + _In_ ULONG DeviceGroupsBufferLength, + _Out_writes_bytes_to_opt_(DeviceGroupsBufferLength, *DeviceGroupsReturnBufferLength) PTOKEN_GROUPS PreviousDeviceGroups, + _Out_opt_ PULONG UserReturnLength, + _Out_opt_ PULONG DeviceReturnLength, + _Out_opt_ PULONG DeviceGroupsReturnBufferLength + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFilterToken( + _In_ HANDLE ExistingTokenHandle, + _In_ ULONG Flags, + _In_opt_ PTOKEN_GROUPS SidsToDisable, + _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, + _In_opt_ PTOKEN_GROUPS RestrictedSids, + _Out_ PHANDLE NewTokenHandle + ); + +#if (PHNT_VERSION >= PHNT_WIN8) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFilterTokenEx( + _In_ HANDLE ExistingTokenHandle, + _In_ ULONG Flags, + _In_opt_ PTOKEN_GROUPS SidsToDisable, + _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, + _In_opt_ PTOKEN_GROUPS RestrictedSids, + _In_ ULONG DisableUserClaimsCount, + _In_opt_ PUNICODE_STRING UserClaimsToDisable, + _In_ ULONG DisableDeviceClaimsCount, + _In_opt_ PUNICODE_STRING DeviceClaimsToDisable, + _In_opt_ PTOKEN_GROUPS DeviceGroupsToDisable, + _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedUserAttributes, + _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedDeviceAttributes, + _In_opt_ PTOKEN_GROUPS RestrictedDeviceGroups, + _Out_ PHANDLE NewTokenHandle + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCompareTokens( + _In_ HANDLE FirstTokenHandle, + _In_ HANDLE SecondTokenHandle, + _Out_ PBOOLEAN Equal + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtPrivilegeCheck( + _In_ HANDLE ClientToken, + _Inout_ PPRIVILEGE_SET RequiredPrivileges, + _Out_ PBOOLEAN Result + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtImpersonateAnonymousToken( + _In_ HANDLE ThreadHandle + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +// rev +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQuerySecurityAttributesToken( + _In_ HANDLE TokenHandle, + _In_reads_opt_(NumberOfAttributes) PUNICODE_STRING Attributes, + _In_ ULONG NumberOfAttributes, + _Out_writes_bytes_(Length) PVOID Buffer, // PTOKEN_SECURITY_ATTRIBUTES_INFORMATION + _In_ ULONG Length, + _Out_ PULONG ReturnLength + ); +#endif + +// Access checking + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAccessCheck( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ HANDLE ClientToken, + _In_ ACCESS_MASK DesiredAccess, + _In_ PGENERIC_MAPPING GenericMapping, + _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, + _Inout_ PULONG PrivilegeSetLength, + _Out_ PACCESS_MASK GrantedAccess, + _Out_ PNTSTATUS AccessStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAccessCheckByType( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_opt_ PSID PrincipalSelfSid, + _In_ HANDLE ClientToken, + _In_ ACCESS_MASK DesiredAccess, + _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, + _In_ ULONG ObjectTypeListLength, + _In_ PGENERIC_MAPPING GenericMapping, + _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, + _Inout_ PULONG PrivilegeSetLength, + _Out_ PACCESS_MASK GrantedAccess, + _Out_ PNTSTATUS AccessStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAccessCheckByTypeResultList( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_opt_ PSID PrincipalSelfSid, + _In_ HANDLE ClientToken, + _In_ ACCESS_MASK DesiredAccess, + _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, + _In_ ULONG ObjectTypeListLength, + _In_ PGENERIC_MAPPING GenericMapping, + _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, + _Inout_ PULONG PrivilegeSetLength, + _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, + _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus + ); + +// Signing + +#if (PHNT_VERSION >= PHNT_WIN8) + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetCachedSigningLevel( + _In_ ULONG Flags, + _In_ SE_SIGNING_LEVEL InputSigningLevel, + _In_reads_(SourceFileCount) PHANDLE SourceFiles, + _In_ ULONG SourceFileCount, + _In_opt_ HANDLE TargetFile + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtGetCachedSigningLevel( + _In_ HANDLE File, + _Out_ PULONG Flags, + _Out_ PSE_SIGNING_LEVEL SigningLevel, + _Out_writes_bytes_to_opt_(*ThumbprintSize, *ThumbprintSize) PUCHAR Thumbprint, + _Inout_opt_ PULONG ThumbprintSize, + _Out_opt_ PULONG ThumbprintAlgorithm + ); + +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE2) + +// rev +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCompareSigningLevels( + _In_ SE_SIGNING_LEVEL FirstSigningLevel, + _In_ SE_SIGNING_LEVEL SecondSigningLevel + ); + +#endif + +// Audit alarm + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAccessCheckAndAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ PUNICODE_STRING ObjectTypeName, + _In_ PUNICODE_STRING ObjectName, + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ ACCESS_MASK DesiredAccess, + _In_ PGENERIC_MAPPING GenericMapping, + _In_ BOOLEAN ObjectCreation, + _Out_ PACCESS_MASK GrantedAccess, + _Out_ PNTSTATUS AccessStatus, + _Out_ PBOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAccessCheckByTypeAndAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ PUNICODE_STRING ObjectTypeName, + _In_ PUNICODE_STRING ObjectName, + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_opt_ PSID PrincipalSelfSid, + _In_ ACCESS_MASK DesiredAccess, + _In_ AUDIT_EVENT_TYPE AuditType, + _In_ ULONG Flags, + _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, + _In_ ULONG ObjectTypeListLength, + _In_ PGENERIC_MAPPING GenericMapping, + _In_ BOOLEAN ObjectCreation, + _Out_ PACCESS_MASK GrantedAccess, + _Out_ PNTSTATUS AccessStatus, + _Out_ PBOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAccessCheckByTypeResultListAndAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ PUNICODE_STRING ObjectTypeName, + _In_ PUNICODE_STRING ObjectName, + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_opt_ PSID PrincipalSelfSid, + _In_ ACCESS_MASK DesiredAccess, + _In_ AUDIT_EVENT_TYPE AuditType, + _In_ ULONG Flags, + _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, + _In_ ULONG ObjectTypeListLength, + _In_ PGENERIC_MAPPING GenericMapping, + _In_ BOOLEAN ObjectCreation, + _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, + _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, + _Out_ PBOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtAccessCheckByTypeResultListAndAuditAlarmByHandle( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ HANDLE ClientToken, + _In_ PUNICODE_STRING ObjectTypeName, + _In_ PUNICODE_STRING ObjectName, + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_opt_ PSID PrincipalSelfSid, + _In_ ACCESS_MASK DesiredAccess, + _In_ AUDIT_EVENT_TYPE AuditType, + _In_ ULONG Flags, + _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, + _In_ ULONG ObjectTypeListLength, + _In_ PGENERIC_MAPPING GenericMapping, + _In_ BOOLEAN ObjectCreation, + _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, + _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, + _Out_ PBOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenObjectAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ PUNICODE_STRING ObjectTypeName, + _In_ PUNICODE_STRING ObjectName, + _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ HANDLE ClientToken, + _In_ ACCESS_MASK DesiredAccess, + _In_ ACCESS_MASK GrantedAccess, + _In_opt_ PPRIVILEGE_SET Privileges, + _In_ BOOLEAN ObjectCreation, + _In_ BOOLEAN AccessGranted, + _Out_ PBOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtPrivilegeObjectAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ HANDLE ClientToken, + _In_ ACCESS_MASK DesiredAccess, + _In_ PPRIVILEGE_SET Privileges, + _In_ BOOLEAN AccessGranted + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCloseObjectAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ BOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtDeleteObjectAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ BOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtPrivilegedServiceAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_ PUNICODE_STRING ServiceName, + _In_ HANDLE ClientToken, + _In_ PPRIVILEGE_SET Privileges, + _In_ BOOLEAN AccessGranted + ); + +#endif diff --git a/deps/phnt-nightly/ntsmss.h b/deps/phnt-nightly/ntsmss.h new file mode 100644 index 0000000..7fc1752 --- /dev/null +++ b/deps/phnt-nightly/ntsmss.h @@ -0,0 +1,28 @@ +/* + * Windows Session Manager support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTSMSS_H +#define _NTSMSS_H + +NTSYSAPI +NTSTATUS +NTAPI +RtlConnectToSm( + _In_ PUNICODE_STRING ApiPortName, + _In_ HANDLE ApiPortHandle, + _In_ DWORD ProcessImageType, + _Out_ PHANDLE SmssConnection + ); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSendMsgToSm( + _In_ HANDLE ApiPortHandle, + _In_ PPORT_MESSAGE MessageData + ); + +#endif diff --git a/deps/phnt-nightly/ntsxs.h b/deps/phnt-nightly/ntsxs.h new file mode 100644 index 0000000..4d12150 --- /dev/null +++ b/deps/phnt-nightly/ntsxs.h @@ -0,0 +1,515 @@ +/* + * Side-by-side assembly support definitions. + * + * This file is part of System Informer. + */ + +#ifndef _NTSXS_H +#define _NTSXS_H + +#define ACTIVATION_CONTEXT_DATA_MAGIC ('xtcA') +#define ACTIVATION_CONTEXT_DATA_FORMAT_WHISTLER 1 + +#define ACTIVATION_CONTEXT_FLAG_NO_INHERIT 0x00000001 + +#if (PHNT_MODE == PHNT_MODE_KERNEL) +typedef enum _ACTCTX_REQUESTED_RUN_LEVEL +{ + ACTCTX_RUN_LEVEL_UNSPECIFIED = 0, + ACTCTX_RUN_LEVEL_AS_INVOKER, + ACTCTX_RUN_LEVEL_HIGHEST_AVAILABLE, + ACTCTX_RUN_LEVEL_REQUIRE_ADMIN, + ACTCTX_RUN_LEVEL_NUMBERS +} ACTCTX_REQUESTED_RUN_LEVEL; + +typedef enum _ACTCTX_COMPATIBILITY_ELEMENT_TYPE +{ + ACTCTX_COMPATIBILITY_ELEMENT_TYPE_UNKNOWN = 0, + ACTCTX_COMPATIBILITY_ELEMENT_TYPE_OS, + ACTCTX_COMPATIBILITY_ELEMENT_TYPE_MITIGATION, + ACTCTX_COMPATIBILITY_ELEMENT_TYPE_MAXVERSIONTESTED +} ACTCTX_COMPATIBILITY_ELEMENT_TYPE; +#endif + +#include + +typedef struct _ACTIVATION_CONTEXT_DATA +{ + ULONG Magic; + ULONG HeaderSize; + ULONG FormatVersion; + ULONG TotalSize; + ULONG DefaultTocOffset; // to ACTIVATION_CONTEXT_DATA_TOC_HEADER + ULONG ExtendedTocOffset; // to ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_HEADER + ULONG AssemblyRosterOffset; // to ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_HEADER + ULONG Flags; // ACTIVATION_CONTEXT_FLAG_* +} ACTIVATION_CONTEXT_DATA, *PACTIVATION_CONTEXT_DATA; + +#define ACTIVATION_CONTEXT_DATA_TOC_HEADER_DENSE 0x00000001 +#define ACTIVATION_CONTEXT_DATA_TOC_HEADER_INORDER 0x00000002 + +typedef struct _ACTIVATION_CONTEXT_DATA_TOC_HEADER +{ + ULONG HeaderSize; + ULONG EntryCount; + ULONG FirstEntryOffset; // to ACTIVATION_CONTEXT_DATA_TOC_ENTRY[], from ACTIVATION_CONTEXT_DATA base + ULONG Flags; // ACTIVATION_CONTEXT_DATA_TOC_HEADER_* +} ACTIVATION_CONTEXT_DATA_TOC_HEADER, *PACTIVATION_CONTEXT_DATA_TOC_HEADER; + +typedef struct _ACTIVATION_CONTEXT_DATA_TOC_ENTRY +{ + ULONG Id; // ACTIVATION_CONTEXT_SECTION_* + ULONG Offset; // to ACTIVATION_CONTEXT_*_SECTION_HEADER, from ACTIVATION_CONTEXT_DATA base + ULONG Length; + ULONG Format; // ACTIVATION_CONTEXT_SECTION_FORMAT_* +} ACTIVATION_CONTEXT_DATA_TOC_ENTRY, *PACTIVATION_CONTEXT_DATA_TOC_ENTRY; + +typedef struct _ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_HEADER +{ + ULONG HeaderSize; + ULONG EntryCount; + ULONG FirstEntryOffset; // to ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_ENTRY[], from ACTIVATION_CONTEXT_DATA base + ULONG Flags; +} ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_HEADER, *PACTIVATION_CONTEXT_DATA_EXTENDED_TOC_HEADER; + +typedef struct _ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_ENTRY +{ + GUID ExtensionGuid; + ULONG TocOffset; // to ACTIVATION_CONTEXT_DATA_TOC_HEADER, from ACTIVATION_CONTEXT_DATA base + ULONG Length; +} ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_ENTRY, *PACTIVATION_CONTEXT_DATA_EXTENDED_TOC_ENTRY; + +#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY_INVALID 0x00000001 +#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY_ROOT 0x00000002 + +typedef struct _ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_HEADER +{ + ULONG HeaderSize; + ULONG HashAlgorithm; // HASH_STRING_ALGORITHM_* + ULONG EntryCount; + ULONG FirstEntryOffset; // to ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY[], from ACTIVATION_CONTEXT_DATA base + ULONG AssemblyInformationSectionOffset; // to resolve section-relative offsets +} ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_HEADER, *PACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_HEADER; + +typedef struct _ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY +{ + ULONG Flags; + ULONG PseudoKey; + ULONG AssemblyNameOffset; // to WCHAR[], from ACTIVATION_CONTEXT_DATA base + ULONG AssemblyNameLength; + ULONG AssemblyInformationOffset; // to ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION, from ACTIVATION_CONTEXT_DATA base + ULONG AssemblyInformationLength; +} ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY, *PACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY; + +#define ACTIVATION_CONTEXT_SECTION_FORMAT_UNKNOWN 0 +#define ACTIVATION_CONTEXT_SECTION_FORMAT_STRING_TABLE 1 // ACTIVATION_CONTEXT_STRING_SECTION_HEADER +#define ACTIVATION_CONTEXT_SECTION_FORMAT_GUID_TABLE 2 // ACTIVATION_CONTEXT_GUID_SECTION_HEADER + +#define ACTIVATION_CONTEXT_STRING_SECTION_MAGIC ('dHsS') +#define ACTIVATION_CONTEXT_STRING_SECTION_FORMAT_WHISTLER 1 + +#define ACTIVATION_CONTEXT_STRING_SECTION_CASE_INSENSITIVE 0x00000001 +#define ACTIVATION_CONTEXT_STRING_SECTION_ENTRIES_IN_PSEUDOKEY_ORDER 0x00000002 + +typedef struct _ACTIVATION_CONTEXT_STRING_SECTION_HEADER +{ + ULONG Magic; + ULONG HeaderSize; + ULONG FormatVersion; + ULONG DataFormatVersion; + ULONG Flags; // ACTIVATION_CONTEXT_STRING_SECTION_* + ULONG ElementCount; + ULONG ElementListOffset; // to ACTIVATION_CONTEXT_STRING_SECTION_ENTRY[], from this struct base + ULONG HashAlgorithm; // HASH_STRING_ALGORITHM_* + ULONG SearchStructureOffset; // to ACTIVATION_CONTEXT_STRING_SECTION_HASH_TABLE, from this struct base + ULONG UserDataOffset; // to data depending on section Id, from this struct base + ULONG UserDataSize; +} ACTIVATION_CONTEXT_STRING_SECTION_HEADER, *PACTIVATION_CONTEXT_STRING_SECTION_HEADER; + +typedef struct _ACTIVATION_CONTEXT_STRING_SECTION_ENTRY +{ + ULONG PseudoKey; + ULONG KeyOffset; // to WCHAR[], from section header + ULONG KeyLength; + ULONG Offset; // to data depending on section Id, from section header + ULONG Length; + ULONG AssemblyRosterIndex; +} ACTIVATION_CONTEXT_STRING_SECTION_ENTRY, *PACTIVATION_CONTEXT_STRING_SECTION_ENTRY; + +typedef struct _ACTIVATION_CONTEXT_STRING_SECTION_HASH_TABLE +{ + ULONG BucketTableEntryCount; + ULONG BucketTableOffset; // to ACTIVATION_CONTEXT_STRING_SECTION_HASH_BUCKET[], from section header +} ACTIVATION_CONTEXT_STRING_SECTION_HASH_TABLE, *PACTIVATION_CONTEXT_STRING_SECTION_HASH_TABLE; + +typedef struct _ACTIVATION_CONTEXT_STRING_SECTION_HASH_BUCKET +{ + ULONG ChainCount; + ULONG ChainOffset; // to LONG[], from section header +} ACTIVATION_CONTEXT_STRING_SECTION_HASH_BUCKET, *PACTIVATION_CONTEXT_STRING_SECTION_HASH_BUCKET; + +#define ACTIVATION_CONTEXT_GUID_SECTION_MAGIC ('dHsG') +#define ACTIVATION_CONTEXT_GUID_SECTION_FORMAT_WHISTLER 1 + +#define ACTIVATION_CONTEXT_GUID_SECTION_ENTRIES_IN_ORDER 0x00000001 + +typedef struct _ACTIVATION_CONTEXT_GUID_SECTION_HEADER +{ + ULONG Magic; + ULONG HeaderSize; + ULONG FormatVersion; + ULONG DataFormatVersion; + ULONG Flags; // ACTIVATION_CONTEXT_GUID_SECTION_* + ULONG ElementCount; + ULONG ElementListOffset; // to ACTIVATION_CONTEXT_GUID_SECTION_ENTRY[], from this struct base + ULONG SearchStructureOffset; // to ACTIVATION_CONTEXT_GUID_SECTION_HASH_TABLE, from this struct base + ULONG UserDataOffset; // to data depending on section Id, from this struct base + ULONG UserDataSize; +} ACTIVATION_CONTEXT_GUID_SECTION_HEADER, *PACTIVATION_CONTEXT_GUID_SECTION_HEADER; + +typedef struct _ACTIVATION_CONTEXT_GUID_SECTION_ENTRY +{ + GUID Guid; + ULONG Offset; // to data depending on section Id, from section header + ULONG Length; + ULONG AssemblyRosterIndex; +} ACTIVATION_CONTEXT_GUID_SECTION_ENTRY, *PACTIVATION_CONTEXT_GUID_SECTION_ENTRY; + +typedef struct _ACTIVATION_CONTEXT_GUID_SECTION_HASH_TABLE +{ + ULONG BucketTableEntryCount; + ULONG BucketTableOffset; // to ACTIVATION_CONTEXT_GUID_SECTION_HASH_BUCKET, from section header +} ACTIVATION_CONTEXT_GUID_SECTION_HASH_TABLE, *PACTIVATION_CONTEXT_GUID_SECTION_HASH_TABLE; + +typedef struct _ACTIVATION_CONTEXT_GUID_SECTION_HASH_BUCKET +{ + ULONG ChainCount; + ULONG ChainOffset; // to LONG[], from section header +} ACTIVATION_CONTEXT_GUID_SECTION_HASH_BUCKET, *PACTIVATION_CONTEXT_GUID_SECTION_HASH_BUCKET; + +// winnt.h - known section IDs +// #define ACTIVATION_CONTEXT_SECTION_ASSEMBLY_INFORMATION (1) // ACTIVATION_CONTEXT_SECTION_ASSEMBLY_INFORMATION + ACTIVATION_CONTEXT_DATA_ASSEMBLY_GLOBAL_INFORMATION +// #define ACTIVATION_CONTEXT_SECTION_DLL_REDIRECTION (2) // ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION +// #define ACTIVATION_CONTEXT_SECTION_WINDOW_CLASS_REDIRECTION (3) // ACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION +// #define ACTIVATION_CONTEXT_SECTION_COM_SERVER_REDIRECTION (4) // ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION +// #define ACTIVATION_CONTEXT_SECTION_COM_INTERFACE_REDIRECTION (5) // ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION +// #define ACTIVATION_CONTEXT_SECTION_COM_TYPE_LIBRARY_REDIRECTION (6) // ACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION +// #define ACTIVATION_CONTEXT_SECTION_COM_PROGID_REDIRECTION (7) // ACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION +// #define ACTIVATION_CONTEXT_SECTION_GLOBAL_OBJECT_RENAME_TABLE (8) +// #define ACTIVATION_CONTEXT_SECTION_CLR_SURROGATES (9) // ACTIVATION_CONTEXT_DATA_CLR_SURROGATE +// #define ACTIVATION_CONTEXT_SECTION_APPLICATION_SETTINGS (10) // ACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS +// #define ACTIVATION_CONTEXT_SECTION_COMPATIBILITY_INFO (11) // ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION[_LEGACY] +// #define ACTIVATION_CONTEXT_SECTION_WINRT_ACTIVATABLE_CLASSES (12) // since 19H1 + +#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_FORMAT_WHISTLER 1 + +#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_ROOT_ASSEMBLY 0x00000001 +#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_POLICY_APPLIED 0x00000002 +#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_ASSEMBLY_POLICY_APPLIED 0x00000004 +#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_ROOT_POLICY_APPLIED 0x00000008 +#define ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_PRIVATE_ASSEMBLY 0x00000010 + +typedef struct _ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION +{ + ULONG Size; + ULONG Flags; // ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_* + ULONG EncodedAssemblyIdentityLength; + ULONG EncodedAssemblyIdentityOffset; // to WCHAR[], from section header + ULONG ManifestPathType; // ACTIVATION_CONTEXT_PATH_TYPE_* + ULONG ManifestPathLength; + ULONG ManifestPathOffset; // to WCHAR[], from section header + LARGE_INTEGER ManifestLastWriteTime; + ULONG PolicyPathType; // ACTIVATION_CONTEXT_PATH_TYPE_* + ULONG PolicyPathLength; + ULONG PolicyPathOffset; // to WCHAR[], from section header + LARGE_INTEGER PolicyLastWriteTime; + ULONG MetadataSatelliteRosterIndex; + ULONG Unused2; + ULONG ManifestVersionMajor; + ULONG ManifestVersionMinor; + ULONG PolicyVersionMajor; + ULONG PolicyVersionMinor; + ULONG AssemblyDirectoryNameLength; + ULONG AssemblyDirectoryNameOffset; // to WCHAR[], from section header + ULONG NumOfFilesInAssembly; + ULONG LanguageLength; + ULONG LanguageOffset; // to WCHAR[], from section header + ACTCTX_REQUESTED_RUN_LEVEL RunLevel; + ULONG UiAccess; +} ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION, *PACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION; + +// via UserData +typedef struct _ACTIVATION_CONTEXT_DATA_ASSEMBLY_GLOBAL_INFORMATION +{ + ULONG Size; + ULONG Flags; + GUID PolicyCoherencyGuid; + GUID PolicyOverrideGuid; + ULONG ApplicationDirectoryPathType; // ACTIVATION_CONTEXT_PATH_TYPE_* + ULONG ApplicationDirectoryLength; + ULONG ApplicationDirectoryOffset; // to WCHAR[], from this struct base + ULONG ResourceName; +} ACTIVATION_CONTEXT_DATA_ASSEMBLY_GLOBAL_INFORMATION, *PACTIVATION_CONTEXT_DATA_ASSEMBLY_GLOBAL_INFORMATION; + +#define ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_FORMAT_WHISTLER 1 + +#define ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_INCLUDES_BASE_NAME 0x00000001 +#define ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_OMITS_ASSEMBLY_ROOT 0x00000002 +#define ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_EXPAND 0x00000004 +#define ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SYSTEM_DEFAULT_REDIRECTED_SYSTEM32_DLL 0x00000008 + +typedef struct _ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION +{ + ULONG Size; + ULONG Flags; // ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_* + ULONG TotalPathLength; + ULONG PathSegmentCount; + ULONG PathSegmentOffset; // to ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SEGMENT[], from section header +} ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION, *PACTIVATION_CONTEXT_DATA_DLL_REDIRECTION; + +typedef struct _ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SEGMENT +{ + ULONG Length; + ULONG Offset; // to WCHAR[], from section header +} ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SEGMENT, *PACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SEGMENT; + +#define ACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION_FORMAT_WHISTLER 1 + +typedef struct _ACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION +{ + ULONG Size; + ULONG Flags; + ULONG VersionSpecificClassNameLength; + ULONG VersionSpecificClassNameOffset; // to WHCAR[], from this struct base + ULONG DllNameLength; + ULONG DllNameOffset; // to WCHAR[], from section header +} ACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION, *PACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION; + +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_FORMAT_WHISTLER 1 + +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_INVALID 0 +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_APARTMENT 1 +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_FREE 2 +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_SINGLE 3 +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_BOTH 4 +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_NEUTRAL 5 + +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_FLAG_OFFSET 8 +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_DEFAULT (0x01 << ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_FLAG_OFFSET) +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_ICON (0x02 << ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_FLAG_OFFSET) +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_CONTENT (0x04 << ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_FLAG_OFFSET) +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_THUMBNAIL (0x08 << ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_FLAG_OFFSET) +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_DOCPRINT (0x10 << ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_FLAG_OFFSET) + +typedef struct _ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION +{ + ULONG Size; + ULONG Flags; + ULONG ThreadingModel; // ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_* + GUID ReferenceClsid; + GUID ConfiguredClsid; + GUID ImplementedClsid; + GUID TypeLibraryId; + ULONG ModuleLength; + ULONG ModuleOffset; // to WCHAR[], from section header + ULONG ProgIdLength; + ULONG ProgIdOffset; // to WCHAR[], from this struct base + ULONG ShimDataLength; + ULONG ShimDataOffset; // to ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM, from this struct base + ULONG MiscStatusDefault; + ULONG MiscStatusContent; + ULONG MiscStatusThumbnail; + ULONG MiscStatusIcon; + ULONG MiscStatusDocPrint; +} ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION, *PACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION; + +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM_TYPE_OTHER 1 +#define ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM_TYPE_CLR_CLASS 2 + +typedef struct _ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM +{ + ULONG Size; + ULONG Flags; + ULONG Type; // ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM_TYPE_* + ULONG ModuleLength; + ULONG ModuleOffset; // to WCHAR[], from section header + ULONG TypeLength; + ULONG TypeOffset; // to WCHAR[], from this struct base + ULONG ShimVersionLength; + ULONG ShimVersionOffset; // to WCHAR[], from this struct base + ULONG DataLength; + ULONG DataOffset; // from this struct base +} ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM, *PACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM; + +#define ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION_FORMAT_WHISTLER 1 + +#define ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION_FLAG_NUM_METHODS_VALID 0x00000001 +#define ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION_FLAG_BASE_INTERFACE_VALID 0x00000002 + +typedef struct _ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION +{ + ULONG Size; + ULONG Flags; // ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION_FLAG_* + GUID ProxyStubClsid32; + ULONG NumMethods; + GUID TypeLibraryId; + GUID BaseInterface; + ULONG NameLength; + ULONG NameOffset; // to WCHAR[], from this struct base +} ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION, *PACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION; + +#define ACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION_FORMAT_WHISTLER 1 + +typedef struct _ACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION +{ + USHORT Major; + USHORT Minor; +} ACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION, *PACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION; + +typedef struct _ACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION +{ + ULONG Size; + ULONG Flags; + ULONG NameLength; + ULONG NameOffset; // to WCHAR[], from section header + USHORT ResourceId; + USHORT LibraryFlags; // LIBFLAG_* oaidl.h + ULONG HelpDirLength; + ULONG HelpDirOffset; // to WCHAR[], from this struct base + ACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION Version; +} ACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION, *PACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION; + +#define ACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION_FORMAT_WHISTLER 1 + +typedef struct _ACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION +{ + ULONG Size; + ULONG Flags; + ULONG ConfiguredClsidOffset; // to CLSID, from section header +} ACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION, *PACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION; + +#define ACTIVATION_CONTEXT_DATA_CLR_SURROGATE_FORMAT_WHISTLER 1 + +typedef struct _ACTIVATION_CONTEXT_DATA_CLR_SURROGATE +{ + ULONG Size; + ULONG Flags; + GUID SurrogateIdent; + ULONG VersionOffset; + ULONG VersionLength; + ULONG TypeNameOffset; + ULONG TypeNameLength; // to WCHAR[], from this struct base +} ACTIVATION_CONTEXT_DATA_CLR_SURROGATE, *PACTIVATION_CONTEXT_DATA_CLR_SURROGATE; + +#define ACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS_FORMAT_LONGHORN 1 + +#define SXS_WINDOWS_SETTINGS_NAMESPACE L"http://schemas.microsoft.com/SMI/2005/WindowsSettings" +#define SXS_WINDOWS_SETTINGS_2011_NAMESPACE L"http://schemas.microsoft.com/SMI/2011/WindowsSettings" +#define SXS_WINDOWS_SETTINGS_2013_NAMESPACE L"http://schemas.microsoft.com/SMI/2013/WindowsSettings" +#define SXS_WINDOWS_SETTINGS_2014_NAMESPACE L"http://schemas.microsoft.com/SMI/2014/WindowsSettings" +#define SXS_WINDOWS_SETTINGS_2016_NAMESPACE L"http://schemas.microsoft.com/SMI/2016/WindowsSettings" +#define SXS_WINDOWS_SETTINGS_2017_NAMESPACE L"http://schemas.microsoft.com/SMI/2017/WindowsSettings" +#define SXS_WINDOWS_SETTINGS_2019_NAMESPACE L"http://schemas.microsoft.com/SMI/2019/WindowsSettings" +#define SXS_WINDOWS_SETTINGS_2020_NAMESPACE L"http://schemas.microsoft.com/SMI/2020/WindowsSettings" + +typedef struct _ACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS +{ + ULONG Size; + ULONG Flags; + ULONG SettingNamespaceLength; + ULONG SettingNamespaceOffset; // to WCHAR[], from this struct base + ULONG SettingNameLength; + ULONG SettingNameOffset; // to WCHAR[], from this struct base + ULONG SettingValueLength; + ULONG SettingValueOffset; // to WCHAR[], from this struct base +} ACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS, *PACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS; + +// COMPATIBILITY_CONTEXT_ELEMENT from winnt.h before 19H1 +typedef struct _COMPATIBILITY_CONTEXT_ELEMENT_LEGACY +{ + GUID Id; + ACTCTX_COMPATIBILITY_ELEMENT_TYPE Type; +} COMPATIBILITY_CONTEXT_ELEMENT_LEGACY, *PCOMPATIBILITY_CONTEXT_ELEMENT_LEGACY; + +// ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION from winnt.h before 19H1 +typedef struct _ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION_LEGACY +{ + DWORD ElementCount; + COMPATIBILITY_CONTEXT_ELEMENT_LEGACY Elements[ANYSIZE_ARRAY]; +} ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION_LEGACY, *PACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION_LEGACY; + +#include + +// begin_private + +typedef struct _ASSEMBLY_STORAGE_MAP_ENTRY +{ + ULONG Flags; + UNICODE_STRING DosPath; + HANDLE Handle; +} ASSEMBLY_STORAGE_MAP_ENTRY, *PASSEMBLY_STORAGE_MAP_ENTRY; + +#define ASSEMBLY_STORAGE_MAP_ASSEMBLY_ARRAY_IS_HEAP_ALLOCATED 0x00000001 + +typedef struct _ASSEMBLY_STORAGE_MAP +{ + ULONG Flags; + ULONG AssemblyCount; + PASSEMBLY_STORAGE_MAP_ENTRY *AssemblyArray; +} ASSEMBLY_STORAGE_MAP, *PASSEMBLY_STORAGE_MAP; + +typedef struct _ACTIVATION_CONTEXT *PACTIVATION_CONTEXT; + +#define ACTIVATION_CONTEXT_NOTIFICATION_DESTROY 1 +#define ACTIVATION_CONTEXT_NOTIFICATION_ZOMBIFY 2 +#define ACTIVATION_CONTEXT_NOTIFICATION_USED 3 + +typedef VOID (NTAPI *PACTIVATION_CONTEXT_NOTIFY_ROUTINE)( + _In_ ULONG NotificationType, // ACTIVATION_CONTEXT_NOTIFICATION_* + _In_ PACTIVATION_CONTEXT ActivationContext, + _In_ PACTIVATION_CONTEXT_DATA ActivationContextData, + _In_opt_ PVOID NotificationContext, + _In_opt_ PVOID NotificationData, + _Inout_ PBOOLEAN DisableThisNotification + ); + +typedef struct _ACTIVATION_CONTEXT +{ + LONG RefCount; + ULONG Flags; + PACTIVATION_CONTEXT_DATA ActivationContextData; + PACTIVATION_CONTEXT_NOTIFY_ROUTINE NotificationRoutine; + PVOID NotificationContext; + ULONG SentNotifications[8]; + ULONG DisabledNotifications[8]; + ASSEMBLY_STORAGE_MAP StorageMap; + PASSEMBLY_STORAGE_MAP_ENTRY InlineStorageMapEntries[32]; +} ACTIVATION_CONTEXT, *PACTIVATION_CONTEXT; + +#define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_RELEASE_ON_DEACTIVATION 0x00000001 +#define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NO_DEACTIVATE 0x00000002 +#define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_ON_FREE_LIST 0x00000004 +#define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_HEAP_ALLOCATED 0x00000008 +#define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NOT_REALLY_ACTIVATED 0x00000010 + +typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME +{ + struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME *Previous; + PACTIVATION_CONTEXT ActivationContext; + ULONG Flags; // RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_* +} RTL_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_ACTIVATION_CONTEXT_STACK_FRAME; + +#define ACTIVATION_CONTEXT_STACK_FLAG_QUERIES_DISABLED 0x00000001 + +typedef struct _ACTIVATION_CONTEXT_STACK +{ + PRTL_ACTIVATION_CONTEXT_STACK_FRAME ActiveFrame; + LIST_ENTRY FrameListCache; + ULONG Flags; // ACTIVATION_CONTEXT_STACK_FLAG_* + ULONG NextCookieSequenceNumber; + ULONG StackId; +} ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK; + +// end_private + +#endif diff --git a/deps/phnt-nightly/nttmapi.h b/deps/phnt-nightly/nttmapi.h new file mode 100644 index 0000000..4e9e8ad --- /dev/null +++ b/deps/phnt-nightly/nttmapi.h @@ -0,0 +1,479 @@ +/* + * Transaction Manager support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTTMAPI_H +#define _NTTMAPI_H + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateTransactionManager( + _Out_ PHANDLE TmHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PUNICODE_STRING LogFileName, + _In_opt_ ULONG CreateOptions, + _In_opt_ ULONG CommitStrength + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenTransactionManager( + _Out_ PHANDLE TmHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PUNICODE_STRING LogFileName, + _In_opt_ LPGUID TmIdentity, + _In_opt_ ULONG OpenOptions + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRenameTransactionManager( + _In_ PUNICODE_STRING LogFileName, + _In_ LPGUID ExistingTransactionManagerGuid + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRollforwardTransactionManager( + _In_ HANDLE TransactionManagerHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRecoverTransactionManager( + _In_ HANDLE TransactionManagerHandle + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInformationTransactionManager( + _In_ HANDLE TransactionManagerHandle, + _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass, + _Out_writes_bytes_(TransactionManagerInformationLength) PVOID TransactionManagerInformation, + _In_ ULONG TransactionManagerInformationLength, + _Out_opt_ PULONG ReturnLength + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationTransactionManager( + _In_opt_ HANDLE TmHandle, + _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass, + _In_reads_bytes_(TransactionManagerInformationLength) PVOID TransactionManagerInformation, + _In_ ULONG TransactionManagerInformationLength + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtEnumerateTransactionObject( + _In_opt_ HANDLE RootObjectHandle, + _In_ KTMOBJECT_TYPE QueryType, + _Inout_updates_bytes_(ObjectCursorLength) PKTMOBJECT_CURSOR ObjectCursor, + _In_ ULONG ObjectCursorLength, + _Out_ PULONG ReturnLength + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateTransaction( + _Out_ PHANDLE TransactionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ LPGUID Uow, + _In_opt_ HANDLE TmHandle, + _In_opt_ ULONG CreateOptions, + _In_opt_ ULONG IsolationLevel, + _In_opt_ ULONG IsolationFlags, + _In_opt_ PLARGE_INTEGER Timeout, + _In_opt_ PUNICODE_STRING Description + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenTransaction( + _Out_ PHANDLE TransactionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ LPGUID Uow, + _In_opt_ HANDLE TmHandle + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInformationTransaction( + _In_ HANDLE TransactionHandle, + _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass, + _Out_writes_bytes_(TransactionInformationLength) PVOID TransactionInformation, + _In_ ULONG TransactionInformationLength, + _Out_opt_ PULONG ReturnLength + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationTransaction( + _In_ HANDLE TransactionHandle, + _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass, + _In_reads_bytes_(TransactionInformationLength) PVOID TransactionInformation, + _In_ ULONG TransactionInformationLength + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCommitTransaction( + _In_ HANDLE TransactionHandle, + _In_ BOOLEAN Wait + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRollbackTransaction( + _In_ HANDLE TransactionHandle, + _In_ BOOLEAN Wait + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateEnlistment( + _Out_ PHANDLE EnlistmentHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ HANDLE ResourceManagerHandle, + _In_ HANDLE TransactionHandle, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ ULONG CreateOptions, + _In_ NOTIFICATION_MASK NotificationMask, + _In_opt_ PVOID EnlistmentKey + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenEnlistment( + _Out_ PHANDLE EnlistmentHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ HANDLE ResourceManagerHandle, + _In_ LPGUID EnlistmentGuid, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInformationEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, + _Out_writes_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation, + _In_ ULONG EnlistmentInformationLength, + _Out_opt_ PULONG ReturnLength + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationEnlistment( + _In_opt_ HANDLE EnlistmentHandle, + _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, + _In_reads_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation, + _In_ ULONG EnlistmentInformationLength + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRecoverEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PVOID EnlistmentKey + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtPrePrepareEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtPrepareEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCommitEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRollbackEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtPrePrepareComplete( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtPrepareComplete( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCommitComplete( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtReadOnlyEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRollbackComplete( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSinglePhaseReject( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtCreateResourceManager( + _Out_ PHANDLE ResourceManagerHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ HANDLE TmHandle, + _In_ LPGUID RmGuid, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ ULONG CreateOptions, + _In_opt_ PUNICODE_STRING Description + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtOpenResourceManager( + _Out_ PHANDLE ResourceManagerHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ HANDLE TmHandle, + _In_opt_ LPGUID ResourceManagerGuid, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRecoverResourceManager( + _In_ HANDLE ResourceManagerHandle + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtGetNotificationResourceManager( + _In_ HANDLE ResourceManagerHandle, + _Out_ PTRANSACTION_NOTIFICATION TransactionNotification, + _In_ ULONG NotificationLength, + _In_opt_ PLARGE_INTEGER Timeout, + _Out_opt_ PULONG ReturnLength, + _In_ ULONG Asynchronous, + _In_opt_ ULONG_PTR AsynchronousContext + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtQueryInformationResourceManager( + _In_ HANDLE ResourceManagerHandle, + _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, + _Out_writes_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation, + _In_ ULONG ResourceManagerInformationLength, + _Out_opt_ PULONG ReturnLength + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtSetInformationResourceManager( + _In_ HANDLE ResourceManagerHandle, + _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, + _In_reads_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation, + _In_ ULONG ResourceManagerInformationLength + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRegisterProtocolAddressInformation( + _In_ HANDLE ResourceManager, + _In_ PCRM_PROTOCOL_ID ProtocolId, + _In_ ULONG ProtocolInformationSize, + _In_ PVOID ProtocolInformation, + _In_opt_ ULONG CreateOptions + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtPropagationComplete( + _In_ HANDLE ResourceManagerHandle, + _In_ ULONG RequestCookie, + _In_ ULONG BufferLength, + _In_ PVOID Buffer + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtPropagationFailed( + _In_ HANDLE ResourceManagerHandle, + _In_ ULONG RequestCookie, + _In_ NTSTATUS PropStatus + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSCALLAPI +NTSTATUS +NTAPI +NtFreezeTransactions( + _In_ PLARGE_INTEGER FreezeTimeout, + _In_ PLARGE_INTEGER ThawTimeout + ); +#endif + +#if (PHNT_VERSION >= PHNT_VISTA) +// private +NTSYSCALLAPI +NTSTATUS +NTAPI +NtThawTransactions( + VOID + ); +#endif + +#endif diff --git a/deps/phnt-nightly/nttp.h b/deps/phnt-nightly/nttp.h new file mode 100644 index 0000000..e4bd6ea --- /dev/null +++ b/deps/phnt-nightly/nttp.h @@ -0,0 +1,462 @@ +/* + * Thread Pool support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTTP_H +#define _NTTP_H + +// Some types are already defined in winnt.h. + +typedef struct _TP_ALPC TP_ALPC, *PTP_ALPC; + +// private +typedef VOID (NTAPI *PTP_ALPC_CALLBACK)( + _Inout_ PTP_CALLBACK_INSTANCE Instance, + _Inout_opt_ PVOID Context, + _In_ PTP_ALPC Alpc + ); + +// rev +typedef VOID (NTAPI *PTP_ALPC_CALLBACK_EX)( + _Inout_ PTP_CALLBACK_INSTANCE Instance, + _Inout_opt_ PVOID Context, + _In_ PTP_ALPC Alpc, + _In_ PVOID ApcContext + ); + +#if (PHNT_VERSION >= PHNT_VISTA) + +// winbase:CreateThreadpool +NTSYSAPI +NTSTATUS +NTAPI +TpAllocPool( + _Out_ PTP_POOL *PoolReturn, + _Reserved_ PVOID Reserved + ); + +// winbase:CloseThreadpool +NTSYSAPI +VOID +NTAPI +TpReleasePool( + _Inout_ PTP_POOL Pool + ); + +// winbase:SetThreadpoolThreadMaximum +NTSYSAPI +VOID +NTAPI +TpSetPoolMaxThreads( + _Inout_ PTP_POOL Pool, + _In_ ULONG MaxThreads + ); + +// winbase:SetThreadpoolThreadMinimum +NTSYSAPI +NTSTATUS +NTAPI +TpSetPoolMinThreads( + _Inout_ PTP_POOL Pool, + _In_ ULONG MinThreads + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +// winbase:QueryThreadpoolStackInformation +NTSYSAPI +NTSTATUS +NTAPI +TpQueryPoolStackInformation( + _In_ PTP_POOL Pool, + _Out_ PTP_POOL_STACK_INFORMATION PoolStackInformation + ); + +// winbase:SetThreadpoolStackInformation +NTSYSAPI +NTSTATUS +NTAPI +TpSetPoolStackInformation( + _Inout_ PTP_POOL Pool, + _In_ PTP_POOL_STACK_INFORMATION PoolStackInformation + ); + +// rev +NTSYSAPI +NTSTATUS +NTAPI +TpSetPoolThreadBasePriority( + _Inout_ PTP_POOL Pool, + _In_ ULONG BasePriority + ); +#endif + +// winbase:CreateThreadpoolCleanupGroup +NTSYSAPI +NTSTATUS +NTAPI +TpAllocCleanupGroup( + _Out_ PTP_CLEANUP_GROUP *CleanupGroupReturn + ); + +// winbase:CloseThreadpoolCleanupGroup +NTSYSAPI +VOID +NTAPI +TpReleaseCleanupGroup( + _Inout_ PTP_CLEANUP_GROUP CleanupGroup + ); + +// winbase:CloseThreadpoolCleanupGroupMembers +NTSYSAPI +VOID +NTAPI +TpReleaseCleanupGroupMembers( + _Inout_ PTP_CLEANUP_GROUP CleanupGroup, + _In_ LOGICAL CancelPendingCallbacks, + _Inout_opt_ PVOID CleanupParameter + ); + +// winbase:SetEventWhenCallbackReturns +NTSYSAPI +VOID +NTAPI +TpCallbackSetEventOnCompletion( + _Inout_ PTP_CALLBACK_INSTANCE Instance, + _In_ HANDLE Event + ); + +// winbase:ReleaseSemaphoreWhenCallbackReturns +NTSYSAPI +VOID +NTAPI +TpCallbackReleaseSemaphoreOnCompletion( + _Inout_ PTP_CALLBACK_INSTANCE Instance, + _In_ HANDLE Semaphore, + _In_ ULONG ReleaseCount + ); + +// winbase:ReleaseMutexWhenCallbackReturns +NTSYSAPI +VOID +NTAPI +TpCallbackReleaseMutexOnCompletion( + _Inout_ PTP_CALLBACK_INSTANCE Instance, + _In_ HANDLE Mutex + ); + +// winbase:LeaveCriticalSectionWhenCallbackReturns +NTSYSAPI +VOID +NTAPI +TpCallbackLeaveCriticalSectionOnCompletion( + _Inout_ PTP_CALLBACK_INSTANCE Instance, + _Inout_ PRTL_CRITICAL_SECTION CriticalSection + ); + +// winbase:FreeLibraryWhenCallbackReturns +NTSYSAPI +VOID +NTAPI +TpCallbackUnloadDllOnCompletion( + _Inout_ PTP_CALLBACK_INSTANCE Instance, + _In_ PVOID DllHandle + ); + +// winbase:CallbackMayRunLong +NTSYSAPI +NTSTATUS +NTAPI +TpCallbackMayRunLong( + _Inout_ PTP_CALLBACK_INSTANCE Instance + ); + +// winbase:DisassociateCurrentThreadFromCallback +NTSYSAPI +VOID +NTAPI +TpDisassociateCallback( + _Inout_ PTP_CALLBACK_INSTANCE Instance + ); + +// winbase:TrySubmitThreadpoolCallback +NTSYSAPI +NTSTATUS +NTAPI +TpSimpleTryPost( + _In_ PTP_SIMPLE_CALLBACK Callback, + _Inout_opt_ PVOID Context, + _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron + ); + +// winbase:CreateThreadpoolWork +NTSYSAPI +NTSTATUS +NTAPI +TpAllocWork( + _Out_ PTP_WORK *WorkReturn, + _In_ PTP_WORK_CALLBACK Callback, + _Inout_opt_ PVOID Context, + _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron + ); + +// winbase:CloseThreadpoolWork +NTSYSAPI +VOID +NTAPI +TpReleaseWork( + _Inout_ PTP_WORK Work + ); + +// winbase:SubmitThreadpoolWork +NTSYSAPI +VOID +NTAPI +TpPostWork( + _Inout_ PTP_WORK Work + ); + +// winbase:WaitForThreadpoolWorkCallbacks +NTSYSAPI +VOID +NTAPI +TpWaitForWork( + _Inout_ PTP_WORK Work, + _In_ LOGICAL CancelPendingCallbacks + ); + +// winbase:CreateThreadpoolTimer +NTSYSAPI +NTSTATUS +NTAPI +TpAllocTimer( + _Out_ PTP_TIMER *Timer, + _In_ PTP_TIMER_CALLBACK Callback, + _Inout_opt_ PVOID Context, + _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron + ); + +// winbase:CloseThreadpoolTimer +NTSYSAPI +VOID +NTAPI +TpReleaseTimer( + _Inout_ PTP_TIMER Timer + ); + +// winbase:SetThreadpoolTimer +NTSYSAPI +VOID +NTAPI +TpSetTimer( + _Inout_ PTP_TIMER Timer, + _In_opt_ PLARGE_INTEGER DueTime, + _In_ ULONG Period, + _In_opt_ ULONG WindowLength + ); + +#if (PHNT_VERSION >= PHNT_WIN8) +// winbase:SetThreadpoolTimerEx +NTSYSAPI +NTSTATUS +NTAPI +TpSetTimerEx( + _Inout_ PTP_TIMER Timer, + _In_opt_ PLARGE_INTEGER DueTime, + _In_ ULONG Period, + _In_opt_ ULONG WindowLength + ); +#endif + +// winbase:IsThreadpoolTimerSet +NTSYSAPI +LOGICAL +NTAPI +TpIsTimerSet( + _In_ PTP_TIMER Timer + ); + +// winbase:WaitForThreadpoolTimerCallbacks +NTSYSAPI +VOID +NTAPI +TpWaitForTimer( + _Inout_ PTP_TIMER Timer, + _In_ LOGICAL CancelPendingCallbacks + ); + +// winbase:CreateThreadpoolWait +NTSYSAPI +NTSTATUS +NTAPI +TpAllocWait( + _Out_ PTP_WAIT *WaitReturn, + _In_ PTP_WAIT_CALLBACK Callback, + _Inout_opt_ PVOID Context, + _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron + ); + +// winbase:CloseThreadpoolWait +NTSYSAPI +VOID +NTAPI +TpReleaseWait( + _Inout_ PTP_WAIT Wait + ); + +// winbase:SetThreadpoolWait +NTSYSAPI +VOID +NTAPI +TpSetWait( + _Inout_ PTP_WAIT Wait, + _In_opt_ HANDLE Handle, + _In_opt_ PLARGE_INTEGER Timeout + ); + +#if (PHNT_VERSION >= PHNT_WIN8) +// winbase:SetThreadpoolWaitEx +NTSYSAPI +NTSTATUS +NTAPI +TpSetWaitEx( + _Inout_ PTP_WAIT Wait, + _In_opt_ HANDLE Handle, + _In_opt_ PLARGE_INTEGER Timeout, + _In_opt_ PVOID Reserved + ); +#endif + +// winbase:WaitForThreadpoolWaitCallbacks +NTSYSAPI +VOID +NTAPI +TpWaitForWait( + _Inout_ PTP_WAIT Wait, + _In_ LOGICAL CancelPendingCallbacks + ); + +// private +typedef VOID (NTAPI *PTP_IO_CALLBACK)( + _Inout_ PTP_CALLBACK_INSTANCE Instance, + _Inout_opt_ PVOID Context, + _In_ PVOID ApcContext, + _In_ PIO_STATUS_BLOCK IoSB, + _In_ PTP_IO Io + ); + +// winbase:CreateThreadpoolIo +NTSYSAPI +NTSTATUS +NTAPI +TpAllocIoCompletion( + _Out_ PTP_IO *IoReturn, + _In_ HANDLE File, + _In_ PTP_IO_CALLBACK Callback, + _Inout_opt_ PVOID Context, + _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron + ); + +// winbase:CloseThreadpoolIo +NTSYSAPI +VOID +NTAPI +TpReleaseIoCompletion( + _Inout_ PTP_IO Io + ); + +// winbase:StartThreadpoolIo +NTSYSAPI +VOID +NTAPI +TpStartAsyncIoOperation( + _Inout_ PTP_IO Io + ); + +// winbase:CancelThreadpoolIo +NTSYSAPI +VOID +NTAPI +TpCancelAsyncIoOperation( + _Inout_ PTP_IO Io + ); + +// winbase:WaitForThreadpoolIoCallbacks +NTSYSAPI +VOID +NTAPI +TpWaitForIoCompletion( + _Inout_ PTP_IO Io, + _In_ LOGICAL CancelPendingCallbacks + ); + +// private +NTSYSAPI +NTSTATUS +NTAPI +TpAllocAlpcCompletion( + _Out_ PTP_ALPC *AlpcReturn, + _In_ HANDLE AlpcPort, + _In_ PTP_ALPC_CALLBACK Callback, + _Inout_opt_ PVOID Context, + _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron + ); + +#if (PHNT_VERSION >= PHNT_WIN7) +// rev +NTSYSAPI +NTSTATUS +NTAPI +TpAllocAlpcCompletionEx( + _Out_ PTP_ALPC *AlpcReturn, + _In_ HANDLE AlpcPort, + _In_ PTP_ALPC_CALLBACK_EX Callback, + _Inout_opt_ PVOID Context, + _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron + ); +#endif + +// private +NTSYSAPI +VOID +NTAPI +TpReleaseAlpcCompletion( + _Inout_ PTP_ALPC Alpc + ); + +// private +NTSYSAPI +VOID +NTAPI +TpWaitForAlpcCompletion( + _Inout_ PTP_ALPC Alpc + ); + +// private +typedef enum _TP_TRACE_TYPE +{ + TpTraceThreadPriority = 1, + TpTraceThreadAffinity, + MaxTpTraceType +} TP_TRACE_TYPE; + +// private +NTSYSAPI +VOID +NTAPI +TpCaptureCaller( + _In_ TP_TRACE_TYPE Type + ); + +// private +NTSYSAPI +VOID +NTAPI +TpCheckTerminateWorker( + _In_ HANDLE Thread + ); + +#endif + +#endif diff --git a/deps/phnt-nightly/ntwmi.h b/deps/phnt-nightly/ntwmi.h new file mode 100644 index 0000000..f748548 --- /dev/null +++ b/deps/phnt-nightly/ntwmi.h @@ -0,0 +1,5928 @@ +/* + * Trace Control support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTWMI_H +#define _NTWMI_H + +EXTERN_C_START + +#ifndef _TRACEHANDLE_DEFINED +#define _TRACEHANDLE_DEFINED +typedef ULONG64 TRACEHANDLE, *PTRACEHANDLE; +#endif + +// +// Maximum supported buffer size in KB - Win8 (16MB) +// +// N.B. Prior to Win8 the value was 1MB (1024KB). +#define MIN_ETW_BUFFER_SIZE 1 // in KBytes +#define MAX_ETW_BUFFER_SIZE (16 * 1024) // in KBytes +#define MAX_ETW_BUFFER_SIZE_WIN7 (1 * 1024) // in KBytes +#define MAX_ETW_EVENT_SIZE 0xFFFF // MAX_USHORT + +// SystemTraceControlGuid +#define ETW_KERNEL_RUNDOWN_START 0x00000001 +#define ETW_KERNEL_RUNDOWN_STOP 0x00000002 +#define ETW_CKCL_RUNDOWN_START 0x00000004 +#define ETW_CKCL_RUNDOWN_STOP 0x00000008 +#define ETW_FILENAME_RUNDOWN 0x00000010 + +// +// Alignment macros +// +#define DEFAULT_TRACE_ALIGNMENT 8 // 8 byte alignment +#define ALIGN_TO_POWER2( x, n ) (((ULONG)(x) + ((n)-1)) & ~((ULONG)(n)-1)) + +// +// The predefined event groups or families for NT subsystems +// +#define EVENT_TRACE_GROUP_HEADER 0x0000 +#define EVENT_TRACE_GROUP_IO 0x0100 +#define EVENT_TRACE_GROUP_MEMORY 0x0200 +#define EVENT_TRACE_GROUP_PROCESS 0x0300 +#define EVENT_TRACE_GROUP_FILE 0x0400 +#define EVENT_TRACE_GROUP_THREAD 0x0500 +#define EVENT_TRACE_GROUP_TCPIP 0x0600 +#define EVENT_TRACE_GROUP_JOB 0x0700 +#define EVENT_TRACE_GROUP_UDPIP 0x0800 +#define EVENT_TRACE_GROUP_REGISTRY 0x0900 +#define EVENT_TRACE_GROUP_DBGPRINT 0x0A00 +#define EVENT_TRACE_GROUP_CONFIG 0x0B00 +#define EVENT_TRACE_GROUP_SPARE1 0x0C00 // Spare1 +#define EVENT_TRACE_GROUP_WNF 0x0D00 +#define EVENT_TRACE_GROUP_POOL 0x0E00 +#define EVENT_TRACE_GROUP_PERFINFO 0x0F00 +#define EVENT_TRACE_GROUP_HEAP 0x1000 +#define EVENT_TRACE_GROUP_OBJECT 0x1100 +#define EVENT_TRACE_GROUP_POWER 0x1200 +#define EVENT_TRACE_GROUP_MODBOUND 0x1300 +#define EVENT_TRACE_GROUP_IMAGE 0x1400 +#define EVENT_TRACE_GROUP_DPC 0x1500 +#define EVENT_TRACE_GROUP_CC 0x1600 +#define EVENT_TRACE_GROUP_CRITSEC 0x1700 +#define EVENT_TRACE_GROUP_STACKWALK 0x1800 +#define EVENT_TRACE_GROUP_UMS 0x1900 +#define EVENT_TRACE_GROUP_ALPC 0x1A00 +#define EVENT_TRACE_GROUP_SPLITIO 0x1B00 +#define EVENT_TRACE_GROUP_THREAD_POOL 0x1C00 +#define EVENT_TRACE_GROUP_HYPERVISOR 0x1D00 +#define EVENT_TRACE_GROUP_HYPERVISORX 0x1E00 + +// +// If you add any new groups, you must bump up MAX_KERNEL_TRACE_EVENTS +// and make sure post processing is fixed up. +// +#define MAX_KERNEL_TRACE_EVENTS 0x1F + +// +// The highest order bit of a data block is set if trace, WNODE otherwise +// +#define TRACE_HEADER_FLAG 0x80000000 + +// Header type for tracing messages +// | Marker(8) | Reserved(8) | Size(16) | MessageNumber(16) | Flags(16) +#define TRACE_MESSAGE 0x10000000 + +// | MARKER(16) | SIZE (16) | ULONG 32 | TIME_STAMP ... +#define TRACE_HEADER_ULONG32_TIME 0xB0000000 + +// +// The second bit is set if the trace is used by PM & CP (fixed headers) +// If not, the data block is used by for finer data for performance analysis +// +#define TRACE_HEADER_EVENT_TRACE 0x40000000 +// +// If set, the data block is SYSTEM_TRACE_HEADER +// +#define TRACE_HEADER_ENUM_MASK 0x00FF0000 + +// +// The following are various header type +// +#define TRACE_HEADER_TYPE_SYSTEM32 1 +#define TRACE_HEADER_TYPE_SYSTEM64 2 +#define TRACE_HEADER_TYPE_COMPACT32 3 +#define TRACE_HEADER_TYPE_COMPACT64 4 +#define TRACE_HEADER_TYPE_FULL_HEADER32 10 +#define TRACE_HEADER_TYPE_INSTANCE32 11 +#define TRACE_HEADER_TYPE_TIMED 12 // Not used +#define TRACE_HEADER_TYPE_ERROR 13 // Error while logging event +#define TRACE_HEADER_TYPE_WNODE_HEADER 14 // Not used +#define TRACE_HEADER_TYPE_MESSAGE 15 +#define TRACE_HEADER_TYPE_PERFINFO32 16 +#define TRACE_HEADER_TYPE_PERFINFO64 17 +#define TRACE_HEADER_TYPE_EVENT_HEADER32 18 +#define TRACE_HEADER_TYPE_EVENT_HEADER64 19 +#define TRACE_HEADER_TYPE_FULL_HEADER64 20 +#define TRACE_HEADER_TYPE_INSTANCE64 21 + +#define EVENT_HEADER_SIZE_MASK 0x0000FFFF + +#define SYSTEM_TRACE_VERSION 2 + +// +// The following two are used for defining LogFile layout version. +// +// 1.2 -- Add per-processor event streams. +// 1.3 -- Remove rundown and context/switch streams. +// 1.4 -- Add header stream. +// 1.5 -- Include QPC and Platform clock source in the header. +// +// 2.0 -- Larger Buffers (over 1MB) / 256+ Processors / Compression (Win8). +// + +#define TRACE_VERSION_MAJOR_WIN7 1 +#define TRACE_VERSION_MINOR_WIN7 5 + +#define TRACE_VERSION_MAJOR 2 +#define TRACE_VERSION_MINOR 0 + +#define SYSTEM_TRACE_MARKER32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_SYSTEM32 << 16)) +#define SYSTEM_TRACE_MARKER64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_SYSTEM64 << 16)) + +#define COMPACT_TRACE_MARKER32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_COMPACT32 << 16)) +#define COMPACT_TRACE_MARKER64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_COMPACT64 << 16)) + +#define PERFINFO_TRACE_MARKER32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_PERFINFO32 << 16)) +#define PERFINFO_TRACE_MARKER64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_PERFINFO64 << 16)) + +#define TRACE_HEADER_PEBS_INDEX_FLAG 0x00008000 +#define TRACE_HEADER_SPARE_FLAG1 0x00004000 +#define TRACE_HEADER_SPARE_FLAG2 0x00002000 +#define TRACE_HEADER_SPARE_FLAG3 0x00001000 +#define TRACE_HEADER_SPARE_FLAG4 0x00000800 +#define TRACE_HEADER_PMC_COUNTERS_MASK 0x00000700 +#define TRACE_HEADER_PMC_COUNTERS_SHIFT 8 + +#define TRACE_HEADER_EXT_ITEMS_MASK (TRACE_HEADER_PEBS_INDEX_FLAG | TRACE_HEADER_PMC_COUNTERS_MASK) + +#ifdef _WIN64 +#define SYSTEM_TRACE_MARKER SYSTEM_TRACE_MARKER64 +#define COMPACT_TRACE_MARKER COMPACT_TRACE_MARKER64 +#define PERFINFO_TRACE_MARKER PERFINFO_TRACE_MARKER64 +#else +#define SYSTEM_TRACE_MARKER SYSTEM_TRACE_MARKER32 +#define COMPACT_TRACE_MARKER COMPACT_TRACE_MARKER32 +#define PERFINFO_TRACE_MARKER PERFINFO_TRACE_MARKER32 +#endif + +// +// Support a maximum of 64 logger instances. +// +#define MAXLOGGERS 64 + +// +// Set of Internal Flags passed to the Logger via ClientContext during StartTrace +// +#define EVENT_TRACE_CLOCK_RAW 0 // Use Raw timestamp +#define EVENT_TRACE_CLOCK_PERFCOUNTER 1 // Use HighPerfClock (Default) +#define EVENT_TRACE_CLOCK_SYSTEMTIME 2 // Use SystemTime +#define EVENT_TRACE_CLOCK_CPUCYCLE 3 // Use CPU cycle counter +#define EVENT_TRACE_CLOCK_MAX 4 // Max number of clock types + +// +// NOTE: The following should not overlap with other bits in the LogFileMode +// or LoggerMode defined in evntrace.h. Placed here since it is for internal +// use only. +// +#define EVENT_TRACE_KD_FILTER_MODE 0x00080000 // KD_FILTER +#define EVENT_TRACE_BUFFER_INTERFACE_MODE 0x00040000 + +// +// LoggerMode flags on Win7 and above. +// +#define EVENT_TRACE_USE_MS_FLUSH_TIMER 0x00000010 // FlushTimer value in milliseconds +#define EVENT_TRACE_BLOCKING_MODE 0x20000000 // Private loggers wait for buffers + +// +// LoggerMode flags on Win8 and above. +// +#define EVENT_TRACE_REALTIME_RELOG_MODE 0x00100000 // Private logger, relogging real-time events + // This is same as EVENT_TRACE_MODE_RESERVED + +#define EVENT_TRACE_LOST_EVENTS_DEBUG_MODE 0x00200000 // Break on lost events +#define EVENT_TRACE_COMPRESSED_MODE 0x04000000 // Compress relogged file + +// +// see evntrace.h for pre-defined generic event types (0-10) +// +typedef struct _WMI_TRACE_PACKET +{ + USHORT Size; + union + { + USHORT HookId; + struct + { + UCHAR Type; + UCHAR Group; + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME; +} WMI_TRACE_PACKET, *PWMI_TRACE_PACKET; + +static_assert(sizeof(WMI_TRACE_PACKET) == sizeof(ULONG), "WMI_TRACE_PACKET must equal sizeof(ULONG)"); + +// New struct that replaces EVENT_INSTANCE_GUID_HEADER. It is basically +// EVENT_TRACE_HEADER + 2 Guids. +// For XP, we will not publish this struct and hide it from users. +// TRACE_VERSION in LOG_FILE_HEADER will tell the consumer APIs to use +// this struct instead of EVENT_TRACE_HEADER. + +typedef struct _EVENT_INSTANCE_GUID_HEADER +{ + USHORT Size; // Size of entire record + union + { + USHORT FieldTypeFlags; // Indicates valid fields + struct + { + UCHAR HeaderType; // Header type - internal use only + UCHAR MarkerFlags; // Marker - internal use only + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME; + union + { + ULONG Version; + struct + { + UCHAR Type; // event type + UCHAR Level; // trace instrumentation level + USHORT Version; // version of trace record + } Class; + } DUMMYUNIONNAME2; + ULONG ThreadId; // Thread Id + ULONG ProcessId; // Process Id + LARGE_INTEGER TimeStamp; // time when event happens + union + { + GUID Guid; // Guid that identifies event + ULONGLONG GuidPtr; // use with WNODE_FLAG_USE_GUID_PTR + } DUMMYUNIONNAME3; + union + { + struct + { + ULONG ClientContext; // Reserved + ULONG Flags; // Flags for header + } DUMMYSTRUCTNAME; + struct + { + ULONG KernelTime; // Kernel Mode CPU ticks + ULONG UserTime; // User mode CPU ticks + } DUMMYSTRUCTNAME2; + ULONG64 ProcessorTime; // Processor Clock + } DUMMYUNIONNAME4; + ULONG InstanceId; + ULONG ParentInstanceId; + GUID ParentGuid; // Guid that identifies event +} EVENT_INSTANCE_GUID_HEADER, *PEVENT_INSTANCE_GUID_HEADER; + +typedef ULONGLONG PERFINFO_TIMESTAMP; +typedef struct _PERFINFO_TRACE_HEADER PERFINFO_TRACE_ENTRY, *PPERFINFO_TRACE_ENTRY; + +// +// 64-bit Trace header for NTPERF events +// +// Note. The field "Version" will temporary be used to log CPU Id when log to PerfMem. +// This will be removed after we change the buffer management to be the same as WMI. +// i.e., Each CPU will allocate a block of memory for logging and CPU id is in the header +// of each block. +// +typedef struct _PERFINFO_TRACE_HEADER +{ + union + { + ULONG Marker; + struct + { + USHORT Version; + UCHAR HeaderType; + UCHAR Flags; //WMI uses this flag to identify event types + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME; + union + { + ULONG Header; // both sizes must be the same! + WMI_TRACE_PACKET Packet; + } DUMMYUNIONNAME2; + union + { + PERFINFO_TIMESTAMP TS; + LARGE_INTEGER SystemTime; + } DUMMYUNIONNAME3; + UCHAR Data[1]; +} PERFINFO_TRACE_HEADER, *PPERFINFO_TRACE_HEADER; + +// +// 64-bit Trace header for kernel events +// +typedef struct _SYSTEM_TRACE_HEADER +{ + union + { + ULONG Marker; + struct + { + USHORT Version; + UCHAR HeaderType; + UCHAR Flags; + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME; + union + { + ULONG Header; // both sizes must be the same! + WMI_TRACE_PACKET Packet; + } DUMMYUNIONNAME2; + ULONG ThreadId; + ULONG ProcessId; + LARGE_INTEGER SystemTime; + ULONG KernelTime; + ULONG UserTime; +} SYSTEM_TRACE_HEADER, *PSYSTEM_TRACE_HEADER; + +// +// System header with no User/Kernel time. +// +#define COMPACT_HEADER_SIZE (RTL_SIZEOF_THROUGH_FIELD(SYSTEM_TRACE_HEADER, SystemTime)) + +// +// 64-bit Trace Header for Tracing Messages +// +typedef struct _WMI_TRACE_MESSAGE_PACKET +{ + USHORT MessageNumber; // The message Number, index of messages by GUID + // Or ComponentID + USHORT OptionFlags ; // Flags associated with the message +} WMI_TRACE_MESSAGE_PACKET, *PWMI_TRACE_MESSAGE_PACKET; + +static_assert(sizeof(WMI_TRACE_MESSAGE_PACKET) == sizeof(ULONG), "WMI_TRACE_MESSAGE_PACKET must equal sizeof(ULONG)"); + +typedef struct _MESSAGE_TRACE_HEADER +{ + union + { + ULONG Marker; + struct + { + USHORT Size; // Total Size of the message including header + UCHAR Reserved; // Unused and reserved + UCHAR Version; // The message structure type (TRACE_MESSAGE_FLAG) + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME; + union + { + ULONG Header; // both sizes must be the same! + WMI_TRACE_MESSAGE_PACKET Packet; + } DUMMYUNIONNAME2; +} MESSAGE_TRACE_HEADER, *PMESSAGE_TRACE_HEADER; + +typedef struct _MESSAGE_TRACE +{ + MESSAGE_TRACE_HEADER MessageHeader; + UCHAR Data; +} MESSAGE_TRACE, *PMESSAGE_TRACE; + +#define TRACE_MESSAGE_USERMODE 0x40 // flag indicating message came from user mode +#define TRACE_MESSAGE_WOW 0x80 +// +// Structure used to pass user log messages to the kernel +// +typedef struct DECLSPEC_ALIGN(8) _MESSAGE_TRACE_USER +{ + MESSAGE_TRACE_HEADER MessageHeader; + GUID MessageGuid; + ULONG MessageFlags; + ULONG DataSize; + ULONG64 Data; +} MESSAGE_TRACE_USER, *PMESSAGE_TRACE_USER; + +// +// N.B. ETW_REF_CLOCK needs to be available for WOW64, thus the trick with defines for ETW_WOW64. +// +typedef struct _ETW_REF_CLOCK +{ + LARGE_INTEGER StartTime; + LARGE_INTEGER StartPerfClock; +} ETW_REF_CLOCK, *PETW_REF_CLOCK; + +#ifndef ETW_WOW6432 + +typedef enum _ETW_BUFFER_STATE +{ + EtwBufferStateFree, + EtwBufferStateGeneralLogging, + EtwBufferStateCSwitch, + EtwBufferStateFlush, + EtwBufferStateMaximum //MaxState should always be the last enum +} ETW_BUFFER_STATE, *PETW_BUFFER_STATE; + +#define ETW_BUFFER_TYPE_GENERIC 0 +#define ETW_BUFFER_TYPE_RUNDOWN 1 +#define ETW_BUFFER_TYPE_CTX_SWAP 2 +#define ETW_BUFFER_TYPE_REFTIME 3 +#define ETW_BUFFER_TYPE_HEADER 4 +#define ETW_BUFFER_TYPE_BATCHED 5 +#define ETW_BUFFER_TYPE_EMPTY_MARKER 6 +#define ETW_BUFFER_TYPE_DBG_INFO 7 +#define ETW_BUFFER_TYPE_MAXIMUM 8 + +#define ETW_BUFFER_FLAG_NORMAL 0x0000 +#define ETW_BUFFER_FLAG_FLUSH_MARKER 0x0001 +#define ETW_BUFFER_FLAG_EVENTS_LOST 0x0002 +#define ETW_BUFFER_FLAG_BUFFER_LOST 0x0004 +#define ETW_BUFFER_FLAG_RTBACKUP_CORRUPT 0x0008 +#define ETW_BUFFER_FLAG_RTBACKUP 0x0010 +#define ETW_BUFFER_FLAG_PROC_INDEX 0x0020 +#define ETW_BUFFER_FLAG_COMPRESSED 0x0040 + +#define ETW_PROCESSOR_INDEX_MASK 0x07FF + +// +// The following constants for real time event loss reasons should be +// in sync with the messages in admin\wmi\events\service\eventlog.man. +// +#define ETW_RT_LOSS_EVENT 0x20 +#define ETW_RT_LOSS_BUFFER 0x21 +#define ETW_RT_LOSS_BACKUP 0x22 + +typedef enum _ETW_RT_EVENT_LOSS +{ + EtwRtEventNoLoss, + EtwRtEventLost, + EtwRtBufferLost, + EtwRtBackupLost, + EtwRtEventLossMax +} ETW_RT_EVENT_LOSS, *PETW_RT_EVENT_LOSS; + +typedef struct _WMI_BUFFER_HEADER *PWMI_BUFFER_HEADER; + +typedef struct _WMI_BUFFER_HEADER +{ + ULONG BufferSize; // BufferSize + ULONG SavedOffset; // Temp saved offset + volatile ULONG CurrentOffset; // Current offset + volatile LONG ReferenceCount; // Reference count + LARGE_INTEGER TimeStamp; // Flush time stamp + LONGLONG SequenceNumber; // Buffer sequence number + + union + { + struct + { // DBG_INFO buffers send to debugger + ULONGLONG ClockType : 3; + ULONGLONG Frequency : 61; + } DUMMYSTRUCTNAME; + SINGLE_LIST_ENTRY SlistEntry; // Local list when flushing + PWMI_BUFFER_HEADER NextBuffer; // FlushList + } DUMMYUNIONNAME; + + ETW_BUFFER_CONTEXT ClientContext; // LoggerId/ProcessorIndex + ETW_BUFFER_STATE State; // (Free/GeneralLogging/Flush) + + ULONG Offset; // Offset when flushing (can overlap SavedOffset) + USHORT BufferFlag; // (flush marker, events lost) + USHORT BufferType; // (generic/rundown/cswitch/reftime) + union + { + ULONG Padding1[4]; + ETW_REF_CLOCK ReferenceTime; // persistent real-time + LIST_ENTRY GlobalEntry; // Global list entry + struct + { + PVOID Pointer0; + PVOID Pointer1; + } DUMMYSTRUCTNAME2; + } DUMMYUNIONNAME2; +} WMI_BUFFER_HEADER, *PWMI_BUFFER_HEADER; + +static_assert(sizeof(WMI_BUFFER_HEADER) == 0x48, "WMI_BUFFER_HEADER must equal 0x48"); +C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, BufferSize) == 0x0); +C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, SavedOffset) == 0x4); +C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, CurrentOffset) == 0x8); +C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, TimeStamp) == 0x10); +C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, SlistEntry) == 0x20); +C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, ClientContext) == 0x28); +C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, State) == 0x2c); // Compression +C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, Offset) == 0x30); +C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, BufferFlag) == 0x34); +C_ASSERT(FIELD_OFFSET(WMI_BUFFER_HEADER, BufferType) == 0x36); + +typedef struct _TRACE_ENABLE_FLAG_EXTENSION +{ + USHORT Offset; // Offset to the flag array in structure + UCHAR Length; // Length of flag array in ULONGs + UCHAR Flag; // Must be set to EVENT_TRACE_FLAG_EXTENSION +} TRACE_ENABLE_FLAG_EXTENSION, *PTRACE_ENABLE_FLAG_EXTENSION; + +typedef struct _TRACE_ENABLE_FLAG_EXT_HEADER +{ + USHORT Length; // Length in ULONGs + USHORT Items; // # of items +} TRACE_ENABLE_FLAG_EXT_HEADER, *PTRACE_ENABLE_FLAG_EXT_HEADER; + +typedef struct _TRACE_ENABLE_FLAG_EXT_ITEM +{ + USHORT Offset; // Offset to the next block + USHORT Type; // Extension type +} TRACE_ENABLE_FLAG_EXT_ITEM, *PTRACE_ENABLE_FLAG_EXT_ITEM; + +#define EVENT_TRACE_FLAG_EXT_ITEMS 0x80FF0000 // New extension structure +#define EVENT_TRACE_FLAG_EXT_LEN_NEW_STRUCT 0xFF // Pseudo length to denote new struct format + +#define ETW_MINIMUM_CACHED_STACK_LENGTH 4 +#define ETW_SW_ARRAY_SIZE 256 // Frame Count allocated in lookaside list +#define ETW_STACK_SW_ARRAY_SIZE 192 // Frame Count allocated in stack +#define ETW_MAX_STACKWALK_FILTER 256 // Max number of HookId's +#define ETW_MAX_TAG_FILTER 4 +#define ETW_MAX_POOLTAG_FILTER ETW_MAX_TAG_FILTER + +#define ETW_EXT_ENABLE_FLAGS 0x0001 +#define ETW_EXT_PIDS 0x0002 +#define ETW_EXT_STACKWALK_FILTER 0x0003 +#define ETW_EXT_POOLTAG_FILTER 0x0004 +#define ETW_EXT_STACK_CACHING 0x0005 + +// +// Extended item for configuring stack caching. +// +typedef struct _ETW_STACK_CACHING_CONFIG +{ + ULONG CacheSize; + ULONG BucketCount; +} ETW_STACK_CACHING_CONFIG, *PETW_STACK_CACHING_CONFIG; + +#endif // ifndef ETW_WOW6432 + +#define PERFINFO_APPLY_OFFSET_GIVING_TYPE(_Base, _Offset, _Type) ((_Type) (((PPERF_BYTE) (_Base)) + (_Offset))) +#define PERFINFO_ROUND_UP(Size, Amount) (((ULONG)(Size) + ((Amount) - 1)) & ~((Amount) - 1)) + +// +// Enable flags, hook id's, etc... +// +#define PERF_MASK_INDEX (0xe0000000) +#define PERF_MASK_GROUP (~PERF_MASK_INDEX) +#define PERF_NUM_MASKS 8 + +typedef ULONG PERFINFO_MASK; + +// +// This structure holds a group mask for all the PERF_NUM_MASKS sets (see PERF_MASK_INDEX above). +// +typedef struct _PERFINFO_GROUPMASK +{ + ULONG Masks[PERF_NUM_MASKS]; +} PERFINFO_GROUPMASK, *PPERFINFO_GROUPMASK; + +#define PERF_GET_MASK_INDEX(GM) (((GM) & PERF_MASK_INDEX) >> 29) +#define PERF_GET_MASK_GROUP(GM) ((GM) & PERF_MASK_GROUP) + +#define PERFINFO_CLEAR_GROUPMASK(GroupMask) RtlZeroMemory((GroupMask), sizeof(PERFINFO_GROUPMASK)) +#define PERFINFO_OR_GROUP_WITH_GROUPMASK(Group, GroupMask) (GroupMask)->Masks[PERF_GET_MASK_INDEX(Group)] |= PERF_GET_MASK_GROUP(Group) +#define PERFINFO_CLEAR_GROUP_IN_GROUPMASK(Group, GroupMask) (GroupMask)->Masks[PERF_GET_MASK_INDEX(Group)] &= (~PERF_GET_MASK_GROUP(Group)) + +/*++ + +Routine Description: + + Determines whether any group is on in a group mask + +Arguments: + + Group - Group index to check. + + GroupMask - pointer to group mask to check. + +Return Value: + + Boolean indicating whether it is set or not. + +Environment: + + User mode. + +--*/ +FORCEINLINE +BOOLEAN +PerfIsGroupOnInGroupMask( + _In_ ULONG Group, + _In_ PPERFINFO_GROUPMASK GroupMask + ) +{ + PPERFINFO_GROUPMASK TestMask = GroupMask; + + return (BOOLEAN)(((TestMask) != NULL) && (((TestMask)->Masks[PERF_GET_MASK_INDEX((Group))] & PERF_GET_MASK_GROUP((Group))) != 0)); +} + +// Group Masks (enabling flags) are used to determine the type of +// events to be logged. Each hook type is controlled by one bit in the +// Group masks. +// +// Currently we have 8 sets of global masks available. Each set is a ULONG with +// the highest 3 bits reserved for PERF_MASK_INDEX, which is used to index to +// the particular set of masks. For example, +// +// #define PERF_GROUP1 0x0XXXXXXX in the 0th set (0x10000000 is the last bit in this set) +// #define PERF_GROUP2 0x2XXXXXXX in the 1st set (0x30000000 is the last bit in this set) +// #define PERF_GROUP3 0x4XXXXXXX in the 2nd set (0x50000000 is the last bit in this set) +// ... +// #define PERF_GROUP7 0xeXXXXXXX in the 7th set (0xf0000000 is the last bit in this set) +// +// See ntperf.h for the manipulations of flags. +// +// Externally published group masks (only in the 0th set) are defined in envtrace.h. +// This section contains extended group masks which are private. +// +// The highest set of GROUP_MASK (0xeXXXXXXX) is currently reserved for +// modifying system behaviors (e.g., turn off page fault clustering, limit +// process working set when BigFoot is turned on, etc.) when trace is +// turned on. +// +// +// +// NOTE: In LongHorn we desided to expose some of the flags outside of group 0. +// We did that by adding the following flags which are treated as aliases: +// +// EVENT_TRACE_FLAG_CSWITCH +// EVENT_TRACE_FLAG_DPC +// EVENT_TRACE_FLAG_INTERRUPT +// EVENT_TRACE_FLAG_SYSTEMCALL +// EVENT_TRACE_FLAG_DRIVER +// EVENT_TRACE_FLAG_PROFILE +// +// +// GlobalMask 0 (Masks[0]) +// +#define PERF_REGISTRY EVENT_TRACE_FLAG_REGISTRY +#define PERF_HARD_FAULTS EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS +#define PERF_JOB EVENT_TRACE_FLAG_JOB +#define PERF_PROC_THREAD EVENT_TRACE_FLAG_PROCESS | EVENT_TRACE_FLAG_THREAD +#define PERF_PROCESS EVENT_TRACE_FLAG_PROCESS +#define PERF_THREAD EVENT_TRACE_FLAG_THREAD +#define PERF_DISK_IO EVENT_TRACE_FLAG_DISK_FILE_IO | EVENT_TRACE_FLAG_DISK_IO +#define PERF_DISK_IO_INIT EVENT_TRACE_FLAG_DISK_IO_INIT +#define PERF_LOADER EVENT_TRACE_FLAG_IMAGE_LOAD +#define PERF_ALL_FAULTS EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS +#define PERF_FILENAME EVENT_TRACE_FLAG_DISK_FILE_IO +#define PERF_NETWORK EVENT_TRACE_FLAG_NETWORK_TCPIP +#define PERF_ALPC EVENT_TRACE_FLAG_ALPC +#define PERF_SPLIT_IO EVENT_TRACE_FLAG_SPLIT_IO +#define PERF_PERF_COUNTER EVENT_TRACE_FLAG_PROCESS_COUNTERS +#define PERF_FILE_IO EVENT_TRACE_FLAG_FILE_IO +#define PERF_FILE_IO_INIT EVENT_TRACE_FLAG_FILE_IO_INIT +#define PERF_DBGPRINT EVENT_TRACE_FLAG_DBGPRINT +#define PERF_NO_SYSCONFIG EVENT_TRACE_FLAG_NO_SYSCONFIG +#define PERF_VAMAP EVENT_TRACE_FLAG_VAMAP +#define PERF_DEBUG_EVENTS EVENT_TRACE_FLAG_DEBUG_EVENTS + +// +// GlobalMask 1 (Masks[1]) +// +#define PERF_MEMORY 0x20000001 // High level WS manager activities, PFN changes +#define PERF_PROFILE 0x20000002 // Sysprof // equivalent to EVENT_TRACE_FLAG_PROFILE +#define PERF_CONTEXT_SWITCH 0x20000004 // Context Switch // equivalent to EVENT_TRACE_FLAG_CSWITCH +#define PERF_FOOTPRINT 0x20000008 // Flush WS on every mark_with_flush +#define PERF_DRIVERS 0x20000010 // equivalent to EVENT_TRACE_FLAG_DRIVER +#define PERF_REFSET 0x20000020 // PERF_FOOTPRINT + log AutoMark on trace start/stop. +#define PERF_POOL 0x20000040 +#define PERF_POOLTRACE 0x20000041 +#define PERF_DPC 0x20000080 // equivalent to EVENT_TRACE_FLAG_DPC +#define PERF_COMPACT_CSWITCH 0x20000100 +#define PERF_DISPATCHER 0x20000200 // equivalent to EVENT_TRACE_FLAG_DISPATCHER +#define PERF_PMC_PROFILE 0x20000400 +#define PERF_PROFILING 0x20000402 +#define PERF_PROCESS_INSWAP 0x20000800 +#define PERF_AFFINITY 0x20001000 +#define PERF_PRIORITY 0x20002000 +#define PERF_INTERRUPT 0x20004000 // equivalent to EVENT_TRACE_FLAG_INTERRUPT +#define PERF_VIRTUAL_ALLOC 0x20008000 // equivalent to EVENT_TRACE_FLAG_VIRTUAL_ALLOC +#define PERF_SPINLOCK 0x20010000 +#define PERF_SYNC_OBJECTS 0x20020000 +#define PERF_DPC_QUEUE 0x20040000 +#define PERF_MEMINFO 0x20080000 +#define PERF_CONTMEM_GEN 0x20100000 +#define PERF_SPINLOCK_CNTRS 0x20200000 +#define PERF_SPININSTR 0x20210000 +#define PERF_SESSION 0x20400000 +#define PERF_PFSECTION PERF_SESSION // Bits in this group are scarce and so use SESSION for PFSECTION events. +#define PERF_MEMINFO_WS 0x20800000 // Logs Workingset/Commit information on MemInfo DPC +#define PERF_KERNEL_QUEUE 0x21000000 +#define PERF_INTERRUPT_STEER 0x22000000 +#define PERF_SHOULD_YIELD 0x24000000 +#define PERF_WS 0x28000000 +//#define PERF_POOLTRACE (PERF_MEMORY | PERF_POOL) +//#define PERF_PROFILING (PERF_PROFILE | PERF_PMC_PROFILE) +//#define PERF_SPININSTR (PERF_SPINLOCK | PERF_SPINLOCK_CNTRS) + +// +// GlobalMask 2 (Masks[2]) +// +#define PERF_ANTI_STARVATION 0x40000001 +#define PERF_PROCESS_FREEZE 0x40000002 +#define PERF_PFN_LIST 0x40000004 +#define PERF_WS_DETAIL 0x40000008 +#define PERF_WS_ENTRY 0x40000010 +#define PERF_HEAP 0x40000020 +#define PERF_SYSCALL 0x40000040 +#define PERF_UMS 0x40000080 +#define PERF_BACKTRACE 0x40000100 +#define PERF_VULCAN 0x40000200 +#define PERF_OBJECTS 0x40000400 +#define PERF_EVENTS 0x40000800 +#define PERF_FULLTRACE 0x40001000 +#define PERF_DFSS 0x40002000 // spare +#define PERF_PREFETCH 0x40004000 +#define PERF_PROCESSOR_IDLE 0x40008000 +#define PERF_CPU_CONFIG 0x40010000 +#define PERF_TIMER 0x40020000 +#define PERF_CLOCK_INTERRUPT 0x40040000 +#define PERF_LOAD_BALANCER 0x40080000 // spare +#define PERF_CLOCK_TIMER 0x40100000 +#define PERF_IDLE_SELECTION 0x40200000 +#define PERF_IPI 0x40400000 +#define PERF_IO_TIMER 0x40800000 +#define PERF_REG_HIVE 0x41000000 +#define PERF_REG_NOTIF 0x42000000 +#define PERF_PPM_EXIT_LATENCY 0x44000000 +#define PERF_WORKER_THREAD 0x48000000 + +// +// GlobalMask 3 (Masks[3]) +// + +// Reserved 0x60000001 +// Reserved 0x60000002 +// Reserved 0x60000004 +// Reserved 0x60000008 +// ... + +// +// GlobalMask 4 (Masks[4]) +// + +#define PERF_OPTICAL_IO 0x80000001 +#define PERF_OPTICAL_IO_INIT 0x80000002 +// Reserved 0x80000004 +#define PERF_DLL_INFO 0x80000008 +#define PERF_DLL_FLUSH_WS 0x80000010 +// Reserved 0x80000020 +#define PERF_OB_HANDLE 0x80000040 +#define PERF_OB_OBJECT 0x80000080 +// Reserved 0x80000100 +#define PERF_WAKE_DROP 0x80000200 +#define PERF_WAKE_EVENT 0x80000400 +#define PERF_DEBUGGER 0x80000800 +#define PERF_PROC_ATTACH 0x80001000 +#define PERF_WAKE_COUNTER 0x80002000 +// Reserved 0x80004000 +#define PERF_POWER 0x80008000 +#define PERF_SOFT_TRIM 0x80010000 +#define PERF_CC 0x80020000 +// Reserved 0x80040000 +#define PERF_FLT_IO_INIT 0x80080000 +#define PERF_FLT_IO 0x80100000 +#define PERF_FLT_FASTIO 0x80200000 +#define PERF_FLT_IO_FAILURE 0x80400000 +#define PERF_HV_PROFILE 0x80800000 +#define PERF_WDF_DPC 0x81000000 +#define PERF_WDF_INTERRUPT 0x82000000 +#define PERF_CACHE_FLUSH 0x84000000 + +// +// GlobalMask 5: +// + +#define PERF_HIBER_RUNDOWN 0xA0000001 + +// Reserved 0xA0000002 +// Reserved 0xA0000004 +// Reserved 0xA0000008 +// ... + +// +// GlobalMask 6: +// + +#define PERF_SYSCFG_SYSTEM 0xC0000001 +#define PERF_SYSCFG_GRAPHICS 0xC0000002 +#define PERF_SYSCFG_STORAGE 0xC0000004 +#define PERF_SYSCFG_NETWORK 0xC0000008 +#define PERF_SYSCFG_SERVICES 0xC0000010 +#define PERF_SYSCFG_PNP 0xC0000020 +#define PERF_SYSCFG_OPTICAL 0xC0000040 +// Reserved 0xC0000080 +// Reserved 0xC0000100 +#define PERF_SYSCFG_ALL 0xDFFFFFFF + +// +// GlobalMask 7: The mark is a control mask. All flags that changes system +// behaviors go here. +// + +#define PERF_CLUSTER_OFF 0xe0000001 +#define PERF_MEMORY_CONTROL 0xe0000002 + +// +// Converting old PERF hooks into WMI format. More clean up to be done. +// +// WHEN YOU ADD NEW TYPES UPDATE THE NAME TABLE in perfgroups.c: +// PerfLogTypeNames ALSO UPDATE VERIFICATION TABLE IN PERFPOSTTBLS.C +// + +// +// Event for header +// +#define WMI_LOG_TYPE_HEADER (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_INFO) +#define WMI_LOG_TYPE_HEADER_EXTENSION (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_EXTENSION) +#define WMI_LOG_TYPE_RUNDOWN_COMPLETE (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_CHECKPOINT) +#define WMI_LOG_TYPE_GROUP_MASKS_END (EVENT_TRACE_GROUP_HEADER | 0x20) +#define WMI_LOG_TYPE_RUNDOWN_BEGIN (EVENT_TRACE_GROUP_HEADER | 0x30) +#define WMI_LOG_TYPE_RUNDOWN_END (EVENT_TRACE_GROUP_HEADER | 0x31) +#define WMI_LOG_TYPE_DBGID_RSDS (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_DBGID_RSDS) +#define WMI_LOG_TYPE_DBGID_NB10 (EVENT_TRACE_GROUP_HEADER | 0x41) +#define WMI_LOG_TYPE_BUILD_LAB (EVENT_TRACE_GROUP_HEADER | 0x42) +#define WMI_LOG_TYPE_BINARY_PATH (EVENT_TRACE_GROUP_HEADER | 0x43) + +// +// Event for system config +// + +#define WMI_LOG_TYPE_CONFIG_CPU (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_CPU) +#define WMI_LOG_TYPE_CONFIG_PHYSICALDISK (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK) +#define WMI_LOG_TYPE_CONFIG_LOGICALDISK (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_LOGICALDISK) +#define WMI_LOG_TYPE_CONFIG_OPTICALMEDIA (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_OPTICALMEDIA) +#define WMI_LOG_TYPE_CONFIG_NIC (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_NIC) +#define WMI_LOG_TYPE_CONFIG_VIDEO (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_VIDEO) +#define WMI_LOG_TYPE_CONFIG_SERVICES (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_SERVICES) +#define WMI_LOG_TYPE_CONFIG_POWER (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_POWER) +//#define WMI_LOG_TYPE_CONFIG_OSVERSION (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_OSVERSION) +//#define WMI_LOG_TYPE_CONFIG_VISUALTHEME (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_VISUALTHEME) +//#define WMI_LOG_TYPE_CONFIG_SYSTEMRANGE (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_SYSTEMRANGE) +//#define WMI_LOG_TYPE_CONFIG_SYSDLLINFO (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_SYSDLLINFO) +#define WMI_LOG_TYPE_CONFIG_IRQ (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_IRQ) +#define WMI_LOG_TYPE_CONFIG_PNP (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PNP) +#define WMI_LOG_TYPE_CONFIG_IDECHANNEL (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_IDECHANNEL) +#define WMI_LOG_TYPE_CONFIG_NUMANODE (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_NUMANODE) +#define WMI_LOG_TYPE_CONFIG_PLATFORM (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PLATFORM) +#define WMI_LOG_TYPE_CONFIG_PROCESSORGROUP (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PROCESSORGROUP) +#define WMI_LOG_TYPE_CONFIG_PROCESSORNUMBER (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PROCESSORNUMBER) +#define WMI_LOG_TYPE_CONFIG_DPI (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_DPI) +#define WMI_LOG_TYPE_CONFIG_CODEINTEGRITY (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_CI_INFO) +#define WMI_LOG_TYPE_CONFIG_MACHINEID (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_MACHINEID) + +// +// Event for Image and File Name +// +#define PERFINFO_LOG_TYPE_FILENAME (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_INFO) +#define PERFINFO_LOG_TYPE_FILENAME_CREATE (EVENT_TRACE_GROUP_FILE | 0x20) +#define PERFINFO_LOG_TYPE_FILENAME_SAME (EVENT_TRACE_GROUP_FILE | 0x21) +#define PERFINFO_LOG_TYPE_FILENAME_NULL (EVENT_TRACE_GROUP_FILE | 0x22) +#define PERFINFO_LOG_TYPE_FILENAME_DELETE (EVENT_TRACE_GROUP_FILE | 0x23) +#define PERFINFO_LOG_TYPE_FILENAME_RUNDOWN (EVENT_TRACE_GROUP_FILE | 0x24) + +#define PERFINFO_LOG_TYPE_MAPFILE (EVENT_TRACE_GROUP_FILE | 0x25) +#define PERFINFO_LOG_TYPE_UNMAPFILE (EVENT_TRACE_GROUP_FILE | 0x26) +#define PERFINFO_LOG_TYPE_MAPFILE_DC_START (EVENT_TRACE_GROUP_FILE | 0x27) +#define PERFINFO_LOG_TYPE_MAPFILE_DC_END (EVENT_TRACE_GROUP_FILE | 0x28) + +#define PERFINFO_LOG_TYPE_FILE_IO_CREATE (EVENT_TRACE_GROUP_FILE | 0x40) +#define PERFINFO_LOG_TYPE_FILE_IO_CLEANUP (EVENT_TRACE_GROUP_FILE | 0x41) +#define PERFINFO_LOG_TYPE_FILE_IO_CLOSE (EVENT_TRACE_GROUP_FILE | 0x42) +#define PERFINFO_LOG_TYPE_FILE_IO_READ (EVENT_TRACE_GROUP_FILE | 0x43) +#define PERFINFO_LOG_TYPE_FILE_IO_WRITE (EVENT_TRACE_GROUP_FILE | 0x44) +#define PERFINFO_LOG_TYPE_FILE_IO_SET_INFORMATION (EVENT_TRACE_GROUP_FILE | 0x45) +#define PERFINFO_LOG_TYPE_FILE_IO_DELETE (EVENT_TRACE_GROUP_FILE | 0x46) +#define PERFINFO_LOG_TYPE_FILE_IO_RENAME (EVENT_TRACE_GROUP_FILE | 0x47) +#define PERFINFO_LOG_TYPE_FILE_IO_DIRENUM (EVENT_TRACE_GROUP_FILE | 0x48) +#define PERFINFO_LOG_TYPE_FILE_IO_FLUSH (EVENT_TRACE_GROUP_FILE | 0x49) +#define PERFINFO_LOG_TYPE_FILE_IO_QUERY_INFORMATION (EVENT_TRACE_GROUP_FILE | 0x4A) +#define PERFINFO_LOG_TYPE_FILE_IO_FS_CONTROL (EVENT_TRACE_GROUP_FILE | 0x4B) +#define PERFINFO_LOG_TYPE_FILE_IO_OPERATION_END (EVENT_TRACE_GROUP_FILE | 0x4C) +#define PERFINFO_LOG_TYPE_FILE_IO_DIRNOTIFY (EVENT_TRACE_GROUP_FILE | 0x4D) +#define PERFINFO_LOG_TYPE_FILE_IO_CREATE_NEW (EVENT_TRACE_GROUP_FILE | 0x4E) +#define PERFINFO_LOG_TYPE_FILE_IO_DELETE_PATH (EVENT_TRACE_GROUP_FILE | 0x4F) +#define PERFINFO_LOG_TYPE_FILE_IO_RENAME_PATH (EVENT_TRACE_GROUP_FILE | 0x50) +#define PERFINFO_LOG_TYPE_FILE_IO_SETLINK_PATH (EVENT_TRACE_GROUP_FILE | 0x51) +#define PERFINFO_LOG_TYPE_FILE_IO_SETLINK (EVENT_TRACE_GROUP_FILE | 0x52) + +// +// Event types for minifilter callbacks +// + +#define PERFINFO_LOG_TYPE_FLT_PREOP_INIT (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_PREOP_INIT) +#define PERFINFO_LOG_TYPE_FLT_POSTOP_INIT (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_POSTOP_INIT) +#define PERFINFO_LOG_TYPE_FLT_PREOP_COMPLETION (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_PREOP_COMPLETION) +#define PERFINFO_LOG_TYPE_FLT_POSTOP_COMPLETION (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_POSTOP_COMPLETION) +#define PERFINFO_LOG_TYPE_FLT_PREOP_FAILURE (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_PREOP_FAILURE) +#define PERFINFO_LOG_TYPE_FLT_POSTOP_FAILURE (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_FLT_POSTOP_FAILURE) + +// +// Event types for Job +// + +#define WMI_LOG_TYPE_JOB_CREATE (EVENT_TRACE_GROUP_JOB | 0x20) +#define WMI_LOG_TYPE_JOB_TERMINATE (EVENT_TRACE_GROUP_JOB | 0x21) +#define WMI_LOG_TYPE_JOB_OPEN (EVENT_TRACE_GROUP_JOB | 0x22) +#define WMI_LOG_TYPE_JOB_ASSIGN_PROCESS (EVENT_TRACE_GROUP_JOB | 0x23) +#define WMI_LOG_TYPE_JOB_REMOVE_PROCESS (EVENT_TRACE_GROUP_JOB | 0x24) +#define WMI_LOG_TYPE_JOB_SET (EVENT_TRACE_GROUP_JOB | 0x25) +#define WMI_LOG_TYPE_JOB_QUERY (EVENT_TRACE_GROUP_JOB | 0x26) +#define WMI_LOG_TYPE_JOB_SET_FAILED (EVENT_TRACE_GROUP_JOB | 0x27) +#define WMI_LOG_TYPE_JOB_QUERY_FAILED (EVENT_TRACE_GROUP_JOB | 0x28) +#define WMI_LOG_TYPE_JOB_SET_NOTIFICATION (EVENT_TRACE_GROUP_JOB | 0x29) +#define WMI_LOG_TYPE_JOB_SEND_NOTIFICATION (EVENT_TRACE_GROUP_JOB | 0x2A) +#define WMI_LOG_TYPE_JOB_QUERY_VIOLATION (EVENT_TRACE_GROUP_JOB | 0x2B) +#define WMI_LOG_TYPE_JOB_SET_CPU_RATE (EVENT_TRACE_GROUP_JOB | 0x2C) +#define WMI_LOG_TYPE_JOB_SET_NET_RATE (EVENT_TRACE_GROUP_JOB | 0x2D) + +// +// Event types for Process +// + +#define WMI_LOG_TYPE_PROCESS_CREATE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_START) +#define WMI_LOG_TYPE_PROCESS_DELETE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_END) +#define WMI_LOG_TYPE_PROCESS_DC_START (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_DC_START) +#define WMI_LOG_TYPE_PROCESS_DC_END (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_DC_END) +#define WMI_LOG_TYPE_PROCESS_LOAD_IMAGE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_LOAD) +#define WMI_LOG_TYPE_PROCESS_TERMINATE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_TERMINATE) + +#define PERFINFO_LOG_TYPE_PROCESS_PERFCTR_END (EVENT_TRACE_GROUP_PROCESS | 0x20) +#define PERFINFO_LOG_TYPE_PROCESS_PERFCTR_RD (EVENT_TRACE_GROUP_PROCESS | 0x21) +// Reserved (EVENT_TRACE_GROUP_PROCESS | 0x22) +#define PERFINFO_LOG_TYPE_INSWAPPROCESS (EVENT_TRACE_GROUP_PROCESS | 0x23) +#define PERFINFO_LOG_TYPE_PROCESS_FREEZE (EVENT_TRACE_GROUP_PROCESS | 0x24) +#define PERFINFO_LOG_TYPE_PROCESS_THAW (EVENT_TRACE_GROUP_PROCESS | 0x25) +#define PERFINFO_LOG_TYPE_BOOT_PHASE_START (EVENT_TRACE_GROUP_PROCESS | 0x26) +#define PERFINFO_LOG_TYPE_ZOMBIE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x27) +#define PERFINFO_LOG_TYPE_PROCESS_SET_AFFINITY (EVENT_TRACE_GROUP_PROCESS | 0x28) + +#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_USER (EVENT_TRACE_GROUP_PROCESS | 0x30) +#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x31) +#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x32) +#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x33) +#define PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x34) + +#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_USER (EVENT_TRACE_GROUP_PROCESS | 0x40) +#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x41) +#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x42) +#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x43) +#define PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x44) + +#define PERFINFO_LOG_TYPE_WAKE_DROP_USER (EVENT_TRACE_GROUP_PROCESS | 0x50) +#define PERFINFO_LOG_TYPE_WAKE_DROP_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x51) +#define PERFINFO_LOG_TYPE_WAKE_DROP_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x52) +#define PERFINFO_LOG_TYPE_WAKE_DROP_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x53) +#define PERFINFO_LOG_TYPE_WAKE_DROP_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x54) + +#define PERFINFO_LOG_TYPE_WAKE_EVENT_USER (EVENT_TRACE_GROUP_PROCESS | 0x60) +#define PERFINFO_LOG_TYPE_WAKE_EVENT_EXECUTION (EVENT_TRACE_GROUP_PROCESS | 0x61) +#define PERFINFO_LOG_TYPE_WAKE_EVENT_KERNEL (EVENT_TRACE_GROUP_PROCESS | 0x62) +#define PERFINFO_LOG_TYPE_WAKE_EVENT_INSTRUMENTATION (EVENT_TRACE_GROUP_PROCESS | 0x63) +#define PERFINFO_LOG_TYPE_WAKE_EVENT_PRESERVE_PROCESS (EVENT_TRACE_GROUP_PROCESS | 0x64) + +#define PERFINFO_LOG_TYPE_DEBUG_EVENT (EVENT_TRACE_GROUP_PROCESS | 0x70) + +// +// Event types for Image and Library Loader +// + +#define WMI_LOG_TYPE_IMAGE_LOAD (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_START) // reserved for future +#define WMI_LOG_TYPE_IMAGE_UNLOAD (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_END) +#define WMI_LOG_TYPE_IMAGE_DC_START (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_DC_START) +#define WMI_LOG_TYPE_IMAGE_DC_END (EVENT_TRACE_GROUP_IMAGE | EVENT_TRACE_TYPE_DC_END) +#define WMI_LOG_TYPE_IMAGE_RELOCATION (EVENT_TRACE_GROUP_IMAGE | 0x20) +#define WMI_LOG_TYPE_IMAGE_KERNEL_BASE (EVENT_TRACE_GROUP_IMAGE | 0x21) +#define WMI_LOG_TYPE_IMAGE_HYPERCALL_PAGE (EVENT_TRACE_GROUP_IMAGE | 0x22) + +#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_ATTEMPT (EVENT_TRACE_GROUP_IMAGE | 0x80) // 128 +#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_SUCCESS (EVENT_TRACE_GROUP_IMAGE | 0x81) +#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_FAIL (EVENT_TRACE_GROUP_IMAGE | 0x82) +#define PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_WAIT (EVENT_TRACE_GROUP_IMAGE | 0x83) +#define PERFINFO_LOG_TYPE_LDR_PROC_INIT_DONE (EVENT_TRACE_GROUP_IMAGE | 0x84) // 132 +#define PERFINFO_LOG_TYPE_LDR_CREATE_SECTION (EVENT_TRACE_GROUP_IMAGE | 0x85) +#define PERFINFO_LOG_TYPE_LDR_SECTION_CREATED (EVENT_TRACE_GROUP_IMAGE | 0x86) +#define PERFINFO_LOG_TYPE_LDR_MAP_VIEW (EVENT_TRACE_GROUP_IMAGE | 0x87) + +#define PERFINFO_LOG_TYPE_LDR_RELOCATE_IMAGE (EVENT_TRACE_GROUP_IMAGE | 0x90) // 144 +#define PERFINFO_LOG_TYPE_LDR_IMAGE_RELOCATED (EVENT_TRACE_GROUP_IMAGE | 0x91) +#define PERFINFO_LOG_TYPE_LDR_HANDLE_OLD_DESCRIPTORS (EVENT_TRACE_GROUP_IMAGE | 0x92) +#define PERFINFO_LOG_TYPE_LDR_OLD_DESCRIPTORS_HANDLED (EVENT_TRACE_GROUP_IMAGE | 0x93) +#define PERFINFO_LOG_TYPE_LDR_HANDLE_NEW_DESCRIPTORS (EVENT_TRACE_GROUP_IMAGE | 0x94) // 148 +#define PERFINFO_LOG_TYPE_LDR_NEW_DESCRIPTORS_HANDLED (EVENT_TRACE_GROUP_IMAGE | 0x95) +#define PERFINFO_LOG_TYPE_LDR_DLLMAIN_EXIT (EVENT_TRACE_GROUP_IMAGE | 0x96) + +#define PERFINFO_LOG_TYPE_LDR_FIND_DLL (EVENT_TRACE_GROUP_IMAGE | 0xA0) // 160 +#define PERFINFO_LOG_TYPE_LDR_VIEW_MAPPED (EVENT_TRACE_GROUP_IMAGE | 0xA1) +#define PERFINFO_LOG_TYPE_LDR_LOCK_RELEASE (EVENT_TRACE_GROUP_IMAGE | 0xA2) +#define PERFINFO_LOG_TYPE_LDR_DLLMAIN_ENTER (EVENT_TRACE_GROUP_IMAGE | 0xA3) +#define PERFINFO_LOG_TYPE_LDR_ERROR (EVENT_TRACE_GROUP_IMAGE | 0xA4) // 164 + +#define PERFINFO_LOG_TYPE_LDR_VIEW_MAPPING (EVENT_TRACE_GROUP_IMAGE | 0xA5) // 165 +#define PERFINFO_LOG_TYPE_LDR_SNAPPING (EVENT_TRACE_GROUP_IMAGE | 0xA6) +#define PERFINFO_LOG_TYPE_LDR_SNAPPED (EVENT_TRACE_GROUP_IMAGE | 0xA7) +#define PERFINFO_LOG_TYPE_LDR_LOADING (EVENT_TRACE_GROUP_IMAGE | 0xA8) +#define PERFINFO_LOG_TYPE_LDR_LOADED (EVENT_TRACE_GROUP_IMAGE | 0xA9) +#define PERFINFO_LOG_TYPE_LDR_FOUND_KNOWN_DLL (EVENT_TRACE_GROUP_IMAGE | 0xAA) // 170 +#define PERFINFO_LOG_TYPE_LDR_ABNORMAL (EVENT_TRACE_GROUP_IMAGE | 0xAB) +#define PERFINFO_LOG_TYPE_LDR_PLACEHOLDER (EVENT_TRACE_GROUP_IMAGE | 0xAC) +#define PERFINFO_LOG_TYPE_LDR_RDY_TO_INIT (EVENT_TRACE_GROUP_IMAGE | 0xAD) +#define PERFINFO_LOG_TYPE_LDR_RDY_TO_RUN (EVENT_TRACE_GROUP_IMAGE | 0xAE) // 174 + + +#define PERFINFO_LOG_TYPE_LDR_NEW_DLL_LOAD (EVENT_TRACE_GROUP_IMAGE | 0xB0) // 176 +#define PERFINFO_LOG_TYPE_LDR_NEW_DLL_AS_DATA (EVENT_TRACE_GROUP_IMAGE | 0xB1) // 177 + +#define PERFINFO_LOG_TYPE_LDR_EXTERNAL_PATH (EVENT_TRACE_GROUP_IMAGE | 0xC0) // 192 +#define PERFINFO_LOG_TYPE_LDR_GENERATED_PATH (EVENT_TRACE_GROUP_IMAGE | 0xC1) + +#define PERFINFO_LOG_TYPE_LDR_APISET_RESOLVING (EVENT_TRACE_GROUP_IMAGE | 0xD0) // 208 +#define PERFINFO_LOG_TYPE_LDR_APISET_HOSTED (EVENT_TRACE_GROUP_IMAGE | 0xD1) // 209 +#define PERFINFO_LOG_TYPE_LDR_APISET_UNHOSTED (EVENT_TRACE_GROUP_IMAGE | 0xD2) // 210 +#define PERFINFO_LOG_TYPE_LDR_APISET_UNRESOLVED (EVENT_TRACE_GROUP_IMAGE | 0xD3) // 211 + +#define PERFINFO_LOG_TYPE_LDR_SEARCH_SECURITY (EVENT_TRACE_GROUP_IMAGE | 0xD4) // 212 +#define PERFINFO_LOG_TYPE_LDR_SEARCH_PATH_SECURITY (EVENT_TRACE_GROUP_IMAGE | 0xD5) // 213 + +// +// Event types for Thread +// + +#define WMI_LOG_TYPE_THREAD_CREATE (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_START) +#define WMI_LOG_TYPE_THREAD_DELETE (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_END) +#define WMI_LOG_TYPE_THREAD_DC_START (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_DC_START) +#define WMI_LOG_TYPE_THREAD_DC_END (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_DC_END) + +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x20) +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x21) +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x22) +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x23) +#define PERFINFO_LOG_TYPE_CONTEXTSWAP (EVENT_TRACE_GROUP_THREAD | 0x24) +#define PERFINFO_LOG_TYPE_CONTEXTSWAP_BATCH (EVENT_TRACE_GROUP_THREAD | 0x25) +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x26) +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x27) +// Reserved (EVENT_TRACE_GROUP_THREAD | 0x28) +#define PERFINFO_LOG_TYPE_SPINLOCK (EVENT_TRACE_GROUP_THREAD | 0x29) +#define PERFINFO_LOG_TYPE_QUEUE (EVENT_TRACE_GROUP_THREAD | 0x2A) +#define PERFINFO_LOG_TYPE_RESOURCE (EVENT_TRACE_GROUP_THREAD | 0x2B) +#define PERFINFO_LOG_TYPE_PUSHLOCK (EVENT_TRACE_GROUP_THREAD | 0x2C) +#define PERFINFO_LOG_TYPE_WAIT_SINGLE (EVENT_TRACE_GROUP_THREAD | 0x2D) +#define PERFINFO_LOG_TYPE_WAIT_MULTIPLE (EVENT_TRACE_GROUP_THREAD | 0x2E) +#define PERFINFO_LOG_TYPE_DELAY_EXECUTION (EVENT_TRACE_GROUP_THREAD | 0x2F) +#define PERFINFO_LOG_TYPE_THREAD_SET_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x30) +#define PERFINFO_LOT_TYPE_THREAD_SET_BASE_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x31) +#define PERFINFO_LOG_TYPE_THREAD_SET_BASE_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x31) +#define PERFINFO_LOG_TYPE_READY_THREAD (EVENT_TRACE_GROUP_THREAD | 0x32) +#define PERFINFO_LOG_TYPE_THREAD_SET_PAGE_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x33) +#define PERFINFO_LOG_TYPE_THREAD_SET_IO_PRIORITY (EVENT_TRACE_GROUP_THREAD | 0x34) +#define PERFINFO_LOG_TYPE_THREAD_SET_AFFINITY (EVENT_TRACE_GROUP_THREAD | 0x35) +#define PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM (EVENT_TRACE_GROUP_THREAD | 0x39) +#define PERFINFO_LOG_TYPE_DFSS_START_NEW_INTERVAL (EVENT_TRACE_GROUP_THREAD | 0x3A) +#define PERFINFO_LOG_TYPE_DFSS_PROCESS_IDLE_ONLY_QUEUE (EVENT_TRACE_GROUP_THREAD | 0x3B) +#define PERFINFO_LOG_TYPE_ANTI_STARVATION_BOOST (EVENT_TRACE_GROUP_THREAD | 0x3C) +#define PERFINFO_LOG_TYPE_THREAD_MIGRATION (EVENT_TRACE_GROUP_THREAD | 0x3D) +#define PERFINFO_LOG_TYPE_KQUEUE_ENQUEUE (EVENT_TRACE_GROUP_THREAD | 0x3E) +#define PERFINFO_LOG_TYPE_KQUEUE_DEQUEUE (EVENT_TRACE_GROUP_THREAD | 0x3F) +#define PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM_START (EVENT_TRACE_GROUP_THREAD | 0x40) +#define PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM_END (EVENT_TRACE_GROUP_THREAD | 0x41) +#define PERFINFO_LOG_TYPE_AUTO_BOOST_SET_FLOOR (EVENT_TRACE_GROUP_THREAD | 0x42) +#define PERFINFO_LOG_TYPE_AUTO_BOOST_CLEAR_FLOOR (EVENT_TRACE_GROUP_THREAD | 0x43) +#define PERFINFO_LOG_TYPE_AUTO_BOOST_NO_ENTRIES (EVENT_TRACE_GROUP_THREAD | 0x44) +#define PERFINFO_LOG_TYPE_THREAD_SUBPROCESSTAG_CHANGED (EVENT_TRACE_GROUP_THREAD | 0x45) + +// +// Event types for Network subsystem (TCPIP/UDPIP) +// + +#define WMI_LOG_TYPE_TCPIP_SEND (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_SEND) +#define WMI_LOG_TYPE_TCPIP_RECEIVE (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RECEIVE) +#define WMI_LOG_TYPE_TCPIP_CONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_CONNECT) +#define WMI_LOG_TYPE_TCPIP_DISCONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_DISCONNECT) +#define WMI_LOG_TYPE_TCPIP_RETRANSMIT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RETRANSMIT) +#define WMI_LOG_TYPE_TCPIP_ACCEPT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACCEPT) +#define WMI_LOG_TYPE_TCPIP_RECONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RECONNECT) +#define WMI_LOG_TYPE_TCPIP_FAIL (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_CONNFAIL) +#define WMI_LOG_TYPE_TCPIP_TCPCOPY (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_COPY_TCP) +#define WMI_LOG_TYPE_TCPIP_ARPCOPY (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_COPY_ARP) +#define WMI_LOG_TYPE_TCPIP_FULLACK (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACKFULL) +#define WMI_LOG_TYPE_TCPIP_PARTACK (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACKPART) +#define WMI_LOG_TYPE_TCPIP_DUPACK (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACKDUP) + +#define WMI_LOG_TYPE_UDP_SEND (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_SEND) +#define WMI_LOG_TYPE_UDP_RECEIVE (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_RECEIVE) +#define WMI_LOG_TYPE_UDP_FAIL (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_CONNFAIL) + +// +// Netowrk events with IPV6 +// +#define WMI_LOG_TYPE_TCPIP_SEND_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1A) +#define WMI_LOG_TYPE_TCPIP_RECEIVE_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1B) +#define WMI_LOG_TYPE_TCPIP_CONNECT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1C) +#define WMI_LOG_TYPE_TCPIP_DISCONNECT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1D) +#define WMI_LOG_TYPE_TCPIP_RETRANSMIT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1E) +#define WMI_LOG_TYPE_TCPIP_ACCEPT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x1F) +#define WMI_LOG_TYPE_TCPIP_RECONNECT_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x20) +#define WMI_LOG_TYPE_TCPIP_FAIL_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x21) +#define WMI_LOG_TYPE_TCPIP_TCPCOPY_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x22) +#define WMI_LOG_TYPE_TCPIP_ARPCOPY_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x23) +#define WMI_LOG_TYPE_TCPIP_FULLACK_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x24) +#define WMI_LOG_TYPE_TCPIP_PARTACK_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x25) +#define WMI_LOG_TYPE_TCPIP_DUPACK_IPV6 (EVENT_TRACE_GROUP_TCPIP | 0x26) + +#define WMI_LOG_TYPE_UDP_SEND_IPV6 (EVENT_TRACE_GROUP_UDPIP | 0x1A) +#define WMI_LOG_TYPE_UDP_RECEIVE_IPV6 (EVENT_TRACE_GROUP_UDPIP | 0x1B) + +// +// Event types for IO subsystem +// + +#define WMI_LOG_TYPE_IO_READ (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_READ) +#define WMI_LOG_TYPE_IO_WRITE (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_WRITE) +#define WMI_LOG_TYPE_IO_READ_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_READ_INIT) +#define WMI_LOG_TYPE_IO_WRITE_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_WRITE_INIT) +#define WMI_LOG_TYPE_IO_FLUSH (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_FLUSH) +#define WMI_LOG_TYPE_IO_FLUSH_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_FLUSH_INIT) +#define WMI_LOG_TYPE_IO_REDIRECTED_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_REDIRECTED_INIT) + +#define PERFINFO_LOG_TYPE_DRIVER_INIT (EVENT_TRACE_GROUP_IO | 0x20) +#define PERFINFO_LOG_TYPE_DRIVER_INIT_COMPLETE (EVENT_TRACE_GROUP_IO | 0x21) +#define PERFINFO_LOG_TYPE_DRIVER_MAJORFUNCTION_CALL (EVENT_TRACE_GROUP_IO | 0x22) +#define PERFINFO_LOG_TYPE_DRIVER_MAJORFUNCTION_RETURN (EVENT_TRACE_GROUP_IO | 0x23) +#define PERFINFO_LOG_TYPE_DRIVER_COMPLETIONROUTINE_CALL (EVENT_TRACE_GROUP_IO | 0x24) +#define PERFINFO_LOG_TYPE_DRIVER_COMPLETIONROUTINE_RETURN (EVENT_TRACE_GROUP_IO | 0x25) +#define PERFINFO_LOG_TYPE_DRIVER_ADD_DEVICE_CALL (EVENT_TRACE_GROUP_IO | 0x26) +#define PERFINFO_LOG_TYPE_DRIVER_ADD_DEVICE_RETURN (EVENT_TRACE_GROUP_IO | 0x27) +#define PERFINFO_LOG_TYPE_DRIVER_STARTIO_CALL (EVENT_TRACE_GROUP_IO | 0x28) +#define PERFINFO_LOG_TYPE_DRIVER_STARTIO_RETURN (EVENT_TRACE_GROUP_IO | 0x29) +// Reserved (EVENT_TRACE_GROUP_IO | 0x2a) +// Reserved (EVENT_TRACE_GROUP_IO | 0x2b) +// Reserved (EVENT_TRACE_GROUP_IO | 0x2c) +// Reserved (EVENT_TRACE_GROUP_IO | 0x2d) +// Reserved (EVENT_TRACE_GROUP_IO | 0x2e) +// Reserved (EVENT_TRACE_GROUP_IO | 0x2f) +#define PERFINFO_LOG_TYPE_PREFETCH_ACTION (EVENT_TRACE_GROUP_IO | 0x30) +#define PERFINFO_LOG_TYPE_PREFETCH_REQUEST (EVENT_TRACE_GROUP_IO | 0x31) +#define PERFINFO_LOG_TYPE_PREFETCH_READLIST (EVENT_TRACE_GROUP_IO | 0x32) +#define PERFINFO_LOG_TYPE_PREFETCH_READ (EVENT_TRACE_GROUP_IO | 0x33) +#define PERFINFO_LOG_TYPE_DRIVER_COMPLETE_REQUEST (EVENT_TRACE_GROUP_IO | 0x34) +#define PERFINFO_LOG_TYPE_DRIVER_COMPLETE_REQUEST_RETURN (EVENT_TRACE_GROUP_IO | 0x35) +#define PERFINFO_LOG_TYPE_BOOT_PREFETCH_INFORMATION (EVENT_TRACE_GROUP_IO | 0x36) +#define PERFINFO_LOG_TYPE_OPTICAL_IO_READ (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_READ) +#define PERFINFO_LOG_TYPE_OPTICAL_IO_WRITE (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_WRITE) +#define PERFINFO_LOG_TYPE_OPTICAL_IO_FLUSH (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH) +#define PERFINFO_LOG_TYPE_OPTICAL_IO_READ_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_READ_INIT) +#define PERFINFO_LOG_TYPE_OPTICAL_IO_WRITE_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_WRITE_INIT) +#define PERFINFO_LOG_TYPE_OPTICAL_IO_FLUSH_INIT (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH_INIT) + +// +// Event types for Memory subsystem +// +#define WMI_LOG_TYPE_PAGE_FAULT_TRANSITION (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_TF) +#define WMI_LOG_TYPE_PAGE_FAULT_DEMAND_ZERO (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_DZF) +#define WMI_LOG_TYPE_PAGE_FAULT_COPY_ON_WRITE (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_COW) +#define WMI_LOG_TYPE_PAGE_FAULT_GUARD_PAGE (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_GPF) +#define WMI_LOG_TYPE_PAGE_FAULT_HARD_PAGE_FAULT (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_HPF) +#define WMI_LOG_TYPE_PAGE_FAULT_ACCESS_VIOLATION (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_AV) + +#define PERFINFO_LOG_TYPE_HARDFAULT (EVENT_TRACE_GROUP_MEMORY | 0x20) +#define PERFINFO_LOG_TYPE_REMOVEPAGEBYCOLOR (EVENT_TRACE_GROUP_MEMORY | 0x21) +#define PERFINFO_LOG_TYPE_REMOVEPAGEFROMLIST (EVENT_TRACE_GROUP_MEMORY | 0x22) +#define PERFINFO_LOG_TYPE_PAGEINMEMORY (EVENT_TRACE_GROUP_MEMORY | 0x23) +#define PERFINFO_LOG_TYPE_INSERTINFREELIST (EVENT_TRACE_GROUP_MEMORY | 0x24) +#define PERFINFO_LOG_TYPE_INSERTINMODIFIEDLIST (EVENT_TRACE_GROUP_MEMORY | 0x25) +#define PERFINFO_LOG_TYPE_INSERTINLIST (EVENT_TRACE_GROUP_MEMORY | 0x26) +#define PERFINFO_LOG_TYPE_INSERTATFRONT (EVENT_TRACE_GROUP_MEMORY | 0x28) +#define PERFINFO_LOG_TYPE_UNLINKFROMSTANDBY (EVENT_TRACE_GROUP_MEMORY | 0x29) +#define PERFINFO_LOG_TYPE_UNLINKFFREEORZERO (EVENT_TRACE_GROUP_MEMORY | 0x2a) +#define PERFINFO_LOG_TYPE_WORKINGSETMANAGER (EVENT_TRACE_GROUP_MEMORY | 0x2b) +#define PERFINFO_LOG_TYPE_TRIMPROCESS (EVENT_TRACE_GROUP_MEMORY | 0x2c) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x2d) +#define PERFINFO_LOG_TYPE_ZEROSHARECOUNT (EVENT_TRACE_GROUP_MEMORY | 0x2e) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x2f) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x30) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x31) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x32) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x33) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x34) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x35) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x36) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x37) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x38) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x39) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3a) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3b) +#define PERFINFO_LOG_TYPE_WSINFOPROCESS (EVENT_TRACE_GROUP_MEMORY | 0x3c) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3d) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3e) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x3f) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x40) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x41) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x42) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x43) +// Reserved (EVENT_TRACE_GROUP_MEMORY | 0x44) +#define PERFINFO_LOG_TYPE_FAULTADDR_WITH_IP (EVENT_TRACE_GROUP_MEMORY | 0x45) +#define PERFINFO_LOG_TYPE_TRIMSESSION (EVENT_TRACE_GROUP_MEMORY | 0x46) +#define PERFINFO_LOG_TYPE_MEMORYSNAPLITE (EVENT_TRACE_GROUP_MEMORY | 0x47) +#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x48) +#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_CREATE (EVENT_TRACE_GROUP_MEMORY | 0x49) +#define PERFINFO_LOG_TYPE_WSINFOSESSION (EVENT_TRACE_GROUP_MEMORY | 0x4a) +#define PERFINFO_LOG_TYPE_CREATE_SESSION (EVENT_TRACE_GROUP_MEMORY | 0x4b) +#define PERFINFO_LOG_TYPE_SESSION_RUNDOWN_DC_END (EVENT_TRACE_GROUP_MEMORY | 0x4c) +#define PERFINFO_LOG_TYPE_SESSION_RUNDOWN_DC_START (EVENT_TRACE_GROUP_MEMORY | 0x4d) +#define PERFINFO_LOG_TYPE_SESSION_DELETE (EVENT_TRACE_GROUP_MEMORY | 0x4e) +#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_DELETE (EVENT_TRACE_GROUP_MEMORY | 0x4f) + +#define PERFINFO_LOG_TYPE_VIRTUAL_ALLOC (EVENT_TRACE_GROUP_MEMORY | 0x62) +#define PERFINFO_LOG_TYPE_VIRTUAL_FREE (EVENT_TRACE_GROUP_MEMORY | 0x63) +#define PERFINFO_LOG_TYPE_HEAP_RANGE_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x64) +#define PERFINFO_LOG_TYPE_HEAP_RANGE_CREATE (EVENT_TRACE_GROUP_MEMORY | 0x65) +#define PERFINFO_LOG_TYPE_HEAP_RANGE_RESERVE (EVENT_TRACE_GROUP_MEMORY | 0x66) +#define PERFINFO_LOG_TYPE_HEAP_RANGE_RELEASE (EVENT_TRACE_GROUP_MEMORY | 0x67) +#define PERFINFO_LOG_TYPE_HEAP_RANGE_DESTROY (EVENT_TRACE_GROUP_MEMORY | 0x68) + +#define PERFINFO_LOG_TYPE_PAGEFILE_BACK (EVENT_TRACE_GROUP_MEMORY | 0x69) +#define PERFINFO_LOG_TYPE_MEMINFO (EVENT_TRACE_GROUP_MEMORY | 0x70) +#define PERFINFO_LOG_TYPE_CONTMEM_GENERATE (EVENT_TRACE_GROUP_MEMORY | 0x71) +#define PERFINFO_LOG_TYPE_FILE_STORE_FAULT (EVENT_TRACE_GROUP_MEMORY | 0x72) +#define PERFINFO_LOG_TYPE_INMEMORY_STORE_FAULT (EVENT_TRACE_GROUP_MEMORY | 0x73) +#define PERFINFO_LOG_TYPE_COMPRESSED_PAGE (EVENT_TRACE_GROUP_MEMORY | 0x74) +#define PERFINFO_LOG_TYPE_PAGEINMEMORY_ACTIVE (EVENT_TRACE_GROUP_MEMORY | 0x75) +#define PERFINFO_LOG_TYPE_PAGE_ACCESS (EVENT_TRACE_GROUP_MEMORY | 0x76) +#define PERFINFO_LOG_TYPE_PAGE_RELEASE (EVENT_TRACE_GROUP_MEMORY | 0x77) +#define PERFINFO_LOG_TYPE_PAGE_RANGE_ACCESS (EVENT_TRACE_GROUP_MEMORY | 0x78) +#define PERFINFO_LOG_TYPE_PAGE_RANGE_RELEASE (EVENT_TRACE_GROUP_MEMORY | 0x79) +#define PERFINFO_LOG_TYPE_PAGE_COMBINE (EVENT_TRACE_GROUP_MEMORY | 0x7a) +#define PERFINFO_LOG_TYPE_KERNEL_MEMUSAGE (EVENT_TRACE_GROUP_MEMORY | 0x7b) +#define PERFINFO_LOG_TYPE_MM_STATS (EVENT_TRACE_GROUP_MEMORY | 0x7c) +#define PERFINFO_LOG_TYPE_MEMINFOEX_WS (EVENT_TRACE_GROUP_MEMORY | 0x7d) +#define PERFINFO_LOG_TYPE_MEMINFOEX_SESSIONWS (EVENT_TRACE_GROUP_MEMORY | 0x7e) + +#define PERFINFO_LOG_TYPE_VIRTUAL_ROTATE (EVENT_TRACE_GROUP_MEMORY | 0x7f) +#define PERFINFO_LOG_TYPE_VIRTUAL_ALLOC_DC_START (EVENT_TRACE_GROUP_MEMORY | 0x80) +#define PERFINFO_LOG_TYPE_VIRTUAL_ALLOC_DC_END (EVENT_TRACE_GROUP_MEMORY | 0x81) + +#define PERFINFO_LOG_TYPE_PAGE_ACCESS_EX (EVENT_TRACE_GROUP_MEMORY | 0x82) +#define PERFINFO_LOG_TYPE_REMOVEFROMWS (EVENT_TRACE_GROUP_MEMORY | 0x83) +#define PERFINFO_LOG_TYPE_WSSHAREABLE_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x84) +#define PERFINFO_LOG_TYPE_INMEMORYACTIVE_RUNDOWN (EVENT_TRACE_GROUP_MEMORY | 0x85) + +#define PERFINFO_LOG_TYPE_MEM_RESET_INFO (EVENT_TRACE_GROUP_MEMORY | 0x86) +#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_OBJECT_CREATE (EVENT_TRACE_GROUP_MEMORY | 0x87) +#define PERFINFO_LOG_TYPE_PFMAPPED_SECTION_OBJECT_DELETE (EVENT_TRACE_GROUP_MEMORY | 0x88) + +// +// +// Event types for Registry subsystem +// +#define WMI_LOG_TYPE_REG_RUNDOWNBEGIN (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN) +#define WMI_LOG_TYPE_REG_RUNDOWNEND (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGKCBRUNDOWNEND) + +#define PERFINFO_LOG_TYPE_CMCELLREFERRED (EVENT_TRACE_GROUP_REGISTRY | 0x20) +#define PERFINFO_LOG_TYPE_REG_SET_VALUE (EVENT_TRACE_GROUP_REGISTRY | 0x21) +#define PERFINFO_LOG_TYPE_REG_COUNTERS (EVENT_TRACE_GROUP_REGISTRY | 0x22) +#define PERFINFO_LOG_TYPE_REG_CONFIG (EVENT_TRACE_GROUP_REGISTRY | 0x23) +#define PERFINFO_LOG_TYPE_REG_HIVE_INITIALIZE (EVENT_TRACE_GROUP_REGISTRY | 0x24) +#define PERFINFO_LOG_TYPE_REG_HIVE_DESTROY (EVENT_TRACE_GROUP_REGISTRY | 0x25) +#define PERFINFO_LOG_TYPE_REG_HIVE_LINK (EVENT_TRACE_GROUP_REGISTRY | 0x26) +#define PERFINFO_LOG_TYPE_REG_HIVE_RUNDOWN_DC_END (EVENT_TRACE_GROUP_REGISTRY | 0x27) +#define PERFINFO_LOG_TYPE_REG_HIVE_DIRTY (EVENT_TRACE_GROUP_REGISTRY | 0x28) +// Reserved +#define PERFINFO_LOG_TYPE_REG_NOTIF_REGISTER (EVENT_TRACE_GROUP_REGISTRY | 0x30) +#define PERFINFO_LOG_TYPE_REG_NOTIF_DELIVER (EVENT_TRACE_GROUP_REGISTRY | 0x31) + +// +// Event types for PERF tracing specific subsystem +// +#define PERFINFO_LOG_TYPE_RUNDOWN_CHECKPOINT (EVENT_TRACE_GROUP_PERFINFO | 0x20) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x21) +#define PERFINFO_LOG_TYPE_MARK (EVENT_TRACE_GROUP_PERFINFO | 0x22) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x23) +#define PERFINFO_LOG_TYPE_ASYNCMARK (EVENT_TRACE_GROUP_PERFINFO | 0x24) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x25) +#define PERFINFO_LOG_TYPE_IMAGENAME (EVENT_TRACE_GROUP_PERFINFO | 0x26) +#define PERFINFO_LOG_TYPE_DELAYS_CC_CAN_I_WRITE (EVENT_TRACE_GROUP_PERFINFO | 0x27) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x28) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x29) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2a) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2b) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2c) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x2d) +#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE (EVENT_TRACE_GROUP_PERFINFO | 0x2e) +#define PERFINFO_LOG_TYPE_PMC_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x2f) +#define PERFINFO_LOG_TYPE_PMC_CONFIG (EVENT_TRACE_GROUP_PERFINFO | 0x30) +// Reserved (EVENT_TRACE_GROUP_PERFINFO | 0x31) +#define PERFINFO_LOG_TYPE_MSI_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x32) +#define PERFINFO_LOG_TYPE_SYSCALL_ENTER (EVENT_TRACE_GROUP_PERFINFO | 0x33) +#define PERFINFO_LOG_TYPE_SYSCALL_EXIT (EVENT_TRACE_GROUP_PERFINFO | 0x34) +#define PERFINFO_LOG_TYPE_BACKTRACE (EVENT_TRACE_GROUP_PERFINFO | 0x35) +#define PERFINFO_LOG_TYPE_BACKTRACE_USERSTACK (EVENT_TRACE_GROUP_PERFINFO | 0x36) +#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_CACHE (EVENT_TRACE_GROUP_PERFINFO | 0x37) +#define PERFINFO_LOG_TYPE_EXCEPTION_STACK (EVENT_TRACE_GROUP_PERFINFO | 0x38) +#define PERFINFO_LOG_TYPE_BRANCH_TRACE (EVENT_TRACE_GROUP_PERFINFO | 0x39) +#define PERFINFO_LOG_TYPE_DEBUGGER_ENABLED (EVENT_TRACE_GROUP_PERFINFO | 0x3a) +#define PERFINFO_LOG_TYPE_DEBUGGER_EXIT (EVENT_TRACE_GROUP_PERFINFO | 0x3b) +#define PERFINFO_LOG_TYPE_BRANCH_TRACE_DEBUG (EVENT_TRACE_GROUP_PERFINFO | 0x40) +#define PERFINFO_LOG_TYPE_BRANCH_ADDRESS_DEBUG (EVENT_TRACE_GROUP_PERFINFO | 0x41) +#define PERFINFO_LOG_TYPE_THREADED_DPC (EVENT_TRACE_GROUP_PERFINFO | 0x42) +#define PERFINFO_LOG_TYPE_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x43) +#define PERFINFO_LOG_TYPE_DPC (EVENT_TRACE_GROUP_PERFINFO | 0x44) +#define PERFINFO_LOG_TYPE_TIMERDPC (EVENT_TRACE_GROUP_PERFINFO | 0x45) +#define PERFINFO_LOG_TYPE_IOTIMER_EXPIRATION (EVENT_TRACE_GROUP_PERFINFO | 0x46) +#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_NMI (EVENT_TRACE_GROUP_PERFINFO | 0x47) +#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_SET_INTERVAL (EVENT_TRACE_GROUP_PERFINFO | 0x48) +#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_DC_START (EVENT_TRACE_GROUP_PERFINFO | 0x49) +#define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_DC_END (EVENT_TRACE_GROUP_PERFINFO | 0x4a) +#define PERFINFO_LOG_TYPE_SPINLOCK_DC_START (EVENT_TRACE_GROUP_PERFINFO | 0x4b) +#define PERFINFO_LOG_TYPE_SPINLOCK_DC_END (EVENT_TRACE_GROUP_PERFINFO | 0x4c) +#define PERFINFO_LOG_TYPE_ERESOURCE_DC_START (EVENT_TRACE_GROUP_PERFINFO | 0x4d) +#define PERFINFO_LOG_TYPE_ERESOURCE_DC_END (EVENT_TRACE_GROUP_PERFINFO | 0x4e) +#define PERFINFO_LOG_TYPE_CLOCK_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x4f) +#define PERFINFO_LOG_TYPE_TIMER_EXPIRATION_START (EVENT_TRACE_GROUP_PERFINFO | 0x50) +#define PERFINFO_LOG_TYPE_TIMER_EXPIRATION (EVENT_TRACE_GROUP_PERFINFO | 0x51) +#define PERFINFO_LOG_TYPE_TIMER_SET_PERIODIC (EVENT_TRACE_GROUP_PERFINFO | 0x52) +#define PERFINFO_LOG_TYPE_TIMER_SET_ONE_SHOT (EVENT_TRACE_GROUP_PERFINFO | 0x53) +#define PERFINFO_LOG_TYPE_TIMER_SET_THREAD (EVENT_TRACE_GROUP_PERFINFO | 0x54) +#define PERFINFO_LOG_TYPE_TIMER_CANCEL (EVENT_TRACE_GROUP_PERFINFO | 0x55) +#define PERFINFO_LOG_TYPE_TIME_ADJUSTMENT (EVENT_TRACE_GROUP_PERFINFO | 0x56) +#define PERFINFO_LOG_TYPE_CLOCK_MODE_SWITCH (EVENT_TRACE_GROUP_PERFINFO | 0x57) +#define PERFINFO_LOG_TYPE_CLOCK_TIME_UPDATE (EVENT_TRACE_GROUP_PERFINFO | 0x58) +#define PERFINFO_LOG_TYPE_CLOCK_DYNAMIC_TICK_VETO (EVENT_TRACE_GROUP_PERFINFO | 0x59) +#define PERFINFO_LOG_TYPE_CLOCK_CONFIGURATION (EVENT_TRACE_GROUP_PERFINFO | 0x5a) +#define PERFINFO_LOG_TYPE_IPI (EVENT_TRACE_GROUP_PERFINFO | 0x5b) +#define PERFINFO_LOG_TYPE_UNEXPECTED_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x5c) +#define PERFINFO_LOG_TYPE_IOTIMER_START (EVENT_TRACE_GROUP_PERFINFO | 0x5d) +#define PERFINFO_LOG_TYPE_IOTIMER_STOP (EVENT_TRACE_GROUP_PERFINFO | 0x5e) +#define PERFINFO_LOG_TYPE_PASSIVE_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x5f) +#define PERFINFO_LOG_TYPE_WDF_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x60) +#define PERFINFO_LOG_TYPE_WDF_PASSIVE_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x61) +#define PERFINFO_LOG_TYPE_WDF_DPC (EVENT_TRACE_GROUP_PERFINFO | 0x62) +#define PERFINFO_LOG_TYPE_CPU_CACHE_FLUSH (EVENT_TRACE_GROUP_PERFINFO | 0x63) +#define PERFINFO_LOG_TYPE_DPC_ENQUEUE (EVENT_TRACE_GROUP_PERFINFO | 0x64) +#define PERFINFO_LOG_TYPE_DPC_EXECUTION (EVENT_TRACE_GROUP_PERFINFO | 0x65) +#define PERFINFO_LOG_TYPE_INTERRUPT_STEERING (EVENT_TRACE_GROUP_PERFINFO | 0x66) +#define PERFINFO_LOG_TYPE_WDF_WORK_ITEM (EVENT_TRACE_GROUP_PERFINFO | 0x67) +#define PERFINFO_LOG_TYPE_KTIMER2_SET (EVENT_TRACE_GROUP_PERFINFO | 0x68) +#define PERFINFO_LOG_TYPE_KTIMER2_EXPIRATION (EVENT_TRACE_GROUP_PERFINFO | 0x69) +#define PERFINFO_LOG_TYPE_KTIMER2_CANCEL (EVENT_TRACE_GROUP_PERFINFO | 0x6a) +#define PERFINFO_LOG_TYPE_KTIMER2_DISABLE (EVENT_TRACE_GROUP_PERFINFO | 0x6b) +#define PERFINFO_LOG_TYPE_KTIMER2_FINALIZATION (EVENT_TRACE_GROUP_PERFINFO | 0x6c) +#define PERFINFO_LOG_TYPE_SHOULD_YIELD_PROCESSOR (EVENT_TRACE_GROUP_PERFINFO | 0x6d) + +// +// Event types for ICE. +// + +#define PERFINFO_LOG_TYPE_FUNCTION_CALL (EVENT_TRACE_GROUP_PERFINFO | 0x80) +#define PERFINFO_LOG_TYPE_FUNCTION_RETURN (EVENT_TRACE_GROUP_PERFINFO | 0x81) +#define PERFINFO_LOG_TYPE_FUNCTION_ENTER (EVENT_TRACE_GROUP_PERFINFO | 0x82) +#define PERFINFO_LOG_TYPE_FUNCTION_EXIT (EVENT_TRACE_GROUP_PERFINFO | 0x83) +#define PERFINFO_LOG_TYPE_TAILCALL (EVENT_TRACE_GROUP_PERFINFO | 0x84) +#define PERFINFO_LOG_TYPE_TRAP (EVENT_TRACE_GROUP_PERFINFO | 0x85) +#define PERFINFO_LOG_TYPE_SPINLOCK_ACQUIRE (EVENT_TRACE_GROUP_PERFINFO | 0x86) +#define PERFINFO_LOG_TYPE_SPINLOCK_RELEASE (EVENT_TRACE_GROUP_PERFINFO | 0x87) +#define PERFINFO_LOG_TYPE_CAP_COMMENT (EVENT_TRACE_GROUP_PERFINFO | 0x88) +#define PERFINFO_LOG_TYPE_CAP_RUNDOWN (EVENT_TRACE_GROUP_PERFINFO | 0x89) + +// +// Event types for Debugger subsystem. +// + +#define PERFINFO_LOG_TYPE_DEBUG_PRINT (EVENT_TRACE_GROUP_DBGPRINT | 0x20) + +// +// Event types for WNF facility +// + +#define PERFINFO_LOG_TYPE_WNF_SUBSCRIBE (EVENT_TRACE_GROUP_WNF | 0x20) +#define PERFINFO_LOG_TYPE_WNF_UNSUBSCRIBE (EVENT_TRACE_GROUP_WNF | 0x21) +#define PERFINFO_LOG_TYPE_WNF_CALLBACK (EVENT_TRACE_GROUP_WNF | 0x22) +#define PERFINFO_LOG_TYPE_WNF_PUBLISH (EVENT_TRACE_GROUP_WNF | 0x23) +#define PERFINFO_LOG_TYPE_WNF_NAME_SUB_RUNDOWN (EVENT_TRACE_GROUP_WNF | 0x24) + +// +// Event types for Pool subsystem. +// + +#define PERFINFO_LOG_TYPE_ALLOCATEPOOL (EVENT_TRACE_GROUP_POOL | 0x20) +#define PERFINFO_LOG_TYPE_ALLOCATEPOOL_SESSION (EVENT_TRACE_GROUP_POOL | 0x21) +#define PERFINFO_LOG_TYPE_FREEPOOL (EVENT_TRACE_GROUP_POOL | 0x22) +#define PERFINFO_LOG_TYPE_FREEPOOL_SESSION (EVENT_TRACE_GROUP_POOL | 0x23) +#define PERFINFO_LOG_TYPE_ADDPOOLPAGE (EVENT_TRACE_GROUP_POOL | 0x24) +#define PERFINFO_LOG_TYPE_ADDPOOLPAGE_SESSION (EVENT_TRACE_GROUP_POOL | 0x25) +#define PERFINFO_LOG_TYPE_BIGPOOLPAGE (EVENT_TRACE_GROUP_POOL | 0x26) +#define PERFINFO_LOG_TYPE_BIGPOOLPAGE_SESSION (EVENT_TRACE_GROUP_POOL | 0x27) +#define PERFINFO_LOG_TYPE_POOLSNAP_DC_START (EVENT_TRACE_GROUP_POOL | 0x28) +#define PERFINFO_LOG_TYPE_POOLSNAP_DC_END (EVENT_TRACE_GROUP_POOL | 0x29) +#define PERFINFO_LOG_TYPE_BIGPOOLSNAP_DC_START (EVENT_TRACE_GROUP_POOL | 0x2a) +#define PERFINFO_LOG_TYPE_BIGPOOLSNAP_DC_END (EVENT_TRACE_GROUP_POOL | 0x2b) +#define PERFINFO_LOG_TYPE_POOLSNAP_SESSION_DC_START (EVENT_TRACE_GROUP_POOL | 0x2c) +#define PERFINFO_LOG_TYPE_POOLSNAP_SESSION_DC_END (EVENT_TRACE_GROUP_POOL | 0x2d) +#define PERFINFO_LOG_TYPE_SESSIONBIGPOOLSNAP_DC_START (EVENT_TRACE_GROUP_POOL | 0x2e) +#define PERFINFO_LOG_TYPE_SESSIONBIGPOOLSNAP_DC_END (EVENT_TRACE_GROUP_POOL | 0x2f) + +// +// Event types for Heap subsystem +// +#define PERFINFO_LOG_TYPE_HEAP_CREATE (EVENT_TRACE_GROUP_HEAP | 0x20) +#define PERFINFO_LOG_TYPE_HEAP_ALLOC (EVENT_TRACE_GROUP_HEAP | 0x21) +#define PERFINFO_LOG_TYPE_HEAP_REALLOC (EVENT_TRACE_GROUP_HEAP | 0x22) +#define PERFINFO_LOG_TYPE_HEAP_DESTROY (EVENT_TRACE_GROUP_HEAP | 0x23) +#define PERFINFO_LOG_TYPE_HEAP_FREE (EVENT_TRACE_GROUP_HEAP | 0x24) +#define PERFINFO_LOG_TYPE_HEAP_EXTEND (EVENT_TRACE_GROUP_HEAP | 0x25) +#define PERFINFO_LOG_TYPE_HEAP_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x26) +#define PERFINFO_LOG_TYPE_HEAP_CREATE_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x27) +#define PERFINFO_LOG_TYPE_HEAP_DESTROY_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x28) +#define PERFINFO_LOG_TYPE_HEAP_EXTEND_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x29) +#define PERFINFO_LOG_TYPE_HEAP_CONTRACT (EVENT_TRACE_GROUP_HEAP | 0x2a) +#define PERFINFO_LOG_TYPE_HEAP_LOCK (EVENT_TRACE_GROUP_HEAP | 0x2b) +#define PERFINFO_LOG_TYPE_HEAP_UNLOCK (EVENT_TRACE_GROUP_HEAP | 0x2c) +#define PERFINFO_LOG_TYPE_HEAP_VALIDATE (EVENT_TRACE_GROUP_HEAP | 0x2d) +#define PERFINFO_LOG_TYPE_HEAP_WALK (EVENT_TRACE_GROUP_HEAP | 0x2e) + +#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ALLOC (EVENT_TRACE_GROUP_HEAP | 0x2f) +#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_FREE (EVENT_TRACE_GROUP_HEAP | 0x30) +#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ALLOC_CACHE (EVENT_TRACE_GROUP_HEAP | 0x31) +#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_FREE_CACHE (EVENT_TRACE_GROUP_HEAP | 0x32) +#define PERFINFO_LOG_TYPE_HEAP_COMMIT (EVENT_TRACE_GROUP_HEAP | 0x33) +#define PERFINFO_LOG_TYPE_HEAP_DECOMMIT (EVENT_TRACE_GROUP_HEAP | 0x34) +#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_INIT (EVENT_TRACE_GROUP_HEAP | 0x35) +#define PERFINFO_LOG_TYPE_HEAP_AFFINITY_ENABLE (EVENT_TRACE_GROUP_HEAP | 0x36) +//Reserved (EVENT_TRACE_GROUP_HEAP | 0x37) +#define PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ACTIVATED (EVENT_TRACE_GROUP_HEAP | 0x38) +#define PERFINFO_LOG_TYPE_HEAP_AFFINITY_ASSIGN (EVENT_TRACE_GROUP_HEAP | 0x39) +#define PERFINFO_LOG_TYPE_HEAP_REUSE_THRESHOLD_ACTIVATED (EVENT_TRACE_GROUP_HEAP | 0x3a) + +// +// Event Types for Critical Section Subsystem +// + +#define PERFINFO_LOG_TYPE_CRITSEC_ENTER (EVENT_TRACE_GROUP_CRITSEC | 0x20) +#define PERFINFO_LOG_TYPE_CRITSEC_LEAVE (EVENT_TRACE_GROUP_CRITSEC | 0x21) +#define PERFINFO_LOG_TYPE_CRITSEC_COLLISION (EVENT_TRACE_GROUP_CRITSEC | 0x22) +#define PERFINFO_LOG_TYPE_CRITSEC_INITIALIZE (EVENT_TRACE_GROUP_CRITSEC | 0x23) + +// +// Event types for Stackwalk subsystem +// + +#define PERFINFO_LOG_TYPE_STACKWALK (EVENT_TRACE_GROUP_STACKWALK | 0x20) +//Reserved (EVENT_TRACE_GROUP_STACKWALK | 0x21) +#define PERFINFO_LOG_TYPE_STACKTRACE_CREATE (EVENT_TRACE_GROUP_STACKWALK | 0x22) +#define PERFINFO_LOG_TYPE_STACKTRACE_DELETE (EVENT_TRACE_GROUP_STACKWALK | 0x23) +#define PERFINFO_LOG_TYPE_STACKTRACE_RUNDOWN (EVENT_TRACE_GROUP_STACKWALK | 0x24) +#define PERFINFO_LOG_TYPE_STACKTRACE_KEY_KERNEL (EVENT_TRACE_GROUP_STACKWALK | 0x25) +#define PERFINFO_LOG_TYPE_STACKTRACE_KEY_USER (EVENT_TRACE_GROUP_STACKWALK | 0x26) + +// +// Event types for ALPC +// + +#define WMI_LOG_TYPE_ALPC_SEND_MESSAGE (EVENT_TRACE_GROUP_ALPC | 0x21) +#define WMI_LOG_TYPE_ALPC_RECEIVE_MESSAGE (EVENT_TRACE_GROUP_ALPC | 0x22) +#define WMI_LOG_TYPE_ALPC_WAIT_FOR_REPLY (EVENT_TRACE_GROUP_ALPC | 0x23) +#define WMI_LOG_TYPE_ALPC_WAIT_FOR_NEW_MESSAGE (EVENT_TRACE_GROUP_ALPC | 0x24) +#define WMI_LOG_TYPE_ALPC_UNWAIT (EVENT_TRACE_GROUP_ALPC | 0x25) +#define WMI_LOG_TYPE_ALPC_CONNECT_REQUEST (EVENT_TRACE_GROUP_ALPC | 0x26) +#define WMI_LOG_TYPE_ALPC_CONNECT_SUCCESS (EVENT_TRACE_GROUP_ALPC | 0x27) +#define WMI_LOG_TYPE_ALPC_CONNECT_FAIL (EVENT_TRACE_GROUP_ALPC | 0x28) +#define WMI_LOG_TYPE_ALPC_CLOSE_PORT (EVENT_TRACE_GROUP_ALPC | 0x29) + + +// +// Event types for Object Manager subsystem +// + +#define PERFINFO_LOG_TYPE_CREATE_HANDLE (EVENT_TRACE_GROUP_OBJECT | 0x20) +#define PERFINFO_LOG_TYPE_CLOSE_HANDLE (EVENT_TRACE_GROUP_OBJECT | 0x21) +#define PERFINFO_LOG_TYPE_DUPLICATE_HANDLE (EVENT_TRACE_GROUP_OBJECT | 0x22) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x23) +#define PERFINFO_LOG_TYPE_OBJECT_TYPE_DC_START (EVENT_TRACE_GROUP_OBJECT | 0x24) +#define PERFINFO_LOG_TYPE_OBJECT_TYPE_DC_END (EVENT_TRACE_GROUP_OBJECT | 0x25) +#define PERFINFO_LOG_TYPE_OBJECT_HANDLE_DC_START (EVENT_TRACE_GROUP_OBJECT | 0x26) +#define PERFINFO_LOG_TYPE_OBJECT_HANDLE_DC_END (EVENT_TRACE_GROUP_OBJECT | 0x27) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x28) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x29) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2a) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2b) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2c) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2d) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2e) +//Reserved (EVENT_TRACE_GROUP_OBJECT | 0x2f) +#define PERFINFO_LOG_TYPE_CREATE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x30) +#define PERFINFO_LOG_TYPE_DELETE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x31) +#define PERFINFO_LOG_TYPE_REFERENCE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x32) +#define PERFINFO_LOG_TYPE_DEREFERENCE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x33) + +// +// Event types for Power subsystem +// + +#define PERFINFO_LOG_TYPE_BATTERY_LIFE_INFO (EVENT_TRACE_GROUP_POWER | 0x20) +#define PERFINFO_LOG_TYPE_IDLE_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x21) +#define PERFINFO_LOG_TYPE_SET_POWER_ACTION (EVENT_TRACE_GROUP_POWER | 0x22) +#define PERFINFO_LOG_TYPE_SET_POWER_ACTION_RET (EVENT_TRACE_GROUP_POWER | 0x23) +#define PERFINFO_LOG_TYPE_SET_DEVICES_STATE (EVENT_TRACE_GROUP_POWER | 0x24) +#define PERFINFO_LOG_TYPE_SET_DEVICES_STATE_RET (EVENT_TRACE_GROUP_POWER | 0x25) +#define PERFINFO_LOG_TYPE_PO_NOTIFY_DEVICE (EVENT_TRACE_GROUP_POWER | 0x26) +#define PERFINFO_LOG_TYPE_PO_NOTIFY_DEVICE_COMPLETE (EVENT_TRACE_GROUP_POWER | 0x27) +#define PERFINFO_LOG_TYPE_PO_SESSION_CALLOUT (EVENT_TRACE_GROUP_POWER | 0x28) +#define PERFINFO_LOG_TYPE_PO_SESSION_CALLOUT_RET (EVENT_TRACE_GROUP_POWER | 0x29) +#define PERFINFO_LOG_TYPE_PO_PRESLEEP (EVENT_TRACE_GROUP_POWER | 0x30) +#define PERFINFO_LOG_TYPE_PO_POSTSLEEP (EVENT_TRACE_GROUP_POWER | 0x31) +#define PERFINFO_LOG_TYPE_PO_CALIBRATED_PERFCOUNTER (EVENT_TRACE_GROUP_POWER | 0x32) +#define PERFINFO_LOG_TYPE_PPM_PERF_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x33) +#define PERFINFO_LOG_TYPE_PPM_THROTTLE_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x34) +#define PERFINFO_LOG_TYPE_PPM_IDLE_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x35) +#define PERFINFO_LOG_TYPE_PPM_THERMAL_CONSTRAINT (EVENT_TRACE_GROUP_POWER | 0x36) +#define PERFINFO_LOG_TYPE_PO_SIGNAL_RESUME_UI (EVENT_TRACE_GROUP_POWER | 0x37) +#define PERFINFO_LOG_TYPE_PO_SIGNAL_VIDEO_ON (EVENT_TRACE_GROUP_POWER | 0x38) +#define PERFINFO_LOG_TYPE_PPM_IDLE_STATE_ENTER (EVENT_TRACE_GROUP_POWER | 0x39) +#define PERFINFO_LOG_TYPE_PPM_IDLE_STATE_EXIT (EVENT_TRACE_GROUP_POWER | 0x3a) +#define PERFINFO_LOG_TYPE_PPM_PLATFORM_IDLE_STATE_ENTER (EVENT_TRACE_GROUP_POWER | 0x3b) +#define PERFINFO_LOG_TYPE_PPM_IDLE_EXIT_LATENCY (EVENT_TRACE_GROUP_POWER | 0x3c) +#define PERFINFO_LOG_TYPE_PPM_IDLE_PROCESSOR_SELECTION (EVENT_TRACE_GROUP_POWER | 0x3d) +#define PERFINFO_LOG_TYPE_PPM_IDLE_PLATFORM_SELECTION (EVENT_TRACE_GROUP_POWER | 0x3e) +#define PERFINFO_LOG_TYPE_PPM_COORDINATED_IDLE_ENTER (EVENT_TRACE_GROUP_POWER | 0x3f) +#define PERFINFO_LOG_TYPE_PPM_COORDINATED_IDLE_EXIT (EVENT_TRACE_GROUP_POWER | 0x40) + +// +// Event types for MODBound subsystem +// +#define PERFINFO_LOG_TYPE_COWHEADER (EVENT_TRACE_GROUP_MODBOUND | 0x18) +#define PERFINFO_LOG_TYPE_COWBLOB (EVENT_TRACE_GROUP_MODBOUND | 0x19) +#define PERFINFO_LOG_TYPE_COWBLOB_CLOSED (EVENT_TRACE_GROUP_MODBOUND | 0x1a) +#define PERFINFO_LOG_TYPE_MODULEBOUND_ENT (EVENT_TRACE_GROUP_MODBOUND | 0x20) +#define PERFINFO_LOG_TYPE_MODULEBOUND_JUMP (EVENT_TRACE_GROUP_MODBOUND | 0x21) +#define PERFINFO_LOG_TYPE_MODULEBOUND_RET (EVENT_TRACE_GROUP_MODBOUND | 0x22) +#define PERFINFO_LOG_TYPE_MODULEBOUND_CALL (EVENT_TRACE_GROUP_MODBOUND | 0x23) +#define PERFINFO_LOG_TYPE_MODULEBOUND_CALLRET (EVENT_TRACE_GROUP_MODBOUND | 0x24) +#define PERFINFO_LOG_TYPE_MODULEBOUND_INT2E (EVENT_TRACE_GROUP_MODBOUND | 0x25) +#define PERFINFO_LOG_TYPE_MODULEBOUND_INT2B (EVENT_TRACE_GROUP_MODBOUND | 0x26) +#define PERFINFO_LOG_TYPE_MODULEBOUND_FULLTRACE (EVENT_TRACE_GROUP_MODBOUND | 0x27) + +// +// Event types for the thread class scheduler +// +// TODO: Because MMCSS is a DLL it doesn't need to use UMGL. +// +#define PERFINFO_LOG_TYPE_MMCSS_START (0x20) +#define PERFINFO_LOG_TYPE_MMCSS_STOP (0x21) +#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_EVENT (0x22) +#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_WAKEUP (0x23) +#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_SLEEP (0x24) +#define PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_SLEEP_RESP (0x25) + +// +// Event types To be Decided if they are still needed? +// + +#define PERFINFO_LOG_TYPE_DISPATCHMSG (EVENT_TRACE_GROUP_TBD | 0x00) +#define PERFINFO_LOG_TYPE_GLYPHCACHE (EVENT_TRACE_GROUP_TBD | 0x01) +#define PERFINFO_LOG_TYPE_GLYPHS (EVENT_TRACE_GROUP_TBD | 0x02) +#define PERFINFO_LOG_TYPE_READWRITE (EVENT_TRACE_GROUP_TBD | 0x03) +#define PERFINFO_LOG_TYPE_EXPLICIT_LOAD (EVENT_TRACE_GROUP_TBD | 0x04) +#define PERFINFO_LOG_TYPE_IMPLICIT_LOAD (EVENT_TRACE_GROUP_TBD | 0x05) +#define PERFINFO_LOG_TYPE_CHECKSUM (EVENT_TRACE_GROUP_TBD | 0x06) +#define PERFINFO_LOG_TYPE_DLL_INIT (EVENT_TRACE_GROUP_TBD | 0x07) +#define PERFINFO_LOG_TYPE_SERVICE_DD_START_INIT (EVENT_TRACE_GROUP_TBD | 0x08) +#define PERFINFO_LOG_TYPE_SERVICE_DD_DONE_INIT (EVENT_TRACE_GROUP_TBD | 0x09) +#define PERFINFO_LOG_TYPE_SERVICE_START_INIT (EVENT_TRACE_GROUP_TBD | 0x0a) +#define PERFINFO_LOG_TYPE_SERVICE_DONE_INIT (EVENT_TRACE_GROUP_TBD | 0x0b) +#define PERFINFO_LOG_TYPE_SERVICE_NAME (EVENT_TRACE_GROUP_TBD | 0x0c) +// Reserved (EVENT_TRACE_GROUP_TBD | 0x0d) +#define PERFINFO_LOG_TIMED_ENTER_ROUTINE (EVENT_TRACE_GROUP_TBD | 0x0e) +#define PERFINFO_LOG_TIMED_EXIT_ROUTINE (EVENT_TRACE_GROUP_TBD | 0x0f) +#define PERFINFO_LOG_TYPE_CTIME_STATS (EVENT_TRACE_GROUP_TBD | 0x10) +#define PERFINFO_LOG_TYPE_MARKED_DIRTY (EVENT_TRACE_GROUP_TBD | 0x11) +#define PERFINFO_LOG_TYPE_MARKED_CELL_DIRTY (EVENT_TRACE_GROUP_TBD | 0x12) +#define PERFINFO_LOG_TYPE_HIVE_WRITE_DIRTY (EVENT_TRACE_GROUP_TBD | 0x13) +#define PERFINFO_LOG_TYPE_DUMP_HIVECELL (EVENT_TRACE_GROUP_TBD | 0x14) +#define PERFINFO_LOG_TYPE_HIVE_STAT (EVENT_TRACE_GROUP_TBD | 0x16) +#define PERFINFO_LOG_TYPE_CLOCKREF (EVENT_TRACE_GROUP_TBD | 0x17) +// Reserved (EVENT_TRACE_GROUP_TBD | 0x18) +// Reserved (EVENT_TRACE_GROUP_TBD | 0x19) +// Reserved (EVENT_TRACE_GROUP_TBD | 0x1a) +#define PERFINFO_LOG_TYPE_WMIPERFFREQUENCY (EVENT_TRACE_GROUP_TBD | 0x1d) +#define PERFINFO_LOG_TYPE_CDROM_READ (EVENT_TRACE_GROUP_TBD | 0x1e) +#define PERFINFO_LOG_TYPE_CDROM_READ_COMPLETE (EVENT_TRACE_GROUP_TBD | 0x1f) +#define PERFINFO_LOG_TYPE_KE_SET_EVENT (EVENT_TRACE_GROUP_TBD | 0x20) +#define PERFINFO_LOG_TYPE_REG_PARSEKEY (EVENT_TRACE_GROUP_TBD | 0x21) +#define PERFINFO_LOG_TYPE_REG_PARSEKEYEND (EVENT_TRACE_GROUP_TBD | 0x22) +#define PERFINFO_LOG_TYPE_ATTACH_PROCESS (EVENT_TRACE_GROUP_TBD | 0x24) +#define PERFINFO_LOG_TYPE_DETACH_PROCESS (EVENT_TRACE_GROUP_TBD | 0x25) +// Reserved (EVENT_TRACE_GROUP_TBD | 0x26) +#define PERFINFO_LOG_TYPE_KDHELP (EVENT_TRACE_GROUP_TBD | 0x27) +// Reserved (EVENT_TRACE_GROUP_TBD | 0x28) +// Reserved (EVENT_TRACE_GROUP_TBD | 0x29) +// Reserved (EVENT_TRACE_GROUP_TBD | 0x2a) +// Reserved (EVENT_TRACE_GROUP_TBD | 0x2b) +#define PERFINFO_LOG_TYPE_FAILED_STKDUMP (EVENT_TRACE_GROUP_TBD | 0x2c) +// Reserved (EVENT_TRACE_GROUP_TBD | 0x2d) +// Reserved (EVENT_TRACE_GROUP_TBD | 0x2e) +#define PERFINFO_LOG_TYPE_SYSTEM_TIME (EVENT_TRACE_GROUP_TBD | 0x2f) +#define PERFINFO_LOG_TYPE_READYQUEUE (EVENT_TRACE_GROUP_TBD | 0x30) + +// +// Event types for SplitIo +// + +#define PERFINFO_LOG_TYPE_SPLITIO_VOLMGR (EVENT_TRACE_GROUP_SPLITIO | 0x20) + +// +// Event types for ThreadPool +// +#define PERFINFO_LOG_TYPE_TP_CALLBACK_ENQUEUE (EVENT_TRACE_GROUP_THREAD_POOL | 0x20) +#define PERFINFO_LOG_TYPE_TP_CALLBACK_DEQUEUE (EVENT_TRACE_GROUP_THREAD_POOL | 0x21) +#define PERFINFO_LOG_TYPE_TP_CALLBACK_START (EVENT_TRACE_GROUP_THREAD_POOL | 0x22) +#define PERFINFO_LOG_TYPE_TP_CALLBACK_STOP (EVENT_TRACE_GROUP_THREAD_POOL | 0x23) +#define PERFINFO_LOG_TYPE_TP_CALLBACK_CANCEL (EVENT_TRACE_GROUP_THREAD_POOL | 0x24) +#define PERFINFO_LOG_TYPE_TP_POOL_CREATE (EVENT_TRACE_GROUP_THREAD_POOL | 0x25) +#define PERFINFO_LOG_TYPE_TP_POOL_CLOSE (EVENT_TRACE_GROUP_THREAD_POOL | 0x26) +#define PERFINFO_LOG_TYPE_TP_POOL_TH_MIN_SET (EVENT_TRACE_GROUP_THREAD_POOL | 0x27) +#define PERFINFO_LOG_TYPE_TP_POOL_TH_MAX_SET (EVENT_TRACE_GROUP_THREAD_POOL | 0x28) +#define PERFINFO_LOG_TYPE_TP_WORKER_NUMANODE_SWITCH (EVENT_TRACE_GROUP_THREAD_POOL | 0x29) +#define PERFINFO_LOG_TYPE_TP_TIMER_SET (EVENT_TRACE_GROUP_THREAD_POOL | 0x2a) +#define PERFINFO_LOG_TYPE_TP_TIMER_CANCELLED (EVENT_TRACE_GROUP_THREAD_POOL | 0x2b) +#define PERFINFO_LOG_TYPE_TP_TIMER_SET_NTTIMER (EVENT_TRACE_GROUP_THREAD_POOL | 0x2c) +#define PERFINFO_LOG_TYPE_TP_TIMER_CANCEL_NTTIMER (EVENT_TRACE_GROUP_THREAD_POOL | 0x2d) +#define PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION_BEGIN (EVENT_TRACE_GROUP_THREAD_POOL | 0x2e) +#define PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION_END (EVENT_TRACE_GROUP_THREAD_POOL | 0x2f) +#define PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION (EVENT_TRACE_GROUP_THREAD_POOL | 0x30) + +// +// Event types for UMS +// + +#define PERFINFO_LOG_TYPE_UMS_DIRECTED_SWITCH_START (EVENT_TRACE_GROUP_UMS | 0x20) +#define PERFINFO_LOG_TYPE_UMS_DIRECTED_SWITCH_END (EVENT_TRACE_GROUP_UMS | 0x21) +#define PERFINFO_LOG_TYPE_UMS_PARK (EVENT_TRACE_GROUP_UMS | 0x22) +#define PERFINFO_LOG_TYPE_UMS_DISASSOCIATE (EVENT_TRACE_GROUP_UMS | 0x23) +#define PERFINFO_LOG_TYPE_UMS_CONTEXT_SWITCH (EVENT_TRACE_GROUP_UMS | 0x24) + +// +// Event types for Cache manager +// + +#define PERFINFO_LOG_TYPE_CC_WORKITEM_ENQUEUE (EVENT_TRACE_GROUP_CC | 0x00) +#define PERFINFO_LOG_TYPE_CC_WORKITEM_DEQUEUE (EVENT_TRACE_GROUP_CC | 0x01) +#define PERFINFO_LOG_TYPE_CC_WORKITEM_COMPLETE (EVENT_TRACE_GROUP_CC | 0x02) +#define PERFINFO_LOG_TYPE_CC_READ_AHEAD (EVENT_TRACE_GROUP_CC | 0x03) +#define PERFINFO_LOG_TYPE_CC_WRITE_BEHIND (EVENT_TRACE_GROUP_CC | 0x04) +#define PERFINFO_LOG_TYPE_CC_LAZY_WRITE_SCAN (EVENT_TRACE_GROUP_CC | 0x05) +#define PERFINFO_LOG_TYPE_CC_CAN_I_WRITE_FAIL (EVENT_TRACE_GROUP_CC | 0x06) +//#define PERFINFO_LOG_TYPE_CC_MAP_VIEW (EVENT_TRACE_GROUP_CC | 0x07) +//#define PERFINFO_LOG_TYPE_CC_UNMAP_VIEW (EVENT_TRACE_GROUP_CC | 0x08) +#define PERFINFO_LOG_TYPE_CC_FLUSH_CACHE (EVENT_TRACE_GROUP_CC | 0x09) +#define PERFINFO_LOG_TYPE_CC_FLUSH_SECTION (EVENT_TRACE_GROUP_CC | 0x0a) +#define PERFINFO_LOG_TYPE_CC_READ_AHEAD_PREFETCH (EVENT_TRACE_GROUP_CC | 0x0b) +#define PERFINFO_LOG_TYPE_CC_SCHEDULE_READ_AHEAD (EVENT_TRACE_GROUP_CC | 0x0c) +#define PERFINFO_LOG_TYPE_CC_LOGGED_STREAM_INFO (EVENT_TRACE_GROUP_CC | 0x0d) +#define PERFINFO_LOG_TYPE_CC_EXTRA_WRITEBEHIND_THREAD (EVENT_TRACE_GROUP_CC | 0x0e) + +// +// Data structure used for WMI Kernel Events +// +// **NB** the hardware events are described in software traceing, if they +// change in layout please update sdktools\trace\tracefmt\default.tmf + + +#define MAX_DEVICE_ID_LENGTH 256 +#define CONFIG_MAX_DOMAIN_NAME_LEN 134 + +typedef struct _CPU_CONFIG_RECORD +{ + ULONG ProcessorSpeed; + ULONG NumberOfProcessors; + ULONG MemorySize; // in MBytes + ULONG PageSize; // in Bytes + ULONG AllocationGranularity; // in Bytes + WCHAR ComputerName[MAX_DEVICE_ID_LENGTH]; + WCHAR DomainName[CONFIG_MAX_DOMAIN_NAME_LEN]; + ULONG_PTR HyperThreadingFlag; + ULONG_PTR HighestUserAddress; + USHORT ProcessorArchitecture; + USHORT ProcessorLevel; + USHORT ProcessorRevision; + BOOLEAN NxEnabled; + BOOLEAN PaeEnabled; + ULONG MemorySpeed; +} CPU_CONFIG_RECORD, *PCPU_CONFIG_RECORD; + +#define CONFIG_WRITE_CACHE_ENABLED 0x00000001 +#define CONFIG_FS_NAME_LEN 16 +#define CONFIG_BOOT_DRIVE_LEN 3 + +typedef struct _PHYSICAL_DISK_RECORD +{ + ULONG DiskNumber; + ULONG BytesPerSector; + ULONG SectorsPerTrack; + ULONG TracksPerCylinder; + ULONGLONG Cylinders; + ULONG SCSIPortNumber; + ULONG SCSIPathId; + ULONG SCSITargetId; + ULONG SCSILun; + WCHAR Manufacturer[MAX_DEVICE_ID_LENGTH]; + + ULONG PartitionCount; + BOOLEAN WriteCacheEnabled; + WCHAR BootDriveLetter[CONFIG_BOOT_DRIVE_LEN]; +} PHYSICAL_DISK_RECORD, *PPHYSICAL_DISK_RECORD; + +// +// Types of logical drive +// +#define CONFIG_DRIVE_PARTITION 0x00000001 +#define CONFIG_DRIVE_VOLUME 0x00000002 +#define CONFIG_DRIVE_EXTENT 0x00000004 +#define CONFIG_DRIVE_LETTER_LEN 4 + +typedef struct _LOGICAL_DISK_EXTENTS +{ + ULONGLONG StartingOffset; + ULONGLONG PartitionSize; + ULONG DiskNumber; // The physical disk number where the logical drive resides + ULONG Size; // The size in bytes of the structure. + ULONG DriveType; // Logical drive type partition/volume/extend-partition + WCHAR DriveLetterString[CONFIG_DRIVE_LETTER_LEN]; + ULONG Pad; + ULONG PartitionNumber; // The partition number where the logical drive resides + ULONG SectorsPerCluster; + ULONG BytesPerSector; + LONGLONG NumberOfFreeClusters; + LONGLONG TotalNumberOfClusters; + WCHAR FileSystemType[CONFIG_FS_NAME_LEN]; + ULONG VolumeExt; // Offset to VOLUME_DISK_EXTENTS structure +} LOGICAL_DISK_EXTENTS, *PLOGICAL_DISK_EXTENTS; + +typedef struct _OPTICAL_MEDIA_RECORD +{ + USHORT DiskNumber; + USHORT BusType; + USHORT DeviceType; + USHORT MediaType; + ULONGLONG StartingOffset; + ULONGLONG Size; + ULONGLONG NumberOfFreeBlocks; + ULONGLONG TotalNumberOfBlocks; + ULONGLONG NextWritableAddress; + ULONG NumberOfSessions; + ULONG NumberOfTracks; + ULONG BytesPerSector; + USHORT DiscStatus; + USHORT LastSessionStatus; + WCHAR Data[1]; +} OPTICAL_MEDIA_RECORD, *POPTICAL_MEDIA_RECORD; + +#define CONFIG_MAX_DNS_SERVER 4 +#define CONFIG_MAX_ADAPTER_ADDRESS_LENGTH 8 + +// +// Note: Data is an array of structures of type IP_ADDRESS_STRING defined in iptypes.h +// +typedef struct _NIC_RECORD +{ + WCHAR NICName[MAX_DEVICE_ID_LENGTH]; + ULONG Index; + ULONG PhysicalAddrLen; + WCHAR PhysicalAddr[CONFIG_MAX_ADAPTER_ADDRESS_LENGTH]; + ULONG Size; // Size of the Data + LONG IpAddress; // IP Address offset. Copy bytes = sizeof(IP_ADDRESS_STRING) + LONG SubnetMask; // subnet mask offset. Copy bytes = sizeof(IP_ADDRESS_STRING) + LONG DhcpServer; // dhcp server offset. Copy bytes = sizeof(IP_ADDRESS_STRING) + LONG Gateway; // gateway offset. Copy bytes = sizeof(IP_ADDRESS_STRING) + LONG PrimaryWinsServer; // primary wins server offset. Copy bytes = sizeof(IP_ADDRESS_STRING) + LONG SecondaryWinsServer;// secondary wins server offset. Copy bytes = sizeof(IP_ADDRESS_STRING) + LONG DnsServer[CONFIG_MAX_DNS_SERVER]; // dns server offset. Copy bytes = sizeof(IP_ADDRESS_STRING) + ULONG Data; // Offset to an array of IP_ADDRESS_STRING +} NIC_RECORD, *PNIC_RECORD; + +typedef struct _VIDEO_RECORD +{ + ULONG MemorySize; + ULONG XResolution; + ULONG YResolution; + ULONG BitsPerPixel; + ULONG VRefresh; + WCHAR ChipType[MAX_DEVICE_ID_LENGTH]; + WCHAR DACType[MAX_DEVICE_ID_LENGTH]; + WCHAR AdapterString[MAX_DEVICE_ID_LENGTH]; + WCHAR BiosString[MAX_DEVICE_ID_LENGTH]; + WCHAR DeviceId[MAX_DEVICE_ID_LENGTH]; + ULONG StateFlags; +} VIDEO_RECORD, *PVIDEO_RECORD; + +typedef struct _WMI_DPI_RECORD +{ + ULONG MachineDPI; + ULONG UserDPI; +} WMI_DPI_RECORD, *PWMI_DPI_RECORD; + +// +// Stores the ACPI Power Information +// +typedef struct _WMI_POWER_RECORD +{ + BOOLEAN SystemS1; + BOOLEAN SystemS2; + BOOLEAN SystemS3; + BOOLEAN SystemS4; // hibernate + BOOLEAN SystemS5; // off + BOOLEAN AoAc; + CHAR Pad2; + CHAR Pad3; +} WMI_POWER_RECORD, *PWMI_POWER_RECORD; + +// +// Store the IRQ assigned to devices +// +typedef struct _WMI_IRQ_RECORD +{ + // Bit 0 indicates CPU0, Bit 1 indicates CPU1, and so on + ULONG64 IRQAffinity; + USHORT IRQGroup; + USHORT Reserved; + ULONG IRQNum; + ULONG DeviceDescriptionLen; + WCHAR DeviceDescription[1]; +} WMI_IRQ_RECORD, *PWMI_IRQ_RECORD; + +typedef struct _WMI_PNP_RECORD_V3 +{ + ULONG IDLength; + ULONG DescriptionLength; + ULONG FriendlyNameLength; + WCHAR Strings[1]; // DeviceID, Description, Friendly, each NULL-terminated +} WMI_PNP_RECORD_V3, *PWMI_PNP_RECORD_V3; + +typedef struct _WMI_PNP_RECORD_V4 +{ + GUID ClassGuid; + ULONG UpperFilterCount; + ULONG LowerFilterCount; + WCHAR Strings[ANYSIZE_ARRAY]; + // DeviceID (unicode string) + // Description (unicode string) + // FriendlyName (unicode string) + // PdoName (unicode string) + // ServiceName (unicode string) + // UpperFilters (unicode string) + // LowerFilters (unicode string) +} WMI_PNP_RECORD_V4, *PWMI_PNP_RECORD_V4; + +typedef struct _WMI_PNP_RECORD_V5 +{ + GUID ClassGuid; + ULONG UpperFilterCount; + ULONG LowerFilterCount; + ULONG DevStatus; + ULONG DevProblem; + WCHAR Strings[ANYSIZE_ARRAY]; + // DeviceID (unicode string) + // Description (unicode string) + // FriendlyName (unicode string) + // PdoName (unicode string) + // ServiceName (unicode string) + // UpperFilters (unicode string) + // LowerFilters (unicode string) +} WMI_PNP_RECORD_V5, *PWMI_PNP_RECORD_V5; + +typedef WMI_PNP_RECORD_V5 WMI_PNP_RECORD, *PWMI_PNP_RECORD; + +// +// Store the IDE Channel (Primary/Secondary) info +// +typedef struct _WMI_IDE_CHANNEL_RECORD +{ + ULONG TargetId; + ULONG DeviceType; + ULONG DeviceTimingMode; + ULONG LocationInformationLen; + WCHAR LocationInformation[1]; +} WMI_IDE_CHANNEL_RECORD, *PWMI_IDE_CHANNEL_RECORD; + +typedef struct _WMI_JOB_INFORMATION +{ + GUID JobId; + ULONG JobHandle; + ULONG Flags; + NTSTATUS Status; +} WMI_JOB_INFORMATION, *PWMI_JOB_INFORMATION; + +typedef struct _WMI_JOB_ASSIGN_PROCESS +{ + GUID JobId; + ULONG JobHandle; + ULONG UniqueProcessId; + NTSTATUS Status; +} WMI_JOB_ASSIGN_PROCESS, *PWMI_JOB_ASSIGN_PROCESS; + +typedef struct _WMI_JOB_REMOVE_PROCESS +{ + GUID JobId; + ULONG UniqueProcessId; + ULONG RemovalFlags; + NTSTATUS ExitStatus; +} WMI_JOB_REMOVE_PROCESS, *PWMI_JOB_REMOVE_PROCESS; + +typedef struct _WMI_JOB_SET_QUERY_CPU_RATE +{ + ULONG AllFlags; + ULONG Value; +} WMI_JOB_SET_QUERY_CPU_RATE, *PWMI_JOB_SET_QUERY_CPU_RATE; + +typedef struct _WMI_JOB_SET_QUERY_NET_RATE +{ + ULONG Flags; + ULONG64 MaxBandwidth; + UCHAR DscpTag; +} WMI_JOB_SET_QUERY_NET_RATE, *PWMI_JOB_SET_QUERY_NET_RATE; + +typedef struct _WMI_JOB_SET_QUERY_INFORMATION +{ + GUID JobId; + ULONG JobHandle; + ULONG JobObjectInformationClass; +} WMI_JOB_SET_QUERY_INFORMATION, *PWMI_JOB_SET_QUERY_INFORMATION; + +typedef struct _WMI_JOB_SEND_NOTIFICATION_INFORMATION +{ + GUID JobId; + ULONG NotificationId; +} WMI_JOB_SEND_NOTIFICATION_INFORMATION, *PWMI_JOB_SEND_NOTIFICATION_INFORMATION; + +#define ETW_PROCESS_EVENT_FLAG_APPLICATION_ID 0x00000001 +#define ETW_PROCESS_EVENT_FLAG_WOW64 0x00000002 +#define ETW_PROCESS_EVENT_FLAG_PROTECTED 0x00000004 +#define ETW_PROCESS_EVENT_FLAG_PACKAGED 0x00000008 + +typedef struct _WMI_PROCESS_INFORMATION +{ + ULONG_PTR UniqueProcessKey; + ULONG ProcessId; + ULONG ParentId; + ULONG SessionId; + NTSTATUS ExitStatus; + ULONG_PTR DirectoryTableBase; + ULONG Flags; + ULONG Sid; + // Variable length sid + // FileName (ansi string) + // CommandLine (unicode string) + // PackageFullName (unicode string) + // PRAID (unicode string) +} WMI_PROCESS_INFORMATION, *PWMI_PROCESS_INFORMATION; + +typedef struct _WMI_PROCESS_INFORMATION64 +{ + ULONG64 UniqueProcessKey64; + ULONG ProcessId; + ULONG ParentId; + ULONG SessionId; + NTSTATUS ExitStatus; + ULONG64 DirectoryTableBase; + ULONG Flags; + ULONG Sid; + // Variable length data +} WMI_PROCESS_INFORMATION64, *PWMI_PROCESS_INFORMATION64; + +typedef struct _WMI_THREAD_INFORMATION +{ + ULONG ProcessId; + ULONG ThreadId; +} WMI_THREAD_INFORMATION, *PWMI_THREAD_INFORMATION; + +typedef signed char SCHAR; + +#define ETW_THREAD_FLAG_REGISTRY_NOTIFICATION 0x00000001 + +typedef struct _WMI_EXTENDED_THREAD_INFORMATION +{ + ULONG ProcessId; + ULONG ThreadId; + PVOID StackBase; + PVOID StackLimit; + PVOID UserStackBase; + PVOID UserStackLimit; + union + { + PVOID StartAddress; + KAFFINITY Affinity; + } DUMMYUNIONNAME; + PVOID Win32StartAddress; + PVOID TebBase; + ULONG SubProcessTag; + SCHAR BasePriority; + UCHAR PagePriority; + UCHAR IoPriority; + UCHAR Flags; +} WMI_EXTENDED_THREAD_INFORMATION, *PWMI_EXTENDED_THREAD_INFORMATION; + +typedef struct _WMI_EXTENDED_THREAD_INFORMATION64 +{ + ULONG ProcessId; + ULONG ThreadId; + ULONG64 StackBase64; + ULONG64 StackLimit64; + ULONG64 UserStackBase64; + ULONG64 UserStackLimit64; + union + { + ULONG64 StartAddress64; + ULONG64 Affinity; + } DUMMYUNIONNAME; + ULONG64 Win32StartAddress64; + ULONG64 TebBase64; + ULONG SubProcessTag; + SCHAR BasePriority; + UCHAR PagePriority; + UCHAR IoPriority; + UCHAR Flags; +} WMI_EXTENDED_THREAD_INFORMATION64, *PWMI_EXTENDED_THREAD_INFORMATION64; + +// +// SignatureLevel flags indicating if the image is embedded or catalog signed. +// + +#define ETW_IMAGE_CATALOG_SIGNED 0x10 +#define ETW_IMAGE_EMBEDDED_SIGNED 0x20 + +typedef struct _WMI_IMAGELOAD_INFORMATION +{ + PVOID ImageBase; + SIZE_T ImageSize; + ULONG ProcessId; + ULONG ImageChecksum; + ULONG TimeDateStamp; + UCHAR SignatureLevel; + UCHAR SignatureType; + USHORT Reserved0; + PVOID DefaultBase; + ULONG Reserved1; + ULONG Reserved2; + ULONG Reserved3; + ULONG Reserved4; + WCHAR FileName[1]; +} WMI_IMAGELOAD_INFORMATION, *PWMI_IMAGELOAD_INFORMATION; + +typedef struct _WMI_IMAGELOAD_INFORMATION32 +{ + ULONG32 ImageBase32; + ULONG32 ImageSize32; + ULONG ProcessId; + ULONG ImageChecksum; + ULONG TimeDateStamp; + UCHAR SignatureLevel; + UCHAR SignatureType; + USHORT Reserved0; + ULONG32 DefaultBase32; + ULONG Reserved1; + ULONG Reserved2; + ULONG Reserved3; + ULONG Reserved4; + WCHAR FileName[1]; +} WMI_IMAGELOAD_INFORMATION32, *PWMI_IMAGELOAD_INFORMATION32; + +typedef struct _WMI_IMAGELOAD_INFORMATION64 +{ + ULONG64 ImageBase64; + ULONG64 ImageSize64; + ULONG ProcessId; + ULONG ImageChecksum; + ULONG TimeDateStamp; + UCHAR SignatureLevel; + UCHAR SignatureType; + USHORT Reserved0; + ULONG64 DefaultBase64; + ULONG Reserved1; + ULONG Reserved2; + ULONG Reserved3; + ULONG Reserved4; + WCHAR FileName[1]; +} WMI_IMAGELOAD_INFORMATION64, *PWMI_IMAGELOAD_INFORMATION64; + +#include +typedef struct _WMI_IMAGEID_INFORMATION +{ + PVOID ImageBase; + SIZE_T ImageSize; + ULONG ProcessId; + ULONG TimeDateStamp; + WCHAR OriginalFileName[1]; +} WMI_IMAGEID_INFORMATION, *PWMI_IMAGEID_INFORMATION; + +typedef struct _WMI_IMAGEID_INFORMATION32 +{ + ULONG32 ImageBase32; + ULONG32 ImageSize32; + ULONG ProcessId; + ULONG TimeDateStamp; + WCHAR OriginalFileName[1]; +} WMI_IMAGEID_INFORMATION32, *PWMI_IMAGEID_INFORMATION32; + +typedef struct _WMI_IMAGEID_INFORMATION64 +{ + ULONG64 ImageBase64; + ULONG64 ImageSize64; + ULONG ProcessId; + ULONG TimeDateStamp; + WCHAR OriginalFileName[1]; +} WMI_IMAGEID_INFORMATION64, *PWMI_IMAGEID_INFORMATION64; +#include + +#define ETW_IO_FLAG_BACKUP 0x00000001 +#define ETW_IO_FLAG_PREFETCH 0x00000002 +#define ETW_IO_FLAG_WRITE_AGGREGATION 0x00000004 + +typedef struct _ETW_DISKIO_READWRITE_V2 +{ + ULONG DiskNumber; + ULONG IrpFlags; + ULONG Size; + ULONG Reserved; + ULONGLONG ByteOffset; + PVOID FileObject; + PVOID IrpAddress; + ULONGLONG HighResResponseTime; +} ETW_DISKIO_READWRITE_V2, *PETW_DISKIO_READWRITE_V2; + +typedef struct _ETW_DISKIO_READWRITE_V3 +{ + ULONG DiskNumber; + ULONG IrpFlags; + ULONG Size; + ULONG Reserved; + ULONGLONG ByteOffset; + PVOID FileObject; + PVOID IrpAddress; + ULONGLONG HighResResponseTime; + ULONG IssuingThreadId; +} ETW_DISKIO_READWRITE_V3, PETW_DISKIO_READWRITE_V3; + +typedef struct _ETW_DISKIO_FLUSH_BUFFERS_V2 +{ + ULONG DiskNumber; + ULONG IrpFlags; + ULONGLONG HighResResponseTime; + PVOID IrpAddress; +} ETW_DISKIO_FLUSH_BUFFERS_V2, *PETW_DISKIO_FLUSH_BUFFERS_V2; + +typedef struct _ETW_DISKIO_FLUSH_BUFFERS_V3 +{ + ULONG DiskNumber; + ULONG IrpFlags; + ULONGLONG HighResResponseTime; + PVOID IrpAddress; + ULONG IssuingThreadId; +} ETW_DISKIO_FLUSH_BUFFERS_V3, *PETW_DISKIO_FLUSH_BUFFERS_V3; + +typedef struct _ETW_DISKIO_READWRITE_V3 WMI_DISKIO_READWRITE, *PWMI_DISKIO_READWRITE; +typedef struct _ETW_DISKIO_FLUSH_BUFFERS_V3 WMI_DISKIO_FLUSH_BUFFERS, *PWMI_DISKIO_FLUSH_BUFFERS; + +typedef struct _WMI_DISKIO_READWRITE_INIT +{ + PVOID Irp; + ULONG IssuingThreadId; +} WMI_DISKIO_READWRITE_INIT, *PWMI_DISKIO_READWRITE_INIT; + +typedef struct _WMI_DISKIO_IO_REDIRECTED_INIT +{ + PVOID Irp; + PVOID FileKey; +} WMI_DISKIO_IO_REDIRECTED_INIT, *PWMI_DISKIO_IO_REDIRECTED_INIT; + +typedef struct _ETW_OPTICALIO_READWRITE +{ + ULONG DiskNumber; + ULONG IrpFlags; + ULONG Size; + ULONG Reserved; + ULONGLONG ByteOffset; + PVOID FileObject; + PVOID IrpAddress; + ULONGLONG HighResResponseTime; + ULONG IssuingThreadId; +} ETW_OPTICALIO_READWRITE, *PETW_OPTICALIO_READWRITE; + +typedef struct _ETW_OPTICALIO_FLUSH_BUFFERS +{ + ULONG DiskNumber; + ULONG IrpFlags; + ULONGLONG HighResResponseTime; + PVOID IrpAddress; + ULONG IssuingThreadId; +} ETW_OPTICALIO_FLUSH_BUFFERS, *PETW_OPTICALIO_FLUSH_BUFFERS; + +typedef struct _ETW_OPTICALIO_INIT +{ + PVOID Irp; + ULONG IssuingThreadId; +} ETW_OPTICALIO_INIT, *PETW_OPTICALIO_INIT; + +typedef struct _WMI_REGISTRY +{ + LONGLONG InitialTime; + ULONG Status; + union + { + ULONG Index; + ULONG InfoClass; + } DUMMYUNIONNAME; + PVOID Kcb; + WCHAR Name[1]; +} WMI_REGISTRY, *PWMI_REGISTRY; + +typedef struct _WMI_TXR +{ + LONGLONG InitialTime; + GUID TxRGUID; + ULONG Status; + ULONG UowCount; + WCHAR Hive[1]; +} WMI_TXR, *PWMI_TXR; + +typedef struct _ETW_REGNOTIF_REGISTER +{ + PVOID Notification; + PVOID Kcb; + UCHAR Type; + BOOLEAN WatchTree; + BOOLEAN Primary; +} ETW_REGNOTIF_REGISTER, *PETW_REGNOTIF_REGISTER; + +typedef struct _WMI_FILE_IO +{ + PVOID FileObject; + WCHAR FileName[1]; +} WMI_FILE_IO, *PWMI_FILE_IO; + +typedef struct _WMI_TCPIP_V4 +{ + ULONG ProcessId; + ULONG TransferSize; + UCHAR DestinationAddress[4]; + UCHAR SourceAddress[4]; + USHORT DestinationPort; + USHORT SourcePort; +} WMI_TCPIP_V4, *PWMI_TCPIP_V4; + +typedef struct _WMI_TCPIP_V6 +{ + ULONG ProcessId; + ULONG TransferSize; + UCHAR DestinationAddress[16]; + UCHAR SourceAddress[16]; + USHORT DestinationPort; + USHORT SourcePort; +} WMI_TCPIP_V6, *PWMI_TCPIP_V6; + +typedef struct _WMI_UDP_V4 +{ + ULONG ProcessId; + USHORT TransferSize; + UCHAR DestinationAddress[4]; + UCHAR SourceAddress[4]; + USHORT DestinationPort; + USHORT SourcePort; +} WMI_UDP_V4, *PWMI_UDP_V4; + +typedef struct _WMI_UDP_V6 +{ + ULONG ProcessId; + USHORT TransferSize; + UCHAR DestinationAddress[16]; + UCHAR SourceAddress[16]; + USHORT DestinationPort; + USHORT SourcePort; +} WMI_UDP_V6, *PWMI_UDP_V6; + +typedef struct _WMI_PAGE_FAULT +{ + PVOID VirtualAddress; + PVOID ProgramCounter; +} WMI_PAGE_FAULT, *PWMI_PAGE_FAULT; + +typedef struct _WMI_CONTEXTSWAP +{ + ULONG NewThreadId; + ULONG OldThreadId; + + CHAR NewThreadPriority; + CHAR OldThreadPriority; + union + { + UCHAR PreviousCState; + UCHAR OldThreadRank; + } DUMMYUNIONNAME; + union + { + CHAR NewThreadPriorityDecrement; + CHAR SpareByte; + } DUMMYUNIONNAME2; + UCHAR OldThreadWaitReason; + CHAR OldThreadWaitMode; + UCHAR OldThreadState; + UCHAR OldThreadIdealProcessor; + + ULONG NewThreadWaitTime; + LONG OldThreadRemainingQuantum; +} WMI_CONTEXTSWAP, *PWMI_CONTEXTSWAP; + +#define WMI_SPINLOCK_EVENT_EXECUTE_DPC_BIT 6 +#define WMI_SPINLOCK_EVENT_EXECUTE_ISR_BIT 7 +#define WMI_SPINLOCK_ACQUIRE_MODE_MASK 0x3F + +#include +typedef struct _WMI_SPINLOCK +{ + PVOID SpinLockAddress; + PVOID CallerAddress; + ULONG64 AcquireTime; + ULONG64 ReleaseTime; + ULONG WaitTimeInCycles; + ULONG SpinCount; + ULONG ThreadId; + ULONG InterruptCount; + UCHAR Irql; + UCHAR AcquireDepth; + + union + { + struct + { + UCHAR AcquireMode : 6; + UCHAR ExecuteDpc : 1; + UCHAR ExecuteIsr : 1; + }; + + UCHAR Flags; + }; + + UCHAR Reserved[5]; +} WMI_SPINLOCK, *PWMI_SPINLOCK; +#include + +// +// Logging every action on every instance of ERESOURCE is almost impossible. +// Especially for highly contented or highly frequently used instances. +// +// Thus logging an event is done on complete release operations +// or on excessive waits with filtering as follows: +// +// 1) For contention cases where the releasing thread either: +// 1.a) Has a wait time, e.g. it was blocked before the acquire. +// 1.b) Caused one or more other acquire attempts to be blocked. +// In such a case every N-th sample is logged. + +// 2) For a complete release (with or without contention). +// In this case every N-th sample is logged. +// +// 3) Excessive waits. +// +// Exact mapping and publishing WMI_RESOURCE_ACTIONs as values used +// internally in ..\minkernel\ntos\inc\etw.h. +// + +#define WMI_RESOURCE_ACTION_COMPLETE_RELEASE_EXCLUSIVE 0x00010022 +#define WMI_RESOURCE_ACTION_COMPLETE_RELEASE_SHARED 0x00010042 +#define WMI_RESOURCE_ACTION_WAIT_EXCESSIVE_FOR_EXCLUSIVE 0x00010224 +#define WMI_RESOURCE_ACTION_WAIT_EXCESSIVE_FOR_SHARED 0x00010244 + +typedef struct _WMI_RESOURCE +{ + ULONG64 AcquireTime; + ULONG64 HoldTime; + ULONG64 WaitTime; + ULONG MaxRecursionDepth; + ULONG ThreadId; + PVOID Resource; + ULONG Action; + ULONG ContentionDelta; +} WMI_RESOURCE, *PWMI_RESOURCE; + +// +// Only log wait-events for KQUEUE and PUSHLOCK objects. Full tracing generates +// way too much data and also significantly affects performance. +// +// Also note that full tracing for PUSHLOCK objects is impossible as some routines +// are defined inline in ex.h and are already compiled into drivers. +// + +#define WMI_QUEUE_ACTION_WAIT_FOR_ITEM 1 + +typedef struct _WMI_QUEUE { + PVOID Queue; + ULONG ThreadId; + UCHAR Action; +} WMI_QUEUE, *PWMI_QUEUE; + +#define WMI_PUSHLOCK_ACTION_WAIT_FOR_EXCLUSIVE 1 +#define WMI_PUSHLOCK_ACTION_WAIT_FOR_SHARED 2 + +typedef struct _WMI_PUSHLOCK +{ + PVOID PushLock; + ULONG ThreadId; + UCHAR Action; +} WMI_PUSHLOCK, *PWMI_PUSHLOCK; + +typedef struct _WMI_WAIT_SINGLE +{ + ULONG ThreadId; + PVOID Object; + UCHAR ObjectType; +} WMI_WAIT_SINGLE, *PWMI_WAIT_SINGLE; + +typedef struct _WMI_WAIT_OBJECT_RECORD +{ + PVOID Object; + UCHAR ObjectType; +} WMI_WAIT_OBJECT_RECORD, *PWMI_WAIT_OBJECT_RECORD; + +#define WMI_WAIT_MULTIPLE_MAX_OBJECTS 64 + +#define WMI_WAIT_MULTIPLE_WAIT_ANY 1 +#define WMI_WAIT_MULTIPLE_WAIT_ALL 2 + +typedef struct _WMI_WAIT_MULTIPLE +{ + ULONG ThreadId; + UCHAR WaitType; + UCHAR ObjectCount; + WMI_WAIT_OBJECT_RECORD ObjectRecord[WMI_WAIT_MULTIPLE_MAX_OBJECTS]; +} WMI_WAIT_MULTIPLE, *PWMI_WAIT_MULTIPLE; + +#define WMI_WAIT_MULTIPLE_HEADER_SIZE (sizeof(PVOID) + sizeof(UCHAR)) + +typedef struct _WMI_DELAY_EXECUTION +{ + ULONG ThreadId; + ULONGLONG Delta; +} WMI_DELAY_EXECUTION, *PWMI_DELAY_EXECUTION; + +// +// Scheduler events. +// +typedef struct _ETW_READY_THREAD_EVENT +{ + ULONG ThreadId; + UCHAR AdjustReason; + SCHAR AdjustIncrement; + union + { + struct + { + UCHAR ExecutingDpc : 1; + UCHAR KernelStackNotResident : 1; + UCHAR ProcessOutOfMemory : 1; + UCHAR DirectSwitchAttempt : 1; + UCHAR Reserved : 4; + } DUMMYSTRUCTNAME; + UCHAR Flags; + } DUMMYUNIONNAME; + UCHAR SpareByte; +} ETW_READY_THREAD_EVENT, *PETW_READY_THREAD_EVENT; + +// +// Kernel Queue events. +// +typedef struct _ETW_KQUEUE_ENQUEUE_EVENT +{ + PVOID Entry; + ULONG ThreadId; +} ETW_KQUEUE_ENQUEUE_EVENT, *PETW_KQUEUE_ENQUEUE_EVENT; + +typedef struct _ETW_KQUEUE_DEQUEUE_EVENT +{ + ULONG ThreadId; + ULONG EntryCount; + PVOID Entries[ANYSIZE_ARRAY]; +} ETW_KQUEUE_DEQUEUE_EVENT, *PETW_KQUEUE_DEQUEUE_EVENT; + +// +// Anti-starvation boost by BalanceSetmanager event. +// + +typedef struct _ETW_ANTI_STARVATION_BOOST_EVENT +{ + ULONG ThreadId; + USHORT ProcessorIndex; + SCHAR OldPriority; + UCHAR SpareByte; +} ETW_ANTI_STARVATION_BOOST_EVENT, *PETW_ANTI_STARVATION_BOOST_EVENT; + +// +// AutoBoost priority-inversion avoidance events. +// +typedef struct _ETW_AUTOBOOST_SET_PRIORITY_FLOOR_EVENT +{ + PVOID Lock; + ULONG ThreadId; + SCHAR NewCpuPriorityFloor; + SCHAR OldCpuPriority; + union + { + struct + { + SCHAR NewIoPriorityFloor : 4; + SCHAR OldIoPriority : 4; + }; + SCHAR IoPriorities; + }; + + union + { + struct + { + UCHAR ExecutingDpc : 1; + UCHAR WakeupBoost : 1; + UCHAR BoostedOutstandingIrps : 1; + UCHAR Reserved : 5; + }; + UCHAR Flags; + }; +} ETW_AUTOBOOST_SET_PRIORITY_FLOOR_EVENT, *PETW_AUTOBOOST_SET_PRIORITY_FLOOR_EVENT; + +typedef struct _ETW_AUTOBOOST_CLEAR_PRIORITY_FLOOR_EVENT +{ + PVOID Lock; + ULONG ThreadId; + union + { + // + // The order of bits in this field must be the same as the bitmap field + // in KLOCK_ENTRY. + // + struct + { + USHORT IoBoost : 1; + USHORT CpuBoostsBitmap : 15; + }; + USHORT BoostBitmap; + }; + USHORT Reserved; +} ETW_AUTOBOOST_CLEAR_PRIORITY_FLOOR_EVENT, *PETW_AUTOBOOST_CLEAR_PRIORITY_FLOOR_EVENT; + +typedef struct _ETW_AUTOBOOST_NO_ENTRIES_EVENT +{ + PVOID Lock; + ULONG ThreadId; +} ETW_AUTOBOOST_NO_ENTRIES_EVENT, *PETW_AUTOBOOST_NO_ENTRIES_EVENT; + +// +// Priority and affinity change events. +// +typedef struct _ETW_PRIORITY_EVENT +{ + ULONG ThreadId; + SCHAR OldPriority; + SCHAR NewPriority; + SCHAR DynamicPriority; // SetBasePriority events only + SCHAR Reserved; +} ETW_PRIORITY_EVENT, *PETW_PRIORITY_EVENT; + +typedef struct _ETW_THREAD_AFFINITY_EVENT +{ + KAFFINITY Mask; + ULONG ThreadId; + USHORT Group; + USHORT Reserved; +} ETW_THREAD_AFFINITY_EVENT, *PETW_THREAD_AFFINITY_EVENT; + +typedef struct _ETW_DEBUG_PRINT_EVENT +{ + ULONG Component; + ULONG Level; + CHAR Message[1]; +} ETW_DEBUG_PRINT_EVENT, *PETW_DEBUG_PRINT_EVENT; + +// +// Note that BIGPOOL mask is carefully chosen to avoid conflict, and +// this is only for instrumentation. So, there is possibility that +// mask is used by pool component at future. +// + +#define ETW_POOLTRACE_BIGPOOL_MASK 0x10000000 + +typedef struct _ETW_POOL_EVENT +{ + ULONG PoolType; + ULONG Tag; + SIZE_T NumberOfBytes; + PVOID Entry; +} ETW_POOL_EVENT, *PETW_POOL_EVENT; + +// +// Object Manager events +// + +#define ETW_KERNEL_HANDLE_MASK 0x80000000 + +typedef struct _ETW_CREATE_HANDLE_EVENT +{ + PVOID Object; + ULONG Handle; + USHORT ObjectType; +} ETW_CREATE_HANDLE_EVENT, *PETW_CREATE_HANDLE_EVENT; + +typedef ETW_CREATE_HANDLE_EVENT ETW_CLOSE_HANDLE_EVENT, *PETW_CLOSE_HANDLE_EVENT; + +#include +typedef struct _ETW_DUPLICATE_HANDLE_EVENT +{ + PVOID Object; + ULONG SourceHandle; + ULONG TargetHandle; + ULONG TargetProcessId; + USHORT ObjectType; + ULONG SourceProcessId; +} ETW_DUPLICATE_HANDLE_EVENT, *PETW_DUPLICATE_HANDLE_EVENT; +#include + +typedef struct _ETW_OBJECT_TYPE_EVENT +{ + USHORT ObjectType; + USHORT Reserved; + WCHAR Name[ANYSIZE_ARRAY]; +} ETW_OBJECT_TYPE_EVENT, *PETW_OBJECT_TYPE_EVENT; + +typedef struct _ETW_OBJECT_HANDLE_EVENT +{ + PVOID Object; + ULONG ProcessId; + ULONG Handle; + USHORT ObjectType; +} ETW_OBJECT_HANDLE_EVENT, *PETW_OBJECT_HANDLE_EVENT; + +typedef struct _ETW_REFDEREF_OBJECT_EVENT +{ + PVOID Object; + ULONG Tag; + ULONG Count; +} ETW_REFDEREF_OBJECT_EVENT, *PETW_REFDEREF_OBJECT_EVENT; + +typedef struct _ETW_CREATEDELETE_OBJECT_EVENT +{ + PVOID Object; + USHORT ObjectType; +} ETW_CREATEDELETE_OBJECT_EVENT, *PETW_CREATEDELETE_OBJECT_EVENT; + +// +// Wake Counter events +// +typedef struct _ETW_WAKE_COUNTER_EVENT +{ + PVOID Object; + ULONG_PTR Tag; + ULONG ProcessId; + LONG Count; +} ETW_WAKE_COUNTER_EVENT, *PETW_WAKE_COUNTER_EVENT; + +// +// Heap events +// + +#include +typedef struct _ETW_HEAP_EVENT_COMMON +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID Handle; // Handle of Heap +} ETW_HEAP_EVENT_COMMON, *PETW_HEAP_EVENT_COMMON; +#include + +#include +typedef struct _ETW_HEAP_EVENT_ALLOC +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID HeapHandle; // Handle of Heap + SIZE_T Size; // Size of allocation in bytes + PVOID Address; // Address of Allocation + ULONG Source; // Type ie Lookaside, Lowfrag or main path + +} ETW_HEAP_EVENT_ALLOC, *PETW_HEAP_EVENT_ALLOC; +#include + +#include +typedef struct _ETW_HEAP_EVENT_FREE +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID HeapHandle; // Handle of Heap + PVOID Address; // Address to free + ULONG Source; // Type ie Lookaside, Lowfrag or main path + +} ETW_HEAP_EVENT_FREE, *PETW_HEAP_EVENT_FREE; +#include + +#include +typedef struct _ETW_HEAP_EVENT_REALLOC +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID HeapHandle; // Handle of Heap + PVOID NewAddress; // New Address returned to user + PVOID OldAddress; // Old Address got from user + SIZE_T NewSize; // New Size in bytes + SIZE_T OldSize; // Old Size in bytes + ULONG Source; // Type ie Lookaside, Lowfrag or main path +} ETW_HEAP_EVENT_REALLOC, *PETW_HEAP_EVENT_REALLOC; +#include + +#include +typedef struct _ETW_HEAP_EVENT_EXPANSION +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID HeapHandle; // Handle of Heap + SIZE_T CommittedSize; // Memory Size in bytes actually committed + PVOID Address; // Address of free block or segment + SIZE_T FreeSpace; // Total free Space in Heap + SIZE_T CommittedSpace; // Memory Committed + SIZE_T ReservedSpace; // Memory reserved + ULONG NoOfUCRs; // Number of uncommitted ranges + SIZE_T AllocatedSpace; // Memory allocated +} ETW_HEAP_EVENT_EXPANSION, *PETW_HEAP_EVENT_EXPANSION; +#include + +#include +typedef struct _ETW_HEAP_EVENT_CONTRACTION +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID HeapHandle; // Handle of Heap + SIZE_T DeCommitSize; // The size of DeCommitted Block + PVOID DeCommitAddress; // Address of the Decommitted block + SIZE_T FreeSpace; // Total free Space in Heap in bytes + SIZE_T CommittedSpace; // Memory Committed in bytes + SIZE_T ReservedSpace; // Memory reserved in bytes + ULONG NoOfUCRs; // Number of UnCommitted Ranges + SIZE_T AllocatedSpace; // Memory allocated + +} ETW_HEAP_EVENT_CONTRACTION, *PETW_HEAP_EVENT_CONTRACTION; +#include + +#include +typedef struct _ETW_HEAP_EVENT_CREATE +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID HeapHandle; // Handle of Heap + ULONG Flags; // Flags passed while creating heap. + SIZE_T ReserveSize; + SIZE_T CommitSize; + SIZE_T AllocatedSize; +} ETW_HEAP_EVENT_CREATE, *PETW_HEAP_EVENT_CREATE; +#include + +#define HEAP_LOG_CREATE_HEAP 1 +#define HEAP_LOG_FIND_AND_COMMIT_PAGES 2 +#define HEAP_LOG_INITIALIZE_SEGMENT 3 +#define HEAP_LOG_EXTEND_HEAP 4 +#define HEAP_LOG_DECOMMIT_FREE_BLOCK 5 +#define HEAP_LOG_DECOMMIT_FREE_BLOCK2 6 +#define HEAP_LOG_DECOMMIT_BLOCK 7 +#define HEAP_LOG_COMMIT_BLOCK 8 +#define HEAP_LOG_ALLOCATE_HEAP 9 +#define HEAP_LOG_COMMIT_AND_INITIALIZE_PAGES 10 +#define HEAP_LOG_ALLOCATE_SEGMENT_HEAP 11 +#define HEAP_LOG_ALLOCATE_NEW_SEGMENT 12 +#define HEAP_LOG_DECOMMIT_PAGE_RANGE 13 + +typedef struct _HEAP_EVENT_COMMIT_DECOMMIT +{ + PVOID HeapHandle; + PVOID Block; + SIZE_T Size; + ULONG Caller; +} HEAP_EVENT_COMMIT_DECOMMIT, *PHEAP_EVENT_COMMIT_DECOMMIT; + +typedef struct _HEAP_COMMIT_DECOMMIT +{ + SYSTEM_TRACE_HEADER Header; + HEAP_EVENT_COMMIT_DECOMMIT Event; +} HEAP_COMMIT_DECOMMIT, *PHEAP_COMMIT_DECOMMIT; + +typedef struct _HEAP_EVENT_SUBSEGMENT_ALLOC_FREE +{ + PVOID HeapHandle; + PVOID SubSegment; + SIZE_T SubSegmentSize; + SIZE_T BlockSize; +} HEAP_EVENT_SUBSEGMENT_ALLOC_FREE, *PHEAP_EVENT_SUBSEGMENT_ALLOC_FREE; + +typedef struct _HEAP_SUBSEGMENT_FREE +{ + SYSTEM_TRACE_HEADER Header; + HEAP_EVENT_SUBSEGMENT_ALLOC_FREE Event; +} HEAP_SUBSEGMENT_FREE, *PHEAP_SUBSEGMENT_FREE; + +typedef struct _HEAP_SUBSEGMENT_ALLOC +{ + SYSTEM_TRACE_HEADER Header; + HEAP_EVENT_SUBSEGMENT_ALLOC_FREE Event; +} HEAP_SUBSEGMENT_ALLOC, *PHEAP_SUBSEGMENT_ALLOC; + +#include +typedef struct _HEAP_SUBSEGMENT_INIT +{ + SYSTEM_TRACE_HEADER Header; + PVOID HeapHandle; + PVOID SubSegment; + SIZE_T BlockSize; + SIZE_T BlockCount; + ULONG AffinityIndex; +} HEAP_SUBSEGMENT_INIT, *PHEAP_SUBSEGMENT_INIT; +#include + +#include +typedef struct _HEAP_AFINITY_MANAGER_ENABLE +{ + SYSTEM_TRACE_HEADER Header; + PVOID HeapHandle; + ULONG BucketIndex; +} HEAP_AFFINITY_MANAGER_ENABLE, *PHEAP_AFFINITY_MANAGER_ENABLE; +#include + +#include +typedef struct _HEAP_AFFINITY_SLOT_ASSIGN +{ + SYSTEM_TRACE_HEADER Header; + PVOID HeapHandle; + PVOID SubSegment; + ULONG SlotIndex; +} HEAP_AFFINITY_SLOT_ASSIGN, *PHEAP_AFFINITY_SLOT_ASSIGN; +#include + +#include +typedef struct _HEAP_REUSE_THRESHOLD_ACTIVATED +{ + SYSTEM_TRACE_HEADER Header; + PVOID HeapHandle; + PVOID SubSegment; + ULONG BucketIndex; +} HEAP_REUSE_THRESHOLD_ACTIVATED, *PHEAP_REUSE_THRESHOLD_ACTIVATED; +#include + +#include +typedef struct _HEAP_SUBSEGMENT_ACTIVATED +{ + SYSTEM_TRACE_HEADER Header; + PVOID HeapHandle; + PVOID SubSegment; +} HEAP_SUBSEGMENT_ACTIVATED, *PHEAP_AFFINITY_SLOT_ACTIVATED; +#include + +#include +typedef struct _ETW_HEAP_EVENT_SNAPSHOT +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID HeapHandle; // Handle of Heap + SIZE_T FreeSpace; // Total free Space in Heap in bytes + SIZE_T CommittedSpace; // Memory Committed in bytes + SIZE_T ReservedSpace; // Memory reserved in bytes + ULONG Flags; // Flags passed while creating heap. + ULONG ProcessId; + SIZE_T LargeUCRSpace; + ULONG FreeListLength; + ULONG UCRLength; + SIZE_T AllocatedSpace; // Total allocated space in heap, in bytes +} ETW_HEAP_EVENT_SNAPSHOT, *PETW_HEAP_EVENT_SNAPSHOT; +#include + +#include +typedef struct _ETW_HEAP_EVENT_RUNDOWN_RANGE +{ + PVOID Address; + SIZE_T Size; +} ETW_HEAP_EVENT_RUNDOWN_RANGE, *PETW_HEAP_EVENT_RUNDOWN_RANGE; +#include + +#include +typedef struct _ETW_HEAP_EVENT_RUNDOWN +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID HeapHandle; + ULONG Flags; + ULONG ProcessId; + ULONG RangeCount; + ULONG Reserved; // for padding + ETW_HEAP_EVENT_RUNDOWN_RANGE Ranges[1]; +} ETW_HEAP_EVENT_RUNDOWN, *PETW_HEAP_EVENT_RUNDOWN; +#include + +typedef struct _HEAP_EVENT_RANGE_CREATE +{ + PVOID HeapHandle; + SIZE_T FirstRangeSize; + ULONG Flags; +} HEAP_EVENT_RANGE_CREATE, *PHEAP_EVENT_RANGE_CREATE; + +typedef struct _HEAP_EVENT_RANGE +{ + PVOID HeapHandle; + PVOID Address; + SIZE_T Size; +} HEAP_EVENT_RANGE, *PHEAP_EVENT_RANGE; + +typedef struct _HEAP_RANGE_CREATE +{ + SYSTEM_TRACE_HEADER Header; + HEAP_EVENT_RANGE_CREATE Event; +} HEAP_RANGE_CREATE, *PHEAP_RANGE_CREATE; + +typedef struct _HEAP_RANGE_DESTROY +{ + SYSTEM_TRACE_HEADER Header; + PVOID HeapHandle; +} HEAP_RANGE_DESTROY, *PHEAP_RANGE_DESTROY; + +typedef struct _HEAP_RANGE_LOG +{ + SYSTEM_TRACE_HEADER Header; + HEAP_EVENT_RANGE Range; +} HEAP_RANGE_LOG, *PHEAP_RANGE_LOG; + +typedef struct _ETW_CRITSEC_EVENT_COLLISION +{ + SYSTEM_TRACE_HEADER Header; // Header + ULONG LockCount; // Lock Count + ULONG SpinCount; // Spin Count + PVOID OwningThread; // Thread having Lock + PVOID Address; // Address of Critical Section +} ETW_CRITSEC_EVENT_COLLISION, *PETW_CRITSEC_EVENT_COLLISION; + +typedef struct _ETW_CRITSEC_EVENT_INIT +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID SpinCount; // Spin Count + PVOID Address; // Address of Critical Section +} ETW_CRITSEC_EVENT_INIT, *PETW_CRITSEC_EVENT_INIT; + +typedef struct _STACK_WALK_EVENT_DATA +{ + ULONGLONG TimeStamp; + ULONG ProcessId; + ULONG ThreadId; + PVOID Addresses[1]; //Address of captured Stack address +} STACK_WALK_EVENT_DATA, * PSTACK_WALK_EVENT_DATA; + +typedef struct _LOAD_DLL_EVENT_DATA +{ + WCHAR ImageName[1]; +} LOAD_DLL_EVENT_DATA, *PLOAD_DLL_EVENT_DATA; + +typedef struct _CM_PERF_COUNTERS +{ + ULONGLONG OpenedKeys; // number of kcbs in the system + ULONGLONG DelayCloseKCBs; // number of kcbs in delay close + ULONGLONG PrivateAllocPages; // number of pages used by the private allocator for kcbs + ULONGLONG PrivateAllocFree; // number of fixed size allocations which are currently free + ULONGLONG PrivateAllocUsed; // number of fixed size allocations which are currently in use + ULONGLONG LookupCacheHit; // cache hit + ULONGLONG LookupCacheMissFound; // cache miss but key was opened from the hive + ULONGLONG LookupCacheMissNotFound; // cache miss; key does not exist + ULONGLONG ViewMap; // number of times we mapped a view + ULONGLONG ViewUnMap; // number of times we mapped a view + ULONGLONG HiveShrink; // number of times we have shrunk a hive +} CM_PERF_COUNTERS, *PCM_PERF_COUNTERS; + +// +// The class scheduler events +// +typedef struct _CI_LOG_SCHEDULER_EVENT +{ + EVENT_TRACE_HEADER Header; // Header + ULONG ProcessId; // Process id of the the thread being scheduled + ULONG ThreadId; // Thread id of the thread being scheduled + ULONG Priority; // Scheduling priority + ULONG TaskIndex; // Task index the thread being scheduled linked to. +} CI_LOG_SCHEDULER_EVENT, *PCI_LOG_SCHEDULER_EVENT; + +typedef struct _CI_LOG_SCHEDULER_WAKEUP +{ + EVENT_TRACE_HEADER Header; // Header + ULONG Reason; +} CI_LOG_SCHEDULER_WAKEUP, *PCI_LOG_SCHEDULER_WAKEUP; + +typedef struct _CI_LOG_SCHEDULER_SLEEP +{ + EVENT_TRACE_HEADER Header; // Header +} CI_LOG_SCHEDULER_SLEEP, *PCI_LOG_SCHEDULER_SLEEP; + +typedef struct _CI_LOG_SCHEDULER_SLEEP_RESPONSE +{ + EVENT_TRACE_HEADER Header; // Header +} CI_LOG_SCHEDULER_SLEEP_RESPONSE, *PCI_LOG_SCHEDULER_SLEEP_RESPONSE; + +typedef struct _CI_LOG_MMCSS_START +{ + EVENT_TRACE_HEADER Header; // Header +} CI_LOG_MMCSS_START, *PCI_LOG_MMCSS_START; + +typedef struct _CI_LOG_MMCSS_STOP +{ + EVENT_TRACE_HEADER Header; // Header +} CI_LOG_MMCSS_STOP, *PCI_LOG_MMCSS_STOP; + +// +// UMS events. +// +#define UMS_ETW_DIRECTED_SWITCH_START_VOLATILE (0x1) + +typedef struct _ETW_UMS_EVENT_DIRECTED_SWITCH_START +{ + ULONG ProcessId; + ULONG ScheduledThreadId; + ULONG PrimaryThreadId; + ULONG SwitchFlags; +} ETW_UMS_EVENT_DIRECTED_SWITCH_START, *PETW_UMS_EVENT_DIRECTED_SWITCH_START; + +#define UMS_ETW_DIRECTED_SWITCH_END_FAST (0x1) + +typedef struct _ETW_UMS_EVENT_DIRECTED_SWITCH_END +{ + ULONG ProcessId; + ULONG ScheduledThreadId; + ULONG PrimaryThreadId; + ULONG SwitchFlags; +} ETW_UMS_EVENT_DIRECTED_SWITCH_END, *PETW_UMS_EVENT_DIRECTED_SWITCH_END; + +#define UMS_ETW_PARK_VOLATILE (0x1) +#define UMS_ETW_PARK_PRIMARY_PRESENT (0x2) +#define UMS_ETW_PARK_PRIMARY_DELIVERED_CONTEXT (0x4) + +typedef struct _ETW_UMS_EVENT_PARK +{ + ULONG ProcessId; + ULONG ScheduledThreadId; + ULONG ParkFlags; +} ETW_UMS_EVENT_PARK, *PETW_UMS_EVENT_PARK; + +typedef struct _ETW_UMS_EVENT_DISASSOCIATE +{ + ULONG ProcessId; + ULONG ScheduledThreadId; + ULONG PrimaryThreadId; + ULONG UmsApcControlFlags; + NTSTATUS Status; +} ETW_UMS_EVENT_DISASSOCIATE, *PETW_UMS_EVENT_DISASSOCIATE; + +typedef struct _ETW_UMS_EVENT_CONTEXT_SWITCH +{ + SYSTEM_TRACE_HEADER Header; + ULONG ScheduledThreadId; + ULONG SwitchCount; + ULONG KernelYieldCount; + ULONG MixedYieldCount; + ULONG YieldCount; // Used to determine event size; needs to be the last field. +} ETW_UMS_EVENT_CONTEXT_SWITCH, *PETW_UMS_EVENT_CONTEXT_SWITCH; + +// +// For ETW_SET_TIMER_EVENT, Period must always be defined as the last member as +// the same structure is used for periodic and one-shot timers. In the latter +// case, the payload size is truncated to ignore the period field. +// +typedef struct _ETW_SET_TIMER_EVENT +{ + ULONG64 ExpectedDueTime; + ULONG_PTR TimerAddress; + USHORT TargetProcessorGroup; + UCHAR TargetProcessorIndex; + UCHAR Flags; + ULONG Period; + UCHAR EncodedDelay; + UCHAR Reserved0; + USHORT Reserved1; +} ETW_SET_TIMER_EVENT, *PETW_SET_TIMER_EVENT; + +typedef struct _ETW_CANCEL_TIMER_EVENT +{ + ULONG_PTR TimerAddress; +} ETW_CANCEL_TIMER_EVENT, *PETW_CANCEL_TIMER_EVENT; + +typedef struct _ETW_TIMER_EXPIRATION_EVENT +{ + ULONG64 ExpectedDueTime; + ULONG_PTR TimerAddress; + ULONG_PTR DeferredRoutine; + UCHAR EncodedDelay; +} ETW_TIMER_EXPIRATION_EVENT, *PETW_TIMER_EXPIRATION_EVENT; + +typedef struct _ETW_TIMER_EXPIRATION_START_EVENT +{ + ULONG64 InterruptTime; +} ETW_TIMER_EXPIRATION_START_EVENT, *PETW_TIMER_EXPIRATION_START_EVENT; + +#define ETW_KTIMER2_HAS_CALLBACK 0x01 +#define ETW_KTIMER2_PERIODIC 0x02 +#define ETW_KTIMER2_IDLE_RESILIENT 0x04 +#define ETW_KTIMER2_HIGH_RESOLUTION 0x08 +#define ETW_KTIMER2_NO_WAKE 0x10 +#define ETW_KTIMER2_NO_WAKE_FINITE 0x20 + +// +// Define timer events. +// + +#define ETW_TIMER_COALESCABLE 0x01 +#define ETW_TIMER_DPC 0x02 +#define ETW_TIMER_IDLE_RESILIENT ETW_KTIMER2_IDLE_RESILIENT +#define ETW_TIMER_HIGH_RESOLUTION ETW_KTIMER2_HIGH_RESOLUTION +#define ETW_TIMER_NO_WAKE ETW_KTIMER2_NO_WAKE + +typedef struct _ETW_SET_KTIMER2_EVENT +{ + ULONG64 DueTime; + ULONG64 MaximumDueTime; + ULONG64 Period; + ULONG_PTR TimerKey; + ULONG_PTR Callback; + ULONG_PTR CallbackContextKey; + UCHAR Flags; +} ETW_SET_KTIMER2_EVENT, *PETW_SET_KTIMER2_EVENT; + +typedef ETW_SET_KTIMER2_EVENT ETW_KTIMER2_EXPIRATION_EVENT, *PETW_KTIMER2_EXPIRATION_EVENT; + +typedef struct _ETW_CANCEL_KTIMER2_EVENT +{ + ULONG_PTR TimerKey; +} ETW_CANCEL_KTIMER2_EVENT, *PETW_CANCEL_KTIMER2_EVENT; + +#define ETW_DISABLE_KTIMER2_CANCEL 0x1 +#define ETW_DISABLE_KTIMER2_WAIT 0x2 +#define ETW_DISABLE_KTIMER2_DELAYED 0x4 +#define ETW_DISABLE_KTIMER2_HAS_DISABLE_CALLBACK 0x8 + +typedef struct _ETW_DISABLE_KTIMER2_EVENT +{ + ULONG_PTR TimerKey; + ULONG_PTR DisableCallback; + ULONG_PTR DisableContextKey; + UCHAR Flags; +} ETW_DISABLE_KTIMER2_EVENT, *PETW_DISABLE_KTIMER2_EVENT; + +typedef struct _ETW_FINALIZE_KTIMER2_EVENT +{ + ULONG_PTR TimerKey; + ULONG_PTR DisableCallback; + ULONG_PTR DisableContextKey; +} ETW_FINALIZE_KTIMER2_EVENT, *PETW_FINALIZE_KTIMER2_EVENT; + +// +// Clock event definitions. +// +typedef enum _PERFINFO_DYNAMIC_TICK_VETO_REASON +{ + DynamicTickVetoNone = 0, + DynamicTickVetoProcBusy, + DynamicTickVetoSoftwareTimer, + DynamicTickVetoClockConstraint, + DynamicTickVetoClockOutOfSync, + DynamicTickVetoClockUpdateFailed, + DynamicTickVetoMax +} PERFINFO_DYNAMIC_TICK_VETO_REASON, *PPERFINFO_DYNAMIC_TICK_VETO_REASON; + +typedef enum _PERFINFO_DYNAMIC_TICK_DISABLE_REASON +{ + DynamicTickDisableReasonNone = 0, + DynamicTickDisableReasonBcdOverride, + DynamicTickDisableReasonNoHwSupport, + DynamicTickDisableReasonEmOverride, + DynamicTickDisableReasonMax +} PERFINFO_DYNAMIC_TICK_DISABLE_REASON, *PPERFINFO_DYNAMIC_TICK_DISABLE_REASON; + +typedef struct _ETW_CLOCK_CONFIGURATION_EVENT +{ + ULONG KnownType; + ULONG Capabilities; + PERFINFO_DYNAMIC_TICK_DISABLE_REASON DisableReason; +} ETW_CLOCK_CONFIGURATION_EVENT, *PETW_CLOCK_CONFIGURATION_EVENT; + +typedef struct _ETW_CLOCK_TIME_UPDATE +{ + ULONG64 InterruptTime; + ULONG ClockOwner; +} ETW_CLOCK_TIME_UPDATE, *PETW_CLOCK_TIME_UPDATE; + +typedef struct _ETW_CLOCK_STATE_CHANGE_EVENT +{ + UCHAR NewState; + UCHAR PrevState; + UCHAR Reserved[6]; + union + { + struct + { + ULONG64 DeliveredIncrement; + ULONG64 RequestedIncrement; + }; + ULONG64 NextClockUpdateTime; + }; +} ETW_CLOCK_STATE_CHANGE_EVENT, *PETW_CLOCK_STATE_CHANGE_EVENT; + +// +// DFSS Events +// +typedef struct _ETW_PER_SESSION_QUOTA +{ + ULONG SessionId; + ULONG CpuShareWeight; + LONGLONG CapturedWeightData; + ULONG64 CyclesAccumulated; +} ETW_PER_SESSION_QUOTA, *PETW_PER_SESSION_QUOTA; + +typedef struct _ETW_DFSS_START_NEW_INTERVAL +{ + ULONG CurrentGeneration; + ULONG SessionCount; + ULONG64 TotalCycleCredit; + ULONG64 TotalCyclesAccumulated; + ETW_PER_SESSION_QUOTA SessionQuota[1]; +} ETW_DFSS_START_NEW_INTERVAL, *PETW_DFSS_START_NEW_INTERVAL; + +typedef struct _ETW_DFSS_RELEASE_THREAD_ON_IDLE +{ + ULONG CurrentGeneration; + ULONG SessionSelectedToRun; + ULONG64 CycleBaseAllowance; + LONG64 CyclesRemaining; +} ETW_DFSS_RELEASE_THREAD_ON_IDLE, *PETW_DFSS_RELEASE_THREAD_ON_IDLE; + +typedef struct _ETW_CPU_CACHE_FLUSH_EVENT +{ + PVOID Address; + SIZE_T Bytes; + BOOLEAN Clean; + BOOLEAN FullFlush; + BOOLEAN Rectangle; + BOOLEAN Reserved0; + ULONG Reserved1; +} ETW_CPU_CACHE_FLUSH_EVENT, *PETW_CPU_CACHE_FLUSH_EVENT; + +DEFINE_GUID( /* 2b88b710-1c93-4f7c-b06c-655ecc50decc */ + EtwSecondaryDumpDataGuid, + 0x2b88b710, + 0x1c93, + 0x4f7c, + 0xb0, 0x6c, 0x65, 0x5e, 0xcc, 0x50, 0xde, 0xcc + ); + +// +// CKCL Name and Guid +// +#define CKCL_NAMEW L"Circular Kernel Context Logger" +#define CKCL_NAMEA "Circular Kernel Context Logger" + +DEFINE_GUID( /* 54dea73a-ed1f-42a4-af71-3e63d056f174 */ + CKCLGuid, + 0x54dea73a, + 0xed1f, + 0x42a4, + 0xaf, 0x71, 0x3e, 0x63, 0xd0, 0x56, 0xf1, 0x74 + ); + +// +// Audit Session Name and Guid +// +#define AUDIT_LOGGER_NAMEW L"Eventlog-Security" +#define AUDIT_LOGGER_NAMEA "Eventlog-Security" + +DEFINE_GUID( /* 0e66e20b-b802-ba6a-9272-31199d0ed295 */ + AuditLoggerGuid, + 0x0e66e20b, + 0xb802, + 0xba6a, + 0x92, 0x72, 0x31, 0x19, 0x9d, 0x0e, 0xd2, 0x95 + ); + +// +// Security Provider (LSASS) Guid +// +DEFINE_GUID( /* 54849625-5478-4994-a5ba-3e3b0328c30d */ + SecurityProviderGuid, + 0x54849625, + 0x5478, + 0x4994, + 0xa5, 0xba, 0x3e, 0x3b, 0x03, 0x28, 0xc3, 0x0d + ); + +DEFINE_GUID( /* 472496cf-0daf-4f7c-ac2e-3f8457ecc6bb */ + PrivateLoggerSecurityGuid, + 0x472496cf, + 0x0daf, + 0x4f7c, + 0xac, 0x2e, 0x3f, 0x84, 0x57, 0xec, 0xc6, 0xbb + ); + +// +// Spare guids for Perf/System events. +// + +DEFINE_GUID( /* 3282fc76-feed-498e-8aa7-e70f459d430e */ + JobGuid, + 0x3282fc76, + 0xfeed, + 0x498e, + 0x8a, 0xa7, 0xe7, 0x0f, 0x45, 0x9d, 0x43, 0x0e + ); + +DEFINE_GUID( /* 99134383-5248-43fc-834b-529454e75df3 */ + EventTraceSpare1, + 0x99134383, + 0x5248, + 0x43fc, + 0x83, 0x4b, 0x52, 0x94, 0x54, 0xe7, 0x5d, 0xf3 + ); + +DEFINE_GUID( /* 42695762-ea50-497a-9068-5cbbb35e0b95 */ + WnfGuid, + 0x42695762, + 0xea50, + 0x497a, + 0x90, 0x68, 0x5c, 0xbb, 0xb3, 0x5e, 0x0b, 0x95 + ); + +DEFINE_GUID( /* 3BEEF58A-6E0F-445D-B2A4-37AB737BD47E */ + UmglThreadGuid, + 0x3beef58a, + 0x6e0f, + 0x445d, 0xb2, 0xa4, 0x37, 0xab, 0x73, 0x7b, 0xd4, 0x7e + ); + +//// +//// DefaultTraceSecurityGuid. Specifies the default event tracing security +//// +//DEFINE_GUID( /* 0811c1af-7a07-4a06-82ed-869455cdf713 */ +// DefaultTraceSecurityGuid, +// 0x0811c1af, +// 0x7a07, +// 0x4a06, +// 0x82, 0xed, 0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13 +// ); + +DEFINE_GUID( /* 3d6fa8d4-fe05-11d0-9dda-00c04fd7ba7c */ + DiskIoGuid, + 0x3d6fa8d4, + 0xfe05, + 0x11d0, + 0x9d, 0xda, 0x00, 0xc0, 0x4f, 0xd7, 0xba, 0x7c + ); + +DEFINE_GUID( /* B3E675D7-2554-4f18-830B-2762732560DE */ + ImageIdGuid, + 0xb3e675d7, + 0x2554, + 0x4f18, + 0x83, 0xb, 0x27, 0x62, 0x73, 0x25, 0x60, 0xde + ); + +DEFINE_GUID( /* 0268a8b6-74fd-4302-9dd0-6e8f1795c0cf */ + PoolGuid, + 0x0268a8b6, + 0x74fd, + 0x4302, + 0x9d, 0xd0, 0x6e, 0x8f, 0x17, 0x95, 0xc0, 0xcf + ); + +DEFINE_GUID( /* ce1dbfb4-137e-4da6-87b0-3f59aa102cbc */ + PerfinfoGuid, + 0xce1dbfb4, + 0x137e, + 0x4da6, + 0x87, 0xb0, 0x3f, 0x59, 0xaa, 0x10, 0x2c, 0xbc + ); + +DEFINE_GUID( /* 222962ab-6180-4b88-a825-346b75f2a24a */ + HeapGuid, + 0x222962ab, + 0x6180, + 0x4b88, + 0xa8, 0x25, 0x34, 0x6b, 0x75, 0xf2, 0xa2, 0x4a + ); + +DEFINE_GUID( /* d781ca11-61c0-4387-b83d-af52d3d2dd6a */ + HeapRangeGuid, + 0xd781ca11, + 0x61c0, + 0x4387, + 0xb8, 0x3d, 0xaf, 0x52, 0xd3, 0xd2, 0xdd, 0x6a + ); + +DEFINE_GUID( /* 05867806-c246-43ef-a147-e17d2bdb1496 */ + HeapSummaryGuid, + 0x05867806, + 0xc246, + 0x43ef, + 0xa1, 0x47, 0xe1, 0x7d, 0x2b, 0xdb, 0x14, 0x96 + ); + +DEFINE_GUID( /* 3AC66736-CC59-4cff-8115-8DF50E39816B */ + CritSecGuid, + 0x3ac66736, + 0xcc59, + 0x4cff, + 0x81, 0x15, 0x8d, 0xf5, 0xe, 0x39, 0x81, 0x6b + ); + +DEFINE_GUID( /* DEF2FE46-7BD6-4b80-bd94-F57FE20D0CE3 */ + StackWalkGuid, + 0xdef2fe46, + 0x7bd6, + 0x4b80, + 0xbd, 0x94, 0xf5, 0x7f, 0xe2, 0xd, 0xc, 0xe3 + ); + +DEFINE_GUID( /* 45d8cccd-539f-4b72-a8b7-5c683142609a */ + ALPCGuid, + 0x45d8cccd, + 0x539f, + 0x4b72, + 0xa8, 0xb7, 0x5c, 0x68, 0x31, 0x42, 0x60, 0x9a + ); + +DEFINE_GUID( /* 6A399AE0-4BC6-4DE9-870B-3657F8947E7E */ + RTLostEventsGuid, + 0x6a399ae0, + 0x4bc6, + 0x4de9, + 0x87, 0x0b, 0x36, 0x57, 0xf8, 0x94, 0x7e, 0x7e + ); + +DEFINE_GUID( /* E21D2142-DF90-4d93-BBD9-30E63D5A4AD6 */ + NtdllTraceGuid, + 0xe21d2142, + 0xdf90, + 0x4d93, + 0xbb, 0xd9, 0x30, 0xe6, 0x3d, 0x5a, 0x4a, 0xd6 + ); + +DEFINE_GUID( /* d3de60b2-a663-45d5-9826-a0a5949d2cb0 */ + LoadMUIDllGuid, + 0xd3de60b2, + 0xa663, + 0x45d5, + 0x98, 0x26, 0xa0, 0xa5, 0x94, 0x9d, 0x2c, 0xb0 + ); + +DEFINE_GUID( /* 89497f50-effe-4440-8cf2-ce6b1cdcaca7 */ + ObjectGuid, + 0x89497f50, + 0xeffe, + 0x4440, + 0x8c, 0xf2, 0xce, 0x6b, 0x1c, 0xdc, 0xac, 0xa7 + ); + +DEFINE_GUID( /* a9152f00-3f58-4bee-92a1-70c7d079d5dd */ + ModBoundGuid, + 0xa9152f00, + 0x3f58, + 0x4bee, + 0x92, 0xa1, 0x70, 0xc7, 0xd0, 0x79, 0xd5, 0xdd + ); + +DEFINE_GUID( /* 3d6fa8d0-fe05-11d0-9dda-00c04fd7ba7c */ + ProcessGuid, + 0x3d6fa8d0, + 0xfe05, + 0x11d0, + 0x9d, 0xda, 0x00, 0xc0, 0x4f, 0xd7, 0xba, 0x7c + ); + +DEFINE_GUID( /* E43445E0-0903-48c3-B878-FF0FCCEBDD04 */ + PowerGuid, + 0xe43445e0, + 0x903, + 0x48c3, + 0xb8, 0x78, 0xff, 0xf, 0xcc, 0xeb, 0xdd, 0x4 + ); + +DEFINE_GUID( /* F8F10121-B617-4A56-868B-9dF1B27FE32C */ + MmcssGuid, + 0xf8f10121, + 0xb617, + 0x4a56, + 0x86, 0x8b, 0x9d, 0xf1, 0xb2, 0x7f, 0xe3, 0x2c + ); + +DEFINE_GUID( /* b2d14872-7c5b-463d-8419-ee9bf7d23e04 */ + DpcGuid, + 0xb2d14872, + 0x7c5b, + 0x463d, + 0x84, 0x19, 0xee, 0x9b, 0xf7, 0xd2, 0x3e, 0x04 + ); + +DEFINE_GUID( /* d837ca92-12b9-44a5-ad6a-3a65b3578aa8 */ + SplitIoGuid, + 0xd837ca92, + 0x12b9, + 0x44a5, + 0xad, 0x6a, 0x3a, 0x65, 0xb3, 0x57, 0x8a, 0xa8 + ); + +DEFINE_GUID( /* c861d0e2-a2c1-4d36-9f9c-970bab943a12 */ + ThreadPoolGuid, + 0xc861d0e2, + 0xa2c1, + 0x4d36, + 0x9f, 0x9c, 0x97, 0x0b, 0xab, 0x94, 0x3a, 0x12 + ); + +DEFINE_GUID( /* bddad2c1-52d1-4aea-94d6-b3ca9236f62e */ + UmsTraceGuid, + 0xbddad2c1, + 0x52d1, + 0x4aea, + 0x94, 0xd6, 0xb3, 0xca, 0x92, 0x36, 0xf6, 0x2e + ); + +DEFINE_GUID( /* 9aec974b-5b8e-4118-9b92-3186d8002ce5 */ + UmsEventGuid, + 0x9aec974b, + 0x5b8e, + 0x4118, + 0x9b, 0x92, 0x31, 0x86, 0xd8, 0x00, 0x2c, 0xe5 + ); + +DEFINE_GUID( /* 7f2a405c-69b5-4bf9-a1f5-30e8f1afab5e */ + HypervisorTraceGuid, + 0x7f2a405c, + 0x69b5, + 0x4bf9, + 0xa1, 0xf5, 0x30, 0xe8, 0xf1, 0xaf, 0xab, 0x5e + ); + +DEFINE_GUID( /* 2ce9a149-effe-42f0-a635-a1d39e26c8f2 */ + HypervisorXTraceGuid, + 0x2ce9a149, + 0xeffe, + 0x42f0, + 0xa6, 0x35, 0xa1, 0xd3, 0x9e, 0x26, 0xc8, 0xf2 + ); + +DEFINE_GUID( /* 2d9f3a42-01d4-4733-97f7-041e8021dc84 */ + LegacyEventLogGuid, + 0x2d9f3a42, + 0x01d4, + 0x4733, + 0x97, 0xf7, 0x04, 0x1e, 0x80, 0x21, 0xdc, 0x84 + ); + +DEFINE_GUID( /* 3b9c9951-3480-4220-9377-9c8e5184f5cd */ + KernelRundownGuid, + 0x3b9c9951, + 0x3480, + 0x4220, + 0x93, 0x77, 0x9c, 0x8e, 0x51, 0x84, 0xf5, 0xcd + ); + +DEFINE_GUID( /* 2a6e185b-90de-4fc5-826c-9f44e608a427 */ + SessionNotificationGuid, + 0x2a6e185b, + 0x90de, + 0x4fc5, + 0x82, 0x6c, 0x9f, 0x44, 0xe6, 0x08, 0xa4, 0x27 + ); + +DEFINE_GUID( /* 7687a439-f752-45b8-b741-321aec0f8df9 */ + CcGuid, + 0x7687a439, + 0xf752, + 0x45b8, + 0xb7, 0x41, 0x32, 0x1a, 0xec, 0x0f, 0x8d, 0xf9 + ); + +DEFINE_GUID( /* 00000000-0000-0000-0000-000000000000 */ + NullGuid, + 0x00000000, + 0x0000, + 0x0000, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + ); + +/// +// EventTraceGuid is used to identify a event tracing session +// +//DEFINE_GUID( /* 68fdd900-4a3e-11d1-84f4-0000f80464e3 */ +// EventTraceGuid, +// 0x68fdd900, +// 0x4a3e, +// 0x11d1, +// 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3 +// ); +// +// +// EventTraceConfigGuid. Used to report system configuration records +// +//DEFINE_GUID( /* 01853a65-418f-4f36-aefc-dc0f1d2fd235 */ +// EventTraceConfigGuid, +// 0x01853a65, +// 0x418f, +// 0x4f36, +// 0xae, 0xfc, 0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35 +// ); + +DEFINE_GUID( /* 90cbdc39-4a3e-11d1-84f4-0000f80464e3 */ + FileIoGuid, + 0x90cbdc39, + 0x4a3e, + 0x11d1, + 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3 + ); + +DEFINE_GUID( /* 2cb15d1d-5fc1-11d2-abe1-00a0c911f518 */ + ImageLoadGuid, + 0x2cb15d1d, + 0x5fc1, + 0x11d2, + 0xab, 0xe1, 0x00, 0xa0, 0xc9, 0x11, 0xf5, 0x18 + ); + +DEFINE_GUID( /* 3d6fa8d3-fe05-11d0-9dda-00c04fd7ba7c */ + PageFaultGuid, + 0x3d6fa8d3, + 0xfe05, + 0x11d0, + 0x9d, 0xda, 0x00, 0xc0, 0x4f, 0xd7, 0xba, 0x7c + ); + +DEFINE_GUID( /* AE53722E-C863-11d2-8659-00C04FA321A1 */ + RegistryGuid, + 0xae53722e, + 0xc863, + 0x11d2, + 0x86, 0x59, 0x0, 0xc0, 0x4f, 0xa3, 0x21, 0xa1 + ); + +DEFINE_GUID( /* 9a280ac0-c8e0-11d1-84e2-00c04fb998a2 */ + TcpIpGuid, + 0x9a280ac0, + 0xc8e0, + 0x11d1, + 0x84, 0xe2, 0x00, 0xc0, 0x4f, 0xb9, 0x98, 0xa2 + ); + +DEFINE_GUID( /* 3d6fa8d1-fe05-11d0-9dda-00c04fd7ba7c */ + ThreadGuid, + 0x3d6fa8d1, + 0xfe05, + 0x11d0, + 0x9d, 0xda, 0x00, 0xc0, 0x4f, 0xd7, 0xba, 0x7c + ); + +DEFINE_GUID( /* bf3a50c5-a9c9-4988-a005-2df0b7c80f80 */ + UdpIpGuid, + 0xbf3a50c5, + 0xa9c9, + 0x4988, + 0xa0, 0x05, 0x2d, 0xf0, 0xb7, 0xc8, 0x0f, 0x80 + ); + +// +// ThreadPool Events +// If you change these structures, may need to update some users of these +// structures. +// Avoid inner structure padding +// + +typedef struct _ETW_TP_EVENT_CALLBACK_ENQUEUE +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID PoolId; // Pool Identifier + PVOID TaskId; // Task Identifier + PVOID Callback; // Callback Function + PVOID Context; // Callback Context + PVOID SubProcessTag; // Sub-components in a process + // SubProcessTag must be the last field or update users +} ETW_TP_EVENT_CALLBACK_ENQUEUE, *PETW_TP_EVENT_CALLBACK_ENQUEUE; + +// +// Use the same struct for Enqueue and Dequeue +// + +typedef ETW_TP_EVENT_CALLBACK_ENQUEUE ETW_TP_EVENT_CALLBACK_DEQUEUE, *PETW_TP_EVENT_CALLBACK_DEQUEUE; + +typedef struct _ETW_TP_EVENT_CALLBACK_START +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID PoolId; // Pool Identifier + PVOID TaskId; // Task Identifier + PVOID Callback; // Callback Function + PVOID Context; // Callback Context + PVOID SubProcessTag; // Sub-components in a process + // SubProcessTag must be the last field or update users + +} ETW_TP_EVENT_CALLBACK_START, *PETW_TP_EVENT_CALLBACK_START; + +// +// Use the same struct for Start and Stop +// + +typedef ETW_TP_EVENT_CALLBACK_START ETW_TP_EVENT_CALLBACK_STOP, *PETW_TP_EVENT_CALLBACK_STOP; + +typedef struct _ETW_TP_EVENT_CALLBACK_CANCEL +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID PoolId; // Pool Identifier + PVOID TaskId; // Task Identifier + PVOID Callback; // Callback Function + PVOID Context; // Callback Context + PVOID SubProcessTag; // Sub-components in a process + ULONG CancelCount; // Number of callbacks cancelled + // CancelCount must be the last field or update users + +} ETW_TP_EVENT_CALLBACK_CANCEL, *PETW_TP_EVENT_CALLBACK_CANCEL; + +typedef struct _ETW_TP_EVENT_POOL_CREATE +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID PoolId; // Pool Identifier + // PoolId must be the last field or update users + +} ETW_TP_EVENT_POOL_CREATE, *PETW_TP_EVENT_POOL_CREATE; + +typedef struct _ETW_TP_EVENT_POOL_CLOSE +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID PoolId; // Pool Identifier + // PoolId must be the last field or update users + +} ETW_TP_EVENT_POOL_CLOSE, *PETW_TP_EVENT_POOL_CLOSE; + +typedef struct _ETW_TP_EVENT_POOL_TH_MIN_SET +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID PoolId; // Pool Identifier + ULONG ThreadNum; // New limit on number of threads + // ThreadNum must be the last field or update users + +} ETW_TP_EVENT_POOL_TH_MIN_SET, *PETW_TP_EVENT_POOL_TH_MIN_SET; + +typedef struct _ETW_TP_EVENT_POOL_TH_MAX_SET +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID PoolId; // Pool Identifier + ULONG ThreadNum; // New limit on number of threads + // ThreadNum must be the last field or update users + +} ETW_TP_EVENT_POOL_TH_MAX_SET, *PETW_TP_EVENT_POOL_TH_MAX_SET; + +typedef struct _ETW_TP_EVENT_WORKER_NUMANODE_SWITCH +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID PoolId; // Pool Identifier + ULONG CurrentNode; // Thread's current numa node + ULONG NextNode; // The node the thread is moving to + USHORT CurrentGroup; // Thread's current group + USHORT NextGroup; // The group the thread is moving to + ULONG CurrentWorkerCount; // Current node's worker count + ULONG NextWorkerCount; // Next node's worker count + // NextWorkerCount must be the last field or update users + +} ETW_TP_EVENT_WORKER_NUMANODE_SWITCH, *PETW_TP_EVENT_WORKER_NUMANODE_SWITCH; + +#include +typedef struct _ETW_TP_EVENT_TIMER_SET +{ + SYSTEM_TRACE_HEADER Header; // Header + LONG64 DueTime; // Due time + PVOID SubQueue; // Sub Queue to be inserted + PVOID Timer; // Timer to be set + ULONG Period; // period of the timer + ULONG WindowLength; // Tolerate period + ULONG Absolute; // An absolute timer or relative timer +} ETW_TP_EVENT_TIMER_SET, *PETW_TP_EVENT_TIMER_SET; + +typedef struct _ETW_TP_EVENT_TIMER_CANCELLED +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID SubQueue; // Sub Queue containing the timer + PVOID Timer; // Timer to be cancelled +} ETW_TP_EVENT_TIMER_CANCELLED, *PETW_TP_EVENT_TIMER_CANCELLED; + +typedef struct _ETW_TP_EVENT_TIMER_SET_NTTIMER +{ + SYSTEM_TRACE_HEADER Header; // Header + LONG64 DueTime; // Due time + PVOID SubQueue; // Sub Queue to be inserted + ULONG TolerableDelay; // Tolerance +} ETW_TP_EVENT_TIMER_SET_NTTIMER, *PETW_TP_EVENT_TIMER_SET_NTTIMER; + +typedef struct _ETW_TP_EVENT_TIMER_CANCEL_NTTIMER +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID SubQueue; // Sub Queue to be cancelled +} ETW_TP_EVENT_TIMER_CANCEL_NTTIMER, *PETW_TP_EVENT_TIMER_CANCEL_NTTIMER; + +typedef struct _ETW_TP_EVENT_TIMER_EXPIRATION_BEGIN +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID SubQueue; // Sub Queue to be expired +} ETW_TP_EVENT_TIMER_EXPIRATION_BEGIN, *PETW_TP_EVENT_TIMER_EXPIRATION_BEGIN; + +typedef struct _ETW_TP_EVENT_TIMER_EXPIRATION_END +{ + SYSTEM_TRACE_HEADER Header; // Header + PVOID SubQueue; // Sub Queue to be expired +} ETW_TP_EVENT_TIMER_EXPIRATION_END, *PETW_TP_EVENT_TIMER_EXPIRATION_END; + +typedef struct _ETW_TP_EVENT_TIMER_EXPIRATION +{ + SYSTEM_TRACE_HEADER Header; // Header + LONG64 DueTime; // Due time + PVOID SubQueue; // Sub Queue containing the timer + PVOID Timer; // Timer to be expired + ULONG Period; // period of the timer + ULONG WindowLength; // Tolerate period +} ETW_TP_EVENT_TIMER_EXPIRATION, *PETW_TP_EVENT_TIMER_EXPIRATION; +#include + +// +// Thread SubProcessTag Changed Event +// + +typedef struct _ETW_THREAD_EVENT_SUBPROCESSTAG +{ + SYSTEM_TRACE_HEADER Header; // Header + ULONG OldTag; + ULONG NewTag; +} ETW_THREAD_EVENT_SUBPROCESSTAG, *PETW_THREAD_EVENT_SUBPROCESSTAG; + +// +// WNF Events +// +typedef struct _ETW_WNF_EVENT_SUBSCRIBE +{ + SYSTEM_TRACE_HEADER Header; // Header + LARGE_INTEGER StateName; // State name + PVOID Subscription; // User Subscription + PVOID NameSub; // Name Subscription + PVOID Callback; // Callback function + ULONG RefCount; // Name Subscription Refcount + ULONG DeliveryFlags; // Requested Deliveries +} ETW_WNF_EVENT_SUBSCRIBE, *PETW_WNF_EVENT_SUBSCRIBE; + +typedef ETW_WNF_EVENT_SUBSCRIBE ETW_WNF_EVENT_UNSUBSCRIBE, *PETW_WNF_EVENT_UNSUBSCRIBE; + +typedef struct _ETW_WNF_EVENT_CALLBACK +{ + SYSTEM_TRACE_HEADER Header; // Header + LARGE_INTEGER StateName; // State name + PVOID Subscription; // User Subscription + PVOID NameSub; // Name Subscription + PVOID Callback; // Callback function + ULONG ChangeStamp; // Change Stamp + ULONG DeliveryFlags; // Delivery types + ULONG Return; // Return status from callback +} ETW_WNF_EVENT_CALLBACK, *PETW_WNF_EVENT_CALLBACK; + +typedef struct _ETW_WNF_EVENT_PUBLISH +{ + SYSTEM_TRACE_HEADER Header; // Header + LARGE_INTEGER StateName; // State name + ULONG DataLength; // Length of State Data +} ETW_WNF_EVENT_PUBLISH, *PETW_WNF_EVENT_PUBLISH; + +typedef struct _ETW_WNF_EVENT_NAME_SUB_RUNDOWN +{ + SYSTEM_TRACE_HEADER Header; // Header + LARGE_INTEGER StateName; // State name + PVOID NameSub; // Name Subscription +} ETW_WNF_EVENT_NAME_SUB_RUNDOWN, *PETW_WNF_EVENT_NAME_SUB_RUNDOWN; + +// +// Data structures of events +// +#define PERFINFO_THREAD_SWAPABLE 0 +#define PERFINFO_THREAD_NONSWAPABLE 1 + +typedef struct _PERFINFO_MARK_EVENT +{ + ULONG TranId; + UCHAR Level; + UCHAR AppId; + USHORT OpId; + WCHAR Text[1]; +} PERFINFO_MARK_EVENT, *PPERFINFO_MARK_EVENT; + +// +// Structures for Driver hooks +// + +#include +typedef struct _PERFINFO_DRIVER_MAJORFUNCTION +{ + ULONG MajorFunction; + ULONG MinorFunction; + PVOID RoutineAddr; + PVOID FileNamePointer; + PVOID Irp; + ULONG UniqMatchId; +} PERFINFO_DRIVER_MAJORFUNCTION, *PPERFINFO_DRIVER_MAJORFUNCTION; +#include + +#include +typedef struct _PERFINFO_DRIVER_MAJORFUNCTION_RET +{ + PVOID Irp; + ULONG UniqMatchId; +} PERFINFO_DRIVER_MAJORFUNCTION_RET, *PPERFINFO_DRIVER_MAJORFUNCTION_RET; +#include + +#include +typedef struct _PERFINFO_DRIVER_COMPLETE_REQUEST +{ + // + // Driver major function routine address for the "current" stack location + // on the IRP when it was completed. It is used to identify which driver + // was processing the IRP when the IRP got completed. + // + + PVOID RoutineAddr; + + // + // Irp field and UniqMatchId is used to match COMPLETE_REQUEST + // and COMPLETE_REQUEST_RET logged for an IRP completion. + // + + PVOID Irp; + ULONG UniqMatchId; + +} PERFINFO_DRIVER_COMPLETE_REQUEST, *PPERFINFO_DRIVER_COMPLETE_REQUEST; +#include + +#include +typedef struct _PERFINFO_DRIVER_COMPLETE_REQUEST_RET +{ + // + // Irp field and UniqMatchId is used to match COMPLETE_REQUEST + // and COMPLETE_REQUEST_RET logged for an IRP completion. + // + PVOID Irp; + ULONG UniqMatchId; +} PERFINFO_DRIVER_COMPLETE_REQUEST_RET, *PPERFINFO_DRIVER_COMPLETE_REQUEST_RET; +#include + +#include +typedef struct _PERFINFO_DRIVER_COMPLETIONROUTINE +{ + PVOID Routine; + PVOID IrpPtr; + ULONG UniqMatchId; +} PERFINFO_DRIVER_COMPLETIONROUTINE, *PPERFINFO_DRIVER_COMPLETIONROUTINE; +#include + +// +// Power hooks +// +typedef struct _PERFINFO_BATTERY_LIFE_INFO +{ + ULONG RemainingCapacity; + ULONG Rate; +} PERFINFO_BATTERY_LIFE_INFO, *PPERFINFO_BATTERY_LIFE_INFO; + +typedef struct _PERFINFO_IDLE_STATE_CHANGE +{ + ULONG State; + ULONG Throttle; + ULONG Direction; +} PERFINFO_IDLE_STATE_CHANGE, *PPERFINFO_IDLE_STATE_CHANGE; + +// +// This structure is logged when PopSetPowerAction is called to start +// propagating a new power action (e.g. standby/hibernate/shutdown) +// +typedef struct _PERFINFO_SET_POWER_ACTION +{ + // + // This field is used to match SET_POWER_ACTION_RET entry. + // + PVOID Trigger; + ULONG PowerAction; + ULONG LightestState; +} PERFINFO_SET_POWER_ACTION, *PPERFINFO_SET_POWER_ACTION; + +// +// This structure is logged when PopSetPowerAction completes. +// +typedef struct _PERFINFO_SET_POWER_ACTION_RET +{ + PVOID Trigger; + NTSTATUS Status; +} PERFINFO_SET_POWER_ACTION_RET, *PPERFINFO_SET_POWER_ACTION_RET; + +// +// This structure is logged when PopSetDevicesSystemState is called to +// propagate a system state to all devices. +// +typedef struct _PERFINFO_SET_DEVICES_STATE +{ + ULONG SystemState; + BOOLEAN Waking; + BOOLEAN Shutdown; + UCHAR IrpMinor; +} PERFINFO_SET_DEVICES_STATE, *PPERFINFO_SET_DEVICES_STATE; + +// +// This structure is logged when PopSetDevicesSystemState is done. +// +typedef struct _PERFINFO_SET_DEVICES_STATE_RET +{ + NTSTATUS Status; +} PERFINFO_SET_DEVICES_STATE_RET, *PPERFINFO_SET_DEVICES_STATE_RET; + +// +// This structure is logged when PopNotifyDevice calls into a driver +// to set the power state of a device. +// +typedef struct _PERFINFO_PO_NOTIFY_DEVICE +{ + // + // This field is used to match notification and completion log + // entries for a device. + // + + PVOID Irp; + + // + // Base address of the driver that owns this device. + // + + PVOID DriverStart; + + // + // Device node properties. + // + + UCHAR OrderLevel; + + // + // Major and minor IRP codes for the request made to the driver. + // + + UCHAR MajorFunction; + UCHAR MinorFunction; + + // + // Type of power irp + // + POWER_STATE_TYPE Type; + POWER_STATE State; + + // + // Length of the device name in characters excluding terminating NUL, + // and the device name itself. Depending on how much fits into our + // stack buffer, this is the *last* part of the device name. + // + + ULONG DeviceNameLength; + WCHAR DeviceName[1]; + +} PERFINFO_PO_NOTIFY_DEVICE, *PPERFINFO_PO_NOTIFY_DEVICE; + +// +// This structure is logged when a PopNotifyDevice processing for a +// particular device completes. +// + +typedef struct _PERFINFO_PO_NOTIFY_DEVICE_COMPLETE +{ + // + // This field is used to match notification and completion log + // entries for a device. + // + + PVOID Irp; + + // + // Status with which the notify power IRP was completed. + // + + NTSTATUS Status; + +} PERFINFO_PO_NOTIFY_DEVICE_COMPLETE, *PPERFINFO_PO_NOTIFY_DEVICE_COMPLETE; + +// +// This structure is logged around every win32 state callout +// +typedef struct _PERFINFO_PO_SESSION_CALLOUT +{ + POWER_ACTION SystemAction; + SYSTEM_POWER_STATE MinSystemState; + ULONG Flags; + ULONG PowerStateTask; +} PERFINFO_PO_SESSION_CALLOUT, *PPERFINFO_PO_SESSION_CALLOUT; + +typedef struct _PERFINFO_PO_PRESLEEP +{ + LARGE_INTEGER PerformanceCounter; + LARGE_INTEGER PerformanceFrequency; +} PERFINFO_PO_PRESLEEP, *PPERFINFO_PO_PRESLEEP; + +typedef struct _PERFINFO_PO_POSTSLEEP +{ + LARGE_INTEGER PerformanceCounter; +} PERFINFO_PO_POSTSLEEP, *PPERFINFO_PO_POSTSLEEP; + +typedef struct _PERFINFO_PO_CALIBRATED_PERFCOUNTER +{ + LARGE_INTEGER PerformanceCounter; +} PERFINFO_PO_CALIBRATED_PERFCOUNTER, *PPERFINFO_PO_CALIBRATED_PERFCOUNTER; + +typedef struct _PERFINFO_BOOT_PHASE_START +{ + LONG Phase; +} PERFINFO_BOOT_PHASE_START, *PPERFINFO_BOOT_PHASE_START; + +typedef struct _PERFINFO_BOOT_PREFETCH_INFORMATION +{ + LONG Action; + NTSTATUS Status; + LONG Pages; +} PERFINFO_BOOT_PREFETCH_INFORMATION, *PPERFINFO_BOOT_PREFETCH_INFORMATION; + +typedef struct _PERFINFO_PO_SESSION_CALLOUT_RET +{ + NTSTATUS Status; +} PERFINFO_PO_SESSION_CALLOUT_RET, *PPERFINFO_PO_SESSION_CALLOUT_RET; + +typedef struct _PERFINFO_PPM_IDLE_STATE_CHANGE +{ + ULONG NewState; + ULONG OldState; + ULONG64 Processors; +} PERFINFO_PPM_IDLE_STATE_CHANGE, *PPERFINFO_PPM_IDLE_STATE_CHANGE; + +// +// Flags related to each processor idle entry. +// +// DUE_INTERRUPT: Idle duration hint is based on next expected h/w interrupt. +// When not set, it indicates the the idle duration hint was based on the next +// due s/w timer. +// +// IR_RETRY: The idle transition follows a failed previous attempt to pick the +// optimal idle state with an IR based hint. +// +// IR_ENABLED: Idle-resiliency was enabled during the idle transition. +// +// PLATFORM_ENTER: The idle entry was part of a platform idle transition. +// +// LOCK_PROCESSORS: The idle transition required locking at least one other +// processor. +// +// CONSTRAINT_PLATFORM: The idle entry was capable of a platform idle +// transition. +// +// CONSTRAINT_NI: The idle transition is capable of entering a non-interruptible +// idle state. +// +// OVERRIDE_ENABLED: The idle transition had force-idle override enabled. +// +// MEASURING_EXIT_LATENCY: Exit latency measurment is engaged during the idle +// transition. +// +// WAKE_REQUESTED: Idle transition was accompanied with a request to wake +// another processor. +// +// IPI_CLOCK_OWNER: Idle transition was on non clock owner and observed to be +// the last processor to be going idle. It send an IPI to clock owner to wake +// it up. +// +// PLATFORM_HINT_OVERRIDE: Idle duration hint is based on global platform idle +// hint. +// + +#define PERFINFO_PPM_IDLE_FLAG_DUE_INTERRUPT (1 << 0) +#define PERFINFO_PPM_IDLE_FLAG_IR_RETRY (1 << 1) +#define PERFINFO_PPM_IDLE_FLAG_IR_ENABLED (1 << 2) +#define PERFINFO_PPM_IDLE_FLAG_CLOCK_OWNER (1 << 3) +#define PERFINFO_PPM_IDLE_FLAG_PLATFORM_ENTER (1 << 4) +#define PERFINFO_PPM_IDLE_FLAG_LOCK_PROCESSORS (1 << 5) +#define PERFINFO_PPM_IDLE_FLAG_CONSTRAINT_NI (1 << 6) +#define PERFINFO_PPM_IDLE_FLAG_CONSTRAINT_PLATFORM (1 << 7) +#define PERFINFO_PPM_IDLE_FLAG_OVERRIDE_ENABLED (1 << 8) +#define PERFINFO_PPM_IDLE_FLAG_MEASURING_EXIT_LATENCY (1 << 9) +#define PERFINFO_PPM_IDLE_FLAG_WAKE_REQUESTED (1 << 10) +#define PERFINFO_PPM_IDLE_FLAG_IPI_CLOCK_OWNER (1 << 11) +#define PERFINFO_PPM_IDLE_FLAG_PLATFORM_HINT_OVERRIDE (1 << 12) +#define PERFINFO_PPM_IDLE_FLAG_DURATION_EXPIRATION (1 << 13) + +typedef struct _PERFINFO_PPM_IDLE_STATE_ENTER +{ + ULONG State; + union + { + struct + { + USHORT Properties; + UCHAR ExpectedWakeReason; + UCHAR Reserved; + }; + ULONG Flags; + }; + + ULONG64 ExpectedDuration; +} PERFINFO_PPM_IDLE_STATE_ENTER, *PPERFINFO_PPM_IDLE_STATE_ENTER; + +typedef struct _PERFINFO_PPM_IDLE_STATE_EXIT +{ + ULONG State; + ULONG Status; +} PERFINFO_PPM_IDLE_STATE_EXIT, *PPERFINFO_PPM_IDLE_STATE_EXIT; + +typedef struct _PERFINFO_PPM_STATE_SELECTION +{ + ULONG SelectedState; + ULONG VetoedStates; + _Field_size_(VetoedStates) ULONG VetoReason[ANYSIZE_ARRAY]; +} PERFINFO_PPM_STATE_SELECTION, *PPERFINFO_PPM_STATE_SELECTION; + +#define PERFINFO_PPM_IDLE_VETO_PREREGISTERED_VETO (0x80000000) +#define PERFINFO_PPM_IDLE_VETO_WRONG_INITIATOR (0x80000001) +#define PERFINFO_PPM_IDLE_VETO_SYSTEM_LATENCY (0x80000002) +#define PERFINFO_PPM_IDLE_VETO_IDLE_DURATION (0x80000003) +#define PERFINFO_PPM_IDLE_VETO_DEVICE_DEPENDENCY (0x80000004) +#define PERFINFO_PPM_IDLE_VETO_PROCESSOR_DEPENDENCY (0x80000005) +#define PERFINFO_PPM_IDLE_VETO_PLATFORM_ONLY (0x80000006) +#define PERFINFO_PPM_IDLE_VETO_INTERRUPTIBLE (0x80000007) +#define PERFINFO_PPM_IDLE_VETO_LEGACY_OVEERIDE (0x80000008) +#define PERFINFO_PPM_IDLE_VETO_C_STATE_CHECK (0x80000009) +#define PERFINFO_PPM_IDLE_VETO_NO_C_STATE (0x8000000a) +#define PERFINFO_PPM_IDLE_VETO_COORDINATED_DEPENDENCY (0x8000000b) +#define PERFINFO_PPM_IDLE_VETO_DISABLED_IN_MENU (0xfffffffe) +#define PERFINFO_PPM_IDLE_VETO_ACTIVE_PROCESSOR (0xffffffff) + +#define PERFINFO_PPM_IDLE_NON_INTERRUPTIBLE (1 << 0) +#define PERFINFO_PPM_IDLE_ALL_PROC_LOCKED (1 << 1) +#define PERFINFO_PPM_IDLE_EXIT_SAMPLE_INVALID (1 << 2) + +typedef struct _PERFINFO_PPM_IDLE_EXIT_LATENCY +{ + ULONG Flags; + ULONG PlatformState; + ULONG ProcessorState; + ULONG ReturnLatency; + ULONG TotalLatency; +} PERFINFO_PPM_IDLE_EXIT_LATENCY, *PPERFINFO_PPM_IDLE_EXIT_LATENCY; + +#define PERFINFO_PPM_FREQUENCY_VOLTAGE_STATE 1 +#define PERFINFO_PPM_STOPCLOCK_THROTTLE_STATE 2 + +typedef struct _PERFINFO_PPM_PERF_STATE_CHANGE +{ + ULONG Type; + ULONG NewState; + ULONG OldState; + NTSTATUS Result; + ULONG64 Processors; +} PERFINFO_PPM_PERF_STATE_CHANGE, *PPERFINFO_PPM_PERF_STATE_CHANGE; + +typedef struct _PERFINFO_PPM_THERMAL_CONSTRAINT{ + ULONG Constraint; + ULONG64 Processors; +} PERFINFO_PPM_THERMAL_CONSTRAINT, *PPERFINFO_PPM_THERMAL_CONSTRAINT; + +// +// File Name realted hooks +// + +typedef struct _PERFINFO_FILEOBJECT_INFORMATION +{ + PVOID FileObject; +} PERFINFO_FILEOBJECT_INFORMATION, *PPERFINFO_FILEOBJECT_INFORMATION; + +typedef struct _PERFINFO_FILENAME_SAME_INFORMATION +{ + PVOID OldFile; + PVOID NewFile; +} PERFINFO_FILENAME_SAME_INFORMATION, *PPERFINFO_FILENAME_SAME_INFORMATION; + +typedef struct _PERFINFO_PFMAPPED_SECTION_INFORMATION +{ + PVOID RangeBase; + PVOID RangeEnd; + ULONG CreatingProcessId; +} PERFINFO_PFMAPPED_SECTION_INFORMATION, *PPERFINFO_PFMAPPED_SECTION_INFORMATION; + +typedef struct _PERFINFO_PFMAPPED_SECTION_OBJECT_INFORMATION +{ + PVOID SectionObject; + PVOID RangeBase; +} PERFINFO_PFMAPPED_SECTION_OBJECT_INFORMATION, *PPERFINFO_PFMAPPED_SECTION_OBJECT_INFORMATION; + +// +// Sample profile +// +typedef struct _PERFINFO_SAMPLED_PROFILE_INFORMATION +{ + PVOID InstructionPointer; + ULONG ThreadId; + USHORT Count; + union { + struct { + UCHAR ExecutingDpc : 1; + UCHAR ExecutingIsr : 1; + UCHAR Reserved : 1; + UCHAR Priority : 5; + } DUMMYSTRUCTNAME; + UCHAR Flags; + } DUMMYUNIONNAME; + UCHAR Rank; +} PERFINFO_SAMPLED_PROFILE_INFORMATION, *PPERFINFO_SAMPLED_PROFILE_INFORMATION; + +#define PERFINFO_SAMPLED_PROFILE_CACHE_MAX 20 +typedef struct _PERFINFO_SAMPLED_PROFILE_CACHE +{ + ULONG Entries; + PERFINFO_SAMPLED_PROFILE_INFORMATION Sample[PERFINFO_SAMPLED_PROFILE_CACHE_MAX]; +} PERFINFO_SAMPLED_PROFILE_CACHE, *PPERFINFO_SAMPLED_PROFILE_CACHE; + +typedef struct _PERFINFO_SAMPLED_PROFILE_CONFIG +{ + ULONG Source; + ULONG NewInterval; + ULONG OldInterval; +} PERFINFO_SAMPLED_PROFILE_CONFIG, *PPERFINFO_SAMPLED_PROFILE_CONFIG; + +typedef struct _PERFINFO_PMC_SAMPLE_INFORMATION +{ + PVOID InstructionPointer; + ULONG ThreadId; + USHORT ProfileSource; + USHORT Reserved; +} PERFINFO_PMC_SAMPLE_INFORMATION, *PPERFINFO_PMC_SAMPLE_INFORMATION; + +typedef struct _PERFINFO_DPC_INFORMATION +{ + ULONGLONG InitialTime; + PVOID DpcRoutine; +} PERFINFO_DPC_INFORMATION, *PPERFINFO_DPC_INFORMATION; + +typedef struct _PERFINFO_DPC_ENQUEUE_INFORMATION +{ + ULONG_PTR Key; + LONG DpcQueueDepth; + ULONG DpcCount; + ULONG TargetProcessorIndex; + UCHAR Importance; + UCHAR Reserved[3]; +} PERFINFO_DPC_ENQUEUE_INFORMATION, *PPERFINFO_DPC_ENQUEUE_INFORMATION; + +typedef struct _PERFINFO_DPC_EXECUTION_INFORMATION +{ + PVOID DpcRoutine; + ULONG_PTR Key; +} PERFINFO_DPC_EXECUTION_INFORMATION, *PPERFINFO_DPC_EXECUTION_INFORMATION; + +typedef struct _PERFINFO_YIELD_PROCESSOR_INFORMATION +{ + ULONG YieldReason; + ULONG DpcWatchdogCount; + ULONG DpcTimeCount; +} PERFINFO_YIELD_PROCESSOR_INFORMATION, *PPERFINFO_YIELD_PROCESSOR_INFORMATION; + +#include +typedef struct _PERFINFO_INTERRUPT_INFORMATION +{ + ULONGLONG InitialTime; + PVOID ServiceRoutine; + UCHAR ReturnValue; + USHORT Vector; + UCHAR Reserved; +} PERFINFO_INTERRUPT_INFORMATION, *PPERFINFO_INTERRUPT_INFORMATION; +#include + +#define PERFINFO_CLOCK_INTERRUPT_CLOCK_OWNER 0x0001 +#define PERFINFO_CLOCK_INTERRUPT_TIMER_PENDING 0x0008 + +typedef struct _PERFINFO_CLOCK_INTERRUPT_INFORMATION +{ + ULONG64 InterruptTime; + SHORT Flags; +} PERFINFO_CLOCK_INTERRUPT_INFORMATION, *PPERFINFO_CLOCK_INTERRUPT_INFORMATION; + +#define PERFINFO_IPI_APC_REQUEST 0x1 +#define PERFINFO_IPI_DPC_REQUEST 0x2 + +// +// Spinlock +// +#include +typedef struct _PERFINFO_SPINLOCK_CONFIG +{ + ULONG SpinLockSpinThreshold; + ULONG SpinLockContentionSampleRate; + ULONG SpinLockAcquireSampleRate; + ULONG SpinLockHoldThreshold; +} PERFINFO_SPINLOCK_CONFIG, *PPERFINFO_SPINLOCK_CONFIG; +#include + +// +// Stores Executive Resource sampling parameters. +// +// Note: NumberOfExcessiveTimeouts uses counting units of 4 (four) seconds. +// It inherits the granularity of ExResourceTimeoutCount used in +// ...\ntos\ex\resource.c. +// The later, takes a reg-key settable timeout with a default value of +// 30 days used to trigger a debug spew for excessive waits on the checked +// builds: 648000 * 4 seconds = 2592000 seconds = 30 days. +// +// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ +// ResourceTimeoutCount (REG_DWORD), Default: 0x9E340 (648000) +// +typedef struct _PERFINFO_EXECUTIVE_RESOURCE_CONFIG +{ + ULONG ReleaseSamplingRate; + ULONG ContentionSamplingRate; + ULONG NumberOfExcessiveTimeouts; +} PERFINFO_EXECUTIVE_RESOURCE_CONFIG, *PPERFINFO_EXECUTIVE_RESOURCE_CONFIG; + +// +// MM related hooks +// + +#define NTWMI_BITSIZE(type) (sizeof(type) * 8) + +typedef struct _PERFINFO_SESSIONCREATE_INFORMATION +{ + ULONG_PTR UniqueSessionId; + ULONG SessionId; +} PERFINFO_SESSIONCREATE_INFORMATION, *PPERFINFO_SESSIONCREATE_INFORMATION; + +typedef struct _PERFINFO_PAGE_RANGE_IDENTITY +{ + struct + { + ULONGLONG UseDescription : 4; // MMPFNUSE_* + ULONGLONG UniqueKey : 48; // Used for SessionVAs/AWE/LargePages. + ULONGLONG Reserved : 12; + }; + union + { + PVOID ProtoPteAddress; // Used for large page PFMapped sections. + ULONG_PTR PageFrameIndex; // Used for DriverLocked/UserPhysical Mdls. + PVOID VirtualAddress; // Used otherwise. + }; + ULONG_PTR PageCount; // Number of pages. +} PERFINFO_PAGE_RANGE_IDENTITY, *PPERFINFO_PAGE_RANGE_IDENTITY; + +#define PERFINFO_MM_KERNELMEMORY_USAGE_TYPE_BITS 5 + +typedef enum _PERFINFO_KERNELMEMORY_USAGE_TYPE +{ + PerfInfoMemUsagePfnMetadata, + PerfInfoMemUsageMax +} PERFINFO_KERNELMEMORY_USAGE_TYPE, *PPERFINFO_KERNELMEMORY_USAGE_TYPE; + +C_ASSERT(PerfInfoMemUsageMax <= (1 << PERFINFO_MM_KERNELMEMORY_USAGE_TYPE_BITS)); + +typedef struct _PERFINFO_KERNELMEMORY_RANGE_USAGE +{ + ULONG UsageType : PERFINFO_MM_KERNELMEMORY_USAGE_TYPE_BITS; + ULONG Spare: (NTWMI_BITSIZE (ULONG) - PERFINFO_MM_KERNELMEMORY_USAGE_TYPE_BITS); + PVOID VirtualAddress; // Starting VA (where meaningful). + ULONG_PTR PageCount; // Number of pages. +} PERFINFO_KERNELMEMORY_RANGE_USAGE, *PPERFINFO_KERNELMEMORY_RANGE_USAGE; + +#define PERFINFO_MM_STAT_TYPE_BITS 6 + +typedef enum _PERFINFO_MM_STAT +{ + PerfInfoMMStatNotUsed, + PerfInfoMMStatAggregatePageCombine, + PerfInfoMMStatIterationPageCombine, + PerfInfoMMStatMax +} PERFINFO_MM_STAT, *PPERFINFO_MM_STAT; + +C_ASSERT(PerfInfoMMStatMax <= (1 << PERFINFO_MM_STAT_TYPE_BITS)); + +// +// This is logged as part of the end rundown. +// PerfTrack traces can be mined for this low-overhead information logged with +// MemInfo classic. +// + +typedef struct _PERFINFO_PAGECOMBINE_AGGREGATE_STAT +{ + ULONG StatType : PERFINFO_MM_STAT_TYPE_BITS; // Value one of PERFINFO_MM_STATS + ULONG Spare: (NTWMI_BITSIZE (ULONG) - PERFINFO_MM_STAT_TYPE_BITS); + + // + // The following provide average stats for a scan. + // + + ULONG CombineScanCount; + ULONGLONG PagesScanned; + ULONGLONG PagesCombined; + + // + // These help compute the memory saved. + // + + LONG CombinedBlocksInUse; // Count of CombinedPTEs in use. + LONG SumCombinedBlocksReferenceCount; // Sum of the referencecounts of combined PTEs. +} PERFINFO_PAGECOMBINE_AGGREGATE_STAT, *PPERFINFO_PAGECOMBINE_AGGREGATE_STAT; + +// +// This is logged subsequent to each combine scan. Logged with MemInfo classic. +// + +typedef struct _PERFINFO_PAGECOMBINE_ITERATION_STAT +{ + ULONG StatType : PERFINFO_MM_STAT_TYPE_BITS; // Value of type PERFINFO_MM_STATS + ULONG Spare : (NTWMI_BITSIZE (ULONG) - PERFINFO_MM_STAT_TYPE_BITS); + + ULONG PagesScanned; + ULONG PagesCombined; +} PERFINFO_PAGECOMBINE_ITERATION_STAT, *PPERFINFO_PAGECOMBINE_ITERATION_STAT; + +// +// NOTE: Hard Fault event starts with InitialTime (LARGE_INTEGER) +// not shown in the structure. +// + +typedef struct _PERFINFO_HARDPAGEFAULT_INFORMATION +{ + LARGE_INTEGER ReadOffset; + PVOID VirtualAddress; + PVOID FileObject; + ULONG ThreadId; + ULONG ByteCount; +} PERFINFO_HARDPAGEFAULT_INFORMATION, *PPERFINFO_HARDPAGEFAULT_INFORMATION; + +// +// The first four fields of this data structure mirror PROCESS_VIRTUAL_ALLOC_INFO. +// + +typedef struct _PERFINFO_VIRTUAL_ALLOC +{ + PVOID CapturedBase; + SIZE_T CapturedRegionSize; + ULONG ProcessId; + ULONG Flags; +} PERFINFO_VIRTUAL_ALLOC, *PPERFINFO_VIRTUAL_ALLOC; + +typedef struct _PERFINFO_VAD_ROTATE_INFO +{ + PVOID BaseAddress; + SIZE_T SizeInBytes; + union + { + struct + { + ULONG Direction : 4; + ULONG Spare : (NTWMI_BITSIZE (ULONG) - 4); + }; + ULONG Flags; + }; +} PERFINFO_VAD_ROTATE_INFO, *PPERFINFO_VAD_ROTATE_INFO; + +typedef enum _PERFINFO_MEM_RESET_INFO_TYPE +{ + PerfInfoMemReset, + PerfInfoMemResetUndo, + PerfInfoMemResetUndoFailed, + PerfInfoMemResetMax +} PERFINFO_MEM_RESET_INFO_TYPE, *PPERFINFO_MEM_RESET_INFO_TYPE; + +typedef struct _PERFINFO_MEM_RESET_INFO +{ + PVOID BaseAddress; + SIZE_T SizeInBytes; + union + { + struct + { + ULONG TypeInfo : 2; + ULONG Spare : (NTWMI_BITSIZE (ULONG) - 2); + }; + ULONG Flags; + }; +} PERFINFO_MEM_RESET_INFO, *PPERFINFO_MEM_RESET_INFO; + +// +// Cache manager +// + +#define PERFINFO_CC_WORKQUEUE_FAST_TEARDOWN 0x000000001 +#define PERFINFO_CC_WORKQUEUE_EXPRESS 0x000000002 +#define PERFINFO_CC_WORKQUEUE_REGULAR 0x000000003 +#define PERFINFO_CC_WORKQUEUE_POST_TICK 0x000000004 +#define PERFINFO_CC_WORKQUEUE_ASYNC_READ 0x000000005 +#define PERFINFO_CC_WORKQUEUE_COMP_ASYNC_READ 0x000000006 + +typedef struct _PERFINFO_CC_WORKITEM_ENQUEUE +{ + ULONG_PTR WorkItemKey; + ULONG_PTR FileObjectKey; + UCHAR QueueType; + UCHAR WorkItemType; + BOOLEAN Requeue; + UCHAR Reserved; +} PERFINFO_CC_WORKITEM_ENQUEUE, *PPERFINFO_CC_WORKITEM_ENQUEUE; + +typedef struct _PERFINFO_CC_WORKITEM_DEQUEUE +{ + ULONG_PTR WorkItemKey; +} PERFINFO_CC_WORKITEM_DEQUEUE, *PPERFINFO_CC_WORKITEM_DEQUEUE; + +typedef struct _PERFINFO_CC_WORKITEM_COMPLETE +{ + ULONG_PTR WorkItemKey; +} PERFINFO_CC_WORKITEM_COMPLETE, *PPERFINFO_CC_WORKITEM_COMPLETE; + +#define PERFINFO_CC_WORKITEM_TYPE_READAHEAD 0x000000001 +#define PERFINFO_CC_WORKITEM_TYPE_WRITEBEHIND 0x000000002 +#define PERFINFO_CC_WORKITEM_TYPE_LAZYWRITESCAN 0x000000003 +#define PERFINFO_CC_WORKITEM_TYPE_EVENT_SET 0x000000004 + +typedef struct _PERFINFO_CC_READ_AHEAD +{ + ULONG_PTR WorkItemKey; + ULONGLONG FileOffset; + ULONG Size; + ULONG PagePriority; + ULONG DetectedPattern; + ULONG Reserved; +} PERFINFO_CC_READ_AHEAD_COMPLETE, *PPERFINFO_CC_READ_AHEAD_COMPLETE; + +typedef struct _PERFINFO_CC_SCHEDULE_READ_AHEAD +{ + ULONG_PTR WorkItemKey; + ULONG_PTR FileObjectKey; + ULONGLONG FileOffset; //app read offset + ULONG Length; //app read length + + ULONG ReadAheadUnit; + ULONG ReadAheadLength; + ULONGLONG ReadAheadOffset; + ULONGLONG ReadAheadBeyondLastByte; //high water mark + UCHAR ReadPattern; + ULONG SequentialReadCount; + ULONG SharedCacheMapFlags; + ULONG ReadAheadSettingsChanged : 1; + ULONG ReadAheadActive : 1; +} PERFINFO_CC_SCHEDULE_READ_AHEAD, *PPERFINFO_CC_SCHEDULE_READ_AHEAD; + +typedef struct _PERFINFO_CC_LAZY_WRITE_SCAN +{ + ULONG_PTR WorkItemKey; + ULONG ReasonForFlush; + ULONG PagesToWrite; + SIZE_T TotalDirtyPages; + SIZE_T AvailablePages; + SIZE_T DirtyPageThreshold; + SIZE_T NumberOfMappedVacbs; + SIZE_T TopDirtyPageThreshold; + SIZE_T BottomDirtyPageThreshold; + SIZE_T AverageAvailablePages; + SIZE_T AverageDirtyPages; + SIZE_T ConsecutiveWorklessLazywriteScans; +} PERFINFO_CC_LAZY_WRITE_SCAN, *PPERFINFO_CC_LAZY_WRITE_SCAN; + +typedef struct _PERFINFO_CC_CAN_WRITE_FAIL +{ + ULONG_PTR FileObjectKey; + SIZE_T TotalDirtyPages; + SIZE_T DirtyPageThreshold; + ULONG BytesToWrite; +} PERFINFO_CC_CAN_WRITE_FAIL, *PPERFINFO_CC_CAN_WRITE_FAIL; + +typedef struct _PERFINFO_CC_FLUSH_SECTION +{ + ULONG_PTR WorkItemKey; + ULONG_PTR FileObjectKey; + ULONGLONG Offset; + ULONG Length; + ULONG MmFlushFlags; +} PERFINFO_CC_FLUSH_SECTION, *PPERFINFO_CC_FLUSH_SECTION; + +#define PERFINFO_CC_FLUSH_DATA_IS_LAZY_WRITER 0x000000001 +#define PERFINFO_CC_FLUSH_DATA_FAST_LAZY_WRITE 0x000000002 +#define PERFINFO_CC_FLUSH_DATA_FORCE_FULL_FLUSH 0x000000004 + +// +// Reason for lazy write scan +// Note: These SHOULD be the same values as Cc's corresponding +// reason codes in minkernel/ntos/inc/cache.h file. +// + +#define PERFINFO_CC_NOTIFY_LOW_MEMORY 0x000000001 +#define PERFINFO_CC_NOTIFY_POWER 0x000000002 +#define PERFINFO_CC_NOTIFY_PERIODIC_SCAN 0x000000004 +#define PERFINFO_CC_NOTIFY_WAITING_TEARDOWN 0x000000008 +#define PERFINFO_CC_NOTIFY_FLUSH_DURING_COALESCING 0x000000010 + +typedef struct _PERFINFO_CC_FLUSH_CACHE +{ + ULONG_PTR WorkItemKey; + ULONG_PTR FileObjectKey; + ULONGLONG Offset; + ULONG Length; + ULONG SharedCacheMapFlags; + ULONG Flags; + ULONG Reserved; +} PERFINFO_CC_FLUSH_CACHE, *PPERFINFO_CC_FLUSH_CACHE; + +typedef struct _PERFINFO_CC_LOGGED_STREAM_INFO +{ + ULONG_PTR FileObjectKey; + ULONG ReasonForFlush; + ULONG PagesToWrite; + SIZE_T DirtyLoggedPages; + SIZE_T DirtyLoggedPageThreshold; + LARGE_INTEGER LargestLsnForLWS; +} PERFINFO_CC_LOGGED_STREAM_INFO, *PPERFINFO_CC_LOGGED_STREAM_INFO; + +// +// Thread Action being logged +// + +#define PERFINFO_CC_EXTRA_WB_THREAD_ADD 0x000000001 +#define PERFINFO_CC_EXTRA_WB_THREAD_REMOVE 0x000000002 + +typedef struct _PERFINFO_CC_EXTRA_WB_THREAD_INFO +{ + ULONG ThreadAction; + ULONG ActiveExtraWBThreads; + SIZE_T TotalDirtyPages; + SIZE_T DirtyPageThreshold; + SIZE_T AvailablePages; +} PERFINFO_CC_EXTRA_WB_THREAD_INFO,*PPERFINFO_CC_EXTRA_WB_THREAD_INFO; + +// +// Image backed by pagefile event. +// + +typedef struct _PERFINFO_IMAGELOAD_IN_PAGEFILE_INFO +{ + PVOID FileObject; + ULONG DeviceCharacteristics; + USHORT FileCharacteristics; + union { + USHORT Flags; + struct { + USHORT ActiveDataReference : 1; + USHORT DeviceEjectable : 1; + USHORT WritableHandles : 1; + } DUMMYSTRUCTNAME; + } Flags; +} PERFINFO_IMAGELOAD_IN_PAGEFILE_INFO, *PPERFINFO_IMAGELOAD_IN_PAGEFILE_INFO; + +// +// System call events +// +typedef struct _PERFINFO_SYSCALL_ENTER_DATA +{ + PVOID SysCallAddr; +} PERFINFO_SYSCALL_ENTER_DATA, *PPERFINFO_SYSCALL_ENTER_DATA; + +typedef struct _PERFINFO_SYSCALL_EXIT_DATA +{ + NTSTATUS ReturnValue; +} PERFINFO_SYSCALL_EXIT_DATA, *PPERFINFO_SYSCALL_EXIT_DATA; + +// +// SetMark +// +typedef struct _PERFINFO_MARK_INFORMATION +{ + char Name[1]; +} PERFINFO_MARK_INFORMATION, *PPERFINFO_MARK_INFORMATION; + +// +// File system operations. +// +// Since these are also logged using event descriptors, it is important to +// watch padding in the structure due to alignment or specify the appropriate +// pack pragma. +// + +typedef struct _PERFINFO_FILE_CREATE +{ + ULONG_PTR Irp; + ULONG_PTR FileObject; + ULONG IssuingThreadId; + ULONG Options; + ULONG Attributes; + ULONG ShareAccess; + WCHAR OpenPath[1]; +} PERFINFO_FILE_CREATE, *PPERFINFO_FILE_CREATE; + +typedef struct _PERFINFO_FILE_INFORMATION +{ + ULONG_PTR Irp; + ULONG_PTR FileObject; + ULONG_PTR FileKey; + ULONG_PTR ExtraInformation; + ULONG IssuingThreadId; + ULONG InfoClass; +} PERFINFO_FILE_INFORMATION, *PPERFINFO_FILE_INFORMATION; + +typedef struct _PERFINFO_FILE_DIRENUM +{ + ULONG_PTR Irp; + ULONG_PTR FileObject; + ULONG_PTR FileKey; + ULONG IssuingThreadId; + ULONG Length; + ULONG InfoClass; + ULONG FileIndex; + WCHAR FileName[1]; +} PERFINFO_FILE_DIRENUM, *PPERFINFO_FILE_DIRENUM; + +typedef struct _PERFINFO_FILE_PATH_OPERATION +{ + ULONG_PTR Irp; + ULONG_PTR FileObject; + ULONG_PTR FileKey; + ULONG_PTR ExtraInformation; + ULONG IssuingThreadId; + ULONG InfoClass; + WCHAR Path[1]; +} PERFINFO_FILE_PATH_OPERATION, *PPERFINFO_FILE_PATH_OPERATION; + +#include + +#define PERFINFO_FILE_READ_WRITE_FLAG_MDL 0x1 + +typedef struct _PERFINFO_FILE_READ_WRITE +{ + ULONGLONG Offset; + ULONG_PTR Irp; + ULONG_PTR FileObject; + ULONG_PTR FileKey; + ULONG IssuingThreadId; + ULONG Size; + ULONG Flags; + ULONG ExtraFlags; +} PERFINFO_FILE_READ_WRITE, *PPERFINFO_FILE_READ_WRITE; + +typedef struct _PERFINFO_FILE_SIMPLE_OPERATION +{ + ULONG_PTR Irp; + ULONG_PTR FileObject; + ULONG_PTR FileKey; + ULONG IssuingThreadId; +} PERFINFO_FILE_SIMPLE_OPERATION, *PPERFINFO_FILE_SIMPLE_OPERATION; + +typedef struct _PERFINFO_FILE_OPERATION_END +{ + ULONG_PTR Irp; + ULONG_PTR ExtraInformation; + NTSTATUS Status; +} PERFINFO_FILE_OPERATION_END, *PPERFINFO_FILE_OPERATION_END; + +typedef struct _PERFINFO_FLT_OPERATION +{ + PVOID RoutineAddr; + PVOID FileObject; + PVOID FsContext; + PVOID IrpPtr; + PVOID CbdPtr; + LONG MajorFunction; +} PERFINFO_FLT_OPERATION, *PPERFINFO_FLT_OPERATION; + +typedef struct _PERFINFO_FLT_OPERATION_STATUS +{ + PVOID RoutineAddr; + PVOID FileObject; + PVOID FsContext; + PVOID IrpPtr; + PVOID CbdPtr; + LONG MajorFunction; + NTSTATUS Status; +} PERFINFO_FLT_OPERATION_STATUS, *PPERFINFO_FLT_OPERATION_STATUS; + +#include +// +// MemInfo event. This structure should parallel SYSTEM_MEMORY_LIST_INFORMATION. +// + +#define PERFINFO_PAGE_PRIORITY_LEVELS 8 + +typedef struct _PERFINFO_MEMORY_INFORMATION +{ + ULONG_PTR ZeroPageCount; + ULONG_PTR FreePageCount; + ULONG_PTR ModifiedPageCount; + ULONG_PTR ModifiedNoWritePageCount; + ULONG_PTR BadPageCount; + ULONG_PTR PageCountByPriority[PERFINFO_PAGE_PRIORITY_LEVELS]; + ULONG_PTR RepurposedPagesByPriority[PERFINFO_PAGE_PRIORITY_LEVELS]; + ULONG_PTR ModifiedPageCountPageFile; +} PERFINFO_MEMORY_INFORMATION, *PPERFINFO_MEMORY_INFORMATION; + +typedef struct _PERFINFO_SYSTEM_MEMORY_INFORMATION +{ + ULONG_PTR PagedPoolCommitPageCount; + ULONG_PTR NonPagedPoolPageCount; + ULONG_PTR MdlPageCount; + ULONG_PTR CommitPageCount; +} PERFINFO_SYSTEM_MEMORY_INFORMATION, *PPERFINFO_SYSTEM_MEMORY_INFORMATION; + +// +// Used for MemInfoWS/MemInfoSessionWs event. +// + +#include +typedef struct _PERFINFO_WORKINGSET_ENTRY +{ + union + { + ULONG UniqueProcessId; + ULONG SessionId; + }; + ULONG_PTR WorkingSetPageCount; + ULONG_PTR CommitPageCount; + union + { + ULONG_PTR PagedPoolPageCount; // Used for SessionWs. + ULONG_PTR VirtualSizeInPages; // Used for ProcessWs. + }; + ULONG_PTR PrivateWorkingSetPageCount; + ULONG_PTR StoreSizeInPages; + ULONG_PTR StoredPageCount; + ULONG_PTR CommitDebtInPages; + ULONG_PTR SharedCommitInPages; +} PERFINFO_WORKINGSET_ENTRY, *PPERFINFO_WORKINGSET_ENTRY; + +typedef struct _PERFINFO_WORKINGSET_INFORMATION +{ + ULONG Count; + PERFINFO_WORKINGSET_ENTRY WsEntry[1]; +} PERFINFO_WORKINGSET_INFORMATION, *PPERFINFO_WORKINGSET_INFORMATION; +#include + +// +// Contiguous page generation event. +// +typedef struct _PERFINFO_CONTIGUOUS_PAGE_GENERATE +{ + ULONGLONG ThreadId; + ULONGLONG NumberOfBytes; +} PERFINFO_CONTIGUOUS_PAGE_GENERATE, PERFINFO_CONTIGUOUS_PAGE_GENERATE; + +// +// Debugger (debug event) events +// +typedef enum _PERFINFO_DEBUG_EVENT_REASON +{ + PerfInfoDebugEventReceived = 1, + PerfInfoDebugEventContinued, + PerfInfoDebugEventMax +} PERFINFO_DEBUG_EVENT_REASON, *PPERFINFO_DEBUG_EVENT_REASON; + +typedef struct _PERFINFO_DEBUG_EVENT +{ + ULONG ProcessId; + ULONG ThreadId; + PERFINFO_DEBUG_EVENT_REASON Reason; +} PERFINFO_DEBUG_EVENT, *PPERFINFO_DEBUG_EVENT; + +// +// Compressed Context Swap events +// + +/* + + 1) packets of 2- 4- and 8-byte are used to store context switch event + according to the content of the event. (cf. ccswap.c) + 2) a local cache of thread ids and the base priorities are stored in each + buffer so that a short index can be used to log the thread id of the + switching-out thread. + +*/ + +// +// Number of bits allocated for the necessary fields: +// +#define PERFINFO_CCSWAP_BIT_TYPE 2 // packet type +#define PERFINFO_CCSWAP_BIT_TID 4 // size of the tid table +#define PERFINFO_CCSWAP_BIT_STATE_WR 6 // store state+wait reason +#define PERFINFO_CCSWAP_BIT_PRIORITY 5 // full priority in 'full' packet +#define PERFINFO_CCSWAP_BIT_PRI_INC 3 // priority increment in 'lite' packet + +// +// The following are the number of bits left after allocating bits for +// the necessary fields. These bits are used to store time deltas. If the +// value of a time delta is too big for a short format, the longer format +// is used. +// + +#define PERFINFO_CCSWAP_BIT_FULL_TS 30 +C_ASSERT (PERFINFO_CCSWAP_BIT_FULL_TS == (32 - PERFINFO_CCSWAP_BIT_TYPE)); + +#define PERFINFO_CCSWAP_BIT_SHORT_TS 14 +C_ASSERT(PERFINFO_CCSWAP_BIT_SHORT_TS == (16 - PERFINFO_CCSWAP_BIT_TYPE)); + +#define PERFINFO_CCSWAP_BIT_SMALL_TS 17 +C_ASSERT (PERFINFO_CCSWAP_BIT_SMALL_TS == + (32 - PERFINFO_CCSWAP_BIT_TYPE - PERFINFO_CCSWAP_BIT_TID - PERFINFO_CCSWAP_BIT_PRI_INC - PERFINFO_CCSWAP_BIT_STATE_WR)); + +#define PERFINFO_CCSWAP_BIT_WAIT_TIME 17 +C_ASSERT (PERFINFO_CCSWAP_BIT_WAIT_TIME == + (32 - PERFINFO_CCSWAP_BIT_TID - PERFINFO_CCSWAP_BIT_STATE_WR - PERFINFO_CCSWAP_BIT_PRIORITY)); + +// +// size of the tid table: +// +#define PERFINFO_CCSWAP_MAX_TID (1<UserModeGlobalLogger[Index]))->LoggerId) +#define UMGL_LOGGER_FLAGS(Index) (((PETW_UMGL_KEY)(&USER_SHARED_DATA->UserModeGlobalLogger[Index]))->Flags) +#define IS_UMGL_LOGGING_ENABLED(Index) (UMGL_LOGGER_ID(Index) != 0) +#define IS_UMGL_FLAG_ENABLED(Index, Flag) ((UMGL_LOGGER_FLAGS(Index) & Flag) != 0) + +#define IS_HEAP_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_HEAP) && (NtCurrentPeb()->HeapTracingEnabled != FALSE)) +#define IS_HEAP_RANGE_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_HEAPRANGE)) +#define HEAP_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_HEAP)) + +#define IS_CRITSEC_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_CRITSEC) && (NtCurrentPeb()->CritSecTracingEnabled != FALSE)) +#define CRITSEC_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_CRITSEC)) +#define IS_LOADER_LOGGING_ENABLED_FLAG(Flag) (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_LDR) && ((UMGL_LOGGER_FLAGS(ETW_UMGL_INDEX_LDR) & Flag) != 0) ) +#define IS_PER_PROCESS_LOADER_LOGGING_ENABLED_FLAG(Flag) (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_LDR) && (NtCurrentPeb()->LibLoaderTracingEnabled != FALSE) && ((UMGL_LOGGER_FLAGS(ETW_UMGL_INDEX_LDR) & Flag) != 0) ) +#define IS_GLOBAL_LOADER_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_LDR)) +#define LOADER_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_LDR)) +#define HEAPRANGE_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_HEAPRANGE)) +#define IS_THREAD_POOL_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_THREAD_POOL)) +#define THREAD_POOL_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_THREAD_POOL)) +#define IS_UMS_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_UMS)) +#define UMS_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_UMS)) +#define HEAPSUMMARY_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_HEAPSUMMARY)) +#define IS_HEAPSUMMARY_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_HEAPSUMMARY)) +#define WNF_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_WNF)) +#define IS_WNF_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_WNF)) +#define UMGL_THREAD_LOGGER_ID (UMGL_LOGGER_ID(ETW_UMGL_INDEX_THREAD)) +#define IS_UMGL_THREAD_LOGGING_ENABLED() (IS_UMGL_LOGGING_ENABLED(ETW_UMGL_INDEX_THREAD)) + +// +// Flags used by user mode loader logging to UMGL. +// +#define ETW_UMGL_LDR_MUI_VERBOSE_FLAG 0x0001 +#define ETW_UMGL_LDR_MUI_TEST_FLAG 0x0002 +#define ETW_UMGL_LDR_RELOCATION_FLAG 0x0004 +#define ETW_UMGL_LDR_NEW_DLL_FLAG 0x0010 +#define ETW_UMGL_LDR_TEST_FLAG 0x0020 +#define ETW_UMGL_LDR_SECURITY_FLAG 0x0040 + +// +// Constants for heap log +// +#define MEMORY_FROM_LOOKASIDE 1 //Activity from LookAside +#define MEMORY_FROM_LOWFRAG 2 //Activity from Low Frag Heap +#define MEMORY_FROM_MAINPATH 3 //Activity from Main Code Path +#define MEMORY_FROM_SLOWPATH 4 //Activity from Slow C +#define MEMORY_FROM_INVALID 5 +#define MEMORY_FROM_SEGMENT_HEAP 6 //Activity from segment heap. + +// +// Header preparation macro for UMGL +// +#define TRACE_HEADER_TYPE_SYSTEM32 1 +#define TRACE_HEADER_TYPE_SYSTEM64 2 +#define TRACE_HEADER_TYPE_COMPACT32 3 +#define TRACE_HEADER_TYPE_COMPACT64 4 +#define TRACE_HEADER_TYPE_FULL_HEADER32 10 +#define TRACE_HEADER_TYPE_INSTANCE32 11 +#define TRACE_HEADER_TYPE_TIMED 12 // Not used +#define TRACE_HEADER_TYPE_ERROR 13 // Error while logging event +#define TRACE_HEADER_TYPE_WNODE_HEADER 14 // Not used +#define TRACE_HEADER_TYPE_MESSAGE 15 +#define TRACE_HEADER_TYPE_PERFINFO32 16 +#define TRACE_HEADER_TYPE_PERFINFO64 17 +#define TRACE_HEADER_TYPE_EVENT_HEADER32 18 +#define TRACE_HEADER_TYPE_EVENT_HEADER64 19 +#define TRACE_HEADER_TYPE_FULL_HEADER64 20 +#define TRACE_HEADER_TYPE_INSTANCE64 21 + +#define EVENT_HEADER_SIZE_MASK 0x0000FFFF + +#define SYSTEM_TRACE_VERSION 2 + +#define TRACE_HEADER_FLAG 0x80000000 + +#define EVENT_HEADER_EVENT64 ((USHORT)(((TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE) >> 16) | TRACE_HEADER_TYPE_EVENT_HEADER64)) +#define EVENT_HEADER_EVENT32 ((USHORT)(((TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE) >> 16) | TRACE_HEADER_TYPE_EVENT_HEADER32)) +#define EVENT_HEADER_ERROR ((USHORT)(((TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE) >> 16) | TRACE_HEADER_TYPE_ERROR)) +#define TRACE_HEADER_FULL32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_FULL_HEADER32 << 16)) +#define TRACE_HEADER_FULL64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_FULL_HEADER64 << 16)) +#define TRACE_HEADER_INSTANCE32 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_INSTANCE32 << 16)) +#define TRACE_HEADER_INSTANCE64 (TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE | (TRACE_HEADER_TYPE_INSTANCE64 << 16)) + +#ifdef _WIN64 +#define EVENT_HEADER_EVENT EVENT_HEADER_EVENT64 +#define TRACE_HEADER_FULL TRACE_HEADER_FULL64 +#define TRACE_HEADER_INSTANCE TRACE_HEADER_INSTANCE64 +#else +#define EVENT_HEADER_EVENT EVENT_HEADER_EVENT32 +#define TRACE_HEADER_FULL TRACE_HEADER_FULL32 +#define TRACE_HEADER_INSTANCE TRACE_HEADER_INSTANCE32 +#endif + +#define PREPARE_ETW_TRACE_HEADER_GUID(Header, EventStruct, EventType, EventGuid, LoggerId) \ + (Header)->Size = sizeof(EventStruct); \ + (Header)->Class.Type = (EventType); \ + RtlCopyMemory(&((Header)->Guid), (EventGuid), sizeof(*(EventGuid))); \ + +// Used with OpenTrace(), prevents conversion of TimeStamps to UTC +#define EVENT_TRACE_USE_RAWTIMESTAMP 0x00000002 +// Used with OpenTrace(), retrieves event from file as is. +#define EVENT_TRACE_GET_RAWEVENT 0x00000100 +// Used with OpenTrace() to ReadBehind a live logger session +#define EVENT_TRACE_READ_BEHIND 0x00000200 +// Used in EventCallbacks to indicate that the InstanceId field is a sequence number. +#define EVENT_TRACE_USE_SEQUENCE 0x0004 +// Kernel Event Version is used to indicate if any kernel event has changed. +#define ETW_KERNEL_EVENT_VERSION 60 + +typedef struct _ETW_KERNEL_HEADER_EXTENSION +{ + PERFINFO_GROUPMASK GroupMasks; + ULONG Version; +} ETW_KERNEL_HEADER_EXTENSION, *PETW_KERNEL_HEADER_EXTENSION; + +#define ETW_SET_MARK_WITH_FLUSH 0x00000001 + +typedef struct _ETW_SET_MARK_INFORMATION +{ + ULONG Flag; + WCHAR Mark[1]; +} ETW_SET_MARK_INFORMATION, *PETW_SET_MARK_INFORMATION; + +// +// Data Block structure for ETW notification +// +typedef enum _ETW_NOTIFICATION_TYPE +{ + EtwNotificationTypeNoReply = 1, // No data block reply + EtwNotificationTypeLegacyEnable, // Enable notification for RegisterTraceGuids + EtwNotificationTypeEnable, // Enable notification for EventRegister + EtwNotificationTypePrivateLogger, // Private logger notification for ETW + EtwNotificationTypePerflib, // PERFLIB V2 counter data request/delivery block + EtwNotificationTypeAudio, // Private notification for audio policy + EtwNotificationTypeSession, // Session related ETW notifications + EtwNotificationTypeReserved, // For internal use (test) + EtwNotificationTypeCredentialUI, // Private notification for media center elevation detection + EtwNotificationTypeInProcSession, // Private in-proc session related ETW notifications + EtwNotificationTypeMax +} ETW_NOTIFICATION_TYPE; + +#define ETW_MAX_DATA_BLOCK_BUFFER_SIZE (65536) + +typedef struct _ETW_NOTIFICATION_HEADER +{ + ETW_NOTIFICATION_TYPE NotificationType; // Notification type + ULONG NotificationSize; // Notification size in bytes + ULONG Offset; // Offset to the next notification + BOOLEAN ReplyRequested; // Reply Requested + ULONG Timeout; // Timeout in milliseconds when requesting reply + union + { + ULONG ReplyCount; // Out to sender: the number of notifications sent + ULONG NotifyeeCount; // Out to notifyee: the order during notification + }; + ULONGLONG Reserved2; + ULONG TargetPID; + ULONG SourcePID; + GUID DestinationGuid; // Desctination GUID + GUID SourceGuid; // Source GUID +} ETW_NOTIFICATION_HEADER, *PETW_NOTIFICATION_HEADER; + +typedef ULONG (NTAPI *PETW_NOTIFICATION_CALLBACK)( + _In_ PETW_NOTIFICATION_HEADER NotificationHeader, + _In_ PVOID Context + ); + +typedef enum _ETW_SESSION_NOTIFICATION_TYPE +{ + EtwSessionNotificationMediaChanged = 1, + EtwSessionNotificationSessionTerminated, + EtwSessionNotificationLogfileError, + EtwSessionNotificationRealtimeError, + EtwSessionNotificationSessionStarted, + EtwSessionNotificationMax +} ETW_SESSION_NOTIFICATION_TYPE; + +typedef struct _ETW_SESSION_NOTIFICATION_PACKET +{ + ETW_NOTIFICATION_HEADER NotificationHeader; + ETW_SESSION_NOTIFICATION_TYPE Type; + NTSTATUS Status; + TRACEHANDLE TraceHandle; + ULONG Reserved[2]; +} ETW_SESSION_NOTIFICATION_PACKET, *PETW_SESSION_NOTIFICATION_PACKET; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +#ifndef EVENT_DESCRIPTOR_DEF +#define EVENT_DESCRIPTOR_DEF +typedef struct _EVENT_DESCRIPTOR +{ + USHORT Id; + UCHAR Version; + UCHAR Channel; + UCHAR Level; + UCHAR Opcode; + USHORT Task; + ULONGLONG Keyword; +} EVENT_DESCRIPTOR, *PEVENT_DESCRIPTOR; +typedef const EVENT_DESCRIPTOR* PCEVENT_DESCRIPTOR; +#endif + +NTSYSAPI +ULONG +NTAPI +EtwSetMark( + _In_opt_ TRACEHANDLE TraceHandle, + _In_ PETW_SET_MARK_INFORMATION MarkInfo, + _In_ ULONG Size + ); + +typedef struct _EVENT_DATA_DESCRIPTOR EVENT_DATA_DESCRIPTOR, *PEVENT_DATA_DESCRIPTOR; + +NTSYSAPI +ULONG +NTAPI +EtwEventWriteFull( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ USHORT EventProperty, + _In_opt_ LPCGUID ActivityId, + _In_opt_ LPCGUID RelatedActivityId, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +//NTSYSAPI +//ULONG +//NTAPI +//EtwEventRegister( +// _In_ LPCGUID ProviderId, +// _In_opt_ PENABLECALLBACK EnableCallback, +// _In_opt_ PVOID CallbackContext, +// _Out_ PREGHANDLE RegHandle +// ); + +NTSYSAPI +ULONG +NTAPI +EtwEventUnregister( + _In_ REGHANDLE RegHandle + ); + +typedef enum _EVENT_INFO_CLASS EVENT_INFO_CLASS; + +NTSYSAPI +ULONG +NTAPI +EtwEventSetInformation( + _In_ REGHANDLE RegHandle, + _In_ EVENT_INFO_CLASS InformationClass, + _In_reads_bytes_(InformationLength) PVOID EventInformation, + _In_ ULONG InformationLength + ); + +NTSYSAPI +ULONG +NTAPI +EtwRegisterSecurityProvider( + VOID + ); + +NTSYSAPI +BOOLEAN +NTAPI +EtwEventProviderEnabled( + _In_ REGHANDLE RegHandle, + _In_ UCHAR Level, + _In_ ULONGLONG Keyword + ); + +NTSYSAPI +BOOLEAN +NTAPI +EtwEventEnabled( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor + ); + +NTSYSAPI +ULONG +NTAPI +EtwEventWrite( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +NTSYSAPI +ULONG +NTAPI +EtwEventWriteTransfer( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_opt_ LPCGUID ActivityId, + _In_opt_ LPCGUID RelatedActivityId, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +NTSYSAPI +ULONG +NTAPI +EtwEventWriteString( + _In_ REGHANDLE RegHandle, + _In_ UCHAR Level, + _In_ ULONGLONG Keyword, + _In_ PCWSTR String + ); + +ULONG +NTAPI +EtwEventWriteEx( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ ULONG64 Filter, + _In_ ULONG Flags, + _In_opt_ LPCGUID ActivityId, + _In_opt_ LPCGUID RelatedActivityId, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +NTSYSAPI +ULONG +NTAPI +EtwEventWriteStartScenario( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +NTSYSAPI +ULONG +NTAPI +EtwEventWriteEndScenario( + _In_ REGHANDLE RegHandle, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +NTSYSAPI +ULONG +NTAPI +EtwWriteUMSecurityEvent( + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ USHORT EventProperty, + _In_ ULONG UserDataCount, + _In_opt_ PEVENT_DATA_DESCRIPTOR UserData + ); + +ULONG +NTAPI +EtwEventWriteNoRegistration( + _In_ LPCGUID ProviderId, + _In_ PCEVENT_DESCRIPTOR EventDescriptor, + _In_ ULONG UserDataCount, + _In_reads_opt_(UserDataCount) PEVENT_DATA_DESCRIPTOR UserData + ); + +NTSYSAPI +ULONG +NTAPI +EtwEventActivityIdControl( + _In_ ULONG ControlCode, + _Inout_ LPGUID ActivityId + ); + +NTSYSAPI +ULONG +NTAPI +EtwNotificationRegister( + _In_ LPCGUID Guid, + _In_ ULONG Type, + _In_ PETW_NOTIFICATION_CALLBACK Callback, + _In_opt_ PVOID Context, + _Out_ PREGHANDLE RegHandle + ); + +NTSYSAPI +ULONG +NTAPI +EtwNotificationUnregister( + _In_ REGHANDLE RegHandle, + _Out_opt_ PVOID * Context + ); + +NTSYSAPI +ULONG +NTAPI +EtwSendNotification( + _In_ PETW_NOTIFICATION_HEADER DataBlock, + _In_ ULONG ReceiveDataBlockSize, + _Inout_ PVOID ReceiveDataBlock, + _Out_ PULONG ReplyReceived, + _Out_ PULONG ReplySizeNeeded + ); + +NTSYSAPI +ULONG +NTAPI +EtwReplyNotification( + _In_ PETW_NOTIFICATION_HEADER Notification + ); + +NTSYSAPI +ULONG +NTAPI +EtwEnumerateProcessRegGuids( + _Out_writes_bytes_opt_(OutBufferSize) PVOID OutBuffer, + _In_ ULONG OutBufferSize, + _Out_ PULONG ReturnLength + ); + +NTSYSAPI +ULONG +NTAPI +EtwQueryRealtimeConsumer( + _In_ TRACEHANDLE TraceHandle, + _Out_ PULONG EventsLostCount, + _Out_ PULONG BuffersLostCount + ); +#endif + +// public TRACE_PROVIDER_INSTANCE_INFO +typedef struct _ETW_TRACE_PROVIDER_INSTANCE_INFO +{ + ULONG NextOffset; + ULONG EnableCount; + ULONG Pid; + ULONG Flags; +} ETW_TRACE_PROVIDER_INSTANCE_INFO, * PETW_TRACE_PROVIDER_INSTANCE_INFO; + +// public TRACE_GUID_INFO +typedef struct _ETW_TRACE_GUID_INFO +{ + ULONG InstanceCount; + ULONG Reserved; + //ETW_TRACE_PROVIDER_INSTANCE_INFO Instances[1]; +} ETW_TRACE_GUID_INFO, * PETW_TRACE_GUID_INFO; + +// rev +typedef enum _ETWTRACECONTROLCODE +{ + EtwStartLoggerCode = 1, // inout WMI_LOGGER_INFORMATION + EtwStopLoggerCode = 2, // inout WMI_LOGGER_INFORMATION + EtwQueryLoggerCode = 3, // inout WMI_LOGGER_INFORMATION + EtwUpdateLoggerCode = 4, // inout WMI_LOGGER_INFORMATION + EtwFlushLoggerCode = 5, // inout WMI_LOGGER_INFORMATION + EtwIncrementLoggerFile = 6, // inout WMI_LOGGER_INFORMATION + EtwRealtimeTransition = 7, // inout WMI_LOGGER_INFORMATION + // reserved + EtwRealtimeConnectCode = 11, + EtwActivityIdCreate = 12, + EtwWdiScenarioCode = 13, + EtwRealtimeDisconnectCode = 14, // in HANDLE + EtwRegisterGuidsCode = 15, + EtwReceiveNotification = 16, + EtwSendDataBlock = 17, // ETW_ENABLE_NOTIFICATION_PACKET // ETW_SESSION_NOTIFICATION_PACKET + EtwSendReplyDataBlock = 18, + EtwReceiveReplyDataBlock = 19, + EtwWdiSemUpdate = 20, + EtwEnumTraceGuidList = 21, // out GUID[] + EtwGetTraceGuidInfo = 22, // in GUID, out ETW_TRACE_GUID_INFO + EtwEnumerateTraceGuids = 23, + EtwRegisterSecurityProv = 24, + EtwReferenceTimeCode = 25, // in ULONG LoggerId, out ETW_REF_CLOCK + EtwTrackBinaryCode = 26, // in HANDLE + EtwAddNotificationEvent = 27, + EtwUpdateDisallowList = 28, + EtwSetEnableAllKeywordsCode = 29, + EtwSetProviderTraitsCode = 30, + EtwUseDescriptorTypeCode = 31, + EtwEnumTraceGroupList = 32, + EtwGetTraceGroupInfo = 33, + EtwGetDisallowList = 34, + EtwSetCompressionSettings = 35, + EtwGetCompressionSettings = 36, + EtwUpdatePeriodicCaptureState = 37, + EtwGetPrivateSessionTraceHandle = 38, + EtwRegisterPrivateSession = 39, + EtwQuerySessionDemuxObject = 40, + EtwSetProviderBinaryTracking = 41, + EtwMaxLoggers = 42, // out ULONG + EtwMaxPmcCounter = 43, // out ULONG + EtwQueryUsedProcessorCount = 44, // ULONG // since WIN11 + EtwGetPmcOwnership = 45, + EtwGetPmcSessions = 46, +} ETWTRACECONTROLCODE; + +#if (PHNT_VERSION >= PHNT_VISTA) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtTraceControl( + _In_ ETWTRACECONTROLCODE FunctionCode, + _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, + _In_ ULONG InputBufferLength, + _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, + _In_ ULONG OutputBufferLength, + _Out_ PULONG ReturnLength + ); +#endif + +#if (PHNT_VERSION >= PHNT_WINXP) +NTSYSCALLAPI +NTSTATUS +NTAPI +NtTraceEvent( + _In_opt_ HANDLE TraceHandle, + _In_ ULONG Flags, + _In_ ULONG FieldSize, + _In_ PVOID Fields + ); +#endif + +// private +typedef struct _TELEMETRY_COVERAGE_POINT +{ + PWSTR Name; + ULONG Hash; + ULONG LastCoveredRound; + ULONG Flags; +} TELEMETRY_COVERAGE_POINT, *PTELEMETRY_COVERAGE_POINT; + +#if (PHNT_VERSION >= PHNT_REDSTONE3) +// rev +NTSYSAPI +BOOLEAN +NTAPI +EtwCheckCoverage( + _Inout_ PTELEMETRY_COVERAGE_POINT CoveragePoint + ); +#endif + +EXTERN_C_END + +#endif diff --git a/deps/phnt-nightly/ntwow64.h b/deps/phnt-nightly/ntwow64.h new file mode 100644 index 0000000..c118bb9 --- /dev/null +++ b/deps/phnt-nightly/ntwow64.h @@ -0,0 +1,782 @@ +/* + * Windows on Windows support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTWOW64_H +#define _NTWOW64_H + +#define WOW64_SYSTEM_DIRECTORY "SysWOW64" +#define WOW64_SYSTEM_DIRECTORY_U L"SysWOW64" +#define WOW64_X86_TAG " (x86)" +#define WOW64_X86_TAG_U L" (x86)" + +// In USER_SHARED_DATA +typedef enum _WOW64_SHARED_INFORMATION +{ + SharedNtdll32LdrInitializeThunk, + SharedNtdll32KiUserExceptionDispatcher, + SharedNtdll32KiUserApcDispatcher, + SharedNtdll32KiUserCallbackDispatcher, + SharedNtdll32ExpInterlockedPopEntrySListFault, + SharedNtdll32ExpInterlockedPopEntrySListResume, + SharedNtdll32ExpInterlockedPopEntrySListEnd, + SharedNtdll32RtlUserThreadStart, + SharedNtdll32pQueryProcessDebugInformationRemote, + SharedNtdll32BaseAddress, + SharedNtdll32LdrSystemDllInitBlock, + Wow64SharedPageEntriesCount +} WOW64_SHARED_INFORMATION; + +// 32-bit definitions + +#define WOW64_POINTER(Type) ULONG + +typedef struct _RTL_BALANCED_NODE32 +{ + union + { + WOW64_POINTER(struct _RTL_BALANCED_NODE *) Children[2]; + struct + { + WOW64_POINTER(struct _RTL_BALANCED_NODE *) Left; + WOW64_POINTER(struct _RTL_BALANCED_NODE *) Right; + }; + }; + union + { + WOW64_POINTER(UCHAR) Red : 1; + WOW64_POINTER(UCHAR) Balance : 2; + WOW64_POINTER(ULONG_PTR) ParentValue; + }; +} RTL_BALANCED_NODE32, *PRTL_BALANCED_NODE32; + +typedef struct _RTL_RB_TREE32 +{ + WOW64_POINTER(PRTL_BALANCED_NODE) Root; + WOW64_POINTER(PRTL_BALANCED_NODE) Min; +} RTL_RB_TREE32, *PRTL_RB_TREE32; + +typedef struct _PEB_LDR_DATA32 +{ + ULONG Length; + BOOLEAN Initialized; + WOW64_POINTER(HANDLE) SsHandle; + LIST_ENTRY32 InLoadOrderModuleList; + LIST_ENTRY32 InMemoryOrderModuleList; + LIST_ENTRY32 InInitializationOrderModuleList; + WOW64_POINTER(PVOID) EntryInProgress; + BOOLEAN ShutdownInProgress; + WOW64_POINTER(HANDLE) ShutdownThreadId; +} PEB_LDR_DATA32, *PPEB_LDR_DATA32; + +typedef struct _LDR_SERVICE_TAG_RECORD32 +{ + WOW64_POINTER(struct _LDR_SERVICE_TAG_RECORD *) Next; + ULONG ServiceTag; +} LDR_SERVICE_TAG_RECORD32, *PLDR_SERVICE_TAG_RECORD32; + +typedef struct _LDRP_CSLIST32 +{ + WOW64_POINTER(PSINGLE_LIST_ENTRY) Tail; +} LDRP_CSLIST32, *PLDRP_CSLIST32; + +typedef struct _LDR_DDAG_NODE32 +{ + LIST_ENTRY32 Modules; + WOW64_POINTER(PLDR_SERVICE_TAG_RECORD) ServiceTagList; + ULONG LoadCount; + ULONG LoadWhileUnloadingCount; + ULONG LowestLink; + union + { + LDRP_CSLIST32 Dependencies; + SINGLE_LIST_ENTRY32 RemovalLink; + }; + LDRP_CSLIST32 IncomingDependencies; + LDR_DDAG_STATE State; + SINGLE_LIST_ENTRY32 CondenseLink; + ULONG PreorderNumber; +} LDR_DDAG_NODE32, *PLDR_DDAG_NODE32; + +#define LDR_DATA_TABLE_ENTRY_SIZE_WINXP_32 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY32, DdagNode) +#define LDR_DATA_TABLE_ENTRY_SIZE_WIN7_32 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY32, BaseNameHashValue) +#define LDR_DATA_TABLE_ENTRY_SIZE_WIN8_32 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY32, ImplicitPathOptions) +#define LDR_DATA_TABLE_ENTRY_SIZE_WIN10_32 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY32, SigningLevel) +#define LDR_DATA_TABLE_ENTRY_SIZE_WIN11_32 sizeof(LDR_DATA_TABLE_ENTRY32) + +typedef struct _LDR_DATA_TABLE_ENTRY32 +{ + LIST_ENTRY32 InLoadOrderLinks; + LIST_ENTRY32 InMemoryOrderLinks; + union + { + LIST_ENTRY32 InInitializationOrderLinks; + LIST_ENTRY32 InProgressLinks; + }; + WOW64_POINTER(PVOID) DllBase; + WOW64_POINTER(PVOID) EntryPoint; + ULONG SizeOfImage; + UNICODE_STRING32 FullDllName; + UNICODE_STRING32 BaseDllName; + union + { + UCHAR FlagGroup[4]; + ULONG Flags; + struct + { + ULONG PackagedBinary : 1; + ULONG MarkedForRemoval : 1; + ULONG ImageDll : 1; + ULONG LoadNotificationsSent : 1; + ULONG TelemetryEntryProcessed : 1; + ULONG ProcessStaticImport : 1; + ULONG InLegacyLists : 1; + ULONG InIndexes : 1; + ULONG ShimDll : 1; + ULONG InExceptionTable : 1; + ULONG ReservedFlags1 : 2; + ULONG LoadInProgress : 1; + ULONG LoadConfigProcessed : 1; + ULONG EntryProcessed : 1; + ULONG ProtectDelayLoad : 1; + ULONG ReservedFlags3 : 2; + ULONG DontCallForThreads : 1; + ULONG ProcessAttachCalled : 1; + ULONG ProcessAttachFailed : 1; + ULONG CorDeferredValidate : 1; + ULONG CorImage : 1; + ULONG DontRelocate : 1; + ULONG CorILOnly : 1; + ULONG ChpeImage : 1; + ULONG ReservedFlags5 : 2; + ULONG Redirected : 1; + ULONG ReservedFlags6 : 2; + ULONG CompatDatabaseProcessed : 1; + }; + }; + USHORT ObsoleteLoadCount; + USHORT TlsIndex; + LIST_ENTRY32 HashLinks; + ULONG TimeDateStamp; + WOW64_POINTER(struct _ACTIVATION_CONTEXT *) EntryPointActivationContext; + WOW64_POINTER(PVOID) Lock; + WOW64_POINTER(PLDR_DDAG_NODE) DdagNode; + LIST_ENTRY32 NodeModuleLink; + WOW64_POINTER(struct _LDRP_LOAD_CONTEXT *) LoadContext; + WOW64_POINTER(PVOID) ParentDllBase; + WOW64_POINTER(PVOID) SwitchBackContext; + RTL_BALANCED_NODE32 BaseAddressIndexNode; + RTL_BALANCED_NODE32 MappingInfoIndexNode; + WOW64_POINTER(ULONG_PTR) OriginalBase; + LARGE_INTEGER LoadTime; + ULONG BaseNameHashValue; + LDR_DLL_LOAD_REASON LoadReason; + ULONG ImplicitPathOptions; + ULONG ReferenceCount; + ULONG DependentLoadFlags; + UCHAR SigningLevel; // since REDSTONE2 + ULONG CheckSum; // since 22H1 + WOW64_POINTER(PVOID) ActivePatchImageBase; + LDR_HOT_PATCH_STATE HotPatchState; +} LDR_DATA_TABLE_ENTRY32, *PLDR_DATA_TABLE_ENTRY32; + +typedef struct _CURDIR32 +{ + UNICODE_STRING32 DosPath; + WOW64_POINTER(HANDLE) Handle; +} CURDIR32, *PCURDIR32; + +typedef struct _RTL_DRIVE_LETTER_CURDIR32 +{ + USHORT Flags; + USHORT Length; + ULONG TimeStamp; + STRING32 DosPath; +} RTL_DRIVE_LETTER_CURDIR32, *PRTL_DRIVE_LETTER_CURDIR32; + +typedef struct _RTL_USER_PROCESS_PARAMETERS32 +{ + ULONG MaximumLength; + ULONG Length; + + ULONG Flags; + ULONG DebugFlags; + + WOW64_POINTER(HANDLE) ConsoleHandle; + ULONG ConsoleFlags; + WOW64_POINTER(HANDLE) StandardInput; + WOW64_POINTER(HANDLE) StandardOutput; + WOW64_POINTER(HANDLE) StandardError; + + CURDIR32 CurrentDirectory; + UNICODE_STRING32 DllPath; + UNICODE_STRING32 ImagePathName; + UNICODE_STRING32 CommandLine; + WOW64_POINTER(PVOID) Environment; + + ULONG StartingX; + ULONG StartingY; + ULONG CountX; + ULONG CountY; + ULONG CountCharsX; + ULONG CountCharsY; + ULONG FillAttribute; + + ULONG WindowFlags; + ULONG ShowWindowFlags; + UNICODE_STRING32 WindowTitle; + UNICODE_STRING32 DesktopInfo; + UNICODE_STRING32 ShellInfo; + UNICODE_STRING32 RuntimeData; + RTL_DRIVE_LETTER_CURDIR32 CurrentDirectories[RTL_MAX_DRIVE_LETTERS]; + + WOW64_POINTER(ULONG_PTR) EnvironmentSize; + WOW64_POINTER(ULONG_PTR) EnvironmentVersion; + WOW64_POINTER(PVOID) PackageDependencyData; + ULONG ProcessGroupId; + ULONG LoaderThreads; + + UNICODE_STRING32 RedirectionDllName; // REDSTONE4 + UNICODE_STRING32 HeapPartitionName; // 19H1 + WOW64_POINTER(ULONG_PTR) DefaultThreadpoolCpuSetMasks; + ULONG DefaultThreadpoolCpuSetMaskCount; + ULONG DefaultThreadpoolThreadMaximum; +} RTL_USER_PROCESS_PARAMETERS32, *PRTL_USER_PROCESS_PARAMETERS32; + +typedef struct _LEAP_SECOND_DATA *PLEAP_SECOND_DATA; + +typedef struct _PEB32 +{ + BOOLEAN InheritedAddressSpace; + BOOLEAN ReadImageFileExecOptions; + BOOLEAN BeingDebugged; + union + { + BOOLEAN BitField; + struct + { + BOOLEAN ImageUsesLargePages : 1; + BOOLEAN IsProtectedProcess : 1; + BOOLEAN IsImageDynamicallyRelocated : 1; + BOOLEAN SkipPatchingUser32Forwarders : 1; + BOOLEAN IsPackagedProcess : 1; + BOOLEAN IsAppContainer : 1; + BOOLEAN IsProtectedProcessLight : 1; + BOOLEAN IsLongPathAwareProcess : 1; + }; + }; + WOW64_POINTER(HANDLE) Mutant; + + WOW64_POINTER(PVOID) ImageBaseAddress; + WOW64_POINTER(PPEB_LDR_DATA) Ldr; + WOW64_POINTER(PRTL_USER_PROCESS_PARAMETERS) ProcessParameters; + WOW64_POINTER(PVOID) SubSystemData; + WOW64_POINTER(PVOID) ProcessHeap; + WOW64_POINTER(PRTL_CRITICAL_SECTION) FastPebLock; + WOW64_POINTER(PVOID) AtlThunkSListPtr; + WOW64_POINTER(PVOID) IFEOKey; + union + { + ULONG CrossProcessFlags; + struct + { + ULONG ProcessInJob : 1; + ULONG ProcessInitializing : 1; + ULONG ProcessUsingVEH : 1; + ULONG ProcessUsingVCH : 1; + ULONG ProcessUsingFTH : 1; + ULONG ReservedBits0 : 27; + }; + }; + union + { + WOW64_POINTER(PVOID) KernelCallbackTable; + WOW64_POINTER(PVOID) UserSharedInfoPtr; + }; + ULONG SystemReserved; + ULONG AtlThunkSListPtr32; + WOW64_POINTER(PVOID) ApiSetMap; + ULONG TlsExpansionCounter; + WOW64_POINTER(PVOID) TlsBitmap; + ULONG TlsBitmapBits[2]; + WOW64_POINTER(PVOID) ReadOnlySharedMemoryBase; + WOW64_POINTER(PVOID) SharedData; + WOW64_POINTER(PVOID *) ReadOnlyStaticServerData; + WOW64_POINTER(PVOID) AnsiCodePageData; + WOW64_POINTER(PVOID) OemCodePageData; + WOW64_POINTER(PVOID) UnicodeCaseTableData; + + ULONG NumberOfProcessors; + ULONG NtGlobalFlag; + + LARGE_INTEGER CriticalSectionTimeout; + WOW64_POINTER(SIZE_T) HeapSegmentReserve; + WOW64_POINTER(SIZE_T) HeapSegmentCommit; + WOW64_POINTER(SIZE_T) HeapDeCommitTotalFreeThreshold; + WOW64_POINTER(SIZE_T) HeapDeCommitFreeBlockThreshold; + + ULONG NumberOfHeaps; + ULONG MaximumNumberOfHeaps; + WOW64_POINTER(PVOID *) ProcessHeaps; + + WOW64_POINTER(PVOID) GdiSharedHandleTable; + WOW64_POINTER(PVOID) ProcessStarterHelper; + ULONG GdiDCAttributeList; + + WOW64_POINTER(PRTL_CRITICAL_SECTION) LoaderLock; + + ULONG OSMajorVersion; + ULONG OSMinorVersion; + USHORT OSBuildNumber; + USHORT OSCSDVersion; + ULONG OSPlatformId; + ULONG ImageSubsystem; + ULONG ImageSubsystemMajorVersion; + ULONG ImageSubsystemMinorVersion; + WOW64_POINTER(ULONG_PTR) ActiveProcessAffinityMask; + GDI_HANDLE_BUFFER32 GdiHandleBuffer; + WOW64_POINTER(PVOID) PostProcessInitRoutine; + + WOW64_POINTER(PVOID) TlsExpansionBitmap; + ULONG TlsExpansionBitmapBits[32]; + + ULONG SessionId; + + ULARGE_INTEGER AppCompatFlags; + ULARGE_INTEGER AppCompatFlagsUser; + WOW64_POINTER(PVOID) pShimData; + WOW64_POINTER(PVOID) AppCompatInfo; + + UNICODE_STRING32 CSDVersion; + + WOW64_POINTER(PACTIVATION_CONTEXT_DATA) ActivationContextData; + WOW64_POINTER(PVOID) ProcessAssemblyStorageMap; + WOW64_POINTER(PACTIVATION_CONTEXT_DATA) SystemDefaultActivationContextData; + WOW64_POINTER(PVOID) SystemAssemblyStorageMap; + + WOW64_POINTER(SIZE_T) MinimumStackCommit; + + WOW64_POINTER(PVOID) SparePointers[2]; // 19H1 (previously FlsCallback to FlsHighIndex) + WOW64_POINTER(PVOID) PatchLoaderData; + WOW64_POINTER(PVOID) ChpeV2ProcessInfo; // _CHPEV2_PROCESS_INFO + + ULONG AppModelFeatureState; + ULONG SpareUlongs[2]; + + USHORT ActiveCodePage; + USHORT OemCodePage; + USHORT UseCaseMapping; + USHORT UnusedNlsField; + + WOW64_POINTER(PVOID) WerRegistrationData; + WOW64_POINTER(PVOID) WerShipAssertPtr; + + union + { + WOW64_POINTER(PVOID) pContextData; // WIN7 + WOW64_POINTER(PVOID) pUnused; // WIN10 + WOW64_POINTER(PVOID) EcCodeBitMap; // WIN11 + }; + + WOW64_POINTER(PVOID) pImageHeaderHash; + union + { + ULONG TracingFlags; + struct + { + ULONG HeapTracingEnabled : 1; + ULONG CritSecTracingEnabled : 1; + ULONG LibLoaderTracingEnabled : 1; + ULONG SpareTracingBits : 29; + }; + }; + ULONGLONG CsrServerReadOnlySharedMemoryBase; + WOW64_POINTER(PVOID) TppWorkerpListLock; + LIST_ENTRY32 TppWorkerpList; + WOW64_POINTER(PVOID) WaitOnAddressHashTable[128]; + WOW64_POINTER(PVOID) TelemetryCoverageHeader; // REDSTONE3 + ULONG CloudFileFlags; + ULONG CloudFileDiagFlags; // REDSTONE4 + CHAR PlaceholderCompatibilityMode; + CHAR PlaceholderCompatibilityModeReserved[7]; + WOW64_POINTER(PLEAP_SECOND_DATA) LeapSecondData; // REDSTONE5 + union + { + ULONG LeapSecondFlags; + struct + { + ULONG SixtySecondEnabled : 1; + ULONG Reserved : 31; + }; + }; + ULONG NtGlobalFlag2; + ULONGLONG ExtendedFeatureDisableMask; // since WIN11 +} PEB32, *PPEB32; + +//C_ASSERT(sizeof(PEB32) == 0x460); // REDSTONE3 +//C_ASSERT(sizeof(PEB32) == 0x470); // REDSTONE5 +C_ASSERT(sizeof(PEB32) == 0x488); // WIN11 + +// Note: Use PhGetProcessPeb32 instead. (dmex) +//#define WOW64_GET_PEB32(peb64) ((PPEB32)PTR_ADD_OFFSET((peb64), ALIGN_UP_BY(sizeof(PEB), PAGE_SIZE))) + +#define GDI_BATCH_BUFFER_SIZE 310 + +typedef struct _GDI_TEB_BATCH32 +{ + ULONG Offset; + WOW64_POINTER(ULONG_PTR) HDC; + ULONG Buffer[GDI_BATCH_BUFFER_SIZE]; +} GDI_TEB_BATCH32, *PGDI_TEB_BATCH32; + +typedef struct _TEB32 +{ + NT_TIB32 NtTib; + + WOW64_POINTER(PVOID) EnvironmentPointer; + CLIENT_ID32 ClientId; + WOW64_POINTER(PVOID) ActiveRpcHandle; + WOW64_POINTER(PVOID) ThreadLocalStoragePointer; + WOW64_POINTER(PPEB) ProcessEnvironmentBlock; + + ULONG LastErrorValue; + ULONG CountOfOwnedCriticalSections; + WOW64_POINTER(PVOID) CsrClientThread; + WOW64_POINTER(PVOID) Win32ThreadInfo; + ULONG User32Reserved[26]; + ULONG UserReserved[5]; + WOW64_POINTER(PVOID) WOW32Reserved; + LCID CurrentLocale; + ULONG FpSoftwareStatusRegister; + WOW64_POINTER(PVOID) ReservedForDebuggerInstrumentation[16]; + WOW64_POINTER(PVOID) SystemReserved1[36]; + UCHAR WorkingOnBehalfTicket[8]; + NTSTATUS ExceptionCode; + + WOW64_POINTER(PVOID) ActivationContextStackPointer; + WOW64_POINTER(ULONG_PTR) InstrumentationCallbackSp; + WOW64_POINTER(ULONG_PTR) InstrumentationCallbackPreviousPc; + WOW64_POINTER(ULONG_PTR) InstrumentationCallbackPreviousSp; + BOOLEAN InstrumentationCallbackDisabled; + UCHAR SpareBytes[23]; + ULONG TxFsContext; + + GDI_TEB_BATCH32 GdiTebBatch; + CLIENT_ID32 RealClientId; + WOW64_POINTER(HANDLE) GdiCachedProcessHandle; + ULONG GdiClientPID; + ULONG GdiClientTID; + WOW64_POINTER(PVOID) GdiThreadLocalInfo; + WOW64_POINTER(ULONG_PTR) Win32ClientInfo[62]; + WOW64_POINTER(PVOID) glDispatchTable[233]; + WOW64_POINTER(ULONG_PTR) glReserved1[29]; + WOW64_POINTER(PVOID) glReserved2; + WOW64_POINTER(PVOID) glSectionInfo; + WOW64_POINTER(PVOID) glSection; + WOW64_POINTER(PVOID) glTable; + WOW64_POINTER(PVOID) glCurrentRC; + WOW64_POINTER(PVOID) glContext; + + NTSTATUS LastStatusValue; + UNICODE_STRING32 StaticUnicodeString; + WCHAR StaticUnicodeBuffer[261]; + + WOW64_POINTER(PVOID) DeallocationStack; + WOW64_POINTER(PVOID) TlsSlots[64]; + LIST_ENTRY32 TlsLinks; + + WOW64_POINTER(PVOID) Vdm; + WOW64_POINTER(PVOID) ReservedForNtRpc; + WOW64_POINTER(PVOID) DbgSsReserved[2]; + + ULONG HardErrorMode; + WOW64_POINTER(PVOID) Instrumentation[9]; + GUID ActivityId; + + WOW64_POINTER(PVOID) SubProcessTag; + WOW64_POINTER(PVOID) PerflibData; + WOW64_POINTER(PVOID) EtwTraceData; + WOW64_POINTER(PVOID) WinSockData; + ULONG GdiBatchCount; + + union + { + PROCESSOR_NUMBER CurrentIdealProcessor; + ULONG IdealProcessorValue; + struct + { + UCHAR ReservedPad0; + UCHAR ReservedPad1; + UCHAR ReservedPad2; + UCHAR IdealProcessor; + }; + }; + + ULONG GuaranteedStackBytes; + WOW64_POINTER(PVOID) ReservedForPerf; + WOW64_POINTER(PVOID) ReservedForOle; + ULONG WaitingOnLoaderLock; + WOW64_POINTER(PVOID) SavedPriorityState; + WOW64_POINTER(ULONG_PTR) ReservedForCodeCoverage; + WOW64_POINTER(PVOID) ThreadPoolData; + WOW64_POINTER(PVOID *) TlsExpansionSlots; + + ULONG MuiGeneration; + ULONG IsImpersonating; + WOW64_POINTER(PVOID) NlsCache; + WOW64_POINTER(PVOID) pShimData; + USHORT HeapVirtualAffinity; + USHORT LowFragHeapDataSlot; + WOW64_POINTER(HANDLE) CurrentTransactionHandle; + WOW64_POINTER(PTEB_ACTIVE_FRAME) ActiveFrame; + WOW64_POINTER(PVOID) FlsData; + + WOW64_POINTER(PVOID) PreferredLanguages; + WOW64_POINTER(PVOID) UserPrefLanguages; + WOW64_POINTER(PVOID) MergedPrefLanguages; + ULONG MuiImpersonation; + + union + { + USHORT CrossTebFlags; + USHORT SpareCrossTebBits : 16; + }; + union + { + USHORT SameTebFlags; + struct + { + USHORT SafeThunkCall : 1; + USHORT InDebugPrint : 1; + USHORT HasFiberData : 1; + USHORT SkipThreadAttach : 1; + USHORT WerInShipAssertCode : 1; + USHORT RanProcessInit : 1; + USHORT ClonedThread : 1; + USHORT SuppressDebugMsg : 1; + USHORT DisableUserStackWalk : 1; + USHORT RtlExceptionAttached : 1; + USHORT InitialThread : 1; + USHORT SessionAware : 1; + USHORT LoadOwner : 1; + USHORT LoaderWorker : 1; + USHORT SpareSameTebBits : 2; + }; + }; + + WOW64_POINTER(PVOID) TxnScopeEnterCallback; + WOW64_POINTER(PVOID) TxnScopeExitCallback; + WOW64_POINTER(PVOID) TxnScopeContext; + ULONG LockCount; + LONG WowTebOffset; + WOW64_POINTER(PVOID) ResourceRetValue; + WOW64_POINTER(PVOID) ReservedForWdf; + ULONGLONG ReservedForCrt; + GUID EffectiveContainerId; +} TEB32, *PTEB32; + +C_ASSERT(FIELD_OFFSET(TEB32, ProcessEnvironmentBlock) == 0x030); +C_ASSERT(FIELD_OFFSET(TEB32, ExceptionCode) == 0x1a4); +C_ASSERT(FIELD_OFFSET(TEB32, TxFsContext) == 0x1d0); +C_ASSERT(FIELD_OFFSET(TEB32, glContext) == 0xbf0); +C_ASSERT(FIELD_OFFSET(TEB32, StaticUnicodeBuffer) == 0xc00); +C_ASSERT(FIELD_OFFSET(TEB32, TlsLinks) == 0xf10); +C_ASSERT(FIELD_OFFSET(TEB32, DbgSsReserved) == 0xf20); +C_ASSERT(FIELD_OFFSET(TEB32, ActivityId) == 0xf50); +C_ASSERT(FIELD_OFFSET(TEB32, GdiBatchCount) == 0xf70); +C_ASSERT(FIELD_OFFSET(TEB32, TlsExpansionSlots) == 0xf94); +C_ASSERT(FIELD_OFFSET(TEB32, FlsData) == 0xfb4); +C_ASSERT(FIELD_OFFSET(TEB32, MuiImpersonation) == 0xfc4); +C_ASSERT(FIELD_OFFSET(TEB32, ReservedForCrt) == 0xfe8); +C_ASSERT(FIELD_OFFSET(TEB32, EffectiveContainerId) == 0xff0); +C_ASSERT(sizeof(TEB32) == 0x1000); + +// Conversion + +FORCEINLINE VOID UStr32ToUStr( + _Out_ PUNICODE_STRING Destination, + _In_ PUNICODE_STRING32 Source + ) +{ + Destination->Length = Source->Length; + Destination->MaximumLength = Source->MaximumLength; + Destination->Buffer = (PWCH)UlongToPtr(Source->Buffer); +} + +FORCEINLINE VOID UStrToUStr32( + _Out_ PUNICODE_STRING32 Destination, + _In_ PUNICODE_STRING Source + ) +{ + Destination->Length = Source->Length; + Destination->MaximumLength = Source->MaximumLength; + Destination->Buffer = PtrToUlong(Source->Buffer); +} + +// The Wow64Info structure follows the PEB32/TEB32 structures and is shared between 32-bit and 64-bit modules inside a Wow64 process. +// from SDK/10.0.10240.0/um/minwin/wow64t.h (dmex) +// +// Page size on x86 NT +// +#define PAGE_SIZE_X86NT 0x1000 +#define PAGE_SHIFT_X86NT 12L +#define WOW64_SPLITS_PER_PAGE (PAGE_SIZE_X86NT / PAGE_SIZE_X86NT) + +// +// Convert the number of native pages to sub x86-pages +// +#define Wow64GetNumberOfX86Pages(NativePages) \ + (NativePages * (PAGE_SIZE_X86NT >> PAGE_SHIFT_X86NT)) + +// +// Macro to round to the nearest page size +// +#define WOW64_ROUND_TO_PAGES(Size) \ + (((ULONG_PTR)(Size) + PAGE_SIZE_X86NT - 1) & ~(PAGE_SIZE_X86NT - 1)) + +// +// Get number of native pages +// +#define WOW64_BYTES_TO_PAGES(Size) \ + (((ULONG)(Size) >> WOW64_ROUND_TO_PAGES) + (((ULONG)(Size) & (PAGE_SIZE_X86NT - 1)) != 0)) + +// +// Get the 32-bit TEB without doing a memory reference. +// +#define WOW64_GET_TEB32(teb64) ((PTEB32)(PVOID)RtlOffsetToPointer((teb64), WOW64_ROUND_TO_PAGES(sizeof(TEB)))) +#define WOW64_TEB32_POINTER_ADDRESS(teb64) (PVOID)&((teb64)->NtTib.ExceptionList) + +typedef union _WOW64_EXECUTE_OPTIONS +{ + ULONG Flags; + struct + { + ULONG StackReserveSize : 8; + ULONG StackCommitSize : 4; + ULONG Deprecated0 : 1; + ULONG DisableWowAssert : 1; + ULONG DisableTurboDispatch : 1; + ULONG Unused : 13; + ULONG Reserved0 : 1; + ULONG Reserved1 : 1; + ULONG Reserved2 : 1; + ULONG Reserved3 : 1; + }; +} WOW64_EXECUTE_OPTIONS, *PWOW64_EXECUTE_OPTIONS; + +#define WOW64_CPUFLAGS_MSFT64 0x00000001 +#define WOW64_CPUFLAGS_SOFTWARE 0x00000002 +#define WOW64_CPUFLAGS_IA64 0x00000004 + +typedef struct _WOW64INFO +{ + ULONG NativeSystemPageSize; + ULONG CpuFlags; + WOW64_EXECUTE_OPTIONS Wow64ExecuteFlags; + ULONG InstrumentationCallback; +} WOW64INFO, *PWOW64INFO; + +typedef struct _PEB32_WITH_WOW64INFO +{ + PEB32 Peb32; + WOW64INFO Wow64Info; +} PEB32_WITH_WOW64INFO, *PPEB32_WITH_WOW64INFO; + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +#ifdef _M_X64 + +FORCEINLINE +TEB32* +POINTER_UNSIGNED +Wow64CurrentGuestTeb( + VOID + ) +{ + TEB* POINTER_UNSIGNED Teb; + TEB32* POINTER_UNSIGNED Teb32; + + Teb = NtCurrentTeb(); + + if (Teb->WowTebOffset == 0) + { + // + // Not running under or over WoW, so there is no "guest teb" + // + + return NULL; + } + + if (Teb->WowTebOffset < 0) + { + // + // Was called while running under WoW. The current teb is the guest + // teb. + // + + Teb32 = (PTEB32)Teb; + + RTL_ASSERT(&Teb32->WowTebOffset == &Teb->WowTebOffset); + } + else + { + // + // Called by the WoW Host, so calculate the position of the guest teb + // relative to the current (host) teb. + // + + Teb32 = (PTEB32)RtlOffsetToPointer(Teb, Teb->WowTebOffset); + } + + RTL_ASSERT(Teb32->NtTib.Self == PtrToUlong(Teb32)); + + return Teb32; +} + +FORCEINLINE +VOID* +POINTER_UNSIGNED +Wow64CurrentNativeTeb( + VOID + ) +{ + TEB* POINTER_UNSIGNED Teb; + VOID* POINTER_UNSIGNED HostTeb; + + Teb = NtCurrentTeb(); + + if (Teb->WowTebOffset >= 0) + { + // + // Not running under WoW, so it it either not running on WoW at all, or + // it is the host. Return the current teb as native teb. + // + + HostTeb = (PVOID)Teb; + } + else + { + // + // Called while runnign under WoW Host, so calculate the position of the + // host teb relative to the current (guest) teb. + // + + HostTeb = (PVOID)RtlOffsetToPointer(Teb, Teb->WowTebOffset); + } + + RTL_ASSERT((((PTEB32)HostTeb)->NtTib.Self == PtrToUlong(HostTeb)) || ((ULONG_PTR)((PTEB)HostTeb)->NtTib.Self == (ULONG_PTR)HostTeb)); + + return HostTeb; +} + +#define NtCurrentTeb32() (Wow64CurrentGuestTeb()) +#define NtCurrentPeb32() ((PPEB32)(UlongToPtr((NtCurrentTeb32()->ProcessEnvironmentBlock)))) + +#define Wow64GetNativeTebField(teb, field) (((ULONG)(teb) == ((PTEB32)(teb))->NtTib.Self) ? (((PTEB32)(teb))->##field) : (((PTEB)(teb))->##field) ) +#define Wow64SetNativeTebField(teb, field, value) { if ((ULONG)(teb) == ((PTEB32)(teb))->NtTib.Self) {(((PTEB32)(teb))->##field) = (value);} else {(((PTEB)(teb))->##field) = (value);} } + +#endif +#endif + +#endif diff --git a/deps/phnt-nightly/ntxcapi.h b/deps/phnt-nightly/ntxcapi.h new file mode 100644 index 0000000..52265e2 --- /dev/null +++ b/deps/phnt-nightly/ntxcapi.h @@ -0,0 +1,129 @@ +/* + * Exception support functions + * + * This file is part of System Informer. + */ + +#ifndef _NTXCAPI_H +#define _NTXCAPI_H + +NTSYSAPI +BOOLEAN +NTAPI +RtlDispatchException( + _In_ PEXCEPTION_RECORD ExceptionRecord, + _In_ PCONTEXT ContextRecord + ); + +NTSYSAPI +DECLSPEC_NORETURN +VOID +NTAPI +RtlRaiseStatus( + _In_ NTSTATUS Status + ); + +NTSYSAPI +VOID +NTAPI +RtlRaiseException( + _In_ PEXCEPTION_RECORD ExceptionRecord + ); + +#if (PHNT_VERSION >= PHNT_20H1) +// rev +NTSYSAPI +VOID +NTAPI +RtlRaiseExceptionForReturnAddressHijack( + VOID + ); + +// rev +NTSYSAPI +DECLSPEC_NORETURN +VOID +NTAPI +RtlRaiseNoncontinuableException( + _In_ PEXCEPTION_RECORD ExceptionRecord, + _In_ PCONTEXT ContextRecord + ); +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtContinue( + _In_ PCONTEXT ContextRecord, + _In_ BOOLEAN TestAlert + ); + +#if (PHNT_VERSION >= PHNT_THRESHOLD) +typedef enum _KCONTINUE_TYPE +{ + KCONTINUE_UNWIND, + KCONTINUE_RESUME, + KCONTINUE_LONGJUMP, + KCONTINUE_SET, + KCONTINUE_LAST, +} KCONTINUE_TYPE; + +typedef struct _KCONTINUE_ARGUMENT +{ + KCONTINUE_TYPE ContinueType; + ULONG ContinueFlags; + ULONGLONG Reserved[2]; +} KCONTINUE_ARGUMENT, *PKCONTINUE_ARGUMENT; + +#define KCONTINUE_FLAG_TEST_ALERT 0x00000001 // wbenny +#define KCONTINUE_FLAG_DELIVER_APC 0x00000002 // wbenny + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtContinueEx( + _In_ PCONTEXT ContextRecord, + _In_ PVOID ContinueArgument // PKCONTINUE_ARGUMENT and BOOLEAN are valid + ); + +//FORCEINLINE +//NTSTATUS +//NtContinue( +// _In_ PCONTEXT ContextRecord, +// _In_ BOOLEAN TestAlert +// ) +//{ +// return NtContinueEx(ContextRecord, (PCONTINUE_ARGUMENT)TestAlert); +//} +#endif + +NTSYSCALLAPI +NTSTATUS +NTAPI +NtRaiseException( + _In_ PEXCEPTION_RECORD ExceptionRecord, + _In_ PCONTEXT ContextRecord, + _In_ BOOLEAN FirstChance + ); + +NTSYSCALLAPI +DECLSPEC_NORETURN +VOID +NTAPI +RtlAssert( + _In_ PVOID VoidFailedAssertion, + _In_ PVOID VoidFileName, + _In_ ULONG LineNumber, + _In_opt_ PSTR MutableMessage + ); + +#define RTL_ASSERT(exp) \ + ((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, NULL), FALSE) : TRUE) +#define RTL_ASSERTMSG(msg, exp) \ + ((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, msg), FALSE) : TRUE) +#define RTL_SOFT_ASSERT(_exp) \ + ((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n Expression: %s\n", __FILE__, __LINE__, #_exp), FALSE) : TRUE) +#define RTL_SOFT_ASSERTMSG(_msg, _exp) \ + ((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n Expression: %s\n Message: %s\n", __FILE__, __LINE__, #_exp, (_msg)), FALSE) : TRUE) + +#endif diff --git a/deps/phnt-nightly/ntzwapi.h b/deps/phnt-nightly/ntzwapi.h new file mode 100644 index 0000000..949384e --- /dev/null +++ b/deps/phnt-nightly/ntzwapi.h @@ -0,0 +1,4816 @@ +#ifndef _NTZWAPI_H +#define _NTZWAPI_H + +// This file was automatically generated. Do not edit. + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAcceptConnectPort( + _Out_ PHANDLE PortHandle, + _In_opt_ PVOID PortContext, + _In_ PPORT_MESSAGE ConnectionRequest, + _In_ BOOLEAN AcceptConnection, + _Inout_opt_ PPORT_VIEW ServerView, + _Out_opt_ PREMOTE_PORT_VIEW ClientView + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAccessCheck( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ HANDLE ClientToken, + _In_ ACCESS_MASK DesiredAccess, + _In_ PGENERIC_MAPPING GenericMapping, + _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, + _Inout_ PULONG PrivilegeSetLength, + _Out_ PACCESS_MASK GrantedAccess, + _Out_ PNTSTATUS AccessStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAccessCheckAndAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ PUNICODE_STRING ObjectTypeName, + _In_ PUNICODE_STRING ObjectName, + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ ACCESS_MASK DesiredAccess, + _In_ PGENERIC_MAPPING GenericMapping, + _In_ BOOLEAN ObjectCreation, + _Out_ PACCESS_MASK GrantedAccess, + _Out_ PNTSTATUS AccessStatus, + _Out_ PBOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAccessCheckByType( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_opt_ PSID PrincipalSelfSid, + _In_ HANDLE ClientToken, + _In_ ACCESS_MASK DesiredAccess, + _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, + _In_ ULONG ObjectTypeListLength, + _In_ PGENERIC_MAPPING GenericMapping, + _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, + _Inout_ PULONG PrivilegeSetLength, + _Out_ PACCESS_MASK GrantedAccess, + _Out_ PNTSTATUS AccessStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAccessCheckByTypeAndAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ PUNICODE_STRING ObjectTypeName, + _In_ PUNICODE_STRING ObjectName, + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_opt_ PSID PrincipalSelfSid, + _In_ ACCESS_MASK DesiredAccess, + _In_ AUDIT_EVENT_TYPE AuditType, + _In_ ULONG Flags, + _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, + _In_ ULONG ObjectTypeListLength, + _In_ PGENERIC_MAPPING GenericMapping, + _In_ BOOLEAN ObjectCreation, + _Out_ PACCESS_MASK GrantedAccess, + _Out_ PNTSTATUS AccessStatus, + _Out_ PBOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAccessCheckByTypeResultList( + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_opt_ PSID PrincipalSelfSid, + _In_ HANDLE ClientToken, + _In_ ACCESS_MASK DesiredAccess, + _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, + _In_ ULONG ObjectTypeListLength, + _In_ PGENERIC_MAPPING GenericMapping, + _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, + _Inout_ PULONG PrivilegeSetLength, + _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, + _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAccessCheckByTypeResultListAndAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ PUNICODE_STRING ObjectTypeName, + _In_ PUNICODE_STRING ObjectName, + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_opt_ PSID PrincipalSelfSid, + _In_ ACCESS_MASK DesiredAccess, + _In_ AUDIT_EVENT_TYPE AuditType, + _In_ ULONG Flags, + _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, + _In_ ULONG ObjectTypeListLength, + _In_ PGENERIC_MAPPING GenericMapping, + _In_ BOOLEAN ObjectCreation, + _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, + _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, + _Out_ PBOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAccessCheckByTypeResultListAndAuditAlarmByHandle( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ HANDLE ClientToken, + _In_ PUNICODE_STRING ObjectTypeName, + _In_ PUNICODE_STRING ObjectName, + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_opt_ PSID PrincipalSelfSid, + _In_ ACCESS_MASK DesiredAccess, + _In_ AUDIT_EVENT_TYPE AuditType, + _In_ ULONG Flags, + _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, + _In_ ULONG ObjectTypeListLength, + _In_ PGENERIC_MAPPING GenericMapping, + _In_ BOOLEAN ObjectCreation, + _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, + _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, + _Out_ PBOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAcquireCMFViewOwnership( + _Out_ PULONGLONG TimeStamp, + _Out_ PBOOLEAN tokenTaken, + _In_ BOOLEAN replaceExisting + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAddAtom( + _In_reads_bytes_opt_(Length) PWSTR AtomName, + _In_ ULONG Length, + _Out_opt_ PRTL_ATOM Atom + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAddAtomEx( + _In_reads_bytes_opt_(Length) PWSTR AtomName, + _In_ ULONG Length, + _Out_opt_ PRTL_ATOM Atom, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAddBootEntry( + _In_ PBOOT_ENTRY BootEntry, + _Out_opt_ PULONG Id + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAddDriverEntry( + _In_ PEFI_DRIVER_ENTRY DriverEntry, + _Out_opt_ PULONG Id + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAdjustGroupsToken( + _In_ HANDLE TokenHandle, + _In_ BOOLEAN ResetToDefault, + _In_opt_ PTOKEN_GROUPS NewState, + _In_opt_ ULONG BufferLength, + _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAdjustPrivilegesToken( + _In_ HANDLE TokenHandle, + _In_ BOOLEAN DisableAllPrivileges, + _In_opt_ PTOKEN_PRIVILEGES NewState, + _In_ ULONG BufferLength, + _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAdjustTokenClaimsAndDeviceGroups( + _In_ HANDLE TokenHandle, + _In_ BOOLEAN UserResetToDefault, + _In_ BOOLEAN DeviceResetToDefault, + _In_ BOOLEAN DeviceGroupsResetToDefault, + _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewUserState, + _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewDeviceState, + _In_opt_ PTOKEN_GROUPS NewDeviceGroupsState, + _In_ ULONG UserBufferLength, + _Out_writes_bytes_to_opt_(UserBufferLength, *UserReturnLength) PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousUserState, + _In_ ULONG DeviceBufferLength, + _Out_writes_bytes_to_opt_(DeviceBufferLength, *DeviceReturnLength) PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousDeviceState, + _In_ ULONG DeviceGroupsBufferLength, + _Out_writes_bytes_to_opt_(DeviceGroupsBufferLength, *DeviceGroupsReturnBufferLength) PTOKEN_GROUPS PreviousDeviceGroups, + _Out_opt_ PULONG UserReturnLength, + _Out_opt_ PULONG DeviceReturnLength, + _Out_opt_ PULONG DeviceGroupsReturnBufferLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlertResumeThread( + _In_ HANDLE ThreadHandle, + _Out_opt_ PULONG PreviousSuspendCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlertThread( + _In_ HANDLE ThreadHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlertThreadByThreadId( + _In_ HANDLE ThreadId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAllocateLocallyUniqueId( + _Out_ PLUID Luid + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAllocateReserveObject( + _Out_ PHANDLE MemoryReserveHandle, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ MEMORY_RESERVE_TYPE Type + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAllocateUserPhysicalPages( + _In_ HANDLE ProcessHandle, + _Inout_ PULONG_PTR NumberOfPages, + _Out_writes_(*NumberOfPages) PULONG_PTR UserPfnArray + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAllocateUserPhysicalPagesEx( + _In_ HANDLE ProcessHandle, + _Inout_ PULONG_PTR NumberOfPages, + _Out_writes_(*NumberOfPages) PULONG_PTR UserPfnArray, + _Inout_updates_opt_(ParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters, + _In_ ULONG ExtendedParameterCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAllocateUuids( + _Out_ PULARGE_INTEGER Time, + _Out_ PULONG Range, + _Out_ PULONG Sequence, + _Out_ PCHAR Seed + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAllocateVirtualMemory( + _In_ HANDLE ProcessHandle, + _Inout_ _At_(*BaseAddress, _Readable_bytes_(*RegionSize) _Writable_bytes_(*RegionSize) _Post_readable_byte_size_(*RegionSize)) PVOID *BaseAddress, + _In_ ULONG_PTR ZeroBits, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG AllocationType, + _In_ ULONG Protect + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAllocateVirtualMemoryEx( + _In_ HANDLE ProcessHandle, + _Inout_ _At_(*BaseAddress, _Readable_bytes_(*RegionSize) _Writable_bytes_(*RegionSize) _Post_readable_byte_size_(*RegionSize)) PVOID *BaseAddress, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG AllocationType, + _In_ ULONG PageProtection, + _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters, + _In_ ULONG ExtendedParameterCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcAcceptConnectPort( + _Out_ PHANDLE PortHandle, + _In_ HANDLE ConnectionPortHandle, + _In_ ULONG Flags, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes, + _In_opt_ PVOID PortContext, + _In_reads_bytes_(ConnectionRequest->u1.s1.TotalLength) PPORT_MESSAGE ConnectionRequest, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES ConnectionMessageAttributes, + _In_ BOOLEAN AcceptConnection + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcCancelMessage( + _In_ HANDLE PortHandle, + _In_ ULONG Flags, + _In_ PALPC_CONTEXT_ATTR MessageContext + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcConnectPort( + _Out_ PHANDLE PortHandle, + _In_ PUNICODE_STRING PortName, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes, + _In_ ULONG Flags, + _In_opt_ PSID RequiredServerSid, + _Inout_updates_bytes_to_opt_(*BufferLength, *BufferLength) PPORT_MESSAGE ConnectionMessage, + _Inout_opt_ PSIZE_T BufferLength, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES InMessageAttributes, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcConnectPortEx( + _Out_ PHANDLE PortHandle, + _In_ POBJECT_ATTRIBUTES ConnectionPortObjectAttributes, + _In_opt_ POBJECT_ATTRIBUTES ClientPortObjectAttributes, + _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes, + _In_ ULONG Flags, + _In_opt_ PSECURITY_DESCRIPTOR ServerSecurityRequirements, + _Inout_updates_bytes_to_opt_(*BufferLength, *BufferLength) PPORT_MESSAGE ConnectionMessage, + _Inout_opt_ PSIZE_T BufferLength, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES OutMessageAttributes, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES InMessageAttributes, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcCreatePort( + _Out_ PHANDLE PortHandle, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PALPC_PORT_ATTRIBUTES PortAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcCreatePortSection( + _In_ HANDLE PortHandle, + _In_ ULONG Flags, + _In_opt_ HANDLE SectionHandle, + _In_ SIZE_T SectionSize, + _Out_ PALPC_HANDLE AlpcSectionHandle, + _Out_ PSIZE_T ActualSectionSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcCreateResourceReserve( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _In_ SIZE_T MessageSize, + _Out_ PALPC_HANDLE ResourceId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcCreateSectionView( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _Inout_ PALPC_DATA_VIEW_ATTR ViewAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcCreateSecurityContext( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _Inout_ PALPC_SECURITY_ATTR SecurityAttribute + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcDeletePortSection( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _In_ ALPC_HANDLE SectionHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcDeleteResourceReserve( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _In_ ALPC_HANDLE ResourceId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcDeleteSectionView( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _In_ PVOID ViewBase + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcDeleteSecurityContext( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _In_ ALPC_HANDLE ContextHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcDisconnectPort( + _In_ HANDLE PortHandle, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcImpersonateClientContainerOfPort( + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE Message, + _Reserved_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcImpersonateClientOfPort( + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE Message, + _In_ PVOID Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcOpenSenderProcess( + _Out_ PHANDLE ProcessHandle, + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE PortMessage, + _Reserved_ ULONG Flags, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcOpenSenderThread( + _Out_ PHANDLE ThreadHandle, + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE PortMessage, + _Reserved_ ULONG Flags, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcQueryInformation( + _In_opt_ HANDLE PortHandle, + _In_ ALPC_PORT_INFORMATION_CLASS PortInformationClass, + _Inout_updates_bytes_to_(Length, *ReturnLength) PVOID PortInformation, + _In_ ULONG Length, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcQueryInformationMessage( + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE PortMessage, + _In_ ALPC_MESSAGE_INFORMATION_CLASS MessageInformationClass, + _Out_writes_bytes_to_opt_(Length, *ReturnLength) PVOID MessageInformation, + _In_ ULONG Length, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcRevokeSecurityContext( + _In_ HANDLE PortHandle, + _Reserved_ ULONG Flags, + _In_ ALPC_HANDLE ContextHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcSendWaitReceivePort( + _In_ HANDLE PortHandle, + _In_ ULONG Flags, + _In_reads_bytes_opt_(SendMessage->u1.s1.TotalLength) PPORT_MESSAGE SendMessage, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES SendMessageAttributes, + _Out_writes_bytes_to_opt_(*BufferLength, *BufferLength) PPORT_MESSAGE ReceiveMessage, + _Inout_opt_ PSIZE_T BufferLength, + _Inout_opt_ PALPC_MESSAGE_ATTRIBUTES ReceiveMessageAttributes, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAlpcSetInformation( + _In_ HANDLE PortHandle, + _In_ ALPC_PORT_INFORMATION_CLASS PortInformationClass, + _In_reads_bytes_opt_(Length) PVOID PortInformation, + _In_ ULONG Length + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAreMappedFilesTheSame( + _In_ PVOID File1MappedAsAnImage, + _In_ PVOID File2MappedAsFile + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAssignProcessToJobObject( + _In_ HANDLE JobHandle, + _In_ HANDLE ProcessHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwAssociateWaitCompletionPacket( + _In_ HANDLE WaitCompletionPacketHandle, + _In_ HANDLE IoCompletionHandle, + _In_ HANDLE TargetObjectHandle, + _In_opt_ PVOID KeyContext, + _In_opt_ PVOID ApcContext, + _In_ NTSTATUS IoStatus, + _In_ ULONG_PTR IoStatusInformation, + _Out_opt_ PBOOLEAN AlreadySignaled + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCallbackReturn( + _In_reads_bytes_opt_(OutputLength) PVOID OutputBuffer, + _In_ ULONG OutputLength, + _In_ NTSTATUS Status + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCallEnclave( + _In_ PENCLAVE_ROUTINE Routine, + _In_ PVOID Reserved, // reserved for dispatch (RtlEnclaveCallDispatch) + _In_ ULONG Flags, // ENCLAVE_CALL_FLAG_* + _Inout_ PVOID* RoutineParamReturn // input routine parameter, output routine return value + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCancelIoFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCancelIoFileEx( + _In_ HANDLE FileHandle, + _In_opt_ PIO_STATUS_BLOCK IoRequestToCancel, + _Out_ PIO_STATUS_BLOCK IoStatusBlock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCancelSynchronousIoFile( + _In_ HANDLE ThreadHandle, + _In_opt_ PIO_STATUS_BLOCK IoRequestToCancel, + _Out_ PIO_STATUS_BLOCK IoStatusBlock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCancelTimer( + _In_ HANDLE TimerHandle, + _Out_opt_ PBOOLEAN CurrentState + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCancelTimer2( + _In_ HANDLE TimerHandle, + _In_ PT2_CANCEL_PARAMETERS Parameters + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCancelWaitCompletionPacket( + _In_ HANDLE WaitCompletionPacketHandle, + _In_ BOOLEAN RemoveSignaledPacket + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwChangeProcessState( + _In_ HANDLE ProcessStateChangeHandle, + _In_ HANDLE ProcessHandle, + _In_ PROCESS_STATE_CHANGE_TYPE StateChangeType, + _In_opt_ PVOID ExtendedInformation, + _In_opt_ SIZE_T ExtendedInformationLength, + _In_opt_ ULONG64 Reserved + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwChangeThreadState( + _In_ HANDLE ThreadStateChangeHandle, + _In_ HANDLE ThreadHandle, + _In_ THREAD_STATE_CHANGE_TYPE StateChangeType, + _In_opt_ PVOID ExtendedInformation, + _In_opt_ SIZE_T ExtendedInformationLength, + _In_opt_ ULONG64 Reserved + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwClearEvent( + _In_ HANDLE EventHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwClose( + _In_ _Post_ptr_invalid_ HANDLE Handle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCloseObjectAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ BOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCommitComplete( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCommitEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCommitTransaction( + _In_ HANDLE TransactionHandle, + _In_ BOOLEAN Wait + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCompactKeys( + _In_ ULONG Count, + _In_reads_(Count) HANDLE KeyArray[] + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCompareObjects( + _In_ HANDLE FirstObjectHandle, + _In_ HANDLE SecondObjectHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCompareSigningLevels( + _In_ SE_SIGNING_LEVEL FirstSigningLevel, + _In_ SE_SIGNING_LEVEL SecondSigningLevel + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCompareTokens( + _In_ HANDLE FirstTokenHandle, + _In_ HANDLE SecondTokenHandle, + _Out_ PBOOLEAN Equal + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCompleteConnectPort( + _In_ HANDLE PortHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCompressKey( + _In_ HANDLE KeyHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwConnectPort( + _Out_ PHANDLE PortHandle, + _In_ PUNICODE_STRING PortName, + _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos, + _Inout_opt_ PPORT_VIEW ClientView, + _Inout_opt_ PREMOTE_PORT_VIEW ServerView, + _Out_opt_ PULONG MaxMessageLength, + _Inout_updates_bytes_to_opt_(*ConnectionInformationLength, *ConnectionInformationLength) PVOID ConnectionInformation, + _Inout_opt_ PULONG ConnectionInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwContinue( + _In_ PCONTEXT ContextRecord, + _In_ BOOLEAN TestAlert + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwContinueEx( + _In_ PCONTEXT ContextRecord, + _In_ PVOID ContinueArgument // PKCONTINUE_ARGUMENT and BOOLEAN are valid + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwConvertBetweenAuxiliaryCounterAndPerformanceCounter( + _In_ BOOLEAN ConvertAuxiliaryToPerformanceCounter, + _In_ PLARGE_INTEGER PerformanceOrAuxiliaryCounterValue, + _Out_ PLARGE_INTEGER ConvertedValue, + _Out_opt_ PLARGE_INTEGER ConversionError + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCopyFileChunk( + _In_ HANDLE SourceHandle, + _In_ HANDLE DestinationHandle, + _In_opt_ HANDLE EventHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG Length, + _In_ PLARGE_INTEGER SourceOffset, + _In_ PLARGE_INTEGER DestOffset, + _In_opt_ PULONG SourceKey, + _In_opt_ PULONG DestKey, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateDebugObject( + _Out_ PHANDLE DebugObjectHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateDirectoryObject( + _Out_ PHANDLE DirectoryHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateDirectoryObjectEx( + _Out_ PHANDLE DirectoryHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ShadowDirectoryHandle, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateEnclave( + _In_ HANDLE ProcessHandle, + _Inout_ PVOID* BaseAddress, + _In_ ULONG_PTR ZeroBits, + _In_ SIZE_T Size, + _In_ SIZE_T InitialCommitment, + _In_ ULONG EnclaveType, + _In_reads_bytes_(EnclaveInformationLength) PVOID EnclaveInformation, + _In_ ULONG EnclaveInformationLength, + _Out_opt_ PULONG EnclaveError + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateEnlistment( + _Out_ PHANDLE EnlistmentHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ HANDLE ResourceManagerHandle, + _In_ HANDLE TransactionHandle, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ ULONG CreateOptions, + _In_ NOTIFICATION_MASK NotificationMask, + _In_opt_ PVOID EnlistmentKey + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateEvent( + _Out_ PHANDLE EventHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ EVENT_TYPE EventType, + _In_ BOOLEAN InitialState + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateEventPair( + _Out_ PHANDLE EventPairHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateFile( + _Out_ PHANDLE FileHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_opt_ PLARGE_INTEGER AllocationSize, + _In_ ULONG FileAttributes, + _In_ ULONG ShareAccess, + _In_ ULONG CreateDisposition, + _In_ ULONG CreateOptions, + _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, + _In_ ULONG EaLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateIoCompletion( + _Out_ PHANDLE IoCompletionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ ULONG Count + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateIoRing( + _Out_ PHANDLE IoRingHandle, + _In_ ULONG CreateParametersLength, + _In_ PVOID CreateParameters, + _In_ ULONG OutputParametersLength, + _Out_ PVOID OutputParameters + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateIRTimer( + _Out_ PHANDLE TimerHandle, + _In_ ACCESS_MASK DesiredAccess + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateJobObject( + _Out_ PHANDLE JobHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateJobSet( + _In_ ULONG NumJob, + _In_reads_(NumJob) PJOB_SET_ARRAY UserJobSet, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateKey( + _Out_ PHANDLE KeyHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Reserved_ ULONG TitleIndex, + _In_opt_ PUNICODE_STRING Class, + _In_ ULONG CreateOptions, + _Out_opt_ PULONG Disposition + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateKeyedEvent( + _Out_ PHANDLE KeyedEventHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _Reserved_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateKeyTransacted( + _Out_ PHANDLE KeyHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Reserved_ ULONG TitleIndex, + _In_opt_ PUNICODE_STRING Class, + _In_ ULONG CreateOptions, + _In_ HANDLE TransactionHandle, + _Out_opt_ PULONG Disposition + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateLowBoxToken( + _Out_ PHANDLE TokenHandle, + _In_ HANDLE ExistingTokenHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ PSID PackageSid, + _In_ ULONG CapabilityCount, + _In_reads_opt_(CapabilityCount) PSID_AND_ATTRIBUTES Capabilities, + _In_ ULONG HandleCount, + _In_reads_opt_(HandleCount) HANDLE *Handles + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateMailslotFile( + _Out_ PHANDLE FileHandle, + _In_ ULONG DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG CreateOptions, + _In_ ULONG MailslotQuota, + _In_ ULONG MaximumMessageSize, + _In_ PLARGE_INTEGER ReadTimeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateMutant( + _Out_ PHANDLE MutantHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ BOOLEAN InitialOwner + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateNamedPipeFile( + _Out_ PHANDLE FileHandle, + _In_ ULONG DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG ShareAccess, + _In_ ULONG CreateDisposition, + _In_ ULONG CreateOptions, + _In_ ULONG NamedPipeType, + _In_ ULONG ReadMode, + _In_ ULONG CompletionMode, + _In_ ULONG MaximumInstances, + _In_ ULONG InboundQuota, + _In_ ULONG OutboundQuota, + _In_ PLARGE_INTEGER DefaultTimeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreatePagingFile( + _In_ PUNICODE_STRING PageFileName, + _In_ PLARGE_INTEGER MinimumSize, + _In_ PLARGE_INTEGER MaximumSize, + _In_ ULONG Priority + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreatePartition( + _In_opt_ HANDLE ParentPartitionHandle, + _Out_ PHANDLE PartitionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG PreferredNode + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreatePort( + _Out_ PHANDLE PortHandle, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG MaxConnectionInfoLength, + _In_ ULONG MaxMessageLength, + _In_opt_ ULONG MaxPoolUsage + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreatePrivateNamespace( + _Out_ PHANDLE NamespaceHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ POBJECT_BOUNDARY_DESCRIPTOR BoundaryDescriptor + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateProcess( + _Out_ PHANDLE ProcessHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ParentProcess, + _In_ BOOLEAN InheritObjectTable, + _In_opt_ HANDLE SectionHandle, + _In_opt_ HANDLE DebugPort, + _In_opt_ HANDLE TokenHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateProcessEx( + _Out_ PHANDLE ProcessHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ParentProcess, + _In_ ULONG Flags, // PROCESS_CREATE_FLAGS_* + _In_opt_ HANDLE SectionHandle, + _In_opt_ HANDLE DebugPort, + _In_opt_ HANDLE TokenHandle, + _Reserved_ ULONG Reserved // JobMemberLevel + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateProcessStateChange( + _Out_ PHANDLE ProcessStateChangeHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ProcessHandle, + _In_opt_ ULONG64 Reserved + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateProfile( + _Out_ PHANDLE ProfileHandle, + _In_opt_ HANDLE Process, + _In_ PVOID ProfileBase, + _In_ SIZE_T ProfileSize, + _In_ ULONG BucketSize, + _In_reads_bytes_(BufferSize) PULONG Buffer, + _In_ ULONG BufferSize, + _In_ KPROFILE_SOURCE ProfileSource, + _In_ KAFFINITY Affinity + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateProfileEx( + _Out_ PHANDLE ProfileHandle, + _In_opt_ HANDLE Process, + _In_ PVOID ProfileBase, + _In_ SIZE_T ProfileSize, + _In_ ULONG BucketSize, + _In_reads_bytes_(BufferSize) PULONG Buffer, + _In_ ULONG BufferSize, + _In_ KPROFILE_SOURCE ProfileSource, + _In_ USHORT GroupCount, + _In_reads_(GroupCount) PGROUP_AFFINITY GroupAffinity + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateResourceManager( + _Out_ PHANDLE ResourceManagerHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ HANDLE TmHandle, + _In_ LPGUID RmGuid, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ ULONG CreateOptions, + _In_opt_ PUNICODE_STRING Description + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateSection( + _Out_ PHANDLE SectionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PLARGE_INTEGER MaximumSize, + _In_ ULONG SectionPageProtection, + _In_ ULONG AllocationAttributes, + _In_opt_ HANDLE FileHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateSectionEx( + _Out_ PHANDLE SectionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PLARGE_INTEGER MaximumSize, + _In_ ULONG SectionPageProtection, + _In_ ULONG AllocationAttributes, + _In_opt_ HANDLE FileHandle, + _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters, + _In_ ULONG ExtendedParameterCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateSemaphore( + _Out_ PHANDLE SemaphoreHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ LONG InitialCount, + _In_ LONG MaximumCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateSymbolicLinkObject( + _Out_ PHANDLE LinkHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ PUNICODE_STRING LinkTarget + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateThread( + _Out_ PHANDLE ThreadHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ProcessHandle, + _Out_ PCLIENT_ID ClientId, + _In_ PCONTEXT ThreadContext, + _In_ PINITIAL_TEB InitialTeb, + _In_ BOOLEAN CreateSuspended + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateThreadEx( + _Out_ PHANDLE ThreadHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ProcessHandle, + _In_ PUSER_THREAD_START_ROUTINE StartRoutine, + _In_opt_ PVOID Argument, + _In_ ULONG CreateFlags, // THREAD_CREATE_FLAGS_* + _In_ SIZE_T ZeroBits, + _In_ SIZE_T StackSize, + _In_ SIZE_T MaximumStackSize, + _In_opt_ PPS_ATTRIBUTE_LIST AttributeList + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateThreadStateChange( + _Out_ PHANDLE ThreadStateChangeHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE ThreadHandle, + _In_opt_ ULONG64 Reserved + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateTimer( + _Out_ PHANDLE TimerHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ TIMER_TYPE TimerType + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateTimer2( + _Out_ PHANDLE TimerHandle, + _In_opt_ PVOID Reserved1, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG Attributes, + _In_ ACCESS_MASK DesiredAccess + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateToken( + _Out_ PHANDLE TokenHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ TOKEN_TYPE Type, + _In_ PLUID AuthenticationId, + _In_ PLARGE_INTEGER ExpirationTime, + _In_ PTOKEN_USER User, + _In_ PTOKEN_GROUPS Groups, + _In_ PTOKEN_PRIVILEGES Privileges, + _In_opt_ PTOKEN_OWNER Owner, + _In_ PTOKEN_PRIMARY_GROUP PrimaryGroup, + _In_opt_ PTOKEN_DEFAULT_DACL DefaultDacl, + _In_ PTOKEN_SOURCE Source + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateTokenEx( + _Out_ PHANDLE TokenHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ TOKEN_TYPE Type, + _In_ PLUID AuthenticationId, + _In_ PLARGE_INTEGER ExpirationTime, + _In_ PTOKEN_USER User, + _In_ PTOKEN_GROUPS Groups, + _In_ PTOKEN_PRIVILEGES Privileges, + _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION UserAttributes, + _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION DeviceAttributes, + _In_opt_ PTOKEN_GROUPS DeviceGroups, + _In_opt_ PTOKEN_MANDATORY_POLICY MandatoryPolicy, + _In_opt_ PTOKEN_OWNER Owner, + _In_ PTOKEN_PRIMARY_GROUP PrimaryGroup, + _In_opt_ PTOKEN_DEFAULT_DACL DefaultDacl, + _In_ PTOKEN_SOURCE Source + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateTransaction( + _Out_ PHANDLE TransactionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ LPGUID Uow, + _In_opt_ HANDLE TmHandle, + _In_opt_ ULONG CreateOptions, + _In_opt_ ULONG IsolationLevel, + _In_opt_ ULONG IsolationFlags, + _In_opt_ PLARGE_INTEGER Timeout, + _In_opt_ PUNICODE_STRING Description + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateTransactionManager( + _Out_ PHANDLE TmHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PUNICODE_STRING LogFileName, + _In_opt_ ULONG CreateOptions, + _In_opt_ ULONG CommitStrength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateUserProcess( + _Out_ PHANDLE ProcessHandle, + _Out_ PHANDLE ThreadHandle, + _In_ ACCESS_MASK ProcessDesiredAccess, + _In_ ACCESS_MASK ThreadDesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ProcessObjectAttributes, + _In_opt_ POBJECT_ATTRIBUTES ThreadObjectAttributes, + _In_ ULONG ProcessFlags, // PROCESS_CREATE_FLAGS_* + _In_ ULONG ThreadFlags, // THREAD_CREATE_FLAGS_* + _In_opt_ PVOID ProcessParameters, // PRTL_USER_PROCESS_PARAMETERS + _Inout_ PPS_CREATE_INFO CreateInfo, + _In_opt_ PPS_ATTRIBUTE_LIST AttributeList + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateWaitablePort( + _Out_ PHANDLE PortHandle, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG MaxConnectionInfoLength, + _In_ ULONG MaxMessageLength, + _In_opt_ ULONG MaxPoolUsage + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateWaitCompletionPacket( + _Out_ PHANDLE WaitCompletionPacketHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateWnfStateName( + _Out_ PWNF_STATE_NAME StateName, + _In_ WNF_STATE_NAME_LIFETIME NameLifetime, + _In_ WNF_DATA_SCOPE DataScope, + _In_ BOOLEAN PersistData, + _In_opt_ PCWNF_TYPE_ID TypeId, + _In_ ULONG MaximumStateSize, + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwCreateWorkerFactory( + _Out_ PHANDLE WorkerFactoryHandleReturn, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE CompletionPortHandle, + _In_ HANDLE WorkerProcessHandle, + _In_ PVOID StartRoutine, + _In_opt_ PVOID StartParameter, + _In_opt_ ULONG MaxThreadCount, + _In_opt_ SIZE_T StackReserve, + _In_opt_ SIZE_T StackCommit + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDebugActiveProcess( + _In_ HANDLE ProcessHandle, + _In_ HANDLE DebugObjectHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDebugContinue( + _In_ HANDLE DebugObjectHandle, + _In_ PCLIENT_ID ClientId, + _In_ NTSTATUS ContinueStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDelayExecution( + _In_ BOOLEAN Alertable, + _In_ PLARGE_INTEGER DelayInterval + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDeleteAtom( + _In_ RTL_ATOM Atom + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDeleteBootEntry( + _In_ ULONG Id + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDeleteDriverEntry( + _In_ ULONG Id + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDeleteFile( + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDeleteKey( + _In_ HANDLE KeyHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDeleteObjectAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ BOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDeletePrivateNamespace( + _In_ HANDLE NamespaceHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDeleteValueKey( + _In_ HANDLE KeyHandle, + _In_ PUNICODE_STRING ValueName + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDeleteWnfStateData( + _In_ PCWNF_STATE_NAME StateName, + _In_opt_ const VOID* ExplicitScope + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDeleteWnfStateName( + _In_ PCWNF_STATE_NAME StateName + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDeviceIoControlFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG IoControlCode, + _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, + _In_ ULONG InputBufferLength, + _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, + _In_ ULONG OutputBufferLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDisableLastKnownGood( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDisplayString( + _In_ PUNICODE_STRING String + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDrawText( + _In_ PUNICODE_STRING Text + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDuplicateObject( + _In_ HANDLE SourceProcessHandle, + _In_ HANDLE SourceHandle, + _In_opt_ HANDLE TargetProcessHandle, + _Out_opt_ PHANDLE TargetHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ ULONG HandleAttributes, + _In_ ULONG Options + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwDuplicateToken( + _In_ HANDLE ExistingTokenHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ BOOLEAN EffectiveOnly, + _In_ TOKEN_TYPE Type, + _Out_ PHANDLE NewTokenHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwEnableLastKnownGood( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwEnumerateBootEntries( + _Out_writes_bytes_opt_(*BufferLength) PVOID Buffer, + _Inout_ PULONG BufferLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwEnumerateDriverEntries( + _Out_writes_bytes_opt_(*BufferLength) PVOID Buffer, + _Inout_ PULONG BufferLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwEnumerateKey( + _In_ HANDLE KeyHandle, + _In_ ULONG Index, + _In_ KEY_INFORMATION_CLASS KeyInformationClass, + _Out_writes_bytes_opt_(Length) PVOID KeyInformation, + _In_ ULONG Length, + _Out_ PULONG ResultLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwEnumerateSystemEnvironmentValuesEx( + _In_ ULONG InformationClass, // SYSTEM_ENVIRONMENT_INFORMATION_CLASS + _Out_ PVOID Buffer, + _Inout_ PULONG BufferLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwEnumerateTransactionObject( + _In_opt_ HANDLE RootObjectHandle, + _In_ KTMOBJECT_TYPE QueryType, + _Inout_updates_bytes_(ObjectCursorLength) PKTMOBJECT_CURSOR ObjectCursor, + _In_ ULONG ObjectCursorLength, + _Out_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwEnumerateValueKey( + _In_ HANDLE KeyHandle, + _In_ ULONG Index, + _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, + _Out_writes_bytes_opt_(Length) PVOID KeyValueInformation, + _In_ ULONG Length, + _Out_ PULONG ResultLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwExtendSection( + _In_ HANDLE SectionHandle, + _Inout_ PLARGE_INTEGER NewSectionSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFilterBootOption( + _In_ FILTER_BOOT_OPTION_OPERATION FilterOperation, + _In_ ULONG ObjectType, + _In_ ULONG ElementType, + _In_reads_bytes_opt_(DataSize) PVOID Data, + _In_ ULONG DataSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFilterToken( + _In_ HANDLE ExistingTokenHandle, + _In_ ULONG Flags, + _In_opt_ PTOKEN_GROUPS SidsToDisable, + _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, + _In_opt_ PTOKEN_GROUPS RestrictedSids, + _Out_ PHANDLE NewTokenHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFilterTokenEx( + _In_ HANDLE ExistingTokenHandle, + _In_ ULONG Flags, + _In_opt_ PTOKEN_GROUPS SidsToDisable, + _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, + _In_opt_ PTOKEN_GROUPS RestrictedSids, + _In_ ULONG DisableUserClaimsCount, + _In_opt_ PUNICODE_STRING UserClaimsToDisable, + _In_ ULONG DisableDeviceClaimsCount, + _In_opt_ PUNICODE_STRING DeviceClaimsToDisable, + _In_opt_ PTOKEN_GROUPS DeviceGroupsToDisable, + _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedUserAttributes, + _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedDeviceAttributes, + _In_opt_ PTOKEN_GROUPS RestrictedDeviceGroups, + _Out_ PHANDLE NewTokenHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFindAtom( + _In_reads_bytes_opt_(Length) PWSTR AtomName, + _In_ ULONG Length, + _Out_opt_ PRTL_ATOM Atom + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFlushBuffersFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFlushBuffersFileEx( + _In_ HANDLE FileHandle, + _In_ ULONG Flags, + _In_reads_bytes_(ParametersSize) PVOID Parameters, + _In_ ULONG ParametersSize, + _Out_ PIO_STATUS_BLOCK IoStatusBlock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFlushInstallUILanguage( + _In_ LANGID InstallUILanguage, + _In_ ULONG SetComittedFlag + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFlushInstructionCache( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _In_ SIZE_T Length + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFlushKey( + _In_ HANDLE KeyHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFlushProcessWriteBuffers( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFlushVirtualMemory( + _In_ HANDLE ProcessHandle, + _Inout_ PVOID *BaseAddress, + _Inout_ PSIZE_T RegionSize, + _Out_ PIO_STATUS_BLOCK IoStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFlushWriteBuffer( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFreeUserPhysicalPages( + _In_ HANDLE ProcessHandle, + _Inout_ PULONG_PTR NumberOfPages, + _In_reads_(*NumberOfPages) PULONG_PTR UserPfnArray + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFreeVirtualMemory( + _In_ HANDLE ProcessHandle, + _Inout_ PVOID *BaseAddress, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG FreeType + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFreezeRegistry( + _In_ ULONG TimeOutInSeconds + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFreezeTransactions( + _In_ PLARGE_INTEGER FreezeTimeout, + _In_ PLARGE_INTEGER ThawTimeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwFsControlFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG FsControlCode, + _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, + _In_ ULONG InputBufferLength, + _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, + _In_ ULONG OutputBufferLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwGetCachedSigningLevel( + _In_ HANDLE File, + _Out_ PULONG Flags, + _Out_ PSE_SIGNING_LEVEL SigningLevel, + _Out_writes_bytes_to_opt_(*ThumbprintSize, *ThumbprintSize) PUCHAR Thumbprint, + _Inout_opt_ PULONG ThumbprintSize, + _Out_opt_ PULONG ThumbprintAlgorithm + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwGetCompleteWnfStateSubscription( + _In_opt_ PWNF_STATE_NAME OldDescriptorStateName, + _In_opt_ ULONG64 *OldSubscriptionId, + _In_opt_ ULONG OldDescriptorEventMask, + _In_opt_ ULONG OldDescriptorStatus, + _Out_writes_bytes_(DescriptorSize) PWNF_DELIVERY_DESCRIPTOR NewDeliveryDescriptor, + _In_ ULONG DescriptorSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwGetContextThread( + _In_ HANDLE ThreadHandle, + _Inout_ PCONTEXT ThreadContext + ); + +NTSYSCALLAPI +ULONG +NTAPI +ZwGetCurrentProcessorNumber( + VOID + ); + +NTSYSCALLAPI +ULONG +NTAPI +ZwGetCurrentProcessorNumberEx( + _Out_opt_ PPROCESSOR_NUMBER ProcessorNumber + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwGetDevicePowerState( + _In_ HANDLE Device, + _Out_ PDEVICE_POWER_STATE State + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwGetMUIRegistryInfo( + _In_ ULONG Flags, + _Inout_ PULONG DataSize, + _Out_ PVOID Data + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwGetNextProcess( + _In_opt_ HANDLE ProcessHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ ULONG HandleAttributes, + _In_ ULONG Flags, + _Out_ PHANDLE NewProcessHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwGetNextThread( + _In_ HANDLE ProcessHandle, + _In_opt_ HANDLE ThreadHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ ULONG HandleAttributes, + _In_ ULONG Flags, + _Out_ PHANDLE NewThreadHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwGetNlsSectionPtr( + _In_ ULONG SectionType, + _In_ ULONG SectionData, + _In_ PVOID ContextData, + _Out_ PVOID *SectionPointer, + _Out_ PULONG SectionSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwGetNotificationResourceManager( + _In_ HANDLE ResourceManagerHandle, + _Out_ PTRANSACTION_NOTIFICATION TransactionNotification, + _In_ ULONG NotificationLength, + _In_opt_ PLARGE_INTEGER Timeout, + _Out_opt_ PULONG ReturnLength, + _In_ ULONG Asynchronous, + _In_opt_ ULONG_PTR AsynchronousContext + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwGetPlugPlayEvent( + _In_ HANDLE EventHandle, + _In_opt_ PVOID Context, + _Out_writes_bytes_(EventBufferSize) PPLUGPLAY_EVENT_BLOCK EventBlock, + _In_ ULONG EventBufferSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwGetWriteWatch( + _In_ HANDLE ProcessHandle, + _In_ ULONG Flags, + _In_ PVOID BaseAddress, + _In_ SIZE_T RegionSize, + _Out_writes_(*EntriesInUserAddressArray) PVOID *UserAddressArray, + _Inout_ PULONG_PTR EntriesInUserAddressArray, + _Out_ PULONG Granularity + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwImpersonateAnonymousToken( + _In_ HANDLE ThreadHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwImpersonateClientOfPort( + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE Message + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwImpersonateThread( + _In_ HANDLE ServerThreadHandle, + _In_ HANDLE ClientThreadHandle, + _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwInitializeEnclave( + _In_ HANDLE ProcessHandle, + _In_ PVOID BaseAddress, + _In_reads_bytes_(EnclaveInformationLength) PVOID EnclaveInformation, + _In_ ULONG EnclaveInformationLength, + _Out_opt_ PULONG EnclaveError + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwInitializeNlsFiles( + _Out_ PVOID *BaseAddress, + _Out_ PLCID DefaultLocaleId, + _Out_ PLARGE_INTEGER DefaultCasingTableSize, + _Out_opt_ PULONG CurrentNLSVersion + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwInitializeRegistry( + _In_ USHORT BootCondition + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwInitiatePowerAction( + _In_ POWER_ACTION SystemAction, + _In_ SYSTEM_POWER_STATE LightestSystemState, + _In_ ULONG Flags, // POWER_ACTION_* flags + _In_ BOOLEAN Asynchronous + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwIsProcessInJob( + _In_ HANDLE ProcessHandle, + _In_opt_ HANDLE JobHandle + ); + +NTSYSCALLAPI +BOOLEAN +NTAPI +ZwIsSystemResumeAutomatic( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwIsUILanguageComitted( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwListenPort( + _In_ HANDLE PortHandle, + _Out_ PPORT_MESSAGE ConnectionRequest + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwLoadDriver( + _In_ PUNICODE_STRING DriverServiceName + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwLoadEnclaveData( + _In_ HANDLE ProcessHandle, + _In_ PVOID BaseAddress, + _In_reads_bytes_(BufferSize) PVOID Buffer, + _In_ SIZE_T BufferSize, + _In_ ULONG Protect, + _In_reads_bytes_(PageInformationLength) PVOID PageInformation, + _In_ ULONG PageInformationLength, + _Out_opt_ PSIZE_T NumberOfBytesWritten, + _Out_opt_ PULONG EnclaveError + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwLoadKey( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_ POBJECT_ATTRIBUTES SourceFile + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwLoadKey2( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_ POBJECT_ATTRIBUTES SourceFile, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwLoadKey3( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_ POBJECT_ATTRIBUTES SourceFile, + _In_ ULONG Flags, + _In_reads_(ExtendedParameterCount) PCM_EXTENDED_PARAMETER ExtendedParameters, + _In_ ULONG ExtendedParameterCount, + _In_opt_ ACCESS_MASK DesiredAccess, + _Out_opt_ PHANDLE RootHandle, + _Reserved_ PVOID Reserved + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwLoadKeyEx( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_ POBJECT_ATTRIBUTES SourceFile, + _In_ ULONG Flags, + _In_opt_ HANDLE TrustClassKey, // this and below were added on Win10 + _In_opt_ HANDLE Event, + _In_opt_ ACCESS_MASK DesiredAccess, + _Out_opt_ PHANDLE RootHandle, + _Reserved_ PVOID Reserved // previously PIO_STATUS_BLOCK + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwLockFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ PLARGE_INTEGER ByteOffset, + _In_ PLARGE_INTEGER Length, + _In_ ULONG Key, + _In_ BOOLEAN FailImmediately, + _In_ BOOLEAN ExclusiveLock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwLockProductActivationKeys( + _Inout_opt_ ULONG *pPrivateVer, + _Out_opt_ ULONG *pSafeMode + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwLockRegistryKey( + _In_ HANDLE KeyHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwLockVirtualMemory( + _In_ HANDLE ProcessHandle, + _Inout_ PVOID *BaseAddress, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG MapType + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwMakePermanentObject( + _In_ HANDLE Handle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwMakeTemporaryObject( + _In_ HANDLE Handle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwManagePartition( + _In_ HANDLE TargetHandle, + _In_opt_ HANDLE SourceHandle, + _In_ PARTITION_INFORMATION_CLASS PartitionInformationClass, + _Inout_updates_bytes_(PartitionInformationLength) PVOID PartitionInformation, + _In_ ULONG PartitionInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwMapCMFModule( + _In_ ULONG What, + _In_ ULONG Index, + _Out_opt_ PULONG CacheIndexOut, + _Out_opt_ PULONG CacheFlagsOut, + _Out_opt_ PULONG ViewSizeOut, + _Out_opt_ PVOID *BaseAddress + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwMapUserPhysicalPages( + _In_ PVOID VirtualAddress, + _In_ ULONG_PTR NumberOfPages, + _In_reads_opt_(NumberOfPages) PULONG_PTR UserPfnArray + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwMapUserPhysicalPagesScatter( + _In_reads_(NumberOfPages) PVOID *VirtualAddresses, + _In_ ULONG_PTR NumberOfPages, + _In_reads_opt_(NumberOfPages) PULONG_PTR UserPfnArray + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwMapViewOfSection( + _In_ HANDLE SectionHandle, + _In_ HANDLE ProcessHandle, + _Inout_ _At_(*BaseAddress, _Readable_bytes_(*ViewSize) _Writable_bytes_(*ViewSize) _Post_readable_byte_size_(*ViewSize)) PVOID *BaseAddress, + _In_ ULONG_PTR ZeroBits, + _In_ SIZE_T CommitSize, + _Inout_opt_ PLARGE_INTEGER SectionOffset, + _Inout_ PSIZE_T ViewSize, + _In_ SECTION_INHERIT InheritDisposition, + _In_ ULONG AllocationType, + _In_ ULONG Win32Protect + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwMapViewOfSectionEx( + _In_ HANDLE SectionHandle, + _In_ HANDLE ProcessHandle, + _Inout_ _At_(*BaseAddress, _Readable_bytes_(*ViewSize) _Writable_bytes_(*ViewSize) _Post_readable_byte_size_(*ViewSize)) PVOID *BaseAddress, + _Inout_opt_ PLARGE_INTEGER SectionOffset, + _Inout_ PSIZE_T ViewSize, + _In_ ULONG AllocationType, + _In_ ULONG Win32Protect, + _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters, + _In_ ULONG ExtendedParameterCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwModifyBootEntry( + _In_ PBOOT_ENTRY BootEntry + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwModifyDriverEntry( + _In_ PEFI_DRIVER_ENTRY DriverEntry + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwNotifyChangeDirectoryFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID Buffer, // FILE_NOTIFY_INFORMATION + _In_ ULONG Length, + _In_ ULONG CompletionFilter, + _In_ BOOLEAN WatchTree + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwNotifyChangeDirectoryFileEx( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID Buffer, + _In_ ULONG Length, + _In_ ULONG CompletionFilter, + _In_ BOOLEAN WatchTree, + _In_opt_ DIRECTORY_NOTIFY_INFORMATION_CLASS DirectoryNotifyInformationClass + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwNotifyChangeKey( + _In_ HANDLE KeyHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG CompletionFilter, + _In_ BOOLEAN WatchTree, + _Out_writes_bytes_opt_(BufferSize) PVOID Buffer, + _In_ ULONG BufferSize, + _In_ BOOLEAN Asynchronous + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwNotifyChangeMultipleKeys( + _In_ HANDLE MasterKeyHandle, + _In_opt_ ULONG Count, + _In_reads_opt_(Count) OBJECT_ATTRIBUTES SubordinateObjects[], + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG CompletionFilter, + _In_ BOOLEAN WatchTree, + _Out_writes_bytes_opt_(BufferSize) PVOID Buffer, + _In_ ULONG BufferSize, + _In_ BOOLEAN Asynchronous + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwNotifyChangeSession( + _In_ HANDLE SessionHandle, + _In_ ULONG ChangeSequenceNumber, + _In_ PLARGE_INTEGER ChangeTimeStamp, + _In_ IO_SESSION_EVENT Event, + _In_ IO_SESSION_STATE NewState, + _In_ IO_SESSION_STATE PreviousState, + _In_reads_bytes_opt_(PayloadSize) PVOID Payload, + _In_ ULONG PayloadSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenDirectoryObject( + _Out_ PHANDLE DirectoryHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenEnlistment( + _Out_ PHANDLE EnlistmentHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ HANDLE ResourceManagerHandle, + _In_ LPGUID EnlistmentGuid, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenEvent( + _Out_ PHANDLE EventHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenEventPair( + _Out_ PHANDLE EventPairHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenFile( + _Out_ PHANDLE FileHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ ULONG ShareAccess, + _In_ ULONG OpenOptions + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenIoCompletion( + _Out_ PHANDLE IoCompletionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenJobObject( + _Out_ PHANDLE JobHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenKey( + _Out_ PHANDLE KeyHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenKeyedEvent( + _Out_ PHANDLE KeyedEventHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenKeyEx( + _Out_ PHANDLE KeyHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG OpenOptions + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenKeyTransacted( + _Out_ PHANDLE KeyHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ HANDLE TransactionHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenKeyTransactedEx( + _Out_ PHANDLE KeyHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ ULONG OpenOptions, + _In_ HANDLE TransactionHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenMutant( + _Out_ PHANDLE MutantHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenObjectAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ PUNICODE_STRING ObjectTypeName, + _In_ PUNICODE_STRING ObjectName, + _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ HANDLE ClientToken, + _In_ ACCESS_MASK DesiredAccess, + _In_ ACCESS_MASK GrantedAccess, + _In_opt_ PPRIVILEGE_SET Privileges, + _In_ BOOLEAN ObjectCreation, + _In_ BOOLEAN AccessGranted, + _Out_ PBOOLEAN GenerateOnClose + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenPartition( + _Out_ PHANDLE PartitionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenPrivateNamespace( + _Out_ PHANDLE NamespaceHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ POBJECT_BOUNDARY_DESCRIPTOR BoundaryDescriptor + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenProcess( + _Out_ PHANDLE ProcessHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PCLIENT_ID ClientId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenProcessToken( + _In_ HANDLE ProcessHandle, + _In_ ACCESS_MASK DesiredAccess, + _Out_ PHANDLE TokenHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenProcessTokenEx( + _In_ HANDLE ProcessHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ ULONG HandleAttributes, + _Out_ PHANDLE TokenHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenResourceManager( + _Out_ PHANDLE ResourceManagerHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ HANDLE TmHandle, + _In_opt_ LPGUID ResourceManagerGuid, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenSection( + _Out_ PHANDLE SectionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenSemaphore( + _Out_ PHANDLE SemaphoreHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenSession( + _Out_ PHANDLE SessionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenSymbolicLinkObject( + _Out_ PHANDLE LinkHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenThread( + _Out_ PHANDLE ThreadHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PCLIENT_ID ClientId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenThreadToken( + _In_ HANDLE ThreadHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ BOOLEAN OpenAsSelf, + _Out_ PHANDLE TokenHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenThreadTokenEx( + _In_ HANDLE ThreadHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ BOOLEAN OpenAsSelf, + _In_ ULONG HandleAttributes, + _Out_ PHANDLE TokenHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenTimer( + _Out_ PHANDLE TimerHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ POBJECT_ATTRIBUTES ObjectAttributes + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenTransaction( + _Out_ PHANDLE TransactionHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_ LPGUID Uow, + _In_opt_ HANDLE TmHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwOpenTransactionManager( + _Out_ PHANDLE TmHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, + _In_opt_ PUNICODE_STRING LogFileName, + _In_opt_ LPGUID TmIdentity, + _In_opt_ ULONG OpenOptions + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwPlugPlayControl( + _In_ PLUGPLAY_CONTROL_CLASS PnPControlClass, + _Inout_updates_bytes_(PnPControlDataLength) PVOID PnPControlData, + _In_ ULONG PnPControlDataLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwPowerInformation( + _In_ POWER_INFORMATION_LEVEL InformationLevel, + _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, + _In_ ULONG InputBufferLength, + _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, + _In_ ULONG OutputBufferLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwPrepareComplete( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwPrepareEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwPrePrepareComplete( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwPrePrepareEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwPrivilegeCheck( + _In_ HANDLE ClientToken, + _Inout_ PPRIVILEGE_SET RequiredPrivileges, + _Out_ PBOOLEAN Result + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwPrivilegedServiceAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_ PUNICODE_STRING ServiceName, + _In_ HANDLE ClientToken, + _In_ PPRIVILEGE_SET Privileges, + _In_ BOOLEAN AccessGranted + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwPrivilegeObjectAuditAlarm( + _In_ PUNICODE_STRING SubsystemName, + _In_opt_ PVOID HandleId, + _In_ HANDLE ClientToken, + _In_ ACCESS_MASK DesiredAccess, + _In_ PPRIVILEGE_SET Privileges, + _In_ BOOLEAN AccessGranted + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwPropagationComplete( + _In_ HANDLE ResourceManagerHandle, + _In_ ULONG RequestCookie, + _In_ ULONG BufferLength, + _In_ PVOID Buffer + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwPropagationFailed( + _In_ HANDLE ResourceManagerHandle, + _In_ ULONG RequestCookie, + _In_ NTSTATUS PropStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwProtectVirtualMemory( + _In_ HANDLE ProcessHandle, + _Inout_ PVOID *BaseAddress, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG NewProtect, + _Out_ PULONG OldProtect + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwPssCaptureVaSpaceBulk( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _In_ PNTPSS_MEMORY_BULK_INFORMATION BulkInformation, + _In_ SIZE_T BulkInformationLength, + _Out_opt_ PSIZE_T ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwPulseEvent( + _In_ HANDLE EventHandle, + _Out_opt_ PLONG PreviousState + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryAttributesFile( + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PFILE_BASIC_INFORMATION FileInformation + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryAuxiliaryCounterFrequency( + _Out_ PLARGE_INTEGER AuxiliaryCounterFrequency + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryBootEntryOrder( + _Out_writes_opt_(*Count) PULONG Ids, + _Inout_ PULONG Count + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryBootOptions( + _Out_writes_bytes_opt_(*BootOptionsLength) PBOOT_OPTIONS BootOptions, + _Inout_ PULONG BootOptionsLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryDebugFilterState( + _In_ ULONG ComponentId, + _In_ ULONG Level + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryDefaultLocale( + _In_ BOOLEAN UserProfile, + _Out_ PLCID DefaultLocaleId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryDefaultUILanguage( + _Out_ LANGID *DefaultUILanguageId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryDirectoryFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID FileInformation, + _In_ ULONG Length, + _In_ FILE_INFORMATION_CLASS FileInformationClass, + _In_ BOOLEAN ReturnSingleEntry, + _In_opt_ PUNICODE_STRING FileName, + _In_ BOOLEAN RestartScan + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryDirectoryFileEx( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID FileInformation, + _In_ ULONG Length, + _In_ FILE_INFORMATION_CLASS FileInformationClass, + _In_ ULONG QueryFlags, + _In_opt_ PUNICODE_STRING FileName + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryDirectoryObject( + _In_ HANDLE DirectoryHandle, + _Out_writes_bytes_opt_(Length) PVOID Buffer, + _In_ ULONG Length, + _In_ BOOLEAN ReturnSingleEntry, + _In_ BOOLEAN RestartScan, + _Inout_ PULONG Context, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryDriverEntryOrder( + _Out_writes_opt_(*Count) PULONG Ids, + _Inout_ PULONG Count + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryEaFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID Buffer, + _In_ ULONG Length, + _In_ BOOLEAN ReturnSingleEntry, + _In_reads_bytes_opt_(EaListLength) PVOID EaList, + _In_ ULONG EaListLength, + _In_opt_ PULONG EaIndex, + _In_ BOOLEAN RestartScan + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryEvent( + _In_ HANDLE EventHandle, + _In_ EVENT_INFORMATION_CLASS EventInformationClass, + _Out_writes_bytes_(EventInformationLength) PVOID EventInformation, + _In_ ULONG EventInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryFullAttributesFile( + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInformationAtom( + _In_ RTL_ATOM Atom, + _In_ ATOM_INFORMATION_CLASS AtomInformationClass, + _Out_writes_bytes_(AtomInformationLength) PVOID AtomInformation, + _In_ ULONG AtomInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInformationByName( + _In_ POBJECT_ATTRIBUTES ObjectAttributes, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID FileInformation, + _In_ ULONG Length, + _In_ FILE_INFORMATION_CLASS FileInformationClass + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInformationEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, + _Out_writes_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation, + _In_ ULONG EnlistmentInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInformationFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID FileInformation, + _In_ ULONG Length, + _In_ FILE_INFORMATION_CLASS FileInformationClass + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInformationJobObject( + _In_opt_ HANDLE JobHandle, + _In_ JOBOBJECTINFOCLASS JobObjectInformationClass, + _Out_writes_bytes_(JobObjectInformationLength) PVOID JobObjectInformation, + _In_ ULONG JobObjectInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInformationPort( + _In_ HANDLE PortHandle, + _In_ PORT_INFORMATION_CLASS PortInformationClass, + _Out_writes_bytes_to_(Length, *ReturnLength) PVOID PortInformation, + _In_ ULONG Length, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInformationProcess( + _In_ HANDLE ProcessHandle, + _In_ PROCESSINFOCLASS ProcessInformationClass, + _Out_writes_bytes_(ProcessInformationLength) PVOID ProcessInformation, + _In_ ULONG ProcessInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInformationResourceManager( + _In_ HANDLE ResourceManagerHandle, + _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, + _Out_writes_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation, + _In_ ULONG ResourceManagerInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInformationThread( + _In_ HANDLE ThreadHandle, + _In_ THREADINFOCLASS ThreadInformationClass, + _Out_writes_bytes_(ThreadInformationLength) PVOID ThreadInformation, + _In_ ULONG ThreadInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInformationToken( + _In_ HANDLE TokenHandle, + _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, + _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, + _In_ ULONG TokenInformationLength, + _Out_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInformationTransaction( + _In_ HANDLE TransactionHandle, + _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass, + _Out_writes_bytes_(TransactionInformationLength) PVOID TransactionInformation, + _In_ ULONG TransactionInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInformationTransactionManager( + _In_ HANDLE TransactionManagerHandle, + _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass, + _Out_writes_bytes_(TransactionManagerInformationLength) PVOID TransactionManagerInformation, + _In_ ULONG TransactionManagerInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInformationWorkerFactory( + _In_ HANDLE WorkerFactoryHandle, + _In_ WORKERFACTORYINFOCLASS WorkerFactoryInformationClass, + _Out_writes_bytes_(WorkerFactoryInformationLength) PVOID WorkerFactoryInformation, + _In_ ULONG WorkerFactoryInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryInstallUILanguage( + _Out_ LANGID *InstallUILanguageId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryIntervalProfile( + _In_ KPROFILE_SOURCE ProfileSource, + _Out_ PULONG Interval + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryIoCompletion( + _In_ HANDLE IoCompletionHandle, + _In_ IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass, + _Out_writes_bytes_(IoCompletionInformationLength) PVOID IoCompletionInformation, + _In_ ULONG IoCompletionInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryIoRingCapabilities( + _In_ SIZE_T IoRingCapabilitiesLength, + _Out_ PVOID IoRingCapabilities + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryKey( + _In_ HANDLE KeyHandle, + _In_ KEY_INFORMATION_CLASS KeyInformationClass, + _Out_writes_bytes_opt_(Length) PVOID KeyInformation, + _In_ ULONG Length, + _Out_ PULONG ResultLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryLicenseValue( + _In_ PUNICODE_STRING ValueName, + _Out_opt_ PULONG Type, + _Out_writes_bytes_to_opt_(DataSize, *ResultDataSize) PVOID Data, + _In_ ULONG DataSize, + _Out_ PULONG ResultDataSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryMultipleValueKey( + _In_ HANDLE KeyHandle, + _Inout_updates_(EntryCount) PKEY_VALUE_ENTRY ValueEntries, + _In_ ULONG EntryCount, + _Out_writes_bytes_(*BufferLength) PVOID ValueBuffer, + _Inout_ PULONG BufferLength, + _Out_opt_ PULONG RequiredBufferLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryMutant( + _In_ HANDLE MutantHandle, + _In_ MUTANT_INFORMATION_CLASS MutantInformationClass, + _Out_writes_bytes_(MutantInformationLength) PVOID MutantInformation, + _In_ ULONG MutantInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryObject( + _In_opt_ HANDLE Handle, + _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, + _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, + _In_ ULONG ObjectInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryOpenSubKeys( + _In_ POBJECT_ATTRIBUTES TargetKey, + _Out_ PULONG HandleCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryOpenSubKeysEx( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_ ULONG BufferLength, + _Out_writes_bytes_opt_(BufferLength) PVOID Buffer, + _Out_ PULONG RequiredSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryPerformanceCounter( + _Out_ PLARGE_INTEGER PerformanceCounter, + _Out_opt_ PLARGE_INTEGER PerformanceFrequency + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryPortInformationProcess( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryQuotaInformationFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID Buffer, + _In_ ULONG Length, + _In_ BOOLEAN ReturnSingleEntry, + _In_reads_bytes_opt_(SidListLength) PVOID SidList, + _In_ ULONG SidListLength, + _In_opt_ PSID StartSid, + _In_ BOOLEAN RestartScan + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQuerySection( + _In_ HANDLE SectionHandle, + _In_ SECTION_INFORMATION_CLASS SectionInformationClass, + _Out_writes_bytes_(SectionInformationLength) PVOID SectionInformation, + _In_ SIZE_T SectionInformationLength, + _Out_opt_ PSIZE_T ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQuerySecurityAttributesToken( + _In_ HANDLE TokenHandle, + _In_reads_opt_(NumberOfAttributes) PUNICODE_STRING Attributes, + _In_ ULONG NumberOfAttributes, + _Out_writes_bytes_(Length) PVOID Buffer, // PTOKEN_SECURITY_ATTRIBUTES_INFORMATION + _In_ ULONG Length, + _Out_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQuerySecurityObject( + _In_ HANDLE Handle, + _In_ SECURITY_INFORMATION SecurityInformation, + _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor, + _In_ ULONG Length, + _Out_ PULONG LengthNeeded + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQuerySemaphore( + _In_ HANDLE SemaphoreHandle, + _In_ SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass, + _Out_writes_bytes_(SemaphoreInformationLength) PVOID SemaphoreInformation, + _In_ ULONG SemaphoreInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQuerySymbolicLinkObject( + _In_ HANDLE LinkHandle, + _Inout_ PUNICODE_STRING LinkTarget, + _Out_opt_ PULONG ReturnedLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQuerySystemEnvironmentValue( + _In_ PUNICODE_STRING VariableName, + _Out_writes_bytes_(ValueLength) PWSTR VariableValue, + _In_ USHORT ValueLength, + _Out_opt_ PUSHORT ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQuerySystemEnvironmentValueEx( + _In_ PUNICODE_STRING VariableName, + _In_ PCGUID VendorGuid, + _Out_writes_bytes_opt_(*ValueLength) PVOID Value, + _Inout_ PULONG ValueLength, + _Out_opt_ PULONG Attributes // EFI_VARIABLE_* + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQuerySystemInformation( + _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, + _Out_writes_bytes_opt_(SystemInformationLength) PVOID SystemInformation, + _In_ ULONG SystemInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQuerySystemInformationEx( + _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, + _In_reads_bytes_(InputBufferLength) PVOID InputBuffer, + _In_ ULONG InputBufferLength, + _Out_writes_bytes_opt_(SystemInformationLength) PVOID SystemInformation, + _In_ ULONG SystemInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQuerySystemTime( + _Out_ PLARGE_INTEGER SystemTime + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryTimer( + _In_ HANDLE TimerHandle, + _In_ TIMER_INFORMATION_CLASS TimerInformationClass, + _Out_writes_bytes_(TimerInformationLength) PVOID TimerInformation, + _In_ ULONG TimerInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryTimerResolution( + _Out_ PULONG MaximumTime, + _Out_ PULONG MinimumTime, + _Out_ PULONG CurrentTime + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryValueKey( + _In_ HANDLE KeyHandle, + _In_ PUNICODE_STRING ValueName, + _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, + _Out_writes_bytes_opt_(Length) PVOID KeyValueInformation, + _In_ ULONG Length, + _Out_ PULONG ResultLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryVirtualMemory( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _In_ MEMORY_INFORMATION_CLASS MemoryInformationClass, + _Out_writes_bytes_(MemoryInformationLength) PVOID MemoryInformation, + _In_ SIZE_T MemoryInformationLength, + _Out_opt_ PSIZE_T ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryVolumeInformationFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID FsInformation, + _In_ ULONG Length, + _In_ FSINFOCLASS FsInformationClass + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryWnfStateData( + _In_ PCWNF_STATE_NAME StateName, + _In_opt_ PCWNF_TYPE_ID TypeId, + _In_opt_ const VOID* ExplicitScope, + _Out_ PWNF_CHANGE_STAMP ChangeStamp, + _Out_writes_bytes_opt_(*BufferSize) PVOID Buffer, + _Inout_ PULONG BufferSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueryWnfStateNameInformation( + _In_ PCWNF_STATE_NAME StateName, + _In_ WNF_STATE_NAME_INFORMATION NameInfoClass, + _In_opt_ const VOID* ExplicitScope, + _Out_writes_bytes_(InfoBufferSize) PVOID InfoBuffer, + _In_ ULONG InfoBufferSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueueApcThread( + _In_ HANDLE ThreadHandle, + _In_ PPS_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcArgument1, + _In_opt_ PVOID ApcArgument2, + _In_opt_ PVOID ApcArgument3 + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueueApcThreadEx( + _In_ HANDLE ThreadHandle, + _In_opt_ HANDLE ReserveHandle, // NtAllocateReserveObject // SPECIAL_USER_APC + _In_ PPS_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcArgument1, + _In_opt_ PVOID ApcArgument2, + _In_opt_ PVOID ApcArgument3 + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwQueueApcThreadEx2( + _In_ HANDLE ThreadHandle, + _In_opt_ HANDLE ReserveHandle, // NtAllocateReserveObject + _In_ ULONG ApcFlags, // QUEUE_USER_APC_FLAGS + _In_ PPS_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcArgument1, + _In_opt_ PVOID ApcArgument2, + _In_opt_ PVOID ApcArgument3 + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRaiseException( + _In_ PEXCEPTION_RECORD ExceptionRecord, + _In_ PCONTEXT ContextRecord, + _In_ BOOLEAN FirstChance + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRaiseHardError( + _In_ NTSTATUS ErrorStatus, + _In_ ULONG NumberOfParameters, + _In_ ULONG UnicodeStringParameterMask, + _In_reads_(NumberOfParameters) PULONG_PTR Parameters, + _In_ ULONG ValidResponseOptions, + _Out_ PULONG Response + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReadFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _Out_writes_bytes_(Length) PVOID Buffer, + _In_ ULONG Length, + _In_opt_ PLARGE_INTEGER ByteOffset, + _In_opt_ PULONG Key + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReadFileScatter( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ PFILE_SEGMENT_ELEMENT SegmentArray, + _In_ ULONG Length, + _In_opt_ PLARGE_INTEGER ByteOffset, + _In_opt_ PULONG Key + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReadOnlyEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReadRequestData( + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE Message, + _In_ ULONG DataEntryIndex, + _Out_writes_bytes_to_(BufferSize, *NumberOfBytesRead) PVOID Buffer, + _In_ SIZE_T BufferSize, + _Out_opt_ PSIZE_T NumberOfBytesRead + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReadVirtualMemory( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _Out_writes_bytes_(BufferSize) PVOID Buffer, + _In_ SIZE_T BufferSize, + _Out_opt_ PSIZE_T NumberOfBytesRead + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReadVirtualMemoryEx( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _Out_writes_bytes_(BufferSize) PVOID Buffer, + _In_ SIZE_T BufferSize, + _Out_opt_ PSIZE_T NumberOfBytesRead, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRecoverEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PVOID EnlistmentKey + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRecoverResourceManager( + _In_ HANDLE ResourceManagerHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRecoverTransactionManager( + _In_ HANDLE TransactionManagerHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRegisterProtocolAddressInformation( + _In_ HANDLE ResourceManager, + _In_ PCRM_PROTOCOL_ID ProtocolId, + _In_ ULONG ProtocolInformationSize, + _In_ PVOID ProtocolInformation, + _In_opt_ ULONG CreateOptions + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRegisterThreadTerminatePort( + _In_ HANDLE PortHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReleaseCMFViewOwnership( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReleaseKeyedEvent( + _In_opt_ HANDLE KeyedEventHandle, + _In_ PVOID KeyValue, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReleaseMutant( + _In_ HANDLE MutantHandle, + _Out_opt_ PLONG PreviousCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReleaseSemaphore( + _In_ HANDLE SemaphoreHandle, + _In_ LONG ReleaseCount, + _Out_opt_ PLONG PreviousCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReleaseWorkerFactoryWorker( + _In_ HANDLE WorkerFactoryHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRemoveIoCompletion( + _In_ HANDLE IoCompletionHandle, + _Out_ PVOID *KeyContext, + _Out_ PVOID *ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRemoveIoCompletionEx( + _In_ HANDLE IoCompletionHandle, + _Out_writes_to_(Count, *NumEntriesRemoved) PFILE_IO_COMPLETION_INFORMATION IoCompletionInformation, + _In_ ULONG Count, + _Out_ PULONG NumEntriesRemoved, + _In_opt_ PLARGE_INTEGER Timeout, + _In_ BOOLEAN Alertable + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRemoveProcessDebug( + _In_ HANDLE ProcessHandle, + _In_ HANDLE DebugObjectHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRenameKey( + _In_ HANDLE KeyHandle, + _In_ PUNICODE_STRING NewName + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRenameTransactionManager( + _In_ PUNICODE_STRING LogFileName, + _In_ LPGUID ExistingTransactionManagerGuid + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReplaceKey( + _In_ POBJECT_ATTRIBUTES NewFile, + _In_ HANDLE TargetHandle, + _In_ POBJECT_ATTRIBUTES OldFile + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReplacePartitionUnit( + _In_ PUNICODE_STRING TargetInstancePath, + _In_ PUNICODE_STRING SpareInstancePath, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReplyPort( + _In_ HANDLE PortHandle, + _In_reads_bytes_(ReplyMessage->u1.s1.TotalLength) PPORT_MESSAGE ReplyMessage + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReplyWaitReceivePort( + _In_ HANDLE PortHandle, + _Out_opt_ PVOID *PortContext, + _In_reads_bytes_opt_(ReplyMessage->u1.s1.TotalLength) PPORT_MESSAGE ReplyMessage, + _Out_ PPORT_MESSAGE ReceiveMessage + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReplyWaitReceivePortEx( + _In_ HANDLE PortHandle, + _Out_opt_ PVOID *PortContext, + _In_reads_bytes_opt_(ReplyMessage->u1.s1.TotalLength) PPORT_MESSAGE ReplyMessage, + _Out_ PPORT_MESSAGE ReceiveMessage, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwReplyWaitReplyPort( + _In_ HANDLE PortHandle, + _Inout_ PPORT_MESSAGE ReplyMessage + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRequestPort( + _In_ HANDLE PortHandle, + _In_reads_bytes_(RequestMessage->u1.s1.TotalLength) PPORT_MESSAGE RequestMessage + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRequestWaitReplyPort( + _In_ HANDLE PortHandle, + _In_reads_bytes_(RequestMessage->u1.s1.TotalLength) PPORT_MESSAGE RequestMessage, + _Out_ PPORT_MESSAGE ReplyMessage + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRequestWakeupLatency( + _In_ LATENCY_TIME latency + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwResetEvent( + _In_ HANDLE EventHandle, + _Out_opt_ PLONG PreviousState + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwResetWriteWatch( + _In_ HANDLE ProcessHandle, + _In_ PVOID BaseAddress, + _In_ SIZE_T RegionSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRestoreKey( + _In_ HANDLE KeyHandle, + _In_ HANDLE FileHandle, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwResumeProcess( + _In_ HANDLE ProcessHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwResumeThread( + _In_ HANDLE ThreadHandle, + _Out_opt_ PULONG PreviousSuspendCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRevertContainerImpersonation( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRollbackComplete( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRollbackEnlistment( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRollbackTransaction( + _In_ HANDLE TransactionHandle, + _In_ BOOLEAN Wait + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwRollforwardTransactionManager( + _In_ HANDLE TransactionManagerHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSaveKey( + _In_ HANDLE KeyHandle, + _In_ HANDLE FileHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSaveKeyEx( + _In_ HANDLE KeyHandle, + _In_ HANDLE FileHandle, + _In_ ULONG Format + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSaveMergedKeys( + _In_ HANDLE HighPrecedenceKeyHandle, + _In_ HANDLE LowPrecedenceKeyHandle, + _In_ HANDLE FileHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSecureConnectPort( + _Out_ PHANDLE PortHandle, + _In_ PUNICODE_STRING PortName, + _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos, + _Inout_opt_ PPORT_VIEW ClientView, + _In_opt_ PSID RequiredServerSid, + _Inout_opt_ PREMOTE_PORT_VIEW ServerView, + _Out_opt_ PULONG MaxMessageLength, + _Inout_updates_bytes_to_opt_(*ConnectionInformationLength, *ConnectionInformationLength) PVOID ConnectionInformation, + _Inout_opt_ PULONG ConnectionInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSerializeBoot( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetBootEntryOrder( + _In_reads_(Count) PULONG Ids, + _In_ ULONG Count + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetBootOptions( + _In_ PBOOT_OPTIONS BootOptions, + _In_ ULONG FieldsToChange + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetCachedSigningLevel( + _In_ ULONG Flags, + _In_ SE_SIGNING_LEVEL InputSigningLevel, + _In_reads_(SourceFileCount) PHANDLE SourceFiles, + _In_ ULONG SourceFileCount, + _In_opt_ HANDLE TargetFile + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetContextThread( + _In_ HANDLE ThreadHandle, + _In_ PCONTEXT ThreadContext + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetDebugFilterState( + _In_ ULONG ComponentId, + _In_ ULONG Level, + _In_ BOOLEAN State + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetDefaultHardErrorPort( + _In_ HANDLE DefaultHardErrorPort + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetDefaultLocale( + _In_ BOOLEAN UserProfile, + _In_ LCID DefaultLocaleId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetDefaultUILanguage( + _In_ LANGID DefaultUILanguageId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetDriverEntryOrder( + _In_reads_(Count) PULONG Ids, + _In_ ULONG Count + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetEaFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_reads_bytes_(Length) PVOID Buffer, + _In_ ULONG Length + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetEvent( + _In_ HANDLE EventHandle, + _Out_opt_ PLONG PreviousState + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetEventBoostPriority( + _In_ HANDLE EventHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetHighEventPair( + _In_ HANDLE EventPairHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetHighWaitLowEventPair( + _In_ HANDLE EventPairHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationDebugObject( + _In_ HANDLE DebugObjectHandle, + _In_ DEBUGOBJECTINFOCLASS DebugObjectInformationClass, + _In_ PVOID DebugInformation, + _In_ ULONG DebugInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationEnlistment( + _In_opt_ HANDLE EnlistmentHandle, + _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, + _In_reads_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation, + _In_ ULONG EnlistmentInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_reads_bytes_(Length) PVOID FileInformation, + _In_ ULONG Length, + _In_ FILE_INFORMATION_CLASS FileInformationClass + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationIoRing( + _In_ HANDLE IoRingHandle, + _In_ ULONG IoRingInformationClass, + _In_ ULONG IoRingInformationLength, + _In_ PVOID IoRingInformation + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationJobObject( + _In_ HANDLE JobHandle, + _In_ JOBOBJECTINFOCLASS JobObjectInformationClass, + _In_reads_bytes_(JobObjectInformationLength) PVOID JobObjectInformation, + _In_ ULONG JobObjectInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationKey( + _In_ HANDLE KeyHandle, + _In_ KEY_SET_INFORMATION_CLASS KeySetInformationClass, + _In_reads_bytes_(KeySetInformationLength) PVOID KeySetInformation, + _In_ ULONG KeySetInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationObject( + _In_ HANDLE Handle, + _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, + _In_reads_bytes_(ObjectInformationLength) PVOID ObjectInformation, + _In_ ULONG ObjectInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationProcess( + _In_ HANDLE ProcessHandle, + _In_ PROCESSINFOCLASS ProcessInformationClass, + _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation, + _In_ ULONG ProcessInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationResourceManager( + _In_ HANDLE ResourceManagerHandle, + _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, + _In_reads_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation, + _In_ ULONG ResourceManagerInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationSymbolicLink( + _In_ HANDLE LinkHandle, + _In_ SYMBOLIC_LINK_INFO_CLASS SymbolicLinkInformationClass, + _In_reads_bytes_(SymbolicLinkInformationLength) PVOID SymbolicLinkInformation, + _In_ ULONG SymbolicLinkInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationThread( + _In_ HANDLE ThreadHandle, + _In_ THREADINFOCLASS ThreadInformationClass, + _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, + _In_ ULONG ThreadInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationToken( + _In_ HANDLE TokenHandle, + _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, + _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, + _In_ ULONG TokenInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationTransaction( + _In_ HANDLE TransactionHandle, + _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass, + _In_reads_bytes_(TransactionInformationLength) PVOID TransactionInformation, + _In_ ULONG TransactionInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationTransactionManager( + _In_opt_ HANDLE TmHandle, + _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass, + _In_reads_bytes_(TransactionManagerInformationLength) PVOID TransactionManagerInformation, + _In_ ULONG TransactionManagerInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationVirtualMemory( + _In_ HANDLE ProcessHandle, + _In_ VIRTUAL_MEMORY_INFORMATION_CLASS VmInformationClass, + _In_ ULONG_PTR NumberOfEntries, + _In_reads_(NumberOfEntries) PMEMORY_RANGE_ENTRY VirtualAddresses, + _In_reads_bytes_(VmInformationLength) PVOID VmInformation, + _In_ ULONG VmInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetInformationWorkerFactory( + _In_ HANDLE WorkerFactoryHandle, + _In_ WORKERFACTORYINFOCLASS WorkerFactoryInformationClass, + _In_reads_bytes_(WorkerFactoryInformationLength) PVOID WorkerFactoryInformation, + _In_ ULONG WorkerFactoryInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetIntervalProfile( + _In_ ULONG Interval, + _In_ KPROFILE_SOURCE Source + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetIoCompletion( + _In_ HANDLE IoCompletionHandle, + _In_opt_ PVOID KeyContext, + _In_opt_ PVOID ApcContext, + _In_ NTSTATUS IoStatus, + _In_ ULONG_PTR IoStatusInformation + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetIoCompletionEx( + _In_ HANDLE IoCompletionHandle, + _In_ HANDLE IoCompletionPacketHandle, + _In_opt_ PVOID KeyContext, + _In_opt_ PVOID ApcContext, + _In_ NTSTATUS IoStatus, + _In_ ULONG_PTR IoStatusInformation + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetIRTimer( + _In_ HANDLE TimerHandle, + _In_opt_ PLARGE_INTEGER DueTime + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetLdtEntries( + _In_ ULONG Selector0, + _In_ ULONG Entry0Low, + _In_ ULONG Entry0Hi, + _In_ ULONG Selector1, + _In_ ULONG Entry1Low, + _In_ ULONG Entry1Hi + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetLowEventPair( + _In_ HANDLE EventPairHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetLowWaitHighEventPair( + _In_ HANDLE EventPairHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetQuotaInformationFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_reads_bytes_(Length) PVOID Buffer, + _In_ ULONG Length + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetSecurityObject( + _In_ HANDLE Handle, + _In_ SECURITY_INFORMATION SecurityInformation, + _In_ PSECURITY_DESCRIPTOR SecurityDescriptor + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetSystemEnvironmentValue( + _In_ PUNICODE_STRING VariableName, + _In_ PUNICODE_STRING VariableValue + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetSystemEnvironmentValueEx( + _In_ PUNICODE_STRING VariableName, + _In_ PCGUID VendorGuid, + _In_reads_bytes_opt_(ValueLength) PVOID Value, + _In_ ULONG ValueLength, // 0 = delete variable + _In_ ULONG Attributes // EFI_VARIABLE_* + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetSystemInformation( + _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, + _In_reads_bytes_opt_(SystemInformationLength) PVOID SystemInformation, + _In_ ULONG SystemInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetSystemPowerState( + _In_ POWER_ACTION SystemAction, + _In_ SYSTEM_POWER_STATE LightestSystemState, + _In_ ULONG Flags // POWER_ACTION_* flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetSystemTime( + _In_opt_ PLARGE_INTEGER SystemTime, + _Out_opt_ PLARGE_INTEGER PreviousTime + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetThreadExecutionState( + _In_ EXECUTION_STATE NewFlags, // ES_* flags + _Out_ EXECUTION_STATE *PreviousFlags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetTimer( + _In_ HANDLE TimerHandle, + _In_ PLARGE_INTEGER DueTime, + _In_opt_ PTIMER_APC_ROUTINE TimerApcRoutine, + _In_opt_ PVOID TimerContext, + _In_ BOOLEAN ResumeTimer, + _In_opt_ LONG Period, + _Out_opt_ PBOOLEAN PreviousState + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetTimer2( + _In_ HANDLE TimerHandle, + _In_ PLARGE_INTEGER DueTime, + _In_opt_ PLARGE_INTEGER Period, + _In_ PT2_SET_PARAMETERS Parameters + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetTimerEx( + _In_ HANDLE TimerHandle, + _In_ TIMER_SET_INFORMATION_CLASS TimerSetInformationClass, + _Inout_updates_bytes_opt_(TimerSetInformationLength) PVOID TimerSetInformation, + _In_ ULONG TimerSetInformationLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetTimerResolution( + _In_ ULONG DesiredTime, + _In_ BOOLEAN SetResolution, + _Out_ PULONG ActualTime + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetUuidSeed( + _In_ PCHAR Seed + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetValueKey( + _In_ HANDLE KeyHandle, + _In_ PUNICODE_STRING ValueName, + _In_opt_ ULONG TitleIndex, + _In_ ULONG Type, + _In_reads_bytes_opt_(DataSize) PVOID Data, + _In_ ULONG DataSize + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetVolumeInformationFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_reads_bytes_(Length) PVOID FsInformation, + _In_ ULONG Length, + _In_ FSINFOCLASS FsInformationClass + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSetWnfProcessNotificationEvent( + _In_ HANDLE NotificationEvent + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwShutdownSystem( + _In_ SHUTDOWN_ACTION Action + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwShutdownWorkerFactory( + _In_ HANDLE WorkerFactoryHandle, + _Inout_ volatile LONG *PendingWorkerCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSignalAndWaitForSingleObject( + _In_ HANDLE SignalHandle, + _In_ HANDLE WaitHandle, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSinglePhaseReject( + _In_ HANDLE EnlistmentHandle, + _In_opt_ PLARGE_INTEGER TmVirtualClock + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwStartProfile( + _In_ HANDLE ProfileHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwStopProfile( + _In_ HANDLE ProfileHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSubmitIoRing( + _In_ HANDLE IoRingHandle, + _In_ ULONG Flags, + _In_opt_ ULONG WaitOperations, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSubscribeWnfStateChange( + _In_ PCWNF_STATE_NAME StateName, + _In_opt_ WNF_CHANGE_STAMP ChangeStamp, + _In_ ULONG EventMask, + _Out_opt_ PULONG64 SubscriptionId + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSuspendProcess( + _In_ HANDLE ProcessHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSuspendThread( + _In_ HANDLE ThreadHandle, + _Out_opt_ PULONG PreviousSuspendCount + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwSystemDebugControl( + _In_ SYSDBG_COMMAND Command, + _Inout_updates_bytes_opt_(InputBufferLength) PVOID InputBuffer, + _In_ ULONG InputBufferLength, + _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, + _In_ ULONG OutputBufferLength, + _Out_opt_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwTerminateEnclave( + _In_ PVOID BaseAddress, + _In_ ULONG Flags // TERMINATE_ENCLAVE_FLAG_* + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwTerminateJobObject( + _In_ HANDLE JobHandle, + _In_ NTSTATUS ExitStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwTerminateProcess( + _In_opt_ HANDLE ProcessHandle, + _In_ NTSTATUS ExitStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwTerminateThread( + _In_opt_ HANDLE ThreadHandle, + _In_ NTSTATUS ExitStatus + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwTestAlert( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwThawRegistry( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwThawTransactions( + VOID + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwTraceControl( + _In_ ETWTRACECONTROLCODE TraceControlCode, + _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, + _In_ ULONG InputBufferLength, + _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, + _In_ ULONG OutputBufferLength, + _Out_ PULONG ReturnLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwTraceEvent( + _In_ HANDLE TraceHandle, + _In_ ULONG Flags, + _In_ ULONG FieldSize, + _In_ PVOID Fields + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwTranslateFilePath( + _In_ PFILE_PATH InputFilePath, + _In_ ULONG OutputType, + _Out_writes_bytes_opt_(*OutputFilePathLength) PFILE_PATH OutputFilePath, + _Inout_opt_ PULONG OutputFilePathLength + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwUmsThreadYield( + _In_ PVOID SchedulerParam + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwUnloadDriver( + _In_ PUNICODE_STRING DriverServiceName + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwUnloadKey( + _In_ POBJECT_ATTRIBUTES TargetKey + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwUnloadKey2( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwUnloadKeyEx( + _In_ POBJECT_ATTRIBUTES TargetKey, + _In_opt_ HANDLE Event + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwUnlockFile( + _In_ HANDLE FileHandle, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ PLARGE_INTEGER ByteOffset, + _In_ PLARGE_INTEGER Length, + _In_ ULONG Key + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwUnlockVirtualMemory( + _In_ HANDLE ProcessHandle, + _Inout_ PVOID *BaseAddress, + _Inout_ PSIZE_T RegionSize, + _In_ ULONG MapType + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwUnmapViewOfSection( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwUnmapViewOfSectionEx( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _In_ ULONG Flags + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwUnsubscribeWnfStateChange( + _In_ PCWNF_STATE_NAME StateName + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwUpdateWnfStateData( + _In_ PCWNF_STATE_NAME StateName, + _In_reads_bytes_opt_(Length) const VOID* Buffer, + _In_opt_ ULONG Length, + _In_opt_ PCWNF_TYPE_ID TypeId, + _In_opt_ const VOID* ExplicitScope, + _In_ WNF_CHANGE_STAMP MatchingChangeStamp, + _In_ LOGICAL CheckStamp + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwVdmControl( + _In_ VDMSERVICECLASS Service, + _Inout_ PVOID ServiceData + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWaitForAlertByThreadId( + _In_ PVOID Address, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWaitForDebugEvent( + _In_ HANDLE DebugObjectHandle, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout, + _Out_ PDBGUI_WAIT_STATE_CHANGE WaitStateChange + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWaitForKeyedEvent( + _In_opt_ HANDLE KeyedEventHandle, + _In_ PVOID KeyValue, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWaitForMultipleObjects( + _In_ ULONG Count, + _In_reads_(Count) HANDLE Handles[], + _In_ WAIT_TYPE WaitType, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWaitForMultipleObjects32( + _In_ ULONG Count, + _In_reads_(Count) LONG Handles[], + _In_ WAIT_TYPE WaitType, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWaitForSingleObject( + _In_ HANDLE Handle, + _In_ BOOLEAN Alertable, + _In_opt_ PLARGE_INTEGER Timeout + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWaitForWorkViaWorkerFactory( + _In_ HANDLE WorkerFactoryHandle, + _Out_writes_to_(Count, *PacketsReturned) PFILE_IO_COMPLETION_INFORMATION MiniPackets, + _In_ ULONG Count, + _Out_ PULONG PacketsReturned, + _In_ PWORKER_FACTORY_DEFERRED_WORK DeferredWork + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWaitHighEventPair( + _In_ HANDLE EventPairHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWaitLowEventPair( + _In_ HANDLE EventPairHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWorkerFactoryWorkerReady( + _In_ HANDLE WorkerFactoryHandle + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWriteFile( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_reads_bytes_(Length) PVOID Buffer, + _In_ ULONG Length, + _In_opt_ PLARGE_INTEGER ByteOffset, + _In_opt_ PULONG Key + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWriteFileGather( + _In_ HANDLE FileHandle, + _In_opt_ HANDLE Event, + _In_opt_ PIO_APC_ROUTINE ApcRoutine, + _In_opt_ PVOID ApcContext, + _Out_ PIO_STATUS_BLOCK IoStatusBlock, + _In_ PFILE_SEGMENT_ELEMENT SegmentArray, + _In_ ULONG Length, + _In_opt_ PLARGE_INTEGER ByteOffset, + _In_opt_ PULONG Key + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWriteRequestData( + _In_ HANDLE PortHandle, + _In_ PPORT_MESSAGE Message, + _In_ ULONG DataEntryIndex, + _In_reads_bytes_(BufferSize) PVOID Buffer, + _In_ SIZE_T BufferSize, + _Out_opt_ PSIZE_T NumberOfBytesWritten + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwWriteVirtualMemory( + _In_ HANDLE ProcessHandle, + _In_opt_ PVOID BaseAddress, + _In_reads_bytes_(BufferSize) PVOID Buffer, + _In_ SIZE_T BufferSize, + _Out_opt_ PSIZE_T NumberOfBytesWritten + ); + +NTSYSCALLAPI +NTSTATUS +NTAPI +ZwYieldExecution( + VOID + ); + +#endif diff --git a/deps/phnt-nightly/phnt.h b/deps/phnt-nightly/phnt.h new file mode 100644 index 0000000..6999473 --- /dev/null +++ b/deps/phnt-nightly/phnt.h @@ -0,0 +1,123 @@ +/* + * NT Header annotations + * + * This file is part of System Informer. + */ + +#ifndef _PHNT_H +#define _PHNT_H + +// This header file provides access to NT APIs. + +// Definitions are annotated to indicate their source. If a definition is not annotated, it has been +// retrieved from an official Microsoft source (NT headers, DDK headers, winnt.h). + +// * "winbase" indicates that a definition has been reconstructed from a Win32-ized NT definition in +// winbase.h. +// * "rev" indicates that a definition has been reverse-engineered. +// * "dbg" indicates that a definition has been obtained from a debug message or assertion in a +// checked build of the kernel or file. + +// Reliability: +// 1. No annotation. +// 2. dbg. +// 3. symbols, private. Types may be incorrect. +// 4. winbase. Names and types may be incorrect. +// 5. rev. + +// Mode +#define PHNT_MODE_KERNEL 0 +#define PHNT_MODE_USER 1 + +// Version +#define PHNT_WIN2K 50 +#define PHNT_WINXP 51 +#define PHNT_WS03 52 +#define PHNT_VISTA 60 +#define PHNT_WIN7 61 +#define PHNT_WIN8 62 +#define PHNT_WINBLUE 63 +#define PHNT_THRESHOLD 100 +#define PHNT_THRESHOLD2 101 +#define PHNT_REDSTONE 102 +#define PHNT_REDSTONE2 103 +#define PHNT_REDSTONE3 104 +#define PHNT_REDSTONE4 105 +#define PHNT_REDSTONE5 106 +#define PHNT_19H1 107 +#define PHNT_19H2 108 +#define PHNT_20H1 109 +#define PHNT_20H2 110 +#define PHNT_21H1 111 +#define PHNT_WIN10_21H2 112 +#define PHNT_WIN10_22H2 113 +#define PHNT_WIN11 114 +#define PHNT_WIN11_22H2 115 +#define PHNT_WIN11_23H2 116 + +#ifndef PHNT_MODE +#define PHNT_MODE PHNT_MODE_USER +#endif + +#ifndef PHNT_VERSION +#define PHNT_VERSION PHNT_WIN11 +#endif + +// Options + +//#define PHNT_NO_INLINE_INIT_STRING + +#ifdef __cplusplus +extern "C" { +#endif + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +#include +#include +#endif + +#include +#include +#include + +#include +#include +#include +#include + +#if (PHNT_MODE != PHNT_MODE_KERNEL) +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#endif + +#if (PHNT_MODE != PHNT_MODE_KERNEL) + +#include +#include +#include +#include + +#include + +#include +#include + +#include + +#include + +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/phnt-nightly/phnt_ntdef.h b/deps/phnt-nightly/phnt_ntdef.h new file mode 100644 index 0000000..9166d1a --- /dev/null +++ b/deps/phnt-nightly/phnt_ntdef.h @@ -0,0 +1,365 @@ +/* + * Native definition support + * + * This file is part of System Informer. + */ + +#ifndef _PHNT_NTDEF_H +#define _PHNT_NTDEF_H + +#ifndef _NTDEF_ +#define _NTDEF_ + +// This header file provides basic NT types not included in Win32. If you have included winnt.h +// (perhaps indirectly), you must use this file instead of ntdef.h. + +#ifndef NOTHING +#define NOTHING +#endif + +// Basic types + +typedef struct _QUAD +{ + union + { + __int64 UseThisFieldToCopy; + double DoNotUseThisField; + }; +} QUAD, *PQUAD; + +// This isn't in NT, but it's useful. +typedef struct DECLSPEC_ALIGN(MEMORY_ALLOCATION_ALIGNMENT) _QUAD_PTR +{ + ULONG_PTR DoNotUseThisField1; + ULONG_PTR DoNotUseThisField2; +} QUAD_PTR, *PQUAD_PTR; + +typedef ULONG LOGICAL; +typedef ULONG *PLOGICAL; + +typedef _Return_type_success_(return >= 0) LONG NTSTATUS; +typedef NTSTATUS *PNTSTATUS; + +// Cardinal types + +typedef char CCHAR; +typedef short CSHORT; +typedef ULONG CLONG; + +typedef CCHAR *PCCHAR; +typedef CSHORT *PCSHORT; +typedef CLONG *PCLONG; + +typedef PCSTR PCSZ; + +typedef PVOID* PPVOID; + +// Specific + +typedef UCHAR KIRQL, *PKIRQL; +typedef LONG KPRIORITY, *PKPRIORITY; +typedef USHORT RTL_ATOM, *PRTL_ATOM; + +typedef LARGE_INTEGER PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS; + +typedef struct _LARGE_INTEGER_128 +{ + LONGLONG QuadPart[2]; +} LARGE_INTEGER_128, *PLARGE_INTEGER_128; + +// NT status macros + +#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) +#define NT_INFORMATION(Status) ((((ULONG)(Status)) >> 30) == 1) +#define NT_WARNING(Status) ((((ULONG)(Status)) >> 30) == 2) +#define NT_ERROR(Status) ((((ULONG)(Status)) >> 30) == 3) + +#define NT_CUSTOMER_SHIFT 29 +#define NT_CUSTOMER(Status) ((((ULONG)(Status)) >> NT_CUSTOMER_SHIFT) & 1) + +#define NT_FACILITY_MASK 0xfff +#define NT_FACILITY_SHIFT 16 +#define NT_FACILITY(Status) ((((ULONG)(Status)) >> NT_FACILITY_SHIFT) & NT_FACILITY_MASK) + +#define NT_NTWIN32(Status) (NT_FACILITY(Status) == FACILITY_NTWIN32) +#define WIN32_FROM_NTSTATUS(Status) (((ULONG)(Status)) & 0xffff) + +// Functions + +#ifndef _WIN64 +#define FASTCALL __fastcall +#else +#define FASTCALL +#endif + +// Synchronization enumerations + +typedef enum _EVENT_TYPE +{ + NotificationEvent, + SynchronizationEvent +} EVENT_TYPE; + +typedef enum _TIMER_TYPE +{ + NotificationTimer, + SynchronizationTimer +} TIMER_TYPE; + +typedef enum _WAIT_TYPE +{ + WaitAll, + WaitAny, + WaitNotification +} WAIT_TYPE; + +// Strings + +typedef struct _STRING +{ + USHORT Length; + USHORT MaximumLength; + _Field_size_bytes_part_opt_(MaximumLength, Length) PCHAR Buffer; +} STRING, *PSTRING, ANSI_STRING, *PANSI_STRING, OEM_STRING, *POEM_STRING; + +typedef STRING UTF8_STRING; +typedef PSTRING PUTF8_STRING; + +typedef const STRING *PCSTRING; +typedef const ANSI_STRING *PCANSI_STRING; +typedef const OEM_STRING *PCOEM_STRING; + +typedef struct _UNICODE_STRING +{ + USHORT Length; + USHORT MaximumLength; + _Field_size_bytes_part_opt_(MaximumLength, Length) PWCH Buffer; +} UNICODE_STRING, *PUNICODE_STRING; + +typedef const UNICODE_STRING *PCUNICODE_STRING; + +#define RTL_CONSTANT_STRING(s) { sizeof(s) - sizeof((s)[0]), sizeof(s), s } + +#define DECLARE_CONST_UNICODE_STRING(_var, _str) \ +const WCHAR _var ## _buffer[] = _str; \ +const UNICODE_STRING _var = { sizeof(_str) - sizeof(WCHAR), sizeof(_str), (PWCH) _var ## _buffer } + +#define DECLARE_GLOBAL_CONST_UNICODE_STRING(_var, _str) \ +extern const DECLSPEC_SELECTANY UNICODE_STRING _var = RTL_CONSTANT_STRING(_str) + +#define DECLARE_UNICODE_STRING_SIZE(_var, _size) \ +WCHAR _var ## _buffer[_size]; \ +UNICODE_STRING _var = { 0, (_size) * sizeof(WCHAR) , _var ## _buffer } + +// Balanced tree node + +#define RTL_BALANCED_NODE_RESERVED_PARENT_MASK 3 + +typedef struct _RTL_BALANCED_NODE +{ + union + { + struct _RTL_BALANCED_NODE *Children[2]; + struct + { + struct _RTL_BALANCED_NODE *Left; + struct _RTL_BALANCED_NODE *Right; + }; + }; + union + { + UCHAR Red : 1; + UCHAR Balance : 2; + ULONG_PTR ParentValue; + }; +} RTL_BALANCED_NODE, *PRTL_BALANCED_NODE; + +#define RTL_BALANCED_NODE_GET_PARENT_POINTER(Node) \ + ((PRTL_BALANCED_NODE)((Node)->ParentValue & ~RTL_BALANCED_NODE_RESERVED_PARENT_MASK)) + +// Portability + +typedef struct _SINGLE_LIST_ENTRY32 +{ + ULONG Next; +} SINGLE_LIST_ENTRY32, *PSINGLE_LIST_ENTRY32; + +typedef struct _STRING32 +{ + USHORT Length; + USHORT MaximumLength; + ULONG Buffer; +} STRING32, *PSTRING32; + +typedef STRING32 UNICODE_STRING32, *PUNICODE_STRING32; +typedef STRING32 ANSI_STRING32, *PANSI_STRING32; + +typedef struct _STRING64 +{ + USHORT Length; + USHORT MaximumLength; + ULONGLONG Buffer; +} STRING64, *PSTRING64; + +typedef STRING64 UNICODE_STRING64, *PUNICODE_STRING64; +typedef STRING64 ANSI_STRING64, *PANSI_STRING64; + +// Object attributes + +#define OBJ_PROTECT_CLOSE 0x00000001L +#define OBJ_INHERIT 0x00000002L +#define OBJ_AUDIT_OBJECT_CLOSE 0x00000004L +#define OBJ_NO_RIGHTS_UPGRADE 0x00000008L +#define OBJ_PERMANENT 0x00000010L +#define OBJ_EXCLUSIVE 0x00000020L +#define OBJ_CASE_INSENSITIVE 0x00000040L +#define OBJ_OPENIF 0x00000080L +#define OBJ_OPENLINK 0x00000100L +#define OBJ_KERNEL_HANDLE 0x00000200L +#define OBJ_FORCE_ACCESS_CHECK 0x00000400L +#define OBJ_IGNORE_IMPERSONATED_DEVICEMAP 0x00000800L +#define OBJ_DONT_REPARSE 0x00001000L +#define OBJ_VALID_ATTRIBUTES 0x00001FF2L + +typedef struct _OBJECT_ATTRIBUTES +{ + ULONG Length; + HANDLE RootDirectory; + PUNICODE_STRING ObjectName; + ULONG Attributes; + PVOID SecurityDescriptor; // PSECURITY_DESCRIPTOR; + PVOID SecurityQualityOfService; // PSECURITY_QUALITY_OF_SERVICE +} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; + +typedef const OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES; + +#define InitializeObjectAttributes(p, n, a, r, s) { \ + (p)->Length = sizeof(OBJECT_ATTRIBUTES); \ + (p)->RootDirectory = r; \ + (p)->Attributes = a; \ + (p)->ObjectName = n; \ + (p)->SecurityDescriptor = s; \ + (p)->SecurityQualityOfService = NULL; \ + } + +#define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) { sizeof(OBJECT_ATTRIBUTES), NULL, n, a, NULL, NULL } +#define RTL_INIT_OBJECT_ATTRIBUTES(n, a) RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) + +#define OBJ_NAME_PATH_SEPARATOR ((WCHAR)L'\\') +#define OBJ_NAME_ALTPATH_SEPARATOR ((WCHAR)L'/') + +// Portability + +typedef struct _OBJECT_ATTRIBUTES64 +{ + ULONG Length; + ULONG64 RootDirectory; + ULONG64 ObjectName; + ULONG Attributes; + ULONG64 SecurityDescriptor; + ULONG64 SecurityQualityOfService; +} OBJECT_ATTRIBUTES64, *POBJECT_ATTRIBUTES64; + +typedef const OBJECT_ATTRIBUTES64 *PCOBJECT_ATTRIBUTES64; + +typedef struct _OBJECT_ATTRIBUTES32 +{ + ULONG Length; + ULONG RootDirectory; + ULONG ObjectName; + ULONG Attributes; + ULONG SecurityDescriptor; + ULONG SecurityQualityOfService; +} OBJECT_ATTRIBUTES32, *POBJECT_ATTRIBUTES32; + +typedef const OBJECT_ATTRIBUTES32 *PCOBJECT_ATTRIBUTES32; + +// Product types + +typedef enum _NT_PRODUCT_TYPE +{ + NtProductWinNt = 1, + NtProductLanManNt, + NtProductServer +} NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE; + +typedef enum _SUITE_TYPE +{ + SmallBusiness, + Enterprise, + BackOffice, + CommunicationServer, + TerminalServer, + SmallBusinessRestricted, + EmbeddedNT, + DataCenter, + SingleUserTS, + Personal, + Blade, + EmbeddedRestricted, + SecurityAppliance, + StorageServer, + ComputeServer, + WHServer, + PhoneNT, + MaxSuiteType +} SUITE_TYPE; + +// Specific + +typedef struct _CLIENT_ID +{ + HANDLE UniqueProcess; + HANDLE UniqueThread; +} CLIENT_ID, *PCLIENT_ID; + +typedef struct _CLIENT_ID32 +{ + ULONG UniqueProcess; + ULONG UniqueThread; +} CLIENT_ID32, *PCLIENT_ID32; + +typedef struct _CLIENT_ID64 +{ + ULONGLONG UniqueProcess; + ULONGLONG UniqueThread; +} CLIENT_ID64, *PCLIENT_ID64; + +#include + +typedef struct _KSYSTEM_TIME +{ + ULONG LowPart; + LONG High1Time; + LONG High2Time; +} KSYSTEM_TIME, *PKSYSTEM_TIME; + +#include + +#ifndef AFFINITY_MASK +#define AFFINITY_MASK(n) ((KAFFINITY)1 << (n)) +#endif + +#ifndef FlagOn +#define FlagOn(_F, _SF) ((_F) & (_SF)) +#endif +#ifndef BooleanFlagOn +#define BooleanFlagOn(F, SF) ((BOOLEAN)(((F) & (SF)) != 0)) +#endif +#ifndef SetFlag +#define SetFlag(_F, _SF) ((_F) |= (_SF)) +#endif +#ifndef ClearFlag +#define ClearFlag(_F, _SF) ((_F) &= ~(_SF)) +#endif + +#endif + +#if defined(_WIN64) +#define POINTER_ALIGNMENT DECLSPEC_ALIGN(8) +#else +#define POINTER_ALIGNMENT +#endif + +#endif diff --git a/deps/phnt-nightly/phnt_windows.h b/deps/phnt-nightly/phnt_windows.h new file mode 100644 index 0000000..c1cbd5e --- /dev/null +++ b/deps/phnt-nightly/phnt_windows.h @@ -0,0 +1,128 @@ +/* + * Win32 definition support + * + * This file is part of System Informer. + */ + +#ifndef _PHNT_WINDOWS_H +#define _PHNT_WINDOWS_H + +// This header file provides access to Win32, plus NTSTATUS values and some access mask values. + +#ifndef __cplusplus +#ifndef CINTERFACE +#define CINTERFACE +#endif + +#ifndef COBJMACROS +#define COBJMACROS +#endif +#endif + +#ifndef NOMINMAX +#define NOMINMAX +#endif + +#ifndef INT_ERROR +#define INT_ERROR (-1) +#endif + +#ifndef ULONG64_MAX +#define ULONG64_MAX 0xffffffffffffffffui64 +#endif + +#ifndef SIZE_T_MAX +#ifdef _WIN64 +#define SIZE_T_MAX 0xffffffffffffffffui64 +#else +#define SIZE_T_MAX 0xffffffffUL +#endif +#endif + +#ifndef ENABLE_RTL_NUMBER_OF_V2 +#define ENABLE_RTL_NUMBER_OF_V2 +#endif + +#ifndef INITGUID +#define INITGUID +#endif + +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif + +#ifndef WIN32_NO_STATUS +#define WIN32_NO_STATUS +#endif + +#ifndef __cplusplus +// This is needed to workaround C17 preprocessor errors when using legacy versions of the Windows SDK. (dmex) +#ifndef MICROSOFT_WINDOWS_WINBASE_H_DEFINE_INTERLOCKED_CPLUSPLUS_OVERLOADS +#define MICROSOFT_WINDOWS_WINBASE_H_DEFINE_INTERLOCKED_CPLUSPLUS_OVERLOADS 0 +#endif +#endif + +#include +#include +#undef WIN32_NO_STATUS +#include +#include +#include + +typedef double DOUBLE; +typedef GUID *PGUID; + +// Desktop access rights +#define DESKTOP_ALL_ACCESS \ + (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | \ + DESKTOP_HOOKCONTROL | DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | \ + DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS | \ + STANDARD_RIGHTS_REQUIRED) +#define DESKTOP_GENERIC_READ \ + (DESKTOP_ENUMERATE | DESKTOP_READOBJECTS | STANDARD_RIGHTS_READ) +#define DESKTOP_GENERIC_WRITE \ + (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_HOOKCONTROL | \ + DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | DESKTOP_WRITEOBJECTS | \ + STANDARD_RIGHTS_WRITE) +#define DESKTOP_GENERIC_EXECUTE \ + (DESKTOP_SWITCHDESKTOP | STANDARD_RIGHTS_EXECUTE) + +// Window station access rights +#define WINSTA_GENERIC_READ \ + (WINSTA_ENUMDESKTOPS | WINSTA_ENUMERATE | WINSTA_READATTRIBUTES | \ + WINSTA_READSCREEN | STANDARD_RIGHTS_READ) +#define WINSTA_GENERIC_WRITE \ + (WINSTA_ACCESSCLIPBOARD | WINSTA_CREATEDESKTOP | WINSTA_WRITEATTRIBUTES | \ + STANDARD_RIGHTS_WRITE) +#define WINSTA_GENERIC_EXECUTE \ + (WINSTA_ACCESSGLOBALATOMS | WINSTA_EXITWINDOWS | STANDARD_RIGHTS_EXECUTE) + +// WMI access rights +#define WMIGUID_GENERIC_READ \ + (WMIGUID_QUERY | WMIGUID_NOTIFICATION | WMIGUID_READ_DESCRIPTION | \ + STANDARD_RIGHTS_READ) +#define WMIGUID_GENERIC_WRITE \ + (WMIGUID_SET | TRACELOG_CREATE_REALTIME | TRACELOG_CREATE_ONDISK | \ + STANDARD_RIGHTS_WRITE) +#define WMIGUID_GENERIC_EXECUTE \ + (WMIGUID_EXECUTE | TRACELOG_GUID_ENABLE | TRACELOG_LOG_EVENT | \ + TRACELOG_ACCESS_REALTIME | TRACELOG_REGISTER_GUIDS | \ + STANDARD_RIGHTS_EXECUTE) + +// Note: Some parts of the Windows Runtime, COM or third party hooks are returning +// S_FALSE and null pointers on errors when S_FALSE is a success code. (dmex) +#define HR_SUCCESS(hr) (((HRESULT)(hr)) == S_OK) +#define HR_FAILED(hr) (((HRESULT)(hr)) != S_OK) + +// Note: The CONTAINING_RECORD macro doesn't support UBSan and generates false positives, +// we redefine the macro with FIELD_OFFSET as a workaround until the WinSDK is fixed (dmex) +#undef CONTAINING_RECORD +#define CONTAINING_RECORD(address, type, field) \ + ((type *)((ULONG_PTR)(address) - UFIELD_OFFSET(type, field))) + +#ifndef __PCGUID_DEFINED__ +#define __PCGUID_DEFINED__ +typedef const GUID* PCGUID; +#endif + +#endif diff --git a/deps/phnt-nightly/subprocesstag.h b/deps/phnt-nightly/subprocesstag.h new file mode 100644 index 0000000..6f2ee53 --- /dev/null +++ b/deps/phnt-nightly/subprocesstag.h @@ -0,0 +1,100 @@ +/* + * Subprocess tag information + * + * This file is part of System Informer. + */ + +#ifndef _SUBPROCESSTAG_H +#define _SUBPROCESSTAG_H + +typedef enum _TAG_INFO_LEVEL +{ + eTagInfoLevelNameFromTag = 1, // TAG_INFO_NAME_FROM_TAG + eTagInfoLevelNamesReferencingModule, // TAG_INFO_NAMES_REFERENCING_MODULE + eTagInfoLevelNameTagMapping, // TAG_INFO_NAME_TAG_MAPPING + eTagInfoLevelMax +} TAG_INFO_LEVEL; + +typedef enum _TAG_TYPE +{ + eTagTypeService = 1, + eTagTypeMax +} TAG_TYPE; + +typedef struct _TAG_INFO_NAME_FROM_TAG_IN_PARAMS +{ + ULONG dwPid; + ULONG dwTag; +} TAG_INFO_NAME_FROM_TAG_IN_PARAMS, *PTAG_INFO_NAME_FROM_TAG_IN_PARAMS; + +typedef struct _TAG_INFO_NAME_FROM_TAG_OUT_PARAMS +{ + ULONG eTagType; + PWSTR pszName; +} TAG_INFO_NAME_FROM_TAG_OUT_PARAMS, *PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS; + +typedef struct _TAG_INFO_NAME_FROM_TAG +{ + TAG_INFO_NAME_FROM_TAG_IN_PARAMS InParams; + TAG_INFO_NAME_FROM_TAG_OUT_PARAMS OutParams; +} TAG_INFO_NAME_FROM_TAG, *PTAG_INFO_NAME_FROM_TAG; + +typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS +{ + ULONG dwPid; + PWSTR pszModule; +} TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS; + +typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS +{ + ULONG eTagType; + PWSTR pmszNames; +} TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS; + +typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE +{ + TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS InParams; + TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS OutParams; +} TAG_INFO_NAMES_REFERENCING_MODULE, *PTAG_INFO_NAMES_REFERENCING_MODULE; + +typedef struct _TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS +{ + ULONG dwPid; +} TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_IN_PARAMS; + +typedef struct _TAG_INFO_NAME_TAG_MAPPING_ELEMENT +{ + ULONG eTagType; + ULONG dwTag; + PWSTR pszName; + PWSTR pszGroupName; +} TAG_INFO_NAME_TAG_MAPPING_ELEMENT, *PTAG_INFO_NAME_TAG_MAPPING_ELEMENT; + +typedef struct _TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS +{ + ULONG cElements; + PTAG_INFO_NAME_TAG_MAPPING_ELEMENT pNameTagMappingElements; +} TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS; + +typedef struct _TAG_INFO_NAME_TAG_MAPPING +{ + TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS InParams; + PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS pOutParams; +} TAG_INFO_NAME_TAG_MAPPING, *PTAG_INFO_NAME_TAG_MAPPING; + +_Must_inspect_result_ +ULONG +WINAPI +I_QueryTagInformation( + _In_opt_ PCWSTR MachineName, + _In_ TAG_INFO_LEVEL InfoLevel, + _Inout_ PVOID TagInfo + ); + +typedef ULONG (WINAPI *PQUERY_TAG_INFORMATION)( + _In_opt_ PCWSTR MachineName, + _In_ TAG_INFO_LEVEL InfoLevel, + _Inout_ PVOID TagInfo + ); + +#endif diff --git a/deps/phnt-nightly/usermgr.h b/deps/phnt-nightly/usermgr.h new file mode 100644 index 0000000..a8d4005 --- /dev/null +++ b/deps/phnt-nightly/usermgr.h @@ -0,0 +1,223 @@ +/* + * User Manager service API definitions. + * + * This file is part of System Informer. + */ + +#ifndef _USERMGR_H +#define _USERMGR_H + +// private +typedef struct _SESSION_USER_CONTEXT +{ + ULONGLONG ContextToken; + ULONG SessionId; + ULONG Reserved; +} SESSION_USER_CONTEXT, *PSESSION_USER_CONTEXT; + +// private +typedef struct _CRED_PROV_CREDENTIAL +{ + ULONG Flags; + ULONG AuthenticationPackage; + ULONG Size; + PVOID Information; +} CRED_PROV_CREDENTIAL, *PCRED_PROV_CREDENTIAL; + +#define USERMGRAPI DECLSPEC_IMPORT + +// Contexts + +#if (PHNT_VERSION >= PHNT_THRESHOLD) + +// rev +USERMGRAPI +VOID +WINAPI +UMgrFreeSessionUsers( + _In_ _Post_invalid_ PSESSION_USER_CONTEXT SessionUsers + ); + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrEnumerateSessionUsers( + _Out_ PULONG Count, + _Outptr_ PSESSION_USER_CONTEXT *SessionUsers + ); + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrQueryUserContext( + _In_ HANDLE TokenHandle, + _Out_ PULONGLONG ContextToken + ); + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrQueryUserContextFromSid( + _In_ PWSTR SidString, + _Out_ PULONGLONG ContextToken + ); + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrQueryUserContextFromName( + _In_ PWSTR UserName, + _Out_ PULONGLONG ContextToken + ); + +#endif + +// Tokens + +#if (PHNT_VERSION >= PHNT_THRESHOLD) + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrQueryDefaultAccountToken( + _Out_ PHANDLE TokenHandle + ); + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrQuerySessionUserToken( + _In_ ULONG SessionId, + _Out_ PHANDLE TokenHandle + ); + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrQueryUserToken( + _In_ ULONGLONG Context, + _Out_ PHANDLE TokenHandle + ); + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrQueryUserTokenFromSid( + _In_ PWSTR SidString, + _Out_ PHANDLE TokenHandle + ); + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrQueryUserTokenFromName( + _In_ PWSTR UserName, + _Out_ PHANDLE TokenHandle + ); + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrGetConstrainedUserToken( + _In_opt_ HANDLE InputTokenHandle, + _In_ ULONGLONG Context, + _In_opt_ PSECURITY_CAPABILITIES Capabilities, + _Out_ _Ret_maybenull_ PHANDLE OutputTokenHandle + ); + +#endif + +#if (PHNT_VERSION >= PHNT_THRESHOLD2) + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrChangeSessionUserToken( + _In_ HANDLE TokenHandle + ); + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrGetImpersonationTokenForContext( + _In_ HANDLE InputTokenHandle, + _In_ ULONGLONG Context, + _Out_ PHANDLE OutputTokenHandle + ); + +#endif + +#if (PHNT_VERSION >= PHNT_REDSTONE) + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrGetSessionActiveShellUserToken( + _In_ ULONG SessionId, + _Out_ PHANDLE TokenHandle + ); + +#endif + +// Single-session SKU + +#if (PHNT_VERSION >= PHNT_THRESHOLD) + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrOpenProcessTokenForQuery( + _In_ ULONG ProcessId, + _Out_ PHANDLE TokenHandle + ); + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrOpenProcessHandleForAccess( + _In_ ACCESS_MASK DesiredAccess, + _In_ ULONG ProcessId, + _Out_ PHANDLE ProcessHandle + ); + +#endif + +// Credentials + +#if (PHNT_VERSION >= PHNT_THRESHOLD) + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrFreeUserCredentials( + _In_ PCRED_PROV_CREDENTIAL Credentials + ); + +// rev +USERMGRAPI +HRESULT +WINAPI +UMgrGetCachedCredentials( + _In_ PSID Sid, + _Outptr_ PCRED_PROV_CREDENTIAL *Credentials + ); + +#endif + +#endif diff --git a/deps/phnt-nightly/winsta.h b/deps/phnt-nightly/winsta.h new file mode 100644 index 0000000..07d39eb --- /dev/null +++ b/deps/phnt-nightly/winsta.h @@ -0,0 +1,1168 @@ +/* + * Window Station Support functions + * + * This file is part of System Informer. + */ + +#ifndef _WINSTA_H +#define _WINSTA_H + +// Specifies the current server. +#define WINSTATION_CURRENT_SERVER ((HANDLE)NULL) +#define WINSTATION_CURRENT_SERVER_HANDLE ((HANDLE)NULL) +#define WINSTATION_CURRENT_SERVER_NAME (NULL) + +// Specifies the current session (SessionId) +#define WINSTATION_CURRENT_SESSION ((ULONG)-1) + +// Specifies any-session (SessionId) +#define WINSTATION_ANY_SESSION ((ULONG)-2) + +// Access rights + +#define WINSTATION_QUERY 0x00000001 // WinStationQueryInformation +#define WINSTATION_SET 0x00000002 // WinStationSetInformation +#define WINSTATION_RESET 0x00000004 // WinStationReset +#define WINSTATION_VIRTUAL 0x00000008 //read/write direct data +#define WINSTATION_SHADOW 0x00000010 // WinStationShadow +#define WINSTATION_LOGON 0x00000020 // logon to WinStation +#define WINSTATION_LOGOFF 0x00000040 // WinStationLogoff +#define WINSTATION_MSG 0x00000080 // WinStationMsg +#define WINSTATION_CONNECT 0x00000100 // WinStationConnect +#define WINSTATION_DISCONNECT 0x00000200 // WinStationDisconnect +#define WINSTATION_GUEST_ACCESS WINSTATION_LOGON + +#define WINSTATION_CURRENT_GUEST_ACCESS (WINSTATION_VIRTUAL | WINSTATION_LOGOFF) +#define WINSTATION_USER_ACCESS (WINSTATION_GUEST_ACCESS | WINSTATION_QUERY | WINSTATION_CONNECT) +#define WINSTATION_CURRENT_USER_ACCESS \ + (WINSTATION_SET | WINSTATION_RESET | WINSTATION_VIRTUAL | \ + WINSTATION_LOGOFF | WINSTATION_DISCONNECT) +#define WINSTATION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | WINSTATION_QUERY | \ + WINSTATION_SET | WINSTATION_RESET | WINSTATION_VIRTUAL | \ + WINSTATION_SHADOW | WINSTATION_LOGON | WINSTATION_MSG | \ + WINSTATION_CONNECT | WINSTATION_DISCONNECT) + +#define WDPREFIX_LENGTH 12 +#define CALLBACK_LENGTH 50 +#define DLLNAME_LENGTH 32 +#define CDNAME_LENGTH 32 +#define WDNAME_LENGTH 32 +#define PDNAME_LENGTH 32 +#define DEVICENAME_LENGTH 128 +#define MODEMNAME_LENGTH DEVICENAME_LENGTH +#define STACK_ADDRESS_LENGTH 128 +#define MAX_BR_NAME 65 +#define DIRECTORY_LENGTH 256 +#define INITIALPROGRAM_LENGTH 256 +#define USERNAME_LENGTH 20 +#define DOMAIN_LENGTH 17 +#define PASSWORD_LENGTH 14 +#define NASISPECIFICNAME_LENGTH 14 +#define NASIUSERNAME_LENGTH 47 +#define NASIPASSWORD_LENGTH 24 +#define NASISESSIONNAME_LENGTH 16 +#define NASIFILESERVER_LENGTH 47 + +#define CLIENTDATANAME_LENGTH 7 +#define CLIENTNAME_LENGTH 20 +#define CLIENTADDRESS_LENGTH 30 +#define IMEFILENAME_LENGTH 32 +#define CLIENTLICENSE_LENGTH 32 +#define CLIENTMODEM_LENGTH 40 +#define CLIENT_PRODUCT_ID_LENGTH 32 +#define MAX_COUNTER_EXTENSIONS 2 +#define WINSTATIONNAME_LENGTH 32 + +#define TERMSRV_TOTAL_SESSIONS 1 +#define TERMSRV_DISC_SESSIONS 2 +#define TERMSRV_RECON_SESSIONS 3 +#define TERMSRV_CURRENT_ACTIVE_SESSIONS 4 +#define TERMSRV_CURRENT_DISC_SESSIONS 5 +#define TERMSRV_PENDING_SESSIONS 6 +#define TERMSRV_SUCC_TOTAL_LOGONS 7 +#define TERMSRV_SUCC_LOCAL_LOGONS 8 +#define TERMSRV_SUCC_REMOTE_LOGONS 9 +#define TERMSRV_SUCC_SESSION0_LOGONS 10 +#define TERMSRV_CURRENT_TERMINATING_SESSIONS 11 +#define TERMSRV_CURRENT_LOGGEDON_SESSIONS 12 + +typedef RTL_TIME_ZONE_INFORMATION TS_TIME_ZONE_INFORMATION, *PTS_TIME_ZONE_INFORMATION; + +typedef WCHAR WINSTATIONNAME[WINSTATIONNAME_LENGTH + 1]; + +// Variable length data descriptor (not needed) +typedef struct _VARDATA_WIRE +{ + USHORT Size; + USHORT Offset; +} VARDATA_WIRE, *PVARDATA_WIRE; + +typedef enum _WINSTATIONSTATECLASS +{ + State_Active = 0, + State_Connected = 1, + State_ConnectQuery = 2, + State_Shadow = 3, + State_Disconnected = 4, + State_Idle = 5, + State_Listen = 6, + State_Reset = 7, + State_Down = 8, + State_Init = 9 +} WINSTATIONSTATECLASS; + +typedef struct _SESSIONIDW +{ + union + { + ULONG SessionId; + ULONG LogonId; + }; + WINSTATIONNAME WinStationName; + WINSTATIONSTATECLASS State; +} SESSIONIDW, *PSESSIONIDW; + +// private +typedef enum _WINSTATIONINFOCLASS +{ + WinStationCreateData, // WINSTATIONCREATE + WinStationConfiguration, // WINSTACONFIGWIRE + USERCONFIG + WinStationPdParams, // PDPARAMS + WinStationWd, // WDCONFIG + WinStationPd, // PDCONFIG2 + PDPARAMS + WinStationPrinter, // Not supported. + WinStationClient, // WINSTATIONCLIENT + WinStationModules, + WinStationInformation, // WINSTATIONINFORMATION + WinStationTrace, + WinStationBeep, + WinStationEncryptionOff, + WinStationEncryptionPerm, + WinStationNtSecurity, // s; (open secure desktop ctrl+alt+del) + WinStationUserToken, // WINSTATIONUSERTOKEN + WinStationUnused1, + WinStationVideoData, // WINSTATIONVIDEODATA + WinStationInitialProgram, // s; (set current process as initial program) + WinStationCd, // CDCONFIG + WinStationSystemTrace, + WinStationVirtualData, + WinStationClientData, // WINSTATIONCLIENTDATA + WinStationSecureDesktopEnter, + WinStationSecureDesktopExit, + WinStationLoadBalanceSessionTarget, // ULONG + WinStationLoadIndicator, // WINSTATIONLOADINDICATORDATA + WinStationShadowInfo, // WINSTATIONSHADOW + WinStationDigProductId, // WINSTATIONPRODID + WinStationLockedState, // BOOL + WinStationRemoteAddress, // WINSTATIONREMOTEADDRESS + WinStationIdleTime, // ULONG + WinStationLastReconnectType, // ULONG + WinStationDisallowAutoReconnect, // BOOLEAN + WinStationMprNotifyInfo, + WinStationExecSrvSystemPipe, // WCHAR[48] + WinStationSmartCardAutoLogon, // BOOLEAN + WinStationIsAdminLoggedOn, // BOOLEAN + WinStationReconnectedFromId, // ULONG + WinStationEffectsPolicy, // ULONG + WinStationType, // ULONG + WinStationInformationEx, // WINSTATIONINFORMATIONEX + WinStationValidationInfo +} WINSTATIONINFOCLASS; + +// Retrieves general information on the type of terminal server session (protocol) to which the session belongs. +typedef struct _WINSTATIONCREATE +{ + ULONG fEnableWinStation : 1; + ULONG MaxInstanceCount; +} WINSTATIONCREATE, *PWINSTATIONCREATE; + +typedef struct _WINSTACONFIGWIRE +{ + WCHAR Comment[61]; // The WinStation descriptive comment. + CHAR OEMId[4]; // Value identifying the OEM implementor of the TermService Listener to which this session (WinStation) belongs. This can be any value defined by the implementer (OEM) of the listener. + VARDATA_WIRE UserConfig; // VARDATA_WIRE structure defining the size and offset of the variable-length user configuration data succeeding it. + VARDATA_WIRE NewFields; // VARDATA_WIRE structure defining the size and offset of the variable-length new data succeeding it. This field is not used and is a placeholder for any new data, if and when added. +} WINSTACONFIGWIRE, *PWINSTACONFIGWIRE; + +typedef enum _CALLBACKCLASS +{ + Callback_Disable, + Callback_Roving, + Callback_Fixed +} CALLBACKCLASS; + +// The SHADOWCLASS enumeration is used to indicate the shadow-related settings for a session running on a terminal server. +typedef enum _SHADOWCLASS +{ + Shadow_Disable, // Shadowing is disabled. + Shadow_EnableInputNotify, // Permission is asked first from the session being shadowed. The shadower is also permitted keyboard and mouse input. + Shadow_EnableInputNoNotify, // Permission is not asked first from the session being shadowed. The shadower is also permitted keyboard and mouse input. + Shadow_EnableNoInputNotify, // Permission is asked first from the session being shadowed. The shadower is not permitted keyboard and mouse input and MUST observe the shadowed session. + Shadow_EnableNoInputNoNotify // Permission is not asked first from the session being shadowed. The shadower is not permitted keyboard and mouse input and MUST observe the shadowed session. +} SHADOWCLASS; + +// For a specific terminal server session, the USERCONFIG structure indicates the user and session configuration. +// https://msdn.microsoft.com/en-us/library/cc248610.aspx +typedef struct _USERCONFIG +{ + ULONG fInheritAutoLogon : 1; + ULONG fInheritResetBroken : 1; + ULONG fInheritReconnectSame : 1; + ULONG fInheritInitialProgram : 1; + ULONG fInheritCallback : 1; + ULONG fInheritCallbackNumber : 1; + ULONG fInheritShadow : 1; + ULONG fInheritMaxSessionTime : 1; + ULONG fInheritMaxDisconnectionTime : 1; + ULONG fInheritMaxIdleTime : 1; + ULONG fInheritAutoClient : 1; + ULONG fInheritSecurity : 1; + ULONG fPromptForPassword : 1; + ULONG fResetBroken : 1; + ULONG fReconnectSame : 1; + ULONG fLogonDisabled : 1; + ULONG fWallPaperDisabled : 1; + ULONG fAutoClientDrives : 1; + ULONG fAutoClientLpts : 1; + ULONG fForceClientLptDef : 1; + ULONG fRequireEncryption : 1; + ULONG fDisableEncryption : 1; + ULONG fUnused1 : 1; + ULONG fHomeDirectoryMapRoot : 1; + ULONG fUseDefaultGina : 1; + ULONG fCursorBlinkDisabled : 1; + ULONG fPublishedApp : 1; + ULONG fHideTitleBar : 1; + ULONG fMaximize : 1; + ULONG fDisableCpm : 1; + ULONG fDisableCdm : 1; + ULONG fDisableCcm : 1; + ULONG fDisableLPT : 1; + ULONG fDisableClip : 1; + ULONG fDisableExe : 1; + ULONG fDisableCam : 1; + ULONG fDisableAutoReconnect : 1; + ULONG ColorDepth : 3; + ULONG fInheritColorDepth : 1; + ULONG fErrorInvalidProfile : 1; + ULONG fPasswordIsScPin : 1; + ULONG fDisablePNPRedir : 1; + WCHAR UserName[USERNAME_LENGTH + 1]; + WCHAR Domain[DOMAIN_LENGTH + 1]; + WCHAR Password[PASSWORD_LENGTH + 1]; + WCHAR WorkDirectory[DIRECTORY_LENGTH + 1]; + WCHAR InitialProgram[INITIALPROGRAM_LENGTH + 1]; + WCHAR CallbackNumber[CALLBACK_LENGTH + 1]; + CALLBACKCLASS Callback; + SHADOWCLASS Shadow; + ULONG MaxConnectionTime; + ULONG MaxDisconnectionTime; + ULONG MaxIdleTime; + ULONG KeyboardLayout; + BYTE MinEncryptionLevel; + WCHAR NWLogonServer[NASIFILESERVER_LENGTH + 1]; + WCHAR PublishedName[MAX_BR_NAME]; + WCHAR WFProfilePath[DIRECTORY_LENGTH + 1]; + WCHAR WFHomeDir[DIRECTORY_LENGTH + 1]; + WCHAR WFHomeDirDrive[4]; +} USERCONFIG, *PUSERCONFIG; + +typedef enum _SDCLASS +{ + SdNone = 0, + SdConsole, + SdNetwork, + SdAsync, + SdOemTransport +} SDCLASS; + +typedef WCHAR DEVICENAME[DEVICENAME_LENGTH + 1]; +typedef WCHAR MODEMNAME[MODEMNAME_LENGTH + 1]; +typedef WCHAR NASISPECIFICNAME[NASISPECIFICNAME_LENGTH + 1]; +typedef WCHAR NASIUSERNAME[NASIUSERNAME_LENGTH + 1]; +typedef WCHAR NASIPASSWORD[NASIPASSWORD_LENGTH + 1]; +typedef WCHAR NASISESIONNAME[NASISESSIONNAME_LENGTH + 1]; +typedef WCHAR NASIFILESERVER[NASIFILESERVER_LENGTH + 1]; +typedef WCHAR WDNAME[WDNAME_LENGTH + 1]; +typedef WCHAR WDPREFIX[WDPREFIX_LENGTH + 1]; +typedef WCHAR CDNAME[CDNAME_LENGTH + 1]; +typedef WCHAR DLLNAME[DLLNAME_LENGTH + 1]; +typedef WCHAR PDNAME[PDNAME_LENGTH + 1]; + +typedef struct _NETWORKCONFIG +{ + LONG LanAdapter; + DEVICENAME NetworkName; + ULONG Flags; +} NETWORKCONFIG, *PNETWORKCONFIG; + +typedef enum _FLOWCONTROLCLASS +{ + FlowControl_None, + FlowControl_Hardware, + FlowControl_Software +} FLOWCONTROLCLASS; + +typedef enum _RECEIVEFLOWCONTROLCLASS +{ + ReceiveFlowControl_None, + ReceiveFlowControl_RTS, + ReceiveFlowControl_DTR, +} RECEIVEFLOWCONTROLCLASS; + +typedef enum _TRANSMITFLOWCONTROLCLASS +{ + TransmitFlowControl_None, + TransmitFlowControl_CTS, + TransmitFlowControl_DSR, +} TRANSMITFLOWCONTROLCLASS; + +typedef enum _ASYNCCONNECTCLASS +{ + Connect_CTS, + Connect_DSR, + Connect_RI, + Connect_DCD, + Connect_FirstChar, + Connect_Perm, +} ASYNCCONNECTCLASS; + +typedef struct _FLOWCONTROLCONFIG +{ + ULONG fEnableSoftwareTx : 1; + ULONG fEnableSoftwareRx : 1; + ULONG fEnableDTR : 1; + ULONG fEnableRTS : 1; + CHAR XonChar; + CHAR XoffChar; + FLOWCONTROLCLASS Type; + RECEIVEFLOWCONTROLCLASS HardwareReceive; + TRANSMITFLOWCONTROLCLASS HardwareTransmit; +} FLOWCONTROLCONFIG, *PFLOWCONTROLCONFIG; + +typedef struct _CONNECTCONFIG +{ + ASYNCCONNECTCLASS Type; + ULONG fEnableBreakDisconnect : 1; +} CONNECTCONFIG, *PCONNECTCONFIG; + +typedef struct _ASYNCCONFIG +{ + DEVICENAME DeviceName; + MODEMNAME ModemName; + ULONG BaudRate; + ULONG Parity; + ULONG StopBits; + ULONG ByteSize; + ULONG fEnableDsrSensitivity : 1; + ULONG fConnectionDriver : 1; + FLOWCONTROLCONFIG FlowControl; + CONNECTCONFIG Connect; +} ASYNCCONFIG, *PASYNCCONFIG; + +typedef struct _NASICONFIG +{ + NASISPECIFICNAME SpecificName; + NASIUSERNAME UserName; + NASIPASSWORD PassWord; + NASISESIONNAME SessionName; + NASIFILESERVER FileServer; + BOOLEAN GlobalSession; +} NASICONFIG, *PNASICONFIG; + +typedef struct _OEMTDCONFIG +{ + LONG Adapter; + DEVICENAME DeviceName; + ULONG Flags; +} OEMTDCONFIG, *POEMTDCONFIG; + +// Retrieves transport protocol driver parameters. +typedef struct _PDPARAMS +{ + SDCLASS SdClass; // Stack driver class. Indicates which one of the union's structures is valid. + union + { + NETWORKCONFIG Network; // Configuration of network drivers. Used if SdClass is SdNetwork. + ASYNCCONFIG Async; // Configuration of async (modem) driver. Used if SdClass is SdAsync. + NASICONFIG Nasi; // Reserved. + OEMTDCONFIG OemTd; // Configuration of OEM transport driver. Used if SdClass is SdOemTransport. + }; +} PDPARAMS, *PPDPARAMS; + +// The WinStation (session) driver configuration. +typedef struct _WDCONFIG +{ + WDNAME WdName; // The descriptive name of the WinStation driver. + DLLNAME WdDLL; // The driver's image name. + DLLNAME WsxDLL; // Used by the Terminal Services service to communicate with the WinStation driver. + ULONG WdFlag; // Driver flags. + ULONG WdInputBufferLength; // Length, in bytes, of the input buffer used by the driver. Defaults to 2048. + DLLNAME CfgDLL; // Configuration DLL used by Terminal Services administrative tools for configuring the driver. + WDPREFIX WdPrefix; // Used as the prefix of the WinStation name generated for the connected sessions with this WinStation driver. +} WDCONFIG, *PWDCONFIG; + +// The protocol driver's software configuration. +typedef struct _PDCONFIG2 +{ + PDNAME PdName; + SDCLASS SdClass; + DLLNAME PdDLL; + ULONG PdFlag; + ULONG OutBufLength; + ULONG OutBufCount; + ULONG OutBufDelay; + ULONG InteractiveDelay; + ULONG PortNumber; + ULONG KeepAliveTimeout; +} PDCONFIG2, *PPDCONFIG2; + +// WinStationClient +typedef struct _WINSTATIONCLIENT +{ + ULONG fTextOnly : 1; + ULONG fDisableCtrlAltDel : 1; + ULONG fMouse : 1; + ULONG fDoubleClickDetect : 1; + ULONG fINetClient : 1; + ULONG fPromptForPassword : 1; + ULONG fMaximizeShell : 1; + ULONG fEnableWindowsKey : 1; + ULONG fRemoteConsoleAudio : 1; + ULONG fPasswordIsScPin : 1; + ULONG fNoAudioPlayback : 1; + ULONG fUsingSavedCreds : 1; + WCHAR ClientName[CLIENTNAME_LENGTH + 1]; + WCHAR Domain[DOMAIN_LENGTH + 1]; + WCHAR UserName[USERNAME_LENGTH + 1]; + WCHAR Password[PASSWORD_LENGTH + 1]; + WCHAR WorkDirectory[DIRECTORY_LENGTH + 1]; + WCHAR InitialProgram[INITIALPROGRAM_LENGTH + 1]; + ULONG SerialNumber; + BYTE EncryptionLevel; + ULONG ClientAddressFamily; + WCHAR ClientAddress[CLIENTADDRESS_LENGTH + 1]; + USHORT HRes; + USHORT VRes; + USHORT ColorDepth; + USHORT ProtocolType; + ULONG KeyboardLayout; + ULONG KeyboardType; + ULONG KeyboardSubType; + ULONG KeyboardFunctionKey; + WCHAR ImeFileName[IMEFILENAME_LENGTH + 1]; + WCHAR ClientDirectory[DIRECTORY_LENGTH + 1]; + WCHAR ClientLicense[CLIENTLICENSE_LENGTH + 1]; + WCHAR ClientModem[CLIENTMODEM_LENGTH + 1]; + ULONG ClientBuildNumber; + ULONG ClientHardwareId; + USHORT ClientProductId; + USHORT OutBufCountHost; + USHORT OutBufCountClient; + USHORT OutBufLength; + WCHAR AudioDriverName[9]; + TS_TIME_ZONE_INFORMATION ClientTimeZone; + ULONG ClientSessionId; + WCHAR ClientDigProductId[CLIENT_PRODUCT_ID_LENGTH]; + ULONG PerformanceFlags; + ULONG ActiveInputLocale; +} WINSTATIONCLIENT, *PWINSTATIONCLIENT; + +typedef struct _TSHARE_COUNTERS +{ + ULONG Reserved; +} TSHARE_COUNTERS, *PTSHARE_COUNTERS; + +typedef struct _PROTOCOLCOUNTERS +{ + ULONG WdBytes; + ULONG WdFrames; + ULONG WaitForOutBuf; + ULONG Frames; + ULONG Bytes; + ULONG CompressedBytes; + ULONG CompressFlushes; + ULONG Errors; + ULONG Timeouts; + ULONG AsyncFramingError; + ULONG AsyncOverrunError; + ULONG AsyncOverflowError; + ULONG AsyncParityError; + ULONG TdErrors; + USHORT ProtocolType; + USHORT Length; + union + { + TSHARE_COUNTERS TShareCounters; + ULONG Reserved[100]; + } Specific; +} PROTOCOLCOUNTERS, *PPROTOCOLCOUNTERS; + +typedef struct _THINWIRECACHE +{ + ULONG CacheReads; + ULONG CacheHits; +} THINWIRECACHE, *PTHINWIRECACHE; + +#define MAX_THINWIRECACHE 4 + +typedef struct _RESERVED_CACHE +{ + THINWIRECACHE ThinWireCache[MAX_THINWIRECACHE]; +} RESERVED_CACHE, *PRESERVED_CACHE; + +typedef struct _TSHARE_CACHE +{ + ULONG Reserved; +} TSHARE_CACHE, *PTSHARE_CACHE; + +typedef struct CACHE_STATISTICS +{ + USHORT ProtocolType; + USHORT Length; + union + { + RESERVED_CACHE ReservedCacheStats; + TSHARE_CACHE TShareCacheStats; + ULONG Reserved[20]; + } Specific; +} CACHE_STATISTICS, *PCACHE_STATISTICS; + +typedef struct _PROTOCOLSTATUS +{ + PROTOCOLCOUNTERS Output; + PROTOCOLCOUNTERS Input; + CACHE_STATISTICS Cache; + ULONG AsyncSignal; + ULONG AsyncSignalMask; +} PROTOCOLSTATUS, *PPROTOCOLSTATUS; + +// Retrieves information on the session. +typedef struct _WINSTATIONINFORMATION +{ + WINSTATIONSTATECLASS ConnectState; + WINSTATIONNAME WinStationName; + ULONG LogonId; + LARGE_INTEGER ConnectTime; + LARGE_INTEGER DisconnectTime; + LARGE_INTEGER LastInputTime; + LARGE_INTEGER LogonTime; + PROTOCOLSTATUS Status; + WCHAR Domain[DOMAIN_LENGTH + 1]; + WCHAR UserName[USERNAME_LENGTH + 1]; + LARGE_INTEGER CurrentTime; +} WINSTATIONINFORMATION, *PWINSTATIONINFORMATION; + +// Retrieves the user's token in the session. Caller requires WINSTATION_ALL_ACCESS permission. +typedef struct _WINSTATIONUSERTOKEN +{ + HANDLE ProcessId; + HANDLE ThreadId; + HANDLE UserToken; +} WINSTATIONUSERTOKEN, *PWINSTATIONUSERTOKEN; + +// Retrieves resolution and color depth of the session. +typedef struct _WINSTATIONVIDEODATA +{ + USHORT HResolution; + USHORT VResolution; + USHORT fColorDepth; +} WINSTATIONVIDEODATA, *PWINSTATIONVIDEODATA; + +typedef enum _CDCLASS +{ + CdNone, // No connection driver. + CdModem, // Connection driver is a modem. + CdClass_Maximum, +} CDCLASS; + +// Connection driver configuration. It is used for connecting via modem to a server. +typedef struct _CDCONFIG +{ + CDCLASS CdClass; // Connection driver type. + CDNAME CdName; // Connection driver descriptive name. + DLLNAME CdDLL; // Connection driver image name. + ULONG CdFlag; // Connection driver flags. Connection driver specific. +} CDCONFIG, *PCDCONFIG; + +// The name has the following form: +// name syntax : xxxyyyy +typedef CHAR CLIENTDATANAME[CLIENTDATANAME_LENGTH + 1]; +typedef CHAR* PCLIENTDATANAME; + +typedef struct _WINSTATIONCLIENTDATA +{ + CLIENTDATANAME DataName; // Identifies the type of data sent in this WINSTATIONCLIENTDATA structure. The definition is dependent on the caller and on the client receiving it. This MUST be a data name following a format similar to that of the CLIENTDATANAME data type. + BOOLEAN fUnicodeData; // TRUE indicates data is in Unicode format; FALSE otherwise. +} WINSTATIONCLIENTDATA, *PWINSTATIONCLIENTDATA; + +typedef enum _LOADFACTORTYPE +{ + ErrorConstraint, // An error occurred while obtaining constraint data. + PagedPoolConstraint, // The amount of paged pool is the constraint. + NonPagedPoolConstraint, // The amount of non-paged pool is the constraint. + AvailablePagesConstraint, // The amount of available pages is the constraint. + SystemPtesConstraint, // The number of system page table entries (PTEs) is the constraint. + CPUConstraint // CPU usage is the constraint. +} LOADFACTORTYPE; + +// The WINSTATIONLOADINDICATORDATA structure defines data used for the load balancing of a server. +typedef struct _WINSTATIONLOADINDICATORDATA +{ + ULONG RemainingSessionCapacity; // The estimated number of additional sessions that can be supported given the CPU constraint. + LOADFACTORTYPE LoadFactor; // Indicates the most constrained current resource. + ULONG TotalSessions; // The total number of sessions. + ULONG DisconnectedSessions; // The number of disconnected sessions. + LARGE_INTEGER IdleCPU; // This is always set to 0. + LARGE_INTEGER TotalCPU; // This is always set to 0. + ULONG RawSessionCapacity; // The raw number of sessions capacity. + ULONG reserved[9]; // Reserved. +} WINSTATIONLOADINDICATORDATA, *PWINSTATIONLOADINDICATORDATA; + +typedef enum _SHADOWSTATECLASS +{ + State_NoShadow, // No shadow operations are currently being performed on this session. + State_Shadowing, // The session is shadowing a different session. The current session is referred to as a shadow client. + State_Shadowed // The session is being shadowed by a different session. The current session is referred to as a shadow target. +} SHADOWSTATECLASS; + +#define PROTOCOL_CONSOLE 0 +#define PROTOCOL_OTHERS 1 +#define PROTOCOL_RDP 2 + +// Retrieves the current shadow state of a session. +typedef struct _WINSTATIONSHADOW +{ + SHADOWSTATECLASS ShadowState; // Specifies the current state of shadowing. + SHADOWCLASS ShadowClass; // Specifies the type of shadowing. + ULONG SessionId; // Specifies the session ID of the session. + ULONG ProtocolType; // Specifies the type of protocol on the session. Can be one of PROTOCOL_* values. +} WINSTATIONSHADOW, *PWINSTATIONSHADOW; + +// Retrieves the client product ID and current product ID of the session. +typedef struct _WINSTATIONPRODID +{ + WCHAR DigProductId[CLIENT_PRODUCT_ID_LENGTH]; + WCHAR ClientDigProductId[CLIENT_PRODUCT_ID_LENGTH]; + WCHAR OuterMostDigProductId[CLIENT_PRODUCT_ID_LENGTH]; + ULONG CurrentSessionId; + ULONG ClientSessionId; + ULONG OuterMostSessionId; +} WINSTATIONPRODID, *PWINSTATIONPRODID; + +// Retrieves the remote IP address of the terminal server client in the session. +typedef struct _WINSTATIONREMOTEADDRESS +{ + USHORT sin_family; + union + { + struct + { + USHORT sin_port; + ULONG sin_addr; + UCHAR sin_zero[8]; + } ipv4; + struct + { + USHORT sin6_port; + ULONG sin6_flowinfo; + USHORT sin6_addr[8]; + ULONG sin6_scope_id; + } ipv6; + }; +} WINSTATIONREMOTEADDRESS, *PWINSTATIONREMOTEADDRESS; + +// WinStationInformationEx + +// private +typedef struct _WINSTATIONINFORMATIONEX_LEVEL1 +{ + ULONG SessionId; + WINSTATIONSTATECLASS SessionState; + LONG SessionFlags; + WINSTATIONNAME WinStationName; + WCHAR UserName[USERNAME_LENGTH + 1]; + WCHAR DomainName[DOMAIN_LENGTH + 1]; + LARGE_INTEGER LogonTime; + LARGE_INTEGER ConnectTime; + LARGE_INTEGER DisconnectTime; + LARGE_INTEGER LastInputTime; + LARGE_INTEGER CurrentTime; + PROTOCOLSTATUS ProtocolStatus; +} WINSTATIONINFORMATIONEX_LEVEL1, *PWINSTATIONINFORMATIONEX_LEVEL1; + +// private +typedef struct _WINSTATIONINFORMATIONEX_LEVEL2 +{ + ULONG SessionId; + WINSTATIONSTATECLASS SessionState; + LONG SessionFlags; + WINSTATIONNAME WinStationName; + WCHAR SamCompatibleUserName[USERNAME_LENGTH + 1]; + WCHAR SamCompatibleDomainName[DOMAIN_LENGTH + 1]; + LARGE_INTEGER LogonTime; + LARGE_INTEGER ConnectTime; + LARGE_INTEGER DisconnectTime; + LARGE_INTEGER LastInputTime; + LARGE_INTEGER CurrentTime; + PROTOCOLSTATUS ProtocolStatus; + WCHAR UserName[257]; + WCHAR DomainName[256]; +} WINSTATIONINFORMATIONEX_LEVEL2, *PWINSTATIONINFORMATIONEX_LEVEL2; + +// private +typedef union _WINSTATIONINFORMATIONEX_LEVEL +{ + WINSTATIONINFORMATIONEX_LEVEL1 WinStationInfoExLevel1; + WINSTATIONINFORMATIONEX_LEVEL2 WinStationInfoExLevel2; +} WINSTATIONINFORMATIONEX_LEVEL, *PWINSTATIONINFORMATIONEX_LEVEL; + +// private +typedef struct _WINSTATIONINFORMATIONEX +{ + ULONG Level; + WINSTATIONINFORMATIONEX_LEVEL Data; +} WINSTATIONINFORMATIONEX, *PWINSTATIONINFORMATIONEX; + +#define TS_PROCESS_INFO_MAGIC_NT4 0x23495452 + +typedef struct _TS_PROCESS_INFORMATION_NT4 +{ + ULONG MagicNumber; + ULONG LogonId; + PVOID ProcessSid; + ULONG Pad; +} TS_PROCESS_INFORMATION_NT4, *PTS_PROCESS_INFORMATION_NT4; + +#define SIZEOF_TS4_SYSTEM_THREAD_INFORMATION 64 +#define SIZEOF_TS4_SYSTEM_PROCESS_INFORMATION 136 + +typedef struct _TS_SYS_PROCESS_INFORMATION +{ + ULONG NextEntryOffset; + ULONG NumberOfThreads; + LARGE_INTEGER SpareLi1; + LARGE_INTEGER SpareLi2; + LARGE_INTEGER SpareLi3; + LARGE_INTEGER CreateTime; + LARGE_INTEGER UserTime; + LARGE_INTEGER KernelTime; + UNICODE_STRING ImageName; + KPRIORITY BasePriority; + ULONG UniqueProcessId; + ULONG InheritedFromUniqueProcessId; + ULONG HandleCount; + ULONG SessionId; + ULONG SpareUl3; + SIZE_T PeakVirtualSize; + SIZE_T VirtualSize; + ULONG PageFaultCount; + ULONG PeakWorkingSetSize; + ULONG WorkingSetSize; + SIZE_T QuotaPeakPagedPoolUsage; + SIZE_T QuotaPagedPoolUsage; + SIZE_T QuotaPeakNonPagedPoolUsage; + SIZE_T QuotaNonPagedPoolUsage; + SIZE_T PagefileUsage; + SIZE_T PeakPagefileUsage; + SIZE_T PrivatePageCount; +} TS_SYS_PROCESS_INFORMATION, *PTS_SYS_PROCESS_INFORMATION; + +typedef struct _TS_ALL_PROCESSES_INFO +{ + PTS_SYS_PROCESS_INFORMATION pTsProcessInfo; + ULONG SizeOfSid; + PSID pSid; +} TS_ALL_PROCESSES_INFO, *PTS_ALL_PROCESSES_INFO; + +typedef struct _TS_COUNTER_HEADER +{ + DWORD dwCounterID; + BOOLEAN bResult; +} TS_COUNTER_HEADER, *PTS_COUNTER_HEADER; + +typedef struct _TS_COUNTER +{ + TS_COUNTER_HEADER CounterHead; + DWORD dwValue; + LARGE_INTEGER StartTime; +} TS_COUNTER, *PTS_COUNTER; + +// Flags for WinStationShutdownSystem +#define WSD_LOGOFF 0x1 +#define WSD_SHUTDOWN 0x2 +#define WSD_REBOOT 0x4 +#define WSD_POWEROFF 0x8 + +// Flags for WinStationWaitSystemEvent +#define WEVENT_NONE 0x0 +#define WEVENT_CREATE 0x1 +#define WEVENT_DELETE 0x2 +#define WEVENT_RENAME 0x4 +#define WEVENT_CONNECT 0x8 +#define WEVENT_DISCONNECT 0x10 +#define WEVENT_LOGON 0x20 +#define WEVENT_LOGOFF 0x40 +#define WEVENT_STATECHANGE 0x80 +#define WEVENT_LICENSE 0x100 +#define WEVENT_ALL 0x7fffffff +#define WEVENT_FLUSH 0x80000000 + +// Hotkey modifiers for WinStationShadow +#define KBDSHIFT 0x1 +#define KBDCTRL 0x2 +#define KBDALT 0x4 + +// begin_rev +// Flags for WinStationRegisterConsoleNotification +#define WNOTIFY_ALL_SESSIONS 0x1 +// end_rev + +// In the functions below, memory returned can be freed using LocalFree. NULL can be specified for +// server handles to indicate the local server. -1 can be specified for session IDs to indicate the +// current session ID. + +#define LOGONID_CURRENT (-1) +#define SERVERNAME_CURRENT ((PWSTR)NULL) + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationFreeMemory( + _In_ PVOID Buffer + ); + +// rev +HANDLE +WINAPI +WinStationOpenServerW( + _In_opt_ PWSTR ServerName + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationCloseServer( + _In_ HANDLE ServerHandle + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationServerPing( + _In_opt_ HANDLE ServerHandle + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationGetTermSrvCountersValue( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG Count, + _Inout_ PTS_COUNTER Counters // set counter IDs before calling + ); + +NTSYSAPI +BOOLEAN +WINAPI +WinStationShutdownSystem( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG ShutdownFlags // WSD_* + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationWaitSystemEvent( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG EventMask, // WEVENT_* + _Out_ PULONG EventFlags + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationRegisterConsoleNotification( + _In_opt_ HANDLE ServerHandle, + _In_ HWND WindowHandle, + _In_ ULONG Flags + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationUnRegisterConsoleNotification( + _In_opt_ HANDLE ServerHandle, + _In_ HWND WindowHandle + ); + +// Sessions + +// rev +BOOLEAN +WINAPI +WinStationEnumerateW( + _In_opt_ HANDLE ServerHandle, + _Out_ PSESSIONIDW *SessionIds, + _Out_ PULONG Count + ); + +NTSYSAPI +BOOLEAN +WINAPI +WinStationQueryInformationW( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG SessionId, + _In_ WINSTATIONINFOCLASS WinStationInformationClass, + _Out_writes_bytes_(WinStationInformationLength) PVOID pWinStationInformation, + _In_ ULONG WinStationInformationLength, + _Out_ PULONG pReturnLength + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationSetInformationW( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG SessionId, + _In_ WINSTATIONINFOCLASS WinStationInformationClass, + _In_reads_bytes_(WinStationInformationLength) PVOID pWinStationInformation, + _In_ ULONG WinStationInformationLength + ); + +NTSYSAPI +BOOLEAN +WINAPI +WinStationNameFromLogonIdW( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG SessionId, + _Out_writes_(WINSTATIONNAME_LENGTH + 1) PWSTR pWinStationName + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +LogonIdFromWinStationNameW( + _In_opt_ HANDLE ServerHandle, + _In_ PWSTR pWinStationName, + _Out_ PULONG SessionId + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationSendMessageW( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG SessionId, + _In_ PWSTR Title, + _In_ ULONG TitleLength, + _In_ PWSTR Message, + _In_ ULONG MessageLength, + _In_ ULONG Style, + _In_ ULONG Timeout, + _Out_ PULONG Response, + _In_ BOOLEAN DoNotWait + ); + +NTSYSAPI +BOOLEAN +WINAPI +WinStationConnectW( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG SessionId, + _In_ ULONG TargetSessionId, + _In_opt_ PWSTR pPassword, + _In_ BOOLEAN bWait + ); + +NTSYSAPI +BOOLEAN +WINAPI +WinStationDisconnect( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG SessionId, + _In_ BOOLEAN bWait + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationReset( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG SessionId, + _In_ BOOLEAN bWait + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationShadow( + _In_opt_ HANDLE ServerHandle, + _In_ PWSTR TargetServerName, + _In_ ULONG TargetSessionId, + _In_ UCHAR HotKeyVk, + _In_ USHORT HotkeyModifiers // KBD* + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationShadowStop( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG SessionId, + _In_ BOOLEAN bWait // ignored + ); + +// Processes + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationEnumerateProcesses( + _In_opt_ HANDLE ServerHandle, + _Out_ PVOID *Processes + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationGetAllProcesses( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG Level, + _Out_ PULONG NumberOfProcesses, + _Out_ PTS_ALL_PROCESSES_INFO *Processes + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationFreeGAPMemory( + _In_ ULONG Level, + _In_ PTS_ALL_PROCESSES_INFO Processes, + _In_ ULONG NumberOfProcesses + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationTerminateProcess( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG ProcessId, + _In_ ULONG ExitCode + ); + +NTSYSAPI +BOOLEAN +WINAPI +WinStationGetProcessSid( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG ProcessId, + _In_ FILETIME ProcessStartTime, + _Out_ PVOID pProcessUserSid, + _Inout_ PULONG dwSidSize + ); + +// Services isolation + +#if (PHNT_VERSION >= PHNT_VISTA) + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationSwitchToServicesSession( + VOID + ); + +// rev +NTSYSAPI +BOOLEAN +WINAPI +WinStationRevertFromServicesSession( + VOID + ); + +#endif + +// Misc. +NTSYSAPI +BOOLEAN +WINAPI +_WinStationWaitForConnect( + VOID + ); + +// rev +NTSYSAPI +HANDLE +NTAPI +WinStationVirtualOpen( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG SessionId, + _In_ PCSTR Name + ); + +// rev +NTSYSAPI +HANDLE +NTAPI +WinStationVirtualOpenEx( + _In_opt_ HANDLE ServerHandle, + _In_ ULONG SessionId, + _In_ PCSTR Name, + _In_ ULONG Flags + ); + +// rev +NTSYSAPI +BOOLEAN +NTAPI +WinStationIsCurrentSessionRemoteable( + _Out_ PBOOLEAN IsRemoteable + ); + +EXTERN_C DECLSPEC_SELECTANY CONST GUID PROPERTY_TYPE_GET_MONITOR_CONFIG = { 0x865D5285, 0xF70A, 0x4ECF, { 0x8B, 0x28, 0x51, 0x2F, 0xE0, 0xAA, 0x2D, 0x53 } }; +EXTERN_C DECLSPEC_SELECTANY CONST GUID PROPERTY_TYPE_CORRELATIONID_GUID = { 0x9A363F8E, 0x1902, 0x40DA, { 0xA2, 0xCC, 0x56, 0x4F, 0x09, 0x40, 0xAD, 0xE3 } }; + +typedef struct _TS_PROPERTY_INFORMATION +{ + ULONG Length; + PVOID Buffer; +} TS_PROPERTY_INFORMATION, *PTS_PROPERTY_INFORMATION; + +// rev +NTSYSAPI +BOOLEAN +NTAPI +WinStationGetConnectionProperty( + _In_ ULONG SessionId, + _In_ PCGUID PropertyType, + _Out_ PTS_PROPERTY_INFORMATION PropertyBuffer + ); + +// rev +NTSYSAPI +BOOLEAN +NTAPI +WinStationFreePropertyValue( + _In_ PVOID PropertyBuffer + ); + +#endif diff --git a/rustfmt.toml b/rustfmt.toml new file mode 100644 index 0000000..a70aeb2 --- /dev/null +++ b/rustfmt.toml @@ -0,0 +1 @@ +tab_spaces=3 \ No newline at end of file diff --git a/src/build.rs b/src/build.rs new file mode 100644 index 0000000..53dfb59 --- /dev/null +++ b/src/build.rs @@ -0,0 +1,131 @@ +use std::collections::HashMap; +use std::env; + +use regex::Regex; + +pub struct BindgenConfig { + pub blocklist_types: Vec, + pub raw_lines: Vec, +} + +#[rustfmt::skip] +impl Default for BindgenConfig { + fn default() -> Self { + let type_overrides: HashMap<_, _> = HashMap::from([ + ("NTSTATUS", "windows::Win32::Foundation::NTSTATUS"), + ("BOOL", "windows::Win32::Foundation::BOOL"), + ("BOOLEAN", "windows::Win32::Foundation::BOOLEAN"), + ("UNICODE_STRING", "nt_string::unicode_string::NtUnicodeString"), + ("_UNICODE_STRING", "nt_string::unicode_string::NtUnicodeString"), + ]) + .into_iter() + .map(|(k, v)| (k.to_owned(), v.to_owned())) + .collect(); + + let blocklist_types = type_overrides.clone().into_keys().collect(); + let raw_lines = type_overrides + .into_iter() + .map(|(key, value)| format!("pub use {value} as {key};")) + .collect(); + + Self { + blocklist_types, + raw_lines, + } + } +} + +impl BindgenConfig { + pub fn new(blocklist_types: Vec, raw_lines: Vec) -> Self { + Self { + blocklist_types, + raw_lines, + } + } + + pub fn generate_bindings(&self) -> Result { + let allowlist_regexpr = Regex::new( + format!( + r"({}\\deps\\phnt-nightly\\.*\.h)|winnt\.h|ntstatus\.h", + regex::escape(env!("CARGO_MANIFEST_DIR")) + ) + .as_str(), + ) + .unwrap(); + + let blocklist_regexpr = + Regex::new(&format!(r"({})", self.blocklist_types.join("|"))).unwrap(); + + let mut raw_lines = vec![ + format!("// Generated at {}", chrono::offset::Local::now()), + "use cty;".into(), + ]; + raw_lines.append(&mut self.raw_lines.clone()); + + let clang_args = vec![ + "-Iwindows.h", + "-Iwinnt.h", + concat!("-I", env!("CARGO_MANIFEST_DIR"), "\\deps\\phnt-nightly/"), + ]; + + bindgen::builder() + .header(concat!(env!("CARGO_MANIFEST_DIR"), "\\src\\ffi\\wrapper.h")) + .raw_line(raw_lines.join("\r\n").as_str()) + .clang_args(clang_args) + .allowlist_file(allowlist_regexpr.as_str()) + .blocklist_type(blocklist_regexpr.as_str()) + .type_alias("NTSTATUS") + .opaque_type("std::.*") + .ctypes_prefix("cty") + .parse_callbacks(Box::new(bindgen::CargoCallbacks::new())) + .default_enum_style(bindgen::EnumVariation::Rust { + non_exhaustive: true, + }) + .default_alias_style(::bindgen::AliasVariation::TypeAlias) + .default_macro_constant_type(bindgen::MacroTypeVariation::Unsigned) + .default_non_copy_union_style(bindgen::NonCopyUnionStyle::ManuallyDrop) + .translate_enum_integer_types(true) + .derive_copy(true) + .derive_default(true) + .size_t_is_usize(true) + .allowlist_recursively(true) + .merge_extern_blocks(true) + .generate_inline_functions(true) + .vtable_generation(true) + .generate_comments(true) + .generate_block(true) + .detect_include_paths(true) + .prepend_enum_name(false) + .block_extern_crate(false) + .fit_macro_constants(false) + .layout_tests(false) + .use_core() + .emit_builtins() + .enable_function_attribute_detection() + .generate() + } +} + +fn main() { + std::process::Command::new("git") + .args(["submodule", "update", "--remote", "--recursive"]) + .output() + .expect("phnt/build.rs: failed to update the `phnt-nightly` submodule!"); + + println!(concat!( + "cargo:rerun-if-changed=", + env!("CARGO_MANIFEST_DIR"), + "\\deps\\phnt-nightly" + )); + + BindgenConfig::default() + .generate_bindings() + .expect("Unable to generate bindings!") + .write_to_file(concat!( + env!("CARGO_MANIFEST_DIR"), + "\\src\\ffi\\generated.rs" + )) + .expect("Unable to write bindings"); + + println!("Generated bindings successfully."); +} diff --git a/src/ffi/generated.rs b/src/ffi/generated.rs new file mode 100644 index 0000000..d5ef91e --- /dev/null +++ b/src/ffi/generated.rs @@ -0,0 +1,52979 @@ +/* automatically generated by rust-bindgen 0.69.4 */ + +// Generated at 2024-04-08 04:20:22.090053500 +02:00 +use cty; +pub use windows::Win32::Foundation::NTSTATUS as NTSTATUS; +pub use nt_string::unicode_string::NtUnicodeString as _UNICODE_STRING; +pub use windows::Win32::Foundation::BOOLEAN as BOOLEAN; +pub use nt_string::unicode_string::NtUnicodeString as UNICODE_STRING; +pub use windows::Win32::Foundation::BOOL as BOOL; + +#[repr(C)] +#[derive(Copy, Clone, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)] +pub struct __BindgenBitfieldUnit { + storage: Storage, +} +impl __BindgenBitfieldUnit { + #[inline] + pub const fn new(storage: Storage) -> Self { + Self { storage } + } +} +impl __BindgenBitfieldUnit +where + Storage: AsRef<[u8]> + AsMut<[u8]>, +{ + #[inline] + pub fn get_bit(&self, index: usize) -> bool { + debug_assert!(index / 8 < self.storage.as_ref().len()); + let byte_index = index / 8; + let byte = self.storage.as_ref()[byte_index]; + let bit_index = if cfg!(target_endian = "big") { + 7 - (index % 8) + } else { + index % 8 + }; + let mask = 1 << bit_index; + byte & mask == mask + } + #[inline] + pub fn set_bit(&mut self, index: usize, val: bool) { + debug_assert!(index / 8 < self.storage.as_ref().len()); + let byte_index = index / 8; + let byte = &mut self.storage.as_mut()[byte_index]; + let bit_index = if cfg!(target_endian = "big") { + 7 - (index % 8) + } else { + index % 8 + }; + let mask = 1 << bit_index; + if val { + *byte |= mask; + } else { + *byte &= !mask; + } + } + #[inline] + pub fn get(&self, bit_offset: usize, bit_width: u8) -> u64 { + debug_assert!(bit_width <= 64); + debug_assert!(bit_offset / 8 < self.storage.as_ref().len()); + debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len()); + let mut val = 0; + for i in 0..(bit_width as usize) { + if self.get_bit(i + bit_offset) { + let index = if cfg!(target_endian = "big") { + bit_width as usize - 1 - i + } else { + i + }; + val |= 1 << index; + } + } + val + } + #[inline] + pub fn set(&mut self, bit_offset: usize, bit_width: u8, val: u64) { + debug_assert!(bit_width <= 64); + debug_assert!(bit_offset / 8 < self.storage.as_ref().len()); + debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len()); + for i in 0..(bit_width as usize) { + let mask = 1 << i; + let val_bit_is_set = val & mask == mask; + let index = if cfg!(target_endian = "big") { + bit_width as usize - 1 - i + } else { + i + }; + self.set_bit(index + bit_offset, val_bit_is_set); + } + } +} +pub const NT_CUSTOMER_SHIFT: u32 = 29; +pub const NT_FACILITY_MASK: u32 = 4095; +pub const NT_FACILITY_SHIFT: u32 = 16; +pub const RTL_BALANCED_NODE_RESERVED_PARENT_MASK: u32 = 3; +pub const OBJ_PROTECT_CLOSE: u32 = 1; +pub const OBJ_INHERIT: u32 = 2; +pub const OBJ_AUDIT_OBJECT_CLOSE: u32 = 4; +pub const OBJ_NO_RIGHTS_UPGRADE: u32 = 8; +pub const OBJ_PERMANENT: u32 = 16; +pub const OBJ_EXCLUSIVE: u32 = 32; +pub const OBJ_CASE_INSENSITIVE: u32 = 64; +pub const OBJ_OPENIF: u32 = 128; +pub const OBJ_OPENLINK: u32 = 256; +pub const OBJ_KERNEL_HANDLE: u32 = 512; +pub const OBJ_FORCE_ACCESS_CHECK: u32 = 1024; +pub const OBJ_IGNORE_IMPERSONATED_DEVICEMAP: u32 = 2048; +pub const OBJ_DONT_REPARSE: u32 = 4096; +pub const OBJ_VALID_ATTRIBUTES: u32 = 8178; +pub const MAXIMUM_LEADBYTES: u32 = 12; +pub const LOW_PRIORITY: u32 = 0; +pub const LOW_REALTIME_PRIORITY: u32 = 16; +pub const HIGH_PRIORITY: u32 = 31; +pub const MAXIMUM_PRIORITY: u32 = 32; +pub const LDRP_PACKAGED_BINARY: u32 = 1; +pub const LDRP_MARKED_FOR_REMOVAL: u32 = 2; +pub const LDRP_IMAGE_DLL: u32 = 4; +pub const LDRP_LOAD_NOTIFICATIONS_SENT: u32 = 8; +pub const LDRP_TELEMETRY_ENTRY_PROCESSED: u32 = 16; +pub const LDRP_PROCESS_STATIC_IMPORT: u32 = 32; +pub const LDRP_IN_LEGACY_LISTS: u32 = 64; +pub const LDRP_IN_INDEXES: u32 = 128; +pub const LDRP_SHIM_DLL: u32 = 256; +pub const LDRP_IN_EXCEPTION_TABLE: u32 = 512; +pub const LDRP_LOAD_IN_PROGRESS: u32 = 4096; +pub const LDRP_LOAD_CONFIG_PROCESSED: u32 = 8192; +pub const LDRP_ENTRY_PROCESSED: u32 = 16384; +pub const LDRP_PROTECT_DELAY_LOAD: u32 = 32768; +pub const LDRP_DONT_CALL_FOR_THREADS: u32 = 262144; +pub const LDRP_PROCESS_ATTACH_CALLED: u32 = 524288; +pub const LDRP_PROCESS_ATTACH_FAILED: u32 = 1048576; +pub const LDRP_COR_DEFERRED_VALIDATE: u32 = 2097152; +pub const LDRP_COR_IMAGE: u32 = 4194304; +pub const LDRP_DONT_RELOCATE: u32 = 8388608; +pub const LDRP_COR_IL_ONLY: u32 = 16777216; +pub const LDRP_CHPE_IMAGE: u32 = 33554432; +pub const LDRP_CHPE_EMULATOR_IMAGE: u32 = 67108864; +pub const LDRP_REDIRECTED: u32 = 268435456; +pub const LDRP_COMPAT_DATABASE_PROCESSED: u32 = 2147483648; +pub const LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT: u32 = 1; +pub const LDR_GET_DLL_HANDLE_EX_PIN: u32 = 2; +pub const LDR_ADDREF_DLL_PIN: u32 = 1; +pub const LDR_GET_PROCEDURE_ADDRESS_DONT_RECORD_FORWARDER: u32 = 1; +pub const LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: u32 = 1; +pub const LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY: u32 = 2; +pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID: u32 = 0; +pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED: u32 = 1; +pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED: u32 = 2; +pub const LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: u32 = 1; +pub const LDR_DLL_NOTIFICATION_REASON_LOADED: u32 = 1; +pub const LDR_DLL_NOTIFICATION_REASON_UNLOADED: u32 = 2; +pub const RESOURCE_TYPE_LEVEL: u32 = 0; +pub const RESOURCE_NAME_LEVEL: u32 = 1; +pub const RESOURCE_LANGUAGE_LEVEL: u32 = 2; +pub const RESOURCE_DATA_LEVEL: u32 = 3; +pub const ENCLAVE_STATE_CREATED: u32 = 0; +pub const ENCLAVE_STATE_INITIALIZED: u32 = 1; +pub const ENCLAVE_STATE_INITIALIZED_VBS: u32 = 2; +pub const EFI_VARIABLE_NON_VOLATILE: u32 = 1; +pub const EFI_VARIABLE_BOOTSERVICE_ACCESS: u32 = 2; +pub const EFI_VARIABLE_RUNTIME_ACCESS: u32 = 4; +pub const EFI_VARIABLE_HARDWARE_ERROR_RECORD: u32 = 8; +pub const EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS: u32 = 16; +pub const EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS: u32 = 32; +pub const EFI_VARIABLE_APPEND_WRITE: u32 = 64; +pub const EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS: u32 = 128; +pub const EVENT_QUERY_STATE: u32 = 1; +pub const EVENT_PAIR_ALL_ACCESS: u32 = 2031616; +pub const SEMAPHORE_QUERY_STATE: u32 = 1; +pub const PROFILE_CONTROL: u32 = 1; +pub const PROFILE_ALL_ACCESS: u32 = 983041; +pub const KEYEDEVENT_WAIT: u32 = 1; +pub const KEYEDEVENT_WAKE: u32 = 2; +pub const KEYEDEVENT_ALL_ACCESS: u32 = 983043; +pub const WORKER_FACTORY_RELEASE_WORKER: u32 = 1; +pub const WORKER_FACTORY_WAIT: u32 = 2; +pub const WORKER_FACTORY_SET_INFORMATION: u32 = 4; +pub const WORKER_FACTORY_QUERY_INFORMATION: u32 = 8; +pub const WORKER_FACTORY_READY_WORKER: u32 = 16; +pub const WORKER_FACTORY_SHUTDOWN: u32 = 32; +pub const WORKER_FACTORY_ALL_ACCESS: u32 = 983103; +pub const MM_WORKING_SET_MAX_HARD_ENABLE: u32 = 1; +pub const MM_WORKING_SET_MAX_HARD_DISABLE: u32 = 2; +pub const MM_WORKING_SET_MIN_HARD_ENABLE: u32 = 4; +pub const MM_WORKING_SET_MIN_HARD_DISABLE: u32 = 8; +pub const EVENT_TRACE_FLAG_EXT_ITEMS: u32 = 2164195328; +pub const EVENT_TRACE_FLAG_EXT_LEN_NEW_STRUCT: u32 = 255; +pub const ETW_MINIMUM_CACHED_STACK_LENGTH: u32 = 4; +pub const ETW_SW_ARRAY_SIZE: u32 = 256; +pub const ETW_STACK_SW_ARRAY_SIZE: u32 = 192; +pub const ETW_MAX_STACKWALK_FILTER: u32 = 256; +pub const ETW_MAX_TAG_FILTER: u32 = 4; +pub const ETW_MAX_POOLTAG_FILTER: u32 = 4; +pub const ETW_EXT_ENABLE_FLAGS: u32 = 1; +pub const ETW_EXT_PIDS: u32 = 2; +pub const ETW_EXT_STACKWALK_FILTER: u32 = 3; +pub const ETW_EXT_POOLTAG_FILTER: u32 = 4; +pub const ETW_EXT_STACK_CACHING: u32 = 5; +pub const TRACE_HEADER_EVENT_TRACE: u32 = 1073741824; +pub const TRACE_HEADER_ENUM_MASK: u32 = 16711680; +pub const PERF_MASK_INDEX: u32 = 3758096384; +pub const PERF_MASK_GROUP: i64 = -3758096385; +pub const PERF_NUM_MASKS: u32 = 8; +pub const PERF_PROCESS: u32 = 1; +pub const PERF_THREAD: u32 = 2; +pub const PERF_PROC_THREAD: u32 = 3; +pub const PERF_LOADER: u32 = 4; +pub const PERF_PERF_COUNTER: u32 = 8; +pub const PERF_FILENAME: u32 = 512; +pub const PERF_DISK_IO: u32 = 768; +pub const PERF_DISK_IO_INIT: u32 = 1024; +pub const PERF_ALL_FAULTS: u32 = 4096; +pub const PERF_HARD_FAULTS: u32 = 8192; +pub const PERF_VAMAP: u32 = 32768; +pub const PERF_NETWORK: u32 = 65536; +pub const PERF_REGISTRY: u32 = 131072; +pub const PERF_DBGPRINT: u32 = 262144; +pub const PERF_JOB: u32 = 524288; +pub const PERF_ALPC: u32 = 1048576; +pub const PERF_SPLIT_IO: u32 = 2097152; +pub const PERF_DEBUG_EVENTS: u32 = 4194304; +pub const PERF_FILE_IO: u32 = 33554432; +pub const PERF_FILE_IO_INIT: u32 = 67108864; +pub const PERF_NO_SYSCONFIG: u32 = 268435456; +pub const PERF_MEMORY: u32 = 536870913; +pub const PERF_PROFILE: u32 = 536870914; +pub const PERF_CONTEXT_SWITCH: u32 = 536870916; +pub const PERF_FOOTPRINT: u32 = 536870920; +pub const PERF_DRIVERS: u32 = 536870928; +pub const PERF_REFSET: u32 = 536870944; +pub const PERF_POOL: u32 = 536870976; +pub const PERF_POOLTRACE: u32 = 536870977; +pub const PERF_DPC: u32 = 536871040; +pub const PERF_COMPACT_CSWITCH: u32 = 536871168; +pub const PERF_DISPATCHER: u32 = 536871424; +pub const PERF_PMC_PROFILE: u32 = 536871936; +pub const PERF_PROFILING: u32 = 536871938; +pub const PERF_PROCESS_INSWAP: u32 = 536872960; +pub const PERF_AFFINITY: u32 = 536875008; +pub const PERF_PRIORITY: u32 = 536879104; +pub const PERF_INTERRUPT: u32 = 536887296; +pub const PERF_VIRTUAL_ALLOC: u32 = 536903680; +pub const PERF_SPINLOCK: u32 = 536936448; +pub const PERF_SYNC_OBJECTS: u32 = 537001984; +pub const PERF_DPC_QUEUE: u32 = 537133056; +pub const PERF_MEMINFO: u32 = 537395200; +pub const PERF_CONTMEM_GEN: u32 = 537919488; +pub const PERF_SPINLOCK_CNTRS: u32 = 538968064; +pub const PERF_SPININSTR: u32 = 539033600; +pub const PERF_SESSION: u32 = 541065216; +pub const PERF_PFSECTION: u32 = 541065216; +pub const PERF_MEMINFO_WS: u32 = 545259520; +pub const PERF_KERNEL_QUEUE: u32 = 553648128; +pub const PERF_INTERRUPT_STEER: u32 = 570425344; +pub const PERF_SHOULD_YIELD: u32 = 603979776; +pub const PERF_WS: u32 = 671088640; +pub const PERF_ANTI_STARVATION: u32 = 1073741825; +pub const PERF_PROCESS_FREEZE: u32 = 1073741826; +pub const PERF_PFN_LIST: u32 = 1073741828; +pub const PERF_WS_DETAIL: u32 = 1073741832; +pub const PERF_WS_ENTRY: u32 = 1073741840; +pub const PERF_HEAP: u32 = 1073741856; +pub const PERF_SYSCALL: u32 = 1073741888; +pub const PERF_UMS: u32 = 1073741952; +pub const PERF_BACKTRACE: u32 = 1073742080; +pub const PERF_VULCAN: u32 = 1073742336; +pub const PERF_OBJECTS: u32 = 1073742848; +pub const PERF_EVENTS: u32 = 1073743872; +pub const PERF_FULLTRACE: u32 = 1073745920; +pub const PERF_DFSS: u32 = 1073750016; +pub const PERF_PREFETCH: u32 = 1073758208; +pub const PERF_PROCESSOR_IDLE: u32 = 1073774592; +pub const PERF_CPU_CONFIG: u32 = 1073807360; +pub const PERF_TIMER: u32 = 1073872896; +pub const PERF_CLOCK_INTERRUPT: u32 = 1074003968; +pub const PERF_LOAD_BALANCER: u32 = 1074266112; +pub const PERF_CLOCK_TIMER: u32 = 1074790400; +pub const PERF_IDLE_SELECTION: u32 = 1075838976; +pub const PERF_IPI: u32 = 1077936128; +pub const PERF_IO_TIMER: u32 = 1082130432; +pub const PERF_REG_HIVE: u32 = 1090519040; +pub const PERF_REG_NOTIF: u32 = 1107296256; +pub const PERF_PPM_EXIT_LATENCY: u32 = 1140850688; +pub const PERF_WORKER_THREAD: u32 = 1207959552; +pub const PERF_OPTICAL_IO: u32 = 2147483649; +pub const PERF_OPTICAL_IO_INIT: u32 = 2147483650; +pub const PERF_DLL_INFO: u32 = 2147483656; +pub const PERF_DLL_FLUSH_WS: u32 = 2147483664; +pub const PERF_OB_HANDLE: u32 = 2147483712; +pub const PERF_OB_OBJECT: u32 = 2147483776; +pub const PERF_WAKE_DROP: u32 = 2147484160; +pub const PERF_WAKE_EVENT: u32 = 2147484672; +pub const PERF_DEBUGGER: u32 = 2147485696; +pub const PERF_PROC_ATTACH: u32 = 2147487744; +pub const PERF_WAKE_COUNTER: u32 = 2147491840; +pub const PERF_POWER: u32 = 2147516416; +pub const PERF_SOFT_TRIM: u32 = 2147549184; +pub const PERF_CC: u32 = 2147614720; +pub const PERF_FLT_IO_INIT: u32 = 2148007936; +pub const PERF_FLT_IO: u32 = 2148532224; +pub const PERF_FLT_FASTIO: u32 = 2149580800; +pub const PERF_FLT_IO_FAILURE: u32 = 2151677952; +pub const PERF_HV_PROFILE: u32 = 2155872256; +pub const PERF_WDF_DPC: u32 = 2164260864; +pub const PERF_WDF_INTERRUPT: u32 = 2181038080; +pub const PERF_CACHE_FLUSH: u32 = 2214592512; +pub const PERF_HIBER_RUNDOWN: u32 = 2684354561; +pub const PERF_SYSCFG_SYSTEM: u32 = 3221225473; +pub const PERF_SYSCFG_GRAPHICS: u32 = 3221225474; +pub const PERF_SYSCFG_STORAGE: u32 = 3221225476; +pub const PERF_SYSCFG_NETWORK: u32 = 3221225480; +pub const PERF_SYSCFG_SERVICES: u32 = 3221225488; +pub const PERF_SYSCFG_PNP: u32 = 3221225504; +pub const PERF_SYSCFG_OPTICAL: u32 = 3221225536; +pub const PERF_SYSCFG_ALL: u32 = 3758096383; +pub const PERF_CLUSTER_OFF: u32 = 3758096385; +pub const PERF_MEMORY_CONTROL: u32 = 3758096386; +pub const EVENT_TRACE_GROUP_HEADER: u32 = 0; +pub const EVENT_TRACE_GROUP_IO: u32 = 256; +pub const EVENT_TRACE_GROUP_MEMORY: u32 = 512; +pub const EVENT_TRACE_GROUP_PROCESS: u32 = 768; +pub const EVENT_TRACE_GROUP_FILE: u32 = 1024; +pub const EVENT_TRACE_GROUP_THREAD: u32 = 1280; +pub const EVENT_TRACE_GROUP_TCPIP: u32 = 1536; +pub const EVENT_TRACE_GROUP_JOB: u32 = 1792; +pub const EVENT_TRACE_GROUP_UDPIP: u32 = 2048; +pub const EVENT_TRACE_GROUP_REGISTRY: u32 = 2304; +pub const EVENT_TRACE_GROUP_DBGPRINT: u32 = 2560; +pub const EVENT_TRACE_GROUP_CONFIG: u32 = 2816; +pub const EVENT_TRACE_GROUP_SPARE1: u32 = 3072; +pub const EVENT_TRACE_GROUP_WNF: u32 = 3328; +pub const EVENT_TRACE_GROUP_POOL: u32 = 3584; +pub const EVENT_TRACE_GROUP_PERFINFO: u32 = 3840; +pub const EVENT_TRACE_GROUP_HEAP: u32 = 4096; +pub const EVENT_TRACE_GROUP_OBJECT: u32 = 4352; +pub const EVENT_TRACE_GROUP_POWER: u32 = 4608; +pub const EVENT_TRACE_GROUP_MODBOUND: u32 = 4864; +pub const EVENT_TRACE_GROUP_IMAGE: u32 = 5120; +pub const EVENT_TRACE_GROUP_DPC: u32 = 5376; +pub const EVENT_TRACE_GROUP_CC: u32 = 5632; +pub const EVENT_TRACE_GROUP_CRITSEC: u32 = 5888; +pub const EVENT_TRACE_GROUP_STACKWALK: u32 = 6144; +pub const EVENT_TRACE_GROUP_UMS: u32 = 6400; +pub const EVENT_TRACE_GROUP_ALPC: u32 = 6656; +pub const EVENT_TRACE_GROUP_SPLITIO: u32 = 6912; +pub const EVENT_TRACE_GROUP_THREAD_POOL: u32 = 7168; +pub const EVENT_TRACE_GROUP_HYPERVISOR: u32 = 7424; +pub const EVENT_TRACE_GROUP_HYPERVISORX: u32 = 7680; +pub const WMI_LOG_TYPE_HEADER: u32 = 0; +pub const WMI_LOG_TYPE_HEADER_EXTENSION: u32 = 5; +pub const WMI_LOG_TYPE_RUNDOWN_COMPLETE: u32 = 8; +pub const WMI_LOG_TYPE_GROUP_MASKS_END: u32 = 32; +pub const WMI_LOG_TYPE_RUNDOWN_BEGIN: u32 = 48; +pub const WMI_LOG_TYPE_RUNDOWN_END: u32 = 49; +pub const WMI_LOG_TYPE_DBGID_RSDS: u32 = 64; +pub const WMI_LOG_TYPE_DBGID_NB10: u32 = 65; +pub const WMI_LOG_TYPE_BUILD_LAB: u32 = 66; +pub const WMI_LOG_TYPE_BINARY_PATH: u32 = 67; +pub const WMI_LOG_TYPE_CONFIG_CPU: u32 = 2826; +pub const WMI_LOG_TYPE_CONFIG_PHYSICALDISK: u32 = 2827; +pub const WMI_LOG_TYPE_CONFIG_LOGICALDISK: u32 = 2828; +pub const WMI_LOG_TYPE_CONFIG_OPTICALMEDIA: u32 = 2834; +pub const WMI_LOG_TYPE_CONFIG_NIC: u32 = 2829; +pub const WMI_LOG_TYPE_CONFIG_VIDEO: u32 = 2830; +pub const WMI_LOG_TYPE_CONFIG_SERVICES: u32 = 2831; +pub const WMI_LOG_TYPE_CONFIG_POWER: u32 = 2832; +pub const WMI_LOG_TYPE_CONFIG_IRQ: u32 = 2837; +pub const WMI_LOG_TYPE_CONFIG_PNP: u32 = 2838; +pub const WMI_LOG_TYPE_CONFIG_IDECHANNEL: u32 = 2839; +pub const WMI_LOG_TYPE_CONFIG_NUMANODE: u32 = 2840; +pub const WMI_LOG_TYPE_CONFIG_PLATFORM: u32 = 2841; +pub const WMI_LOG_TYPE_CONFIG_PROCESSORGROUP: u32 = 2842; +pub const WMI_LOG_TYPE_CONFIG_PROCESSORNUMBER: u32 = 2843; +pub const WMI_LOG_TYPE_CONFIG_DPI: u32 = 2844; +pub const WMI_LOG_TYPE_CONFIG_CODEINTEGRITY: u32 = 2845; +pub const WMI_LOG_TYPE_CONFIG_MACHINEID: u32 = 2846; +pub const PERFINFO_LOG_TYPE_FILENAME: u32 = 1024; +pub const PERFINFO_LOG_TYPE_FILENAME_CREATE: u32 = 1056; +pub const PERFINFO_LOG_TYPE_FILENAME_SAME: u32 = 1057; +pub const PERFINFO_LOG_TYPE_FILENAME_NULL: u32 = 1058; +pub const PERFINFO_LOG_TYPE_FILENAME_DELETE: u32 = 1059; +pub const PERFINFO_LOG_TYPE_FILENAME_RUNDOWN: u32 = 1060; +pub const PERFINFO_LOG_TYPE_MAPFILE: u32 = 1061; +pub const PERFINFO_LOG_TYPE_UNMAPFILE: u32 = 1062; +pub const PERFINFO_LOG_TYPE_MAPFILE_DC_START: u32 = 1063; +pub const PERFINFO_LOG_TYPE_MAPFILE_DC_END: u32 = 1064; +pub const PERFINFO_LOG_TYPE_FILE_IO_CREATE: u32 = 1088; +pub const PERFINFO_LOG_TYPE_FILE_IO_CLEANUP: u32 = 1089; +pub const PERFINFO_LOG_TYPE_FILE_IO_CLOSE: u32 = 1090; +pub const PERFINFO_LOG_TYPE_FILE_IO_READ: u32 = 1091; +pub const PERFINFO_LOG_TYPE_FILE_IO_WRITE: u32 = 1092; +pub const PERFINFO_LOG_TYPE_FILE_IO_SET_INFORMATION: u32 = 1093; +pub const PERFINFO_LOG_TYPE_FILE_IO_DELETE: u32 = 1094; +pub const PERFINFO_LOG_TYPE_FILE_IO_RENAME: u32 = 1095; +pub const PERFINFO_LOG_TYPE_FILE_IO_DIRENUM: u32 = 1096; +pub const PERFINFO_LOG_TYPE_FILE_IO_FLUSH: u32 = 1097; +pub const PERFINFO_LOG_TYPE_FILE_IO_QUERY_INFORMATION: u32 = 1098; +pub const PERFINFO_LOG_TYPE_FILE_IO_FS_CONTROL: u32 = 1099; +pub const PERFINFO_LOG_TYPE_FILE_IO_OPERATION_END: u32 = 1100; +pub const PERFINFO_LOG_TYPE_FILE_IO_DIRNOTIFY: u32 = 1101; +pub const PERFINFO_LOG_TYPE_FILE_IO_CREATE_NEW: u32 = 1102; +pub const PERFINFO_LOG_TYPE_FILE_IO_DELETE_PATH: u32 = 1103; +pub const PERFINFO_LOG_TYPE_FILE_IO_RENAME_PATH: u32 = 1104; +pub const PERFINFO_LOG_TYPE_FILE_IO_SETLINK_PATH: u32 = 1105; +pub const PERFINFO_LOG_TYPE_FILE_IO_SETLINK: u32 = 1106; +pub const PERFINFO_LOG_TYPE_FLT_PREOP_INIT: u32 = 1120; +pub const PERFINFO_LOG_TYPE_FLT_POSTOP_INIT: u32 = 1121; +pub const PERFINFO_LOG_TYPE_FLT_PREOP_COMPLETION: u32 = 1122; +pub const PERFINFO_LOG_TYPE_FLT_POSTOP_COMPLETION: u32 = 1123; +pub const PERFINFO_LOG_TYPE_FLT_PREOP_FAILURE: u32 = 1124; +pub const PERFINFO_LOG_TYPE_FLT_POSTOP_FAILURE: u32 = 1125; +pub const WMI_LOG_TYPE_JOB_CREATE: u32 = 1824; +pub const WMI_LOG_TYPE_JOB_TERMINATE: u32 = 1825; +pub const WMI_LOG_TYPE_JOB_OPEN: u32 = 1826; +pub const WMI_LOG_TYPE_JOB_ASSIGN_PROCESS: u32 = 1827; +pub const WMI_LOG_TYPE_JOB_REMOVE_PROCESS: u32 = 1828; +pub const WMI_LOG_TYPE_JOB_SET: u32 = 1829; +pub const WMI_LOG_TYPE_JOB_QUERY: u32 = 1830; +pub const WMI_LOG_TYPE_JOB_SET_FAILED: u32 = 1831; +pub const WMI_LOG_TYPE_JOB_QUERY_FAILED: u32 = 1832; +pub const WMI_LOG_TYPE_JOB_SET_NOTIFICATION: u32 = 1833; +pub const WMI_LOG_TYPE_JOB_SEND_NOTIFICATION: u32 = 1834; +pub const WMI_LOG_TYPE_JOB_QUERY_VIOLATION: u32 = 1835; +pub const WMI_LOG_TYPE_JOB_SET_CPU_RATE: u32 = 1836; +pub const WMI_LOG_TYPE_JOB_SET_NET_RATE: u32 = 1837; +pub const WMI_LOG_TYPE_PROCESS_CREATE: u32 = 769; +pub const WMI_LOG_TYPE_PROCESS_DELETE: u32 = 770; +pub const WMI_LOG_TYPE_PROCESS_DC_START: u32 = 771; +pub const WMI_LOG_TYPE_PROCESS_DC_END: u32 = 772; +pub const WMI_LOG_TYPE_PROCESS_LOAD_IMAGE: u32 = 778; +pub const WMI_LOG_TYPE_PROCESS_TERMINATE: u32 = 779; +pub const PERFINFO_LOG_TYPE_PROCESS_PERFCTR_END: u32 = 800; +pub const PERFINFO_LOG_TYPE_PROCESS_PERFCTR_RD: u32 = 801; +pub const PERFINFO_LOG_TYPE_INSWAPPROCESS: u32 = 803; +pub const PERFINFO_LOG_TYPE_PROCESS_FREEZE: u32 = 804; +pub const PERFINFO_LOG_TYPE_PROCESS_THAW: u32 = 805; +pub const PERFINFO_LOG_TYPE_BOOT_PHASE_START: u32 = 806; +pub const PERFINFO_LOG_TYPE_ZOMBIE_PROCESS: u32 = 807; +pub const PERFINFO_LOG_TYPE_PROCESS_SET_AFFINITY: u32 = 808; +pub const PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_USER: u32 = 816; +pub const PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_EXECUTION: u32 = 817; +pub const PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_KERNEL: u32 = 818; +pub const PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_INSTRUMENTATION: u32 = 819; +pub const PERFINFO_LOG_TYPE_CHARGE_WAKE_COUNTER_PRESERVE_PROCESS: u32 = 820; +pub const PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_USER: u32 = 832; +pub const PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_EXECUTION: u32 = 833; +pub const PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_KERNEL: u32 = 834; +pub const PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_INSTRUMENTATION: u32 = 835; +pub const PERFINFO_LOG_TYPE_RELEASE_WAKE_COUNTER_PRESERVE_PROCESS: u32 = 836; +pub const PERFINFO_LOG_TYPE_WAKE_DROP_USER: u32 = 848; +pub const PERFINFO_LOG_TYPE_WAKE_DROP_EXECUTION: u32 = 849; +pub const PERFINFO_LOG_TYPE_WAKE_DROP_KERNEL: u32 = 850; +pub const PERFINFO_LOG_TYPE_WAKE_DROP_INSTRUMENTATION: u32 = 851; +pub const PERFINFO_LOG_TYPE_WAKE_DROP_PRESERVE_PROCESS: u32 = 852; +pub const PERFINFO_LOG_TYPE_WAKE_EVENT_USER: u32 = 864; +pub const PERFINFO_LOG_TYPE_WAKE_EVENT_EXECUTION: u32 = 865; +pub const PERFINFO_LOG_TYPE_WAKE_EVENT_KERNEL: u32 = 866; +pub const PERFINFO_LOG_TYPE_WAKE_EVENT_INSTRUMENTATION: u32 = 867; +pub const PERFINFO_LOG_TYPE_WAKE_EVENT_PRESERVE_PROCESS: u32 = 868; +pub const PERFINFO_LOG_TYPE_DEBUG_EVENT: u32 = 880; +pub const WMI_LOG_TYPE_IMAGE_LOAD: u32 = 5121; +pub const WMI_LOG_TYPE_IMAGE_UNLOAD: u32 = 5122; +pub const WMI_LOG_TYPE_IMAGE_DC_START: u32 = 5123; +pub const WMI_LOG_TYPE_IMAGE_DC_END: u32 = 5124; +pub const WMI_LOG_TYPE_IMAGE_RELOCATION: u32 = 5152; +pub const WMI_LOG_TYPE_IMAGE_KERNEL_BASE: u32 = 5153; +pub const WMI_LOG_TYPE_IMAGE_HYPERCALL_PAGE: u32 = 5154; +pub const PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_ATTEMPT: u32 = 5248; +pub const PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_SUCCESS: u32 = 5249; +pub const PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_FAIL: u32 = 5250; +pub const PERFINFO_LOG_TYPE_LDR_LOCK_ACQUIRE_WAIT: u32 = 5251; +pub const PERFINFO_LOG_TYPE_LDR_PROC_INIT_DONE: u32 = 5252; +pub const PERFINFO_LOG_TYPE_LDR_CREATE_SECTION: u32 = 5253; +pub const PERFINFO_LOG_TYPE_LDR_SECTION_CREATED: u32 = 5254; +pub const PERFINFO_LOG_TYPE_LDR_MAP_VIEW: u32 = 5255; +pub const PERFINFO_LOG_TYPE_LDR_RELOCATE_IMAGE: u32 = 5264; +pub const PERFINFO_LOG_TYPE_LDR_IMAGE_RELOCATED: u32 = 5265; +pub const PERFINFO_LOG_TYPE_LDR_HANDLE_OLD_DESCRIPTORS: u32 = 5266; +pub const PERFINFO_LOG_TYPE_LDR_OLD_DESCRIPTORS_HANDLED: u32 = 5267; +pub const PERFINFO_LOG_TYPE_LDR_HANDLE_NEW_DESCRIPTORS: u32 = 5268; +pub const PERFINFO_LOG_TYPE_LDR_NEW_DESCRIPTORS_HANDLED: u32 = 5269; +pub const PERFINFO_LOG_TYPE_LDR_DLLMAIN_EXIT: u32 = 5270; +pub const PERFINFO_LOG_TYPE_LDR_FIND_DLL: u32 = 5280; +pub const PERFINFO_LOG_TYPE_LDR_VIEW_MAPPED: u32 = 5281; +pub const PERFINFO_LOG_TYPE_LDR_LOCK_RELEASE: u32 = 5282; +pub const PERFINFO_LOG_TYPE_LDR_DLLMAIN_ENTER: u32 = 5283; +pub const PERFINFO_LOG_TYPE_LDR_ERROR: u32 = 5284; +pub const PERFINFO_LOG_TYPE_LDR_VIEW_MAPPING: u32 = 5285; +pub const PERFINFO_LOG_TYPE_LDR_SNAPPING: u32 = 5286; +pub const PERFINFO_LOG_TYPE_LDR_SNAPPED: u32 = 5287; +pub const PERFINFO_LOG_TYPE_LDR_LOADING: u32 = 5288; +pub const PERFINFO_LOG_TYPE_LDR_LOADED: u32 = 5289; +pub const PERFINFO_LOG_TYPE_LDR_FOUND_KNOWN_DLL: u32 = 5290; +pub const PERFINFO_LOG_TYPE_LDR_ABNORMAL: u32 = 5291; +pub const PERFINFO_LOG_TYPE_LDR_PLACEHOLDER: u32 = 5292; +pub const PERFINFO_LOG_TYPE_LDR_RDY_TO_INIT: u32 = 5293; +pub const PERFINFO_LOG_TYPE_LDR_RDY_TO_RUN: u32 = 5294; +pub const PERFINFO_LOG_TYPE_LDR_NEW_DLL_LOAD: u32 = 5296; +pub const PERFINFO_LOG_TYPE_LDR_NEW_DLL_AS_DATA: u32 = 5297; +pub const PERFINFO_LOG_TYPE_LDR_EXTERNAL_PATH: u32 = 5312; +pub const PERFINFO_LOG_TYPE_LDR_GENERATED_PATH: u32 = 5313; +pub const PERFINFO_LOG_TYPE_LDR_APISET_RESOLVING: u32 = 5328; +pub const PERFINFO_LOG_TYPE_LDR_APISET_HOSTED: u32 = 5329; +pub const PERFINFO_LOG_TYPE_LDR_APISET_UNHOSTED: u32 = 5330; +pub const PERFINFO_LOG_TYPE_LDR_APISET_UNRESOLVED: u32 = 5331; +pub const PERFINFO_LOG_TYPE_LDR_SEARCH_SECURITY: u32 = 5332; +pub const PERFINFO_LOG_TYPE_LDR_SEARCH_PATH_SECURITY: u32 = 5333; +pub const WMI_LOG_TYPE_THREAD_CREATE: u32 = 1281; +pub const WMI_LOG_TYPE_THREAD_DELETE: u32 = 1282; +pub const WMI_LOG_TYPE_THREAD_DC_START: u32 = 1283; +pub const WMI_LOG_TYPE_THREAD_DC_END: u32 = 1284; +pub const PERFINFO_LOG_TYPE_CONTEXTSWAP: u32 = 1316; +pub const PERFINFO_LOG_TYPE_CONTEXTSWAP_BATCH: u32 = 1317; +pub const PERFINFO_LOG_TYPE_SPINLOCK: u32 = 1321; +pub const PERFINFO_LOG_TYPE_QUEUE: u32 = 1322; +pub const PERFINFO_LOG_TYPE_RESOURCE: u32 = 1323; +pub const PERFINFO_LOG_TYPE_PUSHLOCK: u32 = 1324; +pub const PERFINFO_LOG_TYPE_WAIT_SINGLE: u32 = 1325; +pub const PERFINFO_LOG_TYPE_WAIT_MULTIPLE: u32 = 1326; +pub const PERFINFO_LOG_TYPE_DELAY_EXECUTION: u32 = 1327; +pub const PERFINFO_LOG_TYPE_THREAD_SET_PRIORITY: u32 = 1328; +pub const PERFINFO_LOT_TYPE_THREAD_SET_BASE_PRIORITY: u32 = 1329; +pub const PERFINFO_LOG_TYPE_THREAD_SET_BASE_PRIORITY: u32 = 1329; +pub const PERFINFO_LOG_TYPE_READY_THREAD: u32 = 1330; +pub const PERFINFO_LOG_TYPE_THREAD_SET_PAGE_PRIORITY: u32 = 1331; +pub const PERFINFO_LOG_TYPE_THREAD_SET_IO_PRIORITY: u32 = 1332; +pub const PERFINFO_LOG_TYPE_THREAD_SET_AFFINITY: u32 = 1333; +pub const PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM: u32 = 1337; +pub const PERFINFO_LOG_TYPE_DFSS_START_NEW_INTERVAL: u32 = 1338; +pub const PERFINFO_LOG_TYPE_DFSS_PROCESS_IDLE_ONLY_QUEUE: u32 = 1339; +pub const PERFINFO_LOG_TYPE_ANTI_STARVATION_BOOST: u32 = 1340; +pub const PERFINFO_LOG_TYPE_THREAD_MIGRATION: u32 = 1341; +pub const PERFINFO_LOG_TYPE_KQUEUE_ENQUEUE: u32 = 1342; +pub const PERFINFO_LOG_TYPE_KQUEUE_DEQUEUE: u32 = 1343; +pub const PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM_START: u32 = 1344; +pub const PERFINFO_LOG_TYPE_WORKER_THREAD_ITEM_END: u32 = 1345; +pub const PERFINFO_LOG_TYPE_AUTO_BOOST_SET_FLOOR: u32 = 1346; +pub const PERFINFO_LOG_TYPE_AUTO_BOOST_CLEAR_FLOOR: u32 = 1347; +pub const PERFINFO_LOG_TYPE_AUTO_BOOST_NO_ENTRIES: u32 = 1348; +pub const PERFINFO_LOG_TYPE_THREAD_SUBPROCESSTAG_CHANGED: u32 = 1349; +pub const WMI_LOG_TYPE_TCPIP_SEND: u32 = 1546; +pub const WMI_LOG_TYPE_TCPIP_RECEIVE: u32 = 1547; +pub const WMI_LOG_TYPE_TCPIP_CONNECT: u32 = 1548; +pub const WMI_LOG_TYPE_TCPIP_DISCONNECT: u32 = 1549; +pub const WMI_LOG_TYPE_TCPIP_RETRANSMIT: u32 = 1550; +pub const WMI_LOG_TYPE_TCPIP_ACCEPT: u32 = 1551; +pub const WMI_LOG_TYPE_TCPIP_RECONNECT: u32 = 1552; +pub const WMI_LOG_TYPE_TCPIP_FAIL: u32 = 1553; +pub const WMI_LOG_TYPE_TCPIP_TCPCOPY: u32 = 1554; +pub const WMI_LOG_TYPE_TCPIP_ARPCOPY: u32 = 1555; +pub const WMI_LOG_TYPE_TCPIP_FULLACK: u32 = 1556; +pub const WMI_LOG_TYPE_TCPIP_PARTACK: u32 = 1557; +pub const WMI_LOG_TYPE_TCPIP_DUPACK: u32 = 1558; +pub const WMI_LOG_TYPE_UDP_SEND: u32 = 2058; +pub const WMI_LOG_TYPE_UDP_RECEIVE: u32 = 2059; +pub const WMI_LOG_TYPE_UDP_FAIL: u32 = 2065; +pub const WMI_LOG_TYPE_TCPIP_SEND_IPV6: u32 = 1562; +pub const WMI_LOG_TYPE_TCPIP_RECEIVE_IPV6: u32 = 1563; +pub const WMI_LOG_TYPE_TCPIP_CONNECT_IPV6: u32 = 1564; +pub const WMI_LOG_TYPE_TCPIP_DISCONNECT_IPV6: u32 = 1565; +pub const WMI_LOG_TYPE_TCPIP_RETRANSMIT_IPV6: u32 = 1566; +pub const WMI_LOG_TYPE_TCPIP_ACCEPT_IPV6: u32 = 1567; +pub const WMI_LOG_TYPE_TCPIP_RECONNECT_IPV6: u32 = 1568; +pub const WMI_LOG_TYPE_TCPIP_FAIL_IPV6: u32 = 1569; +pub const WMI_LOG_TYPE_TCPIP_TCPCOPY_IPV6: u32 = 1570; +pub const WMI_LOG_TYPE_TCPIP_ARPCOPY_IPV6: u32 = 1571; +pub const WMI_LOG_TYPE_TCPIP_FULLACK_IPV6: u32 = 1572; +pub const WMI_LOG_TYPE_TCPIP_PARTACK_IPV6: u32 = 1573; +pub const WMI_LOG_TYPE_TCPIP_DUPACK_IPV6: u32 = 1574; +pub const WMI_LOG_TYPE_UDP_SEND_IPV6: u32 = 2074; +pub const WMI_LOG_TYPE_UDP_RECEIVE_IPV6: u32 = 2075; +pub const WMI_LOG_TYPE_IO_READ: u32 = 266; +pub const WMI_LOG_TYPE_IO_WRITE: u32 = 267; +pub const WMI_LOG_TYPE_IO_READ_INIT: u32 = 268; +pub const WMI_LOG_TYPE_IO_WRITE_INIT: u32 = 269; +pub const WMI_LOG_TYPE_IO_FLUSH: u32 = 270; +pub const WMI_LOG_TYPE_IO_FLUSH_INIT: u32 = 271; +pub const WMI_LOG_TYPE_IO_REDIRECTED_INIT: u32 = 272; +pub const PERFINFO_LOG_TYPE_DRIVER_INIT: u32 = 288; +pub const PERFINFO_LOG_TYPE_DRIVER_INIT_COMPLETE: u32 = 289; +pub const PERFINFO_LOG_TYPE_DRIVER_MAJORFUNCTION_CALL: u32 = 290; +pub const PERFINFO_LOG_TYPE_DRIVER_MAJORFUNCTION_RETURN: u32 = 291; +pub const PERFINFO_LOG_TYPE_DRIVER_COMPLETIONROUTINE_CALL: u32 = 292; +pub const PERFINFO_LOG_TYPE_DRIVER_COMPLETIONROUTINE_RETURN: u32 = 293; +pub const PERFINFO_LOG_TYPE_DRIVER_ADD_DEVICE_CALL: u32 = 294; +pub const PERFINFO_LOG_TYPE_DRIVER_ADD_DEVICE_RETURN: u32 = 295; +pub const PERFINFO_LOG_TYPE_DRIVER_STARTIO_CALL: u32 = 296; +pub const PERFINFO_LOG_TYPE_DRIVER_STARTIO_RETURN: u32 = 297; +pub const PERFINFO_LOG_TYPE_PREFETCH_ACTION: u32 = 304; +pub const PERFINFO_LOG_TYPE_PREFETCH_REQUEST: u32 = 305; +pub const PERFINFO_LOG_TYPE_PREFETCH_READLIST: u32 = 306; +pub const PERFINFO_LOG_TYPE_PREFETCH_READ: u32 = 307; +pub const PERFINFO_LOG_TYPE_DRIVER_COMPLETE_REQUEST: u32 = 308; +pub const PERFINFO_LOG_TYPE_DRIVER_COMPLETE_REQUEST_RETURN: u32 = 309; +pub const PERFINFO_LOG_TYPE_BOOT_PREFETCH_INFORMATION: u32 = 310; +pub const PERFINFO_LOG_TYPE_OPTICAL_IO_READ: u32 = 311; +pub const PERFINFO_LOG_TYPE_OPTICAL_IO_WRITE: u32 = 312; +pub const PERFINFO_LOG_TYPE_OPTICAL_IO_FLUSH: u32 = 313; +pub const PERFINFO_LOG_TYPE_OPTICAL_IO_READ_INIT: u32 = 314; +pub const PERFINFO_LOG_TYPE_OPTICAL_IO_WRITE_INIT: u32 = 315; +pub const PERFINFO_LOG_TYPE_OPTICAL_IO_FLUSH_INIT: u32 = 316; +pub const WMI_LOG_TYPE_PAGE_FAULT_TRANSITION: u32 = 522; +pub const WMI_LOG_TYPE_PAGE_FAULT_DEMAND_ZERO: u32 = 523; +pub const WMI_LOG_TYPE_PAGE_FAULT_COPY_ON_WRITE: u32 = 524; +pub const WMI_LOG_TYPE_PAGE_FAULT_GUARD_PAGE: u32 = 525; +pub const WMI_LOG_TYPE_PAGE_FAULT_HARD_PAGE_FAULT: u32 = 526; +pub const WMI_LOG_TYPE_PAGE_FAULT_ACCESS_VIOLATION: u32 = 527; +pub const PERFINFO_LOG_TYPE_HARDFAULT: u32 = 544; +pub const PERFINFO_LOG_TYPE_REMOVEPAGEBYCOLOR: u32 = 545; +pub const PERFINFO_LOG_TYPE_REMOVEPAGEFROMLIST: u32 = 546; +pub const PERFINFO_LOG_TYPE_PAGEINMEMORY: u32 = 547; +pub const PERFINFO_LOG_TYPE_INSERTINFREELIST: u32 = 548; +pub const PERFINFO_LOG_TYPE_INSERTINMODIFIEDLIST: u32 = 549; +pub const PERFINFO_LOG_TYPE_INSERTINLIST: u32 = 550; +pub const PERFINFO_LOG_TYPE_INSERTATFRONT: u32 = 552; +pub const PERFINFO_LOG_TYPE_UNLINKFROMSTANDBY: u32 = 553; +pub const PERFINFO_LOG_TYPE_UNLINKFFREEORZERO: u32 = 554; +pub const PERFINFO_LOG_TYPE_WORKINGSETMANAGER: u32 = 555; +pub const PERFINFO_LOG_TYPE_TRIMPROCESS: u32 = 556; +pub const PERFINFO_LOG_TYPE_ZEROSHARECOUNT: u32 = 558; +pub const PERFINFO_LOG_TYPE_WSINFOPROCESS: u32 = 572; +pub const PERFINFO_LOG_TYPE_FAULTADDR_WITH_IP: u32 = 581; +pub const PERFINFO_LOG_TYPE_TRIMSESSION: u32 = 582; +pub const PERFINFO_LOG_TYPE_MEMORYSNAPLITE: u32 = 583; +pub const PERFINFO_LOG_TYPE_PFMAPPED_SECTION_RUNDOWN: u32 = 584; +pub const PERFINFO_LOG_TYPE_PFMAPPED_SECTION_CREATE: u32 = 585; +pub const PERFINFO_LOG_TYPE_WSINFOSESSION: u32 = 586; +pub const PERFINFO_LOG_TYPE_CREATE_SESSION: u32 = 587; +pub const PERFINFO_LOG_TYPE_SESSION_RUNDOWN_DC_END: u32 = 588; +pub const PERFINFO_LOG_TYPE_SESSION_RUNDOWN_DC_START: u32 = 589; +pub const PERFINFO_LOG_TYPE_SESSION_DELETE: u32 = 590; +pub const PERFINFO_LOG_TYPE_PFMAPPED_SECTION_DELETE: u32 = 591; +pub const PERFINFO_LOG_TYPE_VIRTUAL_ALLOC: u32 = 610; +pub const PERFINFO_LOG_TYPE_VIRTUAL_FREE: u32 = 611; +pub const PERFINFO_LOG_TYPE_HEAP_RANGE_RUNDOWN: u32 = 612; +pub const PERFINFO_LOG_TYPE_HEAP_RANGE_CREATE: u32 = 613; +pub const PERFINFO_LOG_TYPE_HEAP_RANGE_RESERVE: u32 = 614; +pub const PERFINFO_LOG_TYPE_HEAP_RANGE_RELEASE: u32 = 615; +pub const PERFINFO_LOG_TYPE_HEAP_RANGE_DESTROY: u32 = 616; +pub const PERFINFO_LOG_TYPE_PAGEFILE_BACK: u32 = 617; +pub const PERFINFO_LOG_TYPE_MEMINFO: u32 = 624; +pub const PERFINFO_LOG_TYPE_CONTMEM_GENERATE: u32 = 625; +pub const PERFINFO_LOG_TYPE_FILE_STORE_FAULT: u32 = 626; +pub const PERFINFO_LOG_TYPE_INMEMORY_STORE_FAULT: u32 = 627; +pub const PERFINFO_LOG_TYPE_COMPRESSED_PAGE: u32 = 628; +pub const PERFINFO_LOG_TYPE_PAGEINMEMORY_ACTIVE: u32 = 629; +pub const PERFINFO_LOG_TYPE_PAGE_ACCESS: u32 = 630; +pub const PERFINFO_LOG_TYPE_PAGE_RELEASE: u32 = 631; +pub const PERFINFO_LOG_TYPE_PAGE_RANGE_ACCESS: u32 = 632; +pub const PERFINFO_LOG_TYPE_PAGE_RANGE_RELEASE: u32 = 633; +pub const PERFINFO_LOG_TYPE_PAGE_COMBINE: u32 = 634; +pub const PERFINFO_LOG_TYPE_KERNEL_MEMUSAGE: u32 = 635; +pub const PERFINFO_LOG_TYPE_MM_STATS: u32 = 636; +pub const PERFINFO_LOG_TYPE_MEMINFOEX_WS: u32 = 637; +pub const PERFINFO_LOG_TYPE_MEMINFOEX_SESSIONWS: u32 = 638; +pub const PERFINFO_LOG_TYPE_VIRTUAL_ROTATE: u32 = 639; +pub const PERFINFO_LOG_TYPE_VIRTUAL_ALLOC_DC_START: u32 = 640; +pub const PERFINFO_LOG_TYPE_VIRTUAL_ALLOC_DC_END: u32 = 641; +pub const PERFINFO_LOG_TYPE_PAGE_ACCESS_EX: u32 = 642; +pub const PERFINFO_LOG_TYPE_REMOVEFROMWS: u32 = 643; +pub const PERFINFO_LOG_TYPE_WSSHAREABLE_RUNDOWN: u32 = 644; +pub const PERFINFO_LOG_TYPE_INMEMORYACTIVE_RUNDOWN: u32 = 645; +pub const PERFINFO_LOG_TYPE_MEM_RESET_INFO: u32 = 646; +pub const PERFINFO_LOG_TYPE_PFMAPPED_SECTION_OBJECT_CREATE: u32 = 647; +pub const PERFINFO_LOG_TYPE_PFMAPPED_SECTION_OBJECT_DELETE: u32 = 648; +pub const WMI_LOG_TYPE_REG_RUNDOWNBEGIN: u32 = 2328; +pub const WMI_LOG_TYPE_REG_RUNDOWNEND: u32 = 2329; +pub const PERFINFO_LOG_TYPE_CMCELLREFERRED: u32 = 2336; +pub const PERFINFO_LOG_TYPE_REG_SET_VALUE: u32 = 2337; +pub const PERFINFO_LOG_TYPE_REG_COUNTERS: u32 = 2338; +pub const PERFINFO_LOG_TYPE_REG_CONFIG: u32 = 2339; +pub const PERFINFO_LOG_TYPE_REG_HIVE_INITIALIZE: u32 = 2340; +pub const PERFINFO_LOG_TYPE_REG_HIVE_DESTROY: u32 = 2341; +pub const PERFINFO_LOG_TYPE_REG_HIVE_LINK: u32 = 2342; +pub const PERFINFO_LOG_TYPE_REG_HIVE_RUNDOWN_DC_END: u32 = 2343; +pub const PERFINFO_LOG_TYPE_REG_HIVE_DIRTY: u32 = 2344; +pub const PERFINFO_LOG_TYPE_REG_NOTIF_REGISTER: u32 = 2352; +pub const PERFINFO_LOG_TYPE_REG_NOTIF_DELIVER: u32 = 2353; +pub const PERFINFO_LOG_TYPE_RUNDOWN_CHECKPOINT: u32 = 3872; +pub const PERFINFO_LOG_TYPE_MARK: u32 = 3874; +pub const PERFINFO_LOG_TYPE_ASYNCMARK: u32 = 3876; +pub const PERFINFO_LOG_TYPE_IMAGENAME: u32 = 3878; +pub const PERFINFO_LOG_TYPE_DELAYS_CC_CAN_I_WRITE: u32 = 3879; +pub const PERFINFO_LOG_TYPE_SAMPLED_PROFILE: u32 = 3886; +pub const PERFINFO_LOG_TYPE_PMC_INTERRUPT: u32 = 3887; +pub const PERFINFO_LOG_TYPE_PMC_CONFIG: u32 = 3888; +pub const PERFINFO_LOG_TYPE_MSI_INTERRUPT: u32 = 3890; +pub const PERFINFO_LOG_TYPE_SYSCALL_ENTER: u32 = 3891; +pub const PERFINFO_LOG_TYPE_SYSCALL_EXIT: u32 = 3892; +pub const PERFINFO_LOG_TYPE_BACKTRACE: u32 = 3893; +pub const PERFINFO_LOG_TYPE_BACKTRACE_USERSTACK: u32 = 3894; +pub const PERFINFO_LOG_TYPE_SAMPLED_PROFILE_CACHE: u32 = 3895; +pub const PERFINFO_LOG_TYPE_EXCEPTION_STACK: u32 = 3896; +pub const PERFINFO_LOG_TYPE_BRANCH_TRACE: u32 = 3897; +pub const PERFINFO_LOG_TYPE_DEBUGGER_ENABLED: u32 = 3898; +pub const PERFINFO_LOG_TYPE_DEBUGGER_EXIT: u32 = 3899; +pub const PERFINFO_LOG_TYPE_BRANCH_TRACE_DEBUG: u32 = 3904; +pub const PERFINFO_LOG_TYPE_BRANCH_ADDRESS_DEBUG: u32 = 3905; +pub const PERFINFO_LOG_TYPE_THREADED_DPC: u32 = 3906; +pub const PERFINFO_LOG_TYPE_INTERRUPT: u32 = 3907; +pub const PERFINFO_LOG_TYPE_DPC: u32 = 3908; +pub const PERFINFO_LOG_TYPE_TIMERDPC: u32 = 3909; +pub const PERFINFO_LOG_TYPE_IOTIMER_EXPIRATION: u32 = 3910; +pub const PERFINFO_LOG_TYPE_SAMPLED_PROFILE_NMI: u32 = 3911; +pub const PERFINFO_LOG_TYPE_SAMPLED_PROFILE_SET_INTERVAL: u32 = 3912; +pub const PERFINFO_LOG_TYPE_SAMPLED_PROFILE_DC_START: u32 = 3913; +pub const PERFINFO_LOG_TYPE_SAMPLED_PROFILE_DC_END: u32 = 3914; +pub const PERFINFO_LOG_TYPE_SPINLOCK_DC_START: u32 = 3915; +pub const PERFINFO_LOG_TYPE_SPINLOCK_DC_END: u32 = 3916; +pub const PERFINFO_LOG_TYPE_ERESOURCE_DC_START: u32 = 3917; +pub const PERFINFO_LOG_TYPE_ERESOURCE_DC_END: u32 = 3918; +pub const PERFINFO_LOG_TYPE_CLOCK_INTERRUPT: u32 = 3919; +pub const PERFINFO_LOG_TYPE_TIMER_EXPIRATION_START: u32 = 3920; +pub const PERFINFO_LOG_TYPE_TIMER_EXPIRATION: u32 = 3921; +pub const PERFINFO_LOG_TYPE_TIMER_SET_PERIODIC: u32 = 3922; +pub const PERFINFO_LOG_TYPE_TIMER_SET_ONE_SHOT: u32 = 3923; +pub const PERFINFO_LOG_TYPE_TIMER_SET_THREAD: u32 = 3924; +pub const PERFINFO_LOG_TYPE_TIMER_CANCEL: u32 = 3925; +pub const PERFINFO_LOG_TYPE_TIME_ADJUSTMENT: u32 = 3926; +pub const PERFINFO_LOG_TYPE_CLOCK_MODE_SWITCH: u32 = 3927; +pub const PERFINFO_LOG_TYPE_CLOCK_TIME_UPDATE: u32 = 3928; +pub const PERFINFO_LOG_TYPE_CLOCK_DYNAMIC_TICK_VETO: u32 = 3929; +pub const PERFINFO_LOG_TYPE_CLOCK_CONFIGURATION: u32 = 3930; +pub const PERFINFO_LOG_TYPE_IPI: u32 = 3931; +pub const PERFINFO_LOG_TYPE_UNEXPECTED_INTERRUPT: u32 = 3932; +pub const PERFINFO_LOG_TYPE_IOTIMER_START: u32 = 3933; +pub const PERFINFO_LOG_TYPE_IOTIMER_STOP: u32 = 3934; +pub const PERFINFO_LOG_TYPE_PASSIVE_INTERRUPT: u32 = 3935; +pub const PERFINFO_LOG_TYPE_WDF_INTERRUPT: u32 = 3936; +pub const PERFINFO_LOG_TYPE_WDF_PASSIVE_INTERRUPT: u32 = 3937; +pub const PERFINFO_LOG_TYPE_WDF_DPC: u32 = 3938; +pub const PERFINFO_LOG_TYPE_CPU_CACHE_FLUSH: u32 = 3939; +pub const PERFINFO_LOG_TYPE_DPC_ENQUEUE: u32 = 3940; +pub const PERFINFO_LOG_TYPE_DPC_EXECUTION: u32 = 3941; +pub const PERFINFO_LOG_TYPE_INTERRUPT_STEERING: u32 = 3942; +pub const PERFINFO_LOG_TYPE_WDF_WORK_ITEM: u32 = 3943; +pub const PERFINFO_LOG_TYPE_KTIMER2_SET: u32 = 3944; +pub const PERFINFO_LOG_TYPE_KTIMER2_EXPIRATION: u32 = 3945; +pub const PERFINFO_LOG_TYPE_KTIMER2_CANCEL: u32 = 3946; +pub const PERFINFO_LOG_TYPE_KTIMER2_DISABLE: u32 = 3947; +pub const PERFINFO_LOG_TYPE_KTIMER2_FINALIZATION: u32 = 3948; +pub const PERFINFO_LOG_TYPE_SHOULD_YIELD_PROCESSOR: u32 = 3949; +pub const PERFINFO_LOG_TYPE_FUNCTION_CALL: u32 = 3968; +pub const PERFINFO_LOG_TYPE_FUNCTION_RETURN: u32 = 3969; +pub const PERFINFO_LOG_TYPE_FUNCTION_ENTER: u32 = 3970; +pub const PERFINFO_LOG_TYPE_FUNCTION_EXIT: u32 = 3971; +pub const PERFINFO_LOG_TYPE_TAILCALL: u32 = 3972; +pub const PERFINFO_LOG_TYPE_TRAP: u32 = 3973; +pub const PERFINFO_LOG_TYPE_SPINLOCK_ACQUIRE: u32 = 3974; +pub const PERFINFO_LOG_TYPE_SPINLOCK_RELEASE: u32 = 3975; +pub const PERFINFO_LOG_TYPE_CAP_COMMENT: u32 = 3976; +pub const PERFINFO_LOG_TYPE_CAP_RUNDOWN: u32 = 3977; +pub const PERFINFO_LOG_TYPE_DEBUG_PRINT: u32 = 2592; +pub const PERFINFO_LOG_TYPE_WNF_SUBSCRIBE: u32 = 3360; +pub const PERFINFO_LOG_TYPE_WNF_UNSUBSCRIBE: u32 = 3361; +pub const PERFINFO_LOG_TYPE_WNF_CALLBACK: u32 = 3362; +pub const PERFINFO_LOG_TYPE_WNF_PUBLISH: u32 = 3363; +pub const PERFINFO_LOG_TYPE_WNF_NAME_SUB_RUNDOWN: u32 = 3364; +pub const PERFINFO_LOG_TYPE_ALLOCATEPOOL: u32 = 3616; +pub const PERFINFO_LOG_TYPE_ALLOCATEPOOL_SESSION: u32 = 3617; +pub const PERFINFO_LOG_TYPE_FREEPOOL: u32 = 3618; +pub const PERFINFO_LOG_TYPE_FREEPOOL_SESSION: u32 = 3619; +pub const PERFINFO_LOG_TYPE_ADDPOOLPAGE: u32 = 3620; +pub const PERFINFO_LOG_TYPE_ADDPOOLPAGE_SESSION: u32 = 3621; +pub const PERFINFO_LOG_TYPE_BIGPOOLPAGE: u32 = 3622; +pub const PERFINFO_LOG_TYPE_BIGPOOLPAGE_SESSION: u32 = 3623; +pub const PERFINFO_LOG_TYPE_POOLSNAP_DC_START: u32 = 3624; +pub const PERFINFO_LOG_TYPE_POOLSNAP_DC_END: u32 = 3625; +pub const PERFINFO_LOG_TYPE_BIGPOOLSNAP_DC_START: u32 = 3626; +pub const PERFINFO_LOG_TYPE_BIGPOOLSNAP_DC_END: u32 = 3627; +pub const PERFINFO_LOG_TYPE_POOLSNAP_SESSION_DC_START: u32 = 3628; +pub const PERFINFO_LOG_TYPE_POOLSNAP_SESSION_DC_END: u32 = 3629; +pub const PERFINFO_LOG_TYPE_SESSIONBIGPOOLSNAP_DC_START: u32 = 3630; +pub const PERFINFO_LOG_TYPE_SESSIONBIGPOOLSNAP_DC_END: u32 = 3631; +pub const PERFINFO_LOG_TYPE_HEAP_CREATE: u32 = 4128; +pub const PERFINFO_LOG_TYPE_HEAP_ALLOC: u32 = 4129; +pub const PERFINFO_LOG_TYPE_HEAP_REALLOC: u32 = 4130; +pub const PERFINFO_LOG_TYPE_HEAP_DESTROY: u32 = 4131; +pub const PERFINFO_LOG_TYPE_HEAP_FREE: u32 = 4132; +pub const PERFINFO_LOG_TYPE_HEAP_EXTEND: u32 = 4133; +pub const PERFINFO_LOG_TYPE_HEAP_SNAPSHOT: u32 = 4134; +pub const PERFINFO_LOG_TYPE_HEAP_CREATE_SNAPSHOT: u32 = 4135; +pub const PERFINFO_LOG_TYPE_HEAP_DESTROY_SNAPSHOT: u32 = 4136; +pub const PERFINFO_LOG_TYPE_HEAP_EXTEND_SNAPSHOT: u32 = 4137; +pub const PERFINFO_LOG_TYPE_HEAP_CONTRACT: u32 = 4138; +pub const PERFINFO_LOG_TYPE_HEAP_LOCK: u32 = 4139; +pub const PERFINFO_LOG_TYPE_HEAP_UNLOCK: u32 = 4140; +pub const PERFINFO_LOG_TYPE_HEAP_VALIDATE: u32 = 4141; +pub const PERFINFO_LOG_TYPE_HEAP_WALK: u32 = 4142; +pub const PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ALLOC: u32 = 4143; +pub const PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_FREE: u32 = 4144; +pub const PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ALLOC_CACHE: u32 = 4145; +pub const PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_FREE_CACHE: u32 = 4146; +pub const PERFINFO_LOG_TYPE_HEAP_COMMIT: u32 = 4147; +pub const PERFINFO_LOG_TYPE_HEAP_DECOMMIT: u32 = 4148; +pub const PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_INIT: u32 = 4149; +pub const PERFINFO_LOG_TYPE_HEAP_AFFINITY_ENABLE: u32 = 4150; +pub const PERFINFO_LOG_TYPE_HEAP_SUBSEGMENT_ACTIVATED: u32 = 4152; +pub const PERFINFO_LOG_TYPE_HEAP_AFFINITY_ASSIGN: u32 = 4153; +pub const PERFINFO_LOG_TYPE_HEAP_REUSE_THRESHOLD_ACTIVATED: u32 = 4154; +pub const PERFINFO_LOG_TYPE_CRITSEC_ENTER: u32 = 5920; +pub const PERFINFO_LOG_TYPE_CRITSEC_LEAVE: u32 = 5921; +pub const PERFINFO_LOG_TYPE_CRITSEC_COLLISION: u32 = 5922; +pub const PERFINFO_LOG_TYPE_CRITSEC_INITIALIZE: u32 = 5923; +pub const PERFINFO_LOG_TYPE_STACKWALK: u32 = 6176; +pub const PERFINFO_LOG_TYPE_STACKTRACE_CREATE: u32 = 6178; +pub const PERFINFO_LOG_TYPE_STACKTRACE_DELETE: u32 = 6179; +pub const PERFINFO_LOG_TYPE_STACKTRACE_RUNDOWN: u32 = 6180; +pub const PERFINFO_LOG_TYPE_STACKTRACE_KEY_KERNEL: u32 = 6181; +pub const PERFINFO_LOG_TYPE_STACKTRACE_KEY_USER: u32 = 6182; +pub const WMI_LOG_TYPE_ALPC_SEND_MESSAGE: u32 = 6689; +pub const WMI_LOG_TYPE_ALPC_RECEIVE_MESSAGE: u32 = 6690; +pub const WMI_LOG_TYPE_ALPC_WAIT_FOR_REPLY: u32 = 6691; +pub const WMI_LOG_TYPE_ALPC_WAIT_FOR_NEW_MESSAGE: u32 = 6692; +pub const WMI_LOG_TYPE_ALPC_UNWAIT: u32 = 6693; +pub const WMI_LOG_TYPE_ALPC_CONNECT_REQUEST: u32 = 6694; +pub const WMI_LOG_TYPE_ALPC_CONNECT_SUCCESS: u32 = 6695; +pub const WMI_LOG_TYPE_ALPC_CONNECT_FAIL: u32 = 6696; +pub const WMI_LOG_TYPE_ALPC_CLOSE_PORT: u32 = 6697; +pub const PERFINFO_LOG_TYPE_CREATE_HANDLE: u32 = 4384; +pub const PERFINFO_LOG_TYPE_CLOSE_HANDLE: u32 = 4385; +pub const PERFINFO_LOG_TYPE_DUPLICATE_HANDLE: u32 = 4386; +pub const PERFINFO_LOG_TYPE_OBJECT_TYPE_DC_START: u32 = 4388; +pub const PERFINFO_LOG_TYPE_OBJECT_TYPE_DC_END: u32 = 4389; +pub const PERFINFO_LOG_TYPE_OBJECT_HANDLE_DC_START: u32 = 4390; +pub const PERFINFO_LOG_TYPE_OBJECT_HANDLE_DC_END: u32 = 4391; +pub const PERFINFO_LOG_TYPE_CREATE_OBJECT: u32 = 4400; +pub const PERFINFO_LOG_TYPE_DELETE_OBJECT: u32 = 4401; +pub const PERFINFO_LOG_TYPE_REFERENCE_OBJECT: u32 = 4402; +pub const PERFINFO_LOG_TYPE_DEREFERENCE_OBJECT: u32 = 4403; +pub const PERFINFO_LOG_TYPE_BATTERY_LIFE_INFO: u32 = 4640; +pub const PERFINFO_LOG_TYPE_IDLE_STATE_CHANGE: u32 = 4641; +pub const PERFINFO_LOG_TYPE_SET_POWER_ACTION: u32 = 4642; +pub const PERFINFO_LOG_TYPE_SET_POWER_ACTION_RET: u32 = 4643; +pub const PERFINFO_LOG_TYPE_SET_DEVICES_STATE: u32 = 4644; +pub const PERFINFO_LOG_TYPE_SET_DEVICES_STATE_RET: u32 = 4645; +pub const PERFINFO_LOG_TYPE_PO_NOTIFY_DEVICE: u32 = 4646; +pub const PERFINFO_LOG_TYPE_PO_NOTIFY_DEVICE_COMPLETE: u32 = 4647; +pub const PERFINFO_LOG_TYPE_PO_SESSION_CALLOUT: u32 = 4648; +pub const PERFINFO_LOG_TYPE_PO_SESSION_CALLOUT_RET: u32 = 4649; +pub const PERFINFO_LOG_TYPE_PO_PRESLEEP: u32 = 4656; +pub const PERFINFO_LOG_TYPE_PO_POSTSLEEP: u32 = 4657; +pub const PERFINFO_LOG_TYPE_PO_CALIBRATED_PERFCOUNTER: u32 = 4658; +pub const PERFINFO_LOG_TYPE_PPM_PERF_STATE_CHANGE: u32 = 4659; +pub const PERFINFO_LOG_TYPE_PPM_THROTTLE_STATE_CHANGE: u32 = 4660; +pub const PERFINFO_LOG_TYPE_PPM_IDLE_STATE_CHANGE: u32 = 4661; +pub const PERFINFO_LOG_TYPE_PPM_THERMAL_CONSTRAINT: u32 = 4662; +pub const PERFINFO_LOG_TYPE_PO_SIGNAL_RESUME_UI: u32 = 4663; +pub const PERFINFO_LOG_TYPE_PO_SIGNAL_VIDEO_ON: u32 = 4664; +pub const PERFINFO_LOG_TYPE_PPM_IDLE_STATE_ENTER: u32 = 4665; +pub const PERFINFO_LOG_TYPE_PPM_IDLE_STATE_EXIT: u32 = 4666; +pub const PERFINFO_LOG_TYPE_PPM_PLATFORM_IDLE_STATE_ENTER: u32 = 4667; +pub const PERFINFO_LOG_TYPE_PPM_IDLE_EXIT_LATENCY: u32 = 4668; +pub const PERFINFO_LOG_TYPE_PPM_IDLE_PROCESSOR_SELECTION: u32 = 4669; +pub const PERFINFO_LOG_TYPE_PPM_IDLE_PLATFORM_SELECTION: u32 = 4670; +pub const PERFINFO_LOG_TYPE_PPM_COORDINATED_IDLE_ENTER: u32 = 4671; +pub const PERFINFO_LOG_TYPE_PPM_COORDINATED_IDLE_EXIT: u32 = 4672; +pub const PERFINFO_LOG_TYPE_COWHEADER: u32 = 4888; +pub const PERFINFO_LOG_TYPE_COWBLOB: u32 = 4889; +pub const PERFINFO_LOG_TYPE_COWBLOB_CLOSED: u32 = 4890; +pub const PERFINFO_LOG_TYPE_MODULEBOUND_ENT: u32 = 4896; +pub const PERFINFO_LOG_TYPE_MODULEBOUND_JUMP: u32 = 4897; +pub const PERFINFO_LOG_TYPE_MODULEBOUND_RET: u32 = 4898; +pub const PERFINFO_LOG_TYPE_MODULEBOUND_CALL: u32 = 4899; +pub const PERFINFO_LOG_TYPE_MODULEBOUND_CALLRET: u32 = 4900; +pub const PERFINFO_LOG_TYPE_MODULEBOUND_INT2E: u32 = 4901; +pub const PERFINFO_LOG_TYPE_MODULEBOUND_INT2B: u32 = 4902; +pub const PERFINFO_LOG_TYPE_MODULEBOUND_FULLTRACE: u32 = 4903; +pub const PERFINFO_LOG_TYPE_MMCSS_START: u32 = 32; +pub const PERFINFO_LOG_TYPE_MMCSS_STOP: u32 = 33; +pub const PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_EVENT: u32 = 34; +pub const PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_WAKEUP: u32 = 35; +pub const PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_SLEEP: u32 = 36; +pub const PERFINFO_LOG_TYPE_MMCSS_SCHEDULER_SLEEP_RESP: u32 = 37; +pub const PERFINFO_LOG_TYPE_SPLITIO_VOLMGR: u32 = 6944; +pub const PERFINFO_LOG_TYPE_TP_CALLBACK_ENQUEUE: u32 = 7200; +pub const PERFINFO_LOG_TYPE_TP_CALLBACK_DEQUEUE: u32 = 7201; +pub const PERFINFO_LOG_TYPE_TP_CALLBACK_START: u32 = 7202; +pub const PERFINFO_LOG_TYPE_TP_CALLBACK_STOP: u32 = 7203; +pub const PERFINFO_LOG_TYPE_TP_CALLBACK_CANCEL: u32 = 7204; +pub const PERFINFO_LOG_TYPE_TP_POOL_CREATE: u32 = 7205; +pub const PERFINFO_LOG_TYPE_TP_POOL_CLOSE: u32 = 7206; +pub const PERFINFO_LOG_TYPE_TP_POOL_TH_MIN_SET: u32 = 7207; +pub const PERFINFO_LOG_TYPE_TP_POOL_TH_MAX_SET: u32 = 7208; +pub const PERFINFO_LOG_TYPE_TP_WORKER_NUMANODE_SWITCH: u32 = 7209; +pub const PERFINFO_LOG_TYPE_TP_TIMER_SET: u32 = 7210; +pub const PERFINFO_LOG_TYPE_TP_TIMER_CANCELLED: u32 = 7211; +pub const PERFINFO_LOG_TYPE_TP_TIMER_SET_NTTIMER: u32 = 7212; +pub const PERFINFO_LOG_TYPE_TP_TIMER_CANCEL_NTTIMER: u32 = 7213; +pub const PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION_BEGIN: u32 = 7214; +pub const PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION_END: u32 = 7215; +pub const PERFINFO_LOG_TYPE_TP_TIMER_EXPIRATION: u32 = 7216; +pub const PERFINFO_LOG_TYPE_UMS_DIRECTED_SWITCH_START: u32 = 6432; +pub const PERFINFO_LOG_TYPE_UMS_DIRECTED_SWITCH_END: u32 = 6433; +pub const PERFINFO_LOG_TYPE_UMS_PARK: u32 = 6434; +pub const PERFINFO_LOG_TYPE_UMS_DISASSOCIATE: u32 = 6435; +pub const PERFINFO_LOG_TYPE_UMS_CONTEXT_SWITCH: u32 = 6436; +pub const PERFINFO_LOG_TYPE_CC_WORKITEM_ENQUEUE: u32 = 5632; +pub const PERFINFO_LOG_TYPE_CC_WORKITEM_DEQUEUE: u32 = 5633; +pub const PERFINFO_LOG_TYPE_CC_WORKITEM_COMPLETE: u32 = 5634; +pub const PERFINFO_LOG_TYPE_CC_READ_AHEAD: u32 = 5635; +pub const PERFINFO_LOG_TYPE_CC_WRITE_BEHIND: u32 = 5636; +pub const PERFINFO_LOG_TYPE_CC_LAZY_WRITE_SCAN: u32 = 5637; +pub const PERFINFO_LOG_TYPE_CC_CAN_I_WRITE_FAIL: u32 = 5638; +pub const PERFINFO_LOG_TYPE_CC_FLUSH_CACHE: u32 = 5641; +pub const PERFINFO_LOG_TYPE_CC_FLUSH_SECTION: u32 = 5642; +pub const PERFINFO_LOG_TYPE_CC_READ_AHEAD_PREFETCH: u32 = 5643; +pub const PERFINFO_LOG_TYPE_CC_SCHEDULE_READ_AHEAD: u32 = 5644; +pub const PERFINFO_LOG_TYPE_CC_LOGGED_STREAM_INFO: u32 = 5645; +pub const PERFINFO_LOG_TYPE_CC_EXTRA_WRITEBEHIND_THREAD: u32 = 5646; +pub const ETW_MAX_PROFILING_SOURCES: u32 = 4; +pub const ETW_MAX_PMC_EVENTS: u32 = 4; +pub const ETW_MAX_PMC_COUNTERS: u32 = 4; +pub const MAXIMUM_NODE_COUNT: u32 = 64; +pub const CODEINTEGRITY_OPTION_ENABLED: u32 = 1; +pub const CODEINTEGRITY_OPTION_TESTSIGN: u32 = 2; +pub const CODEINTEGRITY_OPTION_UMCI_ENABLED: u32 = 4; +pub const CODEINTEGRITY_OPTION_UMCI_AUDITMODE_ENABLED: u32 = 8; +pub const CODEINTEGRITY_OPTION_UMCI_EXCLUSIONPATHS_ENABLED: u32 = 16; +pub const CODEINTEGRITY_OPTION_TEST_BUILD: u32 = 32; +pub const CODEINTEGRITY_OPTION_PREPRODUCTION_BUILD: u32 = 64; +pub const CODEINTEGRITY_OPTION_DEBUGMODE_ENABLED: u32 = 128; +pub const CODEINTEGRITY_OPTION_FLIGHT_BUILD: u32 = 256; +pub const CODEINTEGRITY_OPTION_FLIGHTING_ENABLED: u32 = 512; +pub const CODEINTEGRITY_OPTION_HVCI_KMCI_ENABLED: u32 = 1024; +pub const CODEINTEGRITY_OPTION_HVCI_KMCI_AUDITMODE_ENABLED: u32 = 2048; +pub const CODEINTEGRITY_OPTION_HVCI_KMCI_STRICTMODE_ENABLED: u32 = 4096; +pub const CODEINTEGRITY_OPTION_HVCI_IUM_ENABLED: u32 = 8192; +pub const CODEINTEGRITY_OPTION_WHQL_ENFORCEMENT_ENABLED: u32 = 16384; +pub const CODEINTEGRITY_OPTION_WHQL_AUDITMODE_ENABLED: u32 = 32768; +pub const SYSTEM_STORE_INFORMATION_VERSION: u32 = 1; +pub const SYSTEM_STORE_STATS_INFORMATION_VERSION: u32 = 2; +pub const SYSTEM_STORE_CREATE_INFORMATION_VERSION: u32 = 6; +pub const SYSTEM_STORE_DELETE_INFORMATION_VERSION: u32 = 1; +pub const SYSTEM_STORE_LIST_INFORMATION_VERSION: u32 = 2; +pub const SYSTEM_CACHE_LIST_INFORMATION_VERSION: u32 = 2; +pub const SYSTEM_CACHE_CREATE_INFORMATION_VERSION: u32 = 3; +pub const SYSTEM_CACHE_DELETE_INFORMATION_VERSION: u32 = 1; +pub const SYSTEM_CACHE_STORE_CREATE_INFORMATION_VERSION: u32 = 2; +pub const SYSTEM_CACHE_STORE_DELETE_INFORMATION_VERSION: u32 = 1; +pub const SYSTEM_CACHE_STATS_INFORMATION_VERSION: u32 = 3; +pub const SYSTEM_STORE_REGISTRATION_INFORMATION_VERSION: u32 = 2; +pub const SYSTEM_STORE_RESIZE_INFORMATION_VERSION: u32 = 6; +pub const SYSTEM_CACHE_STORE_RESIZE_INFORMATION_VERSION: u32 = 1; +pub const SYSTEM_STORE_CONFIG_INFORMATION_VERSION: u32 = 4; +pub const SYSTEM_STORE_HIGH_MEM_PRIORITY_INFORMATION_VERSION: u32 = 1; +pub const SYSTEM_STORE_TRIM_INFORMATION_VERSION: u32 = 1; +pub const SYSTEM_STORE_COMPRESSION_INFORMATION_VERSION: u32 = 3; +pub const MEMORY_COMBINE_FLAGS_COMMON_PAGES_ONLY: u32 = 4; +pub const CODEINTEGRITYPOLICY_OPTION_ENABLED: u32 = 1; +pub const CODEINTEGRITYPOLICY_OPTION_AUDIT: u32 = 2; +pub const CODEINTEGRITYPOLICY_OPTION_REQUIRE_WHQL: u32 = 4; +pub const CODEINTEGRITYPOLICY_OPTION_DISABLED_FLIGHTSIGNING: u32 = 8; +pub const CODEINTEGRITYPOLICY_OPTION_ENABLED_UMCI: u32 = 16; +pub const CODEINTEGRITYPOLICY_OPTION_ENABLED_UPDATE_POLICY_NOREBOOT: u32 = 32; +pub const CODEINTEGRITYPOLICY_OPTION_ENABLED_SECURE_SETTING_POLICY: u32 = 64; +pub const CODEINTEGRITYPOLICY_OPTION_ENABLED_UNSIGNED_SYSTEMINTEGRITY_POLICY: u32 = 128; +pub const CODEINTEGRITYPOLICY_OPTION_DYNAMIC_CODE_POLICY_ENABLED: u32 = 256; +pub const CODEINTEGRITYPOLICY_OPTION_RELOAD_POLICY_NO_REBOOT: u32 = 268435456; +pub const CODEINTEGRITYPOLICY_OPTION_CONDITIONAL_LOCKDOWN: u32 = 536870912; +pub const CODEINTEGRITYPOLICY_OPTION_NOLOCKDOWN: u32 = 1073741824; +pub const CODEINTEGRITYPOLICY_OPTION_LOCKDOWN: u32 = 2147483648; +pub const CODEINTEGRITYPOLICY_HVCIOPTION_ENABLED: u32 = 1; +pub const CODEINTEGRITYPOLICY_HVCIOPTION_STRICT: u32 = 2; +pub const CODEINTEGRITYPOLICY_HVCIOPTION_DEBUG: u32 = 4; +pub const SYSDBG_LIVEDUMP_SELECTIVE_CONTROL_VERSION: u32 = 1; +pub const SYSDBG_LIVEDUMP_CONTROL_VERSION_1: u32 = 1; +pub const SYSDBG_LIVEDUMP_CONTROL_VERSION_2: u32 = 2; +pub const SYSDBG_LIVEDUMP_CONTROL_VERSION: u32 = 2; +pub const HARDERROR_OVERRIDE_ERRORMODE: u32 = 268435456; +pub const PROCESSOR_FEATURE_MAX: u32 = 64; +pub const MAX_WOW64_SHARED_ENTRIES: u32 = 16; +pub const NX_SUPPORT_POLICY_ALWAYSOFF: u32 = 0; +pub const NX_SUPPORT_POLICY_ALWAYSON: u32 = 1; +pub const NX_SUPPORT_POLICY_OPTIN: u32 = 2; +pub const NX_SUPPORT_POLICY_OPTOUT: u32 = 3; +pub const SEH_VALIDATION_POLICY_ON: u32 = 0; +pub const SEH_VALIDATION_POLICY_OFF: u32 = 1; +pub const SEH_VALIDATION_POLICY_TELEMETRY: u32 = 2; +pub const SEH_VALIDATION_POLICY_DEFER: u32 = 3; +pub const SHARED_GLOBAL_FLAGS_ERROR_PORT_V: u32 = 0; +pub const SHARED_GLOBAL_FLAGS_ERROR_PORT: u32 = 1; +pub const SHARED_GLOBAL_FLAGS_ELEVATION_ENABLED_V: u32 = 1; +pub const SHARED_GLOBAL_FLAGS_ELEVATION_ENABLED: u32 = 2; +pub const SHARED_GLOBAL_FLAGS_VIRT_ENABLED_V: u32 = 2; +pub const SHARED_GLOBAL_FLAGS_VIRT_ENABLED: u32 = 4; +pub const SHARED_GLOBAL_FLAGS_INSTALLER_DETECT_ENABLED_V: u32 = 3; +pub const SHARED_GLOBAL_FLAGS_INSTALLER_DETECT_ENABLED: u32 = 8; +pub const SHARED_GLOBAL_FLAGS_LKG_ENABLED_V: u32 = 4; +pub const SHARED_GLOBAL_FLAGS_LKG_ENABLED: u32 = 16; +pub const SHARED_GLOBAL_FLAGS_DYNAMIC_PROC_ENABLED_V: u32 = 5; +pub const SHARED_GLOBAL_FLAGS_DYNAMIC_PROC_ENABLED: u32 = 32; +pub const SHARED_GLOBAL_FLAGS_CONSOLE_BROKER_ENABLED_V: u32 = 6; +pub const SHARED_GLOBAL_FLAGS_CONSOLE_BROKER_ENABLED: u32 = 64; +pub const SHARED_GLOBAL_FLAGS_SECURE_BOOT_ENABLED_V: u32 = 7; +pub const SHARED_GLOBAL_FLAGS_SECURE_BOOT_ENABLED: u32 = 128; +pub const SHARED_GLOBAL_FLAGS_MULTI_SESSION_SKU_V: u32 = 8; +pub const SHARED_GLOBAL_FLAGS_MULTI_SESSION_SKU: u32 = 256; +pub const SHARED_GLOBAL_FLAGS_MULTIUSERS_IN_SESSION_SKU_V: u32 = 9; +pub const SHARED_GLOBAL_FLAGS_MULTIUSERS_IN_SESSION_SKU: u32 = 512; +pub const SHARED_GLOBAL_FLAGS_STATE_SEPARATION_ENABLED_V: u32 = 10; +pub const SHARED_GLOBAL_FLAGS_STATE_SEPARATION_ENABLED: u32 = 1024; +pub const SHARED_GLOBAL_FLAGS_SET_GLOBAL_DATA_FLAG: u32 = 1073741824; +pub const SHARED_GLOBAL_FLAGS_CLEAR_GLOBAL_DATA_FLAG: u32 = 2147483648; +pub const SYSTEM_CALL_SYSCALL: u32 = 0; +pub const SYSTEM_CALL_INT_2E: u32 = 1; +pub const SHARED_GLOBAL_FLAGS_QPC_BYPASS_ENABLED: u32 = 1; +pub const SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_HV_PAGE: u32 = 2; +pub const SHARED_GLOBAL_FLAGS_QPC_BYPASS_DISABLE_32BIT: u32 = 4; +pub const SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_MFENCE: u32 = 16; +pub const SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_LFENCE: u32 = 32; +pub const SHARED_GLOBAL_FLAGS_QPC_BYPASS_A73_ERRATA: u32 = 64; +pub const SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_RDTSCP: u32 = 128; +pub const FLG_STOP_ON_EXCEPTION: u32 = 1; +pub const FLG_SHOW_LDR_SNAPS: u32 = 2; +pub const FLG_DEBUG_INITIAL_COMMAND: u32 = 4; +pub const FLG_STOP_ON_HUNG_GUI: u32 = 8; +pub const FLG_HEAP_ENABLE_TAIL_CHECK: u32 = 16; +pub const FLG_HEAP_ENABLE_FREE_CHECK: u32 = 32; +pub const FLG_HEAP_VALIDATE_PARAMETERS: u32 = 64; +pub const FLG_HEAP_VALIDATE_ALL: u32 = 128; +pub const FLG_APPLICATION_VERIFIER: u32 = 256; +pub const FLG_MONITOR_SILENT_PROCESS_EXIT: u32 = 512; +pub const FLG_POOL_ENABLE_TAGGING: u32 = 1024; +pub const FLG_HEAP_ENABLE_TAGGING: u32 = 2048; +pub const FLG_USER_STACK_TRACE_DB: u32 = 4096; +pub const FLG_KERNEL_STACK_TRACE_DB: u32 = 8192; +pub const FLG_MAINTAIN_OBJECT_TYPELIST: u32 = 16384; +pub const FLG_HEAP_ENABLE_TAG_BY_DLL: u32 = 32768; +pub const FLG_DISABLE_STACK_EXTENSION: u32 = 65536; +pub const FLG_ENABLE_CSRDEBUG: u32 = 131072; +pub const FLG_ENABLE_KDEBUG_SYMBOL_LOAD: u32 = 262144; +pub const FLG_DISABLE_PAGE_KERNEL_STACKS: u32 = 524288; +pub const FLG_ENABLE_SYSTEM_CRIT_BREAKS: u32 = 1048576; +pub const FLG_HEAP_DISABLE_COALESCING: u32 = 2097152; +pub const FLG_ENABLE_CLOSE_EXCEPTIONS: u32 = 4194304; +pub const FLG_ENABLE_EXCEPTION_LOGGING: u32 = 8388608; +pub const FLG_ENABLE_HANDLE_TYPE_TAGGING: u32 = 16777216; +pub const FLG_HEAP_PAGE_ALLOCS: u32 = 33554432; +pub const FLG_DEBUG_INITIAL_COMMAND_EX: u32 = 67108864; +pub const FLG_DISABLE_DBGPRINT: u32 = 134217728; +pub const FLG_CRITSEC_EVENT_CREATION: u32 = 268435456; +pub const FLG_STOP_ON_UNHANDLED_EXCEPTION: u32 = 536870912; +pub const FLG_ENABLE_HANDLE_EXCEPTIONS: u32 = 1073741824; +pub const FLG_DISABLE_PROTDLLS: u32 = 2147483648; +pub const FLG_VALID_BITS: u32 = 4294966783; +pub const FLG_BOOTONLY_VALID_BITS: u32 = 67788804; +pub const FLG_KERNELMODE_VALID_BITS: u32 = 1237582859; +pub const BCD_OBJECT_DESCRIPTION_VERSION: u32 = 1; +pub const BCD_ELEMENT_DESCRIPTION_VERSION: u32 = 1; +pub const PAGE_ENCLAVE_NO_CHANGE: u32 = 536870912; +pub const MEM_DOS_LIM: u32 = 1073741824; +pub const SEC_BASED: u32 = 2097152; +pub const SEC_NO_CHANGE: u32 = 4194304; +pub const SEC_GLOBAL: u32 = 536870912; +pub const MMPFNLIST_ZERO: u32 = 0; +pub const MMPFNLIST_FREE: u32 = 1; +pub const MMPFNLIST_STANDBY: u32 = 2; +pub const MMPFNLIST_MODIFIED: u32 = 3; +pub const MMPFNLIST_MODIFIEDNOWRITE: u32 = 4; +pub const MMPFNLIST_BAD: u32 = 5; +pub const MMPFNLIST_ACTIVE: u32 = 6; +pub const MMPFNLIST_TRANSITION: u32 = 7; +pub const MMPFNUSE_PROCESSPRIVATE: u32 = 0; +pub const MMPFNUSE_FILE: u32 = 1; +pub const MMPFNUSE_PAGEFILEMAPPED: u32 = 2; +pub const MMPFNUSE_PAGETABLE: u32 = 3; +pub const MMPFNUSE_PAGEDPOOL: u32 = 4; +pub const MMPFNUSE_NONPAGEDPOOL: u32 = 5; +pub const MMPFNUSE_SYSTEMPTE: u32 = 6; +pub const MMPFNUSE_SESSIONPRIVATE: u32 = 7; +pub const MMPFNUSE_METAFILE: u32 = 8; +pub const MMPFNUSE_AWEPAGE: u32 = 9; +pub const MMPFNUSE_DRIVERLOCKPAGE: u32 = 10; +pub const MMPFNUSE_KERNELSTACK: u32 = 11; +pub const MEM_EXECUTE_OPTION_ENABLE: u32 = 1; +pub const MEM_EXECUTE_OPTION_DISABLE: u32 = 2; +pub const MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION: u32 = 4; +pub const MEM_EXECUTE_OPTION_PERMANENT: u32 = 8; +pub const MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE: u32 = 16; +pub const MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE: u32 = 32; +pub const MEM_EXECUTE_OPTION_DISABLE_EXCEPTION_CHAIN_VALIDATION: u32 = 64; +pub const MEM_EXECUTE_OPTION_VALID_FLAGS: u32 = 127; +pub const MAP_PROCESS: u32 = 1; +pub const MAP_SYSTEM: u32 = 2; +pub const TERMINATE_ENCLAVE_VALID_FLAGS: u32 = 5; +pub const TERMINATE_ENCLAVE_FLAG_NO_WAIT: u32 = 1; +pub const TERMINATE_ENCLAVE_FLAG_WAIT_ERROR: u32 = 4; +pub const ENCLAVE_CALL_VALID_FLAGS: u32 = 1; +pub const ENCLAVE_CALL_FLAG_NO_WAIT: u32 = 1; +pub const OBJECT_TYPE_CREATE: u32 = 1; +pub const OBJECT_TYPE_ALL_ACCESS: u32 = 983041; +pub const DIRECTORY_QUERY: u32 = 1; +pub const DIRECTORY_TRAVERSE: u32 = 2; +pub const DIRECTORY_CREATE_OBJECT: u32 = 4; +pub const DIRECTORY_CREATE_SUBDIRECTORY: u32 = 8; +pub const DIRECTORY_ALL_ACCESS: u32 = 983055; +pub const SYMBOLIC_LINK_QUERY: u32 = 1; +pub const SYMBOLIC_LINK_SET: u32 = 2; +pub const SYMBOLIC_LINK_ALL_ACCESS: u32 = 983041; +pub const SYMBOLIC_LINK_ALL_ACCESS_EX: u32 = 1048575; +pub const DUPLICATE_SAME_ATTRIBUTES: u32 = 4; +pub const OBJECT_BOUNDARY_DESCRIPTOR_VERSION: u32 = 1; +pub const PROCESS_SET_PORT: u32 = 2048; +pub const THREAD_ALERT: u32 = 4; +pub const GDI_HANDLE_BUFFER_SIZE32: u32 = 34; +pub const GDI_HANDLE_BUFFER_SIZE64: u32 = 60; +pub const GDI_HANDLE_BUFFER_SIZE: u32 = 60; +pub const TLS_EXPANSION_SLOTS: u32 = 1024; +pub const ACTIVATION_CONTEXT_DATA_FORMAT_WHISTLER: u32 = 1; +pub const ACTIVATION_CONTEXT_FLAG_NO_INHERIT: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_TOC_HEADER_DENSE: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_TOC_HEADER_INORDER: u32 = 2; +pub const ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY_INVALID: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY_ROOT: u32 = 2; +pub const ACTIVATION_CONTEXT_SECTION_FORMAT_UNKNOWN: u32 = 0; +pub const ACTIVATION_CONTEXT_SECTION_FORMAT_STRING_TABLE: u32 = 1; +pub const ACTIVATION_CONTEXT_SECTION_FORMAT_GUID_TABLE: u32 = 2; +pub const ACTIVATION_CONTEXT_STRING_SECTION_FORMAT_WHISTLER: u32 = 1; +pub const ACTIVATION_CONTEXT_STRING_SECTION_CASE_INSENSITIVE: u32 = 1; +pub const ACTIVATION_CONTEXT_STRING_SECTION_ENTRIES_IN_PSEUDOKEY_ORDER: u32 = 2; +pub const ACTIVATION_CONTEXT_GUID_SECTION_FORMAT_WHISTLER: u32 = 1; +pub const ACTIVATION_CONTEXT_GUID_SECTION_ENTRIES_IN_ORDER: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_FORMAT_WHISTLER: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_ROOT_ASSEMBLY: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_POLICY_APPLIED: u32 = 2; +pub const ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_ASSEMBLY_POLICY_APPLIED: u32 = 4; +pub const ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_ROOT_POLICY_APPLIED: u32 = 8; +pub const ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION_PRIVATE_ASSEMBLY: u32 = 16; +pub const ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_FORMAT_WHISTLER: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_INCLUDES_BASE_NAME: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_OMITS_ASSEMBLY_ROOT: u32 = 2; +pub const ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_EXPAND: u32 = 4; +pub const ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SYSTEM_DEFAULT_REDIRECTED_SYSTEM32_DLL: u32 = + 8; +pub const ACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION_FORMAT_WHISTLER: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_FORMAT_WHISTLER: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_INVALID: u32 = 0; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_APARTMENT: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_FREE: u32 = 2; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_SINGLE: u32 = 3; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_BOTH: u32 = 4; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_THREADING_MODEL_NEUTRAL: u32 = 5; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_FLAG_OFFSET: u32 = 8; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_DEFAULT: u32 = 256; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_ICON: u32 = 512; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_CONTENT: u32 = 1024; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_THUMBNAIL: u32 = 2048; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_MISCSTATUS_HAS_DOCPRINT: u32 = 4096; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM_TYPE_OTHER: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM_TYPE_CLR_CLASS: u32 = 2; +pub const ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION_FORMAT_WHISTLER: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION_FLAG_NUM_METHODS_VALID: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION_FLAG_BASE_INTERFACE_VALID: u32 = 2; +pub const ACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION_FORMAT_WHISTLER: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION_FORMAT_WHISTLER: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_CLR_SURROGATE_FORMAT_WHISTLER: u32 = 1; +pub const ACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS_FORMAT_LONGHORN: u32 = 1; +pub const SXS_WINDOWS_SETTINGS_NAMESPACE: &[u8; 54] = + b"http://schemas.microsoft.com/SMI/2005/WindowsSettings\0"; +pub const SXS_WINDOWS_SETTINGS_2011_NAMESPACE: &[u8; 54] = + b"http://schemas.microsoft.com/SMI/2011/WindowsSettings\0"; +pub const SXS_WINDOWS_SETTINGS_2013_NAMESPACE: &[u8; 54] = + b"http://schemas.microsoft.com/SMI/2013/WindowsSettings\0"; +pub const SXS_WINDOWS_SETTINGS_2014_NAMESPACE: &[u8; 54] = + b"http://schemas.microsoft.com/SMI/2014/WindowsSettings\0"; +pub const SXS_WINDOWS_SETTINGS_2016_NAMESPACE: &[u8; 54] = + b"http://schemas.microsoft.com/SMI/2016/WindowsSettings\0"; +pub const SXS_WINDOWS_SETTINGS_2017_NAMESPACE: &[u8; 54] = + b"http://schemas.microsoft.com/SMI/2017/WindowsSettings\0"; +pub const SXS_WINDOWS_SETTINGS_2019_NAMESPACE: &[u8; 54] = + b"http://schemas.microsoft.com/SMI/2019/WindowsSettings\0"; +pub const SXS_WINDOWS_SETTINGS_2020_NAMESPACE: &[u8; 54] = + b"http://schemas.microsoft.com/SMI/2020/WindowsSettings\0"; +pub const ASSEMBLY_STORAGE_MAP_ASSEMBLY_ARRAY_IS_HEAP_ALLOCATED: u32 = 1; +pub const ACTIVATION_CONTEXT_NOTIFICATION_DESTROY: u32 = 1; +pub const ACTIVATION_CONTEXT_NOTIFICATION_ZOMBIFY: u32 = 2; +pub const ACTIVATION_CONTEXT_NOTIFICATION_USED: u32 = 3; +pub const RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_RELEASE_ON_DEACTIVATION: u32 = 1; +pub const RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NO_DEACTIVATE: u32 = 2; +pub const RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_ON_FREE_LIST: u32 = 4; +pub const RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_HEAP_ALLOCATED: u32 = 8; +pub const RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NOT_REALLY_ACTIVATED: u32 = 16; +pub const ACTIVATION_CONTEXT_STACK_FLAG_QUERIES_DISABLED: u32 = 1; +pub const KACF_OLDGETSHORTPATHNAME: u32 = 1; +pub const KACF_VERSIONLIE_NOT_USED: u32 = 2; +pub const KACF_GETDISKFREESPACE: u32 = 8; +pub const KACF_FTMFROMCURRENTAPT: u32 = 32; +pub const KACF_DISALLOWORBINDINGCHANGES: u32 = 64; +pub const KACF_OLE32VALIDATEPTRS: u32 = 128; +pub const KACF_DISABLECICERO: u32 = 256; +pub const KACF_OLE32ENABLEASYNCDOCFILE: u32 = 512; +pub const KACF_OLE32ENABLELEGACYEXCEPTIONHANDLING: u32 = 1024; +pub const KACF_RPCDISABLENDRCLIENTHARDENING: u32 = 2048; +pub const KACF_RPCDISABLENDRMAYBENULL_SIZEIS: u32 = 4096; +pub const KACF_DISABLEALLDDEHACK_NOT_USED: u32 = 8192; +pub const KACF_RPCDISABLENDR61_RANGE: u32 = 16384; +pub const KACF_RPC32ENABLELEGACYEXCEPTIONHANDLING: u32 = 32768; +pub const KACF_OLE32DOCFILEUSELEGACYNTFSFLAGS: u32 = 65536; +pub const KACF_RPCDISABLENDRCONSTIIDCHECK: u32 = 131072; +pub const KACF_USERDISABLEFORWARDERPATCH: u32 = 262144; +pub const KACF_OLE32DISABLENEW_WMPAINT_DISPATCH: u32 = 1048576; +pub const KACF_ADDRESTRICTEDSIDINCOINITIALIZESECURITY: u32 = 2097152; +pub const KACF_ALLOCDEBUGINFOFORCRITSECTIONS: u32 = 4194304; +pub const KACF_OLEAUT32ENABLEUNSAFELOADTYPELIBRELATIVE: u32 = 8388608; +pub const KACF_ALLOWMAXIMIZEDWINDOWGAMMA: u32 = 16777216; +pub const KACF_DONOTADDTOCACHE: u32 = 2147483648; +pub const GDI_BATCH_BUFFER_SIZE: u32 = 310; +pub const STATIC_UNICODE_BUFFER_LENGTH: u32 = 261; +pub const WIN32_CLIENT_INFO_LENGTH: u32 = 62; +pub const PROCESS_EXCEPTION_PORT_ALL_STATE_BITS: u32 = 3; +pub const PROCESS_PRIORITY_CLASS_UNKNOWN: u32 = 0; +pub const PROCESS_PRIORITY_CLASS_IDLE: u32 = 1; +pub const PROCESS_PRIORITY_CLASS_NORMAL: u32 = 2; +pub const PROCESS_PRIORITY_CLASS_HIGH: u32 = 3; +pub const PROCESS_PRIORITY_CLASS_REALTIME: u32 = 4; +pub const PROCESS_PRIORITY_CLASS_BELOW_NORMAL: u32 = 5; +pub const PROCESS_PRIORITY_CLASS_ABOVE_NORMAL: u32 = 6; +pub const PROCESS_LUID_DOSDEVICES_ONLY: u32 = 1; +pub const PROCESS_HANDLE_EXCEPTIONS_ENABLED: u32 = 1; +pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_DISABLED: u32 = 0; +pub const PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_ENABLED: u32 = 1; +pub const PROCESS_HANDLE_TRACING_MAX_SLOTS: u32 = 131072; +pub const PROCESS_HANDLE_TRACING_MAX_STACKS: u32 = 16; +pub const PROCESS_HANDLE_TRACE_TYPE_OPEN: u32 = 1; +pub const PROCESS_HANDLE_TRACE_TYPE_CLOSE: u32 = 2; +pub const PROCESS_HANDLE_TRACE_TYPE_BADREF: u32 = 3; +pub const PS_PROTECTED_SIGNER_MASK: u32 = 255; +pub const PS_PROTECTED_AUDIT_MASK: u32 = 8; +pub const PS_PROTECTED_TYPE_MASK: u32 = 7; +pub const POWER_THROTTLING_PROCESS_CURRENT_VERSION: u32 = 1; +pub const POWER_THROTTLING_PROCESS_EXECUTION_SPEED: u32 = 1; +pub const POWER_THROTTLING_PROCESS_DELAYTIMERS: u32 = 2; +pub const POWER_THROTTLING_PROCESS_IGNORE_TIMER_RESOLUTION: u32 = 4; +pub const POWER_THROTTLING_PROCESS_VALID_FLAGS: u32 = 7; +pub const WIN32K_SYSCALL_FILTER_STATE_ENABLE: u32 = 1; +pub const WIN32K_SYSCALL_FILTER_STATE_AUDIT: u32 = 2; +pub const POWER_THROTTLING_THREAD_CURRENT_VERSION: u32 = 1; +pub const POWER_THROTTLING_THREAD_EXECUTION_SPEED: u32 = 1; +pub const POWER_THROTTLING_THREAD_VALID_FLAGS: u32 = 1; +pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM: u32 = 1; +pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM: u32 = 2; +pub const PROCESS_READWRITEVM_LOGGING_ENABLE_READVM_V: u32 = 1; +pub const PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM_V: u32 = 2; +pub const PROCESS_CREATE_FLAGS_BREAKAWAY: u32 = 1; +pub const PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT: u32 = 2; +pub const PROCESS_CREATE_FLAGS_INHERIT_HANDLES: u32 = 4; +pub const PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE: u32 = 8; +pub const PROCESS_CREATE_FLAGS_LARGE_PAGES: u32 = 16; +pub const PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL: u32 = 32; +pub const PROCESS_CREATE_FLAGS_PROTECTED_PROCESS: u32 = 64; +pub const PROCESS_CREATE_FLAGS_CREATE_SESSION: u32 = 128; +pub const PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT: u32 = 256; +pub const PROCESS_CREATE_FLAGS_SUSPENDED: u32 = 512; +pub const PROCESS_CREATE_FLAGS_FORCE_BREAKAWAY: u32 = 1024; +pub const PROCESS_CREATE_FLAGS_MINIMAL_PROCESS: u32 = 2048; +pub const PROCESS_CREATE_FLAGS_RELEASE_SECTION: u32 = 4096; +pub const PROCESS_CREATE_FLAGS_CLONE_MINIMAL: u32 = 8192; +pub const PROCESS_CREATE_FLAGS_CLONE_MINIMAL_REDUCED_COMMIT: u32 = 16384; +pub const PROCESS_CREATE_FLAGS_AUXILIARY_PROCESS: u32 = 32768; +pub const PROCESS_CREATE_FLAGS_CREATE_STORE: u32 = 131072; +pub const PROCESS_CREATE_FLAGS_USE_PROTECTED_ENVIRONMENT: u32 = 262144; +pub const PROCESS_GET_NEXT_FLAGS_PREVIOUS_PROCESS: u32 = 1; +pub const STATECHANGE_SET_ATTRIBUTES: u32 = 1; +pub const QUEUE_USER_APC_FLAGS_NONE: u32 = 0; +pub const QUEUE_USER_APC_FLAGS_SPECIAL_USER_APC: u32 = 1; +pub const QUEUE_USER_APC_CALLBACK_DATA_CONTEXT: u32 = 65536; +pub const ProcThreadAttributeParentProcess: u32 = 0; +pub const ProcThreadAttributeExtendedFlags: u32 = 1; +pub const ProcThreadAttributeHandleList: u32 = 2; +pub const ProcThreadAttributeGroupAffinity: u32 = 3; +pub const ProcThreadAttributePreferredNode: u32 = 4; +pub const ProcThreadAttributeIdealProcessor: u32 = 5; +pub const ProcThreadAttributeUmsThread: u32 = 6; +pub const ProcThreadAttributeMitigationPolicy: u32 = 7; +pub const ProcThreadAttributePackageFullName: u32 = 8; +pub const ProcThreadAttributeSecurityCapabilities: u32 = 9; +pub const ProcThreadAttributeConsoleReference: u32 = 10; +pub const ProcThreadAttributeProtectionLevel: u32 = 11; +pub const ProcThreadAttributeOsMaxVersionTested: u32 = 12; +pub const ProcThreadAttributeJobList: u32 = 13; +pub const ProcThreadAttributeChildProcessPolicy: u32 = 14; +pub const ProcThreadAttributeAllApplicationPackagesPolicy: u32 = 15; +pub const ProcThreadAttributeWin32kFilter: u32 = 16; +pub const ProcThreadAttributeSafeOpenPromptOriginClaim: u32 = 17; +pub const ProcThreadAttributeDesktopAppPolicy: u32 = 18; +pub const ProcThreadAttributeBnoIsolation: u32 = 19; +pub const ProcThreadAttributePseudoConsole: u32 = 22; +pub const ProcThreadAttributeIsolationManifest: u32 = 23; +pub const ProcThreadAttributeMitigationAuditPolicy: u32 = 24; +pub const ProcThreadAttributeMachineType: u32 = 25; +pub const ProcThreadAttributeComponentFilter: u32 = 26; +pub const ProcThreadAttributeEnableOptionalXStateFeatures: u32 = 27; +pub const ProcThreadAttributeCreateStore: u32 = 28; +pub const ProcThreadAttributeTrustedApp: u32 = 29; +pub const EXTENDED_PROCESS_CREATION_FLAG_ELEVATION_HANDLED: u32 = 1; +pub const EXTENDED_PROCESS_CREATION_FLAG_FORCELUA: u32 = 2; +pub const EXTENDED_PROCESS_CREATION_FLAG_FORCE_BREAKAWAY: u32 = 4; +pub const PS_ATTRIBUTE_NUMBER_MASK: u32 = 65535; +pub const PS_ATTRIBUTE_THREAD: u32 = 65536; +pub const PS_ATTRIBUTE_INPUT: u32 = 131072; +pub const PS_ATTRIBUTE_ADDITIVE: u32 = 262144; +pub const PS_STD_INPUT_HANDLE: u32 = 1; +pub const PS_STD_OUTPUT_HANDLE: u32 = 2; +pub const PS_STD_ERROR_HANDLE: u32 = 4; +pub const THREAD_CREATE_FLAGS_NONE: u32 = 0; +pub const THREAD_CREATE_FLAGS_CREATE_SUSPENDED: u32 = 1; +pub const THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH: u32 = 2; +pub const THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER: u32 = 4; +pub const THREAD_CREATE_FLAGS_LOADER_WORKER: u32 = 16; +pub const THREAD_CREATE_FLAGS_SKIP_LOADER_INIT: u32 = 32; +pub const THREAD_CREATE_FLAGS_BYPASS_PROCESS_FREEZE: u32 = 64; +pub const JobObjectBasicAccountingInformation: u32 = 1; +pub const JobObjectBasicLimitInformation: u32 = 2; +pub const JobObjectBasicProcessIdList: u32 = 3; +pub const JobObjectBasicUIRestrictions: u32 = 4; +pub const JobObjectSecurityLimitInformation: u32 = 5; +pub const JobObjectEndOfJobTimeInformation: u32 = 6; +pub const JobObjectAssociateCompletionPortInformation: u32 = 7; +pub const JobObjectBasicAndIoAccountingInformation: u32 = 8; +pub const JobObjectExtendedLimitInformation: u32 = 9; +pub const JobObjectJobSetInformation: u32 = 10; +pub const JobObjectGroupInformation: u32 = 11; +pub const JobObjectNotificationLimitInformation: u32 = 12; +pub const JobObjectLimitViolationInformation: u32 = 13; +pub const JobObjectGroupInformationEx: u32 = 14; +pub const JobObjectCpuRateControlInformation: u32 = 15; +pub const JobObjectCompletionFilter: u32 = 16; +pub const JobObjectCompletionCounter: u32 = 17; +pub const JobObjectFreezeInformation: u32 = 18; +pub const JobObjectExtendedAccountingInformation: u32 = 19; +pub const JobObjectWakeInformation: u32 = 20; +pub const JobObjectBackgroundInformation: u32 = 21; +pub const JobObjectSchedulingRankBiasInformation: u32 = 22; +pub const JobObjectTimerVirtualizationInformation: u32 = 23; +pub const JobObjectCycleTimeNotification: u32 = 24; +pub const JobObjectClearEvent: u32 = 25; +pub const JobObjectInterferenceInformation: u32 = 26; +pub const JobObjectClearPeakJobMemoryUsed: u32 = 27; +pub const JobObjectMemoryUsageInformation: u32 = 28; +pub const JobObjectSharedCommit: u32 = 29; +pub const JobObjectContainerId: u32 = 30; +pub const JobObjectIoRateControlInformation: u32 = 31; +pub const JobObjectNetRateControlInformation: u32 = 32; +pub const JobObjectNotificationLimitInformation2: u32 = 33; +pub const JobObjectLimitViolationInformation2: u32 = 34; +pub const JobObjectCreateSilo: u32 = 35; +pub const JobObjectSiloBasicInformation: u32 = 36; +pub const JobObjectSiloRootDirectory: u32 = 37; +pub const JobObjectServerSiloBasicInformation: u32 = 38; +pub const JobObjectServerSiloUserSharedData: u32 = 39; +pub const JobObjectServerSiloInitialize: u32 = 40; +pub const JobObjectServerSiloRunningState: u32 = 41; +pub const JobObjectIoAttribution: u32 = 42; +pub const JobObjectMemoryPartitionInformation: u32 = 43; +pub const JobObjectContainerTelemetryId: u32 = 44; +pub const JobObjectSiloSystemRoot: u32 = 45; +pub const JobObjectEnergyTrackingState: u32 = 46; +pub const JobObjectThreadImpersonationInformation: u32 = 47; +pub const JobObjectIoPriorityLimit: u32 = 48; +pub const JobObjectPagePriorityLimit: u32 = 49; +pub const MaxJobObjectInfoClass: u32 = 50; +pub const JOB_OBJECT_LIMIT_SILO_READY: u32 = 4194304; +pub const SILO_OBJECT_ROOT_DIRECTORY_SHADOW_ROOT: u32 = 1; +pub const SILO_OBJECT_ROOT_DIRECTORY_INITIALIZE: u32 = 2; +pub const SILO_OBJECT_ROOT_DIRECTORY_SHADOW_DOS_DEVICES: u32 = 4; +pub const MEMORY_BULK_INFORMATION_FLAG_BASIC: u32 = 1; +pub const DBG_STATUS_CONTROL_C: u32 = 1; +pub const DBG_STATUS_SYSRQ: u32 = 2; +pub const DBG_STATUS_BUGCHECK_FIRST: u32 = 3; +pub const DBG_STATUS_BUGCHECK_SECOND: u32 = 4; +pub const DBG_STATUS_FATAL: u32 = 5; +pub const DBG_STATUS_DEBUG_CONTROL: u32 = 6; +pub const DBG_STATUS_WORKER: u32 = 7; +pub const DEBUG_READ_EVENT: u32 = 1; +pub const DEBUG_PROCESS_ASSIGN: u32 = 2; +pub const DEBUG_SET_INFORMATION: u32 = 4; +pub const DEBUG_QUERY_INFORMATION: u32 = 8; +pub const DEBUG_ALL_ACCESS: u32 = 2031631; +pub const DEBUG_KILL_ON_CLOSE: u32 = 1; +pub const FILE_SUPERSEDE: u32 = 0; +pub const FILE_OPEN: u32 = 1; +pub const FILE_CREATE: u32 = 2; +pub const FILE_OPEN_IF: u32 = 3; +pub const FILE_OVERWRITE: u32 = 4; +pub const FILE_OVERWRITE_IF: u32 = 5; +pub const FILE_MAXIMUM_DISPOSITION: u32 = 5; +pub const FILE_DIRECTORY_FILE: u32 = 1; +pub const FILE_WRITE_THROUGH: u32 = 2; +pub const FILE_SEQUENTIAL_ONLY: u32 = 4; +pub const FILE_NO_INTERMEDIATE_BUFFERING: u32 = 8; +pub const FILE_SYNCHRONOUS_IO_ALERT: u32 = 16; +pub const FILE_SYNCHRONOUS_IO_NONALERT: u32 = 32; +pub const FILE_NON_DIRECTORY_FILE: u32 = 64; +pub const FILE_CREATE_TREE_CONNECTION: u32 = 128; +pub const TREE_CONNECT_NO_CLIENT_BUFFERING: u32 = 8; +pub const TREE_CONNECT_WRITE_THROUGH: u32 = 2; +pub const FILE_COMPLETE_IF_OPLOCKED: u32 = 256; +pub const FILE_NO_EA_KNOWLEDGE: u32 = 512; +pub const FILE_OPEN_REMOTE_INSTANCE: u32 = 1024; +pub const FILE_RANDOM_ACCESS: u32 = 2048; +pub const FILE_DELETE_ON_CLOSE: u32 = 4096; +pub const FILE_OPEN_BY_FILE_ID: u32 = 8192; +pub const FILE_OPEN_FOR_BACKUP_INTENT: u32 = 16384; +pub const FILE_NO_COMPRESSION: u32 = 32768; +pub const FILE_OPEN_REQUIRING_OPLOCK: u32 = 65536; +pub const FILE_DISALLOW_EXCLUSIVE: u32 = 131072; +pub const FILE_SESSION_AWARE: u32 = 262144; +pub const FILE_RESERVE_OPFILTER: u32 = 1048576; +pub const FILE_OPEN_REPARSE_POINT: u32 = 2097152; +pub const FILE_OPEN_NO_RECALL: u32 = 4194304; +pub const FILE_OPEN_FOR_FREE_SPACE_QUERY: u32 = 8388608; +pub const FILE_CONTAINS_EXTENDED_CREATE_INFORMATION: u32 = 268435456; +pub const FILE_VALID_EXTENDED_OPTION_FLAGS: u32 = 268435456; +pub const EX_CREATE_FLAG_FILE_SOURCE_OPEN_FOR_COPY: u32 = 1; +pub const EX_CREATE_FLAG_FILE_DEST_OPEN_FOR_COPY: u32 = 2; +pub const FILE_VALID_OPTION_FLAGS: u32 = 16777215; +pub const FILE_VALID_PIPE_OPTION_FLAGS: u32 = 50; +pub const FILE_VALID_MAILSLOT_OPTION_FLAGS: u32 = 50; +pub const FILE_VALID_SET_FLAGS: u32 = 54; +pub const FILE_COPY_STRUCTURED_STORAGE: u32 = 65; +pub const FILE_STRUCTURED_STORAGE: u32 = 1089; +pub const FILE_SUPERSEDED: u32 = 0; +pub const FILE_OPENED: u32 = 1; +pub const FILE_CREATED: u32 = 2; +pub const FILE_OVERWRITTEN: u32 = 3; +pub const FILE_EXISTS: u32 = 4; +pub const FILE_DOES_NOT_EXIST: u32 = 5; +pub const FILE_WRITE_TO_END_OF_FILE: u32 = 4294967295; +pub const FILE_USE_FILE_POINTER_POSITION: u32 = 4294967294; +pub const FILE_BYTE_ALIGNMENT: u32 = 0; +pub const FILE_WORD_ALIGNMENT: u32 = 1; +pub const FILE_LONG_ALIGNMENT: u32 = 3; +pub const FILE_QUAD_ALIGNMENT: u32 = 7; +pub const FILE_OCTA_ALIGNMENT: u32 = 15; +pub const FILE_32_BYTE_ALIGNMENT: u32 = 31; +pub const FILE_64_BYTE_ALIGNMENT: u32 = 63; +pub const FILE_128_BYTE_ALIGNMENT: u32 = 127; +pub const FILE_256_BYTE_ALIGNMENT: u32 = 255; +pub const FILE_512_BYTE_ALIGNMENT: u32 = 511; +pub const DOS_MAX_COMPONENT_LENGTH: u32 = 255; +pub const DOS_MAX_PATH_LENGTH: u32 = 260; +pub const MAXIMUM_FILENAME_LENGTH: u32 = 256; +pub const FILE_NEED_EA: u32 = 128; +pub const FILE_EA_TYPE_BINARY: u32 = 65534; +pub const FILE_EA_TYPE_ASCII: u32 = 65533; +pub const FILE_EA_TYPE_BITMAP: u32 = 65531; +pub const FILE_EA_TYPE_METAFILE: u32 = 65530; +pub const FILE_EA_TYPE_ICON: u32 = 65529; +pub const FILE_EA_TYPE_EA: u32 = 65518; +pub const FILE_EA_TYPE_MVMT: u32 = 65503; +pub const FILE_EA_TYPE_MVST: u32 = 65502; +pub const FILE_EA_TYPE_ASN1: u32 = 65501; +pub const FILE_EA_TYPE_FAMILY_IDS: u32 = 65281; +pub const FILE_REMOVABLE_MEDIA: u32 = 1; +pub const FILE_READ_ONLY_DEVICE: u32 = 2; +pub const FILE_FLOPPY_DISKETTE: u32 = 4; +pub const FILE_WRITE_ONCE_MEDIA: u32 = 8; +pub const FILE_REMOTE_DEVICE: u32 = 16; +pub const FILE_DEVICE_IS_MOUNTED: u32 = 32; +pub const FILE_VIRTUAL_VOLUME: u32 = 64; +pub const FILE_AUTOGENERATED_DEVICE_NAME: u32 = 128; +pub const FILE_DEVICE_SECURE_OPEN: u32 = 256; +pub const FILE_CHARACTERISTIC_PNP_DEVICE: u32 = 2048; +pub const FILE_CHARACTERISTIC_TS_DEVICE: u32 = 4096; +pub const FILE_CHARACTERISTIC_WEBDAV_DEVICE: u32 = 8192; +pub const FILE_CHARACTERISTIC_CSV: u32 = 65536; +pub const FILE_DEVICE_ALLOW_APPCONTAINER_TRAVERSAL: u32 = 131072; +pub const FILE_PORTABLE_DEVICE: u32 = 262144; +pub const FILE_REMOTE_DEVICE_VSMB: u32 = 524288; +pub const FILE_DEVICE_REQUIRE_SECURITY_CHECK: u32 = 1048576; +pub const FILE_PIPE_BYTE_STREAM_TYPE: u32 = 0; +pub const FILE_PIPE_MESSAGE_TYPE: u32 = 1; +pub const FILE_PIPE_ACCEPT_REMOTE_CLIENTS: u32 = 0; +pub const FILE_PIPE_REJECT_REMOTE_CLIENTS: u32 = 2; +pub const FILE_PIPE_TYPE_VALID_MASK: u32 = 3; +pub const FILE_PIPE_QUEUE_OPERATION: u32 = 0; +pub const FILE_PIPE_COMPLETE_OPERATION: u32 = 1; +pub const FILE_PIPE_BYTE_STREAM_MODE: u32 = 0; +pub const FILE_PIPE_MESSAGE_MODE: u32 = 1; +pub const FILE_PIPE_INBOUND: u32 = 0; +pub const FILE_PIPE_OUTBOUND: u32 = 1; +pub const FILE_PIPE_FULL_DUPLEX: u32 = 2; +pub const FILE_PIPE_DISCONNECTED_STATE: u32 = 1; +pub const FILE_PIPE_LISTENING_STATE: u32 = 2; +pub const FILE_PIPE_CONNECTED_STATE: u32 = 3; +pub const FILE_PIPE_CLOSING_STATE: u32 = 4; +pub const FILE_PIPE_CLIENT_END: u32 = 0; +pub const FILE_PIPE_SERVER_END: u32 = 1; +pub const FILE_PIPE_UNLIMITED_INSTANCES: u32 = 4294967295; +pub const MAILSLOT_SIZE_AUTO: u32 = 0; +pub const FLAGS_END_OF_FILE_INFO_EX_EXTEND_PAGING: u32 = 1; +pub const FLAGS_END_OF_FILE_INFO_EX_NO_EXTRA_PAGING_EXTEND: u32 = 2; +pub const FLAGS_END_OF_FILE_INFO_EX_TIME_CONSTRAINED: u32 = 4; +pub const FLAGS_DELAY_REASONS_LOG_FILE_FULL: u32 = 1; +pub const FLAGS_DELAY_REASONS_BITMAP_SCANNED: u32 = 2; +pub const FILE_LINK_REPLACE_IF_EXISTS: u32 = 1; +pub const FILE_LINK_POSIX_SEMANTICS: u32 = 2; +pub const FILE_LINK_SUPPRESS_STORAGE_RESERVE_INHERITANCE: u32 = 8; +pub const FILE_LINK_NO_INCREASE_AVAILABLE_SPACE: u32 = 16; +pub const FILE_LINK_NO_DECREASE_AVAILABLE_SPACE: u32 = 32; +pub const FILE_LINK_PRESERVE_AVAILABLE_SPACE: u32 = 48; +pub const FILE_LINK_IGNORE_READONLY_ATTRIBUTE: u32 = 64; +pub const FILE_LINK_FORCE_RESIZE_TARGET_SR: u32 = 128; +pub const FILE_LINK_FORCE_RESIZE_SOURCE_SR: u32 = 256; +pub const FILE_LINK_FORCE_RESIZE_SR: u32 = 384; +pub const FILE_RENAME_REPLACE_IF_EXISTS: u32 = 1; +pub const FILE_RENAME_POSIX_SEMANTICS: u32 = 2; +pub const FILE_RENAME_SUPPRESS_PIN_STATE_INHERITANCE: u32 = 4; +pub const FILE_RENAME_SUPPRESS_STORAGE_RESERVE_INHERITANCE: u32 = 8; +pub const FILE_RENAME_NO_INCREASE_AVAILABLE_SPACE: u32 = 16; +pub const FILE_RENAME_NO_DECREASE_AVAILABLE_SPACE: u32 = 32; +pub const FILE_RENAME_PRESERVE_AVAILABLE_SPACE: u32 = 48; +pub const FILE_RENAME_IGNORE_READONLY_ATTRIBUTE: u32 = 64; +pub const FILE_RENAME_FORCE_RESIZE_TARGET_SR: u32 = 128; +pub const FILE_RENAME_FORCE_RESIZE_SOURCE_SR: u32 = 256; +pub const FILE_RENAME_FORCE_RESIZE_SR: u32 = 384; +pub const FILE_SKIP_SET_USER_EVENT_ON_FAST_IO: u32 = 4; +pub const CHECKSUM_ENFORCEMENT_OFF: u32 = 1; +pub const LX_FILE_METADATA_HAS_UID: u32 = 1; +pub const LX_FILE_METADATA_HAS_GID: u32 = 2; +pub const LX_FILE_METADATA_HAS_MODE: u32 = 4; +pub const LX_FILE_METADATA_HAS_DEVICE_ID: u32 = 8; +pub const LX_FILE_CASE_SENSITIVE_DIR: u32 = 16; +pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED: u32 = 1; +pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX: u32 = 2; +pub const FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX: u32 = 4; +pub const FILE_VC_QUOTA_NONE: u32 = 0; +pub const FILE_VC_QUOTA_TRACK: u32 = 1; +pub const FILE_VC_QUOTA_ENFORCE: u32 = 2; +pub const FILE_VC_QUOTA_MASK: u32 = 3; +pub const FILE_VC_CONTENT_INDEX_DISABLED: u32 = 8; +pub const FILE_VC_LOG_QUOTA_THRESHOLD: u32 = 16; +pub const FILE_VC_LOG_QUOTA_LIMIT: u32 = 32; +pub const FILE_VC_LOG_VOLUME_THRESHOLD: u32 = 64; +pub const FILE_VC_LOG_VOLUME_LIMIT: u32 = 128; +pub const FILE_VC_QUOTAS_INCOMPLETE: u32 = 256; +pub const FILE_VC_QUOTAS_REBUILDING: u32 = 512; +pub const FILE_VC_VALID_MASK: u32 = 1023; +pub const SSINFO_FLAGS_ALIGNED_DEVICE: u32 = 1; +pub const SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE: u32 = 2; +pub const SSINFO_FLAGS_NO_SEEK_PENALTY: u32 = 4; +pub const SSINFO_FLAGS_TRIM_ENABLED: u32 = 8; +pub const SSINFO_FLAGS_BYTE_ADDRESSABLE: u32 = 16; +pub const SSINFO_OFFSET_UNKNOWN: u32 = 4294967295; +pub const FILE_QUERY_RESTART_SCAN: u32 = 1; +pub const FILE_QUERY_RETURN_SINGLE_ENTRY: u32 = 2; +pub const FILE_QUERY_INDEX_SPECIFIED: u32 = 4; +pub const FILE_QUERY_RETURN_ON_DISK_ENTRIES_ONLY: u32 = 8; +pub const FILE_QUERY_NO_CURSOR_UPDATE: u32 = 16; +pub const IO_COMPLETION_QUERY_STATE: u32 = 1; +pub const SYMLINK_FLAG_RELATIVE: u32 = 1; +pub const SYMLINK_DIRECTORY: u32 = 2147483648; +pub const SYMLINK_FILE: u32 = 1073741824; +pub const REPARSE_DATA_EX_FLAG_GIVEN_TAG_OR_NONE: u32 = 1; +pub const DEVICE_NAMED_PIPE: &[u8; 19] = b"\\Device\\NamedPipe\\\0"; +pub const FILE_PIPE_READ_DATA: u32 = 0; +pub const FILE_PIPE_WRITE_SPACE: u32 = 1; +pub const FILE_PIPE_COMPUTER_NAME_LENGTH: u32 = 15; +pub const FILE_PIPE_SYMLINK_FLAG_GLOBAL: u32 = 1; +pub const FILE_PIPE_SYMLINK_FLAG_RELATIVE: u32 = 2; +pub const FILE_PIPE_SYMLINK_VALID_FLAGS: u32 = 3; +pub const MAILSLOT_CLASS_FIRSTCLASS: u32 = 1; +pub const MAILSLOT_CLASS_SECONDCLASS: u32 = 2; +pub const MOUNTMGR_DEVICE_NAME: &[u8; 26] = b"\\Device\\MountPointManager\0"; +pub const MOUNTMGRCONTROLTYPE: u32 = 109; +pub const MOUNTDEVCONTROLTYPE: u32 = 77; +pub const IRP_MJ_CREATE: u32 = 0; +pub const IRP_MJ_CREATE_NAMED_PIPE: u32 = 1; +pub const IRP_MJ_CLOSE: u32 = 2; +pub const IRP_MJ_READ: u32 = 3; +pub const IRP_MJ_WRITE: u32 = 4; +pub const IRP_MJ_QUERY_INFORMATION: u32 = 5; +pub const IRP_MJ_SET_INFORMATION: u32 = 6; +pub const IRP_MJ_QUERY_EA: u32 = 7; +pub const IRP_MJ_SET_EA: u32 = 8; +pub const IRP_MJ_FLUSH_BUFFERS: u32 = 9; +pub const IRP_MJ_QUERY_VOLUME_INFORMATION: u32 = 10; +pub const IRP_MJ_SET_VOLUME_INFORMATION: u32 = 11; +pub const IRP_MJ_DIRECTORY_CONTROL: u32 = 12; +pub const IRP_MJ_FILE_SYSTEM_CONTROL: u32 = 13; +pub const IRP_MJ_DEVICE_CONTROL: u32 = 14; +pub const IRP_MJ_INTERNAL_DEVICE_CONTROL: u32 = 15; +pub const IRP_MJ_SHUTDOWN: u32 = 16; +pub const IRP_MJ_LOCK_CONTROL: u32 = 17; +pub const IRP_MJ_CLEANUP: u32 = 18; +pub const IRP_MJ_CREATE_MAILSLOT: u32 = 19; +pub const IRP_MJ_QUERY_SECURITY: u32 = 20; +pub const IRP_MJ_SET_SECURITY: u32 = 21; +pub const IRP_MJ_POWER: u32 = 22; +pub const IRP_MJ_SYSTEM_CONTROL: u32 = 23; +pub const IRP_MJ_DEVICE_CHANGE: u32 = 24; +pub const IRP_MJ_QUERY_QUOTA: u32 = 25; +pub const IRP_MJ_SET_QUOTA: u32 = 26; +pub const IRP_MJ_PNP: u32 = 27; +pub const IRP_MJ_PNP_POWER: u32 = 27; +pub const IRP_MJ_MAXIMUM_FUNCTION: u32 = 27; +pub const FLT_INTERNAL_OPERATION_COUNT: u32 = 22; +pub const IRP_MN_SCSI_CLASS: u32 = 1; +pub const IRP_MN_START_DEVICE: u32 = 0; +pub const IRP_MN_QUERY_REMOVE_DEVICE: u32 = 1; +pub const IRP_MN_REMOVE_DEVICE: u32 = 2; +pub const IRP_MN_CANCEL_REMOVE_DEVICE: u32 = 3; +pub const IRP_MN_STOP_DEVICE: u32 = 4; +pub const IRP_MN_QUERY_STOP_DEVICE: u32 = 5; +pub const IRP_MN_CANCEL_STOP_DEVICE: u32 = 6; +pub const IRP_MN_QUERY_DEVICE_RELATIONS: u32 = 7; +pub const IRP_MN_QUERY_INTERFACE: u32 = 8; +pub const IRP_MN_QUERY_CAPABILITIES: u32 = 9; +pub const IRP_MN_QUERY_RESOURCES: u32 = 10; +pub const IRP_MN_QUERY_RESOURCE_REQUIREMENTS: u32 = 11; +pub const IRP_MN_QUERY_DEVICE_TEXT: u32 = 12; +pub const IRP_MN_FILTER_RESOURCE_REQUIREMENTS: u32 = 13; +pub const IRP_MN_READ_CONFIG: u32 = 15; +pub const IRP_MN_WRITE_CONFIG: u32 = 16; +pub const IRP_MN_EJECT: u32 = 17; +pub const IRP_MN_SET_LOCK: u32 = 18; +pub const IRP_MN_QUERY_ID: u32 = 19; +pub const IRP_MN_QUERY_PNP_DEVICE_STATE: u32 = 20; +pub const IRP_MN_QUERY_BUS_INFORMATION: u32 = 21; +pub const IRP_MN_DEVICE_USAGE_NOTIFICATION: u32 = 22; +pub const IRP_MN_SURPRISE_REMOVAL: u32 = 23; +pub const IRP_MN_DEVICE_ENUMERATED: u32 = 25; +pub const IRP_MN_WAIT_WAKE: u32 = 0; +pub const IRP_MN_POWER_SEQUENCE: u32 = 1; +pub const IRP_MN_SET_POWER: u32 = 2; +pub const IRP_MN_QUERY_POWER: u32 = 3; +pub const IRP_MN_QUERY_ALL_DATA: u32 = 0; +pub const IRP_MN_QUERY_SINGLE_INSTANCE: u32 = 1; +pub const IRP_MN_CHANGE_SINGLE_INSTANCE: u32 = 2; +pub const IRP_MN_CHANGE_SINGLE_ITEM: u32 = 3; +pub const IRP_MN_ENABLE_EVENTS: u32 = 4; +pub const IRP_MN_DISABLE_EVENTS: u32 = 5; +pub const IRP_MN_ENABLE_COLLECTION: u32 = 6; +pub const IRP_MN_DISABLE_COLLECTION: u32 = 7; +pub const IRP_MN_REGINFO: u32 = 8; +pub const IRP_MN_EXECUTE_METHOD: u32 = 9; +pub const IRP_MN_REGINFO_EX: u32 = 11; +pub const FLTFL_CALLBACK_DATA_REISSUE_MASK: u32 = 65535; +pub const FLTFL_CALLBACK_DATA_IRP_OPERATION: u32 = 1; +pub const FLTFL_CALLBACK_DATA_FAST_IO_OPERATION: u32 = 2; +pub const FLTFL_CALLBACK_DATA_FS_FILTER_OPERATION: u32 = 4; +pub const FLTFL_CALLBACK_DATA_SYSTEM_BUFFER: u32 = 8; +pub const FLTFL_CALLBACK_DATA_GENERATED_IO: u32 = 65536; +pub const FLTFL_CALLBACK_DATA_REISSUED_IO: u32 = 131072; +pub const FLTFL_CALLBACK_DATA_DRAINING_IO: u32 = 262144; +pub const FLTFL_CALLBACK_DATA_POST_OPERATION: u32 = 524288; +pub const FLTFL_CALLBACK_DATA_NEW_SYSTEM_BUFFER: u32 = 1048576; +pub const FLTFL_CALLBACK_DATA_DIRTY: u32 = 2147483648; +pub const IRP_NOCACHE: u32 = 1; +pub const IRP_PAGING_IO: u32 = 2; +pub const IRP_MOUNT_COMPLETION: u32 = 2; +pub const IRP_SYNCHRONOUS_API: u32 = 4; +pub const IRP_ASSOCIATED_IRP: u32 = 8; +pub const IRP_BUFFERED_IO: u32 = 16; +pub const IRP_DEALLOCATE_BUFFER: u32 = 32; +pub const IRP_INPUT_OPERATION: u32 = 64; +pub const IRP_SYNCHRONOUS_PAGING_IO: u32 = 64; +pub const IRP_CREATE_OPERATION: u32 = 128; +pub const IRP_READ_OPERATION: u32 = 256; +pub const IRP_WRITE_OPERATION: u32 = 512; +pub const IRP_CLOSE_OPERATION: u32 = 1024; +pub const IRP_DEFER_IO_COMPLETION: u32 = 2048; +pub const IRP_OB_QUERY_NAME: u32 = 4096; +pub const IRP_HOLD_DEVICE_QUEUE: u32 = 8192; +pub const IRP_UM_DRIVER_INITIATED_IO: u32 = 4194304; +pub const FO_FILE_OPEN: u32 = 1; +pub const FO_SYNCHRONOUS_IO: u32 = 2; +pub const FO_ALERTABLE_IO: u32 = 4; +pub const FO_NO_INTERMEDIATE_BUFFERING: u32 = 8; +pub const FO_WRITE_THROUGH: u32 = 16; +pub const FO_SEQUENTIAL_ONLY: u32 = 32; +pub const FO_CACHE_SUPPORTED: u32 = 64; +pub const FO_NAMED_PIPE: u32 = 128; +pub const FO_STREAM_FILE: u32 = 256; +pub const FO_MAILSLOT: u32 = 512; +pub const FO_GENERATE_AUDIT_ON_CLOSE: u32 = 1024; +pub const FO_QUEUE_IRP_TO_THREAD: u32 = 1024; +pub const FO_DIRECT_DEVICE_OPEN: u32 = 2048; +pub const FO_FILE_MODIFIED: u32 = 4096; +pub const FO_FILE_SIZE_CHANGED: u32 = 8192; +pub const FO_CLEANUP_COMPLETE: u32 = 16384; +pub const FO_TEMPORARY_FILE: u32 = 32768; +pub const FO_DELETE_ON_CLOSE: u32 = 65536; +pub const FO_OPENED_CASE_SENSITIVE: u32 = 131072; +pub const FO_HANDLE_CREATED: u32 = 262144; +pub const FO_FILE_FAST_IO_READ: u32 = 524288; +pub const FO_RANDOM_ACCESS: u32 = 1048576; +pub const FO_FILE_OPEN_CANCELLED: u32 = 2097152; +pub const FO_VOLUME_OPEN: u32 = 4194304; +pub const FO_BYPASS_IO_ENABLED: u32 = 8388608; +pub const FO_REMOTE_ORIGIN: u32 = 16777216; +pub const FO_DISALLOW_EXCLUSIVE: u32 = 33554432; +pub const FO_SKIP_COMPLETION_PORT: u32 = 33554432; +pub const FO_SKIP_SET_EVENT: u32 = 67108864; +pub const FO_SKIP_SET_FAST_IO: u32 = 134217728; +pub const FO_INDIRECT_WAIT_OBJECT: u32 = 268435456; +pub const FO_SECTION_MINSTORE_TREATMENT: u32 = 536870912; +pub const SL_PENDING_RETURNED: u32 = 1; +pub const SL_ERROR_RETURNED: u32 = 2; +pub const SL_INVOKE_ON_CANCEL: u32 = 32; +pub const SL_INVOKE_ON_SUCCESS: u32 = 64; +pub const SL_INVOKE_ON_ERROR: u32 = 128; +pub const SL_FORCE_ACCESS_CHECK: u32 = 1; +pub const SL_OPEN_PAGING_FILE: u32 = 2; +pub const SL_OPEN_TARGET_DIRECTORY: u32 = 4; +pub const SL_STOP_ON_SYMLINK: u32 = 8; +pub const SL_IGNORE_READONLY_ATTRIBUTE: u32 = 64; +pub const SL_CASE_SENSITIVE: u32 = 128; +pub const SL_KEY_SPECIFIED: u32 = 1; +pub const SL_OVERRIDE_VERIFY_VOLUME: u32 = 2; +pub const SL_WRITE_THROUGH: u32 = 4; +pub const SL_FT_SEQUENTIAL_WRITE: u32 = 8; +pub const SL_FORCE_DIRECT_WRITE: u32 = 16; +pub const SL_REALTIME_STREAM: u32 = 32; +pub const SL_PERSISTENT_MEMORY_FIXED_MAPPING: u32 = 32; +pub const SL_BYPASS_IO: u32 = 64; +pub const SL_FORCE_ASYNCHRONOUS: u32 = 1; +pub const SL_READ_ACCESS_GRANTED: u32 = 1; +pub const SL_WRITE_ACCESS_GRANTED: u32 = 4; +pub const SL_FAIL_IMMEDIATELY: u32 = 1; +pub const SL_EXCLUSIVE_LOCK: u32 = 2; +pub const SL_RESTART_SCAN: u32 = 1; +pub const SL_RETURN_SINGLE_ENTRY: u32 = 2; +pub const SL_INDEX_SPECIFIED: u32 = 4; +pub const SL_RETURN_ON_DISK_ENTRIES_ONLY: u32 = 8; +pub const SL_NO_CURSOR_UPDATE: u32 = 16; +pub const SL_QUERY_DIRECTORY_MASK: u32 = 27; +pub const SL_WATCH_TREE: u32 = 1; +pub const SL_ALLOW_RAW_MOUNT: u32 = 1; +pub const SL_BYPASS_ACCESS_CHECK: u32 = 1; +pub const SL_INFO_FORCE_ACCESS_CHECK: u32 = 1; +pub const SL_INFO_IGNORE_READONLY_ATTRIBUTE: u32 = 64; +pub const DO_VERIFY_VOLUME: u32 = 2; +pub const DO_BUFFERED_IO: u32 = 4; +pub const DO_EXCLUSIVE: u32 = 8; +pub const DO_DIRECT_IO: u32 = 16; +pub const DO_MAP_IO_BUFFER: u32 = 32; +pub const DO_DEVICE_INITIALIZING: u32 = 128; +pub const DO_SHUTDOWN_REGISTERED: u32 = 2048; +pub const DO_BUS_ENUMERATED_DEVICE: u32 = 4096; +pub const DO_POWER_PAGABLE: u32 = 8192; +pub const DO_POWER_INRUSH: u32 = 16384; +pub const DO_DEVICE_TO_BE_RESET: u32 = 67108864; +pub const DO_DAX_VOLUME: u32 = 268435456; +pub const KSEC_DEVICE_NAME: &[u8; 15] = b"\\Device\\KSecDD\0"; +pub const OPLOCK_KEY_VERSION_WIN7: u32 = 1; +pub const OPLOCK_KEY_VERSION_WIN8: u32 = 2; +pub const OPLOCK_KEY_FLAG_PARENT_KEY: u32 = 1; +pub const OPLOCK_KEY_FLAG_TARGET_KEY: u32 = 2; +pub const PORT_CONNECT: u32 = 1; +pub const PORT_ALL_ACCESS: u32 = 2031617; +pub const LPC_REQUEST: u32 = 1; +pub const LPC_REPLY: u32 = 2; +pub const LPC_DATAGRAM: u32 = 3; +pub const LPC_LOST_REPLY: u32 = 4; +pub const LPC_PORT_CLOSED: u32 = 5; +pub const LPC_CLIENT_DIED: u32 = 6; +pub const LPC_EXCEPTION: u32 = 7; +pub const LPC_DEBUG_EVENT: u32 = 8; +pub const LPC_ERROR_EVENT: u32 = 9; +pub const LPC_CONNECTION_REQUEST: u32 = 10; +pub const LPC_CONTINUATION_REQUIRED: u32 = 8192; +pub const PORT_VALID_OBJECT_ATTRIBUTES: u32 = 64; +pub const PORT_MAXIMUM_MESSAGE_LENGTH: u32 = 512; +pub const ALPC_PORFLG_LPC_MODE: u32 = 4096; +pub const ALPC_PORFLG_ALLOW_IMPERSONATION: u32 = 65536; +pub const ALPC_PORFLG_ALLOW_LPC_REQUESTS: u32 = 131072; +pub const ALPC_PORFLG_WAITABLE_PORT: u32 = 262144; +pub const ALPC_PORFLG_ALLOW_DUP_OBJECT: u32 = 524288; +pub const ALPC_PORFLG_SYSTEM_PROCESS: u32 = 1048576; +pub const ALPC_PORFLG_WAKE_POLICY1: u32 = 2097152; +pub const ALPC_PORFLG_WAKE_POLICY2: u32 = 4194304; +pub const ALPC_PORFLG_WAKE_POLICY3: u32 = 8388608; +pub const ALPC_PORFLG_DIRECT_MESSAGE: u32 = 16777216; +pub const ALPC_PORFLG_ALLOW_MULTIHANDLE_ATTRIBUTE: u32 = 33554432; +pub const ALPC_PORFLG_OBJECT_TYPE_FILE: u32 = 1; +pub const ALPC_PORFLG_OBJECT_TYPE_INVALID: u32 = 2; +pub const ALPC_PORFLG_OBJECT_TYPE_THREAD: u32 = 4; +pub const ALPC_PORFLG_OBJECT_TYPE_SEMAPHORE: u32 = 8; +pub const ALPC_PORFLG_OBJECT_TYPE_EVENT: u32 = 16; +pub const ALPC_PORFLG_OBJECT_TYPE_PROCESS: u32 = 32; +pub const ALPC_PORFLG_OBJECT_TYPE_MUTEX: u32 = 64; +pub const ALPC_PORFLG_OBJECT_TYPE_SECTION: u32 = 128; +pub const ALPC_PORFLG_OBJECT_TYPE_REGKEY: u32 = 256; +pub const ALPC_PORFLG_OBJECT_TYPE_TOKEN: u32 = 512; +pub const ALPC_PORFLG_OBJECT_TYPE_COMPOSITION: u32 = 1024; +pub const ALPC_PORFLG_OBJECT_TYPE_JOB: u32 = 2048; +pub const ALPC_PORFLG_OBJECT_TYPE_ALL: u32 = 4093; +pub const ALPC_MESSAGE_SECURITY_ATTRIBUTE: u32 = 2147483648; +pub const ALPC_MESSAGE_VIEW_ATTRIBUTE: u32 = 1073741824; +pub const ALPC_MESSAGE_CONTEXT_ATTRIBUTE: u32 = 536870912; +pub const ALPC_MESSAGE_HANDLE_ATTRIBUTE: u32 = 268435456; +pub const ALPC_COMPLETION_LIST_BUFFER_GRANULARITY_MASK: u32 = 63; +pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ACCESS: u32 = 65536; +pub const ALPC_HANDLEFLG_DUPLICATE_SAME_ATTRIBUTES: u32 = 131072; +pub const ALPC_HANDLEFLG_DUPLICATE_INHERIT: u32 = 524288; +pub const ALPC_SECFLG_CREATE_HANDLE: u32 = 131072; +pub const ALPC_SECFLG_NOSECTIONHANDLE: u32 = 262144; +pub const ALPC_VIEWFLG_NOT_SECURE: u32 = 262144; +pub const ALPC_CREATEPORTSECTIONFLG_SECURE: u32 = 262144; +pub const ALPC_MSGFLG_REPLY_MESSAGE: u32 = 1; +pub const ALPC_MSGFLG_LPC_MODE: u32 = 2; +pub const ALPC_MSGFLG_RELEASE_MESSAGE: u32 = 65536; +pub const ALPC_MSGFLG_SYNC_REQUEST: u32 = 131072; +pub const ALPC_MSGFLG_TRACK_PORT_REFERENCES: u32 = 262144; +pub const ALPC_MSGFLG_WAIT_USER_MODE: u32 = 1048576; +pub const ALPC_MSGFLG_WAIT_ALERTABLE: u32 = 2097152; +pub const ALPC_MSGFLG_WOW64_CALL: u32 = 2147483648; +pub const ALPC_CANCELFLG_TRY_CANCEL: u32 = 1; +pub const ALPC_CANCELFLG_NO_CONTEXT_CHECK: u32 = 8; +pub const ALPC_CANCELFLGP_FLUSH: u32 = 65536; +pub const ALPC_IMPERSONATEFLG_ANONYMOUS: u32 = 1; +pub const ALPC_IMPERSONATEFLG_REQUIRE_IMPERSONATE: u32 = 2; +pub const ALPC_ATTRFLG_ALLOCATEDATTR: u32 = 536870912; +pub const ALPC_ATTRFLG_VALIDATTR: u32 = 1073741824; +pub const ALPC_ATTRFLG_KEEPRUNNINGATTR: u32 = 1610612736; +pub const PF_BOOT_CONTROL_VERSION: u32 = 1; +pub const PREFETCHER_INFORMATION_VERSION: u32 = 23; +pub const PF_PFN_PRIO_REQUEST_VERSION: u32 = 1; +pub const PF_PFN_PRIO_REQUEST_QUERY_MEMORY_LIST: u32 = 1; +pub const PF_PFN_PRIO_REQUEST_VALID_FLAGS: u32 = 1; +pub const PF_PRIVSOURCE_QUERY_REQUEST_VERSION: u32 = 8; +pub const PF_PRIVSOURCE_QUERY_REQUEST_FLAGS_QUERYWSPAGES: u32 = 1; +pub const PF_PRIVSOURCE_QUERY_REQUEST_FLAGS_QUERYCOMPRESSEDPAGES: u32 = 2; +pub const PF_PRIVSOURCE_QUERY_REQUEST_FLAGS_QUERYSKIPPAGES: u32 = 4; +pub const PF_SCENARIO_PHASE_INFO_VERSION: u32 = 4; +pub const PF_ROBUSTNESS_CONTROL_VERSION: u32 = 1; +pub const PF_MEMORY_LIST_INFO_VERSION: u32 = 1; +pub const PF_PHYSICAL_MEMORY_RANGE_INFO_V1_VERSION: u32 = 1; +pub const PF_PHYSICAL_MEMORY_RANGE_INFO_V2_VERSION: u32 = 2; +pub const PF_REPURPOSED_BY_PREFETCH_INFO_VERSION: u32 = 1; +pub const PF_VIRTUAL_QUERY_VERSION: u32 = 1; +pub const PF_MIN_WS_AGE_RATE_CONTROL_VERSION: u32 = 1; +pub const PF_DEPRIORITIZE_OLD_PAGES_VERSION: u32 = 3; +pub const PF_GPU_UTILIZATION_INFO_VERSION: u32 = 1; +pub const SUPERFETCH_INFORMATION_VERSION: u32 = 45; +pub const SystemPowerPolicyAc: u32 = 0; +pub const SystemPowerPolicyDc: u32 = 1; +pub const VerifySystemPolicyAc: u32 = 2; +pub const VerifySystemPolicyDc: u32 = 3; +pub const SystemPowerCapabilities: u32 = 4; +pub const SystemBatteryState: u32 = 5; +pub const SystemPowerStateHandler: u32 = 6; +pub const ProcessorStateHandler: u32 = 7; +pub const SystemPowerPolicyCurrent: u32 = 8; +pub const AdministratorPowerPolicy: u32 = 9; +pub const SystemReserveHiberFile: u32 = 10; +pub const ProcessorInformation: u32 = 11; +pub const SystemPowerInformation: u32 = 12; +pub const ProcessorStateHandler2: u32 = 13; +pub const LastWakeTime: u32 = 14; +pub const LastSleepTime: u32 = 15; +pub const SystemExecutionState: u32 = 16; +pub const SystemPowerStateNotifyHandler: u32 = 17; +pub const ProcessorPowerPolicyAc: u32 = 18; +pub const ProcessorPowerPolicyDc: u32 = 19; +pub const VerifyProcessorPowerPolicyAc: u32 = 20; +pub const VerifyProcessorPowerPolicyDc: u32 = 21; +pub const ProcessorPowerPolicyCurrent: u32 = 22; +pub const SystemPowerStateLogging: u32 = 23; +pub const SystemPowerLoggingEntry: u32 = 24; +pub const SetPowerSettingValue: u32 = 25; +pub const NotifyUserPowerSetting: u32 = 26; +pub const PowerInformationLevelUnused0: u32 = 27; +pub const SystemMonitorHiberBootPowerOff: u32 = 28; +pub const SystemVideoState: u32 = 29; +pub const TraceApplicationPowerMessage: u32 = 30; +pub const TraceApplicationPowerMessageEnd: u32 = 31; +pub const ProcessorPerfStates: u32 = 32; +pub const ProcessorIdleStates: u32 = 33; +pub const ProcessorCap: u32 = 34; +pub const SystemWakeSource: u32 = 35; +pub const SystemHiberFileInformation: u32 = 36; +pub const TraceServicePowerMessage: u32 = 37; +pub const ProcessorLoad: u32 = 38; +pub const PowerShutdownNotification: u32 = 39; +pub const MonitorCapabilities: u32 = 40; +pub const SessionPowerInit: u32 = 41; +pub const SessionDisplayState: u32 = 42; +pub const PowerRequestCreate: u32 = 43; +pub const PowerRequestAction: u32 = 44; +pub const GetPowerRequestList: u32 = 45; +pub const ProcessorInformationEx: u32 = 46; +pub const NotifyUserModeLegacyPowerEvent: u32 = 47; +pub const GroupPark: u32 = 48; +pub const ProcessorIdleDomains: u32 = 49; +pub const WakeTimerList: u32 = 50; +pub const SystemHiberFileSize: u32 = 51; +pub const ProcessorIdleStatesHv: u32 = 52; +pub const ProcessorPerfStatesHv: u32 = 53; +pub const ProcessorPerfCapHv: u32 = 54; +pub const ProcessorSetIdle: u32 = 55; +pub const LogicalProcessorIdling: u32 = 56; +pub const UserPresence: u32 = 57; +pub const PowerSettingNotificationName: u32 = 58; +pub const GetPowerSettingValue: u32 = 59; +pub const IdleResiliency: u32 = 60; +pub const SessionRITState: u32 = 61; +pub const SessionConnectNotification: u32 = 62; +pub const SessionPowerCleanup: u32 = 63; +pub const SessionLockState: u32 = 64; +pub const SystemHiberbootState: u32 = 65; +pub const PlatformInformation: u32 = 66; +pub const PdcInvocation: u32 = 67; +pub const MonitorInvocation: u32 = 68; +pub const FirmwareTableInformationRegistered: u32 = 69; +pub const SetShutdownSelectedTime: u32 = 70; +pub const SuspendResumeInvocation: u32 = 71; +pub const PlmPowerRequestCreate: u32 = 72; +pub const ScreenOff: u32 = 73; +pub const CsDeviceNotification: u32 = 74; +pub const PlatformRole: u32 = 75; +pub const LastResumePerformance: u32 = 76; +pub const DisplayBurst: u32 = 77; +pub const ExitLatencySamplingPercentage: u32 = 78; +pub const RegisterSpmPowerSettings: u32 = 79; +pub const PlatformIdleStates: u32 = 80; +pub const ProcessorIdleVeto: u32 = 81; +pub const PlatformIdleVeto: u32 = 82; +pub const SystemBatteryStatePrecise: u32 = 83; +pub const ThermalEvent: u32 = 84; +pub const PowerRequestActionInternal: u32 = 85; +pub const BatteryDeviceState: u32 = 86; +pub const PowerInformationInternal: u32 = 87; +pub const ThermalStandby: u32 = 88; +pub const SystemHiberFileType: u32 = 89; +pub const PhysicalPowerButtonPress: u32 = 90; +pub const QueryPotentialDripsConstraint: u32 = 91; +pub const EnergyTrackerCreate: u32 = 92; +pub const EnergyTrackerQuery: u32 = 93; +pub const UpdateBlackBoxRecorder: u32 = 94; +pub const SessionAllowExternalDmaDevices: u32 = 95; +pub const SendSuspendResumeNotification: u32 = 96; +pub const BlackBoxRecorderDirectAccessBuffer: u32 = 97; +pub const PowerInformationLevelMaximum: u32 = 98; +pub const POWER_REQUEST_CONTEXT_NOT_SPECIFIED: u32 = 2147483648; +pub const PROCESSOR_STATE_TYPE_PERFORMANCE: u32 = 1; +pub const PROCESSOR_STATE_TYPE_THROTTLE: u32 = 2; +pub const IDLE_STATE_FLAGS_C1_HLT: u32 = 1; +pub const IDLE_STATE_FLAGS_C1_IO_HLT: u32 = 2; +pub const IDLE_STATE_FLAGS_IO: u32 = 4; +pub const IDLE_STATE_FLAGS_MWAIT: u32 = 8; +pub const POWER_REQUEST_SUPPORTED_TYPES_V1: u32 = 3; +pub const POWER_REQUEST_SUPPORTED_TYPES_V2: u32 = 9; +pub const POWER_REQUEST_SUPPORTED_TYPES_V3: u32 = 5; +pub const POWER_REQUEST_SUPPORTED_TYPES_V4: u32 = 6; +pub const REG_INIT_BOOT_SM: u32 = 0; +pub const REG_INIT_BOOT_SETUP: u32 = 1; +pub const REG_INIT_BOOT_ACCEPTED_BASE: u32 = 2; +pub const REG_INIT_BOOT_ACCEPTED_MAX: u32 = 1001; +pub const REG_MAX_KEY_VALUE_NAME_LENGTH: u32 = 32767; +pub const REG_MAX_KEY_NAME_LENGTH: u32 = 512; +pub const REG_FLAG_VOLATILE: u32 = 1; +pub const REG_FLAG_LINK: u32 = 2; +pub const REG_KEY_DONT_VIRTUALIZE: u32 = 2; +pub const REG_KEY_DONT_SILENT_FAIL: u32 = 4; +pub const REG_KEY_RECURSE_FLAG: u32 = 8; +pub const CM_EXTENDED_PARAMETER_TYPE_BITS: u32 = 8; +pub const VR_DEVICE_NAME: &[u8; 19] = b"\\Device\\VRegDriver\0"; +pub const VR_FLAG_INHERIT_TRUST_CLASS: u32 = 1; +pub const VR_FLAG_WRITE_THROUGH_HIVE: u32 = 2; +pub const VR_FLAG_LOCAL_MACHINE_TRUST_CLASS: u32 = 4; +pub const VR_KEY_COMROOT: u32 = 0; +pub const VR_KEY_MACHINE_SOFTWARE: u32 = 1; +pub const VR_KEY_CONTROL_SET: u32 = 2; +pub const RTL_MEG: u32 = 1048576; +pub const RTL_IMAGE_MAX_DOS_HEADER: u32 = 268435456; +pub const RTL_HASH_ALLOCATED_HEADER: u32 = 1; +pub const RTL_HASH_RESERVED_SIGNATURE: u32 = 0; +pub const RTL_BARRIER_FLAGS_SPIN_ONLY: u32 = 1; +pub const RTL_BARRIER_FLAGS_BLOCK_ONLY: u32 = 2; +pub const RTL_BARRIER_FLAGS_NO_DELETE: u32 = 4; +pub const RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE: u32 = 1; +pub const RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING: u32 = 2; +pub const HASH_STRING_ALGORITHM_DEFAULT: u32 = 0; +pub const HASH_STRING_ALGORITHM_X65599: u32 = 1; +pub const HASH_STRING_ALGORITHM_INVALID: u32 = 4294967295; +pub const RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END: u32 = 1; +pub const RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET: u32 = 2; +pub const RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE: u32 = 4; +pub const RTL_USER_PROC_CURDIR_CLOSE: u32 = 2; +pub const RTL_USER_PROC_CURDIR_INHERIT: u32 = 3; +pub const RTL_MAX_DRIVE_LETTERS: u32 = 32; +pub const RTL_USER_PROC_PARAMS_NORMALIZED: u32 = 1; +pub const RTL_USER_PROC_PROFILE_USER: u32 = 2; +pub const RTL_USER_PROC_PROFILE_KERNEL: u32 = 4; +pub const RTL_USER_PROC_PROFILE_SERVER: u32 = 8; +pub const RTL_USER_PROC_RESERVE_1MB: u32 = 32; +pub const RTL_USER_PROC_RESERVE_16MB: u32 = 64; +pub const RTL_USER_PROC_CASE_SENSITIVE: u32 = 128; +pub const RTL_USER_PROC_DISABLE_HEAP_DECOMMIT: u32 = 256; +pub const RTL_USER_PROC_DLL_REDIRECTION_LOCAL: u32 = 4096; +pub const RTL_USER_PROC_APP_MANIFEST_PRESENT: u32 = 8192; +pub const RTL_USER_PROC_IMAGE_KEY_MISSING: u32 = 16384; +pub const RTL_USER_PROC_OPTIN_PROCESS: u32 = 131072; +pub const RTL_USER_PROCESS_EXTENDED_PARAMETERS_VERSION: u32 = 1; +pub const RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED: u32 = 1; +pub const RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES: u32 = 2; +pub const RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE: u32 = 4; +pub const RTL_PROCESS_REFLECTION_FLAGS_INHERIT_HANDLES: u32 = 2; +pub const RTL_PROCESS_REFLECTION_FLAGS_NO_SUSPEND: u32 = 4; +pub const RTL_PROCESS_REFLECTION_FLAGS_NO_SYNCHRONIZE: u32 = 8; +pub const RTL_PROCESS_REFLECTION_FLAGS_NO_CLOSE_EVENT: u32 = 16; +pub const CONTEXT_ALIGN: u32 = 16; +pub const CONTEXT_FRAME_LENGTH: u32 = 1232; +pub const CONTEXT_EX_PADDING: u32 = 16; +pub const RTL_ACTIVATE_ACTIVATION_CONTEXT_EX_FLAG_RELEASE_ON_STACK_DEALLOCATION: u32 = 1; +pub const RTL_DEACTIVATE_ACTIVATION_CONTEXT_FLAG_FORCE_EARLY_DEACTIVATION: u32 = 1; +pub const FIND_ACTIVATION_CONTEXT_SECTION_KEY_RETURN_ACTIVATION_CONTEXT: u32 = 1; +pub const FIND_ACTIVATION_CONTEXT_SECTION_KEY_RETURN_FLAGS: u32 = 2; +pub const FIND_ACTIVATION_CONTEXT_SECTION_KEY_RETURN_ASSEMBLY_METADATA: u32 = 4; +pub const RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_USE_ACTIVE_ACTIVATION_CONTEXT: u32 = 1; +pub const RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_ACTIVATION_CONTEXT_IS_MODULE: u32 = 2; +pub const RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_ACTIVATION_CONTEXT_IS_ADDRESS: u32 = 4; +pub const RTL_QUERY_INFORMATION_ACTIVATION_CONTEXT_FLAG_NO_ADDREF: u32 = 2147483648; +pub const RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK: u32 = 1; +pub const RTL_CREATE_ENVIRONMENT_TRANSLATE: u32 = 1; +pub const RTL_CREATE_ENVIRONMENT_TRANSLATE_FROM_OEM: u32 = 2; +pub const RTL_CREATE_ENVIRONMENT_EMPTY: u32 = 4; +pub const RtlNtdllName: &[u8; 10] = b"ntdll.dll\0"; +pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION: u32 = 1; +pub const RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH: u32 = 2; +pub const RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION : u32 = 4 ; +pub const IMAGE_FILE_NATIVE_MACHINE_I386: u32 = 1; +pub const IMAGE_FILE_NATIVE_MACHINE_AMD64: u32 = 2; +pub const IMAGE_FILE_NATIVE_MACHINE_ARMNT: u32 = 4; +pub const IMAGE_FILE_NATIVE_MACHINE_ARM64: u32 = 8; +pub const RTL_HEAP_SIGNATURE: u32 = 4293853166; +pub const RTL_HEAP_SEGMENT_SIGNATURE: u32 = 3723419118; +pub const SEGMENT_HEAP_PARAMETERS_VERSION: u32 = 3; +pub const SEGMENT_HEAP_FLG_USE_PAGE_HEAP: u32 = 1; +pub const SEGMENT_HEAP_PARAMS_VALID_FLAGS: u32 = 1; +pub const HEAP_SETTABLE_USER_VALUE: u32 = 256; +pub const HEAP_SETTABLE_USER_FLAG1: u32 = 512; +pub const HEAP_SETTABLE_USER_FLAG2: u32 = 1024; +pub const HEAP_SETTABLE_USER_FLAG3: u32 = 2048; +pub const HEAP_SETTABLE_USER_FLAGS: u32 = 3584; +pub const HEAP_CLASS_0: u32 = 0; +pub const HEAP_CLASS_1: u32 = 4096; +pub const HEAP_CLASS_2: u32 = 8192; +pub const HEAP_CLASS_3: u32 = 12288; +pub const HEAP_CLASS_4: u32 = 16384; +pub const HEAP_CLASS_5: u32 = 20480; +pub const HEAP_CLASS_6: u32 = 24576; +pub const HEAP_CLASS_7: u32 = 28672; +pub const HEAP_CLASS_8: u32 = 32768; +pub const HEAP_CLASS_MASK: u32 = 61440; +pub const HEAP_USAGE_ALLOCATED_BLOCKS: u32 = 16; +pub const HEAP_USAGE_FREE_BUFFER: u32 = 8; +pub const HeapCompatibilityInformation: u32 = 0; +pub const HeapEnableTerminationOnCorruption: u32 = 1; +pub const HeapExtendedInformation: u32 = 2; +pub const HeapOptimizeResources: u32 = 3; +pub const HeapTaggingInformation: u32 = 4; +pub const HeapStackDatabase: u32 = 5; +pub const HeapMemoryLimit: u32 = 6; +pub const HeapTag: u32 = 7; +pub const HeapDetailedFailureInformation: u32 = 2147483649; +pub const HeapSetDebuggingInformation: u32 = 2147483650; +pub const HeapPerformanceCountersInformationStandardHeapVersion: u32 = 1; +pub const HeapPerformanceCountersInformationSegmentHeapVersion: u32 = 2; +pub const HeapExtendedProcessHeapInformationLevel: u32 = 1; +pub const HeapExtendedHeapInformationLevel: u32 = 2; +pub const HeapExtendedHeapRegionInformationLevel: u32 = 3; +pub const HeapExtendedHeapRangeInformationLevel: u32 = 4; +pub const HeapExtendedHeapBlockInformationLevel: u32 = 5; +pub const HeapExtendedHeapHeapPerfInformationLevel: u32 = 2147483648; +pub const HEAP_STACK_QUERY_VERSION: u32 = 2; +pub const HEAP_STACK_CONTROL_VERSION: u32 = 1; +pub const HEAP_STACK_CONTROL_FLAGS_STACKTRACE_ENABLE: u32 = 1; +pub const HEAP_STACK_CONTROL_FLAGS_STACKTRACE_DISABLE: u32 = 2; +pub const RTL_QUERY_PROCESS_MODULES: u32 = 1; +pub const RTL_QUERY_PROCESS_BACKTRACES: u32 = 2; +pub const RTL_QUERY_PROCESS_HEAP_SUMMARY: u32 = 4; +pub const RTL_QUERY_PROCESS_HEAP_TAGS: u32 = 8; +pub const RTL_QUERY_PROCESS_HEAP_ENTRIES: u32 = 16; +pub const RTL_QUERY_PROCESS_LOCKS: u32 = 32; +pub const RTL_QUERY_PROCESS_MODULES32: u32 = 64; +pub const RTL_QUERY_PROCESS_VERIFIER_OPTIONS: u32 = 128; +pub const RTL_QUERY_PROCESS_MODULESEX: u32 = 256; +pub const RTL_QUERY_PROCESS_HEAP_SEGMENTS: u32 = 512; +pub const RTL_QUERY_PROCESS_CS_OWNER: u32 = 1024; +pub const RTL_QUERY_PROCESS_NONINVASIVE: u32 = 2147483648; +pub const RTL_QUERY_PROCESS_NONINVASIVE_CS_OWNER: u32 = 2147485696; +pub const RTL_ERRORMODE_FAILCRITICALERRORS: u32 = 16; +pub const RTL_ERRORMODE_NOGPFAULTERRORBOX: u32 = 32; +pub const RTL_ERRORMODE_NOOPENFILEERRORBOX: u32 = 64; +pub const RTL_IMPORT_TABLE_HASH_REVISION: u32 = 1; +pub const SecondsToStartOf1980: u64 = 11960006400; +pub const SecondsToStartOf1970: u64 = 11644473600; +pub const RTL_ATOM_TABLE_DEFAULT_NUMBER_OF_BUCKETS: u32 = 37; +pub const RTL_ATOM_MAXIMUM_NAME_LENGTH: u32 = 255; +pub const RTL_ATOM_PINNED: u32 = 1; +pub const MAX_UNICODE_STACK_BUFFER_LENGTH: u32 = 256; +pub const COMPOUND_ACE_IMPERSONATION: u32 = 1; +pub const RTL_ACQUIRE_PRIVILEGE_REVERT: u32 = 1; +pub const RTL_ACQUIRE_PRIVILEGE_PROCESS: u32 = 2; +pub const BOUNDARY_DESCRIPTOR_ADD_APPCONTAINER_SID: u32 = 1; +pub const RTL_REGISTRY_ABSOLUTE: u32 = 0; +pub const RTL_REGISTRY_SERVICES: u32 = 1; +pub const RTL_REGISTRY_CONTROL: u32 = 2; +pub const RTL_REGISTRY_WINDOWS_NT: u32 = 3; +pub const RTL_REGISTRY_DEVICEMAP: u32 = 4; +pub const RTL_REGISTRY_USER: u32 = 5; +pub const RTL_REGISTRY_MAXIMUM: u32 = 6; +pub const RTL_REGISTRY_HANDLE: u32 = 1073741824; +pub const RTL_REGISTRY_OPTIONAL: u32 = 2147483648; +pub const RTL_QUERY_REGISTRY_SUBKEY: u32 = 1; +pub const RTL_QUERY_REGISTRY_TOPKEY: u32 = 2; +pub const RTL_QUERY_REGISTRY_REQUIRED: u32 = 4; +pub const RTL_QUERY_REGISTRY_NOVALUE: u32 = 8; +pub const RTL_QUERY_REGISTRY_NOEXPAND: u32 = 16; +pub const RTL_QUERY_REGISTRY_DIRECT: u32 = 32; +pub const RTL_QUERY_REGISTRY_DELETE: u32 = 64; +pub const RTL_WALK_USER_MODE_STACK: u32 = 1; +pub const RTL_WALK_VALID_FLAGS: u32 = 1; +pub const RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT: u32 = 8; +pub const RTL_UNLOAD_EVENT_TRACE_NUMBER: u32 = 64; +pub const RTL_IMAGE_MITIGATION_OPTION_STATEMASK: u32 = 3; +pub const RTL_IMAGE_MITIGATION_OPTION_FORCEMASK: u32 = 4; +pub const RTL_IMAGE_MITIGATION_OPTION_OPTIONMASK: u32 = 8; +pub const RTL_IMAGE_MITIGATION_FLAG_RESET: u32 = 1; +pub const RTL_IMAGE_MITIGATION_FLAG_REMOVE: u32 = 2; +pub const RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT: u32 = 4; +pub const RTL_IMAGE_MITIGATION_FLAG_AUDIT: u32 = 8; +pub const PSM_ACTIVATION_TOKEN_PACKAGED_APPLICATION: u32 = 1; +pub const PSM_ACTIVATION_TOKEN_SHARED_ENTITY: u32 = 2; +pub const PSM_ACTIVATION_TOKEN_FULL_TRUST: u32 = 4; +pub const PSM_ACTIVATION_TOKEN_NATIVE_SERVICE: u32 = 8; +pub const PSM_ACTIVATION_TOKEN_DEVELOPMENT_APP: u32 = 16; +pub const PSM_ACTIVATION_TOKEN_BREAKAWAY_INHIBITED: u32 = 32; +pub const PSM_ACTIVATION_TOKEN_RUNTIME_BROKER: u32 = 64; +pub const PSM_ACTIVATION_TOKEN_UNIVERSAL_CONSOLE: u32 = 512; +pub const PSM_ACTIVATION_TOKEN_WIN32ALACARTE_PROCESS: u32 = 65536; +pub const PSMP_MINIMUM_SYSAPP_CLAIM_VALUES: u32 = 2; +pub const PSMP_MAXIMUM_SYSAPP_CLAIM_VALUES: u32 = 4; +pub const WNF_STATE_KEY: u64 = 4739561890659434612; +pub const IMAGE_FILE_MACHINE_CHPE_X86: u32 = 14948; +pub const IMAGE_FILE_MACHINE_ARM64EC: u32 = 42561; +pub const IMAGE_FILE_MACHINE_ARM64X: u32 = 42574; +pub const IMAGE_ARM64EC_CODE_MAP_TYPE_ARM64: u32 = 0; +pub const IMAGE_ARM64EC_CODE_MAP_TYPE_ARM64EC: u32 = 1; +pub const IMAGE_ARM64EC_CODE_MAP_TYPE_AMD64: u32 = 2; +pub const IMAGE_DVRT_ARM64X_FIXUP_TYPE_ZEROFILL: u32 = 0; +pub const IMAGE_DVRT_ARM64X_FIXUP_TYPE_VALUE: u32 = 1; +pub const IMAGE_DVRT_ARM64X_FIXUP_TYPE_DELTA: u32 = 2; +pub const IMAGE_DVRT_ARM64X_FIXUP_SIZE_2BYTES: u32 = 1; +pub const IMAGE_DVRT_ARM64X_FIXUP_SIZE_4BYTES: u32 = 2; +pub const IMAGE_DVRT_ARM64X_FIXUP_SIZE_8BYTES: u32 = 3; +pub const IMAGE_DYNAMIC_RELOCATION_ARM64X: u32 = 6; +pub const IMAGE_DYNAMIC_RELOCATION_MM_SHARED_USER_DATA_VA: u32 = 2147352576; +pub const SE_MIN_WELL_KNOWN_PRIVILEGE: u32 = 2; +pub const SE_CREATE_TOKEN_PRIVILEGE: u32 = 2; +pub const SE_ASSIGNPRIMARYTOKEN_PRIVILEGE: u32 = 3; +pub const SE_LOCK_MEMORY_PRIVILEGE: u32 = 4; +pub const SE_INCREASE_QUOTA_PRIVILEGE: u32 = 5; +pub const SE_MACHINE_ACCOUNT_PRIVILEGE: u32 = 6; +pub const SE_TCB_PRIVILEGE: u32 = 7; +pub const SE_SECURITY_PRIVILEGE: u32 = 8; +pub const SE_TAKE_OWNERSHIP_PRIVILEGE: u32 = 9; +pub const SE_LOAD_DRIVER_PRIVILEGE: u32 = 10; +pub const SE_SYSTEM_PROFILE_PRIVILEGE: u32 = 11; +pub const SE_SYSTEMTIME_PRIVILEGE: u32 = 12; +pub const SE_PROF_SINGLE_PROCESS_PRIVILEGE: u32 = 13; +pub const SE_INC_BASE_PRIORITY_PRIVILEGE: u32 = 14; +pub const SE_CREATE_PAGEFILE_PRIVILEGE: u32 = 15; +pub const SE_CREATE_PERMANENT_PRIVILEGE: u32 = 16; +pub const SE_BACKUP_PRIVILEGE: u32 = 17; +pub const SE_RESTORE_PRIVILEGE: u32 = 18; +pub const SE_SHUTDOWN_PRIVILEGE: u32 = 19; +pub const SE_DEBUG_PRIVILEGE: u32 = 20; +pub const SE_AUDIT_PRIVILEGE: u32 = 21; +pub const SE_SYSTEM_ENVIRONMENT_PRIVILEGE: u32 = 22; +pub const SE_CHANGE_NOTIFY_PRIVILEGE: u32 = 23; +pub const SE_REMOTE_SHUTDOWN_PRIVILEGE: u32 = 24; +pub const SE_UNDOCK_PRIVILEGE: u32 = 25; +pub const SE_SYNC_AGENT_PRIVILEGE: u32 = 26; +pub const SE_ENABLE_DELEGATION_PRIVILEGE: u32 = 27; +pub const SE_MANAGE_VOLUME_PRIVILEGE: u32 = 28; +pub const SE_IMPERSONATE_PRIVILEGE: u32 = 29; +pub const SE_CREATE_GLOBAL_PRIVILEGE: u32 = 30; +pub const SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE: u32 = 31; +pub const SE_RELABEL_PRIVILEGE: u32 = 32; +pub const SE_INC_WORKING_SET_PRIVILEGE: u32 = 33; +pub const SE_TIME_ZONE_PRIVILEGE: u32 = 34; +pub const SE_CREATE_SYMBOLIC_LINK_PRIVILEGE: u32 = 35; +pub const SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE: u32 = 36; +pub const SE_MAX_WELL_KNOWN_PRIVILEGE: u32 = 36; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID: u32 = 0; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64: u32 = 1; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64: u32 = 2; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING: u32 = 3; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN: u32 = 4; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_SID: u32 = 5; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: u32 = 6; +pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: u32 = 16; +pub const TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE: u32 = 1; +pub const TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE: u32 = 2; +pub const TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY: u32 = 4; +pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT: u32 = 8; +pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED: u32 = 16; +pub const TOKEN_SECURITY_ATTRIBUTE_MANDATORY: u32 = 32; +pub const TOKEN_SECURITY_ATTRIBUTE_COMPARE_IGNORE: u32 = 64; +pub const TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS: u32 = 63; +pub const TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS: u32 = 4294901760; +pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1: u32 = 1; +pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION: u32 = 1; +pub const KCONTINUE_FLAG_TEST_ALERT: u32 = 1; +pub const KCONTINUE_FLAG_DELIVER_APC: u32 = 2; +pub const WOW64_SYSTEM_DIRECTORY: &[u8; 9] = b"SysWOW64\0"; +pub const WOW64_SYSTEM_DIRECTORY_U: &[u8; 9] = b"SysWOW64\0"; +pub const WOW64_X86_TAG: &[u8; 7] = b" (x86)\0"; +pub const WOW64_X86_TAG_U: &[u8; 7] = b" (x86)\0"; +pub const PAGE_SIZE_X86NT: u32 = 4096; +pub const PAGE_SHIFT_X86NT: u32 = 12; +pub const WOW64_SPLITS_PER_PAGE: u32 = 1; +pub const WOW64_CPUFLAGS_MSFT64: u32 = 1; +pub const WOW64_CPUFLAGS_SOFTWARE: u32 = 2; +pub const WOW64_CPUFLAGS_IA64: u32 = 4; +pub const SAM_MAXIMUM_LOOKUP_COUNT: u32 = 1000; +pub const SAM_MAXIMUM_LOOKUP_LENGTH: u32 = 32000; +pub const SAM_MAX_PASSWORD_LENGTH: u32 = 256; +pub const SAM_PASSWORD_ENCRYPTION_SALT_LEN: u32 = 16; +pub const SAM_SERVER_CONNECT: u32 = 1; +pub const SAM_SERVER_SHUTDOWN: u32 = 2; +pub const SAM_SERVER_INITIALIZE: u32 = 4; +pub const SAM_SERVER_CREATE_DOMAIN: u32 = 8; +pub const SAM_SERVER_ENUMERATE_DOMAINS: u32 = 16; +pub const SAM_SERVER_LOOKUP_DOMAIN: u32 = 32; +pub const SAM_SERVER_ALL_ACCESS: u32 = 983103; +pub const SAM_SERVER_READ: u32 = 131088; +pub const SAM_SERVER_WRITE: u32 = 131086; +pub const SAM_SERVER_EXECUTE: u32 = 131105; +pub const DOMAIN_READ_PASSWORD_PARAMETERS: u32 = 1; +pub const DOMAIN_WRITE_PASSWORD_PARAMS: u32 = 2; +pub const DOMAIN_READ_OTHER_PARAMETERS: u32 = 4; +pub const DOMAIN_WRITE_OTHER_PARAMETERS: u32 = 8; +pub const DOMAIN_CREATE_USER: u32 = 16; +pub const DOMAIN_CREATE_GROUP: u32 = 32; +pub const DOMAIN_CREATE_ALIAS: u32 = 64; +pub const DOMAIN_GET_ALIAS_MEMBERSHIP: u32 = 128; +pub const DOMAIN_LIST_ACCOUNTS: u32 = 256; +pub const DOMAIN_LOOKUP: u32 = 512; +pub const DOMAIN_ADMINISTER_SERVER: u32 = 1024; +pub const DOMAIN_ALL_ACCESS: u32 = 985087; +pub const DOMAIN_READ: u32 = 131204; +pub const DOMAIN_WRITE: u32 = 132218; +pub const DOMAIN_EXECUTE: u32 = 131841; +pub const DOMAIN_PASSWORD_COMPLEX: u32 = 1; +pub const DOMAIN_PASSWORD_NO_ANON_CHANGE: u32 = 2; +pub const DOMAIN_PASSWORD_NO_CLEAR_CHANGE: u32 = 4; +pub const DOMAIN_LOCKOUT_ADMINS: u32 = 8; +pub const DOMAIN_PASSWORD_STORE_CLEARTEXT: u32 = 16; +pub const DOMAIN_REFUSE_PASSWORD_CHANGE: u32 = 32; +pub const DOMAIN_NO_LM_OWF_CHANGE: u32 = 64; +pub const GROUP_READ_INFORMATION: u32 = 1; +pub const GROUP_WRITE_ACCOUNT: u32 = 2; +pub const GROUP_ADD_MEMBER: u32 = 4; +pub const GROUP_REMOVE_MEMBER: u32 = 8; +pub const GROUP_LIST_MEMBERS: u32 = 16; +pub const GROUP_ALL_ACCESS: u32 = 983071; +pub const GROUP_READ: u32 = 131088; +pub const GROUP_WRITE: u32 = 131086; +pub const GROUP_EXECUTE: u32 = 131073; +pub const ALIAS_ADD_MEMBER: u32 = 1; +pub const ALIAS_REMOVE_MEMBER: u32 = 2; +pub const ALIAS_LIST_MEMBERS: u32 = 4; +pub const ALIAS_READ_INFORMATION: u32 = 8; +pub const ALIAS_WRITE_ACCOUNT: u32 = 16; +pub const ALIAS_ALL_ACCESS: u32 = 983071; +pub const ALIAS_READ: u32 = 131076; +pub const ALIAS_WRITE: u32 = 131091; +pub const ALIAS_EXECUTE: u32 = 131080; +pub const ALIAS_ALL_NAME: u32 = 1; +pub const ALIAS_ALL_MEMBER_COUNT: u32 = 2; +pub const ALIAS_ALL_ADMIN_COMMENT: u32 = 4; +pub const ALIAS_ALL_SHELL_ADMIN_OBJECT_PROPERTIES: u32 = 8; +pub const GROUP_TYPE_BUILTIN_LOCAL_GROUP: u32 = 1; +pub const GROUP_TYPE_ACCOUNT_GROUP: u32 = 2; +pub const GROUP_TYPE_RESOURCE_GROUP: u32 = 4; +pub const GROUP_TYPE_UNIVERSAL_GROUP: u32 = 8; +pub const GROUP_TYPE_APP_BASIC_GROUP: u32 = 16; +pub const GROUP_TYPE_APP_QUERY_GROUP: u32 = 32; +pub const GROUP_TYPE_SECURITY_ENABLED: u32 = 2147483648; +pub const GROUP_TYPE_RESOURCE_BEHAVOIR: u32 = 52; +pub const USER_READ_GENERAL: u32 = 1; +pub const USER_READ_PREFERENCES: u32 = 2; +pub const USER_WRITE_PREFERENCES: u32 = 4; +pub const USER_READ_LOGON: u32 = 8; +pub const USER_READ_ACCOUNT: u32 = 16; +pub const USER_WRITE_ACCOUNT: u32 = 32; +pub const USER_CHANGE_PASSWORD: u32 = 64; +pub const USER_FORCE_PASSWORD_CHANGE: u32 = 128; +pub const USER_LIST_GROUPS: u32 = 256; +pub const USER_READ_GROUP_INFORMATION: u32 = 512; +pub const USER_WRITE_GROUP_INFORMATION: u32 = 1024; +pub const USER_ALL_ACCESS: u32 = 985087; +pub const USER_READ: u32 = 131866; +pub const USER_WRITE: u32 = 131140; +pub const USER_EXECUTE: u32 = 131137; +pub const USER_ACCOUNT_DISABLED: u32 = 1; +pub const USER_HOME_DIRECTORY_REQUIRED: u32 = 2; +pub const USER_PASSWORD_NOT_REQUIRED: u32 = 4; +pub const USER_TEMP_DUPLICATE_ACCOUNT: u32 = 8; +pub const USER_NORMAL_ACCOUNT: u32 = 16; +pub const USER_MNS_LOGON_ACCOUNT: u32 = 32; +pub const USER_INTERDOMAIN_TRUST_ACCOUNT: u32 = 64; +pub const USER_WORKSTATION_TRUST_ACCOUNT: u32 = 128; +pub const USER_SERVER_TRUST_ACCOUNT: u32 = 256; +pub const USER_DONT_EXPIRE_PASSWORD: u32 = 512; +pub const USER_ACCOUNT_AUTO_LOCKED: u32 = 1024; +pub const USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED: u32 = 2048; +pub const USER_SMARTCARD_REQUIRED: u32 = 4096; +pub const USER_TRUSTED_FOR_DELEGATION: u32 = 8192; +pub const USER_NOT_DELEGATED: u32 = 16384; +pub const USER_USE_DES_KEY_ONLY: u32 = 32768; +pub const USER_DONT_REQUIRE_PREAUTH: u32 = 65536; +pub const USER_PASSWORD_EXPIRED: u32 = 131072; +pub const USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION: u32 = 262144; +pub const USER_NO_AUTH_DATA_REQUIRED: u32 = 524288; +pub const USER_PARTIAL_SECRETS_ACCOUNT: u32 = 1048576; +pub const USER_USE_AES_KEYS: u32 = 2097152; +pub const NEXT_FREE_ACCOUNT_CONTROL_BIT: u32 = 4194304; +pub const USER_MACHINE_ACCOUNT_MASK: u32 = 448; +pub const USER_ACCOUNT_TYPE_MASK: u32 = 472; +pub const USER_COMPUTED_ACCOUNT_CONTROL_BITS: u32 = 132096; +pub const SAM_DAYS_PER_WEEK: u32 = 7; +pub const SAM_HOURS_PER_WEEK: u32 = 168; +pub const SAM_MINUTES_PER_WEEK: u32 = 10080; +pub const CYPHER_BLOCK_LENGTH: u32 = 8; +pub const USER_ALL_USERNAME: u32 = 1; +pub const USER_ALL_FULLNAME: u32 = 2; +pub const USER_ALL_USERID: u32 = 4; +pub const USER_ALL_PRIMARYGROUPID: u32 = 8; +pub const USER_ALL_ADMINCOMMENT: u32 = 16; +pub const USER_ALL_USERCOMMENT: u32 = 32; +pub const USER_ALL_HOMEDIRECTORY: u32 = 64; +pub const USER_ALL_HOMEDIRECTORYDRIVE: u32 = 128; +pub const USER_ALL_SCRIPTPATH: u32 = 256; +pub const USER_ALL_PROFILEPATH: u32 = 512; +pub const USER_ALL_WORKSTATIONS: u32 = 1024; +pub const USER_ALL_LASTLOGON: u32 = 2048; +pub const USER_ALL_LASTLOGOFF: u32 = 4096; +pub const USER_ALL_LOGONHOURS: u32 = 8192; +pub const USER_ALL_BADPASSWORDCOUNT: u32 = 16384; +pub const USER_ALL_LOGONCOUNT: u32 = 32768; +pub const USER_ALL_PASSWORDCANCHANGE: u32 = 65536; +pub const USER_ALL_PASSWORDMUSTCHANGE: u32 = 131072; +pub const USER_ALL_PASSWORDLASTSET: u32 = 262144; +pub const USER_ALL_ACCOUNTEXPIRES: u32 = 524288; +pub const USER_ALL_USERACCOUNTCONTROL: u32 = 1048576; +pub const USER_ALL_PARAMETERS: u32 = 2097152; +pub const USER_ALL_COUNTRYCODE: u32 = 4194304; +pub const USER_ALL_CODEPAGE: u32 = 8388608; +pub const USER_ALL_NTPASSWORDPRESENT: u32 = 16777216; +pub const USER_ALL_LMPASSWORDPRESENT: u32 = 33554432; +pub const USER_ALL_PRIVATEDATA: u32 = 67108864; +pub const USER_ALL_PASSWORDEXPIRED: u32 = 134217728; +pub const USER_ALL_SECURITYDESCRIPTOR: u32 = 268435456; +pub const USER_ALL_OWFPASSWORD: u32 = 536870912; +pub const USER_ALL_UNDEFINED_MASK: u32 = 3221225472; +pub const USER_ALL_READ_GENERAL_MASK: u32 = 63; +pub const USER_ALL_READ_LOGON_MASK: u32 = 262080; +pub const USER_ALL_READ_ACCOUNT_MASK: u32 = 3932160; +pub const USER_ALL_READ_PREFERENCES_MASK: u32 = 12582912; +pub const USER_ALL_READ_TRUSTED_MASK: u32 = 520093696; +pub const USER_ALL_READ_CANT_MASK: u32 = 3221225472; +pub const USER_ALL_WRITE_ACCOUNT_MASK: u32 = 3680219; +pub const USER_ALL_WRITE_PREFERENCES_MASK: u32 = 12582944; +pub const USER_ALL_WRITE_FORCE_PASSWORD_CHANGE_MASK: u32 = 184549376; +pub const USER_ALL_WRITE_TRUSTED_MASK: u32 = 335861760; +pub const USER_ALL_WRITE_CANT_MASK: u32 = 3221422084; +pub const USER_EXTENDED_FIELD_UPN: u32 = 1; +pub const USER_EXTENDED_FIELD_A2D2: u32 = 2; +pub const USER_EXTENDED_FIELD_USER_TILE: u32 = 4096; +pub const USER_EXTENDED_FIELD_PASSWORD_HINT: u32 = 8192; +pub const USER_EXTENDED_FIELD_DONT_SHOW_IN_LOGON_UI: u32 = 16384; +pub const USER_EXTENDED_FIELD_SHELL_ADMIN_OBJECT_PROPERTIES: u32 = 32768; +pub const SAM_PWD_CHANGE_NO_ERROR: u32 = 0; +pub const SAM_PWD_CHANGE_PASSWORD_TOO_SHORT: u32 = 1; +pub const SAM_PWD_CHANGE_PWD_IN_HISTORY: u32 = 2; +pub const SAM_PWD_CHANGE_USERNAME_IN_PASSWORD: u32 = 3; +pub const SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD: u32 = 4; +pub const SAM_PWD_CHANGE_NOT_COMPLEX: u32 = 5; +pub const SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT: u32 = 6; +pub const SAM_PWD_CHANGE_FAILED_BY_FILTER: u32 = 7; +pub const SAM_PWD_CHANGE_PASSWORD_TOO_LONG: u32 = 8; +pub const SAM_PWD_CHANGE_FAILURE_REASON_MAX: u32 = 8; +pub const SAM_USER_ACCOUNT: u32 = 1; +pub const SAM_GLOBAL_GROUP_ACCOUNT: u32 = 2; +pub const SAM_LOCAL_GROUP_ACCOUNT: u32 = 4; +pub const SAM_DELTA_NOTIFY_ROUTINE: &[u8; 12] = b"DeltaNotify\0"; +pub const SAM_SID_COMPATIBILITY_ALL: u32 = 0; +pub const SAM_SID_COMPATIBILITY_LAX: u32 = 1; +pub const SAM_SID_COMPATIBILITY_STRICT: u32 = 2; +pub const SAM_VALIDATE_PASSWORD_LAST_SET: u32 = 1; +pub const SAM_VALIDATE_BAD_PASSWORD_TIME: u32 = 2; +pub const SAM_VALIDATE_LOCKOUT_TIME: u32 = 4; +pub const SAM_VALIDATE_BAD_PASSWORD_COUNT: u32 = 8; +pub const SAM_VALIDATE_PASSWORD_HISTORY_LENGTH: u32 = 16; +pub const SAM_VALIDATE_PASSWORD_HISTORY: u32 = 32; +pub const FLT_PORT_CONNECT: u32 = 1; +pub const FLT_PORT_ALL_ACCESS: u32 = 2031617; +pub const MIN_ETW_BUFFER_SIZE: u32 = 1; +pub const MAX_ETW_BUFFER_SIZE: u32 = 16384; +pub const MAX_ETW_BUFFER_SIZE_WIN7: u32 = 1024; +pub const MAX_ETW_EVENT_SIZE: u32 = 65535; +pub const ETW_KERNEL_RUNDOWN_START: u32 = 1; +pub const ETW_KERNEL_RUNDOWN_STOP: u32 = 2; +pub const ETW_CKCL_RUNDOWN_START: u32 = 4; +pub const ETW_CKCL_RUNDOWN_STOP: u32 = 8; +pub const ETW_FILENAME_RUNDOWN: u32 = 16; +pub const ETW_UMGL_INDEX_HEAP: u32 = 0; +pub const ETW_UMGL_INDEX_CRITSEC: u32 = 1; +pub const ETW_UMGL_INDEX_LDR: u32 = 2; +pub const ETW_UMGL_INDEX_THREAD_POOL: u32 = 3; +pub const ETW_UMGL_INDEX_HEAPRANGE: u32 = 4; +pub const ETW_UMGL_INDEX_HEAPSUMMARY: u32 = 5; +pub const ETW_UMGL_INDEX_UMS: u32 = 6; +pub const ETW_UMGL_INDEX_WNF: u32 = 7; +pub const ETW_UMGL_INDEX_THREAD: u32 = 8; +pub const ETW_UMGL_INDEX_SPARE2: u32 = 9; +pub const ETW_UMGL_INDEX_SPARE3: u32 = 10; +pub const ETW_UMGL_INDEX_SPARE4: u32 = 11; +pub const ETW_UMGL_INDEX_SPARE5: u32 = 12; +pub const ETW_UMGL_INDEX_SPARE6: u32 = 13; +pub const ETW_UMGL_INDEX_SPARE7: u32 = 14; +pub const ETW_UMGL_INDEX_SPARE8: u32 = 15; +pub const ETW_UMGL_MAX_PROVIDERS: u32 = 9; +pub const ETW_UMGL_LDR_MUI_VERBOSE_FLAG: u32 = 1; +pub const ETW_UMGL_LDR_MUI_TEST_FLAG: u32 = 2; +pub const ETW_UMGL_LDR_RELOCATION_FLAG: u32 = 4; +pub const ETW_UMGL_LDR_NEW_DLL_FLAG: u32 = 16; +pub const ETW_UMGL_LDR_TEST_FLAG: u32 = 32; +pub const ETW_UMGL_LDR_SECURITY_FLAG: u32 = 64; +pub const MEMORY_FROM_LOOKASIDE: u32 = 1; +pub const MEMORY_FROM_LOWFRAG: u32 = 2; +pub const MEMORY_FROM_MAINPATH: u32 = 3; +pub const MEMORY_FROM_SLOWPATH: u32 = 4; +pub const MEMORY_FROM_INVALID: u32 = 5; +pub const MEMORY_FROM_SEGMENT_HEAP: u32 = 6; +pub const TRACE_HEADER_TYPE_SYSTEM32: u32 = 1; +pub const TRACE_HEADER_TYPE_SYSTEM64: u32 = 2; +pub const TRACE_HEADER_TYPE_COMPACT32: u32 = 3; +pub const TRACE_HEADER_TYPE_COMPACT64: u32 = 4; +pub const TRACE_HEADER_TYPE_FULL_HEADER32: u32 = 10; +pub const TRACE_HEADER_TYPE_INSTANCE32: u32 = 11; +pub const TRACE_HEADER_TYPE_TIMED: u32 = 12; +pub const TRACE_HEADER_TYPE_ERROR: u32 = 13; +pub const TRACE_HEADER_TYPE_WNODE_HEADER: u32 = 14; +pub const TRACE_HEADER_TYPE_MESSAGE: u32 = 15; +pub const TRACE_HEADER_TYPE_PERFINFO32: u32 = 16; +pub const TRACE_HEADER_TYPE_PERFINFO64: u32 = 17; +pub const TRACE_HEADER_TYPE_EVENT_HEADER32: u32 = 18; +pub const TRACE_HEADER_TYPE_EVENT_HEADER64: u32 = 19; +pub const TRACE_HEADER_TYPE_FULL_HEADER64: u32 = 20; +pub const TRACE_HEADER_TYPE_INSTANCE64: u32 = 21; +pub const EVENT_HEADER_SIZE_MASK: u32 = 65535; +pub const SYSTEM_TRACE_VERSION: u32 = 2; +pub const TRACE_HEADER_FLAG: u32 = 2147483648; +pub const TRACE_HEADER_FULL32: u32 = 3221880832; +pub const TRACE_HEADER_FULL64: u32 = 3222536192; +pub const TRACE_HEADER_INSTANCE32: u32 = 3221946368; +pub const TRACE_HEADER_INSTANCE64: u32 = 3222601728; +pub const TRACE_HEADER_FULL: u32 = 3222536192; +pub const TRACE_HEADER_INSTANCE: u32 = 3222601728; +pub const EVENT_TRACE_USE_RAWTIMESTAMP: u32 = 2; +pub const EVENT_TRACE_GET_RAWEVENT: u32 = 256; +pub const EVENT_TRACE_READ_BEHIND: u32 = 512; +pub const EVENT_TRACE_USE_SEQUENCE: u32 = 4; +pub const ETW_KERNEL_EVENT_VERSION: u32 = 60; +pub const ETW_SET_MARK_WITH_FLUSH: u32 = 1; +pub const ETW_MAX_DATA_BLOCK_BUFFER_SIZE: u32 = 65536; +pub type va_list = *mut cty::c_char; +pub type wchar_t = cty::c_ushort; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _EXCEPTION_DISPOSITION { + ExceptionContinueExecution = 0, + ExceptionContinueSearch = 1, + ExceptionNestedException = 2, + ExceptionCollidedUnwind = 3, +} +pub use self::_EXCEPTION_DISPOSITION as EXCEPTION_DISPOSITION; +pub type ULONG = cty::c_ulong; +pub type PULONG = *mut ULONG; +pub type USHORT = cty::c_ushort; +pub type PUSHORT = *mut USHORT; +pub type UCHAR = cty::c_uchar; +pub type PUCHAR = *mut UCHAR; +pub type DWORD = cty::c_ulong; +pub type BYTE = cty::c_uchar; +pub type WORD = cty::c_ushort; +pub type PBOOL = *mut BOOL; +pub type PDWORD = *mut DWORD; +pub type LPVOID = *mut cty::c_void; +pub type ULONG32 = cty::c_uint; +pub type LONG_PTR = cty::c_longlong; +pub type ULONG_PTR = cty::c_ulonglong; +pub type PULONG_PTR = *mut cty::c_ulonglong; +pub type SIZE_T = ULONG_PTR; +pub type PSIZE_T = *mut ULONG_PTR; +pub type PLONG64 = *mut cty::c_longlong; +pub type ULONG64 = cty::c_ulonglong; +pub type PULONG64 = *mut cty::c_ulonglong; +pub type DWORD64 = cty::c_ulonglong; +pub type PDWORD64 = *mut cty::c_ulonglong; +pub type KAFFINITY = ULONG_PTR; +pub type PVOID = *mut cty::c_void; +pub type CHAR = cty::c_char; +pub type LONG = cty::c_long; +pub type WCHAR = wchar_t; +pub type PWCHAR = *mut WCHAR; +pub type PWCH = *mut WCHAR; +pub type PCWCH = *const WCHAR; +pub type PWSTR = *mut WCHAR; +pub type LPCWSTR = *const WCHAR; +pub type PCWSTR = *const WCHAR; +pub type PZZWSTR = *mut WCHAR; +pub type PCZZWSTR = *const WCHAR; +pub type PCWCHAR = *const WCHAR; +pub type PCHAR = *mut CHAR; +pub type PCH = *mut CHAR; +pub type PCCH = *const CHAR; +pub type LPSTR = *mut CHAR; +pub type PSTR = *mut CHAR; +pub type PCSTR = *const CHAR; +pub type PLONG = *mut LONG; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESSOR_NUMBER { + pub Group: WORD, + pub Number: BYTE, + pub Reserved: BYTE, +} +pub type PROCESSOR_NUMBER = _PROCESSOR_NUMBER; +pub type PPROCESSOR_NUMBER = *mut _PROCESSOR_NUMBER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _GROUP_AFFINITY { + pub Mask: KAFFINITY, + pub Group: WORD, + pub Reserved: [WORD; 3usize], +} +pub type GROUP_AFFINITY = _GROUP_AFFINITY; +pub type PGROUP_AFFINITY = *mut _GROUP_AFFINITY; +pub type HANDLE = *mut cty::c_void; +pub type PHANDLE = *mut HANDLE; +pub type CCHAR = cty::c_char; +pub type LCID = DWORD; +pub type PLCID = PDWORD; +pub type LANGID = WORD; +pub type LONGLONG = cty::c_longlong; +pub type ULONGLONG = cty::c_ulonglong; +pub type PULONGLONG = *mut ULONGLONG; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _LARGE_INTEGER { + pub __bindgen_anon_1: _LARGE_INTEGER__bindgen_ty_1, + pub u: _LARGE_INTEGER__bindgen_ty_2, + pub QuadPart: LONGLONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _LARGE_INTEGER__bindgen_ty_1 { + pub LowPart: DWORD, + pub HighPart: LONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _LARGE_INTEGER__bindgen_ty_2 { + pub LowPart: DWORD, + pub HighPart: LONG, +} +impl Default for _LARGE_INTEGER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LARGE_INTEGER = _LARGE_INTEGER; +pub type PLARGE_INTEGER = *mut LARGE_INTEGER; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _ULARGE_INTEGER { + pub __bindgen_anon_1: _ULARGE_INTEGER__bindgen_ty_1, + pub u: _ULARGE_INTEGER__bindgen_ty_2, + pub QuadPart: ULONGLONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ULARGE_INTEGER__bindgen_ty_1 { + pub LowPart: DWORD, + pub HighPart: DWORD, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ULARGE_INTEGER__bindgen_ty_2 { + pub LowPart: DWORD, + pub HighPart: DWORD, +} +impl Default for _ULARGE_INTEGER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ULARGE_INTEGER = _ULARGE_INTEGER; +pub type PULARGE_INTEGER = *mut ULARGE_INTEGER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _LUID { + pub LowPart: DWORD, + pub HighPart: LONG, +} +pub type LUID = _LUID; +pub type PLUID = *mut _LUID; +pub type PBOOLEAN = *mut BOOLEAN; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LIST_ENTRY { + pub Flink: *mut _LIST_ENTRY, + pub Blink: *mut _LIST_ENTRY, +} +impl Default for _LIST_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LIST_ENTRY = _LIST_ENTRY; +pub type PLIST_ENTRY = *mut _LIST_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SINGLE_LIST_ENTRY { + pub Next: *mut _SINGLE_LIST_ENTRY, +} +impl Default for _SINGLE_LIST_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SINGLE_LIST_ENTRY = _SINGLE_LIST_ENTRY; +pub type PSINGLE_LIST_ENTRY = *mut _SINGLE_LIST_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct LIST_ENTRY32 { + pub Flink: DWORD, + pub Blink: DWORD, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _GUID { + pub Data1: cty::c_ulong, + pub Data2: cty::c_ushort, + pub Data3: cty::c_ushort, + pub Data4: [cty::c_uchar; 8usize], +} +pub type GUID = _GUID; +pub type LPGUID = *mut GUID; +pub type LPCGUID = *const GUID; +pub type PEXCEPTION_ROUTINE = ::core::option::Option< + unsafe extern "C" fn( + arg1: *mut _EXCEPTION_RECORD, + arg2: PVOID, + arg3: *mut _CONTEXT, + arg4: PVOID, + ) -> EXCEPTION_DISPOSITION, +>; +pub type __C_ASSERT__ = [cty::c_char; 1usize]; +#[repr(C)] +#[repr(align(16))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _M128A { + pub Low: ULONGLONG, + pub High: LONGLONG, +} +pub type M128A = _M128A; +#[repr(C)] +#[repr(align(16))] +#[derive(Debug, Copy, Clone)] +pub struct _XSAVE_FORMAT { + pub ControlWord: WORD, + pub StatusWord: WORD, + pub TagWord: BYTE, + pub Reserved1: BYTE, + pub ErrorOpcode: WORD, + pub ErrorOffset: DWORD, + pub ErrorSelector: WORD, + pub Reserved2: WORD, + pub DataOffset: DWORD, + pub DataSelector: WORD, + pub Reserved3: WORD, + pub MxCsr: DWORD, + pub MxCsr_Mask: DWORD, + pub FloatRegisters: [M128A; 8usize], + pub XmmRegisters: [M128A; 16usize], + pub Reserved4: [BYTE; 96usize], +} +impl Default for _XSAVE_FORMAT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type XSAVE_FORMAT = _XSAVE_FORMAT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _XSAVE_AREA_HEADER { + pub Mask: DWORD64, + pub CompactionMask: DWORD64, + pub Reserved2: [DWORD64; 6usize], +} +pub type PXSAVE_AREA_HEADER = *mut _XSAVE_AREA_HEADER; +pub type XMM_SAVE_AREA32 = XSAVE_FORMAT; +#[repr(C)] +#[repr(align(16))] +#[derive(Copy, Clone)] +pub struct _CONTEXT { + pub P1Home: DWORD64, + pub P2Home: DWORD64, + pub P3Home: DWORD64, + pub P4Home: DWORD64, + pub P5Home: DWORD64, + pub P6Home: DWORD64, + pub ContextFlags: DWORD, + pub MxCsr: DWORD, + pub SegCs: WORD, + pub SegDs: WORD, + pub SegEs: WORD, + pub SegFs: WORD, + pub SegGs: WORD, + pub SegSs: WORD, + pub EFlags: DWORD, + pub Dr0: DWORD64, + pub Dr1: DWORD64, + pub Dr2: DWORD64, + pub Dr3: DWORD64, + pub Dr6: DWORD64, + pub Dr7: DWORD64, + pub Rax: DWORD64, + pub Rcx: DWORD64, + pub Rdx: DWORD64, + pub Rbx: DWORD64, + pub Rsp: DWORD64, + pub Rbp: DWORD64, + pub Rsi: DWORD64, + pub Rdi: DWORD64, + pub R8: DWORD64, + pub R9: DWORD64, + pub R10: DWORD64, + pub R11: DWORD64, + pub R12: DWORD64, + pub R13: DWORD64, + pub R14: DWORD64, + pub R15: DWORD64, + pub Rip: DWORD64, + pub __bindgen_anon_1: _CONTEXT__bindgen_ty_1, + pub VectorRegister: [M128A; 26usize], + pub VectorControl: DWORD64, + pub DebugControl: DWORD64, + pub LastBranchToRip: DWORD64, + pub LastBranchFromRip: DWORD64, + pub LastExceptionToRip: DWORD64, + pub LastExceptionFromRip: DWORD64, +} +#[repr(C)] +#[repr(align(16))] +#[derive(Copy, Clone)] +pub union _CONTEXT__bindgen_ty_1 { + pub FltSave: XMM_SAVE_AREA32, + pub __bindgen_anon_1: _CONTEXT__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(16))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CONTEXT__bindgen_ty_1__bindgen_ty_1 { + pub Header: [M128A; 2usize], + pub Legacy: [M128A; 8usize], + pub Xmm0: M128A, + pub Xmm1: M128A, + pub Xmm2: M128A, + pub Xmm3: M128A, + pub Xmm4: M128A, + pub Xmm5: M128A, + pub Xmm6: M128A, + pub Xmm7: M128A, + pub Xmm8: M128A, + pub Xmm9: M128A, + pub Xmm10: M128A, + pub Xmm11: M128A, + pub Xmm12: M128A, + pub Xmm13: M128A, + pub Xmm14: M128A, + pub Xmm15: M128A, +} +impl Default for _CONTEXT__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _CONTEXT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CONTEXT = _CONTEXT; +pub type PCONTEXT = *mut _CONTEXT; +pub type PRUNTIME_FUNCTION = *mut _IMAGE_RUNTIME_FUNCTION_ENTRY; +pub type GET_RUNTIME_FUNCTION_CALLBACK = ::core::option::Option< + unsafe extern "C" fn(ControlPc: DWORD64, Context: PVOID) -> PRUNTIME_FUNCTION, +>; +pub type PGET_RUNTIME_FUNCTION_CALLBACK = GET_RUNTIME_FUNCTION_CALLBACK; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _LDT_ENTRY { + pub LimitLow: WORD, + pub BaseLow: WORD, + pub HighWord: _LDT_ENTRY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _LDT_ENTRY__bindgen_ty_1 { + pub Bytes: _LDT_ENTRY__bindgen_ty_1__bindgen_ty_1, + pub Bits: _LDT_ENTRY__bindgen_ty_1__bindgen_ty_2, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _LDT_ENTRY__bindgen_ty_1__bindgen_ty_1 { + pub BaseMid: BYTE, + pub Flags1: BYTE, + pub Flags2: BYTE, + pub BaseHi: BYTE, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _LDT_ENTRY__bindgen_ty_1__bindgen_ty_2 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _LDT_ENTRY__bindgen_ty_1__bindgen_ty_2 { + #[inline] + pub fn BaseMid(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_BaseMid(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Type(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 5u8) as u32) } + } + #[inline] + pub fn set_Type(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 5u8, val as u64) + } + } + #[inline] + pub fn Dpl(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(13usize, 2u8) as u32) } + } + #[inline] + pub fn set_Dpl(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(13usize, 2u8, val as u64) + } + } + #[inline] + pub fn Pres(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(15usize, 1u8) as u32) } + } + #[inline] + pub fn set_Pres(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(15usize, 1u8, val as u64) + } + } + #[inline] + pub fn LimitHi(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 4u8) as u32) } + } + #[inline] + pub fn set_LimitHi(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 4u8, val as u64) + } + } + #[inline] + pub fn Sys(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(20usize, 1u8) as u32) } + } + #[inline] + pub fn set_Sys(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(20usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved_0(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(21usize, 1u8) as u32) } + } + #[inline] + pub fn set_Reserved_0(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(21usize, 1u8, val as u64) + } + } + #[inline] + pub fn Default_Big(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(22usize, 1u8) as u32) } + } + #[inline] + pub fn set_Default_Big(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(22usize, 1u8, val as u64) + } + } + #[inline] + pub fn Granularity(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(23usize, 1u8) as u32) } + } + #[inline] + pub fn set_Granularity(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(23usize, 1u8, val as u64) + } + } + #[inline] + pub fn BaseHi(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(24usize, 8u8) as u32) } + } + #[inline] + pub fn set_BaseHi(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(24usize, 8u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + BaseMid: DWORD, + Type: DWORD, + Dpl: DWORD, + Pres: DWORD, + LimitHi: DWORD, + Sys: DWORD, + Reserved_0: DWORD, + Default_Big: DWORD, + Granularity: DWORD, + BaseHi: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let BaseMid: u32 = unsafe { ::core::mem::transmute(BaseMid) }; + BaseMid as u64 + }); + __bindgen_bitfield_unit.set(8usize, 5u8, { + let Type: u32 = unsafe { ::core::mem::transmute(Type) }; + Type as u64 + }); + __bindgen_bitfield_unit.set(13usize, 2u8, { + let Dpl: u32 = unsafe { ::core::mem::transmute(Dpl) }; + Dpl as u64 + }); + __bindgen_bitfield_unit.set(15usize, 1u8, { + let Pres: u32 = unsafe { ::core::mem::transmute(Pres) }; + Pres as u64 + }); + __bindgen_bitfield_unit.set(16usize, 4u8, { + let LimitHi: u32 = unsafe { ::core::mem::transmute(LimitHi) }; + LimitHi as u64 + }); + __bindgen_bitfield_unit.set(20usize, 1u8, { + let Sys: u32 = unsafe { ::core::mem::transmute(Sys) }; + Sys as u64 + }); + __bindgen_bitfield_unit.set(21usize, 1u8, { + let Reserved_0: u32 = unsafe { ::core::mem::transmute(Reserved_0) }; + Reserved_0 as u64 + }); + __bindgen_bitfield_unit.set(22usize, 1u8, { + let Default_Big: u32 = unsafe { ::core::mem::transmute(Default_Big) }; + Default_Big as u64 + }); + __bindgen_bitfield_unit.set(23usize, 1u8, { + let Granularity: u32 = unsafe { ::core::mem::transmute(Granularity) }; + Granularity as u64 + }); + __bindgen_bitfield_unit.set(24usize, 8u8, { + let BaseHi: u32 = unsafe { ::core::mem::transmute(BaseHi) }; + BaseHi as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _LDT_ENTRY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _LDT_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDT_ENTRY = _LDT_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _WOW64_FLOATING_SAVE_AREA { + pub ControlWord: DWORD, + pub StatusWord: DWORD, + pub TagWord: DWORD, + pub ErrorOffset: DWORD, + pub ErrorSelector: DWORD, + pub DataOffset: DWORD, + pub DataSelector: DWORD, + pub RegisterArea: [BYTE; 80usize], + pub Cr0NpxState: DWORD, +} +impl Default for _WOW64_FLOATING_SAVE_AREA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type WOW64_FLOATING_SAVE_AREA = _WOW64_FLOATING_SAVE_AREA; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _WOW64_CONTEXT { + pub ContextFlags: DWORD, + pub Dr0: DWORD, + pub Dr1: DWORD, + pub Dr2: DWORD, + pub Dr3: DWORD, + pub Dr6: DWORD, + pub Dr7: DWORD, + pub FloatSave: WOW64_FLOATING_SAVE_AREA, + pub SegGs: DWORD, + pub SegFs: DWORD, + pub SegEs: DWORD, + pub SegDs: DWORD, + pub Edi: DWORD, + pub Esi: DWORD, + pub Ebx: DWORD, + pub Edx: DWORD, + pub Ecx: DWORD, + pub Eax: DWORD, + pub Ebp: DWORD, + pub Eip: DWORD, + pub SegCs: DWORD, + pub EFlags: DWORD, + pub Esp: DWORD, + pub SegSs: DWORD, + pub ExtendedRegisters: [BYTE; 512usize], +} +impl Default for _WOW64_CONTEXT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type WOW64_CONTEXT = _WOW64_CONTEXT; +pub type PWOW64_CONTEXT = *mut WOW64_CONTEXT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EXCEPTION_RECORD { + pub ExceptionCode: DWORD, + pub ExceptionFlags: DWORD, + pub ExceptionRecord: *mut _EXCEPTION_RECORD, + pub ExceptionAddress: PVOID, + pub NumberParameters: DWORD, + pub ExceptionInformation: [ULONG_PTR; 15usize], +} +impl Default for _EXCEPTION_RECORD { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EXCEPTION_RECORD = _EXCEPTION_RECORD; +pub type PEXCEPTION_RECORD = *mut EXCEPTION_RECORD; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EXCEPTION_POINTERS { + pub ExceptionRecord: PEXCEPTION_RECORD, + pub ContextRecord: PCONTEXT, +} +impl Default for _EXCEPTION_POINTERS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PEXCEPTION_POINTERS = *mut _EXCEPTION_POINTERS; +pub type PSECURITY_DESCRIPTOR = PVOID; +pub type PSID = PVOID; +pub type ACCESS_MASK = DWORD; +pub type PACCESS_MASK = *mut ACCESS_MASK; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _GENERIC_MAPPING { + pub GenericRead: ACCESS_MASK, + pub GenericWrite: ACCESS_MASK, + pub GenericExecute: ACCESS_MASK, + pub GenericAll: ACCESS_MASK, +} +pub type GENERIC_MAPPING = _GENERIC_MAPPING; +pub type PGENERIC_MAPPING = *mut GENERIC_MAPPING; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _LUID_AND_ATTRIBUTES { + pub Luid: LUID, + pub Attributes: DWORD, +} +pub type LUID_AND_ATTRIBUTES = _LUID_AND_ATTRIBUTES; +pub type PLUID_AND_ATTRIBUTES = *mut _LUID_AND_ATTRIBUTES; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SID_IDENTIFIER_AUTHORITY { + pub Value: [BYTE; 6usize], +} +pub type SID_IDENTIFIER_AUTHORITY = _SID_IDENTIFIER_AUTHORITY; +pub type PSID_IDENTIFIER_AUTHORITY = *mut _SID_IDENTIFIER_AUTHORITY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SID { + pub Revision: BYTE, + pub SubAuthorityCount: BYTE, + pub IdentifierAuthority: SID_IDENTIFIER_AUTHORITY, + pub SubAuthority: [DWORD; 1usize], +} +pub type SID = _SID; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SID_NAME_USE { + SidTypeUser = 1, + SidTypeGroup = 2, + SidTypeDomain = 3, + SidTypeAlias = 4, + SidTypeWellKnownGroup = 5, + SidTypeDeletedAccount = 6, + SidTypeInvalid = 7, + SidTypeUnknown = 8, + SidTypeComputer = 9, + SidTypeLabel = 10, + SidTypeLogonSession = 11, +} +pub use self::_SID_NAME_USE as SID_NAME_USE; +pub type PSID_NAME_USE = *mut _SID_NAME_USE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SID_AND_ATTRIBUTES { + pub Sid: PSID, + pub Attributes: DWORD, +} +impl Default for _SID_AND_ATTRIBUTES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SID_AND_ATTRIBUTES = _SID_AND_ATTRIBUTES; +pub type PSID_AND_ATTRIBUTES = *mut _SID_AND_ATTRIBUTES; +pub type SID_HASH_ENTRY = ULONG_PTR; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SID_AND_ATTRIBUTES_HASH { + pub SidCount: DWORD, + pub SidAttr: PSID_AND_ATTRIBUTES, + pub Hash: [SID_HASH_ENTRY; 32usize], +} +impl Default for _SID_AND_ATTRIBUTES_HASH { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PSID_AND_ATTRIBUTES_HASH = *mut _SID_AND_ATTRIBUTES_HASH; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACL { + pub AclRevision: BYTE, + pub Sbz1: BYTE, + pub AclSize: WORD, + pub AceCount: WORD, + pub Sbz2: WORD, +} +pub type ACL = _ACL; +pub type PACL = *mut ACL; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACE_HEADER { + pub AceType: BYTE, + pub AceFlags: BYTE, + pub AceSize: WORD, +} +pub type ACE_HEADER = _ACE_HEADER; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _ACL_INFORMATION_CLASS { + AclRevisionInformation = 1, + AclSizeInformation = 2, +} +pub use self::_ACL_INFORMATION_CLASS as ACL_INFORMATION_CLASS; +pub type SECURITY_DESCRIPTOR_CONTROL = WORD; +pub type PSECURITY_DESCRIPTOR_CONTROL = *mut WORD; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _OBJECT_TYPE_LIST { + pub Level: WORD, + pub Sbz: WORD, + pub ObjectType: *mut GUID, +} +impl Default for _OBJECT_TYPE_LIST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POBJECT_TYPE_LIST = *mut _OBJECT_TYPE_LIST; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _AUDIT_EVENT_TYPE { + AuditEventObjectAccess = 0, + AuditEventDirectoryServiceAccess = 1, +} +pub use self::_AUDIT_EVENT_TYPE as AUDIT_EVENT_TYPE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PRIVILEGE_SET { + pub PrivilegeCount: DWORD, + pub Control: DWORD, + pub Privilege: [LUID_AND_ATTRIBUTES; 1usize], +} +pub type PPRIVILEGE_SET = *mut _PRIVILEGE_SET; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SECURITY_IMPERSONATION_LEVEL { + SecurityAnonymous = 0, + SecurityIdentification = 1, + SecurityImpersonation = 2, + SecurityDelegation = 3, +} +pub use self::_SECURITY_IMPERSONATION_LEVEL as SECURITY_IMPERSONATION_LEVEL; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _TOKEN_TYPE { + TokenPrimary = 1, + TokenImpersonation = 2, +} +pub use self::_TOKEN_TYPE as TOKEN_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _TOKEN_INFORMATION_CLASS { + TokenUser = 1, + TokenGroups = 2, + TokenPrivileges = 3, + TokenOwner = 4, + TokenPrimaryGroup = 5, + TokenDefaultDacl = 6, + TokenSource = 7, + TokenType = 8, + TokenImpersonationLevel = 9, + TokenStatistics = 10, + TokenRestrictedSids = 11, + TokenSessionId = 12, + TokenGroupsAndPrivileges = 13, + TokenSessionReference = 14, + TokenSandBoxInert = 15, + TokenAuditPolicy = 16, + TokenOrigin = 17, + TokenElevationType = 18, + TokenLinkedToken = 19, + TokenElevation = 20, + TokenHasRestrictions = 21, + TokenAccessInformation = 22, + TokenVirtualizationAllowed = 23, + TokenVirtualizationEnabled = 24, + TokenIntegrityLevel = 25, + TokenUIAccess = 26, + TokenMandatoryPolicy = 27, + TokenLogonSid = 28, + TokenIsAppContainer = 29, + TokenCapabilities = 30, + TokenAppContainerSid = 31, + TokenAppContainerNumber = 32, + TokenUserClaimAttributes = 33, + TokenDeviceClaimAttributes = 34, + TokenRestrictedUserClaimAttributes = 35, + TokenRestrictedDeviceClaimAttributes = 36, + TokenDeviceGroups = 37, + TokenRestrictedDeviceGroups = 38, + TokenSecurityAttributes = 39, + TokenIsRestricted = 40, + TokenProcessTrustLevel = 41, + TokenPrivateNameSpace = 42, + TokenSingletonAttributes = 43, + TokenBnoIsolation = 44, + TokenChildProcessFlags = 45, + TokenIsLessPrivilegedAppContainer = 46, + TokenIsSandboxed = 47, + TokenIsAppSilo = 48, + MaxTokenInfoClass = 49, +} +pub use self::_TOKEN_INFORMATION_CLASS as TOKEN_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TOKEN_USER { + pub User: SID_AND_ATTRIBUTES, +} +impl Default for _TOKEN_USER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PTOKEN_USER = *mut _TOKEN_USER; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TOKEN_GROUPS { + pub GroupCount: DWORD, + pub Groups: [SID_AND_ATTRIBUTES; 1usize], +} +impl Default for _TOKEN_GROUPS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PTOKEN_GROUPS = *mut _TOKEN_GROUPS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TOKEN_PRIVILEGES { + pub PrivilegeCount: DWORD, + pub Privileges: [LUID_AND_ATTRIBUTES; 1usize], +} +pub type PTOKEN_PRIVILEGES = *mut _TOKEN_PRIVILEGES; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TOKEN_OWNER { + pub Owner: PSID, +} +impl Default for _TOKEN_OWNER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PTOKEN_OWNER = *mut _TOKEN_OWNER; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TOKEN_PRIMARY_GROUP { + pub PrimaryGroup: PSID, +} +impl Default for _TOKEN_PRIMARY_GROUP { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PTOKEN_PRIMARY_GROUP = *mut _TOKEN_PRIMARY_GROUP; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TOKEN_DEFAULT_DACL { + pub DefaultDacl: PACL, +} +impl Default for _TOKEN_DEFAULT_DACL { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PTOKEN_DEFAULT_DACL = *mut _TOKEN_DEFAULT_DACL; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TOKEN_MANDATORY_POLICY { + pub Policy: DWORD, +} +pub type PTOKEN_MANDATORY_POLICY = *mut _TOKEN_MANDATORY_POLICY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TOKEN_SOURCE { + pub SourceName: [CHAR; 8usize], + pub SourceIdentifier: LUID, +} +pub type PTOKEN_SOURCE = *mut _TOKEN_SOURCE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE { + pub Version: DWORD64, + pub Name: PWSTR, +} +impl Default for _CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PCLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE = *mut _CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { + pub pValue: PVOID, + pub ValueLength: DWORD, +} +impl Default for _CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PCLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE = + *mut _CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _CLAIM_SECURITY_ATTRIBUTE_V1 { + pub Name: PWSTR, + pub ValueType: WORD, + pub Reserved: WORD, + pub Flags: DWORD, + pub ValueCount: DWORD, + pub Values: _CLAIM_SECURITY_ATTRIBUTE_V1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _CLAIM_SECURITY_ATTRIBUTE_V1__bindgen_ty_1 { + pub pInt64: PLONG64, + pub pUint64: PDWORD64, + pub ppString: *mut PWSTR, + pub pFqbn: PCLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE, + pub pOctetString: PCLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, +} +impl Default for _CLAIM_SECURITY_ATTRIBUTE_V1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _CLAIM_SECURITY_ATTRIBUTE_V1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PCLAIM_SECURITY_ATTRIBUTE_V1 = *mut _CLAIM_SECURITY_ATTRIBUTE_V1; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _CLAIM_SECURITY_ATTRIBUTES_INFORMATION { + pub Version: WORD, + pub Reserved: WORD, + pub AttributeCount: DWORD, + pub Attribute: _CLAIM_SECURITY_ATTRIBUTES_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _CLAIM_SECURITY_ATTRIBUTES_INFORMATION__bindgen_ty_1 { + pub pAttributeV1: PCLAIM_SECURITY_ATTRIBUTE_V1, +} +impl Default for _CLAIM_SECURITY_ATTRIBUTES_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _CLAIM_SECURITY_ATTRIBUTES_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PCLAIM_SECURITY_ATTRIBUTES_INFORMATION = *mut _CLAIM_SECURITY_ATTRIBUTES_INFORMATION; +pub type SECURITY_CONTEXT_TRACKING_MODE = BOOLEAN; +#[repr(C)] +pub struct _SECURITY_QUALITY_OF_SERVICE { + pub Length: DWORD, + pub ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL, + pub ContextTrackingMode: SECURITY_CONTEXT_TRACKING_MODE, + pub EffectiveOnly: BOOLEAN, +} +impl Default for _SECURITY_QUALITY_OF_SERVICE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SECURITY_QUALITY_OF_SERVICE = _SECURITY_QUALITY_OF_SERVICE; +pub type PSECURITY_QUALITY_OF_SERVICE = *mut _SECURITY_QUALITY_OF_SERVICE; +pub type SECURITY_INFORMATION = DWORD; +pub type SE_SIGNING_LEVEL = BYTE; +pub type PSE_SIGNING_LEVEL = *mut BYTE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _JOB_SET_ARRAY { + pub JobHandle: HANDLE, + pub MemberLevel: DWORD, + pub Flags: DWORD, +} +impl Default for _JOB_SET_ARRAY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PJOB_SET_ARRAY = *mut _JOB_SET_ARRAY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EXCEPTION_REGISTRATION_RECORD { + pub Next: *mut _EXCEPTION_REGISTRATION_RECORD, + pub Handler: PEXCEPTION_ROUTINE, +} +impl Default for _EXCEPTION_REGISTRATION_RECORD { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _NT_TIB { + pub ExceptionList: *mut _EXCEPTION_REGISTRATION_RECORD, + pub StackBase: PVOID, + pub StackLimit: PVOID, + pub SubSystemTib: PVOID, + pub __bindgen_anon_1: _NT_TIB__bindgen_ty_1, + pub ArbitraryUserPointer: PVOID, + pub Self_: *mut _NT_TIB, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _NT_TIB__bindgen_ty_1 { + pub FiberData: PVOID, + pub Version: DWORD, +} +impl Default for _NT_TIB__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _NT_TIB { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type NT_TIB = _NT_TIB; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _NT_TIB32 { + pub ExceptionList: DWORD, + pub StackBase: DWORD, + pub StackLimit: DWORD, + pub SubSystemTib: DWORD, + pub __bindgen_anon_1: _NT_TIB32__bindgen_ty_1, + pub ArbitraryUserPointer: DWORD, + pub Self_: DWORD, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _NT_TIB32__bindgen_ty_1 { + pub FiberData: DWORD, + pub Version: DWORD, +} +impl Default for _NT_TIB32__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _NT_TIB32 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type NT_TIB32 = _NT_TIB32; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IO_COUNTERS { + pub ReadOperationCount: ULONGLONG, + pub WriteOperationCount: ULONGLONG, + pub OtherOperationCount: ULONGLONG, + pub ReadTransferCount: ULONGLONG, + pub WriteTransferCount: ULONGLONG, + pub OtherTransferCount: ULONGLONG, +} +pub type IO_COUNTERS = _IO_COUNTERS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _HARDWARE_COUNTER_TYPE { + PMCCounter = 0, + MaxHardwareCounterType = 1, +} +pub use self::_HARDWARE_COUNTER_TYPE as HARDWARE_COUNTER_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PROCESS_MITIGATION_POLICY { + ProcessDEPPolicy = 0, + ProcessASLRPolicy = 1, + ProcessDynamicCodePolicy = 2, + ProcessStrictHandleCheckPolicy = 3, + ProcessSystemCallDisablePolicy = 4, + ProcessMitigationOptionsMask = 5, + ProcessExtensionPointDisablePolicy = 6, + ProcessControlFlowGuardPolicy = 7, + ProcessSignaturePolicy = 8, + ProcessFontDisablePolicy = 9, + ProcessImageLoadPolicy = 10, + ProcessSystemCallFilterPolicy = 11, + ProcessPayloadRestrictionPolicy = 12, + ProcessChildProcessPolicy = 13, + ProcessSideChannelIsolationPolicy = 14, + ProcessUserShadowStackPolicy = 15, + ProcessRedirectionTrustPolicy = 16, + ProcessUserPointerAuthPolicy = 17, + ProcessSEHOPPolicy = 18, + MaxProcessMitigationPolicy = 19, +} +pub use self::_PROCESS_MITIGATION_POLICY as PROCESS_MITIGATION_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_ASLR_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_ASLR_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_ASLR_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_ASLR_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_ASLR_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_ASLR_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn EnableBottomUpRandomization(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableBottomUpRandomization(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableForceRelocateImages(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableForceRelocateImages(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableHighEntropy(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableHighEntropy(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn DisallowStrippedImages(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_DisallowStrippedImages(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 28u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 28u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + EnableBottomUpRandomization: DWORD, + EnableForceRelocateImages: DWORD, + EnableHighEntropy: DWORD, + DisallowStrippedImages: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let EnableBottomUpRandomization: u32 = + unsafe { ::core::mem::transmute(EnableBottomUpRandomization) }; + EnableBottomUpRandomization as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let EnableForceRelocateImages: u32 = + unsafe { ::core::mem::transmute(EnableForceRelocateImages) }; + EnableForceRelocateImages as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let EnableHighEntropy: u32 = unsafe { ::core::mem::transmute(EnableHighEntropy) }; + EnableHighEntropy as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let DisallowStrippedImages: u32 = + unsafe { ::core::mem::transmute(DisallowStrippedImages) }; + DisallowStrippedImages as u64 + }); + __bindgen_bitfield_unit.set(4usize, 28u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_ASLR_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_ASLR_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_ASLR_POLICY = _PROCESS_MITIGATION_ASLR_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_SEHOP_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_SEHOP_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_SEHOP_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_SEHOP_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_SEHOP_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_SEHOP_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn EnableSehop(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableSehop(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + EnableSehop: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let EnableSehop: u32 = unsafe { ::core::mem::transmute(EnableSehop) }; + EnableSehop as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_SEHOP_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_SEHOP_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_SEHOP_POLICY = _PROCESS_MITIGATION_SEHOP_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn RaiseExceptionOnInvalidHandleReference(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_RaiseExceptionOnInvalidHandleReference(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn HandleExceptionsPermanentlyEnabled(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_HandleExceptionsPermanentlyEnabled(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 30u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 30u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + RaiseExceptionOnInvalidHandleReference: DWORD, + HandleExceptionsPermanentlyEnabled: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let RaiseExceptionOnInvalidHandleReference: u32 = + unsafe { ::core::mem::transmute(RaiseExceptionOnInvalidHandleReference) }; + RaiseExceptionOnInvalidHandleReference as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let HandleExceptionsPermanentlyEnabled: u32 = + unsafe { ::core::mem::transmute(HandleExceptionsPermanentlyEnabled) }; + HandleExceptionsPermanentlyEnabled as u64 + }); + __bindgen_bitfield_unit.set(2usize, 30u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY = + _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn DisallowWin32kSystemCalls(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_DisallowWin32kSystemCalls(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditDisallowWin32kSystemCalls(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditDisallowWin32kSystemCalls(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 30u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 30u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + DisallowWin32kSystemCalls: DWORD, + AuditDisallowWin32kSystemCalls: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let DisallowWin32kSystemCalls: u32 = + unsafe { ::core::mem::transmute(DisallowWin32kSystemCalls) }; + DisallowWin32kSystemCalls as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let AuditDisallowWin32kSystemCalls: u32 = + unsafe { ::core::mem::transmute(AuditDisallowWin32kSystemCalls) }; + AuditDisallowWin32kSystemCalls as u64 + }); + __bindgen_bitfield_unit.set(2usize, 30u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY = + _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: + _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn DisableExtensionPoints(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_DisableExtensionPoints(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + DisableExtensionPoints: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let DisableExtensionPoints: u32 = + unsafe { ::core::mem::transmute(DisableExtensionPoints) }; + DisableExtensionPoints as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY = + _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_DYNAMIC_CODE_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_DYNAMIC_CODE_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_DYNAMIC_CODE_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_DYNAMIC_CODE_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_DYNAMIC_CODE_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_DYNAMIC_CODE_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn ProhibitDynamicCode(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProhibitDynamicCode(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn AllowThreadOptOut(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_AllowThreadOptOut(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn AllowRemoteDowngrade(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_AllowRemoteDowngrade(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditProhibitDynamicCode(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditProhibitDynamicCode(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 28u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 28u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ProhibitDynamicCode: DWORD, + AllowThreadOptOut: DWORD, + AllowRemoteDowngrade: DWORD, + AuditProhibitDynamicCode: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ProhibitDynamicCode: u32 = unsafe { ::core::mem::transmute(ProhibitDynamicCode) }; + ProhibitDynamicCode as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let AllowThreadOptOut: u32 = unsafe { ::core::mem::transmute(AllowThreadOptOut) }; + AllowThreadOptOut as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let AllowRemoteDowngrade: u32 = unsafe { ::core::mem::transmute(AllowRemoteDowngrade) }; + AllowRemoteDowngrade as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let AuditProhibitDynamicCode: u32 = + unsafe { ::core::mem::transmute(AuditProhibitDynamicCode) }; + AuditProhibitDynamicCode as u64 + }); + __bindgen_bitfield_unit.set(4usize, 28u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_DYNAMIC_CODE_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_DYNAMIC_CODE_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_DYNAMIC_CODE_POLICY = _PROCESS_MITIGATION_DYNAMIC_CODE_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn EnableControlFlowGuard(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableControlFlowGuard(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableExportSuppression(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableExportSuppression(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn StrictMode(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_StrictMode(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableXfg(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableXfg(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableXfgAuditMode(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableXfgAuditMode(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 27u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 27u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + EnableControlFlowGuard: DWORD, + EnableExportSuppression: DWORD, + StrictMode: DWORD, + EnableXfg: DWORD, + EnableXfgAuditMode: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let EnableControlFlowGuard: u32 = + unsafe { ::core::mem::transmute(EnableControlFlowGuard) }; + EnableControlFlowGuard as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let EnableExportSuppression: u32 = + unsafe { ::core::mem::transmute(EnableExportSuppression) }; + EnableExportSuppression as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let StrictMode: u32 = unsafe { ::core::mem::transmute(StrictMode) }; + StrictMode as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let EnableXfg: u32 = unsafe { ::core::mem::transmute(EnableXfg) }; + EnableXfg as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let EnableXfgAuditMode: u32 = unsafe { ::core::mem::transmute(EnableXfgAuditMode) }; + EnableXfgAuditMode as u64 + }); + __bindgen_bitfield_unit.set(5usize, 27u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY = + _PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn MicrosoftSignedOnly(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_MicrosoftSignedOnly(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn StoreSignedOnly(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_StoreSignedOnly(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn MitigationOptIn(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_MitigationOptIn(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditMicrosoftSignedOnly(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditMicrosoftSignedOnly(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditStoreSignedOnly(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditStoreSignedOnly(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 27u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 27u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + MicrosoftSignedOnly: DWORD, + StoreSignedOnly: DWORD, + MitigationOptIn: DWORD, + AuditMicrosoftSignedOnly: DWORD, + AuditStoreSignedOnly: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let MicrosoftSignedOnly: u32 = unsafe { ::core::mem::transmute(MicrosoftSignedOnly) }; + MicrosoftSignedOnly as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let StoreSignedOnly: u32 = unsafe { ::core::mem::transmute(StoreSignedOnly) }; + StoreSignedOnly as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let MitigationOptIn: u32 = unsafe { ::core::mem::transmute(MitigationOptIn) }; + MitigationOptIn as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let AuditMicrosoftSignedOnly: u32 = + unsafe { ::core::mem::transmute(AuditMicrosoftSignedOnly) }; + AuditMicrosoftSignedOnly as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let AuditStoreSignedOnly: u32 = unsafe { ::core::mem::transmute(AuditStoreSignedOnly) }; + AuditStoreSignedOnly as u64 + }); + __bindgen_bitfield_unit.set(5usize, 27u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY = _PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_FONT_DISABLE_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_FONT_DISABLE_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_FONT_DISABLE_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_FONT_DISABLE_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_FONT_DISABLE_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_FONT_DISABLE_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn DisableNonSystemFonts(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_DisableNonSystemFonts(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditNonSystemFontLoading(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditNonSystemFontLoading(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 30u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 30u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + DisableNonSystemFonts: DWORD, + AuditNonSystemFontLoading: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let DisableNonSystemFonts: u32 = unsafe { ::core::mem::transmute(DisableNonSystemFonts) }; + DisableNonSystemFonts as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let AuditNonSystemFontLoading: u32 = + unsafe { ::core::mem::transmute(AuditNonSystemFontLoading) }; + AuditNonSystemFontLoading as u64 + }); + __bindgen_bitfield_unit.set(2usize, 30u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_FONT_DISABLE_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_FONT_DISABLE_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_FONT_DISABLE_POLICY = _PROCESS_MITIGATION_FONT_DISABLE_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_IMAGE_LOAD_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_IMAGE_LOAD_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_IMAGE_LOAD_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_IMAGE_LOAD_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_IMAGE_LOAD_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_IMAGE_LOAD_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn NoRemoteImages(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_NoRemoteImages(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn NoLowMandatoryLabelImages(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_NoLowMandatoryLabelImages(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn PreferSystem32Images(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_PreferSystem32Images(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditNoRemoteImages(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditNoRemoteImages(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditNoLowMandatoryLabelImages(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditNoLowMandatoryLabelImages(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 27u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 27u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + NoRemoteImages: DWORD, + NoLowMandatoryLabelImages: DWORD, + PreferSystem32Images: DWORD, + AuditNoRemoteImages: DWORD, + AuditNoLowMandatoryLabelImages: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let NoRemoteImages: u32 = unsafe { ::core::mem::transmute(NoRemoteImages) }; + NoRemoteImages as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let NoLowMandatoryLabelImages: u32 = + unsafe { ::core::mem::transmute(NoLowMandatoryLabelImages) }; + NoLowMandatoryLabelImages as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let PreferSystem32Images: u32 = unsafe { ::core::mem::transmute(PreferSystem32Images) }; + PreferSystem32Images as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let AuditNoRemoteImages: u32 = unsafe { ::core::mem::transmute(AuditNoRemoteImages) }; + AuditNoRemoteImages as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let AuditNoLowMandatoryLabelImages: u32 = + unsafe { ::core::mem::transmute(AuditNoLowMandatoryLabelImages) }; + AuditNoLowMandatoryLabelImages as u64 + }); + __bindgen_bitfield_unit.set(5usize, 27u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_IMAGE_LOAD_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_IMAGE_LOAD_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_IMAGE_LOAD_POLICY = _PROCESS_MITIGATION_IMAGE_LOAD_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn FilterId(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 4u8) as u32) } + } + #[inline] + pub fn set_FilterId(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 4u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 28u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 28u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + FilterId: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 4u8, { + let FilterId: u32 = unsafe { ::core::mem::transmute(FilterId) }; + FilterId as u64 + }); + __bindgen_bitfield_unit.set(4usize, 28u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY = + _PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn EnableExportAddressFilter(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableExportAddressFilter(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditExportAddressFilter(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditExportAddressFilter(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableExportAddressFilterPlus(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableExportAddressFilterPlus(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditExportAddressFilterPlus(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditExportAddressFilterPlus(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableImportAddressFilter(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableImportAddressFilter(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditImportAddressFilter(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditImportAddressFilter(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableRopStackPivot(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableRopStackPivot(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditRopStackPivot(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditRopStackPivot(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableRopCallerCheck(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableRopCallerCheck(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditRopCallerCheck(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditRopCallerCheck(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableRopSimExec(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableRopSimExec(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditRopSimExec(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(11usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditRopSimExec(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(11usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 20u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 20u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + EnableExportAddressFilter: DWORD, + AuditExportAddressFilter: DWORD, + EnableExportAddressFilterPlus: DWORD, + AuditExportAddressFilterPlus: DWORD, + EnableImportAddressFilter: DWORD, + AuditImportAddressFilter: DWORD, + EnableRopStackPivot: DWORD, + AuditRopStackPivot: DWORD, + EnableRopCallerCheck: DWORD, + AuditRopCallerCheck: DWORD, + EnableRopSimExec: DWORD, + AuditRopSimExec: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let EnableExportAddressFilter: u32 = + unsafe { ::core::mem::transmute(EnableExportAddressFilter) }; + EnableExportAddressFilter as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let AuditExportAddressFilter: u32 = + unsafe { ::core::mem::transmute(AuditExportAddressFilter) }; + AuditExportAddressFilter as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let EnableExportAddressFilterPlus: u32 = + unsafe { ::core::mem::transmute(EnableExportAddressFilterPlus) }; + EnableExportAddressFilterPlus as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let AuditExportAddressFilterPlus: u32 = + unsafe { ::core::mem::transmute(AuditExportAddressFilterPlus) }; + AuditExportAddressFilterPlus as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let EnableImportAddressFilter: u32 = + unsafe { ::core::mem::transmute(EnableImportAddressFilter) }; + EnableImportAddressFilter as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let AuditImportAddressFilter: u32 = + unsafe { ::core::mem::transmute(AuditImportAddressFilter) }; + AuditImportAddressFilter as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let EnableRopStackPivot: u32 = unsafe { ::core::mem::transmute(EnableRopStackPivot) }; + EnableRopStackPivot as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let AuditRopStackPivot: u32 = unsafe { ::core::mem::transmute(AuditRopStackPivot) }; + AuditRopStackPivot as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let EnableRopCallerCheck: u32 = unsafe { ::core::mem::transmute(EnableRopCallerCheck) }; + EnableRopCallerCheck as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let AuditRopCallerCheck: u32 = unsafe { ::core::mem::transmute(AuditRopCallerCheck) }; + AuditRopCallerCheck as u64 + }); + __bindgen_bitfield_unit.set(10usize, 1u8, { + let EnableRopSimExec: u32 = unsafe { ::core::mem::transmute(EnableRopSimExec) }; + EnableRopSimExec as u64 + }); + __bindgen_bitfield_unit.set(11usize, 1u8, { + let AuditRopSimExec: u32 = unsafe { ::core::mem::transmute(AuditRopSimExec) }; + AuditRopSimExec as u64 + }); + __bindgen_bitfield_unit.set(12usize, 20u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY = + _PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_CHILD_PROCESS_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_CHILD_PROCESS_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_CHILD_PROCESS_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_CHILD_PROCESS_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_CHILD_PROCESS_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_CHILD_PROCESS_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn NoChildProcessCreation(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_NoChildProcessCreation(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditNoChildProcessCreation(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditNoChildProcessCreation(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn AllowSecureProcessCreation(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_AllowSecureProcessCreation(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 29u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 29u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + NoChildProcessCreation: DWORD, + AuditNoChildProcessCreation: DWORD, + AllowSecureProcessCreation: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let NoChildProcessCreation: u32 = + unsafe { ::core::mem::transmute(NoChildProcessCreation) }; + NoChildProcessCreation as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let AuditNoChildProcessCreation: u32 = + unsafe { ::core::mem::transmute(AuditNoChildProcessCreation) }; + AuditNoChildProcessCreation as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let AllowSecureProcessCreation: u32 = + unsafe { ::core::mem::transmute(AllowSecureProcessCreation) }; + AllowSecureProcessCreation as u64 + }); + __bindgen_bitfield_unit.set(3usize, 29u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_CHILD_PROCESS_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_CHILD_PROCESS_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_CHILD_PROCESS_POLICY = _PROCESS_MITIGATION_CHILD_PROCESS_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: + _PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn SmtBranchTargetIsolation(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_SmtBranchTargetIsolation(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsolateSecurityDomain(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsolateSecurityDomain(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn DisablePageCombine(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_DisablePageCombine(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpeculativeStoreBypassDisable(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_SpeculativeStoreBypassDisable(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn RestrictCoreSharing(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_RestrictCoreSharing(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 27u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 27u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + SmtBranchTargetIsolation: DWORD, + IsolateSecurityDomain: DWORD, + DisablePageCombine: DWORD, + SpeculativeStoreBypassDisable: DWORD, + RestrictCoreSharing: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let SmtBranchTargetIsolation: u32 = + unsafe { ::core::mem::transmute(SmtBranchTargetIsolation) }; + SmtBranchTargetIsolation as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let IsolateSecurityDomain: u32 = unsafe { ::core::mem::transmute(IsolateSecurityDomain) }; + IsolateSecurityDomain as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let DisablePageCombine: u32 = unsafe { ::core::mem::transmute(DisablePageCombine) }; + DisablePageCombine as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let SpeculativeStoreBypassDisable: u32 = + unsafe { ::core::mem::transmute(SpeculativeStoreBypassDisable) }; + SpeculativeStoreBypassDisable as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let RestrictCoreSharing: u32 = unsafe { ::core::mem::transmute(RestrictCoreSharing) }; + RestrictCoreSharing as u64 + }); + __bindgen_bitfield_unit.set(5usize, 27u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY = + _PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn EnableUserShadowStack(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableUserShadowStack(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditUserShadowStack(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditUserShadowStack(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn SetContextIpValidation(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_SetContextIpValidation(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditSetContextIpValidation(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditSetContextIpValidation(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableUserShadowStackStrictMode(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableUserShadowStackStrictMode(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn BlockNonCetBinaries(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_BlockNonCetBinaries(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn BlockNonCetBinariesNonEhcont(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_BlockNonCetBinariesNonEhcont(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditBlockNonCetBinaries(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditBlockNonCetBinaries(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn CetDynamicApisOutOfProcOnly(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_CetDynamicApisOutOfProcOnly(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn SetContextIpValidationRelaxedMode(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u32) } + } + #[inline] + pub fn set_SetContextIpValidationRelaxedMode(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 22u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 22u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + EnableUserShadowStack: DWORD, + AuditUserShadowStack: DWORD, + SetContextIpValidation: DWORD, + AuditSetContextIpValidation: DWORD, + EnableUserShadowStackStrictMode: DWORD, + BlockNonCetBinaries: DWORD, + BlockNonCetBinariesNonEhcont: DWORD, + AuditBlockNonCetBinaries: DWORD, + CetDynamicApisOutOfProcOnly: DWORD, + SetContextIpValidationRelaxedMode: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let EnableUserShadowStack: u32 = unsafe { ::core::mem::transmute(EnableUserShadowStack) }; + EnableUserShadowStack as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let AuditUserShadowStack: u32 = unsafe { ::core::mem::transmute(AuditUserShadowStack) }; + AuditUserShadowStack as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let SetContextIpValidation: u32 = + unsafe { ::core::mem::transmute(SetContextIpValidation) }; + SetContextIpValidation as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let AuditSetContextIpValidation: u32 = + unsafe { ::core::mem::transmute(AuditSetContextIpValidation) }; + AuditSetContextIpValidation as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let EnableUserShadowStackStrictMode: u32 = + unsafe { ::core::mem::transmute(EnableUserShadowStackStrictMode) }; + EnableUserShadowStackStrictMode as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let BlockNonCetBinaries: u32 = unsafe { ::core::mem::transmute(BlockNonCetBinaries) }; + BlockNonCetBinaries as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let BlockNonCetBinariesNonEhcont: u32 = + unsafe { ::core::mem::transmute(BlockNonCetBinariesNonEhcont) }; + BlockNonCetBinariesNonEhcont as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let AuditBlockNonCetBinaries: u32 = + unsafe { ::core::mem::transmute(AuditBlockNonCetBinaries) }; + AuditBlockNonCetBinaries as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let CetDynamicApisOutOfProcOnly: u32 = + unsafe { ::core::mem::transmute(CetDynamicApisOutOfProcOnly) }; + CetDynamicApisOutOfProcOnly as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let SetContextIpValidationRelaxedMode: u32 = + unsafe { ::core::mem::transmute(SetContextIpValidationRelaxedMode) }; + SetContextIpValidationRelaxedMode as u64 + }); + __bindgen_bitfield_unit.set(10usize, 22u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY = _PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn EnablePointerAuthUserIp(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnablePointerAuthUserIp(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + EnablePointerAuthUserIp: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let EnablePointerAuthUserIp: u32 = + unsafe { ::core::mem::transmute(EnablePointerAuthUserIp) }; + EnablePointerAuthUserIp as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY = _PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY { + pub __bindgen_anon_1: _PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY__bindgen_ty_1 { + pub Flags: DWORD, + pub __bindgen_anon_1: _PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn EnforceRedirectionTrust(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnforceRedirectionTrust(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditRedirectionTrust(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_AuditRedirectionTrust(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 30u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 30u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + EnforceRedirectionTrust: DWORD, + AuditRedirectionTrust: DWORD, + ReservedFlags: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let EnforceRedirectionTrust: u32 = + unsafe { ::core::mem::transmute(EnforceRedirectionTrust) }; + EnforceRedirectionTrust as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let AuditRedirectionTrust: u32 = unsafe { ::core::mem::transmute(AuditRedirectionTrust) }; + AuditRedirectionTrust as u64 + }); + __bindgen_bitfield_unit.set(2usize, 30u8, { + let ReservedFlags: u32 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY = _PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _JOBOBJECT_BASIC_ACCOUNTING_INFORMATION { + pub TotalUserTime: LARGE_INTEGER, + pub TotalKernelTime: LARGE_INTEGER, + pub ThisPeriodTotalUserTime: LARGE_INTEGER, + pub ThisPeriodTotalKernelTime: LARGE_INTEGER, + pub TotalPageFaultCount: DWORD, + pub TotalProcesses: DWORD, + pub ActiveProcesses: DWORD, + pub TotalTerminatedProcesses: DWORD, +} +impl Default for _JOBOBJECT_BASIC_ACCOUNTING_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type JOBOBJECT_BASIC_ACCOUNTING_INFORMATION = _JOBOBJECT_BASIC_ACCOUNTING_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _JOBOBJECT_BASIC_LIMIT_INFORMATION { + pub PerProcessUserTimeLimit: LARGE_INTEGER, + pub PerJobUserTimeLimit: LARGE_INTEGER, + pub LimitFlags: DWORD, + pub MinimumWorkingSetSize: SIZE_T, + pub MaximumWorkingSetSize: SIZE_T, + pub ActiveProcessLimit: DWORD, + pub Affinity: ULONG_PTR, + pub PriorityClass: DWORD, + pub SchedulingClass: DWORD, +} +impl Default for _JOBOBJECT_BASIC_LIMIT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type JOBOBJECT_BASIC_LIMIT_INFORMATION = _JOBOBJECT_BASIC_LIMIT_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _JOBOBJECTINFOCLASS { + JobObjectBasicAccountingInformation = 1, + JobObjectBasicLimitInformation = 2, + JobObjectBasicProcessIdList = 3, + JobObjectBasicUIRestrictions = 4, + JobObjectSecurityLimitInformation = 5, + JobObjectEndOfJobTimeInformation = 6, + JobObjectAssociateCompletionPortInformation = 7, + JobObjectBasicAndIoAccountingInformation = 8, + JobObjectExtendedLimitInformation = 9, + JobObjectJobSetInformation = 10, + JobObjectGroupInformation = 11, + JobObjectNotificationLimitInformation = 12, + JobObjectLimitViolationInformation = 13, + JobObjectGroupInformationEx = 14, + JobObjectCpuRateControlInformation = 15, + JobObjectCompletionFilter = 16, + JobObjectCompletionCounter = 17, + JobObjectReserved1Information = 18, + JobObjectReserved2Information = 19, + JobObjectReserved3Information = 20, + JobObjectReserved4Information = 21, + JobObjectReserved5Information = 22, + JobObjectReserved6Information = 23, + JobObjectReserved7Information = 24, + JobObjectReserved8Information = 25, + JobObjectReserved9Information = 26, + JobObjectReserved10Information = 27, + JobObjectReserved11Information = 28, + JobObjectReserved12Information = 29, + JobObjectReserved13Information = 30, + JobObjectReserved14Information = 31, + JobObjectNetRateControlInformation = 32, + JobObjectNotificationLimitInformation2 = 33, + JobObjectLimitViolationInformation2 = 34, + JobObjectCreateSilo = 35, + JobObjectSiloBasicInformation = 36, + JobObjectReserved15Information = 37, + JobObjectReserved16Information = 38, + JobObjectReserved17Information = 39, + JobObjectReserved18Information = 40, + JobObjectReserved19Information = 41, + JobObjectReserved20Information = 42, + JobObjectReserved21Information = 43, + JobObjectReserved22Information = 44, + JobObjectReserved23Information = 45, + JobObjectReserved24Information = 46, + JobObjectReserved25Information = 47, + JobObjectReserved26Information = 48, + JobObjectReserved27Information = 49, + MaxJobObjectInfoClass = 50, +} +pub use self::_JOBOBJECTINFOCLASS as JOBOBJECTINFOCLASS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _FIRMWARE_TYPE { + FirmwareTypeUnknown = 0, + FirmwareTypeBios = 1, + FirmwareTypeUefi = 2, + FirmwareTypeMax = 3, +} +pub use self::_FIRMWARE_TYPE as FIRMWARE_TYPE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _XSTATE_FEATURE { + pub Offset: DWORD, + pub Size: DWORD, +} +pub type XSTATE_FEATURE = _XSTATE_FEATURE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _XSTATE_CONFIGURATION { + pub EnabledFeatures: DWORD64, + pub EnabledVolatileFeatures: DWORD64, + pub Size: DWORD, + pub __bindgen_anon_1: _XSTATE_CONFIGURATION__bindgen_ty_1, + pub Features: [XSTATE_FEATURE; 64usize], + pub EnabledSupervisorFeatures: DWORD64, + pub AlignedFeatures: DWORD64, + pub AllFeatureSize: DWORD, + pub AllFeatures: [DWORD; 64usize], + pub EnabledUserVisibleSupervisorFeatures: DWORD64, + pub ExtendedFeatureDisableFeatures: DWORD64, + pub AllNonLargeFeatureSize: DWORD, + pub Spare: DWORD, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _XSTATE_CONFIGURATION__bindgen_ty_1 { + pub ControlFlags: DWORD, + pub __bindgen_anon_1: _XSTATE_CONFIGURATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _XSTATE_CONFIGURATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, + pub __bindgen_padding_0: [u8; 3usize], +} +impl _XSTATE_CONFIGURATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn OptimizedSave(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_OptimizedSave(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn CompactionEnabled(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_CompactionEnabled(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ExtendedFeatureDisable(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_ExtendedFeatureDisable(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + OptimizedSave: DWORD, + CompactionEnabled: DWORD, + ExtendedFeatureDisable: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let OptimizedSave: u32 = unsafe { ::core::mem::transmute(OptimizedSave) }; + OptimizedSave as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let CompactionEnabled: u32 = unsafe { ::core::mem::transmute(CompactionEnabled) }; + CompactionEnabled as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let ExtendedFeatureDisable: u32 = + unsafe { ::core::mem::transmute(ExtendedFeatureDisable) }; + ExtendedFeatureDisable as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _XSTATE_CONFIGURATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _XSTATE_CONFIGURATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type XSTATE_CONFIGURATION = _XSTATE_CONFIGURATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CFG_CALL_TARGET_INFO { + pub Offset: ULONG_PTR, + pub Flags: ULONG_PTR, +} +pub type PCFG_CALL_TARGET_INFO = *mut _CFG_CALL_TARGET_INFO; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct MEM_EXTENDED_PARAMETER { + pub __bindgen_anon_1: MEM_EXTENDED_PARAMETER__bindgen_ty_1, + pub __bindgen_anon_2: MEM_EXTENDED_PARAMETER__bindgen_ty_2, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct MEM_EXTENDED_PARAMETER__bindgen_ty_1 { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl MEM_EXTENDED_PARAMETER__bindgen_ty_1 { + #[inline] + pub fn Type(&self) -> DWORD64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u64) } + } + #[inline] + pub fn set_Type(&mut self, val: DWORD64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> DWORD64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 56u8) as u64) } + } + #[inline] + pub fn set_Reserved(&mut self, val: DWORD64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 56u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Type: DWORD64, Reserved: DWORD64) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Type: u64 = unsafe { ::core::mem::transmute(Type) }; + Type as u64 + }); + __bindgen_bitfield_unit.set(8usize, 56u8, { + let Reserved: u64 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union MEM_EXTENDED_PARAMETER__bindgen_ty_2 { + pub ULong64: DWORD64, + pub Pointer: PVOID, + pub Size: SIZE_T, + pub Handle: HANDLE, + pub ULong: DWORD, +} +impl Default for MEM_EXTENDED_PARAMETER__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for MEM_EXTENDED_PARAMETER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PMEM_EXTENDED_PARAMETER = *mut MEM_EXTENDED_PARAMETER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_ID_128 { + pub Identifier: [BYTE; 16usize], +} +pub type FILE_ID_128 = _FILE_ID_128; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _FILE_SEGMENT_ELEMENT { + pub Buffer: *mut cty::c_void, + pub Alignment: ULONGLONG, +} +impl Default for _FILE_SEGMENT_ELEMENT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PFILE_SEGMENT_ELEMENT = *mut _FILE_SEGMENT_ELEMENT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _REPARSE_GUID_DATA_BUFFER { + pub ReparseTag: DWORD, + pub ReparseDataLength: WORD, + pub Reserved: WORD, + pub ReparseGuid: GUID, + pub GenericReparseBuffer: _REPARSE_GUID_DATA_BUFFER__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _REPARSE_GUID_DATA_BUFFER__bindgen_ty_1 { + pub DataBuffer: [BYTE; 1usize], +} +pub type REPARSE_GUID_DATA_BUFFER = _REPARSE_GUID_DATA_BUFFER; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYSTEM_POWER_STATE { + PowerSystemUnspecified = 0, + PowerSystemWorking = 1, + PowerSystemSleeping1 = 2, + PowerSystemSleeping2 = 3, + PowerSystemSleeping3 = 4, + PowerSystemHibernate = 5, + PowerSystemShutdown = 6, + PowerSystemMaximum = 7, +} +pub use self::_SYSTEM_POWER_STATE as SYSTEM_POWER_STATE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum POWER_ACTION { + PowerActionNone = 0, + PowerActionReserved = 1, + PowerActionSleep = 2, + PowerActionHibernate = 3, + PowerActionShutdown = 4, + PowerActionShutdownReset = 5, + PowerActionShutdownOff = 6, + PowerActionWarmEject = 7, + PowerActionDisplayOff = 8, +} +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DEVICE_POWER_STATE { + PowerDeviceUnspecified = 0, + PowerDeviceD0 = 1, + PowerDeviceD1 = 2, + PowerDeviceD2 = 3, + PowerDeviceD3 = 4, + PowerDeviceMaximum = 5, +} +pub use self::_DEVICE_POWER_STATE as DEVICE_POWER_STATE; +pub type PDEVICE_POWER_STATE = *mut _DEVICE_POWER_STATE; +pub type EXECUTION_STATE = DWORD; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum LATENCY_TIME { + LT_DONT_CARE = 0, + LT_LOWEST_LATENCY = 1, +} +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum POWER_INFORMATION_LEVEL { + SystemPowerPolicyAc = 0, + SystemPowerPolicyDc = 1, + VerifySystemPolicyAc = 2, + VerifySystemPolicyDc = 3, + SystemPowerCapabilities = 4, + SystemBatteryState = 5, + SystemPowerStateHandler = 6, + ProcessorStateHandler = 7, + SystemPowerPolicyCurrent = 8, + AdministratorPowerPolicy = 9, + SystemReserveHiberFile = 10, + ProcessorInformation = 11, + SystemPowerInformation = 12, + ProcessorStateHandler2 = 13, + LastWakeTime = 14, + LastSleepTime = 15, + SystemExecutionState = 16, + SystemPowerStateNotifyHandler = 17, + ProcessorPowerPolicyAc = 18, + ProcessorPowerPolicyDc = 19, + VerifyProcessorPowerPolicyAc = 20, + VerifyProcessorPowerPolicyDc = 21, + ProcessorPowerPolicyCurrent = 22, + SystemPowerStateLogging = 23, + SystemPowerLoggingEntry = 24, + SetPowerSettingValue = 25, + NotifyUserPowerSetting = 26, + PowerInformationLevelUnused0 = 27, + SystemMonitorHiberBootPowerOff = 28, + SystemVideoState = 29, + TraceApplicationPowerMessage = 30, + TraceApplicationPowerMessageEnd = 31, + ProcessorPerfStates = 32, + ProcessorIdleStates = 33, + ProcessorCap = 34, + SystemWakeSource = 35, + SystemHiberFileInformation = 36, + TraceServicePowerMessage = 37, + ProcessorLoad = 38, + PowerShutdownNotification = 39, + MonitorCapabilities = 40, + SessionPowerInit = 41, + SessionDisplayState = 42, + PowerRequestCreate = 43, + PowerRequestAction = 44, + GetPowerRequestList = 45, + ProcessorInformationEx = 46, + NotifyUserModeLegacyPowerEvent = 47, + GroupPark = 48, + ProcessorIdleDomains = 49, + WakeTimerList = 50, + SystemHiberFileSize = 51, + ProcessorIdleStatesHv = 52, + ProcessorPerfStatesHv = 53, + ProcessorPerfCapHv = 54, + ProcessorSetIdle = 55, + LogicalProcessorIdling = 56, + UserPresence = 57, + PowerSettingNotificationName = 58, + GetPowerSettingValue = 59, + IdleResiliency = 60, + SessionRITState = 61, + SessionConnectNotification = 62, + SessionPowerCleanup = 63, + SessionLockState = 64, + SystemHiberbootState = 65, + PlatformInformation = 66, + PdcInvocation = 67, + MonitorInvocation = 68, + FirmwareTableInformationRegistered = 69, + SetShutdownSelectedTime = 70, + SuspendResumeInvocation = 71, + PlmPowerRequestCreate = 72, + ScreenOff = 73, + CsDeviceNotification = 74, + PlatformRole = 75, + LastResumePerformance = 76, + DisplayBurst = 77, + ExitLatencySamplingPercentage = 78, + RegisterSpmPowerSettings = 79, + PlatformIdleStates = 80, + ProcessorIdleVeto = 81, + PlatformIdleVeto = 82, + SystemBatteryStatePrecise = 83, + ThermalEvent = 84, + PowerRequestActionInternal = 85, + BatteryDeviceState = 86, + PowerInformationInternal = 87, + ThermalStandby = 88, + SystemHiberFileType = 89, + PhysicalPowerButtonPress = 90, + QueryPotentialDripsConstraint = 91, + EnergyTrackerCreate = 92, + EnergyTrackerQuery = 93, + UpdateBlackBoxRecorder = 94, + SessionAllowExternalDmaDevices = 95, + SendSuspendResumeNotification = 96, + BlackBoxRecorderDirectAccessBuffer = 97, + PowerInformationLevelMaximum = 98, +} +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum POWER_MONITOR_REQUEST_REASON { + MonitorRequestReasonUnknown = 0, + MonitorRequestReasonPowerButton = 1, + MonitorRequestReasonRemoteConnection = 2, + MonitorRequestReasonScMonitorpower = 3, + MonitorRequestReasonUserInput = 4, + MonitorRequestReasonAcDcDisplayBurst = 5, + MonitorRequestReasonUserDisplayBurst = 6, + MonitorRequestReasonPoSetSystemState = 7, + MonitorRequestReasonSetThreadExecutionState = 8, + MonitorRequestReasonFullWake = 9, + MonitorRequestReasonSessionUnlock = 10, + MonitorRequestReasonScreenOffRequest = 11, + MonitorRequestReasonIdleTimeout = 12, + MonitorRequestReasonPolicyChange = 13, + MonitorRequestReasonSleepButton = 14, + MonitorRequestReasonLid = 15, + MonitorRequestReasonBatteryCountChange = 16, + MonitorRequestReasonGracePeriod = 17, + MonitorRequestReasonPnP = 18, + MonitorRequestReasonDP = 19, + MonitorRequestReasonSxTransition = 20, + MonitorRequestReasonSystemIdle = 21, + MonitorRequestReasonNearProximity = 22, + MonitorRequestReasonThermalStandby = 23, + MonitorRequestReasonResumePdc = 24, + MonitorRequestReasonResumeS4 = 25, + MonitorRequestReasonTerminal = 26, + MonitorRequestReasonPdcSignal = 27, + MonitorRequestReasonAcDcDisplayBurstSuppressed = 28, + MonitorRequestReasonSystemStateEntered = 29, + MonitorRequestReasonWinrt = 30, + MonitorRequestReasonUserInputKeyboard = 31, + MonitorRequestReasonUserInputMouse = 32, + MonitorRequestReasonUserInputTouchpad = 33, + MonitorRequestReasonUserInputPen = 34, + MonitorRequestReasonUserInputAccelerometer = 35, + MonitorRequestReasonUserInputHid = 36, + MonitorRequestReasonUserInputPoUserPresent = 37, + MonitorRequestReasonUserInputSessionSwitch = 38, + MonitorRequestReasonUserInputInitialization = 39, + MonitorRequestReasonPdcSignalWindowsMobilePwrNotif = 40, + MonitorRequestReasonPdcSignalWindowsMobileShell = 41, + MonitorRequestReasonPdcSignalHeyCortana = 42, + MonitorRequestReasonPdcSignalHolographicShell = 43, + MonitorRequestReasonPdcSignalFingerprint = 44, + MonitorRequestReasonDirectedDrips = 45, + MonitorRequestReasonDim = 46, + MonitorRequestReasonBuiltinPanel = 47, + MonitorRequestReasonDisplayRequiredUnDim = 48, + MonitorRequestReasonBatteryCountChangeSuppressed = 49, + MonitorRequestReasonResumeModernStandby = 50, + MonitorRequestReasonTerminalInit = 51, + MonitorRequestReasonPdcSignalSensorsHumanPresence = 52, + MonitorRequestReasonBatteryPreCritical = 53, + MonitorRequestReasonUserInputTouch = 54, + MonitorRequestReasonMax = 55, +} +#[repr(C, packed(2))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_DOS_HEADER { + pub e_magic: WORD, + pub e_cblp: WORD, + pub e_cp: WORD, + pub e_crlc: WORD, + pub e_cparhdr: WORD, + pub e_minalloc: WORD, + pub e_maxalloc: WORD, + pub e_ss: WORD, + pub e_sp: WORD, + pub e_csum: WORD, + pub e_ip: WORD, + pub e_cs: WORD, + pub e_lfarlc: WORD, + pub e_ovno: WORD, + pub e_res: [WORD; 4usize], + pub e_oemid: WORD, + pub e_oeminfo: WORD, + pub e_res2: [WORD; 10usize], + pub e_lfanew: LONG, +} +pub type IMAGE_DOS_HEADER = _IMAGE_DOS_HEADER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_FILE_HEADER { + pub Machine: WORD, + pub NumberOfSections: WORD, + pub TimeDateStamp: DWORD, + pub PointerToSymbolTable: DWORD, + pub NumberOfSymbols: DWORD, + pub SizeOfOptionalHeader: WORD, + pub Characteristics: WORD, +} +pub type IMAGE_FILE_HEADER = _IMAGE_FILE_HEADER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_DATA_DIRECTORY { + pub VirtualAddress: DWORD, + pub Size: DWORD, +} +pub type IMAGE_DATA_DIRECTORY = _IMAGE_DATA_DIRECTORY; +#[repr(C, packed(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_OPTIONAL_HEADER64 { + pub Magic: WORD, + pub MajorLinkerVersion: BYTE, + pub MinorLinkerVersion: BYTE, + pub SizeOfCode: DWORD, + pub SizeOfInitializedData: DWORD, + pub SizeOfUninitializedData: DWORD, + pub AddressOfEntryPoint: DWORD, + pub BaseOfCode: DWORD, + pub ImageBase: ULONGLONG, + pub SectionAlignment: DWORD, + pub FileAlignment: DWORD, + pub MajorOperatingSystemVersion: WORD, + pub MinorOperatingSystemVersion: WORD, + pub MajorImageVersion: WORD, + pub MinorImageVersion: WORD, + pub MajorSubsystemVersion: WORD, + pub MinorSubsystemVersion: WORD, + pub Win32VersionValue: DWORD, + pub SizeOfImage: DWORD, + pub SizeOfHeaders: DWORD, + pub CheckSum: DWORD, + pub Subsystem: WORD, + pub DllCharacteristics: WORD, + pub SizeOfStackReserve: ULONGLONG, + pub SizeOfStackCommit: ULONGLONG, + pub SizeOfHeapReserve: ULONGLONG, + pub SizeOfHeapCommit: ULONGLONG, + pub LoaderFlags: DWORD, + pub NumberOfRvaAndSizes: DWORD, + pub DataDirectory: [IMAGE_DATA_DIRECTORY; 16usize], +} +pub type IMAGE_OPTIONAL_HEADER64 = _IMAGE_OPTIONAL_HEADER64; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_NT_HEADERS64 { + pub Signature: DWORD, + pub FileHeader: IMAGE_FILE_HEADER, + pub OptionalHeader: IMAGE_OPTIONAL_HEADER64, +} +pub type PIMAGE_NT_HEADERS64 = *mut _IMAGE_NT_HEADERS64; +pub type PIMAGE_NT_HEADERS = PIMAGE_NT_HEADERS64; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _IMAGE_SECTION_HEADER { + pub Name: [BYTE; 8usize], + pub Misc: _IMAGE_SECTION_HEADER__bindgen_ty_1, + pub VirtualAddress: DWORD, + pub SizeOfRawData: DWORD, + pub PointerToRawData: DWORD, + pub PointerToRelocations: DWORD, + pub PointerToLinenumbers: DWORD, + pub NumberOfRelocations: WORD, + pub NumberOfLinenumbers: WORD, + pub Characteristics: DWORD, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _IMAGE_SECTION_HEADER__bindgen_ty_1 { + pub PhysicalAddress: DWORD, + pub VirtualSize: DWORD, +} +impl Default for _IMAGE_SECTION_HEADER__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _IMAGE_SECTION_HEADER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PIMAGE_SECTION_HEADER = *mut _IMAGE_SECTION_HEADER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_BASE_RELOCATION { + pub VirtualAddress: DWORD, + pub SizeOfBlock: DWORD, +} +pub type IMAGE_BASE_RELOCATION = _IMAGE_BASE_RELOCATION; +pub type PIMAGE_BASE_RELOCATION = *mut IMAGE_BASE_RELOCATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_EXPORT_DIRECTORY { + pub Characteristics: DWORD, + pub TimeDateStamp: DWORD, + pub MajorVersion: WORD, + pub MinorVersion: WORD, + pub Name: DWORD, + pub Base: DWORD, + pub NumberOfFunctions: DWORD, + pub NumberOfNames: DWORD, + pub AddressOfFunctions: DWORD, + pub AddressOfNames: DWORD, + pub AddressOfNameOrdinals: DWORD, +} +pub type PIMAGE_EXPORT_DIRECTORY = *mut _IMAGE_EXPORT_DIRECTORY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _IMAGE_THUNK_DATA64 { + pub u1: _IMAGE_THUNK_DATA64__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _IMAGE_THUNK_DATA64__bindgen_ty_1 { + pub ForwarderString: ULONGLONG, + pub Function: ULONGLONG, + pub Ordinal: ULONGLONG, + pub AddressOfData: ULONGLONG, +} +impl Default for _IMAGE_THUNK_DATA64__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _IMAGE_THUNK_DATA64 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type IMAGE_THUNK_DATA64 = _IMAGE_THUNK_DATA64; +pub type PIMAGE_THUNK_DATA64 = *mut IMAGE_THUNK_DATA64; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _IMAGE_THUNK_DATA32 { + pub u1: _IMAGE_THUNK_DATA32__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _IMAGE_THUNK_DATA32__bindgen_ty_1 { + pub ForwarderString: DWORD, + pub Function: DWORD, + pub Ordinal: DWORD, + pub AddressOfData: DWORD, +} +impl Default for _IMAGE_THUNK_DATA32__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _IMAGE_THUNK_DATA32 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type IMAGE_THUNK_DATA32 = _IMAGE_THUNK_DATA32; +pub type PIMAGE_THUNK_DATA = PIMAGE_THUNK_DATA64; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _IMAGE_DELAYLOAD_DESCRIPTOR { + pub Attributes: _IMAGE_DELAYLOAD_DESCRIPTOR__bindgen_ty_1, + pub DllNameRVA: DWORD, + pub ModuleHandleRVA: DWORD, + pub ImportAddressTableRVA: DWORD, + pub ImportNameTableRVA: DWORD, + pub BoundImportAddressTableRVA: DWORD, + pub UnloadInformationTableRVA: DWORD, + pub TimeDateStamp: DWORD, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _IMAGE_DELAYLOAD_DESCRIPTOR__bindgen_ty_1 { + pub AllAttributes: DWORD, + pub __bindgen_anon_1: _IMAGE_DELAYLOAD_DESCRIPTOR__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_DELAYLOAD_DESCRIPTOR__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _IMAGE_DELAYLOAD_DESCRIPTOR__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn RvaBased(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_RvaBased(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedAttributes(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_ReservedAttributes(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + RvaBased: DWORD, + ReservedAttributes: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let RvaBased: u32 = unsafe { ::core::mem::transmute(RvaBased) }; + RvaBased as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let ReservedAttributes: u32 = unsafe { ::core::mem::transmute(ReservedAttributes) }; + ReservedAttributes as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _IMAGE_DELAYLOAD_DESCRIPTOR__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _IMAGE_DELAYLOAD_DESCRIPTOR { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type IMAGE_DELAYLOAD_DESCRIPTOR = _IMAGE_DELAYLOAD_DESCRIPTOR; +pub type PCIMAGE_DELAYLOAD_DESCRIPTOR = *const IMAGE_DELAYLOAD_DESCRIPTOR; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_RESOURCE_DIRECTORY { + pub Characteristics: DWORD, + pub TimeDateStamp: DWORD, + pub MajorVersion: WORD, + pub MinorVersion: WORD, + pub NumberOfNamedEntries: WORD, + pub NumberOfIdEntries: WORD, +} +pub type PIMAGE_RESOURCE_DIRECTORY = *mut _IMAGE_RESOURCE_DIRECTORY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_RESOURCE_DIRECTORY_STRING { + pub Length: WORD, + pub NameString: [CHAR; 1usize], +} +pub type PIMAGE_RESOURCE_DIRECTORY_STRING = *mut _IMAGE_RESOURCE_DIRECTORY_STRING; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_RESOURCE_DATA_ENTRY { + pub OffsetToData: DWORD, + pub Size: DWORD, + pub CodePage: DWORD, + pub Reserved: DWORD, +} +pub type PIMAGE_RESOURCE_DATA_ENTRY = *mut _IMAGE_RESOURCE_DATA_ENTRY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _IMAGE_RUNTIME_FUNCTION_ENTRY { + pub BeginAddress: DWORD, + pub EndAddress: DWORD, + pub __bindgen_anon_1: _IMAGE_RUNTIME_FUNCTION_ENTRY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _IMAGE_RUNTIME_FUNCTION_ENTRY__bindgen_ty_1 { + pub UnwindInfoAddress: DWORD, + pub UnwindData: DWORD, +} +impl Default for _IMAGE_RUNTIME_FUNCTION_ENTRY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _IMAGE_RUNTIME_FUNCTION_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[repr(align(16))] +#[derive(Copy, Clone)] +pub union _SLIST_HEADER { + pub __bindgen_anon_1: _SLIST_HEADER__bindgen_ty_1, + pub HeaderX64: _SLIST_HEADER__bindgen_ty_2, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SLIST_HEADER__bindgen_ty_1 { + pub Alignment: ULONGLONG, + pub Region: ULONGLONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SLIST_HEADER__bindgen_ty_2 { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 16usize]>, +} +impl _SLIST_HEADER__bindgen_ty_2 { + #[inline] + pub fn Depth(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 16u8) as u64) } + } + #[inline] + pub fn set_Depth(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 16u8, val as u64) + } + } + #[inline] + pub fn Sequence(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 48u8) as u64) } + } + #[inline] + pub fn set_Sequence(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 48u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(64usize, 4u8) as u64) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(64usize, 4u8, val as u64) + } + } + #[inline] + pub fn NextEntry(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(68usize, 60u8) as u64) } + } + #[inline] + pub fn set_NextEntry(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(68usize, 60u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Depth: ULONGLONG, + Sequence: ULONGLONG, + Reserved: ULONGLONG, + NextEntry: ULONGLONG, + ) -> __BindgenBitfieldUnit<[u8; 16usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 16usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 16u8, { + let Depth: u64 = unsafe { ::core::mem::transmute(Depth) }; + Depth as u64 + }); + __bindgen_bitfield_unit.set(16usize, 48u8, { + let Sequence: u64 = unsafe { ::core::mem::transmute(Sequence) }; + Sequence as u64 + }); + __bindgen_bitfield_unit.set(64usize, 4u8, { + let Reserved: u64 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit.set(68usize, 60u8, { + let NextEntry: u64 = unsafe { ::core::mem::transmute(NextEntry) }; + NextEntry as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SLIST_HEADER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PSLIST_HEADER = *mut _SLIST_HEADER; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_RUN_ONCE { + pub Ptr: PVOID, +} +impl Default for _RTL_RUN_ONCE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PRTL_RUN_ONCE = *mut _RTL_RUN_ONCE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_BARRIER { + pub Reserved1: DWORD, + pub Reserved2: DWORD, + pub Reserved3: [ULONG_PTR; 2usize], + pub Reserved4: DWORD, + pub Reserved5: DWORD, +} +pub type PRTL_BARRIER = *mut _RTL_BARRIER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MESSAGE_RESOURCE_ENTRY { + pub Length: WORD, + pub Flags: WORD, + pub Text: [BYTE; 1usize], +} +pub type PMESSAGE_RESOURCE_ENTRY = *mut _MESSAGE_RESOURCE_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _OSVERSIONINFOEXW { + pub dwOSVersionInfoSize: DWORD, + pub dwMajorVersion: DWORD, + pub dwMinorVersion: DWORD, + pub dwBuildNumber: DWORD, + pub dwPlatformId: DWORD, + pub szCSDVersion: [WCHAR; 128usize], + pub wServicePackMajor: WORD, + pub wServicePackMinor: WORD, + pub wSuiteMask: WORD, + pub wProductType: BYTE, + pub wReserved: BYTE, +} +impl Default for _OSVERSIONINFOEXW { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PRTL_OSVERSIONINFOEXW = *mut _OSVERSIONINFOEXW; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_CRITICAL_SECTION_DEBUG { + pub Type: WORD, + pub CreatorBackTraceIndex: WORD, + pub CriticalSection: *mut _RTL_CRITICAL_SECTION, + pub ProcessLocksList: LIST_ENTRY, + pub EntryCount: DWORD, + pub ContentionCount: DWORD, + pub Flags: DWORD, + pub CreatorBackTraceIndexHigh: WORD, + pub Identifier: WORD, +} +impl Default for _RTL_CRITICAL_SECTION_DEBUG { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PRTL_CRITICAL_SECTION_DEBUG = *mut _RTL_CRITICAL_SECTION_DEBUG; +pub type PRTL_RESOURCE_DEBUG = *mut _RTL_CRITICAL_SECTION_DEBUG; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_CRITICAL_SECTION { + pub DebugInfo: PRTL_CRITICAL_SECTION_DEBUG, + pub LockCount: LONG, + pub RecursionCount: LONG, + pub OwningThread: HANDLE, + pub LockSemaphore: HANDLE, + pub SpinCount: ULONG_PTR, +} +impl Default for _RTL_CRITICAL_SECTION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_CRITICAL_SECTION = _RTL_CRITICAL_SECTION; +pub type PRTL_CRITICAL_SECTION = *mut _RTL_CRITICAL_SECTION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_SRWLOCK { + pub Ptr: PVOID, +} +impl Default for _RTL_SRWLOCK { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_SRWLOCK = _RTL_SRWLOCK; +pub type PRTL_SRWLOCK = *mut _RTL_SRWLOCK; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_CONDITION_VARIABLE { + pub Ptr: PVOID, +} +impl Default for _RTL_CONDITION_VARIABLE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PRTL_CONDITION_VARIABLE = *mut _RTL_CONDITION_VARIABLE; +pub type PVECTORED_EXCEPTION_HANDLER = + ::core::option::Option LONG>; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _HEAP_INFORMATION_CLASS { + HeapCompatibilityInformation = 0, + HeapEnableTerminationOnCorruption = 1, + HeapOptimizeResources = 3, + HeapTag = 7, +} +pub use self::_HEAP_INFORMATION_CLASS as HEAP_INFORMATION_CLASS; +pub type WAITORTIMERCALLBACKFUNC = + ::core::option::Option; +pub type WORKERCALLBACKFUNC = ::core::option::Option; +pub type APC_CALLBACK_FUNCTION = + ::core::option::Option; +pub type PFLS_CALLBACK_FUNCTION = ::core::option::Option; +impl _ACTIVATION_CONTEXT_INFO_CLASS { + pub const AssemblyDetailedInformationInActivationContxt: _ACTIVATION_CONTEXT_INFO_CLASS = + _ACTIVATION_CONTEXT_INFO_CLASS::AssemblyDetailedInformationInActivationContext; +} +impl _ACTIVATION_CONTEXT_INFO_CLASS { + pub const FileInformationInAssemblyOfAssemblyInActivationContxt: _ACTIVATION_CONTEXT_INFO_CLASS = + _ACTIVATION_CONTEXT_INFO_CLASS::FileInformationInAssemblyOfAssemblyInActivationContext; +} +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _ACTIVATION_CONTEXT_INFO_CLASS { + ActivationContextBasicInformation = 1, + ActivationContextDetailedInformation = 2, + AssemblyDetailedInformationInActivationContext = 3, + FileInformationInAssemblyOfAssemblyInActivationContext = 4, + RunlevelInformationInActivationContext = 5, + CompatibilityInformationInActivationContext = 6, + ActivationContextManifestResourceName = 7, + MaxActivationContextInfoClass = 8, +} +pub use self::_ACTIVATION_CONTEXT_INFO_CLASS as ACTIVATION_CONTEXT_INFO_CLASS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_QUERY_INDEX { + pub ulAssemblyIndex: DWORD, + pub ulFileIndexInAssembly: DWORD, +} +pub type PACTIVATION_CONTEXT_QUERY_INDEX = *mut _ACTIVATION_CONTEXT_QUERY_INDEX; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum ACTCTX_REQUESTED_RUN_LEVEL { + ACTCTX_RUN_LEVEL_UNSPECIFIED = 0, + ACTCTX_RUN_LEVEL_AS_INVOKER = 1, + ACTCTX_RUN_LEVEL_HIGHEST_AVAILABLE = 2, + ACTCTX_RUN_LEVEL_REQUIRE_ADMIN = 3, + ACTCTX_RUN_LEVEL_NUMBERS = 4, +} +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum ACTCTX_COMPATIBILITY_ELEMENT_TYPE { + ACTCTX_COMPATIBILITY_ELEMENT_TYPE_UNKNOWN = 0, + ACTCTX_COMPATIBILITY_ELEMENT_TYPE_OS = 1, + ACTCTX_COMPATIBILITY_ELEMENT_TYPE_MITIGATION = 2, + ACTCTX_COMPATIBILITY_ELEMENT_TYPE_MAXVERSIONTESTED = 3, +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _HARDWARE_COUNTER_DATA { + pub Type: HARDWARE_COUNTER_TYPE, + pub Reserved: DWORD, + pub Value: DWORD64, +} +impl Default for _HARDWARE_COUNTER_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type HARDWARE_COUNTER_DATA = _HARDWARE_COUNTER_DATA; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PERFORMANCE_DATA { + pub Size: WORD, + pub Version: BYTE, + pub HwCountersCount: BYTE, + pub ContextSwitchCount: DWORD, + pub WaitReasonBitMap: DWORD64, + pub CycleTime: DWORD64, + pub RetryCount: DWORD, + pub Reserved: DWORD, + pub HwCounters: [HARDWARE_COUNTER_DATA; 16usize], +} +impl Default for _PERFORMANCE_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PPERFORMANCE_DATA = *mut _PERFORMANCE_DATA; +pub type PCRM_PROTOCOL_ID = *mut GUID; +pub type NOTIFICATION_MASK = ULONG; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _TRANSACTION_NOTIFICATION { + pub TransactionKey: PVOID, + pub TransactionNotification: ULONG, + pub TmVirtualClock: LARGE_INTEGER, + pub ArgumentLength: ULONG, +} +impl Default for _TRANSACTION_NOTIFICATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PTRANSACTION_NOTIFICATION = *mut _TRANSACTION_NOTIFICATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _TRANSACTION_INFORMATION_CLASS { + TransactionBasicInformation = 0, + TransactionPropertiesInformation = 1, + TransactionEnlistmentInformation = 2, + TransactionSuperiorEnlistmentInformation = 3, + TransactionBindInformation = 4, + TransactionDTCPrivateInformation = 5, +} +pub use self::_TRANSACTION_INFORMATION_CLASS as TRANSACTION_INFORMATION_CLASS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _TRANSACTIONMANAGER_INFORMATION_CLASS { + TransactionManagerBasicInformation = 0, + TransactionManagerLogInformation = 1, + TransactionManagerLogPathInformation = 2, + TransactionManagerRecoveryInformation = 4, + TransactionManagerOnlineProbeInformation = 3, + TransactionManagerOldestTransactionInformation = 5, +} +pub use self::_TRANSACTIONMANAGER_INFORMATION_CLASS as TRANSACTIONMANAGER_INFORMATION_CLASS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _RESOURCEMANAGER_INFORMATION_CLASS { + ResourceManagerBasicInformation = 0, + ResourceManagerCompletionInformation = 1, +} +pub use self::_RESOURCEMANAGER_INFORMATION_CLASS as RESOURCEMANAGER_INFORMATION_CLASS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _ENLISTMENT_INFORMATION_CLASS { + EnlistmentBasicInformation = 0, + EnlistmentRecoveryInformation = 1, + EnlistmentCrmInformation = 2, +} +pub use self::_ENLISTMENT_INFORMATION_CLASS as ENLISTMENT_INFORMATION_CLASS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _KTMOBJECT_TYPE { + KTMOBJECT_TRANSACTION = 0, + KTMOBJECT_TRANSACTION_MANAGER = 1, + KTMOBJECT_RESOURCE_MANAGER = 2, + KTMOBJECT_ENLISTMENT = 3, + KTMOBJECT_INVALID = 4, +} +pub use self::_KTMOBJECT_TYPE as KTMOBJECT_TYPE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KTMOBJECT_CURSOR { + pub LastQuery: GUID, + pub ObjectIdCount: DWORD, + pub ObjectIds: [GUID; 1usize], +} +pub type PKTMOBJECT_CURSOR = *mut _KTMOBJECT_CURSOR; +pub type TP_VERSION = DWORD; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TP_CALLBACK_INSTANCE { + _unused: [u8; 0], +} +pub type PTP_CALLBACK_INSTANCE = *mut _TP_CALLBACK_INSTANCE; +pub type PTP_SIMPLE_CALLBACK = + ::core::option::Option; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TP_POOL { + _unused: [u8; 0], +} +pub type PTP_POOL = *mut _TP_POOL; +impl _TP_CALLBACK_PRIORITY { + pub const TP_CALLBACK_PRIORITY_COUNT: _TP_CALLBACK_PRIORITY = + _TP_CALLBACK_PRIORITY::TP_CALLBACK_PRIORITY_INVALID; +} +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _TP_CALLBACK_PRIORITY { + TP_CALLBACK_PRIORITY_HIGH = 0, + TP_CALLBACK_PRIORITY_NORMAL = 1, + TP_CALLBACK_PRIORITY_LOW = 2, + TP_CALLBACK_PRIORITY_INVALID = 3, +} +pub use self::_TP_CALLBACK_PRIORITY as TP_CALLBACK_PRIORITY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TP_POOL_STACK_INFORMATION { + pub StackReserve: SIZE_T, + pub StackCommit: SIZE_T, +} +pub type PTP_POOL_STACK_INFORMATION = *mut _TP_POOL_STACK_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TP_CLEANUP_GROUP { + _unused: [u8; 0], +} +pub type PTP_CLEANUP_GROUP = *mut _TP_CLEANUP_GROUP; +pub type PTP_CLEANUP_GROUP_CANCEL_CALLBACK = + ::core::option::Option; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _TP_CALLBACK_ENVIRON_V3 { + pub Version: TP_VERSION, + pub Pool: PTP_POOL, + pub CleanupGroup: PTP_CLEANUP_GROUP, + pub CleanupGroupCancelCallback: PTP_CLEANUP_GROUP_CANCEL_CALLBACK, + pub RaceDll: PVOID, + pub ActivationContext: *mut _ACTIVATION_CONTEXT, + pub FinalizationCallback: PTP_SIMPLE_CALLBACK, + pub u: _TP_CALLBACK_ENVIRON_V3__bindgen_ty_1, + pub CallbackPriority: TP_CALLBACK_PRIORITY, + pub Size: DWORD, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _TP_CALLBACK_ENVIRON_V3__bindgen_ty_1 { + pub Flags: DWORD, + pub s: _TP_CALLBACK_ENVIRON_V3__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TP_CALLBACK_ENVIRON_V3__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _TP_CALLBACK_ENVIRON_V3__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn LongFunction(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_LongFunction(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Persistent(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_Persistent(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn Private(&self) -> DWORD { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 30u8) as u32) } + } + #[inline] + pub fn set_Private(&mut self, val: DWORD) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 30u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + LongFunction: DWORD, + Persistent: DWORD, + Private: DWORD, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let LongFunction: u32 = unsafe { ::core::mem::transmute(LongFunction) }; + LongFunction as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let Persistent: u32 = unsafe { ::core::mem::transmute(Persistent) }; + Persistent as u64 + }); + __bindgen_bitfield_unit.set(2usize, 30u8, { + let Private: u32 = unsafe { ::core::mem::transmute(Private) }; + Private as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _TP_CALLBACK_ENVIRON_V3__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _TP_CALLBACK_ENVIRON_V3 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TP_CALLBACK_ENVIRON_V3 = _TP_CALLBACK_ENVIRON_V3; +pub type PTP_CALLBACK_ENVIRON = *mut TP_CALLBACK_ENVIRON_V3; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TP_WORK { + _unused: [u8; 0], +} +pub type PTP_WORK = *mut _TP_WORK; +pub type PTP_WORK_CALLBACK = ::core::option::Option< + unsafe extern "C" fn(Instance: PTP_CALLBACK_INSTANCE, Context: PVOID, Work: PTP_WORK), +>; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TP_TIMER { + _unused: [u8; 0], +} +pub type PTP_TIMER = *mut _TP_TIMER; +pub type PTP_TIMER_CALLBACK = ::core::option::Option< + unsafe extern "C" fn(Instance: PTP_CALLBACK_INSTANCE, Context: PVOID, Timer: PTP_TIMER), +>; +pub type TP_WAIT_RESULT = DWORD; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TP_WAIT { + _unused: [u8; 0], +} +pub type PTP_WAIT = *mut _TP_WAIT; +pub type PTP_WAIT_CALLBACK = ::core::option::Option< + unsafe extern "C" fn( + Instance: PTP_CALLBACK_INSTANCE, + Context: PVOID, + Wait: PTP_WAIT, + WaitResult: TP_WAIT_RESULT, + ), +>; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TP_IO { + _unused: [u8; 0], +} +pub type PTP_IO = *mut _TP_IO; +pub type PTHREAD_START_ROUTINE = + ::core::option::Option DWORD>; +pub type LPTHREAD_START_ROUTINE = PTHREAD_START_ROUTINE; +pub type PENCLAVE_ROUTINE = + ::core::option::Option LPVOID>; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EXCEPTION_DEBUG_INFO { + pub ExceptionRecord: EXCEPTION_RECORD, + pub dwFirstChance: DWORD, +} +impl Default for _EXCEPTION_DEBUG_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EXCEPTION_DEBUG_INFO = _EXCEPTION_DEBUG_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _CREATE_THREAD_DEBUG_INFO { + pub hThread: HANDLE, + pub lpThreadLocalBase: LPVOID, + pub lpStartAddress: LPTHREAD_START_ROUTINE, +} +impl Default for _CREATE_THREAD_DEBUG_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CREATE_THREAD_DEBUG_INFO = _CREATE_THREAD_DEBUG_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _CREATE_PROCESS_DEBUG_INFO { + pub hFile: HANDLE, + pub hProcess: HANDLE, + pub hThread: HANDLE, + pub lpBaseOfImage: LPVOID, + pub dwDebugInfoFileOffset: DWORD, + pub nDebugInfoSize: DWORD, + pub lpThreadLocalBase: LPVOID, + pub lpStartAddress: LPTHREAD_START_ROUTINE, + pub lpImageName: LPVOID, + pub fUnicode: WORD, +} +impl Default for _CREATE_PROCESS_DEBUG_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CREATE_PROCESS_DEBUG_INFO = _CREATE_PROCESS_DEBUG_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _EXIT_THREAD_DEBUG_INFO { + pub dwExitCode: DWORD, +} +pub type EXIT_THREAD_DEBUG_INFO = _EXIT_THREAD_DEBUG_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _EXIT_PROCESS_DEBUG_INFO { + pub dwExitCode: DWORD, +} +pub type EXIT_PROCESS_DEBUG_INFO = _EXIT_PROCESS_DEBUG_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LOAD_DLL_DEBUG_INFO { + pub hFile: HANDLE, + pub lpBaseOfDll: LPVOID, + pub dwDebugInfoFileOffset: DWORD, + pub nDebugInfoSize: DWORD, + pub lpImageName: LPVOID, + pub fUnicode: WORD, +} +impl Default for _LOAD_DLL_DEBUG_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LOAD_DLL_DEBUG_INFO = _LOAD_DLL_DEBUG_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _UNLOAD_DLL_DEBUG_INFO { + pub lpBaseOfDll: LPVOID, +} +impl Default for _UNLOAD_DLL_DEBUG_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type UNLOAD_DLL_DEBUG_INFO = _UNLOAD_DLL_DEBUG_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _OUTPUT_DEBUG_STRING_INFO { + pub lpDebugStringData: LPSTR, + pub fUnicode: WORD, + pub nDebugStringLength: WORD, +} +impl Default for _OUTPUT_DEBUG_STRING_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type OUTPUT_DEBUG_STRING_INFO = _OUTPUT_DEBUG_STRING_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RIP_INFO { + pub dwError: DWORD, + pub dwType: DWORD, +} +pub type RIP_INFO = _RIP_INFO; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _DEBUG_EVENT { + pub dwDebugEventCode: DWORD, + pub dwProcessId: DWORD, + pub dwThreadId: DWORD, + pub u: _DEBUG_EVENT__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _DEBUG_EVENT__bindgen_ty_1 { + pub Exception: EXCEPTION_DEBUG_INFO, + pub CreateThread: CREATE_THREAD_DEBUG_INFO, + pub CreateProcessInfo: CREATE_PROCESS_DEBUG_INFO, + pub ExitThread: EXIT_THREAD_DEBUG_INFO, + pub ExitProcess: EXIT_PROCESS_DEBUG_INFO, + pub LoadDll: LOAD_DLL_DEBUG_INFO, + pub UnloadDll: UNLOAD_DLL_DEBUG_INFO, + pub DebugString: OUTPUT_DEBUG_STRING_INFO, + pub RipInfo: RIP_INFO, +} +impl Default for _DEBUG_EVENT__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _DEBUG_EVENT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LPDEBUG_EVENT = *mut _DEBUG_EVENT; +pub type PPROC_THREAD_ATTRIBUTE_LIST = *mut _PROC_THREAD_ATTRIBUTE_LIST; +pub type DLL_DIRECTORY_COOKIE = PVOID; +pub type PDLL_DIRECTORY_COOKIE = *mut PVOID; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct tagACTCTX_SECTION_KEYED_DATA_ASSEMBLY_METADATA { + pub lpInformation: PVOID, + pub lpSectionBase: PVOID, + pub ulSectionLength: ULONG, + pub lpSectionGlobalDataBase: PVOID, + pub ulSectionGlobalDataLength: ULONG, +} +impl Default for tagACTCTX_SECTION_KEYED_DATA_ASSEMBLY_METADATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ACTCTX_SECTION_KEYED_DATA_ASSEMBLY_METADATA = + tagACTCTX_SECTION_KEYED_DATA_ASSEMBLY_METADATA; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct tagACTCTX_SECTION_KEYED_DATA { + pub cbSize: ULONG, + pub ulDataFormatVersion: ULONG, + pub lpData: PVOID, + pub ulLength: ULONG, + pub lpSectionGlobalData: PVOID, + pub ulSectionGlobalDataLength: ULONG, + pub lpSectionBase: PVOID, + pub ulSectionTotalLength: ULONG, + pub hActCtx: HANDLE, + pub ulAssemblyRosterIndex: ULONG, + pub ulFlags: ULONG, + pub AssemblyMetadata: ACTCTX_SECTION_KEYED_DATA_ASSEMBLY_METADATA, +} +impl Default for tagACTCTX_SECTION_KEYED_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PACTCTX_SECTION_KEYED_DATA = *mut tagACTCTX_SECTION_KEYED_DATA; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _STORAGE_RESERVE_ID { + StorageReserveIdNone = 0, + StorageReserveIdHard = 1, + StorageReserveIdSoft = 2, + StorageReserveIdUpdateScratch = 3, + StorageReserveIdMax = 4, +} +pub use self::_STORAGE_RESERVE_ID as STORAGE_RESERVE_ID; +pub type TRACEHANDLE = ULONG64; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_FILTER_DESCRIPTOR { + _unused: [u8; 0], +} +pub type PEVENT_FILTER_DESCRIPTOR = *mut _EVENT_FILTER_DESCRIPTOR; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROFILE_SOURCE_INFO { + pub NextEntryOffset: ULONG, + pub Source: ULONG, + pub MinInterval: ULONG, + pub MaxInterval: ULONG, + pub Reserved: ULONG64, + pub Description: [WCHAR; 1usize], +} +pub type PPROFILE_SOURCE_INFO = *mut _PROFILE_SOURCE_INFO; +pub type PGUID = *mut GUID; +pub type PCGUID = *const GUID; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _QUAD { + pub __bindgen_anon_1: _QUAD__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _QUAD__bindgen_ty_1 { + pub UseThisFieldToCopy: cty::c_longlong, + pub DoNotUseThisField: f64, +} +impl Default for _QUAD__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _QUAD { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type QUAD = _QUAD; +pub type PQUAD = *mut _QUAD; +#[repr(C)] +#[repr(align(16))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _QUAD_PTR { + pub DoNotUseThisField1: ULONG_PTR, + pub DoNotUseThisField2: ULONG_PTR, +} +pub type QUAD_PTR = _QUAD_PTR; +pub type PQUAD_PTR = *mut _QUAD_PTR; +pub type LOGICAL = ULONG; +pub type PLOGICAL = *mut ULONG; +pub type PNTSTATUS = *mut NTSTATUS; +pub type CSHORT = cty::c_short; +pub type CLONG = ULONG; +pub type PCCHAR = *mut CCHAR; +pub type PCSHORT = *mut CSHORT; +pub type PCLONG = *mut CLONG; +pub type PCSZ = PCSTR; +pub type PPVOID = *mut PVOID; +pub type KIRQL = UCHAR; +pub type PKIRQL = *mut UCHAR; +pub type KPRIORITY = LONG; +pub type PKPRIORITY = *mut LONG; +pub type RTL_ATOM = USHORT; +pub type PRTL_ATOM = *mut USHORT; +pub type PHYSICAL_ADDRESS = LARGE_INTEGER; +pub type PPHYSICAL_ADDRESS = *mut LARGE_INTEGER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _LARGE_INTEGER_128 { + pub QuadPart: [LONGLONG; 2usize], +} +pub type LARGE_INTEGER_128 = _LARGE_INTEGER_128; +pub type PLARGE_INTEGER_128 = *mut _LARGE_INTEGER_128; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _EVENT_TYPE { + NotificationEvent = 0, + SynchronizationEvent = 1, +} +pub use self::_EVENT_TYPE as EVENT_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _TIMER_TYPE { + NotificationTimer = 0, + SynchronizationTimer = 1, +} +pub use self::_TIMER_TYPE as TIMER_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _WAIT_TYPE { + WaitAll = 0, + WaitAny = 1, + WaitNotification = 2, +} +pub use self::_WAIT_TYPE as WAIT_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _STRING { + pub Length: USHORT, + pub MaximumLength: USHORT, + pub Buffer: PCHAR, +} +impl Default for _STRING { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type STRING = _STRING; +pub type PSTRING = *mut _STRING; +pub type ANSI_STRING = _STRING; +pub type PANSI_STRING = *mut _STRING; +pub type OEM_STRING = _STRING; +pub type POEM_STRING = *mut _STRING; +pub type UTF8_STRING = STRING; +pub type PUTF8_STRING = PSTRING; +pub type PCSTRING = *const STRING; +pub type PCANSI_STRING = *const ANSI_STRING; +pub type PCOEM_STRING = *const OEM_STRING; +pub type PUNICODE_STRING = *mut _UNICODE_STRING; +pub type PCUNICODE_STRING = *const UNICODE_STRING; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_BALANCED_NODE { + pub __bindgen_anon_1: _RTL_BALANCED_NODE__bindgen_ty_1, + pub __bindgen_anon_2: _RTL_BALANCED_NODE__bindgen_ty_2, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_BALANCED_NODE__bindgen_ty_1 { + pub Children: [*mut _RTL_BALANCED_NODE; 2usize], + pub __bindgen_anon_1: _RTL_BALANCED_NODE__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_BALANCED_NODE__bindgen_ty_1__bindgen_ty_1 { + pub Left: *mut _RTL_BALANCED_NODE, + pub Right: *mut _RTL_BALANCED_NODE, +} +impl Default for _RTL_BALANCED_NODE__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _RTL_BALANCED_NODE__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_BALANCED_NODE__bindgen_ty_2 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, + pub ParentValue: ULONG_PTR, +} +impl Default for _RTL_BALANCED_NODE__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _RTL_BALANCED_NODE__bindgen_ty_2 { + #[inline] + pub fn Red(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } + } + #[inline] + pub fn set_Red(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Balance(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 2u8) as u8) } + } + #[inline] + pub fn set_Balance(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 2u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Red: UCHAR, Balance: UCHAR) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let Red: u8 = unsafe { ::core::mem::transmute(Red) }; + Red as u64 + }); + __bindgen_bitfield_unit.set(1usize, 2u8, { + let Balance: u8 = unsafe { ::core::mem::transmute(Balance) }; + Balance as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _RTL_BALANCED_NODE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_BALANCED_NODE = _RTL_BALANCED_NODE; +pub type PRTL_BALANCED_NODE = *mut _RTL_BALANCED_NODE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SINGLE_LIST_ENTRY32 { + pub Next: ULONG, +} +pub type SINGLE_LIST_ENTRY32 = _SINGLE_LIST_ENTRY32; +pub type PSINGLE_LIST_ENTRY32 = *mut _SINGLE_LIST_ENTRY32; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _STRING32 { + pub Length: USHORT, + pub MaximumLength: USHORT, + pub Buffer: ULONG, +} +pub type STRING32 = _STRING32; +pub type PSTRING32 = *mut _STRING32; +pub type UNICODE_STRING32 = STRING32; +pub type PUNICODE_STRING32 = *mut STRING32; +pub type ANSI_STRING32 = STRING32; +pub type PANSI_STRING32 = *mut STRING32; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _STRING64 { + pub Length: USHORT, + pub MaximumLength: USHORT, + pub Buffer: ULONGLONG, +} +pub type STRING64 = _STRING64; +pub type PSTRING64 = *mut _STRING64; +pub type UNICODE_STRING64 = STRING64; +pub type PUNICODE_STRING64 = *mut STRING64; +pub type ANSI_STRING64 = STRING64; +pub type PANSI_STRING64 = *mut STRING64; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _OBJECT_ATTRIBUTES { + pub Length: ULONG, + pub RootDirectory: HANDLE, + pub ObjectName: PUNICODE_STRING, + pub Attributes: ULONG, + pub SecurityDescriptor: PVOID, + pub SecurityQualityOfService: PVOID, +} +impl Default for _OBJECT_ATTRIBUTES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type OBJECT_ATTRIBUTES = _OBJECT_ATTRIBUTES; +pub type POBJECT_ATTRIBUTES = *mut _OBJECT_ATTRIBUTES; +pub type PCOBJECT_ATTRIBUTES = *const OBJECT_ATTRIBUTES; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _OBJECT_ATTRIBUTES64 { + pub Length: ULONG, + pub RootDirectory: ULONG64, + pub ObjectName: ULONG64, + pub Attributes: ULONG, + pub SecurityDescriptor: ULONG64, + pub SecurityQualityOfService: ULONG64, +} +pub type OBJECT_ATTRIBUTES64 = _OBJECT_ATTRIBUTES64; +pub type POBJECT_ATTRIBUTES64 = *mut _OBJECT_ATTRIBUTES64; +pub type PCOBJECT_ATTRIBUTES64 = *const OBJECT_ATTRIBUTES64; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _OBJECT_ATTRIBUTES32 { + pub Length: ULONG, + pub RootDirectory: ULONG, + pub ObjectName: ULONG, + pub Attributes: ULONG, + pub SecurityDescriptor: ULONG, + pub SecurityQualityOfService: ULONG, +} +pub type OBJECT_ATTRIBUTES32 = _OBJECT_ATTRIBUTES32; +pub type POBJECT_ATTRIBUTES32 = *mut _OBJECT_ATTRIBUTES32; +pub type PCOBJECT_ATTRIBUTES32 = *const OBJECT_ATTRIBUTES32; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _NT_PRODUCT_TYPE { + NtProductWinNt = 1, + NtProductLanManNt = 2, + NtProductServer = 3, +} +pub use self::_NT_PRODUCT_TYPE as NT_PRODUCT_TYPE; +pub type PNT_PRODUCT_TYPE = *mut _NT_PRODUCT_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SUITE_TYPE { + SmallBusiness = 0, + Enterprise = 1, + BackOffice = 2, + CommunicationServer = 3, + TerminalServer = 4, + SmallBusinessRestricted = 5, + EmbeddedNT = 6, + DataCenter = 7, + SingleUserTS = 8, + Personal = 9, + Blade = 10, + EmbeddedRestricted = 11, + SecurityAppliance = 12, + StorageServer = 13, + ComputeServer = 14, + WHServer = 15, + PhoneNT = 16, + MaxSuiteType = 17, +} +pub use self::_SUITE_TYPE as SUITE_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _CLIENT_ID { + pub UniqueProcess: HANDLE, + pub UniqueThread: HANDLE, +} +impl Default for _CLIENT_ID { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CLIENT_ID = _CLIENT_ID; +pub type PCLIENT_ID = *mut _CLIENT_ID; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CLIENT_ID32 { + pub UniqueProcess: ULONG, + pub UniqueThread: ULONG, +} +pub type CLIENT_ID32 = _CLIENT_ID32; +pub type PCLIENT_ID32 = *mut _CLIENT_ID32; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CLIENT_ID64 { + pub UniqueProcess: ULONGLONG, + pub UniqueThread: ULONGLONG, +} +pub type CLIENT_ID64 = _CLIENT_ID64; +pub type PCLIENT_ID64 = *mut _CLIENT_ID64; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KSYSTEM_TIME { + pub LowPart: ULONG, + pub High1Time: LONG, + pub High2Time: LONG, +} +pub type KSYSTEM_TIME = _KSYSTEM_TIME; +pub type PKSYSTEM_TIME = *mut _KSYSTEM_TIME; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _CPTABLEINFO { + pub CodePage: USHORT, + pub MaximumCharacterSize: USHORT, + pub DefaultChar: USHORT, + pub UniDefaultChar: USHORT, + pub TransDefaultChar: USHORT, + pub TransUniDefaultChar: USHORT, + pub DBCSCodePage: USHORT, + pub LeadByte: [UCHAR; 12usize], + pub MultiByteTable: PUSHORT, + pub WideCharTable: PVOID, + pub DBCSRanges: PUSHORT, + pub DBCSOffsets: PUSHORT, +} +impl Default for _CPTABLEINFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CPTABLEINFO = _CPTABLEINFO; +pub type PCPTABLEINFO = *mut _CPTABLEINFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _NLSTABLEINFO { + pub OemTableInfo: CPTABLEINFO, + pub AnsiTableInfo: CPTABLEINFO, + pub UpperCaseTable: PUSHORT, + pub LowerCaseTable: PUSHORT, +} +impl Default for _NLSTABLEINFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type NLSTABLEINFO = _NLSTABLEINFO; +pub type PNLSTABLEINFO = *mut _NLSTABLEINFO; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _KTHREAD_STATE { + Initialized = 0, + Ready = 1, + Running = 2, + Standby = 3, + Terminated = 4, + Waiting = 5, + Transition = 6, + DeferredReady = 7, + GateWaitObsolete = 8, + WaitingForProcessInSwap = 9, + MaximumThreadState = 10, +} +pub use self::_KTHREAD_STATE as KTHREAD_STATE; +pub type PKTHREAD_STATE = *mut _KTHREAD_STATE; +impl _KHETERO_CPU_POLICY { + pub const KHeteroCpuPolicyStaticMax: _KHETERO_CPU_POLICY = + _KHETERO_CPU_POLICY::KHeteroCpuPolicyDynamic; +} +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _KHETERO_CPU_POLICY { + KHeteroCpuPolicyAll = 0, + KHeteroCpuPolicyLarge = 1, + KHeteroCpuPolicyLargeOrIdle = 2, + KHeteroCpuPolicySmall = 3, + KHeteroCpuPolicySmallOrIdle = 4, + KHeteroCpuPolicyDynamic = 5, + KHeteroCpuPolicyBiasedSmall = 6, + KHeteroCpuPolicyBiasedLarge = 7, + KHeteroCpuPolicyDefault = 8, + KHeteroCpuPolicyMax = 9, +} +pub use self::_KHETERO_CPU_POLICY as KHETERO_CPU_POLICY; +pub type PKHETERO_CPU_POLICY = *mut _KHETERO_CPU_POLICY; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _KWAIT_REASON { + Executive = 0, + FreePage = 1, + PageIn = 2, + PoolAllocation = 3, + DelayExecution = 4, + Suspended = 5, + UserRequest = 6, + WrExecutive = 7, + WrFreePage = 8, + WrPageIn = 9, + WrPoolAllocation = 10, + WrDelayExecution = 11, + WrSuspended = 12, + WrUserRequest = 13, + WrEventPair = 14, + WrQueue = 15, + WrLpcReceive = 16, + WrLpcReply = 17, + WrVirtualMemory = 18, + WrPageOut = 19, + WrRendezvous = 20, + WrKeyedEvent = 21, + WrTerminated = 22, + WrProcessInSwap = 23, + WrCpuRateControl = 24, + WrCalloutStack = 25, + WrKernel = 26, + WrResource = 27, + WrPushLock = 28, + WrMutex = 29, + WrQuantumEnd = 30, + WrDispatchInt = 31, + WrPreempted = 32, + WrYieldExecution = 33, + WrFastMutex = 34, + WrGuardedMutex = 35, + WrRundown = 36, + WrAlertByThreadId = 37, + WrDeferredPreempt = 38, + WrPhysicalFault = 39, + WrIoRing = 40, + WrMdlCache = 41, + MaximumWaitReason = 42, +} +pub use self::_KWAIT_REASON as KWAIT_REASON; +pub type PKWAIT_REASON = *mut _KWAIT_REASON; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _KPROFILE_SOURCE { + ProfileTime = 0, + ProfileAlignmentFixup = 1, + ProfileTotalIssues = 2, + ProfilePipelineDry = 3, + ProfileLoadInstructions = 4, + ProfilePipelineFrozen = 5, + ProfileBranchInstructions = 6, + ProfileTotalNonissues = 7, + ProfileDcacheMisses = 8, + ProfileIcacheMisses = 9, + ProfileCacheMisses = 10, + ProfileBranchMispredictions = 11, + ProfileStoreInstructions = 12, + ProfileFpInstructions = 13, + ProfileIntegerInstructions = 14, + Profile2Issue = 15, + Profile3Issue = 16, + Profile4Issue = 17, + ProfileSpecialInstructions = 18, + ProfileTotalCycles = 19, + ProfileIcacheIssues = 20, + ProfileDcacheAccesses = 21, + ProfileMemoryBarrierCycles = 22, + ProfileLoadLinkedIssues = 23, + ProfileMaximum = 24, +} +pub use self::_KPROFILE_SOURCE as KPROFILE_SOURCE; +pub type PLDR_INIT_ROUTINE = ::core::option::Option< + unsafe extern "C" fn(DllHandle: PVOID, Reason: ULONG, Context: PVOID) -> BOOLEAN, +>; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LDR_SERVICE_TAG_RECORD { + pub Next: *mut _LDR_SERVICE_TAG_RECORD, + pub ServiceTag: ULONG, +} +impl Default for _LDR_SERVICE_TAG_RECORD { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_SERVICE_TAG_RECORD = _LDR_SERVICE_TAG_RECORD; +pub type PLDR_SERVICE_TAG_RECORD = *mut _LDR_SERVICE_TAG_RECORD; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LDRP_CSLIST { + pub Tail: PSINGLE_LIST_ENTRY, +} +impl Default for _LDRP_CSLIST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDRP_CSLIST = _LDRP_CSLIST; +pub type PLDRP_CSLIST = *mut _LDRP_CSLIST; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _LDR_DDAG_STATE { + LdrModulesMerged = -5, + LdrModulesInitError = -4, + LdrModulesSnapError = -3, + LdrModulesUnloaded = -2, + LdrModulesUnloading = -1, + LdrModulesPlaceHolder = 0, + LdrModulesMapping = 1, + LdrModulesMapped = 2, + LdrModulesWaitingForDependencies = 3, + LdrModulesSnapping = 4, + LdrModulesSnapped = 5, + LdrModulesCondensed = 6, + LdrModulesReadyToInit = 7, + LdrModulesInitializing = 8, + LdrModulesReadyToRun = 9, +} +pub use self::_LDR_DDAG_STATE as LDR_DDAG_STATE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _LDR_DDAG_NODE { + pub Modules: LIST_ENTRY, + pub ServiceTagList: PLDR_SERVICE_TAG_RECORD, + pub LoadCount: ULONG, + pub LoadWhileUnloadingCount: ULONG, + pub LowestLink: ULONG, + pub __bindgen_anon_1: _LDR_DDAG_NODE__bindgen_ty_1, + pub IncomingDependencies: LDRP_CSLIST, + pub State: LDR_DDAG_STATE, + pub CondenseLink: SINGLE_LIST_ENTRY, + pub PreorderNumber: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _LDR_DDAG_NODE__bindgen_ty_1 { + pub Dependencies: LDRP_CSLIST, + pub RemovalLink: SINGLE_LIST_ENTRY, +} +impl Default for _LDR_DDAG_NODE__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _LDR_DDAG_NODE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_DDAG_NODE = _LDR_DDAG_NODE; +pub type PLDR_DDAG_NODE = *mut _LDR_DDAG_NODE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LDR_DEPENDENCY_RECORD { + pub DependencyLink: SINGLE_LIST_ENTRY, + pub DependencyNode: PLDR_DDAG_NODE, + pub IncomingDependencyLink: SINGLE_LIST_ENTRY, + pub IncomingDependencyNode: PLDR_DDAG_NODE, +} +impl Default for _LDR_DEPENDENCY_RECORD { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_DEPENDENCY_RECORD = _LDR_DEPENDENCY_RECORD; +pub type PLDR_DEPENDENCY_RECORD = *mut _LDR_DEPENDENCY_RECORD; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _LDR_DLL_LOAD_REASON { + LoadReasonStaticDependency = 0, + LoadReasonStaticForwarderDependency = 1, + LoadReasonDynamicForwarderDependency = 2, + LoadReasonDelayloadDependency = 3, + LoadReasonDynamicLoad = 4, + LoadReasonAsImageLoad = 5, + LoadReasonAsDataLoad = 6, + LoadReasonEnclavePrimary = 7, + LoadReasonEnclaveDependency = 8, + LoadReasonPatchImage = 9, + LoadReasonUnknown = -1, +} +pub use self::_LDR_DLL_LOAD_REASON as LDR_DLL_LOAD_REASON; +pub type PLDR_DLL_LOAD_REASON = *mut _LDR_DLL_LOAD_REASON; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _LDR_HOT_PATCH_STATE { + LdrHotPatchBaseImage = 0, + LdrHotPatchNotApplied = 1, + LdrHotPatchAppliedReverse = 2, + LdrHotPatchAppliedForward = 3, + LdrHotPatchFailedToPatch = 4, + LdrHotPatchStateMax = 5, +} +pub use self::_LDR_HOT_PATCH_STATE as LDR_HOT_PATCH_STATE; +pub type PLDR_HOT_PATCH_STATE = *mut _LDR_HOT_PATCH_STATE; +pub type PACTIVATION_CONTEXT = *mut _ACTIVATION_CONTEXT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LDRP_LOAD_CONTEXT { + _unused: [u8; 0], +} +pub type PLDRP_LOAD_CONTEXT = *mut _LDRP_LOAD_CONTEXT; +#[repr(C)] +pub struct _LDR_DATA_TABLE_ENTRY { + pub InLoadOrderLinks: LIST_ENTRY, + pub InMemoryOrderLinks: LIST_ENTRY, + pub InInitializationOrderLinks: LIST_ENTRY, + pub DllBase: PVOID, + pub EntryPoint: PLDR_INIT_ROUTINE, + pub SizeOfImage: ULONG, + pub FullDllName: UNICODE_STRING, + pub BaseDllName: UNICODE_STRING, + pub __bindgen_anon_1: _LDR_DATA_TABLE_ENTRY__bindgen_ty_1, + pub ObsoleteLoadCount: USHORT, + pub TlsIndex: USHORT, + pub HashLinks: LIST_ENTRY, + pub TimeDateStamp: ULONG, + pub EntryPointActivationContext: PACTIVATION_CONTEXT, + pub Lock: PVOID, + pub DdagNode: PLDR_DDAG_NODE, + pub NodeModuleLink: LIST_ENTRY, + pub LoadContext: PLDRP_LOAD_CONTEXT, + pub ParentDllBase: PVOID, + pub SwitchBackContext: PVOID, + pub BaseAddressIndexNode: RTL_BALANCED_NODE, + pub MappingInfoIndexNode: RTL_BALANCED_NODE, + pub OriginalBase: ULONG_PTR, + pub LoadTime: LARGE_INTEGER, + pub BaseNameHashValue: ULONG, + pub LoadReason: LDR_DLL_LOAD_REASON, + pub ImplicitPathOptions: ULONG, + pub ReferenceCount: ULONG, + pub DependentLoadFlags: ULONG, + pub SigningLevel: UCHAR, + pub CheckSum: ULONG, + pub ActivePatchImageBase: PVOID, + pub HotPatchState: LDR_HOT_PATCH_STATE, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _LDR_DATA_TABLE_ENTRY__bindgen_ty_1 { + pub FlagGroup: [UCHAR; 4usize], + pub Flags: ULONG, + pub __bindgen_anon_1: _LDR_DATA_TABLE_ENTRY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _LDR_DATA_TABLE_ENTRY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _LDR_DATA_TABLE_ENTRY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn PackagedBinary(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_PackagedBinary(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn MarkedForRemoval(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_MarkedForRemoval(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ImageDll(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_ImageDll(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn LoadNotificationsSent(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_LoadNotificationsSent(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn TelemetryEntryProcessed(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_TelemetryEntryProcessed(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessStaticImport(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessStaticImport(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn InLegacyLists(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_InLegacyLists(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn InIndexes(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u32) } + } + #[inline] + pub fn set_InIndexes(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn ShimDll(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_ShimDll(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn InExceptionTable(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u32) } + } + #[inline] + pub fn set_InExceptionTable(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags1(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 2u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags1(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 2u8, val as u64) + } + } + #[inline] + pub fn LoadInProgress(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 1u8) as u32) } + } + #[inline] + pub fn set_LoadInProgress(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 1u8, val as u64) + } + } + #[inline] + pub fn LoadConfigProcessed(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(13usize, 1u8) as u32) } + } + #[inline] + pub fn set_LoadConfigProcessed(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(13usize, 1u8, val as u64) + } + } + #[inline] + pub fn EntryProcessed(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(14usize, 1u8) as u32) } + } + #[inline] + pub fn set_EntryProcessed(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(14usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProtectDelayLoad(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(15usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProtectDelayLoad(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(15usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags3(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 2u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags3(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 2u8, val as u64) + } + } + #[inline] + pub fn DontCallForThreads(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(18usize, 1u8) as u32) } + } + #[inline] + pub fn set_DontCallForThreads(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(18usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessAttachCalled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(19usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessAttachCalled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(19usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessAttachFailed(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(20usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessAttachFailed(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(20usize, 1u8, val as u64) + } + } + #[inline] + pub fn CorDeferredValidate(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(21usize, 1u8) as u32) } + } + #[inline] + pub fn set_CorDeferredValidate(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(21usize, 1u8, val as u64) + } + } + #[inline] + pub fn CorImage(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(22usize, 1u8) as u32) } + } + #[inline] + pub fn set_CorImage(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(22usize, 1u8, val as u64) + } + } + #[inline] + pub fn DontRelocate(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(23usize, 1u8) as u32) } + } + #[inline] + pub fn set_DontRelocate(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(23usize, 1u8, val as u64) + } + } + #[inline] + pub fn CorILOnly(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(24usize, 1u8) as u32) } + } + #[inline] + pub fn set_CorILOnly(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(24usize, 1u8, val as u64) + } + } + #[inline] + pub fn ChpeImage(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(25usize, 1u8) as u32) } + } + #[inline] + pub fn set_ChpeImage(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(25usize, 1u8, val as u64) + } + } + #[inline] + pub fn ChpeEmulatorImage(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(26usize, 1u8) as u32) } + } + #[inline] + pub fn set_ChpeEmulatorImage(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(26usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags5(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(27usize, 1u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags5(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(27usize, 1u8, val as u64) + } + } + #[inline] + pub fn Redirected(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(28usize, 1u8) as u32) } + } + #[inline] + pub fn set_Redirected(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(28usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags6(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(29usize, 2u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags6(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(29usize, 2u8, val as u64) + } + } + #[inline] + pub fn CompatDatabaseProcessed(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(31usize, 1u8) as u32) } + } + #[inline] + pub fn set_CompatDatabaseProcessed(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(31usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + PackagedBinary: ULONG, + MarkedForRemoval: ULONG, + ImageDll: ULONG, + LoadNotificationsSent: ULONG, + TelemetryEntryProcessed: ULONG, + ProcessStaticImport: ULONG, + InLegacyLists: ULONG, + InIndexes: ULONG, + ShimDll: ULONG, + InExceptionTable: ULONG, + ReservedFlags1: ULONG, + LoadInProgress: ULONG, + LoadConfigProcessed: ULONG, + EntryProcessed: ULONG, + ProtectDelayLoad: ULONG, + ReservedFlags3: ULONG, + DontCallForThreads: ULONG, + ProcessAttachCalled: ULONG, + ProcessAttachFailed: ULONG, + CorDeferredValidate: ULONG, + CorImage: ULONG, + DontRelocate: ULONG, + CorILOnly: ULONG, + ChpeImage: ULONG, + ChpeEmulatorImage: ULONG, + ReservedFlags5: ULONG, + Redirected: ULONG, + ReservedFlags6: ULONG, + CompatDatabaseProcessed: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let PackagedBinary: u32 = unsafe { ::core::mem::transmute(PackagedBinary) }; + PackagedBinary as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let MarkedForRemoval: u32 = unsafe { ::core::mem::transmute(MarkedForRemoval) }; + MarkedForRemoval as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let ImageDll: u32 = unsafe { ::core::mem::transmute(ImageDll) }; + ImageDll as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let LoadNotificationsSent: u32 = unsafe { ::core::mem::transmute(LoadNotificationsSent) }; + LoadNotificationsSent as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let TelemetryEntryProcessed: u32 = + unsafe { ::core::mem::transmute(TelemetryEntryProcessed) }; + TelemetryEntryProcessed as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let ProcessStaticImport: u32 = unsafe { ::core::mem::transmute(ProcessStaticImport) }; + ProcessStaticImport as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let InLegacyLists: u32 = unsafe { ::core::mem::transmute(InLegacyLists) }; + InLegacyLists as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let InIndexes: u32 = unsafe { ::core::mem::transmute(InIndexes) }; + InIndexes as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let ShimDll: u32 = unsafe { ::core::mem::transmute(ShimDll) }; + ShimDll as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let InExceptionTable: u32 = unsafe { ::core::mem::transmute(InExceptionTable) }; + InExceptionTable as u64 + }); + __bindgen_bitfield_unit.set(10usize, 2u8, { + let ReservedFlags1: u32 = unsafe { ::core::mem::transmute(ReservedFlags1) }; + ReservedFlags1 as u64 + }); + __bindgen_bitfield_unit.set(12usize, 1u8, { + let LoadInProgress: u32 = unsafe { ::core::mem::transmute(LoadInProgress) }; + LoadInProgress as u64 + }); + __bindgen_bitfield_unit.set(13usize, 1u8, { + let LoadConfigProcessed: u32 = unsafe { ::core::mem::transmute(LoadConfigProcessed) }; + LoadConfigProcessed as u64 + }); + __bindgen_bitfield_unit.set(14usize, 1u8, { + let EntryProcessed: u32 = unsafe { ::core::mem::transmute(EntryProcessed) }; + EntryProcessed as u64 + }); + __bindgen_bitfield_unit.set(15usize, 1u8, { + let ProtectDelayLoad: u32 = unsafe { ::core::mem::transmute(ProtectDelayLoad) }; + ProtectDelayLoad as u64 + }); + __bindgen_bitfield_unit.set(16usize, 2u8, { + let ReservedFlags3: u32 = unsafe { ::core::mem::transmute(ReservedFlags3) }; + ReservedFlags3 as u64 + }); + __bindgen_bitfield_unit.set(18usize, 1u8, { + let DontCallForThreads: u32 = unsafe { ::core::mem::transmute(DontCallForThreads) }; + DontCallForThreads as u64 + }); + __bindgen_bitfield_unit.set(19usize, 1u8, { + let ProcessAttachCalled: u32 = unsafe { ::core::mem::transmute(ProcessAttachCalled) }; + ProcessAttachCalled as u64 + }); + __bindgen_bitfield_unit.set(20usize, 1u8, { + let ProcessAttachFailed: u32 = unsafe { ::core::mem::transmute(ProcessAttachFailed) }; + ProcessAttachFailed as u64 + }); + __bindgen_bitfield_unit.set(21usize, 1u8, { + let CorDeferredValidate: u32 = unsafe { ::core::mem::transmute(CorDeferredValidate) }; + CorDeferredValidate as u64 + }); + __bindgen_bitfield_unit.set(22usize, 1u8, { + let CorImage: u32 = unsafe { ::core::mem::transmute(CorImage) }; + CorImage as u64 + }); + __bindgen_bitfield_unit.set(23usize, 1u8, { + let DontRelocate: u32 = unsafe { ::core::mem::transmute(DontRelocate) }; + DontRelocate as u64 + }); + __bindgen_bitfield_unit.set(24usize, 1u8, { + let CorILOnly: u32 = unsafe { ::core::mem::transmute(CorILOnly) }; + CorILOnly as u64 + }); + __bindgen_bitfield_unit.set(25usize, 1u8, { + let ChpeImage: u32 = unsafe { ::core::mem::transmute(ChpeImage) }; + ChpeImage as u64 + }); + __bindgen_bitfield_unit.set(26usize, 1u8, { + let ChpeEmulatorImage: u32 = unsafe { ::core::mem::transmute(ChpeEmulatorImage) }; + ChpeEmulatorImage as u64 + }); + __bindgen_bitfield_unit.set(27usize, 1u8, { + let ReservedFlags5: u32 = unsafe { ::core::mem::transmute(ReservedFlags5) }; + ReservedFlags5 as u64 + }); + __bindgen_bitfield_unit.set(28usize, 1u8, { + let Redirected: u32 = unsafe { ::core::mem::transmute(Redirected) }; + Redirected as u64 + }); + __bindgen_bitfield_unit.set(29usize, 2u8, { + let ReservedFlags6: u32 = unsafe { ::core::mem::transmute(ReservedFlags6) }; + ReservedFlags6 as u64 + }); + __bindgen_bitfield_unit.set(31usize, 1u8, { + let CompatDatabaseProcessed: u32 = + unsafe { ::core::mem::transmute(CompatDatabaseProcessed) }; + CompatDatabaseProcessed as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _LDR_DATA_TABLE_ENTRY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _LDR_DATA_TABLE_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_DATA_TABLE_ENTRY = _LDR_DATA_TABLE_ENTRY; +pub type PLDR_DATA_TABLE_ENTRY = *mut _LDR_DATA_TABLE_ENTRY; +pub type PLDR_IMPORT_MODULE_CALLBACK = + ::core::option::Option; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LDR_IMPORT_CALLBACK_INFO { + pub ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK, + pub ImportCallbackParameter: PVOID, +} +impl Default for _LDR_IMPORT_CALLBACK_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_IMPORT_CALLBACK_INFO = _LDR_IMPORT_CALLBACK_INFO; +pub type PLDR_IMPORT_CALLBACK_INFO = *mut _LDR_IMPORT_CALLBACK_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LDR_SECTION_INFO { + pub SectionHandle: HANDLE, + pub DesiredAccess: ACCESS_MASK, + pub ObjA: POBJECT_ATTRIBUTES, + pub SectionPageProtection: ULONG, + pub AllocationAttributes: ULONG, +} +impl Default for _LDR_SECTION_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_SECTION_INFO = _LDR_SECTION_INFO; +pub type PLDR_SECTION_INFO = *mut _LDR_SECTION_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LDR_VERIFY_IMAGE_INFO { + pub Size: ULONG, + pub Flags: ULONG, + pub CallbackInfo: LDR_IMPORT_CALLBACK_INFO, + pub SectionInfo: LDR_SECTION_INFO, + pub ImageCharacteristics: USHORT, +} +impl Default for _LDR_VERIFY_IMAGE_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_VERIFY_IMAGE_INFO = _LDR_VERIFY_IMAGE_INFO; +pub type PLDR_VERIFY_IMAGE_INFO = *mut _LDR_VERIFY_IMAGE_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LDR_DLL_LOADED_NOTIFICATION_DATA { + pub Flags: ULONG, + pub FullDllName: PUNICODE_STRING, + pub BaseDllName: PUNICODE_STRING, + pub DllBase: PVOID, + pub SizeOfImage: ULONG, +} +impl Default for _LDR_DLL_LOADED_NOTIFICATION_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_DLL_LOADED_NOTIFICATION_DATA = _LDR_DLL_LOADED_NOTIFICATION_DATA; +pub type PLDR_DLL_LOADED_NOTIFICATION_DATA = *mut _LDR_DLL_LOADED_NOTIFICATION_DATA; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LDR_DLL_UNLOADED_NOTIFICATION_DATA { + pub Flags: ULONG, + pub FullDllName: PCUNICODE_STRING, + pub BaseDllName: PCUNICODE_STRING, + pub DllBase: PVOID, + pub SizeOfImage: ULONG, +} +impl Default for _LDR_DLL_UNLOADED_NOTIFICATION_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_DLL_UNLOADED_NOTIFICATION_DATA = _LDR_DLL_UNLOADED_NOTIFICATION_DATA; +pub type PLDR_DLL_UNLOADED_NOTIFICATION_DATA = *mut _LDR_DLL_UNLOADED_NOTIFICATION_DATA; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _LDR_DLL_NOTIFICATION_DATA { + pub Loaded: LDR_DLL_LOADED_NOTIFICATION_DATA, + pub Unloaded: LDR_DLL_UNLOADED_NOTIFICATION_DATA, +} +impl Default for _LDR_DLL_NOTIFICATION_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_DLL_NOTIFICATION_DATA = _LDR_DLL_NOTIFICATION_DATA; +pub type PLDR_DLL_NOTIFICATION_DATA = *mut _LDR_DLL_NOTIFICATION_DATA; +pub type PLDR_DLL_NOTIFICATION_FUNCTION = ::core::option::Option< + unsafe extern "C" fn( + NotificationReason: ULONG, + NotificationData: PLDR_DLL_NOTIFICATION_DATA, + Context: PVOID, + ), +>; +#[repr(C)] +pub struct _LDR_FAILURE_DATA { + pub Status: NTSTATUS, + pub DllName: [WCHAR; 32usize], + pub AdditionalInfo: [WCHAR; 32usize], +} +impl Default for _LDR_FAILURE_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_FAILURE_DATA = _LDR_FAILURE_DATA; +pub type PLDR_FAILURE_DATA = *mut _LDR_FAILURE_DATA; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PS_MITIGATION_OPTIONS_MAP { + pub Map: [ULONG_PTR; 3usize], +} +pub type PS_MITIGATION_OPTIONS_MAP = _PS_MITIGATION_OPTIONS_MAP; +pub type PPS_MITIGATION_OPTIONS_MAP = *mut _PS_MITIGATION_OPTIONS_MAP; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PS_MITIGATION_AUDIT_OPTIONS_MAP { + pub Map: [ULONG_PTR; 3usize], +} +pub type PS_MITIGATION_AUDIT_OPTIONS_MAP = _PS_MITIGATION_AUDIT_OPTIONS_MAP; +pub type PPS_MITIGATION_AUDIT_OPTIONS_MAP = *mut _PS_MITIGATION_AUDIT_OPTIONS_MAP; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PS_SYSTEM_DLL_INIT_BLOCK { + pub Size: ULONG, + pub SystemDllWowRelocation: ULONG_PTR, + pub SystemDllNativeRelocation: ULONG_PTR, + pub Wow64SharedInformation: [ULONG_PTR; 16usize], + pub RngData: ULONG, + pub __bindgen_anon_1: _PS_SYSTEM_DLL_INIT_BLOCK__bindgen_ty_1, + pub MitigationOptionsMap: PS_MITIGATION_OPTIONS_MAP, + pub CfgBitMap: ULONG_PTR, + pub CfgBitMapSize: ULONG_PTR, + pub Wow64CfgBitMap: ULONG_PTR, + pub Wow64CfgBitMapSize: ULONG_PTR, + pub MitigationAuditOptionsMap: PS_MITIGATION_AUDIT_OPTIONS_MAP, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PS_SYSTEM_DLL_INIT_BLOCK__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _PS_SYSTEM_DLL_INIT_BLOCK__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PS_SYSTEM_DLL_INIT_BLOCK__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PS_SYSTEM_DLL_INIT_BLOCK__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn CfgOverride(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_CfgOverride(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + CfgOverride: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let CfgOverride: u32 = unsafe { ::core::mem::transmute(CfgOverride) }; + CfgOverride as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PS_SYSTEM_DLL_INIT_BLOCK__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PS_SYSTEM_DLL_INIT_BLOCK { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PS_SYSTEM_DLL_INIT_BLOCK = _PS_SYSTEM_DLL_INIT_BLOCK; +pub type PPS_SYSTEM_DLL_INIT_BLOCK = *mut _PS_SYSTEM_DLL_INIT_BLOCK; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _LDR_RESOURCE_INFO { + pub Type: ULONG_PTR, + pub Name: ULONG_PTR, + pub Language: ULONG_PTR, +} +pub type LDR_RESOURCE_INFO = _LDR_RESOURCE_INFO; +pub type PLDR_RESOURCE_INFO = *mut _LDR_RESOURCE_INFO; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _LDR_ENUM_RESOURCE_ENTRY { + pub Path: [_LDR_ENUM_RESOURCE_ENTRY__bindgen_ty_1; 3usize], + pub Data: PVOID, + pub Size: ULONG, + pub Reserved: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _LDR_ENUM_RESOURCE_ENTRY__bindgen_ty_1 { + pub NameOrId: ULONG_PTR, + pub Name: PIMAGE_RESOURCE_DIRECTORY_STRING, + pub __bindgen_anon_1: _LDR_ENUM_RESOURCE_ENTRY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _LDR_ENUM_RESOURCE_ENTRY__bindgen_ty_1__bindgen_ty_1 { + pub Id: USHORT, + pub NameIsPresent: USHORT, +} +impl Default for _LDR_ENUM_RESOURCE_ENTRY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _LDR_ENUM_RESOURCE_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_ENUM_RESOURCE_ENTRY = _LDR_ENUM_RESOURCE_ENTRY; +pub type PLDR_ENUM_RESOURCE_ENTRY = *mut _LDR_ENUM_RESOURCE_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_PROCESS_MODULE_INFORMATION { + pub Section: PVOID, + pub MappedBase: PVOID, + pub ImageBase: PVOID, + pub ImageSize: ULONG, + pub Flags: ULONG, + pub LoadOrderIndex: USHORT, + pub InitOrderIndex: USHORT, + pub LoadCount: USHORT, + pub OffsetToFileName: USHORT, + pub FullPathName: [UCHAR; 256usize], +} +impl Default for _RTL_PROCESS_MODULE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_PROCESS_MODULE_INFORMATION = _RTL_PROCESS_MODULE_INFORMATION; +pub type PRTL_PROCESS_MODULE_INFORMATION = *mut _RTL_PROCESS_MODULE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_PROCESS_MODULES { + pub NumberOfModules: ULONG, + pub Modules: [RTL_PROCESS_MODULE_INFORMATION; 1usize], +} +impl Default for _RTL_PROCESS_MODULES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_PROCESS_MODULES = _RTL_PROCESS_MODULES; +pub type PRTL_PROCESS_MODULES = *mut _RTL_PROCESS_MODULES; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_PROCESS_MODULE_INFORMATION_EX { + pub NextOffset: USHORT, + pub BaseInfo: RTL_PROCESS_MODULE_INFORMATION, + pub ImageChecksum: ULONG, + pub TimeDateStamp: ULONG, + pub DefaultBase: PVOID, +} +impl Default for _RTL_PROCESS_MODULE_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_PROCESS_MODULE_INFORMATION_EX = _RTL_PROCESS_MODULE_INFORMATION_EX; +pub type PRTL_PROCESS_MODULE_INFORMATION_EX = *mut _RTL_PROCESS_MODULE_INFORMATION_EX; +pub type PLDR_ENUM_CALLBACK = ::core::option::Option< + unsafe extern "C" fn( + ModuleInformation: PLDR_DATA_TABLE_ENTRY, + Parameter: PVOID, + Stop: *mut BOOLEAN, + ), +>; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _DELAYLOAD_PROC_DESCRIPTOR { + pub ImportDescribedByName: ULONG, + pub Description: _DELAYLOAD_PROC_DESCRIPTOR__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _DELAYLOAD_PROC_DESCRIPTOR__bindgen_ty_1 { + pub Name: PCSTR, + pub Ordinal: ULONG, +} +impl Default for _DELAYLOAD_PROC_DESCRIPTOR__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _DELAYLOAD_PROC_DESCRIPTOR { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DELAYLOAD_PROC_DESCRIPTOR = _DELAYLOAD_PROC_DESCRIPTOR; +pub type PDELAYLOAD_PROC_DESCRIPTOR = *mut _DELAYLOAD_PROC_DESCRIPTOR; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _DELAYLOAD_INFO { + pub Size: ULONG, + pub DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR, + pub ThunkAddress: PIMAGE_THUNK_DATA, + pub TargetDllName: PCSTR, + pub TargetApiDescriptor: DELAYLOAD_PROC_DESCRIPTOR, + pub TargetModuleBase: PVOID, + pub Unused: PVOID, + pub LastError: ULONG, +} +impl Default for _DELAYLOAD_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DELAYLOAD_INFO = _DELAYLOAD_INFO; +pub type PDELAYLOAD_INFO = *mut _DELAYLOAD_INFO; +pub type PDELAYLOAD_FAILURE_DLL_CALLBACK = ::core::option::Option< + unsafe extern "C" fn(NotificationReason: ULONG, DelayloadInfo: PDELAYLOAD_INFO) -> PVOID, +>; +pub type PDELAYLOAD_FAILURE_SYSTEM_ROUTINE = + ::core::option::Option PVOID>; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LDR_SOFTWARE_ENCLAVE { + pub Links: LIST_ENTRY, + pub CriticalSection: RTL_CRITICAL_SECTION, + pub EnclaveType: ULONG, + pub ReferenceCount: LONG, + pub EnclaveState: ULONG, + pub BaseAddress: PVOID, + pub Size: SIZE_T, + pub PreviousBaseAddress: PVOID, + pub Modules: LIST_ENTRY, + pub PrimaryModule: PLDR_DATA_TABLE_ENTRY, + pub BCryptModule: PLDR_DATA_TABLE_ENTRY, + pub BCryptPrimitivesModule: PLDR_DATA_TABLE_ENTRY, +} +impl Default for _LDR_SOFTWARE_ENCLAVE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_SOFTWARE_ENCLAVE = _LDR_SOFTWARE_ENCLAVE; +pub type PLDR_SOFTWARE_ENCLAVE = *mut _LDR_SOFTWARE_ENCLAVE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYSTEM_ENVIRONMENT_INFORMATION_CLASS { + SystemEnvironmentNameInformation = 1, + SystemEnvironmentValueInformation = 2, + MaxSystemEnvironmentInfoClass = 3, +} +pub use self::_SYSTEM_ENVIRONMENT_INFORMATION_CLASS as SYSTEM_ENVIRONMENT_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _VARIABLE_NAME { + pub NextEntryOffset: ULONG, + pub VendorGuid: GUID, + pub Name: [WCHAR; 1usize], +} +pub type VARIABLE_NAME = _VARIABLE_NAME; +pub type PVARIABLE_NAME = *mut _VARIABLE_NAME; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _VARIABLE_NAME_AND_VALUE { + pub NextEntryOffset: ULONG, + pub ValueOffset: ULONG, + pub ValueLength: ULONG, + pub Attributes: ULONG, + pub VendorGuid: GUID, + pub Name: [WCHAR; 1usize], +} +pub type VARIABLE_NAME_AND_VALUE = _VARIABLE_NAME_AND_VALUE; +pub type PVARIABLE_NAME_AND_VALUE = *mut _VARIABLE_NAME_AND_VALUE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _BOOT_ENTRY { + pub Version: ULONG, + pub Length: ULONG, + pub Id: ULONG, + pub Attributes: ULONG, + pub FriendlyNameOffset: ULONG, + pub BootFilePathOffset: ULONG, + pub OsOptionsLength: ULONG, + pub OsOptions: [UCHAR; 1usize], +} +pub type BOOT_ENTRY = _BOOT_ENTRY; +pub type PBOOT_ENTRY = *mut _BOOT_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _BOOT_ENTRY_LIST { + pub NextEntryOffset: ULONG, + pub BootEntry: BOOT_ENTRY, +} +pub type BOOT_ENTRY_LIST = _BOOT_ENTRY_LIST; +pub type PBOOT_ENTRY_LIST = *mut _BOOT_ENTRY_LIST; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _BOOT_OPTIONS { + pub Version: ULONG, + pub Length: ULONG, + pub Timeout: ULONG, + pub CurrentBootEntryId: ULONG, + pub NextBootEntryId: ULONG, + pub HeadlessRedirection: [WCHAR; 1usize], +} +pub type BOOT_OPTIONS = _BOOT_OPTIONS; +pub type PBOOT_OPTIONS = *mut _BOOT_OPTIONS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_PATH { + pub Version: ULONG, + pub Length: ULONG, + pub Type: ULONG, + pub FilePath: [UCHAR; 1usize], +} +pub type FILE_PATH = _FILE_PATH; +pub type PFILE_PATH = *mut _FILE_PATH; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _EFI_DRIVER_ENTRY { + pub Version: ULONG, + pub Length: ULONG, + pub Id: ULONG, + pub FriendlyNameOffset: ULONG, + pub DriverFilePathOffset: ULONG, +} +pub type EFI_DRIVER_ENTRY = _EFI_DRIVER_ENTRY; +pub type PEFI_DRIVER_ENTRY = *mut _EFI_DRIVER_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _EFI_DRIVER_ENTRY_LIST { + pub NextEntryOffset: ULONG, + pub DriverEntry: EFI_DRIVER_ENTRY, +} +pub type EFI_DRIVER_ENTRY_LIST = _EFI_DRIVER_ENTRY_LIST; +pub type PEFI_DRIVER_ENTRY_LIST = *mut _EFI_DRIVER_ENTRY_LIST; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _FILTER_BOOT_OPTION_OPERATION { + FilterBootOptionOperationOpenSystemStore = 0, + FilterBootOptionOperationSetElement = 1, + FilterBootOptionOperationDeleteElement = 2, + FilterBootOptionOperationMax = 3, +} +pub use self::_FILTER_BOOT_OPTION_OPERATION as FILTER_BOOT_OPTION_OPERATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _EVENT_INFORMATION_CLASS { + EventBasicInformation = 0, +} +pub use self::_EVENT_INFORMATION_CLASS as EVENT_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_BASIC_INFORMATION { + pub EventType: EVENT_TYPE, + pub EventState: LONG, +} +impl Default for _EVENT_BASIC_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_BASIC_INFORMATION = _EVENT_BASIC_INFORMATION; +pub type PEVENT_BASIC_INFORMATION = *mut _EVENT_BASIC_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _MUTANT_INFORMATION_CLASS { + MutantBasicInformation = 0, + MutantOwnerInformation = 1, +} +pub use self::_MUTANT_INFORMATION_CLASS as MUTANT_INFORMATION_CLASS; +#[repr(C)] +pub struct _MUTANT_BASIC_INFORMATION { + pub CurrentCount: LONG, + pub OwnedByCaller: BOOLEAN, + pub AbandonedState: BOOLEAN, +} +impl Default for _MUTANT_BASIC_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MUTANT_BASIC_INFORMATION = _MUTANT_BASIC_INFORMATION; +pub type PMUTANT_BASIC_INFORMATION = *mut _MUTANT_BASIC_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _MUTANT_OWNER_INFORMATION { + pub ClientId: CLIENT_ID, +} +impl Default for _MUTANT_OWNER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MUTANT_OWNER_INFORMATION = _MUTANT_OWNER_INFORMATION; +pub type PMUTANT_OWNER_INFORMATION = *mut _MUTANT_OWNER_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SEMAPHORE_INFORMATION_CLASS { + SemaphoreBasicInformation = 0, +} +pub use self::_SEMAPHORE_INFORMATION_CLASS as SEMAPHORE_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SEMAPHORE_BASIC_INFORMATION { + pub CurrentCount: LONG, + pub MaximumCount: LONG, +} +pub type SEMAPHORE_BASIC_INFORMATION = _SEMAPHORE_BASIC_INFORMATION; +pub type PSEMAPHORE_BASIC_INFORMATION = *mut _SEMAPHORE_BASIC_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _TIMER_INFORMATION_CLASS { + TimerBasicInformation = 0, +} +pub use self::_TIMER_INFORMATION_CLASS as TIMER_INFORMATION_CLASS; +#[repr(C)] +pub struct _TIMER_BASIC_INFORMATION { + pub RemainingTime: LARGE_INTEGER, + pub TimerState: BOOLEAN, +} +impl Default for _TIMER_BASIC_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TIMER_BASIC_INFORMATION = _TIMER_BASIC_INFORMATION; +pub type PTIMER_BASIC_INFORMATION = *mut _TIMER_BASIC_INFORMATION; +pub type PTIMER_APC_ROUTINE = ::core::option::Option< + unsafe extern "C" fn(TimerContext: PVOID, TimerLowValue: ULONG, TimerHighValue: LONG), +>; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _TIMER_SET_INFORMATION_CLASS { + TimerSetCoalescableTimer = 0, + MaxTimerInfoClass = 1, +} +pub use self::_TIMER_SET_INFORMATION_CLASS as TIMER_SET_INFORMATION_CLASS; +pub type PCOUNTED_REASON_CONTEXT = *mut _COUNTED_REASON_CONTEXT; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _TIMER_SET_COALESCABLE_TIMER_INFO { + pub DueTime: LARGE_INTEGER, + pub TimerApcRoutine: PTIMER_APC_ROUTINE, + pub TimerContext: PVOID, + pub WakeContext: PCOUNTED_REASON_CONTEXT, + pub Period: ULONG, + pub TolerableDelay: ULONG, + pub PreviousState: PBOOLEAN, +} +impl Default for _TIMER_SET_COALESCABLE_TIMER_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TIMER_SET_COALESCABLE_TIMER_INFO = _TIMER_SET_COALESCABLE_TIMER_INFO; +pub type PTIMER_SET_COALESCABLE_TIMER_INFO = *mut _TIMER_SET_COALESCABLE_TIMER_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _T2_SET_PARAMETERS_V0 { + pub Version: ULONG, + pub Reserved: ULONG, + pub NoWakeTolerance: LONGLONG, +} +pub type T2_SET_PARAMETERS = _T2_SET_PARAMETERS_V0; +pub type PT2_SET_PARAMETERS = *mut _T2_SET_PARAMETERS_V0; +pub type PT2_CANCEL_PARAMETERS = PVOID; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _WNF_STATE_NAME { + pub Data: [ULONG; 2usize], +} +pub type WNF_STATE_NAME = _WNF_STATE_NAME; +pub type PWNF_STATE_NAME = *mut _WNF_STATE_NAME; +pub type PCWNF_STATE_NAME = *const WNF_STATE_NAME; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _WNF_STATE_NAME_LIFETIME { + WnfWellKnownStateName = 0, + WnfPermanentStateName = 1, + WnfPersistentStateName = 2, + WnfTemporaryStateName = 3, +} +pub use self::_WNF_STATE_NAME_LIFETIME as WNF_STATE_NAME_LIFETIME; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _WNF_STATE_NAME_INFORMATION { + WnfInfoStateNameExist = 0, + WnfInfoSubscribersPresent = 1, + WnfInfoIsQuiescent = 2, +} +pub use self::_WNF_STATE_NAME_INFORMATION as WNF_STATE_NAME_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _WNF_DATA_SCOPE { + WnfDataScopeSystem = 0, + WnfDataScopeSession = 1, + WnfDataScopeUser = 2, + WnfDataScopeProcess = 3, + WnfDataScopeMachine = 4, + WnfDataScopePhysicalMachine = 5, +} +pub use self::_WNF_DATA_SCOPE as WNF_DATA_SCOPE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _WNF_TYPE_ID { + pub TypeId: GUID, +} +pub type WNF_TYPE_ID = _WNF_TYPE_ID; +pub type PWNF_TYPE_ID = *mut _WNF_TYPE_ID; +pub type PCWNF_TYPE_ID = *const WNF_TYPE_ID; +pub type WNF_CHANGE_STAMP = ULONG; +pub type PWNF_CHANGE_STAMP = *mut ULONG; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _WNF_DELIVERY_DESCRIPTOR { + pub SubscriptionId: ULONGLONG, + pub StateName: WNF_STATE_NAME, + pub ChangeStamp: WNF_CHANGE_STAMP, + pub StateDataSize: ULONG, + pub EventMask: ULONG, + pub TypeId: WNF_TYPE_ID, + pub StateDataOffset: ULONG, +} +pub type WNF_DELIVERY_DESCRIPTOR = _WNF_DELIVERY_DESCRIPTOR; +pub type PWNF_DELIVERY_DESCRIPTOR = *mut _WNF_DELIVERY_DESCRIPTOR; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _WORKERFACTORYINFOCLASS { + WorkerFactoryTimeout = 0, + WorkerFactoryRetryTimeout = 1, + WorkerFactoryIdleTimeout = 2, + WorkerFactoryBindingCount = 3, + WorkerFactoryThreadMinimum = 4, + WorkerFactoryThreadMaximum = 5, + WorkerFactoryPaused = 6, + WorkerFactoryBasicInformation = 7, + WorkerFactoryAdjustThreadGoal = 8, + WorkerFactoryCallbackType = 9, + WorkerFactoryStackInformation = 10, + WorkerFactoryThreadBasePriority = 11, + WorkerFactoryTimeoutWaiters = 12, + WorkerFactoryFlags = 13, + WorkerFactoryThreadSoftMaximum = 14, + WorkerFactoryThreadCpuSets = 15, + MaxWorkerFactoryInfoClass = 16, +} +pub use self::_WORKERFACTORYINFOCLASS as WORKERFACTORYINFOCLASS; +pub type PWORKERFACTORYINFOCLASS = *mut _WORKERFACTORYINFOCLASS; +#[repr(C)] +pub struct _WORKER_FACTORY_BASIC_INFORMATION { + pub Timeout: LARGE_INTEGER, + pub RetryTimeout: LARGE_INTEGER, + pub IdleTimeout: LARGE_INTEGER, + pub Paused: BOOLEAN, + pub TimerSet: BOOLEAN, + pub QueuedToExWorker: BOOLEAN, + pub MayCreate: BOOLEAN, + pub CreateInProgress: BOOLEAN, + pub InsertedIntoQueue: BOOLEAN, + pub Shutdown: BOOLEAN, + pub BindingCount: ULONG, + pub ThreadMinimum: ULONG, + pub ThreadMaximum: ULONG, + pub PendingWorkerCount: ULONG, + pub WaitingWorkerCount: ULONG, + pub TotalWorkerCount: ULONG, + pub ReleaseCount: ULONG, + pub InfiniteWaitGoal: LONGLONG, + pub StartRoutine: PVOID, + pub StartParameter: PVOID, + pub ProcessId: HANDLE, + pub StackReserve: SIZE_T, + pub StackCommit: SIZE_T, + pub LastThreadCreationStatus: NTSTATUS, +} +impl Default for _WORKER_FACTORY_BASIC_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type WORKER_FACTORY_BASIC_INFORMATION = _WORKER_FACTORY_BASIC_INFORMATION; +pub type PWORKER_FACTORY_BASIC_INFORMATION = *mut _WORKER_FACTORY_BASIC_INFORMATION; +pub type PFILE_IO_COMPLETION_INFORMATION = *mut _FILE_IO_COMPLETION_INFORMATION; +pub type PPORT_MESSAGE = *mut _PORT_MESSAGE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _WORKER_FACTORY_DEFERRED_WORK { + pub AlpcSendMessage: PPORT_MESSAGE, + pub AlpcSendMessagePort: PVOID, + pub AlpcSendMessageFlags: ULONG, + pub Flags: ULONG, +} +impl Default for _WORKER_FACTORY_DEFERRED_WORK { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type WORKER_FACTORY_DEFERRED_WORK = _WORKER_FACTORY_DEFERRED_WORK; +pub type PWORKER_FACTORY_DEFERRED_WORK = *mut _WORKER_FACTORY_DEFERRED_WORK; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYSTEM_INFORMATION_CLASS { + SystemBasicInformation = 0, + SystemProcessorInformation = 1, + SystemPerformanceInformation = 2, + SystemTimeOfDayInformation = 3, + SystemPathInformation = 4, + SystemProcessInformation = 5, + SystemCallCountInformation = 6, + SystemDeviceInformation = 7, + SystemProcessorPerformanceInformation = 8, + SystemFlagsInformation = 9, + SystemCallTimeInformation = 10, + SystemModuleInformation = 11, + SystemLocksInformation = 12, + SystemStackTraceInformation = 13, + SystemPagedPoolInformation = 14, + SystemNonPagedPoolInformation = 15, + SystemHandleInformation = 16, + SystemObjectInformation = 17, + SystemPageFileInformation = 18, + SystemVdmInstemulInformation = 19, + SystemVdmBopInformation = 20, + SystemFileCacheInformation = 21, + SystemPoolTagInformation = 22, + SystemInterruptInformation = 23, + SystemDpcBehaviorInformation = 24, + SystemFullMemoryInformation = 25, + SystemLoadGdiDriverInformation = 26, + SystemUnloadGdiDriverInformation = 27, + SystemTimeAdjustmentInformation = 28, + SystemSummaryMemoryInformation = 29, + SystemMirrorMemoryInformation = 30, + SystemPerformanceTraceInformation = 31, + SystemObsolete0 = 32, + SystemExceptionInformation = 33, + SystemCrashDumpStateInformation = 34, + SystemKernelDebuggerInformation = 35, + SystemContextSwitchInformation = 36, + SystemRegistryQuotaInformation = 37, + SystemExtendServiceTableInformation = 38, + SystemPrioritySeperation = 39, + SystemVerifierAddDriverInformation = 40, + SystemVerifierRemoveDriverInformation = 41, + SystemProcessorIdleInformation = 42, + SystemLegacyDriverInformation = 43, + SystemCurrentTimeZoneInformation = 44, + SystemLookasideInformation = 45, + SystemTimeSlipNotification = 46, + SystemSessionCreate = 47, + SystemSessionDetach = 48, + SystemSessionInformation = 49, + SystemRangeStartInformation = 50, + SystemVerifierInformation = 51, + SystemVerifierThunkExtend = 52, + SystemSessionProcessInformation = 53, + SystemLoadGdiDriverInSystemSpace = 54, + SystemNumaProcessorMap = 55, + SystemPrefetcherInformation = 56, + SystemExtendedProcessInformation = 57, + SystemRecommendedSharedDataAlignment = 58, + SystemComPlusPackage = 59, + SystemNumaAvailableMemory = 60, + SystemProcessorPowerInformation = 61, + SystemEmulationBasicInformation = 62, + SystemEmulationProcessorInformation = 63, + SystemExtendedHandleInformation = 64, + SystemLostDelayedWriteInformation = 65, + SystemBigPoolInformation = 66, + SystemSessionPoolTagInformation = 67, + SystemSessionMappedViewInformation = 68, + SystemHotpatchInformation = 69, + SystemObjectSecurityMode = 70, + SystemWatchdogTimerHandler = 71, + SystemWatchdogTimerInformation = 72, + SystemLogicalProcessorInformation = 73, + SystemWow64SharedInformationObsolete = 74, + SystemRegisterFirmwareTableInformationHandler = 75, + SystemFirmwareTableInformation = 76, + SystemModuleInformationEx = 77, + SystemVerifierTriageInformation = 78, + SystemSuperfetchInformation = 79, + SystemMemoryListInformation = 80, + SystemFileCacheInformationEx = 81, + SystemThreadPriorityClientIdInformation = 82, + SystemProcessorIdleCycleTimeInformation = 83, + SystemVerifierCancellationInformation = 84, + SystemProcessorPowerInformationEx = 85, + SystemRefTraceInformation = 86, + SystemSpecialPoolInformation = 87, + SystemProcessIdInformation = 88, + SystemErrorPortInformation = 89, + SystemBootEnvironmentInformation = 90, + SystemHypervisorInformation = 91, + SystemVerifierInformationEx = 92, + SystemTimeZoneInformation = 93, + SystemImageFileExecutionOptionsInformation = 94, + SystemCoverageInformation = 95, + SystemPrefetchPatchInformation = 96, + SystemVerifierFaultsInformation = 97, + SystemSystemPartitionInformation = 98, + SystemSystemDiskInformation = 99, + SystemProcessorPerformanceDistribution = 100, + SystemNumaProximityNodeInformation = 101, + SystemDynamicTimeZoneInformation = 102, + SystemCodeIntegrityInformation = 103, + SystemProcessorMicrocodeUpdateInformation = 104, + SystemProcessorBrandString = 105, + SystemVirtualAddressInformation = 106, + SystemLogicalProcessorAndGroupInformation = 107, + SystemProcessorCycleTimeInformation = 108, + SystemStoreInformation = 109, + SystemRegistryAppendString = 110, + SystemAitSamplingValue = 111, + SystemVhdBootInformation = 112, + SystemCpuQuotaInformation = 113, + SystemNativeBasicInformation = 114, + SystemErrorPortTimeouts = 115, + SystemLowPriorityIoInformation = 116, + SystemTpmBootEntropyInformation = 117, + SystemVerifierCountersInformation = 118, + SystemPagedPoolInformationEx = 119, + SystemSystemPtesInformationEx = 120, + SystemNodeDistanceInformation = 121, + SystemAcpiAuditInformation = 122, + SystemBasicPerformanceInformation = 123, + SystemQueryPerformanceCounterInformation = 124, + SystemSessionBigPoolInformation = 125, + SystemBootGraphicsInformation = 126, + SystemScrubPhysicalMemoryInformation = 127, + SystemBadPageInformation = 128, + SystemProcessorProfileControlArea = 129, + SystemCombinePhysicalMemoryInformation = 130, + SystemEntropyInterruptTimingInformation = 131, + SystemConsoleInformation = 132, + SystemPlatformBinaryInformation = 133, + SystemPolicyInformation = 134, + SystemHypervisorProcessorCountInformation = 135, + SystemDeviceDataInformation = 136, + SystemDeviceDataEnumerationInformation = 137, + SystemMemoryTopologyInformation = 138, + SystemMemoryChannelInformation = 139, + SystemBootLogoInformation = 140, + SystemProcessorPerformanceInformationEx = 141, + SystemCriticalProcessErrorLogInformation = 142, + SystemSecureBootPolicyInformation = 143, + SystemPageFileInformationEx = 144, + SystemSecureBootInformation = 145, + SystemEntropyInterruptTimingRawInformation = 146, + SystemPortableWorkspaceEfiLauncherInformation = 147, + SystemFullProcessInformation = 148, + SystemKernelDebuggerInformationEx = 149, + SystemBootMetadataInformation = 150, + SystemSoftRebootInformation = 151, + SystemElamCertificateInformation = 152, + SystemOfflineDumpConfigInformation = 153, + SystemProcessorFeaturesInformation = 154, + SystemRegistryReconciliationInformation = 155, + SystemEdidInformation = 156, + SystemManufacturingInformation = 157, + SystemEnergyEstimationConfigInformation = 158, + SystemHypervisorDetailInformation = 159, + SystemProcessorCycleStatsInformation = 160, + SystemVmGenerationCountInformation = 161, + SystemTrustedPlatformModuleInformation = 162, + SystemKernelDebuggerFlags = 163, + SystemCodeIntegrityPolicyInformation = 164, + SystemIsolatedUserModeInformation = 165, + SystemHardwareSecurityTestInterfaceResultsInformation = 166, + SystemSingleModuleInformation = 167, + SystemAllowedCpuSetsInformation = 168, + SystemVsmProtectionInformation = 169, + SystemInterruptCpuSetsInformation = 170, + SystemSecureBootPolicyFullInformation = 171, + SystemCodeIntegrityPolicyFullInformation = 172, + SystemAffinitizedInterruptProcessorInformation = 173, + SystemRootSiloInformation = 174, + SystemCpuSetInformation = 175, + SystemCpuSetTagInformation = 176, + SystemWin32WerStartCallout = 177, + SystemSecureKernelProfileInformation = 178, + SystemCodeIntegrityPlatformManifestInformation = 179, + SystemInterruptSteeringInformation = 180, + SystemSupportedProcessorArchitectures = 181, + SystemMemoryUsageInformation = 182, + SystemCodeIntegrityCertificateInformation = 183, + SystemPhysicalMemoryInformation = 184, + SystemControlFlowTransition = 185, + SystemKernelDebuggingAllowed = 186, + SystemActivityModerationExeState = 187, + SystemActivityModerationUserSettings = 188, + SystemCodeIntegrityPoliciesFullInformation = 189, + SystemCodeIntegrityUnlockInformation = 190, + SystemIntegrityQuotaInformation = 191, + SystemFlushInformation = 192, + SystemProcessorIdleMaskInformation = 193, + SystemSecureDumpEncryptionInformation = 194, + SystemWriteConstraintInformation = 195, + SystemKernelVaShadowInformation = 196, + SystemHypervisorSharedPageInformation = 197, + SystemFirmwareBootPerformanceInformation = 198, + SystemCodeIntegrityVerificationInformation = 199, + SystemFirmwarePartitionInformation = 200, + SystemSpeculationControlInformation = 201, + SystemDmaGuardPolicyInformation = 202, + SystemEnclaveLaunchControlInformation = 203, + SystemWorkloadAllowedCpuSetsInformation = 204, + SystemCodeIntegrityUnlockModeInformation = 205, + SystemLeapSecondInformation = 206, + SystemFlags2Information = 207, + SystemSecurityModelInformation = 208, + SystemCodeIntegritySyntheticCacheInformation = 209, + SystemFeatureConfigurationInformation = 210, + SystemFeatureConfigurationSectionInformation = 211, + SystemFeatureUsageSubscriptionInformation = 212, + SystemSecureSpeculationControlInformation = 213, + SystemSpacesBootInformation = 214, + SystemFwRamdiskInformation = 215, + SystemWheaIpmiHardwareInformation = 216, + SystemDifSetRuleClassInformation = 217, + SystemDifClearRuleClassInformation = 218, + SystemDifApplyPluginVerificationOnDriver = 219, + SystemDifRemovePluginVerificationOnDriver = 220, + SystemShadowStackInformation = 221, + SystemBuildVersionInformation = 222, + SystemPoolLimitInformation = 223, + SystemCodeIntegrityAddDynamicStore = 224, + SystemCodeIntegrityClearDynamicStores = 225, + SystemDifPoolTrackingInformation = 226, + SystemPoolZeroingInformation = 227, + SystemDpcWatchdogInformation = 228, + SystemDpcWatchdogInformation2 = 229, + SystemSupportedProcessorArchitectures2 = 230, + SystemSingleProcessorRelationshipInformation = 231, + SystemXfgCheckFailureInformation = 232, + SystemIommuStateInformation = 233, + SystemHypervisorMinrootInformation = 234, + SystemHypervisorBootPagesInformation = 235, + SystemPointerAuthInformation = 236, + SystemSecureKernelDebuggerInformation = 237, + SystemOriginalImageFeatureInformation = 238, + MaxSystemInfoClass = 239, +} +pub use self::_SYSTEM_INFORMATION_CLASS as SYSTEM_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_BASIC_INFORMATION { + pub Reserved: ULONG, + pub TimerResolution: ULONG, + pub PageSize: ULONG, + pub NumberOfPhysicalPages: ULONG, + pub LowestPhysicalPageNumber: ULONG, + pub HighestPhysicalPageNumber: ULONG, + pub AllocationGranularity: ULONG, + pub MinimumUserModeAddress: ULONG_PTR, + pub MaximumUserModeAddress: ULONG_PTR, + pub ActiveProcessorsAffinityMask: KAFFINITY, + pub NumberOfProcessors: CCHAR, +} +pub type SYSTEM_BASIC_INFORMATION = _SYSTEM_BASIC_INFORMATION; +pub type PSYSTEM_BASIC_INFORMATION = *mut _SYSTEM_BASIC_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PROCESSOR_INFORMATION { + pub ProcessorArchitecture: USHORT, + pub ProcessorLevel: USHORT, + pub ProcessorRevision: USHORT, + pub MaximumProcessors: USHORT, + pub ProcessorFeatureBits: ULONG, +} +pub type SYSTEM_PROCESSOR_INFORMATION = _SYSTEM_PROCESSOR_INFORMATION; +pub type PSYSTEM_PROCESSOR_INFORMATION = *mut _SYSTEM_PROCESSOR_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_PERFORMANCE_INFORMATION { + pub IdleProcessTime: LARGE_INTEGER, + pub IoReadTransferCount: LARGE_INTEGER, + pub IoWriteTransferCount: LARGE_INTEGER, + pub IoOtherTransferCount: LARGE_INTEGER, + pub IoReadOperationCount: ULONG, + pub IoWriteOperationCount: ULONG, + pub IoOtherOperationCount: ULONG, + pub AvailablePages: ULONG, + pub CommittedPages: ULONG, + pub CommitLimit: ULONG, + pub PeakCommitment: ULONG, + pub PageFaultCount: ULONG, + pub CopyOnWriteCount: ULONG, + pub TransitionCount: ULONG, + pub CacheTransitionCount: ULONG, + pub DemandZeroCount: ULONG, + pub PageReadCount: ULONG, + pub PageReadIoCount: ULONG, + pub CacheReadCount: ULONG, + pub CacheIoCount: ULONG, + pub DirtyPagesWriteCount: ULONG, + pub DirtyWriteIoCount: ULONG, + pub MappedPagesWriteCount: ULONG, + pub MappedWriteIoCount: ULONG, + pub PagedPoolPages: ULONG, + pub NonPagedPoolPages: ULONG, + pub PagedPoolAllocs: ULONG, + pub PagedPoolFrees: ULONG, + pub NonPagedPoolAllocs: ULONG, + pub NonPagedPoolFrees: ULONG, + pub FreeSystemPtes: ULONG, + pub ResidentSystemCodePage: ULONG, + pub TotalSystemDriverPages: ULONG, + pub TotalSystemCodePages: ULONG, + pub NonPagedPoolLookasideHits: ULONG, + pub PagedPoolLookasideHits: ULONG, + pub AvailablePagedPoolPages: ULONG, + pub ResidentSystemCachePage: ULONG, + pub ResidentPagedPoolPage: ULONG, + pub ResidentSystemDriverPage: ULONG, + pub CcFastReadNoWait: ULONG, + pub CcFastReadWait: ULONG, + pub CcFastReadResourceMiss: ULONG, + pub CcFastReadNotPossible: ULONG, + pub CcFastMdlReadNoWait: ULONG, + pub CcFastMdlReadWait: ULONG, + pub CcFastMdlReadResourceMiss: ULONG, + pub CcFastMdlReadNotPossible: ULONG, + pub CcMapDataNoWait: ULONG, + pub CcMapDataWait: ULONG, + pub CcMapDataNoWaitMiss: ULONG, + pub CcMapDataWaitMiss: ULONG, + pub CcPinMappedDataCount: ULONG, + pub CcPinReadNoWait: ULONG, + pub CcPinReadWait: ULONG, + pub CcPinReadNoWaitMiss: ULONG, + pub CcPinReadWaitMiss: ULONG, + pub CcCopyReadNoWait: ULONG, + pub CcCopyReadWait: ULONG, + pub CcCopyReadNoWaitMiss: ULONG, + pub CcCopyReadWaitMiss: ULONG, + pub CcMdlReadNoWait: ULONG, + pub CcMdlReadWait: ULONG, + pub CcMdlReadNoWaitMiss: ULONG, + pub CcMdlReadWaitMiss: ULONG, + pub CcReadAheadIos: ULONG, + pub CcLazyWriteIos: ULONG, + pub CcLazyWritePages: ULONG, + pub CcDataFlushes: ULONG, + pub CcDataPages: ULONG, + pub ContextSwitches: ULONG, + pub FirstLevelTbFills: ULONG, + pub SecondLevelTbFills: ULONG, + pub SystemCalls: ULONG, + pub CcTotalDirtyPages: ULONGLONG, + pub CcDirtyPageThreshold: ULONGLONG, + pub ResidentAvailablePages: LONGLONG, + pub SharedCommittedPages: ULONGLONG, +} +impl Default for _SYSTEM_PERFORMANCE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_PERFORMANCE_INFORMATION = _SYSTEM_PERFORMANCE_INFORMATION; +pub type PSYSTEM_PERFORMANCE_INFORMATION = *mut _SYSTEM_PERFORMANCE_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_TIMEOFDAY_INFORMATION { + pub BootTime: LARGE_INTEGER, + pub CurrentTime: LARGE_INTEGER, + pub TimeZoneBias: LARGE_INTEGER, + pub TimeZoneId: ULONG, + pub Reserved: ULONG, + pub BootTimeBias: ULONGLONG, + pub SleepTimeBias: ULONGLONG, +} +impl Default for _SYSTEM_TIMEOFDAY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_TIMEOFDAY_INFORMATION = _SYSTEM_TIMEOFDAY_INFORMATION; +pub type PSYSTEM_TIMEOFDAY_INFORMATION = *mut _SYSTEM_TIMEOFDAY_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_THREAD_INFORMATION { + pub KernelTime: LARGE_INTEGER, + pub UserTime: LARGE_INTEGER, + pub CreateTime: LARGE_INTEGER, + pub WaitTime: ULONG, + pub StartAddress: ULONG_PTR, + pub ClientId: CLIENT_ID, + pub Priority: KPRIORITY, + pub BasePriority: KPRIORITY, + pub ContextSwitches: ULONG, + pub ThreadState: KTHREAD_STATE, + pub WaitReason: KWAIT_REASON, +} +impl Default for _SYSTEM_THREAD_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_THREAD_INFORMATION = _SYSTEM_THREAD_INFORMATION; +pub type PSYSTEM_THREAD_INFORMATION = *mut _SYSTEM_THREAD_INFORMATION; +pub type PTEB = *mut _TEB; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_EXTENDED_THREAD_INFORMATION { + pub ThreadInfo: SYSTEM_THREAD_INFORMATION, + pub StackBase: PVOID, + pub StackLimit: PVOID, + pub Win32StartAddress: ULONG_PTR, + pub TebBase: PTEB, + pub Reserved2: ULONG_PTR, + pub Reserved3: ULONG_PTR, + pub Reserved4: ULONG_PTR, +} +impl Default for _SYSTEM_EXTENDED_THREAD_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_EXTENDED_THREAD_INFORMATION = _SYSTEM_EXTENDED_THREAD_INFORMATION; +pub type PSYSTEM_EXTENDED_THREAD_INFORMATION = *mut _SYSTEM_EXTENDED_THREAD_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_PROCESS_INFORMATION { + pub NextEntryOffset: ULONG, + pub NumberOfThreads: ULONG, + pub WorkingSetPrivateSize: LARGE_INTEGER, + pub HardFaultCount: ULONG, + pub NumberOfThreadsHighWatermark: ULONG, + pub CycleTime: ULONGLONG, + pub CreateTime: LARGE_INTEGER, + pub UserTime: LARGE_INTEGER, + pub KernelTime: LARGE_INTEGER, + pub ImageName: UNICODE_STRING, + pub BasePriority: KPRIORITY, + pub UniqueProcessId: HANDLE, + pub InheritedFromUniqueProcessId: HANDLE, + pub HandleCount: ULONG, + pub SessionId: ULONG, + pub UniqueProcessKey: ULONG_PTR, + pub PeakVirtualSize: SIZE_T, + pub VirtualSize: SIZE_T, + pub PageFaultCount: ULONG, + pub PeakWorkingSetSize: SIZE_T, + pub WorkingSetSize: SIZE_T, + pub QuotaPeakPagedPoolUsage: SIZE_T, + pub QuotaPagedPoolUsage: SIZE_T, + pub QuotaPeakNonPagedPoolUsage: SIZE_T, + pub QuotaNonPagedPoolUsage: SIZE_T, + pub PagefileUsage: SIZE_T, + pub PeakPagefileUsage: SIZE_T, + pub PrivatePageCount: SIZE_T, + pub ReadOperationCount: LARGE_INTEGER, + pub WriteOperationCount: LARGE_INTEGER, + pub OtherOperationCount: LARGE_INTEGER, + pub ReadTransferCount: LARGE_INTEGER, + pub WriteTransferCount: LARGE_INTEGER, + pub OtherTransferCount: LARGE_INTEGER, + pub Threads: [SYSTEM_THREAD_INFORMATION; 1usize], +} +impl Default for _SYSTEM_PROCESS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_PROCESS_INFORMATION = _SYSTEM_PROCESS_INFORMATION; +pub type PSYSTEM_PROCESS_INFORMATION = *mut _SYSTEM_PROCESS_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_CALL_COUNT_INFORMATION { + pub Length: ULONG, + pub NumberOfTables: ULONG, +} +pub type SYSTEM_CALL_COUNT_INFORMATION = _SYSTEM_CALL_COUNT_INFORMATION; +pub type PSYSTEM_CALL_COUNT_INFORMATION = *mut _SYSTEM_CALL_COUNT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_DEVICE_INFORMATION { + pub NumberOfDisks: ULONG, + pub NumberOfFloppies: ULONG, + pub NumberOfCdRoms: ULONG, + pub NumberOfTapes: ULONG, + pub NumberOfSerialPorts: ULONG, + pub NumberOfParallelPorts: ULONG, +} +pub type SYSTEM_DEVICE_INFORMATION = _SYSTEM_DEVICE_INFORMATION; +pub type PSYSTEM_DEVICE_INFORMATION = *mut _SYSTEM_DEVICE_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION { + pub IdleTime: LARGE_INTEGER, + pub KernelTime: LARGE_INTEGER, + pub UserTime: LARGE_INTEGER, + pub DpcTime: LARGE_INTEGER, + pub InterruptTime: LARGE_INTEGER, + pub InterruptCount: ULONG, +} +impl Default for _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION = _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; +pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION = *mut _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_FLAGS_INFORMATION { + pub Flags: ULONG, +} +pub type SYSTEM_FLAGS_INFORMATION = _SYSTEM_FLAGS_INFORMATION; +pub type PSYSTEM_FLAGS_INFORMATION = *mut _SYSTEM_FLAGS_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_CALL_TIME_INFORMATION { + pub Length: ULONG, + pub TotalCalls: ULONG, + pub TimeOfCalls: [LARGE_INTEGER; 1usize], +} +impl Default for _SYSTEM_CALL_TIME_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_CALL_TIME_INFORMATION = _SYSTEM_CALL_TIME_INFORMATION; +pub type PSYSTEM_CALL_TIME_INFORMATION = *mut _SYSTEM_CALL_TIME_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_PROCESS_LOCK_INFORMATION { + pub Address: PVOID, + pub Type: USHORT, + pub CreatorBackTraceIndex: USHORT, + pub OwningThread: HANDLE, + pub LockCount: LONG, + pub ContentionCount: ULONG, + pub EntryCount: ULONG, + pub RecursionCount: LONG, + pub NumberOfWaitingShared: ULONG, + pub NumberOfWaitingExclusive: ULONG, +} +impl Default for _RTL_PROCESS_LOCK_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_PROCESS_LOCK_INFORMATION = _RTL_PROCESS_LOCK_INFORMATION; +pub type PRTL_PROCESS_LOCK_INFORMATION = *mut _RTL_PROCESS_LOCK_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_PROCESS_LOCKS { + pub NumberOfLocks: ULONG, + pub Locks: [RTL_PROCESS_LOCK_INFORMATION; 1usize], +} +impl Default for _RTL_PROCESS_LOCKS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_PROCESS_LOCKS = _RTL_PROCESS_LOCKS; +pub type PRTL_PROCESS_LOCKS = *mut _RTL_PROCESS_LOCKS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_PROCESS_BACKTRACE_INFORMATION { + pub SymbolicBackTrace: PCHAR, + pub TraceCount: ULONG, + pub Index: USHORT, + pub Depth: USHORT, + pub BackTrace: [PVOID; 32usize], +} +impl Default for _RTL_PROCESS_BACKTRACE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_PROCESS_BACKTRACE_INFORMATION = _RTL_PROCESS_BACKTRACE_INFORMATION; +pub type PRTL_PROCESS_BACKTRACE_INFORMATION = *mut _RTL_PROCESS_BACKTRACE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_PROCESS_BACKTRACES { + pub CommittedMemory: ULONG, + pub ReservedMemory: ULONG, + pub NumberOfBackTraceLookups: ULONG, + pub NumberOfBackTraces: ULONG, + pub BackTraces: [RTL_PROCESS_BACKTRACE_INFORMATION; 1usize], +} +impl Default for _RTL_PROCESS_BACKTRACES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_PROCESS_BACKTRACES = _RTL_PROCESS_BACKTRACES; +pub type PRTL_PROCESS_BACKTRACES = *mut _RTL_PROCESS_BACKTRACES; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO { + pub UniqueProcessId: USHORT, + pub CreatorBackTraceIndex: USHORT, + pub ObjectTypeIndex: UCHAR, + pub HandleAttributes: UCHAR, + pub HandleValue: USHORT, + pub Object: PVOID, + pub GrantedAccess: ULONG, +} +impl Default for _SYSTEM_HANDLE_TABLE_ENTRY_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_HANDLE_TABLE_ENTRY_INFO = _SYSTEM_HANDLE_TABLE_ENTRY_INFO; +pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO = *mut _SYSTEM_HANDLE_TABLE_ENTRY_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_HANDLE_INFORMATION { + pub NumberOfHandles: ULONG, + pub Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO; 1usize], +} +impl Default for _SYSTEM_HANDLE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_HANDLE_INFORMATION = _SYSTEM_HANDLE_INFORMATION; +pub type PSYSTEM_HANDLE_INFORMATION = *mut _SYSTEM_HANDLE_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_OBJECTTYPE_INFORMATION { + pub NextEntryOffset: ULONG, + pub NumberOfObjects: ULONG, + pub NumberOfHandles: ULONG, + pub TypeIndex: ULONG, + pub InvalidAttributes: ULONG, + pub GenericMapping: GENERIC_MAPPING, + pub ValidAccessMask: ULONG, + pub PoolType: ULONG, + pub SecurityRequired: BOOLEAN, + pub WaitableObject: BOOLEAN, + pub TypeName: UNICODE_STRING, +} +impl Default for _SYSTEM_OBJECTTYPE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_OBJECTTYPE_INFORMATION = _SYSTEM_OBJECTTYPE_INFORMATION; +pub type PSYSTEM_OBJECTTYPE_INFORMATION = *mut _SYSTEM_OBJECTTYPE_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_OBJECT_INFORMATION { + pub NextEntryOffset: ULONG, + pub Object: PVOID, + pub CreatorUniqueProcess: HANDLE, + pub CreatorBackTraceIndex: USHORT, + pub Flags: USHORT, + pub PointerCount: LONG, + pub HandleCount: LONG, + pub PagedPoolCharge: ULONG, + pub NonPagedPoolCharge: ULONG, + pub ExclusiveProcessId: HANDLE, + pub SecurityDescriptor: PVOID, + pub NameInfo: UNICODE_STRING, +} +impl Default for _SYSTEM_OBJECT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_OBJECT_INFORMATION = _SYSTEM_OBJECT_INFORMATION; +pub type PSYSTEM_OBJECT_INFORMATION = *mut _SYSTEM_OBJECT_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_PAGEFILE_INFORMATION { + pub NextEntryOffset: ULONG, + pub TotalSize: ULONG, + pub TotalInUse: ULONG, + pub PeakUsage: ULONG, + pub PageFileName: UNICODE_STRING, +} +impl Default for _SYSTEM_PAGEFILE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_PAGEFILE_INFORMATION = _SYSTEM_PAGEFILE_INFORMATION; +pub type PSYSTEM_PAGEFILE_INFORMATION = *mut _SYSTEM_PAGEFILE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_VDM_INSTEMUL_INFO { + pub SegmentNotPresent: ULONG, + pub VdmOpcode0F: ULONG, + pub OpcodeESPrefix: ULONG, + pub OpcodeCSPrefix: ULONG, + pub OpcodeSSPrefix: ULONG, + pub OpcodeDSPrefix: ULONG, + pub OpcodeFSPrefix: ULONG, + pub OpcodeGSPrefix: ULONG, + pub OpcodeOPER32Prefix: ULONG, + pub OpcodeADDR32Prefix: ULONG, + pub OpcodeINSB: ULONG, + pub OpcodeINSW: ULONG, + pub OpcodeOUTSB: ULONG, + pub OpcodeOUTSW: ULONG, + pub OpcodePUSHF: ULONG, + pub OpcodePOPF: ULONG, + pub OpcodeINTnn: ULONG, + pub OpcodeINTO: ULONG, + pub OpcodeIRET: ULONG, + pub OpcodeINBimm: ULONG, + pub OpcodeINWimm: ULONG, + pub OpcodeOUTBimm: ULONG, + pub OpcodeOUTWimm: ULONG, + pub OpcodeINB: ULONG, + pub OpcodeINW: ULONG, + pub OpcodeOUTB: ULONG, + pub OpcodeOUTW: ULONG, + pub OpcodeLOCKPrefix: ULONG, + pub OpcodeREPNEPrefix: ULONG, + pub OpcodeREPPrefix: ULONG, + pub OpcodeHLT: ULONG, + pub OpcodeCLI: ULONG, + pub OpcodeSTI: ULONG, + pub BopCount: ULONG, +} +pub type SYSTEM_VDM_INSTEMUL_INFO = _SYSTEM_VDM_INSTEMUL_INFO; +pub type PSYSTEM_VDM_INSTEMUL_INFO = *mut _SYSTEM_VDM_INSTEMUL_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_FILECACHE_INFORMATION { + pub CurrentSize: SIZE_T, + pub PeakSize: SIZE_T, + pub PageFaultCount: ULONG, + pub MinimumWorkingSet: SIZE_T, + pub MaximumWorkingSet: SIZE_T, + pub CurrentSizeIncludingTransitionInPages: SIZE_T, + pub PeakSizeIncludingTransitionInPages: SIZE_T, + pub TransitionRePurposeCount: ULONG, + pub Flags: ULONG, +} +pub type SYSTEM_FILECACHE_INFORMATION = _SYSTEM_FILECACHE_INFORMATION; +pub type PSYSTEM_FILECACHE_INFORMATION = *mut _SYSTEM_FILECACHE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_BASIC_WORKING_SET_INFORMATION { + pub CurrentSize: SIZE_T, + pub PeakSize: SIZE_T, + pub PageFaultCount: ULONG, +} +pub type SYSTEM_BASIC_WORKING_SET_INFORMATION = _SYSTEM_BASIC_WORKING_SET_INFORMATION; +pub type PSYSTEM_BASIC_WORKING_SET_INFORMATION = *mut _SYSTEM_BASIC_WORKING_SET_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_POOLTAG { + pub __bindgen_anon_1: _SYSTEM_POOLTAG__bindgen_ty_1, + pub PagedAllocs: ULONG, + pub PagedFrees: ULONG, + pub PagedUsed: SIZE_T, + pub NonPagedAllocs: ULONG, + pub NonPagedFrees: ULONG, + pub NonPagedUsed: SIZE_T, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_POOLTAG__bindgen_ty_1 { + pub Tag: [UCHAR; 4usize], + pub TagUlong: ULONG, +} +impl Default for _SYSTEM_POOLTAG__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_POOLTAG { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_POOLTAG = _SYSTEM_POOLTAG; +pub type PSYSTEM_POOLTAG = *mut _SYSTEM_POOLTAG; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_POOLTAG_INFORMATION { + pub Count: ULONG, + pub TagInfo: [SYSTEM_POOLTAG; 1usize], +} +impl Default for _SYSTEM_POOLTAG_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_POOLTAG_INFORMATION = _SYSTEM_POOLTAG_INFORMATION; +pub type PSYSTEM_POOLTAG_INFORMATION = *mut _SYSTEM_POOLTAG_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_INTERRUPT_INFORMATION { + pub ContextSwitches: ULONG, + pub DpcCount: ULONG, + pub DpcRate: ULONG, + pub TimeIncrement: ULONG, + pub DpcBypassCount: ULONG, + pub ApcBypassCount: ULONG, +} +pub type SYSTEM_INTERRUPT_INFORMATION = _SYSTEM_INTERRUPT_INFORMATION; +pub type PSYSTEM_INTERRUPT_INFORMATION = *mut _SYSTEM_INTERRUPT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_DPC_BEHAVIOR_INFORMATION { + pub Spare: ULONG, + pub DpcQueueDepth: ULONG, + pub MinimumDpcRate: ULONG, + pub AdjustDpcThreshold: ULONG, + pub IdealDpcRate: ULONG, +} +pub type SYSTEM_DPC_BEHAVIOR_INFORMATION = _SYSTEM_DPC_BEHAVIOR_INFORMATION; +pub type PSYSTEM_DPC_BEHAVIOR_INFORMATION = *mut _SYSTEM_DPC_BEHAVIOR_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION { + pub TimeAdjustment: ULONG, + pub TimeIncrement: ULONG, + pub Enable: BOOLEAN, +} +impl Default for _SYSTEM_QUERY_TIME_ADJUST_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_QUERY_TIME_ADJUST_INFORMATION = _SYSTEM_QUERY_TIME_ADJUST_INFORMATION; +pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION = *mut _SYSTEM_QUERY_TIME_ADJUST_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE { + pub TimeAdjustment: ULONGLONG, + pub TimeIncrement: ULONGLONG, + pub Enable: BOOLEAN, +} +impl Default for _SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE = + _SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE; +pub type PSYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE = + *mut _SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE; +#[repr(C)] +pub struct _SYSTEM_SET_TIME_ADJUST_INFORMATION { + pub TimeAdjustment: ULONG, + pub Enable: BOOLEAN, +} +impl Default for _SYSTEM_SET_TIME_ADJUST_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_SET_TIME_ADJUST_INFORMATION = _SYSTEM_SET_TIME_ADJUST_INFORMATION; +pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION = *mut _SYSTEM_SET_TIME_ADJUST_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE { + pub TimeAdjustment: ULONGLONG, + pub Enable: BOOLEAN, +} +impl Default for _SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE = _SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE; +pub type PSYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE = + *mut _SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _EVENT_TRACE_INFORMATION_CLASS { + EventTraceKernelVersionInformation = 0, + EventTraceGroupMaskInformation = 1, + EventTracePerformanceInformation = 2, + EventTraceTimeProfileInformation = 3, + EventTraceSessionSecurityInformation = 4, + EventTraceSpinlockInformation = 5, + EventTraceStackTracingInformation = 6, + EventTraceExecutiveResourceInformation = 7, + EventTraceHeapTracingInformation = 8, + EventTraceHeapSummaryTracingInformation = 9, + EventTracePoolTagFilterInformation = 10, + EventTracePebsTracingInformation = 11, + EventTraceProfileConfigInformation = 12, + EventTraceProfileSourceListInformation = 13, + EventTraceProfileEventListInformation = 14, + EventTraceProfileCounterListInformation = 15, + EventTraceStackCachingInformation = 16, + EventTraceObjectTypeFilterInformation = 17, + EventTraceSoftRestartInformation = 18, + EventTraceLastBranchConfigurationInformation = 19, + EventTraceLastBranchEventListInformation = 20, + EventTraceProfileSourceAddInformation = 21, + EventTraceProfileSourceRemoveInformation = 22, + EventTraceProcessorTraceConfigurationInformation = 23, + EventTraceProcessorTraceEventListInformation = 24, + EventTraceCoverageSamplerInformation = 25, + EventTraceUnifiedStackCachingInformation = 26, + MaxEventTraceInfoClass = 27, +} +pub use self::_EVENT_TRACE_INFORMATION_CLASS as EVENT_TRACE_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TRACE_ENABLE_FLAG_EXTENSION { + pub Offset: USHORT, + pub Length: UCHAR, + pub Flag: UCHAR, +} +pub type TRACE_ENABLE_FLAG_EXTENSION = _TRACE_ENABLE_FLAG_EXTENSION; +pub type PTRACE_ENABLE_FLAG_EXTENSION = *mut _TRACE_ENABLE_FLAG_EXTENSION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TRACE_ENABLE_FLAG_EXT_HEADER { + pub Length: USHORT, + pub Items: USHORT, +} +pub type TRACE_ENABLE_FLAG_EXT_HEADER = _TRACE_ENABLE_FLAG_EXT_HEADER; +pub type PTRACE_ENABLE_FLAG_EXT_HEADER = *mut _TRACE_ENABLE_FLAG_EXT_HEADER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TRACE_ENABLE_FLAG_EXT_ITEM { + pub Offset: USHORT, + pub Type: USHORT, +} +pub type TRACE_ENABLE_FLAG_EXT_ITEM = _TRACE_ENABLE_FLAG_EXT_ITEM; +pub type PTRACE_ENABLE_FLAG_EXT_ITEM = *mut _TRACE_ENABLE_FLAG_EXT_ITEM; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ETW_STACK_CACHING_CONFIG { + pub CacheSize: ULONG, + pub BucketCount: ULONG, +} +pub type ETW_STACK_CACHING_CONFIG = _ETW_STACK_CACHING_CONFIG; +pub type PETW_STACK_CACHING_CONFIG = *mut _ETW_STACK_CACHING_CONFIG; +pub type PERFINFO_MASK = ULONG; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PERFINFO_GROUPMASK { + pub Masks: [ULONG; 8usize], +} +pub type PERFINFO_GROUPMASK = _PERFINFO_GROUPMASK; +pub type PPERFINFO_GROUPMASK = *mut _PERFINFO_GROUPMASK; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_TRACE_VERSION_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub EventTraceKernelVersion: ULONG, +} +impl Default for _EVENT_TRACE_VERSION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_VERSION_INFORMATION = _EVENT_TRACE_VERSION_INFORMATION; +pub type PEVENT_TRACE_VERSION_INFORMATION = *mut _EVENT_TRACE_VERSION_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_TRACE_GROUPMASK_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub TraceHandle: TRACEHANDLE, + pub EventTraceGroupMasks: PERFINFO_GROUPMASK, +} +impl Default for _EVENT_TRACE_GROUPMASK_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_GROUPMASK_INFORMATION = _EVENT_TRACE_GROUPMASK_INFORMATION; +pub type PEVENT_TRACE_GROUPMASK_INFORMATION = *mut _EVENT_TRACE_GROUPMASK_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _EVENT_TRACE_PERFORMANCE_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub LogfileBytesWritten: LARGE_INTEGER, +} +impl Default for _EVENT_TRACE_PERFORMANCE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_PERFORMANCE_INFORMATION = _EVENT_TRACE_PERFORMANCE_INFORMATION; +pub type PEVENT_TRACE_PERFORMANCE_INFORMATION = *mut _EVENT_TRACE_PERFORMANCE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_TRACE_TIME_PROFILE_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub ProfileInterval: ULONG, +} +impl Default for _EVENT_TRACE_TIME_PROFILE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_TIME_PROFILE_INFORMATION = _EVENT_TRACE_TIME_PROFILE_INFORMATION; +pub type PEVENT_TRACE_TIME_PROFILE_INFORMATION = *mut _EVENT_TRACE_TIME_PROFILE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_TRACE_SESSION_SECURITY_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub SecurityInformation: ULONG, + pub TraceHandle: TRACEHANDLE, + pub SecurityDescriptor: [UCHAR; 1usize], +} +impl Default for _EVENT_TRACE_SESSION_SECURITY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_SESSION_SECURITY_INFORMATION = _EVENT_TRACE_SESSION_SECURITY_INFORMATION; +pub type PEVENT_TRACE_SESSION_SECURITY_INFORMATION = *mut _EVENT_TRACE_SESSION_SECURITY_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_TRACE_SPINLOCK_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub SpinLockSpinThreshold: ULONG, + pub SpinLockAcquireSampleRate: ULONG, + pub SpinLockContentionSampleRate: ULONG, + pub SpinLockHoldThreshold: ULONG, +} +impl Default for _EVENT_TRACE_SPINLOCK_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_SPINLOCK_INFORMATION = _EVENT_TRACE_SPINLOCK_INFORMATION; +pub type PEVENT_TRACE_SPINLOCK_INFORMATION = *mut _EVENT_TRACE_SPINLOCK_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_TRACE_SYSTEM_EVENT_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub TraceHandle: TRACEHANDLE, + pub HookId: [ULONG; 1usize], +} +impl Default for _EVENT_TRACE_SYSTEM_EVENT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_SYSTEM_EVENT_INFORMATION = _EVENT_TRACE_SYSTEM_EVENT_INFORMATION; +pub type PEVENT_TRACE_SYSTEM_EVENT_INFORMATION = *mut _EVENT_TRACE_SYSTEM_EVENT_INFORMATION; +pub type EVENT_TRACE_STACK_TRACING_INFORMATION = EVENT_TRACE_SYSTEM_EVENT_INFORMATION; +pub type PEVENT_TRACE_STACK_TRACING_INFORMATION = *mut EVENT_TRACE_SYSTEM_EVENT_INFORMATION; +pub type EVENT_TRACE_PEBS_TRACING_INFORMATION = EVENT_TRACE_SYSTEM_EVENT_INFORMATION; +pub type PEVENT_TRACE_PEBS_TRACING_INFORMATION = *mut EVENT_TRACE_SYSTEM_EVENT_INFORMATION; +pub type EVENT_TRACE_PROFILE_EVENT_INFORMATION = EVENT_TRACE_SYSTEM_EVENT_INFORMATION; +pub type PEVENT_TRACE_PROFILE_EVENT_INFORMATION = *mut EVENT_TRACE_SYSTEM_EVENT_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub ReleaseSamplingRate: ULONG, + pub ContentionSamplingRate: ULONG, + pub NumberOfExcessiveTimeouts: ULONG, +} +impl Default for _EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION = _EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION; +pub type PEVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION = + *mut _EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_TRACE_HEAP_TRACING_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub ProcessId: [ULONG; 1usize], +} +impl Default for _EVENT_TRACE_HEAP_TRACING_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_HEAP_TRACING_INFORMATION = _EVENT_TRACE_HEAP_TRACING_INFORMATION; +pub type PEVENT_TRACE_HEAP_TRACING_INFORMATION = *mut _EVENT_TRACE_HEAP_TRACING_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_TRACE_TAG_FILTER_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub TraceHandle: TRACEHANDLE, + pub Filter: [ULONG; 1usize], +} +impl Default for _EVENT_TRACE_TAG_FILTER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_TAG_FILTER_INFORMATION = _EVENT_TRACE_TAG_FILTER_INFORMATION; +pub type PEVENT_TRACE_TAG_FILTER_INFORMATION = *mut _EVENT_TRACE_TAG_FILTER_INFORMATION; +pub type EVENT_TRACE_POOLTAG_FILTER_INFORMATION = EVENT_TRACE_TAG_FILTER_INFORMATION; +pub type PEVENT_TRACE_POOLTAG_FILTER_INFORMATION = *mut EVENT_TRACE_TAG_FILTER_INFORMATION; +pub type EVENT_TRACE_OBJECT_TYPE_FILTER_INFORMATION = EVENT_TRACE_TAG_FILTER_INFORMATION; +pub type PEVENT_TRACE_OBJECT_TYPE_FILTER_INFORMATION = *mut EVENT_TRACE_TAG_FILTER_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_TRACE_PROFILE_COUNTER_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub TraceHandle: TRACEHANDLE, + pub ProfileSource: [ULONG; 1usize], +} +impl Default for _EVENT_TRACE_PROFILE_COUNTER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_PROFILE_COUNTER_INFORMATION = _EVENT_TRACE_PROFILE_COUNTER_INFORMATION; +pub type PEVENT_TRACE_PROFILE_COUNTER_INFORMATION = *mut _EVENT_TRACE_PROFILE_COUNTER_INFORMATION; +pub type EVENT_TRACE_PROFILE_CONFIG_INFORMATION = EVENT_TRACE_PROFILE_COUNTER_INFORMATION; +pub type PEVENT_TRACE_PROFILE_CONFIG_INFORMATION = *mut EVENT_TRACE_PROFILE_COUNTER_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_TRACE_PROFILE_LIST_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub Spare: ULONG, + pub Profile: [PPROFILE_SOURCE_INFO; 1usize], +} +impl Default for _EVENT_TRACE_PROFILE_LIST_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_PROFILE_LIST_INFORMATION = _EVENT_TRACE_PROFILE_LIST_INFORMATION; +pub type PEVENT_TRACE_PROFILE_LIST_INFORMATION = *mut _EVENT_TRACE_PROFILE_LIST_INFORMATION; +#[repr(C)] +pub struct _EVENT_TRACE_STACK_CACHING_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub TraceHandle: TRACEHANDLE, + pub Enabled: BOOLEAN, + pub Reserved: [UCHAR; 3usize], + pub CacheSize: ULONG, + pub BucketCount: ULONG, +} +impl Default for _EVENT_TRACE_STACK_CACHING_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_STACK_CACHING_INFORMATION = _EVENT_TRACE_STACK_CACHING_INFORMATION; +pub type PEVENT_TRACE_STACK_CACHING_INFORMATION = *mut _EVENT_TRACE_STACK_CACHING_INFORMATION; +#[repr(C)] +pub struct _EVENT_TRACE_SOFT_RESTART_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub TraceHandle: TRACEHANDLE, + pub PersistTraceBuffers: BOOLEAN, + pub FileName: [WCHAR; 1usize], +} +impl Default for _EVENT_TRACE_SOFT_RESTART_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_SOFT_RESTART_INFORMATION = _EVENT_TRACE_SOFT_RESTART_INFORMATION; +pub type PEVENT_TRACE_SOFT_RESTART_INFORMATION = *mut _EVENT_TRACE_SOFT_RESTART_INFORMATION; +#[repr(C)] +pub struct _EVENT_TRACE_PROFILE_ADD_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub PerfEvtEventSelect: BOOLEAN, + pub PerfEvtUnitSelect: BOOLEAN, + pub PerfEvtType: ULONG, + pub CpuInfoHierarchy: [ULONG; 3usize], + pub InitialInterval: ULONG, + pub AllowsHalt: BOOLEAN, + pub Persist: BOOLEAN, + pub ProfileSourceDescription: [WCHAR; 1usize], +} +impl Default for _EVENT_TRACE_PROFILE_ADD_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_PROFILE_ADD_INFORMATION = _EVENT_TRACE_PROFILE_ADD_INFORMATION; +pub type PEVENT_TRACE_PROFILE_ADD_INFORMATION = *mut _EVENT_TRACE_PROFILE_ADD_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_TRACE_PROFILE_REMOVE_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub ProfileSource: KPROFILE_SOURCE, + pub CpuInfoHierarchy: [ULONG; 3usize], +} +impl Default for _EVENT_TRACE_PROFILE_REMOVE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_PROFILE_REMOVE_INFORMATION = _EVENT_TRACE_PROFILE_REMOVE_INFORMATION; +pub type PEVENT_TRACE_PROFILE_REMOVE_INFORMATION = *mut _EVENT_TRACE_PROFILE_REMOVE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION { + pub EventTraceInformationClass: EVENT_TRACE_INFORMATION_CLASS, + pub CoverageSamplerInformationClass: UCHAR, + pub MajorVersion: UCHAR, + pub MinorVersion: UCHAR, + pub Reserved: UCHAR, + pub SamplerHandle: HANDLE, +} +impl Default for _EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION = _EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION; +pub type PEVENT_TRACE_COVERAGE_SAMPLER_INFORMATION = *mut _EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_EXCEPTION_INFORMATION { + pub AlignmentFixupCount: ULONG, + pub ExceptionDispatchCount: ULONG, + pub FloatingEmulationCount: ULONG, + pub ByteWordEmulationCount: ULONG, +} +pub type SYSTEM_EXCEPTION_INFORMATION = _SYSTEM_EXCEPTION_INFORMATION; +pub type PSYSTEM_EXCEPTION_INFORMATION = *mut _SYSTEM_EXCEPTION_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS { + SystemCrashDumpDisable = 0, + SystemCrashDumpReconfigure = 1, + SystemCrashDumpInitializationComplete = 2, +} +pub use self::_SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS as SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS; +pub type PSYSTEM_CRASH_DUMP_CONFIGURATION_CLASS = *mut _SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION { + pub CrashDumpConfigurationClass: SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS, +} +impl Default for _SYSTEM_CRASH_DUMP_STATE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_CRASH_DUMP_STATE_INFORMATION = _SYSTEM_CRASH_DUMP_STATE_INFORMATION; +pub type PSYSTEM_CRASH_DUMP_STATE_INFORMATION = *mut _SYSTEM_CRASH_DUMP_STATE_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION { + pub KernelDebuggerEnabled: BOOLEAN, + pub KernelDebuggerNotPresent: BOOLEAN, +} +impl Default for _SYSTEM_KERNEL_DEBUGGER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_KERNEL_DEBUGGER_INFORMATION = _SYSTEM_KERNEL_DEBUGGER_INFORMATION; +pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION = *mut _SYSTEM_KERNEL_DEBUGGER_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_CONTEXT_SWITCH_INFORMATION { + pub ContextSwitches: ULONG, + pub FindAny: ULONG, + pub FindLast: ULONG, + pub FindIdeal: ULONG, + pub IdleAny: ULONG, + pub IdleCurrent: ULONG, + pub IdleLast: ULONG, + pub IdleIdeal: ULONG, + pub PreemptAny: ULONG, + pub PreemptCurrent: ULONG, + pub PreemptLast: ULONG, + pub SwitchToIdle: ULONG, +} +pub type SYSTEM_CONTEXT_SWITCH_INFORMATION = _SYSTEM_CONTEXT_SWITCH_INFORMATION; +pub type PSYSTEM_CONTEXT_SWITCH_INFORMATION = *mut _SYSTEM_CONTEXT_SWITCH_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_REGISTRY_QUOTA_INFORMATION { + pub RegistryQuotaAllowed: ULONG, + pub RegistryQuotaUsed: ULONG, + pub PagedPoolSize: SIZE_T, +} +pub type SYSTEM_REGISTRY_QUOTA_INFORMATION = _SYSTEM_REGISTRY_QUOTA_INFORMATION; +pub type PSYSTEM_REGISTRY_QUOTA_INFORMATION = *mut _SYSTEM_REGISTRY_QUOTA_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PROCESSOR_IDLE_INFORMATION { + pub IdleTime: ULONGLONG, + pub C1Time: ULONGLONG, + pub C2Time: ULONGLONG, + pub C3Time: ULONGLONG, + pub C1Transitions: ULONG, + pub C2Transitions: ULONG, + pub C3Transitions: ULONG, + pub Padding: ULONG, +} +pub type SYSTEM_PROCESSOR_IDLE_INFORMATION = _SYSTEM_PROCESSOR_IDLE_INFORMATION; +pub type PSYSTEM_PROCESSOR_IDLE_INFORMATION = *mut _SYSTEM_PROCESSOR_IDLE_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_LEGACY_DRIVER_INFORMATION { + pub VetoType: ULONG, + pub VetoList: UNICODE_STRING, +} +impl Default for _SYSTEM_LEGACY_DRIVER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_LEGACY_DRIVER_INFORMATION = _SYSTEM_LEGACY_DRIVER_INFORMATION; +pub type PSYSTEM_LEGACY_DRIVER_INFORMATION = *mut _SYSTEM_LEGACY_DRIVER_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_LOOKASIDE_INFORMATION { + pub CurrentDepth: USHORT, + pub MaximumDepth: USHORT, + pub TotalAllocates: ULONG, + pub AllocateMisses: ULONG, + pub TotalFrees: ULONG, + pub FreeMisses: ULONG, + pub Type: ULONG, + pub Tag: ULONG, + pub Size: ULONG, +} +pub type SYSTEM_LOOKASIDE_INFORMATION = _SYSTEM_LOOKASIDE_INFORMATION; +pub type PSYSTEM_LOOKASIDE_INFORMATION = *mut _SYSTEM_LOOKASIDE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_RANGE_START_INFORMATION { + pub SystemRangeStart: ULONG_PTR, +} +pub type SYSTEM_RANGE_START_INFORMATION = _SYSTEM_RANGE_START_INFORMATION; +pub type PSYSTEM_RANGE_START_INFORMATION = *mut _SYSTEM_RANGE_START_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_VERIFIER_INFORMATION_LEGACY { + pub NextEntryOffset: ULONG, + pub Level: ULONG, + pub DriverName: UNICODE_STRING, + pub RaiseIrqls: ULONG, + pub AcquireSpinLocks: ULONG, + pub SynchronizeExecutions: ULONG, + pub AllocationsAttempted: ULONG, + pub AllocationsSucceeded: ULONG, + pub AllocationsSucceededSpecialPool: ULONG, + pub AllocationsWithNoTag: ULONG, + pub TrimRequests: ULONG, + pub Trims: ULONG, + pub AllocationsFailed: ULONG, + pub AllocationsFailedDeliberately: ULONG, + pub Loads: ULONG, + pub Unloads: ULONG, + pub UnTrackedPool: ULONG, + pub CurrentPagedPoolAllocations: ULONG, + pub CurrentNonPagedPoolAllocations: ULONG, + pub PeakPagedPoolAllocations: ULONG, + pub PeakNonPagedPoolAllocations: ULONG, + pub PagedPoolUsageInBytes: SIZE_T, + pub NonPagedPoolUsageInBytes: SIZE_T, + pub PeakPagedPoolUsageInBytes: SIZE_T, + pub PeakNonPagedPoolUsageInBytes: SIZE_T, +} +impl Default for _SYSTEM_VERIFIER_INFORMATION_LEGACY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_VERIFIER_INFORMATION_LEGACY = _SYSTEM_VERIFIER_INFORMATION_LEGACY; +pub type PSYSTEM_VERIFIER_INFORMATION_LEGACY = *mut _SYSTEM_VERIFIER_INFORMATION_LEGACY; +#[repr(C)] +pub struct _SYSTEM_VERIFIER_INFORMATION { + pub NextEntryOffset: ULONG, + pub Level: ULONG, + pub RuleClasses: [ULONG; 2usize], + pub TriageContext: ULONG, + pub AreAllDriversBeingVerified: ULONG, + pub DriverName: UNICODE_STRING, + pub RaiseIrqls: ULONG, + pub AcquireSpinLocks: ULONG, + pub SynchronizeExecutions: ULONG, + pub AllocationsAttempted: ULONG, + pub AllocationsSucceeded: ULONG, + pub AllocationsSucceededSpecialPool: ULONG, + pub AllocationsWithNoTag: ULONG, + pub TrimRequests: ULONG, + pub Trims: ULONG, + pub AllocationsFailed: ULONG, + pub AllocationsFailedDeliberately: ULONG, + pub Loads: ULONG, + pub Unloads: ULONG, + pub UnTrackedPool: ULONG, + pub CurrentPagedPoolAllocations: ULONG, + pub CurrentNonPagedPoolAllocations: ULONG, + pub PeakPagedPoolAllocations: ULONG, + pub PeakNonPagedPoolAllocations: ULONG, + pub PagedPoolUsageInBytes: SIZE_T, + pub NonPagedPoolUsageInBytes: SIZE_T, + pub PeakPagedPoolUsageInBytes: SIZE_T, + pub PeakNonPagedPoolUsageInBytes: SIZE_T, +} +impl Default for _SYSTEM_VERIFIER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_VERIFIER_INFORMATION = _SYSTEM_VERIFIER_INFORMATION; +pub type PSYSTEM_VERIFIER_INFORMATION = *mut _SYSTEM_VERIFIER_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_SESSION_PROCESS_INFORMATION { + pub SessionId: ULONG, + pub SizeOfBuf: ULONG, + pub Buffer: PVOID, +} +impl Default for _SYSTEM_SESSION_PROCESS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_SESSION_PROCESS_INFORMATION = _SYSTEM_SESSION_PROCESS_INFORMATION; +pub type PSYSTEM_SESSION_PROCESS_INFORMATION = *mut _SYSTEM_SESSION_PROCESS_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_GDI_DRIVER_INFORMATION { + pub DriverName: UNICODE_STRING, + pub ImageAddress: PVOID, + pub SectionPointer: PVOID, + pub EntryPoint: PVOID, + pub ExportSectionPointer: PIMAGE_EXPORT_DIRECTORY, + pub ImageLength: ULONG, +} +impl Default for _SYSTEM_GDI_DRIVER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_GDI_DRIVER_INFORMATION = _SYSTEM_GDI_DRIVER_INFORMATION; +pub type PSYSTEM_GDI_DRIVER_INFORMATION = *mut _SYSTEM_GDI_DRIVER_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_NUMA_INFORMATION { + pub HighestNodeNumber: ULONG, + pub Reserved: ULONG, + pub __bindgen_anon_1: _SYSTEM_NUMA_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_NUMA_INFORMATION__bindgen_ty_1 { + pub ActiveProcessorsGroupAffinity: [GROUP_AFFINITY; 64usize], + pub AvailableMemory: [ULONGLONG; 64usize], + pub Pad: [ULONGLONG; 128usize], +} +impl Default for _SYSTEM_NUMA_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_NUMA_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_NUMA_INFORMATION = _SYSTEM_NUMA_INFORMATION; +pub type PSYSTEM_NUMA_INFORMATION = *mut _SYSTEM_NUMA_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PROCESSOR_POWER_INFORMATION { + pub CurrentFrequency: UCHAR, + pub ThermalLimitFrequency: UCHAR, + pub ConstantThrottleFrequency: UCHAR, + pub DegradedThrottleFrequency: UCHAR, + pub LastBusyFrequency: UCHAR, + pub LastC3Frequency: UCHAR, + pub LastAdjustedBusyFrequency: UCHAR, + pub ProcessorMinThrottle: UCHAR, + pub ProcessorMaxThrottle: UCHAR, + pub NumberOfFrequencies: ULONG, + pub PromotionCount: ULONG, + pub DemotionCount: ULONG, + pub ErrorCount: ULONG, + pub RetryCount: ULONG, + pub CurrentFrequencyTime: ULONGLONG, + pub CurrentProcessorTime: ULONGLONG, + pub CurrentProcessorIdleTime: ULONGLONG, + pub LastProcessorTime: ULONGLONG, + pub LastProcessorIdleTime: ULONGLONG, + pub Energy: ULONGLONG, +} +pub type SYSTEM_PROCESSOR_POWER_INFORMATION = _SYSTEM_PROCESSOR_POWER_INFORMATION; +pub type PSYSTEM_PROCESSOR_POWER_INFORMATION = *mut _SYSTEM_PROCESSOR_POWER_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX { + pub Object: PVOID, + pub UniqueProcessId: ULONG_PTR, + pub HandleValue: ULONG_PTR, + pub GrantedAccess: ULONG, + pub CreatorBackTraceIndex: USHORT, + pub ObjectTypeIndex: USHORT, + pub HandleAttributes: ULONG, + pub Reserved: ULONG, +} +impl Default for _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX = _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; +pub type PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX = *mut _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_HANDLE_INFORMATION_EX { + pub NumberOfHandles: ULONG_PTR, + pub Reserved: ULONG_PTR, + pub Handles: [SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; 1usize], +} +impl Default for _SYSTEM_HANDLE_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_HANDLE_INFORMATION_EX = _SYSTEM_HANDLE_INFORMATION_EX; +pub type PSYSTEM_HANDLE_INFORMATION_EX = *mut _SYSTEM_HANDLE_INFORMATION_EX; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_BIGPOOL_ENTRY { + pub __bindgen_anon_1: _SYSTEM_BIGPOOL_ENTRY__bindgen_ty_1, + pub SizeInBytes: SIZE_T, + pub __bindgen_anon_2: _SYSTEM_BIGPOOL_ENTRY__bindgen_ty_2, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_BIGPOOL_ENTRY__bindgen_ty_1 { + pub VirtualAddress: PVOID, + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, +} +impl Default for _SYSTEM_BIGPOOL_ENTRY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SYSTEM_BIGPOOL_ENTRY__bindgen_ty_1 { + #[inline] + pub fn NonPaged(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u64) } + } + #[inline] + pub fn set_NonPaged(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(NonPaged: ULONG_PTR) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let NonPaged: u64 = unsafe { ::core::mem::transmute(NonPaged) }; + NonPaged as u64 + }); + __bindgen_bitfield_unit + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_BIGPOOL_ENTRY__bindgen_ty_2 { + pub Tag: [UCHAR; 4usize], + pub TagUlong: ULONG, +} +impl Default for _SYSTEM_BIGPOOL_ENTRY__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_BIGPOOL_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_BIGPOOL_ENTRY = _SYSTEM_BIGPOOL_ENTRY; +pub type PSYSTEM_BIGPOOL_ENTRY = *mut _SYSTEM_BIGPOOL_ENTRY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_BIGPOOL_INFORMATION { + pub Count: ULONG, + pub AllocatedInfo: [SYSTEM_BIGPOOL_ENTRY; 1usize], +} +impl Default for _SYSTEM_BIGPOOL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_BIGPOOL_INFORMATION = _SYSTEM_BIGPOOL_INFORMATION; +pub type PSYSTEM_BIGPOOL_INFORMATION = *mut _SYSTEM_BIGPOOL_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_POOL_ENTRY { + pub Allocated: BOOLEAN, + pub Spare0: BOOLEAN, + pub AllocatorBackTraceIndex: USHORT, + pub Size: ULONG, + pub __bindgen_anon_1: _SYSTEM_POOL_ENTRY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_POOL_ENTRY__bindgen_ty_1 { + pub Tag: [UCHAR; 4usize], + pub TagUlong: ULONG, + pub ProcessChargedQuota: PVOID, +} +impl Default for _SYSTEM_POOL_ENTRY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_POOL_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_POOL_ENTRY = _SYSTEM_POOL_ENTRY; +pub type PSYSTEM_POOL_ENTRY = *mut _SYSTEM_POOL_ENTRY; +#[repr(C)] +pub struct _SYSTEM_POOL_INFORMATION { + pub TotalSize: SIZE_T, + pub FirstEntry: PVOID, + pub EntryOverhead: USHORT, + pub PoolTagPresent: BOOLEAN, + pub Spare0: BOOLEAN, + pub NumberOfEntries: ULONG, + pub Entries: [SYSTEM_POOL_ENTRY; 1usize], +} +impl Default for _SYSTEM_POOL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_POOL_INFORMATION = _SYSTEM_POOL_INFORMATION; +pub type PSYSTEM_POOL_INFORMATION = *mut _SYSTEM_POOL_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_SESSION_POOLTAG_INFORMATION { + pub NextEntryOffset: SIZE_T, + pub SessionId: ULONG, + pub Count: ULONG, + pub TagInfo: [SYSTEM_POOLTAG; 1usize], +} +impl Default for _SYSTEM_SESSION_POOLTAG_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_SESSION_POOLTAG_INFORMATION = _SYSTEM_SESSION_POOLTAG_INFORMATION; +pub type PSYSTEM_SESSION_POOLTAG_INFORMATION = *mut _SYSTEM_SESSION_POOLTAG_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_SESSION_MAPPED_VIEW_INFORMATION { + pub NextEntryOffset: SIZE_T, + pub SessionId: ULONG, + pub ViewFailures: ULONG, + pub NumberOfBytesAvailable: SIZE_T, + pub NumberOfBytesAvailableContiguous: SIZE_T, +} +pub type SYSTEM_SESSION_MAPPED_VIEW_INFORMATION = _SYSTEM_SESSION_MAPPED_VIEW_INFORMATION; +pub type PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION = *mut _SYSTEM_SESSION_MAPPED_VIEW_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _WATCHDOG_HANDLER_ACTION { + WdActionSetTimeoutValue = 0, + WdActionQueryTimeoutValue = 1, + WdActionResetTimer = 2, + WdActionStopTimer = 3, + WdActionStartTimer = 4, + WdActionSetTriggerAction = 5, + WdActionQueryTriggerAction = 6, + WdActionQueryState = 7, +} +pub use self::_WATCHDOG_HANDLER_ACTION as WATCHDOG_HANDLER_ACTION; +pub type PSYSTEM_WATCHDOG_HANDLER = ::core::option::Option< + unsafe extern "C" fn( + Action: WATCHDOG_HANDLER_ACTION, + Context: PVOID, + DataValue: PULONG, + NoLocks: BOOLEAN, + ) -> NTSTATUS, +>; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_WATCHDOG_HANDLER_INFORMATION { + pub WdHandler: PSYSTEM_WATCHDOG_HANDLER, + pub Context: PVOID, +} +impl Default for _SYSTEM_WATCHDOG_HANDLER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_WATCHDOG_HANDLER_INFORMATION = _SYSTEM_WATCHDOG_HANDLER_INFORMATION; +pub type PSYSTEM_WATCHDOG_HANDLER_INFORMATION = *mut _SYSTEM_WATCHDOG_HANDLER_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _WATCHDOG_INFORMATION_CLASS { + WdInfoTimeoutValue = 0, + WdInfoResetTimer = 1, + WdInfoStopTimer = 2, + WdInfoStartTimer = 3, + WdInfoTriggerAction = 4, + WdInfoState = 5, + WdInfoTriggerReset = 6, + WdInfoNop = 7, + WdInfoGeneratedLastReset = 8, + WdInfoInvalid = 9, +} +pub use self::_WATCHDOG_INFORMATION_CLASS as WATCHDOG_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_WATCHDOG_TIMER_INFORMATION { + pub WdInfoClass: WATCHDOG_INFORMATION_CLASS, + pub DataValue: ULONG, +} +impl Default for _SYSTEM_WATCHDOG_TIMER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_WATCHDOG_TIMER_INFORMATION = _SYSTEM_WATCHDOG_TIMER_INFORMATION; +pub type PSYSTEM_WATCHDOG_TIMER_INFORMATION = *mut _SYSTEM_WATCHDOG_TIMER_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYSTEM_FIRMWARE_TABLE_ACTION { + SystemFirmwareTableEnumerate = 0, + SystemFirmwareTableGet = 1, + SystemFirmwareTableMax = 2, +} +pub use self::_SYSTEM_FIRMWARE_TABLE_ACTION as SYSTEM_FIRMWARE_TABLE_ACTION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_FIRMWARE_TABLE_INFORMATION { + pub ProviderSignature: ULONG, + pub Action: SYSTEM_FIRMWARE_TABLE_ACTION, + pub TableID: ULONG, + pub TableBufferLength: ULONG, + pub TableBuffer: [UCHAR; 1usize], +} +impl Default for _SYSTEM_FIRMWARE_TABLE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_FIRMWARE_TABLE_INFORMATION = _SYSTEM_FIRMWARE_TABLE_INFORMATION; +pub type PSYSTEM_FIRMWARE_TABLE_INFORMATION = *mut _SYSTEM_FIRMWARE_TABLE_INFORMATION; +pub type PFNFTH = ::core::option::Option< + unsafe extern "C" fn(SystemFirmwareTableInfo: PSYSTEM_FIRMWARE_TABLE_INFORMATION) -> NTSTATUS, +>; +#[repr(C)] +pub struct _SYSTEM_FIRMWARE_TABLE_HANDLER { + pub ProviderSignature: ULONG, + pub Register: BOOLEAN, + pub FirmwareTableHandler: PFNFTH, + pub DriverObject: PVOID, +} +impl Default for _SYSTEM_FIRMWARE_TABLE_HANDLER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_FIRMWARE_TABLE_HANDLER = _SYSTEM_FIRMWARE_TABLE_HANDLER; +pub type PSYSTEM_FIRMWARE_TABLE_HANDLER = *mut _SYSTEM_FIRMWARE_TABLE_HANDLER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_MEMORY_LIST_INFORMATION { + pub ZeroPageCount: ULONG_PTR, + pub FreePageCount: ULONG_PTR, + pub ModifiedPageCount: ULONG_PTR, + pub ModifiedNoWritePageCount: ULONG_PTR, + pub BadPageCount: ULONG_PTR, + pub PageCountByPriority: [ULONG_PTR; 8usize], + pub RepurposedPagesByPriority: [ULONG_PTR; 8usize], + pub ModifiedPageCountPageFile: ULONG_PTR, +} +pub type SYSTEM_MEMORY_LIST_INFORMATION = _SYSTEM_MEMORY_LIST_INFORMATION; +pub type PSYSTEM_MEMORY_LIST_INFORMATION = *mut _SYSTEM_MEMORY_LIST_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYSTEM_MEMORY_LIST_COMMAND { + MemoryCaptureAccessedBits = 0, + MemoryCaptureAndResetAccessedBits = 1, + MemoryEmptyWorkingSets = 2, + MemoryFlushModifiedList = 3, + MemoryPurgeStandbyList = 4, + MemoryPurgeLowPriorityStandbyList = 5, + MemoryCommandMax = 6, +} +pub use self::_SYSTEM_MEMORY_LIST_COMMAND as SYSTEM_MEMORY_LIST_COMMAND; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_THREAD_CID_PRIORITY_INFORMATION { + pub ClientId: CLIENT_ID, + pub Priority: KPRIORITY, +} +impl Default for _SYSTEM_THREAD_CID_PRIORITY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_THREAD_CID_PRIORITY_INFORMATION = _SYSTEM_THREAD_CID_PRIORITY_INFORMATION; +pub type PSYSTEM_THREAD_CID_PRIORITY_INFORMATION = *mut _SYSTEM_THREAD_CID_PRIORITY_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION { + pub CycleTime: ULONGLONG, +} +pub type SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION = + _SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION; +pub type PSYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION = + *mut _SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_VERIFIER_ISSUE { + pub IssueType: ULONGLONG, + pub Address: PVOID, + pub Parameters: [ULONGLONG; 2usize], +} +impl Default for _SYSTEM_VERIFIER_ISSUE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_VERIFIER_ISSUE = _SYSTEM_VERIFIER_ISSUE; +pub type PSYSTEM_VERIFIER_ISSUE = *mut _SYSTEM_VERIFIER_ISSUE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_VERIFIER_CANCELLATION_INFORMATION { + pub CancelProbability: ULONG, + pub CancelThreshold: ULONG, + pub CompletionThreshold: ULONG, + pub CancellationVerifierDisabled: ULONG, + pub AvailableIssues: ULONG, + pub Issues: [SYSTEM_VERIFIER_ISSUE; 128usize], +} +impl Default for _SYSTEM_VERIFIER_CANCELLATION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_VERIFIER_CANCELLATION_INFORMATION = _SYSTEM_VERIFIER_CANCELLATION_INFORMATION; +pub type PSYSTEM_VERIFIER_CANCELLATION_INFORMATION = *mut _SYSTEM_VERIFIER_CANCELLATION_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_REF_TRACE_INFORMATION { + pub TraceEnable: BOOLEAN, + pub TracePermanent: BOOLEAN, + pub TraceProcessName: UNICODE_STRING, + pub TracePoolTags: UNICODE_STRING, +} +impl Default for _SYSTEM_REF_TRACE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_REF_TRACE_INFORMATION = _SYSTEM_REF_TRACE_INFORMATION; +pub type PSYSTEM_REF_TRACE_INFORMATION = *mut _SYSTEM_REF_TRACE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_SPECIAL_POOL_INFORMATION { + pub PoolTag: ULONG, + pub Flags: ULONG, +} +pub type SYSTEM_SPECIAL_POOL_INFORMATION = _SYSTEM_SPECIAL_POOL_INFORMATION; +pub type PSYSTEM_SPECIAL_POOL_INFORMATION = *mut _SYSTEM_SPECIAL_POOL_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_PROCESS_ID_INFORMATION { + pub ProcessId: HANDLE, + pub ImageName: UNICODE_STRING, +} +impl Default for _SYSTEM_PROCESS_ID_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_PROCESS_ID_INFORMATION = _SYSTEM_PROCESS_ID_INFORMATION; +pub type PSYSTEM_PROCESS_ID_INFORMATION = *mut _SYSTEM_PROCESS_ID_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_HYPERVISOR_QUERY_INFORMATION { + pub HypervisorConnected: BOOLEAN, + pub HypervisorDebuggingEnabled: BOOLEAN, + pub HypervisorPresent: BOOLEAN, + pub Spare0: [BOOLEAN; 5usize], + pub EnabledEnlightenments: ULONGLONG, +} +impl Default for _SYSTEM_HYPERVISOR_QUERY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_HYPERVISOR_QUERY_INFORMATION = _SYSTEM_HYPERVISOR_QUERY_INFORMATION; +pub type PSYSTEM_HYPERVISOR_QUERY_INFORMATION = *mut _SYSTEM_HYPERVISOR_QUERY_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION { + pub BootIdentifier: GUID, + pub FirmwareType: FIRMWARE_TYPE, + pub __bindgen_anon_1: _SYSTEM_BOOT_ENVIRONMENT_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_BOOT_ENVIRONMENT_INFORMATION__bindgen_ty_1 { + pub BootFlags: ULONGLONG, + pub __bindgen_anon_1: _SYSTEM_BOOT_ENVIRONMENT_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(8))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>, + pub __bindgen_padding_0: [u16; 3usize], +} +impl _SYSTEM_BOOT_ENVIRONMENT_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn DbgMenuOsSelection(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u64) } + } + #[inline] + pub fn set_DbgMenuOsSelection(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgHiberBoot(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u64) } + } + #[inline] + pub fn set_DbgHiberBoot(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgSoftBoot(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u64) } + } + #[inline] + pub fn set_DbgSoftBoot(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgMeasuredLaunch(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u64) } + } + #[inline] + pub fn set_DbgMeasuredLaunch(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgMeasuredLaunchCapable(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u64) } + } + #[inline] + pub fn set_DbgMeasuredLaunchCapable(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgSystemHiveReplace(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u64) } + } + #[inline] + pub fn set_DbgSystemHiveReplace(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgMeasuredLaunchSmmProtections(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u64) } + } + #[inline] + pub fn set_DbgMeasuredLaunchSmmProtections(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgMeasuredLaunchSmmLevel(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 7u8) as u64) } + } + #[inline] + pub fn set_DbgMeasuredLaunchSmmLevel(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 7u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + DbgMenuOsSelection: ULONGLONG, + DbgHiberBoot: ULONGLONG, + DbgSoftBoot: ULONGLONG, + DbgMeasuredLaunch: ULONGLONG, + DbgMeasuredLaunchCapable: ULONGLONG, + DbgSystemHiveReplace: ULONGLONG, + DbgMeasuredLaunchSmmProtections: ULONGLONG, + DbgMeasuredLaunchSmmLevel: ULONGLONG, + ) -> __BindgenBitfieldUnit<[u8; 2usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let DbgMenuOsSelection: u64 = unsafe { ::core::mem::transmute(DbgMenuOsSelection) }; + DbgMenuOsSelection as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let DbgHiberBoot: u64 = unsafe { ::core::mem::transmute(DbgHiberBoot) }; + DbgHiberBoot as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let DbgSoftBoot: u64 = unsafe { ::core::mem::transmute(DbgSoftBoot) }; + DbgSoftBoot as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let DbgMeasuredLaunch: u64 = unsafe { ::core::mem::transmute(DbgMeasuredLaunch) }; + DbgMeasuredLaunch as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let DbgMeasuredLaunchCapable: u64 = + unsafe { ::core::mem::transmute(DbgMeasuredLaunchCapable) }; + DbgMeasuredLaunchCapable as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let DbgSystemHiveReplace: u64 = unsafe { ::core::mem::transmute(DbgSystemHiveReplace) }; + DbgSystemHiveReplace as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let DbgMeasuredLaunchSmmProtections: u64 = + unsafe { ::core::mem::transmute(DbgMeasuredLaunchSmmProtections) }; + DbgMeasuredLaunchSmmProtections as u64 + }); + __bindgen_bitfield_unit.set(7usize, 7u8, { + let DbgMeasuredLaunchSmmLevel: u64 = + unsafe { ::core::mem::transmute(DbgMeasuredLaunchSmmLevel) }; + DbgMeasuredLaunchSmmLevel as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSTEM_BOOT_ENVIRONMENT_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_BOOT_ENVIRONMENT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_BOOT_ENVIRONMENT_INFORMATION = _SYSTEM_BOOT_ENVIRONMENT_INFORMATION; +pub type PSYSTEM_BOOT_ENVIRONMENT_INFORMATION = *mut _SYSTEM_BOOT_ENVIRONMENT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION { + pub FlagsToEnable: ULONG, + pub FlagsToDisable: ULONG, +} +pub type SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION = + _SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION; +pub type PSYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION = + *mut _SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _COVERAGE_REQUEST_CODES { + CoverageAllModules = 0, + CoverageSearchByHash = 1, + CoverageSearchByName = 2, +} +pub use self::_COVERAGE_REQUEST_CODES as COVERAGE_REQUEST_CODES; +#[repr(C)] +pub struct _COVERAGE_MODULE_REQUEST { + pub RequestType: COVERAGE_REQUEST_CODES, + pub SearchInfo: _COVERAGE_MODULE_REQUEST__bindgen_ty_1, +} +#[repr(C)] +pub union _COVERAGE_MODULE_REQUEST__bindgen_ty_1 { + pub MD5Hash: ::core::mem::ManuallyDrop<[UCHAR; 16usize]>, + pub ModuleName: ::core::mem::ManuallyDrop, +} +impl Default for _COVERAGE_MODULE_REQUEST__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _COVERAGE_MODULE_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type COVERAGE_MODULE_REQUEST = _COVERAGE_MODULE_REQUEST; +pub type PCOVERAGE_MODULE_REQUEST = *mut _COVERAGE_MODULE_REQUEST; +#[repr(C)] +pub struct _COVERAGE_MODULE_INFO { + pub ModuleInfoSize: ULONG, + pub IsBinaryLoaded: ULONG, + pub ModulePathName: UNICODE_STRING, + pub CoverageSectionSize: ULONG, + pub CoverageSection: [UCHAR; 1usize], +} +impl Default for _COVERAGE_MODULE_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type COVERAGE_MODULE_INFO = _COVERAGE_MODULE_INFO; +pub type PCOVERAGE_MODULE_INFO = *mut _COVERAGE_MODULE_INFO; +#[repr(C)] +pub struct _COVERAGE_MODULES { + pub ListAndReset: ULONG, + pub NumberOfModules: ULONG, + pub ModuleRequestInfo: COVERAGE_MODULE_REQUEST, + pub Modules: [COVERAGE_MODULE_INFO; 1usize], +} +impl Default for _COVERAGE_MODULES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type COVERAGE_MODULES = _COVERAGE_MODULES; +pub type PCOVERAGE_MODULES = *mut _COVERAGE_MODULES; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PREFETCH_PATCH_INFORMATION { + pub PrefetchPatchCount: ULONG, +} +pub type SYSTEM_PREFETCH_PATCH_INFORMATION = _SYSTEM_PREFETCH_PATCH_INFORMATION; +pub type PSYSTEM_PREFETCH_PATCH_INFORMATION = *mut _SYSTEM_PREFETCH_PATCH_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_VERIFIER_FAULTS_INFORMATION { + pub Probability: ULONG, + pub MaxProbability: ULONG, + pub PoolTags: UNICODE_STRING, + pub Applications: UNICODE_STRING, +} +impl Default for _SYSTEM_VERIFIER_FAULTS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_VERIFIER_FAULTS_INFORMATION = _SYSTEM_VERIFIER_FAULTS_INFORMATION; +pub type PSYSTEM_VERIFIER_FAULTS_INFORMATION = *mut _SYSTEM_VERIFIER_FAULTS_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_VERIFIER_INFORMATION_EX { + pub VerifyMode: ULONG, + pub OptionChanges: ULONG, + pub PreviousBucketName: UNICODE_STRING, + pub IrpCancelTimeoutMsec: ULONG, + pub VerifierExtensionEnabled: ULONG, + pub Reserved: [ULONG; 1usize], +} +impl Default for _SYSTEM_VERIFIER_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_VERIFIER_INFORMATION_EX = _SYSTEM_VERIFIER_INFORMATION_EX; +pub type PSYSTEM_VERIFIER_INFORMATION_EX = *mut _SYSTEM_VERIFIER_INFORMATION_EX; +#[repr(C)] +pub struct _SYSTEM_SYSTEM_PARTITION_INFORMATION { + pub SystemPartition: UNICODE_STRING, +} +impl Default for _SYSTEM_SYSTEM_PARTITION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_SYSTEM_PARTITION_INFORMATION = _SYSTEM_SYSTEM_PARTITION_INFORMATION; +pub type PSYSTEM_SYSTEM_PARTITION_INFORMATION = *mut _SYSTEM_SYSTEM_PARTITION_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_SYSTEM_DISK_INFORMATION { + pub SystemDisk: UNICODE_STRING, +} +impl Default for _SYSTEM_SYSTEM_DISK_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_SYSTEM_DISK_INFORMATION = _SYSTEM_SYSTEM_DISK_INFORMATION; +pub type PSYSTEM_SYSTEM_DISK_INFORMATION = *mut _SYSTEM_SYSTEM_DISK_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_NUMA_PROXIMITY_MAP { + pub NodeProximityId: ULONG, + pub NodeNumber: USHORT, +} +pub type SYSTEM_NUMA_PROXIMITY_MAP = _SYSTEM_NUMA_PROXIMITY_MAP; +pub type PSYSTEM_NUMA_PROXIMITY_MAP = *mut _SYSTEM_NUMA_PROXIMITY_MAP; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT { + pub Hits: ULONGLONG, + pub PercentFrequency: UCHAR, +} +pub type SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT = _SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; +pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT = *mut _SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 { + pub Hits: ULONG, + pub PercentFrequency: UCHAR, +} +pub type SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 = _SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8; +pub type PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8 = + *mut _SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION { + pub ProcessorNumber: ULONG, + pub StateCount: ULONG, + pub States: [SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT; 1usize], +} +pub type SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION = + _SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION; +pub type PSYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION = + *mut _SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION { + pub ProcessorCount: ULONG, + pub Offsets: [ULONG; 1usize], +} +pub type SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION = _SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION; +pub type PSYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION = + *mut _SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_CODEINTEGRITY_INFORMATION { + pub Length: ULONG, + pub CodeIntegrityOptions: ULONG, +} +pub type SYSTEM_CODEINTEGRITY_INFORMATION = _SYSTEM_CODEINTEGRITY_INFORMATION; +pub type PSYSTEM_CODEINTEGRITY_INFORMATION = *mut _SYSTEM_CODEINTEGRITY_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION { + pub Operation: ULONG, +} +pub type SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION = + _SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION; +pub type PSYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION = + *mut _SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYSTEM_VA_TYPE { + SystemVaTypeAll = 0, + SystemVaTypeNonPagedPool = 1, + SystemVaTypePagedPool = 2, + SystemVaTypeSystemCache = 3, + SystemVaTypeSystemPtes = 4, + SystemVaTypeSessionSpace = 5, + SystemVaTypeMax = 6, +} +pub use self::_SYSTEM_VA_TYPE as SYSTEM_VA_TYPE; +pub type PSYSTEM_VA_TYPE = *mut _SYSTEM_VA_TYPE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_VA_LIST_INFORMATION { + pub VirtualSize: SIZE_T, + pub VirtualPeak: SIZE_T, + pub VirtualLimit: SIZE_T, + pub AllocationFailures: SIZE_T, +} +pub type SYSTEM_VA_LIST_INFORMATION = _SYSTEM_VA_LIST_INFORMATION; +pub type PSYSTEM_VA_LIST_INFORMATION = *mut _SYSTEM_VA_LIST_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _STORE_INFORMATION_CLASS { + StorePageRequest = 1, + StoreStatsRequest = 2, + StoreCreateRequest = 3, + StoreDeleteRequest = 4, + StoreListRequest = 5, + Available1 = 6, + StoreEmptyRequest = 7, + CacheListRequest = 8, + CacheCreateRequest = 9, + CacheDeleteRequest = 10, + CacheStoreCreateRequest = 11, + CacheStoreDeleteRequest = 12, + CacheStatsRequest = 13, + Available2 = 14, + RegistrationRequest = 15, + GlobalCacheStatsRequest = 16, + StoreResizeRequest = 17, + CacheStoreResizeRequest = 18, + SmConfigRequest = 19, + StoreHighMemoryPriorityRequest = 20, + SystemStoreTrimRequest = 21, + MemCompressionInfoRequest = 22, + ProcessStoreInfoRequest = 23, + StoreInformationMax = 24, +} +pub use self::_STORE_INFORMATION_CLASS as STORE_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_STORE_INFORMATION { + pub Version: ULONG, + pub StoreInformationClass: STORE_INFORMATION_CLASS, + pub Data: PVOID, + pub Length: ULONG, +} +impl Default for _SYSTEM_STORE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_STORE_INFORMATION = _SYSTEM_STORE_INFORMATION; +pub type PSYSTEM_STORE_INFORMATION = *mut _SYSTEM_STORE_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _ST_STATS_LEVEL { + StStatsLevelBasic = 0, + StStatsLevelIoStats = 1, + StStatsLevelRegionSpace = 2, + StStatsLevelSpaceBitmap = 3, + StStatsLevelMax = 4, +} +pub use self::_ST_STATS_LEVEL as ST_STATS_LEVEL; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SM_STATS_REQUEST { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub BufferSize: ULONG, + pub Buffer: PVOID, +} +impl Default for _SM_STATS_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SM_STATS_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn DetailLevel(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 8u8) as u32) } + } + #[inline] + pub fn set_DetailLevel(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 8u8, val as u64) + } + } + #[inline] + pub fn StoreId(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 16u8) as u32) } + } + #[inline] + pub fn set_StoreId(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 16u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Version: ULONG, + DetailLevel: ULONG, + StoreId: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 8u8, { + let DetailLevel: u32 = unsafe { ::core::mem::transmute(DetailLevel) }; + DetailLevel as u64 + }); + __bindgen_bitfield_unit.set(16usize, 16u8, { + let StoreId: u32 = unsafe { ::core::mem::transmute(StoreId) }; + StoreId as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SM_STATS_REQUEST = _SM_STATS_REQUEST; +pub type PSM_STATS_REQUEST = *mut _SM_STATS_REQUEST; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ST_DATA_MGR_STATS { + pub RegionCount: ULONG, + pub PagesStored: ULONG, + pub UniquePagesStored: ULONG, + pub LazyCleanupRegionCount: ULONG, + pub Space: [_ST_DATA_MGR_STATS__bindgen_ty_1; 8usize], +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ST_DATA_MGR_STATS__bindgen_ty_1 { + pub RegionsInUse: ULONG, + pub SpaceUsed: ULONG, +} +pub type ST_DATA_MGR_STATS = _ST_DATA_MGR_STATS; +pub type PST_DATA_MGR_STATS = *mut _ST_DATA_MGR_STATS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ST_IO_STATS_PERIOD { + pub PageCounts: [ULONG; 5usize], +} +pub type ST_IO_STATS_PERIOD = _ST_IO_STATS_PERIOD; +pub type PST_IO_STATS_PERIOD = *mut _ST_IO_STATS_PERIOD; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ST_IO_STATS { + pub PeriodCount: ULONG, + pub Periods: [ST_IO_STATS_PERIOD; 64usize], +} +impl Default for _ST_IO_STATS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ST_IO_STATS = _ST_IO_STATS; +pub type PST_IO_STATS = *mut _ST_IO_STATS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ST_READ_LATENCY_BUCKET { + pub LatencyUs: ULONG, + pub Count: ULONG, +} +pub type ST_READ_LATENCY_BUCKET = _ST_READ_LATENCY_BUCKET; +pub type PST_READ_LATENCY_BUCKET = *mut _ST_READ_LATENCY_BUCKET; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ST_READ_LATENCY_STATS { + pub Buckets: [ST_READ_LATENCY_BUCKET; 8usize], +} +pub type ST_READ_LATENCY_STATS = _ST_READ_LATENCY_STATS; +pub type PST_READ_LATENCY_STATS = *mut _ST_READ_LATENCY_STATS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ST_STATS_REGION_INFO { + pub SpaceUsed: USHORT, + pub Priority: UCHAR, + pub Spare: UCHAR, +} +pub type ST_STATS_REGION_INFO = _ST_STATS_REGION_INFO; +pub type PST_STATS_REGION_INFO = *mut _ST_STATS_REGION_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ST_STATS_SPACE_BITMAP { + pub CompressedBytes: SIZE_T, + pub BytesPerBit: ULONG, + pub StoreBitmap: [UCHAR; 1usize], +} +pub type ST_STATS_SPACE_BITMAP = _ST_STATS_SPACE_BITMAP; +pub type PST_STATS_SPACE_BITMAP = *mut _ST_STATS_SPACE_BITMAP; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ST_STATS { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub Size: ULONG, + pub CompressionFormat: USHORT, + pub Spare: USHORT, + pub Basic: _ST_STATS__bindgen_ty_1, + pub Io: _ST_STATS__bindgen_ty_2, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ST_STATS__bindgen_ty_1 { + pub RegionSize: ULONG, + pub RegionCount: ULONG, + pub RegionCountMax: ULONG, + pub Granularity: ULONG, + pub UserData: ST_DATA_MGR_STATS, + pub Metadata: ST_DATA_MGR_STATS, +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ST_STATS__bindgen_ty_2 { + pub IoStats: ST_IO_STATS, + pub ReadLatencyStats: ST_READ_LATENCY_STATS, +} +impl Default for _ST_STATS__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _ST_STATS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _ST_STATS { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Level(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 4u8) as u32) } + } + #[inline] + pub fn set_Level(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 4u8, val as u64) + } + } + #[inline] + pub fn StoreType(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 4u8) as u32) } + } + #[inline] + pub fn set_StoreType(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 4u8, val as u64) + } + } + #[inline] + pub fn NoDuplication(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 1u8) as u32) } + } + #[inline] + pub fn set_NoDuplication(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 1u8, val as u64) + } + } + #[inline] + pub fn NoCompression(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(17usize, 1u8) as u32) } + } + #[inline] + pub fn set_NoCompression(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(17usize, 1u8, val as u64) + } + } + #[inline] + pub fn EncryptionStrength(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(18usize, 12u8) as u32) } + } + #[inline] + pub fn set_EncryptionStrength(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(18usize, 12u8, val as u64) + } + } + #[inline] + pub fn VirtualRegions(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(30usize, 1u8) as u32) } + } + #[inline] + pub fn set_VirtualRegions(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(30usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare0(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(31usize, 1u8) as u32) } + } + #[inline] + pub fn set_Spare0(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(31usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Version: ULONG, + Level: ULONG, + StoreType: ULONG, + NoDuplication: ULONG, + NoCompression: ULONG, + EncryptionStrength: ULONG, + VirtualRegions: ULONG, + Spare0: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 4u8, { + let Level: u32 = unsafe { ::core::mem::transmute(Level) }; + Level as u64 + }); + __bindgen_bitfield_unit.set(12usize, 4u8, { + let StoreType: u32 = unsafe { ::core::mem::transmute(StoreType) }; + StoreType as u64 + }); + __bindgen_bitfield_unit.set(16usize, 1u8, { + let NoDuplication: u32 = unsafe { ::core::mem::transmute(NoDuplication) }; + NoDuplication as u64 + }); + __bindgen_bitfield_unit.set(17usize, 1u8, { + let NoCompression: u32 = unsafe { ::core::mem::transmute(NoCompression) }; + NoCompression as u64 + }); + __bindgen_bitfield_unit.set(18usize, 12u8, { + let EncryptionStrength: u32 = unsafe { ::core::mem::transmute(EncryptionStrength) }; + EncryptionStrength as u64 + }); + __bindgen_bitfield_unit.set(30usize, 1u8, { + let VirtualRegions: u32 = unsafe { ::core::mem::transmute(VirtualRegions) }; + VirtualRegions as u64 + }); + __bindgen_bitfield_unit.set(31usize, 1u8, { + let Spare0: u32 = unsafe { ::core::mem::transmute(Spare0) }; + Spare0 as u64 + }); + __bindgen_bitfield_unit + } +} +pub type ST_STATS = _ST_STATS; +pub type PST_STATS = *mut _ST_STATS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SM_STORE_TYPE { + StoreTypeInMemory = 0, + StoreTypeFile = 1, + StoreTypeMax = 2, +} +pub use self::_SM_STORE_TYPE as SM_STORE_TYPE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SM_STORE_BASIC_PARAMS { + pub __bindgen_anon_1: _SM_STORE_BASIC_PARAMS__bindgen_ty_1, + pub Granularity: ULONG, + pub RegionSize: ULONG, + pub RegionCountMax: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SM_STORE_BASIC_PARAMS__bindgen_ty_1 { + pub __bindgen_anon_1: _SM_STORE_BASIC_PARAMS__bindgen_ty_1__bindgen_ty_1, + pub StoreFlags: ULONG, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SM_STORE_BASIC_PARAMS__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SM_STORE_BASIC_PARAMS__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn StoreType(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_StoreType(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn NoDuplication(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_NoDuplication(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn FailNoCompression(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u32) } + } + #[inline] + pub fn set_FailNoCompression(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn NoCompression(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 1u8) as u32) } + } + #[inline] + pub fn set_NoCompression(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 1u8, val as u64) + } + } + #[inline] + pub fn NoEncryption(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(11usize, 1u8) as u32) } + } + #[inline] + pub fn set_NoEncryption(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(11usize, 1u8, val as u64) + } + } + #[inline] + pub fn NoEvictOnAdd(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 1u8) as u32) } + } + #[inline] + pub fn set_NoEvictOnAdd(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 1u8, val as u64) + } + } + #[inline] + pub fn PerformsFileIo(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(13usize, 1u8) as u32) } + } + #[inline] + pub fn set_PerformsFileIo(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(13usize, 1u8, val as u64) + } + } + #[inline] + pub fn VdlNotSet(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(14usize, 1u8) as u32) } + } + #[inline] + pub fn set_VdlNotSet(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(14usize, 1u8, val as u64) + } + } + #[inline] + pub fn UseIntermediateAddBuffer(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(15usize, 1u8) as u32) } + } + #[inline] + pub fn set_UseIntermediateAddBuffer(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(15usize, 1u8, val as u64) + } + } + #[inline] + pub fn CompressNoHuff(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 1u8) as u32) } + } + #[inline] + pub fn set_CompressNoHuff(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 1u8, val as u64) + } + } + #[inline] + pub fn LockActiveRegions(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(17usize, 1u8) as u32) } + } + #[inline] + pub fn set_LockActiveRegions(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(17usize, 1u8, val as u64) + } + } + #[inline] + pub fn VirtualRegions(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(18usize, 1u8) as u32) } + } + #[inline] + pub fn set_VirtualRegions(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(18usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(19usize, 13u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(19usize, 13u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + StoreType: ULONG, + NoDuplication: ULONG, + FailNoCompression: ULONG, + NoCompression: ULONG, + NoEncryption: ULONG, + NoEvictOnAdd: ULONG, + PerformsFileIo: ULONG, + VdlNotSet: ULONG, + UseIntermediateAddBuffer: ULONG, + CompressNoHuff: ULONG, + LockActiveRegions: ULONG, + VirtualRegions: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let StoreType: u32 = unsafe { ::core::mem::transmute(StoreType) }; + StoreType as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let NoDuplication: u32 = unsafe { ::core::mem::transmute(NoDuplication) }; + NoDuplication as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let FailNoCompression: u32 = unsafe { ::core::mem::transmute(FailNoCompression) }; + FailNoCompression as u64 + }); + __bindgen_bitfield_unit.set(10usize, 1u8, { + let NoCompression: u32 = unsafe { ::core::mem::transmute(NoCompression) }; + NoCompression as u64 + }); + __bindgen_bitfield_unit.set(11usize, 1u8, { + let NoEncryption: u32 = unsafe { ::core::mem::transmute(NoEncryption) }; + NoEncryption as u64 + }); + __bindgen_bitfield_unit.set(12usize, 1u8, { + let NoEvictOnAdd: u32 = unsafe { ::core::mem::transmute(NoEvictOnAdd) }; + NoEvictOnAdd as u64 + }); + __bindgen_bitfield_unit.set(13usize, 1u8, { + let PerformsFileIo: u32 = unsafe { ::core::mem::transmute(PerformsFileIo) }; + PerformsFileIo as u64 + }); + __bindgen_bitfield_unit.set(14usize, 1u8, { + let VdlNotSet: u32 = unsafe { ::core::mem::transmute(VdlNotSet) }; + VdlNotSet as u64 + }); + __bindgen_bitfield_unit.set(15usize, 1u8, { + let UseIntermediateAddBuffer: u32 = + unsafe { ::core::mem::transmute(UseIntermediateAddBuffer) }; + UseIntermediateAddBuffer as u64 + }); + __bindgen_bitfield_unit.set(16usize, 1u8, { + let CompressNoHuff: u32 = unsafe { ::core::mem::transmute(CompressNoHuff) }; + CompressNoHuff as u64 + }); + __bindgen_bitfield_unit.set(17usize, 1u8, { + let LockActiveRegions: u32 = unsafe { ::core::mem::transmute(LockActiveRegions) }; + LockActiveRegions as u64 + }); + __bindgen_bitfield_unit.set(18usize, 1u8, { + let VirtualRegions: u32 = unsafe { ::core::mem::transmute(VirtualRegions) }; + VirtualRegions as u64 + }); + __bindgen_bitfield_unit.set(19usize, 13u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SM_STORE_BASIC_PARAMS__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SM_STORE_BASIC_PARAMS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SM_STORE_BASIC_PARAMS = _SM_STORE_BASIC_PARAMS; +pub type PSM_STORE_BASIC_PARAMS = *mut _SM_STORE_BASIC_PARAMS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SMKM_REGION_EXTENT { + pub RegionCount: ULONG, + pub ByteOffset: SIZE_T, +} +pub type SMKM_REGION_EXTENT = _SMKM_REGION_EXTENT; +pub type PSMKM_REGION_EXTENT = *mut _SMKM_REGION_EXTENT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_OBJECT { + _unused: [u8; 0], +} +pub type PFILE_OBJECT = *mut _FILE_OBJECT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _DEVICE_OBJECT { + _unused: [u8; 0], +} +pub type PDEVICE_OBJECT = *mut _DEVICE_OBJECT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _IRP { + _unused: [u8; 0], +} +pub type PIRP = *mut _IRP; +pub type PRTL_BITMAP = *mut _RTL_BITMAP; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SMKM_FILE_INFO { + pub FileHandle: HANDLE, + pub FileObject: PFILE_OBJECT, + pub VolumeFileObject: PFILE_OBJECT, + pub VolumeDeviceObject: PDEVICE_OBJECT, + pub VolumePnpHandle: HANDLE, + pub UsageNotificationIrp: PIRP, + pub Extents: PSMKM_REGION_EXTENT, + pub ExtentCount: ULONG, +} +impl Default for _SMKM_FILE_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SMKM_FILE_INFO = _SMKM_FILE_INFO; +pub type PSMKM_FILE_INFO = *mut _SMKM_FILE_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SM_STORE_CACHE_BACKED_PARAMS { + pub SectorSize: ULONG, + pub EncryptionKey: PCHAR, + pub EncryptionKeySize: ULONG, + pub FileInfo: PSMKM_FILE_INFO, + pub EtaContext: PVOID, + pub StoreRegionBitmap: PRTL_BITMAP, +} +impl Default for _SM_STORE_CACHE_BACKED_PARAMS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SM_STORE_CACHE_BACKED_PARAMS = _SM_STORE_CACHE_BACKED_PARAMS; +pub type PSM_STORE_CACHE_BACKED_PARAMS = *mut _SM_STORE_CACHE_BACKED_PARAMS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SM_STORE_PARAMETERS { + pub Store: SM_STORE_BASIC_PARAMS, + pub Priority: ULONG, + pub Flags: ULONG, + pub CacheBacked: SM_STORE_CACHE_BACKED_PARAMS, +} +impl Default for _SM_STORE_PARAMETERS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SM_STORE_PARAMETERS = _SM_STORE_PARAMETERS; +pub type PSM_STORE_PARAMETERS = *mut _SM_STORE_PARAMETERS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SM_CREATE_REQUEST { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub Params: SM_STORE_PARAMETERS, + pub StoreId: ULONG, +} +impl Default for _SM_CREATE_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SM_CREATE_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn AcquireReference(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_AcquireReference(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn KeyedStore(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u32) } + } + #[inline] + pub fn set_KeyedStore(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 22u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 22u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Version: ULONG, + AcquireReference: ULONG, + KeyedStore: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let AcquireReference: u32 = unsafe { ::core::mem::transmute(AcquireReference) }; + AcquireReference as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let KeyedStore: u32 = unsafe { ::core::mem::transmute(KeyedStore) }; + KeyedStore as u64 + }); + __bindgen_bitfield_unit.set(10usize, 22u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SM_CREATE_REQUEST = _SM_CREATE_REQUEST; +pub type PSM_CREATE_REQUEST = *mut _SM_CREATE_REQUEST; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SM_DELETE_REQUEST { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub StoreId: ULONG, +} +impl _SM_DELETE_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 24u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 24u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Version: ULONG, Spare: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 24u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SM_DELETE_REQUEST = _SM_DELETE_REQUEST; +pub type PSM_DELETE_REQUEST = *mut _SM_DELETE_REQUEST; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SM_STORE_LIST_REQUEST { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub StoreId: [ULONG; 32usize], +} +impl _SM_STORE_LIST_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn StoreCount(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 8u8) as u32) } + } + #[inline] + pub fn set_StoreCount(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 8u8, val as u64) + } + } + #[inline] + pub fn ExtendedRequest(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 1u8) as u32) } + } + #[inline] + pub fn set_ExtendedRequest(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(17usize, 15u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(17usize, 15u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Version: ULONG, + StoreCount: ULONG, + ExtendedRequest: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 8u8, { + let StoreCount: u32 = unsafe { ::core::mem::transmute(StoreCount) }; + StoreCount as u64 + }); + __bindgen_bitfield_unit.set(16usize, 1u8, { + let ExtendedRequest: u32 = unsafe { ::core::mem::transmute(ExtendedRequest) }; + ExtendedRequest as u64 + }); + __bindgen_bitfield_unit.set(17usize, 15u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SM_STORE_LIST_REQUEST = _SM_STORE_LIST_REQUEST; +pub type PSM_STORE_LIST_REQUEST = *mut _SM_STORE_LIST_REQUEST; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SM_STORE_LIST_REQUEST_EX { + pub Request: SM_STORE_LIST_REQUEST, + pub NameBuffer: [[WCHAR; 64usize]; 32usize], +} +impl Default for _SM_STORE_LIST_REQUEST_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SM_STORE_LIST_REQUEST_EX = _SM_STORE_LIST_REQUEST_EX; +pub type PSM_STORE_LIST_REQUEST_EX = *mut _SM_STORE_LIST_REQUEST_EX; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SMC_CACHE_LIST_REQUEST { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub CacheId: [ULONG; 16usize], +} +impl _SMC_CACHE_LIST_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn CacheCount(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 8u8) as u32) } + } + #[inline] + pub fn set_CacheCount(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 8u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 16u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 16u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Version: ULONG, + CacheCount: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 8u8, { + let CacheCount: u32 = unsafe { ::core::mem::transmute(CacheCount) }; + CacheCount as u64 + }); + __bindgen_bitfield_unit.set(16usize, 16u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SMC_CACHE_LIST_REQUEST = _SMC_CACHE_LIST_REQUEST; +pub type PSMC_CACHE_LIST_REQUEST = *mut _SMC_CACHE_LIST_REQUEST; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SMC_CACHE_PARAMETERS { + pub CacheFileSize: SIZE_T, + pub StoreAlignment: ULONG, + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub CacheFlags: ULONG, + pub Priority: ULONG, +} +impl _SMC_CACHE_PARAMETERS { + #[inline] + pub fn PerformsFileIo(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_PerformsFileIo(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn VdlNotSet(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_VdlNotSet(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 30u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 30u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + PerformsFileIo: ULONG, + VdlNotSet: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let PerformsFileIo: u32 = unsafe { ::core::mem::transmute(PerformsFileIo) }; + PerformsFileIo as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let VdlNotSet: u32 = unsafe { ::core::mem::transmute(VdlNotSet) }; + VdlNotSet as u64 + }); + __bindgen_bitfield_unit.set(2usize, 30u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SMC_CACHE_PARAMETERS = _SMC_CACHE_PARAMETERS; +pub type PSMC_CACHE_PARAMETERS = *mut _SMC_CACHE_PARAMETERS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SMC_CACHE_CREATE_PARAMETERS { + pub CacheParameters: SMC_CACHE_PARAMETERS, + pub TemplateFilePath: [WCHAR; 512usize], +} +impl Default for _SMC_CACHE_CREATE_PARAMETERS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SMC_CACHE_CREATE_PARAMETERS = _SMC_CACHE_CREATE_PARAMETERS; +pub type PSMC_CACHE_CREATE_PARAMETERS = *mut _SMC_CACHE_CREATE_PARAMETERS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SMC_CACHE_CREATE_REQUEST { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub CacheId: ULONG, + pub CacheCreateParams: SMC_CACHE_CREATE_PARAMETERS, +} +impl Default for _SMC_CACHE_CREATE_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SMC_CACHE_CREATE_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 24u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 24u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Version: ULONG, Spare: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 24u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SMC_CACHE_CREATE_REQUEST = _SMC_CACHE_CREATE_REQUEST; +pub type PSMC_CACHE_CREATE_REQUEST = *mut _SMC_CACHE_CREATE_REQUEST; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SMC_CACHE_DELETE_REQUEST { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub CacheId: ULONG, +} +impl _SMC_CACHE_DELETE_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 24u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 24u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Version: ULONG, Spare: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 24u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SMC_CACHE_DELETE_REQUEST = _SMC_CACHE_DELETE_REQUEST; +pub type PSMC_CACHE_DELETE_REQUEST = *mut _SMC_CACHE_DELETE_REQUEST; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SM_STORE_MANAGER_TYPE { + SmStoreManagerTypePhysical = 0, + SmStoreManagerTypeVirtual = 1, + SmStoreManagerTypeMax = 2, +} +pub use self::_SM_STORE_MANAGER_TYPE as SM_STORE_MANAGER_TYPE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SMC_STORE_CREATE_REQUEST { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub StoreParams: SM_STORE_BASIC_PARAMS, + pub CacheId: ULONG, + pub StoreManagerType: SM_STORE_MANAGER_TYPE, + pub StoreId: ULONG, +} +impl Default for _SMC_STORE_CREATE_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SMC_STORE_CREATE_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 24u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 24u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Version: ULONG, Spare: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 24u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SMC_STORE_CREATE_REQUEST = _SMC_STORE_CREATE_REQUEST; +pub type PSMC_STORE_CREATE_REQUEST = *mut _SMC_STORE_CREATE_REQUEST; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SMC_STORE_DELETE_REQUEST { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub CacheId: ULONG, + pub StoreManagerType: SM_STORE_MANAGER_TYPE, + pub StoreId: ULONG, +} +impl Default for _SMC_STORE_DELETE_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SMC_STORE_DELETE_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 24u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 24u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Version: ULONG, Spare: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 24u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SMC_STORE_DELETE_REQUEST = _SMC_STORE_DELETE_REQUEST; +pub type PSMC_STORE_DELETE_REQUEST = *mut _SMC_STORE_DELETE_REQUEST; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SMC_CACHE_STATS { + pub TotalFileSize: SIZE_T, + pub StoreCount: ULONG, + pub RegionCount: ULONG, + pub RegionSizeBytes: ULONG, + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub StoreIds: [ULONG; 16usize], + pub PhysicalStoreBitmap: ULONG, + pub Priority: ULONG, + pub TemplateFilePath: [WCHAR; 512usize], +} +impl Default for _SMC_CACHE_STATS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SMC_CACHE_STATS { + #[inline] + pub fn FileCount(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 6u8) as u32) } + } + #[inline] + pub fn set_FileCount(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 6u8, val as u64) + } + } + #[inline] + pub fn PerformsFileIo(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_PerformsFileIo(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 25u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 25u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + FileCount: ULONG, + PerformsFileIo: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 6u8, { + let FileCount: u32 = unsafe { ::core::mem::transmute(FileCount) }; + FileCount as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let PerformsFileIo: u32 = unsafe { ::core::mem::transmute(PerformsFileIo) }; + PerformsFileIo as u64 + }); + __bindgen_bitfield_unit.set(7usize, 25u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SMC_CACHE_STATS = _SMC_CACHE_STATS; +pub type PSMC_CACHE_STATS = *mut _SMC_CACHE_STATS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SMC_CACHE_STATS_REQUEST { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub CacheId: ULONG, + pub CacheStats: SMC_CACHE_STATS, +} +impl Default for _SMC_CACHE_STATS_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SMC_CACHE_STATS_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn NoFilePath(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_NoFilePath(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 23u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 23u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Version: ULONG, + NoFilePath: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let NoFilePath: u32 = unsafe { ::core::mem::transmute(NoFilePath) }; + NoFilePath as u64 + }); + __bindgen_bitfield_unit.set(9usize, 23u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SMC_CACHE_STATS_REQUEST = _SMC_CACHE_STATS_REQUEST; +pub type PSMC_CACHE_STATS_REQUEST = *mut _SMC_CACHE_STATS_REQUEST; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SM_REGISTRATION_INFO { + pub CachesUpdatedEvent: HANDLE, +} +impl Default for _SM_REGISTRATION_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SM_REGISTRATION_INFO = _SM_REGISTRATION_INFO; +pub type PSM_REGISTRATION_INFO = *mut _SM_REGISTRATION_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SM_REGISTRATION_REQUEST { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub RegInfo: SM_REGISTRATION_INFO, +} +impl Default for _SM_REGISTRATION_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SM_REGISTRATION_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 24u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 24u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Version: ULONG, Spare: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 24u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SM_REGISTRATION_REQUEST = _SM_REGISTRATION_REQUEST; +pub type PSM_REGISTRATION_REQUEST = *mut _SM_REGISTRATION_REQUEST; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SM_STORE_RESIZE_REQUEST { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub StoreId: ULONG, + pub NumberOfRegions: ULONG, + pub RegionBitmap: PRTL_BITMAP, +} +impl Default for _SM_STORE_RESIZE_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SM_STORE_RESIZE_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn AddRegions(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_AddRegions(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 23u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 23u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Version: ULONG, + AddRegions: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let AddRegions: u32 = unsafe { ::core::mem::transmute(AddRegions) }; + AddRegions as u64 + }); + __bindgen_bitfield_unit.set(9usize, 23u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SM_STORE_RESIZE_REQUEST = _SM_STORE_RESIZE_REQUEST; +pub type PSM_STORE_RESIZE_REQUEST = *mut _SM_STORE_RESIZE_REQUEST; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SMC_STORE_RESIZE_REQUEST { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub CacheId: ULONG, + pub StoreId: ULONG, + pub StoreManagerType: SM_STORE_MANAGER_TYPE, + pub RegionCount: ULONG, +} +impl Default for _SMC_STORE_RESIZE_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SMC_STORE_RESIZE_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn AddRegions(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_AddRegions(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 23u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 23u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Version: ULONG, + AddRegions: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let AddRegions: u32 = unsafe { ::core::mem::transmute(AddRegions) }; + AddRegions as u64 + }); + __bindgen_bitfield_unit.set(9usize, 23u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SMC_STORE_RESIZE_REQUEST = _SMC_STORE_RESIZE_REQUEST; +pub type PSMC_STORE_RESIZE_REQUEST = *mut _SMC_STORE_RESIZE_REQUEST; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SM_CONFIG_TYPE { + SmConfigDirtyPageCompression = 0, + SmConfigAsyncInswap = 1, + SmConfigPrefetchSeekThreshold = 2, + SmConfigTypeMax = 3, +} +pub use self::_SM_CONFIG_TYPE as SM_CONFIG_TYPE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SM_CONFIG_REQUEST { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub ConfigValue: ULONG, +} +impl _SM_CONFIG_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 16u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 16u8, val as u64) + } + } + #[inline] + pub fn ConfigType(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(24usize, 8u8) as u32) } + } + #[inline] + pub fn set_ConfigType(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(24usize, 8u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Version: ULONG, + Spare: ULONG, + ConfigType: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 16u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit.set(24usize, 8u8, { + let ConfigType: u32 = unsafe { ::core::mem::transmute(ConfigType) }; + ConfigType as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SM_CONFIG_REQUEST = _SM_CONFIG_REQUEST; +pub type PSM_CONFIG_REQUEST = *mut _SM_CONFIG_REQUEST; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SM_STORE_HIGH_MEM_PRIORITY_REQUEST { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub ProcessHandle: HANDLE, +} +impl Default for _SM_STORE_HIGH_MEM_PRIORITY_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SM_STORE_HIGH_MEM_PRIORITY_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn SetHighMemoryPriority(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_SetHighMemoryPriority(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 23u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 23u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Version: ULONG, + SetHighMemoryPriority: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let SetHighMemoryPriority: u32 = unsafe { ::core::mem::transmute(SetHighMemoryPriority) }; + SetHighMemoryPriority as u64 + }); + __bindgen_bitfield_unit.set(9usize, 23u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SM_STORE_HIGH_MEM_PRIORITY_REQUEST = _SM_STORE_HIGH_MEM_PRIORITY_REQUEST; +pub type PSM_STORE_HIGH_MEM_PRIORITY_REQUEST = *mut _SM_STORE_HIGH_MEM_PRIORITY_REQUEST; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SM_SYSTEM_STORE_TRIM_REQUEST { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub PagesToTrim: SIZE_T, +} +impl _SM_SYSTEM_STORE_TRIM_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 24u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 24u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Version: ULONG, Spare: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 24u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SM_SYSTEM_STORE_TRIM_REQUEST = _SM_SYSTEM_STORE_TRIM_REQUEST; +pub type PSM_SYSTEM_STORE_TRIM_REQUEST = *mut _SM_SYSTEM_STORE_TRIM_REQUEST; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SM_MEM_COMPRESSION_INFO_REQUEST { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub CompressionPid: ULONG, + pub WorkingSetSize: ULONG, + pub TotalDataCompressed: SIZE_T, + pub TotalCompressedSize: SIZE_T, + pub TotalUniqueDataCompressed: SIZE_T, +} +impl _SM_MEM_COMPRESSION_INFO_REQUEST { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 24u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 24u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Version: ULONG, Spare: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 24u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SM_MEM_COMPRESSION_INFO_REQUEST = _SM_MEM_COMPRESSION_INFO_REQUEST; +pub type PSM_MEM_COMPRESSION_INFO_REQUEST = *mut _SM_MEM_COMPRESSION_INFO_REQUEST; +#[repr(C)] +pub struct _SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS { + pub KeyHandle: HANDLE, + pub ValueNamePointer: PUNICODE_STRING, + pub RequiredLengthPointer: PULONG, + pub Buffer: PUCHAR, + pub BufferLength: ULONG, + pub Type: ULONG, + pub AppendBuffer: PUCHAR, + pub AppendBufferLength: ULONG, + pub CreateIfDoesntExist: BOOLEAN, + pub TruncateExistingValue: BOOLEAN, +} +impl Default for _SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS = _SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS; +pub type PSYSTEM_REGISTRY_APPEND_STRING_PARAMETERS = *mut _SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS; +#[repr(C)] +pub struct _SYSTEM_VHD_BOOT_INFORMATION { + pub OsDiskIsVhd: BOOLEAN, + pub OsVhdFilePathOffset: ULONG, + pub OsVhdParentVolume: [WCHAR; 1usize], +} +impl Default for _SYSTEM_VHD_BOOT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_VHD_BOOT_INFORMATION = _SYSTEM_VHD_BOOT_INFORMATION; +pub type PSYSTEM_VHD_BOOT_INFORMATION = *mut _SYSTEM_VHD_BOOT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PS_CPU_QUOTA_QUERY_ENTRY { + pub SessionId: ULONG, + pub Weight: ULONG, +} +pub type PS_CPU_QUOTA_QUERY_ENTRY = _PS_CPU_QUOTA_QUERY_ENTRY; +pub type PPS_CPU_QUOTA_QUERY_ENTRY = *mut _PS_CPU_QUOTA_QUERY_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PS_CPU_QUOTA_QUERY_INFORMATION { + pub SessionCount: ULONG, + pub SessionInformation: [PS_CPU_QUOTA_QUERY_ENTRY; 1usize], +} +pub type PS_CPU_QUOTA_QUERY_INFORMATION = _PS_CPU_QUOTA_QUERY_INFORMATION; +pub type PPS_CPU_QUOTA_QUERY_INFORMATION = *mut _PS_CPU_QUOTA_QUERY_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_ERROR_PORT_TIMEOUTS { + pub StartTimeout: ULONG, + pub CommTimeout: ULONG, +} +pub type SYSTEM_ERROR_PORT_TIMEOUTS = _SYSTEM_ERROR_PORT_TIMEOUTS; +pub type PSYSTEM_ERROR_PORT_TIMEOUTS = *mut _SYSTEM_ERROR_PORT_TIMEOUTS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_LOW_PRIORITY_IO_INFORMATION { + pub LowPriReadOperations: ULONG, + pub LowPriWriteOperations: ULONG, + pub KernelBumpedToNormalOperations: ULONG, + pub LowPriPagingReadOperations: ULONG, + pub KernelPagingReadsBumpedToNormal: ULONG, + pub LowPriPagingWriteOperations: ULONG, + pub KernelPagingWritesBumpedToNormal: ULONG, + pub BoostedIrpCount: ULONG, + pub BoostedPagingIrpCount: ULONG, + pub BlanketBoostCount: ULONG, +} +pub type SYSTEM_LOW_PRIORITY_IO_INFORMATION = _SYSTEM_LOW_PRIORITY_IO_INFORMATION; +pub type PSYSTEM_LOW_PRIORITY_IO_INFORMATION = *mut _SYSTEM_LOW_PRIORITY_IO_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _TPM_BOOT_ENTROPY_RESULT_CODE { + TpmBootEntropyStructureUninitialized = 0, + TpmBootEntropyDisabledByPolicy = 1, + TpmBootEntropyNoTpmFound = 2, + TpmBootEntropyTpmError = 3, + TpmBootEntropySuccess = 4, +} +pub use self::_TPM_BOOT_ENTROPY_RESULT_CODE as TPM_BOOT_ENTROPY_RESULT_CODE; +#[repr(C)] +pub struct _TPM_BOOT_ENTROPY_NT_RESULT { + pub Policy: ULONGLONG, + pub ResultCode: TPM_BOOT_ENTROPY_RESULT_CODE, + pub ResultStatus: NTSTATUS, + pub Time: ULONGLONG, + pub EntropyLength: ULONG, + pub EntropyData: [UCHAR; 40usize], +} +impl Default for _TPM_BOOT_ENTROPY_NT_RESULT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TPM_BOOT_ENTROPY_NT_RESULT = _TPM_BOOT_ENTROPY_NT_RESULT; +pub type PTPM_BOOT_ENTROPY_NT_RESULT = *mut _TPM_BOOT_ENTROPY_NT_RESULT; +#[repr(C)] +pub struct _SYSTEM_VERIFIER_COUNTERS_INFORMATION { + pub Legacy: SYSTEM_VERIFIER_INFORMATION, + pub RaiseIrqls: ULONG, + pub AcquireSpinLocks: ULONG, + pub SynchronizeExecutions: ULONG, + pub AllocationsWithNoTag: ULONG, + pub AllocationsFailed: ULONG, + pub AllocationsFailedDeliberately: ULONG, + pub LockedBytes: SIZE_T, + pub PeakLockedBytes: SIZE_T, + pub MappedLockedBytes: SIZE_T, + pub PeakMappedLockedBytes: SIZE_T, + pub MappedIoSpaceBytes: SIZE_T, + pub PeakMappedIoSpaceBytes: SIZE_T, + pub PagesForMdlBytes: SIZE_T, + pub PeakPagesForMdlBytes: SIZE_T, + pub ContiguousMemoryBytes: SIZE_T, + pub PeakContiguousMemoryBytes: SIZE_T, + pub ExecutePoolTypes: ULONG, + pub ExecutePageProtections: ULONG, + pub ExecutePageMappings: ULONG, + pub ExecuteWriteSections: ULONG, + pub SectionAlignmentFailures: ULONG, + pub UnsupportedRelocs: ULONG, + pub IATInExecutableSection: ULONG, +} +impl Default for _SYSTEM_VERIFIER_COUNTERS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_VERIFIER_COUNTERS_INFORMATION = _SYSTEM_VERIFIER_COUNTERS_INFORMATION; +pub type PSYSTEM_VERIFIER_COUNTERS_INFORMATION = *mut _SYSTEM_VERIFIER_COUNTERS_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_ACPI_AUDIT_INFORMATION { + pub RsdpCount: ULONG, + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, + pub __bindgen_padding_0: [u8; 3usize], +} +impl _SYSTEM_ACPI_AUDIT_INFORMATION { + #[inline] + pub fn SameRsdt(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_SameRsdt(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn SlicPresent(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_SlicPresent(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn SlicDifferent(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_SlicDifferent(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + SameRsdt: ULONG, + SlicPresent: ULONG, + SlicDifferent: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let SameRsdt: u32 = unsafe { ::core::mem::transmute(SameRsdt) }; + SameRsdt as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let SlicPresent: u32 = unsafe { ::core::mem::transmute(SlicPresent) }; + SlicPresent as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let SlicDifferent: u32 = unsafe { ::core::mem::transmute(SlicDifferent) }; + SlicDifferent as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SYSTEM_ACPI_AUDIT_INFORMATION = _SYSTEM_ACPI_AUDIT_INFORMATION; +pub type PSYSTEM_ACPI_AUDIT_INFORMATION = *mut _SYSTEM_ACPI_AUDIT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_BASIC_PERFORMANCE_INFORMATION { + pub AvailablePages: SIZE_T, + pub CommittedPages: SIZE_T, + pub CommitLimit: SIZE_T, + pub PeakCommitment: SIZE_T, +} +pub type SYSTEM_BASIC_PERFORMANCE_INFORMATION = _SYSTEM_BASIC_PERFORMANCE_INFORMATION; +pub type PSYSTEM_BASIC_PERFORMANCE_INFORMATION = *mut _SYSTEM_BASIC_PERFORMANCE_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _QUERY_PERFORMANCE_COUNTER_FLAGS { + pub __bindgen_anon_1: _QUERY_PERFORMANCE_COUNTER_FLAGS__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _QUERY_PERFORMANCE_COUNTER_FLAGS__bindgen_ty_1 { + pub __bindgen_anon_1: _QUERY_PERFORMANCE_COUNTER_FLAGS__bindgen_ty_1__bindgen_ty_1, + pub ul: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _QUERY_PERFORMANCE_COUNTER_FLAGS__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _QUERY_PERFORMANCE_COUNTER_FLAGS__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn KernelTransition(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_KernelTransition(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + KernelTransition: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let KernelTransition: u32 = unsafe { ::core::mem::transmute(KernelTransition) }; + KernelTransition as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _QUERY_PERFORMANCE_COUNTER_FLAGS__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _QUERY_PERFORMANCE_COUNTER_FLAGS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type QUERY_PERFORMANCE_COUNTER_FLAGS = _QUERY_PERFORMANCE_COUNTER_FLAGS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION { + pub Version: ULONG, + pub Flags: QUERY_PERFORMANCE_COUNTER_FLAGS, + pub ValidFlags: QUERY_PERFORMANCE_COUNTER_FLAGS, +} +impl Default for _SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION = + _SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION; +pub type PSYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION = + *mut _SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYSTEM_PIXEL_FORMAT { + SystemPixelFormatUnknown = 0, + SystemPixelFormatR8G8B8 = 1, + SystemPixelFormatR8G8B8X8 = 2, + SystemPixelFormatB8G8R8 = 3, + SystemPixelFormatB8G8R8X8 = 4, +} +pub use self::_SYSTEM_PIXEL_FORMAT as SYSTEM_PIXEL_FORMAT; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_BOOT_GRAPHICS_INFORMATION { + pub FrameBuffer: LARGE_INTEGER, + pub Width: ULONG, + pub Height: ULONG, + pub PixelStride: ULONG, + pub Flags: ULONG, + pub Format: SYSTEM_PIXEL_FORMAT, + pub DisplayRotation: ULONG, +} +impl Default for _SYSTEM_BOOT_GRAPHICS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_BOOT_GRAPHICS_INFORMATION = _SYSTEM_BOOT_GRAPHICS_INFORMATION; +pub type PSYSTEM_BOOT_GRAPHICS_INFORMATION = *mut _SYSTEM_BOOT_GRAPHICS_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _MEMORY_SCRUB_INFORMATION { + pub Handle: HANDLE, + pub PagesScrubbed: ULONG, +} +impl Default for _MEMORY_SCRUB_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_SCRUB_INFORMATION = _MEMORY_SCRUB_INFORMATION; +pub type PMEMORY_SCRUB_INFORMATION = *mut _MEMORY_SCRUB_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PEBS_DS_SAVE_AREA32 { + pub BtsBufferBase: ULONG, + pub BtsIndex: ULONG, + pub BtsAbsoluteMaximum: ULONG, + pub BtsInterruptThreshold: ULONG, + pub PebsBufferBase: ULONG, + pub PebsIndex: ULONG, + pub PebsAbsoluteMaximum: ULONG, + pub PebsInterruptThreshold: ULONG, + pub PebsGpCounterReset: [ULONG; 8usize], + pub PebsFixedCounterReset: [ULONG; 4usize], +} +pub type PEBS_DS_SAVE_AREA32 = _PEBS_DS_SAVE_AREA32; +pub type PPEBS_DS_SAVE_AREA32 = *mut _PEBS_DS_SAVE_AREA32; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PEBS_DS_SAVE_AREA64 { + pub BtsBufferBase: ULONGLONG, + pub BtsIndex: ULONGLONG, + pub BtsAbsoluteMaximum: ULONGLONG, + pub BtsInterruptThreshold: ULONGLONG, + pub PebsBufferBase: ULONGLONG, + pub PebsIndex: ULONGLONG, + pub PebsAbsoluteMaximum: ULONGLONG, + pub PebsInterruptThreshold: ULONGLONG, + pub PebsGpCounterReset: [ULONGLONG; 8usize], + pub PebsFixedCounterReset: [ULONGLONG; 4usize], +} +pub type PEBS_DS_SAVE_AREA64 = _PEBS_DS_SAVE_AREA64; +pub type PPEBS_DS_SAVE_AREA64 = *mut _PEBS_DS_SAVE_AREA64; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PEBS_DS_SAVE_AREA { + pub As32Bit: PEBS_DS_SAVE_AREA32, + pub As64Bit: PEBS_DS_SAVE_AREA64, +} +impl Default for _PEBS_DS_SAVE_AREA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PEBS_DS_SAVE_AREA = _PEBS_DS_SAVE_AREA; +pub type PPEBS_DS_SAVE_AREA = *mut _PEBS_DS_SAVE_AREA; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESSOR_PROFILE_CONTROL_AREA { + pub PebsDsSaveArea: PEBS_DS_SAVE_AREA, +} +impl Default for _PROCESSOR_PROFILE_CONTROL_AREA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESSOR_PROFILE_CONTROL_AREA = _PROCESSOR_PROFILE_CONTROL_AREA; +pub type PPROCESSOR_PROFILE_CONTROL_AREA = *mut _PROCESSOR_PROFILE_CONTROL_AREA; +#[repr(C)] +pub struct _SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA { + pub ProcessorProfileControlArea: PROCESSOR_PROFILE_CONTROL_AREA, + pub Allocate: BOOLEAN, +} +impl Default for _SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA = _SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA; +pub type PSYSTEM_PROCESSOR_PROFILE_CONTROL_AREA = *mut _SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _MEMORY_COMBINE_INFORMATION { + pub Handle: HANDLE, + pub PagesCombined: ULONG_PTR, +} +impl Default for _MEMORY_COMBINE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_COMBINE_INFORMATION = _MEMORY_COMBINE_INFORMATION; +pub type PMEMORY_COMBINE_INFORMATION = *mut _MEMORY_COMBINE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _MEMORY_COMBINE_INFORMATION_EX { + pub Handle: HANDLE, + pub PagesCombined: ULONG_PTR, + pub Flags: ULONG, +} +impl Default for _MEMORY_COMBINE_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_COMBINE_INFORMATION_EX = _MEMORY_COMBINE_INFORMATION_EX; +pub type PMEMORY_COMBINE_INFORMATION_EX = *mut _MEMORY_COMBINE_INFORMATION_EX; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _MEMORY_COMBINE_INFORMATION_EX2 { + pub Handle: HANDLE, + pub PagesCombined: ULONG_PTR, + pub Flags: ULONG, + pub ProcessHandle: HANDLE, +} +impl Default for _MEMORY_COMBINE_INFORMATION_EX2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_COMBINE_INFORMATION_EX2 = _MEMORY_COMBINE_INFORMATION_EX2; +pub type PMEMORY_COMBINE_INFORMATION_EX2 = *mut _MEMORY_COMBINE_INFORMATION_EX2; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_ENTROPY_TIMING_INFORMATION { + pub EntropyRoutine: ::core::option::Option, + pub InitializationRoutine: + ::core::option::Option, + pub InitializationContext: PVOID, +} +impl Default for _SYSTEM_ENTROPY_TIMING_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_ENTROPY_TIMING_INFORMATION = _SYSTEM_ENTROPY_TIMING_INFORMATION; +pub type PSYSTEM_ENTROPY_TIMING_INFORMATION = *mut _SYSTEM_ENTROPY_TIMING_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_CONSOLE_INFORMATION { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SYSTEM_CONSOLE_INFORMATION { + #[inline] + pub fn DriverLoaded(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_DriverLoaded(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(DriverLoaded: ULONG, Spare: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let DriverLoaded: u32 = unsafe { ::core::mem::transmute(DriverLoaded) }; + DriverLoaded as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SYSTEM_CONSOLE_INFORMATION = _SYSTEM_CONSOLE_INFORMATION; +pub type PSYSTEM_CONSOLE_INFORMATION = *mut _SYSTEM_CONSOLE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_PLATFORM_BINARY_INFORMATION { + pub PhysicalAddress: ULONG64, + pub HandoffBuffer: PVOID, + pub CommandLineBuffer: PVOID, + pub HandoffBufferSize: ULONG, + pub CommandLineBufferSize: ULONG, +} +impl Default for _SYSTEM_PLATFORM_BINARY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_PLATFORM_BINARY_INFORMATION = _SYSTEM_PLATFORM_BINARY_INFORMATION; +pub type PSYSTEM_PLATFORM_BINARY_INFORMATION = *mut _SYSTEM_PLATFORM_BINARY_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_POLICY_INFORMATION { + pub InputData: PVOID, + pub OutputData: PVOID, + pub InputDataSize: ULONG, + pub OutputDataSize: ULONG, + pub Version: ULONG, +} +impl Default for _SYSTEM_POLICY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_POLICY_INFORMATION = _SYSTEM_POLICY_INFORMATION; +pub type PSYSTEM_POLICY_INFORMATION = *mut _SYSTEM_POLICY_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION { + pub NumberOfLogicalProcessors: ULONG, + pub NumberOfCores: ULONG, +} +pub type SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION = + _SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION; +pub type PSYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION = + *mut _SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_DEVICE_DATA_INFORMATION { + pub DeviceId: UNICODE_STRING, + pub DataName: UNICODE_STRING, + pub DataType: ULONG, + pub DataBufferLength: ULONG, + pub DataBuffer: PVOID, +} +impl Default for _SYSTEM_DEVICE_DATA_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_DEVICE_DATA_INFORMATION = _SYSTEM_DEVICE_DATA_INFORMATION; +pub type PSYSTEM_DEVICE_DATA_INFORMATION = *mut _SYSTEM_DEVICE_DATA_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PHYSICAL_CHANNEL_RUN { + pub NodeNumber: ULONG, + pub ChannelNumber: ULONG, + pub BasePage: ULONGLONG, + pub PageCount: ULONGLONG, + pub Flags: ULONG, +} +pub type PHYSICAL_CHANNEL_RUN = _PHYSICAL_CHANNEL_RUN; +pub type PPHYSICAL_CHANNEL_RUN = *mut _PHYSICAL_CHANNEL_RUN; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_MEMORY_TOPOLOGY_INFORMATION { + pub NumberOfRuns: ULONGLONG, + pub NumberOfNodes: ULONG, + pub NumberOfChannels: ULONG, + pub Run: [PHYSICAL_CHANNEL_RUN; 1usize], +} +pub type SYSTEM_MEMORY_TOPOLOGY_INFORMATION = _SYSTEM_MEMORY_TOPOLOGY_INFORMATION; +pub type PSYSTEM_MEMORY_TOPOLOGY_INFORMATION = *mut _SYSTEM_MEMORY_TOPOLOGY_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_MEMORY_CHANNEL_INFORMATION { + pub ChannelNumber: ULONG, + pub ChannelHeatIndex: ULONG, + pub TotalPageCount: ULONGLONG, + pub ZeroPageCount: ULONGLONG, + pub FreePageCount: ULONGLONG, + pub StandbyPageCount: ULONGLONG, +} +pub type SYSTEM_MEMORY_CHANNEL_INFORMATION = _SYSTEM_MEMORY_CHANNEL_INFORMATION; +pub type PSYSTEM_MEMORY_CHANNEL_INFORMATION = *mut _SYSTEM_MEMORY_CHANNEL_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_BOOT_LOGO_INFORMATION { + pub Flags: ULONG, + pub BitmapOffset: ULONG, +} +pub type SYSTEM_BOOT_LOGO_INFORMATION = _SYSTEM_BOOT_LOGO_INFORMATION; +pub type PSYSTEM_BOOT_LOGO_INFORMATION = *mut _SYSTEM_BOOT_LOGO_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX { + pub IdleTime: LARGE_INTEGER, + pub KernelTime: LARGE_INTEGER, + pub UserTime: LARGE_INTEGER, + pub DpcTime: LARGE_INTEGER, + pub InterruptTime: LARGE_INTEGER, + pub InterruptCount: ULONG, + pub Spare0: ULONG, + pub AvailableTime: LARGE_INTEGER, + pub Spare1: LARGE_INTEGER, + pub Spare2: LARGE_INTEGER, +} +impl Default for _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX = _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX; +pub type PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX = + *mut _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_SECUREBOOT_POLICY_INFORMATION { + pub PolicyPublisher: GUID, + pub PolicyVersion: ULONG, + pub PolicyOptions: ULONG, +} +pub type SYSTEM_SECUREBOOT_POLICY_INFORMATION = _SYSTEM_SECUREBOOT_POLICY_INFORMATION; +pub type PSYSTEM_SECUREBOOT_POLICY_INFORMATION = *mut _SYSTEM_SECUREBOOT_POLICY_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_PAGEFILE_INFORMATION_EX { + pub __bindgen_anon_1: _SYSTEM_PAGEFILE_INFORMATION_EX__bindgen_ty_1, + pub MinimumSize: ULONG, + pub MaximumSize: ULONG, +} +#[repr(C)] +pub union _SYSTEM_PAGEFILE_INFORMATION_EX__bindgen_ty_1 { + pub Info: ::core::mem::ManuallyDrop, + pub __bindgen_anon_1: + ::core::mem::ManuallyDrop<_SYSTEM_PAGEFILE_INFORMATION_EX__bindgen_ty_1__bindgen_ty_1>, +} +#[repr(C)] +pub struct _SYSTEM_PAGEFILE_INFORMATION_EX__bindgen_ty_1__bindgen_ty_1 { + pub NextEntryOffset: ULONG, + pub TotalSize: ULONG, + pub TotalInUse: ULONG, + pub PeakUsage: ULONG, + pub PageFileName: UNICODE_STRING, +} +impl Default for _SYSTEM_PAGEFILE_INFORMATION_EX__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_PAGEFILE_INFORMATION_EX__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_PAGEFILE_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_PAGEFILE_INFORMATION_EX = _SYSTEM_PAGEFILE_INFORMATION_EX; +pub type PSYSTEM_PAGEFILE_INFORMATION_EX = *mut _SYSTEM_PAGEFILE_INFORMATION_EX; +#[repr(C)] +pub struct _SYSTEM_SECUREBOOT_INFORMATION { + pub SecureBootEnabled: BOOLEAN, + pub SecureBootCapable: BOOLEAN, +} +impl Default for _SYSTEM_SECUREBOOT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_SECUREBOOT_INFORMATION = _SYSTEM_SECUREBOOT_INFORMATION; +pub type PSYSTEM_SECUREBOOT_INFORMATION = *mut _SYSTEM_SECUREBOOT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_DISK_COUNTERS { + pub BytesRead: ULONGLONG, + pub BytesWritten: ULONGLONG, + pub ReadOperationCount: ULONGLONG, + pub WriteOperationCount: ULONGLONG, + pub FlushOperationCount: ULONGLONG, +} +pub type PROCESS_DISK_COUNTERS = _PROCESS_DISK_COUNTERS; +pub type PPROCESS_DISK_COUNTERS = *mut _PROCESS_DISK_COUNTERS; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _ENERGY_STATE_DURATION { + pub Value: ULONGLONG, + pub __bindgen_anon_1: _ENERGY_STATE_DURATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ENERGY_STATE_DURATION__bindgen_ty_1 { + pub LastChangeTime: ULONG, + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _ENERGY_STATE_DURATION__bindgen_ty_1 { + #[inline] + pub fn Duration(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 31u8) as u32) } + } + #[inline] + pub fn set_Duration(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 31u8, val as u64) + } + } + #[inline] + pub fn IsInState(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(31usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsInState(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(31usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Duration: ULONG, IsInState: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 31u8, { + let Duration: u32 = unsafe { ::core::mem::transmute(Duration) }; + Duration as u64 + }); + __bindgen_bitfield_unit.set(31usize, 1u8, { + let IsInState: u32 = unsafe { ::core::mem::transmute(IsInState) }; + IsInState as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _ENERGY_STATE_DURATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ENERGY_STATE_DURATION = _ENERGY_STATE_DURATION; +pub type PENERGY_STATE_DURATION = *mut _ENERGY_STATE_DURATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_ENERGY_VALUES { + pub Cycles: [[ULONGLONG; 2usize]; 4usize], + pub DiskEnergy: ULONGLONG, + pub NetworkTailEnergy: ULONGLONG, + pub MBBTailEnergy: ULONGLONG, + pub NetworkTxRxBytes: ULONGLONG, + pub MBBTxRxBytes: ULONGLONG, + pub __bindgen_anon_1: _PROCESS_ENERGY_VALUES__bindgen_ty_1, + pub CompositionRendered: ULONG, + pub CompositionDirtyGenerated: ULONG, + pub CompositionDirtyPropagated: ULONG, + pub Reserved1: ULONG, + pub AttributedCycles: [[ULONGLONG; 2usize]; 4usize], + pub WorkOnBehalfCycles: [[ULONGLONG; 2usize]; 4usize], +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_ENERGY_VALUES__bindgen_ty_1 { + pub Durations: [ENERGY_STATE_DURATION; 3usize], + pub __bindgen_anon_1: _PROCESS_ENERGY_VALUES__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_ENERGY_VALUES__bindgen_ty_1__bindgen_ty_1 { + pub ForegroundDuration: ENERGY_STATE_DURATION, + pub DesktopVisibleDuration: ENERGY_STATE_DURATION, + pub PSMForegroundDuration: ENERGY_STATE_DURATION, +} +impl Default for _PROCESS_ENERGY_VALUES__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_ENERGY_VALUES__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_ENERGY_VALUES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_ENERGY_VALUES = _PROCESS_ENERGY_VALUES; +pub type PPROCESS_ENERGY_VALUES = *mut _PROCESS_ENERGY_VALUES; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _TIMELINE_BITMAP { + pub Value: ULONGLONG, + pub __bindgen_anon_1: _TIMELINE_BITMAP__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TIMELINE_BITMAP__bindgen_ty_1 { + pub EndTime: ULONG, + pub Bitmap: ULONG, +} +impl Default for _TIMELINE_BITMAP { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TIMELINE_BITMAP = _TIMELINE_BITMAP; +pub type PTIMELINE_BITMAP = *mut _TIMELINE_BITMAP; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_ENERGY_VALUES_EXTENSION { + pub __bindgen_anon_1: _PROCESS_ENERGY_VALUES_EXTENSION__bindgen_ty_1, + pub __bindgen_anon_2: _PROCESS_ENERGY_VALUES_EXTENSION__bindgen_ty_2, + pub KeyboardInput: ULONG, + pub MouseInput: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_ENERGY_VALUES_EXTENSION__bindgen_ty_1 { + pub Timelines: [TIMELINE_BITMAP; 14usize], + pub __bindgen_anon_1: _PROCESS_ENERGY_VALUES_EXTENSION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_ENERGY_VALUES_EXTENSION__bindgen_ty_1__bindgen_ty_1 { + pub CpuTimeline: TIMELINE_BITMAP, + pub DiskTimeline: TIMELINE_BITMAP, + pub NetworkTimeline: TIMELINE_BITMAP, + pub MBBTimeline: TIMELINE_BITMAP, + pub ForegroundTimeline: TIMELINE_BITMAP, + pub DesktopVisibleTimeline: TIMELINE_BITMAP, + pub CompositionRenderedTimeline: TIMELINE_BITMAP, + pub CompositionDirtyGeneratedTimeline: TIMELINE_BITMAP, + pub CompositionDirtyPropagatedTimeline: TIMELINE_BITMAP, + pub InputTimeline: TIMELINE_BITMAP, + pub AudioInTimeline: TIMELINE_BITMAP, + pub AudioOutTimeline: TIMELINE_BITMAP, + pub DisplayRequiredTimeline: TIMELINE_BITMAP, + pub KeyboardInputTimeline: TIMELINE_BITMAP, +} +impl Default for _PROCESS_ENERGY_VALUES_EXTENSION__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_ENERGY_VALUES_EXTENSION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_ENERGY_VALUES_EXTENSION__bindgen_ty_2 { + pub Durations: [ENERGY_STATE_DURATION; 5usize], + pub __bindgen_anon_1: _PROCESS_ENERGY_VALUES_EXTENSION__bindgen_ty_2__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_ENERGY_VALUES_EXTENSION__bindgen_ty_2__bindgen_ty_1 { + pub InputDuration: ENERGY_STATE_DURATION, + pub AudioInDuration: ENERGY_STATE_DURATION, + pub AudioOutDuration: ENERGY_STATE_DURATION, + pub DisplayRequiredDuration: ENERGY_STATE_DURATION, + pub PSMBackgroundDuration: ENERGY_STATE_DURATION, +} +impl Default for _PROCESS_ENERGY_VALUES_EXTENSION__bindgen_ty_2__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_ENERGY_VALUES_EXTENSION__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_ENERGY_VALUES_EXTENSION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_ENERGY_VALUES_EXTENSION = _PROCESS_ENERGY_VALUES_EXTENSION; +pub type PPROCESS_ENERGY_VALUES_EXTENSION = *mut _PROCESS_ENERGY_VALUES_EXTENSION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_EXTENDED_ENERGY_VALUES { + pub Base: PROCESS_ENERGY_VALUES, + pub Extension: PROCESS_ENERGY_VALUES_EXTENSION, +} +impl Default for _PROCESS_EXTENDED_ENERGY_VALUES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_EXTENDED_ENERGY_VALUES = _PROCESS_EXTENDED_ENERGY_VALUES; +pub type PPROCESS_EXTENDED_ENERGY_VALUES = *mut _PROCESS_EXTENDED_ENERGY_VALUES; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYSTEM_PROCESS_CLASSIFICATION { + SystemProcessClassificationNormal = 0, + SystemProcessClassificationSystem = 1, + SystemProcessClassificationSecureSystem = 2, + SystemProcessClassificationMemCompression = 3, + SystemProcessClassificationRegistry = 4, + SystemProcessClassificationMaximum = 5, +} +pub use self::_SYSTEM_PROCESS_CLASSIFICATION as SYSTEM_PROCESS_CLASSIFICATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_PROCESS_INFORMATION_EXTENSION { + pub DiskCounters: PROCESS_DISK_COUNTERS, + pub ContextSwitches: ULONGLONG, + pub __bindgen_anon_1: _SYSTEM_PROCESS_INFORMATION_EXTENSION__bindgen_ty_1, + pub UserSidOffset: ULONG, + pub PackageFullNameOffset: ULONG, + pub EnergyValues: PROCESS_ENERGY_VALUES, + pub AppIdOffset: ULONG, + pub SharedCommitCharge: SIZE_T, + pub JobObjectId: ULONG, + pub SpareUlong: ULONG, + pub ProcessSequenceNumber: ULONGLONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_PROCESS_INFORMATION_EXTENSION__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _SYSTEM_PROCESS_INFORMATION_EXTENSION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PROCESS_INFORMATION_EXTENSION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SYSTEM_PROCESS_INFORMATION_EXTENSION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn HasStrongId(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_HasStrongId(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Classification(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 4u8) as u32) } + } + #[inline] + pub fn set_Classification(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 4u8, val as u64) + } + } + #[inline] + pub fn BackgroundActivityModerated(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_BackgroundActivityModerated(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 26u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 26u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + HasStrongId: ULONG, + Classification: ULONG, + BackgroundActivityModerated: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let HasStrongId: u32 = unsafe { ::core::mem::transmute(HasStrongId) }; + HasStrongId as u64 + }); + __bindgen_bitfield_unit.set(1usize, 4u8, { + let Classification: u32 = unsafe { ::core::mem::transmute(Classification) }; + Classification as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let BackgroundActivityModerated: u32 = + unsafe { ::core::mem::transmute(BackgroundActivityModerated) }; + BackgroundActivityModerated as u64 + }); + __bindgen_bitfield_unit.set(6usize, 26u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSTEM_PROCESS_INFORMATION_EXTENSION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_PROCESS_INFORMATION_EXTENSION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_PROCESS_INFORMATION_EXTENSION = _SYSTEM_PROCESS_INFORMATION_EXTENSION; +pub type PSYSTEM_PROCESS_INFORMATION_EXTENSION = *mut _SYSTEM_PROCESS_INFORMATION_EXTENSION; +#[repr(C)] +pub struct _SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION { + pub EfiLauncherEnabled: BOOLEAN, +} +impl Default for _SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION = + _SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION; +pub type PSYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION = + *mut _SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX { + pub DebuggerAllowed: BOOLEAN, + pub DebuggerEnabled: BOOLEAN, + pub DebuggerPresent: BOOLEAN, +} +impl Default for _SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX = _SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX; +pub type PSYSTEM_KERNEL_DEBUGGER_INFORMATION_EX = *mut _SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_ELAM_CERTIFICATE_INFORMATION { + pub ElamDriverFile: HANDLE, +} +impl Default for _SYSTEM_ELAM_CERTIFICATE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_ELAM_CERTIFICATE_INFORMATION = _SYSTEM_ELAM_CERTIFICATE_INFORMATION; +pub type PSYSTEM_ELAM_CERTIFICATE_INFORMATION = *mut _SYSTEM_ELAM_CERTIFICATE_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2 { + pub Version: ULONG, + pub AbnormalResetOccurred: ULONG, + pub OfflineMemoryDumpCapable: ULONG, + pub ResetDataAddress: LARGE_INTEGER, + pub ResetDataSize: ULONG, +} +impl Default for _OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2 = _OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2; +pub type POFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2 = *mut _OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V1 { + pub Version: ULONG, + pub AbnormalResetOccurred: ULONG, + pub OfflineMemoryDumpCapable: ULONG, +} +pub type OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V1 = _OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V1; +pub type POFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V1 = *mut _OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V1; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PROCESSOR_FEATURES_INFORMATION { + pub ProcessorFeatureBits: ULONGLONG, + pub Reserved: [ULONGLONG; 3usize], +} +pub type SYSTEM_PROCESSOR_FEATURES_INFORMATION = _SYSTEM_PROCESSOR_FEATURES_INFORMATION; +pub type PSYSTEM_PROCESSOR_FEATURES_INFORMATION = *mut _SYSTEM_PROCESSOR_FEATURES_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_EDID_INFORMATION { + pub Edid: [UCHAR; 128usize], +} +impl Default for _SYSTEM_EDID_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_EDID_INFORMATION = _SYSTEM_EDID_INFORMATION; +pub type PSYSTEM_EDID_INFORMATION = *mut _SYSTEM_EDID_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_MANUFACTURING_INFORMATION { + pub Options: ULONG, + pub ProfileName: UNICODE_STRING, +} +impl Default for _SYSTEM_MANUFACTURING_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_MANUFACTURING_INFORMATION = _SYSTEM_MANUFACTURING_INFORMATION; +pub type PSYSTEM_MANUFACTURING_INFORMATION = *mut _SYSTEM_MANUFACTURING_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION { + pub Enabled: BOOLEAN, +} +impl Default for _SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION = _SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION; +pub type PSYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION = + *mut _SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _HV_DETAILS { + pub Data: [ULONG; 4usize], +} +pub type HV_DETAILS = _HV_DETAILS; +pub type PHV_DETAILS = *mut _HV_DETAILS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_HYPERVISOR_DETAIL_INFORMATION { + pub HvVendorAndMaxFunction: HV_DETAILS, + pub HypervisorInterface: HV_DETAILS, + pub HypervisorVersion: HV_DETAILS, + pub HvFeatures: HV_DETAILS, + pub HwFeatures: HV_DETAILS, + pub EnlightenmentInfo: HV_DETAILS, + pub ImplementationLimits: HV_DETAILS, +} +pub type SYSTEM_HYPERVISOR_DETAIL_INFORMATION = _SYSTEM_HYPERVISOR_DETAIL_INFORMATION; +pub type PSYSTEM_HYPERVISOR_DETAIL_INFORMATION = *mut _SYSTEM_HYPERVISOR_DETAIL_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION { + pub Cycles: [[ULONGLONG; 2usize]; 4usize], +} +pub type SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION = _SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION; +pub type PSYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION = *mut _SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_TPM_INFORMATION { + pub Flags: ULONG, +} +pub type SYSTEM_TPM_INFORMATION = _SYSTEM_TPM_INFORMATION; +pub type PSYSTEM_TPM_INFORMATION = *mut _SYSTEM_TPM_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_VSM_PROTECTION_INFORMATION { + pub DmaProtectionsAvailable: BOOLEAN, + pub DmaProtectionsInUse: BOOLEAN, + pub HardwareMbecAvailable: BOOLEAN, + pub ApicVirtualizationAvailable: BOOLEAN, +} +impl Default for _SYSTEM_VSM_PROTECTION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_VSM_PROTECTION_INFORMATION = _SYSTEM_VSM_PROTECTION_INFORMATION; +pub type PSYSTEM_VSM_PROTECTION_INFORMATION = *mut _SYSTEM_VSM_PROTECTION_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_KERNEL_DEBUGGER_FLAGS { + pub KernelDebuggerIgnoreUmExceptions: BOOLEAN, +} +impl Default for _SYSTEM_KERNEL_DEBUGGER_FLAGS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_KERNEL_DEBUGGER_FLAGS = _SYSTEM_KERNEL_DEBUGGER_FLAGS; +pub type PSYSTEM_KERNEL_DEBUGGER_FLAGS = *mut _SYSTEM_KERNEL_DEBUGGER_FLAGS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_CODEINTEGRITYPOLICY_INFORMATION { + pub Options: ULONG, + pub HVCIOptions: ULONG, + pub Version: ULONGLONG, + pub PolicyGuid: GUID, +} +pub type SYSTEM_CODEINTEGRITYPOLICY_INFORMATION = _SYSTEM_CODEINTEGRITYPOLICY_INFORMATION; +pub type PSYSTEM_CODEINTEGRITYPOLICY_INFORMATION = *mut _SYSTEM_CODEINTEGRITYPOLICY_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_ISOLATED_USER_MODE_INFORMATION { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>, + pub Spare0: [BOOLEAN; 6usize], + pub Spare1: ULONGLONG, +} +impl Default for _SYSTEM_ISOLATED_USER_MODE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SYSTEM_ISOLATED_USER_MODE_INFORMATION { + #[inline] + pub fn SecureKernelRunning(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } + } + #[inline] + pub fn set_SecureKernelRunning(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn HvciEnabled(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u8) } + } + #[inline] + pub fn set_HvciEnabled(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn HvciStrictMode(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u8) } + } + #[inline] + pub fn set_HvciStrictMode(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn DebugEnabled(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u8) } + } + #[inline] + pub fn set_DebugEnabled(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn FirmwarePageProtection(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u8) } + } + #[inline] + pub fn set_FirmwarePageProtection(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn EncryptionKeyAvailable(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u8) } + } + #[inline] + pub fn set_EncryptionKeyAvailable(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpareFlags(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 2u8) as u8) } + } + #[inline] + pub fn set_SpareFlags(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 2u8, val as u64) + } + } + #[inline] + pub fn TrustletRunning(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u8) } + } + #[inline] + pub fn set_TrustletRunning(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn HvciDisableAllowed(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u8) } + } + #[inline] + pub fn set_HvciDisableAllowed(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpareFlags2(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 6u8) as u8) } + } + #[inline] + pub fn set_SpareFlags2(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 6u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + SecureKernelRunning: BOOLEAN, + HvciEnabled: BOOLEAN, + HvciStrictMode: BOOLEAN, + DebugEnabled: BOOLEAN, + FirmwarePageProtection: BOOLEAN, + EncryptionKeyAvailable: BOOLEAN, + SpareFlags: BOOLEAN, + TrustletRunning: BOOLEAN, + HvciDisableAllowed: BOOLEAN, + SpareFlags2: BOOLEAN, + ) -> __BindgenBitfieldUnit<[u8; 2usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let SecureKernelRunning: u8 = unsafe { ::core::mem::transmute(SecureKernelRunning) }; + SecureKernelRunning as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let HvciEnabled: u8 = unsafe { ::core::mem::transmute(HvciEnabled) }; + HvciEnabled as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let HvciStrictMode: u8 = unsafe { ::core::mem::transmute(HvciStrictMode) }; + HvciStrictMode as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let DebugEnabled: u8 = unsafe { ::core::mem::transmute(DebugEnabled) }; + DebugEnabled as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let FirmwarePageProtection: u8 = unsafe { ::core::mem::transmute(FirmwarePageProtection) }; + FirmwarePageProtection as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let EncryptionKeyAvailable: u8 = unsafe { ::core::mem::transmute(EncryptionKeyAvailable) }; + EncryptionKeyAvailable as u64 + }); + __bindgen_bitfield_unit.set(6usize, 2u8, { + let SpareFlags: u8 = unsafe { ::core::mem::transmute(SpareFlags) }; + SpareFlags as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let TrustletRunning: u8 = unsafe { ::core::mem::transmute(TrustletRunning) }; + TrustletRunning as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let HvciDisableAllowed: u8 = unsafe { ::core::mem::transmute(HvciDisableAllowed) }; + HvciDisableAllowed as u64 + }); + __bindgen_bitfield_unit.set(10usize, 6u8, { + let SpareFlags2: u8 = unsafe { ::core::mem::transmute(SpareFlags2) }; + SpareFlags2 as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SYSTEM_ISOLATED_USER_MODE_INFORMATION = _SYSTEM_ISOLATED_USER_MODE_INFORMATION; +pub type PSYSTEM_ISOLATED_USER_MODE_INFORMATION = *mut _SYSTEM_ISOLATED_USER_MODE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_SINGLE_MODULE_INFORMATION { + pub TargetModuleAddress: PVOID, + pub ExInfo: RTL_PROCESS_MODULE_INFORMATION_EX, +} +impl Default for _SYSTEM_SINGLE_MODULE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_SINGLE_MODULE_INFORMATION = _SYSTEM_SINGLE_MODULE_INFORMATION; +pub type PSYSTEM_SINGLE_MODULE_INFORMATION = *mut _SYSTEM_SINGLE_MODULE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_INTERRUPT_CPU_SET_INFORMATION { + pub Gsiv: ULONG, + pub Group: USHORT, + pub CpuSets: ULONGLONG, +} +pub type SYSTEM_INTERRUPT_CPU_SET_INFORMATION = _SYSTEM_INTERRUPT_CPU_SET_INFORMATION; +pub type PSYSTEM_INTERRUPT_CPU_SET_INFORMATION = *mut _SYSTEM_INTERRUPT_CPU_SET_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION { + pub PolicyInformation: SYSTEM_SECUREBOOT_POLICY_INFORMATION, + pub PolicySize: ULONG, + pub Policy: [UCHAR; 1usize], +} +pub type SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION = _SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION; +pub type PSYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION = + *mut _SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_ROOT_SILO_INFORMATION { + pub NumberOfSilos: ULONG, + pub SiloIdList: [ULONG; 1usize], +} +pub type SYSTEM_ROOT_SILO_INFORMATION = _SYSTEM_ROOT_SILO_INFORMATION; +pub type PSYSTEM_ROOT_SILO_INFORMATION = *mut _SYSTEM_ROOT_SILO_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_CPU_SET_TAG_INFORMATION { + pub Tag: ULONGLONG, + pub CpuSets: [ULONGLONG; 1usize], +} +pub type SYSTEM_CPU_SET_TAG_INFORMATION = _SYSTEM_CPU_SET_TAG_INFORMATION; +pub type PSYSTEM_CPU_SET_TAG_INFORMATION = *mut _SYSTEM_CPU_SET_TAG_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION { + pub ExtentCount: ULONG, + pub ValidStructureSize: ULONG, + pub NextExtentIndex: ULONG, + pub ExtentRestart: ULONG, + pub CycleCount: ULONG, + pub TimeoutCount: ULONG, + pub CycleTime: ULONGLONG, + pub CycleTimeMax: ULONGLONG, + pub ExtentTime: ULONGLONG, + pub ExtentTimeIndex: ULONG, + pub ExtentTimeMaxIndex: ULONG, + pub ExtentTimeMax: ULONGLONG, + pub HyperFlushTimeMax: ULONGLONG, + pub TranslateVaTimeMax: ULONGLONG, + pub DebugExemptionCount: ULONGLONG, + pub TbHitCount: ULONGLONG, + pub TbMissCount: ULONGLONG, + pub VinaPendingYield: ULONGLONG, + pub HashCycles: ULONGLONG, + pub HistogramOffset: ULONG, + pub HistogramBuckets: ULONG, + pub HistogramShift: ULONG, + pub Reserved1: ULONG, + pub PageNotPresentCount: ULONGLONG, +} +pub type SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION = + _SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION; +pub type PSYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION = + *mut _SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION { + pub PlatformManifestSize: ULONG, + pub PlatformManifest: [UCHAR; 1usize], +} +pub type SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION = + _SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION; +pub type PSYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION = + *mut _SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT { + pub Gsiv: ULONG, + pub ControllerInterrupt: UCHAR, + pub EdgeInterrupt: UCHAR, + pub IsPrimaryInterrupt: UCHAR, + pub TargetAffinity: GROUP_AFFINITY, +} +pub type SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT = _SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT; +pub type PSYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT = + *mut _SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT { + pub AsULONG: ULONG, + pub __bindgen_anon_1: _SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT__bindgen_ty_1 { + #[inline] + pub fn Enabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_Enabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Enabled: ULONG, Reserved: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let Enabled: u32 = unsafe { ::core::mem::transmute(Enabled) }; + Enabled as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT = + _SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT; +pub type PSYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT = + *mut _SYSTEM_INTERRUPT_STEERING_INFORMATION_OUTPUT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_MEMORY_USAGE_INFORMATION { + pub TotalPhysicalBytes: ULONGLONG, + pub AvailableBytes: ULONGLONG, + pub ResidentAvailableBytes: LONGLONG, + pub CommittedBytes: ULONGLONG, + pub SharedCommittedBytes: ULONGLONG, + pub CommitLimitBytes: ULONGLONG, + pub PeakCommitmentBytes: ULONGLONG, +} +pub type SYSTEM_MEMORY_USAGE_INFORMATION = _SYSTEM_MEMORY_USAGE_INFORMATION; +pub type PSYSTEM_MEMORY_USAGE_INFORMATION = *mut _SYSTEM_MEMORY_USAGE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION { + pub ImageFile: HANDLE, + pub Type: ULONG, +} +impl Default for _SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION = + _SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION; +pub type PSYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION = + *mut _SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_PHYSICAL_MEMORY_INFORMATION { + pub TotalPhysicalBytes: ULONGLONG, + pub LowestPhysicalAddress: ULONGLONG, + pub HighestPhysicalAddress: ULONGLONG, +} +pub type SYSTEM_PHYSICAL_MEMORY_INFORMATION = _SYSTEM_PHYSICAL_MEMORY_INFORMATION; +pub type PSYSTEM_PHYSICAL_MEMORY_INFORMATION = *mut _SYSTEM_PHYSICAL_MEMORY_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYSTEM_ACTIVITY_MODERATION_STATE { + SystemActivityModerationStateSystemManaged = 0, + SystemActivityModerationStateUserManagedAllowThrottling = 1, + SystemActivityModerationStateUserManagedDisableThrottling = 2, + MaxSystemActivityModerationState = 3, +} +pub use self::_SYSTEM_ACTIVITY_MODERATION_STATE as SYSTEM_ACTIVITY_MODERATION_STATE; +#[repr(C)] +pub struct _SYSTEM_ACTIVITY_MODERATION_EXE_STATE { + pub ExePathNt: UNICODE_STRING, + pub ModerationState: SYSTEM_ACTIVITY_MODERATION_STATE, +} +impl Default for _SYSTEM_ACTIVITY_MODERATION_EXE_STATE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_ACTIVITY_MODERATION_EXE_STATE = _SYSTEM_ACTIVITY_MODERATION_EXE_STATE; +pub type PSYSTEM_ACTIVITY_MODERATION_EXE_STATE = *mut _SYSTEM_ACTIVITY_MODERATION_EXE_STATE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYSTEM_ACTIVITY_MODERATION_APP_TYPE { + SystemActivityModerationAppTypeClassic = 0, + SystemActivityModerationAppTypePackaged = 1, + MaxSystemActivityModerationAppType = 2, +} +pub use self::_SYSTEM_ACTIVITY_MODERATION_APP_TYPE as SYSTEM_ACTIVITY_MODERATION_APP_TYPE; +#[repr(C)] +pub struct _SYSTEM_ACTIVITY_MODERATION_INFO { + pub Identifier: UNICODE_STRING, + pub ModerationState: SYSTEM_ACTIVITY_MODERATION_STATE, + pub AppType: SYSTEM_ACTIVITY_MODERATION_APP_TYPE, +} +impl Default for _SYSTEM_ACTIVITY_MODERATION_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_ACTIVITY_MODERATION_INFO = _SYSTEM_ACTIVITY_MODERATION_INFO; +pub type PSYSTEM_ACTIVITY_MODERATION_INFO = *mut _SYSTEM_ACTIVITY_MODERATION_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS { + pub UserKeyHandle: HANDLE, +} +impl Default for _SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS = _SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS; +pub type PSYSTEM_ACTIVITY_MODERATION_USER_SETTINGS = *mut _SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION { + pub __bindgen_anon_1: _SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION__bindgen_ty_1, + pub UnlockId: [UCHAR; 32usize], +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn Locked(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_Locked(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn UnlockApplied(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_UnlockApplied(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn UnlockIdValid(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_UnlockIdValid(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 29u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 29u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Locked: ULONG, + UnlockApplied: ULONG, + UnlockIdValid: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let Locked: u32 = unsafe { ::core::mem::transmute(Locked) }; + Locked as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let UnlockApplied: u32 = unsafe { ::core::mem::transmute(UnlockApplied) }; + UnlockApplied as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let UnlockIdValid: u32 = unsafe { ::core::mem::transmute(UnlockIdValid) }; + UnlockIdValid as u64 + }); + __bindgen_bitfield_unit.set(3usize, 29u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION = _SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION; +pub type PSYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION = *mut _SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_FLUSH_INFORMATION { + pub SupportedFlushMethods: ULONG, + pub ProcessorCacheFlushSize: ULONG, + pub SystemFlushCapabilities: ULONGLONG, + pub Reserved: [ULONGLONG; 2usize], +} +pub type SYSTEM_FLUSH_INFORMATION = _SYSTEM_FLUSH_INFORMATION; +pub type PSYSTEM_FLUSH_INFORMATION = *mut _SYSTEM_FLUSH_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_WRITE_CONSTRAINT_INFORMATION { + pub WriteConstraintPolicy: ULONG, + pub Reserved: ULONG, +} +pub type SYSTEM_WRITE_CONSTRAINT_INFORMATION = _SYSTEM_WRITE_CONSTRAINT_INFORMATION; +pub type PSYSTEM_WRITE_CONSTRAINT_INFORMATION = *mut _SYSTEM_WRITE_CONSTRAINT_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_KERNEL_VA_SHADOW_INFORMATION { + pub __bindgen_anon_1: _SYSTEM_KERNEL_VA_SHADOW_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_KERNEL_VA_SHADOW_INFORMATION__bindgen_ty_1 { + pub KvaShadowFlags: ULONG, + pub __bindgen_anon_1: _SYSTEM_KERNEL_VA_SHADOW_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_KERNEL_VA_SHADOW_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SYSTEM_KERNEL_VA_SHADOW_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn KvaShadowEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_KvaShadowEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn KvaShadowUserGlobal(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_KvaShadowUserGlobal(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn KvaShadowPcid(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_KvaShadowPcid(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn KvaShadowInvpcid(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_KvaShadowInvpcid(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn KvaShadowRequired(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_KvaShadowRequired(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn KvaShadowRequiredAvailable(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_KvaShadowRequiredAvailable(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn InvalidPteBit(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 6u8) as u32) } + } + #[inline] + pub fn set_InvalidPteBit(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 6u8, val as u64) + } + } + #[inline] + pub fn L1DataCacheFlushSupported(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 1u8) as u32) } + } + #[inline] + pub fn set_L1DataCacheFlushSupported(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 1u8, val as u64) + } + } + #[inline] + pub fn L1TerminalFaultMitigationPresent(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(13usize, 1u8) as u32) } + } + #[inline] + pub fn set_L1TerminalFaultMitigationPresent(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(13usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(14usize, 18u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(14usize, 18u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + KvaShadowEnabled: ULONG, + KvaShadowUserGlobal: ULONG, + KvaShadowPcid: ULONG, + KvaShadowInvpcid: ULONG, + KvaShadowRequired: ULONG, + KvaShadowRequiredAvailable: ULONG, + InvalidPteBit: ULONG, + L1DataCacheFlushSupported: ULONG, + L1TerminalFaultMitigationPresent: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let KvaShadowEnabled: u32 = unsafe { ::core::mem::transmute(KvaShadowEnabled) }; + KvaShadowEnabled as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let KvaShadowUserGlobal: u32 = unsafe { ::core::mem::transmute(KvaShadowUserGlobal) }; + KvaShadowUserGlobal as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let KvaShadowPcid: u32 = unsafe { ::core::mem::transmute(KvaShadowPcid) }; + KvaShadowPcid as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let KvaShadowInvpcid: u32 = unsafe { ::core::mem::transmute(KvaShadowInvpcid) }; + KvaShadowInvpcid as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let KvaShadowRequired: u32 = unsafe { ::core::mem::transmute(KvaShadowRequired) }; + KvaShadowRequired as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let KvaShadowRequiredAvailable: u32 = + unsafe { ::core::mem::transmute(KvaShadowRequiredAvailable) }; + KvaShadowRequiredAvailable as u64 + }); + __bindgen_bitfield_unit.set(6usize, 6u8, { + let InvalidPteBit: u32 = unsafe { ::core::mem::transmute(InvalidPteBit) }; + InvalidPteBit as u64 + }); + __bindgen_bitfield_unit.set(12usize, 1u8, { + let L1DataCacheFlushSupported: u32 = + unsafe { ::core::mem::transmute(L1DataCacheFlushSupported) }; + L1DataCacheFlushSupported as u64 + }); + __bindgen_bitfield_unit.set(13usize, 1u8, { + let L1TerminalFaultMitigationPresent: u32 = + unsafe { ::core::mem::transmute(L1TerminalFaultMitigationPresent) }; + L1TerminalFaultMitigationPresent as u64 + }); + __bindgen_bitfield_unit.set(14usize, 18u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSTEM_KERNEL_VA_SHADOW_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_KERNEL_VA_SHADOW_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_KERNEL_VA_SHADOW_INFORMATION = _SYSTEM_KERNEL_VA_SHADOW_INFORMATION; +pub type PSYSTEM_KERNEL_VA_SHADOW_INFORMATION = *mut _SYSTEM_KERNEL_VA_SHADOW_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION { + pub FileHandle: HANDLE, + pub ImageSize: ULONG, + pub Image: PVOID, +} +impl Default for _SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION = + _SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION; +pub type PSYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION = + *mut _SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION { + pub HypervisorSharedUserVa: PVOID, +} +impl Default for _SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION = _SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION; +pub type PSYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION = + *mut _SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_FIRMWARE_PARTITION_INFORMATION { + pub FirmwarePartition: UNICODE_STRING, +} +impl Default for _SYSTEM_FIRMWARE_PARTITION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_FIRMWARE_PARTITION_INFORMATION = _SYSTEM_FIRMWARE_PARTITION_INFORMATION; +pub type PSYSTEM_FIRMWARE_PARTITION_INFORMATION = *mut _SYSTEM_FIRMWARE_PARTITION_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_SPECULATION_CONTROL_INFORMATION { + pub SpeculationControlFlags: _SYSTEM_SPECULATION_CONTROL_INFORMATION__bindgen_ty_1, + pub SpeculationControlFlags2: _SYSTEM_SPECULATION_CONTROL_INFORMATION__bindgen_ty_2, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_SPECULATION_CONTROL_INFORMATION__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _SYSTEM_SPECULATION_CONTROL_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_SPECULATION_CONTROL_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SYSTEM_SPECULATION_CONTROL_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn BpbEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_BpbEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn BpbDisabledSystemPolicy(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_BpbDisabledSystemPolicy(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn BpbDisabledNoHardwareSupport(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_BpbDisabledNoHardwareSupport(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpecCtrlEnumerated(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_SpecCtrlEnumerated(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpecCmdEnumerated(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_SpecCmdEnumerated(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn IbrsPresent(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_IbrsPresent(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn StibpPresent(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_StibpPresent(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn SmepPresent(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u32) } + } + #[inline] + pub fn set_SmepPresent(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpeculativeStoreBypassDisableAvailable(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_SpeculativeStoreBypassDisableAvailable(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpeculativeStoreBypassDisableSupported(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u32) } + } + #[inline] + pub fn set_SpeculativeStoreBypassDisableSupported(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpeculativeStoreBypassDisabledSystemWide(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 1u8) as u32) } + } + #[inline] + pub fn set_SpeculativeStoreBypassDisabledSystemWide(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpeculativeStoreBypassDisabledKernel(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(11usize, 1u8) as u32) } + } + #[inline] + pub fn set_SpeculativeStoreBypassDisabledKernel(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(11usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpeculativeStoreBypassDisableRequired(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 1u8) as u32) } + } + #[inline] + pub fn set_SpeculativeStoreBypassDisableRequired(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 1u8, val as u64) + } + } + #[inline] + pub fn BpbDisabledKernelToUser(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(13usize, 1u8) as u32) } + } + #[inline] + pub fn set_BpbDisabledKernelToUser(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(13usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpecCtrlRetpolineEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(14usize, 1u8) as u32) } + } + #[inline] + pub fn set_SpecCtrlRetpolineEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(14usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpecCtrlImportOptimizationEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(15usize, 1u8) as u32) } + } + #[inline] + pub fn set_SpecCtrlImportOptimizationEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(15usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnhancedIbrs(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnhancedIbrs(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 1u8, val as u64) + } + } + #[inline] + pub fn HvL1tfStatusAvailable(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(17usize, 1u8) as u32) } + } + #[inline] + pub fn set_HvL1tfStatusAvailable(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(17usize, 1u8, val as u64) + } + } + #[inline] + pub fn HvL1tfProcessorNotAffected(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(18usize, 1u8) as u32) } + } + #[inline] + pub fn set_HvL1tfProcessorNotAffected(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(18usize, 1u8, val as u64) + } + } + #[inline] + pub fn HvL1tfMigitationEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(19usize, 1u8) as u32) } + } + #[inline] + pub fn set_HvL1tfMigitationEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(19usize, 1u8, val as u64) + } + } + #[inline] + pub fn HvL1tfMigitationNotEnabled_Hardware(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(20usize, 1u8) as u32) } + } + #[inline] + pub fn set_HvL1tfMigitationNotEnabled_Hardware(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(20usize, 1u8, val as u64) + } + } + #[inline] + pub fn HvL1tfMigitationNotEnabled_LoadOption(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(21usize, 1u8) as u32) } + } + #[inline] + pub fn set_HvL1tfMigitationNotEnabled_LoadOption(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(21usize, 1u8, val as u64) + } + } + #[inline] + pub fn HvL1tfMigitationNotEnabled_CoreScheduler(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(22usize, 1u8) as u32) } + } + #[inline] + pub fn set_HvL1tfMigitationNotEnabled_CoreScheduler(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(22usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnhancedIbrsReported(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(23usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnhancedIbrsReported(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(23usize, 1u8, val as u64) + } + } + #[inline] + pub fn MdsHardwareProtected(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(24usize, 1u8) as u32) } + } + #[inline] + pub fn set_MdsHardwareProtected(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(24usize, 1u8, val as u64) + } + } + #[inline] + pub fn MbClearEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(25usize, 1u8) as u32) } + } + #[inline] + pub fn set_MbClearEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(25usize, 1u8, val as u64) + } + } + #[inline] + pub fn MbClearReported(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(26usize, 1u8) as u32) } + } + #[inline] + pub fn set_MbClearReported(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(26usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedTaa(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(27usize, 4u8) as u32) } + } + #[inline] + pub fn set_ReservedTaa(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(27usize, 4u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(31usize, 1u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(31usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + BpbEnabled: ULONG, + BpbDisabledSystemPolicy: ULONG, + BpbDisabledNoHardwareSupport: ULONG, + SpecCtrlEnumerated: ULONG, + SpecCmdEnumerated: ULONG, + IbrsPresent: ULONG, + StibpPresent: ULONG, + SmepPresent: ULONG, + SpeculativeStoreBypassDisableAvailable: ULONG, + SpeculativeStoreBypassDisableSupported: ULONG, + SpeculativeStoreBypassDisabledSystemWide: ULONG, + SpeculativeStoreBypassDisabledKernel: ULONG, + SpeculativeStoreBypassDisableRequired: ULONG, + BpbDisabledKernelToUser: ULONG, + SpecCtrlRetpolineEnabled: ULONG, + SpecCtrlImportOptimizationEnabled: ULONG, + EnhancedIbrs: ULONG, + HvL1tfStatusAvailable: ULONG, + HvL1tfProcessorNotAffected: ULONG, + HvL1tfMigitationEnabled: ULONG, + HvL1tfMigitationNotEnabled_Hardware: ULONG, + HvL1tfMigitationNotEnabled_LoadOption: ULONG, + HvL1tfMigitationNotEnabled_CoreScheduler: ULONG, + EnhancedIbrsReported: ULONG, + MdsHardwareProtected: ULONG, + MbClearEnabled: ULONG, + MbClearReported: ULONG, + ReservedTaa: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let BpbEnabled: u32 = unsafe { ::core::mem::transmute(BpbEnabled) }; + BpbEnabled as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let BpbDisabledSystemPolicy: u32 = + unsafe { ::core::mem::transmute(BpbDisabledSystemPolicy) }; + BpbDisabledSystemPolicy as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let BpbDisabledNoHardwareSupport: u32 = + unsafe { ::core::mem::transmute(BpbDisabledNoHardwareSupport) }; + BpbDisabledNoHardwareSupport as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let SpecCtrlEnumerated: u32 = unsafe { ::core::mem::transmute(SpecCtrlEnumerated) }; + SpecCtrlEnumerated as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let SpecCmdEnumerated: u32 = unsafe { ::core::mem::transmute(SpecCmdEnumerated) }; + SpecCmdEnumerated as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let IbrsPresent: u32 = unsafe { ::core::mem::transmute(IbrsPresent) }; + IbrsPresent as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let StibpPresent: u32 = unsafe { ::core::mem::transmute(StibpPresent) }; + StibpPresent as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let SmepPresent: u32 = unsafe { ::core::mem::transmute(SmepPresent) }; + SmepPresent as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let SpeculativeStoreBypassDisableAvailable: u32 = + unsafe { ::core::mem::transmute(SpeculativeStoreBypassDisableAvailable) }; + SpeculativeStoreBypassDisableAvailable as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let SpeculativeStoreBypassDisableSupported: u32 = + unsafe { ::core::mem::transmute(SpeculativeStoreBypassDisableSupported) }; + SpeculativeStoreBypassDisableSupported as u64 + }); + __bindgen_bitfield_unit.set(10usize, 1u8, { + let SpeculativeStoreBypassDisabledSystemWide: u32 = + unsafe { ::core::mem::transmute(SpeculativeStoreBypassDisabledSystemWide) }; + SpeculativeStoreBypassDisabledSystemWide as u64 + }); + __bindgen_bitfield_unit.set(11usize, 1u8, { + let SpeculativeStoreBypassDisabledKernel: u32 = + unsafe { ::core::mem::transmute(SpeculativeStoreBypassDisabledKernel) }; + SpeculativeStoreBypassDisabledKernel as u64 + }); + __bindgen_bitfield_unit.set(12usize, 1u8, { + let SpeculativeStoreBypassDisableRequired: u32 = + unsafe { ::core::mem::transmute(SpeculativeStoreBypassDisableRequired) }; + SpeculativeStoreBypassDisableRequired as u64 + }); + __bindgen_bitfield_unit.set(13usize, 1u8, { + let BpbDisabledKernelToUser: u32 = + unsafe { ::core::mem::transmute(BpbDisabledKernelToUser) }; + BpbDisabledKernelToUser as u64 + }); + __bindgen_bitfield_unit.set(14usize, 1u8, { + let SpecCtrlRetpolineEnabled: u32 = + unsafe { ::core::mem::transmute(SpecCtrlRetpolineEnabled) }; + SpecCtrlRetpolineEnabled as u64 + }); + __bindgen_bitfield_unit.set(15usize, 1u8, { + let SpecCtrlImportOptimizationEnabled: u32 = + unsafe { ::core::mem::transmute(SpecCtrlImportOptimizationEnabled) }; + SpecCtrlImportOptimizationEnabled as u64 + }); + __bindgen_bitfield_unit.set(16usize, 1u8, { + let EnhancedIbrs: u32 = unsafe { ::core::mem::transmute(EnhancedIbrs) }; + EnhancedIbrs as u64 + }); + __bindgen_bitfield_unit.set(17usize, 1u8, { + let HvL1tfStatusAvailable: u32 = unsafe { ::core::mem::transmute(HvL1tfStatusAvailable) }; + HvL1tfStatusAvailable as u64 + }); + __bindgen_bitfield_unit.set(18usize, 1u8, { + let HvL1tfProcessorNotAffected: u32 = + unsafe { ::core::mem::transmute(HvL1tfProcessorNotAffected) }; + HvL1tfProcessorNotAffected as u64 + }); + __bindgen_bitfield_unit.set(19usize, 1u8, { + let HvL1tfMigitationEnabled: u32 = + unsafe { ::core::mem::transmute(HvL1tfMigitationEnabled) }; + HvL1tfMigitationEnabled as u64 + }); + __bindgen_bitfield_unit.set(20usize, 1u8, { + let HvL1tfMigitationNotEnabled_Hardware: u32 = + unsafe { ::core::mem::transmute(HvL1tfMigitationNotEnabled_Hardware) }; + HvL1tfMigitationNotEnabled_Hardware as u64 + }); + __bindgen_bitfield_unit.set(21usize, 1u8, { + let HvL1tfMigitationNotEnabled_LoadOption: u32 = + unsafe { ::core::mem::transmute(HvL1tfMigitationNotEnabled_LoadOption) }; + HvL1tfMigitationNotEnabled_LoadOption as u64 + }); + __bindgen_bitfield_unit.set(22usize, 1u8, { + let HvL1tfMigitationNotEnabled_CoreScheduler: u32 = + unsafe { ::core::mem::transmute(HvL1tfMigitationNotEnabled_CoreScheduler) }; + HvL1tfMigitationNotEnabled_CoreScheduler as u64 + }); + __bindgen_bitfield_unit.set(23usize, 1u8, { + let EnhancedIbrsReported: u32 = unsafe { ::core::mem::transmute(EnhancedIbrsReported) }; + EnhancedIbrsReported as u64 + }); + __bindgen_bitfield_unit.set(24usize, 1u8, { + let MdsHardwareProtected: u32 = unsafe { ::core::mem::transmute(MdsHardwareProtected) }; + MdsHardwareProtected as u64 + }); + __bindgen_bitfield_unit.set(25usize, 1u8, { + let MbClearEnabled: u32 = unsafe { ::core::mem::transmute(MbClearEnabled) }; + MbClearEnabled as u64 + }); + __bindgen_bitfield_unit.set(26usize, 1u8, { + let MbClearReported: u32 = unsafe { ::core::mem::transmute(MbClearReported) }; + MbClearReported as u64 + }); + __bindgen_bitfield_unit.set(27usize, 4u8, { + let ReservedTaa: u32 = unsafe { ::core::mem::transmute(ReservedTaa) }; + ReservedTaa as u64 + }); + __bindgen_bitfield_unit.set(31usize, 1u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSTEM_SPECULATION_CONTROL_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_SPECULATION_CONTROL_INFORMATION__bindgen_ty_2 { + pub Flags: ULONG, + pub __bindgen_anon_1: _SYSTEM_SPECULATION_CONTROL_INFORMATION__bindgen_ty_2__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_SPECULATION_CONTROL_INFORMATION__bindgen_ty_2__bindgen_ty_1 { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SYSTEM_SPECULATION_CONTROL_INFORMATION__bindgen_ty_2__bindgen_ty_1 { + #[inline] + pub fn Reserved1(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 5u8) as u32) } + } + #[inline] + pub fn set_Reserved1(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 5u8, val as u64) + } + } + #[inline] + pub fn BhbEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_BhbEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn BhbDisabledSystemPolicy(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_BhbDisabledSystemPolicy(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn BhbDisabledNoHardwareSupport(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u32) } + } + #[inline] + pub fn set_BhbDisabledNoHardwareSupport(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved2(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 3u8) as u32) } + } + #[inline] + pub fn set_Reserved2(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 3u8, val as u64) + } + } + #[inline] + pub fn RdclHardwareProtectedReported(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(11usize, 1u8) as u32) } + } + #[inline] + pub fn set_RdclHardwareProtectedReported(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(11usize, 1u8, val as u64) + } + } + #[inline] + pub fn RdclHardwareProtected(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 1u8) as u32) } + } + #[inline] + pub fn set_RdclHardwareProtected(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved3(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(13usize, 4u8) as u32) } + } + #[inline] + pub fn set_Reserved3(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(13usize, 4u8, val as u64) + } + } + #[inline] + pub fn Reserved4(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(17usize, 3u8) as u32) } + } + #[inline] + pub fn set_Reserved4(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(17usize, 3u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(20usize, 12u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(20usize, 12u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Reserved1: ULONG, + BhbEnabled: ULONG, + BhbDisabledSystemPolicy: ULONG, + BhbDisabledNoHardwareSupport: ULONG, + Reserved2: ULONG, + RdclHardwareProtectedReported: ULONG, + RdclHardwareProtected: ULONG, + Reserved3: ULONG, + Reserved4: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 5u8, { + let Reserved1: u32 = unsafe { ::core::mem::transmute(Reserved1) }; + Reserved1 as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let BhbEnabled: u32 = unsafe { ::core::mem::transmute(BhbEnabled) }; + BhbEnabled as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let BhbDisabledSystemPolicy: u32 = + unsafe { ::core::mem::transmute(BhbDisabledSystemPolicy) }; + BhbDisabledSystemPolicy as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let BhbDisabledNoHardwareSupport: u32 = + unsafe { ::core::mem::transmute(BhbDisabledNoHardwareSupport) }; + BhbDisabledNoHardwareSupport as u64 + }); + __bindgen_bitfield_unit.set(8usize, 3u8, { + let Reserved2: u32 = unsafe { ::core::mem::transmute(Reserved2) }; + Reserved2 as u64 + }); + __bindgen_bitfield_unit.set(11usize, 1u8, { + let RdclHardwareProtectedReported: u32 = + unsafe { ::core::mem::transmute(RdclHardwareProtectedReported) }; + RdclHardwareProtectedReported as u64 + }); + __bindgen_bitfield_unit.set(12usize, 1u8, { + let RdclHardwareProtected: u32 = unsafe { ::core::mem::transmute(RdclHardwareProtected) }; + RdclHardwareProtected as u64 + }); + __bindgen_bitfield_unit.set(13usize, 4u8, { + let Reserved3: u32 = unsafe { ::core::mem::transmute(Reserved3) }; + Reserved3 as u64 + }); + __bindgen_bitfield_unit.set(17usize, 3u8, { + let Reserved4: u32 = unsafe { ::core::mem::transmute(Reserved4) }; + Reserved4 as u64 + }); + __bindgen_bitfield_unit.set(20usize, 12u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSTEM_SPECULATION_CONTROL_INFORMATION__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_SPECULATION_CONTROL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_SPECULATION_CONTROL_INFORMATION = _SYSTEM_SPECULATION_CONTROL_INFORMATION; +pub type PSYSTEM_SPECULATION_CONTROL_INFORMATION = *mut _SYSTEM_SPECULATION_CONTROL_INFORMATION; +#[repr(C)] +pub struct _SYSTEM_DMA_GUARD_POLICY_INFORMATION { + pub DmaGuardPolicyEnabled: BOOLEAN, +} +impl Default for _SYSTEM_DMA_GUARD_POLICY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_DMA_GUARD_POLICY_INFORMATION = _SYSTEM_DMA_GUARD_POLICY_INFORMATION; +pub type PSYSTEM_DMA_GUARD_POLICY_INFORMATION = *mut _SYSTEM_DMA_GUARD_POLICY_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION { + pub EnclaveLaunchSigner: [UCHAR; 32usize], +} +pub type SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION = _SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION; +pub type PSYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION = + *mut _SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION { + pub WorkloadClass: ULONGLONG, + pub CpuSets: [ULONGLONG; 1usize], +} +pub type SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION = _SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION; +pub type PSYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION = + *mut _SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_SECURITY_MODEL_INFORMATION { + pub __bindgen_anon_1: _SYSTEM_SECURITY_MODEL_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_SECURITY_MODEL_INFORMATION__bindgen_ty_1 { + pub SecurityModelFlags: ULONG, + pub __bindgen_anon_1: _SYSTEM_SECURITY_MODEL_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_SECURITY_MODEL_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SYSTEM_SECURITY_MODEL_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn SModeAdminlessEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_SModeAdminlessEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn AllowDeviceOwnerProtectionDowngrade(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_AllowDeviceOwnerProtectionDowngrade(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 30u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 30u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + SModeAdminlessEnabled: ULONG, + AllowDeviceOwnerProtectionDowngrade: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let SModeAdminlessEnabled: u32 = unsafe { ::core::mem::transmute(SModeAdminlessEnabled) }; + SModeAdminlessEnabled as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let AllowDeviceOwnerProtectionDowngrade: u32 = + unsafe { ::core::mem::transmute(AllowDeviceOwnerProtectionDowngrade) }; + AllowDeviceOwnerProtectionDowngrade as u64 + }); + __bindgen_bitfield_unit.set(2usize, 30u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSTEM_SECURITY_MODEL_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_SECURITY_MODEL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_SECURITY_MODEL_INFORMATION = _SYSTEM_SECURITY_MODEL_INFORMATION; +pub type PSYSTEM_SECURITY_MODEL_INFORMATION = *mut _SYSTEM_SECURITY_MODEL_INFORMATION; +pub type PRTL_FEATURE_CONFIGURATION = *mut _RTL_FEATURE_CONFIGURATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_FEATURE_CONFIGURATION_INFORMATION { + pub ChangeStamp: ULONGLONG, + pub Configuration: PRTL_FEATURE_CONFIGURATION, +} +impl Default for _SYSTEM_FEATURE_CONFIGURATION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_FEATURE_CONFIGURATION_INFORMATION = _SYSTEM_FEATURE_CONFIGURATION_INFORMATION; +pub type PSYSTEM_FEATURE_CONFIGURATION_INFORMATION = *mut _SYSTEM_FEATURE_CONFIGURATION_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY { + pub ChangeStamp: ULONGLONG, + pub Section: PVOID, + pub Size: ULONGLONG, +} +impl Default for _SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY = + _SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY; +pub type PSYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY = + *mut _SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION { + pub OverallChangeStamp: ULONGLONG, + pub Descriptors: [SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION_ENTRY; 3usize], +} +impl Default for _SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION = + _SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION; +pub type PSYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION = + *mut _SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_FEATURE_USAGE_SUBSCRIPTION_TARGET { + pub Data: [ULONG; 2usize], +} +pub type RTL_FEATURE_USAGE_SUBSCRIPTION_TARGET = _RTL_FEATURE_USAGE_SUBSCRIPTION_TARGET; +pub type PRTL_FEATURE_USAGE_SUBSCRIPTION_TARGET = *mut _RTL_FEATURE_USAGE_SUBSCRIPTION_TARGET; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS { + pub FeatureId: ULONG, + pub ReportingKind: USHORT, + pub ReportingOptions: USHORT, + pub ReportingTarget: RTL_FEATURE_USAGE_SUBSCRIPTION_TARGET, +} +pub type SYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS = _SYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS; +pub type PSYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS = + *mut _SYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SECURE_SPECULATION_CONTROL_INFORMATION { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl Default for _SECURE_SPECULATION_CONTROL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _SECURE_SPECULATION_CONTROL_INFORMATION { + #[inline] + pub fn KvaShadowSupported(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_KvaShadowSupported(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn KvaShadowEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_KvaShadowEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn KvaShadowUserGlobal(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_KvaShadowUserGlobal(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn KvaShadowPcid(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_KvaShadowPcid(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn MbClearEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_MbClearEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn L1TFMitigated(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_L1TFMitigated(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn BpbEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_BpbEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn IbrsPresent(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u32) } + } + #[inline] + pub fn set_IbrsPresent(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnhancedIbrs(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnhancedIbrs(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn StibpPresent(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u32) } + } + #[inline] + pub fn set_StibpPresent(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn SsbdSupported(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 1u8) as u32) } + } + #[inline] + pub fn set_SsbdSupported(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 1u8, val as u64) + } + } + #[inline] + pub fn SsbdRequired(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(11usize, 1u8) as u32) } + } + #[inline] + pub fn set_SsbdRequired(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(11usize, 1u8, val as u64) + } + } + #[inline] + pub fn BpbKernelToUser(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 1u8) as u32) } + } + #[inline] + pub fn set_BpbKernelToUser(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 1u8, val as u64) + } + } + #[inline] + pub fn BpbUserToKernel(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(13usize, 1u8) as u32) } + } + #[inline] + pub fn set_BpbUserToKernel(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(13usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReturnSpeculate(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(14usize, 1u8) as u32) } + } + #[inline] + pub fn set_ReturnSpeculate(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(14usize, 1u8, val as u64) + } + } + #[inline] + pub fn BranchConfusionSafe(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(15usize, 1u8) as u32) } + } + #[inline] + pub fn set_BranchConfusionSafe(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(15usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 16u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 16u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + KvaShadowSupported: ULONG, + KvaShadowEnabled: ULONG, + KvaShadowUserGlobal: ULONG, + KvaShadowPcid: ULONG, + MbClearEnabled: ULONG, + L1TFMitigated: ULONG, + BpbEnabled: ULONG, + IbrsPresent: ULONG, + EnhancedIbrs: ULONG, + StibpPresent: ULONG, + SsbdSupported: ULONG, + SsbdRequired: ULONG, + BpbKernelToUser: ULONG, + BpbUserToKernel: ULONG, + ReturnSpeculate: ULONG, + BranchConfusionSafe: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let KvaShadowSupported: u32 = unsafe { ::core::mem::transmute(KvaShadowSupported) }; + KvaShadowSupported as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let KvaShadowEnabled: u32 = unsafe { ::core::mem::transmute(KvaShadowEnabled) }; + KvaShadowEnabled as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let KvaShadowUserGlobal: u32 = unsafe { ::core::mem::transmute(KvaShadowUserGlobal) }; + KvaShadowUserGlobal as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let KvaShadowPcid: u32 = unsafe { ::core::mem::transmute(KvaShadowPcid) }; + KvaShadowPcid as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let MbClearEnabled: u32 = unsafe { ::core::mem::transmute(MbClearEnabled) }; + MbClearEnabled as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let L1TFMitigated: u32 = unsafe { ::core::mem::transmute(L1TFMitigated) }; + L1TFMitigated as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let BpbEnabled: u32 = unsafe { ::core::mem::transmute(BpbEnabled) }; + BpbEnabled as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let IbrsPresent: u32 = unsafe { ::core::mem::transmute(IbrsPresent) }; + IbrsPresent as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let EnhancedIbrs: u32 = unsafe { ::core::mem::transmute(EnhancedIbrs) }; + EnhancedIbrs as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let StibpPresent: u32 = unsafe { ::core::mem::transmute(StibpPresent) }; + StibpPresent as u64 + }); + __bindgen_bitfield_unit.set(10usize, 1u8, { + let SsbdSupported: u32 = unsafe { ::core::mem::transmute(SsbdSupported) }; + SsbdSupported as u64 + }); + __bindgen_bitfield_unit.set(11usize, 1u8, { + let SsbdRequired: u32 = unsafe { ::core::mem::transmute(SsbdRequired) }; + SsbdRequired as u64 + }); + __bindgen_bitfield_unit.set(12usize, 1u8, { + let BpbKernelToUser: u32 = unsafe { ::core::mem::transmute(BpbKernelToUser) }; + BpbKernelToUser as u64 + }); + __bindgen_bitfield_unit.set(13usize, 1u8, { + let BpbUserToKernel: u32 = unsafe { ::core::mem::transmute(BpbUserToKernel) }; + BpbUserToKernel as u64 + }); + __bindgen_bitfield_unit.set(14usize, 1u8, { + let ReturnSpeculate: u32 = unsafe { ::core::mem::transmute(ReturnSpeculate) }; + ReturnSpeculate as u64 + }); + __bindgen_bitfield_unit.set(15usize, 1u8, { + let BranchConfusionSafe: u32 = unsafe { ::core::mem::transmute(BranchConfusionSafe) }; + BranchConfusionSafe as u64 + }); + __bindgen_bitfield_unit.set(16usize, 16u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +pub type SECURE_SPECULATION_CONTROL_INFORMATION = _SECURE_SPECULATION_CONTROL_INFORMATION; +pub type PSECURE_SPECULATION_CONTROL_INFORMATION = *mut _SECURE_SPECULATION_CONTROL_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_FIRMWARE_RAMDISK_INFORMATION { + pub Version: ULONG, + pub BlockSize: ULONG, + pub BaseAddress: ULONG_PTR, + pub Size: SIZE_T, +} +pub type SYSTEM_FIRMWARE_RAMDISK_INFORMATION = _SYSTEM_FIRMWARE_RAMDISK_INFORMATION; +pub type PSYSTEM_FIRMWARE_RAMDISK_INFORMATION = *mut _SYSTEM_FIRMWARE_RAMDISK_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_SHADOW_STACK_INFORMATION { + pub __bindgen_anon_1: _SYSTEM_SHADOW_STACK_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_SHADOW_STACK_INFORMATION__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _SYSTEM_SHADOW_STACK_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_SHADOW_STACK_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SYSTEM_SHADOW_STACK_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn CetCapable(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_CetCapable(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn UserCetAllowed(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_UserCetAllowed(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedForUserCet(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 6u8) as u32) } + } + #[inline] + pub fn set_ReservedForUserCet(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 6u8, val as u64) + } + } + #[inline] + pub fn KernelCetEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_KernelCetEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn KernelCetAuditModeEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u32) } + } + #[inline] + pub fn set_KernelCetAuditModeEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedForKernelCet(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 6u8) as u32) } + } + #[inline] + pub fn set_ReservedForKernelCet(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 6u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 16u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 16u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + CetCapable: ULONG, + UserCetAllowed: ULONG, + ReservedForUserCet: ULONG, + KernelCetEnabled: ULONG, + KernelCetAuditModeEnabled: ULONG, + ReservedForKernelCet: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let CetCapable: u32 = unsafe { ::core::mem::transmute(CetCapable) }; + CetCapable as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let UserCetAllowed: u32 = unsafe { ::core::mem::transmute(UserCetAllowed) }; + UserCetAllowed as u64 + }); + __bindgen_bitfield_unit.set(2usize, 6u8, { + let ReservedForUserCet: u32 = unsafe { ::core::mem::transmute(ReservedForUserCet) }; + ReservedForUserCet as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let KernelCetEnabled: u32 = unsafe { ::core::mem::transmute(KernelCetEnabled) }; + KernelCetEnabled as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let KernelCetAuditModeEnabled: u32 = + unsafe { ::core::mem::transmute(KernelCetAuditModeEnabled) }; + KernelCetAuditModeEnabled as u64 + }); + __bindgen_bitfield_unit.set(10usize, 6u8, { + let ReservedForKernelCet: u32 = unsafe { ::core::mem::transmute(ReservedForKernelCet) }; + ReservedForKernelCet as u64 + }); + __bindgen_bitfield_unit.set(16usize, 16u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSTEM_SHADOW_STACK_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_SHADOW_STACK_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_SHADOW_STACK_INFORMATION = _SYSTEM_SHADOW_STACK_INFORMATION; +pub type PSYSTEM_SHADOW_STACK_INFORMATION = *mut _SYSTEM_SHADOW_STACK_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_BUILD_VERSION_INFORMATION_FLAGS { + pub Value32: ULONG, + pub __bindgen_anon_1: _SYSTEM_BUILD_VERSION_INFORMATION_FLAGS__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_BUILD_VERSION_INFORMATION_FLAGS__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, + pub __bindgen_padding_0: [u8; 3usize], +} +impl _SYSTEM_BUILD_VERSION_INFORMATION_FLAGS__bindgen_ty_1 { + #[inline] + pub fn IsTopLevel(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsTopLevel(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsChecked(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsChecked(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + IsTopLevel: ULONG, + IsChecked: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let IsTopLevel: u32 = unsafe { ::core::mem::transmute(IsTopLevel) }; + IsTopLevel as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let IsChecked: u32 = unsafe { ::core::mem::transmute(IsChecked) }; + IsChecked as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSTEM_BUILD_VERSION_INFORMATION_FLAGS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_BUILD_VERSION_INFORMATION_FLAGS = _SYSTEM_BUILD_VERSION_INFORMATION_FLAGS; +pub type PSYSTEM_BUILD_VERSION_INFORMATION_FLAGS = *mut _SYSTEM_BUILD_VERSION_INFORMATION_FLAGS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_BUILD_VERSION_INFORMATION { + pub LayerNumber: USHORT, + pub LayerCount: USHORT, + pub OsMajorVersion: ULONG, + pub OsMinorVersion: ULONG, + pub NtBuildNumber: ULONG, + pub NtBuildQfe: ULONG, + pub LayerName: [UCHAR; 128usize], + pub NtBuildBranch: [UCHAR; 128usize], + pub NtBuildLab: [UCHAR; 128usize], + pub NtBuildLabEx: [UCHAR; 128usize], + pub NtBuildStamp: [UCHAR; 26usize], + pub NtBuildArch: [UCHAR; 16usize], + pub Flags: SYSTEM_BUILD_VERSION_INFORMATION_FLAGS, +} +impl Default for _SYSTEM_BUILD_VERSION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_BUILD_VERSION_INFORMATION = _SYSTEM_BUILD_VERSION_INFORMATION; +pub type PSYSTEM_BUILD_VERSION_INFORMATION = *mut _SYSTEM_BUILD_VERSION_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_POOL_LIMIT_MEM_INFO { + pub MemoryLimit: ULONGLONG, + pub NotificationLimit: ULONGLONG, +} +pub type SYSTEM_POOL_LIMIT_MEM_INFO = _SYSTEM_POOL_LIMIT_MEM_INFO; +pub type PSYSTEM_POOL_LIMIT_MEM_INFO = *mut _SYSTEM_POOL_LIMIT_MEM_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_POOL_LIMIT_INFO { + pub PoolTag: ULONG, + pub MemLimits: [SYSTEM_POOL_LIMIT_MEM_INFO; 2usize], + pub NotificationHandle: WNF_STATE_NAME, +} +pub type SYSTEM_POOL_LIMIT_INFO = _SYSTEM_POOL_LIMIT_INFO; +pub type PSYSTEM_POOL_LIMIT_INFO = *mut _SYSTEM_POOL_LIMIT_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_POOL_LIMIT_INFORMATION { + pub Version: ULONG, + pub EntryCount: ULONG, + pub LimitEntries: [SYSTEM_POOL_LIMIT_INFO; 1usize], +} +pub type SYSTEM_POOL_LIMIT_INFORMATION = _SYSTEM_POOL_LIMIT_INFORMATION; +pub type PSYSTEM_POOL_LIMIT_INFORMATION = *mut _SYSTEM_POOL_LIMIT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _HV_MINROOT_NUMA_LPS { + pub NodeIndex: ULONG, + pub Mask: [ULONG_PTR; 16usize], +} +pub type HV_MINROOT_NUMA_LPS = _HV_MINROOT_NUMA_LPS; +pub type PHV_MINROOT_NUMA_LPS = *mut _HV_MINROOT_NUMA_LPS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_XFG_FAILURE_INFORMATION { + pub ReturnAddress: PVOID, + pub TargetAddress: PVOID, + pub DispatchMode: ULONG, + pub XfgValue: ULONGLONG, +} +impl Default for _SYSTEM_XFG_FAILURE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_XFG_FAILURE_INFORMATION = _SYSTEM_XFG_FAILURE_INFORMATION; +pub type PSYSTEM_XFG_FAILURE_INFORMATION = *mut _SYSTEM_XFG_FAILURE_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYSTEM_IOMMU_STATE { + IommuStateBlock = 0, + IommuStateUnblock = 1, +} +pub use self::_SYSTEM_IOMMU_STATE as SYSTEM_IOMMU_STATE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_IOMMU_STATE_INFORMATION { + pub State: SYSTEM_IOMMU_STATE, + pub Pdo: PVOID, +} +impl Default for _SYSTEM_IOMMU_STATE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_IOMMU_STATE_INFORMATION = _SYSTEM_IOMMU_STATE_INFORMATION; +pub type PSYSTEM_IOMMU_STATE_INFORMATION = *mut _SYSTEM_IOMMU_STATE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_HYPERVISOR_MINROOT_INFORMATION { + pub NumProc: ULONG, + pub RootProc: ULONG, + pub RootProcNumaNodesSpecified: ULONG, + pub RootProcNumaNodes: [USHORT; 64usize], + pub RootProcPerCore: ULONG, + pub RootProcPerNode: ULONG, + pub RootProcNumaNodesLpsSpecified: ULONG, + pub RootProcNumaNodeLps: [HV_MINROOT_NUMA_LPS; 64usize], +} +impl Default for _SYSTEM_HYPERVISOR_MINROOT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_HYPERVISOR_MINROOT_INFORMATION = _SYSTEM_HYPERVISOR_MINROOT_INFORMATION; +pub type PSYSTEM_HYPERVISOR_MINROOT_INFORMATION = *mut _SYSTEM_HYPERVISOR_MINROOT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION { + pub RangeCount: ULONG, + pub RangeArray: [ULONG_PTR; 1usize], +} +pub type SYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION = _SYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION; +pub type PSYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION = *mut _SYSTEM_HYPERVISOR_BOOT_PAGES_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_POINTER_AUTH_INFORMATION { + pub __bindgen_anon_1: _SYSTEM_POINTER_AUTH_INFORMATION__bindgen_ty_1, + pub __bindgen_anon_2: _SYSTEM_POINTER_AUTH_INFORMATION__bindgen_ty_2, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_POINTER_AUTH_INFORMATION__bindgen_ty_1 { + pub SupportedFlags: USHORT, + pub __bindgen_anon_1: _SYSTEM_POINTER_AUTH_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_POINTER_AUTH_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>, +} +impl _SYSTEM_POINTER_AUTH_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn AddressAuthSupported(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u16) } + } + #[inline] + pub fn set_AddressAuthSupported(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn AddressAuthQarma(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u16) } + } + #[inline] + pub fn set_AddressAuthQarma(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn GenericAuthSupported(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u16) } + } + #[inline] + pub fn set_GenericAuthSupported(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn GenericAuthQarma(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u16) } + } + #[inline] + pub fn set_GenericAuthQarma(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn SupportedReserved(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 12u8) as u16) } + } + #[inline] + pub fn set_SupportedReserved(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 12u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + AddressAuthSupported: USHORT, + AddressAuthQarma: USHORT, + GenericAuthSupported: USHORT, + GenericAuthQarma: USHORT, + SupportedReserved: USHORT, + ) -> __BindgenBitfieldUnit<[u8; 2usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let AddressAuthSupported: u16 = unsafe { ::core::mem::transmute(AddressAuthSupported) }; + AddressAuthSupported as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let AddressAuthQarma: u16 = unsafe { ::core::mem::transmute(AddressAuthQarma) }; + AddressAuthQarma as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let GenericAuthSupported: u16 = unsafe { ::core::mem::transmute(GenericAuthSupported) }; + GenericAuthSupported as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let GenericAuthQarma: u16 = unsafe { ::core::mem::transmute(GenericAuthQarma) }; + GenericAuthQarma as u64 + }); + __bindgen_bitfield_unit.set(4usize, 12u8, { + let SupportedReserved: u16 = unsafe { ::core::mem::transmute(SupportedReserved) }; + SupportedReserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSTEM_POINTER_AUTH_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_POINTER_AUTH_INFORMATION__bindgen_ty_2 { + pub EnabledFlags: USHORT, + pub __bindgen_anon_1: _SYSTEM_POINTER_AUTH_INFORMATION__bindgen_ty_2__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(2))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_POINTER_AUTH_INFORMATION__bindgen_ty_2__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>, +} +impl _SYSTEM_POINTER_AUTH_INFORMATION__bindgen_ty_2__bindgen_ty_1 { + #[inline] + pub fn UserPerProcessIpAuthEnabled(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u16) } + } + #[inline] + pub fn set_UserPerProcessIpAuthEnabled(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn UserGlobalIpAuthEnabled(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u16) } + } + #[inline] + pub fn set_UserGlobalIpAuthEnabled(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn UserEnabledReserved(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 6u8) as u16) } + } + #[inline] + pub fn set_UserEnabledReserved(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 6u8, val as u64) + } + } + #[inline] + pub fn KernelIpAuthEnabled(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u16) } + } + #[inline] + pub fn set_KernelIpAuthEnabled(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn KernelEnabledReserved(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 7u8) as u16) } + } + #[inline] + pub fn set_KernelEnabledReserved(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 7u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + UserPerProcessIpAuthEnabled: USHORT, + UserGlobalIpAuthEnabled: USHORT, + UserEnabledReserved: USHORT, + KernelIpAuthEnabled: USHORT, + KernelEnabledReserved: USHORT, + ) -> __BindgenBitfieldUnit<[u8; 2usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let UserPerProcessIpAuthEnabled: u16 = + unsafe { ::core::mem::transmute(UserPerProcessIpAuthEnabled) }; + UserPerProcessIpAuthEnabled as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let UserGlobalIpAuthEnabled: u16 = + unsafe { ::core::mem::transmute(UserGlobalIpAuthEnabled) }; + UserGlobalIpAuthEnabled as u64 + }); + __bindgen_bitfield_unit.set(2usize, 6u8, { + let UserEnabledReserved: u16 = unsafe { ::core::mem::transmute(UserEnabledReserved) }; + UserEnabledReserved as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let KernelIpAuthEnabled: u16 = unsafe { ::core::mem::transmute(KernelIpAuthEnabled) }; + KernelIpAuthEnabled as u64 + }); + __bindgen_bitfield_unit.set(9usize, 7u8, { + let KernelEnabledReserved: u16 = unsafe { ::core::mem::transmute(KernelEnabledReserved) }; + KernelEnabledReserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSTEM_POINTER_AUTH_INFORMATION__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_POINTER_AUTH_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_POINTER_AUTH_INFORMATION = _SYSTEM_POINTER_AUTH_INFORMATION; +pub type PSYSTEM_POINTER_AUTH_INFORMATION = *mut _SYSTEM_POINTER_AUTH_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT { + pub Version: ULONG, + pub FeatureName: PWSTR, + pub BornOnVersion: ULONG, +} +impl Default for _SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT = + _SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT; +pub type PSYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT = + *mut _SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_INPUT; +#[repr(C)] +pub struct _SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT { + pub Version: ULONG, + pub FeatureIsEnabled: BOOLEAN, +} +impl Default for _SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT = + _SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT; +pub type PSYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT = + *mut _SYSTEM_ORIGINAL_IMAGE_FEATURE_INFORMATION_OUTPUT; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYSDBG_COMMAND { + SysDbgQueryModuleInformation = 0, + SysDbgQueryTraceInformation = 1, + SysDbgSetTracepoint = 2, + SysDbgSetSpecialCall = 3, + SysDbgClearSpecialCalls = 4, + SysDbgQuerySpecialCalls = 5, + SysDbgBreakPoint = 6, + SysDbgQueryVersion = 7, + SysDbgReadVirtual = 8, + SysDbgWriteVirtual = 9, + SysDbgReadPhysical = 10, + SysDbgWritePhysical = 11, + SysDbgReadControlSpace = 12, + SysDbgWriteControlSpace = 13, + SysDbgReadIoSpace = 14, + SysDbgWriteIoSpace = 15, + SysDbgReadMsr = 16, + SysDbgWriteMsr = 17, + SysDbgReadBusData = 18, + SysDbgWriteBusData = 19, + SysDbgCheckLowMemory = 20, + SysDbgEnableKernelDebugger = 21, + SysDbgDisableKernelDebugger = 22, + SysDbgGetAutoKdEnable = 23, + SysDbgSetAutoKdEnable = 24, + SysDbgGetPrintBufferSize = 25, + SysDbgSetPrintBufferSize = 26, + SysDbgGetKdUmExceptionEnable = 27, + SysDbgSetKdUmExceptionEnable = 28, + SysDbgGetTriageDump = 29, + SysDbgGetKdBlockEnable = 30, + SysDbgSetKdBlockEnable = 31, + SysDbgRegisterForUmBreakInfo = 32, + SysDbgGetUmBreakPid = 33, + SysDbgClearUmBreakPid = 34, + SysDbgGetUmAttachPid = 35, + SysDbgClearUmAttachPid = 36, + SysDbgGetLiveKernelDump = 37, + SysDbgKdPullRemoteFile = 38, + SysDbgMaxInfoClass = 39, +} +pub use self::_SYSDBG_COMMAND as SYSDBG_COMMAND; +pub type PSYSDBG_COMMAND = *mut _SYSDBG_COMMAND; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSDBG_VIRTUAL { + pub Address: PVOID, + pub Buffer: PVOID, + pub Request: ULONG, +} +impl Default for _SYSDBG_VIRTUAL { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSDBG_VIRTUAL = _SYSDBG_VIRTUAL; +pub type PSYSDBG_VIRTUAL = *mut _SYSDBG_VIRTUAL; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSDBG_PHYSICAL { + pub Address: PHYSICAL_ADDRESS, + pub Buffer: PVOID, + pub Request: ULONG, +} +impl Default for _SYSDBG_PHYSICAL { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSDBG_PHYSICAL = _SYSDBG_PHYSICAL; +pub type PSYSDBG_PHYSICAL = *mut _SYSDBG_PHYSICAL; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSDBG_CONTROL_SPACE { + pub Address: ULONG64, + pub Buffer: PVOID, + pub Request: ULONG, + pub Processor: ULONG, +} +impl Default for _SYSDBG_CONTROL_SPACE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSDBG_CONTROL_SPACE = _SYSDBG_CONTROL_SPACE; +pub type PSYSDBG_CONTROL_SPACE = *mut _SYSDBG_CONTROL_SPACE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSDBG_IO_SPACE { + pub Address: ULONG64, + pub Buffer: PVOID, + pub Request: ULONG, + pub InterfaceType: _INTERFACE_TYPE, + pub BusNumber: ULONG, + pub AddressSpace: ULONG, +} +impl Default for _SYSDBG_IO_SPACE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSDBG_IO_SPACE = _SYSDBG_IO_SPACE; +pub type PSYSDBG_IO_SPACE = *mut _SYSDBG_IO_SPACE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSDBG_MSR { + pub Msr: ULONG, + pub Data: ULONG64, +} +pub type SYSDBG_MSR = _SYSDBG_MSR; +pub type PSYSDBG_MSR = *mut _SYSDBG_MSR; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSDBG_BUS_DATA { + pub Address: ULONG, + pub Buffer: PVOID, + pub Request: ULONG, + pub BusDataType: _BUS_DATA_TYPE, + pub BusNumber: ULONG, + pub SlotNumber: ULONG, +} +impl Default for _SYSDBG_BUS_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSDBG_BUS_DATA = _SYSDBG_BUS_DATA; +pub type PSYSDBG_BUS_DATA = *mut _SYSDBG_BUS_DATA; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SYSDBG_TRIAGE_DUMP { + pub Flags: ULONG, + pub BugCheckCode: ULONG, + pub BugCheckParam1: ULONG_PTR, + pub BugCheckParam2: ULONG_PTR, + pub BugCheckParam3: ULONG_PTR, + pub BugCheckParam4: ULONG_PTR, + pub ProcessHandles: ULONG, + pub ThreadHandles: ULONG, + pub Handles: PHANDLE, +} +impl Default for _SYSDBG_TRIAGE_DUMP { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSDBG_TRIAGE_DUMP = _SYSDBG_TRIAGE_DUMP; +pub type PSYSDBG_TRIAGE_DUMP = *mut _SYSDBG_TRIAGE_DUMP; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSDBG_LIVEDUMP_CONTROL_FLAGS { + pub __bindgen_anon_1: _SYSDBG_LIVEDUMP_CONTROL_FLAGS__bindgen_ty_1, + pub AsUlong: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSDBG_LIVEDUMP_CONTROL_FLAGS__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SYSDBG_LIVEDUMP_CONTROL_FLAGS__bindgen_ty_1 { + #[inline] + pub fn UseDumpStorageStack(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_UseDumpStorageStack(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn CompressMemoryPagesData(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_CompressMemoryPagesData(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn IncludeUserSpaceMemoryPages(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_IncludeUserSpaceMemoryPages(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn AbortIfMemoryPressure(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_AbortIfMemoryPressure(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn SelectiveDump(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_SelectiveDump(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 27u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 27u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + UseDumpStorageStack: ULONG, + CompressMemoryPagesData: ULONG, + IncludeUserSpaceMemoryPages: ULONG, + AbortIfMemoryPressure: ULONG, + SelectiveDump: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let UseDumpStorageStack: u32 = unsafe { ::core::mem::transmute(UseDumpStorageStack) }; + UseDumpStorageStack as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let CompressMemoryPagesData: u32 = + unsafe { ::core::mem::transmute(CompressMemoryPagesData) }; + CompressMemoryPagesData as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let IncludeUserSpaceMemoryPages: u32 = + unsafe { ::core::mem::transmute(IncludeUserSpaceMemoryPages) }; + IncludeUserSpaceMemoryPages as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let AbortIfMemoryPressure: u32 = unsafe { ::core::mem::transmute(AbortIfMemoryPressure) }; + AbortIfMemoryPressure as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let SelectiveDump: u32 = unsafe { ::core::mem::transmute(SelectiveDump) }; + SelectiveDump as u64 + }); + __bindgen_bitfield_unit.set(5usize, 27u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSDBG_LIVEDUMP_CONTROL_FLAGS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSDBG_LIVEDUMP_CONTROL_FLAGS = _SYSDBG_LIVEDUMP_CONTROL_FLAGS; +pub type PSYSDBG_LIVEDUMP_CONTROL_FLAGS = *mut _SYSDBG_LIVEDUMP_CONTROL_FLAGS; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES { + pub __bindgen_anon_1: _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES__bindgen_ty_1, + pub AsUlong: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES__bindgen_ty_1 { + #[inline] + pub fn HypervisorPages(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_HypervisorPages(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn NonEssentialHypervisorPages(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_NonEssentialHypervisorPages(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 30u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 30u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + HypervisorPages: ULONG, + NonEssentialHypervisorPages: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let HypervisorPages: u32 = unsafe { ::core::mem::transmute(HypervisorPages) }; + HypervisorPages as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let NonEssentialHypervisorPages: u32 = + unsafe { ::core::mem::transmute(NonEssentialHypervisorPages) }; + NonEssentialHypervisorPages as u64 + }); + __bindgen_bitfield_unit.set(2usize, 30u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSDBG_LIVEDUMP_CONTROL_ADDPAGES = _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES; +pub type PSYSDBG_LIVEDUMP_CONTROL_ADDPAGES = *mut _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSDBG_LIVEDUMP_SELECTIVE_CONTROL { + pub Version: ULONG, + pub Size: ULONG, + pub __bindgen_anon_1: _SYSDBG_LIVEDUMP_SELECTIVE_CONTROL__bindgen_ty_1, + pub Reserved: [ULONGLONG; 4usize], +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSDBG_LIVEDUMP_SELECTIVE_CONTROL__bindgen_ty_1 { + pub Flags: ULONGLONG, + pub __bindgen_anon_1: _SYSDBG_LIVEDUMP_SELECTIVE_CONTROL__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSDBG_LIVEDUMP_SELECTIVE_CONTROL__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl _SYSDBG_LIVEDUMP_SELECTIVE_CONTROL__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn ThreadKernelStacks(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u64) } + } + #[inline] + pub fn set_ThreadKernelStacks(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 63u8) as u64) } + } + #[inline] + pub fn set_ReservedFlags(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 63u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ThreadKernelStacks: ULONGLONG, + ReservedFlags: ULONGLONG, + ) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ThreadKernelStacks: u64 = unsafe { ::core::mem::transmute(ThreadKernelStacks) }; + ThreadKernelStacks as u64 + }); + __bindgen_bitfield_unit.set(1usize, 63u8, { + let ReservedFlags: u64 = unsafe { ::core::mem::transmute(ReservedFlags) }; + ReservedFlags as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSDBG_LIVEDUMP_SELECTIVE_CONTROL__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSDBG_LIVEDUMP_SELECTIVE_CONTROL { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSDBG_LIVEDUMP_SELECTIVE_CONTROL = _SYSDBG_LIVEDUMP_SELECTIVE_CONTROL; +pub type PSYSDBG_LIVEDUMP_SELECTIVE_CONTROL = *mut _SYSDBG_LIVEDUMP_SELECTIVE_CONTROL; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSDBG_LIVEDUMP_CONTROL { + pub Version: ULONG, + pub BugCheckCode: ULONG, + pub BugCheckParam1: ULONG_PTR, + pub BugCheckParam2: ULONG_PTR, + pub BugCheckParam3: ULONG_PTR, + pub BugCheckParam4: ULONG_PTR, + pub DumpFileHandle: HANDLE, + pub CancelEventHandle: HANDLE, + pub Flags: SYSDBG_LIVEDUMP_CONTROL_FLAGS, + pub AddPagesControl: SYSDBG_LIVEDUMP_CONTROL_ADDPAGES, + pub SelectiveControl: PSYSDBG_LIVEDUMP_SELECTIVE_CONTROL, +} +impl Default for _SYSDBG_LIVEDUMP_CONTROL { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSDBG_LIVEDUMP_CONTROL = _SYSDBG_LIVEDUMP_CONTROL; +pub type PSYSDBG_LIVEDUMP_CONTROL = *mut _SYSDBG_LIVEDUMP_CONTROL; +#[repr(C)] +pub struct _SYSDBG_KD_PULL_REMOTE_FILE { + pub ImageFileName: UNICODE_STRING, +} +impl Default for _SYSDBG_KD_PULL_REMOTE_FILE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSDBG_KD_PULL_REMOTE_FILE = _SYSDBG_KD_PULL_REMOTE_FILE; +pub type PSYSDBG_KD_PULL_REMOTE_FILE = *mut _SYSDBG_KD_PULL_REMOTE_FILE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _HARDERROR_RESPONSE_OPTION { + OptionAbortRetryIgnore = 0, + OptionOk = 1, + OptionOkCancel = 2, + OptionRetryCancel = 3, + OptionYesNo = 4, + OptionYesNoCancel = 5, + OptionShutdownSystem = 6, + OptionOkNoWait = 7, + OptionCancelTryContinue = 8, +} +pub use self::_HARDERROR_RESPONSE_OPTION as HARDERROR_RESPONSE_OPTION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _HARDERROR_RESPONSE { + ResponseReturnToCaller = 0, + ResponseNotHandled = 1, + ResponseAbort = 2, + ResponseCancel = 3, + ResponseIgnore = 4, + ResponseNo = 5, + ResponseOk = 6, + ResponseRetry = 7, + ResponseYes = 8, + ResponseTryAgain = 9, + ResponseContinue = 10, +} +pub use self::_HARDERROR_RESPONSE as HARDERROR_RESPONSE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _ALTERNATIVE_ARCHITECTURE_TYPE { + StandardDesign = 0, + NEC98x86 = 1, + EndAlternatives = 2, +} +pub use self::_ALTERNATIVE_ARCHITECTURE_TYPE as ALTERNATIVE_ARCHITECTURE_TYPE; +#[repr(C)] +pub struct _KUSER_SHARED_DATA { + pub TickCountLowDeprecated: ULONG, + pub TickCountMultiplier: ULONG, + pub InterruptTime: KSYSTEM_TIME, + pub SystemTime: KSYSTEM_TIME, + pub TimeZoneBias: KSYSTEM_TIME, + pub ImageNumberLow: USHORT, + pub ImageNumberHigh: USHORT, + pub NtSystemRoot: [WCHAR; 260usize], + pub MaxStackTraceDepth: ULONG, + pub CryptoExponent: ULONG, + pub TimeZoneId: ULONG, + pub LargePageMinimum: ULONG, + pub AitSamplingValue: ULONG, + pub AppCompatFlag: ULONG, + pub RNGSeedVersion: ULONGLONG, + pub GlobalValidationRunlevel: ULONG, + pub TimeZoneBiasStamp: LONG, + pub NtBuildNumber: ULONG, + pub NtProductType: NT_PRODUCT_TYPE, + pub ProductTypeIsValid: BOOLEAN, + pub Reserved0: [BOOLEAN; 1usize], + pub NativeProcessorArchitecture: USHORT, + pub NtMajorVersion: ULONG, + pub NtMinorVersion: ULONG, + pub ProcessorFeatures: [BOOLEAN; 64usize], + pub Reserved1: ULONG, + pub Reserved3: ULONG, + pub TimeSlip: ULONG, + pub AlternativeArchitecture: ALTERNATIVE_ARCHITECTURE_TYPE, + pub BootId: ULONG, + pub SystemExpirationDate: LARGE_INTEGER, + pub SuiteMask: ULONG, + pub KdDebuggerEnabled: BOOLEAN, + pub __bindgen_anon_1: _KUSER_SHARED_DATA__bindgen_ty_1, + pub CyclesPerYield: USHORT, + pub ActiveConsoleId: ULONG, + pub DismountCount: ULONG, + pub ComPlusPackage: ULONG, + pub LastSystemRITEventTickCount: ULONG, + pub NumberOfPhysicalPages: ULONG, + pub SafeBootMode: BOOLEAN, + pub __bindgen_anon_2: _KUSER_SHARED_DATA__bindgen_ty_2, + pub Reserved12: [UCHAR; 2usize], + pub __bindgen_anon_3: _KUSER_SHARED_DATA__bindgen_ty_3, + pub DataFlagsPad: [ULONG; 1usize], + pub TestRetInstruction: ULONGLONG, + pub QpcFrequency: LONGLONG, + pub SystemCall: ULONG, + pub Reserved2: ULONG, + pub SystemCallPad: [ULONGLONG; 2usize], + pub __bindgen_anon_4: _KUSER_SHARED_DATA__bindgen_ty_4, + pub Cookie: ULONG, + pub CookiePad: [ULONG; 1usize], + pub ConsoleSessionForegroundProcessId: LONGLONG, + pub TimeUpdateLock: ULONGLONG, + pub BaselineSystemTimeQpc: ULONGLONG, + pub BaselineInterruptTimeQpc: ULONGLONG, + pub QpcSystemTimeIncrement: ULONGLONG, + pub QpcInterruptTimeIncrement: ULONGLONG, + pub QpcSystemTimeIncrementShift: UCHAR, + pub QpcInterruptTimeIncrementShift: UCHAR, + pub UnparkedProcessorCount: USHORT, + pub EnclaveFeatureMask: [ULONG; 4usize], + pub TelemetryCoverageRound: ULONG, + pub UserModeGlobalLogger: [USHORT; 16usize], + pub ImageFileExecutionOptions: ULONG, + pub LangGenerationCount: ULONG, + pub Reserved4: ULONGLONG, + pub InterruptTimeBias: ULONGLONG, + pub QpcBias: ULONGLONG, + pub ActiveProcessorCount: ULONG, + pub ActiveGroupCount: UCHAR, + pub Reserved9: UCHAR, + pub __bindgen_anon_5: _KUSER_SHARED_DATA__bindgen_ty_5, + pub TimeZoneBiasEffectiveStart: LARGE_INTEGER, + pub TimeZoneBiasEffectiveEnd: LARGE_INTEGER, + pub XState: XSTATE_CONFIGURATION, + pub FeatureConfigurationChangeStamp: KSYSTEM_TIME, + pub Spare: ULONG, + pub UserPointerAuthMask: ULONG64, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _KUSER_SHARED_DATA__bindgen_ty_1 { + pub MitigationPolicies: UCHAR, + pub __bindgen_anon_1: _KUSER_SHARED_DATA__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KUSER_SHARED_DATA__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, +} +impl _KUSER_SHARED_DATA__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn NXSupportPolicy(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 2u8) as u8) } + } + #[inline] + pub fn set_NXSupportPolicy(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 2u8, val as u64) + } + } + #[inline] + pub fn SEHValidationPolicy(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 2u8) as u8) } + } + #[inline] + pub fn set_SEHValidationPolicy(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 2u8, val as u64) + } + } + #[inline] + pub fn CurDirDevicesSkippedForDlls(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 2u8) as u8) } + } + #[inline] + pub fn set_CurDirDevicesSkippedForDlls(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 2u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 2u8) as u8) } + } + #[inline] + pub fn set_Reserved(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 2u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + NXSupportPolicy: UCHAR, + SEHValidationPolicy: UCHAR, + CurDirDevicesSkippedForDlls: UCHAR, + Reserved: UCHAR, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 2u8, { + let NXSupportPolicy: u8 = unsafe { ::core::mem::transmute(NXSupportPolicy) }; + NXSupportPolicy as u64 + }); + __bindgen_bitfield_unit.set(2usize, 2u8, { + let SEHValidationPolicy: u8 = unsafe { ::core::mem::transmute(SEHValidationPolicy) }; + SEHValidationPolicy as u64 + }); + __bindgen_bitfield_unit.set(4usize, 2u8, { + let CurDirDevicesSkippedForDlls: u8 = + unsafe { ::core::mem::transmute(CurDirDevicesSkippedForDlls) }; + CurDirDevicesSkippedForDlls as u64 + }); + __bindgen_bitfield_unit.set(6usize, 2u8, { + let Reserved: u8 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _KUSER_SHARED_DATA__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _KUSER_SHARED_DATA__bindgen_ty_2 { + pub VirtualizationFlags: UCHAR, +} +impl Default for _KUSER_SHARED_DATA__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _KUSER_SHARED_DATA__bindgen_ty_3 { + pub SharedDataFlags: ULONG, + pub __bindgen_anon_1: _KUSER_SHARED_DATA__bindgen_ty_3__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KUSER_SHARED_DATA__bindgen_ty_3__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _KUSER_SHARED_DATA__bindgen_ty_3__bindgen_ty_1 { + #[inline] + pub fn DbgErrorPortPresent(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_DbgErrorPortPresent(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgElevationEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_DbgElevationEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgVirtEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_DbgVirtEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgInstallerDetectEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_DbgInstallerDetectEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgLkgEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_DbgLkgEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgDynProcessorEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_DbgDynProcessorEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgConsoleBrokerEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_DbgConsoleBrokerEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgSecureBootEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u32) } + } + #[inline] + pub fn set_DbgSecureBootEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgMultiSessionSku(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_DbgMultiSessionSku(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgMultiUsersInSessionSku(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u32) } + } + #[inline] + pub fn set_DbgMultiUsersInSessionSku(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn DbgStateSeparationEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 1u8) as u32) } + } + #[inline] + pub fn set_DbgStateSeparationEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpareBits(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(11usize, 21u8) as u32) } + } + #[inline] + pub fn set_SpareBits(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(11usize, 21u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + DbgErrorPortPresent: ULONG, + DbgElevationEnabled: ULONG, + DbgVirtEnabled: ULONG, + DbgInstallerDetectEnabled: ULONG, + DbgLkgEnabled: ULONG, + DbgDynProcessorEnabled: ULONG, + DbgConsoleBrokerEnabled: ULONG, + DbgSecureBootEnabled: ULONG, + DbgMultiSessionSku: ULONG, + DbgMultiUsersInSessionSku: ULONG, + DbgStateSeparationEnabled: ULONG, + SpareBits: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let DbgErrorPortPresent: u32 = unsafe { ::core::mem::transmute(DbgErrorPortPresent) }; + DbgErrorPortPresent as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let DbgElevationEnabled: u32 = unsafe { ::core::mem::transmute(DbgElevationEnabled) }; + DbgElevationEnabled as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let DbgVirtEnabled: u32 = unsafe { ::core::mem::transmute(DbgVirtEnabled) }; + DbgVirtEnabled as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let DbgInstallerDetectEnabled: u32 = + unsafe { ::core::mem::transmute(DbgInstallerDetectEnabled) }; + DbgInstallerDetectEnabled as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let DbgLkgEnabled: u32 = unsafe { ::core::mem::transmute(DbgLkgEnabled) }; + DbgLkgEnabled as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let DbgDynProcessorEnabled: u32 = + unsafe { ::core::mem::transmute(DbgDynProcessorEnabled) }; + DbgDynProcessorEnabled as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let DbgConsoleBrokerEnabled: u32 = + unsafe { ::core::mem::transmute(DbgConsoleBrokerEnabled) }; + DbgConsoleBrokerEnabled as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let DbgSecureBootEnabled: u32 = unsafe { ::core::mem::transmute(DbgSecureBootEnabled) }; + DbgSecureBootEnabled as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let DbgMultiSessionSku: u32 = unsafe { ::core::mem::transmute(DbgMultiSessionSku) }; + DbgMultiSessionSku as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let DbgMultiUsersInSessionSku: u32 = + unsafe { ::core::mem::transmute(DbgMultiUsersInSessionSku) }; + DbgMultiUsersInSessionSku as u64 + }); + __bindgen_bitfield_unit.set(10usize, 1u8, { + let DbgStateSeparationEnabled: u32 = + unsafe { ::core::mem::transmute(DbgStateSeparationEnabled) }; + DbgStateSeparationEnabled as u64 + }); + __bindgen_bitfield_unit.set(11usize, 21u8, { + let SpareBits: u32 = unsafe { ::core::mem::transmute(SpareBits) }; + SpareBits as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _KUSER_SHARED_DATA__bindgen_ty_3 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _KUSER_SHARED_DATA__bindgen_ty_4 { + pub TickCount: KSYSTEM_TIME, + pub TickCountQuad: ULONG64, + pub __bindgen_anon_1: _KUSER_SHARED_DATA__bindgen_ty_4__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KUSER_SHARED_DATA__bindgen_ty_4__bindgen_ty_1 { + pub ReservedTickCountOverlay: [ULONG; 3usize], + pub TickCountPad: [ULONG; 1usize], +} +impl Default for _KUSER_SHARED_DATA__bindgen_ty_4 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _KUSER_SHARED_DATA__bindgen_ty_5 { + pub QpcData: USHORT, + pub __bindgen_anon_1: _KUSER_SHARED_DATA__bindgen_ty_5__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KUSER_SHARED_DATA__bindgen_ty_5__bindgen_ty_1 { + pub QpcBypassEnabled: UCHAR, + pub QpcShift: UCHAR, +} +impl Default for _KUSER_SHARED_DATA__bindgen_ty_5 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _KUSER_SHARED_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type KUSER_SHARED_DATA = _KUSER_SHARED_DATA; +pub type PKUSER_SHARED_DATA = *mut _KUSER_SHARED_DATA; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _ATOM_INFORMATION_CLASS { + AtomBasicInformation = 0, + AtomTableInformation = 1, +} +pub use self::_ATOM_INFORMATION_CLASS as ATOM_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ATOM_BASIC_INFORMATION { + pub UsageCount: USHORT, + pub Flags: USHORT, + pub NameLength: USHORT, + pub Name: [WCHAR; 1usize], +} +pub type ATOM_BASIC_INFORMATION = _ATOM_BASIC_INFORMATION; +pub type PATOM_BASIC_INFORMATION = *mut _ATOM_BASIC_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ATOM_TABLE_INFORMATION { + pub NumberOfAtoms: ULONG, + pub Atoms: [RTL_ATOM; 1usize], +} +pub type ATOM_TABLE_INFORMATION = _ATOM_TABLE_INFORMATION; +pub type PATOM_TABLE_INFORMATION = *mut _ATOM_TABLE_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SHUTDOWN_ACTION { + ShutdownNoReboot = 0, + ShutdownReboot = 1, + ShutdownPowerOff = 2, + ShutdownRebootForRecovery = 3, +} +pub use self::_SHUTDOWN_ACTION as SHUTDOWN_ACTION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BCD_MESSAGE_TYPE { + BCD_MESSAGE_TYPE_NONE = 0, + BCD_MESSAGE_TYPE_TRACE = 1, + BCD_MESSAGE_TYPE_INFORMATION = 2, + BCD_MESSAGE_TYPE_WARNING = 3, + BCD_MESSAGE_TYPE_ERROR = 4, + BCD_MESSAGE_TYPE_MAXIMUM = 5, +} +pub use self::_BCD_MESSAGE_TYPE as BCD_MESSAGE_TYPE; +pub type BCD_MESSAGE_CALLBACK = + ::core::option::Option; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BCD_IMPORT_FLAGS { + BCD_IMPORT_NONE = 0, + BCD_IMPORT_DELETE_FIRMWARE_OBJECTS = 1, +} +pub use self::_BCD_IMPORT_FLAGS as BCD_IMPORT_FLAGS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BCD_OPEN_FLAGS { + BCD_OPEN_NONE = 0, + BCD_OPEN_OPEN_STORE_OFFLINE = 1, + BCD_OPEN_SYNC_FIRMWARE_ENTRIES = 2, +} +pub use self::_BCD_OPEN_FLAGS as BCD_OPEN_FLAGS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BCD_OBJECT_TYPE { + BCD_OBJECT_TYPE_NONE = 0, + BCD_OBJECT_TYPE_APPLICATION = 1, + BCD_OBJECT_TYPE_INHERITED = 2, + BCD_OBJECT_TYPE_DEVICE = 3, +} +pub use self::_BCD_OBJECT_TYPE as BCD_OBJECT_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BCD_APPLICATION_OBJECT_TYPE { + BCD_APPLICATION_OBJECT_NONE = 0, + BCD_APPLICATION_OBJECT_FIRMWARE_BOOT_MANAGER = 1, + BCD_APPLICATION_OBJECT_WINDOWS_BOOT_MANAGER = 2, + BCD_APPLICATION_OBJECT_WINDOWS_BOOT_LOADER = 3, + BCD_APPLICATION_OBJECT_WINDOWS_RESUME_APPLICATION = 4, + BCD_APPLICATION_OBJECT_MEMORY_TESTER = 5, + BCD_APPLICATION_OBJECT_LEGACY_NTLDR = 6, + BCD_APPLICATION_OBJECT_LEGACY_SETUPLDR = 7, + BCD_APPLICATION_OBJECT_BOOT_SECTOR = 8, + BCD_APPLICATION_OBJECT_STARTUP_MODULE = 9, + BCD_APPLICATION_OBJECT_GENERIC_APPLICATION = 10, + BCD_APPLICATION_OBJECT_RESERVED = 1048575, +} +pub use self::_BCD_APPLICATION_OBJECT_TYPE as BCD_APPLICATION_OBJECT_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BCD_APPLICATION_IMAGE_TYPE { + BCD_APPLICATION_IMAGE_NONE = 0, + BCD_APPLICATION_IMAGE_FIRMWARE_APPLICATION = 1, + BCD_APPLICATION_IMAGE_BOOT_APPLICATION = 2, + BCD_APPLICATION_IMAGE_LEGACY_LOADER = 3, + BCD_APPLICATION_IMAGE_REALMODE_CODE = 4, +} +pub use self::_BCD_APPLICATION_IMAGE_TYPE as BCD_APPLICATION_IMAGE_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BCD_INHERITED_CLASS_TYPE { + BCD_INHERITED_CLASS_NONE = 0, + BCD_INHERITED_CLASS_LIBRARY = 1, + BCD_INHERITED_CLASS_APPLICATION = 2, + BCD_INHERITED_CLASS_DEVICE = 3, +} +pub use self::_BCD_INHERITED_CLASS_TYPE as BCD_INHERITED_CLASS_TYPE; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _BCD_OBJECT_DATATYPE { + pub PackedValue: ULONG, + pub __bindgen_anon_1: _BCD_OBJECT_DATATYPE__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _BCD_OBJECT_DATATYPE__bindgen_ty_1 { + pub __bindgen_anon_1: _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_1, + pub Application: _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_2, + pub Inherit: _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_3, + pub Device: _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_4, +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl Default for _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 28u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 28u8, val as u64) + } + } + #[inline] + pub fn ObjectType(&self) -> BCD_OBJECT_TYPE { + unsafe { ::core::mem::transmute(self._bitfield_1.get(28usize, 4u8) as u32) } + } + #[inline] + pub fn set_ObjectType(&mut self, val: BCD_OBJECT_TYPE) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(28usize, 4u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Reserved: ULONG, + ObjectType: BCD_OBJECT_TYPE, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 28u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit.set(28usize, 4u8, { + let ObjectType: u32 = unsafe { ::core::mem::transmute(ObjectType) }; + ObjectType as u64 + }); + __bindgen_bitfield_unit + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_2 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl Default for _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_2 { + #[inline] + pub fn ApplicationType(&self) -> BCD_APPLICATION_OBJECT_TYPE { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 20u8) as u32) } + } + #[inline] + pub fn set_ApplicationType(&mut self, val: BCD_APPLICATION_OBJECT_TYPE) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 20u8, val as u64) + } + } + #[inline] + pub fn ImageType(&self) -> BCD_APPLICATION_IMAGE_TYPE { + unsafe { ::core::mem::transmute(self._bitfield_1.get(20usize, 4u8) as u32) } + } + #[inline] + pub fn set_ImageType(&mut self, val: BCD_APPLICATION_IMAGE_TYPE) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(20usize, 4u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(24usize, 4u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(24usize, 4u8, val as u64) + } + } + #[inline] + pub fn ObjectType(&self) -> BCD_OBJECT_TYPE { + unsafe { ::core::mem::transmute(self._bitfield_1.get(28usize, 4u8) as u32) } + } + #[inline] + pub fn set_ObjectType(&mut self, val: BCD_OBJECT_TYPE) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(28usize, 4u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ApplicationType: BCD_APPLICATION_OBJECT_TYPE, + ImageType: BCD_APPLICATION_IMAGE_TYPE, + Reserved: ULONG, + ObjectType: BCD_OBJECT_TYPE, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 20u8, { + let ApplicationType: u32 = unsafe { ::core::mem::transmute(ApplicationType) }; + ApplicationType as u64 + }); + __bindgen_bitfield_unit.set(20usize, 4u8, { + let ImageType: u32 = unsafe { ::core::mem::transmute(ImageType) }; + ImageType as u64 + }); + __bindgen_bitfield_unit.set(24usize, 4u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit.set(28usize, 4u8, { + let ObjectType: u32 = unsafe { ::core::mem::transmute(ObjectType) }; + ObjectType as u64 + }); + __bindgen_bitfield_unit + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_3 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl Default for _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_3 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_3 { + #[inline] + pub fn Value(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 20u8) as u32) } + } + #[inline] + pub fn set_Value(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 20u8, val as u64) + } + } + #[inline] + pub fn Class(&self) -> BCD_INHERITED_CLASS_TYPE { + unsafe { ::core::mem::transmute(self._bitfield_1.get(20usize, 4u8) as u32) } + } + #[inline] + pub fn set_Class(&mut self, val: BCD_INHERITED_CLASS_TYPE) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(20usize, 4u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(24usize, 4u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(24usize, 4u8, val as u64) + } + } + #[inline] + pub fn ObjectType(&self) -> BCD_OBJECT_TYPE { + unsafe { ::core::mem::transmute(self._bitfield_1.get(28usize, 4u8) as u32) } + } + #[inline] + pub fn set_ObjectType(&mut self, val: BCD_OBJECT_TYPE) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(28usize, 4u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Value: ULONG, + Class: BCD_INHERITED_CLASS_TYPE, + Reserved: ULONG, + ObjectType: BCD_OBJECT_TYPE, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 20u8, { + let Value: u32 = unsafe { ::core::mem::transmute(Value) }; + Value as u64 + }); + __bindgen_bitfield_unit.set(20usize, 4u8, { + let Class: u32 = unsafe { ::core::mem::transmute(Class) }; + Class as u64 + }); + __bindgen_bitfield_unit.set(24usize, 4u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit.set(28usize, 4u8, { + let ObjectType: u32 = unsafe { ::core::mem::transmute(ObjectType) }; + ObjectType as u64 + }); + __bindgen_bitfield_unit + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_4 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl Default for _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_4 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _BCD_OBJECT_DATATYPE__bindgen_ty_1__bindgen_ty_4 { + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 28u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 28u8, val as u64) + } + } + #[inline] + pub fn ObjectType(&self) -> BCD_OBJECT_TYPE { + unsafe { ::core::mem::transmute(self._bitfield_1.get(28usize, 4u8) as u32) } + } + #[inline] + pub fn set_ObjectType(&mut self, val: BCD_OBJECT_TYPE) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(28usize, 4u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Reserved: ULONG, + ObjectType: BCD_OBJECT_TYPE, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 28u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit.set(28usize, 4u8, { + let ObjectType: u32 = unsafe { ::core::mem::transmute(ObjectType) }; + ObjectType as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _BCD_OBJECT_DATATYPE__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _BCD_OBJECT_DATATYPE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type BCD_OBJECT_DATATYPE = _BCD_OBJECT_DATATYPE; +pub type PBCD_OBJECT_DATATYPE = *mut _BCD_OBJECT_DATATYPE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _BCD_OBJECT_DESCRIPTION { + pub Version: ULONG, + pub Type: ULONG, +} +pub type BCD_OBJECT_DESCRIPTION = _BCD_OBJECT_DESCRIPTION; +pub type PBCD_OBJECT_DESCRIPTION = *mut _BCD_OBJECT_DESCRIPTION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _BCD_OBJECT { + pub Identifer: GUID, + pub Description: PBCD_OBJECT_DESCRIPTION, +} +impl Default for _BCD_OBJECT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type BCD_OBJECT = _BCD_OBJECT; +pub type PBCD_OBJECT = *mut _BCD_OBJECT; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BCD_COPY_FLAGS { + BCD_COPY_NONE = 0, + BCD_COPY_COPY_CREATE_NEW_OBJECT_IDENTIFIER = 1, + BCD_COPY_COPY_DELETE_EXISTING_OBJECT = 2, + BCD_COPY_COPY_UNKNOWN_FIRMWARE_APPLICATION = 4, + BCD_COPY_IGNORE_SETUP_TEMPLATE_ELEMENTS = 8, + BCD_COPY_RETAIN_ELEMENT_DATA = 16, + BCD_COPY_MIGRATE_ELEMENT_DATA = 32, +} +pub use self::_BCD_COPY_FLAGS as BCD_COPY_FLAGS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BCD_ELEMENT_DATATYPE_FORMAT { + BCD_ELEMENT_DATATYPE_FORMAT_UNKNOWN = 0, + BCD_ELEMENT_DATATYPE_FORMAT_DEVICE = 1, + BCD_ELEMENT_DATATYPE_FORMAT_STRING = 2, + BCD_ELEMENT_DATATYPE_FORMAT_OBJECT = 3, + BCD_ELEMENT_DATATYPE_FORMAT_OBJECTLIST = 4, + BCD_ELEMENT_DATATYPE_FORMAT_INTEGER = 5, + BCD_ELEMENT_DATATYPE_FORMAT_BOOLEAN = 6, + BCD_ELEMENT_DATATYPE_FORMAT_INTEGERLIST = 7, + BCD_ELEMENT_DATATYPE_FORMAT_BINARY = 8, +} +pub use self::_BCD_ELEMENT_DATATYPE_FORMAT as BCD_ELEMENT_DATATYPE_FORMAT; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BCD_ELEMENT_DATATYPE_CLASS { + BCD_ELEMENT_DATATYPE_CLASS_NONE = 0, + BCD_ELEMENT_DATATYPE_CLASS_LIBRARY = 1, + BCD_ELEMENT_DATATYPE_CLASS_APPLICATION = 2, + BCD_ELEMENT_DATATYPE_CLASS_DEVICE = 3, + BCD_ELEMENT_DATATYPE_CLASS_SETUPTEMPLATE = 4, + BCD_ELEMENT_DATATYPE_CLASS_OEM = 5, +} +pub use self::_BCD_ELEMENT_DATATYPE_CLASS as BCD_ELEMENT_DATATYPE_CLASS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BCD_ELEMENT_DEVICE_TYPE { + BCD_ELEMENT_DEVICE_TYPE_NONE = 0, + BCD_ELEMENT_DEVICE_TYPE_BOOT_DEVICE = 1, + BCD_ELEMENT_DEVICE_TYPE_PARTITION = 2, + BCD_ELEMENT_DEVICE_TYPE_FILE = 3, + BCD_ELEMENT_DEVICE_TYPE_RAMDISK = 4, + BCD_ELEMENT_DEVICE_TYPE_UNKNOWN = 5, + BCD_ELEMENT_DEVICE_TYPE_QUALIFIED_PARTITION = 6, + BCD_ELEMENT_DEVICE_TYPE_VMBUS = 7, + BCD_ELEMENT_DEVICE_TYPE_LOCATE_DEVICE = 8, + BCD_ELEMENT_DEVICE_TYPE_URI = 9, + BCD_ELEMENT_DEVICE_TYPE_COMPOSITE = 10, +} +pub use self::_BCD_ELEMENT_DEVICE_TYPE as BCD_ELEMENT_DEVICE_TYPE; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _BCD_ELEMENT_DATATYPE { + pub PackedValue: ULONG, + pub __bindgen_anon_1: _BCD_ELEMENT_DATATYPE__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _BCD_ELEMENT_DATATYPE__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl Default for _BCD_ELEMENT_DATATYPE__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _BCD_ELEMENT_DATATYPE__bindgen_ty_1 { + #[inline] + pub fn SubType(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 24u8) as u32) } + } + #[inline] + pub fn set_SubType(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 24u8, val as u64) + } + } + #[inline] + pub fn Format(&self) -> BCD_ELEMENT_DATATYPE_FORMAT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(24usize, 4u8) as u32) } + } + #[inline] + pub fn set_Format(&mut self, val: BCD_ELEMENT_DATATYPE_FORMAT) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(24usize, 4u8, val as u64) + } + } + #[inline] + pub fn Class(&self) -> BCD_ELEMENT_DATATYPE_CLASS { + unsafe { ::core::mem::transmute(self._bitfield_1.get(28usize, 4u8) as u32) } + } + #[inline] + pub fn set_Class(&mut self, val: BCD_ELEMENT_DATATYPE_CLASS) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(28usize, 4u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + SubType: ULONG, + Format: BCD_ELEMENT_DATATYPE_FORMAT, + Class: BCD_ELEMENT_DATATYPE_CLASS, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 24u8, { + let SubType: u32 = unsafe { ::core::mem::transmute(SubType) }; + SubType as u64 + }); + __bindgen_bitfield_unit.set(24usize, 4u8, { + let Format: u32 = unsafe { ::core::mem::transmute(Format) }; + Format as u64 + }); + __bindgen_bitfield_unit.set(28usize, 4u8, { + let Class: u32 = unsafe { ::core::mem::transmute(Class) }; + Class as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _BCD_ELEMENT_DATATYPE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type BCD_ELEMENT_DATATYPE = _BCD_ELEMENT_DATATYPE; +pub type PBCD_ELEMENT_DATATYPE = *mut _BCD_ELEMENT_DATATYPE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION { + pub PartitionStyle: ULONG, + pub Reserved: ULONG, + pub __bindgen_anon_1: _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION__bindgen_ty_1 { + pub Mbr: _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION__bindgen_ty_1__bindgen_ty_1, + pub Gpt: _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION__bindgen_ty_1__bindgen_ty_2, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION__bindgen_ty_1__bindgen_ty_1 { + pub DiskSignature: ULONG, + pub PartitionOffset: ULONG64, +} +impl Default for _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION__bindgen_ty_1__bindgen_ty_2 { + pub DiskSignature: GUID, + pub PartitionSignature: GUID, +} +impl Default for _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION__bindgen_ty_1__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION = _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION; +pub type PBCD_ELEMENT_DEVICE_QUALIFIED_PARTITION = *mut _BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _BCD_ELEMENT_DEVICE { + pub DeviceType: ULONG, + pub AdditionalOptions: GUID, + pub __bindgen_anon_1: _BCD_ELEMENT_DEVICE__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _BCD_ELEMENT_DEVICE__bindgen_ty_1 { + pub File: _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_1, + pub Partition: _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_2, + pub Locate: _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_3, + pub Vmbus: _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_4, + pub Unknown: _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_5, + pub QualifiedPartition: BCD_ELEMENT_DEVICE_QUALIFIED_PARTITION, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_1 { + pub ParentOffset: ULONG, + pub Path: [WCHAR; 1usize], +} +impl Default for _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_2 { + pub Path: [WCHAR; 1usize], +} +impl Default for _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_3 { + pub Type: ULONG, + pub ParentOffset: ULONG, + pub ElementType: ULONG, + pub Path: [WCHAR; 1usize], +} +impl Default for _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_3 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_4 { + pub InterfaceInstance: GUID, +} +impl Default for _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_4 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_5 { + pub Data: [ULONG; 1usize], +} +impl Default for _BCD_ELEMENT_DEVICE__bindgen_ty_1__bindgen_ty_5 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _BCD_ELEMENT_DEVICE__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _BCD_ELEMENT_DEVICE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type BCD_ELEMENT_DEVICE = _BCD_ELEMENT_DEVICE; +pub type PBCD_ELEMENT_DEVICE = *mut _BCD_ELEMENT_DEVICE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _BCD_ELEMENT_STRING { + pub Value: [WCHAR; 1usize], +} +pub type BCD_ELEMENT_STRING = _BCD_ELEMENT_STRING; +pub type PBCD_ELEMENT_STRING = *mut _BCD_ELEMENT_STRING; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _BCD_ELEMENT_OBJECT { + pub Object: GUID, +} +pub type BCD_ELEMENT_OBJECT = _BCD_ELEMENT_OBJECT; +pub type PBCD_ELEMENT_OBJECT = *mut _BCD_ELEMENT_OBJECT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _BCD_ELEMENT_OBJECT_LIST { + pub ObjectList: [GUID; 1usize], +} +pub type BCD_ELEMENT_OBJECT_LIST = _BCD_ELEMENT_OBJECT_LIST; +pub type PBCD_ELEMENT_OBJECT_LIST = *mut _BCD_ELEMENT_OBJECT_LIST; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _BCD_ELEMENT_INTEGER { + pub Value: ULONG64, +} +pub type BCD_ELEMENT_INTEGER = _BCD_ELEMENT_INTEGER; +pub type PBCD_ELEMENT_INTEGER = *mut _BCD_ELEMENT_INTEGER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _BCD_ELEMENT_INTEGER_LIST { + pub Value: [ULONG64; 1usize], +} +pub type BCD_ELEMENT_INTEGER_LIST = _BCD_ELEMENT_INTEGER_LIST; +pub type PBCD_ELEMENT_INTEGER_LIST = *mut _BCD_ELEMENT_INTEGER_LIST; +#[repr(C)] +pub struct _BCD_ELEMENT_BOOLEAN { + pub Value: BOOLEAN, +} +impl Default for _BCD_ELEMENT_BOOLEAN { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type BCD_ELEMENT_BOOLEAN = _BCD_ELEMENT_BOOLEAN; +pub type PBCD_ELEMENT_BOOLEAN = *mut _BCD_ELEMENT_BOOLEAN; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct BCD_ELEMENT_DESCRIPTION { + pub Version: ULONG, + pub Type: ULONG, + pub DataSize: ULONG, +} +pub type PBCD_ELEMENT_DESCRIPTION = *mut BCD_ELEMENT_DESCRIPTION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _BCD_ELEMENT { + pub Description: PBCD_ELEMENT_DESCRIPTION, + pub Data: PVOID, +} +impl Default for _BCD_ELEMENT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type BCD_ELEMENT = _BCD_ELEMENT; +pub type PBCD_ELEMENT = *mut _BCD_ELEMENT; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BCD_FLAGS { + BCD_FLAG_NONE = 0, + BCD_FLAG_QUALIFIED_PARTITION = 1, + BCD_FLAG_NO_DEVICE_TRANSLATION = 2, + BCD_FLAG_ENUMERATE_INHERITED_OBJECTS = 4, + BCD_FLAG_ENUMERATE_DEVICE_OPTIONS = 8, + BCD_FLAG_OBSERVE_PRECEDENCE = 16, + BCD_FLAG_DISABLE_VHD_NT_TRANSLATION = 32, + BCD_FLAG_DISABLE_VHD_DEVICE_DETECTION = 64, + BCD_FLAG_DISABLE_POLICY_CHECKS = 128, +} +pub use self::_BCD_FLAGS as BCD_FLAGS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BcdBootMgrElementTypes { + #[doc = " \n The order in which BCD objects should be displayed.\n Objects are displayed using the string specified by the BcdLibraryString_Description element.\n \n 0x24000001"] + BcdBootMgrObjectList_DisplayOrder = 603979777, + #[doc = " \n List of boot environment applications the boot manager should execute.\n The applications are executed in the order they appear in this list.\n If the firmware boot manager does not support loading multiple applications, this list cannot contain more than one entry.\n \n 0x24000002"] + BcdBootMgrObjectList_BootSequence = 603979778, + #[doc = " \n The default boot environment application to load if the user does not select one.\n \n 0x23000003"] + BcdBootMgrObject_DefaultObject = 587202563, + #[doc = " \n The maximum number of seconds a boot selection menu is to be displayed to the user.\n The menu is displayed until the user selects an option or the time-out expires.\n If this value is not specified, the boot manager waits for the user to make a selection.\n \n 0x25000004"] + BcdBootMgrInteger_Timeout = 620756996, + #[doc = " \n Indicates that a resume operation should be attempted during a system restart.\n \n 0x26000005"] + BcdBootMgrBoolean_AttemptResume = 637534213, + #[doc = " \n The resume application object.\n \n 0x23000006"] + BcdBootMgrObject_ResumeObject = 587202566, + #[doc = " \n\n \n 0x24000007"] + BcdBootMgrObjectList_StartupSequence = 603979783, + #[doc = " \n The boot manager tools display order list.\n \n 0x24000010"] + BcdBootMgrObjectList_ToolsDisplayOrder = 603979792, + #[doc = " \n Forces the display of the legacy boot menu, regardless of the number of OS entries in the BCD store and their BcdOSLoaderInteger_BootMenuPolicy.\n \n 0x26000020"] + BcdBootMgrBoolean_DisplayBootMenu = 637534240, + #[doc = " \n Indicates whether the display of errors should be suppressed.\n If this setting is enabled, the boot manager exits to the multi-OS menu on OS launch error.\n \n 0x26000021"] + BcdBootMgrBoolean_NoErrorDisplay = 637534241, + #[doc = " \n The device on which the boot application resides.\n \n 0x21000022"] + BcdBootMgrDevice_BcdDevice = 553648162, + #[doc = " \n The boot application.\n \n 0x22000023"] + BcdBootMgrString_BcdFilePath = 570425379, + #[doc = " \n\n \n 0x26000024"] + BcdBootMgrBoolean_HormEnabled = 637534244, + #[doc = " \n\n \n 0x26000025"] + BcdBootMgrBoolean_HiberRoot = 637534245, + #[doc = " \n\n \n 0x22000026"] + BcdBootMgrString_PasswordOverride = 570425382, + #[doc = " \n\n \n 0x22000027"] + BcdBootMgrString_PinpassPhraseOverride = 570425383, + #[doc = " \n Controls whether custom actions are processed before a boot sequence.\n Note This value is supported starting in Windows 8 and Windows Server 2012.\n \n 0x26000028"] + BcdBootMgrBoolean_ProcessCustomActionsFirst = 637534248, + #[doc = " \n Custom Bootstrap Actions.\n \n 0x27000030"] + BcdBootMgrIntegerList_CustomActionsList = 654311472, + #[doc = " \n Controls whether a boot sequence persists across multiple boots.\n Note This value is supported starting in Windows 8 and Windows Server 2012.\n \n 0x26000031"] + BcdBootMgrBoolean_PersistBootSequence = 637534257, + #[doc = " \n\n \n 0x26000032"] + BcdBootMgrBoolean_SkipStartupSequence = 637534258, +} +pub use self::_BcdBootMgrElementTypes as BcdBootMgrElementTypes; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BcdLibrary_FirstMegabytePolicy { + #[doc = " \n Use none of the first megabyte of memory.\n "] + FirstMegabytePolicyUseNone = 0, + #[doc = " \n Use all of the first megabyte of memory.\n "] + FirstMegabytePolicyUseAll = 1, + #[doc = " \n Reserved for future use.\n "] + FirstMegabytePolicyUsePrivate = 2, +} +pub use self::_BcdLibrary_FirstMegabytePolicy as BcdLibrary_FirstMegabytePolicy; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BcdLibrary_DebuggerType { + DebuggerSerial = 0, + Debugger1394 = 1, + DebuggerUsb = 2, + DebuggerNet = 3, + DebuggerLocal = 4, +} +pub use self::_BcdLibrary_DebuggerType as BcdLibrary_DebuggerType; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BcdLibrary_DebuggerStartPolicy { + #[doc = " \n The debugger will start active.\n "] + DebuggerStartActive = 0, + #[doc = " \n The debugger will start in the auto-enabled state.\n If a debugger is attached it will be used; otherwise the debugger port will be available for other applications.\n "] + DebuggerStartAutoEnable = 1, + #[doc = " \n The debugger will not start.\n "] + DebuggerStartDisable = 2, +} +pub use self::_BcdLibrary_DebuggerStartPolicy as BcdLibrary_DebuggerStartPolicy; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BcdLibrary_ConfigAccessPolicy { + #[doc = " \n Access to PCI configuration space through the memory-mapped region is allowed.\n "] + ConfigAccessPolicyDefault = 0, + #[doc = " \n Access to PCI configuration space through the memory-mapped region is not allowed.\n This setting is used for platforms that implement memory-mapped configuration space incorrectly.\n The CFC/CF8 access mechanism can be used to access configuration space on these platforms.\n "] + ConfigAccessPolicyDisallowMmConfig = 1, +} +pub use self::_BcdLibrary_ConfigAccessPolicy as BcdLibrary_ConfigAccessPolicy; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BcdLibrary_UxDisplayMessageType { + DisplayMessageTypeDefault = 0, + DisplayMessageTypeResume = 1, + DisplayMessageTypeHyperV = 2, + DisplayMessageTypeRecovery = 3, + DisplayMessageTypeStartupRepair = 4, + DisplayMessageTypeSystemImageRecovery = 5, + DisplayMessageTypeCommandPrompt = 6, + DisplayMessageTypeSystemRestore = 7, + DisplayMessageTypePushButtonReset = 8, +} +pub use self::_BcdLibrary_UxDisplayMessageType as BcdLibrary_UxDisplayMessageType; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum BcdLibrary_SafeBoot { + #[doc = " \n Load the drivers and services specified by name or group under the following registry key:\n HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal.\n "] + SafemodeMinimal = 0, + #[doc = " \n Load the drivers and services specified by name or group under the following registry key:\n HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Network\n "] + SafemodeNetwork = 1, + #[doc = " \n Boot the system into a repair mode that restores the Active Directory service from backup medium.\n "] + SafemodeDsRepair = 2, +} +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BcdLibraryElementTypes { + #[doc = " \n Device on which a boot environment application resides.\n \n 0x11000001"] + BcdLibraryDevice_ApplicationDevice = 285212673, + #[doc = " \n Path to a boot environment application.\n \n 0x12000002"] + BcdLibraryString_ApplicationPath = 301989890, + #[doc = " \n Display name of the boot environment application.\n \n 0x12000004"] + BcdLibraryString_Description = 301989892, + #[doc = " \n Preferred locale, in RFC 3066 format.\n \n 0x12000005"] + BcdLibraryString_PreferredLocale = 301989893, + #[doc = " \n List of BCD objects from which the current object should inherit elements.\n \n 0x14000006"] + BcdLibraryObjectList_InheritedObjects = 335544326, + #[doc = " \n Maximum physical address a boot environment application should recognize. All memory above this address is ignored.\n \n 0x15000007"] + BcdLibraryInteger_TruncatePhysicalMemory = 352321543, + #[doc = " \n List of boot environment applications to be executed if the associated application fails. The applications are executed in the order they appear in this list.\n \n 0x14000008"] + BcdLibraryObjectList_RecoverySequence = 335544328, + #[doc = " \n Indicates whether the recovery sequence executes automatically if the boot application fails. Otherwise, the recovery sequence only runs on demand.\n \n 0x16000009"] + BcdLibraryBoolean_AutoRecoveryEnabled = 369098761, + #[doc = " \n List of page frame numbers describing faulty memory in the system.\n \n 0x1700000A"] + BcdLibraryIntegerList_BadMemoryList = 385875978, + #[doc = " \n If TRUE, indicates that a boot application can use memory listed in the BcdLibraryIntegerList_BadMemoryList.\n \n 0x1600000B"] + BcdLibraryBoolean_AllowBadMemoryAccess = 369098763, + #[doc = " \n Indicates how the first megabyte of memory is to be used. The Integer property is one of the values from the BcdLibrary_FirstMegabytePolicy enumeration.\n \n 0x1500000C"] + BcdLibraryInteger_FirstMegabytePolicy = 352321548, + #[doc = " \n Relocates physical memory on certain AMD processors.\n This value is not used in Windows 8 or Windows Server 2012.\n \n 0x1500000D"] + BcdLibraryInteger_RelocatePhysicalMemory = 352321549, + #[doc = " \n Specifies a minimum physical address to use in the boot environment.\n \n 0x1500000E"] + BcdLibraryInteger_AvoidLowPhysicalMemory = 352321550, + #[doc = " \n\n \n 0x1600000F"] + BcdLibraryBoolean_TraditionalKsegMappings = 369098767, + #[doc = " \n Indicates whether the boot debugger should be enabled.\n \n 0x16000010"] + BcdLibraryBoolean_DebuggerEnabled = 369098768, + #[doc = " \n Debugger type. The Integer property is one of the values from the BcdLibrary_DebuggerType enumeration.\n \n 0x15000011"] + BcdLibraryInteger_DebuggerType = 352321553, + #[doc = " \n I/O port address for the serial debugger.\n \n 0x15000012"] + BcdLibraryInteger_SerialDebuggerPortAddress = 352321554, + #[doc = " \n Serial port number for serial debugging.\n If this value is not specified, the default is specified by the DBGP ACPI table settings.\n \n 0x15000013"] + BcdLibraryInteger_SerialDebuggerPort = 352321555, + #[doc = " \n Baud rate for serial debugging.\n \n 0x15000014"] + BcdLibraryInteger_SerialDebuggerBaudRate = 352321556, + #[doc = " \n Channel number for 1394 debugging.\n \n 0x15000015"] + BcdLibraryInteger_1394DebuggerChannel = 352321557, + #[doc = " \n The target name for the USB debugger. The target name is arbitrary but must match between the debugger and the debug target.\n \n 0x12000016"] + BcdLibraryString_UsbDebuggerTargetName = 301989910, + #[doc = " \n If TRUE, the debugger will ignore user mode exceptions and only stop for kernel mode exceptions.\n \n 0x16000017"] + BcdLibraryBoolean_DebuggerIgnoreUsermodeExceptions = 369098775, + #[doc = " \n Indicates the debugger start policy. The Integer property is one of the values from the BcdLibrary_DebuggerStartPolicy enumeration.\n \n 0x15000018"] + BcdLibraryInteger_DebuggerStartPolicy = 352321560, + #[doc = " \n Defines the PCI bus, device, and function numbers of the debugging device. For example, 1.5.0 describes the debugging device on bus 1, device 5, function 0.\n \n 0x12000019"] + BcdLibraryString_DebuggerBusParameters = 301989913, + #[doc = " \n Defines the host IP address for the network debugger.\n \n 0x1500001A"] + BcdLibraryInteger_DebuggerNetHostIP = 352321562, + #[doc = " \n Defines the network port for the network debugger.\n \n 0x1500001B"] + BcdLibraryInteger_DebuggerNetPort = 352321563, + #[doc = " \n Controls the use of DHCP by the network debugger. Setting this to false causes the OS to only use link-local addresses.\n This value is supported starting in Windows 8 and Windows Server 2012.\n \n 0x1600001C"] + BcdLibraryBoolean_DebuggerNetDhcp = 369098780, + #[doc = " \n Holds the key used to encrypt the network debug connection.\n This value is supported starting in Windows 8 and Windows Server 2012.\n \n 0x1200001D"] + BcdLibraryString_DebuggerNetKey = 301989917, + #[doc = " \n\n \n 0x1600001E"] + BcdLibraryBoolean_DebuggerNetVM = 369098782, + #[doc = " \n\n \n 0x1200001F"] + BcdLibraryString_DebuggerNetHostIpv6 = 301989919, + #[doc = " \n Indicates whether EMS redirection should be enabled.\n \n 0x16000020"] + BcdLibraryBoolean_EmsEnabled = 369098784, + #[doc = " \n COM port number for EMS redirection.\n \n 0x15000022"] + BcdLibraryInteger_EmsPort = 352321570, + #[doc = " \n Baud rate for EMS redirection.\n \n 0x15000023"] + BcdLibraryInteger_EmsBaudRate = 352321571, + #[doc = " \n String that is appended to the load options string passed to the kernel to be consumed by kernel-mode components.\n This is useful for communicating with kernel-mode components that are not BCD-aware.\n \n 0x12000030"] + BcdLibraryString_LoadOptionsString = 301989936, + #[doc = " \n\n \n 0x16000031"] + BcdLibraryBoolean_AttemptNonBcdStart = 369098801, + #[doc = " \n Indicates whether the advanced options boot menu (F8) is displayed.\n \n 0x16000040"] + BcdLibraryBoolean_DisplayAdvancedOptions = 369098816, + #[doc = " \n Indicates whether the boot options editor is enabled.\n \n 0x16000041"] + BcdLibraryBoolean_DisplayOptionsEdit = 369098817, + #[doc = " \n\n \n 0x15000042"] + BcdLibraryInteger_FVEKeyRingAddress = 352321602, + #[doc = " \n Allows a device override for the bootstat.dat log in the boot manager and winload.exe.\n \n 0x11000043"] + BcdLibraryDevice_BsdLogDevice = 285212739, + #[doc = " \n Allows a path override for the bootstat.dat log file in the boot manager and winload.exe.\n \n 0x12000044"] + BcdLibraryString_BsdLogPath = 301989956, + #[doc = " \n Indicates whether graphics mode is disabled and boot applications must use text mode display.\n \n 0x16000045"] + BcdLibraryBoolean_BsdPreserveLog = 369098821, + #[doc = " \n\n \n 0x16000046"] + BcdLibraryBoolean_GraphicsModeDisabled = 369098822, + #[doc = " \n Indicates the access policy for PCI configuration space.\n \n 0x15000047"] + BcdLibraryInteger_ConfigAccessPolicy = 352321607, + #[doc = " \n Disables integrity checks.\n Cannot be set when secure boot is enabled.\n This value is ignored by Windows 7 and Windows 8.\n \n 0x16000048"] + BcdLibraryBoolean_DisableIntegrityChecks = 369098824, + #[doc = " \n Indicates whether the test code signing certificate is supported.\n \n 0x16000049"] + BcdLibraryBoolean_AllowPrereleaseSignatures = 369098825, + #[doc = " \n Overrides the default location of the boot fonts.\n \n 0x1200004A"] + BcdLibraryString_FontPath = 301989962, + #[doc = " \n\n \n 0x1500004B"] + BcdLibraryInteger_SiPolicy = 352321611, + #[doc = " \n This value (if present) should not be modified.\n \n 0x1500004C"] + BcdLibraryInteger_FveBandId = 352321612, + #[doc = " \n Specifies that legacy BIOS systems should use INT 16h Function 10h for console input instead of INT 16h Function 0h.\n \n 0x16000050"] + BcdLibraryBoolean_ConsoleExtendedInput = 369098832, + #[doc = " \n\n \n 0x15000051"] + BcdLibraryInteger_InitialConsoleInput = 352321617, + #[doc = " \n Forces a specific graphics resolution at boot.\n Possible values include GraphicsResolution1024x768 (0), GraphicsResolution800x600 (1), and GraphicsResolution1024x600 (2).\n \n 0x15000052"] + BcdLibraryInteger_GraphicsResolution = 352321618, + #[doc = " \n If enabled, specifies that boot error screens are not shown when OS launch errors occur, and the system is reset rather than exiting directly back to the firmware.\n \n 0x16000053"] + BcdLibraryBoolean_RestartOnFailure = 369098835, + #[doc = " \n Forces highest available graphics resolution at boot.\n This value can only be used on UEFI systems.\n This value is supported starting in Windows 8 and Windows Server 2012.\n \n 0x16000054"] + BcdLibraryBoolean_GraphicsForceHighestMode = 369098836, + #[doc = " \n This setting is used to differentiate between the Windows 7 and Windows 8 implementations of UEFI.\n Do not modify this setting.\n If this setting is removed from a Windows 8 installation, it will not boot.\n If this setting is added to a Windows 7 installation, it will not boot.\n \n 0x16000060"] + BcdLibraryBoolean_IsolatedExecutionContext = 369098848, + #[doc = " \n This setting disables the progress bar and default Windows logo. If a custom text string has been defined, it is also disabled by this setting.\n The Integer property is one of the values from the BcdLibrary_UxDisplayMessageType enumeration.\n \n 0x15000065"] + BcdLibraryInteger_BootUxDisplayMessage = 352321637, + #[doc = " \n\n \n 0x15000066"] + BcdLibraryInteger_BootUxDisplayMessageOverride = 352321638, + #[doc = " \n This setting disables the boot logo.\n \n 0x16000067"] + BcdLibraryBoolean_BootUxLogoDisable = 369098855, + #[doc = " \n This setting disables the boot status text.\n \n 0x16000068"] + BcdLibraryBoolean_BootUxTextDisable = 369098856, + #[doc = " \n This setting disables the boot progress bar.\n \n 0x16000069"] + BcdLibraryBoolean_BootUxProgressDisable = 369098857, + #[doc = " \n This setting disables the boot transition fading.\n \n 0x1600006A"] + BcdLibraryBoolean_BootUxFadeDisable = 369098858, + #[doc = " \n\n \n 0x1600006B"] + BcdLibraryBoolean_BootUxReservePoolDebug = 369098859, + #[doc = " \n\n \n 0x1600006C"] + BcdLibraryBoolean_BootUxDisable = 369098860, + #[doc = " \n\n \n 0x1500006D"] + BcdLibraryInteger_BootUxFadeFrames = 352321645, + #[doc = " \n\n \n 0x1600006E"] + BcdLibraryBoolean_BootUxDumpStats = 369098862, + #[doc = " \n\n \n 0x1600006F"] + BcdLibraryBoolean_BootUxShowStats = 369098863, + #[doc = " \n\n \n 0x16000071"] + BcdLibraryBoolean_MultiBootSystem = 369098865, + #[doc = " \n\n \n 0x16000072"] + BcdLibraryBoolean_ForceNoKeyboard = 369098866, + #[doc = " \n\n \n 0x15000073"] + BcdLibraryInteger_AliasWindowsKey = 352321651, + #[doc = " \n Disables the 1-minute timer that triggers shutdown on boot error screens, and the F8 menu, on UEFI systems.\n \n 0x16000074"] + BcdLibraryBoolean_BootShutdownDisabled = 369098868, + #[doc = " \n\n \n 0x15000075"] + BcdLibraryInteger_PerformanceFrequency = 352321653, + #[doc = " \n\n \n 0x15000076"] + BcdLibraryInteger_SecurebootRawPolicy = 352321654, + #[doc = " \n Indicates whether or not an in-memory BCD setting passed between boot apps will trigger BitLocker recovery.\n This value should not be modified as it could trigger a BitLocker recovery action.\n \n 0x17000077"] + BcdLibraryIntegerList_AllowedInMemorySettings = 352321655, + #[doc = " \n\n \n 0x15000079"] + BcdLibraryInteger_BootUxBitmapTransitionTime = 352321657, + #[doc = " \n\n \n 0x1600007A"] + BcdLibraryBoolean_TwoBootImages = 369098874, + #[doc = " \n Force the use of FIPS cryptography checks on boot applications.\n BcdLibraryBoolean_ForceFipsCrypto is documented with wrong value 0x16000079\n \n 0x1600007B"] + BcdLibraryBoolean_ForceFipsCrypto = 369098875, + #[doc = " \n\n \n 0x1500007D"] + BcdLibraryInteger_BootErrorUx = 352321661, + #[doc = " \n\n \n 0x1600007E"] + BcdLibraryBoolean_AllowFlightSignatures = 369098878, + #[doc = " \n\n \n 0x1500007F"] + BcdLibraryInteger_BootMeasurementLogFormat = 352321663, + #[doc = " \n\n \n 0x15000080"] + BcdLibraryInteger_DisplayRotation = 352321664, + #[doc = " \n\n \n 0x15000081"] + BcdLibraryInteger_LogControl = 352321665, + #[doc = " \n\n \n 0x16000082"] + BcdLibraryBoolean_NoFirmwareSync = 369098882, + #[doc = " \n\n \n 0x11000084"] + BcdLibraryDevice_WindowsSystemDevice = 285212804, + #[doc = " \n\n \n 0x16000087"] + BcdLibraryBoolean_NumLockOn = 369098887, + #[doc = " \n\n \n 0x12000088"] + BcdLibraryString_AdditionalCiPolicy = 301990024, +} +pub use self::_BcdLibraryElementTypes as BcdLibraryElementTypes; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BcdTemplateElementTypes { + #[doc = " \n\n \n 0x45000001"] + BcdSetupInteger_DeviceType = 1157627905, + #[doc = " \n\n \n 0x42000002"] + BcdSetupString_ApplicationRelativePath = 1107296258, + #[doc = " \n\n \n 0x42000003"] + BcdSetupString_RamdiskDeviceRelativePath = 1107296259, + #[doc = " \n\n \n 0x46000004"] + BcdSetupBoolean_OmitOsLoaderElements = 1174405124, + #[doc = " \n\n \n 0x47000006"] + BcdSetupIntegerList_ElementsToMigrateList = 1191182342, + #[doc = " \n\n \n 0x46000010"] + BcdSetupBoolean_RecoveryOs = 1174405136, +} +pub use self::_BcdTemplateElementTypes as BcdTemplateElementTypes; +#[repr(i32)] +#[non_exhaustive] +#[doc = " \n Specifies the no-execute page protection policies.\n "] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BcdOSLoader_NxPolicy { + #[doc = " \n The no-execute page protection is off by default.\n "] + NxPolicyOptIn = 0, + #[doc = " \n The no-execute page protection is on by default.\n "] + NxPolicyOptOut = 1, + #[doc = " \n The no-execute page protection is always off.\n "] + NxPolicyAlwaysOff = 2, + #[doc = " \n The no-execute page protection is always on.\n "] + NxPolicyAlwaysOn = 3, +} +#[doc = " \n Specifies the no-execute page protection policies.\n "] +pub use self::_BcdOSLoader_NxPolicy as BcdOSLoader_NxPolicy; +#[repr(i32)] +#[non_exhaustive] +#[doc = " \n Specifies the Physical Address Extension (PAE) policies.\n "] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BcdOSLoader_PAEPolicy { + #[doc = " \n Enable PAE if hot-pluggable memory is defined above 4GB.\n "] + PaePolicyDefault = 0, + #[doc = " \n PAE is enabled.\n "] + PaePolicyForceEnable = 1, + #[doc = " \n PAE is disabled.\n "] + PaePolicyForceDisable = 2, +} +#[doc = " \n Specifies the Physical Address Extension (PAE) policies.\n "] +pub use self::_BcdOSLoader_PAEPolicy as BcdOSLoader_PAEPolicy; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BcdOSLoader_BootStatusPolicy { + #[doc = " \n Display all boot failures.\n "] + BootStatusPolicyDisplayAllFailures = 0, + #[doc = " \n Ignore all boot failures.\n "] + BootStatusPolicyIgnoreAllFailures = 1, + #[doc = " \n Ignore all shutdown failures.\n "] + BootStatusPolicyIgnoreShutdownFailures = 2, + #[doc = " \n Ignore all boot failures.\n "] + BootStatusPolicyIgnoreBootFailures = 3, + #[doc = " \n Ignore checkpoint failures.\n "] + BootStatusPolicyIgnoreCheckpointFailures = 4, + #[doc = " \n Display shutdown failures.\n "] + BootStatusPolicyDisplayShutdownFailures = 5, + #[doc = " \n Display boot failures.\n "] + BootStatusPolicyDisplayBootFailures = 6, + #[doc = " \n Display checkpoint failures.\n "] + BootStatusPolicyDisplayCheckpointFailures = 7, +} +pub use self::_BcdOSLoader_BootStatusPolicy as BcdOSLoaderBootStatusPolicy; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BcdOSLoaderElementTypes { + #[doc = " \n The device on which the operating system resides.\n \n 0x21000001"] + BcdOSLoaderDevice_OSDevice = 553648129, + #[doc = " \n The file path to the operating system (%SystemRoot% minus the volume).\n \n 0x22000002"] + BcdOSLoaderString_SystemRoot = 570425346, + #[doc = " \n The resume application associated with the operating system.\n \n 0x23000003"] + BcdOSLoaderObject_AssociatedResumeObject = 587202563, + #[doc = " \n\n \n 0x26000004"] + BcdOSLoaderBoolean_StampDisks = 637534212, + #[doc = " \n Indicates whether the operating system loader should determine the kernel and HAL to load based on the platform features.\n \n 0x26000010"] + BcdOSLoaderBoolean_DetectKernelAndHal = 637534224, + #[doc = " \n The kernel to be loaded by the operating system loader. This value overrides the default kernel.\n \n 0x22000011"] + BcdOSLoaderString_KernelPath = 570425361, + #[doc = " \n The HAL to be loaded by the operating system loader. This value overrides the default HAL.\n \n 0x22000012"] + BcdOSLoaderString_HalPath = 570425362, + #[doc = " \n The transport DLL to be loaded by the operating system loader. This value overrides the default Kdcom.dll.\n \n 0x22000013"] + BcdOSLoaderString_DbgTransportPath = 570425363, + #[doc = " \n The no-execute page protection policy. The Integer property is one of the values from the BcdOSLoader_NxPolicy enumeration.\n \n 0x25000020"] + BcdOSLoaderInteger_NxPolicy = 620757024, + #[doc = " \n The Physical Address Extension (PAE) policy. The Integer property is one of the values from the BcdOSLoader_PAEPolicy enumeration.\n \n 0x25000021"] + BcdOSLoaderInteger_PAEPolicy = 620757025, + #[doc = " \n Indicates that the system should be started in Windows Preinstallation Environment (Windows PE) mode.\n \n 0x26000022"] + BcdOSLoaderBoolean_WinPEMode = 637534242, + #[doc = " \n Indicates that the system should not automatically reboot when it crashes.\n \n 0x26000024"] + BcdOSLoaderBoolean_DisableCrashAutoReboot = 637534244, + #[doc = " \n Indicates that the system should use the last-known good settings.\n \n 0x26000025"] + BcdOSLoaderBoolean_UseLastGoodSettings = 637534245, + #[doc = " \n\n \n 0x26000026"] + BcdOSLoaderBoolean_DisableCodeIntegrityChecks = 637534246, + #[doc = " \n Indicates whether the test code signing certificate is supported.\n \n 0x26000027"] + BcdOSLoaderBoolean_AllowPrereleaseSignatures = 637534247, + #[doc = " \n Indicates whether the system should utilize the first 4GB of physical memory.\n This option requires 5GB of physical memory, and on x86 systems it requires PAE to be enabled.\n \n 0x26000030"] + BcdOSLoaderBoolean_NoLowMemory = 637534256, + #[doc = " \n The amount of memory the system should ignore.\n \n 0x25000031"] + BcdOSLoaderInteger_RemoveMemory = 620757041, + #[doc = " \n The amount of memory that should be utilized by the process address space, in bytes.\n This value should be between 2GB and 3GB.\n Increasing this value from the default 2GB decreases the amount of virtual address space available to the system and device drivers.\n \n 0x25000032"] + BcdOSLoaderInteger_IncreaseUserVa = 620757042, + #[doc = " \n\n \n 0x25000033"] + BcdOSLoaderInteger_PerformaceDataMemory = 620757043, + #[doc = " \n Indicates whether the system should use the standard VGA display driver instead of a high-performance display driver.\n \n 0x26000040"] + BcdOSLoaderBoolean_UseVgaDriver = 637534272, + #[doc = " \n Indicates whether the system should initialize the VGA driver responsible for displaying simple graphics during the boot process.\n If not, there is no display is presented during the boot process.\n \n 0x26000041"] + BcdOSLoaderBoolean_DisableBootDisplay = 637534273, + #[doc = " \n Indicates whether the VGA driver should avoid VESA BIOS calls.\n Note This value is ignored by Windows 8 and Windows Server 2012.\n \n 0x26000042"] + BcdOSLoaderBoolean_DisableVesaBios = 637534274, + #[doc = " \n Disables the use of VGA modes in the OS.\n \n 0x26000043"] + BcdOSLoaderBoolean_DisableVgaMode = 637534275, + #[doc = " \n Indicates that cluster-mode APIC addressing should be utilized, and the value is the maximum number of processors per cluster.\n \n 0x25000050"] + BcdOSLoaderInteger_ClusterModeAddressing = 620757072, + #[doc = " \n Indicates whether to enable physical-destination mode for all APIC messages.\n \n 0x26000051"] + BcdOSLoaderBoolean_UsePhysicalDestination = 637534289, + #[doc = " \n The maximum number of APIC clusters that should be used by cluster-mode addressing.\n \n 0x25000052"] + BcdOSLoaderInteger_RestrictApicCluster = 620757074, + #[doc = " \n\n \n 0x22000053"] + BcdOSLoaderString_OSLoaderTypeEVStore = 570425427, + #[doc = " \n Used to force legacy APIC mode, even if the processors and chipset support extended APIC mode.\n \n 0x26000054"] + BcdOSLoaderBoolean_UseLegacyApicMode = 637534292, + #[doc = " \n Enables the use of extended APIC mode, if supported.\n Zero (0) indicates default behavior, one (1) indicates that extended APIC mode is disabled, and two (2) indicates that extended APIC mode is enabled.\n The system defaults to using extended APIC mode if available.\n \n 0x25000055"] + BcdOSLoaderInteger_X2ApicPolicy = 620757077, + #[doc = " \n Indicates whether the operating system should initialize or start non-boot processors.\n \n 0x26000060"] + BcdOSLoaderBoolean_UseBootProcessorOnly = 637534304, + #[doc = " \n The maximum number of processors that can be utilized by the system; all other processors are ignored.\n \n 0x25000061"] + BcdOSLoaderInteger_NumberOfProcessors = 620757089, + #[doc = " \n Indicates whether the system should use the maximum number of processors.\n \n 0x26000062"] + BcdOSLoaderBoolean_ForceMaximumProcessors = 637534306, + #[doc = " \n Indicates whether processor specific configuration flags are to be used.\n \n 0x25000063"] + BcdOSLoaderBoolean_ProcessorConfigurationFlags = 620757091, + #[doc = " \n Maximizes the number of groups created when assigning nodes to processor groups.\n \n 0x26000064"] + BcdOSLoaderBoolean_MaximizeGroupsCreated = 637534308, + #[doc = " \n This setting makes drivers group aware and can be used to determine improper group usage.\n \n 0x26000065"] + BcdOSLoaderBoolean_ForceGroupAwareness = 637534309, + #[doc = " \n Specifies the size of all processor groups. Must be set to a power of 2.\n \n 0x25000066"] + BcdOSLoaderInteger_GroupSize = 620757094, + #[doc = " \n Indicates whether the system should use I/O and IRQ resources created by the system firmware instead of using dynamically configured resources.\n \n 0x26000070"] + BcdOSLoaderInteger_UseFirmwarePciSettings = 637534320, + #[doc = " \n The PCI Message Signaled Interrupt (MSI) policy. Zero (0) indicates default, and one (1) indicates that MSI interrupts are disabled.\n \n 0x25000071"] + BcdOSLoaderInteger_MsiPolicy = 620757105, + #[doc = " \n Undocumented. Zero (0) indicates default, and one (1) indicates that PCI Express is forcefully disabled.\n \n 0x25000072"] + BcdOSLoaderInteger_PciExpressPolicy = 620757106, + #[doc = " \n The Integer property is one of the values from the BcdLibrary_SafeBoot enumeration.\n \n 0x25000080"] + BcdOSLoaderInteger_SafeBoot = 620757120, + #[doc = " \n Indicates whether the system should use the shell specified under the following registry key instead of the default shell:\n HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\AlternateShell.\n \n 0x26000081"] + BcdOSLoaderBoolean_SafeBootAlternateShell = 637534337, + #[doc = " \n Indicates whether the system should write logging information to %SystemRoot%\\Ntbtlog.txt during initialization.\n \n 0x26000090"] + BcdOSLoaderBoolean_BootLogInitialization = 637534352, + #[doc = " \n Indicates whether the system should display verbose information.\n \n 0x26000091"] + BcdOSLoaderBoolean_VerboseObjectLoadMode = 637534353, + #[doc = " \n Indicates whether the kernel debugger should be enabled using the settings in the inherited debugger object.\n \n 0x260000A0"] + BcdOSLoaderBoolean_KernelDebuggerEnabled = 637534368, + #[doc = " \n Indicates whether the HAL should call DbgBreakPoint at the start of HalInitSystem for phase 0 initialization of the kernel.\n \n 0x260000A1"] + BcdOSLoaderBoolean_DebuggerHalBreakpoint = 637534369, + #[doc = " \n Forces the use of the platform clock as the system's performance counter.\n \n 0x260000A2"] + BcdOSLoaderBoolean_UsePlatformClock = 637534370, + #[doc = " \n Forces the OS to assume the presence of legacy PC devices like CMOS and keyboard controllers.\n This value should only be used for debugging.\n \n 0x260000A3"] + BcdOSLoaderBoolean_ForceLegacyPlatform = 637534371, + #[doc = " \n\n \n 0x260000A4"] + BcdOSLoaderBoolean_UsePlatformTick = 637534372, + #[doc = " \n\n \n 0x260000A5"] + BcdOSLoaderBoolean_DisableDynamicTick = 637534373, + #[doc = " \n Controls the TSC synchronization policy. Possible values include default (0), legacy (1), or enhanced (2).\n This value is supported starting in Windows 8 and Windows Server 2012.\n \n 0x250000A6"] + BcdOSLoaderInteger_TscSyncPolicy = 620757158, + #[doc = " \n Indicates whether EMS should be enabled in the kernel.\n \n 0x260000B0"] + BcdOSLoaderBoolean_EmsEnabled = 637534384, + #[doc = " \n\n \n 0x250000C0"] + BcdOSLoaderInteger_ForceFailure = 620757184, + #[doc = " \n Indicates the driver load failure policy. Zero (0) indicates that a failed driver load is fatal and the boot will not continue,\n one (1) indicates that the standard error control is used.\n \n 0x250000C1"] + BcdOSLoaderInteger_DriverLoadFailurePolicy = 620757185, + #[doc = " \n Defines the type of boot menus the system will use. Possible values include menupolicylegacy (0) or menupolicystandard (1).\n The default value is menupolicylegacy (0).\n \n 0x250000C2"] + BcdOSLoaderInteger_BootMenuPolicy = 620757186, + #[doc = " \n Controls whether the system boots to the legacy menu (F8 menu) on the next boot.\n Note This value is supported starting in Windows 8 and Windows Server 2012.\n \n 0x260000C3"] + BcdOSLoaderBoolean_AdvancedOptionsOneTime = 637534403, + #[doc = " \n\n \n 0x260000C4"] + BcdOSLoaderBoolean_OptionsEditOneTime = 637534404, + #[doc = " \n The boot status policy. The Integer property is one of the values from the BcdOSLoaderBootStatusPolicy enumeration\n \n 0x250000E0"] + BcdOSLoaderInteger_BootStatusPolicy = 620757216, + #[doc = " \n The OS loader removes this entry for security reasons. This option can only be triggered by using the F8 menu; a user must be physically present to trigger this option.\n This value is supported starting in Windows 8 and Windows Server 2012.\n \n 0x260000E1"] + BcdOSLoaderBoolean_DisableElamDrivers = 637534433, + #[doc = " \n Controls the hypervisor launch type. Options are HyperVisorLaunchOff (0) and HypervisorLaunchAuto (1).\n \n 0x250000F0"] + BcdOSLoaderInteger_HypervisorLaunchType = 620757232, + #[doc = " \n\n \n 0x250000F1"] + BcdOSLoaderString_HypervisorPath = 620757233, + #[doc = " \n Controls whether the hypervisor debugger is enabled.\n \n 0x260000F2"] + BcdOSLoaderBoolean_HypervisorDebuggerEnabled = 637534450, + #[doc = " \n Controls the hypervisor debugger type. Can be set to SERIAL (0), 1394 (1), or NET (2).\n \n 0x250000F3"] + BcdOSLoaderInteger_HypervisorDebuggerType = 620757235, + #[doc = " \n Specifies the serial port number for serial debugging.\n \n 0x250000F4"] + BcdOSLoaderInteger_HypervisorDebuggerPortNumber = 620757236, + #[doc = " \n Specifies the baud rate for serial debugging.\n \n 0x250000F5"] + BcdOSLoaderInteger_HypervisorDebuggerBaudrate = 620757237, + #[doc = " \n Specifies the channel number for 1394 debugging.\n \n 0x250000F6"] + BcdOSLoaderInteger_HypervisorDebugger1394Channel = 620757238, + #[doc = " \n Values are Disabled (0), Basic (1), and Standard (2).\n \n 0x250000F7"] + BcdOSLoaderInteger_BootUxPolicy = 620757239, + #[doc = " \n\n \n 0x220000F8"] + BcdOSLoaderInteger_HypervisorSlatDisabled = 570425592, + #[doc = " \n Defines the PCI bus, device, and function numbers of the debugging device used with the hypervisor.\n For example, 1.5.0 describes the debugging device on bus 1, device 5, function 0.\n \n 0x220000F9"] + BcdOSLoaderString_HypervisorDebuggerBusParams = 570425593, + #[doc = " \n\n \n 0x250000FA"] + BcdOSLoaderInteger_HypervisorNumProc = 620757242, + #[doc = " \n\n \n 0x250000FB"] + BcdOSLoaderInteger_HypervisorRootProcPerNode = 620757243, + #[doc = " \n\n \n 0x260000FC"] + BcdOSLoaderBoolean_HypervisorUseLargeVTlb = 637534460, + #[doc = " \n\n \n 0x250000FD"] + BcdOSLoaderInteger_HypervisorDebuggerNetHostIp = 620757245, + #[doc = " \n\n \n 0x250000FE"] + BcdOSLoaderInteger_HypervisorDebuggerNetHostPort = 620757246, + #[doc = " \n\n \n 0x250000FF"] + BcdOSLoaderInteger_HypervisorDebuggerPages = 620757247, + #[doc = " \n\n \n 0x25000100"] + BcdOSLoaderInteger_TpmBootEntropyPolicy = 620757248, + #[doc = " \n\n \n 0x22000110"] + BcdOSLoaderString_HypervisorDebuggerNetKey = 570425616, + #[doc = " \n\n \n 0x22000112"] + BcdOSLoaderString_HypervisorProductSkuType = 570425618, + #[doc = " \n\n \n 0x22000113"] + BcdOSLoaderInteger_HypervisorRootProc = 570425619, + #[doc = " \n\n \n 0x26000114"] + BcdOSLoaderBoolean_HypervisorDebuggerNetDhcp = 637534484, + #[doc = " \n\n \n 0x25000115"] + BcdOSLoaderInteger_HypervisorIommuPolicy = 620757269, + #[doc = " \n\n \n 0x26000116"] + BcdOSLoaderBoolean_HypervisorUseVApic = 637534486, + #[doc = " \n\n \n 0x22000117"] + BcdOSLoaderString_HypervisorLoadOptions = 570425623, + #[doc = " \n\n \n 0x25000118"] + BcdOSLoaderInteger_HypervisorMsrFilterPolicy = 620757272, + #[doc = " \n\n \n 0x25000119"] + BcdOSLoaderInteger_HypervisorMmioNxPolicy = 620757273, + #[doc = " \n\n \n 0x2500011A"] + BcdOSLoaderInteger_HypervisorSchedulerType = 620757274, + #[doc = " \n\n \n 0x2200011B"] + BcdOSLoaderString_HypervisorRootProcNumaNodes = 570425627, + #[doc = " \n\n \n 0x2500011C"] + BcdOSLoaderInteger_HypervisorPerfmon = 620757276, + #[doc = " \n\n \n 0x2500011D"] + BcdOSLoaderInteger_HypervisorRootProcPerCore = 620757277, + #[doc = " \n\n \n 0x2200011E"] + BcdOSLoaderString_HypervisorRootProcNumaNodeLps = 570425630, + #[doc = " \n\n \n 0x25000120"] + BcdOSLoaderInteger_XSavePolicy = 620757280, + #[doc = " \n\n \n 0x25000121"] + BcdOSLoaderInteger_XSaveAddFeature0 = 620757281, + #[doc = " \n\n \n 0x25000122"] + BcdOSLoaderInteger_XSaveAddFeature1 = 620757282, + #[doc = " \n\n \n 0x25000123"] + BcdOSLoaderInteger_XSaveAddFeature2 = 620757283, + #[doc = " \n\n \n 0x25000124"] + BcdOSLoaderInteger_XSaveAddFeature3 = 620757284, + #[doc = " \n\n \n 0x25000125"] + BcdOSLoaderInteger_XSaveAddFeature4 = 620757285, + #[doc = " \n\n \n 0x25000126"] + BcdOSLoaderInteger_XSaveAddFeature5 = 620757286, + #[doc = " \n\n \n 0x25000127"] + BcdOSLoaderInteger_XSaveAddFeature6 = 620757287, + #[doc = " \n\n \n 0x25000128"] + BcdOSLoaderInteger_XSaveAddFeature7 = 620757288, + #[doc = " \n\n \n 0x25000129"] + BcdOSLoaderInteger_XSaveRemoveFeature = 620757289, + #[doc = " \n\n \n 0x2500012A"] + BcdOSLoaderInteger_XSaveProcessorsMask = 620757290, + #[doc = " \n\n \n 0x2500012B"] + BcdOSLoaderInteger_XSaveDisable = 620757291, + #[doc = " \n\n \n 0x2500012C"] + BcdOSLoaderInteger_KernelDebuggerType = 620757292, + #[doc = " \n\n \n 0x2200012D"] + BcdOSLoaderString_KernelDebuggerBusParameters = 570425645, + #[doc = " \n\n \n 0x2500012E"] + BcdOSLoaderInteger_KernelDebuggerPortAddress = 620757294, + #[doc = " \n\n \n 0x2500012F"] + BcdOSLoaderInteger_KernelDebuggerPortNumber = 620757295, + #[doc = " \n\n \n 0x25000130"] + BcdOSLoaderInteger_ClaimedTpmCounter = 620757296, + #[doc = " \n\n \n 0x25000131"] + BcdOSLoaderInteger_KernelDebugger1394Channel = 620757297, + #[doc = " \n\n \n 0x22000132"] + BcdOSLoaderString_KernelDebuggerUsbTargetname = 570425650, + #[doc = " \n\n \n 0x25000133"] + BcdOSLoaderInteger_KernelDebuggerNetHostIp = 620757299, + #[doc = " \n\n \n 0x25000134"] + BcdOSLoaderInteger_KernelDebuggerNetHostPort = 620757300, + #[doc = " \n\n \n 0x26000135"] + BcdOSLoaderBoolean_KernelDebuggerNetDhcp = 637534517, + #[doc = " \n\n \n 0x22000136"] + BcdOSLoaderString_KernelDebuggerNetKey = 570425654, + #[doc = " \n\n \n 0x22000137"] + BcdOSLoaderString_IMCHiveName = 570425655, + #[doc = " \n\n \n 0x21000138"] + BcdOSLoaderDevice_IMCDevice = 553648440, + #[doc = " \n\n \n 0x25000139"] + BcdOSLoaderInteger_KernelDebuggerBaudrate = 620757305, + #[doc = " \n\n \n 0x22000140"] + BcdOSLoaderString_ManufacturingMode = 570425664, + #[doc = " \n\n \n 0x26000141"] + BcdOSLoaderBoolean_EventLoggingEnabled = 637534529, + #[doc = " \n\n \n 0x25000142"] + BcdOSLoaderInteger_VsmLaunchType = 620757314, + #[doc = " \n Undocumented. Zero (0) indicates default, one (1) indicates that disabled and two (2) indicates strict mode.\n \n 0x25000144"] + BcdOSLoaderInteger_HypervisorEnforcedCodeIntegrity = 620757316, + #[doc = " \n\n \n 0x26000145"] + BcdOSLoaderBoolean_DtraceEnabled = 637534533, + #[doc = " \n\n \n 0x21000150"] + BcdOSLoaderDevice_SystemDataDevice = 553648464, + #[doc = " \n\n \n 0x21000151"] + BcdOSLoaderDevice_OsArcDevice = 553648465, + #[doc = " \n\n \n 0x21000153"] + BcdOSLoaderDevice_OsDataDevice = 553648467, + #[doc = " \n\n \n 0x21000154"] + BcdOSLoaderDevice_BspDevice = 553648468, + #[doc = " \n\n \n 0x21000155"] + BcdOSLoaderDevice_BspFilepath = 553648469, + #[doc = " \n\n \n 0x22000156"] + BcdOSLoaderString_KernelDebuggerNetHostIpv6 = 570425686, + #[doc = " \n\n \n 0x22000161"] + BcdOSLoaderString_HypervisorDebuggerNetHostIpv6 = 570425697, +} +pub use self::_BcdOSLoaderElementTypes as BcdOSLoaderElementTypes; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _MEMORY_INFORMATION_CLASS { + MemoryBasicInformation = 0, + MemoryWorkingSetInformation = 1, + MemoryMappedFilenameInformation = 2, + MemoryRegionInformation = 3, + MemoryWorkingSetExInformation = 4, + MemorySharedCommitInformation = 5, + MemoryImageInformation = 6, + MemoryRegionInformationEx = 7, + MemoryPrivilegedBasicInformation = 8, + MemoryEnclaveImageInformation = 9, + MemoryBasicInformationCapped = 10, + MemoryPhysicalContiguityInformation = 11, + MemoryBadInformation = 12, + MemoryBadInformationAllProcesses = 13, + MaxMemoryInfoClass = 14, +} +pub use self::_MEMORY_INFORMATION_CLASS as MEMORY_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_WORKING_SET_BLOCK { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl _MEMORY_WORKING_SET_BLOCK { + #[inline] + pub fn Protection(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 5u8) as u64) } + } + #[inline] + pub fn set_Protection(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 5u8, val as u64) + } + } + #[inline] + pub fn ShareCount(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 3u8) as u64) } + } + #[inline] + pub fn set_ShareCount(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 3u8, val as u64) + } + } + #[inline] + pub fn Shared(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u64) } + } + #[inline] + pub fn set_Shared(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn Node(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 3u8) as u64) } + } + #[inline] + pub fn set_Node(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 3u8, val as u64) + } + } + #[inline] + pub fn VirtualPage(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 52u8) as u64) } + } + #[inline] + pub fn set_VirtualPage(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 52u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Protection: ULONG_PTR, + ShareCount: ULONG_PTR, + Shared: ULONG_PTR, + Node: ULONG_PTR, + VirtualPage: ULONG_PTR, + ) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 5u8, { + let Protection: u64 = unsafe { ::core::mem::transmute(Protection) }; + Protection as u64 + }); + __bindgen_bitfield_unit.set(5usize, 3u8, { + let ShareCount: u64 = unsafe { ::core::mem::transmute(ShareCount) }; + ShareCount as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let Shared: u64 = unsafe { ::core::mem::transmute(Shared) }; + Shared as u64 + }); + __bindgen_bitfield_unit.set(9usize, 3u8, { + let Node: u64 = unsafe { ::core::mem::transmute(Node) }; + Node as u64 + }); + __bindgen_bitfield_unit.set(12usize, 52u8, { + let VirtualPage: u64 = unsafe { ::core::mem::transmute(VirtualPage) }; + VirtualPage as u64 + }); + __bindgen_bitfield_unit + } +} +pub type MEMORY_WORKING_SET_BLOCK = _MEMORY_WORKING_SET_BLOCK; +pub type PMEMORY_WORKING_SET_BLOCK = *mut _MEMORY_WORKING_SET_BLOCK; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_WORKING_SET_INFORMATION { + pub NumberOfEntries: ULONG_PTR, + pub WorkingSetInfo: [MEMORY_WORKING_SET_BLOCK; 1usize], +} +pub type MEMORY_WORKING_SET_INFORMATION = _MEMORY_WORKING_SET_INFORMATION; +pub type PMEMORY_WORKING_SET_INFORMATION = *mut _MEMORY_WORKING_SET_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _MEMORY_REGION_INFORMATION { + pub AllocationBase: PVOID, + pub AllocationProtect: ULONG, + pub __bindgen_anon_1: _MEMORY_REGION_INFORMATION__bindgen_ty_1, + pub RegionSize: SIZE_T, + pub CommitSize: SIZE_T, + pub PartitionId: ULONG_PTR, + pub NodePreference: ULONG_PTR, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _MEMORY_REGION_INFORMATION__bindgen_ty_1 { + pub RegionType: ULONG, + pub __bindgen_anon_1: _MEMORY_REGION_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_REGION_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _MEMORY_REGION_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn Private(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_Private(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn MappedDataFile(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_MappedDataFile(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn MappedImage(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_MappedImage(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn MappedPageFile(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_MappedPageFile(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn MappedPhysical(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_MappedPhysical(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn DirectMapped(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_DirectMapped(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn SoftwareEnclave(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_SoftwareEnclave(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn PageSize64K(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u32) } + } + #[inline] + pub fn set_PageSize64K(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn PlaceholderReservation(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_PlaceholderReservation(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn MappedAwe(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u32) } + } + #[inline] + pub fn set_MappedAwe(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn MappedWriteWatch(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 1u8) as u32) } + } + #[inline] + pub fn set_MappedWriteWatch(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 1u8, val as u64) + } + } + #[inline] + pub fn PageSizeLarge(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(11usize, 1u8) as u32) } + } + #[inline] + pub fn set_PageSizeLarge(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(11usize, 1u8, val as u64) + } + } + #[inline] + pub fn PageSizeHuge(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 1u8) as u32) } + } + #[inline] + pub fn set_PageSizeHuge(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(13usize, 19u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(13usize, 19u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Private: ULONG, + MappedDataFile: ULONG, + MappedImage: ULONG, + MappedPageFile: ULONG, + MappedPhysical: ULONG, + DirectMapped: ULONG, + SoftwareEnclave: ULONG, + PageSize64K: ULONG, + PlaceholderReservation: ULONG, + MappedAwe: ULONG, + MappedWriteWatch: ULONG, + PageSizeLarge: ULONG, + PageSizeHuge: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let Private: u32 = unsafe { ::core::mem::transmute(Private) }; + Private as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let MappedDataFile: u32 = unsafe { ::core::mem::transmute(MappedDataFile) }; + MappedDataFile as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let MappedImage: u32 = unsafe { ::core::mem::transmute(MappedImage) }; + MappedImage as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let MappedPageFile: u32 = unsafe { ::core::mem::transmute(MappedPageFile) }; + MappedPageFile as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let MappedPhysical: u32 = unsafe { ::core::mem::transmute(MappedPhysical) }; + MappedPhysical as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let DirectMapped: u32 = unsafe { ::core::mem::transmute(DirectMapped) }; + DirectMapped as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let SoftwareEnclave: u32 = unsafe { ::core::mem::transmute(SoftwareEnclave) }; + SoftwareEnclave as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let PageSize64K: u32 = unsafe { ::core::mem::transmute(PageSize64K) }; + PageSize64K as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let PlaceholderReservation: u32 = + unsafe { ::core::mem::transmute(PlaceholderReservation) }; + PlaceholderReservation as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let MappedAwe: u32 = unsafe { ::core::mem::transmute(MappedAwe) }; + MappedAwe as u64 + }); + __bindgen_bitfield_unit.set(10usize, 1u8, { + let MappedWriteWatch: u32 = unsafe { ::core::mem::transmute(MappedWriteWatch) }; + MappedWriteWatch as u64 + }); + __bindgen_bitfield_unit.set(11usize, 1u8, { + let PageSizeLarge: u32 = unsafe { ::core::mem::transmute(PageSizeLarge) }; + PageSizeLarge as u64 + }); + __bindgen_bitfield_unit.set(12usize, 1u8, { + let PageSizeHuge: u32 = unsafe { ::core::mem::transmute(PageSizeHuge) }; + PageSizeHuge as u64 + }); + __bindgen_bitfield_unit.set(13usize, 19u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _MEMORY_REGION_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _MEMORY_REGION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_REGION_INFORMATION = _MEMORY_REGION_INFORMATION; +pub type PMEMORY_REGION_INFORMATION = *mut _MEMORY_REGION_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _MEMORY_WORKING_SET_EX_LOCATION { + MemoryLocationInvalid = 0, + MemoryLocationResident = 1, + MemoryLocationPagefile = 2, + MemoryLocationReserved = 3, +} +pub use self::_MEMORY_WORKING_SET_EX_LOCATION as MEMORY_WORKING_SET_EX_LOCATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _MEMORY_WORKING_SET_EX_BLOCK { + pub __bindgen_anon_1: _MEMORY_WORKING_SET_EX_BLOCK__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _MEMORY_WORKING_SET_EX_BLOCK__bindgen_ty_1 { + pub __bindgen_anon_1: _MEMORY_WORKING_SET_EX_BLOCK__bindgen_ty_1__bindgen_ty_1, + pub Invalid: _MEMORY_WORKING_SET_EX_BLOCK__bindgen_ty_1__bindgen_ty_2, +} +#[repr(C)] +#[repr(align(8))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_WORKING_SET_EX_BLOCK__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl _MEMORY_WORKING_SET_EX_BLOCK__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn Valid(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u64) } + } + #[inline] + pub fn set_Valid(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ShareCount(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 3u8) as u64) } + } + #[inline] + pub fn set_ShareCount(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 3u8, val as u64) + } + } + #[inline] + pub fn Win32Protection(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 11u8) as u64) } + } + #[inline] + pub fn set_Win32Protection(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 11u8, val as u64) + } + } + #[inline] + pub fn Shared(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(15usize, 1u8) as u64) } + } + #[inline] + pub fn set_Shared(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(15usize, 1u8, val as u64) + } + } + #[inline] + pub fn Node(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 6u8) as u64) } + } + #[inline] + pub fn set_Node(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 6u8, val as u64) + } + } + #[inline] + pub fn Locked(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(22usize, 1u8) as u64) } + } + #[inline] + pub fn set_Locked(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(22usize, 1u8, val as u64) + } + } + #[inline] + pub fn LargePage(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(23usize, 1u8) as u64) } + } + #[inline] + pub fn set_LargePage(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(23usize, 1u8, val as u64) + } + } + #[inline] + pub fn Priority(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(24usize, 3u8) as u64) } + } + #[inline] + pub fn set_Priority(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(24usize, 3u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(27usize, 3u8) as u64) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(27usize, 3u8, val as u64) + } + } + #[inline] + pub fn SharedOriginal(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(30usize, 1u8) as u64) } + } + #[inline] + pub fn set_SharedOriginal(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(30usize, 1u8, val as u64) + } + } + #[inline] + pub fn Bad(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(31usize, 1u8) as u64) } + } + #[inline] + pub fn set_Bad(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(31usize, 1u8, val as u64) + } + } + #[inline] + pub fn Win32GraphicsProtection(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(32usize, 4u8) as u64) } + } + #[inline] + pub fn set_Win32GraphicsProtection(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(32usize, 4u8, val as u64) + } + } + #[inline] + pub fn ReservedUlong(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(36usize, 28u8) as u64) } + } + #[inline] + pub fn set_ReservedUlong(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(36usize, 28u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Valid: ULONG_PTR, + ShareCount: ULONG_PTR, + Win32Protection: ULONG_PTR, + Shared: ULONG_PTR, + Node: ULONG_PTR, + Locked: ULONG_PTR, + LargePage: ULONG_PTR, + Priority: ULONG_PTR, + Reserved: ULONG_PTR, + SharedOriginal: ULONG_PTR, + Bad: ULONG_PTR, + Win32GraphicsProtection: ULONG_PTR, + ReservedUlong: ULONG_PTR, + ) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let Valid: u64 = unsafe { ::core::mem::transmute(Valid) }; + Valid as u64 + }); + __bindgen_bitfield_unit.set(1usize, 3u8, { + let ShareCount: u64 = unsafe { ::core::mem::transmute(ShareCount) }; + ShareCount as u64 + }); + __bindgen_bitfield_unit.set(4usize, 11u8, { + let Win32Protection: u64 = unsafe { ::core::mem::transmute(Win32Protection) }; + Win32Protection as u64 + }); + __bindgen_bitfield_unit.set(15usize, 1u8, { + let Shared: u64 = unsafe { ::core::mem::transmute(Shared) }; + Shared as u64 + }); + __bindgen_bitfield_unit.set(16usize, 6u8, { + let Node: u64 = unsafe { ::core::mem::transmute(Node) }; + Node as u64 + }); + __bindgen_bitfield_unit.set(22usize, 1u8, { + let Locked: u64 = unsafe { ::core::mem::transmute(Locked) }; + Locked as u64 + }); + __bindgen_bitfield_unit.set(23usize, 1u8, { + let LargePage: u64 = unsafe { ::core::mem::transmute(LargePage) }; + LargePage as u64 + }); + __bindgen_bitfield_unit.set(24usize, 3u8, { + let Priority: u64 = unsafe { ::core::mem::transmute(Priority) }; + Priority as u64 + }); + __bindgen_bitfield_unit.set(27usize, 3u8, { + let Reserved: u64 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit.set(30usize, 1u8, { + let SharedOriginal: u64 = unsafe { ::core::mem::transmute(SharedOriginal) }; + SharedOriginal as u64 + }); + __bindgen_bitfield_unit.set(31usize, 1u8, { + let Bad: u64 = unsafe { ::core::mem::transmute(Bad) }; + Bad as u64 + }); + __bindgen_bitfield_unit.set(32usize, 4u8, { + let Win32GraphicsProtection: u64 = + unsafe { ::core::mem::transmute(Win32GraphicsProtection) }; + Win32GraphicsProtection as u64 + }); + __bindgen_bitfield_unit.set(36usize, 28u8, { + let ReservedUlong: u64 = unsafe { ::core::mem::transmute(ReservedUlong) }; + ReservedUlong as u64 + }); + __bindgen_bitfield_unit + } +} +#[repr(C)] +#[repr(align(8))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_WORKING_SET_EX_BLOCK__bindgen_ty_1__bindgen_ty_2 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl _MEMORY_WORKING_SET_EX_BLOCK__bindgen_ty_1__bindgen_ty_2 { + #[inline] + pub fn Valid(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u64) } + } + #[inline] + pub fn set_Valid(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved0(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 14u8) as u64) } + } + #[inline] + pub fn set_Reserved0(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 14u8, val as u64) + } + } + #[inline] + pub fn Shared(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(15usize, 1u8) as u64) } + } + #[inline] + pub fn set_Shared(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(15usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved1(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 5u8) as u64) } + } + #[inline] + pub fn set_Reserved1(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 5u8, val as u64) + } + } + #[inline] + pub fn PageTable(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(21usize, 1u8) as u64) } + } + #[inline] + pub fn set_PageTable(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(21usize, 1u8, val as u64) + } + } + #[inline] + pub fn Location(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(22usize, 2u8) as u64) } + } + #[inline] + pub fn set_Location(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(22usize, 2u8, val as u64) + } + } + #[inline] + pub fn Priority(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(24usize, 3u8) as u64) } + } + #[inline] + pub fn set_Priority(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(24usize, 3u8, val as u64) + } + } + #[inline] + pub fn ModifiedList(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(27usize, 1u8) as u64) } + } + #[inline] + pub fn set_ModifiedList(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(27usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved2(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(28usize, 2u8) as u64) } + } + #[inline] + pub fn set_Reserved2(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(28usize, 2u8, val as u64) + } + } + #[inline] + pub fn SharedOriginal(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(30usize, 1u8) as u64) } + } + #[inline] + pub fn set_SharedOriginal(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(30usize, 1u8, val as u64) + } + } + #[inline] + pub fn Bad(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(31usize, 1u8) as u64) } + } + #[inline] + pub fn set_Bad(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(31usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedUlong(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(32usize, 32u8) as u64) } + } + #[inline] + pub fn set_ReservedUlong(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(32usize, 32u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Valid: ULONG_PTR, + Reserved0: ULONG_PTR, + Shared: ULONG_PTR, + Reserved1: ULONG_PTR, + PageTable: ULONG_PTR, + Location: ULONG_PTR, + Priority: ULONG_PTR, + ModifiedList: ULONG_PTR, + Reserved2: ULONG_PTR, + SharedOriginal: ULONG_PTR, + Bad: ULONG_PTR, + ReservedUlong: ULONG_PTR, + ) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let Valid: u64 = unsafe { ::core::mem::transmute(Valid) }; + Valid as u64 + }); + __bindgen_bitfield_unit.set(1usize, 14u8, { + let Reserved0: u64 = unsafe { ::core::mem::transmute(Reserved0) }; + Reserved0 as u64 + }); + __bindgen_bitfield_unit.set(15usize, 1u8, { + let Shared: u64 = unsafe { ::core::mem::transmute(Shared) }; + Shared as u64 + }); + __bindgen_bitfield_unit.set(16usize, 5u8, { + let Reserved1: u64 = unsafe { ::core::mem::transmute(Reserved1) }; + Reserved1 as u64 + }); + __bindgen_bitfield_unit.set(21usize, 1u8, { + let PageTable: u64 = unsafe { ::core::mem::transmute(PageTable) }; + PageTable as u64 + }); + __bindgen_bitfield_unit.set(22usize, 2u8, { + let Location: u64 = unsafe { ::core::mem::transmute(Location) }; + Location as u64 + }); + __bindgen_bitfield_unit.set(24usize, 3u8, { + let Priority: u64 = unsafe { ::core::mem::transmute(Priority) }; + Priority as u64 + }); + __bindgen_bitfield_unit.set(27usize, 1u8, { + let ModifiedList: u64 = unsafe { ::core::mem::transmute(ModifiedList) }; + ModifiedList as u64 + }); + __bindgen_bitfield_unit.set(28usize, 2u8, { + let Reserved2: u64 = unsafe { ::core::mem::transmute(Reserved2) }; + Reserved2 as u64 + }); + __bindgen_bitfield_unit.set(30usize, 1u8, { + let SharedOriginal: u64 = unsafe { ::core::mem::transmute(SharedOriginal) }; + SharedOriginal as u64 + }); + __bindgen_bitfield_unit.set(31usize, 1u8, { + let Bad: u64 = unsafe { ::core::mem::transmute(Bad) }; + Bad as u64 + }); + __bindgen_bitfield_unit.set(32usize, 32u8, { + let ReservedUlong: u64 = unsafe { ::core::mem::transmute(ReservedUlong) }; + ReservedUlong as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _MEMORY_WORKING_SET_EX_BLOCK__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _MEMORY_WORKING_SET_EX_BLOCK { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_WORKING_SET_EX_BLOCK = _MEMORY_WORKING_SET_EX_BLOCK; +pub type PMEMORY_WORKING_SET_EX_BLOCK = *mut _MEMORY_WORKING_SET_EX_BLOCK; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _MEMORY_WORKING_SET_EX_INFORMATION { + pub VirtualAddress: PVOID, + pub u1: _MEMORY_WORKING_SET_EX_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _MEMORY_WORKING_SET_EX_INFORMATION__bindgen_ty_1 { + pub VirtualAttributes: MEMORY_WORKING_SET_EX_BLOCK, + pub Long: ULONG_PTR, +} +impl Default for _MEMORY_WORKING_SET_EX_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _MEMORY_WORKING_SET_EX_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_WORKING_SET_EX_INFORMATION = _MEMORY_WORKING_SET_EX_INFORMATION; +pub type PMEMORY_WORKING_SET_EX_INFORMATION = *mut _MEMORY_WORKING_SET_EX_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_SHARED_COMMIT_INFORMATION { + pub CommitSize: SIZE_T, +} +pub type MEMORY_SHARED_COMMIT_INFORMATION = _MEMORY_SHARED_COMMIT_INFORMATION; +pub type PMEMORY_SHARED_COMMIT_INFORMATION = *mut _MEMORY_SHARED_COMMIT_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _MEMORY_IMAGE_INFORMATION { + pub ImageBase: PVOID, + pub SizeOfImage: SIZE_T, + pub __bindgen_anon_1: _MEMORY_IMAGE_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _MEMORY_IMAGE_INFORMATION__bindgen_ty_1 { + pub ImageFlags: ULONG, + pub __bindgen_anon_1: _MEMORY_IMAGE_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_IMAGE_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _MEMORY_IMAGE_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn ImagePartialMap(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_ImagePartialMap(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ImageNotExecutable(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_ImageNotExecutable(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ImageSigningLevel(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 4u8) as u32) } + } + #[inline] + pub fn set_ImageSigningLevel(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 4u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 26u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 26u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ImagePartialMap: ULONG, + ImageNotExecutable: ULONG, + ImageSigningLevel: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ImagePartialMap: u32 = unsafe { ::core::mem::transmute(ImagePartialMap) }; + ImagePartialMap as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let ImageNotExecutable: u32 = unsafe { ::core::mem::transmute(ImageNotExecutable) }; + ImageNotExecutable as u64 + }); + __bindgen_bitfield_unit.set(2usize, 4u8, { + let ImageSigningLevel: u32 = unsafe { ::core::mem::transmute(ImageSigningLevel) }; + ImageSigningLevel as u64 + }); + __bindgen_bitfield_unit.set(6usize, 26u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _MEMORY_IMAGE_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _MEMORY_IMAGE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_IMAGE_INFORMATION = _MEMORY_IMAGE_INFORMATION; +pub type PMEMORY_IMAGE_INFORMATION = *mut _MEMORY_IMAGE_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _MEMORY_ENCLAVE_IMAGE_INFORMATION { + pub ImageInfo: MEMORY_IMAGE_INFORMATION, + pub UniqueID: [UCHAR; 32usize], + pub AuthorID: [UCHAR; 32usize], +} +impl Default for _MEMORY_ENCLAVE_IMAGE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_ENCLAVE_IMAGE_INFORMATION = _MEMORY_ENCLAVE_IMAGE_INFORMATION; +pub type PMEMORY_ENCLAVE_IMAGE_INFORMATION = *mut _MEMORY_ENCLAVE_IMAGE_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _MEMORY_PHYSICAL_CONTIGUITY_UNIT_STATE { + MemoryNotContiguous = 0, + MemoryAlignedAndContiguous = 1, + MemoryNotResident = 2, + MemoryNotEligibleToMakeContiguous = 3, + MemoryContiguityStateMax = 4, +} +pub use self::_MEMORY_PHYSICAL_CONTIGUITY_UNIT_STATE as MEMORY_PHYSICAL_CONTIGUITY_UNIT_STATE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION { + pub __bindgen_anon_1: _MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION__bindgen_ty_1 { + pub __bindgen_anon_1: _MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION__bindgen_ty_1__bindgen_ty_1, + pub AllInformation: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn State(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 2u8) as u32) } + } + #[inline] + pub fn set_State(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 2u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 30u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 30u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(State: ULONG, Reserved: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 2u8, { + let State: u32 = unsafe { ::core::mem::transmute(State) }; + State as u64 + }); + __bindgen_bitfield_unit.set(2usize, 30u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION = _MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION; +pub type PMEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION = + *mut _MEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _MEMORY_PHYSICAL_CONTIGUITY_INFORMATION { + pub VirtualAddress: PVOID, + pub Size: ULONG_PTR, + pub ContiguityUnitSize: ULONG_PTR, + pub Flags: ULONG, + pub ContiguityUnitInformation: PMEMORY_PHYSICAL_CONTIGUITY_UNIT_INFORMATION, +} +impl Default for _MEMORY_PHYSICAL_CONTIGUITY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_PHYSICAL_CONTIGUITY_INFORMATION = _MEMORY_PHYSICAL_CONTIGUITY_INFORMATION; +pub type PMEMORY_PHYSICAL_CONTIGUITY_INFORMATION = *mut _MEMORY_PHYSICAL_CONTIGUITY_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_FRAME_INFORMATION { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl _MEMORY_FRAME_INFORMATION { + #[inline] + pub fn UseDescription(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 4u8) as u64) } + } + #[inline] + pub fn set_UseDescription(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 4u8, val as u64) + } + } + #[inline] + pub fn ListDescription(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 3u8) as u64) } + } + #[inline] + pub fn set_ListDescription(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 3u8, val as u64) + } + } + #[inline] + pub fn Cold(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u64) } + } + #[inline] + pub fn set_Cold(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn Pinned(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u64) } + } + #[inline] + pub fn set_Pinned(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn DontUse(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 48u8) as u64) } + } + #[inline] + pub fn set_DontUse(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 48u8, val as u64) + } + } + #[inline] + pub fn Priority(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(57usize, 3u8) as u64) } + } + #[inline] + pub fn set_Priority(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(57usize, 3u8, val as u64) + } + } + #[inline] + pub fn NonTradeable(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(60usize, 1u8) as u64) } + } + #[inline] + pub fn set_NonTradeable(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(60usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(61usize, 3u8) as u64) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(61usize, 3u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + UseDescription: ULONGLONG, + ListDescription: ULONGLONG, + Cold: ULONGLONG, + Pinned: ULONGLONG, + DontUse: ULONGLONG, + Priority: ULONGLONG, + NonTradeable: ULONGLONG, + Reserved: ULONGLONG, + ) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 4u8, { + let UseDescription: u64 = unsafe { ::core::mem::transmute(UseDescription) }; + UseDescription as u64 + }); + __bindgen_bitfield_unit.set(4usize, 3u8, { + let ListDescription: u64 = unsafe { ::core::mem::transmute(ListDescription) }; + ListDescription as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let Cold: u64 = unsafe { ::core::mem::transmute(Cold) }; + Cold as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let Pinned: u64 = unsafe { ::core::mem::transmute(Pinned) }; + Pinned as u64 + }); + __bindgen_bitfield_unit.set(9usize, 48u8, { + let DontUse: u64 = unsafe { ::core::mem::transmute(DontUse) }; + DontUse as u64 + }); + __bindgen_bitfield_unit.set(57usize, 3u8, { + let Priority: u64 = unsafe { ::core::mem::transmute(Priority) }; + Priority as u64 + }); + __bindgen_bitfield_unit.set(60usize, 1u8, { + let NonTradeable: u64 = unsafe { ::core::mem::transmute(NonTradeable) }; + NonTradeable as u64 + }); + __bindgen_bitfield_unit.set(61usize, 3u8, { + let Reserved: u64 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +pub type MEMORY_FRAME_INFORMATION = _MEMORY_FRAME_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILEOFFSET_INFORMATION { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl _FILEOFFSET_INFORMATION { + #[inline] + pub fn DontUse(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 9u8) as u64) } + } + #[inline] + pub fn set_DontUse(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 9u8, val as u64) + } + } + #[inline] + pub fn Offset(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 48u8) as u64) } + } + #[inline] + pub fn set_Offset(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 48u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(57usize, 7u8) as u64) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(57usize, 7u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + DontUse: ULONGLONG, + Offset: ULONGLONG, + Reserved: ULONGLONG, + ) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 9u8, { + let DontUse: u64 = unsafe { ::core::mem::transmute(DontUse) }; + DontUse as u64 + }); + __bindgen_bitfield_unit.set(9usize, 48u8, { + let Offset: u64 = unsafe { ::core::mem::transmute(Offset) }; + Offset as u64 + }); + __bindgen_bitfield_unit.set(57usize, 7u8, { + let Reserved: u64 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +pub type FILEOFFSET_INFORMATION = _FILEOFFSET_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PAGEDIR_INFORMATION { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl _PAGEDIR_INFORMATION { + #[inline] + pub fn DontUse(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 9u8) as u64) } + } + #[inline] + pub fn set_DontUse(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 9u8, val as u64) + } + } + #[inline] + pub fn PageDirectoryBase(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 48u8) as u64) } + } + #[inline] + pub fn set_PageDirectoryBase(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 48u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(57usize, 7u8) as u64) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(57usize, 7u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + DontUse: ULONGLONG, + PageDirectoryBase: ULONGLONG, + Reserved: ULONGLONG, + ) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 9u8, { + let DontUse: u64 = unsafe { ::core::mem::transmute(DontUse) }; + DontUse as u64 + }); + __bindgen_bitfield_unit.set(9usize, 48u8, { + let PageDirectoryBase: u64 = unsafe { ::core::mem::transmute(PageDirectoryBase) }; + PageDirectoryBase as u64 + }); + __bindgen_bitfield_unit.set(57usize, 7u8, { + let Reserved: u64 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +pub type PAGEDIR_INFORMATION = _PAGEDIR_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _UNIQUE_PROCESS_INFORMATION { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl _UNIQUE_PROCESS_INFORMATION { + #[inline] + pub fn DontUse(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 9u8) as u64) } + } + #[inline] + pub fn set_DontUse(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 9u8, val as u64) + } + } + #[inline] + pub fn UniqueProcessKey(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 48u8) as u64) } + } + #[inline] + pub fn set_UniqueProcessKey(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 48u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(57usize, 7u8) as u64) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(57usize, 7u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + DontUse: ULONGLONG, + UniqueProcessKey: ULONGLONG, + Reserved: ULONGLONG, + ) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 9u8, { + let DontUse: u64 = unsafe { ::core::mem::transmute(DontUse) }; + DontUse as u64 + }); + __bindgen_bitfield_unit.set(9usize, 48u8, { + let UniqueProcessKey: u64 = unsafe { ::core::mem::transmute(UniqueProcessKey) }; + UniqueProcessKey as u64 + }); + __bindgen_bitfield_unit.set(57usize, 7u8, { + let Reserved: u64 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +pub type UNIQUE_PROCESS_INFORMATION = _UNIQUE_PROCESS_INFORMATION; +pub type PUNIQUE_PROCESS_INFORMATION = *mut _UNIQUE_PROCESS_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _MMPFN_IDENTITY { + pub u1: _MMPFN_IDENTITY__bindgen_ty_1, + pub PageFrameIndex: ULONG_PTR, + pub u2: _MMPFN_IDENTITY__bindgen_ty_2, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _MMPFN_IDENTITY__bindgen_ty_1 { + pub e1: MEMORY_FRAME_INFORMATION, + pub e2: FILEOFFSET_INFORMATION, + pub e3: PAGEDIR_INFORMATION, + pub e4: UNIQUE_PROCESS_INFORMATION, +} +impl Default for _MMPFN_IDENTITY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _MMPFN_IDENTITY__bindgen_ty_2 { + pub e1: _MMPFN_IDENTITY__bindgen_ty_2__bindgen_ty_1, + pub e2: _MMPFN_IDENTITY__bindgen_ty_2__bindgen_ty_2, + pub FileObject: ULONG_PTR, + pub UniqueFileObjectKey: ULONG_PTR, + pub ProtoPteAddress: ULONG_PTR, + pub VirtualAddress: ULONG_PTR, +} +#[repr(C)] +#[repr(align(8))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MMPFN_IDENTITY__bindgen_ty_2__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, + pub __bindgen_padding_0: [u8; 7usize], +} +impl _MMPFN_IDENTITY__bindgen_ty_2__bindgen_ty_1 { + #[inline] + pub fn Image(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u64) } + } + #[inline] + pub fn set_Image(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Mismatch(&self) -> ULONG_PTR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u64) } + } + #[inline] + pub fn set_Mismatch(&mut self, val: ULONG_PTR) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Image: ULONG_PTR, + Mismatch: ULONG_PTR, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let Image: u64 = unsafe { ::core::mem::transmute(Image) }; + Image as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let Mismatch: u64 = unsafe { ::core::mem::transmute(Mismatch) }; + Mismatch as u64 + }); + __bindgen_bitfield_unit + } +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MMPFN_IDENTITY__bindgen_ty_2__bindgen_ty_2 { + pub CombinedPage: ULONG_PTR, +} +impl Default for _MMPFN_IDENTITY__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _MMPFN_IDENTITY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MMPFN_IDENTITY = _MMPFN_IDENTITY; +pub type PMMPFN_IDENTITY = *mut _MMPFN_IDENTITY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MMPFN_MEMSNAP_INFORMATION { + pub InitialPageFrameIndex: ULONG_PTR, + pub Count: ULONG_PTR, +} +pub type MMPFN_MEMSNAP_INFORMATION = _MMPFN_MEMSNAP_INFORMATION; +pub type PMMPFN_MEMSNAP_INFORMATION = *mut _MMPFN_MEMSNAP_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SECTION_INFORMATION_CLASS { + SectionBasicInformation = 0, + SectionImageInformation = 1, + SectionRelocationInformation = 2, + SectionOriginalBaseInformation = 3, + SectionInternalImageInformation = 4, + MaxSectionInfoClass = 5, +} +pub use self::_SECTION_INFORMATION_CLASS as SECTION_INFORMATION_CLASS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SECTION_BASIC_INFORMATION { + pub BaseAddress: PVOID, + pub AllocationAttributes: ULONG, + pub MaximumSize: LARGE_INTEGER, +} +impl Default for _SECTION_BASIC_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SECTION_BASIC_INFORMATION = _SECTION_BASIC_INFORMATION; +pub type PSECTION_BASIC_INFORMATION = *mut _SECTION_BASIC_INFORMATION; +#[repr(C)] +pub struct _SECTION_IMAGE_INFORMATION { + pub TransferAddress: PVOID, + pub ZeroBits: ULONG, + pub MaximumStackSize: SIZE_T, + pub CommittedStackSize: SIZE_T, + pub SubSystemType: ULONG, + pub __bindgen_anon_1: _SECTION_IMAGE_INFORMATION__bindgen_ty_1, + pub __bindgen_anon_2: _SECTION_IMAGE_INFORMATION__bindgen_ty_2, + pub ImageCharacteristics: USHORT, + pub DllCharacteristics: USHORT, + pub Machine: USHORT, + pub ImageContainsCode: BOOLEAN, + pub __bindgen_anon_3: _SECTION_IMAGE_INFORMATION__bindgen_ty_3, + pub LoaderFlags: ULONG, + pub ImageFileSize: ULONG, + pub CheckSum: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SECTION_IMAGE_INFORMATION__bindgen_ty_1 { + pub __bindgen_anon_1: _SECTION_IMAGE_INFORMATION__bindgen_ty_1__bindgen_ty_1, + pub SubSystemVersion: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SECTION_IMAGE_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub SubSystemMinorVersion: USHORT, + pub SubSystemMajorVersion: USHORT, +} +impl Default for _SECTION_IMAGE_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SECTION_IMAGE_INFORMATION__bindgen_ty_2 { + pub __bindgen_anon_1: _SECTION_IMAGE_INFORMATION__bindgen_ty_2__bindgen_ty_1, + pub OperatingSystemVersion: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SECTION_IMAGE_INFORMATION__bindgen_ty_2__bindgen_ty_1 { + pub MajorOperatingSystemVersion: USHORT, + pub MinorOperatingSystemVersion: USHORT, +} +impl Default for _SECTION_IMAGE_INFORMATION__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SECTION_IMAGE_INFORMATION__bindgen_ty_3 { + pub ImageFlags: UCHAR, + pub __bindgen_anon_1: _SECTION_IMAGE_INFORMATION__bindgen_ty_3__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SECTION_IMAGE_INFORMATION__bindgen_ty_3__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, +} +impl _SECTION_IMAGE_INFORMATION__bindgen_ty_3__bindgen_ty_1 { + #[inline] + pub fn ComPlusNativeReady(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } + } + #[inline] + pub fn set_ComPlusNativeReady(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ComPlusILOnly(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u8) } + } + #[inline] + pub fn set_ComPlusILOnly(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ImageDynamicallyRelocated(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u8) } + } + #[inline] + pub fn set_ImageDynamicallyRelocated(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn ImageMappedFlat(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u8) } + } + #[inline] + pub fn set_ImageMappedFlat(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn BaseBelow4gb(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u8) } + } + #[inline] + pub fn set_BaseBelow4gb(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn ComPlusPrefer32bit(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u8) } + } + #[inline] + pub fn set_ComPlusPrefer32bit(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 2u8) as u8) } + } + #[inline] + pub fn set_Reserved(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 2u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ComPlusNativeReady: UCHAR, + ComPlusILOnly: UCHAR, + ImageDynamicallyRelocated: UCHAR, + ImageMappedFlat: UCHAR, + BaseBelow4gb: UCHAR, + ComPlusPrefer32bit: UCHAR, + Reserved: UCHAR, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ComPlusNativeReady: u8 = unsafe { ::core::mem::transmute(ComPlusNativeReady) }; + ComPlusNativeReady as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let ComPlusILOnly: u8 = unsafe { ::core::mem::transmute(ComPlusILOnly) }; + ComPlusILOnly as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let ImageDynamicallyRelocated: u8 = + unsafe { ::core::mem::transmute(ImageDynamicallyRelocated) }; + ImageDynamicallyRelocated as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let ImageMappedFlat: u8 = unsafe { ::core::mem::transmute(ImageMappedFlat) }; + ImageMappedFlat as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let BaseBelow4gb: u8 = unsafe { ::core::mem::transmute(BaseBelow4gb) }; + BaseBelow4gb as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let ComPlusPrefer32bit: u8 = unsafe { ::core::mem::transmute(ComPlusPrefer32bit) }; + ComPlusPrefer32bit as u64 + }); + __bindgen_bitfield_unit.set(6usize, 2u8, { + let Reserved: u8 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SECTION_IMAGE_INFORMATION__bindgen_ty_3 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SECTION_IMAGE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SECTION_IMAGE_INFORMATION = _SECTION_IMAGE_INFORMATION; +pub type PSECTION_IMAGE_INFORMATION = *mut _SECTION_IMAGE_INFORMATION; +#[repr(C)] +pub struct _SECTION_INTERNAL_IMAGE_INFORMATION { + pub SectionInformation: SECTION_IMAGE_INFORMATION, + pub __bindgen_anon_1: _SECTION_INTERNAL_IMAGE_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SECTION_INTERNAL_IMAGE_INFORMATION__bindgen_ty_1 { + pub ExtendedFlags: ULONG, + pub __bindgen_anon_1: _SECTION_INTERNAL_IMAGE_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SECTION_INTERNAL_IMAGE_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SECTION_INTERNAL_IMAGE_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn ImageExportSuppressionEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_ImageExportSuppressionEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ImageCetShadowStacksReady(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_ImageCetShadowStacksReady(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ImageXfgEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_ImageXfgEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn ImageCetShadowStacksStrictMode(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_ImageCetShadowStacksStrictMode(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn ImageCetSetContextIpValidationRelaxedMode(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_ImageCetSetContextIpValidationRelaxedMode(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn ImageCetDynamicApisAllowInProc(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_ImageCetDynamicApisAllowInProc(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn ImageCetDowngradeReserved1(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_ImageCetDowngradeReserved1(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn ImageCetDowngradeReserved2(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u32) } + } + #[inline] + pub fn set_ImageCetDowngradeReserved2(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 24u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 24u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ImageExportSuppressionEnabled: ULONG, + ImageCetShadowStacksReady: ULONG, + ImageXfgEnabled: ULONG, + ImageCetShadowStacksStrictMode: ULONG, + ImageCetSetContextIpValidationRelaxedMode: ULONG, + ImageCetDynamicApisAllowInProc: ULONG, + ImageCetDowngradeReserved1: ULONG, + ImageCetDowngradeReserved2: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ImageExportSuppressionEnabled: u32 = + unsafe { ::core::mem::transmute(ImageExportSuppressionEnabled) }; + ImageExportSuppressionEnabled as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let ImageCetShadowStacksReady: u32 = + unsafe { ::core::mem::transmute(ImageCetShadowStacksReady) }; + ImageCetShadowStacksReady as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let ImageXfgEnabled: u32 = unsafe { ::core::mem::transmute(ImageXfgEnabled) }; + ImageXfgEnabled as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let ImageCetShadowStacksStrictMode: u32 = + unsafe { ::core::mem::transmute(ImageCetShadowStacksStrictMode) }; + ImageCetShadowStacksStrictMode as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let ImageCetSetContextIpValidationRelaxedMode: u32 = + unsafe { ::core::mem::transmute(ImageCetSetContextIpValidationRelaxedMode) }; + ImageCetSetContextIpValidationRelaxedMode as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let ImageCetDynamicApisAllowInProc: u32 = + unsafe { ::core::mem::transmute(ImageCetDynamicApisAllowInProc) }; + ImageCetDynamicApisAllowInProc as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let ImageCetDowngradeReserved1: u32 = + unsafe { ::core::mem::transmute(ImageCetDowngradeReserved1) }; + ImageCetDowngradeReserved1 as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let ImageCetDowngradeReserved2: u32 = + unsafe { ::core::mem::transmute(ImageCetDowngradeReserved2) }; + ImageCetDowngradeReserved2 as u64 + }); + __bindgen_bitfield_unit.set(8usize, 24u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SECTION_INTERNAL_IMAGE_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SECTION_INTERNAL_IMAGE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SECTION_INTERNAL_IMAGE_INFORMATION = _SECTION_INTERNAL_IMAGE_INFORMATION; +pub type PSECTION_INTERNAL_IMAGE_INFORMATION = *mut _SECTION_INTERNAL_IMAGE_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SECTION_INHERIT { + ViewShare = 1, + ViewUnmap = 2, +} +pub use self::_SECTION_INHERIT as SECTION_INHERIT; +pub type PIO_STATUS_BLOCK = *mut _IO_STATUS_BLOCK; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _VIRTUAL_MEMORY_INFORMATION_CLASS { + VmPrefetchInformation = 0, + VmPagePriorityInformation = 1, + VmCfgCallTargetInformation = 2, + VmPageDirtyStateInformation = 3, + VmImageHotPatchInformation = 4, + VmPhysicalContiguityInformation = 5, + VmVirtualMachinePrepopulateInformation = 6, + VmRemoveFromWorkingSetInformation = 7, + MaxVmInfoClass = 8, +} +pub use self::_VIRTUAL_MEMORY_INFORMATION_CLASS as VIRTUAL_MEMORY_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _MEMORY_RANGE_ENTRY { + pub VirtualAddress: PVOID, + pub NumberOfBytes: SIZE_T, +} +impl Default for _MEMORY_RANGE_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_RANGE_ENTRY = _MEMORY_RANGE_ENTRY; +pub type PMEMORY_RANGE_ENTRY = *mut _MEMORY_RANGE_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _CFG_CALL_TARGET_LIST_INFORMATION { + pub NumberOfEntries: ULONG, + pub Reserved: ULONG, + pub NumberOfEntriesProcessed: PULONG, + pub CallTargetInfo: PCFG_CALL_TARGET_INFO, + pub Section: PVOID, + pub FileOffset: ULONGLONG, +} +impl Default for _CFG_CALL_TARGET_LIST_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CFG_CALL_TARGET_LIST_INFORMATION = _CFG_CALL_TARGET_LIST_INFORMATION; +pub type PCFG_CALL_TARGET_LIST_INFORMATION = *mut _CFG_CALL_TARGET_LIST_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PARTITION_INFORMATION_CLASS { + SystemMemoryPartitionInformation = 0, + SystemMemoryPartitionMoveMemory = 1, + SystemMemoryPartitionAddPagefile = 2, + SystemMemoryPartitionCombineMemory = 3, + SystemMemoryPartitionInitialAddMemory = 4, + SystemMemoryPartitionGetMemoryEvents = 5, + SystemMemoryPartitionSetAttributes = 6, + SystemMemoryPartitionNodeInformation = 7, + SystemMemoryPartitionCreateLargePages = 8, + SystemMemoryPartitionDedicatedMemoryInformation = 9, + SystemMemoryPartitionOpenDedicatedMemory = 10, + SystemMemoryPartitionMemoryChargeAttributes = 11, + SystemMemoryPartitionClearAttributes = 12, + SystemMemoryPartitionSetMemoryThresholds = 13, + SystemMemoryPartitionMax = 14, +} +pub use self::_PARTITION_INFORMATION_CLASS as PARTITION_INFORMATION_CLASS; +pub type PPARTITION_INFORMATION_CLASS = *mut _PARTITION_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_PARTITION_CONFIGURATION_INFORMATION { + pub Flags: ULONG, + pub NumaNode: ULONG, + pub Channel: ULONG, + pub NumberOfNumaNodes: ULONG, + pub ResidentAvailablePages: ULONG_PTR, + pub CommittedPages: ULONG_PTR, + pub CommitLimit: ULONG_PTR, + pub PeakCommitment: ULONG_PTR, + pub TotalNumberOfPages: ULONG_PTR, + pub AvailablePages: ULONG_PTR, + pub ZeroPages: ULONG_PTR, + pub FreePages: ULONG_PTR, + pub StandbyPages: ULONG_PTR, + pub StandbyPageCountByPriority: [ULONG_PTR; 8usize], + pub RepurposedPagesByPriority: [ULONG_PTR; 8usize], + pub MaximumCommitLimit: ULONG_PTR, + pub Reserved: ULONG_PTR, + pub PartitionId: ULONG, +} +pub type MEMORY_PARTITION_CONFIGURATION_INFORMATION = _MEMORY_PARTITION_CONFIGURATION_INFORMATION; +pub type PMEMORY_PARTITION_CONFIGURATION_INFORMATION = + *mut _MEMORY_PARTITION_CONFIGURATION_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_PARTITION_TRANSFER_INFORMATION { + pub NumberOfPages: ULONG_PTR, + pub NumaNode: ULONG, + pub Flags: ULONG, +} +pub type MEMORY_PARTITION_TRANSFER_INFORMATION = _MEMORY_PARTITION_TRANSFER_INFORMATION; +pub type PMEMORY_PARTITION_TRANSFER_INFORMATION = *mut _MEMORY_PARTITION_TRANSFER_INFORMATION; +#[repr(C)] +pub struct _MEMORY_PARTITION_PAGEFILE_INFORMATION { + pub PageFileName: UNICODE_STRING, + pub MinimumSize: LARGE_INTEGER, + pub MaximumSize: LARGE_INTEGER, + pub Flags: ULONG, +} +impl Default for _MEMORY_PARTITION_PAGEFILE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_PARTITION_PAGEFILE_INFORMATION = _MEMORY_PARTITION_PAGEFILE_INFORMATION; +pub type PMEMORY_PARTITION_PAGEFILE_INFORMATION = *mut _MEMORY_PARTITION_PAGEFILE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _MEMORY_PARTITION_PAGE_COMBINE_INFORMATION { + pub StopHandle: HANDLE, + pub Flags: ULONG, + pub TotalNumberOfPages: ULONG_PTR, +} +impl Default for _MEMORY_PARTITION_PAGE_COMBINE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_PARTITION_PAGE_COMBINE_INFORMATION = _MEMORY_PARTITION_PAGE_COMBINE_INFORMATION; +pub type PMEMORY_PARTITION_PAGE_COMBINE_INFORMATION = + *mut _MEMORY_PARTITION_PAGE_COMBINE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_PARTITION_PAGE_RANGE { + pub StartPage: ULONG_PTR, + pub NumberOfPages: ULONG_PTR, +} +pub type MEMORY_PARTITION_PAGE_RANGE = _MEMORY_PARTITION_PAGE_RANGE; +pub type PMEMORY_PARTITION_PAGE_RANGE = *mut _MEMORY_PARTITION_PAGE_RANGE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_PARTITION_INITIAL_ADD_INFORMATION { + pub Flags: ULONG, + pub NumberOfRanges: ULONG, + pub NumberOfPagesAdded: ULONG_PTR, + pub PartitionRanges: [MEMORY_PARTITION_PAGE_RANGE; 1usize], +} +pub type MEMORY_PARTITION_INITIAL_ADD_INFORMATION = _MEMORY_PARTITION_INITIAL_ADD_INFORMATION; +pub type PMEMORY_PARTITION_INITIAL_ADD_INFORMATION = *mut _MEMORY_PARTITION_INITIAL_ADD_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION { + pub Flags: _MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION__bindgen_ty_1, + pub HandleAttributes: ULONG, + pub DesiredAccess: ULONG, + pub LowCommitCondition: HANDLE, + pub HighCommitCondition: HANDLE, + pub MaximumCommitCondition: HANDLE, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION__bindgen_ty_1 { + pub __bindgen_anon_1: _MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION__bindgen_ty_1__bindgen_ty_1, + pub AllFlags: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn CommitEvents(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_CommitEvents(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(CommitEvents: ULONG, Spare: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let CommitEvents: u32 = unsafe { ::core::mem::transmute(CommitEvents) }; + CommitEvents as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION = _MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION; +pub type PMEMORY_PARTITION_MEMORY_EVENTS_INFORMATION = + *mut _MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _OBJECT_INFORMATION_CLASS { + ObjectBasicInformation = 0, + ObjectNameInformation = 1, + ObjectTypeInformation = 2, + ObjectTypesInformation = 3, + ObjectHandleFlagInformation = 4, + ObjectSessionInformation = 5, + ObjectSessionObjectInformation = 6, + MaxObjectInfoClass = 7, +} +pub use self::_OBJECT_INFORMATION_CLASS as OBJECT_INFORMATION_CLASS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _OBJECT_BASIC_INFORMATION { + pub Attributes: ULONG, + pub GrantedAccess: ACCESS_MASK, + pub HandleCount: ULONG, + pub PointerCount: ULONG, + pub PagedPoolCharge: ULONG, + pub NonPagedPoolCharge: ULONG, + pub Reserved: [ULONG; 3usize], + pub NameInfoSize: ULONG, + pub TypeInfoSize: ULONG, + pub SecurityDescriptorSize: ULONG, + pub CreationTime: LARGE_INTEGER, +} +impl Default for _OBJECT_BASIC_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type OBJECT_BASIC_INFORMATION = _OBJECT_BASIC_INFORMATION; +pub type POBJECT_BASIC_INFORMATION = *mut _OBJECT_BASIC_INFORMATION; +#[repr(C)] +pub struct _OBJECT_NAME_INFORMATION { + pub Name: UNICODE_STRING, +} +impl Default for _OBJECT_NAME_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type OBJECT_NAME_INFORMATION = _OBJECT_NAME_INFORMATION; +pub type POBJECT_NAME_INFORMATION = *mut _OBJECT_NAME_INFORMATION; +#[repr(C)] +pub struct _OBJECT_TYPE_INFORMATION { + pub TypeName: UNICODE_STRING, + pub TotalNumberOfObjects: ULONG, + pub TotalNumberOfHandles: ULONG, + pub TotalPagedPoolUsage: ULONG, + pub TotalNonPagedPoolUsage: ULONG, + pub TotalNamePoolUsage: ULONG, + pub TotalHandleTableUsage: ULONG, + pub HighWaterNumberOfObjects: ULONG, + pub HighWaterNumberOfHandles: ULONG, + pub HighWaterPagedPoolUsage: ULONG, + pub HighWaterNonPagedPoolUsage: ULONG, + pub HighWaterNamePoolUsage: ULONG, + pub HighWaterHandleTableUsage: ULONG, + pub InvalidAttributes: ULONG, + pub GenericMapping: GENERIC_MAPPING, + pub ValidAccessMask: ULONG, + pub SecurityRequired: BOOLEAN, + pub MaintainHandleCount: BOOLEAN, + pub TypeIndex: UCHAR, + pub ReservedByte: CHAR, + pub PoolType: ULONG, + pub DefaultPagedPoolCharge: ULONG, + pub DefaultNonPagedPoolCharge: ULONG, +} +impl Default for _OBJECT_TYPE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type OBJECT_TYPE_INFORMATION = _OBJECT_TYPE_INFORMATION; +pub type POBJECT_TYPE_INFORMATION = *mut _OBJECT_TYPE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _OBJECT_TYPES_INFORMATION { + pub NumberOfTypes: ULONG, +} +pub type OBJECT_TYPES_INFORMATION = _OBJECT_TYPES_INFORMATION; +pub type POBJECT_TYPES_INFORMATION = *mut _OBJECT_TYPES_INFORMATION; +#[repr(C)] +pub struct _OBJECT_HANDLE_FLAG_INFORMATION { + pub Inherit: BOOLEAN, + pub ProtectFromClose: BOOLEAN, +} +impl Default for _OBJECT_HANDLE_FLAG_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type OBJECT_HANDLE_FLAG_INFORMATION = _OBJECT_HANDLE_FLAG_INFORMATION; +pub type POBJECT_HANDLE_FLAG_INFORMATION = *mut _OBJECT_HANDLE_FLAG_INFORMATION; +#[repr(C)] +pub struct _OBJECT_DIRECTORY_INFORMATION { + pub Name: UNICODE_STRING, + pub TypeName: UNICODE_STRING, +} +impl Default for _OBJECT_DIRECTORY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type OBJECT_DIRECTORY_INFORMATION = _OBJECT_DIRECTORY_INFORMATION; +pub type POBJECT_DIRECTORY_INFORMATION = *mut _OBJECT_DIRECTORY_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BOUNDARY_ENTRY_TYPE { + OBNS_Invalid = 0, + OBNS_Name = 1, + OBNS_SID = 2, + OBNS_IL = 3, +} +pub use self::_BOUNDARY_ENTRY_TYPE as BOUNDARY_ENTRY_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _OBJECT_BOUNDARY_ENTRY { + pub EntryType: BOUNDARY_ENTRY_TYPE, + pub EntrySize: ULONG, +} +impl Default for _OBJECT_BOUNDARY_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type OBJECT_BOUNDARY_ENTRY = _OBJECT_BOUNDARY_ENTRY; +pub type POBJECT_BOUNDARY_ENTRY = *mut _OBJECT_BOUNDARY_ENTRY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _OBJECT_BOUNDARY_DESCRIPTOR { + pub Version: ULONG, + pub Items: ULONG, + pub TotalSize: ULONG, + pub __bindgen_anon_1: _OBJECT_BOUNDARY_DESCRIPTOR__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _OBJECT_BOUNDARY_DESCRIPTOR__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _OBJECT_BOUNDARY_DESCRIPTOR__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _OBJECT_BOUNDARY_DESCRIPTOR__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _OBJECT_BOUNDARY_DESCRIPTOR__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn AddAppContainerSid(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_AddAppContainerSid(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + AddAppContainerSid: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let AddAppContainerSid: u32 = unsafe { ::core::mem::transmute(AddAppContainerSid) }; + AddAppContainerSid as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _OBJECT_BOUNDARY_DESCRIPTOR__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _OBJECT_BOUNDARY_DESCRIPTOR { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type OBJECT_BOUNDARY_DESCRIPTOR = _OBJECT_BOUNDARY_DESCRIPTOR; +pub type POBJECT_BOUNDARY_DESCRIPTOR = *mut _OBJECT_BOUNDARY_DESCRIPTOR; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SYMBOLIC_LINK_INFO_CLASS { + SymbolicLinkGlobalInformation = 1, + SymbolicLinkAccessMask = 2, + MaxnSymbolicLinkInfoClass = 3, +} +pub use self::_SYMBOLIC_LINK_INFO_CLASS as SYMBOLIC_LINK_INFO_CLASS; +pub type GDI_HANDLE_BUFFER = [ULONG; 60usize]; +pub type GDI_HANDLE_BUFFER32 = [ULONG; 34usize]; +pub type GDI_HANDLE_BUFFER64 = [ULONG; 60usize]; +#[repr(C)] +pub struct _PEB_LDR_DATA { + pub Length: ULONG, + pub Initialized: BOOLEAN, + pub SsHandle: HANDLE, + pub InLoadOrderModuleList: LIST_ENTRY, + pub InMemoryOrderModuleList: LIST_ENTRY, + pub InInitializationOrderModuleList: LIST_ENTRY, + pub EntryInProgress: PVOID, + pub ShutdownInProgress: BOOLEAN, + pub ShutdownThreadId: HANDLE, +} +impl Default for _PEB_LDR_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PEB_LDR_DATA = _PEB_LDR_DATA; +pub type PPEB_LDR_DATA = *mut _PEB_LDR_DATA; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _INITIAL_TEB { + pub OldInitialTeb: _INITIAL_TEB__bindgen_ty_1, + pub StackBase: PVOID, + pub StackLimit: PVOID, + pub StackAllocationBase: PVOID, +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _INITIAL_TEB__bindgen_ty_1 { + pub OldStackBase: PVOID, + pub OldStackLimit: PVOID, +} +impl Default for _INITIAL_TEB__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _INITIAL_TEB { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type INITIAL_TEB = _INITIAL_TEB; +pub type PINITIAL_TEB = *mut _INITIAL_TEB; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _WOW64_PROCESS { + pub Wow64: PVOID, +} +impl Default for _WOW64_PROCESS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type WOW64_PROCESS = _WOW64_PROCESS; +pub type PWOW64_PROCESS = *mut _WOW64_PROCESS; +pub type PRTL_USER_PROCESS_PARAMETERS = *mut _RTL_USER_PROCESS_PARAMETERS; +pub type PSILO_USER_SHARED_DATA = *mut _SILO_USER_SHARED_DATA; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LEAP_SECOND_DATA { + _unused: [u8; 0], +} +pub type PLEAP_SECOND_DATA = *mut _LEAP_SECOND_DATA; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA { + pub Magic: ULONG, + pub HeaderSize: ULONG, + pub FormatVersion: ULONG, + pub TotalSize: ULONG, + pub DefaultTocOffset: ULONG, + pub ExtendedTocOffset: ULONG, + pub AssemblyRosterOffset: ULONG, + pub Flags: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA = _ACTIVATION_CONTEXT_DATA; +pub type PACTIVATION_CONTEXT_DATA = *mut _ACTIVATION_CONTEXT_DATA; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_TOC_HEADER { + pub HeaderSize: ULONG, + pub EntryCount: ULONG, + pub FirstEntryOffset: ULONG, + pub Flags: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_TOC_HEADER = _ACTIVATION_CONTEXT_DATA_TOC_HEADER; +pub type PACTIVATION_CONTEXT_DATA_TOC_HEADER = *mut _ACTIVATION_CONTEXT_DATA_TOC_HEADER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_TOC_ENTRY { + pub Id: ULONG, + pub Offset: ULONG, + pub Length: ULONG, + pub Format: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_TOC_ENTRY = _ACTIVATION_CONTEXT_DATA_TOC_ENTRY; +pub type PACTIVATION_CONTEXT_DATA_TOC_ENTRY = *mut _ACTIVATION_CONTEXT_DATA_TOC_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_HEADER { + pub HeaderSize: ULONG, + pub EntryCount: ULONG, + pub FirstEntryOffset: ULONG, + pub Flags: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_HEADER = _ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_HEADER; +pub type PACTIVATION_CONTEXT_DATA_EXTENDED_TOC_HEADER = + *mut _ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_HEADER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_ENTRY { + pub ExtensionGuid: GUID, + pub TocOffset: ULONG, + pub Length: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_ENTRY = _ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_ENTRY; +pub type PACTIVATION_CONTEXT_DATA_EXTENDED_TOC_ENTRY = + *mut _ACTIVATION_CONTEXT_DATA_EXTENDED_TOC_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_HEADER { + pub HeaderSize: ULONG, + pub HashAlgorithm: ULONG, + pub EntryCount: ULONG, + pub FirstEntryOffset: ULONG, + pub AssemblyInformationSectionOffset: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_HEADER = + _ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_HEADER; +pub type PACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_HEADER = + *mut _ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_HEADER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY { + pub Flags: ULONG, + pub PseudoKey: ULONG, + pub AssemblyNameOffset: ULONG, + pub AssemblyNameLength: ULONG, + pub AssemblyInformationOffset: ULONG, + pub AssemblyInformationLength: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY = + _ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY; +pub type PACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY = + *mut _ACTIVATION_CONTEXT_DATA_ASSEMBLY_ROSTER_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_STRING_SECTION_HEADER { + pub Magic: ULONG, + pub HeaderSize: ULONG, + pub FormatVersion: ULONG, + pub DataFormatVersion: ULONG, + pub Flags: ULONG, + pub ElementCount: ULONG, + pub ElementListOffset: ULONG, + pub HashAlgorithm: ULONG, + pub SearchStructureOffset: ULONG, + pub UserDataOffset: ULONG, + pub UserDataSize: ULONG, +} +pub type ACTIVATION_CONTEXT_STRING_SECTION_HEADER = _ACTIVATION_CONTEXT_STRING_SECTION_HEADER; +pub type PACTIVATION_CONTEXT_STRING_SECTION_HEADER = *mut _ACTIVATION_CONTEXT_STRING_SECTION_HEADER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_STRING_SECTION_ENTRY { + pub PseudoKey: ULONG, + pub KeyOffset: ULONG, + pub KeyLength: ULONG, + pub Offset: ULONG, + pub Length: ULONG, + pub AssemblyRosterIndex: ULONG, +} +pub type ACTIVATION_CONTEXT_STRING_SECTION_ENTRY = _ACTIVATION_CONTEXT_STRING_SECTION_ENTRY; +pub type PACTIVATION_CONTEXT_STRING_SECTION_ENTRY = *mut _ACTIVATION_CONTEXT_STRING_SECTION_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_STRING_SECTION_HASH_TABLE { + pub BucketTableEntryCount: ULONG, + pub BucketTableOffset: ULONG, +} +pub type ACTIVATION_CONTEXT_STRING_SECTION_HASH_TABLE = + _ACTIVATION_CONTEXT_STRING_SECTION_HASH_TABLE; +pub type PACTIVATION_CONTEXT_STRING_SECTION_HASH_TABLE = + *mut _ACTIVATION_CONTEXT_STRING_SECTION_HASH_TABLE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_STRING_SECTION_HASH_BUCKET { + pub ChainCount: ULONG, + pub ChainOffset: ULONG, +} +pub type ACTIVATION_CONTEXT_STRING_SECTION_HASH_BUCKET = + _ACTIVATION_CONTEXT_STRING_SECTION_HASH_BUCKET; +pub type PACTIVATION_CONTEXT_STRING_SECTION_HASH_BUCKET = + *mut _ACTIVATION_CONTEXT_STRING_SECTION_HASH_BUCKET; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_GUID_SECTION_HEADER { + pub Magic: ULONG, + pub HeaderSize: ULONG, + pub FormatVersion: ULONG, + pub DataFormatVersion: ULONG, + pub Flags: ULONG, + pub ElementCount: ULONG, + pub ElementListOffset: ULONG, + pub SearchStructureOffset: ULONG, + pub UserDataOffset: ULONG, + pub UserDataSize: ULONG, +} +pub type ACTIVATION_CONTEXT_GUID_SECTION_HEADER = _ACTIVATION_CONTEXT_GUID_SECTION_HEADER; +pub type PACTIVATION_CONTEXT_GUID_SECTION_HEADER = *mut _ACTIVATION_CONTEXT_GUID_SECTION_HEADER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_GUID_SECTION_ENTRY { + pub Guid: GUID, + pub Offset: ULONG, + pub Length: ULONG, + pub AssemblyRosterIndex: ULONG, +} +pub type ACTIVATION_CONTEXT_GUID_SECTION_ENTRY = _ACTIVATION_CONTEXT_GUID_SECTION_ENTRY; +pub type PACTIVATION_CONTEXT_GUID_SECTION_ENTRY = *mut _ACTIVATION_CONTEXT_GUID_SECTION_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_GUID_SECTION_HASH_TABLE { + pub BucketTableEntryCount: ULONG, + pub BucketTableOffset: ULONG, +} +pub type ACTIVATION_CONTEXT_GUID_SECTION_HASH_TABLE = _ACTIVATION_CONTEXT_GUID_SECTION_HASH_TABLE; +pub type PACTIVATION_CONTEXT_GUID_SECTION_HASH_TABLE = + *mut _ACTIVATION_CONTEXT_GUID_SECTION_HASH_TABLE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_GUID_SECTION_HASH_BUCKET { + pub ChainCount: ULONG, + pub ChainOffset: ULONG, +} +pub type ACTIVATION_CONTEXT_GUID_SECTION_HASH_BUCKET = _ACTIVATION_CONTEXT_GUID_SECTION_HASH_BUCKET; +pub type PACTIVATION_CONTEXT_GUID_SECTION_HASH_BUCKET = + *mut _ACTIVATION_CONTEXT_GUID_SECTION_HASH_BUCKET; +#[repr(C, packed(4))] +#[derive(Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION { + pub Size: ULONG, + pub Flags: ULONG, + pub EncodedAssemblyIdentityLength: ULONG, + pub EncodedAssemblyIdentityOffset: ULONG, + pub ManifestPathType: ULONG, + pub ManifestPathLength: ULONG, + pub ManifestPathOffset: ULONG, + pub ManifestLastWriteTime: LARGE_INTEGER, + pub PolicyPathType: ULONG, + pub PolicyPathLength: ULONG, + pub PolicyPathOffset: ULONG, + pub PolicyLastWriteTime: LARGE_INTEGER, + pub MetadataSatelliteRosterIndex: ULONG, + pub Unused2: ULONG, + pub ManifestVersionMajor: ULONG, + pub ManifestVersionMinor: ULONG, + pub PolicyVersionMajor: ULONG, + pub PolicyVersionMinor: ULONG, + pub AssemblyDirectoryNameLength: ULONG, + pub AssemblyDirectoryNameOffset: ULONG, + pub NumOfFilesInAssembly: ULONG, + pub LanguageLength: ULONG, + pub LanguageOffset: ULONG, + pub RunLevel: ACTCTX_REQUESTED_RUN_LEVEL, + pub UiAccess: ULONG, +} +impl Default for _ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION = + _ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION; +pub type PACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION = + *mut _ACTIVATION_CONTEXT_DATA_ASSEMBLY_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_ASSEMBLY_GLOBAL_INFORMATION { + pub Size: ULONG, + pub Flags: ULONG, + pub PolicyCoherencyGuid: GUID, + pub PolicyOverrideGuid: GUID, + pub ApplicationDirectoryPathType: ULONG, + pub ApplicationDirectoryLength: ULONG, + pub ApplicationDirectoryOffset: ULONG, + pub ResourceName: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_ASSEMBLY_GLOBAL_INFORMATION = + _ACTIVATION_CONTEXT_DATA_ASSEMBLY_GLOBAL_INFORMATION; +pub type PACTIVATION_CONTEXT_DATA_ASSEMBLY_GLOBAL_INFORMATION = + *mut _ACTIVATION_CONTEXT_DATA_ASSEMBLY_GLOBAL_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION { + pub Size: ULONG, + pub Flags: ULONG, + pub TotalPathLength: ULONG, + pub PathSegmentCount: ULONG, + pub PathSegmentOffset: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION = _ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION; +pub type PACTIVATION_CONTEXT_DATA_DLL_REDIRECTION = *mut _ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SEGMENT { + pub Length: ULONG, + pub Offset: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SEGMENT = + _ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SEGMENT; +pub type PACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SEGMENT = + *mut _ACTIVATION_CONTEXT_DATA_DLL_REDIRECTION_PATH_SEGMENT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION { + pub Size: ULONG, + pub Flags: ULONG, + pub VersionSpecificClassNameLength: ULONG, + pub VersionSpecificClassNameOffset: ULONG, + pub DllNameLength: ULONG, + pub DllNameOffset: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION = + _ACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION; +pub type PACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION = + *mut _ACTIVATION_CONTEXT_DATA_WINDOW_CLASS_REDIRECTION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION { + pub Size: ULONG, + pub Flags: ULONG, + pub ThreadingModel: ULONG, + pub ReferenceClsid: GUID, + pub ConfiguredClsid: GUID, + pub ImplementedClsid: GUID, + pub TypeLibraryId: GUID, + pub ModuleLength: ULONG, + pub ModuleOffset: ULONG, + pub ProgIdLength: ULONG, + pub ProgIdOffset: ULONG, + pub ShimDataLength: ULONG, + pub ShimDataOffset: ULONG, + pub MiscStatusDefault: ULONG, + pub MiscStatusContent: ULONG, + pub MiscStatusThumbnail: ULONG, + pub MiscStatusIcon: ULONG, + pub MiscStatusDocPrint: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION = + _ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION; +pub type PACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION = + *mut _ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM { + pub Size: ULONG, + pub Flags: ULONG, + pub Type: ULONG, + pub ModuleLength: ULONG, + pub ModuleOffset: ULONG, + pub TypeLength: ULONG, + pub TypeOffset: ULONG, + pub ShimVersionLength: ULONG, + pub ShimVersionOffset: ULONG, + pub DataLength: ULONG, + pub DataOffset: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM = + _ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM; +pub type PACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM = + *mut _ACTIVATION_CONTEXT_DATA_COM_SERVER_REDIRECTION_SHIM; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION { + pub Size: ULONG, + pub Flags: ULONG, + pub ProxyStubClsid32: GUID, + pub NumMethods: ULONG, + pub TypeLibraryId: GUID, + pub BaseInterface: GUID, + pub NameLength: ULONG, + pub NameOffset: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION = + _ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION; +pub type PACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION = + *mut _ACTIVATION_CONTEXT_DATA_COM_INTERFACE_REDIRECTION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION { + pub Major: USHORT, + pub Minor: USHORT, +} +pub type ACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION = + _ACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION; +pub type PACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION = + *mut _ACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION { + pub Size: ULONG, + pub Flags: ULONG, + pub NameLength: ULONG, + pub NameOffset: ULONG, + pub ResourceId: USHORT, + pub LibraryFlags: USHORT, + pub HelpDirLength: ULONG, + pub HelpDirOffset: ULONG, + pub Version: ACTIVATION_CONTEXT_DATA_TYPE_LIBRARY_VERSION, +} +pub type ACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION = + _ACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION; +pub type PACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION = + *mut _ACTIVATION_CONTEXT_DATA_COM_TYPE_LIBRARY_REDIRECTION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION { + pub Size: ULONG, + pub Flags: ULONG, + pub ConfiguredClsidOffset: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION = + _ACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION; +pub type PACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION = + *mut _ACTIVATION_CONTEXT_DATA_COM_PROGID_REDIRECTION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_CLR_SURROGATE { + pub Size: ULONG, + pub Flags: ULONG, + pub SurrogateIdent: GUID, + pub VersionOffset: ULONG, + pub VersionLength: ULONG, + pub TypeNameOffset: ULONG, + pub TypeNameLength: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_CLR_SURROGATE = _ACTIVATION_CONTEXT_DATA_CLR_SURROGATE; +pub type PACTIVATION_CONTEXT_DATA_CLR_SURROGATE = *mut _ACTIVATION_CONTEXT_DATA_CLR_SURROGATE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS { + pub Size: ULONG, + pub Flags: ULONG, + pub SettingNamespaceLength: ULONG, + pub SettingNamespaceOffset: ULONG, + pub SettingNameLength: ULONG, + pub SettingNameOffset: ULONG, + pub SettingValueLength: ULONG, + pub SettingValueOffset: ULONG, +} +pub type ACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS = + _ACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS; +pub type PACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS = + *mut _ACTIVATION_CONTEXT_DATA_APPLICATION_SETTINGS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _COMPATIBILITY_CONTEXT_ELEMENT_LEGACY { + pub Id: GUID, + pub Type: ACTCTX_COMPATIBILITY_ELEMENT_TYPE, +} +impl Default for _COMPATIBILITY_CONTEXT_ELEMENT_LEGACY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type COMPATIBILITY_CONTEXT_ELEMENT_LEGACY = _COMPATIBILITY_CONTEXT_ELEMENT_LEGACY; +pub type PCOMPATIBILITY_CONTEXT_ELEMENT_LEGACY = *mut _COMPATIBILITY_CONTEXT_ELEMENT_LEGACY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION_LEGACY { + pub ElementCount: DWORD, + pub Elements: [COMPATIBILITY_CONTEXT_ELEMENT_LEGACY; 1usize], +} +impl Default for _ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION_LEGACY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION_LEGACY = + _ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION_LEGACY; +pub type PACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION_LEGACY = + *mut _ACTIVATION_CONTEXT_COMPATIBILITY_INFORMATION_LEGACY; +#[repr(C)] +pub struct _ASSEMBLY_STORAGE_MAP_ENTRY { + pub Flags: ULONG, + pub DosPath: UNICODE_STRING, + pub Handle: HANDLE, +} +impl Default for _ASSEMBLY_STORAGE_MAP_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ASSEMBLY_STORAGE_MAP_ENTRY = _ASSEMBLY_STORAGE_MAP_ENTRY; +pub type PASSEMBLY_STORAGE_MAP_ENTRY = *mut _ASSEMBLY_STORAGE_MAP_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ASSEMBLY_STORAGE_MAP { + pub Flags: ULONG, + pub AssemblyCount: ULONG, + pub AssemblyArray: *mut PASSEMBLY_STORAGE_MAP_ENTRY, +} +impl Default for _ASSEMBLY_STORAGE_MAP { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ASSEMBLY_STORAGE_MAP = _ASSEMBLY_STORAGE_MAP; +pub type PASSEMBLY_STORAGE_MAP = *mut _ASSEMBLY_STORAGE_MAP; +pub type PACTIVATION_CONTEXT_NOTIFY_ROUTINE = ::core::option::Option< + unsafe extern "C" fn( + NotificationType: ULONG, + ActivationContext: PACTIVATION_CONTEXT, + ActivationContextData: PACTIVATION_CONTEXT_DATA, + NotificationContext: PVOID, + NotificationData: PVOID, + DisableThisNotification: PBOOLEAN, + ), +>; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT { + pub RefCount: LONG, + pub Flags: ULONG, + pub ActivationContextData: PACTIVATION_CONTEXT_DATA, + pub NotificationRoutine: PACTIVATION_CONTEXT_NOTIFY_ROUTINE, + pub NotificationContext: PVOID, + pub SentNotifications: [ULONG; 8usize], + pub DisabledNotifications: [ULONG; 8usize], + pub StorageMap: ASSEMBLY_STORAGE_MAP, + pub InlineStorageMapEntries: [PASSEMBLY_STORAGE_MAP_ENTRY; 32usize], +} +impl Default for _ACTIVATION_CONTEXT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ACTIVATION_CONTEXT = _ACTIVATION_CONTEXT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME { + pub Previous: *mut _RTL_ACTIVATION_CONTEXT_STACK_FRAME, + pub ActivationContext: PACTIVATION_CONTEXT, + pub Flags: ULONG, +} +impl Default for _RTL_ACTIVATION_CONTEXT_STACK_FRAME { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_ACTIVATION_CONTEXT_STACK_FRAME = _RTL_ACTIVATION_CONTEXT_STACK_FRAME; +pub type PRTL_ACTIVATION_CONTEXT_STACK_FRAME = *mut _RTL_ACTIVATION_CONTEXT_STACK_FRAME; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ACTIVATION_CONTEXT_STACK { + pub ActiveFrame: PRTL_ACTIVATION_CONTEXT_STACK_FRAME, + pub FrameListCache: LIST_ENTRY, + pub Flags: ULONG, + pub NextCookieSequenceNumber: ULONG, + pub StackId: ULONG, +} +impl Default for _ACTIVATION_CONTEXT_STACK { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ACTIVATION_CONTEXT_STACK = _ACTIVATION_CONTEXT_STACK; +pub type PACTIVATION_CONTEXT_STACK = *mut _ACTIVATION_CONTEXT_STACK; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _API_SET_NAMESPACE { + pub Version: ULONG, + pub Size: ULONG, + pub Flags: ULONG, + pub Count: ULONG, + pub EntryOffset: ULONG, + pub HashOffset: ULONG, + pub HashFactor: ULONG, +} +pub type API_SET_NAMESPACE = _API_SET_NAMESPACE; +pub type PAPI_SET_NAMESPACE = *mut _API_SET_NAMESPACE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _API_SET_HASH_ENTRY { + pub Hash: ULONG, + pub Index: ULONG, +} +pub type API_SET_HASH_ENTRY = _API_SET_HASH_ENTRY; +pub type PAPI_SET_HASH_ENTRY = *mut _API_SET_HASH_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _API_SET_NAMESPACE_ENTRY { + pub Flags: ULONG, + pub NameOffset: ULONG, + pub NameLength: ULONG, + pub HashedLength: ULONG, + pub ValueOffset: ULONG, + pub ValueCount: ULONG, +} +pub type API_SET_NAMESPACE_ENTRY = _API_SET_NAMESPACE_ENTRY; +pub type PAPI_SET_NAMESPACE_ENTRY = *mut _API_SET_NAMESPACE_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _API_SET_VALUE_ENTRY { + pub Flags: ULONG, + pub NameOffset: ULONG, + pub NameLength: ULONG, + pub ValueOffset: ULONG, + pub ValueLength: ULONG, +} +pub type API_SET_VALUE_ENTRY = _API_SET_VALUE_ENTRY; +pub type PAPI_SET_VALUE_ENTRY = *mut _API_SET_VALUE_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TELEMETRY_COVERAGE_HEADER { + pub MajorVersion: UCHAR, + pub MinorVersion: UCHAR, + pub __bindgen_anon_1: _TELEMETRY_COVERAGE_HEADER__bindgen_ty_1, + pub HashTableEntries: ULONG, + pub HashIndexMask: ULONG, + pub TableUpdateVersion: ULONG, + pub TableSizeInBytes: ULONG, + pub LastResetTick: ULONG, + pub ResetRound: ULONG, + pub Reserved2: ULONG, + pub RecordedCount: ULONG, + pub Reserved3: [ULONG; 4usize], + pub HashTable: [ULONG; 1usize], +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TELEMETRY_COVERAGE_HEADER__bindgen_ty_1 { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>, +} +impl _TELEMETRY_COVERAGE_HEADER__bindgen_ty_1 { + #[inline] + pub fn TracingEnabled(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u16) } + } + #[inline] + pub fn set_TracingEnabled(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved1(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 15u8) as u16) } + } + #[inline] + pub fn set_Reserved1(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 15u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + TracingEnabled: USHORT, + Reserved1: USHORT, + ) -> __BindgenBitfieldUnit<[u8; 2usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let TracingEnabled: u16 = unsafe { ::core::mem::transmute(TracingEnabled) }; + TracingEnabled as u64 + }); + __bindgen_bitfield_unit.set(1usize, 15u8, { + let Reserved1: u16 = unsafe { ::core::mem::transmute(Reserved1) }; + Reserved1 as u64 + }); + __bindgen_bitfield_unit + } +} +pub type TELEMETRY_COVERAGE_HEADER = _TELEMETRY_COVERAGE_HEADER; +pub type PTELEMETRY_COVERAGE_HEADER = *mut _TELEMETRY_COVERAGE_HEADER; +#[repr(C)] +pub struct _PEB { + pub InheritedAddressSpace: BOOLEAN, + pub ReadImageFileExecOptions: BOOLEAN, + pub BeingDebugged: BOOLEAN, + pub __bindgen_anon_1: _PEB__bindgen_ty_1, + pub Mutant: HANDLE, + pub ImageBaseAddress: PVOID, + pub Ldr: PPEB_LDR_DATA, + pub ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, + pub SubSystemData: PVOID, + pub ProcessHeap: PVOID, + pub FastPebLock: PRTL_CRITICAL_SECTION, + pub AtlThunkSListPtr: PSLIST_HEADER, + pub IFEOKey: PVOID, + pub __bindgen_anon_2: _PEB__bindgen_ty_2, + pub __bindgen_anon_3: _PEB__bindgen_ty_3, + pub SystemReserved: ULONG, + pub AtlThunkSListPtr32: ULONG, + pub ApiSetMap: PAPI_SET_NAMESPACE, + pub TlsExpansionCounter: ULONG, + pub TlsBitmap: PRTL_BITMAP, + pub TlsBitmapBits: [ULONG; 2usize], + pub ReadOnlySharedMemoryBase: PVOID, + pub SharedData: PSILO_USER_SHARED_DATA, + pub ReadOnlyStaticServerData: *mut PVOID, + pub AnsiCodePageData: PVOID, + pub OemCodePageData: PVOID, + pub UnicodeCaseTableData: PVOID, + pub NumberOfProcessors: ULONG, + pub NtGlobalFlag: ULONG, + pub CriticalSectionTimeout: ULARGE_INTEGER, + pub HeapSegmentReserve: SIZE_T, + pub HeapSegmentCommit: SIZE_T, + pub HeapDeCommitTotalFreeThreshold: SIZE_T, + pub HeapDeCommitFreeBlockThreshold: SIZE_T, + pub NumberOfHeaps: ULONG, + pub MaximumNumberOfHeaps: ULONG, + pub ProcessHeaps: *mut PVOID, + pub GdiSharedHandleTable: PVOID, + pub ProcessStarterHelper: PVOID, + pub GdiDCAttributeList: ULONG, + pub LoaderLock: PRTL_CRITICAL_SECTION, + pub OSMajorVersion: ULONG, + pub OSMinorVersion: ULONG, + pub OSBuildNumber: USHORT, + pub OSCSDVersion: USHORT, + pub OSPlatformId: ULONG, + pub ImageSubsystem: ULONG, + pub ImageSubsystemMajorVersion: ULONG, + pub ImageSubsystemMinorVersion: ULONG, + pub ActiveProcessAffinityMask: KAFFINITY, + pub GdiHandleBuffer: GDI_HANDLE_BUFFER, + pub PostProcessInitRoutine: PVOID, + pub TlsExpansionBitmap: PRTL_BITMAP, + pub TlsExpansionBitmapBits: [ULONG; 32usize], + pub SessionId: ULONG, + pub AppCompatFlags: ULARGE_INTEGER, + pub AppCompatFlagsUser: ULARGE_INTEGER, + pub pShimData: PVOID, + pub AppCompatInfo: PVOID, + pub CSDVersion: UNICODE_STRING, + pub ActivationContextData: PACTIVATION_CONTEXT_DATA, + pub ProcessAssemblyStorageMap: PASSEMBLY_STORAGE_MAP, + pub SystemDefaultActivationContextData: PACTIVATION_CONTEXT_DATA, + pub SystemAssemblyStorageMap: PASSEMBLY_STORAGE_MAP, + pub MinimumStackCommit: SIZE_T, + pub SparePointers: [PVOID; 2usize], + pub PatchLoaderData: PVOID, + pub ChpeV2ProcessInfo: PVOID, + pub AppModelFeatureState: ULONG, + pub SpareUlongs: [ULONG; 2usize], + pub ActiveCodePage: USHORT, + pub OemCodePage: USHORT, + pub UseCaseMapping: USHORT, + pub UnusedNlsField: USHORT, + pub WerRegistrationData: PVOID, + pub WerShipAssertPtr: PVOID, + pub __bindgen_anon_4: _PEB__bindgen_ty_4, + pub pImageHeaderHash: PVOID, + pub __bindgen_anon_5: _PEB__bindgen_ty_5, + pub CsrServerReadOnlySharedMemoryBase: ULONGLONG, + pub TppWorkerpListLock: PRTL_CRITICAL_SECTION, + pub TppWorkerpList: LIST_ENTRY, + pub WaitOnAddressHashTable: [PVOID; 128usize], + pub TelemetryCoverageHeader: PTELEMETRY_COVERAGE_HEADER, + pub CloudFileFlags: ULONG, + pub CloudFileDiagFlags: ULONG, + pub PlaceholderCompatibilityMode: CHAR, + pub PlaceholderCompatibilityModeReserved: [CHAR; 7usize], + pub LeapSecondData: PLEAP_SECOND_DATA, + pub __bindgen_anon_6: _PEB__bindgen_ty_6, + pub NtGlobalFlag2: ULONG, + pub ExtendedFeatureDisableMask: ULONGLONG, +} +#[repr(C)] +pub union _PEB__bindgen_ty_1 { + pub BitField: ::core::mem::ManuallyDrop, + pub __bindgen_anon_1: ::core::mem::ManuallyDrop<_PEB__bindgen_ty_1__bindgen_ty_1>, +} +#[repr(C)] +pub struct _PEB__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, +} +impl Default for _PEB__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _PEB__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn ImageUsesLargePages(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } + } + #[inline] + pub fn set_ImageUsesLargePages(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsProtectedProcess(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u8) } + } + #[inline] + pub fn set_IsProtectedProcess(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsImageDynamicallyRelocated(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u8) } + } + #[inline] + pub fn set_IsImageDynamicallyRelocated(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn SkipPatchingUser32Forwarders(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u8) } + } + #[inline] + pub fn set_SkipPatchingUser32Forwarders(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsPackagedProcess(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u8) } + } + #[inline] + pub fn set_IsPackagedProcess(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsAppContainer(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u8) } + } + #[inline] + pub fn set_IsAppContainer(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsProtectedProcessLight(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u8) } + } + #[inline] + pub fn set_IsProtectedProcessLight(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsLongPathAwareProcess(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u8) } + } + #[inline] + pub fn set_IsLongPathAwareProcess(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ImageUsesLargePages: BOOLEAN, + IsProtectedProcess: BOOLEAN, + IsImageDynamicallyRelocated: BOOLEAN, + SkipPatchingUser32Forwarders: BOOLEAN, + IsPackagedProcess: BOOLEAN, + IsAppContainer: BOOLEAN, + IsProtectedProcessLight: BOOLEAN, + IsLongPathAwareProcess: BOOLEAN, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ImageUsesLargePages: u8 = unsafe { ::core::mem::transmute(ImageUsesLargePages) }; + ImageUsesLargePages as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let IsProtectedProcess: u8 = unsafe { ::core::mem::transmute(IsProtectedProcess) }; + IsProtectedProcess as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let IsImageDynamicallyRelocated: u8 = + unsafe { ::core::mem::transmute(IsImageDynamicallyRelocated) }; + IsImageDynamicallyRelocated as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let SkipPatchingUser32Forwarders: u8 = + unsafe { ::core::mem::transmute(SkipPatchingUser32Forwarders) }; + SkipPatchingUser32Forwarders as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let IsPackagedProcess: u8 = unsafe { ::core::mem::transmute(IsPackagedProcess) }; + IsPackagedProcess as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let IsAppContainer: u8 = unsafe { ::core::mem::transmute(IsAppContainer) }; + IsAppContainer as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let IsProtectedProcessLight: u8 = + unsafe { ::core::mem::transmute(IsProtectedProcessLight) }; + IsProtectedProcessLight as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let IsLongPathAwareProcess: u8 = unsafe { ::core::mem::transmute(IsLongPathAwareProcess) }; + IsLongPathAwareProcess as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PEB__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PEB__bindgen_ty_2 { + pub CrossProcessFlags: ULONG, + pub __bindgen_anon_1: _PEB__bindgen_ty_2__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PEB__bindgen_ty_2__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PEB__bindgen_ty_2__bindgen_ty_1 { + #[inline] + pub fn ProcessInJob(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessInJob(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessInitializing(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessInitializing(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessUsingVEH(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessUsingVEH(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessUsingVCH(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessUsingVCH(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessUsingFTH(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessUsingFTH(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessPreviouslyThrottled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessPreviouslyThrottled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessCurrentlyThrottled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessCurrentlyThrottled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessImagesHotPatched(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessImagesHotPatched(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedBits0(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 24u8) as u32) } + } + #[inline] + pub fn set_ReservedBits0(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 24u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ProcessInJob: ULONG, + ProcessInitializing: ULONG, + ProcessUsingVEH: ULONG, + ProcessUsingVCH: ULONG, + ProcessUsingFTH: ULONG, + ProcessPreviouslyThrottled: ULONG, + ProcessCurrentlyThrottled: ULONG, + ProcessImagesHotPatched: ULONG, + ReservedBits0: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ProcessInJob: u32 = unsafe { ::core::mem::transmute(ProcessInJob) }; + ProcessInJob as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let ProcessInitializing: u32 = unsafe { ::core::mem::transmute(ProcessInitializing) }; + ProcessInitializing as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let ProcessUsingVEH: u32 = unsafe { ::core::mem::transmute(ProcessUsingVEH) }; + ProcessUsingVEH as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let ProcessUsingVCH: u32 = unsafe { ::core::mem::transmute(ProcessUsingVCH) }; + ProcessUsingVCH as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let ProcessUsingFTH: u32 = unsafe { ::core::mem::transmute(ProcessUsingFTH) }; + ProcessUsingFTH as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let ProcessPreviouslyThrottled: u32 = + unsafe { ::core::mem::transmute(ProcessPreviouslyThrottled) }; + ProcessPreviouslyThrottled as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let ProcessCurrentlyThrottled: u32 = + unsafe { ::core::mem::transmute(ProcessCurrentlyThrottled) }; + ProcessCurrentlyThrottled as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let ProcessImagesHotPatched: u32 = + unsafe { ::core::mem::transmute(ProcessImagesHotPatched) }; + ProcessImagesHotPatched as u64 + }); + __bindgen_bitfield_unit.set(8usize, 24u8, { + let ReservedBits0: u32 = unsafe { ::core::mem::transmute(ReservedBits0) }; + ReservedBits0 as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PEB__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PEB__bindgen_ty_3 { + pub KernelCallbackTable: PVOID, + pub UserSharedInfoPtr: PVOID, +} +impl Default for _PEB__bindgen_ty_3 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PEB__bindgen_ty_4 { + pub pContextData: PVOID, + pub pUnused: PVOID, + pub EcCodeBitMap: PVOID, +} +impl Default for _PEB__bindgen_ty_4 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PEB__bindgen_ty_5 { + pub TracingFlags: ULONG, + pub __bindgen_anon_1: _PEB__bindgen_ty_5__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PEB__bindgen_ty_5__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PEB__bindgen_ty_5__bindgen_ty_1 { + #[inline] + pub fn HeapTracingEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_HeapTracingEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn CritSecTracingEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_CritSecTracingEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn LibLoaderTracingEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_LibLoaderTracingEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpareTracingBits(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 29u8) as u32) } + } + #[inline] + pub fn set_SpareTracingBits(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 29u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + HeapTracingEnabled: ULONG, + CritSecTracingEnabled: ULONG, + LibLoaderTracingEnabled: ULONG, + SpareTracingBits: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let HeapTracingEnabled: u32 = unsafe { ::core::mem::transmute(HeapTracingEnabled) }; + HeapTracingEnabled as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let CritSecTracingEnabled: u32 = unsafe { ::core::mem::transmute(CritSecTracingEnabled) }; + CritSecTracingEnabled as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let LibLoaderTracingEnabled: u32 = + unsafe { ::core::mem::transmute(LibLoaderTracingEnabled) }; + LibLoaderTracingEnabled as u64 + }); + __bindgen_bitfield_unit.set(3usize, 29u8, { + let SpareTracingBits: u32 = unsafe { ::core::mem::transmute(SpareTracingBits) }; + SpareTracingBits as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PEB__bindgen_ty_5 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PEB__bindgen_ty_6 { + pub LeapSecondFlags: ULONG, + pub __bindgen_anon_1: _PEB__bindgen_ty_6__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PEB__bindgen_ty_6__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PEB__bindgen_ty_6__bindgen_ty_1 { + #[inline] + pub fn SixtySecondEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_SixtySecondEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + SixtySecondEnabled: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let SixtySecondEnabled: u32 = unsafe { ::core::mem::transmute(SixtySecondEnabled) }; + SixtySecondEnabled as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PEB__bindgen_ty_6 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PEB { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PEB = _PEB; +pub type PPEB = *mut _PEB; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _GDI_TEB_BATCH { + pub Offset: ULONG, + pub HDC: ULONG_PTR, + pub Buffer: [ULONG; 310usize], +} +impl Default for _GDI_TEB_BATCH { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type GDI_TEB_BATCH = _GDI_TEB_BATCH; +pub type PGDI_TEB_BATCH = *mut _GDI_TEB_BATCH; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TEB_ACTIVE_FRAME_CONTEXT { + pub Flags: ULONG, + pub FrameName: PSTR, +} +impl Default for _TEB_ACTIVE_FRAME_CONTEXT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TEB_ACTIVE_FRAME_CONTEXT = _TEB_ACTIVE_FRAME_CONTEXT; +pub type PTEB_ACTIVE_FRAME_CONTEXT = *mut _TEB_ACTIVE_FRAME_CONTEXT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TEB_ACTIVE_FRAME_CONTEXT_EX { + pub BasicContext: TEB_ACTIVE_FRAME_CONTEXT, + pub SourceLocation: PSTR, +} +impl Default for _TEB_ACTIVE_FRAME_CONTEXT_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TEB_ACTIVE_FRAME_CONTEXT_EX = _TEB_ACTIVE_FRAME_CONTEXT_EX; +pub type PTEB_ACTIVE_FRAME_CONTEXT_EX = *mut _TEB_ACTIVE_FRAME_CONTEXT_EX; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TEB_ACTIVE_FRAME { + pub Flags: ULONG, + pub Previous: *mut _TEB_ACTIVE_FRAME, + pub Context: PTEB_ACTIVE_FRAME_CONTEXT, +} +impl Default for _TEB_ACTIVE_FRAME { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TEB_ACTIVE_FRAME = _TEB_ACTIVE_FRAME; +pub type PTEB_ACTIVE_FRAME = *mut _TEB_ACTIVE_FRAME; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TEB_ACTIVE_FRAME_EX { + pub BasicFrame: TEB_ACTIVE_FRAME, + pub ExtensionIdentifier: PVOID, +} +impl Default for _TEB_ACTIVE_FRAME_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TEB_ACTIVE_FRAME_EX = _TEB_ACTIVE_FRAME_EX; +pub type PTEB_ACTIVE_FRAME_EX = *mut _TEB_ACTIVE_FRAME_EX; +#[repr(C)] +pub struct _TEB { + pub NtTib: NT_TIB, + pub EnvironmentPointer: PVOID, + pub ClientId: CLIENT_ID, + pub ActiveRpcHandle: PVOID, + pub ThreadLocalStoragePointer: PVOID, + pub ProcessEnvironmentBlock: PPEB, + pub LastErrorValue: ULONG, + pub CountOfOwnedCriticalSections: ULONG, + pub CsrClientThread: PVOID, + pub Win32ThreadInfo: PVOID, + pub User32Reserved: [ULONG; 26usize], + pub UserReserved: [ULONG; 5usize], + pub WOW32Reserved: PVOID, + pub CurrentLocale: LCID, + pub FpSoftwareStatusRegister: ULONG, + pub ReservedForDebuggerInstrumentation: [PVOID; 16usize], + pub SystemReserved1: [PVOID; 30usize], + pub PlaceholderCompatibilityMode: CHAR, + pub PlaceholderHydrationAlwaysExplicit: BOOLEAN, + pub PlaceholderReserved: [CHAR; 10usize], + pub ProxiedProcessId: ULONG, + pub ActivationStack: ACTIVATION_CONTEXT_STACK, + pub WorkingOnBehalfTicket: [UCHAR; 8usize], + pub ExceptionCode: NTSTATUS, + pub ActivationContextStackPointer: PACTIVATION_CONTEXT_STACK, + pub InstrumentationCallbackSp: ULONG_PTR, + pub InstrumentationCallbackPreviousPc: ULONG_PTR, + pub InstrumentationCallbackPreviousSp: ULONG_PTR, + pub TxFsContext: ULONG, + pub InstrumentationCallbackDisabled: BOOLEAN, + pub UnalignedLoadStoreExceptions: BOOLEAN, + pub GdiTebBatch: GDI_TEB_BATCH, + pub RealClientId: CLIENT_ID, + pub GdiCachedProcessHandle: HANDLE, + pub GdiClientPID: ULONG, + pub GdiClientTID: ULONG, + pub GdiThreadLocalInfo: PVOID, + pub Win32ClientInfo: [ULONG_PTR; 62usize], + pub glDispatchTable: [PVOID; 233usize], + pub glReserved1: [ULONG_PTR; 29usize], + pub glReserved2: PVOID, + pub glSectionInfo: PVOID, + pub glSection: PVOID, + pub glTable: PVOID, + pub glCurrentRC: PVOID, + pub glContext: PVOID, + pub LastStatusValue: NTSTATUS, + pub StaticUnicodeString: UNICODE_STRING, + pub StaticUnicodeBuffer: [WCHAR; 261usize], + pub DeallocationStack: PVOID, + pub TlsSlots: [PVOID; 64usize], + pub TlsLinks: LIST_ENTRY, + pub Vdm: PVOID, + pub ReservedForNtRpc: PVOID, + pub DbgSsReserved: [PVOID; 2usize], + pub HardErrorMode: ULONG, + pub Instrumentation: [PVOID; 11usize], + pub ActivityId: GUID, + pub SubProcessTag: PVOID, + pub PerflibData: PVOID, + pub EtwTraceData: PVOID, + pub WinSockData: PVOID, + pub GdiBatchCount: ULONG, + pub __bindgen_anon_1: _TEB__bindgen_ty_1, + pub GuaranteedStackBytes: ULONG, + pub ReservedForPerf: PVOID, + pub ReservedForOle: PVOID, + pub WaitingOnLoaderLock: ULONG, + pub SavedPriorityState: PVOID, + pub ReservedForCodeCoverage: ULONG_PTR, + pub ThreadPoolData: PVOID, + pub TlsExpansionSlots: *mut PVOID, + pub DeallocationBStore: PVOID, + pub BStoreLimit: PVOID, + pub MuiGeneration: ULONG, + pub IsImpersonating: ULONG, + pub NlsCache: PVOID, + pub pShimData: PVOID, + pub HeapData: ULONG, + pub CurrentTransactionHandle: HANDLE, + pub ActiveFrame: PTEB_ACTIVE_FRAME, + pub FlsData: PVOID, + pub PreferredLanguages: PVOID, + pub UserPrefLanguages: PVOID, + pub MergedPrefLanguages: PVOID, + pub MuiImpersonation: ULONG, + pub __bindgen_anon_2: _TEB__bindgen_ty_2, + pub __bindgen_anon_3: _TEB__bindgen_ty_3, + pub TxnScopeEnterCallback: PVOID, + pub TxnScopeExitCallback: PVOID, + pub TxnScopeContext: PVOID, + pub LockCount: ULONG, + pub WowTebOffset: LONG, + pub ResourceRetValue: PVOID, + pub ReservedForWdf: PVOID, + pub ReservedForCrt: ULONGLONG, + pub EffectiveContainerId: GUID, + pub LastSleepCounter: ULONGLONG, + pub SpinCallCount: ULONG, + pub ExtendedFeatureDisableMask: ULONGLONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _TEB__bindgen_ty_1 { + pub CurrentIdealProcessor: PROCESSOR_NUMBER, + pub IdealProcessorValue: ULONG, + pub __bindgen_anon_1: _TEB__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TEB__bindgen_ty_1__bindgen_ty_1 { + pub ReservedPad0: UCHAR, + pub ReservedPad1: UCHAR, + pub ReservedPad2: UCHAR, + pub IdealProcessor: UCHAR, +} +impl Default for _TEB__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _TEB__bindgen_ty_2 { + pub CrossTebFlags: USHORT, + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>, +} +impl Default for _TEB__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _TEB__bindgen_ty_2 { + #[inline] + pub fn SpareCrossTebBits(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 16u8) as u16) } + } + #[inline] + pub fn set_SpareCrossTebBits(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 16u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(SpareCrossTebBits: USHORT) -> __BindgenBitfieldUnit<[u8; 2usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 16u8, { + let SpareCrossTebBits: u16 = unsafe { ::core::mem::transmute(SpareCrossTebBits) }; + SpareCrossTebBits as u64 + }); + __bindgen_bitfield_unit + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _TEB__bindgen_ty_3 { + pub SameTebFlags: USHORT, + pub __bindgen_anon_1: _TEB__bindgen_ty_3__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(2))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TEB__bindgen_ty_3__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>, +} +impl _TEB__bindgen_ty_3__bindgen_ty_1 { + #[inline] + pub fn SafeThunkCall(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u16) } + } + #[inline] + pub fn set_SafeThunkCall(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn InDebugPrint(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u16) } + } + #[inline] + pub fn set_InDebugPrint(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn HasFiberData(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u16) } + } + #[inline] + pub fn set_HasFiberData(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn SkipThreadAttach(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u16) } + } + #[inline] + pub fn set_SkipThreadAttach(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn WerInShipAssertCode(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u16) } + } + #[inline] + pub fn set_WerInShipAssertCode(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn RanProcessInit(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u16) } + } + #[inline] + pub fn set_RanProcessInit(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn ClonedThread(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u16) } + } + #[inline] + pub fn set_ClonedThread(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn SuppressDebugMsg(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u16) } + } + #[inline] + pub fn set_SuppressDebugMsg(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn DisableUserStackWalk(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u16) } + } + #[inline] + pub fn set_DisableUserStackWalk(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn RtlExceptionAttached(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u16) } + } + #[inline] + pub fn set_RtlExceptionAttached(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn InitialThread(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 1u8) as u16) } + } + #[inline] + pub fn set_InitialThread(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 1u8, val as u64) + } + } + #[inline] + pub fn SessionAware(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(11usize, 1u8) as u16) } + } + #[inline] + pub fn set_SessionAware(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(11usize, 1u8, val as u64) + } + } + #[inline] + pub fn LoadOwner(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 1u8) as u16) } + } + #[inline] + pub fn set_LoadOwner(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 1u8, val as u64) + } + } + #[inline] + pub fn LoaderWorker(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(13usize, 1u8) as u16) } + } + #[inline] + pub fn set_LoaderWorker(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(13usize, 1u8, val as u64) + } + } + #[inline] + pub fn SkipLoaderInit(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(14usize, 1u8) as u16) } + } + #[inline] + pub fn set_SkipLoaderInit(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(14usize, 1u8, val as u64) + } + } + #[inline] + pub fn SkipFileAPIBrokering(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(15usize, 1u8) as u16) } + } + #[inline] + pub fn set_SkipFileAPIBrokering(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(15usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + SafeThunkCall: USHORT, + InDebugPrint: USHORT, + HasFiberData: USHORT, + SkipThreadAttach: USHORT, + WerInShipAssertCode: USHORT, + RanProcessInit: USHORT, + ClonedThread: USHORT, + SuppressDebugMsg: USHORT, + DisableUserStackWalk: USHORT, + RtlExceptionAttached: USHORT, + InitialThread: USHORT, + SessionAware: USHORT, + LoadOwner: USHORT, + LoaderWorker: USHORT, + SkipLoaderInit: USHORT, + SkipFileAPIBrokering: USHORT, + ) -> __BindgenBitfieldUnit<[u8; 2usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let SafeThunkCall: u16 = unsafe { ::core::mem::transmute(SafeThunkCall) }; + SafeThunkCall as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let InDebugPrint: u16 = unsafe { ::core::mem::transmute(InDebugPrint) }; + InDebugPrint as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let HasFiberData: u16 = unsafe { ::core::mem::transmute(HasFiberData) }; + HasFiberData as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let SkipThreadAttach: u16 = unsafe { ::core::mem::transmute(SkipThreadAttach) }; + SkipThreadAttach as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let WerInShipAssertCode: u16 = unsafe { ::core::mem::transmute(WerInShipAssertCode) }; + WerInShipAssertCode as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let RanProcessInit: u16 = unsafe { ::core::mem::transmute(RanProcessInit) }; + RanProcessInit as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let ClonedThread: u16 = unsafe { ::core::mem::transmute(ClonedThread) }; + ClonedThread as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let SuppressDebugMsg: u16 = unsafe { ::core::mem::transmute(SuppressDebugMsg) }; + SuppressDebugMsg as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let DisableUserStackWalk: u16 = unsafe { ::core::mem::transmute(DisableUserStackWalk) }; + DisableUserStackWalk as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let RtlExceptionAttached: u16 = unsafe { ::core::mem::transmute(RtlExceptionAttached) }; + RtlExceptionAttached as u64 + }); + __bindgen_bitfield_unit.set(10usize, 1u8, { + let InitialThread: u16 = unsafe { ::core::mem::transmute(InitialThread) }; + InitialThread as u64 + }); + __bindgen_bitfield_unit.set(11usize, 1u8, { + let SessionAware: u16 = unsafe { ::core::mem::transmute(SessionAware) }; + SessionAware as u64 + }); + __bindgen_bitfield_unit.set(12usize, 1u8, { + let LoadOwner: u16 = unsafe { ::core::mem::transmute(LoadOwner) }; + LoadOwner as u64 + }); + __bindgen_bitfield_unit.set(13usize, 1u8, { + let LoaderWorker: u16 = unsafe { ::core::mem::transmute(LoaderWorker) }; + LoaderWorker as u64 + }); + __bindgen_bitfield_unit.set(14usize, 1u8, { + let SkipLoaderInit: u16 = unsafe { ::core::mem::transmute(SkipLoaderInit) }; + SkipLoaderInit as u64 + }); + __bindgen_bitfield_unit.set(15usize, 1u8, { + let SkipFileAPIBrokering: u16 = unsafe { ::core::mem::transmute(SkipFileAPIBrokering) }; + SkipFileAPIBrokering as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _TEB__bindgen_ty_3 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _TEB { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TEB = _TEB; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PROCESSINFOCLASS { + ProcessBasicInformation = 0, + ProcessQuotaLimits = 1, + ProcessIoCounters = 2, + ProcessVmCounters = 3, + ProcessTimes = 4, + ProcessBasePriority = 5, + ProcessRaisePriority = 6, + ProcessDebugPort = 7, + ProcessExceptionPort = 8, + ProcessAccessToken = 9, + ProcessLdtInformation = 10, + ProcessLdtSize = 11, + ProcessDefaultHardErrorMode = 12, + ProcessIoPortHandlers = 13, + ProcessPooledUsageAndLimits = 14, + ProcessWorkingSetWatch = 15, + ProcessUserModeIOPL = 16, + ProcessEnableAlignmentFaultFixup = 17, + ProcessPriorityClass = 18, + ProcessWx86Information = 19, + ProcessHandleCount = 20, + ProcessAffinityMask = 21, + ProcessPriorityBoost = 22, + ProcessDeviceMap = 23, + ProcessSessionInformation = 24, + ProcessForegroundInformation = 25, + ProcessWow64Information = 26, + ProcessImageFileName = 27, + ProcessLUIDDeviceMapsEnabled = 28, + ProcessBreakOnTermination = 29, + ProcessDebugObjectHandle = 30, + ProcessDebugFlags = 31, + ProcessHandleTracing = 32, + ProcessIoPriority = 33, + ProcessExecuteFlags = 34, + ProcessTlsInformation = 35, + ProcessCookie = 36, + ProcessImageInformation = 37, + ProcessCycleTime = 38, + ProcessPagePriority = 39, + ProcessInstrumentationCallback = 40, + ProcessThreadStackAllocation = 41, + ProcessWorkingSetWatchEx = 42, + ProcessImageFileNameWin32 = 43, + ProcessImageFileMapping = 44, + ProcessAffinityUpdateMode = 45, + ProcessMemoryAllocationMode = 46, + ProcessGroupInformation = 47, + ProcessTokenVirtualizationEnabled = 48, + ProcessConsoleHostProcess = 49, + ProcessWindowInformation = 50, + ProcessHandleInformation = 51, + ProcessMitigationPolicy = 52, + ProcessDynamicFunctionTableInformation = 53, + ProcessHandleCheckingMode = 54, + ProcessKeepAliveCount = 55, + ProcessRevokeFileHandles = 56, + ProcessWorkingSetControl = 57, + ProcessHandleTable = 58, + ProcessCheckStackExtentsMode = 59, + ProcessCommandLineInformation = 60, + ProcessProtectionInformation = 61, + ProcessMemoryExhaustion = 62, + ProcessFaultInformation = 63, + ProcessTelemetryIdInformation = 64, + ProcessCommitReleaseInformation = 65, + ProcessDefaultCpuSetsInformation = 66, + ProcessAllowedCpuSetsInformation = 67, + ProcessSubsystemProcess = 68, + ProcessJobMemoryInformation = 69, + ProcessInPrivate = 70, + ProcessRaiseUMExceptionOnInvalidHandleClose = 71, + ProcessIumChallengeResponse = 72, + ProcessChildProcessInformation = 73, + ProcessHighGraphicsPriorityInformation = 74, + ProcessSubsystemInformation = 75, + ProcessEnergyValues = 76, + ProcessPowerThrottlingState = 77, + ProcessReserved3Information = 78, + ProcessWin32kSyscallFilterInformation = 79, + ProcessDisableSystemAllowedCpuSets = 80, + ProcessWakeInformation = 81, + ProcessEnergyTrackingState = 82, + ProcessManageWritesToExecutableMemory = 83, + ProcessCaptureTrustletLiveDump = 84, + ProcessTelemetryCoverage = 85, + ProcessEnclaveInformation = 86, + ProcessEnableReadWriteVmLogging = 87, + ProcessUptimeInformation = 88, + ProcessImageSection = 89, + ProcessDebugAuthInformation = 90, + ProcessSystemResourceManagement = 91, + ProcessSequenceNumber = 92, + ProcessLoaderDetour = 93, + ProcessSecurityDomainInformation = 94, + ProcessCombineSecurityDomainsInformation = 95, + ProcessEnableLogging = 96, + ProcessLeapSecondInformation = 97, + ProcessFiberShadowStackAllocation = 98, + ProcessFreeFiberShadowStackAllocation = 99, + ProcessAltSystemCallInformation = 100, + ProcessDynamicEHContinuationTargets = 101, + ProcessDynamicEnforcedCetCompatibleRanges = 102, + ProcessCreateStateChange = 103, + ProcessApplyStateChange = 104, + ProcessEnableOptionalXStateFeatures = 105, + ProcessAltPrefetchParam = 106, + ProcessAssignCpuPartitions = 107, + ProcessPriorityClassEx = 108, + ProcessMembershipInformation = 109, + ProcessEffectiveIoPriority = 110, + ProcessEffectivePagePriority = 111, + MaxProcessInfoClass = 112, +} +pub use self::_PROCESSINFOCLASS as PROCESSINFOCLASS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _THREADINFOCLASS { + ThreadBasicInformation = 0, + ThreadTimes = 1, + ThreadPriority = 2, + ThreadBasePriority = 3, + ThreadAffinityMask = 4, + ThreadImpersonationToken = 5, + ThreadDescriptorTableEntry = 6, + ThreadEnableAlignmentFaultFixup = 7, + ThreadEventPair = 8, + ThreadQuerySetWin32StartAddress = 9, + ThreadZeroTlsCell = 10, + ThreadPerformanceCount = 11, + ThreadAmILastThread = 12, + ThreadIdealProcessor = 13, + ThreadPriorityBoost = 14, + ThreadSetTlsArrayAddress = 15, + ThreadIsIoPending = 16, + ThreadHideFromDebugger = 17, + ThreadBreakOnTermination = 18, + ThreadSwitchLegacyState = 19, + ThreadIsTerminated = 20, + ThreadLastSystemCall = 21, + ThreadIoPriority = 22, + ThreadCycleTime = 23, + ThreadPagePriority = 24, + ThreadActualBasePriority = 25, + ThreadTebInformation = 26, + ThreadCSwitchMon = 27, + ThreadCSwitchPmu = 28, + ThreadWow64Context = 29, + ThreadGroupInformation = 30, + ThreadUmsInformation = 31, + ThreadCounterProfiling = 32, + ThreadIdealProcessorEx = 33, + ThreadCpuAccountingInformation = 34, + ThreadSuspendCount = 35, + ThreadHeterogeneousCpuPolicy = 36, + ThreadContainerId = 37, + ThreadNameInformation = 38, + ThreadSelectedCpuSets = 39, + ThreadSystemThreadInformation = 40, + ThreadActualGroupAffinity = 41, + ThreadDynamicCodePolicyInfo = 42, + ThreadExplicitCaseSensitivity = 43, + ThreadWorkOnBehalfTicket = 44, + ThreadSubsystemInformation = 45, + ThreadDbgkWerReportActive = 46, + ThreadAttachContainer = 47, + ThreadManageWritesToExecutableMemory = 48, + ThreadPowerThrottlingState = 49, + ThreadWorkloadClass = 50, + ThreadCreateStateChange = 51, + ThreadApplyStateChange = 52, + ThreadStrongerBadHandleChecks = 53, + ThreadEffectiveIoPriority = 54, + ThreadEffectivePagePriority = 55, + MaxThreadInfoClass = 56, +} +pub use self::_THREADINFOCLASS as THREADINFOCLASS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PAGE_PRIORITY_INFORMATION { + pub PagePriority: ULONG, +} +pub type PAGE_PRIORITY_INFORMATION = _PAGE_PRIORITY_INFORMATION; +pub type PPAGE_PRIORITY_INFORMATION = *mut _PAGE_PRIORITY_INFORMATION; +#[repr(C)] +pub struct _PROCESS_BASIC_INFORMATION { + pub ExitStatus: NTSTATUS, + pub PebBaseAddress: PPEB, + pub AffinityMask: KAFFINITY, + pub BasePriority: KPRIORITY, + pub UniqueProcessId: HANDLE, + pub InheritedFromUniqueProcessId: HANDLE, +} +impl Default for _PROCESS_BASIC_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_BASIC_INFORMATION = _PROCESS_BASIC_INFORMATION; +pub type PPROCESS_BASIC_INFORMATION = *mut _PROCESS_BASIC_INFORMATION; +#[repr(C)] +pub struct _PROCESS_EXTENDED_BASIC_INFORMATION { + pub Size: SIZE_T, + pub BasicInfo: PROCESS_BASIC_INFORMATION, + pub __bindgen_anon_1: _PROCESS_EXTENDED_BASIC_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_EXTENDED_BASIC_INFORMATION__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _PROCESS_EXTENDED_BASIC_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_EXTENDED_BASIC_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_EXTENDED_BASIC_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn IsProtectedProcess(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsProtectedProcess(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsWow64Process(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsWow64Process(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsProcessDeleting(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsProcessDeleting(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsCrossSessionCreate(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsCrossSessionCreate(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsFrozen(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsFrozen(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsBackground(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsBackground(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsStronglyNamed(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsStronglyNamed(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsSecureProcess(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsSecureProcess(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsSubsystemProcess(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsSubsystemProcess(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpareBits(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 23u8) as u32) } + } + #[inline] + pub fn set_SpareBits(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 23u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + IsProtectedProcess: ULONG, + IsWow64Process: ULONG, + IsProcessDeleting: ULONG, + IsCrossSessionCreate: ULONG, + IsFrozen: ULONG, + IsBackground: ULONG, + IsStronglyNamed: ULONG, + IsSecureProcess: ULONG, + IsSubsystemProcess: ULONG, + SpareBits: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let IsProtectedProcess: u32 = unsafe { ::core::mem::transmute(IsProtectedProcess) }; + IsProtectedProcess as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let IsWow64Process: u32 = unsafe { ::core::mem::transmute(IsWow64Process) }; + IsWow64Process as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let IsProcessDeleting: u32 = unsafe { ::core::mem::transmute(IsProcessDeleting) }; + IsProcessDeleting as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let IsCrossSessionCreate: u32 = unsafe { ::core::mem::transmute(IsCrossSessionCreate) }; + IsCrossSessionCreate as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let IsFrozen: u32 = unsafe { ::core::mem::transmute(IsFrozen) }; + IsFrozen as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let IsBackground: u32 = unsafe { ::core::mem::transmute(IsBackground) }; + IsBackground as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let IsStronglyNamed: u32 = unsafe { ::core::mem::transmute(IsStronglyNamed) }; + IsStronglyNamed as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let IsSecureProcess: u32 = unsafe { ::core::mem::transmute(IsSecureProcess) }; + IsSecureProcess as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let IsSubsystemProcess: u32 = unsafe { ::core::mem::transmute(IsSubsystemProcess) }; + IsSubsystemProcess as u64 + }); + __bindgen_bitfield_unit.set(9usize, 23u8, { + let SpareBits: u32 = unsafe { ::core::mem::transmute(SpareBits) }; + SpareBits as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_EXTENDED_BASIC_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_EXTENDED_BASIC_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_EXTENDED_BASIC_INFORMATION = _PROCESS_EXTENDED_BASIC_INFORMATION; +pub type PPROCESS_EXTENDED_BASIC_INFORMATION = *mut _PROCESS_EXTENDED_BASIC_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _VM_COUNTERS { + pub PeakVirtualSize: SIZE_T, + pub VirtualSize: SIZE_T, + pub PageFaultCount: ULONG, + pub PeakWorkingSetSize: SIZE_T, + pub WorkingSetSize: SIZE_T, + pub QuotaPeakPagedPoolUsage: SIZE_T, + pub QuotaPagedPoolUsage: SIZE_T, + pub QuotaPeakNonPagedPoolUsage: SIZE_T, + pub QuotaNonPagedPoolUsage: SIZE_T, + pub PagefileUsage: SIZE_T, + pub PeakPagefileUsage: SIZE_T, +} +pub type VM_COUNTERS = _VM_COUNTERS; +pub type PVM_COUNTERS = *mut _VM_COUNTERS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _VM_COUNTERS_EX { + pub PeakVirtualSize: SIZE_T, + pub VirtualSize: SIZE_T, + pub PageFaultCount: ULONG, + pub PeakWorkingSetSize: SIZE_T, + pub WorkingSetSize: SIZE_T, + pub QuotaPeakPagedPoolUsage: SIZE_T, + pub QuotaPagedPoolUsage: SIZE_T, + pub QuotaPeakNonPagedPoolUsage: SIZE_T, + pub QuotaNonPagedPoolUsage: SIZE_T, + pub PagefileUsage: SIZE_T, + pub PeakPagefileUsage: SIZE_T, + pub PrivateUsage: SIZE_T, +} +pub type VM_COUNTERS_EX = _VM_COUNTERS_EX; +pub type PVM_COUNTERS_EX = *mut _VM_COUNTERS_EX; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _VM_COUNTERS_EX2 { + pub CountersEx: VM_COUNTERS_EX, + pub PrivateWorkingSetSize: SIZE_T, + pub SharedCommitUsage: SIZE_T, +} +pub type VM_COUNTERS_EX2 = _VM_COUNTERS_EX2; +pub type PVM_COUNTERS_EX2 = *mut _VM_COUNTERS_EX2; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _KERNEL_USER_TIMES { + pub CreateTime: LARGE_INTEGER, + pub ExitTime: LARGE_INTEGER, + pub KernelTime: LARGE_INTEGER, + pub UserTime: LARGE_INTEGER, +} +impl Default for _KERNEL_USER_TIMES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type KERNEL_USER_TIMES = _KERNEL_USER_TIMES; +pub type PKERNEL_USER_TIMES = *mut _KERNEL_USER_TIMES; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _POOLED_USAGE_AND_LIMITS { + pub PeakPagedPoolUsage: SIZE_T, + pub PagedPoolUsage: SIZE_T, + pub PagedPoolLimit: SIZE_T, + pub PeakNonPagedPoolUsage: SIZE_T, + pub NonPagedPoolUsage: SIZE_T, + pub NonPagedPoolLimit: SIZE_T, + pub PeakPagefileUsage: SIZE_T, + pub PagefileUsage: SIZE_T, + pub PagefileLimit: SIZE_T, +} +pub type POOLED_USAGE_AND_LIMITS = _POOLED_USAGE_AND_LIMITS; +pub type PPOOLED_USAGE_AND_LIMITS = *mut _POOLED_USAGE_AND_LIMITS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_EXCEPTION_PORT { + pub ExceptionPortHandle: HANDLE, + pub StateFlags: ULONG, +} +impl Default for _PROCESS_EXCEPTION_PORT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_EXCEPTION_PORT = _PROCESS_EXCEPTION_PORT; +pub type PPROCESS_EXCEPTION_PORT = *mut _PROCESS_EXCEPTION_PORT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_ACCESS_TOKEN { + pub Token: HANDLE, + pub Thread: HANDLE, +} +impl Default for _PROCESS_ACCESS_TOKEN { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_ACCESS_TOKEN = _PROCESS_ACCESS_TOKEN; +pub type PPROCESS_ACCESS_TOKEN = *mut _PROCESS_ACCESS_TOKEN; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_LDT_INFORMATION { + pub Start: ULONG, + pub Length: ULONG, + pub LdtEntries: [LDT_ENTRY; 1usize], +} +impl Default for _PROCESS_LDT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_LDT_INFORMATION = _PROCESS_LDT_INFORMATION; +pub type PPROCESS_LDT_INFORMATION = *mut _PROCESS_LDT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_LDT_SIZE { + pub Length: ULONG, +} +pub type PROCESS_LDT_SIZE = _PROCESS_LDT_SIZE; +pub type PPROCESS_LDT_SIZE = *mut _PROCESS_LDT_SIZE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_WS_WATCH_INFORMATION { + pub FaultingPc: PVOID, + pub FaultingVa: PVOID, +} +impl Default for _PROCESS_WS_WATCH_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_WS_WATCH_INFORMATION = _PROCESS_WS_WATCH_INFORMATION; +pub type PPROCESS_WS_WATCH_INFORMATION = *mut _PROCESS_WS_WATCH_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_WS_WATCH_INFORMATION_EX { + pub BasicInfo: PROCESS_WS_WATCH_INFORMATION, + pub FaultingThreadId: ULONG_PTR, + pub Flags: ULONG_PTR, +} +impl Default for _PROCESS_WS_WATCH_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_WS_WATCH_INFORMATION_EX = _PROCESS_WS_WATCH_INFORMATION_EX; +pub type PPROCESS_WS_WATCH_INFORMATION_EX = *mut _PROCESS_WS_WATCH_INFORMATION_EX; +#[repr(C)] +pub struct _PROCESS_PRIORITY_CLASS { + pub Foreground: BOOLEAN, + pub PriorityClass: UCHAR, +} +impl Default for _PROCESS_PRIORITY_CLASS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_PRIORITY_CLASS = _PROCESS_PRIORITY_CLASS; +pub type PPROCESS_PRIORITY_CLASS = *mut _PROCESS_PRIORITY_CLASS; +#[repr(C)] +pub struct _PROCESS_PRIORITY_CLASS_EX { + pub __bindgen_anon_1: _PROCESS_PRIORITY_CLASS_EX__bindgen_ty_1, + pub PriorityClass: UCHAR, + pub Foreground: BOOLEAN, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_PRIORITY_CLASS_EX__bindgen_ty_1 { + pub __bindgen_anon_1: _PROCESS_PRIORITY_CLASS_EX__bindgen_ty_1__bindgen_ty_1, + pub AllFlags: USHORT, +} +#[repr(C)] +#[repr(align(2))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_PRIORITY_CLASS_EX__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, + pub __bindgen_padding_0: u8, +} +impl _PROCESS_PRIORITY_CLASS_EX__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn ForegroundValid(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u16) } + } + #[inline] + pub fn set_ForegroundValid(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn PriorityClassValid(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u16) } + } + #[inline] + pub fn set_PriorityClassValid(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ForegroundValid: USHORT, + PriorityClassValid: USHORT, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ForegroundValid: u16 = unsafe { ::core::mem::transmute(ForegroundValid) }; + ForegroundValid as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let PriorityClassValid: u16 = unsafe { ::core::mem::transmute(PriorityClassValid) }; + PriorityClassValid as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_PRIORITY_CLASS_EX__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_PRIORITY_CLASS_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_PRIORITY_CLASS_EX = _PROCESS_PRIORITY_CLASS_EX; +pub type PPROCESS_PRIORITY_CLASS_EX = *mut _PROCESS_PRIORITY_CLASS_EX; +#[repr(C)] +pub struct _PROCESS_FOREGROUND_BACKGROUND { + pub Foreground: BOOLEAN, +} +impl Default for _PROCESS_FOREGROUND_BACKGROUND { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_FOREGROUND_BACKGROUND = _PROCESS_FOREGROUND_BACKGROUND; +pub type PPROCESS_FOREGROUND_BACKGROUND = *mut _PROCESS_FOREGROUND_BACKGROUND; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_DEVICEMAP_INFORMATION { + pub __bindgen_anon_1: _PROCESS_DEVICEMAP_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_DEVICEMAP_INFORMATION__bindgen_ty_1 { + pub Set: _PROCESS_DEVICEMAP_INFORMATION__bindgen_ty_1__bindgen_ty_1, + pub Query: _PROCESS_DEVICEMAP_INFORMATION__bindgen_ty_1__bindgen_ty_2, +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_DEVICEMAP_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub DirectoryHandle: HANDLE, +} +impl Default for _PROCESS_DEVICEMAP_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_DEVICEMAP_INFORMATION__bindgen_ty_1__bindgen_ty_2 { + pub DriveMap: ULONG, + pub DriveType: [UCHAR; 32usize], +} +impl Default for _PROCESS_DEVICEMAP_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_DEVICEMAP_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_DEVICEMAP_INFORMATION = _PROCESS_DEVICEMAP_INFORMATION; +pub type PPROCESS_DEVICEMAP_INFORMATION = *mut _PROCESS_DEVICEMAP_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_DEVICEMAP_INFORMATION_EX { + pub __bindgen_anon_1: _PROCESS_DEVICEMAP_INFORMATION_EX__bindgen_ty_1, + pub Flags: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_DEVICEMAP_INFORMATION_EX__bindgen_ty_1 { + pub Set: _PROCESS_DEVICEMAP_INFORMATION_EX__bindgen_ty_1__bindgen_ty_1, + pub Query: _PROCESS_DEVICEMAP_INFORMATION_EX__bindgen_ty_1__bindgen_ty_2, +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_DEVICEMAP_INFORMATION_EX__bindgen_ty_1__bindgen_ty_1 { + pub DirectoryHandle: HANDLE, +} +impl Default for _PROCESS_DEVICEMAP_INFORMATION_EX__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_DEVICEMAP_INFORMATION_EX__bindgen_ty_1__bindgen_ty_2 { + pub DriveMap: ULONG, + pub DriveType: [UCHAR; 32usize], +} +impl Default for _PROCESS_DEVICEMAP_INFORMATION_EX__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_DEVICEMAP_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_DEVICEMAP_INFORMATION_EX = _PROCESS_DEVICEMAP_INFORMATION_EX; +pub type PPROCESS_DEVICEMAP_INFORMATION_EX = *mut _PROCESS_DEVICEMAP_INFORMATION_EX; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_SESSION_INFORMATION { + pub SessionId: ULONG, +} +pub type PROCESS_SESSION_INFORMATION = _PROCESS_SESSION_INFORMATION; +pub type PPROCESS_SESSION_INFORMATION = *mut _PROCESS_SESSION_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_HANDLE_TRACING_ENABLE { + pub Flags: ULONG, +} +pub type PROCESS_HANDLE_TRACING_ENABLE = _PROCESS_HANDLE_TRACING_ENABLE; +pub type PPROCESS_HANDLE_TRACING_ENABLE = *mut _PROCESS_HANDLE_TRACING_ENABLE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_HANDLE_TRACING_ENABLE_EX { + pub Flags: ULONG, + pub TotalSlots: ULONG, +} +pub type PROCESS_HANDLE_TRACING_ENABLE_EX = _PROCESS_HANDLE_TRACING_ENABLE_EX; +pub type PPROCESS_HANDLE_TRACING_ENABLE_EX = *mut _PROCESS_HANDLE_TRACING_ENABLE_EX; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_HANDLE_TRACING_ENTRY { + pub Handle: HANDLE, + pub ClientId: CLIENT_ID, + pub Type: ULONG, + pub Stacks: [PVOID; 16usize], +} +impl Default for _PROCESS_HANDLE_TRACING_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_HANDLE_TRACING_ENTRY = _PROCESS_HANDLE_TRACING_ENTRY; +pub type PPROCESS_HANDLE_TRACING_ENTRY = *mut _PROCESS_HANDLE_TRACING_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_HANDLE_TRACING_QUERY { + pub Handle: HANDLE, + pub TotalTraces: ULONG, + pub HandleTrace: [PROCESS_HANDLE_TRACING_ENTRY; 1usize], +} +impl Default for _PROCESS_HANDLE_TRACING_QUERY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_HANDLE_TRACING_QUERY = _PROCESS_HANDLE_TRACING_QUERY; +pub type PPROCESS_HANDLE_TRACING_QUERY = *mut _PROCESS_HANDLE_TRACING_QUERY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _THREAD_TLS_INFORMATION { + pub Flags: ULONG, + pub NewTlsData: PVOID, + pub OldTlsData: PVOID, + pub ThreadId: HANDLE, +} +impl Default for _THREAD_TLS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type THREAD_TLS_INFORMATION = _THREAD_TLS_INFORMATION; +pub type PTHREAD_TLS_INFORMATION = *mut _THREAD_TLS_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PROCESS_TLS_INFORMATION_TYPE { + ProcessTlsReplaceIndex = 0, + ProcessTlsReplaceVector = 1, + MaxProcessTlsOperation = 2, +} +pub use self::_PROCESS_TLS_INFORMATION_TYPE as PROCESS_TLS_INFORMATION_TYPE; +pub type PPROCESS_TLS_INFORMATION_TYPE = *mut _PROCESS_TLS_INFORMATION_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_TLS_INFORMATION { + pub Flags: ULONG, + pub OperationType: ULONG, + pub ThreadDataCount: ULONG, + pub TlsIndex: ULONG, + pub PreviousCount: ULONG, + pub ThreadData: [THREAD_TLS_INFORMATION; 1usize], +} +impl Default for _PROCESS_TLS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_TLS_INFORMATION = _PROCESS_TLS_INFORMATION; +pub type PPROCESS_TLS_INFORMATION = *mut _PROCESS_TLS_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION { + pub Version: ULONG, + pub Reserved: ULONG, + pub Callback: PVOID, +} +impl Default for _PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION = + _PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION; +pub type PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION = + *mut _PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_STACK_ALLOCATION_INFORMATION { + pub ReserveSize: SIZE_T, + pub ZeroBits: SIZE_T, + pub StackBase: PVOID, +} +impl Default for _PROCESS_STACK_ALLOCATION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_STACK_ALLOCATION_INFORMATION = _PROCESS_STACK_ALLOCATION_INFORMATION; +pub type PPROCESS_STACK_ALLOCATION_INFORMATION = *mut _PROCESS_STACK_ALLOCATION_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_STACK_ALLOCATION_INFORMATION_EX { + pub PreferredNode: ULONG, + pub Reserved0: ULONG, + pub Reserved1: ULONG, + pub Reserved2: ULONG, + pub AllocInfo: PROCESS_STACK_ALLOCATION_INFORMATION, +} +impl Default for _PROCESS_STACK_ALLOCATION_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_STACK_ALLOCATION_INFORMATION_EX = _PROCESS_STACK_ALLOCATION_INFORMATION_EX; +pub type PPROCESS_STACK_ALLOCATION_INFORMATION_EX = *mut _PROCESS_STACK_ALLOCATION_INFORMATION_EX; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_AFFINITY_UPDATE_MODE { + pub Flags: ULONG, + pub __bindgen_anon_1: _PROCESS_AFFINITY_UPDATE_MODE__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_AFFINITY_UPDATE_MODE__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_AFFINITY_UPDATE_MODE__bindgen_ty_1 { + #[inline] + pub fn EnableAutoUpdate(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableAutoUpdate(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Permanent(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_Permanent(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 30u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 30u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + EnableAutoUpdate: ULONG, + Permanent: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let EnableAutoUpdate: u32 = unsafe { ::core::mem::transmute(EnableAutoUpdate) }; + EnableAutoUpdate as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let Permanent: u32 = unsafe { ::core::mem::transmute(Permanent) }; + Permanent as u64 + }); + __bindgen_bitfield_unit.set(2usize, 30u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_AFFINITY_UPDATE_MODE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_AFFINITY_UPDATE_MODE = _PROCESS_AFFINITY_UPDATE_MODE; +pub type PPROCESS_AFFINITY_UPDATE_MODE = *mut _PROCESS_AFFINITY_UPDATE_MODE; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MEMORY_ALLOCATION_MODE { + pub Flags: ULONG, + pub __bindgen_anon_1: _PROCESS_MEMORY_ALLOCATION_MODE__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MEMORY_ALLOCATION_MODE__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_MEMORY_ALLOCATION_MODE__bindgen_ty_1 { + #[inline] + pub fn TopDown(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_TopDown(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(TopDown: ULONG, Reserved: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let TopDown: u32 = unsafe { ::core::mem::transmute(TopDown) }; + TopDown as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_MEMORY_ALLOCATION_MODE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MEMORY_ALLOCATION_MODE = _PROCESS_MEMORY_ALLOCATION_MODE; +pub type PPROCESS_MEMORY_ALLOCATION_MODE = *mut _PROCESS_MEMORY_ALLOCATION_MODE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_HANDLE_INFORMATION { + pub HandleCount: ULONG, + pub HandleCountHighWatermark: ULONG, +} +pub type PROCESS_HANDLE_INFORMATION = _PROCESS_HANDLE_INFORMATION; +pub type PPROCESS_HANDLE_INFORMATION = *mut _PROCESS_HANDLE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_CYCLE_TIME_INFORMATION { + pub AccumulatedCycles: ULONGLONG, + pub CurrentCycleCount: ULONGLONG, +} +pub type PROCESS_CYCLE_TIME_INFORMATION = _PROCESS_CYCLE_TIME_INFORMATION; +pub type PPROCESS_CYCLE_TIME_INFORMATION = *mut _PROCESS_CYCLE_TIME_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_WINDOW_INFORMATION { + pub WindowFlags: ULONG, + pub WindowTitleLength: USHORT, + pub WindowTitle: [WCHAR; 1usize], +} +pub type PROCESS_WINDOW_INFORMATION = _PROCESS_WINDOW_INFORMATION; +pub type PPROCESS_WINDOW_INFORMATION = *mut _PROCESS_WINDOW_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_HANDLE_TABLE_ENTRY_INFO { + pub HandleValue: HANDLE, + pub HandleCount: ULONG_PTR, + pub PointerCount: ULONG_PTR, + pub GrantedAccess: ULONG, + pub ObjectTypeIndex: ULONG, + pub HandleAttributes: ULONG, + pub Reserved: ULONG, +} +impl Default for _PROCESS_HANDLE_TABLE_ENTRY_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_HANDLE_TABLE_ENTRY_INFO = _PROCESS_HANDLE_TABLE_ENTRY_INFO; +pub type PPROCESS_HANDLE_TABLE_ENTRY_INFO = *mut _PROCESS_HANDLE_TABLE_ENTRY_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_HANDLE_SNAPSHOT_INFORMATION { + pub NumberOfHandles: ULONG_PTR, + pub Reserved: ULONG_PTR, + pub Handles: [PROCESS_HANDLE_TABLE_ENTRY_INFO; 1usize], +} +impl Default for _PROCESS_HANDLE_SNAPSHOT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_HANDLE_SNAPSHOT_INFORMATION = _PROCESS_HANDLE_SNAPSHOT_INFORMATION; +pub type PPROCESS_HANDLE_SNAPSHOT_INFORMATION = *mut _PROCESS_HANDLE_SNAPSHOT_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PROCESS_MITIGATION_POLICY_INFORMATION { + pub Policy: PROCESS_MITIGATION_POLICY, + pub __bindgen_anon_1: _PROCESS_MITIGATION_POLICY_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_MITIGATION_POLICY_INFORMATION__bindgen_ty_1 { + pub ASLRPolicy: PROCESS_MITIGATION_ASLR_POLICY, + pub StrictHandleCheckPolicy: PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, + pub SystemCallDisablePolicy: PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, + pub ExtensionPointDisablePolicy: PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, + pub DynamicCodePolicy: PROCESS_MITIGATION_DYNAMIC_CODE_POLICY, + pub ControlFlowGuardPolicy: PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY, + pub SignaturePolicy: PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY, + pub FontDisablePolicy: PROCESS_MITIGATION_FONT_DISABLE_POLICY, + pub ImageLoadPolicy: PROCESS_MITIGATION_IMAGE_LOAD_POLICY, + pub SystemCallFilterPolicy: PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY, + pub PayloadRestrictionPolicy: PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY, + pub ChildProcessPolicy: PROCESS_MITIGATION_CHILD_PROCESS_POLICY, + pub SideChannelIsolationPolicy: PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY, + pub UserShadowStackPolicy: PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY, + pub RedirectionTrustPolicy: PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY, + pub UserPointerAuthPolicy: PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY, + pub SEHOPPolicy: PROCESS_MITIGATION_SEHOP_POLICY, +} +impl Default for _PROCESS_MITIGATION_POLICY_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PROCESS_MITIGATION_POLICY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_MITIGATION_POLICY_INFORMATION = _PROCESS_MITIGATION_POLICY_INFORMATION; +pub type PPROCESS_MITIGATION_POLICY_INFORMATION = *mut _PROCESS_MITIGATION_POLICY_INFORMATION; +#[repr(C)] +pub struct _PROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION { + pub DynamicFunctionTable: *mut _DYNAMIC_FUNCTION_TABLE, + pub Remove: BOOLEAN, +} +impl Default for _PROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION = _PROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION; +pub type PPROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION = + *mut _PROCESS_DYNAMIC_FUNCTION_TABLE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_KEEPALIVE_COUNT_INFORMATION { + pub WakeCount: ULONG, + pub NoWakeCount: ULONG, +} +pub type PROCESS_KEEPALIVE_COUNT_INFORMATION = _PROCESS_KEEPALIVE_COUNT_INFORMATION; +pub type PPROCESS_KEEPALIVE_COUNT_INFORMATION = *mut _PROCESS_KEEPALIVE_COUNT_INFORMATION; +#[repr(C)] +pub struct _PROCESS_REVOKE_FILE_HANDLES_INFORMATION { + pub TargetDevicePath: UNICODE_STRING, +} +impl Default for _PROCESS_REVOKE_FILE_HANDLES_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_REVOKE_FILE_HANDLES_INFORMATION = _PROCESS_REVOKE_FILE_HANDLES_INFORMATION; +pub type PPROCESS_REVOKE_FILE_HANDLES_INFORMATION = *mut _PROCESS_REVOKE_FILE_HANDLES_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PROCESS_WORKING_SET_OPERATION { + ProcessWorkingSetSwap = 0, + ProcessWorkingSetEmpty = 1, + ProcessWorkingSetOperationMax = 2, +} +pub use self::_PROCESS_WORKING_SET_OPERATION as PROCESS_WORKING_SET_OPERATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_WORKING_SET_CONTROL { + pub Version: ULONG, + pub Operation: PROCESS_WORKING_SET_OPERATION, + pub Flags: ULONG, +} +impl Default for _PROCESS_WORKING_SET_CONTROL { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_WORKING_SET_CONTROL = _PROCESS_WORKING_SET_CONTROL; +pub type PPROCESS_WORKING_SET_CONTROL = *mut _PROCESS_WORKING_SET_CONTROL; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PS_PROTECTED_TYPE { + PsProtectedTypeNone = 0, + PsProtectedTypeProtectedLight = 1, + PsProtectedTypeProtected = 2, + PsProtectedTypeMax = 3, +} +pub use self::_PS_PROTECTED_TYPE as PS_PROTECTED_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PS_PROTECTED_SIGNER { + PsProtectedSignerNone = 0, + PsProtectedSignerAuthenticode = 1, + PsProtectedSignerCodeGen = 2, + PsProtectedSignerAntimalware = 3, + PsProtectedSignerLsa = 4, + PsProtectedSignerWindows = 5, + PsProtectedSignerWinTcb = 6, + PsProtectedSignerWinSystem = 7, + PsProtectedSignerApp = 8, + PsProtectedSignerMax = 9, +} +pub use self::_PS_PROTECTED_SIGNER as PS_PROTECTED_SIGNER; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PS_PROTECTION { + pub __bindgen_anon_1: _PS_PROTECTION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PS_PROTECTION__bindgen_ty_1 { + pub Level: UCHAR, + pub __bindgen_anon_1: _PS_PROTECTION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PS_PROTECTION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, +} +impl _PS_PROTECTION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn Type(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 3u8) as u8) } + } + #[inline] + pub fn set_Type(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 3u8, val as u64) + } + } + #[inline] + pub fn Audit(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u8) } + } + #[inline] + pub fn set_Audit(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn Signer(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 4u8) as u8) } + } + #[inline] + pub fn set_Signer(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 4u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Type: UCHAR, + Audit: UCHAR, + Signer: UCHAR, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 3u8, { + let Type: u8 = unsafe { ::core::mem::transmute(Type) }; + Type as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let Audit: u8 = unsafe { ::core::mem::transmute(Audit) }; + Audit as u64 + }); + __bindgen_bitfield_unit.set(4usize, 4u8, { + let Signer: u8 = unsafe { ::core::mem::transmute(Signer) }; + Signer as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PS_PROTECTION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PS_PROTECTION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PS_PROTECTION = _PS_PROTECTION; +pub type PPS_PROTECTION = *mut _PS_PROTECTION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_FAULT_INFORMATION { + pub FaultFlags: ULONG, + pub AdditionalInfo: ULONG, +} +pub type PROCESS_FAULT_INFORMATION = _PROCESS_FAULT_INFORMATION; +pub type PPROCESS_FAULT_INFORMATION = *mut _PROCESS_FAULT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_TELEMETRY_ID_INFORMATION { + pub HeaderSize: ULONG, + pub ProcessId: ULONG, + pub ProcessStartKey: ULONGLONG, + pub CreateTime: ULONGLONG, + pub CreateInterruptTime: ULONGLONG, + pub CreateUnbiasedInterruptTime: ULONGLONG, + pub ProcessSequenceNumber: ULONGLONG, + pub SessionCreateTime: ULONGLONG, + pub SessionId: ULONG, + pub BootId: ULONG, + pub ImageChecksum: ULONG, + pub ImageTimeDateStamp: ULONG, + pub UserSidOffset: ULONG, + pub ImagePathOffset: ULONG, + pub PackageNameOffset: ULONG, + pub RelativeAppNameOffset: ULONG, + pub CommandLineOffset: ULONG, +} +pub type PROCESS_TELEMETRY_ID_INFORMATION = _PROCESS_TELEMETRY_ID_INFORMATION; +pub type PPROCESS_TELEMETRY_ID_INFORMATION = *mut _PROCESS_TELEMETRY_ID_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_COMMIT_RELEASE_INFORMATION { + pub Version: ULONG, + pub __bindgen_anon_1: _PROCESS_COMMIT_RELEASE_INFORMATION__bindgen_ty_1, + pub CommitDebt: SIZE_T, + pub CommittedMemResetSize: SIZE_T, + pub RepurposedMemResetSize: SIZE_T, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_COMMIT_RELEASE_INFORMATION__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_COMMIT_RELEASE_INFORMATION__bindgen_ty_1 { + #[inline] + pub fn Eligible(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_Eligible(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReleaseRepurposedMemResetCommit(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_ReleaseRepurposedMemResetCommit(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ForceReleaseMemResetCommit(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_ForceReleaseMemResetCommit(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 29u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 29u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Eligible: ULONG, + ReleaseRepurposedMemResetCommit: ULONG, + ForceReleaseMemResetCommit: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let Eligible: u32 = unsafe { ::core::mem::transmute(Eligible) }; + Eligible as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let ReleaseRepurposedMemResetCommit: u32 = + unsafe { ::core::mem::transmute(ReleaseRepurposedMemResetCommit) }; + ReleaseRepurposedMemResetCommit as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let ForceReleaseMemResetCommit: u32 = + unsafe { ::core::mem::transmute(ForceReleaseMemResetCommit) }; + ForceReleaseMemResetCommit as u64 + }); + __bindgen_bitfield_unit.set(3usize, 29u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type PROCESS_COMMIT_RELEASE_INFORMATION = _PROCESS_COMMIT_RELEASE_INFORMATION; +pub type PPROCESS_COMMIT_RELEASE_INFORMATION = *mut _PROCESS_COMMIT_RELEASE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_JOB_MEMORY_INFO { + pub SharedCommitUsage: ULONGLONG, + pub PrivateCommitUsage: ULONGLONG, + pub PeakPrivateCommitUsage: ULONGLONG, + pub PrivateCommitLimit: ULONGLONG, + pub TotalCommitLimit: ULONGLONG, +} +pub type PROCESS_JOB_MEMORY_INFO = _PROCESS_JOB_MEMORY_INFO; +pub type PPROCESS_JOB_MEMORY_INFO = *mut _PROCESS_JOB_MEMORY_INFO; +#[repr(C)] +pub struct _PROCESS_CHILD_PROCESS_INFORMATION { + pub ProhibitChildProcesses: BOOLEAN, + pub AlwaysAllowSecureChildProcess: BOOLEAN, + pub AuditProhibitChildProcesses: BOOLEAN, +} +impl Default for _PROCESS_CHILD_PROCESS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_CHILD_PROCESS_INFORMATION = _PROCESS_CHILD_PROCESS_INFORMATION; +pub type PPROCESS_CHILD_PROCESS_INFORMATION = *mut _PROCESS_CHILD_PROCESS_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _POWER_THROTTLING_PROCESS_STATE { + pub Version: ULONG, + pub ControlMask: ULONG, + pub StateMask: ULONG, +} +pub type POWER_THROTTLING_PROCESS_STATE = _POWER_THROTTLING_PROCESS_STATE; +pub type PPOWER_THROTTLING_PROCESS_STATE = *mut _POWER_THROTTLING_PROCESS_STATE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _WIN32K_SYSCALL_FILTER { + pub FilterState: ULONG, + pub FilterSet: ULONG, +} +pub type WIN32K_SYSCALL_FILTER = _WIN32K_SYSCALL_FILTER; +pub type PWIN32K_SYSCALL_FILTER = *mut _WIN32K_SYSCALL_FILTER; +pub type PJOBOBJECT_WAKE_FILTER = *mut _JOBOBJECT_WAKE_FILTER; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_WAKE_INFORMATION { + pub NotificationChannel: ULONGLONG, + pub WakeCounters: [ULONG; 7usize], + pub WakeFilter: PJOBOBJECT_WAKE_FILTER, +} +impl Default for _PROCESS_WAKE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_WAKE_INFORMATION = _PROCESS_WAKE_INFORMATION; +pub type PPROCESS_WAKE_INFORMATION = *mut _PROCESS_WAKE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_ENERGY_TRACKING_STATE { + pub StateUpdateMask: ULONG, + pub StateDesiredValue: ULONG, + pub StateSequence: ULONG, + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, + pub __bindgen_padding_0: u16, + pub Tag: [WCHAR; 64usize], +} +impl Default for _PROCESS_ENERGY_TRACKING_STATE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _PROCESS_ENERGY_TRACKING_STATE { + #[inline] + pub fn UpdateTag(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_UpdateTag(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(UpdateTag: ULONG) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let UpdateTag: u32 = unsafe { ::core::mem::transmute(UpdateTag) }; + UpdateTag as u64 + }); + __bindgen_bitfield_unit + } +} +pub type PROCESS_ENERGY_TRACKING_STATE = _PROCESS_ENERGY_TRACKING_STATE; +pub type PPROCESS_ENERGY_TRACKING_STATE = *mut _PROCESS_ENERGY_TRACKING_STATE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _MANAGE_WRITES_TO_EXECUTABLE_MEMORY { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub KernelWriteToExecutableSignal: PVOID, +} +impl Default for _MANAGE_WRITES_TO_EXECUTABLE_MEMORY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _MANAGE_WRITES_TO_EXECUTABLE_MEMORY { + #[inline] + pub fn Version(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Version(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn ProcessEnableWriteExceptions(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessEnableWriteExceptions(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn ThreadAllowWrites(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u32) } + } + #[inline] + pub fn set_ThreadAllowWrites(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 22u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 22u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Version: ULONG, + ProcessEnableWriteExceptions: ULONG, + ThreadAllowWrites: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Version: u32 = unsafe { ::core::mem::transmute(Version) }; + Version as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let ProcessEnableWriteExceptions: u32 = + unsafe { ::core::mem::transmute(ProcessEnableWriteExceptions) }; + ProcessEnableWriteExceptions as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let ThreadAllowWrites: u32 = unsafe { ::core::mem::transmute(ThreadAllowWrites) }; + ThreadAllowWrites as u64 + }); + __bindgen_bitfield_unit.set(10usize, 22u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type MANAGE_WRITES_TO_EXECUTABLE_MEMORY = _MANAGE_WRITES_TO_EXECUTABLE_MEMORY; +pub type PMANAGE_WRITES_TO_EXECUTABLE_MEMORY = *mut _MANAGE_WRITES_TO_EXECUTABLE_MEMORY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _POWER_THROTTLING_THREAD_STATE { + pub Version: ULONG, + pub ControlMask: ULONG, + pub StateMask: ULONG, +} +pub type POWER_THROTTLING_THREAD_STATE = _POWER_THROTTLING_THREAD_STATE; +pub type PPOWER_THROTTLING_THREAD_STATE = *mut _POWER_THROTTLING_THREAD_STATE; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_READWRITEVM_LOGGING_INFORMATION { + pub Flags: UCHAR, + pub __bindgen_anon_1: _PROCESS_READWRITEVM_LOGGING_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_READWRITEVM_LOGGING_INFORMATION__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, +} +impl _PROCESS_READWRITEVM_LOGGING_INFORMATION__bindgen_ty_1 { + #[inline] + pub fn EnableReadVmLogging(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } + } + #[inline] + pub fn set_EnableReadVmLogging(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableWriteVmLogging(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u8) } + } + #[inline] + pub fn set_EnableWriteVmLogging(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn Unused(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 6u8) as u8) } + } + #[inline] + pub fn set_Unused(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 6u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + EnableReadVmLogging: UCHAR, + EnableWriteVmLogging: UCHAR, + Unused: UCHAR, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let EnableReadVmLogging: u8 = unsafe { ::core::mem::transmute(EnableReadVmLogging) }; + EnableReadVmLogging as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let EnableWriteVmLogging: u8 = unsafe { ::core::mem::transmute(EnableWriteVmLogging) }; + EnableWriteVmLogging as u64 + }); + __bindgen_bitfield_unit.set(2usize, 6u8, { + let Unused: u8 = unsafe { ::core::mem::transmute(Unused) }; + Unused as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_READWRITEVM_LOGGING_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_READWRITEVM_LOGGING_INFORMATION = _PROCESS_READWRITEVM_LOGGING_INFORMATION; +pub type PPROCESS_READWRITEVM_LOGGING_INFORMATION = *mut _PROCESS_READWRITEVM_LOGGING_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_UPTIME_INFORMATION { + pub QueryInterruptTime: ULONGLONG, + pub QueryUnbiasedTime: ULONGLONG, + pub EndInterruptTime: ULONGLONG, + pub TimeSinceCreation: ULONGLONG, + pub Uptime: ULONGLONG, + pub SuspendedTime: ULONGLONG, + pub __bindgen_anon_1: _PROCESS_UPTIME_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_UPTIME_INFORMATION__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>, + pub __bindgen_padding_0: u16, +} +impl _PROCESS_UPTIME_INFORMATION__bindgen_ty_1 { + #[inline] + pub fn HangCount(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 4u8) as u32) } + } + #[inline] + pub fn set_HangCount(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 4u8, val as u64) + } + } + #[inline] + pub fn GhostCount(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 4u8) as u32) } + } + #[inline] + pub fn set_GhostCount(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 4u8, val as u64) + } + } + #[inline] + pub fn Crashed(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_Crashed(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn Terminated(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u32) } + } + #[inline] + pub fn set_Terminated(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + HangCount: ULONG, + GhostCount: ULONG, + Crashed: ULONG, + Terminated: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 2usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 4u8, { + let HangCount: u32 = unsafe { ::core::mem::transmute(HangCount) }; + HangCount as u64 + }); + __bindgen_bitfield_unit.set(4usize, 4u8, { + let GhostCount: u32 = unsafe { ::core::mem::transmute(GhostCount) }; + GhostCount as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let Crashed: u32 = unsafe { ::core::mem::transmute(Crashed) }; + Crashed as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let Terminated: u32 = unsafe { ::core::mem::transmute(Terminated) }; + Terminated as u64 + }); + __bindgen_bitfield_unit + } +} +pub type PROCESS_UPTIME_INFORMATION = _PROCESS_UPTIME_INFORMATION; +pub type PPROCESS_UPTIME_INFORMATION = *mut _PROCESS_UPTIME_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_SYSTEM_RESOURCE_MANAGEMENT { + pub Flags: ULONG, + pub __bindgen_anon_1: _PROCESS_SYSTEM_RESOURCE_MANAGEMENT__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_SYSTEM_RESOURCE_MANAGEMENT__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_SYSTEM_RESOURCE_MANAGEMENT__bindgen_ty_1 { + #[inline] + pub fn Foreground(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_Foreground(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Foreground: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let Foreground: u32 = unsafe { ::core::mem::transmute(Foreground) }; + Foreground as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_SYSTEM_RESOURCE_MANAGEMENT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_SYSTEM_RESOURCE_MANAGEMENT = _PROCESS_SYSTEM_RESOURCE_MANAGEMENT; +pub type PPROCESS_SYSTEM_RESOURCE_MANAGEMENT = *mut _PROCESS_SYSTEM_RESOURCE_MANAGEMENT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_SECURITY_DOMAIN_INFORMATION { + pub SecurityDomain: ULONGLONG, +} +pub type PROCESS_SECURITY_DOMAIN_INFORMATION = _PROCESS_SECURITY_DOMAIN_INFORMATION; +pub type PPROCESS_SECURITY_DOMAIN_INFORMATION = *mut _PROCESS_SECURITY_DOMAIN_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION { + pub ProcessHandle: HANDLE, +} +impl Default for _PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION = + _PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION; +pub type PPROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION = + *mut _PROCESS_COMBINE_SECURITY_DOMAINS_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PROCESS_LOGGING_INFORMATION { + pub Flags: ULONG, + pub __bindgen_anon_1: _PROCESS_LOGGING_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_LOGGING_INFORMATION__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PROCESS_LOGGING_INFORMATION__bindgen_ty_1 { + #[inline] + pub fn EnableReadVmLogging(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableReadVmLogging(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableWriteVmLogging(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableWriteVmLogging(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableProcessSuspendResumeLogging(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableProcessSuspendResumeLogging(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableThreadSuspendResumeLogging(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableThreadSuspendResumeLogging(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableLocalExecProtectVmLogging(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableLocalExecProtectVmLogging(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableRemoteExecProtectVmLogging(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_EnableRemoteExecProtectVmLogging(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 26u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 26u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + EnableReadVmLogging: ULONG, + EnableWriteVmLogging: ULONG, + EnableProcessSuspendResumeLogging: ULONG, + EnableThreadSuspendResumeLogging: ULONG, + EnableLocalExecProtectVmLogging: ULONG, + EnableRemoteExecProtectVmLogging: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let EnableReadVmLogging: u32 = unsafe { ::core::mem::transmute(EnableReadVmLogging) }; + EnableReadVmLogging as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let EnableWriteVmLogging: u32 = unsafe { ::core::mem::transmute(EnableWriteVmLogging) }; + EnableWriteVmLogging as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let EnableProcessSuspendResumeLogging: u32 = + unsafe { ::core::mem::transmute(EnableProcessSuspendResumeLogging) }; + EnableProcessSuspendResumeLogging as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let EnableThreadSuspendResumeLogging: u32 = + unsafe { ::core::mem::transmute(EnableThreadSuspendResumeLogging) }; + EnableThreadSuspendResumeLogging as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let EnableLocalExecProtectVmLogging: u32 = + unsafe { ::core::mem::transmute(EnableLocalExecProtectVmLogging) }; + EnableLocalExecProtectVmLogging as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let EnableRemoteExecProtectVmLogging: u32 = + unsafe { ::core::mem::transmute(EnableRemoteExecProtectVmLogging) }; + EnableRemoteExecProtectVmLogging as u64 + }); + __bindgen_bitfield_unit.set(6usize, 26u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PROCESS_LOGGING_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_LOGGING_INFORMATION = _PROCESS_LOGGING_INFORMATION; +pub type PPROCESS_LOGGING_INFORMATION = *mut _PROCESS_LOGGING_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_LEAP_SECOND_INFORMATION { + pub Flags: ULONG, + pub Reserved: ULONG, +} +pub type PROCESS_LEAP_SECOND_INFORMATION = _PROCESS_LEAP_SECOND_INFORMATION; +pub type PPROCESS_LEAP_SECOND_INFORMATION = *mut _PROCESS_LEAP_SECOND_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION { + pub ReserveSize: ULONGLONG, + pub CommitSize: ULONGLONG, + pub PreferredNode: ULONG, + pub Reserved: ULONG, + pub Ssp: PVOID, +} +impl Default for _PROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION = + _PROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION; +pub type PPROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION = + *mut _PROCESS_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION { + pub Ssp: PVOID, +} +impl Default for _PROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION = + _PROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION; +pub type PPROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION = + *mut _PROCESS_FREE_FIBER_SHADOW_STACK_ALLOCATION_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_SYSCALL_PROVIDER_INFORMATION { + pub ProviderId: GUID, + pub Level: UCHAR, +} +pub type PROCESS_SYSCALL_PROVIDER_INFORMATION = _PROCESS_SYSCALL_PROVIDER_INFORMATION; +pub type PPROCESS_SYSCALL_PROVIDER_INFORMATION = *mut _PROCESS_SYSCALL_PROVIDER_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_MEMBERSHIP_INFORMATION { + pub ServerSiloId: ULONG, +} +pub type PROCESS_MEMBERSHIP_INFORMATION = _PROCESS_MEMBERSHIP_INFORMATION; +pub type PPROCESS_MEMBERSHIP_INFORMATION = *mut _PROCESS_MEMBERSHIP_INFORMATION; +#[repr(C)] +pub struct _THREAD_BASIC_INFORMATION { + pub ExitStatus: NTSTATUS, + pub TebBaseAddress: PTEB, + pub ClientId: CLIENT_ID, + pub AffinityMask: KAFFINITY, + pub Priority: KPRIORITY, + pub BasePriority: KPRIORITY, +} +impl Default for _THREAD_BASIC_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type THREAD_BASIC_INFORMATION = _THREAD_BASIC_INFORMATION; +pub type PTHREAD_BASIC_INFORMATION = *mut _THREAD_BASIC_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _THREAD_LAST_SYSCALL_INFORMATION { + pub FirstArgument: PVOID, + pub SystemCallNumber: USHORT, + pub Pad: [USHORT; 1usize], + pub WaitTime: ULONG64, +} +impl Default for _THREAD_LAST_SYSCALL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type THREAD_LAST_SYSCALL_INFORMATION = _THREAD_LAST_SYSCALL_INFORMATION; +pub type PTHREAD_LAST_SYSCALL_INFORMATION = *mut _THREAD_LAST_SYSCALL_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _THREAD_CYCLE_TIME_INFORMATION { + pub AccumulatedCycles: ULONGLONG, + pub CurrentCycleCount: ULONGLONG, +} +pub type THREAD_CYCLE_TIME_INFORMATION = _THREAD_CYCLE_TIME_INFORMATION; +pub type PTHREAD_CYCLE_TIME_INFORMATION = *mut _THREAD_CYCLE_TIME_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _THREAD_TEB_INFORMATION { + pub TebInformation: PVOID, + pub TebOffset: ULONG, + pub BytesToRead: ULONG, +} +impl Default for _THREAD_TEB_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type THREAD_TEB_INFORMATION = _THREAD_TEB_INFORMATION; +pub type PTHREAD_TEB_INFORMATION = *mut _THREAD_TEB_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _COUNTER_READING { + pub Type: HARDWARE_COUNTER_TYPE, + pub Index: ULONG, + pub Start: ULONG64, + pub Total: ULONG64, +} +impl Default for _COUNTER_READING { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type COUNTER_READING = _COUNTER_READING; +pub type PCOUNTER_READING = *mut _COUNTER_READING; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _THREAD_PERFORMANCE_DATA { + pub Size: USHORT, + pub Version: USHORT, + pub ProcessorNumber: PROCESSOR_NUMBER, + pub ContextSwitches: ULONG, + pub HwCountersCount: ULONG, + pub UpdateCount: ULONG64, + pub WaitReasonBitMap: ULONG64, + pub HardwareCounters: ULONG64, + pub CycleTime: COUNTER_READING, + pub HwCounters: [COUNTER_READING; 16usize], +} +impl Default for _THREAD_PERFORMANCE_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type THREAD_PERFORMANCE_DATA = _THREAD_PERFORMANCE_DATA; +pub type PTHREAD_PERFORMANCE_DATA = *mut _THREAD_PERFORMANCE_DATA; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _THREAD_PROFILING_INFORMATION { + pub HardwareCounters: ULONG64, + pub Flags: ULONG, + pub Enable: ULONG, + pub PerformanceData: PTHREAD_PERFORMANCE_DATA, +} +impl Default for _THREAD_PROFILING_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type THREAD_PROFILING_INFORMATION = _THREAD_PROFILING_INFORMATION; +pub type PTHREAD_PROFILING_INFORMATION = *mut _THREAD_PROFILING_INFORMATION; +#[repr(C)] +#[repr(align(16))] +#[derive(Copy, Clone)] +pub struct _RTL_UMS_CONTEXT { + pub Link: SINGLE_LIST_ENTRY, + pub __bindgen_padding_0: u64, + pub Context: CONTEXT, + pub Teb: PVOID, + pub UserContext: PVOID, + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, + pub Flags: LONG, + pub _bitfield_align_2: [u64; 0], + pub _bitfield_2: __BindgenBitfieldUnit<[u8; 8usize]>, + pub ContextLock: ULONG64, + pub PrimaryUmsContext: *mut _RTL_UMS_CONTEXT, + pub SwitchCount: ULONG, + pub KernelYieldCount: ULONG, + pub MixedYieldCount: ULONG, + pub YieldCount: ULONG, +} +impl Default for _RTL_UMS_CONTEXT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _RTL_UMS_CONTEXT { + #[inline] + pub fn ScheduledThread(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_ScheduledThread(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Suspended(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_Suspended(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn VolatileContext(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_VolatileContext(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn Terminated(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_Terminated(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn DebugActive(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_DebugActive(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn RunningOnSelfThread(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_RunningOnSelfThread(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn DenyRunningOnSelfThread(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_DenyRunningOnSelfThread(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ScheduledThread: ULONG, + Suspended: ULONG, + VolatileContext: ULONG, + Terminated: ULONG, + DebugActive: ULONG, + RunningOnSelfThread: ULONG, + DenyRunningOnSelfThread: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ScheduledThread: u32 = unsafe { ::core::mem::transmute(ScheduledThread) }; + ScheduledThread as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let Suspended: u32 = unsafe { ::core::mem::transmute(Suspended) }; + Suspended as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let VolatileContext: u32 = unsafe { ::core::mem::transmute(VolatileContext) }; + VolatileContext as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let Terminated: u32 = unsafe { ::core::mem::transmute(Terminated) }; + Terminated as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let DebugActive: u32 = unsafe { ::core::mem::transmute(DebugActive) }; + DebugActive as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let RunningOnSelfThread: u32 = unsafe { ::core::mem::transmute(RunningOnSelfThread) }; + RunningOnSelfThread as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let DenyRunningOnSelfThread: u32 = + unsafe { ::core::mem::transmute(DenyRunningOnSelfThread) }; + DenyRunningOnSelfThread as u64 + }); + __bindgen_bitfield_unit + } + #[inline] + pub fn KernelUpdateLock(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_2.get(0usize, 2u8) as u64) } + } + #[inline] + pub fn set_KernelUpdateLock(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_2.set(0usize, 2u8, val as u64) + } + } + #[inline] + pub fn PrimaryClientID(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_2.get(2usize, 62u8) as u64) } + } + #[inline] + pub fn set_PrimaryClientID(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_2.set(2usize, 62u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_2( + KernelUpdateLock: ULONG64, + PrimaryClientID: ULONG64, + ) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 2u8, { + let KernelUpdateLock: u64 = unsafe { ::core::mem::transmute(KernelUpdateLock) }; + KernelUpdateLock as u64 + }); + __bindgen_bitfield_unit.set(2usize, 62u8, { + let PrimaryClientID: u64 = unsafe { ::core::mem::transmute(PrimaryClientID) }; + PrimaryClientID as u64 + }); + __bindgen_bitfield_unit + } +} +pub type RTL_UMS_CONTEXT = _RTL_UMS_CONTEXT; +pub type PRTL_UMS_CONTEXT = *mut _RTL_UMS_CONTEXT; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _THREAD_UMS_INFORMATION_COMMAND { + UmsInformationCommandInvalid = 0, + UmsInformationCommandAttach = 1, + UmsInformationCommandDetach = 2, + UmsInformationCommandQuery = 3, +} +pub use self::_THREAD_UMS_INFORMATION_COMMAND as THREAD_UMS_INFORMATION_COMMAND; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_UMS_COMPLETION_LIST { + pub ThreadListHead: PSINGLE_LIST_ENTRY, + pub CompletionEvent: PVOID, + pub CompletionFlags: ULONG, + pub InternalListHead: SINGLE_LIST_ENTRY, +} +impl Default for _RTL_UMS_COMPLETION_LIST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_UMS_COMPLETION_LIST = _RTL_UMS_COMPLETION_LIST; +pub type PRTL_UMS_COMPLETION_LIST = *mut _RTL_UMS_COMPLETION_LIST; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _THREAD_UMS_INFORMATION { + pub Command: THREAD_UMS_INFORMATION_COMMAND, + pub CompletionList: PRTL_UMS_COMPLETION_LIST, + pub UmsContext: PRTL_UMS_CONTEXT, + pub __bindgen_anon_1: _THREAD_UMS_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _THREAD_UMS_INFORMATION__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _THREAD_UMS_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _THREAD_UMS_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _THREAD_UMS_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn IsUmsSchedulerThread(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsUmsSchedulerThread(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsUmsWorkerThread(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsUmsWorkerThread(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpareBits(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 30u8) as u32) } + } + #[inline] + pub fn set_SpareBits(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 30u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + IsUmsSchedulerThread: ULONG, + IsUmsWorkerThread: ULONG, + SpareBits: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let IsUmsSchedulerThread: u32 = unsafe { ::core::mem::transmute(IsUmsSchedulerThread) }; + IsUmsSchedulerThread as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let IsUmsWorkerThread: u32 = unsafe { ::core::mem::transmute(IsUmsWorkerThread) }; + IsUmsWorkerThread as u64 + }); + __bindgen_bitfield_unit.set(2usize, 30u8, { + let SpareBits: u32 = unsafe { ::core::mem::transmute(SpareBits) }; + SpareBits as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _THREAD_UMS_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _THREAD_UMS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type THREAD_UMS_INFORMATION = _THREAD_UMS_INFORMATION; +pub type PTHREAD_UMS_INFORMATION = *mut _THREAD_UMS_INFORMATION; +#[repr(C)] +pub struct _THREAD_NAME_INFORMATION { + pub ThreadName: UNICODE_STRING, +} +impl Default for _THREAD_NAME_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type THREAD_NAME_INFORMATION = _THREAD_NAME_INFORMATION; +pub type PTHREAD_NAME_INFORMATION = *mut _THREAD_NAME_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ALPC_WORK_ON_BEHALF_TICKET { + pub ThreadId: ULONG, + pub ThreadCreationTimeLow: ULONG, +} +pub type ALPC_WORK_ON_BEHALF_TICKET = _ALPC_WORK_ON_BEHALF_TICKET; +pub type PALPC_WORK_ON_BEHALF_TICKET = *mut _ALPC_WORK_ON_BEHALF_TICKET; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_WORK_ON_BEHALF_TICKET_EX { + pub Ticket: ALPC_WORK_ON_BEHALF_TICKET, + pub __bindgen_anon_1: _RTL_WORK_ON_BEHALF_TICKET_EX__bindgen_ty_1, + pub Reserved2: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_WORK_ON_BEHALF_TICKET_EX__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _RTL_WORK_ON_BEHALF_TICKET_EX__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_WORK_ON_BEHALF_TICKET_EX__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _RTL_WORK_ON_BEHALF_TICKET_EX__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn CurrentThread(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_CurrentThread(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved1(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_Reserved1(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + CurrentThread: ULONG, + Reserved1: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let CurrentThread: u32 = unsafe { ::core::mem::transmute(CurrentThread) }; + CurrentThread as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let Reserved1: u32 = unsafe { ::core::mem::transmute(Reserved1) }; + Reserved1 as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _RTL_WORK_ON_BEHALF_TICKET_EX__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _RTL_WORK_ON_BEHALF_TICKET_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_WORK_ON_BEHALF_TICKET_EX = _RTL_WORK_ON_BEHALF_TICKET_EX; +pub type PRTL_WORK_ON_BEHALF_TICKET_EX = *mut _RTL_WORK_ON_BEHALF_TICKET_EX; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SUBSYSTEM_INFORMATION_TYPE { + SubsystemInformationTypeWin32 = 0, + SubsystemInformationTypeWSL = 1, + MaxSubsystemInformationType = 2, +} +pub use self::_SUBSYSTEM_INFORMATION_TYPE as SUBSYSTEM_INFORMATION_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _THREAD_WORKLOAD_CLASS { + ThreadWorkloadClassDefault = 0, + ThreadWorkloadClassGraphics = 1, + MaxThreadWorkloadClass = 2, +} +pub use self::_THREAD_WORKLOAD_CLASS as THREAD_WORKLOAD_CLASS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PROCESS_STATE_CHANGE_TYPE { + ProcessStateChangeSuspend = 0, + ProcessStateChangeResume = 1, + ProcessStateChangeMax = 2, +} +pub use self::_PROCESS_STATE_CHANGE_TYPE as PROCESS_STATE_CHANGE_TYPE; +pub type PPROCESS_STATE_CHANGE_TYPE = *mut _PROCESS_STATE_CHANGE_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _THREAD_STATE_CHANGE_TYPE { + ThreadStateChangeSuspend = 0, + ThreadStateChangeResume = 1, + ThreadStateChangeMax = 2, +} +pub use self::_THREAD_STATE_CHANGE_TYPE as THREAD_STATE_CHANGE_TYPE; +pub type PTHREAD_STATE_CHANGE_TYPE = *mut _THREAD_STATE_CHANGE_TYPE; +pub type PPS_APC_ROUTINE = ::core::option::Option< + unsafe extern "C" fn(ApcArgument1: PVOID, ApcArgument2: PVOID, ApcArgument3: PVOID), +>; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROC_THREAD_ATTRIBUTE { + pub Attribute: ULONG_PTR, + pub Size: SIZE_T, + pub Value: ULONG_PTR, +} +pub type PROC_THREAD_ATTRIBUTE = _PROC_THREAD_ATTRIBUTE; +pub type PPROC_THREAD_ATTRIBUTE = *mut _PROC_THREAD_ATTRIBUTE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PROC_THREAD_ATTRIBUTE_LIST { + pub PresentFlags: ULONG, + pub AttributeCount: ULONG, + pub LastAttribute: ULONG, + pub SpareUlong0: ULONG, + pub ExtendedFlagsAttribute: PPROC_THREAD_ATTRIBUTE, + pub Attributes: [PROC_THREAD_ATTRIBUTE; 1usize], +} +impl Default for _PROC_THREAD_ATTRIBUTE_LIST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROC_THREAD_ATTRIBUTE_LIST = _PROC_THREAD_ATTRIBUTE_LIST; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SE_SAFE_OPEN_PROMPT_EXPERIENCE_RESULTS { + SeSafeOpenExperienceNone = 0, + SeSafeOpenExperienceCalled = 1, + SeSafeOpenExperienceAppRepCalled = 2, + SeSafeOpenExperiencePromptDisplayed = 4, + SeSafeOpenExperienceUAC = 8, + SeSafeOpenExperienceUninstaller = 16, + SeSafeOpenExperienceIgnoreUnknownOrBad = 32, + SeSafeOpenExperienceDefenderTrustedInstaller = 64, + SeSafeOpenExperienceMOTWPresent = 128, + SeSafeOpenExperienceElevatedNoPropagation = 256, +} +pub use self::_SE_SAFE_OPEN_PROMPT_EXPERIENCE_RESULTS as SE_SAFE_OPEN_PROMPT_EXPERIENCE_RESULTS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SE_SAFE_OPEN_PROMPT_RESULTS { + pub Results: SE_SAFE_OPEN_PROMPT_EXPERIENCE_RESULTS, + pub Path: [WCHAR; 260usize], +} +impl Default for _SE_SAFE_OPEN_PROMPT_RESULTS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SE_SAFE_OPEN_PROMPT_RESULTS = _SE_SAFE_OPEN_PROMPT_RESULTS; +pub type PSE_SAFE_OPEN_PROMPT_RESULTS = *mut _SE_SAFE_OPEN_PROMPT_RESULTS; +#[repr(C)] +pub struct _PROC_THREAD_BNOISOLATION_ATTRIBUTE { + pub IsolationEnabled: BOOL, + pub IsolationPrefix: [WCHAR; 136usize], +} +impl Default for _PROC_THREAD_BNOISOLATION_ATTRIBUTE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PROC_THREAD_BNOISOLATION_ATTRIBUTE = _PROC_THREAD_BNOISOLATION_ATTRIBUTE; +pub type PPROC_THREAD_BNOISOLATION_ATTRIBUTE = *mut _PROC_THREAD_BNOISOLATION_ATTRIBUTE; +#[repr(C)] +pub struct _ISOLATION_MANIFEST_PROPERTIES { + pub InstancePath: UNICODE_STRING, + pub FriendlyName: UNICODE_STRING, + pub Description: UNICODE_STRING, + pub Level: ULONG_PTR, +} +impl Default for _ISOLATION_MANIFEST_PROPERTIES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ISOLATION_MANIFEST_PROPERTIES = _ISOLATION_MANIFEST_PROPERTIES; +pub type PISOLATION_MANIFEST_PROPERTIES = *mut _ISOLATION_MANIFEST_PROPERTIES; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PS_ATTRIBUTE_NUM { + PsAttributeParentProcess = 0, + PsAttributeDebugObject = 1, + PsAttributeToken = 2, + PsAttributeClientId = 3, + PsAttributeTebAddress = 4, + PsAttributeImageName = 5, + PsAttributeImageInfo = 6, + PsAttributeMemoryReserve = 7, + PsAttributePriorityClass = 8, + PsAttributeErrorMode = 9, + PsAttributeStdHandleInfo = 10, + PsAttributeHandleList = 11, + PsAttributeGroupAffinity = 12, + PsAttributePreferredNode = 13, + PsAttributeIdealProcessor = 14, + PsAttributeUmsThread = 15, + PsAttributeMitigationOptions = 16, + PsAttributeProtectionLevel = 17, + PsAttributeSecureProcess = 18, + PsAttributeJobList = 19, + PsAttributeChildProcessPolicy = 20, + PsAttributeAllApplicationPackagesPolicy = 21, + PsAttributeWin32kFilter = 22, + PsAttributeSafeOpenPromptOriginClaim = 23, + PsAttributeBnoIsolation = 24, + PsAttributeDesktopAppPolicy = 25, + PsAttributeChpe = 26, + PsAttributeMitigationAuditOptions = 27, + PsAttributeMachineType = 28, + PsAttributeComponentFilter = 29, + PsAttributeEnableOptionalXStateFeatures = 30, + PsAttributeMax = 31, +} +pub use self::_PS_ATTRIBUTE_NUM as PS_ATTRIBUTE_NUM; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PS_ATTRIBUTE { + pub Attribute: ULONG_PTR, + pub Size: SIZE_T, + pub __bindgen_anon_1: _PS_ATTRIBUTE__bindgen_ty_1, + pub ReturnLength: PSIZE_T, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PS_ATTRIBUTE__bindgen_ty_1 { + pub Value: ULONG_PTR, + pub ValuePtr: PVOID, +} +impl Default for _PS_ATTRIBUTE__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PS_ATTRIBUTE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PS_ATTRIBUTE = _PS_ATTRIBUTE; +pub type PPS_ATTRIBUTE = *mut _PS_ATTRIBUTE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PS_ATTRIBUTE_LIST { + pub TotalLength: SIZE_T, + pub Attributes: [PS_ATTRIBUTE; 1usize], +} +impl Default for _PS_ATTRIBUTE_LIST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PS_ATTRIBUTE_LIST = _PS_ATTRIBUTE_LIST; +pub type PPS_ATTRIBUTE_LIST = *mut _PS_ATTRIBUTE_LIST; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PS_MEMORY_RESERVE { + pub ReserveAddress: PVOID, + pub ReserveSize: SIZE_T, +} +impl Default for _PS_MEMORY_RESERVE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PS_MEMORY_RESERVE = _PS_MEMORY_RESERVE; +pub type PPS_MEMORY_RESERVE = *mut _PS_MEMORY_RESERVE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PS_STD_HANDLE_STATE { + PsNeverDuplicate = 0, + PsRequestDuplicate = 1, + PsAlwaysDuplicate = 2, + PsMaxStdHandleStates = 3, +} +pub use self::_PS_STD_HANDLE_STATE as PS_STD_HANDLE_STATE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PS_STD_HANDLE_INFO { + pub __bindgen_anon_1: _PS_STD_HANDLE_INFO__bindgen_ty_1, + pub StdHandleSubsystemType: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PS_STD_HANDLE_INFO__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _PS_STD_HANDLE_INFO__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PS_STD_HANDLE_INFO__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, + pub __bindgen_padding_0: [u8; 3usize], +} +impl _PS_STD_HANDLE_INFO__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn StdHandleState(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 2u8) as u32) } + } + #[inline] + pub fn set_StdHandleState(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 2u8, val as u64) + } + } + #[inline] + pub fn PseudoHandleMask(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 3u8) as u32) } + } + #[inline] + pub fn set_PseudoHandleMask(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 3u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + StdHandleState: ULONG, + PseudoHandleMask: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 2u8, { + let StdHandleState: u32 = unsafe { ::core::mem::transmute(StdHandleState) }; + StdHandleState as u64 + }); + __bindgen_bitfield_unit.set(2usize, 3u8, { + let PseudoHandleMask: u32 = unsafe { ::core::mem::transmute(PseudoHandleMask) }; + PseudoHandleMask as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PS_STD_HANDLE_INFO__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PS_STD_HANDLE_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PS_STD_HANDLE_INFO = _PS_STD_HANDLE_INFO; +pub type PPS_STD_HANDLE_INFO = *mut _PS_STD_HANDLE_INFO; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, + pub AccessRights: UCHAR, +} +impl Default for _PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS { + #[inline] + pub fn Trustlet(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } + } + #[inline] + pub fn set_Trustlet(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Ntos(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u8) } + } + #[inline] + pub fn set_Ntos(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn WriteHandle(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u8) } + } + #[inline] + pub fn set_WriteHandle(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReadHandle(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u8) } + } + #[inline] + pub fn set_ReadHandle(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 4u8) as u8) } + } + #[inline] + pub fn set_Reserved(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 4u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Trustlet: UCHAR, + Ntos: UCHAR, + WriteHandle: UCHAR, + ReadHandle: UCHAR, + Reserved: UCHAR, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let Trustlet: u8 = unsafe { ::core::mem::transmute(Trustlet) }; + Trustlet as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let Ntos: u8 = unsafe { ::core::mem::transmute(Ntos) }; + Ntos as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let WriteHandle: u8 = unsafe { ::core::mem::transmute(WriteHandle) }; + WriteHandle as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let ReadHandle: u8 = unsafe { ::core::mem::transmute(ReadHandle) }; + ReadHandle as u64 + }); + __bindgen_bitfield_unit.set(4usize, 4u8, { + let Reserved: u8 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +pub type PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS = _PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS; +pub type PPS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS = *mut _PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PS_TRUSTLET_ATTRIBUTE_TYPE { + pub __bindgen_anon_1: _PS_TRUSTLET_ATTRIBUTE_TYPE__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PS_TRUSTLET_ATTRIBUTE_TYPE__bindgen_ty_1 { + pub __bindgen_anon_1: _PS_TRUSTLET_ATTRIBUTE_TYPE__bindgen_ty_1__bindgen_ty_1, + pub AttributeType: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PS_TRUSTLET_ATTRIBUTE_TYPE__bindgen_ty_1__bindgen_ty_1 { + pub Version: UCHAR, + pub DataCount: UCHAR, + pub SemanticType: UCHAR, + pub AccessRights: PS_TRUSTLET_ATTRIBUTE_ACCESSRIGHTS, +} +impl Default for _PS_TRUSTLET_ATTRIBUTE_TYPE__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PS_TRUSTLET_ATTRIBUTE_TYPE__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PS_TRUSTLET_ATTRIBUTE_TYPE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PS_TRUSTLET_ATTRIBUTE_TYPE = _PS_TRUSTLET_ATTRIBUTE_TYPE; +pub type PPS_TRUSTLET_ATTRIBUTE_TYPE = *mut _PS_TRUSTLET_ATTRIBUTE_TYPE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PS_TRUSTLET_ATTRIBUTE_HEADER { + pub AttributeType: PS_TRUSTLET_ATTRIBUTE_TYPE, + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl Default for _PS_TRUSTLET_ATTRIBUTE_HEADER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _PS_TRUSTLET_ATTRIBUTE_HEADER { + #[inline] + pub fn InstanceNumber(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_InstanceNumber(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 24u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 24u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + InstanceNumber: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let InstanceNumber: u32 = unsafe { ::core::mem::transmute(InstanceNumber) }; + InstanceNumber as u64 + }); + __bindgen_bitfield_unit.set(8usize, 24u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +pub type PS_TRUSTLET_ATTRIBUTE_HEADER = _PS_TRUSTLET_ATTRIBUTE_HEADER; +pub type PPS_TRUSTLET_ATTRIBUTE_HEADER = *mut _PS_TRUSTLET_ATTRIBUTE_HEADER; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PS_TRUSTLET_ATTRIBUTE_DATA { + pub Header: PS_TRUSTLET_ATTRIBUTE_HEADER, + pub Data: [ULONGLONG; 1usize], +} +impl Default for _PS_TRUSTLET_ATTRIBUTE_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PS_TRUSTLET_ATTRIBUTE_DATA = _PS_TRUSTLET_ATTRIBUTE_DATA; +pub type PPS_TRUSTLET_ATTRIBUTE_DATA = *mut _PS_TRUSTLET_ATTRIBUTE_DATA; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PS_TRUSTLET_CREATE_ATTRIBUTES { + pub TrustletIdentity: ULONGLONG, + pub Attributes: [PS_TRUSTLET_ATTRIBUTE_DATA; 1usize], +} +impl Default for _PS_TRUSTLET_CREATE_ATTRIBUTES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PS_TRUSTLET_CREATE_ATTRIBUTES = _PS_TRUSTLET_CREATE_ATTRIBUTES; +pub type PPS_TRUSTLET_CREATE_ATTRIBUTES = *mut _PS_TRUSTLET_CREATE_ATTRIBUTES; +#[repr(C)] +pub struct _PS_BNO_ISOLATION_PARAMETERS { + pub IsolationPrefix: UNICODE_STRING, + pub HandleCount: ULONG, + pub Handles: *mut PVOID, + pub IsolationEnabled: BOOLEAN, +} +impl Default for _PS_BNO_ISOLATION_PARAMETERS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PS_BNO_ISOLATION_PARAMETERS = _PS_BNO_ISOLATION_PARAMETERS; +pub type PPS_BNO_ISOLATION_PARAMETERS = *mut _PS_BNO_ISOLATION_PARAMETERS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PS_MITIGATION_OPTION { + PS_MITIGATION_OPTION_NX = 0, + PS_MITIGATION_OPTION_SEHOP = 1, + PS_MITIGATION_OPTION_FORCE_RELOCATE_IMAGES = 2, + PS_MITIGATION_OPTION_HEAP_TERMINATE = 3, + PS_MITIGATION_OPTION_BOTTOM_UP_ASLR = 4, + PS_MITIGATION_OPTION_HIGH_ENTROPY_ASLR = 5, + PS_MITIGATION_OPTION_STRICT_HANDLE_CHECKS = 6, + PS_MITIGATION_OPTION_WIN32K_SYSTEM_CALL_DISABLE = 7, + PS_MITIGATION_OPTION_EXTENSION_POINT_DISABLE = 8, + PS_MITIGATION_OPTION_PROHIBIT_DYNAMIC_CODE = 9, + PS_MITIGATION_OPTION_CONTROL_FLOW_GUARD = 10, + PS_MITIGATION_OPTION_BLOCK_NON_MICROSOFT_BINARIES = 11, + PS_MITIGATION_OPTION_FONT_DISABLE = 12, + PS_MITIGATION_OPTION_IMAGE_LOAD_NO_REMOTE = 13, + PS_MITIGATION_OPTION_IMAGE_LOAD_NO_LOW_LABEL = 14, + PS_MITIGATION_OPTION_IMAGE_LOAD_PREFER_SYSTEM32 = 15, + PS_MITIGATION_OPTION_RETURN_FLOW_GUARD = 16, + PS_MITIGATION_OPTION_LOADER_INTEGRITY_CONTINUITY = 17, + PS_MITIGATION_OPTION_STRICT_CONTROL_FLOW_GUARD = 18, + PS_MITIGATION_OPTION_RESTRICT_SET_THREAD_CONTEXT = 19, + PS_MITIGATION_OPTION_ROP_STACKPIVOT = 20, + PS_MITIGATION_OPTION_ROP_CALLER_CHECK = 21, + PS_MITIGATION_OPTION_ROP_SIMEXEC = 22, + PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER = 23, + PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER_PLUS = 24, + PS_MITIGATION_OPTION_RESTRICT_CHILD_PROCESS_CREATION = 25, + PS_MITIGATION_OPTION_IMPORT_ADDRESS_FILTER = 26, + PS_MITIGATION_OPTION_MODULE_TAMPERING_PROTECTION = 27, + PS_MITIGATION_OPTION_RESTRICT_INDIRECT_BRANCH_PREDICTION = 28, + PS_MITIGATION_OPTION_SPECULATIVE_STORE_BYPASS_DISABLE = 29, + PS_MITIGATION_OPTION_ALLOW_DOWNGRADE_DYNAMIC_CODE_POLICY = 30, + PS_MITIGATION_OPTION_CET_USER_SHADOW_STACKS = 31, + PS_MITIGATION_OPTION_USER_CET_SET_CONTEXT_IP_VALIDATION = 32, + PS_MITIGATION_OPTION_BLOCK_NON_CET_BINARIES = 33, + PS_MITIGATION_OPTION_CET_DYNAMIC_APIS_OUT_OF_PROC_ONLY = 34, + PS_MITIGATION_OPTION_REDIRECTION_TRUST = 35, + PS_MITIGATION_OPTION_RESTRICT_CORE_SHARING = 36, +} +pub use self::_PS_MITIGATION_OPTION as PS_MITIGATION_OPTION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PS_CREATE_STATE { + PsCreateInitialState = 0, + PsCreateFailOnFileOpen = 1, + PsCreateFailOnSectionCreate = 2, + PsCreateFailExeFormat = 3, + PsCreateFailMachineMismatch = 4, + PsCreateFailExeName = 5, + PsCreateSuccess = 6, + PsCreateMaximumStates = 7, +} +pub use self::_PS_CREATE_STATE as PS_CREATE_STATE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PS_CREATE_INFO { + pub Size: SIZE_T, + pub State: PS_CREATE_STATE, + pub __bindgen_anon_1: _PS_CREATE_INFO__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PS_CREATE_INFO__bindgen_ty_1 { + pub InitState: _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_1, + pub FailSection: _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_2, + pub ExeFormat: _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_3, + pub ExeName: _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_4, + pub SuccessState: _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_5, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_1 { + pub __bindgen_anon_1: _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_1__bindgen_ty_1, + pub AdditionalFileAccess: ACCESS_MASK, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_1__bindgen_ty_1 { + pub InitFlags: ULONG, + pub __bindgen_anon_1: _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_1__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_1__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_1__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn WriteOutputOnExit(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } + } + #[inline] + pub fn set_WriteOutputOnExit(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn DetectManifest(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u8) } + } + #[inline] + pub fn set_DetectManifest(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn IFEOSkipDebugger(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u8) } + } + #[inline] + pub fn set_IFEOSkipDebugger(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn IFEODoNotPropagateKeyState(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u8) } + } + #[inline] + pub fn set_IFEODoNotPropagateKeyState(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpareBits1(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 4u8) as u8) } + } + #[inline] + pub fn set_SpareBits1(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 4u8, val as u64) + } + } + #[inline] + pub fn SpareBits2(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 8u8) as u8) } + } + #[inline] + pub fn set_SpareBits2(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 8u8, val as u64) + } + } + #[inline] + pub fn ProhibitedImageCharacteristics(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 16u8) as u16) } + } + #[inline] + pub fn set_ProhibitedImageCharacteristics(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 16u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + WriteOutputOnExit: UCHAR, + DetectManifest: UCHAR, + IFEOSkipDebugger: UCHAR, + IFEODoNotPropagateKeyState: UCHAR, + SpareBits1: UCHAR, + SpareBits2: UCHAR, + ProhibitedImageCharacteristics: USHORT, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let WriteOutputOnExit: u8 = unsafe { ::core::mem::transmute(WriteOutputOnExit) }; + WriteOutputOnExit as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let DetectManifest: u8 = unsafe { ::core::mem::transmute(DetectManifest) }; + DetectManifest as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let IFEOSkipDebugger: u8 = unsafe { ::core::mem::transmute(IFEOSkipDebugger) }; + IFEOSkipDebugger as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let IFEODoNotPropagateKeyState: u8 = + unsafe { ::core::mem::transmute(IFEODoNotPropagateKeyState) }; + IFEODoNotPropagateKeyState as u64 + }); + __bindgen_bitfield_unit.set(4usize, 4u8, { + let SpareBits1: u8 = unsafe { ::core::mem::transmute(SpareBits1) }; + SpareBits1 as u64 + }); + __bindgen_bitfield_unit.set(8usize, 8u8, { + let SpareBits2: u8 = unsafe { ::core::mem::transmute(SpareBits2) }; + SpareBits2 as u64 + }); + __bindgen_bitfield_unit.set(16usize, 16u8, { + let ProhibitedImageCharacteristics: u16 = + unsafe { ::core::mem::transmute(ProhibitedImageCharacteristics) }; + ProhibitedImageCharacteristics as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_2 { + pub FileHandle: HANDLE, +} +impl Default for _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_3 { + pub DllCharacteristics: USHORT, +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_4 { + pub IFEOKey: HANDLE, +} +impl Default for _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_4 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_5 { + pub __bindgen_anon_1: _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_5__bindgen_ty_1, + pub FileHandle: HANDLE, + pub SectionHandle: HANDLE, + pub UserProcessParametersNative: ULONGLONG, + pub UserProcessParametersWow64: ULONG, + pub CurrentParameterFlags: ULONG, + pub PebAddressNative: ULONGLONG, + pub PebAddressWow64: ULONG, + pub ManifestAddress: ULONGLONG, + pub ManifestSize: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_5__bindgen_ty_1 { + pub OutputFlags: ULONG, + pub __bindgen_anon_1: _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_5__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_5__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_5__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn ProtectedProcess(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } + } + #[inline] + pub fn set_ProtectedProcess(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn AddressSpaceOverride(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u8) } + } + #[inline] + pub fn set_AddressSpaceOverride(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn DevOverrideEnabled(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u8) } + } + #[inline] + pub fn set_DevOverrideEnabled(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn ManifestDetected(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u8) } + } + #[inline] + pub fn set_ManifestDetected(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProtectedProcessLight(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u8) } + } + #[inline] + pub fn set_ProtectedProcessLight(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpareBits1(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 3u8) as u8) } + } + #[inline] + pub fn set_SpareBits1(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 3u8, val as u64) + } + } + #[inline] + pub fn SpareBits2(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 8u8) as u8) } + } + #[inline] + pub fn set_SpareBits2(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 8u8, val as u64) + } + } + #[inline] + pub fn SpareBits3(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 16u8) as u16) } + } + #[inline] + pub fn set_SpareBits3(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 16u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ProtectedProcess: UCHAR, + AddressSpaceOverride: UCHAR, + DevOverrideEnabled: UCHAR, + ManifestDetected: UCHAR, + ProtectedProcessLight: UCHAR, + SpareBits1: UCHAR, + SpareBits2: UCHAR, + SpareBits3: USHORT, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ProtectedProcess: u8 = unsafe { ::core::mem::transmute(ProtectedProcess) }; + ProtectedProcess as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let AddressSpaceOverride: u8 = unsafe { ::core::mem::transmute(AddressSpaceOverride) }; + AddressSpaceOverride as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let DevOverrideEnabled: u8 = unsafe { ::core::mem::transmute(DevOverrideEnabled) }; + DevOverrideEnabled as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let ManifestDetected: u8 = unsafe { ::core::mem::transmute(ManifestDetected) }; + ManifestDetected as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let ProtectedProcessLight: u8 = unsafe { ::core::mem::transmute(ProtectedProcessLight) }; + ProtectedProcessLight as u64 + }); + __bindgen_bitfield_unit.set(5usize, 3u8, { + let SpareBits1: u8 = unsafe { ::core::mem::transmute(SpareBits1) }; + SpareBits1 as u64 + }); + __bindgen_bitfield_unit.set(8usize, 8u8, { + let SpareBits2: u8 = unsafe { ::core::mem::transmute(SpareBits2) }; + SpareBits2 as u64 + }); + __bindgen_bitfield_unit.set(16usize, 16u8, { + let SpareBits3: u16 = unsafe { ::core::mem::transmute(SpareBits3) }; + SpareBits3 as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_5__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PS_CREATE_INFO__bindgen_ty_1__bindgen_ty_5 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PS_CREATE_INFO__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PS_CREATE_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PS_CREATE_INFO = _PS_CREATE_INFO; +pub type PPS_CREATE_INFO = *mut _PS_CREATE_INFO; +pub type PUSER_THREAD_START_ROUTINE = + ::core::option::Option NTSTATUS>; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _JOBOBJECT_EXTENDED_LIMIT_INFORMATION_V2 { + pub BasicLimitInformation: JOBOBJECT_BASIC_LIMIT_INFORMATION, + pub IoInfo: IO_COUNTERS, + pub ProcessMemoryLimit: SIZE_T, + pub JobMemoryLimit: SIZE_T, + pub PeakProcessMemoryUsed: SIZE_T, + pub PeakJobMemoryUsed: SIZE_T, + pub JobTotalMemoryLimit: SIZE_T, +} +impl Default for _JOBOBJECT_EXTENDED_LIMIT_INFORMATION_V2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type JOBOBJECT_EXTENDED_LIMIT_INFORMATION_V2 = _JOBOBJECT_EXTENDED_LIMIT_INFORMATION_V2; +pub type PJOBOBJECT_EXTENDED_LIMIT_INFORMATION_V2 = *mut _JOBOBJECT_EXTENDED_LIMIT_INFORMATION_V2; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION { + pub BasicInfo: JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, + pub IoInfo: IO_COUNTERS, + pub DiskIoInfo: PROCESS_DISK_COUNTERS, + pub ContextSwitches: ULONG64, + pub TotalCycleTime: LARGE_INTEGER, + pub ReadyTime: ULONG64, + pub EnergyValues: PROCESS_ENERGY_VALUES, +} +impl Default for _JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION = _JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION; +pub type PJOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION = + *mut _JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _JOBOBJECT_WAKE_INFORMATION { + pub NotificationChannel: HANDLE, + pub WakeCounters: [ULONG64; 7usize], +} +impl Default for _JOBOBJECT_WAKE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type JOBOBJECT_WAKE_INFORMATION = _JOBOBJECT_WAKE_INFORMATION; +pub type PJOBOBJECT_WAKE_INFORMATION = *mut _JOBOBJECT_WAKE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _JOBOBJECT_WAKE_INFORMATION_V1 { + pub NotificationChannel: HANDLE, + pub WakeCounters: [ULONG64; 4usize], +} +impl Default for _JOBOBJECT_WAKE_INFORMATION_V1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type JOBOBJECT_WAKE_INFORMATION_V1 = _JOBOBJECT_WAKE_INFORMATION_V1; +pub type PJOBOBJECT_WAKE_INFORMATION_V1 = *mut _JOBOBJECT_WAKE_INFORMATION_V1; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _JOBOBJECT_INTERFERENCE_INFORMATION { + pub Count: ULONG64, +} +pub type JOBOBJECT_INTERFERENCE_INFORMATION = _JOBOBJECT_INTERFERENCE_INFORMATION; +pub type PJOBOBJECT_INTERFERENCE_INFORMATION = *mut _JOBOBJECT_INTERFERENCE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _JOBOBJECT_WAKE_FILTER { + pub HighEdgeFilter: ULONG, + pub LowEdgeFilter: ULONG, +} +pub type JOBOBJECT_WAKE_FILTER = _JOBOBJECT_WAKE_FILTER; +#[repr(C)] +pub struct _JOBOBJECT_FREEZE_INFORMATION { + pub __bindgen_anon_1: _JOBOBJECT_FREEZE_INFORMATION__bindgen_ty_1, + pub Freeze: BOOLEAN, + pub Swap: BOOLEAN, + pub Reserved0: [UCHAR; 2usize], + pub WakeFilter: JOBOBJECT_WAKE_FILTER, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _JOBOBJECT_FREEZE_INFORMATION__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _JOBOBJECT_FREEZE_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _JOBOBJECT_FREEZE_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _JOBOBJECT_FREEZE_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn FreezeOperation(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_FreezeOperation(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn FilterOperation(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_FilterOperation(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn SwapOperation(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_SwapOperation(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 29u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 29u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + FreezeOperation: ULONG, + FilterOperation: ULONG, + SwapOperation: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let FreezeOperation: u32 = unsafe { ::core::mem::transmute(FreezeOperation) }; + FreezeOperation as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let FilterOperation: u32 = unsafe { ::core::mem::transmute(FilterOperation) }; + FilterOperation as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let SwapOperation: u32 = unsafe { ::core::mem::transmute(SwapOperation) }; + SwapOperation as u64 + }); + __bindgen_bitfield_unit.set(3usize, 29u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _JOBOBJECT_FREEZE_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _JOBOBJECT_FREEZE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type JOBOBJECT_FREEZE_INFORMATION = _JOBOBJECT_FREEZE_INFORMATION; +pub type PJOBOBJECT_FREEZE_INFORMATION = *mut _JOBOBJECT_FREEZE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _JOBOBJECT_CONTAINER_IDENTIFIER_V2 { + pub ContainerId: GUID, + pub ContainerTelemetryId: GUID, + pub JobId: ULONG, +} +pub type JOBOBJECT_CONTAINER_IDENTIFIER_V2 = _JOBOBJECT_CONTAINER_IDENTIFIER_V2; +pub type PJOBOBJECT_CONTAINER_IDENTIFIER_V2 = *mut _JOBOBJECT_CONTAINER_IDENTIFIER_V2; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _JOBOBJECT_MEMORY_USAGE_INFORMATION { + pub JobMemory: ULONG64, + pub PeakJobMemoryUsed: ULONG64, +} +pub type JOBOBJECT_MEMORY_USAGE_INFORMATION = _JOBOBJECT_MEMORY_USAGE_INFORMATION; +pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION = *mut _JOBOBJECT_MEMORY_USAGE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _JOBOBJECT_MEMORY_USAGE_INFORMATION_V2 { + pub BasicInfo: JOBOBJECT_MEMORY_USAGE_INFORMATION, + pub JobSharedMemory: ULONG64, + pub Reserved: [ULONG64; 2usize], +} +pub type JOBOBJECT_MEMORY_USAGE_INFORMATION_V2 = _JOBOBJECT_MEMORY_USAGE_INFORMATION_V2; +pub type PJOBOBJECT_MEMORY_USAGE_INFORMATION_V2 = *mut _JOBOBJECT_MEMORY_USAGE_INFORMATION_V2; +#[repr(C)] +pub struct _SILO_USER_SHARED_DATA { + pub ServiceSessionId: ULONG, + pub ActiveConsoleId: ULONG, + pub ConsoleSessionForegroundProcessId: LONGLONG, + pub NtProductType: NT_PRODUCT_TYPE, + pub SuiteMask: ULONG, + pub SharedUserSessionId: ULONG, + pub IsMultiSessionSku: BOOLEAN, + pub NtSystemRoot: [WCHAR; 260usize], + pub UserModeGlobalLogger: [USHORT; 16usize], + pub TimeZoneId: ULONG, + pub TimeZoneBiasStamp: LONG, + pub TimeZoneBias: KSYSTEM_TIME, + pub TimeZoneBiasEffectiveStart: LARGE_INTEGER, + pub TimeZoneBiasEffectiveEnd: LARGE_INTEGER, +} +impl Default for _SILO_USER_SHARED_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SILO_USER_SHARED_DATA = _SILO_USER_SHARED_DATA; +#[repr(C)] +pub struct _SILOOBJECT_ROOT_DIRECTORY { + pub __bindgen_anon_1: _SILOOBJECT_ROOT_DIRECTORY__bindgen_ty_1, +} +#[repr(C)] +pub union _SILOOBJECT_ROOT_DIRECTORY__bindgen_ty_1 { + pub ControlFlags: ::core::mem::ManuallyDrop, + pub Path: ::core::mem::ManuallyDrop, +} +impl Default for _SILOOBJECT_ROOT_DIRECTORY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SILOOBJECT_ROOT_DIRECTORY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SILOOBJECT_ROOT_DIRECTORY = _SILOOBJECT_ROOT_DIRECTORY; +pub type PSILOOBJECT_ROOT_DIRECTORY = *mut _SILOOBJECT_ROOT_DIRECTORY; +#[repr(C)] +pub struct _SERVERSILO_INIT_INFORMATION { + pub DeleteEvent: HANDLE, + pub IsDownlevelContainer: BOOLEAN, +} +impl Default for _SERVERSILO_INIT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SERVERSILO_INIT_INFORMATION = _SERVERSILO_INIT_INFORMATION; +pub type PSERVERSILO_INIT_INFORMATION = *mut _SERVERSILO_INIT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _JOBOBJECT_ENERGY_TRACKING_STATE { + pub Value: ULONG64, + pub UpdateMask: ULONG, + pub DesiredState: ULONG, +} +pub type JOBOBJECT_ENERGY_TRACKING_STATE = _JOBOBJECT_ENERGY_TRACKING_STATE; +pub type PJOBOBJECT_ENERGY_TRACKING_STATE = *mut _JOBOBJECT_ENERGY_TRACKING_STATE; +impl _JOBOBJECT_IO_PRIORITY_LIMIT_FLAGS { + pub const JOBOBJECT_IO_PRIORITY_LIMIT_VALID_FLAGS: _JOBOBJECT_IO_PRIORITY_LIMIT_FLAGS = + _JOBOBJECT_IO_PRIORITY_LIMIT_FLAGS::JOBOBJECT_IO_PRIORITY_LIMIT_ENABLE; +} +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _JOBOBJECT_IO_PRIORITY_LIMIT_FLAGS { + JOBOBJECT_IO_PRIORITY_LIMIT_ENABLE = 1, +} +pub use self::_JOBOBJECT_IO_PRIORITY_LIMIT_FLAGS as JOBOBJECT_IO_PRIORITY_LIMIT_FLAGS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _JOBOBJECT_IO_PRIORITY_LIMIT { + pub Flags: JOBOBJECT_IO_PRIORITY_LIMIT_FLAGS, + pub Priority: ULONG, +} +impl Default for _JOBOBJECT_IO_PRIORITY_LIMIT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type JOBOBJECT_IO_PRIORITY_LIMIT = _JOBOBJECT_IO_PRIORITY_LIMIT; +pub type PJOBOBJECT_IO_PRIORITY_LIMIT = *mut _JOBOBJECT_IO_PRIORITY_LIMIT; +impl _JOBOBJECT_PAGE_PRIORITY_LIMIT_FLAGS { + pub const JOBOBJECT_PAGE_PRIORITY_LIMIT_VALID_FLAGS: _JOBOBJECT_PAGE_PRIORITY_LIMIT_FLAGS = + _JOBOBJECT_PAGE_PRIORITY_LIMIT_FLAGS::JOBOBJECT_PAGE_PRIORITY_LIMIT_ENABLE; +} +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _JOBOBJECT_PAGE_PRIORITY_LIMIT_FLAGS { + JOBOBJECT_PAGE_PRIORITY_LIMIT_ENABLE = 1, +} +pub use self::_JOBOBJECT_PAGE_PRIORITY_LIMIT_FLAGS as JOBOBJECT_PAGE_PRIORITY_LIMIT_FLAGS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _JOBOBJECT_PAGE_PRIORITY_LIMIT { + pub Flags: JOBOBJECT_PAGE_PRIORITY_LIMIT_FLAGS, + pub Priority: ULONG, +} +impl Default for _JOBOBJECT_PAGE_PRIORITY_LIMIT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type JOBOBJECT_PAGE_PRIORITY_LIMIT = _JOBOBJECT_PAGE_PRIORITY_LIMIT; +pub type PJOBOBJECT_PAGE_PRIORITY_LIMIT = *mut _JOBOBJECT_PAGE_PRIORITY_LIMIT; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _MEMORY_RESERVE_TYPE { + MemoryReserveUserApc = 0, + MemoryReserveIoCompletion = 1, + MemoryReserveTypeMax = 2, +} +pub use self::_MEMORY_RESERVE_TYPE as MEMORY_RESERVE_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _NTPSS_MEMORY_BULK_INFORMATION { + pub QueryFlags: ULONG, + pub NumberOfEntries: ULONG, + pub NextValidAddress: PVOID, +} +impl Default for _NTPSS_MEMORY_BULK_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type NTPSS_MEMORY_BULK_INFORMATION = _NTPSS_MEMORY_BULK_INFORMATION; +pub type PNTPSS_MEMORY_BULK_INFORMATION = *mut _NTPSS_MEMORY_BULK_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PNP_VETO_TYPE { + PNP_VetoTypeUnknown = 0, + PNP_VetoLegacyDevice = 1, + PNP_VetoPendingClose = 2, + PNP_VetoWindowsApp = 3, + PNP_VetoWindowsService = 4, + PNP_VetoOutstandingOpen = 5, + PNP_VetoDevice = 6, + PNP_VetoDriver = 7, + PNP_VetoIllegalDeviceRequest = 8, + PNP_VetoInsufficientPower = 9, + PNP_VetoNonDisableable = 10, + PNP_VetoLegacyDriver = 11, + PNP_VetoInsufficientRights = 12, + PNP_VetoAlreadyRemoved = 13, +} +pub use self::_PNP_VETO_TYPE as PNP_VETO_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _DBGKM_EXCEPTION { + pub ExceptionRecord: EXCEPTION_RECORD, + pub FirstChance: ULONG, +} +impl Default for _DBGKM_EXCEPTION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DBGKM_EXCEPTION = _DBGKM_EXCEPTION; +pub type PDBGKM_EXCEPTION = *mut _DBGKM_EXCEPTION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _DBGKM_CREATE_THREAD { + pub SubSystemKey: ULONG, + pub StartAddress: PVOID, +} +impl Default for _DBGKM_CREATE_THREAD { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DBGKM_CREATE_THREAD = _DBGKM_CREATE_THREAD; +pub type PDBGKM_CREATE_THREAD = *mut _DBGKM_CREATE_THREAD; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _DBGKM_CREATE_PROCESS { + pub SubSystemKey: ULONG, + pub FileHandle: HANDLE, + pub BaseOfImage: PVOID, + pub DebugInfoFileOffset: ULONG, + pub DebugInfoSize: ULONG, + pub InitialThread: DBGKM_CREATE_THREAD, +} +impl Default for _DBGKM_CREATE_PROCESS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DBGKM_CREATE_PROCESS = _DBGKM_CREATE_PROCESS; +pub type PDBGKM_CREATE_PROCESS = *mut _DBGKM_CREATE_PROCESS; +#[repr(C)] +pub struct _DBGKM_EXIT_THREAD { + pub ExitStatus: NTSTATUS, +} +impl Default for _DBGKM_EXIT_THREAD { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DBGKM_EXIT_THREAD = _DBGKM_EXIT_THREAD; +pub type PDBGKM_EXIT_THREAD = *mut _DBGKM_EXIT_THREAD; +#[repr(C)] +pub struct _DBGKM_EXIT_PROCESS { + pub ExitStatus: NTSTATUS, +} +impl Default for _DBGKM_EXIT_PROCESS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DBGKM_EXIT_PROCESS = _DBGKM_EXIT_PROCESS; +pub type PDBGKM_EXIT_PROCESS = *mut _DBGKM_EXIT_PROCESS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _DBGKM_LOAD_DLL { + pub FileHandle: HANDLE, + pub BaseOfDll: PVOID, + pub DebugInfoFileOffset: ULONG, + pub DebugInfoSize: ULONG, + pub NamePointer: PVOID, +} +impl Default for _DBGKM_LOAD_DLL { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DBGKM_LOAD_DLL = _DBGKM_LOAD_DLL; +pub type PDBGKM_LOAD_DLL = *mut _DBGKM_LOAD_DLL; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _DBGKM_UNLOAD_DLL { + pub BaseAddress: PVOID, +} +impl Default for _DBGKM_UNLOAD_DLL { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DBGKM_UNLOAD_DLL = _DBGKM_UNLOAD_DLL; +pub type PDBGKM_UNLOAD_DLL = *mut _DBGKM_UNLOAD_DLL; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DBG_STATE { + DbgIdle = 0, + DbgReplyPending = 1, + DbgCreateThreadStateChange = 2, + DbgCreateProcessStateChange = 3, + DbgExitThreadStateChange = 4, + DbgExitProcessStateChange = 5, + DbgExceptionStateChange = 6, + DbgBreakpointStateChange = 7, + DbgSingleStepStateChange = 8, + DbgLoadDllStateChange = 9, + DbgUnloadDllStateChange = 10, +} +pub use self::_DBG_STATE as DBG_STATE; +pub type PDBG_STATE = *mut _DBG_STATE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _DBGUI_CREATE_THREAD { + pub HandleToThread: HANDLE, + pub NewThread: DBGKM_CREATE_THREAD, +} +impl Default for _DBGUI_CREATE_THREAD { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DBGUI_CREATE_THREAD = _DBGUI_CREATE_THREAD; +pub type PDBGUI_CREATE_THREAD = *mut _DBGUI_CREATE_THREAD; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _DBGUI_CREATE_PROCESS { + pub HandleToProcess: HANDLE, + pub HandleToThread: HANDLE, + pub NewProcess: DBGKM_CREATE_PROCESS, +} +impl Default for _DBGUI_CREATE_PROCESS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DBGUI_CREATE_PROCESS = _DBGUI_CREATE_PROCESS; +pub type PDBGUI_CREATE_PROCESS = *mut _DBGUI_CREATE_PROCESS; +#[repr(C)] +pub struct _DBGUI_WAIT_STATE_CHANGE { + pub NewState: DBG_STATE, + pub AppClientId: CLIENT_ID, + pub StateInfo: _DBGUI_WAIT_STATE_CHANGE__bindgen_ty_1, +} +#[repr(C)] +pub union _DBGUI_WAIT_STATE_CHANGE__bindgen_ty_1 { + pub Exception: ::core::mem::ManuallyDrop, + pub CreateThread: ::core::mem::ManuallyDrop, + pub CreateProcessInfo: ::core::mem::ManuallyDrop, + pub ExitThread: ::core::mem::ManuallyDrop, + pub ExitProcess: ::core::mem::ManuallyDrop, + pub LoadDll: ::core::mem::ManuallyDrop, + pub UnloadDll: ::core::mem::ManuallyDrop, +} +impl Default for _DBGUI_WAIT_STATE_CHANGE__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _DBGUI_WAIT_STATE_CHANGE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DBGUI_WAIT_STATE_CHANGE = _DBGUI_WAIT_STATE_CHANGE; +pub type PDBGUI_WAIT_STATE_CHANGE = *mut _DBGUI_WAIT_STATE_CHANGE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DEBUGOBJECTINFOCLASS { + DebugObjectUnusedInformation = 0, + DebugObjectKillProcessOnExitInformation = 1, + MaxDebugObjectInfoClass = 2, +} +pub use self::_DEBUGOBJECTINFOCLASS as DEBUGOBJECTINFOCLASS; +pub type PDEBUGOBJECTINFOCLASS = *mut _DEBUGOBJECTINFOCLASS; +pub type PENABLECALLBACK = ::core::option::Option< + unsafe extern "C" fn( + SourceId: LPCGUID, + IsEnabled: ULONG, + Level: UCHAR, + MatchAnyKeyword: ULONGLONG, + MatchAllKeyword: ULONGLONG, + FilterData: PEVENT_FILTER_DESCRIPTOR, + CallbackContext: PVOID, + ), +>; +pub type REGHANDLE = ULONGLONG; +pub type PREGHANDLE = *mut ULONGLONG; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EXTENDED_CREATE_INFORMATION { + pub ExtendedCreateFlags: LONGLONG, + pub EaBuffer: PVOID, + pub EaLength: ULONG, +} +impl Default for _EXTENDED_CREATE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EXTENDED_CREATE_INFORMATION = _EXTENDED_CREATE_INFORMATION; +pub type PEXTENDED_CREATE_INFORMATION = *mut _EXTENDED_CREATE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EXTENDED_CREATE_INFORMATION_32 { + pub ExtendedCreateFlags: LONGLONG, + pub EaBuffer: u32, + pub EaLength: ULONG, +} +impl Default for _EXTENDED_CREATE_INFORMATION_32 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type EXTENDED_CREATE_INFORMATION_32 = _EXTENDED_CREATE_INFORMATION_32; +pub type PEXTENDED_CREATE_INFORMATION_32 = *mut _EXTENDED_CREATE_INFORMATION_32; +#[repr(C)] +pub struct _IO_STATUS_BLOCK { + pub __bindgen_anon_1: _IO_STATUS_BLOCK__bindgen_ty_1, + pub Information: ULONG_PTR, +} +#[repr(C)] +pub union _IO_STATUS_BLOCK__bindgen_ty_1 { + pub Status: ::core::mem::ManuallyDrop, + pub Pointer: ::core::mem::ManuallyDrop, +} +impl Default for _IO_STATUS_BLOCK__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _IO_STATUS_BLOCK { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type IO_STATUS_BLOCK = _IO_STATUS_BLOCK; +pub type PIO_APC_ROUTINE = ::core::option::Option< + unsafe extern "C" fn(ApcContext: PVOID, IoStatusBlock: PIO_STATUS_BLOCK, Reserved: ULONG), +>; +#[repr(C)] +pub struct _FILE_IO_COMPLETION_INFORMATION { + pub KeyContext: PVOID, + pub ApcContext: PVOID, + pub IoStatusBlock: IO_STATUS_BLOCK, +} +impl Default for _FILE_IO_COMPLETION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_IO_COMPLETION_INFORMATION = _FILE_IO_COMPLETION_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _FILE_INFORMATION_CLASS { + FileDirectoryInformation = 1, + FileFullDirectoryInformation = 2, + FileBothDirectoryInformation = 3, + FileBasicInformation = 4, + FileStandardInformation = 5, + FileInternalInformation = 6, + FileEaInformation = 7, + FileAccessInformation = 8, + FileNameInformation = 9, + FileRenameInformation = 10, + FileLinkInformation = 11, + FileNamesInformation = 12, + FileDispositionInformation = 13, + FilePositionInformation = 14, + FileFullEaInformation = 15, + FileModeInformation = 16, + FileAlignmentInformation = 17, + FileAllInformation = 18, + FileAllocationInformation = 19, + FileEndOfFileInformation = 20, + FileAlternateNameInformation = 21, + FileStreamInformation = 22, + FilePipeInformation = 23, + FilePipeLocalInformation = 24, + FilePipeRemoteInformation = 25, + FileMailslotQueryInformation = 26, + FileMailslotSetInformation = 27, + FileCompressionInformation = 28, + FileObjectIdInformation = 29, + FileCompletionInformation = 30, + FileMoveClusterInformation = 31, + FileQuotaInformation = 32, + FileReparsePointInformation = 33, + FileNetworkOpenInformation = 34, + FileAttributeTagInformation = 35, + FileTrackingInformation = 36, + FileIdBothDirectoryInformation = 37, + FileIdFullDirectoryInformation = 38, + FileValidDataLengthInformation = 39, + FileShortNameInformation = 40, + FileIoCompletionNotificationInformation = 41, + FileIoStatusBlockRangeInformation = 42, + FileIoPriorityHintInformation = 43, + FileSfioReserveInformation = 44, + FileSfioVolumeInformation = 45, + FileHardLinkInformation = 46, + FileProcessIdsUsingFileInformation = 47, + FileNormalizedNameInformation = 48, + FileNetworkPhysicalNameInformation = 49, + FileIdGlobalTxDirectoryInformation = 50, + FileIsRemoteDeviceInformation = 51, + FileUnusedInformation = 52, + FileNumaNodeInformation = 53, + FileStandardLinkInformation = 54, + FileRemoteProtocolInformation = 55, + FileRenameInformationBypassAccessCheck = 56, + FileLinkInformationBypassAccessCheck = 57, + FileVolumeNameInformation = 58, + FileIdInformation = 59, + FileIdExtdDirectoryInformation = 60, + FileReplaceCompletionInformation = 61, + FileHardLinkFullIdInformation = 62, + FileIdExtdBothDirectoryInformation = 63, + FileDispositionInformationEx = 64, + FileRenameInformationEx = 65, + FileRenameInformationExBypassAccessCheck = 66, + FileDesiredStorageClassInformation = 67, + FileStatInformation = 68, + FileMemoryPartitionInformation = 69, + FileStatLxInformation = 70, + FileCaseSensitiveInformation = 71, + FileLinkInformationEx = 72, + FileLinkInformationExBypassAccessCheck = 73, + FileStorageReserveIdInformation = 74, + FileCaseSensitiveInformationForceAccessCheck = 75, + FileKnownFolderInformation = 76, + FileStatBasicInformation = 77, + FileId64ExtdDirectoryInformation = 78, + FileId64ExtdBothDirectoryInformation = 79, + FileIdAllExtdDirectoryInformation = 80, + FileIdAllExtdBothDirectoryInformation = 81, + FileMaximumInformation = 82, +} +pub use self::_FILE_INFORMATION_CLASS as FILE_INFORMATION_CLASS; +pub type PFILE_INFORMATION_CLASS = *mut _FILE_INFORMATION_CLASS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_BASIC_INFORMATION { + pub CreationTime: LARGE_INTEGER, + pub LastAccessTime: LARGE_INTEGER, + pub LastWriteTime: LARGE_INTEGER, + pub ChangeTime: LARGE_INTEGER, + pub FileAttributes: ULONG, +} +impl Default for _FILE_BASIC_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_BASIC_INFORMATION = _FILE_BASIC_INFORMATION; +pub type PFILE_BASIC_INFORMATION = *mut _FILE_BASIC_INFORMATION; +#[repr(C)] +pub struct _FILE_STANDARD_INFORMATION { + pub AllocationSize: LARGE_INTEGER, + pub EndOfFile: LARGE_INTEGER, + pub NumberOfLinks: ULONG, + pub DeletePending: BOOLEAN, + pub Directory: BOOLEAN, +} +impl Default for _FILE_STANDARD_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_STANDARD_INFORMATION = _FILE_STANDARD_INFORMATION; +pub type PFILE_STANDARD_INFORMATION = *mut _FILE_STANDARD_INFORMATION; +#[repr(C)] +pub struct _FILE_STANDARD_INFORMATION_EX { + pub AllocationSize: LARGE_INTEGER, + pub EndOfFile: LARGE_INTEGER, + pub NumberOfLinks: ULONG, + pub DeletePending: BOOLEAN, + pub Directory: BOOLEAN, + pub AlternateStream: BOOLEAN, + pub MetadataAttribute: BOOLEAN, +} +impl Default for _FILE_STANDARD_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_STANDARD_INFORMATION_EX = _FILE_STANDARD_INFORMATION_EX; +pub type PFILE_STANDARD_INFORMATION_EX = *mut _FILE_STANDARD_INFORMATION_EX; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_INTERNAL_INFORMATION { + pub __bindgen_anon_1: _FILE_INTERNAL_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _FILE_INTERNAL_INFORMATION__bindgen_ty_1 { + pub IndexNumber: LARGE_INTEGER, + pub __bindgen_anon_1: _FILE_INTERNAL_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_INTERNAL_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl _FILE_INTERNAL_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn MftRecordIndex(&self) -> LONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 48u8) as u64) } + } + #[inline] + pub fn set_MftRecordIndex(&mut self, val: LONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 48u8, val as u64) + } + } + #[inline] + pub fn SequenceNumber(&self) -> LONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(48usize, 16u8) as u64) } + } + #[inline] + pub fn set_SequenceNumber(&mut self, val: LONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(48usize, 16u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + MftRecordIndex: LONGLONG, + SequenceNumber: LONGLONG, + ) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 48u8, { + let MftRecordIndex: u64 = unsafe { ::core::mem::transmute(MftRecordIndex) }; + MftRecordIndex as u64 + }); + __bindgen_bitfield_unit.set(48usize, 16u8, { + let SequenceNumber: u64 = unsafe { ::core::mem::transmute(SequenceNumber) }; + SequenceNumber as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _FILE_INTERNAL_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _FILE_INTERNAL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_INTERNAL_INFORMATION = _FILE_INTERNAL_INFORMATION; +pub type PFILE_INTERNAL_INFORMATION = *mut _FILE_INTERNAL_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_EA_INFORMATION { + pub EaSize: ULONG, +} +pub type FILE_EA_INFORMATION = _FILE_EA_INFORMATION; +pub type PFILE_EA_INFORMATION = *mut _FILE_EA_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_ACCESS_INFORMATION { + pub AccessFlags: ACCESS_MASK, +} +pub type FILE_ACCESS_INFORMATION = _FILE_ACCESS_INFORMATION; +pub type PFILE_ACCESS_INFORMATION = *mut _FILE_ACCESS_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_POSITION_INFORMATION { + pub CurrentByteOffset: LARGE_INTEGER, +} +impl Default for _FILE_POSITION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_POSITION_INFORMATION = _FILE_POSITION_INFORMATION; +pub type PFILE_POSITION_INFORMATION = *mut _FILE_POSITION_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_MODE_INFORMATION { + pub Mode: ULONG, +} +pub type FILE_MODE_INFORMATION = _FILE_MODE_INFORMATION; +pub type PFILE_MODE_INFORMATION = *mut _FILE_MODE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_ALIGNMENT_INFORMATION { + pub AlignmentRequirement: ULONG, +} +pub type FILE_ALIGNMENT_INFORMATION = _FILE_ALIGNMENT_INFORMATION; +pub type PFILE_ALIGNMENT_INFORMATION = *mut _FILE_ALIGNMENT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_NAME_INFORMATION { + pub FileNameLength: ULONG, + pub FileName: [WCHAR; 1usize], +} +pub type FILE_NAME_INFORMATION = _FILE_NAME_INFORMATION; +pub type PFILE_NAME_INFORMATION = *mut _FILE_NAME_INFORMATION; +#[repr(C)] +pub struct _FILE_ALL_INFORMATION { + pub BasicInformation: FILE_BASIC_INFORMATION, + pub StandardInformation: FILE_STANDARD_INFORMATION, + pub InternalInformation: FILE_INTERNAL_INFORMATION, + pub EaInformation: FILE_EA_INFORMATION, + pub AccessInformation: FILE_ACCESS_INFORMATION, + pub PositionInformation: FILE_POSITION_INFORMATION, + pub ModeInformation: FILE_MODE_INFORMATION, + pub AlignmentInformation: FILE_ALIGNMENT_INFORMATION, + pub NameInformation: FILE_NAME_INFORMATION, +} +impl Default for _FILE_ALL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_ALL_INFORMATION = _FILE_ALL_INFORMATION; +pub type PFILE_ALL_INFORMATION = *mut _FILE_ALL_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_NETWORK_OPEN_INFORMATION { + pub CreationTime: LARGE_INTEGER, + pub LastAccessTime: LARGE_INTEGER, + pub LastWriteTime: LARGE_INTEGER, + pub ChangeTime: LARGE_INTEGER, + pub AllocationSize: LARGE_INTEGER, + pub EndOfFile: LARGE_INTEGER, + pub FileAttributes: ULONG, +} +impl Default for _FILE_NETWORK_OPEN_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_NETWORK_OPEN_INFORMATION = _FILE_NETWORK_OPEN_INFORMATION; +pub type PFILE_NETWORK_OPEN_INFORMATION = *mut _FILE_NETWORK_OPEN_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_ATTRIBUTE_TAG_INFORMATION { + pub FileAttributes: ULONG, + pub ReparseTag: ULONG, +} +pub type FILE_ATTRIBUTE_TAG_INFORMATION = _FILE_ATTRIBUTE_TAG_INFORMATION; +pub type PFILE_ATTRIBUTE_TAG_INFORMATION = *mut _FILE_ATTRIBUTE_TAG_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_ALLOCATION_INFORMATION { + pub AllocationSize: LARGE_INTEGER, +} +impl Default for _FILE_ALLOCATION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_ALLOCATION_INFORMATION = _FILE_ALLOCATION_INFORMATION; +pub type PFILE_ALLOCATION_INFORMATION = *mut _FILE_ALLOCATION_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_COMPRESSION_INFORMATION { + pub CompressedFileSize: LARGE_INTEGER, + pub CompressionFormat: USHORT, + pub CompressionUnitShift: UCHAR, + pub ChunkShift: UCHAR, + pub ClusterShift: UCHAR, + pub Reserved: [UCHAR; 3usize], +} +impl Default for _FILE_COMPRESSION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_COMPRESSION_INFORMATION = _FILE_COMPRESSION_INFORMATION; +pub type PFILE_COMPRESSION_INFORMATION = *mut _FILE_COMPRESSION_INFORMATION; +#[repr(C)] +pub struct _FILE_DISPOSITION_INFORMATION { + pub DeleteFileA: BOOLEAN, +} +impl Default for _FILE_DISPOSITION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_DISPOSITION_INFORMATION = _FILE_DISPOSITION_INFORMATION; +pub type PFILE_DISPOSITION_INFORMATION = *mut _FILE_DISPOSITION_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_END_OF_FILE_INFORMATION { + pub EndOfFile: LARGE_INTEGER, +} +impl Default for _FILE_END_OF_FILE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_END_OF_FILE_INFORMATION = _FILE_END_OF_FILE_INFORMATION; +pub type PFILE_END_OF_FILE_INFORMATION = *mut _FILE_END_OF_FILE_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_END_OF_FILE_INFORMATION_EX { + pub EndOfFile: LARGE_INTEGER, + pub PagingFileSizeInMM: LARGE_INTEGER, + pub PagingFileMaxSize: LARGE_INTEGER, + pub Flags: ULONG, +} +impl Default for _FILE_END_OF_FILE_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_END_OF_FILE_INFORMATION_EX = _FILE_END_OF_FILE_INFORMATION_EX; +pub type PFILE_END_OF_FILE_INFORMATION_EX = *mut _FILE_END_OF_FILE_INFORMATION_EX; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_VALID_DATA_LENGTH_INFORMATION { + pub ValidDataLength: LARGE_INTEGER, +} +impl Default for _FILE_VALID_DATA_LENGTH_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_VALID_DATA_LENGTH_INFORMATION = _FILE_VALID_DATA_LENGTH_INFORMATION; +pub type PFILE_VALID_DATA_LENGTH_INFORMATION = *mut _FILE_VALID_DATA_LENGTH_INFORMATION; +#[repr(C)] +pub struct _FILE_LINK_INFORMATION { + pub ReplaceIfExists: BOOLEAN, + pub RootDirectory: HANDLE, + pub FileNameLength: ULONG, + pub FileName: [WCHAR; 1usize], +} +impl Default for _FILE_LINK_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_LINK_INFORMATION = _FILE_LINK_INFORMATION; +pub type PFILE_LINK_INFORMATION = *mut _FILE_LINK_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_LINK_INFORMATION_EX { + pub Flags: ULONG, + pub RootDirectory: HANDLE, + pub FileNameLength: ULONG, + pub FileName: [WCHAR; 1usize], +} +impl Default for _FILE_LINK_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_LINK_INFORMATION_EX = _FILE_LINK_INFORMATION_EX; +pub type PFILE_LINK_INFORMATION_EX = *mut _FILE_LINK_INFORMATION_EX; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_MOVE_CLUSTER_INFORMATION { + pub ClusterCount: ULONG, + pub RootDirectory: HANDLE, + pub FileNameLength: ULONG, + pub FileName: [WCHAR; 1usize], +} +impl Default for _FILE_MOVE_CLUSTER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_MOVE_CLUSTER_INFORMATION = _FILE_MOVE_CLUSTER_INFORMATION; +pub type PFILE_MOVE_CLUSTER_INFORMATION = *mut _FILE_MOVE_CLUSTER_INFORMATION; +#[repr(C)] +pub struct _FILE_RENAME_INFORMATION { + pub ReplaceIfExists: BOOLEAN, + pub RootDirectory: HANDLE, + pub FileNameLength: ULONG, + pub FileName: [WCHAR; 1usize], +} +impl Default for _FILE_RENAME_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_RENAME_INFORMATION = _FILE_RENAME_INFORMATION; +pub type PFILE_RENAME_INFORMATION = *mut _FILE_RENAME_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_RENAME_INFORMATION_EX { + pub Flags: ULONG, + pub RootDirectory: HANDLE, + pub FileNameLength: ULONG, + pub FileName: [WCHAR; 1usize], +} +impl Default for _FILE_RENAME_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_RENAME_INFORMATION_EX = _FILE_RENAME_INFORMATION_EX; +pub type PFILE_RENAME_INFORMATION_EX = *mut _FILE_RENAME_INFORMATION_EX; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_STREAM_INFORMATION { + pub NextEntryOffset: ULONG, + pub StreamNameLength: ULONG, + pub StreamSize: LARGE_INTEGER, + pub StreamAllocationSize: LARGE_INTEGER, + pub StreamName: [WCHAR; 1usize], +} +impl Default for _FILE_STREAM_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_STREAM_INFORMATION = _FILE_STREAM_INFORMATION; +pub type PFILE_STREAM_INFORMATION = *mut _FILE_STREAM_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_TRACKING_INFORMATION { + pub DestinationFile: HANDLE, + pub ObjectInformationLength: ULONG, + pub ObjectInformation: [CHAR; 1usize], +} +impl Default for _FILE_TRACKING_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_TRACKING_INFORMATION = _FILE_TRACKING_INFORMATION; +pub type PFILE_TRACKING_INFORMATION = *mut _FILE_TRACKING_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_COMPLETION_INFORMATION { + pub Port: HANDLE, + pub Key: PVOID, +} +impl Default for _FILE_COMPLETION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_COMPLETION_INFORMATION = _FILE_COMPLETION_INFORMATION; +pub type PFILE_COMPLETION_INFORMATION = *mut _FILE_COMPLETION_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_PIPE_INFORMATION { + pub ReadMode: ULONG, + pub CompletionMode: ULONG, +} +pub type FILE_PIPE_INFORMATION = _FILE_PIPE_INFORMATION; +pub type PFILE_PIPE_INFORMATION = *mut _FILE_PIPE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_PIPE_LOCAL_INFORMATION { + pub NamedPipeType: ULONG, + pub NamedPipeConfiguration: ULONG, + pub MaximumInstances: ULONG, + pub CurrentInstances: ULONG, + pub InboundQuota: ULONG, + pub ReadDataAvailable: ULONG, + pub OutboundQuota: ULONG, + pub WriteQuotaAvailable: ULONG, + pub NamedPipeState: ULONG, + pub NamedPipeEnd: ULONG, +} +pub type FILE_PIPE_LOCAL_INFORMATION = _FILE_PIPE_LOCAL_INFORMATION; +pub type PFILE_PIPE_LOCAL_INFORMATION = *mut _FILE_PIPE_LOCAL_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_PIPE_REMOTE_INFORMATION { + pub CollectDataTime: LARGE_INTEGER, + pub MaximumCollectionCount: ULONG, +} +impl Default for _FILE_PIPE_REMOTE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_PIPE_REMOTE_INFORMATION = _FILE_PIPE_REMOTE_INFORMATION; +pub type PFILE_PIPE_REMOTE_INFORMATION = *mut _FILE_PIPE_REMOTE_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_MAILSLOT_QUERY_INFORMATION { + pub MaximumMessageSize: ULONG, + pub MailslotQuota: ULONG, + pub NextMessageSize: ULONG, + pub MessagesAvailable: ULONG, + pub ReadTimeout: LARGE_INTEGER, +} +impl Default for _FILE_MAILSLOT_QUERY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_MAILSLOT_QUERY_INFORMATION = _FILE_MAILSLOT_QUERY_INFORMATION; +pub type PFILE_MAILSLOT_QUERY_INFORMATION = *mut _FILE_MAILSLOT_QUERY_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_MAILSLOT_SET_INFORMATION { + pub ReadTimeout: PLARGE_INTEGER, +} +impl Default for _FILE_MAILSLOT_SET_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_MAILSLOT_SET_INFORMATION = _FILE_MAILSLOT_SET_INFORMATION; +pub type PFILE_MAILSLOT_SET_INFORMATION = *mut _FILE_MAILSLOT_SET_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_REPARSE_POINT_INFORMATION { + pub FileReference: LONGLONG, + pub Tag: ULONG, +} +pub type FILE_REPARSE_POINT_INFORMATION = _FILE_REPARSE_POINT_INFORMATION; +pub type PFILE_REPARSE_POINT_INFORMATION = *mut _FILE_REPARSE_POINT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_LINK_ENTRY_INFORMATION { + pub NextEntryOffset: ULONG, + pub ParentFileId: LONGLONG, + pub FileNameLength: ULONG, + pub FileName: [WCHAR; 1usize], +} +pub type FILE_LINK_ENTRY_INFORMATION = _FILE_LINK_ENTRY_INFORMATION; +pub type PFILE_LINK_ENTRY_INFORMATION = *mut _FILE_LINK_ENTRY_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_LINKS_INFORMATION { + pub BytesNeeded: ULONG, + pub EntriesReturned: ULONG, + pub Entry: FILE_LINK_ENTRY_INFORMATION, +} +pub type FILE_LINKS_INFORMATION = _FILE_LINKS_INFORMATION; +pub type PFILE_LINKS_INFORMATION = *mut _FILE_LINKS_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION { + pub FileNameLength: ULONG, + pub FileName: [WCHAR; 1usize], +} +pub type FILE_NETWORK_PHYSICAL_NAME_INFORMATION = _FILE_NETWORK_PHYSICAL_NAME_INFORMATION; +pub type PFILE_NETWORK_PHYSICAL_NAME_INFORMATION = *mut _FILE_NETWORK_PHYSICAL_NAME_INFORMATION; +#[repr(C)] +pub struct _FILE_STANDARD_LINK_INFORMATION { + pub NumberOfAccessibleLinks: ULONG, + pub TotalNumberOfLinks: ULONG, + pub DeletePending: BOOLEAN, + pub Directory: BOOLEAN, +} +impl Default for _FILE_STANDARD_LINK_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_STANDARD_LINK_INFORMATION = _FILE_STANDARD_LINK_INFORMATION; +pub type PFILE_STANDARD_LINK_INFORMATION = *mut _FILE_STANDARD_LINK_INFORMATION; +#[repr(C)] +pub struct _FILE_SFIO_RESERVE_INFORMATION { + pub RequestsPerPeriod: ULONG, + pub Period: ULONG, + pub RetryFailures: BOOLEAN, + pub Discardable: BOOLEAN, + pub RequestSize: ULONG, + pub NumOutstandingRequests: ULONG, +} +impl Default for _FILE_SFIO_RESERVE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_SFIO_RESERVE_INFORMATION = _FILE_SFIO_RESERVE_INFORMATION; +pub type PFILE_SFIO_RESERVE_INFORMATION = *mut _FILE_SFIO_RESERVE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_SFIO_VOLUME_INFORMATION { + pub MaximumRequestsPerPeriod: ULONG, + pub MinimumPeriod: ULONG, + pub MinimumTransferSize: ULONG, +} +pub type FILE_SFIO_VOLUME_INFORMATION = _FILE_SFIO_VOLUME_INFORMATION; +pub type PFILE_SFIO_VOLUME_INFORMATION = *mut _FILE_SFIO_VOLUME_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _IO_PRIORITY_HINT { + IoPriorityVeryLow = 0, + IoPriorityLow = 1, + IoPriorityNormal = 2, + IoPriorityHigh = 3, + IoPriorityCritical = 4, + MaxIoPriorityTypes = 5, +} +pub use self::_IO_PRIORITY_HINT as IO_PRIORITY_HINT; +#[repr(C)] +#[repr(align(8))] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_IO_PRIORITY_HINT_INFORMATION { + pub PriorityHint: IO_PRIORITY_HINT, +} +impl Default for _FILE_IO_PRIORITY_HINT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_IO_PRIORITY_HINT_INFORMATION = _FILE_IO_PRIORITY_HINT_INFORMATION; +pub type PFILE_IO_PRIORITY_HINT_INFORMATION = *mut _FILE_IO_PRIORITY_HINT_INFORMATION; +#[repr(C)] +pub struct _FILE_IO_PRIORITY_HINT_INFORMATION_EX { + pub PriorityHint: IO_PRIORITY_HINT, + pub BoostOutstanding: BOOLEAN, +} +impl Default for _FILE_IO_PRIORITY_HINT_INFORMATION_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_IO_PRIORITY_HINT_INFORMATION_EX = _FILE_IO_PRIORITY_HINT_INFORMATION_EX; +pub type PFILE_IO_PRIORITY_HINT_INFORMATION_EX = *mut _FILE_IO_PRIORITY_HINT_INFORMATION_EX; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION { + pub Flags: ULONG, +} +pub type FILE_IO_COMPLETION_NOTIFICATION_INFORMATION = _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION; +pub type PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION = + *mut _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION { + pub NumberOfProcessIdsInList: ULONG, + pub ProcessIdList: [ULONG_PTR; 1usize], +} +pub type FILE_PROCESS_IDS_USING_FILE_INFORMATION = _FILE_PROCESS_IDS_USING_FILE_INFORMATION; +pub type PFILE_PROCESS_IDS_USING_FILE_INFORMATION = *mut _FILE_PROCESS_IDS_USING_FILE_INFORMATION; +#[repr(C)] +pub struct _FILE_IS_REMOTE_DEVICE_INFORMATION { + pub IsRemote: BOOLEAN, +} +impl Default for _FILE_IS_REMOTE_DEVICE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_IS_REMOTE_DEVICE_INFORMATION = _FILE_IS_REMOTE_DEVICE_INFORMATION; +pub type PFILE_IS_REMOTE_DEVICE_INFORMATION = *mut _FILE_IS_REMOTE_DEVICE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_NUMA_NODE_INFORMATION { + pub NodeNumber: USHORT, +} +pub type FILE_NUMA_NODE_INFORMATION = _FILE_NUMA_NODE_INFORMATION; +pub type PFILE_NUMA_NODE_INFORMATION = *mut _FILE_NUMA_NODE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_IOSTATUSBLOCK_RANGE_INFORMATION { + pub IoStatusBlockRange: PUCHAR, + pub Length: ULONG, +} +impl Default for _FILE_IOSTATUSBLOCK_RANGE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_IOSTATUSBLOCK_RANGE_INFORMATION = _FILE_IOSTATUSBLOCK_RANGE_INFORMATION; +pub type PFILE_IOSTATUSBLOCK_RANGE_INFORMATION = *mut _FILE_IOSTATUSBLOCK_RANGE_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_REMOTE_PROTOCOL_INFORMATION { + pub StructureVersion: USHORT, + pub StructureSize: USHORT, + pub Protocol: ULONG, + pub ProtocolMajorVersion: USHORT, + pub ProtocolMinorVersion: USHORT, + pub ProtocolRevision: USHORT, + pub Reserved: USHORT, + pub Flags: ULONG, + pub GenericReserved: _FILE_REMOTE_PROTOCOL_INFORMATION__bindgen_ty_1, + pub ProtocolSpecific: _FILE_REMOTE_PROTOCOL_INFORMATION__bindgen_ty_2, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_REMOTE_PROTOCOL_INFORMATION__bindgen_ty_1 { + pub Reserved: [ULONG; 8usize], +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _FILE_REMOTE_PROTOCOL_INFORMATION__bindgen_ty_2 { + pub Smb2: _FILE_REMOTE_PROTOCOL_INFORMATION__bindgen_ty_2__bindgen_ty_1, + pub Reserved: [ULONG; 16usize], +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_REMOTE_PROTOCOL_INFORMATION__bindgen_ty_2__bindgen_ty_1 { + pub Server: _FILE_REMOTE_PROTOCOL_INFORMATION__bindgen_ty_2__bindgen_ty_1__bindgen_ty_1, + pub Share: _FILE_REMOTE_PROTOCOL_INFORMATION__bindgen_ty_2__bindgen_ty_1__bindgen_ty_2, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_REMOTE_PROTOCOL_INFORMATION__bindgen_ty_2__bindgen_ty_1__bindgen_ty_1 { + pub Capabilities: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_REMOTE_PROTOCOL_INFORMATION__bindgen_ty_2__bindgen_ty_1__bindgen_ty_2 { + pub Capabilities: ULONG, + pub ShareFlags: ULONG, + pub ShareType: UCHAR, + pub Reserved0: [UCHAR; 3usize], + pub Reserved1: ULONG, +} +impl Default for _FILE_REMOTE_PROTOCOL_INFORMATION__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _FILE_REMOTE_PROTOCOL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_REMOTE_PROTOCOL_INFORMATION = _FILE_REMOTE_PROTOCOL_INFORMATION; +pub type PFILE_REMOTE_PROTOCOL_INFORMATION = *mut _FILE_REMOTE_PROTOCOL_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_INTEGRITY_STREAM_INFORMATION { + pub ChecksumAlgorithm: USHORT, + pub ChecksumChunkShift: UCHAR, + pub ClusterShift: UCHAR, + pub Flags: ULONG, +} +pub type FILE_INTEGRITY_STREAM_INFORMATION = _FILE_INTEGRITY_STREAM_INFORMATION; +pub type PFILE_INTEGRITY_STREAM_INFORMATION = *mut _FILE_INTEGRITY_STREAM_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_VOLUME_NAME_INFORMATION { + pub DeviceNameLength: ULONG, + pub DeviceName: [WCHAR; 1usize], +} +pub type FILE_VOLUME_NAME_INFORMATION = _FILE_VOLUME_NAME_INFORMATION; +pub type PFILE_VOLUME_NAME_INFORMATION = *mut _FILE_VOLUME_NAME_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_ID_INFORMATION { + pub VolumeSerialNumber: ULONGLONG, + pub __bindgen_anon_1: _FILE_ID_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _FILE_ID_INFORMATION__bindgen_ty_1 { + pub FileId: FILE_ID_128, + pub __bindgen_anon_1: _FILE_ID_INFORMATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_ID_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 16usize]>, +} +impl _FILE_ID_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn FileIdLowPart(&self) -> LONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 64u8) as u64) } + } + #[inline] + pub fn set_FileIdLowPart(&mut self, val: LONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 64u8, val as u64) + } + } + #[inline] + pub fn FileIdHighPart(&self) -> LONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(64usize, 64u8) as u64) } + } + #[inline] + pub fn set_FileIdHighPart(&mut self, val: LONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(64usize, 64u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + FileIdLowPart: LONGLONG, + FileIdHighPart: LONGLONG, + ) -> __BindgenBitfieldUnit<[u8; 16usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 16usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 64u8, { + let FileIdLowPart: u64 = unsafe { ::core::mem::transmute(FileIdLowPart) }; + FileIdLowPart as u64 + }); + __bindgen_bitfield_unit.set(64usize, 64u8, { + let FileIdHighPart: u64 = unsafe { ::core::mem::transmute(FileIdHighPart) }; + FileIdHighPart as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _FILE_ID_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _FILE_ID_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_ID_INFORMATION = _FILE_ID_INFORMATION; +pub type PFILE_ID_INFORMATION = *mut _FILE_ID_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_ID_EXTD_DIR_INFORMATION { + pub NextEntryOffset: ULONG, + pub FileIndex: ULONG, + pub CreationTime: LARGE_INTEGER, + pub LastAccessTime: LARGE_INTEGER, + pub LastWriteTime: LARGE_INTEGER, + pub ChangeTime: LARGE_INTEGER, + pub EndOfFile: LARGE_INTEGER, + pub AllocationSize: LARGE_INTEGER, + pub FileAttributes: ULONG, + pub FileNameLength: ULONG, + pub EaSize: ULONG, + pub ReparsePointTag: ULONG, + pub FileId: FILE_ID_128, + pub FileName: [WCHAR; 1usize], +} +impl Default for _FILE_ID_EXTD_DIR_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_ID_EXTD_DIR_INFORMATION = _FILE_ID_EXTD_DIR_INFORMATION; +pub type PFILE_ID_EXTD_DIR_INFORMATION = *mut _FILE_ID_EXTD_DIR_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_LINK_ENTRY_FULL_ID_INFORMATION { + pub NextEntryOffset: ULONG, + pub ParentFileId: FILE_ID_128, + pub FileNameLength: ULONG, + pub FileName: [WCHAR; 1usize], +} +pub type FILE_LINK_ENTRY_FULL_ID_INFORMATION = _FILE_LINK_ENTRY_FULL_ID_INFORMATION; +pub type PFILE_LINK_ENTRY_FULL_ID_INFORMATION = *mut _FILE_LINK_ENTRY_FULL_ID_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_LINKS_FULL_ID_INFORMATION { + pub BytesNeeded: ULONG, + pub EntriesReturned: ULONG, + pub Entry: FILE_LINK_ENTRY_FULL_ID_INFORMATION, +} +pub type FILE_LINKS_FULL_ID_INFORMATION = _FILE_LINKS_FULL_ID_INFORMATION; +pub type PFILE_LINKS_FULL_ID_INFORMATION = *mut _FILE_LINKS_FULL_ID_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_ID_EXTD_BOTH_DIR_INFORMATION { + pub NextEntryOffset: ULONG, + pub FileIndex: ULONG, + pub CreationTime: LARGE_INTEGER, + pub LastAccessTime: LARGE_INTEGER, + pub LastWriteTime: LARGE_INTEGER, + pub ChangeTime: LARGE_INTEGER, + pub EndOfFile: LARGE_INTEGER, + pub AllocationSize: LARGE_INTEGER, + pub FileAttributes: ULONG, + pub FileNameLength: ULONG, + pub EaSize: ULONG, + pub ReparsePointTag: ULONG, + pub FileId: FILE_ID_128, + pub ShortNameLength: CCHAR, + pub ShortName: [WCHAR; 12usize], + pub FileName: [WCHAR; 1usize], +} +impl Default for _FILE_ID_EXTD_BOTH_DIR_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_ID_EXTD_BOTH_DIR_INFORMATION = _FILE_ID_EXTD_BOTH_DIR_INFORMATION; +pub type PFILE_ID_EXTD_BOTH_DIR_INFORMATION = *mut _FILE_ID_EXTD_BOTH_DIR_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_STAT_INFORMATION { + pub FileId: LARGE_INTEGER, + pub CreationTime: LARGE_INTEGER, + pub LastAccessTime: LARGE_INTEGER, + pub LastWriteTime: LARGE_INTEGER, + pub ChangeTime: LARGE_INTEGER, + pub AllocationSize: LARGE_INTEGER, + pub EndOfFile: LARGE_INTEGER, + pub FileAttributes: ULONG, + pub ReparseTag: ULONG, + pub NumberOfLinks: ULONG, + pub EffectiveAccess: ACCESS_MASK, +} +impl Default for _FILE_STAT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_STAT_INFORMATION = _FILE_STAT_INFORMATION; +pub type PFILE_STAT_INFORMATION = *mut _FILE_STAT_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_MEMORY_PARTITION_INFORMATION { + pub OwnerPartitionHandle: HANDLE, + pub Flags: _FILE_MEMORY_PARTITION_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _FILE_MEMORY_PARTITION_INFORMATION__bindgen_ty_1 { + pub __bindgen_anon_1: _FILE_MEMORY_PARTITION_INFORMATION__bindgen_ty_1__bindgen_ty_1, + pub AllFlags: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_MEMORY_PARTITION_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub NoCrossPartitionAccess: UCHAR, + pub Spare: [UCHAR; 3usize], +} +impl Default for _FILE_MEMORY_PARTITION_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _FILE_MEMORY_PARTITION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_MEMORY_PARTITION_INFORMATION = _FILE_MEMORY_PARTITION_INFORMATION; +pub type PFILE_MEMORY_PARTITION_INFORMATION = *mut _FILE_MEMORY_PARTITION_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_STAT_LX_INFORMATION { + pub FileId: LARGE_INTEGER, + pub CreationTime: LARGE_INTEGER, + pub LastAccessTime: LARGE_INTEGER, + pub LastWriteTime: LARGE_INTEGER, + pub ChangeTime: LARGE_INTEGER, + pub AllocationSize: LARGE_INTEGER, + pub EndOfFile: LARGE_INTEGER, + pub FileAttributes: ULONG, + pub ReparseTag: ULONG, + pub NumberOfLinks: ULONG, + pub EffectiveAccess: ACCESS_MASK, + pub LxFlags: ULONG, + pub LxUid: ULONG, + pub LxGid: ULONG, + pub LxMode: ULONG, + pub LxDeviceIdMajor: ULONG, + pub LxDeviceIdMinor: ULONG, +} +impl Default for _FILE_STAT_LX_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_STAT_LX_INFORMATION = _FILE_STAT_LX_INFORMATION; +pub type PFILE_STAT_LX_INFORMATION = *mut _FILE_STAT_LX_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_STORAGE_RESERVE_ID_INFORMATION { + pub StorageReserveId: STORAGE_RESERVE_ID, +} +impl Default for _FILE_STORAGE_RESERVE_ID_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_STORAGE_RESERVE_ID_INFORMATION = _FILE_STORAGE_RESERVE_ID_INFORMATION; +pub type PFILE_STORAGE_RESERVE_ID_INFORMATION = *mut _FILE_STORAGE_RESERVE_ID_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_CASE_SENSITIVE_INFORMATION { + pub Flags: ULONG, +} +pub type FILE_CASE_SENSITIVE_INFORMATION = _FILE_CASE_SENSITIVE_INFORMATION; +pub type PFILE_CASE_SENSITIVE_INFORMATION = *mut _FILE_CASE_SENSITIVE_INFORMATION; +impl _FILE_KNOWN_FOLDER_TYPE { + pub const KnownFolderMax: _FILE_KNOWN_FOLDER_TYPE = _FILE_KNOWN_FOLDER_TYPE::KnownFolderOther; +} +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _FILE_KNOWN_FOLDER_TYPE { + KnownFolderNone = 0, + KnownFolderDesktop = 1, + KnownFolderDocuments = 2, + KnownFolderDownloads = 3, + KnownFolderMusic = 4, + KnownFolderPictures = 5, + KnownFolderVideos = 6, + KnownFolderOther = 7, +} +pub use self::_FILE_KNOWN_FOLDER_TYPE as FILE_KNOWN_FOLDER_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_KNOWN_FOLDER_INFORMATION { + pub Type: FILE_KNOWN_FOLDER_TYPE, +} +impl Default for _FILE_KNOWN_FOLDER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_KNOWN_FOLDER_INFORMATION = _FILE_KNOWN_FOLDER_INFORMATION; +pub type PFILE_KNOWN_FOLDER_INFORMATION = *mut _FILE_KNOWN_FOLDER_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_DIRECTORY_INFORMATION { + pub NextEntryOffset: ULONG, + pub FileIndex: ULONG, + pub CreationTime: LARGE_INTEGER, + pub LastAccessTime: LARGE_INTEGER, + pub LastWriteTime: LARGE_INTEGER, + pub ChangeTime: LARGE_INTEGER, + pub EndOfFile: LARGE_INTEGER, + pub AllocationSize: LARGE_INTEGER, + pub FileAttributes: ULONG, + pub FileNameLength: ULONG, + pub FileName: [WCHAR; 1usize], +} +impl Default for _FILE_DIRECTORY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_DIRECTORY_INFORMATION = _FILE_DIRECTORY_INFORMATION; +pub type PFILE_DIRECTORY_INFORMATION = *mut _FILE_DIRECTORY_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_FULL_DIR_INFORMATION { + pub NextEntryOffset: ULONG, + pub FileIndex: ULONG, + pub CreationTime: LARGE_INTEGER, + pub LastAccessTime: LARGE_INTEGER, + pub LastWriteTime: LARGE_INTEGER, + pub ChangeTime: LARGE_INTEGER, + pub EndOfFile: LARGE_INTEGER, + pub AllocationSize: LARGE_INTEGER, + pub FileAttributes: ULONG, + pub FileNameLength: ULONG, + pub EaSize: ULONG, + pub FileName: [WCHAR; 1usize], +} +impl Default for _FILE_FULL_DIR_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_FULL_DIR_INFORMATION = _FILE_FULL_DIR_INFORMATION; +pub type PFILE_FULL_DIR_INFORMATION = *mut _FILE_FULL_DIR_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_ID_FULL_DIR_INFORMATION { + pub NextEntryOffset: ULONG, + pub FileIndex: ULONG, + pub CreationTime: LARGE_INTEGER, + pub LastAccessTime: LARGE_INTEGER, + pub LastWriteTime: LARGE_INTEGER, + pub ChangeTime: LARGE_INTEGER, + pub EndOfFile: LARGE_INTEGER, + pub AllocationSize: LARGE_INTEGER, + pub FileAttributes: ULONG, + pub FileNameLength: ULONG, + pub EaSize: ULONG, + pub FileId: LARGE_INTEGER, + pub FileName: [WCHAR; 1usize], +} +impl Default for _FILE_ID_FULL_DIR_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_ID_FULL_DIR_INFORMATION = _FILE_ID_FULL_DIR_INFORMATION; +pub type PFILE_ID_FULL_DIR_INFORMATION = *mut _FILE_ID_FULL_DIR_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_BOTH_DIR_INFORMATION { + pub NextEntryOffset: ULONG, + pub FileIndex: ULONG, + pub CreationTime: LARGE_INTEGER, + pub LastAccessTime: LARGE_INTEGER, + pub LastWriteTime: LARGE_INTEGER, + pub ChangeTime: LARGE_INTEGER, + pub EndOfFile: LARGE_INTEGER, + pub AllocationSize: LARGE_INTEGER, + pub FileAttributes: ULONG, + pub FileNameLength: ULONG, + pub EaSize: ULONG, + pub ShortNameLength: CCHAR, + pub ShortName: [WCHAR; 12usize], + pub FileName: [WCHAR; 1usize], +} +impl Default for _FILE_BOTH_DIR_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_BOTH_DIR_INFORMATION = _FILE_BOTH_DIR_INFORMATION; +pub type PFILE_BOTH_DIR_INFORMATION = *mut _FILE_BOTH_DIR_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_ID_BOTH_DIR_INFORMATION { + pub NextEntryOffset: ULONG, + pub FileIndex: ULONG, + pub CreationTime: LARGE_INTEGER, + pub LastAccessTime: LARGE_INTEGER, + pub LastWriteTime: LARGE_INTEGER, + pub ChangeTime: LARGE_INTEGER, + pub EndOfFile: LARGE_INTEGER, + pub AllocationSize: LARGE_INTEGER, + pub FileAttributes: ULONG, + pub FileNameLength: ULONG, + pub EaSize: ULONG, + pub ShortNameLength: CCHAR, + pub ShortName: [WCHAR; 12usize], + pub FileId: LARGE_INTEGER, + pub FileName: [WCHAR; 1usize], +} +impl Default for _FILE_ID_BOTH_DIR_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_ID_BOTH_DIR_INFORMATION = _FILE_ID_BOTH_DIR_INFORMATION; +pub type PFILE_ID_BOTH_DIR_INFORMATION = *mut _FILE_ID_BOTH_DIR_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_NAMES_INFORMATION { + pub NextEntryOffset: ULONG, + pub FileIndex: ULONG, + pub FileNameLength: ULONG, + pub FileName: [WCHAR; 1usize], +} +pub type FILE_NAMES_INFORMATION = _FILE_NAMES_INFORMATION; +pub type PFILE_NAMES_INFORMATION = *mut _FILE_NAMES_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION { + pub NextEntryOffset: ULONG, + pub FileIndex: ULONG, + pub CreationTime: LARGE_INTEGER, + pub LastAccessTime: LARGE_INTEGER, + pub LastWriteTime: LARGE_INTEGER, + pub ChangeTime: LARGE_INTEGER, + pub EndOfFile: LARGE_INTEGER, + pub AllocationSize: LARGE_INTEGER, + pub FileAttributes: ULONG, + pub FileNameLength: ULONG, + pub FileId: LARGE_INTEGER, + pub LockingTransactionId: GUID, + pub TxInfoFlags: ULONG, + pub FileName: [WCHAR; 1usize], +} +impl Default for _FILE_ID_GLOBAL_TX_DIR_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_ID_GLOBAL_TX_DIR_INFORMATION = _FILE_ID_GLOBAL_TX_DIR_INFORMATION; +pub type PFILE_ID_GLOBAL_TX_DIR_INFORMATION = *mut _FILE_ID_GLOBAL_TX_DIR_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_OBJECTID_INFORMATION { + pub FileReference: LONGLONG, + pub ObjectId: [UCHAR; 16usize], + pub __bindgen_anon_1: _FILE_OBJECTID_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _FILE_OBJECTID_INFORMATION__bindgen_ty_1 { + pub __bindgen_anon_1: _FILE_OBJECTID_INFORMATION__bindgen_ty_1__bindgen_ty_1, + pub ExtendedInfo: [UCHAR; 48usize], +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_OBJECTID_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub BirthVolumeId: [UCHAR; 16usize], + pub BirthObjectId: [UCHAR; 16usize], + pub DomainId: [UCHAR; 16usize], +} +impl Default for _FILE_OBJECTID_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _FILE_OBJECTID_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_OBJECTID_INFORMATION = _FILE_OBJECTID_INFORMATION; +pub type PFILE_OBJECTID_INFORMATION = *mut _FILE_OBJECTID_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_DIRECTORY_NEXT_INFORMATION { + pub NextEntryOffset: ULONG, +} +pub type FILE_DIRECTORY_NEXT_INFORMATION = _FILE_DIRECTORY_NEXT_INFORMATION; +pub type PFILE_DIRECTORY_NEXT_INFORMATION = *mut _FILE_DIRECTORY_NEXT_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_FULL_EA_INFORMATION { + pub NextEntryOffset: ULONG, + pub Flags: UCHAR, + pub EaNameLength: UCHAR, + pub EaValueLength: USHORT, + pub EaName: [CHAR; 1usize], +} +pub type FILE_FULL_EA_INFORMATION = _FILE_FULL_EA_INFORMATION; +pub type PFILE_FULL_EA_INFORMATION = *mut _FILE_FULL_EA_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_GET_EA_INFORMATION { + pub NextEntryOffset: ULONG, + pub EaNameLength: UCHAR, + pub EaName: [CHAR; 1usize], +} +pub type FILE_GET_EA_INFORMATION = _FILE_GET_EA_INFORMATION; +pub type PFILE_GET_EA_INFORMATION = *mut _FILE_GET_EA_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_GET_QUOTA_INFORMATION { + pub NextEntryOffset: ULONG, + pub SidLength: ULONG, + pub Sid: SID, +} +pub type FILE_GET_QUOTA_INFORMATION = _FILE_GET_QUOTA_INFORMATION; +pub type PFILE_GET_QUOTA_INFORMATION = *mut _FILE_GET_QUOTA_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_QUOTA_INFORMATION { + pub NextEntryOffset: ULONG, + pub SidLength: ULONG, + pub ChangeTime: LARGE_INTEGER, + pub QuotaUsed: LARGE_INTEGER, + pub QuotaThreshold: LARGE_INTEGER, + pub QuotaLimit: LARGE_INTEGER, + pub Sid: SID, +} +impl Default for _FILE_QUOTA_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_QUOTA_INFORMATION = _FILE_QUOTA_INFORMATION; +pub type PFILE_QUOTA_INFORMATION = *mut _FILE_QUOTA_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _FSINFOCLASS { + FileFsVolumeInformation = 1, + FileFsLabelInformation = 2, + FileFsSizeInformation = 3, + FileFsDeviceInformation = 4, + FileFsAttributeInformation = 5, + FileFsControlInformation = 6, + FileFsFullSizeInformation = 7, + FileFsObjectIdInformation = 8, + FileFsDriverPathInformation = 9, + FileFsVolumeFlagsInformation = 10, + FileFsSectorSizeInformation = 11, + FileFsDataCopyInformation = 12, + FileFsMetadataSizeInformation = 13, + FileFsFullSizeInformationEx = 14, + FileFsGuidInformation = 15, + FileFsMaximumInformation = 16, +} +pub use self::_FSINFOCLASS as FSINFOCLASS; +pub type PFSINFOCLASS = *mut _FSINFOCLASS; +pub use self::_FSINFOCLASS as FS_INFORMATION_CLASS; +#[repr(C)] +pub struct _FILE_FS_VOLUME_INFORMATION { + pub VolumeCreationTime: LARGE_INTEGER, + pub VolumeSerialNumber: ULONG, + pub VolumeLabelLength: ULONG, + pub SupportsObjects: BOOLEAN, + pub VolumeLabel: [WCHAR; 1usize], +} +impl Default for _FILE_FS_VOLUME_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_FS_VOLUME_INFORMATION = _FILE_FS_VOLUME_INFORMATION; +pub type PFILE_FS_VOLUME_INFORMATION = *mut _FILE_FS_VOLUME_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_FS_LABEL_INFORMATION { + pub VolumeLabelLength: ULONG, + pub VolumeLabel: [WCHAR; 1usize], +} +pub type FILE_FS_LABEL_INFORMATION = _FILE_FS_LABEL_INFORMATION; +pub type PFILE_FS_LABEL_INFORMATION = *mut _FILE_FS_LABEL_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_FS_SIZE_INFORMATION { + pub TotalAllocationUnits: LARGE_INTEGER, + pub AvailableAllocationUnits: LARGE_INTEGER, + pub SectorsPerAllocationUnit: ULONG, + pub BytesPerSector: ULONG, +} +impl Default for _FILE_FS_SIZE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_FS_SIZE_INFORMATION = _FILE_FS_SIZE_INFORMATION; +pub type PFILE_FS_SIZE_INFORMATION = *mut _FILE_FS_SIZE_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_FS_CONTROL_INFORMATION { + pub FreeSpaceStartFiltering: LARGE_INTEGER, + pub FreeSpaceThreshold: LARGE_INTEGER, + pub FreeSpaceStopFiltering: LARGE_INTEGER, + pub DefaultQuotaThreshold: LARGE_INTEGER, + pub DefaultQuotaLimit: LARGE_INTEGER, + pub FileSystemControlFlags: ULONG, +} +impl Default for _FILE_FS_CONTROL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_FS_CONTROL_INFORMATION = _FILE_FS_CONTROL_INFORMATION; +pub type PFILE_FS_CONTROL_INFORMATION = *mut _FILE_FS_CONTROL_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_FS_FULL_SIZE_INFORMATION { + pub TotalAllocationUnits: LARGE_INTEGER, + pub CallerAvailableAllocationUnits: LARGE_INTEGER, + pub ActualAvailableAllocationUnits: LARGE_INTEGER, + pub SectorsPerAllocationUnit: ULONG, + pub BytesPerSector: ULONG, +} +impl Default for _FILE_FS_FULL_SIZE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_FS_FULL_SIZE_INFORMATION = _FILE_FS_FULL_SIZE_INFORMATION; +pub type PFILE_FS_FULL_SIZE_INFORMATION = *mut _FILE_FS_FULL_SIZE_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_FS_OBJECTID_INFORMATION { + pub ObjectId: [UCHAR; 16usize], + pub __bindgen_anon_1: _FILE_FS_OBJECTID_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _FILE_FS_OBJECTID_INFORMATION__bindgen_ty_1 { + pub __bindgen_anon_1: _FILE_FS_OBJECTID_INFORMATION__bindgen_ty_1__bindgen_ty_1, + pub ExtendedInfo: [UCHAR; 48usize], +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_FS_OBJECTID_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub BirthVolumeId: [UCHAR; 16usize], + pub BirthObjectId: [UCHAR; 16usize], + pub DomainId: [UCHAR; 16usize], +} +impl Default for _FILE_FS_OBJECTID_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _FILE_FS_OBJECTID_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_FS_OBJECTID_INFORMATION = _FILE_FS_OBJECTID_INFORMATION; +pub type PFILE_FS_OBJECTID_INFORMATION = *mut _FILE_FS_OBJECTID_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_FS_DEVICE_INFORMATION { + pub DeviceType: DWORD, + pub Characteristics: ULONG, +} +pub type FILE_FS_DEVICE_INFORMATION = _FILE_FS_DEVICE_INFORMATION; +pub type PFILE_FS_DEVICE_INFORMATION = *mut _FILE_FS_DEVICE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_FS_ATTRIBUTE_INFORMATION { + pub FileSystemAttributes: ULONG, + pub MaximumComponentNameLength: LONG, + pub FileSystemNameLength: ULONG, + pub FileSystemName: [WCHAR; 1usize], +} +pub type FILE_FS_ATTRIBUTE_INFORMATION = _FILE_FS_ATTRIBUTE_INFORMATION; +pub type PFILE_FS_ATTRIBUTE_INFORMATION = *mut _FILE_FS_ATTRIBUTE_INFORMATION; +#[repr(C)] +pub struct _FILE_FS_DRIVER_PATH_INFORMATION { + pub DriverInPath: BOOLEAN, + pub DriverNameLength: ULONG, + pub DriverName: [WCHAR; 1usize], +} +impl Default for _FILE_FS_DRIVER_PATH_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_FS_DRIVER_PATH_INFORMATION = _FILE_FS_DRIVER_PATH_INFORMATION; +pub type PFILE_FS_DRIVER_PATH_INFORMATION = *mut _FILE_FS_DRIVER_PATH_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_FS_VOLUME_FLAGS_INFORMATION { + pub Flags: ULONG, +} +pub type FILE_FS_VOLUME_FLAGS_INFORMATION = _FILE_FS_VOLUME_FLAGS_INFORMATION; +pub type PFILE_FS_VOLUME_FLAGS_INFORMATION = *mut _FILE_FS_VOLUME_FLAGS_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_FS_SECTOR_SIZE_INFORMATION { + pub LogicalBytesPerSector: ULONG, + pub PhysicalBytesPerSectorForAtomicity: ULONG, + pub PhysicalBytesPerSectorForPerformance: ULONG, + pub FileSystemEffectivePhysicalBytesPerSectorForAtomicity: ULONG, + pub Flags: ULONG, + pub ByteOffsetForSectorAlignment: ULONG, + pub ByteOffsetForPartitionAlignment: ULONG, +} +pub type FILE_FS_SECTOR_SIZE_INFORMATION = _FILE_FS_SECTOR_SIZE_INFORMATION; +pub type PFILE_FS_SECTOR_SIZE_INFORMATION = *mut _FILE_FS_SECTOR_SIZE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_FS_DATA_COPY_INFORMATION { + pub NumberOfCopies: ULONG, +} +pub type FILE_FS_DATA_COPY_INFORMATION = _FILE_FS_DATA_COPY_INFORMATION; +pub type PFILE_FS_DATA_COPY_INFORMATION = *mut _FILE_FS_DATA_COPY_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _FILE_FS_METADATA_SIZE_INFORMATION { + pub TotalMetadataAllocationUnits: LARGE_INTEGER, + pub SectorsPerAllocationUnit: ULONG, + pub BytesPerSector: ULONG, +} +impl Default for _FILE_FS_METADATA_SIZE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_FS_METADATA_SIZE_INFORMATION = _FILE_FS_METADATA_SIZE_INFORMATION; +pub type PFILE_FS_METADATA_SIZE_INFORMATION = *mut _FILE_FS_METADATA_SIZE_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_FS_FULL_SIZE_INFORMATION_EX { + pub ActualTotalAllocationUnits: ULONGLONG, + pub ActualAvailableAllocationUnits: ULONGLONG, + pub ActualPoolUnavailableAllocationUnits: ULONGLONG, + pub CallerTotalAllocationUnits: ULONGLONG, + pub CallerAvailableAllocationUnits: ULONGLONG, + pub CallerPoolUnavailableAllocationUnits: ULONGLONG, + pub UsedAllocationUnits: ULONGLONG, + pub TotalReservedAllocationUnits: ULONGLONG, + pub VolumeStorageReserveAllocationUnits: ULONGLONG, + pub AvailableCommittedAllocationUnits: ULONGLONG, + pub PoolAvailableAllocationUnits: ULONGLONG, + pub SectorsPerAllocationUnit: ULONG, + pub BytesPerSector: ULONG, +} +pub type FILE_FS_FULL_SIZE_INFORMATION_EX = _FILE_FS_FULL_SIZE_INFORMATION_EX; +pub type PFILE_FS_FULL_SIZE_INFORMATION_EX = *mut _FILE_FS_FULL_SIZE_INFORMATION_EX; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_FS_GUID_INFORMATION { + pub FsGuid: GUID, +} +pub type FILE_FS_GUID_INFORMATION = _FILE_FS_GUID_INFORMATION; +pub type PFILE_FS_GUID_INFORMATION = *mut _FILE_FS_GUID_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DIRECTORY_NOTIFY_INFORMATION_CLASS { + DirectoryNotifyInformation = 1, + DirectoryNotifyExtendedInformation = 2, + DirectoryNotifyFullInformation = 3, + DirectoryNotifyMaximumInformation = 4, +} +pub use self::_DIRECTORY_NOTIFY_INFORMATION_CLASS as DIRECTORY_NOTIFY_INFORMATION_CLASS; +pub type PDIRECTORY_NOTIFY_INFORMATION_CLASS = *mut _DIRECTORY_NOTIFY_INFORMATION_CLASS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _IO_COMPLETION_INFORMATION_CLASS { + IoCompletionBasicInformation = 0, +} +pub use self::_IO_COMPLETION_INFORMATION_CLASS as IO_COMPLETION_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IO_COMPLETION_BASIC_INFORMATION { + pub Depth: LONG, +} +pub type IO_COMPLETION_BASIC_INFORMATION = _IO_COMPLETION_BASIC_INFORMATION; +pub type PIO_COMPLETION_BASIC_INFORMATION = *mut _IO_COMPLETION_BASIC_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _IO_SESSION_EVENT { + IoSessionEventIgnore = 0, + IoSessionEventCreated = 1, + IoSessionEventTerminated = 2, + IoSessionEventConnected = 3, + IoSessionEventDisconnected = 4, + IoSessionEventLogon = 5, + IoSessionEventLogoff = 6, + IoSessionEventMax = 7, +} +pub use self::_IO_SESSION_EVENT as IO_SESSION_EVENT; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _IO_SESSION_STATE { + IoSessionStateCreated = 1, + IoSessionStateInitialized = 2, + IoSessionStateConnected = 3, + IoSessionStateDisconnected = 4, + IoSessionStateDisconnectedLoggedOn = 5, + IoSessionStateLoggedOn = 6, + IoSessionStateLoggedOff = 7, + IoSessionStateTerminated = 8, + IoSessionStateMax = 9, +} +pub use self::_IO_SESSION_STATE as IO_SESSION_STATE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _INTERFACE_TYPE { + InterfaceTypeUndefined = -1, + Internal = 0, + Isa = 1, + Eisa = 2, + MicroChannel = 3, + TurboChannel = 4, + PCIBus = 5, + VMEBus = 6, + NuBus = 7, + PCMCIABus = 8, + CBus = 9, + MPIBus = 10, + MPSABus = 11, + ProcessorInternal = 12, + InternalPowerBus = 13, + PNPISABus = 14, + PNPBus = 15, + Vmcs = 16, + ACPIBus = 17, + MaximumInterfaceType = 18, +} +pub use self::_INTERFACE_TYPE as INTERFACE_TYPE; +pub type PINTERFACE_TYPE = *mut _INTERFACE_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DMA_WIDTH { + Width8Bits = 0, + Width16Bits = 1, + Width32Bits = 2, + Width64Bits = 3, + WidthNoWrap = 4, + MaximumDmaWidth = 5, +} +pub use self::_DMA_WIDTH as DMA_WIDTH; +pub type PDMA_WIDTH = *mut _DMA_WIDTH; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DMA_SPEED { + Compatible = 0, + TypeA = 1, + TypeB = 2, + TypeC = 3, + TypeF = 4, + MaximumDmaSpeed = 5, +} +pub use self::_DMA_SPEED as DMA_SPEED; +pub type PDMA_SPEED = *mut _DMA_SPEED; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BUS_DATA_TYPE { + ConfigurationSpaceUndefined = -1, + Cmos = 0, + EisaConfiguration = 1, + Pos = 2, + CbusConfiguration = 3, + PCIConfiguration = 4, + VMEConfiguration = 5, + NuBusConfiguration = 6, + PCMCIAConfiguration = 7, + MPIConfiguration = 8, + MPSAConfiguration = 9, + PNPISAConfiguration = 10, + SgiInternalConfiguration = 11, + MaximumBusDataType = 12, +} +pub use self::_BUS_DATA_TYPE as BUS_DATA_TYPE; +pub type PBUS_DATA_TYPE = *mut _BUS_DATA_TYPE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _REPARSE_DATA_BUFFER { + pub ReparseTag: ULONG, + pub ReparseDataLength: USHORT, + pub Reserved: USHORT, + pub __bindgen_anon_1: _REPARSE_DATA_BUFFER__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _REPARSE_DATA_BUFFER__bindgen_ty_1 { + pub SymbolicLinkReparseBuffer: _REPARSE_DATA_BUFFER__bindgen_ty_1__bindgen_ty_1, + pub MountPointReparseBuffer: _REPARSE_DATA_BUFFER__bindgen_ty_1__bindgen_ty_2, + pub AppExecLinkReparseBuffer: _REPARSE_DATA_BUFFER__bindgen_ty_1__bindgen_ty_3, + pub GenericReparseBuffer: _REPARSE_DATA_BUFFER__bindgen_ty_1__bindgen_ty_4, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _REPARSE_DATA_BUFFER__bindgen_ty_1__bindgen_ty_1 { + pub SubstituteNameOffset: USHORT, + pub SubstituteNameLength: USHORT, + pub PrintNameOffset: USHORT, + pub PrintNameLength: USHORT, + pub Flags: ULONG, + pub PathBuffer: [WCHAR; 1usize], +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _REPARSE_DATA_BUFFER__bindgen_ty_1__bindgen_ty_2 { + pub SubstituteNameOffset: USHORT, + pub SubstituteNameLength: USHORT, + pub PrintNameOffset: USHORT, + pub PrintNameLength: USHORT, + pub PathBuffer: [WCHAR; 1usize], +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _REPARSE_DATA_BUFFER__bindgen_ty_1__bindgen_ty_3 { + pub StringCount: ULONG, + pub StringList: [WCHAR; 1usize], +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _REPARSE_DATA_BUFFER__bindgen_ty_1__bindgen_ty_4 { + pub DataBuffer: [UCHAR; 1usize], +} +impl Default for _REPARSE_DATA_BUFFER__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _REPARSE_DATA_BUFFER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type REPARSE_DATA_BUFFER = _REPARSE_DATA_BUFFER; +pub type PREPARSE_DATA_BUFFER = *mut _REPARSE_DATA_BUFFER; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _REPARSE_DATA_BUFFER_EX { + pub Flags: ULONG, + pub ExistingReparseTag: ULONG, + pub ExistingReparseGuid: GUID, + pub Reserved: ULONGLONG, + pub __bindgen_anon_1: _REPARSE_DATA_BUFFER_EX__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _REPARSE_DATA_BUFFER_EX__bindgen_ty_1 { + pub ReparseDataBuffer: REPARSE_DATA_BUFFER, + pub ReparseGuidDataBuffer: REPARSE_GUID_DATA_BUFFER, +} +impl Default for _REPARSE_DATA_BUFFER_EX__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _REPARSE_DATA_BUFFER_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type REPARSE_DATA_BUFFER_EX = _REPARSE_DATA_BUFFER_EX; +pub type PREPARSE_DATA_BUFFER_EX = *mut _REPARSE_DATA_BUFFER_EX; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_PIPE_ASSIGN_EVENT_BUFFER { + pub EventHandle: HANDLE, + pub KeyValue: ULONG, +} +impl Default for _FILE_PIPE_ASSIGN_EVENT_BUFFER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_PIPE_ASSIGN_EVENT_BUFFER = _FILE_PIPE_ASSIGN_EVENT_BUFFER; +pub type PFILE_PIPE_ASSIGN_EVENT_BUFFER = *mut _FILE_PIPE_ASSIGN_EVENT_BUFFER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_PIPE_PEEK_BUFFER { + pub NamedPipeState: ULONG, + pub ReadDataAvailable: ULONG, + pub NumberOfMessages: ULONG, + pub MessageLength: ULONG, + pub Data: [CHAR; 1usize], +} +pub type FILE_PIPE_PEEK_BUFFER = _FILE_PIPE_PEEK_BUFFER; +pub type PFILE_PIPE_PEEK_BUFFER = *mut _FILE_PIPE_PEEK_BUFFER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_PIPE_EVENT_BUFFER { + pub NamedPipeState: ULONG, + pub EntryType: ULONG, + pub ByteCount: ULONG, + pub KeyValue: ULONG, + pub NumberRequests: ULONG, +} +pub type FILE_PIPE_EVENT_BUFFER = _FILE_PIPE_EVENT_BUFFER; +pub type PFILE_PIPE_EVENT_BUFFER = *mut _FILE_PIPE_EVENT_BUFFER; +#[repr(C)] +pub struct _FILE_PIPE_WAIT_FOR_BUFFER { + pub Timeout: LARGE_INTEGER, + pub NameLength: ULONG, + pub TimeoutSpecified: BOOLEAN, + pub Name: [WCHAR; 1usize], +} +impl Default for _FILE_PIPE_WAIT_FOR_BUFFER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_PIPE_WAIT_FOR_BUFFER = _FILE_PIPE_WAIT_FOR_BUFFER; +pub type PFILE_PIPE_WAIT_FOR_BUFFER = *mut _FILE_PIPE_WAIT_FOR_BUFFER; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_PIPE_CLIENT_PROCESS_BUFFER { + pub ClientSession: PVOID, + pub ClientProcess: PVOID, +} +impl Default for _FILE_PIPE_CLIENT_PROCESS_BUFFER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_PIPE_CLIENT_PROCESS_BUFFER = _FILE_PIPE_CLIENT_PROCESS_BUFFER; +pub type PFILE_PIPE_CLIENT_PROCESS_BUFFER = *mut _FILE_PIPE_CLIENT_PROCESS_BUFFER; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_V2 { + pub ClientSession: ULONGLONG, + pub ClientProcess: PVOID, +} +impl Default for _FILE_PIPE_CLIENT_PROCESS_BUFFER_V2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_PIPE_CLIENT_PROCESS_BUFFER_V2 = _FILE_PIPE_CLIENT_PROCESS_BUFFER_V2; +pub type PFILE_PIPE_CLIENT_PROCESS_BUFFER_V2 = *mut _FILE_PIPE_CLIENT_PROCESS_BUFFER_V2; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX { + pub ClientSession: PVOID, + pub ClientProcess: PVOID, + pub ClientComputerNameLength: USHORT, + pub ClientComputerBuffer: [WCHAR; 16usize], +} +impl Default for _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_PIPE_CLIENT_PROCESS_BUFFER_EX = _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX; +pub type PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX = *mut _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _FILE_PIPE_SILO_ARRIVAL_INPUT { + pub JobHandle: HANDLE, +} +impl Default for _FILE_PIPE_SILO_ARRIVAL_INPUT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type FILE_PIPE_SILO_ARRIVAL_INPUT = _FILE_PIPE_SILO_ARRIVAL_INPUT; +pub type PFILE_PIPE_SILO_ARRIVAL_INPUT = *mut _FILE_PIPE_SILO_ARRIVAL_INPUT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_PIPE_CREATE_SYMLINK_INPUT { + pub NameOffset: USHORT, + pub NameLength: USHORT, + pub SubstituteNameOffset: USHORT, + pub SubstituteNameLength: USHORT, + pub Flags: ULONG, +} +pub type FILE_PIPE_CREATE_SYMLINK_INPUT = _FILE_PIPE_CREATE_SYMLINK_INPUT; +pub type PFILE_PIPE_CREATE_SYMLINK_INPUT = *mut _FILE_PIPE_CREATE_SYMLINK_INPUT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_PIPE_DELETE_SYMLINK_INPUT { + pub NameOffset: USHORT, + pub NameLength: USHORT, +} +pub type FILE_PIPE_DELETE_SYMLINK_INPUT = _FILE_PIPE_DELETE_SYMLINK_INPUT; +pub type PFILE_PIPE_DELETE_SYMLINK_INPUT = *mut _FILE_PIPE_DELETE_SYMLINK_INPUT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _FILE_MAILSLOT_PEEK_BUFFER { + pub ReadDataAvailable: ULONG, + pub NumberOfMessages: ULONG, + pub MessageLength: ULONG, +} +pub type FILE_MAILSLOT_PEEK_BUFFER = _FILE_MAILSLOT_PEEK_BUFFER; +pub type PFILE_MAILSLOT_PEEK_BUFFER = *mut _FILE_MAILSLOT_PEEK_BUFFER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MOUNTMGR_CREATE_POINT_INPUT { + pub SymbolicLinkNameOffset: USHORT, + pub SymbolicLinkNameLength: USHORT, + pub DeviceNameOffset: USHORT, + pub DeviceNameLength: USHORT, +} +pub type MOUNTMGR_CREATE_POINT_INPUT = _MOUNTMGR_CREATE_POINT_INPUT; +pub type PMOUNTMGR_CREATE_POINT_INPUT = *mut _MOUNTMGR_CREATE_POINT_INPUT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MOUNTMGR_MOUNT_POINT { + pub SymbolicLinkNameOffset: ULONG, + pub SymbolicLinkNameLength: USHORT, + pub Reserved1: USHORT, + pub UniqueIdOffset: ULONG, + pub UniqueIdLength: USHORT, + pub Reserved2: USHORT, + pub DeviceNameOffset: ULONG, + pub DeviceNameLength: USHORT, + pub Reserved3: USHORT, +} +pub type MOUNTMGR_MOUNT_POINT = _MOUNTMGR_MOUNT_POINT; +pub type PMOUNTMGR_MOUNT_POINT = *mut _MOUNTMGR_MOUNT_POINT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MOUNTMGR_MOUNT_POINTS { + pub Size: ULONG, + pub NumberOfMountPoints: ULONG, + pub MountPoints: [MOUNTMGR_MOUNT_POINT; 1usize], +} +pub type MOUNTMGR_MOUNT_POINTS = _MOUNTMGR_MOUNT_POINTS; +pub type PMOUNTMGR_MOUNT_POINTS = *mut _MOUNTMGR_MOUNT_POINTS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MOUNTMGR_DRIVE_LETTER_TARGET { + pub DeviceNameLength: USHORT, + pub DeviceName: [WCHAR; 1usize], +} +pub type MOUNTMGR_DRIVE_LETTER_TARGET = _MOUNTMGR_DRIVE_LETTER_TARGET; +pub type PMOUNTMGR_DRIVE_LETTER_TARGET = *mut _MOUNTMGR_DRIVE_LETTER_TARGET; +#[repr(C)] +pub struct _MOUNTMGR_DRIVE_LETTER_INFORMATION { + pub DriveLetterWasAssigned: BOOLEAN, + pub CurrentDriveLetter: UCHAR, +} +impl Default for _MOUNTMGR_DRIVE_LETTER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MOUNTMGR_DRIVE_LETTER_INFORMATION = _MOUNTMGR_DRIVE_LETTER_INFORMATION; +pub type PMOUNTMGR_DRIVE_LETTER_INFORMATION = *mut _MOUNTMGR_DRIVE_LETTER_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MOUNTMGR_VOLUME_MOUNT_POINT { + pub SourceVolumeNameOffset: USHORT, + pub SourceVolumeNameLength: USHORT, + pub TargetVolumeNameOffset: USHORT, + pub TargetVolumeNameLength: USHORT, +} +pub type MOUNTMGR_VOLUME_MOUNT_POINT = _MOUNTMGR_VOLUME_MOUNT_POINT; +pub type PMOUNTMGR_VOLUME_MOUNT_POINT = *mut _MOUNTMGR_VOLUME_MOUNT_POINT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MOUNTMGR_CHANGE_NOTIFY_INFO { + pub EpicNumber: ULONG, +} +pub type MOUNTMGR_CHANGE_NOTIFY_INFO = _MOUNTMGR_CHANGE_NOTIFY_INFO; +pub type PMOUNTMGR_CHANGE_NOTIFY_INFO = *mut _MOUNTMGR_CHANGE_NOTIFY_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MOUNTMGR_TARGET_NAME { + pub DeviceNameLength: USHORT, + pub DeviceName: [WCHAR; 1usize], +} +pub type MOUNTMGR_TARGET_NAME = _MOUNTMGR_TARGET_NAME; +pub type PMOUNTMGR_TARGET_NAME = *mut _MOUNTMGR_TARGET_NAME; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _MOUNTMGR_AUTO_MOUNT_STATE { + Disabled = 0, + Enabled = 1, +} +pub use self::_MOUNTMGR_AUTO_MOUNT_STATE as MOUNTMGR_AUTO_MOUNT_STATE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _MOUNTMGR_QUERY_AUTO_MOUNT { + pub CurrentState: MOUNTMGR_AUTO_MOUNT_STATE, +} +impl Default for _MOUNTMGR_QUERY_AUTO_MOUNT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MOUNTMGR_QUERY_AUTO_MOUNT = _MOUNTMGR_QUERY_AUTO_MOUNT; +pub type PMOUNTMGR_QUERY_AUTO_MOUNT = *mut _MOUNTMGR_QUERY_AUTO_MOUNT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _MOUNTMGR_SET_AUTO_MOUNT { + pub NewState: MOUNTMGR_AUTO_MOUNT_STATE, +} +impl Default for _MOUNTMGR_SET_AUTO_MOUNT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MOUNTMGR_SET_AUTO_MOUNT = _MOUNTMGR_SET_AUTO_MOUNT; +pub type PMOUNTMGR_SET_AUTO_MOUNT = *mut _MOUNTMGR_SET_AUTO_MOUNT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _MOUNTMGR_SILO_ARRIVAL_INPUT { + pub JobHandle: HANDLE, +} +impl Default for _MOUNTMGR_SILO_ARRIVAL_INPUT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MOUNTMGR_SILO_ARRIVAL_INPUT = _MOUNTMGR_SILO_ARRIVAL_INPUT; +pub type PMOUNTMGR_SILO_ARRIVAL_INPUT = *mut _MOUNTMGR_SILO_ARRIVAL_INPUT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MOUNTDEV_NAME { + pub NameLength: USHORT, + pub Name: [WCHAR; 1usize], +} +pub type MOUNTDEV_NAME = _MOUNTDEV_NAME; +pub type PMOUNTDEV_NAME = *mut _MOUNTDEV_NAME; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _MOUNTMGR_VOLUME_PATHS { + pub MultiSzLength: ULONG, + pub MultiSz: [WCHAR; 1usize], +} +pub type MOUNTMGR_VOLUME_PATHS = _MOUNTMGR_VOLUME_PATHS; +pub type PMOUNTMGR_VOLUME_PATHS = *mut _MOUNTMGR_VOLUME_PATHS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _FS_FILTER_SECTION_SYNC_TYPE { + SyncTypeOther = 0, + SyncTypeCreateSection = 1, +} +pub use self::_FS_FILTER_SECTION_SYNC_TYPE as FS_FILTER_SECTION_SYNC_TYPE; +pub type PFS_FILTER_SECTION_SYNC_TYPE = *mut _FS_FILTER_SECTION_SYNC_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _CREATE_FILE_TYPE { + CreateFileTypeNone = 0, + CreateFileTypeNamedPipe = 1, + CreateFileTypeMailslot = 2, +} +pub use self::_CREATE_FILE_TYPE as CREATE_FILE_TYPE; +#[repr(C)] +pub struct _NAMED_PIPE_CREATE_PARAMETERS { + pub NamedPipeType: ULONG, + pub ReadMode: ULONG, + pub CompletionMode: ULONG, + pub MaximumInstances: ULONG, + pub InboundQuota: ULONG, + pub OutboundQuota: ULONG, + pub DefaultTimeout: LARGE_INTEGER, + pub TimeoutSpecified: BOOLEAN, +} +impl Default for _NAMED_PIPE_CREATE_PARAMETERS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type NAMED_PIPE_CREATE_PARAMETERS = _NAMED_PIPE_CREATE_PARAMETERS; +pub type PNAMED_PIPE_CREATE_PARAMETERS = *mut _NAMED_PIPE_CREATE_PARAMETERS; +#[repr(C)] +pub struct _MAILSLOT_CREATE_PARAMETERS { + pub MailslotQuota: ULONG, + pub MaximumMessageSize: ULONG, + pub ReadTimeout: LARGE_INTEGER, + pub TimeoutSpecified: BOOLEAN, +} +impl Default for _MAILSLOT_CREATE_PARAMETERS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type MAILSLOT_CREATE_PARAMETERS = _MAILSLOT_CREATE_PARAMETERS; +pub type PMAILSLOT_CREATE_PARAMETERS = *mut _MAILSLOT_CREATE_PARAMETERS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _OPLOCK_KEY_ECP_CONTEXT { + pub OplockKey: GUID, + pub Reserved: ULONG, +} +pub type OPLOCK_KEY_ECP_CONTEXT = _OPLOCK_KEY_ECP_CONTEXT; +pub type POPLOCK_KEY_ECP_CONTEXT = *mut _OPLOCK_KEY_ECP_CONTEXT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _OPLOCK_KEY_CONTEXT { + pub Version: USHORT, + pub Flags: USHORT, + pub ParentOplockKey: GUID, + pub TargetOplockKey: GUID, + pub Reserved: ULONG, +} +pub type OPLOCK_KEY_CONTEXT = _OPLOCK_KEY_CONTEXT; +pub type POPLOCK_KEY_CONTEXT = *mut _OPLOCK_KEY_CONTEXT; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PORT_MESSAGE { + pub u1: _PORT_MESSAGE__bindgen_ty_1, + pub u2: _PORT_MESSAGE__bindgen_ty_2, + pub __bindgen_anon_1: _PORT_MESSAGE__bindgen_ty_3, + pub MessageId: ULONG, + pub __bindgen_anon_2: _PORT_MESSAGE__bindgen_ty_4, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PORT_MESSAGE__bindgen_ty_1 { + pub s1: _PORT_MESSAGE__bindgen_ty_1__bindgen_ty_1, + pub Length: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PORT_MESSAGE__bindgen_ty_1__bindgen_ty_1 { + pub DataLength: CSHORT, + pub TotalLength: CSHORT, +} +impl Default for _PORT_MESSAGE__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PORT_MESSAGE__bindgen_ty_2 { + pub s2: _PORT_MESSAGE__bindgen_ty_2__bindgen_ty_1, + pub ZeroInit: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PORT_MESSAGE__bindgen_ty_2__bindgen_ty_1 { + pub Type: CSHORT, + pub DataInfoOffset: CSHORT, +} +impl Default for _PORT_MESSAGE__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PORT_MESSAGE__bindgen_ty_3 { + pub ClientId: CLIENT_ID, + pub DoNotUseThisField: f64, +} +impl Default for _PORT_MESSAGE__bindgen_ty_3 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PORT_MESSAGE__bindgen_ty_4 { + pub ClientViewSize: SIZE_T, + pub CallbackId: ULONG, +} +impl Default for _PORT_MESSAGE__bindgen_ty_4 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PORT_MESSAGE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PORT_MESSAGE = _PORT_MESSAGE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PORT_DATA_ENTRY { + pub Base: PVOID, + pub Size: ULONG, +} +impl Default for _PORT_DATA_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PORT_DATA_ENTRY = _PORT_DATA_ENTRY; +pub type PPORT_DATA_ENTRY = *mut _PORT_DATA_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PORT_DATA_INFORMATION { + pub CountDataEntries: ULONG, + pub DataEntries: [PORT_DATA_ENTRY; 1usize], +} +impl Default for _PORT_DATA_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PORT_DATA_INFORMATION = _PORT_DATA_INFORMATION; +pub type PPORT_DATA_INFORMATION = *mut _PORT_DATA_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _LPC_CLIENT_DIED_MSG { + pub PortMsg: PORT_MESSAGE, + pub CreateTime: LARGE_INTEGER, +} +impl Default for _LPC_CLIENT_DIED_MSG { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LPC_CLIENT_DIED_MSG = _LPC_CLIENT_DIED_MSG; +pub type PLPC_CLIENT_DIED_MSG = *mut _LPC_CLIENT_DIED_MSG; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PORT_VIEW { + pub Length: ULONG, + pub SectionHandle: HANDLE, + pub SectionOffset: ULONG, + pub ViewSize: SIZE_T, + pub ViewBase: PVOID, + pub ViewRemoteBase: PVOID, +} +impl Default for _PORT_VIEW { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PORT_VIEW = _PORT_VIEW; +pub type PPORT_VIEW = *mut _PORT_VIEW; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _REMOTE_PORT_VIEW { + pub Length: ULONG, + pub ViewSize: SIZE_T, + pub ViewBase: PVOID, +} +impl Default for _REMOTE_PORT_VIEW { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type REMOTE_PORT_VIEW = _REMOTE_PORT_VIEW; +pub type PREMOTE_PORT_VIEW = *mut _REMOTE_PORT_VIEW; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PORT_MESSAGE64 { + pub u1: _PORT_MESSAGE64__bindgen_ty_1, + pub u2: _PORT_MESSAGE64__bindgen_ty_2, + pub __bindgen_anon_1: _PORT_MESSAGE64__bindgen_ty_3, + pub MessageId: ULONG, + pub __bindgen_anon_2: _PORT_MESSAGE64__bindgen_ty_4, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PORT_MESSAGE64__bindgen_ty_1 { + pub s1: _PORT_MESSAGE64__bindgen_ty_1__bindgen_ty_1, + pub Length: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PORT_MESSAGE64__bindgen_ty_1__bindgen_ty_1 { + pub DataLength: CSHORT, + pub TotalLength: CSHORT, +} +impl Default for _PORT_MESSAGE64__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PORT_MESSAGE64__bindgen_ty_2 { + pub s2: _PORT_MESSAGE64__bindgen_ty_2__bindgen_ty_1, + pub ZeroInit: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PORT_MESSAGE64__bindgen_ty_2__bindgen_ty_1 { + pub Type: CSHORT, + pub DataInfoOffset: CSHORT, +} +impl Default for _PORT_MESSAGE64__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PORT_MESSAGE64__bindgen_ty_3 { + pub ClientId: CLIENT_ID64, + pub DoNotUseThisField: f64, +} +impl Default for _PORT_MESSAGE64__bindgen_ty_3 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PORT_MESSAGE64__bindgen_ty_4 { + pub ClientViewSize: ULONGLONG, + pub CallbackId: ULONG, +} +impl Default for _PORT_MESSAGE64__bindgen_ty_4 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PORT_MESSAGE64 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PORT_MESSAGE64 = _PORT_MESSAGE64; +pub type PPORT_MESSAGE64 = *mut _PORT_MESSAGE64; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _LPC_CLIENT_DIED_MSG64 { + pub PortMsg: PORT_MESSAGE64, + pub CreateTime: LARGE_INTEGER, +} +impl Default for _LPC_CLIENT_DIED_MSG64 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LPC_CLIENT_DIED_MSG64 = _LPC_CLIENT_DIED_MSG64; +pub type PLPC_CLIENT_DIED_MSG64 = *mut _LPC_CLIENT_DIED_MSG64; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PORT_VIEW64 { + pub Length: ULONG, + pub SectionHandle: ULONGLONG, + pub SectionOffset: ULONG, + pub ViewSize: ULONGLONG, + pub ViewBase: ULONGLONG, + pub ViewRemoteBase: ULONGLONG, +} +pub type PORT_VIEW64 = _PORT_VIEW64; +pub type PPORT_VIEW64 = *mut _PORT_VIEW64; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _REMOTE_PORT_VIEW64 { + pub Length: ULONG, + pub ViewSize: ULONGLONG, + pub ViewBase: ULONGLONG, +} +pub type REMOTE_PORT_VIEW64 = _REMOTE_PORT_VIEW64; +pub type PREMOTE_PORT_VIEW64 = *mut _REMOTE_PORT_VIEW64; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PORT_INFORMATION_CLASS { + PortBasicInformation = 0, + PortDumpInformation = 1, +} +pub use self::_PORT_INFORMATION_CLASS as PORT_INFORMATION_CLASS; +pub type ALPC_HANDLE = HANDLE; +pub type PALPC_HANDLE = *mut HANDLE; +#[repr(C)] +pub struct _ALPC_PORT_ATTRIBUTES { + pub Flags: ULONG, + pub SecurityQos: SECURITY_QUALITY_OF_SERVICE, + pub MaxMessageLength: SIZE_T, + pub MemoryBandwidth: SIZE_T, + pub MaxPoolUsage: SIZE_T, + pub MaxSectionSize: SIZE_T, + pub MaxViewSize: SIZE_T, + pub MaxTotalSectionSize: SIZE_T, + pub DupObjectTypes: ULONG, + pub Reserved: ULONG, +} +impl Default for _ALPC_PORT_ATTRIBUTES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALPC_PORT_ATTRIBUTES = _ALPC_PORT_ATTRIBUTES; +pub type PALPC_PORT_ATTRIBUTES = *mut _ALPC_PORT_ATTRIBUTES; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ALPC_MESSAGE_ATTRIBUTES { + pub AllocatedAttributes: ULONG, + pub ValidAttributes: ULONG, +} +pub type ALPC_MESSAGE_ATTRIBUTES = _ALPC_MESSAGE_ATTRIBUTES; +pub type PALPC_MESSAGE_ATTRIBUTES = *mut _ALPC_MESSAGE_ATTRIBUTES; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _ALPC_COMPLETION_LIST_STATE { + pub u1: _ALPC_COMPLETION_LIST_STATE__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _ALPC_COMPLETION_LIST_STATE__bindgen_ty_1 { + pub s1: _ALPC_COMPLETION_LIST_STATE__bindgen_ty_1__bindgen_ty_1, + pub Value: ULONG64, +} +#[repr(C)] +#[repr(align(8))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ALPC_COMPLETION_LIST_STATE__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl _ALPC_COMPLETION_LIST_STATE__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn Head(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 24u8) as u64) } + } + #[inline] + pub fn set_Head(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 24u8, val as u64) + } + } + #[inline] + pub fn Tail(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(24usize, 24u8) as u64) } + } + #[inline] + pub fn set_Tail(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(24usize, 24u8, val as u64) + } + } + #[inline] + pub fn ActiveThreadCount(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(48usize, 16u8) as u64) } + } + #[inline] + pub fn set_ActiveThreadCount(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(48usize, 16u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Head: ULONG64, + Tail: ULONG64, + ActiveThreadCount: ULONG64, + ) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 24u8, { + let Head: u64 = unsafe { ::core::mem::transmute(Head) }; + Head as u64 + }); + __bindgen_bitfield_unit.set(24usize, 24u8, { + let Tail: u64 = unsafe { ::core::mem::transmute(Tail) }; + Tail as u64 + }); + __bindgen_bitfield_unit.set(48usize, 16u8, { + let ActiveThreadCount: u64 = unsafe { ::core::mem::transmute(ActiveThreadCount) }; + ActiveThreadCount as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _ALPC_COMPLETION_LIST_STATE__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _ALPC_COMPLETION_LIST_STATE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALPC_COMPLETION_LIST_STATE = _ALPC_COMPLETION_LIST_STATE; +pub type PALPC_COMPLETION_LIST_STATE = *mut _ALPC_COMPLETION_LIST_STATE; +#[repr(C)] +#[repr(align(128))] +#[derive(Copy, Clone)] +pub struct _ALPC_COMPLETION_LIST_HEADER { + pub StartMagic: ULONG64, + pub TotalSize: ULONG, + pub ListOffset: ULONG, + pub ListSize: ULONG, + pub BitmapOffset: ULONG, + pub BitmapSize: ULONG, + pub DataOffset: ULONG, + pub DataSize: ULONG, + pub AttributeFlags: ULONG, + pub AttributeSize: ULONG, + pub __bindgen_padding_0: [u64; 10usize], + pub State: ALPC_COMPLETION_LIST_STATE, + pub LastMessageId: ULONG, + pub LastCallbackId: ULONG, + pub __bindgen_padding_1: [u32; 28usize], + pub PostCount: ULONG, + pub __bindgen_padding_2: [u32; 31usize], + pub ReturnCount: ULONG, + pub __bindgen_padding_3: [u32; 31usize], + pub LogSequenceNumber: ULONG, + pub __bindgen_padding_4: [u64; 15usize], + pub UserLock: RTL_SRWLOCK, + pub EndMagic: ULONG64, +} +impl Default for _ALPC_COMPLETION_LIST_HEADER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALPC_COMPLETION_LIST_HEADER = _ALPC_COMPLETION_LIST_HEADER; +pub type PALPC_COMPLETION_LIST_HEADER = *mut _ALPC_COMPLETION_LIST_HEADER; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ALPC_CONTEXT_ATTR { + pub PortContext: PVOID, + pub MessageContext: PVOID, + pub Sequence: ULONG, + pub MessageId: ULONG, + pub CallbackId: ULONG, +} +impl Default for _ALPC_CONTEXT_ATTR { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALPC_CONTEXT_ATTR = _ALPC_CONTEXT_ATTR; +pub type PALPC_CONTEXT_ATTR = *mut _ALPC_CONTEXT_ATTR; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ALPC_HANDLE_ATTR32 { + pub Flags: ULONG, + pub Reserved0: ULONG, + pub SameAccess: ULONG, + pub SameAttributes: ULONG, + pub Indirect: ULONG, + pub Inherit: ULONG, + pub Reserved1: ULONG, + pub Handle: ULONG, + pub ObjectType: ULONG, + pub DesiredAccess: ULONG, + pub GrantedAccess: ULONG, +} +pub type ALPC_HANDLE_ATTR32 = _ALPC_HANDLE_ATTR32; +pub type PALPC_HANDLE_ATTR32 = *mut _ALPC_HANDLE_ATTR32; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ALPC_HANDLE_ATTR { + pub Flags: ULONG, + pub Reserved0: ULONG, + pub SameAccess: ULONG, + pub SameAttributes: ULONG, + pub Indirect: ULONG, + pub Inherit: ULONG, + pub Reserved1: ULONG, + pub Handle: HANDLE, + pub HandleAttrArray: PALPC_HANDLE_ATTR32, + pub ObjectType: ULONG, + pub HandleCount: ULONG, + pub DesiredAccess: ACCESS_MASK, + pub GrantedAccess: ACCESS_MASK, +} +impl Default for _ALPC_HANDLE_ATTR { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALPC_HANDLE_ATTR = _ALPC_HANDLE_ATTR; +pub type PALPC_HANDLE_ATTR = *mut _ALPC_HANDLE_ATTR; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ALPC_SECURITY_ATTR { + pub Flags: ULONG, + pub QoS: PSECURITY_QUALITY_OF_SERVICE, + pub ContextHandle: ALPC_HANDLE, +} +impl Default for _ALPC_SECURITY_ATTR { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALPC_SECURITY_ATTR = _ALPC_SECURITY_ATTR; +pub type PALPC_SECURITY_ATTR = *mut _ALPC_SECURITY_ATTR; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ALPC_DATA_VIEW_ATTR { + pub Flags: ULONG, + pub SectionHandle: ALPC_HANDLE, + pub ViewBase: PVOID, + pub ViewSize: SIZE_T, +} +impl Default for _ALPC_DATA_VIEW_ATTR { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALPC_DATA_VIEW_ATTR = _ALPC_DATA_VIEW_ATTR; +pub type PALPC_DATA_VIEW_ATTR = *mut _ALPC_DATA_VIEW_ATTR; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _ALPC_PORT_INFORMATION_CLASS { + AlpcBasicInformation = 0, + AlpcPortInformation = 1, + AlpcAssociateCompletionPortInformation = 2, + AlpcConnectedSIDInformation = 3, + AlpcServerInformation = 4, + AlpcMessageZoneInformation = 5, + AlpcRegisterCompletionListInformation = 6, + AlpcUnregisterCompletionListInformation = 7, + AlpcAdjustCompletionListConcurrencyCountInformation = 8, + AlpcRegisterCallbackInformation = 9, + AlpcCompletionListRundownInformation = 10, + AlpcWaitForPortReferences = 11, + AlpcServerSessionInformation = 12, +} +pub use self::_ALPC_PORT_INFORMATION_CLASS as ALPC_PORT_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ALPC_BASIC_INFORMATION { + pub Flags: ULONG, + pub SequenceNo: ULONG, + pub PortContext: PVOID, +} +impl Default for _ALPC_BASIC_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALPC_BASIC_INFORMATION = _ALPC_BASIC_INFORMATION; +pub type PALPC_BASIC_INFORMATION = *mut _ALPC_BASIC_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ALPC_PORT_ASSOCIATE_COMPLETION_PORT { + pub CompletionKey: PVOID, + pub CompletionPort: HANDLE, +} +impl Default for _ALPC_PORT_ASSOCIATE_COMPLETION_PORT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALPC_PORT_ASSOCIATE_COMPLETION_PORT = _ALPC_PORT_ASSOCIATE_COMPLETION_PORT; +pub type PALPC_PORT_ASSOCIATE_COMPLETION_PORT = *mut _ALPC_PORT_ASSOCIATE_COMPLETION_PORT; +#[repr(C)] +pub struct _ALPC_SERVER_INFORMATION { + pub __bindgen_anon_1: _ALPC_SERVER_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +pub union _ALPC_SERVER_INFORMATION__bindgen_ty_1 { + pub In: ::core::mem::ManuallyDrop<_ALPC_SERVER_INFORMATION__bindgen_ty_1__bindgen_ty_1>, + pub Out: ::core::mem::ManuallyDrop<_ALPC_SERVER_INFORMATION__bindgen_ty_1__bindgen_ty_2>, +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ALPC_SERVER_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + pub ThreadHandle: HANDLE, +} +impl Default for _ALPC_SERVER_INFORMATION__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +pub struct _ALPC_SERVER_INFORMATION__bindgen_ty_1__bindgen_ty_2 { + pub ThreadBlocked: BOOLEAN, + pub ConnectedProcessId: HANDLE, + pub ConnectionPortName: UNICODE_STRING, +} +impl Default for _ALPC_SERVER_INFORMATION__bindgen_ty_1__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _ALPC_SERVER_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _ALPC_SERVER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALPC_SERVER_INFORMATION = _ALPC_SERVER_INFORMATION; +pub type PALPC_SERVER_INFORMATION = *mut _ALPC_SERVER_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ALPC_PORT_MESSAGE_ZONE_INFORMATION { + pub Buffer: PVOID, + pub Size: ULONG, +} +impl Default for _ALPC_PORT_MESSAGE_ZONE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALPC_PORT_MESSAGE_ZONE_INFORMATION = _ALPC_PORT_MESSAGE_ZONE_INFORMATION; +pub type PALPC_PORT_MESSAGE_ZONE_INFORMATION = *mut _ALPC_PORT_MESSAGE_ZONE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ALPC_PORT_COMPLETION_LIST_INFORMATION { + pub Buffer: PVOID, + pub Size: ULONG, + pub ConcurrencyCount: ULONG, + pub AttributeFlags: ULONG, +} +impl Default for _ALPC_PORT_COMPLETION_LIST_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALPC_PORT_COMPLETION_LIST_INFORMATION = _ALPC_PORT_COMPLETION_LIST_INFORMATION; +pub type PALPC_PORT_COMPLETION_LIST_INFORMATION = *mut _ALPC_PORT_COMPLETION_LIST_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ALPC_REGISTER_CALLBACK { + pub CallbackObject: PVOID, + pub CallbackContext: PVOID, +} +impl Default for _ALPC_REGISTER_CALLBACK { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALPC_REGISTER_CALLBACK = _ALPC_REGISTER_CALLBACK; +pub type PALPC_REGISTER_CALLBACK = *mut _ALPC_REGISTER_CALLBACK; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ALPC_SERVER_SESSION_INFORMATION { + pub SessionId: ULONG, + pub ProcessId: ULONG, +} +pub type ALPC_SERVER_SESSION_INFORMATION = _ALPC_SERVER_SESSION_INFORMATION; +pub type PALPC_SERVER_SESSION_INFORMATION = *mut _ALPC_SERVER_SESSION_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _ALPC_MESSAGE_INFORMATION_CLASS { + AlpcMessageSidInformation = 0, + AlpcMessageTokenModifiedIdInformation = 1, + AlpcMessageDirectStatusInformation = 2, + AlpcMessageHandleInformation = 3, + MaxAlpcMessageInfoClass = 4, +} +pub use self::_ALPC_MESSAGE_INFORMATION_CLASS as ALPC_MESSAGE_INFORMATION_CLASS; +pub type PALPC_MESSAGE_INFORMATION_CLASS = *mut _ALPC_MESSAGE_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ALPC_MESSAGE_HANDLE_INFORMATION { + pub Index: ULONG, + pub Flags: ULONG, + pub Handle: ULONG, + pub ObjectType: ULONG, + pub GrantedAccess: ACCESS_MASK, +} +pub type ALPC_MESSAGE_HANDLE_INFORMATION = _ALPC_MESSAGE_HANDLE_INFORMATION; +pub type PALPC_MESSAGE_HANDLE_INFORMATION = *mut _ALPC_MESSAGE_HANDLE_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PF_BOOT_PHASE_ID { + PfKernelInitPhase = 0, + PfBootDriverInitPhase = 90, + PfSystemDriverInitPhase = 120, + PfSessionManagerInitPhase = 150, + PfSMRegistryInitPhase = 180, + PfVideoInitPhase = 210, + PfPostVideoInitPhase = 240, + PfBootAcceptedRegistryInitPhase = 270, + PfUserShellReadyPhase = 300, + PfMaxBootPhaseId = 900, +} +pub use self::_PF_BOOT_PHASE_ID as PF_BOOT_PHASE_ID; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PF_ENABLE_STATUS { + PfSvNotSpecified = 0, + PfSvEnabled = 1, + PfSvDisabled = 2, + PfSvMaxEnableStatus = 3, +} +pub use self::_PF_ENABLE_STATUS as PF_ENABLE_STATUS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_TRACE_LIMITS { + pub MaxNumPages: ULONG, + pub MaxNumSections: ULONG, + pub TimerPeriod: LONGLONG, +} +pub type PF_TRACE_LIMITS = _PF_TRACE_LIMITS; +pub type PPF_TRACE_LIMITS = *mut _PF_TRACE_LIMITS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PF_SYSTEM_PREFETCH_PARAMETERS { + pub EnableStatus: [PF_ENABLE_STATUS; 2usize], + pub TraceLimits: [PF_TRACE_LIMITS; 2usize], + pub MaxNumActiveTraces: ULONG, + pub MaxNumSavedTraces: ULONG, + pub RootDirPath: [WCHAR; 32usize], + pub HostingApplicationList: [WCHAR; 128usize], +} +impl Default for _PF_SYSTEM_PREFETCH_PARAMETERS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PF_SYSTEM_PREFETCH_PARAMETERS = _PF_SYSTEM_PREFETCH_PARAMETERS; +pub type PPF_SYSTEM_PREFETCH_PARAMETERS = *mut _PF_SYSTEM_PREFETCH_PARAMETERS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_BOOT_CONTROL { + pub Version: ULONG, + pub DisableBootPrefetching: ULONG, +} +pub type PF_BOOT_CONTROL = _PF_BOOT_CONTROL; +pub type PPF_BOOT_CONTROL = *mut _PF_BOOT_CONTROL; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PREFETCHER_INFORMATION_CLASS { + PrefetcherRetrieveTrace = 1, + PrefetcherSystemParameters = 2, + PrefetcherBootPhase = 3, + PrefetcherSpare1 = 4, + PrefetcherBootControl = 5, + PrefetcherScenarioPolicyControl = 6, + PrefetcherSpare2 = 7, + PrefetcherAppLaunchScenarioControl = 8, + PrefetcherInformationMax = 9, +} +pub use self::_PREFETCHER_INFORMATION_CLASS as PREFETCHER_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PREFETCHER_INFORMATION { + pub Version: ULONG, + pub Magic: ULONG, + pub PrefetcherInformationClass: PREFETCHER_INFORMATION_CLASS, + pub PrefetcherInformation: PVOID, + pub PrefetcherInformationLength: ULONG, +} +impl Default for _PREFETCHER_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PREFETCHER_INFORMATION = _PREFETCHER_INFORMATION; +pub type PPREFETCHER_INFORMATION = *mut _PREFETCHER_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_SYSTEM_SUPERFETCH_PARAMETERS { + pub EnabledComponents: ULONG, + pub BootID: ULONG, + pub SavedSectInfoTracesMax: ULONG, + pub SavedPageAccessTracesMax: ULONG, + pub ScenarioPrefetchTimeoutStandby: ULONG, + pub ScenarioPrefetchTimeoutHibernate: ULONG, + pub ScenarioPrefetchTimeoutHiberBoot: ULONG, +} +pub type PF_SYSTEM_SUPERFETCH_PARAMETERS = _PF_SYSTEM_SUPERFETCH_PARAMETERS; +pub type PPF_SYSTEM_SUPERFETCH_PARAMETERS = *mut _PF_SYSTEM_SUPERFETCH_PARAMETERS; +impl _PF_EVENT_TYPE { + pub const PfEventTypeUtilization: _PF_EVENT_TYPE = _PF_EVENT_TYPE::PfEventTypeUnmap; +} +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PF_EVENT_TYPE { + PfEventTypeImageLoad = 0, + PfEventTypeAppLaunch = 1, + PfEventTypeStartTrace = 2, + PfEventTypeEndTrace = 3, + PfEventTypeTimestamp = 4, + PfEventTypeOperation = 5, + PfEventTypeRepurpose = 6, + PfEventTypeForegroundProcess = 7, + PfEventTypeTimeRange = 8, + PfEventTypeUserInput = 9, + PfEventTypeFileAccess = 10, + PfEventTypeUnmap = 11, + PfEventTypeMemInfo = 12, + PfEventTypeFileDelete = 13, + PfEventTypeAppExit = 14, + PfEventTypeSystemTime = 15, + PfEventTypePower = 16, + PfEventTypeSessionChange = 17, + PfEventTypeHardFaultTimeStamp = 18, + PfEventTypeVirtualFree = 19, + PfEventTypePerfInfo = 20, + PfEventTypeProcessSnapshot = 21, + PfEventTypeUserSnapshot = 22, + PfEventTypeStreamSequenceNumber = 23, + PfEventTypeFileTruncate = 24, + PfEventTypeFileRename = 25, + PfEventTypeFileCreate = 26, + PfEventTypeAgCxContext = 27, + PfEventTypePowerAction = 28, + PfEventTypeHardFaultTS = 29, + PfEventTypeRobustInfo = 30, + PfEventTypeFileDefrag = 31, + PfEventTypeMax = 32, +} +pub use self::_PF_EVENT_TYPE as PF_EVENT_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PF_LOG_EVENT_DATA { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, + pub EventData: PVOID, +} +impl Default for _PF_LOG_EVENT_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _PF_LOG_EVENT_DATA { + #[inline] + pub fn EventType(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 5u8) as u32) } + } + #[inline] + pub fn set_EventType(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 5u8, val as u64) + } + } + #[inline] + pub fn Flags(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 2u8) as u32) } + } + #[inline] + pub fn set_Flags(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 2u8, val as u64) + } + } + #[inline] + pub fn DataSize(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 25u8) as u32) } + } + #[inline] + pub fn set_DataSize(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 25u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + EventType: ULONG, + Flags: ULONG, + DataSize: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 5u8, { + let EventType: u32 = unsafe { ::core::mem::transmute(EventType) }; + EventType as u64 + }); + __bindgen_bitfield_unit.set(5usize, 2u8, { + let Flags: u32 = unsafe { ::core::mem::transmute(Flags) }; + Flags as u64 + }); + __bindgen_bitfield_unit.set(7usize, 25u8, { + let DataSize: u32 = unsafe { ::core::mem::transmute(DataSize) }; + DataSize as u64 + }); + __bindgen_bitfield_unit + } +} +pub type PF_LOG_EVENT_DATA = _PF_LOG_EVENT_DATA; +pub type PPF_LOG_EVENT_DATA = *mut _PF_LOG_EVENT_DATA; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PF_PFN_PRIO_REQUEST { + pub Version: ULONG, + pub RequestFlags: ULONG, + pub PfnCount: ULONG_PTR, + pub MemInfo: SYSTEM_MEMORY_LIST_INFORMATION, + pub PageData: [MMPFN_IDENTITY; 256usize], +} +impl Default for _PF_PFN_PRIO_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PF_PFN_PRIO_REQUEST = _PF_PFN_PRIO_REQUEST; +pub type PPF_PFN_PRIO_REQUEST = *mut _PF_PFN_PRIO_REQUEST; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PFS_PRIVATE_PAGE_SOURCE_TYPE { + PfsPrivateSourceKernel = 0, + PfsPrivateSourceSession = 1, + PfsPrivateSourceProcess = 2, + PfsPrivateSourceMax = 3, +} +pub use self::_PFS_PRIVATE_PAGE_SOURCE_TYPE as PFS_PRIVATE_PAGE_SOURCE_TYPE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PFS_PRIVATE_PAGE_SOURCE { + pub Type: PFS_PRIVATE_PAGE_SOURCE_TYPE, + pub __bindgen_anon_1: _PFS_PRIVATE_PAGE_SOURCE__bindgen_ty_1, + pub ImagePathHash: ULONG, + pub UniqueProcessHash: ULONG_PTR, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PFS_PRIVATE_PAGE_SOURCE__bindgen_ty_1 { + pub SessionId: ULONG, + pub ProcessId: ULONG, +} +impl Default for _PFS_PRIVATE_PAGE_SOURCE__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PFS_PRIVATE_PAGE_SOURCE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PFS_PRIVATE_PAGE_SOURCE = _PFS_PRIVATE_PAGE_SOURCE; +pub type PPFS_PRIVATE_PAGE_SOURCE = *mut _PFS_PRIVATE_PAGE_SOURCE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PF_PRIVSOURCE_INFO { + pub DbInfo: PFS_PRIVATE_PAGE_SOURCE, + pub EProcess: PVOID, + pub WsPrivatePages: SIZE_T, + pub TotalPrivatePages: SIZE_T, + pub SessionID: ULONG, + pub ImageName: [CHAR; 16usize], + pub __bindgen_anon_1: _PF_PRIVSOURCE_INFO__bindgen_ty_1, + pub WsTotalPages: ULONG_PTR, + pub DeepFreezeTimeMs: ULONG, + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PF_PRIVSOURCE_INFO__bindgen_ty_1 { + pub WsSwapPages: ULONG_PTR, + pub SessionPagedPoolPages: ULONG_PTR, + pub StoreSizePages: ULONG_PTR, +} +impl Default for _PF_PRIVSOURCE_INFO__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PF_PRIVSOURCE_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _PF_PRIVSOURCE_INFO { + #[inline] + pub fn ModernApp(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_ModernApp(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn DeepFrozen(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_DeepFrozen(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn Foreground(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_Foreground(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn PerProcessStore(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_PerProcessStore(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 28u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 28u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ModernApp: ULONG, + DeepFrozen: ULONG, + Foreground: ULONG, + PerProcessStore: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ModernApp: u32 = unsafe { ::core::mem::transmute(ModernApp) }; + ModernApp as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let DeepFrozen: u32 = unsafe { ::core::mem::transmute(DeepFrozen) }; + DeepFrozen as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let Foreground: u32 = unsafe { ::core::mem::transmute(Foreground) }; + Foreground as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let PerProcessStore: u32 = unsafe { ::core::mem::transmute(PerProcessStore) }; + PerProcessStore as u64 + }); + __bindgen_bitfield_unit.set(4usize, 28u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type PF_PRIVSOURCE_INFO = _PF_PRIVSOURCE_INFO; +pub type PPF_PRIVSOURCE_INFO = *mut _PF_PRIVSOURCE_INFO; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PF_PRIVSOURCE_QUERY_REQUEST { + pub Version: ULONG, + pub Flags: ULONG, + pub InfoCount: ULONG, + pub InfoArray: [PF_PRIVSOURCE_INFO; 1usize], +} +impl Default for _PF_PRIVSOURCE_QUERY_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PF_PRIVSOURCE_QUERY_REQUEST = _PF_PRIVSOURCE_QUERY_REQUEST; +pub type PPF_PRIVSOURCE_QUERY_REQUEST = *mut _PF_PRIVSOURCE_QUERY_REQUEST; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PF_PHASED_SCENARIO_TYPE { + PfScenarioTypeNone = 0, + PfScenarioTypeStandby = 1, + PfScenarioTypeHibernate = 2, + PfScenarioTypeFUS = 3, + PfScenarioTypeMax = 4, +} +pub use self::_PF_PHASED_SCENARIO_TYPE as PF_PHASED_SCENARIO_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PF_SCENARIO_PHASE_INFO { + pub Version: ULONG, + pub ScenType: PF_PHASED_SCENARIO_TYPE, + pub PhaseId: ULONG, + pub SequenceNumber: ULONG, + pub Flags: ULONG, + pub FUSUserId: ULONG, +} +impl Default for _PF_SCENARIO_PHASE_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PF_SCENARIO_PHASE_INFO = _PF_SCENARIO_PHASE_INFO; +pub type PPF_SCENARIO_PHASE_INFO = *mut _PF_SCENARIO_PHASE_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_MEMORY_LIST_NODE { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, + pub StandbyLowPageCount: ULONGLONG, + pub StandbyMediumPageCount: ULONGLONG, + pub StandbyHighPageCount: ULONGLONG, + pub FreePageCount: ULONGLONG, + pub ModifiedPageCount: ULONGLONG, +} +impl _PF_MEMORY_LIST_NODE { + #[inline] + pub fn Node(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u64) } + } + #[inline] + pub fn set_Node(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONGLONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 56u8) as u64) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONGLONG) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 56u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Node: ULONGLONG, Spare: ULONGLONG) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Node: u64 = unsafe { ::core::mem::transmute(Node) }; + Node as u64 + }); + __bindgen_bitfield_unit.set(8usize, 56u8, { + let Spare: u64 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +pub type PF_MEMORY_LIST_NODE = _PF_MEMORY_LIST_NODE; +pub type PPF_MEMORY_LIST_NODE = *mut _PF_MEMORY_LIST_NODE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_ROBUST_PROCESS_ENTRY { + pub ImagePathHash: ULONG, + pub Pid: ULONG, + pub Alignment: ULONG, +} +pub type PF_ROBUST_PROCESS_ENTRY = _PF_ROBUST_PROCESS_ENTRY; +pub type PPF_ROBUST_PROCESS_ENTRY = *mut _PF_ROBUST_PROCESS_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_ROBUST_FILE_ENTRY { + pub FilePathHash: ULONG, +} +pub type PF_ROBUST_FILE_ENTRY = _PF_ROBUST_FILE_ENTRY; +pub type PPF_ROBUST_FILE_ENTRY = *mut _PF_ROBUST_FILE_ENTRY; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PF_ROBUSTNESS_CONTROL_COMMAND { + PfRpControlUpdate = 0, + PfRpControlReset = 1, + PfRpControlRobustAllStart = 2, + PfRpControlRobustAllStop = 3, + PfRpControlCommandMax = 4, +} +pub use self::_PF_ROBUSTNESS_CONTROL_COMMAND as PF_ROBUSTNESS_CONTROL_COMMAND; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PF_ROBUSTNESS_CONTROL { + pub Version: ULONG, + pub Command: PF_ROBUSTNESS_CONTROL_COMMAND, + pub DeprioProcessCount: ULONG, + pub ExemptProcessCount: ULONG, + pub DeprioFileCount: ULONG, + pub ExemptFileCount: ULONG, + pub ProcessEntries: [PF_ROBUST_PROCESS_ENTRY; 1usize], + pub FileEntries: [PF_ROBUST_FILE_ENTRY; 1usize], +} +impl Default for _PF_ROBUSTNESS_CONTROL { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PF_ROBUSTNESS_CONTROL = _PF_ROBUSTNESS_CONTROL; +pub type PPF_ROBUSTNESS_CONTROL = *mut _PF_ROBUSTNESS_CONTROL; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_TIME_CONTROL { + pub TimeAdjustment: LONG, +} +pub type PF_TIME_CONTROL = _PF_TIME_CONTROL; +pub type PPF_TIME_CONTROL = *mut _PF_TIME_CONTROL; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_MEMORY_LIST_INFO { + pub Version: ULONG, + pub Size: ULONG, + pub NodeCount: ULONG, + pub Nodes: [PF_MEMORY_LIST_NODE; 1usize], +} +pub type PF_MEMORY_LIST_INFO = _PF_MEMORY_LIST_INFO; +pub type PPF_MEMORY_LIST_INFO = *mut _PF_MEMORY_LIST_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_PHYSICAL_MEMORY_RANGE { + pub BasePfn: ULONG_PTR, + pub PageCount: ULONG_PTR, +} +pub type PF_PHYSICAL_MEMORY_RANGE = _PF_PHYSICAL_MEMORY_RANGE; +pub type PPF_PHYSICAL_MEMORY_RANGE = *mut _PF_PHYSICAL_MEMORY_RANGE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_PHYSICAL_MEMORY_RANGE_INFO_V1 { + pub Version: ULONG, + pub RangeCount: ULONG, + pub Ranges: [PF_PHYSICAL_MEMORY_RANGE; 1usize], +} +pub type PF_PHYSICAL_MEMORY_RANGE_INFO_V1 = _PF_PHYSICAL_MEMORY_RANGE_INFO_V1; +pub type PPF_PHYSICAL_MEMORY_RANGE_INFO_V1 = *mut _PF_PHYSICAL_MEMORY_RANGE_INFO_V1; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_PHYSICAL_MEMORY_RANGE_INFO_V2 { + pub Version: ULONG, + pub Flags: ULONG, + pub RangeCount: ULONG, + pub Ranges: [PF_PHYSICAL_MEMORY_RANGE; 1usize], +} +pub type PF_PHYSICAL_MEMORY_RANGE_INFO_V2 = _PF_PHYSICAL_MEMORY_RANGE_INFO_V2; +pub type PPF_PHYSICAL_MEMORY_RANGE_INFO_V2 = *mut _PF_PHYSICAL_MEMORY_RANGE_INFO_V2; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_REPURPOSED_BY_PREFETCH_INFO { + pub Version: ULONG, + pub RepurposedByPrefetch: SIZE_T, +} +pub type PF_REPURPOSED_BY_PREFETCH_INFO = _PF_REPURPOSED_BY_PREFETCH_INFO; +pub type PPF_REPURPOSED_BY_PREFETCH_INFO = *mut _PF_REPURPOSED_BY_PREFETCH_INFO; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PF_VIRTUAL_QUERY { + pub Version: ULONG, + pub __bindgen_anon_1: _PF_VIRTUAL_QUERY__bindgen_ty_1, + pub QueryBuffer: PVOID, + pub QueryBufferSize: SIZE_T, + pub ProcessHandle: HANDLE, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PF_VIRTUAL_QUERY__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _PF_VIRTUAL_QUERY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_VIRTUAL_QUERY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PF_VIRTUAL_QUERY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn FaultInPageTables(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_FaultInPageTables(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReportPageTables(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_ReportPageTables(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 30u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 30u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + FaultInPageTables: ULONG, + ReportPageTables: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let FaultInPageTables: u32 = unsafe { ::core::mem::transmute(FaultInPageTables) }; + FaultInPageTables as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let ReportPageTables: u32 = unsafe { ::core::mem::transmute(ReportPageTables) }; + ReportPageTables as u64 + }); + __bindgen_bitfield_unit.set(2usize, 30u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PF_VIRTUAL_QUERY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PF_VIRTUAL_QUERY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PF_VIRTUAL_QUERY = _PF_VIRTUAL_QUERY; +pub type PPF_VIRTUAL_QUERY = *mut _PF_VIRTUAL_QUERY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_MIN_WS_AGE_RATE_CONTROL { + pub Version: ULONG, + pub SecondsToOldestAge: ULONG, +} +pub type PF_MIN_WS_AGE_RATE_CONTROL = _PF_MIN_WS_AGE_RATE_CONTROL; +pub type PPF_MIN_WS_AGE_RATE_CONTROL = *mut _PF_MIN_WS_AGE_RATE_CONTROL; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PF_DEPRIORITIZE_OLD_PAGES { + pub Version: ULONG, + pub ProcessHandle: HANDLE, + pub __bindgen_anon_1: _PF_DEPRIORITIZE_OLD_PAGES__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PF_DEPRIORITIZE_OLD_PAGES__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _PF_DEPRIORITIZE_OLD_PAGES__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_DEPRIORITIZE_OLD_PAGES__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PF_DEPRIORITIZE_OLD_PAGES__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn TargetPriority(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 4u8) as u32) } + } + #[inline] + pub fn set_TargetPriority(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 4u8, val as u64) + } + } + #[inline] + pub fn TrimPages(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 2u8) as u32) } + } + #[inline] + pub fn set_TrimPages(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 2u8, val as u64) + } + } + #[inline] + pub fn Spare(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 26u8) as u32) } + } + #[inline] + pub fn set_Spare(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 26u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + TargetPriority: ULONG, + TrimPages: ULONG, + Spare: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 4u8, { + let TargetPriority: u32 = unsafe { ::core::mem::transmute(TargetPriority) }; + TargetPriority as u64 + }); + __bindgen_bitfield_unit.set(4usize, 2u8, { + let TrimPages: u32 = unsafe { ::core::mem::transmute(TrimPages) }; + TrimPages as u64 + }); + __bindgen_bitfield_unit.set(6usize, 26u8, { + let Spare: u32 = unsafe { ::core::mem::transmute(Spare) }; + Spare as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PF_DEPRIORITIZE_OLD_PAGES__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PF_DEPRIORITIZE_OLD_PAGES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PF_DEPRIORITIZE_OLD_PAGES = _PF_DEPRIORITIZE_OLD_PAGES; +pub type PPF_DEPRIORITIZE_OLD_PAGES = *mut _PF_DEPRIORITIZE_OLD_PAGES; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PF_GPU_UTILIZATION_INFO { + pub Version: ULONG, + pub SessionId: ULONG, + pub GpuTime: ULONGLONG, +} +pub type PF_GPU_UTILIZATION_INFO = _PF_GPU_UTILIZATION_INFO; +pub type PPF_GPU_UTILIZATION_INFO = *mut _PF_GPU_UTILIZATION_INFO; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SUPERFETCH_INFORMATION_CLASS { + SuperfetchRetrieveTrace = 1, + SuperfetchSystemParameters = 2, + SuperfetchLogEvent = 3, + SuperfetchGenerateTrace = 4, + SuperfetchPrefetch = 5, + SuperfetchPfnQuery = 6, + SuperfetchPfnSetPriority = 7, + SuperfetchPrivSourceQuery = 8, + SuperfetchSequenceNumberQuery = 9, + SuperfetchScenarioPhase = 10, + SuperfetchWorkerPriority = 11, + SuperfetchScenarioQuery = 12, + SuperfetchScenarioPrefetch = 13, + SuperfetchRobustnessControl = 14, + SuperfetchTimeControl = 15, + SuperfetchMemoryListQuery = 16, + SuperfetchMemoryRangesQuery = 17, + SuperfetchTracingControl = 18, + SuperfetchTrimWhileAgingControl = 19, + SuperfetchRepurposedByPrefetch = 20, + SuperfetchChannelPowerRequest = 21, + SuperfetchMovePages = 22, + SuperfetchVirtualQuery = 23, + SuperfetchCombineStatsQuery = 24, + SuperfetchSetMinWsAgeRate = 25, + SuperfetchDeprioritizeOldPagesInWs = 26, + SuperfetchFileExtentsQuery = 27, + SuperfetchGpuUtilizationQuery = 28, + SuperfetchPfnSet = 29, + SuperfetchInformationMax = 30, +} +pub use self::_SUPERFETCH_INFORMATION_CLASS as SUPERFETCH_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SUPERFETCH_INFORMATION { + pub Version: ULONG, + pub Magic: ULONG, + pub SuperfetchInformationClass: SUPERFETCH_INFORMATION_CLASS, + pub SuperfetchInformation: PVOID, + pub SuperfetchInformationLength: ULONG, +} +impl Default for _SUPERFETCH_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SUPERFETCH_INFORMATION = _SUPERFETCH_INFORMATION; +pub type PSUPERFETCH_INFORMATION = *mut _SUPERFETCH_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PLUGPLAY_EVENT_CATEGORY { + HardwareProfileChangeEvent = 0, + TargetDeviceChangeEvent = 1, + DeviceClassChangeEvent = 2, + CustomDeviceEvent = 3, + DeviceInstallEvent = 4, + DeviceArrivalEvent = 5, + PowerEvent = 6, + VetoEvent = 7, + BlockedDriverEvent = 8, + InvalidIDEvent = 9, + MaxPlugEventCategory = 10, +} +pub use self::_PLUGPLAY_EVENT_CATEGORY as PLUGPLAY_EVENT_CATEGORY; +pub type PPLUGPLAY_EVENT_CATEGORY = *mut _PLUGPLAY_EVENT_CATEGORY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PLUGPLAY_EVENT_BLOCK { + pub EventGuid: GUID, + pub EventCategory: PLUGPLAY_EVENT_CATEGORY, + pub Result: PULONG, + pub Flags: ULONG, + pub TotalSize: ULONG, + pub DeviceObject: PVOID, + pub u: _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1 { + pub DeviceClass: _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_1, + pub TargetDevice: _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_2, + pub InstallDevice: _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_3, + pub CustomNotification: _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_4, + pub ProfileNotification: _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_5, + pub PowerNotification: _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_6, + pub VetoNotification: _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_7, + pub BlockedDriverNotification: _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_8, + pub InvalidIDNotification: _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_9, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_1 { + pub ClassGuid: GUID, + pub SymbolicLinkName: [WCHAR; 1usize], +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_2 { + pub DeviceIds: [WCHAR; 1usize], +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_3 { + pub DeviceId: [WCHAR; 1usize], +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_4 { + pub NotificationStructure: PVOID, + pub DeviceIds: [WCHAR; 1usize], +} +impl Default for _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_4 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_5 { + pub Notification: PVOID, +} +impl Default for _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_5 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_6 { + pub NotificationCode: ULONG, + pub NotificationData: ULONG, +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_7 { + pub VetoType: PNP_VETO_TYPE, + pub DeviceIdVetoNameBuffer: [WCHAR; 1usize], +} +impl Default for _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_7 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_8 { + pub BlockedDriverGuid: GUID, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1__bindgen_ty_9 { + pub ParentId: [WCHAR; 1usize], +} +impl Default for _PLUGPLAY_EVENT_BLOCK__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PLUGPLAY_EVENT_BLOCK { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PLUGPLAY_EVENT_BLOCK = _PLUGPLAY_EVENT_BLOCK; +pub type PPLUGPLAY_EVENT_BLOCK = *mut _PLUGPLAY_EVENT_BLOCK; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PLUGPLAY_CONTROL_CLASS { + PlugPlayControlEnumerateDevice = 0, + PlugPlayControlRegisterNewDevice = 1, + PlugPlayControlDeregisterDevice = 2, + PlugPlayControlInitializeDevice = 3, + PlugPlayControlStartDevice = 4, + PlugPlayControlUnlockDevice = 5, + PlugPlayControlQueryAndRemoveDevice = 6, + PlugPlayControlUserResponse = 7, + PlugPlayControlGenerateLegacyDevice = 8, + PlugPlayControlGetInterfaceDeviceList = 9, + PlugPlayControlProperty = 10, + PlugPlayControlDeviceClassAssociation = 11, + PlugPlayControlGetRelatedDevice = 12, + PlugPlayControlGetInterfaceDeviceAlias = 13, + PlugPlayControlDeviceStatus = 14, + PlugPlayControlGetDeviceDepth = 15, + PlugPlayControlQueryDeviceRelations = 16, + PlugPlayControlTargetDeviceRelation = 17, + PlugPlayControlQueryConflictList = 18, + PlugPlayControlRetrieveDock = 19, + PlugPlayControlResetDevice = 20, + PlugPlayControlHaltDevice = 21, + PlugPlayControlGetBlockedDriverList = 22, + PlugPlayControlGetDeviceInterfaceEnabled = 23, + MaxPlugPlayControl = 24, +} +pub use self::_PLUGPLAY_CONTROL_CLASS as PLUGPLAY_CONTROL_CLASS; +pub type PPLUGPLAY_CONTROL_CLASS = *mut _PLUGPLAY_CONTROL_CLASS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DEVICE_RELATION_TYPE { + BusRelations = 0, + EjectionRelations = 1, + PowerRelations = 2, + RemovalRelations = 3, + TargetDeviceRelation = 4, + SingleBusRelations = 5, + TransportRelations = 6, +} +pub use self::_DEVICE_RELATION_TYPE as DEVICE_RELATION_TYPE; +pub type PDEVICE_RELATION_TYPE = *mut _DEVICE_RELATION_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _BUS_QUERY_ID_TYPE { + BusQueryDeviceID = 0, + BusQueryHardwareIDs = 1, + BusQueryCompatibleIDs = 2, + BusQueryInstanceID = 3, + BusQueryDeviceSerialNumber = 4, + BusQueryContainerID = 5, +} +pub use self::_BUS_QUERY_ID_TYPE as BUS_QUERY_ID_TYPE; +pub type PBUS_QUERY_ID_TYPE = *mut _BUS_QUERY_ID_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DEVICE_TEXT_TYPE { + DeviceTextDescription = 0, + DeviceTextLocationInformation = 1, +} +pub use self::_DEVICE_TEXT_TYPE as DEVICE_TEXT_TYPE; +pub type PDEVICE_TEXT_TYPE = *mut _DEVICE_TEXT_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DEVICE_USAGE_NOTIFICATION_TYPE { + DeviceUsageTypeUndefined = 0, + DeviceUsageTypePaging = 1, + DeviceUsageTypeHibernation = 2, + DeviceUsageTypeDumpFile = 3, + DeviceUsageTypeBoot = 4, + DeviceUsageTypePostDisplay = 5, + DeviceUsageTypeGuestAssigned = 6, +} +pub use self::_DEVICE_USAGE_NOTIFICATION_TYPE as DEVICE_USAGE_NOTIFICATION_TYPE; +pub type PDEVICE_USAGE_NOTIFICATION_TYPE = *mut _DEVICE_USAGE_NOTIFICATION_TYPE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESSOR_POWER_INFORMATION { + pub Number: ULONG, + pub MaxMhz: ULONG, + pub CurrentMhz: ULONG, + pub MhzLimit: ULONG, + pub MaxIdleState: ULONG, + pub CurrentIdleState: ULONG, +} +pub type PROCESSOR_POWER_INFORMATION = _PROCESSOR_POWER_INFORMATION; +pub type PPROCESSOR_POWER_INFORMATION = *mut _PROCESSOR_POWER_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_POWER_INFORMATION { + pub MaxIdlenessAllowed: ULONG, + pub Idleness: ULONG, + pub TimeRemaining: ULONG, + pub CoolingMode: UCHAR, +} +pub type SYSTEM_POWER_INFORMATION = _SYSTEM_POWER_INFORMATION; +pub type PSYSTEM_POWER_INFORMATION = *mut _SYSTEM_POWER_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_HIBERFILE_INFORMATION { + pub NumberOfMcbPairs: ULONG, + pub Mcb: [LARGE_INTEGER; 1usize], +} +impl Default for _SYSTEM_HIBERFILE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_HIBERFILE_INFORMATION = _SYSTEM_HIBERFILE_INFORMATION; +pub type PSYSTEM_HIBERFILE_INFORMATION = *mut _SYSTEM_HIBERFILE_INFORMATION; +#[repr(C)] +pub struct _COUNTED_REASON_CONTEXT { + pub Version: ULONG, + pub Flags: ULONG, + pub __bindgen_anon_1: _COUNTED_REASON_CONTEXT__bindgen_ty_1, +} +#[repr(C)] +pub union _COUNTED_REASON_CONTEXT__bindgen_ty_1 { + pub __bindgen_anon_1: + ::core::mem::ManuallyDrop<_COUNTED_REASON_CONTEXT__bindgen_ty_1__bindgen_ty_1>, + pub SimpleString: ::core::mem::ManuallyDrop, +} +#[repr(C)] +pub struct _COUNTED_REASON_CONTEXT__bindgen_ty_1__bindgen_ty_1 { + pub ResourceFileName: UNICODE_STRING, + pub ResourceReasonId: USHORT, + pub StringCount: ULONG, + pub ReasonStrings: PUNICODE_STRING, +} +impl Default for _COUNTED_REASON_CONTEXT__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _COUNTED_REASON_CONTEXT__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _COUNTED_REASON_CONTEXT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type COUNTED_REASON_CONTEXT = _COUNTED_REASON_CONTEXT; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _POWER_REQUEST_TYPE_INTERNAL { + PowerRequestDisplayRequiredInternal = 0, + PowerRequestSystemRequiredInternal = 1, + PowerRequestAwayModeRequiredInternal = 2, + PowerRequestExecutionRequiredInternal = 3, + PowerRequestPerfBoostRequiredInternal = 4, + PowerRequestActiveLockScreenInternal = 5, + PowerRequestInternalInvalid = 6, + PowerRequestInternalUnknown = 7, + PowerRequestFullScreenVideoRequired = 8, +} +pub use self::_POWER_REQUEST_TYPE_INTERNAL as POWER_REQUEST_TYPE_INTERNAL; +#[repr(C)] +pub struct _POWER_REQUEST_ACTION { + pub PowerRequestHandle: HANDLE, + pub RequestType: POWER_REQUEST_TYPE_INTERNAL, + pub SetAction: BOOLEAN, + pub ProcessHandle: HANDLE, +} +impl Default for _POWER_REQUEST_ACTION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_REQUEST_ACTION = _POWER_REQUEST_ACTION; +pub type PPOWER_REQUEST_ACTION = *mut _POWER_REQUEST_ACTION; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _POWER_STATE { + pub SystemState: SYSTEM_POWER_STATE, + pub DeviceState: DEVICE_POWER_STATE, +} +impl Default for _POWER_STATE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_STATE = _POWER_STATE; +pub type PPOWER_STATE = *mut _POWER_STATE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _POWER_STATE_TYPE { + SystemPowerState = 0, + DevicePowerState = 1, +} +pub use self::_POWER_STATE_TYPE as POWER_STATE_TYPE; +pub type PPOWER_STATE_TYPE = *mut _POWER_STATE_TYPE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SYSTEM_POWER_STATE_CONTEXT { + pub __bindgen_anon_1: _SYSTEM_POWER_STATE_CONTEXT__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SYSTEM_POWER_STATE_CONTEXT__bindgen_ty_1 { + pub __bindgen_anon_1: _SYSTEM_POWER_STATE_CONTEXT__bindgen_ty_1__bindgen_ty_1, + pub ContextAsUlong: ULONG, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SYSTEM_POWER_STATE_CONTEXT__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _SYSTEM_POWER_STATE_CONTEXT__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn Reserved1(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_Reserved1(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn TargetSystemState(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 4u8) as u32) } + } + #[inline] + pub fn set_TargetSystemState(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 4u8, val as u64) + } + } + #[inline] + pub fn EffectiveSystemState(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 4u8) as u32) } + } + #[inline] + pub fn set_EffectiveSystemState(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 4u8, val as u64) + } + } + #[inline] + pub fn CurrentSystemState(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 4u8) as u32) } + } + #[inline] + pub fn set_CurrentSystemState(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 4u8, val as u64) + } + } + #[inline] + pub fn IgnoreHibernationPath(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(20usize, 1u8) as u32) } + } + #[inline] + pub fn set_IgnoreHibernationPath(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(20usize, 1u8, val as u64) + } + } + #[inline] + pub fn PseudoTransition(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(21usize, 1u8) as u32) } + } + #[inline] + pub fn set_PseudoTransition(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(21usize, 1u8, val as u64) + } + } + #[inline] + pub fn KernelSoftReboot(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(22usize, 1u8) as u32) } + } + #[inline] + pub fn set_KernelSoftReboot(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(22usize, 1u8, val as u64) + } + } + #[inline] + pub fn DirectedDripsTransition(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(23usize, 1u8) as u32) } + } + #[inline] + pub fn set_DirectedDripsTransition(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(23usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved2(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(24usize, 8u8) as u32) } + } + #[inline] + pub fn set_Reserved2(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(24usize, 8u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Reserved1: ULONG, + TargetSystemState: ULONG, + EffectiveSystemState: ULONG, + CurrentSystemState: ULONG, + IgnoreHibernationPath: ULONG, + PseudoTransition: ULONG, + KernelSoftReboot: ULONG, + DirectedDripsTransition: ULONG, + Reserved2: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Reserved1: u32 = unsafe { ::core::mem::transmute(Reserved1) }; + Reserved1 as u64 + }); + __bindgen_bitfield_unit.set(8usize, 4u8, { + let TargetSystemState: u32 = unsafe { ::core::mem::transmute(TargetSystemState) }; + TargetSystemState as u64 + }); + __bindgen_bitfield_unit.set(12usize, 4u8, { + let EffectiveSystemState: u32 = unsafe { ::core::mem::transmute(EffectiveSystemState) }; + EffectiveSystemState as u64 + }); + __bindgen_bitfield_unit.set(16usize, 4u8, { + let CurrentSystemState: u32 = unsafe { ::core::mem::transmute(CurrentSystemState) }; + CurrentSystemState as u64 + }); + __bindgen_bitfield_unit.set(20usize, 1u8, { + let IgnoreHibernationPath: u32 = unsafe { ::core::mem::transmute(IgnoreHibernationPath) }; + IgnoreHibernationPath as u64 + }); + __bindgen_bitfield_unit.set(21usize, 1u8, { + let PseudoTransition: u32 = unsafe { ::core::mem::transmute(PseudoTransition) }; + PseudoTransition as u64 + }); + __bindgen_bitfield_unit.set(22usize, 1u8, { + let KernelSoftReboot: u32 = unsafe { ::core::mem::transmute(KernelSoftReboot) }; + KernelSoftReboot as u64 + }); + __bindgen_bitfield_unit.set(23usize, 1u8, { + let DirectedDripsTransition: u32 = + unsafe { ::core::mem::transmute(DirectedDripsTransition) }; + DirectedDripsTransition as u64 + }); + __bindgen_bitfield_unit.set(24usize, 8u8, { + let Reserved2: u32 = unsafe { ::core::mem::transmute(Reserved2) }; + Reserved2 as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _SYSTEM_POWER_STATE_CONTEXT__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _SYSTEM_POWER_STATE_CONTEXT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SYSTEM_POWER_STATE_CONTEXT = _SYSTEM_POWER_STATE_CONTEXT; +pub type PSYSTEM_POWER_STATE_CONTEXT = *mut _SYSTEM_POWER_STATE_CONTEXT; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _REQUESTER_TYPE { + KernelRequester = 0, + UserProcessRequester = 1, + UserSharedServiceRequester = 2, +} +pub use self::_REQUESTER_TYPE as REQUESTER_TYPE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _COUNTED_REASON_CONTEXT_RELATIVE { + pub Flags: ULONG, + pub __bindgen_anon_1: _COUNTED_REASON_CONTEXT_RELATIVE__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _COUNTED_REASON_CONTEXT_RELATIVE__bindgen_ty_1 { + pub __bindgen_anon_1: _COUNTED_REASON_CONTEXT_RELATIVE__bindgen_ty_1__bindgen_ty_1, + pub SimpleStringOffset: SIZE_T, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _COUNTED_REASON_CONTEXT_RELATIVE__bindgen_ty_1__bindgen_ty_1 { + pub ResourceFileNameOffset: SIZE_T, + pub ResourceReasonId: USHORT, + pub StringCount: ULONG, + pub SubstitutionStringsOffset: SIZE_T, +} +impl Default for _COUNTED_REASON_CONTEXT_RELATIVE__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _COUNTED_REASON_CONTEXT_RELATIVE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type COUNTED_REASON_CONTEXT_RELATIVE = _COUNTED_REASON_CONTEXT_RELATIVE; +pub type PCOUNTED_REASON_CONTEXT_RELATIVE = *mut _COUNTED_REASON_CONTEXT_RELATIVE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _DIAGNOSTIC_BUFFER { + pub Size: SIZE_T, + pub CallerType: REQUESTER_TYPE, + pub __bindgen_anon_1: _DIAGNOSTIC_BUFFER__bindgen_ty_1, + pub ReasonOffset: SIZE_T, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _DIAGNOSTIC_BUFFER__bindgen_ty_1 { + pub __bindgen_anon_1: _DIAGNOSTIC_BUFFER__bindgen_ty_1__bindgen_ty_1, + pub __bindgen_anon_2: _DIAGNOSTIC_BUFFER__bindgen_ty_1__bindgen_ty_2, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _DIAGNOSTIC_BUFFER__bindgen_ty_1__bindgen_ty_1 { + pub ProcessImageNameOffset: SIZE_T, + pub ProcessId: ULONG, + pub ServiceTag: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _DIAGNOSTIC_BUFFER__bindgen_ty_1__bindgen_ty_2 { + pub DeviceDescriptionOffset: SIZE_T, + pub DevicePathOffset: SIZE_T, +} +impl Default for _DIAGNOSTIC_BUFFER__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _DIAGNOSTIC_BUFFER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DIAGNOSTIC_BUFFER = _DIAGNOSTIC_BUFFER; +pub type PDIAGNOSTIC_BUFFER = *mut _DIAGNOSTIC_BUFFER; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _WAKE_TIMER_INFO { + pub OffsetToNext: SIZE_T, + pub DueTime: ULARGE_INTEGER, + pub Period: ULONG, + pub ReasonContext: DIAGNOSTIC_BUFFER, +} +impl Default for _WAKE_TIMER_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type WAKE_TIMER_INFO = _WAKE_TIMER_INFO; +pub type PWAKE_TIMER_INFO = *mut _WAKE_TIMER_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESSOR_PERF_CAP_HV { + pub Version: ULONG, + pub InitialApicId: ULONG, + pub Ppc: ULONG, + pub Tpc: ULONG, + pub ThermalCap: ULONG, +} +pub type PROCESSOR_PERF_CAP_HV = _PROCESSOR_PERF_CAP_HV; +pub type PPROCESSOR_PERF_CAP_HV = *mut _PROCESSOR_PERF_CAP_HV; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct PROCESSOR_IDLE_TIMES { + pub StartTime: ULONG64, + pub EndTime: ULONG64, + pub Reserved: [ULONG; 4usize], +} +pub type PPROCESSOR_IDLE_TIMES = *mut PROCESSOR_IDLE_TIMES; +pub type PROCESSOR_IDLE_HANDLER = ::core::option::Option< + unsafe extern "C" fn(Context: ULONG_PTR, IdleTimes: PPROCESSOR_IDLE_TIMES) -> NTSTATUS, +>; +pub type PPROCESSOR_IDLE_HANDLER = PROCESSOR_IDLE_HANDLER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESSOR_IDLE_STATE { + pub StateType: UCHAR, + pub StateFlags: ULONG, + pub HardwareLatency: ULONG, + pub Power: ULONG, + pub Context: ULONG_PTR, + pub Handler: PPROCESSOR_IDLE_HANDLER, +} +pub type PROCESSOR_IDLE_STATE = _PROCESSOR_IDLE_STATE; +pub type PPROCESSOR_IDLE_STATE = *mut _PROCESSOR_IDLE_STATE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESSOR_IDLE_STATES { + pub Size: ULONG, + pub Revision: ULONG, + pub Count: ULONG, + pub Type: ULONG, + pub TargetProcessors: KAFFINITY, + pub State: [PROCESSOR_IDLE_STATE; 1usize], +} +pub type PROCESSOR_IDLE_STATES = _PROCESSOR_IDLE_STATES; +pub type PPROCESSOR_IDLE_STATES = *mut _PROCESSOR_IDLE_STATES; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESSOR_LOAD { + pub ProcessorNumber: PROCESSOR_NUMBER, + pub BusyPercentage: UCHAR, + pub FrequencyPercentage: UCHAR, + pub Padding: USHORT, +} +pub type PROCESSOR_LOAD = _PROCESSOR_LOAD; +pub type PPROCESSOR_LOAD = *mut _PROCESSOR_LOAD; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESSOR_CAP { + pub Version: ULONG, + pub ProcessorNumber: PROCESSOR_NUMBER, + pub PlatformCap: ULONG, + pub ThermalCap: ULONG, + pub LimitReasons: ULONG, +} +pub type PROCESSOR_CAP = _PROCESSOR_CAP; +pub type PPROCESSOR_CAP = *mut _PROCESSOR_CAP; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PO_WAKE_SOURCE_INFO { + pub Count: ULONG, + pub Offsets: [ULONG; 1usize], +} +pub type PO_WAKE_SOURCE_INFO = _PO_WAKE_SOURCE_INFO; +pub type PPO_WAKE_SOURCE_INFO = *mut _PO_WAKE_SOURCE_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PO_WAKE_SOURCE_HISTORY { + pub Count: ULONG, + pub Offsets: [ULONG; 1usize], +} +pub type PO_WAKE_SOURCE_HISTORY = _PO_WAKE_SOURCE_HISTORY; +pub type PPO_WAKE_SOURCE_HISTORY = *mut _PO_WAKE_SOURCE_HISTORY; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PO_WAKE_SOURCE_TYPE { + DeviceWakeSourceType = 0, + FixedWakeSourceType = 1, + TimerWakeSourceType = 2, + TimerPresumedWakeSourceType = 3, + InternalWakeSourceType = 4, +} +pub use self::_PO_WAKE_SOURCE_TYPE as PO_WAKE_SOURCE_TYPE; +pub type PPO_WAKE_SOURCE_TYPE = *mut _PO_WAKE_SOURCE_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PO_INTERNAL_WAKE_SOURCE_TYPE { + InternalWakeSourceDozeToHibernate = 0, + InternalWakeSourcePredictedUserPresence = 1, +} +pub use self::_PO_INTERNAL_WAKE_SOURCE_TYPE as PO_INTERNAL_WAKE_SOURCE_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PO_FIXED_WAKE_SOURCE_TYPE { + FixedWakeSourcePowerButton = 0, + FixedWakeSourceSleepButton = 1, + FixedWakeSourceRtc = 2, + FixedWakeSourceDozeToHibernate = 3, +} +pub use self::_PO_FIXED_WAKE_SOURCE_TYPE as PO_FIXED_WAKE_SOURCE_TYPE; +pub type PPO_FIXED_WAKE_SOURCE_TYPE = *mut _PO_FIXED_WAKE_SOURCE_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PO_WAKE_SOURCE_HEADER { + pub Type: PO_WAKE_SOURCE_TYPE, + pub Size: ULONG, +} +impl Default for _PO_WAKE_SOURCE_HEADER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PO_WAKE_SOURCE_HEADER = _PO_WAKE_SOURCE_HEADER; +pub type PPO_WAKE_SOURCE_HEADER = *mut _PO_WAKE_SOURCE_HEADER; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PO_WAKE_SOURCE_DEVICE { + pub Header: PO_WAKE_SOURCE_HEADER, + pub InstancePath: [WCHAR; 1usize], +} +impl Default for _PO_WAKE_SOURCE_DEVICE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PO_WAKE_SOURCE_DEVICE = _PO_WAKE_SOURCE_DEVICE; +pub type PPO_WAKE_SOURCE_DEVICE = *mut _PO_WAKE_SOURCE_DEVICE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PO_WAKE_SOURCE_FIXED { + pub Header: PO_WAKE_SOURCE_HEADER, + pub FixedWakeSourceType: PO_FIXED_WAKE_SOURCE_TYPE, +} +impl Default for _PO_WAKE_SOURCE_FIXED { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PO_WAKE_SOURCE_FIXED = _PO_WAKE_SOURCE_FIXED; +pub type PPO_WAKE_SOURCE_FIXED = *mut _PO_WAKE_SOURCE_FIXED; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PO_WAKE_SOURCE_INTERNAL { + pub Header: PO_WAKE_SOURCE_HEADER, + pub InternalWakeSourceType: PO_INTERNAL_WAKE_SOURCE_TYPE, +} +impl Default for _PO_WAKE_SOURCE_INTERNAL { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PO_WAKE_SOURCE_INTERNAL = _PO_WAKE_SOURCE_INTERNAL; +pub type PPO_WAKE_SOURCE_INTERNAL = *mut _PO_WAKE_SOURCE_INTERNAL; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _PO_WAKE_SOURCE_TIMER { + pub Header: PO_WAKE_SOURCE_HEADER, + pub Reason: DIAGNOSTIC_BUFFER, +} +impl Default for _PO_WAKE_SOURCE_TIMER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PO_WAKE_SOURCE_TIMER = _PO_WAKE_SOURCE_TIMER; +pub type PPO_WAKE_SOURCE_TIMER = *mut _PO_WAKE_SOURCE_TIMER; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _POWER_REQUEST { + pub __bindgen_anon_1: _POWER_REQUEST__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _POWER_REQUEST__bindgen_ty_1 { + pub V1: _POWER_REQUEST__bindgen_ty_1__bindgen_ty_1, + pub V2: _POWER_REQUEST__bindgen_ty_1__bindgen_ty_2, + pub V3: _POWER_REQUEST__bindgen_ty_1__bindgen_ty_3, + pub V4: _POWER_REQUEST__bindgen_ty_1__bindgen_ty_4, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _POWER_REQUEST__bindgen_ty_1__bindgen_ty_1 { + pub SupportedRequestMask: ULONG, + pub PowerRequestCount: [ULONG; 3usize], + pub DiagnosticBuffer: DIAGNOSTIC_BUFFER, +} +impl Default for _POWER_REQUEST__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _POWER_REQUEST__bindgen_ty_1__bindgen_ty_2 { + pub SupportedRequestMask: ULONG, + pub PowerRequestCount: [ULONG; 9usize], + pub DiagnosticBuffer: DIAGNOSTIC_BUFFER, +} +impl Default for _POWER_REQUEST__bindgen_ty_1__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _POWER_REQUEST__bindgen_ty_1__bindgen_ty_3 { + pub SupportedRequestMask: ULONG, + pub PowerRequestCount: [ULONG; 5usize], + pub DiagnosticBuffer: DIAGNOSTIC_BUFFER, +} +impl Default for _POWER_REQUEST__bindgen_ty_1__bindgen_ty_3 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _POWER_REQUEST__bindgen_ty_1__bindgen_ty_4 { + pub SupportedRequestMask: ULONG, + pub PowerRequestCount: [ULONG; 6usize], + pub DiagnosticBuffer: DIAGNOSTIC_BUFFER, +} +impl Default for _POWER_REQUEST__bindgen_ty_1__bindgen_ty_4 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _POWER_REQUEST__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _POWER_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_REQUEST = _POWER_REQUEST; +pub type PPOWER_REQUEST = *mut _POWER_REQUEST; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _POWER_REQUEST_LIST { + pub Count: ULONG_PTR, + pub PowerRequestOffsets: [ULONG_PTR; 1usize], +} +pub type POWER_REQUEST_LIST = _POWER_REQUEST_LIST; +pub type PPOWER_REQUEST_LIST = *mut _POWER_REQUEST_LIST; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _POWER_STATE_HANDLER_TYPE { + PowerStateSleeping1 = 0, + PowerStateSleeping2 = 1, + PowerStateSleeping3 = 2, + PowerStateSleeping4 = 3, + PowerStateShutdownOff = 4, + PowerStateShutdownReset = 5, + PowerStateSleeping4Firmware = 6, + PowerStateMaximum = 7, +} +pub use self::_POWER_STATE_HANDLER_TYPE as POWER_STATE_HANDLER_TYPE; +pub type PPOWER_STATE_HANDLER_TYPE = *mut _POWER_STATE_HANDLER_TYPE; +pub type PENTER_STATE_SYSTEM_HANDLER = + ::core::option::Option NTSTATUS>; +pub type PENTER_STATE_HANDLER = ::core::option::Option< + unsafe extern "C" fn( + Context: PVOID, + SystemHandler: PENTER_STATE_SYSTEM_HANDLER, + SystemContext: PVOID, + NumberProcessors: LONG, + Number: *mut LONG, + ) -> NTSTATUS, +>; +#[repr(C)] +pub struct _POWER_STATE_HANDLER { + pub Type: POWER_STATE_HANDLER_TYPE, + pub RtcWake: BOOLEAN, + pub Spare: [UCHAR; 3usize], + pub Handler: PENTER_STATE_HANDLER, + pub Context: PVOID, +} +impl Default for _POWER_STATE_HANDLER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_STATE_HANDLER = _POWER_STATE_HANDLER; +pub type PPOWER_STATE_HANDLER = *mut _POWER_STATE_HANDLER; +pub type PENTER_STATE_NOTIFY_HANDLER = ::core::option::Option< + unsafe extern "C" fn( + State: POWER_STATE_HANDLER_TYPE, + Context: PVOID, + Entering: BOOLEAN, + ) -> NTSTATUS, +>; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _POWER_STATE_NOTIFY_HANDLER { + pub Handler: PENTER_STATE_NOTIFY_HANDLER, + pub Context: PVOID, +} +impl Default for _POWER_STATE_NOTIFY_HANDLER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_STATE_NOTIFY_HANDLER = _POWER_STATE_NOTIFY_HANDLER; +pub type PPOWER_STATE_NOTIFY_HANDLER = *mut _POWER_STATE_NOTIFY_HANDLER; +#[repr(C)] +pub struct _POWER_REQUEST_ACTION_INTERNAL { + pub PowerRequestPointer: PVOID, + pub RequestType: POWER_REQUEST_TYPE_INTERNAL, + pub SetAction: BOOLEAN, +} +impl Default for _POWER_REQUEST_ACTION_INTERNAL { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_REQUEST_ACTION_INTERNAL = _POWER_REQUEST_ACTION_INTERNAL; +pub type PPOWER_REQUEST_ACTION_INTERNAL = *mut _POWER_REQUEST_ACTION_INTERNAL; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _POWER_INFORMATION_LEVEL_INTERNAL { + PowerInternalAcpiInterfaceRegister = 0, + PowerInternalS0LowPowerIdleInfo = 1, + PowerInternalReapplyBrightnessSettings = 2, + PowerInternalUserAbsencePrediction = 3, + PowerInternalUserAbsencePredictionCapability = 4, + PowerInternalPoProcessorLatencyHint = 5, + PowerInternalStandbyNetworkRequest = 6, + PowerInternalDirtyTransitionInformation = 7, + PowerInternalSetBackgroundTaskState = 8, + PowerInternalTtmOpenTerminal = 9, + PowerInternalTtmCreateTerminal = 10, + PowerInternalTtmEvacuateDevices = 11, + PowerInternalTtmCreateTerminalEventQueue = 12, + PowerInternalTtmGetTerminalEvent = 13, + PowerInternalTtmSetDefaultDeviceAssignment = 14, + PowerInternalTtmAssignDevice = 15, + PowerInternalTtmSetDisplayState = 16, + PowerInternalTtmSetDisplayTimeouts = 17, + PowerInternalBootSessionStandbyActivationInformation = 18, + PowerInternalSessionPowerState = 19, + PowerInternalSessionTerminalInput = 20, + PowerInternalSetWatchdog = 21, + PowerInternalPhysicalPowerButtonPressInfoAtBoot = 22, + PowerInternalExternalMonitorConnected = 23, + PowerInternalHighPrecisionBrightnessSettings = 24, + PowerInternalWinrtScreenToggle = 25, + PowerInternalPpmQosDisable = 26, + PowerInternalTransitionCheckpoint = 27, + PowerInternalInputControllerState = 28, + PowerInternalFirmwareResetReason = 29, + PowerInternalPpmSchedulerQosSupport = 30, + PowerInternalBootStatGet = 31, + PowerInternalBootStatSet = 32, + PowerInternalCallHasNotReturnedWatchdog = 33, + PowerInternalBootStatCheckIntegrity = 34, + PowerInternalBootStatRestoreDefaults = 35, + PowerInternalHostEsStateUpdate = 36, + PowerInternalGetPowerActionState = 37, + PowerInternalBootStatUnlock = 38, + PowerInternalWakeOnVoiceState = 39, + PowerInternalDeepSleepBlock = 40, + PowerInternalIsPoFxDevice = 41, + PowerInternalPowerTransitionExtensionAtBoot = 42, + PowerInternalProcessorBrandedFrequency = 43, + PowerInternalTimeBrokerExpirationReason = 44, + PowerInternalNotifyUserShutdownStatus = 45, + PowerInternalPowerRequestTerminalCoreWindow = 46, + PowerInternalProcessorIdleVeto = 47, + PowerInternalPlatformIdleVeto = 48, + PowerInternalIsLongPowerButtonBugcheckEnabled = 49, + PowerInternalAutoChkCausedReboot = 50, + PowerInternalSetWakeAlarmOverride = 51, + PowerInternalDirectedFxAddTestDevice = 53, + PowerInternalDirectedFxRemoveTestDevice = 54, + PowerInternalDirectedFxSetMode = 56, + PowerInternalRegisterPowerPlane = 57, + PowerInternalSetDirectedDripsFlags = 58, + PowerInternalClearDirectedDripsFlags = 59, + PowerInternalRetrieveHiberFileResumeContext = 60, + PowerInternalReadHiberFilePage = 61, + PowerInternalLastBootSucceeded = 62, + PowerInternalQuerySleepStudyHelperRoutineBlock = 63, + PowerInternalDirectedDripsQueryCapabilities = 64, + PowerInternalClearConstraints = 65, + PowerInternalSoftParkVelocityEnabled = 66, + PowerInternalQueryIntelPepCapabilities = 67, + PowerInternalGetSystemIdleLoopEnablement = 68, + PowerInternalGetVmPerfControlSupport = 69, + PowerInternalGetVmPerfControlConfig = 70, + PowerInternalSleepDetailedDiagUpdate = 71, + PowerInternalProcessorClassFrequencyBandsStats = 72, + PowerInternalHostGlobalUserPresenceStateUpdate = 73, + PowerInternalCpuNodeIdleIntervalStats = 74, + PowerInternalClassIdleIntervalStats = 75, + PowerInternalCpuNodeConcurrencyStats = 76, + PowerInternalClassConcurrencyStats = 77, + PowerInternalQueryProcMeasurementCapabilities = 78, + PowerInternalQueryProcMeasurementValues = 79, + PowerInternalPrepareForSystemInitiatedReboot = 80, + PowerInternalGetAdaptiveSessionState = 81, + PowerInternalSetConsoleLockedState = 82, + PowerInternalOverrideSystemInitiatedRebootState = 83, + PowerInternalFanImpactStats = 84, + PowerInternalFanRpmBuckets = 85, + PowerInternalPowerBootAppDiagInfo = 86, + PowerInternalUnregisterShutdownNotification = 87, + PowerInternalManageTransitionStateRecord = 88, + PowerInternalGetAcpiTimeAndAlarmCapabilities = 89, + PowerInternalSuspendResumeRequest = 90, + PowerInternalEnergyEstimationInfo = 91, + PowerInformationInternalMaximum = 92, +} +pub use self::_POWER_INFORMATION_LEVEL_INTERNAL as POWER_INFORMATION_LEVEL_INTERNAL; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _POWER_S0_DISCONNECTED_REASON { + PoS0DisconnectedReasonNone = 0, + PoS0DisconnectedReasonNonCompliantNic = 1, + PoS0DisconnectedReasonSettingPolicy = 2, + PoS0DisconnectedReasonEnforceDsPolicy = 3, + PoS0DisconnectedReasonCsChecksFailed = 4, + PoS0DisconnectedReasonSmartStandby = 5, + PoS0DisconnectedReasonMaximum = 6, +} +pub use self::_POWER_S0_DISCONNECTED_REASON as POWER_S0_DISCONNECTED_REASON; +#[repr(C)] +pub struct _POWER_S0_LOW_POWER_IDLE_INFO { + pub DisconnectedReason: POWER_S0_DISCONNECTED_REASON, + pub CsDeviceCompliance: _POWER_S0_LOW_POWER_IDLE_INFO__bindgen_ty_1, + pub Policy: _POWER_S0_LOW_POWER_IDLE_INFO__bindgen_ty_2, +} +#[repr(C)] +pub union _POWER_S0_LOW_POWER_IDLE_INFO__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, + pub AsUCHAR: UCHAR, +} +impl Default for _POWER_S0_LOW_POWER_IDLE_INFO__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _POWER_S0_LOW_POWER_IDLE_INFO__bindgen_ty_1 { + #[inline] + pub fn Storage(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } + } + #[inline] + pub fn set_Storage(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn WiFi(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u8) } + } + #[inline] + pub fn set_WiFi(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn Mbn(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u8) } + } + #[inline] + pub fn set_Mbn(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn Ethernet(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u8) } + } + #[inline] + pub fn set_Ethernet(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 4u8) as u8) } + } + #[inline] + pub fn set_Reserved(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 4u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Storage: BOOLEAN, + WiFi: BOOLEAN, + Mbn: BOOLEAN, + Ethernet: BOOLEAN, + Reserved: BOOLEAN, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let Storage: u8 = unsafe { ::core::mem::transmute(Storage) }; + Storage as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let WiFi: u8 = unsafe { ::core::mem::transmute(WiFi) }; + WiFi as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let Mbn: u8 = unsafe { ::core::mem::transmute(Mbn) }; + Mbn as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let Ethernet: u8 = unsafe { ::core::mem::transmute(Ethernet) }; + Ethernet as u64 + }); + __bindgen_bitfield_unit.set(4usize, 4u8, { + let Reserved: u8 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +#[repr(C)] +pub union _POWER_S0_LOW_POWER_IDLE_INFO__bindgen_ty_2 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, + pub AsUCHAR: UCHAR, +} +impl Default for _POWER_S0_LOW_POWER_IDLE_INFO__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _POWER_S0_LOW_POWER_IDLE_INFO__bindgen_ty_2 { + #[inline] + pub fn DisconnectInStandby(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } + } + #[inline] + pub fn set_DisconnectInStandby(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnforceDs(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u8) } + } + #[inline] + pub fn set_EnforceDs(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 6u8) as u8) } + } + #[inline] + pub fn set_Reserved(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 6u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + DisconnectInStandby: BOOLEAN, + EnforceDs: BOOLEAN, + Reserved: BOOLEAN, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let DisconnectInStandby: u8 = unsafe { ::core::mem::transmute(DisconnectInStandby) }; + DisconnectInStandby as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let EnforceDs: u8 = unsafe { ::core::mem::transmute(EnforceDs) }; + EnforceDs as u64 + }); + __bindgen_bitfield_unit.set(2usize, 6u8, { + let Reserved: u8 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _POWER_S0_LOW_POWER_IDLE_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_S0_LOW_POWER_IDLE_INFO = _POWER_S0_LOW_POWER_IDLE_INFO; +pub type PPOWER_S0_LOW_POWER_IDLE_INFO = *mut _POWER_S0_LOW_POWER_IDLE_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _POWER_INFORMATION_INTERNAL_HEADER { + pub InternalType: POWER_INFORMATION_LEVEL_INTERNAL, + pub Version: ULONG, +} +impl Default for _POWER_INFORMATION_INTERNAL_HEADER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_INFORMATION_INTERNAL_HEADER = _POWER_INFORMATION_INTERNAL_HEADER; +pub type PPOWER_INFORMATION_INTERNAL_HEADER = *mut _POWER_INFORMATION_INTERNAL_HEADER; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _POWER_USER_ABSENCE_PREDICTION { + pub Header: POWER_INFORMATION_INTERNAL_HEADER, + pub ReturnTime: LARGE_INTEGER, +} +impl Default for _POWER_USER_ABSENCE_PREDICTION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_USER_ABSENCE_PREDICTION = _POWER_USER_ABSENCE_PREDICTION; +pub type PPOWER_USER_ABSENCE_PREDICTION = *mut _POWER_USER_ABSENCE_PREDICTION; +#[repr(C)] +pub struct _POWER_USER_ABSENCE_PREDICTION_CAPABILITY { + pub AbsencePredictionCapability: BOOLEAN, +} +impl Default for _POWER_USER_ABSENCE_PREDICTION_CAPABILITY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_USER_ABSENCE_PREDICTION_CAPABILITY = _POWER_USER_ABSENCE_PREDICTION_CAPABILITY; +pub type PPOWER_USER_ABSENCE_PREDICTION_CAPABILITY = *mut _POWER_USER_ABSENCE_PREDICTION_CAPABILITY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _POWER_PROCESSOR_LATENCY_HINT { + pub PowerInformationInternalHeader: POWER_INFORMATION_INTERNAL_HEADER, + pub Type: ULONG, +} +impl Default for _POWER_PROCESSOR_LATENCY_HINT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_PROCESSOR_LATENCY_HINT = _POWER_PROCESSOR_LATENCY_HINT; +pub type PPO_PROCESSOR_LATENCY_HINT = *mut _POWER_PROCESSOR_LATENCY_HINT; +#[repr(C)] +pub struct _POWER_STANDBY_NETWORK_REQUEST { + pub PowerInformationInternalHeader: POWER_INFORMATION_INTERNAL_HEADER, + pub Active: BOOLEAN, +} +impl Default for _POWER_STANDBY_NETWORK_REQUEST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_STANDBY_NETWORK_REQUEST = _POWER_STANDBY_NETWORK_REQUEST; +pub type PPOWER_STANDBY_NETWORK_REQUEST = *mut _POWER_STANDBY_NETWORK_REQUEST; +#[repr(C)] +pub struct _POWER_SET_BACKGROUND_TASK_STATE { + pub PowerInformationInternalHeader: POWER_INFORMATION_INTERNAL_HEADER, + pub Engaged: BOOLEAN, +} +impl Default for _POWER_SET_BACKGROUND_TASK_STATE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_SET_BACKGROUND_TASK_STATE = _POWER_SET_BACKGROUND_TASK_STATE; +pub type PPOWER_SET_BACKGROUND_TASK_STATE = *mut _POWER_SET_BACKGROUND_TASK_STATE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _POWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO { + pub StandbyTotalTime: ULONG, + pub DripsTotalTime: ULONG, + pub ActivatorClientTotalActiveTime: ULONG, + pub PerActivatorClientTotalActiveTime: [ULONG; 98usize], +} +impl Default for _POWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO = _POWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO; +pub type PPOWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO = + *mut _POWER_BOOT_SESSION_STANDBY_ACTIVATION_INFO; +#[repr(C)] +pub struct _POWER_SESSION_POWER_STATE { + pub Header: POWER_INFORMATION_INTERNAL_HEADER, + pub SessionId: ULONG, + pub On: BOOLEAN, + pub IsConsole: BOOLEAN, + pub RequestReason: POWER_MONITOR_REQUEST_REASON, +} +impl Default for _POWER_SESSION_POWER_STATE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_SESSION_POWER_STATE = _POWER_SESSION_POWER_STATE; +pub type PPOWER_SESSION_POWER_STATE = *mut _POWER_SESSION_POWER_STATE; +#[repr(C)] +pub struct _POWER_INTERNAL_PROCESSOR_QOS_SUPPORT { + pub QosSupportedAndConfigured: BOOLEAN, + pub SchedulerDirectedPerfStatesSupported: BOOLEAN, + pub QosGroupPolicyDisable: BOOLEAN, +} +impl Default for _POWER_INTERNAL_PROCESSOR_QOS_SUPPORT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_INTERNAL_PROCESSOR_QOS_SUPPORT = _POWER_INTERNAL_PROCESSOR_QOS_SUPPORT; +pub type PPOWER_INTERNAL_PROCESSOR_QOS_SUPPORT = *mut _POWER_INTERNAL_PROCESSOR_QOS_SUPPORT; +#[repr(C)] +pub struct _POWER_INTERNAL_HOST_ENERGY_SAVER_STATE { + pub Header: POWER_INFORMATION_INTERNAL_HEADER, + pub EsEnabledOnHost: BOOLEAN, +} +impl Default for _POWER_INTERNAL_HOST_ENERGY_SAVER_STATE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_INTERNAL_HOST_ENERGY_SAVER_STATE = _POWER_INTERNAL_HOST_ENERGY_SAVER_STATE; +pub type PPOWER_INTERNAL_HOST_ENERGY_SAVER_STATE = *mut _POWER_INTERNAL_HOST_ENERGY_SAVER_STATE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT { + pub InternalType: POWER_INFORMATION_LEVEL_INTERNAL, + pub ProcessorNumber: PROCESSOR_NUMBER, +} +impl Default for _POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT = + _POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT; +pub type PPOWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT = + *mut _POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_INPUT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_OUTPUT { + pub Version: ULONG, + pub NominalFrequency: ULONG, +} +pub type POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_OUTPUT = + _POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_OUTPUT; +pub type PPOWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_OUTPUT = + *mut _POWER_INTERNAL_PROCESSOR_BRANDED_FREQENCY_OUTPUT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _POWER_INTERNAL_BOOTAPP_DIAGNOSTIC { + pub BootAppErrorDiagCode: ULONG, + pub BootAppFailureStatus: ULONG, +} +pub type POWER_INTERNAL_BOOTAPP_DIAGNOSTIC = _POWER_INTERNAL_BOOTAPP_DIAGNOSTIC; +pub type PPOWER_INTERNAL_BOOTAPP_DIAGNOSTIC = *mut _POWER_INTERNAL_BOOTAPP_DIAGNOSTIC; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _KEY_INFORMATION_CLASS { + KeyBasicInformation = 0, + KeyNodeInformation = 1, + KeyFullInformation = 2, + KeyNameInformation = 3, + KeyCachedInformation = 4, + KeyFlagsInformation = 5, + KeyVirtualizationInformation = 6, + KeyHandleTagsInformation = 7, + KeyTrustInformation = 8, + KeyLayerInformation = 9, + MaxKeyInfoClass = 10, +} +pub use self::_KEY_INFORMATION_CLASS as KEY_INFORMATION_CLASS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _KEY_BASIC_INFORMATION { + pub LastWriteTime: LARGE_INTEGER, + pub TitleIndex: ULONG, + pub NameLength: ULONG, + pub Name: [WCHAR; 1usize], +} +impl Default for _KEY_BASIC_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type KEY_BASIC_INFORMATION = _KEY_BASIC_INFORMATION; +pub type PKEY_BASIC_INFORMATION = *mut _KEY_BASIC_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _KEY_NODE_INFORMATION { + pub LastWriteTime: LARGE_INTEGER, + pub TitleIndex: ULONG, + pub ClassOffset: ULONG, + pub ClassLength: ULONG, + pub NameLength: ULONG, + pub Name: [WCHAR; 1usize], +} +impl Default for _KEY_NODE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type KEY_NODE_INFORMATION = _KEY_NODE_INFORMATION; +pub type PKEY_NODE_INFORMATION = *mut _KEY_NODE_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _KEY_FULL_INFORMATION { + pub LastWriteTime: LARGE_INTEGER, + pub TitleIndex: ULONG, + pub ClassOffset: ULONG, + pub ClassLength: ULONG, + pub SubKeys: ULONG, + pub MaxNameLength: ULONG, + pub MaxClassLength: ULONG, + pub Values: ULONG, + pub MaxValueNameLength: ULONG, + pub MaxValueDataLength: ULONG, + pub Class: [WCHAR; 1usize], +} +impl Default for _KEY_FULL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type KEY_FULL_INFORMATION = _KEY_FULL_INFORMATION; +pub type PKEY_FULL_INFORMATION = *mut _KEY_FULL_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_NAME_INFORMATION { + pub NameLength: ULONG, + pub Name: [WCHAR; 1usize], +} +pub type KEY_NAME_INFORMATION = _KEY_NAME_INFORMATION; +pub type PKEY_NAME_INFORMATION = *mut _KEY_NAME_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _KEY_CACHED_INFORMATION { + pub LastWriteTime: LARGE_INTEGER, + pub TitleIndex: ULONG, + pub SubKeys: ULONG, + pub MaxNameLength: ULONG, + pub Values: ULONG, + pub MaxValueNameLength: ULONG, + pub MaxValueDataLength: ULONG, + pub NameLength: ULONG, + pub Name: [WCHAR; 1usize], +} +impl Default for _KEY_CACHED_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type KEY_CACHED_INFORMATION = _KEY_CACHED_INFORMATION; +pub type PKEY_CACHED_INFORMATION = *mut _KEY_CACHED_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_FLAGS_INFORMATION { + pub Wow64Flags: ULONG, + pub KeyFlags: ULONG, + pub ControlFlags: ULONG, +} +pub type KEY_FLAGS_INFORMATION = _KEY_FLAGS_INFORMATION; +pub type PKEY_FLAGS_INFORMATION = *mut _KEY_FLAGS_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_VIRTUALIZATION_INFORMATION { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _KEY_VIRTUALIZATION_INFORMATION { + #[inline] + pub fn VirtualizationCandidate(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_VirtualizationCandidate(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn VirtualizationEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_VirtualizationEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn VirtualTarget(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_VirtualTarget(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn VirtualStore(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_VirtualStore(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn VirtualSource(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_VirtualSource(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 27u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 27u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + VirtualizationCandidate: ULONG, + VirtualizationEnabled: ULONG, + VirtualTarget: ULONG, + VirtualStore: ULONG, + VirtualSource: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let VirtualizationCandidate: u32 = + unsafe { ::core::mem::transmute(VirtualizationCandidate) }; + VirtualizationCandidate as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let VirtualizationEnabled: u32 = unsafe { ::core::mem::transmute(VirtualizationEnabled) }; + VirtualizationEnabled as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let VirtualTarget: u32 = unsafe { ::core::mem::transmute(VirtualTarget) }; + VirtualTarget as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let VirtualStore: u32 = unsafe { ::core::mem::transmute(VirtualStore) }; + VirtualStore as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let VirtualSource: u32 = unsafe { ::core::mem::transmute(VirtualSource) }; + VirtualSource as u64 + }); + __bindgen_bitfield_unit.set(5usize, 27u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +pub type KEY_VIRTUALIZATION_INFORMATION = _KEY_VIRTUALIZATION_INFORMATION; +pub type PKEY_VIRTUALIZATION_INFORMATION = *mut _KEY_VIRTUALIZATION_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_TRUST_INFORMATION { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _KEY_TRUST_INFORMATION { + #[inline] + pub fn TrustedKey(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_TrustedKey(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + TrustedKey: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let TrustedKey: u32 = unsafe { ::core::mem::transmute(TrustedKey) }; + TrustedKey as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +pub type KEY_TRUST_INFORMATION = _KEY_TRUST_INFORMATION; +pub type PKEY_TRUST_INFORMATION = *mut _KEY_TRUST_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_LAYER_INFORMATION { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _KEY_LAYER_INFORMATION { + #[inline] + pub fn IsTombstone(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsTombstone(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsSupersedeLocal(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsSupersedeLocal(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsSupersedeTree(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsSupersedeTree(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn ClassIsInherited(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_ClassIsInherited(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 28u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 28u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + IsTombstone: ULONG, + IsSupersedeLocal: ULONG, + IsSupersedeTree: ULONG, + ClassIsInherited: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let IsTombstone: u32 = unsafe { ::core::mem::transmute(IsTombstone) }; + IsTombstone as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let IsSupersedeLocal: u32 = unsafe { ::core::mem::transmute(IsSupersedeLocal) }; + IsSupersedeLocal as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let IsSupersedeTree: u32 = unsafe { ::core::mem::transmute(IsSupersedeTree) }; + IsSupersedeTree as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let ClassIsInherited: u32 = unsafe { ::core::mem::transmute(ClassIsInherited) }; + ClassIsInherited as u64 + }); + __bindgen_bitfield_unit.set(4usize, 28u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +pub type KEY_LAYER_INFORMATION = _KEY_LAYER_INFORMATION; +pub type PKEY_LAYER_INFORMATION = *mut _KEY_LAYER_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _KEY_SET_INFORMATION_CLASS { + KeyWriteTimeInformation = 0, + KeyWow64FlagsInformation = 1, + KeyControlFlagsInformation = 2, + KeySetVirtualizationInformation = 3, + KeySetDebugInformation = 4, + KeySetHandleTagsInformation = 5, + KeySetLayerInformation = 6, + MaxKeySetInfoClass = 7, +} +pub use self::_KEY_SET_INFORMATION_CLASS as KEY_SET_INFORMATION_CLASS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _KEY_WRITE_TIME_INFORMATION { + pub LastWriteTime: LARGE_INTEGER, +} +impl Default for _KEY_WRITE_TIME_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type KEY_WRITE_TIME_INFORMATION = _KEY_WRITE_TIME_INFORMATION; +pub type PKEY_WRITE_TIME_INFORMATION = *mut _KEY_WRITE_TIME_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_WOW64_FLAGS_INFORMATION { + pub UserFlags: ULONG, +} +pub type KEY_WOW64_FLAGS_INFORMATION = _KEY_WOW64_FLAGS_INFORMATION; +pub type PKEY_WOW64_FLAGS_INFORMATION = *mut _KEY_WOW64_FLAGS_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_HANDLE_TAGS_INFORMATION { + pub HandleTags: ULONG, +} +pub type KEY_HANDLE_TAGS_INFORMATION = _KEY_HANDLE_TAGS_INFORMATION; +pub type PKEY_HANDLE_TAGS_INFORMATION = *mut _KEY_HANDLE_TAGS_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_SET_LAYER_INFORMATION { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _KEY_SET_LAYER_INFORMATION { + #[inline] + pub fn IsTombstone(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsTombstone(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsSupersedeLocal(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsSupersedeLocal(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsSupersedeTree(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsSupersedeTree(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn ClassIsInherited(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_ClassIsInherited(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 28u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 28u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + IsTombstone: ULONG, + IsSupersedeLocal: ULONG, + IsSupersedeTree: ULONG, + ClassIsInherited: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let IsTombstone: u32 = unsafe { ::core::mem::transmute(IsTombstone) }; + IsTombstone as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let IsSupersedeLocal: u32 = unsafe { ::core::mem::transmute(IsSupersedeLocal) }; + IsSupersedeLocal as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let IsSupersedeTree: u32 = unsafe { ::core::mem::transmute(IsSupersedeTree) }; + IsSupersedeTree as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let ClassIsInherited: u32 = unsafe { ::core::mem::transmute(ClassIsInherited) }; + ClassIsInherited as u64 + }); + __bindgen_bitfield_unit.set(4usize, 28u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +pub type KEY_SET_LAYER_INFORMATION = _KEY_SET_LAYER_INFORMATION; +pub type PKEY_SET_LAYER_INFORMATION = *mut _KEY_SET_LAYER_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_CONTROL_FLAGS_INFORMATION { + pub ControlFlags: ULONG, +} +pub type KEY_CONTROL_FLAGS_INFORMATION = _KEY_CONTROL_FLAGS_INFORMATION; +pub type PKEY_CONTROL_FLAGS_INFORMATION = *mut _KEY_CONTROL_FLAGS_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_SET_VIRTUALIZATION_INFORMATION { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _KEY_SET_VIRTUALIZATION_INFORMATION { + #[inline] + pub fn VirtualTarget(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_VirtualTarget(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn VirtualStore(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_VirtualStore(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn VirtualSource(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_VirtualSource(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 29u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 29u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + VirtualTarget: ULONG, + VirtualStore: ULONG, + VirtualSource: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let VirtualTarget: u32 = unsafe { ::core::mem::transmute(VirtualTarget) }; + VirtualTarget as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let VirtualStore: u32 = unsafe { ::core::mem::transmute(VirtualStore) }; + VirtualStore as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let VirtualSource: u32 = unsafe { ::core::mem::transmute(VirtualSource) }; + VirtualSource as u64 + }); + __bindgen_bitfield_unit.set(3usize, 29u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +pub type KEY_SET_VIRTUALIZATION_INFORMATION = _KEY_SET_VIRTUALIZATION_INFORMATION; +pub type PKEY_SET_VIRTUALIZATION_INFORMATION = *mut _KEY_SET_VIRTUALIZATION_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _KEY_VALUE_INFORMATION_CLASS { + KeyValueBasicInformation = 0, + KeyValueFullInformation = 1, + KeyValuePartialInformation = 2, + KeyValueFullInformationAlign64 = 3, + KeyValuePartialInformationAlign64 = 4, + KeyValueLayerInformation = 5, + MaxKeyValueInfoClass = 6, +} +pub use self::_KEY_VALUE_INFORMATION_CLASS as KEY_VALUE_INFORMATION_CLASS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_VALUE_BASIC_INFORMATION { + pub TitleIndex: ULONG, + pub Type: ULONG, + pub NameLength: ULONG, + pub Name: [WCHAR; 1usize], +} +pub type KEY_VALUE_BASIC_INFORMATION = _KEY_VALUE_BASIC_INFORMATION; +pub type PKEY_VALUE_BASIC_INFORMATION = *mut _KEY_VALUE_BASIC_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_VALUE_FULL_INFORMATION { + pub TitleIndex: ULONG, + pub Type: ULONG, + pub DataOffset: ULONG, + pub DataLength: ULONG, + pub NameLength: ULONG, + pub Name: [WCHAR; 1usize], +} +pub type KEY_VALUE_FULL_INFORMATION = _KEY_VALUE_FULL_INFORMATION; +pub type PKEY_VALUE_FULL_INFORMATION = *mut _KEY_VALUE_FULL_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_VALUE_PARTIAL_INFORMATION { + pub TitleIndex: ULONG, + pub Type: ULONG, + pub DataLength: ULONG, + pub Data: [UCHAR; 1usize], +} +pub type KEY_VALUE_PARTIAL_INFORMATION = _KEY_VALUE_PARTIAL_INFORMATION; +pub type PKEY_VALUE_PARTIAL_INFORMATION = *mut _KEY_VALUE_PARTIAL_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 { + pub Type: ULONG, + pub DataLength: ULONG, + pub Data: [UCHAR; 1usize], +} +pub type KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 = _KEY_VALUE_PARTIAL_INFORMATION_ALIGN64; +pub type PKEY_VALUE_PARTIAL_INFORMATION_ALIGN64 = *mut _KEY_VALUE_PARTIAL_INFORMATION_ALIGN64; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _KEY_VALUE_LAYER_INFORMATION { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _KEY_VALUE_LAYER_INFORMATION { + #[inline] + pub fn IsTombstone(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsTombstone(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + IsTombstone: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let IsTombstone: u32 = unsafe { ::core::mem::transmute(IsTombstone) }; + IsTombstone as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +pub type KEY_VALUE_LAYER_INFORMATION = _KEY_VALUE_LAYER_INFORMATION; +pub type PKEY_VALUE_LAYER_INFORMATION = *mut _KEY_VALUE_LAYER_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _CM_EXTENDED_PARAMETER_TYPE { + CmExtendedParameterInvalidType = 0, + CmExtendedParameterTrustClassKey = 1, + CmExtendedParameterEvent = 2, + CmExtendedParameterFileAccessToken = 3, + CmExtendedParameterMax = 4, +} +pub use self::_CM_EXTENDED_PARAMETER_TYPE as CM_EXTENDED_PARAMETER_TYPE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _CM_EXTENDED_PARAMETER { + pub __bindgen_anon_1: _CM_EXTENDED_PARAMETER__bindgen_ty_1, + pub __bindgen_anon_2: _CM_EXTENDED_PARAMETER__bindgen_ty_2, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CM_EXTENDED_PARAMETER__bindgen_ty_1 { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl _CM_EXTENDED_PARAMETER__bindgen_ty_1 { + #[inline] + pub fn Type(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u64) } + } + #[inline] + pub fn set_Type(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 56u8) as u64) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 56u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Type: ULONG64, Reserved: ULONG64) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let Type: u64 = unsafe { ::core::mem::transmute(Type) }; + Type as u64 + }); + __bindgen_bitfield_unit.set(8usize, 56u8, { + let Reserved: u64 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _CM_EXTENDED_PARAMETER__bindgen_ty_2 { + pub ULong64: ULONG64, + pub Pointer: PVOID, + pub Size: SIZE_T, + pub Handle: HANDLE, + pub ULong: ULONG, + pub AccessMask: ACCESS_MASK, +} +impl Default for _CM_EXTENDED_PARAMETER__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _CM_EXTENDED_PARAMETER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CM_EXTENDED_PARAMETER = _CM_EXTENDED_PARAMETER; +pub type PCM_EXTENDED_PARAMETER = *mut _CM_EXTENDED_PARAMETER; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _KEY_VALUE_ENTRY { + pub ValueName: PUNICODE_STRING, + pub DataLength: ULONG, + pub DataOffset: ULONG, + pub Type: ULONG, +} +impl Default for _KEY_VALUE_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type KEY_VALUE_ENTRY = _KEY_VALUE_ENTRY; +pub type PKEY_VALUE_ENTRY = *mut _KEY_VALUE_ENTRY; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _REG_ACTION { + KeyAdded = 0, + KeyRemoved = 1, + KeyModified = 2, +} +pub use self::_REG_ACTION as REG_ACTION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _REG_NOTIFY_INFORMATION { + pub NextEntryOffset: ULONG, + pub Action: REG_ACTION, + pub KeyLength: ULONG, + pub Key: [WCHAR; 1usize], +} +impl Default for _REG_NOTIFY_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type REG_NOTIFY_INFORMATION = _REG_NOTIFY_INFORMATION; +pub type PREG_NOTIFY_INFORMATION = *mut _REG_NOTIFY_INFORMATION; +#[repr(C)] +pub struct _KEY_PID_ARRAY { + pub ProcessId: HANDLE, + pub KeyName: UNICODE_STRING, +} +impl Default for _KEY_PID_ARRAY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type KEY_PID_ARRAY = _KEY_PID_ARRAY; +pub type PKEY_PID_ARRAY = *mut _KEY_PID_ARRAY; +#[repr(C)] +pub struct _KEY_OPEN_SUBKEYS_INFORMATION { + pub Count: ULONG, + pub KeyArray: [KEY_PID_ARRAY; 1usize], +} +impl Default for _KEY_OPEN_SUBKEYS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type KEY_OPEN_SUBKEYS_INFORMATION = _KEY_OPEN_SUBKEYS_INFORMATION; +pub type PKEY_OPEN_SUBKEYS_INFORMATION = *mut _KEY_OPEN_SUBKEYS_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _VR_INITIALIZE_JOB_FOR_VREG { + pub Job: HANDLE, +} +impl Default for _VR_INITIALIZE_JOB_FOR_VREG { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type VR_INITIALIZE_JOB_FOR_VREG = _VR_INITIALIZE_JOB_FOR_VREG; +pub type PVR_INITIALIZE_JOB_FOR_VREG = *mut _VR_INITIALIZE_JOB_FOR_VREG; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _VR_LOAD_DIFFERENCING_HIVE { + pub Job: HANDLE, + pub NextLayerIsHost: ULONG, + pub Flags: ULONG, + pub LoadFlags: ULONG, + pub KeyPathLength: WORD, + pub HivePathLength: WORD, + pub NextLayerKeyPathLength: WORD, + pub FileAccessToken: HANDLE, + pub Strings: [WCHAR; 1usize], +} +impl Default for _VR_LOAD_DIFFERENCING_HIVE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type VR_LOAD_DIFFERENCING_HIVE = _VR_LOAD_DIFFERENCING_HIVE; +pub type PVR_LOAD_DIFFERENCING_HIVE = *mut _VR_LOAD_DIFFERENCING_HIVE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _VR_CREATE_NAMESPACE_NODE { + pub Job: HANDLE, + pub ContainerPathLength: WORD, + pub HostPathLength: WORD, + pub Flags: ULONG, + pub AccessMask: ACCESS_MASK, + pub Strings: [WCHAR; 1usize], +} +impl Default for _VR_CREATE_NAMESPACE_NODE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type VR_CREATE_NAMESPACE_NODE = _VR_CREATE_NAMESPACE_NODE; +pub type PVR_CREATE_NAMESPACE_NODE = *mut _VR_CREATE_NAMESPACE_NODE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _VR_MODIFY_FLAGS { + pub Job: HANDLE, + pub AddFlags: ULONG, + pub RemoveFlags: ULONG, +} +impl Default for _VR_MODIFY_FLAGS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type VR_MODIFY_FLAGS = _VR_MODIFY_FLAGS; +pub type PVR_MODIFY_FLAGS = *mut _VR_MODIFY_FLAGS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _NAMESPACE_NODE_DATA { + pub AccessMask: ACCESS_MASK, + pub ContainerPathLength: WORD, + pub HostPathLength: WORD, + pub Flags: ULONG, + pub Strings: [WCHAR; 1usize], +} +pub type NAMESPACE_NODE_DATA = _NAMESPACE_NODE_DATA; +pub type PNAMESPACE_NODE_DATA = *mut _NAMESPACE_NODE_DATA; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _VR_CREATE_MULTIPLE_NAMESPACE_NODES { + pub Job: HANDLE, + pub NumNewKeys: ULONG, + pub Keys: [NAMESPACE_NODE_DATA; 1usize], +} +impl Default for _VR_CREATE_MULTIPLE_NAMESPACE_NODES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type VR_CREATE_MULTIPLE_NAMESPACE_NODES = _VR_CREATE_MULTIPLE_NAMESPACE_NODES; +pub type PVR_CREATE_MULTIPLE_NAMESPACE_NODES = *mut _VR_CREATE_MULTIPLE_NAMESPACE_NODES; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _VR_UNLOAD_DYNAMICALLY_LOADED_HIVES { + pub Job: HANDLE, +} +impl Default for _VR_UNLOAD_DYNAMICALLY_LOADED_HIVES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type VR_UNLOAD_DYNAMICALLY_LOADED_HIVES = _VR_UNLOAD_DYNAMICALLY_LOADED_HIVES; +pub type PVR_UNLOAD_DYNAMICALLY_LOADED_HIVES = *mut _VR_UNLOAD_DYNAMICALLY_LOADED_HIVES; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _VR_GET_VIRTUAL_ROOT { + pub Job: HANDLE, + pub Index: ULONG, +} +impl Default for _VR_GET_VIRTUAL_ROOT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type VR_GET_VIRTUAL_ROOT = _VR_GET_VIRTUAL_ROOT; +pub type PVR_GET_VIRTUAL_ROOT = *mut _VR_GET_VIRTUAL_ROOT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _VR_GET_VIRTUAL_ROOT_RESULT { + pub Key: HANDLE, +} +impl Default for _VR_GET_VIRTUAL_ROOT_RESULT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type VR_GET_VIRTUAL_ROOT_RESULT = _VR_GET_VIRTUAL_ROOT_RESULT; +pub type PVR_GET_VIRTUAL_ROOT_RESULT = *mut _VR_GET_VIRTUAL_ROOT_RESULT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _VR_LOAD_DIFFERENCING_HIVE_FOR_HOST { + pub LoadFlags: ULONG, + pub Flags: ULONG, + pub KeyPathLength: WORD, + pub HivePathLength: WORD, + pub NextLayerKeyPathLength: WORD, + pub FileAccessToken: HANDLE, + pub Strings: [WCHAR; 1usize], +} +impl Default for _VR_LOAD_DIFFERENCING_HIVE_FOR_HOST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type VR_LOAD_DIFFERENCING_HIVE_FOR_HOST = _VR_LOAD_DIFFERENCING_HIVE_FOR_HOST; +pub type PVR_LOAD_DIFFERENCING_HIVE_FOR_HOST = *mut _VR_LOAD_DIFFERENCING_HIVE_FOR_HOST; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _VR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST { + pub Reserved: ULONG, + pub TargetKeyPathLength: WORD, + pub TargetKeyPath: [WCHAR; 1usize], +} +pub type VR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST = _VR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST; +pub type PVR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST = *mut _VR_UNLOAD_DIFFERENCING_HIVE_FOR_HOST; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _TABLE_SEARCH_RESULT { + TableEmptyTree = 0, + TableFoundNode = 1, + TableInsertAsLeft = 2, + TableInsertAsRight = 3, +} +pub use self::_TABLE_SEARCH_RESULT as TABLE_SEARCH_RESULT; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _RTL_GENERIC_COMPARE_RESULTS { + GenericLessThan = 0, + GenericGreaterThan = 1, + GenericEqual = 2, +} +pub use self::_RTL_GENERIC_COMPARE_RESULTS as RTL_GENERIC_COMPARE_RESULTS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_AVL_TABLE { + _unused: [u8; 0], +} +pub type PRTL_AVL_COMPARE_ROUTINE = ::core::option::Option< + unsafe extern "C" fn( + Table: *mut _RTL_AVL_TABLE, + FirstStruct: PVOID, + SecondStruct: PVOID, + ) -> RTL_GENERIC_COMPARE_RESULTS, +>; +pub type PRTL_AVL_ALLOCATE_ROUTINE = ::core::option::Option< + unsafe extern "C" fn(Table: *mut _RTL_AVL_TABLE, ByteSize: CLONG) -> PVOID, +>; +pub type PRTL_AVL_FREE_ROUTINE = + ::core::option::Option; +pub type PRTL_AVL_MATCH_FUNCTION = ::core::option::Option< + unsafe extern "C" fn(Table: *mut _RTL_AVL_TABLE, UserData: PVOID, MatchData: PVOID) -> NTSTATUS, +>; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_BALANCED_LINKS { + pub Parent: *mut _RTL_BALANCED_LINKS, + pub LeftChild: *mut _RTL_BALANCED_LINKS, + pub RightChild: *mut _RTL_BALANCED_LINKS, + pub Balance: CHAR, + pub Reserved: [UCHAR; 3usize], +} +impl Default for _RTL_BALANCED_LINKS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_BALANCED_LINKS = _RTL_BALANCED_LINKS; +pub type PRTL_BALANCED_LINKS = *mut _RTL_BALANCED_LINKS; +pub type RTL_AVL_TABLE = _RTL_AVL_TABLE; +pub type PRTL_AVL_TABLE = *mut _RTL_AVL_TABLE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_SPLAY_LINKS { + pub Parent: *mut _RTL_SPLAY_LINKS, + pub LeftChild: *mut _RTL_SPLAY_LINKS, + pub RightChild: *mut _RTL_SPLAY_LINKS, +} +impl Default for _RTL_SPLAY_LINKS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_SPLAY_LINKS = _RTL_SPLAY_LINKS; +pub type PRTL_SPLAY_LINKS = *mut _RTL_SPLAY_LINKS; +pub type PRTL_GENERIC_COMPARE_ROUTINE = ::core::option::Option< + unsafe extern "C" fn( + Table: *mut _RTL_GENERIC_TABLE, + FirstStruct: PVOID, + SecondStruct: PVOID, + ) -> RTL_GENERIC_COMPARE_RESULTS, +>; +pub type PRTL_GENERIC_ALLOCATE_ROUTINE = ::core::option::Option< + unsafe extern "C" fn(Table: *mut _RTL_GENERIC_TABLE, ByteSize: CLONG) -> PVOID, +>; +pub type PRTL_GENERIC_FREE_ROUTINE = + ::core::option::Option; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_GENERIC_TABLE { + pub TableRoot: PRTL_SPLAY_LINKS, + pub InsertOrderList: LIST_ENTRY, + pub OrderedPointer: PLIST_ENTRY, + pub WhichOrderedElement: ULONG, + pub NumberGenericTableElements: ULONG, + pub CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE, + pub AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE, + pub FreeRoutine: PRTL_GENERIC_FREE_ROUTINE, + pub TableContext: PVOID, +} +impl Default for _RTL_GENERIC_TABLE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_GENERIC_TABLE = _RTL_GENERIC_TABLE; +pub type PRTL_GENERIC_TABLE = *mut _RTL_GENERIC_TABLE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_RB_TREE { + pub Root: PRTL_BALANCED_NODE, + pub Min: PRTL_BALANCED_NODE, +} +impl Default for _RTL_RB_TREE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_RB_TREE = _RTL_RB_TREE; +pub type PRTL_RB_TREE = *mut _RTL_RB_TREE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_DYNAMIC_HASH_TABLE_ENTRY { + pub Linkage: LIST_ENTRY, + pub Signature: ULONG_PTR, +} +impl Default for _RTL_DYNAMIC_HASH_TABLE_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_DYNAMIC_HASH_TABLE_ENTRY = _RTL_DYNAMIC_HASH_TABLE_ENTRY; +pub type PRTL_DYNAMIC_HASH_TABLE_ENTRY = *mut _RTL_DYNAMIC_HASH_TABLE_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_DYNAMIC_HASH_TABLE_CONTEXT { + pub ChainHead: PLIST_ENTRY, + pub PrevLinkage: PLIST_ENTRY, + pub Signature: ULONG_PTR, +} +impl Default for _RTL_DYNAMIC_HASH_TABLE_CONTEXT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_DYNAMIC_HASH_TABLE_CONTEXT = _RTL_DYNAMIC_HASH_TABLE_CONTEXT; +pub type PRTL_DYNAMIC_HASH_TABLE_CONTEXT = *mut _RTL_DYNAMIC_HASH_TABLE_CONTEXT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_DYNAMIC_HASH_TABLE_ENUMERATOR { + pub HashEntry: RTL_DYNAMIC_HASH_TABLE_ENTRY, + pub ChainHead: PLIST_ENTRY, + pub BucketIndex: ULONG, +} +impl Default for _RTL_DYNAMIC_HASH_TABLE_ENUMERATOR { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_DYNAMIC_HASH_TABLE_ENUMERATOR = _RTL_DYNAMIC_HASH_TABLE_ENUMERATOR; +pub type PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR = *mut _RTL_DYNAMIC_HASH_TABLE_ENUMERATOR; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_DYNAMIC_HASH_TABLE { + pub Flags: ULONG, + pub Shift: ULONG, + pub TableSize: ULONG, + pub Pivot: ULONG, + pub DivisorMask: ULONG, + pub NumEntries: ULONG, + pub NonEmptyBuckets: ULONG, + pub NumEnumerators: ULONG, + pub Directory: PVOID, +} +impl Default for _RTL_DYNAMIC_HASH_TABLE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_DYNAMIC_HASH_TABLE = _RTL_DYNAMIC_HASH_TABLE; +pub type PRTL_DYNAMIC_HASH_TABLE = *mut _RTL_DYNAMIC_HASH_TABLE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_RESOURCE { + pub CriticalSection: RTL_CRITICAL_SECTION, + pub SharedSemaphore: HANDLE, + pub NumberOfWaitingShared: ULONG, + pub ExclusiveSemaphore: HANDLE, + pub NumberOfWaitingExclusive: ULONG, + pub NumberOfActive: LONG, + pub ExclusiveOwnerThread: HANDLE, + pub Flags: ULONG, + pub DebugInfo: PRTL_RESOURCE_DEBUG, +} +impl Default for _RTL_RESOURCE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_RESOURCE = _RTL_RESOURCE; +pub type PRTL_RESOURCE = *mut _RTL_RESOURCE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _RTL_NORM_FORM { + NormOther = 0, + NormC = 1, + NormD = 2, + NormKC = 5, + NormKD = 6, + NormIdna = 13, + DisallowUnassigned = 256, + NormCDisallowUnassigned = 257, + NormDDisallowUnassigned = 258, + NormKCDisallowUnassigned = 261, + NormKDDisallowUnassigned = 262, + NormIdnaDisallowUnassigned = 269, +} +pub use self::_RTL_NORM_FORM as RTL_NORM_FORM; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PREFIX_TABLE_ENTRY { + pub NodeTypeCode: CSHORT, + pub NameLength: CSHORT, + pub NextPrefixTree: *mut _PREFIX_TABLE_ENTRY, + pub Links: RTL_SPLAY_LINKS, + pub Prefix: PSTRING, +} +impl Default for _PREFIX_TABLE_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PREFIX_TABLE_ENTRY = _PREFIX_TABLE_ENTRY; +pub type PPREFIX_TABLE_ENTRY = *mut _PREFIX_TABLE_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PREFIX_TABLE { + pub NodeTypeCode: CSHORT, + pub NameLength: CSHORT, + pub NextPrefixTree: PPREFIX_TABLE_ENTRY, +} +impl Default for _PREFIX_TABLE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PREFIX_TABLE = _PREFIX_TABLE; +pub type PPREFIX_TABLE = *mut _PREFIX_TABLE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _UNICODE_PREFIX_TABLE_ENTRY { + pub NodeTypeCode: CSHORT, + pub NameLength: CSHORT, + pub NextPrefixTree: *mut _UNICODE_PREFIX_TABLE_ENTRY, + pub CaseMatch: *mut _UNICODE_PREFIX_TABLE_ENTRY, + pub Links: RTL_SPLAY_LINKS, + pub Prefix: PUNICODE_STRING, +} +impl Default for _UNICODE_PREFIX_TABLE_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type UNICODE_PREFIX_TABLE_ENTRY = _UNICODE_PREFIX_TABLE_ENTRY; +pub type PUNICODE_PREFIX_TABLE_ENTRY = *mut _UNICODE_PREFIX_TABLE_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _UNICODE_PREFIX_TABLE { + pub NodeTypeCode: CSHORT, + pub NameLength: CSHORT, + pub NextPrefixTree: PUNICODE_PREFIX_TABLE_ENTRY, + pub LastNextEntry: PUNICODE_PREFIX_TABLE_ENTRY, +} +impl Default for _UNICODE_PREFIX_TABLE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type UNICODE_PREFIX_TABLE = _UNICODE_PREFIX_TABLE; +pub type PUNICODE_PREFIX_TABLE = *mut _UNICODE_PREFIX_TABLE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _COMPRESSED_DATA_INFO { + pub CompressionFormatAndEngine: USHORT, + pub CompressionUnitShift: UCHAR, + pub ChunkShift: UCHAR, + pub ClusterShift: UCHAR, + pub Reserved: UCHAR, + pub NumberOfChunks: USHORT, + pub CompressedChunkSizes: [ULONG; 1usize], +} +pub type COMPRESSED_DATA_INFO = _COMPRESSED_DATA_INFO; +pub type PCOMPRESSED_DATA_INFO = *mut _COMPRESSED_DATA_INFO; +#[repr(C)] +pub struct _CURDIR { + pub DosPath: UNICODE_STRING, + pub Handle: HANDLE, +} +impl Default for _CURDIR { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type CURDIR = _CURDIR; +pub type PCURDIR = *mut _CURDIR; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_DRIVE_LETTER_CURDIR { + pub Flags: USHORT, + pub Length: USHORT, + pub TimeStamp: ULONG, + pub DosPath: STRING, +} +impl Default for _RTL_DRIVE_LETTER_CURDIR { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_DRIVE_LETTER_CURDIR = _RTL_DRIVE_LETTER_CURDIR; +pub type PRTL_DRIVE_LETTER_CURDIR = *mut _RTL_DRIVE_LETTER_CURDIR; +#[repr(C)] +pub struct _RTL_USER_PROCESS_PARAMETERS { + pub MaximumLength: ULONG, + pub Length: ULONG, + pub Flags: ULONG, + pub DebugFlags: ULONG, + pub ConsoleHandle: HANDLE, + pub ConsoleFlags: ULONG, + pub StandardInput: HANDLE, + pub StandardOutput: HANDLE, + pub StandardError: HANDLE, + pub CurrentDirectory: CURDIR, + pub DllPath: UNICODE_STRING, + pub ImagePathName: UNICODE_STRING, + pub CommandLine: UNICODE_STRING, + pub Environment: PVOID, + pub StartingX: ULONG, + pub StartingY: ULONG, + pub CountX: ULONG, + pub CountY: ULONG, + pub CountCharsX: ULONG, + pub CountCharsY: ULONG, + pub FillAttribute: ULONG, + pub WindowFlags: ULONG, + pub ShowWindowFlags: ULONG, + pub WindowTitle: UNICODE_STRING, + pub DesktopInfo: UNICODE_STRING, + pub ShellInfo: UNICODE_STRING, + pub RuntimeData: UNICODE_STRING, + pub CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR; 32usize], + pub EnvironmentSize: ULONG_PTR, + pub EnvironmentVersion: ULONG_PTR, + pub PackageDependencyData: PVOID, + pub ProcessGroupId: ULONG, + pub LoaderThreads: ULONG, + pub RedirectionDllName: UNICODE_STRING, + pub HeapPartitionName: UNICODE_STRING, + pub DefaultThreadpoolCpuSetMasks: ULONG_PTR, + pub DefaultThreadpoolCpuSetMaskCount: ULONG, + pub DefaultThreadpoolThreadMaximum: ULONG, + pub HeapMemoryTypeMask: ULONG, +} +impl Default for _RTL_USER_PROCESS_PARAMETERS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_USER_PROCESS_PARAMETERS = _RTL_USER_PROCESS_PARAMETERS; +#[repr(C)] +pub struct _RTL_USER_PROCESS_INFORMATION { + pub Length: ULONG, + pub ProcessHandle: HANDLE, + pub ThreadHandle: HANDLE, + pub ClientId: CLIENT_ID, + pub ImageInformation: SECTION_IMAGE_INFORMATION, +} +impl Default for _RTL_USER_PROCESS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_USER_PROCESS_INFORMATION = _RTL_USER_PROCESS_INFORMATION; +pub type PRTL_USER_PROCESS_INFORMATION = *mut _RTL_USER_PROCESS_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_USER_PROCESS_EXTENDED_PARAMETERS { + pub Version: USHORT, + pub NodeNumber: USHORT, + pub ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR, + pub ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, + pub ParentProcess: HANDLE, + pub DebugPort: HANDLE, + pub TokenHandle: HANDLE, + pub JobHandle: HANDLE, +} +impl Default for _RTL_USER_PROCESS_EXTENDED_PARAMETERS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_USER_PROCESS_EXTENDED_PARAMETERS = _RTL_USER_PROCESS_EXTENDED_PARAMETERS; +pub type PRTL_USER_PROCESS_EXTENDED_PARAMETERS = *mut _RTL_USER_PROCESS_EXTENDED_PARAMETERS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION { + pub ReflectionProcessHandle: HANDLE, + pub ReflectionThreadHandle: HANDLE, + pub ReflectionClientId: CLIENT_ID, +} +impl Default for _RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION = + _RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION; +pub type PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION = + *mut _RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION; +pub type PROCESS_REFLECTION_INFORMATION = RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION; +pub type PPROCESS_REFLECTION_INFORMATION = *mut RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CONTEXT_CHUNK { + pub Offset: LONG, + pub Length: ULONG, +} +pub type CONTEXT_CHUNK = _CONTEXT_CHUNK; +pub type PCONTEXT_CHUNK = *mut _CONTEXT_CHUNK; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CONTEXT_EX { + pub All: CONTEXT_CHUNK, + pub Legacy: CONTEXT_CHUNK, + pub XState: CONTEXT_CHUNK, + pub KernelCet: CONTEXT_CHUNK, +} +pub type CONTEXT_EX = _CONTEXT_EX; +pub type PCONTEXT_EX = *mut _CONTEXT_EX; +pub type PRTLP_UNHANDLED_EXCEPTION_FILTER = + ::core::option::Option ULONG>; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _FUNCTION_TABLE_TYPE { + RF_SORTED = 0, + RF_UNSORTED = 1, + RF_CALLBACK = 2, + RF_KERNEL_DYNAMIC = 3, +} +pub use self::_FUNCTION_TABLE_TYPE as FUNCTION_TABLE_TYPE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _DYNAMIC_FUNCTION_TABLE { + pub ListEntry: LIST_ENTRY, + pub FunctionTable: PRUNTIME_FUNCTION, + pub TimeStamp: LARGE_INTEGER, + pub MinimumAddress: ULONG64, + pub MaximumAddress: ULONG64, + pub BaseAddress: ULONG64, + pub Callback: PGET_RUNTIME_FUNCTION_CALLBACK, + pub Context: PVOID, + pub OutOfProcessCallbackDll: PWSTR, + pub Type: FUNCTION_TABLE_TYPE, + pub EntryCount: ULONG, + pub TreeNodeMin: RTL_BALANCED_NODE, + pub TreeNodeMax: RTL_BALANCED_NODE, +} +impl Default for _DYNAMIC_FUNCTION_TABLE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DYNAMIC_FUNCTION_TABLE = _DYNAMIC_FUNCTION_TABLE; +pub type PDYNAMIC_FUNCTION_TABLE = *mut _DYNAMIC_FUNCTION_TABLE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTLP_CURDIR_REF { + pub ReferenceCount: LONG, + pub DirectoryHandle: HANDLE, +} +impl Default for _RTLP_CURDIR_REF { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTLP_CURDIR_REF = _RTLP_CURDIR_REF; +pub type PRTLP_CURDIR_REF = *mut _RTLP_CURDIR_REF; +#[repr(C)] +pub struct _RTL_RELATIVE_NAME_U { + pub RelativeName: UNICODE_STRING, + pub ContainingDirectory: HANDLE, + pub CurDirRef: PRTLP_CURDIR_REF, +} +impl Default for _RTL_RELATIVE_NAME_U { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_RELATIVE_NAME_U = _RTL_RELATIVE_NAME_U; +pub type PRTL_RELATIVE_NAME_U = *mut _RTL_RELATIVE_NAME_U; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _RTL_PATH_TYPE { + RtlPathTypeUnknown = 0, + RtlPathTypeUncAbsolute = 1, + RtlPathTypeDriveAbsolute = 2, + RtlPathTypeDriveRelative = 3, + RtlPathTypeRooted = 4, + RtlPathTypeRelative = 5, + RtlPathTypeLocalDevice = 6, + RtlPathTypeRootLocalDevice = 7, +} +pub use self::_RTL_PATH_TYPE as RTL_PATH_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_BUFFER { + pub Buffer: PUCHAR, + pub StaticBuffer: PUCHAR, + pub Size: SIZE_T, + pub StaticSize: SIZE_T, +} +impl Default for _RTL_BUFFER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_BUFFER = _RTL_BUFFER; +pub type PRTL_BUFFER = *mut _RTL_BUFFER; +#[repr(C)] +pub struct _RTL_UNICODE_STRING_BUFFER { + pub String: UNICODE_STRING, + pub ByteBuffer: RTL_BUFFER, + pub MinimumStaticBufferForTerminalNul: [UCHAR; 2usize], +} +impl Default for _RTL_UNICODE_STRING_BUFFER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_UNICODE_STRING_BUFFER = _RTL_UNICODE_STRING_BUFFER; +pub type PRTL_UNICODE_STRING_BUFFER = *mut _RTL_UNICODE_STRING_BUFFER; +#[repr(C)] +pub struct _GENERATE_NAME_CONTEXT { + pub Checksum: USHORT, + pub CheckSumInserted: BOOLEAN, + pub NameLength: UCHAR, + pub NameBuffer: [WCHAR; 8usize], + pub ExtensionLength: ULONG, + pub ExtensionBuffer: [WCHAR; 4usize], + pub LastIndexValue: ULONG, +} +impl Default for _GENERATE_NAME_CONTEXT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type GENERATE_NAME_CONTEXT = _GENERATE_NAME_CONTEXT; +pub type PGENERATE_NAME_CONTEXT = *mut _GENERATE_NAME_CONTEXT; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_HEAP_ENTRY { + pub Size: SIZE_T, + pub Flags: USHORT, + pub AllocatorBackTraceIndex: USHORT, + pub u: _RTL_HEAP_ENTRY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_HEAP_ENTRY__bindgen_ty_1 { + pub s1: _RTL_HEAP_ENTRY__bindgen_ty_1__bindgen_ty_1, + pub s2: _RTL_HEAP_ENTRY__bindgen_ty_1__bindgen_ty_2, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_HEAP_ENTRY__bindgen_ty_1__bindgen_ty_1 { + pub Settable: SIZE_T, + pub Tag: ULONG, +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_HEAP_ENTRY__bindgen_ty_1__bindgen_ty_2 { + pub CommittedSize: SIZE_T, + pub FirstBlock: PVOID, +} +impl Default for _RTL_HEAP_ENTRY__bindgen_ty_1__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _RTL_HEAP_ENTRY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _RTL_HEAP_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_HEAP_ENTRY = _RTL_HEAP_ENTRY; +pub type PRTL_HEAP_ENTRY = *mut _RTL_HEAP_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_HEAP_TAG { + pub NumberOfAllocations: ULONG, + pub NumberOfFrees: ULONG, + pub BytesAllocated: SIZE_T, + pub TagIndex: USHORT, + pub CreatorBackTraceIndex: USHORT, + pub TagName: [WCHAR; 24usize], +} +pub type RTL_HEAP_TAG = _RTL_HEAP_TAG; +pub type PRTL_HEAP_TAG = *mut _RTL_HEAP_TAG; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_HEAP_INFORMATION_V1 { + pub BaseAddress: PVOID, + pub Flags: ULONG, + pub EntryOverhead: USHORT, + pub CreatorBackTraceIndex: USHORT, + pub BytesAllocated: SIZE_T, + pub BytesCommitted: SIZE_T, + pub NumberOfTags: ULONG, + pub NumberOfEntries: ULONG, + pub NumberOfPseudoTags: ULONG, + pub PseudoTagGranularity: ULONG, + pub Reserved: [ULONG; 5usize], + pub Tags: PRTL_HEAP_TAG, + pub Entries: PRTL_HEAP_ENTRY, +} +impl Default for _RTL_HEAP_INFORMATION_V1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_HEAP_INFORMATION_V1 = _RTL_HEAP_INFORMATION_V1; +pub type PRTL_HEAP_INFORMATION_V1 = *mut _RTL_HEAP_INFORMATION_V1; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_HEAP_INFORMATION_V2 { + pub BaseAddress: PVOID, + pub Flags: ULONG, + pub EntryOverhead: USHORT, + pub CreatorBackTraceIndex: USHORT, + pub BytesAllocated: SIZE_T, + pub BytesCommitted: SIZE_T, + pub NumberOfTags: ULONG, + pub NumberOfEntries: ULONG, + pub NumberOfPseudoTags: ULONG, + pub PseudoTagGranularity: ULONG, + pub Reserved: [ULONG; 5usize], + pub Tags: PRTL_HEAP_TAG, + pub Entries: PRTL_HEAP_ENTRY, + pub HeapTag: ULONG64, +} +impl Default for _RTL_HEAP_INFORMATION_V2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_HEAP_INFORMATION_V2 = _RTL_HEAP_INFORMATION_V2; +pub type PRTL_HEAP_INFORMATION_V2 = *mut _RTL_HEAP_INFORMATION_V2; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_PROCESS_HEAPS_V1 { + pub NumberOfHeaps: ULONG, + pub Heaps: [RTL_HEAP_INFORMATION_V1; 1usize], +} +impl Default for _RTL_PROCESS_HEAPS_V1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_PROCESS_HEAPS_V1 = _RTL_PROCESS_HEAPS_V1; +pub type PRTL_PROCESS_HEAPS_V1 = *mut _RTL_PROCESS_HEAPS_V1; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_PROCESS_HEAPS_V2 { + pub NumberOfHeaps: ULONG, + pub Heaps: [RTL_HEAP_INFORMATION_V2; 1usize], +} +impl Default for _RTL_PROCESS_HEAPS_V2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_PROCESS_HEAPS_V2 = _RTL_PROCESS_HEAPS_V2; +pub type PRTL_PROCESS_HEAPS_V2 = *mut _RTL_PROCESS_HEAPS_V2; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _RTL_MEMORY_TYPE { + MemoryTypePaged = 0, + MemoryTypeNonPaged = 1, + MemoryType64KPage = 2, + MemoryTypeLargePage = 3, + MemoryTypeHugePage = 4, + MemoryTypeCustom = 5, + MemoryTypeMax = 6, +} +pub use self::_RTL_MEMORY_TYPE as RTL_MEMORY_TYPE; +pub type PRTL_MEMORY_TYPE = *mut _RTL_MEMORY_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _HEAP_MEMORY_INFO_CLASS { + HeapMemoryBasicInformation = 0, +} +pub use self::_HEAP_MEMORY_INFO_CLASS as HEAP_MEMORY_INFO_CLASS; +pub type ALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK = ::core::option::Option< + unsafe extern "C" fn( + CallbackContext: HANDLE, + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + AllocationType: ULONG, + PageProtection: ULONG, + ExtendedParameters: PMEM_EXTENDED_PARAMETER, + ExtendedParameterCount: ULONG, + ) -> NTSTATUS, +>; +pub type PALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK = ALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK; +pub type FREE_VIRTUAL_MEMORY_EX_CALLBACK = ::core::option::Option< + unsafe extern "C" fn( + CallbackContext: HANDLE, + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + FreeType: ULONG, + ) -> NTSTATUS, +>; +pub type PFREE_VIRTUAL_MEMORY_EX_CALLBACK = FREE_VIRTUAL_MEMORY_EX_CALLBACK; +pub type QUERY_VIRTUAL_MEMORY_CALLBACK = ::core::option::Option< + unsafe extern "C" fn( + CallbackContext: HANDLE, + ProcessHandle: HANDLE, + BaseAddress: PVOID, + MemoryInformationClass: HEAP_MEMORY_INFO_CLASS, + MemoryInformation: PVOID, + MemoryInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS, +>; +pub type PQUERY_VIRTUAL_MEMORY_CALLBACK = QUERY_VIRTUAL_MEMORY_CALLBACK; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_SEGMENT_HEAP_VA_CALLBACKS { + pub CallbackContext: HANDLE, + pub AllocateVirtualMemory: PALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK, + pub FreeVirtualMemory: PFREE_VIRTUAL_MEMORY_EX_CALLBACK, + pub QueryVirtualMemory: PQUERY_VIRTUAL_MEMORY_CALLBACK, +} +impl Default for _RTL_SEGMENT_HEAP_VA_CALLBACKS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_SEGMENT_HEAP_VA_CALLBACKS = _RTL_SEGMENT_HEAP_VA_CALLBACKS; +pub type PRTL_SEGMENT_HEAP_VA_CALLBACKS = *mut _RTL_SEGMENT_HEAP_VA_CALLBACKS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_SEGMENT_HEAP_MEMORY_SOURCE { + pub Flags: ULONG, + pub MemoryTypeMask: ULONG, + pub NumaNode: ULONG, + pub __bindgen_anon_1: _RTL_SEGMENT_HEAP_MEMORY_SOURCE__bindgen_ty_1, + pub Reserved: [SIZE_T; 2usize], +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_SEGMENT_HEAP_MEMORY_SOURCE__bindgen_ty_1 { + pub PartitionHandle: HANDLE, + pub Callbacks: *mut RTL_SEGMENT_HEAP_VA_CALLBACKS, +} +impl Default for _RTL_SEGMENT_HEAP_MEMORY_SOURCE__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _RTL_SEGMENT_HEAP_MEMORY_SOURCE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_SEGMENT_HEAP_MEMORY_SOURCE = _RTL_SEGMENT_HEAP_MEMORY_SOURCE; +pub type PRTL_SEGMENT_HEAP_MEMORY_SOURCE = *mut _RTL_SEGMENT_HEAP_MEMORY_SOURCE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_SEGMENT_HEAP_PARAMETERS { + pub Version: USHORT, + pub Size: USHORT, + pub Flags: ULONG, + pub MemorySource: RTL_SEGMENT_HEAP_MEMORY_SOURCE, + pub Reserved: [SIZE_T; 4usize], +} +impl Default for _RTL_SEGMENT_HEAP_PARAMETERS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_SEGMENT_HEAP_PARAMETERS = _RTL_SEGMENT_HEAP_PARAMETERS; +pub type PRTL_SEGMENT_HEAP_PARAMETERS = *mut _RTL_SEGMENT_HEAP_PARAMETERS; +pub type PRTL_HEAP_COMMIT_ROUTINE = ::core::option::Option< + unsafe extern "C" fn(arg1: PVOID, arg2: *mut PVOID, arg3: PSIZE_T) -> NTSTATUS, +>; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_HEAP_PARAMETERS { + pub Length: ULONG, + pub SegmentReserve: SIZE_T, + pub SegmentCommit: SIZE_T, + pub DeCommitFreeBlockThreshold: SIZE_T, + pub DeCommitTotalFreeThreshold: SIZE_T, + pub MaximumAllocationSize: SIZE_T, + pub VirtualMemoryThreshold: SIZE_T, + pub InitialCommit: SIZE_T, + pub InitialReserve: SIZE_T, + pub CommitRoutine: PRTL_HEAP_COMMIT_ROUTINE, + pub Reserved: [SIZE_T; 2usize], +} +pub type RTL_HEAP_PARAMETERS = _RTL_HEAP_PARAMETERS; +pub type PRTL_HEAP_PARAMETERS = *mut _RTL_HEAP_PARAMETERS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_HEAP_TAG_INFO { + pub NumberOfAllocations: ULONG, + pub NumberOfFrees: ULONG, + pub BytesAllocated: SIZE_T, +} +pub type RTL_HEAP_TAG_INFO = _RTL_HEAP_TAG_INFO; +pub type PRTL_HEAP_TAG_INFO = *mut _RTL_HEAP_TAG_INFO; +pub type PRTL_ENUM_HEAPS_ROUTINE = + ::core::option::Option NTSTATUS>; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_HEAP_USAGE_ENTRY { + pub Next: *mut _RTL_HEAP_USAGE_ENTRY, + pub Address: PVOID, + pub Size: SIZE_T, + pub AllocatorBackTraceIndex: USHORT, + pub TagIndex: USHORT, +} +impl Default for _RTL_HEAP_USAGE_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_HEAP_USAGE_ENTRY = _RTL_HEAP_USAGE_ENTRY; +pub type PRTL_HEAP_USAGE_ENTRY = *mut _RTL_HEAP_USAGE_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_HEAP_USAGE { + pub Length: ULONG, + pub BytesAllocated: SIZE_T, + pub BytesCommitted: SIZE_T, + pub BytesReserved: SIZE_T, + pub BytesReservedMaximum: SIZE_T, + pub Entries: PRTL_HEAP_USAGE_ENTRY, + pub AddedEntries: PRTL_HEAP_USAGE_ENTRY, + pub RemovedEntries: PRTL_HEAP_USAGE_ENTRY, + pub Reserved: [ULONG_PTR; 8usize], +} +impl Default for _RTL_HEAP_USAGE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_HEAP_USAGE = _RTL_HEAP_USAGE; +pub type PRTL_HEAP_USAGE = *mut _RTL_HEAP_USAGE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_HEAP_WALK_ENTRY { + pub DataAddress: PVOID, + pub DataSize: SIZE_T, + pub OverheadBytes: UCHAR, + pub SegmentIndex: UCHAR, + pub Flags: USHORT, + pub __bindgen_anon_1: _RTL_HEAP_WALK_ENTRY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_HEAP_WALK_ENTRY__bindgen_ty_1 { + pub Block: _RTL_HEAP_WALK_ENTRY__bindgen_ty_1__bindgen_ty_1, + pub Segment: _RTL_HEAP_WALK_ENTRY__bindgen_ty_1__bindgen_ty_2, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_HEAP_WALK_ENTRY__bindgen_ty_1__bindgen_ty_1 { + pub Settable: SIZE_T, + pub TagIndex: USHORT, + pub AllocatorBackTraceIndex: USHORT, + pub Reserved: [ULONG; 2usize], +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_HEAP_WALK_ENTRY__bindgen_ty_1__bindgen_ty_2 { + pub CommittedSize: ULONG, + pub UnCommittedSize: ULONG, + pub FirstEntry: PVOID, + pub LastEntry: PVOID, +} +impl Default for _RTL_HEAP_WALK_ENTRY__bindgen_ty_1__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _RTL_HEAP_WALK_ENTRY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _RTL_HEAP_WALK_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_HEAP_WALK_ENTRY = _RTL_HEAP_WALK_ENTRY; +pub type PRTL_HEAP_WALK_ENTRY = *mut _RTL_HEAP_WALK_ENTRY; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _HEAP_COMPATIBILITY_MODE { + HEAP_COMPATIBILITY_STANDARD = 0, + HEAP_COMPATIBILITY_LAL = 1, + HEAP_COMPATIBILITY_LFH = 2, +} +pub use self::_HEAP_COMPATIBILITY_MODE as HEAP_COMPATIBILITY_MODE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTLP_TAG_INFO { + pub Id: GUID, + pub CurrentAllocatedBytes: ULONG_PTR, +} +pub type RTLP_TAG_INFO = _RTLP_TAG_INFO; +pub type PRTLP_TAG_INFO = *mut _RTLP_TAG_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTLP_HEAP_TAGGING_INFO { + pub Version: USHORT, + pub Flags: USHORT, + pub ProcessHandle: PVOID, + pub EntriesCount: ULONG_PTR, + pub Entries: [RTLP_TAG_INFO; 1usize], +} +impl Default for _RTLP_HEAP_TAGGING_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTLP_HEAP_TAGGING_INFO = _RTLP_HEAP_TAGGING_INFO; +pub type PRTLP_HEAP_TAGGING_INFO = *mut _RTLP_HEAP_TAGGING_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PROCESS_HEAP_INFORMATION { + pub ReserveSize: SIZE_T, + pub CommitSize: SIZE_T, + pub NumberOfHeaps: ULONG, + pub FirstHeapInformationOffset: ULONG_PTR, +} +pub type PROCESS_HEAP_INFORMATION = _PROCESS_HEAP_INFORMATION; +pub type PPROCESS_HEAP_INFORMATION = *mut _PROCESS_HEAP_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _HEAP_REGION_INFORMATION { + pub Address: PVOID, + pub ReserveSize: SIZE_T, + pub CommitSize: SIZE_T, + pub FirstRangeInformationOffset: ULONG_PTR, + pub NextRegionInformationOffset: ULONG_PTR, +} +impl Default for _HEAP_REGION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type HEAP_REGION_INFORMATION = _HEAP_REGION_INFORMATION; +pub type PHEAP_REGION_INFORMATION = *mut _HEAP_REGION_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _HEAP_RANGE_INFORMATION { + pub Address: PVOID, + pub Size: SIZE_T, + pub Type: ULONG, + pub Protection: ULONG, + pub FirstBlockInformationOffset: ULONG_PTR, + pub NextRangeInformationOffset: ULONG_PTR, +} +impl Default for _HEAP_RANGE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type HEAP_RANGE_INFORMATION = _HEAP_RANGE_INFORMATION; +pub type PHEAP_RANGE_INFORMATION = *mut _HEAP_RANGE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _HEAP_BLOCK_INFORMATION { + pub Address: PVOID, + pub Flags: ULONG, + pub DataSize: SIZE_T, + pub OverheadSize: ULONG_PTR, + pub NextBlockInformationOffset: ULONG_PTR, +} +impl Default for _HEAP_BLOCK_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type HEAP_BLOCK_INFORMATION = _HEAP_BLOCK_INFORMATION; +pub type PHEAP_BLOCK_INFORMATION = *mut _HEAP_BLOCK_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _HEAP_INFORMATION { + pub Address: PVOID, + pub Mode: ULONG, + pub ReserveSize: SIZE_T, + pub CommitSize: SIZE_T, + pub FirstRegionInformationOffset: ULONG_PTR, + pub NextHeapInformationOffset: ULONG_PTR, +} +impl Default for _HEAP_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type HEAP_INFORMATION = _HEAP_INFORMATION; +pub type PHEAP_INFORMATION = *mut _HEAP_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION { + pub SegmentReserveSize: SIZE_T, + pub SegmentCommitSize: SIZE_T, + pub SegmentCount: ULONG_PTR, + pub AllocatedSize: SIZE_T, + pub LargeAllocReserveSize: SIZE_T, + pub LargeAllocCommitSize: SIZE_T, +} +pub type SEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION = + _SEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION; +pub type PSEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION = + *mut _SEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _HEAP_PERFORMANCE_COUNTERS_INFORMATION { + pub Size: ULONG, + pub Version: ULONG, + pub HeapIndex: ULONG, + pub LastHeapIndex: ULONG, + pub BaseAddress: PVOID, + pub ReserveSize: SIZE_T, + pub CommitSize: SIZE_T, + pub SegmentCount: ULONG, + pub LargeUCRMemory: SIZE_T, + pub UCRLength: ULONG, + pub AllocatedSpace: SIZE_T, + pub FreeSpace: SIZE_T, + pub FreeListLength: ULONG, + pub Contention: ULONG, + pub VirtualBlocks: ULONG, + pub CommitRate: ULONG, + pub DecommitRate: ULONG, + pub SegmentHeapPerfInformation: SEGMENT_HEAP_PERFORMANCE_COUNTER_INFORMATION, +} +impl Default for _HEAP_PERFORMANCE_COUNTERS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type HEAP_PERFORMANCE_COUNTERS_INFORMATION = _HEAP_PERFORMANCE_COUNTERS_INFORMATION; +pub type PHEAP_PERFORMANCE_COUNTERS_INFORMATION = *mut _HEAP_PERFORMANCE_COUNTERS_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _HEAP_INFORMATION_ITEM { + pub Level: ULONG, + pub Size: SIZE_T, + pub __bindgen_anon_1: _HEAP_INFORMATION_ITEM__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _HEAP_INFORMATION_ITEM__bindgen_ty_1 { + pub ProcessHeapInformation: PROCESS_HEAP_INFORMATION, + pub HeapInformation: HEAP_INFORMATION, + pub HeapRegionInformation: HEAP_REGION_INFORMATION, + pub HeapRangeInformation: HEAP_RANGE_INFORMATION, + pub HeapBlockInformation: HEAP_BLOCK_INFORMATION, + pub HeapPerfInformation: HEAP_PERFORMANCE_COUNTERS_INFORMATION, + pub DynamicStart: ULONG_PTR, +} +impl Default for _HEAP_INFORMATION_ITEM__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _HEAP_INFORMATION_ITEM { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type HEAP_INFORMATION_ITEM = _HEAP_INFORMATION_ITEM; +pub type PHEAP_INFORMATION_ITEM = *mut _HEAP_INFORMATION_ITEM; +pub type PRTL_HEAP_EXTENDED_ENUMERATION_ROUTINE = ::core::option::Option< + unsafe extern "C" fn(Information: PHEAP_INFORMATION_ITEM, Context: PVOID) -> NTSTATUS, +>; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _HEAP_EXTENDED_INFORMATION { + pub ProcessHandle: HANDLE, + pub HeapHandle: PVOID, + pub Level: ULONG, + pub CallbackRoutine: PRTL_HEAP_EXTENDED_ENUMERATION_ROUTINE, + pub CallbackContext: PVOID, + pub __bindgen_anon_1: _HEAP_EXTENDED_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _HEAP_EXTENDED_INFORMATION__bindgen_ty_1 { + pub ProcessHeapInformation: PROCESS_HEAP_INFORMATION, + pub HeapInformation: HEAP_INFORMATION, +} +impl Default for _HEAP_EXTENDED_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _HEAP_EXTENDED_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type HEAP_EXTENDED_INFORMATION = _HEAP_EXTENDED_INFORMATION; +pub type PHEAP_EXTENDED_INFORMATION = *mut _HEAP_EXTENDED_INFORMATION; +pub type RTL_HEAP_STACK_WRITE_ROUTINE = ::core::option::Option< + unsafe extern "C" fn(Information: PVOID, Size: ULONG, Context: PVOID) -> NTSTATUS, +>; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTLP_HEAP_STACK_TRACE_SERIALIZATION_INIT { + pub Count: ULONG, + pub Total: ULONG, + pub Flags: ULONG, +} +pub type RTLP_HEAP_STACK_TRACE_SERIALIZATION_INIT = _RTLP_HEAP_STACK_TRACE_SERIALIZATION_INIT; +pub type PRTLP_HEAP_STACK_TRACE_SERIALIZATION_INIT = *mut _RTLP_HEAP_STACK_TRACE_SERIALIZATION_INIT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTLP_HEAP_STACK_TRACE_SERIALIZATION_HEADER { + pub Version: USHORT, + pub PointerSize: USHORT, + pub Heap: PVOID, + pub TotalCommit: SIZE_T, + pub TotalReserve: SIZE_T, +} +impl Default for _RTLP_HEAP_STACK_TRACE_SERIALIZATION_HEADER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTLP_HEAP_STACK_TRACE_SERIALIZATION_HEADER = _RTLP_HEAP_STACK_TRACE_SERIALIZATION_HEADER; +pub type PRTLP_HEAP_STACK_TRACE_SERIALIZATION_HEADER = + *mut _RTLP_HEAP_STACK_TRACE_SERIALIZATION_HEADER; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTLP_HEAP_STACK_TRACE_SERIALIZATION_ALLOCATION { + pub Address: PVOID, + pub Flags: ULONG, + pub DataSize: SIZE_T, +} +impl Default for _RTLP_HEAP_STACK_TRACE_SERIALIZATION_ALLOCATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTLP_HEAP_STACK_TRACE_SERIALIZATION_ALLOCATION = + _RTLP_HEAP_STACK_TRACE_SERIALIZATION_ALLOCATION; +pub type PRTLP_HEAP_STACK_TRACE_SERIALIZATION_ALLOCATION = + *mut _RTLP_HEAP_STACK_TRACE_SERIALIZATION_ALLOCATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTLP_HEAP_STACK_TRACE_SERIALIZATION_STACKFRAME { + pub StackFrame: [PVOID; 8usize], +} +impl Default for _RTLP_HEAP_STACK_TRACE_SERIALIZATION_STACKFRAME { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTLP_HEAP_STACK_TRACE_SERIALIZATION_STACKFRAME = + _RTLP_HEAP_STACK_TRACE_SERIALIZATION_STACKFRAME; +pub type PRTLP_HEAP_STACK_TRACE_SERIALIZATION_STACKFRAME = + *mut _RTLP_HEAP_STACK_TRACE_SERIALIZATION_STACKFRAME; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_HEAP_STACK_QUERY { + pub Version: ULONG, + pub ProcessHandle: HANDLE, + pub WriteRoutine: RTL_HEAP_STACK_WRITE_ROUTINE, + pub SerializationContext: PVOID, + pub QueryLevel: UCHAR, + pub Flags: UCHAR, +} +impl Default for _RTL_HEAP_STACK_QUERY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_HEAP_STACK_QUERY = _RTL_HEAP_STACK_QUERY; +pub type PRTL_HEAP_STACK_QUERY = *mut _RTL_HEAP_STACK_QUERY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_HEAP_STACK_CONTROL { + pub Version: USHORT, + pub Flags: USHORT, + pub ProcessHandle: HANDLE, +} +impl Default for _RTL_HEAP_STACK_CONTROL { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_HEAP_STACK_CONTROL = _RTL_HEAP_STACK_CONTROL; +pub type PRTL_HEAP_STACK_CONTROL = *mut _RTL_HEAP_STACK_CONTROL; +pub type PRTL_HEAP_DEBUGGING_INTERCEPTOR_ROUTINE = ::core::option::Option< + unsafe extern "C" fn( + HeapHandle: PVOID, + Action: ULONG, + StackFramesToCapture: ULONG, + StackTrace: *mut PVOID, + ) -> NTSTATUS, +>; +pub type PRTL_HEAP_LEAK_ENUMERATION_ROUTINE = ::core::option::Option< + unsafe extern "C" fn( + Reserved: LONG, + HeapHandle: PVOID, + BaseAddress: PVOID, + BlockSize: SIZE_T, + StackTraceDepth: ULONG, + StackTrace: *mut PVOID, + ) -> NTSTATUS, +>; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _HEAP_DEBUGGING_INFORMATION { + pub InterceptorFunction: PRTL_HEAP_DEBUGGING_INTERCEPTOR_ROUTINE, + pub InterceptorValue: USHORT, + pub ExtendedOptions: ULONG, + pub StackTraceDepth: ULONG, + pub MinTotalBlockSize: SIZE_T, + pub MaxTotalBlockSize: SIZE_T, + pub HeapLeakEnumerationRoutine: PRTL_HEAP_LEAK_ENUMERATION_ROUTINE, +} +pub type HEAP_DEBUGGING_INFORMATION = _HEAP_DEBUGGING_INFORMATION; +pub type PHEAP_DEBUGGING_INFORMATION = *mut _HEAP_DEBUGGING_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_MEMORY_ZONE_SEGMENT { + pub NextSegment: *mut _RTL_MEMORY_ZONE_SEGMENT, + pub Size: SIZE_T, + pub Next: PVOID, + pub Limit: PVOID, +} +impl Default for _RTL_MEMORY_ZONE_SEGMENT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_MEMORY_ZONE_SEGMENT = _RTL_MEMORY_ZONE_SEGMENT; +pub type PRTL_MEMORY_ZONE_SEGMENT = *mut _RTL_MEMORY_ZONE_SEGMENT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_MEMORY_ZONE { + pub Segment: RTL_MEMORY_ZONE_SEGMENT, + pub Lock: RTL_SRWLOCK, + pub LockCount: ULONG, + pub FirstSegment: PRTL_MEMORY_ZONE_SEGMENT, +} +impl Default for _RTL_MEMORY_ZONE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_MEMORY_ZONE = _RTL_MEMORY_ZONE; +pub type PRTL_MEMORY_ZONE = *mut _RTL_MEMORY_ZONE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_PROCESS_VERIFIER_OPTIONS { + pub SizeStruct: ULONG, + pub Option: ULONG, + pub OptionData: [UCHAR; 1usize], +} +pub type RTL_PROCESS_VERIFIER_OPTIONS = _RTL_PROCESS_VERIFIER_OPTIONS; +pub type PRTL_PROCESS_VERIFIER_OPTIONS = *mut _RTL_PROCESS_VERIFIER_OPTIONS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_DEBUG_INFORMATION { + pub SectionHandleClient: HANDLE, + pub ViewBaseClient: PVOID, + pub ViewBaseTarget: PVOID, + pub ViewBaseDelta: ULONG_PTR, + pub EventPairClient: HANDLE, + pub EventPairTarget: HANDLE, + pub TargetProcessId: HANDLE, + pub TargetThreadHandle: HANDLE, + pub Flags: ULONG, + pub OffsetFree: SIZE_T, + pub CommitSize: SIZE_T, + pub ViewSize: SIZE_T, + pub __bindgen_anon_1: _RTL_DEBUG_INFORMATION__bindgen_ty_1, + pub BackTraces: PRTL_PROCESS_BACKTRACES, + pub Heaps: PVOID, + pub Locks: PRTL_PROCESS_LOCKS, + pub SpecificHeap: PVOID, + pub TargetProcessHandle: HANDLE, + pub VerifierOptions: PRTL_PROCESS_VERIFIER_OPTIONS, + pub ProcessHeap: PVOID, + pub CriticalSectionHandle: HANDLE, + pub CriticalSectionOwnerThread: HANDLE, + pub Reserved: [PVOID; 4usize], +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_DEBUG_INFORMATION__bindgen_ty_1 { + pub Modules: PRTL_PROCESS_MODULES, + pub ModulesEx: PRTL_PROCESS_MODULE_INFORMATION_EX, +} +impl Default for _RTL_DEBUG_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _RTL_DEBUG_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_DEBUG_INFORMATION = _RTL_DEBUG_INFORMATION; +pub type PRTL_DEBUG_INFORMATION = *mut _RTL_DEBUG_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _PARSE_MESSAGE_CONTEXT { + pub fFlags: ULONG, + pub cwSavColumn: ULONG, + pub iwSrc: SIZE_T, + pub iwDst: SIZE_T, + pub iwDstSpace: SIZE_T, + pub lpvArgStart: va_list, +} +impl Default for _PARSE_MESSAGE_CONTEXT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PARSE_MESSAGE_CONTEXT = _PARSE_MESSAGE_CONTEXT; +pub type PPARSE_MESSAGE_CONTEXT = *mut _PARSE_MESSAGE_CONTEXT; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct in_addr { + _unused: [u8; 0], +} +pub type IN_ADDR = in_addr; +pub type PIN_ADDR = *mut in_addr; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct in6_addr { + _unused: [u8; 0], +} +pub type IN6_ADDR = in6_addr; +pub type PIN6_ADDR = *mut in6_addr; +pub type PCIN_ADDR = *const IN_ADDR; +pub type PCIN6_ADDR = *const IN6_ADDR; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TIME_FIELDS { + pub Year: CSHORT, + pub Month: CSHORT, + pub Day: CSHORT, + pub Hour: CSHORT, + pub Minute: CSHORT, + pub Second: CSHORT, + pub Milliseconds: CSHORT, + pub Weekday: CSHORT, +} +pub type TIME_FIELDS = _TIME_FIELDS; +pub type PTIME_FIELDS = *mut _TIME_FIELDS; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_TIME_ZONE_INFORMATION { + pub Bias: LONG, + pub StandardName: [WCHAR; 32usize], + pub StandardStart: TIME_FIELDS, + pub StandardBias: LONG, + pub DaylightName: [WCHAR; 32usize], + pub DaylightStart: TIME_FIELDS, + pub DaylightBias: LONG, +} +pub type RTL_TIME_ZONE_INFORMATION = _RTL_TIME_ZONE_INFORMATION; +pub type PRTL_TIME_ZONE_INFORMATION = *mut _RTL_TIME_ZONE_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_BITMAP { + pub SizeOfBitMap: ULONG, + pub Buffer: PULONG, +} +impl Default for _RTL_BITMAP { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_BITMAP = _RTL_BITMAP; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_BITMAP_RUN { + pub StartingIndex: ULONG, + pub NumberOfBits: ULONG, +} +pub type RTL_BITMAP_RUN = _RTL_BITMAP_RUN; +pub type PRTL_BITMAP_RUN = *mut _RTL_BITMAP_RUN; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_BITMAP_EX { + pub SizeOfBitMap: ULONG64, + pub Buffer: PULONG64, +} +impl Default for _RTL_BITMAP_EX { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_BITMAP_EX = _RTL_BITMAP_EX; +pub type PRTL_BITMAP_EX = *mut _RTL_BITMAP_EX; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_HANDLE_TABLE_ENTRY { + pub __bindgen_anon_1: _RTL_HANDLE_TABLE_ENTRY__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_HANDLE_TABLE_ENTRY__bindgen_ty_1 { + pub Flags: ULONG, + pub NextFree: *mut _RTL_HANDLE_TABLE_ENTRY, +} +impl Default for _RTL_HANDLE_TABLE_ENTRY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _RTL_HANDLE_TABLE_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_HANDLE_TABLE_ENTRY = _RTL_HANDLE_TABLE_ENTRY; +pub type PRTL_HANDLE_TABLE_ENTRY = *mut _RTL_HANDLE_TABLE_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_HANDLE_TABLE { + pub MaximumNumberOfHandles: ULONG, + pub SizeOfHandleTableEntry: ULONG, + pub Reserved: [ULONG; 2usize], + pub FreeHandles: PRTL_HANDLE_TABLE_ENTRY, + pub CommittedHandles: PRTL_HANDLE_TABLE_ENTRY, + pub UnCommittedHandles: PRTL_HANDLE_TABLE_ENTRY, + pub MaxReservedHandles: PRTL_HANDLE_TABLE_ENTRY, +} +impl Default for _RTL_HANDLE_TABLE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_HANDLE_TABLE = _RTL_HANDLE_TABLE; +pub type PRTL_HANDLE_TABLE = *mut _RTL_HANDLE_TABLE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _COMPOUND_ACCESS_ALLOWED_ACE { + pub Header: ACE_HEADER, + pub Mask: ACCESS_MASK, + pub CompoundAceType: USHORT, + pub Reserved: USHORT, + pub SidStart: ULONG, +} +pub type COMPOUND_ACCESS_ALLOWED_ACE = _COMPOUND_ACCESS_ALLOWED_ACE; +pub type PCOMPOUND_ACCESS_ALLOWED_ACE = *mut _COMPOUND_ACCESS_ALLOWED_ACE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_ACE_DATA { + pub AceType: UCHAR, + pub InheritFlags: UCHAR, + pub AceFlags: UCHAR, + pub AccessMask: ACCESS_MASK, + pub Sid: *mut PSID, +} +impl Default for _RTL_ACE_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_ACE_DATA = _RTL_ACE_DATA; +pub type PRTL_ACE_DATA = *mut _RTL_ACE_DATA; +pub type PRTL_START_POOL_THREAD = ::core::option::Option< + unsafe extern "C" fn(arg1: PTHREAD_START_ROUTINE, arg2: PVOID, arg3: PHANDLE) -> NTSTATUS, +>; +pub type PRTL_EXIT_POOL_THREAD = + ::core::option::Option NTSTATUS>; +pub type PRTL_QUERY_REGISTRY_ROUTINE = ::core::option::Option< + unsafe extern "C" fn( + arg1: PWSTR, + arg2: ULONG, + arg3: PVOID, + arg4: ULONG, + arg5: PVOID, + arg6: PVOID, + ) -> NTSTATUS, +>; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_QUERY_REGISTRY_TABLE { + pub QueryRoutine: PRTL_QUERY_REGISTRY_ROUTINE, + pub Flags: ULONG, + pub Name: PWSTR, + pub EntryContext: PVOID, + pub DefaultType: ULONG, + pub DefaultData: PVOID, + pub DefaultLength: ULONG, +} +impl Default for _RTL_QUERY_REGISTRY_TABLE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_QUERY_REGISTRY_TABLE = _RTL_QUERY_REGISTRY_TABLE; +pub type PRTL_QUERY_REGISTRY_TABLE = *mut _RTL_QUERY_REGISTRY_TABLE; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_ELEVATION_FLAGS { + pub Flags: ULONG, + pub __bindgen_anon_1: _RTL_ELEVATION_FLAGS__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_ELEVATION_FLAGS__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _RTL_ELEVATION_FLAGS__bindgen_ty_1 { + #[inline] + pub fn ElevationEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_ElevationEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn VirtualizationEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_VirtualizationEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn InstallerDetectEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_InstallerDetectEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedBits(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 29u8) as u32) } + } + #[inline] + pub fn set_ReservedBits(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 29u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ElevationEnabled: ULONG, + VirtualizationEnabled: ULONG, + InstallerDetectEnabled: ULONG, + ReservedBits: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ElevationEnabled: u32 = unsafe { ::core::mem::transmute(ElevationEnabled) }; + ElevationEnabled as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let VirtualizationEnabled: u32 = unsafe { ::core::mem::transmute(VirtualizationEnabled) }; + VirtualizationEnabled as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let InstallerDetectEnabled: u32 = + unsafe { ::core::mem::transmute(InstallerDetectEnabled) }; + InstallerDetectEnabled as u64 + }); + __bindgen_bitfield_unit.set(3usize, 29u8, { + let ReservedBits: u32 = unsafe { ::core::mem::transmute(ReservedBits) }; + ReservedBits as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _RTL_ELEVATION_FLAGS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_ELEVATION_FLAGS = _RTL_ELEVATION_FLAGS; +pub type PRTL_ELEVATION_FLAGS = *mut _RTL_ELEVATION_FLAGS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_UNLOAD_EVENT_TRACE { + pub BaseAddress: PVOID, + pub SizeOfImage: SIZE_T, + pub Sequence: ULONG, + pub TimeDateStamp: ULONG, + pub CheckSum: ULONG, + pub ImageName: [WCHAR; 32usize], + pub Version: [ULONG; 2usize], +} +impl Default for _RTL_UNLOAD_EVENT_TRACE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_UNLOAD_EVENT_TRACE = _RTL_UNLOAD_EVENT_TRACE; +pub type PRTL_UNLOAD_EVENT_TRACE = *mut _RTL_UNLOAD_EVENT_TRACE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_UNLOAD_EVENT_TRACE32 { + pub BaseAddress: ULONG, + pub SizeOfImage: ULONG, + pub Sequence: ULONG, + pub TimeDateStamp: ULONG, + pub CheckSum: ULONG, + pub ImageName: [WCHAR; 32usize], + pub Version: [ULONG; 2usize], +} +pub type RTL_UNLOAD_EVENT_TRACE32 = _RTL_UNLOAD_EVENT_TRACE32; +pub type PRTL_UNLOAD_EVENT_TRACE32 = *mut _RTL_UNLOAD_EVENT_TRACE32; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _IMAGE_MITIGATION_POLICY { + ImageDepPolicy = 0, + ImageAslrPolicy = 1, + ImageDynamicCodePolicy = 2, + ImageStrictHandleCheckPolicy = 3, + ImageSystemCallDisablePolicy = 4, + ImageMitigationOptionsMask = 5, + ImageExtensionPointDisablePolicy = 6, + ImageControlFlowGuardPolicy = 7, + ImageSignaturePolicy = 8, + ImageFontDisablePolicy = 9, + ImageImageLoadPolicy = 10, + ImagePayloadRestrictionPolicy = 11, + ImageChildProcessPolicy = 12, + ImageSehopPolicy = 13, + ImageHeapPolicy = 14, + ImageUserShadowStackPolicy = 15, + ImageRedirectionTrustPolicy = 16, + ImageUserPointerAuthPolicy = 17, + MaxImageMitigationPolicy = 18, +} +pub use self::_IMAGE_MITIGATION_POLICY as IMAGE_MITIGATION_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_IMAGE_MITIGATION_POLICY { + pub __bindgen_anon_1: _RTL_IMAGE_MITIGATION_POLICY__bindgen_ty_1, + pub __bindgen_anon_2: _RTL_IMAGE_MITIGATION_POLICY__bindgen_ty_2, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_POLICY__bindgen_ty_1 { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl _RTL_IMAGE_MITIGATION_POLICY__bindgen_ty_1 { + #[inline] + pub fn AuditState(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 2u8) as u64) } + } + #[inline] + pub fn set_AuditState(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 2u8, val as u64) + } + } + #[inline] + pub fn AuditFlag(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u64) } + } + #[inline] + pub fn set_AuditFlag(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableAdditionalAuditingOption(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u64) } + } + #[inline] + pub fn set_EnableAdditionalAuditingOption(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 60u8) as u64) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 60u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + AuditState: ULONG64, + AuditFlag: ULONG64, + EnableAdditionalAuditingOption: ULONG64, + Reserved: ULONG64, + ) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 2u8, { + let AuditState: u64 = unsafe { ::core::mem::transmute(AuditState) }; + AuditState as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let AuditFlag: u64 = unsafe { ::core::mem::transmute(AuditFlag) }; + AuditFlag as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let EnableAdditionalAuditingOption: u64 = + unsafe { ::core::mem::transmute(EnableAdditionalAuditingOption) }; + EnableAdditionalAuditingOption as u64 + }); + __bindgen_bitfield_unit.set(4usize, 60u8, { + let Reserved: u64 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_POLICY__bindgen_ty_2 { + pub _bitfield_align_1: [u64; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 8usize]>, +} +impl _RTL_IMAGE_MITIGATION_POLICY__bindgen_ty_2 { + #[inline] + pub fn PolicyState(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 2u8) as u64) } + } + #[inline] + pub fn set_PolicyState(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 2u8, val as u64) + } + } + #[inline] + pub fn AlwaysInherit(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u64) } + } + #[inline] + pub fn set_AlwaysInherit(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn EnableAdditionalPolicyOption(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u64) } + } + #[inline] + pub fn set_EnableAdditionalPolicyOption(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn AuditReserved(&self) -> ULONG64 { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 60u8) as u64) } + } + #[inline] + pub fn set_AuditReserved(&mut self, val: ULONG64) { + unsafe { + let val: u64 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 60u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + PolicyState: ULONG64, + AlwaysInherit: ULONG64, + EnableAdditionalPolicyOption: ULONG64, + AuditReserved: ULONG64, + ) -> __BindgenBitfieldUnit<[u8; 8usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 8usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 2u8, { + let PolicyState: u64 = unsafe { ::core::mem::transmute(PolicyState) }; + PolicyState as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let AlwaysInherit: u64 = unsafe { ::core::mem::transmute(AlwaysInherit) }; + AlwaysInherit as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let EnableAdditionalPolicyOption: u64 = + unsafe { ::core::mem::transmute(EnableAdditionalPolicyOption) }; + EnableAdditionalPolicyOption as u64 + }); + __bindgen_bitfield_unit.set(4usize, 60u8, { + let AuditReserved: u64 = unsafe { ::core::mem::transmute(AuditReserved) }; + AuditReserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _RTL_IMAGE_MITIGATION_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_POLICY = _RTL_IMAGE_MITIGATION_POLICY; +pub type PRTL_IMAGE_MITIGATION_POLICY = *mut _RTL_IMAGE_MITIGATION_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_DEP_POLICY { + pub Dep: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_DEP_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_DEP_POLICY = _RTL_IMAGE_MITIGATION_DEP_POLICY; +pub type PRTL_IMAGE_MITIGATION_DEP_POLICY = *mut _RTL_IMAGE_MITIGATION_DEP_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_ASLR_POLICY { + pub ForceRelocateImages: RTL_IMAGE_MITIGATION_POLICY, + pub BottomUpRandomization: RTL_IMAGE_MITIGATION_POLICY, + pub HighEntropyRandomization: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_ASLR_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_ASLR_POLICY = _RTL_IMAGE_MITIGATION_ASLR_POLICY; +pub type PRTL_IMAGE_MITIGATION_ASLR_POLICY = *mut _RTL_IMAGE_MITIGATION_ASLR_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY { + pub BlockDynamicCode: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY = _RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY; +pub type PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY = *mut _RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY { + pub StrictHandleChecks: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY = + _RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY; +pub type PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY = + *mut _RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { + pub BlockWin32kSystemCalls: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY = + _RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY; +pub type PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY = + *mut _RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { + pub DisableExtensionPoints: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY = + _RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY; +pub type PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY = + *mut _RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY { + pub ControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY, + pub StrictControlFlowGuard: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY = + _RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY; +pub type PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY = + *mut _RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY { + pub BlockNonMicrosoftSignedBinaries: RTL_IMAGE_MITIGATION_POLICY, + pub EnforceSigningOnModuleDependencies: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY = + _RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY; +pub type PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY = + *mut _RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY { + pub DisableNonSystemFonts: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY = _RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY; +pub type PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY = *mut _RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY { + pub BlockRemoteImageLoads: RTL_IMAGE_MITIGATION_POLICY, + pub BlockLowLabelImageLoads: RTL_IMAGE_MITIGATION_POLICY, + pub PreferSystem32: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY = _RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY; +pub type PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY = *mut _RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY { + pub EnableExportAddressFilter: RTL_IMAGE_MITIGATION_POLICY, + pub EnableExportAddressFilterPlus: RTL_IMAGE_MITIGATION_POLICY, + pub EnableImportAddressFilter: RTL_IMAGE_MITIGATION_POLICY, + pub EnableRopStackPivot: RTL_IMAGE_MITIGATION_POLICY, + pub EnableRopCallerCheck: RTL_IMAGE_MITIGATION_POLICY, + pub EnableRopSimExec: RTL_IMAGE_MITIGATION_POLICY, + pub EafPlusModuleList: [WCHAR; 512usize], +} +impl Default for _RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY = + _RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY; +pub type PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY = + *mut _RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY { + pub DisallowChildProcessCreation: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY = _RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY; +pub type PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY = + *mut _RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_SEHOP_POLICY { + pub Sehop: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_SEHOP_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_SEHOP_POLICY = _RTL_IMAGE_MITIGATION_SEHOP_POLICY; +pub type PRTL_IMAGE_MITIGATION_SEHOP_POLICY = *mut _RTL_IMAGE_MITIGATION_SEHOP_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_HEAP_POLICY { + pub TerminateOnHeapErrors: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_HEAP_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_HEAP_POLICY = _RTL_IMAGE_MITIGATION_HEAP_POLICY; +pub type PRTL_IMAGE_MITIGATION_HEAP_POLICY = *mut _RTL_IMAGE_MITIGATION_HEAP_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY { + pub UserShadowStack: RTL_IMAGE_MITIGATION_POLICY, + pub SetContextIpValidation: RTL_IMAGE_MITIGATION_POLICY, + pub BlockNonCetBinaries: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY = + _RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY; +pub type PRTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY = + *mut _RTL_IMAGE_MITIGATION_USER_SHADOW_STACK_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY { + pub BlockUntrustedRedirections: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY = + _RTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY; +pub type PRTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY = + *mut _RTL_IMAGE_MITIGATION_REDIRECTION_TRUST_POLICY; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY { + pub PointerAuthUserIp: RTL_IMAGE_MITIGATION_POLICY, +} +impl Default for _RTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY = + _RTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY; +pub type PRTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY = + *mut _RTL_IMAGE_MITIGATION_USER_POINTER_AUTH_POLICY; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _RTL_IMAGE_MITIGATION_OPTION_STATE { + RtlMitigationOptionStateNotConfigured = 0, + RtlMitigationOptionStateOn = 1, + RtlMitigationOptionStateOff = 2, + RtlMitigationOptionStateForce = 3, + RtlMitigationOptionStateOption = 4, +} +pub use self::_RTL_IMAGE_MITIGATION_OPTION_STATE as RTL_IMAGE_MITIGATION_OPTION_STATE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _APPCONTAINER_SID_TYPE { + NotAppContainerSidType = 0, + ChildAppContainerSidType = 1, + ParentAppContainerSidType = 2, + InvalidAppContainerSidType = 3, + MaxAppContainerSidType = 4, +} +pub use self::_APPCONTAINER_SID_TYPE as APPCONTAINER_SID_TYPE; +pub type PAPPCONTAINER_SID_TYPE = *mut _APPCONTAINER_SID_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _STATE_LOCATION_TYPE { + LocationTypeRegistry = 0, + LocationTypeFileSystem = 1, + LocationTypeMaximum = 2, +} +pub use self::_STATE_LOCATION_TYPE as STATE_LOCATION_TYPE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PS_PKG_CLAIM { + pub Flags: ULONG, + pub Origin: ULONG, +} +pub type PS_PKG_CLAIM = _PS_PKG_CLAIM; +pub type PPS_PKG_CLAIM = *mut _PS_PKG_CLAIM; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _RTL_BSD_ITEM_TYPE { + RtlBsdItemVersionNumber = 0, + RtlBsdItemProductType = 1, + RtlBsdItemAabEnabled = 2, + RtlBsdItemAabTimeout = 3, + RtlBsdItemBootGood = 4, + RtlBsdItemBootShutdown = 5, + RtlBsdSleepInProgress = 6, + RtlBsdPowerTransition = 7, + RtlBsdItemBootAttemptCount = 8, + RtlBsdItemBootCheckpoint = 9, + RtlBsdItemBootId = 10, + RtlBsdItemShutdownBootId = 11, + RtlBsdItemReportedAbnormalShutdownBootId = 12, + RtlBsdItemErrorInfo = 13, + RtlBsdItemPowerButtonPressInfo = 14, + RtlBsdItemChecksum = 15, + RtlBsdPowerTransitionExtension = 16, + RtlBsdItemFeatureConfigurationState = 17, + RtlBsdItemMax = 18, +} +pub use self::_RTL_BSD_ITEM_TYPE as RTL_BSD_ITEM_TYPE; +#[repr(C)] +pub struct _RTL_BSD_DATA_POWER_TRANSITION { + pub PowerButtonTimestamp: LARGE_INTEGER, + pub Flags: _RTL_BSD_DATA_POWER_TRANSITION__bindgen_ty_1, + pub ConnectedStandbyScenarioInstanceId: UCHAR, + pub ConnectedStandbyEntryReason: UCHAR, + pub ConnectedStandbyExitReason: UCHAR, + pub SystemSleepTransitionCount: USHORT, + pub LastReferenceTime: LARGE_INTEGER, + pub LastReferenceTimeChecksum: ULONG, + pub LastUpdateBootId: ULONG, +} +#[repr(C)] +pub struct _RTL_BSD_DATA_POWER_TRANSITION__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, +} +impl Default for _RTL_BSD_DATA_POWER_TRANSITION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _RTL_BSD_DATA_POWER_TRANSITION__bindgen_ty_1 { + #[inline] + pub fn SystemRunning(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } + } + #[inline] + pub fn set_SystemRunning(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ConnectedStandbyInProgress(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u8) } + } + #[inline] + pub fn set_ConnectedStandbyInProgress(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn UserShutdownInProgress(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u8) } + } + #[inline] + pub fn set_UserShutdownInProgress(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn SystemShutdownInProgress(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u8) } + } + #[inline] + pub fn set_SystemShutdownInProgress(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn SleepInProgress(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 4u8) as u8) } + } + #[inline] + pub fn set_SleepInProgress(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 4u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + SystemRunning: BOOLEAN, + ConnectedStandbyInProgress: BOOLEAN, + UserShutdownInProgress: BOOLEAN, + SystemShutdownInProgress: BOOLEAN, + SleepInProgress: BOOLEAN, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let SystemRunning: u8 = unsafe { ::core::mem::transmute(SystemRunning) }; + SystemRunning as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let ConnectedStandbyInProgress: u8 = + unsafe { ::core::mem::transmute(ConnectedStandbyInProgress) }; + ConnectedStandbyInProgress as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let UserShutdownInProgress: u8 = unsafe { ::core::mem::transmute(UserShutdownInProgress) }; + UserShutdownInProgress as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let SystemShutdownInProgress: u8 = + unsafe { ::core::mem::transmute(SystemShutdownInProgress) }; + SystemShutdownInProgress as u64 + }); + __bindgen_bitfield_unit.set(4usize, 4u8, { + let SleepInProgress: u8 = unsafe { ::core::mem::transmute(SleepInProgress) }; + SleepInProgress as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _RTL_BSD_DATA_POWER_TRANSITION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_BSD_DATA_POWER_TRANSITION = _RTL_BSD_DATA_POWER_TRANSITION; +pub type PRTL_BSD_DATA_POWER_TRANSITION = *mut _RTL_BSD_DATA_POWER_TRANSITION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_BSD_DATA_ERROR_INFO { + pub BootId: ULONG, + pub RepeatCount: ULONG, + pub OtherErrorCount: ULONG, + pub Code: ULONG, + pub OtherErrorCount2: ULONG, +} +pub type RTL_BSD_DATA_ERROR_INFO = _RTL_BSD_DATA_ERROR_INFO; +pub type PRTL_BSD_DATA_ERROR_INFO = *mut _RTL_BSD_DATA_ERROR_INFO; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_BSD_POWER_BUTTON_PRESS_INFO { + pub LastPressTime: LARGE_INTEGER, + pub CumulativePressCount: ULONG, + pub LastPressBootId: USHORT, + pub LastPowerWatchdogStage: UCHAR, + pub Flags: _RTL_BSD_POWER_BUTTON_PRESS_INFO__bindgen_ty_1, + pub LastReleaseTime: LARGE_INTEGER, + pub CumulativeReleaseCount: ULONG, + pub LastReleaseBootId: USHORT, + pub ErrorCount: USHORT, + pub CurrentConnectedStandbyPhase: UCHAR, + pub TransitionLatestCheckpointId: ULONG, + pub TransitionLatestCheckpointType: ULONG, + pub TransitionLatestCheckpointSequenceNumber: ULONG, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_BSD_POWER_BUTTON_PRESS_INFO__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, +} +impl _RTL_BSD_POWER_BUTTON_PRESS_INFO__bindgen_ty_1 { + #[inline] + pub fn WatchdogArmed(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } + } + #[inline] + pub fn set_WatchdogArmed(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ShutdownInProgress(&self) -> UCHAR { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u8) } + } + #[inline] + pub fn set_ShutdownInProgress(&mut self, val: UCHAR) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + WatchdogArmed: UCHAR, + ShutdownInProgress: UCHAR, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let WatchdogArmed: u8 = unsafe { ::core::mem::transmute(WatchdogArmed) }; + WatchdogArmed as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let ShutdownInProgress: u8 = unsafe { ::core::mem::transmute(ShutdownInProgress) }; + ShutdownInProgress as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _RTL_BSD_POWER_BUTTON_PRESS_INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_BSD_POWER_BUTTON_PRESS_INFO = _RTL_BSD_POWER_BUTTON_PRESS_INFO; +pub type PRTL_BSD_POWER_BUTTON_PRESS_INFO = *mut _RTL_BSD_POWER_BUTTON_PRESS_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RTL_BSD_ITEM { + pub Type: RTL_BSD_ITEM_TYPE, + pub DataBuffer: PVOID, + pub DataLength: ULONG, +} +impl Default for _RTL_BSD_ITEM { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_BSD_ITEM = _RTL_BSD_ITEM; +pub type PRTL_BSD_ITEM = *mut _RTL_BSD_ITEM; +pub type PRTL_SECURE_MEMORY_CACHE_CALLBACK = + ::core::option::Option NTSTATUS>; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct __RTL_FEATURE_USAGE_REPORT { + pub FeatureId: ULONG, + pub ReportingKind: USHORT, + pub ReportingOptions: USHORT, +} +pub type RTL_FEATURE_USAGE_REPORT = __RTL_FEATURE_USAGE_REPORT; +pub type PRTL_FEATURE_USAGE_REPORT = *mut __RTL_FEATURE_USAGE_REPORT; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _RTL_FEATURE_CONFIGURATION_TYPE { + RtlFeatureConfigurationBoot = 0, + RtlFeatureConfigurationRuntime = 1, + RtlFeatureConfigurationCount = 2, +} +pub use self::_RTL_FEATURE_CONFIGURATION_TYPE as RTL_FEATURE_CONFIGURATION_TYPE; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_FEATURE_CONFIGURATION { + pub FeatureId: ULONG, + pub __bindgen_anon_1: _RTL_FEATURE_CONFIGURATION__bindgen_ty_1, + pub VariantPayload: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_FEATURE_CONFIGURATION__bindgen_ty_1 { + pub Flags: ULONG, + pub __bindgen_anon_1: _RTL_FEATURE_CONFIGURATION__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_FEATURE_CONFIGURATION__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _RTL_FEATURE_CONFIGURATION__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn Priority(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 4u8) as u32) } + } + #[inline] + pub fn set_Priority(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 4u8, val as u64) + } + } + #[inline] + pub fn EnabledState(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 2u8) as u32) } + } + #[inline] + pub fn set_EnabledState(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 2u8, val as u64) + } + } + #[inline] + pub fn IsWexpConfiguration(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_IsWexpConfiguration(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn HasSubscriptions(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u32) } + } + #[inline] + pub fn set_HasSubscriptions(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn Variant(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 6u8) as u32) } + } + #[inline] + pub fn set_Variant(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 6u8, val as u64) + } + } + #[inline] + pub fn VariantPayloadKind(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(14usize, 2u8) as u32) } + } + #[inline] + pub fn set_VariantPayloadKind(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(14usize, 2u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 16u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 16u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Priority: ULONG, + EnabledState: ULONG, + IsWexpConfiguration: ULONG, + HasSubscriptions: ULONG, + Variant: ULONG, + VariantPayloadKind: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 4u8, { + let Priority: u32 = unsafe { ::core::mem::transmute(Priority) }; + Priority as u64 + }); + __bindgen_bitfield_unit.set(4usize, 2u8, { + let EnabledState: u32 = unsafe { ::core::mem::transmute(EnabledState) }; + EnabledState as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let IsWexpConfiguration: u32 = unsafe { ::core::mem::transmute(IsWexpConfiguration) }; + IsWexpConfiguration as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let HasSubscriptions: u32 = unsafe { ::core::mem::transmute(HasSubscriptions) }; + HasSubscriptions as u64 + }); + __bindgen_bitfield_unit.set(8usize, 6u8, { + let Variant: u32 = unsafe { ::core::mem::transmute(Variant) }; + Variant as u64 + }); + __bindgen_bitfield_unit.set(14usize, 2u8, { + let VariantPayloadKind: u32 = unsafe { ::core::mem::transmute(VariantPayloadKind) }; + VariantPayloadKind as u64 + }); + __bindgen_bitfield_unit.set(16usize, 16u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _RTL_FEATURE_CONFIGURATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _RTL_FEATURE_CONFIGURATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_FEATURE_CONFIGURATION = _RTL_FEATURE_CONFIGURATION; +pub type PRTL_FEATURE_CONFIGURATION_CHANGE_NOTIFICATION = + ::core::option::Option; +pub type PRTL_RUN_ONCE_INIT_FN = ::core::option::Option< + unsafe extern "C" fn(arg1: PRTL_RUN_ONCE, arg2: PVOID, arg3: *mut PVOID) -> LOGICAL, +>; +pub type PWNF_USER_CALLBACK = ::core::option::Option< + unsafe extern "C" fn( + arg1: WNF_STATE_NAME, + arg2: WNF_CHANGE_STAMP, + arg3: PWNF_TYPE_ID, + arg4: PVOID, + arg5: *const cty::c_void, + arg6: ULONG, + ) -> NTSTATUS, +>; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_DEBUG_POGO_ENTRY { + pub Rva: ULONG, + pub Size: ULONG, + pub Name: [CHAR; 1usize], +} +pub type IMAGE_DEBUG_POGO_ENTRY = _IMAGE_DEBUG_POGO_ENTRY; +pub type PIMAGE_DEBUG_POGO_ENTRY = *mut _IMAGE_DEBUG_POGO_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_DEBUG_POGO_SIGNATURE { + pub Signature: ULONG, +} +pub type IMAGE_DEBUG_POGO_SIGNATURE = _IMAGE_DEBUG_POGO_SIGNATURE; +pub type PIMAGE_DEBUG_POGO_SIGNATURE = *mut _IMAGE_DEBUG_POGO_SIGNATURE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_RELOCATION_RECORD { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>, +} +impl _IMAGE_RELOCATION_RECORD { + #[inline] + pub fn Offset(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 12u8) as u16) } + } + #[inline] + pub fn set_Offset(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 12u8, val as u64) + } + } + #[inline] + pub fn Type(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 4u8) as u16) } + } + #[inline] + pub fn set_Type(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 4u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Offset: USHORT, Type: USHORT) -> __BindgenBitfieldUnit<[u8; 2usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 12u8, { + let Offset: u16 = unsafe { ::core::mem::transmute(Offset) }; + Offset as u64 + }); + __bindgen_bitfield_unit.set(12usize, 4u8, { + let Type: u16 = unsafe { ::core::mem::transmute(Type) }; + Type as u64 + }); + __bindgen_bitfield_unit + } +} +pub type IMAGE_RELOCATION_RECORD = _IMAGE_RELOCATION_RECORD; +pub type PIMAGE_RELOCATION_RECORD = *mut _IMAGE_RELOCATION_RECORD; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_CHPE_METADATA_X86 { + pub Version: ULONG, + pub CHPECodeAddressRangeOffset: ULONG, + pub CHPECodeAddressRangeCount: ULONG, + pub WowA64ExceptionHandlerFunctionPointer: ULONG, + pub WowA64DispatchCallFunctionPointer: ULONG, + pub WowA64DispatchIndirectCallFunctionPointer: ULONG, + pub WowA64DispatchIndirectCallCfgFunctionPointer: ULONG, + pub WowA64DispatchRetFunctionPointer: ULONG, + pub WowA64DispatchRetLeafFunctionPointer: ULONG, + pub WowA64DispatchJumpFunctionPointer: ULONG, + pub CompilerIATPointer: ULONG, + pub WowA64RdtscFunctionPointer: ULONG, +} +pub type IMAGE_CHPE_METADATA_X86 = _IMAGE_CHPE_METADATA_X86; +pub type PIMAGE_CHPE_METADATA_X86 = *mut _IMAGE_CHPE_METADATA_X86; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _IMAGE_CHPE_RANGE_ENTRY { + pub __bindgen_anon_1: _IMAGE_CHPE_RANGE_ENTRY__bindgen_ty_1, + pub Length: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _IMAGE_CHPE_RANGE_ENTRY__bindgen_ty_1 { + pub StartOffset: ULONG, + pub __bindgen_anon_1: _IMAGE_CHPE_RANGE_ENTRY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_CHPE_RANGE_ENTRY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _IMAGE_CHPE_RANGE_ENTRY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn NativeCode(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_NativeCode(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn AddressBits(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_AddressBits(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + NativeCode: ULONG, + AddressBits: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let NativeCode: u32 = unsafe { ::core::mem::transmute(NativeCode) }; + NativeCode as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let AddressBits: u32 = unsafe { ::core::mem::transmute(AddressBits) }; + AddressBits as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _IMAGE_CHPE_RANGE_ENTRY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _IMAGE_CHPE_RANGE_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type IMAGE_CHPE_RANGE_ENTRY = _IMAGE_CHPE_RANGE_ENTRY; +pub type PIMAGE_CHPE_RANGE_ENTRY = *mut _IMAGE_CHPE_RANGE_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_ARM64EC_METADATA { + pub Version: ULONG, + pub CodeMap: ULONG, + pub CodeMapCount: ULONG, + pub CodeRangesToEntryPoints: ULONG, + pub RedirectionMetadata: ULONG, + pub tbd__os_arm64x_dispatch_call_no_redirect: ULONG, + pub tbd__os_arm64x_dispatch_ret: ULONG, + pub tbd__os_arm64x_dispatch_call: ULONG, + pub tbd__os_arm64x_dispatch_icall: ULONG, + pub tbd__os_arm64x_dispatch_icall_cfg: ULONG, + pub AlternateEntryPoint: ULONG, + pub AuxiliaryIAT: ULONG, + pub CodeRangesToEntryPointsCount: ULONG, + pub RedirectionMetadataCount: ULONG, + pub GetX64InformationFunctionPointer: ULONG, + pub SetX64InformationFunctionPointer: ULONG, + pub ExtraRFETable: ULONG, + pub ExtraRFETableSize: ULONG, + pub __os_arm64x_dispatch_fptr: ULONG, + pub AuxiliaryIATCopy: ULONG, +} +pub type IMAGE_ARM64EC_METADATA = _IMAGE_ARM64EC_METADATA; +pub type PIMAGE_ARM64EC_METADATA = *mut _IMAGE_ARM64EC_METADATA; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _IMAGE_ARM64EC_CODE_MAP_ENTRY { + pub __bindgen_anon_1: _IMAGE_ARM64EC_CODE_MAP_ENTRY__bindgen_ty_1, + pub Length: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _IMAGE_ARM64EC_CODE_MAP_ENTRY__bindgen_ty_1 { + pub StartOffset: ULONG, + pub __bindgen_anon_1: _IMAGE_ARM64EC_CODE_MAP_ENTRY__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_ARM64EC_CODE_MAP_ENTRY__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _IMAGE_ARM64EC_CODE_MAP_ENTRY__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn Type(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 2u8) as u32) } + } + #[inline] + pub fn set_Type(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 2u8, val as u64) + } + } + #[inline] + pub fn AddressBits(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 30u8) as u32) } + } + #[inline] + pub fn set_AddressBits(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 30u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Type: ULONG, AddressBits: ULONG) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 2u8, { + let Type: u32 = unsafe { ::core::mem::transmute(Type) }; + Type as u64 + }); + __bindgen_bitfield_unit.set(2usize, 30u8, { + let AddressBits: u32 = unsafe { ::core::mem::transmute(AddressBits) }; + AddressBits as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _IMAGE_ARM64EC_CODE_MAP_ENTRY__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _IMAGE_ARM64EC_CODE_MAP_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type IMAGE_ARM64EC_CODE_MAP_ENTRY = _IMAGE_ARM64EC_CODE_MAP_ENTRY; +pub type PIMAGE_ARM64EC_CODE_MAP_ENTRY = *mut _IMAGE_ARM64EC_CODE_MAP_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_ARM64EC_REDIRECTION_ENTRY { + pub Source: ULONG, + pub Destination: ULONG, +} +pub type IMAGE_ARM64EC_REDIRECTION_ENTRY = _IMAGE_ARM64EC_REDIRECTION_ENTRY; +pub type PIMAGE_ARM64EC_REDIRECTION_ENTRY = *mut _IMAGE_ARM64EC_REDIRECTION_ENTRY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_ARM64EC_CODE_RANGE_ENTRY_POINT { + pub StartRva: ULONG, + pub EndRva: ULONG, + pub EntryPoint: ULONG, +} +pub type IMAGE_ARM64EC_CODE_RANGE_ENTRY_POINT = _IMAGE_ARM64EC_CODE_RANGE_ENTRY_POINT; +pub type PIMAGE_ARM64EC_CODE_RANGE_ENTRY_POINT = *mut _IMAGE_ARM64EC_CODE_RANGE_ENTRY_POINT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_DVRT_ARM64X_FIXUP_RECORD { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>, +} +impl _IMAGE_DVRT_ARM64X_FIXUP_RECORD { + #[inline] + pub fn Offset(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 12u8) as u16) } + } + #[inline] + pub fn set_Offset(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 12u8, val as u64) + } + } + #[inline] + pub fn Type(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 2u8) as u16) } + } + #[inline] + pub fn set_Type(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 2u8, val as u64) + } + } + #[inline] + pub fn Size(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(14usize, 2u8) as u16) } + } + #[inline] + pub fn set_Size(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(14usize, 2u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Offset: USHORT, + Type: USHORT, + Size: USHORT, + ) -> __BindgenBitfieldUnit<[u8; 2usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 12u8, { + let Offset: u16 = unsafe { ::core::mem::transmute(Offset) }; + Offset as u64 + }); + __bindgen_bitfield_unit.set(12usize, 2u8, { + let Type: u16 = unsafe { ::core::mem::transmute(Type) }; + Type as u64 + }); + __bindgen_bitfield_unit.set(14usize, 2u8, { + let Size: u16 = unsafe { ::core::mem::transmute(Size) }; + Size as u64 + }); + __bindgen_bitfield_unit + } +} +pub type IMAGE_DVRT_ARM64X_FIXUP_RECORD = _IMAGE_DVRT_ARM64X_FIXUP_RECORD; +pub type PIMAGE_DVRT_ARM64X_FIXUP_RECORD = *mut _IMAGE_DVRT_ARM64X_FIXUP_RECORD; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _IMAGE_DVRT_ARM64X_DELTA_FIXUP_RECORD { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>, +} +impl _IMAGE_DVRT_ARM64X_DELTA_FIXUP_RECORD { + #[inline] + pub fn Offset(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 12u8) as u16) } + } + #[inline] + pub fn set_Offset(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 12u8, val as u64) + } + } + #[inline] + pub fn Type(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 2u8) as u16) } + } + #[inline] + pub fn set_Type(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 2u8, val as u64) + } + } + #[inline] + pub fn Sign(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(14usize, 1u8) as u16) } + } + #[inline] + pub fn set_Sign(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(14usize, 1u8, val as u64) + } + } + #[inline] + pub fn Scale(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(15usize, 1u8) as u16) } + } + #[inline] + pub fn set_Scale(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(15usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + Offset: USHORT, + Type: USHORT, + Sign: USHORT, + Scale: USHORT, + ) -> __BindgenBitfieldUnit<[u8; 2usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 12u8, { + let Offset: u16 = unsafe { ::core::mem::transmute(Offset) }; + Offset as u64 + }); + __bindgen_bitfield_unit.set(12usize, 2u8, { + let Type: u16 = unsafe { ::core::mem::transmute(Type) }; + Type as u64 + }); + __bindgen_bitfield_unit.set(14usize, 1u8, { + let Sign: u16 = unsafe { ::core::mem::transmute(Sign) }; + Sign as u64 + }); + __bindgen_bitfield_unit.set(15usize, 1u8, { + let Scale: u16 = unsafe { ::core::mem::transmute(Scale) }; + Scale as u64 + }); + __bindgen_bitfield_unit + } +} +pub type IMAGE_DVRT_ARM64X_DELTA_FIXUP_RECORD = _IMAGE_DVRT_ARM64X_DELTA_FIXUP_RECORD; +pub type PIMAGE_DVRT_ARM64X_DELTA_FIXUP_RECORD = *mut _IMAGE_DVRT_ARM64X_DELTA_FIXUP_RECORD; +pub type UNALIGNED_PIMAGE_THUNK_DATA32 = *mut IMAGE_THUNK_DATA32; +pub type UNALIGNED_PIMAGE_THUNK_DATA64 = *mut IMAGE_THUNK_DATA64; +#[repr(C)] +pub struct _TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE { + pub Version: ULONG64, + pub Name: UNICODE_STRING, +} +impl Default for _TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE = _TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE; +pub type PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE = *mut _TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { + pub pValue: PVOID, + pub ValueLength: ULONG, +} +impl Default for _TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE = _TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE; +pub type PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE = + *mut _TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE; +#[repr(C)] +pub struct _TOKEN_SECURITY_ATTRIBUTE_V1 { + pub Name: UNICODE_STRING, + pub ValueType: USHORT, + pub Reserved: USHORT, + pub Flags: ULONG, + pub ValueCount: ULONG, + pub Values: _TOKEN_SECURITY_ATTRIBUTE_V1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _TOKEN_SECURITY_ATTRIBUTE_V1__bindgen_ty_1 { + pub pInt64: PLONG64, + pub pUint64: PULONG64, + pub pString: PUNICODE_STRING, + pub pFqbn: PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE, + pub pOctetString: PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, +} +impl Default for _TOKEN_SECURITY_ATTRIBUTE_V1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _TOKEN_SECURITY_ATTRIBUTE_V1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TOKEN_SECURITY_ATTRIBUTE_V1 = _TOKEN_SECURITY_ATTRIBUTE_V1; +pub type PTOKEN_SECURITY_ATTRIBUTE_V1 = *mut _TOKEN_SECURITY_ATTRIBUTE_V1; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _TOKEN_SECURITY_ATTRIBUTES_INFORMATION { + pub Version: USHORT, + pub Reserved: USHORT, + pub AttributeCount: ULONG, + pub Attribute: _TOKEN_SECURITY_ATTRIBUTES_INFORMATION__bindgen_ty_1, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _TOKEN_SECURITY_ATTRIBUTES_INFORMATION__bindgen_ty_1 { + pub pAttributeV1: PTOKEN_SECURITY_ATTRIBUTE_V1, +} +impl Default for _TOKEN_SECURITY_ATTRIBUTES_INFORMATION__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _TOKEN_SECURITY_ATTRIBUTES_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TOKEN_SECURITY_ATTRIBUTES_INFORMATION = _TOKEN_SECURITY_ATTRIBUTES_INFORMATION; +pub type PTOKEN_SECURITY_ATTRIBUTES_INFORMATION = *mut _TOKEN_SECURITY_ATTRIBUTES_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _TOKEN_SECURITY_ATTRIBUTE_OPERATION { + TOKEN_SECURITY_ATTRIBUTE_OPERATION_NONE = 0, + TOKEN_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL = 1, + TOKEN_SECURITY_ATTRIBUTE_OPERATION_ADD = 2, + TOKEN_SECURITY_ATTRIBUTE_OPERATION_DELETE = 3, + TOKEN_SECURITY_ATTRIBUTE_OPERATION_REPLACE = 4, +} +pub use self::_TOKEN_SECURITY_ATTRIBUTE_OPERATION as TOKEN_SECURITY_ATTRIBUTE_OPERATION; +pub type PTOKEN_SECURITY_ATTRIBUTE_OPERATION = *mut _TOKEN_SECURITY_ATTRIBUTE_OPERATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TOKEN_SECURITY_ATTRIBUTES_AND_OPERATION_INFORMATION { + pub Attributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + pub Operations: PTOKEN_SECURITY_ATTRIBUTE_OPERATION, +} +impl Default for _TOKEN_SECURITY_ATTRIBUTES_AND_OPERATION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TOKEN_SECURITY_ATTRIBUTES_AND_OPERATION_INFORMATION = + _TOKEN_SECURITY_ATTRIBUTES_AND_OPERATION_INFORMATION; +pub type PTOKEN_SECURITY_ATTRIBUTES_AND_OPERATION_INFORMATION = + *mut _TOKEN_SECURITY_ATTRIBUTES_AND_OPERATION_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TOKEN_PROCESS_TRUST_LEVEL { + pub TrustLevelSid: PSID, +} +impl Default for _TOKEN_PROCESS_TRUST_LEVEL { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TOKEN_PROCESS_TRUST_LEVEL = _TOKEN_PROCESS_TRUST_LEVEL; +pub type PTOKEN_PROCESS_TRUST_LEVEL = *mut _TOKEN_PROCESS_TRUST_LEVEL; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TP_ALPC { + _unused: [u8; 0], +} +pub type TP_ALPC = _TP_ALPC; +pub type PTP_ALPC = *mut _TP_ALPC; +pub type PTP_ALPC_CALLBACK = ::core::option::Option< + unsafe extern "C" fn(Instance: PTP_CALLBACK_INSTANCE, Context: PVOID, Alpc: PTP_ALPC), +>; +pub type PTP_ALPC_CALLBACK_EX = ::core::option::Option< + unsafe extern "C" fn( + Instance: PTP_CALLBACK_INSTANCE, + Context: PVOID, + Alpc: PTP_ALPC, + ApcContext: PVOID, + ), +>; +pub type PTP_IO_CALLBACK = ::core::option::Option< + unsafe extern "C" fn( + Instance: PTP_CALLBACK_INSTANCE, + Context: PVOID, + ApcContext: PVOID, + IoSB: PIO_STATUS_BLOCK, + Io: PTP_IO, + ), +>; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _TP_TRACE_TYPE { + TpTraceThreadPriority = 1, + TpTraceThreadAffinity = 2, + MaxTpTraceType = 3, +} +pub use self::_TP_TRACE_TYPE as TP_TRACE_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _KCONTINUE_TYPE { + KCONTINUE_UNWIND = 0, + KCONTINUE_RESUME = 1, + KCONTINUE_LONGJUMP = 2, + KCONTINUE_SET = 3, + KCONTINUE_LAST = 4, +} +pub use self::_KCONTINUE_TYPE as KCONTINUE_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _KCONTINUE_ARGUMENT { + pub ContinueType: KCONTINUE_TYPE, + pub ContinueFlags: ULONG, + pub Reserved: [ULONGLONG; 2usize], +} +impl Default for _KCONTINUE_ARGUMENT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type KCONTINUE_ARGUMENT = _KCONTINUE_ARGUMENT; +pub type PKCONTINUE_ARGUMENT = *mut _KCONTINUE_ARGUMENT; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _WOW64_SHARED_INFORMATION { + SharedNtdll32LdrInitializeThunk = 0, + SharedNtdll32KiUserExceptionDispatcher = 1, + SharedNtdll32KiUserApcDispatcher = 2, + SharedNtdll32KiUserCallbackDispatcher = 3, + SharedNtdll32ExpInterlockedPopEntrySListFault = 4, + SharedNtdll32ExpInterlockedPopEntrySListResume = 5, + SharedNtdll32ExpInterlockedPopEntrySListEnd = 6, + SharedNtdll32RtlUserThreadStart = 7, + SharedNtdll32pQueryProcessDebugInformationRemote = 8, + SharedNtdll32BaseAddress = 9, + SharedNtdll32LdrSystemDllInitBlock = 10, + Wow64SharedPageEntriesCount = 11, +} +pub use self::_WOW64_SHARED_INFORMATION as WOW64_SHARED_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _RTL_BALANCED_NODE32 { + pub __bindgen_anon_1: _RTL_BALANCED_NODE32__bindgen_ty_1, + pub __bindgen_anon_2: _RTL_BALANCED_NODE32__bindgen_ty_2, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_BALANCED_NODE32__bindgen_ty_1 { + pub Children: [ULONG; 2usize], + pub __bindgen_anon_1: _RTL_BALANCED_NODE32__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_BALANCED_NODE32__bindgen_ty_1__bindgen_ty_1 { + pub Left: ULONG, + pub Right: ULONG, +} +impl Default for _RTL_BALANCED_NODE32__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _RTL_BALANCED_NODE32__bindgen_ty_2 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, + pub ParentValue: ULONG, +} +impl Default for _RTL_BALANCED_NODE32__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _RTL_BALANCED_NODE32__bindgen_ty_2 { + #[inline] + pub fn Red(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_Red(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Balance(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 2u8) as u32) } + } + #[inline] + pub fn set_Balance(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 2u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(Red: ULONG, Balance: ULONG) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let Red: u32 = unsafe { ::core::mem::transmute(Red) }; + Red as u64 + }); + __bindgen_bitfield_unit.set(1usize, 2u8, { + let Balance: u32 = unsafe { ::core::mem::transmute(Balance) }; + Balance as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _RTL_BALANCED_NODE32 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type RTL_BALANCED_NODE32 = _RTL_BALANCED_NODE32; +pub type PRTL_BALANCED_NODE32 = *mut _RTL_BALANCED_NODE32; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_RB_TREE32 { + pub Root: ULONG, + pub Min: ULONG, +} +pub type RTL_RB_TREE32 = _RTL_RB_TREE32; +pub type PRTL_RB_TREE32 = *mut _RTL_RB_TREE32; +#[repr(C)] +pub struct _PEB_LDR_DATA32 { + pub Length: ULONG, + pub Initialized: BOOLEAN, + pub SsHandle: ULONG, + pub InLoadOrderModuleList: LIST_ENTRY32, + pub InMemoryOrderModuleList: LIST_ENTRY32, + pub InInitializationOrderModuleList: LIST_ENTRY32, + pub EntryInProgress: ULONG, + pub ShutdownInProgress: BOOLEAN, + pub ShutdownThreadId: ULONG, +} +impl Default for _PEB_LDR_DATA32 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PEB_LDR_DATA32 = _PEB_LDR_DATA32; +pub type PPEB_LDR_DATA32 = *mut _PEB_LDR_DATA32; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _LDR_SERVICE_TAG_RECORD32 { + pub Next: ULONG, + pub ServiceTag: ULONG, +} +pub type LDR_SERVICE_TAG_RECORD32 = _LDR_SERVICE_TAG_RECORD32; +pub type PLDR_SERVICE_TAG_RECORD32 = *mut _LDR_SERVICE_TAG_RECORD32; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _LDRP_CSLIST32 { + pub Tail: ULONG, +} +pub type LDRP_CSLIST32 = _LDRP_CSLIST32; +pub type PLDRP_CSLIST32 = *mut _LDRP_CSLIST32; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _LDR_DDAG_NODE32 { + pub Modules: LIST_ENTRY32, + pub ServiceTagList: ULONG, + pub LoadCount: ULONG, + pub LoadWhileUnloadingCount: ULONG, + pub LowestLink: ULONG, + pub __bindgen_anon_1: _LDR_DDAG_NODE32__bindgen_ty_1, + pub IncomingDependencies: LDRP_CSLIST32, + pub State: LDR_DDAG_STATE, + pub CondenseLink: SINGLE_LIST_ENTRY32, + pub PreorderNumber: ULONG, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _LDR_DDAG_NODE32__bindgen_ty_1 { + pub Dependencies: LDRP_CSLIST32, + pub RemovalLink: SINGLE_LIST_ENTRY32, +} +impl Default for _LDR_DDAG_NODE32__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _LDR_DDAG_NODE32 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_DDAG_NODE32 = _LDR_DDAG_NODE32; +pub type PLDR_DDAG_NODE32 = *mut _LDR_DDAG_NODE32; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _LDR_DATA_TABLE_ENTRY32 { + pub InLoadOrderLinks: LIST_ENTRY32, + pub InMemoryOrderLinks: LIST_ENTRY32, + pub __bindgen_anon_1: _LDR_DATA_TABLE_ENTRY32__bindgen_ty_1, + pub DllBase: ULONG, + pub EntryPoint: ULONG, + pub SizeOfImage: ULONG, + pub FullDllName: UNICODE_STRING32, + pub BaseDllName: UNICODE_STRING32, + pub __bindgen_anon_2: _LDR_DATA_TABLE_ENTRY32__bindgen_ty_2, + pub ObsoleteLoadCount: USHORT, + pub TlsIndex: USHORT, + pub HashLinks: LIST_ENTRY32, + pub TimeDateStamp: ULONG, + pub EntryPointActivationContext: ULONG, + pub Lock: ULONG, + pub DdagNode: ULONG, + pub NodeModuleLink: LIST_ENTRY32, + pub LoadContext: ULONG, + pub ParentDllBase: ULONG, + pub SwitchBackContext: ULONG, + pub BaseAddressIndexNode: RTL_BALANCED_NODE32, + pub MappingInfoIndexNode: RTL_BALANCED_NODE32, + pub OriginalBase: ULONG, + pub LoadTime: LARGE_INTEGER, + pub BaseNameHashValue: ULONG, + pub LoadReason: LDR_DLL_LOAD_REASON, + pub ImplicitPathOptions: ULONG, + pub ReferenceCount: ULONG, + pub DependentLoadFlags: ULONG, + pub SigningLevel: UCHAR, + pub CheckSum: ULONG, + pub ActivePatchImageBase: ULONG, + pub HotPatchState: LDR_HOT_PATCH_STATE, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _LDR_DATA_TABLE_ENTRY32__bindgen_ty_1 { + pub InInitializationOrderLinks: LIST_ENTRY32, + pub InProgressLinks: LIST_ENTRY32, +} +impl Default for _LDR_DATA_TABLE_ENTRY32__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _LDR_DATA_TABLE_ENTRY32__bindgen_ty_2 { + pub FlagGroup: [UCHAR; 4usize], + pub Flags: ULONG, + pub __bindgen_anon_1: _LDR_DATA_TABLE_ENTRY32__bindgen_ty_2__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _LDR_DATA_TABLE_ENTRY32__bindgen_ty_2__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _LDR_DATA_TABLE_ENTRY32__bindgen_ty_2__bindgen_ty_1 { + #[inline] + pub fn PackagedBinary(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_PackagedBinary(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn MarkedForRemoval(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_MarkedForRemoval(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ImageDll(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_ImageDll(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn LoadNotificationsSent(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_LoadNotificationsSent(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn TelemetryEntryProcessed(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_TelemetryEntryProcessed(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessStaticImport(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessStaticImport(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn InLegacyLists(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u32) } + } + #[inline] + pub fn set_InLegacyLists(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn InIndexes(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u32) } + } + #[inline] + pub fn set_InIndexes(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn ShimDll(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u32) } + } + #[inline] + pub fn set_ShimDll(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn InExceptionTable(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u32) } + } + #[inline] + pub fn set_InExceptionTable(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags1(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 2u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags1(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 2u8, val as u64) + } + } + #[inline] + pub fn LoadInProgress(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 1u8) as u32) } + } + #[inline] + pub fn set_LoadInProgress(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 1u8, val as u64) + } + } + #[inline] + pub fn LoadConfigProcessed(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(13usize, 1u8) as u32) } + } + #[inline] + pub fn set_LoadConfigProcessed(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(13usize, 1u8, val as u64) + } + } + #[inline] + pub fn EntryProcessed(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(14usize, 1u8) as u32) } + } + #[inline] + pub fn set_EntryProcessed(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(14usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProtectDelayLoad(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(15usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProtectDelayLoad(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(15usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags3(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(16usize, 2u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags3(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(16usize, 2u8, val as u64) + } + } + #[inline] + pub fn DontCallForThreads(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(18usize, 1u8) as u32) } + } + #[inline] + pub fn set_DontCallForThreads(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(18usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessAttachCalled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(19usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessAttachCalled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(19usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessAttachFailed(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(20usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessAttachFailed(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(20usize, 1u8, val as u64) + } + } + #[inline] + pub fn CorDeferredValidate(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(21usize, 1u8) as u32) } + } + #[inline] + pub fn set_CorDeferredValidate(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(21usize, 1u8, val as u64) + } + } + #[inline] + pub fn CorImage(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(22usize, 1u8) as u32) } + } + #[inline] + pub fn set_CorImage(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(22usize, 1u8, val as u64) + } + } + #[inline] + pub fn DontRelocate(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(23usize, 1u8) as u32) } + } + #[inline] + pub fn set_DontRelocate(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(23usize, 1u8, val as u64) + } + } + #[inline] + pub fn CorILOnly(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(24usize, 1u8) as u32) } + } + #[inline] + pub fn set_CorILOnly(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(24usize, 1u8, val as u64) + } + } + #[inline] + pub fn ChpeImage(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(25usize, 1u8) as u32) } + } + #[inline] + pub fn set_ChpeImage(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(25usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags5(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(26usize, 2u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags5(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(26usize, 2u8, val as u64) + } + } + #[inline] + pub fn Redirected(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(28usize, 1u8) as u32) } + } + #[inline] + pub fn set_Redirected(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(28usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedFlags6(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(29usize, 2u8) as u32) } + } + #[inline] + pub fn set_ReservedFlags6(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(29usize, 2u8, val as u64) + } + } + #[inline] + pub fn CompatDatabaseProcessed(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(31usize, 1u8) as u32) } + } + #[inline] + pub fn set_CompatDatabaseProcessed(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(31usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + PackagedBinary: ULONG, + MarkedForRemoval: ULONG, + ImageDll: ULONG, + LoadNotificationsSent: ULONG, + TelemetryEntryProcessed: ULONG, + ProcessStaticImport: ULONG, + InLegacyLists: ULONG, + InIndexes: ULONG, + ShimDll: ULONG, + InExceptionTable: ULONG, + ReservedFlags1: ULONG, + LoadInProgress: ULONG, + LoadConfigProcessed: ULONG, + EntryProcessed: ULONG, + ProtectDelayLoad: ULONG, + ReservedFlags3: ULONG, + DontCallForThreads: ULONG, + ProcessAttachCalled: ULONG, + ProcessAttachFailed: ULONG, + CorDeferredValidate: ULONG, + CorImage: ULONG, + DontRelocate: ULONG, + CorILOnly: ULONG, + ChpeImage: ULONG, + ReservedFlags5: ULONG, + Redirected: ULONG, + ReservedFlags6: ULONG, + CompatDatabaseProcessed: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let PackagedBinary: u32 = unsafe { ::core::mem::transmute(PackagedBinary) }; + PackagedBinary as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let MarkedForRemoval: u32 = unsafe { ::core::mem::transmute(MarkedForRemoval) }; + MarkedForRemoval as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let ImageDll: u32 = unsafe { ::core::mem::transmute(ImageDll) }; + ImageDll as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let LoadNotificationsSent: u32 = unsafe { ::core::mem::transmute(LoadNotificationsSent) }; + LoadNotificationsSent as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let TelemetryEntryProcessed: u32 = + unsafe { ::core::mem::transmute(TelemetryEntryProcessed) }; + TelemetryEntryProcessed as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let ProcessStaticImport: u32 = unsafe { ::core::mem::transmute(ProcessStaticImport) }; + ProcessStaticImport as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let InLegacyLists: u32 = unsafe { ::core::mem::transmute(InLegacyLists) }; + InLegacyLists as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let InIndexes: u32 = unsafe { ::core::mem::transmute(InIndexes) }; + InIndexes as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let ShimDll: u32 = unsafe { ::core::mem::transmute(ShimDll) }; + ShimDll as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let InExceptionTable: u32 = unsafe { ::core::mem::transmute(InExceptionTable) }; + InExceptionTable as u64 + }); + __bindgen_bitfield_unit.set(10usize, 2u8, { + let ReservedFlags1: u32 = unsafe { ::core::mem::transmute(ReservedFlags1) }; + ReservedFlags1 as u64 + }); + __bindgen_bitfield_unit.set(12usize, 1u8, { + let LoadInProgress: u32 = unsafe { ::core::mem::transmute(LoadInProgress) }; + LoadInProgress as u64 + }); + __bindgen_bitfield_unit.set(13usize, 1u8, { + let LoadConfigProcessed: u32 = unsafe { ::core::mem::transmute(LoadConfigProcessed) }; + LoadConfigProcessed as u64 + }); + __bindgen_bitfield_unit.set(14usize, 1u8, { + let EntryProcessed: u32 = unsafe { ::core::mem::transmute(EntryProcessed) }; + EntryProcessed as u64 + }); + __bindgen_bitfield_unit.set(15usize, 1u8, { + let ProtectDelayLoad: u32 = unsafe { ::core::mem::transmute(ProtectDelayLoad) }; + ProtectDelayLoad as u64 + }); + __bindgen_bitfield_unit.set(16usize, 2u8, { + let ReservedFlags3: u32 = unsafe { ::core::mem::transmute(ReservedFlags3) }; + ReservedFlags3 as u64 + }); + __bindgen_bitfield_unit.set(18usize, 1u8, { + let DontCallForThreads: u32 = unsafe { ::core::mem::transmute(DontCallForThreads) }; + DontCallForThreads as u64 + }); + __bindgen_bitfield_unit.set(19usize, 1u8, { + let ProcessAttachCalled: u32 = unsafe { ::core::mem::transmute(ProcessAttachCalled) }; + ProcessAttachCalled as u64 + }); + __bindgen_bitfield_unit.set(20usize, 1u8, { + let ProcessAttachFailed: u32 = unsafe { ::core::mem::transmute(ProcessAttachFailed) }; + ProcessAttachFailed as u64 + }); + __bindgen_bitfield_unit.set(21usize, 1u8, { + let CorDeferredValidate: u32 = unsafe { ::core::mem::transmute(CorDeferredValidate) }; + CorDeferredValidate as u64 + }); + __bindgen_bitfield_unit.set(22usize, 1u8, { + let CorImage: u32 = unsafe { ::core::mem::transmute(CorImage) }; + CorImage as u64 + }); + __bindgen_bitfield_unit.set(23usize, 1u8, { + let DontRelocate: u32 = unsafe { ::core::mem::transmute(DontRelocate) }; + DontRelocate as u64 + }); + __bindgen_bitfield_unit.set(24usize, 1u8, { + let CorILOnly: u32 = unsafe { ::core::mem::transmute(CorILOnly) }; + CorILOnly as u64 + }); + __bindgen_bitfield_unit.set(25usize, 1u8, { + let ChpeImage: u32 = unsafe { ::core::mem::transmute(ChpeImage) }; + ChpeImage as u64 + }); + __bindgen_bitfield_unit.set(26usize, 2u8, { + let ReservedFlags5: u32 = unsafe { ::core::mem::transmute(ReservedFlags5) }; + ReservedFlags5 as u64 + }); + __bindgen_bitfield_unit.set(28usize, 1u8, { + let Redirected: u32 = unsafe { ::core::mem::transmute(Redirected) }; + Redirected as u64 + }); + __bindgen_bitfield_unit.set(29usize, 2u8, { + let ReservedFlags6: u32 = unsafe { ::core::mem::transmute(ReservedFlags6) }; + ReservedFlags6 as u64 + }); + __bindgen_bitfield_unit.set(31usize, 1u8, { + let CompatDatabaseProcessed: u32 = + unsafe { ::core::mem::transmute(CompatDatabaseProcessed) }; + CompatDatabaseProcessed as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _LDR_DATA_TABLE_ENTRY32__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _LDR_DATA_TABLE_ENTRY32 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LDR_DATA_TABLE_ENTRY32 = _LDR_DATA_TABLE_ENTRY32; +pub type PLDR_DATA_TABLE_ENTRY32 = *mut _LDR_DATA_TABLE_ENTRY32; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CURDIR32 { + pub DosPath: UNICODE_STRING32, + pub Handle: ULONG, +} +pub type CURDIR32 = _CURDIR32; +pub type PCURDIR32 = *mut _CURDIR32; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_DRIVE_LETTER_CURDIR32 { + pub Flags: USHORT, + pub Length: USHORT, + pub TimeStamp: ULONG, + pub DosPath: STRING32, +} +pub type RTL_DRIVE_LETTER_CURDIR32 = _RTL_DRIVE_LETTER_CURDIR32; +pub type PRTL_DRIVE_LETTER_CURDIR32 = *mut _RTL_DRIVE_LETTER_CURDIR32; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _RTL_USER_PROCESS_PARAMETERS32 { + pub MaximumLength: ULONG, + pub Length: ULONG, + pub Flags: ULONG, + pub DebugFlags: ULONG, + pub ConsoleHandle: ULONG, + pub ConsoleFlags: ULONG, + pub StandardInput: ULONG, + pub StandardOutput: ULONG, + pub StandardError: ULONG, + pub CurrentDirectory: CURDIR32, + pub DllPath: UNICODE_STRING32, + pub ImagePathName: UNICODE_STRING32, + pub CommandLine: UNICODE_STRING32, + pub Environment: ULONG, + pub StartingX: ULONG, + pub StartingY: ULONG, + pub CountX: ULONG, + pub CountY: ULONG, + pub CountCharsX: ULONG, + pub CountCharsY: ULONG, + pub FillAttribute: ULONG, + pub WindowFlags: ULONG, + pub ShowWindowFlags: ULONG, + pub WindowTitle: UNICODE_STRING32, + pub DesktopInfo: UNICODE_STRING32, + pub ShellInfo: UNICODE_STRING32, + pub RuntimeData: UNICODE_STRING32, + pub CurrentDirectories: [RTL_DRIVE_LETTER_CURDIR32; 32usize], + pub EnvironmentSize: ULONG, + pub EnvironmentVersion: ULONG, + pub PackageDependencyData: ULONG, + pub ProcessGroupId: ULONG, + pub LoaderThreads: ULONG, + pub RedirectionDllName: UNICODE_STRING32, + pub HeapPartitionName: UNICODE_STRING32, + pub DefaultThreadpoolCpuSetMasks: ULONG, + pub DefaultThreadpoolCpuSetMaskCount: ULONG, + pub DefaultThreadpoolThreadMaximum: ULONG, +} +pub type RTL_USER_PROCESS_PARAMETERS32 = _RTL_USER_PROCESS_PARAMETERS32; +pub type PRTL_USER_PROCESS_PARAMETERS32 = *mut _RTL_USER_PROCESS_PARAMETERS32; +#[repr(C)] +pub struct _PEB32 { + pub InheritedAddressSpace: BOOLEAN, + pub ReadImageFileExecOptions: BOOLEAN, + pub BeingDebugged: BOOLEAN, + pub __bindgen_anon_1: _PEB32__bindgen_ty_1, + pub Mutant: ULONG, + pub ImageBaseAddress: ULONG, + pub Ldr: ULONG, + pub ProcessParameters: ULONG, + pub SubSystemData: ULONG, + pub ProcessHeap: ULONG, + pub FastPebLock: ULONG, + pub AtlThunkSListPtr: ULONG, + pub IFEOKey: ULONG, + pub __bindgen_anon_2: _PEB32__bindgen_ty_2, + pub __bindgen_anon_3: _PEB32__bindgen_ty_3, + pub SystemReserved: ULONG, + pub AtlThunkSListPtr32: ULONG, + pub ApiSetMap: ULONG, + pub TlsExpansionCounter: ULONG, + pub TlsBitmap: ULONG, + pub TlsBitmapBits: [ULONG; 2usize], + pub ReadOnlySharedMemoryBase: ULONG, + pub SharedData: ULONG, + pub ReadOnlyStaticServerData: ULONG, + pub AnsiCodePageData: ULONG, + pub OemCodePageData: ULONG, + pub UnicodeCaseTableData: ULONG, + pub NumberOfProcessors: ULONG, + pub NtGlobalFlag: ULONG, + pub CriticalSectionTimeout: LARGE_INTEGER, + pub HeapSegmentReserve: ULONG, + pub HeapSegmentCommit: ULONG, + pub HeapDeCommitTotalFreeThreshold: ULONG, + pub HeapDeCommitFreeBlockThreshold: ULONG, + pub NumberOfHeaps: ULONG, + pub MaximumNumberOfHeaps: ULONG, + pub ProcessHeaps: ULONG, + pub GdiSharedHandleTable: ULONG, + pub ProcessStarterHelper: ULONG, + pub GdiDCAttributeList: ULONG, + pub LoaderLock: ULONG, + pub OSMajorVersion: ULONG, + pub OSMinorVersion: ULONG, + pub OSBuildNumber: USHORT, + pub OSCSDVersion: USHORT, + pub OSPlatformId: ULONG, + pub ImageSubsystem: ULONG, + pub ImageSubsystemMajorVersion: ULONG, + pub ImageSubsystemMinorVersion: ULONG, + pub ActiveProcessAffinityMask: ULONG, + pub GdiHandleBuffer: GDI_HANDLE_BUFFER32, + pub PostProcessInitRoutine: ULONG, + pub TlsExpansionBitmap: ULONG, + pub TlsExpansionBitmapBits: [ULONG; 32usize], + pub SessionId: ULONG, + pub AppCompatFlags: ULARGE_INTEGER, + pub AppCompatFlagsUser: ULARGE_INTEGER, + pub pShimData: ULONG, + pub AppCompatInfo: ULONG, + pub CSDVersion: UNICODE_STRING32, + pub ActivationContextData: ULONG, + pub ProcessAssemblyStorageMap: ULONG, + pub SystemDefaultActivationContextData: ULONG, + pub SystemAssemblyStorageMap: ULONG, + pub MinimumStackCommit: ULONG, + pub SparePointers: [ULONG; 2usize], + pub PatchLoaderData: ULONG, + pub ChpeV2ProcessInfo: ULONG, + pub AppModelFeatureState: ULONG, + pub SpareUlongs: [ULONG; 2usize], + pub ActiveCodePage: USHORT, + pub OemCodePage: USHORT, + pub UseCaseMapping: USHORT, + pub UnusedNlsField: USHORT, + pub WerRegistrationData: ULONG, + pub WerShipAssertPtr: ULONG, + pub __bindgen_anon_4: _PEB32__bindgen_ty_4, + pub pImageHeaderHash: ULONG, + pub __bindgen_anon_5: _PEB32__bindgen_ty_5, + pub CsrServerReadOnlySharedMemoryBase: ULONGLONG, + pub TppWorkerpListLock: ULONG, + pub TppWorkerpList: LIST_ENTRY32, + pub WaitOnAddressHashTable: [ULONG; 128usize], + pub TelemetryCoverageHeader: ULONG, + pub CloudFileFlags: ULONG, + pub CloudFileDiagFlags: ULONG, + pub PlaceholderCompatibilityMode: CHAR, + pub PlaceholderCompatibilityModeReserved: [CHAR; 7usize], + pub LeapSecondData: ULONG, + pub __bindgen_anon_6: _PEB32__bindgen_ty_6, + pub NtGlobalFlag2: ULONG, + pub ExtendedFeatureDisableMask: ULONGLONG, +} +#[repr(C)] +pub union _PEB32__bindgen_ty_1 { + pub BitField: ::core::mem::ManuallyDrop, + pub __bindgen_anon_1: ::core::mem::ManuallyDrop<_PEB32__bindgen_ty_1__bindgen_ty_1>, +} +#[repr(C)] +pub struct _PEB32__bindgen_ty_1__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>, +} +impl Default for _PEB32__bindgen_ty_1__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _PEB32__bindgen_ty_1__bindgen_ty_1 { + #[inline] + pub fn ImageUsesLargePages(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } + } + #[inline] + pub fn set_ImageUsesLargePages(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsProtectedProcess(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u8) } + } + #[inline] + pub fn set_IsProtectedProcess(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsImageDynamicallyRelocated(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u8) } + } + #[inline] + pub fn set_IsImageDynamicallyRelocated(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn SkipPatchingUser32Forwarders(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u8) } + } + #[inline] + pub fn set_SkipPatchingUser32Forwarders(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsPackagedProcess(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u8) } + } + #[inline] + pub fn set_IsPackagedProcess(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsAppContainer(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u8) } + } + #[inline] + pub fn set_IsAppContainer(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsProtectedProcessLight(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u8) } + } + #[inline] + pub fn set_IsProtectedProcessLight(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn IsLongPathAwareProcess(&self) -> BOOLEAN { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u8) } + } + #[inline] + pub fn set_IsLongPathAwareProcess(&mut self, val: BOOLEAN) { + unsafe { + let val: u8 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ImageUsesLargePages: BOOLEAN, + IsProtectedProcess: BOOLEAN, + IsImageDynamicallyRelocated: BOOLEAN, + SkipPatchingUser32Forwarders: BOOLEAN, + IsPackagedProcess: BOOLEAN, + IsAppContainer: BOOLEAN, + IsProtectedProcessLight: BOOLEAN, + IsLongPathAwareProcess: BOOLEAN, + ) -> __BindgenBitfieldUnit<[u8; 1usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ImageUsesLargePages: u8 = unsafe { ::core::mem::transmute(ImageUsesLargePages) }; + ImageUsesLargePages as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let IsProtectedProcess: u8 = unsafe { ::core::mem::transmute(IsProtectedProcess) }; + IsProtectedProcess as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let IsImageDynamicallyRelocated: u8 = + unsafe { ::core::mem::transmute(IsImageDynamicallyRelocated) }; + IsImageDynamicallyRelocated as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let SkipPatchingUser32Forwarders: u8 = + unsafe { ::core::mem::transmute(SkipPatchingUser32Forwarders) }; + SkipPatchingUser32Forwarders as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let IsPackagedProcess: u8 = unsafe { ::core::mem::transmute(IsPackagedProcess) }; + IsPackagedProcess as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let IsAppContainer: u8 = unsafe { ::core::mem::transmute(IsAppContainer) }; + IsAppContainer as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let IsProtectedProcessLight: u8 = + unsafe { ::core::mem::transmute(IsProtectedProcessLight) }; + IsProtectedProcessLight as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let IsLongPathAwareProcess: u8 = unsafe { ::core::mem::transmute(IsLongPathAwareProcess) }; + IsLongPathAwareProcess as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PEB32__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PEB32__bindgen_ty_2 { + pub CrossProcessFlags: ULONG, + pub __bindgen_anon_1: _PEB32__bindgen_ty_2__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PEB32__bindgen_ty_2__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PEB32__bindgen_ty_2__bindgen_ty_1 { + #[inline] + pub fn ProcessInJob(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessInJob(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessInitializing(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessInitializing(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessUsingVEH(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessUsingVEH(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessUsingVCH(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessUsingVCH(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn ProcessUsingFTH(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) } + } + #[inline] + pub fn set_ProcessUsingFTH(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn ReservedBits0(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 27u8) as u32) } + } + #[inline] + pub fn set_ReservedBits0(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 27u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + ProcessInJob: ULONG, + ProcessInitializing: ULONG, + ProcessUsingVEH: ULONG, + ProcessUsingVCH: ULONG, + ProcessUsingFTH: ULONG, + ReservedBits0: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let ProcessInJob: u32 = unsafe { ::core::mem::transmute(ProcessInJob) }; + ProcessInJob as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let ProcessInitializing: u32 = unsafe { ::core::mem::transmute(ProcessInitializing) }; + ProcessInitializing as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let ProcessUsingVEH: u32 = unsafe { ::core::mem::transmute(ProcessUsingVEH) }; + ProcessUsingVEH as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let ProcessUsingVCH: u32 = unsafe { ::core::mem::transmute(ProcessUsingVCH) }; + ProcessUsingVCH as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let ProcessUsingFTH: u32 = unsafe { ::core::mem::transmute(ProcessUsingFTH) }; + ProcessUsingFTH as u64 + }); + __bindgen_bitfield_unit.set(5usize, 27u8, { + let ReservedBits0: u32 = unsafe { ::core::mem::transmute(ReservedBits0) }; + ReservedBits0 as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PEB32__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PEB32__bindgen_ty_3 { + pub KernelCallbackTable: ULONG, + pub UserSharedInfoPtr: ULONG, +} +impl Default for _PEB32__bindgen_ty_3 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PEB32__bindgen_ty_4 { + pub pContextData: ULONG, + pub pUnused: ULONG, + pub EcCodeBitMap: ULONG, +} +impl Default for _PEB32__bindgen_ty_4 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PEB32__bindgen_ty_5 { + pub TracingFlags: ULONG, + pub __bindgen_anon_1: _PEB32__bindgen_ty_5__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PEB32__bindgen_ty_5__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PEB32__bindgen_ty_5__bindgen_ty_1 { + #[inline] + pub fn HeapTracingEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_HeapTracingEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn CritSecTracingEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) } + } + #[inline] + pub fn set_CritSecTracingEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn LibLoaderTracingEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) } + } + #[inline] + pub fn set_LibLoaderTracingEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpareTracingBits(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 29u8) as u32) } + } + #[inline] + pub fn set_SpareTracingBits(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 29u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + HeapTracingEnabled: ULONG, + CritSecTracingEnabled: ULONG, + LibLoaderTracingEnabled: ULONG, + SpareTracingBits: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let HeapTracingEnabled: u32 = unsafe { ::core::mem::transmute(HeapTracingEnabled) }; + HeapTracingEnabled as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let CritSecTracingEnabled: u32 = unsafe { ::core::mem::transmute(CritSecTracingEnabled) }; + CritSecTracingEnabled as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let LibLoaderTracingEnabled: u32 = + unsafe { ::core::mem::transmute(LibLoaderTracingEnabled) }; + LibLoaderTracingEnabled as u64 + }); + __bindgen_bitfield_unit.set(3usize, 29u8, { + let SpareTracingBits: u32 = unsafe { ::core::mem::transmute(SpareTracingBits) }; + SpareTracingBits as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PEB32__bindgen_ty_5 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _PEB32__bindgen_ty_6 { + pub LeapSecondFlags: ULONG, + pub __bindgen_anon_1: _PEB32__bindgen_ty_6__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _PEB32__bindgen_ty_6__bindgen_ty_1 { + pub _bitfield_align_1: [u32; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _PEB32__bindgen_ty_6__bindgen_ty_1 { + #[inline] + pub fn SixtySecondEnabled(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) } + } + #[inline] + pub fn set_SixtySecondEnabled(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 31u8) as u32) } + } + #[inline] + pub fn set_Reserved(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 31u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + SixtySecondEnabled: ULONG, + Reserved: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let SixtySecondEnabled: u32 = unsafe { ::core::mem::transmute(SixtySecondEnabled) }; + SixtySecondEnabled as u64 + }); + __bindgen_bitfield_unit.set(1usize, 31u8, { + let Reserved: u32 = unsafe { ::core::mem::transmute(Reserved) }; + Reserved as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _PEB32__bindgen_ty_6 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _PEB32 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PEB32 = _PEB32; +pub type PPEB32 = *mut _PEB32; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _GDI_TEB_BATCH32 { + pub Offset: ULONG, + pub HDC: ULONG, + pub Buffer: [ULONG; 310usize], +} +impl Default for _GDI_TEB_BATCH32 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type GDI_TEB_BATCH32 = _GDI_TEB_BATCH32; +pub type PGDI_TEB_BATCH32 = *mut _GDI_TEB_BATCH32; +#[repr(C)] +pub struct _TEB32 { + pub NtTib: NT_TIB32, + pub EnvironmentPointer: ULONG, + pub ClientId: CLIENT_ID32, + pub ActiveRpcHandle: ULONG, + pub ThreadLocalStoragePointer: ULONG, + pub ProcessEnvironmentBlock: ULONG, + pub LastErrorValue: ULONG, + pub CountOfOwnedCriticalSections: ULONG, + pub CsrClientThread: ULONG, + pub Win32ThreadInfo: ULONG, + pub User32Reserved: [ULONG; 26usize], + pub UserReserved: [ULONG; 5usize], + pub WOW32Reserved: ULONG, + pub CurrentLocale: LCID, + pub FpSoftwareStatusRegister: ULONG, + pub ReservedForDebuggerInstrumentation: [ULONG; 16usize], + pub SystemReserved1: [ULONG; 36usize], + pub WorkingOnBehalfTicket: [UCHAR; 8usize], + pub ExceptionCode: NTSTATUS, + pub ActivationContextStackPointer: ULONG, + pub InstrumentationCallbackSp: ULONG, + pub InstrumentationCallbackPreviousPc: ULONG, + pub InstrumentationCallbackPreviousSp: ULONG, + pub InstrumentationCallbackDisabled: BOOLEAN, + pub SpareBytes: [UCHAR; 23usize], + pub TxFsContext: ULONG, + pub GdiTebBatch: GDI_TEB_BATCH32, + pub RealClientId: CLIENT_ID32, + pub GdiCachedProcessHandle: ULONG, + pub GdiClientPID: ULONG, + pub GdiClientTID: ULONG, + pub GdiThreadLocalInfo: ULONG, + pub Win32ClientInfo: [ULONG; 62usize], + pub glDispatchTable: [ULONG; 233usize], + pub glReserved1: [ULONG; 29usize], + pub glReserved2: ULONG, + pub glSectionInfo: ULONG, + pub glSection: ULONG, + pub glTable: ULONG, + pub glCurrentRC: ULONG, + pub glContext: ULONG, + pub LastStatusValue: NTSTATUS, + pub StaticUnicodeString: UNICODE_STRING32, + pub StaticUnicodeBuffer: [WCHAR; 261usize], + pub DeallocationStack: ULONG, + pub TlsSlots: [ULONG; 64usize], + pub TlsLinks: LIST_ENTRY32, + pub Vdm: ULONG, + pub ReservedForNtRpc: ULONG, + pub DbgSsReserved: [ULONG; 2usize], + pub HardErrorMode: ULONG, + pub Instrumentation: [ULONG; 9usize], + pub ActivityId: GUID, + pub SubProcessTag: ULONG, + pub PerflibData: ULONG, + pub EtwTraceData: ULONG, + pub WinSockData: ULONG, + pub GdiBatchCount: ULONG, + pub __bindgen_anon_1: _TEB32__bindgen_ty_1, + pub GuaranteedStackBytes: ULONG, + pub ReservedForPerf: ULONG, + pub ReservedForOle: ULONG, + pub WaitingOnLoaderLock: ULONG, + pub SavedPriorityState: ULONG, + pub ReservedForCodeCoverage: ULONG, + pub ThreadPoolData: ULONG, + pub TlsExpansionSlots: ULONG, + pub MuiGeneration: ULONG, + pub IsImpersonating: ULONG, + pub NlsCache: ULONG, + pub pShimData: ULONG, + pub HeapVirtualAffinity: USHORT, + pub LowFragHeapDataSlot: USHORT, + pub CurrentTransactionHandle: ULONG, + pub ActiveFrame: ULONG, + pub FlsData: ULONG, + pub PreferredLanguages: ULONG, + pub UserPrefLanguages: ULONG, + pub MergedPrefLanguages: ULONG, + pub MuiImpersonation: ULONG, + pub __bindgen_anon_2: _TEB32__bindgen_ty_2, + pub __bindgen_anon_3: _TEB32__bindgen_ty_3, + pub TxnScopeEnterCallback: ULONG, + pub TxnScopeExitCallback: ULONG, + pub TxnScopeContext: ULONG, + pub LockCount: ULONG, + pub WowTebOffset: LONG, + pub ResourceRetValue: ULONG, + pub ReservedForWdf: ULONG, + pub ReservedForCrt: ULONGLONG, + pub EffectiveContainerId: GUID, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _TEB32__bindgen_ty_1 { + pub CurrentIdealProcessor: PROCESSOR_NUMBER, + pub IdealProcessorValue: ULONG, + pub __bindgen_anon_1: _TEB32__bindgen_ty_1__bindgen_ty_1, +} +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TEB32__bindgen_ty_1__bindgen_ty_1 { + pub ReservedPad0: UCHAR, + pub ReservedPad1: UCHAR, + pub ReservedPad2: UCHAR, + pub IdealProcessor: UCHAR, +} +impl Default for _TEB32__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _TEB32__bindgen_ty_2 { + pub CrossTebFlags: USHORT, + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>, +} +impl Default for _TEB32__bindgen_ty_2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl _TEB32__bindgen_ty_2 { + #[inline] + pub fn SpareCrossTebBits(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 16u8) as u16) } + } + #[inline] + pub fn set_SpareCrossTebBits(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 16u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1(SpareCrossTebBits: USHORT) -> __BindgenBitfieldUnit<[u8; 2usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 16u8, { + let SpareCrossTebBits: u16 = unsafe { ::core::mem::transmute(SpareCrossTebBits) }; + SpareCrossTebBits as u64 + }); + __bindgen_bitfield_unit + } +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _TEB32__bindgen_ty_3 { + pub SameTebFlags: USHORT, + pub __bindgen_anon_1: _TEB32__bindgen_ty_3__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(2))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _TEB32__bindgen_ty_3__bindgen_ty_1 { + pub _bitfield_align_1: [u8; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 2usize]>, +} +impl _TEB32__bindgen_ty_3__bindgen_ty_1 { + #[inline] + pub fn SafeThunkCall(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u16) } + } + #[inline] + pub fn set_SafeThunkCall(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 1u8, val as u64) + } + } + #[inline] + pub fn InDebugPrint(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u16) } + } + #[inline] + pub fn set_InDebugPrint(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(1usize, 1u8, val as u64) + } + } + #[inline] + pub fn HasFiberData(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u16) } + } + #[inline] + pub fn set_HasFiberData(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(2usize, 1u8, val as u64) + } + } + #[inline] + pub fn SkipThreadAttach(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u16) } + } + #[inline] + pub fn set_SkipThreadAttach(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(3usize, 1u8, val as u64) + } + } + #[inline] + pub fn WerInShipAssertCode(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u16) } + } + #[inline] + pub fn set_WerInShipAssertCode(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(4usize, 1u8, val as u64) + } + } + #[inline] + pub fn RanProcessInit(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(5usize, 1u8) as u16) } + } + #[inline] + pub fn set_RanProcessInit(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(5usize, 1u8, val as u64) + } + } + #[inline] + pub fn ClonedThread(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(6usize, 1u8) as u16) } + } + #[inline] + pub fn set_ClonedThread(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(6usize, 1u8, val as u64) + } + } + #[inline] + pub fn SuppressDebugMsg(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(7usize, 1u8) as u16) } + } + #[inline] + pub fn set_SuppressDebugMsg(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(7usize, 1u8, val as u64) + } + } + #[inline] + pub fn DisableUserStackWalk(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 1u8) as u16) } + } + #[inline] + pub fn set_DisableUserStackWalk(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 1u8, val as u64) + } + } + #[inline] + pub fn RtlExceptionAttached(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(9usize, 1u8) as u16) } + } + #[inline] + pub fn set_RtlExceptionAttached(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(9usize, 1u8, val as u64) + } + } + #[inline] + pub fn InitialThread(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(10usize, 1u8) as u16) } + } + #[inline] + pub fn set_InitialThread(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(10usize, 1u8, val as u64) + } + } + #[inline] + pub fn SessionAware(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(11usize, 1u8) as u16) } + } + #[inline] + pub fn set_SessionAware(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(11usize, 1u8, val as u64) + } + } + #[inline] + pub fn LoadOwner(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 1u8) as u16) } + } + #[inline] + pub fn set_LoadOwner(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 1u8, val as u64) + } + } + #[inline] + pub fn LoaderWorker(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(13usize, 1u8) as u16) } + } + #[inline] + pub fn set_LoaderWorker(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(13usize, 1u8, val as u64) + } + } + #[inline] + pub fn SpareSameTebBits(&self) -> USHORT { + unsafe { ::core::mem::transmute(self._bitfield_1.get(14usize, 2u8) as u16) } + } + #[inline] + pub fn set_SpareSameTebBits(&mut self, val: USHORT) { + unsafe { + let val: u16 = ::core::mem::transmute(val); + self._bitfield_1.set(14usize, 2u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + SafeThunkCall: USHORT, + InDebugPrint: USHORT, + HasFiberData: USHORT, + SkipThreadAttach: USHORT, + WerInShipAssertCode: USHORT, + RanProcessInit: USHORT, + ClonedThread: USHORT, + SuppressDebugMsg: USHORT, + DisableUserStackWalk: USHORT, + RtlExceptionAttached: USHORT, + InitialThread: USHORT, + SessionAware: USHORT, + LoadOwner: USHORT, + LoaderWorker: USHORT, + SpareSameTebBits: USHORT, + ) -> __BindgenBitfieldUnit<[u8; 2usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 2usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 1u8, { + let SafeThunkCall: u16 = unsafe { ::core::mem::transmute(SafeThunkCall) }; + SafeThunkCall as u64 + }); + __bindgen_bitfield_unit.set(1usize, 1u8, { + let InDebugPrint: u16 = unsafe { ::core::mem::transmute(InDebugPrint) }; + InDebugPrint as u64 + }); + __bindgen_bitfield_unit.set(2usize, 1u8, { + let HasFiberData: u16 = unsafe { ::core::mem::transmute(HasFiberData) }; + HasFiberData as u64 + }); + __bindgen_bitfield_unit.set(3usize, 1u8, { + let SkipThreadAttach: u16 = unsafe { ::core::mem::transmute(SkipThreadAttach) }; + SkipThreadAttach as u64 + }); + __bindgen_bitfield_unit.set(4usize, 1u8, { + let WerInShipAssertCode: u16 = unsafe { ::core::mem::transmute(WerInShipAssertCode) }; + WerInShipAssertCode as u64 + }); + __bindgen_bitfield_unit.set(5usize, 1u8, { + let RanProcessInit: u16 = unsafe { ::core::mem::transmute(RanProcessInit) }; + RanProcessInit as u64 + }); + __bindgen_bitfield_unit.set(6usize, 1u8, { + let ClonedThread: u16 = unsafe { ::core::mem::transmute(ClonedThread) }; + ClonedThread as u64 + }); + __bindgen_bitfield_unit.set(7usize, 1u8, { + let SuppressDebugMsg: u16 = unsafe { ::core::mem::transmute(SuppressDebugMsg) }; + SuppressDebugMsg as u64 + }); + __bindgen_bitfield_unit.set(8usize, 1u8, { + let DisableUserStackWalk: u16 = unsafe { ::core::mem::transmute(DisableUserStackWalk) }; + DisableUserStackWalk as u64 + }); + __bindgen_bitfield_unit.set(9usize, 1u8, { + let RtlExceptionAttached: u16 = unsafe { ::core::mem::transmute(RtlExceptionAttached) }; + RtlExceptionAttached as u64 + }); + __bindgen_bitfield_unit.set(10usize, 1u8, { + let InitialThread: u16 = unsafe { ::core::mem::transmute(InitialThread) }; + InitialThread as u64 + }); + __bindgen_bitfield_unit.set(11usize, 1u8, { + let SessionAware: u16 = unsafe { ::core::mem::transmute(SessionAware) }; + SessionAware as u64 + }); + __bindgen_bitfield_unit.set(12usize, 1u8, { + let LoadOwner: u16 = unsafe { ::core::mem::transmute(LoadOwner) }; + LoadOwner as u64 + }); + __bindgen_bitfield_unit.set(13usize, 1u8, { + let LoaderWorker: u16 = unsafe { ::core::mem::transmute(LoaderWorker) }; + LoaderWorker as u64 + }); + __bindgen_bitfield_unit.set(14usize, 2u8, { + let SpareSameTebBits: u16 = unsafe { ::core::mem::transmute(SpareSameTebBits) }; + SpareSameTebBits as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _TEB32__bindgen_ty_3 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _TEB32 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TEB32 = _TEB32; +pub type PTEB32 = *mut _TEB32; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _WOW64_EXECUTE_OPTIONS { + pub Flags: ULONG, + pub __bindgen_anon_1: _WOW64_EXECUTE_OPTIONS__bindgen_ty_1, +} +#[repr(C)] +#[repr(align(4))] +#[derive(Debug, Default, Copy, Clone)] +pub struct _WOW64_EXECUTE_OPTIONS__bindgen_ty_1 { + pub _bitfield_align_1: [u16; 0], + pub _bitfield_1: __BindgenBitfieldUnit<[u8; 4usize]>, +} +impl _WOW64_EXECUTE_OPTIONS__bindgen_ty_1 { + #[inline] + pub fn StackReserveSize(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 8u8) as u32) } + } + #[inline] + pub fn set_StackReserveSize(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(0usize, 8u8, val as u64) + } + } + #[inline] + pub fn StackCommitSize(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(8usize, 4u8) as u32) } + } + #[inline] + pub fn set_StackCommitSize(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(8usize, 4u8, val as u64) + } + } + #[inline] + pub fn Deprecated0(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(12usize, 1u8) as u32) } + } + #[inline] + pub fn set_Deprecated0(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(12usize, 1u8, val as u64) + } + } + #[inline] + pub fn DisableWowAssert(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(13usize, 1u8) as u32) } + } + #[inline] + pub fn set_DisableWowAssert(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(13usize, 1u8, val as u64) + } + } + #[inline] + pub fn DisableTurboDispatch(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(14usize, 1u8) as u32) } + } + #[inline] + pub fn set_DisableTurboDispatch(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(14usize, 1u8, val as u64) + } + } + #[inline] + pub fn Unused(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(15usize, 13u8) as u32) } + } + #[inline] + pub fn set_Unused(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(15usize, 13u8, val as u64) + } + } + #[inline] + pub fn Reserved0(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(28usize, 1u8) as u32) } + } + #[inline] + pub fn set_Reserved0(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(28usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved1(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(29usize, 1u8) as u32) } + } + #[inline] + pub fn set_Reserved1(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(29usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved2(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(30usize, 1u8) as u32) } + } + #[inline] + pub fn set_Reserved2(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(30usize, 1u8, val as u64) + } + } + #[inline] + pub fn Reserved3(&self) -> ULONG { + unsafe { ::core::mem::transmute(self._bitfield_1.get(31usize, 1u8) as u32) } + } + #[inline] + pub fn set_Reserved3(&mut self, val: ULONG) { + unsafe { + let val: u32 = ::core::mem::transmute(val); + self._bitfield_1.set(31usize, 1u8, val as u64) + } + } + #[inline] + pub fn new_bitfield_1( + StackReserveSize: ULONG, + StackCommitSize: ULONG, + Deprecated0: ULONG, + DisableWowAssert: ULONG, + DisableTurboDispatch: ULONG, + Unused: ULONG, + Reserved0: ULONG, + Reserved1: ULONG, + Reserved2: ULONG, + Reserved3: ULONG, + ) -> __BindgenBitfieldUnit<[u8; 4usize]> { + let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 4usize]> = Default::default(); + __bindgen_bitfield_unit.set(0usize, 8u8, { + let StackReserveSize: u32 = unsafe { ::core::mem::transmute(StackReserveSize) }; + StackReserveSize as u64 + }); + __bindgen_bitfield_unit.set(8usize, 4u8, { + let StackCommitSize: u32 = unsafe { ::core::mem::transmute(StackCommitSize) }; + StackCommitSize as u64 + }); + __bindgen_bitfield_unit.set(12usize, 1u8, { + let Deprecated0: u32 = unsafe { ::core::mem::transmute(Deprecated0) }; + Deprecated0 as u64 + }); + __bindgen_bitfield_unit.set(13usize, 1u8, { + let DisableWowAssert: u32 = unsafe { ::core::mem::transmute(DisableWowAssert) }; + DisableWowAssert as u64 + }); + __bindgen_bitfield_unit.set(14usize, 1u8, { + let DisableTurboDispatch: u32 = unsafe { ::core::mem::transmute(DisableTurboDispatch) }; + DisableTurboDispatch as u64 + }); + __bindgen_bitfield_unit.set(15usize, 13u8, { + let Unused: u32 = unsafe { ::core::mem::transmute(Unused) }; + Unused as u64 + }); + __bindgen_bitfield_unit.set(28usize, 1u8, { + let Reserved0: u32 = unsafe { ::core::mem::transmute(Reserved0) }; + Reserved0 as u64 + }); + __bindgen_bitfield_unit.set(29usize, 1u8, { + let Reserved1: u32 = unsafe { ::core::mem::transmute(Reserved1) }; + Reserved1 as u64 + }); + __bindgen_bitfield_unit.set(30usize, 1u8, { + let Reserved2: u32 = unsafe { ::core::mem::transmute(Reserved2) }; + Reserved2 as u64 + }); + __bindgen_bitfield_unit.set(31usize, 1u8, { + let Reserved3: u32 = unsafe { ::core::mem::transmute(Reserved3) }; + Reserved3 as u64 + }); + __bindgen_bitfield_unit + } +} +impl Default for _WOW64_EXECUTE_OPTIONS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type WOW64_EXECUTE_OPTIONS = _WOW64_EXECUTE_OPTIONS; +pub type PWOW64_EXECUTE_OPTIONS = *mut _WOW64_EXECUTE_OPTIONS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _WOW64INFO { + pub NativeSystemPageSize: ULONG, + pub CpuFlags: ULONG, + pub Wow64ExecuteFlags: WOW64_EXECUTE_OPTIONS, + pub InstrumentationCallback: ULONG, +} +impl Default for _WOW64INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type WOW64INFO = _WOW64INFO; +pub type PWOW64INFO = *mut _WOW64INFO; +#[repr(C)] +pub struct _PEB32_WITH_WOW64INFO { + pub Peb32: PEB32, + pub Wow64Info: WOW64INFO, +} +impl Default for _PEB32_WITH_WOW64INFO { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type PEB32_WITH_WOW64INFO = _PEB32_WITH_WOW64INFO; +pub type PPEB32_WITH_WOW64INFO = *mut _PEB32_WITH_WOW64INFO; +pub type SAM_HANDLE = PVOID; +pub type PSAM_HANDLE = *mut PVOID; +pub type SAM_ENUMERATE_HANDLE = ULONG; +pub type PSAM_ENUMERATE_HANDLE = *mut ULONG; +#[repr(C)] +pub struct _SAM_RID_ENUMERATION { + pub RelativeId: ULONG, + pub Name: UNICODE_STRING, +} +impl Default for _SAM_RID_ENUMERATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_RID_ENUMERATION = _SAM_RID_ENUMERATION; +pub type PSAM_RID_ENUMERATION = *mut _SAM_RID_ENUMERATION; +#[repr(C)] +pub struct _SAM_SID_ENUMERATION { + pub Sid: PSID, + pub Name: UNICODE_STRING, +} +impl Default for _SAM_SID_ENUMERATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_SID_ENUMERATION = _SAM_SID_ENUMERATION; +pub type PSAM_SID_ENUMERATION = *mut _SAM_SID_ENUMERATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SAM_BYTE_ARRAY { + pub Size: ULONG, + pub Data: PUCHAR, +} +impl Default for _SAM_BYTE_ARRAY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_BYTE_ARRAY = _SAM_BYTE_ARRAY; +pub type PSAM_BYTE_ARRAY = *mut _SAM_BYTE_ARRAY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SAM_BYTE_ARRAY_32K { + pub Size: ULONG, + pub Data: PUCHAR, +} +impl Default for _SAM_BYTE_ARRAY_32K { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_BYTE_ARRAY_32K = _SAM_BYTE_ARRAY_32K; +pub type PSAM_BYTE_ARRAY_32K = *mut _SAM_BYTE_ARRAY_32K; +pub type SAM_SHELL_OBJECT_PROPERTIES = SAM_BYTE_ARRAY_32K; +pub type PSAM_SHELL_OBJECT_PROPERTIES = *mut SAM_BYTE_ARRAY_32K; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _RPC_AUTH_IDENTITY_HANDLE { + _unused: [u8; 0], +} +pub type PRPC_AUTH_IDENTITY_HANDLE = *mut _RPC_AUTH_IDENTITY_HANDLE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DOMAIN_INFORMATION_CLASS { + DomainPasswordInformation = 1, + DomainGeneralInformation = 2, + DomainLogoffInformation = 3, + DomainOemInformation = 4, + DomainNameInformation = 5, + DomainReplicationInformation = 6, + DomainServerRoleInformation = 7, + DomainModifiedInformation = 8, + DomainStateInformation = 9, + DomainUasInformation = 10, + DomainGeneralInformation2 = 11, + DomainLockoutInformation = 12, + DomainModifiedInformation2 = 13, +} +pub use self::_DOMAIN_INFORMATION_CLASS as DOMAIN_INFORMATION_CLASS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DOMAIN_SERVER_ENABLE_STATE { + DomainServerEnabled = 1, + DomainServerDisabled = 2, +} +pub use self::_DOMAIN_SERVER_ENABLE_STATE as DOMAIN_SERVER_ENABLE_STATE; +pub type PDOMAIN_SERVER_ENABLE_STATE = *mut _DOMAIN_SERVER_ENABLE_STATE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DOMAIN_SERVER_ROLE { + DomainServerRoleBackup = 2, + DomainServerRolePrimary = 3, +} +pub use self::_DOMAIN_SERVER_ROLE as DOMAIN_SERVER_ROLE; +pub type PDOMAIN_SERVER_ROLE = *mut _DOMAIN_SERVER_ROLE; +#[repr(C, packed(4))] +pub struct _DOMAIN_GENERAL_INFORMATION { + pub ForceLogoff: LARGE_INTEGER, + pub OemInformation: UNICODE_STRING, + pub DomainName: UNICODE_STRING, + pub ReplicaSourceNodeName: UNICODE_STRING, + pub DomainModifiedCount: LARGE_INTEGER, + pub DomainServerState: DOMAIN_SERVER_ENABLE_STATE, + pub DomainServerRole: DOMAIN_SERVER_ROLE, + pub UasCompatibilityRequired: BOOLEAN, + pub UserCount: ULONG, + pub GroupCount: ULONG, + pub AliasCount: ULONG, +} +impl Default for _DOMAIN_GENERAL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_GENERAL_INFORMATION = _DOMAIN_GENERAL_INFORMATION; +pub type PDOMAIN_GENERAL_INFORMATION = *mut _DOMAIN_GENERAL_INFORMATION; +#[repr(C, packed(4))] +pub struct _DOMAIN_GENERAL_INFORMATION2 { + pub I1: DOMAIN_GENERAL_INFORMATION, + pub LockoutDuration: LARGE_INTEGER, + pub LockoutObservationWindow: LARGE_INTEGER, + pub LockoutThreshold: USHORT, +} +impl Default for _DOMAIN_GENERAL_INFORMATION2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_GENERAL_INFORMATION2 = _DOMAIN_GENERAL_INFORMATION2; +pub type PDOMAIN_GENERAL_INFORMATION2 = *mut _DOMAIN_GENERAL_INFORMATION2; +#[repr(C)] +pub struct _DOMAIN_UAS_INFORMATION { + pub UasCompatibilityRequired: BOOLEAN, +} +impl Default for _DOMAIN_UAS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_UAS_INFORMATION = _DOMAIN_UAS_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _DOMAIN_PASSWORD_INFORMATION { + pub MinPasswordLength: USHORT, + pub PasswordHistoryLength: USHORT, + pub PasswordProperties: ULONG, + pub MaxPasswordAge: LARGE_INTEGER, + pub MinPasswordAge: LARGE_INTEGER, +} +impl Default for _DOMAIN_PASSWORD_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_PASSWORD_INFORMATION = _DOMAIN_PASSWORD_INFORMATION; +pub type PDOMAIN_PASSWORD_INFORMATION = *mut _DOMAIN_PASSWORD_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DOMAIN_PASSWORD_CONSTRUCTION { + DomainPasswordSimple = 1, + DomainPasswordComplex = 2, +} +pub use self::_DOMAIN_PASSWORD_CONSTRUCTION as DOMAIN_PASSWORD_CONSTRUCTION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _DOMAIN_LOGOFF_INFORMATION { + pub ForceLogoff: LARGE_INTEGER, +} +impl Default for _DOMAIN_LOGOFF_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_LOGOFF_INFORMATION = _DOMAIN_LOGOFF_INFORMATION; +pub type PDOMAIN_LOGOFF_INFORMATION = *mut _DOMAIN_LOGOFF_INFORMATION; +#[repr(C)] +pub struct _DOMAIN_OEM_INFORMATION { + pub OemInformation: UNICODE_STRING, +} +impl Default for _DOMAIN_OEM_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_OEM_INFORMATION = _DOMAIN_OEM_INFORMATION; +pub type PDOMAIN_OEM_INFORMATION = *mut _DOMAIN_OEM_INFORMATION; +#[repr(C)] +pub struct _DOMAIN_NAME_INFORMATION { + pub DomainName: UNICODE_STRING, +} +impl Default for _DOMAIN_NAME_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_NAME_INFORMATION = _DOMAIN_NAME_INFORMATION; +pub type PDOMAIN_NAME_INFORMATION = *mut _DOMAIN_NAME_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _DOMAIN_SERVER_ROLE_INFORMATION { + pub DomainServerRole: DOMAIN_SERVER_ROLE, +} +impl Default for _DOMAIN_SERVER_ROLE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_SERVER_ROLE_INFORMATION = _DOMAIN_SERVER_ROLE_INFORMATION; +pub type PDOMAIN_SERVER_ROLE_INFORMATION = *mut _DOMAIN_SERVER_ROLE_INFORMATION; +#[repr(C)] +pub struct _DOMAIN_REPLICATION_INFORMATION { + pub ReplicaSourceNodeName: UNICODE_STRING, +} +impl Default for _DOMAIN_REPLICATION_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_REPLICATION_INFORMATION = _DOMAIN_REPLICATION_INFORMATION; +pub type PDOMAIN_REPLICATION_INFORMATION = *mut _DOMAIN_REPLICATION_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _DOMAIN_MODIFIED_INFORMATION { + pub DomainModifiedCount: LARGE_INTEGER, + pub CreationTime: LARGE_INTEGER, +} +impl Default for _DOMAIN_MODIFIED_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_MODIFIED_INFORMATION = _DOMAIN_MODIFIED_INFORMATION; +pub type PDOMAIN_MODIFIED_INFORMATION = *mut _DOMAIN_MODIFIED_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _DOMAIN_MODIFIED_INFORMATION2 { + pub DomainModifiedCount: LARGE_INTEGER, + pub CreationTime: LARGE_INTEGER, + pub ModifiedCountAtLastPromotion: LARGE_INTEGER, +} +impl Default for _DOMAIN_MODIFIED_INFORMATION2 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_MODIFIED_INFORMATION2 = _DOMAIN_MODIFIED_INFORMATION2; +pub type PDOMAIN_MODIFIED_INFORMATION2 = *mut _DOMAIN_MODIFIED_INFORMATION2; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _DOMAIN_STATE_INFORMATION { + pub DomainServerState: DOMAIN_SERVER_ENABLE_STATE, +} +impl Default for _DOMAIN_STATE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_STATE_INFORMATION = _DOMAIN_STATE_INFORMATION; +pub type PDOMAIN_STATE_INFORMATION = *mut _DOMAIN_STATE_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _DOMAIN_LOCKOUT_INFORMATION { + pub LockoutDuration: LARGE_INTEGER, + pub LockoutObservationWindow: LARGE_INTEGER, + pub LockoutThreshold: USHORT, +} +impl Default for _DOMAIN_LOCKOUT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_LOCKOUT_INFORMATION = _DOMAIN_LOCKOUT_INFORMATION; +pub type PDOMAIN_LOCKOUT_INFORMATION = *mut _DOMAIN_LOCKOUT_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DOMAIN_DISPLAY_INFORMATION { + DomainDisplayUser = 1, + DomainDisplayMachine = 2, + DomainDisplayGroup = 3, + DomainDisplayOemUser = 4, + DomainDisplayOemGroup = 5, + DomainDisplayServer = 6, +} +pub use self::_DOMAIN_DISPLAY_INFORMATION as DOMAIN_DISPLAY_INFORMATION; +pub type PDOMAIN_DISPLAY_INFORMATION = *mut _DOMAIN_DISPLAY_INFORMATION; +#[repr(C)] +pub struct _DOMAIN_DISPLAY_USER { + pub Index: ULONG, + pub Rid: ULONG, + pub AccountControl: ULONG, + pub LogonName: UNICODE_STRING, + pub AdminComment: UNICODE_STRING, + pub FullName: UNICODE_STRING, +} +impl Default for _DOMAIN_DISPLAY_USER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_DISPLAY_USER = _DOMAIN_DISPLAY_USER; +pub type PDOMAIN_DISPLAY_USER = *mut _DOMAIN_DISPLAY_USER; +#[repr(C)] +pub struct _DOMAIN_DISPLAY_MACHINE { + pub Index: ULONG, + pub Rid: ULONG, + pub AccountControl: ULONG, + pub Machine: UNICODE_STRING, + pub Comment: UNICODE_STRING, +} +impl Default for _DOMAIN_DISPLAY_MACHINE { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_DISPLAY_MACHINE = _DOMAIN_DISPLAY_MACHINE; +pub type PDOMAIN_DISPLAY_MACHINE = *mut _DOMAIN_DISPLAY_MACHINE; +#[repr(C)] +pub struct _DOMAIN_DISPLAY_GROUP { + pub Index: ULONG, + pub Rid: ULONG, + pub Attributes: ULONG, + pub Group: UNICODE_STRING, + pub Comment: UNICODE_STRING, +} +impl Default for _DOMAIN_DISPLAY_GROUP { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_DISPLAY_GROUP = _DOMAIN_DISPLAY_GROUP; +pub type PDOMAIN_DISPLAY_GROUP = *mut _DOMAIN_DISPLAY_GROUP; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _DOMAIN_DISPLAY_OEM_USER { + pub Index: ULONG, + pub User: OEM_STRING, +} +impl Default for _DOMAIN_DISPLAY_OEM_USER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_DISPLAY_OEM_USER = _DOMAIN_DISPLAY_OEM_USER; +pub type PDOMAIN_DISPLAY_OEM_USER = *mut _DOMAIN_DISPLAY_OEM_USER; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _DOMAIN_DISPLAY_OEM_GROUP { + pub Index: ULONG, + pub Group: OEM_STRING, +} +impl Default for _DOMAIN_DISPLAY_OEM_GROUP { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_DISPLAY_OEM_GROUP = _DOMAIN_DISPLAY_OEM_GROUP; +pub type PDOMAIN_DISPLAY_OEM_GROUP = *mut _DOMAIN_DISPLAY_OEM_GROUP; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION { + DomainLocalizableAccountsBasic = 1, +} +pub use self::_DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION as DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION; +pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION = *mut _DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION; +#[repr(C)] +pub struct _DOMAIN_LOCALIZABLE_ACCOUNTS_ENTRY { + pub Rid: ULONG, + pub Use: SID_NAME_USE, + pub Name: UNICODE_STRING, + pub AdminComment: UNICODE_STRING, +} +impl Default for _DOMAIN_LOCALIZABLE_ACCOUNTS_ENTRY { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY = _DOMAIN_LOCALIZABLE_ACCOUNTS_ENTRY; +pub type PDOMAIN_LOCALIZABLE_ACCOUNT_ENTRY = *mut _DOMAIN_LOCALIZABLE_ACCOUNTS_ENTRY; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _DOMAIN_LOCALIZABLE_ACCOUNTS { + pub Count: ULONG, + pub Entries: *mut DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY, +} +impl Default for _DOMAIN_LOCALIZABLE_ACCOUNTS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC = _DOMAIN_LOCALIZABLE_ACCOUNTS; +pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_BASIC = *mut _DOMAIN_LOCALIZABLE_ACCOUNTS; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _DOMAIN_LOCALIZABLE_INFO_BUFFER { + pub Basic: DOMAIN_LOCALIZABLE_ACCOUNTS_BASIC, +} +impl Default for _DOMAIN_LOCALIZABLE_INFO_BUFFER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type DOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER = _DOMAIN_LOCALIZABLE_INFO_BUFFER; +pub type PDOMAIN_LOCALIZABLE_ACCOUNTS_INFO_BUFFER = *mut _DOMAIN_LOCALIZABLE_INFO_BUFFER; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _GROUP_MEMBERSHIP { + pub RelativeId: ULONG, + pub Attributes: ULONG, +} +pub type GROUP_MEMBERSHIP = _GROUP_MEMBERSHIP; +pub type PGROUP_MEMBERSHIP = *mut _GROUP_MEMBERSHIP; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _GROUP_INFORMATION_CLASS { + GroupGeneralInformation = 1, + GroupNameInformation = 2, + GroupAttributeInformation = 3, + GroupAdminCommentInformation = 4, + GroupReplicationInformation = 5, +} +pub use self::_GROUP_INFORMATION_CLASS as GROUP_INFORMATION_CLASS; +#[repr(C)] +pub struct _GROUP_GENERAL_INFORMATION { + pub Name: UNICODE_STRING, + pub Attributes: ULONG, + pub MemberCount: ULONG, + pub AdminComment: UNICODE_STRING, +} +impl Default for _GROUP_GENERAL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type GROUP_GENERAL_INFORMATION = _GROUP_GENERAL_INFORMATION; +pub type PGROUP_GENERAL_INFORMATION = *mut _GROUP_GENERAL_INFORMATION; +#[repr(C)] +pub struct _GROUP_NAME_INFORMATION { + pub Name: UNICODE_STRING, +} +impl Default for _GROUP_NAME_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type GROUP_NAME_INFORMATION = _GROUP_NAME_INFORMATION; +pub type PGROUP_NAME_INFORMATION = *mut _GROUP_NAME_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _GROUP_ATTRIBUTE_INFORMATION { + pub Attributes: ULONG, +} +pub type GROUP_ATTRIBUTE_INFORMATION = _GROUP_ATTRIBUTE_INFORMATION; +pub type PGROUP_ATTRIBUTE_INFORMATION = *mut _GROUP_ATTRIBUTE_INFORMATION; +#[repr(C)] +pub struct _GROUP_ADM_COMMENT_INFORMATION { + pub AdminComment: UNICODE_STRING, +} +impl Default for _GROUP_ADM_COMMENT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type GROUP_ADM_COMMENT_INFORMATION = _GROUP_ADM_COMMENT_INFORMATION; +pub type PGROUP_ADM_COMMENT_INFORMATION = *mut _GROUP_ADM_COMMENT_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _ALIAS_INFORMATION_CLASS { + AliasGeneralInformation = 1, + AliasNameInformation = 2, + AliasAdminCommentInformation = 3, + AliasReplicationInformation = 4, + AliasExtendedInformation = 5, +} +pub use self::_ALIAS_INFORMATION_CLASS as ALIAS_INFORMATION_CLASS; +#[repr(C)] +pub struct _ALIAS_GENERAL_INFORMATION { + pub Name: UNICODE_STRING, + pub MemberCount: ULONG, + pub AdminComment: UNICODE_STRING, +} +impl Default for _ALIAS_GENERAL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALIAS_GENERAL_INFORMATION = _ALIAS_GENERAL_INFORMATION; +pub type PALIAS_GENERAL_INFORMATION = *mut _ALIAS_GENERAL_INFORMATION; +#[repr(C)] +pub struct _ALIAS_NAME_INFORMATION { + pub Name: UNICODE_STRING, +} +impl Default for _ALIAS_NAME_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALIAS_NAME_INFORMATION = _ALIAS_NAME_INFORMATION; +pub type PALIAS_NAME_INFORMATION = *mut _ALIAS_NAME_INFORMATION; +#[repr(C)] +pub struct _ALIAS_ADM_COMMENT_INFORMATION { + pub AdminComment: UNICODE_STRING, +} +impl Default for _ALIAS_ADM_COMMENT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALIAS_ADM_COMMENT_INFORMATION = _ALIAS_ADM_COMMENT_INFORMATION; +pub type PALIAS_ADM_COMMENT_INFORMATION = *mut _ALIAS_ADM_COMMENT_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ALIAS_EXTENDED_INFORMATION { + pub WhichFields: ULONG, + pub ShellAdminObjectProperties: SAM_SHELL_OBJECT_PROPERTIES, +} +impl Default for _ALIAS_EXTENDED_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ALIAS_EXTENDED_INFORMATION = _ALIAS_EXTENDED_INFORMATION; +pub type PALIAS_EXTENDED_INFORMATION = *mut _ALIAS_EXTENDED_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _LOGON_HOURS { + pub UnitsPerWeek: USHORT, + pub LogonHours: PUCHAR, +} +impl Default for _LOGON_HOURS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type LOGON_HOURS = _LOGON_HOURS; +pub type PLOGON_HOURS = *mut _LOGON_HOURS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SR_SECURITY_DESCRIPTOR { + pub Length: ULONG, + pub SecurityDescriptor: PUCHAR, +} +impl Default for _SR_SECURITY_DESCRIPTOR { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SR_SECURITY_DESCRIPTOR = _SR_SECURITY_DESCRIPTOR; +pub type PSR_SECURITY_DESCRIPTOR = *mut _SR_SECURITY_DESCRIPTOR; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _USER_INFORMATION_CLASS { + UserGeneralInformation = 1, + UserPreferencesInformation = 2, + UserLogonInformation = 3, + UserLogonHoursInformation = 4, + UserAccountInformation = 5, + UserNameInformation = 6, + UserAccountNameInformation = 7, + UserFullNameInformation = 8, + UserPrimaryGroupInformation = 9, + UserHomeInformation = 10, + UserScriptInformation = 11, + UserProfileInformation = 12, + UserAdminCommentInformation = 13, + UserWorkStationsInformation = 14, + UserSetPasswordInformation = 15, + UserControlInformation = 16, + UserExpiresInformation = 17, + UserInternal1Information = 18, + UserInternal2Information = 19, + UserParametersInformation = 20, + UserAllInformation = 21, + UserInternal3Information = 22, + UserInternal4Information = 23, + UserInternal5Information = 24, + UserInternal4InformationNew = 25, + UserInternal5InformationNew = 26, + UserInternal6Information = 27, + UserExtendedInformation = 28, + UserLogonUIInformation = 29, + UserUnknownTodoInformation = 30, + UserInternal7Information = 31, + UserInternal8Information = 32, +} +pub use self::_USER_INFORMATION_CLASS as USER_INFORMATION_CLASS; +pub type PUSER_INFORMATION_CLASS = *mut _USER_INFORMATION_CLASS; +#[repr(C)] +pub struct _USER_GENERAL_INFORMATION { + pub UserName: UNICODE_STRING, + pub FullName: UNICODE_STRING, + pub PrimaryGroupId: ULONG, + pub AdminComment: UNICODE_STRING, + pub UserComment: UNICODE_STRING, +} +impl Default for _USER_GENERAL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_GENERAL_INFORMATION = _USER_GENERAL_INFORMATION; +pub type PUSER_GENERAL_INFORMATION = *mut _USER_GENERAL_INFORMATION; +#[repr(C)] +pub struct _USER_PREFERENCES_INFORMATION { + pub UserComment: UNICODE_STRING, + pub Reserved1: UNICODE_STRING, + pub CountryCode: USHORT, + pub CodePage: USHORT, +} +impl Default for _USER_PREFERENCES_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_PREFERENCES_INFORMATION = _USER_PREFERENCES_INFORMATION; +pub type PUSER_PREFERENCES_INFORMATION = *mut _USER_PREFERENCES_INFORMATION; +#[repr(C, packed(4))] +pub struct _USER_LOGON_INFORMATION { + pub UserName: UNICODE_STRING, + pub FullName: UNICODE_STRING, + pub UserId: ULONG, + pub PrimaryGroupId: ULONG, + pub HomeDirectory: UNICODE_STRING, + pub HomeDirectoryDrive: UNICODE_STRING, + pub ScriptPath: UNICODE_STRING, + pub ProfilePath: UNICODE_STRING, + pub WorkStations: UNICODE_STRING, + pub LastLogon: LARGE_INTEGER, + pub LastLogoff: LARGE_INTEGER, + pub PasswordLastSet: LARGE_INTEGER, + pub PasswordCanChange: LARGE_INTEGER, + pub PasswordMustChange: LARGE_INTEGER, + pub LogonHours: LOGON_HOURS, + pub BadPasswordCount: USHORT, + pub LogonCount: USHORT, + pub UserAccountControl: ULONG, +} +impl Default for _USER_LOGON_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_LOGON_INFORMATION = _USER_LOGON_INFORMATION; +pub type PUSER_LOGON_INFORMATION = *mut _USER_LOGON_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _USER_LOGON_HOURS_INFORMATION { + pub LogonHours: LOGON_HOURS, +} +impl Default for _USER_LOGON_HOURS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_LOGON_HOURS_INFORMATION = _USER_LOGON_HOURS_INFORMATION; +pub type PUSER_LOGON_HOURS_INFORMATION = *mut _USER_LOGON_HOURS_INFORMATION; +#[repr(C, packed(4))] +pub struct _USER_ACCOUNT_INFORMATION { + pub UserName: UNICODE_STRING, + pub FullName: UNICODE_STRING, + pub UserId: ULONG, + pub PrimaryGroupId: ULONG, + pub HomeDirectory: UNICODE_STRING, + pub HomeDirectoryDrive: UNICODE_STRING, + pub ScriptPath: UNICODE_STRING, + pub ProfilePath: UNICODE_STRING, + pub AdminComment: UNICODE_STRING, + pub WorkStations: UNICODE_STRING, + pub LastLogon: LARGE_INTEGER, + pub LastLogoff: LARGE_INTEGER, + pub LogonHours: LOGON_HOURS, + pub BadPasswordCount: USHORT, + pub LogonCount: USHORT, + pub PasswordLastSet: LARGE_INTEGER, + pub AccountExpires: LARGE_INTEGER, + pub UserAccountControl: ULONG, +} +impl Default for _USER_ACCOUNT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_ACCOUNT_INFORMATION = _USER_ACCOUNT_INFORMATION; +pub type PUSER_ACCOUNT_INFORMATION = *mut _USER_ACCOUNT_INFORMATION; +#[repr(C)] +pub struct _USER_NAME_INFORMATION { + pub UserName: UNICODE_STRING, + pub FullName: UNICODE_STRING, +} +impl Default for _USER_NAME_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_NAME_INFORMATION = _USER_NAME_INFORMATION; +pub type PUSER_NAME_INFORMATION = *mut _USER_NAME_INFORMATION; +#[repr(C)] +pub struct _USER_ACCOUNT_NAME_INFORMATION { + pub UserName: UNICODE_STRING, +} +impl Default for _USER_ACCOUNT_NAME_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_ACCOUNT_NAME_INFORMATION = _USER_ACCOUNT_NAME_INFORMATION; +pub type PUSER_ACCOUNT_NAME_INFORMATION = *mut _USER_ACCOUNT_NAME_INFORMATION; +#[repr(C)] +pub struct _USER_FULL_NAME_INFORMATION { + pub FullName: UNICODE_STRING, +} +impl Default for _USER_FULL_NAME_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_FULL_NAME_INFORMATION = _USER_FULL_NAME_INFORMATION; +pub type PUSER_FULL_NAME_INFORMATION = *mut _USER_FULL_NAME_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _USER_PRIMARY_GROUP_INFORMATION { + pub PrimaryGroupId: ULONG, +} +pub type USER_PRIMARY_GROUP_INFORMATION = _USER_PRIMARY_GROUP_INFORMATION; +pub type PUSER_PRIMARY_GROUP_INFORMATION = *mut _USER_PRIMARY_GROUP_INFORMATION; +#[repr(C)] +pub struct _USER_HOME_INFORMATION { + pub HomeDirectory: UNICODE_STRING, + pub HomeDirectoryDrive: UNICODE_STRING, +} +impl Default for _USER_HOME_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_HOME_INFORMATION = _USER_HOME_INFORMATION; +pub type PUSER_HOME_INFORMATION = *mut _USER_HOME_INFORMATION; +#[repr(C)] +pub struct _USER_SCRIPT_INFORMATION { + pub ScriptPath: UNICODE_STRING, +} +impl Default for _USER_SCRIPT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_SCRIPT_INFORMATION = _USER_SCRIPT_INFORMATION; +pub type PUSER_SCRIPT_INFORMATION = *mut _USER_SCRIPT_INFORMATION; +#[repr(C)] +pub struct _USER_PROFILE_INFORMATION { + pub ProfilePath: UNICODE_STRING, +} +impl Default for _USER_PROFILE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_PROFILE_INFORMATION = _USER_PROFILE_INFORMATION; +pub type PUSER_PROFILE_INFORMATION = *mut _USER_PROFILE_INFORMATION; +#[repr(C)] +pub struct _USER_ADMIN_COMMENT_INFORMATION { + pub AdminComment: UNICODE_STRING, +} +impl Default for _USER_ADMIN_COMMENT_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_ADMIN_COMMENT_INFORMATION = _USER_ADMIN_COMMENT_INFORMATION; +pub type PUSER_ADMIN_COMMENT_INFORMATION = *mut _USER_ADMIN_COMMENT_INFORMATION; +#[repr(C)] +pub struct _USER_WORKSTATIONS_INFORMATION { + pub WorkStations: UNICODE_STRING, +} +impl Default for _USER_WORKSTATIONS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_WORKSTATIONS_INFORMATION = _USER_WORKSTATIONS_INFORMATION; +pub type PUSER_WORKSTATIONS_INFORMATION = *mut _USER_WORKSTATIONS_INFORMATION; +#[repr(C)] +pub struct _USER_SET_PASSWORD_INFORMATION { + pub Password: UNICODE_STRING, + pub PasswordExpired: BOOLEAN, +} +impl Default for _USER_SET_PASSWORD_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_SET_PASSWORD_INFORMATION = _USER_SET_PASSWORD_INFORMATION; +pub type PUSER_SET_PASSWORD_INFORMATION = *mut _USER_SET_PASSWORD_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _USER_CONTROL_INFORMATION { + pub UserAccountControl: ULONG, +} +pub type USER_CONTROL_INFORMATION = _USER_CONTROL_INFORMATION; +pub type PUSER_CONTROL_INFORMATION = *mut _USER_CONTROL_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _USER_EXPIRES_INFORMATION { + pub AccountExpires: LARGE_INTEGER, +} +impl Default for _USER_EXPIRES_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_EXPIRES_INFORMATION = _USER_EXPIRES_INFORMATION; +pub type PUSER_EXPIRES_INFORMATION = *mut _USER_EXPIRES_INFORMATION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _CYPHER_BLOCK { + pub data: [CHAR; 8usize], +} +pub type CYPHER_BLOCK = _CYPHER_BLOCK; +pub type PCYPHER_BLOCK = *mut _CYPHER_BLOCK; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ENCRYPTED_NT_OWF_PASSWORD { + pub data: [CYPHER_BLOCK; 2usize], +} +pub type ENCRYPTED_NT_OWF_PASSWORD = _ENCRYPTED_NT_OWF_PASSWORD; +pub type PENCRYPTED_NT_OWF_PASSWORD = *mut _ENCRYPTED_NT_OWF_PASSWORD; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ENCRYPTED_LM_OWF_PASSWORD { + pub data: [CYPHER_BLOCK; 2usize], +} +pub type ENCRYPTED_LM_OWF_PASSWORD = _ENCRYPTED_LM_OWF_PASSWORD; +pub type PENCRYPTED_LM_OWF_PASSWORD = *mut _ENCRYPTED_LM_OWF_PASSWORD; +#[repr(C)] +pub struct _USER_INTERNAL1_INFORMATION { + pub EncryptedNtOwfPassword: ENCRYPTED_NT_OWF_PASSWORD, + pub EncryptedLmOwfPassword: ENCRYPTED_LM_OWF_PASSWORD, + pub NtPasswordPresent: BOOLEAN, + pub LmPasswordPresent: BOOLEAN, + pub PasswordExpired: BOOLEAN, +} +impl Default for _USER_INTERNAL1_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_INTERNAL1_INFORMATION = _USER_INTERNAL1_INFORMATION; +pub type PUSER_INTERNAL1_INFORMATION = *mut _USER_INTERNAL1_INFORMATION; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _USER_INTERNAL2_INFORMATION { + pub StatisticsToApply: ULONG, + pub LastLogon: LARGE_INTEGER, + pub LastLogoff: LARGE_INTEGER, + pub BadPasswordCount: USHORT, + pub LogonCount: USHORT, +} +impl Default for _USER_INTERNAL2_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_INTERNAL2_INFORMATION = _USER_INTERNAL2_INFORMATION; +pub type PUSER_INTERNAL2_INFORMATION = *mut _USER_INTERNAL2_INFORMATION; +#[repr(C)] +pub struct _USER_PARAMETERS_INFORMATION { + pub Parameters: UNICODE_STRING, +} +impl Default for _USER_PARAMETERS_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_PARAMETERS_INFORMATION = _USER_PARAMETERS_INFORMATION; +pub type PUSER_PARAMETERS_INFORMATION = *mut _USER_PARAMETERS_INFORMATION; +#[repr(C, packed(4))] +pub struct _USER_ALL_INFORMATION { + pub LastLogon: LARGE_INTEGER, + pub LastLogoff: LARGE_INTEGER, + pub PasswordLastSet: LARGE_INTEGER, + pub AccountExpires: LARGE_INTEGER, + pub PasswordCanChange: LARGE_INTEGER, + pub PasswordMustChange: LARGE_INTEGER, + pub UserName: UNICODE_STRING, + pub FullName: UNICODE_STRING, + pub HomeDirectory: UNICODE_STRING, + pub HomeDirectoryDrive: UNICODE_STRING, + pub ScriptPath: UNICODE_STRING, + pub ProfilePath: UNICODE_STRING, + pub AdminComment: UNICODE_STRING, + pub WorkStations: UNICODE_STRING, + pub UserComment: UNICODE_STRING, + pub Parameters: UNICODE_STRING, + pub LmPassword: UNICODE_STRING, + pub NtPassword: UNICODE_STRING, + pub PrivateData: UNICODE_STRING, + pub SecurityDescriptor: SR_SECURITY_DESCRIPTOR, + pub UserId: ULONG, + pub PrimaryGroupId: ULONG, + pub UserAccountControl: ULONG, + pub WhichFields: ULONG, + pub LogonHours: LOGON_HOURS, + pub BadPasswordCount: USHORT, + pub LogonCount: USHORT, + pub CountryCode: USHORT, + pub CodePage: USHORT, + pub LmPasswordPresent: BOOLEAN, + pub NtPasswordPresent: BOOLEAN, + pub PasswordExpired: BOOLEAN, + pub PrivateDataSensitive: BOOLEAN, +} +impl Default for _USER_ALL_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_ALL_INFORMATION = _USER_ALL_INFORMATION; +pub type PUSER_ALL_INFORMATION = *mut _USER_ALL_INFORMATION; +#[repr(C, packed(4))] +pub struct _USER_INTERNAL3_INFORMATION { + pub I1: USER_ALL_INFORMATION, + pub LastBadPasswordTime: LARGE_INTEGER, +} +impl Default for _USER_INTERNAL3_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_INTERNAL3_INFORMATION = _USER_INTERNAL3_INFORMATION; +pub type PUSER_INTERNAL3_INFORMATION = *mut _USER_INTERNAL3_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ENCRYPTED_USER_PASSWORD { + pub Buffer: [UCHAR; 516usize], +} +impl Default for _ENCRYPTED_USER_PASSWORD { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ENCRYPTED_USER_PASSWORD = _ENCRYPTED_USER_PASSWORD; +pub type PENCRYPTED_USER_PASSWORD = *mut _ENCRYPTED_USER_PASSWORD; +#[repr(C)] +pub struct _USER_INTERNAL4_INFORMATION { + pub I1: USER_ALL_INFORMATION, + pub UserPassword: ENCRYPTED_USER_PASSWORD, +} +impl Default for _USER_INTERNAL4_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_INTERNAL4_INFORMATION = _USER_INTERNAL4_INFORMATION; +pub type PUSER_INTERNAL4_INFORMATION = *mut _USER_INTERNAL4_INFORMATION; +#[repr(C)] +pub struct _USER_INTERNAL5_INFORMATION { + pub UserPassword: ENCRYPTED_USER_PASSWORD, + pub PasswordExpired: BOOLEAN, +} +impl Default for _USER_INTERNAL5_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_INTERNAL5_INFORMATION = _USER_INTERNAL5_INFORMATION; +pub type PUSER_INTERNAL5_INFORMATION = *mut _USER_INTERNAL5_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ENCRYPTED_USER_PASSWORD_NEW { + pub Buffer: [UCHAR; 532usize], +} +impl Default for _ENCRYPTED_USER_PASSWORD_NEW { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ENCRYPTED_USER_PASSWORD_NEW = _ENCRYPTED_USER_PASSWORD_NEW; +pub type PENCRYPTED_USER_PASSWORD_NEW = *mut _ENCRYPTED_USER_PASSWORD_NEW; +#[repr(C)] +pub struct _USER_INTERNAL4_INFORMATION_NEW { + pub I1: USER_ALL_INFORMATION, + pub UserPassword: ENCRYPTED_USER_PASSWORD_NEW, +} +impl Default for _USER_INTERNAL4_INFORMATION_NEW { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_INTERNAL4_INFORMATION_NEW = _USER_INTERNAL4_INFORMATION_NEW; +pub type PUSER_INTERNAL4_INFORMATION_NEW = *mut _USER_INTERNAL4_INFORMATION_NEW; +#[repr(C)] +pub struct _USER_INTERNAL5_INFORMATION_NEW { + pub UserPassword: ENCRYPTED_USER_PASSWORD_NEW, + pub PasswordExpired: BOOLEAN, +} +impl Default for _USER_INTERNAL5_INFORMATION_NEW { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_INTERNAL5_INFORMATION_NEW = _USER_INTERNAL5_INFORMATION_NEW; +pub type PUSER_INTERNAL5_INFORMATION_NEW = *mut _USER_INTERNAL5_INFORMATION_NEW; +#[repr(C)] +pub struct _USER_ALLOWED_TO_DELEGATE_TO_LIST { + pub Size: ULONG, + pub NumSPNs: ULONG, + pub SPNList: [UNICODE_STRING; 1usize], +} +impl Default for _USER_ALLOWED_TO_DELEGATE_TO_LIST { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_ALLOWED_TO_DELEGATE_TO_LIST = _USER_ALLOWED_TO_DELEGATE_TO_LIST; +pub type PUSER_ALLOWED_TO_DELEGATE_TO_LIST = *mut _USER_ALLOWED_TO_DELEGATE_TO_LIST; +#[repr(C)] +pub struct _USER_INTERNAL6_INFORMATION { + pub I1: USER_ALL_INFORMATION, + pub LastBadPasswordTime: LARGE_INTEGER, + pub ExtendedFields: ULONG, + pub UPNDefaulted: BOOLEAN, + pub UPN: UNICODE_STRING, + pub A2D2List: PUSER_ALLOWED_TO_DELEGATE_TO_LIST, +} +impl Default for _USER_INTERNAL6_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_INTERNAL6_INFORMATION = _USER_INTERNAL6_INFORMATION; +pub type PUSER_INTERNAL6_INFORMATION = *mut _USER_INTERNAL6_INFORMATION; +pub type SAM_USER_TILE = SAM_BYTE_ARRAY_32K; +pub type PSAM_USER_TILE = *mut SAM_BYTE_ARRAY_32K; +#[repr(C)] +pub struct _USER_EXTENDED_INFORMATION { + pub ExtendedWhichFields: ULONG, + pub UserTile: SAM_USER_TILE, + pub PasswordHint: UNICODE_STRING, + pub DontShowInLogonUI: BOOLEAN, + pub ShellAdminObjectProperties: SAM_SHELL_OBJECT_PROPERTIES, +} +impl Default for _USER_EXTENDED_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_EXTENDED_INFORMATION = _USER_EXTENDED_INFORMATION; +pub type PUSER_EXTENDED_INFORMATION = *mut _USER_EXTENDED_INFORMATION; +#[repr(C)] +pub struct _USER_LOGON_UI_INFORMATION { + pub PasswordIsBlank: BOOLEAN, + pub AccountIsDisabled: BOOLEAN, +} +impl Default for _USER_LOGON_UI_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_LOGON_UI_INFORMATION = _USER_LOGON_UI_INFORMATION; +pub type PUSER_LOGON_UI_INFORMATION = *mut _USER_LOGON_UI_INFORMATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _ENCRYPTED_PASSWORD_AES { + pub AuthData: [UCHAR; 64usize], + pub Salt: [UCHAR; 16usize], + pub cbCipher: ULONG, + pub Cipher: PUCHAR, + pub PBKDF2Iterations: ULONGLONG, +} +impl Default for _ENCRYPTED_PASSWORD_AES { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ENCRYPTED_PASSWORD_AES = _ENCRYPTED_PASSWORD_AES; +pub type PENCRYPTED_PASSWORD_AES = *mut _ENCRYPTED_PASSWORD_AES; +#[repr(C)] +pub struct _USER_INTERNAL7_INFORMATION { + pub UserPassword: ENCRYPTED_PASSWORD_AES, + pub PasswordExpired: BOOLEAN, +} +impl Default for _USER_INTERNAL7_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_INTERNAL7_INFORMATION = _USER_INTERNAL7_INFORMATION; +pub type PUSER_INTERNAL7_INFORMATION = *mut _USER_INTERNAL7_INFORMATION; +#[repr(C)] +pub struct _USER_INTERNAL8_INFORMATION { + pub I1: USER_ALL_INFORMATION, + pub UserPassword: ENCRYPTED_PASSWORD_AES, +} +impl Default for _USER_INTERNAL8_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_INTERNAL8_INFORMATION = _USER_INTERNAL8_INFORMATION; +pub type PUSER_INTERNAL8_INFORMATION = *mut _USER_INTERNAL8_INFORMATION; +#[repr(C)] +pub struct _USER_PWD_CHANGE_FAILURE_INFORMATION { + pub ExtendedFailureReason: ULONG, + pub FilterModuleName: UNICODE_STRING, +} +impl Default for _USER_PWD_CHANGE_FAILURE_INFORMATION { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type USER_PWD_CHANGE_FAILURE_INFORMATION = _USER_PWD_CHANGE_FAILURE_INFORMATION; +pub type PUSER_PWD_CHANGE_FAILURE_INFORMATION = *mut _USER_PWD_CHANGE_FAILURE_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SECURITY_DB_DELTA_TYPE { + SecurityDbNew = 1, + SecurityDbRename = 2, + SecurityDbDelete = 3, + SecurityDbChangeMemberAdd = 4, + SecurityDbChangeMemberSet = 5, + SecurityDbChangeMemberDel = 6, + SecurityDbChange = 7, + SecurityDbChangePassword = 8, +} +pub use self::_SECURITY_DB_DELTA_TYPE as SECURITY_DB_DELTA_TYPE; +pub type PSECURITY_DB_DELTA_TYPE = *mut _SECURITY_DB_DELTA_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SECURITY_DB_OBJECT_TYPE { + SecurityDbObjectSamDomain = 1, + SecurityDbObjectSamUser = 2, + SecurityDbObjectSamGroup = 3, + SecurityDbObjectSamAlias = 4, + SecurityDbObjectLsaPolicy = 5, + SecurityDbObjectLsaTDomain = 6, + SecurityDbObjectLsaAccount = 7, + SecurityDbObjectLsaSecret = 8, +} +pub use self::_SECURITY_DB_OBJECT_TYPE as SECURITY_DB_OBJECT_TYPE; +pub type PSECURITY_DB_OBJECT_TYPE = *mut _SECURITY_DB_OBJECT_TYPE; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SAM_ACCOUNT_TYPE { + SamObjectUser = 1, + SamObjectGroup = 2, + SamObjectAlias = 3, +} +pub use self::_SAM_ACCOUNT_TYPE as SAM_ACCOUNT_TYPE; +pub type PSAM_ACCOUNT_TYPE = *mut _SAM_ACCOUNT_TYPE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SAM_GROUP_MEMBER_ID { + pub MemberRid: ULONG, +} +pub type SAM_GROUP_MEMBER_ID = _SAM_GROUP_MEMBER_ID; +pub type PSAM_GROUP_MEMBER_ID = *mut _SAM_GROUP_MEMBER_ID; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SAM_ALIAS_MEMBER_ID { + pub MemberSid: PSID, +} +impl Default for _SAM_ALIAS_MEMBER_ID { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_ALIAS_MEMBER_ID = _SAM_ALIAS_MEMBER_ID; +pub type PSAM_ALIAS_MEMBER_ID = *mut _SAM_ALIAS_MEMBER_ID; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SAM_DELTA_DATA { + pub GroupMemberId: SAM_GROUP_MEMBER_ID, + pub AliasMemberId: SAM_ALIAS_MEMBER_ID, + pub AccountControl: ULONG, +} +impl Default for _SAM_DELTA_DATA { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_DELTA_DATA = _SAM_DELTA_DATA; +pub type PSAM_DELTA_DATA = *mut _SAM_DELTA_DATA; +pub type PSAM_DELTA_NOTIFICATION_ROUTINE = ::core::option::Option< + unsafe extern "C" fn( + DomainSid: PSID, + DeltaType: SECURITY_DB_DELTA_TYPE, + ObjectType: SECURITY_DB_OBJECT_TYPE, + ObjectRid: ULONG, + ObjectName: PUNICODE_STRING, + ModifiedCount: PLARGE_INTEGER, + DeltaData: PSAM_DELTA_DATA, + ) -> NTSTATUS, +>; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _PASSWORD_POLICY_VALIDATION_TYPE { + SamValidateAuthentication = 1, + SamValidatePasswordChange = 2, + SamValidatePasswordReset = 3, +} +pub use self::_PASSWORD_POLICY_VALIDATION_TYPE as PASSWORD_POLICY_VALIDATION_TYPE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _SAM_VALIDATE_PASSWORD_HASH { + pub Length: ULONG, + pub Hash: PUCHAR, +} +impl Default for _SAM_VALIDATE_PASSWORD_HASH { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_VALIDATE_PASSWORD_HASH = _SAM_VALIDATE_PASSWORD_HASH; +pub type PSAM_VALIDATE_PASSWORD_HASH = *mut _SAM_VALIDATE_PASSWORD_HASH; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SAM_VALIDATE_PERSISTED_FIELDS { + pub PresentFields: ULONG, + pub PasswordLastSet: LARGE_INTEGER, + pub BadPasswordTime: LARGE_INTEGER, + pub LockoutTime: LARGE_INTEGER, + pub BadPasswordCount: ULONG, + pub PasswordHistoryLength: ULONG, + pub PasswordHistory: PSAM_VALIDATE_PASSWORD_HASH, +} +impl Default for _SAM_VALIDATE_PERSISTED_FIELDS { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_VALIDATE_PERSISTED_FIELDS = _SAM_VALIDATE_PERSISTED_FIELDS; +pub type PSAM_VALIDATE_PERSISTED_FIELDS = *mut _SAM_VALIDATE_PERSISTED_FIELDS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SAM_VALIDATE_VALIDATION_STATUS { + SamValidateSuccess = 0, + SamValidatePasswordMustChange = 1, + SamValidateAccountLockedOut = 2, + SamValidatePasswordExpired = 3, + SamValidatePasswordIncorrect = 4, + SamValidatePasswordIsInHistory = 5, + SamValidatePasswordTooShort = 6, + SamValidatePasswordTooLong = 7, + SamValidatePasswordNotComplexEnough = 8, + SamValidatePasswordTooRecent = 9, + SamValidatePasswordFilterError = 10, +} +pub use self::_SAM_VALIDATE_VALIDATION_STATUS as SAM_VALIDATE_VALIDATION_STATUS; +pub type PSAM_VALIDATE_VALIDATION_STATUS = *mut _SAM_VALIDATE_VALIDATION_STATUS; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _SAM_VALIDATE_STANDARD_OUTPUT_ARG { + pub ChangedPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, + pub ValidationStatus: SAM_VALIDATE_VALIDATION_STATUS, +} +impl Default for _SAM_VALIDATE_STANDARD_OUTPUT_ARG { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_VALIDATE_STANDARD_OUTPUT_ARG = _SAM_VALIDATE_STANDARD_OUTPUT_ARG; +pub type PSAM_VALIDATE_STANDARD_OUTPUT_ARG = *mut _SAM_VALIDATE_STANDARD_OUTPUT_ARG; +#[repr(C)] +pub struct _SAM_VALIDATE_AUTHENTICATION_INPUT_ARG { + pub InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, + pub PasswordMatched: BOOLEAN, +} +impl Default for _SAM_VALIDATE_AUTHENTICATION_INPUT_ARG { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_VALIDATE_AUTHENTICATION_INPUT_ARG = _SAM_VALIDATE_AUTHENTICATION_INPUT_ARG; +pub type PSAM_VALIDATE_AUTHENTICATION_INPUT_ARG = *mut _SAM_VALIDATE_AUTHENTICATION_INPUT_ARG; +#[repr(C)] +pub struct _SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG { + pub InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, + pub ClearPassword: UNICODE_STRING, + pub UserAccountName: UNICODE_STRING, + pub HashedPassword: SAM_VALIDATE_PASSWORD_HASH, + pub PasswordMatch: BOOLEAN, +} +impl Default for _SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG = _SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG; +pub type PSAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG = *mut _SAM_VALIDATE_PASSWORD_CHANGE_INPUT_ARG; +#[repr(C)] +pub struct _SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG { + pub InputPersistedFields: SAM_VALIDATE_PERSISTED_FIELDS, + pub ClearPassword: UNICODE_STRING, + pub UserAccountName: UNICODE_STRING, + pub HashedPassword: SAM_VALIDATE_PASSWORD_HASH, + pub PasswordMustChangeAtNextLogon: BOOLEAN, + pub ClearLockout: BOOLEAN, +} +impl Default for _SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG = _SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG; +pub type PSAM_VALIDATE_PASSWORD_RESET_INPUT_ARG = *mut _SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG; +#[repr(C)] +pub union _SAM_VALIDATE_INPUT_ARG { + pub ValidateAuthenticationInput: + ::core::mem::ManuallyDrop, + pub ValidatePasswordChangeInput: + ::core::mem::ManuallyDrop, + pub ValidatePasswordResetInput: ::core::mem::ManuallyDrop, +} +impl Default for _SAM_VALIDATE_INPUT_ARG { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_VALIDATE_INPUT_ARG = _SAM_VALIDATE_INPUT_ARG; +pub type PSAM_VALIDATE_INPUT_ARG = *mut _SAM_VALIDATE_INPUT_ARG; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SAM_VALIDATE_OUTPUT_ARG { + pub ValidateAuthenticationOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG, + pub ValidatePasswordChangeOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG, + pub ValidatePasswordResetOutput: SAM_VALIDATE_STANDARD_OUTPUT_ARG, +} +impl Default for _SAM_VALIDATE_OUTPUT_ARG { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_VALIDATE_OUTPUT_ARG = _SAM_VALIDATE_OUTPUT_ARG; +pub type PSAM_VALIDATE_OUTPUT_ARG = *mut _SAM_VALIDATE_OUTPUT_ARG; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _SAM_GENERIC_OPERATION_TYPE { + SamObjectChangeNotificationOperation = 0, +} +pub use self::_SAM_GENERIC_OPERATION_TYPE as SAM_GENERIC_OPERATION_TYPE; +pub type PSAM_GENERIC_OPERATION_TYPE = *mut _SAM_GENERIC_OPERATION_TYPE; +#[repr(C)] +pub struct _SAM_OPERATION_OBJCHG_INPUT { + pub Register: BOOLEAN, + pub EventHandle: ULONG64, + pub ObjectType: SECURITY_DB_OBJECT_TYPE, + pub ProcessID: ULONG, +} +impl Default for _SAM_OPERATION_OBJCHG_INPUT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_OPERATION_OBJCHG_INPUT = _SAM_OPERATION_OBJCHG_INPUT; +pub type PSAM_OPERATION_OBJCHG_INPUT = *mut _SAM_OPERATION_OBJCHG_INPUT; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _SAM_OPERATION_OBJCHG_OUTPUT { + pub Reserved: ULONG, +} +pub type SAM_OPERATION_OBJCHG_OUTPUT = _SAM_OPERATION_OBJCHG_OUTPUT; +pub type PSAM_OPERATION_OBJCHG_OUTPUT = *mut _SAM_OPERATION_OBJCHG_OUTPUT; +#[repr(C)] +pub union _SAM_GENERIC_OPERATION_INPUT { + pub ObjChangeIn: ::core::mem::ManuallyDrop, +} +impl Default for _SAM_GENERIC_OPERATION_INPUT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_GENERIC_OPERATION_INPUT = _SAM_GENERIC_OPERATION_INPUT; +pub type PSAM_GENERIC_OPERATION_INPUT = *mut _SAM_GENERIC_OPERATION_INPUT; +#[repr(C)] +#[derive(Copy, Clone)] +pub union _SAM_GENERIC_OPERATION_OUTPUT { + pub ObjChangeOut: SAM_OPERATION_OBJCHG_OUTPUT, +} +impl Default for _SAM_GENERIC_OPERATION_OUTPUT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type SAM_GENERIC_OPERATION_OUTPUT = _SAM_GENERIC_OPERATION_OUTPUT; +pub type PSAM_GENERIC_OPERATION_OUTPUT = *mut _SAM_GENERIC_OPERATION_OUTPUT; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _VDMSERVICECLASS { + VdmStartExecution = 0, + VdmQueueInterrupt = 1, + VdmDelayInterrupt = 2, + VdmInitialize = 3, + VdmFeatures = 4, + VdmSetInt21Handler = 5, + VdmQueryDir = 6, + VdmPrinterDirectIoOpen = 7, + VdmPrinterDirectIoClose = 8, + VdmPrinterInitialize = 9, + VdmSetLdtEntries = 10, + VdmSetProcessLdtInfo = 11, + VdmAdlibEmulation = 12, + VdmPMCliControl = 13, + VdmQueryVdmProcess = 14, + VdmPreInitialize = 15, +} +pub use self::_VDMSERVICECLASS as VDMSERVICECLASS; +pub type PVDMSERVICECLASS = *mut _VDMSERVICECLASS; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _ETWTRACECONTROLCODE { + EtwStartLoggerCode = 1, + EtwStopLoggerCode = 2, + EtwQueryLoggerCode = 3, + EtwUpdateLoggerCode = 4, + EtwFlushLoggerCode = 5, + EtwIncrementLoggerFile = 6, + EtwRealtimeTransition = 7, + EtwRealtimeConnectCode = 11, + EtwActivityIdCreate = 12, + EtwWdiScenarioCode = 13, + EtwRealtimeDisconnectCode = 14, + EtwRegisterGuidsCode = 15, + EtwReceiveNotification = 16, + EtwSendDataBlock = 17, + EtwSendReplyDataBlock = 18, + EtwReceiveReplyDataBlock = 19, + EtwWdiSemUpdate = 20, + EtwEnumTraceGuidList = 21, + EtwGetTraceGuidInfo = 22, + EtwEnumerateTraceGuids = 23, + EtwRegisterSecurityProv = 24, + EtwReferenceTimeCode = 25, + EtwTrackBinaryCode = 26, + EtwAddNotificationEvent = 27, + EtwUpdateDisallowList = 28, + EtwSetEnableAllKeywordsCode = 29, + EtwSetProviderTraitsCode = 30, + EtwUseDescriptorTypeCode = 31, + EtwEnumTraceGroupList = 32, + EtwGetTraceGroupInfo = 33, + EtwGetDisallowList = 34, + EtwSetCompressionSettings = 35, + EtwGetCompressionSettings = 36, + EtwUpdatePeriodicCaptureState = 37, + EtwGetPrivateSessionTraceHandle = 38, + EtwRegisterPrivateSession = 39, + EtwQuerySessionDemuxObject = 40, + EtwSetProviderBinaryTracking = 41, + EtwMaxLoggers = 42, + EtwMaxPmcCounter = 43, + EtwQueryUsedProcessorCount = 44, + EtwGetPmcOwnership = 45, + EtwGetPmcSessions = 46, +} +pub use self::_ETWTRACECONTROLCODE as ETWTRACECONTROLCODE; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ETW_TRACE_PROVIDER_INSTANCE_INFO { + pub NextOffset: ULONG, + pub EnableCount: ULONG, + pub Pid: ULONG, + pub Flags: ULONG, +} +pub type ETW_TRACE_PROVIDER_INSTANCE_INFO = _ETW_TRACE_PROVIDER_INSTANCE_INFO; +pub type PETW_TRACE_PROVIDER_INSTANCE_INFO = *mut _ETW_TRACE_PROVIDER_INSTANCE_INFO; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ETW_TRACE_GUID_INFO { + pub InstanceCount: ULONG, + pub Reserved: ULONG, +} +pub type ETW_TRACE_GUID_INFO = _ETW_TRACE_GUID_INFO; +pub type PETW_TRACE_GUID_INFO = *mut _ETW_TRACE_GUID_INFO; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _ETW_REF_CLOCK { + pub StartTime: LARGE_INTEGER, + pub StartPerfClock: LARGE_INTEGER, +} +impl Default for _ETW_REF_CLOCK { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ETW_REF_CLOCK = _ETW_REF_CLOCK; +pub type PETW_REF_CLOCK = *mut _ETW_REF_CLOCK; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ETW_UMGL_KEY { + pub LoggerId: UCHAR, + pub Flags: UCHAR, +} +pub type ETW_UMGL_KEY = _ETW_UMGL_KEY; +pub type PETW_UMGL_KEY = *mut _ETW_UMGL_KEY; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ETW_KERNEL_HEADER_EXTENSION { + pub GroupMasks: PERFINFO_GROUPMASK, + pub Version: ULONG, +} +pub type ETW_KERNEL_HEADER_EXTENSION = _ETW_KERNEL_HEADER_EXTENSION; +pub type PETW_KERNEL_HEADER_EXTENSION = *mut _ETW_KERNEL_HEADER_EXTENSION; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _ETW_SET_MARK_INFORMATION { + pub Flag: ULONG, + pub Mark: [WCHAR; 1usize], +} +pub type ETW_SET_MARK_INFORMATION = _ETW_SET_MARK_INFORMATION; +pub type PETW_SET_MARK_INFORMATION = *mut _ETW_SET_MARK_INFORMATION; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _ETW_NOTIFICATION_TYPE { + EtwNotificationTypeNoReply = 1, + EtwNotificationTypeLegacyEnable = 2, + EtwNotificationTypeEnable = 3, + EtwNotificationTypePrivateLogger = 4, + EtwNotificationTypePerflib = 5, + EtwNotificationTypeAudio = 6, + EtwNotificationTypeSession = 7, + EtwNotificationTypeReserved = 8, + EtwNotificationTypeCredentialUI = 9, + EtwNotificationTypeInProcSession = 10, + EtwNotificationTypeMax = 11, +} +pub use self::_ETW_NOTIFICATION_TYPE as ETW_NOTIFICATION_TYPE; +#[repr(C)] +pub struct _ETW_NOTIFICATION_HEADER { + pub NotificationType: ETW_NOTIFICATION_TYPE, + pub NotificationSize: ULONG, + pub Offset: ULONG, + pub ReplyRequested: BOOLEAN, + pub Timeout: ULONG, + pub __bindgen_anon_1: _ETW_NOTIFICATION_HEADER__bindgen_ty_1, + pub Reserved2: ULONGLONG, + pub TargetPID: ULONG, + pub SourcePID: ULONG, + pub DestinationGuid: GUID, + pub SourceGuid: GUID, +} +#[repr(C)] +#[derive(Copy, Clone)] +pub union _ETW_NOTIFICATION_HEADER__bindgen_ty_1 { + pub ReplyCount: ULONG, + pub NotifyeeCount: ULONG, +} +impl Default for _ETW_NOTIFICATION_HEADER__bindgen_ty_1 { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +impl Default for _ETW_NOTIFICATION_HEADER { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ETW_NOTIFICATION_HEADER = _ETW_NOTIFICATION_HEADER; +pub type PETW_NOTIFICATION_HEADER = *mut _ETW_NOTIFICATION_HEADER; +pub type PETW_NOTIFICATION_CALLBACK = ::core::option::Option< + unsafe extern "C" fn(NotificationHeader: PETW_NOTIFICATION_HEADER, Context: PVOID) -> ULONG, +>; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _ETW_SESSION_NOTIFICATION_TYPE { + EtwSessionNotificationMediaChanged = 1, + EtwSessionNotificationSessionTerminated = 2, + EtwSessionNotificationLogfileError = 3, + EtwSessionNotificationRealtimeError = 4, + EtwSessionNotificationSessionStarted = 5, + EtwSessionNotificationMax = 6, +} +pub use self::_ETW_SESSION_NOTIFICATION_TYPE as ETW_SESSION_NOTIFICATION_TYPE; +#[repr(C)] +pub struct _ETW_SESSION_NOTIFICATION_PACKET { + pub NotificationHeader: ETW_NOTIFICATION_HEADER, + pub Type: ETW_SESSION_NOTIFICATION_TYPE, + pub Status: NTSTATUS, + pub TraceHandle: TRACEHANDLE, + pub Reserved: [ULONG; 2usize], +} +impl Default for _ETW_SESSION_NOTIFICATION_PACKET { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type ETW_SESSION_NOTIFICATION_PACKET = _ETW_SESSION_NOTIFICATION_PACKET; +pub type PETW_SESSION_NOTIFICATION_PACKET = *mut _ETW_SESSION_NOTIFICATION_PACKET; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone)] +pub struct _EVENT_DESCRIPTOR { + pub Id: USHORT, + pub Version: UCHAR, + pub Channel: UCHAR, + pub Level: UCHAR, + pub Opcode: UCHAR, + pub Task: USHORT, + pub Keyword: ULONGLONG, +} +pub type EVENT_DESCRIPTOR = _EVENT_DESCRIPTOR; +pub type PEVENT_DESCRIPTOR = *mut _EVENT_DESCRIPTOR; +pub type PCEVENT_DESCRIPTOR = *const EVENT_DESCRIPTOR; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _EVENT_DATA_DESCRIPTOR { + _unused: [u8; 0], +} +pub type EVENT_DATA_DESCRIPTOR = _EVENT_DATA_DESCRIPTOR; +pub type PEVENT_DATA_DESCRIPTOR = *mut _EVENT_DATA_DESCRIPTOR; +#[repr(i32)] +#[non_exhaustive] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub enum _EVENT_INFO_CLASS { + __bindgen_cannot_repr_c_on_empty_enum = 0, +} +pub use self::_EVENT_INFO_CLASS as EVENT_INFO_CLASS; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct _TELEMETRY_COVERAGE_POINT { + pub Name: PWSTR, + pub Hash: ULONG, + pub LastCoveredRound: ULONG, + pub Flags: ULONG, +} +impl Default for _TELEMETRY_COVERAGE_POINT { + fn default() -> Self { + let mut s = ::core::mem::MaybeUninit::::uninit(); + unsafe { + ::core::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } +} +pub type TELEMETRY_COVERAGE_POINT = _TELEMETRY_COVERAGE_POINT; +pub type PTELEMETRY_COVERAGE_POINT = *mut _TELEMETRY_COVERAGE_POINT; +extern "C" { + pub static mut NlsAnsiCodePage: USHORT; + pub static mut NlsMbCodePageTag: BOOLEAN; + pub static mut NlsMbOemCodePageTag: BOOLEAN; + pub fn NtCallbackReturn(OutputBuffer: PVOID, OutputLength: ULONG, Status: NTSTATUS) -> NTSTATUS; + pub fn NtFlushProcessWriteBuffers() -> NTSTATUS; + pub fn NtQueryDebugFilterState(ComponentId: ULONG, Level: ULONG) -> NTSTATUS; + pub fn NtSetDebugFilterState(ComponentId: ULONG, Level: ULONG, State: BOOLEAN) -> NTSTATUS; + pub fn NtYieldExecution() -> NTSTATUS; + pub fn LdrLoadDll( + DllPath: PWSTR, + DllCharacteristics: PULONG, + DllName: PUNICODE_STRING, + DllHandle: *mut PVOID, + ) -> NTSTATUS; + pub fn LdrUnloadDll(DllHandle: PVOID) -> NTSTATUS; + pub fn LdrGetDllHandle( + DllPath: PWSTR, + DllCharacteristics: PULONG, + DllName: PUNICODE_STRING, + DllHandle: *mut PVOID, + ) -> NTSTATUS; + pub fn LdrGetDllHandleEx( + Flags: ULONG, + DllPath: PWSTR, + DllCharacteristics: PULONG, + DllName: PUNICODE_STRING, + DllHandle: *mut PVOID, + ) -> NTSTATUS; + pub fn LdrGetDllHandleByMapping(BaseAddress: PVOID, DllHandle: *mut PVOID) -> NTSTATUS; + pub fn LdrGetDllHandleByName( + BaseDllName: PUNICODE_STRING, + FullDllName: PUNICODE_STRING, + DllHandle: *mut PVOID, + ) -> NTSTATUS; + pub fn LdrGetDllFullName(DllHandle: PVOID, FullDllName: PUNICODE_STRING) -> NTSTATUS; + pub fn LdrGetDllPath( + DllName: PCWSTR, + Flags: ULONG, + DllPath: *mut PWSTR, + SearchPaths: *mut PWSTR, + ) -> NTSTATUS; + pub fn LdrGetDllDirectory(DllDirectory: PUNICODE_STRING) -> NTSTATUS; + pub fn LdrSetDllDirectory(DllDirectory: PUNICODE_STRING) -> NTSTATUS; + pub fn LdrAddRefDll(Flags: ULONG, DllHandle: PVOID) -> NTSTATUS; + pub fn LdrGetProcedureAddress( + DllHandle: PVOID, + ProcedureName: PANSI_STRING, + ProcedureNumber: ULONG, + ProcedureAddress: *mut PVOID, + ) -> NTSTATUS; + pub fn LdrGetProcedureAddressEx( + DllHandle: PVOID, + ProcedureName: PANSI_STRING, + ProcedureNumber: ULONG, + ProcedureAddress: *mut PVOID, + Flags: ULONG, + ) -> NTSTATUS; + pub fn LdrGetKnownDllSectionHandle( + DllName: PCWSTR, + KnownDlls32: BOOLEAN, + Section: PHANDLE, + ) -> NTSTATUS; + pub fn LdrGetProcedureAddressForCaller( + DllHandle: PVOID, + ProcedureName: PANSI_STRING, + ProcedureNumber: ULONG, + ProcedureAddress: *mut PVOID, + Flags: ULONG, + Callback: *mut PVOID, + ) -> NTSTATUS; + pub fn LdrLockLoaderLock(Flags: ULONG, Disposition: *mut ULONG, Cookie: *mut PVOID) -> NTSTATUS; + pub fn LdrUnlockLoaderLock(Flags: ULONG, Cookie: PVOID) -> NTSTATUS; + pub fn LdrRelocateImage( + NewBase: PVOID, + LoaderName: PSTR, + Success: NTSTATUS, + Conflict: NTSTATUS, + Invalid: NTSTATUS, + ) -> NTSTATUS; + pub fn LdrRelocateImageWithBias( + NewBase: PVOID, + Bias: LONGLONG, + LoaderName: PSTR, + Success: NTSTATUS, + Conflict: NTSTATUS, + Invalid: NTSTATUS, + ) -> NTSTATUS; + pub fn LdrProcessRelocationBlock( + VA: ULONG_PTR, + SizeOfBlock: ULONG, + NextOffset: PUSHORT, + Diff: LONG_PTR, + ) -> PIMAGE_BASE_RELOCATION; + pub fn LdrProcessRelocationBlockEx( + Machine: ULONG, + VA: ULONG_PTR, + SizeOfBlock: ULONG, + NextOffset: PUSHORT, + Diff: LONG_PTR, + ) -> PIMAGE_BASE_RELOCATION; + pub fn LdrVerifyMappedImageMatchesChecksum( + BaseAddress: PVOID, + NumberOfBytes: SIZE_T, + FileLength: ULONG, + ) -> BOOLEAN; + pub fn LdrVerifyImageMatchesChecksum( + ImageFileHandle: HANDLE, + ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK, + ImportCallbackParameter: PVOID, + ImageCharacteristics: PUSHORT, + ) -> NTSTATUS; + pub fn LdrVerifyImageMatchesChecksumEx( + ImageFileHandle: HANDLE, + VerifyInfo: PLDR_VERIFY_IMAGE_INFO, + ) -> NTSTATUS; + pub fn LdrQueryModuleServiceTags( + DllHandle: PVOID, + ServiceTagBuffer: PULONG, + BufferSize: PULONG, + ) -> NTSTATUS; + pub fn LdrRegisterDllNotification( + Flags: ULONG, + NotificationFunction: PLDR_DLL_NOTIFICATION_FUNCTION, + Context: PVOID, + Cookie: *mut PVOID, + ) -> NTSTATUS; + pub fn LdrUnregisterDllNotification(Cookie: PVOID) -> NTSTATUS; + pub fn LdrStandardizeSystemPath(SystemPath: PUNICODE_STRING) -> PUNICODE_STRING; + pub fn LdrGetFailureData() -> PLDR_FAILURE_DATA; + pub static mut LdrSystemDllInitBlock: PS_SYSTEM_DLL_INIT_BLOCK; + pub fn LdrAddLoadAsDataTable( + Module: PVOID, + FilePath: PWSTR, + Size: SIZE_T, + Handle: HANDLE, + ActCtx: PACTIVATION_CONTEXT, + ) -> NTSTATUS; + pub fn LdrRemoveLoadAsDataTable( + InitModule: PVOID, + BaseModule: *mut PVOID, + Size: PSIZE_T, + Flags: ULONG, + ) -> NTSTATUS; + pub fn LdrGetFileNameFromLoadAsDataTable(Module: PVOID, pFileNamePrt: *mut PVOID) -> NTSTATUS; + pub fn LdrDisableThreadCalloutsForDll(DllImageBase: PVOID) -> NTSTATUS; + pub fn LdrAccessResource( + DllHandle: PVOID, + ResourceDataEntry: PIMAGE_RESOURCE_DATA_ENTRY, + ResourceBuffer: *mut PVOID, + ResourceLength: *mut ULONG, + ) -> NTSTATUS; + pub fn LdrFindResource_U( + DllHandle: PVOID, + ResourceInfo: PLDR_RESOURCE_INFO, + Level: ULONG, + ResourceDataEntry: *mut PIMAGE_RESOURCE_DATA_ENTRY, + ) -> NTSTATUS; + pub fn LdrFindResourceEx_U( + Flags: ULONG, + DllHandle: PVOID, + ResourceInfo: PLDR_RESOURCE_INFO, + Level: ULONG, + ResourceDataEntry: *mut PIMAGE_RESOURCE_DATA_ENTRY, + ) -> NTSTATUS; + pub fn LdrFindResourceDirectory_U( + DllHandle: PVOID, + ResourceInfo: PLDR_RESOURCE_INFO, + Level: ULONG, + ResourceDirectory: *mut PIMAGE_RESOURCE_DIRECTORY, + ) -> NTSTATUS; + pub fn LdrEnumResources( + DllHandle: PVOID, + ResourceInfo: PLDR_RESOURCE_INFO, + Level: ULONG, + ResourceCount: *mut ULONG, + Resources: PLDR_ENUM_RESOURCE_ENTRY, + ) -> NTSTATUS; + pub fn LdrFindEntryForAddress(DllHandle: PVOID, Entry: *mut PLDR_DATA_TABLE_ENTRY) -> NTSTATUS; + pub fn LdrLoadAlternateResourceModule( + DllHandle: PVOID, + ResourceDllBase: *mut PVOID, + ResourceOffset: *mut ULONG_PTR, + Flags: ULONG, + ) -> NTSTATUS; + pub fn LdrLoadAlternateResourceModuleEx( + DllHandle: PVOID, + LanguageId: LANGID, + ResourceDllBase: *mut PVOID, + ResourceOffset: *mut ULONG_PTR, + Flags: ULONG, + ) -> NTSTATUS; + pub fn LdrUnloadAlternateResourceModule(DllHandle: PVOID) -> BOOLEAN; + pub fn LdrUnloadAlternateResourceModuleEx(DllHandle: PVOID, Flags: ULONG) -> BOOLEAN; + pub fn LdrQueryProcessModuleInformation( + ModuleInformation: PRTL_PROCESS_MODULES, + Size: ULONG, + ReturnedSize: PULONG, + ) -> NTSTATUS; + pub fn LdrEnumerateLoadedModules( + ReservedFlag: BOOLEAN, + EnumProc: PLDR_ENUM_CALLBACK, + Context: PVOID, + ) -> NTSTATUS; + pub fn LdrOpenImageFileOptionsKey( + SubKey: PUNICODE_STRING, + Wow64: BOOLEAN, + NewKeyHandle: PHANDLE, + ) -> NTSTATUS; + pub fn LdrQueryImageFileKeyOption( + KeyHandle: HANDLE, + ValueName: PCWSTR, + Type: ULONG, + Buffer: PVOID, + BufferSize: ULONG, + ReturnedLength: PULONG, + ) -> NTSTATUS; + pub fn LdrQueryImageFileExecutionOptions( + SubKey: PUNICODE_STRING, + ValueName: PCWSTR, + ValueSize: ULONG, + Buffer: PVOID, + BufferSize: ULONG, + ReturnedLength: PULONG, + ) -> NTSTATUS; + pub fn LdrQueryImageFileExecutionOptionsEx( + SubKey: PUNICODE_STRING, + ValueName: PCWSTR, + Type: ULONG, + Buffer: PVOID, + BufferSize: ULONG, + ReturnedLength: PULONG, + Wow64: BOOLEAN, + ) -> NTSTATUS; + pub fn LdrQueryOptionalDelayLoadedAPI( + ParentModuleBase: PVOID, + DllName: PCSTR, + ProcedureName: PCSTR, + Flags: ULONG, + ) -> NTSTATUS; + pub fn LdrResolveDelayLoadedAPI( + ParentModuleBase: PVOID, + DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR, + FailureDllHook: PDELAYLOAD_FAILURE_DLL_CALLBACK, + FailureSystemHook: PDELAYLOAD_FAILURE_SYSTEM_ROUTINE, + ThunkAddress: PIMAGE_THUNK_DATA, + Flags: ULONG, + ) -> PVOID; + pub fn LdrResolveDelayLoadsFromDll( + ParentModuleBase: PVOID, + TargetDllName: PCSTR, + Flags: ULONG, + ) -> NTSTATUS; + pub fn LdrSetDefaultDllDirectories(DirectoryFlags: ULONG) -> NTSTATUS; + pub fn LdrAddDllDirectory( + NewDirectory: PUNICODE_STRING, + Cookie: PDLL_DIRECTORY_COOKIE, + ) -> NTSTATUS; + pub fn LdrRemoveDllDirectory(Cookie: DLL_DIRECTORY_COOKIE) -> NTSTATUS; + pub fn LdrShutdownProcess() -> !; + pub fn LdrShutdownThread() -> !; + pub fn LdrSetImplicitPathOptions(ImplicitPathOptions: ULONG) -> NTSTATUS; + pub fn LdrControlFlowGuardEnforced() -> BOOLEAN; + pub fn LdrIsModuleSxsRedirected(DllHandle: PVOID) -> BOOLEAN; + pub fn LdrUpdatePackageSearchPath(SearchPathA: PWSTR) -> NTSTATUS; + pub fn LdrCreateEnclave( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + Reserved: ULONG, + Size: SIZE_T, + InitialCommitment: SIZE_T, + EnclaveType: ULONG, + EnclaveInformation: PVOID, + EnclaveInformationLength: ULONG, + EnclaveError: PULONG, + ) -> NTSTATUS; + pub fn LdrInitializeEnclave( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + EnclaveInformation: PVOID, + EnclaveInformationLength: ULONG, + EnclaveError: PULONG, + ) -> NTSTATUS; + pub fn LdrDeleteEnclave(BaseAddress: PVOID) -> NTSTATUS; + pub fn LdrCallEnclave( + Routine: PENCLAVE_ROUTINE, + Flags: ULONG, + RoutineParamReturn: *mut PVOID, + ) -> NTSTATUS; + pub fn LdrLoadEnclaveModule( + BaseAddress: PVOID, + DllPath: PWSTR, + DllName: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn NtDelayExecution(Alertable: BOOLEAN, DelayInterval: PLARGE_INTEGER) -> NTSTATUS; + pub fn NtQuerySystemEnvironmentValue( + VariableName: PUNICODE_STRING, + VariableValue: PWSTR, + ValueLength: USHORT, + ReturnLength: PUSHORT, + ) -> NTSTATUS; + pub fn NtSetSystemEnvironmentValue( + VariableName: PUNICODE_STRING, + VariableValue: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn NtQuerySystemEnvironmentValueEx( + VariableName: PUNICODE_STRING, + VendorGuid: PCGUID, + Value: PVOID, + ValueLength: PULONG, + Attributes: PULONG, + ) -> NTSTATUS; + pub fn NtSetSystemEnvironmentValueEx( + VariableName: PUNICODE_STRING, + VendorGuid: PCGUID, + Value: PVOID, + ValueLength: ULONG, + Attributes: ULONG, + ) -> NTSTATUS; + pub fn NtEnumerateSystemEnvironmentValuesEx( + InformationClass: ULONG, + Buffer: PVOID, + BufferLength: PULONG, + ) -> NTSTATUS; + pub fn NtAddBootEntry(BootEntry: PBOOT_ENTRY, Id: PULONG) -> NTSTATUS; + pub fn NtDeleteBootEntry(Id: ULONG) -> NTSTATUS; + pub fn NtModifyBootEntry(BootEntry: PBOOT_ENTRY) -> NTSTATUS; + pub fn NtEnumerateBootEntries(Buffer: PVOID, BufferLength: PULONG) -> NTSTATUS; + pub fn NtQueryBootEntryOrder(Ids: PULONG, Count: PULONG) -> NTSTATUS; + pub fn NtSetBootEntryOrder(Ids: PULONG, Count: ULONG) -> NTSTATUS; + pub fn NtQueryBootOptions(BootOptions: PBOOT_OPTIONS, BootOptionsLength: PULONG) -> NTSTATUS; + pub fn NtSetBootOptions(BootOptions: PBOOT_OPTIONS, FieldsToChange: ULONG) -> NTSTATUS; + pub fn NtTranslateFilePath( + InputFilePath: PFILE_PATH, + OutputType: ULONG, + OutputFilePath: PFILE_PATH, + OutputFilePathLength: PULONG, + ) -> NTSTATUS; + pub fn NtAddDriverEntry(DriverEntry: PEFI_DRIVER_ENTRY, Id: PULONG) -> NTSTATUS; + pub fn NtDeleteDriverEntry(Id: ULONG) -> NTSTATUS; + pub fn NtModifyDriverEntry(DriverEntry: PEFI_DRIVER_ENTRY) -> NTSTATUS; + pub fn NtEnumerateDriverEntries(Buffer: PVOID, BufferLength: PULONG) -> NTSTATUS; + pub fn NtQueryDriverEntryOrder(Ids: PULONG, Count: PULONG) -> NTSTATUS; + pub fn NtSetDriverEntryOrder(Ids: PULONG, Count: ULONG) -> NTSTATUS; + pub fn NtFilterBootOption( + FilterOperation: FILTER_BOOT_OPTION_OPERATION, + ObjectType: ULONG, + ElementType: ULONG, + Data: PVOID, + DataSize: ULONG, + ) -> NTSTATUS; + pub fn NtCreateEvent( + EventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + EventType: EVENT_TYPE, + InitialState: BOOLEAN, + ) -> NTSTATUS; + pub fn NtOpenEvent( + EventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtSetEvent(EventHandle: HANDLE, PreviousState: PLONG) -> NTSTATUS; + pub fn NtSetEventBoostPriority(EventHandle: HANDLE) -> NTSTATUS; + pub fn NtClearEvent(EventHandle: HANDLE) -> NTSTATUS; + pub fn NtResetEvent(EventHandle: HANDLE, PreviousState: PLONG) -> NTSTATUS; + pub fn NtPulseEvent(EventHandle: HANDLE, PreviousState: PLONG) -> NTSTATUS; + pub fn NtQueryEvent( + EventHandle: HANDLE, + EventInformationClass: EVENT_INFORMATION_CLASS, + EventInformation: PVOID, + EventInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtCreateEventPair( + EventPairHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtOpenEventPair( + EventPairHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtSetLowEventPair(EventPairHandle: HANDLE) -> NTSTATUS; + pub fn NtSetHighEventPair(EventPairHandle: HANDLE) -> NTSTATUS; + pub fn NtWaitLowEventPair(EventPairHandle: HANDLE) -> NTSTATUS; + pub fn NtWaitHighEventPair(EventPairHandle: HANDLE) -> NTSTATUS; + pub fn NtSetLowWaitHighEventPair(EventPairHandle: HANDLE) -> NTSTATUS; + pub fn NtSetHighWaitLowEventPair(EventPairHandle: HANDLE) -> NTSTATUS; + pub fn NtCreateMutant( + MutantHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + InitialOwner: BOOLEAN, + ) -> NTSTATUS; + pub fn NtOpenMutant( + MutantHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtReleaseMutant(MutantHandle: HANDLE, PreviousCount: PLONG) -> NTSTATUS; + pub fn NtQueryMutant( + MutantHandle: HANDLE, + MutantInformationClass: MUTANT_INFORMATION_CLASS, + MutantInformation: PVOID, + MutantInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtCreateSemaphore( + SemaphoreHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + InitialCount: LONG, + MaximumCount: LONG, + ) -> NTSTATUS; + pub fn NtOpenSemaphore( + SemaphoreHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtReleaseSemaphore( + SemaphoreHandle: HANDLE, + ReleaseCount: LONG, + PreviousCount: PLONG, + ) -> NTSTATUS; + pub fn NtQuerySemaphore( + SemaphoreHandle: HANDLE, + SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS, + SemaphoreInformation: PVOID, + SemaphoreInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtCreateTimer( + TimerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TimerType: TIMER_TYPE, + ) -> NTSTATUS; + pub fn NtOpenTimer( + TimerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtSetTimer( + TimerHandle: HANDLE, + DueTime: PLARGE_INTEGER, + TimerApcRoutine: PTIMER_APC_ROUTINE, + TimerContext: PVOID, + ResumeTimer: BOOLEAN, + Period: LONG, + PreviousState: PBOOLEAN, + ) -> NTSTATUS; + pub fn NtSetTimerEx( + TimerHandle: HANDLE, + TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS, + TimerSetInformation: PVOID, + TimerSetInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtCancelTimer(TimerHandle: HANDLE, CurrentState: PBOOLEAN) -> NTSTATUS; + pub fn NtQueryTimer( + TimerHandle: HANDLE, + TimerInformationClass: TIMER_INFORMATION_CLASS, + TimerInformation: PVOID, + TimerInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtCreateIRTimer(TimerHandle: PHANDLE, DesiredAccess: ACCESS_MASK) -> NTSTATUS; + pub fn NtSetIRTimer(TimerHandle: HANDLE, DueTime: PLARGE_INTEGER) -> NTSTATUS; + pub fn NtCreateTimer2( + TimerHandle: PHANDLE, + Reserved1: PVOID, + ObjectAttributes: POBJECT_ATTRIBUTES, + Attributes: ULONG, + DesiredAccess: ACCESS_MASK, + ) -> NTSTATUS; + pub fn NtSetTimer2( + TimerHandle: HANDLE, + DueTime: PLARGE_INTEGER, + Period: PLARGE_INTEGER, + Parameters: PT2_SET_PARAMETERS, + ) -> NTSTATUS; + pub fn NtCancelTimer2(TimerHandle: HANDLE, Parameters: PT2_CANCEL_PARAMETERS) -> NTSTATUS; + pub fn NtCreateProfile( + ProfileHandle: PHANDLE, + Process: HANDLE, + ProfileBase: PVOID, + ProfileSize: SIZE_T, + BucketSize: ULONG, + Buffer: PULONG, + BufferSize: ULONG, + ProfileSource: KPROFILE_SOURCE, + Affinity: KAFFINITY, + ) -> NTSTATUS; + pub fn NtCreateProfileEx( + ProfileHandle: PHANDLE, + Process: HANDLE, + ProfileBase: PVOID, + ProfileSize: SIZE_T, + BucketSize: ULONG, + Buffer: PULONG, + BufferSize: ULONG, + ProfileSource: KPROFILE_SOURCE, + GroupCount: USHORT, + GroupAffinity: PGROUP_AFFINITY, + ) -> NTSTATUS; + pub fn NtStartProfile(ProfileHandle: HANDLE) -> NTSTATUS; + pub fn NtStopProfile(ProfileHandle: HANDLE) -> NTSTATUS; + pub fn NtQueryIntervalProfile(ProfileSource: KPROFILE_SOURCE, Interval: PULONG) -> NTSTATUS; + pub fn NtSetIntervalProfile(Interval: ULONG, Source: KPROFILE_SOURCE) -> NTSTATUS; + pub fn NtCreateKeyedEvent( + KeyedEventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + pub fn NtOpenKeyedEvent( + KeyedEventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtReleaseKeyedEvent( + KeyedEventHandle: HANDLE, + KeyValue: PVOID, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtWaitForKeyedEvent( + KeyedEventHandle: HANDLE, + KeyValue: PVOID, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtUmsThreadYield(SchedulerParam: PVOID) -> NTSTATUS; + pub fn NtCreateWnfStateName( + StateName: PWNF_STATE_NAME, + NameLifetime: WNF_STATE_NAME_LIFETIME, + DataScope: WNF_DATA_SCOPE, + PersistData: BOOLEAN, + TypeId: PCWNF_TYPE_ID, + MaximumStateSize: ULONG, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn NtDeleteWnfStateName(StateName: PCWNF_STATE_NAME) -> NTSTATUS; + pub fn NtUpdateWnfStateData( + StateName: PCWNF_STATE_NAME, + Buffer: *const cty::c_void, + Length: ULONG, + TypeId: PCWNF_TYPE_ID, + ExplicitScope: *const cty::c_void, + MatchingChangeStamp: WNF_CHANGE_STAMP, + CheckStamp: LOGICAL, + ) -> NTSTATUS; + pub fn NtDeleteWnfStateData( + StateName: PCWNF_STATE_NAME, + ExplicitScope: *const cty::c_void, + ) -> NTSTATUS; + pub fn NtQueryWnfStateData( + StateName: PCWNF_STATE_NAME, + TypeId: PCWNF_TYPE_ID, + ExplicitScope: *const cty::c_void, + ChangeStamp: PWNF_CHANGE_STAMP, + Buffer: PVOID, + BufferSize: PULONG, + ) -> NTSTATUS; + pub fn NtQueryWnfStateNameInformation( + StateName: PCWNF_STATE_NAME, + NameInfoClass: WNF_STATE_NAME_INFORMATION, + ExplicitScope: *const cty::c_void, + InfoBuffer: PVOID, + InfoBufferSize: ULONG, + ) -> NTSTATUS; + pub fn NtSubscribeWnfStateChange( + StateName: PCWNF_STATE_NAME, + ChangeStamp: WNF_CHANGE_STAMP, + EventMask: ULONG, + SubscriptionId: PULONG64, + ) -> NTSTATUS; + pub fn NtUnsubscribeWnfStateChange(StateName: PCWNF_STATE_NAME) -> NTSTATUS; + pub fn NtGetCompleteWnfStateSubscription( + OldDescriptorStateName: PWNF_STATE_NAME, + OldSubscriptionId: *mut ULONG64, + OldDescriptorEventMask: ULONG, + OldDescriptorStatus: ULONG, + NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR, + DescriptorSize: ULONG, + ) -> NTSTATUS; + pub fn NtSetWnfProcessNotificationEvent(NotificationEvent: HANDLE) -> NTSTATUS; + pub fn NtCreateWorkerFactory( + WorkerFactoryHandleReturn: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + CompletionPortHandle: HANDLE, + WorkerProcessHandle: HANDLE, + StartRoutine: PVOID, + StartParameter: PVOID, + MaxThreadCount: ULONG, + StackReserve: SIZE_T, + StackCommit: SIZE_T, + ) -> NTSTATUS; + pub fn NtQueryInformationWorkerFactory( + WorkerFactoryHandle: HANDLE, + WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, + WorkerFactoryInformation: PVOID, + WorkerFactoryInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetInformationWorkerFactory( + WorkerFactoryHandle: HANDLE, + WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, + WorkerFactoryInformation: PVOID, + WorkerFactoryInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtShutdownWorkerFactory( + WorkerFactoryHandle: HANDLE, + PendingWorkerCount: *mut LONG, + ) -> NTSTATUS; + pub fn NtReleaseWorkerFactoryWorker(WorkerFactoryHandle: HANDLE) -> NTSTATUS; + pub fn NtWorkerFactoryWorkerReady(WorkerFactoryHandle: HANDLE) -> NTSTATUS; + pub fn NtWaitForWorkViaWorkerFactory( + WorkerFactoryHandle: HANDLE, + MiniPackets: PFILE_IO_COMPLETION_INFORMATION, + Count: ULONG, + PacketsReturned: PULONG, + DeferredWork: PWORKER_FACTORY_DEFERRED_WORK, + ) -> NTSTATUS; + pub fn NtQuerySystemTime(SystemTime: PLARGE_INTEGER) -> NTSTATUS; + pub fn NtSetSystemTime(SystemTime: PLARGE_INTEGER, PreviousTime: PLARGE_INTEGER) -> NTSTATUS; + pub fn NtQueryTimerResolution( + MaximumTime: PULONG, + MinimumTime: PULONG, + CurrentTime: PULONG, + ) -> NTSTATUS; + pub fn NtSetTimerResolution( + DesiredTime: ULONG, + SetResolution: BOOLEAN, + ActualTime: PULONG, + ) -> NTSTATUS; + pub fn NtQueryPerformanceCounter( + PerformanceCounter: PLARGE_INTEGER, + PerformanceFrequency: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtQueryAuxiliaryCounterFrequency(AuxiliaryCounterFrequency: PLARGE_INTEGER) -> NTSTATUS; + pub fn NtConvertBetweenAuxiliaryCounterAndPerformanceCounter( + ConvertAuxiliaryToPerformanceCounter: BOOLEAN, + PerformanceOrAuxiliaryCounterValue: PLARGE_INTEGER, + ConvertedValue: PLARGE_INTEGER, + ConversionError: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtAllocateLocallyUniqueId(Luid: PLUID) -> NTSTATUS; + pub fn NtSetUuidSeed(Seed: PCHAR) -> NTSTATUS; + pub fn NtAllocateUuids( + Time: PULARGE_INTEGER, + Range: PULONG, + Sequence: PULONG, + Seed: PCHAR, + ) -> NTSTATUS; + pub fn NtQuerySystemInformation( + SystemInformationClass: SYSTEM_INFORMATION_CLASS, + SystemInformation: PVOID, + SystemInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtQuerySystemInformationEx( + SystemInformationClass: SYSTEM_INFORMATION_CLASS, + InputBuffer: PVOID, + InputBufferLength: ULONG, + SystemInformation: PVOID, + SystemInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetSystemInformation( + SystemInformationClass: SYSTEM_INFORMATION_CLASS, + SystemInformation: PVOID, + SystemInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtSystemDebugControl( + Command: SYSDBG_COMMAND, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtRaiseHardError( + ErrorStatus: NTSTATUS, + NumberOfParameters: ULONG, + UnicodeStringParameterMask: ULONG, + Parameters: PULONG_PTR, + ValidResponseOptions: ULONG, + Response: PULONG, + ) -> NTSTATUS; + pub fn NtGetTickCount64() -> ULONGLONG; + pub fn NtGetTickCount() -> ULONG; + pub fn NtQueryDefaultLocale(UserProfile: BOOLEAN, DefaultLocaleId: PLCID) -> NTSTATUS; + pub fn NtSetDefaultLocale(UserProfile: BOOLEAN, DefaultLocaleId: LCID) -> NTSTATUS; + pub fn NtQueryInstallUILanguage(InstallUILanguageId: *mut LANGID) -> NTSTATUS; + pub fn NtFlushInstallUILanguage(InstallUILanguage: LANGID, SetComittedFlag: ULONG) -> NTSTATUS; + pub fn NtQueryDefaultUILanguage(DefaultUILanguageId: *mut LANGID) -> NTSTATUS; + pub fn NtSetDefaultUILanguage(DefaultUILanguageId: LANGID) -> NTSTATUS; + pub fn NtIsUILanguageComitted() -> NTSTATUS; + pub fn NtInitializeNlsFiles( + BaseAddress: *mut PVOID, + DefaultLocaleId: PLCID, + DefaultCasingTableSize: PLARGE_INTEGER, + CurrentNLSVersion: PULONG, + ) -> NTSTATUS; + pub fn NtGetNlsSectionPtr( + SectionType: ULONG, + SectionData: ULONG, + ContextData: PVOID, + SectionPointer: *mut PVOID, + SectionSize: PULONG, + ) -> NTSTATUS; + pub fn NtMapCMFModule( + What: ULONG, + Index: ULONG, + CacheIndexOut: PULONG, + CacheFlagsOut: PULONG, + ViewSizeOut: PULONG, + BaseAddress: *mut PVOID, + ) -> NTSTATUS; + pub fn NtGetMUIRegistryInfo(Flags: ULONG, DataSize: PULONG, Data: PVOID) -> NTSTATUS; + pub fn NtAddAtom(AtomName: PWSTR, Length: ULONG, Atom: PRTL_ATOM) -> NTSTATUS; + pub fn NtAddAtomEx(AtomName: PWSTR, Length: ULONG, Atom: PRTL_ATOM, Flags: ULONG) -> NTSTATUS; + pub fn NtFindAtom(AtomName: PWSTR, Length: ULONG, Atom: PRTL_ATOM) -> NTSTATUS; + pub fn NtDeleteAtom(Atom: RTL_ATOM) -> NTSTATUS; + pub fn NtQueryInformationAtom( + Atom: RTL_ATOM, + AtomInformationClass: ATOM_INFORMATION_CLASS, + AtomInformation: PVOID, + AtomInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtQueryLicenseValue( + ValueName: PUNICODE_STRING, + Type: PULONG, + Data: PVOID, + DataSize: ULONG, + ResultDataSize: PULONG, + ) -> NTSTATUS; + pub fn NtSetDefaultHardErrorPort(DefaultHardErrorPort: HANDLE) -> NTSTATUS; + pub fn NtShutdownSystem(Action: SHUTDOWN_ACTION) -> NTSTATUS; + pub fn NtDisplayString(String: PUNICODE_STRING) -> NTSTATUS; + pub fn NtDrawText(Text: PUNICODE_STRING) -> NTSTATUS; + pub static GUID_BAD_MEMORY_GROUP: GUID; + pub static GUID_BOOT_LOADER_SETTINGS_GROUP: GUID; + pub static GUID_CURRENT_BOOT_ENTRY: GUID; + pub static GUID_DEBUGGER_SETTINGS_GROUP: GUID; + pub static GUID_DEFAULT_BOOT_ENTRY: GUID; + pub static GUID_EMS_SETTINGS_GROUP: GUID; + pub static GUID_FIRMWARE_BOOTMGR: GUID; + pub static GUID_GLOBAL_SETTINGS_GROUP: GUID; + pub static GUID_HYPERVISOR_SETTINGS_GROUP: GUID; + pub static GUID_KERNEL_DEBUGGER_SETTINGS_GROUP: GUID; + pub static GUID_RESUME_LOADER_SETTINGS_GROUP: GUID; + pub static GUID_WINDOWS_BOOTMGR: GUID; + pub static GUID_WINDOWS_LEGACY_NTLDR: GUID; + pub static GUID_WINDOWS_MEMORY_TESTER: GUID; + pub static GUID_WINDOWS_OS_TARGET_TEMPLATE_EFI: GUID; + pub static GUID_WINDOWS_OS_TARGET_TEMPLATE_PCAT: GUID; + pub static GUID_WINDOWS_RESUME_TARGET_TEMPLATE_EFI: GUID; + pub static GUID_WINDOWS_RESUME_TARGET_TEMPLATE_PCAT: GUID; + pub static GUID_WINDOWS_SETUP_EFI: GUID; + pub static GUID_WINDOWS_SETUP_PCAT: GUID; + pub static GUID_WINDOWS_SETUP_RAMDISK_OPTIONS: GUID; + pub static GUID_WINDOWS_SETUP_BOOT_ENTRY: GUID; + pub fn BcdSetLogging( + BcdLoggingLevel: BCD_MESSAGE_TYPE, + BcdMessageCallbackRoutine: BCD_MESSAGE_CALLBACK, + ) -> NTSTATUS; + pub fn BcdInitializeBcdSyncMutant(); + pub fn BcdGetSystemStorePath(BcdSystemStorePath: *mut PWSTR) -> NTSTATUS; + pub fn BcdSetSystemStoreDevice(SystemPartition: UNICODE_STRING) -> NTSTATUS; + pub fn BcdOpenSystemStore(BcdStoreHandle: PHANDLE) -> NTSTATUS; + pub fn BcdOpenStoreFromFile(BcdFilePath: UNICODE_STRING, BcdStoreHandle: PHANDLE) -> NTSTATUS; + pub fn BcdCreateStore(BcdFilePath: UNICODE_STRING, BcdStoreHandle: PHANDLE) -> NTSTATUS; + pub fn BcdExportStore(BcdFilePath: UNICODE_STRING) -> NTSTATUS; + pub fn BcdImportStore(BcdFilePath: UNICODE_STRING) -> NTSTATUS; + pub fn BcdImportStoreWithFlags( + BcdFilePath: UNICODE_STRING, + BcdImportFlags: BCD_IMPORT_FLAGS, + ) -> NTSTATUS; + pub fn BcdDeleteObjectReferences(BcdStoreHandle: HANDLE, Identifier: PGUID) -> NTSTATUS; + pub fn BcdDeleteSystemStore() -> NTSTATUS; + pub fn BcdOpenStore( + BcdFilePath: UNICODE_STRING, + BcdOpenFlags: BCD_OPEN_FLAGS, + BcdStoreHandle: PHANDLE, + ) -> NTSTATUS; + pub fn BcdCloseStore(BcdStoreHandle: HANDLE) -> NTSTATUS; + pub fn BcdFlushStore(BcdStoreHandle: HANDLE) -> NTSTATUS; + pub fn BcdForciblyUnloadStore(BcdStoreHandle: HANDLE) -> NTSTATUS; + pub fn BcdMarkAsSystemStore(BcdStoreHandle: HANDLE) -> NTSTATUS; + pub fn BcdEnumerateObjects( + BcdStoreHandle: HANDLE, + BcdEnumDescriptor: PBCD_OBJECT_DESCRIPTION, + Buffer: PVOID, + BufferSize: PULONG, + ObjectCount: PULONG, + ) -> NTSTATUS; + pub fn BcdOpenObject( + BcdStoreHandle: HANDLE, + Identifier: *const GUID, + BcdObjectHandle: PHANDLE, + ) -> NTSTATUS; + pub fn BcdCreateObject( + BcdStoreHandle: HANDLE, + Identifier: PGUID, + Description: PBCD_OBJECT_DESCRIPTION, + BcdObjectHandle: PHANDLE, + ) -> NTSTATUS; + pub fn BcdDeleteObject(BcdObjectHandle: HANDLE) -> NTSTATUS; + pub fn BcdCloseObject(BcdObjectHandle: HANDLE) -> NTSTATUS; + pub fn BcdCopyObject( + BcdStoreHandle: HANDLE, + BcdObjectHandle: HANDLE, + BcdCopyFlags: BCD_COPY_FLAGS, + TargetStoreHandle: HANDLE, + TargetObjectHandle: PHANDLE, + ) -> NTSTATUS; + pub fn BcdCopyObjectEx( + BcdStoreHandle: HANDLE, + BcdObjectHandle: HANDLE, + BcdCopyFlags: BCD_COPY_FLAGS, + TargetStoreHandle: HANDLE, + TargetObjectId: PGUID, + TargetObjectHandle: PHANDLE, + ) -> NTSTATUS; + pub fn BcdCopyObjects( + BcdStoreHandle: HANDLE, + Characteristics: BCD_OBJECT_DESCRIPTION, + BcdCopyFlags: BCD_COPY_FLAGS, + TargetStoreHandle: HANDLE, + ) -> NTSTATUS; + pub fn BcdMigrateObjectElementValues( + TemplateObjectHandle: HANDLE, + SourceObjectHandle: HANDLE, + TargetObjectHandle: HANDLE, + ) -> NTSTATUS; + pub fn BcdQueryObject( + BcdObjectHandle: HANDLE, + BcdVersion: ULONG, + Description: BCD_OBJECT_DESCRIPTION, + Identifier: PGUID, + ) -> NTSTATUS; + pub fn BcdEnumerateElementTypes( + BcdObjectHandle: HANDLE, + Buffer: PVOID, + BufferSize: PULONG, + ElementCount: PULONG, + ) -> NTSTATUS; + pub fn BcdEnumerateElements( + BcdObjectHandle: HANDLE, + Buffer: PVOID, + BufferSize: PULONG, + ElementCount: PULONG, + ) -> NTSTATUS; + pub fn BcdEnumerateElementsWithFlags( + BcdObjectHandle: HANDLE, + BcdFlags: BCD_FLAGS, + Buffer: PVOID, + BufferSize: PULONG, + ElementCount: PULONG, + ) -> NTSTATUS; + pub fn BcdEnumerateAndUnpackElements( + BcdStoreHandle: HANDLE, + BcdObjectHandle: HANDLE, + BcdFlags: BCD_FLAGS, + Buffer: PVOID, + BufferSize: PULONG, + ElementCount: PULONG, + ) -> NTSTATUS; + pub fn BcdGetElementData( + BcdObjectHandle: HANDLE, + BcdElement: ULONG, + Buffer: PVOID, + BufferSize: PULONG, + ) -> NTSTATUS; + pub fn BcdGetElementDataWithFlags( + BcdObjectHandle: HANDLE, + BcdElement: ULONG, + BcdFlags: BCD_FLAGS, + Buffer: PVOID, + BufferSize: PULONG, + ) -> NTSTATUS; + pub fn BcdSetElementData( + BcdObjectHandle: HANDLE, + BcdElement: ULONG, + Buffer: PVOID, + BufferSize: ULONG, + ) -> NTSTATUS; + pub fn BcdSetElementDataWithFlags( + BcdObjectHandle: HANDLE, + BcdElement: ULONG, + BcdFlags: BCD_FLAGS, + Buffer: PVOID, + BufferSize: ULONG, + ) -> NTSTATUS; + pub fn BcdDeleteElement(BcdObjectHandle: HANDLE, BcdElement: ULONG) -> NTSTATUS; + pub fn NtAllocateVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + ZeroBits: ULONG_PTR, + RegionSize: PSIZE_T, + AllocationType: ULONG, + Protect: ULONG, + ) -> NTSTATUS; + pub fn NtAllocateVirtualMemoryEx( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + AllocationType: ULONG, + PageProtection: ULONG, + ExtendedParameters: PMEM_EXTENDED_PARAMETER, + ExtendedParameterCount: ULONG, + ) -> NTSTATUS; + pub fn NtFreeVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + FreeType: ULONG, + ) -> NTSTATUS; + pub fn NtReadVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesRead: PSIZE_T, + ) -> NTSTATUS; + pub fn NtReadVirtualMemoryEx( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesRead: PSIZE_T, + Flags: ULONG, + ) -> NTSTATUS; + pub fn NtWriteVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesWritten: PSIZE_T, + ) -> NTSTATUS; + pub fn NtProtectVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + NewProtect: ULONG, + OldProtect: PULONG, + ) -> NTSTATUS; + pub fn NtQueryVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + MemoryInformationClass: MEMORY_INFORMATION_CLASS, + MemoryInformation: PVOID, + MemoryInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + pub fn NtFlushVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + IoStatus: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + pub fn NtSetInformationVirtualMemory( + ProcessHandle: HANDLE, + VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS, + NumberOfEntries: ULONG_PTR, + VirtualAddresses: PMEMORY_RANGE_ENTRY, + VmInformation: PVOID, + VmInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtLockVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + MapType: ULONG, + ) -> NTSTATUS; + pub fn NtUnlockVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + MapType: ULONG, + ) -> NTSTATUS; + pub fn NtCreateSection( + SectionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaximumSize: PLARGE_INTEGER, + SectionPageProtection: ULONG, + AllocationAttributes: ULONG, + FileHandle: HANDLE, + ) -> NTSTATUS; + pub fn NtCreateSectionEx( + SectionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaximumSize: PLARGE_INTEGER, + SectionPageProtection: ULONG, + AllocationAttributes: ULONG, + FileHandle: HANDLE, + ExtendedParameters: PMEM_EXTENDED_PARAMETER, + ExtendedParameterCount: ULONG, + ) -> NTSTATUS; + pub fn NtOpenSection( + SectionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtMapViewOfSection( + SectionHandle: HANDLE, + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + ZeroBits: ULONG_PTR, + CommitSize: SIZE_T, + SectionOffset: PLARGE_INTEGER, + ViewSize: PSIZE_T, + InheritDisposition: SECTION_INHERIT, + AllocationType: ULONG, + Win32Protect: ULONG, + ) -> NTSTATUS; + pub fn NtMapViewOfSectionEx( + SectionHandle: HANDLE, + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + SectionOffset: PLARGE_INTEGER, + ViewSize: PSIZE_T, + AllocationType: ULONG, + Win32Protect: ULONG, + ExtendedParameters: PMEM_EXTENDED_PARAMETER, + ExtendedParameterCount: ULONG, + ) -> NTSTATUS; + pub fn NtUnmapViewOfSection(ProcessHandle: HANDLE, BaseAddress: PVOID) -> NTSTATUS; + pub fn NtUnmapViewOfSectionEx( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Flags: ULONG, + ) -> NTSTATUS; + pub fn NtExtendSection(SectionHandle: HANDLE, NewSectionSize: PLARGE_INTEGER) -> NTSTATUS; + pub fn NtQuerySection( + SectionHandle: HANDLE, + SectionInformationClass: SECTION_INFORMATION_CLASS, + SectionInformation: PVOID, + SectionInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + pub fn NtAreMappedFilesTheSame( + File1MappedAsAnImage: PVOID, + File2MappedAsFile: PVOID, + ) -> NTSTATUS; + pub fn NtCreatePartition( + ParentPartitionHandle: HANDLE, + PartitionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + PreferredNode: ULONG, + ) -> NTSTATUS; + pub fn NtOpenPartition( + PartitionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtManagePartition( + TargetHandle: HANDLE, + SourceHandle: HANDLE, + PartitionInformationClass: PARTITION_INFORMATION_CLASS, + PartitionInformation: PVOID, + PartitionInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtMapUserPhysicalPages( + VirtualAddress: PVOID, + NumberOfPages: ULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + pub fn NtMapUserPhysicalPagesScatter( + VirtualAddresses: *mut PVOID, + NumberOfPages: ULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + pub fn NtAllocateUserPhysicalPages( + ProcessHandle: HANDLE, + NumberOfPages: PULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + pub fn NtAllocateUserPhysicalPagesEx( + ProcessHandle: HANDLE, + NumberOfPages: PULONG_PTR, + UserPfnArray: PULONG_PTR, + ExtendedParameters: PMEM_EXTENDED_PARAMETER, + ExtendedParameterCount: ULONG, + ) -> NTSTATUS; + pub fn NtFreeUserPhysicalPages( + ProcessHandle: HANDLE, + NumberOfPages: PULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + pub fn NtGetWriteWatch( + ProcessHandle: HANDLE, + Flags: ULONG, + BaseAddress: PVOID, + RegionSize: SIZE_T, + UserAddressArray: *mut PVOID, + EntriesInUserAddressArray: PULONG_PTR, + Granularity: PULONG, + ) -> NTSTATUS; + pub fn NtResetWriteWatch( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + RegionSize: SIZE_T, + ) -> NTSTATUS; + pub fn NtCreatePagingFile( + PageFileName: PUNICODE_STRING, + MinimumSize: PLARGE_INTEGER, + MaximumSize: PLARGE_INTEGER, + Priority: ULONG, + ) -> NTSTATUS; + pub fn NtFlushInstructionCache( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Length: SIZE_T, + ) -> NTSTATUS; + pub fn NtFlushWriteBuffer() -> NTSTATUS; + pub fn NtCreateEnclave( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + ZeroBits: ULONG_PTR, + Size: SIZE_T, + InitialCommitment: SIZE_T, + EnclaveType: ULONG, + EnclaveInformation: PVOID, + EnclaveInformationLength: ULONG, + EnclaveError: PULONG, + ) -> NTSTATUS; + pub fn NtLoadEnclaveData( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Buffer: PVOID, + BufferSize: SIZE_T, + Protect: ULONG, + PageInformation: PVOID, + PageInformationLength: ULONG, + NumberOfBytesWritten: PSIZE_T, + EnclaveError: PULONG, + ) -> NTSTATUS; + pub fn NtInitializeEnclave( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + EnclaveInformation: PVOID, + EnclaveInformationLength: ULONG, + EnclaveError: PULONG, + ) -> NTSTATUS; + pub fn NtTerminateEnclave(BaseAddress: PVOID, Flags: ULONG) -> NTSTATUS; + pub fn NtCallEnclave( + Routine: PENCLAVE_ROUTINE, + Reserved: PVOID, + Flags: ULONG, + RoutineParamReturn: *mut PVOID, + ) -> NTSTATUS; + pub fn NtQueryObject( + Handle: HANDLE, + ObjectInformationClass: OBJECT_INFORMATION_CLASS, + ObjectInformation: PVOID, + ObjectInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetInformationObject( + Handle: HANDLE, + ObjectInformationClass: OBJECT_INFORMATION_CLASS, + ObjectInformation: PVOID, + ObjectInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtDuplicateObject( + SourceProcessHandle: HANDLE, + SourceHandle: HANDLE, + TargetProcessHandle: HANDLE, + TargetHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + Options: ULONG, + ) -> NTSTATUS; + pub fn NtMakeTemporaryObject(Handle: HANDLE) -> NTSTATUS; + pub fn NtMakePermanentObject(Handle: HANDLE) -> NTSTATUS; + pub fn NtSignalAndWaitForSingleObject( + SignalHandle: HANDLE, + WaitHandle: HANDLE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtWaitForSingleObject( + Handle: HANDLE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtWaitForMultipleObjects( + Count: ULONG, + Handles: *mut HANDLE, + WaitType: WAIT_TYPE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtWaitForMultipleObjects32( + Count: ULONG, + Handles: *mut LONG, + WaitType: WAIT_TYPE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtSetSecurityObject( + Handle: HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn NtQuerySecurityObject( + Handle: HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Length: ULONG, + LengthNeeded: PULONG, + ) -> NTSTATUS; + pub fn NtClose(Handle: HANDLE) -> NTSTATUS; + pub fn NtCompareObjects(FirstObjectHandle: HANDLE, SecondObjectHandle: HANDLE) -> NTSTATUS; + pub fn NtCreateDirectoryObject( + DirectoryHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtCreateDirectoryObjectEx( + DirectoryHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ShadowDirectoryHandle: HANDLE, + Flags: ULONG, + ) -> NTSTATUS; + pub fn NtOpenDirectoryObject( + DirectoryHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtQueryDirectoryObject( + DirectoryHandle: HANDLE, + Buffer: PVOID, + Length: ULONG, + ReturnSingleEntry: BOOLEAN, + RestartScan: BOOLEAN, + Context: PULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtCreatePrivateNamespace( + NamespaceHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + BoundaryDescriptor: POBJECT_BOUNDARY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn NtOpenPrivateNamespace( + NamespaceHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + BoundaryDescriptor: POBJECT_BOUNDARY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn NtDeletePrivateNamespace(NamespaceHandle: HANDLE) -> NTSTATUS; + pub fn NtCreateSymbolicLinkObject( + LinkHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + LinkTarget: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn NtOpenSymbolicLinkObject( + LinkHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtQuerySymbolicLinkObject( + LinkHandle: HANDLE, + LinkTarget: PUNICODE_STRING, + ReturnedLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetInformationSymbolicLink( + LinkHandle: HANDLE, + SymbolicLinkInformationClass: SYMBOLIC_LINK_INFO_CLASS, + SymbolicLinkInformation: PVOID, + SymbolicLinkInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtQueryPortInformationProcess() -> NTSTATUS; + pub fn NtCreateProcess( + ProcessHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ParentProcess: HANDLE, + InheritObjectTable: BOOLEAN, + SectionHandle: HANDLE, + DebugPort: HANDLE, + TokenHandle: HANDLE, + ) -> NTSTATUS; + pub fn NtCreateProcessEx( + ProcessHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ParentProcess: HANDLE, + Flags: ULONG, + SectionHandle: HANDLE, + DebugPort: HANDLE, + TokenHandle: HANDLE, + Reserved: ULONG, + ) -> NTSTATUS; + pub fn NtOpenProcess( + ProcessHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ClientId: PCLIENT_ID, + ) -> NTSTATUS; + pub fn NtTerminateProcess(ProcessHandle: HANDLE, ExitStatus: NTSTATUS) -> NTSTATUS; + pub fn NtSuspendProcess(ProcessHandle: HANDLE) -> NTSTATUS; + pub fn NtResumeProcess(ProcessHandle: HANDLE) -> NTSTATUS; + pub static mut __ImageBase: IMAGE_DOS_HEADER; + pub fn NtQueryInformationProcess( + ProcessHandle: HANDLE, + ProcessInformationClass: PROCESSINFOCLASS, + ProcessInformation: PVOID, + ProcessInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtGetNextProcess( + ProcessHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + Flags: ULONG, + NewProcessHandle: PHANDLE, + ) -> NTSTATUS; + pub fn NtGetNextThread( + ProcessHandle: HANDLE, + ThreadHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + Flags: ULONG, + NewThreadHandle: PHANDLE, + ) -> NTSTATUS; + pub fn NtSetInformationProcess( + ProcessHandle: HANDLE, + ProcessInformationClass: PROCESSINFOCLASS, + ProcessInformation: PVOID, + ProcessInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtCreateProcessStateChange( + ProcessStateChangeHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ProcessHandle: HANDLE, + Reserved: ULONG64, + ) -> NTSTATUS; + pub fn NtChangeProcessState( + ProcessStateChangeHandle: HANDLE, + ProcessHandle: HANDLE, + StateChangeType: PROCESS_STATE_CHANGE_TYPE, + ExtendedInformation: PVOID, + ExtendedInformationLength: SIZE_T, + Reserved: ULONG64, + ) -> NTSTATUS; + pub fn NtCreateThreadStateChange( + ThreadStateChangeHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ThreadHandle: HANDLE, + Reserved: ULONG64, + ) -> NTSTATUS; + pub fn NtChangeThreadState( + ThreadStateChangeHandle: HANDLE, + ThreadHandle: HANDLE, + StateChangeType: THREAD_STATE_CHANGE_TYPE, + ExtendedInformation: PVOID, + ExtendedInformationLength: SIZE_T, + Reserved: ULONG64, + ) -> NTSTATUS; + pub fn NtCreateThread( + ThreadHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ProcessHandle: HANDLE, + ClientId: PCLIENT_ID, + ThreadContext: PCONTEXT, + InitialTeb: PINITIAL_TEB, + CreateSuspended: BOOLEAN, + ) -> NTSTATUS; + pub fn NtOpenThread( + ThreadHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ClientId: PCLIENT_ID, + ) -> NTSTATUS; + pub fn NtTerminateThread(ThreadHandle: HANDLE, ExitStatus: NTSTATUS) -> NTSTATUS; + pub fn NtSuspendThread(ThreadHandle: HANDLE, PreviousSuspendCount: PULONG) -> NTSTATUS; + pub fn NtResumeThread(ThreadHandle: HANDLE, PreviousSuspendCount: PULONG) -> NTSTATUS; + pub fn NtGetCurrentProcessorNumber() -> ULONG; + pub fn NtGetCurrentProcessorNumberEx(ProcessorNumber: PPROCESSOR_NUMBER) -> ULONG; + pub fn NtGetContextThread(ThreadHandle: HANDLE, ThreadContext: PCONTEXT) -> NTSTATUS; + pub fn NtSetContextThread(ThreadHandle: HANDLE, ThreadContext: PCONTEXT) -> NTSTATUS; + pub fn NtQueryInformationThread( + ThreadHandle: HANDLE, + ThreadInformationClass: THREADINFOCLASS, + ThreadInformation: PVOID, + ThreadInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetInformationThread( + ThreadHandle: HANDLE, + ThreadInformationClass: THREADINFOCLASS, + ThreadInformation: PVOID, + ThreadInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtAlertThread(ThreadHandle: HANDLE) -> NTSTATUS; + pub fn NtAlertResumeThread(ThreadHandle: HANDLE, PreviousSuspendCount: PULONG) -> NTSTATUS; + pub fn NtTestAlert() -> NTSTATUS; + pub fn NtImpersonateThread( + ServerThreadHandle: HANDLE, + ClientThreadHandle: HANDLE, + SecurityQos: PSECURITY_QUALITY_OF_SERVICE, + ) -> NTSTATUS; + pub fn NtRegisterThreadTerminatePort(PortHandle: HANDLE) -> NTSTATUS; + pub fn NtSetLdtEntries( + Selector0: ULONG, + Entry0Low: ULONG, + Entry0Hi: ULONG, + Selector1: ULONG, + Entry1Low: ULONG, + Entry1Hi: ULONG, + ) -> NTSTATUS; + pub fn NtQueueApcThread( + ThreadHandle: HANDLE, + ApcRoutine: PPS_APC_ROUTINE, + ApcArgument1: PVOID, + ApcArgument2: PVOID, + ApcArgument3: PVOID, + ) -> NTSTATUS; + pub fn NtQueueApcThreadEx( + ThreadHandle: HANDLE, + ReserveHandle: HANDLE, + ApcRoutine: PPS_APC_ROUTINE, + ApcArgument1: PVOID, + ApcArgument2: PVOID, + ApcArgument3: PVOID, + ) -> NTSTATUS; + pub fn NtQueueApcThreadEx2( + ThreadHandle: HANDLE, + ReserveHandle: HANDLE, + ApcFlags: ULONG, + ApcRoutine: PPS_APC_ROUTINE, + ApcArgument1: PVOID, + ApcArgument2: PVOID, + ApcArgument3: PVOID, + ) -> NTSTATUS; + pub fn NtAlertThreadByThreadId(ThreadId: HANDLE) -> NTSTATUS; + pub fn NtWaitForAlertByThreadId(Address: PVOID, Timeout: PLARGE_INTEGER) -> NTSTATUS; + pub fn NtCreateUserProcess( + ProcessHandle: PHANDLE, + ThreadHandle: PHANDLE, + ProcessDesiredAccess: ACCESS_MASK, + ThreadDesiredAccess: ACCESS_MASK, + ProcessObjectAttributes: POBJECT_ATTRIBUTES, + ThreadObjectAttributes: POBJECT_ATTRIBUTES, + ProcessFlags: ULONG, + ThreadFlags: ULONG, + ProcessParameters: PVOID, + CreateInfo: PPS_CREATE_INFO, + AttributeList: PPS_ATTRIBUTE_LIST, + ) -> NTSTATUS; + pub fn NtCreateThreadEx( + ThreadHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ProcessHandle: HANDLE, + StartRoutine: PUSER_THREAD_START_ROUTINE, + Argument: PVOID, + CreateFlags: ULONG, + ZeroBits: SIZE_T, + StackSize: SIZE_T, + MaximumStackSize: SIZE_T, + AttributeList: PPS_ATTRIBUTE_LIST, + ) -> NTSTATUS; + pub fn NtCreateJobObject( + JobHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtOpenJobObject( + JobHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtAssignProcessToJobObject(JobHandle: HANDLE, ProcessHandle: HANDLE) -> NTSTATUS; + pub fn NtTerminateJobObject(JobHandle: HANDLE, ExitStatus: NTSTATUS) -> NTSTATUS; + pub fn NtIsProcessInJob(ProcessHandle: HANDLE, JobHandle: HANDLE) -> NTSTATUS; + pub fn NtQueryInformationJobObject( + JobHandle: HANDLE, + JobObjectInformationClass: JOBOBJECTINFOCLASS, + JobObjectInformation: PVOID, + JobObjectInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetInformationJobObject( + JobHandle: HANDLE, + JobObjectInformationClass: JOBOBJECTINFOCLASS, + JobObjectInformation: PVOID, + JobObjectInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtCreateJobSet(NumJob: ULONG, UserJobSet: PJOB_SET_ARRAY, Flags: ULONG) -> NTSTATUS; + pub fn NtRevertContainerImpersonation() -> NTSTATUS; + pub fn NtAllocateReserveObject( + MemoryReserveHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + Type: MEMORY_RESERVE_TYPE, + ) -> NTSTATUS; + pub fn PssNtCaptureSnapshot( + SnapshotHandle: PHANDLE, + ProcessHandle: HANDLE, + CaptureFlags: ULONG, + ThreadContextFlags: ULONG, + ) -> NTSTATUS; + pub fn NtPssCaptureVaSpaceBulk( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + BulkInformation: PNTPSS_MEMORY_BULK_INFORMATION, + BulkInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + pub fn DbgUserBreakPoint(); + pub fn DbgBreakPoint(); + pub fn DbgBreakPointWithStatus(Status: ULONG); + pub fn DbgPrint(Format: PCSTR, ...) -> ULONG; + pub fn DbgPrintEx(ComponentId: ULONG, Level: ULONG, Format: PCSTR, ...) -> ULONG; + pub fn vDbgPrintEx(ComponentId: ULONG, Level: ULONG, Format: PCCH, arglist: va_list) -> ULONG; + pub fn vDbgPrintExWithPrefix( + Prefix: PCCH, + ComponentId: ULONG, + Level: ULONG, + Format: PCCH, + arglist: va_list, + ) -> ULONG; + pub fn DbgQueryDebugFilterState(ComponentId: ULONG, Level: ULONG) -> NTSTATUS; + pub fn DbgSetDebugFilterState(ComponentId: ULONG, Level: ULONG, State: BOOLEAN) -> NTSTATUS; + pub fn DbgPrompt(Prompt: PCCH, Response: PCH, Length: ULONG) -> ULONG; + pub fn NtCreateDebugObject( + DebugObjectHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + pub fn NtDebugActiveProcess(ProcessHandle: HANDLE, DebugObjectHandle: HANDLE) -> NTSTATUS; + pub fn NtDebugContinue( + DebugObjectHandle: HANDLE, + ClientId: PCLIENT_ID, + ContinueStatus: NTSTATUS, + ) -> NTSTATUS; + pub fn NtRemoveProcessDebug(ProcessHandle: HANDLE, DebugObjectHandle: HANDLE) -> NTSTATUS; + pub fn NtSetInformationDebugObject( + DebugObjectHandle: HANDLE, + DebugObjectInformationClass: DEBUGOBJECTINFOCLASS, + DebugInformation: PVOID, + DebugInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtWaitForDebugEvent( + DebugObjectHandle: HANDLE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + WaitStateChange: PDBGUI_WAIT_STATE_CHANGE, + ) -> NTSTATUS; + pub fn DbgUiConnectToDbg() -> NTSTATUS; + pub fn DbgUiGetThreadDebugObject() -> HANDLE; + pub fn DbgUiSetThreadDebugObject(DebugObject: HANDLE); + pub fn DbgUiWaitStateChange( + StateChange: PDBGUI_WAIT_STATE_CHANGE, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn DbgUiContinue(AppClientId: PCLIENT_ID, ContinueStatus: NTSTATUS) -> NTSTATUS; + pub fn DbgUiStopDebugging(Process: HANDLE) -> NTSTATUS; + pub fn DbgUiDebugActiveProcess(Process: HANDLE) -> NTSTATUS; + pub fn DbgUiRemoteBreakin(Context: PVOID); + pub fn DbgUiIssueRemoteBreakin(Process: HANDLE) -> NTSTATUS; + pub fn DbgUiConvertStateChangeStructure( + StateChange: PDBGUI_WAIT_STATE_CHANGE, + DebugEvent: LPDEBUG_EVENT, + ) -> NTSTATUS; + pub fn DbgUiConvertStateChangeStructureEx( + StateChange: PDBGUI_WAIT_STATE_CHANGE, + DebugEvent: LPDEBUG_EVENT, + ) -> NTSTATUS; + pub fn EtwEventRegister( + ProviderId: LPCGUID, + EnableCallback: PENABLECALLBACK, + CallbackContext: PVOID, + RegHandle: PREGHANDLE, + ) -> NTSTATUS; + pub fn NtCreateFile( + FileHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + AllocationSize: PLARGE_INTEGER, + FileAttributes: ULONG, + ShareAccess: ULONG, + CreateDisposition: ULONG, + CreateOptions: ULONG, + EaBuffer: PVOID, + EaLength: ULONG, + ) -> NTSTATUS; + pub fn NtCreateNamedPipeFile( + FileHandle: PHANDLE, + DesiredAccess: ULONG, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + ShareAccess: ULONG, + CreateDisposition: ULONG, + CreateOptions: ULONG, + NamedPipeType: ULONG, + ReadMode: ULONG, + CompletionMode: ULONG, + MaximumInstances: ULONG, + InboundQuota: ULONG, + OutboundQuota: ULONG, + DefaultTimeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtCreateMailslotFile( + FileHandle: PHANDLE, + DesiredAccess: ULONG, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + CreateOptions: ULONG, + MailslotQuota: ULONG, + MaximumMessageSize: ULONG, + ReadTimeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtOpenFile( + FileHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + ShareAccess: ULONG, + OpenOptions: ULONG, + ) -> NTSTATUS; + pub fn NtDeleteFile(ObjectAttributes: POBJECT_ATTRIBUTES) -> NTSTATUS; + pub fn NtFlushBuffersFile(FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK) -> NTSTATUS; + pub fn NtFlushBuffersFileEx( + FileHandle: HANDLE, + Flags: ULONG, + Parameters: PVOID, + ParametersSize: ULONG, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + pub fn NtQueryInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ) -> NTSTATUS; + pub fn NtQueryInformationByName( + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ) -> NTSTATUS; + pub fn NtSetInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ) -> NTSTATUS; + pub fn NtQueryDirectoryFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ReturnSingleEntry: BOOLEAN, + FileName: PUNICODE_STRING, + RestartScan: BOOLEAN, + ) -> NTSTATUS; + pub fn NtQueryDirectoryFileEx( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + QueryFlags: ULONG, + FileName: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn NtQueryEaFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ReturnSingleEntry: BOOLEAN, + EaList: PVOID, + EaListLength: ULONG, + EaIndex: PULONG, + RestartScan: BOOLEAN, + ) -> NTSTATUS; + pub fn NtSetEaFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ) -> NTSTATUS; + pub fn NtQueryQuotaInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ReturnSingleEntry: BOOLEAN, + SidList: PVOID, + SidListLength: ULONG, + StartSid: PSID, + RestartScan: BOOLEAN, + ) -> NTSTATUS; + pub fn NtSetQuotaInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ) -> NTSTATUS; + pub fn NtQueryVolumeInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FsInformation: PVOID, + Length: ULONG, + FsInformationClass: FSINFOCLASS, + ) -> NTSTATUS; + pub fn NtSetVolumeInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FsInformation: PVOID, + Length: ULONG, + FsInformationClass: FSINFOCLASS, + ) -> NTSTATUS; + pub fn NtCancelIoFile(FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK) -> NTSTATUS; + pub fn NtCancelIoFileEx( + FileHandle: HANDLE, + IoRequestToCancel: PIO_STATUS_BLOCK, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + pub fn NtCancelSynchronousIoFile( + ThreadHandle: HANDLE, + IoRequestToCancel: PIO_STATUS_BLOCK, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + pub fn NtDeviceIoControlFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + IoControlCode: ULONG, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ) -> NTSTATUS; + pub fn NtFsControlFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + FsControlCode: ULONG, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ) -> NTSTATUS; + pub fn NtReadFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + pub fn NtWriteFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + pub fn NtReadFileScatter( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + SegmentArray: PFILE_SEGMENT_ELEMENT, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + pub fn NtWriteFileGather( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + SegmentArray: PFILE_SEGMENT_ELEMENT, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + pub fn NtLockFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + ByteOffset: PLARGE_INTEGER, + Length: PLARGE_INTEGER, + Key: ULONG, + FailImmediately: BOOLEAN, + ExclusiveLock: BOOLEAN, + ) -> NTSTATUS; + pub fn NtUnlockFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + ByteOffset: PLARGE_INTEGER, + Length: PLARGE_INTEGER, + Key: ULONG, + ) -> NTSTATUS; + pub fn NtQueryAttributesFile( + ObjectAttributes: POBJECT_ATTRIBUTES, + FileInformation: PFILE_BASIC_INFORMATION, + ) -> NTSTATUS; + pub fn NtQueryFullAttributesFile( + ObjectAttributes: POBJECT_ATTRIBUTES, + FileInformation: PFILE_NETWORK_OPEN_INFORMATION, + ) -> NTSTATUS; + pub fn NtNotifyChangeDirectoryFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + ) -> NTSTATUS; + pub fn NtNotifyChangeDirectoryFileEx( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + DirectoryNotifyInformationClass: DIRECTORY_NOTIFY_INFORMATION_CLASS, + ) -> NTSTATUS; + pub fn NtLoadDriver(DriverServiceName: PUNICODE_STRING) -> NTSTATUS; + pub fn NtUnloadDriver(DriverServiceName: PUNICODE_STRING) -> NTSTATUS; + pub fn NtCreateIoCompletion( + IoCompletionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Count: ULONG, + ) -> NTSTATUS; + pub fn NtOpenIoCompletion( + IoCompletionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtQueryIoCompletion( + IoCompletionHandle: HANDLE, + IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS, + IoCompletionInformation: PVOID, + IoCompletionInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetIoCompletion( + IoCompletionHandle: HANDLE, + KeyContext: PVOID, + ApcContext: PVOID, + IoStatus: NTSTATUS, + IoStatusInformation: ULONG_PTR, + ) -> NTSTATUS; + pub fn NtSetIoCompletionEx( + IoCompletionHandle: HANDLE, + IoCompletionPacketHandle: HANDLE, + KeyContext: PVOID, + ApcContext: PVOID, + IoStatus: NTSTATUS, + IoStatusInformation: ULONG_PTR, + ) -> NTSTATUS; + pub fn NtRemoveIoCompletion( + IoCompletionHandle: HANDLE, + KeyContext: *mut PVOID, + ApcContext: *mut PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtRemoveIoCompletionEx( + IoCompletionHandle: HANDLE, + IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION, + Count: ULONG, + NumEntriesRemoved: PULONG, + Timeout: PLARGE_INTEGER, + Alertable: BOOLEAN, + ) -> NTSTATUS; + pub fn NtCreateWaitCompletionPacket( + WaitCompletionPacketHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtAssociateWaitCompletionPacket( + WaitCompletionPacketHandle: HANDLE, + IoCompletionHandle: HANDLE, + TargetObjectHandle: HANDLE, + KeyContext: PVOID, + ApcContext: PVOID, + IoStatus: NTSTATUS, + IoStatusInformation: ULONG_PTR, + AlreadySignaled: PBOOLEAN, + ) -> NTSTATUS; + pub fn NtCancelWaitCompletionPacket( + WaitCompletionPacketHandle: HANDLE, + RemoveSignaledPacket: BOOLEAN, + ) -> NTSTATUS; + pub fn NtOpenSession( + SessionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtNotifyChangeSession( + SessionHandle: HANDLE, + ChangeSequenceNumber: ULONG, + ChangeTimeStamp: PLARGE_INTEGER, + Event: IO_SESSION_EVENT, + NewState: IO_SESSION_STATE, + PreviousState: IO_SESSION_STATE, + Payload: PVOID, + PayloadSize: ULONG, + ) -> NTSTATUS; + pub fn NtCreateIoRing( + IoRingHandle: PHANDLE, + CreateParametersLength: ULONG, + CreateParameters: PVOID, + OutputParametersLength: ULONG, + OutputParameters: PVOID, + ) -> NTSTATUS; + pub fn NtSubmitIoRing( + IoRingHandle: HANDLE, + Flags: ULONG, + WaitOperations: ULONG, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtQueryIoRingCapabilities( + IoRingCapabilitiesLength: SIZE_T, + IoRingCapabilities: PVOID, + ) -> NTSTATUS; + pub fn NtSetInformationIoRing( + IoRingHandle: HANDLE, + IoRingInformationClass: ULONG, + IoRingInformationLength: ULONG, + IoRingInformation: PVOID, + ) -> NTSTATUS; + pub fn NtCreatePort( + PortHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaxConnectionInfoLength: ULONG, + MaxMessageLength: ULONG, + MaxPoolUsage: ULONG, + ) -> NTSTATUS; + pub fn NtCreateWaitablePort( + PortHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaxConnectionInfoLength: ULONG, + MaxMessageLength: ULONG, + MaxPoolUsage: ULONG, + ) -> NTSTATUS; + pub fn NtConnectPort( + PortHandle: PHANDLE, + PortName: PUNICODE_STRING, + SecurityQos: PSECURITY_QUALITY_OF_SERVICE, + ClientView: PPORT_VIEW, + ServerView: PREMOTE_PORT_VIEW, + MaxMessageLength: PULONG, + ConnectionInformation: PVOID, + ConnectionInformationLength: PULONG, + ) -> NTSTATUS; + pub fn NtSecureConnectPort( + PortHandle: PHANDLE, + PortName: PUNICODE_STRING, + SecurityQos: PSECURITY_QUALITY_OF_SERVICE, + ClientView: PPORT_VIEW, + RequiredServerSid: PSID, + ServerView: PREMOTE_PORT_VIEW, + MaxMessageLength: PULONG, + ConnectionInformation: PVOID, + ConnectionInformationLength: PULONG, + ) -> NTSTATUS; + pub fn NtListenPort(PortHandle: HANDLE, ConnectionRequest: PPORT_MESSAGE) -> NTSTATUS; + pub fn NtAcceptConnectPort( + PortHandle: PHANDLE, + PortContext: PVOID, + ConnectionRequest: PPORT_MESSAGE, + AcceptConnection: BOOLEAN, + ServerView: PPORT_VIEW, + ClientView: PREMOTE_PORT_VIEW, + ) -> NTSTATUS; + pub fn NtCompleteConnectPort(PortHandle: HANDLE) -> NTSTATUS; + pub fn NtRequestPort(PortHandle: HANDLE, RequestMessage: PPORT_MESSAGE) -> NTSTATUS; + pub fn NtRequestWaitReplyPort( + PortHandle: HANDLE, + RequestMessage: PPORT_MESSAGE, + ReplyMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + pub fn NtReplyPort(PortHandle: HANDLE, ReplyMessage: PPORT_MESSAGE) -> NTSTATUS; + pub fn NtReplyWaitReplyPort(PortHandle: HANDLE, ReplyMessage: PPORT_MESSAGE) -> NTSTATUS; + pub fn NtReplyWaitReceivePort( + PortHandle: HANDLE, + PortContext: *mut PVOID, + ReplyMessage: PPORT_MESSAGE, + ReceiveMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + pub fn NtReplyWaitReceivePortEx( + PortHandle: HANDLE, + PortContext: *mut PVOID, + ReplyMessage: PPORT_MESSAGE, + ReceiveMessage: PPORT_MESSAGE, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtImpersonateClientOfPort(PortHandle: HANDLE, Message: PPORT_MESSAGE) -> NTSTATUS; + pub fn NtReadRequestData( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + DataEntryIndex: ULONG, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesRead: PSIZE_T, + ) -> NTSTATUS; + pub fn NtWriteRequestData( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + DataEntryIndex: ULONG, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesWritten: PSIZE_T, + ) -> NTSTATUS; + pub fn NtQueryInformationPort( + PortHandle: HANDLE, + PortInformationClass: PORT_INFORMATION_CLASS, + PortInformation: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtAlpcCreatePort( + PortHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtAlpcDisconnectPort(PortHandle: HANDLE, Flags: ULONG) -> NTSTATUS; + pub fn NtAlpcQueryInformation( + PortHandle: HANDLE, + PortInformationClass: ALPC_PORT_INFORMATION_CLASS, + PortInformation: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtAlpcSetInformation( + PortHandle: HANDLE, + PortInformationClass: ALPC_PORT_INFORMATION_CLASS, + PortInformation: PVOID, + Length: ULONG, + ) -> NTSTATUS; + pub fn NtAlpcCreatePortSection( + PortHandle: HANDLE, + Flags: ULONG, + SectionHandle: HANDLE, + SectionSize: SIZE_T, + AlpcSectionHandle: PALPC_HANDLE, + ActualSectionSize: PSIZE_T, + ) -> NTSTATUS; + pub fn NtAlpcDeletePortSection( + PortHandle: HANDLE, + Flags: ULONG, + SectionHandle: ALPC_HANDLE, + ) -> NTSTATUS; + pub fn NtAlpcCreateResourceReserve( + PortHandle: HANDLE, + Flags: ULONG, + MessageSize: SIZE_T, + ResourceId: PALPC_HANDLE, + ) -> NTSTATUS; + pub fn NtAlpcDeleteResourceReserve( + PortHandle: HANDLE, + Flags: ULONG, + ResourceId: ALPC_HANDLE, + ) -> NTSTATUS; + pub fn NtAlpcCreateSectionView( + PortHandle: HANDLE, + Flags: ULONG, + ViewAttributes: PALPC_DATA_VIEW_ATTR, + ) -> NTSTATUS; + pub fn NtAlpcDeleteSectionView(PortHandle: HANDLE, Flags: ULONG, ViewBase: PVOID) -> NTSTATUS; + pub fn NtAlpcCreateSecurityContext( + PortHandle: HANDLE, + Flags: ULONG, + SecurityAttribute: PALPC_SECURITY_ATTR, + ) -> NTSTATUS; + pub fn NtAlpcDeleteSecurityContext( + PortHandle: HANDLE, + Flags: ULONG, + ContextHandle: ALPC_HANDLE, + ) -> NTSTATUS; + pub fn NtAlpcRevokeSecurityContext( + PortHandle: HANDLE, + Flags: ULONG, + ContextHandle: ALPC_HANDLE, + ) -> NTSTATUS; + pub fn NtAlpcQueryInformationMessage( + PortHandle: HANDLE, + PortMessage: PPORT_MESSAGE, + MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS, + MessageInformation: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtAlpcConnectPort( + PortHandle: PHANDLE, + PortName: PUNICODE_STRING, + ObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + Flags: ULONG, + RequiredServerSid: PSID, + ConnectionMessage: PPORT_MESSAGE, + BufferLength: PSIZE_T, + OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtAlpcConnectPortEx( + PortHandle: PHANDLE, + ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES, + ClientPortObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + Flags: ULONG, + ServerSecurityRequirements: PSECURITY_DESCRIPTOR, + ConnectionMessage: PPORT_MESSAGE, + BufferLength: PSIZE_T, + OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtAlpcAcceptConnectPort( + PortHandle: PHANDLE, + ConnectionPortHandle: HANDLE, + Flags: ULONG, + ObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + PortContext: PVOID, + ConnectionRequest: PPORT_MESSAGE, + ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + AcceptConnection: BOOLEAN, + ) -> NTSTATUS; + pub fn NtAlpcSendWaitReceivePort( + PortHandle: HANDLE, + Flags: ULONG, + SendMessageA: PPORT_MESSAGE, + SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + ReceiveMessage: PPORT_MESSAGE, + BufferLength: PSIZE_T, + ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtAlpcCancelMessage( + PortHandle: HANDLE, + Flags: ULONG, + MessageContext: PALPC_CONTEXT_ATTR, + ) -> NTSTATUS; + pub fn NtAlpcImpersonateClientOfPort( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + Flags: PVOID, + ) -> NTSTATUS; + pub fn NtAlpcImpersonateClientContainerOfPort( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + Flags: ULONG, + ) -> NTSTATUS; + pub fn NtAlpcOpenSenderProcess( + ProcessHandle: PHANDLE, + PortHandle: HANDLE, + PortMessage: PPORT_MESSAGE, + Flags: ULONG, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtAlpcOpenSenderThread( + ThreadHandle: PHANDLE, + PortHandle: HANDLE, + PortMessage: PPORT_MESSAGE, + Flags: ULONG, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn AlpcMaxAllowedMessageLength() -> ULONG; + pub fn AlpcGetHeaderSize(Flags: ULONG) -> ULONG; + pub fn AlpcInitializeMessageAttribute( + AttributeFlags: ULONG, + Buffer: PALPC_MESSAGE_ATTRIBUTES, + BufferSize: SIZE_T, + RequiredBufferSize: PSIZE_T, + ) -> NTSTATUS; + pub fn AlpcGetMessageAttribute(Buffer: PALPC_MESSAGE_ATTRIBUTES, AttributeFlag: ULONG) -> PVOID; + pub fn AlpcRegisterCompletionList( + PortHandle: HANDLE, + Buffer: PALPC_COMPLETION_LIST_HEADER, + Size: ULONG, + ConcurrencyCount: ULONG, + AttributeFlags: ULONG, + ) -> NTSTATUS; + pub fn AlpcUnregisterCompletionList(PortHandle: HANDLE) -> NTSTATUS; + pub fn AlpcRundownCompletionList(PortHandle: HANDLE) -> NTSTATUS; + pub fn AlpcAdjustCompletionListConcurrencyCount( + PortHandle: HANDLE, + ConcurrencyCount: ULONG, + ) -> NTSTATUS; + pub fn AlpcRegisterCompletionListWorkerThread(CompletionList: PVOID) -> BOOLEAN; + pub fn AlpcUnregisterCompletionListWorkerThread(CompletionList: PVOID) -> BOOLEAN; + pub fn AlpcGetCompletionListLastMessageInformation( + CompletionList: PVOID, + LastMessageId: PULONG, + LastCallbackId: PULONG, + ); + pub fn AlpcGetOutstandingCompletionListMessageCount(CompletionList: PVOID) -> ULONG; + pub fn AlpcGetMessageFromCompletionList( + CompletionList: PVOID, + MessageAttributes: *mut PALPC_MESSAGE_ATTRIBUTES, + ) -> PPORT_MESSAGE; + pub fn AlpcFreeCompletionListMessage(CompletionList: PVOID, Message: PPORT_MESSAGE); + pub fn AlpcGetCompletionListMessageAttributes( + CompletionList: PVOID, + Message: PPORT_MESSAGE, + ) -> PALPC_MESSAGE_ATTRIBUTES; + pub fn NtPlugPlayControl( + PnPControlClass: PLUGPLAY_CONTROL_CLASS, + PnPControlData: PVOID, + PnPControlDataLength: ULONG, + ) -> NTSTATUS; + pub fn NtSerializeBoot() -> NTSTATUS; + pub fn NtEnableLastKnownGood() -> NTSTATUS; + pub fn NtDisableLastKnownGood() -> NTSTATUS; + pub fn NtReplacePartitionUnit( + TargetInstancePath: PUNICODE_STRING, + SpareInstancePath: PUNICODE_STRING, + Flags: ULONG, + ) -> NTSTATUS; + pub fn NtPowerInformation( + InformationLevel: POWER_INFORMATION_LEVEL, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ) -> NTSTATUS; + pub fn NtSetThreadExecutionState( + NewFlags: EXECUTION_STATE, + PreviousFlags: *mut EXECUTION_STATE, + ) -> NTSTATUS; + pub fn NtInitiatePowerAction( + SystemAction: POWER_ACTION, + LightestSystemState: SYSTEM_POWER_STATE, + Flags: ULONG, + Asynchronous: BOOLEAN, + ) -> NTSTATUS; + pub fn NtSetSystemPowerState( + SystemAction: POWER_ACTION, + LightestSystemState: SYSTEM_POWER_STATE, + Flags: ULONG, + ) -> NTSTATUS; + pub fn NtGetDevicePowerState(Device: HANDLE, State: PDEVICE_POWER_STATE) -> NTSTATUS; + pub fn NtIsSystemResumeAutomatic() -> BOOLEAN; + pub fn NtCreateKey( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TitleIndex: ULONG, + Class: PUNICODE_STRING, + CreateOptions: ULONG, + Disposition: PULONG, + ) -> NTSTATUS; + pub fn NtCreateKeyTransacted( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TitleIndex: ULONG, + Class: PUNICODE_STRING, + CreateOptions: ULONG, + TransactionHandle: HANDLE, + Disposition: PULONG, + ) -> NTSTATUS; + pub fn NtOpenKey( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtOpenKeyTransacted( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TransactionHandle: HANDLE, + ) -> NTSTATUS; + pub fn NtOpenKeyEx( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + OpenOptions: ULONG, + ) -> NTSTATUS; + pub fn NtOpenKeyTransactedEx( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + OpenOptions: ULONG, + TransactionHandle: HANDLE, + ) -> NTSTATUS; + pub fn NtDeleteKey(KeyHandle: HANDLE) -> NTSTATUS; + pub fn NtRenameKey(KeyHandle: HANDLE, NewName: PUNICODE_STRING) -> NTSTATUS; + pub fn NtDeleteValueKey(KeyHandle: HANDLE, ValueName: PUNICODE_STRING) -> NTSTATUS; + pub fn NtQueryKey( + KeyHandle: HANDLE, + KeyInformationClass: KEY_INFORMATION_CLASS, + KeyInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetInformationKey( + KeyHandle: HANDLE, + KeySetInformationClass: KEY_SET_INFORMATION_CLASS, + KeySetInformation: PVOID, + KeySetInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtQueryValueKey( + KeyHandle: HANDLE, + ValueName: PUNICODE_STRING, + KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, + KeyValueInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetValueKey( + KeyHandle: HANDLE, + ValueName: PUNICODE_STRING, + TitleIndex: ULONG, + Type: ULONG, + Data: PVOID, + DataSize: ULONG, + ) -> NTSTATUS; + pub fn NtQueryMultipleValueKey( + KeyHandle: HANDLE, + ValueEntries: PKEY_VALUE_ENTRY, + EntryCount: ULONG, + ValueBuffer: PVOID, + BufferLength: PULONG, + RequiredBufferLength: PULONG, + ) -> NTSTATUS; + pub fn NtEnumerateKey( + KeyHandle: HANDLE, + Index: ULONG, + KeyInformationClass: KEY_INFORMATION_CLASS, + KeyInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + pub fn NtEnumerateValueKey( + KeyHandle: HANDLE, + Index: ULONG, + KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, + KeyValueInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + pub fn NtFlushKey(KeyHandle: HANDLE) -> NTSTATUS; + pub fn NtCompactKeys(Count: ULONG, KeyArray: *mut HANDLE) -> NTSTATUS; + pub fn NtCompressKey(KeyHandle: HANDLE) -> NTSTATUS; + pub fn NtLoadKey(TargetKey: POBJECT_ATTRIBUTES, SourceFile: POBJECT_ATTRIBUTES) -> NTSTATUS; + pub fn NtLoadKey2( + TargetKey: POBJECT_ATTRIBUTES, + SourceFile: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + pub fn NtLoadKeyEx( + TargetKey: POBJECT_ATTRIBUTES, + SourceFile: POBJECT_ATTRIBUTES, + Flags: ULONG, + TrustClassKey: HANDLE, + Event: HANDLE, + DesiredAccess: ACCESS_MASK, + RootHandle: PHANDLE, + Reserved: PVOID, + ) -> NTSTATUS; + pub fn NtLoadKey3( + TargetKey: POBJECT_ATTRIBUTES, + SourceFile: POBJECT_ATTRIBUTES, + Flags: ULONG, + ExtendedParameters: PCM_EXTENDED_PARAMETER, + ExtendedParameterCount: ULONG, + DesiredAccess: ACCESS_MASK, + RootHandle: PHANDLE, + Reserved: PVOID, + ) -> NTSTATUS; + pub fn NtReplaceKey( + NewFile: POBJECT_ATTRIBUTES, + TargetHandle: HANDLE, + OldFile: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtSaveKey(KeyHandle: HANDLE, FileHandle: HANDLE) -> NTSTATUS; + pub fn NtSaveKeyEx(KeyHandle: HANDLE, FileHandle: HANDLE, Format: ULONG) -> NTSTATUS; + pub fn NtSaveMergedKeys( + HighPrecedenceKeyHandle: HANDLE, + LowPrecedenceKeyHandle: HANDLE, + FileHandle: HANDLE, + ) -> NTSTATUS; + pub fn NtRestoreKey(KeyHandle: HANDLE, FileHandle: HANDLE, Flags: ULONG) -> NTSTATUS; + pub fn NtUnloadKey(TargetKey: POBJECT_ATTRIBUTES) -> NTSTATUS; + pub fn NtUnloadKey2(TargetKey: POBJECT_ATTRIBUTES, Flags: ULONG) -> NTSTATUS; + pub fn NtUnloadKeyEx(TargetKey: POBJECT_ATTRIBUTES, Event: HANDLE) -> NTSTATUS; + pub fn NtNotifyChangeKey( + KeyHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + Buffer: PVOID, + BufferSize: ULONG, + Asynchronous: BOOLEAN, + ) -> NTSTATUS; + pub fn NtNotifyChangeMultipleKeys( + MasterKeyHandle: HANDLE, + Count: ULONG, + SubordinateObjects: *mut OBJECT_ATTRIBUTES, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + Buffer: PVOID, + BufferSize: ULONG, + Asynchronous: BOOLEAN, + ) -> NTSTATUS; + pub fn NtQueryOpenSubKeys(TargetKey: POBJECT_ATTRIBUTES, HandleCount: PULONG) -> NTSTATUS; + pub fn NtQueryOpenSubKeysEx( + TargetKey: POBJECT_ATTRIBUTES, + BufferLength: ULONG, + Buffer: PVOID, + RequiredSize: PULONG, + ) -> NTSTATUS; + pub fn NtInitializeRegistry(BootCondition: USHORT) -> NTSTATUS; + pub fn NtLockRegistryKey(KeyHandle: HANDLE) -> NTSTATUS; + pub fn NtLockProductActivationKeys(pPrivateVer: *mut ULONG, pSafeMode: *mut ULONG) -> NTSTATUS; + pub fn NtFreezeRegistry(TimeOutInSeconds: ULONG) -> NTSTATUS; + pub fn NtThawRegistry() -> NTSTATUS; + pub fn NtCreateRegistryTransaction( + RegistryTransactionHandle: *mut HANDLE, + DesiredAccess: ACCESS_MASK, + ObjAttributes: POBJECT_ATTRIBUTES, + CreateOptions: ULONG, + ) -> NTSTATUS; + pub fn NtOpenRegistryTransaction( + RegistryTransactionHandle: *mut HANDLE, + DesiredAccess: ACCESS_MASK, + ObjAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtCommitRegistryTransaction(RegistryTransactionHandle: HANDLE, Flags: ULONG) -> NTSTATUS; + pub fn NtRollbackRegistryTransaction( + RegistryTransactionHandle: HANDLE, + Flags: ULONG, + ) -> NTSTATUS; + pub fn InitializeListHead(ListHead: PLIST_ENTRY); + pub fn IsListEmpty(ListHead: PLIST_ENTRY) -> BOOLEAN; + pub fn RemoveEntryList(Entry: PLIST_ENTRY) -> BOOLEAN; + pub fn RemoveHeadList(ListHead: PLIST_ENTRY) -> PLIST_ENTRY; + pub fn RemoveTailList(ListHead: PLIST_ENTRY) -> PLIST_ENTRY; + pub fn InsertTailList(ListHead: PLIST_ENTRY, Entry: PLIST_ENTRY); + pub fn InsertHeadList(ListHead: PLIST_ENTRY, Entry: PLIST_ENTRY); + pub fn AppendTailList(ListHead: PLIST_ENTRY, ListToAppend: PLIST_ENTRY); + pub fn PopEntryList(ListHead: PSINGLE_LIST_ENTRY) -> PSINGLE_LIST_ENTRY; + pub fn PushEntryList(ListHead: PSINGLE_LIST_ENTRY, Entry: PSINGLE_LIST_ENTRY); + pub fn RtlInitializeGenericTableAvl( + Table: PRTL_AVL_TABLE, + CompareRoutine: PRTL_AVL_COMPARE_ROUTINE, + AllocateRoutine: PRTL_AVL_ALLOCATE_ROUTINE, + FreeRoutine: PRTL_AVL_FREE_ROUTINE, + TableContext: PVOID, + ); + pub fn RtlInsertElementGenericTableAvl( + Table: PRTL_AVL_TABLE, + Buffer: PVOID, + BufferSize: CLONG, + NewElement: PBOOLEAN, + ) -> PVOID; + pub fn RtlInsertElementGenericTableFullAvl( + Table: PRTL_AVL_TABLE, + Buffer: PVOID, + BufferSize: CLONG, + NewElement: PBOOLEAN, + NodeOrParent: PVOID, + SearchResult: TABLE_SEARCH_RESULT, + ) -> PVOID; + pub fn RtlDeleteElementGenericTableAvl(Table: PRTL_AVL_TABLE, Buffer: PVOID) -> BOOLEAN; + pub fn RtlLookupElementGenericTableAvl(Table: PRTL_AVL_TABLE, Buffer: PVOID) -> PVOID; + pub fn RtlLookupElementGenericTableFullAvl( + Table: PRTL_AVL_TABLE, + Buffer: PVOID, + NodeOrParent: *mut PVOID, + SearchResult: *mut TABLE_SEARCH_RESULT, + ) -> PVOID; + pub fn RtlEnumerateGenericTableAvl(Table: PRTL_AVL_TABLE, Restart: BOOLEAN) -> PVOID; + pub fn RtlEnumerateGenericTableWithoutSplayingAvl( + Table: PRTL_AVL_TABLE, + RestartKey: *mut PVOID, + ) -> PVOID; + pub fn RtlLookupFirstMatchingElementGenericTableAvl( + Table: PRTL_AVL_TABLE, + Buffer: PVOID, + RestartKey: *mut PVOID, + ) -> PVOID; + pub fn RtlEnumerateGenericTableLikeADirectory( + Table: PRTL_AVL_TABLE, + MatchFunction: PRTL_AVL_MATCH_FUNCTION, + MatchData: PVOID, + NextFlag: ULONG, + RestartKey: *mut PVOID, + DeleteCount: PULONG, + Buffer: PVOID, + ) -> PVOID; + pub fn RtlGetElementGenericTableAvl(Table: PRTL_AVL_TABLE, I: ULONG) -> PVOID; + pub fn RtlNumberGenericTableElementsAvl(Table: PRTL_AVL_TABLE) -> ULONG; + pub fn RtlIsGenericTableEmptyAvl(Table: PRTL_AVL_TABLE) -> BOOLEAN; + pub fn RtlSplay(Links: PRTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS; + pub fn RtlDelete(Links: PRTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS; + pub fn RtlDeleteNoSplay(Links: PRTL_SPLAY_LINKS, Root: *mut PRTL_SPLAY_LINKS); + pub fn RtlSubtreeSuccessor(Links: PRTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS; + pub fn RtlSubtreePredecessor(Links: PRTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS; + pub fn RtlRealSuccessor(Links: PRTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS; + pub fn RtlRealPredecessor(Links: PRTL_SPLAY_LINKS) -> PRTL_SPLAY_LINKS; + pub fn RtlInitializeGenericTable( + Table: PRTL_GENERIC_TABLE, + CompareRoutine: PRTL_GENERIC_COMPARE_ROUTINE, + AllocateRoutine: PRTL_GENERIC_ALLOCATE_ROUTINE, + FreeRoutine: PRTL_GENERIC_FREE_ROUTINE, + TableContext: PVOID, + ); + pub fn RtlInsertElementGenericTable( + Table: PRTL_GENERIC_TABLE, + Buffer: PVOID, + BufferSize: CLONG, + NewElement: PBOOLEAN, + ) -> PVOID; + pub fn RtlInsertElementGenericTableFull( + Table: PRTL_GENERIC_TABLE, + Buffer: PVOID, + BufferSize: CLONG, + NewElement: PBOOLEAN, + NodeOrParent: PVOID, + SearchResult: TABLE_SEARCH_RESULT, + ) -> PVOID; + pub fn RtlDeleteElementGenericTable(Table: PRTL_GENERIC_TABLE, Buffer: PVOID) -> BOOLEAN; + pub fn RtlLookupElementGenericTable(Table: PRTL_GENERIC_TABLE, Buffer: PVOID) -> PVOID; + pub fn RtlLookupElementGenericTableFull( + Table: PRTL_GENERIC_TABLE, + Buffer: PVOID, + NodeOrParent: *mut PVOID, + SearchResult: *mut TABLE_SEARCH_RESULT, + ) -> PVOID; + pub fn RtlEnumerateGenericTable(Table: PRTL_GENERIC_TABLE, Restart: BOOLEAN) -> PVOID; + pub fn RtlEnumerateGenericTableWithoutSplaying( + Table: PRTL_GENERIC_TABLE, + RestartKey: *mut PVOID, + ) -> PVOID; + pub fn RtlGetElementGenericTable(Table: PRTL_GENERIC_TABLE, I: ULONG) -> PVOID; + pub fn RtlNumberGenericTableElements(Table: PRTL_GENERIC_TABLE) -> ULONG; + pub fn RtlIsGenericTableEmpty(Table: PRTL_GENERIC_TABLE) -> BOOLEAN; + pub fn RtlRbInsertNodeEx( + Tree: PRTL_RB_TREE, + Parent: PRTL_BALANCED_NODE, + Right: BOOLEAN, + Node: PRTL_BALANCED_NODE, + ) -> BOOLEAN; + pub fn RtlRbRemoveNode(Tree: PRTL_RB_TREE, Node: PRTL_BALANCED_NODE) -> BOOLEAN; + pub fn RtlInitHashTableContext(Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT); + pub fn RtlInitHashTableContextFromEnumerator( + Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ); + pub fn RtlReleaseHashTableContext(Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT); + pub fn RtlTotalBucketsHashTable(HashTable: PRTL_DYNAMIC_HASH_TABLE) -> ULONG; + pub fn RtlNonEmptyBucketsHashTable(HashTable: PRTL_DYNAMIC_HASH_TABLE) -> ULONG; + pub fn RtlEmptyBucketsHashTable(HashTable: PRTL_DYNAMIC_HASH_TABLE) -> ULONG; + pub fn RtlTotalEntriesHashTable(HashTable: PRTL_DYNAMIC_HASH_TABLE) -> ULONG; + pub fn RtlActiveEnumeratorsHashTable(HashTable: PRTL_DYNAMIC_HASH_TABLE) -> ULONG; + pub fn RtlCreateHashTable( + HashTable: *mut PRTL_DYNAMIC_HASH_TABLE, + Shift: ULONG, + Flags: ULONG, + ) -> BOOLEAN; + pub fn RtlDeleteHashTable(HashTable: PRTL_DYNAMIC_HASH_TABLE) -> LOGICAL; + pub fn RtlInsertEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY, + Signature: ULONG_PTR, + Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, + ) -> BOOLEAN; + pub fn RtlRemoveEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Entry: PRTL_DYNAMIC_HASH_TABLE_ENTRY, + Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, + ) -> BOOLEAN; + pub fn RtlLookupEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Signature: ULONG_PTR, + Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, + ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; + pub fn RtlGetNextEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Context: PRTL_DYNAMIC_HASH_TABLE_CONTEXT, + ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; + pub fn RtlInitEnumerationHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ) -> BOOLEAN; + pub fn RtlEnumerateEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; + pub fn RtlEndEnumerationHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ); + pub fn RtlInitWeakEnumerationHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ) -> BOOLEAN; + pub fn RtlWeaklyEnumerateEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; + pub fn RtlEndWeakEnumerationHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ); + pub fn RtlExpandHashTable(HashTable: PRTL_DYNAMIC_HASH_TABLE) -> BOOLEAN; + pub fn RtlContractHashTable(HashTable: PRTL_DYNAMIC_HASH_TABLE) -> BOOLEAN; + pub fn RtlInitStrongEnumerationHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ) -> BOOLEAN; + pub fn RtlStronglyEnumerateEntryHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ) -> PRTL_DYNAMIC_HASH_TABLE_ENTRY; + pub fn RtlEndStrongEnumerationHashTable( + HashTable: PRTL_DYNAMIC_HASH_TABLE, + Enumerator: PRTL_DYNAMIC_HASH_TABLE_ENUMERATOR, + ); + pub fn RtlInitializeCriticalSection(CriticalSection: PRTL_CRITICAL_SECTION) -> NTSTATUS; + pub fn RtlInitializeCriticalSectionAndSpinCount( + CriticalSection: PRTL_CRITICAL_SECTION, + SpinCount: ULONG, + ) -> NTSTATUS; + pub fn RtlInitializeCriticalSectionEx( + CriticalSection: PRTL_CRITICAL_SECTION, + SpinCount: ULONG, + Flags: ULONG, + ) -> NTSTATUS; + pub fn RtlDeleteCriticalSection(CriticalSection: PRTL_CRITICAL_SECTION) -> NTSTATUS; + pub fn RtlEnterCriticalSection(CriticalSection: PRTL_CRITICAL_SECTION) -> NTSTATUS; + pub fn RtlLeaveCriticalSection(CriticalSection: PRTL_CRITICAL_SECTION) -> NTSTATUS; + pub fn RtlTryEnterCriticalSection(CriticalSection: PRTL_CRITICAL_SECTION) -> LOGICAL; + pub fn RtlIsCriticalSectionLocked(CriticalSection: PRTL_CRITICAL_SECTION) -> LOGICAL; + pub fn RtlIsCriticalSectionLockedByThread(CriticalSection: PRTL_CRITICAL_SECTION) -> LOGICAL; + pub fn RtlGetCriticalSectionRecursionCount(CriticalSection: PRTL_CRITICAL_SECTION) -> ULONG; + pub fn RtlSetCriticalSectionSpinCount( + CriticalSection: PRTL_CRITICAL_SECTION, + SpinCount: ULONG, + ) -> ULONG; + pub fn RtlQueryCriticalSectionOwner(EventHandle: HANDLE) -> HANDLE; + pub fn RtlCheckForOrphanedCriticalSections(ThreadHandle: HANDLE); + pub fn RtlInitializeResource(Resource: PRTL_RESOURCE); + pub fn RtlDeleteResource(Resource: PRTL_RESOURCE); + pub fn RtlAcquireResourceShared(Resource: PRTL_RESOURCE, Wait: BOOLEAN) -> BOOLEAN; + pub fn RtlAcquireResourceExclusive(Resource: PRTL_RESOURCE, Wait: BOOLEAN) -> BOOLEAN; + pub fn RtlReleaseResource(Resource: PRTL_RESOURCE); + pub fn RtlConvertSharedToExclusive(Resource: PRTL_RESOURCE); + pub fn RtlConvertExclusiveToShared(Resource: PRTL_RESOURCE); + pub fn RtlInitializeSRWLock(SRWLock: PRTL_SRWLOCK); + pub fn RtlAcquireSRWLockExclusive(SRWLock: PRTL_SRWLOCK); + pub fn RtlAcquireSRWLockShared(SRWLock: PRTL_SRWLOCK); + pub fn RtlReleaseSRWLockExclusive(SRWLock: PRTL_SRWLOCK); + pub fn RtlReleaseSRWLockShared(SRWLock: PRTL_SRWLOCK); + pub fn RtlTryAcquireSRWLockExclusive(SRWLock: PRTL_SRWLOCK) -> BOOLEAN; + pub fn RtlTryAcquireSRWLockShared(SRWLock: PRTL_SRWLOCK) -> BOOLEAN; + pub fn RtlAcquireReleaseSRWLockExclusive(SRWLock: PRTL_SRWLOCK); + pub fn RtlInitializeConditionVariable(ConditionVariable: PRTL_CONDITION_VARIABLE); + pub fn RtlSleepConditionVariableCS( + ConditionVariable: PRTL_CONDITION_VARIABLE, + CriticalSection: PRTL_CRITICAL_SECTION, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn RtlSleepConditionVariableSRW( + ConditionVariable: PRTL_CONDITION_VARIABLE, + SRWLock: PRTL_SRWLOCK, + Timeout: PLARGE_INTEGER, + Flags: ULONG, + ) -> NTSTATUS; + pub fn RtlWakeConditionVariable(ConditionVariable: PRTL_CONDITION_VARIABLE); + pub fn RtlWakeAllConditionVariable(ConditionVariable: PRTL_CONDITION_VARIABLE); + pub fn RtlInitBarrier(Barrier: PRTL_BARRIER, TotalThreads: ULONG, SpinCount: ULONG) -> NTSTATUS; + pub fn RtlDeleteBarrier(Barrier: PRTL_BARRIER) -> NTSTATUS; + pub fn RtlBarrier(Barrier: PRTL_BARRIER, Flags: ULONG) -> BOOLEAN; + pub fn RtlBarrierForDelete(Barrier: PRTL_BARRIER, Flags: ULONG) -> BOOLEAN; + pub fn RtlWaitOnAddress( + Address: *mut cty::c_void, + CompareAddress: PVOID, + AddressSize: SIZE_T, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn RtlWakeAddressAll(Address: PVOID); + pub fn RtlWakeAddressSingle(Address: PVOID); + pub fn RtlReadHandleNoFence(Address: *const HANDLE) -> HANDLE; + pub fn RtlInitEmptyAnsiString(AnsiString: PANSI_STRING, Buffer: PCHAR, MaximumLength: USHORT); + pub fn RtlInitString(DestinationString: PSTRING, SourceString: PCSTR); + pub fn RtlInitStringEx(DestinationString: PSTRING, SourceString: PCSZ) -> NTSTATUS; + pub fn RtlInitAnsiString(DestinationString: PANSI_STRING, SourceString: PCSTR); + pub fn RtlInitAnsiStringEx(DestinationString: PANSI_STRING, SourceString: PCSZ) -> NTSTATUS; + pub fn RtlFreeAnsiString(AnsiString: PANSI_STRING); + pub fn RtlInitUTF8String(DestinationString: PUTF8_STRING, SourceString: PCSZ); + pub fn RtlInitUTF8StringEx(DestinationString: PUTF8_STRING, SourceString: PCSZ) -> NTSTATUS; + pub fn RtlFreeUTF8String(Utf8String: PUTF8_STRING); + pub fn RtlFreeOemString(OemString: POEM_STRING); + pub fn RtlCopyString(DestinationString: PSTRING, SourceString: PSTRING); + pub fn RtlUpperChar(Character: CHAR) -> CHAR; + pub fn RtlCompareString(String1: PSTRING, String2: PSTRING, CaseInSensitive: BOOLEAN) -> LONG; + pub fn RtlEqualString(String1: PSTRING, String2: PSTRING, CaseInSensitive: BOOLEAN) -> BOOLEAN; + pub fn RtlPrefixString(String1: PSTRING, String2: PSTRING, CaseInSensitive: BOOLEAN) -> BOOLEAN; + pub fn RtlAppendStringToString(Destination: PSTRING, Source: PSTRING) -> NTSTATUS; + pub fn RtlAppendAsciizToString(Destination: PSTRING, Source: PCSTR) -> NTSTATUS; + pub fn RtlUpperString(DestinationString: PSTRING, SourceString: *const STRING); + pub fn RtlIsNullOrEmptyUnicodeString(String: PUNICODE_STRING) -> BOOLEAN; + pub fn RtlInitEmptyUnicodeString( + DestinationString: PUNICODE_STRING, + Buffer: PWCHAR, + MaximumLength: USHORT, + ); + pub fn RtlInitUnicodeString(DestinationString: PUNICODE_STRING, SourceString: PCWSTR); + pub fn RtlInitUnicodeStringEx( + DestinationString: PUNICODE_STRING, + SourceString: PCWSTR, + ) -> NTSTATUS; + pub fn RtlCreateUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: PCWSTR, + ) -> BOOLEAN; + pub fn RtlCreateUnicodeStringFromAsciiz( + DestinationString: PUNICODE_STRING, + SourceString: PCSTR, + ) -> BOOLEAN; + pub fn RtlFreeUnicodeString(UnicodeString: PUNICODE_STRING); + pub fn RtlDuplicateUnicodeString( + Flags: ULONG, + StringIn: PUNICODE_STRING, + StringOut: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn RtlCopyUnicodeString(DestinationString: PUNICODE_STRING, SourceString: PCUNICODE_STRING); + pub fn RtlUpcaseUnicodeChar(SourceCharacter: WCHAR) -> WCHAR; + pub fn RtlDowncaseUnicodeChar(SourceCharacter: WCHAR) -> WCHAR; + pub fn RtlCompareUnicodeString( + String1: PUNICODE_STRING, + String2: PUNICODE_STRING, + CaseInSensitive: BOOLEAN, + ) -> LONG; + pub fn RtlCompareUnicodeStrings( + String1: PCWCH, + String1Length: SIZE_T, + String2: PCWCH, + String2Length: SIZE_T, + CaseInSensitive: BOOLEAN, + ) -> LONG; + pub fn RtlEqualUnicodeString( + String1: PUNICODE_STRING, + String2: PUNICODE_STRING, + CaseInSensitive: BOOLEAN, + ) -> BOOLEAN; + pub fn RtlHashUnicodeString( + String: PUNICODE_STRING, + CaseInSensitive: BOOLEAN, + HashAlgorithm: ULONG, + HashValue: PULONG, + ) -> NTSTATUS; + pub fn RtlValidateUnicodeString(Flags: ULONG, String: PUNICODE_STRING) -> NTSTATUS; + pub fn RtlPrefixUnicodeString( + String1: PUNICODE_STRING, + String2: PUNICODE_STRING, + CaseInSensitive: BOOLEAN, + ) -> BOOLEAN; + pub fn RtlFindUnicodeSubstring( + FullString: PUNICODE_STRING, + SearchString: PUNICODE_STRING, + CaseInSensitive: BOOLEAN, + ) -> PWCHAR; + pub fn RtlFindCharInUnicodeString( + Flags: ULONG, + StringToSearch: PUNICODE_STRING, + CharSet: PUNICODE_STRING, + NonInclusivePrefixLength: PUSHORT, + ) -> NTSTATUS; + pub fn RtlAppendUnicodeStringToString( + Destination: PUNICODE_STRING, + Source: PCUNICODE_STRING, + ) -> NTSTATUS; + pub fn RtlAppendUnicodeToString(Destination: PUNICODE_STRING, Source: PCWSTR) -> NTSTATUS; + pub fn RtlUpcaseUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: PUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlDowncaseUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: PUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlEraseUnicodeString(String: PUNICODE_STRING); + pub fn RtlAnsiStringToUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: PANSI_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlUnicodeStringToAnsiString( + DestinationString: PANSI_STRING, + SourceString: PUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlUnicodeStringToAnsiSize(SourceString: PUNICODE_STRING) -> ULONG; + pub fn RtlUnicodeStringToUTF8String( + DestinationString: PUTF8_STRING, + SourceString: PCUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlUTF8StringToUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: PUTF8_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlAnsiCharToUnicodeChar(SourceCharacter: *mut PUCHAR) -> WCHAR; + pub fn RtlUpcaseUnicodeStringToAnsiString( + DestinationString: PANSI_STRING, + SourceString: PUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlOemStringToUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: POEM_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlUnicodeStringToOemString( + DestinationString: POEM_STRING, + SourceString: PUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlUpcaseUnicodeStringToOemString( + DestinationString: POEM_STRING, + SourceString: PUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlOemStringToCountedUnicodeString( + DestinationString: PUNICODE_STRING, + SourceString: PCOEM_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlUnicodeStringToCountedOemString( + DestinationString: POEM_STRING, + SourceString: PUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlUpcaseUnicodeStringToCountedOemString( + DestinationString: POEM_STRING, + SourceString: PUNICODE_STRING, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlMultiByteToUnicodeN( + UnicodeString: PWCH, + MaxBytesInUnicodeString: ULONG, + BytesInUnicodeString: PULONG, + MultiByteString: PCSTR, + BytesInMultiByteString: ULONG, + ) -> NTSTATUS; + pub fn RtlMultiByteToUnicodeSize( + BytesInUnicodeString: PULONG, + MultiByteString: PCSTR, + BytesInMultiByteString: ULONG, + ) -> NTSTATUS; + pub fn RtlUnicodeToMultiByteN( + MultiByteString: PCHAR, + MaxBytesInMultiByteString: ULONG, + BytesInMultiByteString: PULONG, + UnicodeString: PCWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + pub fn RtlUnicodeToMultiByteSize( + BytesInMultiByteString: PULONG, + UnicodeString: PCWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + pub fn RtlUpcaseUnicodeToMultiByteN( + MultiByteString: PCHAR, + MaxBytesInMultiByteString: ULONG, + BytesInMultiByteString: PULONG, + UnicodeString: PCWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + pub fn RtlOemToUnicodeN( + UnicodeString: PWSTR, + MaxBytesInUnicodeString: ULONG, + BytesInUnicodeString: PULONG, + OemString: PCCH, + BytesInOemString: ULONG, + ) -> NTSTATUS; + pub fn RtlUnicodeToOemN( + OemString: PCHAR, + MaxBytesInOemString: ULONG, + BytesInOemString: PULONG, + UnicodeString: PCWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + pub fn RtlUpcaseUnicodeToOemN( + OemString: PCHAR, + MaxBytesInOemString: ULONG, + BytesInOemString: PULONG, + UnicodeString: PCWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + pub fn RtlConsoleMultiByteToUnicodeN( + UnicodeString: PWCH, + MaxBytesInUnicodeString: ULONG, + BytesInUnicodeString: PULONG, + MultiByteString: PCCH, + BytesInMultiByteString: ULONG, + pdwSpecialChar: PULONG, + ) -> NTSTATUS; + pub fn RtlUTF8ToUnicodeN( + UnicodeStringDestination: PWSTR, + UnicodeStringMaxByteCount: ULONG, + UnicodeStringActualByteCount: PULONG, + UTF8StringSource: PCCH, + UTF8StringByteCount: ULONG, + ) -> NTSTATUS; + pub fn RtlUnicodeToUTF8N( + UTF8StringDestination: PCHAR, + UTF8StringMaxByteCount: ULONG, + UTF8StringActualByteCount: PULONG, + UnicodeStringSource: PCWCH, + UnicodeStringByteCount: ULONG, + ) -> NTSTATUS; + pub fn RtlCustomCPToUnicodeN( + CustomCP: PCPTABLEINFO, + UnicodeString: PWCH, + MaxBytesInUnicodeString: ULONG, + BytesInUnicodeString: PULONG, + CustomCPString: PCH, + BytesInCustomCPString: ULONG, + ) -> NTSTATUS; + pub fn RtlUnicodeToCustomCPN( + CustomCP: PCPTABLEINFO, + CustomCPString: PCH, + MaxBytesInCustomCPString: ULONG, + BytesInCustomCPString: PULONG, + UnicodeString: PWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + pub fn RtlUpcaseUnicodeToCustomCPN( + CustomCP: PCPTABLEINFO, + CustomCPString: PCH, + MaxBytesInCustomCPString: ULONG, + BytesInCustomCPString: PULONG, + UnicodeString: PWCH, + BytesInUnicodeString: ULONG, + ) -> NTSTATUS; + pub fn RtlInitCodePageTable(TableBase: PUSHORT, CodePageTable: PCPTABLEINFO); + pub fn RtlInitNlsTables( + AnsiNlsBase: PUSHORT, + OemNlsBase: PUSHORT, + LanguageNlsBase: PUSHORT, + TableInfo: PNLSTABLEINFO, + ); + pub fn RtlResetRtlTranslations(TableInfo: PNLSTABLEINFO); + pub fn RtlIsTextUnicode(Buffer: PVOID, Size: ULONG, Result: PULONG) -> BOOLEAN; + pub fn RtlNormalizeString( + NormForm: ULONG, + SourceString: PCWSTR, + SourceStringLength: LONG, + DestinationString: PWSTR, + DestinationStringLength: PLONG, + ) -> NTSTATUS; + pub fn RtlIsNormalizedString( + NormForm: ULONG, + SourceString: PCWSTR, + SourceStringLength: LONG, + Normalized: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlIsNameInExpression( + Expression: PUNICODE_STRING, + Name: PUNICODE_STRING, + IgnoreCase: BOOLEAN, + UpcaseTable: PWCH, + ) -> BOOLEAN; + pub fn RtlIsNameInUnUpcasedExpression( + Expression: PUNICODE_STRING, + Name: PUNICODE_STRING, + IgnoreCase: BOOLEAN, + UpcaseTable: PWCH, + ) -> BOOLEAN; + pub fn RtlDoesNameContainWildCards(Expression: PUNICODE_STRING) -> BOOLEAN; + pub fn RtlEqualDomainName(String1: PUNICODE_STRING, String2: PUNICODE_STRING) -> BOOLEAN; + pub fn RtlEqualComputerName(String1: PUNICODE_STRING, String2: PUNICODE_STRING) -> BOOLEAN; + pub fn RtlDnsHostNameToComputerName( + ComputerNameString: PUNICODE_STRING, + DnsHostNameString: PUNICODE_STRING, + AllocateComputerNameString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlStringFromGUID(Guid: PGUID, GuidString: PUNICODE_STRING) -> NTSTATUS; + pub fn RtlStringFromGUIDEx( + Guid: PGUID, + GuidString: PUNICODE_STRING, + AllocateGuidString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlGUIDFromString(GuidString: PUNICODE_STRING, Guid: PGUID) -> NTSTATUS; + pub fn RtlCompareAltitudes(Altitude1: PUNICODE_STRING, Altitude2: PUNICODE_STRING) -> LONG; + pub fn RtlIdnToAscii( + Flags: ULONG, + SourceString: PCWSTR, + SourceStringLength: LONG, + DestinationString: PWSTR, + DestinationStringLength: PLONG, + ) -> NTSTATUS; + pub fn RtlIdnToUnicode( + Flags: ULONG, + SourceString: PCWSTR, + SourceStringLength: LONG, + DestinationString: PWSTR, + DestinationStringLength: PLONG, + ) -> NTSTATUS; + pub fn RtlIdnToNameprepUnicode( + Flags: ULONG, + SourceString: PCWSTR, + SourceStringLength: LONG, + DestinationString: PWSTR, + DestinationStringLength: PLONG, + ) -> NTSTATUS; + pub fn PfxInitialize(PrefixTable: PPREFIX_TABLE); + pub fn PfxInsertPrefix( + PrefixTable: PPREFIX_TABLE, + Prefix: PSTRING, + PrefixTableEntry: PPREFIX_TABLE_ENTRY, + ) -> BOOLEAN; + pub fn PfxRemovePrefix(PrefixTable: PPREFIX_TABLE, PrefixTableEntry: PPREFIX_TABLE_ENTRY); + pub fn PfxFindPrefix(PrefixTable: PPREFIX_TABLE, FullName: PSTRING) -> PPREFIX_TABLE_ENTRY; + pub fn RtlInitializeUnicodePrefix(PrefixTable: PUNICODE_PREFIX_TABLE); + pub fn RtlInsertUnicodePrefix( + PrefixTable: PUNICODE_PREFIX_TABLE, + Prefix: PUNICODE_STRING, + PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY, + ) -> BOOLEAN; + pub fn RtlRemoveUnicodePrefix( + PrefixTable: PUNICODE_PREFIX_TABLE, + PrefixTableEntry: PUNICODE_PREFIX_TABLE_ENTRY, + ); + pub fn RtlFindUnicodePrefix( + PrefixTable: PUNICODE_PREFIX_TABLE, + FullName: PUNICODE_STRING, + CaseInsensitiveIndex: ULONG, + ) -> PUNICODE_PREFIX_TABLE_ENTRY; + pub fn RtlNextUnicodePrefix( + PrefixTable: PUNICODE_PREFIX_TABLE, + Restart: BOOLEAN, + ) -> PUNICODE_PREFIX_TABLE_ENTRY; + pub fn RtlGetCompressionWorkSpaceSize( + CompressionFormatAndEngine: USHORT, + CompressBufferWorkSpaceSize: PULONG, + CompressFragmentWorkSpaceSize: PULONG, + ) -> NTSTATUS; + pub fn RtlCompressBuffer( + CompressionFormatAndEngine: USHORT, + UncompressedBuffer: PUCHAR, + UncompressedBufferSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + UncompressedChunkSize: ULONG, + FinalCompressedSize: PULONG, + WorkSpace: PVOID, + ) -> NTSTATUS; + pub fn RtlDecompressBuffer( + CompressionFormat: USHORT, + UncompressedBuffer: PUCHAR, + UncompressedBufferSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + FinalUncompressedSize: PULONG, + ) -> NTSTATUS; + pub fn RtlDecompressBufferEx( + CompressionFormat: USHORT, + UncompressedBuffer: PUCHAR, + UncompressedBufferSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + FinalUncompressedSize: PULONG, + WorkSpace: PVOID, + ) -> NTSTATUS; + pub fn RtlDecompressBufferEx2( + CompressionFormat: USHORT, + UncompressedBuffer: PUCHAR, + UncompressedBufferSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + UncompressedChunkSize: ULONG, + FinalUncompressedSize: PULONG, + WorkSpace: PVOID, + ) -> NTSTATUS; + pub fn RtlDecompressFragment( + CompressionFormat: USHORT, + UncompressedFragment: PUCHAR, + UncompressedFragmentSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + FragmentOffset: ULONG, + FinalUncompressedSize: PULONG, + WorkSpace: PVOID, + ) -> NTSTATUS; + pub fn RtlDecompressFragmentEx( + CompressionFormat: USHORT, + UncompressedFragment: PUCHAR, + UncompressedFragmentSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + FragmentOffset: ULONG, + UncompressedChunkSize: ULONG, + FinalUncompressedSize: PULONG, + WorkSpace: PVOID, + ) -> NTSTATUS; + pub fn RtlDescribeChunk( + CompressionFormat: USHORT, + CompressedBuffer: *mut PUCHAR, + EndOfCompressedBufferPlus1: PUCHAR, + ChunkBuffer: *mut PUCHAR, + ChunkSize: PULONG, + ) -> NTSTATUS; + pub fn RtlReserveChunk( + CompressionFormat: USHORT, + CompressedBuffer: *mut PUCHAR, + EndOfCompressedBufferPlus1: PUCHAR, + ChunkBuffer: *mut PUCHAR, + ChunkSize: ULONG, + ) -> NTSTATUS; + pub fn RtlDecompressChunks( + UncompressedBuffer: PUCHAR, + UncompressedBufferSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + CompressedTail: PUCHAR, + CompressedTailSize: ULONG, + CompressedDataInfo: PCOMPRESSED_DATA_INFO, + ) -> NTSTATUS; + pub fn RtlCompressChunks( + UncompressedBuffer: PUCHAR, + UncompressedBufferSize: ULONG, + CompressedBuffer: PUCHAR, + CompressedBufferSize: ULONG, + CompressedDataInfo: PCOMPRESSED_DATA_INFO, + CompressedDataInfoLength: ULONG, + WorkSpace: PVOID, + ) -> NTSTATUS; + pub fn RtlConvertLCIDToString( + LcidValue: LCID, + Base: ULONG, + Padding: ULONG, + pResultBuf: PWSTR, + Size: ULONG, + ) -> NTSTATUS; + pub fn RtlIsValidLocaleName(LocaleName: PCWSTR, Flags: ULONG) -> BOOLEAN; + pub fn RtlGetParentLocaleName( + LocaleName: PCWSTR, + ParentLocaleName: PUNICODE_STRING, + Flags: ULONG, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlLcidToLocaleName( + lcid: LCID, + LocaleName: PUNICODE_STRING, + Flags: ULONG, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlLocaleNameToLcid(LocaleName: PCWSTR, lcid: PLCID, Flags: ULONG) -> NTSTATUS; + pub fn RtlLCIDToCultureName(Lcid: LCID, String: PUNICODE_STRING) -> BOOLEAN; + pub fn RtlCultureNameToLCID(String: PUNICODE_STRING, Lcid: PLCID) -> BOOLEAN; + pub fn RtlCleanUpTEBLangLists(); + pub fn RtlGetThreadPreferredUILanguages( + Flags: ULONG, + NumberOfLanguages: PULONG, + Languages: PZZWSTR, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn RtlGetProcessPreferredUILanguages( + Flags: ULONG, + NumberOfLanguages: PULONG, + Languages: PZZWSTR, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn RtlGetSystemPreferredUILanguages( + Flags: ULONG, + LocaleName: PCWSTR, + NumberOfLanguages: PULONG, + Languages: PZZWSTR, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn RtlpGetSystemDefaultUILanguage(DefaultUILanguageId: LANGID, Lcid: PLCID) -> NTSTATUS; + pub fn RtlGetUserPreferredUILanguages( + Flags: ULONG, + LocaleName: PCWSTR, + NumberOfLanguages: PULONG, + Languages: PZZWSTR, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn RtlGetUILanguageInfo( + Flags: ULONG, + Languages: PCZZWSTR, + FallbackLanguages: PZZWSTR, + NumberOfFallbackLanguages: PULONG, + Attributes: PULONG, + ) -> NTSTATUS; + pub fn RtlGetLocaleFileMappingAddress( + BaseAddress: *mut PVOID, + DefaultLocaleId: PLCID, + DefaultCasingTableSize: PLARGE_INTEGER, + CurrentNLSVersion: PULONG, + ) -> NTSTATUS; + pub fn RtlGetCurrentPeb() -> PPEB; + pub fn RtlAcquirePebLock() -> NTSTATUS; + pub fn RtlReleasePebLock() -> NTSTATUS; + pub fn RtlTryAcquirePebLock() -> LOGICAL; + pub fn RtlCreateProcessParameters( + pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS, + ImagePathName: PUNICODE_STRING, + DllPath: PUNICODE_STRING, + CurrentDirectory: PUNICODE_STRING, + CommandLine: PUNICODE_STRING, + Environment: PVOID, + WindowTitle: PUNICODE_STRING, + DesktopInfo: PUNICODE_STRING, + ShellInfo: PUNICODE_STRING, + RuntimeData: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn RtlCreateProcessParametersEx( + pProcessParameters: *mut PRTL_USER_PROCESS_PARAMETERS, + ImagePathName: PUNICODE_STRING, + DllPath: PUNICODE_STRING, + CurrentDirectory: PUNICODE_STRING, + CommandLine: PUNICODE_STRING, + Environment: PVOID, + WindowTitle: PUNICODE_STRING, + DesktopInfo: PUNICODE_STRING, + ShellInfo: PUNICODE_STRING, + RuntimeData: PUNICODE_STRING, + Flags: ULONG, + ) -> NTSTATUS; + pub fn RtlDestroyProcessParameters(ProcessParameters: PRTL_USER_PROCESS_PARAMETERS) -> NTSTATUS; + pub fn RtlNormalizeProcessParams( + ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, + ) -> PRTL_USER_PROCESS_PARAMETERS; + pub fn RtlDeNormalizeProcessParams( + ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, + ) -> PRTL_USER_PROCESS_PARAMETERS; + pub fn RtlCreateUserProcess( + NtImagePathName: PUNICODE_STRING, + AttributesDeprecated: ULONG, + ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, + ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR, + ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, + ParentProcess: HANDLE, + InheritHandles: BOOLEAN, + DebugPort: HANDLE, + TokenHandle: HANDLE, + ProcessInformation: PRTL_USER_PROCESS_INFORMATION, + ) -> NTSTATUS; + pub fn RtlCreateUserProcessEx( + NtImagePathName: PUNICODE_STRING, + ProcessParameters: PRTL_USER_PROCESS_PARAMETERS, + InheritHandles: BOOLEAN, + ProcessExtendedParameters: PRTL_USER_PROCESS_EXTENDED_PARAMETERS, + ProcessInformation: PRTL_USER_PROCESS_INFORMATION, + ) -> NTSTATUS; + pub fn RtlExitUserProcess(ExitStatus: NTSTATUS) -> !; + pub fn RtlCloneUserProcess( + ProcessFlags: ULONG, + ProcessSecurityDescriptor: PSECURITY_DESCRIPTOR, + ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, + DebugPort: HANDLE, + ProcessInformation: PRTL_USER_PROCESS_INFORMATION, + ) -> NTSTATUS; + pub fn RtlUpdateClonedCriticalSection(CriticalSection: PRTL_CRITICAL_SECTION); + pub fn RtlUpdateClonedSRWLock(SRWLock: PRTL_SRWLOCK, Shared: LOGICAL); + pub fn RtlCreateProcessReflection( + ProcessHandle: HANDLE, + Flags: ULONG, + StartRoutine: PVOID, + StartContext: PVOID, + EventHandle: HANDLE, + ReflectionInformation: PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION, + ) -> NTSTATUS; + pub fn RtlSetProcessIsCritical( + NewValue: BOOLEAN, + OldValue: PBOOLEAN, + CheckFlag: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlSetThreadIsCritical( + NewValue: BOOLEAN, + OldValue: PBOOLEAN, + CheckFlag: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlSetThreadSubProcessTag(SubProcessTag: PVOID) -> PVOID; + pub fn RtlValidProcessProtection(ProcessProtection: PS_PROTECTION) -> BOOLEAN; + pub fn RtlTestProtectedAccess(Source: PS_PROTECTION, Target: PS_PROTECTION) -> BOOLEAN; + pub fn RtlIsCurrentProcess(ProcessHandle: HANDLE) -> BOOLEAN; + pub fn RtlIsCurrentThread(ThreadHandle: HANDLE) -> BOOLEAN; + pub fn RtlCreateUserThread( + ProcessHandle: HANDLE, + ThreadSecurityDescriptor: PSECURITY_DESCRIPTOR, + CreateSuspended: BOOLEAN, + ZeroBits: ULONG, + MaximumStackSize: SIZE_T, + CommittedStackSize: SIZE_T, + StartAddress: PUSER_THREAD_START_ROUTINE, + Parameter: PVOID, + ThreadHandle: PHANDLE, + ClientId: PCLIENT_ID, + ) -> NTSTATUS; + pub fn RtlExitUserThread(ExitStatus: NTSTATUS) -> !; + pub fn RtlIsCurrentThreadAttachExempt() -> BOOLEAN; + pub fn RtlCreateUserStack( + CommittedStackSize: SIZE_T, + MaximumStackSize: SIZE_T, + ZeroBits: ULONG_PTR, + PageSize: SIZE_T, + ReserveAlignment: ULONG_PTR, + InitialTeb: PINITIAL_TEB, + ) -> NTSTATUS; + pub fn RtlFreeUserStack(AllocationBase: PVOID) -> NTSTATUS; + pub fn RtlInitializeContext( + Reserved: HANDLE, + Context: PCONTEXT, + Parameter: PVOID, + InitialPc: PVOID, + InitialSp: PVOID, + ) -> ULONG64; + pub fn RtlInitializeExtendedContext( + Context: PCONTEXT, + ContextFlags: ULONG, + ContextEx: *mut PCONTEXT_EX, + ) -> NTSTATUS; + pub fn RtlInitializeExtendedContext2( + Context: PCONTEXT, + ContextFlags: ULONG, + ContextEx: *mut PCONTEXT_EX, + EnabledExtendedFeatures: ULONG64, + ) -> NTSTATUS; + pub fn RtlCopyContext(Context: PCONTEXT, ContextFlags: ULONG, Source: PCONTEXT) -> NTSTATUS; + pub fn RtlCopyExtendedContext( + Destination: PCONTEXT_EX, + ContextFlags: ULONG, + Source: PCONTEXT_EX, + ) -> NTSTATUS; + pub fn RtlGetExtendedContextLength(ContextFlags: ULONG, ContextLength: PULONG) -> NTSTATUS; + pub fn RtlGetExtendedContextLength2( + ContextFlags: ULONG, + ContextLength: PULONG, + EnabledExtendedFeatures: ULONG64, + ) -> NTSTATUS; + pub fn RtlGetExtendedFeaturesMask(ContextEx: PCONTEXT_EX) -> ULONG64; + pub fn RtlLocateExtendedFeature( + ContextEx: PCONTEXT_EX, + FeatureId: ULONG, + Length: PULONG, + ) -> PVOID; + pub fn RtlLocateLegacyContext(ContextEx: PCONTEXT_EX, Length: PULONG) -> PCONTEXT; + pub fn RtlSetExtendedFeaturesMask(ContextEx: PCONTEXT_EX, FeatureMask: ULONG64); + pub fn RtlWow64GetThreadContext(ThreadHandle: HANDLE, ThreadContext: PWOW64_CONTEXT) + -> NTSTATUS; + pub fn RtlWow64SetThreadContext(ThreadHandle: HANDLE, ThreadContext: PWOW64_CONTEXT) + -> NTSTATUS; + pub fn RtlRemoteCall( + ProcessHandle: HANDLE, + ThreadHandle: HANDLE, + CallSite: PVOID, + ArgumentCount: ULONG, + Arguments: PULONG_PTR, + PassContext: BOOLEAN, + AlreadySuspended: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlAddVectoredExceptionHandler( + First: ULONG, + Handler: PVECTORED_EXCEPTION_HANDLER, + ) -> PVOID; + pub fn RtlRemoveVectoredExceptionHandler(Handle: PVOID) -> ULONG; + pub fn RtlAddVectoredContinueHandler( + First: ULONG, + Handler: PVECTORED_EXCEPTION_HANDLER, + ) -> PVOID; + pub fn RtlRemoveVectoredContinueHandler(Handle: PVOID) -> ULONG; + pub fn RtlSetUnhandledExceptionFilter( + UnhandledExceptionFilter: PRTLP_UNHANDLED_EXCEPTION_FILTER, + ); + pub fn RtlUnhandledExceptionFilter(ExceptionPointers: PEXCEPTION_POINTERS) -> LONG; + pub fn RtlUnhandledExceptionFilter2( + ExceptionPointers: PEXCEPTION_POINTERS, + Flags: ULONG, + ) -> LONG; + pub fn RtlKnownExceptionFilter(ExceptionPointers: PEXCEPTION_POINTERS) -> LONG; + pub fn RtlGetFunctionTableListHead() -> PLIST_ENTRY; + pub fn RtlGetActiveActivationContext(ActivationContext: PACTIVATION_CONTEXT) -> NTSTATUS; + pub fn RtlAddRefActivationContext(ActivationContext: PACTIVATION_CONTEXT); + pub fn RtlReleaseActivationContext(ActivationContext: PACTIVATION_CONTEXT); + pub fn RtlZombifyActivationContext(ActivationContext: PACTIVATION_CONTEXT) -> NTSTATUS; + pub fn RtlIsActivationContextActive(ActivationContext: PACTIVATION_CONTEXT) -> BOOLEAN; + pub fn RtlActivateActivationContext( + Flags: ULONG, + ActivationContext: PACTIVATION_CONTEXT, + Cookie: PULONG_PTR, + ) -> NTSTATUS; + pub fn RtlActivateActivationContextEx( + Flags: ULONG, + Teb: PTEB, + ActivationContext: PACTIVATION_CONTEXT, + Cookie: PULONG_PTR, + ) -> NTSTATUS; + pub fn RtlDeactivateActivationContext(Flags: ULONG, Cookie: ULONG_PTR); + pub fn RtlCreateActivationContext( + Flags: ULONG, + ActivationContextData: PACTIVATION_CONTEXT_DATA, + ExtraBytes: ULONG, + NotificationRoutine: PACTIVATION_CONTEXT_NOTIFY_ROUTINE, + NotificationContext: PVOID, + ActivationContext: *mut PACTIVATION_CONTEXT, + ) -> NTSTATUS; + pub fn RtlFindActivationContextSectionString( + Flags: ULONG, + ExtensionGuid: PGUID, + SectionId: ULONG, + StringToFind: PUNICODE_STRING, + ReturnedData: PACTCTX_SECTION_KEYED_DATA, + ) -> NTSTATUS; + pub fn RtlFindActivationContextSectionGuid( + Flags: ULONG, + ExtensionGuid: PGUID, + SectionId: ULONG, + GuidToFind: PGUID, + ReturnedData: PACTCTX_SECTION_KEYED_DATA, + ) -> NTSTATUS; + pub fn RtlQueryActivationContextApplicationSettings( + Flags: ULONG, + ActivationContext: PACTIVATION_CONTEXT, + SettingsNameSpace: PWSTR, + SettingName: PWSTR, + Buffer: PWSTR, + BufferLength: SIZE_T, + RequiredLength: PSIZE_T, + ) -> NTSTATUS; + pub fn RtlQueryInformationActivationContext( + Flags: ULONG, + ActivationContext: PACTIVATION_CONTEXT, + SubInstanceIndex: PACTIVATION_CONTEXT_QUERY_INDEX, + ActivationContextInformationClass: ACTIVATION_CONTEXT_INFO_CLASS, + ActivationContextInformation: PVOID, + ActivationContextInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + pub fn RtlQueryInformationActiveActivationContext( + ActivationContextInformationClass: ACTIVATION_CONTEXT_INFO_CLASS, + ActivationContextInformation: PVOID, + ActivationContextInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + pub fn RtlImageNtHeader(BaseOfImage: PVOID) -> PIMAGE_NT_HEADERS; + pub fn RtlImageNtHeaderEx( + Flags: ULONG, + BaseOfImage: PVOID, + Size: ULONG64, + OutHeaders: *mut PIMAGE_NT_HEADERS, + ) -> NTSTATUS; + pub fn RtlAddressInSectionTable( + NtHeaders: PIMAGE_NT_HEADERS, + BaseOfImage: PVOID, + VirtualAddress: ULONG, + ) -> PVOID; + pub fn RtlSectionTableFromVirtualAddress( + NtHeaders: PIMAGE_NT_HEADERS, + BaseOfImage: PVOID, + VirtualAddress: ULONG, + ) -> PIMAGE_SECTION_HEADER; + pub fn RtlImageDirectoryEntryToData( + BaseOfImage: PVOID, + MappedAsImage: BOOLEAN, + DirectoryEntry: USHORT, + Size: PULONG, + ) -> PVOID; + pub fn RtlImageRvaToSection( + NtHeaders: PIMAGE_NT_HEADERS, + BaseOfImage: PVOID, + Rva: ULONG, + ) -> PIMAGE_SECTION_HEADER; + pub fn RtlImageRvaToVa( + NtHeaders: PIMAGE_NT_HEADERS, + BaseOfImage: PVOID, + Rva: ULONG, + LastRvaSection: *mut PIMAGE_SECTION_HEADER, + ) -> PVOID; + pub fn RtlFindExportedRoutineByName(BaseOfImage: PVOID, RoutineName: PCSTR) -> PVOID; + pub fn RtlGuardCheckLongJumpTarget( + PcValue: PVOID, + IsFastFail: BOOL, + IsLongJumpTarget: PBOOL, + ) -> NTSTATUS; + pub fn RtlCompareMemoryUlong(Source: PVOID, Length: SIZE_T, Pattern: ULONG) -> SIZE_T; + pub fn RtlFillMemoryUlong(Destination: PVOID, Length: SIZE_T, Pattern: ULONG); + pub fn RtlIsZeroMemory(Buffer: PVOID, Length: SIZE_T) -> BOOLEAN; + pub fn RtlCreateEnvironment( + CloneCurrentEnvironment: BOOLEAN, + Environment: *mut PVOID, + ) -> NTSTATUS; + pub fn RtlCreateEnvironmentEx( + SourceEnvironment: PVOID, + Environment: *mut PVOID, + Flags: ULONG, + ) -> NTSTATUS; + pub fn RtlDestroyEnvironment(Environment: PVOID) -> NTSTATUS; + pub fn RtlSetCurrentEnvironment(Environment: PVOID, PreviousEnvironment: *mut PVOID) + -> NTSTATUS; + pub fn RtlSetEnvironmentVar( + Environment: *mut PVOID, + Name: PCWSTR, + NameLength: SIZE_T, + Value: PCWSTR, + ValueLength: SIZE_T, + ) -> NTSTATUS; + pub fn RtlSetEnvironmentVariable( + Environment: *mut PVOID, + Name: PUNICODE_STRING, + Value: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn RtlQueryEnvironmentVariable( + Environment: PVOID, + Name: PCWSTR, + NameLength: SIZE_T, + Value: PWSTR, + ValueLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + pub fn RtlQueryEnvironmentVariable_U( + Environment: PVOID, + Name: PUNICODE_STRING, + Value: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn RtlExpandEnvironmentStrings( + Environment: PVOID, + Source: PCWSTR, + SourceLength: SIZE_T, + Destination: PWSTR, + DestinationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + pub fn RtlExpandEnvironmentStrings_U( + Environment: PVOID, + Source: PUNICODE_STRING, + Destination: PUNICODE_STRING, + ReturnedLength: PULONG, + ) -> NTSTATUS; + pub fn RtlSetEnvironmentStrings(NewEnvironment: PCWCHAR, NewEnvironmentSize: SIZE_T) + -> NTSTATUS; + pub static mut RtlDosPathSeperatorsString: UNICODE_STRING; + pub static mut RtlAlternateDosPathSeperatorString: UNICODE_STRING; + pub static mut RtlNtPathSeperatorString: UNICODE_STRING; + pub fn RtlDetermineDosPathNameType_U(DosFileName: PCWSTR) -> RTL_PATH_TYPE; + pub fn RtlIsDosDeviceName_U(DosFileName: PCWSTR) -> ULONG; + pub fn RtlGetFullPathName_U( + FileName: PCWSTR, + BufferLength: ULONG, + Buffer: PWSTR, + FilePart: *mut PWSTR, + ) -> ULONG; + pub fn RtlGetFullPathName_UEx( + FileName: PCWSTR, + BufferLength: ULONG, + Buffer: PWSTR, + FilePart: *mut PWSTR, + BytesRequired: *mut ULONG, + ) -> NTSTATUS; + pub fn RtlGetFullPathName_UstrEx( + FileName: PUNICODE_STRING, + StaticString: PUNICODE_STRING, + DynamicString: PUNICODE_STRING, + StringUsed: *mut PUNICODE_STRING, + FilePartPrefixCch: *mut SIZE_T, + NameInvalid: PBOOLEAN, + InputPathType: *mut RTL_PATH_TYPE, + BytesRequired: *mut SIZE_T, + ) -> NTSTATUS; + pub fn RtlGetCurrentDirectory_U(BufferLength: ULONG, Buffer: PWSTR) -> ULONG; + pub fn RtlSetCurrentDirectory_U(PathName: PUNICODE_STRING) -> NTSTATUS; + pub fn RtlGetLongestNtPathLength() -> ULONG; + pub fn RtlNtPathNameToDosPathName( + Flags: ULONG, + Path: PRTL_UNICODE_STRING_BUFFER, + Disposition: PULONG, + FilePart: *mut PWSTR, + ) -> NTSTATUS; + pub fn RtlDosPathNameToNtPathName_U( + DosFileName: PCWSTR, + NtFileName: PUNICODE_STRING, + FilePart: *mut PWSTR, + RelativeName: PRTL_RELATIVE_NAME_U, + ) -> BOOLEAN; + pub fn RtlDosPathNameToNtPathName_U_WithStatus( + DosFileName: PCWSTR, + NtFileName: PUNICODE_STRING, + FilePart: *mut PWSTR, + RelativeName: PRTL_RELATIVE_NAME_U, + ) -> NTSTATUS; + pub fn RtlDosLongPathNameToNtPathName_U_WithStatus( + DosFileName: PCWSTR, + NtFileName: PUNICODE_STRING, + FilePart: *mut PWSTR, + RelativeName: PRTL_RELATIVE_NAME_U, + ) -> NTSTATUS; + pub fn RtlDosPathNameToRelativeNtPathName_U( + DosFileName: PCWSTR, + NtFileName: PUNICODE_STRING, + FilePart: *mut PWSTR, + RelativeName: PRTL_RELATIVE_NAME_U, + ) -> BOOLEAN; + pub fn RtlDosPathNameToRelativeNtPathName_U_WithStatus( + DosFileName: PCWSTR, + NtFileName: PUNICODE_STRING, + FilePart: *mut PWSTR, + RelativeName: PRTL_RELATIVE_NAME_U, + ) -> NTSTATUS; + pub fn RtlDosLongPathNameToRelativeNtPathName_U_WithStatus( + DosFileName: PCWSTR, + NtFileName: PUNICODE_STRING, + FilePart: *mut PWSTR, + RelativeName: PRTL_RELATIVE_NAME_U, + ) -> NTSTATUS; + pub fn RtlReleaseRelativeName(RelativeName: PRTL_RELATIVE_NAME_U); + pub fn RtlDosSearchPath_U( + Path: PCWSTR, + FileName: PCWSTR, + Extension: PCWSTR, + BufferLength: ULONG, + Buffer: PWSTR, + FilePart: *mut PWSTR, + ) -> ULONG; + pub fn RtlDosSearchPath_Ustr( + Flags: ULONG, + Path: PUNICODE_STRING, + FileName: PUNICODE_STRING, + DefaultExtension: PUNICODE_STRING, + StaticString: PUNICODE_STRING, + DynamicString: PUNICODE_STRING, + FullFileNameOut: *mut PCUNICODE_STRING, + FilePartPrefixCch: *mut SIZE_T, + BytesRequired: *mut SIZE_T, + ) -> NTSTATUS; + pub fn RtlDoesFileExists_U(FileName: PCWSTR) -> BOOLEAN; + pub fn RtlDosApplyFileIsolationRedirection_Ustr( + Flags: ULONG, + OriginalName: PUNICODE_STRING, + Extension: PUNICODE_STRING, + StaticString: PUNICODE_STRING, + DynamicString: PUNICODE_STRING, + NewName: *mut PUNICODE_STRING, + NewFlags: PULONG, + FileNameSize: PSIZE_T, + RequiredLength: PSIZE_T, + ) -> NTSTATUS; + pub fn RtlGetLengthWithoutLastFullDosOrNtPathElement( + Flags: ULONG, + PathString: PUNICODE_STRING, + Length: PULONG, + ) -> NTSTATUS; + pub fn RtlGetLengthWithoutTrailingPathSeperators( + Flags: ULONG, + PathString: PUNICODE_STRING, + Length: PULONG, + ) -> NTSTATUS; + pub fn RtlGenerate8dot3Name( + Name: PUNICODE_STRING, + AllowExtendedCharacters: BOOLEAN, + Context: PGENERATE_NAME_CONTEXT, + Name8dot3: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn RtlComputePrivatizedDllName_U( + DllName: PUNICODE_STRING, + RealName: PUNICODE_STRING, + LocalName: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn RtlGetSearchPath(SearchPathA: *mut PWSTR) -> NTSTATUS; + pub fn RtlSetSearchPathMode(Flags: ULONG) -> NTSTATUS; + pub fn RtlGetExePath(DosPathName: PCWSTR, SearchPathA: *mut PWSTR) -> NTSTATUS; + pub fn RtlReleasePath(Path: PWSTR); + pub fn RtlReplaceSystemDirectoryInPath( + Destination: PUNICODE_STRING, + Machine: USHORT, + TargetMachine: USHORT, + IncludePathSeperator: BOOLEAN, + ) -> ULONG; + pub fn RtlWow64GetProcessMachines( + ProcessHandle: HANDLE, + ProcessMachine: PUSHORT, + NativeMachine: PUSHORT, + ) -> NTSTATUS; + pub fn RtlGetImageFileMachines(FileName: PCWSTR, FileMachines: PUSHORT) -> NTSTATUS; + pub fn RtlGetNtSystemRoot() -> PWSTR; + pub fn RtlAreLongPathsEnabled() -> BOOLEAN; + pub fn RtlIsThreadWithinLoaderCallout() -> BOOLEAN; + pub fn RtlDllShutdownInProgress() -> BOOLEAN; + pub fn RtlCreateHeap( + Flags: ULONG, + HeapBase: PVOID, + ReserveSize: SIZE_T, + CommitSize: SIZE_T, + Lock: PVOID, + Parameters: PVOID, + ) -> PVOID; + pub fn RtlDestroyHeap(HeapHandle: PVOID) -> PVOID; + pub fn RtlAllocateHeap(HeapHandle: PVOID, Flags: ULONG, Size: SIZE_T) -> PVOID; + pub fn RtlFreeHeap(HeapHandle: PVOID, Flags: ULONG, BaseAddress: PVOID) -> LOGICAL; + pub fn RtlSizeHeap(HeapHandle: PVOID, Flags: ULONG, BaseAddress: PVOID) -> SIZE_T; + pub fn RtlZeroHeap(HeapHandle: PVOID, Flags: ULONG) -> NTSTATUS; + pub fn RtlProtectHeap(HeapHandle: PVOID, MakeReadOnly: BOOLEAN); + pub fn RtlLockHeap(HeapHandle: PVOID) -> BOOLEAN; + pub fn RtlUnlockHeap(HeapHandle: PVOID) -> BOOLEAN; + pub fn RtlReAllocateHeap( + HeapHandle: PVOID, + Flags: ULONG, + BaseAddress: PVOID, + Size: SIZE_T, + ) -> PVOID; + pub fn RtlGetUserInfoHeap( + HeapHandle: PVOID, + Flags: ULONG, + BaseAddress: PVOID, + UserValue: *mut PVOID, + UserFlags: PULONG, + ) -> BOOLEAN; + pub fn RtlSetUserValueHeap( + HeapHandle: PVOID, + Flags: ULONG, + BaseAddress: PVOID, + UserValue: PVOID, + ) -> BOOLEAN; + pub fn RtlSetUserFlagsHeap( + HeapHandle: PVOID, + Flags: ULONG, + BaseAddress: PVOID, + UserFlagsReset: ULONG, + UserFlagsSet: ULONG, + ) -> BOOLEAN; + pub fn RtlCreateTagHeap( + HeapHandle: PVOID, + Flags: ULONG, + TagPrefix: PWSTR, + TagNames: PWSTR, + ) -> ULONG; + pub fn RtlQueryTagHeap( + HeapHandle: PVOID, + Flags: ULONG, + TagIndex: USHORT, + ResetCounters: BOOLEAN, + TagInfo: PRTL_HEAP_TAG_INFO, + ) -> PWSTR; + pub fn RtlExtendHeap(HeapHandle: PVOID, Flags: ULONG, Base: PVOID, Size: SIZE_T) -> NTSTATUS; + pub fn RtlCompactHeap(HeapHandle: PVOID, Flags: ULONG) -> SIZE_T; + pub fn RtlValidateHeap(HeapHandle: PVOID, Flags: ULONG, BaseAddress: PVOID) -> BOOLEAN; + pub fn RtlValidateProcessHeaps() -> BOOLEAN; + pub fn RtlGetProcessHeaps(NumberOfHeaps: ULONG, ProcessHeaps: *mut PVOID) -> ULONG; + pub fn RtlEnumProcessHeaps(EnumRoutine: PRTL_ENUM_HEAPS_ROUTINE, Parameter: PVOID) -> NTSTATUS; + pub fn RtlUsageHeap(HeapHandle: PVOID, Flags: ULONG, Usage: PRTL_HEAP_USAGE) -> NTSTATUS; + pub fn RtlWalkHeap(HeapHandle: PVOID, Entry: PRTL_HEAP_WALK_ENTRY) -> NTSTATUS; + pub fn RtlQueryHeapInformation( + HeapHandle: PVOID, + HeapInformationClass: HEAP_INFORMATION_CLASS, + HeapInformation: PVOID, + HeapInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + pub fn RtlSetHeapInformation( + HeapHandle: PVOID, + HeapInformationClass: HEAP_INFORMATION_CLASS, + HeapInformation: PVOID, + HeapInformationLength: SIZE_T, + ) -> NTSTATUS; + pub fn RtlMultipleAllocateHeap( + HeapHandle: PVOID, + Flags: ULONG, + Size: SIZE_T, + Count: ULONG, + Array: *mut PVOID, + ) -> ULONG; + pub fn RtlMultipleFreeHeap( + HeapHandle: PVOID, + Flags: ULONG, + Count: ULONG, + Array: *mut PVOID, + ) -> ULONG; + pub fn RtlDetectHeapLeaks(); + pub fn RtlFlushHeaps(); + pub fn RtlCreateMemoryZone( + MemoryZone: *mut PVOID, + InitialSize: SIZE_T, + Flags: ULONG, + ) -> NTSTATUS; + pub fn RtlDestroyMemoryZone(MemoryZone: PVOID) -> NTSTATUS; + pub fn RtlAllocateMemoryZone( + MemoryZone: PVOID, + BlockSize: SIZE_T, + Block: *mut PVOID, + ) -> NTSTATUS; + pub fn RtlResetMemoryZone(MemoryZone: PVOID) -> NTSTATUS; + pub fn RtlLockMemoryZone(MemoryZone: PVOID) -> NTSTATUS; + pub fn RtlUnlockMemoryZone(MemoryZone: PVOID) -> NTSTATUS; + pub fn RtlCreateMemoryBlockLookaside( + MemoryBlockLookaside: *mut PVOID, + Flags: ULONG, + InitialSize: ULONG, + MinimumBlockSize: ULONG, + MaximumBlockSize: ULONG, + ) -> NTSTATUS; + pub fn RtlDestroyMemoryBlockLookaside(MemoryBlockLookaside: PVOID) -> NTSTATUS; + pub fn RtlAllocateMemoryBlockLookaside( + MemoryBlockLookaside: PVOID, + BlockSize: ULONG, + Block: *mut PVOID, + ) -> NTSTATUS; + pub fn RtlFreeMemoryBlockLookaside(MemoryBlockLookaside: PVOID, Block: PVOID) -> NTSTATUS; + pub fn RtlExtendMemoryBlockLookaside(MemoryBlockLookaside: PVOID, Increment: ULONG) -> NTSTATUS; + pub fn RtlResetMemoryBlockLookaside(MemoryBlockLookaside: PVOID) -> NTSTATUS; + pub fn RtlLockMemoryBlockLookaside(MemoryBlockLookaside: PVOID) -> NTSTATUS; + pub fn RtlUnlockMemoryBlockLookaside(MemoryBlockLookaside: PVOID) -> NTSTATUS; + pub fn RtlGetCurrentTransaction() -> HANDLE; + pub fn RtlSetCurrentTransaction(TransactionHandle: HANDLE) -> LOGICAL; + pub fn RtlIsEqualLuid(L1: PLUID, L2: PLUID) -> BOOLEAN; + pub fn RtlIsZeroLuid(L1: PLUID) -> BOOLEAN; + pub fn RtlConvertLongToLuid(Long: LONG) -> LUID; + pub fn RtlConvertUlongToLuid(Ulong: ULONG) -> LUID; + pub fn RtlCopyLuid(DestinationLuid: PLUID, SourceLuid: PLUID); + pub fn RtlCopyLuidAndAttributesArray( + Count: ULONG, + Src: PLUID_AND_ATTRIBUTES, + Dest: PLUID_AND_ATTRIBUTES, + ); + pub fn RtlCreateQueryDebugBuffer( + MaximumCommit: ULONG, + UseEventPair: BOOLEAN, + ) -> PRTL_DEBUG_INFORMATION; + pub fn RtlDestroyQueryDebugBuffer(Buffer: PRTL_DEBUG_INFORMATION) -> NTSTATUS; + pub fn RtlCommitDebugInfo(Buffer: PRTL_DEBUG_INFORMATION, Size: SIZE_T) -> PVOID; + pub fn RtlDeCommitDebugInfo(Buffer: PRTL_DEBUG_INFORMATION, p: PVOID, Size: SIZE_T); + pub fn RtlQueryProcessDebugInformation( + UniqueProcessId: HANDLE, + Flags: ULONG, + Buffer: PRTL_DEBUG_INFORMATION, + ) -> NTSTATUS; + pub fn RtlSetProcessDebugInformation( + UniqueProcessId: HANDLE, + Flags: ULONG, + Buffer: PRTL_DEBUG_INFORMATION, + ) -> NTSTATUS; + pub fn RtlIsAnyDebuggerPresent() -> BOOLEAN; + pub fn RtlFindMessage( + DllHandle: PVOID, + MessageTableId: ULONG, + MessageLanguageId: ULONG, + MessageId: ULONG, + MessageEntry: *mut PMESSAGE_RESOURCE_ENTRY, + ) -> NTSTATUS; + pub fn RtlFormatMessage( + MessageFormat: PWSTR, + MaximumWidth: ULONG, + IgnoreInserts: BOOLEAN, + ArgumentsAreAnsi: BOOLEAN, + ArgumentsAreAnArray: BOOLEAN, + Arguments: *mut va_list, + Buffer: PWSTR, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn RtlFormatMessageEx( + MessageFormat: PWSTR, + MaximumWidth: ULONG, + IgnoreInserts: BOOLEAN, + ArgumentsAreAnsi: BOOLEAN, + ArgumentsAreAnArray: BOOLEAN, + Arguments: *mut va_list, + Buffer: PWSTR, + Length: ULONG, + ReturnLength: PULONG, + ParseContext: PPARSE_MESSAGE_CONTEXT, + ) -> NTSTATUS; + pub fn RtlGetFileMUIPath( + Flags: ULONG, + FilePath: PCWSTR, + Language: PWSTR, + LanguageLength: PULONG, + FileMUIPath: PWSTR, + FileMUIPathLength: PULONG, + Enumerator: PULONGLONG, + ) -> NTSTATUS; + pub fn RtlLoadString( + DllHandle: PVOID, + StringId: ULONG, + StringLanguage: PCWSTR, + Flags: ULONG, + ReturnString: *mut PCWSTR, + ReturnStringLen: PUSHORT, + ReturnLanguageName: PWSTR, + ReturnLanguageLen: PULONG, + ) -> NTSTATUS; + pub fn RtlNtStatusToDosError(Status: NTSTATUS) -> ULONG; + pub fn RtlNtStatusToDosErrorNoTeb(Status: NTSTATUS) -> ULONG; + pub fn RtlGetLastNtStatus() -> NTSTATUS; + pub fn RtlGetLastWin32Error() -> LONG; + pub fn RtlSetLastWin32ErrorAndNtStatusFromNtStatus(Status: NTSTATUS); + pub fn RtlSetLastWin32Error(Win32Error: LONG); + pub fn RtlRestoreLastWin32Error(Win32Error: LONG); + pub fn RtlGetThreadErrorMode() -> ULONG; + pub fn RtlSetThreadErrorMode(NewMode: ULONG, OldMode: PULONG) -> NTSTATUS; + pub fn RtlReportException( + ExceptionRecord: PEXCEPTION_RECORD, + ContextRecord: PCONTEXT, + Flags: ULONG, + ) -> NTSTATUS; + pub fn RtlReportExceptionEx( + ExceptionRecord: PEXCEPTION_RECORD, + ContextRecord: PCONTEXT, + Flags: ULONG, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn RtlWerpReportException( + ProcessId: ULONG, + CrashReportSharedMem: HANDLE, + Flags: ULONG, + CrashVerticalProcessHandle: PHANDLE, + ) -> NTSTATUS; + pub fn RtlReportSilentProcessExit(ProcessHandle: HANDLE, ExitStatus: NTSTATUS) -> NTSTATUS; + pub fn RtlUniform(Seed: PULONG) -> ULONG; + pub fn RtlRandom(Seed: PULONG) -> ULONG; + pub fn RtlRandomEx(Seed: PULONG) -> ULONG; + pub fn RtlComputeImportTableHash( + FileHandle: HANDLE, + Hash: PCHAR, + ImportTableHashRevision: ULONG, + ) -> NTSTATUS; + pub fn RtlIntegerToChar(Value: ULONG, Base: ULONG, OutputLength: LONG, String: PSTR) + -> NTSTATUS; + pub fn RtlCharToInteger(String: PCSTR, Base: ULONG, Value: PULONG) -> NTSTATUS; + pub fn RtlLargeIntegerToChar( + Value: PLARGE_INTEGER, + Base: ULONG, + OutputLength: LONG, + String: PSTR, + ) -> NTSTATUS; + pub fn RtlIntegerToUnicodeString(Value: ULONG, Base: ULONG, String: PUNICODE_STRING) + -> NTSTATUS; + pub fn RtlInt64ToUnicodeString( + Value: ULONGLONG, + Base: ULONG, + String: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn RtlUnicodeStringToInteger( + String: PUNICODE_STRING, + Base: ULONG, + Value: PULONG, + ) -> NTSTATUS; + pub fn RtlIpv4AddressToStringW(Address: PCIN_ADDR, AddressString: PWSTR) -> PWSTR; + pub fn RtlIpv4AddressToStringExW( + Address: PCIN_ADDR, + Port: USHORT, + AddressString: PWSTR, + AddressStringLength: PULONG, + ) -> NTSTATUS; + pub fn RtlIpv6AddressToStringW(Address: PCIN6_ADDR, AddressString: PWSTR) -> PWSTR; + pub fn RtlIpv6AddressToStringExW( + Address: PCIN6_ADDR, + ScopeId: ULONG, + Port: USHORT, + AddressString: PWSTR, + AddressStringLength: PULONG, + ) -> NTSTATUS; + pub fn RtlIpv4StringToAddressW( + AddressString: PCWSTR, + Strict: BOOLEAN, + Terminator: *mut LPCWSTR, + Address: PIN_ADDR, + ) -> NTSTATUS; + pub fn RtlIpv4StringToAddressExW( + AddressString: PCWSTR, + Strict: BOOLEAN, + Address: PIN_ADDR, + Port: PUSHORT, + ) -> NTSTATUS; + pub fn RtlIpv6StringToAddressW( + AddressString: PCWSTR, + Terminator: *mut PCWSTR, + Address: PIN6_ADDR, + ) -> NTSTATUS; + pub fn RtlIpv6StringToAddressExW( + AddressString: PCWSTR, + Address: PIN6_ADDR, + ScopeId: PULONG, + Port: PUSHORT, + ) -> NTSTATUS; + pub fn RtlCutoverTimeToSystemTime( + CutoverTime: PTIME_FIELDS, + SystemTime: PLARGE_INTEGER, + CurrentSystemTime: PLARGE_INTEGER, + ThisYear: BOOLEAN, + ) -> BOOLEAN; + pub fn RtlSystemTimeToLocalTime( + SystemTime: PLARGE_INTEGER, + LocalTime: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn RtlLocalTimeToSystemTime( + LocalTime: PLARGE_INTEGER, + SystemTime: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn RtlTimeToElapsedTimeFields(Time: PLARGE_INTEGER, TimeFields: PTIME_FIELDS); + pub fn RtlTimeToTimeFields(Time: PLARGE_INTEGER, TimeFields: PTIME_FIELDS); + pub fn RtlTimeFieldsToTime(TimeFields: PTIME_FIELDS, Time: PLARGE_INTEGER) -> BOOLEAN; + pub fn RtlTimeToSecondsSince1980(Time: PLARGE_INTEGER, ElapsedSeconds: PULONG) -> BOOLEAN; + pub fn RtlSecondsSince1980ToTime(ElapsedSeconds: ULONG, Time: PLARGE_INTEGER); + pub fn RtlTimeToSecondsSince1970(Time: PLARGE_INTEGER, ElapsedSeconds: PULONG) -> BOOLEAN; + pub fn RtlSecondsSince1970ToTime(ElapsedSeconds: ULONG, Time: PLARGE_INTEGER); + pub fn RtlGetSystemTimePrecise() -> LARGE_INTEGER; + pub fn RtlGetSystemTimeAndBias( + TimeZoneBias: KSYSTEM_TIME, + TimeZoneBiasEffectiveStart: PLARGE_INTEGER, + TimeZoneBiasEffectiveEnd: PLARGE_INTEGER, + ) -> KSYSTEM_TIME; + pub fn RtlGetInterruptTimePrecise(PerformanceCounter: PLARGE_INTEGER) -> LARGE_INTEGER; + pub fn RtlQueryUnbiasedInterruptTime(InterruptTime: PLARGE_INTEGER) -> BOOLEAN; + pub fn RtlQueryTimeZoneInformation(TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION) -> NTSTATUS; + pub fn RtlSetTimeZoneInformation(TimeZoneInformation: PRTL_TIME_ZONE_INFORMATION) -> NTSTATUS; + pub fn RtlInitializeBitMap(BitMapHeader: PRTL_BITMAP, BitMapBuffer: PULONG, SizeOfBitMap: ULONG); + pub fn RtlClearBit(BitMapHeader: PRTL_BITMAP, BitNumber: ULONG); + pub fn RtlSetBit(BitMapHeader: PRTL_BITMAP, BitNumber: ULONG); + pub fn RtlTestBit(BitMapHeader: PRTL_BITMAP, BitNumber: ULONG) -> BOOLEAN; + pub fn RtlClearAllBits(BitMapHeader: PRTL_BITMAP); + pub fn RtlSetAllBits(BitMapHeader: PRTL_BITMAP); + pub fn RtlFindClearBits( + BitMapHeader: PRTL_BITMAP, + NumberToFind: ULONG, + HintIndex: ULONG, + ) -> ULONG; + pub fn RtlFindSetBits(BitMapHeader: PRTL_BITMAP, NumberToFind: ULONG, HintIndex: ULONG) + -> ULONG; + pub fn RtlFindClearBitsAndSet( + BitMapHeader: PRTL_BITMAP, + NumberToFind: ULONG, + HintIndex: ULONG, + ) -> ULONG; + pub fn RtlFindSetBitsAndClear( + BitMapHeader: PRTL_BITMAP, + NumberToFind: ULONG, + HintIndex: ULONG, + ) -> ULONG; + pub fn RtlClearBits(BitMapHeader: PRTL_BITMAP, StartingIndex: ULONG, NumberToClear: ULONG); + pub fn RtlSetBits(BitMapHeader: PRTL_BITMAP, StartingIndex: ULONG, NumberToSet: ULONG); + pub fn RtlFindMostSignificantBit(Set: ULONGLONG) -> CCHAR; + pub fn RtlFindLeastSignificantBit(Set: ULONGLONG) -> CCHAR; + pub fn RtlFindClearRuns( + BitMapHeader: PRTL_BITMAP, + RunArray: PRTL_BITMAP_RUN, + SizeOfRunArray: ULONG, + LocateLongestRuns: BOOLEAN, + ) -> ULONG; + pub fn RtlFindLongestRunClear(BitMapHeader: PRTL_BITMAP, StartingIndex: PULONG) -> ULONG; + pub fn RtlFindFirstRunClear(BitMapHeader: PRTL_BITMAP, StartingIndex: PULONG) -> ULONG; + pub fn RtlCheckBit(BitMapHeader: PRTL_BITMAP, BitPosition: ULONG) -> BOOLEAN; + pub fn RtlNumberOfClearBits(BitMapHeader: PRTL_BITMAP) -> ULONG; + pub fn RtlNumberOfSetBits(BitMapHeader: PRTL_BITMAP) -> ULONG; + pub fn RtlAreBitsClear( + BitMapHeader: PRTL_BITMAP, + StartingIndex: ULONG, + Length: ULONG, + ) -> BOOLEAN; + pub fn RtlAreBitsSet(BitMapHeader: PRTL_BITMAP, StartingIndex: ULONG, Length: ULONG) -> BOOLEAN; + pub fn RtlFindNextForwardRunClear( + BitMapHeader: PRTL_BITMAP, + FromIndex: ULONG, + StartingRunIndex: PULONG, + ) -> ULONG; + pub fn RtlFindLastBackwardRunClear( + BitMapHeader: PRTL_BITMAP, + FromIndex: ULONG, + StartingRunIndex: PULONG, + ) -> ULONG; + pub fn RtlNumberOfSetBitsUlongPtr(Target: ULONG_PTR) -> ULONG; + pub fn RtlInterlockedClearBitRun( + BitMapHeader: PRTL_BITMAP, + StartingIndex: ULONG, + NumberToClear: ULONG, + ); + pub fn RtlInterlockedSetBitRun( + BitMapHeader: PRTL_BITMAP, + StartingIndex: ULONG, + NumberToSet: ULONG, + ); + pub fn RtlCopyBitMap(Source: PRTL_BITMAP, Destination: PRTL_BITMAP, TargetBit: ULONG); + pub fn RtlExtractBitMap( + Source: PRTL_BITMAP, + Destination: PRTL_BITMAP, + TargetBit: ULONG, + NumberOfBits: ULONG, + ); + pub fn RtlNumberOfClearBitsInRange( + BitMapHeader: PRTL_BITMAP, + StartingIndex: ULONG, + Length: ULONG, + ) -> ULONG; + pub fn RtlNumberOfSetBitsInRange( + BitMapHeader: PRTL_BITMAP, + StartingIndex: ULONG, + Length: ULONG, + ) -> ULONG; + pub fn RtlInitializeBitMapEx( + BitMapHeader: PRTL_BITMAP_EX, + BitMapBuffer: PULONG64, + SizeOfBitMap: ULONG64, + ); + pub fn RtlTestBitEx(BitMapHeader: PRTL_BITMAP_EX, BitNumber: ULONG64) -> BOOLEAN; + pub fn RtlClearAllBitsEx(BitMapHeader: PRTL_BITMAP_EX); + pub fn RtlClearBitEx(BitMapHeader: PRTL_BITMAP_EX, BitNumber: ULONG64); + pub fn RtlSetBitEx(BitMapHeader: PRTL_BITMAP_EX, BitNumber: ULONG64); + pub fn RtlFindSetBitsEx( + BitMapHeader: PRTL_BITMAP_EX, + NumberToFind: ULONG64, + HintIndex: ULONG64, + ) -> ULONG64; + pub fn RtlFindSetBitsAndClearEx( + BitMapHeader: PRTL_BITMAP_EX, + NumberToFind: ULONG64, + HintIndex: ULONG64, + ) -> ULONG64; + pub fn RtlInitializeHandleTable( + MaximumNumberOfHandles: ULONG, + SizeOfHandleTableEntry: ULONG, + HandleTable: PRTL_HANDLE_TABLE, + ); + pub fn RtlDestroyHandleTable(HandleTable: PRTL_HANDLE_TABLE) -> NTSTATUS; + pub fn RtlAllocateHandle( + HandleTable: PRTL_HANDLE_TABLE, + HandleIndex: PULONG, + ) -> PRTL_HANDLE_TABLE_ENTRY; + pub fn RtlFreeHandle(HandleTable: PRTL_HANDLE_TABLE, Handle: PRTL_HANDLE_TABLE_ENTRY) + -> BOOLEAN; + pub fn RtlIsValidHandle( + HandleTable: PRTL_HANDLE_TABLE, + Handle: PRTL_HANDLE_TABLE_ENTRY, + ) -> BOOLEAN; + pub fn RtlIsValidIndexHandle( + HandleTable: PRTL_HANDLE_TABLE, + HandleIndex: ULONG, + Handle: *mut PRTL_HANDLE_TABLE_ENTRY, + ) -> BOOLEAN; + pub fn RtlCreateAtomTable(NumberOfBuckets: ULONG, AtomTableHandle: *mut PVOID) -> NTSTATUS; + pub fn RtlDestroyAtomTable(AtomTableHandle: PVOID) -> NTSTATUS; + pub fn RtlEmptyAtomTable(AtomTableHandle: PVOID, IncludePinnedAtoms: BOOLEAN) -> NTSTATUS; + pub fn RtlAddAtomToAtomTable( + AtomTableHandle: PVOID, + AtomName: PWSTR, + Atom: PRTL_ATOM, + ) -> NTSTATUS; + pub fn RtlLookupAtomInAtomTable( + AtomTableHandle: PVOID, + AtomName: PWSTR, + Atom: PRTL_ATOM, + ) -> NTSTATUS; + pub fn RtlDeleteAtomFromAtomTable(AtomTableHandle: PVOID, Atom: RTL_ATOM) -> NTSTATUS; + pub fn RtlPinAtomInAtomTable(AtomTableHandle: PVOID, Atom: RTL_ATOM) -> NTSTATUS; + pub fn RtlQueryAtomInAtomTable( + AtomTableHandle: PVOID, + Atom: RTL_ATOM, + AtomUsage: PULONG, + AtomFlags: PULONG, + AtomName: PWSTR, + AtomNameLength: PULONG, + ) -> NTSTATUS; + pub fn RtlGetIntegerAtom(AtomName: PWSTR, IntegerAtom: PUSHORT) -> BOOLEAN; + pub fn RtlValidSid(Sid: PSID) -> BOOLEAN; + pub fn RtlEqualSid(Sid1: PSID, Sid2: PSID) -> BOOLEAN; + pub fn RtlEqualPrefixSid(Sid1: PSID, Sid2: PSID) -> BOOLEAN; + pub fn RtlLengthRequiredSid(SubAuthorityCount: ULONG) -> ULONG; + pub fn RtlFreeSid(Sid: PSID) -> PVOID; + pub fn RtlAllocateAndInitializeSid( + IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, + SubAuthorityCount: UCHAR, + SubAuthority0: ULONG, + SubAuthority1: ULONG, + SubAuthority2: ULONG, + SubAuthority3: ULONG, + SubAuthority4: ULONG, + SubAuthority5: ULONG, + SubAuthority6: ULONG, + SubAuthority7: ULONG, + Sid: *mut PSID, + ) -> NTSTATUS; + pub fn RtlAllocateAndInitializeSidEx( + IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, + SubAuthorityCount: UCHAR, + SubAuthorities: PULONG, + Sid: *mut PSID, + ) -> NTSTATUS; + pub fn RtlInitializeSid( + Sid: PSID, + IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, + SubAuthorityCount: UCHAR, + ) -> NTSTATUS; + pub fn RtlInitializeSidEx( + Sid: PSID, + IdentifierAuthority: PSID_IDENTIFIER_AUTHORITY, + SubAuthorityCount: UCHAR, + ... + ) -> NTSTATUS; + pub fn RtlIdentifierAuthoritySid(Sid: PSID) -> PSID_IDENTIFIER_AUTHORITY; + pub fn RtlSubAuthoritySid(Sid: PSID, SubAuthority: ULONG) -> PULONG; + pub fn RtlSubAuthorityCountSid(Sid: PSID) -> PUCHAR; + pub fn RtlLengthSid(Sid: PSID) -> ULONG; + pub fn RtlCopySid( + DestinationSidLength: ULONG, + DestinationSid: PSID, + SourceSid: PSID, + ) -> NTSTATUS; + pub fn RtlCopySidAndAttributesArray( + Count: ULONG, + Src: PSID_AND_ATTRIBUTES, + SidAreaSize: ULONG, + Dest: PSID_AND_ATTRIBUTES, + SidArea: PSID, + RemainingSidArea: *mut PSID, + RemainingSidAreaSize: PULONG, + ) -> NTSTATUS; + pub fn RtlCreateServiceSid( + ServiceName: PUNICODE_STRING, + ServiceSid: PSID, + ServiceSidLength: PULONG, + ) -> NTSTATUS; + pub fn RtlSidDominates(Sid1: PSID, Sid2: PSID, Dominates: PBOOLEAN) -> NTSTATUS; + pub fn RtlSidDominatesForTrust(Sid1: PSID, Sid2: PSID, DominatesTrust: PBOOLEAN) -> NTSTATUS; + pub fn RtlSidEqualLevel(Sid1: PSID, Sid2: PSID, EqualLevel: PBOOLEAN) -> NTSTATUS; + pub fn RtlSidIsHigherLevel(Sid1: PSID, Sid2: PSID, HigherLevel: PBOOLEAN) -> NTSTATUS; + pub fn RtlCreateVirtualAccountSid( + Name: PUNICODE_STRING, + BaseSubAuthority: ULONG, + Sid: PSID, + SidLength: PULONG, + ) -> NTSTATUS; + pub fn RtlReplaceSidInSd( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + OldSid: PSID, + NewSid: PSID, + NumChanges: *mut ULONG, + ) -> NTSTATUS; + pub fn RtlLengthSidAsUnicodeString(Sid: PSID, StringLength: PULONG) -> NTSTATUS; + pub fn RtlConvertSidToUnicodeString( + UnicodeString: PUNICODE_STRING, + Sid: PSID, + AllocateDestinationString: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlSidHashInitialize( + SidAttr: PSID_AND_ATTRIBUTES, + SidCount: ULONG, + SidAttrHash: PSID_AND_ATTRIBUTES_HASH, + ) -> NTSTATUS; + pub fn RtlSidHashLookup(SidAttrHash: PSID_AND_ATTRIBUTES_HASH, Sid: PSID) + -> PSID_AND_ATTRIBUTES; + pub fn RtlIsElevatedRid(SidAttr: PSID_AND_ATTRIBUTES) -> BOOLEAN; + pub fn RtlDeriveCapabilitySidsFromName( + UnicodeString: PUNICODE_STRING, + CapabilityGroupSid: PSID, + CapabilitySid: PSID, + ) -> NTSTATUS; + pub fn RtlCreateSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Revision: ULONG, + ) -> NTSTATUS; + pub fn RtlValidSecurityDescriptor(SecurityDescriptor: PSECURITY_DESCRIPTOR) -> BOOLEAN; + pub fn RtlLengthSecurityDescriptor(SecurityDescriptor: PSECURITY_DESCRIPTOR) -> ULONG; + pub fn RtlValidRelativeSecurityDescriptor( + SecurityDescriptorInput: PSECURITY_DESCRIPTOR, + SecurityDescriptorLength: ULONG, + RequiredInformation: SECURITY_INFORMATION, + ) -> BOOLEAN; + pub fn RtlGetControlSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Control: PSECURITY_DESCRIPTOR_CONTROL, + Revision: PULONG, + ) -> NTSTATUS; + pub fn RtlSetControlSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ControlBitsOfInterest: SECURITY_DESCRIPTOR_CONTROL, + ControlBitsToSet: SECURITY_DESCRIPTOR_CONTROL, + ) -> NTSTATUS; + pub fn RtlSetAttributesSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Control: SECURITY_DESCRIPTOR_CONTROL, + Revision: PULONG, + ) -> NTSTATUS; + pub fn RtlGetSecurityDescriptorRMControl( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + RMControl: PUCHAR, + ) -> BOOLEAN; + pub fn RtlSetSecurityDescriptorRMControl( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + RMControl: PUCHAR, + ); + pub fn RtlSetDaclSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + DaclPresent: BOOLEAN, + Dacl: PACL, + DaclDefaulted: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlGetDaclSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + DaclPresent: PBOOLEAN, + Dacl: *mut PACL, + DaclDefaulted: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlSetSaclSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + SaclPresent: BOOLEAN, + Sacl: PACL, + SaclDefaulted: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlGetSaclSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + SaclPresent: PBOOLEAN, + Sacl: *mut PACL, + SaclDefaulted: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlSetOwnerSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Owner: PSID, + OwnerDefaulted: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlGetOwnerSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Owner: *mut PSID, + OwnerDefaulted: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlSetGroupSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Group: PSID, + GroupDefaulted: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlGetGroupSecurityDescriptor( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Group: *mut PSID, + GroupDefaulted: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlMakeSelfRelativeSD( + AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, + SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, + BufferLength: PULONG, + ) -> NTSTATUS; + pub fn RtlAbsoluteToSelfRelativeSD( + AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, + SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, + BufferLength: PULONG, + ) -> NTSTATUS; + pub fn RtlSelfRelativeToAbsoluteSD( + SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, + AbsoluteSecurityDescriptor: PSECURITY_DESCRIPTOR, + AbsoluteSecurityDescriptorSize: PULONG, + Dacl: PACL, + DaclSize: PULONG, + Sacl: PACL, + SaclSize: PULONG, + Owner: PSID, + OwnerSize: PULONG, + PrimaryGroup: PSID, + PrimaryGroupSize: PULONG, + ) -> NTSTATUS; + pub fn RtlSelfRelativeToAbsoluteSD2( + SelfRelativeSecurityDescriptor: PSECURITY_DESCRIPTOR, + BufferSize: PULONG, + ) -> NTSTATUS; + pub fn RtlNormalizeSecurityDescriptor( + SecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + SecurityDescriptorLength: DWORD, + NewSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + NewSecurityDescriptorLength: PDWORD, + CheckOnly: BOOLEAN, + ) -> BOOLEAN; + pub fn RtlAreAllAccessesGranted( + GrantedAccess: ACCESS_MASK, + DesiredAccess: ACCESS_MASK, + ) -> BOOLEAN; + pub fn RtlAreAnyAccessesGranted( + GrantedAccess: ACCESS_MASK, + DesiredAccess: ACCESS_MASK, + ) -> BOOLEAN; + pub fn RtlMapGenericMask(AccessMask: PACCESS_MASK, GenericMapping: PGENERIC_MAPPING); + pub fn RtlCreateAcl(Acl: PACL, AclLength: ULONG, AclRevision: ULONG) -> NTSTATUS; + pub fn RtlValidAcl(Acl: PACL) -> BOOLEAN; + pub fn RtlQueryInformationAcl( + Acl: PACL, + AclInformation: PVOID, + AclInformationLength: ULONG, + AclInformationClass: ACL_INFORMATION_CLASS, + ) -> NTSTATUS; + pub fn RtlSetInformationAcl( + Acl: PACL, + AclInformation: PVOID, + AclInformationLength: ULONG, + AclInformationClass: ACL_INFORMATION_CLASS, + ) -> NTSTATUS; + pub fn RtlAddAce( + Acl: PACL, + AceRevision: ULONG, + StartingAceIndex: ULONG, + AceList: PVOID, + AceListLength: ULONG, + ) -> NTSTATUS; + pub fn RtlDeleteAce(Acl: PACL, AceIndex: ULONG) -> NTSTATUS; + pub fn RtlGetAce(Acl: PACL, AceIndex: ULONG, Ace: *mut PVOID) -> NTSTATUS; + pub fn RtlFirstFreeAce(Acl: PACL, FirstFree: *mut PVOID) -> BOOLEAN; + pub fn RtlFindAceByType(Acl: PACL, AceType: UCHAR, Index: PULONG) -> PVOID; + pub fn RtlOwnerAcesPresent(pAcl: PACL) -> BOOLEAN; + pub fn RtlAddAccessAllowedAce( + Acl: PACL, + AceRevision: ULONG, + AccessMask: ACCESS_MASK, + Sid: PSID, + ) -> NTSTATUS; + pub fn RtlAddAccessAllowedAceEx( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ACCESS_MASK, + Sid: PSID, + ) -> NTSTATUS; + pub fn RtlAddAccessDeniedAce( + Acl: PACL, + AceRevision: ULONG, + AccessMask: ACCESS_MASK, + Sid: PSID, + ) -> NTSTATUS; + pub fn RtlAddAccessDeniedAceEx( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ACCESS_MASK, + Sid: PSID, + ) -> NTSTATUS; + pub fn RtlAddAuditAccessAce( + Acl: PACL, + AceRevision: ULONG, + AccessMask: ACCESS_MASK, + Sid: PSID, + AuditSuccess: BOOLEAN, + AuditFailure: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlAddAuditAccessAceEx( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ACCESS_MASK, + Sid: PSID, + AuditSuccess: BOOLEAN, + AuditFailure: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlAddAccessAllowedObjectAce( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ACCESS_MASK, + ObjectTypeGuid: PGUID, + InheritedObjectTypeGuid: PGUID, + Sid: PSID, + ) -> NTSTATUS; + pub fn RtlAddAccessDeniedObjectAce( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ACCESS_MASK, + ObjectTypeGuid: PGUID, + InheritedObjectTypeGuid: PGUID, + Sid: PSID, + ) -> NTSTATUS; + pub fn RtlAddAuditAccessObjectAce( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ACCESS_MASK, + ObjectTypeGuid: PGUID, + InheritedObjectTypeGuid: PGUID, + Sid: PSID, + AuditSuccess: BOOLEAN, + AuditFailure: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlAddCompoundAce( + Acl: PACL, + AceRevision: ULONG, + AceType: UCHAR, + AccessMask: ACCESS_MASK, + ServerSid: PSID, + ClientSid: PSID, + ) -> NTSTATUS; + pub fn RtlAddMandatoryAce( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + Sid: PSID, + AceType: UCHAR, + AccessMask: ACCESS_MASK, + ) -> NTSTATUS; + pub fn RtlAddResourceAttributeAce( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ULONG, + Sid: PSID, + AttributeInfo: PCLAIM_SECURITY_ATTRIBUTES_INFORMATION, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn RtlAddScopedPolicyIDAce( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + AccessMask: ULONG, + Sid: PSID, + ) -> NTSTATUS; + pub fn RtlAddProcessTrustLabelAce( + Acl: PACL, + AceRevision: ULONG, + AceFlags: ULONG, + ProcessTrustLabelSid: PSID, + AceType: UCHAR, + AccessMask: ACCESS_MASK, + ) -> NTSTATUS; + pub fn RtlDefaultNpAcl(Acl: *mut PACL) -> NTSTATUS; + pub fn RtlNewSecurityObject( + ParentDescriptor: PSECURITY_DESCRIPTOR, + CreatorDescriptor: PSECURITY_DESCRIPTOR, + NewDescriptor: *mut PSECURITY_DESCRIPTOR, + IsDirectoryObject: BOOLEAN, + Token: HANDLE, + GenericMapping: PGENERIC_MAPPING, + ) -> NTSTATUS; + pub fn RtlNewSecurityObjectEx( + ParentDescriptor: PSECURITY_DESCRIPTOR, + CreatorDescriptor: PSECURITY_DESCRIPTOR, + NewDescriptor: *mut PSECURITY_DESCRIPTOR, + ObjectType: *mut GUID, + IsDirectoryObject: BOOLEAN, + AutoInheritFlags: ULONG, + Token: HANDLE, + GenericMapping: PGENERIC_MAPPING, + ) -> NTSTATUS; + pub fn RtlNewSecurityObjectWithMultipleInheritance( + ParentDescriptor: PSECURITY_DESCRIPTOR, + CreatorDescriptor: PSECURITY_DESCRIPTOR, + NewDescriptor: *mut PSECURITY_DESCRIPTOR, + ObjectType: *mut *mut GUID, + GuidCount: ULONG, + IsDirectoryObject: BOOLEAN, + AutoInheritFlags: ULONG, + Token: HANDLE, + GenericMapping: PGENERIC_MAPPING, + ) -> NTSTATUS; + pub fn RtlDeleteSecurityObject(ObjectDescriptor: *mut PSECURITY_DESCRIPTOR) -> NTSTATUS; + pub fn RtlQuerySecurityObject( + ObjectDescriptor: PSECURITY_DESCRIPTOR, + SecurityInformation: SECURITY_INFORMATION, + ResultantDescriptor: PSECURITY_DESCRIPTOR, + DescriptorLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn RtlSetSecurityObject( + SecurityInformation: SECURITY_INFORMATION, + ModificationDescriptor: PSECURITY_DESCRIPTOR, + ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + GenericMapping: PGENERIC_MAPPING, + TokenHandle: HANDLE, + ) -> NTSTATUS; + pub fn RtlSetSecurityObjectEx( + SecurityInformation: SECURITY_INFORMATION, + ModificationDescriptor: PSECURITY_DESCRIPTOR, + ObjectsSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + AutoInheritFlags: ULONG, + GenericMapping: PGENERIC_MAPPING, + TokenHandle: HANDLE, + ) -> NTSTATUS; + pub fn RtlConvertToAutoInheritSecurityObject( + ParentDescriptor: PSECURITY_DESCRIPTOR, + CurrentSecurityDescriptor: PSECURITY_DESCRIPTOR, + NewSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + ObjectType: *mut GUID, + IsDirectoryObject: BOOLEAN, + GenericMapping: PGENERIC_MAPPING, + ) -> NTSTATUS; + pub fn RtlNewInstanceSecurityObject( + ParentDescriptorChanged: BOOLEAN, + CreatorDescriptorChanged: BOOLEAN, + OldClientTokenModifiedId: PLUID, + NewClientTokenModifiedId: PLUID, + ParentDescriptor: PSECURITY_DESCRIPTOR, + CreatorDescriptor: PSECURITY_DESCRIPTOR, + NewDescriptor: *mut PSECURITY_DESCRIPTOR, + IsDirectoryObject: BOOLEAN, + TokenHandle: HANDLE, + GenericMapping: PGENERIC_MAPPING, + ) -> NTSTATUS; + pub fn RtlCopySecurityDescriptor( + InputSecurityDescriptor: PSECURITY_DESCRIPTOR, + OutputSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn RtlCreateUserSecurityObject( + AceData: PRTL_ACE_DATA, + AceCount: ULONG, + OwnerSid: PSID, + GroupSid: PSID, + IsDirectoryObject: BOOLEAN, + GenericMapping: PGENERIC_MAPPING, + NewSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn RtlCreateAndSetSD( + AceData: PRTL_ACE_DATA, + AceCount: ULONG, + OwnerSid: PSID, + GroupSid: PSID, + NewSecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn RtlRunEncodeUnicodeString(Seed: PUCHAR, String: PUNICODE_STRING); + pub fn RtlRunDecodeUnicodeString(Seed: UCHAR, String: PUNICODE_STRING); + pub fn RtlImpersonateSelf(ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL) -> NTSTATUS; + pub fn RtlImpersonateSelfEx( + ImpersonationLevel: SECURITY_IMPERSONATION_LEVEL, + AdditionalAccess: ACCESS_MASK, + ThreadToken: PHANDLE, + ) -> NTSTATUS; + pub fn RtlAdjustPrivilege( + Privilege: ULONG, + Enable: BOOLEAN, + Client: BOOLEAN, + WasEnabled: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlAcquirePrivilege( + Privilege: PULONG, + NumPriv: ULONG, + Flags: ULONG, + ReturnedState: *mut PVOID, + ) -> NTSTATUS; + pub fn RtlReleasePrivilege(StatePointer: PVOID); + pub fn RtlRemovePrivileges( + TokenHandle: HANDLE, + PrivilegesToKeep: PULONG, + PrivilegeCount: ULONG, + ) -> NTSTATUS; + pub fn RtlIsUntrustedObject( + Handle: HANDLE, + Object: PVOID, + IsUntrustedObject: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlQueryValidationRunlevel(ComponentName: PUNICODE_STRING) -> ULONG; + pub fn RtlCreateBoundaryDescriptor( + Name: PUNICODE_STRING, + Flags: ULONG, + ) -> POBJECT_BOUNDARY_DESCRIPTOR; + pub fn RtlDeleteBoundaryDescriptor(BoundaryDescriptor: POBJECT_BOUNDARY_DESCRIPTOR); + pub fn RtlAddSIDToBoundaryDescriptor( + BoundaryDescriptor: *mut POBJECT_BOUNDARY_DESCRIPTOR, + RequiredSid: PSID, + ) -> NTSTATUS; + pub fn RtlAddIntegrityLabelToBoundaryDescriptor( + BoundaryDescriptor: *mut POBJECT_BOUNDARY_DESCRIPTOR, + IntegrityLabel: PSID, + ) -> NTSTATUS; + pub fn RtlGetVersion(VersionInformation: PRTL_OSVERSIONINFOEXW) -> NTSTATUS; + pub fn RtlVerifyVersionInfo( + VersionInformation: PRTL_OSVERSIONINFOEXW, + TypeMask: ULONG, + ConditionMask: ULONGLONG, + ) -> NTSTATUS; + pub fn RtlGetNtVersionNumbers( + NtMajorVersion: PULONG, + NtMinorVersion: PULONG, + NtBuildNumber: PULONG, + ); + pub fn RtlGetNtGlobalFlags() -> ULONG; + pub fn RtlGetNtProductType(NtProductType: PNT_PRODUCT_TYPE) -> BOOLEAN; + pub fn RtlGetSuiteMask() -> ULONG; + pub fn RtlRegisterWait( + WaitHandle: PHANDLE, + Handle: HANDLE, + Function: WAITORTIMERCALLBACKFUNC, + Context: PVOID, + Milliseconds: ULONG, + Flags: ULONG, + ) -> NTSTATUS; + pub fn RtlDeregisterWait(WaitHandle: HANDLE) -> NTSTATUS; + pub fn RtlDeregisterWaitEx(WaitHandle: HANDLE, CompletionEvent: HANDLE) -> NTSTATUS; + pub fn RtlQueueWorkItem(Function: WORKERCALLBACKFUNC, Context: PVOID, Flags: ULONG) -> NTSTATUS; + pub fn RtlSetIoCompletionCallback( + FileHandle: HANDLE, + CompletionProc: APC_CALLBACK_FUNCTION, + Flags: ULONG, + ) -> NTSTATUS; + pub fn RtlSetThreadPoolStartFunc( + StartPoolThread: PRTL_START_POOL_THREAD, + ExitPoolThread: PRTL_EXIT_POOL_THREAD, + ) -> NTSTATUS; + pub fn RtlUserThreadStart(Function: PTHREAD_START_ROUTINE, Parameter: PVOID); + pub fn LdrInitializeThunk(ContextRecord: PCONTEXT, Parameter: PVOID); + pub fn RtlDelayExecution(Alertable: BOOLEAN, DelayInterval: PLARGE_INTEGER) -> NTSTATUS; + pub fn RtlCreateTimerQueue(TimerQueueHandle: PHANDLE) -> NTSTATUS; + pub fn RtlCreateTimer( + TimerQueueHandle: HANDLE, + Handle: PHANDLE, + Function: WAITORTIMERCALLBACKFUNC, + Context: PVOID, + DueTime: ULONG, + Period: ULONG, + Flags: ULONG, + ) -> NTSTATUS; + pub fn RtlSetTimer( + TimerQueueHandle: HANDLE, + Handle: PHANDLE, + Function: WAITORTIMERCALLBACKFUNC, + Context: PVOID, + DueTime: ULONG, + Period: ULONG, + Flags: ULONG, + ) -> NTSTATUS; + pub fn RtlUpdateTimer( + TimerQueueHandle: HANDLE, + TimerHandle: HANDLE, + DueTime: ULONG, + Period: ULONG, + ) -> NTSTATUS; + pub fn RtlDeleteTimer( + TimerQueueHandle: HANDLE, + TimerToCancel: HANDLE, + Event: HANDLE, + ) -> NTSTATUS; + pub fn RtlDeleteTimerQueue(TimerQueueHandle: HANDLE) -> NTSTATUS; + pub fn RtlDeleteTimerQueueEx(TimerQueueHandle: HANDLE, Event: HANDLE) -> NTSTATUS; + pub fn RtlFormatCurrentUserKeyPath(CurrentUserKeyPath: PUNICODE_STRING) -> NTSTATUS; + pub fn RtlOpenCurrentUser(DesiredAccess: ACCESS_MASK, CurrentUserKey: PHANDLE) -> NTSTATUS; + pub fn RtlCreateRegistryKey(RelativeTo: ULONG, Path: PWSTR) -> NTSTATUS; + pub fn RtlCheckRegistryKey(RelativeTo: ULONG, Path: PWSTR) -> NTSTATUS; + pub fn RtlQueryRegistryValues( + RelativeTo: ULONG, + Path: PCWSTR, + QueryTable: PRTL_QUERY_REGISTRY_TABLE, + Context: PVOID, + Environment: PVOID, + ) -> NTSTATUS; + pub fn RtlQueryRegistryValuesEx( + RelativeTo: ULONG, + Path: PCWSTR, + QueryTable: PRTL_QUERY_REGISTRY_TABLE, + Context: PVOID, + Environment: PVOID, + ) -> NTSTATUS; + pub fn RtlQueryRegistryValueWithFallback( + PrimaryHandle: HANDLE, + FallbackHandle: HANDLE, + ValueName: PUNICODE_STRING, + ValueLength: ULONG, + ValueType: PULONG, + ValueData: PVOID, + ResultLength: PULONG, + ) -> NTSTATUS; + pub fn RtlWriteRegistryValue( + RelativeTo: ULONG, + Path: PCWSTR, + ValueName: PCWSTR, + ValueType: ULONG, + ValueData: PVOID, + ValueLength: ULONG, + ) -> NTSTATUS; + pub fn RtlDeleteRegistryValue(RelativeTo: ULONG, Path: PCWSTR, ValueName: PCWSTR) -> NTSTATUS; + pub fn RtlEnableThreadProfiling( + ThreadHandle: HANDLE, + Flags: ULONG, + HardwareCounters: ULONG64, + PerformanceDataHandle: *mut PVOID, + ) -> NTSTATUS; + pub fn RtlDisableThreadProfiling(PerformanceDataHandle: PVOID) -> NTSTATUS; + pub fn RtlQueryThreadProfiling(ThreadHandle: HANDLE, Enabled: PBOOLEAN) -> NTSTATUS; + pub fn RtlReadThreadProfilingData( + PerformanceDataHandle: HANDLE, + Flags: ULONG, + PerformanceData: PPERFORMANCE_DATA, + ) -> NTSTATUS; + pub fn RtlGetNativeSystemInformation( + SystemInformationClass: ULONG, + NativeSystemInformation: PVOID, + InformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn RtlQueueApcWow64Thread( + ThreadHandle: HANDLE, + ApcRoutine: PPS_APC_ROUTINE, + ApcArgument1: PVOID, + ApcArgument2: PVOID, + ApcArgument3: PVOID, + ) -> NTSTATUS; + pub fn RtlWow64EnableFsRedirection(Wow64FsEnableRedirection: BOOLEAN) -> NTSTATUS; + pub fn RtlWow64EnableFsRedirectionEx( + Wow64FsEnableRedirection: PVOID, + OldFsRedirectionLevel: *mut PVOID, + ) -> NTSTATUS; + pub fn RtlComputeCrc32(PartialCrc: ULONG32, Buffer: PVOID, Length: ULONG) -> ULONG32; + pub fn RtlEncodePointer(Ptr: PVOID) -> PVOID; + pub fn RtlDecodePointer(Ptr: PVOID) -> PVOID; + pub fn RtlEncodeSystemPointer(Ptr: PVOID) -> PVOID; + pub fn RtlDecodeSystemPointer(Ptr: PVOID) -> PVOID; + pub fn RtlEncodeRemotePointer( + ProcessHandle: HANDLE, + Pointer: PVOID, + EncodedPointer: *mut PVOID, + ) -> NTSTATUS; + pub fn RtlDecodeRemotePointer( + ProcessHandle: HANDLE, + Pointer: PVOID, + DecodedPointer: *mut PVOID, + ) -> NTSTATUS; + pub fn RtlIsProcessorFeaturePresent(ProcessorFeature: ULONG) -> BOOLEAN; + pub fn RtlGetCurrentProcessorNumber() -> ULONG; + pub fn RtlGetCurrentProcessorNumberEx(ProcessorNumber: PPROCESSOR_NUMBER); + pub fn RtlPushFrame(Frame: PTEB_ACTIVE_FRAME); + pub fn RtlPopFrame(Frame: PTEB_ACTIVE_FRAME); + pub fn RtlGetFrame() -> PTEB_ACTIVE_FRAME; + pub fn RtlWalkFrameChain(Callers: *mut PVOID, Count: ULONG, Flags: ULONG) -> ULONG; + pub fn RtlGetCallersAddress(CallersAddress: *mut PVOID, CallersCaller: *mut PVOID); + pub fn RtlGetEnabledExtendedFeatures(FeatureMask: ULONG64) -> ULONG64; + pub fn RtlGetEnabledExtendedAndSupervisorFeatures(FeatureMask: ULONG64) -> ULONG64; + pub fn RtlLocateSupervisorFeature( + XStateHeader: PXSAVE_AREA_HEADER, + FeatureId: ULONG, + Length: PULONG, + ) -> PVOID; + pub fn RtlQueryElevationFlags(Flags: PRTL_ELEVATION_FLAGS) -> NTSTATUS; + pub fn RtlRegisterThreadWithCsrss() -> NTSTATUS; + pub fn RtlLockCurrentThread() -> NTSTATUS; + pub fn RtlUnlockCurrentThread() -> NTSTATUS; + pub fn RtlLockModuleSection(Address: PVOID) -> NTSTATUS; + pub fn RtlUnlockModuleSection(Address: PVOID) -> NTSTATUS; + pub fn RtlGetUnloadEventTrace() -> PRTL_UNLOAD_EVENT_TRACE; + pub fn RtlGetUnloadEventTraceEx( + ElementSize: *mut PULONG, + ElementCount: *mut PULONG, + EventTrace: *mut PVOID, + ); + pub fn RtlQueryPerformanceCounter(PerformanceCounter: PLARGE_INTEGER) -> LOGICAL; + pub fn RtlQueryPerformanceFrequency(PerformanceFrequency: PLARGE_INTEGER) -> LOGICAL; + pub fn RtlQueryImageMitigationPolicy( + ImagePath: PWSTR, + Policy: IMAGE_MITIGATION_POLICY, + Flags: ULONG, + Buffer: PVOID, + BufferSize: ULONG, + ) -> NTSTATUS; + pub fn RtlSetImageMitigationPolicy( + ImagePath: PWSTR, + Policy: IMAGE_MITIGATION_POLICY, + Flags: ULONG, + Buffer: PVOID, + BufferSize: ULONG, + ) -> NTSTATUS; + pub fn RtlGetCurrentServiceSessionId() -> ULONG; + pub fn RtlGetActiveConsoleId() -> ULONG; + pub fn RtlGetConsoleSessionForegroundProcessId() -> ULONGLONG; + pub fn RtlGetTokenNamedObjectPath( + TokenHandle: HANDLE, + Sid: PSID, + ObjectPath: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn RtlGetAppContainerNamedObjectPath( + TokenHandle: HANDLE, + AppContainerSid: PSID, + RelativePath: BOOLEAN, + ObjectPath: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn RtlGetAppContainerParent( + AppContainerSid: PSID, + AppContainerSidParent: *mut PSID, + ) -> NTSTATUS; + pub fn RtlCheckSandboxedToken(TokenHandle: HANDLE, IsSandboxed: PBOOLEAN) -> NTSTATUS; + pub fn RtlCheckTokenCapability( + TokenHandle: HANDLE, + CapabilitySidToCheck: PSID, + HasCapability: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlCapabilityCheck( + TokenHandle: HANDLE, + CapabilityName: PUNICODE_STRING, + HasCapability: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlCheckTokenMembership( + TokenHandle: HANDLE, + SidToCheck: PSID, + IsMember: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlCheckTokenMembershipEx( + TokenHandle: HANDLE, + SidToCheck: PSID, + Flags: ULONG, + IsMember: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlQueryTokenHostIdAsUlong64(TokenHandle: HANDLE, HostId: PULONG64) -> NTSTATUS; + pub fn RtlIsParentOfChildAppContainer( + ParentAppContainerSid: PSID, + ChildAppContainerSid: PSID, + ) -> BOOLEAN; + pub fn RtlIsApiSetImplemented(ApiSetName: PCSTR) -> NTSTATUS; + pub fn RtlIsCapabilitySid(Sid: PSID) -> BOOLEAN; + pub fn RtlIsPackageSid(Sid: PSID) -> BOOLEAN; + pub fn RtlIsValidProcessTrustLabelSid(Sid: PSID) -> BOOLEAN; + pub fn RtlGetAppContainerSidType( + AppContainerSid: PSID, + AppContainerSidType: PAPPCONTAINER_SID_TYPE, + ) -> NTSTATUS; + pub fn RtlFlsAlloc(Callback: PFLS_CALLBACK_FUNCTION, FlsIndex: PULONG) -> NTSTATUS; + pub fn RtlFlsFree(FlsIndex: ULONG) -> NTSTATUS; + pub fn RtlFlsGetValue(FlsIndex: ULONG, FlsData: *mut PVOID) -> NTSTATUS; + pub fn RtlFlsSetValue(FlsIndex: ULONG, FlsData: PVOID) -> NTSTATUS; + pub fn RtlIsStateSeparationEnabled() -> BOOLEAN; + pub fn RtlGetPersistedStateLocation( + SourceID: PCWSTR, + CustomValue: PCWSTR, + DefaultPath: PCWSTR, + StateLocationType: STATE_LOCATION_TYPE, + TargetPath: PWCHAR, + BufferLengthIn: ULONG, + BufferLengthOut: PULONG, + ) -> NTSTATUS; + pub fn RtlIsCloudFilesPlaceholder(FileAttributes: ULONG, ReparseTag: ULONG) -> BOOLEAN; + pub fn RtlIsPartialPlaceholder(FileAttributes: ULONG, ReparseTag: ULONG) -> BOOLEAN; + pub fn RtlIsPartialPlaceholderFileHandle( + FileHandle: HANDLE, + IsPartialPlaceholder: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlIsPartialPlaceholderFileInfo( + InfoBuffer: PVOID, + InfoClass: FILE_INFORMATION_CLASS, + IsPartialPlaceholder: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlQueryThreadPlaceholderCompatibilityMode() -> CHAR; + pub fn RtlSetThreadPlaceholderCompatibilityMode(Mode: CHAR) -> CHAR; + pub fn RtlQueryProcessPlaceholderCompatibilityMode() -> CHAR; + pub fn RtlSetProcessPlaceholderCompatibilityMode(Mode: CHAR) -> CHAR; + pub fn RtlIsNonEmptyDirectoryReparsePointAllowed(ReparseTag: ULONG) -> BOOLEAN; + pub fn RtlAppxIsFileOwnedByTrustedInstaller( + FileHandle: HANDLE, + IsFileOwnedByTrustedInstaller: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlQueryPackageClaims( + TokenHandle: HANDLE, + PackageFullName: PWSTR, + PackageSize: PSIZE_T, + AppId: PWSTR, + AppIdSize: PSIZE_T, + DynamicId: PGUID, + PkgClaim: PPS_PKG_CLAIM, + AttributesPresent: PULONG64, + ) -> NTSTATUS; + pub fn RtlQueryPackageIdentity( + TokenHandle: HANDLE, + PackageFullName: PWSTR, + PackageSize: PSIZE_T, + AppId: PWSTR, + AppIdSize: PSIZE_T, + Packaged: PBOOLEAN, + ) -> NTSTATUS; + pub fn RtlQueryPackageIdentityEx( + TokenHandle: HANDLE, + PackageFullName: PWSTR, + PackageSize: PSIZE_T, + AppId: PWSTR, + AppIdSize: PSIZE_T, + DynamicId: PGUID, + Flags: PULONG64, + ) -> NTSTATUS; + pub fn RtlQueryProtectedPolicy(PolicyGuid: PGUID, PolicyValue: PULONG_PTR) -> NTSTATUS; + pub fn RtlSetProtectedPolicy( + PolicyGuid: PGUID, + PolicyValue: ULONG_PTR, + OldPolicyValue: PULONG_PTR, + ) -> NTSTATUS; + pub fn RtlIsEnclaveFeaturePresent(FeatureMask: ULONG) -> BOOLEAN; + pub fn RtlIsMultiSessionSku() -> BOOLEAN; + pub fn RtlIsMultiUsersInSessionSku() -> BOOLEAN; + pub fn RtlGetSessionProperties(SessionId: ULONG, SharedUserSessionId: PULONG) -> NTSTATUS; + pub fn RtlCreateBootStatusDataFile() -> NTSTATUS; + pub fn RtlLockBootStatusData(FileHandle: PHANDLE) -> NTSTATUS; + pub fn RtlUnlockBootStatusData(FileHandle: HANDLE) -> NTSTATUS; + pub fn RtlGetSetBootStatusData( + FileHandle: HANDLE, + Read: BOOLEAN, + DataClass: RTL_BSD_ITEM_TYPE, + Buffer: PVOID, + BufferSize: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn RtlCheckBootStatusIntegrity(FileHandle: HANDLE, Verified: PBOOLEAN) -> NTSTATUS; + pub fn RtlRestoreBootStatusDefaults(FileHandle: HANDLE) -> NTSTATUS; + pub fn RtlRestoreSystemBootStatusDefaults() -> NTSTATUS; + pub fn RtlGetSystemBootStatus( + BootStatusInformationClass: RTL_BSD_ITEM_TYPE, + DataBuffer: PVOID, + DataLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn RtlSetSystemBootStatus( + BootStatusInformationClass: RTL_BSD_ITEM_TYPE, + DataBuffer: PVOID, + DataLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn RtlCheckPortableOperatingSystem(IsPortable: PBOOLEAN) -> NTSTATUS; + pub fn RtlSetPortableOperatingSystem(IsPortable: BOOLEAN) -> NTSTATUS; + pub fn RtlSetProxiedProcessId(ProxiedProcessId: ULONG) -> ULONG; + pub fn RtlFindClosestEncodableLength( + SourceLength: ULONGLONG, + TargetLength: PULONGLONG, + ) -> NTSTATUS; + pub fn RtlRegisterSecureMemoryCacheCallback( + Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK, + ) -> NTSTATUS; + pub fn RtlDeregisterSecureMemoryCacheCallback( + Callback: PRTL_SECURE_MEMORY_CACHE_CALLBACK, + ) -> NTSTATUS; + pub fn RtlFlushSecureMemoryCache(MemoryCache: PVOID, MemoryLength: SIZE_T) -> BOOLEAN; + pub fn RtlNotifyFeatureUsage(FeatureUsageReport: PRTL_FEATURE_USAGE_REPORT) -> NTSTATUS; + pub fn RtlQueryFeatureConfiguration( + FeatureId: ULONG, + FeatureType: RTL_FEATURE_CONFIGURATION_TYPE, + ChangeStamp: PULONGLONG, + FeatureConfiguration: PRTL_FEATURE_CONFIGURATION, + ) -> NTSTATUS; + pub fn RtlSetFeatureConfigurations( + ChangeStamp: PULONGLONG, + FeatureType: RTL_FEATURE_CONFIGURATION_TYPE, + FeatureConfiguration: PRTL_FEATURE_CONFIGURATION, + FeatureConfigurationCount: ULONG, + ) -> NTSTATUS; + pub fn RtlQueryAllFeatureConfigurations( + FeatureType: RTL_FEATURE_CONFIGURATION_TYPE, + ChangeStamp: PULONGLONG, + FeatureConfigurations: PRTL_FEATURE_CONFIGURATION, + FeatureConfigurationCount: PULONG, + ) -> NTSTATUS; + pub fn RtlQueryFeatureConfigurationChangeStamp() -> ULONGLONG; + pub fn RtlQueryFeatureUsageNotificationSubscriptions( + FeatureConfiguration: PRTL_FEATURE_CONFIGURATION, + FeatureConfigurationCount: PULONG, + ) -> NTSTATUS; + pub fn RtlRegisterFeatureConfigurationChangeNotification( + Callback: PRTL_FEATURE_CONFIGURATION_CHANGE_NOTIFICATION, + Context: PVOID, + ChangeStamp: PULONGLONG, + NotificationHandle: PHANDLE, + ) -> NTSTATUS; + pub fn RtlUnregisterFeatureConfigurationChangeNotification( + NotificationHandle: HANDLE, + ) -> NTSTATUS; + pub fn RtlSubscribeForFeatureUsageNotification( + FeatureConfiguration: PRTL_FEATURE_CONFIGURATION, + FeatureConfigurationCount: ULONG, + ) -> NTSTATUS; + pub fn RtlUnsubscribeFromFeatureUsageNotifications( + FeatureConfiguration: PRTL_FEATURE_CONFIGURATION, + FeatureConfigurationCount: ULONG, + ) -> NTSTATUS; + pub fn RtlRunOnceInitialize(RunOnce: PRTL_RUN_ONCE); + pub fn RtlRunOnceExecuteOnce( + RunOnce: PRTL_RUN_ONCE, + InitFn: PRTL_RUN_ONCE_INIT_FN, + Parameter: PVOID, + Context: *mut PVOID, + ) -> NTSTATUS; + pub fn RtlRunOnceBeginInitialize( + RunOnce: PRTL_RUN_ONCE, + Flags: ULONG, + Context: *mut PVOID, + ) -> NTSTATUS; + pub fn RtlRunOnceComplete(RunOnce: PRTL_RUN_ONCE, Flags: ULONG, Context: PVOID) -> NTSTATUS; + pub fn RtlEqualWnfChangeStamps( + ChangeStamp1: WNF_CHANGE_STAMP, + ChangeStamp2: WNF_CHANGE_STAMP, + ) -> BOOLEAN; + pub fn RtlQueryWnfStateData( + ChangeStamp: PWNF_CHANGE_STAMP, + StateName: WNF_STATE_NAME, + Callback: PWNF_USER_CALLBACK, + CallbackContext: PVOID, + TypeId: PWNF_TYPE_ID, + ) -> NTSTATUS; + pub fn RtlPublishWnfStateData( + StateName: WNF_STATE_NAME, + TypeId: PCWNF_TYPE_ID, + Buffer: *const cty::c_void, + Length: ULONG, + ExplicitScope: *const cty::c_void, + ) -> NTSTATUS; + pub fn RtlSubscribeWnfStateChangeNotification( + SubscriptionHandle: *mut PVOID, + StateName: WNF_STATE_NAME, + ChangeStamp: WNF_CHANGE_STAMP, + Callback: PWNF_USER_CALLBACK, + CallbackContext: PVOID, + TypeId: PCWNF_TYPE_ID, + SerializationGroup: ULONG, + Flags: ULONG, + ) -> NTSTATUS; + pub fn RtlUnsubscribeWnfStateChangeNotification(Callback: PWNF_USER_CALLBACK) -> NTSTATUS; + pub fn NtCopyFileChunk( + SourceHandle: HANDLE, + DestinationHandle: HANDLE, + EventHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Length: ULONG, + SourceOffset: PLARGE_INTEGER, + DestOffset: PLARGE_INTEGER, + SourceKey: PULONG, + DestKey: PULONG, + Flags: ULONG, + ) -> NTSTATUS; + pub fn RtlQueryPropertyStore(Key: ULONG_PTR, Context: PULONG_PTR) -> NTSTATUS; + pub fn RtlRemovePropertyStore(Key: ULONG_PTR, Context: PULONG_PTR) -> NTSTATUS; + pub fn RtlCompareExchangePropertyStore( + Key: ULONG_PTR, + Comperand: PULONG_PTR, + Exchange: PULONG_PTR, + Context: PULONG_PTR, + ) -> NTSTATUS; + pub fn RtlWow64ChangeThreadState( + ThreadStateChangeHandle: HANDLE, + ThreadHandle: HANDLE, + StateChangeType: THREAD_STATE_CHANGE_TYPE, + ExtendedInformation: PVOID, + ExtendedInformationLength: SIZE_T, + Reserved: ULONG64, + ) -> NTSTATUS; + pub fn NtCreateToken( + TokenHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Type: TOKEN_TYPE, + AuthenticationId: PLUID, + ExpirationTime: PLARGE_INTEGER, + User: PTOKEN_USER, + Groups: PTOKEN_GROUPS, + Privileges: PTOKEN_PRIVILEGES, + Owner: PTOKEN_OWNER, + PrimaryGroup: PTOKEN_PRIMARY_GROUP, + DefaultDacl: PTOKEN_DEFAULT_DACL, + Source: PTOKEN_SOURCE, + ) -> NTSTATUS; + pub fn NtCreateLowBoxToken( + TokenHandle: PHANDLE, + ExistingTokenHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + PackageSid: PSID, + CapabilityCount: ULONG, + Capabilities: PSID_AND_ATTRIBUTES, + HandleCount: ULONG, + Handles: *mut HANDLE, + ) -> NTSTATUS; + pub fn NtCreateTokenEx( + TokenHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Type: TOKEN_TYPE, + AuthenticationId: PLUID, + ExpirationTime: PLARGE_INTEGER, + User: PTOKEN_USER, + Groups: PTOKEN_GROUPS, + Privileges: PTOKEN_PRIVILEGES, + UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceGroups: PTOKEN_GROUPS, + MandatoryPolicy: PTOKEN_MANDATORY_POLICY, + Owner: PTOKEN_OWNER, + PrimaryGroup: PTOKEN_PRIMARY_GROUP, + DefaultDacl: PTOKEN_DEFAULT_DACL, + Source: PTOKEN_SOURCE, + ) -> NTSTATUS; + pub fn NtOpenProcessToken( + ProcessHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn NtOpenProcessTokenEx( + ProcessHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn NtOpenThreadToken( + ThreadHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + OpenAsSelf: BOOLEAN, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn NtOpenThreadTokenEx( + ThreadHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + OpenAsSelf: BOOLEAN, + HandleAttributes: ULONG, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn NtDuplicateToken( + ExistingTokenHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + EffectiveOnly: BOOLEAN, + Type: TOKEN_TYPE, + NewTokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn NtQueryInformationToken( + TokenHandle: HANDLE, + TokenInformationClass: TOKEN_INFORMATION_CLASS, + TokenInformation: PVOID, + TokenInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetInformationToken( + TokenHandle: HANDLE, + TokenInformationClass: TOKEN_INFORMATION_CLASS, + TokenInformation: PVOID, + TokenInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtAdjustPrivilegesToken( + TokenHandle: HANDLE, + DisableAllPrivileges: BOOLEAN, + NewState: PTOKEN_PRIVILEGES, + BufferLength: ULONG, + PreviousState: PTOKEN_PRIVILEGES, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtAdjustGroupsToken( + TokenHandle: HANDLE, + ResetToDefault: BOOLEAN, + NewState: PTOKEN_GROUPS, + BufferLength: ULONG, + PreviousState: PTOKEN_GROUPS, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtAdjustTokenClaimsAndDeviceGroups( + TokenHandle: HANDLE, + UserResetToDefault: BOOLEAN, + DeviceResetToDefault: BOOLEAN, + DeviceGroupsResetToDefault: BOOLEAN, + NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + NewDeviceGroupsState: PTOKEN_GROUPS, + UserBufferLength: ULONG, + PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceBufferLength: ULONG, + PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceGroupsBufferLength: ULONG, + PreviousDeviceGroups: PTOKEN_GROUPS, + UserReturnLength: PULONG, + DeviceReturnLength: PULONG, + DeviceGroupsReturnBufferLength: PULONG, + ) -> NTSTATUS; + pub fn NtFilterToken( + ExistingTokenHandle: HANDLE, + Flags: ULONG, + SidsToDisable: PTOKEN_GROUPS, + PrivilegesToDelete: PTOKEN_PRIVILEGES, + RestrictedSids: PTOKEN_GROUPS, + NewTokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn NtFilterTokenEx( + ExistingTokenHandle: HANDLE, + Flags: ULONG, + SidsToDisable: PTOKEN_GROUPS, + PrivilegesToDelete: PTOKEN_PRIVILEGES, + RestrictedSids: PTOKEN_GROUPS, + DisableUserClaimsCount: ULONG, + UserClaimsToDisable: PUNICODE_STRING, + DisableDeviceClaimsCount: ULONG, + DeviceClaimsToDisable: PUNICODE_STRING, + DeviceGroupsToDisable: PTOKEN_GROUPS, + RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + RestrictedDeviceGroups: PTOKEN_GROUPS, + NewTokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn NtCompareTokens( + FirstTokenHandle: HANDLE, + SecondTokenHandle: HANDLE, + Equal: PBOOLEAN, + ) -> NTSTATUS; + pub fn NtPrivilegeCheck( + ClientToken: HANDLE, + RequiredPrivileges: PPRIVILEGE_SET, + Result: PBOOLEAN, + ) -> NTSTATUS; + pub fn NtImpersonateAnonymousToken(ThreadHandle: HANDLE) -> NTSTATUS; + pub fn NtQuerySecurityAttributesToken( + TokenHandle: HANDLE, + Attributes: PUNICODE_STRING, + NumberOfAttributes: ULONG, + Buffer: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtAccessCheck( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + GenericMapping: PGENERIC_MAPPING, + PrivilegeSet: PPRIVILEGE_SET, + PrivilegeSetLength: PULONG, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + ) -> NTSTATUS; + pub fn NtAccessCheckByType( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + PrivilegeSet: PPRIVILEGE_SET, + PrivilegeSetLength: PULONG, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + ) -> NTSTATUS; + pub fn NtAccessCheckByTypeResultList( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + PrivilegeSet: PPRIVILEGE_SET, + PrivilegeSetLength: PULONG, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + ) -> NTSTATUS; + pub fn NtSetCachedSigningLevel( + Flags: ULONG, + InputSigningLevel: SE_SIGNING_LEVEL, + SourceFiles: PHANDLE, + SourceFileCount: ULONG, + TargetFile: HANDLE, + ) -> NTSTATUS; + pub fn NtGetCachedSigningLevel( + File: HANDLE, + Flags: PULONG, + SigningLevel: PSE_SIGNING_LEVEL, + Thumbprint: PUCHAR, + ThumbprintSize: PULONG, + ThumbprintAlgorithm: PULONG, + ) -> NTSTATUS; + pub fn NtCompareSigningLevels( + FirstSigningLevel: SE_SIGNING_LEVEL, + SecondSigningLevel: SE_SIGNING_LEVEL, + ) -> NTSTATUS; + pub fn NtAccessCheckAndAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + DesiredAccess: ACCESS_MASK, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + pub fn NtAccessCheckByTypeAndAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + DesiredAccess: ACCESS_MASK, + AuditType: AUDIT_EVENT_TYPE, + Flags: ULONG, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + pub fn NtAccessCheckByTypeResultListAndAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + DesiredAccess: ACCESS_MASK, + AuditType: AUDIT_EVENT_TYPE, + Flags: ULONG, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + pub fn NtAccessCheckByTypeResultListAndAuditAlarmByHandle( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ClientToken: HANDLE, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + DesiredAccess: ACCESS_MASK, + AuditType: AUDIT_EVENT_TYPE, + Flags: ULONG, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + pub fn NtOpenObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + GrantedAccess: ACCESS_MASK, + Privileges: PPRIVILEGE_SET, + ObjectCreation: BOOLEAN, + AccessGranted: BOOLEAN, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + pub fn NtPrivilegeObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + Privileges: PPRIVILEGE_SET, + AccessGranted: BOOLEAN, + ) -> NTSTATUS; + pub fn NtCloseObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + GenerateOnClose: BOOLEAN, + ) -> NTSTATUS; + pub fn NtDeleteObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + GenerateOnClose: BOOLEAN, + ) -> NTSTATUS; + pub fn NtPrivilegedServiceAuditAlarm( + SubsystemName: PUNICODE_STRING, + ServiceName: PUNICODE_STRING, + ClientToken: HANDLE, + Privileges: PPRIVILEGE_SET, + AccessGranted: BOOLEAN, + ) -> NTSTATUS; + pub fn NtCreateTransactionManager( + TmHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + LogFileName: PUNICODE_STRING, + CreateOptions: ULONG, + CommitStrength: ULONG, + ) -> NTSTATUS; + pub fn NtOpenTransactionManager( + TmHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + LogFileName: PUNICODE_STRING, + TmIdentity: LPGUID, + OpenOptions: ULONG, + ) -> NTSTATUS; + pub fn NtRenameTransactionManager( + LogFileName: PUNICODE_STRING, + ExistingTransactionManagerGuid: LPGUID, + ) -> NTSTATUS; + pub fn NtRollforwardTransactionManager( + TransactionManagerHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtRecoverTransactionManager(TransactionManagerHandle: HANDLE) -> NTSTATUS; + pub fn NtQueryInformationTransactionManager( + TransactionManagerHandle: HANDLE, + TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, + TransactionManagerInformation: PVOID, + TransactionManagerInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetInformationTransactionManager( + TmHandle: HANDLE, + TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, + TransactionManagerInformation: PVOID, + TransactionManagerInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtEnumerateTransactionObject( + RootObjectHandle: HANDLE, + QueryType: KTMOBJECT_TYPE, + ObjectCursor: PKTMOBJECT_CURSOR, + ObjectCursorLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtCreateTransaction( + TransactionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Uow: LPGUID, + TmHandle: HANDLE, + CreateOptions: ULONG, + IsolationLevel: ULONG, + IsolationFlags: ULONG, + Timeout: PLARGE_INTEGER, + Description: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn NtOpenTransaction( + TransactionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Uow: LPGUID, + TmHandle: HANDLE, + ) -> NTSTATUS; + pub fn NtQueryInformationTransaction( + TransactionHandle: HANDLE, + TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, + TransactionInformation: PVOID, + TransactionInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetInformationTransaction( + TransactionHandle: HANDLE, + TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, + TransactionInformation: PVOID, + TransactionInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtCommitTransaction(TransactionHandle: HANDLE, Wait: BOOLEAN) -> NTSTATUS; + pub fn NtRollbackTransaction(TransactionHandle: HANDLE, Wait: BOOLEAN) -> NTSTATUS; + pub fn NtCreateEnlistment( + EnlistmentHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ResourceManagerHandle: HANDLE, + TransactionHandle: HANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + CreateOptions: ULONG, + NotificationMask: NOTIFICATION_MASK, + EnlistmentKey: PVOID, + ) -> NTSTATUS; + pub fn NtOpenEnlistment( + EnlistmentHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ResourceManagerHandle: HANDLE, + EnlistmentGuid: LPGUID, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtQueryInformationEnlistment( + EnlistmentHandle: HANDLE, + EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, + EnlistmentInformation: PVOID, + EnlistmentInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetInformationEnlistment( + EnlistmentHandle: HANDLE, + EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, + EnlistmentInformation: PVOID, + EnlistmentInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtRecoverEnlistment(EnlistmentHandle: HANDLE, EnlistmentKey: PVOID) -> NTSTATUS; + pub fn NtPrePrepareEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtPrepareEnlistment(EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER) + -> NTSTATUS; + pub fn NtCommitEnlistment(EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER) -> NTSTATUS; + pub fn NtRollbackEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtPrePrepareComplete( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtPrepareComplete(EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER) -> NTSTATUS; + pub fn NtCommitComplete(EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER) -> NTSTATUS; + pub fn NtReadOnlyEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtRollbackComplete(EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER) -> NTSTATUS; + pub fn NtSinglePhaseReject(EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER) + -> NTSTATUS; + pub fn NtCreateResourceManager( + ResourceManagerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + TmHandle: HANDLE, + RmGuid: LPGUID, + ObjectAttributes: POBJECT_ATTRIBUTES, + CreateOptions: ULONG, + Description: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn NtOpenResourceManager( + ResourceManagerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + TmHandle: HANDLE, + ResourceManagerGuid: LPGUID, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn NtRecoverResourceManager(ResourceManagerHandle: HANDLE) -> NTSTATUS; + pub fn NtGetNotificationResourceManager( + ResourceManagerHandle: HANDLE, + TransactionNotification: PTRANSACTION_NOTIFICATION, + NotificationLength: ULONG, + Timeout: PLARGE_INTEGER, + ReturnLength: PULONG, + Asynchronous: ULONG, + AsynchronousContext: ULONG_PTR, + ) -> NTSTATUS; + pub fn NtQueryInformationResourceManager( + ResourceManagerHandle: HANDLE, + ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, + ResourceManagerInformation: PVOID, + ResourceManagerInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn NtSetInformationResourceManager( + ResourceManagerHandle: HANDLE, + ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, + ResourceManagerInformation: PVOID, + ResourceManagerInformationLength: ULONG, + ) -> NTSTATUS; + pub fn NtRegisterProtocolAddressInformation( + ResourceManager: HANDLE, + ProtocolId: PCRM_PROTOCOL_ID, + ProtocolInformationSize: ULONG, + ProtocolInformation: PVOID, + CreateOptions: ULONG, + ) -> NTSTATUS; + pub fn NtPropagationComplete( + ResourceManagerHandle: HANDLE, + RequestCookie: ULONG, + BufferLength: ULONG, + Buffer: PVOID, + ) -> NTSTATUS; + pub fn NtPropagationFailed( + ResourceManagerHandle: HANDLE, + RequestCookie: ULONG, + PropStatus: NTSTATUS, + ) -> NTSTATUS; + pub fn NtFreezeTransactions( + FreezeTimeout: PLARGE_INTEGER, + ThawTimeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn NtThawTransactions() -> NTSTATUS; + pub fn TpAllocPool(PoolReturn: *mut PTP_POOL, Reserved: PVOID) -> NTSTATUS; + pub fn TpReleasePool(Pool: PTP_POOL); + pub fn TpSetPoolMaxThreads(Pool: PTP_POOL, MaxThreads: ULONG); + pub fn TpSetPoolMinThreads(Pool: PTP_POOL, MinThreads: ULONG) -> NTSTATUS; + pub fn TpQueryPoolStackInformation( + Pool: PTP_POOL, + PoolStackInformation: PTP_POOL_STACK_INFORMATION, + ) -> NTSTATUS; + pub fn TpSetPoolStackInformation( + Pool: PTP_POOL, + PoolStackInformation: PTP_POOL_STACK_INFORMATION, + ) -> NTSTATUS; + pub fn TpSetPoolThreadBasePriority(Pool: PTP_POOL, BasePriority: ULONG) -> NTSTATUS; + pub fn TpAllocCleanupGroup(CleanupGroupReturn: *mut PTP_CLEANUP_GROUP) -> NTSTATUS; + pub fn TpReleaseCleanupGroup(CleanupGroup: PTP_CLEANUP_GROUP); + pub fn TpReleaseCleanupGroupMembers( + CleanupGroup: PTP_CLEANUP_GROUP, + CancelPendingCallbacks: LOGICAL, + CleanupParameter: PVOID, + ); + pub fn TpCallbackSetEventOnCompletion(Instance: PTP_CALLBACK_INSTANCE, Event: HANDLE); + pub fn TpCallbackReleaseSemaphoreOnCompletion( + Instance: PTP_CALLBACK_INSTANCE, + Semaphore: HANDLE, + ReleaseCount: ULONG, + ); + pub fn TpCallbackReleaseMutexOnCompletion(Instance: PTP_CALLBACK_INSTANCE, Mutex: HANDLE); + pub fn TpCallbackLeaveCriticalSectionOnCompletion( + Instance: PTP_CALLBACK_INSTANCE, + CriticalSection: PRTL_CRITICAL_SECTION, + ); + pub fn TpCallbackUnloadDllOnCompletion(Instance: PTP_CALLBACK_INSTANCE, DllHandle: PVOID); + pub fn TpCallbackMayRunLong(Instance: PTP_CALLBACK_INSTANCE) -> NTSTATUS; + pub fn TpDisassociateCallback(Instance: PTP_CALLBACK_INSTANCE); + pub fn TpSimpleTryPost( + Callback: PTP_SIMPLE_CALLBACK, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + pub fn TpAllocWork( + WorkReturn: *mut PTP_WORK, + Callback: PTP_WORK_CALLBACK, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + pub fn TpReleaseWork(Work: PTP_WORK); + pub fn TpPostWork(Work: PTP_WORK); + pub fn TpWaitForWork(Work: PTP_WORK, CancelPendingCallbacks: LOGICAL); + pub fn TpAllocTimer( + Timer: *mut PTP_TIMER, + Callback: PTP_TIMER_CALLBACK, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + pub fn TpReleaseTimer(Timer: PTP_TIMER); + pub fn TpSetTimer(Timer: PTP_TIMER, DueTime: PLARGE_INTEGER, Period: ULONG, WindowLength: ULONG); + pub fn TpSetTimerEx( + Timer: PTP_TIMER, + DueTime: PLARGE_INTEGER, + Period: ULONG, + WindowLength: ULONG, + ) -> NTSTATUS; + pub fn TpIsTimerSet(Timer: PTP_TIMER) -> LOGICAL; + pub fn TpWaitForTimer(Timer: PTP_TIMER, CancelPendingCallbacks: LOGICAL); + pub fn TpAllocWait( + WaitReturn: *mut PTP_WAIT, + Callback: PTP_WAIT_CALLBACK, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + pub fn TpReleaseWait(Wait: PTP_WAIT); + pub fn TpSetWait(Wait: PTP_WAIT, Handle: HANDLE, Timeout: PLARGE_INTEGER); + pub fn TpSetWaitEx( + Wait: PTP_WAIT, + Handle: HANDLE, + Timeout: PLARGE_INTEGER, + Reserved: PVOID, + ) -> NTSTATUS; + pub fn TpWaitForWait(Wait: PTP_WAIT, CancelPendingCallbacks: LOGICAL); + pub fn TpAllocIoCompletion( + IoReturn: *mut PTP_IO, + File: HANDLE, + Callback: PTP_IO_CALLBACK, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + pub fn TpReleaseIoCompletion(Io: PTP_IO); + pub fn TpStartAsyncIoOperation(Io: PTP_IO); + pub fn TpCancelAsyncIoOperation(Io: PTP_IO); + pub fn TpWaitForIoCompletion(Io: PTP_IO, CancelPendingCallbacks: LOGICAL); + pub fn TpAllocAlpcCompletion( + AlpcReturn: *mut PTP_ALPC, + AlpcPort: HANDLE, + Callback: PTP_ALPC_CALLBACK, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + pub fn TpAllocAlpcCompletionEx( + AlpcReturn: *mut PTP_ALPC, + AlpcPort: HANDLE, + Callback: PTP_ALPC_CALLBACK_EX, + Context: PVOID, + CallbackEnviron: PTP_CALLBACK_ENVIRON, + ) -> NTSTATUS; + pub fn TpReleaseAlpcCompletion(Alpc: PTP_ALPC); + pub fn TpWaitForAlpcCompletion(Alpc: PTP_ALPC); + pub fn TpCaptureCaller(Type: TP_TRACE_TYPE); + pub fn TpCheckTerminateWorker(Thread: HANDLE); + pub fn RtlDispatchException( + ExceptionRecord: PEXCEPTION_RECORD, + ContextRecord: PCONTEXT, + ) -> BOOLEAN; + pub fn RtlRaiseStatus(Status: NTSTATUS) -> !; + pub fn RtlRaiseException(ExceptionRecord: PEXCEPTION_RECORD); + pub fn RtlRaiseExceptionForReturnAddressHijack(); + pub fn RtlRaiseNoncontinuableException( + ExceptionRecord: PEXCEPTION_RECORD, + ContextRecord: PCONTEXT, + ) -> !; + pub fn NtContinue(ContextRecord: PCONTEXT, TestAlert: BOOLEAN) -> NTSTATUS; + pub fn NtContinueEx(ContextRecord: PCONTEXT, ContinueArgument: PVOID) -> NTSTATUS; + pub fn NtRaiseException( + ExceptionRecord: PEXCEPTION_RECORD, + ContextRecord: PCONTEXT, + FirstChance: BOOLEAN, + ) -> NTSTATUS; + pub fn RtlAssert( + VoidFailedAssertion: PVOID, + VoidFileName: PVOID, + LineNumber: ULONG, + MutableMessage: PSTR, + ) -> !; + pub fn UStr32ToUStr(Destination: PUNICODE_STRING, Source: PUNICODE_STRING32); + pub fn UStrToUStr32(Destination: PUNICODE_STRING32, Source: PUNICODE_STRING); + pub fn Wow64CurrentGuestTeb() -> *mut TEB32; + pub fn Wow64CurrentNativeTeb() -> *mut cty::c_void; + pub fn SamFreeMemory(Buffer: PVOID) -> NTSTATUS; + pub fn SamCloseHandle(SamHandle: SAM_HANDLE) -> NTSTATUS; + pub fn SamSetSecurityObject( + ObjectHandle: SAM_HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn SamQuerySecurityObject( + ObjectHandle: SAM_HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: *mut PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn SamRidToSid(ObjectHandle: SAM_HANDLE, Rid: ULONG, Sid: *mut PSID) -> NTSTATUS; + pub fn SamConnect( + ServerName: PUNICODE_STRING, + ServerHandle: PSAM_HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn SamConnectWithCreds( + ServerName: PUNICODE_STRING, + ServerHandle: PSAM_HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Creds: PRPC_AUTH_IDENTITY_HANDLE, + Spn: PWCHAR, + pfDstIsW2K: *mut BOOL, + ) -> NTSTATUS; + pub fn SamShutdownSamServer(ServerHandle: SAM_HANDLE) -> NTSTATUS; + pub fn SamLookupDomainInSamServer( + ServerHandle: SAM_HANDLE, + Name: PUNICODE_STRING, + DomainId: *mut PSID, + ) -> NTSTATUS; + pub fn SamEnumerateDomainsInSamServer( + ServerHandle: SAM_HANDLE, + EnumerationContext: PSAM_ENUMERATE_HANDLE, + Buffer: *mut PVOID, + PreferedMaximumLength: ULONG, + CountReturned: PULONG, + ) -> NTSTATUS; + pub fn SamOpenDomain( + ServerHandle: SAM_HANDLE, + DesiredAccess: ACCESS_MASK, + DomainId: PSID, + DomainHandle: PSAM_HANDLE, + ) -> NTSTATUS; + pub fn SamQueryInformationDomain( + DomainHandle: SAM_HANDLE, + DomainInformationClass: DOMAIN_INFORMATION_CLASS, + Buffer: *mut PVOID, + ) -> NTSTATUS; + pub fn SamSetInformationDomain( + DomainHandle: SAM_HANDLE, + DomainInformationClass: DOMAIN_INFORMATION_CLASS, + DomainInformation: PVOID, + ) -> NTSTATUS; + pub fn SamLookupNamesInDomain( + DomainHandle: SAM_HANDLE, + Count: ULONG, + Names: PUNICODE_STRING, + RelativeIds: *mut PULONG, + Use: *mut PSID_NAME_USE, + ) -> NTSTATUS; + pub fn SamLookupNamesInDomain2( + DomainHandle: SAM_HANDLE, + Count: ULONG, + Names: PUNICODE_STRING, + Sids: *mut PSID, + Use: *mut PSID_NAME_USE, + ) -> NTSTATUS; + pub fn SamLookupIdsInDomain( + DomainHandle: SAM_HANDLE, + Count: ULONG, + RelativeIds: PULONG, + Names: *mut PUNICODE_STRING, + Use: *mut PSID_NAME_USE, + ) -> NTSTATUS; + pub fn SamRemoveMemberFromForeignDomain(DomainHandle: SAM_HANDLE, MemberId: PSID) -> NTSTATUS; + pub fn SamQueryLocalizableAccountsInDomain( + Domain: SAM_HANDLE, + Flags: ULONG, + LanguageId: ULONG, + Class: DOMAIN_LOCALIZABLE_ACCOUNTS_INFORMATION, + Buffer: *mut PVOID, + ) -> NTSTATUS; + pub fn SamEnumerateGroupsInDomain( + DomainHandle: SAM_HANDLE, + EnumerationContext: PSAM_ENUMERATE_HANDLE, + Buffer: *mut PVOID, + PreferedMaximumLength: ULONG, + CountReturned: PULONG, + ) -> NTSTATUS; + pub fn SamCreateGroupInDomain( + DomainHandle: SAM_HANDLE, + AccountName: PUNICODE_STRING, + DesiredAccess: ACCESS_MASK, + GroupHandle: PSAM_HANDLE, + RelativeId: PULONG, + ) -> NTSTATUS; + pub fn SamOpenGroup( + DomainHandle: SAM_HANDLE, + DesiredAccess: ACCESS_MASK, + GroupId: ULONG, + GroupHandle: PSAM_HANDLE, + ) -> NTSTATUS; + pub fn SamDeleteGroup(GroupHandle: SAM_HANDLE) -> NTSTATUS; + pub fn SamQueryInformationGroup( + GroupHandle: SAM_HANDLE, + GroupInformationClass: GROUP_INFORMATION_CLASS, + Buffer: *mut PVOID, + ) -> NTSTATUS; + pub fn SamSetInformationGroup( + GroupHandle: SAM_HANDLE, + GroupInformationClass: GROUP_INFORMATION_CLASS, + Buffer: PVOID, + ) -> NTSTATUS; + pub fn SamAddMemberToGroup( + GroupHandle: SAM_HANDLE, + MemberId: ULONG, + Attributes: ULONG, + ) -> NTSTATUS; + pub fn SamRemoveMemberFromGroup(GroupHandle: SAM_HANDLE, MemberId: ULONG) -> NTSTATUS; + pub fn SamGetMembersInGroup( + GroupHandle: SAM_HANDLE, + MemberIds: *mut PULONG, + Attributes: *mut PULONG, + MemberCount: PULONG, + ) -> NTSTATUS; + pub fn SamSetMemberAttributesOfGroup( + GroupHandle: SAM_HANDLE, + MemberId: ULONG, + Attributes: ULONG, + ) -> NTSTATUS; + pub fn SamEnumerateAliasesInDomain( + DomainHandle: SAM_HANDLE, + EnumerationContext: PSAM_ENUMERATE_HANDLE, + Buffer: *mut PVOID, + PreferedMaximumLength: ULONG, + CountReturned: PULONG, + ) -> NTSTATUS; + pub fn SamCreateAliasInDomain( + DomainHandle: SAM_HANDLE, + AccountName: PUNICODE_STRING, + DesiredAccess: ACCESS_MASK, + AliasHandle: PSAM_HANDLE, + RelativeId: PULONG, + ) -> NTSTATUS; + pub fn SamOpenAlias( + DomainHandle: SAM_HANDLE, + DesiredAccess: ACCESS_MASK, + AliasId: ULONG, + AliasHandle: PSAM_HANDLE, + ) -> NTSTATUS; + pub fn SamDeleteAlias(AliasHandle: SAM_HANDLE) -> NTSTATUS; + pub fn SamQueryInformationAlias( + AliasHandle: SAM_HANDLE, + AliasInformationClass: ALIAS_INFORMATION_CLASS, + Buffer: *mut PVOID, + ) -> NTSTATUS; + pub fn SamSetInformationAlias( + AliasHandle: SAM_HANDLE, + AliasInformationClass: ALIAS_INFORMATION_CLASS, + Buffer: PVOID, + ) -> NTSTATUS; + pub fn SamAddMemberToAlias(AliasHandle: SAM_HANDLE, MemberId: PSID) -> NTSTATUS; + pub fn SamAddMultipleMembersToAlias( + AliasHandle: SAM_HANDLE, + MemberIds: *mut PSID, + MemberCount: ULONG, + ) -> NTSTATUS; + pub fn SamRemoveMemberFromAlias(AliasHandle: SAM_HANDLE, MemberId: PSID) -> NTSTATUS; + pub fn SamRemoveMultipleMembersFromAlias( + AliasHandle: SAM_HANDLE, + MemberIds: *mut PSID, + MemberCount: ULONG, + ) -> NTSTATUS; + pub fn SamGetMembersInAlias( + AliasHandle: SAM_HANDLE, + MemberIds: *mut *mut PSID, + MemberCount: PULONG, + ) -> NTSTATUS; + pub fn SamGetAliasMembership( + DomainHandle: SAM_HANDLE, + PassedCount: ULONG, + Sids: *mut PSID, + MembershipCount: PULONG, + Aliases: *mut PULONG, + ) -> NTSTATUS; + pub fn SamEnumerateUsersInDomain( + DomainHandle: SAM_HANDLE, + EnumerationContext: PSAM_ENUMERATE_HANDLE, + UserAccountControl: ULONG, + Buffer: *mut PVOID, + PreferedMaximumLength: ULONG, + CountReturned: PULONG, + ) -> NTSTATUS; + pub fn SamCreateUserInDomain( + DomainHandle: SAM_HANDLE, + AccountName: PUNICODE_STRING, + DesiredAccess: ACCESS_MASK, + UserHandle: PSAM_HANDLE, + RelativeId: PULONG, + ) -> NTSTATUS; + pub fn SamCreateUser2InDomain( + DomainHandle: SAM_HANDLE, + AccountName: PUNICODE_STRING, + AccountType: ULONG, + DesiredAccess: ACCESS_MASK, + UserHandle: PSAM_HANDLE, + GrantedAccess: PULONG, + RelativeId: PULONG, + ) -> NTSTATUS; + pub fn SamOpenUser( + DomainHandle: SAM_HANDLE, + DesiredAccess: ACCESS_MASK, + UserId: ULONG, + UserHandle: PSAM_HANDLE, + ) -> NTSTATUS; + pub fn SamDeleteUser(UserHandle: SAM_HANDLE) -> NTSTATUS; + pub fn SamQueryInformationUser( + UserHandle: SAM_HANDLE, + UserInformationClass: USER_INFORMATION_CLASS, + Buffer: *mut PVOID, + ) -> NTSTATUS; + pub fn SamSetInformationUser( + UserHandle: SAM_HANDLE, + UserInformationClass: USER_INFORMATION_CLASS, + Buffer: PVOID, + ) -> NTSTATUS; + pub fn SamGetGroupsForUser( + UserHandle: SAM_HANDLE, + Groups: *mut PGROUP_MEMBERSHIP, + MembershipCount: PULONG, + ) -> NTSTATUS; + pub fn SamChangePasswordUser( + UserHandle: SAM_HANDLE, + OldPassword: PUNICODE_STRING, + NewPassword: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn SamChangePasswordUser2( + ServerName: PUNICODE_STRING, + UserName: PUNICODE_STRING, + OldPassword: PUNICODE_STRING, + NewPassword: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn SamChangePasswordUser3( + ServerName: PUNICODE_STRING, + UserName: PUNICODE_STRING, + OldPassword: PUNICODE_STRING, + NewPassword: PUNICODE_STRING, + EffectivePasswordPolicy: *mut PDOMAIN_PASSWORD_INFORMATION, + PasswordChangeFailureInfo: *mut PUSER_PWD_CHANGE_FAILURE_INFORMATION, + ) -> NTSTATUS; + pub fn SamQueryDisplayInformation( + DomainHandle: SAM_HANDLE, + DisplayInformation: DOMAIN_DISPLAY_INFORMATION, + Index: ULONG, + EntryCount: ULONG, + PreferredMaximumLength: ULONG, + TotalAvailable: PULONG, + TotalReturned: PULONG, + ReturnedEntryCount: PULONG, + SortedBuffer: *mut PVOID, + ) -> NTSTATUS; + pub fn SamGetDisplayEnumerationIndex( + DomainHandle: SAM_HANDLE, + DisplayInformation: DOMAIN_DISPLAY_INFORMATION, + Prefix: PUNICODE_STRING, + Index: PULONG, + ) -> NTSTATUS; + pub fn SamRegisterObjectChangeNotification( + ObjectType: SECURITY_DB_OBJECT_TYPE, + NotificationEventHandle: HANDLE, + ) -> NTSTATUS; + pub fn SamUnregisterObjectChangeNotification( + ObjectType: SECURITY_DB_OBJECT_TYPE, + NotificationEventHandle: HANDLE, + ) -> NTSTATUS; + pub fn SamGetCompatibilityMode(ObjectHandle: SAM_HANDLE, Mode: *mut ULONG) -> NTSTATUS; + pub fn SamValidatePassword( + ServerName: PUNICODE_STRING, + ValidationType: PASSWORD_POLICY_VALIDATION_TYPE, + InputArg: PSAM_VALIDATE_INPUT_ARG, + OutputArg: *mut PSAM_VALIDATE_OUTPUT_ARG, + ) -> NTSTATUS; + pub fn SamPerformGenericOperation( + ServerName: PWSTR, + OperationType: SAM_GENERIC_OPERATION_TYPE, + OperationIn: PSAM_GENERIC_OPERATION_INPUT, + OperationOut: *mut PSAM_GENERIC_OPERATION_OUTPUT, + ) -> NTSTATUS; + pub fn NtVdmControl(Service: VDMSERVICECLASS, ServiceData: PVOID) -> NTSTATUS; + pub fn NtTraceEvent( + TraceHandle: HANDLE, + Flags: ULONG, + FieldSize: ULONG, + Fields: PVOID, + ) -> NTSTATUS; + pub fn NtTraceControl( + TraceControlCode: ETWTRACECONTROLCODE, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn EtwSetMark( + TraceHandle: TRACEHANDLE, + MarkInfo: PETW_SET_MARK_INFORMATION, + Size: ULONG, + ) -> ULONG; + pub fn EtwEventWriteFull( + RegHandle: REGHANDLE, + EventDescriptor: PCEVENT_DESCRIPTOR, + EventProperty: USHORT, + ActivityId: LPCGUID, + RelatedActivityId: LPCGUID, + UserDataCount: ULONG, + UserData: PEVENT_DATA_DESCRIPTOR, + ) -> ULONG; + pub fn EtwEventUnregister(RegHandle: REGHANDLE) -> ULONG; + pub fn EtwEventSetInformation( + RegHandle: REGHANDLE, + InformationClass: EVENT_INFO_CLASS, + EventInformation: PVOID, + InformationLength: ULONG, + ) -> ULONG; + pub fn EtwRegisterSecurityProvider() -> ULONG; + pub fn EtwEventProviderEnabled( + RegHandle: REGHANDLE, + Level: UCHAR, + Keyword: ULONGLONG, + ) -> BOOLEAN; + pub fn EtwEventEnabled(RegHandle: REGHANDLE, EventDescriptor: PCEVENT_DESCRIPTOR) -> BOOLEAN; + pub fn EtwEventWrite( + RegHandle: REGHANDLE, + EventDescriptor: PCEVENT_DESCRIPTOR, + UserDataCount: ULONG, + UserData: PEVENT_DATA_DESCRIPTOR, + ) -> ULONG; + pub fn EtwEventWriteTransfer( + RegHandle: REGHANDLE, + EventDescriptor: PCEVENT_DESCRIPTOR, + ActivityId: LPCGUID, + RelatedActivityId: LPCGUID, + UserDataCount: ULONG, + UserData: PEVENT_DATA_DESCRIPTOR, + ) -> ULONG; + pub fn EtwEventWriteString( + RegHandle: REGHANDLE, + Level: UCHAR, + Keyword: ULONGLONG, + String: PCWSTR, + ) -> ULONG; + pub fn EtwEventWriteEx( + RegHandle: REGHANDLE, + EventDescriptor: PCEVENT_DESCRIPTOR, + Filter: ULONG64, + Flags: ULONG, + ActivityId: LPCGUID, + RelatedActivityId: LPCGUID, + UserDataCount: ULONG, + UserData: PEVENT_DATA_DESCRIPTOR, + ) -> ULONG; + pub fn EtwEventWriteStartScenario( + RegHandle: REGHANDLE, + EventDescriptor: PCEVENT_DESCRIPTOR, + UserDataCount: ULONG, + UserData: PEVENT_DATA_DESCRIPTOR, + ) -> ULONG; + pub fn EtwEventWriteEndScenario( + RegHandle: REGHANDLE, + EventDescriptor: PCEVENT_DESCRIPTOR, + UserDataCount: ULONG, + UserData: PEVENT_DATA_DESCRIPTOR, + ) -> ULONG; + pub fn EtwWriteUMSecurityEvent( + EventDescriptor: PCEVENT_DESCRIPTOR, + EventProperty: USHORT, + UserDataCount: ULONG, + UserData: PEVENT_DATA_DESCRIPTOR, + ) -> ULONG; + pub fn EtwEventWriteNoRegistration( + ProviderId: LPCGUID, + EventDescriptor: PCEVENT_DESCRIPTOR, + UserDataCount: ULONG, + UserData: PEVENT_DATA_DESCRIPTOR, + ) -> ULONG; + pub fn EtwEventActivityIdControl(ControlCode: ULONG, ActivityId: LPGUID) -> ULONG; + pub fn EtwNotificationRegister( + Guid: LPCGUID, + Type: ULONG, + Callback: PETW_NOTIFICATION_CALLBACK, + Context: PVOID, + RegHandle: PREGHANDLE, + ) -> ULONG; + pub fn EtwNotificationUnregister(RegHandle: REGHANDLE, Context: *mut PVOID) -> ULONG; + pub fn EtwSendNotification( + DataBlock: PETW_NOTIFICATION_HEADER, + ReceiveDataBlockSize: ULONG, + ReceiveDataBlock: PVOID, + ReplyReceived: PULONG, + ReplySizeNeeded: PULONG, + ) -> ULONG; + pub fn EtwReplyNotification(Notification: PETW_NOTIFICATION_HEADER) -> ULONG; + pub fn EtwEnumerateProcessRegGuids( + OutBuffer: PVOID, + OutBufferSize: ULONG, + ReturnLength: PULONG, + ) -> ULONG; + pub fn EtwQueryRealtimeConsumer( + TraceHandle: TRACEHANDLE, + EventsLostCount: PULONG, + BuffersLostCount: PULONG, + ) -> ULONG; + pub fn EtwCheckCoverage(CoveragePoint: PTELEMETRY_COVERAGE_POINT) -> BOOLEAN; + pub fn ZwAcceptConnectPort( + PortHandle: PHANDLE, + PortContext: PVOID, + ConnectionRequest: PPORT_MESSAGE, + AcceptConnection: BOOLEAN, + ServerView: PPORT_VIEW, + ClientView: PREMOTE_PORT_VIEW, + ) -> NTSTATUS; + pub fn ZwAccessCheck( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + GenericMapping: PGENERIC_MAPPING, + PrivilegeSet: PPRIVILEGE_SET, + PrivilegeSetLength: PULONG, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + ) -> NTSTATUS; + pub fn ZwAccessCheckAndAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + DesiredAccess: ACCESS_MASK, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + pub fn ZwAccessCheckByType( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + PrivilegeSet: PPRIVILEGE_SET, + PrivilegeSetLength: PULONG, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + ) -> NTSTATUS; + pub fn ZwAccessCheckByTypeAndAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + DesiredAccess: ACCESS_MASK, + AuditType: AUDIT_EVENT_TYPE, + Flags: ULONG, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + pub fn ZwAccessCheckByTypeResultList( + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + PrivilegeSet: PPRIVILEGE_SET, + PrivilegeSetLength: PULONG, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + ) -> NTSTATUS; + pub fn ZwAccessCheckByTypeResultListAndAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + DesiredAccess: ACCESS_MASK, + AuditType: AUDIT_EVENT_TYPE, + Flags: ULONG, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + pub fn ZwAccessCheckByTypeResultListAndAuditAlarmByHandle( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ClientToken: HANDLE, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + PrincipalSelfSid: PSID, + DesiredAccess: ACCESS_MASK, + AuditType: AUDIT_EVENT_TYPE, + Flags: ULONG, + ObjectTypeList: POBJECT_TYPE_LIST, + ObjectTypeListLength: ULONG, + GenericMapping: PGENERIC_MAPPING, + ObjectCreation: BOOLEAN, + GrantedAccess: PACCESS_MASK, + AccessStatus: PNTSTATUS, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + pub fn ZwAcquireCMFViewOwnership( + TimeStamp: PULONGLONG, + tokenTaken: PBOOLEAN, + replaceExisting: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwAddAtom(AtomName: PWSTR, Length: ULONG, Atom: PRTL_ATOM) -> NTSTATUS; + pub fn ZwAddAtomEx(AtomName: PWSTR, Length: ULONG, Atom: PRTL_ATOM, Flags: ULONG) -> NTSTATUS; + pub fn ZwAddBootEntry(BootEntry: PBOOT_ENTRY, Id: PULONG) -> NTSTATUS; + pub fn ZwAddDriverEntry(DriverEntry: PEFI_DRIVER_ENTRY, Id: PULONG) -> NTSTATUS; + pub fn ZwAdjustGroupsToken( + TokenHandle: HANDLE, + ResetToDefault: BOOLEAN, + NewState: PTOKEN_GROUPS, + BufferLength: ULONG, + PreviousState: PTOKEN_GROUPS, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwAdjustPrivilegesToken( + TokenHandle: HANDLE, + DisableAllPrivileges: BOOLEAN, + NewState: PTOKEN_PRIVILEGES, + BufferLength: ULONG, + PreviousState: PTOKEN_PRIVILEGES, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwAdjustTokenClaimsAndDeviceGroups( + TokenHandle: HANDLE, + UserResetToDefault: BOOLEAN, + DeviceResetToDefault: BOOLEAN, + DeviceGroupsResetToDefault: BOOLEAN, + NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + NewDeviceGroupsState: PTOKEN_GROUPS, + UserBufferLength: ULONG, + PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceBufferLength: ULONG, + PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceGroupsBufferLength: ULONG, + PreviousDeviceGroups: PTOKEN_GROUPS, + UserReturnLength: PULONG, + DeviceReturnLength: PULONG, + DeviceGroupsReturnBufferLength: PULONG, + ) -> NTSTATUS; + pub fn ZwAlertResumeThread(ThreadHandle: HANDLE, PreviousSuspendCount: PULONG) -> NTSTATUS; + pub fn ZwAlertThread(ThreadHandle: HANDLE) -> NTSTATUS; + pub fn ZwAlertThreadByThreadId(ThreadId: HANDLE) -> NTSTATUS; + pub fn ZwAllocateLocallyUniqueId(Luid: PLUID) -> NTSTATUS; + pub fn ZwAllocateReserveObject( + MemoryReserveHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + Type: MEMORY_RESERVE_TYPE, + ) -> NTSTATUS; + pub fn ZwAllocateUserPhysicalPages( + ProcessHandle: HANDLE, + NumberOfPages: PULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + pub fn ZwAllocateUserPhysicalPagesEx( + ProcessHandle: HANDLE, + NumberOfPages: PULONG_PTR, + UserPfnArray: PULONG_PTR, + ExtendedParameters: PMEM_EXTENDED_PARAMETER, + ExtendedParameterCount: ULONG, + ) -> NTSTATUS; + pub fn ZwAllocateUuids( + Time: PULARGE_INTEGER, + Range: PULONG, + Sequence: PULONG, + Seed: PCHAR, + ) -> NTSTATUS; + pub fn ZwAllocateVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + ZeroBits: ULONG_PTR, + RegionSize: PSIZE_T, + AllocationType: ULONG, + Protect: ULONG, + ) -> NTSTATUS; + pub fn ZwAllocateVirtualMemoryEx( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + AllocationType: ULONG, + PageProtection: ULONG, + ExtendedParameters: PMEM_EXTENDED_PARAMETER, + ExtendedParameterCount: ULONG, + ) -> NTSTATUS; + pub fn ZwAlpcAcceptConnectPort( + PortHandle: PHANDLE, + ConnectionPortHandle: HANDLE, + Flags: ULONG, + ObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + PortContext: PVOID, + ConnectionRequest: PPORT_MESSAGE, + ConnectionMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + AcceptConnection: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwAlpcCancelMessage( + PortHandle: HANDLE, + Flags: ULONG, + MessageContext: PALPC_CONTEXT_ATTR, + ) -> NTSTATUS; + pub fn ZwAlpcConnectPort( + PortHandle: PHANDLE, + PortName: PUNICODE_STRING, + ObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + Flags: ULONG, + RequiredServerSid: PSID, + ConnectionMessage: PPORT_MESSAGE, + BufferLength: PSIZE_T, + OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwAlpcConnectPortEx( + PortHandle: PHANDLE, + ConnectionPortObjectAttributes: POBJECT_ATTRIBUTES, + ClientPortObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + Flags: ULONG, + ServerSecurityRequirements: PSECURITY_DESCRIPTOR, + ConnectionMessage: PPORT_MESSAGE, + BufferLength: PSIZE_T, + OutMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + InMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwAlpcCreatePort( + PortHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + PortAttributes: PALPC_PORT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwAlpcCreatePortSection( + PortHandle: HANDLE, + Flags: ULONG, + SectionHandle: HANDLE, + SectionSize: SIZE_T, + AlpcSectionHandle: PALPC_HANDLE, + ActualSectionSize: PSIZE_T, + ) -> NTSTATUS; + pub fn ZwAlpcCreateResourceReserve( + PortHandle: HANDLE, + Flags: ULONG, + MessageSize: SIZE_T, + ResourceId: PALPC_HANDLE, + ) -> NTSTATUS; + pub fn ZwAlpcCreateSectionView( + PortHandle: HANDLE, + Flags: ULONG, + ViewAttributes: PALPC_DATA_VIEW_ATTR, + ) -> NTSTATUS; + pub fn ZwAlpcCreateSecurityContext( + PortHandle: HANDLE, + Flags: ULONG, + SecurityAttribute: PALPC_SECURITY_ATTR, + ) -> NTSTATUS; + pub fn ZwAlpcDeletePortSection( + PortHandle: HANDLE, + Flags: ULONG, + SectionHandle: ALPC_HANDLE, + ) -> NTSTATUS; + pub fn ZwAlpcDeleteResourceReserve( + PortHandle: HANDLE, + Flags: ULONG, + ResourceId: ALPC_HANDLE, + ) -> NTSTATUS; + pub fn ZwAlpcDeleteSectionView(PortHandle: HANDLE, Flags: ULONG, ViewBase: PVOID) -> NTSTATUS; + pub fn ZwAlpcDeleteSecurityContext( + PortHandle: HANDLE, + Flags: ULONG, + ContextHandle: ALPC_HANDLE, + ) -> NTSTATUS; + pub fn ZwAlpcDisconnectPort(PortHandle: HANDLE, Flags: ULONG) -> NTSTATUS; + pub fn ZwAlpcImpersonateClientContainerOfPort( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + Flags: ULONG, + ) -> NTSTATUS; + pub fn ZwAlpcImpersonateClientOfPort( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + Flags: PVOID, + ) -> NTSTATUS; + pub fn ZwAlpcOpenSenderProcess( + ProcessHandle: PHANDLE, + PortHandle: HANDLE, + PortMessage: PPORT_MESSAGE, + Flags: ULONG, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwAlpcOpenSenderThread( + ThreadHandle: PHANDLE, + PortHandle: HANDLE, + PortMessage: PPORT_MESSAGE, + Flags: ULONG, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwAlpcQueryInformation( + PortHandle: HANDLE, + PortInformationClass: ALPC_PORT_INFORMATION_CLASS, + PortInformation: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwAlpcQueryInformationMessage( + PortHandle: HANDLE, + PortMessage: PPORT_MESSAGE, + MessageInformationClass: ALPC_MESSAGE_INFORMATION_CLASS, + MessageInformation: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwAlpcRevokeSecurityContext( + PortHandle: HANDLE, + Flags: ULONG, + ContextHandle: ALPC_HANDLE, + ) -> NTSTATUS; + pub fn ZwAlpcSendWaitReceivePort( + PortHandle: HANDLE, + Flags: ULONG, + SendMessageA: PPORT_MESSAGE, + SendMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + ReceiveMessage: PPORT_MESSAGE, + BufferLength: PSIZE_T, + ReceiveMessageAttributes: PALPC_MESSAGE_ATTRIBUTES, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwAlpcSetInformation( + PortHandle: HANDLE, + PortInformationClass: ALPC_PORT_INFORMATION_CLASS, + PortInformation: PVOID, + Length: ULONG, + ) -> NTSTATUS; + pub fn ZwAreMappedFilesTheSame( + File1MappedAsAnImage: PVOID, + File2MappedAsFile: PVOID, + ) -> NTSTATUS; + pub fn ZwAssignProcessToJobObject(JobHandle: HANDLE, ProcessHandle: HANDLE) -> NTSTATUS; + pub fn ZwAssociateWaitCompletionPacket( + WaitCompletionPacketHandle: HANDLE, + IoCompletionHandle: HANDLE, + TargetObjectHandle: HANDLE, + KeyContext: PVOID, + ApcContext: PVOID, + IoStatus: NTSTATUS, + IoStatusInformation: ULONG_PTR, + AlreadySignaled: PBOOLEAN, + ) -> NTSTATUS; + pub fn ZwCallbackReturn(OutputBuffer: PVOID, OutputLength: ULONG, Status: NTSTATUS) -> NTSTATUS; + pub fn ZwCallEnclave( + Routine: PENCLAVE_ROUTINE, + Reserved: PVOID, + Flags: ULONG, + RoutineParamReturn: *mut PVOID, + ) -> NTSTATUS; + pub fn ZwCancelIoFile(FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK) -> NTSTATUS; + pub fn ZwCancelIoFileEx( + FileHandle: HANDLE, + IoRequestToCancel: PIO_STATUS_BLOCK, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + pub fn ZwCancelSynchronousIoFile( + ThreadHandle: HANDLE, + IoRequestToCancel: PIO_STATUS_BLOCK, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + pub fn ZwCancelTimer(TimerHandle: HANDLE, CurrentState: PBOOLEAN) -> NTSTATUS; + pub fn ZwCancelTimer2(TimerHandle: HANDLE, Parameters: PT2_CANCEL_PARAMETERS) -> NTSTATUS; + pub fn ZwCancelWaitCompletionPacket( + WaitCompletionPacketHandle: HANDLE, + RemoveSignaledPacket: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwChangeProcessState( + ProcessStateChangeHandle: HANDLE, + ProcessHandle: HANDLE, + StateChangeType: PROCESS_STATE_CHANGE_TYPE, + ExtendedInformation: PVOID, + ExtendedInformationLength: SIZE_T, + Reserved: ULONG64, + ) -> NTSTATUS; + pub fn ZwChangeThreadState( + ThreadStateChangeHandle: HANDLE, + ThreadHandle: HANDLE, + StateChangeType: THREAD_STATE_CHANGE_TYPE, + ExtendedInformation: PVOID, + ExtendedInformationLength: SIZE_T, + Reserved: ULONG64, + ) -> NTSTATUS; + pub fn ZwClearEvent(EventHandle: HANDLE) -> NTSTATUS; + pub fn ZwClose(Handle: HANDLE) -> NTSTATUS; + pub fn ZwCloseObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + GenerateOnClose: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwCommitComplete(EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER) -> NTSTATUS; + pub fn ZwCommitEnlistment(EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER) -> NTSTATUS; + pub fn ZwCommitTransaction(TransactionHandle: HANDLE, Wait: BOOLEAN) -> NTSTATUS; + pub fn ZwCompactKeys(Count: ULONG, KeyArray: *mut HANDLE) -> NTSTATUS; + pub fn ZwCompareObjects(FirstObjectHandle: HANDLE, SecondObjectHandle: HANDLE) -> NTSTATUS; + pub fn ZwCompareSigningLevels( + FirstSigningLevel: SE_SIGNING_LEVEL, + SecondSigningLevel: SE_SIGNING_LEVEL, + ) -> NTSTATUS; + pub fn ZwCompareTokens( + FirstTokenHandle: HANDLE, + SecondTokenHandle: HANDLE, + Equal: PBOOLEAN, + ) -> NTSTATUS; + pub fn ZwCompleteConnectPort(PortHandle: HANDLE) -> NTSTATUS; + pub fn ZwCompressKey(KeyHandle: HANDLE) -> NTSTATUS; + pub fn ZwConnectPort( + PortHandle: PHANDLE, + PortName: PUNICODE_STRING, + SecurityQos: PSECURITY_QUALITY_OF_SERVICE, + ClientView: PPORT_VIEW, + ServerView: PREMOTE_PORT_VIEW, + MaxMessageLength: PULONG, + ConnectionInformation: PVOID, + ConnectionInformationLength: PULONG, + ) -> NTSTATUS; + pub fn ZwContinue(ContextRecord: PCONTEXT, TestAlert: BOOLEAN) -> NTSTATUS; + pub fn ZwContinueEx(ContextRecord: PCONTEXT, ContinueArgument: PVOID) -> NTSTATUS; + pub fn ZwConvertBetweenAuxiliaryCounterAndPerformanceCounter( + ConvertAuxiliaryToPerformanceCounter: BOOLEAN, + PerformanceOrAuxiliaryCounterValue: PLARGE_INTEGER, + ConvertedValue: PLARGE_INTEGER, + ConversionError: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwCopyFileChunk( + SourceHandle: HANDLE, + DestinationHandle: HANDLE, + EventHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Length: ULONG, + SourceOffset: PLARGE_INTEGER, + DestOffset: PLARGE_INTEGER, + SourceKey: PULONG, + DestKey: PULONG, + Flags: ULONG, + ) -> NTSTATUS; + pub fn ZwCreateDebugObject( + DebugObjectHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + pub fn ZwCreateDirectoryObject( + DirectoryHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwCreateDirectoryObjectEx( + DirectoryHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ShadowDirectoryHandle: HANDLE, + Flags: ULONG, + ) -> NTSTATUS; + pub fn ZwCreateEnclave( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + ZeroBits: ULONG_PTR, + Size: SIZE_T, + InitialCommitment: SIZE_T, + EnclaveType: ULONG, + EnclaveInformation: PVOID, + EnclaveInformationLength: ULONG, + EnclaveError: PULONG, + ) -> NTSTATUS; + pub fn ZwCreateEnlistment( + EnlistmentHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ResourceManagerHandle: HANDLE, + TransactionHandle: HANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + CreateOptions: ULONG, + NotificationMask: NOTIFICATION_MASK, + EnlistmentKey: PVOID, + ) -> NTSTATUS; + pub fn ZwCreateEvent( + EventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + EventType: EVENT_TYPE, + InitialState: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwCreateEventPair( + EventPairHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwCreateFile( + FileHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + AllocationSize: PLARGE_INTEGER, + FileAttributes: ULONG, + ShareAccess: ULONG, + CreateDisposition: ULONG, + CreateOptions: ULONG, + EaBuffer: PVOID, + EaLength: ULONG, + ) -> NTSTATUS; + pub fn ZwCreateIoCompletion( + IoCompletionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Count: ULONG, + ) -> NTSTATUS; + pub fn ZwCreateIoRing( + IoRingHandle: PHANDLE, + CreateParametersLength: ULONG, + CreateParameters: PVOID, + OutputParametersLength: ULONG, + OutputParameters: PVOID, + ) -> NTSTATUS; + pub fn ZwCreateIRTimer(TimerHandle: PHANDLE, DesiredAccess: ACCESS_MASK) -> NTSTATUS; + pub fn ZwCreateJobObject( + JobHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwCreateJobSet(NumJob: ULONG, UserJobSet: PJOB_SET_ARRAY, Flags: ULONG) -> NTSTATUS; + pub fn ZwCreateKey( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TitleIndex: ULONG, + Class: PUNICODE_STRING, + CreateOptions: ULONG, + Disposition: PULONG, + ) -> NTSTATUS; + pub fn ZwCreateKeyedEvent( + KeyedEventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + pub fn ZwCreateKeyTransacted( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TitleIndex: ULONG, + Class: PUNICODE_STRING, + CreateOptions: ULONG, + TransactionHandle: HANDLE, + Disposition: PULONG, + ) -> NTSTATUS; + pub fn ZwCreateLowBoxToken( + TokenHandle: PHANDLE, + ExistingTokenHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + PackageSid: PSID, + CapabilityCount: ULONG, + Capabilities: PSID_AND_ATTRIBUTES, + HandleCount: ULONG, + Handles: *mut HANDLE, + ) -> NTSTATUS; + pub fn ZwCreateMailslotFile( + FileHandle: PHANDLE, + DesiredAccess: ULONG, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + CreateOptions: ULONG, + MailslotQuota: ULONG, + MaximumMessageSize: ULONG, + ReadTimeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwCreateMutant( + MutantHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + InitialOwner: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwCreateNamedPipeFile( + FileHandle: PHANDLE, + DesiredAccess: ULONG, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + ShareAccess: ULONG, + CreateDisposition: ULONG, + CreateOptions: ULONG, + NamedPipeType: ULONG, + ReadMode: ULONG, + CompletionMode: ULONG, + MaximumInstances: ULONG, + InboundQuota: ULONG, + OutboundQuota: ULONG, + DefaultTimeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwCreatePagingFile( + PageFileName: PUNICODE_STRING, + MinimumSize: PLARGE_INTEGER, + MaximumSize: PLARGE_INTEGER, + Priority: ULONG, + ) -> NTSTATUS; + pub fn ZwCreatePartition( + ParentPartitionHandle: HANDLE, + PartitionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + PreferredNode: ULONG, + ) -> NTSTATUS; + pub fn ZwCreatePort( + PortHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaxConnectionInfoLength: ULONG, + MaxMessageLength: ULONG, + MaxPoolUsage: ULONG, + ) -> NTSTATUS; + pub fn ZwCreatePrivateNamespace( + NamespaceHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + BoundaryDescriptor: POBJECT_BOUNDARY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn ZwCreateProcess( + ProcessHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ParentProcess: HANDLE, + InheritObjectTable: BOOLEAN, + SectionHandle: HANDLE, + DebugPort: HANDLE, + TokenHandle: HANDLE, + ) -> NTSTATUS; + pub fn ZwCreateProcessEx( + ProcessHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ParentProcess: HANDLE, + Flags: ULONG, + SectionHandle: HANDLE, + DebugPort: HANDLE, + TokenHandle: HANDLE, + Reserved: ULONG, + ) -> NTSTATUS; + pub fn ZwCreateProcessStateChange( + ProcessStateChangeHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ProcessHandle: HANDLE, + Reserved: ULONG64, + ) -> NTSTATUS; + pub fn ZwCreateProfile( + ProfileHandle: PHANDLE, + Process: HANDLE, + ProfileBase: PVOID, + ProfileSize: SIZE_T, + BucketSize: ULONG, + Buffer: PULONG, + BufferSize: ULONG, + ProfileSource: KPROFILE_SOURCE, + Affinity: KAFFINITY, + ) -> NTSTATUS; + pub fn ZwCreateProfileEx( + ProfileHandle: PHANDLE, + Process: HANDLE, + ProfileBase: PVOID, + ProfileSize: SIZE_T, + BucketSize: ULONG, + Buffer: PULONG, + BufferSize: ULONG, + ProfileSource: KPROFILE_SOURCE, + GroupCount: USHORT, + GroupAffinity: PGROUP_AFFINITY, + ) -> NTSTATUS; + pub fn ZwCreateResourceManager( + ResourceManagerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + TmHandle: HANDLE, + RmGuid: LPGUID, + ObjectAttributes: POBJECT_ATTRIBUTES, + CreateOptions: ULONG, + Description: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn ZwCreateSection( + SectionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaximumSize: PLARGE_INTEGER, + SectionPageProtection: ULONG, + AllocationAttributes: ULONG, + FileHandle: HANDLE, + ) -> NTSTATUS; + pub fn ZwCreateSectionEx( + SectionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaximumSize: PLARGE_INTEGER, + SectionPageProtection: ULONG, + AllocationAttributes: ULONG, + FileHandle: HANDLE, + ExtendedParameters: PMEM_EXTENDED_PARAMETER, + ExtendedParameterCount: ULONG, + ) -> NTSTATUS; + pub fn ZwCreateSemaphore( + SemaphoreHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + InitialCount: LONG, + MaximumCount: LONG, + ) -> NTSTATUS; + pub fn ZwCreateSymbolicLinkObject( + LinkHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + LinkTarget: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn ZwCreateThread( + ThreadHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ProcessHandle: HANDLE, + ClientId: PCLIENT_ID, + ThreadContext: PCONTEXT, + InitialTeb: PINITIAL_TEB, + CreateSuspended: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwCreateThreadEx( + ThreadHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ProcessHandle: HANDLE, + StartRoutine: PUSER_THREAD_START_ROUTINE, + Argument: PVOID, + CreateFlags: ULONG, + ZeroBits: SIZE_T, + StackSize: SIZE_T, + MaximumStackSize: SIZE_T, + AttributeList: PPS_ATTRIBUTE_LIST, + ) -> NTSTATUS; + pub fn ZwCreateThreadStateChange( + ThreadStateChangeHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ThreadHandle: HANDLE, + Reserved: ULONG64, + ) -> NTSTATUS; + pub fn ZwCreateTimer( + TimerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TimerType: TIMER_TYPE, + ) -> NTSTATUS; + pub fn ZwCreateTimer2( + TimerHandle: PHANDLE, + Reserved1: PVOID, + ObjectAttributes: POBJECT_ATTRIBUTES, + Attributes: ULONG, + DesiredAccess: ACCESS_MASK, + ) -> NTSTATUS; + pub fn ZwCreateToken( + TokenHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Type: TOKEN_TYPE, + AuthenticationId: PLUID, + ExpirationTime: PLARGE_INTEGER, + User: PTOKEN_USER, + Groups: PTOKEN_GROUPS, + Privileges: PTOKEN_PRIVILEGES, + Owner: PTOKEN_OWNER, + PrimaryGroup: PTOKEN_PRIMARY_GROUP, + DefaultDacl: PTOKEN_DEFAULT_DACL, + Source: PTOKEN_SOURCE, + ) -> NTSTATUS; + pub fn ZwCreateTokenEx( + TokenHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Type: TOKEN_TYPE, + AuthenticationId: PLUID, + ExpirationTime: PLARGE_INTEGER, + User: PTOKEN_USER, + Groups: PTOKEN_GROUPS, + Privileges: PTOKEN_PRIVILEGES, + UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + DeviceGroups: PTOKEN_GROUPS, + MandatoryPolicy: PTOKEN_MANDATORY_POLICY, + Owner: PTOKEN_OWNER, + PrimaryGroup: PTOKEN_PRIMARY_GROUP, + DefaultDacl: PTOKEN_DEFAULT_DACL, + Source: PTOKEN_SOURCE, + ) -> NTSTATUS; + pub fn ZwCreateTransaction( + TransactionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Uow: LPGUID, + TmHandle: HANDLE, + CreateOptions: ULONG, + IsolationLevel: ULONG, + IsolationFlags: ULONG, + Timeout: PLARGE_INTEGER, + Description: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn ZwCreateTransactionManager( + TmHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + LogFileName: PUNICODE_STRING, + CreateOptions: ULONG, + CommitStrength: ULONG, + ) -> NTSTATUS; + pub fn ZwCreateUserProcess( + ProcessHandle: PHANDLE, + ThreadHandle: PHANDLE, + ProcessDesiredAccess: ACCESS_MASK, + ThreadDesiredAccess: ACCESS_MASK, + ProcessObjectAttributes: POBJECT_ATTRIBUTES, + ThreadObjectAttributes: POBJECT_ATTRIBUTES, + ProcessFlags: ULONG, + ThreadFlags: ULONG, + ProcessParameters: PVOID, + CreateInfo: PPS_CREATE_INFO, + AttributeList: PPS_ATTRIBUTE_LIST, + ) -> NTSTATUS; + pub fn ZwCreateWaitablePort( + PortHandle: PHANDLE, + ObjectAttributes: POBJECT_ATTRIBUTES, + MaxConnectionInfoLength: ULONG, + MaxMessageLength: ULONG, + MaxPoolUsage: ULONG, + ) -> NTSTATUS; + pub fn ZwCreateWaitCompletionPacket( + WaitCompletionPacketHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwCreateWnfStateName( + StateName: PWNF_STATE_NAME, + NameLifetime: WNF_STATE_NAME_LIFETIME, + DataScope: WNF_DATA_SCOPE, + PersistData: BOOLEAN, + TypeId: PCWNF_TYPE_ID, + MaximumStateSize: ULONG, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn ZwCreateWorkerFactory( + WorkerFactoryHandleReturn: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + CompletionPortHandle: HANDLE, + WorkerProcessHandle: HANDLE, + StartRoutine: PVOID, + StartParameter: PVOID, + MaxThreadCount: ULONG, + StackReserve: SIZE_T, + StackCommit: SIZE_T, + ) -> NTSTATUS; + pub fn ZwDebugActiveProcess(ProcessHandle: HANDLE, DebugObjectHandle: HANDLE) -> NTSTATUS; + pub fn ZwDebugContinue( + DebugObjectHandle: HANDLE, + ClientId: PCLIENT_ID, + ContinueStatus: NTSTATUS, + ) -> NTSTATUS; + pub fn ZwDelayExecution(Alertable: BOOLEAN, DelayInterval: PLARGE_INTEGER) -> NTSTATUS; + pub fn ZwDeleteAtom(Atom: RTL_ATOM) -> NTSTATUS; + pub fn ZwDeleteBootEntry(Id: ULONG) -> NTSTATUS; + pub fn ZwDeleteDriverEntry(Id: ULONG) -> NTSTATUS; + pub fn ZwDeleteFile(ObjectAttributes: POBJECT_ATTRIBUTES) -> NTSTATUS; + pub fn ZwDeleteKey(KeyHandle: HANDLE) -> NTSTATUS; + pub fn ZwDeleteObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + GenerateOnClose: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwDeletePrivateNamespace(NamespaceHandle: HANDLE) -> NTSTATUS; + pub fn ZwDeleteValueKey(KeyHandle: HANDLE, ValueName: PUNICODE_STRING) -> NTSTATUS; + pub fn ZwDeleteWnfStateData( + StateName: PCWNF_STATE_NAME, + ExplicitScope: *const cty::c_void, + ) -> NTSTATUS; + pub fn ZwDeleteWnfStateName(StateName: PCWNF_STATE_NAME) -> NTSTATUS; + pub fn ZwDeviceIoControlFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + IoControlCode: ULONG, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ) -> NTSTATUS; + pub fn ZwDisableLastKnownGood() -> NTSTATUS; + pub fn ZwDisplayString(String: PUNICODE_STRING) -> NTSTATUS; + pub fn ZwDrawText(Text: PUNICODE_STRING) -> NTSTATUS; + pub fn ZwDuplicateObject( + SourceProcessHandle: HANDLE, + SourceHandle: HANDLE, + TargetProcessHandle: HANDLE, + TargetHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + Options: ULONG, + ) -> NTSTATUS; + pub fn ZwDuplicateToken( + ExistingTokenHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + EffectiveOnly: BOOLEAN, + Type: TOKEN_TYPE, + NewTokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn ZwEnableLastKnownGood() -> NTSTATUS; + pub fn ZwEnumerateBootEntries(Buffer: PVOID, BufferLength: PULONG) -> NTSTATUS; + pub fn ZwEnumerateDriverEntries(Buffer: PVOID, BufferLength: PULONG) -> NTSTATUS; + pub fn ZwEnumerateKey( + KeyHandle: HANDLE, + Index: ULONG, + KeyInformationClass: KEY_INFORMATION_CLASS, + KeyInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + pub fn ZwEnumerateSystemEnvironmentValuesEx( + InformationClass: ULONG, + Buffer: PVOID, + BufferLength: PULONG, + ) -> NTSTATUS; + pub fn ZwEnumerateTransactionObject( + RootObjectHandle: HANDLE, + QueryType: KTMOBJECT_TYPE, + ObjectCursor: PKTMOBJECT_CURSOR, + ObjectCursorLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwEnumerateValueKey( + KeyHandle: HANDLE, + Index: ULONG, + KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, + KeyValueInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + pub fn ZwExtendSection(SectionHandle: HANDLE, NewSectionSize: PLARGE_INTEGER) -> NTSTATUS; + pub fn ZwFilterBootOption( + FilterOperation: FILTER_BOOT_OPTION_OPERATION, + ObjectType: ULONG, + ElementType: ULONG, + Data: PVOID, + DataSize: ULONG, + ) -> NTSTATUS; + pub fn ZwFilterToken( + ExistingTokenHandle: HANDLE, + Flags: ULONG, + SidsToDisable: PTOKEN_GROUPS, + PrivilegesToDelete: PTOKEN_PRIVILEGES, + RestrictedSids: PTOKEN_GROUPS, + NewTokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn ZwFilterTokenEx( + ExistingTokenHandle: HANDLE, + Flags: ULONG, + SidsToDisable: PTOKEN_GROUPS, + PrivilegesToDelete: PTOKEN_PRIVILEGES, + RestrictedSids: PTOKEN_GROUPS, + DisableUserClaimsCount: ULONG, + UserClaimsToDisable: PUNICODE_STRING, + DisableDeviceClaimsCount: ULONG, + DeviceClaimsToDisable: PUNICODE_STRING, + DeviceGroupsToDisable: PTOKEN_GROUPS, + RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, + RestrictedDeviceGroups: PTOKEN_GROUPS, + NewTokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn ZwFindAtom(AtomName: PWSTR, Length: ULONG, Atom: PRTL_ATOM) -> NTSTATUS; + pub fn ZwFlushBuffersFile(FileHandle: HANDLE, IoStatusBlock: PIO_STATUS_BLOCK) -> NTSTATUS; + pub fn ZwFlushBuffersFileEx( + FileHandle: HANDLE, + Flags: ULONG, + Parameters: PVOID, + ParametersSize: ULONG, + IoStatusBlock: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + pub fn ZwFlushInstallUILanguage(InstallUILanguage: LANGID, SetComittedFlag: ULONG) -> NTSTATUS; + pub fn ZwFlushInstructionCache( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Length: SIZE_T, + ) -> NTSTATUS; + pub fn ZwFlushKey(KeyHandle: HANDLE) -> NTSTATUS; + pub fn ZwFlushProcessWriteBuffers() -> NTSTATUS; + pub fn ZwFlushVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + IoStatus: PIO_STATUS_BLOCK, + ) -> NTSTATUS; + pub fn ZwFlushWriteBuffer() -> NTSTATUS; + pub fn ZwFreeUserPhysicalPages( + ProcessHandle: HANDLE, + NumberOfPages: PULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + pub fn ZwFreeVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + FreeType: ULONG, + ) -> NTSTATUS; + pub fn ZwFreezeRegistry(TimeOutInSeconds: ULONG) -> NTSTATUS; + pub fn ZwFreezeTransactions( + FreezeTimeout: PLARGE_INTEGER, + ThawTimeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwFsControlFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + FsControlCode: ULONG, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ) -> NTSTATUS; + pub fn ZwGetCachedSigningLevel( + File: HANDLE, + Flags: PULONG, + SigningLevel: PSE_SIGNING_LEVEL, + Thumbprint: PUCHAR, + ThumbprintSize: PULONG, + ThumbprintAlgorithm: PULONG, + ) -> NTSTATUS; + pub fn ZwGetCompleteWnfStateSubscription( + OldDescriptorStateName: PWNF_STATE_NAME, + OldSubscriptionId: *mut ULONG64, + OldDescriptorEventMask: ULONG, + OldDescriptorStatus: ULONG, + NewDeliveryDescriptor: PWNF_DELIVERY_DESCRIPTOR, + DescriptorSize: ULONG, + ) -> NTSTATUS; + pub fn ZwGetContextThread(ThreadHandle: HANDLE, ThreadContext: PCONTEXT) -> NTSTATUS; + pub fn ZwGetCurrentProcessorNumber() -> ULONG; + pub fn ZwGetCurrentProcessorNumberEx(ProcessorNumber: PPROCESSOR_NUMBER) -> ULONG; + pub fn ZwGetDevicePowerState(Device: HANDLE, State: PDEVICE_POWER_STATE) -> NTSTATUS; + pub fn ZwGetMUIRegistryInfo(Flags: ULONG, DataSize: PULONG, Data: PVOID) -> NTSTATUS; + pub fn ZwGetNextProcess( + ProcessHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + Flags: ULONG, + NewProcessHandle: PHANDLE, + ) -> NTSTATUS; + pub fn ZwGetNextThread( + ProcessHandle: HANDLE, + ThreadHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + Flags: ULONG, + NewThreadHandle: PHANDLE, + ) -> NTSTATUS; + pub fn ZwGetNlsSectionPtr( + SectionType: ULONG, + SectionData: ULONG, + ContextData: PVOID, + SectionPointer: *mut PVOID, + SectionSize: PULONG, + ) -> NTSTATUS; + pub fn ZwGetNotificationResourceManager( + ResourceManagerHandle: HANDLE, + TransactionNotification: PTRANSACTION_NOTIFICATION, + NotificationLength: ULONG, + Timeout: PLARGE_INTEGER, + ReturnLength: PULONG, + Asynchronous: ULONG, + AsynchronousContext: ULONG_PTR, + ) -> NTSTATUS; + pub fn ZwGetPlugPlayEvent( + EventHandle: HANDLE, + Context: PVOID, + EventBlock: PPLUGPLAY_EVENT_BLOCK, + EventBufferSize: ULONG, + ) -> NTSTATUS; + pub fn ZwGetWriteWatch( + ProcessHandle: HANDLE, + Flags: ULONG, + BaseAddress: PVOID, + RegionSize: SIZE_T, + UserAddressArray: *mut PVOID, + EntriesInUserAddressArray: PULONG_PTR, + Granularity: PULONG, + ) -> NTSTATUS; + pub fn ZwImpersonateAnonymousToken(ThreadHandle: HANDLE) -> NTSTATUS; + pub fn ZwImpersonateClientOfPort(PortHandle: HANDLE, Message: PPORT_MESSAGE) -> NTSTATUS; + pub fn ZwImpersonateThread( + ServerThreadHandle: HANDLE, + ClientThreadHandle: HANDLE, + SecurityQos: PSECURITY_QUALITY_OF_SERVICE, + ) -> NTSTATUS; + pub fn ZwInitializeEnclave( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + EnclaveInformation: PVOID, + EnclaveInformationLength: ULONG, + EnclaveError: PULONG, + ) -> NTSTATUS; + pub fn ZwInitializeNlsFiles( + BaseAddress: *mut PVOID, + DefaultLocaleId: PLCID, + DefaultCasingTableSize: PLARGE_INTEGER, + CurrentNLSVersion: PULONG, + ) -> NTSTATUS; + pub fn ZwInitializeRegistry(BootCondition: USHORT) -> NTSTATUS; + pub fn ZwInitiatePowerAction( + SystemAction: POWER_ACTION, + LightestSystemState: SYSTEM_POWER_STATE, + Flags: ULONG, + Asynchronous: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwIsProcessInJob(ProcessHandle: HANDLE, JobHandle: HANDLE) -> NTSTATUS; + pub fn ZwIsSystemResumeAutomatic() -> BOOLEAN; + pub fn ZwIsUILanguageComitted() -> NTSTATUS; + pub fn ZwListenPort(PortHandle: HANDLE, ConnectionRequest: PPORT_MESSAGE) -> NTSTATUS; + pub fn ZwLoadDriver(DriverServiceName: PUNICODE_STRING) -> NTSTATUS; + pub fn ZwLoadEnclaveData( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Buffer: PVOID, + BufferSize: SIZE_T, + Protect: ULONG, + PageInformation: PVOID, + PageInformationLength: ULONG, + NumberOfBytesWritten: PSIZE_T, + EnclaveError: PULONG, + ) -> NTSTATUS; + pub fn ZwLoadKey(TargetKey: POBJECT_ATTRIBUTES, SourceFile: POBJECT_ATTRIBUTES) -> NTSTATUS; + pub fn ZwLoadKey2( + TargetKey: POBJECT_ATTRIBUTES, + SourceFile: POBJECT_ATTRIBUTES, + Flags: ULONG, + ) -> NTSTATUS; + pub fn ZwLoadKey3( + TargetKey: POBJECT_ATTRIBUTES, + SourceFile: POBJECT_ATTRIBUTES, + Flags: ULONG, + ExtendedParameters: PCM_EXTENDED_PARAMETER, + ExtendedParameterCount: ULONG, + DesiredAccess: ACCESS_MASK, + RootHandle: PHANDLE, + Reserved: PVOID, + ) -> NTSTATUS; + pub fn ZwLoadKeyEx( + TargetKey: POBJECT_ATTRIBUTES, + SourceFile: POBJECT_ATTRIBUTES, + Flags: ULONG, + TrustClassKey: HANDLE, + Event: HANDLE, + DesiredAccess: ACCESS_MASK, + RootHandle: PHANDLE, + Reserved: PVOID, + ) -> NTSTATUS; + pub fn ZwLockFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + ByteOffset: PLARGE_INTEGER, + Length: PLARGE_INTEGER, + Key: ULONG, + FailImmediately: BOOLEAN, + ExclusiveLock: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwLockProductActivationKeys(pPrivateVer: *mut ULONG, pSafeMode: *mut ULONG) -> NTSTATUS; + pub fn ZwLockRegistryKey(KeyHandle: HANDLE) -> NTSTATUS; + pub fn ZwLockVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + MapType: ULONG, + ) -> NTSTATUS; + pub fn ZwMakePermanentObject(Handle: HANDLE) -> NTSTATUS; + pub fn ZwMakeTemporaryObject(Handle: HANDLE) -> NTSTATUS; + pub fn ZwManagePartition( + TargetHandle: HANDLE, + SourceHandle: HANDLE, + PartitionInformationClass: PARTITION_INFORMATION_CLASS, + PartitionInformation: PVOID, + PartitionInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwMapCMFModule( + What: ULONG, + Index: ULONG, + CacheIndexOut: PULONG, + CacheFlagsOut: PULONG, + ViewSizeOut: PULONG, + BaseAddress: *mut PVOID, + ) -> NTSTATUS; + pub fn ZwMapUserPhysicalPages( + VirtualAddress: PVOID, + NumberOfPages: ULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + pub fn ZwMapUserPhysicalPagesScatter( + VirtualAddresses: *mut PVOID, + NumberOfPages: ULONG_PTR, + UserPfnArray: PULONG_PTR, + ) -> NTSTATUS; + pub fn ZwMapViewOfSection( + SectionHandle: HANDLE, + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + ZeroBits: ULONG_PTR, + CommitSize: SIZE_T, + SectionOffset: PLARGE_INTEGER, + ViewSize: PSIZE_T, + InheritDisposition: SECTION_INHERIT, + AllocationType: ULONG, + Win32Protect: ULONG, + ) -> NTSTATUS; + pub fn ZwMapViewOfSectionEx( + SectionHandle: HANDLE, + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + SectionOffset: PLARGE_INTEGER, + ViewSize: PSIZE_T, + AllocationType: ULONG, + Win32Protect: ULONG, + ExtendedParameters: PMEM_EXTENDED_PARAMETER, + ExtendedParameterCount: ULONG, + ) -> NTSTATUS; + pub fn ZwModifyBootEntry(BootEntry: PBOOT_ENTRY) -> NTSTATUS; + pub fn ZwModifyDriverEntry(DriverEntry: PEFI_DRIVER_ENTRY) -> NTSTATUS; + pub fn ZwNotifyChangeDirectoryFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwNotifyChangeDirectoryFileEx( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + DirectoryNotifyInformationClass: DIRECTORY_NOTIFY_INFORMATION_CLASS, + ) -> NTSTATUS; + pub fn ZwNotifyChangeKey( + KeyHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + Buffer: PVOID, + BufferSize: ULONG, + Asynchronous: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwNotifyChangeMultipleKeys( + MasterKeyHandle: HANDLE, + Count: ULONG, + SubordinateObjects: *mut OBJECT_ATTRIBUTES, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + CompletionFilter: ULONG, + WatchTree: BOOLEAN, + Buffer: PVOID, + BufferSize: ULONG, + Asynchronous: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwNotifyChangeSession( + SessionHandle: HANDLE, + ChangeSequenceNumber: ULONG, + ChangeTimeStamp: PLARGE_INTEGER, + Event: IO_SESSION_EVENT, + NewState: IO_SESSION_STATE, + PreviousState: IO_SESSION_STATE, + Payload: PVOID, + PayloadSize: ULONG, + ) -> NTSTATUS; + pub fn ZwOpenDirectoryObject( + DirectoryHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenEnlistment( + EnlistmentHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ResourceManagerHandle: HANDLE, + EnlistmentGuid: LPGUID, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenEvent( + EventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenEventPair( + EventPairHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenFile( + FileHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + ShareAccess: ULONG, + OpenOptions: ULONG, + ) -> NTSTATUS; + pub fn ZwOpenIoCompletion( + IoCompletionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenJobObject( + JobHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenKey( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenKeyedEvent( + KeyedEventHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenKeyEx( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + OpenOptions: ULONG, + ) -> NTSTATUS; + pub fn ZwOpenKeyTransacted( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + TransactionHandle: HANDLE, + ) -> NTSTATUS; + pub fn ZwOpenKeyTransactedEx( + KeyHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + OpenOptions: ULONG, + TransactionHandle: HANDLE, + ) -> NTSTATUS; + pub fn ZwOpenMutant( + MutantHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ObjectTypeName: PUNICODE_STRING, + ObjectName: PUNICODE_STRING, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + GrantedAccess: ACCESS_MASK, + Privileges: PPRIVILEGE_SET, + ObjectCreation: BOOLEAN, + AccessGranted: BOOLEAN, + GenerateOnClose: PBOOLEAN, + ) -> NTSTATUS; + pub fn ZwOpenPartition( + PartitionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenPrivateNamespace( + NamespaceHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + BoundaryDescriptor: POBJECT_BOUNDARY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn ZwOpenProcess( + ProcessHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ClientId: PCLIENT_ID, + ) -> NTSTATUS; + pub fn ZwOpenProcessToken( + ProcessHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn ZwOpenProcessTokenEx( + ProcessHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + HandleAttributes: ULONG, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn ZwOpenResourceManager( + ResourceManagerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + TmHandle: HANDLE, + ResourceManagerGuid: LPGUID, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenSection( + SectionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenSemaphore( + SemaphoreHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenSession( + SessionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenSymbolicLinkObject( + LinkHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenThread( + ThreadHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ClientId: PCLIENT_ID, + ) -> NTSTATUS; + pub fn ZwOpenThreadToken( + ThreadHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + OpenAsSelf: BOOLEAN, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn ZwOpenThreadTokenEx( + ThreadHandle: HANDLE, + DesiredAccess: ACCESS_MASK, + OpenAsSelf: BOOLEAN, + HandleAttributes: ULONG, + TokenHandle: PHANDLE, + ) -> NTSTATUS; + pub fn ZwOpenTimer( + TimerHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwOpenTransaction( + TransactionHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + Uow: LPGUID, + TmHandle: HANDLE, + ) -> NTSTATUS; + pub fn ZwOpenTransactionManager( + TmHandle: PHANDLE, + DesiredAccess: ACCESS_MASK, + ObjectAttributes: POBJECT_ATTRIBUTES, + LogFileName: PUNICODE_STRING, + TmIdentity: LPGUID, + OpenOptions: ULONG, + ) -> NTSTATUS; + pub fn ZwPlugPlayControl( + PnPControlClass: PLUGPLAY_CONTROL_CLASS, + PnPControlData: PVOID, + PnPControlDataLength: ULONG, + ) -> NTSTATUS; + pub fn ZwPowerInformation( + InformationLevel: POWER_INFORMATION_LEVEL, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ) -> NTSTATUS; + pub fn ZwPrepareComplete(EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER) -> NTSTATUS; + pub fn ZwPrepareEnlistment(EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER) + -> NTSTATUS; + pub fn ZwPrePrepareComplete( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwPrePrepareEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwPrivilegeCheck( + ClientToken: HANDLE, + RequiredPrivileges: PPRIVILEGE_SET, + Result: PBOOLEAN, + ) -> NTSTATUS; + pub fn ZwPrivilegedServiceAuditAlarm( + SubsystemName: PUNICODE_STRING, + ServiceName: PUNICODE_STRING, + ClientToken: HANDLE, + Privileges: PPRIVILEGE_SET, + AccessGranted: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwPrivilegeObjectAuditAlarm( + SubsystemName: PUNICODE_STRING, + HandleId: PVOID, + ClientToken: HANDLE, + DesiredAccess: ACCESS_MASK, + Privileges: PPRIVILEGE_SET, + AccessGranted: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwPropagationComplete( + ResourceManagerHandle: HANDLE, + RequestCookie: ULONG, + BufferLength: ULONG, + Buffer: PVOID, + ) -> NTSTATUS; + pub fn ZwPropagationFailed( + ResourceManagerHandle: HANDLE, + RequestCookie: ULONG, + PropStatus: NTSTATUS, + ) -> NTSTATUS; + pub fn ZwProtectVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + NewProtect: ULONG, + OldProtect: PULONG, + ) -> NTSTATUS; + pub fn ZwPssCaptureVaSpaceBulk( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + BulkInformation: PNTPSS_MEMORY_BULK_INFORMATION, + BulkInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + pub fn ZwPulseEvent(EventHandle: HANDLE, PreviousState: PLONG) -> NTSTATUS; + pub fn ZwQueryAttributesFile( + ObjectAttributes: POBJECT_ATTRIBUTES, + FileInformation: PFILE_BASIC_INFORMATION, + ) -> NTSTATUS; + pub fn ZwQueryAuxiliaryCounterFrequency(AuxiliaryCounterFrequency: PLARGE_INTEGER) -> NTSTATUS; + pub fn ZwQueryBootEntryOrder(Ids: PULONG, Count: PULONG) -> NTSTATUS; + pub fn ZwQueryBootOptions(BootOptions: PBOOT_OPTIONS, BootOptionsLength: PULONG) -> NTSTATUS; + pub fn ZwQueryDebugFilterState(ComponentId: ULONG, Level: ULONG) -> NTSTATUS; + pub fn ZwQueryDefaultLocale(UserProfile: BOOLEAN, DefaultLocaleId: PLCID) -> NTSTATUS; + pub fn ZwQueryDefaultUILanguage(DefaultUILanguageId: *mut LANGID) -> NTSTATUS; + pub fn ZwQueryDirectoryFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ReturnSingleEntry: BOOLEAN, + FileName: PUNICODE_STRING, + RestartScan: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwQueryDirectoryFileEx( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + QueryFlags: ULONG, + FileName: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn ZwQueryDirectoryObject( + DirectoryHandle: HANDLE, + Buffer: PVOID, + Length: ULONG, + ReturnSingleEntry: BOOLEAN, + RestartScan: BOOLEAN, + Context: PULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryDriverEntryOrder(Ids: PULONG, Count: PULONG) -> NTSTATUS; + pub fn ZwQueryEaFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ReturnSingleEntry: BOOLEAN, + EaList: PVOID, + EaListLength: ULONG, + EaIndex: PULONG, + RestartScan: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwQueryEvent( + EventHandle: HANDLE, + EventInformationClass: EVENT_INFORMATION_CLASS, + EventInformation: PVOID, + EventInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryFullAttributesFile( + ObjectAttributes: POBJECT_ATTRIBUTES, + FileInformation: PFILE_NETWORK_OPEN_INFORMATION, + ) -> NTSTATUS; + pub fn ZwQueryInformationAtom( + Atom: RTL_ATOM, + AtomInformationClass: ATOM_INFORMATION_CLASS, + AtomInformation: PVOID, + AtomInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryInformationByName( + ObjectAttributes: POBJECT_ATTRIBUTES, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ) -> NTSTATUS; + pub fn ZwQueryInformationEnlistment( + EnlistmentHandle: HANDLE, + EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, + EnlistmentInformation: PVOID, + EnlistmentInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ) -> NTSTATUS; + pub fn ZwQueryInformationJobObject( + JobHandle: HANDLE, + JobObjectInformationClass: JOBOBJECTINFOCLASS, + JobObjectInformation: PVOID, + JobObjectInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryInformationPort( + PortHandle: HANDLE, + PortInformationClass: PORT_INFORMATION_CLASS, + PortInformation: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryInformationProcess( + ProcessHandle: HANDLE, + ProcessInformationClass: PROCESSINFOCLASS, + ProcessInformation: PVOID, + ProcessInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryInformationResourceManager( + ResourceManagerHandle: HANDLE, + ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, + ResourceManagerInformation: PVOID, + ResourceManagerInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryInformationThread( + ThreadHandle: HANDLE, + ThreadInformationClass: THREADINFOCLASS, + ThreadInformation: PVOID, + ThreadInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryInformationToken( + TokenHandle: HANDLE, + TokenInformationClass: TOKEN_INFORMATION_CLASS, + TokenInformation: PVOID, + TokenInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryInformationTransaction( + TransactionHandle: HANDLE, + TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, + TransactionInformation: PVOID, + TransactionInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryInformationTransactionManager( + TransactionManagerHandle: HANDLE, + TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, + TransactionManagerInformation: PVOID, + TransactionManagerInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryInformationWorkerFactory( + WorkerFactoryHandle: HANDLE, + WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, + WorkerFactoryInformation: PVOID, + WorkerFactoryInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryInstallUILanguage(InstallUILanguageId: *mut LANGID) -> NTSTATUS; + pub fn ZwQueryIntervalProfile(ProfileSource: KPROFILE_SOURCE, Interval: PULONG) -> NTSTATUS; + pub fn ZwQueryIoCompletion( + IoCompletionHandle: HANDLE, + IoCompletionInformationClass: IO_COMPLETION_INFORMATION_CLASS, + IoCompletionInformation: PVOID, + IoCompletionInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryIoRingCapabilities( + IoRingCapabilitiesLength: SIZE_T, + IoRingCapabilities: PVOID, + ) -> NTSTATUS; + pub fn ZwQueryKey( + KeyHandle: HANDLE, + KeyInformationClass: KEY_INFORMATION_CLASS, + KeyInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryLicenseValue( + ValueName: PUNICODE_STRING, + Type: PULONG, + Data: PVOID, + DataSize: ULONG, + ResultDataSize: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryMultipleValueKey( + KeyHandle: HANDLE, + ValueEntries: PKEY_VALUE_ENTRY, + EntryCount: ULONG, + ValueBuffer: PVOID, + BufferLength: PULONG, + RequiredBufferLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryMutant( + MutantHandle: HANDLE, + MutantInformationClass: MUTANT_INFORMATION_CLASS, + MutantInformation: PVOID, + MutantInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryObject( + Handle: HANDLE, + ObjectInformationClass: OBJECT_INFORMATION_CLASS, + ObjectInformation: PVOID, + ObjectInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryOpenSubKeys(TargetKey: POBJECT_ATTRIBUTES, HandleCount: PULONG) -> NTSTATUS; + pub fn ZwQueryOpenSubKeysEx( + TargetKey: POBJECT_ATTRIBUTES, + BufferLength: ULONG, + Buffer: PVOID, + RequiredSize: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryPerformanceCounter( + PerformanceCounter: PLARGE_INTEGER, + PerformanceFrequency: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwQueryPortInformationProcess() -> NTSTATUS; + pub fn ZwQueryQuotaInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ReturnSingleEntry: BOOLEAN, + SidList: PVOID, + SidListLength: ULONG, + StartSid: PSID, + RestartScan: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwQuerySection( + SectionHandle: HANDLE, + SectionInformationClass: SECTION_INFORMATION_CLASS, + SectionInformation: PVOID, + SectionInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + pub fn ZwQuerySecurityAttributesToken( + TokenHandle: HANDLE, + Attributes: PUNICODE_STRING, + NumberOfAttributes: ULONG, + Buffer: PVOID, + Length: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQuerySecurityObject( + Handle: HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + Length: ULONG, + LengthNeeded: PULONG, + ) -> NTSTATUS; + pub fn ZwQuerySemaphore( + SemaphoreHandle: HANDLE, + SemaphoreInformationClass: SEMAPHORE_INFORMATION_CLASS, + SemaphoreInformation: PVOID, + SemaphoreInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQuerySymbolicLinkObject( + LinkHandle: HANDLE, + LinkTarget: PUNICODE_STRING, + ReturnedLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQuerySystemEnvironmentValue( + VariableName: PUNICODE_STRING, + VariableValue: PWSTR, + ValueLength: USHORT, + ReturnLength: PUSHORT, + ) -> NTSTATUS; + pub fn ZwQuerySystemEnvironmentValueEx( + VariableName: PUNICODE_STRING, + VendorGuid: PCGUID, + Value: PVOID, + ValueLength: PULONG, + Attributes: PULONG, + ) -> NTSTATUS; + pub fn ZwQuerySystemInformation( + SystemInformationClass: SYSTEM_INFORMATION_CLASS, + SystemInformation: PVOID, + SystemInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQuerySystemInformationEx( + SystemInformationClass: SYSTEM_INFORMATION_CLASS, + InputBuffer: PVOID, + InputBufferLength: ULONG, + SystemInformation: PVOID, + SystemInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQuerySystemTime(SystemTime: PLARGE_INTEGER) -> NTSTATUS; + pub fn ZwQueryTimer( + TimerHandle: HANDLE, + TimerInformationClass: TIMER_INFORMATION_CLASS, + TimerInformation: PVOID, + TimerInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryTimerResolution( + MaximumTime: PULONG, + MinimumTime: PULONG, + CurrentTime: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryValueKey( + KeyHandle: HANDLE, + ValueName: PUNICODE_STRING, + KeyValueInformationClass: KEY_VALUE_INFORMATION_CLASS, + KeyValueInformation: PVOID, + Length: ULONG, + ResultLength: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + MemoryInformationClass: MEMORY_INFORMATION_CLASS, + MemoryInformation: PVOID, + MemoryInformationLength: SIZE_T, + ReturnLength: PSIZE_T, + ) -> NTSTATUS; + pub fn ZwQueryVolumeInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FsInformation: PVOID, + Length: ULONG, + FsInformationClass: FSINFOCLASS, + ) -> NTSTATUS; + pub fn ZwQueryWnfStateData( + StateName: PCWNF_STATE_NAME, + TypeId: PCWNF_TYPE_ID, + ExplicitScope: *const cty::c_void, + ChangeStamp: PWNF_CHANGE_STAMP, + Buffer: PVOID, + BufferSize: PULONG, + ) -> NTSTATUS; + pub fn ZwQueryWnfStateNameInformation( + StateName: PCWNF_STATE_NAME, + NameInfoClass: WNF_STATE_NAME_INFORMATION, + ExplicitScope: *const cty::c_void, + InfoBuffer: PVOID, + InfoBufferSize: ULONG, + ) -> NTSTATUS; + pub fn ZwQueueApcThread( + ThreadHandle: HANDLE, + ApcRoutine: PPS_APC_ROUTINE, + ApcArgument1: PVOID, + ApcArgument2: PVOID, + ApcArgument3: PVOID, + ) -> NTSTATUS; + pub fn ZwQueueApcThreadEx( + ThreadHandle: HANDLE, + ReserveHandle: HANDLE, + ApcRoutine: PPS_APC_ROUTINE, + ApcArgument1: PVOID, + ApcArgument2: PVOID, + ApcArgument3: PVOID, + ) -> NTSTATUS; + pub fn ZwQueueApcThreadEx2( + ThreadHandle: HANDLE, + ReserveHandle: HANDLE, + ApcFlags: ULONG, + ApcRoutine: PPS_APC_ROUTINE, + ApcArgument1: PVOID, + ApcArgument2: PVOID, + ApcArgument3: PVOID, + ) -> NTSTATUS; + pub fn ZwRaiseException( + ExceptionRecord: PEXCEPTION_RECORD, + ContextRecord: PCONTEXT, + FirstChance: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwRaiseHardError( + ErrorStatus: NTSTATUS, + NumberOfParameters: ULONG, + UnicodeStringParameterMask: ULONG, + Parameters: PULONG_PTR, + ValidResponseOptions: ULONG, + Response: PULONG, + ) -> NTSTATUS; + pub fn ZwReadFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + pub fn ZwReadFileScatter( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + SegmentArray: PFILE_SEGMENT_ELEMENT, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + pub fn ZwReadOnlyEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwReadRequestData( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + DataEntryIndex: ULONG, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesRead: PSIZE_T, + ) -> NTSTATUS; + pub fn ZwReadVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesRead: PSIZE_T, + ) -> NTSTATUS; + pub fn ZwReadVirtualMemoryEx( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesRead: PSIZE_T, + Flags: ULONG, + ) -> NTSTATUS; + pub fn ZwRecoverEnlistment(EnlistmentHandle: HANDLE, EnlistmentKey: PVOID) -> NTSTATUS; + pub fn ZwRecoverResourceManager(ResourceManagerHandle: HANDLE) -> NTSTATUS; + pub fn ZwRecoverTransactionManager(TransactionManagerHandle: HANDLE) -> NTSTATUS; + pub fn ZwRegisterProtocolAddressInformation( + ResourceManager: HANDLE, + ProtocolId: PCRM_PROTOCOL_ID, + ProtocolInformationSize: ULONG, + ProtocolInformation: PVOID, + CreateOptions: ULONG, + ) -> NTSTATUS; + pub fn ZwRegisterThreadTerminatePort(PortHandle: HANDLE) -> NTSTATUS; + pub fn ZwReleaseCMFViewOwnership() -> NTSTATUS; + pub fn ZwReleaseKeyedEvent( + KeyedEventHandle: HANDLE, + KeyValue: PVOID, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwReleaseMutant(MutantHandle: HANDLE, PreviousCount: PLONG) -> NTSTATUS; + pub fn ZwReleaseSemaphore( + SemaphoreHandle: HANDLE, + ReleaseCount: LONG, + PreviousCount: PLONG, + ) -> NTSTATUS; + pub fn ZwReleaseWorkerFactoryWorker(WorkerFactoryHandle: HANDLE) -> NTSTATUS; + pub fn ZwRemoveIoCompletion( + IoCompletionHandle: HANDLE, + KeyContext: *mut PVOID, + ApcContext: *mut PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwRemoveIoCompletionEx( + IoCompletionHandle: HANDLE, + IoCompletionInformation: PFILE_IO_COMPLETION_INFORMATION, + Count: ULONG, + NumEntriesRemoved: PULONG, + Timeout: PLARGE_INTEGER, + Alertable: BOOLEAN, + ) -> NTSTATUS; + pub fn ZwRemoveProcessDebug(ProcessHandle: HANDLE, DebugObjectHandle: HANDLE) -> NTSTATUS; + pub fn ZwRenameKey(KeyHandle: HANDLE, NewName: PUNICODE_STRING) -> NTSTATUS; + pub fn ZwRenameTransactionManager( + LogFileName: PUNICODE_STRING, + ExistingTransactionManagerGuid: LPGUID, + ) -> NTSTATUS; + pub fn ZwReplaceKey( + NewFile: POBJECT_ATTRIBUTES, + TargetHandle: HANDLE, + OldFile: POBJECT_ATTRIBUTES, + ) -> NTSTATUS; + pub fn ZwReplacePartitionUnit( + TargetInstancePath: PUNICODE_STRING, + SpareInstancePath: PUNICODE_STRING, + Flags: ULONG, + ) -> NTSTATUS; + pub fn ZwReplyPort(PortHandle: HANDLE, ReplyMessage: PPORT_MESSAGE) -> NTSTATUS; + pub fn ZwReplyWaitReceivePort( + PortHandle: HANDLE, + PortContext: *mut PVOID, + ReplyMessage: PPORT_MESSAGE, + ReceiveMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + pub fn ZwReplyWaitReceivePortEx( + PortHandle: HANDLE, + PortContext: *mut PVOID, + ReplyMessage: PPORT_MESSAGE, + ReceiveMessage: PPORT_MESSAGE, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwReplyWaitReplyPort(PortHandle: HANDLE, ReplyMessage: PPORT_MESSAGE) -> NTSTATUS; + pub fn ZwRequestPort(PortHandle: HANDLE, RequestMessage: PPORT_MESSAGE) -> NTSTATUS; + pub fn ZwRequestWaitReplyPort( + PortHandle: HANDLE, + RequestMessage: PPORT_MESSAGE, + ReplyMessage: PPORT_MESSAGE, + ) -> NTSTATUS; + pub fn ZwRequestWakeupLatency(latency: LATENCY_TIME) -> NTSTATUS; + pub fn ZwResetEvent(EventHandle: HANDLE, PreviousState: PLONG) -> NTSTATUS; + pub fn ZwResetWriteWatch( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + RegionSize: SIZE_T, + ) -> NTSTATUS; + pub fn ZwRestoreKey(KeyHandle: HANDLE, FileHandle: HANDLE, Flags: ULONG) -> NTSTATUS; + pub fn ZwResumeProcess(ProcessHandle: HANDLE) -> NTSTATUS; + pub fn ZwResumeThread(ThreadHandle: HANDLE, PreviousSuspendCount: PULONG) -> NTSTATUS; + pub fn ZwRevertContainerImpersonation() -> NTSTATUS; + pub fn ZwRollbackComplete(EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER) -> NTSTATUS; + pub fn ZwRollbackEnlistment( + EnlistmentHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwRollbackTransaction(TransactionHandle: HANDLE, Wait: BOOLEAN) -> NTSTATUS; + pub fn ZwRollforwardTransactionManager( + TransactionManagerHandle: HANDLE, + TmVirtualClock: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwSaveKey(KeyHandle: HANDLE, FileHandle: HANDLE) -> NTSTATUS; + pub fn ZwSaveKeyEx(KeyHandle: HANDLE, FileHandle: HANDLE, Format: ULONG) -> NTSTATUS; + pub fn ZwSaveMergedKeys( + HighPrecedenceKeyHandle: HANDLE, + LowPrecedenceKeyHandle: HANDLE, + FileHandle: HANDLE, + ) -> NTSTATUS; + pub fn ZwSecureConnectPort( + PortHandle: PHANDLE, + PortName: PUNICODE_STRING, + SecurityQos: PSECURITY_QUALITY_OF_SERVICE, + ClientView: PPORT_VIEW, + RequiredServerSid: PSID, + ServerView: PREMOTE_PORT_VIEW, + MaxMessageLength: PULONG, + ConnectionInformation: PVOID, + ConnectionInformationLength: PULONG, + ) -> NTSTATUS; + pub fn ZwSerializeBoot() -> NTSTATUS; + pub fn ZwSetBootEntryOrder(Ids: PULONG, Count: ULONG) -> NTSTATUS; + pub fn ZwSetBootOptions(BootOptions: PBOOT_OPTIONS, FieldsToChange: ULONG) -> NTSTATUS; + pub fn ZwSetCachedSigningLevel( + Flags: ULONG, + InputSigningLevel: SE_SIGNING_LEVEL, + SourceFiles: PHANDLE, + SourceFileCount: ULONG, + TargetFile: HANDLE, + ) -> NTSTATUS; + pub fn ZwSetContextThread(ThreadHandle: HANDLE, ThreadContext: PCONTEXT) -> NTSTATUS; + pub fn ZwSetDebugFilterState(ComponentId: ULONG, Level: ULONG, State: BOOLEAN) -> NTSTATUS; + pub fn ZwSetDefaultHardErrorPort(DefaultHardErrorPort: HANDLE) -> NTSTATUS; + pub fn ZwSetDefaultLocale(UserProfile: BOOLEAN, DefaultLocaleId: LCID) -> NTSTATUS; + pub fn ZwSetDefaultUILanguage(DefaultUILanguageId: LANGID) -> NTSTATUS; + pub fn ZwSetDriverEntryOrder(Ids: PULONG, Count: ULONG) -> NTSTATUS; + pub fn ZwSetEaFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ) -> NTSTATUS; + pub fn ZwSetEvent(EventHandle: HANDLE, PreviousState: PLONG) -> NTSTATUS; + pub fn ZwSetEventBoostPriority(EventHandle: HANDLE) -> NTSTATUS; + pub fn ZwSetHighEventPair(EventPairHandle: HANDLE) -> NTSTATUS; + pub fn ZwSetHighWaitLowEventPair(EventPairHandle: HANDLE) -> NTSTATUS; + pub fn ZwSetInformationDebugObject( + DebugObjectHandle: HANDLE, + DebugObjectInformationClass: DEBUGOBJECTINFOCLASS, + DebugInformation: PVOID, + DebugInformationLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwSetInformationEnlistment( + EnlistmentHandle: HANDLE, + EnlistmentInformationClass: ENLISTMENT_INFORMATION_CLASS, + EnlistmentInformation: PVOID, + EnlistmentInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FileInformation: PVOID, + Length: ULONG, + FileInformationClass: FILE_INFORMATION_CLASS, + ) -> NTSTATUS; + pub fn ZwSetInformationIoRing( + IoRingHandle: HANDLE, + IoRingInformationClass: ULONG, + IoRingInformationLength: ULONG, + IoRingInformation: PVOID, + ) -> NTSTATUS; + pub fn ZwSetInformationJobObject( + JobHandle: HANDLE, + JobObjectInformationClass: JOBOBJECTINFOCLASS, + JobObjectInformation: PVOID, + JobObjectInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetInformationKey( + KeyHandle: HANDLE, + KeySetInformationClass: KEY_SET_INFORMATION_CLASS, + KeySetInformation: PVOID, + KeySetInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetInformationObject( + Handle: HANDLE, + ObjectInformationClass: OBJECT_INFORMATION_CLASS, + ObjectInformation: PVOID, + ObjectInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetInformationProcess( + ProcessHandle: HANDLE, + ProcessInformationClass: PROCESSINFOCLASS, + ProcessInformation: PVOID, + ProcessInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetInformationResourceManager( + ResourceManagerHandle: HANDLE, + ResourceManagerInformationClass: RESOURCEMANAGER_INFORMATION_CLASS, + ResourceManagerInformation: PVOID, + ResourceManagerInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetInformationSymbolicLink( + LinkHandle: HANDLE, + SymbolicLinkInformationClass: SYMBOLIC_LINK_INFO_CLASS, + SymbolicLinkInformation: PVOID, + SymbolicLinkInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetInformationThread( + ThreadHandle: HANDLE, + ThreadInformationClass: THREADINFOCLASS, + ThreadInformation: PVOID, + ThreadInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetInformationToken( + TokenHandle: HANDLE, + TokenInformationClass: TOKEN_INFORMATION_CLASS, + TokenInformation: PVOID, + TokenInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetInformationTransaction( + TransactionHandle: HANDLE, + TransactionInformationClass: TRANSACTION_INFORMATION_CLASS, + TransactionInformation: PVOID, + TransactionInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetInformationTransactionManager( + TmHandle: HANDLE, + TransactionManagerInformationClass: TRANSACTIONMANAGER_INFORMATION_CLASS, + TransactionManagerInformation: PVOID, + TransactionManagerInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetInformationVirtualMemory( + ProcessHandle: HANDLE, + VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS, + NumberOfEntries: ULONG_PTR, + VirtualAddresses: PMEMORY_RANGE_ENTRY, + VmInformation: PVOID, + VmInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetInformationWorkerFactory( + WorkerFactoryHandle: HANDLE, + WorkerFactoryInformationClass: WORKERFACTORYINFOCLASS, + WorkerFactoryInformation: PVOID, + WorkerFactoryInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetIntervalProfile(Interval: ULONG, Source: KPROFILE_SOURCE) -> NTSTATUS; + pub fn ZwSetIoCompletion( + IoCompletionHandle: HANDLE, + KeyContext: PVOID, + ApcContext: PVOID, + IoStatus: NTSTATUS, + IoStatusInformation: ULONG_PTR, + ) -> NTSTATUS; + pub fn ZwSetIoCompletionEx( + IoCompletionHandle: HANDLE, + IoCompletionPacketHandle: HANDLE, + KeyContext: PVOID, + ApcContext: PVOID, + IoStatus: NTSTATUS, + IoStatusInformation: ULONG_PTR, + ) -> NTSTATUS; + pub fn ZwSetIRTimer(TimerHandle: HANDLE, DueTime: PLARGE_INTEGER) -> NTSTATUS; + pub fn ZwSetLdtEntries( + Selector0: ULONG, + Entry0Low: ULONG, + Entry0Hi: ULONG, + Selector1: ULONG, + Entry1Low: ULONG, + Entry1Hi: ULONG, + ) -> NTSTATUS; + pub fn ZwSetLowEventPair(EventPairHandle: HANDLE) -> NTSTATUS; + pub fn ZwSetLowWaitHighEventPair(EventPairHandle: HANDLE) -> NTSTATUS; + pub fn ZwSetQuotaInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ) -> NTSTATUS; + pub fn ZwSetSecurityObject( + Handle: HANDLE, + SecurityInformation: SECURITY_INFORMATION, + SecurityDescriptor: PSECURITY_DESCRIPTOR, + ) -> NTSTATUS; + pub fn ZwSetSystemEnvironmentValue( + VariableName: PUNICODE_STRING, + VariableValue: PUNICODE_STRING, + ) -> NTSTATUS; + pub fn ZwSetSystemEnvironmentValueEx( + VariableName: PUNICODE_STRING, + VendorGuid: PCGUID, + Value: PVOID, + ValueLength: ULONG, + Attributes: ULONG, + ) -> NTSTATUS; + pub fn ZwSetSystemInformation( + SystemInformationClass: SYSTEM_INFORMATION_CLASS, + SystemInformation: PVOID, + SystemInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetSystemPowerState( + SystemAction: POWER_ACTION, + LightestSystemState: SYSTEM_POWER_STATE, + Flags: ULONG, + ) -> NTSTATUS; + pub fn ZwSetSystemTime(SystemTime: PLARGE_INTEGER, PreviousTime: PLARGE_INTEGER) -> NTSTATUS; + pub fn ZwSetThreadExecutionState( + NewFlags: EXECUTION_STATE, + PreviousFlags: *mut EXECUTION_STATE, + ) -> NTSTATUS; + pub fn ZwSetTimer( + TimerHandle: HANDLE, + DueTime: PLARGE_INTEGER, + TimerApcRoutine: PTIMER_APC_ROUTINE, + TimerContext: PVOID, + ResumeTimer: BOOLEAN, + Period: LONG, + PreviousState: PBOOLEAN, + ) -> NTSTATUS; + pub fn ZwSetTimer2( + TimerHandle: HANDLE, + DueTime: PLARGE_INTEGER, + Period: PLARGE_INTEGER, + Parameters: PT2_SET_PARAMETERS, + ) -> NTSTATUS; + pub fn ZwSetTimerEx( + TimerHandle: HANDLE, + TimerSetInformationClass: TIMER_SET_INFORMATION_CLASS, + TimerSetInformation: PVOID, + TimerSetInformationLength: ULONG, + ) -> NTSTATUS; + pub fn ZwSetTimerResolution( + DesiredTime: ULONG, + SetResolution: BOOLEAN, + ActualTime: PULONG, + ) -> NTSTATUS; + pub fn ZwSetUuidSeed(Seed: PCHAR) -> NTSTATUS; + pub fn ZwSetValueKey( + KeyHandle: HANDLE, + ValueName: PUNICODE_STRING, + TitleIndex: ULONG, + Type: ULONG, + Data: PVOID, + DataSize: ULONG, + ) -> NTSTATUS; + pub fn ZwSetVolumeInformationFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + FsInformation: PVOID, + Length: ULONG, + FsInformationClass: FSINFOCLASS, + ) -> NTSTATUS; + pub fn ZwSetWnfProcessNotificationEvent(NotificationEvent: HANDLE) -> NTSTATUS; + pub fn ZwShutdownSystem(Action: SHUTDOWN_ACTION) -> NTSTATUS; + pub fn ZwShutdownWorkerFactory( + WorkerFactoryHandle: HANDLE, + PendingWorkerCount: *mut LONG, + ) -> NTSTATUS; + pub fn ZwSignalAndWaitForSingleObject( + SignalHandle: HANDLE, + WaitHandle: HANDLE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwSinglePhaseReject(EnlistmentHandle: HANDLE, TmVirtualClock: PLARGE_INTEGER) + -> NTSTATUS; + pub fn ZwStartProfile(ProfileHandle: HANDLE) -> NTSTATUS; + pub fn ZwStopProfile(ProfileHandle: HANDLE) -> NTSTATUS; + pub fn ZwSubmitIoRing( + IoRingHandle: HANDLE, + Flags: ULONG, + WaitOperations: ULONG, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwSubscribeWnfStateChange( + StateName: PCWNF_STATE_NAME, + ChangeStamp: WNF_CHANGE_STAMP, + EventMask: ULONG, + SubscriptionId: PULONG64, + ) -> NTSTATUS; + pub fn ZwSuspendProcess(ProcessHandle: HANDLE) -> NTSTATUS; + pub fn ZwSuspendThread(ThreadHandle: HANDLE, PreviousSuspendCount: PULONG) -> NTSTATUS; + pub fn ZwSystemDebugControl( + Command: SYSDBG_COMMAND, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwTerminateEnclave(BaseAddress: PVOID, Flags: ULONG) -> NTSTATUS; + pub fn ZwTerminateJobObject(JobHandle: HANDLE, ExitStatus: NTSTATUS) -> NTSTATUS; + pub fn ZwTerminateProcess(ProcessHandle: HANDLE, ExitStatus: NTSTATUS) -> NTSTATUS; + pub fn ZwTerminateThread(ThreadHandle: HANDLE, ExitStatus: NTSTATUS) -> NTSTATUS; + pub fn ZwTestAlert() -> NTSTATUS; + pub fn ZwThawRegistry() -> NTSTATUS; + pub fn ZwThawTransactions() -> NTSTATUS; + pub fn ZwTraceControl( + TraceControlCode: ETWTRACECONTROLCODE, + InputBuffer: PVOID, + InputBufferLength: ULONG, + OutputBuffer: PVOID, + OutputBufferLength: ULONG, + ReturnLength: PULONG, + ) -> NTSTATUS; + pub fn ZwTraceEvent( + TraceHandle: HANDLE, + Flags: ULONG, + FieldSize: ULONG, + Fields: PVOID, + ) -> NTSTATUS; + pub fn ZwTranslateFilePath( + InputFilePath: PFILE_PATH, + OutputType: ULONG, + OutputFilePath: PFILE_PATH, + OutputFilePathLength: PULONG, + ) -> NTSTATUS; + pub fn ZwUmsThreadYield(SchedulerParam: PVOID) -> NTSTATUS; + pub fn ZwUnloadDriver(DriverServiceName: PUNICODE_STRING) -> NTSTATUS; + pub fn ZwUnloadKey(TargetKey: POBJECT_ATTRIBUTES) -> NTSTATUS; + pub fn ZwUnloadKey2(TargetKey: POBJECT_ATTRIBUTES, Flags: ULONG) -> NTSTATUS; + pub fn ZwUnloadKeyEx(TargetKey: POBJECT_ATTRIBUTES, Event: HANDLE) -> NTSTATUS; + pub fn ZwUnlockFile( + FileHandle: HANDLE, + IoStatusBlock: PIO_STATUS_BLOCK, + ByteOffset: PLARGE_INTEGER, + Length: PLARGE_INTEGER, + Key: ULONG, + ) -> NTSTATUS; + pub fn ZwUnlockVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: *mut PVOID, + RegionSize: PSIZE_T, + MapType: ULONG, + ) -> NTSTATUS; + pub fn ZwUnmapViewOfSection(ProcessHandle: HANDLE, BaseAddress: PVOID) -> NTSTATUS; + pub fn ZwUnmapViewOfSectionEx( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Flags: ULONG, + ) -> NTSTATUS; + pub fn ZwUnsubscribeWnfStateChange(StateName: PCWNF_STATE_NAME) -> NTSTATUS; + pub fn ZwUpdateWnfStateData( + StateName: PCWNF_STATE_NAME, + Buffer: *const cty::c_void, + Length: ULONG, + TypeId: PCWNF_TYPE_ID, + ExplicitScope: *const cty::c_void, + MatchingChangeStamp: WNF_CHANGE_STAMP, + CheckStamp: LOGICAL, + ) -> NTSTATUS; + pub fn ZwVdmControl(Service: VDMSERVICECLASS, ServiceData: PVOID) -> NTSTATUS; + pub fn ZwWaitForAlertByThreadId(Address: PVOID, Timeout: PLARGE_INTEGER) -> NTSTATUS; + pub fn ZwWaitForDebugEvent( + DebugObjectHandle: HANDLE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + WaitStateChange: PDBGUI_WAIT_STATE_CHANGE, + ) -> NTSTATUS; + pub fn ZwWaitForKeyedEvent( + KeyedEventHandle: HANDLE, + KeyValue: PVOID, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwWaitForMultipleObjects( + Count: ULONG, + Handles: *mut HANDLE, + WaitType: WAIT_TYPE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwWaitForMultipleObjects32( + Count: ULONG, + Handles: *mut LONG, + WaitType: WAIT_TYPE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwWaitForSingleObject( + Handle: HANDLE, + Alertable: BOOLEAN, + Timeout: PLARGE_INTEGER, + ) -> NTSTATUS; + pub fn ZwWaitForWorkViaWorkerFactory( + WorkerFactoryHandle: HANDLE, + MiniPackets: PFILE_IO_COMPLETION_INFORMATION, + Count: ULONG, + PacketsReturned: PULONG, + DeferredWork: PWORKER_FACTORY_DEFERRED_WORK, + ) -> NTSTATUS; + pub fn ZwWaitHighEventPair(EventPairHandle: HANDLE) -> NTSTATUS; + pub fn ZwWaitLowEventPair(EventPairHandle: HANDLE) -> NTSTATUS; + pub fn ZwWorkerFactoryWorkerReady(WorkerFactoryHandle: HANDLE) -> NTSTATUS; + pub fn ZwWriteFile( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + Buffer: PVOID, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + pub fn ZwWriteFileGather( + FileHandle: HANDLE, + Event: HANDLE, + ApcRoutine: PIO_APC_ROUTINE, + ApcContext: PVOID, + IoStatusBlock: PIO_STATUS_BLOCK, + SegmentArray: PFILE_SEGMENT_ELEMENT, + Length: ULONG, + ByteOffset: PLARGE_INTEGER, + Key: PULONG, + ) -> NTSTATUS; + pub fn ZwWriteRequestData( + PortHandle: HANDLE, + Message: PPORT_MESSAGE, + DataEntryIndex: ULONG, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesWritten: PSIZE_T, + ) -> NTSTATUS; + pub fn ZwWriteVirtualMemory( + ProcessHandle: HANDLE, + BaseAddress: PVOID, + Buffer: PVOID, + BufferSize: SIZE_T, + NumberOfBytesWritten: PSIZE_T, + ) -> NTSTATUS; + pub fn ZwYieldExecution() -> NTSTATUS; +} diff --git a/src/ffi/wrapper.h b/src/ffi/wrapper.h new file mode 100644 index 0000000..035d204 --- /dev/null +++ b/src/ffi/wrapper.h @@ -0,0 +1,9 @@ + +#undef _NTSTATUS_ +#pragma once + +#undef WIN32_NO_STATUS +#include + +#include "../../deps/phnt-nightly/phnt_windows.h" +#include "../../deps/phnt-nightly/phnt.h" \ No newline at end of file diff --git a/src/lib.rs b/src/lib.rs new file mode 100644 index 0000000..3bec18f --- /dev/null +++ b/src/lib.rs @@ -0,0 +1,72 @@ +#[allow( + warnings, + unused, + non_snake_case, + non_camel_case_types, + non_upper_case_globals +)] +pub mod ffi { + mod generated; + pub use crate::ffi::generated::*; + + use std::arch::asm; + + #[macro_export] + macro_rules! InitializeObjectAttributes { + ($p:expr, $n:expr, $a:expr, $r:expr, $s:expr) => {{ + let _o = $p; + _o.Length = ::std::mem::size_of::() as u32; + _o.RootDirectory = $r; + _o.ObjectName = $n; + _o.Attributes = $a; + _o.SecurityDescriptor = $s; + _o.SecurityQualityOfService = ::std::ptr::null_mut(); + }}; + } + + macro_rules! FIELD_OFFSET { + ($_type:ty, $field:ident$(.$cfields:ident)*) => {{ + let obj = core::mem::MaybeUninit::<$_type>::uninit(); + let base = obj.as_ptr(); + unsafe { core::ptr::addr_of!((*base).$field$(.$cfields)*) as usize - base as usize } + }}; + } + + #[inline] + pub unsafe fn __readfsdword(offset: u32) -> usize { + let out: usize; + asm!( + "mov {:e}, fs:[{:e}]", + lateout(reg) out, + in(reg) offset, + options(nostack, pure, readonly), + ); + out + } + + #[inline] + #[cfg(target_pointer_width = "64")] + pub unsafe fn __readgsqword(offset: u32) -> usize { + let out: usize; + asm!( + "mov {}, gs:[{:e}]", + lateout(reg) out, + in(reg) offset, + options(nostack, pure, readonly), + ); + out + } + + #[inline] + pub unsafe fn NtCurrentTeb() -> *mut TEB { + let teb_offset = FIELD_OFFSET!(NT_TIB, Self_) as u32; + #[cfg(target_arch = "x86_64")] + { + __readgsqword(teb_offset) as _ + } + #[cfg(target_arch = "x86")] + { + __readfsdword(teb_offset) as _ + } + } +}